BSD licensed gnupg replacement question

[Maximo Pech]

It's incredible for me that OpenBSD, an operating system that claims to
have integrated cryptography (yes I know that the cryptography is on the
core OS layers)  doesn't have in the base system a tool like gnupg, and
even more incredible, that there isn't a single production ready,
gnupg-like, BSD licensed tool out there (I don't have the skills and time
to program one myself).

I'd like to know your thoughts about this.

Re: BSD licensed gnupg replacement question

[Maximo Pech]

I said I can't code that. I know that gnupg is in the ports tree, but it
just seems strange to me that it isn't on the base system, because for me
it sounds logical that if one of the key points of openbsd is cryptography,
it would have a bsd tool like gnupg. The netpgp thing looks very cool, I
didn't know about it.

So my question is why there isn't a tool like that on base, I'm asking out
of curiosity, maybe some historical, reason, technical... I'm not trying to
point this as a fault, I just want to understand better the fact that gnupg
or a bsd licensed equivalent isn't in the base system.

El jueves, 6 de diciembre de 2012, Martin Schröder escribió:

> 2012/12/6 Maximo Pech >:
> > I'd like to know your thoughts about this.
>
> Shut up and show us your code.

Re: BSD licensed gnupg replacement question

[Maximo Pech]

2012/12/9 Nico Kadel-Garcia 

> On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio  wrote:
> > Maximo Pech [mak...@gmail.com] wrote:
> >> I said I can't code that.
> >
> > If you already knew the answer was "write it", then you asked the wrong
> > question.
>

I already knew an answer (not the only one) could be "write it".


> >
> >> I know that gnupg is in the ports tree, but it
> >> just seems strange to me that it isn't on the base system, because for
> me
> >> it sounds logical that if one of the key points of openbsd is
> cryptography,
> >> it would have a bsd tool like gnupg. The netpgp thing looks very cool, I
> >> didn't know about it.
> >>
> >
> > Do you have any idea how abusrd this is?
> >
>

No I don't, if you don't mind please explain why that's absurd.


> >> So my question is why there isn't a tool like that on base, I'm asking
> out
> >> of curiosity, maybe some historical, reason, technical... I'm not
> trying to
> >> point this as a fault, I just want to understand better the fact that
> gnupg
> >> or a bsd licensed equivalent isn't in the base system.
> >>
> >
> > The original PGP program was mostly public domain. As time went on, it
> went to a
> > highly restrictive license. GnuPG, and later, NetPGP represent the
> people who
> > had desires to fix that problem. If you want to do it again, nobody will
> stop you.
> >
> > OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality
> and
> > licensing problems in those areas. OpenSSH is still the gold standard,
> OCF/IPsec,
> > maybe not. PGP worked, was public domain, encrypts files, and solved one
> problem.
> > Network layer encryption is an entirely different, and for many, a much
> more
> > important problem.
>

That's completely subjective and also it is a problem that has more work
behind than the "problem" I think there is with the non existence of bsd
tools like gnupg on *base* not on ports and not openssl.

What I say is simply that it would be cool if by default on the *base*
system OpenBSD had a tool called opgp, opengp, puffypg or whatever, to
encrypt files like gnupg does and I was wondering why it does not exist if
OpenBSD cares a lot about cryptography.

Well, with the information you have given me so far, I think the answer is
something like "nobody has written it because we have more important things
to do and nobody believes there is a real need for that". Am I right?

Re: AR9485WB-EG libre port

[Maximo Pech]

Shut up and show us the code.

2012/12/14 Sha'ul 

> The driver for AR9485 seems to be fully function in libre Linux from what
> I've tried, don't need the vanilla Linux version for at least the wifi to
> work. Would it not be possible to thereby port over the libre linux driver
> version to get some kind of code going to start hacking on to support wifi?

Re: AR9485WB-EG libre port

[Maximo Pech]

2012/12/15 Tobias Ulmer 

> On Fri, Dec 14, 2012 at 10:12:48PM -0600, Maximo Pech wrote:
> > Shut up and show us the code.
>
> Some people have earned the "right" to reply like this, others have not.
> Which one is it in your case?
>
>
My case is that I don't have earned the "right" to reply like that, but
that my answer seems to be right and I have some (weird if you like) sense
of humor.


> Tobias
>
> PS: Aren't you the guy who thinks PGP is essential in base, but can't
> code?
>

Yes, that's me :-)

Please let's keep this on topic.

Re: KSH command logged to syslog

[Maximo Pech]

And why not tweak it to disable the ability to disable the log
functionality?

2012/12/15 Jiri B 

> On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote:
> > Why not use something like gnu screen or tmux (if it offers the log
> session
> > funcionality)?
>
> Because it is under controle or the user and he/she can disable
> such funcionality.
>
> jirib

Re: KSH command logged to syslog

[Maximo Pech]

I have found another possible solution, you can use script(1), calling it
from the .profile of the user, with a line like this at the end of such
file:

exec script

Then you change the permissions of the .profile so that the user cannot
change it. You could also set the output file for script(1) to a file
located on a directory with the sticky(8) bit activated so the user cannot
delete the log file of the session but is able to write to it.

