Re: Infinite spin when trying to burn a CD

[Markus Rosjat]

Hi,

for you output ...

Am 26.03.2019 um 22:45 schrieb Jérôme FRGACIC:


write track data: error after 552960 bytes
cdrecord: A write error occured.
cdrecord: Please properly read the error message above.
cdrecord: Input/output error. test unit ready: scsi sendcmd: retryable 
error

CDB:  00 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.000s timeout 40s


test unit ready checks if the device is ready to do what you want it to do.


cdrecord: Input/output error. flush cache: scsi sendcmd: retryable error
CDB:  35 00 00 00 00 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.000s timeout 120s
Trouble flushing the cache
Writing  time:    5.115s
Average write speed 860.1x.
Fixating...


this cdb tries to sync the cache and it seems to have a prob here, the 
good status indecates that the cdb was recieved by the device after that 
it seems to get in trouble


cdrecord: Input/output error. close track/session: scsi sendcmd: 
retryable error

CDB:  5B 00 02 00 00 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.009s timeout 480s
cmd finished after 0.009s timeout 480s


this cdb tries to close the track session i dont know why you get a cmd 
finised twice here maybe its related to the cache problem.



cdrecord: faio_wait_on_buffer for writer timed out.
cdrecord: Input/output error. prevent/allow medium removal: scsi 
sendcmd: retryable error

CDB:  1E 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.000s timeout 40s


here you have your cdb for removing the media again


cdrecord: Cannot fixate disk.
Fixating time:  466.776s
cdrecord: Input/output error. prevent/allow medium removal: scsi 
sendcmd: retryable error

CDB:  1E 00 00 00 00 00
status: 0x0 (GOOD STATUS)
cmd finished after 0.000s timeout 40s


and once again  because he could fixate it before i guess


cdrecord: fifo had 77 puts and 10 gets.
cdrecord: fifo was 0 times empty and 2 times full, min fill was 89%.



so this is what happens by the log why it happend i cant tell by this 
output but again the trouble starts with syncing the cache i guess.


regards
--
Markus Rosjatfon: +49 351 8107224mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT

Re: Determining if a package is installed (regardless of version)

[Adam Steen]

‐‐‐ Original Message ‐‐‐
On Wednesday, March 27, 2019 2:58 PM, Anton Lindqvist  wrote:

> On Wed, Mar 27, 2019 at 02:24:24AM +, Adam Steen wrote:
>
> > Hi All
> > I need to determine if a package is installed, lets use autoconf as an 
> > example
> > I can run "pkg_info -mqP" and get back list of packages, i.e.
> > devel/autoconf/2.69
> > shells/bash
> > sysutils/coreutils
> > x11/dmenu
> > x11/dstat
> > x11/dwm
> > .
> > .
> > .
> > devel/git,-main
> > devel/gmp,-main
> > sysutils/firmware/intel
> > sysutils/firmware/inteldrm
> > .
> > .
> > .
> > sysutils/firmware/uvideo
> > sysutils/firmware/vmm
> > directly comparing "devel/autoconf" with "devel/autoconf/2.69", is it 
> > possible to get pkg_info to report a package without any version or stem 
> > information?
> > using https://man.openbsd.org/pkg_info i couldn't find anything that jumps 
> > out, i was hoping not to do any further post processing.
> > Cheers
> > Adam
>
> There could be multiple ways of achieving the same result but I often
> use the following when scripting package installation:
>
> $ env PKG_PATH= pkg_info autoconf >/dev/null && echo installed

Hi Anton

I should have been more specific, my use case completes the check in two steps

1. find out whats installed, builds a list of packages
2. install whats not installed.

I used autoconf as it is a problem package, git and gmp would also be packages 
of concerned, but shells/bash and sysutils/coreutils are not a problem, see the 
output above

Cheers
Adam

flowd or similiar in base

[Heinz Kampmann]

Hello misc,

is there a chance that flowd or similar program
will be included in base in the foreseeable future?

Best Whishes,
Heinz

Re: authentication methods: how do they work?

