combining macro with interface modifiers in pf.conf
Hi all,
I'm rewriting some pf.conf rulesets and thought to use interface
modifiers to make them more generic. Here's an example of what I came
up with:
block in on $IntIF inet proto { tcp, udp } from $IntIF:network to ! $IntIF:0
port domain
block in on $IntIF inet6 proto { tcp, udp } from $IntIF:network to ! $IntIF:0
port domain
These rules force users to use the local recursor for DNS lookups.
However, pfctl complains about syntax errors on both lines. Replacing
the $IntIF:network and $IntIF:0 with em1:network and em1:0 solves the
syntax errors. From pf.conf(5), it's not quite clear to me that it
isn't allowed to combine macros with interface modifiers. On macros
it says:
> Macros can be defined that will later be expanded in context. Macro
> names must start with a letter, digit, or underscore, and may
> contain any of those characters. Macro names may not be reserved
> words (for example pass, in, out). Macros are not expanded inside
> quotes.
and on modifiers:
> Interface names, interface group names, and self can have modifiers
> appended:
To me that suggests you can combine a macro with a modifier. Am I
missing something obvious? Is there a way to achieve this?
Thanks,
Paul 'WEiRD' de Weerd
--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
http://www.weirdnet.nl/
OpenBSD 6.6-current (GENERIC.MP) #603: Mon Jan 13 13:21:42 MST 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8478527488 (8085MB)
avail mem = 8209100800 (7828MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xec120 (49 entries)
bios0: vendor American Megatrends Inc. version "5.11" date 07/20/2018
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI LPIT CSRT
acpi0: wakeup devices SIO1(S0) BRC1(S0) XHC1(S4) HDEF(S4) RP01(S4) PXSX(S4)
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 1600.39 MHz, 06-4c-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 80MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Celeron(R) CPU J3060 @ 1.60GHz, 1600.03 MHz, 06-4c-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C3(10@1000 mwait.1@0x64), C2(10@500 mwait.1@0x58), C1(1000@1
mwait.1), PSS
acpicpu1 at acpi0: C3(10@1000 mwait.1@0x64), C2(10@500 mwait.1@0x58), C1(1000@1
mwait.1), PSS
acpipwrres0 at acpi0: ID3C, resource for ISP3
acpipwrres1 at acpi0: CLK0, resource for CAMD
acpipwrres2 at acpi0: CLK0, resource for CAM1
acpipwrres3 at acpi0: CLK1, resource for CAM2, CAM3
acpipwrres4 at acpi0: USBC, resource for XHC1
acpipwrres5 at acpi0: FN00, resource for FAN0
acpitz0 at acpi0: critical temperature is 95 degC
acpicmos0 at acpi0
acpipci0 at acpi0 PCI0: 0x0004 0x0011 0x0001
extent `acpipci0 pcibus' (0x0 - 0xff), flags=0
extent `acpipci0 pciio' (0x0 - 0x), flags=0
0x70 - 0x77
0xcf8 - 0xcff
0x1 - 0x
extent `acpipci0 pcimem' (0x0 - 0x), flags=0
0x0 - 0x9
0x10 - 0xafff
0xe000 - 0x
"BCM2E64" at acpi0 not configured
"BCM4752" at acpi0 not configured
"SMO91D0" at acpi0 not configured
"INTCF1C" at acpi0 not configured
acpibtn0 at acpi0: SLPB
"PNP0C0B" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: using VERW MDS workaround
cpu0: Enhanced SpeedStep 1600 MHz: speeds: 1601, 1600, 1520, 1440, 1360, 1280,
1200, 1120, 1040, 960, 880, 800, 720, 640, 560, 480 MHz
pc
Re: combining macro with interface modifiers in pf.conf
Hey Paul,
Am 25.01.2020 11:43 schrieb Paul de Weerd:
block in on $IntIF inet proto { tcp, udp } from $IntIF:network to !
