Re: Request for Funding our Electricity

[Maximo Pech]

 El 20/12/2013, a las 18:08, Theo de Raadt dera...@cvs.openbsd.org escribió:
 
 I am resending this request for funding our electricity bills because
 it is not yet resolved.
 
 We really need even more funding beyond that, because otherwise all of
 this is simply unsustainable.  This request is the smallest we can
 make.
 
 ---
 
 Hi everyone.
 
 The OpenBSD project uses a lot of electricity for running the
 development and build machines.  A number of logistical reasons
 prevents us from moving the machines to another location which might
 offer space/power for free, so let's not allow the conversation to go
 that way.
 
 We are looking for a Canadian company who will take on our electrical
 expenses -- on their books, rather than on our books.  We would be
 happiest to find someone who will do this on an annual recurring
 basis.
 
 That way the various OpenBSD efforts can be supported, yet written off
 as an off-site operations cost by such a company.  If we reduce this
 cost, it will leave more money for other parts of the project.
 
 We think that a Canadian company is the best choice for accounting
 reasons.  If a company in some other jurisdiction feels they can also
 do this successfully, we'd be very happy to hear from them as well.
 
 I am not going to disclose the actual numbers here.  Please contact me
 for details if serious.
 
 Thanks.

Well, we know that energy prices will continue to increase, not decrease, so 
this will be harder in the future. 

Whit this in mind, why not look for a strategy to save up on energy costs. 
Something like this:

Through the history of openbsd there have been architectures in which more bugs 
have been found and some in which fewer bugs have appeared.

Then maybe the number of bugs for an architecture can be matched to the 
power-on-time for the machines for that architecture.

For example, if 1% of the total number of bugs in the history of openbsd have 
appeared on architecture x, then it's likely that it will continue to be so, 
then all the machines for that architecture should be powered on just 1% of the 
time.

Then perform that analysis on all architectures to make a more better use of 
energy. And that's it.

Re: ZTE mf626 USB modem support

[Maximo Pech]

 Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   25
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0
bmAttributes 0x40
  (Missing must-be-set bit!)
  Self Powered
MaxPower0mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   1
  bInterfaceClass 9 Hub
  bInterfaceSubClass  0 Unused
  bInterfaceProtocol  0 Full speed (or root) hub
  iInterface  0
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81  EP 1 IN
bmAttributes3
  Transfer TypeInterrupt
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0008  1x 8 bytes
bInterval 255
Hub Descriptor:
  bLength   9
  bDescriptorType  41
  nNbrPorts 2
  wHubCharacteristic 0x000a
No power switching (usb 1.0)
Per-port overcurrent protection
  bPwrOn2PwrGood   50 * 2 milli seconds
  bHubContrCurrent  0 milli Ampere
  DeviceRemovable0x00
  PortPwrCtrlMask0x00
 Hub Port Status:
   Port 1: .0100 power
   Port 2: .0100 power
Device Status: 0x0001
  Self Powered



2013/2/28 Stuart Henderson s...@spacehopper.org:
 On 2013-02-28, Maximo Pech mak...@gmail.com wrote:
 The patch that Stuart provided worked for my ZTE MF668 device.

 I got this on dmesg:

 umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated
 ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
 umsm0 detached
 umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated
 ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
 ucom0 at umsm0
 umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE,Incorporated
 ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
 ucom1 at umsm1
 umsm2 at uhub0 port 3 configuration 1 interface 2 ZTE,Incorporated
 ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
 ucom2 at umsm2
 umsm3 at uhub0 port 3 configuration 1 interface 3 ZTE,Incorporated
 ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2

 I think when it says umsm0 detached is when it does the mode
 switching because it didn't appear before and also the device takes a
 few seconds more to be ready.

 Thanks for all the help.



 Problem with this patch is that it breaks another device with the
 same vendor/product ID, ZTE K3565-Z.

Re: ZTE mf626 USB modem support

[Maximo Pech]

The patch that Stuart provided worked for my ZTE MF668 device.

I got this on dmesg:

umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated
ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
umsm0 detached
umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE,Incorporated
ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
ucom0 at umsm0
umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE,Incorporated
ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
ucom1 at umsm1
umsm2 at uhub0 port 3 configuration 1 interface 2 ZTE,Incorporated
ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2
ucom2 at umsm2
umsm3 at uhub0 port 3 configuration 1 interface 3 ZTE,Incorporated
ZTE HSPA Technologies MSM rev 2.00/0.00 addr 2

I think when it says umsm0 detached is when it does the mode
switching because it didn't appear before and also the device takes a
few seconds more to be ready.