[Boris Epstein]

On Wed, Mar 27, 2019 at 2:31 AM Ted Unangst  wrote:

> Boris Epstein wrote:
> > Thanks. It makes sense to be able to select login methods under some
> > circumstances - but do I have an option of forcing the user to log in
> using
> > a predetermined set of methods (for instance, password and then a secure
> > key, or password and Yubkey, or password and SSL key)?
>
> If you want to require two methods, you have to specify a combined method,
> with an appropriate utility in /usr/libexec/auth. This is tricky because
> the
> API only allows for one challenge/response, not a series of them. (Unless
> I'm
> mistaken.)
>

It is interesting because some people mention combined methods - like SSL
hostkey + some second factor being used just in that fashion:

https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html

But based on my experience thus far it looks like Ted is right. So I may
have to write a utility for combined login. What should that utility do -
call the two methods in question and return true or false depending on
whether they succeed?

Thanks for all the help.

Boris.

please ignore (greylisting)

[Hasse Hansson]

Test

Re: authentication methods: how do they work?

[Boris Epstein]

On Wed, Mar 27, 2019 at 5:34 AM Boris Epstein  wrote:

>
>
> On Wed, Mar 27, 2019 at 2:31 AM Ted Unangst  wrote:
>
>> Boris Epstein wrote:
>> > Thanks. It makes sense to be able to select login methods under some
>> > circumstances - but do I have an option of forcing the user to log in
>> using
>> > a predetermined set of methods (for instance, password and then a secure
>> > key, or password and Yubkey, or password and SSL key)?
>>
>> If you want to require two methods, you have to specify a combined method,
>> with an appropriate utility in /usr/libexec/auth. This is tricky because
>> the
>> API only allows for one challenge/response, not a series of them. (Unless
>> I'm
>> mistaken.)
>>
>
> It is interesting because some people mention combined methods - like SSL
> hostkey + some second factor being used just in that fashion:
>
> https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html
>
> But based on my experience thus far it looks like Ted is right. So I may
> have to write a utility for combined login. What should that utility do -
> call the two methods in question and return true or false depending on
> whether they succeed?
>
> Thanks for all the help.
>
> Boris.
>
> And here is another interesting tidbit:
>
> https://jonwillia.ms/2016/04/22/2fa-openbsd-ssh-google-authenticator
>
> I may try to follow the same pattern and see if that works.
>

Fwd: [EdLUG] UK Open Source Awards - Open for Nominations - Do come along

[Craig Skinner]

Begin forwarded message:

Date: Tue, 26 Mar 2019 23:08:45 +
From: Jonathan Riddell
To: Edinburgh Linux Users Group


https://OpenSourceAwards.Org/

The UK Open Source Awards will be a day of celebration of all things
Free and open with software. Open Source is now essential in how the
world works. It creates freedom (that's the Free Software side),
helps education (I only learnt how to program from reading source code
to KDE apps), allows cooperation across industries, gives a
competitive advantage, encourages sharing and reuse, improves security
and builds community. So it's worth a day of celebration and
recognition.

This is the 6th UK Open Source Awards and it takes place in
Edinburgh on Wednesday 12 June 2019. There will be talks, a panel, a
keynote from Frank Karlitscheck and then the award ceremony.

Nominations are now open for the awards, please consider which people
or organisations based in the UK deserve special recognition. The
categories are:

Individual Award

A person who has helped improve the world through contributions to
free and open source software

Company

For a commercial business which has created a successful business
while contributing to open source projects, leading open source
projects and spreading freedom and empowerment for users.

Public Sector and Third Sector

For a public sector or charitable organisation which has developed its
software in an open source method or made innovative use of open
source software or opened up data

Student

A university, college, school student or modern apprentice who has
created beautiful and novel software as part of their course
(dissertation, thesis etc) which is licensed as free and open source
software and has curated participation in an open collaborative
manner.

This award comes with a bursary of £1,500 which is to be spent on
furthering the recipients education and contributions to open source
for example buying a new laptop or expenses for attending conferences.

Diversity

For an open source project which has successfully encouraged
contributions from people in under-represented groups, or a
university, organisation or business which has broken the mould in
bringing minorities to participate in open source.

I'm heading a panel of judges with Allison Randal and Dawn Foster and
we’ll be looking for incredible work being done in the name of
freedom, innovation and impressiveness.

Please do come along on the day, it's free to attend and all are
welcome, I hope to see you there.

https://OpenSourceAwards.Org/


-- 
EdLUG mailing list
ed...@lists.edlug.org.uk
https://lists.EdLUG.Org.UK/mailman/listinfo/edlug

Re: openbgpd; strip private ASNs from bgp updates

[openbsd]

Hello,

That would unforunately affect all the prefixes announced to the edge
router from the internal router. I need it to be only prefixes
announced to my peering partners.