2012/12/15 Jiri B 

> On Fri, Dec 14, 2012 at 10:11:20PM -0600, Maximo Pech wrote:
> > Why not use something like gnu screen or tmux (if it offers the log
> session
> > funcionality)?
>
> Because it is under controle or the user and he/she can disable
> such funcionality.
>
> jirib

hostname.if(5) man page

[Maximo Pech]

Looking at the man page of hostname.if(5) I noticed that there isn't a
FILES section.

It may not be obvious to everyone that those files should be located in
/etc.

Re: List of all software present on OpenBSD 5.2

[Maximo Pech]

Openbsd tar is not the same as gnu tar. You can think of the tar version in
openbsd simply as the tar of openbsd 5.2.

Because openbsd isn't assembled from pieces like other operating systems it
doesn't make much sense to have independent version numbers for each
utility.

El miércoles, 26 de diciembre de 2012, Live user escribió:

> On 26/12/2012 16:57, Peter N. M. Hansteen wrote:
>
>> install52.iso is simply the install medium. To take a peek inside, mount
>> the iso, cd into it and do something like
>>
>
> I see, but any chance to know what version of 'tar' is included in
> base52.tgz? I guess, like all operating systems, OpenBSD uses versioning
> for its software, or is just a continuous snapshotting system where there
> are no versions?

Re: hostname.if(5) man page

[Maximo Pech]

So... what do you think about this? I believe adding this could improve
documentation a bit, and it is not hard to do, just add two lines to the
man page, but maybe I'm missing something...

2012/12/25 Maximo Pech 

> Looking at the man page of hostname.if(5) I noticed that there isn't a
> FILES section.
>
> It may not be obvious to everyone that those files should be located in
> /etc.

Re: Running OpenBSD on Raspberry Pi

[Maximo Pech]

> Hi, I wonder if it's possible to run OpenBSD on Raspberry Pi.
>
> Is there any image ready for putting on my SD card and boot up? If not, is
> there any manual or guide how to make one?
>
> Thanks.
>
>
I've been doing some research and there is a number of things that openbsd
needs to support the raspberry pi on a fully functional way.

At least those thing are:

- Support for armv6 CPUs
- Something like the Linux frambuffer
-  A driver for the video chip that uses that frame buffer-like layer
- Kernel mode setting
- Some specific drivers like that vchiq thing. That one is dual licensed
bsd/gpl so maybe it can be ported more easily.

AFAIK those are not implemented on openbsd, some of them are worked on and
for some the are no plans.

So it is not a trivial task.

OT using absolute paths in scripts

[Maximo Pech]

At work, we have an "information security" area for IT.

They mandate that on all shell scripts we have to use absolute paths for
every single command.

I feel that this does not provide real security and only makes scripts
somewhat more painful to write.

What's your opinion on this?

Re: UNIX A to Z List RFC

[Maximo Pech]

I'm more interested in the story of how the 5yo became openbsd obsessed.

El sábado, 2 de febrero de 2013, Chris Hettrick escribió:

> Hi Misc,
>
> I made a list of the most classical UNIX commands / utilities from section
> one where there is only one per letter of the english alphabet (it's for my
> OpenBSD obsessed five year old son :) ). I know that this subject is very
> personal and steeped in tradition and history, so I was looking for your
> opinions and suggestions.
> A quick note about the list: some hard choices were made concerning
> letters such as c, p, m, etc. For instance, kill(1) is not included for two
> reasons: it is included in the shell, and it needs ps(1) to be properly
> used (which conflicts with pwd(1) which I think is _more_ useful for a UNIX
> beginner). mv(1) was not included because a cp(1) and rm(1) can suffice.
>
> This is the list:
>
> awk
> bc
> cp
> date
> echo
> find
> grep
> head
> id
> jot
> ksh (as a superset of sh)
> ls
> more
> nc
> od
> pwd
> quota
> rm
> sort
> tail
> uniq
> vi
> wc
> xargs
> yes
> zcat
>
> Any opinions, suggestions?
> Thanks!
>
> Chris

Re: Legal Question: OpenBSD Spin-off

[Maximo Pech]

Well, installing openbsd is not what I'd call easy for people with few
technical skills.

Why not make it a live system that boots from cd/dvd/USB/sd with everything
already configured and ready to run?

El sábado, 9 de febrero de 2013, Crookedmaze escribió:

