Re: Request for Funding our Electricity
El 20/12/2013, a las 18:08, Theo de Raadt dera...@cvs.openbsd.org escribió: I am resending this request for funding our electricity bills because it is not yet resolved. We really need even more funding beyond that, because otherwise all of this is simply unsustainable. This request is the smallest we can make. --- Hi everyone. The OpenBSD project uses a lot of electricity for running the development and build machines. A number of logistical reasons prevents us from moving the machines to another location which might offer space/power for free, so let's not allow the conversation to go that way. We are looking for a Canadian company who will take on our electrical expenses -- on their books, rather than on our books. We would be happiest to find someone who will do this on an annual recurring basis. That way the various OpenBSD efforts can be supported, yet written off as an off-site operations cost by such a company. If we reduce this cost, it will leave more money for other parts of the project. We think that a Canadian company is the best choice for accounting reasons. If a company in some other jurisdiction feels they can also do this successfully, we'd be very happy to hear from them as well. I am not going to disclose the actual numbers here. Please contact me for details if serious. Thanks. Well, we know that energy prices will continue to increase, not decrease, so this will be harder in the future. Whit this in mind, why not look for a strategy to save up on energy costs. Something like this: Through the history of openbsd there have been architectures in which more bugs have been found and some in which fewer bugs have appeared. Then maybe the number of bugs for an architecture can be matched to the power-on-time for the machines for that architecture. For example, if 1% of the total number of bugs in the history of openbsd have appeared on architecture x, then it's likely that it will continue to be so, then all the machines for that architecture should be powered on just 1% of the time. Then perform that analysis on all architectures to make a more better use of energy. And that's it.
Re: ZTE mf626 USB modem support
Descriptor: bLength 9 bDescriptorType 2 wTotalLength 25 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0x40 (Missing must-be-set bit!) Self Powered MaxPower0mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 9 Hub bInterfaceSubClass 0 Unused bInterfaceProtocol 0 Full speed (or root) hub iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes3 Transfer TypeInterrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 255 Hub Descriptor: bLength 9 bDescriptorType 41 nNbrPorts 2 wHubCharacteristic 0x000a No power switching (usb 1.0) Per-port overcurrent protection bPwrOn2PwrGood 50 * 2 milli seconds bHubContrCurrent 0 milli Ampere DeviceRemovable0x00 PortPwrCtrlMask0x00 Hub Port Status: Port 1: .0100 power Port 2: .0100 power Device Status: 0x0001 Self Powered 2013/2/28 Stuart Henderson s...@spacehopper.org: On 2013-02-28, Maximo Pech mak...@gmail.com wrote: The patch that Stuart provided worked for my ZTE MF668 device. I got this on dmesg: umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 umsm0 detached umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom0 at umsm0 umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom1 at umsm1 umsm2 at uhub0 port 3 configuration 1 interface 2 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom2 at umsm2 umsm3 at uhub0 port 3 configuration 1 interface 3 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 I think when it says umsm0 detached is when it does the mode switching because it didn't appear before and also the device takes a few seconds more to be ready. Thanks for all the help. Problem with this patch is that it breaks another device with the same vendor/product ID, ZTE K3565-Z.
Re: ZTE mf626 USB modem support
The patch that Stuart provided worked for my ZTE MF668 device. I got this on dmesg: umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 umsm0 detached umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom0 at umsm0 umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom1 at umsm1 umsm2 at uhub0 port 3 configuration 1 interface 2 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 ucom2 at umsm2 umsm3 at uhub0 port 3 configuration 1 interface 3 ZTE,Incorporated ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2 I think when it says umsm0 detached is when it does the mode switching because it didn't appear before and also the device takes a few seconds more to be ready. Thanks for all the help.
