Re: [SPAM?] OpenBSD's experience with writing secure c/c++ code.

2021-09-11 Thread Kevin Chadwick
On Fri, 10 Sep 2021, 08:56 Martin Schröder, wrote: > Am Do., 9. Sept. 2021 um 15:03 Uhr schrieb el3ctr0lyte > : > > Rust totes itself as a systems programming language that promises memory > safety and so far it seems to deliver on that promise. I was just > wondering, what are your opinions on R

Re: Rationale behind exec clearing out unveil paths

2021-06-17 Thread Kevin Chadwick
On 6/15/21 4:33 PM, dz...@disroot.org wrote: > If it only needs access to its lock file, > why should I give it access to my ssh keys? I think that it is worth understanding that you can use file and process permissions, for that. Unveil is an extra layer, because no matter what ssh key you prov

sysupgrade reset option

2021-06-11 Thread Kevin Chadwick
I am likely going to simply track file changes and revert them for a reset to factory defaults facilitation, rather than maintaining a build system for a custom bsd.rd. One assumption that I have made is that newfs and dd altroot to root and reboot in rc.securelevel would fail or be problematic?

Re: iwm(4): Tx aggregation

2021-04-30 Thread Kevin Chadwick
On 4/30/21 12:18 PM, Stefan Sperling wrote: > Our default group cipher is CCMP which should not involve any TKIP MIC > checks on the AP. Such checks occuring would be a bug in this case. TKIP has been so easily crackable for over a decade that I wonder if it has a place in OpenBSD, atleast without

Re: iwn: fix hangs with Tx aggregation

2021-03-16 Thread Kevin Chadwick
On 3/16/21 2:38 PM, Stefan Sperling wrote: > However, the second frame was sent at 24 Mbit/s, which > indicates that the firmware could be retrying the BA request (frames sent > at a different Tx rate than specified by the driver are generally retries). My guess would be that a CRC fails causing a

Re: Destructive Install Process (fdisk)

2020-06-26 Thread Kevin Chadwick
On 2020-06-25 20:16, Theo de Raadt wrote: > I'd say that I simply don't see why the installer destructively > re-arranges the disk's scheme prior to officially choosing to write > the new partitioning scheme to the disk. I'm not sure that I believe that and it shows you what YOU are about to comm

Re: [PATCH] pledge: allow kern.somaxconn sysctl for inet

2020-05-13 Thread Kevin Chadwick
For the archives, if anyone else hits this issue. Being killed with pledge sysctl 2 on a golang http.ListenAndServe, no longer happens. https://github.com/golang/go/issues/31927

Re: WireGuard patchset for OpenBSD

2020-05-12 Thread Kevin Chadwick
On 2020-05-12 10:00, Jason A. Donenfeld wrote: > Djb has a nice post on chacha performance in > this context: . I shall leave this to the wireguard folks to explore but I'm not totally convinced. It is not just about speed. Perhaps Int

Re: WireGuard patchset for OpenBSD

2020-05-12 Thread Kevin Chadwick
On 2020-05-12 06:05, Matt Dunwoodie wrote: > I don't want to put misleading numbers out there and every use case >is different, therefore you should perform your own tests. In my >environment (tcbbench between two Lenovo x230 (i5-3320m), em(4) >ethernet) I was seeing 750mbit/s. This wa

Re: iwn/athn/wpi: fix CCMP replay check with HW crypto

2020-05-01 Thread Kevin Chadwick
On 2020-05-01 16:05, Stefan Sperling wrote: > The CCMP header contains a nonce, > which is incremented by the transmitter whenever it encrypts a new frame. I assume there isn't opportunity to set the nonce to a 128 bit random one. It would avoid a lot of risk with the likelihood of collisions bei

Re: [PATCH] sysupgrade

2020-04-30 Thread Kevin Chadwick
>> Struggling to remember why I wanted to do it, to be honest. > >Because until relatively recently X was installed sgid root. But that >was fixed for 6.5: > That wasn't a factor. You could always mount it nosuid, even noexec anyway.

