Shouldn't OpenBSD X11 come out with -nolisten tcp as default?

[Vladislav Belogrudov]

I thought it would make sence for most secure OS.
One port less listening the World.




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: Shouldn't OpenBSD X11 come out with -nolisten tcp as default?

[Vladislav Belogrudov]

you can do everything with -nolisten tcp :)
e.g.  X11 forwarding via ssh

BTW: most linux net oriented distros 
with security in mind have it as default.


--- black reaper [EMAIL PROTECTED] wrote:

 On 8/29/05, Vladislav Belogrudov
 [EMAIL PROTECTED] wrote:
  
  I thought it would make sence for most secure OS.
  One port less listening the World.
  
  
  
 
 
  Start your day with Yahoo! - make it your home
 page
  http://www.yahoo.com/r/hs
  
  Well, since openbsd uses a net based install (if
 you download the small 
 4.5MB iso), that wouldn't really make any sense. The
 internet is probably 
 the largest form of communication, and pretty much
 all computers use it, to 
 completely cut yourself off from the net might be
 more secure, but it would 
 the the equivalent of blowing up your house to make
 sure that no robbers 
 break in and steal your stuff.
 
 -b14ck
 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: Shouldn't OpenBSD X11 come out with -nolisten tcp as default?

[Vladislav Belogrudov]

It reminds me approach
we won't fix it because nobody reported a problem.
I think this is not obsd case and this is what
make difference between obsd and commercial unix.

PS. X11 is not a secure thing you can trust that easy
;)


--- Han Boetes [EMAIL PROTECTED] wrote:

 Vladislav Belogrudov wrote:
  I thought it would make sence for most secure OS.
  One port less listening the World.
 
 It's not a security problem to have an open port.
 It's a security problem to
 have a bad server listening to an open port.
 
 And since nobody knows about a problem with the X
 server, not even the people
 who have very deep knowledge about X and about
 security you can safely assume
 it's OK to have that port open by default.
 
 Now if you don't trust any of all those experts and
 you want to close that port
 for your own machine that's fine, but don't ask the
 experts to trust on your
 intuition while they are providing the OS in the
 first place.
 
 
 
 # Han
 
 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: Keyboard issue

[Vladislav Belogrudov]

do you have problem in bash, ksh, csh, emacs ?
Each of the apps has its own tricks for 8 bit or uft-8
handling. 

--- Carlos Zumajo [EMAIL PROTECTED] wrote:

 Hi all.
 
 I have installed OpenBSD 3.7 on SparcStation 4. The
 installation process 
 finished successfully.
 
 But I have a issue with keyboard. My keyboard is
 type5 spanish.  In the 
 login field, X or console, I can write the Q
 letter. After I login 
 with normal user this key don4t work, only beep.
 When I4m root this key 
 work as spected, but arrows  keys don4t work
 
  From normal user I tried wsconsctl to turn to
 spanish encoding and I 
 have no errors, but this key Q, only beep. I do
 the same with kbd but 
 I have no differences.
 
 In a X, I tried XKeycaps, and the keyboard detected
 is a PC with 104 
 keys. When I change this by  keyboard Sun
 Microsystems Type 5 
 OpenWindows Spanish layout and write changes, there
 are no working keys. 
 All the keys are mapping different that I can see in
 Xkeycaps. For 
 example, if I press H the key obtained by xkeycaps
 is 7.
 
 Where is the problem?
 
 This is my first post and I hope to help you in a
 few time. Thank you 
 very much.
 
 Carlos.
 
