Re: ordering

[ludovic coues]

On 16 Apr 2017 8:12 am, "Theo de Raadt"  wrote:

Hi Vijay and everyone else,

> I had sent an email to ord...@openbsdstore.com regarding this
> yesterday and they replied that "there isn't a 6.1 cd, please check
> out the obsd.org site to persuade them to make one...". However I did
> not want to bother the list and the developers in case CDs are not the
> way to go.  I did a search on mailing list messages but did not see
> anything about 6.1 CDs.

True.  The 6.1 ANNOUNCEMENT does not list an upcoming CD.

6.0 was announced as the last CD release.

6.0 says so in the liner notes.

It is hard to believe OpenBSD followers missed that.

6.0 had 6 songs.  It was meant to be over the top, a celebration.

I sung the lyrics for the 6th song:

 Goodbye CDs
 I'm done with you today
 Goodbye
 Goodbye
 Goodbye
 No more pre-production
 And no more long delays
 So I have peace
 Of mind
 Goodbye.

I am a sorry for people who missed the cues, but this change is
personal.  I made 40 CD releases in 20 years, investing personal
effort and risk to build and sustain the costs of this project and
sub-projects.

I do not want to keep making CDs to sustain myself and the project
anymore.  Other ways need to work now.

The decision is not only economical.  I don't want the "friction" of
trying to achieve high-quality production of collector item data CDs
twice a year, in 2017.  6.0 was a high-quality CD release like
previous ones, but don't want to expend the effort of producing and
testing to make sure 6.1, 6.2 etc are up to that standard.  It is
better to call it quits on a high note.

Having done 6.1 without a CD, we learn that incorporating CDs into the
production cycle has been a big drag, basically 1 month out of 6.
Other project developers and processes were locked to that cycle.  It
is shocking how easy a release cycle is without a CD.  Generally our
tree is always ready, we may be able to do future releases at the drop
of a hat.

As long as we produce a release the developers can be proud of.  That
is more important than making a CD -- by far.

> So I am thinking that the CD's may be ready only by May 1 and the
> release date was pushed earlier for some reason (just a guess
> because in 2015 and before, CDs were released in May and November)

The shop will not be selling 6.1 CDs.

Most things come to an end, sorry.

> If no OpenBSD CDs are going to be released, then probably it is better
> to just send a donation to the OpenBSD foundation and/or to Theo de
> Raadt.

Vijay, that is the correct way to sustain the software.

The CDs haven't pulled in sustaining revenue for many years.

Based upon income from contributors the Foundation performs a
fantastic function -- making worries and problems disappear.

> If CD's are going to be released, of course, I would be first
> in line since I have all CD's since 2.8 :)

That is a good collection.  I have one of each, and ones before that.
I've heard that 2.5 is the most difficult to acquire.

I think the audio CDs are undervalued.  They contain no dorky software
-- they are lyrics + music + drawing, just art.  Dorky art sure, but
no software...

Sorry guys.

Anyone want to buy some well-used CD burners?


I have a pair of questions.

Are there any plan to release audio CD at more or less regular intervals ?
I only bought the last one and I really like it

Could the project offer a ballpark estimate of the difficulty to release a
token object with each release ? I'm thinking of something like a blank usb
key, maybe in a box similar to the one used for the release CD.

The idea would be to offer a physical token which could be produced without
any impact to the core project. Just like the song, which are not released
yet as far as I know.

Re: Why isn't OpenBSD in Google Summer of Code 2017?...

[ludovic coues]

On 6 Apr 2017 12:59 am, "Luke Small"  wrote:

I suspect that unless you really know what you are doing, you'll never
satisfy
the OpenBSD gods. I suspect that there is a good reason that pkg_add was
rewritten in perl. I suspect because it may have been written in perl. And
just like that a
good idea wasn't completely done in another way.

There are no "OpenBSD" gods. Only a few developer with something like 20
years of experience writing C code.
They managed to work for a project that value good work as much as they do.

So of course they won't let any junk in the tree. And saying stuff like "we
could do privsep later" won't help.
If you need an example of how to do it the right way, look at xwallpaper.
Someone found something to improve. They have done that and put the code
somewhere accessible. I might end up in the tree, it might not. Who know ?

Two years ago, I was told there is a lot of work to do on the usb stack.

Re: Openup and stable

[ludovic coues]

You might have missed the email from Antoine Jacoutot about syspatch,
on the first december last year

See http://man.openbsd.org/syspatch

2017-03-25 9:49 GMT+01:00 Andreas Thulin :
> Hi all!
>
> I'm running 6.0 -stable using openup for patching. I think it works very
> well since it's so convenient. At the same time I realise there are trust
> and security concerns with people like myself, who "blindly" install
> patches without understanding the details. I suppose my problem is that I'm
> not a developer and cannot make a fair assessment just by reading code, so
> neither patch method would be secure for me. I'm the risk, so to speak.
>
> Anyway, to my question(s): Is openup considered good or bad practise, and
> for what reasons, as you see them? Has there ever been plans among OpenBSD
> developers to make following -stable easier for "users" such as myself?
>
> I failed to find enough info about this topic in the archives, but please
> point me in the right direction if you happen to know about applicable
> threads.
>
> Humbly,
> Andreas
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Is OpenBSD using SHA1 anywhere?

[ludovic coues]

HMAC-SHA1 is used

https://www.schneier.com/blog/archives/2005/02/sha1_broken.html
"although it doesn't affect applications such as HMAC where collisions
aren't important"

2017-02-25 10:56 GMT+01:00 minek van :
> In the blog:
> https://blog.filippo.io/so-i-lost-my-openbsd-fde-password/
> I seen that "sha1" is still used, but afaik 6.1 will have a different FDE.
>
>> Sent: Thursday, February 23, 2017 at 5:27 PM
>> From: "Christian Weisgerber" 
>> To: misc@openbsd.org
>> Subject: Re: Is OpenBSD using SHA1 anywhere?
>>
>> On 2017-02-23, Marc Espie  wrote:
>>
>> > Talking from the ports side, ports and packages moved to SHA256
>> > back in 2007/2008.
>>
>> To be expressly clear: Marc is referring to the ports and packages
>> infrastructure here.  The packaged third-party software still
>> contains many uses of SHA1; some may be harmless, some are embedded
>> into protocols that can't be easily changed.
>>
>> > Ports distinfo made it the only default in 2007, and pkg tools moved 
>> > straight
>> > from md5 to sha1.
>>^^^
>>   to sha256
>>
>> (Unfortunate typo.)
>>
>> --
>> Christian "naddy" Weisgerber  na...@mips.inka.de
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

l2tp/ipsec from chromebook to openbsd stop after a few minutes

[ludovic coues]

Hello,
I am trying to setup a vpn from my chromebook to an openbsd machine at
home. Currently, I am able to establish a connection and access my
home network.

The issue is that I can't initiate any new connection after a few
minutes. Trying to ping any machine on the home network will fail but
already established SSH session still work perfectly.

I would like any pointer on what is happening, what am I doing wrong
or how to find out anything which could help me understand.

Thanks a lot

Here is the config from the machine at home. I redacted password and
psk. home.jellycopter.net is the hostname of the machine

cat /var/run/dmesg.boot

OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4179034112 (3985MB)
avail mem = 4047908864 (3860MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebec0 (46 entries)
bios0: vendor Intel Corp. version "FYBYT10H.86A.0052.2015.0923.1845"
date 09/23/2015
bios0:
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\
M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\
M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices UAR5(S4) UAR8(S4) PS2K(S3) PS2M(S3) XHC1(S4)
EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PWRB(S0) BRCM(S0)
BRC3(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2167.16 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2166.67 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,
LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (RP03)
acpiprt4 at acpi0: bus 4 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(1000@1 mwait.1)
acpicpu1 at acpi0: C1(1000@1 mwait.1)
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpipwrres3 at acpi0: CLK0, resource for CAM1
acpipwrres4 at acpi0: CLK1, resource for CAM0, CAM2
"INT3396" at acpi0 not configured
"ITE8713" at acpi0 not configured
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: LID0
"BCM2E1A" at acpi0 not configured
"BCM4752" at acpi0 not configured
"INTCF0B" at acpi0 not configured
"INTCF1A" at acpi0 not configured
"INTCF1C" at acpi0 not configured
"SMO91D0" at acpi0 not configured
"ATML1000" at acpi0 not configured
"ATML2000" at acpi0 not configured
"INT33BD" at acpi0 not configured
acpivideo0 at acpi0: GFX0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e
inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1024x768
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: msi, AHCI
1.3
ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3
0/direct fixed naa.50004cf20e0f34d9
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0e: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel Bay Trail HD Audio" rev 0x0e: msi
azalia0: codecs: Realtek/0x0283, Intel/0x2882, using Realtek/0x0283
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail I2C" rev 0x0e: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x73,

Re: touchscreen on advantech PPC-3100

[ludovic coues]

xtsscale might help with the calibration process

2017-01-20 9:27 GMT+01:00 Marko Cupać :
> On Fri, 20 Jan 2017 10:15:09 +0200
> Mihai Popescu  wrote:
>
>> > I'm sending dmesg below, if anyone has any advice on how to make
>> > touchscreen work (besides 'write your own driver' :) I'd be
>> > grateful to hear it.
>>
>> I might be wrong, but I think OpenBSD lacks support for any kind of
>> touchscreen. If anyone heard about any kind of support, please speak.
>>
>
> I heard of it, and have it working, on advantech TPC-1261H-A1. Besides
> a bit of hassle with figuring out calibration values for xorg.conf it
> just worked.
>
> --
> Before enlightenment - chop wood, draw water.
> After  enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/
>



--

Cordialement, Coues Ludovic
+336 148 743 42

Re: [httpd] Multiple HTPS servers & redirection

[ludovic coues]

You haven't poster a dmesg.
I looked recently into this and as far as I understand the situation,
using multiple TLS certificate on the same IP won't work unless httpd
use the SNI TLS extension. That isn't the case with the version of
httpd shipped with OpenBSD 6.0 but should be the case with
OpenBSD-current.

