Re: How Do I Get The OpenBSD Install Procedure To Stop Trashing My Bootloader?

On Fri, 14 Jul 2023 19:46 +0200, Florian Obser wrote: > On 2023-07-13 13:53 -05, "Jay F. Shachter" wrote: > > (Parenthetically, when is OpenBSD going to support ZFS, and join the > > category of operating systems in which I can do serious work, i.e., > > What makes you think that's a goal for the

Re: Weird pf NAT failure on apu2

On Sat, 24 Jun 2023 07:33 -0600, Zack Newman wrote: > On 6/2l/23 9:01, Stephan Neuhaus wrote: > > I'm not sure about the Configuring NAT section being > > correct. I still maintain that the documentation and > > observed behaviour are different. > > I was lazy when I said that. I meant the example

Re: Hibernation on Thinkpad Carbon X1 gen 7 - unhibernate failed

On Sat, 17 Jun 2023 19:00 +0100, Chris Narkiewicz wrote: > On Sat, 2023-06-17 at 09:21 -0600, Ashlen wrote: > > I have a 7th gen X1 Carbon and am not sure that the hardware is the > > issue here. I've only experienced this very rarely. > > > > I can confi

Re: Hibernation on Thinkpad Carbon X1 gen 7 - unhibernate failed

On Fri, 16 Jun 2023 19:23 -0400, Dave Voutila wrote: > > Chris Narkiewicz writes: > > > Hi, > > > > I got Thinkpad Carbon X1 gen7 and I tried to test hibernation (ZZZ). > > Do you have a dmesg? > > > > > When system is resumed, it took several minutes to load image. > > dmesg shows: > > > > un

Re: Generating xorg.conf

On Fri, 16 Jun 2023 18:57 +0100, Chris Narkiewicz wrote: > Hi, > > I'm trying to customize my touchpad input handling in X11. > Normally I'd call X -configure to generate the config file > and tune it to my needs. > > X -h lists -configure as available options. However, when calling > X -configur

Re: happy birthday theo de raadt

On Fri, 19 May 2023 02:57 -0600, Mayuresh Kathe wrote: > hey theo, > wish you a very happy birthday. > hope you have an interesting year ahead. > and hope everybody out here "only" wish theo instead of > also going off at a tangent and creating a mess. > -mayuresh Happy Birthday, Theo. ^-^

Re: Problem with WireGuard on OpenBSD 7.3

On 2023-05-08 23:15, Tor Houghton wrote: > On Sat, May 06, 2023 at 04:40:21PM -, Stuart Henderson wrote: > > > > [snip] > > > > wgport port-number wgkey my-private-key > > inet 10.0.98.1/24 > > > > [snip] > > Here's[*] a super hacky way to convert a pivpn wireguard config file to output > th

Re: autossh fails after upgrade to 7.3

On 2023-04-25 14:20, rea...@catastrophe.net wrote: > On Tue, Apr 25, 2023 at 01:06:35PM -0600, Ashlen wrote: > >On 2023-04-25 10:45, rea...@catastrophe.net wrote: > >> After upgrading to 7.3 autossh is failing using the following rc script > >> in /etc/rc.d/autossh. It

Re: autossh fails after upgrade to 7.3

On 2023-04-25 10:45, rea...@catastrophe.net wrote: > After upgrading to 7.3 autossh is failing using the following rc script > in /etc/rc.d/autossh. It looks like maybe switching to $daemon_user is > not happening to find the correct ssh config stanzas? Thanks in advance > for any help. > > > ##

Re: How to produce statically linked sshd binary

On 23/02/28 16:17, Erling Westenvik wrote: > Thanks. And I "know".. > > Use case: sshd in single user on quasi FDE-encrypted servers on co-location > not > accessible via KVM/AMT. I've done this on many machines since 2014. > > I acknowledge that it isn't recommended practice (and definitely not >

Re: Suggestion for improving FAQ14: UUIDs

On 23/02/06 09:35, Thomas Dettbarn wrote: > Hello! > > tl;dr: I would like to suggest adding a line about the virtues of UUID to the > FAQ14. Something along the lines of "Remember to set up the UUID in your > /etc/fstab afterwards." or something. It does outline this problem here. https://www.ope

Re: Cannot use Intel Tearfree on Lenovo V15 G2 laptop

On 23/02/07 19:57, Digua Dong wrote: > On Tue, Feb 07, 2023 at 07:09:48PM +1100, Jonathan Gray wrote: > > > > You should be using the default modesetting driver with this hardware. > > Not opting into an old driver that hasn't had a release in years. > > > I looked at the log with my configure di

Re: Take it easy..

