Shouldn't OpenBSD X11 come out with -nolisten tcp as default?
I thought it would make sence for most secure OS. One port less listening the World. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Shouldn't OpenBSD X11 come out with -nolisten tcp as default?
you can do everything with -nolisten tcp :) e.g. X11 forwarding via ssh BTW: most linux net oriented distros with security in mind have it as default. --- black reaper [EMAIL PROTECTED] wrote: On 8/29/05, Vladislav Belogrudov [EMAIL PROTECTED] wrote: I thought it would make sence for most secure OS. One port less listening the World. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs Well, since openbsd uses a net based install (if you download the small 4.5MB iso), that wouldn't really make any sense. The internet is probably the largest form of communication, and pretty much all computers use it, to completely cut yourself off from the net might be more secure, but it would the the equivalent of blowing up your house to make sure that no robbers break in and steal your stuff. -b14ck Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Shouldn't OpenBSD X11 come out with -nolisten tcp as default?
It reminds me approach we won't fix it because nobody reported a problem. I think this is not obsd case and this is what make difference between obsd and commercial unix. PS. X11 is not a secure thing you can trust that easy ;) --- Han Boetes [EMAIL PROTECTED] wrote: Vladislav Belogrudov wrote: I thought it would make sence for most secure OS. One port less listening the World. It's not a security problem to have an open port. It's a security problem to have a bad server listening to an open port. And since nobody knows about a problem with the X server, not even the people who have very deep knowledge about X and about security you can safely assume it's OK to have that port open by default. Now if you don't trust any of all those experts and you want to close that port for your own machine that's fine, but don't ask the experts to trust on your intuition while they are providing the OS in the first place. # Han Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Keyboard issue
do you have problem in bash, ksh, csh, emacs ? Each of the apps has its own tricks for 8 bit or uft-8 handling. --- Carlos Zumajo [EMAIL PROTECTED] wrote: Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: Keyboard issue
If you want internationalization, start your xterm with -en UTF-8 and -fn -misc-fixed-medium-r-normal--15-140-75-75-c-90-iso10646-1 Then install bash from packages. type in bash set meta-flag on set output-meta on set convert-meta off And enjoy :) csh does not allow editing so arrows and tab will not work, but tildas and umlauts will do, tcsh and ksh have lousy support for UTF-8, all of them just good for 8-bit encodings and need special settings to use 8th bit. PS: these settings can go to .Xdefaults and .inputrc . Utf-8 fonts for xterm can be grepped with xlsfonts | grep 10646 --- Carlos Zumajo [EMAIL PROTECTED] wrote: Well, in csh, the key Q (n tilde) work fine, but don4t arrow keys. In sh, the key Q (n tilde) don4t work but ok with arrow keys. It seems that the problem is the one that you say, at least each shell behaves with the keyboard of different form, but none of them works well absolutely. Now I need how to configure this. I am going to search information about this, because I don4t know doing it. Thanks. Carlos. Vladislav Belogrudov wrote: do you have problem in bash, ksh, csh, emacs ? Each of the apps has its own tricks for 8 bit or uft-8 handling. --- Carlos Zumajo [EMAIL PROTECTED] wrote: Hi all. I have installed OpenBSD 3.7 on SparcStation 4. The installation process finished successfully. But I have a issue with keyboard. My keyboard is type5 spanish. In the login field, X or console, I can write the Q letter. After I login with normal user this key don4t work, only beep. When I4m root this key work as spected, but arrows keys don4t work From normal user I tried wsconsctl to turn to spanish encoding and I have no errors, but this key Q, only beep. I do the same with kbd but I have no differences. In a X, I tried XKeycaps, and the keyboard detected is a PC with 104 keys. When I change this by keyboard Sun Microsystems Type 5 OpenWindows Spanish layout and write changes, there are no working keys. All the keys are mapping different that I can see in Xkeycaps. For example, if I press H the key obtained by xkeycaps is 7. Where is the problem? This is my first post and I hope to help you in a few time. Thank you very much. Carlos. This is my dmesg result: OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC real mem = 33214464 avail mem = 25190400 using 200 buffers containing 1658880 bytes of memory bootpath: /[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0 mainbus0 (root): SUNW,SPARCstation-4 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU cpu0: 16K instruction (32 b/l), 8K data (16 b/l) cache enabled obio0 at mainbus0 clock0 at obio0 addr 0x7120: mk48t08 (eeprom) timer0 at obio0 addr 0x71d0 delay constant 52 zs0 at obio0 addr 0x7110 pri 12, softpri 6 zstty0 at zs0 channel 0 zstty1 at zs0 channel 1 zs1 at obio0 addr 0x7100 pri 12, softpri 6 zskbd0 at zs1 channel 0: keyboard, type 5, layout 0x2a wskbd0 at zskbd0: console keyboard zstty2 at zs1 channel 1: mouse slavioconfig at obio0 addr 0x7180 not configured auxreg0 at obio0 addr 0x7190 power0 at obio0 addr 0x7191 fdc0 at obio0 addr 0x7140 pri 11, softpri 4: chip 82077 