Re: Fifteen questions

[danston...@yahoo.com.hk]

Hi Joerg, Mike,  
Thank you very much for your answers! 
 
 


On Mon, 27 Jun 2016 01:17:50 -0700
Mike Larkin  wrote:

On Sun, Jun 26, 2016 at 08:42:30AM +0200, Joerg Jung wrote:
> > d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto disk,
> huh?
> 
> Never tried myself, but I expect it to work.

ZZZ on softraid crypto should work, provided the underlying device also
supports ZZZ. This presently means sd(4) on ahci(4) and wd(4) on pciide(4)
(and possibly wdc(4) but I don't think you have that).

If you have one of those combinations, it should work. If it doesn't, I'd
like to know.

-ml

Re: Fifteen questions

[Mike Larkin]

On Sun, Jun 26, 2016 at 08:42:30AM +0200, Joerg Jung wrote:
> > d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto disk,
> huh?
> 
> Never tried myself, but I expect it to work.

ZZZ on softraid crypto should work, provided the underlying device also
supports ZZZ. This presently means sd(4) on ahci(4) and wd(4) on pciide(4)
(and possibly wdc(4) but I don't think you have that).

If you have one of those combinations, it should work. If it doesn't, I'd
like to know.

-ml

Re: Fifteen questions

[Joerg Jung]

> Am 11.06.2016 um 11:42 schrieb "danston...@yahoo.com.hk"
:
>
> Hi guys!
>
> I am currently thinking of buying a new MacBook Air and setting up a
dual-boot OpenBSD + MacOSX. Reading the mailing-list, I understood that
OpenBSD is mostly working well on Mac hardware, but I still have some
questions:
> a. I read that the wifi is not working, so I will have to buy a wifi usb
stick.
>Which one is the best working with OpenBSD?

Driver man pages contain suggestions.
http://man.openbsd.org/?query=wireless=1=0=default=O
penBSD-current

I use run and urtwn devices.

> b. Would it be possible to write a driver for the wifi?

Yes, but very, very hard.

>If I want to write one, where should I look at?

Probably, the existing Linux one might be a start.

> c. Some people reported that the SSD drive was working, others reported the
opposite.
>I really would like to use a SSD drive instead of a standard hard drive.
(I am the kind of guy who drops his laptop…)
>Is there a way to determine if the SSD drive gonna work or not? (I mean,
before buying the MacBook Air.)

I'm not aware of any Air where the SSD is not working and
I own(ed) and tested various older to new(est) models.

However, for recent MacBooks (not Air, not Pro) the NVMe
connected SSD is not working.

> d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto disk,
huh?

Never tried myself, but I expect it to work.

> e. Some time ago, I read that RAID & encryption cannot be used altogether -
Is it still true?

No. AFAIK, the vnd related issues seems to be fixed in -current.

>I am interested in privacy and reliability. So I am thinking of combining
a mirroring discipline and an encrypting discipline: a RAID 1 system, and each
disk of the RAID 1 would contains the same encrypted data. Can I do that?

Yes, but expect slow disk throughputs, due to encryption.
Btw. how did you plan to add the second disk into the Air?

> f. In a RAID 1 system with three disks, what happened if one read byte is
not the same on all the disks?

Three disks in the Air?

> g. Is it possible to set up a RAID 1 system on a single physical drive?
>   (The physical drive would be split in two equal parts, and the second part
would be a copy of the first part.)

Makes no sense. If disk dies, both parts are gone.
Just setup a proper backup instead.

>When I read
>  https://www.openbsd.org/faq/faq14.html#softraid
>  http://man.openbsd.org/OpenBSD-current/man4/softraid.4
>it does not seem possible.
> h. For softraid-crypto, are there multiple encrypting algorithms provided?
Is it possible to choose?
>I mean something like "ssh -c cipher_spec".

AFAIK, no. However, you may want to check bioctl man page and -r argument.

> i. As RAID is good but not enough, I think of using rsnapshot for backing up
data (to a remote server).
>But dump(8) seems good too - Is there any cases in which dump(8) should
be used instead of rsnapshot?

Both can be used to achieve different goals, so it depends on the use case.

> j. Just to be sure: Would it make sense to back up encrypted data? Or is
there no other choice but to decrypt, back up, and then encrypt the backed up
data?

