Re: memmem

[Florian Obser]

On Tue, Apr 14, 2020 at 06:52:21AM +, Roderick wrote:
> Is that not a little too primitive?

I thought so, too. No context, no explanation just a one-liner.

-- 
I'm not entirely sure you are real.

Multiple (hybrid) factors for SSH authentication

[info]

Hello,

Please suggest is it possible or may be planned in the future to allow multiple 
factors at the same time (a user would choose several of them for a single 
session):

1) General (non post quantum resistant) elliptical asymmetric SSH key1 in the 
file system
2) General (non post quantum resistant) elliptical asymmetric SSH key2 in a 
strong crypto token like Rutoken ECP2 or Nitrokey Pro2
3) FIDO2 token

4) Post quantum cryptography key, may be an algorithm from:
https://github.com/open-quantum-safe/liboqs#supported-algorithms

Something like:
https://github.com/open-quantum-safe/openssh-portable
but more modern like post 8.2 and able to choose several private keys at the 
same time to create(derive) a symmetric session key from all of them.

It would be better if SSH would support an unlimited number of configured key 
pairs at the same time for a single session (require all several key pairs) key 
generation or at least 5-10 to make different combinations of key storage and 
key algorithms (like a more hybrid than it is now).

Re: WLAN throughput less 10Mb/s

[Stefan Sperling]

On Mon, Apr 13, 2020 at 10:42:18PM +0200, Mario Theodoridis wrote:
> > Also, athn(4) does not support Tx aggregation yet, and 40 MHz channels are
> > not yet suppored either. In practice this means the driver won't be 
> > noticably
> > faster in 11n mode than it is in 11a/g modes. For now, I would recommend
> > using 11a mode if you want it to be as fast as possible.
> 
> Hmm, using
> media autoselect mode 11a mediaopt hostap
> nwid foo
> wpaprotos wpa2
> wpakey mysecret
> up
> 
> Brings the inteface up alright, but i don't see any 5 or 2.4 GHz signal with
> a Wifi analyzer nor can i connect.

The 'nwid' and 'wpakey' options should appear on the same line.

You don't need to specify 'wpaprotos wpa2' since this is the default.

> > is going to help when your channel is heavily used by one or more other
> > wifi networks. Ensure that your AP is running on a channel where no other
> > wifi networks can be seen in a scan.
> 
> The channel is available, but i am only using one antenna. I remember trying
> with both didn't help, though.

If you use 11n mode you must have 2 antennas connected for MIMO.
Otherwise it will perform rather badly since MIMO frames (MCS-8 to MCS-15)
are going to be lost.

> > > OpenBSD 6.6 (GENERIC.MP) #7: Thu Mar 12 11:55:22 MDT 2020
> > 
> > One way you could help is to keep following -current, upgrade a day or so
> > after any wifi-related commits happen, and letting us know if things are
> > better or worse compared to a previous snapshots.
> 
> I'm looking into that.
> 
> Meanwhile is there a mini PCI chipset that will do 54Mb or more in hostap
> mode?

54Mbit where? You're not going to see tcpbench displaying "54Mbps" on a
"54Mbit" AP if that's what you're expecting to see.
Typically "54 Mbit" refers to a specific modulation scheme (64-QAM with a
3/4 coding rate) used to transmit the data payload of an 802.11 frame.
But transmitting a frame involves a lot more than just sending payload data,
so user-visible data rates are much lower and depend on many factors.
In my experience tcpbench over 11a maxes out at around 20-30 Mbps on a
clean channel.

Regarding other chipsets, if you want the fastest possible AP on OpenBSD
your best option right now is to get a bwfm(4) device, which offloads almost
all of its 802.11 operation into a firmware blob running in the embedded
system on the device. So far, this is the only way to have an OpenBSD 11ac
AP (with the caveat that about the only OpenBSD wifi code you're running
is the code that handles WPA handshakes; everything else is offloaded).

Re: memmem

[Roderick]

On Tue, 14 Apr 2020, Florian Obser wrote:


I thought so, too. No context, no explanation just a one-liner.


I mean the algorithm. It seems there is a lot of hard work to do
with string routines. Also the regular expressions in OpenBSD seems
to be the inefficient, perhaps historical implementation of
Henry Spencer.

BTW. It would be interesting to have something like memmem, but to search
many substrings at the same time. And to have back references in
lex/flex would be fantastic! :)

Rod.

Re: Will windows 10 boot after installing openBSD?

[Kevin Chadwick]

You can also install Windows after and boot OpenBSD quite easily by following
the faq. This is not easy on grub/Linux as grub is greedy. Atleast the guides
that I found for grub/Linux, failed to work. I have no interest in running Linux
these days though and little interest then. I had the notion that my mum might
find updating easier. Now the opposite is certainly true. In fact, I had to tell
a grafana user on slack about apt-get dist-upgrade recently just to install
grafana. Also, when I did try a wifi experiment with fedora, it's recovery
kernel managed to break *itself* (yum or rather it's new name, broke/failed to
update it over time). Perhaps it had something to do with building the wifi
module, but recovery kernels should not break!

Well done on many counts, OpenBSD!

Re: WLAN throughput less 10Mb/s

[Kevin Chadwick]

On 2020-04-14 09:21, Stefan Sperling wrote:
> Regarding other chipsets, if you want the fastest possible AP on OpenBSD
> your best option right now is to get a bwfm(4) device, which offloads almost
> all of its 802.11 operation into a firmware blob running in the embedded
> system on the device.

Interesting.

BWFM(4)
CAVEATS
 The firmware is outdated and contains known vulnerabilities.

Any more information on the seriousness of these vulnerabilities?

I can probably look it up in CVS actually but figured it *may* be prudent of me
to highlight that caveat on the list explicitly, in any case.

Re: WLAN throughput less 10Mb/s

[Stefan Sperling]

On Tue, Apr 14, 2020 at 11:37:24AM +0100, Kevin Chadwick wrote:
> On 2020-04-14 09:21, Stefan Sperling wrote:
> > Regarding other chipsets, if you want the fastest possible AP on OpenBSD
> > your best option right now is to get a bwfm(4) device, which offloads almost
> > all of its 802.11 operation into a firmware blob running in the embedded
> > system on the device.
> 
> Interesting.
> 
> BWFM(4)
> CAVEATS
>  The firmware is outdated and contains known vulnerabilities.
> 
> Any more information on the seriousness of these vulnerabilities?
> 
> I can probably look it up in CVS actually but figured it *may* be prudent of 
> me
> to highlight that caveat on the list explicitly, in any case.
 
