Re: Upgrade procedure encrypted filesystem (6.4 -> 6.5)

On 05/06, shadrock uhuru wrote: hi everyone when upgrading my laptop which is encrypted with a keydisk i assume that i boot the 6.5 kernel which will be on a usb stick with the keydisk inserted, will the hard drive still be decrypted and upgraded, yes also will the encryption step need to be

Re: Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?

On 04/05, Michael Lam wrote: Are you able to have 2 clients connected at the same time? When I tried that (I am using mschap) whenever the 2nd client connects the 1st one's traffic will not go through anymore (it stays connected but no traffic can go through). I've noticed that, if my 2 ikedv2

Re: Introducing pf-badhost and unbound-adblock

On 08/05, Jordan Geoghegan wrote: Hi everyone, I thought I would share a couple scripts I wrote to block ads and bad hosts. I have found them to increase web-browsing speed and reduce battery consumption, especially on mobile devices. They also help reduce pop ups and fake sites, especially

Re: New laptop recommendations

On 06/19/18 03:37, Rupert Gallagher wrote: I have 1500EUR for a new laptop. What would you buy with it? On 06/19, Jordan Geoghegan wrote: Have you considered one of the Librem laptops by Purism? I hear they're quite nice, and are running coreboot straight from the factory. They run

thank you for 6.3

Under 6.2 my laptop would hang a few hours after waking from sleep, and it was my own damn fault for running an unsupported config (Lenovo x200 + coreboot + SeaBIOS). But after upgrading to 6.3 I haven't been able to get it to hang and I find myself back in 'it just works' land which is so, so

pf route-to vs static route

Hi everybody. I used to host my own email and I have ambitions to give it another try. I prefer to keep my email on my home server if I can, but I use Comcast and they block port 25. So, I thought I'd try setting up an IKEDv2 based VPN between my home network (including my email server at

PSA: autodisklabel '\' must be configured

You might get the error "'\' must be configured" when trying to autoinstall, if your autodisklabel layout is only minimums, and the minimums add up to more than the total available disk size. So, you know, don't do that. Putting this out there to save someone some troubleshooting time when

Re: file systems

I've got a 27T drive, single partition, about half full. Combination of big files and lots of small ones. 32G of ECC RAM. Hardware RAID5 ATM though I've used software RAID5 on the same array and that was good too. I keep offline backups of everything. I think it takes around an hour to fsck,

Re: cloud docs

unison? On 05/24, Asbel Kiprop wrote: Yeah, i was using it for some time and i wonder if there is some more text document based solution. 2017-05-24 20:33 GMT+03:00 Ulises M. Alvarez : On 24/05/17 12:22, Asbel Kiprop wrote: Hello, friends. Is there is some solution (in

Re: tmux.conf syntactic change

Yah, I ran into that too, syntax for that sorta stuff changed, now its like this: bind -T copy-mode-vi v send -X begin-selection On 04/20, Predrag Punosevac wrote: Not really a question but one thing I noticed after upgrading dozen or so OpenBSD servers from 6.0 to 6.1 per official

ikedv2 + rdomains + nat = tcp works, udp doesn't

Hi everyone! I like to play with all the cool toys the devs give us, because, you know, they are there, and it helps me learn. One of my favorite walls to bang my head against is automatically connecting my (OpenBSD-stable) laptop to the internet and automatically keeping it connected as I

Re: strange behaviour with etherip bridge over IPSEC and UDP queries

Interesting. I may have a similar problem and was planning to post about it soon...in my case I've been playing with rdomains, using PF to NAT between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on top of my NATing traffic between rdomains, TCP passes fine, UDP does not,

Re: dmesg for Lenovo ThinkPad x200 w/coreboot

sure what to make of, wondering if NTP sync will fix or not. On Tue, Feb 28, 2017 at 12:24 AM, Scott Bonds <sc...@ggr.com> wrote: By popular demand (ok, just 2 people asked)...now with instructions on how to do this yourself: https://ggr.com/how-to-install -coreboot-on-your-x200.html

Re: better way to detect new display

Czlonka <rczlo...@gmail.com> wrote: On Wed, Mar 01, 2017 at 10:14:39AM GMT, Marcus MERIGHI wrote: sc...@ggr.com (Scott Bonds), 2017.02.28 (Tue) 02:21 (CET): > I'm polling using xrandr to check whether a new display was plugged > in, so I can run a script to switch to it, i.e. plug in