Thanks for all the help.

Re: announcing mdoc.su, short manual page URLs

[Maximo Pech]

Just used it, works fine and is easy to remember.

El miércoles, 20 de febrero de 2013, Constantine A. Murenin escribió:

 Dear misc, www,

 I would like to announce and introduce URL:http://mdoc.su/, a
 deterministic URL shortener for BSD manual pages, written entirely in
 nginx.conf.

 It supports several addressing schemes, for example:

  http://mdoc.su/o/pf
  http://mdoc.su/o/pf.4
  http://mdoc.su/o/4/pf
  http://mdoc.su/openbsd/pf
  http://mdoc.su/OpenBSD/pf

  http://mdoc.su/f/pf
  http://mdoc.su/n/pf
  http://mdoc.su/d/pf

  http://mdoc.su/o/sort.3p

  http://mdoc.su/o/intro.4.**macppc http://mdoc.su/o/intro.4.macppc

http://mdoc.su/openbsd/macppc/**4/introhttp://mdoc.su/openbsd/macppc/4/intro


 Source code for the whole mdoc.su.nginx.conf is available at:

  https://github.com/cnst/mdoc.**su https://github.com/cnst/mdoc.su
  https://bitbucket.org/cnst/**mdoc.su https://bitbucket.org/cnst/mdoc.su

 Specifically, the following currently controls OpenBSD rewriting:

 location /OpenBSD { rewrite ^/OpenBSD(/.*)?$/o$1;   }
 location /o {
 set $ob http://www.openbsd.org/cgi-**
 bin/man.cgi?query= http://www.openbsd.org/cgi-bin/man.cgi?query=;
 set $os sektion=;
 rewrite ^/openbsd(/.*)?$/.$1;
 rewrite ^/./([a-z]+[0-9]*[k]?)/([1-9]|**3p)/([^/]+)$
  $ob$3$os$2arch=$1  redirect;
 rewrite ^/./([^/.]+)/([^/]+)$   $ob$2$os$1
  redirect;
 rewrite ^/./([^/]+)\.([1-9]|3p)\.([a-**z]+[0-9]*[k]?)$
  $ob$1$os$2arch=$3  redirect;
 rewrite ^/./([^/]+)\.([1-9]|3p)$$ob$1$os$2
  redirect;
 rewrite ^/./([^/]+)$$ob$1$os
  redirect;
 rewrite ^/./?$  /   last;
 return  404;
 }

 Translation: /OpenBSD and /openbsd get rewritten to /o internally,
 without any extra replies to the user, and then the rest of the URI is
 analysed, and a 302 Found redirect is finally issued to the user.  (If
 you haven't yet noticed nginx in the base tree, here's your chance!)

 Pages like http://mdoc.su/o/ redirect to the main / page internally,
 without affecting the URL that's visible to the user, making it easier to
 keep a starting page specifically for one BSD.

 Questions, comments and suggestions are welcome.  Available through IPv4
 and IPv6.  Enjoy!

 Cheers,
 Constantine.

Re: ZTE mf626 USB modem support

[Maximo Pech]

Finally I got it to work, but strangely my device comes up on /dev/cuaU1
not on /dev/cuaU0. Still have not tested the diff though.

2013/2/14 Maximo Pech mak...@gmail.com

 The AT command thing did the trick, now I have some trouble setting up
 ppp.conf, but I hope to get that sorted out.

 At this time I can't test the patch, but I promise to do it later.

 El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió:

 On Thu, February 14, 2013 06:24, Maximo Pech wrote:
  Hi list, I see this was asked before but never got solved, so I ask
 again.
 
  Has someone got this device working on openbsd? Is it supported?
 
  Thanks and regards.
 
 
 Hi. I plugged this modem on my Win7 notebook, installed software and
 drivers
 from it's internal cd and then connected with putty to it's second
 serial
 port (ZTE NMEA Device), whick answers on AT comand with OK.
 After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
 Close
 autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage
 disappeared
 from my computer.
 Now I have in dmesg:
 umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umsm0: missing endpoint
 umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umsm1: missing endpoint
 umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umass0: using SCSI over Bulk-Only
 scsibus5 at umass0: 2 targets, initiator 0
 sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct
 removable
 serial.19d20031567890ABCDEF
 umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 ucom0 at umsm2

 At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
 I have no usable SIM for this provider-locked modem, so I can't fully
 test it.