I honestly don't know and don't really care. Even if we knew what publicly
known or unknown bugs linger in there, we couldn't do anything about it.
All we can really do is upgrade the firmware and hope for the best.

The same is true for the Intel wifi chips.

What's nice about athn(4) is that the full software stack from driver to
hardware is open source, including firmware for USB devices. So it's
possible to fix issues, though it can be quite hard to fix known bugs.
No firmware abstraction means the driver needs to deal with a lot of
complexity all by itself, i.e. problems that engineers at vendors with
proper testing equipment and low-level expertise tend to deal with.

Re: Wine for OpenBSD?

[Oddmund G.]

Le 11/04/2020 à 14:25, Peter Nicolai Mathias Hansteen a écrit

11. apr. 2020 kl. 12:15 skrev Nikita Stepanov :

Wine for OpenBSD?



Oh, OpenBSD goes well with most kinds of wine, just don’t overdo it. Same with 
beer, liquors as always.

All the best,

—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.


Bonjour,

While my ThinkPad supported wine quite well, OpenBSD unfortunately 
collapsed...:-D


I asked for help about a week ago, but nobody bothered answering, not 
even with the common 'do your homework' comment.


I managed to solve the problem myself without reinstallation and 
everything is fine. I am not really a newbie, as I started using 
computers about 45 years ago (at the university of your town, Peter). I 
have been working for IBM and DEC and should probably not need to ask 
for help, but I am getting older (approaching 70) and I have forgotten 
certain Unix mechanisms.


Since the ongoing corporate takeover of GNU+Linux, with all imaginable 
and disastrous consequences, I am very thankful for having OpenBSD and 
being able to use it. I will avoid spilling Wine on laptops in the 
future, crossing my fingers and hoping for OpenBSD to last as long as I 
live...


Cheers,

Oddmund

Running gunicorn with rcclt

[Flipchan]

Hey, im trying to run a python app with gunicon-3 and rcctl

computer# cat /etc/rc.conf.local 
httpd_flags= 
guni_flags="-c /home/testuser/stuff/main.ini -D flaskapp:app" 
guni_user=testuser 
pkg_scripts=tor 

computer# cat /etc/rc.d/guni 
#!/bin/ksh 
# 
# $OpenBSD: Exp $ 

daemon="/usr/local/bin/gunicorn-3" 
 . /etc/rc.d/rc.subr 

#rc_pre() { #   rm /home/testuser/stuff/pid.pid #} 

rc_stop() { 
kill -9 `cat /home/testuser/stuff/pid.pid` 
#   rm /home/testuser/stuff/pid.pid
} 
rc_cmd $1 

#cat /home/testuser/stuff/main.ini 
bind = "0.0.0.0:8801" 
workers = 5 
pidfile = '/home/testuser/stuff/pid.pid' 

so this works: 
/usr/local/bin/gunicorn-3 -c /home/testuser/stuff/main.ini -D flaskapp:app 

but rcctl start guni just returns ok as it was started and doesnt start it.
 what am i doing wrong? Thanks

Re: Running gunicorn with rcclt

[Flipchan]

More debug data:

sh -x /etc/rc.d/guni check 
...
 + eval _rctimeout=${guni_timeout} 
+ _rctimeout= 
+ getcap -f /etc/login.conf testuser 
+ > /dev/null 
+ 2>&1 
+ daemon_class=daemon 
+ [ -z ] 
+ daemon_rtable=0 
+ [ -z ] 
+ daemon_user=root 
+ [ -z 60 ] 
+ [ -n -o check != start ] 
+ [ X-c /home/testuser/stuff/main.ini -D flaskapp:app = XNO ] 
+ [ -n -c /home/testuser/stuff/main.ini -D flaskapp:app ] 
+ daemon_flags=-c /home/testuser/stuff/main.ini -D flaskapp:app 
+ [ -n ] 
+ [ -n testuser ] 
+ daemon_user=testuser 
+ [ -n ] 
+ [ -n ] 
+ readonly daemon_class 
+ unset _rcflags _rcrtable _rcuser _rctimeout
 + eval echo /usr/local/bin/gunicorn-3 -c /home/testuser/stuff/main.ini -D 
flaskapp:app 
+ echo /usr/local/bin/gunicorn-3 -c /home/testuser/stuff/main.ini -D 
flaskapp:app 
+ pexp=/usr/local/bin/gunicorn-3 -c /home/testuser/stuff/main.ini -D 
flaskapp:app 
+ rcexec=su -l -c daemon -s /bin/sh testuser -c 
+ id -R 
+ [ 0 -eq 0 ] 
+ rc_cmd check 
guni(failed)

On April 14, 2020 3:30:40 PM GMT+02:00, Flipchan  wrote:
>Hey, im trying to run a python app with gunicon-3 and rcctl
>
>computer# cat /etc/rc.conf.local 
>httpd_flags= 
>guni_flags="-c /home/testuser/stuff/main.ini -D flaskapp:app" 
>guni_user=testuser 
>pkg_scripts=tor 
>
>computer# cat /etc/rc.d/guni 
>#!/bin/ksh 
># 
># $OpenBSD: Exp $ 
>
>daemon="/usr/local/bin/gunicorn-3" 
> . /etc/rc.d/rc.subr 
>
>#rc_pre() { #  rm /home/testuser/stuff/pid.pid #} 
>
>rc_stop() {
>kill -9 `cat /home/testuser/stuff/pid.pid` 
>#  rm /home/testuser/stuff/pid.pid
>} 
>rc_cmd $1 
>
>#cat /home/testuser/stuff/main.ini 
>bind = "0.0.0.0:8801" 
>workers = 5 
>pidfile = '/home/testuser/stuff/pid.pid' 
>
>so this works: 
>/usr/local/bin/gunicorn-3 -c /home/testuser/stuff/main.ini -D
>flaskapp:app 
>
>but rcctl start guni just returns ok as it was started and doesnt start
>it.
> what am i doing wrong? Thanks

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Ottavio Caruso]

On Tue, 14 Apr 2020 at 12:06, Oddmund G.  wrote:
> Since the ongoing corporate takeover of GNU+Linux,

GNU, whether we like them or not, have not been and will not be taken
over by "corporate", as long as Stallman is alive.

As for Linux, it is not an OS but just a kernel. The only distros that
has been taken over by "corporate" are Red Hat (but it was annoyingly
corporate-friendly even before it was bought by IBM) and SuSE. The
remaining  have not been taken over by
"corporate" if they wanted to.

Cheap digs don't usually get the facts right.

-- 
Ottavio Caruso

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Oddmund G.]

