State of ACPI in OpenBSD

[Anton Karpov]

Among other new features in 3.8 I've noticed acpid(8) daemon and
manpage. According to manpage, "The acpid command appeared in OpenBSD
3.8" and "/etc/acpi/suspend and /etc/acpi/powerdown are the files that
contain the host's customized actions". But there is no /etc/acpi
directory. And there is no any notices about acpid at
http://www.openbsd.org/38.html.
So what about ACPI in OpenBSD for now? Is acpid(8) and its manpage
only a stub for future functionality?

Re: 3.9 song released

[Anton Karpov]

Perfect! this song is definitively hit my car audio system for the next few
days!
guys, you are the best.

Re: security hole in sendmail

[Anton Karpov]

does that mean that we've got a second remote hole? Don't kick my ass.


AFAIK, even if this is a remote hole in sendmail, OpenBSD exploits
mitigation techniques makes this hole hardly (if even possible) exploitable
in OpenBSD. Am I right? Although this is an integer overflow, not buffer
overflow...

Theo is a Blogger :-)

[Anton Karpov]

For those who didn't see it yet: http://deraadt.livejournal.com/
Theo has a blog on livejournal, woo-h! Add him to your friends right
now, hehehe :)

P.S.: April, 1st  ;)

Re: When would you NOT use OpenBSD?

[Anton Karpov]

> When would you NOT use OpenBSD?
>
> When would you choose one of the other *nix over OpenBSD?



I'm NOT using OpenBSD on my laptop, it's powered by FreeBSD instead.
Basically this is due to lack of acpi and bluetooth support in OpenBSD.

Re: Compilers make a system less secure?

[Anton Karpov]

Maybe, because in some cases, it just takes a bit more time to 0wn your box
if it has no compiler installed.


02 May 2006 16:21:41 +1200, josh <[EMAIL PROTECTED]>:
>
> Hello...
>
> Some people seem to think that installing a compiler inherently makes
> their system less secure... despite never being able to cite any actual
> reasons why.

Re: Compilers make a system less secure?

[Anton Karpov]

Imagine the typical situation: an attacker get non-root access to your
system, maybe due to the hole in your network daemon foobard, maybe due to
the badly coded cgi,  or maybe he is a legitimate shell user.  The next his
step is to get full privileges, e.g. root account. Let suppose he has a l33t
pr1v4t3 spl01t which exploits local vulnerability in your system. He
transfers source code to your box, and, with compiler onboard, he ./0wns
you.
But what if your system has no compiler? When attacker should compile his
sploit anywhere, and transfer binary evil code onto your box. E.g. he has to
have access to the similar machine, maybe with similas OS version and arch.
He has to transfer binary to your box properly, leaving your logfiles silent
(it's not so easy to transfer binary file, like text one: cat > sploit.c ^D,
right?). Anyhow, it TAKES TIME for him to do the job.
Maybe, that's why people think box without compiler is a little bit safer?

2006/5/2, Nick Holland <[EMAIL PROTECTED]>:
>
> Anton Karpov wrote:
> > Maybe, because in some cases, it just takes a bit more time to 0wn your
> box
> > if it has no compiler installed.
>
> Bull.
>
> I've never heard of someone taking over a box using a compiler.  After
> all,
> the compiler is not exposed to the outside world.  At most, they build
> some
> tools on the system AFTER the takeover.  But that's hardly the only way to
> get those tools on the system.
>
> scp works very nicely.
> ftp works very nicely.
> http works very nicely.
>
> After all...why download and compile tools when you can just download the
> pre-compiled tools?  If you can't download the pre-compiled binaries, you
> won't be downloading the source, either.

Re: Compilers make a system less secure?

[Anton Karpov]

> If he can break in as a lowly user uname -a will tell him what it is
> anyway. And don't tell me we should disable that command or cause it to
> lie because then I'll shoot you down another way.



Re-read my message, please. I didn't tell he cannot stat os version and
arch. But he may has to find similar os version and arch, to compile his
code.


>
> Back to the circus, Anton, you ain't funny any more. Pathetic is more
> like it.



Yeah, but you ARE quite funny. The man who cannot read emails carefully is
always funny

Re: Compilers make a system less secure?

[Anton Karpov]

> > Maybe, because in some cases, it just takes a bit more time to 0wn your
> box
> > if it has no compiler installed.
> No, not at all. You can't attack a compiler, it's not accessable from
> the outside.



Noone here talks about attacking a compiler ;)  We're discussing differences
for attacker, depending on compiler available or not.

Re: Compilers make a system less secure?

[Anton Karpov]

2006/5/2, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
>
> Anton Karpov wrote:
> >
> > Noone here talks about attacking a compiler ;)  We're discussing
> > differences
> > for attacker, depending on compiler available or not.
>
> They should.
> There is a classic by Ken Thompson (I think) about using a compiler
> to create a back door which has no traces in the source of either
> the compiler or of the back-doored module.
>
> Something about who can you trust.
>
>
You mean "reflectiond on trusting trust", don't you? Well, if someone has
privileges to replace your compiler with backdoored one, he has another
65535 ways to abuse your box.
We're not about this.