2017-01-14 9:40 GMT+01:00 Olivier :
> Hello all,
>
> Sorry for the delay.
>
> Yes i am using the " tls certicate file *option*" for both servers :
>
> (...)
> server "daenerys.burelli.fr" {
>  listen on $ext_addr port 80
>  block return 301 "https://$SERVER_NAME$REQUEST_URI";
>  }
> server "daenerys.burelli.fr" {
> listen on $ext_addr tls port 443
> root "/htdocs/default"
> log style combined
> hsts
> tls {
> certificate "/etc/ssl/daenerys.burelli.fr.crt"
> key "/etc/ssl/private/daenerys.burelli.fr.key"
> }
> (...)
>  server "cloud.burelli.fr" {
>  listen on $ext_addr port 80
>  block return 301 "https://cloud.burelli.fr:444/$REQUEST_URI";
> }
> server "cloud.burelli.fr" {
> listen on $ext_addr tls port 444
> root "/htdocs/nextcloud"
> directory index index.php
> hsts
> tls {
> certificate "/etc/ssl/cloud.burelli.fr.crt"
> key "/etc/ssl/private/cloud.burelli.fr.key"
>
> }
>
> (...)
>
>
> In fact  I understand here that httpd is listening on tcp port 80 for each
> websites.
>
> httpd split request from each sever based on $SERVE_NAME to call correct
pages
> for each $SERVER_NAME websites.
>
> I would like to know if is possible to redirect the request on tcp port 80
URI
> based on $SERVER_NAME to each https server on different port (443 & 444,
> depending on $SERVER_NAME).
>
> If yes what is the best way ?
>
>
> -Message d'origine-
> De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de
> Joris Vanhecke
> Envoyé : Thursday, December 29, 2016 11:48 PM
> À : misc@openbsd.org
> Objet : Re: [httpd] Multiple HTPS servers & redirection
>
> On Sun, 25 Dec 2016, at 12:24 PM, Olivier wrote:
>> Hello all,
>>
>> I would like to know, what is the best practice to manage multilple
>> https servers with httpd. I installed 2 certificates for both hostname
> below:
>>
>> _ daenerys.burelli.fr
>> _ cloud.burelli.fr
>>
>> I would like to redirect all request for:
>>
>> _ http://daenerys.burelli.frto https://cloud.burelli.fr → OK
>> _  http://cloud.burelli.fr  to https://cloud.burelli.fr:444
→
>> KO - however the certificate is ok when I try to reach directly
>> https://cloud.burelli.fr:444
>>
>> I would like to avoid to obtain the followings message for second
>> https
>> server:  SSL_ERROR_BAD_CERT_DOMAIN (The certificate is only valid for
>> the following names: daenerys.burelli.fr, www.daenerys.burelli.fr)
>>
>> Part of my httpd.conf:
>>
>> server "daenerys.burelli.fr" {
>> listen on $ext_addr port 80
>> block return 301 "https://$SERVER_NAME$REQUEST_URI";
>> }
>>
>> server "daenerys.burelli.fr" {
>> alias "www.burelli.fr"
>> listen on $ext_addr tls port 443
>> (…)
>> }
>>
>> server "cloud.burelli.fr" {
>> listen on $ext_addr port 80
>> block return 301 "https://cloud.burelli.fr:444/$REQUEST_URI";
>> }
>>
>> server "cloud.burelli.fr" {
>> listen on $ext_addr tls port 444
>> (…)
>> }
>>
>> I tried also with: block return 301
>> https://$SERVER_NAME:444$REQUEST_URI
>> or
>> block return 301 https://cloud.burelli.fr:444$REQUEST_URI
>>
>> What is the right way to rewrite the URL?
>>
>> Thanks in advance for your help and support.
>>
>> Olivier.
>>
>
> Seems like httpd is using the first cert for both domains.
> Are you using the "tls certificate *file*" option?
>



--

Cordialement, Coues Ludovic
+336 148 743 42

Re: -current not autobooting?

[ludovic coues]

Have you read the manpage for boot.conf ?
With your config, the boot> prompt should wait a full minute before
trying to load a kernel. Default is 5 seconds.

Also, I don't have a boot.conf file on my system.

2017-01-14 9:07 GMT+01:00 jungle boogie :
> Hi All,
>
> Running OpenBSD 6.0-current (GENERIC.MP) #137: Fri Jan 13 21:37:22 MST 2017
>
> I'm noticing that when I reboot the machine, it doesn't boot past boot>
> unless I press enter. I do have a timeout set for 60 seconds, which allows
> me time to boot the bsd.rd file.
>
> $ cat /etc/boot.conf
> set tty com0
> set timeout 60
>
> Has anyone else noticed this?
>
> Thanks!
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Is it possible to follow -current after missing several versions?

[ludovic coues]

Your best bet is to upgrade to 5.6-stable, then 5.7, 5.8, 5.9, 6.0 then -current

As far as I know, OpenBSD only support upgrade from one version to the
next one. 5.5-current to 6.0-current is skipping a lot of version.

2017-01-03 16:31 GMT+01:00 Panagiotis Liakos :
> Hello all,
>
> I have an old installation of OpenBSD that is following -current and I
> had successfully done so going from 5.5 to 5.6 a long time ago. Today
> I tried to follow -current again and I stepped into several issues.
>
> At first, kernel build failed and I found out that as of 2015-09-11 I
> have to update config(8) before building. Therefore, I tried to update
> config(8) with:
>
> cd /usr/src/usr.sbin/config
> make obj && make cleandir && make depend && make && make install
>
> which also fails because it tries to use pledge(2) which was introduced in 
> 5.9.
>
> So now I am wondering what options do I have? Is it possible to follow
> -current at this stage? Can I (or should I) go to a stable release
> instead?
>
> Thanks a lot,
> Panagiotis
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Browser is getting slower?

[ludovic coues]

What do you means by etc ?
Have you checked if the same issue happen with chromium or with
iridium on a different OS ?

2016-11-21 20:35 GMT+01:00 George Pediaditis :
> I have installed https everywhere,  bookmarks tagging and signal
> private messenger.
> I have openbsd on my laptop so iridium isnt running all the time.
>
> On Mon, Nov 21, 2016 at 5:35 PM, Gregory Edigarov  wrote:
>> On 21.11.16 15:56, George Pediaditis wrote:
>>>
>>> Ok you are right im sorry.
>>> Im definitively sure that iridium(its like chromium) is getting slower
>>> after a couple of weeks. Its so slow that im waiting 7+ sec to start.
>>> Also cpu is high and everything on the browser is really slow.  The
>>> problem is solved when i clean my history etc. Now it takes about 1-2
>>> sec to start it.
>>> I have tried Firefox before but its even worse.It crashes is slow and
>>> cpu is high.
>>
>> which extensions are installed in iridium?
>> is iridium always running, or you load it every time?
>>
>>> This is my dmesg.
>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>>> RTC BIOS diagnostic error 80
>>> real mem = 8474267648 (8081MB)
>>> avail mem = 8212963328 (7832MB)
>>> mpath0 at root
>>> scsibus0 at mpath0: 256 targets
>>>
>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>>> RTC BIOS diagnostic error 80
>>> real mem = 8474267648 (8081MB)
>>> avail mem = 8212963328 (7832MB)
>>> mpath0 at root
>>> scsibus0 at mpath0: 256 targets
>>> mainbus0 at root
>>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
>>> bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
>>> bios0: LENOVO 80SR
>>> acpi0 at bios0: rev 2
>>> acpi0: sleep states S0 S3 S4 S5
>>> acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
>>> DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
>>> FPDT
>>> acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
>>> RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
>>> PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
>>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>>> acpihpet0 at acpi0: 2399 Hz
>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>> cpu0 at mainbus0: apid 0 (boot processor)
>>> cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
>>> cpu0:
>>>
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>>
>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>>
>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>>
>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>>
>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>>> ,SENSOR,ARAT
>>> cpu0: 256KB 64b/line 8-way L2 cache
>>> cpu0: smt 0, core 0, package 0
>>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>>> cpu0: apic clock running at 23MHz
>>> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
>>> cpu1 at mainbus0: apid 2 (application processor)
>>> cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>>> cpu1:
>>>
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>>
>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>>
>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>>
>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>>
>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>>> ,SENSOR,ARAT
>>> cpu1: 256KB 64b/line 8-way L2 cache
>>> cpu1: smt 0, core 1, package 0
>>> cpu2 at mainbus0: apid 1 (application processor)
>>> cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>>> cpu2:
>>>
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>>
>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>>
>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>>
>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>>
>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>>> ,SENSOR,ARAT
>>> cpu2: 256KB 64b/line 8-way L2 cache
>>> cpu2: smt 1, core 0, package 0
>>> cpu3 at mainbus0: apid 3 (application processor)
>>> cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>>> cpu3:
>>>
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>>
>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>>
>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>>
>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>>
>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>>> ,SENSOR,ARA

Re: softraid(4) full-disk encryption on SSD

[ludovic coues]

Trim and ssd longevity and what not may have been an issue when ssd where a
novelty.
These day, it should last just as long as an hard drive. So make backups if
what matters and don't worry about your disk.

On 16 Nov 2016 5:54 p.m., "Ax0n"  wrote:

> I'm taking the plunge now. Mostly, I was concerned about SSD longevity and
> if TRIM would be a problem due to the different way data is going to be
> accessed. It was the cheapest drive I could find locally anyway, and I keep
> good backups (dump to a much larger external drive that's also using
> softraid crypto) so I suppose if it burns up in a year it's not really that
> big of a problem.
>
> On Wed, Nov 16, 2016 at 10:33 AM, Marc Peters  wrote:
>
> > Am 11/16/16 um 17:07 schrieb Ax0n:
> > > I'm less concerned about swap, and more concerned about how a fully
> > > encrypted softraid Solid State Disk is going to act. I can't find a lot
> > > about FDE on SSD.
> > >
> >
> > It acts as a normal harddisk would, just faster :). I had one in my
> > worklaptop i used before for about two years and i have one in my
> > worklaptop. No problems.

Re: Running OpenSMTPD at home behind a cloud proxy

[ludovic coues]

Why not use opensmtpd on the VPS to relay your mail ?

A rule like "accept for domain example.com relay via
secure://you.dynamic.dns" should do what you want if I read the man
correctly

2016-11-13 23:25 GMT+01:00 Jiri B :
> On Sun, Nov 13, 2016 at 10:51:22PM +0100, Joris Vanhecke wrote:
>> Hey all,
>>
>> I'd like to pull my emails out of the cloud and run them on a local
>> server (pcengines APU2 looks good).
>> My ISP blocks tcp ports below 1024 and sending email from a residential
>> (dynamic) IP might mark my email as spam.
>>
>> Right now I'm thinking of renting a cheap VPS and using it as a proxy
>> for my home server which would use a dynamic DNS.
>> I don't really want a copy of the email on the VPS so I was planning to
>> use relayd or socat to route incoming traffic to my local OpenSMTPD
>> server.
>>
>> But I don't really see a way to proxy outgoing connections from smtpd...
>>
>> Any ideas?
>
> What about to have paused remote delivery on cloud proxy (and deliver
> on request initiated from home server) and paused remote delivery on home
> mail server as well and unpause the queue when you do tcp port forwardning
> to cloud host as well.
>
> Or just run VPN between cloud host and home host. If either of them won't
> be available your mail will stay in queue.
>
> j.
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Dell R930 server

[ludovic coues]

I would say big data.

Stackexchange have a pair of SQL Server, with 384Go of memory for
stackoverflow and 768 for everything else, a Redis server with 256, a
server for elasticsearch with 192 and same quantity for an HAProxy
server.

And that's just a successful website. They aren't a search engine or a
social network

2016-11-08 23:38 GMT+01:00 Mihai Popescu :
> | Does OBSD "see" all the 96*128G memory available ?
>
> Out of curiosity, what does need such a memory today? Do you want to
> use a ramdisk?
>
> Thanks.
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Is 6.1 expected to happen soon?

[ludovic coues]

If you need a rough estimate, you can add 6 months to the date of the
last release.

2016-11-03 6:56 GMT+01:00  :
> I know, it'll happen when it happens...
>
> I have a few servers that could really use the updated SMP stuff that
> -current has. For some applications it's a night and day difference, but I'm
> not all to comfortable running -current on production machines. I'm just
> trying to gauge whether or not i should hold out a bit longer or just bite
> the bullet and test some snapshots. With 6.0 being released in September i
> am not sure if i should expect 6.1 any time soon.
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Booting BSD on a Libreboot system - documentation needed

[ludovic coues]

Do any of you mind to drop the off topic, pretty please?

it's a thread about booting BSD on hardware with the libreboot BIOS/UEFI.
Not... whatever you are doing here.