Le 14/04/2020 à 15:49, Ottavio Caruso a écrit :

On Tue, 14 Apr 2020 at 12:06, Oddmund G.  wrote:

Since the ongoing corporate takeover of GNU+Linux,

GNU, whether we like them or not, have not been and will not be taken
over by "corporate", as long as Stallman is alive.

As for Linux, it is not an OS but just a kernel. The only distros that
has been taken over by "corporate" are Red Hat (but it was annoyingly
corporate-friendly even before it was bought by IBM) and SuSE. The
remaining  have not been taken over by
"corporate" if they wanted to.

Cheap digs don't usually get the facts right.

I know all this, Ottavio. I have been using GNU+Linux since 1994 after 
several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, 
then Debian until the forced introduction of systemd and the rest of the 
crap being considered as 'much better' and 'mandatory'.


Even FSF has swallowed this, because systemd is 'free software', 
Trisquel being Ubuntu-based adopted it as if nothing had happened or 
they probably thougfht they had no choice. Stallman pissed in his pants 
and is not relevant any more.


Corporate takeovers does not happen overnight and there are some 
resistance. 60-70 Linux 'distributions' are still using non-systemd 
inits. The problem is that the 'big' core distributions are being 
streamlined to be 'compatible' with 'New Linu$'. Micro$oft became a 
member of the Linu$ Foundation almost four years ago. I strongly believe 
that it was not for 'fun'...


Linux is doomed. Closer 'integration' of systemd, pulseaudio, wayland 
++. with other system components will make it very difficult, if not 
impossible to continue resisting and keeping up alternative GNU+Linux 
development in the future. This was one of the reasons why I switched to 
OpenBSD a couple of years ago. I tried it for a while by the end of the 
'90s, but it wasn't adapted to what I was doing at that time, so I 
switched back to Debian.


Now I am retired and it is absolutely perfect! Thank you Theo & all the 
other guys & girls keeping it alive and kickin'!


Cheers,

Oddmund

Re: WLAN throughput less 10Mb/s

[Mario Theodoridis]

On 14.04.2020 10:21, Stefan Sperling wrote:

Hmm, using
media autoselect mode 11a mediaopt hostap
nwid foo
wpaprotos wpa2
wpakey mysecret
up

Brings the inteface up alright, but i don't see any 5 or 2.4 GHz signal with
a Wifi analyzer nor can i connect.


The 'nwid' and 'wpakey' options should appear on the same line.

You don't need to specify 'wpaprotos wpa2' since this is the default.


Got it. Yes, it's working now, but the bandwidth is the same.



The channel is available, but i am only using one antenna. I remember trying
with both didn't help, though.


If you use 11n mode you must have 2 antennas connected for MIMO.
Otherwise it will perform rather badly since MIMO frames (MCS-8 to MCS-15)
are going to be lost.


Ok, so with a,b or g this ought to be fine fine, then.



Meanwhile is there a mini PCI chipset that will do 54Mb or more in hostap
mode?


54Mbit where? You're not going to see tcpbench displaying "54Mbps" on a
"54Mbit" AP if that's what you're expecting to see.
Typically "54 Mbit" refers to a specific modulation scheme (64-QAM with a
3/4 coding rate) used to transmit the data payload of an 802.11 frame.
But transmitting a frame involves a lot more than just sending payload data,
so user-visible data rates are much lower and depend on many factors.
In my experience tcpbench over 11a maxes out at around 20-30 Mbps on a
clean channel.


I didn't know that, but that's what i meant.



Regarding other chipsets, if you want the fastest possible AP on OpenBSD
your best option right now is to get a bwfm(4) device, which offloads almost
all of its 802.11 operation into a firmware blob running in the embedded
system on the device. So far, this is the only way to have an OpenBSD 11ac
AP (with the caveat that about the only OpenBSD wifi code you're running
is the code that handles WPA handshakes; everything else is offloaded).


Hm, that's almost like buying a wlan router, not really what i want.



Mit freundlichen Grüßen/Best regards

Mario Theodoridis

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Raymond, David]

Amen to all that.  Arch Linux worked for me for many years, but the
Arch philosophy of adopting bleeding edge software has become
increasingly difficult to deal with, given the corporate takeover of
Linux.  Started out with BSD in the early days, moved to Slackware,
Debian, and then Arch.  Finally got fed up and explored the major BSD
derivatives and OpenBSD was the only one I found where things just
work (most of the time!).

Kudos to Theo and everybody involved.  I try to help where I can,
though my abilities and time are limited even in retirement.

Dave

On 4/14/20, Oddmund G.  wrote:
> Le 14/04/2020 à 15:49, Ottavio Caruso a écrit :
>> On Tue, 14 Apr 2020 at 12:06, Oddmund G.  wrote:
>>> Since the ongoing corporate takeover of GNU+Linux,
>> GNU, whether we like them or not, have not been and will not be taken
>> over by "corporate", as long as Stallman is alive.
>>
>> As for Linux, it is not an OS but just a kernel. The only distros that
>> has been taken over by "corporate" are Red Hat (but it was annoyingly
>> corporate-friendly even before it was bought by IBM) and SuSE. The
>> remaining  have not been taken over by
>> "corporate" if they wanted to.
>>
>> Cheap digs don't usually get the facts right.
>>
> I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning,
> then Debian until the forced introduction of systemd and the rest of the
> crap being considered as 'much better' and 'mandatory'.
>
> Even FSF has swallowed this, because systemd is 'free software',
> Trisquel being Ubuntu-based adopted it as if nothing had happened or
> they probably thougfht they had no choice. Stallman pissed in his pants
> and is not relevant any more.
>
> Corporate takeovers does not happen overnight and there are some
> resistance. 60-70 Linux 'distributions' are still using non-systemd
> inits. The problem is that the 'big' core distributions are being
> streamlined to be 'compatible' with 'New Linu$'. Micro$oft became a
> member of the Linu$ Foundation almost four years ago. I strongly believe
> that it was not for 'fun'...
>
> Linux is doomed. Closer 'integration' of systemd, pulseaudio, wayland
> ++. with other system components will make it very difficult, if not
> impossible to continue resisting and keeping up alternative GNU+Linux
> development in the future. This was one of the reasons why I switched to
> OpenBSD a couple of years ago. I tried it for a while by the end of the
> '90s, but it wasn't adapted to what I was doing at that time, so I
> switched back to Debian.
>
> Now I am retired and it is absolutely perfect! Thank you Theo & all the
> other guys & girls keeping it alive and kickin'!
>
> Cheers,
>
> Oddmund
>
>


-- 
David J. Raymond
david.raym...@nmt.edu
http://physics.nmt.edu/~raymond

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[David Demelier]

Le 14/04/2020 à 17:10, Oddmund G. a écrit :

Linux is doomed. Closer 'integration' of systemd, pulseaudio, wayland


Wayland isn't that bad. It solves many things by reducing the display 
complexity and is much faster than X.Org. The real problem is by being 
simple; many compositors (~= window managers) started to implement their 
own drawing API leading in many effort duplication.


with other system components will make it very difficult, if not 
impossible to continue resisting and keeping up alternative GNU+Linux 
development in the future. This was one of the reasons why I switched to 
OpenBSD a couple of years ago.


