Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
When X11 came to my attention, in the 1980's, it was called X11. "What," I wondered back then, "could that mean?" Back then, we would get to know new software long before version 11, so it seemed an odd name. Back then. It's been X11 for millennia. I discovered Exfiltrator (or Exfiltration, 'ex'+10) about a year ago. LOL. I actually did not know about the vulnerability. Thanks, Matthew. And yes, I was voicing the untested theory of precisely what you articulated, Luke. I live in post-2016 USA and have essentially given up hope of any sort of computer security. The mantra I developed, as my coworkers insisted on using (for instance) the React JS package that had "Exfil" as a dependency, was: "When in Rome." On Fri, Mar 29, 2024 at 4:44 PM wrote: > Luke A. Call writes: > > > > On 2024-03-29 09:01:07-0400, James Huddle > wrote: > > > Exfiltrator. There's an 11-letter word that starts with "ex". X11. > > > > After a quick web search, I'm not sure I follow. Is that a reference to > > a program that exfiltrates data after a computer is compromised? Can you > > elaborate a little? I realize this is an ignorant question. > > In short, there is a well known shortcoming or feature depending > on who you ask inherent in the X protocol's design where any > application which uses the X server (ie. can access the tcp port > or unix socket and has the correct xauth key, which is to say all > of them) can request (and get) the ability to read all of the X > events, which includes every key press and mouse movement in every > application. > > Exfiltrator is 11 letters and we are at X protocol version 11. > > There are common mitigations against this problem, such as not > giving strangers the ability to run unknown programs on your console. > > Matthew > >
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
Exfiltrator. There's an 11-letter word that starts with "ex". X11. On Thu, Mar 28, 2024 at 7:39 PM Luke A. Call wrote: > On 2024-03-28 17:28:56+0100, Jan Stary wrote: > > > (2) I've learned that X11 allows locally running malware to sniff the > > > keystrokes input to any other X11-using app running under any user. > > > > I don't believe that's true. > > Where have you "learned" that, and how does that work? > > "Dear X11, what is $user typing into his firefox textarea"? > > I'm no X expert, but I think what you are saying is technically correct > across users, but I believe it is possible for one application to > sniff the keystrokes input to another app running under the *same* user, at > least, and under different users in the same X session depending on how > they connect. Specifically: > > 1) Under `man xterm' in the "SECURITY" section it says some related > things that sound like that is what they are saying. I can't elaborate > on what it says there but that made me want to be cautious. > > 2) running >xinput list > ...shows some devices, where on my system the /dev/wskbd has "id=6". > Then taking that number 6 and doing >xinput test 6 > ...and typing in a separate xterm window shows the keystrokes from the > second window, in the first. I believe the same would be true for any > X application running as the *same* user. > > 3) I did some experimenting in the past with "ssh -X user@..." and > "ssh -Y user@...", and only when using -Y were keystrokes visible across > users. Similar things can be done with less cpu overhead using xauth > and magic cookies etc (I played with that, with help from people on this > list, scripted it for myself using what they and man pages helped me > learn, and haven't > thought about it much since then, except to use the scripts--but it is very > handy for me to have things running as different users within the same X > session, because of these boundaries around keyboard sniffing and also > filesystem etc restrictions across users). > > 4) I am under the impression that the clipboard sharing between X users is > not restricted as the above things are. Ie, one can spy on another > freely. > > Luke Call > >
Re: Microsoft's war on plain text email in open source
She never really says how old her "partner" is. Perhaps he is a developer who has literally "...grown up in the last five or ten years..." On Wed, Aug 26, 2020 at 9:50 AM Rafael Possamai wrote: > >- Original message - > >From: Greg Thomas > > > >"... he had to set up an entirely new mail client which didn’t mangle his > >email message to HTML-ise... That’s a barrier to entry that’s pretty > >high..." > > > >Wow. Life's rough. > > Most desktop/web email clients I've ever used have plain-text mode for > composing. > >
Re: Question regarding server hardware