2016-10-06 23:15 GMT+02:00 Gareth Nelson :
> To be clear, it's not "the libreboot side" but rather "The Leah Rowe side"
> - to date she has not offered any evidence of her accusations.
> From my viewpoint it seems VERY doubtful that the FSF would be bigoted
> towards trans people and i'm inclined not to believe the accusation.
>
> Leah: I also have to ask why you are only now looking into supporting the
> BSDs better. The GNU project is not anti-BSD as you seem to believe.
>
> Remember that GRUB contains code to load BSD kernels - in fact the last
> time I installed OpenBSD I did so by loading bsd.rd from GRUB.
>
> Leah - you might remember me as GarethTheGreat on freenode. I had a lot of
> respect for your efforts with libreboot and gluglug and hoped to buy
> a laptop from you at some point. I will no longer do so as I am a proud
> supporter of the FSF and can see you actively slandering some good people.
>
> I'd rather not drag the OpenBSD mailing lists into such drama so I will not
> comment further.
>
>
> ---
> “Lanie, I’m going to print more printers. Lots more printers. One for
> everyone. That’s worth going to jail for. That’s worth anything.” -
> Printcrime by Cory Doctrow
>
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.gnu.org/philosophy/no-word-attachments.html
>
> On Thu, Oct 6, 2016 at 1:09 PM,  wrote:
>
>> On Thu, 6 Oct 2016 15:05:04 +1100
>> Aaron Mason  wrote:
>>
>> > Holy frijole, just reading some of the responses from the some people
>> > in GNU - I'm at the point where I'm not entirely convinced that GNU
>> > isn't a cult, with Stallman as the high almighty leader.
>>
>> I am suspicious of both sides. Libreboot's team talks about
>> "transgender discrimination" of employees at GNU, without actually
>> explaining what went on over at GNU that was anything serious, or
>> anything "transgender" related.
>>
>> The Libreboot side claims some people got fired just for being
>> transgender. I could not see anything more than just that claim, and a
>> list of employees who were "discriminated" against.
>>
>> However, all the GNU side responses, as cult-ish as they are, are
>> somewhat valid if Leah and co have set the copyright to the FSF, in
>> which case there is no easy way out other than a fork. Leah and co have
>> to be careful, because have a look at this:
>> http://www.guidestar.org/FinDocuments/2007/412/165/
>> 2007-412165986-036368a0-9.pdf
>>
>> As of writing this message, we are in the 2010's, where anyone and
>> everyone uses "(trans)gender discrimination" or "racial discrimination"
>> to avoid accountability. A little suspicion, cynicism, and scepticism
>> could reduce potential embarrassment.
>



--

Cordialement, Coues Ludovic
+336 148 743 42

Re: FDE on BeagleBone Black

[ludovic coues]

Simply go to your favorite openbsd mirror and check the packages
directory. You will get up to date information about what packages are
available and which are not.
>From what I've seen, there is no package for armv7 / openbsd6.0. I
haven't checked snapshots.

2016-09-28 6:48 GMT+02:00 L.R. D.S. :
> Hi,
> I'm thinking of buying a new toy board like BeagleBone Black to test the 
> armv7 port.
> It's already possible to do full disk encryption on these boards?
> Also, as a side question, I remember some discussion here on misc or tech, 
> about no
> support for binary packages on armv7 port. Is it still right, I'll have to 
> compile
> all by myself? I'm already feeling the pain to compile ffmpeg by myself...
> Thanks in advance.
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: FW Hardware

[ludovic coues]

Like other have said, PC Engines might be your best bet.
Edgerouter lite and PoE are another alternative. They run on Octeon
[1]. They might be a bit less expensive with somewhat smaller form
factor. They also should be easier to get, like $90 on amazon.
Installation might be easier on PC Engines.

You'll notice a lot of modal. I don't own either device, all the
comments are second hand.


[1] https://www.openbsd.org/octeon.html

2016-09-22 19:58 GMT+02:00 L. V. Lammert :
> There have been some good discussions lately about HW capable of running a
> lot of traffic, .. but this question is about the other end of the
> spectrum.
>
> Have a need for a small FW appliance that can be used to protect a single
> machine and provide a simple way to whitelist a single IP or two.
>
> Two HW ethernet ports, OBSD compatible, small form factor, low cost.
>
> Any recommendations?
>
> Thanks!
>
> Lee
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: might it be better to have three paths lists

[ludovic coues]

Split your program. Stricter privilege separation.
Replace thread with fork, you will have self contained program unit.
An overflow in one won't affect the other. And each piece will have
tighter pledge.



2016-09-03 12:37 GMT+02:00 Luke Small :
> If a program requires studio, wpath, rpath, dns, and inet. It spawns
> multiple threads. The socket binding thread is taken over, runs arbitrary
> code that overflows a buffer of the thread listening to a pipe with rpath
> and stdio permissions it reads the binary of an executable the company wants
> to remain private, but is on the paths list, which gives the process
> unintentional read permissions and sends it to the attacker.
> Because we know everybody writes perfect code. With finer grained paths
> permissions, it is possible to gain even better control amidst really well
> pledged and privilege separated programs(even if they are imperfectly
> bounded), it may be possible to have a slightly more complicated paths setup
> with less privilege separation, written by programmers that spend a bit less
> time with privilege separation, to meet deadlines and achieve comparable
> results.
>
>
> On Sat, Sep 3, 2016, 04:41 ludovic coues  wrote:
>>
>> 2016-09-03 11:04 GMT+02:00 Luke Small :
>> >
>> >
>> > Sorry  I was in the middle of something, but pledge can be a broad
>> > brush,
>> > unless you are dealing with one file, whether it is executed, read, or
>> > written and giving per process file permissions sounds pretty neat, and
>> > it
>> > might just be a little simpler than making new users for each subset of
>> > privileges, populating each chrooted home folder with a specific set of
>> > permissions (as is what appears to me to have happened with pkg_add).
>> > Since
>> > pledge's promises can make it where you can execute a file without read
>> > permission, it seems ideal to continue that tradition with the paths
>> >
>> >   On Sat, Sep 3, 2016, 03:07 Luke Small  wrote:
>> >>
>> >> In pledge, presumably there will be an accessible paths list. Maybe you
>> >> grant a process root access, and you need to read a file which is only
>> >> granted by root access, and you need write access for another file, so
>> >> the
>> >> pledge permissions reflect that. On the presumed current path, you
>> >> would
>> >> leave write access for the first file and maybe you don't need the
>> >> process
>> >> to have read permissions on an execl() program. You can prohibit your
>> >> process from reading your software or binary, even if it may have
>> >> permissions to do so.
>> >>
>>
>> That's not a specific use case.
>> Either you should provide a patch or an exemple of a real program that
>> is limited by the current design of pledge.
>>
>> Currently, if you want a program that can only read a file, you pledge
>> rpath. If you want the ability to exec file, you pledge exec.
>>
>> If you want a program that can exec a set of file and write in
>> another, either you run your program as a user and group that can't
>> write the set of file you want to exec (W^X) or you write two program,
>> one pledging for write the other for read.
>>
>> There following paper have an exemple of how the second design can be
>> done.
>> http://quigon.bsws.de/papers/2014/asiabsdcon/mgp00010.html
>>
>>
>> --
>>
>> Cordialement, Coues Ludovic
>> +336 148 743 42



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: might it be better to have three paths lists

[ludovic coues]

2016-09-03 11:04 GMT+02:00 Luke Small :
>
>
> Sorry  I was in the middle of something, but pledge can be a broad brush,
> unless you are dealing with one file, whether it is executed, read, or
> written and giving per process file permissions sounds pretty neat, and it
> might just be a little simpler than making new users for each subset of
> privileges, populating each chrooted home folder with a specific set of
> permissions (as is what appears to me to have happened with pkg_add). Since
> pledge's promises can make it where you can execute a file without read
> permission, it seems ideal to continue that tradition with the paths
>
>   On Sat, Sep 3, 2016, 03:07 Luke Small  wrote:
>>
>> In pledge, presumably there will be an accessible paths list. Maybe you
>> grant a process root access, and you need to read a file which is only
>> granted by root access, and you need write access for another file, so the
>> pledge permissions reflect that. On the presumed current path, you would
>> leave write access for the first file and maybe you don't need the process
>> to have read permissions on an execl() program. You can prohibit your
>> process from reading your software or binary, even if it may have
>> permissions to do so.
>>

That's not a specific use case.
Either you should provide a patch or an exemple of a real program that
is limited by the current design of pledge.

Currently, if you want a program that can only read a file, you pledge
rpath. If you want the ability to exec file, you pledge exec.

If you want a program that can exec a set of file and write in
another, either you run your program as a user and group that can't
write the set of file you want to exec (W^X) or you write two program,
one pledging for write the other for read.

There following paper have an exemple of how the second design can be done.
http://quigon.bsws.de/papers/2014/asiabsdcon/mgp00010.html


-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: might it be better to have three paths lists

[ludovic coues]

What is the use case ?

2016-09-03 4:15 GMT+02:00 Luke Small :
> wouldn't it be more secure to have a write, read, and execute capable paths
> lists in pledge()
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: php and W^X

[ludovic coues]

you can recompile and mark with PT_OPENBSD_WXNEEDED every port
requiring wxallowed. Then you can remove wxallow from /usr/local.

2016-09-02 10:21 GMT+02:00 Thuban :
> Hello,
> It seems that php-7.0 require wxallowed.
> I don't like the idea to "wxallow" the whole /usr/local.
>
> Do you have any advice?
>
> Regards
> --
> /Thuban/
>
> [demime 1.01d removed an attachment of type application/pgp-signature which 
> had a name of signature.asc]
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Recommendation about an Alfa usb wireless adapter to use it as HostAP

[ludovic coues]

A quick look at the website show that most older models use realtek
chip while newer device don't specify anything. One can assume that if
the chip is unspecified, they will use whatever work for each
manufacturing batch. Then you are in the wonderful world of wireless
chips, full of uncertainty and surprise.

Best case scenario, they still use realtek chip and the device will be
covered by one of on the urt driver, rsu, urtw or urtwn. The complete
list of driver for usb wireless network interface is available at
usb(4)

2016-09-02 9:43 GMT+02:00 C. L. Martinez :
> Hi all,
>
>  I would like to install OpenBSD as a hostap for my home. I have done the
same in the past, running OpenBSD as a kvm guest on my laptop and all works
really well. I am thinking to use an Alfa (http://www.alfa.com.tw) usb
wireless adapter. There is not much information in Alfa's web about which of
them can run as a HostAP.
>
>  Any recommendation? Maybe AWUS036ACH can supports this functionality, but I
am not sure ...
>
> Thanks.
> --
> Greetings,
> C. L. Martinez
>



--

Cordialement, Coues Ludovic
+336 148 743 42

Re: multidomain DKIM

[ludovic coues]

On the DNS side, you setup your DKIM key as a TXT field.
Name is of the form ._domainkey[. .
Value is of the form "k=rsa;p=".

selector is mandatory. The DKIM signature will specify which selector
to use. It allow for exemple signature rotation. You can set a DKIM
key with selector "summer2016" and a TTL of 3 years then you can start
using a new DKIM key with selector "fall2016" at anytime, simply by
using the new selector.

subdomain is optional and you shouldn't specify the full domain. The
recipient of mail al...@blue.exemple.org will request
selector._domainkey.blue.exemple.org and the DNS will reply with TXT
entry selector._domainkey.blue from DNS zone for exemple.org.

for the value, a decent key size will be a lot longer than the maximum
allowed size for a single DNS value. So you need to split it into
chunk of less than 256 character. Using nsd, it will look like that:
name IN TXT ("k=rsa;p=start_of_key" "following_part_of_key")

You can use dig to check your work with the following syntax:
dig +short sandshrew._domainkey.casting.mattic.org TXT

To answer your question, no. This maillist is for miscellaneous
question related to openbsd. So you can expect people to answer
question about how to setup an authoritative DNS nameserver but
general question about DKIM are a bit out of scope.