> On 02/09/2013 06:53 PM, Juan Francisco Cantero Hurtado wrote:
>
>> On Sat, Feb 09, 2013 at 11:46:58AM -0600, Crookedmaze wrote:
>>
>>
>>> Hello Everyone!,
>>>
>>>  I am creating an OpenBSD Spin-off and have a question about what the
>>> rules are regarding doing something like this. I have looked at the
>>> OpenBSD copyright page and it looks like doing so would be alright
>>> but I would like to be sure that what I am doing is alright. I
>>> do not necessarily aim to create a new OpenBSD based operating system
>>> what I plan to do is to create my own spin-off off OpenBSD that comes
>>> configured to function as a server for a game called "Minecraft",
>>> and comes with things like OpenJDK (required to run Minecraft), but it
>>> will still be OpenBSD it will just have a slightly different default
>>> configuration. Would the people using my spin-off be allowed to use
>>> the OpenBSD package repositories to install packages and update them.
>>> What I am trying to do is setup an OpenBSD spin-off that is setup to be a
>>> secure Minecraft server, because right now many of the people who setup
>>> Minecraft servers in their home run their servers on their personal
>>> computers using Windows 7 or Vista and the server is usually running
>>> as the administrative user. So what I would like to do is distribute
>>> an OpenBSD Spin-off that is configured as a Minecraft server
>>> that these people who are not very skilled can use (It will be highly
>>> scripted and automated) and can run in Virtualbox or can be installed
>>> on a dedicated server, I know this won't be as secure as a managed
>>> server and I also know that security is a process not something you can
>>> download but my goal is to setup something that will hopefully be more
>>> secure than what most people are doing right now I am also doing this
>>> because hopefully if people were to start using my Spin-Off of OpenBSD
>>> then maybe more people will take an interest in OpenBSD.
>>> Please let me know if this would be an OK thing to do. Also
>>> feel free to comment on my idea and let me know what you think!
>>>
>>> P.S. This is the first time I have ever posted to the OpenBSD misc
>>> mailing list I have done my best to conform to the OpenBSD Mailing list
>>> Netiquette guidelines, but please let me know if I have
>>> done something incorrectly,
>>>
>>> Sincerely,
>>> Crookedmaze
>>>
>>>
>> The licenses of OpenBSD *base* allow you to distribute appliances but
>> you should check the licenses of each package included in your project.
>>
>> Cheers.
>>
>> Thanks for replying guys! Nicolai thank you for suggesting that I write
>> a shell script instead I think that is a great idea and I think that is
>> what I will do instead. Also Christopher now that I think about it I
>> think the daemon actually runs as a reduced user, I think earlier I was
>> thinking of the administrative user on Windows as the root user on BSD
>> in that all programs launched as that user run as admin but now that
>> I think about it I think in order to run a program as administrator
>> you need to right click and click run as administrator. Stefan I was
>> thinking about doing that but now I am leaning towards a shell script
>> that configures the server how it needs to be configured
>> (automatic updates chrooted sftp backup cronjobs etc.) I think this way
>> it will be a lot simpler and easier to transfer between using my OpenBSD
>> spin-off from release to release. Chris I have ended up deciding to
>> distribute my spin off as a shell script that you can run post OpenBSD
>> install so if you can install OpenBSD on a USB drive normally then
>> you should be able to. Juan thanks for letting me know that I can
>> redistribute*base*  that will be good to know in the future.
>> I would like to thank all of your for taking the time
>> to reply to my question.

Re: bootable OpenBSD USB stick from windows?

[Maximo Pech]

> I only have access to a windows machine to burn an iso image, do you
> know of an easy way (e.g. some windows programa) to create a bootable
> OpenBSD USB stick
>

I think you should ask this on a windows-centric place.

ZTE mf626 USB modem support

[Maximo Pech]

Hi list, I see this was asked before but never got solved, so I ask again.

Has someone got this device working on openbsd? Is it supported?

Thanks and regards.

Re: ZTE mf626 USB modem support

[Maximo Pech]

The AT command thing did the trick, now I have some trouble setting up
ppp.conf, but I hope to get that sorted out.

At this time I can't test the patch, but I promise to do it later.

El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió:

> On Thu, February 14, 2013 06:24, Maximo Pech wrote:
> > Hi list, I see this was asked before but never got solved, so I ask
> again.
> >
> > Has someone got this device working on openbsd? Is it supported?
> >
> > Thanks and regards.
> >
> >
> Hi. I plugged this modem on my Win7 notebook, installed software and
> drivers
> from it's internal "cd" and then connected with putty to it's second serial
> port (ZTE NMEA Device), whick answers on AT comand with OK.
> After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
> "Close
> autorun state result (0:FAIL 1^:SUCCESS):1" and modem's storage disappeared
> from "my computer".
> Now I have in dmesg:
> umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE, Incorporated ZTE
> CDMA
> Technologies MSM" rev 2.00/0.00 addr 2
> umsm0: missing endpoint
> umsm1 at uhub0 port 3 configuration 1 interface 1 "ZTE, Incorporated ZTE
> CDMA
> Technologies MSM" rev 2.00/0.00 addr 2
> umsm1: missing endpoint
> umass0 at uhub0 port 3 configuration 1 interface 2 "ZTE, Incorporated ZTE
> CDMA
> Technologies MSM" rev 2.00/0.00 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus5 at umass0: 2 targets, initiator 0
> sd3 at scsibus5 targ 1 lun 0:  SCSI2 0/direct
> removable
> serial.19d20031567890ABCDEF
> umsm2 at uhub0 port 3 configuration 1 interface 3 "ZTE, Incorporated ZTE
> CDMA
> Technologies MSM" rev 2.00/0.00 addr 2
> ucom0 at umsm2
>
> At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
> I have no usable SIM for this provider-locked modem, so I can't fully test
> it.
>
> To backout modem to default "windoze-compatible" mode send AT+ZCDRUN=9 to
> modem with cu.
> I hope this will help.