Depends on how you encrypted the data.

> k. Between the i386 and amd64 arch, which one would make more sense to use?
As far as I am concerned, I am interested in reliability and simple-ness (not
interested in speed nor coffee-and-toasts-making-features).

On the Air: amd64.

> l. I understood that signify(1) only signs a file - It cannot encrypt it. To
encrypt a file, a software like gnupg should be used, right?
>Does OpenBSD come up with any in-house software to encrypt a file? Or do
I have to use gnupg?
> m. Is it possible to encrypt a disk image file? Replacing 'sd' by 'vnd' in
the document
>  http://man.openbsd.org/OpenBSD-current/man4/softraid.4
>should do it, right?
> n. In reading
>  https://www.openbsd.org/faq/faq14.html#MountImage
>it seems like that mounting a disk image file needs to be root, true? Is
there a way so that a user could mount a disk image?
> o. Finally, I am thinking of resizing a disk image file. I understood that
it can done in using disklabel(8), then growfs(8), finally fsck(8) - That's
it? Any comments that I should be aware of?
>
> Thanks a lot for your help.
>
> Romain

Re: Fifteen questions

[danston...@yahoo.com.hk]

Okay, I understand. It was just that, from my point of view, they were not all 
independent to each other, and sending one email for every single questions did 
not seem appropriate to me. 
 
I did search the mailing list archive. But it was not that clear for me. That's 
why I thought I could write to @misc. I will search the mailing list archive 
more thoroughly. 
 
BTW, you were right - The few replies I had were for telling me that my email 
was not appropriate. 
So, I would like to apologize to all of you for my mistake: I did not mean any 
disrespect. 
 
Thank you. 
 
 


On Sat, 11 Jun 2016 08:12:34 -0400
Eric Furman  wrote:

Fore the benefit of people searching the mailing list archives for
answers
to similar questions, please only ask ONE question with an
appropriate Subject. You are also much more likely for some one
to respond with an actual answer. The way you are currently
asking, I doubt you will get much help.
BTW, did YOU search the mailing list archive first for these answers?
I have found they answer nearly any question I have.

http://marc.info/?l=openbsd-misc=1=2

If someone knows of a better resource for searching the OpenBSD
mailing lists please let me know.

On Sat, Jun 11, 2016, at 05:42 AM, danston...@yahoo.com.hk wrote:
> Hi guys! 
>  
> I am currently thinking of buying a new MacBook Air and setting up a
> dual-boot OpenBSD + MacOSX. Reading the mailing-list, I understood that
> OpenBSD is mostly working well on Mac hardware, but I still have some
> questions:  
>  a. I read that the wifi is not working, so I will have to buy a wifi usb
>  stick. 
> Which one is the best working with OpenBSD? 
>  b. Would it be possible to write a driver for the wifi? 
> If I want to write one, where should I look at? 
>  c. Some people reported that the SSD drive was working, others reported
>  the opposite. 
> I really would like to use a SSD drive instead of a standard hard
> drive. (I am the kind of guy who drops his laptop…) 
> Is there a way to determine if the SSD drive gonna work or not? (I
> mean, before buying the MacBook Air.) 
>  d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto
>  disk, huh? 
>  e. Some time ago, I read that RAID & encryption cannot be used
>  altogether - Is it still true? 
> I am interested in privacy and reliability. So I am thinking of
> combining a mirroring discipline and an encrypting discipline: a RAID
> 1 system, and each disk of the RAID 1 would contains the same
> encrypted data. Can I do that? 
>  f. In a RAID 1 system with three disks, what happened if one read byte
>  is not the same on all the disks? 
>  g. Is it possible to set up a RAID 1 system on a single physical drive? 
>(The physical drive would be split in two equal parts, and the second
>part would be a copy of the first part.) 
> When I read 
>   https://www.openbsd.org/faq/faq14.html#softraid
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> it does not seem possible. 
>  h. For softraid-crypto, are there multiple encrypting algorithms
>  provided? Is it possible to choose? 
> I mean something like "ssh -c cipher_spec". 
>  i. As RAID is good but not enough, I think of using rsnapshot for
>  backing up data (to a remote server). 
> But dump(8) seems good too - Is there any cases in which dump(8)
> should be used instead of rsnapshot?   
>  j. Just to be sure: Would it make sense to back up encrypted data? Or is
>  there no other choice but to decrypt, back up, and then encrypt the
>  backed up data? 
>  k. Between the i386 and amd64 arch, which one would make more sense to
>  use? As far as I am concerned, I am interested in reliability and
>  simple-ness (not interested in speed nor
>  coffee-and-toasts-making-features). 
>  l. I understood that signify(1) only signs a file - It cannot encrypt
>  it. To encrypt a file, a software like gnupg should be used, right? 
> Does OpenBSD come up with any in-house software to encrypt a file? Or
> do I have to use gnupg? 
>  m. Is it possible to encrypt a disk image file? Replacing 'sd' by 'vnd'
>  in the document 
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> should do it, right? 
>  n. In reading 
>   https://www.openbsd.org/faq/faq14.html#MountImage
> it seems like that mounting a disk image file needs to be root, true?
> Is there a way so that a user could mount a disk image? 
>  o. Finally, I am thinking of resizing a disk image file. I understood
>  that it can done in using disklabel(8), then growfs(8), finally fsck(8)
>  - That's it? Any comments that I should be aware of? 
>  
> Thanks a lot for your help. 
>  
> Romain 

