Re: Resuming from suspend takes 12-14 seconds

2021-05-28 Thread Rudy Baker 
Imagine code could be changed like in Linux

On Fri., May 28, 2021, 12:17 p.m. Mike Larkin,  wrote:

> On Fri, May 28, 2021 at 12:59:09PM +0530, Subhaditya Nath wrote:
> > On 5/28/21, Theo de Raadt  wrote:
> > > amdgpu startup is slow.
> > >
> > > not our fault.
> > >
> >
> > Oh.
> > You mean amdgpu(4), right?
> >
> > But resuming from suspend is instantaneous in Linux...
> > Why is it so slow on OpenBSD?
> >
>
> different code.
>
> >
> > I am sorry, but I am new to OpenBSD, and I am genuinely curious about
> > what might cause amdgpu startup to be so slow on OpenBSD compared to
> > Linux.
> >
> >
> > - Subhaditya
> >
>
>

Re: what a shame

2021-04-24 Thread Rudy Baker 
Can we make an exception and ban this guy?

On Sat., Apr. 24, 2021, 11:25 a.m. Olive Power, <
powerol...@smartershadow.onmicrosoft.com> wrote:

> u selfish people as described on monkey.org are really selfish
> i think that is why u image is a fish
> all other linux and bsd and someday haiku and openillous got hashcat port
> but u
> think it use by black hat not white hat like u
> donot support it
> i have to use a script to call xxhash to do the same job
> hahaha
> the song changed to
> Selfish people
> Selfish people
> sound funny
> puffy
> oh no delete my mail all mail back up on marc.info
> even if u delete it on marc.info
> i have them in my mailbox hahaha
>

Re: iwn in monitor mode with fixed channel

2019-07-26 Thread Rudy Baker 
The moment I started reading this I thought "this dude is playing with
aircrack". Surely enough I was right.

On Fri, Jul 26, 2019, 10:14 AM Stefan Sperling,  wrote:

> On Fri, Jul 26, 2019 at 01:53:04PM +0200, Péter Bertalan Zoltán wrote:
> > On 2019-07-26, Stefan Sperling wrote:
> > > Internally to net80211, there are two channels: The 'default' channel
> > > (referred to as "ic_ibss_chan" in source code) and the 'desired'
> > > channel (referred to as "ic_des_chan" in source code).
> > >
> > > The default channel is initialized when the driver attaches (usually
> > > to channel 1). Monitor mode uses this default channel, which you've
> > > modified while the interface was in monitor mode.
> > > ifconfig shows this channel while the interface is down.
> > >
> > > Furthermore, the channel for each known AP is stored alongside other
> > > data such as the AP's SSID. While the interface is up, ifconfig shows
> > > the channel of the currently selected AP. This selection is ineffective
> > > in monitor mode because no connection to any AP is initiated, but data
> > > from the previous connection is still there and is being displayed.
> >
> > So as far as I understand, when I issued
> ># ifconfig iwn0 mediaopt monitor chan 4
> > I have modified the *default channel*, which monitor mode uses? And in
> > monitor mode, what `ifconfig iwn0` shows as the AP (after 'ieee80211:')
> > can be disregarded, including the channel, because those settings are
> > ineffective in monitor mode?
>
> Yes. What ifconfig shows you here is bogus.
>
> > But this would mean that the interface is indeed set to use channel 4,
> > as desired. However:
> >
> > ---snip---
> > # airodump-ng --channel 4 iwn0
> > CH  4 ][ Elapsed: 1 min ][ 2019-07-26 13:48 ][ fixed channel iwn0: 12
> > ...
> > ---snip---
> >
> > Is this an issue with aircrack-ng? Did I misunderstand you?
>
> I have no idea what aircrack-ng is doing.
>
> You can verify the current channel with:
>   tcpdump -i iwn0 -y IEEE802_11_RADIO
>
> This shows the current channel number in radiotap headers, e.g.:
>   ...  ...
>
>

Re: Moving from Bird to OpenBGPD

2019-07-14 Thread Rudy Baker 
It's sad how hostile this mailing list is that you need to beg forgiveness
for using a different email client because you may have triggered some of
these people. 