Re: [PATCH] sysupgrade

2020-04-30 Thread Kevin Chadwick
On 2020-04-30 03:28, James Jerkins wrote: > This patch adds two new options to sysupgrade. The first option is for small > box systems like an APU system that only has the base and manual sets > installed. The second option is for headless systems without X11 like servers. I used to avoid instal

Re: Some small nits with httpd and relayd and a relayd question

2020-04-16 Thread Kevin Chadwick
On 2020-04-16 18:34, Kevin Chadwick wrote: > If httpd is put in front of a reverse proxy of grafana. I seem to get some > http/1.1 js requests become http/1.0 bad requests. I should add that this was with httpd fcgi. So it may just be, my bad.

Some small nits with httpd and relayd and a relayd question

2020-04-16 Thread Kevin Chadwick
If httpd is put in front of a reverse proxy of grafana. I seem to get some http/1.1 js requests become http/1.0 bad requests. Perhaps related "http://daemonforums.org/showthread.php?p=68392"; With relayd there is no problem. However relayd seems to not like the nistp521 keys that httpd was quite

Re: Include /var/www/tmp into base install

2020-04-08 Thread Kevin Chadwick
On 2020-04-07 17:12, Andrew Grillet wrote: > For me, the "/var is full" problem can be adequately mitigated by mounting > a separate partition as /var/tmp. Does FFS2 have the same disklabel limit on partitions? I guess they are unrelated. Sometimes users may decide which mount points to edit out

Re: Opportunistic DoT for unwind(8)

2019-10-24 Thread Kevin Chadwick
> The purpose of unwind is to provide secure DNS services even when > the available nameservers are broken or filtered like in many hotels. > To do that, it prefers DNSSEC whenever possible and changes to do > resolving by itself if needed. > > DNSSEC only offers integrity and authenticity. To

Re: Removing PF

2019-04-01 Thread Kevin Chadwick
On 4/1/19 3:18 PM, Mateusz Guzik wrote: > While I support pf removal, I don't think bpf is the way to go. > > FreeBSD just removed their pf [1] so the code is up for grabs and you > can import it with one weird trick. > > [1] > https://lists.freebsd.org/pipermail/svn-src-projects/2019-April/0133

Re: On the matter of OpenBSD breaking embargos (KRACK)

2018-06-19 Thread Kevin Chadwick
On Tue, 19 Jun 2018 09:30:05 -0600 > > > > > ps. Disable Intel Hyper-Threading where not needed, until we all > > > know more. > > > > Is it safer to use bsd.sp for the time being? > > No, a better solution is coming. And in snapshots already. Thankyou for enabling us to patch ASAP.

Re: On the matter of OpenBSD breaking embargos (KRACK)

2018-06-19 Thread Kevin Chadwick
On Fri, 15 Jun 2018 17:28:14 -0600 > ps. Disable Intel Hyper-Threading where not needed, until we all know > more. Is it safer to use bsd.sp for the time being?

Re: httpd socket leak - Re: httpd ranges are not liked by freshclam

2018-04-05 Thread Kevin Chadwick
On Wed, 4 Apr 2018 23:58:05 +0100 > TBH I'd probably just disable range processing like done in > https://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/017_httpd.patch.sig > for now, neither memory exhaustion nor FD leak are particularly > appealing. I believe this broke html5 video for atleast

Re: inteldrm(4) tests needed

2018-01-15 Thread Kevin Chadwick
On Mon, 15 Jan 2018 01:02:58 +0100 (CET) > So I'm looking for testers. I'm especially interested in tests of > external displays on all sorts of connector types (VGA, DVI, HDMI, > DP). It would be really great to get some tests on older stuff with > (S)DVO. Please let me know if there are regr

Re: [patch] acme-client listen option

2017-12-06 Thread Kevin Chadwick
On Wed, 6 Dec 2017 13:54:36 + > On 2017/12/06 14:13, Tim Kuijsten wrote: > >But I suspect the demand for acme-client on > > non-webservers will rise and it will feel more like a kludge to > > configure, start and stop a webserver in those environments. > > Using HTTP at all

Re: Intel HSUART/8250 LPSS

2017-11-24 Thread Kevin Chadwick
On Fri, 24 Nov 2017 20:26:02 +0100 (CET) > This device is based on the same Synopsys Designware "IP" as what's > found on many ARM SoCs. Pretty much com(4) compatible but with some > twists. > > 1. The registers are wider. Instead of the traditional 1-byte >registers it has 4-byte register