Re: ZTE mf626 USB modem support

[Maximo Pech]

Finally I got it to work, but strangely my device comes up on /dev/cuaU1
not on /dev/cuaU0. Still have not tested the diff though.

2013/2/14 Maximo Pech 

> The AT command thing did the trick, now I have some trouble setting up
> ppp.conf, but I hope to get that sorted out.
>
> At this time I can't test the patch, but I promise to do it later.
>
> El miércoles, 13 de febrero de 2013, Kirill Bychkov escribió:
>
> On Thu, February 14, 2013 06:24, Maximo Pech wrote:
>> > Hi list, I see this was asked before but never got solved, so I ask
>> again.
>> >
>> > Has someone got this device working on openbsd? Is it supported?
>> >
>> > Thanks and regards.
>> >
>> >
>> Hi. I plugged this modem on my Win7 notebook, installed software and
>> drivers
>> from it's internal "cd" and then connected with putty to it's second
>> serial
>> port (ZTE NMEA Device), whick answers on AT comand with OK.
>> After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
>> "Close
>> autorun state result (0:FAIL 1^:SUCCESS):1" and modem's storage
>> disappeared
>> from "my computer".
>> Now I have in dmesg:
>> umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE, Incorporated ZTE
>> CDMA
>> Technologies MSM" rev 2.00/0.00 addr 2
>> umsm0: missing endpoint
>> umsm1 at uhub0 port 3 configuration 1 interface 1 "ZTE, Incorporated ZTE
>> CDMA
>> Technologies MSM" rev 2.00/0.00 addr 2
>> umsm1: missing endpoint
>> umass0 at uhub0 port 3 configuration 1 interface 2 "ZTE, Incorporated ZTE
>> CDMA
>> Technologies MSM" rev 2.00/0.00 addr 2
>> umass0: using SCSI over Bulk-Only
>> scsibus5 at umass0: 2 targets, initiator 0
>> sd3 at scsibus5 targ 1 lun 0:  SCSI2 0/direct
>> removable
>> serial.19d20031567890ABCDEF
>> umsm2 at uhub0 port 3 configuration 1 interface 3 "ZTE, Incorporated ZTE
>> CDMA
>> Technologies MSM" rev 2.00/0.00 addr 2
>> ucom0 at umsm2
>>
>> At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
>> I have no usable SIM for this provider-locked modem, so I can't fully
>> test it.
>>
>> To backout modem to default "windoze-compatible" mode send AT+ZCDRUN=9 to
>> modem with cu.
>> I hope this will help.

Re: ZTE mf626 USB modem support

[Maximo Pech]

It turns out that my modem is not the ZTE MF626, it is in reality the ZTE
MF668 and it works on /dev/cuaU1

2013/2/14 Kirill Bychkov 

> On Thu, February 14, 2013 07:49, Kirill Bychkov wrote:
> > On Thu, February 14, 2013 06:24, Maximo Pech wrote:
> >> Hi list, I see this was asked before but never got solved, so I ask
> again.
> >>
> >> Has someone got this device working on openbsd? Is it supported?
> >>
> >> Thanks and regards.
> >>
> >>
> > Hi. I plugged this modem on my Win7 notebook, installed software and
> drivers
> > from it's internal "cd" and then connected with putty to it's second
> serial
> > port (ZTE NMEA Device), whick answers on AT comand with OK.
> > After that I send AT+ZCDRUN=8 to it to disable storage. Modem answered
> "Close
> > autorun state result (0:FAIL 1^:SUCCESS):1" and modem's storage
> disappeared
> > from "my computer".
> > Now I have in dmesg:
> > umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE, Incorporated ZTE
> CDMA
> > Technologies MSM" rev 2.00/0.00 addr 2
> > umsm0: missing endpoint
> > umsm1 at uhub0 port 3 configuration 1 interface 1 "ZTE, Incorporated ZTE
> CDMA
> > Technologies MSM" rev 2.00/0.00 addr 2
> > umsm1: missing endpoint
> > umass0 at uhub0 port 3 configuration 1 interface 2 "ZTE, Incorporated
> ZTE CDMA
> > Technologies MSM" rev 2.00/0.00 addr 2
> > umass0: using SCSI over Bulk-Only
> > scsibus5 at umass0: 2 targets, initiator 0
> > sd3 at scsibus5 targ 1 lun 0:  SCSI2 0/direct
> removable
> > serial.19d20031567890ABCDEF
> > umsm2 at uhub0 port 3 configuration 1 interface 3 "ZTE, Incorporated ZTE
> CDMA
> > Technologies MSM" rev 2.00/0.00 addr 2
> > ucom0 at umsm2
> >
> > At least 'cu -l /dev/cuaU0 -s 9600' answers OK on AT.
> > I have no usable SIM for this provider-locked modem, so I can't fully
> test it.
> >
> > To backout modem to default "windoze-compatible" mode send AT+ZCDRUN=9 to
> > modem with cu.
> > I hope this will help.
> >
>
> My modem isn't provider-locked as I thought. Inserting another SIM helped
> to
> connect to ISP.
> I just copied /etc/ppp/ppp.conf.sample to /etc/ppp/ppp.conf, changed "set
> device" and "allow user" to reflect reality and just run 'ppp -ddial
> mobile'
> to connect.
>
> Patch adds mentioning MF626 support and gives clues how to handle such
> modems.
> OK? Comments?
>
> Index: umsm.4
> ===
> RCS file: /cvs/src/share/man/man4/umsm.4,v
> retrieving revision 1.87
> diff -u -r1.87 umsm.4
> --- umsm.4  4 Jan 2013 02:53:54 -   1.87
> +++ umsm.4  14 Feb 2013 06:00:08 -
> @@ -111,6 +111,7 @@
>  .It Li "ZTE AC2746" Ta "USB"
>  .It Li "ZTE MF112" Ta "USB"
>  .It Li "ZTE MF190" Ta "USB"
> +.It Li "ZTE MF626" Ta "USB"
>  .It Li "ZTE MF633" Ta "USB"
>  .It Li "ZTE MF637" Ta "USB"
>  .El
> @@ -167,6 +168,10 @@
>  on the third port, and after that the actual PPP connection comes
>  up on the first port.
>  The function of the second and fourth ports is unknown.
> +.Pp
> +Some modems require enabling modem mode with AT commands.
> +This can be configured on other OS after installation of
> +software shipped with modem.
>  .Sh EXAMPLES
>  An example
>  .Pa /etc/ppp/ppp.conf