 This is my dmesg result:
 
 OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33 MST
 2005


[EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC
 real mem = 33214464
 avail mem = 25190400
 using 200 buffers containing 1658880 bytes of memory
 bootpath: 

/[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL 
PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0
 mainbus0 (root): SUNW,SPARCstation-4
 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU
 cpu0: 16K instruction (32 b/l), 8K data (16 b/l)
 cache enabled
 obio0 at mainbus0
 clock0 at obio0 addr 0x7120: mk48t08 (eeprom)
 timer0 at obio0 addr 0x71d0 delay constant 52
 zs0 at obio0 addr 0x7110 pri 12, softpri 6
 zstty0 at zs0 channel 0
 zstty1 at zs0 channel 1
 zs1 at obio0 addr 0x7100 pri 12, softpri 6
 zskbd0 at zs1 channel 0: keyboard, type 5, layout
 0x2a
 wskbd0 at zskbd0: console keyboard
 zstty2 at zs1 channel 1: mouse
 slavioconfig at obio0 addr 0x7180 not configured
 auxreg0 at obio0 addr 0x7190
 power0 at obio0 addr 0x7191
 fdc0 at obio0 addr 0x7140 pri 11, softpri 4:
 chip 82077
 iommu0 at mainbus0 addr 0x1000: version 0x4/0x0,
 page-size 4096, 
 range 64MB
 sbus0 at iommu0: clock = 22 MHz
 dma0 at sbus0 slot 4 offset 0x840: rev 2
 esp0 at dma0 offset 0x880 pri 4: ESP200, 40MHz,
 SCSI ID 7
 scsibus0 at esp0: 8 targets
 sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC,
 5508 SCSI3 0/direct 
 fixed
 sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512
 bytes/sec, 35566478 sec total
 cd0 at scsibus0 targ 6 lun 0: TOSHIBA,
 XM-4101TASUNSLCD, 1755 SCSI2 
 5/cdrom removable
 bpp0 at sbus0 slot 4 offset 0xc80: DMA2
 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2
 le0 at ledma0 offset 0x8c0 pri 6: address
 08:00:20:7b:13:e6
 le0: 16 receive buffers, 4 transmit buffers
 tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id
 0, rev 2, sense 0
 wsdisplay0 at tcx0: console (std, sun emulation),
 using wskbd0
 power-management at sbus0 slot 3 offset 0xa00
 not configured
 root on sd0a
 rootdev=0x700 rrootdev=0x1100 rawdev=0x1102
 
 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: Keyboard issue

[Vladislav Belogrudov]

If you want internationalization, start your xterm
with -en UTF-8 and 
-fn
-misc-fixed-medium-r-normal--15-140-75-75-c-90-iso10646-1

Then install bash from packages.

type in bash

   set meta-flag on
   set output-meta on
   set convert-meta off

And enjoy :)
csh does not allow editing so arrows and tab will not
work,
but tildas and umlauts will do,
tcsh and ksh have lousy support for UTF-8, all of them
just good for  8-bit encodings and need special
settings to use 8th bit.

PS: these settings can go to .Xdefaults and .inputrc .
Utf-8 fonts for xterm can be grepped with 
xlsfonts | grep 10646


--- Carlos Zumajo [EMAIL PROTECTED] wrote:

 Well, in csh, the key Q (n tilde) work fine, but
 don4t arrow keys.
 
 In sh, the key Q (n tilde) don4t work but ok with
 arrow keys.
 
 It seems that the problem is the one that you say,
 at least each shell 
 behaves with the keyboard of different form, but
 none of them works well 
 absolutely.
 
 Now I need how to configure this. I am going to
 search information about 
 this, because I don4t know doing it.
 
 Thanks.
 
 Carlos.
 
 
 Vladislav Belogrudov wrote:
 
  do you have problem in bash, ksh, csh, emacs ?
  Each of the apps has its own tricks for 8 bit or
 uft-8
  handling. 
  
  --- Carlos Zumajo [EMAIL PROTECTED] wrote:
  
  
 Hi all.
 
 I have installed OpenBSD 3.7 on SparcStation 4.
 The
 installation process 
 finished successfully.
 