On 2019-09-07, James Huddle wrote: >> I recently purchased a Dell T-330 server that I had intended to >> install OpenBSD on and use as a serious web server. My goal was to >> have more control than would be (naturally) given with, say an AWS VM. >> And by control, I mean what is *not* running on the box - security-wise. >> >> Apparently, Dell ships these with an abundance of "security features" >> already on the box. And not a lot of obvious opt-outs. And a proclivity >> not not understand that "no means no" in regard to turning off these >> features. >> One of which used 60% of (one of 8) processors, all the time. Constantly >> running >> one of my processors at 60% - as long as it was powered up. >I don't think that is from some hidden "security feature". >Where is the CPU use showing up? Can you send output from "top -Sn", >"vmstat -i" and a complete dmesg? Is there something I could do (like top) to discover why my external HD turns itself on every 5 seconds after powering down the main box? -Jim On Tue, Sep 10, 2019 at 8:47 AM Stuart Henderson wrote: > On 2019-09-07, James Huddle wrote: > > I recently purchased a Dell T-330 server that I had intended to > > install OpenBSD on and use as a serious web server. My goal was to > > have more control than would be (naturally) given with, say an AWS VM. > > And by control, I mean what is *not* running on the box - security-wise. > > > > Apparently, Dell ships these with an abundance of "security features" > > already on the box. And not a lot of obvious opt-outs. And a proclivity > > not not understand that "no means no" in regard to turning off these > > features. > > One of which used 60% of (one of 8) processors, all the time. Constantly > > running > > one of my processors at 60% - as long as it was powered up. > > I don't think that is from some hidden "security feature". > Where is the CPU use showing up? Can you send output from "top -Sn", > "vmstat -i" and a complete dmesg? > > >
Question regarding server hardware
I recently purchased a Dell T-330 server that I had intended to install OpenBSD on and use as a serious web server. My goal was to have more control than would be (naturally) given with, say an AWS VM. And by control, I mean what is *not* running on the box - security-wise. Apparently, Dell ships these with an abundance of "security features" already on the box. And not a lot of obvious opt-outs. And a proclivity not not understand that "no means no" in regard to turning off these features. One of which used 60% of (one of 8) processors, all the time. Constantly running one of my processors at 60% - as long as it was powered up. I understand that there are times when good security requires such measures. I do. And if I trusted Dell with 100% of my security needs, I'd be ok if it phoned home a lot, or repeatedly powered up my external HD after a total power down, etc. But I am under-educated and over-paranoid, and so I'm hoping that the people on this list can offer some suggestions of machines that they use as internet servers. I'm looking for *more* power and *less* stuff running in the background when booting from a newly-installed OS (like obsd). I can and will go with a 10-yr-old desktop model, if that's what it takes to achieve "radio silence" when I'm not running anything. Can you tell me what you like to use? Thank you in advance. -Jim Huddle
Re: PF firewall for desktop
Lots of miscommunications in these threads. The original poster here was talking about setting up a virtual firewall machine to deal with traffic on a single box. Most of the war stories are from sys admins protecting a corporate LAN (or larger) with lawyers and accountants weighing in. Of course you need to consider the collective OpenBSD wisdom and up your game accordingly, when protecting a multimillion dollar facility. I could really go for a methanol, about now! On Tue, May 28, 2019 at 6:58 AM Kevin Chadwick wrote: > On 5/24/19 8:30 PM, Jean-Francois Simon wrote: > > Hi, > > > > Out of interest, I'd like to let you know a specific use of OpenBSD with > PF, in > > virtualbox, 2 virtual network card Bridged to physical NIC, and building > up a > > subnet with NAT and hence running Packet Filter as the > machine's firewall. > > > > > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > pure > > interest into running BSD and let it purify the network access to > > desktop (without need for additional hardware). > > > > > > Works well, love it. > > I have done something similar in the past. My personal preference is > hyper-v on > windows 10 pro which seven can be upgraded to. I would hope hyper-V has > inherited kernel sandboxing/mitigation protections and hardening from > Windows > kernel/azure. > > I assign the physical nick to the OpenBSD VM and remove all check boxes > like > ipv4/ipv6 support from that nick. Then I had an VNAT device for windows to > talk > to. Glasswire ontop gives a window into the why is it connecting there or > obfuscating CDNs https certs without the other free windows firewall cruft. > > I assume communications to the windows box could be made from a foreign > network > via arp manipulation but a nice setup none the less, if you can be > bothered with it. > >
Re: PF firewall for desktop