Intel HSUART/8250 LPSS

2017-11-24 Thread Kevin Chadwick
I am looking into getting Intel HSUART/8250 LPSS support working. Has anyone done any work on this out of tree. Or is there anything I should be aware of. Thanks

Azalia Apollo Lake Cosmetic Patch

2017-11-22 Thread Kevin Chadwick
Before realising the motherboard switch was set to i2s and wondering why I had no codecs I cooked up this patch. Almost entirely cosmetic, Change it, Take it or leave it, obviously. Note APPLE comment in azalia_codec.c added simply because quirk present for CS4206 and CS4208 and so guessed at rele

Re: xf86-video-intel patch to test

2017-11-15 Thread Kevin Chadwick
On Sat, 11 Nov 2017 19:57:16 +0100 > But since I don't have much hardware still using the intel driver (we > switched to modesettings(4) for many devices), I'd like to have this > tested against the current X server as much as possible. Not sure if an unknown Intel GD would cause use of the "int

Re: Add machdep.lidaction=3 - powerdown laptop upon lid closing

2017-07-17 Thread Kevin Chadwick
What about powerup? Currently if u boot say an access point and close the lid to save a watt. I *believe*? you have to wait for sysctl.conf to be read before closing to avoid sleeping?

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Kevin Chadwick
On Fri, 5 May 2017 17:56:11 +0200 > If CMAC's can be truncated then this entire implementation can be > rewritten to not truncate for 64 bit machines and truncate for 32 bit > machines. There is also POLY1305-AES which is a little stronger. The more you limit failed MAC requests the more you can

Re: My ELFSEC implementation (signed binaries for amd64)

2017-05-05 Thread Kevin Chadwick
On Fri, 5 May 2017 14:16:37 +0200 > There was concern about my use of MD5 HMAC's so I > took them out. The ELF header of 32 bit systems is too small to fit > SHA256 checksums, so I'm leaving it out. Have you considered CMAC which can be truncated if need be and also could take advantage of AES

6.1 crypto/disk slow down

2017-05-02 Thread Kevin Chadwick
I believe I saw a mention of 6.1 scheduling or I/O being a work in progress, so this post is simply informational and if you wish me to run any tests then I can. Otherwise this is not a problem right now though it has made the daily internal backup into a weekly one. I am using an old fanless P2 4

Re: Is loss of read-only /usr permanent?

2016-05-14 Thread Kevin Chadwick
> Finally, the read only file systems on a writable medium susceptible > to all sorts of failure modes is a silly silly useless trick. This > does not provide any real technical benefit but your own discomfort. > Pipe it down a bit will you. I use ro root, /dev in tmpfs and /usr ro as well as an

Re: doas with a timeout

2015-07-27 Thread Kevin Chadwick
> sudo was having a nice feature of not overwhelming the user with > password prompts (cookies :-) ). > > This diff is adding this back to doas(1). It's not a big deal but one feature of sudo that I occasionally use is sudoedit or a one-time su like command with timestamp_timeout=0 to always pro

Re: httpd: hsts (rfc 6797)

2015-07-18 Thread Kevin Chadwick
On Sat, 18 Jul 2015 02:53:01 +0200 Reyk Floeter wrote: > HSTS is a good thing and widely pushed, eg. by Google, in an effort to > enforce HTTPS over HTTP. It is a useful security option I agree HSTS is useful but disagree with the rhetoric personally. It improves security for average website de

Re: [Bulk] freetype vulns

2015-03-08 Thread Kevin Chadwick
On Wed, 04 Mar 2015 17:12:07 -0500 Ted Unangst wrote: > references this bug: > http://savannah.nongnu.org/bugs/?43661 Does anyone know how to turn off external font loading in xombrero's webkit and would doing so avoid a large part of the risk? Was gonna post to misc@ but judging by this thread

Re: [Bulk] Re: [DIFF] /etc/rc: gracefully shut down base daemons too

2015-02-21 Thread Kevin Chadwick
On Sat, 21 Feb 2015 11:19:08 + Stuart Henderson wrote: > init shuts them down gracefully anyway where possible. When you have > a misbehaving system, the fewer unnecessary processes to get in the > way of a reboot, the better. I've certainly had Linux hang on shutting down services more than