 But I have a issue with keyboard. My keyboard is
 type5 spanish.  In the 
 login field, X or console, I can write the Q
 letter. After I login 
 with normal user this key don4t work, only beep.
 When I4m root this key 
 work as spected, but arrows  keys don4t work
 
  From normal user I tried wsconsctl to turn to
 spanish encoding and I 
 have no errors, but this key Q, only beep. I do
 the same with kbd but 
 I have no differences.
 
 In a X, I tried XKeycaps, and the keyboard
 detected
 is a PC with 104 
 keys. When I change this by  keyboard Sun
 Microsystems Type 5 
 OpenWindows Spanish layout and write changes,
 there
 are no working keys. 
 All the keys are mapping different that I can see
 in
 Xkeycaps. For 
 example, if I press H the key obtained by
 xkeycaps
 is 7.
 
 Where is the problem?
 
 This is my first post and I hope to help you in a
 few time. Thank you 
 very much.
 
 Carlos.
 
 This is my dmesg result:
 
 OpenBSD 3.7 (GENERIC) #312: Mon Mar 21 00:14:33
 MST
 2005

 
  
 

[EMAIL PROTECTED]:/usr/src/sys/arch/sparc/compile/GENERIC
  
 real mem = 33214464
 avail mem = 25190400
 using 200 buffers containing 1658880 bytes of
 memory
 bootpath: 
 
  
 

/[EMAIL PROTECTED],1000/[EMAIL PROTECTED],10001000/[EMAIL 
PROTECTED],840/[EMAIL PROTECTED],880/[EMAIL PROTECTED],0
  
 mainbus0 (root): SUNW,SPARCstation-4
 cpu0 at mainbus0: MB86904 @ 110 MHz, on-chip FPU
 cpu0: 16K instruction (32 b/l), 8K data (16 b/l)
 cache enabled
 obio0 at mainbus0
 clock0 at obio0 addr 0x7120: mk48t08 (eeprom)
 timer0 at obio0 addr 0x71d0 delay constant 52
 zs0 at obio0 addr 0x7110 pri 12, softpri 6
 zstty0 at zs0 channel 0
 zstty1 at zs0 channel 1
 zs1 at obio0 addr 0x7100 pri 12, softpri 6
 zskbd0 at zs1 channel 0: keyboard, type 5, layout
 0x2a
 wskbd0 at zskbd0: console keyboard
 zstty2 at zs1 channel 1: mouse
 slavioconfig at obio0 addr 0x7180 not
 configured
 auxreg0 at obio0 addr 0x7190
 power0 at obio0 addr 0x7191
 fdc0 at obio0 addr 0x7140 pri 11, softpri 4:
 chip 82077
 iommu0 at mainbus0 addr 0x1000: version
 0x4/0x0,
 page-size 4096, 
 range 64MB
 sbus0 at iommu0: clock = 22 MHz
 dma0 at sbus0 slot 4 offset 0x840: rev 2
 esp0 at dma0 offset 0x880 pri 4: ESP200,
 40MHz,
 SCSI ID 7
 scsibus0 at esp0: 8 targets
 sd0 at scsibus0 targ 3 lun 0: FUJITSU, MAN3184MC,
 5508 SCSI3 0/direct 
 fixed
 sd0: 17366MB, 29694 cyl, 2 head, 598 sec, 512
 bytes/sec, 35566478 sec total
 cd0 at scsibus0 targ 6 lun 0: TOSHIBA,
 XM-4101TASUNSLCD, 1755 SCSI2 
 5/cdrom removable
 bpp0 at sbus0 slot 4 offset 0xc80: DMA2
 ledma0 at sbus0 slot 4 offset 0x8400010: rev 2
 le0 at ledma0 offset 0x8c0 pri 6: address
 08:00:20:7b:13:e6
 le0: 16 receive buffers, 4 transmit buffers
 tcx0 at sbus0 slot 2 offset 0x80: 1152x900, id
 0, rev 2, sense 0
 wsdisplay0 at tcx0: console (std, sun emulation),
 using wskbd0
 power-management at sbus0 slot 3 offset 0xa00
 not configured
 root on sd0a
 rootdev=0x700 rrootdev=0x1100 rawdev=0x1102
 