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0, page-size 4096, range 64MB sbus0 at iommu0: clock = 22 MHz dma0 at sbus0 slot 4 offset 0x840: rev 2 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz, SCSI ID 7 scsibus0 at esp0: 8 targets sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC, 5508 SCSI3 0/direct fixed sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512 bytes/sec, 35566478 sec total cd0 at scsibus0 targ 6 lun 0: TOSHIBA, XM-4101TASUNSLCD, 1755 SCSI2 5/cdrom removable bpp0 at sbus0 slot 4 offset 0xc80: DMA2 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2 le0 at ledma0 offset 0x8c0 pri 6: address 08:00:20:7b:13:e6 le0: 16 receive buffers, 4 transmit buffers tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id 0, rev 2, sense 0 wsdisplay0 at tcx0: console (std, sun emulation), using wskbd0 power-management at sbus0 slot 3 offset 0xa00 not configured root on sd0a rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
ppp does not update resolv.conf
standard ppp.conf with chap and pap (from sample conf or any OpenBSD book) with enable dns ppp does not write anything, with added resolv rewrite file gets touched and with added resolv writable it gets 255.255.255.255 ... Log messages (set log All) show only ?unrelated? messages like Warning: tun0: 0.0.0.0 AIFADDR 217.249.58.121/24-217.5.107.209 returns 0 Warning:0.0.0.0/0: Change route failed:errno:no such process I had to use static nameservers (well, it's not bad because I will use bind for forwarding and caching later) I just wonder if there is a trick ;) Best regards vlad. Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: XDM spoils consoles (automatic start only).
when I start X manually: just 'xdm' or 'startx' everything is ok. If I change xdm_flags to it starts X on boot but consoles are blinking with different patterns and colors :) nice feature... Nevertheless I can blindly login. Even if I kill xdm console still does not get sane. Are there any differencies between starting xdm on boot with arguments and manually? Any actions beforehand? Best regards, Vlad. --- Uwe Dippel [EMAIL PROTECTED] wrote: On Mon, 15 Aug 2005 00:39:14 -0700, Vladislav Belogrudov wrote: starting X via xdm makes consoles unusable - shows kind of blinking color map... Does it start X properly when you startx from a console without any X running ? Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
ksh + utf-8
I use xterm with utf-8 support and ksh. Whenever I start typing fast or editing in some non-latin language I get randomly squares instead of characters. Is utf-8 and pdksh compatible enough? PS: tcsh and bash work perfectly with utf-8 though. I don't use first one because of bad influence while programming in it :))) and the last one has bad license and is not standalone (bound to other leaky abstractions). Still trying to find perfect shell to use with OpenBSD ;) Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
XDM spoils consoles.
Dell Inspiron 1150, starting X via xdm makes consoles unusable - shows kind of blinking color map... Probably somebody already had this problem? Would be nice to use both x and consoles at the same time :) Graphics: Intel 852GMV... Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
www.undeadly.org cannot be found :(
... Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: UK Keymap issue
--- Edd Barrett [EMAIL PROTECTED] wrote: Christian Weisgerber wrote: Edd Barrett [EMAIL PROTECTED] wrote: I have here two x86 machines set up with the uk keymap (console not X). holding shift and pressing three should send #. It sends # followed by a newline. why is this? It should send a pound sign, but a hash followed by \n is sent. The list changed the pound sign to a hash for some reason. The top bit got stripped (reset to 0). Anyway, the console driver does send a pound sign. This character is not part of (US-)ASCII. The console produces the byte value 0xA3, which encodes a pound sign in ISO Latin 1 and related character sets. By default, ksh treats characters that have the top bit set as Meta-character 0x7F, i.e., in your case the pound sign is handled just like the sequence esc# would be handled. From ksh(1): comment: ^[# If the current line does not begin with a comment character, one is added at the beginning of the line and the line is entered (as if return had been pressed); otherwise, the existing comment characters are removed and the cursor is placed at the beginning of the line. So the console is fine, the keymap is fine, it is the application that handles the character differently than you expect. For OpenBSD's ksh, there is a switch if you want to use 8-bit characters on the command line: $ set +o emacs-usemeta Many thanks for clarifying this. Edd Or you could use vi mode (for vi fans): $ set -o vi Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: links vs firefox vs ..
--- Neta [EMAIL PROTECTED] wrote: On 7/13/05, Rod.. Whitworth [EMAIL PROTECTED] wrote: On Wed, 13 Jul 2005 12:27:40 +0700, Neta wrote: Just curious! Could you show me some related paper that java script completely insecure? Just curious! Could you show me how Google did not supply you with an answer? 166000 hits 40400 if Internet Explorer excluded. Lazy boy! If your conclusion is right. Why so many internet banking used it? Do you have any real experiences with your box? Neta I agree, almost each banking site has it (Citi, Deutsche Bank,...) Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Re: links vs firefox vs ..