IP is a fairly high-order construct. Beneath it , the data link and physical layers remain almost unnoticed. One thought that came to mind would be to attack a machine on the same LAN, and then exploit an Ethernet vulnerability to listen to "the wire". Not sure how many (if any) Ethernet vulnerabilities there are, but that would be one possible vector. Also, the nic card itself might have physical-layer vulnerabilities, such as administrative backdoors. That's all aimed at eavesdropping. Escalating that to an OS pwnership is beyond my imagination. But I imagine it's not beyond *somebody's* imagination. And that's the beauty of the hack. There's always someone in the rabble with a background in electronics or orchid-growing or intergalactic imaging that has an insight that nobody thought to defend. Check... No, wait, Checkmate! On Sun, May 26, 2019 at 4:04 AM Walt wrote: > ‐‐‐ Original Message ‐‐‐ > On Friday, May 24, 2019 2:30 PM, Jean-Francois Simon < > jfsimon1...@gmail.com> wrote: > > > Hi, > > > > Out of interest, I'd like to let you know a specific use of OpenBSD with > > PF, in virtualbox, 2 virtual network card Bridged to physical NIC, and > > building up a subnet with NAT and hence running Packet Filter as the > > machine's firewall. > > > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > > pure interest into running BSD and let it purify the network access to > > desktop (without need for additional hardware). > > > > Works well, love it. > > > > Jean-François > > I like having a firewall that would pretty much require someone physically > entering the computer room in order to attack the firewall. With OpenBSD, > your firewall can control your network traffic without having an IP address > at all. > > One thing that you could try is to use the OpenBSD VM as the firewall, but > don't assign any IP address to the firewall. The Win7 VM would have the > actual IP address, but the OpenBSD VM would control the network. > > If I ever get around to getting enough IPv4 addresses so that I don't need > a NAT, I'll go back to isolating access to the firewall with this approach. > > I am curious if there is any way to attack the firewall if it has no IP > addresses. > > W > >
Re: PF firewall for desktop
I like your suggestion! I am security paranoid to a fault. For me, a system is either rock solid or wide open. obsd is the closest I've found to rock solid, and frankly a virtualbox vm running on win7 feels wide open. But the more I thought about your idea, the more I liked it. Win7 w/o the virtual firewall is more simply at risk, so why not? Seeing as I am still new to OpenBSD, I would probably have 2 vms: bsd1 passes everything incoming to bsd2 (the firewall), then bsd1 quietly logs what goes out to check for nefarious-looking packets. That would take two separate boxes to even start building, without vms. The VMs can fight and die and be replaced, and even a noob like myself can learn what works better and harder. Can't wait to set something up. -Jim On Fri, May 24, 2019 at 3:38 PM Jean-Francois Simon wrote: > Hi, > > Out of interest, I'd like to let you know a specific use of OpenBSD with > PF, in virtualbox, 2 virtual network card Bridged to physical NIC, and > building up a subnet with NAT and hence running Packet Filter as the > machine's firewall. > > > That's the firewall I use under Win7, OpenBSD running in a VM, out of > pure interest into running BSD and let it purify the network access to > desktop (without need for additional hardware). > > > Works well, love it. > > > Jean-François > >
Re: single user question
Sorry. Stefan. Batting 1000. -Jim On Tue, May 21, 2019 at 1:20 PM James Huddle wrote: > Just a quick shout-out to Roderick: > Thank you for the paper reference. It's probably perfect for my needs, > but I've been a bit busy, as of late. So no papers, regardless of year > written. > One of my favorite references is Thompson's "Reflections on Trusting Trust" > so I'm hep to your SuperFly-Era ways. No dateism or ageism from this > child of the 60's. > -jrh > > On Fri, May 17, 2019 at 2:36 PM Nathan Hartman > wrote: > >> On Fri, May 17, 2019 at 12:28 PM ropers wrote: >> >> > >> > In the history of the (Berkeley) Fast File System, has there ever been >> > an attempt to implement DOS-like undelete for FFS/UFS? >> > (I understand that for technical reasons, this could require running a >> > daemon that remembers just enough metadata to keep data recoverable so >> > long as it's not overwritten. I also understand that running a daemon >> > that remembers things nominally deleted would have security >> > implications, which may not keep me from running a daemond that w/o >> > being perfect could protect me from myself at least some of the time.) >> > I did find this: >> > >> https://lists.freebsd.org/pipermail/freebsd-questions/2016-May/271785.html >> > -- which didn't seem to suggest that the answer was any yessier now >> > than thirty years ago. So, that's a no, then? Anyone? Bueller? >> >> >> Maybe that could work for "normal delete" while making available a >> separate >> "secure delete" that cannot be un-deleted and furthermore overwrites the >> deleted data with random garbage. Administrators could optionally force >> the >> secure overwrite delete. >> >> > >> >
