Re: ftp.openbsd.org: tlsv1 alert protocol version
Could be IPv6 related, because with IPv4 it works: rudolf@variable-7400:~$ curl --verbose https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig * Trying 199.185.178.81:443... * Connected to ftp.openbsd.org (199.185.178.81) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=ftp.openbsd.org * start date: Sep 19 15:39:09 2023 GMT * expire date: Dec 18 15:39:08 2023 GMT * subjectAltName: host "ftp.openbsd.org" matched cert's "ftp.openbsd.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * using HTTP/1.x > GET /pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig HTTP/1.1 > Host: ftp.openbsd.org > User-Agent: curl/7.88.1 > Accept: */* > < HTTP/1.1 200 OK On Wed, 2023-10-25 at 10:49 +0200, Martin Schröder wrote: > Hi, > downloading the latest patches on 7.4 fails with > > > curl --verbose > > https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig > * Trying [2620:3d:c000:178::81]:443... > * Connected to ftp.openbsd.org (2620:3d:c000:178::81) port 443 > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * CAfile: /etc/ssl/cert.pem > * CApath: none > * LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > * Closing connection > curl: (35) LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > > Best > Martin >
IKEv2 certificates?
hello I have 2 iked servers and 2 Road Warriors Laptops, all OBSD 7.4. When should/must to create certificates? I am not on my OBSD laptop, then i do not have access to logs/iked -dv; but i sow that in both cases: server/roadwarrior iked ask for ca. Server 1 config: This server is connected to a Laptop server/roadwarrior. ikev2 'agroena.org.pub' passive esp \ from 10.0.1.0/24 to 10.0.2.0/24 \ local 66.135.5.128 peer 24.80.177.18 \ srcid agroena.org ikev2 'agroena.org.pub' passive esp \ from any to dynamic \ local 66.135.5.128 peer any \ srcid agroena.org \ config address 10.0.5.0/24 \ tag "ROADW" Server 2 config: This server is connected to a different Laptop server/roadwarrior. ikev2 'hawk.host.planetofnix.com.pub' passive esp \ from 10.0.1.0/24 to 10.0.2.0/24 \ local 38.87.162.174 peer 24.80.177.18 \ srcid hawk.host.planetofnix.com ikev2 'hawk.host.planetofnix.com.pub' passive esp \ from any to dynamic \ local 38.87.162.174 peer any \ srcid hawk.host.planetofnix.com \ config address 10.0.5.0/24 \ tag "ROADW" Thanks so much for your attention.
a haiku
Regression testing, finding failures in software; the guts and glory. -- "Peace begins with a smile." Mother Teresa
Re: pine64-lts (aarch64) bsd.mp panics on boot
Somebody claiming to be Dave Vandervies wrote: > After upgrading to 7.4, my pine64-lts box failed to boot bsd.mp on > two out of two tries, with an identical panic message both times: > (see below for full (u-boot + kernel + ddb) boot log of the panic > and dmesg from bsd.sp which does boot) Ahh, here's some interesting additional information: If I turn off the external USB disk I have attached to this box before booting, and turn it back on once the boot finishes, bsd.mp also boots without panicking. Here's the dmesg from a succesful bsd.mp boot: OpenBSD 7.4 (GENERIC.MP) #2273: Tue Oct 10 09:45:06 MDT 2023 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 2027782144 (1933MB) avail mem = 1928839168 (1839MB) random: good seed from bootblocks mainbus0 at root: Pine64 LTS psci0 at mainbus0: PSCI 1.1, SMCCC 1.2 efi0 at mainbus0: UEFI 2.8 efi0: Das U-Boot rev 0x20211000 smbios0 at efi0: SMBIOS 3.0 smbios0: vendor U-Boot version "2021.10" date 10/01/2021 smbios0: Unknown Unknown Product cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu0: 512KB 64b/line 16-way L2 cache cpu0: CRC32,SHA2,SHA1,AES+PMULL,ASID16 cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu1: 