I'm also loving OpenBSD for its simplicity but unable to use it as a 
daily driver because of hardware support so I have a dualboot with 
Alpine Linux which I could recommend for people who love simplicity and 
elegance but can't stick with OpenBSD yet. Note that not all 
distributions are based on GNU and so for this naming GNU+Linux or 
GNU/Linux should not be used anymore.


Now I am retired and it is absolutely perfect! Thank you Theo & all the 
other guys & girls keeping it alive and kickin'!


Could not agree more. I wish I could contribute to kernel code but I'm 
far from a hardware developer :).


--
David

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Consus]

On Tue, Apr 14, 2020 at 05:10:14PM +0200, Oddmund G. wrote:
> I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, then
> Debian until the forced introduction of systemd and the rest of the crap
> being considered as 'much better' and 'mandatory'.

Because systemd is good enough "base tools suite". Think of it as a base
system like OpenBSD provides. It has a _lot_ of issues with reliability,
consistency and whatever, but simply put, other Linux folks failed to
provide similar tools. Maybe someday someone will make something better.

Re: Running gunicorn with rcclt

[Daniel Winters]

>> Hey, im trying to run a python app with gunicon-3 and rcctl
>> but rcctl start guni just returns ok as it was started and doesnt start
>> it. what am i doing wrong? Thanks

I am successfully running a flask apps (named "webapp" as an example)
with gunicorn using the following /etc/rc.d/webapp script:

#!/bin/ksh

daemon="/usr/local/bin/gunicorn-3 -D"
daemon_user="www"
daemon_flags="--bind 127.0.0.1:8000 --chdir /var/www/webapp --name webapp 
webapp:app"

. /etc/rc.d/rc.subr

pexp=".*gunicorn: master \[webapp\].*"

rc_cmd $1

Cheers,
Daniel

Re: Running gunicorn with rcclt

[Flipchan]

have u put anything in rc.conf.local ? 

Thanks

On April 14, 2020 7:25:05 PM GMT+02:00, Daniel Winters  
wrote:
>>> Hey, im trying to run a python app with gunicon-3 and rcctl
>>> but rcctl start guni just returns ok as it was started and doesnt
>start
>>> it. what am i doing wrong? Thanks
>
>I am successfully running a flask apps (named "webapp" as an example)
>with gunicorn using the following /etc/rc.d/webapp script:
>
>#!/bin/ksh
>
>daemon="/usr/local/bin/gunicorn-3 -D"
>daemon_user="www"
>daemon_flags="--bind 127.0.0.1:8000 --chdir /var/www/webapp --name
>webapp webapp:app"
>
>. /etc/rc.d/rc.subr
>
>pexp=".*gunicorn: master \[webapp\].*"
>
>rc_cmd $1
>
>Cheers,
>Daniel

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[info]

There are IMHO a few of good systemD free Linux distros:
Devuan - Debian without systemD
Parabola - Arch without systemD

Alpine unfortunately lacks verification of checksums of earlier installed files.

Like wajig integrity (debsums) in Devuan.

More info about verification:
https://wiki.archlinux.org/index.php/Pacman/Rosetta#Verification_and_repair

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Raul Miller]

On Tue, Apr 14, 2020 at 1:37 PM Consus  wrote:
> On Tue, Apr 14, 2020 at 05:10:14PM +0200, Oddmund G. wrote:
> > I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> > several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, then
> > Debian until the forced introduction of systemd and the rest of the crap
> > being considered as 'much better' and 'mandatory'.
>
> Because systemd is good enough "base tools suite". Think of it as a base
> system like OpenBSD provides. It has a _lot_ of issues with reliability,
> consistency and whatever, but simply put, other Linux folks failed to
> provide similar tools. Maybe someday someone will make something better.

I think that thinking of it this way would be some kind of mistake:

Last I checked, systemd was not modular, was poorly documented,
exhibited incompatibilities with basically all historical interfaces,
and had introduced a variety of boot-time race conditions (which
mostly hit people who tried to change the configuration from the
default). These are all solvable problems, but OpenBSD is not the only
distribution which suffers from a lack of competent contributions.

I don't think Linux is particularly doomed -- computer systems tend to
stick around far longer than most sales pitches would have you
believe. But these are concerning issues.

But that's also why these sorts of discussions tend to be fairly
worthless. While there are attractive things (for some use cases)
about systemd, the likelihood of a competent port to OpenBSD (which
addresses the above listed problems) isn't something anyone is
volunteering for. It would be a lot of work -- possibly a complete
rewrite and more work than anyone has put into systemd to date.

-- 
Raul

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Consus]

On Tue, Apr 14, 2020 at 03:12:18PM -0400, Raul Miller wrote:
> On Tue, Apr 14, 2020 at 1:37 PM Consus  wrote:
> > On Tue, Apr 14, 2020 at 05:10:14PM +0200, Oddmund G. wrote:
> > > I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> > > several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, 
> > > then
> > > Debian until the forced introduction of systemd and the rest of the crap
> > > being considered as 'much better' and 'mandatory'.
> >
> > Because systemd is good enough "base tools suite". Think of it as a base
> > system like OpenBSD provides. It has a _lot_ of issues with reliability,
> > consistency and whatever, but simply put, other Linux folks failed to
> > provide similar tools. Maybe someday someone will make something better.
> 
> I think that thinking of it this way would be some kind of mistake:
> 
> Last I checked, systemd was not modular, was poorly documented,
> exhibited incompatibilities with basically all historical interfaces,
> and had introduced a variety of boot-time race conditions (which
> mostly hit people who tried to change the configuration from the
> default). These are all solvable problems, but OpenBSD is not the only
> distribution which suffers from a lack of competent contributions.

It is modular to a degree, but separating services requires a bit of
work so yeah, in this area systemd sucks. Documentation is pretty good
though.  I don't like the complexity of the thing, but I've never been
stuck because there is not enough docs.

Can't say much about historical interfaces.

> I don't think Linux is particularly doomed -- computer systems tend to
> stick around far longer than most sales pitches would have you
> believe. But these are concerning issues.