3.9 on sony vaio pcg-v505bx: wi0 is missing

[Anton Karpov]

I'm trying to boot OpenBSD 3.9 on my sony vaio, in order to play with it
onto my laptop (which is currently powered by freebsd).
Everything seems to be fine, except wireless card:

wi0 at pci2 dev 2 function 0 "Intersil PRISM2.5" rev 0x01pci_intr_map: no
mapping for pin A
: couldn't map interrupt

Despite the fact wi0 is recognised, it doesn't appears in ifconfig output,
e.g. ifconfig wi0 says no such device.
I've googled this out but still out of luck.
Any ideas how to fix it? Thanks in advance.

full dmesg:
OpenBSD 3.9 (RAMDISK_CD) #1025: Thu Mar  2 02:43:29 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.00GHz ("GenuineIntel"
686-class) 1.99 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACP
I,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 535863296 (523304K)
avail mem = 483098624 (471776K)
using 4278 buffers containing 26894336 bytes (26264K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(60) BIOS, date 04/22/03, BIOS32 rev. 0 @ 0xfd891
apm0 at bios0: Power Management spec V1.2
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd890/0x770
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf50/144 (7 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1 0xd8000/0x4000! 0xdc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M6 LY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
wi0 at pci2 dev 2 function 0 "Intersil PRISM2.5" rev 0x01pci_intr_map: no
mapping for pin A
: couldn't map interrupt
cbb0 at pci2 dev 5 function 0 "Ricoh 5C475 CardBus" rev 0xb8: irq 3
"Ricoh 5C551 Firewire" rev 0x00 at pci2 dev 5 function 1 not configured
ohci0 at pci2 dev 7 function 0 "NEC USB" rev 0x43: irq 9, version 1.0,
legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci2 dev 7 function 1 "NEC USB" rev 0x43: irq 10, version 1.0,
legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: NEC OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
ehci0 at pci2 dev 7 function 2 "NEC USB" rev 0x04: irq 3
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: NEC EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 5 ports with 5 removable, self powered
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x42, i82562: irq 10,
address 08:00:46:ac:4c:a8
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to c
ompatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
"Intel 82801CA/CAM SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
"Intel 82801CA/CAM AC97" rev 0x02 at pci0 dev 31 function 5 not configured
"Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: using exception 16
biomask fffd netmask fffd ttymask 
rd0: fixed, 3800 blocks
uhidev0 at uhub0 port 3 configuration 1 interface 0umass0 at uhub1 port 2
configuration 1 interface 0
umass0: Sony USB Memory Stick Slot, rev 1.10/1.90, addr 2
umass0: using ATAPI over CBI with CCI
scsibus1 at umass0: 2 targets

uhidev0: KYE Genius USB Wheel Mouse, rev 1.00/0.00, addr 2, iclass 3/1
uhid at uhidev0 not configured
sd0 at scsibus1 targ 1 lun 0:  SCSI0 0/direct removable
sd0: drive offline
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02

Re: 3.9 on sony vaio pcg-v505bx: wi0 is missing

[Anton Karpov]

2006/5/3, Nick Guenther <[EMAIL PROTECTED]>:
>
>
>
> This looks like a hardware problem, but I really don't know enough to
> say. Something (appearantly "no mapping for pin A") is causing the
> driver to bail out, so of course you won't see wi0 in ifconfig -- the
> driver isn't driving.



Don't know what do you mean by hardware problem, but device itself is
actually works.
Here is the relevant part of freebsd dmesg:

wi0:  mem 0xf800-0xf8000fff at device 2.0 on pci2
wi0: using RF:PRISM2.5 MAC:ISL3874A(Mini-PCI)
wi0: Intersil Firmware: Primary (1.1.0), Station (1.4.3)

So this is something openbsd specific. Sadly...

Re: sendmail is no more in NetBSD src tree

[Anton Karpov]

> > Christos Zoulas has removed sendmail from the NetBSD source tree. This
> > was the result of a lot of bickering long discussion about the security
> track
> > of sendmail. Sendmail will continue to be available from pkgsrc.
>
> You seem to be lost.  This is an OpenBSD mailing list.
>
> Adam
>
>
He posted it here for the flame. Ok, let's flame.
blah blah blah
Ok, I've finished my portion of flame.

