Re: Thinking of changing DNS Service provider, looking for recommendations

2020-01-02 Thread Antonino Sidoti 
Hi,
I am used DuckDNS with my OpenBSD system. It works fine for me.

Mind you it is for Dynamic DNS updates , not a full blown DNS Server Solution. 

> On 2 Jan 2020, at 11:26 pm, Jay Hart  wrote:
> 
> Hey all, and Happy New Years!!!
> 
> I am currently using DYN.COM for DNS service. A few months back they changed 
> there payment
> methodology and I am now considering finding another solution. DYN charges me 
> $5 US monthly so its
> not a huge financial burden. That said, if I could find a free service 
> provider, all the better.
> 
> My only real requirement is they must be able to support OpenBSD based 
> system.  Currently using
> DDclient. It works fine, has been for years.
> 
> This would be for a residential connection.
> 
> Guess what I'm really looking for, from the list, is a OpenBSD friendly 
> provider, and a brief
> write up on how you are connected.  I've looked over a few sites but nothing 
> stood out as being
> OpenBSD friendly.
> 
> Thanks in Advance,
> 
> Jay
>

Re: Will Free Software Foundation remove the Hyperbola GNU/Linux-libre of the page that lists the GNU/Linux distributions that are entirely free as in freedom?

2020-01-02 Thread zap 
Okay, troll you have had your fun. No go run along and play somewhere else.



On 01/02/2020 11:32 PM, SOUL_OF_ROOT 55 wrote:
> Hi Free Software Foundation!
>
> It is written in article "Free GNU/Linux distributions":
>
> "Hyperbola GNU/Linux-libre, a long-term support simplicity-focused
> distribution based on Arch GNU/Linux."
>
> Reference: https://www.gnu.org/distros/free-distros.en.html
>
> Free Software Foundation,
>
> Hyperbola GNU/Linux-libre is not free because is changing to BSD.
>
> References:
>
> https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/
>
> https://forums.hyperbola.info/viewtopic.php?id=315
>
> Free Software Foundation,
>
> The Hyperbola GNU/Linux-libre is still in list of Free GNU/Linux
> distributions.
>
> Will Free Software Foundation remove the Hyperbola GNU/Linux-libre of the page
> that lists the GNU/Linux 
> distributions
> that are entirely free  as in
> freedom?
>
> If not, why Free Software Foundation will not remove the Hyperbola
> GNU/Linux-libre
> of the page that lists the GNU/Linux
>  distributions that are
> entirely free  as in freedom?

Will Free Software Foundation remove the Hyperbola GNU/Linux-libre of the page that lists the GNU/Linux distributions that are entirely free as in freedom?

2020-01-02 Thread SOUL_OF_ROOT 55 
Hi Free Software Foundation!

It is written in article "Free GNU/Linux distributions":

"Hyperbola GNU/Linux-libre, a long-term support simplicity-focused
distribution based on Arch GNU/Linux."

Reference: https://www.gnu.org/distros/free-distros.en.html

Free Software Foundation,

Hyperbola GNU/Linux-libre is not free because is changing to BSD.

References:

https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/

https://forums.hyperbola.info/viewtopic.php?id=315

Free Software Foundation,

The Hyperbola GNU/Linux-libre is still in list of Free GNU/Linux
distributions.

Will Free Software Foundation remove the Hyperbola GNU/Linux-libre of the page
that lists the GNU/Linux 
distributions
that are entirely free  as in
freedom?

If not, why Free Software Foundation will not remove the Hyperbola
GNU/Linux-libre
of the page that lists the GNU/Linux
 distributions that are
entirely free  as in freedom?

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 11:52:03PM +0100, Marc Chantreux wrote:
> > You have something like 3 lines of perl to play with ;)
> 
> is there a todo list somewhere ?

More or less in my head, with lots of subprojects progressing at any given
time.

- I want to retire PackageLocator and have more correct packagerepository
lists... Update.pm is somewhat hackish;
- the virtual file system (Vstat.pm) is too simple and somewhat broken;
- there are still a few bugs in dependency handling;
- pkg_info should probably be cleaned up at some point
- there is some complicated work to speed up pkg addition by going through
a kind of "proxy", exactly like pkg_add-over-ssh works... this part is not
perl, though.
- pkg_create handling of dependencies completely misses @tag currently
- lib-depends-check is a complete mess and doesn't work with subdirectories

- the tests in regress/usr.sbin/pkg_add are woefully inadequate.

- dpb doesn't support running tests, and it's intended to take on portroach
capabilities at some point.
- it should have a "disconnected mode" with just ssh and no nfs. Quite possible
now that we have rsync in base.
- I'd like to integrate proot a bit more... the way proot is engineered to
prefer hardlinks over copy  was intended to make it possible to "quickly"
create a separate chroot for each build (it's somewhat linked to the previous
point, as both require precise accounting of packages).

there are more, but those are the ones coming up at the top of my head.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Fri, Jan 03, 2020 at 09:43:21AM +1000, Stuart Longland wrote:
> On 3/1/20 8:50 am, Marc Chantreux wrote:
> >> Like this thread, or worse?
> > * long doesn't mean endless
> > * sharing points of view is never sterile (yours is inspired by other
> >   ones, right?)
> 
> I would say it's been highly educational.
> 
> Granted, this did not get off to a good start with the "let's replace
> Perl with Lua" debate, but it has piqued my interest in what the Raku
> team are up to.
> 
> It's pointed out style(9) which I'm having a read of now.  Having gotten
> familiar with the Linux kernel coding style and the coding style used in
> OpenThread, it's helpful sometimes to look at how others do it, as
> sometimes you can learn something that ultimately makes your life easier.
> 
> There's a valid point about whether this is the appropriate forum for
> this.  Question is, if not here, then where?

Any modern mailreader can easily tag messages as thread, so it's trivial to
avoid a given thread, as long as people don't fuck around with the
In-Reply-To info.

Re: Traffic prioritization inside VPN

2020-01-02 Thread Jordan Geoghegan 




On 2020-01-02 11:13, Radek wrote:

what about working directly on rsync side, specifying the maximum
transfer rate? (--bwlimit option)

Setting the hard transfer rate/limit on the rsync side is not what I need. I 
want my boxes to be able to use whole available bandwidth anytime. I mean if 
other services need some bandwitdh they just get it with higher priority and my 
boxes always can use *the rest*. If there is a quiet it the network my boxes 
can use the whole highway.

On Thu, 2 Jan 2020 17:57:19 +0100
fRANz  wrote:


On Thu, Jan 2, 2020 at 3:51 PM radek  wrote:


I tried to do it by "catching" this traffic on [fw_rac]/[fw_krz] by specific 
rules [1] and setting the lowest priority fot it.
Unfortunately it doesn't seem to work as expected. Bandwidth seems to be shared 
roughly equally with other traffic (tested with pushing data (netcat) through 
VPN in the same time).
I would appreciate your advice or any clues on what I have done wrong. Thank 
you.

what about working directly on rsync side, specifying the maximum
transfer rate? (--bwlimit option)
-f





FQ-CoDel may be useful for ensuring fair sharing of bandwidth. I use it 
on some bandwidth constrained links and it works quite nicely at 
ensuring that bandwidth is fairly distributed. I've found that adjusting 
the quantum level to around 300 is nice for ensuring interactive 
applications remain responsive/low latency, by prioritizing smaller 
packets over larger bulk transfer packets.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Stuart Longland 
On 2/1/20 9:43 pm, Marc Chantreux wrote:
> arf ... i just tried to explain were this "linenoise" bullshit came from
> just in the answer i gave to frank

Yes well, my point is if you want to make a piece of code
incomprehensible, I don't think there is a language that will stop you.

I had a colleague who used to argue "that code was hard to write, it
should be hard to read too!" -- completely forgetting the poor sod that
had to come behind him and maintain his code.

It's a choice of the writer to write code that's hard to understand.
Perl is a very expressive language, and can be used to write very clean
and maintainable code.

I think the "there's no right way" mantra helps: it allows you the
latitude to choose the style that makes the most sense for the problem
being solved.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Edgar Pettijohn 



On 2020-01-02 16:52, Marc Chantreux wrote:

You have something like 3 lines of perl to play with ;)

is there a todo list somewhere ?



find /usr/src -name '*.pm' | xargs grep XXX

Shows some promising results.


Edgar


regards
marc

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Stuart Longland 
On 2/1/20 8:48 pm, Marc Espie wrote:
>> I've seen some pretty ugly Python code too.
> Not to beat a dead horse, but most of the python configury stuff,
> including scons, is pretty shitty.   Lots of really bad pseudo-OO stuf
> (hey let's use that cool feature just because we can)

Yeah, you won't get any disagreement from me on that front.

