Commit Diff
Diff:
a49da684d3bcb1a8bef160ea8a35b59fdf86f18b
e39379f7067c77e08a30bee58bfca35d030d4554
Commit:
e39379f7067c77e08a30bee58bfca35d030d4554
Tree:
4044034a2eb6d97b40ec19e411fb172e81bbb56a
Author:
Fred. Galusik <dev@galusik.fr>
Committer:
Fred. Galusik <dev@galusik.fr>
Date:
Sun Jun 28 15:05:56 2020 UTC
Message:
forked from https://github.com/danieljakots/chownmeblog. Thank you Daniel
blob - e79b6c75f16b74f97c60ee19c32264a76a3a1c62
blob + d5e7196b654f0936ba8e899a50cd4fcc8a2ad052
--- LICENSE
+++ LICENSE
@@ -1,6 +1,6 @@
MIT License
-Copyright (c) 2020 Daniel Jakots
+Copyright (c) 2020 Frédéric GALUSIK
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
blob - cdcee7c058ea0d08a801f39a1b9a95ecf9e60a52
blob + 128fd73be17b267d0a24ac43ad358968b402b79d
--- README.md
+++ README.md
@@ -1,4 +1,4 @@
-# chown.me blog
+# blog
This repository contains everything (articles in markdown, script to make
the html + feeds, the CSS, and the results).
blob - e53fb7a722fbc811e9d4b53aef9a228c9688d345 (mode 644)
blob + /dev/null
--- chownmeblog.py
+++ /dev/null
@@ -1,112 +0,0 @@
-#!/usr/bin/env python3
-
-# Copyright (c) 2020 Daniel Jakots
-#
-# Licensed under the MIT license. See the LICENSE file.
-
-import datetime
-import glob
-import sys
-
-import jinja2
-import markdown
-
-import feedgenerator
-
-CONTENT_PATH = "content/*"
-SITE = {}
-SITE["author"] = "Daniel Jakots"
-SITE["name"] = SITE["author"]
-SITE["url"] = "https://chown.me"
-SITE["feed_path"] = "blog/feeds/atom.xml"
-OUTPUT_DIR = "output"
-
-
-def md2html(md):
- html = markdown.markdown(md, extensions=["codehilite", "fenced_code", "attr_list"])
- return html
-
-
-def parse_article(article_path):
- article = {}
- article["file"] = f"{article_path.replace('.md', '')[len(CONTENT_PATH) - 1:]}"
- with open(article_path, "r") as f:
- metadata = [next(f) for x in range(3)]
- for line in metadata:
- if line.startswith("Title: "):
- article["title"] = line[7:].strip()
- elif line.startswith("Date: "):
- article["date"] = line[6:].strip()
- elif line.startswith("Category: "):
- article["category"] = line[10:].strip()
- article["markdown"] = f.read()
-
- if len(article) < 4:
- print(f"There's a problem with metadata for {article_path}")
- sys.exit(1)
- return article
-
-
-def parse_articles(content_path):
- content = []
- for article in glob.glob(content_path):
- article = parse_article(article)
- content.append(article)
- content.sort(reverse=True, key=lambda i: i["date"])
- return content
-
-
-def generate_website(content):
- jinja2_env = jinja2.Environment(
- loader=jinja2.FileSystemLoader("templates"), trim_blocks=True
- )
- jinja2_template = jinja2_env.get_template("index.html.j2")
- result = jinja2_template.render(articles=content, site=SITE)
- with open(f"{OUTPUT_DIR}/index.html", "w") as f:
- f.write(result)
-
- jinja2_template = jinja2_env.get_template("article.html.j2")
- for article in content:
- result = jinja2_template.render(article=article, site=SITE)
- prefix = ""
- if article["category"] != "othercontent":
- prefix = "blog/"
- with open(f"{OUTPUT_DIR}/{prefix}{article['file']}", "w") as f:
- f.write(result)
- with open(f"{OUTPUT_DIR}/{prefix}{article['file']}.html", "w") as f:
- f.write(result)
-
-
-def create_feed():
- return feedgenerator.Atom1Feed(
- title=SITE["name"],
- link=f'{SITE["url"]}/',
- feed_url=f'{SITE["url"]}/{SITE["feed_path"]}',
- description=f"Feed for {SITE['url']}",
- )
-
-
-def main():
- content = parse_articles(CONTENT_PATH)
- feed = create_feed()
- for article in content:
- article["html"] = md2html(article.pop("markdown"))
- if article["category"] == "othercontent":
- continue
- date = [int(i) for i in article["date"].split("-")]
- date = datetime.datetime(*date, 10, 0, 0)
-
- feed.add_item(
- title=article["title"],
- link=f"{SITE['url']}/blog/{article['file']}",
- author_name=SITE["author"],
- pubdate=date,
- description=article["html"],
- )
- with open(f"{OUTPUT_DIR}/{SITE['feed_path']}", "w") as f:
- feed.write(f, "utf-8")
- generate_website(content)
-
-
-if __name__ == "__main__":
- main()
blob - /dev/null
blob + 269b46c6bf57f94310e053061c8344bf18995dac (mode 644)
--- /dev/null
+++ babille.py
@@ -0,0 +1,113 @@
+#!/usr/bin/env python3
+
+# Copyright (c) 2020 Daniel Jakots
+# 2020 Frédéric Galusik
+#
+# Licensed under the MIT license. See the LICENSE file.
+
+import datetime
+import glob
+import sys
+
+import jinja2
+import markdown
+
+import feedgenerator
+
+CONTENT_PATH = "content/*"
+SITE = {}
+SITE["author"] = "Frédéric Galusik"
+SITE["name"] = SITE["author"]
+SITE["url"] = ""
+SITE["feed_path"] = "blog/feeds/atom.xml"
+OUTPUT_DIR = "output"
+
+
+def md2html(md):
+ html = markdown.markdown(md, extensions=["codehilite", "fenced_code", "attr_list"])
+ return html
+
+
+def parse_article(article_path):
+ article = {}
+ article["file"] = f"{article_path.replace('.md', '')[len(CONTENT_PATH) - 1:]}"
+ with open(article_path, "r") as f:
+ metadata = [next(f) for x in range(3)]
+ for line in metadata:
+ if line.startswith("Title: "):
+ article["title"] = line[7:].strip()
+ elif line.startswith("Date: "):
+ article["date"] = line[6:].strip()
+ elif line.startswith("Category: "):
+ article["category"] = line[10:].strip()
+ article["markdown"] = f.read()
+
+ if len(article) < 4:
+ print(f"There's a problem with metadata for {article_path}")
+ sys.exit(1)
+ return article
+
+
+def parse_articles(content_path):
+ content = []
+ for article in glob.glob(content_path):
+ article = parse_article(article)
+ content.append(article)
+ content.sort(reverse=True, key=lambda i: i["date"])
+ return content
+
+
+def generate_website(content):
+ jinja2_env = jinja2.Environment(
+ loader=jinja2.FileSystemLoader("templates"), trim_blocks=True
+ )
+ jinja2_template = jinja2_env.get_template("index.html.j2")
+ result = jinja2_template.render(articles=content, site=SITE)
+ with open(f"{OUTPUT_DIR}/index.html", "w") as f:
+ f.write(result)
+
+ jinja2_template = jinja2_env.get_template("article.html.j2")
+ for article in content:
+ result = jinja2_template.render(article=article, site=SITE)
+ prefix = ""
+ if article["category"] != "othercontent":
+ prefix = "blog/"
+ with open(f"{OUTPUT_DIR}/{prefix}{article['file']}", "w") as f:
+ f.write(result)
+ with open(f"{OUTPUT_DIR}/{prefix}{article['file']}.html", "w") as f:
+ f.write(result)
+
+
+def create_feed():
+ return feedgenerator.Atom1Feed(
+ title=SITE["name"],
+ link=f'{SITE["url"]}/',
+ feed_url=f'{SITE["url"]}/{SITE["feed_path"]}',
+ description=f"Feed for {SITE['url']}",
+ )
+
+
+def main():
+ content = parse_articles(CONTENT_PATH)
+ feed = create_feed()
+ for article in content:
+ article["html"] = md2html(article.pop("markdown"))
+ if article["category"] == "othercontent":
+ continue
+ date = [int(i) for i in article["date"].split("-")]
+ date = datetime.datetime(*date, 10, 0, 0)
+
+ feed.add_item(
+ title=article["title"],
+ link=f"{SITE['url']}/blog/{article['file']}",
+ author_name=SITE["author"],
+ pubdate=date,
+ description=article["html"],
+ )
+ with open(f"{OUTPUT_DIR}/{SITE['feed_path']}", "w") as f:
+ feed.write(f, "utf-8")
+ generate_website(content)
+
+
+if __name__ == "__main__":
+ main()
blob - ef021c81c338c6c00c3db9f9530addd1e1f66a8d (mode 644)
blob + /dev/null
--- content/2FA-with-ssh-on-OpenBSD.md
+++ /dev/null
@@ -1,239 +0,0 @@
-Title: 2FA with ssh on OpenBSD
-Date: 2018-08-31
-Category: Tech
-
-Five years ago I wrote about [using a yubikey](./yubikey.html) on OpenBSD. The
-only problem with doing this is that there's no validation server available on
-OpenBSD, so you need to use a different OTP slot for each machine. (You don't
-want to risk a [replay attack](https://en.wikipedia.org/wiki/Replay_attack) if
-someone succeeds in capturing an OTP on one machine, right?) Yubikey has two
-OTP slots per device, so you would need a yubikey for every two machines with
-which you'd like to use it. You could use a
-[bastion](https://en.wikipedia.org/wiki/Bastion_host)—and use only one
-yubikey—but I don't like the SPOF aspect of a bastion. YMMV.
-
-After [I played with TOTP](./my-recent-journey-with-2FA.html), I wanted to use
-them as a 2FA for ssh. At the time of writing, we can't do that using only the
-tools in base. This article focuses on OpenBSD; if you use another operating
-system, here are two [handy](https://www.openbsd.org/faq/faq4.html)
-[links](https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/INSTALL.amd64).
-
-## [Seed configuration](#seedconfig) {: #seedconfig }
-
-The first thing we need to do is to install the software which will be used to
-verify the OTPs we submit.
-
-~~~
-# pkg_add login_oath
-~~~
-
-We need to create a *secret* - aka, the *seed* - that will be used to calculate
-the Time-based One-Time Passwords. We should make sure no one can read or
-change it.
-
-~~~
-$ openssl rand -hex 20 > ~/.totp-key
-$ chmod 400 ~/.totp-key
-~~~
-
-Now we have a hexadecimal key, but apps usually [want a base32
-secret](https://github.com/mattrubin/Authenticator/blob/develop/Authenticator/Source/TokenEntryForm.swift#L214).
-I initially wrote a small script to do the conversion.
-
-While writing this article, I took the opportunity to improve it. When I
-initially wrote this utility for my use,
-[python-qrcode](https://github.com/lincolnloop/python-qrcode) hadn't yet been
-imported to the OpenBSD ports/packages system. It's easy to install now, so
-let's use it.
-
-Here's the improved version. It will ask for the hex key and output the secret
-as a base32-encoded string, both with and without spacing so you can copy-paste
-it into your password manager or easily retype it. It will then ask for the
-information needed to generate a *QR code*. Adding our new OTP secret to any
-mobile app using the QR code will be super easy!
-
-~~~
-#!/usr/bin/env python
-
-# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
-# Version 2, December 2004
-
-# Copyright (C) 2018 Daniel Jakots
-
-
-import binascii
-import base64
-import sys
-
-try:
- import qrcode
-except ModuleNotFoundError:
- print("pkg_add py3-qrcode")
- sys.exit(1)
-
-seed_hex = input("Key in hex format ")
-
-binary_string = binascii.unhexlify(seed_hex)
-seed_b32 = base64.b32encode(binary_string).decode('utf-8')
-
-print("The secret in a base32 encoded format")
-print(seed_b32)
-
-print("The same, but with a space every three letters for readability")
-print(' '.join([seed_b32[i:i+3] for i in range(0, len(seed_b32), 3)]))
-
-print("Let's create a QR code to import it into an app")
-issuer = input("'Issuer' (can be the server name) ")
-username = input("Username ")
-
-uri = f"otpauth://totp/{username}?secret={seed_b32}&issuer={issuer}"
-img = qrcode.make(uri)
-image_file = open(f"qrcode-otp-{issuer}.jpg", "wb")
-img.save(image_file)
-~~~
-
-You can fetch this script using `ftp
-https://chown.me/iota/blog/totp-hex-to-qrcode.py`. (The code isn't in any of
-my public repositories for
-[reasons](https://chown.me/iota/blog/issues-public-repo.jpg)).
-
-We can check to make sure everything went smoothly by comparing the code
-provided by your mobile app to one generated by *oathtool* at the same time.
-The *oathtool* binary is provided by the package *oath-toolkit* (which is the
-dependency needed by *login_oath*). *oathtool* accepts the seed in either
-hexadecimal or base32 format.
-
-~~~
-$ oathtool --totp 0123456789abcdef0123
-054640
-$ oathtool --totp -b AERUKZ4JVPG66AJD
-054640
-~~~
-
-*0123456789abcdef0123* is the *seed* in hexadecimal format (as in
-`~/.totp-key`) and *AERUKZ4JVPG66AJD* is the same data, but base32-encoded.
-
-Alternatively, if you just want to do the hex -> b32 conversion, *login_oath*'s
-README gives a Perl example (but it is not an unreadable one-liner, so you may
-not want to use it):
-
-~~~
-Some tokens (e.g. Google Authenticator) require secrets in base32 format;
-you can convert them with p5-Convert-Base32:
-
-use Convert::Base32;
-my $s = pack('H*', '99d12448129d1e8192e063d64714209137a13864');
-print encode_base32($s)."\n";
-~~~
-
-## [System configuration](#sysconfig) {: #sysconfig }
-
-We can now move to the configuration of the system to put our new TOTP to use.
-As you might guess, it's going to be quite close to what we did with the
-yubikey.
-
-We need to tweak `login.conf`. **Be careful** and keep a root shell open at all
-times. The few times I broke my OpenBSD were because I messed with login.conf
-without showing enough care.
-
-After the lines:
-
-~~~
-# Default allowed authentication styles for authentication type ftp
-auth-ftp-defaults:auth-ftp=passwd:
-~~~
-
-we add:
-
-~~~
-# Default allowed authentication styles for authentication type ssh
-auth-ssh-defaults:auth-ssh=-totp:
-~~~
-
-and inside the class of the user account for which TOTP is being set, we add
-the line `:tc=auth-ssh-defaults:\`. For instance, in my case it's:
-
-~~~
-staff:\
- :datasize-cur=1536M:\
- :datasize-max=infinity:\
- :maxproc-max=512:\
- :maxproc-cur=256:\
- :ignorenologin:\
- :requirehome@:\
- :tc=auth-ssh-defaults:\
- :tc=default:
-~~~
-
-(Hint: it's the penultimate line). You can check the class of your user using
-`id -c`.
-
-## [sshd configuration](#sshdconfig) {: #sshdconfig }
-
-Again, keeping a root shell around decreases the risk of losing access to the
-system and being locked outside.
-
-A good standard is to use `PasswordAuthentication no` and to use public key
-only. Except... have a guess what the *P* stands for in *TOTP*. Yes, congrats,
-you guessed it!
-
-We need to switch to `PasswordAuthentication yes`. However, if we made this
-change alone, sshd would then accept a public key OR a password (which are TOTP
-because of our *login.conf*). 2FA uses both at the same time.
-
-To inform sshd we intend to use both, we need to set `AuthenticationMethods
-publickey,password`. This way, the user trying to login will first need to
-perform the traditional publickey authentication. Once that's done, ssh will
-prompt for a password and the user will need to submit a valid TOTP for the
-system.
-
-We could do this the other way around, but I think bots could try passwords,
-wasting resources. Evaluated in this order, failing to provide a public key leads to
-sshd immediately declining your attempt.
-
-Here's the diff of the output when testing with `ssh -v` using both public-key-only authentication and two-factor authentication:
-
-~~~
--debug1: Authentication succeeded (publickey).
-+Authenticated with partial success.
-+debug1: Authentications that can continue: password
-+debug1: Next authentication method: password
-+danj@198.51.100.12's password:
-+debug1: Authentication succeeded (password).
-~~~
-
-## [Improving security without impacting UX](#nouximpact) {: #nouximpact}
-
-My phone has a long enough password that most of the time, I fail to type it
-correctly on the first try. Of course, if I had to unlock my phone, launch my
-TOTP app and use my keyboard to enter what I see on my phone's screen, I would
-quickly disable 2FA.
-
-To find a balance, I have whitelisted certain IP addresses and users. If I
-connect from a particular IP address or as a specific user, I don't want to go
-through 2FA. For some users, I might not even enable 2FA.
-
-To whitelist, we can use the *Match* keyword. Here are two basic examples:
-
-~~~
-Match User git
- AuthenticationMethods publickey
-~~~
-
-~~~
-Match Address 203.0.113.47 # VPN
- AuthenticationMethods publickey
-~~~
-
-<br/>
-
-To sum up, we covered how to create a seed, how to perform a hexadecimal to
-base32 conversion and how to create a *QR code* for mobile applications. We
-configured the login system with *login.conf* so that ssh authentication uses
-the TOTP login system, and we told sshd to ask for both the public key and the
-Time-based One-Time Password. Now you should be all set to use two-factor
-ssh authentication on OpenBSD!
-
-<br/>
-
-*Thanks [Pamela](https://bsd.network/@pamela) for the proof-reading!*
blob - 381f6a657ba99f67fd49b44552e825cf996b8451 (mode 644)
blob + /dev/null
--- content/about.md
+++ /dev/null
@@ -1,69 +0,0 @@
-Title: About
-Date: nope
-Category: othercontent
-
-## Hey, I'm Daniel
-
-I work as a system and network engineer in Montreal where I have been living since the end
-of 2016. In my spare time, I [contribute](http://oxide.org/cvs/danj.html) to
-[OpenBSD](https://www.openbsd.org), I
-[develop](https://github.com/danieljakots) in Python, and when it's hotter than
-10 Celsius, I ride my [single
-speed](https://twitter.com/Vigdis_/status/857378539057893378).
-
-[My cat](https://pics.chown.me/Jean-Canard/) goes by the name of *Jean Canard*.
-
-I've been a board member of the [QIX](https://qix.ca/), the
-[Internet Exchange Point](https://en.wikipedia.org/wiki/Internet_exchange_point)
-in Montreal.
-
-Previously, I've been involved in a couple of non-profits such as
-[Franciliens.net](https://www.franciliens.net/), [FFDN](https://www.ffdn.org/),
-and [Nos oignons](https://nos-oignons.net/). At the time I was living in
-France. Before I came to Montreal, I lived for eight years in Normandy
-(Caen and Rouen) and one year in Brittany (Rennes).
-
-I have the Canadian and French citizenships.
-
-You can read quotes from me in
-[Le Monde](http://www.lemonde.fr/technologies/article/2013/04/23/la-police-japonaise-recommande-le-blocage-du-reseau-tor_3164344_651865.html)
-and in [Amaelle Guiton](https://twitter.com/amaelle_g)'s book
-[Au coeur de la résistance numérique](http://hackers.micro-ouvert.net/).
-
-## Corporate Biography
-
-Daniel is a Python Developer focusing on DevOps methodologies. Curious by
-nature, his interests lie in the development of web applications, as well as
-their deployment, performance optimization, availability and security.
-
-During his studies, Daniel cultivated his passion for Information Technology.
-He first pursued the world of the command line on Ubuntu, then strove to
-develop his skills in system administration, followed by network
-administration. Heavily motivated toward leveraging his skills for community
-enrichment, Daniel has been involved in various non-profit organizations
-working to provide better Internet access.
-
-Daniel began his professional life as a system and network administrator in a
-server management company. Servicing small and medium-sized businesses, the
-focus of this work was technical administration for businesses lacking in-house
-resources, such as communications agencies. Managing the large number of
-servers required to meet customer needs helped him to recognize the utility of
-automation in deployment and server management.
-
-Having reached an end to the learning opportunities available within the
-non-profit sector, Daniel turned to open source contribution to further develop
-his skills. He began to submit patches with improvements to the OpenBSD
-project. After a year, Daniel was invited to join the small team of OpenBSD
-developers, and now works with developers worldwide to improve and maintain the
-project.
-
-Seeking a life change, Daniel took advantage of his dual national status and
-emigrated to Montreal. He continued to work as a system and network
-administrator, managing Ansible machines running OpenBSD that manage the
-network for a small host and network operator. To accomplish various tasks, he
-developed and deployed Python code at every opportunity.
-
-Eventually, Daniel decided to stop resisting his passion for Python and open
-source communities. He switched his focus to the world of development, seeking
-to bridge his primary interests and better understand operations from another
-perspective.
blob - 982df4595cc52b0ce523b8690a2c4f9a664b2780 (mode 644)
blob + /dev/null
--- content/blog-improvements.md
+++ /dev/null
@@ -1,35 +0,0 @@
-Title: Improvements to this blog
-Date: 2020-06-16
-Category: Tech
-
-This article announces a new version of this blog. Available right now!
-
-In my [previous article](./pics2html), I said that "seeing how easy writing a
-static site generator was made me want to write one for my blog," and that's
-what I did! I initially wrote a very long article to tell the whole story, but
-then I decided I didn't want to have such a long article here. Here's a short
-version.
-
-Basically, I used a small subset of all the features pelican provides. Writing
-my own software gives me more control. However, with great power comes great
-ownership of the code, since I doubt anyone else is going to touch my code. But
-I like it.
-
-Here's a short list of the changes:
-
-* Cleaner and much simpler CSS.
-* Related to the previous point, the text is always centered. It was not
- exactly easy to achieve this, hence the joke in the footer.
-* HTML headers (like h2 and h3) have now HTML anchors to make it easy to share
- specific parts of a post.
-* No more sharing buttons. I doubt they were used (but what do I know?) and
- copying and pasting a link is not that hard. Less clutter on the interface,
-so it's an improvement.
-* I have a contact page. I hope it will make the experience better for
- everyone.
-* No breakage. I was careful to keep the same link for most things. Please let
- me know if you notice otherwise!
-* [Clean URL](https://en.wikipedia.org/wiki/Clean_URL). But to keep everything
- working as before, all pages will be reachable with the .html extension as
- well.
-* New pygment style (for inline code), which I think is nicer.
blob - 5415cf9db0be4c2bf31ad1f8ec8dfc5842ba4c90 (mode 644)
blob + /dev/null
--- content/contact.md
+++ /dev/null
@@ -1,17 +0,0 @@
-Title: Contact
-Date: nope
-Category: othercontent
-
-Please refrain from contacting me with offers. I'm not interested in linking to
-any of your shitty content as part of my web presence, nor do I want to receive
-anything that includes the words "guest post."
-
-If you are friendly and not seeking profit, you can contact me by email, using
-"blog" as the
-[local-part](https://en.wikipedia.org/wiki/Email_address#Syntax). Otherwise
-you can `/query` me on irc under the nick Vigdis (but I may be connected only
-to freenode). I'm also on the [fediverse](https://awoo.chown.me/@vigdis).
-
-While I have a twitter account, it is not actively monitored, so for
-emergencies, please dial 911 or the [appropriate
-number](https://en.wikipedia.org/wiki/Emergency_telephone_number).
blob - 63053c253daaf2889082793859928886072e2f74 (mode 644)
blob + /dev/null
--- content/dumping-pics.md
+++ /dev/null
@@ -1,27 +0,0 @@
-Title: Dumping pics
-Date: 2017-11-04
-Category: Mylife
-
-A few years ago I bought a camera (a Canon 100D) and since that I take
-pictures from time to time. I go through all the pics I take and I
-pick the best then I enhance them a bit with rawtherapee and finally I
-post them on [500px](http://piks.chown.me). This process is a bit
-*relou* so I don't often do it. Of course I don't always have my camera
-with me, but I do have my phone most of the time.
-
-I take a lot of pictures with my phone and I sometimes post them on
-some social networks. All these social networks I'm on, are based on
-ephemeral publications so after a **short** while, the stuff goes out
-of your mind and you never see it again.
-
-I looked for a self-hostable solution. I found PHP-based software like
-leetchi and piwigo but I wasn't fond of these. I looked at static
-generators as I already use one (pelican) for this blog. Sadly, there
-are maaaanyyyy of them for blogs and text-based publications but for
-gallery there very few static generators. Finally I found
-[sigal](https://github.com/saimn/sigal) which is maintained, written
-in python, quite nice and very straight forward to use.
-
-Here's the result: <https://pics.chown.me/> (with among other themes,
-as of now, 229 pics of my delicious kitten *Jean Canard*).
-
blob - 376b8ddae33f963dbe6eb9d26dee170d55274eed (mode 644)
blob + /dev/null
--- content/infrastructure-2019.md
+++ /dev/null
@@ -1,243 +0,0 @@
-Title: My infrastructure as of 2019
-Date: 2020-03-06
-Category: Tech
-
-I've wanted to write about my infrastructure for a while, but I kept thinking,
-"I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle
-never ends, so I decided to write about its state at the end of 2019. Maybe
-I'll write an update on it in a couple of moons; who knows?
-
-## [Goal for this infrastructure](#goal) {: #goal }
-
-The goal for my infrastructure is to run the services I need. While a lot of
-people in the homelab community experiment and play with software for its own
-sake, I actively use the stuff I host. When I stop, I kill the service (though
-I'm not as proficient at this as [Google](https://killedbygoogle.com/)). These
-are my production systems, and when one of them is down, I do miss it.
-
-I kind of enjoy working on this infrastructure, but not that much (I used to
-enjoy it more), so I'm careful with the software I choose. I want to spend time
-on it when *I want to*, not because *I have to* (e.g. because something broke).
-Consequently, I do my best to pick reliable, boring and easy software. Those
-are my kinks.
-
-Why do I host this myself? Mostly trust issues, and the fact that I care about
-sovereignty.
-
-I tend to lock down services as much as I can, either cutting them off
-completely from the Internet (e.g. for *imap*) or running them on a
-non-standard port and [enabling 2FA](./2FA-with-ssh-on-OpenBSD.html). I don't
-use a VPN (mostly because I haven't come up with a nice, clean option yet), so
-I restrict access to my services in different ways.
-
-For most things, I'm the only user, which is both sad (as it's a waste of
-resources) and great (as I can be more nimble). A notable exception is my
-mastodon instance which is also used by [my
-cat](https://awoo.chown.me/@jeancanard).
-
-## [Machines](#machines) {: #machines }
-
-My machines are hosted in 3 different places. First is at
-[Exoscale](https://www.exoscale.com/), second is
-[Vultr](https://www.vultr.com/) and the third is... my flat.
-
-All of them run either OpenBSD on its -current branch, or the latest version of
-Ubuntu. At this time, that's Ubuntu 19.10. After a couple of years working on
-OpenBSD ports (i.e. packaging), I believe fresh software is better,
-security-wise.
-
-They're managed with Ansible. I began my Ansible repository 4 years ago and it
-has about 1500 commits in it. I wrote the Ansible to fit my needs rather than
-making generic (and therefore reusable) roles, so it's not public.
-
-I update the OpenBSD machines regularly to a newer OpenBSD snapshot (so of
-course the process has been
-[automated](./upgrading-openbsd-with-ansible.html)). For Ubuntu, I prefer to
-reinstall them, since they're managed by Ansible and they don't have any data
-on them. Reinstalling machines regularly helps spot missing pieces in Ansible.
-:P
-
-All the three sites are as
-[standalone](https://en.wikipedia.org/wiki/Loose_coupling) as possible. This is
-both so that in the case that one gets pwned it won't help the attacker to
-[move laterally](https://en.wikipedia.org/wiki/Network_Lateral_Movement), and
-so that if one is unavailable it shouldn't impact anything else.
-
-### [ns3.chown.me (OpenBSD)](#ns3) {: #ns3 }
-
-It's my secondary name server and as you can guess, it replaced ns2. It's the
-only machine that I don't back up, since I can replace it with my Ansible
-without losing data.
-
-It's hosted by *Vultr*. I mostly picked them because they offer OpenBSD
-hosting. This virtual machine is in Toronto and has 1 CPU and 512M of ram.
-(Disk space is not relevant here).
-
-I wanted a different hosting provider/AS than my main name server for obvious
-reasons of resiliency. Every now and then I think about using another name
-server (whether instead of this machine or in addition to it, I don't know)
-provided by my registrar (Gandi), but it has a low priority on my todo list.
-
-The name server I use is *NSD*. I could use another one (like *knot*) as my
-main name server also uses *NSD*, but the issues related to running the same
-software on both aren't that serious in my case.
-
-Since this machine doesn't do much otherwise, it's running
-[mownitoring](https://github.com/danieljakots/mownitoring) to check that
-everything works.
-
-### [virtie.chown.me (OpenBSD)](#virtie) {: #virtie }
-
-This virtual machine is the main one in my infrastructure. A moment ago your
-browser connected to it to get this page. :)
-
-It's hosted by Exoscale (with whom my experiences have been nothing less than
-perfect). It's my oldest VM (4 or 5 years old). It has 1 CPU, 1G of ram and 50G
-of disk space.
-
-To host my blog I use OpenBSD's httpd which is fronted by *HAProxy*. While I
-could remove *HAProxy*, I like this software and I trust it [more
-than](https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig)
-[httpd](https://github.com/openbsd/src/commit/49b1a9b154081c713af219b2422adaf51ca2584d).
-
-In addition to hosting my blog, it hosts my email. I switched to *postfix* in
-the beginning of 2019 after a couple of years running *OpenSMTPD*. Since I
-switched to *postfix* I also dropped *spamd* (the OpenBSD greylisting daemon).
-I enabled [FCrDNS](https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS)
-on *postfix* when I switched (at the time it was not available on *OpenSMTPD*)
-and I didn't notice more spam. I use *Dovecot* for imap with only my IP
-allowed. I can easily allow another IP address with `pfctl -t imap_allowed -Ta
-203.0.113.47`.
-
-I've never really had deliverability problems (except with Microsoft, but who
-can say they haven't?) I assume my IP has a good reputation, which is why this
-VM is the oldest, as I've been reluctant to lose it.
-
-This machine also hosts a *gitolite* for a couple of different internal git
-repositories.
-
-### [pancake.chown.me (OpenBSD)](#pancake) {: #pancake }
-
-This machine is an [APU2](https://pcengines.ch/apu2.htm). It acts as a router
-for my flat. Since it's way more powerful than necessary for this task, I put
-some other stuff on it. It's a trade-off between increasing the attack surface
-of a critical machine and leaving a lot of CPU/RAM/SSD unused.
-
-I collect [flows](https://en.wikipedia.org/wiki/NetFlow) on it, which in my
-opinion are super cool!
-
-It also hosts influxdb + grafana and some machines send their metrics with
-collectd ([which allow signing/encrypting the network
-traffic](https://collectd.org/wiki/index.php/Networking_introduction#Cryptographic_setup)).
-This doesn't work well for a couple of reasons, so it's waiting to be replaced.
-
-### [kvm1, and sometimes kvm2 (Ubuntu)](#kvm) {: #kvm }
-
-These machines are hosted at home. kvm1 is the main machine, and kvm2 is the
-machine I use to play Windows games on another SSD. I boot on the Ubuntu SSD
-whenever I want to do something on kvm1 and then I live-migrate guests on it so
-I don't experience any downtime. I use full disk encryption on the guests, so
-live-migrating (instead of rebooting them) allows me to avoid having to
-manually unlock each guest. I encrypt the guests and not the kvm because in the
-event of a power outage, machines may come back on, in which case I don't want
-them to wait for the passphrase if I'm away. Some hacks could be done to
-encrypt them as well, but I'm not willing to do them since they're overkill for
-my threat model.
-
-Both machines have an i5-4590. kvm2 has 4x4G of ram with a 256G SSD (which is
-enough for the kvm system and all the guests). kvm1 also has a 256G SSD but
-while its ram layout would make anyone sensible cringe, it amounts to 20G of
-ram! I don't use RAID. kvm0 (the machine they replaced) used to and I wasn't
-sure it would work (and I couldn't test it safely since it was my only
-machine).
-
-To manage this part of the infrastructure I wrote a [python
-script](https://github.com/danieljakots/uv). This script is kind of a wrapper
-around libvirt, which itself is kind of a wrapper around qemu, which itself
-[wrangles turtles](https://en.wikipedia.org/wiki/Turtles_all_the_way_down).
-Contrary to what other people run, I think, a guest disk isn't a qcow2/raw
-file. I don't want to pile filesystems on one another, so I manage guests'
-disks on the hypervisor with LVM directly. I tend to have multiple disks to
-bring more flexibility to the disk layout/partitioning than OpenBSD would,
-thanks to LVM.
-
-It hosts all the following virtual machines:
-
-### [manicouagan1 (OpenBSD)](#manicouagan1) {: #manicouagan1 }
-
-This machine's name dates from back when I used names from Québec to name my
-machines. The name comes from the [Manicouagan
-Reservoir](https://en.wikipedia.org/wiki/Manicouagan_Reservoir), as this
-machine is where I put my backups.
-
-My backups are in three different places:
-- locally, i.e. each machine stores its backup on itself
-- *manicouagan* copies all the backups onto itself
-- *manicouagan* ships the backups to an s3-like provider
-
-I use *BorgBackup* for the backup, *rsync* to copy them onto *manicouagan* and
-*s3cmd* to ship them away. I tried to use *rclone* but it used more ram. Once,
-I was away from my place for a long time, and my whole infra there became
-unreachable, so I decided to temporarily host stuff on the cloud in the
-meantime. I had to restore those backups and it went so nicely that I'm not
-looking to change anything. Borg is awesome!
-
-This machine is also a syslog server to which all my OpenBSD machines ship
-their logs. Thanks to OpenBSD syslogd (bluhm@ <3), it uses TCP+TLS with a
-private PKI. This is mostly in case one machine gets hacked, to help with
-[forensics](https://en.wikipedia.org/wiki/Forensic_science).
-
-I wrote a short script that shows me the largest data transfers on my router. I
-use this to check that the backups are alive (I receive emails if the
-*BorgBackup* script fails, but isn't that less fun? :))
-
-### [db1 (OpenBSD)](#db1) {: #db1 }
-
-This machine hosts postgresql and redis. Two boring pieces of software which I
-love. Redis requires so little care that when I moved from db0, I forgot I had
-it!
-
-### [web1 (OpenBSD)](#web1) {: #web1 }
-
-This machine runs nginx for my whole web presence excluding my blog. It hosts
-*nextcloud*, *tt-rss*, *shaarli* and pics.chown.me (whose content I should
-update).
-
-Have you ever thought, "naah I'm too much paranoid"? Yeah, me neither. A few
-months ago, I restricted all the non-static websites (with the exception of
-Mastodon) behind an *htpasswd*. There was some value in having them publicly
-accessible, but at the time I thought it was not worth the risk. The php-fpm
-pools should be secure (they have their own users, they're chrooted and so on)
-but I'm not entirely sure I'm doing this stuff properly and it is such a pain
-to get it working that I'm not willing to look into it more than that.
-
-Nginx also acts as a reverse proxy for the docker containers that run on
-another machine. Finally, it hosts *minio* for *mastodon*.
-
-### [docker2 (Ubuntu, obviously)](#docker2) {: #docker2 }
-
-This machine runs a few docker containers through *docker-compose*:
-- 3 containers for *mastodon* (*ruby on rails* stuff, a node api and *sidekiq*)
-- container running the code I wrote for api.chown.me; it's a *flask*
- application
-- registry:v2 that I have simply to ease the transfer of docker images
-
-I build all the docker images I run myself (except for the registry one).
-
-My policy regarding those containers is that they must not store any data
-locally (i.e. they don't have a *docker volume*). This allows me not to care
-about backups. The *docker-compose.yml* is tracked in my personal git, so I can
-trash the VM any time.
-
-api.chown.me is for now mostly a way to sync a list of IPs to block on my whole
-infra. This way, if an IP is acting badly on one machine, it doesn't get to try
-its luck on another of my machines. This list is also supplemented by public
-lists of threats.
-
-## [That's it for now](#end) {: #end }
-
-Currently, my infrastructure is good at meeting my needs. It's not perfect, of
-course, and it's a perpetual work in progress. But it's stable, and usually the
-most I need to do is quickly patch some security vulnerabilities. Since most
-of the resources I use come from reused computers hosted at my place, I'm able
-to keep the cost (both financial and ecological) really low.
blob - c2b4e248958e04296a886321fff5a74298eaeb14 (mode 644)
blob + /dev/null
--- content/launching-my-newsletter.md
+++ /dev/null
@@ -1,85 +0,0 @@
-Title: Launching my newsletter
-Date: 2019-01-25
-Category: Mylife
-
-## [Social media](#socialmedia) {: #socialmedia }
-
-### [Blogging...](#blogging) {: #blogging }
-
-I created this blog a few years ago because I wanted to talk about the stuff I
-was experimenting with, and in my opinion it was cool to have a blog. I still have
-the same opinion, but now I'm using the blog more like a portfolio. I like it
-because I take a lot of care with it and I like to build high quality stuff. However,
-it takes me. So. Much. Time. I have to be really enthusiastic about something to
-write about it.
-
-### [...and micro-blogging](#microblogging) {: #microblogging }
-
-More or less at the same time, I created my Twitter account. I've used it for
-multiple years and I have realized the way it was architected to influence users was obnoxious and the way I was using it made it even worse.