Re: Authenticated TLS "contraints" in ntpd(8)

2015-02-10 Thread Kevin Chadwick
On Tue, 10 Feb 2015 13:03:27 + David Dahlberg wrote: > > > The standardized attempts to add authentication to NTP are a) fairly > > > horrible (ASN.1 etc.) and b) rarely deployed. > > > > When ntpd acts as a server, could the package signing code be of use > > with ntpd keys? > > How exa

Re: Authenticated TLS "contraints" in ntpd(8)

2015-02-10 Thread Kevin Chadwick
On Tue, 10 Feb 2015 10:55:53 +0100 Reyk Floeter wrote: > The standardized attempts to add authentication to NTP are a) fairly > horrible (ASN.1 etc.) and b) rarely deployed. When ntpd acts as a server, could the package signing code be of use with ntpd keys?

Re: [Bulk] Re: Shadow TCP stacks

2014-10-15 Thread Kevin Chadwick
On Sat, 11 Oct 2014 13:38:49 -0400 Ian Grant wrote: > No, the "pre-shared keys" are communicated over the VPN, as are the > keys which encrypt the VPN's own data as it appears in the actual TCP > packets which carry the tunnel through which the VPN operates. Perhaps I have missed something but if

Re: DNS control port additions to /etc/services

2014-07-15 Thread Kevin Chadwick
previously on this list Claudio Jeker contributed: > IMO /etc/services should not be overwritten on upgrade. > Also if people are careful and only append at the end then merging the > file with sysmerge should be trivial. Isn't it trivial to sysmerge in any case? Then again so is adding a line to

Re: IPv6 by default

2014-04-29 Thread Kevin Chadwick
tems it's 'modern' replacement 'apropos' on Linux is a tool to help psychopaths learn to control their anger. (Kevin Chadwick) ___

Re: missing ports.tar.gz in snapshot

2014-03-06 Thread Kevin Chadwick
previously on this list Shawn K. Quinn contributed: Makes very little difference to me. > I don't use the ports tree at all anymore. That said, I would trust the > empirical evidence (FTP logs) more than any on-list answers you might > get. Is there a pkg* tools equivalent to print-run-depends?

Re: Boot network for remote unlock of fde

2014-03-05 Thread Kevin Chadwick
previously on this list Kevin Chadwick contributed: > Though I can understand the FDE approach for Linux due to it's rather > and pointlessly (IMO) complex boot. Obviously not all using the linux kernel like buildroot for embedded which can be literally six lines of shell but pro

Re: Boot network for remote unlock of fde

2014-03-05 Thread Kevin Chadwick
previously on this list Giancarlo Razzolini contributed: > I prefer to have /etc and everything else > encrypted. If not, I would have to move lots of configuration files to > the encrypted partition, not to mention that it would very error prone. You can always use symlinks or mount encrypted pa

Re: signed packages

2014-01-23 Thread Kevin Chadwick
previously on this list Giancarlo Razzolini contributed: I believe that with the interdiction > programs that NSA has, and maybe also other governments, CD's can not be > entitled with the same trust as before. Why would you have so much trust in the ether unless you have met someone with say a D

Re: signed packages

2014-01-22 Thread Kevin Chadwick
previously on this list Jiri B contributed: > What about as TXT record for dns (in combination with DNSSEC) as alternative > for getting the key? :) The architecture for the root key handling (offline keys, multiple people etc.) is good obviously with bobs concerns though. I don't know much abou

Re: Request for Funding our Electricity

2014-01-20 Thread Kevin Chadwick
previously on this list Theo de Raadt contributed: > > > > If the tests are as good as this project claims them to be, the process > > should take exactly one test cycle. If that's the case, then the test > > regime suck big time. Logic brother. Logic. > > the OpenBSD project's purpose is not

Re: drm bits on 54.html

2013-08-10 Thread Kevin Chadwick
> > > > Yes, real world so often uses names and terms improperly. whats new. > > In real world hacking is cracking :( That may change, I saw a program on TV recently where Dara O'brien said hacking is being done on gadgets recently 'not in the traditional computer science meaning' but in making