I prefer make (usually I use the GNU dialect, but that's just borne out
of what I normally have to support), and maybe CMake for more complex stuff.

scons, waf, and others… seem to cause more problems than they solve.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Stuart Longland 
On 3/1/20 8:50 am, Marc Chantreux wrote:
>> Like this thread, or worse?
> * long doesn't mean endless
> * sharing points of view is never sterile (yours is inspired by other
>   ones, right?)

I would say it's been highly educational.

Granted, this did not get off to a good start with the "let's replace
Perl with Lua" debate, but it has piqued my interest in what the Raku
team are up to.

It's pointed out style(9) which I'm having a read of now.  Having gotten
familiar with the Linux kernel coding style and the coding style used in
OpenThread, it's helpful sometimes to look at how others do it, as
sometimes you can learn something that ultimately makes your life easier.

There's a valid point about whether this is the appropriate forum for
this.  Question is, if not here, then where?
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
> You have something like 3 lines of perl to play with ;)

is there a todo list somewhere ?

regards
marc

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
On Thu, Jan 02, 2020 at 02:16:52PM -0500, Daniel Jakots wrote:
> On Thu, 2 Jan 2020 19:49:28 +0100, Marc Chantreux 
> > some endless sterile debates

> Like this thread, or worse?

* long doesn't mean endless
* sharing points of view is never sterile (yours is inspired by other
  ones, right?)

so i think this thread is neither sterile nor endless but maybe it's
not the good channel: please let us know if there is a better place than
misc@ for that.

regards.
marc

Re: Hyperbola Gnu Linux changing to Bsd

2020-01-02 Thread zap 



On 01/02/2020 03:22 AM, Eric Furman wrote:
> On Thu, Jan 2, 2020, at 3:09 AM, Bodie wrote:
>>
>> On 2.1.2020 02:56, SOUL_OF_ROOT 55 wrote:
>>> Em seg, 30 de dez de 2019 00:59, SOUL_OF_ROOT 55 
>>> 
>>> escreveu:
>>>
 Hi!

 It is written in article  Free GNU/Linux distributions:
> BLAH BLAH BLAH
>
> When are you people going to learn that  SOUL_OF_ROOT 55 
> is nothing but a crank and a troll?
Lol, that's what I said yesterday. :P
>

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 04:10:43PM -0500, Paul Wisehart wrote:
> On Thu, Jan 02, 2020 at 09:12:42PM +0100, Marc Espie wrote:
> > 
> > Here are my current guidelines for OpenBSD perl tools.
> > 
> 
> Can you eleborate in greater detail?
> 

Not really, just go read the code and ask questions.

You have something like 3 lines of perl to play with ;)

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Paul Wisehart 
On Thu, Jan 02, 2020 at 09:12:42PM +0100, Marc Espie wrote:
> 
> Here are my current guidelines for OpenBSD perl tools.
> 

Can you eleborate in greater detail?

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 02:40:25PM -0600, danieljb...@icloud.com wrote:
> What if you want named parameters? (i.e. sending a hash as your
> argument)
> 
> sub m4
> {
> my $self = shift;
> my %args = @_;
> 
> # and then optionally
> my ($arg1, $arg2, $arg3) = @args{qw/arg1 arg2 arg3/};
> 
> # or you can just use $args{arg1}, etc...
> }

Such cases are a refactoring waiting to happen. If your parameters
get complicated enough that you want to name them, these's usually an
object hiding in there :)

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread danieljboyd 
What if you want named parameters? (i.e. sending a hash as your
argument)

sub m4
{
my $self = shift;
my %args = @_;

# and then optionally
my ($arg1, $arg2, $arg3) = @args{qw/arg1 arg2 arg3/};

# or you can just use $args{arg1}, etc...
}


On Thu, Jan 02, 2020 at 09:12:42PM +0100, Marc Espie wrote:
> sub f
> {
>   my ($arg1, $arg2) = @_;
> 
>   ... code
> 
> }
> 
> - three styles of parameter grab for methods:
> 
> 
> sub m1
> {
>   my $self = shift;
> }
> 
> No other parameter.
> 
> sub m2
> {
>   my ($self, $p1, $p2) = @_;
> }
> 
> when getting all parameters (no check on the number usually)
> 
> 
> sub m3
> {
>   my $self = shift;
>   ...
>   do_something_with(@_);
> }
> 
> for functions with unlimited parameters after the first one

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 03:24:41PM -0500, Chris Bennett wrote:
> mod_perl, from reading the mailing list, looks like it will die off
> before long. Lack of developers and funding and interest given all the
> newer replacements.

Don't even think about using mod_perl these days.

Fast-cgi is the way to go. Even if you use something else but Dancer,
I'd urge you to read the documentation, it has a whole fucking manpage
about Dancer::Deployment

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Chris Bennett 
I don't speak Python, but from what I've read, it has some serious
encoding problems compared to Perl.
This is a real problem in today's world of multiple encodings.

Apparently the guy writing about this is pretty hated for bringing up
this serious flaw. If the problem is true, he has examples, then it
needs to get fixed.

Perl also has problems, but screwing up encodings is pretty fundamental.

mod_perl, from reading the mailing list, looks like it will die off
before long. Lack of developers and funding and interest given all the
newer replacements.

Remove Perl? No way.
Perl is very Unixy. Perl is full of automagically. C isn't.
I think they make for a good combo.

Think this way -> use C
Think other way-> use Perl
Think really screwball -> use both

OK, enough of my BS, but this is an interesting thread.
I do think discussing many languages that can be used is relevant to
both misc@ and ports@

Bye Y'all,
Chris Bennett

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 07:49:28PM +0100, Marc Chantreux wrote:
> On Thu, Jan 02, 2020 at 10:42:54AM -0600, danieljb...@icloud.com wrote:
> > I don't understand why people say that perl's flexibility is a negative.
> 
> because sometimes, flexibility permit some endless sterile debates about
> the coding style.

Well, OpenBSD has got style(9). I have some specific adaptations for perl,
because a lot of the rules are for C.


Here are my current guidelines for OpenBSD perl tools.

In general, things are written following style(9) adapted for perl.

Specifically,
- named sub *are* functions.

So

sub f
{
my ($arg1, $arg2) = @_;

... code

}

- three styles of parameter grab for methods:


sub m1
{
my $self = shift;
}

No other parameter.

sub m2
{
my ($self, $p1, $p2) = @_;
}

when getting all parameters (no check on the number usually)


sub m3
{
my $self = shift;
...
do_something_with(@_);
}

for functions with unlimited parameters after the first one

(dubious whether this changes anything for performance reasons)

- wantarray should *only* be used for optimization purposes (yes/no answer
instead of full list).   Doing otherwise utterly complicates matters.


- I almost never put extra parentheses, and use the "4 space indent" rule
for continuing statements.

- chained index lookups should ditch the extra ->  .
prefer $self->{a}{b}  to $self->{a}->{b}

- don't put quotes around indices unless absolutely necessary (keywords)
and don't use keywords for keys.


- anonymous subs are part of the code:
So:
my $s = sub {
my $self = shift;
...
};


Note a full indent because the inside looks like code.

- modern perl prefered, so
$value //= something;
prefered over
$value = something  if !defined $value;

- autovivification welcome.

push @{$self->{list}}, value;
is perfectly fine without defining $self->{list} first.
Note that if (@{$self->{list} > 0)  *won't* autovivify list, so it can be
used for "does the list exist and is not empty" instead of 
if (exists $self->{list}


- I should probably normalize towards banning implicit return ?

- should I prefer "always refs"  over explicit % / @ ?
There is a slight legibility problem:
my @l;  is more readable than
my $l;  (this is a list)
and
my $l = [];   takes slightly more memory.


- most things unless explicitly being debugged should set
$DB::inhibit_exit = 1  right afer a fork and before an exec.


And I have some further general rules, learnt from past mistakes.

The perl package tools follow some stylistic and practical guidelines
- all new development should be object-oriented.
Have a package under either OpenBSD or DPB, and pass operations
to a constructed object (generally name the constructor new unless
you have better options) if you need to keep state, or to the
class name proper.

Examples:

my $pkgpath = DPB::PkgPath->new('devel/quirks'):

say "Normalized version is ",  $pkgpath->fullpkgpath;

$state->errsay(OpenBSD::Temp->last_error);

older code sometimes does not respect that.
It hasn't been converted because it's currently not worth it.
But there have been many instances where I've actually regretted
not doing things that way sooner.

The object itself is usually called "$self" unless there are reasons
not to.

Since there are no access control restrictions in perl, most often
internal methods are just prefixed with _.