Re: Fifteen questions

[Andrew]

> Does OpenBSD come up with any in-house software to encrypt a file? Or do
> I have to use gnupg?

Yes -- libressl may do what you want. Read man openssl(1) and skim
down to the section entitled "ENC" and the subsequent sections
including examples. It's well written.

Re: Fifteen questions

[Eric Furman]

Fore the benefit of people searching the mailing list archives for
answers
to similar questions, please only ask ONE question with an
appropriate Subject. You are also much more likely for some one
to respond with an actual answer. The way you are currently
asking, I doubt you will get much help.
BTW, did YOU search the mailing list archive first for these answers?
I have found they answer nearly any question I have.

http://marc.info/?l=openbsd-misc=1=2

If someone knows of a better resource for searching the OpenBSD
mailing lists please let me know.

On Sat, Jun 11, 2016, at 05:42 AM, danston...@yahoo.com.hk wrote:
> Hi guys!
>
> I am currently thinking of buying a new MacBook Air and setting up a
> dual-boot OpenBSD + MacOSX. Reading the mailing-list, I understood that
> OpenBSD is mostly working well on Mac hardware, but I still have some
> questions:
>  a. I read that the wifi is not working, so I will have to buy a wifi usb
>  stick.
> Which one is the best working with OpenBSD?
>  b. Would it be possible to write a driver for the wifi?
> If I want to write one, where should I look at?
>  c. Some people reported that the SSD drive was working, others reported
>  the opposite.
> I really would like to use a SSD drive instead of a standard hard
> drive. (I am the kind of guy who drops his laptop…)
> Is there a way to determine if the SSD drive gonna work or not? (I
> mean, before buying the MacBook Air.)
>  d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto
>  disk, huh?
>  e. Some time ago, I read that RAID & encryption cannot be used
>  altogether - Is it still true?
> I am interested in privacy and reliability. So I am thinking of
> combining a mirroring discipline and an encrypting discipline: a RAID
> 1 system, and each disk of the RAID 1 would contains the same
> encrypted data. Can I do that?
>  f. In a RAID 1 system with three disks, what happened if one read byte
>  is not the same on all the disks?
>  g. Is it possible to set up a RAID 1 system on a single physical drive?
>(The physical drive would be split in two equal parts, and the second
>part would be a copy of the first part.)
> When I read
>   https://www.openbsd.org/faq/faq14.html#softraid
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> it does not seem possible.
>  h. For softraid-crypto, are there multiple encrypting algorithms
>  provided? Is it possible to choose?
> I mean something like "ssh -c cipher_spec".
>  i. As RAID is good but not enough, I think of using rsnapshot for
>  backing up data (to a remote server).
> But dump(8) seems good too - Is there any cases in which dump(8)
> should be used instead of rsnapshot?
>  j. Just to be sure: Would it make sense to back up encrypted data? Or is
>  there no other choice but to decrypt, back up, and then encrypt the
>  backed up data?
>  k. Between the i386 and amd64 arch, which one would make more sense to
>  use? As far as I am concerned, I am interested in reliability and
>  simple-ness (not interested in speed nor
>  coffee-and-toasts-making-features).
>  l. I understood that signify(1) only signs a file - It cannot encrypt
>  it. To encrypt a file, a software like gnupg should be used, right?
> Does OpenBSD come up with any in-house software to encrypt a file? Or
> do I have to use gnupg?
>  m. Is it possible to encrypt a disk image file? Replacing 'sd' by 'vnd'
>  in the document
>   http://man.openbsd.org/OpenBSD-current/man4/softraid.4
> should do it, right?
>  n. In reading
>   https://www.openbsd.org/faq/faq14.html#MountImage
> it seems like that mounting a disk image file needs to be root, true?
> Is there a way so that a user could mount a disk image?
>  o. Finally, I am thinking of resizing a disk image file. I understood
>  that it can done in using disklabel(8), then growfs(8), finally fsck(8)
>  - That's it? Any comments that I should be aware of?
>
> Thanks a lot for your help.
>
> Romain