On Sun, Jul 14, 2019, 12:51 AM BSD user,  wrote:

> Hello,
>
> My apologies for sending this email multiple times.
>
> I was so mortified by Tutanota's awful text formatting that I created a
> new mail account that supported IMAP so that I could load it up in
> Thunderbird with text only mode enabled.
>
> Once again, my apologies for my rookie mistake choosing Tutanota for use
> on an international mailing list such as this one. I hope you guys will
> give me one more chance.
>
> My (hopefully) unmangled message is below.
>
>
> --
>
>
> Hello,
>
>
> I’m having some trouble configuring OpenBGPD to replace my Bird deployment.
>
> I’m trying to set up redundant web infrastructure for a few websites I
> host with Vultr. To do so, I followed this guide:
>
>
> https://www.vultr.com/docs/high-availability-on-vultr-with-floating-ip-and-bgp
>
> It works flawlessly with Bird running on OpenBSD, but I obviously prefer
> to run utilities from the base system wherever possible. I’ve spent more
> time than I’d like to admit trying to get this setup working on OpenBGPD.
>
> The only thing I did different from the above guide was use lo1 rather
> than a dummy interface, as dummy interfaces appear to be a linuxism as
> per this mailing list thread I found:
>
>
> http://openbsd-archive.7691.n7.nabble.com/Dummy-Interface-In-OpenBGPd-td34009.html
>
> Basically, all I’m trying to do is port my Bird config over to OpenBGPD.
> At this point I’m just banging my head against a wall. I’ve spent
> several days googling, reading man pages and trying different configs. I
> must be missing something basic, and it’s likely something obvious I’m
> missing, as I am by no means a BGP expert.
>
> My bird config looks like this:
>
>
> log "/var/log/bird" all;
>
> router id xxx.xxx.224.9;
>
> protocol device
> {
>  scan time 60;
> }
>
> protocol direct
> {
>  interface "lo1";
> }
>
> protocol bgp vultr
> {
>  local as 65xxx;
>  source address xxx.xxx.224.9;
>  import none;
>  export all;
>  graceful restart on;
>  next hop self;
>  multihop 2;
>  neighbor 169.254.169.254 as 64515;
>  password "xx";
> }
>
>
> My attempt at a bgpd.conf looks like this:
>
>
> # Global Configuration
>
> AS 65xxx
> router-id xxx.xxx.224.9
>
> # Our Address Space
> network xxx.xxx.0.141/32
> network inet connected
>
> # IPv4 Peers
>
> neighbor 169.254.169.254 {
>  remote-as   64515
>  tcp md5sig password xx
>  set nexthop self
>  multihop2
>  descr   Vultr
>  local-address   xxx.xxx.224.9
>  announceIPv4 unicast
> }
>
>
>
> Any assistance you fine folks could provide to help me get this working
> would be hugely appreciated.
>
> I've also attached my config files to eliminate any chance of them being
> mangled.
>
> Thanks so much for your time.
>
>

Re: Did I install correctly the openbsd?

2019-07-09 Thread Rudy Baker 
Aren't you that guy "Ywë Carlen" or something like that?

On Tue, Jul 9, 2019, 7:30 PM SOUL_OF_ROOT 55, 
wrote:

> I installed openbsd 6.5 in Virtualbox for Windows 7, the following
> screenshots show it:
>
> [image: openbsd installation.png]
>
> [image: openbsd virtualbox2.png]
>
> [image: congratulations.png]
>
> [image: ls -l in openbsd6.5.png]
>
> I tried to install openbsd according to the following video:
>
> https://youtu.be/8lqISJFB3ak
>
> Did I install correctly the openbsd?
>

Re: OpenBSD on VMware ESXi

2019-05-22 Thread Rudy Baker 
There's a bug in ESXI 6.5 specifically with vmxnet 3. We we're using Linux
when it was noticed but anytime one of our floating ips (haproxy,
keepalived) would switch to the node with vmxnet 3, instant kernel panic. I
wonder if the problem is happening to you.

https://kb.vmware.com/s/article/2151480

Like others have mentioned, E1000 doesn't have the problem and the issue
also goes away after upgrading to 6.7.