Re: announcing mdoc.su, short manual page URLs
Just used it, works fine and is easy to remember. El miércoles, 20 de febrero de 2013, Constantine A. Murenin escribió: Dear misc, www, I would like to announce and introduce URL:http://mdoc.su/, a deterministic URL shortener for BSD manual pages, written entirely in nginx.conf. It supports several addressing schemes, for example: http://mdoc.su/o/pf http://mdoc.su/o/pf.4 http://mdoc.su/o/4/pf http://mdoc.su/openbsd/pf http://mdoc.su/OpenBSD/pf http://mdoc.su/f/pf http://mdoc.su/n/pf http://mdoc.su/d/pf http://mdoc.su/o/sort.3p http://mdoc.su/o/intro.4.**macppc http://mdoc.su/o/intro.4.macppc http://mdoc.su/openbsd/macppc/**4/introhttp://mdoc.su/openbsd/macppc/4/intro Source code for the whole mdoc.su.nginx.conf is available at: https://github.com/cnst/mdoc.**su https://github.com/cnst/mdoc.su https://bitbucket.org/cnst/**mdoc.su https://bitbucket.org/cnst/mdoc.su Specifically, the following currently controls OpenBSD rewriting: location /OpenBSD { rewrite ^/OpenBSD(/.*)?$/o$1; } location /o { set $ob http://www.openbsd.org/cgi-** bin/man.cgi?query= http://www.openbsd.org/cgi-bin/man.cgi?query=; set $os sektion=; rewrite ^/openbsd(/.*)?$/.$1; rewrite ^/./([a-z]+[0-9]*[k]?)/([1-9]|**3p)/([^/]+)$ $ob$3$os$2arch=$1 redirect; rewrite ^/./([^/.]+)/([^/]+)$ $ob$2$os$1 redirect; rewrite ^/./([^/]+)\.([1-9]|3p)\.([a-**z]+[0-9]*[k]?)$ $ob$1$os$2arch=$3 redirect; rewrite ^/./([^/]+)\.([1-9]|3p)$$ob$1$os$2 redirect; rewrite ^/./([^/]+)$$ob$1$os redirect; rewrite ^/./?$ / last; return 404; } Translation: /OpenBSD and /openbsd get rewritten to /o internally, without any extra replies to the user, and then the rest of the URI is analysed, and a 302 Found redirect is finally issued to the user. (If you haven't yet noticed nginx in the base tree, here's your chance!) Pages like http://mdoc.su/o/ redirect to the main / page internally, without affecting the URL that's visible to the user, making it easier to keep a starting page specifically for one BSD. Questions, comments and suggestions are welcome. Available through IPv4 and IPv6. Enjoy! Cheers, Constantine.
Re: ZTE mf626 USB modem support
Finally I got it to work, but strangely my device comes up on /dev/cuaU1 not on /dev/cuaU0. Still have not tested the diff though. 2013/2/14 Maximo Pech mak...@gmail.com The AT command thing did the trick, now I have some trouble setting up ppp.conf, but I hope to get that sorted out. At this time I can't test the patch, but I promise to do it later. El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió: On Thu, February 14, 2013 06:24, Maximo Pech wrote: Hi list, I see this was asked before but never got solved, so I ask again. Has someone got this device working on openbsd? Is it supported? Thanks and regards. Hi. I plugged this modem on my Win7 notebook, installed software and drivers from it's internal cd and then connected with putty to it's second serial port (ZTE NMEA Device), whick answers on AT comand with OK. After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered Close autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage disappeared from my computer. Now I have in dmesg: umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm0: missing endpoint umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm1: missing endpoint umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus5 at umass0: 2 targets, initiator 0 sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct removable serial.19d20031567890ABCDEF umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 ucom0 at umsm2 At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT. I have no usable SIM for this provider-locked modem, so I can't fully test it. To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to modem with cu. I hope this will help.