Re: single user question
Just a quick shout-out to Roderick: Thank you for the paper reference. It's probably perfect for my needs, but I've been a bit busy, as of late. So no papers, regardless of year written. One of my favorite references is Thompson's "Reflections on Trusting Trust" so I'm hep to your SuperFly-Era ways. No dateism or ageism from this child of the 60's. -jrh On Fri, May 17, 2019 at 2:36 PM Nathan Hartman wrote: > On Fri, May 17, 2019 at 12:28 PM ropers wrote: > > > > > In the history of the (Berkeley) Fast File System, has there ever been > > an attempt to implement DOS-like undelete for FFS/UFS? > > (I understand that for technical reasons, this could require running a > > daemon that remembers just enough metadata to keep data recoverable so > > long as it's not overwritten. I also understand that running a daemon > > that remembers things nominally deleted would have security > > implications, which may not keep me from running a daemond that w/o > > being perfect could protect me from myself at least some of the time.) > > I did find this: > > > https://lists.freebsd.org/pipermail/freebsd-questions/2016-May/271785.html > > -- which didn't seem to suggest that the answer was any yessier now > > than thirty years ago. So, that's a no, then? Anyone? Bueller? > > > Maybe that could work for "normal delete" while making available a separate > "secure delete" that cannot be un-deleted and furthermore overwrites the > deleted data with random garbage. Administrators could optionally force the > secure overwrite delete. > > > >
Re: single user question
First of all, I must say that it is with genuine gratitude that I read your responses! Moving on... On Wed, May 15, 2019 at 3:05 PM James Huddle wrote: >> What I am trying to do (thank you Troy Martin), is work through >> the standard answers and missteps toward a more secure OS, >> starting with OpenBSD and a flashlight. It is my humble opinion >> that the optimal number of users for (say) a laptop is one. >> And the optimal number for a server is zero. I doubt many would >> agree with that assessment, but I'm looking for solutions, regardless. >I'm going to try to phrase this politely, but I might trigger other >people to say some rude things (not sure if they'll be aimed at >myself, or not). Anyways... I have two hypothetical questions you >should think about: >1) Why do you doubt that many would agree with that assessment? Probably the same reason that you would say "...I might trigger other people to say some rude things..." Often I feel that by merely stating my opinion, here, I have opened the door to the proverbial darkroom. Sorry! That, and a multi-user system has been the heart and cornerstone of Unix & co. for MILLENNIA. That's fine. But my laptop is not a 1985 VAX. I just think that pushing the idea forward of using the most popular multiuser OS in history - in single-user mode - might meet with a little friction. >2) Also, what is a "user"? Good question. I am a user. Someone who has hacked into my multi-user system as a different user is a user. And apparently, so is the cups daemon? >If by "user" you mean "person", that leads to some lines of discussion. >If by "user" you mean an integer value which appears under the label >"user_id" (or some variant, such as perhaps "uid") in a C structure, >that leads to other lines of discussion. >If by "user" you mean a line in the /etc/passwd file which identifies >a directory, that leads to yet other lines of discussion. Although I have some understanding of the three discussions, I feel that the "interchangeable parts" philosophy, which works great for firearms technology, has created more problems than we should be willing to accept in 21st century computing. A user is *usually* a human, and might better be defined as an *owner*. Not to be confused with the thousands of visitors to a web site. In short, If I am sitting at my laptop, no other humans should be using my laptop at that time, without an arm-twisting amount of authentication and my conscious awareness of said "other person". Having a bunch of background processes doing human-user things blurs that equation, unfavorably, IMO. ... >From skimming this thread, I don't think you mean any of those. But if >no one knows what you mean, it doesn't really matter whether they >agree or disagree with you. Hope that helps. Weather's calling for rain. Fingers crossed. -Jim On Wed, May 15, 2019 at 4:47 PM Raul Miller wrote: > On Wed, May 15, 2019 at 3:05 PM James Huddle > wrote: > > What I am trying to do (thank you Troy Martin), is work through > > the standard answers and missteps toward a more secure OS, > > starting with OpenBSD and a flashlight. It is my humble opinion > > that the optimal number of users for (say) a laptop is one. > > And the optimal number for a server is zero. I doubt many would > > agree with that assessment, but I'm looking for