$IntIF:0 port domain
block in on $IntIF inet6 proto { tcp, udp } from $IntIF:network to !
$IntIF:0 port domain
I just tested this with "IntIF=vio0" and works on 6.6-stable.
Is there more in the story, like concat macros, quotes in quotes or
others along that?
ciao
PS: tested on oldest I could find, 5.5, also works
--
pb
Re: USB M-Audio as default audio output
On Sat, Jan 25, 2020 at 08:43:29AM +0100, Alexandre Ratchov wrote: > On Fri, Jan 24, 2020 at 04:04:40PM +0100, Thomas de Grivel wrote: > > I have a USB M-Audio card which is very well supported by OpenBSD 6.6 amd64 > > > > My question is : how do I setup an USB audio card as the default audio > > device whenever it is plugged in ? > > > > Also I did not manage to get audio output with environment variables > > only, I had to swap /dev/audio0 and /dev/audio1 and then it worked. > > Could it have something to do with sndiod not running for /dev/audio1 > > ? > > > > In all cases I really like sndio, it is really easy to work with. > > There's no way to detect when the usb device is connected > again. sndiod will start using it the next time it needs to open a > device. As programs tend to keep the device open, you could force > sndiod to reopen the devices (and thus switch to the usb one) by > sending it a HUP signal. To do certain things after a usb device appears you can use hotplugd(8). > On 6.6 you have to "pkill -1 -x sndiod", on -current the rcctl script > does it for you: > > rcctl reload sndiod
Re: OpenBSD 6.0: PPPOE with vlan configure problem
On 2020-01-25, Peter Wong wrote: > Dear All, > I'm trying to setup openbsd as router but could not get any internet > connection. > I need to set my external interface to vnetid 500. Below is my > configuration: > > /etc/hostname.vlan500 > -inet vnetid 500 parent fxp0 up > > /etc/hostname.pppoe0 > inet 0.0.0.0.0 255.255.255.255 NONE pppoedev *vlan500 *authproto chap \ > authname "username" authkey "pass" up > dest 0.0.0.1 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > Questions: > 1. How to diagnose pppoe connection, any log file? > 2. Should the vlan interface name follow vlan or vnetid? > 3. Does it need to change the pppoedev interface to fxp0 or vlan500 or > something else? Many ISP access concentrators seem to require that the priority field in the vlan header is set to a specific value (often 0 IIRC). Try "txprio 0" on the vlan interface, but you will need to upgrade first, 6.0 is too old.
Re: Error: Can't open display: ssvnc-viewer (vncviewer) local connection to QEMU host with -vnc option enabled
On 2020-01-24, Denis wrote: > Trying to connect to QEMU 4.1.0 with VNC server enabled by > $ doas vncviewer -rawlocal 127.0.0.1:0 For the love of cthulhu don't run that crap as root. > All the time receive 'Error: Can't open display' by vncviewer > (ssvnc-viewer package installed on OpenBSD 6.6) when connect to QEMU > machine which run on the same localhost and QEMU VNC server listens on That is vncviewer not being able to connect to your X display, which will be happening because you're running it as a different uid with doas.
Re: combining macro with interface modifiers in pf.conf
Hi Philipp,
On Sat, Jan 25, 2020 at 12:06:49PM +0100, Philipp Buehler wrote:
|
| Hey Paul,
|
| Am 25.01.2020 11:43 schrieb Paul de Weerd:
| > block in on $IntIF inet proto { tcp, udp } from $IntIF:network to !
| > $IntIF:0 port domain
| > block in on $IntIF inet6 proto { tcp, udp } from $IntIF:network to !
| > $IntIF:0 port domain
|
| I just tested this with "IntIF=vio0" and works on 6.6-stable.
|
| Is there more in the story, like concat macros, quotes in quotes or
| others along that?
Thanks for your reply, you helped me find the answer. I obviously
should've published my full ruleset.