Re: ZTE mf626 USB modem support
It turns out that my modem is not the ZTE MF626, it is in reality the ZTE MF668 and it works on /dev/cuaU1 2013/2/14 Kirill Bychkov ya...@linklevel.net On Thu, February 14, 2013 07:49, Kirill Bychkov wrote: On Thu, February 14, 2013 06:24, Maximo Pech wrote: Hi list, I see this was asked before but never got solved, so I ask again. Has someone got this device working on openbsd? Is it supported? Thanks and regards. Hi. I plugged this modem on my Win7 notebook, installed software and drivers from it's internal cd and then connected with putty to it's second serial port (ZTE NMEA Device), whick answers on AT comand with OK. After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered Close autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage disappeared from my computer. Now I have in dmesg: umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm0: missing endpoint umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm1: missing endpoint umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus5 at umass0: 2 targets, initiator 0 sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct removable serial.19d20031567890ABCDEF umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 ucom0 at umsm2 At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT. I have no usable SIM for this provider-locked modem, so I can't fully test it. To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to modem with cu. I hope this will help. My modem isn't provider-locked as I thought. Inserting another SIM helped to connect to ISP. I just copied /etc/ppp/ppp.conf.sample to /etc/ppp/ppp.conf, changed set device and allow user to reflect reality and just run 'ppp -ddial mobile' to connect. Patch adds mentioning MF626 support and gives clues how to handle such modems. OK? Comments? Index: umsm.4 === RCS file: /cvs/src/share/man/man4/umsm.4,v retrieving revision 1.87 diff -u -r1.87 umsm.4 --- umsm.4 4 Jan 2013 02:53:54 - 1.87 +++ umsm.4 14 Feb 2013 06:00:08 - @@ -111,6 +111,7 @@ .It Li ZTE AC2746 Ta USB .It Li ZTE MF112 Ta USB .It Li ZTE MF190 Ta USB +.It Li ZTE MF626 Ta USB .It Li ZTE MF633 Ta USB .It Li ZTE MF637 Ta USB .El @@ -167,6 +168,10 @@ on the third port, and after that the actual PPP connection comes up on the first port. The function of the second and fourth ports is unknown. +.Pp +Some modems require enabling modem mode with AT commands. +This can be configured on other OS after installation of +software shipped with modem. .Sh EXAMPLES An example .Pa /etc/ppp/ppp.conf
Re: ZTE mf626 USB modem support
The AT command thing did the trick, now I have some trouble setting up ppp.conf, but I hope to get that sorted out. At this time I can't test the patch, but I promise to do it later. El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió: On Thu, February 14, 2013 06:24, Maximo Pech wrote: Hi list, I see this was asked before but never got solved, so I ask again. Has someone got this device working on openbsd? Is it supported? Thanks and regards. Hi. I plugged this modem on my Win7 notebook, installed software and drivers from it's internal cd and then connected with putty to it's second serial port (ZTE NMEA Device), whick answers on AT comand with OK. After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered Close autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage disappeared from my computer. Now I have in dmesg: umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm0: missing endpoint umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umsm1: missing endpoint umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus5 at umass0: 2 targets, initiator 0 sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct removable serial.19d20031567890ABCDEF umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE CDMA Technologies MSM rev 2.00/0.00 addr 2 ucom0 at umsm2 At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT. I have no usable SIM for this provider-locked modem, so I can't fully test it. To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to modem with cu. I hope this will help.
ZTE mf626 USB modem support
Hi list, I see this was asked before but never got solved, so I ask again. Has someone got this device working on openbsd? Is it supported? Thanks and regards.
Re: bootable OpenBSD USB stick from windows?
I only have access to a windows machine to burn an iso image, do you know of an easy way (e.g. some windows programa) to create a bootable OpenBSD USB stick I think you should ask this on a windows-centric place.