solutions, regardless. > > I'm going to try to phrase this politely, but I might trigger other > people to say some rude things (not sure if they'll be aimed at > myself, or not). Anyways... I have two hypothetical questions you > should think about: > > 1) Why do you doubt that many would agree with that assessment? > > 2) Also, what is a "user"? > > If by "user" you mean "person", that leads to some lines of discussion. > > If by "user" you mean an integer value which appears under the label > "user_id" (or some variant, such as perhaps "uid") in a C structure, > that leads to other lines of discussion. > > If by "user" you mean a line in the /etc/passwd file which identifies > a directory, that leads to yet other lines of discussion. > > ... > > From skimming this thread, I don't think you mean any of those. But if > no one knows what you mean, it doesn't really matter whether they > agree or disagree with you. > > Thanks, > > -- > Raul >
Re: single user question
>What I"m saying is that it takes less work overall to subtract from a >system in a supportable way than it is to try and handcraft an >unsupportable system. If you know the supportable system well and your goal is only a slight variation of that that system does, then that makes perfect sense. If, on the other hand, you are new to the system, and you notice many examples of problems caused by what appears to be the basic underpinnings of the system (things like multiuser and TCP, itself, not to mention the open, welcoming nature of open source), the kinds of things hard to avoid in a modern OS, then your argument is less convincing. If what I've said sounds absurd or unsound, a calm reaction might be, "try building you own OS!" And I have tried, and it is not trivial. So I look for answers outside of that and of course OpenBSD is the smallest, strongest, most popular alternative (for people who seek a secure platform). And I ask simple (sometimes *too* simple!) questions, and get answers and move slowly forward. What I am trying to do (thank you Troy Martin), is work through the standard answers and missteps toward a more secure OS, starting with OpenBSD and a flashlight. It is my humble opinion that the optimal number of users for (say) a laptop is one. And the optimal number for a server is zero. I doubt many would agree with that assessment, but I'm looking for solutions, regardless. And yes I do respect the decades and megahours that have gone into Unix and OpenBSD, by people who are far superior to me intellectually. My flashlight is weak, but it still works. Thanks to all (Rodrigo, esp.) for helping me to see straighter. -Jim On Fri, May 10, 2019 at 11:52 AM Misc User wrote: > On 5/10/2019 1:28 AM, cho...@jtan.com wrote: > > Misc User writes: > >> It is theoretically possible to do that, but you'd have to do -a lot- > >> of work to get it to do so. It'd be much easier finding a proper > >> way to accomplish what you want without running single-user. > > > > I wouldn't recommend using single user mode to do anything other than > > repair but it's not true to say that doing so is a lot of work. /etc/rc > > is only ~600 lines and a lot of that is unnecessary if the server is > > going to run a single thing. In many cases you can probably get away > > with just mount/fsck/pfctl/netstart. > > > > There is actually no such thing as "single user mode". All there is is a > > kernel which hasn't done anything yet, and everything OpenBSD's does as > > it "enters multi-user mode" is described clearly and comprehensively in > > /etc/rc. Duplicating what little of it you want is, literally, as simple > > as copy-paste. > > > > Matthew > > > What I'm saying is that it would take far more work to get something > like httpd to run at that stage than it would take to make the changes > to a fully booted, and supportable, system. Making changes to rc is > going to force the system's operator to make adjustments at every > system upgrade. > > Besides, it is possible to build a very light-weight system to run a > single thing while still be secure and supportable. I have a VM > template (Wel, a sitexx.tgz file) that just contains an rc.conf.local, > a new crontab, a syslogd.conf, and a few trivial scripts. The system > weighs in at 8 MB of used RAM in normal operation and a load average of > zero. It is also trivial to upgrade, has all its protections, and I can > remotely monitor it. Took me two hours to build it, most of that spent > modifying copies of daily/weekly/monthly to output via syslog instead of > mail. > > > What I"m saying is that it takes less work overall to subtract from a > system in a supportable way than it is to try and handcraft an > unsupportable system. >
single user question
If the following questions trigger a sense of road rage, you may safely assume they are not directed to you. Is anyone running in single-user mode regularly? Is anyone running a web server, for instance, in single-user mode? Many thanks in advance. Shields up. -Jim
Re: Research and OpenBSD: How can I help?
