Re: netbsd crashes when using fat filesys
there's gotta be a better way to debug this On Thu, May 2, 2024 at 5:41 AM Martin Husemann wrote: > On Wed, May 01, 2024 at 05:08:04PM +, xuser wrote: > > This is as much as a I can give you > > It say some thing about invalid fats > > i cant see much because the screen go blank > > As for the core dump i don't have enough swap space > > Can you provdie an image of a filesystem that shows this bug? > Maybe create a new empty one (on a usb stick?) and make it bad (however > that is done), then dump the stick's content and only after that try if > it triggers your crash. If it does, upload the image somewhere and send > the URL. > > Thanks, > > Martin > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654
Re: Please forgive a blatant plug: I reviewed v10 for the Reg
OpenBSD is NetBSD Lite On Tue, Apr 30, 2024, 5:57 PM Riccardo Mottola wrote: > Ciao Liam! > > Liam Proven wrote: > > I really wish there were more technology sharing between the BSDs. > > There is actually, but it is never easy. I have seen good transfer > between NetBSD and OpenBSD in the years, including drivers and such. > > > > > Dragonfly has the best installer, IMHO, but of course it has many > > fewer options to cover. > > I only use the "canonical" three. I must say as a user I like NetBSD and > OpenBSD best. > Of course the less platforms the easier it is. Things like partitioning, > bootloader complicate things. > > I think NetBSD has a quite good installer in many aspects. Quick to > setup, has a very convenient utility, network setup. > Essentially the worst part is partitioning, but it is a tricky matter. > On classic BIOS PC setup it works quite well though... quick and fast. > Try to partition MacPPC and you get crazy. > > > FreeBSD is the worst inasmuch as it does the least complete job. > I agree... however it has some interesting points. > I think Debian has a good, but complicated, heavy installer. NetBSD > could learn something from it, but not too much. > Debian has a decent partitioning tool > > > > > Some OpenBSD folks are angry with me because I criticise its disk > > partitioner. When I tell them the config I work with and they recoil > > and go "OMG that is _impossible!_" > > OpenBSD are complicated people.. but they do good stuff. Also the prompt > based installer is quite good! Upgrading is excellent! But certain > things are a bit extreme. like no dhcp setup (must test latest > though, maybe they changed it again). > > > The point being: cross-platform installers that work on multiple very > > different distros with different packaging tools are 100% a thing. > I'm not expert there, but they should have peraps more per > > > I am sure it would be possible to write a program which, when run, > > tests the console or terminal to determine if it can use colour and > > cursor controls, and if it can, which presents a > > cursor-key-driven-menu based UI with CUA-style controls -- but if the > > terminal does not, then falls back gracefully to simple numeric or > > letter-choice menus. > > Terminal type does that for you... and NetBSD install works well even > ona 9600 baud serial vt100, which is really legacy technology. > > > > > > > Long-term users often tell me that they do not notice the issues > > because they simply upgrade from one version to the next and never see > > the installer. Well, in that case, offer that opportunity to visitors > > as well: it would be to the benefit of all of the BSD family if the > > projects supplied pre-installed and pre-configured VM images for > > direct download, so that the curious could simply download an OVA > > file, import it into the hypervisor of their choice, and try the OS > > out without installing it at all. > > Yes, upgrading sometimes does not well test the bare install. However > both are important applications. > I tend to too to upgrade... In the case of NetBSD however you still test > a big part of the install - except partitioning. You do all steps! > > I just did an upgrade on SPARC64 and it worked wonderfully. > > > > Cheers, > > Riccardo >