On Wed, May 22, 2019, 4:24 PM Roderick,  wrote:

>
> Of course never booted: /var/log/messages is empty. :)
>
> I was too sleepy and optimistic.
>
>
>

Re: How to synchronise 2 spamd instances

2019-04-22 Thread Rudy Baker 
On Mon, Apr 22, 2019, 10:43 AM Thuban,  wrote:

> * Otto Moerbeek  le [21-04-2019 12:49:07 +0200]:
> > On Sun, Apr 21, 2019 at 09:53:52AM +, Mik J wrote:
> >
> > > Hello,
> > > I read the man but it's not so clear to me
> > > https://man.openbsd.org/spamd#SYNCHRONISATION
> > > a) I chose unicast synchronisation but I don't know which port should
> I open on the firewall ?
> > > Is it going to use the spamd-cfg service ?
> >
> > It will use spamd-sync (udp port 8025)
>
> Good to know, I was blocking this traffic. It might be interesting to
> add a word about this in the manpage, what do you think?
>

tcpdump -nettti pflog0

That command tells you if anything is being blocked. I normally start
there. You would have seen port 8025 being blocked right away

>
>

Re: I love your Emails. This one made my day!

2018-11-20 Thread Rudy Baker 
I like turtles

On Tue, Nov 20, 2018, 5:40 PM Josh Grosse  Thank you!
>
> On November 20, 2018 2:24:55 PM EST, Nick Holland <
> n...@holland-consulting.net> wrote:
> >On 11/20/18 11:43, Chris Bennett wrote:
> >> I am almost certainly going to be replacing with a new server for an
> >> organization I am a member of.
> >> With all of this mess with Meltdown, Spectre, insecure motherboard
> >> chips,etc.
> >> I am pretty clueless on exactly what is going to be a secure set of
> >> server hardware.
> >> Intel, well no.
> >> AMD? I have read about problems with non-CPU chips being compromised.
> >> Another architecture? I have never used anything other than
> >Intel/AMD.
> >>
> >> The server will run httpd, mailserver, PostgreSQL and somehow a good
> >way
> >> for well encrypted messaging at times.
> >
> >all on one server?
> >
> >And as someone who has run a number of mail servers for a number of
> >companies ... don't.  Just don't.  Running your own mail server is a
> >good way to accomplish nothing except wasting a lot of time and making
> >people hate you.
> >
> >> It is very likely to run out of Austin, Texas.
> >> I think that having a direct connection would be best, but would a
> >> proper setup make collocation OK?
> >
> >You are using poorly defined buzzwords.  What you mean by a "direct
> >connection", "proper setup", "collocation" and what I mean are likely
> >very different.
> >
> >> This isn't going to be my server, I will just be in charge. That's
> >> completely new for me.
> >> Any advice is really welcome, everywhere I read anything, hardware
> >seems
> >> broken and insecure.
> >
> >Pretty much all new HW is optimized in ways that we are now learning
> >(and has been known for a long time) introduce security problems.
> >However, most of the problems boil down to having malicious software
> >running in the control of someone else on the same physical machine
> >YOUR
> >code is running on.
> >
> >In short: No news.  Really.
> >
> >If someone that wanted to do you evil lived in the same house as you,
> >you would not be comfortable, right?  What if you put up walls
> >(virtualization) that have proven to to be about as robust as paper?
> >That make you feel any better?  Probably not.  Virtualization has been
> >proven -- over and over -- not terribly secure.  Now we got
> >cross-virtualization platforms ways of stealing data from other
> >processes.  Important? yes.  But in the big picture, it's similar to
> >Yet
> >Another buffer overflow.
> >
> >So...split your tasks on different physical systems as much as
> >possible.
> >If your webserver is serving static pages, it's probably pretty robust.
> > If it's running Wordpress or any other "any idiot can manage the web
> >page" apps or dynamic web pages for other reasons, it should be a
> >machine of its own and have no other important data on it.
> >Your primary goal should be to keep the bad guys off your computer in
> >every sense.  And again...nothing new here.
> >
> >But if security is your concern, you want real hw you control in every
> >sense.
> >
> >Unfortunately, if you have performance requirements, your choices are
> >AMD and Intel.  Older Intel and AMD chips aren't getting any support to
> >deal with these problems, so your choices are incredibly old chips
> >which
> >are probably not in the most reliable hardware, and a whole bunch of
> >other old, unreliable, and slow hardware platforms.  But be realistic.
> >Your bosses will probably mandate a VM on someone else's hw, a
> >wordpress
> >website, one box for everything, and that you give him the root
> >password
> >which he'll e-mail to himself to keep it "secure".  Your most likely
> >breach points will be an easily guessed password (usually, a
> >manager's),
> >a bug in a web content management system, or someone believing that
> >"secure e-mail" is a thing.  In other words, Same Old Shit.  It
> >probably
> >won't be breached by a Spectre or Meltdown-like attack.  But it MIGHT
> >be.  Obsessing about them is generally missing the real day-to-day
> >risks.
> >
> >Nick.
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
>