Stylistically, methods without parameters don't need parameters, so
I don't write them, prefer $object->foo  to $object->foo()

It makes it less cumbersome to chain methods, e.g., $object->foo->bar(whatever);

- in the interest of chaining methods, stuff that tweaks an object should
return the object itself, so that

$self->set_foo(1)->set_bar(2)->run

will actually work

- a lot of code creates "unique" objects.
The pattern is to have a %cache hash in the package, and have the normal
constructor do things under the radar, calling create as needed.
create won't normally be used by client code.

- a lot of code creates "just in time objects".
Error.pm containt the OpenBSD::Auto class, that can be used to create
jit values, it contains one single construct, cache, that is used like so:
OpenBSD::Auto::cache(solver,
sub {
require OpenBSD::Dependencies;
return OpenBSD::Dependencies->new(shift);
});

so that the first call to $self->solver(x)
will instantiate $self->{solver} to the required object.
And that call and all subsequent calls will return the same object.


- there are way less files than classes. Things are organized in a
"put a whole set of related things together in the same file".
Full OO also means you don't need to use Foo; from the start, you can 
require Foo; dynamically, thus loading it later.  This does speed up the
startup of tools significantly.

- in general, singletons are frowned upon. We still have a few (list ?),
mainly as cached values in specific packages.  There

Re: Probable off by one in src/usr.bin/rdist/docmd.c

2020-01-02 Thread Otto Moerbeek 
On Thu, Jan 02, 2020 at 07:45:25PM +0100, Aham Brahmasmi wrote:

> > Sent: Thursday, January 02, 2020 at 4:26 PM
> > From: "Otto Moerbeek" 
> > To: "Aham Brahmasmi" 
> > Cc: misc@openbsd.org
> > Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
> >
> > On Thu, Jan 02, 2020 at 03:39:53PM +0100, Aham Brahmasmi wrote:
> >
> > > Hallo Otto,
> > >
> > > Dank je Otto for your helpful reply.
> > >
> > > > Sent: Wednesday, January 01, 2020 at 3:36 PM
> > > > From: "Otto Moerbeek" 
> > > > To: "Aham Brahmasmi" 
> > > > Cc: misc@openbsd.org
> > > > Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
> > > >
> > > > On Wed, Jan 01, 2020 at 04:02:24PM +0100, Aham Brahmasmi wrote:
> > > >
> > > > > Namaste misc,
> > > > >
> > > > > Question:
> > > > > In the makeconn function in src/usr.bin/rdist/docmd.c, should the 5 in
> > > > > the following line be replaced by 4?
> > > > > ...
> > > > > static int
> > > > > makeconn(char *rhost)
> > > > > {
> > > > > ...
> > > > > (void) snprintf(buf, sizeof(buf), "%.*s -S",
> > > > >   (int)(sizeof(buf)-5), path_rdistd);
> > > > > ...
> > > > >
> > > > > Explanation:
> > > > > I have a limited ability to read code, so I may be wrong here.
> > > > >
> > > > > If I am not wrong, strings are terminated with '\0' which I think is a
> > > > > single byte. So, in the above case, the sizeof(" -S" + '\0')=4. But 
> > > > > the
> > > > > code has 5.
> > > > >
> > > > > I am not sure of my "'\0' is a single byte" part, and hence my query.
> > > >
> > > > By definition, '\0' is a single byte. sizeof(String literal) included
> > > > the terminating '\0'. So sizeof("foo") is 4.
> > > >
> > > > The sizeof(buf)-5 fills in the precision of the %s. That means
> > > > that path_rdistd wil be limited to that number of chars. The " -S"
> > > > part indeed takes 3 chars, so there is sizeof(buf) - 3 left for
> > > > path_rdistd, excluding the terminating '\0'. So -4 is indeed right.
> > >
> > > Understood.
> > >
> > > > Butt does it matter? I'd say no, only if path_rdistd is close to
> > > > BUFSIZ in length tunrcation will happen 1 char earlier than possible.
> > > > I would argue that specifying the precision here is rather confusing,
> > > > and it would be better to use the standard idiom equivalent to the
> > > > example in the snprintf man page.
> > >
> > > From the snprintf man page (https://man.openbsd.org/snprintf):
> > >
> > > ...
> > > int
> > > snprintf(char *str, size_t size, const char *format, ...);
> > > ...
> > >
> > > So, if I understand the standard idiom in the snprintf man page
> > > correctly, the modified line would be:
> > >
> > > (void) snprintf(buf, sizeof(buf), "%s -S", path_rdistd);
> > >
> > > Am I correct in my understanding?
> > >
> > > > -Otto
> > >
> > > Dhanyavaad,
> > > ab
> >
> > No,
> >
> > you want to check for truncation. See the CAVEATS section.
> >
> > -Otto
> 
> Ah ok, CAVEATS. My bad. The return value of the function should be
> checked for possible error conditions. Dank je Otto.
> 
> So, if I understand correctly, checking for truncation implies ensuring
> that the input string was not truncated to fit in the buffer.
> 
> So, the modified line would be:
> 
> int ret = snprintf(buf, sizeof(buf), "%s -S", path_rdistd);
> 
> if (ret < 0) {
>   // Some error has occurred.
>   // goto error;
> }
> if (ret >= sizeof(buf)) {
>   // The input string is longer than the size of the buffer and
>   // hence has been truncated to fit into the buffer.
>   // goto toolong;
> }
> 
> Is my understanding of the check for truncation correct?
> 
> Dhanyavaad,
> ab

Look, I've done already enough hand-holding. There are pelnty pf
resources to educate yourself. At some point you need to stop asking
question and study.

-Otto

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Daniel Jakots 
On Thu, 2 Jan 2020 19:49:28 +0100, Marc Chantreux 
wrote:

> some endless sterile debates

Like this thread, or worse?

Re: Traffic prioritization inside VPN

2020-01-02 Thread Radek 
> what about working directly on rsync side, specifying the maximum
> transfer rate? (--bwlimit option)

Setting the hard transfer rate/limit on the rsync side is not what I need. I 
want my boxes to be able to use whole available bandwidth anytime. I mean if 
other services need some bandwitdh they just get it with higher priority and my 
boxes always can use *the rest*. If there is a quiet it the network my boxes 
can use the whole highway.

On Thu, 2 Jan 2020 17:57:19 +0100
fRANz  wrote:

> On Thu, Jan 2, 2020 at 3:51 PM radek  wrote:
> 
> > I tried to do it by "catching" this traffic on [fw_rac]/[fw_krz] by 
> > specific rules [1] and setting the lowest priority fot it.
> > Unfortunately it doesn't seem to work as expected. Bandwidth seems to be 
> > shared roughly equally with other traffic (tested with pushing data 
> > (netcat) through VPN in the same time).
> > I would appreciate your advice or any clues on what I have done wrong. 
> > Thank you.
> 
> what about working directly on rsync side, specifying the maximum
> transfer rate? (--bwlimit option)
> -f
> 


-- 
Radek

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
On Thu, Jan 02, 2020 at 10:42:54AM -0600, danieljb...@icloud.com wrote:
> I don't understand why people say that perl's flexibility is a negative.

because sometimes, flexibility permit some endless sterile debates about
the coding style.

marc

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
> I will always lean towards idiot-proofing the code.

:))

fair enough.

regards

marc

Re: Probable off by one in src/usr.bin/rdist/docmd.c

2020-01-02 Thread Aham Brahmasmi 
> Sent: Thursday, January 02, 2020 at 4:26 PM
> From: "Otto Moerbeek" 
> To: "Aham Brahmasmi" 
> Cc: misc@openbsd.org
> Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
>
> On Thu, Jan 02, 2020 at 03:39:53PM +0100, Aham Brahmasmi wrote:
>
> > Hallo Otto,
> >
> > Dank je Otto for your helpful reply.
> >
> > > Sent: Wednesday, January 01, 2020 at 3:36 PM
> > > From: "Otto Moerbeek" 
> > > To: "Aham Brahmasmi" 
> > > Cc: misc@openbsd.org
> > > Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
> > >
> > > On Wed, Jan 01, 2020 at 04:02:24PM +0100, Aham Brahmasmi wrote:
> > >
> > > > Namaste misc,
> > > >
> > > > Question:
> > > > In the makeconn function in src/usr.bin/rdist/docmd.c, should the 5 in
> > > > the following line be replaced by 4?
> > > > ...
> > > > static int
> > > > makeconn(char *rhost)
> > > > {
> > > > ...
> > > > (void) snprintf(buf, sizeof(buf), "%.*s -S",
> > > > (int)(sizeof(buf)-5), path_rdistd);
> > > > ...
> > > >
> > > > Explanation:
> > > > I have a limited ability to read code, so I may be wrong here.
> > > >
> > > > If I am not wrong, strings are terminated with '\0' which I think is a
> > > > single byte. So, in the above case, the sizeof(" -S" + '\0')=4. But the
> > > > code has 5.
> > > >
> > > > I am not sure of my "'\0' is a single byte" part, and hence my query.
> > >
> > > By definition, '\0' is a single byte. sizeof(String literal) included
> > > the terminating '\0'. So sizeof("foo") is 4.
> > >
> > > The sizeof(buf)-5 fills in the precision of the %s. That means
> > > that path_rdistd wil be limited to that number of chars. The " -S"
> > > part indeed takes 3 chars, so there is sizeof(buf) - 3 left for
> > > path_rdistd, excluding the terminating '\0'. So -4 is indeed right.
> >
> > Understood.
> >
> > > Butt does it matter? I'd say no, only if path_rdistd is close to
> > > BUFSIZ in length tunrcation will happen 1 char earlier than possible.
> > > I would argue that specifying the precision here is rather confusing,
> > > and it would be better to use the standard idiom equivalent to the
> > > example in the snprintf man page.
> >
> > From the snprintf man page (https://man.openbsd.org/snprintf):
> >
> > ...
> > int
> > snprintf(char *str, size_t size, const char *format, ...);
> > ...
> >
> > So, if I understand the standard idiom in the snprintf man page
> > correctly, the modified line would be:
> >
> > (void) snprintf(buf, sizeof(buf), "%s -S", path_rdistd);
> >
> > Am I correct in my understanding?
> >
> > >   -Otto
> >
> > Dhanyavaad,
> > ab
>
> No,
>
> you want to check for truncation. See the CAVEATS section.
>
>   -Otto