[weerd@pom] $ printf "IntIF=\"em0\"\nblock inet from \$IntIF:network to
\$IntIF:0\n" | pfctl -nvf -
IntIF = "em0"
block drop inet from 192.168.0.0/24 to 192.168.0.149
[weerd@pom] $ printf "IntIF=\" em0 \"\nblock inet from \$IntIF:network to
\$IntIF:0\n" | pfctl -nvf -
IntIF = " em0 "
stdin:2: syntax error
I have (by now 'had') spaces in my macros, so IntIF gets expanded
quite literally to the value I gave it with spaces (as it should). As
usual, PEBKAC.
Again, thank you for the clue-by-4. Everything works as it should and
I have been properly educated.
Paul
--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
http://www.weirdnet.nl/
certificate verification error
After updating to a recent snapshot I faced the following messages upon running fetchmail (ver=6.3.26p3) command. The config .fetchmailrc is the same as before $ fetchmail fetchmail: Server certificate verification error: self signed certificate fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please fix your client./CN=invalid2.invalid fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --ssl certpath and --sslcertfile in the manual page. fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!) fetchmail: No mail for putridsou...@gmail.com at pop.gmail.com >From this I can extract that the certs on this snapshot are not configured properly. On the snapshot before the most recent one the messages were quite different - there was ssl socket error now it's the above. $ dmesg OpenBSD 6.6-current (GENERIC.MP) #613: Thu Jan 16 13:52:56 MST 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Re: certificate verification error
On Sat, Jan 25, 2020 at 08:24:34PM +0530, putrid soul wrote: > After updating to a recent snapshot I faced the following > messages upon running fetchmail (ver=6.3.26p3) command. I had similar issues with a recent snapshot (but with fdm rather than fetchmail). Updating to a later snapshot seems to have resolved it for me. I'm now on OpenBSD 6.6-current (GENERIC.MP) #618: Thu Jan 23 23:58:32 MST 2020 Cheers, > > The config .fetchmailrc is the same as before > > $ fetchmail > fetchmail: Server certificate verification error: self signed certificate > fetchmail: Missing trust anchor certificate: /OU=No SNI provided; please > fix your client./CN=invalid2.invalid > fetchmail: This could mean that the root CA's signing certificate is not in > the trusted CA certificate location, > or that c_rehash needs to be run on the certificate directory. For details, > please see the documentation of --ssl > certpath and --sslcertfile in the manual page. > fetchmail: Warning: the connection is insecure, continuing anyways. (Better > use --sslcertck!) > fetchmail: No mail for putridsou...@gmail.com at pop.gmail.com > > >From this I can extract that the certs on this snapshot are not > configured properly. On the snapshot before the most recent one the messages > were quite different - there was ssl socket error now it's the > above. > > $ dmesg > OpenBSD 6.6-current (GENERIC.MP) #613: Thu Jan 16 13:52:56 MST 2020 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP -- Andreas (Kusalananda) Kähäri SciLifeLab, NBIS, ICM Uppsala University, Sweden .