Re: Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)
I've seen documentation for this somewhere. Have you seen this?https://www.netbsd.org/docs/guide/en/chap-cgd.html On Mon, Apr 29, 2024, 8:26 PM Arvind wrote: > Yes. The man pages are out of date and unfortunately not helpful ( > https://wiki.netbsd.org/security/cgdroot/). See the top of the page. > > -Arvind > > > Original Message ---- > On 4/29/24 7:52 PM, Lucifer wrote: > > theres a handbook online > have you checked there? > > On Mon, Apr 29, 2024, 4:05 PM Arvind wrote: > >> I am not interested in using Linux. I would like to setup Root Filesystem >> Encryption (unlock using passphrase) during boot. The man pages are out of >> date and unfortunately not helpful ( >> https://wiki.netbsd.org/security/cgdroot/). >> >> -Arvind >> >> >> >> >> On Apr 29, 2024, at 3:57 PM, Lucifer wrote: >> >> i dont fully understand >> >> On Mon, Apr 29, 2024, 3:12 PM Arvind wrote: >> >>> Sure, was just using the linux remote unlock as an example of what we’re >>> trying to get configured (after encrypting the root partition with >>> passphrase unlock). Any help from the group would be much appreciated. >>> >>> -Arvind >>> >>> >>> >>> >>> On Apr 29, 2024, at 2:57 PM, Lucifer wrote: >>> >>> i recommend against third party for mission critical. >>> >>> stay away from Linux. >>> >>> On Mon, Apr 29, 2024 at 2:55 PM Arvind wrote: >>> >>>> The backup files themselves will be encrypted. >>>> >>>> -Arvind >>>> >>>> >>>> >>>> >>>> On Apr 29, 2024, at 2:53 PM, Lucifer wrote: >>>> >>>> i find it interesting that you do not encrypt the backup... >>>> >>>> On Mon, Apr 29, 2024 at 10:10 AM Arvind wrote: >>>> >>>>> Hi friends, hoping someone might be able to help or point in the right >>>>> direction. We have a NetBSD 10 machine that requires Root Filesystem >>>>> Encryption (unlock using passphrase) during boot. The man pages are out of >>>>> date and unfortunately not helpful ( >>>>> https://wiki.netbsd.org/security/cgdroot/). >>>>> >>>>> We are using UEFI/GPT. We have a boot partition but also another user >>>>> defined partition (/backups) that is not encrypted. >>>>> >>>>> Once configured, would also like to add remote ssh unlock using >>>>> something like Dropbear. This is the equivalent on the Linux platform(s): >>>>> https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux >>>>> >>>>> >>>>> -Arvind >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> -- >>>> renegade6969...@gmail.com >>>> https://www.facebook.com/profile.php?id=61556020800880 >>>> https://twitter.com/Rose29283220654 >>>> >>>> >>>> >>> >>> -- >>> renegade6969...@gmail.com >>> https://www.facebook.com/profile.php?id=61556020800880 >>> https://twitter.com/Rose29283220654 >>> >>> >>> >>
Re: OAUTH TOTP
bro are these legitimate keys? On Mon, Apr 29, 2024, 6:14 PM Martin Neitzel < neit...@hackett.marshlabs.gaertner.de> wrote: > PW> Apparently I need to "purchase an inexpensive OATH TOTP compatible > PW> token device." > > Here's another "thumbs-up" for the pkg "oath-toolkit". > > I drive its oathtool(1) with a simple, rwx-- shell wrapper which > collects my personal seed secrets and tells me both the current and > upcoming TOTP, syncing on the HH:MM:{00,30} switch-overs. > > (With an intentional off-by-one, cannot remember why I preferred > it that way, though. The sample seeds below are not the real thing > -- no worries.) > > Oh: exit the loop with Ctrl-C. > > Martin Neitzel > > > #!/bin/sh > > case "$1" in > -h*|-hzi) secret=LDCKNdVBUJUWMCDBCDOKQSDLC ;; > -g*|-github)secret=KMSXBBSPVOFBWCKX ;; > -m*|-microsoft) secret=sxok3dck8skxn9sx ;; > -o*|-oci) secret="SLODCNCDJNCDJBDCJBDCJBSXNI" ;; > -*) echo "$1: no such option" 1>&2 ; exit 1 ;; > ?*) secret=$1 ;; > "") echo "usage: $0 [ -h | -m | -g | -o | ]" > exit 1 > ;; > esac > > trap "exit 0" INT > > while true; do > t=`date +%S` > date +"%T, current & next token (changes on seconds :00 and :30):" > oathtool --totp -w1 -b $secret > # gotcha! $t may come as 08 or 09 which would be illegal octal > # numbers -- so we need to nuke a leading "0": > sleep $(( 1 + 30 - (${t#0} % 30) )) > done >
Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)
theres a handbook online have you checked there? On Mon, Apr 29, 2024, 4:05 PM Arvind wrote: > I am not interested in using Linux. I would like to setup Root Filesystem > Encryption (unlock using passphrase) during boot. The man pages are out of > date and unfortunately not helpful ( > https://wiki.netbsd.org/security/cgdroot/). > > -Arvind > > > > > On Apr 29, 2024, at 3:57 PM, Lucifer wrote: > > i dont fully understand > > On Mon, Apr 29, 2024, 3:12 PM Arvind wrote: > >> Sure, was just using the linux remote unlock as an example of what we’re >> trying to get configured (after encrypting the root partition with >> passphrase unlock). Any help from the group would be much appreciated. >> >> -Arvind >> >> >> >> >> On Apr 29, 2024, at 2:57 PM, Lucifer wrote: >> >> i recommend against third party for mission critical. >> >> stay away from Linux. >> >> On Mon, Apr 29, 2024 at 2:55 PM Arvind wrote: >> >>> The backup files themselves will be encrypted. >>> >>> -Arvind >>> >>> >>> >>> >>> On Apr 29, 2024, at 2:53 PM, Lucifer wrote: >>> >>> i find it interesting that you do not encrypt the backup... >>> >>> On Mon, Apr 29, 2024 at 10:10 AM Arvind wrote: >>> >>>> Hi friends, hoping someone might be able to help or point in the right >>>> direction. We have a NetBSD 10 machine that requires Root Filesystem >>>> Encryption (unlock using passphrase) during boot. The man pages are out of >>>> date and unfortunately not helpful ( >>>> https://wiki.netbsd.org/security/cgdroot/). >>>> >>>> We are using UEFI/GPT. We have a boot partition but also another user >>>> defined partition (/backups) that is not encrypted. >>>> >>>> Once configured, would also like to add remote ssh unlock using >>>> something like Dropbear. This is the equivalent on the Linux platform(s): >>>> https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux >>>> >>>> >>>> -Arvind >>>> >>>> >>>> >>>> >>>> >>> >>> -- >>> renegade6969...@gmail.com >>> https://www.facebook.com/profile.php?id=61556020800880 >>> https://twitter.com/Rose29283220654 >>> >>> >>> >> >> -- >> renegade6969...@gmail.com >> https://www.facebook.com/profile.php?id=61556020800880 >> https://twitter.com/Rose29283220654 >> >> >> >
Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)
i dont fully understand On Mon, Apr 29, 2024, 3:12 PM Arvind wrote: > Sure, was just using the linux remote unlock as an example of what we’re > trying to get configured (after encrypting the root partition with > passphrase unlock). Any help from the group would be much appreciated. > > -Arvind > > > > > On Apr 29, 2024, at 2:57 PM, Lucifer wrote: > > i recommend against third party for mission critical. > > stay away from Linux. > > On Mon, Apr 29, 2024 at 2:55 PM Arvind wrote: > >> The backup files themselves will be encrypted. >> >> -Arvind >> >> >> >> >> On Apr 29, 2024, at 2:53 PM, Lucifer wrote: >> >> i find it interesting that you do not encrypt the backup... >> >> On Mon, Apr 29, 2024 at 10:10 AM Arvind wrote: >> >>> Hi friends, hoping someone might be able to help or point in the right >>> direction. We have a NetBSD 10 machine that requires Root Filesystem >>> Encryption (unlock using passphrase) during boot. The man pages are out of >>> date and unfortunately not helpful ( >>> https://wiki.netbsd.org/security/cgdroot/). >>> >>> We are using UEFI/GPT. We have a boot partition but also another user >>> defined partition (/backups) that is not encrypted. >>> >>> Once configured, would also like to add remote ssh unlock using >>> something like Dropbear. This is the equivalent on the Linux platform(s): >>> https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux >>> >>> >>> -Arvind >>> >>> >>> >>> >>> >> >> -- >> renegade6969...@gmail.com >> https://www.facebook.com/profile.php?id=61556020800880 >> https://twitter.com/Rose29283220654 >> >> >> > > -- > renegade6969...@gmail.com > https://www.facebook.com/profile.php?id=61556020800880 > https://twitter.com/Rose29283220654 > > >
Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)
i recommend against third party for mission critical. stay away from Linux. On Mon, Apr 29, 2024 at 2:55 PM Arvind wrote: > The backup files themselves will be encrypted. > > -Arvind > > > > > On Apr 29, 2024, at 2:53 PM, Lucifer wrote: > > i find it interesting that you do not encrypt the backup... > > On Mon, Apr 29, 2024 at 10:10 AM Arvind wrote: > >> Hi friends, hoping someone might be able to help or point in the right >> direction. We have a NetBSD 10 machine that requires Root Filesystem >> Encryption (unlock using passphrase) during boot. The man pages are out of >> date and unfortunately not helpful ( >> https://wiki.netbsd.org/security/cgdroot/). >> >> We are using UEFI/GPT. We have a boot partition but also another user >> defined partition (/backups) that is not encrypted. >> >> Once configured, would also like to add remote ssh unlock using something >> like Dropbear. This is the equivalent on the Linux platform(s): >> https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux >> >> >> -Arvind >> >> >> >> >> > > -- > renegade6969...@gmail.com > https://www.facebook.com/profile.php?id=61556020800880 > https://twitter.com/Rose29283220654 > > > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654
Re: NetBSD 10 RFE (ramdisk-cgdroot.fs in boot.cfg)
i find it interesting that you do not encrypt the backup... On Mon, Apr 29, 2024 at 10:10 AM Arvind wrote: > Hi friends, hoping someone might be able to help or point in the right > direction. We have a NetBSD 10 machine that requires Root Filesystem > Encryption (unlock using passphrase) during boot. The man pages are out of > date and unfortunately not helpful ( > https://wiki.netbsd.org/security/cgdroot/). > > We are using UEFI/GPT. We have a boot partition but also another user > defined partition (/backups) that is not encrypted. > > Once configured, would also like to add remote ssh unlock using something > like Dropbear. This is the equivalent on the Linux platform(s): > https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux > > > -Arvind > > > > > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654
Re: OAUTH TOTP
totp must not be implemented yet... On Mon, Apr 29, 2024 at 2:10 PM Greg Troxel wrote: > Benny Siegert writes: > > > The cheapest way to have TOTP is to install Google Authenticator on > > your phone. > > Be careful when you choose a TOTP program that you are able to back up > the seeds yourself, and that the program does not send the seeds to the > cloud not adequately protected in the name of cross-device syncing. > Last I heard Google Authenticator was not ok, but maybe that has changed > and it is now impossible to sync without e2e encryption inaccessible to > google. > > > Hopefully, you can use proper Security Keys too (WebAuthn and > > whatnot), in which case I highly recommend a Yubikey. > > I also recommend yubikeys. > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654
Re: ipv4_prefer
does anyone have a more indepth description of function? On Mon, Apr 29, 2024 at 10:48 AM beaker wrote: > Lucifer wrote: > > On Sun, Apr 28, 2024, 5:16 PM beaker wrote: > > > > > m...@goathill.org (MLH) wrote: > > > > > > > It appears that some of the pkgsrc distfiles now are only available > > > > via ipv6 servers but how do you set ipv4_prefer mode so ipv6 attempts > > > > don't prevent normal ipv4 operation? > > > > > > > > setting > > > > ip6addrctl_policy="ipv4_prefer" > > > > > > > > in rc.conf doesn't change to normal ipv4 mode first as the > > > > documentation (and other references) appear to claim. > > > > > > Try setting "ip6addrctl=YES" as well. > > > > > What is ip6addrctl? > > It's mentioned in rc.conf(5): > > "ip6addrctlBoolean value. Fine grain control of address and > routing priorities." > > I *think* it's akin to having to enable cruise control before you > can set a particular speed preference. > > -B > -- renegade6969...@gmail.com https://www.facebook.com/profile.php?id=61556020800880 https://twitter.com/Rose29283220654