Ah ok, CAVEATS. My bad. The return value of the function should be
checked for possible error conditions. Dank je Otto.

So, if I understand correctly, checking for truncation implies ensuring
that the input string was not truncated to fit in the buffer.

So, the modified line would be:

int ret = snprintf(buf, sizeof(buf), "%s -S", path_rdistd);

if (ret < 0) {
// Some error has occurred.
// goto error;
}
if (ret >= sizeof(buf)) {
// The input string is longer than the size of the buffer and
// hence has been truncated to fit into the buffer.
// goto toolong;
}

Is my understanding of the check for truncation correct?

Dhanyavaad,
ab
-|-|-|-|-|-|-|--

Re: Request for recommendation - encryption and signature for file backup

2020-01-02 Thread Claus Assmann 
Maybe duplicity? It's available as package (not sure
whether it does signing).

-- 
Address is valid for this mailing list only.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread danieljboyd 
I don't understand why people say that perl's flexibility is a negative.
Bad code is a negative. You can have bad or inconsistent code even in a 
language like python that has very rigid syntax.

As long as you know perl well, you should be able to read any
well-written perl code.

To me, both of those examples are equally readable, though, I'd lean
more towards a multiline approach with the second:

my %user = (
login => 'mc',
shell => 'bin/zsh',
);

On Thu, Jan 02, 2020 at 04:22:08PM +0100, Marc Chantreux wrote:
> hello,
> 
> > > my %user = qw(
> > > login  mc
> > > shell  /bin/zsh
> > > );
> > > print $user{login};
> 
> > my %user = ( login => 'mc', shell => 'bin/zsh');
> > is way more readable in that case, I think,
> > and it does showcase what a *smart* quoting system can do.
> 
> well ... i prefer the way i wrote because i love to:
> 
> * remove useless symbols
> * read columns
> 
> but yes: the drawback of perl is: there are so many ways to do
> it so every project needs a clear coding style.
> 
> regards
> marc
>

Add -R alias to -r for scp(1)

2020-01-02 Thread Atticus 
Second on adding an alias. I had no idea it was deprecated, and have never
used -R at all... It never occurred to me to read the man page for cp.

-- Byron Grobe

On Thu, Jan 2, 2020, 11:57 AM Ingo Schwarze  wrote:

> Hi Marc,
>
> Marc Espie wrote on Thu, Jan 02, 2020 at 11:30:35AM +0100:
>
> > And if I use scp enough, I'm also likely to use cp -r  by mistake.
> >
> > Are we likely to actually remove cp -r so the second mistake
> > doesn't happen ?
>
> I wouldn't be opposed to that.  It has been deprecated since
> rev. 1.1 in 1995.  FreeBSD also deprecates it but has subtly
> different behaviour.  NetBSD has the same deprecation notice
> we have.  In GNU cp(1), according to the manual, it seems to be
> an alias for cp -R.  Illumos and Oracle Solaris seem to somewhat
> resemble FreeBSD - not sure all is identical - but -r is not
> deprecated.
>
> Given these differences, it seems doubtful how much sense it makes
> to keep it "for compatibility".
>
> However, deleting it would require a full make build and a ports
> bulk build, i guess.
>
>
> If it turns out it sees substantial use in the wild, i think we
> should make cp -r a deprecated alias for cp -R because i expect
> that almost every software out there using it (if any) probably
> comes from the Linux world, given that is has been deprecated in
> all BSDs for more than two decades.
>
> Yours,
>   Ingo
>
>

Re: pflog flooded with igmp queries

2020-01-02 Thread Sonic 
On Thu, Jan 2, 2020 at 12:34 PM Otto Moerbeek  wrote:
> > Can't seem to find that specific info anywhere.
>
> see man pf.conf and then search for allow-opts

I see that it says they are blocked, but nothing to indicate they are
also automatically logged.

Chris

Re: pflog flooded with igmp queries

2020-01-02 Thread Otto Moerbeek 
On Thu, Jan 02, 2020 at 12:27:40PM -0500, Sonic wrote:

> On Thu, Jan 2, 2020 at 1:00 AM Sebastien Marie  wrote:
> >  And by default, packets
> > with ip-options are block-logged.
> 
> Can't seem to find that specific info anywhere.

see man pf.conf and then search for allow-opts

-Otto

> 
> > I suppose that adding an explicit rule with allow-opts should do the trick.
> > depending your need (block or allow):
> > block return proto igmp to 224/4 allow-opts
> > or
> > pass proto igmp to 224/4 allow-opts
> 
> I used:
> block proto igmp
> 
> Thanks!
> Chris
>

Re: pflog flooded with igmp queries

2020-01-02 Thread Sonic 
On Thu, Jan 2, 2020 at 12:27 PM Sonic  wrote:
> I used:
> block proto igmp

More specifically:
  block drop quick proto igmp
as I thought "return" would simply add extra traffic to the network.

Chris

Re: pflog flooded with igmp queries

2020-01-02 Thread Sonic 
On Thu, Jan 2, 2020 at 1:00 AM Sebastien Marie  wrote:
>  And by default, packets
> with ip-options are block-logged.

Can't seem to find that specific info anywhere.

> I suppose that adding an explicit rule with allow-opts should do the trick.
> depending your need (block or allow):
> block return proto igmp to 224/4 allow-opts
> or
> pass proto igmp to 224/4 allow-opts

I used:
block proto igmp

Thanks!
Chris

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

2020-01-02 Thread Strahil Nikolov 
On January 1, 2020 2:14:03 PM GMT+02:00, Frank Beuth  
wrote:
>On Wed, Jan 01, 2020 at 10:29:53AM +, e...@isdaq.com wrote:
>>> But I don't want deeper point to get missed -- which is that if eecd
>>> doesn't like the idea of regulating what the programmer can do, then
>the
>>> programmer has to have the skills to safely write unsafe code.
>>
>>no you're belying the point: the good programmer regulates himself 
>>while you
>>want to police everything and everyone else to compensate for your own
>>shortcomings
>
>I don't think I suggested anywhere that I want to police anyone else. I
>largely agree with what you write with respect to self-regulation.
>However, I'm not sure that ranting about it on misc@ is the most
>effective way to make positive progress in the desired direction.

I have never imagined  the day when so much spam will cover this mailing list.

Don't we  have  's...@openbsd.org' for that purpose ? If not, now is the time 
to consider creating one.

Anyway, perl is not my favourite  - but at least it does the job in a 
predictable manner. 

Best Regards,
Strahil Nikolov

Re: Traffic prioritization inside VPN

2020-01-02 Thread fRANz 
On Thu, Jan 2, 2020 at 3:51 PM radek  wrote:

> I tried to do it by "catching" this traffic on [fw_rac]/[fw_krz] by specific 
> rules [1] and setting the lowest priority fot it.
> Unfortunately it doesn't seem to work as expected. Bandwidth seems to be 
> shared roughly equally with other traffic (tested with pushing data (netcat) 
> through VPN in the same time).
> I would appreciate your advice or any clues on what I have done wrong. Thank 
> you.

what about working directly on rsync side, specifying the maximum
transfer rate? (--bwlimit option)
-f

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 04:22:08PM +0100, Marc Chantreux wrote:
> hello,
> 
> > > my %user = qw(
> > > login  mc
> > > shell  /bin/zsh
> > > );
> > > print $user{login};
> 
> > my %user = ( login => 'mc', shell => 'bin/zsh');
> > is way more readable in that case, I think,
> > and it does showcase what a *smart* quoting system can do.
> 
> well ... i prefer the way i wrote because i love to:
> 
> * remove useless symbols
> * read columns

Well, => and ,   allow to figure out errors in odd/even hashes easily.