Re: announcing mdoc.su, short manual page URLs

[Maximo Pech]

Just used it, works fine and is easy to remember.

El miércoles, 20 de febrero de 2013, Constantine A. Murenin escribió:

> Dear misc, www,
>
> I would like to announce and introduce http://mdoc.su/>, a
> deterministic URL shortener for BSD manual pages, written entirely in
> nginx.conf.
>
> It supports several addressing schemes, for example:
>
>  http://mdoc.su/o/pf
>  http://mdoc.su/o/pf.4
>  http://mdoc.su/o/4/pf
>  http://mdoc.su/openbsd/pf
>  http://mdoc.su/OpenBSD/pf
>
>  http://mdoc.su/f/pf
>  http://mdoc.su/n/pf
>  http://mdoc.su/d/pf
>
>  http://mdoc.su/o/sort.3p
>
>  http://mdoc.su/o/intro.4.**macppc 
>
http://mdoc.su/openbsd/macppc/**4/intro
>
> Source code for the whole mdoc.su.nginx.conf is available at:
>
>  https://github.com/cnst/mdoc.**su 
>  https://bitbucket.org/cnst/**mdoc.su 
>
> Specifically, the following currently controls OpenBSD rewriting:
>
> location /OpenBSD { rewrite ^/OpenBSD(/.*)?$/o$1;   }
> location /o {
> set $ob "http://www.openbsd.org/cgi-**
> bin/man.cgi?query= ";
> set $os "&sektion=";
> rewrite ^/openbsd(/.*)?$/.$1;
> rewrite ^/./([a-z]+[0-9]*[k]?)/([1-9]|**3p)/([^/]+)$
>  $ob$3$os$2&arch=$1  redirect;
> rewrite ^/./([^/.]+)/([^/]+)$   $ob$2$os$1
>  redirect;
> rewrite ^/./([^/]+)\.([1-9]|3p)\.([a-**z]+[0-9]*[k]?)$
>  $ob$1$os$2&arch=$3  redirect;
> rewrite ^/./([^/]+)\.([1-9]|3p)$$ob$1$os$2
>  redirect;
> rewrite ^/./([^/]+)$$ob$1$os
>  redirect;
> rewrite ^/./?$  /   last;
> return  404;
> }
>
> Translation: "/OpenBSD" and "/openbsd" get rewritten to "/o" internally,
> without any extra replies to the user, and then the rest of the URI is
> analysed, and a "302 Found" redirect is finally issued to the user.  (If
> you haven't yet noticed nginx in the base tree, here's your chance!)
>
> Pages like http://mdoc.su/o/ redirect to the main "/" page internally,
> without affecting the URL that's visible to the user, making it easier to
> keep a starting page specifically for one BSD.
>
> Questions, comments and suggestions are welcome.  Available through IPv4
> and IPv6.  Enjoy!
>
> Cheers,
> Constantine.

Re: ZTE mf626 USB modem support

[Maximo Pech]

The patch that Stuart provided worked for my ZTE MF668 device.

I got this on dmesg:

umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE,Incorporated
ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
umsm0 detached
umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE,Incorporated
ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
ucom0 at umsm0
umsm1 at uhub0 port 3 configuration 1 interface 1 "ZTE,Incorporated
ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
ucom1 at umsm1
umsm2 at uhub0 port 3 configuration 1 interface 2 "ZTE,Incorporated
ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
ucom2 at umsm2
umsm3 at uhub0 port 3 configuration 1 interface 3 "ZTE,Incorporated
ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2

I think when it says "umsm0 detached" is when it does the mode
switching because it didn't appear before and also the device takes a
few seconds more to be ready.