 To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to
 modem with cu.
 I hope this will help.

Re: ZTE mf626 USB modem support

[Maximo Pech]

It turns out that my modem is not the ZTE MF626, it is in reality the ZTE
MF668 and it works on /dev/cuaU1

2013/2/14 Kirill Bychkov ya...@linklevel.net

 On Thu, February 14, 2013 07:49, Kirill Bychkov wrote:
  On Thu, February 14, 2013 06:24, Maximo Pech wrote:
  Hi list, I see this was asked before but never got solved, so I ask
 again.
 
  Has someone got this device working on openbsd? Is it supported?
 
  Thanks and regards.
 
 
  Hi. I plugged this modem on my Win7 notebook, installed software and
 drivers
  from it's internal cd and then connected with putty to it's second
 serial
  port (ZTE NMEA Device), whick answers on AT comand with OK.
  After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
 Close
  autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage
 disappeared
  from my computer.
  Now I have in dmesg:
  umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE
 CDMA
  Technologies MSM rev 2.00/0.00 addr 2
  umsm0: missing endpoint
  umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE
 CDMA
  Technologies MSM rev 2.00/0.00 addr 2
  umsm1: missing endpoint
  umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated
 ZTE CDMA
  Technologies MSM rev 2.00/0.00 addr 2
  umass0: using SCSI over Bulk-Only
  scsibus5 at umass0: 2 targets, initiator 0
  sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct
 removable
  serial.19d20031567890ABCDEF
  umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE
 CDMA
  Technologies MSM rev 2.00/0.00 addr 2
  ucom0 at umsm2
 
  At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
  I have no usable SIM for this provider-locked modem, so I can't fully
 test it.
 
  To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to
  modem with cu.
  I hope this will help.
 

 My modem isn't provider-locked as I thought. Inserting another SIM helped
 to
 connect to ISP.
 I just copied /etc/ppp/ppp.conf.sample to /etc/ppp/ppp.conf, changed set
 device and allow user to reflect reality and just run 'ppp -ddial
 mobile'
 to connect.

 Patch adds mentioning MF626 support and gives clues how to handle such
 modems.
 OK? Comments?

 Index: umsm.4
 ===
 RCS file: /cvs/src/share/man/man4/umsm.4,v
 retrieving revision 1.87
 diff -u -r1.87 umsm.4
 --- umsm.4  4 Jan 2013 02:53:54 -   1.87
 +++ umsm.4  14 Feb 2013 06:00:08 -
 @@ -111,6 +111,7 @@
  .It Li ZTE AC2746 Ta USB
  .It Li ZTE MF112 Ta USB
  .It Li ZTE MF190 Ta USB
 +.It Li ZTE MF626 Ta USB
  .It Li ZTE MF633 Ta USB
  .It Li ZTE MF637 Ta USB
  .El
 @@ -167,6 +168,10 @@
  on the third port, and after that the actual PPP connection comes
  up on the first port.
  The function of the second and fourth ports is unknown.
 +.Pp
 +Some modems require enabling modem mode with AT commands.
 +This can be configured on other OS after installation of
 +software shipped with modem.
  .Sh EXAMPLES
  An example
  .Pa /etc/ppp/ppp.conf

Re: ZTE mf626 USB modem support

[Maximo Pech]

The AT command thing did the trick, now I have some trouble setting up
ppp.conf, but I hope to get that sorted out.

At this time I can't test the patch, but I promise to do it later.

El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió:

 On Thu, February 14, 2013 06:24, Maximo Pech wrote:
  Hi list, I see this was asked before but never got solved, so I ask
 again.
 
  Has someone got this device working on openbsd? Is it supported?
 
  Thanks and regards.
 