Re: better way to detect new display

On 03/01, Marcus MERIGHI wrote: sc...@ggr.com (Scott Bonds), 2017.02.28 (Tue) 02:21 (CET): I'm polling using xrandr to check whether a new display was plugged in, so I can run a script to switch to it, i.e. plug in an external VGA monitor and it lights up automatically, unplug it and my laptop

Re: dmesg for Lenovo ThinkPad x200 w/coreboot

Everyone once in a while, while I'm actively using the laptop, it just...locks up: what's on the screen stops changing, the hard drive light is pegged on with no fluctuation, moving the mouse doesn't move the pointer, typing doesn't effect anything, I cannot switch to a different tty

better way to detect new display

I'm polling using xrandr to check whether a new display was plugged in, so I can run a script to switch to it, i.e. plug in an external VGA monitor and it lights up automatically, unplug it and my laptop automatically switches back to using its internal display. But, every time I run xrandr my

Re: dmesg for Lenovo ThinkPad x200 w/coreboot

By popular demand (ok, just 2 people asked)...now with instructions on how to do this yourself: https://ggr.com/how-to-install-coreboot-on-your-x200.html On 02/27, Scott Bonds wrote: I flashed a Lenovo x200 with Coreboot with Intel microcode enabled, ME removed, and the gigabit ethernet

dmesg for Lenovo ThinkPad x200 w/coreboot

I flashed a Lenovo x200 with Coreboot with Intel microcode enabled, ME removed, and the gigabit ethernet firmware from libreboot. Everything seems to work. Unlike with Libreboot, which comes with a Grub2 payload, Coreboot uses the SeaBIOS payload by default and it can boot an encrypted OpenBSD

Re: 802.11n MIMO support in -current

wow, that's awesome! I've been rocking a athn lately but I'll swap back to iwm to help test On 12/10, Stefan Sperling wrote: The net80211 stack and iwm(4) driver now support MIMO in -current. In my own testing, things work just fine. But I have gotten used to breaking other people's wifi

Re: Fwd: Booting BSD on a Libreboot system - documentation needed

I've started a stab at it. My x200 is in pieces at the moment and I want to retest my instructions before I submit a PR, so it may be a couple weeks. On 10/05, Leah Rowe wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Thanks. Can you forward my message to the appropriate list, if it

umb is cool

I've got a WWAN card that required a bunch of fiddling with pppd under 5.9 to get online. I upgraded to 6.0 and my pppd dialup script stopped working. I soon discovered I had a new NIC: umb0. A man page read and an ifconfig command later, I've got a working WWAN-based connection to the

Re: dmesg for Lenovo Thinkpad x200 w/Libreboot

g into, implying that chainloader command might be broken for Libreboot. So there's that. On 09/26, Scott Bonds wrote: I have a Lenovo ThinkPad x200 running OpenBSD 6.0 with an unencrypted drive. I flashed it to use Libreboot and then booted it up by running this on the GRUB2 command line: # kopenbs

dmesg for Lenovo Thinkpad x200 w/Libreboot

I have a Lenovo ThinkPad x200 running OpenBSD 6.0 with an unencrypted drive. I flashed it to use Libreboot and then booted it up by running this on the GRUB2 command line: # kopenbsd -r sd0a (ahci0,openbsd1)/bsd # boot I haven't tested it extensively, but at first blush things seem to be

Re: OpenBSD 6.0 released, September 1, 2016

Thank you! Congratulations on another great release. I can't wait to get this deployed on all my boxes. :) Much love to everyone that contributed--I'm consistently amazed by the level of awesome that is OpenBSD and how it just keeps getting better. On 09/01, Theo de Raadt wrote:

Re: multiple python version

I use pyenv to install multiple versions of python under a user account on my OpenBSD boxes. https://github.com/yyuu/pyenv On 08/16, Jay Patel wrote: Oh.. okay.. That was my concern. Thanks. On Tue, Aug 16, 2016 at 2:11 PM, Stuart Henderson wrote: On 2016-08-16, Jay

Re: Some shell scripts I've wrote

I count myself among those who have taken a stab at automating wifi roaming in userland: https://github.com/bonds/winot To be clear, winot is far, far from production ready, its more of an excuse for me to play with Haskell at this point. But I've started adding to the Further Reading and

Re: choosing OpenBSD for fileserver instead of FreeBSD + ZFS

Take a look at par2. https://en.wikipedia.org/wiki/Parchive On 07/20, Miles Keaton wrote: Got a fileserver with a few terabytes of important personal media, like all old home movies, baby photos, etc. Files that I want my family to have access to when I die. Really it's more of a file