Thanks for all the help.

Re: ZTE mf626 USB modem support

[Maximo Pech]

 Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   25
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0
bmAttributes 0x40
  (Missing must-be-set bit!)
  Self Powered
MaxPower0mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   1
  bInterfaceClass 9 Hub
  bInterfaceSubClass  0 Unused
  bInterfaceProtocol  0 Full speed (or root) hub
  iInterface  0
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81  EP 1 IN
bmAttributes3
  Transfer TypeInterrupt
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0008  1x 8 bytes
bInterval 255
Hub Descriptor:
  bLength   9
  bDescriptorType  41
  nNbrPorts 2
  wHubCharacteristic 0x000a
No power switching (usb 1.0)
Per-port overcurrent protection
  bPwrOn2PwrGood   50 * 2 milli seconds
  bHubContrCurrent  0 milli Ampere
  DeviceRemovable0x00
  PortPwrCtrlMask0x00
 Hub Port Status:
   Port 1: .0100 power
   Port 2: .0100 power
Device Status: 0x0001
  Self Powered



2013/2/28 Stuart Henderson :
> On 2013-02-28, Maximo Pech  wrote:
>> The patch that Stuart provided worked for my ZTE MF668 device.
>>
>> I got this on dmesg:
>>
>> umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE,Incorporated
>> ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
>> umsm0 detached
>> umsm0 at uhub0 port 3 configuration 1 interface 0 "ZTE,Incorporated
>> ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
>> ucom0 at umsm0
>> umsm1 at uhub0 port 3 configuration 1 interface 1 "ZTE,Incorporated
>> ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
>> ucom1 at umsm1
>> umsm2 at uhub0 port 3 configuration 1 interface 2 "ZTE,Incorporated
>> ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
>> ucom2 at umsm2
>> umsm3 at uhub0 port 3 configuration 1 interface 3 "ZTE,Incorporated
>> ZTE HSPA Technologies MSM" rev 2.00/0.00 addr 2
>>
>> I think when it says "umsm0 detached" is when it does the mode
>> switching because it didn't appear before and also the device takes a
>> few seconds more to be ready.
>>
>> Thanks for all the help.
>>
>>
>
> Problem with this patch is that it breaks another device with the
> same vendor/product ID, ZTE K3565-Z.

Re: Request for Funding our Electricity

[Maximo Pech]

> El 20/12/2013, a las 18:08, Theo de Raadt  escribió:
> 
> I am resending this request for funding our electricity bills because
> it is not yet resolved.
> 
> We really need even more funding beyond that, because otherwise all of
> this is simply unsustainable.  This request is the smallest we can
> make.
> 
> ---
> 
> Hi everyone.
> 
> The OpenBSD project uses a lot of electricity for running the
> development and build machines.  A number of logistical reasons
> prevents us from moving the machines to another location which might
> offer space/power for free, so let's not allow the conversation to go
> that way.
> 
> We are looking for a Canadian company who will take on our electrical
> expenses -- on their books, rather than on our books.  We would be
> happiest to find someone who will do this on an annual recurring
> basis.
> 
> That way the various OpenBSD efforts can be supported, yet written off
> as an off-site operations cost by such a company.  If we reduce this
> cost, it will leave more money for other parts of the project.
> 
> We think that a Canadian company is the best choice for accounting
> reasons.  If a company in some other jurisdiction feels they can also
> do this successfully, we'd be very happy to hear from them as well.
> 
> I am not going to disclose the actual numbers here.  Please contact me
> for details if serious.
> 
> Thanks.

Well, we know that energy prices will continue to increase, not decrease, so 
this will be harder in the future. 

Whit this in mind, why not look for a strategy to save up on energy costs. 
Something like this:

Through the history of openbsd there have been architectures in which more bugs 
have been found and some in which fewer bugs have appeared.

Then maybe the number of bugs for an architecture can be matched to the 
power-on-time for the machines for that architecture.

For example, if 1% of the total number of bugs in the history of openbsd have 
appeared on architecture x, then it's likely that it will continue to be so, 
then all the machines for that architecture should be powered on just 1% of the 
time.

Then perform that analysis on all architectures to make a more better use of 
energy. And that's it.

Limit number of login sessions

[Maximo Pech]

Hi I'm looking for a way to configure a limit for the maximum number of
simultaneous login sessions for a user. I want to do this for preventing
users to create multiple ssh sessions. I think something similar can be done
trough pf, but that's not the approach I'm looking for.

Re: Limit number of login sessions

[Maximo Pech]

Well I guess I will have to resolve this by coding something. What do you
think about this:

There will be a daemon that has a list of logged users. When a user logs in
a small program is launched that tell the daemon the user has logged in. The
daemon looks for the user in the list of users, If the user is there it
tells the program launched before to unlogin the user. If the user isn't
there the daemon adds it to the list of users and a thread is created, this
will check every x time if the user is still logged in. if it isn't, it
deletes the user from the logged users lists and terminates.

