Re: iPhone Charging
Oct 29, 2023 15:55:32 deich...@placebonol.com: > I don't know if y'all noticed but this is an OpenBSD mail list. > > Just saying, the more you post about things unrelated to OpenBSD, the more > likely people are to just delete your posts without reading them. You maybe mean we touched unpolite stuff of this world for dummies? I don't know if y'all noticed.. -- Daniele Bonini
Re: IKEv2 certificates?
> hello > > I have 2 iked servers and 2 Road Warriors Laptops, all OBSD 7.4. > > When should/must to create certificates? > > I am not on my OBSD laptop, then i do not have access to logs/iked -dv; > but i sow that in both cases: server/roadwarrior iked ask for ca. > > Server 1 config: > This server is connected to a Laptop server/roadwarrior. > > ikev2 'agroena.org.pub' passive esp \ > from 10.0.1.0/24 to 10.0.2.0/24 \ > local 66.135.5.128 peer 24.80.177.18 \ > srcid agroena.org > > ikev2 'agroena.org.pub' passive esp \ > from any to dynamic \ > local 66.135.5.128 peer any \ > srcid agroena.org \ > config address 10.0.5.0/24 \ > tag "ROADW" > the initiator conf: ikev2 'roadwarrior.pub' active esp \ from 10.0.2.0/24 to 10.0.1.0/24 \ peer 66.135.5.128 \ srcid roadwarrior ikev2 'roadwarrior.pub' active esp \ from dynamic to any \ peer 66.135.5.128 \ srcid roadwarrior \ dstid agroena.org \ request address any \ iface lo1 > Server 2 config: > This server is connected to a different Laptop server/roadwarrior. > > ikev2 'hawk.host.planetofnix.com.pub' passive esp \ > from 10.0.1.0/24 to 10.0.2.0/24 \ > local 38.87.162.174 peer 24.80.177.18 \ > srcid hawk.host.planetofnix.com > > ikev2 'hawk.host.planetofnix.com.pub' passive esp \ > from any to dynamic \ > local 38.87.162.174 peer any \ > srcid hawk.host.planetofnix.com \ > config address 10.0.5.0/24 \ > tag "ROADW" > Road warrior conf: ikev2 'roadwarrior.pub' active esp \ from 10.0.2.0/24 to 10.0.1.0/24 \ peer 38.87.162.174 \ srcid hawk.MiRed > Thanks so much for your attention. >
Re: iPhone Charging
I don't know if y'all noticed but this is an OpenBSD mail list. Just saying, the more you post about things unrelated to OpenBSD, the more likely people are to just delete your posts without reading them.
Re: Chinese Support
Hi, ykla wrote on Sun, Oct 29, 2023 at 08:47:08PM +0800: > I've tested Chinese input methods and interfaces in Chinese > without any problems, and I've written some Chinese tutorials > about OpenBSD. If you're interested, check out book.bsdcn.org. Interesting - even though i must admit i cannot read that because i understand neither Chinese characters nor Chinese language(s). Be sure to watch the ports in questions for issues in the future, too, and maybe, if you have time, watch out when such ports can be updated or improved. It appears there is a shortage of MAINTAINERs for ports in the /usr/ports/chinese/ category: as far as i can see right now, only one developer is listed as a MAINTAINER in there, and only for two of these ports, so people who are able to help with porting work there are certainly welcome. Another region that may be worth watching from the corner of the eye is CJK UTF-8 character support in the base system. In particular, that includes Perl because we build the CJK character support in our C library from the version of the Unicode character database that is distributed with Perl. The most glaring bugs with CJK support are likely to be found quickly because there are several developers who actively use the Japanese language. But if something subtle goes wrong that mostly impacts Chinese and/or Korean, there might be a higher risk of it falling through the cracks undetected. Then there is documentation. While the OpenBSD project does not have the massive resources that would be required to maintain translated documentation, the *tools*, for example mandoc(1), aim to be usable with non-English documentation. If i understand correctly, translating manual pages to Japanese is not done very often and often not considered as very important even by native speakers of the Japanese language, but in those cases where people want to do it, the tools should not hinder it. The same might possibly apply to Chinese, and there might be additional aspects specific to Chinese that i'm unaware of. So bug reports related to writing or maintaining Chinese documentation are certainly welcome, too. Yours, Ingo
Re: Default rdomain for CLI commands