2016-08-30 8:50 GMT+02:00 Kasper Haitsma :
> Is this the right maillist, to ask about DKIM (if not, please point me
> to the correct one)
>
> regards,
> Kasper
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Installer overwrites partition table

[ludovic coues]

2016-08-26 19:22 GMT+02:00 Ali Farzanrad :
> Stuart Henderson wrotes:
>
>>On 2016-08-24, Bertram Scharpf  wrote:
>>> The installers partitioning tool didn't offer me a variant
>>> that keeps my existing partitions.
>>
>>If you wanted to try it again, when it asks "Use (W)hole disk or
>>(E)dit the MBR?", choose E.
>>
>>It doesn't exactly hold your hand every step of the way, but
>>what could be clearer than "Use whole disk"?
>>
>
> The installer has 2 different steps to partitioning your disk.
> At first ("Use (W)hole disk MBR, whole disk (G)PT or (E)dit?") it uses
> fdisk(8) and after this step it will overwrites your partition table.
>
> The next step ("Use (A)uto layout, (E)dit auto layout, or create (C)ustom
> layout?") could not recover you partition table from previous step even by
> pressing Ctrl+C.
>

I'm pretty sure that the OpenBSD layout have *nothing* to do with what
is written in the MBR  or GPT.
That's why the partition table is lost when the installer is asking
about the layout. You told him to use the whole disk.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Installer overwrites partition table

[ludovic coues]

On 24 Aug 2016 10:02 p.m., "Bertram Scharpf" 
wrote:
> This installer nuked away my whole notebook. Who wouldn't
> get anrgy about that. If it is trolling to complain about
> that, then after all I am a troll. If it is _not_ trolling
> to write "lie", "bullshit" and to call me a "Hundepimmel"
> (dogs willie), then I hope that I'm a troll.

Being a troll is not about being rude but making people lose their time.
You came here with grand claim that the installer failed on you and
basically have gone "fuck you, this thing make me dust up my back up, I'm
not helping you". A bug report without the most basic info to help resolve
the bug is a trolling attempt.

You had a notebook with a blank hard drive. You could have installed a
random Linux in 5 minutes then redone the openbsd installer step by step
until you find which step overwrote the partition.

Instead, you decided to go on the project mail list and told the dev their
work is really really bad. And you are offended they took it as an insult.

>
> But that doesn't matter any more.
>

Obviously it does matter, else you wouldn't be here.

Re: Installer overwrites partition table

[ludovic coues]

You are either trolling or telling us there is a usability bug.
So please, tell us what you have done step by step, so we can see if
there is anything that could be done in a better way.

2016-08-24 15:16 GMT+02:00 Bertram Scharpf :
> On Wednesday, 24. Aug 2016, 08:24:34 -0400, Nick Holland wrote:
>> On 08/24/16 07:15, Bertram Scharpf wrote:
>> > first of all, I am an experienced OS installer and I did a
>> > heck of partitioning in my life.
>>
>> claim.  And re-installing windows twenty times counts as one OS.
>> Installing Linux five times counts as another.
>
> The last time I installed a Windows (if we call it an OS)
> was about 1999. I had no Linux for about 7 years until
> graphics weren't supported by BSD on my notebook for a
> while.
>
>> > But yet it was too late. The partition table was
>> > overwritten.
>
> The bug is not a concrete misbehaviour but the trap it is
> setting up.
>
> Bertram
>
>
> --
> Bertram Scharpf
> Stuttgart, Deutschland/Germany
> http://www.bertram-scharpf.de
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: LibreSSL on old OpenBSD

[ludovic coues]

2016-08-12 10:53 GMT+02:00 Roderick :
> I know, you will complain, because I mention here that I still use
> OpenBSD 4.8 in a machine. But my question is more general.
>
> I was unable to install LibreSSL-2.4.2, but installing openssl-1.0.2h
> was possible without problems.
>

Well done. You just discovered that openssl is a badly outdated piece
of software, that you can compile with stick and stone.
One of the reason for starting libreSSL is using modern coding
standard. Modern is by definition a moving target.

Using a modern library on a years old system is like putting an nice
lock on a wooden box. If you want to loot the box, smash it. You can
even take the lock with you.
Updating your openbsd should take you one hour for the base os and
fixing the outdated config from outdated daemon might take the rest of
the day. But then, you would have all the benefit of libreSSL, applied
to the whole system.

Or maybe you are just a troll trying to get a response from Theo.
Who know ?

Re: Weird graphic problems with intel(4) on a Thinkpad X250

[ludovic coues]

2016-08-11 9:56 GMT+02:00 Lionel Riem :
> When forcing Xorg to use intel(4) instead, I get really weird problems:
> http://imgur.com/a/KEYzb (this is supposed to be i3 with Firefox open).
>

>
> Is it a bug? Are we doing something wrong? Thanks for your help.
>

You mean something wrong like forcing a different driver to be used ?
There is certainly a reason for why X choose to use vesa(4) instead of
intel(4). I would bet the reason is "intel graphics 5500 is not yet
fully supported".

Maybe things work better under current/OpenBSD 6.0. Maybe patch are needed.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: github

[ludovic coues]

2016-08-07 18:00 GMT+02:00 Consus :
> On 10:56 Sun 07 Aug, Chris Bennett wrote:
>> On Sun, Aug 07, 2016 at 06:43:02PM +0300, Consus wrote:
>> > Sign your commits with GPG. Looky, a link:
>> >
>> > https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
>> >
>> > Not that hard, is it?
>> >
>>
>> OK, you win.
>>
>> Would you do me a favor first.
>> Before this big move, could you make a commit to the OpenBSD CVS tree?
>> Anything would do. Just find a file that has spaces where it should have
>> tabs. Commit your diff. Once you do that, I think all of the developers
>> will be easily convinced to move to Github.
>
> Err... What?
>

You are talking big while not contributing to the project.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: tmpfs

[ludovic coues]

Guess which one of you and theo have it's name all over the CVS tree ?

2016-07-31 16:37 GMT+02:00 mxb :
> While looking at the mirror, read your last email once again.
>
>
>> On 30 juli 2016, at 19:58, Theo de Raadt  wrote:
>>
>> Yeah, you sure are the cool dude.
>>
>> Despite the existance of people like you, OpenBSD has been
>> progressing as working code for 20 years.
>>
>>
>> And what have you added.  Just words.
>>
>> Mean ones about things you later say you don't are about.  Just
>> layers of spite from you when it is pointed out your words don't
>> change the world in any way.
>>
>>> I don't appreciate the private reply.
>>>
>>> Adding misc back in.
>>>
 On 30 juli 2016, at 16:29, Theo de Raadt  wrote:

 Just shut up.
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: ipad as an USB disk

[ludovic coues]

2016-07-08 16:47 GMT+02:00 Jan Stary :
> This is how an iPad Mini 2 connect to my current/amd64 (full dmesg below):
>
> uhidev1 at uhub4 port 2 configuration 2 interface 2 "Apple Inc. iPad" rev 
> 2.00/4.04 addr 3
> uhidev1: iclass 3/0, 21 report ids
> uhid0 at uhidev1 reportid 1: input=5, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=9, output=0, feature=0
> uhid2 at uhidev1 reportid 3: input=13, output=0, feature=0
> uhid3 at uhidev1 reportid 4: input=17, output=0, feature=0
> uhid4 at uhidev1 reportid 5: input=25, output=0, feature=0
> uhid5 at uhidev1 reportid 6: input=49, output=0, feature=0
> uhid6 at uhidev1 reportid 7: input=95, output=0, feature=0
> uhid7 at uhidev1 reportid 8: input=193, output=0, feature=0
> uhid8 at uhidev1 reportid 9: input=255, output=0, feature=0
> uhid9 at uhidev1 reportid 10: input=255, output=0, feature=0
> uhid10 at uhidev1 reportid 11: input=255, output=0, feature=0
> uhid11 at uhidev1 reportid 12: input=255, output=0, feature=0
> uhid12 at uhidev1 reportid 13: input=0, output=5, feature=0
> uhid13 at uhidev1 reportid 14: input=0, output=9, feature=0
> uhid14 at uhidev1 reportid 15: input=0, output=13, feature=0
> uhid15 at uhidev1 reportid 16: input=0, output=17, feature=0
> uhid16 at uhidev1 reportid 17: input=0, output=25, feature=0
> uhid17 at uhidev1 reportid 18: input=0, output=49, feature=0
> uhid18 at uhidev1 reportid 19: input=0, output=95, feature=0
> uhid19 at uhidev1 reportid 20: input=0, output=193, feature=0
> uhid20 at uhidev1 reportid 21: input=0, output=255, feature=0
>

If I read that correctly, which is a damn big if, you could turn the
thing into a touch interface. Not a mass storage.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: where is the image of openbsd arm ?

[ludovic coues]

2016-06-23 3:52 GMT+02:00 Tuyosi Takesima :
> Hi all .
>
> i now use arm linux as server .
> because it needs 5W , so its cost as 24Hr server is very low
> and
> it's root can be put in hard disk , so big space can be get .
>
> where is the image of openbsd arm ?
> ( raspberry pi , pine64 or other )
> ---
> regards
>

http://www.pcengines.ch provide machine using from 5W for alix to 12W
for APU. These number are value under full load, not idle.

Those aren't ARM bord but well tester x86 machine, suited for
industrial application. You might get some surprise if you put your
raspberry pi in some extra loud environment.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Booting encrypted drive from another device

[ludovic coues]

2016-06-21 9:27 GMT+02:00 Theodoros :
> Well TPM is a closed hardware-bound system that does this before boot
> (as far as I know). I was asking more for an open (software) system
> for doing so post-boot.
>

sha512 /boot

If you do it post-boot, your screwed. If attacker can alter your
bootloader, altering you program checking the bootloader is easy.




-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: OpenBSD

[ludovic coues]

There was at least one thread on misc@ on the subject. Vendor was not reliable.

2016-06-09 8:07 GMT+02:00 T D :
> What happened to being able to purchase OpenBSD from the Canada outlet?
>
> Thanks
>
> Tom
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: META: Does this list have no moderators?

[ludovic coues]

2016-06-04 23:26 GMT+02:00 Gareth Nelson :
> I'm sure we're all aware of the individual i'm thinking of when I say their
> posts are both inappropriate and annoying.
>
> The individual in question should be referred privately to mental health
> services, but they should also be prohibited from posting further to this
> list.
>
> Thoughts?
>

Asking to exclude someone for their supposed mental health is plain wrong.
If we are thinking to the same person, you can call out their abuse of
cross-list.