-
-Then came Mastodon, and while there is lot to bit^Wsay about it, many things
-are much better. The community is much more friendly, and I can self-host my own
-instance. (Who doesn't like to host a RoR application with all the software it
-needs, PostgreSQL, Redis, Elastic Search, Nginx, and about twelve others?)
-
-My use evolved from the Twitter game of trying to get new followers to...
-well, I'll just quote a friend I met there: ["Please talk to me before you
-follow me! I am on Mastodon to make friends and be part of a
-community."](https://octodon.social/@stoof/101360489620753545). Nonetheless, my
-micro-posts there are still somewhat shallow. Even though I have 500 characters for
-each post, I don't feel the medium is the right one to allow me to express myself deeply.
-Which is perfectly fine, because I enjoy shitposting and bitching about a wide
-spectrum of things!
-
-## [In between](#inbetween) {: #inbetween }
-
-### [Why?](#why) {: #why }
-
-I'll be honest and tell you what happened. Recently, I read [Going old school: how I
-replaced Facebook with
-email](https://blog.chaddickerson.com/2019/01/09/replacing-facebook/). In his
-blog article, the author explained that he created a newsletter to replace the role that had been held by the Facebook account he disabled. I really liked the idea and wondered
-if I could justify creating my own newsletter, especially since I had just
-been working on my email setup and wanted to put it to good use. I eventually
-decided to just create one.
-
-I think that having something between my blog, for which writing takes a lot
-of time and Mastodon, where I express myself but in a more volatile setting, would be nice!
-
-The goal is to have something where I can share my feelings and my thoughts
-without putting things on the public Internet (and avoiding the dread of judgment)
-with a format closer to a blog article than to a micro-post on Mastodon. I hope to
-create an environment more friendly to replies than what my blog articles
-currently provide (as there isn't a system for comments). I'm also
-curious about how the social interaction will happen. Lastly, I'll do it for
-myself, as a writing exercise.
-
-### [What?](#what) {: #what }
-
-I plan to talk about my life, what I have been doing lately or a
-particular subject I care about. My frequency goal ranges between multiple times a
-week for a busy period to at least once per month. I'm not sure yet how I'm
-going to do it, technically-speaking, but I won't use any external services.
-
-Of course, I won't share your email address with anyone (including other
-subscribers, i.e. I won't use a giant Cc:) and of course you'll receive solely
-my newsletter and no other emails (ads or whatever). I don't have anything to
-sell, anyway. [Especially if you get two acquaintances of yours to
-subscribe!](https://en.wikipedia.org/wiki/Pyramid_scheme#The_%22eight_ball%22_model)
-There won't be a web interface or anything, so subscribing and unsubscribing
-will require you to email me as the goal is also to experiment with human
-interaction, since nowadays there is less and less of that.
-
-Of course, you won't get access to the previous newsletters, only the
-subsequent ones. (Maybe the previous one?)
-
-### [How can I subscribe?](#subscribe) {: #subscribe }
-
-If you're curious about this experiment and want to be part of it, please send an email
-to newsletter at chown dot me!
-
-<br/>
-
-*Thanks [Pamela](https://bsd.network/@pamela) for the proof-reading!*
-
blob - 09551c246cf067c611daebbe22d0f1726622f3ef (mode 644)
blob + /dev/null
--- content/locking-openbsd-when-sleeping.md
+++ /dev/null
@@ -1,66 +0,0 @@
-Title: Locking OpenBSD when it's sleeping
-Date: 2018-10-08
-Category: Tech
-
-I frequent the #openbsd IRC channel in order to help people. A question
-commonly asked is how to automatically lock your machine when
-putting it to sleep with zzz(1). I answered this question in a
-previous article (which was actually written four years ago; time flies!) but
-it was written in French, so here's a new one, also covering additional related topics.
-
-## [Locking the machine when it is put to sleep](#locking) {: #locking }
-
-If you read [apmd(8)](https://man.openbsd.org/apmd.8):
-
-~~~
-FILES
- /etc/apm/suspend
- /etc/apm/hibernate
- /etc/apm/standby
- /etc/apm/resume
- /etc/apm/powerup
- /etc/apm/powerdown These files contain the host's customized actions.
- Each file must be an executable binary or shell
- script. A single program or script can be used to
- control all transitions by examining the name by
- which it was called, which is one of suspend,
- hibernate, standby, resume, powerup, or powerdown.
-~~~
-
-The trick is to write a script for 'etc/apm/suspend' to run when zzz is called
-(either directly or by [closing the
-lid](https://github.com/openbsd/src/blob/master/etc/etc.amd64/sysctl.conf#L3)).
-For instance, the script I'm using is:
-
-~~~
-#!/bin/sh
-doas -u danj env DISPLAY=:0 XAUTHORITY=/home/danj/.Xauthority xlock &
-~~~
-
-It requires:
-
-- configuring doas, *left as an exercise to the reader* ;)
-- running apmd (hashtag rcctl)
-- an executable script
-
-## [Locking it further](#lockingfurther) {: #lockingfurther }
-
-This is off to a good start, but if you are a *startx* user (versus using xenodm), be sure to run `exec startx` and not just `startx`. Otherwise, it is possible to kill X and then access the shell.
-
-If you don't set a maximum lifetime for your `ssh-agent`, you should clear your identities using `ssh-add -D`. You should also revoke any `sudo` permissions with `sudo -K`. `doas` doesn't work the same way, so `doas -L` won't help you much. (You have elevated permissions only in the current shell, not account-wide).
-
-You might want to clear your clipboards, as well. Use something like: `xsel -c -p; xsel -c -s; xsel -c -b`.
-
-Of course, if you use other authentication mechanisms (GNOME keyring, ssh's
-Control\*, etc.), you should handle those as well.
-
-## [Beware of the cat](#cat) {: #cat }
-
-Now that I have a [Captive Advanced
-Threat](https://awoo.chown.me/@jeancanard), I feel the need to automatically lock the screen after it has been idle for a short while. You can achieve this using `xidle`. The [man
-page](https://man.openbsd.org/xidle.1) is sufficiently descriptive that I won't talk about that further.
-
-
-<br/>
-
-*Thanks [semarie](https://maly.io/@semarie) for the technical proof-reading and [Pamela](https://bsd.network/@pamela) for the English proof-reading!*
blob - d66b184ca557f07a630c9fee0ee74802d55e80a2 (mode 644)
blob + /dev/null
--- content/my-recent-journey-with-2FA.md
+++ /dev/null
@@ -1,156 +0,0 @@
-Title: My recent journey with 2FA
-Date: 2017-02-26
-Category: Tech
-
-## [2FA](#2FA) {: #2FA }
-
-Of course by 2FA I mean
-[two-factor authentication](https://en.wikipedia.org/wiki/Multi-factor_authentication).
-
-I've been using that for a long time for ssh with
-[my yubikey on OpenBSD](./yubikey-en.html) but I've never enabled 2FA
-on the online services I use. The main reason for not doing it before was
-that I thought that my phone had to play a central role (which in fact
-is not much the case). While it's the most critical device I have, my
-phone is the device I trust the least.
-
-However, yesterday I saw a comment on lobste.rs asking about
-[how to use TOTP on OpenBSD](https://lobste.rs/s/1cyltz/two_factor_authentication_now_available/comments/a9xvvg#c_a9xvvg).
-In addition to that, I guess seeing
-[what happened to cloudflare](https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/)
-and everything what's happening if you want to cross the US border
-made me more interested in 2FA than before.
-
-So I began to look into how it works.
-
-## [How it works](#how) {: #how }
-
-The concept of 2FA is that you may lose your password (or your ssh
-key) and in that case the person who takes control of it can
-successfully impersonate you. The goal is that a login system will
-require something else to verify that it's really you.
-
-One way to achieve this is to use SMS but that sucks: [circumventing it
-is not even restricted to Nation State Actors](http://www.baltimoresun.com/features/baltimore-insider-blog/bal-black-lives-matter-activist-deray-mckesson-s-twitter-hacked-friday-morning-20160610-story.html).
-
-Another can be something biometric but then users need to access to a
-scanner which is quite impractical in every day life. Even if iPhones
-have a fingerprint reader, it's not usable by third parties.
-
-It must be something that keeps changing otherwise it's both
-subject to replay attack and it's just another password.
-
-Here comes the OTP.
-
-## [One Time Password](#OTP) {: #OTP }
-
-One Time Password was defined in
-[RFC2289](https://tools.ietf.org/html/rfc2289) (which is quite old:
-February 1998). Then they made HOTP (H is for *HMAC-Based*) in
-[RFC4226](https://tools.ietf.org/html/rfc4226) and finally the TOTP (T
-is for *Time-Based*) in [RFC](https://tools.ietf.org/html/rfc6238)
-which is an extension of the HOTP to support the time-based moving
-factor.
-
-To understand in more details you can either read in the RFC4226
-[5.4. Example of HOTP Computation for Digit = 6](https://tools.ietf.org/html/rfc4226#page-7)
-and then the short RFC6238 or you can just read this [random blog
-article on the Internet which explains clearly the same thing](https://pthree.org/2014/04/15/time-based-one-time-passwords-how-it-works/).
-
-### [tl;dr](#tldr) {: #tldr }
-
-There's a secret shared and then you compute the HMAC-SHA1 of the
-shared secret and epoch.
-
-### [Wait, did you just say sha1?!?1?](#sha1) {: #sha1 }
-
-Even if there's now a sha1 collision, it's not really a problem. To
-quote Schneier: "[collision] pretty much puts a bullet into
-SHA-1 as a hash function for digital signatures (although it doesn't
-affect applications such as HMAC where collisions aren't important)."
-([source](https://www.schneier.com/blog/archives/2005/02/sha1_broken.html))
-
-And for a more complete answer, see this
-[answer](http://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure).
-
-## [How to use it](#howuse) {: #howuse }
-
-### [Don't be locked out](#lockedout) {: #lockedout }
-
-I wanted to use my phone (something distinct that my computer to
-compartment things a bit). Obviously the goal is to secure your
-account without losing it so that means that losing your phone
-shouldn't prevent you to retrieve access to your accounts. Unusable
-security is unusable.
-
-If you read about 2FA, you'll see that some services that provide it,
-give you some backup code to not to be locked out. But I don't want to
-locked out from services don't provide backup codes either.
-
-So my phone must not be a single point of failure.
-
-We saw earlier that {T,H}OTP are based on a shared secret so let's
-backup it.
-
-### [Backuping shared secrets and backup codes](#backups) {: #backups }
-
-For my regular passwords, I use keepassx which is shared/backuped across my
-different computers. I created another database to store those. Of
-course you shouldn't use the same database to keep your passwords and the
-other secrets in case of you leak one of the two database's password.
-
-### [Clients](#clients) {: #clients }
-
-#### [Android phone](#android) {: #android }
-
-Now that I'm ready to activate 2FA, let's see how to use it. The plan
-is to use my android phone. On the
-[Time-based One-time Password Algorithm Wikipedia page](https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm)
-there was a list of clients but sadly it was deleted.
-You can still find it
-[in the history](https://en.wikipedia.org/w/index.php?title=Time-based_One-time_Password_Algorithm&oldid=724156353#Client_implementations).
-
-I wanted a FOSS application and Google Authenticator is now closed
-source so I went with FreeOTP which is not completely dead compared to
-others (but it's not thriving either), so far it works good.
-
-#### [OpenBSD](#OpenBSD) {: #OpenBSD }
-
-In the case I don't have a phone, I still want to be able to
-log in my different accounts. In the lobste.rs' link that I gave at the
-beginning of this article, someone mentioned oath-toolkit which works
-very easily:
-
- $ oathtool --totp -b deafcafe
- 405723
-
-(with deafcafe being the shared secret).
-
-## [Activating it](#activation) {: #activation }
-
-Now that we're ready to use it, let's do it. So where to activate
-it? Actually, there's [a cool site](https://twofactorauth.org/) that
-lists services that provide or not (and then you can shame them on
-twitter) 2FA with a link to the service's documentation.
-
-### [My Feedback](#feedback) {: #feedback }
-
-So far I activated 2FA on about half a dozen of website. The first one was
-the [RIPE NCC](https://www.ripe.net/) (if you don't want people to
-steal your precious IP addresses and/or your atlas credit) and it was
-actually a good one to try it.
-
-To activate it usually the website gives you a qrcode which is in fact
-just a URL looking like:
-
- otpauth://totp/Example:foo@example.com?secret=DEAFCAFE&issuer=Example
-
-which is fine for my phone but sadly my eyes can't decode qrcode and I
-need the shared secret to put it my keepassx. Most of the time
-websites gives you by default the qrcode but also gives you the
-possibility to access the shared secret.
-
-For now, everything works fine, I use my phone to unlock my different
-accounts and if anything happens to it, I can just unlock my second
-keepassx database and use oathtool (or use a backup code) to get my
-account back.
blob - 277edd95d9b41815d439219acb99ecad34d78345 (mode 644)
blob + /dev/null
--- content/new-design.md
+++ /dev/null
@@ -1,39 +0,0 @@
-Title: New design
-Date: 2018-04-13
-Category: Tech
-
-
-In June this blog will be five years old. Since [I created it](./blog.html), it
-has had the same design. A few weeks ago I looked for a new theme. I found
-[pelican-blue](https://github.com/Parbhat/pelican-blue) which I liked. For my
-first theme, I took it from someone and shortly after someone took it from me.
-This time I wanted something more unique.
-
-I took pelican-blue and hammered the CSS so people would notice I love the
-color [*red*](https://en.wikipedia.org/wiki/Red). At home, my sheets are red, my bath towel is red, my couch is
-red, my curtains are red. Even the ribbon Jean Canard plays with is [red](https://pics.chown.me/Jean-Canard/IMG_0675.JPG).
-
-I noticed a couple of things that were broken with the theme so I had to fix
-them. Now I have to go back to my commit log to tell the original author as a
-way to contribute back.
-
-At first, my blog URL was `blog.chown.me`. Then I wanted https but I couldn't
-have another domain because back then free (and valid—hi cacert) certificates
-weren't a thing, I moved it to `chown.me/blog`. To welcome stalk^Wvisitors I
-had a landing page on `chown.me`. Now, however, I changed my mind and I prefer
-to have my blog index page directly on `chown.me`.
-
-I wanted to break as few links as possible—ain't nobody got time to write the
-otherwise needed haproxy redirection. I think I tweaked enough of my
-[pelican](https://blog.getpelican.com/) config file so that most of them are fine.
-Not all of them are; I had to break one or two because of translations.
-Fortunately, I was lazy enough to translate only a handful of articles so the
-breakage is minimal.
-
-To fix some past mistakes I had to go through old articles. It was a weird
-feeling to read my younger self. I wouldn't advise to read them haha. They're in
-French anyway.
-
-One of my 2018 New Year's resolution was to write more blog articles. With not a
-single one for the first quarter, you can guess it's not my best
-accomplishment. But hopefully, I'll finally do it.
blob - bd015f533a48b7081f4f4c8b17874fc6953fe7d6 (mode 644)
blob + /dev/null
--- content/p2k16.md
+++ /dev/null
@@ -1,89 +0,0 @@
-Title: Hackathon report - p2k16
-Date: 2016-08-11
-Category: Tech
-
-## [Getting an account](#account) {: #account }
-
-Since end of March I have had an OpenBSD account which means that I can do
-some commits on my own, the login I use is *danj*. I was then invited
-to [p2k16](https://www.openbsd.org/images/hackathons/p2k16.gif) which
-took place in Nantes, about 100kms from where I live (Rennes).
-
-## [Planning](#planning) {: #planning }
-
-I read most of hackathons report (if not all) on undeadly, and people
-often says that they had plans. So I thought I was going to do the
-same. Finally I did only a few things that I planned and other things
-I didn't plan at all :)
-
-## [Meeting people](#meetingpeople) {: #meetingpeople }
-
-Since 2013 I've been talking with jca@ (mainly about OpenBSD but not only),
-though I never had the chance to meet him. Finally at p2k16 I could
-finally meet him.
-
-I've also been talking on irc with landry@ for quite a long time, I
-was eager to meet him as I really appreciate him because we laugh
-together.
-
-I could also see again mpi@, who I didn't saw since my
-[internship](./some-news-from-my-internship.html).
-
-During the hackathon I could also talk with people that I had never
-talked to, before like espie@ or eric@. It was both funny and
-interesting as I learnt a couple of things while I was chatting with
-them.
-
-## [Even teaching people](#teaching) {: #teaching }
-
-I was still heavily learning at lot of things, whatever I was doing,
-though I was looking forward to share my (little) knowledge. I could
-show some tricks to tsg@ who was porting some python ports and at the
-same time working on
-[portgen](http://man.openbsd.org/OpenBSD-current/man1/portgen.1) to
-teach it to handle python ports. I was really happy/proud to be able to
-help him.
-
-I even could teach eric@ how to use cvs again :D. He didn't touch cvs
-for a while and in the mean time, new tools were created to help us like
-[portimport](http://man.openbsd.org/OpenBSD-current/man1/portimport.1)
-and he didn't know its existence so I showed him thus he could use it
-rather than importing his port (that I reviewed as it was a python
-port :3) manually.
-
-## [The work](#work) {: #work }
-
-I begun the week with committing an update to legit and its chains of
-\*_DEPS, it was quite a pain so I was happy to be over. After that, I
-updated a bunch of little ports. I reviewed a few ports for
-shadchin@. Python ports are usually easy (IMO) but the problem is
-that there are always tons of \*_DEPS which quickly sums up.
-
-I left a bit the python ports to update osm2pgsql. They switched their
-build system from autotools to cmake. Some people don't like
-autotools, other don't like cmake and many hate both but in my case I
-don't know them well so it doesn't make a lot of difference. At first
-I didn't succeed to make the test pass (but of course osm2pgsql was
-tested to be working), but after being home I worked on it again, and
-I was glad of my work.
-
-One of my plan was to port py-tox as it's used by nearly all python
-software for the tests. jca@ told me to look into
-[openbsd-wip](https://github.com/jasperla/openbsd-wip) and indeed it
-was already done by shadchin@, I bring it to ports@ and ok'ed it so he
-imported it.
-
-Finally, I begin to work on poezio, a python3 xmpp client. I needed
-some directions as some of its \*_DEPS were python3-only and currently
-the port infrastructure for python ports is mainly axed towards
-python2, and sthen@ kindly helped me.
-
-## [The end](#end) {: #end }
-
-Of course, I was sad when it ended, seeing people leaving
-gradually. I was really happy of the whole week, meeting people I was
-quite fond of. The meals were goods, with lots of
-[galettes](https://fr.wikipedia.org/wiki/Galette_de_sarrasin) and
-[crepes](https://en.wikipedia.org/wiki/Cr%C3%AApe) (even though we
-were not in Brittany). Thanks to all who made it possible! Would
-definitely do again.
blob - 34bc94aee8f825c06c257ef16e9240a80460fbab (mode 644)
blob + /dev/null
--- content/p2k18.md
+++ /dev/null
@@ -1,111 +0,0 @@
-Title: Hackathon report - p2k18
-Date: 2018-05-03
-Category: Tech
-
-After two mostly boring flights, I was in Nantes on Sunday. I didn't do much
-because I wanted to get some rest after an exhausting week and tried to get my
-body into this new timezone. After a long night of sleep, I went to the hackroom.
-It was already well crowded for the first morning.
-
-On Friday the week before, I asked my boss at 5 pm if I had to take days off. He said
-"no" as a way to support my work on Open Source—it had been the same for
-[t2k17](./t2k17.html). I made a deal with myself that I would finish what I was
-working on for a customer instead of asking my coworker. So a large part of my
-Monday was finishing that stuff. Still, [I updated a port I maintain,
-pqiv](https://github.com/openbsd/ports/commit/a322d2ddc88df925eb9c719578e9f6aca0096298).
-I received a [generous donation](https://chown.me/iota/dmesg/dmesg-x1.txt) from [Mischa
-Peters](https://twitter.com/mischapeters) so I installed OpenBSD on it (thanks
-to jasper@ for carrying it!).
-
-Installing OpenBSD was not that trivial because I didn't have any USB key and
-the wired NIC required an adapter which I didn't have and the wifi NIC required
-a firmware to work. Thanks to [our marvelous
-organizer](https://twitter.com/poolporg) for providing me a USB key and stsp@ for
-lending me a USB NIC (which later [krw@ used to debug a dhclient
-bug](https://undeadly.org/cgi?action=article;sid=20180430190108)!). After that,
-I installed the packages I use, rsync'ed my home from my work laptop I was
-using until then like a lil' pig and felt immediately at home!
-
-I really begin the ports hackathon on Tuesday when I committed an update for
-py-setuptools. I had already [updated them](./b2k16.html) 18 months ago. It was
-easy to do it because I already did all the work a few weeks ago. My plan was
-to commit it before the hackathon but the clang6 fallout decided otherwise. I
-needed this setuptools to port upt. [upt](https://framagit.org/upt) is a
-"modular tool that helps people package software from PyPI/CPAN/etc. to
-OpenBSD/GNU Guix/etc". It's made by a [very good friend of
-mine](https://perso.aquilenet.fr/~steap/) so I sent him a bunch of [really
-nice](https://framagit.org/upt/upt-rubygems/commit/ccb5c2c1f9df2c383a02b2297f0354c3692757b4)
-[diffs](https://framagit.org/upt/upt-cpan/commit/893ef4aed42a121fb2adb6412dd9c91f81a8e8f0).
-
-I imported spdx and spdx-lookup which are a database of licenses and a tool to
-query it. That's the tool upt is using to
-[guess](https://framagit.org/upt/upt/blob/master/upt/licenses.py#L702) the
-license used. Then, I decided to call it a day. The morning was stressful, and rain was forecasted for the next few days. This pushed me to go see the city. I went to
-see [*Les Machines De L'Île*](https://www.lesmachines-nantes.fr/en/). Sadly the
-Elephant was sick so I couldn't ride him. He was fine enough to spit water on
-kids though. What makes me even sadder is that I didn't photograph the
-billboard saying it was sick. It would have been such a cool error page
-for when PostgreSQL is down!
-
-I also visited *Le Chateau des Ducs de Bretagne* and *Le Jardin des Plantes*
-which both were awesome with the nice blue sky I had. It was also funny to
-notice that the people of Nantes try to trick people, with putting "de Bretagne"
-in various names, into thinking that Nantes is in Bretagne while it is not.
-Yup, I'm pretty happy to have a static blog without any comments system so
-there won't be any hateful reactions visible here :-)
-
-Once I got back to the hackroom, I review-n-committed a couple of diffs for
-python ports. I updated again pqiv as they released another bugfix release and
-did some reviews for the [boar port from solene@](https://undeadly.org/cgi?action=article;sid=20180429101745).
-
-I spent Wednesday only doing reviews for other devs—facette, influxdb for
-landry@, and several python ports for pvk@. At 5 pm I was fed up, so I went to
-the supermarket and bought some Belgian beers (*Trappe Quadrupel* and
-*Westmalle* mainly but also some *Chimay*). Once drunk I went to play ping-pong
-with other French hackers. A few hours—and less alcohol in my blood—later, I
-finally updated my main server to OpenBSD 6.3 which went fine.
-
-I also looked at setting `PORTS_PRIVSEP=Yes` being one of the ["new
-converts"](https://undeadly.org/cgi?action=article;sid=20180429190200), but I
-had some [problems](https://marc.info/?l=openbsd-ports-cvs&m=152466817003263&w=2)
-(this commit message actually makes me laugh so much) so I eventually decided to
-rollback. Now, however, I know which permissions to set if I want to enable it
-again so that's cool!
-
-Thursday was low-hanging-fruit day. One of the commits renamed a package and so
-I needed to add a quirks entry. I did all of it on my own and I was glad to see
-how much more comfortable I was after two years (I got my *commit bit* shortly
-before p2k16 which happened 2 years ago).
-
-Until Friday, I didn't submit upt because I was waiting for Cyril to send an
-email about it. He finally sent
-[it](https://marc.info/?l=openbsd-ports&m=152478073001511&w=2) so I submitted
-it while replying to his email. I had already talked about it to landry@
-because he wanted to port a dozen of python ports. I told him this tool
-could help him so he was eager to try it. I finally imported it after a couple
-of back and forth between landry@ and I.
-
-Saturday was my last day as I was traveling on Sunday. I reviewed
-collectd/liboping for landry@, looked at the new
-[Flask](https://www.palletsprojects.com/blog/flask-1-0-released/). During
-p2k16, I talked with eric@ about ports where he was listed as maintainer. This
-time I succeeded in convincing him that his time was better spent on OpenSMTPD so
-there was no need to for him to be listed as maintainer. My final commit for
-p2k18 was freeing him from the ports tree :-)
-
-A while ago, I bought two [pine64](./playing-with-the-pine64.html) but they
-were not that useful for my use cases—too slow and unreliable. For a few weeks,
-semarie was using one of them remotely to work on rust/arm64. But when it
-stopped working, I had to investigate which didn't please my laziness. I offered
-him to take one and give it to him. He gladly accepted and then it was quickly [put to
-use](https://marc.info/?l=openbsd-bugs&m=152526381422932&w=2)!
-
-It was very nice to see Nantes and my fellow OpenBSD hackers again. I could commit
-the diffs I had for a few weeks and reviewed some submissions that enhance what
-you can `pkg_add` on OpenBSD. Thanks to gilles@ for all the organization and to
-Epitech for hosting us again and to the OpenBSD Foundation for the fundings!
-
-
-
-
-
blob - a7fc746bdeb4b049358f9215857cd00b171885d9 (mode 644)
blob + /dev/null
--- content/pics2html.md
+++ /dev/null
@@ -1,127 +0,0 @@
-Title: How I accidentally wrote a static site generator
-Date: 2020-04-08
-Category: Tech
-
-## [Some context first](#context) {: #context }
-
-I bought my
-[DSLR](https://en.wikipedia.org/wiki/Digital_single-lens_reflex_camera) at the
-end of 2014. I wanted to host the resulting pictures somewhere. I never liked
-Flickr much, so I went with 500px. I liked the website and the UI/UX was pretty
-nice. The community was pretty cool. Having skilled photographers around is
-really valuable, as you can learn and find inspiration. But it might also hurt
-(it definitely did, sometimes) to see photographs much better than yours!
-
-For some reason, I kinda stopped photography in 2017. I took a few pictures
-here and there but didn't do anything with them. Basically, the cost (i.e. the
-time the whole thing took) was way too high for what I felt I got from it
-(emotions or whatever).
-
-At the beginning of 2020, I went through all my data on my personal storage
-(which included my pictures) to sort and rearrange them. It made me happy to
-have all those *souvenirs* and I thought I should really go shoot again.
-
-This narrative is not entirely true, though. ;)
-
-While it did happen, it didn't happen initially. I bought [a case for my
-photography
-gear](https://dumpster.chown.me/mastodon/media_attachments/files/000/050/759/original/18e91ddf4f0c6ce4.jpeg)
-for unrelated reasons (compulsive buying) and thought if I was spending money
-on it again, I should make good use of it. Nevertheless, the souvenirs really
-nailed my motivation!
-
-Initially, I thought I could keep using 500px but I realized I'd lost my access
-and that during my hiatus [they had been
-pwned](https://support.500px.com/hc/en-us/articles/360017752493-Security-Issue-February-2019-FAQ).
-Now that I have more experience publishing pictures on the Internet, I have a
-better idea of what I want and care about. During the ensuing years, I have
-also acquired much more experience in [hosting my own
-services](./infrastructure-2019.html), which I try to do for everything I use.
-
-## [Looking for some FOSS](#foss) {: #foss }
-
-I thought writing my own would be difficult/time consuming, so I went for doing
-what I do best: using existing Free Software. I carefully thought through my
-requirements, and here they are:
-
-A quality project is both subjective, and an obvious requirement so I won't
-talk more about it. But PHP apps written by someone who wanted to make their
-first project? I'll pass. :)
-
-I really care about showing [EXIF](https://en.wikipedia.org/wiki/Exif) for
-pictures. As with software, being able to study how they're made is really
-helpful. I feel like pictures without EXIF are as interesting as closed source
-software, so I tend to ignore both. (In a photography context, of course. I
-won't look at which phone model took that cat picture).
-
-On a side note, surprisingly, I learned that people recently created gallery
-software and added machine learning. Well, I've better use for my computing
-power and I prefer simpler things.
-
-AND SHOW THOSE DAMN EXIF!
-
-## [Writing my own - the process](#myown) {: #myown }
-
-Sadly, I didn't find anything that met those two simple requirements.
-
-Because of that, I thought I would either write something myself or put the
-photos into my blog. I was not very fond of the idea of putting my pictures on
-my blog (as a weird application of the "do one thing and do it well" rule), but
-even if I were to do so, I wouldn't want to extract the EXIF myself/manually
-for each picture.
-
-I began writing a python script which parsed the EXIF, which was kind of funny.
-For instance, the library I use gives a tuple for the exposure and depending on
-each field's value, [it has a different
-meaning](https://github.com/danieljakots/pics2html/blob/c08e2b17476e28e8304bfaadc94f76d77d4c74df/pics2html.py#L62-L74).
-
-I had already used jinja2 in my [uv](https://github.com/danieljakots/uv)
-script, so I thought "let's generate a basic html page!" since it was easy.
-That was my planned alternative to using my blog. Since I know nothing about
-web design/frontend and I wasn't very enthusiastic, I thought maybe I would
-later hire someone to do it.
-
-I began to add some very basic CSS to experiment. I had scavenged it from some
-random website which had the nice quality of being very simple! I was happy
-with the result, so I tried to improve it further. I thought "if I'm stuck or
-stop having fun, then I'll look into hiring" which eased my mind a lot!
-
-Surprisingly, I didn't struggle that much and I did have fun! Tackling one
-small issue at a time made it a breeze.
-
-I thought that using icons was better than text since they convey as much
-information while being much much shorter. I had bookmarked a [set of
-icons](https://github.com/tabler/tabler-icons) (because they're MIT-licensed) a
-few days before, thinking "I doubt I'll ever need these, but who knows?" The
-set didn't have an icon for the *lens* so I used the *lego* icon. It looks
-similar and it has a smile on it! What's not to love?
-
-During the process, I went to look at how I did stuff with my blog and I
-noticed it was a complete mess. Seeing how easy writing a static site generator
-was made me want to write one for my blog. So, stay tuned! ;)
-
-## [The result](#result) {: #result }
-
-The result is available here: <https://px.chown.me/>. The [code is, of course,
-available](https://github.com/danieljakots/pics2html) as well.
-
-I would not necessarily advise someone to reuse the code as-is (even though you
-definitely can since it's Free Software). It's pretty tailored to my needs. For
-instance, the red color used is the same as on my [blog](./new-design.html)
-(coherency FTW). I made no effort to make it easily customizable, more than
-what I needed to make the code maintainable (up to a certain point, since I
-have exactly 0 tests... I already feel my future self's frustration, *oops!*).
-
-That said, if you're thinking about building something similar, you're totally
-free (well as long as you abide by the license terms ;)) to study/take parts
-from it!
-
-I'm really happy with the result. The code is pretty simple (though some hacks
-exist here and there), as you would expect from a less-than-300-line python
-script. I learned quite a few things (e.g. improved my skill with jinja2,
-discovered that creating a RSS feed is actually not that hard, etc). I'm really
-happy with how the website looks. Doing web design is completely out of the
-ordinary for me, so it was nice to do something different!
-
-And it's funny... I do things that are 1000x times more complicated, but
-generating 200 html files with a single command really feels like magic!
blob - f90752b53100e9720310dac9daf22af1f0ee07c1 (mode 644)
blob + /dev/null
--- content/playing-with-the-pine64.md
+++ /dev/null
@@ -1,611 +0,0 @@
-Title: Playing with the pine64
-Date: 2017-10-19
-Category: Tech
-
-## [Finding something to install on it](#installwhat) {: #installwhat }
-
-6 weeks ago, I ordered two pine64 units. I didn't (and still don't)
-have much plan for them, but I wanted to play with some cheap
-boards. I finally received them this week. Initially I wanted to
-install some Linux stuff on it, I didn't have much requirement so I
-thought I would just look what seems to be easy and/or the best
-supported systemd flavour. I headed over their
-[wiki](http://wiki.pine64.org/index.php/Pine_A64_Software_Release). Everything
-seems either not really maintained, done by some random people or
-both. I am not saying random people do bad things, just that
-installing some random things from the Internet is not really my cup
-of tea.
-
-I heard about [Armbian](https://www.armbian.com/pine64/) but the
-server flavour seems to be experimental so I got scared of it. And
-sadly, the whole things looks like to be alot undermanned.
-
-So I went for OpenBSD because I know the stuff and who to har^Wkindly
-ask for help. Spoiler alert, it's boring because it just works.
-
-## [Getting OpenBSD on it](#OpenBSD) {: #OpenBSD }
-
-I downloaded miniroot62.fs, dd'ed it on the micro SD card. I was
-afraid I'd need to fiddle with some things like sysutils/dtb because I
-don't know what I would have needed to do. That's because I don't know
-what it does and for this precise reason I was wrong and I didn't need
-to do anything. So just dd the miniroot62.fs and you can go to next
-checkpoint.
-
-I plugged an HDMI cable, ethernet cable and the power, it booted, I
-could read for 10 seconds but then it got dark. Of course it's because
-you need a serial console. Of course I didn't have one.
-
-I thought about trying to install OpenBSD blindly, I could have
-probably succeeded with autoinstall buuuuuut...
-
-Following some good pieces of advice from OpenBSD people I bought some
-cp2102 (I didn't try to understand what it was or what were the other
-possibilities, I just wanted something that would work :D).
-
-I looked how to plug the thing. It appears you can plug it on [two
-different places](http://linux-sunxi.org/File:Pine64_UART0.jpg) but
-if you plug it on the *Euler bus* it could power a bit the board so if
-you try to reboot it, it would then mess with the power disruption and
-could lead a unclean reboot.
-
-You just need to plug three cables: GND, TXD and RXD. Of course, the
-TXD goes on the RXD pin from the picture and the RXD goes on the TXD
-pin. Guess why I'm telling you that!
-
-## [That's it](#thatsit) {: #thatsit }
-
-Then you can connect with the usual
-
- $ cu -dl /dev/cuaU0 -s 115200
-
-You can now install it and the reboot it:
-
- INFO: PSCI Affinity Map:
- INFO: AffInst: Level 0, MPID 0x0, State ON
- INFO: AffInst: Level 0, MPID 0x1, State OFF
- INFO: AffInst: Level 0, MPID 0x2, State OFF
- INFO: AffInst: Level 0, MPID 0x3, State OFF
-
- U-Boot SPL 2017.09 (Sep 13 2017 - 04:48:58)
- DRAM: 2048 MiB
- Trying to boot from MMC1
- NOTICE: BL3-1: Running on A64/H64 (1689) in SRAM A2 (@0x44000)
- NOTICE: Configuring SPC Controller
- NOTICE: BL3-1: v1.0(debug):20170702
- NOTICE: BL3-1: Built : 04:34:32, Sep 13 2017
- NOTICE: Configuring AXP PMIC
- NOTICE: PMIC: setup successful
- NOTICE: SCPI: dummy stub handler, implementation level: 000000
- INFO: BL3-1: Initializing runtime services
- INFO: BL3-1: Preparing for EL3 exit to normal world
- INFO: BL3-1: Next image address: 0x4a000000, SPSR: 0x3c9
-
-
- U-Boot 2017.09 (Sep 13 2017 - 04:48:58 -0600) Allwinner Technology
-
- CPU: Allwinner A64 (SUN50I)
- Model: Pine64+
- DRAM: 2 GiB
- MMC: SUNXI SD/MMC: 0
- *** Warning - bad CRC, using default environment
-
- In: serial
- Out: serial
- Err: serial
- Net: phy interface7
- eth0: ethernet@01c30000
- starting USB...
- USB0: USB EHCI 1.00
- USB1: USB OHCI 1.0
- scanning bus 0 for devices... 1 USB Device(s) found
- scanning usb for storage devices... 0 Storage Device(s) found
- Hit any key to stop autoboot: 0
- switch to partitions #0, OK
- mmc0 is current device
- Scanning mmc 0:1...
- Found EFI removable media binary efi/boot/bootaa64.efi
- reading efi/boot/bootaa64.efi
- 78335 bytes read in 36 ms (2.1 MiB/s)
- libfdt fdt_check_header(): FDT_ERR_BADMAGIC
- ## Starting EFI application at 40080000 ...
- Scanning disks on usb...
- Scanning disks on mmc...
