Custom Search

Monday, August 22, 2011

Find OpenBSD folks on Google Plus

Easy way to find OpenBSD folks on Google Plus at
Google+ Search
Pimp your Google Plus pic at

Tuesday, July 12, 2011

Blogging From My Cell

If I can get used to blogging from my cell phone it sure would help
me out. I know everyone is doing it now, but it's rough on this phone.

No More Website

Got to squat on a friend's domain for quite a while which I used
for showing people new to OpenBSD how to get everyday things
done. I called it Polarwave's Tips & Tricks for Newbies. Saved
all the material and may eventually put it back up somewhere new,
but for now this blog will have to do. Some of the material was out
date as is a lot of the older entries here. Originally I started this blog
not so much as a tutorial site but more as an ongoing journal of my
experiences with OpenBSD. In the process I hope others got some
help from it.

Sunday, July 10, 2011

Lynx and URL Shortening

I use tmux and normally have 8 virtual terminals running inside
my xterm. Found out I didn't have to run a GUI browser with js
to be able to shorten links. URL Generator does a real nice job
of it from inside lynx. This way I can run lynx in one virtual
terminal and TTYtter inside another and copy my shortened
links over. That is if I do not wish to use Twitter's built-in URL
shortening service which works great in TTYtter. You type


and it's darned near instantaneous. But there are other times I
can use the URL Generator too, like in mutt in a different terminal,
composing a message and wishing to put in a shortened URL.

Wednesday, January 26, 2011

Midnight Commander

Got around to try using mc(1) (Midnight Commander)
for ftp and ssh file operations. Didn’t have any problem
with ssh, but I couldn’t get anything going with ftp except
errors, especially:

ftpfs: invalid value for ai_flags

Read the man page and the Makefile, searched some of
the OpenBSD mailing lists, and came up with:

Midnight Commander error on 4.7:

Here’s a snippet from that link:

I’m not a good C coder, so I just did some basic
research and replaced line 703 in ftpfs.c:
old: “hints.ai_flags = AI_ADDRCONFIG;”.
new: “hints.ai_flags = 1;”

Now it works as expected.

I didn’t have any idea how to do the above, but figured
it was time I learned, so first I used pkg_delete(1) to
uninstall mc(1). I knew when you build a port it will
download the port file and extract all its files in
subdirectories under /usr/ports. I found the file I
needed, ftpfs.c, under:


That’s because of limited space on my main drive and
fixing that problem by creating /etc/mk.conf and adding:


I edited ftpfs.c as described above, deleted the installed
package, changed directory into /usr/ports/misc/mc,
and did:

sudo make -D –with-vfs -D –with-samba \
-D –with-screen=slang -D –with-subshell \
-D –enable-charset

I don’t know if there is a way to tie all those together
without all the extra -D’s, and comments are welcome,
but I was tired at that point of all the searching to fix the
problem, so I did it the long way and it worked. Then I
did make install, then opened mc and this time ftp worked.
Mission accomplished! :-)

Labels: , , , , ,

Sunday, January 09, 2011

GoogleCL Wordwrap Test

Was wondering how to create lengthy posts for Blogger from the command line with GoogleCL since I know the sentences will wrap and eventually I'll encounter the command line character limit. I keep remembering the figure 255. Not sure if that still holds true or not.

The above paragraph was done from the command line with googlecl.
I used the following command:

google blogger post --tags "googlecl, wordwrap, character limit" \
--title "GoogleCL Wordwrap Test" ~/path/file

I read at Google code googlecl that --src is required which I took to
mean the path to the file that was being used for the post. When I tried
it, though, I got an error and it didn't post. I removed --src from the
command line and it worked, the entry posted. So, I still have some
things to learn. :-)

Labels: , ,

2011 OpenBSD Puffy Desktop Calendar

Made an OpenBSD Puffy desktop calendar wallpaper for myself.
It’s 406×700 pixels. You can put it on a black background or
copy and paste it into a plain black image of your own making
the size of your desktop. Took Puffy from a snapshot of the
OpenBSD ftp login screen and pasted it into the calendar image.
The characters and Puffy are kind of subdued terminal green color.

Labels: , , ,

Saturday, January 08, 2011

GoogleCL on OpenBSD

Installed googlecl on OpenBSD 4.8 tonight. Looked at the port's
Makefile and didn't see anything special, so I just installed the
package. First time you run googlecl it creates its config file in
~/.googlecl. When you run it there will be a long outputted
string and it'll tell you before you hit enter you will need to
okay access. You do that through the browser while in your
Google account in:

My Account
Change authorized websites

The catch is, I had to open my browser to do that, and it made no
difference to googlecl. Each time after okaying it in my account
settings in my browser googlecl still errored out. I added the
following to the config file to fix it:

auth_browser = /usr/local/bin/seamonkey

This time when I hit enter it opened a new tab in my browser and
everything worked. After it was working I tried doing a listing of
my docs and it worked. Next I ran some commands that accessed
contacts, blogger, and calendar, and got all of them okayed in my
account settings. Still a lot to learn, but it's working okay now.
Just a matter of reading up more on it online and playing around
with it. Incidentally, I uploaded this post with googlecl. Didn't
format quite like I wanted and I had to do some editing from my
browser, but not bad first time out.

Labels: ,

Friday, December 24, 2010

End of the Year Hodge-Podge

Put off upgrading way too long. As to how long, I’m embarrassed
to say. Previously I could pretty much get things how I wanted
in a couple of days, even after doing a new install and getting
all my old stuff back in. This time it took a couple of weeks to
really get where I wanted to be with the system. Not keeping up
with changes can bite one in the butt.