Re: Legal Question: OpenBSD Spin-off
Well, installing openbsd is not what I'd call easy for people with few technical skills. Why not make it a live system that boots from cd/dvd/USB/sd with everything already configured and ready to run? El sábado, 9 de febrero de 2013, Crookedmaze escribió: On 02/09/2013 06:53 PM, Juan Francisco Cantero Hurtado wrote: On Sat, Feb 09, 2013 at 11:46:58AM -0600, Crookedmaze wrote: Hello Everyone!, I am creating an OpenBSD Spin-off and have a question about what the rules are regarding doing something like this. I have looked at the OpenBSD copyright page and it looks like doing so would be alright but I would like to be sure that what I am doing is alright. I do not necessarily aim to create a new OpenBSD based operating system what I plan to do is to create my own spin-off off OpenBSD that comes configured to function as a server for a game called Minecraft, and comes with things like OpenJDK (required to run Minecraft), but it will still be OpenBSD it will just have a slightly different default configuration. Would the people using my spin-off be allowed to use the OpenBSD package repositories to install packages and update them. What I am trying to do is setup an OpenBSD spin-off that is setup to be a secure Minecraft server, because right now many of the people who setup Minecraft servers in their home run their servers on their personal computers using Windows 7 or Vista and the server is usually running as the administrative user. So what I would like to do is distribute an OpenBSD Spin-off that is configured as a Minecraft server that these people who are not very skilled can use (It will be highly scripted and automated) and can run in Virtualbox or can be installed on a dedicated server, I know this won't be as secure as a managed server and I also know that security is a process not something you can download but my goal is to setup something that will hopefully be more secure than what most people are doing right now I am also doing this because hopefully if people were to start using my Spin-Off of OpenBSD then maybe more people will take an interest in OpenBSD. Please let me know if this would be an OK thing to do. Also feel free to comment on my idea and let me know what you think! P.S. This is the first time I have ever posted to the OpenBSD misc mailing list I have done my best to conform to the OpenBSD Mailing list Netiquette guidelines, but please let me know if I have done something incorrectly, Sincerely, Crookedmaze The licenses of OpenBSD *base* allow you to distribute appliances but you should check the licenses of each package included in your project. Cheers. Thanks for replying guys! Nicolai thank you for suggesting that I write a shell script instead I think that is a great idea and I think that is what I will do instead. Also Christopher now that I think about it I think the daemon actually runs as a reduced user, I think earlier I was thinking of the administrative user on Windows as the root user on BSD in that all programs launched as that user run as admin but now that I think about it I think in order to run a program as administrator you need to right click and click run as administrator. Stefan I was thinking about doing that but now I am leaning towards a shell script that configures the server how it needs to be configured (automatic updates chrooted sftp backup cronjobs etc.) I think this way it will be a lot simpler and easier to transfer between using my OpenBSD spin-off from release to release. Chris I have ended up deciding to distribute my spin off as a shell script that you can run post OpenBSD install so if you can install OpenBSD on a USB drive normally then you should be able to. Juan thanks for letting me know that I can redistribute*base* that will be good to know in the future. I would like to thank all of your for taking the time to reply to my question.
Re: UNIX A to Z List RFC
I'm more interested in the story of how the 5yo became openbsd obsessed. El sábado, 2 de febrero de 2013, Chris Hettrick escribió: Hi Misc, I made a list of the most classical UNIX commands / utilities from section one where there is only one per letter of the english alphabet (it's for my OpenBSD obsessed five year old son :) ). I know that this subject is very personal and steeped in tradition and history, so I was looking for your opinions and suggestions. A quick note about the list: some hard choices were made concerning letters such as c, p, m, etc. For instance, kill(1) is not included for two reasons: it is included in the shell, and it needs ps(1) to be properly used (which conflicts with pwd(1) which I think is _more_ useful for a UNIX beginner). mv(1) was not included because a cp(1) and rm(1) can suffice. This is the list: awk bc cp date echo find grep head id jot ksh (as a superset of sh) ls more nc od pwd quota rm sort tail uniq vi wc xargs yes zcat Any opinions, suggestions? Thanks! Chris
OT using absolute paths in scripts
At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this?
Re: Running OpenBSD on Raspberry Pi
Hi, I wonder if it's possible to run OpenBSD on Raspberry Pi. Is there any image ready for putting on my SD card and boot up? If not, is there any manual or guide how to make one? Thanks. I've been doing some research and there is a number of things that openbsd needs to support the raspberry pi on a fully functional way. At least those thing are: - Support for armv6 CPUs - Something like the Linux frambuffer - A driver for the video chip that uses that frame buffer-like layer - Kernel mode setting - Some specific drivers like that vchiq thing. That one is dual licensed bsd/gpl so maybe it can be ported more easily. AFAIK those are not implemented on openbsd, some of them are worked on and for some the are no plans. So it is not a trivial task.
Re: List of all software present on OpenBSD 5.2
Openbsd tar is not the same as gnu tar. You can think of the tar version in openbsd simply as the tar of openbsd 5.2. Because openbsd isn't assembled from pieces like other operating systems it doesn't make much sense to have independent version numbers for each utility. El miércoles, 26 de diciembre de 2012, Live user escribió: On 26/12/2012 16:57, Peter N. M. Hansteen wrote: install52.iso is simply the install medium. To take a peek inside, mount the iso, cd into it and do something like I see, but any chance to know what version of 'tar' is included in base52.tgz? I guess, like all operating systems, OpenBSD uses versioning for its software, or is just a continuous snapshotting system where there are no versions?