I will always lean towards idiot-proofing the code.

Re: Hardware for Access Point on OpenBSD

2020-01-02 Thread Marcus MERIGHI 
Hello, 

s...@spacehopper.org (Stuart Henderson), 2020.01.02 (Thu) 13:56 (CET):
> On 2020-01-01, List  wrote:
> > I therefore need some kind of WIFI Hardware. This piece of hardware
> > needs to be connected over usb. 
> > Do you have any suggestions or recommendations ? As far as I can see
> 
> bwfm(4) also supports hostap on USB devices and probably has the
> least-worst performance of devices that will attach directly to
> OpenBSD rather than as a separate "hardware" AP.
> 
> These are Broadcom "fullmac" devices. IIRC there's a list of actual
> devices using these somewhere on wikidevi.com but the site is
> currently down so I can't check. The old "official raspberry pi

thanks for the pointer!

last archive.org crawl from 2019-10-31:

https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom
https://web.archive.org/web/20191031174603/https://wikidevi.com/wiki/Broadcom#tab=Wireless_chipsets

but the links to the real-world products ("adapters") do not work.

src/sys/dev/usb/if_bwfm_usb.c has:
BCM43143, BCM43236, BCM43242, BCM43569 

BCM43143 was the famous rpi usb dongle. I could not find a place to
buy it anymore. The others (BCM43236, BCM43242, BCM43569) are hiding
from me, too. 

Marcus

> usb wifi" devices work, there should be some others (they're often
> the only devices that work wifi dongles for some smart TVs that don't
> have built-in wifi).
>  
> But as others have mentioned separate network devices are usually a
> better way to go for APs.

Re: Probable off by one in src/usr.bin/rdist/docmd.c

2020-01-02 Thread Otto Moerbeek 
On Thu, Jan 02, 2020 at 03:39:53PM +0100, Aham Brahmasmi wrote:

> Hallo Otto,
> 
> Dank je Otto for your helpful reply.
> 
> > Sent: Wednesday, January 01, 2020 at 3:36 PM
> > From: "Otto Moerbeek" 
> > To: "Aham Brahmasmi" 
> > Cc: misc@openbsd.org
> > Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
> >
> > On Wed, Jan 01, 2020 at 04:02:24PM +0100, Aham Brahmasmi wrote:
> >
> > > Namaste misc,
> > >
> > > Question:
> > > In the makeconn function in src/usr.bin/rdist/docmd.c, should the 5 in
> > > the following line be replaced by 4?
> > > ...
> > > static int
> > > makeconn(char *rhost)
> > > {
> > > ...
> > > (void) snprintf(buf, sizeof(buf), "%.*s -S",
> > >   (int)(sizeof(buf)-5), path_rdistd);
> > > ...
> > >
> > > Explanation:
> > > I have a limited ability to read code, so I may be wrong here.
> > >
> > > If I am not wrong, strings are terminated with '\0' which I think is a
> > > single byte. So, in the above case, the sizeof(" -S" + '\0')=4. But the
> > > code has 5.
> > >
> > > I am not sure of my "'\0' is a single byte" part, and hence my query.
> >
> > By definition, '\0' is a single byte. sizeof(String literal) included
> > the terminating '\0'. So sizeof("foo") is 4.
> >
> > The sizeof(buf)-5 fills in the precision of the %s. That means
> > that path_rdistd wil be limited to that number of chars. The " -S"
> > part indeed takes 3 chars, so there is sizeof(buf) - 3 left for
> > path_rdistd, excluding the terminating '\0'. So -4 is indeed right.
> 
> Understood.
> 
> > Butt does it matter? I'd say no, only if path_rdistd is close to
> > BUFSIZ in length tunrcation will happen 1 char earlier than possible.
> > I would argue that specifying the precision here is rather confusing,
> > and it would be better to use the standard idiom equivalent to the
> > example in the snprintf man page.
> 
> From the snprintf man page (https://man.openbsd.org/snprintf):
> 
> ...
> int
> snprintf(char *str, size_t size, const char *format, ...);
> ...
> 
> So, if I understand the standard idiom in the snprintf man page
> correctly, the modified line would be:
> 
> (void) snprintf(buf, sizeof(buf), "%s -S", path_rdistd);
> 
> Am I correct in my understanding?
> 
> > -Otto
> 
> Dhanyavaad,
> ab

No,

you want to check for truncation. See the CAVEATS section.

-Otto

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
hello,

> > my %user = qw(
> > login  mc
> > shell  /bin/zsh
> > );
> > print $user{login};

> my %user = ( login => 'mc', shell => 'bin/zsh');
> is way more readable in that case, I think,
> and it does showcase what a *smart* quoting system can do.

well ... i prefer the way i wrote because i love to:

* remove useless symbols
* read columns

but yes: the drawback of perl is: there are so many ways to do
it so every project needs a clear coding style.

regards
marc

Re: Traffic prioritization inside VPN

2020-01-02 Thread infoomatic 

I can recommend using queues in pf ... very simple and effective.


https://man.openbsd.org/pf.conf#QUEUEING


Am 02.01.20 um 15:12 schrieb radek:

Hello,

I have the following scenario:
[box_rac][fw_rac] <--iked site-to-site--> [fw_krz]--[box_krz]

[box_rac] pulls (rsync) "big data" from [box_krz] through VPN.
I need to put this traffic to the total background, making way for any other 
packets going through VPN, NICs, from/to any other boxes on both sides.

I tried to do it by "catching" this traffic on [fw_rac]/[fw_krz] by specific 
rules [1] and setting the lowest priority fot it.
Unfortunately it doesn't seem to work as expected. Bandwidth seems to be shared 
roughly equally with other traffic (tested with pushing data (netcat) through 
VPN in the same time).

I would appreciate your advice or any clues on what I have done wrong. Thank 
you.

[fw_rac] and [fw_krz] have analogical rulesets [2].

[1]
[fw_rac]:
pass out quick on enc0 from $box_rac to $box_krz set prio (0, 0) keep state

[fw_krz]:
pass out quick on enc0 from $box_krz to $box_rac set prio (0, 0) keep state

[2] pf.conf [fw_rac]:
ext_if  = "vr0"
lan_rac_if  = "vr2" #
lan_rac_local   = $lan_rac_if:network # 10.0.15.0/24
backup_if   = "vr3" #
backup_local= $backup_if:network # 10.0.115/24

box_rac = "10.0.115.151"
box_krz = "10.0.100.151"

set fingerprints "/dev/null"
set skip on { lo, enc0 }
set block-policy drop
set optimization normal
set ruleset-optimization basic
antispoof quick for {lo0, $lan_rac_if, $backup_if }
match out log on $ext_if inet proto { tcp, udp, icmp } from { $lan_rac_local, 
$backup_local } nat-to $ext_if set prio (3, 7)
block all
match out all scrub (no-df random-id)
pass out on egress keep state

pass out quick on enc0 from $box_rac to $box_krz set prio (0, 0) keep state
pass out quick on $ext_if from $box_rac to $box_krz set prio (0, 0) keep state

pass from { 10.0.201.0/24, $lan_rac_local, $backup_local } to any set prio (3, 
7) keep state

ssh_port= "1071"
table  const { $bud, $rdk_wy, $rdk_mon, $krz_wan, 10.0.2.0/24, 
10.0.15.0/24, 10.0.100.0/24 }
table  persist counters
block from 
pass in log quick inet proto tcp from  to $ext_if port $ssh_port 
flags S/SA \
 set prio (7, 7) keep state \
 (max-src-conn 15, max-src-conn-rate 2/10, overload  flush 
global)

icmp_types  = "{ echoreq, unreach }"
pass inet proto icmp all icmp-type $icmp_types \
 set prio (7, 7) keep state

table  const { $krz_wan }
pass out quick on egress proto esp from (egress:0) to
   set prio (6, 7) keep state
pass out quick on egress proto udp from (egress:0) to  port {500, 
4500} set prio (6, 7) keep state
pass  in quick on egress proto esp from  to (egress:0)   
   set prio (6, 7) keep state
pass  in quick on egress proto udp from  to (egress:0) port {500, 
4500} set prio (6, 7) keep state

pass in on egress proto udp from any to (egress:0) port {isakmp,ipsec-nat-t} 
set prio (6,7) keep state
pass in on egress proto {ah,esp} set prio (6,7) keep state
block return in on ! lo0 proto tcp to port 6000:6010

Re: sending mail from wordpress

2020-01-02 Thread Edgar Pettijohn 


On Jan 2, 2020 7:21 AM, Jiri B  wrote:
>
> https://wordpress.org/plugins/post-smtp/
>

This looks promising. 