I’ve got a Linksys WRT54G-TM router running DD-WRT v24-sp2
firmware. Got an account at Hurricane Electric and if you
have got IPv6 working already, Also
have an account at for when my ISP changes the
IP address on my cable modem and a hostname that synchronizes
with it so I can reach home when I’m traveling. I setup a
VPN too, and am now able to surf through it no matter where
I’m connected at. Good for for instance, we go to B&N a lot
and they’ve got free Wifi. I connect to them, then activate
the the connection to my home VPN. Works great so far. Just
wish I’d figure out how to get IPv6 to work on the it. The
router does DHCP for my LAN and I’ve got it set to give the
same IP address to each box each time. Makes things easier
on me moving and copying files around the LAN. Ran into a
problem with my browser on a lot of IPv6 sites, where they’d
revert to IPv4 or not load at all. I had missed the option
mentioned in the man page ‘family inet6 inet4′ which sets
the preference to IPv6 as it’s first. When you use DHCP to
assign addresses, each time a box boots and starts the network,
/etc/resolv.conf gets overwritten. If you have some settings
you want in it like I did, you get around the overwrite
problem by putting the options in /etc/resolv.conf.tail and
then they show up in resolv.conf okay. Also had added some
stuff to /etc/pf.conf so icmp would be passed, as they’re
required for IPv6 to work right on my tunnel.

#Under the macros section:
icmp_types=”{ echoreq, echorep, unreach }”

#Under the rules section:
pass inet proto icmp all icmp-type $icmp_types
pass inet6 proto icmp6


Fiddled around with tmux quite a bit, trying to get it configured
the way I need it. Hadn’t used it in a while and had forgotten quite
a bit. My setup is not real complicated, I just had problems with
how I was calling the program. Here’s my .tmux.conf:

# Default global options.
set status-bg yellow
set status-fg black
set default-command “exec /bin/ksh -l”
set -g status-right ‘%a %m/%d/%y %H:%M’
set -g status-interval 5
set bell-action current
set history-limit 2000

# Prefix key.
unbind C-b
set -g prefix C-s

# Keys to switch session.
bind q switch -t0
bind Q switch -t0
bind w switch -t1
bind W switch -t1
bind -r C-n next-window
bind -r C-p previous-window
bind ‘”‘ choose-window

# Other key bindings.
bind i list-windows
bind I list-windows
bind ‘-’ split-window -dv
bind ‘|’ split-window -dh
bind “‘” new-window
bind < resize-pane -L 1
bind > resize-pane -R 1
bind _ resize-pane -D 1
bind u resize-pane -U 1

# Session Initialization

# First Session.

new -d -s0 -nmain1

neww -d -nmutt
neww -d -nwork1
splitw -v -p 50 -t 2
splitw -h -p 50 -t 2
neww -d -nwork2
splitw -h -p 50 -t 3
neww -d -nnet
selectw -t 0

# Second Sesson.

new -d -s1 -nmain2
neww -d -nshell1
splitw -v -p 50 -t1
neww -d -nshell2
splitw -v -p 50 -t2
neww -d -nshell3
splitw -v -p 50 -t3
selectw -t 0

Lot of split panes and stuff there I probably don’t need,
but I needed to know how to do it, so I just did some
experimenting with it. Put a few aliases in ~/.kshrc:

alias tm0=’tmux attach-session -t 0′
alias tm1=’tmux attach-session -t 1′
alias tmk=’tmux kill-server’


Side note while I’m thinking of it. Never had the occasion
to pipe anything to vim before. Started wondering how to
do it. Here’s how:

$ cat file.txt | vim -


I built the gimp, sane-frontends, and sane-backends the other
day. I expected to have an ‘Acquire’ choice in the gimp menu
but it wasn’t there. Then my buddy in the local LUG reminded
me to install xsane. The gimp no longer has the ARG to build
it with mmx, but I had to put some extra switches on the make
command when I built

$ cd /usr/ports/graphics/sane-frontends/
sudo env FLAVOR=”gimp” make install

$ cd ../sane-backends/
sudo make -D --with-gphoto install

$ cd ../xsane/
sudo env FLAVOR=”gimp” make install


Got tired of the nag on the console about clamav being out of
date. I had installed the package for 4.8 release, 0.96.1 which
was causing the nag. Uninstalled latest version, 0.96.4 and
built it. Seemed like it took a lot longer than it did with
previous versions, but it built and installed okay. That
version didn’t last long. Uninstalled it, then built 0.96.5
on 20101214. Built and installed okay. Just a pain in the butt
with the clamav uid and gid thing. Old version used _clamav.
Last few versions want clamav. You can change it using the
following to avoid the error when running ./configure:

sudo ./configure –with-group=_clamav –with-user=_clamav


Have never used irc extensively but taught myself enough to
know how to configure and get around in irssi. Installed silc
which is supposed to be more secure than regular irc and is
built around irssi. Including some notes here on how I was
able to connect to a silc server over tor:

1) If you haven't done so already, install tor and socat 2) Start /usr/local/bin/tor which defaults to port 9050

*Side Note on tor*
To run it all the time you can start it in /etc/rc.local at
boot time:


if [ -x /usr/local/bin/tor ]; then
echo -n ‘ starting tor’;

3) Now run this command as root or with sudo:
socat TCP4-LISTEN:706,bind=localhost,range=,fork \,socksport=9050 > socat_log.$$ 2>&1 &

4) Start silc

5) After entering password and silc is running:
/connect 706

A bit slower than a regular connection but much more secure
since your real IP address isn’t visible.