On 23/02/06 19:32, Daniele B. wrote: > Remaning on the simplicity to do stuff.. did you ever try: > > cd /home > mkdir 5mode-com > mv * 5mode-com/ > > I get: > > rename 5mode-com to 5mode-com/5mode-com: invalid argument That has to do with sh(1) globbing rules. The shell did exactly what you to

Re: [patch]: SSL_OP_NO_RENEGOTIATION vs SSL_OP_NO_CLIENT_RENEGOTIATION inconsistency

On 23/02/06 02:24, Theo Buehler wrote: > On Sun, Feb 05, 2023 at 03:59:38PM -0700, Ashlen wrote: > > (Can CC to tech@ or elsewhere if needed, I didn't know if it belonged here > > or > > there so I'm starting here) > > Please do not send patches to mis

Re: [patch]: SSL_OP_NO_RENEGOTIATION vs SSL_OP_NO_CLIENT_RENEGOTIATION inconsistency

Here's the other way of patching it. I don't like this way as much because it requires more work in the future (when updating unbound/nsd and ports). Index: usr.sbin/nsd/nsd-control.c === RCS file: /cvs/src/usr.sbin/nsd/nsd-control.c,

[patch]: SSL_OP_NO_RENEGOTIATION vs SSL_OP_NO_CLIENT_RENEGOTIATION inconsistency

(Can CC to tech@ or elsewhere if needed, I didn't know if it belonged here or there so I'm starting here) These files in the source tree are expecting SSL_OP_NO_RENEGOTIATION when only SSL_OP_NO_CLIENT_RENEGOTIATION is defined in lib/libssl/ssl.h. $ grep -Rl 'SSL_OP_NO_RENEGOTIATION' usr.sbin/un

Re: httpd(8) request rewrite - 500 internal server error

Oh. I should add that if all you want is a static redirect, this is a simpler way of making that work. The first example I gave is in case you want to redirect the contents of "/from/" as well. server "localhost" { listen on 127.0.0.1 port 80 location "/from/" { blo

Re: httpd(8) request rewrite - 500 internal server error

On 23/01/25 11:20, Lévai, Dániel wrote: > Hi all, > > I was trying to do a basic path rewrite in httpd(8) on 7.2-stable, and I just > can't see what I'm missing: > > httpd.conf: > server "host" { > listen on egress port 12345 > > root "/htdocs" > > location "/" { >

Re: Question about pf.conf queues

> > It occurs to me that in my originally proposed configuration, I am not > > limiting the traffic with the two priorities to TCP traffic. This is > > necessary as this optimization applies only to TCP traffic and I should note > > that in Peter Hansteen's book he also does this. > > Good that y

Re: Question about pf.conf queues

Forgive me for the long mail. I went out of my way to be thorough because I see mails like this on misc@ fairly often. I had the same kinds of questions when I set up my OpenBSD router years ago so I can empathize. > My question are: > > 1. For better utilization of TCP traffic I have two priorit

Re: sndio and bit perfect playback

On 23/01/13 12:42, Jan Stary wrote: > On Jan 09 13:10:09, euryd...@riseup.net wrote: > > I was able to distinguish between samples created by > > audio/sox and aucat(1) in informal AB/X testing on my 7th generation X1 > > Carbon > > with HiFiMan Sundara headphones plugged in. To describe the circu

Re: sndio and bit perfect playback

On 23/01/10 09:36, Alexandre Ratchov wrote: > On Mon, Jan 09, 2023 at 01:10:09PM -0700, Ashlen wrote: > > > > Although I need to finalize the Perl script I was using to do this (life > > gets > > busy), in practice I was able to distinguish between samples created b

Re: sndio and bit perfect playback

On 23/01/09 22:16, Jan Stary wrote: > On Jan 09 13:10:09, euryd...@riseup.net wrote: > > > > Although I need to finalize the Perl script I was using to do this (life > > gets > > busy), in practice I was able to distinguish between samples created by > > audio/sox and aucat(1) in informal AB/X te

Re: sndio and bit perfect playback

On 23/01/09 06:22, Alexandre Ratchov wrote: > On Sun, Jan 08, 2023 at 10:56:31PM +0100, Jan Stary wrote: > > On Oct 16 08:18:17, a...@caoua.org wrote: > > > On Sat, Oct 15, 2022 at 10:03:52PM +0200, Åke Nordin wrote: > > > > On 10/14/22 11:21, Alexandre Ratchov wrote: > > > > > Here are the measure

Question about RFC9235 and TLS_CIPHERS_DEFAULT in tls_internal.h

Hi misc. I was reading RFC9325[1] (released November of 2022), and noticed this under section 4.1 (General Guidelines, under Recommendations: Cipher Suites): * Implementations MUST support and prefer to negotiate cipher suites offering forward secrecy. However, TLS 1.2 implementations S

Re: Securely managing TLS certificates on growing server (website, XMPP, soon email)?