 
  
  
  
  
  
 
 
  Start your day with Yahoo! - make it your home
 page 
  http://www.yahoo.com/r/hs 
 
 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

ppp does not update resolv.conf

[Vladislav Belogrudov]

standard ppp.conf with chap and pap (from sample conf
or any OpenBSD book)

with enable dns ppp does not write anything,
with added resolv rewrite file gets touched
and with added resolv writable it gets
255.255.255.255
...

Log messages (set log All) show only ?unrelated?
messages
like
  Warning: tun0: 0.0.0.0 AIFADDR 
  217.249.58.121/24-217.5.107.209 returns
0
Warning:0.0.0.0/0: Change route failed:errno:no such
process



I had to use static nameservers (well, it's not bad
because I will use bind for forwarding and caching
later)


I just wonder if there is a trick ;)

Best regards
vlad.







Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: XDM spoils consoles (automatic start only).

[Vladislav Belogrudov]

when I start X manually: just 'xdm' or 'startx'
everything is ok. If I change xdm_flags to 
it starts X on boot but consoles are blinking
with different patterns and colors :) nice feature...
Nevertheless I can blindly login. Even if I kill xdm
console still does not get sane. 

Are there any differencies between starting xdm
on boot with  arguments and manually? Any actions
beforehand?

Best regards,
Vlad.

--- Uwe Dippel [EMAIL PROTECTED] wrote:

 On Mon, 15 Aug 2005 00:39:14 -0700, Vladislav
 Belogrudov wrote:
 
  starting X via xdm makes consoles unusable -
  shows kind of blinking color map...
 
 Does it start X properly when you startx from a
 console without any X
 running ?
 
 





Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

ksh + utf-8

[Vladislav Belogrudov]

I use xterm with utf-8 support and ksh.
Whenever I start typing fast or editing in some
non-latin
language I get randomly squares instead of characters.
Is utf-8 and pdksh compatible enough?

PS: tcsh and bash work perfectly with utf-8 though.
I don't use first one because of bad influence
while programming in it :))) and the last one has bad
license and is not standalone (bound to other leaky
abstractions). Still trying to find perfect shell to
use
with OpenBSD ;)
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

XDM spoils consoles.

[Vladislav Belogrudov]

Dell Inspiron 1150,

starting X via xdm makes consoles unusable -
shows kind of blinking color map...
Probably somebody already had this problem?
Would be nice to use both x and consoles at the same
time :)


Graphics: Intel 852GMV...




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

www.undeadly.org cannot be found :(

[Vladislav Belogrudov]

...




Start your day with Yahoo! - make it your home page 
http://www.yahoo.com/r/hs 

Re: UK Keymap issue

[Vladislav Belogrudov]

--- Edd Barrett [EMAIL PROTECTED] wrote:

 Christian Weisgerber wrote:
 
 Edd Barrett [EMAIL PROTECTED] wrote:
 
   
 
 I have here two x86 machines set up with the uk
 keymap (console not X). 
 holding shift and pressing three should send #.
 It sends # followed by a 
 newline. why is this?
   
 
 It should send a pound sign, but a hash followed
 by \n is sent. The list 
 changed the pound sign to a hash for some reason.
 
 
 
 The top bit got stripped (reset to 0).
 
 Anyway, the console driver does send a pound sign. 
 This character
 is not part of (US-)ASCII.  The console produces
 the byte value
 0xA3, which encodes a pound sign in ISO Latin 1 and
 related character
 sets.
 