Re: Interface modifiers in pf.conf

2018-09-27 Thread Rudy Baker 
On Thu, Sep 27, 2018, 3:59 AM Per-Olov Sjöholm,  wrote:

> On Thu, Sep 27, 2018, at 06:16, Theo de Raadt wrote:
> > =?utf-8?Q?Per-Olov=20Sj=C3=B6holm?=  wrote:
> >
> > > I can in the man page fr PF see:
> > >
> > > --snip--
> > > Interface names, interface group names, and self can have
> > >  modifiers appended:
> > >
> > >  :0   Do not include interface aliases.
> > >  :broadcast  Translates to the interface's broadcast
> address(es).
> > >  :networkTranslates to the network(s) attached to the
> > >  interface.
> > >  :peer   Translates to the point-to-point interface's
> peer
> > >  address(es).
> > > --snip--
> > >
> > > Is there a special reason syntax like INTERNET_INT:1 wont work if we
> want to use the first alias address from the hostname interface file?
> > >
> > > As it is now I have to use the base adress by using ":0" or including
> all aliases. For me this seems unusable. If I want to nat out on the alias
> address from for example the DMZ I would like to use ":1". As this is not
> possible I have to hard code the IP:s in pf.conf.
> >
> > Yes there is a very good reason.
> >
> > Interface aliases are not what you think they.  A mistake was made
> > more than two decades ago.  If you reconfigure, they "roll".
> >
> > You should avoid use of :0, unless you need it.  But definately you do
> > not want :1 or :2 etc
>
>
> Ahhh I see... Didn't know that. Many thanks for the answer
>
>  I found it very convenient to not add the external IP into pf.conf, but
> let the service itself harvest it from the interface. But it seems it is no
> longer possible when you add more IPs to the external interface (unless you
> want them all in the same rule of course). Not a biggie. Just interested to
> see if it is possible to have more than one IP on the interface and don't
> have them specified in pf.conf...
>
> How would you solve this example below Should I hard code the IPs and only
> use these and skip usage of ":0" in this case?  Is there maybe a way to
> instead create a separate sub interface for the alias IP so the sub
> interface could be used in PF, but the resulting PF behaviour remains?
>
> cat /etc/hostname.ix3
> inet 192.168.0.100 255.255.255.0 192.168.0.255  description "INTERNET
> UPLINK TEST"
> !ifconfig ix3 inet alias 192.168.0.101 netmask 255.255.255.255 broadcast
> 192.168.0.255
>
>
> From pf.conf example
> INTERNET_INT="ix3"
> INTERNET_INT_IP1="192.168.0.100" <<< Can this be avoided?
> INTERNET_INT_IP2="192.168.0.102"  <<< Can this be avoided?
> match out on $INTERNET_INT from $DMZ1_DAEDALUS to any nat-to
> $INTERNET_INT_IP2
> match out on $INTERNET_INT from $LAN_INT:network to any nat-to
> $INTERNET_INT:0



Instead of making alias interfaces, you could always make carp interfaces I
guess.