/Oscar

On Tue, Mar 26, 2019 at 3:50 PM Denis Fondras  wrote:
>
> On Tue, Mar 26, 2019 at 02:54:38PM +0100, open...@kene.nu wrote:
> > Hello,
> >
> > Is there a way to make openbgpd strip private ASNs from updates it
> > sends to certain neighbors?
> > I am using openbgpd on my edge routers and distribute routes generated
> > internally to the rest of the world. However, the internal routers use
> > private ASNs and this is obviously frowned upon by my peering
> > partners.
> >
> > I can of course have network statements on my edge routers but that
> > assumes the prefixes will always be reachable via said edge router,
> > something I can never be certain of. I would rather the updates rely
> > on the prefix actually being announced from the source.
> >
>
> Perhaps with transparent-as ?
>

Re: Infinite spin when trying to burn a CD

[Florian Viehweger]

Have you tried different media?

I've seen drives freaking out similarly on numerous occasions because of shady 
media.

Of not, try a different brand, especially when you are using CDs from your 
local supermarket. Also try a different type, writable - rewritable.

-- 
Greetings,

Florian Viehweger

Re: IBM x3650 M3 fatal page fault in supervisor mode

[Marco Nuessgen]

Tom, thanks for your help!

On Tue, Mar 12, 2019 at 09:55:56PM +, Tom Smyth wrote:
[...]
> but check out any advanced I/O PCI-E settings on your server board Bios
[...]

System still halts the boot process.. 

Re: IBM x3650 M3 fatal page fault in supervisor mode

[Marco Nuessgen]

Hrvoje, thanks for your help.

On Tue, Mar 12, 2019 at 11:47:36PM +0100, Hrvoje Popovski wrote:
> On 12.3.2019. 22:26, Marco Nuessgen wrote:
> > I am trying to install OpenBSD 6.4 amd64 on an IBM x-series server. The
> > boot process halts after the kernel gets a "fatal page fault in
> > supervisor mode".
> > 
> > The machine is a x3650 M3 server, 2x six-core XEON E5645 2.4GHz, 88GB
> > RAM, 3 x 146GB HDD, Serveraid M1015 7945 RAID adapter, 4 x Broadcom
> > NetXtreme II. NICs.
[...]
> if you change your bios settings like:
> - disable hyper-threading
> - operating mode to maximum performance
> - disable TPM device
[...]

I gave it a try - no effect. I also disabled virtualization and set
powersave to C3.

> if not, can you update firmware ? i can help you with that.

I updated the firmware, system still hangs. 

starting i3 with xenodm

[Normen Wohner]

I installed i3 with pkg_add,
yet don't understand how
to call it from xenodm.

I tried replacing the stock 
${exec_path}/bin/fvwm
with /usr/local/bin/i3
inside xenodm's Xsession,
but that didn't help much.

I then wrote the typical
exec i3
into .xinitrc in my /root
nothing.

Anybody here using i3?

Re: starting i3 with xenodm

[Christopher Turkel]

create an .xsesson in your home directory file and put in it something like:

xterm &
exec i3

then chmod +x .xsession

On Wed, Mar 27, 2019 at 8:57 AM Normen Wohner  wrote:

> I installed i3 with pkg_add,
> yet don't understand how
> to call it from xenodm.
>
> I tried replacing the stock
> ${exec_path}/bin/fvwm
> with /usr/local/bin/i3
> inside xenodm's Xsession,
> but that didn't help much.
>
> I then wrote the typical
> exec i3
> into .xinitrc in my /root
> nothing.
>
> Anybody here using i3?
>
>

Re: IBM x3650 M3 fatal page fault in supervisor mode

[Marco Nuessgen]

Success, system boots!
In the BIOS options everything is set to porformance and powersave to
C3. In the boot order the USB or DVD device must be the first and then
you have to boot without using the Boot-Manager (F12).
With the Boot-Manager the start is not possible and fails. It seams that
there are some things not initialized at this point.

Re: starting i3 with xenodm

[Johan Huldtgren]

On 2019/03/27 04:59, Normen Wohner wrote:
> I installed i3 with pkg_add,
> yet don't understand how
> to call it from xenodm.
> 
> I tried replacing the stock 
> ${exec_path}/bin/fvwm
> with /usr/local/bin/i3
> inside xenodm's Xsession,
> but that didn't help much.
> 
> I then wrote the typical
> exec i3
> into .xinitrc in my /root
> nothing.
> 
> Anybody here using i3?