 By default, ksh treats characters that have the top
 bit set as
 Meta-character  0x7F, i.e., in your case the
 pound sign is handled
 just like the sequence esc# would be handled. 
 From ksh(1):
 
  comment: ^[#
  If the current line does not begin
 with a comment character, one
  is added at the beginning of the line
 and the line is entered (as
  if return had been pressed);
 otherwise, the existing comment
  characters are removed and the cursor
 is placed at the beginning
  of the line.
 
 So the console is fine, the keymap is fine, it is
 the application
 that handles the character differently than you
 expect.  For OpenBSD's
 ksh, there is a switch if you want to use 8-bit
 characters on the
 command line:
 
 $ set +o emacs-usemeta
 
   
 
 Many thanks for clarifying this.
 
 Edd
 
 

Or you could use vi mode (for vi fans):

$ set -o vi
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: links vs firefox vs ..

[Vladislav Belogrudov]

--- Neta [EMAIL PROTECTED] wrote:

 On 7/13/05, Rod.. Whitworth [EMAIL PROTECTED]
 wrote:
  On Wed, 13 Jul 2005 12:27:40 +0700, Neta wrote:
  
  Just curious!
  Could you show me some related paper that java
 script completely insecure?
  
  Just curious!
  Could you show me how Google did not supply you
 with an answer?
  166000 hits
  40400 if Internet Explorer excluded.
  
  Lazy boy!
 
 If your conclusion is right. Why so many internet
 banking used it?
 Do you have any real experiences with your box?
 
 Neta
 

I agree, almost each banking site has it 
(Citi, Deutsche Bank,...) 




Start your day with Yahoo! - make it your home page
http://www.yahoo.com/r/hs

Re: links vs firefox vs ..

[Vladislav Belogrudov]

--- Hannah Schroeter [EMAIL PROTECTED] wrote:

 Hello!
 
 On Wed, Jul 13, 2005 at 02:18:20AM -0700, Vladislav
 Belogrudov wrote:
 [...]
 
 I agree, almost each banking site has it 
 (Citi, Deutsche Bank,...) 
 
 Postbank (Germany) works with lynx, pure https and
 forms.
 Though they depend on the browser identification,
 with other
 browsers they require javascript and use it in a way
 that it doesn't
 work everywhere (e.g. with older konquerer I have
 problems, links+ dito,
 firefox works though).
 
 Kind regards,
 
 Hannah.
 
 

first reply that did have meaning to me,

danke sehr ;)
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

links vs firefox vs ..

[Vladislav Belogrudov]

I would like to find the most secure www browser
to use on OpenBSD for online banking. Should support
java script and ssl...




Sell on Yahoo! Auctions  no fees. Bid on great items.  
http://auctions.yahoo.com/

wscons: any changes in the near future?

[Vladislav Belogrudov]

I am trying to use console framework on laptops
that don't do X or cannot. I read thru the docs of
wscons  Co and found that some features
still dont work or are not documented. I have bundled
several questions :) I would like to ask:

1) Is the wsconsole framework dependent of NetBSD
development status and do features/bug fixing come
from
there? Or FreeBSD

2) I saw (man wsfontload) that console font can
be loaded once but cannot be changed without
destroying
old console and making new one. There are numerious 
hacks on the Internet how to workaround this
problem...
Will it be enhanced in the near future?

3) Manual pages describe wsconsctl rather very poorly,
there are many settings that are not documented yet
or documented but not working :) Reference to the
source code is not counted - one could just issue
one global manual page like 
 man 0 help: see /usr/src... :)))
My display does not wake up on mouse action but
keyboard does do it (all ctls settings are ok).

4) I would like to change mouse resolution of wsmoused
because working with touchpad is too difficult
on my Dell Inspiron 1150.
wsconsctl seems to know resolution keyword for
mouse but does not change anything. Wireless USB mouse
gives  short read 4!=0 kernel message on boot
sometimes.

5) any unicode aware consoles in the future? 

... Or should everybody get X running and use
console in 7 bit mode? 