Thank you, this resolves that concern of mine (and in fact, it was an elegant enough solution that I felt silly for not doing it that way before). :) It makes a lot more sense to have acme-client(1) place the exceptional certificates in a different spot, rather than modify `/etc/ssl/private` to mak

Securely managing TLS certificates on growing server (website, XMPP, soon email)?

Hi all, so I'm wondering how to securely deal with TLS certificates on a server that's grown to host multiple services (website, XMPP, soon email as well). Specifically how to handle permissions and to what degree certificates should be separated. (I recognize this is a long email. I'm unsure how

Re: horizontal screen tearing with mpv, modesetting(4), and compositor

On 22/04/06 15:39, Ashlen wrote: > There are open issues about things that appear to be similar, and in > those others corroborate that it seems to be something with the > modesetting driver: > > https://github.com/mpv-player/mpv/issues/7106 > https://gitlab.freedesktop.org/xor

horizontal screen tearing with mpv, modesetting(4), and compositor

Hey all, I'm encountering an issue where when I play videos with mpv while a compositor is running under modesetting(4), horizontal screen tearing will occur during playback. I've tested this on xmonad, cwm, and fvwm. As for why I'm using a compositor, it's for semi-transparency in the terminal em

Re: removing libutil.so.15.1 and libX11.so.17.1 per sysclean(8) breaks xmonad(1)

With the previous emails in mind, I have a diff for the build script in the ports tree if it would help. My xmonad.hs hardly changes these days. If the build script actually recompiled xmonad every time instead of quitting if xmonad.hs hasn't changed, I don't think this issue would come up in the f

Re: removing libutil.so.15.1 and libX11.so.17.1 per sysclean(8) breaks xmonad(1)

On 22/04/02 08:46, Sebastien Marie wrote: > On Sat, Apr 02, 2022 at 07:11:42AM +0200, Sebastien Marie wrote: > > On Fri, Apr 01, 2022 at 12:16:58PM -0600, Ashlen wrote: > > > > > > XMonad is recompiling and replacing itself with another XMonad process > > > b

removing libutil.so.15.1 and libX11.so.17.1 per sysclean(8) breaks xmonad(1)

nt process is called "xmonad" but the compiled configuration should be called "xmonad-x86_64-openbsd" XMonad will use build script at "/home/ashlen/.config/xmonad/build" to recompile. XMonad recompiling because a custom build script is being used. [2022-04-01|12:0

Re: Exoscale VPS panic on boot, 10-25 snapshot

On 21/10/26 08:28, Hrvoje Popovski wrote: > > could you try lastes snapshot with sysupgrade? i had same problem on > Dell r620 and latest snapshot fix that panic .. Thank you for the prompt response. Now I'm having no issue with that kernel panic, perhaps I was just unlucky in when I chose to upgr

Exoscale VPS panic on boot, 10-25 snapshot

Here is as much information as I could get. After upgrading to a snapshot earlier today (October 25th), the Exoscale VPS panics on boot. I use this VPS to self-host synapse (a Matrix homeserver, for messaging). I can't copy and paste from the web console that Exoscale provides so I had to transcri

Question regarding queueing in pf.conf(5) and WireGuard

Hello. I have an APU4D4 running OpenBSD and acting as a router for my home network. It connects to the Internet via pppoe(4), which uses em(4) as the physical interface. The router has a /etc/hostname.wg0 file that connects it as a client to my VPN provider on boot. Then, /etc/pf.conf has a nat-to

mpv dumps core and segfaults when exiting on any video file

Usually goes something like the following after the file finishes playing/the user exits: $ mpv --no-config example.mkv [ ... ] Exiting... (End of file) pthread_mutex_destroy on mutex with waiters! Segmentation fault (core dumped) Here's the backtrace. # gdb -quiet mpv mpv.core (no debugging s

fzf fails if bash isn't present or FZF_DEFAULT_COMMAND isn't set

Executing fzf without bash installed or FZF_DEFAULT_COMMAND set fails with this output: Command failed: set -o pipefail; command find -L . -mindepth 1 \( -path '*/\.*' -o -fstype 'sysfs' -o -fstype 'devfs' -o.. (the output cuts off there for some reason, even when I pipe STDERR to a file). I