Re: [Q] Building a release, how do I create install60.fs and install60.iso

Just wanted to say good luck and I'm rooting for you! I've got a Macbook8,1 that would be better with OpenBSD running most days instead of OS X. :) On 06/16, Bryan C. Everly wrote: Sorry if this is an obvious one but I've been all over the FAQ, read the makefiles, etc. and cannot for the

Fwd: Intel Compute Stick BOXSTK1AW32SC

I thought I'd try installing OpenBSD on an Intel Compute Stick using install.fs and the UEFI boot support. Worked like a charm. :) Dmesg below. I plan on building a wireless access point with it using a USB athn adapter (since the built in iwm doesn't support AP mode). I might use the Sticks to

how to break /etc/weekly and your locate.database

I thought I was being clever by doing all of: * disabling root's password * disabling SSH login by root * setting root's shell to /sbin/nologin su stopped working, but I don't use su, or so I thought, until I noticed my locate.database was always 41B aka empty. Turns out /etc/weekly *does* use

Re: Dell XPS 9343 and OpenBSD

Thanks for sharing Remi! I've been thinking about getting one of those, I'm glad to hear it runs OpenBSD ok. Now if Dell would just add an internal WWAN option. :) On 01/14, Remi Locherer wrote: > Hi, > > I read tedu@'s post about OpenBSD on laptops and thought a little report > about running

adventures in wifi roaming

I am working on a script that keeps me connected to wifi all the time and I thought it might be neat to have it notice when the signal is weak and look for another station with a different BSSID but the same SSID to connect to and connect to it with minimal interruption. ifconfig let's me notice

Re: impossibly slow installing 5.6-release on MacbookAir6,1

fixed as of the 2014-12-04 snapshot, thanks to Brad Smith Excerpts from Scott Bonds's message of 2014-12-01 14:18:44 -0800: I am trying to install 5.6-release on a MacbookAir6,1. There are long (5 to 10 minute) pauses that seem to happen whenever the OS accesses the built in hard drive. I

Re: -current hangs during boot from xhci controller on MacbookAir6,1

(4c16713a536188bf.a) swap on sd1b dump on sd1b clock: unknown CMOS layout Excerpts from Martin Pieuchot's message of 2014-12-02 01:21:07 -0800: On 01/12/14(Mon) 15:41, Scott Bonds wrote: While investigating the slow hard drive on my MacbookAir6,1, I decided to take a working installation of -current

Re: -current hangs during boot from xhci controller on MacbookAir6,1

Pieuchot's message of 2014-12-02 01:21:07 -0800: On 01/12/14(Mon) 15:41, Scott Bonds wrote: While investigating the slow hard drive on my MacbookAir6,1, I decided to take a working installation of -current (20141201 snapshot) on a USB drive and try booting it on the MBA6,1. I discovered

impossibly slow installing 5.6-release on MacbookAir6,1

I am trying to install 5.6-release on a MacbookAir6,1. There are long (5 to 10 minute) pauses that seem to happen whenever the OS accesses the built in hard drive. I tried the 20141201 snapshot as well and observed the same pauses. The pauses/slowness is so long that after 4 days of waiting, I

-current hangs during boot from xhci controller on MacbookAir6,1

While investigating the slow hard drive on my MacbookAir6,1, I decided to take a working installation of -current (20141201 snapshot) on a USB drive and try booting it on the MBA6,1. I discovered that booting off of a usb drive (with a full install, i.e. bsd.mp NOT bsd.rd) hangs once the boot

Re: USB worked on 5.5, not on 5.6 on MacbookAir5,1

Earlier you asked for the usbdevs and lsusb outputs on the version of the OS that was *not* recognizing the usb devices at all, that is to say, 5.6-release. I got those today. Note that a urtwn is plugged into the left USB port while I was running these commands. Here they are: ** 5.6-release

Re: USB worked on 5.5, not on 5.6 on MacbookAir5,1

Excerpts from Martin Pieuchot's message of 2014-11-20 02:30:44 -0800: I don't know how it works in Apple machines but other people reported such weird thing with machine having an xhci(4)/ehci(4) controller. Telling the BIOS to deactivate USB 3 support made their ports work again with

Re: USB worked on 5.5, not on 5.6 on MacbookAir5,1

I'm sorry for creating some confusion. My original email was about the MacbookAir5,1 external USB ports not working on 5.6-release, when they worked fine under 5.5-stable, so the subject is descriptive, at least as the discussion started. Subsequently I emailed to say that I have also tried a