Re: goodbye to some isa devices

2013-03-27 Thread Kevin Chadwick
On Wed, 27 Mar 2013 19:24:49 + Kevin Chadwick wrote: > However, I would be glad if the 486 support was kept as I have many > 486 systems that I would like to be able to use if I ever get around > to porting the ethernet driver (which is open source). Oops, just checked and they ar

Re: goodbye to some isa devices

2013-03-27 Thread Kevin Chadwick
> However, on a practical level, if we took the decision to kill 486 support, > we could, in effect, loose 99% of the ISA-related code, as excluding a few > specialised pieces of hardware, (which OpenBSD doesn't support, and probably > never will), ISA pretty much died by the 586 era, (as did VL-bu

Re: Fixing a phrase in /stable.html

2013-02-18 Thread Kevin Chadwick
> > i asked native english speaker, > > apparently, taking awhile is always 'sarcastic', and never short. > > Not according to dictionaries[1][2][4]. I've never thought "awhile" as > a sarcastic usage. Well I've never seen awhile written without a space so you can take this with a pinch of salt

Re: upstream vendors and why they can be really harmful

2012-11-22 Thread Kevin Chadwick
On Thu, 22 Nov 2012 15:58:12 -0430 Andres Perera wrote: > On Thu, Nov 22, 2012 at 2:53 PM, Kevin Chadwick > wrote: > > On Thu, 22 Nov 2012 14:18:59 -0430 > > Andres Perera wrote: > > > >> there's still no tie-in to the privileges of the process, > &

Re: upstream vendors and why they can be really harmful

2012-11-22 Thread Kevin Chadwick
On Thu, 22 Nov 2012 14:18:59 -0430 Andres Perera wrote: > there's still no tie-in to the privileges of the process, It still lets a process do something unintended. In fact getting a browser to execute an external javascript program is a threat in itself that could have no end of custom instructi

Re: upstream vendors and why they can be really harmful

2012-11-22 Thread Kevin Chadwick
On Thu, 22 Nov 2012 13:27:46 -0430 Andres Perera wrote: > but jit isn't irreparably interleaved with js > The latest polkit actually depends on the javascript package. > am i compromising by running luajit in interpreter mode instead of the > reference implementation, moreover, would that imply

Re: upstream vendors and why they can be really harmful

2012-11-22 Thread Kevin Chadwick
On Thu, 22 Nov 2012 09:30:41 -0430 Andres Perera wrote: > i'm not sure how using js for configuration files, as opposed to using > a language commonly deployed for the same purpose, such as lua, > presents an innate constraint on security. Firstly the article mentioned JIT preventing true randomi

Re: upstream vendors and why they can be really harmful

2012-11-22 Thread Kevin Chadwick
> Follow-up interview, much better to say what you want instead of having people > interpret your email. Do you know polkit (which I believe is cross platform but I prefer to remove it, primarily because it gives little indication of what is allowed and requires constant review, unlike sudo) now u

Re: upstream vendors and why they can be really harmful

2012-11-08 Thread Kevin Chadwick
On Thu, 8 Nov 2012 10:18:28 +0100 Lars von den Driesch wrote: > >> > The only distros with a fair few users who have switched and still > >> > have far less users are Fedora, Mageia and OpenSUSE. > >> > >> Let's have an eye on Arch-Linux. > > > > And they have lost users over it. I left them o

Re: upstream vendors and why they can be really harmful

2012-11-07 Thread Kevin Chadwick
On Wed, 7 Nov 2012 22:52:19 +0100 Lars von den Driesch wrote: > > The only distros with a fair few users who have switched and still > > have far less users are Fedora, Mageia and OpenSUSE. > > Let's have an eye on Arch-Linux. And they have lost users over it. I left them out because they hav

Re: upstream vendors and why they can be really harmful

2012-11-07 Thread Kevin Chadwick
> and if you come with proper arguments (and code) they will be more than > happy to include it or change the way they do things to accomodate to > standards. Lennart is a different matter, he made it clear he doesn't > care about the rest of the ecosystem. But he is just one guy and his > lobbying

Re: upstream vendors and why they can be really harmful

2012-11-06 Thread Kevin Chadwick
On Tue, 6 Nov 2012 21:39:42 +0100 Marc Espie wrote: > I don't have ANY KIND OF SOLUTION. Certainly couldn't for that general problem without likely being the problem. As I've said before I'm not a Gnome fan and far from a Gnome 3 fan however the reason udisks dropped many gnome features like au