- MMC Device 1 not found
- MMC Device 2 not found
- MMC Device 3 not found
- Found 5 disks
- >> OpenBSD/arm64 BOOTAA64 0.8
- boot>
- booting sd0a:/bsd: 3861360+574928+511472+807968 [285863+96+451944+239980]=0x831130
- type 0x2 pa 0x40000000 va 0x40000000 pages 0x4000 attr 0x8
- type 0x7 pa 0x44000000 va 0x40000000 pages 0x4000 attr 0x8
- type 0x4 pa 0x48000000 va 0x48000000 pages 0x4 attr 0x8
- type 0x7 pa 0x48005000 va 0x40000000 pages 0x70832 attr 0x8
- type 0x2 pa 0xb8837000 va 0xb8837000 pages 0x4 attr 0x8
- type 0x2 pa 0xb883b000 va 0xb883b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb883f000 va 0xb883f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8843000 va 0xb8843000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8847000 va 0xb8847000 pages 0x4 attr 0x8
- type 0x2 pa 0xb884b000 va 0xb884b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb884f000 va 0xb884f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8853000 va 0xb8853000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8857000 va 0xb8857000 pages 0x4 attr 0x8
- type 0x2 pa 0xb885b000 va 0xb885b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb885f000 va 0xb885f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8863000 va 0xb8863000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8867000 va 0xb8867000 pages 0x4 attr 0x8
- type 0x2 pa 0xb886b000 va 0xb886b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb886f000 va 0xb886f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8873000 va 0xb8873000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8877000 va 0xb8877000 pages 0x4 attr 0x8
- type 0x2 pa 0xb887b000 va 0xb887b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb887f000 va 0xb887f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8883000 va 0xb8883000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8887000 va 0xb8887000 pages 0x4 attr 0x8
- type 0x2 pa 0xb888b000 va 0xb888b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb888f000 va 0xb888f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8893000 va 0xb8893000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8897000 va 0xb8897000 pages 0x4 attr 0x8
- type 0x2 pa 0xb889b000 va 0xb889b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb889f000 va 0xb889f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88a3000 va 0xb88a3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88a7000 va 0xb88a7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88ab000 va 0xb88ab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88af000 va 0xb88af000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88b3000 va 0xb88b3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88b7000 va 0xb88b7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88bb000 va 0xb88bb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88bf000 va 0xb88bf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88c3000 va 0xb88c3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88c7000 va 0xb88c7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88cb000 va 0xb88cb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88cf000 va 0xb88cf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88d3000 va 0xb88d3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88d7000 va 0xb88d7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88db000 va 0xb88db000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88df000 va 0xb88df000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88e3000 va 0xb88e3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88e7000 va 0xb88e7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88eb000 va 0xb88eb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88ef000 va 0xb88ef000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88f3000 va 0xb88f3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88f7000 va 0xb88f7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88fb000 va 0xb88fb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb88ff000 va 0xb88ff000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8903000 va 0xb8903000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8907000 va 0xb8907000 pages 0x4 attr 0x8
- type 0x2 pa 0xb890b000 va 0xb890b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb890f000 va 0xb890f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8913000 va 0xb8913000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8917000 va 0xb8917000 pages 0x4 attr 0x8
- type 0x2 pa 0xb891b000 va 0xb891b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb891f000 va 0xb891f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8923000 va 0xb8923000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8927000 va 0xb8927000 pages 0x4 attr 0x8
- type 0x2 pa 0xb892b000 va 0xb892b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb892f000 va 0xb892f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8933000 va 0xb8933000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8937000 va 0xb8937000 pages 0x4 attr 0x8
- type 0x2 pa 0xb893b000 va 0xb893b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb893f000 va 0xb893f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8943000 va 0xb8943000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8947000 va 0xb8947000 pages 0x4 attr 0x8
- type 0x2 pa 0xb894b000 va 0xb894b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb894f000 va 0xb894f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8953000 va 0xb8953000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8957000 va 0xb8957000 pages 0x4 attr 0x8
- type 0x2 pa 0xb895b000 va 0xb895b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb895f000 va 0xb895f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8963000 va 0xb8963000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8967000 va 0xb8967000 pages 0x4 attr 0x8
- type 0x2 pa 0xb896b000 va 0xb896b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb896f000 va 0xb896f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8973000 va 0xb8973000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8977000 va 0xb8977000 pages 0x4 attr 0x8
- type 0x2 pa 0xb897b000 va 0xb897b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb897f000 va 0xb897f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8983000 va 0xb8983000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8987000 va 0xb8987000 pages 0x4 attr 0x8
- type 0x2 pa 0xb898b000 va 0xb898b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb898f000 va 0xb898f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8993000 va 0xb8993000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8997000 va 0xb8997000 pages 0x4 attr 0x8
- type 0x2 pa 0xb899b000 va 0xb899b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb899f000 va 0xb899f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89a3000 va 0xb89a3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89a7000 va 0xb89a7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89ab000 va 0xb89ab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89af000 va 0xb89af000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89b3000 va 0xb89b3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89b7000 va 0xb89b7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89bb000 va 0xb89bb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89bf000 va 0xb89bf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89c3000 va 0xb89c3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89c7000 va 0xb89c7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89cb000 va 0xb89cb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89cf000 va 0xb89cf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89d3000 va 0xb89d3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89d7000 va 0xb89d7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89db000 va 0xb89db000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89df000 va 0xb89df000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89e3000 va 0xb89e3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89e7000 va 0xb89e7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89eb000 va 0xb89eb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89ef000 va 0xb89ef000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89f3000 va 0xb89f3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89f7000 va 0xb89f7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89fb000 va 0xb89fb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb89ff000 va 0xb89ff000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a03000 va 0xb8a03000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a07000 va 0xb8a07000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a0b000 va 0xb8a0b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a0f000 va 0xb8a0f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a13000 va 0xb8a13000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a17000 va 0xb8a17000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a1b000 va 0xb8a1b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a1f000 va 0xb8a1f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a23000 va 0xb8a23000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a27000 va 0xb8a27000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a2b000 va 0xb8a2b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a2f000 va 0xb8a2f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a33000 va 0xb8a33000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a37000 va 0xb8a37000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a3b000 va 0xb8a3b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a3f000 va 0xb8a3f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a43000 va 0xb8a43000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a47000 va 0xb8a47000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a4b000 va 0xb8a4b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a4f000 va 0xb8a4f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a53000 va 0xb8a53000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a57000 va 0xb8a57000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a5b000 va 0xb8a5b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a5f000 va 0xb8a5f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a63000 va 0xb8a63000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a67000 va 0xb8a67000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a6b000 va 0xb8a6b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a6f000 va 0xb8a6f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a73000 va 0xb8a73000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a77000 va 0xb8a77000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a7b000 va 0xb8a7b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a7f000 va 0xb8a7f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a83000 va 0xb8a83000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a87000 va 0xb8a87000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a8b000 va 0xb8a8b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a8f000 va 0xb8a8f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a93000 va 0xb8a93000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a97000 va 0xb8a97000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a9b000 va 0xb8a9b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8a9f000 va 0xb8a9f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aa3000 va 0xb8aa3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aa7000 va 0xb8aa7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aab000 va 0xb8aab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aaf000 va 0xb8aaf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ab3000 va 0xb8ab3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ab7000 va 0xb8ab7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8abb000 va 0xb8abb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8abf000 va 0xb8abf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ac3000 va 0xb8ac3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ac7000 va 0xb8ac7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8acb000 va 0xb8acb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8acf000 va 0xb8acf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ad3000 va 0xb8ad3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ad7000 va 0xb8ad7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8adb000 va 0xb8adb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8adf000 va 0xb8adf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ae3000 va 0xb8ae3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ae7000 va 0xb8ae7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aeb000 va 0xb8aeb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aef000 va 0xb8aef000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8af3000 va 0xb8af3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8af7000 va 0xb8af7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8afb000 va 0xb8afb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8aff000 va 0xb8aff000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b03000 va 0xb8b03000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b07000 va 0xb8b07000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b0b000 va 0xb8b0b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b0f000 va 0xb8b0f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b13000 va 0xb8b13000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b17000 va 0xb8b17000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b1b000 va 0xb8b1b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b1f000 va 0xb8b1f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b23000 va 0xb8b23000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b27000 va 0xb8b27000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b2b000 va 0xb8b2b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b2f000 va 0xb8b2f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b33000 va 0xb8b33000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b37000 va 0xb8b37000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b3b000 va 0xb8b3b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b3f000 va 0xb8b3f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b43000 va 0xb8b43000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b47000 va 0xb8b47000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b4b000 va 0xb8b4b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b4f000 va 0xb8b4f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b53000 va 0xb8b53000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b57000 va 0xb8b57000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b5b000 va 0xb8b5b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b5f000 va 0xb8b5f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b63000 va 0xb8b63000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b67000 va 0xb8b67000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b6b000 va 0xb8b6b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b6f000 va 0xb8b6f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b73000 va 0xb8b73000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b77000 va 0xb8b77000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b7b000 va 0xb8b7b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b7f000 va 0xb8b7f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b83000 va 0xb8b83000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b87000 va 0xb8b87000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b8b000 va 0xb8b8b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b8f000 va 0xb8b8f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b93000 va 0xb8b93000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b97000 va 0xb8b97000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b9b000 va 0xb8b9b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8b9f000 va 0xb8b9f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ba3000 va 0xb8ba3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ba7000 va 0xb8ba7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bab000 va 0xb8bab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8baf000 va 0xb8baf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bb3000 va 0xb8bb3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bb7000 va 0xb8bb7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bbb000 va 0xb8bbb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bbf000 va 0xb8bbf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bc3000 va 0xb8bc3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bc7000 va 0xb8bc7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bcb000 va 0xb8bcb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bcf000 va 0xb8bcf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bd3000 va 0xb8bd3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bd7000 va 0xb8bd7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bdb000 va 0xb8bdb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bdf000 va 0xb8bdf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8be3000 va 0xb8be3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8be7000 va 0xb8be7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8beb000 va 0xb8beb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bef000 va 0xb8bef000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bf3000 va 0xb8bf3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bf7000 va 0xb8bf7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bfb000 va 0xb8bfb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8bff000 va 0xb8bff000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c03000 va 0xb8c03000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c07000 va 0xb8c07000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c0b000 va 0xb8c0b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c0f000 va 0xb8c0f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c13000 va 0xb8c13000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c17000 va 0xb8c17000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c1b000 va 0xb8c1b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c1f000 va 0xb8c1f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c23000 va 0xb8c23000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c27000 va 0xb8c27000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c2b000 va 0xb8c2b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c2f000 va 0xb8c2f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c33000 va 0xb8c33000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c37000 va 0xb8c37000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c3b000 va 0xb8c3b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c3f000 va 0xb8c3f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c43000 va 0xb8c43000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c47000 va 0xb8c47000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c4b000 va 0xb8c4b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c4f000 va 0xb8c4f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c53000 va 0xb8c53000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c57000 va 0xb8c57000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c5b000 va 0xb8c5b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c5f000 va 0xb8c5f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c63000 va 0xb8c63000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c67000 va 0xb8c67000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c6b000 va 0xb8c6b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c6f000 va 0xb8c6f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c73000 va 0xb8c73000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c77000 va 0xb8c77000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c7b000 va 0xb8c7b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c7f000 va 0xb8c7f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c83000 va 0xb8c83000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c87000 va 0xb8c87000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c8b000 va 0xb8c8b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c8f000 va 0xb8c8f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c93000 va 0xb8c93000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c97000 va 0xb8c97000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c9b000 va 0xb8c9b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8c9f000 va 0xb8c9f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ca3000 va 0xb8ca3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ca7000 va 0xb8ca7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cab000 va 0xb8cab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8caf000 va 0xb8caf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cb3000 va 0xb8cb3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cb7000 va 0xb8cb7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cbb000 va 0xb8cbb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cbf000 va 0xb8cbf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cc3000 va 0xb8cc3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cc7000 va 0xb8cc7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ccb000 va 0xb8ccb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ccf000 va 0xb8ccf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cd3000 va 0xb8cd3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cd7000 va 0xb8cd7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cdb000 va 0xb8cdb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cdf000 va 0xb8cdf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ce3000 va 0xb8ce3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ce7000 va 0xb8ce7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ceb000 va 0xb8ceb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cef000 va 0xb8cef000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cf3000 va 0xb8cf3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cf7000 va 0xb8cf7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cfb000 va 0xb8cfb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8cff000 va 0xb8cff000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d03000 va 0xb8d03000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d07000 va 0xb8d07000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d0b000 va 0xb8d0b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d0f000 va 0xb8d0f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d13000 va 0xb8d13000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d17000 va 0xb8d17000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d1b000 va 0xb8d1b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d1f000 va 0xb8d1f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d23000 va 0xb8d23000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d27000 va 0xb8d27000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d2b000 va 0xb8d2b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d2f000 va 0xb8d2f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d33000 va 0xb8d33000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d37000 va 0xb8d37000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d3b000 va 0xb8d3b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d3f000 va 0xb8d3f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d43000 va 0xb8d43000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d47000 va 0xb8d47000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d4b000 va 0xb8d4b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d4f000 va 0xb8d4f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d53000 va 0xb8d53000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d57000 va 0xb8d57000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d5b000 va 0xb8d5b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d5f000 va 0xb8d5f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d63000 va 0xb8d63000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d67000 va 0xb8d67000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d6b000 va 0xb8d6b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d6f000 va 0xb8d6f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d73000 va 0xb8d73000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d77000 va 0xb8d77000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d7b000 va 0xb8d7b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d7f000 va 0xb8d7f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d83000 va 0xb8d83000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d87000 va 0xb8d87000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d8b000 va 0xb8d8b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d8f000 va 0xb8d8f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d93000 va 0xb8d93000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d97000 va 0xb8d97000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d9b000 va 0xb8d9b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8d9f000 va 0xb8d9f000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8da3000 va 0xb8da3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8da7000 va 0xb8da7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dab000 va 0xb8dab000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8daf000 va 0xb8daf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8db3000 va 0xb8db3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8db7000 va 0xb8db7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dbb000 va 0xb8dbb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dbf000 va 0xb8dbf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dc3000 va 0xb8dc3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dc7000 va 0xb8dc7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dcb000 va 0xb8dcb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dcf000 va 0xb8dcf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dd3000 va 0xb8dd3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dd7000 va 0xb8dd7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ddb000 va 0xb8ddb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8ddf000 va 0xb8ddf000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8de3000 va 0xb8de3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8de7000 va 0xb8de7000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8deb000 va 0xb8deb000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8def000 va 0xb8def000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8df3000 va 0xb8df3000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8df7000 va 0xb8df7000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8df8000 va 0xb8df8000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8dfc000 va 0xb8dfc000 pages 0x2 attr 0x8
- type 0x2 pa 0xb8dfe000 va 0xb8dfe000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8dff000 va 0xb8dff000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e00000 va 0xb8e00000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e01000 va 0xb8e01000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8e05000 va 0xb8e05000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e06000 va 0xb8e06000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8e0a000 va 0xb8e0a000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e0b000 va 0xb8e0b000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8e0f000 va 0xb8e0f000 pages 0x2 attr 0x8
- type 0x2 pa 0xb8e11000 va 0xb8e11000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e12000 va 0xb8e12000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e13000 va 0xb8e13000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e14000 va 0xb8e14000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8e18000 va 0xb8e18000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e19000 va 0xb8e19000 pages 0x4 attr 0x8
- type 0x2 pa 0xb8e1d000 va 0xb8e1d000 pages 0x2 attr 0x8
- type 0x2 pa 0xb8e1f000 va 0xb8e1f000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e20000 va 0xb8e20000 pages 0x1 attr 0x8
- type 0x2 pa 0xb8e21000 va 0xb8e21000 pages 0x100 attr 0x8
- type 0x6 pa 0xb8f21000 va 0xb8f21000 pages 0x1 attr 0x8000000000000008
- type 0x2 pa 0xb8f22000 va 0xb8f22000 pages 0x13 attr 0x8
- type 0x2 pa 0xb8f35000 va 0xb8f35000 pages 0x5085 attr 0x8
- type 0x5 pa 0xbdfba000 va 0xbdfba000 pages 0x1 attr 0x8000000000000008
- type 0x2 pa 0xbdfbb000 va 0xb8f35000 pages 0x2045 attr 0x8
- [ using 978720 bytes of bsd ELF symbol table ]
- Copyright (c) 1982, 1986, 1989, 1991, 1993
- The Regents of the University of California. All rights reserved.
- Copyright (c) 1995-2017 OpenBSD. All rights reserved. https://www.OpenBSD.org
-
- OpenBSD 6.2-current (GENERIC) #47: Wed Oct 18 11:56:57 MDT 2017
- deraadt@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC
- real mem = 2021859328 (1928MB)
- avail mem = 1935818752 (1846MB)
- mainbus0 at root: Pine64+
- cpu0 at mainbus0: ARM Cortex-A53 r0p4
- psci0 at mainbus0
- agtimer0 at mainbus0: tick rate 24000 KHz
- simplebus0 at mainbus0: "soc"
- sxiccmu0 at simplebus0
- sxipio0 at simplebus0: 103 pins
- sximmc0 at simplebus0
- sdmmc0 at sximmc0: 4-bit, sd high-speed, mmc high-speed, dma
- ehci0 at simplebus0
- usb0 at ehci0: USB revision 2.0
- uhub0 at usb0 configuration 1 interface 0 "Generic EHCI root hub" rev 2.00/1.00 addr 1
- com0 at simplebus0: ns16550, no working fifo
- com0: console
- ampintc0 at simplebus0 nirq 224, ncpu 4: "interrupt-controller"
- sxirtc0 at simplebus0
- dwxe0 at simplebus0: address 02:ba:b0:1b:de:88
- rgephy0 at dwxe0 phy 0: RTL8169S/8110S/8211 PHY, rev. 5
- rgephy1 at dwxe0 phy 1: RTL8169S/8110S/8211 PHY, rev. 5
- gpio0 at sxipio0: 32 pins
- gpio1 at sxipio0: 32 pins
- gpio2 at sxipio0: 32 pins
- gpio3 at sxipio0: 32 pins
- gpio4 at sxipio0: 32 pins
- gpio5 at sxipio0: 32 pins
- gpio6 at sxipio0: 32 pins
- gpio7 at sxipio0: 32 pins
- scsibus0 at sdmmc0: 2 targets, initiator 0
- sd0 at scsibus0 targ 1 lun 0: <SD/MMC, USD00, 0010> SCSI2 0/direct removable
- sd0: 15080MB, 512 bytes/sector, 30883840 sectors
- vscsi0 at root
- scsibus1 at vscsi0: 256 targets
- softraid0 at root
- scsibus2 at softraid0: 256 targets
- bootfile: sd0a:/bsd
- boot device: sd0
- root on sd0a (aad98897a9859bd0.a) swap on sd0b dump on sd0b
- Automatic boot in progress: starting file system checks.
- /dev/sd0a (aad98897a9859bd0.a): file system is clean; not checking
- /dev/sd0l (aad98897a9859bd0.l): file system is clean; not checking
- /dev/sd0d (aad98897a9859bd0.d): file system is clean; not checking
- /dev/sd0f (aad98897a9859bd0.f): file system is clean; not checking
- /dev/sd0g (aad98897a9859bd0.g): file system is clean; not checking
- /dev/sd0h (aad98897a9859bd0.h): file system is clean; not checking
- /dev/sd0k (aad98897a9859bd0.k): file system is clean; not checking
- /dev/sd0j (aad98897a9859bd0.j): file system is clean; not checking
- /dev/sd0e (aad98897a9859bd0.e): file system is clean; not checking
- setting tty flags
- pf enabled
- starting network
- dwxe0: DHCPREQUEST to 255.255.255.255
- dwxe0: DHCPNACK from 10.20.20.254 (00:0d:b9:43:9f:fc)
- dwxe0: DHCPDISCOVER - interval 1
- dwxe0: DHCPOFFER from 10.20.20.254 (00:0d:b9:43:9f:fc)
- dwxe0: DHCPREQUEST to 255.255.255.255
- dwxe0: DHCPACK from 10.20.20.254 (00:0d:b9:43:9f:fc)
- dwxe0: bound to 10.20.20.15 -- renewal in 21600 seconds
- reordering libraries: done.
- openssl: generating isakmpd/iked RSA keys... done.
- ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
- starting early daemons: syslogd pflogd ntpd.
- starting RPC daemons:.
- savecore: no core dump
- checking quotas: done.
- clearing /tmp
- kern.securelevel: 0 -> 1
- creating runtime link editor directory cache.
- preserving editor files.
- starting network daemons: sshd smtpd sndiod.
- running rc.firsttime
- Path to firmware: http://firmware.openbsd.org/firmware/snapshots/
- No devices found which need firmware files to be downloaded.
- starting local daemons: cron.
- Wed Oct 18 17:52:37 MDT 2017
-
- OpenBSD/arm64 (alpaga.chown.me) (console)
-
- login:
-
-
-And now, I just have to wait for
-[Jean Canard](https://chown.me/iota/pics/IMG_0675.JPG) to destroy the
-whole thing.
blob - 7469b23ba388b8b5c5f3f072fb96797a4edc1813 (mode 644)
blob + /dev/null
--- content/routing-traffic-with-multiple-openvpn.md
+++ /dev/null
@@ -1,190 +0,0 @@
-Title: Routing traffic with multiple OpenVPN
-Date: 2017-11-21
-Category: Tech
-
-
-## [Why OpenVPN?](#openvpn) {: #openvpn }
-
-For [my dayjob](https://evolix.ca/en) we access the servers we manage
-through OpenVPN. Of course it's not the only security measure, it's
-yet another layer and it helps to cut a part of the
-[IBN](https://en.wikipedia.org/wiki/Internet_background_noise). All of
-our servers are registered in
-[LDAP](https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol)
-and from this system we create some routes that the OpenVPN server
-pushes to the OpenVPN clients.
-
-## [What did I need?](#needs) {: #needs }
-
-### [Follow the pushed routes, not always and not for all the hosts](#pushedroutes) {: #pushedroutes }
-
-I work sometimes from home (for on-call or just remote work). I have a
-IP phone which needs the VPN but of course I can't setup OpenVPN on
-the phone directly, so the VPN has to go on my router. But let's say
-some android phone (without security updates) connects to my wifi, I
-don't want its traffic to go through the VPN.
-
-But I also have my own desktop that I don't want any of its traffic to
-go through the VPN, but sometimes I want it to use the routes if I
-want to quickly check something on a server.
-
-### [Default route sometimes, sometimes not](#default) {: #default }
-
-By default, clients don't set the gateway to the vpn, because we
-have the routes. But sometimes, we need to access a host through the
-VPN without having a route to it being pushed by the server. Hence I
-need to be able to route all the traffic through the vpn if
-needed. But not always because the vpn endpoint is 105ms away and
-browsing with this increased latency is obviously a bit slower.
-
-### [Even with a default route, bypassing the VPN for some servers](#bypass) {: #bypass }
-
-I have a VM in Montreal, 10ms away, and there's no reason that the
-traffic should go through the VPN. Same goes for my OpenBSD mirror.
-
-### [Multiple VPN](#multiplevpns) {: #multiplevpns }
-
-I also have another VPN which endpoints is in Montreal and I may want
-to route some host from my lan through it. It must independant from
-the other VPN.
-
-### [Don't touch the server side](#serveragnosticism) {: #serveragnoticism }
-
-My coworkers use the VPN as well so I can't change the server
-configuration just to suit my own need.
-
-## [Suiting all the needs \o/](#suitneeds) {: #suitneeds }
-
-I will only talk about the client as there's nothing special on the
-server side
-
-### [OpenVPN infrastructure](#ovpninfra) {: #ovpninfra }
-
-~~~
-danj@pancake:/etc/openvpn$ ls
-client-ca.conf client-fr.conf private-stuff/
-~~~
-
-Config files are as usual, the only special thing is that I force
-the tun device used by the VPN (so I can use it in pf.conf):
-
-~~~
-danj@pancake:/etc/openvpn$ grep dev *.conf
-client-ca.conf:dev tun1
-client-fr.conf:dev tun0
-~~~
-
-In `rc.conf.local`, I set the correct config file:
-
-~~~
-openvpn_fr_flags="--config /etc/openvpn/client-fr.conf"
-openvpn_ca_flags="--config /etc/openvpn/client-ca.conf"
-~~~
-
-now I can `rcctl start openvpn_fr` and `rcctl start openvpn_ca`
-
-### [routing](#routing) {: #routing }
-
-Spoiler alert, everything is done with pf.
-
-I won't put my whole pf.conf but only the needed parts. First let's
-describe the interface.
-
-~~~
-vpnfr_if = "tun0"
-vpnca_if = "tun1"
-~~~
-
-I have vlan-capable switch and wifi AP, so I have multiple networks.
-
-~~~
-lan_net = $lan_if:network
-wifilap_net = $wifilap_if:network
-wifitel_net = $wifitel_if:network
-windows_net = $windows_if:network
-tel_net = $tel_if:network
-~~~
-
-I need some tables (don't worry, you'll understand later what purpose
-they have).
-
-~~~
-table <softvpnfr> { 10.20.20.20 } persist
-table <vpnfr> { $phone } persist
-table <vpnca> { 10.10.10.60 } persist
-table <bypassfr> { 129.128.197.20, 129.128.5.191, 185.19.29.62, 167.114.216.84 } persist
-table <forcevpnfr> { $mrs-fw2 }
-table <nousautres> { 10.0.0.0/8, $home_ip } persist
-~~~
-
-Now we can see the ruleset. I let everything from the lan, that doesn't
-go on the router itself or to another lan (so the traffic will need
-another rules to be allowed) come through.
-
-~~~
-pass in on $lan_if from $lan_net to ! <nousautres>
-pass in on $wifilap_if from $wifilap_net to ! <nousautres>
-pass in on $wifitel_if from $wifitel_net to ! <nousautres>
-pass in on $tel_if from $tel to ! <nousautres>
-pass in log on $windows_if proto { tcp, udp } from $windows_net to ! <nousautres>
-~~~
-
-I let everything going out
-
-~~~
-pass out log on $ext_if proto { tcp, udp } all modulate state
-pass out on $vpnfr_if proto { tcp, udp } all modulate state
-pass out on $vpnca_if proto { tcp, udp } all modulate state
-~~~
-
-Now's the fun part.
-
-* `<softvpn>` is the hosts that can you the routes pushed by the VPN but
-it doesn't use the VPN as the gw
-* `<vpnfr>` and `<vpnca>` everything from the hosts in it goes through
-the VPN (French or Canadian)
-* `<bypassfr>` any traffic to host in the table won't go through the VPN
-* `<forcevpnfr>` host that must be accessed through the VPN
-
-
-~~~
-# disable the use of the routes if you're not in <softvpn>
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $atlas_if } \
- from !<softvpnfr> to ! <nousautres> route-to ($ext_if $home_ip)
-
-# force traffic through the French VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from <vpnfr> to ! <nousautres> route-to ($vpnfr_if 192.168.125.61)
-
-# traffic to hosts in <bypass> must not go through the VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from <vpnfr> to <bypassfr> route-to ($ext_if $home_ip)
-
-# force traffic through the Canadian VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from <vpnca> to ! <nousautres> route-to ($vpnca_if 192.168.251.10)
-
-# traffic from <softvpnfr> to hosts in <forcevpnfr> should really go through the VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if } \
- from <softvpnfr> to <forcevpnfr> route-to ($vpnfr_if 192.168.125.61)
-
-~~~
-
-But the real magic with pf, is that I can **very easily** change the
-routing for any host :
-
-~~~
-# if I want everything to go through the Canadian VPN
-root@pancake:~# pfctl -t vpnca -Ta 10.1.2.3
-# or not
-root@pancake:~# pfctl -t vpnca -Td 10.1.2.3
-# through the French VPN
-root@pancake:~# pfctl -t vpnfr -Ta 10.1.2.3
-# ok not everything, just use the route pushed by the VPN
-root@pancake:~# pfctl -t vpnfr -Td 10.1.2.3
-root@pancake:~# pfctl -t softvpn -Ta 10.1.2.3
-~~~
-
-That's all! Of course, if anything goes wrong, I have
-[Jean Canard's Advanced Paws System (APS)](https://chown.me/iota/pics/IMG_0551.JPG)
-that checks for anything.
blob - c28c68c3fb955f51a58fd8129d4e2e8a67616dee (mode 644)
blob + /dev/null
--- content/t2k17.md
+++ /dev/null
@@ -1,76 +0,0 @@
-Title: Hackathon report - t2k17
-Date: 2017-08-21
-Category: Tech
-
-I also wrote [a shorter and less personal report on undeadly](http://undeadly.org/cgi?action=article&sid=20170821231153), feel free
-to read it rather than this one if you don't want to know about other things than
-the hackathon.
-
-August was a busy month events-wise. I had the visit of coworkers who
-work in France, because [this year's Debconf](https://debconf17.debconf.org/) took place here, in Montreal.
-
-After a week of fun activities,
-[I went to debconf](https://twitter.com/Vigdis_/status/894318053093146624)
-with them.
-[With my badge](https://twitter.com/Vigdis_/status/893877976235991042),
-people noticed I liked OpenBSD and during the 'Wine and Cheese' event,
-someone came to me to talk about OpenBSD. In fact he was
-[sf@debian.org](https://qa.debian.org/developer.php?login=sf) who is also
-[sf@openbsd.org](https://v4.freshbsd.org/search?committer=sf&project=openbsd). I
-was very surprised to meet another OpenBSD developer at debconf!
-
-I finally left debconf on Tuesday evening because I had to take the
-train on Wednesday morning with mpi@ to go to Toronto. In the train I
-was slacking on the Internet when I noticed mpi@ was already hacking
-with his $EDITOR. I felt guilty so I began to update
-graphics/pqiv. Fortunately, jca@ was already in the hackroom so he was
-available to help/review. It was cool to begin with that port because
-it's a very simple port and I had to learn about the new COMPILER
-variable, thus I could easily focus just on that.
-
-I also took the opportunity of the train journey to ask mpi@ questions
-about networking stuff which leaded to more things I want to dig in.
-
-Once I arrived in the hackroom, I committed a duplicity update I had
-in my tree for a long time. I also looked at a submission on ports@
-which needed some help because of libressl vs openssl and once I
-received some ok I put it in the tree.
-
-Over the last few weeks I've been looking at porting some OpenBGPD
-check for nagios-like monitoring system to improve my [dayjob](https://evolix.ca/)'s
-monitoring system. I realized then that I didn't even check what we
-already had in the ports tree. We had a check that I quickly tested
-and it appeared to be broken. afresh1@, who is the check maintainer
-and upstream hadn't arrived yet, I asked other developers that I know
-they run BGPd in production what they use. I got to know about how
-they did their monitoring which was pretty interesting!
-
-To look at something else than the ports tree, I began to look at
-updating xkeyboard-config which is one of the tool used by xenocara. I
-already did the last update but at the time I didn't notice we had
-some local patches so I wanted to do it more carefully this time. I
-had some troubles doing this update so I took care of writing some
-notes about how I did it so next time should be easier.
-
-Finally afresh1@ arrived and I told him about the bgpd check problem
-and in fact he had fixed it two years ago but forgot to update the
-port. He quickly committed an update to close the case.
-
-One thing I wanted to do during this hackathon was updating
-haproxy. A few months ago when they release the latest branch, I
-didn't succeed to update our port to it because of libressl vs
-openssl. It wasn't such a big deal because old-stable branch was still
-supported. After waiting 9 months, I just grabbed
-[the patch Bernard Spil did for TrueOS](https://github.com/trueos/freebsd-ports/blob/3745ead2e0f43985c3647e1e3aecae2751decfda/net/haproxy/files/patch-src_ssl__sock.c)
-and it just worked so I was really happy!
-
-In addition of that, I updated the other ports I maintained and I
-finally reached a state where all the ports I maintained were up to
-date \o/
-
-To sum up, I did everything I wanted during this hackaton, with more
-ease than I thought. I had the opportunity to have really interesting
-discussions with a lot of other developers (during [our social event](https://twitter.com/Vigdis_/status/895794041450897408) but not only). Thanks a lot to the
-University of Toronto for hosting us (in a
-[very nice part of the city](https://twitter.com/Vigdis_/status/896356797988167681)
-and krw@ for organizing!
blob - 087557cf7e1b699fb35dc5ba790e3282e113de32 (mode 644)
blob + /dev/null
--- content/the-checklist-manifesto.md
+++ /dev/null
@@ -1,55 +0,0 @@
-Title: The Checklist Manifesto
-Date: 2018-06-01
-Category: Books
-
-What is the best way to improve the quality of your actions? According to the
-author of the book [*The Checklist
-Manifesto*](https://en.wikipedia.org/wiki/The_Checklist_Manifesto), it's with
-checklists.
-
-A few months ago, a [friend](https://instinctive.eu/) wrote [a blog
-article](https://instinctive.eu/weblog/0AC-perte-de-memoire-II) about how her
-memory began to fail her. [Another friend](https://blog.pasithee.fr/)
-[commented](https://instinctive.eu/weblog/0AC-perte-de-memoire-II#VXBU66HpV1Ds) that
-she wrote a checklist to avoid forgetting anything before a commit, after
-having read *The Checklist Manifesto*. Another passion of mine is airplanes.
-In the aviation world, there are checklists for everything. I was curious
-what this book could say about this subject so I read it.
-
-While reading the book was pleasant, if the author talked only about checklists,
-I think it could have been only one chapter. The other things he wrote about
-are communications and sharing—or spreading—responsibilities. These topics are also
-very important but out of the scope in my opinion.
-
-[Atul Gawande](https://en.wikipedia.org/wiki/Atul_Gawande) (the author)
-is a surgeon, so obviously he talks about surgery but not only. For instance,
-he talks about how aviation and construction firms started using checklists, who
-writes them, and what they cover.
-
-But why make checklists? The author
-explains that over the last centuries we have learned many many things, but we
-sometimes fail at doing them. Checklists are there to lower our fail rate.
-They also help to be faster and more methodical.
-
-Checklists don't improve our skills, they improve results. They are guards
-against basic errors and oversights.
-
-That sounds good, doesn't it? So how does one a do a good checklist? The author
-gives a *rule of thumb*. The checklist must:
-
-* be between 5 and 9 elements—it should take between 60 and 90 seconds to complete
-* have a clear *pause point* i.e. when to go through the checklist
-* be short and precise, they're not a how-to
-* have a publication date and be occasionally revised
-
-Atul Gawande lists two kinds of checklist:
-
-* do-confirm: you do your stuff and once you think you're good, you go
-through the checklist to verify you didn't forget anything
-* read-do: you do what the checklist says you have to do while reading it
-
-Checklists can be done during team briefing and it has the added benefit that it
-improves communication among the team.
-
-I liked this book and if you're curious about stories behind checklists, you
-should definitely read it!
blob - 375ae0f3b2ab5a21a1c09b7e1e69069f39866df9 (mode 644)
blob + /dev/null
--- content/the-effective-manager.md
+++ /dev/null
@@ -1,99 +0,0 @@
-Title: The Effective Manager
-Date: 2018-08-13
-Category: Books
-
-*Note: this is also available in audio format: 3:49
-[(1.6MB mp3)](https://chown.me/iota/blog/the-effective-manager.mp3)
-[(1.3MB ogg)](https://chown.me/iota/blog/the-effective-manager.ogg)*
-
-<br/>
-
-A few months ago, I stumbled across [A reading list for new engineering
-managers](https://jacobian.org/writing/engmanager-reading-list/). I'm not sure
-that I want to become a manager, but even so, knowing how management tasks
-should be approached is valuable. Knowing how things work from the other side
-helps me to understand the bigger picture, so I try to do that with most things
-in life.
-
-I began by reading the first book on the list, *The Effective Manager* by Mark
-Horstman. Here's what I found interesting:
-
-Firstly, employees should be able to list their goals. If they can't, they
-should ask "what results do you expect from me?" and "how will you measure my
-performance?"
-
-For the manager, the two main goals are:
-
-1. Achieve Results
-2. Retain Employees
-
-To help the manager succeed in these goals, the book first gives some general
-advice:
-
-1. Get to know your people
-2. Communicate about performance
-3. Ask for more
-4. Push work down
-
-Their respective importance is set to 40%, 30%, 20% and 10%. (Isn't it great
-when you add percentages and their sum is, indeed, 100%?)
-
-When goals are clearly defined and the manager communicates about their
-employee's performance, both are off to a good start!
-
-"Generally, the more a team trusts its manager, the better the results will be,
-and the better the retention as well."
-
-The author advises managers to talk to their subordinates frequently about things
-that are important to them. For those frequent discussions, his recommended
-format is the *One-on-One*. One-on-ones are scheduled, weekly, 30-minute
-meetings that managers have with each of their employees.
-
-One-on-ones last thirty minutes at the most, but can end early if neither has
-more to say. The thirty minutes are split into three ten-minute segments. The
-first third is for what the subordinate wishes to discuss. The second third allows
-the manager to provide feedback and instruction. The final third (hopefully
-there's still some time left :-)) is designated for discussion about the future
-... as it's not particularly useful to talk about the past.
-
-The book has some tips for addressing the reasons why some might be reluctant
-to attend one-on-ones. If they say their schedule is already fully booked, the
-key is to say "ok, but look at your schedule. If in one month it's mostly free,
-let's add a few weekly 30-minute slots then, to see how it goes."
-
-Another problem that could arise is the employee being unwilling to talk or
-dominating the conversation. Again, the book has some tips for that and in both
-cases, it comes down to **gently** encouraging the behavior you want to see
-**without forcing** the employee (at least, in the beginning).
-
-For giving feedback, Horstman provides the following model:
-
-1. Ask if the person is open to receiving feedback. It's useless to give
- feedback if one's not open to it. Also, hashtag consent.
-2. Identify the behavior you've noticed.
-3. Describe the impact of the behavior (positive or negative).
-4. Encourage effective future behavior. If the feedback is positive, say "keep
- up the good work!" and if it isn't, ask questions and work out a plan.
-
-One important thing about feedback is that you shouldn't be angry when you
-deliver it. Bearing that in mind, you should still give it as soon as you can.
-
-I didn't take any notes for the points "Ask for more" and "Push work down"
-because I didn't feel I was learning anything. Of course, this is specific to
-me. I'm sure plenty of people will find valuable advice in these sections.