Re: USB worked on 5.5, not on 5.6 on MacbookAir5,1

A few people suggest I try current. I tried it and the ports show up again, this time as XHCI. They are unreliable, as others have noted: http://marc.info/?l=openbsd-miscm=141614729913281w=2 I use this laptop as my main workstation, so I'm going to retreat back to 5.5-stable for now, but I'll see

USB worked on 5.5, not on 5.6 on MacbookAir5,1

I've been running 5.5 on my MacbookAir5,1 for some time. I'm trying to upgrade to 5.6 but I'm not having much luck so far. A fresh install off a USB CD drive (ISOSTICK) proceeds until its time to copy the packages from the USB CD drive, but at that point no CD drive is visible. Next I tried

daily insecurity says my swap device changed

My daily insecurity email on one of my boxes says this: Block device changes: brw-r- 1 root operator 0, 1 Aug 16 17:44:40 2014 /dev/wd0b brw-r- 1 root operator 0, 1 Sep 8 18:43:56 2014 /dev/wd0b On all my other (openbsd) boxes, the swap partition has the same date as all the other block

Re: daily insecurity says my swap device changed

On Thu, Sep 11, 2014 at 07:35:47PM +0200, Christer Solskogen wrote: On Thu, Sep 11, 2014 at 7:21 PM, Ingo Schwarze schwa...@usta.de wrote: Hi Scott, Scott Bonds wrote on Thu, Sep 11, 2014 at 09:38:10AM -0700: My daily insecurity email on one of my boxes says this: Block device

Re: daily insecurity says my swap device changed

On Thu, Sep 11, 2014 at 10:13:14PM +0200, Christer Solskogen wrote: On Thu, Sep 11, 2014 at 9:23 PM, Scott Bonds sc...@ggr.com wrote: Understood. I'm the only user on this box and I did not run mknod, touch, or MAKEDEV. I'm wondering whether something nefarious is going on, or if there's

Re: daily insecurity says my swap device changed

On Thu, Sep 11, 2014 at 04:25:04PM -0400, System Administrator wrote: On 11 Sep 2014 at 12:23, Scott Bonds wrote: On Thu, Sep 11, 2014 at 07:35:47PM +0200, Christer Solskogen wrote: On Thu, Sep 11, 2014 at 7:21 PM, Ingo Schwarze schwa...@usta.de wrote: Hi Scott, Scott Bonds

Re: Recording from azalia does not work

On Tue, Jun 26, 2012 at 09:16:38AM +0200, Alexandre Ratchov wrote: On Mon, Jun 25, 2012 at 10:53:34AM +0200, Gregor Best wrote: I'm trying to get recording from the mic input of my laptop working, but have not have success so far. I'm using a thinkpad laptop with an azalia device and a

Re: rc.local mystery executables

On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd Zimmermann wrote: Just off the top my head a few links: www.team-cymru.org https://www.dshield.org http://emergingthreats.net/ https://www.grc.com/dns/dns.htm I stumbled upon malheur awhile back. No idea what to do with it, but it compiles

Re: rc.local mystery executables

On Sat, Aug 16, 2014 at 02:34:21AM -0400, Todd Zimmermann wrote: Lots of good stuff in base and the ports collection. mtree can be extended to check file integrity for anything you've modified and other local stuff (something I need to do). thanks, mtree is neat, glad to know about it

Re: rc.local mystery executables

probably still use it on the newly separated 'everything else' box. Anyway, I clearly have a lot to learn about security. On Thu, Aug 14, 2014 at 09:23:54PM -0400, Ted Unangst wrote: On Thu, Aug 14, 2014 at 17:54, Scott Bonds wrote: So...have I been p0wned or does anyone know what innocent

Re: rc.local mystery executables

On Fri, Aug 15, 2014 at 11:42:32AM -0300, Giancarlo Razzolini wrote: Don't forget to check your own machine, not just your OpenBSD server. It's more often than not the point of origin of the attack. If your machine is compromised, reinstalling your server won't do anything, since they'll

Re: rc.local mystery executables

On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote: While a long way from perfect, tools such as chkrootkit and rkhunter might shed some light on your situation. As Giancarlo said, check every machine that's closely interconnected, not just the one compromised server you've noticed.

rc.local mystery executables

I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today I was doing some maintenance and I found my way to /etc/rc.local. When I opened it I saw this: $ cat rc.local # $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $ # Site-specific startup actions, daemons,