Re: beck's greyscanner for spamd 4.1

[Anton Karpov]

It's good to see I'm not the only one;-)  I checked the archives and I
must have missed the memo.  Here shows an updated version:
http://www.ualberta.ca/~beck/greyscanner/


Ah, thanks. I've googled for greyscanner and found only beck@'s
presentation...
But now I see it.. thanks ;)

Re: Zurich OpenBSD

[Anton Karpov]

> Most probably it was me.
>
> --
> :wq Claudio



People who don't know each other but wears PUFFY, should salute each other.
"It's an OpenBSD thing. You wouldn't understand" ;-)

Re: Zurich OpenBSD

[Anton Karpov]

> RFC, anyone? :)
>
> > My coffee had just run out, so no keyboard harmed.
>
> Timo
>
>

I like the idea of T-shirts and stickers "It's an OpenBSD thing. You
wouldn't understand" ;-)

Re: OpenBSD sticker considered cool by a layman

[Anton Karpov]

2007/9/29, Greg Thomas <[EMAIL PROTECTED]>:
>
> On 9/29/07, Karel Kulhavy <[EMAIL PROTECTED]> wrote:
> > Some (cute) girl yesterday who doesn't understand computers at all
> pointed at
> > my laptop and asked "where did you get this damned cool sticker"? It was
> the
> > wireframe Puffy. People also tend to stare at Puffy when I use my laptop
> on
> > the bus.
> >
>
> My experience is the same.  Any time I wear my wireframe Puffy shirt a
> few people a day come up to me and get a closer look, same with the
> laptop sticker when I have my laptop with me.
>


The same here. I have wireframe puffy on the back of my car. VERY
attractive:

http://www.toxahost.ru/images/offroad/brabus/resized_P2010010.JPG

To openBSD fans in Kiev (Ukraine)

[Anton Karpov]

I will be in Kiev from 4.10 to 9.10 and I have four 4.1 CDs from Wim. Maybe
somebody still need it, at least as a souvenir? ;)

Ответ: OpenBSD sticker considered cool by a layman

[Anton Karpov]

i have nothing to hide ;)
ps: landrover rocks...

2007/10/1, [EMAIL PROTECTED] <[EMAIL PROTECTED]>:
> On 30.09-10:03, Anton Karpov wrote:
> [ ... ]
> > The same here. I have wireframe puffy on the back of my car. VERY
> > attractive:
>
> of course, if you were _really_ security conscious you would have
> cropped the license plate no
>   ;-)

Re: 4.2 song

[Anton Karpov]

2007/10/6, Theo de Raadt <[EMAIL PROTECTED]>:
>
> Just back from my (hiking) trip, I am happy to announce the 4.2
> song has been added to the lyrics page at
>
> http://www.openbsd.org/lyrics.html
>
> Yes, it is designed to sound like a mid-era Rush song, ie. something
> from Grace Under Pressure or such.  And there's a few easter eggs
> hidden in the song as well.  It also explains the inside sleeve
> image...
>
>
Cool! As a big fan of Rush, I like it so much!  Artwork is also incredible!
You are the best, guys.

OpenBSD XSS ;)

[Anton Karpov]

It's a kind of useless and funny XSS... in OpenBSD ;)

http://www.toxahost.ru/images/funny/obsd_xss.JPG

Re: OpenBSD XSS ;)

[Anton Karpov]

2007/10/10, Stuart Henderson <[EMAIL PROTECTED]>:
>
> On 2007/10/10 20:43, [EMAIL PROTECTED] wrote:
> > Nice to hide your local network IP ;)
> > Do not show it anyone!
> >
> > On 10/10/07, Anton Karpov <[EMAIL PROTECTED]> wrote:
> > > It's a kind of useless and funny XSS... in OpenBSD ;)
>
> Well, it's fixed in -current.
> There are better ways to report a bug than misc@, though.



I posted it here because I don't seriously think it's a [useful] bug

Re: OpenBSD XSS ;)

[Anton Karpov]

2007/10/10, Can Erkin Acar <[EMAIL PROTECTED]>:
>
> Anton Karpov <[EMAIL PROTECTED]> wrote:
>
>
> In this case, if you have some web application on the same
> *domain name* then the XSS can be used to take control of the
> user session on the application. Especially fun for isp/hosting
> kind of settings where you have customer management and
> troubleshooting (looking glass etc.) services side by side.
>
> Can



Yes, I', aware of it, I
just forgot about situation when you can really give access to bgplg
to [stupid] clients/users, which are not too smart to look into the
url, use firefox/noscript, etc ;) To make things clear
(as I see cvs commit
logs), originally this bug was found by my colleague Alexander
Polyakov, and I just mention it on misc@

Re: OpenBSD cartoons

[Anton Karpov]

2007/3/16, Karel Kulhavy <[EMAIL PROTECTED]>:
>
> Who's drawing those OpenBSD cartoons like
> http://www.openbsd.org/images/openbsd41_cover.gif
>
> They are cool. Can Theo draw so well or does he employ an artist?
>
> CL<
>
> It's Ty Semaka (http://www.tysemaka.com/), he did all the graphics and
lyrics in OpenBSD.