Then your pf.conf could be like:

INTERNET_INT="ix3"
INTERNET_INT_IF2="carp100"


match out on $INTERNET_INT from $DMZ1_DAEDALUS to any nat-to
$INTERNET_INT_IF2
match out on $INTERNET_INT from $LAN_INT:network to any nat-to
$INTERNET_INT:0

Re: %#ẍ Dev OS (was: Fair Pay In Cyberspace)

2018-07-08 Thread Rudy Baker 
I have a suggestion for when you change the name of your OS again next
week:

π√¶:*!!!flïbbīnflùbêñ OS;;;!?***

It just rolls right off the tongue

On Sun, Jul 8, 2018, 6:59 AM Ywe Cærlyn,  wrote:

> We are now %#ẍ Dev,  a short form of the same intent, since so many
> already like three-letter concepts.
>
> This is all going to be about the percentages people, and that is all an
> OS needs to be about.
>
> With such a driving factor, in the business oriented computer world, we
> will have the "good os", the low jitter, and the smooth graphics.
>
> Because it is all part of the same mindset.
>
> Jinn and Hūman. Those of you who desire a good OS, our research is still
> at, https://nyt.cloud/showthread.php?tid=2
>
> Now also with a suggestion for replacement of mp3. GNU does indeed not
> hide anything from The Gôdh.
>
> Peace (Go With Théé),
> Ywe Cærlyn.
> Léad
> %#ẍ Dev
>
>

Re: Theo's BOF at BSDcan

2018-06-21 Thread Rudy Baker 
Anyone got a link to this video? Can't find it anywhere

On Thu, Jun 21, 2018, 11:52 AM anexit  wrote:

> It was a good talk either way.. It's an issue that keeps getting larger as
> time goes on.
>
>
>
> --
> Sent from:
> http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
>
>

Re: OpenBSD Puffy Stickers

2017-11-30 Thread Rudy Baker 
Alright guys, he gets it. I wouldn't want to have to read two obligatory
leaving letters in one week :)


On Dec 1, 2017 1:31 AM, "Eric Furman"  wrote:

On Thu, Nov 30, 2017, at 11:07 PM, Theo de Raadt wrote:
> > Currently the OpenBSD store has mugs, t-shirts, posters, and CDs. All of
> > those require more expense than stickers. Stickers are rather
inexpensive
> > to produce, can be sold for high markup, and cost very little to ship,
not
> > to mention are very popular, especially in the tech industry.
> >
> > It wouldn't require any new artwork or commissions. If you were to sell
> > Puffy stickers or OpenBSD Logo stickers I'm sure they'd be top-sellers.
> >
> > Case in point, UnixStickers.com charges $2.69 per sticker and that
doesn't
> > include shipping.
>
> Why should I do that?  You only thought of yourself.
>
> What is in it for me?
>
> NOTHING.
>
> So why should I do this for you?
>
> If you think I should, and you repeatedly send mails saying so I can
> only conclude one thing:
>
> You have a self-entitlement issue.
>

This *MIGHT* be a great idea, but...
WHO IS GOING TO DO IT?
I don't want Theo or any of the Devs wasting their time doing crap like
this
that might just turn out to be a wast of time. They should be coding.
People are always asking "What can I do to help the Project"?
What people can do is to DO something and not talk about it.
So, make a batch of stickers yourself and sell them on ebay.
Then you can see for yourself just how Big A Seller they can be.
I'm going to bet that it will turn out to take a lot more time and
effort than you think and that it will turn very little if any profit.
But hey, don't let me stop you.
Good luck.