512KB 64b/line 16-way L2 cache cpu1: CRC32,SHA2,SHA1,AES+PMULL,ASID16 cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu2: 512KB 64b/line 16-way L2 cache cpu2: CRC32,SHA2,SHA1,AES+PMULL,ASID16 cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu3: 512KB 64b/line 16-way L2 cache cpu3: CRC32,SHA2,SHA1,AES+PMULL,ASID16 apm0 at mainbus0 "display-engine" at mainbus0 not configured "osc24M_clk" at mainbus0 not configured "osc32k_clk" at mainbus0 not configured "pmu" at mainbus0 not configured simpleaudio0 at mainbus0 agtimer0 at mainbus0: 24000 kHz simplebus0 at mainbus0: "soc" sxisyscon0 at simplebus0 sxisid0 at simplebus0 sxiccmu0 at simplebus0 sxipio0 at simplebus0: 103 pins ampintc0 at simplebus0 nirq 224, ncpu 4 ipi: 0, 1, 2: "interrupt-controller" sxirtc0 at simplebus0 sxiccmu1 at simplebus0 sxipio1 at simplebus0: 13 pins sxirsb0 at simplebus0 axppmic0 at sxirsb0 addr 0x3a3: AXP803 "bus" at simplebus0 not configured "dma-controller" at simplebus0 not configured "lcd-controller" at simplebus0 not configured "lcd-controller" at simplebus0 not configured "video-codec" at simplebus0 not configured sximmc0 at simplebus0 sdmmc0 at sximmc0: 4-bit, sd high-speed, mmc high-speed, dma sximmc1 at simplebus0 sdmmc1 at sximmc1: 8-bit, sd high-speed, mmc high-speed, dma "crypto" at simplebus0 not configured "mailbox" at simplebus0 not configured "usb" at simplebus0 not configured "phy" at simplebus0 not configured ehci0 at simplebus0 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Generic EHCI root hub" rev 2.00/1.00 addr 1 ohci0 at simplebus0: version 1.0 ehci1 at simplebus0 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Generic EHCI root hub" rev 2.00/1.00 addr 1 ohci1 at simplebus0: version 1.0 "timer" at simplebus0 not configured sxidog0 at simplebus0 "dai" at simplebus0 not configured "codec" at simplebus0 not configured sxitemp0 at simplebus0 com0 at simplebus0: dw16550 com0: console "spi" at simplebus0 not configured dwxe0 at simplebus0: address 02:bc:b8:a1:ec:e9 rgephy0 at dwxe0 phy 1: RTL8169S/8110S/8211 PHY, rev. 5 "gpu" at simplebus0 not configured "dram-controller" at simplebus0 not configured "deinterlace" at simplebus0 not configured "hdmi" at simplebus0 not configured "hdmi-phy" at simplebus0 not configured sxirintc0 at simplebus0 "codec-analog" at simplebus0 not configured gpio0 at sxipio0: 32 pins gpio1 at sxipio0: 32 pins gpio2 at sxipio0: 32 pins gpio3 at sxipio0: 32 pins gpio4 at sxipio0: 32 pins gpio5 at sxipio0: 32 pins gpio6 at sxipio0: 32 pins gpio7 at sxipio0: 32 pins gpio8 at sxipio1: 32 pins usb2 at ohci0: USB revision 1.0 uhub2 at usb2 configuration 1 interface 0 "Generic OHCI root hub" rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 configuration 1 interface 0 "Generic OHCI root hub" rev 1.00/1.00 addr 1 "opp_table0" at mainbus0 not configured "hdmi-connector" at mainbus0 not configured "vcc1v8" at mainbus0 not configured gpioleds0 at mainbus0: no LEDs simplefb0 at mainbus0: 1920x1080, 32bpp wsdisplay0 at simplefb0 mux 1 wsdisplay0: screen 0-5 added (std, vt100 emulation) sdmmc0: can't enable card scsibus0 at sdmmc1: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: removable sd0: 59000MB, 512 bytes/sector, 120832000 sectors uhub4 at uhub1 port 1 configuration 1 interface 0 "VIA Labs, Inc. USB2.0 Hub" rev 2.10/2.14 addr 2 uhidev0 at uhub4 port 2 configuration 1 interface 0 "Unicomp Endura Pro Keyboard" rev 1.10/43.34 addr 3 uhidev
Re: PineView not using the whole screen
zeloff wrote: > > Do you consider dangerous chflags to immutable /etc/bsd.re-config > > for the purpose eg. of a system rescue? > No. Received, thanks a lot. -- Daniele Bonini
Re: PineView not using the whole screen