Re: upstream vendors and why they can be really harmful

2012-11-06 Thread Kevin Chadwick
Apparently branding as a priority by some devs, is a major reason. I can't believe a Gnome dev said he hadn't heard of XFCE to a transmission dev! http://igurublog.wordpress.com/2012/11/05/gnome-et-al-rotting-in-threes/ > in some cases, you even have some people, who are PAID by some vendors, > a

Re: Scheduler improvements

2012-10-05 Thread Kevin Chadwick
> It appears to have sped up porn. movies on the machine seem a bit better. > > I will try this in a few other places Just not at the mother in laws or in public places no matter how impressed you are at the difference? -- ___

Re: tcp ping

2012-09-13 Thread Kevin Chadwick
> I haven't polished the output > because I'm not sure if this is desirable or not, but I found it > useful. I'd like it, it's always made sense to me to test a service using the protocol it uses and would remove a package install. -- _

Re: Future of PF

2012-05-20 Thread Kevin Chadwick
On Sat, 19 May 2012 21:09:03 -0400 Jiri B wrote: > You can suggest whatevery you want, words are for free : :D

Re: raise max value for tcp autosizing buffer [WAS: misc@ network tuning for high bandwidth and high latency]

2011-12-05 Thread Kevin Chadwick
On Mon, 05 Dec 2011 10:53:00 +0100 "Sebastian Reitenbach" wrote: > So to be able to shoot myself in the foot without the need to compile the > kernel, I'll look into adding a sysctl to tweak the maximum size of the > buffer. Well, depending on time and how fast I figure out how to do that, > mi

Re: Design of spamd

2011-11-30 Thread Kevin Chadwick
On Wed, 30 Nov 2011 20:00:27 +0100 Han Boetes wrote: > So for some reason passtime is ignored on my machine. I've tested > this with telnet quite extensively. And after 3,4,5 attempts in a > minute or so the address is whitelisted. What version of OpenBSD are you running? Does it do this without

Re: Design of spamd

2011-11-29 Thread Kevin Chadwick
On Mon, 28 Nov 2011 23:08:52 +0059 Han Boetes wrote: > So spamd would use the stuttering time to figure out if the ip is > not on an rbl, if the dnsname is reverse resolvable, if the helo > is valid, if the sender is not matching silly pattern, etc etc and > then decide what to do with the attempt

Re: enable aucat by default

2011-10-09 Thread Kevin Chadwick
On Fri, 07 Oct 2011 12:31:16 -0600 Theo de Raadt wrote: > And precisely how do you do that? I was thinking turn on if X is enabled during the installer and throw inputless warning that you should turn it on manually for servers or consoles that desire it if X is declined.

Re: enable aucat by default

2011-10-07 Thread Kevin Chadwick
On Fri, 07 Oct 2011 10:35:27 -0600 Theo de Raadt wrote: > The plan is to gut the direct device code-paths substantially, and > stop trying to perform magic two ways. The direct-device methods will > continue to work, but only as minimally as they did 10 years ago. Even better, a simpler audio sy

Re: relayd session timeout

2011-09-01 Thread Kevin Chadwick
On Thu, 1 Sep 2011 10:21:35 +0200 Alexander Bluhm wrote: > The relayd used the CHECK_TIMEOUT for connect and ssl handshake. > This is 200 milliseconds and too short. Instead use the 600 seconds > session timeout that is used for accepted sessions everywhere else. > > While there, make flag hand

Re: Small pgrep/pkill enhancement

2011-06-12 Thread Kevin Chadwick
On Sun, 12 Jun 2011 16:31:32 + Kevin Chadwick wrote: > On Sun, 12 Jun 2011 00:15:58 +0200 > Benny Lofgren wrote: > > > Me personally, I'm scared as hell using pkill at all. I've never been > > concerned with not killing *enough*, it's almost always that

Re: Small pgrep/pkill enhancement

2011-06-12 Thread Kevin Chadwick
On Sun, 12 Jun 2011 10:41:16 -0500 Chris Bennett wrote: > I would like a verbose option where I can be notified if nothing matched. /usr/bin/pgrep asxbabsjkcnjklcneo || /bin/echo "Nout matched"