Re: hostname.if(5) man page
So... what do you think about this? I believe adding this could improve documentation a bit, and it is not hard to do, just add two lines to the man page, but maybe I'm missing something... 2012/12/25 Maximo Pech mak...@gmail.com Looking at the man page of hostname.if(5) I noticed that there isn't a FILES section. It may not be obvious to everyone that those files should be located in /etc.
hostname.if(5) man page
Looking at the man page of hostname.if(5) I noticed that there isn't a FILES section. It may not be obvious to everyone that those files should be located in /etc.
Re: AR9485WB-EG libre port
2012/12/15 Tobias Ulmer tobi...@tmux.org On Fri, Dec 14, 2012 at 10:12:48PM -0600, Maximo Pech wrote: Shut up and show us the code. Some people have earned the right to reply like this, others have not. Which one is it in your case? My case is that I don't have earned the right to reply like that, but that my answer seems to be right and I have some (weird if you like) sense of humor. Tobias PS: Aren't you the guy who thinks PGP is essential in base, but can't code? Yes, that's me :-) Please let's keep this on topic.
Re: KSH command logged to syslog
And why not tweak it to disable the ability to disable the log functionality? 2012/12/15 Jiri B ji...@devio.us On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote: Why not use something like gnu screen or tmux (if it offers the log session funcionality)? Because it is under controle or the user and he/she can disable such funcionality. jirib
Re: KSH command logged to syslog
I have found another possible solution, you can use script(1), calling it from the .profile of the user, with a line like this at the end of such file: exec script Then you change the permissions of the .profile so that the user cannot change it. You could also set the output file for script(1) to a file located on a directory with the sticky(8) bit activated so the user cannot delete the log file of the session but is able to write to it. 2012/12/15 Jiri B ji...@devio.us On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote: Why not use something like gnu screen or tmux (if it offers the log session funcionality)? Because it is under controle or the user and he/she can disable such funcionality. jirib
Re: AR9485WB-EG libre port
Shut up and show us the code. 2012/12/14 Sha'ul sh...@lavabit.com The driver for AR9485 seems to be fully function in libre Linux from what I've tried, don't need the vanilla Linux version for at least the wifi to work. Would it not be possible to thereby port over the libre linux driver version to get some kind of code going to start hacking on to support wifi?
Re: BSD licensed gnupg replacement question
2012/12/9 Nico Kadel-Garcia nka...@gmail.com On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio ch...@nmedia.net wrote: Maximo Pech [mak...@gmail.com] wrote: I said I can't code that. If you already knew the answer was write it, then you asked the wrong question. I already knew an answer (not the only one) could be write it. I know that gnupg is in the ports tree, but it just seems strange to me that it isn't on the base system, because for me it sounds logical that if one of the key points of openbsd is cryptography, it would have a bsd tool like gnupg. The netpgp thing looks very cool, I didn't know about it. Do you have any idea how abusrd this is? No I don't, if you don't mind please explain why that's absurd. So my question is why there isn't a tool like that on base, I'm asking out of curiosity, maybe some historical, reason, technical... I'm not trying to point this as a fault, I just want to understand better the fact that gnupg or a bsd licensed equivalent isn't in the base system. The original PGP program was mostly public domain. As time went on, it went to a highly restrictive license. GnuPG, and later, NetPGP represent the people who had desires to fix that problem. If you want to do it again, nobody will stop you. OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality and licensing problems in those areas. OpenSSH is still the gold standard, OCF/IPsec, maybe not. PGP worked, was public domain, encrypts files, and solved one problem. Network layer encryption is an entirely different, and for many, a much more important problem. That's completely subjective and also it is a problem that has more work behind than the problem I think there is with the non existence of bsd tools like gnupg on *base* not on ports and not openssl. What I say is simply that it would be cool if by default on the *base* system OpenBSD had a tool called opgp, opengp, puffypg or whatever, to encrypt files like gnupg does and I was wondering why it does not exist if OpenBSD cares a lot about cryptography. Well, with the information you have given me so far, I think the answer is something like nobody has written it because we have more important things to do and nobody believes there is a real need for that. Am I right?