Re: Contradictory statement on vulnerability

[Anton Karpov]

> In other operating system the concept of upgrading is straightforward -
> Windows
> ask you and you press OK, in Gentoo Linux you type a magic sequence of
> magic
> commands and your system is up to date.



In OpenBSD, you type a logical sequence of logical commands and your system
is up to date. No black magic required.

to russian OpenBSD fans who wants official 4.1 CDs

[Anton Karpov]

I've got package* from Wim recently, with 4.1 CDs and stickers, for russian
obsd fans who ordered it via me on some russian opensource forums. But there
are some extra CDs (3-4 I think) which I can redistribute.
So if you are living in Moscow or Saint-Petersburg, I can give it to you
directly. If you are living in other cities I can send it to you. The price
is exactly the same as if you order it on openbsd.org. All collected money
will be sent back to Wim to support OpenBSD project, ofcourse.

Feel free to mail me privately

*images: http://www.toxahost.ru/images/obsd_packs/

beck's greyscanner for spamd 4.1

[Anton Karpov]

I've noticed that original greyscanner by beck@ doesn't work with latest
spamd.
Is there fixed/updated version of greyscanner anywhere?
Thanks.

Re: OpenBSD arp proxy

[Anton Karpov]

2007/6/9, Dominik Zalewski <[EMAIL PROTECTED]>:
>
> Dear All,
>
> I have a problem configuring routing. Here is how my setup looks:
>
>
> Internet - - - ADSL modem (bridge mode) - - - OpenBSD BOX - - - - - - -
> Switch - - - - - - - Server 1
>   IPOA: 196.218.x.97   vr1: 196.218.x.98  
>   |
> bge0: 196.218.x.100
>
> |
>
> |
>
> |
>   
>   Server
> 2
>   
>   eth0:
> 196.218.x.101



In such setup, you should configure obsd box as a (address-less) bridge,
something like this:

[(16:58):[EMAIL PROTECTED]:~ ] cat /etc/bridgename.bridge0
add fxp0
add xl0
blocknonip fxp0
blocknonip xl0
up

[(16:59):[EMAIL PROTECTED]:~ ] cat /etc/hostname.xl0
up
[(16:59):[EMAIL PROTECTED]:~ ] cat /etc/hostname.fxp0
up


or if you WANT to assign IP-address to obsd box:

[(16:59):[EMAIL PROTECTED]:~ ] cat /etc/hostname.fxp0
inet 196.218.x.98 255.255.255.248 NONE


I hope you get the idea

Re: General Answers about OpenBSD

[Anton Karpov]

2007/6/9, Leonardo Rodrigues <[EMAIL PROTECTED]>:
>
> On 6/9/07, Peter J. Philipp <[EMAIL PROTECTED]> wrote:
> > There is always issues with shit in this box.
> > It's a constant drain on nerves, but for some reason I still do it.
>
> ?



Maybe he tried to compare openbsd speed with another un*x on desktop?

Re: Moscow 6-10 December

[Anton Karpov]

2006/11/5, Wim Vandeputte <[EMAIL PROTECTED]>:
>
> Hey,
>
> I will be in Moscow in December from the 6th to the 9th and would like
> to meet up with some OpenBSD users, please contact me if you have
> local knowledge, especially if you know of a place called B1 in
> Ordzhonikidze
>
> Wim.



It would be really nice to organise OpenBSD users meeting, if you will have
free time. Will you bring tshirts and CDs? ;)

Re: on the remote root login in OpenSSH

[Anton Karpov]

2006/11/23, Igor Sobrado <[EMAIL PROTECTED]>:
>
> Hi again!
>
> I have a question on the default behaviour of OpenSSH.
>



Someone that really wants to allow remote root logins should be able to
> enable this feature just changing /etc/ssh/sshd_config.  But, in my
> humble opinion, most users do not really want this dangerous feature
> enabled by default.  And, even on small network appliances, an
> unprivileged
> account in the wheel group (and even in the operator group) is a good
> management practice.
>
>
I'm neither OpenBSD nor an OpenSSH developer, but I think, the main idea of
enabling root by default in OpenBSD is... protection from weak passwords!
Just look at this. When you're installing OpenBSD, systems asks for a root
password. You're setting a reasonably strong password, and proceed with a
rest of install process. After installation and (remote) configuration, if
you would like to make you system a bit more secure, you just have to change
PermitRootLogin from yes to no. And that's all.
Now imagine root login is disabled by default. In this situation, during
installation procedure, you should:
* set root password;
* add unprivileged user and set his password;
Most of the people doesn't really much care, and then it comes to "please
create new password" second time (for unpriv user), they think "That's the
sh*t, f*ck%ng password again!" and types really weak or similar to previous
pasword. Typically, next their step is to configure sudo to run any command
with NOPASSWD. And here comes the real hole: ssh login with weak password &
sudo ksh. People often think: "I'll mess with security later, after
configuring all this server stuff".