Or as some great people on this list would say, ignore the problem and
watch if it goes away.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Suggestion: new webpage for openbsd.org

[ludovic coues]

2016-05-17 9:11 GMT+02:00 Joakim Frostegård :
> Hi,
>
> I’ve made a responsive new webpage replacement for the
> in my opinion somewhat aged openbsd.org .
>
> It’s available at http://greatest-ape.github.io/openbsd-site/public_html/
> 
> with the repo at https://github.com/greatest-ape/openbsd-site
>  .
>
> The idea is to replace index.html but for all other pages just
> replace the stylesheets. In so far, I’ve included a few other
> pages, including plat.html, goals.html and alpha.html.
>
> I’ve tried to keep the page without bells and whistles, that is:
> * Just static HTML and CSS
> * No frameworks
> * No javascript
> * Minimalist design
>
> though I have included the Apache 2-licensed Open Sans
> from Google Fonts. If you like the page, I guess we could
> build our own font instead of using the google repository.
>
> Is this the right place to post this? Are you (the openbsd devs)
> interested in this at all?
>
> If yes, we would also need to make sure that the creator of
> the nice openbsd logo included is happy with us using it for
> the webpage. Apart from that, I would be happy to license
> my work under BSD, MIT or whatever you want.
>
> Cheers
> Joakim
>

https://www.w3.org/TR/WCAG20/
https://www.w3.org/TR/UNDERSTANDING-WCAG20/visual-audio-contrast-contrast.htm
l
http://leaverou.github.io/contrast-ratio/#%23dcb454-on-white

If you see what I mean...

--

Cordialement, Coues Ludovic
+336 148 743 42

Re:

[ludovic coues]

Please move this discussion to /dev/null
The only reason they both exist is to give birth to flamewar, eating
away precious time from people.

2016-05-16 12:47 GMT+02:00 1 9 :
> What editor? vim or emacs? what is the reason?
>



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: permisson of .htpasswd of 5.9's nginx

[ludovic coues]

2016-04-30 4:37 GMT+02:00 Nick Holland :
> On 04/29/16 21:27, Tuyosi Takesima wrote:
>> thanks for ludovic
>>
>> # ls -l /var/www/1/
>> total 16
>> -rw-r-  1 www   www 65 Apr 29 11:19 .htpasswd
>>
>> # chmod 640 /var/www/1/.htpasswd
>>
>> this go well .
>
> *sigh*
>
> Do you really want your /security/ file writable by the very user that
> should trust the least?  Might as well be 666 for what you are doing to
> your system's "security".
>
> Please stay off the 'net until you understand this stuff.  It's not just
> YOUR feet you are shooting at.
>
> Nick.
>

A bit of my message might have been unclear. The file should be owned
by user root and group www.
As Nick have written, if the user and group owning a file is the same,
there is no point in having different permission. Also, you don't want
nginx having the ability to alter the file, in case it get
compromised.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: permisson of .htpasswd of 5.9's nginx

[ludovic coues]

2016-04-29 5:48 GMT+02:00 Tuyosi Takesima :
> Hi all .
>
> i do
> chmod 777  /var/www/1/.htpasswd
>
> and so
> nginx works  with basic authentification.
>
> but this setting is too open .
> are there any idea ?
>

First check the file is owned by the group nginx is running as, probably www.
I assume nginx doesn't execute .htpasswd file, so you can drop the execute bit.
Only root need to alter the file, so drop write bit for group and other.
The data are sensitive, so remove read bit for other.
chmod 640 /var/www/1/.htpasswd

You can read details on what the number means in the chmod manual.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: pkg_mgr, ntfs_3g, sudo, partition access.

[ludovic coues]

2016-04-23 12:22 GMT+02:00 Mohammad BadieZadegan :
> Hi everybody,
> I have installed OpenBSD5.9 on my HDD last partition successfully.
> I have 3 questions about this latest release after reading the OpenBSD FAQ
> page,
> 1. How can I install pkg_mgr, sudo, as older releases?
> 2. I installed ntfs_3g but still I can not write over ntfs flash usb! How
> can I do that?
> 3. How can I access to my other HDD partitions?
> Best Regards,
>

To answer question 1, pkg_mgr and sudo are available as port.
`# pkg_add sudo pkg_mgr` should be enough to install both.
In case you missed it, doas is an alternative to sudo.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[ludovic coues]

2016-03-06 11:21 GMT+01:00 Stuart Henderson :
> On 2016/03/06 09:07, ludovic coues wrote:
>> 2016-03-05 22:56 GMT+01:00 Stuart Henderson :
>> >
>> > For OpenSMTPD I haven't tried it but I suspect you may be able to do
>> > this with a virtual map using a python script via table-python (in
>> > ooensmtpd-extras in ports) but there isn't much documentation for
>> > this. Though actually a quick search for "opensmtpd table-python"
>> > throws up https://gist.github.com/unconfigured/e72a18f3dd12f7c4fc5c
>> > which looks pretty much like what you need there.
>> >
>>
>> OpenSMTPD in base 5.8 support sqlite table which might be enough.
>
> The mapping would need to be something like 'foo-...@example.com' -> 'foo'
> or 'foo-...@example.com' -> 'example', I don't see how to do this with the
> string handling functions available in sqlite. (And in 5.9+ the sqlite
> table is in opensmtpd-extras as well).
>

I might be missing some corner-case but "instr" look like a good fit.

  sqlite > create table user (username text, uid int, gid int, home text);
  sqlite > insert into user values ("foo", 1000, 10, "/home/foo");
  sqlite > insert into user values ("bar", 1001, 10, "/home/bar");
  sqlite > select * from user where instr("foo-...@exemple.com", username) = 1;
  foo

I assume it would work roughly the same for alias.
In the end, it's a matter of personal preference, even more if support
for sqlite is dropped from base.



-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[ludovic coues]

2016-03-05 22:56 GMT+01:00 Stuart Henderson :
>
> For OpenSMTPD I haven't tried it but I suspect you may be able to do
> this with a virtual map using a python script via table-python (in
> ooensmtpd-extras in ports) but there isn't much documentation for
> this. Though actually a quick search for "opensmtpd table-python"
> throws up https://gist.github.com/unconfigured/e72a18f3dd12f7c4fc5c
> which looks pretty much like what you need there.
>

OpenSMTPD in base 5.8 support sqlite table which might be enough.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[ludovic coues]

2016-02-17 7:43 GMT+01:00 Steve Litt :
>
> As a GNU/Linux douche bag, I'm wondering why the strong reaction? Has
> somebody hit a nerve? I thought this discussion was just bumbling along
> til you made it a big thing(tm).
>

GNU or Linux are no subject of discussion on this mailing list. The
netiquette[1] is quite clear. Before posting here, people are supposed
to do their homework and the subject of the post has to be relevant to
OpenBSD user.
A quick search on the internet would show that BSD predate GNU.
Original poster would have got their answer within 10 minutes without
the need to post a troll bait.


[1] http://www.openbsd.org/mail.html

Re: sudo and globbing

[ludovic coues]

2016-01-08 11:52 GMT+01:00 Jiri B :
>
> So the question is: why does same command on equally "restricted" dir
> path gets different output - why on openbsd does '*' get expanded
> immediatelly but on linux is it taken into account somehow by sudo (?)...
>
> j.
>

you put a dash between the shell and the user in the command on
openbsd. You didn't put that dash on linux.

Re: LibreNMS chroot issues

[ludovic coues]

On 26 Dec 2015 12:47 am, "Predrag Punosevac"  wrote:

>
> I was wondering if anybody tried running LibreNMS with httpd from the
> base and even more fundamentally does httpd from the base support
> "unsecure" mode. I read up and down httpd several times but I didn't see
> anything about insecure mode.
>

Like many part of OpenBSD, httpd from base have a concept of "non-optional
security". So there is no possibility to use httpd without chroot.

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

[ludovic coues]

2015-12-13 7:17 GMT+01:00 Delan Azabani :
> On Sun, Dec 13, 2015 at 6:28 AM, Kevin Chadwick  wrote:
>> On a low traffic site it already annoys me that I have to change it
>> once per year with startSSL.
>
> This is what the tooling provided by Let's Encrypt is designed to
> solve. It shouldn't be hard to issue new certificates, and for many
> applications, the fact that issuing them is a manual process results
> in more downtime when a certificate is compromised.
>

I'll give my 2 cents,

First, the author of the Let's Encrypt tool say himself people are
perfectly right to not trust a random script downloaded from the
internet. Their tools should be seen as an example, not the only true
way of doing things.

Secondly, this whole thread should have ended long ago.
It have been mentioned a couple of times. The main outcome of https is
to make caching impossible. It introduce a non trivial computational
cost for serving every file. Remember, OpenBSD is no facebook. It
serve static file from cache, not the output of a script.
There is a lot of whining about refusing https despite it being a
mitigation technique. Would you accept a mitigation technique making
your favorite OS half as slow and consuming twice as much power ? I
don't think so.

Signify exist for integrity. You can get an initial key with the CD.
The CD looks cool on a shelf, comes with nice artwork, helps pay theo
bills and is way harder to tamper than a letter. Who talked about
fiendlish difficulty ?
VPN is a better tool for anonymity. https doesn't hide your DNS query
or the domain you are connecting to. All the bad guy have to search on
the site which page have the same length as the one you downloaded. If
done right, VPN will hide who is downloading the file and put the
burden away from the OpenBSD project.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: OpenBSD installer info prohibit-password > without-password ?

[ludovic coues]

2015-11-01 8:56 GMT+01:00 S :
> when installing OpenBSD
> Alow root ssh login? (yes, no, prohibit-password) [no] prohibit-password
>
> after install , in /etc/sshd_config
> PermitRootLogin without-password
>
> so, why not using "without-password" at installation procedure for 
> consistency?
>

http://www.openbsd.org/errata58.html

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: ASMedia USB 3.0

[ludovic coues]

2015-10-30 9:40 GMT+01:00 Maurice McCarthy :
> Found the following at
> https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/tree/drivers/usb/host/xhci-pci.c
>
> 175 if (pdev->vendor == PCI_VENDOR_ID_ASMEDIA &&
> 176 pdev->device == 0x1042)
> 177 xhci->quirks |= XHCI_BROKEN_STREAMS;
>
> Does this mean I'm flogging a dead horse? :)
>
> Moss
>

You might have a better time trying to read the output of pcidump :)

I looked a bit at the code and from what I've found, this quirk only
disable a driver requiring stream. I might be wrong as I'm not
familiar with the source code.

Do you mind sharing the result of usbdevs with a usb2 device attached
then with a usb3 device attached ?


-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: ASMedia USB 3.0

[ludovic coues]

2015-10-29 21:15 GMT+01:00 Maurice McCarthy :
> Hi,
>
> Got 5.8-stable installed today. Many thanks for the commitment of all
> developers etc. All went well except for the USB 3.0 I've a feeling it may
> not work at all unless I find a blob for the pci-e usb 3.0 card.
>
> # usbdevs -vd
> Controller /dev/usb0:
> addr 1: super speed, self powered, config 1, xHCI root hub(0x),
> ASMedia(0x1b21), rev 1.00
>   uhub0
>  port 1 disabled
>  port 2 disabled
>  port 3 disabled
>  port 4 disabled
>
> 
>
> # dmesg | grep xhci
> xhci0 at pci3 dev 0 function 0 "ASMedia ASM1042 xHCI" rev 0x00: msi
> usb0 at xhci0: USB revision 3.0
>
>
> Grateful for any advice, thanks. Do I need to find another manufacturer?
>
> Kindest Regards
> Moss
>

I'm not sure disabled means what you thinks it means.
Have you tried to connect something on the usb3 port ?


-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Any opinion, policy or conclusion about easy and accessible MAC implementations like tomoyo or SMACK?