Re: Small pgrep/pkill enhancement

2011-06-12 Thread Kevin Chadwick
On Sun, 12 Jun 2011 00:15:58 +0200 Benny Lofgren wrote: > Me personally, I'm scared as hell using pkill at all. I've never been > concerned with not killing *enough*, it's almost always that I'm afraid > I'm killing too *much*... Most of the time, the regex matching makes it usable. I'd rather se

Re: En/disabling power button shutdown

2011-06-12 Thread Kevin Chadwick
On Sat, 11 Jun 2011 21:14:02 +0200 gilbert.fernan...@orange.fr wrote: > They had to put pieces of paper in front of the power buttons > because when you move a machine sometimes your finger presses > the power button. A matchbox with a hole in it acts like a reset button protection.

Re: Filesystem Hierarchy Standard (FHS) and OpenBSD

2011-05-10 Thread Kevin Chadwick
On Tue, 10 May 2011 09:05:13 +0200 Landry Breuil wrote: > Some parts of FHS won't apply on OpenBSD, like /srv, /opt, Linux ignores security mechanisms like noexec on /tmp, /home and then pointlessly adds /opt seemingly just to annoy people who care about partitioning!! And DON'T try spinning me

Re: horribly slow fsck_ffs pass1 performance

2011-04-02 Thread Kevin Chadwick
On Sat, 02 Apr 2011 17:46:51 +0200 Benny Lofgren wrote: > It must mean they don't trust their own file > systems, which frankly I find a bit unsettling... I'd rather use a file > system that's been field proven for decades than use something thats > just come out of the experimenting shop. Hopef

Re: top, systat and hw.cpuspeed

2011-03-24 Thread Kevin Chadwick
On Thu, 24 Mar 2011 13:23:08 +0100 (CET) David Vasek wrote: > I am fully aware that it is not always completly exact, and but on the > other hand the CPU clock rate doesn't change immediately, it takes at least > 5 seconds to drop/rise after the CPU load changes. At least on my Pentium-M > based

Re: Allegations regarding OpenBSD's PRNG

2010-12-22 Thread Kevin Chadwick
On Wed, 22 Dec 2010 11:00:43 -0600 Marsh Ray wrote: > But a typical box doesn't have "hundreds and hundreds" of processes or > unpredictable event sources. There are 300 or so references in the > source tree, but most of them are in code that doesn't run on any given > machine. > > A special-

Re: Allegations regarding OpenBSD's PRNG

2010-12-22 Thread Kevin Chadwick
On Wed, 22 Dec 2010 05:08:56 -0600 Marsh Ray wrote: > Let's say I could sample the output of the RNG in every process and from > every network device in the system. As much as I wanted. How could I > tell the difference between "one prng per purpose" and "data-slicing one > prng with all consu

Re: Solvng the NVIDIA IDE/SATA/AHCI mess

2010-12-21 Thread Kevin Chadwick
On Tue, 21 Dec 2010 11:27:30 +0100 (CET) Mark Kettenis wrote: > We still have some some issues with SATA/AHCI on NVIDIA chipsets. If > you have a machine, could you send me the following information: > > * dmesg > * output of 'pcidump -vxx' > * BIOS setting (IDE/SATA/AHCI/RAID) if your BIOS pro

Re: Allegations regarding OpenBSD IPSEC

2010-12-17 Thread Kevin Chadwick
Does anyone know if there was an ultimate outcome to the investigation of side channels supposedly put into DSA by the NSA?

Re: Allegations regarding OpenBSD IPSEC

2010-12-15 Thread Kevin Chadwick
On Wed, 15 Dec 2010 14:57:24 -0700 Tobias Weingartner wrote: > So in this case, you're the one that is out of > line. If your talking to me then I tried to make it clear that I was sitting on the fence. I was going to go further but then figured that would be leaning in one direction. I certain

Re: Allegations regarding OpenBSD IPSEC

2010-12-15 Thread Kevin Chadwick
On Wed, 15 Dec 2010 10:27:31 -0800 "Jason L. Wright" wrote: > I > cannot fathom his motivation for writing such falsehood (delusions > of grandeur or a self-promotion attempt perhaps?) Perhaps, Promote his domains rank in google or the facebook link? (Does anyone know if he always puts facebook