Re: BSD licensed gnupg replacement question
I said I can't code that. I know that gnupg is in the ports tree, but it just seems strange to me that it isn't on the base system, because for me it sounds logical that if one of the key points of openbsd is cryptography, it would have a bsd tool like gnupg. The netpgp thing looks very cool, I didn't know about it. So my question is why there isn't a tool like that on base, I'm asking out of curiosity, maybe some historical, reason, technical... I'm not trying to point this as a fault, I just want to understand better the fact that gnupg or a bsd licensed equivalent isn't in the base system. El jueves, 6 de diciembre de 2012, Martin Schröder escribió: 2012/12/6 Maximo Pech mak...@gmail.com javascript:;: I'd like to know your thoughts about this. Shut up and show us your code.
BSD licensed gnupg replacement question
It's incredible for me that OpenBSD, an operating system that claims to have integrated cryptography (yes I know that the cryptography is on the core OS layers) doesn't have in the base system a tool like gnupg, and even more incredible, that there isn't a single production ready, gnupg-like, BSD licensed tool out there (I don't have the skills and time to program one myself). I'd like to know your thoughts about this.
Re: i386 or amd64?
2011/8/5 System Administrator ad...@bitwise.net Looking to build a firewall for a fairly busy (25+mb) site. Hardware is Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software is primarily pf(4) and relayd(8). Not so long ago the recommendation was to use the i386 build for a slight perfomance and stability benefit. Is that still the case? What are the advantages and shortcomings of amd64? Thanks in advance. Ask the guys at devio.us ;-)
Re: Limit number of login sessions
Some friends you have... ps aux | grep sshd | grep priv | awk '{print $12}' | sort | uniq -c Tell your friends if their number ever gets bigger than 2, they're no longer your friends. A few more minutes of scripting and you'll have something to run in cron that deletes their account. That one sounds good.
Re: Limit number of login sessions
would you not be better to use ALTQ to limit the bandwidth available to each user? then if they share their password their only sharing their own use? Users are not in my local network. They will connect from the internet and they have dynamic IPs so I guess that wouldn't work because altq can limit bandwidth based on IP address, not on user names. if not then i'd suggest you create a BSD auth module for processing the login sessions and add a 'login-max' capability. What kind of module? a kernel module?
Re: Limit number of login sessions
Please describe this situation some more. What does 'sharing a ssh tunnel' mean? Once a ssh tunnel is established, it just tunnels between two points, nobody needs to login anywhere then to 'use' it. It means that I use my computer on a home adsl connection as a ssh tunnel and that I let some friends use it as well but I don't want them to abuse. What we are doing is connecting to the ssh server with some ssh client, it creates a socks proxy on our local computers, we configure our programs to connect to the local proxy and everything is forwarded trough the ssh tunnel. I mean, I don't know if there's another way to do it without having to login in the ssh server. This sounds like an obfuscated utmp(5) Yeah, utmp sounds useful for this.
Re: Limit number of login sessions
Well I guess I will have to resolve this by coding something. What do you think about this: There will be a daemon that has a list of logged users. When a user logs in a small program is launched that tell the daemon the user has logged in. The daemon looks for the user in the list of users, If the user is there it tells the program launched before to unlogin the user. If the user isn't there the daemon adds it to the list of users and a thread is created, this will check every x time if the user is still logged in. if it isn't, it deletes the user from the logged users lists and terminates. 2008/9/22 Maximo Pech [EMAIL PROTECTED] This will be a ssh tunnel, I want to share it with a few friends, but I don't want them sharing it with someone else because if a lot of people start using it my upload bandwidth will suffer. It's very easy for them giving away their user/password to someone else, then those give the password to someone else... suddenly you have 20 ssh connections when you intended to have only 5. 2008/9/22 Jan Stary [EMAIL PROTECTED] On Sep 20 21:16:58, Maximo Pech wrote: Hi I'm looking for a way to configure a limit for the maximum number of simultaneous login sessions for a user. I want to do this for preventing users to create multiple ssh sessions. why?
Limit number of login sessions
Hi I'm looking for a way to configure a limit for the maximum number of simultaneous login sessions for a user. I want to do this for preventing users to create multiple ssh sessions. I think something similar can be done trough pf, but that's not the approach I'm looking for.