[ludovic coues]

> And, such a easy and accessible MAC can help minimizing
> the damage after breach as a last resort.
>

>From what I've seen of OpenBSD, most of the mitigation is done here by
privilege separation.
For exemple, iked(8) is at least 3 process running together. One
process have access to the network and is chroot in /var/empty,
running with minimal privilege. Certificate are handled by another
process and is chroot to /etc/iked.
So in the event the network facing process was compromised, it would
only have access to an empty dir and won't be able to access the
certificates. That is a form of access control, handled by the
developer, not the user.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Openbsd 5.7 and usb hubs daisy chained inquiry

[ludovic coues]

2015-10-04 4:49 GMT+02:00 Danny Nguyen :
> Hi,
>
> I'm running Openbsd 5.7 on several servers and would like to create an
> array of usb sticks by daisy chaining sabrent usb hubs together (model:
> HB-U14P). Is this compatible ( I'd be happy to mail in samples if someone
> was interested in adding this functionality to Openbsd for additional
> privacy). Also, how would a newcomer to OpenBSD ( installed 5.7 via cd and
> still working on dmesg and subnet and gateway configurations) go about
> learning how to configure such a setup? Any recommendations on which man
> pages or resources to read and experiment with?
>
> Cheers,
>
> Danny
>
>
> --
> danny nguyen
> linkedIn 
>

It should works fine.
Simply plugs your usb hub in and device should show up.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: mini itx from intel

[ludovic coues]

2015-09-20 14:50 GMT+02:00 frantisek holop :
> does anyone happen to have any of these?
> http://www.intel.com/content/www/us/en/nuc/nuc-comparison.html
>
> plz send dmesg if possible.

Here is a dmesg for my DN2820FYKH

OpenBSD 5.7 (GENERIC.MP) #881: Sun Mar  8 11:04:17 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4146388992 (3954MB)
avail mem = 4032094208 (3845MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebec0 (46 entries)
bios0: vendor Intel Corp. version "FYBYT10H.86A.0034.2014.0513.1413"
date 05/13/2014
bios0: 
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices UAR5(S4) UAR8(S4) PS2K(S3) PS2M(S3) XHC1(S4)
EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PWRB(S0) BRCM(S0)
BRC3(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2167.17 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, 2166.67 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins
acpimadt0: bogus nmi for apid 0
acpimadt0: bogus nmi for apid 2
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (RP03)
acpiprt4 at acpi0: bus 4 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1
acpicpu1 at acpi0: C1
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpipwrres3 at acpi0: CLK0, resource for CAM1
acpipwrres4 at acpi0: CLK1, resource for CAM0, CAM2
acpipwrres5 at acpi0: FN00, resource for FAN0
acpitz0 at acpi0: critical temperature is 90 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x0e
vga1 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x0e
intagp at vga1 not configured
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x0e: msi, AHCI 1.3
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3
0/direct fixed naa.50004cf20e0f34d9
sd0: 953869MB, 512 bytes/sector, 1953525168 sectors
xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0e: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel Bay Trail TXE" rev 0x0e at pci0 dev 26 function 0 not configured
azalia0 at pci0 dev 27 function 0 "Intel Bay Trail HD Audio" rev 0x0e: msi
azalia0: codecs: Realtek/0x0283, Intel/0x2882, using Realtek/0x0283
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x0e: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x0e: msi
pci2 at ppb1 bus 2
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 7260" rev 0x73, msi
ppb2 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x0e: msi
pci3 at ppb2 bus 3
re0 at pci3 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G
(0x4c00), msi, address c0:3f:d5:6c:ab:2b
rgephy0 at re0 phy 7: RTL8251 PHY, rev. 0
ppb3 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x0e: msi
pci4 at ppb3 bus 4
pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x0e
ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x0e:
apic 1 int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-12800 SO-DIMM
isa0 at pcib0
isadma0 at isa0
com0 at is

Re: bluetooth keyboard [was:Re: Intel Edison]

[ludovic coues]

2015-08-28 12:32 GMT+02:00 Quartz :
> Just out of curiosity, are there any plans to support bluetooth at some
> point in the future?
>

>From what I heard, there was some support in the past. But people
stopped to update the code, it rotted with time and it was removed.
So I assume that bluetooth might be supported again if someone show
enough interest in doing so.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Intel Edison

[ludovic coues]

2015-08-27 16:16 GMT+02:00 Quartz :
>> OpenBSD doesn't support bluetooth on any hardware.
>
>
> Does that also include usb->bluetooth dongles for wireless keyboards?
>

Dongle for wireless device doesn't work that way.
The dongle pretend to be the device and take care of all the communication.
>From the OS point of view, using a wired usb keyboard or a wireless
keyboard using a dongle is the same thing.

Also, bluetooth keyboard doesn't provide dongle.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Ubiquiti EdgeRouter Lite

[ludovic coues]

2015-08-18 15:59 GMT+02:00 Jona Joachim :
> On 2015-08-18, Ted Unangst  wrote:
>> Predrag Punosevac wrote:
>>> Dear All,
>>>
>>> I am contemplating buying a new machine which will act as a router/DNS
>>> caching server for my home network. Is anybody currently running OpenBSD
>>> on the Ubiquiti Networks EdgeRouter LITE in that capacity? I saw that in
>>> June 2015 USB support was added which allows installing to local disk on
>>> machine. Can anybody point me to a work in progress documentation diff
>>> for installing 5.8 octeon port.  I am reading right now
>>
>> Here are my notes, which are basic, but should be enough to get you through 
>> if
>> you're familiar with openbsd.
>> http://www.tedunangst.com/flak/post/OpenBSD-on-ERL
>
> Thank you very much for the write-up! I'm looking into buying hardware
> to build a small OpenBSD home router and this looks interesting.
> You say that the machine will not be able to serve as an IPSEC gateway.
> Is that when you consider Gigabit ethernet or do you think that even a
> 10 Mbit connection will require too much computational power to do
> IPSEC on this machine?
> You also mention the usb driver which is not so reliable. I don't see a
> USB port on the machine. Is this an internal bus? I would be interested
> to use it with hostapd with a usb wifi nic.
>
> Kindly,
> Jona Joachim
>

There is an internal usb port. You can access it by opening the case.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: USB mouse spontaneously detaching

[ludovic coues]

Do you mind to share a dmesg ?

If I had to take a guess on why, I would say there is some pretty
aggressive USB power-saving powering down the device when there is no
activity. Also, it doesn't seem related to your device nor your OS.
So a dmesg would give more details on your machine and might help to
explain why these detach keep happening.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: lxde

[ludovic coues]

2015-08-14 18:03 GMT+02:00 Joseph Oficre :
> Hello, friends.
> Can someone teel me why there is no lxde (lxqt) or some of the lxde stuff
> like lxappearance and lxpanel in OpenBSD?
> Is the "shitty code" the only reason?
>

lxde is the kind of package you would find in ports. I haven't found
it so I'll assume nobody showed enough interest to create a package
for it.

If you want to help, you can have a look at the FAQ [1]

[1] http://www.openbsd.org/faq/faq15.html#NoPort

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: SPARC minimum hardware specification

[ludovic coues]

2015-07-21 1:57 GMT+02:00 Joel Rees :
> On Sat, Jul 18, 2015 at 5:45 AM, Christian Weisgerber
>  wrote:
>> On 2015-07-17, BSD  wrote:
>>
>>> As a new user, I find myself in the same position as the OP: very
>>> interested in non-Intel products. But there seems to be a vacuum of
>>> information around this topic.
>>
>> You're 15 years too late.  x86 has won.
>
> I know I'm persona non-grata on the list these days, and I doubt I'm
> going to make much sense in an argument, but it's the way Intel won
> that has some of use willing to take a small hit on performance or
> price.
>
> Besides, it's only a small hit on much of what I do. RAM and hard disk
> speed make up for quite a bit.
>

I doubt anyone will argue about intel being cheaper and faster.
But people might be interested in other thing.
Power consumption come in my mind. That's one of the reason why most
smartphone run on ARM and wikipedia claim the cell processor was used
for making to most efficient server regarding floating operation per
second versus power consumption.
Another thing is to find bug. Each platform is different and some have
already exposed bug which existed on x86 or amd64 but where harder to
produce.

Here is a metaphor. Intel produce hammer. Really nice hammer, work
really well on nails, can also be used to stick a screw in wood. But
sometimes, you aren't looking for a hammer.

Cordialement, Coues Ludovic
+336 148 743 42

Re: SPARC minimum hardware specification

[ludovic coues]

2015-07-19 17:03 GMT+02:00 John Long :
>
> OpenBSD mips64el runs oustandingly well on the Lemote boxes. See here:
> http://www.openbsd.org/loongson.html
>
> I don't think anybody will be happy with a Loongson as a desktop box but
> they do shine tiny servers.
>
> /jl

Where could one acquire one of the machines mentioned on the link ?
I've seen no option to buy one on their site and I got no luck on ebay.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: httpd stops accepting connections after a few hours on current

[ludovic coues]

2015-07-15 14:56 GMT+02:00 Mike Burns :
> On 2015-07-15 21.49.11 +0930, Jack Burton wrote:
>> Sorry, didn't realise I couldn't post a patch to the misc@ (I've never
>> needed to before).
>>
>> Please excuse my ignorance, but what is the accepted way to contribute a
>> patch?
>
> Post it to tech@ .
>

Also, post patch in unified format and not as attachment but inline.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: httpd and Ruby on Rails

[ludovic coues]

2015-06-18 1:15 GMT+02:00  :
> Hi!
>
> OpenBSD's httpd and Ruby on Rails - is this a reality yet?
>
> Thanks!
>
> O.D.
>


httpd can only serve static file and FastCGI script.

If Ruby on Rails can't use FastCGI, there is slowcgi(8) in base which
make the bridge between FastCGI supporting server and CGI script.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Backup of OpenBSD to Linux box

[ludovic coues]

2015-06-15 8:46 GMT+02:00 Bernd Schoeller :
> Hi -
>
> I have got an OpenBSD box, and I would like to create regular full backups
> of that box to a Linux server at a different location.
>
> The main purpose of this backup is to be able to restore the OpenBSD box on
> a severe hardware failure (HD corruption, fire, etc.). If possible, the
> backup should be incremental as I am somewhat bandwidth constrained between
> the two sites.
>
> There are a number of remote backup systems floating around (rdiff-backup,
> rsnapshot, etc.) and of course there are in-house solutions (dump/restore),
> though I don't know if these are interoperable.
>
> Is there somebody on the list who has a similar setup and could point me at
> a solution that works for him/her?
>
> Thanks,
> Bernd
>

You should have a look at `man 8 dump`.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Error while building userland

[ludovic coues]

2015-06-09 22:46 GMT+02:00 ludovic coues :
> Hello misc@,
>
> I am building -current for the first time and I have an error while
> building userland. More specifically, when rebuilding the symbolic
> link, make spew this error:
>
> *** Parse error in /usr/src/gnu/usr.bin/binutils: Malformed
> conditional (${BINUTILS_VERSION} == "binutils-2.17")
> (Makefile.bsd-wrapper:13)
> *** Parse error: Need an operator in '"binutils-2.17"' 
> (Makefile.bsd-wrapper:13)
> *** Error 1 in gnu/usr.bin (:48 'obj')
> *** Error 1 in gnu (:48 'obj')
> *** Error 1 in /usr/src (:48 'obj')
>
> I followed as closely as I can instruction from section 5 of the FAQ.
> I installed a snapshot, build a GENERIC kernel. cvs is up to date.
> I tried from both snapshot and freshly compiled kernel for good mesure
> but both give the same result.
>
>
> As I said, it's my first time building a kernel. I was using release
> or snapshot until now. So it might be an error from my part.
> I don't know what to do at this point so any pointer is welcome.
>

Ok, the problem is solved.
mpi@ pointed in private that the variable ${BINUTILS_VERSION} doesn't
exist since 1st june and my cvs mirror is probably out of date.
Userland is currently compiling.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Error while building userland

[ludovic coues]

Hello misc@,

I am building -current for the first time and I have an error while
building userland. More specifically, when rebuilding the symbolic
link, make spew this error:

*** Parse error in /usr/src/gnu/usr.bin/binutils: Malformed
conditional (${BINUTILS_VERSION} == "binutils-2.17")
(Makefile.bsd-wrapper:13)
*** Parse error: Need an operator in '"binutils-2.17"' (Makefile.bsd-wrapper:13)
*** Error 1 in gnu/usr.bin (:48 'obj')
*** Error 1 in gnu (:48 'obj')
*** Error 1 in /usr/src (:48 'obj')

I followed as closely as I can instruction from section 5 of the FAQ.
I installed a snapshot, build a GENERIC kernel. cvs is up to date.
I tried from both snapshot and freshly compiled kernel for good mesure
but both give the same result.