OT: I had a question about how to make console bell 
not that loud. The best thing I tried is setting pitch
to 50 - nice sound and not threatening or annoying
anybody around. Currently I play with Inspiron 1150:
apm is not found, internal win modem replaced with
pcmcia 3com156.. will report as soon as get ppp done
:)
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: GRUB's boot parameter - don't do it!!!!

[Vladislav Belogrudov]

I think using grub is shameful and insecure enough :)
I would not rely on boot loader that resides
outside of MBR. The best thing for multi-os pc
is distro-independent loader (e.g. GAG) + partion
loaders for each specific OS. 

Don't want my OpenBSD to depend on
Linux partitions :) My personal opinion


PS: grub still can be second level boot loader, 
e.g. for Linux affiliates. Be careful with GRUB
on Linux partition if you are not yet convinced :) 


--- ikesan [EMAIL PROTECTED] wrote:

 On Thu, 16 Jun 2005 18:39:37 +0200
 Matthias Kilian [EMAIL PROTECTED] wrote:
 
  On Fri, Jun 17, 2005 at 01:12:59AM +0900, ikesan
 wrote:
root (hd2,0,a)
kernel --type=netbsd /bsd
  
  Use the chainloader.
  
 
 I dit it!!
 
 I changed grub's parameter as following.
 
  root (hd2,0,a)#- not hd0
  chainloader +1
 
 It works good.
 
 Thank you!
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Theo gave an interview to Forbes Mag. about Linux

[Vladislav Belogrudov]

100% right words!

---
Dissapointed Linux user/admin/developer since 1998



--- J. Lievisse Adriaanse [EMAIL PROTECTED]
wrote:

 Theo gave an interview to Forbes Magazine, in which
 he stated: It's terrible, De Raadt says. Everyone
 is using it, and they don't realize how bad it is.
 And the Linux people will just stick with it and add
 to it rather than stepping back and saying, 'This is
 garbage and we should fix it.' 
 
 Nice to read though as an ex-Linsux'er :)
 
 Jasper
 
 -- 
 checking whether you're still watching...probaly
 not :-)
 /usr/ports/x11/wmx configure script.
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Your worst dream comes true, thanks to Intel

[Vladislav Belogrudov]

So there will be no need for dongling? ;)
(probably only intel does not have host id or
alike yet). One can think of identity management
be it for securing or licensing..
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: Safe development

[Vladislav Belogrudov]

subversion it then... binary diffs are there :)

--- Timothy Donahue [EMAIL PROTECTED] wrote:
 On Friday 20 May 2005 03:59 am, Stephan Wehner
 wrote:
  What am I trying to back up?
 
  What happened to me was I was running Mepis, and
 did an apt-get xfce4
  (I think it was xfcr4). But then startx wouldn't
 work any longer. I
  thought apt-get would be pretty safe...
  Then I switched to FreeBSD and after a
 port-upgrade installed the new
  version of firefox. Then firefox wouldn't work any
 more.
 
  In both cases I had no clue what had changed, or
 how to undo it.
 
  Hence my original question. I think starting over
 with OpenBSD will be
  worth it. But I'm trying to decide on a good way
 to set up backups
  right from the start.
 
  Are you saying I should put the /usr and /etc
 directories and so on in
  a cvs repository? Will I get to know which files
 to checkout as I
  install more ports? Or instead of a cvs repository
 I thought of just
  taking snapshots before any system changes. But
 then I thought this
  should be a common problem so I asked how to go
 about it.
 
 
 How about tar and a DVD burner or a USB harddrive. 
 Granted, this is not an 
 ideal backup situation but if all you are worried
 about is restoring after an 
 update then it should work fine. 
 
 CVS, well you are going to need GOBS of diskspace to
 keep the repository in.  
 Every time a binary file gets updated it will keep a
 full copy of the updated 
 file, not a very efficient way to go about keeping a
 system snapshot.
 
 Tim Donahue
 
 



Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html