> Do you consider dangerous chflags to immutable /etc/bsd.re-config for the > purpose eg. of a system rescue?No.--(sent from my phone apologies for shitty > formatting)
Re: PineView not using the whole screen
Zé Loff wrote: > man config > man boot_config > man bsd.re-config Do you consider dangerous chflags to immutable /etc/bsd.re-config for the purpose eg. of a system rescue ? -- Daniele Bonini
Re: iPhone Charging
Chinese tech is great, Katherine! But I never used much of it except for a little Huawei 4G modem that my roommate gave me. I also love American tech. My favorite laptop is an HP. And of course I own an iPhone. But for all the blessings of technology, it often gets misused and abused. I don't have much to keep private; I pour out my heart and soul into poetry. But I'm still passionate about the right to privacy. Just like I was and still am passionate about freedom of speech and expression. I've been forcibly committed for praying the rosary on the sidewalk, and then in the mental ward injected and detained for praying the rosary in the commons area. I've also been banned by Facebook and Instagram for speaking out against war. I think there's something wrong with a system that silences people for trying to correct social/political bugs. On Sat, Oct 28, 2023 at 22:26, Katherine Mcmillan <[kmcmi...@uottawa.ca](mailto:On Sat, Oct 28, 2023 at 22:26, Katherine Mcmillan < wrote: > Hi all, > > I recommend looking into a power bank that leverages Qi > (https://en.wikipedia.org/wiki/Qi_(standard)). I have one that also has a > mini solar panel, you never know when you might need backup. > > Cheers, > Katie > > --- > > From: owner-m...@openbsd.org on behalf of Lucretia > > Sent: 28 October 2023 04:52 > To: David ; misc@openbsd.org > Subject: Re: iPhone Charging > > Attention : courriel externe | external email > >> It doesn't even need to be plugged in. >> There have been instances where the proximity of a mobile phone to a >> computer has been sufficient to access ... > > I don't have much to hide, but I love learning about security. We learned > very little about practical security during my four years as an infosec > major, it was mostly the bureacratic paperwork type stuff. > > I'm interested in learning, especially as relates to OpenBSD in particular, > if you have and not-too-technical resources for me. > > I try to do a decent job of locking things down, but I'm far from paranoid > about it. I've had my phone hacked by malicious people in the past. I was > target because I had a high profile social media presence during the days of > Google+ being a thing.
Re: iPhone Charging
Hi all, I recommend looking into a power bank that leverages Qi (https://en.wikipedia.org/wiki/Qi_(standard)). I have one that also has a mini solar panel, you never know when you might need backup. Cheers, Katie From: owner-m...@openbsd.org on behalf of Lucretia Sent: 28 October 2023 04:52 To: David ; misc@openbsd.org Subject: Re: iPhone Charging Attention : courriel externe | external email > It doesn't even need to be plugged in. > There have been instances where the proximity of a mobile phone to a > computer has been sufficient to access ... I don't have much to hide, but I love learning about security. We learned very little about practical security during my four years as an infosec major, it was mostly the bureacratic paperwork type stuff. I'm interested in learning, especially as relates to OpenBSD in particular, if you have and not-too-technical resources for me. I try to do a decent job of locking things down, but I'm far from paranoid about it. I've had my phone hacked by malicious people in the past. I was target because I had a high profile social media presence during the days of Google+ being a thing.