Systemd actually solved a bunch of problems so I don't think it's bad or
makes Linux "doomed".

> But that's also why these sorts of discussions tend to be fairly
> worthless.

Of course they are. Just a chit-chat.

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Raul Miller]

On Tue, Apr 14, 2020 at 3:38 PM Consus  wrote:
> It is modular to a degree, but separating services requires a bit of
> work so yeah, in this area systemd sucks. Documentation is pretty good
> though.  I don't like the complexity of the thing, but I've never been
> stuck because there is not enough docs.

Got any good docs on how to debug (or monitor) D-Bus issues?

Thanks,

--
Raul

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Consus]

On Tue, Apr 14, 2020 at 04:05:56PM -0400, Raul Miller wrote:
> On Tue, Apr 14, 2020 at 3:38 PM Consus  wrote:
> > It is modular to a degree, but separating services requires a bit of
> > work so yeah, in this area systemd sucks. Documentation is pretty good
> > though.  I don't like the complexity of the thing, but I've never been
> > stuck because there is not enough docs.
> 
> Got any good docs on how to debug (or monitor) D-Bus issues?

Sure, try busctl(1).

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Daniel Jakots]

On Tue, 14 Apr 2020 16:05:56 -0400, Raul Miller 
wrote:

> Got any good docs on how to debug (or monitor) D-Bus issues?

You're asking help to debug D-Bus on an OpenBSD mailing list? Why don't
you bring this sooo interesting discussion off-list?

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Consus]

On Tue, Apr 14, 2020 at 04:15:20PM -0400, Daniel Jakots wrote:
> On Tue, 14 Apr 2020 16:05:56 -0400, Raul Miller 
> wrote:
> 
> > Got any good docs on how to debug (or monitor) D-Bus issues?
> 
> You're asking help to debug D-Bus on an OpenBSD mailing list? Why don't
> you bring this sooo interesting discussion off-list?

OpenBSD has D-Bus too, nah?

Re: Running gunicorn with rcctl

[Daniel Winters]

> have u put anything in rc.conf.local ? 

Have a look at rc.d(8) for how this works, there are examples also.

No need for webapp_flags in /etc/rc.conf.local if you are happy with
the defaults already defined in the rc.d script, but you can override
the default values with an entry in rc.conf.local.

"rcctl enable webapp" will add "webapp" to the pkg_scripts variable in
/etc/rc.conf.local which will start the flask app on boot.


> On April 14, 2020 7:25:05 PM GMT+02:00, Daniel Winters  
> wrote:
> >>> Hey, im trying to run a python app with gunicon-3 and rcctl
> >>> but rcctl start guni just returns ok as it was started and doesnt
> >start
> >>> it. what am i doing wrong? Thanks
> >
> >I am successfully running a flask apps (named "webapp" as an example)
> >with gunicorn using the following /etc/rc.d/webapp script:
> >
> >#!/bin/ksh
> >
> >daemon="/usr/local/bin/gunicorn-3 -D"
> >daemon_user="www"
> >daemon_flags="--bind 127.0.0.1:8000 --chdir /var/www/webapp --name
> >webapp webapp:app"
> >
> >. /etc/rc.d/rc.subr
> >
> >pexp=".*gunicorn: master \[webapp\].*"
> >
> >rc_cmd $1
> >
> >Cheers,
> >Daniel

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Theo de Raadt]

What the hell does this have to do with OpenBSD?


i...@aulix.com wrote:

> There are IMHO a few of good systemD free Linux distros:
> Devuan - Debian without systemD
> Parabola - Arch without systemD
> 
> Alpine unfortunately lacks verification of checksums of earlier installed 
> files.
> 
> Like wajig integrity (debsums) in Devuan.
> 
> More info about verification:
> https://wiki.archlinux.org/index.php/Pacman/Rosetta#Verification_and_repair
> 

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Theo de Raadt]

What does this have to do with OpenBSD?

Raul Miller  wrote:

> On Tue, Apr 14, 2020 at 1:37 PM Consus  wrote:
> > On Tue, Apr 14, 2020 at 05:10:14PM +0200, Oddmund G. wrote:
> > > I know all this, Ottavio. I have been using GNU+Linux since 1994 after
> > > several years with Ultrix/VMS/OpenVMS @DEC: Slackware in the beginning, 
> > > then
> > > Debian until the forced introduction of systemd and the rest of the crap
> > > being considered as 'much better' and 'mandatory'.
> >
> > Because systemd is good enough "base tools suite". Think of it as a base
> > system like OpenBSD provides. It has a _lot_ of issues with reliability,
> > consistency and whatever, but simply put, other Linux folks failed to
> > provide similar tools. Maybe someday someone will make something better.
> 
> I think that thinking of it this way would be some kind of mistake:
> 
> Last I checked, systemd was not modular, was poorly documented,
> exhibited incompatibilities with basically all historical interfaces,
> and had introduced a variety of boot-time race conditions (which
> mostly hit people who tried to change the configuration from the
> default). These are all solvable problems, but OpenBSD is not the only
> distribution which suffers from a lack of competent contributions.
> 
> I don't think Linux is particularly doomed -- computer systems tend to
> stick around far longer than most sales pitches would have you
> believe. But these are concerning issues.
> 
> But that's also why these sorts of discussions tend to be fairly
> worthless. While there are attractive things (for some use cases)
> about systemd, the likelihood of a competent port to OpenBSD (which
> addresses the above listed problems) isn't something anyone is
> volunteering for. It would be a lot of work -- possibly a complete
> rewrite and more work than anyone has put into systemd to date.
> 
> -- 
> Raul
> 

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Steve Litt]

On Tue, 14 Apr 2020 22:38:00 +0300
Consus  wrote:

> On Tue, Apr 14, 2020 at 03:12:18PM -0400, Raul Miller wrote:
> > last I checked, systemd was not modular, was poorly documented,
> > exhibited incompatibilities with basically all historical
> > interfaces, and had introduced a variety of boot-time race
> > conditions (which mostly hit people who tried to change the
> > configuration from the default). These are all solvable problems,
> > but OpenBSD is not the only distribution which suffers from a lack
> > of competent contributions.  
> 
> It is modular to a degree, but separating services requires a bit of

Here's the degree to which systemd is modular:

http://troubleshooters.com/linux/systemd/lol_systemd.htm

SteveT

Steve Litt
March 2020 featured book: Troubleshooting: Why Bother?
http://www.troubleshooters.com/twb

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Theo de Raadt]

What does this have to do with OpenBSD?