Labels: , , , , , , , , ,

Sunday, October 10, 2010

PKG_PATH Tweaking

Saw these on the mailing list a few weeks back.
First example is a bit long and drawn out but it works:

PKG_PATH=`uname -a | \
cut -d” ” -f 3`/packages/`uname -a |cut -d” ” -f 5`/

Second method is a bit neater:
PKG_PATH=`uname -r`/packages/`arch -s`/

Create an alias in called pkg_find:

alias pkg_find=”echo ls | ftp -a $PKG_PATH |sed ‘s/.*\ //g’ |grep -i ”

Then, from the command prompt, do

$ pkg_find somepkg

and you’ll get the full package name.


Saturday, May 08, 2010

Free OpenBSD Shell Account Provider, Unix Shells

Found out about this site the other day. Nice folks, great site.
Here's a snippet from their manifesto: came about one afternoon while brainstorming
new possible projects. While other shell providers do
exist, most of them lack a clear goal, or are ran by an
inexperienced group of people. The servers are either
unstable, insecure or the hardware is just plain bad.
Realizing this sad state of of affairs, we set out to
create While Kayla set out to design the site,
the rest of the team started working on writing all the
user administration utilities, automating tasks and
setting up the environment. Shortly thereafter, the
project was launched.

Lots of FAQ's and help on the site. Check out the forums at

Free Unix Shell Accounts - Forums

or join in on the chat at #devious

Labels: ,

Friday, May 07, 2010

bsdtalk 188 - Dru Lavigne

Interview with Dru Lavigne. We talk about her new book, The Definitive Guide to PC-BSD,
and also the upcoming BSD Professional Certification.

Main Site for bsdtalk
Interview mp3 link
Interview ogg link

Labels: , , , ,

Duck Duck Go

Not sure how long Duck Duck Go has been around but I
found out about it tonight after I saw a link to it on IRC.
You want to check it out and read what all it's got, go to:

About Duck Duck Go


Tuesday, December 01, 2009

bsdtalk180- OpenBSD Enthusiast Girish Venkatachalam

Interview with my programmer OpenBSD bud Girish Venkatachalam.

Main Site for bsdtalk
Interview mp3 link
Interview ogg link

Labels: , , ,

Tuesday, November 24, 2009

Absolute Minimal OpenBSD USB Image

My friend Girish Venkatachalam has added another
OpenBSD USB bootable image, a very minimal 1GB
version without X and without a single package,
just the base install.

Absolute Minimal Version


Labels: ,

Sunday, November 22, 2009


Create Fingerprints Using Cksum

cksum(1) is a very important utility since it
can figure out the fingerprint/message digests
using several key algorithms employed in

     1. cksum
     2. md4
     3. md5
     4. rmd160
     5. sha1
     6. sha256
     7. sha384
     8. sha512
     9. sum
    10. sysvsum
sha512 is the best algorithm to use since
it gives the longest output and there is
very little chance of collision.

I think this article is not going to make
much sense without explaining the rationale
and the math behind the idea of cryptographic
hashes of message digests.

The basic goal is quite easy to state and
understand. The idea of a message digest is
to create a fixed length "fingerprint" from
any input data of any length, be it 2 bytes
or 2 Terabytes. This is done in a such a way
that the output varies significantly for
slight changes in input data.

All that is fine and dandy but the most
important aspect of the checksum algorithm
is its ability to avoid collisions.
Collisions are input values for which the
checksum algorithm produces the same output.
This can be quite dangerous and defeats the
very purpose of having a checksum in the
first place.

But mathematically speaking, nature enforces
a limit to the probability or possibilty of
collisions. But in practice this works quite
well as long as your output sample space is
quite big. Which is the case with sha512
digests. MD4 is broken. Don't use it. MD5 is
weak too.

The importance of cryptographic hashing comes
from many angles. First thing is that it is key
to generating digital signatures. A signature
is a private key encrypted message digest of
the input message. Simple and straight.

Then you have something called HMAC or hashed
message authentication code where a secret key
is used for generating message digests.
Normally message digests do not employ any
secret information. It is completely open.
Anyone can generate cryptographic hashes since
the algorithm is well known, there are no keys
and given the input, the output is fixed.

This is alright when we want to detect accidental
changes or integrity of file transfers. But this
does not protect us from malicious tampering. For
that we normally encrypt the hash with a secret key.
Or append it with the message and encrypt it. That
way we can detect tampering.

However HMAC is different. In this method,
the cryptographic hash is protected with a
secret key and only if you possess the secret
key you can generate the hash.

HMAC is widely used in TLS or SSL web security.
We have already seen many applications for
message digests or cryptographic hashes.

There is one important detail however. All
the public key cryptosystems in particular
the most widely used RSA algorithm relies
on cryptographic hashes in a interesting way.

RSA is a little complicated to explain in
this article but my idea is to illustrate
that cryptographic hashes have a much bigger
role to play than simple integrity checking.

Cryptographic hash functions are also known
as one way hash functions. Which is to say
that the function is not reversible. There
is no inverse of the function. You can only
get an output from input, never the other
way round.

RSA is nothing but a one way hash function
of the input data with a key. RSA relies on
the prime number factorization problem. So
the idea here is that you can multiply two
prime numbers trivially but you cannot divide
them. You can of course but not without a
significant computational overhead.

Now that we have seen enough theory, let us
get to the practical side and figure out how
it can help us in real life. After all math
has a great real life significance.