This works for me.

---

$ cat ~/.xsession
# disable system beep
xset b off

# lock display
xidle -timeout 300 &

exec i3

---

.jh

Re: starting i3 with xenodm

[Oleg Pahl]

Hi,

Tip : use CWM

You don't need to install extra software like i3 becouse of cwm is a 
part of the OpenBSD X.org installation.


its clean, secure , lightweight and efficient window manager for X11

https://man.openbsd.org/cwm.1
https://undeadly.org/cgi?action=article;sid=20090502141551

Have a nice day
BR
Oleg Pahl

On 3/27/19 9:59 AM, Normen Wohner wrote:

I installed i3 with pkg_add,
yet don't understand how
to call it from xenodm.

I tried replacing the stock
${exec_path}/bin/fvwm
with /usr/local/bin/i3
inside xenodm's Xsession,
but that didn't help much.

I then wrote the typical
exec i3
into .xinitrc in my /root
nothing.

Anybody here using i3?

Re: starting i3 with xenodm

[su-]

this is real issue i see time & time again and it's really frustrating...the op 
asked a question and rather than answering his question we put our personal 
preferences forward. TOXIC 

OP use .xsession instead of .xinintrc

also OpenBSD is known for their quality of man pages...please use these top 
quality man pages

checkout:
man afterboot
man man

Hope you enjoy your time with OpenBSD

-- 
 Securely sent with Tutanota. Get your own encrypted, ad-free mailbox: 
 https://tutanota.com


27 Mar 2019, 13:20 by def...@posteo.de:

> Hi,
>
> Tip : use CWM
>
> You don't need to install extra software like i3 becouse of cwm is a part of 
> the OpenBSD X.org installation.
>
> its clean, secure , lightweight and efficient window manager for X11
>
> https://man.openbsd.org/cwm.1 
> https://undeadly.org/cgi?action=article;sid=20090502141551 
> 
>
> Have a nice day
> BR
> Oleg Pahl
>
> On 3/27/19 9:59 AM, Normen Wohner wrote:
>
>> I installed i3 with pkg_add,
>> yet don't understand how
>> to call it from xenodm.
>>
>> I tried replacing the stock
>> ${exec_path}/bin/fvwm
>> with /usr/local/bin/i3
>> inside xenodm's Xsession,
>> but that didn't help much.
>>
>> I then wrote the typical
>> exec i3
>> into .xinitrc in my /root
>> nothing.
>>
>> Anybody here using i3?
>>

Re: httpd acme-client renew multiple domains

[Hasse Hansson]

On Mon, Mar 25, 2019 at 02:49:01PM +0100, Solene Rapenne wrote:
> On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
> > 
> > 
> > > On 25 Mar 2019, at 01:40, Stuart Henderson  wrote:
> > > 
> > > On 2019-03-23, Mischa  wrote:
> > >> Hi Geir,
> > >> 
> > >> I have solved this with a little script.
> > >> 
> > >> ###
> > >> #!/bin/sh
> > >> OUT=2
> > >> /usr/sbin/acme-client -v www.example.com
> > >> if test  $? -eq 0
> > >> then EXT=$?
> > >> fi
> > >> /usr/sbin/acme-client -v www.example1.com
> > >> if test $? -eq 0
> > >> then EXT=$?
> > >> fi
> > >> if test $EXT -eq 0
> > >> then
> > >>echo "New certificates installed."
> > >>rcctl restart httpd
> > >> else echo "No new certificates installed."
> > >> fi
> > >> ###
> > > 
> > > Simpler:
> > > 
> > > for i in www.example.com www.example1.com; do
> > >  acme-client -v $i && reload=y
> > > done
> > > [[ -n $reload ]] && rcctl reload httpd
> > 
> > Nice!! I have a couple of more domains in there, so the 'for' becomes a 
> > little ugly, but I keep forgetting &&.
> > It's indeed not needed to use the actual exit code.
> > 
> > Mischa
> > 
> > 
> 
> One could easily write something like this:
> 
> #!/bin/sh
> 
> UPDATE=0
> for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
> do
>   acme-client $domain
>   if [ $? -eq 0 ]; then UPDATE=1 fi
> done
> 
> if [ $UPDATE -ne 0 ]; then
>   rcctl restart httpd dovecot smtpd
> fi
> 
> you could also handle the exit status per domain if you want more
> informations. I did write the script for this mail, it may contains
> errors.
> 
Thanks a lot, everybody, for helping.
Very nice solutions.
/Geir

Re: authentication methods: how do they work?