Re: pkg_info(1) man page possible error
On 01-25 01:49, Ingo Schwarze wrote: > Andrew Easton wrote on Fri, Jan 24, 2020 at 11:17:20PM +0100: > > I was looking for a list of ports packages > Depending what you really need, try > $ doas pkg_add portslist > $ less /usr/local/share/ports-INDEX > $ doas pkg_add sqlports > $ sqlite3 /usr/local/share/sqlports > https://cvsweb.openbsd.org/ports/ > > and read the man page pkg_info(1). For what it may be worth, another way to get a list of ports is (as root, or maybe should be rewritten with "doas", as Ingo did, but): # cd /usr/ports/ && make print-index > ~root/openbsdports-list-$(uname -r)-$(machine) -Luke -- Please pray for our country(ies) and leaders, at this important time. More on this and other topics (a simple site w/o sales): http://lukecall.net (updated 2020-01-23)
amdgpu, Polaris and Firefox
I'm running the latest amd64 snapshot (kernel #619) on a system with a Radeon RX 550 (Polaris) GPU. glxgears and glxinfo show that OpenGL is working and Xorg.0.log shows no errors. When I try to enable OpenGL in Firefox by setting layers.acceleration.force-enable to true, I see the following errors on the terminal and https://get.webgl.org reports that WebGL is disabled or unavailable. libGL error: MESA-LOADER: failed to open radeonsi (search paths /usr/X11R6/lib/modules/dri) libGL error: failed to load driver: radeonsi libGL error: MESA-LOADER: failed to open swrast (search paths /usr/X11R6/lib/modules/dri) libGL error: failed to load driver: swrast libGL error: MESA-LOADER: failed to open radeonsi (search paths /usr/X11R6/lib/modules/dri) libGL error: failed to load driver: radeonsi libGL error: MESA-LOADER: failed to open swrast (search paths /usr/X11R6/lib/modules/dri) libGL error: failed to load driver: swrast And: Crash Annotation GraphicsCriticalError: |[G0][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=0.34852) [GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT Crash Annotation GraphicsCriticalError: |[G0][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=0.34852) |[G1][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=0.802629) [GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT Crash Annotation GraphicsCriticalError: |[G0][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=0.34852) |[G1][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=0.802629) |[G2][GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT (t=1.3604) [GFX1-]: [OPENGL] Failed to init compositor with reason: FEATURE_FAILURE_OPENGL_CREATE_CONTEXT Is this already known to be broken, or should I file a full bug report? Thanks, -- Joe Gidi j...@entropicblur.com "You cannot buy skill." -- Ross Seyfried
pkg_add: how to specify both flavor and branch
Hello, `pkg_add gnupg` is ambiguous since there is both gnupg-1.4.23p3-card-ldap, gnupg-1.4.23p3 and gnupg-2.2.12p0, but neither `pkg_add gnupg%2.2`, `pkg_add gnupg--%2.2` nor `pkg_add gnupg%2.2--` work. So how do i specify the exact package in this case? (I know that `pkg_add gnupg-2.2.12p0` works, but I rather not specify the version down to the patch level in my deploy script.) Kind regards, Thomas
Re: OpenBSD PPPOE
peterwkc writes: > Dear All, > > I would like to setup my openbsd as router. > /etc/hostname.fxp0 > up > > /etc/hostname.pppoe0 > pppoedev fxp0 authproto pap authname "" authkey "" up > dest 0.0.0.1 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > > Not able to get a connection. What wrong with it? > > > > -- > Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html > Hello, I've already had the similar (same?) issue with PPPoE on OpenBSD 6.5 and 6.6 when I tried to simply use the example from man pppoe(4). After looking through source code I thought it's like needed configuration structs are not fully populated (missed dest value), as if it were 2 different commands (inet 0.0.0.0… and dest 0.0.0.1), but looks like it wants both address and dest being set during one single configuration line (command). So I've just used slightly different config format, with both address and source set in one single line: #cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev cnmac0 authproto chap authname ' authkey ' up !/sbin/route add default -ifp pppoe0 0.0.0.1 And it works very well for me! So I hope this would help you tooo. P.S. Also would be nice if anyone with knowledge of C language look once more at this example from man pppoe(4) and verified it against current pppoe initialization code… best regards, -- Andrey Korobkov
Question about marketability of OpenBSD Laptops