$ cksum /etc/passwd
3171604895 3646 /etc/passwd

$ cksum -a sha512 /etc/passwd
SHA512 (/etc/passwd) =
(above cksum output line wrapped)

$ cksum -a sha256 /etc/passwd
SHA256 (/etc/passwd) =
(above cksum output line wrapped)

$ cksum -a rmd160 /etc/passwd
RMD160 (/etc/passwd) =

$ cksum -a md5 /etc/passwd
MD5 (/etc/passwd) =

$ cksum -a sha1 /etc/passwd
SHA1 (/etc/passwd) =

You can avoid the above mentioned issue of
collisions with the cksum(1) utility since
you have access to several state of the art
checksum algorithms from one command/utility.
So if you are paranoid kindly compare the sha1
and sha256 sums of the same file at both sides
after transfer. That way you can avoid issues
with collision.

openssl(1) also comes built in with access to
several checksum algorithms and so can sha1 and
md5 commands help under OpenBSD. But cksum has
an advantage of supporting many algorithms. Moreover
all these utilities come with base OpenBSD. There
is never a need to install any specific package.
In other words you are guaranteed to find them,
on any OpenBSD box!

Note on Authorship:
This article was contributed by Girish Venkatachalam
who is also a co-author on Denny's OpenBSD Newbies Blog.

Labels: , , , , , , , , , , , , , ,

Tuesday, November 17, 2009

Interfacing the Medical Transcription
Foot Pedal With Mplayer

Those of you who are hearing mplayer for the first
time should certainly see this article.

It is the best multimedia application out there and
it is written in pure C. It is amazing stuff. A grand
old project with an amazing cornucopia of features.

Those of you who have not heard of the footpedal
do not need to worry. It is a footrest with three
buttons which you can press with the toe.
Here is a picture.

It connects via the 9 pin serial connector to the
serial port of the computer. Before we get to the
technical details we do need to know something
about the medical transcription industry.

Every technical problem needs a business goal to
meet. Sometimes it is not very obvious as in the
case of academic UNIX tools, but without having
an appreciation of the real purpose of the project,
one cannot do well in business. Technical solutions
do not exist in isolation.

Medical transcription is the process of converting
a doctor's voice recordings into English text. The
doctor would have spoken at varying speeds and
with different accents. A medical transcriptionist
has the job of translating his spoken words into
the written word.

I am sure you can imagine that this is no easy task.
The transcriptionist has to listen to the dictation
multiple times at various speeds to figure out what
on earth the doctor is trying to say.

His/her fingers are typing the message in the audio,
and you wish to be able to rewind, pause/play and
fast forward the recording with the foot. That is
where a footpedal comes in. You can't use the mouse
or keyboard for this since the hands are busy typing
out text.

While the hand is typing the foot will be interacting
with the audio player to help the transcriptionist to
accurately translate the dictation into English text.

The footpedal is a passive device with no power and
no moving parts. There are 3 switches as you can see
above. The left pedal is connected to the DSR pin(8),
the middle pedal is connected to the CTS pin(6), and
the right pedal is connected to the DCD pin(1).

I figured this out using a perl script given here.

use Device::Modem;

  my $modem = new Device::Modem( port => '/dev/tty00' );

         if( $modem->connect( baudrate => 9600 ) ) {
             print "connected!\n";
         } else {
             print "sorry, no connection with serial port!\n";

        my %sig = $modem->status();
        for ('CTS','DSR','RLSD')
                if($_ =~ /RLSD/) {
                        print "Signal DCD is: ", ($sig{$_} > 0 ? 'on'
: 'off'), "\n";
                } else {
                        print "Signal $_  is: ", ($sig{$_} > 0 ? 'on'
: 'off'), "\n";

The next thing to do was figure out a way to do this
in C. That was the hard part but I got there. Check
out the code in this page to interface with the serial
port on Windows and OpenBSD to recognize the pedal

Okay now we are halfway through. We can recognize
the pedal presses. But how to interface with the
audio player?

Before that we have an even more important question
to tackle.

Which player should we use?

I started working on audacity but quickly realized that
it does not have the rewind and forward feature. Plus
I realized that most audio players don't have this at all.
Except of course mplayer. But before that I considered
and rejected sox and vlc.

I looked at the mplayer input.c file, the way it interfaced
with the joystick and LIRC remote control. I know I could
copy the semantics and match it with key presses. I did the
project first on OpenBSD and then got it working under
Windows. It was a great project, I thoroughly enjoyed it.

All the code in beautiful syntax highlighted fashion with
black background is here

However the work is not over yet. You need to recognize
the pedal presses with more care. Right now it is too
sensitive so to speak. It has to have some back pressure
and hysteresis. I need to understand the needs of the
medical transcriptionist better. I shall finish this
project and add these details later. At the moment, I
can say that the project is nearly over.

Saturday, November 14, 2009

LiveUSB Image With OpenBSD

My programmer friend in India who is also a co-author on my
other blog has created two usb OpenBSD bootable images.
There is a 1Gb image and a 2Gb image. The instructions
and download links are at:

LiveUSB image with OpenBSD


Tuesday, November 10, 2009

Small Conky Calendar

I”m not a perl programmer and I’m sure my chances of having
come up with this on my own would be right up there with the
classic example about the monkeys with typewriters creating
the encyclopedia! :-) I got it off this mailing list:

cal | perl -pe ’s/^/ /;s/$/ /;s/ ‘”$(date “+%e”)”‘ /\['"$(date "+%e")"']/’

I plugged it into the bottom of my .conkyrc file like so:

${color green}${execi 360 cal | perl -pe ’s/^/ /;s/$/ /;s/ ‘”$(date “+%e”)”‘ /\[ '"$(date "+%e")"']/’} ${color}

BTW, the above perl lines are wrapped, both the first which
is from the command line, and the second, which is the entire
line in .conkyrc. It shows the current day enclosed in brackets
in order to highlight it. Nice touch.