2008/9/22 Maximo Pech <[EMAIL PROTECTED]>

> This will be a ssh tunnel, I want to share it with a few friends, but I
> don't want them sharing it with someone else because if a lot of people
> start using it my upload bandwidth will suffer. It's very easy for them
> giving away their user/password to someone else, then those give the
> password to someone else... suddenly you have 20 ssh connections when you
> intended to have only 5.
>
> 2008/9/22 Jan Stary <[EMAIL PROTECTED]>
>
> On Sep 20 21:16:58, Maximo Pech wrote:
>> > Hi I'm looking for a way to configure a limit for the maximum number of
>> > simultaneous login sessions for a user.
>> > I want to do this for preventing
>> > users to create multiple ssh sessions.
>>
>> why?

Re: Limit number of login sessions

[Maximo Pech]

> Some friends you have...
>
> ps aux | grep sshd | grep priv | awk '{print $12}' | sort | uniq -c
>
> Tell your friends if their number ever gets bigger than 2, they're no
> longer your friends.  A few more minutes of scripting and you'll have
> something to run in cron that deletes their account.


That one sounds good.

Re: Limit number of login sessions

[Maximo Pech]

> would you not be better to use ALTQ to limit the bandwidth available
> to each user?  then if they share their password their only sharing
> their own use?


Users are not in my local network. They will connect from the internet and
they have dynamic IPs so I guess that wouldn't work because altq can limit
bandwidth based on IP address, not on user names.


>
>
> if not then i'd suggest you create a BSD auth module for processing
> the login sessions and add a 'login-max' capability.
>

What kind of module? a kernel module?

Re: Limit number of login sessions

[Maximo Pech]

> Please describe this situation some more.  What does 'sharing a ssh tunnel'
> mean?  Once a ssh tunnel is established, it just tunnels between two
> points,
> nobody needs to login anywhere then to 'use' it.


It means that I use my computer on a home adsl connection as a ssh tunnel
and that I let some friends use it as well but I don't want them to abuse.

What we are doing is connecting to the ssh server with some ssh client, it
creates a socks proxy on our local computers, we configure our programs to
connect to the local proxy and everything is forwarded trough the ssh
tunnel.

I mean, I don't know if there's another way to do it without having to login
in the ssh server.


> This sounds like an obfuscated utmp(5)
>
>
Yeah, utmp sounds useful for this.

Re: i386 or amd64?

[Maximo Pech]

2011/8/5 System Administrator 

> Looking to build a firewall for a fairly busy (25+mb) site. Hardware is
> Dell PE2850, 2 Xeon 64-bit CPUs, 4GB RAM, 6 em(4) interfaces. Software
> is primarily pf(4) and relayd(8).
>
> Not so long ago the recommendation was to use the i386 build for a
> slight perfomance and stability benefit. Is that still the case? What
> are the advantages and shortcomings of amd64?
>
> Thanks in advance.
>
>
Ask the guys at devio.us ;-)

Re: BSD hacking new personal computer tower configuration ?

[Maximo Pech]

Get something like an Optiplex 7050. Put an extra ow two SSD, they are
cheap now. I'm multibooting Windows, Arch Linux, OpenBSD and FreeBSD
on that machine. Everything works out of the box in OpenBSD.

https://www.hardware-corner.net/desktop-models/Dell-OptiPlex-7050-SFF/

El mié, 5 mar 2025 a las 9:58, sylv...@saboua.me () escribió:
>
> I'm thinking of purchasing parts to an all-purpose *BSD personal computer.
> My budget is ~€3000 (+1k). Ideally I would like it not too noisy while
> staying as cool as possible (I live in a studio), and dual screen monitor
> (I'm thinking of one HD screen to also watch movies on and one square
> screen on the left for the console).
>
> First thing is the motherboard, processor, and RAM. Here also lies the
> bottleneck : is there a motherboard/processor combo that can host
> all four BSD's and derivatives ? If I'm not mistaken, I think the blowfish
> does not maximally exploit multi-core processor, so a quad core (for instance)
> is enough. It'd also be great to have it without MINIX's IME/PSP,
> but I know this is asking too much ! Or is it ?
>
> Note that I live in Europe (SouthWestern France) so the stores of choice
> would be LDLC, then Boulanger and FNAC. Unless I forget options.
>
> There's a long time since I haven't proerly hacked and built my own tower,
> I don't remember all particular caveats of the best optimisation. Suffice to
> say the computer hacking's main use would be to compile, fetch
> various things from the network (no brainer, right ?), as well as,
> more touchy, embedded / RISC-V development (hence connectics).
>
> Then I would also browse the web and use Word.
>
> Haha. Just kidding. But I'd like to watch a movie at times and have a good
> HD screen and 5.1/7.1 speakers for that (the latter can come later).
>
> In terms of ergonomics, I already have an all-black basic keyboard, as well
> as a small bépo one, and am thinking particularly of the mechanical and
> TypeMatrix keyboards. Someone advised an incurved monitor as well as
> blue light filter. I don't know much about mices, but I have short hands (I'm 
> 5"3).
>
> That's it. Any advice/feedback fom what you guys use ?
> I dream of those towers with just one big fan on the right.
> Ideally, the whole thing would not consume much. It also needs
> not to be one of those huge gamer towers while still fairly powerful.
>
> Thank you
>

EFI variables setting, information for securelevel(7) man page

[Maximo Pech]

Hi @misc

Today I was trying to delete EFI variables and got EPERM.