As I said, it's my first time building a kernel. I was using release
or snapshot until now. So it might be an error from my part.
I don't know what to do at this point so any pointer is welcome.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Install file sets from msdos fs

[ludovic coues]

2015-06-01 16:53 GMT+02:00 Raimo Niskanen :
> Hello misc.
>
> Yesterday I upgraded a laptop (i386) from 5.6 snapshot to 5.7.  This laptop
> has no CD reader so I copied 5.7/i386 directory to an msdos formatted USB
> stick on a Windows 7 machine and adjusted all filenames manually according
> to the TRANS.TBL files.
>
> I tested the USB stick before upgrading and found some oddities regarding
> long vs short filenames, something like this:
> $ ls
> BSD BSD.RD ...
>
> $ ls BSD.RD
> BSD.RD
>
> $ ls bsd.rd
> BSD.RD
>
> So it seems the filenames are case insensitive and lists with capitals.
>
> The upgrade went fine, the sets were installed, but with these glitches:
> * The file INSTALL.i386 was not found but that could be ignored
> * The file SHA256.sig was not found but that could be ignored - skipping
>   the verification.
>
> I had verified the SHA256.sig after download, so no harm done.
>
> Note that both files did exist and could be listed at least when mounting
> msdos with the -l option and with the names the installer claimed could not
> be found.  And the toplevel directory had filenames that should force the
> usage of long filenames.  I am also pretty sure the filenames had lowercase
> suffixes when viewed on the Windows 7 machine.
>
> I suspect the installer lists the files and compares filenames by itself
> and therefore the filenames does not match.  If it would list by explicit
> names I guess it would find the files.
>
> I tried to mount the msdos filesystem myself (with long filenames) and
> use the installer option to install sets from a mounted filesystem,
> but then it could not find any sets at all.  What worked was to install
> from unmounted filesystem telling the installer which partition the sets
> were on and then it found all file sets but not the two files above.
>
> It is great that it worked, but installing sets from a msdos filesystem can
> be improved.  I think it is a useful way around having no CD reader.
>
> Best Regards
> --
>
> / Raimo Niskanen, Erlang/OTP, Ericsson AB
>

For my upgrade from 5.6 to 5.7 on a laptop without CD reader, I got
bsd.rd and put it at /bsd.57.rd on the machine to upgrade.

Then on the prompt at early boot, I typed "boot bsd.57.rd" instead of
waiting for the machine to boot. Just like instructed in the upgrade
page of the FAQ.
This work really well.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Random PID implementation and security

[ludovic coues]

2015-05-27 15:42 GMT+02:00 Joel Rees :

> On Tue, May 26, 2015 at 9:50 PM, Simon
>  wrote:
> > [...]
> >
> > Unless specific cases, I do not think that programmers assume that PID
> > are especially sequential or not, but merely rely on the hypothesis
> > that:
> >
> > - PID are unguessable,
> > - PID will not be reused quickly.
> >
> > And yes, it seems possible to fulfill these two properties by
> > providing unguessable and not quickly reusable PID instead of pure
> > random PID.
>
> But not in 16 bits.
>
> To a patient remote attacker, the difference between 2 minutes and 2
> days is not significant.
>
> 64 bit PIDs anyone? High 16 and low sixteen randomized and the middle
> 32 backwards sequential, just to really throw the unwary attacker off
> the trail? ;-/
>
>
Having a part of the PID being sequential and a part being random is
non-sense.

The more bit you throw in the random part, the less chance you have to have
collision.
The more bit you throw in the sequential part, the more time you have
before you start to have a chance to have a collision.

Problem is, those bit turn into power of two. So going from 16bit to 8bit
is the same as going from 65,536 to 256.

OpenBSD found a way out of this problem. All the bits used in a PID are
random and you have to wait for an arbitrary 100 PID before you start to
have a chance to get duplicate.


But like Theo said, the problem is that PID shouldn't have been used in the
first place.

Re: Phone suggestion.

[ludovic coues]

2015-05-25 22:37 GMT+02:00 Gareth Nelson :

>
> Is it theoretically possible to boot an OpenBSD kernel on an average
> android device?
>
>
Most android device run on ARM, with a few running on intel.

ARM processor up to Cortex A17 use the ARMv7 instruction set, the same as
the OpenBSD ARM Port.

So in theory, it is possible.
In practive, people seems more interested in running OpenBSD on computer.


-- 

Cordialement, Coues Ludovic
+336 148 743 42

usbhidctl(1) and usbhidaction(1)

[ludovic coues]

hello,

I wanted to know if anyone get either usbhidctl(1) or usbhidaction(1)
working and if so for which usage.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Volume keys control

[ludovic coues]

2015-05-04 11:29 GMT+02:00 Alexandre Ratchov :
>
> The bug is that the key is processed twice in two contradictory
> ways (once by the kernel to control the mixer and once by X apps to
> possibly control the mixer differently). When X is running either
> the kernel or X apps should use the volume keys to adjust the
> volume, but not both.
>

Is there a specific reason for the kernel to process this key ?

Re: Expending on usbdevs

[ludovic coues]

2015-04-08 3:09 GMT+02:00 Mario St-Gelais :
> On Mon, Apr 06, 2015 at 07:39:35PM -0700, Philip Guenther wrote:
>>On Mon, Apr 6, 2015 at 3:59 PM, Mario St-Gelais  
>>wrote:
>>> I have been playing around trying to come up with something that kind of 
>>> have
>>> the verbosity of lsusb but use OpenBSD's #include  and avoid 
>>> all of libusb stuff.
>>>
>>> I hit a wall when I try to use USB_DEVICE_GET_FDESC :
>>...
>>> So basically I have the following function that fails.
>>> I set udf_size=25 as this is the value I get from wTotalLength shown above 
>>> as
>>>  explained in the man.
>>>
>>> int
>>> get_usb_device_fdesc(int f, int a, struct usb_device_fdesc *u)
>>> {
>>> u->udf_addr = a;
>>> u->udf_config_index = USB_CURRENT_CONFIG_INDEX;
>>> u->udf_size=25;
>>> int e = ioctl(f, USB_DEVICE_GET_FDESC, u);
>>> return e;
>>> }
>>
>>First, when a system call fails you should be looking at errno to see
>>why the call failed, or at least get a hint.  I strongly advise using
>>the err(3) family of functions, even in test or 'toy' programs,
>>because one wrong assumption can waste *hours* of time.  So:
>>
>>#include 
>>
>>and then use it like
>>
>> if (ioctl(f, USB_DEVICE_GET_FDESC, u) == -1)
>>  err(1, "ioctl(GET_FDESC)");
>>
>>Now, my guess in this case is that it would report "Bad Address"
>>indicating the errno was EFAULT.  Why?  Well, let's look at usb(4):
>>
>> USB_DEVICE_GET_FDESC (struct usb_device_fdesc *)
>> This command can be used to retrieve all descriptors for the
>> given configuration of a device on the bus.  The udf_addr field
>> needs to be filled with the bus device address.  The
>> udf_config_index field needs to be filled with the configuration
>> index for the relevant configuration descriptor.  For convenience
>> the current configuration can be specified by
>> USB_CURRENT_CONFIG_INDEX.  The udf_data field needs to point to a
>> memory area of the size given in the udf_size field.  The proper
>> size can be determined by first issuing a USB_DEVICE_GET_CDESC
>> command and inspecting the wTotalLength field:
>>...
>>
>>So, where's the allocation of wTotalLength bytes of memory and the
>>initialization of u->udf_data to point to it?
>>
>>
>>Philip Guenther
>
> Thanks Philip.
>
> I made some progress.  I had #include  but wasn't using it.
> I read and re-read the USB_DEVICE_GET_CDESC so many times...
> Indeed after implementing err function, I got "Bad Address".  You were right.
> So I introduced a malloc in my function.  No more bad address, not I get
> "Device not configured".
>
> int
> get_usb_device_fdesc(int f, int a, struct usb_device_fdesc *u)
> {
> u->udf_addr = a;
> u->udf_config_index = USB_CURRENT_CONFIG_INDEX;
> u->udf_size=25; //25  not to be hardcoded
> if ((u->udf_data=malloc(25)) == NULL)
> err(1, "malloc");
> if (ioctl(f, USB_DEVICE_GET_FDESC, u) == -1)
> err(1, "ioctl(GET_FDESC)");
> return 0; //fwiw
> }
>
> Not quite sur what that udf_data is supposed to contain, I have some more
> homework to do.
>
> (gdb) p *u
> $1 = {udf_bus = 0 '\0', udf_addr = 1 '\001', udf_config_index = -1,
>   udf_size = 25, udf_data = 0x12dea87fd280 "\t\002\031"}
> (gdb)
>

udf_data will contain the data you requested :)
First a config descriptor, then your first interface descriptor
followed by an HID descriptor for HID device then endpoint
descriptors.

I have a similar project on the stoves and I have the feeling the USB
thing is a rabbit hole.

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Exploiting PCI-based DMA in OpenBSD

[ludovic coues]

>> INCEPTION
>> =
>>


>> Once DMA is granted, the tool proceeds to search through available memory
> pages
>> for signatures at certain offsets in the operating system’s code. Once
> found,


I only have second hand knowledge of all this stuff.
Following information might be wrong.

Martin Schröder said in the first email that firewire isn't supported
in OpenBSD.
I understand that as "DMA will never be granted".

Another important point is the tool looking at specific offsets.
This doesn't work under OpenBSD [1].


[1] http://www.openbsd.org/papers/ru13-deraadt/mgp4.html

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: Does LibreSSL support RSA export-grade keys? - FREAK Attack

[ludovic coues]

Your arguments is that one website out of four wouldn't be able to
talk with a client only
supporting PFS. It have been said that a lot of these bad apple are
bank server, those
who are not going to upgrade anytime soon.

If you need PFS only, go ahead. I'm pretty sure it's only a matter of
changing a pair of
compile flag on libreSSL.

But please, pretty please, let the dev doing there job.
And drop these caps, you're looking silly.

Re: lynx is gone?