 
 Hi. I plugged this modem on my Win7 notebook, installed software and
 drivers
 from it's internal cd and then connected with putty to it's second serial
 port (ZTE NMEA Device), whick answers on AT comand with OK.
 After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
 Close
 autorun state result (0:FAIL 1^:SUCCESS):1 and modem's storage disappeared
 from my computer.
 Now I have in dmesg:
 umsm0 at uhub0 port 3 configuration 1 interface 0 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umsm0: missing endpoint
 umsm1 at uhub0 port 3 configuration 1 interface 1 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umsm1: missing endpoint
 umass0 at uhub0 port 3 configuration 1 interface 2 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 umass0: using SCSI over Bulk-Only
 scsibus5 at umass0: 2 targets, initiator 0
 sd3 at scsibus5 targ 1 lun 0: ZTE, MMC Storage, 322 SCSI2 0/direct
 removable
 serial.19d20031567890ABCDEF
 umsm2 at uhub0 port 3 configuration 1 interface 3 ZTE, Incorporated ZTE
 CDMA
 Technologies MSM rev 2.00/0.00 addr 2
 ucom0 at umsm2

 At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
 I have no usable SIM for this provider-locked modem, so I can't fully test
 it.

 To backout modem to default windoze-compatible mode send AT+ZCDRUN=9 to
 modem with cu.
 I hope this will help.

ZTE mf626 USB modem support

[Maximo Pech]

Hi list, I see this was asked before but never got solved, so I ask again.

Has someone got this device working on openbsd? Is it supported?

Thanks and regards.

Re: bootable OpenBSD USB stick from windows?

[Maximo Pech]

 I only have access to a windows machine to burn an iso image, do you
 know of an easy way (e.g. some windows programa) to create a bootable
 OpenBSD USB stick


I think you should ask this on a windows-centric place.

Re: Legal Question: OpenBSD Spin-off

[Maximo Pech]

Well, installing openbsd is not what I'd call easy for people with few
technical skills.

Why not make it a live system that boots from cd/dvd/USB/sd with everything
already configured and ready to run?

El sábado, 9 de febrero de 2013, Crookedmaze escribió:

 On 02/09/2013 06:53 PM, Juan Francisco Cantero Hurtado wrote:

 On Sat, Feb 09, 2013 at 11:46:58AM -0600, Crookedmaze wrote:


 Hello Everyone!,

  I am creating an OpenBSD Spin-off and have a question about what the
 rules are regarding doing something like this. I have looked at the
 OpenBSD copyright page and it looks like doing so would be alright
 but I would like to be sure that what I am doing is alright. I
 do not necessarily aim to create a new OpenBSD based operating system
 what I plan to do is to create my own spin-off off OpenBSD that comes
 configured to function as a server for a game called Minecraft,
 and comes with things like OpenJDK (required to run Minecraft), but it
 will still be OpenBSD it will just have a slightly different default
 configuration. Would the people using my spin-off be allowed to use
 the OpenBSD package repositories to install packages and update them.
 What I am trying to do is setup an OpenBSD spin-off that is setup to be a
 secure Minecraft server, because right now many of the people who setup
 Minecraft servers in their home run their servers on their personal
 computers using Windows 7 or Vista and the server is usually running
 as the administrative user. So what I would like to do is distribute
 an OpenBSD Spin-off that is configured as a Minecraft server
 that these people who are not very skilled can use (It will be highly
 scripted and automated) and can run in Virtualbox or can be installed
 on a dedicated server, I know this won't be as secure as a managed
 server and I also know that security is a process not something you can
 download but my goal is to setup something that will hopefully be more
 secure than what most people are doing right now I am also doing this
 because hopefully if people were to start using my Spin-Off of OpenBSD
 then maybe more people will take an interest in OpenBSD.
 Please let me know if this would be an OK thing to do. Also
 feel free to comment on my idea and let me know what you think!

 P.S. This is the first time I have ever posted to the OpenBSD misc
 mailing list I have done my best to conform to the OpenBSD Mailing list
 Netiquette guidelines, but please let me know if I have
 done something incorrectly,

 Sincerely,
 Crookedmaze


 The licenses of OpenBSD *base* allow you to distribute appliances but
 you should check the licenses of each package included in your project.

 Cheers.