I have read many stories about small business owners waking up one day and their bank accounts are empty, due to banking malware like Zeus, others are victimized by ransomware and have to pay a fee to get their files back. It seems like most of the victims were using windows computers when these attacks happened, as far as I know Zeus only works on Microsoft Windows, not Unix or Linux. I was thinking of offering some refurbished older Dell Laptops for sale with OpenBSD installed, to use specifically with online banking, $149 for Dell Vostro 1500 with 120 GB SSD and 2 GB RAM, and $249 for Dell Latitude e6400 with 240 GB SSD, and 8 GB of RAM, and for a an extra fee, make 240 GB and 480 GB or 1 TB or 2 TB SSD an upgrade option for them. Since they are laptops, they can easily be moved around and are portable and people can even travel with them and use them while traveling for their banking transactions. I was not able to get wifi to work on the Dell Vostro, but that is ok, since wifi can be an attack vector, I think they will be more secure with only a hardwire Lan connection. While it is true that some small business owners have some good IT skills and could install OpenBSD themselves, I am thinking of it as a product for the small business owner who has minimal IT skills. Someone, most likely an open source puirist, criticized this idea on IRC but I think it is actually a really good idea for the small business owner with minimal IT skills. I just wanted to know everyone's opinion of this idea? and also would I be able to advertise my contact information on the commercial section of OpenBSD.org for these specialty laptops? Thanks. *Michael G. Workman* (321) 432-9295 michael.g.work...@gmail.com
Re: OpenBSD PPPOE
Andrey Korobkov writes: > Hello, > > I've already had the similar (same?) issue with PPPoE on OpenBSD 6.5 and > 6.6 when I tried to simply use the example from man pppoe(4). > > After looking through source code I thought it's like needed > configuration structs are not fully populated (missed dest value), as if > it were 2 different commands (inet 0.0.0.0… and dest 0.0.0.1), but looks > like it wants both address and dest being set during one single configuration > line (command). > > So I've just used slightly different config format, with both address and > source set in one single line: > > #cat /etc/hostname.pppoe0 > inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev cnmac0 authproto chap authname > ' authkey ' up > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > And it works very well for me! So I hope this would help you tooo. > > P.S. Also would be nice if anyone with knowledge of C language look once > more at this example from man pppoe(4) and verified it against current pppoe > initialization code… > > > best regards, > -- > Andrey Korobkov > Sorry, my mistake. I probably forgot word NONE in first config line. Just tested again and it worked even as in man pppoe(4) example. Sorry, -- Andrey Korobkov
Re: Question about marketability of OpenBSD Laptops
On Sat, Jan 25, 2020 at 05:49:04PM -0500, Michael G Workman wrote: > I have read many stories about small business owners waking up one day and > their bank accounts are empty, due to banking malware like Zeus, others are > victimized by ransomware and have to pay a fee to get their files back. > > It seems like most of the victims were using windows computers when these > attacks happened, as far as I know Zeus only works on Microsoft Windows, > not Unix or Linux. > > I was thinking of offering some refurbished older Dell Laptops for sale > with OpenBSD installed, to use specifically with online banking, $149 for > Dell Vostro 1500 with 120 GB SSD and 2 GB RAM, and $249 for Dell Latitude > e6400 with 240 GB SSD, and 8 GB of RAM, and for a an extra fee, make 240 GB > and 480 GB or 1 TB or 2 TB SSD an upgrade option for them. Since they are > laptops, they can easily be moved around and are portable and people can > even travel with them and use them while traveling for their banking > transactions. > > I was not able to get wifi to work on the Dell Vostro, but that is ok, > since wifi can be an attack vector, I think they will be more secure with > only a hardwire Lan connection. > > While it is true that some small business owners have some good IT skills > and could install OpenBSD themselves, I am thinking of it as a product for > the small business owner who has minimal IT skills. > > Someone, most likely an open source puirist, criticized this idea on IRC > but I think it is actually a really good idea for the small business owner > with minimal IT skills. > > I just wanted to know everyone's opinion of this idea? and also would I be > able to advertise my contact information on the commercial section of > OpenBSD.org for these specialty laptops? > > Thanks. > > *Michael G. Workman* > (321) 432-9295 > michael.g.work...