-
-I quite liked the book; it was full of interesting points. What I didn't like
-was that sometimes the author repeated points that felt obvious to me. Also, I
-felt like the author was a bit full of himself (though that may simply reflect
-cultural differences).
-
-Reading *The Effective Manager* will provide you with a lot of techniques as a
-manager to complete your daily tasks. Even as someone without subordinates, I
-found this a valuable read, as it allows for some management in reverse.
-
-Finally, remember the saying: "people don't quit their jobs; they quit their
-managers." ;)
-
-<br/>
-
-*Thanks [Pamela](https://bsd.network/@pamela) for the proof-reading and the audio recording!*
blob - 9e931cbb42bfb745737d78e415b10bc29b5c0273 (mode 644)
blob + /dev/null
--- content/upgrading-openbsd-with-ansible.md
+++ /dev/null
@@ -1,205 +0,0 @@
-Title: Upgrading OpenBSD with Ansible
-Date: 2018-10-19
-Category: Tech
-
-This article is best enjoyed with basic knowledge of [OpenBSD
-autoinstall](https://man.openbsd.org/autoinstall) and [Ansible](https://www.ansible.com/)
-
-## [My router runs OpenBSD -current](#router) {: #router }
-
-A few months ago, I needed software that had just hit the ports tree. I didn't
-want to wait for the next release, so I upgraded my router to use -current.
-Since then, I've continued running -current, which means upgrading to a newer
-snapshot every so often. Running -current is great, but the process of updating
-to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable
-and then reboot into *bsd.rd*, hit enter ten times, then reboot, run `sysmerge`
-and update packages.
-
-I eventually switched to [upobsd](https://bitbucket.org/semarie/upobsd) to be
-able to upgrade without the need for a serial connection. The process was
-better, but still tiresome. Usually, I would prepare the special version of
-*bsd.rd*, boot on *bsd.rd*, and do something like wash the dishes in the
-meantime. After about ten minutes, I would dry my hands and then go back to my
-workstation to see whether the *bsd.rd* part had finished so I could run
-`sysmerge` and `pkg_add`, and then return to the dishes while it upgraded
-packages.
-
-Out of laziness, I thought: "I should automate this," but what happened instead
-is that I simply didn't upgrade that machine very often. (Yes, laziness). With
-my router out of commission, life is very dull, because it is my gateway to the
-Internet. Even services hosted at my place (like my Mastodon instance) are not
-reachable when the router is down because I use multiple VLANs (so I need the
-router to *jump* across VLANs).
-
-## [Ansible Reboot Module](#ansiblereboot) {: #ansiblereboot }
-
-I recently got a new job, and one of my first tasks was auditing the *Ansible*
-roles written by my predecessors. In one role, the machine rebooted and they
-used the
-[*wait_for_connection*](https://docs.ansible.com/ansible/2.5/modules/wait_for_module.html)
-module to wait for it to come back up. That sounded quite hackish to me, so out
-of curiosity, I tried to determine whether there was a better way. I also
-thought I might be able to use something similar to further automate my OpenBSD
-upgrades, and wanted to assess the cleanliness of this method. ;-)
-
-I learned that with the then-upcoming 2.7 Ansible release, a proper *reboot*
-module would be included. I went to the docs, which stated that for a certain
-parameter:
-
-~~~
-- On Linux and macOS, this is converted to minutes and
- rounded down. If less than 60, it will be set to 0.
-- On Solaris and FreeBSD, this will be seconds.
-~~~
-
-I took this to mean that there was no support for OpenBSD. I looked at the code
-and, indeed, there was not. However, I believed that it wouldn't be too hard
-to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64
-and then submitted it upstream. After a quick back and forth, the module's
-author [merged it into
-devel](https://github.com/ansible/ansible/commit/2769a4e2cc3aadbf91e7f4f83ef57b7ebe43442a)
-(having a friend working at Red Hat helped the process, merci Cyril !) A couple
-days later, the release engineer [merged it into
-stable-2.7](https://github.com/ansible/ansible/commit/26de4f97493adeb388c1c8fad7a266bb7652bac6).
-
-I proceeded to actually write the playbook, and then I hit a bug. The parameter
-*reboot_timeout* was not recognized by Ansible. This feature would definitely
-be useful on a slow machine (such as the Pine64 and its dying SD card). Again,
-my fix was [merged into
-master](https://github.com/ansible/ansible/commit/0105b4aeadb94dd12b921ed6c427b21cd31182fa)
-by the module's author and then [merged into
-stable-2.7](https://github.com/ansible/ansible/commit/a0f38bdab5ae0e183cb960fe9e964bf1edf7c326).
-2.7.1 will be the first release to feature these fixes, but if you use OpenBSD
--current, you already have access to them. I backported the patches when I
-[updated
-ansible](https://marc.info/?l=openbsd-ports-cvs&m=153994960724056&w=2).
-
-Fun fact about Ansible and reboots: "The win_reboot module was [...] included
-with Ansible 2.1," while for unix systems it wasn't added until 2.7. :D For
-more details, you can read the [module's author blog
-article](http://samdoran.com/ansible-reboot-plugin/).
-
-## [The Playbook](#playbook) {: #playbook }
-
-Initially, my playbook did the upgrade as usual (i.e., it fetched the sets in
-*bsd.rd*). During this process, of course, my machine is not performing its
-function as a router. My Internet access is not super great, so fetching the
-sets takes awhile. I got frustrated while I was testing it and looked into
-lessening the amount of time spent inside *bsd.rd*.
-
-To speed up the process, I wrote [a basic shell
-script](https://chown.me/iota/blog/fetch-sets) to fetch the sets **before**
-rebooting into *bsd.rd*. It enabled me to remove some *tasks* I had to do in
-order to get working Internet access in *bsd.rd*. (This is specific to my
-case).
-
-### [The playbook itself](#playbookitself) {: #playbookitself }
-
-~~~
----
-- name: Upgrade OpenBSD
- hosts: apu-root
- vars:
- arch: amd64
- date: "{{ lookup('pipe', 'date +%Y-%m-%d') }}"
- disk: "sd0"
- mirror: "fastly.cdn.openbsd.org"
- path_sets: "/home/danj/sets"
-
- tasks:
- - name: fetch sets
- command: /home/danj/bin/fetch-sets
- when: path_sets is defined
- - name: create answer file for upobsd
- template:
- src: answer.j2
- dest: answer
- delegate_to: localhost
- - name: create kernel with upobsd
- command: "upobsd -v -a {{ arch }} -u ./answer -m https://{{ mirror }}/pub/OpenBSD -V snapshots"
- delegate_to: localhost
- - name: copy bsd.rd created by upobsd
- copy:
- src: bsd.rd
- dest: /bsd
- - name: reboot host
- reboot:
- msg: "rebooting into bsd.rd to upgrade"
- reboot_timeout: 900
- - name: archive kernel
- copy:
- src: "/bsd"
- dest: "/bsd-{{ date }}"
- mode: 0700
- remote_src: "yes"
- - name: upgrade all packages
- command: "pkg_add -u -Dsnap"
-~~~
-
-### [The answer file](#answerfile) {: #answerfile }
-
-The answer file is automatically [mailed to root at the end of the
-upgrade](https://github.com/openbsd/src/blob/master/distrib/miniroot/install.sub#L2811-L2812),
-so it's easy to get it!
-
-In my case, the answer file transformed into a jinja2 template is:
-
-~~~
-Which disk is the root disk = sd0
-Force checking of clean non-root filesystems = no
-{% if path_sets is defined %}
-Location of sets = disk
-Is the disk partition already mounted = yes
-Pathname to the sets = {{ path_sets }}
-{% else %}
-Location of sets = http
-HTTP proxy URL = none
-HTTP Server = {{ mirror }}
-Server directory = pub/OpenBSD/snapshots/{{ arch }}
-{% endif %}
-Set name(s) = done
-Location of sets = done
-~~~
-
-### [The explanations](#explanations) {: #explanations }
-
-Ansible runs my script on the remote host to fetch the sets. It creates an
-answer file from the template and then gives it to *upobsd*. Once *upobsd* has
-created the kernel, Ansible copies it in place of `/bsd` on the host. The
-router reboots and boots on `/bsd`, which is upobsd's *bsd.rd*. The *installer*
-runs in *auto_update* mode. Once it comes back from *bsd.rd* land, it archives
-the kernel and finishes by upgrading all the packages.
-
-It also supports upgrading without fetching the sets ahead of time. For
-instance, I upgrade this way on my Pine64 because if I cared about speed, I
-wouldn't use this weak computer with its dying SD card. For this case, I just
-comment out the *path_sets* variable and Ansible instead creates an answer file
-that will instruct the installer to fetch the sets from the designated mirror.
-
-I've been archiving my kernels for a few years. It's a nice way to <strike>fill
-up /</strike> keep a history of my upgrades. If I spot a regression, I can
-try a previous kernel ... which may not work with the then-desynchronized
-*userland*, but that's another story.
-
-`sysmerge` already runs with
-[rc.sysmerge](https://github.com/openbsd/src/blob/master/etc/rc#L579-L580) in
-batch mode and sends the result by email. I don't think there's merit to
-running it again in the playbook. The only perk would be discovering **in the
-terminal** whether any files need to be manually merged, rather than reading
-exactly the same output in the email.
-
-Initially, I used the *openbsd_pkg* module, but it doesn't work on -current
-just **before** a release because `pkg_add` automatically looks for
-*pub/OpenBSD/${release}/packages/${arch}* (which is empty). I wrote and tested
-this playbook while 6.4 was around the corner, so I switched to *command* to be
-able to pass the `-Dsnap` parameter.
-
-## [The result](#result) {: #result }
-
-I'm very happy with the playbook! It performs the upgrade with as little
-intervention as possible and minimal downtime. \o/
-
-<br/>
-
-*Thanks [Pamela](https://bsd.network/@pamela) for the proof-reading!*
-
blob - f9226f13762f5137e2b6c4e5c1c229fad394c469 (mode 644)
blob + /dev/null
--- output/about
+++ /dev/null
@@ -1,84 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>About</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./about"><h1>About</h1></a>
-<br>
-<h2>Hey, I'm Daniel</h2>
-<p>I work as a system and network engineer in Montreal where I have been living since the end
-of 2016. In my spare time, I <a href="http://oxide.org/cvs/danj.html">contribute</a> to
-<a href="https://www.openbsd.org">OpenBSD</a>, I
-<a href="https://github.com/danieljakots">develop</a> in Python, and when it's hotter than
-10 Celsius, I ride my <a href="https://twitter.com/Vigdis_/status/857378539057893378">single
-speed</a>.</p>
-<p><a href="https://pics.chown.me/Jean-Canard/">My cat</a> goes by the name of <em>Jean Canard</em>.</p>
-<p>I've been a board member of the <a href="https://qix.ca/">QIX</a>, the
-<a href="https://en.wikipedia.org/wiki/Internet_exchange_point">Internet Exchange Point</a>
-in Montreal.</p>
-<p>Previously, I've been involved in a couple of non-profits such as
-<a href="https://www.franciliens.net/">Franciliens.net</a>, <a href="https://www.ffdn.org/">FFDN</a>,
-and <a href="https://nos-oignons.net/">Nos oignons</a>. At the time I was living in
-France. Before I came to Montreal, I lived for eight years in Normandy
-(Caen and Rouen) and one year in Brittany (Rennes).</p>
-<p>I have the Canadian and French citizenships.</p>
-<p>You can read quotes from me in
-<a href="http://www.lemonde.fr/technologies/article/2013/04/23/la-police-japonaise-recommande-le-blocage-du-reseau-tor_3164344_651865.html">Le Monde</a>
-and in <a href="https://twitter.com/amaelle_g">Amaelle Guiton</a>'s book
-<a href="http://hackers.micro-ouvert.net/">Au coeur de la résistance numérique</a>.</p>
-<h2>Corporate Biography</h2>
-<p>Daniel is a Python Developer focusing on DevOps methodologies. Curious by
-nature, his interests lie in the development of web applications, as well as
-their deployment, performance optimization, availability and security.</p>
-<p>During his studies, Daniel cultivated his passion for Information Technology.
-He first pursued the world of the command line on Ubuntu, then strove to
-develop his skills in system administration, followed by network
-administration. Heavily motivated toward leveraging his skills for community
-enrichment, Daniel has been involved in various non-profit organizations
-working to provide better Internet access.</p>
-<p>Daniel began his professional life as a system and network administrator in a
-server management company. Servicing small and medium-sized businesses, the
-focus of this work was technical administration for businesses lacking in-house
-resources, such as communications agencies. Managing the large number of
-servers required to meet customer needs helped him to recognize the utility of
-automation in deployment and server management.</p>
-<p>Having reached an end to the learning opportunities available within the
-non-profit sector, Daniel turned to open source contribution to further develop
-his skills. He began to submit patches with improvements to the OpenBSD
-project. After a year, Daniel was invited to join the small team of OpenBSD
-developers, and now works with developers worldwide to improve and maintain the
-project.</p>
-<p>Seeking a life change, Daniel took advantage of his dual national status and
-emigrated to Montreal. He continued to work as a system and network
-administrator, managing Ansible machines running OpenBSD that manage the
-network for a small host and network operator. To accomplish various tasks, he
-developed and deployed Python code at every opportunity.</p>
-<p>Eventually, Daniel decided to stop resisting his passion for Python and open
-source communities. He switched his focus to the world of development, seeking
-to bridge his primary interests and better understand operations from another
-perspective.</p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - f9226f13762f5137e2b6c4e5c1c229fad394c469 (mode 644)
blob + /dev/null
--- output/about.html
+++ /dev/null
@@ -1,84 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>About</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./about"><h1>About</h1></a>
-<br>
-<h2>Hey, I'm Daniel</h2>
-<p>I work as a system and network engineer in Montreal where I have been living since the end
-of 2016. In my spare time, I <a href="http://oxide.org/cvs/danj.html">contribute</a> to
-<a href="https://www.openbsd.org">OpenBSD</a>, I
-<a href="https://github.com/danieljakots">develop</a> in Python, and when it's hotter than
-10 Celsius, I ride my <a href="https://twitter.com/Vigdis_/status/857378539057893378">single
-speed</a>.</p>
-<p><a href="https://pics.chown.me/Jean-Canard/">My cat</a> goes by the name of <em>Jean Canard</em>.</p>
-<p>I've been a board member of the <a href="https://qix.ca/">QIX</a>, the
-<a href="https://en.wikipedia.org/wiki/Internet_exchange_point">Internet Exchange Point</a>
-in Montreal.</p>
-<p>Previously, I've been involved in a couple of non-profits such as
-<a href="https://www.franciliens.net/">Franciliens.net</a>, <a href="https://www.ffdn.org/">FFDN</a>,
-and <a href="https://nos-oignons.net/">Nos oignons</a>. At the time I was living in
-France. Before I came to Montreal, I lived for eight years in Normandy
-(Caen and Rouen) and one year in Brittany (Rennes).</p>
-<p>I have the Canadian and French citizenships.</p>
-<p>You can read quotes from me in
-<a href="http://www.lemonde.fr/technologies/article/2013/04/23/la-police-japonaise-recommande-le-blocage-du-reseau-tor_3164344_651865.html">Le Monde</a>
-and in <a href="https://twitter.com/amaelle_g">Amaelle Guiton</a>'s book
-<a href="http://hackers.micro-ouvert.net/">Au coeur de la résistance numérique</a>.</p>
-<h2>Corporate Biography</h2>
-<p>Daniel is a Python Developer focusing on DevOps methodologies. Curious by
-nature, his interests lie in the development of web applications, as well as
-their deployment, performance optimization, availability and security.</p>
-<p>During his studies, Daniel cultivated his passion for Information Technology.
-He first pursued the world of the command line on Ubuntu, then strove to
-develop his skills in system administration, followed by network
-administration. Heavily motivated toward leveraging his skills for community
-enrichment, Daniel has been involved in various non-profit organizations
-working to provide better Internet access.</p>
-<p>Daniel began his professional life as a system and network administrator in a
-server management company. Servicing small and medium-sized businesses, the
-focus of this work was technical administration for businesses lacking in-house
-resources, such as communications agencies. Managing the large number of
-servers required to meet customer needs helped him to recognize the utility of
-automation in deployment and server management.</p>
-<p>Having reached an end to the learning opportunities available within the
-non-profit sector, Daniel turned to open source contribution to further develop
-his skills. He began to submit patches with improvements to the OpenBSD
-project. After a year, Daniel was invited to join the small team of OpenBSD
-developers, and now works with developers worldwide to improve and maintain the
-project.</p>
-<p>Seeking a life change, Daniel took advantage of his dual national status and
-emigrated to Montreal. He continued to work as a system and network
-administrator, managing Ansible machines running OpenBSD that manage the
-network for a small host and network operator. To accomplish various tasks, he
-developed and deployed Python code at every opportunity.</p>
-<p>Eventually, Daniel decided to stop resisting his passion for Python and open
-source communities. He switched his focus to the world of development, seeking
-to bridge his primary interests and better understand operations from another
-perspective.</p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - 9923045235ec52e0315f653a2a166638af86cf38 (mode 644)
blob + /dev/null
--- output/blog/2FA-with-ssh-on-OpenBSD
+++ /dev/null
@@ -1,270 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>2FA with ssh on OpenBSD</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./2FA-with-ssh-on-OpenBSD"><h1>2FA with ssh on OpenBSD</h1></a>
-<p><b>Posted on 2018-08-31</b></p>
-<p>Five years ago I wrote about <a href="./yubikey.html">using a yubikey</a> on OpenBSD. The
-only problem with doing this is that there's no validation server available on
-OpenBSD, so you need to use a different OTP slot for each machine. (You don't
-want to risk a <a href="https://en.wikipedia.org/wiki/Replay_attack">replay attack</a> if
-someone succeeds in capturing an OTP on one machine, right?) Yubikey has two
-OTP slots per device, so you would need a yubikey for every two machines with
-which you'd like to use it. You could use a
-<a href="https://en.wikipedia.org/wiki/Bastion_host">bastion</a>—and use only one
-yubikey—but I don't like the SPOF aspect of a bastion. YMMV.</p>
-<p>After <a href="./my-recent-journey-with-2FA.html">I played with TOTP</a>, I wanted to use
-them as a 2FA for ssh. At the time of writing, we can't do that using only the
-tools in base. This article focuses on OpenBSD; if you use another operating
-system, here are two <a href="https://www.openbsd.org/faq/faq4.html">handy</a>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/INSTALL.amd64">links</a>.</p>
-<h2 id="seedconfig"><a href="#seedconfig">Seed configuration</a></h2>
-<p>The first thing we need to do is to install the software which will be used to
-verify the OTPs we submit.</p>
-<div class="codehilite"><pre><span></span># pkg_add login_oath
-</pre></div>
-
-
-<p>We need to create a <em>secret</em> - aka, the <em>seed</em> - that will be used to calculate
-the Time-based One-Time Passwords. We should make sure no one can read or
-change it.</p>
-<div class="codehilite"><pre><span></span>$ openssl rand -hex <span class="m">20</span> &gt; ~/.totp-key
-$ chmod <span class="m">400</span> ~/.totp-key
-</pre></div>
-
-
-<p>Now we have a hexadecimal key, but apps usually <a href="https://github.com/mattrubin/Authenticator/blob/develop/Authenticator/Source/TokenEntryForm.swift#L214">want a base32
-secret</a>.
-I initially wrote a small script to do the conversion.</p>
-<p>While writing this article, I took the opportunity to improve it. When I
-initially wrote this utility for my use,
-<a href="https://github.com/lincolnloop/python-qrcode">python-qrcode</a> hadn't yet been
-imported to the OpenBSD ports/packages system. It's easy to install now, so
-let's use it.</p>
-<p>Here's the improved version. It will ask for the hex key and output the secret
-as a base32-encoded string, both with and without spacing so you can copy-paste
-it into your password manager or easily retype it. It will then ask for the
-information needed to generate a <em>QR code</em>. Adding our new OTP secret to any
-mobile app using the QR code will be super easy!</p>
-<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-10
-11
-12
-13
-14
-15
-16
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="ch">#!/usr/bin/env python</span>
-
-<span class="c1"># DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE</span>
-<span class="c1"># Version 2, December 2004</span>
-
-<span class="c1"># Copyright (C) 2018 Daniel Jakots</span>
-
-
-<span class="kn">import</span> <span class="nn">binascii</span>
-<span class="kn">import</span> <span class="nn">base64</span>
-<span class="kn">import</span> <span class="nn">sys</span>
-
-<span class="k">try</span><span class="p">:</span>
- <span class="kn">import</span> <span class="nn">qrcode</span>
-<span class="k">except</span> <span class="ne">ModuleNotFoundError</span><span class="p">:</span>
- <span class="k">print</span><span class="p">(</span><span class="s2">&quot;pkg_add py3-qrcode&quot;</span><span class="p">)</span>
- <span class="n">sys</span><span class="o">.</span><span class="n">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span>
-
-<span class="n">seed_hex</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;Key in hex format &quot;</span><span class="p">)</span>
-
-<span class="n">binary_string</span> <span class="o">=</span> <span class="n">binascii</span><span class="o">.</span><span class="n">unhexlify</span><span class="p">(</span><span class="n">seed_hex</span><span class="p">)</span>
-<span class="n">seed_b32</span> <span class="o">=</span> <span class="n">base64</span><span class="o">.</span><span class="n">b32encode</span><span class="p">(</span><span class="n">binary_string</span><span class="p">)</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">&#39;utf-8&#39;</span><span class="p">)</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;The secret in a base32 encoded format&quot;</span><span class="p">)</span>
-<span class="k">print</span><span class="p">(</span><span class="n">seed_b32</span><span class="p">)</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;The same, but with a space every three letters for readability&quot;</span><span class="p">)</span>
-<span class="k">print</span><span class="p">(</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">([</span><span class="n">seed_b32</span><span class="p">[</span><span class="n">i</span><span class="p">:</span><span class="n">i</span><span class="o">+</span><span class="mi">3</span><span class="p">]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">seed_b32</span><span class="p">),</span> <span class="mi">3</span><span class="p">)]))</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;Let&#39;s create a QR code to import it into an app&quot;</span><span class="p">)</span>
-<span class="n">issuer</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;&#39;Issuer&#39; (can be the server name) &quot;</span><span class="p">)</span>
-<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;Username &quot;</span><span class="p">)</span>
-
-<span class="n">uri</span> <span class="o">=</span> <span class="n">f</span><span class="s2">&quot;otpauth://totp/{username}?secret={seed_b32}&amp;issuer={issuer}&quot;</span>
-<span class="n">img</span> <span class="o">=</span> <span class="n">qrcode</span><span class="o">.</span><span class="n">make</span><span class="p">(</span><span class="n">uri</span><span class="p">)</span>
-<span class="n">image_file</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="s2">&quot;qrcode-otp-{issuer}.jpg&quot;</span><span class="p">,</span> <span class="s2">&quot;wb&quot;</span><span class="p">)</span>
-<span class="n">img</span><span class="o">.</span><span class="n">save</span><span class="p">(</span><span class="n">image_file</span><span class="p">)</span>
-</pre></div>
-</td></tr></table>
-
-<p>You can fetch this script using <code>ftp
-https://chown.me/iota/blog/totp-hex-to-qrcode.py</code>. (The code isn't in any of
-my public repositories for
-<a href="https://chown.me/iota/blog/issues-public-repo.jpg">reasons</a>).</p>
-<p>We can check to make sure everything went smoothly by comparing the code
-provided by your mobile app to one generated by <em>oathtool</em> at the same time.
-The <em>oathtool</em> binary is provided by the package <em>oath-toolkit</em> (which is the
-dependency needed by <em>login_oath</em>). <em>oathtool</em> accepts the seed in either
-hexadecimal or base32 format.</p>
-<div class="codehilite"><pre><span></span>$ oathtool --totp 0123456789abcdef0123
-<span class="m">054640</span>
-$ oathtool --totp -b AERUKZ4JVPG66AJD
-<span class="m">054640</span>
-</pre></div>
-
-
-<p><em>0123456789abcdef0123</em> is the <em>seed</em> in hexadecimal format (as in
-<code>~/.totp-key</code>) and <em>AERUKZ4JVPG66AJD</em> is the same data, but base32-encoded.</p>
-<p>Alternatively, if you just want to do the hex -&gt; b32 conversion, <em>login_oath</em>'s
-README gives a Perl example (but it is not an unreadable one-liner, so you may
-not want to use it):</p>
-<div class="codehilite"><pre><span></span><span class="n">Some</span> <span class="n">tokens</span> <span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">g</span><span class="o">.</span> <span class="n">Google</span> <span class="n">Authenticator</span><span class="p">)</span> <span class="k">require</span> <span class="nn">secrets</span> <span class="n">in</span> <span class="n">base32</span> <span class="nb">format</span><span class="p">;</span>
-<span class="n">you</span> <span class="n">can</span> <span class="n">convert</span> <span class="n">them</span> <span class="n">with</span> <span class="n">p5</span><span class="o">-</span><span class="n">Convert</span><span class="o">-</span><span class="n">Base32:</span>
-
-<span class="k">use</span> <span class="nn">Convert::Base32</span><span class="p">;</span>
-<span class="k">my</span> <span class="nv">$s</span> <span class="o">=</span> <span class="nb">pack</span><span class="p">(</span><span class="s">&#39;H*&#39;</span><span class="p">,</span> <span class="s">&#39;99d12448129d1e8192e063d64714209137a13864&#39;</span><span class="p">);</span>
-<span class="k">print</span> <span class="n">encode_base32</span><span class="p">(</span><span class="nv">$s</span><span class="p">)</span><span class="o">.</span><span class="s">&quot;\n&quot;</span><span class="p">;</span>
-</pre></div>
-
-
-<h2 id="sysconfig"><a href="#sysconfig">System configuration</a></h2>
-<p>We can now move to the configuration of the system to put our new TOTP to use.
-As you might guess, it's going to be quite close to what we did with the
-yubikey.</p>
-<p>We need to tweak <code>login.conf</code>. <strong>Be careful</strong> and keep a root shell open at all
-times. The few times I broke my OpenBSD were because I messed with login.conf
-without showing enough care.</p>
-<p>After the lines:</p>
-<div class="codehilite"><pre><span></span># Default allowed authentication styles for authentication type ftp
-auth-ftp-defaults:auth-ftp=passwd:
-</pre></div>
-
-
-<p>we add:</p>
-<div class="codehilite"><pre><span></span># Default allowed authentication styles for authentication type ssh
-auth-ssh-defaults:auth-ssh=-totp:
-</pre></div>
-
-
-<p>and inside the class of the user account for which TOTP is being set, we add
-the line <code>:tc=auth-ssh-defaults:\</code>. For instance, in my case it's:</p>
-<div class="codehilite"><pre><span></span>staff:\
- :datasize-cur=1536M:\
- :datasize-max=infinity:\
- :maxproc-max=512:\
- :maxproc-cur=256:\
- :ignorenologin:\
- :requirehome@:\
- :tc=auth-ssh-defaults:\
- :tc=default:
-</pre></div>
-
-
-<p>(Hint: it's the penultimate line). You can check the class of your user using
-<code>id -c</code>.</p>
-<h2 id="sshdconfig"><a href="#sshdconfig">sshd configuration</a></h2>
-<p>Again, keeping a root shell around decreases the risk of losing access to the
-system and being locked outside.</p>
-<p>A good standard is to use <code>PasswordAuthentication no</code> and to use public key
-only. Except... have a guess what the <em>P</em> stands for in <em>TOTP</em>. Yes, congrats,
-you guessed it!</p>
-<p>We need to switch to <code>PasswordAuthentication yes</code>. However, if we made this
-change alone, sshd would then accept a public key OR a password (which are TOTP
-because of our <em>login.conf</em>). 2FA uses both at the same time.</p>
-<p>To inform sshd we intend to use both, we need to set <code>AuthenticationMethods
-publickey,password</code>. This way, the user trying to login will first need to
-perform the traditional publickey authentication. Once that's done, ssh will
-prompt for a password and the user will need to submit a valid TOTP for the
-system.</p>
-<p>We could do this the other way around, but I think bots could try passwords,
-wasting resources. Evaluated in this order, failing to provide a public key leads to
-sshd immediately declining your attempt.</p>
-<p>Here's the diff of the output when testing with <code>ssh -v</code> using both public-key-only authentication and two-factor authentication:</p>
-<div class="codehilite"><pre><span></span><span class="p">-</span><span class="nf">debug1:</span> <span class="n">Authentication</span> <span class="n">succeeded</span> <span class="p">(</span><span class="n">publickey</span><span class="p">).</span>
-<span class="o">+</span><span class="n">Authenticated</span> <span class="n">with</span> <span class="n">partial</span> <span class="n">success</span><span class="p">.</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Authentications</span> <span class="n">that</span> <span class="n">can</span> <span class="k">continue</span><span class="o">:</span> <span class="n">password</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Next</span> <span class="n">authentication</span> <span class="nl">method</span><span class="p">:</span> <span class="n">password</span>
-<span class="o">+</span><span class="n">danj</span><span class="mf">@198.51.100.12</span><span class="err">&#39;</span><span class="n">s</span> <span class="nl">password</span><span class="p">:</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Authentication</span> <span class="n">succeeded</span> <span class="p">(</span><span class="n">password</span><span class="p">).</span>
-</pre></div>
-
-
-<h2 id="nouximpact"><a href="#nouximpact">Improving security without impacting UX</a></h2>
-<p>My phone has a long enough password that most of the time, I fail to type it
-correctly on the first try. Of course, if I had to unlock my phone, launch my
-TOTP app and use my keyboard to enter what I see on my phone's screen, I would
-quickly disable 2FA.</p>
-<p>To find a balance, I have whitelisted certain IP addresses and users. If I
-connect from a particular IP address or as a specific user, I don't want to go
-through 2FA. For some users, I might not even enable 2FA.</p>
-<p>To whitelist, we can use the <em>Match</em> keyword. Here are two basic examples:</p>
-<div class="codehilite"><pre><span></span>Match User git
- AuthenticationMethods publickey
-</pre></div>
-
-
-<div class="codehilite"><pre><span></span>Match Address 203.0.113.47 # VPN
- AuthenticationMethods publickey
-</pre></div>
-
-
-<p><br/></p>
-<p>To sum up, we covered how to create a seed, how to perform a hexadecimal to
-base32 conversion and how to create a <em>QR code</em> for mobile applications. We
-configured the login system with <em>login.conf</em> so that ssh authentication uses
-the TOTP login system, and we told sshd to ask for both the public key and the
-Time-based One-Time Password. Now you should be all set to use two-factor
-ssh authentication on OpenBSD!</p>
-<p><br/></p>
-<p><em>Thanks <a href="https://bsd.network/@pamela">Pamela</a> for the proof-reading!</em></p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - 9923045235ec52e0315f653a2a166638af86cf38 (mode 644)
blob + /dev/null
--- output/blog/2FA-with-ssh-on-OpenBSD.html
+++ /dev/null
@@ -1,270 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>2FA with ssh on OpenBSD</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./2FA-with-ssh-on-OpenBSD"><h1>2FA with ssh on OpenBSD</h1></a>
-<p><b>Posted on 2018-08-31</b></p>
-<p>Five years ago I wrote about <a href="./yubikey.html">using a yubikey</a> on OpenBSD. The
-only problem with doing this is that there's no validation server available on
-OpenBSD, so you need to use a different OTP slot for each machine. (You don't
-want to risk a <a href="https://en.wikipedia.org/wiki/Replay_attack">replay attack</a> if
-someone succeeds in capturing an OTP on one machine, right?) Yubikey has two
-OTP slots per device, so you would need a yubikey for every two machines with
-which you'd like to use it. You could use a
-<a href="https://en.wikipedia.org/wiki/Bastion_host">bastion</a>—and use only one
-yubikey—but I don't like the SPOF aspect of a bastion. YMMV.</p>
-<p>After <a href="./my-recent-journey-with-2FA.html">I played with TOTP</a>, I wanted to use
-them as a 2FA for ssh. At the time of writing, we can't do that using only the
-tools in base. This article focuses on OpenBSD; if you use another operating
-system, here are two <a href="https://www.openbsd.org/faq/faq4.html">handy</a>
-<a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/INSTALL.amd64">links</a>.</p>
-<h2 id="seedconfig"><a href="#seedconfig">Seed configuration</a></h2>
-<p>The first thing we need to do is to install the software which will be used to
-verify the OTPs we submit.</p>
-<div class="codehilite"><pre><span></span># pkg_add login_oath
-</pre></div>
-
-
-<p>We need to create a <em>secret</em> - aka, the <em>seed</em> - that will be used to calculate
-the Time-based One-Time Passwords. We should make sure no one can read or
-change it.</p>
-<div class="codehilite"><pre><span></span>$ openssl rand -hex <span class="m">20</span> &gt; ~/.totp-key
-$ chmod <span class="m">400</span> ~/.totp-key
-</pre></div>
-
-
-<p>Now we have a hexadecimal key, but apps usually <a href="https://github.com/mattrubin/Authenticator/blob/develop/Authenticator/Source/TokenEntryForm.swift#L214">want a base32
-secret</a>.
-I initially wrote a small script to do the conversion.</p>
-<p>While writing this article, I took the opportunity to improve it. When I
-initially wrote this utility for my use,
-<a href="https://github.com/lincolnloop/python-qrcode">python-qrcode</a> hadn't yet been
-imported to the OpenBSD ports/packages system. It's easy to install now, so
-let's use it.</p>
-<p>Here's the improved version. It will ask for the hex key and output the secret
-as a base32-encoded string, both with and without spacing so you can copy-paste
-it into your password manager or easily retype it. It will then ask for the
-information needed to generate a <em>QR code</em>. Adding our new OTP secret to any
-mobile app using the QR code will be super easy!</p>
-<table class="codehilitetable"><tr><td class="linenos"><div class="linenodiv"><pre> 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-10
-11
-12
-13
-14
-15
-16
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37</pre></div></td><td class="code"><div class="codehilite"><pre><span></span><span class="ch">#!/usr/bin/env python</span>
-
-<span class="c1"># DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE</span>
-<span class="c1"># Version 2, December 2004</span>
-
-<span class="c1"># Copyright (C) 2018 Daniel Jakots</span>
-
-
-<span class="kn">import</span> <span class="nn">binascii</span>
-<span class="kn">import</span> <span class="nn">base64</span>
-<span class="kn">import</span> <span class="nn">sys</span>
-
-<span class="k">try</span><span class="p">:</span>
- <span class="kn">import</span> <span class="nn">qrcode</span>
-<span class="k">except</span> <span class="ne">ModuleNotFoundError</span><span class="p">:</span>
- <span class="k">print</span><span class="p">(</span><span class="s2">&quot;pkg_add py3-qrcode&quot;</span><span class="p">)</span>
- <span class="n">sys</span><span class="o">.</span><span class="n">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span>
-
-<span class="n">seed_hex</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;Key in hex format &quot;</span><span class="p">)</span>
-
-<span class="n">binary_string</span> <span class="o">=</span> <span class="n">binascii</span><span class="o">.</span><span class="n">unhexlify</span><span class="p">(</span><span class="n">seed_hex</span><span class="p">)</span>
-<span class="n">seed_b32</span> <span class="o">=</span> <span class="n">base64</span><span class="o">.</span><span class="n">b32encode</span><span class="p">(</span><span class="n">binary_string</span><span class="p">)</span><span class="o">.</span><span class="n">decode</span><span class="p">(</span><span class="s1">&#39;utf-8&#39;</span><span class="p">)</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;The secret in a base32 encoded format&quot;</span><span class="p">)</span>
-<span class="k">print</span><span class="p">(</span><span class="n">seed_b32</span><span class="p">)</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;The same, but with a space every three letters for readability&quot;</span><span class="p">)</span>
-<span class="k">print</span><span class="p">(</span><span class="s1">&#39; &#39;</span><span class="o">.</span><span class="n">join</span><span class="p">([</span><span class="n">seed_b32</span><span class="p">[</span><span class="n">i</span><span class="p">:</span><span class="n">i</span><span class="o">+</span><span class="mi">3</span><span class="p">]</span> <span class="k">for</span> <span class="n">i</span> <span class="ow">in</span> <span class="nb">range</span><span class="p">(</span><span class="mi">0</span><span class="p">,</span> <span class="nb">len</span><span class="p">(</span><span class="n">seed_b32</span><span class="p">),</span> <span class="mi">3</span><span class="p">)]))</span>
-
-<span class="k">print</span><span class="p">(</span><span class="s2">&quot;Let&#39;s create a QR code to import it into an app&quot;</span><span class="p">)</span>
-<span class="n">issuer</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;&#39;Issuer&#39; (can be the server name) &quot;</span><span class="p">)</span>
-<span class="n">username</span> <span class="o">=</span> <span class="nb">input</span><span class="p">(</span><span class="s2">&quot;Username &quot;</span><span class="p">)</span>
-
-<span class="n">uri</span> <span class="o">=</span> <span class="n">f</span><span class="s2">&quot;otpauth://totp/{username}?secret={seed_b32}&amp;issuer={issuer}&quot;</span>
-<span class="n">img</span> <span class="o">=</span> <span class="n">qrcode</span><span class="o">.</span><span class="n">make</span><span class="p">(</span><span class="n">uri</span><span class="p">)</span>
-<span class="n">image_file</span> <span class="o">=</span> <span class="nb">open</span><span class="p">(</span><span class="n">f</span><span class="s2">&quot;qrcode-otp-{issuer}.jpg&quot;</span><span class="p">,</span> <span class="s2">&quot;wb&quot;</span><span class="p">)</span>
-<span class="n">img</span><span class="o">.</span><span class="n">save</span><span class="p">(</span><span class="n">image_file</span><span class="p">)</span>
-</pre></div>
-</td></tr></table>
-
-<p>You can fetch this script using <code>ftp
-https://chown.me/iota/blog/totp-hex-to-qrcode.py</code>. (The code isn't in any of
-my public repositories for
-<a href="https://chown.me/iota/blog/issues-public-repo.jpg">reasons</a>).</p>
-<p>We can check to make sure everything went smoothly by comparing the code
-provided by your mobile app to one generated by <em>oathtool</em> at the same time.