Labels: , , , , ,

Sunday, November 08, 2009

Taking Desktop Screenshots

I was Googling around the other night looking for graphics
help and ran across this site where I learned about some
X stuff I didn’t even know was there on my box:

Useful Things You Can Do with FVWM

Example of dumping the root screen using xwd, part
of the X Window System included with OpenBSD:
xwd -root -out file

Example of displaying the dumped image with xwud,
again part of the X Window System:
xwud -in file

Example of dumping the root screen & outputting it to
jpg format using xwdtopnm and pnmtopng, both
included in the netpbm port/package:

xwd -root |xwdtopnm |pnmtopng > file.jpg

Example of converting an existing screenshot taken with
xwd, using xwdtopnm and pnmtopng:

xwdtopnm < file | pnmtopng > file.png
xwdtopnm < file | pnmtojpeg > file.jpg

Example converting a screenshot taken with xwd with
convert, part of the ImageMagick port/package:

convert file file.png
convert file file.jpg


Labels: , , , , , , , , ,

Celebrate Freedom Nov 9 – Anniversary of the fall of the ‘Wall’

Nov 9, 1989. That’s the day the damnable Berlin Wall came down!
Celebrate freedom around the world today! Thanks, ‘Dutch’, I will
never forget your words:

“Mr. Gorbachev, tear down this wall!”


Conky Update

Added some information at the end of Conky System Statistics
on a new way to stop one version of Conky from a script that runs
from a cronjob and start a new version, again from a script run
from a cronjob. Hope if anyone used the old way they didn't have
the same problem I did. If so, sorry. The current way has been
working without issue for several days now.


Labels: , , ,

Sunday, November 01, 2009

Tweeting From the Command Line

Recently ran across an article Tweeting from the command line,
so I thought I’d give it a try. Didn’t have a Twitter account,
so that was the first step, creating one. Go to Twitter and
create your account.
After that, you need to copy the script and put in your username
and password and make the script executable. I placed my script
in ~/bin and did a chmod 700 ~/bin/ so the script
is only executable, readable, and writable by me. Here’s the script:





if  [ $(echo  "${tweet}" | wc -c) -gt 140 ];  then

     echo "FATAL: The tweet is longer than 140 characters!"

     exit 1


curl -k -u ${user}:${pass} -d status="${tweet}" >/dev/null 2>&1
if [ "$?" == "0" ]; then

echo "Successful tweet!"


The full instructions are at the link listed above at
the beginning of this blog entry. It mentions escaping
special characters such as "?" and "!" for one thing,
and that’s important. I read the other night where you
can’t edit a "Tweet", only delete it, going on to explain
that anyone following you would not be in sync with your
Tweets if you deleted an entry and then entered a new
version of it. I erroneously thought, also, that to Retweet
meant doing a Tweet over, but it's actually more like
passing on what someone else has already Tweeted.
Obviously I've still got a lot to learn about Twitter, but
the script above should get my fellow CLI geeks going. ;)


TTYtter for Perl: More Tweeting from the command line

TTYtter: an interactive console text-based command-line Twitter client and Perl platform

Just a follow up on Tweeting from the command line.
Cool setup. ANSI Graphics, too. Check it out.


Labels: , , , , , ,

Saturday, October 31, 2009

ClamAv Update on OpenBSD Box

Updated my ClamAv today from version 0.95.2 to 0.95.3
and luckily read the warning about needing to patch it
on the download page at:

Clam AntiVirus

There’s a link there to download the diff. I downloaded
everything, then ran gpg against the file and signature
file to verify:

gpg –verify clamav-0.95.3.tar.gz.sig clamav-0.95.3.tar.gz

gpg: Signature made Wed Oct 28 10:59:38 2009 CDT using DSA key ID 985A444B
gpg: Good signature from “Tomasz Kojm ”
gpg: aka “Tomasz Kojm ”
gpg: aka “Tomasz Kojm ”
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0DCA 5A08 407D 5288 279D B434 5482 2DC8 985A 444B

After that, cd /usr/ports/mystuff/ and do:

sudo tar xzvf /path/to/clamav-0.95.3.tar.gz

Next, I needed to uninstall the old version, but first I
had to stop the daemon running:
ps auxw grep clamd
sudo kill PID#


cd clamav-0.95.2
sudo ./configure
sudo make uninstall

There’s a warning in the docs about old librairies
and file versions on your system:


1) Make sure that you haven’t got old libraries (
lying around your filesystem. You can verify it using:

$ ldd `which freshclam`
Start          End            Type  Open  Ref  GrpRef  Name
1c000000  3c011000  exe     1           0       0              /usr/local/bin/freshclam
0470f000  24744000   rlib     0           1       0              /usr/local/lib/
022d7000  222db000  rlib    0           2       0              /usr/local/lib/
07d8b000  27d93000  rlib    0           2       0              /usr/lib/
0cd94000  2cd9d000  rlib    0           1       0              /usr/lib/
0c104000  2c13a000   rlib     0           1       0              /usr/lib/
05e7e000  05e7e000   rtld    0           1       0              /usr/libexec/

With my previous version of Clamav I had the file
/usr/local/lib/ but the uninstall
removed it okay.

More warnings:

2) Also make sure there is only one version of ClamAv
     on your system.