Steve Litt  wrote:

> On Tue, 14 Apr 2020 22:38:00 +0300
> Consus  wrote:
> 
> > On Tue, Apr 14, 2020 at 03:12:18PM -0400, Raul Miller wrote:
> > > last I checked, systemd was not modular, was poorly documented,
> > > exhibited incompatibilities with basically all historical
> > > interfaces, and had introduced a variety of boot-time race
> > > conditions (which mostly hit people who tried to change the
> > > configuration from the default). These are all solvable problems,
> > > but OpenBSD is not the only distribution which suffers from a lack
> > > of competent contributions.  
> > 
> > It is modular to a degree, but separating services requires a bit of
> 
> Here's the degree to which systemd is modular:
> 
> http://troubleshooters.com/linux/systemd/lol_systemd.htm
> 
> SteveT
> 
> Steve Litt
> March 2020 featured book: Troubleshooting: Why Bother?
> http://www.troubleshooters.com/twb
> 

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[zap]

On 04/14/2020 04:22 PM, Theo de Raadt wrote:
> What the hell does this have to do with OpenBSD?
>
>
Probably it has nothing to do with OpenBSD, since they are no longer
talking about wine for OpenBSD. 

But yeah, I for one am glad you take up the K.I.S.S way of doing things.

Linux is a beast that is going to crush itself someday. Not due to being
libre, but because its so overengineered that its complexity will kill it.

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[zap]

Well just to correct myself, seeming libre. It isn't actually that much
more libre than OpenBSD.


On 04/14/2020 05:54 PM, zap wrote:
>
> On 04/14/2020 04:22 PM, Theo de Raadt wrote:
>> What the hell does this have to do with OpenBSD?
>>
>>
> Probably it has nothing to do with OpenBSD, since they are no longer
> talking about wine for OpenBSD. 
>
> But yeah, I for one am glad you take up the K.I.S.S way of doing things.
>
> Linux is a beast that is going to crush itself someday. Not due to being
> libre, but because its so overengineered that its complexity will kill it.

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Theo de Raadt]

What do thsi have to with OpenBSD?


zap  wrote:

> Well just to correct myself, seeming libre. It isn't actually that much
> more libre than OpenBSD.
> 
> 
> On 04/14/2020 05:54 PM, zap wrote:
> >
> > On 04/14/2020 04:22 PM, Theo de Raadt wrote:
> >> What the hell does this have to do with OpenBSD?
> >>
> >>
> > Probably it has nothing to do with OpenBSD, since they are no longer
> > talking about wine for OpenBSD. 
> >
> > But yeah, I for one am glad you take up the K.I.S.S way of doing things.
> >
> > Linux is a beast that is going to crush itself someday. Not due to being
> > libre, but because its so overengineered that its complexity will kill it.
> 

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[Theo de Raadt]

What does this have to do with OpenBSD?

zap  wrote:

> 
> 
> 
> On 04/14/2020 04:22 PM, Theo de Raadt wrote:
> > What the hell does this have to do with OpenBSD?
> >
> >
> Probably it has nothing to do with OpenBSD, since they are no longer
> talking about wine for OpenBSD. 
> 
> But yeah, I for one am glad you take up the K.I.S.S way of doing things.
> 
> Linux is a beast that is going to crush itself someday. Not due to being
> libre, but because its so overengineered that its complexity will kill it.
> 

Reduce attack surface - Tomcat and guacamole...

[Steve Williams]

Hi,

For a R&D project, I am trying to get guacamole working to be able to 
access systems on my home network remotely.


Guacamole (I believe) needs to run under something like tomcat to serve 
up the java war file & application.


I really don't want to have Tomcat exposed to the Internet without some 
kind of authentication in front of it.


I was thinking of running Tomcat bound to localhost and using pf to 
redirect to it, but that doesn't add any security.


So, I was thinking of using some form of authpf to open up pf rules when 
I needed to access systems remotely.


But, I don't want to open up Tomcat to the world when I'm using 
guacamole, so is it possible to have authpf tweak pf rules so that the 
originating IP address of the ssh session would be the only one that 
could access Tomcat?


Is there something better that could be done?

I was thinking even httpd in front of tomcat with httpd authentication, 
but that doesn't seem to make sense to me at a high level.


I was looking at relayd but it doesn't seen to have any authentication 
mechanism built in.


Does anyone have some inspiration on how to provide a level of security 
before packets even hit Tomcat?


Thanks,
Steve Williams

passive-aggressive questions (was: RE: GNU+Linux corporate takeover, was: Wine for OpenBSD?)

[zeurkous]

theo wrote:
> What does this have to do with OpenBSD?

Alright, let's talk about leadership. Do you folks think Linus is a
better leader than Theo here?

There, OpenBSD angle restored.

(Yes, medoes wish that discussion about lunix et al. be toned down. Even
 so, mealso wishes that the passive-aggressive behaviour that theo just
 displayed here would stop.)

Love && cuddles,

--zeurkous.

P.S.: Be careful what you wish for.

-- 
Friggin' Machines!

Re: Reduce attack surface - Tomcat and guacamole...

[Allan Streib]

If you want it available only to remote hosts with an ssh session, why
not tunnel the tomcat port over the ssh connection?

Steve Williams  writes:

> Hi,
>
> For a R&D project, I am trying to get guacamole working to be able to 
> access systems on my home network remotely.
>
> Guacamole (I believe) needs to run under something like tomcat to serve 
> up the java war file & application.
>
> I really don't want to have Tomcat exposed to the Internet without some 
> kind of authentication in front of it.
>
> I was thinking of running Tomcat bound to localhost and using pf to 
> redirect to it, but that doesn't add any security.
>
> So, I was thinking of using some form of authpf to open up pf rules when 
> I needed to access systems remotely.
>
> But, I don't want to open up Tomcat to the world when I'm using 
> guacamole, so is it possible to have authpf tweak pf rules so that the 
> originating IP address of the ssh session would be the only one that 
> could access Tomcat?
>
> Is there something better that could be done?
>
> I was thinking even httpd in front of tomcat with httpd authentication, 
> but that doesn't seem to make sense to me at a high level.
>
> I was looking at relayd but it doesn't seen to have any authentication 
> mechanism built in.
>
> Does anyone have some inspiration on how to provide a level of security 
> before packets even hit Tomcat?
>
> Thanks,
> Steve Williams
>

RE: GNU+Linux corporate takeover, was: Wine for OpenBSD?

[zeurkous]

theo wrote:
> What do thsi have to with OpenBSD?
  

Drat. Someone discovered The Homoheterothropic Society for the
Intermezzanic! Mesupposes we'll have to disband.

--zeur.

-- 
Friggin' Machines!