-The <em>oathtool</em> binary is provided by the package <em>oath-toolkit</em> (which is the
-dependency needed by <em>login_oath</em>). <em>oathtool</em> accepts the seed in either
-hexadecimal or base32 format.</p>
-<div class="codehilite"><pre><span></span>$ oathtool --totp 0123456789abcdef0123
-<span class="m">054640</span>
-$ oathtool --totp -b AERUKZ4JVPG66AJD
-<span class="m">054640</span>
-</pre></div>
-
-
-<p><em>0123456789abcdef0123</em> is the <em>seed</em> in hexadecimal format (as in
-<code>~/.totp-key</code>) and <em>AERUKZ4JVPG66AJD</em> is the same data, but base32-encoded.</p>
-<p>Alternatively, if you just want to do the hex -&gt; b32 conversion, <em>login_oath</em>'s
-README gives a Perl example (but it is not an unreadable one-liner, so you may
-not want to use it):</p>
-<div class="codehilite"><pre><span></span><span class="n">Some</span> <span class="n">tokens</span> <span class="p">(</span><span class="n">e</span><span class="o">.</span><span class="n">g</span><span class="o">.</span> <span class="n">Google</span> <span class="n">Authenticator</span><span class="p">)</span> <span class="k">require</span> <span class="nn">secrets</span> <span class="n">in</span> <span class="n">base32</span> <span class="nb">format</span><span class="p">;</span>
-<span class="n">you</span> <span class="n">can</span> <span class="n">convert</span> <span class="n">them</span> <span class="n">with</span> <span class="n">p5</span><span class="o">-</span><span class="n">Convert</span><span class="o">-</span><span class="n">Base32:</span>
-
-<span class="k">use</span> <span class="nn">Convert::Base32</span><span class="p">;</span>
-<span class="k">my</span> <span class="nv">$s</span> <span class="o">=</span> <span class="nb">pack</span><span class="p">(</span><span class="s">&#39;H*&#39;</span><span class="p">,</span> <span class="s">&#39;99d12448129d1e8192e063d64714209137a13864&#39;</span><span class="p">);</span>
-<span class="k">print</span> <span class="n">encode_base32</span><span class="p">(</span><span class="nv">$s</span><span class="p">)</span><span class="o">.</span><span class="s">&quot;\n&quot;</span><span class="p">;</span>
-</pre></div>
-
-
-<h2 id="sysconfig"><a href="#sysconfig">System configuration</a></h2>
-<p>We can now move to the configuration of the system to put our new TOTP to use.
-As you might guess, it's going to be quite close to what we did with the
-yubikey.</p>
-<p>We need to tweak <code>login.conf</code>. <strong>Be careful</strong> and keep a root shell open at all
-times. The few times I broke my OpenBSD were because I messed with login.conf
-without showing enough care.</p>
-<p>After the lines:</p>
-<div class="codehilite"><pre><span></span># Default allowed authentication styles for authentication type ftp
-auth-ftp-defaults:auth-ftp=passwd:
-</pre></div>
-
-
-<p>we add:</p>
-<div class="codehilite"><pre><span></span># Default allowed authentication styles for authentication type ssh
-auth-ssh-defaults:auth-ssh=-totp:
-</pre></div>
-
-
-<p>and inside the class of the user account for which TOTP is being set, we add
-the line <code>:tc=auth-ssh-defaults:\</code>. For instance, in my case it's:</p>
-<div class="codehilite"><pre><span></span>staff:\
- :datasize-cur=1536M:\
- :datasize-max=infinity:\
- :maxproc-max=512:\
- :maxproc-cur=256:\
- :ignorenologin:\
- :requirehome@:\
- :tc=auth-ssh-defaults:\
- :tc=default:
-</pre></div>
-
-
-<p>(Hint: it's the penultimate line). You can check the class of your user using
-<code>id -c</code>.</p>
-<h2 id="sshdconfig"><a href="#sshdconfig">sshd configuration</a></h2>
-<p>Again, keeping a root shell around decreases the risk of losing access to the
-system and being locked outside.</p>
-<p>A good standard is to use <code>PasswordAuthentication no</code> and to use public key
-only. Except... have a guess what the <em>P</em> stands for in <em>TOTP</em>. Yes, congrats,
-you guessed it!</p>
-<p>We need to switch to <code>PasswordAuthentication yes</code>. However, if we made this
-change alone, sshd would then accept a public key OR a password (which are TOTP
-because of our <em>login.conf</em>). 2FA uses both at the same time.</p>
-<p>To inform sshd we intend to use both, we need to set <code>AuthenticationMethods
-publickey,password</code>. This way, the user trying to login will first need to
-perform the traditional publickey authentication. Once that's done, ssh will
-prompt for a password and the user will need to submit a valid TOTP for the
-system.</p>
-<p>We could do this the other way around, but I think bots could try passwords,
-wasting resources. Evaluated in this order, failing to provide a public key leads to
-sshd immediately declining your attempt.</p>
-<p>Here's the diff of the output when testing with <code>ssh -v</code> using both public-key-only authentication and two-factor authentication:</p>
-<div class="codehilite"><pre><span></span><span class="p">-</span><span class="nf">debug1:</span> <span class="n">Authentication</span> <span class="n">succeeded</span> <span class="p">(</span><span class="n">publickey</span><span class="p">).</span>
-<span class="o">+</span><span class="n">Authenticated</span> <span class="n">with</span> <span class="n">partial</span> <span class="n">success</span><span class="p">.</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Authentications</span> <span class="n">that</span> <span class="n">can</span> <span class="k">continue</span><span class="o">:</span> <span class="n">password</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Next</span> <span class="n">authentication</span> <span class="nl">method</span><span class="p">:</span> <span class="n">password</span>
-<span class="o">+</span><span class="n">danj</span><span class="mf">@198.51.100.12</span><span class="err">&#39;</span><span class="n">s</span> <span class="nl">password</span><span class="p">:</span>
-<span class="o">+</span><span class="nl">debug1</span><span class="p">:</span> <span class="n">Authentication</span> <span class="n">succeeded</span> <span class="p">(</span><span class="n">password</span><span class="p">).</span>
-</pre></div>
-
-
-<h2 id="nouximpact"><a href="#nouximpact">Improving security without impacting UX</a></h2>
-<p>My phone has a long enough password that most of the time, I fail to type it
-correctly on the first try. Of course, if I had to unlock my phone, launch my
-TOTP app and use my keyboard to enter what I see on my phone's screen, I would
-quickly disable 2FA.</p>
-<p>To find a balance, I have whitelisted certain IP addresses and users. If I
-connect from a particular IP address or as a specific user, I don't want to go
-through 2FA. For some users, I might not even enable 2FA.</p>
-<p>To whitelist, we can use the <em>Match</em> keyword. Here are two basic examples:</p>
-<div class="codehilite"><pre><span></span>Match User git
- AuthenticationMethods publickey
-</pre></div>
-
-
-<div class="codehilite"><pre><span></span>Match Address 203.0.113.47 # VPN
- AuthenticationMethods publickey
-</pre></div>
-
-
-<p><br/></p>
-<p>To sum up, we covered how to create a seed, how to perform a hexadecimal to
-base32 conversion and how to create a <em>QR code</em> for mobile applications. We
-configured the login system with <em>login.conf</em> so that ssh authentication uses
-the TOTP login system, and we told sshd to ask for both the public key and the
-Time-based One-Time Password. Now you should be all set to use two-factor
-ssh authentication on OpenBSD!</p>
-<p><br/></p>
-<p><em>Thanks <a href="https://bsd.network/@pamela">Pamela</a> for the proof-reading!</em></p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - a1196f980d872abeff153453cff97722094e714d (mode 644)
blob + /dev/null
--- output/blog/blog-improvements
+++ /dev/null
@@ -1,61 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>Improvements to this blog</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./blog-improvements"><h1>Improvements to this blog</h1></a>
-<p><b>Posted on 2020-06-16</b></p>
-<p>This article announces a new version of this blog. Available right now!</p>
-<p>In my <a href="./pics2html">previous article</a>, I said that "seeing how easy writing a
-static site generator was made me want to write one for my blog," and that's
-what I did! I initially wrote a very long article to tell the whole story, but
-then I decided I didn't want to have such a long article here. Here's a short
-version.</p>
-<p>Basically, I used a small subset of all the features pelican provides. Writing
-my own software gives me more control. However, with great power comes great
-ownership of the code, since I doubt anyone else is going to touch my code. But
-I like it.</p>
-<p>Here's a short list of the changes:</p>
-<ul>
-<li>Cleaner and much simpler CSS.</li>
-<li>Related to the previous point, the text is always centered. It was not
- exactly easy to achieve this, hence the joke in the footer.</li>
-<li>HTML headers (like h2 and h3) have now HTML anchors to make it easy to share
- specific parts of a post.</li>
-<li>No more sharing buttons. I doubt they were used (but what do I know?) and
- copying and pasting a link is not that hard. Less clutter on the interface,
-so it's an improvement.</li>
-<li>I have a contact page. I hope it will make the experience better for
- everyone.</li>
-<li>No breakage. I was careful to keep the same link for most things. Please let
- me know if you notice otherwise!</li>
-<li><a href="https://en.wikipedia.org/wiki/Clean_URL">Clean URL</a>. But to keep everything
- working as before, all pages will be reachable with the .html extension as
- well.</li>
-<li>New pygment style (for inline code), which I think is nicer.</li>
-</ul>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - a1196f980d872abeff153453cff97722094e714d (mode 644)
blob + /dev/null
--- output/blog/blog-improvements.html
+++ /dev/null
@@ -1,61 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>Improvements to this blog</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./blog-improvements"><h1>Improvements to this blog</h1></a>
-<p><b>Posted on 2020-06-16</b></p>
-<p>This article announces a new version of this blog. Available right now!</p>
-<p>In my <a href="./pics2html">previous article</a>, I said that "seeing how easy writing a
-static site generator was made me want to write one for my blog," and that's
-what I did! I initially wrote a very long article to tell the whole story, but
-then I decided I didn't want to have such a long article here. Here's a short
-version.</p>
-<p>Basically, I used a small subset of all the features pelican provides. Writing
-my own software gives me more control. However, with great power comes great
-ownership of the code, since I doubt anyone else is going to touch my code. But
-I like it.</p>
-<p>Here's a short list of the changes:</p>
-<ul>
-<li>Cleaner and much simpler CSS.</li>
-<li>Related to the previous point, the text is always centered. It was not
- exactly easy to achieve this, hence the joke in the footer.</li>
-<li>HTML headers (like h2 and h3) have now HTML anchors to make it easy to share
- specific parts of a post.</li>
-<li>No more sharing buttons. I doubt they were used (but what do I know?) and
- copying and pasting a link is not that hard. Less clutter on the interface,
-so it's an improvement.</li>
-<li>I have a contact page. I hope it will make the experience better for
- everyone.</li>
-<li>No breakage. I was careful to keep the same link for most things. Please let
- me know if you notice otherwise!</li>
-<li><a href="https://en.wikipedia.org/wiki/Clean_URL">Clean URL</a>. But to keep everything
- working as before, all pages will be reachable with the .html extension as
- well.</li>
-<li>New pygment style (for inline code), which I think is nicer.</li>
-</ul>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - a222319c61078b98362032dc4bc092d989aa13aa (mode 644)
blob + /dev/null
--- output/blog/dumping-pics
+++ /dev/null
@@ -1,51 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>Dumping pics</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./dumping-pics"><h1>Dumping pics</h1></a>
-<p><b>Posted on 2017-11-04</b></p>
-<p>A few years ago I bought a camera (a Canon 100D) and since that I take
-pictures from time to time. I go through all the pics I take and I
-pick the best then I enhance them a bit with rawtherapee and finally I
-post them on <a href="http://piks.chown.me">500px</a>. This process is a bit
-<em>relou</em> so I don't often do it. Of course I don't always have my camera
-with me, but I do have my phone most of the time.</p>
-<p>I take a lot of pictures with my phone and I sometimes post them on
-some social networks. All these social networks I'm on, are based on
-ephemeral publications so after a <strong>short</strong> while, the stuff goes out
-of your mind and you never see it again.</p>
-<p>I looked for a self-hostable solution. I found PHP-based software like
-leetchi and piwigo but I wasn't fond of these. I looked at static
-generators as I already use one (pelican) for this blog. Sadly, there
-are maaaanyyyy of them for blogs and text-based publications but for
-gallery there very few static generators. Finally I found
-<a href="https://github.com/saimn/sigal">sigal</a> which is maintained, written
-in python, quite nice and very straight forward to use.</p>
-<p>Here's the result: <a href="https://pics.chown.me/">https://pics.chown.me/</a> (with among other themes,
-as of now, 229 pics of my delicious kitten <em>Jean Canard</em>).</p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - a222319c61078b98362032dc4bc092d989aa13aa (mode 644)
blob + /dev/null
--- output/blog/dumping-pics.html
+++ /dev/null
@@ -1,51 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>Dumping pics</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./dumping-pics"><h1>Dumping pics</h1></a>
-<p><b>Posted on 2017-11-04</b></p>
-<p>A few years ago I bought a camera (a Canon 100D) and since that I take
-pictures from time to time. I go through all the pics I take and I
-pick the best then I enhance them a bit with rawtherapee and finally I
-post them on <a href="http://piks.chown.me">500px</a>. This process is a bit
-<em>relou</em> so I don't often do it. Of course I don't always have my camera
-with me, but I do have my phone most of the time.</p>
-<p>I take a lot of pictures with my phone and I sometimes post them on
-some social networks. All these social networks I'm on, are based on
-ephemeral publications so after a <strong>short</strong> while, the stuff goes out
-of your mind and you never see it again.</p>
-<p>I looked for a self-hostable solution. I found PHP-based software like
-leetchi and piwigo but I wasn't fond of these. I looked at static
-generators as I already use one (pelican) for this blog. Sadly, there
-are maaaanyyyy of them for blogs and text-based publications but for
-gallery there very few static generators. Finally I found
-<a href="https://github.com/saimn/sigal">sigal</a> which is maintained, written
-in python, quite nice and very straight forward to use.</p>
-<p>Here's the result: <a href="https://pics.chown.me/">https://pics.chown.me/</a> (with among other themes,
-as of now, 229 pics of my delicious kitten <em>Jean Canard</em>).</p>
- <br>
- <footer>
- <p>This website is best viewed on a screen identical to my own. <a href="https://github.com/danieljakots/chownmeblog">Source code</a></p>
- </footer>
- </div>
-</body>
-</html>
\ No newline at end of file
blob - a8ed9b85e472d4bbb17f6fb3471b6b0457b696ba (mode 644)
blob + /dev/null
--- output/blog/feeds/atom.xml
+++ /dev/null
@@ -1,2070 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<feed xmlns="http://www.w3.org/2005/Atom"><title>Daniel Jakots</title><link href="https://chown.me/" rel="alternate"></link><link href="https://chown.me/blog/feeds/atom.xml" rel="self"></link><id>https://chown.me/</id><updated>2020-06-16T10:00:00Z</updated><entry><title>Improvements to this blog</title><link href="https://chown.me/blog/blog-improvements" rel="alternate"></link><published>2020-06-16T10:00:00Z</published><updated>2020-06-16T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2020-06-16:/blog/blog-improvements</id><summary type="html">&lt;p&gt;This article announces a new version of this blog. Available right now!&lt;/p&gt;
-&lt;p&gt;In my &lt;a href="./pics2html"&gt;previous article&lt;/a&gt;, I said that "seeing how easy writing a
-static site generator was made me want to write one for my blog," and that's
-what I did! I initially wrote a very long article to tell the whole story, but
-then I decided I didn't want to have such a long article here. Here's a short
-version.&lt;/p&gt;
-&lt;p&gt;Basically, I used a small subset of all the features pelican provides. Writing
-my own software gives me more control. However, with great power comes great
-ownership of the code, since I doubt anyone else is going to touch my code. But
-I like it.&lt;/p&gt;
-&lt;p&gt;Here's a short list of the changes:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;Cleaner and much simpler CSS.&lt;/li&gt;
-&lt;li&gt;Related to the previous point, the text is always centered. It was not
- exactly easy to achieve this, hence the joke in the footer.&lt;/li&gt;
-&lt;li&gt;HTML headers (like h2 and h3) have now HTML anchors to make it easy to share
- specific parts of a post.&lt;/li&gt;
-&lt;li&gt;No more sharing buttons. I doubt they were used (but what do I know?) and
- copying and pasting a link is not that hard. Less clutter on the interface,
-so it's an improvement.&lt;/li&gt;
-&lt;li&gt;I have a contact page. I hope it will make the experience better for
- everyone.&lt;/li&gt;
-&lt;li&gt;No breakage. I was careful to keep the same link for most things. Please let
- me know if you notice otherwise!&lt;/li&gt;
-&lt;li&gt;&lt;a href="https://en.wikipedia.org/wiki/Clean_URL"&gt;Clean URL&lt;/a&gt;. But to keep everything
- working as before, all pages will be reachable with the .html extension as
- well.&lt;/li&gt;
-&lt;li&gt;New pygment style (for inline code), which I think is nicer.&lt;/li&gt;
-&lt;/ul&gt;</summary></entry><entry><title>How I accidentally wrote a static site generator</title><link href="https://chown.me/blog/pics2html" rel="alternate"></link><published>2020-04-08T10:00:00Z</published><updated>2020-04-08T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2020-04-08:/blog/pics2html</id><summary type="html">&lt;h2 id="context"&gt;&lt;a href="#context"&gt;Some context first&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I bought my
-&lt;a href="https://en.wikipedia.org/wiki/Digital_single-lens_reflex_camera"&gt;DSLR&lt;/a&gt; at the
-end of 2014. I wanted to host the resulting pictures somewhere. I never liked
-Flickr much, so I went with 500px. I liked the website and the UI/UX was pretty
-nice. The community was pretty cool. Having skilled photographers around is
-really valuable, as you can learn and find inspiration. But it might also hurt
-(it definitely did, sometimes) to see photographs much better than yours!&lt;/p&gt;
-&lt;p&gt;For some reason, I kinda stopped photography in 2017. I took a few pictures
-here and there but didn't do anything with them. Basically, the cost (i.e. the
-time the whole thing took) was way too high for what I felt I got from it
-(emotions or whatever).&lt;/p&gt;
-&lt;p&gt;At the beginning of 2020, I went through all my data on my personal storage
-(which included my pictures) to sort and rearrange them. It made me happy to
-have all those &lt;em&gt;souvenirs&lt;/em&gt; and I thought I should really go shoot again.&lt;/p&gt;
-&lt;p&gt;This narrative is not entirely true, though. ;)&lt;/p&gt;
-&lt;p&gt;While it did happen, it didn't happen initially. I bought &lt;a href="https://dumpster.chown.me/mastodon/media_attachments/files/000/050/759/original/18e91ddf4f0c6ce4.jpeg"&gt;a case for my
-photography
-gear&lt;/a&gt;
-for unrelated reasons (compulsive buying) and thought if I was spending money
-on it again, I should make good use of it. Nevertheless, the souvenirs really
-nailed my motivation!&lt;/p&gt;
-&lt;p&gt;Initially, I thought I could keep using 500px but I realized I'd lost my access
-and that during my hiatus &lt;a href="https://support.500px.com/hc/en-us/articles/360017752493-Security-Issue-February-2019-FAQ"&gt;they had been
-pwned&lt;/a&gt;.
-Now that I have more experience publishing pictures on the Internet, I have a
-better idea of what I want and care about. During the ensuing years, I have
-also acquired much more experience in &lt;a href="./infrastructure-2019.html"&gt;hosting my own
-services&lt;/a&gt;, which I try to do for everything I use.&lt;/p&gt;
-&lt;h2 id="foss"&gt;&lt;a href="#foss"&gt;Looking for some FOSS&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I thought writing my own would be difficult/time consuming, so I went for doing
-what I do best: using existing Free Software. I carefully thought through my
-requirements, and here they are:&lt;/p&gt;
-&lt;p&gt;A quality project is both subjective, and an obvious requirement so I won't
-talk more about it. But PHP apps written by someone who wanted to make their
-first project? I'll pass. :)&lt;/p&gt;
-&lt;p&gt;I really care about showing &lt;a href="https://en.wikipedia.org/wiki/Exif"&gt;EXIF&lt;/a&gt; for
-pictures. As with software, being able to study how they're made is really
-helpful. I feel like pictures without EXIF are as interesting as closed source
-software, so I tend to ignore both. (In a photography context, of course. I
-won't look at which phone model took that cat picture).&lt;/p&gt;
-&lt;p&gt;On a side note, surprisingly, I learned that people recently created gallery
-software and added machine learning. Well, I've better use for my computing
-power and I prefer simpler things.&lt;/p&gt;
-&lt;p&gt;AND SHOW THOSE DAMN EXIF!&lt;/p&gt;
-&lt;h2 id="myown"&gt;&lt;a href="#myown"&gt;Writing my own - the process&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Sadly, I didn't find anything that met those two simple requirements.&lt;/p&gt;
-&lt;p&gt;Because of that, I thought I would either write something myself or put the
-photos into my blog. I was not very fond of the idea of putting my pictures on
-my blog (as a weird application of the "do one thing and do it well" rule), but
-even if I were to do so, I wouldn't want to extract the EXIF myself/manually
-for each picture.&lt;/p&gt;
-&lt;p&gt;I began writing a python script which parsed the EXIF, which was kind of funny.
-For instance, the library I use gives a tuple for the exposure and depending on
-each field's value, &lt;a href="https://github.com/danieljakots/pics2html/blob/c08e2b17476e28e8304bfaadc94f76d77d4c74df/pics2html.py#L62-L74"&gt;it has a different
-meaning&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I had already used jinja2 in my &lt;a href="https://github.com/danieljakots/uv"&gt;uv&lt;/a&gt;
-script, so I thought "let's generate a basic html page!" since it was easy.
-That was my planned alternative to using my blog. Since I know nothing about
-web design/frontend and I wasn't very enthusiastic, I thought maybe I would
-later hire someone to do it.&lt;/p&gt;
-&lt;p&gt;I began to add some very basic CSS to experiment. I had scavenged it from some
-random website which had the nice quality of being very simple! I was happy
-with the result, so I tried to improve it further. I thought "if I'm stuck or
-stop having fun, then I'll look into hiring" which eased my mind a lot!&lt;/p&gt;
-&lt;p&gt;Surprisingly, I didn't struggle that much and I did have fun! Tackling one
-small issue at a time made it a breeze.&lt;/p&gt;
-&lt;p&gt;I thought that using icons was better than text since they convey as much
-information while being much much shorter. I had bookmarked a &lt;a href="https://github.com/tabler/tabler-icons"&gt;set of
-icons&lt;/a&gt; (because they're MIT-licensed) a
-few days before, thinking "I doubt I'll ever need these, but who knows?" The
-set didn't have an icon for the &lt;em&gt;lens&lt;/em&gt; so I used the &lt;em&gt;lego&lt;/em&gt; icon. It looks
-similar and it has a smile on it! What's not to love?&lt;/p&gt;
-&lt;p&gt;During the process, I went to look at how I did stuff with my blog and I
-noticed it was a complete mess. Seeing how easy writing a static site generator
-was made me want to write one for my blog. So, stay tuned! ;)&lt;/p&gt;
-&lt;h2 id="result"&gt;&lt;a href="#result"&gt;The result&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;The result is available here: &lt;a href="https://px.chown.me/"&gt;https://px.chown.me/&lt;/a&gt;. The &lt;a href="https://github.com/danieljakots/pics2html"&gt;code is, of course,
-available&lt;/a&gt; as well.&lt;/p&gt;
-&lt;p&gt;I would not necessarily advise someone to reuse the code as-is (even though you
-definitely can since it's Free Software). It's pretty tailored to my needs. For
-instance, the red color used is the same as on my &lt;a href="./new-design.html"&gt;blog&lt;/a&gt;
-(coherency FTW). I made no effort to make it easily customizable, more than
-what I needed to make the code maintainable (up to a certain point, since I
-have exactly 0 tests... I already feel my future self's frustration, &lt;em&gt;oops!&lt;/em&gt;).&lt;/p&gt;
-&lt;p&gt;That said, if you're thinking about building something similar, you're totally
-free (well as long as you abide by the license terms ;)) to study/take parts
-from it!&lt;/p&gt;
-&lt;p&gt;I'm really happy with the result. The code is pretty simple (though some hacks
-exist here and there), as you would expect from a less-than-300-line python
-script. I learned quite a few things (e.g. improved my skill with jinja2,
-discovered that creating a RSS feed is actually not that hard, etc). I'm really
-happy with how the website looks. Doing web design is completely out of the
-ordinary for me, so it was nice to do something different!&lt;/p&gt;
-&lt;p&gt;And it's funny... I do things that are 1000x times more complicated, but
-generating 200 html files with a single command really feels like magic!&lt;/p&gt;</summary></entry><entry><title>My infrastructure as of 2019</title><link href="https://chown.me/blog/infrastructure-2019" rel="alternate"></link><published>2020-03-06T10:00:00Z</published><updated>2020-03-06T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2020-03-06:/blog/infrastructure-2019</id><summary type="html">&lt;p&gt;I've wanted to write about my infrastructure for a while, but I kept thinking,
-"I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle
-never ends, so I decided to write about its state at the end of 2019. Maybe
-I'll write an update on it in a couple of moons; who knows?&lt;/p&gt;
-&lt;h2 id="goal"&gt;&lt;a href="#goal"&gt;Goal for this infrastructure&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;The goal for my infrastructure is to run the services I need. While a lot of
-people in the homelab community experiment and play with software for its own
-sake, I actively use the stuff I host. When I stop, I kill the service (though
-I'm not as proficient at this as &lt;a href="https://killedbygoogle.com/"&gt;Google&lt;/a&gt;). These
-are my production systems, and when one of them is down, I do miss it.&lt;/p&gt;
-&lt;p&gt;I kind of enjoy working on this infrastructure, but not that much (I used to
-enjoy it more), so I'm careful with the software I choose. I want to spend time
-on it when &lt;em&gt;I want to&lt;/em&gt;, not because &lt;em&gt;I have to&lt;/em&gt; (e.g. because something broke).
-Consequently, I do my best to pick reliable, boring and easy software. Those
-are my kinks.&lt;/p&gt;
-&lt;p&gt;Why do I host this myself? Mostly trust issues, and the fact that I care about
-sovereignty.&lt;/p&gt;
-&lt;p&gt;I tend to lock down services as much as I can, either cutting them off
-completely from the Internet (e.g. for &lt;em&gt;imap&lt;/em&gt;) or running them on a
-non-standard port and &lt;a href="./2FA-with-ssh-on-OpenBSD.html"&gt;enabling 2FA&lt;/a&gt;. I don't
-use a VPN (mostly because I haven't come up with a nice, clean option yet), so
-I restrict access to my services in different ways.&lt;/p&gt;
-&lt;p&gt;For most things, I'm the only user, which is both sad (as it's a waste of
-resources) and great (as I can be more nimble). A notable exception is my
-mastodon instance which is also used by &lt;a href="https://awoo.chown.me/@jeancanard"&gt;my
-cat&lt;/a&gt;.&lt;/p&gt;
-&lt;h2 id="machines"&gt;&lt;a href="#machines"&gt;Machines&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;My machines are hosted in 3 different places. First is at
-&lt;a href="https://www.exoscale.com/"&gt;Exoscale&lt;/a&gt;, second is
-&lt;a href="https://www.vultr.com/"&gt;Vultr&lt;/a&gt; and the third is... my flat.&lt;/p&gt;
-&lt;p&gt;All of them run either OpenBSD on its -current branch, or the latest version of
-Ubuntu. At this time, that's Ubuntu 19.10. After a couple of years working on
-OpenBSD ports (i.e. packaging), I believe fresh software is better,
-security-wise.&lt;/p&gt;
-&lt;p&gt;They're managed with Ansible. I began my Ansible repository 4 years ago and it
-has about 1500 commits in it. I wrote the Ansible to fit my needs rather than
-making generic (and therefore reusable) roles, so it's not public.&lt;/p&gt;
-&lt;p&gt;I update the OpenBSD machines regularly to a newer OpenBSD snapshot (so of
-course the process has been
-&lt;a href="./upgrading-openbsd-with-ansible.html"&gt;automated&lt;/a&gt;). For Ubuntu, I prefer to
-reinstall them, since they're managed by Ansible and they don't have any data
-on them. Reinstalling machines regularly helps spot missing pieces in Ansible.
-:P&lt;/p&gt;
-&lt;p&gt;All the three sites are as
-&lt;a href="https://en.wikipedia.org/wiki/Loose_coupling"&gt;standalone&lt;/a&gt; as possible. This is
-both so that in the case that one gets pwned it won't help the attacker to
-&lt;a href="https://en.wikipedia.org/wiki/Network_Lateral_Movement"&gt;move laterally&lt;/a&gt;, and
-so that if one is unavailable it shouldn't impact anything else.&lt;/p&gt;
-&lt;h3 id="ns3"&gt;&lt;a href="#ns3"&gt;ns3.chown.me (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;It's my secondary name server and as you can guess, it replaced ns2. It's the
-only machine that I don't back up, since I can replace it with my Ansible
-without losing data.&lt;/p&gt;
-&lt;p&gt;It's hosted by &lt;em&gt;Vultr&lt;/em&gt;. I mostly picked them because they offer OpenBSD
-hosting. This virtual machine is in Toronto and has 1 CPU and 512M of ram.
-(Disk space is not relevant here).&lt;/p&gt;
-&lt;p&gt;I wanted a different hosting provider/AS than my main name server for obvious
-reasons of resiliency. Every now and then I think about using another name
-server (whether instead of this machine or in addition to it, I don't know)
-provided by my registrar (Gandi), but it has a low priority on my todo list.&lt;/p&gt;
-&lt;p&gt;The name server I use is &lt;em&gt;NSD&lt;/em&gt;. I could use another one (like &lt;em&gt;knot&lt;/em&gt;) as my
-main name server also uses &lt;em&gt;NSD&lt;/em&gt;, but the issues related to running the same
-software on both aren't that serious in my case.&lt;/p&gt;
-&lt;p&gt;Since this machine doesn't do much otherwise, it's running
-&lt;a href="https://github.com/danieljakots/mownitoring"&gt;mownitoring&lt;/a&gt; to check that
-everything works.&lt;/p&gt;
-&lt;h3 id="virtie"&gt;&lt;a href="#virtie"&gt;virtie.chown.me (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This virtual machine is the main one in my infrastructure. A moment ago your
-browser connected to it to get this page. :)&lt;/p&gt;
-&lt;p&gt;It's hosted by Exoscale (with whom my experiences have been nothing less than
-perfect). It's my oldest VM (4 or 5 years old). It has 1 CPU, 1G of ram and 50G
-of disk space.&lt;/p&gt;
-&lt;p&gt;To host my blog I use OpenBSD's httpd which is fronted by &lt;em&gt;HAProxy&lt;/em&gt;. While I
-could remove &lt;em&gt;HAProxy&lt;/em&gt;, I like this software and I trust it &lt;a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig"&gt;more
-than&lt;/a&gt;
-&lt;a href="https://github.com/openbsd/src/commit/49b1a9b154081c713af219b2422adaf51ca2584d"&gt;httpd&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;In addition to hosting my blog, it hosts my email. I switched to &lt;em&gt;postfix&lt;/em&gt; in
-the beginning of 2019 after a couple of years running &lt;em&gt;OpenSMTPD&lt;/em&gt;. Since I
-switched to &lt;em&gt;postfix&lt;/em&gt; I also dropped &lt;em&gt;spamd&lt;/em&gt; (the OpenBSD greylisting daemon).
-I enabled &lt;a href="https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS"&gt;FCrDNS&lt;/a&gt;
-on &lt;em&gt;postfix&lt;/em&gt; when I switched (at the time it was not available on &lt;em&gt;OpenSMTPD&lt;/em&gt;)
-and I didn't notice more spam. I use &lt;em&gt;Dovecot&lt;/em&gt; for imap with only my IP
-allowed. I can easily allow another IP address with &lt;code&gt;pfctl -t imap_allowed -Ta
-203.0.113.47&lt;/code&gt;.&lt;/p&gt;
-&lt;p&gt;I've never really had deliverability problems (except with Microsoft, but who
-can say they haven't?) I assume my IP has a good reputation, which is why this
-VM is the oldest, as I've been reluctant to lose it.&lt;/p&gt;
-&lt;p&gt;This machine also hosts a &lt;em&gt;gitolite&lt;/em&gt; for a couple of different internal git
-repositories.&lt;/p&gt;
-&lt;h3 id="pancake"&gt;&lt;a href="#pancake"&gt;pancake.chown.me (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This machine is an &lt;a href="https://pcengines.ch/apu2.htm"&gt;APU2&lt;/a&gt;. It acts as a router
-for my flat. Since it's way more powerful than necessary for this task, I put
-some other stuff on it. It's a trade-off between increasing the attack surface
-of a critical machine and leaving a lot of CPU/RAM/SSD unused.&lt;/p&gt;
-&lt;p&gt;I collect &lt;a href="https://en.wikipedia.org/wiki/NetFlow"&gt;flows&lt;/a&gt; on it, which in my
-opinion are super cool!&lt;/p&gt;
-&lt;p&gt;It also hosts influxdb + grafana and some machines send their metrics with
-collectd (&lt;a href="https://collectd.org/wiki/index.php/Networking_introduction#Cryptographic_setup"&gt;which allow signing/encrypting the network
-traffic&lt;/a&gt;).
-This doesn't work well for a couple of reasons, so it's waiting to be replaced.&lt;/p&gt;
-&lt;h3 id="kvm"&gt;&lt;a href="#kvm"&gt;kvm1, and sometimes kvm2 (Ubuntu)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;These machines are hosted at home. kvm1 is the main machine, and kvm2 is the
-machine I use to play Windows games on another SSD. I boot on the Ubuntu SSD
-whenever I want to do something on kvm1 and then I live-migrate guests on it so
-I don't experience any downtime. I use full disk encryption on the guests, so
-live-migrating (instead of rebooting them) allows me to avoid having to
-manually unlock each guest. I encrypt the guests and not the kvm because in the
-event of a power outage, machines may come back on, in which case I don't want
-them to wait for the passphrase if I'm away. Some hacks could be done to
-encrypt them as well, but I'm not willing to do them since they're overkill for
-my threat model.&lt;/p&gt;
-&lt;p&gt;Both machines have an i5-4590. kvm2 has 4x4G of ram with a 256G SSD (which is
-enough for the kvm system and all the guests). kvm1 also has a 256G SSD but
-while its ram layout would make anyone sensible cringe, it amounts to 20G of
-ram! I don't use RAID. kvm0 (the machine they replaced) used to and I wasn't
-sure it would work (and I couldn't test it safely since it was my only
-machine).&lt;/p&gt;
-&lt;p&gt;To manage this part of the infrastructure I wrote a &lt;a href="https://github.com/danieljakots/uv"&gt;python
-script&lt;/a&gt;. This script is kind of a wrapper
-around libvirt, which itself is kind of a wrapper around qemu, which itself
-&lt;a href="https://en.wikipedia.org/wiki/Turtles_all_the_way_down"&gt;wrangles turtles&lt;/a&gt;.