Fifteen questions

[danston...@yahoo.com.hk]

Hi guys! 
 
I am currently thinking of buying a new MacBook Air and setting up a dual-boot 
OpenBSD + MacOSX. Reading the mailing-list, I understood that OpenBSD is mostly 
working well on Mac hardware, but I still have some questions:  
 a. I read that the wifi is not working, so I will have to buy a wifi usb 
stick. 
Which one is the best working with OpenBSD? 
 b. Would it be possible to write a driver for the wifi? 
If I want to write one, where should I look at? 
 c. Some people reported that the SSD drive was working, others reported the 
opposite. 
I really would like to use a SSD drive instead of a standard hard drive. (I 
am the kind of guy who drops his laptop…) 
Is there a way to determine if the SSD drive gonna work or not? (I mean, 
before buying the MacBook Air.) 
 d. Just to be sure: hibernate/ZZZ can be used over a softraid-crypto disk, 
huh? 
 e. Some time ago, I read that RAID & encryption cannot be used altogether - Is 
it still true? 
I am interested in privacy and reliability. So I am thinking of combining a 
mirroring discipline and an encrypting discipline: a RAID 1 system, and each 
disk of the RAID 1 would contains the same encrypted data. Can I do that? 
 f. In a RAID 1 system with three disks, what happened if one read byte is not 
the same on all the disks? 
 g. Is it possible to set up a RAID 1 system on a single physical drive? 
   (The physical drive would be split in two equal parts, and the second part 
would be a copy of the first part.) 
When I read 
  https://www.openbsd.org/faq/faq14.html#softraid
  http://man.openbsd.org/OpenBSD-current/man4/softraid.4
it does not seem possible. 
 h. For softraid-crypto, are there multiple encrypting algorithms provided? Is 
it possible to choose? 
I mean something like "ssh -c cipher_spec". 
 i. As RAID is good but not enough, I think of using rsnapshot for backing up 
data (to a remote server). 
But dump(8) seems good too - Is there any cases in which dump(8) should be 
used instead of rsnapshot?   
 j. Just to be sure: Would it make sense to back up encrypted data? Or is there 
no other choice but to decrypt, back up, and then encrypt the backed up data? 
 k. Between the i386 and amd64 arch, which one would make more sense to use? As 
far as I am concerned, I am interested in reliability and simple-ness (not 
interested in speed nor coffee-and-toasts-making-features). 
 l. I understood that signify(1) only signs a file - It cannot encrypt it. To 
encrypt a file, a software like gnupg should be used, right? 
Does OpenBSD come up with any in-house software to encrypt a file? Or do I 
have to use gnupg? 
 m. Is it possible to encrypt a disk image file? Replacing 'sd' by 'vnd' in the 
document 
  http://man.openbsd.org/OpenBSD-current/man4/softraid.4
should do it, right? 
 n. In reading 
  https://www.openbsd.org/faq/faq14.html#MountImage
it seems like that mounting a disk image file needs to be root, true? Is 
there a way so that a user could mount a disk image? 
 o. Finally, I am thinking of resizing a disk image file. I understood that it 
can done in using disklabel(8), then growfs(8), finally fsck(8) - That's it? 
Any comments that I should be aware of? 
 
Thanks a lot for your help. 
 
Romain