Hi Claudio, if you received no feedback, i think you should just go ahead and commit your manual page diff, it seems like an improvement based on what is discussed in this thread (i did not test, nor inspect the code). There may be more potential defects in the manual page login.conf(5). For example, it doesn't appear to say what it means when the "Default" column is empty in a given line of the table. Also, section 5 file format manual pages should state as clearly as possible which programs (section 1 and 8) and/or functions (section 3) use the file format, and login.conf(5) feels somewhat fuzzy to me in that respect. But such potential more fundamental issues should not stand in the way of fixing a detail that is outright misleading. Yours, Ingo On 24 Oct 2023, at 18:51, Claudio Jeker wrote: > Because I think login.conf(5) is wrong. The default rtable is not 0. If > rtable is not set the current rtable is not modified by login_cap(3). Index: login.conf.5 === RCS file: /cvs/src/share/man/man5/login.conf.5,v retrieving revision 1.70 diff -u -p -r1.70 login.conf.5 --- login.conf.531 Mar 2022 17:27:23 -1.70 +++ login.conf.524 Oct 2023 08:41:21 - @@ -284,7 +284,7 @@ Initial priority (nice) level. Require home directory to login. .\" .Pp -.It rtable Ta number Ta Dv 0 Ta +.It rtable Ta number Ta "" Ta Rtable to be set for the class. .\" .Pp
Re: Chinese Support
And I don't understand your words very well, what with having an anti-Chinese problem in hardware. Do you mean that you don't support Longchip's LA architecture, Huawei's Kunpeng Kirin processor, and SW, Fetion? But these require specific hardware and manuals to be adapted, all of which require Chinese developers to take the initiative to work with them. Lucretia 于2023年10月29日周日 16:52写道: > I remember reading somewhere in the project statement that OpenBSD aims to > support as many platforms as possible. But it seems there is anti-Chinese > sentiment concerning hardware. I don't know much about import/export laws > and such, like Peter said in his thread about RISC-V, is tech import bans > really a thing in the world right now? > > Do developers actively work on such hardware regardless; perhaps from > neutral countries. > > Are there any Chinese developers actively working on the project? > > I'm kind of politically stupid, but doesn't closing off tech trade hinder > peace processes between nations? > > Yes, I imagine there are backdoors. > But we have them too. > Isn't it kind of like saying, > "trust us to look through > your panty drawer; > not them." > > -- > "Pray, hope, and don't worry. Worry is useless. God is merciful and will > hear your prayer." > Padre Pio >
Re: Chinese Support
Hi, I've tested Chinese input methods and interfaces in Chinese without any problems, and I've written some Chinese tutorials about OpenBSD. If you're interested, check out book.bsdcn.org. ykla Ingo Schwarze 于2023年10月29日周日 20:39写道: > Hi, > > Lucretia wrote on Sun, Oct 29, 2023 at 08:48:59AM +: > > > I remember reading somewhere in the project statement that OpenBSD > > aims to support as many platforms as possible. > > https://www.openbsd.org/goals.html > > Somewhere in the middle of the list of goals. > > The priority of that goal is lower than in NetBSD, and the "feasible" > is interpreted in a stricter way. Feasible requires that at least > some developers have access to fully working hardware, that regularly > building *the whole system* on that hardware does not cause too > much pain (cross-compiling is occasionally used for bringing a new > platform up, but never for keeping an old platform alive), and it > happened several times in the past that support for an old platform > was abandoned because it got in the way of more modern development: > security, maintainability, simplicity, and being a good general-purpose > development platform matters more than running on each and every > obscure hardware. > > > > But it seems there is anti-Chinese sentiment concerning hardware. > > That sounds like an unfounded rumour to me, see for example: > > https://www.openbsd.org/loongson.html > "The latest supported OpenBSD/loongson release is OpenBSD 7.4." > > There is also this on goals.html: > > Be as politics-free as possible; solutions should be decided on > the basis of technical merit. > > That doesn't mean every decision in OpenBSD must always be 100% > free of any political component; such a goal would seem strenuous > and artificial