Re: periodic network access failure when accessing nextcloud via relayd

On 21/03/31 23:50, Joel Carnat wrote: > Hello, > > I have Nextcloud 21 running with php-7.4, httpd(8) and relayd(8). > On my laptop, a script regularly runs nextcloudcmd to synchonize the files > with the nextcloud instance. And quite often, nextcloudcmd returns such error: > 03-31 23:28:56:089 [

Re: Enhancing Privacy in 2020 attached screenshot

On 20/12/16 22:55, pipus wrote: > haha Stuart. > Always there to make a low IQ entrance :) Ever hear of Dunning-Kruger, pipus? https://lsa.umich.edu/psych/news-events/all-news/faculty-news/the-dunning-kruger-effect-shows-why-some-people-think-they-re-gr.html I hope you can look inward and find pe

Re: E-mail problem

On 20/11/13 11:26, Berkay Tuncel wrote: > Hi all, > > > > We need an advice for our e-mail traffic with openbsd.org > > > When I sent an e-mail to openbsd.org which is rhs, from 160.75.0.0/16, I > got a TLS handshake error. On the other hand, when I tried from another > subnet, there was no problem

Re: Are relayd and httpd my future buddy?

On 20/10/30 23:29, Lars Bonnesen wrote: > If I can use relayd for this, could someone please share a relayd.conf > example for me? > > Regards, Lars. In addition to what others have said, remember to check /etc/examples, as there are entries for both httpd.conf(5) and relayd.conf(5). -- https://a

Re: possible relayd.conf(5) documentation mistake regarding session tickets

On 20/10/21 09:26PM, Sebastian Benoit wrote: > * i'm not sure we wanted session resumption to be enabled by default > because of the security implications regarding perferct forward > secrecy. Indeed the option is off by default at the moment. Hey, thanks for explaining a bit. :) I read about sess

possible relayd.conf(5) documentation mistake regarding session tickets

In relayd.conf(5), the tls section under PROTOCOLS states the following: no session tickets Disable TLS session tickets. relayd(8) supports stateless TLS session tickets (RFC 5077) to implement TLS session resumption. The default is to enable session tickets. However, an SSL Labs

Re: tmux rc script not stopping

In retrospect, command -v seems to be more portable than which[1]. So a better version would be: if command -v tmux >/dev/null 2>&1; then # if not inside a tmux session, and if no session is started, start # a new session test -z "$TMUX" && (tmux attach || tmux new-session) fi Though I supp

Re: tmux rc script not stopping

On 20/10/07 02:34PM, ben wrote: > Hello, Misc; > > I'm attempting to write an rc script to start a tmux session: What problem are you trying to solve by using an rc script? I have this in my .kshrc for automatic tmux sessions: if which tmux >/dev/null 2>&1; then # if not inside a tmux session,

Re: How do you get different $PS1 for /bin/sh and /bin/ksh?

On 20/09/15 05:49PM, Ottavio Caruso wrote: > Maybe it's just because OpenBSD sh is just ksh in disguise or there > might be other reasons that I obviously don't know. Yep, you're right. They share the same inode. ls -li /bin/{,k}sh 77862 -r-xr-xr-x 3 root bin 613656 Sep 15 12:10 /bin/ksh 7786

Re: ncmpcpp dumps core when fetching lyrics

Ah, my bad. I had wrap=72 and reflow_wrap=72 in neomuttrc and forgot it would affect output like that. Hopefully this one is better. GNU gdb (GDB) 7.12.1 Copyright (C) 2017 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free sof

Re: ncmpcpp dumps core when fetching lyrics

Sorry Stuart, I think I accidentally replied to you directly the first time I sent this. I'm still getting used to neomutt. On 20/09/11 09:09AM, Stuart Henderson wrote: > First thing to look for when there's a core dump is to see if you can > get a useful backtrace. How does the output look from t

ncmpcpp dumps core when fetching lyrics

ktrace(1) suggests to me that it's a pathname issue based on this line: 33399 ncmpcpp NAMI "/home/ashlen/.config/ncmpcpp/lyrics//Porcupine Tree - Arriving Somewhere But Not Here.txt" Issuing $ mv ~/.config/ncmpcpp{,.bak} doesn't do anything to fix the issue, so it