--- Hannah Schroeter [EMAIL PROTECTED] wrote: Hello! On Wed, Jul 13, 2005 at 02:18:20AM -0700, Vladislav Belogrudov wrote: [...] I agree, almost each banking site has it (Citi, Deutsche Bank,...) Postbank (Germany) works with lynx, pure https and forms. Though they depend on the browser identification, with other browsers they require javascript and use it in a way that it doesn't work everywhere (e.g. with older konquerer I have problems, links+ dito, firefox works though). Kind regards, Hannah. first reply that did have meaning to me, danke sehr ;) Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
links vs firefox vs ..
I would like to find the most secure www browser to use on OpenBSD for online banking. Should support java script and ssl... Sell on Yahoo! Auctions no fees. Bid on great items. http://auctions.yahoo.com/
wscons: any changes in the near future?
I am trying to use console framework on laptops that don't do X or cannot. I read thru the docs of wscons Co and found that some features still dont work or are not documented. I have bundled several questions :) I would like to ask: 1) Is the wsconsole framework dependent of NetBSD development status and do features/bug fixing come from there? Or FreeBSD 2) I saw (man wsfontload) that console font can be loaded once but cannot be changed without destroying old console and making new one. There are numerious hacks on the Internet how to workaround this problem... Will it be enhanced in the near future? 3) Manual pages describe wsconsctl rather very poorly, there are many settings that are not documented yet or documented but not working :) Reference to the source code is not counted - one could just issue one global manual page like man 0 help: see /usr/src... :))) My display does not wake up on mouse action but keyboard does do it (all ctls settings are ok). 4) I would like to change mouse resolution of wsmoused because working with touchpad is too difficult on my Dell Inspiron 1150. wsconsctl seems to know resolution keyword for mouse but does not change anything. Wireless USB mouse gives short read 4!=0 kernel message on boot sometimes. 5) any unicode aware consoles in the future? ... Or should everybody get X running and use console in 7 bit mode? OT: I had a question about how to make console bell not that loud. The best thing I tried is setting pitch to 50 - nice sound and not threatening or annoying anybody around. Currently I play with Inspiron 1150: apm is not found, internal win modem replaced with pcmcia 3com156.. will report as soon as get ppp done :) Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: GRUB's boot parameter - don't do it!!!!
I think using grub is shameful and insecure enough :) I would not rely on boot loader that resides outside of MBR. The best thing for multi-os pc is distro-independent loader (e.g. GAG) + partion loaders for each specific OS. Don't want my OpenBSD to depend on Linux partitions :) My personal opinion PS: grub still can be second level boot loader, e.g. for Linux affiliates. Be careful with GRUB on Linux partition if you are not yet convinced :) --- ikesan [EMAIL PROTECTED] wrote: On Thu, 16 Jun 2005 18:39:37 +0200 Matthias Kilian [EMAIL PROTECTED] wrote: On Fri, Jun 17, 2005 at 01:12:59AM +0900, ikesan wrote: root (hd2,0,a) kernel --type=netbsd /bsd Use the chainloader. I dit it!! I changed grub's parameter as following. root (hd2,0,a)#- not hd0 chainloader +1 It works good. Thank you! Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Theo gave an interview to Forbes Mag. about Linux
100% right words! --- Dissapointed Linux user/admin/developer since 1998 --- J. Lievisse Adriaanse [EMAIL PROTECTED] wrote: Theo gave an interview to Forbes Magazine, in which he stated: It's terrible, De Raadt says. Everyone is using it, and they don't realize how bad it is. And the Linux people will just stick with it and add to it rather than stepping back and saying, 'This is garbage and we should fix it.' Nice to read though as an ex-Linsux'er :) Jasper -- checking whether you're still watching...probaly not :-) /usr/ports/x11/wmx configure script. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Your worst dream comes true, thanks to Intel
So there will be no need for dongling? ;) (probably only intel does not have host id or alike yet). One can think of identity management be it for securing or licensing.. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Safe development
subversion it then... binary diffs are there :) --- Timothy Donahue [EMAIL PROTECTED] wrote: On Friday 20 May 2005 03:59 am, Stephan Wehner wrote: What am I trying to back up? What happened to me was I was running Mepis, and did an apt-get xfce4 (I think it was xfcr4). But then startx wouldn't work any longer. I thought apt-get would be pretty safe... Then I switched to FreeBSD and after a port-upgrade installed the new version of firefox. Then firefox wouldn't work any more. In both cases I had no clue what had changed, or how to undo it. Hence my original question. I think starting over with OpenBSD will be worth it. But I'm trying to decide on a good way to set up backups right from the start. Are you saying I should put the /usr and /etc directories and so on in a cvs repository? Will I get to know which files to checkout as I install more ports? Or instead of a cvs repository I thought of just taking snapshots before any system changes. But then I thought this should be a common problem so I asked how to go about it. How about tar and a DVD burner or a USB harddrive. Granted, this is not an ideal backup situation but if all you are worried about is restoring after an update then it should work fine. CVS, well you are going to need GOBS of diskspace to keep the repository in. Every time a binary file gets updated it will keep a full copy of the updated file, not a very efficient way to go about keeping a system snapshot. Tim Donahue Yahoo! Mail Stay connected, organized, and protected. Take the tour: http://tour.mail.yahoo.com/mailtour.html