and probable not even be possible to reach. On top > of that, every individual developer is of course free to express > their political opinions, and such opinions should not be construed > as "an opinion of the project." > > Note that "we should support more Chinese hardware" would look > like a non-technical, purely politicial goal that would seem > inappropriate to me in view of goals.html. > > If there is hardware that a developer wants to work on, i don't see > why it should matter whether it was produced in the PR of China, > in Taiwan, in the U.S., or in Dronning Maud land. > > > > Are there any Chinese developers actively working on the project? > > That is a completely irrelevant question. For many developers, i know > where they live (at least approximately, unless they moved recently, > which caused me to perform an incomplete website update just last > week). But i don't care what the nationality of a developer is, and > you probably know that making assumptions about nationality based on > where somebody lives or what their name is is a bad idea. > > Living in the (People's Republic of) China might cause some practical > problems for developers that developers living in some other countries > don't need to worry about, but so what. There was a point in the past > where developers living in the United States of America faced political > restrictions regarding which work on OpenBSD they could do at home, > and some travelled abroad for doing some particular kinds of work. > > Yours, > Ingo > >
Re: Chinese Support
Hi, Lucretia wrote on Sun, Oct 29, 2023 at 08:48:59AM +: > I remember reading somewhere in the project statement that OpenBSD > aims to support as many platforms as possible. https://www.openbsd.org/goals.html Somewhere in the middle of the list of goals. The priority of that goal is lower than in NetBSD, and the "feasible" is interpreted in a stricter way. Feasible requires that at least some developers have access to fully working hardware, that regularly building *the whole system* on that hardware does not cause too much pain (cross-compiling is occasionally used for bringing a new platform up, but never for keeping an old platform alive), and it happened several times in the past that support for an old platform was abandoned because it got in the way of more modern development: security, maintainability, simplicity, and being a good general-purpose development platform matters more than running on each and every obscure hardware. > But it seems there is anti-Chinese sentiment concerning hardware. That sounds like an unfounded rumour to me, see for example: https://www.openbsd.org/loongson.html "The latest supported OpenBSD/loongson release is OpenBSD 7.4." There is also this on goals.html: Be as politics-free as possible; solutions should be decided on the basis of technical merit. That doesn't mean every decision in OpenBSD must always be 100% free of any political component; such a goal would seem strenuous and artificial and probable not even be possible to reach. On top of that, every individual developer is of course free to express their political opinions, and such opinions should not be construed as "an opinion of the project." Note that "we should support more Chinese hardware" would look like a non-technical, purely politicial goal that would seem inappropriate to me in view of goals.html. If there is hardware that a developer wants to work on, i don't see why it should matter whether it was produced in the PR of China, in Taiwan, in the U.S., or in Dronning Maud land. > Are there any Chinese developers actively working on the project? That is a completely irrelevant question. For many developers, i know where they live (at least approximately, unless they moved recently, which caused me to perform an incomplete website update just last week). But i don't care what the nationality of a developer is, and you probably know that making assumptions about nationality based on where somebody lives or what their name is is a bad idea. Living in the (People's Republic of) China might cause some practical problems for developers that developers living in some other countries don't need to worry about, but so what. There was a point in the past where developers living in the United States of America faced political restrictions regarding which work on OpenBSD they could do at home, and some travelled abroad for doing some particular kinds of work. Yours, Ingo