Re: Reduce attack surface - Tomcat and guacamole...

[Sriram Narayanan]

On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams <
st...@williamsitconsulting.com> wrote:

> Hi,
>
> For a R&D project, I am trying to get guacamole working to be able to
> access systems on my home network remotely.
>
> Guacamole (I believe) needs to run under something like tomcat to serve
> up the java war file & application.
>
> I really don't want to have Tomcat exposed to the Internet without some
> kind of authentication in front of it.
>
> I was thinking of running Tomcat bound to localhost and using pf to
> redirect to it, but that doesn't add any security.
>
> So, I was thinking of using some form of authpf to open up pf rules when
> I needed to access systems remotely.
>
> But, I don't want to open up Tomcat to the world when I'm using
> guacamole, so is it possible to have authpf tweak pf rules so that the
> originating IP address of the ssh session would be the only one that
> could access Tomcat?
>
> Is there something better that could be done?
>
> I was thinking even httpd in front of tomcat with httpd authentication,
> but that doesn't seem to make sense to me at a high level.
>
> I was looking at relayd but it doesn't seen to have any authentication
> mechanism built in.
>
> Does anyone have some inspiration on how to provide a level of security
> before packets even hit Tomcat?


I suggest a VPN or Tomcat client cert auth on a non standard high port ( to
reduce the noise from standard scans ).

— Ram

Re: Switchable graphics intel/ati - Fatal error during GPU init

[Hemno Sapients]

On Wed, Apr 15, 2020 at 12:24:39AM +0200, Riccardo Mottola wrote:
> Hi!
> 
> My HP laptop has switchable graphics. When I first installed OpenBSD
> some releases ago, I had to disable in BIOS or it would freeze as soon
> as X started and showed a pointer.
> 
> Now, I thought, let's try again.: so many things improved!
> 
> Now, even during boot when I reach console, in dmesg I already see an issue:
> 
> initializing kernel modesetting (CAICOS 0x1002:0x6760 0x103C:0x167D 0x00).
> [drm] *ERROR* Unable to locate a BIOS ROM
> drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init
> [TTM] Memory type 2 has not been initialized
> drm1 detached
> radeondrm0 detached
> "ATI Radeon HD 6400M" rev 0x00 at pci1 dev 0 function 0 not configured
> inteldrm0: 1366x768, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> 
> 
> If I try to run X11, it does not even attempt radeon and simply runs on
> intel i965.
> 
> Am I missing some firmware? "fw_update" did not download me anything new.
> Or... some other "trick" ?
> 
> Thanks,
> 
> Riccardo
> 
I don't think OpenBSD's build of X.Org supports PRIME.

Switchable graphics intel/ati - Fatal error during GPU init

[Riccardo Mottola]

Hi!

My HP laptop has switchable graphics. When I first installed OpenBSD
some releases ago, I had to disable in BIOS or it would freeze as soon
as X started and showed a pointer.

Now, I thought, let's try again.: so many things improved!

Now, even during boot when I reach console, in dmesg I already see an issue:

initializing kernel modesetting (CAICOS 0x1002:0x6760 0x103C:0x167D 0x00).
[drm] *ERROR* Unable to locate a BIOS ROM
drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init
[TTM] Memory type 2 has not been initialized
drm1 detached
radeondrm0 detached
"ATI Radeon HD 6400M" rev 0x00 at pci1 dev 0 function 0 not configured
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0


If I try to run X11, it does not even attempt radeon and simply runs on
intel i965.

Am I missing some firmware? "fw_update" did not download me anything new.
Or... some other "trick" ?

Thanks,

Riccardo

Re: Reduce attack surface - Tomcat and guacamole...

[infoomatic]

some questions do arise:

1.) is the device which you intend to use under your control?

2.) how would you like to access systems in your home network


as for me I have a VPN service on my server so I can access all my
systems from a device I own when I am on the road. This saves me from
installing java and the like ... even a plain ssh reverse tunnel can
solve lots of those issues.


On 14.04.20 22:40, Steve Williams wrote:
> Hi,
>
> For a R&D project, I am trying to get guacamole working to be able to
> access systems on my home network remotely.
>
> Guacamole (I believe) needs to run under something like tomcat to
> serve up the java war file & application.
>
> I really don't want to have Tomcat exposed to the Internet without
> some kind of authentication in front of it.
>
> I was thinking of running Tomcat bound to localhost and using pf to
> redirect to it, but that doesn't add any security.
>
> So, I was thinking of using some form of authpf to open up pf rules
> when I needed to access systems remotely.
>
> But, I don't want to open up Tomcat to the world when I'm using
> guacamole, so is it possible to have authpf tweak pf rules so that the
> originating IP address of the ssh session would be the only one that
> could access Tomcat?
>
> Is there something better that could be done?
>
> I was thinking even httpd in front of tomcat with httpd
> authentication, but that doesn't seem to make sense to me at a high
> level.
>
> I was looking at relayd but it doesn't seen to have any authentication
> mechanism built in.
>
> Does anyone have some inspiration on how to provide a level of
> security before packets even hit Tomcat?
>
> Thanks,
> Steve Williams
>

Re: Reduce attack surface - Tomcat and guacamole...

[Steve Williams]

On 14/04/2020 4:13 p.m., Sriram Narayanan wrote:



On Wed, 15 Apr 2020 at 6:03 AM, Steve Williams 
> wrote:


Hi,

For a R&D project, I am trying to get guacamole working to be able to
access systems on my home network remotely.

Guacamole (I believe) needs to run under something like tomcat to
serve
up the java war file & application.

I really don't want to have Tomcat exposed to the Internet without
some
kind of authentication in front of it.

I was thinking of running Tomcat bound to localhost and using pf to
redirect to it, but that doesn't add any security.

So, I was thinking of using some form of authpf to open up pf
rules when
I needed to access systems remotely.

But, I don't want to open up Tomcat to the world when I'm using
guacamole, so is it possible to have authpf tweak pf rules so that
the
originating IP address of the ssh session would be the only one that
could access Tomcat?

Is there something better that could be done?

I was thinking even httpd in front of tomcat with httpd
authentication,
but that doesn't seem to make sense to me at a high level.

I was looking at relayd but it doesn't seen to have any
authentication
mechanism built in.

Does anyone have some inspiration on how to provide a level of
security
before packets even hit Tomcat?


I suggest a VPN or Tomcat client cert auth on a non standard high port 
( to reduce the noise from standard scans ).


— Ram


Hi,

The VPN doesn't work as I won't always have my own computer with me.  I 
am mobile, so sometimes a client's office where the network is locked 
down and I cannot use my own laptop.