Resume. If you set weak password, you system is vulnerable anyway. If you
set strong password, don't bother about all those kiddie stuff like ssh
scanners and about PermitRootLogin. With second unprivileged user added
along with root during installation, your chances to lose is higher.

Re: Which tools the OpenBSD developers are using?

[Anton Karpov]

Actually, three IS remote hole in OpenBSD :(. This is small door hole for
cats in Theo's house.

funny log message: beck's greytrapper trapped bobeck :)

[Anton Karpov]

Nov 30 09:32:49 mercury greytrapper[96425]: Trapped 195.182.143.86: Mailed
from sender bobeck.net with no MX or A

see bobeck banned by awesome tool from beck@ ;)

Note to russian users: wdputte@ in Moscow

[Anton Karpov]

If you're living in Moscow, Russian Federation, and want to have beer with
Wim Vandeputte, and to get magic OpenBSD stuff from him, see
http://www.toxahost.ru/wim.html ;)

Re: funny log message: beck's greytrapper trapped bobeck :)

[Anton Karpov]

> Did you apply the patch I posted earlier?  If your running the
> greyscanner right off Bob's presentation, it has some off-by-ones that I
> fixed.  And it affected the DNS lookup portion of the code too.  I saw
> similar results with hosts that had valid MX/A DNS records but ended up
> trapped.
>
> Jim
>
>

No I don't. Thanks for mention it, I will search archives and apply your
patch

[laptop died] best notebook suitable for OpenBSD

[Anton Karpov]

My lovely Sony VAIO died few days ago. So I'm searching for a replacement.
Honestly, VAIO never works good with BSDs, the only one BSD which works
quite good is FreeBSD (although it has no proper suspend/resume support for
VAIO). OpenBSD has several problems like unability to ajust brightness (no
hardware brightness control in VAIOs), although setbrightness from linux
works well under emulation, and problems with sound driver.
But anyway, I loved my VAIO.
Now I'm looking for replacement. I prefer small sub-laptops, with 11' screen
(or even smaller). New VAIO TX series has perfect dimensions, but I decide
not to mess with VAIOs anymore ;)
AFAIR the best laptops for BSDs, proven/recommended by many users, are
IBM/Lenovo ThinkPads. I especially prefer X series with 12' screen. So I
just want to be sure it's the best choice for using OpenBSD onto it.
Hey, happy mobile OpenBSD users, I want to hear your voice. Does everything
in your laptop works smoothly in OpenBSD?
Thanks in advance for your replays.

P.S.: Okay, I know we have laptop page. But it's a little bit outdated.

Re: openbsd 4.0 ralink problem low operation range

[Anton Karpov]

> I just found a Proxim Gold 8470-FC card on eBay for $60 w/ shipping. Is
> this a good deal? Is your card "8470-FC"?
>
> Thanks for the info.
>


Yeah, but mine is not FC but WD.

Re: openbsd 4.0 ralink problem low operation range

[Anton Karpov]

2006/12/12, Clint Pachl <[EMAIL PROTECTED]>:
>
> Anton Karpov wrote:
> > It's a known problem with ralink. Bad radio.
>
> That's what I was thinking.
>
> Hey, could you recommend a good "range" card?



I have Proxim Orinoco Gold 8470, works fine for me. But it's fucking ath(4)
. I suppose the best way is to wind card with external antenna connection.

Re: openbsd 4.0 ralink problem low operation range

[Anton Karpov]

It's a known problem with ralink. Bad radio.

Re: 202 days Uptime in OpenBSD 3.6

[Anton Karpov]

Don't forget about vulns in tcp/ip stack in summer 2005


2007/1/16, Olivier Meyer <[EMAIL PROTECTED]>:
>
> What really matters is the security of the applications you are
> running(httpd, sshd, sendmail,...). If you keep those up to date, the
> kernel really does not matter. If you look at
> http://openbsd.org/security.html, most of the "openbsd" bugs really
> are in openssh, the c library, or are a local privilege escalation
> attack that cannot be exploited remotely.

Secure perl forum board software

[Anton Karpov]

Since almost every php-based board engine is just a piece of crap, as the
php itself, I'm looking for good perl based board software. The _most_
important point is security, noone except authorised users should be able to
get forum data. I've looked at SMF, phpBB, but it's all php based and
googling gor 'foobar vulnerability' (where 'foobar' is SMF or phpBB etc..)
shows tons of vulns.
Can someone recommend something suitable?
Thanks.

Re: Secure perl forum board software

[Anton Karpov]

> And along those lines, some simple photo album type thingy?

igal is simple and do the job for me. I like this perl script

Re: Secure perl forum board software

[Anton Karpov]

Just FYI:

I've found nice E-Blah perl forum. Nifty, small, and is able to use plain
text files as storage (e.g. NO mysql shit). Very suitable for not very big
board. I'll play with it and report my impressions.