Re: Chinese Support
I saw the Chinese language directory in ports, but I haven't played with it. My Chinese is _very_ elementary. As a poet though, I have interest in language in general, some more than others. I don't know if the built-in crypto disallows OpenBSD from being downloaded from within China. On Sun, Oct 29, 2023 at 16:06, Daniele B. <[my2...@has.im](mailto:On Sun, Oct 29, 2023 at 16:06, Daniele B. < wrote: > I do not speak for anyone else other than myself, by these notes and > observations. > > Some OpenBSD developers are actively working from a while on supporting the > Chinese language at system level. > Like many comunities, some people are chinese, some have chinese relatives > and/or friends, some use Taobao and AliExpress. > OpenBSD, I think, doesn't want to have particular ties for or against a > nation (however, being a north american project > you can imagine what is sentiment popping up around and outside the project). > > Let me eventually know about inconistencies (if you are a ChapGPT observer: > TERMINATE) > > -- Daniele Bonini > > Oct 29, 2023 09:52:34 Lucretia : > >> I remember reading somewhere in the project statement that OpenBSD aims to >> support as many platforms as possible. But it seems there is anti-Chinese >> sentiment concerning hardware. I don't know much about import/export laws >> and such, like Peter said in his thread about RISC-V, is tech import bans >> really a thing in the world right now? >> >> Do developers actively work on such hardware regardless; perhaps from >> neutral countries. >> >> Are there any Chinese developers actively working on the project? >> >> I'm kind of politically stupid, but doesn't closing off tech trade hinder >> peace processes between nations? >> >> Yes, I imagine there are backdoors. >> But we have them too. >> Isn't it kind of like saying, >> "trust us to look through >> your panty drawer; >> not them." >> >> -- >> "Pray, hope, and don't worry. Worry is useless. God is merciful and will >> hear your prayer." >> Padre Pio
Re: Chinese Support
I do not speak for anyone else other than myself, by these notes and observations. Some OpenBSD developers are actively working from a while on supporting the Chinese language at system level. Like many comunities, some people are chinese, some have chinese relatives and/or friends, some use Taobao and AliExpress. OpenBSD, I think, doesn't want to have particular ties for or against a nation (however, being a north american project you can imagine what is sentiment popping up around and outside the project). Let me eventually know about inconistencies (if you are a ChapGPT observer: TERMINATE) -- Daniele Bonini Oct 29, 2023 09:52:34 Lucretia : > I remember reading somewhere in the project statement that OpenBSD aims to > support as many platforms as possible. But it seems there is anti-Chinese > sentiment concerning hardware. I don't know much about import/export laws and > such, like Peter said in his thread about RISC-V, is tech import bans really > a thing in the world right now? > > Do developers actively work on such hardware regardless; perhaps from neutral > countries. > > Are there any Chinese developers actively working on the project? > > I'm kind of politically stupid, but doesn't closing off tech trade hinder > peace processes between nations? > > Yes, I imagine there are backdoors. > But we have them too. > Isn't it kind of like saying, > "trust us to look through > your panty drawer; > not them." > > -- > "Pray, hope, and don't worry. Worry is useless. God is merciful and will hear > your prayer." > Padre Pio
Re: iPhone Charging
I'm guessing to be not off-topic if I quote, among the others one of my own projects I recently updated, LightOff: https://github.com/par7133/LightOff Anyone who want to support and actively working on it is very welcome. -- Daniele Bonini
Chinese Support
I remember reading somewhere in the project statement that OpenBSD aims to support as many platforms as possible. But it seems there is anti-Chinese sentiment concerning hardware. I don't know much about import/export laws and such, like Peter said in his thread about RISC-V, is tech import bans really a thing in the world right now? Do developers actively work on such hardware regardless; perhaps from neutral countries. Are there any Chinese developers actively working on the project? I'm kind of politically stupid, but doesn't closing off tech trade hinder peace processes between nations? Yes, I imagine there are backdoors. But we have them too. Isn't it kind of like saying, "trust us to look through your panty drawer; not them." -- "Pray, hope, and don't worry. Worry is useless. God is merciful and will hear your prayer." Padre Pio