-Contrary to what other people run, I think, a guest disk isn't a qcow2/raw
-file. I don't want to pile filesystems on one another, so I manage guests'
-disks on the hypervisor with LVM directly. I tend to have multiple disks to
-bring more flexibility to the disk layout/partitioning than OpenBSD would,
-thanks to LVM.&lt;/p&gt;
-&lt;p&gt;It hosts all the following virtual machines:&lt;/p&gt;
-&lt;h3 id="manicouagan1"&gt;&lt;a href="#manicouagan1"&gt;manicouagan1 (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This machine's name dates from back when I used names from Québec to name my
-machines. The name comes from the &lt;a href="https://en.wikipedia.org/wiki/Manicouagan_Reservoir"&gt;Manicouagan
-Reservoir&lt;/a&gt;, as this
-machine is where I put my backups.&lt;/p&gt;
-&lt;p&gt;My backups are in three different places:
-- locally, i.e. each machine stores its backup on itself
-- &lt;em&gt;manicouagan&lt;/em&gt; copies all the backups onto itself
-- &lt;em&gt;manicouagan&lt;/em&gt; ships the backups to an s3-like provider&lt;/p&gt;
-&lt;p&gt;I use &lt;em&gt;BorgBackup&lt;/em&gt; for the backup, &lt;em&gt;rsync&lt;/em&gt; to copy them onto &lt;em&gt;manicouagan&lt;/em&gt; and
-&lt;em&gt;s3cmd&lt;/em&gt; to ship them away. I tried to use &lt;em&gt;rclone&lt;/em&gt; but it used more ram. Once,
-I was away from my place for a long time, and my whole infra there became
-unreachable, so I decided to temporarily host stuff on the cloud in the
-meantime. I had to restore those backups and it went so nicely that I'm not
-looking to change anything. Borg is awesome!&lt;/p&gt;
-&lt;p&gt;This machine is also a syslog server to which all my OpenBSD machines ship
-their logs. Thanks to OpenBSD syslogd (bluhm@ &amp;lt;3), it uses TCP+TLS with a
-private PKI. This is mostly in case one machine gets hacked, to help with
-&lt;a href="https://en.wikipedia.org/wiki/Forensic_science"&gt;forensics&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I wrote a short script that shows me the largest data transfers on my router. I
-use this to check that the backups are alive (I receive emails if the
-&lt;em&gt;BorgBackup&lt;/em&gt; script fails, but isn't that less fun? :))&lt;/p&gt;
-&lt;h3 id="db1"&gt;&lt;a href="#db1"&gt;db1 (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This machine hosts postgresql and redis. Two boring pieces of software which I
-love. Redis requires so little care that when I moved from db0, I forgot I had
-it!&lt;/p&gt;
-&lt;h3 id="web1"&gt;&lt;a href="#web1"&gt;web1 (OpenBSD)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This machine runs nginx for my whole web presence excluding my blog. It hosts
-&lt;em&gt;nextcloud&lt;/em&gt;, &lt;em&gt;tt-rss&lt;/em&gt;, &lt;em&gt;shaarli&lt;/em&gt; and pics.chown.me (whose content I should
-update).&lt;/p&gt;
-&lt;p&gt;Have you ever thought, "naah I'm too much paranoid"? Yeah, me neither. A few
-months ago, I restricted all the non-static websites (with the exception of
-Mastodon) behind an &lt;em&gt;htpasswd&lt;/em&gt;. There was some value in having them publicly
-accessible, but at the time I thought it was not worth the risk. The php-fpm
-pools should be secure (they have their own users, they're chrooted and so on)
-but I'm not entirely sure I'm doing this stuff properly and it is such a pain
-to get it working that I'm not willing to look into it more than that.&lt;/p&gt;
-&lt;p&gt;Nginx also acts as a reverse proxy for the docker containers that run on
-another machine. Finally, it hosts &lt;em&gt;minio&lt;/em&gt; for &lt;em&gt;mastodon&lt;/em&gt;.&lt;/p&gt;
-&lt;h3 id="docker2"&gt;&lt;a href="#docker2"&gt;docker2 (Ubuntu, obviously)&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;This machine runs a few docker containers through &lt;em&gt;docker-compose&lt;/em&gt;:
-- 3 containers for &lt;em&gt;mastodon&lt;/em&gt; (&lt;em&gt;ruby on rails&lt;/em&gt; stuff, a node api and &lt;em&gt;sidekiq&lt;/em&gt;)
-- container running the code I wrote for api.chown.me; it's a &lt;em&gt;flask&lt;/em&gt;
- application
-- registry:v2 that I have simply to ease the transfer of docker images&lt;/p&gt;
-&lt;p&gt;I build all the docker images I run myself (except for the registry one).&lt;/p&gt;
-&lt;p&gt;My policy regarding those containers is that they must not store any data
-locally (i.e. they don't have a &lt;em&gt;docker volume&lt;/em&gt;). This allows me not to care
-about backups. The &lt;em&gt;docker-compose.yml&lt;/em&gt; is tracked in my personal git, so I can
-trash the VM any time.&lt;/p&gt;
-&lt;p&gt;api.chown.me is for now mostly a way to sync a list of IPs to block on my whole
-infra. This way, if an IP is acting badly on one machine, it doesn't get to try
-its luck on another of my machines. This list is also supplemented by public
-lists of threats.&lt;/p&gt;
-&lt;h2 id="end"&gt;&lt;a href="#end"&gt;That's it for now&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Currently, my infrastructure is good at meeting my needs. It's not perfect, of
-course, and it's a perpetual work in progress. But it's stable, and usually the
-most I need to do is quickly patch some security vulnerabilities. Since most
-of the resources I use come from reused computers hosted at my place, I'm able
-to keep the cost (both financial and ecological) really low.&lt;/p&gt;</summary></entry><entry><title>Launching my newsletter</title><link href="https://chown.me/blog/launching-my-newsletter" rel="alternate"></link><published>2019-01-25T10:00:00Z</published><updated>2019-01-25T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2019-01-25:/blog/launching-my-newsletter</id><summary type="html">&lt;h2 id="socialmedia"&gt;&lt;a href="#socialmedia"&gt;Social media&lt;/a&gt;&lt;/h2&gt;
-&lt;h3 id="blogging"&gt;&lt;a href="#blogging"&gt;Blogging...&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I created this blog a few years ago because I wanted to talk about the stuff I
-was experimenting with, and in my opinion it was cool to have a blog. I still have
-the same opinion, but now I'm using the blog more like a portfolio. I like it
-because I take a lot of care with it and I like to build high quality stuff. However,
-it takes me. So. Much. Time. I have to be really enthusiastic about something to
-write about it.&lt;/p&gt;
-&lt;h3 id="microblogging"&gt;&lt;a href="#microblogging"&gt;...and micro-blogging&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;More or less at the same time, I created my Twitter account. I've used it for
-multiple years and I have realized the way it was architected to influence users was obnoxious and the way I was using it made it even worse.&lt;/p&gt;
-&lt;p&gt;Then came Mastodon, and while there is lot to bit^Wsay about it, many things
-are much better. The community is much more friendly, and I can self-host my own
-instance. (Who doesn't like to host a RoR application with all the software it
-needs, PostgreSQL, Redis, Elastic Search, Nginx, and about twelve others?)&lt;/p&gt;
-&lt;p&gt;My use evolved from the Twitter game of trying to get new followers to...
-well, I'll just quote a friend I met there: &lt;a href="https://octodon.social/@stoof/101360489620753545"&gt;"Please talk to me before you
-follow me! I am on Mastodon to make friends and be part of a
-community."&lt;/a&gt;. Nonetheless, my
-micro-posts there are still somewhat shallow. Even though I have 500 characters for
-each post, I don't feel the medium is the right one to allow me to express myself deeply.
-Which is perfectly fine, because I enjoy shitposting and bitching about a wide
-spectrum of things!&lt;/p&gt;
-&lt;h2 id="inbetween"&gt;&lt;a href="#inbetween"&gt;In between&lt;/a&gt;&lt;/h2&gt;
-&lt;h3 id="why"&gt;&lt;a href="#why"&gt;Why?&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I'll be honest and tell you what happened. Recently, I read &lt;a href="https://blog.chaddickerson.com/2019/01/09/replacing-facebook/"&gt;Going old school: how I
-replaced Facebook with
-email&lt;/a&gt;. In his
-blog article, the author explained that he created a newsletter to replace the role that had been held by the Facebook account he disabled. I really liked the idea and wondered
-if I could justify creating my own newsletter, especially since I had just
-been working on my email setup and wanted to put it to good use. I eventually
-decided to just create one.&lt;/p&gt;
-&lt;p&gt;I think that having something between my blog, for which writing takes a lot
-of time and Mastodon, where I express myself but in a more volatile setting, would be nice!&lt;/p&gt;
-&lt;p&gt;The goal is to have something where I can share my feelings and my thoughts
-without putting things on the public Internet (and avoiding the dread of judgment)
-with a format closer to a blog article than to a micro-post on Mastodon. I hope to
-create an environment more friendly to replies than what my blog articles
-currently provide (as there isn't a system for comments). I'm also
-curious about how the social interaction will happen. Lastly, I'll do it for
-myself, as a writing exercise.&lt;/p&gt;
-&lt;h3 id="what"&gt;&lt;a href="#what"&gt;What?&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I plan to talk about my life, what I have been doing lately or a
-particular subject I care about. My frequency goal ranges between multiple times a
-week for a busy period to at least once per month. I'm not sure yet how I'm
-going to do it, technically-speaking, but I won't use any external services.&lt;/p&gt;
-&lt;p&gt;Of course, I won't share your email address with anyone (including other
-subscribers, i.e. I won't use a giant Cc:) and of course you'll receive solely
-my newsletter and no other emails (ads or whatever). I don't have anything to
-sell, anyway. &lt;a href="https://en.wikipedia.org/wiki/Pyramid_scheme#The_%22eight_ball%22_model"&gt;Especially if you get two acquaintances of yours to
-subscribe!&lt;/a&gt;
-There won't be a web interface or anything, so subscribing and unsubscribing
-will require you to email me as the goal is also to experiment with human
-interaction, since nowadays there is less and less of that.&lt;/p&gt;
-&lt;p&gt;Of course, you won't get access to the previous newsletters, only the
-subsequent ones. (Maybe the previous one?)&lt;/p&gt;
-&lt;h3 id="subscribe"&gt;&lt;a href="#subscribe"&gt;How can I subscribe?&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;If you're curious about this experiment and want to be part of it, please send an email
-to newsletter at chown dot me!&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Thanks &lt;a href="https://bsd.network/@pamela"&gt;Pamela&lt;/a&gt; for the proof-reading!&lt;/em&gt;&lt;/p&gt;</summary></entry><entry><title>Upgrading OpenBSD with Ansible</title><link href="https://chown.me/blog/upgrading-openbsd-with-ansible" rel="alternate"></link><published>2018-10-19T10:00:00Z</published><updated>2018-10-19T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-10-19:/blog/upgrading-openbsd-with-ansible</id><summary type="html">&lt;p&gt;This article is best enjoyed with basic knowledge of &lt;a href="https://man.openbsd.org/autoinstall"&gt;OpenBSD
-autoinstall&lt;/a&gt; and &lt;a href="https://www.ansible.com/"&gt;Ansible&lt;/a&gt;&lt;/p&gt;
-&lt;h2 id="router"&gt;&lt;a href="#router"&gt;My router runs OpenBSD -current&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;A few months ago, I needed software that had just hit the ports tree. I didn't
-want to wait for the next release, so I upgraded my router to use -current.
-Since then, I've continued running -current, which means upgrading to a newer
-snapshot every so often. Running -current is great, but the process of updating
-to a newer snapshot was cumbersome. Initially, I had to plug in a serial cable
-and then reboot into &lt;em&gt;bsd.rd&lt;/em&gt;, hit enter ten times, then reboot, run &lt;code&gt;sysmerge&lt;/code&gt;
-and update packages.&lt;/p&gt;
-&lt;p&gt;I eventually switched to &lt;a href="https://bitbucket.org/semarie/upobsd"&gt;upobsd&lt;/a&gt; to be
-able to upgrade without the need for a serial connection. The process was
-better, but still tiresome. Usually, I would prepare the special version of
-&lt;em&gt;bsd.rd&lt;/em&gt;, boot on &lt;em&gt;bsd.rd&lt;/em&gt;, and do something like wash the dishes in the
-meantime. After about ten minutes, I would dry my hands and then go back to my
-workstation to see whether the &lt;em&gt;bsd.rd&lt;/em&gt; part had finished so I could run
-&lt;code&gt;sysmerge&lt;/code&gt; and &lt;code&gt;pkg_add&lt;/code&gt;, and then return to the dishes while it upgraded
-packages.&lt;/p&gt;
-&lt;p&gt;Out of laziness, I thought: "I should automate this," but what happened instead
-is that I simply didn't upgrade that machine very often. (Yes, laziness). With
-my router out of commission, life is very dull, because it is my gateway to the
-Internet. Even services hosted at my place (like my Mastodon instance) are not
-reachable when the router is down because I use multiple VLANs (so I need the
-router to &lt;em&gt;jump&lt;/em&gt; across VLANs).&lt;/p&gt;
-&lt;h2 id="ansiblereboot"&gt;&lt;a href="#ansiblereboot"&gt;Ansible Reboot Module&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I recently got a new job, and one of my first tasks was auditing the &lt;em&gt;Ansible&lt;/em&gt;
-roles written by my predecessors. In one role, the machine rebooted and they
-used the
-&lt;a href="https://docs.ansible.com/ansible/2.5/modules/wait_for_module.html"&gt;&lt;em&gt;wait_for_connection&lt;/em&gt;&lt;/a&gt;
-module to wait for it to come back up. That sounded quite hackish to me, so out
-of curiosity, I tried to determine whether there was a better way. I also
-thought I might be able to use something similar to further automate my OpenBSD
-upgrades, and wanted to assess the cleanliness of this method. ;-)&lt;/p&gt;
-&lt;p&gt;I learned that with the then-upcoming 2.7 Ansible release, a proper &lt;em&gt;reboot&lt;/em&gt;
-module would be included. I went to the docs, which stated that for a certain
-parameter:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;- On Linux and macOS, this is converted to minutes and
- rounded down. If less than 60, it will be set to 0.
-- On Solaris and FreeBSD, this will be seconds.
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;I took this to mean that there was no support for OpenBSD. I looked at the code
-and, indeed, there was not. However, I believed that it wouldn't be too hard
-to add it. I added the missing pieces for OpenBSD, tested it on my poor Pine64
-and then submitted it upstream. After a quick back and forth, the module's
-author &lt;a href="https://github.com/ansible/ansible/commit/2769a4e2cc3aadbf91e7f4f83ef57b7ebe43442a"&gt;merged it into
-devel&lt;/a&gt;
-(having a friend working at Red Hat helped the process, merci Cyril !) A couple
-days later, the release engineer &lt;a href="https://github.com/ansible/ansible/commit/26de4f97493adeb388c1c8fad7a266bb7652bac6"&gt;merged it into
-stable-2.7&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I proceeded to actually write the playbook, and then I hit a bug. The parameter
-&lt;em&gt;reboot_timeout&lt;/em&gt; was not recognized by Ansible. This feature would definitely
-be useful on a slow machine (such as the Pine64 and its dying SD card). Again,
-my fix was &lt;a href="https://github.com/ansible/ansible/commit/0105b4aeadb94dd12b921ed6c427b21cd31182fa"&gt;merged into
-master&lt;/a&gt;
-by the module's author and then &lt;a href="https://github.com/ansible/ansible/commit/a0f38bdab5ae0e183cb960fe9e964bf1edf7c326"&gt;merged into
-stable-2.7&lt;/a&gt;.
-2.7.1 will be the first release to feature these fixes, but if you use OpenBSD
--current, you already have access to them. I backported the patches when I
-&lt;a href="https://marc.info/?l=openbsd-ports-cvs&amp;amp;m=153994960724056&amp;amp;w=2"&gt;updated
-ansible&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;Fun fact about Ansible and reboots: "The win_reboot module was [...] included
-with Ansible 2.1," while for unix systems it wasn't added until 2.7. :D For
-more details, you can read the &lt;a href="http://samdoran.com/ansible-reboot-plugin/"&gt;module's author blog
-article&lt;/a&gt;.&lt;/p&gt;
-&lt;h2 id="playbook"&gt;&lt;a href="#playbook"&gt;The Playbook&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Initially, my playbook did the upgrade as usual (i.e., it fetched the sets in
-&lt;em&gt;bsd.rd&lt;/em&gt;). During this process, of course, my machine is not performing its
-function as a router. My Internet access is not super great, so fetching the
-sets takes awhile. I got frustrated while I was testing it and looked into
-lessening the amount of time spent inside &lt;em&gt;bsd.rd&lt;/em&gt;.&lt;/p&gt;
-&lt;p&gt;To speed up the process, I wrote &lt;a href="https://chown.me/iota/blog/fetch-sets"&gt;a basic shell
-script&lt;/a&gt; to fetch the sets &lt;strong&gt;before&lt;/strong&gt;
-rebooting into &lt;em&gt;bsd.rd&lt;/em&gt;. It enabled me to remove some &lt;em&gt;tasks&lt;/em&gt; I had to do in
-order to get working Internet access in &lt;em&gt;bsd.rd&lt;/em&gt;. (This is specific to my
-case).&lt;/p&gt;
-&lt;h3 id="playbookitself"&gt;&lt;a href="#playbookitself"&gt;The playbook itself&lt;/a&gt;&lt;/h3&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="x"&gt;---&lt;/span&gt;
-&lt;span class="x"&gt;- name: Upgrade OpenBSD&lt;/span&gt;
-&lt;span class="x"&gt; hosts: apu-root&lt;/span&gt;
-&lt;span class="x"&gt; vars:&lt;/span&gt;
-&lt;span class="x"&gt; arch: amd64&lt;/span&gt;
-&lt;span class="x"&gt; date: &amp;quot;&lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;lookup&lt;/span&gt;&lt;span class="o"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;pipe&amp;#39;&lt;/span&gt;&lt;span class="o"&gt;,&lt;/span&gt; &lt;span class="s1"&gt;&amp;#39;date +%Y-%m-%d&amp;#39;&lt;/span&gt;&lt;span class="o"&gt;)&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; disk: &amp;quot;sd0&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; mirror: &amp;quot;fastly.cdn.openbsd.org&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; path_sets: &amp;quot;/home/danj/sets&amp;quot;&lt;/span&gt;
-
-&lt;span class="x"&gt; tasks:&lt;/span&gt;
-&lt;span class="x"&gt; - name: fetch sets&lt;/span&gt;
-&lt;span class="x"&gt; command: /home/danj/bin/fetch-sets&lt;/span&gt;
-&lt;span class="x"&gt; when: path_sets is defined&lt;/span&gt;
-&lt;span class="x"&gt; - name: create answer file for upobsd&lt;/span&gt;
-&lt;span class="x"&gt; template:&lt;/span&gt;
-&lt;span class="x"&gt; src: answer.j2&lt;/span&gt;
-&lt;span class="x"&gt; dest: answer&lt;/span&gt;
-&lt;span class="x"&gt; delegate_to: localhost&lt;/span&gt;
-&lt;span class="x"&gt; - name: create kernel with upobsd&lt;/span&gt;
-&lt;span class="x"&gt; command: &amp;quot;upobsd -v -a &lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;arch&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt; -u ./answer -m https://&lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;mirror&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;/pub/OpenBSD -V snapshots&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; delegate_to: localhost&lt;/span&gt;
-&lt;span class="x"&gt; - name: copy bsd.rd created by upobsd&lt;/span&gt;
-&lt;span class="x"&gt; copy:&lt;/span&gt;
-&lt;span class="x"&gt; src: bsd.rd&lt;/span&gt;
-&lt;span class="x"&gt; dest: /bsd&lt;/span&gt;
-&lt;span class="x"&gt; - name: reboot host&lt;/span&gt;
-&lt;span class="x"&gt; reboot:&lt;/span&gt;
-&lt;span class="x"&gt; msg: &amp;quot;rebooting into bsd.rd to upgrade&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; reboot_timeout: 900&lt;/span&gt;
-&lt;span class="x"&gt; - name: archive kernel&lt;/span&gt;
-&lt;span class="x"&gt; copy:&lt;/span&gt;
-&lt;span class="x"&gt; src: &amp;quot;/bsd&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; dest: &amp;quot;/bsd-&lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;date&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; mode: 0700&lt;/span&gt;
-&lt;span class="x"&gt; remote_src: &amp;quot;yes&amp;quot;&lt;/span&gt;
-&lt;span class="x"&gt; - name: upgrade all packages&lt;/span&gt;
-&lt;span class="x"&gt; command: &amp;quot;pkg_add -u -Dsnap&amp;quot;&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;h3 id="answerfile"&gt;&lt;a href="#answerfile"&gt;The answer file&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;The answer file is automatically &lt;a href="https://github.com/openbsd/src/blob/master/distrib/miniroot/install.sub#L2811-L2812"&gt;mailed to root at the end of the
-upgrade&lt;/a&gt;,
-so it's easy to get it!&lt;/p&gt;
-&lt;p&gt;In my case, the answer file transformed into a jinja2 template is:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="x"&gt;Which disk is the root disk = sd0&lt;/span&gt;
-&lt;span class="x"&gt;Force checking of clean non-root filesystems = no&lt;/span&gt;
-&lt;span class="cp"&gt;{%&lt;/span&gt; &lt;span class="k"&gt;if&lt;/span&gt; &lt;span class="nv"&gt;path_sets&lt;/span&gt; &lt;span class="k"&gt;is&lt;/span&gt; &lt;span class="nf"&gt;defined&lt;/span&gt; &lt;span class="cp"&gt;%}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="x"&gt;Location of sets = disk&lt;/span&gt;
-&lt;span class="x"&gt;Is the disk partition already mounted = yes&lt;/span&gt;
-&lt;span class="x"&gt;Pathname to the sets = &lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;path_sets&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="cp"&gt;{%&lt;/span&gt; &lt;span class="k"&gt;else&lt;/span&gt; &lt;span class="cp"&gt;%}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="x"&gt;Location of sets = http&lt;/span&gt;
-&lt;span class="x"&gt;HTTP proxy URL = none&lt;/span&gt;
-&lt;span class="x"&gt;HTTP Server = &lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;mirror&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="x"&gt;Server directory = pub/OpenBSD/snapshots/&lt;/span&gt;&lt;span class="cp"&gt;{{&lt;/span&gt; &lt;span class="nv"&gt;arch&lt;/span&gt; &lt;span class="cp"&gt;}}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="cp"&gt;{%&lt;/span&gt; &lt;span class="k"&gt;endif&lt;/span&gt; &lt;span class="cp"&gt;%}&lt;/span&gt;&lt;span class="x"&gt;&lt;/span&gt;
-&lt;span class="x"&gt;Set name(s) = done&lt;/span&gt;
-&lt;span class="x"&gt;Location of sets = done&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;h3 id="explanations"&gt;&lt;a href="#explanations"&gt;The explanations&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;Ansible runs my script on the remote host to fetch the sets. It creates an
-answer file from the template and then gives it to &lt;em&gt;upobsd&lt;/em&gt;. Once &lt;em&gt;upobsd&lt;/em&gt; has
-created the kernel, Ansible copies it in place of &lt;code&gt;/bsd&lt;/code&gt; on the host. The
-router reboots and boots on &lt;code&gt;/bsd&lt;/code&gt;, which is upobsd's &lt;em&gt;bsd.rd&lt;/em&gt;. The &lt;em&gt;installer&lt;/em&gt;
-runs in &lt;em&gt;auto_update&lt;/em&gt; mode. Once it comes back from &lt;em&gt;bsd.rd&lt;/em&gt; land, it archives
-the kernel and finishes by upgrading all the packages.&lt;/p&gt;
-&lt;p&gt;It also supports upgrading without fetching the sets ahead of time. For
-instance, I upgrade this way on my Pine64 because if I cared about speed, I
-wouldn't use this weak computer with its dying SD card. For this case, I just
-comment out the &lt;em&gt;path_sets&lt;/em&gt; variable and Ansible instead creates an answer file
-that will instruct the installer to fetch the sets from the designated mirror.&lt;/p&gt;
-&lt;p&gt;I've been archiving my kernels for a few years. It's a nice way to &lt;strike&gt;fill
-up /&lt;/strike&gt; keep a history of my upgrades. If I spot a regression, I can
-try a previous kernel ... which may not work with the then-desynchronized
-&lt;em&gt;userland&lt;/em&gt;, but that's another story.&lt;/p&gt;
-&lt;p&gt;&lt;code&gt;sysmerge&lt;/code&gt; already runs with
-&lt;a href="https://github.com/openbsd/src/blob/master/etc/rc#L579-L580"&gt;rc.sysmerge&lt;/a&gt; in
-batch mode and sends the result by email. I don't think there's merit to
-running it again in the playbook. The only perk would be discovering &lt;strong&gt;in the
-terminal&lt;/strong&gt; whether any files need to be manually merged, rather than reading
-exactly the same output in the email.&lt;/p&gt;
-&lt;p&gt;Initially, I used the &lt;em&gt;openbsd_pkg&lt;/em&gt; module, but it doesn't work on -current
-just &lt;strong&gt;before&lt;/strong&gt; a release because &lt;code&gt;pkg_add&lt;/code&gt; automatically looks for
-&lt;em&gt;pub/OpenBSD/${release}/packages/${arch}&lt;/em&gt; (which is empty). I wrote and tested
-this playbook while 6.4 was around the corner, so I switched to &lt;em&gt;command&lt;/em&gt; to be
-able to pass the &lt;code&gt;-Dsnap&lt;/code&gt; parameter.&lt;/p&gt;
-&lt;h2 id="result"&gt;&lt;a href="#result"&gt;The result&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I'm very happy with the playbook! It performs the upgrade with as little
-intervention as possible and minimal downtime. \o/&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Thanks &lt;a href="https://bsd.network/@pamela"&gt;Pamela&lt;/a&gt; for the proof-reading!&lt;/em&gt;&lt;/p&gt;</summary></entry><entry><title>Locking OpenBSD when it's sleeping</title><link href="https://chown.me/blog/locking-openbsd-when-sleeping" rel="alternate"></link><published>2018-10-08T10:00:00Z</published><updated>2018-10-08T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-10-08:/blog/locking-openbsd-when-sleeping</id><summary type="html">&lt;p&gt;I frequent the #openbsd IRC channel in order to help people. A question
-commonly asked is how to automatically lock your machine when
-putting it to sleep with zzz(1). I answered this question in a
-previous article (which was actually written four years ago; time flies!) but
-it was written in French, so here's a new one, also covering additional related topics.&lt;/p&gt;
-&lt;h2 id="locking"&gt;&lt;a href="#locking"&gt;Locking the machine when it is put to sleep&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;If you read &lt;a href="https://man.openbsd.org/apmd.8"&gt;apmd(8)&lt;/a&gt;:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;FILES
- /etc/apm/suspend
- /etc/apm/hibernate
- /etc/apm/standby
- /etc/apm/resume
- /etc/apm/powerup
- /etc/apm/powerdown These files contain the host&amp;#39;s customized actions.
- Each file must be an executable binary or shell
- script. A single program or script can be used to
- control all transitions by examining the name by
- which it was called, which is one of suspend,
- hibernate, standby, resume, powerup, or powerdown.
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;The trick is to write a script for 'etc/apm/suspend' to run when zzz is called
-(either directly or by &lt;a href="https://github.com/openbsd/src/blob/master/etc/etc.amd64/sysctl.conf#L3"&gt;closing the
-lid&lt;/a&gt;).
-For instance, the script I'm using is:&lt;/p&gt;
-&lt;table class="codehilitetable"&gt;&lt;tr&gt;&lt;td class="linenos"&gt;&lt;div class="linenodiv"&gt;&lt;pre&gt;1
-2&lt;/pre&gt;&lt;/div&gt;&lt;/td&gt;&lt;td class="code"&gt;&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="ch"&gt;#!/bin/sh&lt;/span&gt;
-doas -u danj env &lt;span class="nv"&gt;DISPLAY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;:0 &lt;span class="nv"&gt;XAUTHORITY&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;/home/danj/.Xauthority xlock &lt;span class="p"&gt;&amp;amp;&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
-
-&lt;p&gt;It requires:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;configuring doas, &lt;em&gt;left as an exercise to the reader&lt;/em&gt; ;)&lt;/li&gt;
-&lt;li&gt;running apmd (hashtag rcctl)&lt;/li&gt;
-&lt;li&gt;an executable script&lt;/li&gt;
-&lt;/ul&gt;
-&lt;h2 id="lockingfurther"&gt;&lt;a href="#lockingfurther"&gt;Locking it further&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;This is off to a good start, but if you are a &lt;em&gt;startx&lt;/em&gt; user (versus using xenodm), be sure to run &lt;code&gt;exec startx&lt;/code&gt; and not just &lt;code&gt;startx&lt;/code&gt;. Otherwise, it is possible to kill X and then access the shell.&lt;/p&gt;
-&lt;p&gt;If you don't set a maximum lifetime for your &lt;code&gt;ssh-agent&lt;/code&gt;, you should clear your identities using &lt;code&gt;ssh-add -D&lt;/code&gt;. You should also revoke any &lt;code&gt;sudo&lt;/code&gt; permissions with &lt;code&gt;sudo -K&lt;/code&gt;. &lt;code&gt;doas&lt;/code&gt; doesn't work the same way, so &lt;code&gt;doas -L&lt;/code&gt; won't help you much. (You have elevated permissions only in the current shell, not account-wide).&lt;/p&gt;
-&lt;p&gt;You might want to clear your clipboards, as well. Use something like: &lt;code&gt;xsel -c -p; xsel -c -s; xsel -c -b&lt;/code&gt;.&lt;/p&gt;
-&lt;p&gt;Of course, if you use other authentication mechanisms (GNOME keyring, ssh's
-Control*, etc.), you should handle those as well.&lt;/p&gt;
-&lt;h2 id="cat"&gt;&lt;a href="#cat"&gt;Beware of the cat&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Now that I have a &lt;a href="https://awoo.chown.me/@jeancanard"&gt;Captive Advanced
-Threat&lt;/a&gt;, I feel the need to automatically lock the screen after it has been idle for a short while. You can achieve this using &lt;code&gt;xidle&lt;/code&gt;. The &lt;a href="https://man.openbsd.org/xidle.1"&gt;man
-page&lt;/a&gt; is sufficiently descriptive that I won't talk about that further.&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Thanks &lt;a href="https://maly.io/@semarie"&gt;semarie&lt;/a&gt; for the technical proof-reading and &lt;a href="https://bsd.network/@pamela"&gt;Pamela&lt;/a&gt; for the English proof-reading!&lt;/em&gt;&lt;/p&gt;</summary></entry><entry><title>2FA with ssh on OpenBSD</title><link href="https://chown.me/blog/2FA-with-ssh-on-OpenBSD" rel="alternate"></link><published>2018-08-31T10:00:00Z</published><updated>2018-08-31T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-08-31:/blog/2FA-with-ssh-on-OpenBSD</id><summary type="html">&lt;p&gt;Five years ago I wrote about &lt;a href="./yubikey.html"&gt;using a yubikey&lt;/a&gt; on OpenBSD. The
-only problem with doing this is that there's no validation server available on
-OpenBSD, so you need to use a different OTP slot for each machine. (You don't
-want to risk a &lt;a href="https://en.wikipedia.org/wiki/Replay_attack"&gt;replay attack&lt;/a&gt; if
-someone succeeds in capturing an OTP on one machine, right?) Yubikey has two
-OTP slots per device, so you would need a yubikey for every two machines with
-which you'd like to use it. You could use a
-&lt;a href="https://en.wikipedia.org/wiki/Bastion_host"&gt;bastion&lt;/a&gt;—and use only one
-yubikey—but I don't like the SPOF aspect of a bastion. YMMV.&lt;/p&gt;
-&lt;p&gt;After &lt;a href="./my-recent-journey-with-2FA.html"&gt;I played with TOTP&lt;/a&gt;, I wanted to use
-them as a 2FA for ssh. At the time of writing, we can't do that using only the
-tools in base. This article focuses on OpenBSD; if you use another operating
-system, here are two &lt;a href="https://www.openbsd.org/faq/faq4.html"&gt;handy&lt;/a&gt;
-&lt;a href="https://ftp.openbsd.org/pub/OpenBSD/6.3/amd64/INSTALL.amd64"&gt;links&lt;/a&gt;.&lt;/p&gt;
-&lt;h2 id="seedconfig"&gt;&lt;a href="#seedconfig"&gt;Seed configuration&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;The first thing we need to do is to install the software which will be used to
-verify the OTPs we submit.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# pkg_add login_oath
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;We need to create a &lt;em&gt;secret&lt;/em&gt; - aka, the &lt;em&gt;seed&lt;/em&gt; - that will be used to calculate
-the Time-based One-Time Passwords. We should make sure no one can read or
-change it.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;$ openssl rand -hex &lt;span class="m"&gt;20&lt;/span&gt; &amp;gt; ~/.totp-key
-$ chmod &lt;span class="m"&gt;400&lt;/span&gt; ~/.totp-key
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;Now we have a hexadecimal key, but apps usually &lt;a href="https://github.com/mattrubin/Authenticator/blob/develop/Authenticator/Source/TokenEntryForm.swift#L214"&gt;want a base32
-secret&lt;/a&gt;.
-I initially wrote a small script to do the conversion.&lt;/p&gt;
-&lt;p&gt;While writing this article, I took the opportunity to improve it. When I
-initially wrote this utility for my use,
-&lt;a href="https://github.com/lincolnloop/python-qrcode"&gt;python-qrcode&lt;/a&gt; hadn't yet been
-imported to the OpenBSD ports/packages system. It's easy to install now, so
-let's use it.&lt;/p&gt;
-&lt;p&gt;Here's the improved version. It will ask for the hex key and output the secret
-as a base32-encoded string, both with and without spacing so you can copy-paste
-it into your password manager or easily retype it. It will then ask for the
-information needed to generate a &lt;em&gt;QR code&lt;/em&gt;. Adding our new OTP secret to any
-mobile app using the QR code will be super easy!&lt;/p&gt;
-&lt;table class="codehilitetable"&gt;&lt;tr&gt;&lt;td class="linenos"&gt;&lt;div class="linenodiv"&gt;&lt;pre&gt; 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
-10
-11
-12
-13
-14
-15
-16
-17
-18
-19
-20
-21
-22
-23
-24
-25
-26
-27
-28
-29
-30
-31
-32
-33
-34
-35
-36
-37&lt;/pre&gt;&lt;/div&gt;&lt;/td&gt;&lt;td class="code"&gt;&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="ch"&gt;#!/usr/bin/env python&lt;/span&gt;
-
-&lt;span class="c1"&gt;# DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE&lt;/span&gt;
-&lt;span class="c1"&gt;# Version 2, December 2004&lt;/span&gt;
-
-&lt;span class="c1"&gt;# Copyright (C) 2018 Daniel Jakots&lt;/span&gt;
-
-
-&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="nn"&gt;binascii&lt;/span&gt;
-&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="nn"&gt;base64&lt;/span&gt;
-&lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="nn"&gt;sys&lt;/span&gt;
-
-&lt;span class="k"&gt;try&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
- &lt;span class="kn"&gt;import&lt;/span&gt; &lt;span class="nn"&gt;qrcode&lt;/span&gt;
-&lt;span class="k"&gt;except&lt;/span&gt; &lt;span class="ne"&gt;ModuleNotFoundError&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
- &lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;pkg_add py3-qrcode&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
- &lt;span class="n"&gt;sys&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;exit&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="n"&gt;seed_hex&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;input&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;Key in hex format &amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="n"&gt;binary_string&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;binascii&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;unhexlify&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;seed_hex&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;seed_b32&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;base64&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;b32encode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;binary_string&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;decode&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39;utf-8&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;The secret in a base32 encoded format&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;seed_b32&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;The same, but with a space every three letters for readability&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s1"&gt;&amp;#39; &amp;#39;&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;join&lt;/span&gt;&lt;span class="p"&gt;([&lt;/span&gt;&lt;span class="n"&gt;seed_b32&lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="n"&gt;i&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="n"&gt;i&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt; &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;i&lt;/span&gt; &lt;span class="ow"&gt;in&lt;/span&gt; &lt;span class="nb"&gt;range&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nb"&gt;len&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;seed_b32&lt;/span&gt;&lt;span class="p"&gt;),&lt;/span&gt; &lt;span class="mi"&gt;3&lt;/span&gt;&lt;span class="p"&gt;)]))&lt;/span&gt;
-
-&lt;span class="k"&gt;print&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;Let&amp;#39;s create a QR code to import it into an app&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;issuer&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;input&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;&amp;#39;Issuer&amp;#39; (can be the server name) &amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;username&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;input&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;Username &amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="n"&gt;uri&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;f&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;otpauth://totp/{username}?secret={seed_b32}&amp;amp;issuer={issuer}&amp;quot;&lt;/span&gt;
-&lt;span class="n"&gt;img&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="n"&gt;qrcode&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;make&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;uri&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;image_file&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;open&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;f&lt;/span&gt;&lt;span class="s2"&gt;&amp;quot;qrcode-otp-{issuer}.jpg&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s2"&gt;&amp;quot;wb&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;img&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;save&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;image_file&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-&lt;/td&gt;&lt;/tr&gt;&lt;/table&gt;
-
-&lt;p&gt;You can fetch this script using &lt;code&gt;ftp
-https://chown.me/iota/blog/totp-hex-to-qrcode.py&lt;/code&gt;. (The code isn't in any of
-my public repositories for
-&lt;a href="https://chown.me/iota/blog/issues-public-repo.jpg"&gt;reasons&lt;/a&gt;).&lt;/p&gt;
-&lt;p&gt;We can check to make sure everything went smoothly by comparing the code
-provided by your mobile app to one generated by &lt;em&gt;oathtool&lt;/em&gt; at the same time.