Re: bugfixes for dc(4)

2010-12-14 Thread Kevin Chadwick
On Tue, 14 Dec 2010 04:16:46 -0500 (EST) logana...@devio.us (Loganaden Velvindron) wrote: > Hi, > It fixes the idle timeout messages (which is not an issue on PNIC) and sets > the speed to 10BaseTX, since autonegociation is broken on PNIC. > > //Logan > C-x-C-c > I had a dc with timeout messag

Re: update pms driver

2010-11-30 Thread Kevin Chadwick
On Mon, 29 Nov 2010 22:08:22 + Nicholas Marriott wrote: > Well, I don't use it so I don't have strong feelings about it, but it > does work for PS/2 mice and it seems that it would be useful for anyone > using wsmoused (although there probably aren't many people). I use xset m, that isn't af

Re: acpithinkpad(4) fan control

2010-11-29 Thread Kevin Chadwick
On Mon, 22 Nov 2010 16:01:18 -0600 joshua stein wrote: > it would be helpful to have some kind of > watchdog to reset the fan to auto/high if something goes wrong, but > i don't know whether that's even possible. while probably not a big > issue on a laptop, if the fan was on manual/low when the

Re: more usb detach love

2010-11-25 Thread Kevin Chadwick
On Wed, 24 Nov 2010 20:59:22 + Jacob Meuser wrote: > thoughts? Probably not the thoughts your after especially on tech, but some of the panics I was seeing a while back (keep meaning to run more recent and proper tests with output, but time is short at the mo) would occur just after device r

Re: sync adduser with installer

2010-10-29 Thread Kevin Chadwick
On Fri, 29 Oct 2010 15:02:05 +0200 Tobias Ulmer wrote: > "useradd really does that? A new group for every user? I think that > is stupid behaviour." > > So, I stand by my patch, > Tobias Personally I prefer the unique group by default behaviour, but I also don't have a problem with double che

Re: usb xfer timeout issue

2010-10-18 Thread Kevin Chadwick
On Sun, 17 Oct 2010 23:01:01 + Jacob Meuser wrote: > unless someone sees a problem, or has a better solution, I think this > should go in soon. Xfer and bb_reset rings bells with some panics I had. If/when this goes in and I find time I'll try all the devices I've had problems with (differen

Re: important new unit

2010-10-14 Thread Kevin Chadwick
> > @@ -180,6 +180,8 @@ > > > > acre 4840 yd2 > > > > +ox acre/day > > + > > cc cm3 > > liter kilocc > > ml milliliter > On Thu, 14 Oct 2010

Re: important new unit

2010-10-14 Thread Kevin Chadwick
Just what i was looking for, but how many shovels will I need for the shit? If I get 6400 oxen, maybe they'll have to tread it in. On Wed, 13 Oct 2010 20:02:47 -0400 (EDT) Ted Unangst wrote: > Let's say you have a football field in need of a trimming, but the lawn > mowers are all broken, bu

Re: Kill suser() call in tunopen()?

2010-09-22 Thread Kevin Chadwick
On Wed, 22 Sep 2010 15:37:50 +0100 Owain Ainsworth wrote: > On Wed, Sep 22, 2010 at 11:45:10AM +0100, Kevin Chadwick wrote: > > On Wed, 22 Sep 2010 11:25:02 +0100 > > Owain Ainsworth wrote: > > > > > On Tue, Sep 21, 2010 at 06:32:50PM -0700, Matthew Dempsky wrote:

Re: Kill suser() call in tunopen()?

2010-09-22 Thread Kevin Chadwick
On Wed, 22 Sep 2010 11:25:02 +0100 Owain Ainsworth wrote: > On Tue, Sep 21, 2010 at 06:32:50PM -0700, Matthew Dempsky wrote: > > /dev/tun* are already owned by root and mode 0600 by default, so it > > seems redundant to check suser() in tunopen(). > > Looks like vnd could have the same change fo

Re: add rc.firsttime to rc(8)

2010-09-09 Thread Kevin Chadwick
> Also may I stand up in support of banana-shaped bikesheds. > How about a sphere, that way you can't be blamed for it being messy