Thanks,

Edgar
> j.
>
> On Thu, Jan 2, 2020 at 1:44 PM Stuart Henderson  wrote:
>
> > On 2020-01-02, Edgar Pettijohn  wrote:
> > > I'm having trouble getting mail to go through wordpress.
> >
> > Confogure it to send by SMTP instead. (I don't use wordpress and can't
> > help tell you exactly how, but it's definitely possible - search for
> > e.g. "wordpress smtp authentication").
> >
> > > The mail() function is not disabled. If my reading of
> > > class-phpmailer.php is correct it should see that sendmail_path is
> > > defined and use sendmail instead of mail().
> >
> > Using mail() needs a /bin/sh binary inside the chroot jail. You are
> > better off avoiding mail() where possible.
> >
> >
> >

Traffic prioritization inside VPN

2020-01-02 Thread radek 
Hello,

I have the following scenario:
[box_rac][fw_rac] <--iked site-to-site--> [fw_krz]--[box_krz]

[box_rac] pulls (rsync) "big data" from [box_krz] through VPN.
I need to put this traffic to the total background, making way for any other 
packets going through VPN, NICs, from/to any other boxes on both sides.

I tried to do it by "catching" this traffic on [fw_rac]/[fw_krz] by specific 
rules [1] and setting the lowest priority fot it. 
Unfortunately it doesn't seem to work as expected. Bandwidth seems to be shared 
roughly equally with other traffic (tested with pushing data (netcat) through 
VPN in the same time).

I would appreciate your advice or any clues on what I have done wrong. Thank 
you.

[fw_rac] and [fw_krz] have analogical rulesets [2].

[1]
[fw_rac]:
pass out quick on enc0 from $box_rac to $box_krz set prio (0, 0) keep state

[fw_krz]:
pass out quick on enc0 from $box_krz to $box_rac set prio (0, 0) keep state

[2] pf.conf [fw_rac]:
ext_if  = "vr0"
lan_rac_if  = "vr2" #
lan_rac_local   = $lan_rac_if:network # 10.0.15.0/24
backup_if   = "vr3" #
backup_local= $backup_if:network # 10.0.115/24

box_rac = "10.0.115.151"
box_krz = "10.0.100.151"

set fingerprints "/dev/null"
set skip on { lo, enc0 }
set block-policy drop
set optimization normal
set ruleset-optimization basic
antispoof quick for {lo0, $lan_rac_if, $backup_if }
match out log on $ext_if inet proto { tcp, udp, icmp } from { $lan_rac_local, 
$backup_local } nat-to $ext_if set prio (3, 7)
block all 
match out all scrub (no-df random-id)
pass out on egress keep state

pass out quick on enc0 from $box_rac to $box_krz set prio (0, 0) keep state
pass out quick on $ext_if from $box_rac to $box_krz set prio (0, 0) keep state

pass from { 10.0.201.0/24, $lan_rac_local, $backup_local } to any set prio (3, 
7) keep state

ssh_port= "1071"
table  const { $bud, $rdk_wy, $rdk_mon, $krz_wan, 10.0.2.0/24, 
10.0.15.0/24, 10.0.100.0/24 } 
table  persist counters
block from 
pass in log quick inet proto tcp from  to $ext_if port $ssh_port 
flags S/SA \
set prio (7, 7) keep state \
(max-src-conn 15, max-src-conn-rate 2/10, overload  flush 
global)

icmp_types  = "{ echoreq, unreach }" 
pass inet proto icmp all icmp-type $icmp_types \
set prio (7, 7) keep state

table  const { $krz_wan }
pass out quick on egress proto esp from (egress:0) to
   set prio (6, 7) keep state
pass out quick on egress proto udp from (egress:0) to  port {500, 
4500} set prio (6, 7) keep state
pass  in quick on egress proto esp from  to (egress:0)   
   set prio (6, 7) keep state
pass  in quick on egress proto udp from  to (egress:0) port {500, 
4500} set prio (6, 7) keep state

pass in on egress proto udp from any to (egress:0) port {isakmp,ipsec-nat-t} 
set prio (6,7) keep state
pass in on egress proto {ah,esp} set prio (6,7) keep state
block return in on ! lo0 proto tcp to port 6000:6010


-- 
Radek

Re: Probable off by one in src/usr.bin/rdist/docmd.c

2020-01-02 Thread Aham Brahmasmi 
Hallo Otto,

Dank je Otto for your helpful reply.

> Sent: Wednesday, January 01, 2020 at 3:36 PM
> From: "Otto Moerbeek" 
> To: "Aham Brahmasmi" 
> Cc: misc@openbsd.org
> Subject: Re: Probable off by one in src/usr.bin/rdist/docmd.c
>
> On Wed, Jan 01, 2020 at 04:02:24PM +0100, Aham Brahmasmi wrote:
>
> > Namaste misc,
> >
> > Question:
> > In the makeconn function in src/usr.bin/rdist/docmd.c, should the 5 in
> > the following line be replaced by 4?
> > ...
> > static int
> > makeconn(char *rhost)
> > {
> > ...
> > (void) snprintf(buf, sizeof(buf), "%.*s -S",
> > (int)(sizeof(buf)-5), path_rdistd);
> > ...
> >
> > Explanation:
> > I have a limited ability to read code, so I may be wrong here.
> >
> > If I am not wrong, strings are terminated with '\0' which I think is a
> > single byte. So, in the above case, the sizeof(" -S" + '\0')=4. But the
> > code has 5.
> >
> > I am not sure of my "'\0' is a single byte" part, and hence my query.
>
> By definition, '\0' is a single byte. sizeof(String literal) included
> the terminating '\0'. So sizeof("foo") is 4.
>
> The sizeof(buf)-5 fills in the precision of the %s. That means
> that path_rdistd wil be limited to that number of chars. The " -S"
> part indeed takes 3 chars, so there is sizeof(buf) - 3 left for
> path_rdistd, excluding the terminating '\0'. So -4 is indeed right.

Understood.

> Butt does it matter? I'd say no, only if path_rdistd is close to
> BUFSIZ in length tunrcation will happen 1 char earlier than possible.
> I would argue that specifying the precision here is rather confusing,
> and it would be better to use the standard idiom equivalent to the
> example in the snprintf man page.

>From the snprintf man page (https://man.openbsd.org/snprintf):

...
int
snprintf(char *str, size_t size, const char *format, ...);
...

So, if I understand the standard idiom in the snprintf man page
correctly, the modified line would be:

(void) snprintf(buf, sizeof(buf), "%s -S", path_rdistd);

Am I correct in my understanding?

>   -Otto

Dhanyavaad,
ab
-|-|-|-|-|-|-|--

Re: ownership of mailboxes with dovecot

2020-01-02 Thread Eike Lantzsch 
On Wednesday, 1 January 2020 23:16:40 -03 Sean Kamath wrote:
> On Dec 31, 2019, at 08:30, Roderick  wrote:
> > As said, I had UW imap serving system user mailboxes, and now
> > cyrus imap serving virtual users. You have to decide. With
> > dovecot I have no other experience than compiling it.
> > 
> > I think, I would preffer now UW Imap, because I have only few and trusted
> > users, and because it is very simple, no much configuration and
> > mantainance needed: it just publishes the mailboxes with imap,
> > accessed with the system user/password.
> 
> So I’ve been running Dovecot for I don’t know how long (but started on
> Solaris, so at least that long ago).  I used to have LDAP running, but
> decided it was overkill since I’m the only one who logs into the boxes, the
> other three people only read email.
> 
> Dovecot can seem complex, but it’s not at all.  It pretty much works out of
> the box, with very few changes necessary (and works well with Lets Encrypt
> certs as well).
> 
> My first OpenBSD configuration was based on
> https://frozen-geek.net/openbsd-email-server-1/
> 
> My next will be based on
> https://poolp.org/posts/2019-09-14/setting-up-a-mail-server-with-opensmtpd-> 
> dovecot-and-rspamd/, because I want to used rspamd instead of all the stuff
> loaded in the first (for some reason, one of the daemons doesn’t start on
> boot — it does if I start it manually.  Frankly, my machine never reboots,
> so I keep forgetting even which one it is that doesn’t start.).  I got a
> little tripped up doing the 6.4 migration, so I have some catching up to
> do.
I agree that this is the more informative page, which is somewhat logical - 
Gilles Chehade. Of course he aims a lot higher than I would dare to.
> 
> Looking at
> https://www.tumfatig.net/20150620/opensmtpd-and-dovecot-on-openbsd-5-7/,
> it’s a little too copy-pasta for my taste.   But even so, it doesn’t
> configure dovecot for non-system users, so it’s unclear how virtual users
> were set up with Dovecot.
Yes and that's where I tripped and ended up having system users which are also 
virtual users. That is silly. I certainly need somewhat of a book to better 
get the whole picture.
> 
> Anyway, having run UW imap, cyrus, and dovecot — I run dovecot.  I also use
> sdbox, BTW, which I believe no one but ancient MH people use.  My
> non-default configs are pretty much limited to per-host configuration (like
> hostname), sieve and SSL.
> 
> I think the biggest hurdle was getting used to LMTP.
> 
> Sean

I'll close the lid on this issue for now until I have sorted out and remedied 
my mistakes.