Re: curl-8.4.0 pulled from 7.3/packages-stable/amd64?
Thanks for the explanation! > the -stable build machines are now on 7.4 so they can't be re-created I believe I have a more recent backup than you restored, at least for some of the packages. Would the project be interested in those? -Bryce On Sat, Oct 28, 2023 at 03:21 Stuart Henderson wrote: > On 2023-10-27, Bryce Chidester wrote: > > Hey all, > > Can anyone confirm that curl-8.4.0.tgz was yanked from the > > 7.3/packages-stable/amd64? > > I'm certain it was there at some point because I have it installed on > > some of my 7.3 systems. But it's not there now. I've checked both > > cdn.openbsd.org and ftp.openbsd.org, as well as some other mirrors at > > random. > > Any idea what happened? > > The version I have installed seems to be working fine, but I'm left > > wondering if I need to downgrade for some reason. > > No need to downgrade. > > This was due to a typo when signing new packages, the backup I replaced > them with was from before curl-8.4.0 was built (the -stable build > machines are now on 7.4 so they can't be re-created). > > > PS: Just noticed at least one mirror still has it, mirrors.mit.edu > > Not on that one any more either. > >
Re: curl-8.4.0 pulled from 7.3/packages-stable/amd64?
On 2023-10-27, Bryce Chidester wrote: > Hey all, > Can anyone confirm that curl-8.4.0.tgz was yanked from the > 7.3/packages-stable/amd64? > I'm certain it was there at some point because I have it installed on > some of my 7.3 systems. But it's not there now. I've checked both > cdn.openbsd.org and ftp.openbsd.org, as well as some other mirrors at > random. > Any idea what happened? > The version I have installed seems to be working fine, but I'm left > wondering if I need to downgrade for some reason. No need to downgrade. This was due to a typo when signing new packages, the backup I replaced them with was from before curl-8.4.0 was built (the -stable build machines are now on 7.4 so they can't be re-created). > PS: Just noticed at least one mirror still has it, mirrors.mit.edu Not on that one any more either.
Re: iPhone Charging
> It doesn't even need to be plugged in. > There have been instances where the proximity of a mobile phone to a > computer has been sufficient to access ... I don't have much to hide, but I love learning about security. We learned very little about practical security during my four years as an infosec major, it was mostly the bureacratic paperwork type stuff. I'm interested in learning, especially as relates to OpenBSD in particular, if you have and not-too-technical resources for me. I try to do a decent job of locking things down, but I'm far from paranoid about it. I've had my phone hacked by malicious people in the past. I was target because I had a high profile social media presence during the days of Google+ being a thing.
Re: iPhone Charging
On Sat, 2023-10-28 at 06:33 +, Lucretia wrote: > From a security perspective, how dangerous is it to plug in my iPhone > into the USB port on my laptop? > > I only have one charging cable, so I use my laptop to charge it, not > having the correct wall adapter. I've skimmed material about Vault 7 > and know The CIA actively develops tools which compromise Apple > iPhones, and probably some of those tools get leaked. It's bad enough the CIA has them. And not just the CIA. iPhone are renowned for having a backdoor the FBI access. This is actually the real reason they don't like Huawei. They can't access them. > > Can an iPhone plugged into the USB port be a potential security risk? > I assume so, but I haven't gotten around to buying a wall adapter. > Not that I have much which would interest hackers on my laptops, > mostly just lists of prayers. It doesn't even need to be plugged in. There have been instances where the proximity of a mobile phone to a computer has been sufficient to access computer passwords. Cheers! -- `I intend to live forever, or die trying'. --Groucho Marx
Re: iPhone Charging