[Daniel Jakots]

On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein
 wrote:

> It is interesting because some people mention combined methods - like
> SSL hostkey + some second factor being used just in that fashion:
> 
> https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html
> 
> But based on my experience thus far it looks like Ted is right. So I
> may have to write a utility for combined login. What should that
> utility do - call the two methods in question and return true or
> false depending on whether they succeed?

You can actually look at the auth plugin this (brilliantly written btw,
*cough* ;)) blog article mentions. login_oauth allows you to use totp
and a password:

> DESCRIPTION
>  The login_totp-and-pwd program attempts to authenticate the user
> via a combination of password authentication and an OATH time-based
> one-time password

(quote from login_totp-and-pwd.8).

Cheers,
Daniel 

Re: httpd acme-client renew multiple domains

[Hasse Hansson]

On Sat, Mar 23, 2019 at 07:05:53PM +0100, Mischa wrote:
> Hi Geir,
> 
> I have solved this with a little script.
> 
> ###
> #!/bin/sh
> OUT=2
> /usr/sbin/acme-client -v www.example.com
> if test  $? -eq 0
> then EXT=$?
> fi
> /usr/sbin/acme-client -v www.example1.com
> if test $? -eq 0
> then EXT=$?
> fi
> if test $EXT -eq 0
> then
> echo "New certificates installed."
> rcctl restart httpd
> else echo "No new certificates installed."
> fi
> ###
> 
> Added the following to cron:
> @daily  sleep $((RANDOM \% 2048)) && /home/mischa/bin/lets.sh
> 
> Hope this helps.
> 
> Mischa
> 
> 
> On 23 Mar at 16:39, Geir Svalland  wrote:
> > Hello
> > mtp$ uname -a
> > OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
> > 
> > I'm hosting and serving multiple domains, 5 of them, using httpd.
> > The domains are declared in /etc/acme-client.conf, and in my initial
> > setup I used the command "acme-client -vAD example.com" on every domain 
> > to create
> > the certs. All of this is working great, but my question is regarding 
> > updating.
> > 
> > I intend to use a cron job for this, "acme-client example.com && rcctl 
> > reload httpd"
> > but I'm not able to get this working for all of the domains in one 
> > single command.
> > 
> > Is that possible to do ?
> > Or do I have to use 5 differen lines with one domain name on each?
> > 
> > All the best
> > Geir Svalland
> > 
> 

Thank you very much Mischa.
Yes, this will do it for me. Very nice.

Have a nice weekend.

/Geir 

GitLab

[Oleg Pahl]

Hi all,

is it possible to install GitLab on OpenBSD? If yes .. any doc's?

BR

Oleg Pahl

Re: starting i3 with xenodm

[Normen Wohner]

> On 27 Mar 2019, at 14:46,   wrote:
> this is real issue i see time & time again and it's really frustrating...the 
> op asked a question and rather than answering his question we put our 
> personal preferences forward. TOXIC 

Ah I never feel offended by the occasional 
"use X instead” it’s a valid suggestion as long as
reason is stated. Everybody has their reasons.
Though, true, 
“I never asked for this” - Adam Jensen 

> OP use .xsession instead of .xinintrc

perfect answer

> also OpenBSD is known for their quality of man pages...please use these top 
> quality man pages

I know it for the quality man pages
plus it’s the only OS that truly installs
anywhere I try.

> checkout:
> man afterboot
> man man
> 
> Hope you enjoy your time with OpenBSD

Thanks, have a nice day too.

>> 27 Mar 2019, 13:20 by def...@posteo.de:
>> Tip : use CWM
>> 
>> You don't need to install extra software like i3 becouse of cwm is a part of 
>> the OpenBSD X.org installation.
>> 
>> its clean, secure , lightweight and efficient window manager for X11


Frankly I have tired cwm and although
I really appreciate the source style, 
I always end up feeling handicapped
compared to i3wm.
You should look at the video under i3wm.org 
It’s a BSD licensed tiling wm that does vertical
and horizontal automatic window splitting for 
arbitrarily complex layouts.
It’s like going from nano to vim.
CWM is my preferred base wm though.