@gmail.com First, there is no commercial section of OpenBSD to advertise on. As far as your seemingly brilliant idea, it won't work. Try this. Put OpenBSD on a USB stick. Then try to get ANYONE to boot it on their laptop/desktop. I gave up after about 25 tries over the years. Next, try this. Give away a few laptops with OpenBSD already installed for free. Check back with these people 3 months later. You won't find a single one with OpenBSD still installed unless they just stuffed it in a closet. Nobody wants to do what is necessary for security. It's just "too hard". We will continue to see security breaches ad infinutum. That's just the way it "Just doesn't works". When I was a kid and we had some new type of food that was really tasty. I would offer a taste to my other friends who were kids too. "I don't like that!" was always the response. They refused to even taste it. I would say, but you've never ever even tried this before! "I don't care. I just don't like the way it tastes". That, sadly is the way the real world works. It's nonsense. But that's just the way it is. Good luck, hopefully you can make it work. Please don't put any serious money into it before trying my two above suggestions. -- Chris Bennett
Re: Question about marketability of OpenBSD Laptops
Thank you sir for your reply, it is duly noted. :-) *Michael G. Workman* (321) 432-9295 michael.g.work...@gmail.com On Sat, Jan 25, 2020 at 7:26 PM Chris Bennett < cpb_m...@bennettconstruction.us> wrote: > On Sat, Jan 25, 2020 at 05:49:04PM -0500, Michael G Workman wrote: > > I have read many stories about small business owners waking up one day > and > > their bank accounts are empty, due to banking malware like Zeus, others > are > > victimized by ransomware and have to pay a fee to get their files back. > > > > It seems like most of the victims were using windows computers when these > > attacks happened, as far as I know Zeus only works on Microsoft Windows, > > not Unix or Linux. > > > > I was thinking of offering some refurbished older Dell Laptops for sale > > with OpenBSD installed, to use specifically with online banking, $149 for > > Dell Vostro 1500 with 120 GB SSD and 2 GB RAM, and $249 for Dell Latitude > > e6400 with 240 GB SSD, and 8 GB of RAM, and for a an extra fee, make 240 > GB > > and 480 GB or 1 TB or 2 TB SSD an upgrade option for them. Since they are > > laptops, they can easily be moved around and are portable and people can > > even travel with them and use them while traveling for their banking > > transactions. > > > > I was not able to get wifi to work on the Dell Vostro, but that is ok, > > since wifi can be an attack vector, I think they will be more secure with > > only a hardwire Lan connection. > > > > While it is true that some small business owners have some good IT skills > > and could install OpenBSD themselves, I am thinking of it as a product > for > > the small business owner who has minimal IT skills. > > > > Someone, most likely an open source puirist, criticized this idea on IRC > > but I think it is actually a really good idea for the small business > owner > > with minimal IT skills. > > > > I just wanted to know everyone's opinion of this idea? and also would I > be > > able to advertise my contact information on the commercial section of > > OpenBSD.org for these specialty laptops? > > > > Thanks. > > > > *Michael G. Workman* > > (321) 432-9295 > > michael.g.work...@gmail.com > > First, there is no commercial section of OpenBSD to advertise on. > > As far as your seemingly brilliant idea, it won't work. > > Try this. Put OpenBSD on a USB stick. Then try to get ANYONE to boot it > on their laptop/desktop. I gave up after about 25 tries over the years. > > Next, try this. Give away a few laptops with OpenBSD already installed > for free. Check back with these people 3 months later. You won't find a > single one with OpenBSD still installed unless they just stuffed it in a > closet. > > Nobody wants to do what is necessary for security. It's just "too hard". > We will continue to see security breaches ad infinutum. > That's just the way it "Just doesn't works". > > When I was a kid and we had some new type of food that was really tasty. > I would offer a taste to my other friends who were kids too. > "I don't like that!" was always the response. They refused to even taste > it. > I would say, but you've never ever even tried this before! > "I don't care. I just don't like the way it tastes". > > That, sadly is the way the real world works. > It's nonsense. But that's just the way it is. > > Good luck, hopefully you can make it work. Please don't put any serious > money into it before trying my two above suggestions. > > -- > Chris Bennett > > >