 Thanks for replying guys! Nicolai thank you for suggesting that I write
 a shell script instead I think that is a great idea and I think that is
 what I will do instead. Also Christopher now that I think about it I
 think the daemon actually runs as a reduced user, I think earlier I was
 thinking of the administrative user on Windows as the root user on BSD
 in that all programs launched as that user run as admin but now that
 I think about it I think in order to run a program as administrator
 you need to right click and click run as administrator. Stefan I was
 thinking about doing that but now I am leaning towards a shell script
 that configures the server how it needs to be configured
 (automatic updates chrooted sftp backup cronjobs etc.) I think this way
 it will be a lot simpler and easier to transfer between using my OpenBSD
 spin-off from release to release. Chris I have ended up deciding to
 distribute my spin off as a shell script that you can run post OpenBSD
 install so if you can install OpenBSD on a USB drive normally then
 you should be able to. Juan thanks for letting me know that I can
 redistribute*base*  that will be good to know in the future.
 I would like to thank all of your for taking the time
 to reply to my question.

Re: UNIX A to Z List RFC

[Maximo Pech]

I'm more interested in the story of how the 5yo became openbsd obsessed.

El sábado, 2 de febrero de 2013, Chris Hettrick escribió:

 Hi Misc,

 I made a list of the most classical UNIX commands / utilities from section
 one where there is only one per letter of the english alphabet (it's for my
 OpenBSD obsessed five year old son :) ). I know that this subject is very
 personal and steeped in tradition and history, so I was looking for your
 opinions and suggestions.
 A quick note about the list: some hard choices were made concerning
 letters such as c, p, m, etc. For instance, kill(1) is not included for two
 reasons: it is included in the shell, and it needs ps(1) to be properly
 used (which conflicts with pwd(1) which I think is _more_ useful for a UNIX
 beginner). mv(1) was not included because a cp(1) and rm(1) can suffice.

 This is the list:

 awk
 bc
 cp
 date
 echo
 find
 grep
 head
 id
 jot
 ksh (as a superset of sh)
 ls
 more
 nc
 od
 pwd
 quota
 rm
 sort
 tail
 uniq
 vi
 wc
 xargs
 yes
 zcat

 Any opinions, suggestions?
 Thanks!

 Chris

OT using absolute paths in scripts

[Maximo Pech]

At work, we have an information security area for IT.

They mandate that on all shell scripts we have to use absolute paths for
every single command.

I feel that this does not provide real security and only makes scripts
somewhat more painful to write.

What's your opinion on this?

Re: Running OpenBSD on Raspberry Pi

[Maximo Pech]

 Hi, I wonder if it's possible to run OpenBSD on Raspberry Pi.

 Is there any image ready for putting on my SD card and boot up? If not, is
 there any manual or guide how to make one?

 Thanks.


I've been doing some research and there is a number of things that openbsd
needs to support the raspberry pi on a fully functional way.

At least those thing are:

- Support for armv6 CPUs
- Something like the Linux frambuffer
-  A driver for the video chip that uses that frame buffer-like layer
- Kernel mode setting
- Some specific drivers like that vchiq thing. That one is dual licensed
bsd/gpl so maybe it can be ported more easily.

AFAIK those are not implemented on openbsd, some of them are worked on and
for some the are no plans.

So it is not a trivial task.

Re: List of all software present on OpenBSD 5.2

[Maximo Pech]

Openbsd tar is not the same as gnu tar. You can think of the tar version in
openbsd simply as the tar of openbsd 5.2.

Because openbsd isn't assembled from pieces like other operating systems it
doesn't make much sense to have independent version numbers for each
utility.

El miércoles, 26 de diciembre de 2012, Live user escribió:

 On 26/12/2012 16:57, Peter N. M. Hansteen wrote:

 install52.iso is simply the install medium. To take a peek inside, mount
 the iso, cd into it and do something like


 I see, but any chance to know what version of 'tar' is included in
 base52.tgz? I guess, like all operating systems, OpenBSD uses versioning
 for its software, or is just a continuous snapshotting system where there
 are no versions?

Re: hostname.if(5) man page

[Maximo Pech]

So... what do you think about this? I believe adding this could improve
documentation a bit, and it is not hard to do, just add two lines to the
man page, but maybe I'm missing something...

2012/12/25 Maximo Pech mak...@gmail.com

 Looking at the man page of hostname.if(5) I noticed that there isn't a
 FILES section.

 It may not be obvious to everyone that those files should be located in
 /etc.

hostname.if(5) man page

[Maximo Pech]

Looking at the man page of hostname.if(5) I noticed that there isn't a
FILES section.

It may not be obvious to everyone that those files should be located in
/etc.

Re: AR9485WB-EG libre port

[Maximo Pech]

2012/12/15 Tobias Ulmer tobi...@tmux.org

 On Fri, Dec 14, 2012 at 10:12:48PM -0600, Maximo Pech wrote:
  Shut up and show us the code.