>>> On 27 Mar 2019, at 14:05, Johan Huldtgren 
>>>  wrote:
>>> $ cat ~/.xsession
>>> # disable system beep
>>> xset b off
>>> 
>>> # lock display
>>> xidle -timeout 300 &

Those are neat suggestions,
haven’t tried autosleep on display yet
should look into man xidle

 On 27 Mar 2019, at 14:01, Christopher Turkel 
  wrote:
 
 create an .xsesson in your home directory file and put in it something 
 like:
 
 xterm &
 exec i3
 
 then chmod +x .xsession
Ahhh, dammit xsession not xinitrc. 
You see I have a bunch of OpenBSD installs,
not all up to date
and I always forget when things change-.-

Re: Determining if a package is installed (regardless of version)

[Thomas Frohwein]

On Wed, Mar 27, 2019 at 07:27:15AM +, Adam Steen wrote:
[...]
> I should have been more specific, my use case completes the check in two steps
> 
> 1. find out whats installed, builds a list of packages
> 2. install whats not installed.
[...]

If you want to build a list of installed packages from a current installation
and install the same packages on different computer or at a later point, you
could use pkg_add(1) with -z and -l to use a file created by pkg_info -m > file
as the input. See man page for pkg_add(1).

If you want to install every single available package, I'm not sure if there's
a way and the use case for this escapes me. You could probably get the full
list of all available packages with a (text) browser from the directory index
of one mirrors, format it (e.g. removing '\.tgz.*' with regex) and feed that to
pkg_add -z -l ... but I would question your use case and/or sanity...

Re: Documentation request: wscons API

[Leonid Bobrov]

On Tue, Mar 26, 2019 at 11:11:30AM +0200, Leonid Bobrov wrote:
> On Tue, Mar 26, 2019 at 10:04:02AM +0100, Martin Husemann wrote:
> > On Tue, Mar 26, 2019 at 10:51:35AM +0200, Leonid Bobrov wrote:
> > > Hi, dear NetBSD and OpenBSD communities.
> > > 
> > > I need to work with wscons, but I don't want to guess by examples
> > > how to work with it, can you please provide documentation for its
> > > API?
> > 
> > Please avoid such cross-postings. Also you did not ask very concrete,
> > so probably expected answer:
> > 
> > man 9 wscons
> > 
> 
> Oh, I miss that one in OpenBSD, thank you.
> 
> And sorry for cross-postings, I was sure it's worth to send to
> multiple lists.
> 
> > Martin

Hold on, it doesn't mension how to handle input, it only says
how to create input, that documentation is for writing keyboard
drivers, but I need actual input handling.

Re: authentication methods: how do they work?

[Boris Epstein]

On Wed, Mar 27, 2019 at 11:05 AM Daniel Jakots  wrote:

> On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein
>  wrote:
>
> > It is interesting because some people mention combined methods - like
> > SSL hostkey + some second factor being used just in that fashion:
> >
> > https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html
> >
> > But based on my experience thus far it looks like Ted is right. So I
> > may have to write a utility for combined login. What should that
> > utility do - call the two methods in question and return true or
> > false depending on whether they succeed?
>
> You can actually look at the auth plugin this (brilliantly written btw,
> *cough* ;)) blog article mentions. login_oauth allows you to use totp
> and a password:
>
> > DESCRIPTION
> >  The login_totp-and-pwd program attempts to authenticate the user
> > via a combination of password authentication and an OATH time-based
> > one-time password
>
> (quote from login_totp-and-pwd.8).
>
> Cheers,
> Daniel
>

Thanks Daniel!

This is a nice piece of code indeed:

https://github.com/WIZARDISHUNGRY/totp-util

But I don't see the login_ code there - which would be helpful if
I were to write a login plugin. Do you know where that code would be?

Boris.

Re: authentication methods: how do they work?

[Daniel Jakots]

On Wed, 27 Mar 2019 12:31:51 -0400, Boris Epstein
 wrote:

> This is a nice piece of code indeed:
> 
> https://github.com/WIZARDISHUNGRY/totp-util
> 
> But I don't see the login_ code there - which would be
> helpful if I were to write a login plugin. Do you know where that
> code would be?