-The &lt;em&gt;oathtool&lt;/em&gt; binary is provided by the package &lt;em&gt;oath-toolkit&lt;/em&gt; (which is the
-dependency needed by &lt;em&gt;login_oath&lt;/em&gt;). &lt;em&gt;oathtool&lt;/em&gt; accepts the seed in either
-hexadecimal or base32 format.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;$ oathtool --totp 0123456789abcdef0123
-&lt;span class="m"&gt;054640&lt;/span&gt;
-$ oathtool --totp -b AERUKZ4JVPG66AJD
-&lt;span class="m"&gt;054640&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;&lt;em&gt;0123456789abcdef0123&lt;/em&gt; is the &lt;em&gt;seed&lt;/em&gt; in hexadecimal format (as in
-&lt;code&gt;~/.totp-key&lt;/code&gt;) and &lt;em&gt;AERUKZ4JVPG66AJD&lt;/em&gt; is the same data, but base32-encoded.&lt;/p&gt;
-&lt;p&gt;Alternatively, if you just want to do the hex -&amp;gt; b32 conversion, &lt;em&gt;login_oath&lt;/em&gt;'s
-README gives a Perl example (but it is not an unreadable one-liner, so you may
-not want to use it):&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="n"&gt;Some&lt;/span&gt; &lt;span class="n"&gt;tokens&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="n"&gt;g&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt; &lt;span class="n"&gt;Google&lt;/span&gt; &lt;span class="n"&gt;Authenticator&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;require&lt;/span&gt; &lt;span class="nn"&gt;secrets&lt;/span&gt; &lt;span class="n"&gt;in&lt;/span&gt; &lt;span class="n"&gt;base32&lt;/span&gt; &lt;span class="nb"&gt;format&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
-&lt;span class="n"&gt;you&lt;/span&gt; &lt;span class="n"&gt;can&lt;/span&gt; &lt;span class="n"&gt;convert&lt;/span&gt; &lt;span class="n"&gt;them&lt;/span&gt; &lt;span class="n"&gt;with&lt;/span&gt; &lt;span class="n"&gt;p5&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Convert&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Base32:&lt;/span&gt;
-
-&lt;span class="k"&gt;use&lt;/span&gt; &lt;span class="nn"&gt;Convert::Base32&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
-&lt;span class="k"&gt;my&lt;/span&gt; &lt;span class="nv"&gt;$s&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="nb"&gt;pack&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="s"&gt;&amp;#39;H*&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="s"&gt;&amp;#39;99d12448129d1e8192e063d64714209137a13864&amp;#39;&lt;/span&gt;&lt;span class="p"&gt;);&lt;/span&gt;
-&lt;span class="k"&gt;print&lt;/span&gt; &lt;span class="n"&gt;encode_base32&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="nv"&gt;$s&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;.&lt;/span&gt;&lt;span class="s"&gt;&amp;quot;\n&amp;quot;&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;h2 id="sysconfig"&gt;&lt;a href="#sysconfig"&gt;System configuration&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;We can now move to the configuration of the system to put our new TOTP to use.
-As you might guess, it's going to be quite close to what we did with the
-yubikey.&lt;/p&gt;
-&lt;p&gt;We need to tweak &lt;code&gt;login.conf&lt;/code&gt;. &lt;strong&gt;Be careful&lt;/strong&gt; and keep a root shell open at all
-times. The few times I broke my OpenBSD were because I messed with login.conf
-without showing enough care.&lt;/p&gt;
-&lt;p&gt;After the lines:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# Default allowed authentication styles for authentication type ftp
-auth-ftp-defaults:auth-ftp=passwd:
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;we add:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# Default allowed authentication styles for authentication type ssh
-auth-ssh-defaults:auth-ssh=-totp:
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;and inside the class of the user account for which TOTP is being set, we add
-the line &lt;code&gt;:tc=auth-ssh-defaults:\&lt;/code&gt;. For instance, in my case it's:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;staff:\
- :datasize-cur=1536M:\
- :datasize-max=infinity:\
- :maxproc-max=512:\
- :maxproc-cur=256:\
- :ignorenologin:\
- :requirehome@:\
- :tc=auth-ssh-defaults:\
- :tc=default:
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;(Hint: it's the penultimate line). You can check the class of your user using
-&lt;code&gt;id -c&lt;/code&gt;.&lt;/p&gt;
-&lt;h2 id="sshdconfig"&gt;&lt;a href="#sshdconfig"&gt;sshd configuration&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Again, keeping a root shell around decreases the risk of losing access to the
-system and being locked outside.&lt;/p&gt;
-&lt;p&gt;A good standard is to use &lt;code&gt;PasswordAuthentication no&lt;/code&gt; and to use public key
-only. Except... have a guess what the &lt;em&gt;P&lt;/em&gt; stands for in &lt;em&gt;TOTP&lt;/em&gt;. Yes, congrats,
-you guessed it!&lt;/p&gt;
-&lt;p&gt;We need to switch to &lt;code&gt;PasswordAuthentication yes&lt;/code&gt;. However, if we made this
-change alone, sshd would then accept a public key OR a password (which are TOTP
-because of our &lt;em&gt;login.conf&lt;/em&gt;). 2FA uses both at the same time.&lt;/p&gt;
-&lt;p&gt;To inform sshd we intend to use both, we need to set &lt;code&gt;AuthenticationMethods
-publickey,password&lt;/code&gt;. This way, the user trying to login will first need to
-perform the traditional publickey authentication. Once that's done, ssh will
-prompt for a password and the user will need to submit a valid TOTP for the
-system.&lt;/p&gt;
-&lt;p&gt;We could do this the other way around, but I think bots could try passwords,
-wasting resources. Evaluated in this order, failing to provide a public key leads to
-sshd immediately declining your attempt.&lt;/p&gt;
-&lt;p&gt;Here's the diff of the output when testing with &lt;code&gt;ssh -v&lt;/code&gt; using both public-key-only authentication and two-factor authentication:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="p"&gt;-&lt;/span&gt;&lt;span class="nf"&gt;debug1:&lt;/span&gt; &lt;span class="n"&gt;Authentication&lt;/span&gt; &lt;span class="n"&gt;succeeded&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;publickey&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;
-&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="n"&gt;Authenticated&lt;/span&gt; &lt;span class="n"&gt;with&lt;/span&gt; &lt;span class="n"&gt;partial&lt;/span&gt; &lt;span class="n"&gt;success&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="nl"&gt;debug1&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Authentications&lt;/span&gt; &lt;span class="n"&gt;that&lt;/span&gt; &lt;span class="n"&gt;can&lt;/span&gt; &lt;span class="k"&gt;continue&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;password&lt;/span&gt;
-&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="nl"&gt;debug1&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Next&lt;/span&gt; &lt;span class="n"&gt;authentication&lt;/span&gt; &lt;span class="nl"&gt;method&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;password&lt;/span&gt;
-&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="n"&gt;danj&lt;/span&gt;&lt;span class="mf"&gt;@198.51.100.12&lt;/span&gt;&lt;span class="err"&gt;&amp;#39;&lt;/span&gt;&lt;span class="n"&gt;s&lt;/span&gt; &lt;span class="nl"&gt;password&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
-&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="nl"&gt;debug1&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Authentication&lt;/span&gt; &lt;span class="n"&gt;succeeded&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;password&lt;/span&gt;&lt;span class="p"&gt;).&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;h2 id="nouximpact"&gt;&lt;a href="#nouximpact"&gt;Improving security without impacting UX&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;My phone has a long enough password that most of the time, I fail to type it
-correctly on the first try. Of course, if I had to unlock my phone, launch my
-TOTP app and use my keyboard to enter what I see on my phone's screen, I would
-quickly disable 2FA.&lt;/p&gt;
-&lt;p&gt;To find a balance, I have whitelisted certain IP addresses and users. If I
-connect from a particular IP address or as a specific user, I don't want to go
-through 2FA. For some users, I might not even enable 2FA.&lt;/p&gt;
-&lt;p&gt;To whitelist, we can use the &lt;em&gt;Match&lt;/em&gt; keyword. Here are two basic examples:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Match User git
- AuthenticationMethods publickey
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;Match Address 203.0.113.47 # VPN
- AuthenticationMethods publickey
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;To sum up, we covered how to create a seed, how to perform a hexadecimal to
-base32 conversion and how to create a &lt;em&gt;QR code&lt;/em&gt; for mobile applications. We
-configured the login system with &lt;em&gt;login.conf&lt;/em&gt; so that ssh authentication uses
-the TOTP login system, and we told sshd to ask for both the public key and the
-Time-based One-Time Password. Now you should be all set to use two-factor
-ssh authentication on OpenBSD!&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Thanks &lt;a href="https://bsd.network/@pamela"&gt;Pamela&lt;/a&gt; for the proof-reading!&lt;/em&gt;&lt;/p&gt;</summary></entry><entry><title>The Effective Manager</title><link href="https://chown.me/blog/the-effective-manager" rel="alternate"></link><published>2018-08-13T10:00:00Z</published><updated>2018-08-13T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-08-13:/blog/the-effective-manager</id><summary type="html">&lt;p&gt;&lt;em&gt;Note: this is also available in audio format: 3:49
-&lt;a href="https://chown.me/iota/blog/the-effective-manager.mp3"&gt;(1.6MB mp3)&lt;/a&gt;
-&lt;a href="https://chown.me/iota/blog/the-effective-manager.ogg"&gt;(1.3MB ogg)&lt;/a&gt;&lt;/em&gt;&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;A few months ago, I stumbled across &lt;a href="https://jacobian.org/writing/engmanager-reading-list/"&gt;A reading list for new engineering
-managers&lt;/a&gt;. I'm not sure
-that I want to become a manager, but even so, knowing how management tasks
-should be approached is valuable. Knowing how things work from the other side
-helps me to understand the bigger picture, so I try to do that with most things
-in life.&lt;/p&gt;
-&lt;p&gt;I began by reading the first book on the list, &lt;em&gt;The Effective Manager&lt;/em&gt; by Mark
-Horstman. Here's what I found interesting:&lt;/p&gt;
-&lt;p&gt;Firstly, employees should be able to list their goals. If they can't, they
-should ask "what results do you expect from me?" and "how will you measure my
-performance?"&lt;/p&gt;
-&lt;p&gt;For the manager, the two main goals are:&lt;/p&gt;
-&lt;ol&gt;
-&lt;li&gt;Achieve Results&lt;/li&gt;
-&lt;li&gt;Retain Employees&lt;/li&gt;
-&lt;/ol&gt;
-&lt;p&gt;To help the manager succeed in these goals, the book first gives some general
-advice:&lt;/p&gt;
-&lt;ol&gt;
-&lt;li&gt;Get to know your people&lt;/li&gt;
-&lt;li&gt;Communicate about performance&lt;/li&gt;
-&lt;li&gt;Ask for more&lt;/li&gt;
-&lt;li&gt;Push work down&lt;/li&gt;
-&lt;/ol&gt;
-&lt;p&gt;Their respective importance is set to 40%, 30%, 20% and 10%. (Isn't it great
-when you add percentages and their sum is, indeed, 100%?)&lt;/p&gt;
-&lt;p&gt;When goals are clearly defined and the manager communicates about their
-employee's performance, both are off to a good start!&lt;/p&gt;
-&lt;p&gt;"Generally, the more a team trusts its manager, the better the results will be,
-and the better the retention as well."&lt;/p&gt;
-&lt;p&gt;The author advises managers to talk to their subordinates frequently about things
-that are important to them. For those frequent discussions, his recommended
-format is the &lt;em&gt;One-on-One&lt;/em&gt;. One-on-ones are scheduled, weekly, 30-minute
-meetings that managers have with each of their employees.&lt;/p&gt;
-&lt;p&gt;One-on-ones last thirty minutes at the most, but can end early if neither has
-more to say. The thirty minutes are split into three ten-minute segments. The
-first third is for what the subordinate wishes to discuss. The second third allows
-the manager to provide feedback and instruction. The final third (hopefully
-there's still some time left :-)) is designated for discussion about the future
-... as it's not particularly useful to talk about the past.&lt;/p&gt;
-&lt;p&gt;The book has some tips for addressing the reasons why some might be reluctant
-to attend one-on-ones. If they say their schedule is already fully booked, the
-key is to say "ok, but look at your schedule. If in one month it's mostly free,
-let's add a few weekly 30-minute slots then, to see how it goes."&lt;/p&gt;
-&lt;p&gt;Another problem that could arise is the employee being unwilling to talk or
-dominating the conversation. Again, the book has some tips for that and in both
-cases, it comes down to &lt;strong&gt;gently&lt;/strong&gt; encouraging the behavior you want to see
-&lt;strong&gt;without forcing&lt;/strong&gt; the employee (at least, in the beginning).&lt;/p&gt;
-&lt;p&gt;For giving feedback, Horstman provides the following model:&lt;/p&gt;
-&lt;ol&gt;
-&lt;li&gt;Ask if the person is open to receiving feedback. It's useless to give
- feedback if one's not open to it. Also, hashtag consent.&lt;/li&gt;
-&lt;li&gt;Identify the behavior you've noticed.&lt;/li&gt;
-&lt;li&gt;Describe the impact of the behavior (positive or negative).&lt;/li&gt;
-&lt;li&gt;Encourage effective future behavior. If the feedback is positive, say "keep
- up the good work!" and if it isn't, ask questions and work out a plan.&lt;/li&gt;
-&lt;/ol&gt;
-&lt;p&gt;One important thing about feedback is that you shouldn't be angry when you
-deliver it. Bearing that in mind, you should still give it as soon as you can.&lt;/p&gt;
-&lt;p&gt;I didn't take any notes for the points "Ask for more" and "Push work down"
-because I didn't feel I was learning anything. Of course, this is specific to
-me. I'm sure plenty of people will find valuable advice in these sections.&lt;/p&gt;
-&lt;p&gt;I quite liked the book; it was full of interesting points. What I didn't like
-was that sometimes the author repeated points that felt obvious to me. Also, I
-felt like the author was a bit full of himself (though that may simply reflect
-cultural differences).&lt;/p&gt;
-&lt;p&gt;Reading &lt;em&gt;The Effective Manager&lt;/em&gt; will provide you with a lot of techniques as a
-manager to complete your daily tasks. Even as someone without subordinates, I
-found this a valuable read, as it allows for some management in reverse.&lt;/p&gt;
-&lt;p&gt;Finally, remember the saying: "people don't quit their jobs; they quit their
-managers." ;)&lt;/p&gt;
-&lt;p&gt;&lt;br/&gt;&lt;/p&gt;
-&lt;p&gt;&lt;em&gt;Thanks &lt;a href="https://bsd.network/@pamela"&gt;Pamela&lt;/a&gt; for the proof-reading and the audio recording!&lt;/em&gt;&lt;/p&gt;</summary></entry><entry><title>The Checklist Manifesto</title><link href="https://chown.me/blog/the-checklist-manifesto" rel="alternate"></link><published>2018-06-01T10:00:00Z</published><updated>2018-06-01T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-06-01:/blog/the-checklist-manifesto</id><summary type="html">&lt;p&gt;What is the best way to improve the quality of your actions? According to the
-author of the book &lt;a href="https://en.wikipedia.org/wiki/The_Checklist_Manifesto"&gt;&lt;em&gt;The Checklist
-Manifesto&lt;/em&gt;&lt;/a&gt;, it's with
-checklists.&lt;/p&gt;
-&lt;p&gt;A few months ago, a &lt;a href="https://instinctive.eu/"&gt;friend&lt;/a&gt; wrote &lt;a href="https://instinctive.eu/weblog/0AC-perte-de-memoire-II"&gt;a blog
-article&lt;/a&gt; about how her
-memory began to fail her. &lt;a href="https://blog.pasithee.fr/"&gt;Another friend&lt;/a&gt;
-&lt;a href="https://instinctive.eu/weblog/0AC-perte-de-memoire-II#VXBU66HpV1Ds"&gt;commented&lt;/a&gt; that
-she wrote a checklist to avoid forgetting anything before a commit, after
-having read &lt;em&gt;The Checklist Manifesto&lt;/em&gt;. Another passion of mine is airplanes.
-In the aviation world, there are checklists for everything. I was curious
-what this book could say about this subject so I read it.&lt;/p&gt;
-&lt;p&gt;While reading the book was pleasant, if the author talked only about checklists,
-I think it could have been only one chapter. The other things he wrote about
-are communications and sharing—or spreading—responsibilities. These topics are also
-very important but out of the scope in my opinion.&lt;/p&gt;
-&lt;p&gt;&lt;a href="https://en.wikipedia.org/wiki/Atul_Gawande"&gt;Atul Gawande&lt;/a&gt; (the author)
-is a surgeon, so obviously he talks about surgery but not only. For instance,
-he talks about how aviation and construction firms started using checklists, who
-writes them, and what they cover.&lt;/p&gt;
-&lt;p&gt;But why make checklists? The author
-explains that over the last centuries we have learned many many things, but we
-sometimes fail at doing them. Checklists are there to lower our fail rate.
-They also help to be faster and more methodical.&lt;/p&gt;
-&lt;p&gt;Checklists don't improve our skills, they improve results. They are guards
-against basic errors and oversights.&lt;/p&gt;
-&lt;p&gt;That sounds good, doesn't it? So how does one a do a good checklist? The author
-gives a &lt;em&gt;rule of thumb&lt;/em&gt;. The checklist must:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;be between 5 and 9 elements—it should take between 60 and 90 seconds to complete&lt;/li&gt;
-&lt;li&gt;have a clear &lt;em&gt;pause point&lt;/em&gt; i.e. when to go through the checklist&lt;/li&gt;
-&lt;li&gt;be short and precise, they're not a how-to&lt;/li&gt;
-&lt;li&gt;have a publication date and be occasionally revised&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Atul Gawande lists two kinds of checklist:&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;do-confirm: you do your stuff and once you think you're good, you go
-through the checklist to verify you didn't forget anything&lt;/li&gt;
-&lt;li&gt;read-do: you do what the checklist says you have to do while reading it&lt;/li&gt;
-&lt;/ul&gt;
-&lt;p&gt;Checklists can be done during team briefing and it has the added benefit that it
-improves communication among the team.&lt;/p&gt;
-&lt;p&gt;I liked this book and if you're curious about stories behind checklists, you
-should definitely read it!&lt;/p&gt;</summary></entry><entry><title>Hackathon report - p2k18</title><link href="https://chown.me/blog/p2k18" rel="alternate"></link><published>2018-05-03T10:00:00Z</published><updated>2018-05-03T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-05-03:/blog/p2k18</id><summary type="html">&lt;p&gt;After two mostly boring flights, I was in Nantes on Sunday. I didn't do much
-because I wanted to get some rest after an exhausting week and tried to get my
-body into this new timezone. After a long night of sleep, I went to the hackroom.
-It was already well crowded for the first morning.&lt;/p&gt;
-&lt;p&gt;On Friday the week before, I asked my boss at 5 pm if I had to take days off. He said
-"no" as a way to support my work on Open Source—it had been the same for
-&lt;a href="./t2k17.html"&gt;t2k17&lt;/a&gt;. I made a deal with myself that I would finish what I was
-working on for a customer instead of asking my coworker. So a large part of my
-Monday was finishing that stuff. Still, &lt;a href="https://github.com/openbsd/ports/commit/a322d2ddc88df925eb9c719578e9f6aca0096298"&gt;I updated a port I maintain,
-pqiv&lt;/a&gt;.
-I received a &lt;a href="https://chown.me/iota/dmesg/dmesg-x1.txt"&gt;generous donation&lt;/a&gt; from &lt;a href="https://twitter.com/mischapeters"&gt;Mischa
-Peters&lt;/a&gt; so I installed OpenBSD on it (thanks
-to jasper@ for carrying it!).&lt;/p&gt;
-&lt;p&gt;Installing OpenBSD was not that trivial because I didn't have any USB key and
-the wired NIC required an adapter which I didn't have and the wifi NIC required
-a firmware to work. Thanks to &lt;a href="https://twitter.com/poolporg"&gt;our marvelous
-organizer&lt;/a&gt; for providing me a USB key and stsp@ for
-lending me a USB NIC (which later &lt;a href="https://undeadly.org/cgi?action=article;sid=20180430190108"&gt;krw@ used to debug a dhclient
-bug&lt;/a&gt;!). After that,
-I installed the packages I use, rsync'ed my home from my work laptop I was
-using until then like a lil' pig and felt immediately at home!&lt;/p&gt;
-&lt;p&gt;I really begin the ports hackathon on Tuesday when I committed an update for
-py-setuptools. I had already &lt;a href="./b2k16.html"&gt;updated them&lt;/a&gt; 18 months ago. It was
-easy to do it because I already did all the work a few weeks ago. My plan was
-to commit it before the hackathon but the clang6 fallout decided otherwise. I
-needed this setuptools to port upt. &lt;a href="https://framagit.org/upt"&gt;upt&lt;/a&gt; is a
-"modular tool that helps people package software from PyPI/CPAN/etc. to
-OpenBSD/GNU Guix/etc". It's made by a &lt;a href="https://perso.aquilenet.fr/~steap/"&gt;very good friend of
-mine&lt;/a&gt; so I sent him a bunch of &lt;a href="https://framagit.org/upt/upt-rubygems/commit/ccb5c2c1f9df2c383a02b2297f0354c3692757b4"&gt;really
-nice&lt;/a&gt;
-&lt;a href="https://framagit.org/upt/upt-cpan/commit/893ef4aed42a121fb2adb6412dd9c91f81a8e8f0"&gt;diffs&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I imported spdx and spdx-lookup which are a database of licenses and a tool to
-query it. That's the tool upt is using to
-&lt;a href="https://framagit.org/upt/upt/blob/master/upt/licenses.py#L702"&gt;guess&lt;/a&gt; the
-license used. Then, I decided to call it a day. The morning was stressful, and rain was forecasted for the next few days. This pushed me to go see the city. I went to
-see &lt;a href="https://www.lesmachines-nantes.fr/en/"&gt;&lt;em&gt;Les Machines De L'Île&lt;/em&gt;&lt;/a&gt;. Sadly the
-Elephant was sick so I couldn't ride him. He was fine enough to spit water on
-kids though. What makes me even sadder is that I didn't photograph the
-billboard saying it was sick. It would have been such a cool error page
-for when PostgreSQL is down!&lt;/p&gt;
-&lt;p&gt;I also visited &lt;em&gt;Le Chateau des Ducs de Bretagne&lt;/em&gt; and &lt;em&gt;Le Jardin des Plantes&lt;/em&gt;
-which both were awesome with the nice blue sky I had. It was also funny to
-notice that the people of Nantes try to trick people, with putting "de Bretagne"
-in various names, into thinking that Nantes is in Bretagne while it is not.
-Yup, I'm pretty happy to have a static blog without any comments system so
-there won't be any hateful reactions visible here :-)&lt;/p&gt;
-&lt;p&gt;Once I got back to the hackroom, I review-n-committed a couple of diffs for
-python ports. I updated again pqiv as they released another bugfix release and
-did some reviews for the &lt;a href="https://undeadly.org/cgi?action=article;sid=20180429101745"&gt;boar port from solene@&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I spent Wednesday only doing reviews for other devs—facette, influxdb for
-landry@, and several python ports for pvk@. At 5 pm I was fed up, so I went to
-the supermarket and bought some Belgian beers (&lt;em&gt;Trappe Quadrupel&lt;/em&gt; and
-&lt;em&gt;Westmalle&lt;/em&gt; mainly but also some &lt;em&gt;Chimay&lt;/em&gt;). Once drunk I went to play ping-pong
-with other French hackers. A few hours—and less alcohol in my blood—later, I
-finally updated my main server to OpenBSD 6.3 which went fine.&lt;/p&gt;
-&lt;p&gt;I also looked at setting &lt;code&gt;PORTS_PRIVSEP=Yes&lt;/code&gt; being one of the &lt;a href="https://undeadly.org/cgi?action=article;sid=20180429190200"&gt;"new
-converts"&lt;/a&gt;, but I
-had some &lt;a href="https://marc.info/?l=openbsd-ports-cvs&amp;amp;m=152466817003263&amp;amp;w=2"&gt;problems&lt;/a&gt;
-(this commit message actually makes me laugh so much) so I eventually decided to
-rollback. Now, however, I know which permissions to set if I want to enable it
-again so that's cool!&lt;/p&gt;
-&lt;p&gt;Thursday was low-hanging-fruit day. One of the commits renamed a package and so
-I needed to add a quirks entry. I did all of it on my own and I was glad to see
-how much more comfortable I was after two years (I got my &lt;em&gt;commit bit&lt;/em&gt; shortly
-before p2k16 which happened 2 years ago).&lt;/p&gt;
-&lt;p&gt;Until Friday, I didn't submit upt because I was waiting for Cyril to send an
-email about it. He finally sent
-&lt;a href="https://marc.info/?l=openbsd-ports&amp;amp;m=152478073001511&amp;amp;w=2"&gt;it&lt;/a&gt; so I submitted
-it while replying to his email. I had already talked about it to landry@
-because he wanted to port a dozen of python ports. I told him this tool
-could help him so he was eager to try it. I finally imported it after a couple
-of back and forth between landry@ and I.&lt;/p&gt;
-&lt;p&gt;Saturday was my last day as I was traveling on Sunday. I reviewed
-collectd/liboping for landry@, looked at the new
-&lt;a href="https://www.palletsprojects.com/blog/flask-1-0-released/"&gt;Flask&lt;/a&gt;. During
-p2k16, I talked with eric@ about ports where he was listed as maintainer. This
-time I succeeded in convincing him that his time was better spent on OpenSMTPD so
-there was no need to for him to be listed as maintainer. My final commit for
-p2k18 was freeing him from the ports tree :-) &lt;/p&gt;
-&lt;p&gt;A while ago, I bought two &lt;a href="./playing-with-the-pine64.html"&gt;pine64&lt;/a&gt; but they
-were not that useful for my use cases—too slow and unreliable. For a few weeks,
-semarie was using one of them remotely to work on rust/arm64. But when it
-stopped working, I had to investigate which didn't please my laziness. I offered
-him to take one and give it to him. He gladly accepted and then it was quickly &lt;a href="https://marc.info/?l=openbsd-bugs&amp;amp;m=152526381422932&amp;amp;w=2"&gt;put to
-use&lt;/a&gt;!&lt;/p&gt;
-&lt;p&gt;It was very nice to see Nantes and my fellow OpenBSD hackers again. I could commit
-the diffs I had for a few weeks and reviewed some submissions that enhance what
-you can &lt;code&gt;pkg_add&lt;/code&gt; on OpenBSD. Thanks to gilles@ for all the organization and to
-Epitech for hosting us again and to the OpenBSD Foundation for the fundings!&lt;/p&gt;</summary></entry><entry><title>New design</title><link href="https://chown.me/blog/new-design" rel="alternate"></link><published>2018-04-13T10:00:00Z</published><updated>2018-04-13T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2018-04-13:/blog/new-design</id><summary type="html">&lt;p&gt;In June this blog will be five years old. Since &lt;a href="./blog.html"&gt;I created it&lt;/a&gt;, it
-has had the same design. A few weeks ago I looked for a new theme. I found
-&lt;a href="https://github.com/Parbhat/pelican-blue"&gt;pelican-blue&lt;/a&gt; which I liked. For my
-first theme, I took it from someone and shortly after someone took it from me.
-This time I wanted something more unique.&lt;/p&gt;
-&lt;p&gt;I took pelican-blue and hammered the CSS so people would notice I love the
-color &lt;a href="https://en.wikipedia.org/wiki/Red"&gt;&lt;em&gt;red&lt;/em&gt;&lt;/a&gt;. At home, my sheets are red, my bath towel is red, my couch is
-red, my curtains are red. Even the ribbon Jean Canard plays with is &lt;a href="https://pics.chown.me/Jean-Canard/IMG_0675.JPG"&gt;red&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I noticed a couple of things that were broken with the theme so I had to fix
-them. Now I have to go back to my commit log to tell the original author as a
-way to contribute back.&lt;/p&gt;
-&lt;p&gt;At first, my blog URL was &lt;code&gt;blog.chown.me&lt;/code&gt;. Then I wanted https but I couldn't
-have another domain because back then free (and valid—hi cacert) certificates
-weren't a thing, I moved it to &lt;code&gt;chown.me/blog&lt;/code&gt;. To welcome stalk^Wvisitors I
-had a landing page on &lt;code&gt;chown.me&lt;/code&gt;. Now, however, I changed my mind and I prefer
-to have my blog index page directly on &lt;code&gt;chown.me&lt;/code&gt;.&lt;/p&gt;
-&lt;p&gt;I wanted to break as few links as possible—ain't nobody got time to write the
-otherwise needed haproxy redirection. I think I tweaked enough of my
-&lt;a href="https://blog.getpelican.com/"&gt;pelican&lt;/a&gt; config file so that most of them are fine.
-Not all of them are; I had to break one or two because of translations.