3) whereis freshclam

4) whereis clamscan

In case anything went wrong I saved my old configuration
files in /usr/local/etc renaming them. Then:

cd /usr/ports/mystuff/clamav-0.95.3/
cp /path/to/patch-0.95.3-bug1737.diff .
sudo patch -p1

After everything built and installed successfully, all that
was left to do was go back into /usr/local/etc and configure
clamd.conf and freshclam.conf, then restart the daemon:

sudo /usr/local/sbin/clamd

I want to stress like always that it pays to read
documentation. Where you want your TemporaryDirectory,
where you want your LocalSocket and DatabaseDirectory
and so on. Same goes for your freshclam settings.

If you’re going to go through all the above to have
Clamav on your system, then you’re probably going
to want to start it when your system boots. I’ve got
the following in /etc/rc.local:

if [ -x /bin/mkdir ]; then
/bin/mkdir /tmp/clamd && chown clamav:clamav /tmp/clamd

if [ -x /usr/local/sbin/clamd ]; then

I do the above mkdir along with the ownership thing
since my sytem cleans out /tmp on reboot. It’s set in

clear_tmp_enable=”YES”     # clear /tmp on reboot


Labels: , , ,

Tracking Network Usage With a Shell Script

Every morning the daily output is waiting there for
me in my email. Part of the normal output under Ipkts
and Opkts shows what went through the interface:

Ipkts            Opkts
2999812      2509494

I don’t reboot very often but when I do, it seems the system
zeros this out and it starts all over again. I put together
a script that runs periodically from a cronjob:

# Filename:

cd $HOME/bin
if grep ‘daily output’ $HOME/Mail/root/new/*; then
cat `grep -l ‘daily output’ ~/Mail/root/new/*` | \
grep xl0 |tail -1 |awk ‘{print $5}’ > ibytes.out
cat `grep -l ‘daily output’ ~/Mail/root/new/*` | \
grep xl0 |tail -1 |awk ‘{print $7}’ > obytes.out

echo “No daily output yet” > /dev/null 2>&1

At the end of the month I run another script to total
the network usage:

# Filename:
cd $HOME/bin
date > `date +”%Y%m%d”`_endofmonthnetuse.log
echo “” >> `date +”%Y%m%d”`_endofmonthnetuse.log
echo “Monthly Ibytes” >> `date +”%Y%m%d”`_endofmonthnetuse.log
cat *ibytes.out |awk ‘{ SUM += $1 } END { print SUM }’ >> \
`date +”%Y%m%d”`_endofmonthnetuse.log
echo “” >> `date +”%Y%m%d”`_endofmonthnetuse.log
echo “Monthly Obytes” >> \
`date +”%Y%m%d”`_endofmonthnetuse.log
cat *obytes.out |awk ‘{ SUM += $1 } END { print SUM }’ >> \
`date +”%Y%m%d”`_endofmonthnetuse.log
mv -f *ibytes.out *obytes.out rebytes/
mv -f *endofmonthnetuse.log rebytes/

The file names I used probably look ludicrous and they are all
completely arbitrary. If you try this out you can use whatever
file names and paths suit your needs. The whole thing was done
just to learn more about scripting, awk, and so forth. Also, to keep
the numbers right after a reboot, I added the following to

netstat -ivn |head -8 |tail -1 |awk ‘{print $5}’ > \
/home/useracct/bin/`date +”%Y%m%d%H:%M:%S”`_reboot_ibytes.out
netstat -ivn |head -8 |tail -1 |awk ‘{print $7}’ > \
/home/useracct/bin/`date +”%Y%m%d%H:%M:%S”`_reboot_obytes.out
chown useracct:useracct /home/useracct/bin/*reboot_*bytes*

Like I said, this was all done just for learning purposes.
Maybe you can find a way to use some variation of the idea
on your own system.


Labels: , , , ,

Saving Tips From Mailing Lists

Besides my constant experimentation towards always
learning more about OpenBSD, one of my other means
of accumulating tips is from the mailing lists I
subscribe to. I put together a script to save messages
from the misc@openbsd mailing list. It finds all the
messages in thread in my mutt subdirectory under Mail
and concatenates all of them to a text file. It’s
interactive and it asks you for a search pattern,
where to search, and where to save the output to.
Here’s what it looks like:

# Filename: – save mailing list problem
# questions and resolutions to my BSD tips folder

echo “Enter your search pattern: ”
read r

echo “Enter your search path: ”
read R

echo “Enter file to save to: ”
read i

cat `grep -l “$r” $HOME/$R/*` | \
sed ‘/Return-Path/,/X-Virus-Checker-Version/d’ >> \

The stuff like Return-Path and X-Virus-Checker-Version
are stuff in my header I don’t want in the saved tip.
If it was just a single message I could strip the entire
header with a sed command, but it doesn’t work when there
is more than one message in the thread. It gets even more
complicated on the script I use to do the same thing with
my freebsd-questions mailing list threads. Here’s that
script and you will see the difference:

# Filename: – save mailing list problem
# questions and resolutions to my BSD tips folder

echo “Enter your search pattern: ”
read r

echo “Enter your search path: ”
read R

echo “Enter file to save to: ”
read i

cat `grep -l “$r” $HOME/$R/*` | \
sed ‘/Return-Path/,/X-Virus-Checker-Version/d’ | \
sed ‘/freebsd-questions/d’ |sed ‘/unsubscribe/d’ >> \

Depending on your MUA you will have to adjust your
filtering. I’ve been using mutt for years and do not
have any intention of switching to anything else. So,
if you’re using mutt, it will be easy to implement
for you. If you’re using some other MUA YMMV. ;)