[ludovic coues]

2015-03-06 9:58 GMT+01:00 Raf Czlonka :
> On Fri, Mar 06, 2015 at 02:13:59AM GMT, Theo de Raadt wrote:
>
>> >On Thu, Mar 05, 2015 at 08:24:47PM GMT, Theo de Raadt wrote:
>> >> >Ingo,
>> >> >
>> >> >On Mar 05 18:11:31, schwa...@usta.de wrote:
>> >> >> By the way, lynx(1) removal doesn't really hurt that much.
>> >> >> Rotten code that will hurt more when it will finally be deleted
>> >> >> includes, for example, the sqlite3(1) library and file(1).
>> >> >
>> >> >can you please elaborate on what's rotten in sqlite?
>> >>
>> >> Jan, can you please start from the other end, and provide evidence
>> >> that the code is of the highest possible quality?
>> >
>> >Hi Theo,
>> >
>> >Based on the above, Jan hadn't made any such claims so no evidence is
>> >required. He only asked Ingo to support *his* claim - more info, for
>> >mere reference, if nothing else, would be greatly appreciated. :^)
>>
>> Please run something else.  You'll be happier.  Really.  You don't
>> need code-fussy people around you.
>
> I'm not unhappy with SQLite, so would genuinely like to know what's so
> bad about it - it seems Jan would too. Neither Marc nor Stefan consider
> SQLite *that* badly rotten - Ingo does. Jan would like to get more
> information about it and so would I.
>
> If someone makes a claim, it's only fair to ask them to support it with
> examples. Now, to jump ahead of your next reply - neither Jan nor myself
> made any claims.
>

I believe Theo already told what's wrong with SQLite. His words were
"The code uses risk-prone idioms." if I'm not mistaken.

A lot of arguments advanced to keep lynx where basically "don't act
unless there is a security issue". From what I see, OpenBSD dev act against
code which might be source of issue. That's why there is so few vulnerabilities
in base. The bad code was already gone when those are found in other OS.

By the way, is there a list a common risk-prone idioms ?

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: OpenBSD projects

[ludovic coues]

2014-12-26 18:42 GMT+01:00 jungle Boogie :
> Hello All,
>
> Here's a list of projects that I'm aware of that openBSD created. Is
> that correct? (p) is for portable. What else am I missing?
> openssh (p)
> opensmtpd (p)
> mandoc (p)
> openntpd (p)
> openbgpd
> libressl (p)
> openiked (p?)
> pf
> relayd
> httpd
> carp
>
> Thanks,
> Jungle
>
> --
> ---
> inum: 883510009027723
> sip: jungleboo...@sip2sip.info
> xmpp: jungle-boo...@jit.si
>


openiked isn't portable.

Re: openbsdstore: enable javascript and buy something or gtfo

[ludovic coues]

2014-10-03 16:09 GMT+02:00  :
> In my browser of choice, configured sensibly, this is all that can be
> seen at openbsdstore.com and openbsdeurope.com:
>
> | The OpenBSD Store
>
> | If you have JavaScript disabled you will not be able to order from
> | this site...
>

I'm curious, how did you get this message ?

-- 

Cordialement, Coues Ludovic
+336 148 743 42

Re: kernel page fault on 55-release

[ludovic coues]

2014-09-01 10:47 GMT+02:00 Martin Pieuchot :
> On 30/08/14(Sat) 12:28, ludovic coues wrote:
>> 2014-08-30 11:58 GMT+02:00 Martin Pieuchot :
>> > On 30/08/14(Sat) 11:46, ludovic coues wrote:
>> >> 2014-08-30 10:53 GMT+02:00 Martin Pieuchot :
>> >> > Hello Ludovic,
>> >> >
>> >> > On 28/08/14(Thu) 20:52, ludovic coues wrote:
>> >> >> Hello,
>> >> >>
>> >> >> Recently, I get a kernel page fault every time I try to use the
>> >> >> micronucleus [1] command line tool. It 's for uploading an hex file to
>> >> >> ATtiny processor, much like arduino's avrude. The crash is pretty
>> >> >> consistent, occuring every time I run `micronucleus --run`.
>> >> >> I've managed to use it with success in the past on this machine with
>> >> >> 55-release so it might be hardware related. I added a realtek wireless
>> >> >> device since last time I've get a successful run with micronucleus.
>> >> >>
>> >> >> I get the following message when I run it:
>> >> >> uvm_fault(0x81daaf001, 0x2, 2, 0, 1) -> e
>> >> >> kernel: page fault trap, code=0
>> >> >> Stopped at usbd_get_cdesc+035: movzwl 0x2 (%rax),%eax
>> >> >>
>> >> >> It's followed by the debugger prompt. I don't know how what to do from
>> >> >> that point. I'm willing to spend time tracking the source of the
>> >> >> problem but I have no idea of what I'm looking for.
>> >> >
>> >> > Thanks for reporting the problem.  I believe this is the same issue that
>> >> > has been reported by Thomas Pfaff in February [0] and fixed post 5.5 
>> >> > [1].
>> >> >
>> >> > Could you try a snapshot and tell me if you can still reproduce it?
>> >> >
>> >> > Cheers,
>> >> > Martin
>> >> >
>> >> > [0] http://marc.info/?l=openbsd-bugs&m=139135208628637&w=2
>> >> > [1] http://marc.info/?l=openbsd-cvs&m=139194643911061&w=2
>> >>
>> >> I might have failed to upgrade to snapshot but I still have the error.
>> >> Right now, I got the snapshot install56.fs file, used it to run an
>> >> upgrade and run sysmerge. I must have done something right as
>> >> start_daemon isn't available anymore in /etc/rc.local but the error is
>> >> still present.
>> >
>> > In this case could you send me your dmesg, the output of "usbdevs -dv"
>> > and the trace when the trap occurs?
>>
>
> Thanks Ludovic,
>
>> usbdevs -dv:
>> [...]
>>   port 4 addr 3: high speed, power 100 mA, unconfigured,
>> RTL8187B(0x8189), Realtek(0x0bda), rev 2.00, iSerialNumber
>> 00e04c01
>> urtw0
>
> The problem comes from this driver that does not set any configuration
> when it attaches itself to the device.
>
> Could you test the diff below, it is a sync with urtwn(4), and tell me
> if you can reproduce this problem with it?
>

Nope, I cannot reproduce :)

Thank a lot for your time.

Re: kernel page fault on 55-release

[ludovic coues]

2014-08-30 11:58 GMT+02:00 Martin Pieuchot :
> On 30/08/14(Sat) 11:46, ludovic coues wrote:
>> 2014-08-30 10:53 GMT+02:00 Martin Pieuchot :
>> > Hello Ludovic,
>> >
>> > On 28/08/14(Thu) 20:52, ludovic coues wrote:
>> >> Hello,
>> >>
>> >> Recently, I get a kernel page fault every time I try to use the
>> >> micronucleus [1] command line tool. It 's for uploading an hex file to
>> >> ATtiny processor, much like arduino's avrude. The crash is pretty
>> >> consistent, occuring every time I run `micronucleus --run`.
>> >> I've managed to use it with success in the past on this machine with
>> >> 55-release so it might be hardware related. I added a realtek wireless
>> >> device since last time I've get a successful run with micronucleus.
>> >>
>> >> I get the following message when I run it:
>> >> uvm_fault(0x81daaf001, 0x2, 2, 0, 1) -> e
>> >> kernel: page fault trap, code=0
>> >> Stopped at usbd_get_cdesc+035: movzwl 0x2 (%rax),%eax
>> >>
>> >> It's followed by the debugger prompt. I don't know how what to do from
>> >> that point. I'm willing to spend time tracking the source of the
>> >> problem but I have no idea of what I'm looking for.
>> >
>> > Thanks for reporting the problem.  I believe this is the same issue that
>> > has been reported by Thomas Pfaff in February [0] and fixed post 5.5 [1].
>> >
>> > Could you try a snapshot and tell me if you can still reproduce it?
>> >
>> > Cheers,
>> > Martin
>> >
>> > [0] http://marc.info/?l=openbsd-bugs&m=139135208628637&w=2
>> > [1] http://marc.info/?l=openbsd-cvs&m=139194643911061&w=2
>>
>> I might have failed to upgrade to snapshot but I still have the error.
>> Right now, I got the snapshot install56.fs file, used it to run an
>> upgrade and run sysmerge. I must have done something right as
>> start_daemon isn't available anymore in /etc/rc.local but the error is
>> still present.
>
> In this case could you send me your dmesg, the output of "usbdevs -dv"
> and the trace when the trap occurs?

dmesg:
OpenBSD 5.6-current (GENERIC.MP) #355: Fri Aug 29 17:01:02 MDT 2014
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4166873088 (3973MB)
avail mem = 4047220736 (3859MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb190 (38 entries)
bios0: vendor American Megatrends Inc. version "4.6.5" date 12/24/2013
bios0: Notebook W310CZ/CZ-T
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT HPET SSDT SSDT SSDT
acpi0: wakeup devices P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3)
USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4)
PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz, 1796.23 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU 1037U @ 1.80GHz, 1795.93 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus 2 (RP03)
acpiprt5 at acpi0: bus 3 (RP04)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpitz0 at acpi0: critical temperature is 120 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: LID0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 not present
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: 

Re: kernel page fault on 55-release

[ludovic coues]

2014-08-30 10:53 GMT+02:00 Martin Pieuchot :
> Hello Ludovic,
>
> On 28/08/14(Thu) 20:52, ludovic coues wrote:
>> Hello,
>>
>> Recently, I get a kernel page fault every time I try to use the
>> micronucleus [1] command line tool. It 's for uploading an hex file to
>> ATtiny processor, much like arduino's avrude. The crash is pretty
>> consistent, occuring every time I run `micronucleus --run`.
>> I've managed to use it with success in the past on this machine with
>> 55-release so it might be hardware related. I added a realtek wireless
>> device since last time I've get a successful run with micronucleus.
>>
>> I get the following message when I run it:
>> uvm_fault(0x81daaf001, 0x2, 2, 0, 1) -> e
>> kernel: page fault trap, code=0
>> Stopped at usbd_get_cdesc+035: movzwl 0x2 (%rax),%eax
>>
>> It's followed by the debugger prompt. I don't know how what to do from
>> that point. I'm willing to spend time tracking the source of the
>> problem but I have no idea of what I'm looking for.
>
> Thanks for reporting the problem.  I believe this is the same issue that
> has been reported by Thomas Pfaff in February [0] and fixed post 5.5 [1].
>
> Could you try a snapshot and tell me if you can still reproduce it?
>
> Cheers,
> Martin
>
> [0] http://marc.info/?l=openbsd-bugs&m=139135208628637&w=2
> [1] http://marc.info/?l=openbsd-cvs&m=139194643911061&w=2

I might have failed to upgrade to snapshot but I still have the error.
Right now, I got the snapshot install56.fs file, used it to run an
upgrade and run sysmerge. I must have done something right as
start_daemon isn't available anymore in /etc/rc.local but the error is
still present.

kernel page fault on 55-release

[ludovic coues]

Hello,

Recently, I get a kernel page fault every time I try to use the
micronucleus [1] command line tool. It 's for uploading an hex file to
ATtiny processor, much like arduino's avrude. The crash is pretty
consistent, occuring every time I run `micronucleus --run`.
I've managed to use it with success in the past on this machine with
55-release so it might be hardware related. I added a realtek wireless
device since last time I've get a successful run with micronucleus.

I get the following message when I run it:
uvm_fault(0x81daaf001, 0x2, 2, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at usbd_get_cdesc+035: movzwl 0x2 (%rax),%eax

It's followed by the debugger prompt. I don't know how what to do from
that point. I'm willing to spend time tracking the source of the
problem but I have no idea of what I'm looking for.

thanks


[1] https://github.com/micronucleus/micronucleus
-- 

Ludovic Coues
+336 148 743 42