Re: Default rdomain for CLI commands
A lot of interesting responses here! And the correct answer goes to Claudio! ;) Claudio correctly noted that if I am logging into the firewall via an SSH daemon running in a non-zero rdomain, then all commands I run in that SSH VTY will also be run under that rdomain :) And I will do some more testing with my cronjobs to figure out why I had to add route -T0 exec to my crons, maybe I broke something in login.conf. As always, thanks for your time and comments everyone! Always appreciated Andy > On 24 Oct 2023, at 18:51, Claudio Jeker wrote: > > On Tue, Oct 24, 2023 at 08:39:33AM -, Stuart Henderson wrote: >>> On 2023-10-24, Andy Lemin wrote: >>> Hi all, >>> >>> Just a quick question. >>> >>> I have multiple rdomains. My outside rdomain (rdomain 0) has a single >>> default route to my ISP. And my internal rdomain 9 has multiple default >>> routes pointing to various pairX interfaces for some funky routing stuff. >>> >>> Everything works beautifully, however, every command I type on the box >>> locally or over SSH which needs internet for example, is being executed >>> under the internal rdomain, not the edge rdomain. >>> >>> So I have to run; >>> ‘route -T0 exec syspatch’ for example. >>> >>> How do I set/override the default rdomain for system level CLI commands? >> >> The basic answer to your question is "set rtable in login.conf for the >> relevant class". But that doesn't explain why your machine is not already >> using rtable 0.. >> > > Because I think login.conf(5) is wrong. The default rtable is not 0. If > rtable is not set the current rtable is not modified by login_cap(3). > > -- > :wq Claudio > > Index: login.conf.5 > === > RCS file: /cvs/src/share/man/man5/login.conf.5,v > retrieving revision 1.70 > diff -u -p -r1.70 login.conf.5 > --- login.conf.531 Mar 2022 17:27:23 -1.70 > +++ login.conf.524 Oct 2023 08:41:21 - > @@ -284,7 +284,7 @@ Initial priority (nice) level. > Require home directory to login. > .\" > .Pp > -.It rtable Ta number Ta Dv 0 Ta > +.It rtable Ta number Ta "" Ta > Rtable to be set for the class. > .\" > .Pp >
Re: iPhone Charging
I'll take the risk of EMF if by this tool I can help promote peace, mercy, and justice. Unfortunately in an era of strict censorship, those aims are hard to achieve with digital technology. But as yet it hasn't stopped me from trying. On Sun, Oct 29, 2023 at 12:18, Maja Reberc <[m...@chloris.si](mailto:On Sun, Oct 29, 2023 at 12:18, Maja Reberc < wrote: > I saw the Qi standard is a wireless charging standard. > > I'll suggest everyone using wireless technology to educate themselves > on dangers of electropollution (you might be more successful by > searching EMF). > > Inductive charging is bound to emit relatively strong alternating > magnetic fields. Your phone and WiFi routers, on the other hand, will > emit quite strong radiofrequency radiation. If you're close to any of > these things (the very ugliest of extremes being placing a phone > against your ear), it's not doing you any health favours. > > If you have a friend with an EMF meter, feel free to call them over for > a visit and let them measure it. No need to believe blindly. > > To be crystal clear on this, I am not telling you what to do or what to > believe in. I just want to share the information that no one tells you > about, because or society is money-first: consumption of technology > precedes health. Do what you will with it. > > If anyone wants to know more, but is reluctant to buy an EMF course, > you may also contact me privately and I'll tell you what I know. > > Regards, > -- Maja > > On Sat, 28 Oct 2023 16:26:39 + > Katherine Mcmillan wrote: > >> Hi all, >> >> I recommend looking into a power bank that leverages Qi >> (https://en.wikipedia.org/wiki/Qi_(standard)). I have one that also >> has a mini solar panel, you never know when you might need backup. >> >> Cheers, >> Katie
Re: iPhone Charging