Not sure how do you relate totp-util and login_oauth but you can fetch
the source at that url:
/usr/ports/sysutils/login_oath$ echo $(make show=MASTER_SITES)$(make 
show=DISTFILES)  
https://spacehopper.org/mirrors/login_oath-0.8.tar.gz

I patched my kernel

[sven falempin]

and I feel safer now,
thank you

Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken,
Luca Moro at Synacktiv.com


and special thanks to

Maxime Villard

Hail MAXIME !

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: starting i3 with xenodm

[Normen Wohner]

New Issue, after install and setup neither dmenu nor the statusbar show up... 
anybody ever experienced this behavior?
I played around and I can start both manually.

> On Mar 27, 2019, at 9:59 AM, Normen Wohner  wrote:
> 
> I installed i3 with pkg_add,
> yet don't understand how
> to call it from xenodm.
> 
> I tried replacing the stock 
> ${exec_path}/bin/fvwm
> with /usr/local/bin/i3
> inside xenodm's Xsession,
> but that didn't help much.
> 
> I then wrote the typical
> exec i3
> into .xinitrc in my /root
> nothing.
> 
> Anybody here using i3?
> 

Re: openbgpd; strip private ASNs from bgp updates

[Sebastian Benoit]

open...@kene.nu(open...@kene.nu) on 2019.03.27 12:25:33 +0100:
> Hello,
> 
> That would unforunately affect all the prefixes announced to the edge
> router from the internal router. I need it to be only prefixes
> announced to my peering partners.
> 
> /Oscar
> 
> On Tue, Mar 26, 2019 at 3:50 PM Denis Fondras  wrote:
> >
> > On Tue, Mar 26, 2019 at 02:54:38PM +0100, open...@kene.nu wrote:
> > > Hello,
> > >
> > > Is there a way to make openbgpd strip private ASNs from updates it
> > > sends to certain neighbors?
> > > I am using openbgpd on my edge routers and distribute routes generated
> > > internally to the rest of the world. However, the internal routers use
> > > private ASNs and this is obviously frowned upon by my peering
> > > partners.
> > >
> > > I can of course have network statements on my edge routers but that
> > > assumes the prefixes will always be reachable via said edge router,
> > > something I can never be certain of. I would rather the updates rely
> > > on the prefix actually being announced from the source.
> > >
> >
> > Perhaps with transparent-as ?

In current (snapshots) there is "as-override":

 as-override (yes|no)
 If set to yes, all occurrences of the neighbor AS in the AS
 path will be replaced with the local AS before running the
 filters.  The Adj-RIB-In still holds the unmodified AS path. 
 The default value is no.

this is a neighbor option and used on the session to a peer that uses a
private AS.

You dont say much about your network structure, but if your edge router has
a normal As number, and your internal ebgp peers have private As numbers,
this option will help.

/Benno

Re: starting i3 with xenodm

[Normen Wohner]

issue solved had to . ~/.profile from .xsession
obvious in retrospect.
Thanks for all the help

> On 27 Mar 2019, at 18:35, Normen Wohner  wrote:
> 
> New Issue, after install and setup neither dmenu nor the statusbar show up... 
> anybody ever experienced this behavior?
> I played around and I can start both manually.
> 
>> On Mar 27, 2019, at 9:59 AM, Normen Wohner  wrote:
>> 
>> I installed i3 with pkg_add,
>> yet don't understand how
>> to call it from xenodm.
>> 
>> I tried replacing the stock 
>> ${exec_path}/bin/fvwm
>> with /usr/local/bin/i3
>> inside xenodm's Xsession,
>> but that didn't help much.
>> 
>> I then wrote the typical
>> exec i3
>> into .xinitrc in my /root
>> nothing.
>> 
>> Anybody here using i3?
>> 
> 

Re: I patched my kernel

[Joseph Mayer]

What about it? Solving what etc. .

‐‐‐ Original Message ‐‐‐
On Thursday, March 28, 2019 6:17 AM, sven falempin  
wrote:

> and I feel safer now,
> thank you
>
> Nicolas Collignon, Corentin Bayet, Eloi Vanderbeken,
> Luca Moro at Synacktiv.com
>
> and special thanks to
>
> Maxime Villard
>
> Hail MAXIME !
>
> ---
>
> --
>
> ---
>
> Knowing is not enough; we must apply. Willing is not enough; we must do