Sat Oct 31 14:35:33 CDT 2009

Made the script a bit more interactive and helpful.
Thanks go to my friend Girish for helping me on it,
too. Here’s the new script for searching through my
misc@openbsd mail threads:

# Filename: – save mailing list problem
# resolutions to my BSD tips folder
while [ "$found" = "N" ]; do
echo “Enter your search pattern: ”
read r

echo “Enter your search path: ”
read R

echo “Enter file to save to: ”
read i

if grep $r $HOME/$R/* > /dev/null 2>&1 ;
cat `grep -l “$r” $HOME/$R/*` | \
sed ‘/Return-Path/,/X-Virus-Checker-Version/d’ >> \
# XXX finish the program!
echo “Can’t find it! Check your search pattern and path.”
# Rerun the search with new pattern and/or path

I’d also like to add something at the end of the script where,
even after it finds what I’m looking for and writes it out to my
tips file, it will still come up and ask me if I’d like to enter
a new search. Anyone have a suggestion, please leave a comment.


Labels: , , ,

Sunday, October 18, 2009

Find and Kill Process

I had used the following to find an instance of conky and
kill it in order to start a different conky configuration:

ps -U useracct |grep justweather |head -1 | \
cut -c 1-5 |sed -e ’s/[\ ]//g;/^$/d’ > jwpid.out
kill -9 `cat jwpid.out`

That’s unnecessarily complicated compared to this simpler way:

ps -U useracct |grep justweather.conkyrc | awk ‘{print $1}’ | \
xargs kill -15

Labels: , , , , , ,

Thursday, October 15, 2009

Keeping Up With Security Patching

Put together a script that uses lynx(1) and sed(1) to download
and parse to a nice output the latest OpenBSD security and
reliability notifications.

# Filename:

cd $HOME/bin/
echo "" > errata.out
echo - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \
>> errata.out
echo "" >> errata.out

echo "" >> errata.out
echo "" >> errata.out

lynx -dump ¦sed -n '/OpenBSD Errata/,$p, ¦ \
sed '/OpenBSD Resources/q' ¦ sed -n -e :a -e '1,3!{P;N;D;};N;ba' ¦ \
sed 's/^[ \t]*//' >> errata.out

echo "" >> errata.out
echo - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \
>> errata.out
echo "" >> errata.out

echo "OpenBSD Errata" >> errata.out
echo "" >> errata.out

lynx -dump ¦ \
sed -n '/OpenBSD\ FAQ/,$p' ¦ \
sed '1d ' ¦sed '/References/,$d' ¦sed '$d' >> errata.out

echo "" >> errata.out
echo - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \
>> errata.out
echo "" >> errata.out

cat errata.out ¦mail -s "OpenBSD Daily Errata" dennyboy


You can always subscribe to
but, sometimes, despite good intentions, things fall through the
cracks. In the end, at least IMHO, security is the responsibility of
the system admin, whether he's overseeing a server room full of
blade servers or if he's just a home user running one box.


Labels: , , ,

Monday, August 24, 2009

Your Favourite BSD Tips & Tricks?

Following from Dru Lavigne's blog:
A Year in the Life of a BSD Guru

Your Favourite BSD Tips & Tricks?: "BSD Mag has asked me to write another Tips & Tricks column for the upcoming 1/2010 issue of the magazine."

Labels: , ,

Sunday, August 23, 2009

Passive Aggressive Spam Filtering

Passive Aggressive Spam Filtering: "

Using OpenBSD and spamd for spam filtering and grey-listing is very old news but there are a few situations where it becomes politically and technically challenging to run in production. Here was a simple yet (and in no way the best method) of using PF and some friends on the internet to help 'slow the flow' of offal from the Internet into your mail server.

Read more..."

Labels: , ,

OpenBSD 4.6 Pre-Orders Online!

OpenBSD 4.6 Pre-Orders Online!: "

OpenBSD 4.6 cover

Pre-orders are now being accepted for OpenBSD 4.6, scheduled for release on October 1st, 2009.

The developers bring us an amazing amount of cool new stuff (PF now enabled by default, a new privilege-separated SMTP daemon, routing domain support and lots more).

Of course, t-shirts and posters are available too. Order your set NOW!


Labels: ,

BSD load demystified

BSD load demystified: "

Ariane van der Steldt (ariane@) posted a reply to the OpenBSD misc mailing list last month that offered some valuable insight into how load is calculated in the BSD kernel. This is a topic that comes up routinely but remains largely misunderstood by the average user.

Read on for Ariane's explanation and comparison to Linux load...

Read more..."

Labels: , ,

SecPuffy:): OpenBSD tips and tricks - adding swap on the fly

Monday, August 10, 2009

Spam control with OpenBSD greylisting

New link for my friend in Tamil Nadu. He's renamed
his antispam product to SpamCheetah. He has been a
good friend over the years, helped me numerous times
with OpenBSD and other projects, and definitely knows
what he's doing. So if you're in need of an antispam
solution, he's definitely the guy to see! The link is
in the title but here it is again just to be safe:

SpamCheetah - Main Site
SpamCheetah - On SourceForge

Youtube videos about the product:
OpenBSD Tarpit
SpamCheetah's Web Interface

There is both a commercial version with full tech-support and
the free downloadable open source version.

Labels: , , , , , ,

Saturday, May 16, 2009

Youtube Without Flash

Check it out:

HQTube for Greasemonkey

Youtube live streaming without flash, gnash, etc. Yes, it works,
at least so far in Seamonkey for me. Haven't tried it yet with
Firefox but, going from past experience, Firefox is easier to
work with than Seamonkey and better supported in regards
to add-on's, but I choose Seamonkey because it's just faster.
At least it always has been for me.