Re: [OT] What do you use for MIME email?

[Anton Karpov]

> Because Theo uses mail(1) so clearly it's good enough for everyone?
>
> Who knows.



By the way, I wonder what email client Theo uses on  a daily basis. There is
no x-mailer/x-user-agent in his email headers...

Re: OpenBSD's own compiler

[Anton Karpov]

> you (and your kids) will go greyhair before you get halfway thru it.
>
> so can you people fucking shuddup and do smth useful now plz?


This world sucks. We're living in a dark ages, playing with the same
technologies as 20 years ago.  UNIX is still here. Gcc is still here. C is
still here. And it will always be the same.
This world needs something really new. Maybe nuclear war is the answer?
Oh, no, I'm not smoking crack

Re: OT - OpenBSD's own compiler

[Anton Karpov]

2006/8/2, chefren <[EMAIL PROTECTED]>:
>
> On 08/01/06 22:57, Jacob Yocom-Piatt wrote:
>
> > this is the funniest post i've read on misc@ in a while.
>
> That was why I put "Amen" below it...
>
> ..



A little bit of trolling never hurts anyone ;)

Re: Why no compiler on prod system [Was: Re: How to update httpd without a compiller]

[Anton Karpov]

2006/8/24, Stephan A. Rickauer <[EMAIL PROTECTED]>:
>
> People from time to time say they don't want to have a compiler
> installed on a productive system due to security issues. I don't
> understand this. Isn't is too late anyway, if someone's already able to
> make use of the compiler?
>
> --
>

Removing compiler doesn't bring much more security to your system, but it
can make it a little bit safer. Very little bit, but safer. I mean, if your
system has local root hole, for example, in this case cracker  should
compile his sploit somethere outside your box, and transfer binary file onto
it, thus, it takes more time than "cat > /tmp/.slp01t.c && gcc
/tmp/.spl01t.c && ./a.out". And usually, crackers limited in time resources.

Any modern wireless injection tools for OpenBSD?

[Anton Karpov]

Hi all.

When it comes to auditing wireless networks, I notice that linux users lives
happily with aireplay from aircrack suite. Unfortunately, it seems like
there is no any tool similar to aireplay in BSD world. In past days, we had
wnet suite, with reinj and dinject, but those days are all gone now, and it
doesn't work with OpenBSD solid wireless stack. So while doing wireless
audit or wireless network penetration testing, I should reboot into linux
livecd. It annoys me.
Does anybody aware of tool which can inject arbitrary packets and wireless
frames into wireless network, and works under OpenBSD?

Re: The future of NetBSD

[Anton Karpov]

2006/9/1, Gilbert Fernandes <[EMAIL PROTECTED]>:
>
> I have a dream.
>
> A dream of unification.
>
> Having one BSD. Merging the three projects and, why not, keeping
> incompatible stuff as options that would be either one or another.



Opensource is about choice. If you don't like something, when fork it and do
it as you wish. That's why we have 3 open BSDs (not OpenBSDs ;)). Period.

how to adjust lcd brightness on VAIO laptops

[Anton Karpov]

Hi, is there anybody using OpenBSD on VAIO laptops?
Mine is PCG-V505BX, and it's soft-keys are not functional, e.g. you need
additional tool to control LCD brightness. Under Linux, such tools is
spicctrl, under FreeBSD - setbrightness from picturebook suite or (modern
way) sysctl dev.acpi_sony.0.brightness.
But OpenBSD lacks acpi support for now.  If somebody uses OpenBSD on VAIO
laptops, how do you control screen brightness?
Thanks.

Re: hearing complaints regarding pre-orders

[Anton Karpov]

Guys, is there any chance to get official CDs here in Russian Federation?

Re: WLAN-Sec-Tools for OpenBSD?

[Anton Karpov]

> Or is sniffing with kismet and then trying to crack the key with
> bsd-airtools (wich doesn`t implement the latest algorithms to speed this
> up) the only way on oBSD?
>
> Kind regards,
> Sebastian
>
> p.s.
> If somebody has a aircrack-ng port wich may compiles fine or even "just"
> supports the stuff it supports on Linux: please let me know... :)
>
>
In fact, aircrack itself from aircrack suite compiles well. Try to collect
dumps via Kismet and crack wepkey with aircrack. Sadly, there are no tools
similar to aireplay for BSD, but it's on my TODO list (I'm slowly rewriting
aireplay for BSD. It's so ugly and leeenooks-specific, that it's better to
say I'm writing it from scratch)

Re: OpenBSD Audio!

[Anton Karpov]

2006/10/30, Michael Hernandez <[EMAIL PROTECTED]>:
>
> I just had to mention that the OpenBSD audio cd is great for playing
> at the office.
>
> Thanks OpenBSD! Not only is the operating system a pleasure to use,
> but the music has us all in great spirits here.
>
> Mike H
>
>
It's proven listening OpenBSD songs increase hacker's perfomance up to
30-50%.