On Sat, 2023-10-28 at 06:55 +, Lucretia wrote: > So there's no way an iPhone plugged into USB could be used as a > hacking tool? I would think that the possibility exists. I'd like to > understand more the why if anyone has time to explain. > > It doesn't just charge, it connects to the system as a couple of > devices in my dmesg: uaudio0, ugen1. Is it possible it could be > manipulated to act as a USB keyboard or some other kind of > potentially dangerous USB input? > > I know the risk would be very low, but is it possible? It would be quite possible. Cheers! > > On Sat, Oct 28, 2023 at 12:46, Peter J. Philipp > <[p...@delphinusdns.org](mailto:On Sat, Oct 28, 2023 at 12:46, Peter > J. Philipp < wrote: > > > On Sat, Oct 28, 2023 at 06:33:59AM +, Lucretia wrote: > > > From a security perspective, how dangerous is it to plug in my > > > iPhone into the USB port on my laptop? > > > > > > I only have one charging cable, so I use my laptop to charge it, > > > not having the correct wall adapter. I've skimmed material about > > > Vault 7 and know The CIA actively develops tools which compromise > > > Apple iPhones, and probably some of those tools get leaked. > > > > > > Can an iPhone plugged into the USB port be a potential security > > > risk? I assume so, but I haven't gotten around to buying a wall > > > adapter. Not that I have much which would interest hackers on my > > > laptops, mostly just lists of prayers. > > > > No it's perfectly safe. Go on. Do know that you get only a certain > > amount > > of amps though, a dedicated charger is probably a bit better. > > > > Best Regards, > > -peter > > > > -- > > Over thirty years experience on Unix-like Operating Systems > > starting with QNX. -- `I intend to live forever, or die trying'. --Groucho Marx
Re: iPhone Charging
Lucretia : > uaudio0, ugen1. Is it possible it could be manipulated to act as a USB > keyboard or some other kind of potentially dangerous USB input? I guess the question can be turned in: what does OpenBSD under the wood to avoid uaudio0 or ugen1 get transformed in a nice passage to hack my whole system? Eg. I know some of us go around with OpenBSD on usb sticks but our equipment on the desk is safe from usb tools like eg. micro usb equipment inserted in our usb hub? What countermeasure OpenBSD have to these kind of physical penetrations using the usb stack? Finally are uaudio but mainly ugen stress tested to avoid that? Great question indeed, Lucretia!
Re: iPhone Charging
It is absolutely save, if you use a charging cable and not a date cable. Here is the first hit for my search with the keywords: USB charging cable vs data cable https://www.dignited.com/50330/usb-data-cable-vs-usb-charging-cable/ Best regards, Gábor 10/28/2023 8:55 AM keltezéssel, Lucretia írta: So there's no way an iPhone plugged into USB could be used as a hacking tool? I would think that the possibility exists. I'd like to understand more the why if anyone has time to explain. It doesn't just charge, it connects to the system as a couple of devices in my dmesg: uaudio0, ugen1. Is it possible it could be manipulated to act as a USB keyboard or some other kind of potentially dangerous USB input? I know the risk would be very low, but is it possible? On Sat, Oct 28, 2023 at 12:46, Peter J. Philipp <[p...@delphinusdns.org](mailto:On Sat, Oct 28, 2023 at 12:46, Peter J. Philipp < wrote: On Sat, Oct 28, 2023 at 06:33:59AM +, Lucretia wrote: From a security perspective, how dangerous is it to plug in my iPhone into the USB port on my laptop? I only have one charging cable, so I use my laptop to charge it, not having the correct wall adapter. I've skimmed material about Vault 7 and know The CIA actively develops tools which compromise Apple iPhones, and probably some of those tools get leaked. Can an iPhone plugged into the USB port be a potential security risk? I assume so, but I haven't gotten around to buying a wall adapter. Not that I have much which would interest hackers on my laptops, mostly just lists of prayers. No it's perfectly safe. Go on. Do know that you get only a certain amount of amps though, a dedicated charger is probably a bit better. Best Regards, -peter -- Over thirty years experience on Unix-like Operating Systems starting with QNX.