After some investigation I found at efi.c the below code

efiioc_var_set(struct efi_softc *sc, void *data)
...
if (securelevel > 0) {
error = EPERM;
goto leave;
}

So maybe a statement can be added to the securelevel(7) man page
saying that setting and deleting (or simply changing? basically it's
the same operation) EFI variables when securelevel is 1 or higher is
not allowed.

Regards.

socket(2) fails when setting net.inet.udp.recvspace above 2097152

[Maximo Pech]

Hi,

I'm running ipfs and for best performance it requires increasing the
udp receive buffer size as explained below

https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes

However, I've noticed that setting net.inet.udp.recvspace above
2097152 results in socket(2) failing with ENOBUF. It doesn't matter
what the actual resource usage is, just setting it makes many programs
that call socket() to fail, for example ifconfig, netstat.

I believe that probably I'm hitting another system limit, so I would
need to increase that as well but I don't know what it would be. I've
tested this on two different systems, with 1G memory and 2G memory and
the behavior is the same.

Any advice would be appreciated.

Re: Sound not working on Dell Xps 13 9315 (DELL G9FHC2)

[Maximo Pech]

>
> On 2025-02-05, dirk coetzee  wrote:
> > Thanks Stuart,
> >
> > I have worked on and off for the past few weeks, but i have been unable to 
> > determine which directories in which to merge FreeBSD drivers into the CVS 
> > tree.
>
> There is already a driver for devices similar to this, azalia(4).
> The diff I sent you modifies that so that it will attach to your
> device. It may work as-is, it may need more work, but that's the
> most sensible starting point.
>

I've been helping dirk for the past weeks trying to get this to run.
Looks like we may be out of luck at the moment with this one, since
after further investigation on Linux this is not supported by the
traditional hda modules but a newer framework called Sound Open
Firmware

https://www.sofproject.org/

For this specific device according to
https://wiki.archlinux.org/title/Dell_XPS_13_(9315) it needs to load
firmware provided by SOF.

So I believe to support those new audio devices OpenBSD would have to
port SOF, something similar to what happened with DRM drivers, which
looks like a huge amount of work. The good news is that supposedly SOF
is BSD licensed and platform agnostic, I think it's already ported to
Zephyr for example.

Re: Firefox cannot save downloads (or read local files)

[Maximo Pech]

Dillo works just fine xD

El mié, 12 mar 2025 a las 4:10, Emiel Kollof () escribió:
>
> jbra...@dismail.de schreef op 2025-03-11 15:05:
> > Just an FYI,  I am just finding out...
> >
> > apparently Firefox is spyware.
> >
> > https://rumble.com/v6puupu-use-firefox-mozilla-says-it-can-use-your-data-however-it-wants..html?e9s=src_v1_ucp
> >
> >
> > In a slightly unrelated note, has anyone gotten the Brave browser to
> > run on OpenBSD?
>
> Not really,
>
> Well, you can grab the Brave source and try, but it won't be pledged
> and unveiled like the iridium and chromium browsers that are available
> and maintained in OpenBSD.
>
> Cheers,
> Emiel
>

Re: Bad bootblocks

[Maximo Pech]

> I've done some more testing. What is failing is installboot while
> trying to set an EFI variable. Managed to run installboot with the -v
> option during this step of the upgrade as shown in this picture to get
> additional information. I'm not using FDE and sd0 is the right disk to
> use.

I think I've found a workaround. At some point installboot looks for
an unused Boot000* variable. In my case all of those were already
used, and several duplicated. So I had to boot Arch Linux and use
efibootmgr to delete Boot0004 which in my case was duplicated and not
used, something about NIC boot. After that I tried sysupgrade and
everything worked fine. Hope it helps.

Re: Bad bootblocks

[Maximo Pech]

>
> Hi All,
>
> FYI:
>
> I have been upgrading current frequently (sysupgrade -s).
> And getting the message: "Failed to install bootblocks." "You will not be 
> able to boot OpenBSD from sd1.". Please see attached image for further 
> context.
>
> The system is able to boot without issues.
>
> Regards
> dirk

Same for here, reboots fine.

Re: System Requirements

[Maximo Pech]

OpenBSD is really flexible, can be installed on very small systems or big
systems. I’d say the requirements depend on what you want to do with it. In
practice as long as your cpu is supported, it doesn’t matter to the OS how
much memory or disk space there is, it will run.

Just experiment with it.

Having said that, for me on amd64 the minimum is around 2Gb disk space, 4.5
if I want to be able to perform sysupgrades, and around 1-2 Gb of memory.
But that’s based on my personal use cases, preferences and experience.

El El jue, 8 de may de 2025 a la(s) 23:27, Swingball Fairweight <
chancema...@gmail.com> escribió:

> Hello. I recently stumbled upon this OS and now I'm just curious what
> the system requirements are. I'm not sure if I overlooked something
> but I already looked over the website and I cannot seem to find what
> exactly those system requirements are.
>
> Thanks.
>
>