Re: OpenBSD 4.0 released Nov 1, 2006

[Anton Karpov]

2006/11/1, Theo de Raadt <[EMAIL PROTECTED]>:
>
> 
> Nov 1, 2006.
>
> We are pleased to announce the official release of OpenBSD 4.0.



Thank you, guys. You are the best, as always.

Is it safe to remove old libs in /usr/lib?

[Anton Karpov]

After many years of upgrades (probably starting from 3.3 or 3.4, don't
remember) my box has a lot of old libraries in /usr/lib. I'm pretty sure I
have no hand-build third-party software depends on them, and with every
upgrade cycle I update all packages along with release (thanks to espie@,
it's so easy now). So I think it's completely useless in my system, only
wasting disk space in /usr. And it's safe to remove those old libs. Am I
right? It would be nice to mention it in the FAQ.

Re: openbsd and the money

[Anton Karpov]

I think, if we skip all the whinning, the one straight question from
Frantisek Holop which is not yet clarified is why devs makes so
cantradictory statements: "we do code FOR OURSELVES, AND if you like it, you
are free to use it" and "we THANK you with code (e.g. 'we code FOR YOU
instead of giving you sweet words')". The first one is for "losers in misc@"
and the second one is for the time when it comes to money...
in my HUMBLE opinion, such statements are pretty different...

p.s.: dont' blame me, i'm just trying to make it clear...

to russian OpenBSD fans in Moscow

[Anton Karpov]

I will be in Moscow from tuesday to friday, everyone who wants 4.3 CDs or
4.2 T-shirts or 4.2 T-shirts, I will take it with me. Now I have 3 CDs, 2
4.2 T-shirts and 14.3 T-shirt. Feel free to drop me email to toxa (at)
toxahost.ru with your mobile phone in it.

Re: Does Intel driver supports 3d acceleration?

[Anton Karpov]

Ты всех заебал.

On Sat, 11 Apr 2020 at 13:28, Nikita Stepanov
 wrote:
>
> Does Intel driver supports 3d acceleration?

Re: [ot] st. petersburg tourist openbsd meeting :]

[Anton Karpov]

I've mailed you my phone number privaterly :)


i am in st. petersburg for a couple of days
if some openbsd user{s} want to meet up for
a drink/chat i'd be happy to meet some natives...

-f
--
atheistic dyslexics don't believe in dog

Re: (open)smtpd, the mystery smtpd daemon

[Anton Karpov]

By the way, I like pf-like syntax of smtpd.conf a lot.

Re: kde4 dead?

[Anton Karpov]

Sure.

Everybody is waiting for your patches :-)



2010/3/15 Donald Cooley 

> openports shows that the openbsd version of kde4 is nearly two years
> old.  are there any future plans to update kde4?
>
> Regards,
> Donald Cooley

Re: systrace

[Anton Karpov]

According to Provos's blog,
http://www.provos.org/index.php?/archives/34-Evading-System-Sandbox-Containment.html

"The initial prototype of Systrace as described in the
paperavoided
this problem by using a look-aside buffer in the kernel. This
imposes a slight performance penalty but I hope that this obvious solution
is going to be included in the OpenBSD and NetBSD kernel soon."

But we have no idea about was this solution included into OpenBSD sources
tree or not...


2009/7/14 Theo de Raadt 

> > I've just been pondering,... were the systrace issues identified with in:
> > http://it.slashdot.org/it/07/08/09/138224.shtml
> > ever delt with and corrected?
>
> They were not identified there.  They were documented in the manual page
> right from the start.
>
> > If so where can I find some more info on the fixes made?
>
> No, it isn't fixed.

infamous TCP flaw details released - is OpenBSD affected?

[Anton Karpov]

Sorry if it was discussed somewhere else, but..
It seems like infamous TCP flaw found by Outpost24 reseachers near 1 year
ago was finally released, here is the report about "multiple vendors
affected": http://tools.cisco.com/security/center/viewAlert.x?alertId=18799.
Vulnerability release was coordinated by CERT (
https://www.cert.fi/haavoittuvuudet/2008/tcp-vulnerabilities.html).
It's know that, for example, RedHat doesn't treat it as an issue but a
matter of design (http://kbase.redhat.com/faq/docs/DOC-18730) although it's
also affected.
So what about OpenBSD? Were developers aware of it and what is the reaction?
Thanks in advance.

Re: OpenBSD 4.6 release Oct 28, 2009

[Anton Karpov]

Please update lyrics.html with recent commentaries. There are still no
comments for 4.5 and 4.6. No comments means no passion. OpenBSD always was
about passion.