 Some people have earned the right to reply like this, others have not.
 Which one is it in your case?


My case is that I don't have earned the right to reply like that, but
that my answer seems to be right and I have some (weird if you like) sense
of humor.


 Tobias

 PS: Aren't you the guy who thinks PGP is essential in base, but can't
 code?


Yes, that's me :-)

Please let's keep this on topic.

Re: KSH command logged to syslog

[Maximo Pech]

And why not tweak it to disable the ability to disable the log
functionality?

2012/12/15 Jiri B ji...@devio.us

 On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote:
  Why not use something like gnu screen or tmux (if it offers the log
 session
  funcionality)?

 Because it is under controle or the user and he/she can disable
 such funcionality.

 jirib

Re: KSH command logged to syslog

[Maximo Pech]

I have found another possible solution, you can use script(1), calling it
from the .profile of the user, with a line like this at the end of such
file:

exec script

Then you change the permissions of the .profile so that the user cannot
change it. You could also set the output file for script(1) to a file
located on a directory with the sticky(8) bit activated so the user cannot
delete the log file of the session but is able to write to it.

2012/12/15 Jiri B ji...@devio.us

 On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote:
  Why not use something like gnu screen or tmux (if it offers the log
 session
  funcionality)?

 Because it is under controle or the user and he/she can disable
 such funcionality.

 jirib

Re: AR9485WB-EG libre port

[Maximo Pech]

Shut up and show us the code.

2012/12/14 Sha'ul sh...@lavabit.com

 The driver for AR9485 seems to be fully function in libre Linux from what
 I've tried, don't need the vanilla Linux version for at least the wifi to
 work. Would it not be possible to thereby port over the libre linux driver
 version to get some kind of code going to start hacking on to support wifi?

Re: BSD licensed gnupg replacement question

[Maximo Pech]

2012/12/9 Nico Kadel-Garcia nka...@gmail.com

 On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio ch...@nmedia.net wrote:
  Maximo Pech [mak...@gmail.com] wrote:
  I said I can't code that.
 
  If you already knew the answer was write it, then you asked the wrong
  question.


I already knew an answer (not the only one) could be write it.


 
  I know that gnupg is in the ports tree, but it
  just seems strange to me that it isn't on the base system, because for
 me
  it sounds logical that if one of the key points of openbsd is
 cryptography,
  it would have a bsd tool like gnupg. The netpgp thing looks very cool, I
  didn't know about it.
 
 
  Do you have any idea how abusrd this is?
 


No I don't, if you don't mind please explain why that's absurd.


  So my question is why there isn't a tool like that on base, I'm asking
 out
  of curiosity, maybe some historical, reason, technical... I'm not
 trying to
  point this as a fault, I just want to understand better the fact that
 gnupg
  or a bsd licensed equivalent isn't in the base system.
 
 
  The original PGP program was mostly public domain. As time went on, it
 went to a
  highly restrictive license. GnuPG, and later, NetPGP represent the
 people who
  had desires to fix that problem. If you want to do it again, nobody will
 stop you.
 
  OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality
 and
  licensing problems in those areas. OpenSSH is still the gold standard,
 OCF/IPsec,
  maybe not. PGP worked, was public domain, encrypts files, and solved one
 problem.
  Network layer encryption is an entirely different, and for many, a much
 more
  important problem.


That's completely subjective and also it is a problem that has more work
behind than the problem I think there is with the non existence of bsd
tools like gnupg on *base* not on ports and not openssl.

What I say is simply that it would be cool if by default on the *base*
system OpenBSD had a tool called opgp, opengp, puffypg or whatever, to
encrypt files like gnupg does and I was wondering why it does not exist if
OpenBSD cares a lot about cryptography.

Well, with the information you have given me so far, I think the answer is
something like nobody has written it because we have more important things
to do and nobody believes there is a real need for that. Am I right?

Re: BSD licensed gnupg replacement question

[Maximo Pech]

I said I can't code that. I know that gnupg is in the ports tree, but it
just seems strange to me that it isn't on the base system, because for me
it sounds logical that if one of the key points of openbsd is cryptography,
it would have a bsd tool like gnupg. The netpgp thing looks very cool, I
didn't know about it.