For similar reasons  using a non standard high port, won't necessarily 
work from a client's office.  Additionally, I am trying to not expose 
Tomcat directly to the Internet and I don't really believe in security 
through obscurity (non standard high port).


Thanks for the input!

Cheers,
Steve W.

Re: passive-aggressive questions

[zap]

I think theo is about the same as Linus in how foul he can get...

but on the other hand, he at least doesn't wreck his software with
pointless things like redhat's crap, systemd for example, he  seems to
prefer the keep it simple stupid approach from what I have seen. I much
prefer security over complexity.

I'll be honest, i like libre software, but, libre software that is
insecure, aka redhat's bs, openssl, java, etc... is barely better than
proprietary software.

unix philosphy should have been kept in linux.  Because it wasn't,
well... Linux and GNU for that matter are going to take a hit again and
again, till they learn their damn lessons.

Very few linux people have learned this lesson.  Hyperbola is the only
one I know of that realizes linux is a dead end. I would hope you guys
would feel honored by this fact, but oh well.

Either way, I do have respect for you guys. Even if you don't realize it.


On 04/14/2020 06:08 PM, zeurk...@volny.cz wrote:
> theo wrote:
>> What does this have to do with OpenBSD?
> Alright, let's talk about leadership. Do you folks think Linus is a
> better leader than Theo here?
>
> There, OpenBSD angle restored.
>
> (Yes, medoes wish that discussion about lunix et al. be toned down. Even
>  so, mealso wishes that the passive-aggressive behaviour that theo just
>  displayed here would stop.)
>
> Love && cuddles,
>
> --zeurkous.
>
> P.S.: Be careful what you wish for.
>

Re: passive-aggressive questions

[j3s]

On 4/14/20 11:02 PM, zap wrote:

I'll be honest, i like libre software, but, libre software that is
insecure, aka redhat's bs, openssl, java, etc... is barely better than
proprietary software.


this is crap.


unix philosphy should have been kept in linux.  Because it wasn't,
well... Linux and GNU for that matter are going to take a hit again and
again, till they learn their damn lessons.


GNU isn't a collective of children to be punished. They're programmers 
volunteering their time and you sound like a sad person for treating 
them this way.


But also, Theo is right, none of this relates to OpenBSD; it seems like 
you just want a pedestal to piss on others from. This is not that place.

Re: passive-aggressive questions

[Theo de Raadt]

Nothing you are saying has any relevance to the use of OpenBSD.
The chatter is useless.

Stop it.


zap  wrote:

> 
> 
> I think theo is about the same as Linus in how foul he can get...
> 
> but on the other hand, he at least doesn't wreck his software with
> pointless things like redhat's crap, systemd for example, he  seems to
> prefer the keep it simple stupid approach from what I have seen. I much
> prefer security over complexity.
> 
> I'll be honest, i like libre software, but, libre software that is
> insecure, aka redhat's bs, openssl, java, etc... is barely better than
> proprietary software.
> 
> unix philosphy should have been kept in linux.  Because it wasn't,
> well... Linux and GNU for that matter are going to take a hit again and
> again, till they learn their damn lessons.
> 
> Very few linux people have learned this lesson.  Hyperbola is the only
> one I know of that realizes linux is a dead end. I would hope you guys
> would feel honored by this fact, but oh well.
> 
> Either way, I do have respect for you guys. Even if you don't realize it.
> 
> 
> On 04/14/2020 06:08 PM, zeurk...@volny.cz wrote:
> > theo wrote:
> >> What does this have to do with OpenBSD?
> > Alright, let's talk about leadership. Do you folks think Linus is a
> > better leader than Theo here?
> >
> > There, OpenBSD angle restored.
> >
> > (Yes, medoes wish that discussion about lunix et al. be toned down. Even
> >  so, mealso wishes that the passive-aggressive behaviour that theo just
> >  displayed here would stop.)
> >
> > Love && cuddles,
> >
> > --zeurkous.
> >
> > P.S.: Be careful what you wish for.
> >
> 

I see you guys are full of shit when it comes to one thing:

[zap]

you  think proprietary softwatre is secure as much as linux loves being
shit. 


I had hoped you guys had better self respect, and had some moral
integrity within. 

And if you think i sound sad for dissing GNU, I was going to hold this
back, but your fucking attitudes are shit as are your attempts to  block
software that could be useful just because you get into an argument with
people. (Palemoon) :P

Same with wine! 

Please by all means get me off your damn list.  You guys are as bad as
the linux organization. 

and while your all at it, since your unwilling to understand the truth
that proprietary software sucks, just go wank yourselves somewhere. 

I really don't care about  being on this list anymore.  You guys are
fucking heartless.  That's a fact.

And Theo, if I said anything nice about you, please forget I said
anything.  I don't take kindly to hostile assholes who refuse to be civil. 


Sigh... I guess trying to praise you for the good you guys do is just
not constructive.  I see you guys live in a bubble of your own choosing.

Wee proprietary software totally doesn't have any flaws or
weaknesses!  GNU has the right to be shit, same with Linux! and BSD can
refuse software that could otherwise benefit their users just because it
has a license you hate! GOD damn


Smell you later assholes.

Re: I see you guys are full of shit when it comes to one thing:

[zap]

Also, by all means, please do ban me if you want. I really couldn't care
less.  you guys need to get off your own pedestal.


On 04/15/20 01:25, zap wrote:
> you  think proprietary softwatre is secure as much as linux loves being
> shit. 
>
>
> I had hoped you guys had better self respect, and had some moral
> integrity within. 
>
> And if you think i sound sad for dissing GNU, I was going to hold this
> back, but your fucking attitudes are shit as are your attempts to  block
> software that could be useful just because you get into an argument with
> people. (Palemoon) :P
>
> Same with wine! 
>
> Please by all means get me off your damn list.  You guys are as bad as
> the linux organization. 
>
> and while your all at it, since your unwilling to understand the truth
> that proprietary software sucks, just go wank yourselves somewhere. 
>
> I really don't care about  being on this list anymore.  You guys are
> fucking heartless.  That's a fact.
>
> And Theo, if I said anything nice about you, please forget I said
> anything.  I don't take kindly to hostile assholes who refuse to be civil. 
>
>
> Sigh... I guess trying to praise you for the good you guys do is just
> not constructive.  I see you guys live in a bubble of your own choosing.
>
> Wee proprietary software totally doesn't have any flaws or
> weaknesses!  GNU has the right to be shit, same with Linux! and BSD can
> refuse software that could otherwise benefit their users just because it
> has a license you hate! GOD damn
>
>
> Smell you later assholes.
>