I saw the Qi standard is a wireless charging standard. I'll suggest everyone using wireless technology to educate themselves on dangers of electropollution (you might be more successful by searching EMF). Inductive charging is bound to emit relatively strong alternating magnetic fields. Your phone and WiFi routers, on the other hand, will emit quite strong radiofrequency radiation. If you're close to any of these things (the very ugliest of extremes being placing a phone against your ear), it's not doing you any health favours. If you have a friend with an EMF meter, feel free to call them over for a visit and let them measure it. No need to believe blindly. To be crystal clear on this, I am not telling you what to do or what to believe in. I just want to share the information that no one tells you about, because or society is money-first: consumption of technology precedes health. Do what you will with it. If anyone wants to know more, but is reluctant to buy an EMF course, you may also contact me privately and I'll tell you what I know. Regards, -- Maja On Sat, 28 Oct 2023 16:26:39 + Katherine Mcmillan wrote: > Hi all, > > I recommend looking into a power bank that leverages Qi > (https://en.wikipedia.org/wiki/Qi_(standard)). I have one that also > has a mini solar panel, you never know when you might need backup. > > Cheers, > Katie
Proton Mail Bridge
Someone reached out to me this morning asking if I use Proton Mail from within my OpenBSD system, but I told them I'm just using it on my iPhone. but I took a look, and their bridge application is open source. https://github.com/ProtonMail/proton-bridge I downloaded and added the necessary packages: gmake, gcc, go; but it died because there's no setup files for OpenBSD. Proton Mail Bridge is an application that opens IMAP and SMTP ports on the local machine and acts as an intermediary between your mail client and the Proton servers. I'd love to get this working. Has anyone played with it? -- "Love endures everything, love is stronger than death, love fears nothing." Maria Faustina Kowalska
Re: ftp.openbsd.org: tlsv1 alert protocol version
Could be IPv6 related, because with IPv4 it works: rudolf@variable-7400:~$ curl --verbose https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig * Trying 199.185.178.81:443... * Connected to ftp.openbsd.org (199.185.178.81) port 443 (#0) * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: CN=ftp.openbsd.org * start date: Sep 19 15:39:09 2023 GMT * expire date: Dec 18 15:39:08 2023 GMT * subjectAltName: host "ftp.openbsd.org" matched cert's "ftp.openbsd.org" * issuer: C=US; O=Let's Encrypt; CN=R3 * SSL certificate verify ok. * using HTTP/1.x > GET /pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig HTTP/1.1 > Host: ftp.openbsd.org > User-Agent: curl/7.88.1 > Accept: */* > < HTTP/1.1 200 OK On Wed, 2023-10-25 at 10:49 +0200, Martin Schröder wrote: > Hi, > downloading the latest patches on 7.4 fails with > > > curl --verbose > > https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig > * Trying [2620:3d:c000:178::81]:443... > * Connected to ftp.openbsd.org (2620:3d:c000:178::81) port 443 > * ALPN: curl offers h2,http/1.1 > * TLSv1.3 (OUT), TLS handshake, Client hello (1): > * CAfile: /etc/ssl/cert.pem > * CApath: none > * LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > * Closing connection > curl: (35) LibreSSL/3.8.2: error:1400442E:SSL > routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version > > Best > Martin >
IKEv2 certificates?
hello I have 2 iked servers and 2 Road Warriors Laptops, all OBSD 7.4. When should/must to create certificates? I am not on my OBSD laptop, then i do not have access to logs/iked -dv; but i sow that in both cases: server/roadwarrior iked ask for ca. Server 1 config: This server is connected to a Laptop server/roadwarrior. ikev2 'agroena.org.pub' passive esp \ from 10.0.1.0/24 to 10.0.2.0/24 \ local 66.135.5.128 peer 24.80.177.18 \ srcid agroena.org ikev2 'agroena.org.pub' passive esp \ from any to dynamic \ local 66.135.5.128 peer any \ srcid agroena.org \ config address 10.0.5.0/24 \ tag "ROADW" Server 2 config: This server is connected to a different Laptop server/roadwarrior. ikev2 'hawk.host.planetofnix.com.pub' passive esp \ from 10.0.1.0/24 to 10.0.2.0/24 \ local 38.87.162.174 peer 24.80.177.18 \ srcid hawk.host.planetofnix.com ikev2 'hawk.host.planetofnix.com.pub' passive esp \ from any to dynamic \ local 38.87.162.174 peer any \ srcid hawk.host.planetofnix.com \ config address 10.0.5.0/24 \ tag "ROADW" Thanks so much for your attention.