So my question is why there isn't a tool like that on base, I'm asking out
of curiosity, maybe some historical, reason, technical... I'm not trying to
point this as a fault, I just want to understand better the fact that gnupg
or a bsd licensed equivalent isn't in the base system.

El jueves, 6 de diciembre de 2012, Martin Schröder escribió:

 2012/12/6 Maximo Pech mak...@gmail.com javascript:;:
  I'd like to know your thoughts about this.

 Shut up and show us your code.

BSD licensed gnupg replacement question

[Maximo Pech]

It's incredible for me that OpenBSD, an operating system that claims to
have integrated cryptography (yes I know that the cryptography is on the
core OS layers)  doesn't have in the base system a tool like gnupg, and
even more incredible, that there isn't a single production ready,
gnupg-like, BSD licensed tool out there (I don't have the skills and time
to program one myself).

I'd like to know your thoughts about this.

Re: i386 or amd64?

[Maximo Pech]

2011/8/5 System Administrator ad...@bitwise.net

 Looking to build a firewall for a fairly busy (25+mb) site. Hardware is
 Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software
 is primarily pf(4) and relayd(8).

 Not so long ago the recommendation was to use the i386 build for a
 slight perfomance and stability benefit. Is that still the case? What
 are the advantages and shortcomings of amd64?

 Thanks in advance.


Ask the guys at devio.us ;-)

Re: Limit number of login sessions

[Maximo Pech]

 Some friends you have...

 ps aux | grep sshd | grep priv | awk '{print $12}' | sort | uniq -c

 Tell your friends if their number ever gets bigger than 2, they're no
 longer your friends.  A few more minutes of scripting and you'll have
 something to run in cron that deletes their account.


That one sounds good.

Re: Limit number of login sessions

[Maximo Pech]

 would you not be better to use ALTQ to limit the bandwidth available
 to each user?  then if they share their password their only sharing
 their own use?


Users are not in my local network. They will connect from the internet and
they have dynamic IPs so I guess that wouldn't work because altq can limit
bandwidth based on IP address, not on user names.




 if not then i'd suggest you create a BSD auth module for processing
 the login sessions and add a 'login-max' capability.


What kind of module? a kernel module?

Re: Limit number of login sessions

[Maximo Pech]

 Please describe this situation some more.  What does 'sharing a ssh tunnel'
 mean?  Once a ssh tunnel is established, it just tunnels between two
 points,
 nobody needs to login anywhere then to 'use' it.


It means that I use my computer on a home adsl connection as a ssh tunnel
and that I let some friends use it as well but I don't want them to abuse.

What we are doing is connecting to the ssh server with some ssh client, it
creates a socks proxy on our local computers, we configure our programs to
connect to the local proxy and everything is forwarded trough the ssh
tunnel.

I mean, I don't know if there's another way to do it without having to login
in the ssh server.


 This sounds like an obfuscated utmp(5)


Yeah, utmp sounds useful for this.

Re: Limit number of login sessions

[Maximo Pech]

Well I guess I will have to resolve this by coding something. What do you
think about this:

There will be a daemon that has a list of logged users. When a user logs in
a small program is launched that tell the daemon the user has logged in. The
daemon looks for the user in the list of users, If the user is there it
tells the program launched before to unlogin the user. If the user isn't
there the daemon adds it to the list of users and a thread is created, this
will check every x time if the user is still logged in. if it isn't, it
deletes the user from the logged users lists and terminates.

2008/9/22 Maximo Pech [EMAIL PROTECTED]

 This will be a ssh tunnel, I want to share it with a few friends, but I
 don't want them sharing it with someone else because if a lot of people
 start using it my upload bandwidth will suffer. It's very easy for them
 giving away their user/password to someone else, then those give the
 password to someone else... suddenly you have 20 ssh connections when you
 intended to have only 5.

 2008/9/22 Jan Stary [EMAIL PROTECTED]

 On Sep 20 21:16:58, Maximo Pech wrote:
  Hi I'm looking for a way to configure a limit for the maximum number of
  simultaneous login sessions for a user.
  I want to do this for preventing
  users to create multiple ssh sessions.

 why?

Limit number of login sessions

[Maximo Pech]

Hi I'm looking for a way to configure a limit for the maximum number of
simultaneous login sessions for a user. I want to do this for preventing
users to create multiple ssh sessions. I think something similar can be done
trough pf, but that's not the approach I'm looking for.