Thank you, Mihai. I needed that. And honest, sincere thanks to Theo, for working hard, smart, and continuously for decades. You are unique. -Jim Huddle On Thu, Feb 21, 2019 at 8:31 AM Mihai Popescu wrote: > > Frankly, I'd settle for popping the BIOS out and replacing it > with a 1970's EPROM > > Good luck in gathering together 70's EPROM to match the today capacity > of a flash memory. > >
Re: Research and OpenBSD: How can I help?
>Curious as to what has been "started". Looks like nothing. Frankly, I'd settle for popping the BIOS out and replacing it with a 1970's EPROM, if I thought I could do that without melting everything. So, yeah. Nothing. Starting with nothing. Looks that way to me, too. On Thu, Feb 21, 2019 at 1:03 AM Frank Beuth wrote: > On Wed, Feb 20, 2019 at 09:16:04PM -0500, James Huddle wrote: > >Personally, I envision a sort of "open source BIOS" > >library in the distant future. Something we jack in on jtag > >if we have to. There is no harm in *starting.* Meanwhile, > >my super productive Dell laptop can't keep me from wondering > >what the SMM is doing during the SMI, while obsd or any other > >OS sleeps. > > There is Coreboot, but it's not a complete solution to the problem yet > - it does address SMM/SMI but as far as I can tell not necessarily on all > platforms, > - options for removing Intel ME/AMD PSP are limited, > - and of course it does not cover e.g onboad ARM coprocessors, embedded > controllers, keyboard controllers, hard disk controllers which may be > smart > enough to run a whole Linux kernel and edit your files behind your back > <http://spritesmods.com/?art=hddhack>, etc... >
Re: Research and OpenBSD: How can I help?
>An area that I am personally interested in is running >OpenBSD on fully open-source / binary-blob-free >hardware: hardware where there is no proprietary >firmware that could hide vendor backdoors, and >ideally where even the design of the chip is available >to the user for review. (Heck yes)^2 Of course this is hours of deep conversation away from something even approaching a realistic plan of attack; but Paul, with his embedded sys leanings might be in a good position to move things (slowly) forward. To the benefit of all computer security, everywhere. Personally, I envision a sort of "open source BIOS" library in the distant future. Something we jack in on jtag if we have to. There is no harm in *starting.* Meanwhile, my super productive Dell laptop can't keep me from wondering what the SMM is doing during the SMI, while obsd or any other OS sleeps. -x* every install. On Tue, Feb 19, 2019 at 9:36 PM Frank Beuth wrote: > On Thu, Feb 14, 2019 at 04:22:05AM +, Paul Swanson wrote: > >I have some general areas of interest, such as embedded > >computing, but nothing is set in stone yet, so I thought it'd > >be fun to hear from those in know about areas of priority need > >within the OpenBSD community. > > > >Are there particular problems that could benefit from new > >ideas or solutions? > > An area that I am personally interested in is running OpenBSD on fully > open-source / binary-blob-free hardware: hardware where there is no > proprietary > firmware that could hide vendor backdoors, and ideally where even the > design of > the chip is available to the user for review. > > The trouble is it's VERY hard to find "fully open" hardware, and the > hardware > which is known to exist (loongson, OpenPOWER, RISC V) is difficult to get, > expensive or not very good, and (except for loongson) not supported by > OpenBSD. > >
Re: wscons API question: input handling?
is ncurses too high-level for your needs? That might work. On Tue, Feb 19, 2019 at 1:27 PM Leonid Bobrov wrote: > On Tue, Feb 19, 2019 at 04:01:08PM +, tfrohw...@fastmail.com wrote: > > Is the package x11/xbindkeys what you are looking for? > > > > No, I need a direct access to keyboard outside X11. If I understand > wscons, I might help to port libinput to OpenBSD (and send patches to > upstream) to have usable Wayland compositors, but before I do that, I > need to start small. > >