Eike

-- 
Eike Lantzsch ZP6CGE
Casilla de Correo 13005
1749 Asuncion / Paraguay
Land-line: +595-21-553984
SIP-gate: +49 4131 9279632
Cell-phone: +595-971-696909
Skype: eikelan
WIRE @eikelan

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 12:40:51PM +0100, Marc Chantreux wrote:
> the quoting system
> 
> # qw( for a list of barewords )
> my %user = qw(
> login  mc
> shell  /bin/zsh
> );
> print $user{login};

I wouldn't write it that way

my %user = ( login => 'mc', shell => 'bin/zsh');

is way more readable in that case, I think,
and it does showcase what a *smart* quoting system can do.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
> Not sure about anyone else, but comparing the Python vs Perl example you
> gave above, I would still say Python is the nicer-looking language.

i was just saying that there is no need for yield in perl. now i can
show you tons of examples to demonstrate perl code is not only
more "unixish" but easier to:

* write
* read
* modularize (__init__.py always made me smile)

when you have to manipulate text files or large datastructures, python
is far behind perl. i won't try to convince you but to illustrate what
is said before.  see this code:

use v5.20;

while (<>) {
chomp;
# trim and print lines only when not empty
say s/
^ \s+# triml
| \s+ $  # trimr
//rx if /\S/;
}

this is *hell* for a unix newbie:

* regexps is a concept that windows programmers (so python ones too)
  try to avoid (pretending it's hard to understand and read)
* ARGV ... what is a "filter" anyway? i don't want to read about
  the unix litterature to write my code.

to be fair: if you just write a web application or a datascience script
were datasources are from binary formats or databases and libraries are
available, you just don't need those tools and run away is probably
the good strategy (python *is* indeed easier to learn when you have
simple things to code). if you believe in text streams and simple formats
in a unix land (which i do), or if you need to solve complex problems,
learn those concepts and be familiar with them is worth it.

another "line noise" bullshit comes from sigils and i have to admit
i though sigils made my script looks "not professional" when i was
younger (having a php background). But when you understand the way
sigils works, it appears that it is very informative and useful:

* they always give clues about the structures you're working with
* they permit some very useful shortcuts

as example: hash slices is something i always miss in python.

use v5.20;
my %user;
my @names = qw( uid gecos home shell );
my @cols  = qw( 0   3 56 );

@user{@names} = map
{ chomp; (split /:/)[@cols] }
`getent passwd mc`;

printf '%s is the default shell for %s'
, @user{qw( uid shell )};

sure, python is evolving in the good direction (see PEPs 448, 449, 572 ...)
but so many things are missing to be confortable comparing to perl
(sometimes little ones but so convenient). some examples that comes to
my mind:

the quoting system

# qw( for a list of barewords )
my %user = qw(
login  mc
shell  /bin/zsh
);
print $user{login};

# q() and qq() to replace '' and "" when it's complicated
my $comment = qq{
with qq() you can choose your delimiter like in sed
so you can't get it wrong or unreadable
even if you have "" in mind
}

yada to spot an unimplemented section
(https://perldoc.perl.org/perlsyn.html#The-Ellipsis-Statement)),
the //g modifier with the \G anchor (so you can iterate in a string with regexp 
matching), ...

so many other ones. and python people don't get those are
very useful features. when i asked for fair help, the
anwsers were often flooded in tons of messages like:

* you don't need this
* you shouldn't program with this
* perl is dead

So even the community is anoying and i don't want
this logo++ to be unfairly compared to perl anymore
but as i said: i don't want to reboot a 2 decades sterile
feed:

* since 3.4 python became bearable (so much saner than php or js)
  and a good tool for teaching OO.
* both python and perl are langages from the last millenium with
  lot of issues that are fixed in raku. so that's the spot i switched to.

cheers
marc

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Chantreux 
hello Stuart,

> Heh, I've heard Perl described as executable line noise, and for sure,
> it will let you write code like that.

arf ... i just tried to explain were this "linenoise" bullshit came from
just in the answer i gave to frank

regards
marc

Request for recommendation - encryption and signature for file backup

2020-01-02 Thread Aham Brahmasmi 
Namaste misc,

What tool(s) would you recommend to encrypt and sign a file - correctly
- for backup?

I possess a limited ability to read code, and I am certainly not a
cryptographer.

In my limited understanding, to securely backup and restore a file, the
steps are:

To backup:
Step 1 - encrypt the file using a tool
Step 2 - sign the encrypted file using a tool
Step 3 - backup the signature and the encrypted file

To restore:
Step 1 - verify the encrypted backup with its signature
If Step 1 exits with success,
Step 2 - decrypt backup to file
If Step 2 exits with success,
Step 3 - use file to restore

For the tools to encrypt and sign, I think I may use the following:

For encryption: encpipe
encpipe (https://github.com/jedisct1/encpipe) is ISC licenced, written
in C by Monsieur Denis and seems simple. If there is one thing that I
know - and I admit I don't know much - all things being equal, simple
beats complex.

However, I do not understand the math underlying the tool or whether all
things are indeed equal - possible attack vectors, mitigations et al.
And hence, my request.

For signature: signify
I think signify may suffice for signature. For other platforms, minisign
(https://github.com/jedisct1/minisign) is compatible with signify.

Dhanyavaad,
ab
-|-|-|-|-|-|-|--

Thinking of changing DNS Service provider, looking for recommendations

2020-01-02 Thread Jay Hart 
Hey all, and Happy New Years!!!

I am currently using DYN.COM for DNS service. A few months back they changed 
there payment
methodology and I am now considering finding another solution. DYN charges me 
$5 US monthly so its
not a huge financial burden. That said, if I could find a free service 
provider, all the better.

My only real requirement is they must be able to support OpenBSD based system.  
Currently using
DDclient. It works fine, has been for years.

This would be for a residential connection.

Guess what I'm really looking for, from the list, is a OpenBSD friendly 
provider, and a brief
write up on how you are connected.  I've looked over a few sites but nothing 
stood out as being
OpenBSD friendly.

Thanks in Advance,

Jay

Re: sending mail from wordpress

2020-01-02 Thread Jiri B 
https://wordpress.org/plugins/post-smtp/

j.

On Thu, Jan 2, 2020 at 1:44 PM Stuart Henderson  wrote:

> On 2020-01-02, Edgar Pettijohn  wrote:
> > I'm having trouble getting mail to go through wordpress.
>
> Confogure it to send by SMTP instead. (I don't use wordpress and can't
> help tell you exactly how, but it's definitely possible - search for
> e.g. "wordpress smtp authentication").
>
> > The mail() function is not disabled. If my reading of
> > class-phpmailer.php is correct it should see that sendmail_path is
> > defined and use sendmail instead of mail().
>
> Using mail() needs a /bin/sh binary inside the chroot jail. You are
> better off avoiding mail() where possible.
>
>
>

Re: sending mail from wordpress

2020-01-02 Thread Edgar Pettijohn 


On Jan 2, 2020 6:27 AM, Stuart Henderson  wrote:
>
> On 2020-01-02, Edgar Pettijohn  wrote:
> > I'm having trouble getting mail to go through wordpress.
>
> Confogure it to send by SMTP instead. (I don't use wordpress and can't
> help tell you exactly how, but it's definitely possible - search for
> e.g. "wordpress smtp authentication").

Will do.

>
> > The mail() function is not disabled. If my reading of 
> > class-phpmailer.php is correct it should see that sendmail_path is 
> > defined and use sendmail instead of mail().
>
> Using mail() needs a /bin/sh binary inside the chroot jail. You are
> better off avoiding mail() where possible.
>
>

/bin/sh is present. I tested with chroot /var/www /bin/sh which works. Jus 
complains about not having a tty. Maybe I need to populate /dev but that 
doesn't seem necessary.