Audio is working great, no stuttering or distortion, and video
streaming over my broadband connection is good, no jerkiness
or distortion there either.

Before doing anything else, if you don't have them installed
already, install the mplayer and mplayerplug-in packages.

Whether you're using Firefox or Seamonkey, you'll need to
install Greasemonkey. For Firefox, check out:


If you're using Seamonkey, you'll have to install xsidebar.
You can get it at:

xSidebar :: Seamonkey Add-ons

Then you can get the Seamonkey modified Greasemonkey
version at: - xsidebar: modifiedmisc: Greasemonkey

Here's what's in my ~/.mplayer/mplayerplug-in.conf:


Here's what's in my ~/.mplayer/config:


Those are straight out of the installation instructions for the
HQTube for Greasemonkey script. So far I haven't had
to change that or add anything else.

Right now the script only works with Youtube.

Sun Nov 1 02:13:41 CST 2009

Had to stop using HQTube. Started getting error messages saying
it was no longer compatible and needed upgrading. Unfortunately,
I couldn't find an upgrade. So, I did some searching and ran across
the following:

Free Youtube! for Greasemonkey

So far it's not working too badly in this old Seamonkey version I'm
running. Lazy old me, I haven't upgraded yet to OpenBSD 4.6 but it
is going to happen shortly. Already received my shiny new CD set! ;)
Only problem with Free Youtube! I've had so far is it doesn't want to
play the videos on the BSD Conference part of Youtube. Wouldn't you know
it? They seem to be laid out differently than regular Youtube videos.
Hopefully after I upgrade I'll get that going too.
Had to uninstall HQTube. Started getting error messages that

Labels: , , , , ,

Friday, November 14, 2008

Customizing Seamonkey's Toolbar

How to Customize the SeaMonkey Toolbar |

I thought this had some pretty good tips in it
for Seamonkey, which is my favorite browser.
Much faster than Firefox, at least in my browsing

Wednesday, July 09, 2008

SSH & Samba Write-up

I solved a windows network connectivity problem I was
having when I was using a socks 5 proxy through an ssh
tunnel to my OpenBSD box for safer browsing. I'd leave
the windows box running but not use it, sometimes for
hours, and more often than not, overnight. When I'd try
to get anywhere with the browser I no could. I still had
connectivity with the OpenBSD box, but that was it. I put
in a batch file that cleans up the local area connection
on the windows box and run it from windows scheduler
every 6 hours and it solved the problem. The addendum,
batch file, and link to the network article that helped me
are at the bottom of my original write-up at:

SSH & Samba

Labels: , , , , , ,

Friday, July 04, 2008

Fluxbox Article

I've got a new write up on switching desktop wallpaper in
fluxbox automatically on a scheduled basis by using a script
and a cronjob to call it. I also made some additions to my
.kshrc file exporting some values into the environment for
when I login to the system that can be tested against and
also tell fluxbox which one of my wallpaper files to load
when it's starting.

Fluxbox Desktop

Labels: , , , , , , , ,

Saturday, May 31, 2008

Recent Web Site Updates

I finally got a couple of pages up I'd been wanting to
despite a bunch of interruptions. One is on installing
and configuring Conky to display system info on your
desktop. It also shows how to pull in other information
like weather reports and some system info that I couldn't
get with Conky's regular functions, due to either my own
misunderstanding of the instructions, or else something in
my chipset that's incompatible with the program. Probably
some of both.

ADDENDUM: 2008-06-06
Pertaining to Conky above, I've added some info to the page
that shows how I'm now getting stock market data to display.

ADDENDUM: 2008-06-13
Again, pertaining to Conky above, added some info on how I
kludged together a script to filter out my daily Accuweather
forecast email message, format it and scp it from that box to
the box I'm using conky on to be displayed below the current
conditions feed I get from NOAA's weather site.

The other write up is on creating a file to be used as a
persistent table for OpenBSD's PF packet filter firewall,
how to automatically concatenate IP addresses of would
be intruders to the file using scripts that run on a schedule
from a cronjob, and then flush the one table that does the
collecting and reload the persistent file back into its own
table. This makes it truly persistent, since rebooting has no
effect. You don't have to start back all over again with loads
of intrusion attempts in your logs.The pages are at:

PF with a Cumlative Table

ADDENDUM: 2008-07-04
Again I've added some more to the conky article above.
This addition describes how I run 2 instances of conky
and change one of them depending on the time of day and
the day of the week, since one configuration uses stock
market data and weather, while the other for the times
when the market is closed just displays the weather.
The change is accomplished using 2 short shell scripts
and 2 cronjobs. The last part of the entry shows how I
clean stale values from the environment in case I close
X but don't log out of the system, and then restart X.
From the value that gets exported from .xinitrc conky
determines which configuration file to use by comparing
that value with a small text file containing appropriate
times to load the file with stock market data. If it's
after hours or on the weekend when X restarts, it loads
just the weather version of conky on the one side of the
screen. The other conky running on the right side of the
screen doesn't change. It always shows system information.

Labels: , , , , , ,

Tuesday, May 06, 2008

4.3 Upgrade & New Pages on Web Site

4.3 OpenBSD is out and I've got one box upgraded so far. Had a
couple of problems which you can read about at:

Denny’s OpenBSD Newbies blog

Should be clear to see they were my fault. :-)

I also put up a couple of new pages under the tips & tricks section.
One on using colors in xterm and one on quick remote printing over ssh.

Xterm and Color

Quick Printing Over SSH

Labels: , , , , , , ,