;)

2009/10/18 Andris 

> On Sun, Oct 18, 2009 at 1:38 PM, Theo de Raadt 
> wrote:
> > Many people have received their 4.6 CDs in the mail by now, and we
> > really don't want them to be without the full package repository.
> > Oct 18, 2009.
> >
> > We are pleased to announce the official release of OpenBSD 4.6.
> > This is our 26th release on CD-ROM (and 27th via FTP).  We remain
> > proud of OpenBSD's record of more than ten years with only two remote
> > holes in the default install.
> >
> > As in our previous releases, 4.6 provides significant improvements,
> > including new features, in nearly all areas of the system:
> >
> > - New/extended platforms:
> >o mvme88k
> >  o MVME141 and MVME165 boards are now supported.
> >o sgi
> >  o SGI Octane, SGI Origin 200 and SGI Fuel systems are now supported.
> >  o Several bugs in interrupt handling have been fixed, resulting
> >in significantly improved system response.
> >o sparc
> >  o The bootblock load address has been moved so that larger kernels
> >can be loaded.
> >o sparc64
> >  o Acceleration support has been added for many of the PCI frame
> buffer
> >drivers, such as the Sun PGX, PGX64 and XVR-100, and Tech Source
> >Raptor GFX graphics cards.
> >
> > - Improved hardware support, including:
> >o Several new/improved drivers for sensors, including:
> >  o The ips(4) driver now has sensor support, complementing the bio
> support.
> >  o The acpithinkpad(4) driver now has temperature and fan sensor
> support.
> >  o New endrun(4) driver for the EndRun Technologies timedelta sensor.
> >  o The fins(4) driver now has support for F71806, F71862 and F71882
> ICs.
> >  o The acpitz(4) driver now shows correct decimals for temperature.
> >o Added radeonfb(4) to sparc64, an accelerated framebuffer for
> >  Sun XVR-100 boards.
> >o Added support for RTL8103E and RTL8168DP devices in the re(4)
> driver.
> >o Added support for BCM5709/BCM5716 devices in the bnx(4) driver.
> >o Added support for ICH10 variants of em(4).
> >o Added support for VIA VX855 chipset in the viapm(4) and pciide(4)
> drivers.
> >o Added support for Intel SCH IDE to pciide(4).
> >o Added support for the Broadcom HT-1100 chipset in the piixpm(4)
> driver.
> >o Added support for 82574L based devices in the em(4) driver.
> >o Added support for VIA CX800 south bridge to the viapm(4) driver.
> >o A number of network drivers including bge(4), bnx(4), hme(4),
> iwn(4),
> >  ix(4), msk(4), sis(4), sk(4), vr(4) and wpi(4) now make use of the
> >  MCLGETI(9) allocator in order to reduce memory usage and increase
> >  performance when under load or attack.
> >o Added support in em(4) for the newer 82575 chips.
> >o zyd(4) now supports devices with Airoha AL2230S radios.
> >o zyd(4) now works on big-endian machines
> >o urtw(4) now supports RTL8187B based devices.
> >o New otus(4) driver for Atheros AR9001U USB 802.11a/b/g/Draft-N
> >  wireless devices.
> >o New berkwdt(4) driver for Berkshire Products PCI watchdog timers.
> >o New udl(4) driver for USB video devices.
> >o Support for a variety of newer models in bge(4).
> >o Initial version of vsw(4), a driver for the virtual network switch
> >  found on sun4v sparc64 systems.
> >o Implemented machfb(4), an accelerated driver for the sparc64
> PGX/PGX64
> >  framebuffers.
> >o New vcc(4) and vcctty(4) drivers for the "Virtual Console
> Concentrator"
> >  found on the control domain of sun4v systems.
> >o Implemented 64-bit FIFO modes for ciss(4) devices.
> >o Enabled hardware VLAN tagging and stripping on ix(4).
> >o Added basic support for Envy24HT chips to the envy(4) driver.
> >o Many improvements and updates to the isp(4) driver.
> >o Added support for 88E8057-based Yukon 2 Ultra 2-devices in msk(4).
> >o The ips(4) driver now works reliably.
> >o Added raptor(4), an accelerated framebuffer driver for the Tech
> Source
> >  Raptor GFX cards on the sparc64 platform.
> >o Enabled schsio(4) on i386 and amd64 and added watchdog timer
> support.
> >o New acpivideo(4) driver for ACPI display switching and brightness
> control.
> >o Added support for the IBM ServeRAID-8k in the aac(4) driver.
> >o Added support for the BCM5825 and 5860/61/62 Broadcom CryptoNetX
> >  IPSec/SSL Security processor in the ubsec(4) driver.
> >o Added support for AES-CBC with BCM5823-based ubsec(4) devices.
> >o Firmware for bnx(4) has been updated.
> >o Added support to fxp(4) for the 82552 MAC found on some ICH7
> chipsets.
> >o Added support to umsm(4) for Truinstall enabled modems like the
> >  Sierra 881U.
> >o Added support to pciide