Thanks,

Edgar

Re: Hardware for Access Point on OpenBSD

2020-01-02 Thread Stuart Henderson 
On 2020-01-01, List  wrote:
> Hi *, 
> I am currently building a home router based upon OpenBSD. 
> I therefore need some kind of WIFI Hardware. This piece of hardware
> needs to be connected over usb. 
> Do you have any suggestions or recommendations ? As far as I can see
> it's pretty hard  to find an antenna which is connected  via USB an runs
> on a supported chipset. It is  easy to get your hands on a
> realtek-chipset driven device. But urtw(4) doesn't support  Host AP
> mode. Only ones that do are: athn(4),  ral(4), ath(4). 
> Finding those is hard. 
>
> Maybe you guys know things I couldn't find ? 

bwfm(4) also supports hostap on USB devices and probably has the
least-worst performance of devices that will attach directly to
OpenBSD rather than as a separate "hardware" AP.

These are Broadcom "fullmac" devices. IIRC there's a list of actual
devices using these somewhere on wikidevi.com but the site is
currently down so I can't check. The old "official raspberry pi
usb wifi" devices work, there should be some others (they're often
the only devices that work wifi dongles for some smart TVs that don't
have built-in wifi).
 
But as others have mentioned separate network devices are usually a
better way to go for APs.

Re: sending mail from wordpress

2020-01-02 Thread Stuart Henderson 
On 2020-01-02, Edgar Pettijohn  wrote:
> I'm having trouble getting mail to go through wordpress.

Confogure it to send by SMTP instead. (I don't use wordpress and can't
help tell you exactly how, but it's definitely possible - search for
e.g. "wordpress smtp authentication").

> The mail() function is not disabled. If my reading of 
> class-phpmailer.php is correct it should see that sendmail_path is 
> defined and use sendmail instead of mail().

Using mail() needs a /bin/sh binary inside the chroot jail. You are
better off avoiding mail() where possible.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Marc Espie 
On Thu, Jan 02, 2020 at 07:34:22PM +1000, Stuart Longland wrote:
> On 2/1/20 12:30 am, Marc Chantreux wrote:
> > * the python community was unfair comparing the langages (using ugly
> >   perl code and nice python counterparts). instead of taking time to
> >   explain all the biases, perl community repetedly asserted that the
> >   authors of those article were incompetents and gone away.
> 
> Heh, I've heard Perl described as executable line noise, and for sure,
> it will let you write code like that.
> 
> But so does C.  There's even a contest for doing exactly that.
> 
> I've seen some pretty ugly Python code too.

Not to beat a dead horse, but most of the python configury stuff,
including scons, is pretty shitty.   Lots of really bad pseudo-OO stuf
(hey let's use that cool feature just because we can)

I hate when I have to fix python configure... it looks like a 
bunch of complete beginners set up to reinvent a square wheel.

python is definitely my #1 most-hated language when fixing configure in
ports. Yes, it beats autoconf and libtool by a large margin.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Stuart Longland 
On 2/1/20 12:30 am, Marc Chantreux wrote:
> * the python community was unfair comparing the langages (using ugly
>   perl code and nice python counterparts). instead of taking time to
>   explain all the biases, perl community repetedly asserted that the
>   authors of those article were incompetents and gone away.

Heh, I've heard Perl described as executable line noise, and for sure,
it will let you write code like that.

But so does C.  There's even a contest for doing exactly that.

I've seen some pretty ugly Python code too.

If you set out to write ugly code, you will get ugly code, doesn't
matter what the language is.  If you set out to write a thing of beauty,
it can be that thing of beauty.

It's more a factor of the programmer involved and their skill, rather
than any fault of the language in most cases.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

2020-01-02 Thread Stuart Longland 
On 1/1/20 9:08 pm, Marc Espie wrote:
> On Tue, Dec 31, 2019 at 10:36:15PM +0100, Anders Andersson wrote:
>> Of course its age is showing in some areas but in my experience, those
>> things are actually still worked on, and have been fixed without major
>> incompatibilities (python3 anyone?).
> The only thing that's really missing in perl is proper thread support.
> Don't know if that's going to happen.

To be fair, Python and NodeJS are pretty terrible at threading too.
Python has the Global Interpreter Lock.  NodeJS has worker threads, but
they're pretty limited in what they can do IIRC compared to the main thread.

Depending on what you're doing, this can matter a lot, or very little.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: sending mail from wordpress

2020-01-02 Thread Mischa 
Hi Edgar,

Have a look at /usr/local/share/doc/pkg-readmes/femail-chroot
It will tell you everything you need to know and do. :)

Mischa

On  2 Jan at 06:21, Edgar Pettijohn  wrote:
> I'm having trouble getting mail to go through wordpress.
> 
> I have femail installed as /var/www/usr/sbin/sendmail.
> 
> In /etc/php-7.1.ini I have:
> 
> sendmail_path = "/usr/sbin/sendmail -f ed...@pettijohn-web.com"
> 
> 
> I can:
> 
> echo "HI" | chroot /var/www /usr/sbin/sendmail -f ed...@pettijohn-web.com
> testaddress
> 
> and the mail goes through.
> 
> 
> However, I get the following from wordpress.
> 
> The email could not be sent. Possible reason: your host may have disabled
> the mail() function.
> 
> 
> The mail() function is not disabled. If my reading of class-phpmailer.php is
> correct it should see that sendmail_path is defined and use sendmail instead
> of mail().
> 
> Any help is appreciated.
> 
> 
> Thanks,
> 
> 
> Edgar
>

Re: Hyperbola Gnu Linux changing to Bsd

2020-01-02 Thread Eric Furman 
On Thu, Jan 2, 2020, at 3:09 AM, Bodie wrote:
> 
> 
> On 2.1.2020 02:56, SOUL_OF_ROOT 55 wrote:
> > Em seg, 30 de dez de 2019 00:59, SOUL_OF_ROOT 55 
> > 
> > escreveu:
> > 
> >> Hi!
> >> 
> >> It is written in article  Free GNU/Linux distributions:

BLAH BLAH BLAH

When are you people going to learn that  SOUL_OF_ROOT 55 
is nothing but a crank and a troll?

Re: Hyperbola Gnu Linux changing to Bsd

2020-01-02 Thread Bodie 




On 2.1.2020 02:56, SOUL_OF_ROOT 55 wrote:
Em seg, 30 de dez de 2019 00:59, SOUL_OF_ROOT 55 


escreveu:


Hi!

It is written in article  Free GNU/Linux distributions:

"If one of these distros ever does include or propose anything 
nonfree,
that must have happened by mistake, and the developers are committed 
to
removing it. If you find nonfree software or documentation in one of 
these

distributions, you can report the problem, and earn GNU Bucks
, while we inform the 
developers

so they can fix the problem."

Reference: https://www.gnu.org/distros/free-distros.en.html

Hyperbola Gnu Linux changing to Bsd:

Announcing HyperbolaBSD Roadmap

2019-12-21 - Luke R.

Due to the Linux kernel rapidly proceeding down an unstable path, we 
are

planning on implementing *a completely new OS derived from several BSD
implementations*.

This was not an easy decision to make, but we wish to use our time and
resources to create a viable alternative to the current operating 
system
trends which are actively seeking to undermine user choice and 
freedom.


*This will not be a "distro"*, but a hard fork of the OpenBSD kernel 
and
userspace including new code written under GPLv3 and LGPLv3 to replace 
GPL-incompatible

parts

 and non-free ones
.

Reasons for this include:

   - Linux kernel forcing adaption of DRM, including HDCP
   .
   - Linux kernel proposed usage of Rust
    (which contains freedom flaws
   
 
and
   a centralized code repository that is more prone to cyber attack 
and

   generally requires internet access to use.)
   - Linux kernel being written without security and in mind. (KSPP is
   basically a dead project and Grsec is no longer free software)
   - Many GNU userspace and core utils are all forcing adaption of
   features without build time options to disable them. E.g. 
(PulseAudio
    / SystemD / 
Rust
   

/ Java 
 as

   forced dependencies)

As such, we will continue to *support the Milky Way branch until 2022* 
when

our legacy Linux-libre kernel reaches End of Life.

Future versions of Hyperbola will be using HyperbolaBSD which will 
have

the *new kernel, userspace and not be ABI compatible with previous
versions*.

*HyperbolaBSD is intended to be modular and minimalist* so other 
projects

will be able to re-use the code under free license.


References:

https://www.hyperbola.info/news/announcing-hyperbolabsd-roadmap/

https://forums.hyperbola.info/viewtopic.php?id=315

Hiperbola GNU/Linux is not free!

It is all!


What is the opinion of the Theo de Raadt about Hiperbola GNU/Linux and
Hiperbola
BSD?


I think that he does not need to bother about this at all.
Maybe except of good laugh on such attempts?


Some distro nearly obsolete even in GNU/Linux world will suddenly
become success after "stealing" from BSD and creating Frankenstein
infected by GPL and thinking they promote "freedom"?

I say it for some time..whole Linux community is heading more and 
more
quickly towards their own BSDi vs USL case. Just they don't get it 
yet..