-Fortunately, I was lazy enough to translate only a handful of articles so the
-breakage is minimal.&lt;/p&gt;
-&lt;p&gt;To fix some past mistakes I had to go through old articles. It was a weird
-feeling to read my younger self. I wouldn't advise to read them haha. They're in
-French anyway.&lt;/p&gt;
-&lt;p&gt;One of my 2018 New Year's resolution was to write more blog articles. With not a
-single one for the first quarter, you can guess it's not my best
-accomplishment. But hopefully, I'll finally do it.&lt;/p&gt;</summary></entry><entry><title>Routing traffic with multiple OpenVPN</title><link href="https://chown.me/blog/routing-traffic-with-multiple-openvpn" rel="alternate"></link><published>2017-11-21T10:00:00Z</published><updated>2017-11-21T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2017-11-21:/blog/routing-traffic-with-multiple-openvpn</id><summary type="html">&lt;h2 id="openvpn"&gt;&lt;a href="#openvpn"&gt;Why OpenVPN?&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;For &lt;a href="https://evolix.ca/en"&gt;my dayjob&lt;/a&gt; we access the servers we manage
-through OpenVPN. Of course it's not the only security measure, it's
-yet another layer and it helps to cut a part of the
-&lt;a href="https://en.wikipedia.org/wiki/Internet_background_noise"&gt;IBN&lt;/a&gt;. All of
-our servers are registered in
-&lt;a href="https://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol"&gt;LDAP&lt;/a&gt;
-and from this system we create some routes that the OpenVPN server
-pushes to the OpenVPN clients.&lt;/p&gt;
-&lt;h2 id="needs"&gt;&lt;a href="#needs"&gt;What did I need?&lt;/a&gt;&lt;/h2&gt;
-&lt;h3 id="pushedroutes"&gt;&lt;a href="#pushedroutes"&gt;Follow the pushed routes, not always and not for all the hosts&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I work sometimes from home (for on-call or just remote work). I have a
-IP phone which needs the VPN but of course I can't setup OpenVPN on
-the phone directly, so the VPN has to go on my router. But let's say
-some android phone (without security updates) connects to my wifi, I
-don't want its traffic to go through the VPN.&lt;/p&gt;
-&lt;p&gt;But I also have my own desktop that I don't want any of its traffic to
-go through the VPN, but sometimes I want it to use the routes if I
-want to quickly check something on a server.&lt;/p&gt;
-&lt;h3 id="default"&gt;&lt;a href="#default"&gt;Default route sometimes, sometimes not&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;By default, clients don't set the gateway to the vpn, because we
-have the routes. But sometimes, we need to access a host through the
-VPN without having a route to it being pushed by the server. Hence I
-need to be able to route all the traffic through the vpn if
-needed. But not always because the vpn endpoint is 105ms away and
-browsing with this increased latency is obviously a bit slower.&lt;/p&gt;
-&lt;h3 id="bypass"&gt;&lt;a href="#bypass"&gt;Even with a default route, bypassing the VPN for some servers&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I have a VM in Montreal, 10ms away, and there's no reason that the
-traffic should go through the VPN. Same goes for my OpenBSD mirror.&lt;/p&gt;
-&lt;h3 id="multiplevpns"&gt;&lt;a href="#multiplevpns"&gt;Multiple VPN&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I also have another VPN which endpoints is in Montreal and I may want
-to route some host from my lan through it. It must independant from
-the other VPN.&lt;/p&gt;
-&lt;h3 id="serveragnoticism"&gt;&lt;a href="#serveragnosticism"&gt;Don't touch the server side&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;My coworkers use the VPN as well so I can't change the server
-configuration just to suit my own need.&lt;/p&gt;
-&lt;h2 id="suitneeds"&gt;&lt;a href="#suitneeds"&gt;Suiting all the needs \o/&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I will only talk about the client as there's nothing special on the
-server side&lt;/p&gt;
-&lt;h3 id="ovpninfra"&gt;&lt;a href="#ovpninfra"&gt;OpenVPN infrastructure&lt;/a&gt;&lt;/h3&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;danj@pancake:/etc/openvpn$ ls
-client-ca.conf client-fr.conf private-stuff/
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;Config files are as usual, the only special thing is that I force
-the tun device used by the VPN (so I can use it in pf.conf):&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;danj@pancake:/etc/openvpn$ grep dev *.conf
-client-ca.conf:dev tun1
-client-fr.conf:dev tun0
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;In &lt;code&gt;rc.conf.local&lt;/code&gt;, I set the correct config file:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;openvpn_fr_flags=&amp;quot;--config /etc/openvpn/client-fr.conf&amp;quot;
-openvpn_ca_flags=&amp;quot;--config /etc/openvpn/client-ca.conf&amp;quot;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;now I can &lt;code&gt;rcctl start openvpn_fr&lt;/code&gt; and &lt;code&gt;rcctl start openvpn_ca&lt;/code&gt;&lt;/p&gt;
-&lt;h3 id="routing"&gt;&lt;a href="#routing"&gt;routing&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;Spoiler alert, everything is done with pf.&lt;/p&gt;
-&lt;p&gt;I won't put my whole pf.conf but only the needed parts. First let's
-describe the interface.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;vpnfr_if = &amp;quot;tun0&amp;quot;
-vpnca_if = &amp;quot;tun1&amp;quot;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;I have vlan-capable switch and wifi AP, so I have multiple networks.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;lan_net = $lan_if:network
-wifilap_net = $wifilap_if:network
-wifitel_net = $wifitel_if:network
-windows_net = $windows_if:network
-tel_net = $tel_if:network
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;I need some tables (don't worry, you'll understand later what purpose
-they have).&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;table &amp;lt;softvpnfr&amp;gt; { 10.20.20.20 } persist
-table &amp;lt;vpnfr&amp;gt; { $phone } persist
-table &amp;lt;vpnca&amp;gt; { 10.10.10.60 } persist
-table &amp;lt;bypassfr&amp;gt; { 129.128.197.20, 129.128.5.191, 185.19.29.62, 167.114.216.84 } persist
-table &amp;lt;forcevpnfr&amp;gt; { $mrs-fw2 }
-table &amp;lt;nousautres&amp;gt; { 10.0.0.0/8, $home_ip } persist
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;Now we can see the ruleset. I let everything from the lan, that doesn't
-go on the router itself or to another lan (so the traffic will need
-another rules to be allowed) come through.&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;pass in on $lan_if from $lan_net to ! &amp;lt;nousautres&amp;gt;
-pass in on $wifilap_if from $wifilap_net to ! &amp;lt;nousautres&amp;gt;
-pass in on $wifitel_if from $wifitel_net to ! &amp;lt;nousautres&amp;gt;
-pass in on $tel_if from $tel to ! &amp;lt;nousautres&amp;gt;
-pass in log on $windows_if proto { tcp, udp } from $windows_net to ! &amp;lt;nousautres&amp;gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;I let everything going out&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;pass out log on $ext_if proto { tcp, udp } all modulate state
-pass out on $vpnfr_if proto { tcp, udp } all modulate state
-pass out on $vpnca_if proto { tcp, udp } all modulate state
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;Now's the fun part.&lt;/p&gt;
-&lt;ul&gt;
-&lt;li&gt;&lt;code&gt;&amp;lt;softvpn&amp;gt;&lt;/code&gt; is the hosts that can you the routes pushed by the VPN but
-it doesn't use the VPN as the gw&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;&amp;lt;vpnfr&amp;gt;&lt;/code&gt; and &lt;code&gt;&amp;lt;vpnca&amp;gt;&lt;/code&gt; everything from the hosts in it goes through
-the VPN (French or Canadian)&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;&amp;lt;bypassfr&amp;gt;&lt;/code&gt; any traffic to host in the table won't go through the VPN&lt;/li&gt;
-&lt;li&gt;&lt;code&gt;&amp;lt;forcevpnfr&amp;gt;&lt;/code&gt; host that must be accessed through the VPN&lt;/li&gt;
-&lt;/ul&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# disable the use of the routes if you&amp;#39;re not in &amp;lt;softvpn&amp;gt;
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $atlas_if } \
- from !&amp;lt;softvpnfr&amp;gt; to ! &amp;lt;nousautres&amp;gt; route-to ($ext_if $home_ip)
-
-# force traffic through the French VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from &amp;lt;vpnfr&amp;gt; to ! &amp;lt;nousautres&amp;gt; route-to ($vpnfr_if 192.168.125.61)
-
-# traffic to hosts in &amp;lt;bypass&amp;gt; must not go through the VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from &amp;lt;vpnfr&amp;gt; to &amp;lt;bypassfr&amp;gt; route-to ($ext_if $home_ip)
-
-# force traffic through the Canadian VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if, $tel_if } \
- from &amp;lt;vpnca&amp;gt; to ! &amp;lt;nousautres&amp;gt; route-to ($vpnca_if 192.168.251.10)
-
-# traffic from &amp;lt;softvpnfr&amp;gt; to hosts in &amp;lt;forcevpnfr&amp;gt; should really go through the VPN
-pass in on { $lan_if, $wifilap_if, $wifitel_if } \
- from &amp;lt;softvpnfr&amp;gt; to &amp;lt;forcevpnfr&amp;gt; route-to ($vpnfr_if 192.168.125.61)
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;But the real magic with pf, is that I can &lt;strong&gt;very easily&lt;/strong&gt; change the
-routing for any host :&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;# if I want everything to go through the Canadian VPN
-root@pancake:~# pfctl -t vpnca -Ta 10.1.2.3
-# or not
-root@pancake:~# pfctl -t vpnca -Td 10.1.2.3
-# through the French VPN
-root@pancake:~# pfctl -t vpnfr -Ta 10.1.2.3
-# ok not everything, just use the route pushed by the VPN
-root@pancake:~# pfctl -t vpnfr -Td 10.1.2.3
-root@pancake:~# pfctl -t softvpn -Ta 10.1.2.3
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;That's all! Of course, if anything goes wrong, I have
-&lt;a href="https://chown.me/iota/pics/IMG_0551.JPG"&gt;Jean Canard's Advanced Paws System (APS)&lt;/a&gt;
-that checks for anything.&lt;/p&gt;</summary></entry><entry><title>Dumping pics</title><link href="https://chown.me/blog/dumping-pics" rel="alternate"></link><published>2017-11-04T10:00:00Z</published><updated>2017-11-04T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2017-11-04:/blog/dumping-pics</id><summary type="html">&lt;p&gt;A few years ago I bought a camera (a Canon 100D) and since that I take
-pictures from time to time. I go through all the pics I take and I
-pick the best then I enhance them a bit with rawtherapee and finally I
-post them on &lt;a href="http://piks.chown.me"&gt;500px&lt;/a&gt;. This process is a bit
-&lt;em&gt;relou&lt;/em&gt; so I don't often do it. Of course I don't always have my camera
-with me, but I do have my phone most of the time.&lt;/p&gt;
-&lt;p&gt;I take a lot of pictures with my phone and I sometimes post them on
-some social networks. All these social networks I'm on, are based on
-ephemeral publications so after a &lt;strong&gt;short&lt;/strong&gt; while, the stuff goes out
-of your mind and you never see it again.&lt;/p&gt;
-&lt;p&gt;I looked for a self-hostable solution. I found PHP-based software like
-leetchi and piwigo but I wasn't fond of these. I looked at static
-generators as I already use one (pelican) for this blog. Sadly, there
-are maaaanyyyy of them for blogs and text-based publications but for
-gallery there very few static generators. Finally I found
-&lt;a href="https://github.com/saimn/sigal"&gt;sigal&lt;/a&gt; which is maintained, written
-in python, quite nice and very straight forward to use.&lt;/p&gt;
-&lt;p&gt;Here's the result: &lt;a href="https://pics.chown.me/"&gt;https://pics.chown.me/&lt;/a&gt; (with among other themes,
-as of now, 229 pics of my delicious kitten &lt;em&gt;Jean Canard&lt;/em&gt;).&lt;/p&gt;</summary></entry><entry><title>Playing with the pine64</title><link href="https://chown.me/blog/playing-with-the-pine64" rel="alternate"></link><published>2017-10-19T10:00:00Z</published><updated>2017-10-19T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2017-10-19:/blog/playing-with-the-pine64</id><summary type="html">&lt;h2 id="installwhat"&gt;&lt;a href="#installwhat"&gt;Finding something to install on it&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;6 weeks ago, I ordered two pine64 units. I didn't (and still don't)
-have much plan for them, but I wanted to play with some cheap
-boards. I finally received them this week. Initially I wanted to
-install some Linux stuff on it, I didn't have much requirement so I
-thought I would just look what seems to be easy and/or the best
-supported systemd flavour. I headed over their
-&lt;a href="http://wiki.pine64.org/index.php/Pine_A64_Software_Release"&gt;wiki&lt;/a&gt;. Everything
-seems either not really maintained, done by some random people or
-both. I am not saying random people do bad things, just that
-installing some random things from the Internet is not really my cup
-of tea.&lt;/p&gt;
-&lt;p&gt;I heard about &lt;a href="https://www.armbian.com/pine64/"&gt;Armbian&lt;/a&gt; but the
-server flavour seems to be experimental so I got scared of it. And
-sadly, the whole things looks like to be alot undermanned.&lt;/p&gt;
-&lt;p&gt;So I went for OpenBSD because I know the stuff and who to har^Wkindly
-ask for help. Spoiler alert, it's boring because it just works.&lt;/p&gt;
-&lt;h2 id="OpenBSD"&gt;&lt;a href="#OpenBSD"&gt;Getting OpenBSD on it&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I downloaded miniroot62.fs, dd'ed it on the micro SD card. I was
-afraid I'd need to fiddle with some things like sysutils/dtb because I
-don't know what I would have needed to do. That's because I don't know
-what it does and for this precise reason I was wrong and I didn't need
-to do anything. So just dd the miniroot62.fs and you can go to next
-checkpoint.&lt;/p&gt;
-&lt;p&gt;I plugged an HDMI cable, ethernet cable and the power, it booted, I
-could read for 10 seconds but then it got dark. Of course it's because
-you need a serial console. Of course I didn't have one.&lt;/p&gt;
-&lt;p&gt;I thought about trying to install OpenBSD blindly, I could have
-probably succeeded with autoinstall buuuuuut...&lt;/p&gt;
-&lt;p&gt;Following some good pieces of advice from OpenBSD people I bought some
-cp2102 (I didn't try to understand what it was or what were the other
-possibilities, I just wanted something that would work :D).&lt;/p&gt;
-&lt;p&gt;I looked how to plug the thing. It appears you can plug it on &lt;a href="http://linux-sunxi.org/File:Pine64_UART0.jpg"&gt;two
-different places&lt;/a&gt; but
-if you plug it on the &lt;em&gt;Euler bus&lt;/em&gt; it could power a bit the board so if
-you try to reboot it, it would then mess with the power disruption and
-could lead a unclean reboot.&lt;/p&gt;
-&lt;p&gt;You just need to plug three cables: GND, TXD and RXD. Of course, the
-TXD goes on the RXD pin from the picture and the RXD goes on the TXD
-pin. Guess why I'm telling you that!&lt;/p&gt;
-&lt;h2 id="thatsit"&gt;&lt;a href="#thatsit"&gt;That's it&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Then you can connect with the usual&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;$ cu -dl /dev/cuaU0 -s &lt;span class="m"&gt;115200&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;You can now install it and the reboot it:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;PSCI&lt;/span&gt; &lt;span class="n"&gt;Affinity&lt;/span&gt; &lt;span class="nl"&gt;Map&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;AffInst&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Level&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;MPID&lt;/span&gt; &lt;span class="mh"&gt;0x0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;State&lt;/span&gt; &lt;span class="n"&gt;ON&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;AffInst&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Level&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;MPID&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;State&lt;/span&gt; &lt;span class="n"&gt;OFF&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;AffInst&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Level&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;MPID&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;State&lt;/span&gt; &lt;span class="n"&gt;OFF&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;AffInst&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Level&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;MPID&lt;/span&gt; &lt;span class="mh"&gt;0x3&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;State&lt;/span&gt; &lt;span class="n"&gt;OFF&lt;/span&gt;
-
-&lt;span class="n"&gt;U&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Boot&lt;/span&gt; &lt;span class="n"&gt;SPL&lt;/span&gt; &lt;span class="mf"&gt;2017.09&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;Sep&lt;/span&gt; &lt;span class="mi"&gt;13&lt;/span&gt; &lt;span class="mi"&gt;2017&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt; &lt;span class="mo"&gt;04&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;48&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;58&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;DRAM&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;2048&lt;/span&gt; &lt;span class="n"&gt;MiB&lt;/span&gt;
-&lt;span class="n"&gt;Trying&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="n"&gt;boot&lt;/span&gt; &lt;span class="n"&gt;from&lt;/span&gt; &lt;span class="n"&gt;MMC1&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Running&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;A64&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;H64&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1689&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="k"&gt;in&lt;/span&gt; &lt;span class="n"&gt;SRAM&lt;/span&gt; &lt;span class="n"&gt;A2&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mh"&gt;@0x44000&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Configuring&lt;/span&gt; &lt;span class="n"&gt;SPC&lt;/span&gt; &lt;span class="n"&gt;Controller&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;v1&lt;/span&gt;&lt;span class="mf"&gt;.0&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;debug&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;20170702&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;Built&lt;/span&gt; &lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mo"&gt;04&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;34&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;32&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;Sep&lt;/span&gt; &lt;span class="mi"&gt;13&lt;/span&gt; &lt;span class="mi"&gt;2017&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Configuring&lt;/span&gt; &lt;span class="n"&gt;AXP&lt;/span&gt; &lt;span class="n"&gt;PMIC&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;PMIC&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;setup&lt;/span&gt; &lt;span class="n"&gt;successful&lt;/span&gt;
-&lt;span class="nl"&gt;NOTICE&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;SCPI&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;dummy&lt;/span&gt; &lt;span class="n"&gt;stub&lt;/span&gt; &lt;span class="n"&gt;handler&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;implementation&lt;/span&gt; &lt;span class="nl"&gt;level&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mo"&gt;000000&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Initializing&lt;/span&gt; &lt;span class="n"&gt;runtime&lt;/span&gt; &lt;span class="n"&gt;services&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Preparing&lt;/span&gt; &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;EL3&lt;/span&gt; &lt;span class="n"&gt;exit&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="n"&gt;normal&lt;/span&gt; &lt;span class="n"&gt;world&lt;/span&gt;
-&lt;span class="nl"&gt;INFO&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;BL3&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Next&lt;/span&gt; &lt;span class="n"&gt;image&lt;/span&gt; &lt;span class="nl"&gt;address&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mh"&gt;0x4a000000&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="nl"&gt;SPSR&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mh"&gt;0x3c9&lt;/span&gt;
-
-
-&lt;span class="n"&gt;U&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;Boot&lt;/span&gt; &lt;span class="mf"&gt;2017.09&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;Sep&lt;/span&gt; &lt;span class="mi"&gt;13&lt;/span&gt; &lt;span class="mi"&gt;2017&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt; &lt;span class="mo"&gt;04&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;48&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;58&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mo"&gt;0600&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;Allwinner&lt;/span&gt; &lt;span class="n"&gt;Technology&lt;/span&gt;
-
-&lt;span class="nl"&gt;CPU&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Allwinner&lt;/span&gt; &lt;span class="n"&gt;A64&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;SUN50I&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;Model&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Pine64&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;
-&lt;span class="nl"&gt;DRAM&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;2&lt;/span&gt; &lt;span class="n"&gt;GiB&lt;/span&gt;
-&lt;span class="nl"&gt;MMC&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;SUNXI&lt;/span&gt; &lt;span class="n"&gt;SD&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="nl"&gt;MMC&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;
-&lt;span class="o"&gt;***&lt;/span&gt; &lt;span class="n"&gt;Warning&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt; &lt;span class="n"&gt;bad&lt;/span&gt; &lt;span class="n"&gt;CRC&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;using&lt;/span&gt; &lt;span class="k"&gt;default&lt;/span&gt; &lt;span class="n"&gt;environment&lt;/span&gt;
-
-&lt;span class="nl"&gt;In&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;serial&lt;/span&gt;
-&lt;span class="nl"&gt;Out&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;serial&lt;/span&gt;
-&lt;span class="nl"&gt;Err&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;serial&lt;/span&gt;
-&lt;span class="nl"&gt;Net&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;phy&lt;/span&gt; &lt;span class="n"&gt;interface7&lt;/span&gt;
-&lt;span class="nl"&gt;eth0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;ethernet&lt;/span&gt;&lt;span class="mo"&gt;@01&lt;/span&gt;&lt;span class="n"&gt;c30000&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;USB&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt;
-&lt;span class="nl"&gt;USB0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;USB&lt;/span&gt; &lt;span class="n"&gt;EHCI&lt;/span&gt; &lt;span class="mf"&gt;1.00&lt;/span&gt;
-&lt;span class="nl"&gt;USB1&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;USB&lt;/span&gt; &lt;span class="n"&gt;OHCI&lt;/span&gt; &lt;span class="mf"&gt;1.0&lt;/span&gt;
-&lt;span class="n"&gt;scanning&lt;/span&gt; &lt;span class="n"&gt;bus&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt; &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;devices&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt; &lt;span class="n"&gt;USB&lt;/span&gt; &lt;span class="n"&gt;Device&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;s&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt;
- &lt;span class="n"&gt;scanning&lt;/span&gt; &lt;span class="n"&gt;usb&lt;/span&gt; &lt;span class="k"&gt;for&lt;/span&gt; &lt;span class="n"&gt;storage&lt;/span&gt; &lt;span class="n"&gt;devices&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt; &lt;span class="n"&gt;Storage&lt;/span&gt; &lt;span class="n"&gt;Device&lt;/span&gt;&lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;s&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt;
-&lt;span class="n"&gt;Hit&lt;/span&gt; &lt;span class="n"&gt;any&lt;/span&gt; &lt;span class="n"&gt;key&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="n"&gt;stop&lt;/span&gt; &lt;span class="nl"&gt;autoboot&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;
-&lt;span class="k"&gt;switch&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="n"&gt;partitions&lt;/span&gt; &lt;span class="err"&gt;#&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;OK&lt;/span&gt;
-&lt;span class="n"&gt;mmc0&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;current&lt;/span&gt; &lt;span class="n"&gt;device&lt;/span&gt;
-&lt;span class="n"&gt;Scanning&lt;/span&gt; &lt;span class="n"&gt;mmc&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mf"&gt;1.&lt;/span&gt;&lt;span class="p"&gt;..&lt;/span&gt;
-&lt;span class="n"&gt;Found&lt;/span&gt; &lt;span class="n"&gt;EFI&lt;/span&gt; &lt;span class="n"&gt;removable&lt;/span&gt; &lt;span class="n"&gt;media&lt;/span&gt; &lt;span class="n"&gt;binary&lt;/span&gt; &lt;span class="n"&gt;efi&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;boot&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;bootaa64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;efi&lt;/span&gt;
-&lt;span class="n"&gt;reading&lt;/span&gt; &lt;span class="n"&gt;efi&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;boot&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;bootaa64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;efi&lt;/span&gt;
-&lt;span class="mi"&gt;78335&lt;/span&gt; &lt;span class="n"&gt;bytes&lt;/span&gt; &lt;span class="n"&gt;read&lt;/span&gt; &lt;span class="k"&gt;in&lt;/span&gt; &lt;span class="mi"&gt;36&lt;/span&gt; &lt;span class="n"&gt;ms&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mf"&gt;2.1&lt;/span&gt; &lt;span class="n"&gt;MiB&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;s&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;libfdt&lt;/span&gt; &lt;span class="n"&gt;fdt_check_header&lt;/span&gt;&lt;span class="p"&gt;()&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;FDT_ERR_BADMAGIC&lt;/span&gt;
-&lt;span class="cp"&gt;## Starting EFI application at 40080000 ...&lt;/span&gt;
-&lt;span class="n"&gt;Scanning&lt;/span&gt; &lt;span class="n"&gt;disks&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;usb&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt;
-&lt;span class="n"&gt;Scanning&lt;/span&gt; &lt;span class="n"&gt;disks&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;mmc&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt;
-&lt;span class="n"&gt;MMC&lt;/span&gt; &lt;span class="n"&gt;Device&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt;
-&lt;span class="n"&gt;MMC&lt;/span&gt; &lt;span class="n"&gt;Device&lt;/span&gt; &lt;span class="mi"&gt;2&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt;
-&lt;span class="n"&gt;MMC&lt;/span&gt; &lt;span class="n"&gt;Device&lt;/span&gt; &lt;span class="mi"&gt;3&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt;
-&lt;span class="n"&gt;Found&lt;/span&gt; &lt;span class="mi"&gt;5&lt;/span&gt; &lt;span class="n"&gt;disks&lt;/span&gt;
-&lt;span class="o"&gt;&amp;gt;&amp;gt;&lt;/span&gt; &lt;span class="n"&gt;OpenBSD&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;arm64&lt;/span&gt; &lt;span class="n"&gt;BOOTAA64&lt;/span&gt; &lt;span class="mf"&gt;0.8&lt;/span&gt;
-&lt;span class="n"&gt;boot&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt;
-&lt;span class="n"&gt;booting&lt;/span&gt; &lt;span class="nl"&gt;sd0a&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="nl"&gt;bsd&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;3861360&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;574928&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;511472&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;807968&lt;/span&gt; &lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="mi"&gt;285863&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;96&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;451944&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;&lt;span class="mi"&gt;239980&lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="o"&gt;=&lt;/span&gt;&lt;span class="mh"&gt;0x831130&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0x40000000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0x40000000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4000&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x7&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0x44000000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0x40000000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4000&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0x48000000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0x48000000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x7&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0x48005000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0x40000000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x70832&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8837000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8837000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb883b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb883b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb883f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb883f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8843000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8843000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8847000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8847000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb884b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb884b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb884f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb884f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8853000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8853000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8857000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8857000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb885b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb885b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb885f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb885f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8863000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8863000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8867000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8867000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb886b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb886b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb886f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb886f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8873000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8873000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8877000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8877000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb887b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb887b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb887f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb887f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8883000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8883000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8887000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8887000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb888b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb888b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb888f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb888f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8893000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8893000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8897000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8897000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb889b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb889b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb889f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb889f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88a3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88a3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88a7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88a7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88ab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88ab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88af000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88af000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88b3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88b3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88b7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88b7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88bb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88bb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88bf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88bf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88c3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88c3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88c7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88c7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88cb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88cb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88cf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88cf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88d3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88d3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88d7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88d7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88db000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88db000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88df000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88df000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88e3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88e3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88e7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88e7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88eb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88eb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88ef000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88ef000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88f3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88f3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88f7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88f7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88fb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88fb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb88ff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb88ff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8903000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8903000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8907000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8907000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb890b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb890b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb890f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb890f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8913000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8913000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8917000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8917000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb891b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb891b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb891f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb891f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8923000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8923000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8927000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8927000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb892b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb892b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb892f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb892f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8933000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8933000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8937000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8937000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb893b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb893b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb893f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb893f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8943000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8943000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8947000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8947000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb894b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb894b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb894f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb894f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8953000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8953000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8957000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8957000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb895b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb895b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb895f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb895f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8963000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8963000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8967000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8967000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb896b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb896b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb896f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb896f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8973000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8973000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8977000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8977000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb897b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb897b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb897f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb897f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8983000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8983000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8987000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8987000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb898b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb898b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb898f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb898f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8993000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8993000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8997000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8997000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb899b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb899b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb899f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb899f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89a3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89a3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89a7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89a7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89ab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89ab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89af000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89af000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89b3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89b3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89b7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89b7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89bb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89bb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89bf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89bf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89c3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89c3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89c7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89c7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89cb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89cb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89cf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89cf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89d3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89d3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89d7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89d7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89db000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89db000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89df000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89df000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89e3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89e3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89e7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89e7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89eb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89eb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89ef000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89ef000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89f3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89f3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89f7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89f7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89fb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89fb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb89ff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb89ff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a03000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a03000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a07000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a07000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a0b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a0b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a0f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a0f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a13000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a13000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a17000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a17000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a1b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a1b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a1f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a1f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a23000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a23000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a27000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a27000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a2b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a2b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a2f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a2f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a33000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a33000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a37000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a37000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a3b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a3b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a3f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a3f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a43000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a43000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a47000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a47000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a4b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a4b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a4f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a4f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a53000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a53000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a57000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a57000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a5b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a5b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a5f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a5f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a63000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a63000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a67000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a67000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a6b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a6b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a6f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a6f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a73000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a73000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a77000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a77000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a7b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a7b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a7f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a7f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a83000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a83000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a87000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a87000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a8b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a8b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a8f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a8f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a93000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a93000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a97000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a97000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a9b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a9b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8a9f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8a9f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aa3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aa3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aa7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aa7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aaf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aaf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ab3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ab3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ab7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ab7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8abb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8abb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8abf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8abf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ac3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ac3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ac7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ac7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8acb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8acb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8acf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8acf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ad3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ad3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ad7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ad7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8adb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8adb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8adf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8adf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ae3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ae3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ae7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ae7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aeb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aeb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aef000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aef000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8af3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8af3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8af7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8af7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8afb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8afb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8aff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8aff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b03000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b03000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b07000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b07000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b0b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b0b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b0f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b0f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b13000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b13000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b17000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b17000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b1b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b1b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b1f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b1f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b23000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b23000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b27000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b27000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b2b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b2b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b2f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b2f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b33000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b33000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b37000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b37000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b3b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b3b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b3f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b3f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b43000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b43000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b47000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b47000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b4b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b4b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b4f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b4f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b53000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b53000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b57000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b57000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b5b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b5b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b5f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b5f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b63000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b63000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b67000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b67000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b6b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b6b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b6f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b6f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b73000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b73000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b77000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b77000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b7b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b7b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b7f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b7f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b83000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b83000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b87000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b87000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b8b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b8b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b8f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b8f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b93000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b93000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b97000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b97000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b9b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b9b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8b9f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8b9f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ba3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ba3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ba7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ba7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8baf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8baf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bb3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bb3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bb7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bb7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bbb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bbb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bbf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bbf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bc3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bc3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bc7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bc7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bcb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bcb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bcf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bcf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bd3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bd3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bd7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bd7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bdb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bdb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bdf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bdf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8be3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8be3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8be7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8be7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8beb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8beb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bef000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bef000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bf3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bf3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bf7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bf7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bfb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bfb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8bff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8bff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c03000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c03000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c07000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c07000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c0b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c0b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c0f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c0f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c13000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c13000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c17000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c17000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c1b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c1b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c1f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c1f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c23000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c23000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c27000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c27000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c2b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c2b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c2f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c2f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c33000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c33000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c37000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c37000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c3b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c3b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c3f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c3f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c43000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c43000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c47000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c47000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c4b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c4b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c4f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c4f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c53000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c53000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c57000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c57000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c5b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c5b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c5f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c5f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c63000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c63000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c67000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c67000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c6b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c6b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c6f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c6f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c73000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c73000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c77000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c77000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c7b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c7b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c7f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c7f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c83000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c83000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c87000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c87000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c8b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c8b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c8f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c8f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c93000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c93000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c97000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c97000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c9b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c9b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8c9f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8c9f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ca3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ca3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ca7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ca7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8caf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8caf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cb3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cb3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cb7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cb7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cbb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cbb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cbf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cbf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cc3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cc3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cc7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cc7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ccb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ccb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ccf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ccf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cd3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cd3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cd7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cd7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cdb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cdb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cdf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cdf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ce3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ce3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ce7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ce7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ceb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ceb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cef000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cef000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cf3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cf3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cf7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cf7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cfb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cfb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8cff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8cff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d03000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d03000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d07000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d07000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d0b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d0b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d0f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d0f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d13000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d13000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d17000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d17000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d1b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d1b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d1f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d1f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d23000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d23000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d27000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d27000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d2b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d2b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d2f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d2f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d33000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d33000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d37000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d37000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d3b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d3b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d3f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d3f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d43000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d43000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d47000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d47000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d4b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d4b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d4f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d4f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d53000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d53000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d57000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d57000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d5b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d5b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d5f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d5f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d63000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d63000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d67000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d67000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d6b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d6b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d6f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d6f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d73000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d73000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d77000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d77000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d7b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d7b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d7f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d7f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d83000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d83000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d87000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d87000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d8b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d8b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d8f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d8f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d93000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d93000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d97000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d97000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d9b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d9b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8d9f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8d9f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8da3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8da3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8da7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8da7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dab000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dab000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8daf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8daf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8db3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8db3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8db7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8db7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dbb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dbb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dbf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dbf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dc3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dc3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dc7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dc7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dcb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dcb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dcf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dcf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dd3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dd3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dd7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dd7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ddb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ddb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8ddf000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8ddf000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8de3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8de3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8de7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8de7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8deb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8deb000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8def000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8def000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8df3000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8df3000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8df7000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8df7000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8df8000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8df8000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dfc000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dfc000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dfe000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dfe000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8dff000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8dff000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e00000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e00000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e01000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e01000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e05000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e05000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e06000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e06000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0a000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0a000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0b000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0b000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e0f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e11000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e11000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e12000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e12000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e13000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e13000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e14000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e14000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e18000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e18000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e19000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e19000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x4&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e1d000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e1d000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e1f000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e1f000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e20000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e20000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8e21000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8e21000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x100&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x6&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8f21000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8f21000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8000000000000008&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8f22000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8f22000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x13&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xb8f35000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8f35000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x5085&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x5&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xbdfba000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xbdfba000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x1&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8000000000000008&lt;/span&gt;
-&lt;span class="n"&gt;type&lt;/span&gt; &lt;span class="mh"&gt;0x2&lt;/span&gt; &lt;span class="n"&gt;pa&lt;/span&gt; &lt;span class="mh"&gt;0xbdfbb000&lt;/span&gt; &lt;span class="n"&gt;va&lt;/span&gt; &lt;span class="mh"&gt;0xb8f35000&lt;/span&gt; &lt;span class="n"&gt;pages&lt;/span&gt; &lt;span class="mh"&gt;0x2045&lt;/span&gt; &lt;span class="n"&gt;attr&lt;/span&gt; &lt;span class="mh"&gt;0x8&lt;/span&gt;
-&lt;span class="p"&gt;[&lt;/span&gt; &lt;span class="n"&gt;using&lt;/span&gt; &lt;span class="mi"&gt;978720&lt;/span&gt; &lt;span class="n"&gt;bytes&lt;/span&gt; &lt;span class="n"&gt;of&lt;/span&gt; &lt;span class="n"&gt;bsd&lt;/span&gt; &lt;span class="n"&gt;ELF&lt;/span&gt; &lt;span class="n"&gt;symbol&lt;/span&gt; &lt;span class="n"&gt;table&lt;/span&gt; &lt;span class="p"&gt;]&lt;/span&gt;
-&lt;span class="n"&gt;Copyright&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;c&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="mi"&gt;1982&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;1986&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;1989&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;1991&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;1993&lt;/span&gt;
- &lt;span class="n"&gt;The&lt;/span&gt; &lt;span class="n"&gt;Regents&lt;/span&gt; &lt;span class="n"&gt;of&lt;/span&gt; &lt;span class="n"&gt;the&lt;/span&gt; &lt;span class="n"&gt;University&lt;/span&gt; &lt;span class="n"&gt;of&lt;/span&gt; &lt;span class="n"&gt;California&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt; &lt;span class="n"&gt;All&lt;/span&gt; &lt;span class="n"&gt;rights&lt;/span&gt; &lt;span class="n"&gt;reserved&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;Copyright&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;c&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="mi"&gt;1995&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="mi"&gt;2017&lt;/span&gt; &lt;span class="n"&gt;OpenBSD&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt; &lt;span class="n"&gt;All&lt;/span&gt; &lt;span class="n"&gt;rights&lt;/span&gt; &lt;span class="n"&gt;reserved&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt; &lt;span class="nl"&gt;https&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="c1"&gt;//www.OpenBSD.org&lt;/span&gt;
-
-&lt;span class="n"&gt;OpenBSD&lt;/span&gt; &lt;span class="mf"&gt;6.2&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;current&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;GENERIC&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="err"&gt;#&lt;/span&gt;&lt;span class="mi"&gt;47&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Wed&lt;/span&gt; &lt;span class="n"&gt;Oct&lt;/span&gt; &lt;span class="mi"&gt;18&lt;/span&gt; &lt;span class="mi"&gt;11&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;56&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;57&lt;/span&gt; &lt;span class="n"&gt;MDT&lt;/span&gt; &lt;span class="mi"&gt;2017&lt;/span&gt;
- &lt;span class="n"&gt;deraadt&lt;/span&gt;&lt;span class="p"&gt;@&lt;/span&gt;&lt;span class="n"&gt;arm64&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;openbsd&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nl"&gt;org&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;usr&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;src&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sys&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;arch&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;arm64&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;compile&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;GENERIC&lt;/span&gt;
-&lt;span class="n"&gt;real&lt;/span&gt; &lt;span class="n"&gt;mem&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="mi"&gt;2021859328&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1928&lt;/span&gt;&lt;span class="n"&gt;MB&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;avail&lt;/span&gt; &lt;span class="n"&gt;mem&lt;/span&gt; &lt;span class="o"&gt;=&lt;/span&gt; &lt;span class="mi"&gt;1935818752&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mi"&gt;1846&lt;/span&gt;&lt;span class="n"&gt;MB&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="n"&gt;mainbus0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;root&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;Pine64&lt;/span&gt;&lt;span class="o"&gt;+&lt;/span&gt;
-&lt;span class="n"&gt;cpu0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;mainbus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;ARM&lt;/span&gt; &lt;span class="n"&gt;Cortex&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;A53&lt;/span&gt; &lt;span class="n"&gt;r0p4&lt;/span&gt;
-&lt;span class="n"&gt;psci0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;mainbus0&lt;/span&gt;
-&lt;span class="n"&gt;agtimer0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;mainbus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;tick&lt;/span&gt; &lt;span class="n"&gt;rate&lt;/span&gt; &lt;span class="mi"&gt;24000&lt;/span&gt; &lt;span class="n"&gt;KHz&lt;/span&gt;
-&lt;span class="n"&gt;simplebus0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;mainbus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="s"&gt;&amp;quot;soc&amp;quot;&lt;/span&gt;
-&lt;span class="n"&gt;sxiccmu0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;simplebus0&lt;/span&gt;
-&lt;span class="n"&gt;sxipio0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;simplebus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;103&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;sximmc0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;simplebus0&lt;/span&gt;
-&lt;span class="n"&gt;sdmmc0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sximmc0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;4&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;bit&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;sd&lt;/span&gt; &lt;span class="n"&gt;high&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;speed&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;mmc&lt;/span&gt; &lt;span class="n"&gt;high&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="n"&gt;speed&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;dma&lt;/span&gt;
-&lt;span class="n"&gt;ehci0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;simplebus0&lt;/span&gt;
-&lt;span class="n"&gt;usb0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;ehci0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;USB&lt;/span&gt; &lt;span class="n"&gt;revision&lt;/span&gt; &lt;span class="mf"&gt;2.0&lt;/span&gt;
-&lt;span class="n"&gt;uhub0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;usb0&lt;/span&gt; &lt;span class="n"&gt;configuration&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt; &lt;span class="n"&gt;interface&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt; &lt;span class="s"&gt;&amp;quot;Generic EHCI root hub&amp;quot;&lt;/span&gt; &lt;span class="n"&gt;rev&lt;/span&gt; &lt;span class="mf"&gt;2.00&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="mf"&gt;1.00&lt;/span&gt; &lt;span class="n"&gt;addr&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt;
-&lt;span class="n"&gt;com0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;simplebus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;ns16550&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;no&lt;/span&gt; &lt;span class="n"&gt;working&lt;/span&gt; &lt;span class="n"&gt;fifo&lt;/span&gt;
-&lt;span class="nl"&gt;com0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;console&lt;/span&gt;
-&lt;span class="n"&gt;ampintc0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;simplebus0&lt;/span&gt; &lt;span class="n"&gt;nirq&lt;/span&gt; &lt;span class="mi"&gt;224&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;ncpu&lt;/span&gt; &lt;span class="mi"&gt;4&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="s"&gt;&amp;quot;interrupt-controller&amp;quot;&lt;/span&gt;
-&lt;span class="n"&gt;sxirtc0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;simplebus0&lt;/span&gt;
-&lt;span class="n"&gt;dwxe0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;simplebus0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;address&lt;/span&gt; &lt;span class="mo"&gt;02&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;ba&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;b0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="nl"&gt;b&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;de&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;88&lt;/span&gt;
-&lt;span class="n"&gt;rgephy0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;dwxe0&lt;/span&gt; &lt;span class="n"&gt;phy&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;RTL8169S&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="mi"&gt;8110&lt;/span&gt;&lt;span class="n"&gt;S&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="mi"&gt;8211&lt;/span&gt; &lt;span class="n"&gt;PHY&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;rev&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt; &lt;span class="mi"&gt;5&lt;/span&gt;
-&lt;span class="n"&gt;rgephy1&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;dwxe0&lt;/span&gt; &lt;span class="n"&gt;phy&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;RTL8169S&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="mi"&gt;8110&lt;/span&gt;&lt;span class="n"&gt;S&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="mi"&gt;8211&lt;/span&gt; &lt;span class="n"&gt;PHY&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;rev&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt; &lt;span class="mi"&gt;5&lt;/span&gt;
-&lt;span class="n"&gt;gpio0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio1&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio2&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio3&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio4&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio5&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio6&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;gpio7&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sxipio0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;32&lt;/span&gt; &lt;span class="n"&gt;pins&lt;/span&gt;
-&lt;span class="n"&gt;scsibus0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;sdmmc0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;2&lt;/span&gt; &lt;span class="n"&gt;targets&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;initiator&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;
-&lt;span class="n"&gt;sd0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;scsibus0&lt;/span&gt; &lt;span class="n"&gt;targ&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt; &lt;span class="n"&gt;lun&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="o"&gt;&amp;lt;&lt;/span&gt;&lt;span class="n"&gt;SD&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;MMC&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="n"&gt;USD00&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mo"&gt;0010&lt;/span&gt;&lt;span class="o"&gt;&amp;gt;&lt;/span&gt; &lt;span class="n"&gt;SCSI2&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;direct&lt;/span&gt; &lt;span class="n"&gt;removable&lt;/span&gt;
-&lt;span class="nl"&gt;sd0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;15080&lt;/span&gt;&lt;span class="n"&gt;MB&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;512&lt;/span&gt; &lt;span class="n"&gt;bytes&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sector&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt; &lt;span class="mi"&gt;30883840&lt;/span&gt; &lt;span class="n"&gt;sectors&lt;/span&gt;
-&lt;span class="n"&gt;vscsi0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;root&lt;/span&gt;
-&lt;span class="n"&gt;scsibus1&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;vscsi0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;256&lt;/span&gt; &lt;span class="n"&gt;targets&lt;/span&gt;
-&lt;span class="n"&gt;softraid0&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="n"&gt;root&lt;/span&gt;
-&lt;span class="n"&gt;scsibus2&lt;/span&gt; &lt;span class="n"&gt;at&lt;/span&gt; &lt;span class="nl"&gt;softraid0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;256&lt;/span&gt; &lt;span class="n"&gt;targets&lt;/span&gt;
-&lt;span class="nl"&gt;bootfile&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;sd0a&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;bsd&lt;/span&gt;
-&lt;span class="n"&gt;boot&lt;/span&gt; &lt;span class="nl"&gt;device&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;sd0&lt;/span&gt;
-&lt;span class="n"&gt;root&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;sd0a&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;a&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="n"&gt;swap&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;sd0b&lt;/span&gt; &lt;span class="n"&gt;dump&lt;/span&gt; &lt;span class="n"&gt;on&lt;/span&gt; &lt;span class="n"&gt;sd0b&lt;/span&gt;
-&lt;span class="n"&gt;Automatic&lt;/span&gt; &lt;span class="n"&gt;boot&lt;/span&gt; &lt;span class="k"&gt;in&lt;/span&gt; &lt;span class="nl"&gt;progress&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;checks&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0a&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;a&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0l&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;l&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0d&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;d&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0f&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;f&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0g&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;g&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0h&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;h&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0k&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;k&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0j&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;j&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;dev&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;sd0e&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;aad98897a9859bd0&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;e&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt; &lt;span class="n"&gt;file&lt;/span&gt; &lt;span class="n"&gt;system&lt;/span&gt; &lt;span class="n"&gt;is&lt;/span&gt; &lt;span class="n"&gt;clean&lt;/span&gt;&lt;span class="p"&gt;;&lt;/span&gt; &lt;span class="n"&gt;not&lt;/span&gt; &lt;span class="n"&gt;checking&lt;/span&gt;
-&lt;span class="n"&gt;setting&lt;/span&gt; &lt;span class="n"&gt;tty&lt;/span&gt; &lt;span class="n"&gt;flags&lt;/span&gt;
-&lt;span class="n"&gt;pf&lt;/span&gt; &lt;span class="n"&gt;enabled&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;network&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPREQUEST&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="mf"&gt;255.255.255.255&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPNACK&lt;/span&gt; &lt;span class="n"&gt;from&lt;/span&gt; &lt;span class="mf"&gt;10.20.20.254&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mo"&gt;00&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="nl"&gt;d&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;b9&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;43&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mf"&gt;9f&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="n"&gt;fc&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPDISCOVER&lt;/span&gt; &lt;span class="o"&gt;-&lt;/span&gt; &lt;span class="n"&gt;interval&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPOFFER&lt;/span&gt; &lt;span class="n"&gt;from&lt;/span&gt; &lt;span class="mf"&gt;10.20.20.254&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mo"&gt;00&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="nl"&gt;d&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;b9&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;43&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mf"&gt;9f&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="n"&gt;fc&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPREQUEST&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="mf"&gt;255.255.255.255&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;DHCPACK&lt;/span&gt; &lt;span class="n"&gt;from&lt;/span&gt; &lt;span class="mf"&gt;10.20.20.254&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="mo"&gt;00&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;0&lt;/span&gt;&lt;span class="nl"&gt;d&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="nl"&gt;b9&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;43&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mf"&gt;9f&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="n"&gt;fc&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-&lt;span class="nl"&gt;dwxe0&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;bound&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="mf"&gt;10.20.20.15&lt;/span&gt; &lt;span class="o"&gt;--&lt;/span&gt; &lt;span class="n"&gt;renewal&lt;/span&gt; &lt;span class="k"&gt;in&lt;/span&gt; &lt;span class="mi"&gt;21600&lt;/span&gt; &lt;span class="n"&gt;seconds&lt;/span&gt;
-&lt;span class="n"&gt;reordering&lt;/span&gt; &lt;span class="nl"&gt;libraries&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;done&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="nl"&gt;openssl&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;generating&lt;/span&gt; &lt;span class="n"&gt;isakmpd&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;iked&lt;/span&gt; &lt;span class="n"&gt;RSA&lt;/span&gt; &lt;span class="n"&gt;keys&lt;/span&gt;&lt;span class="p"&gt;...&lt;/span&gt; &lt;span class="n"&gt;done&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;ssh&lt;/span&gt;&lt;span class="o"&gt;-&lt;/span&gt;&lt;span class="nl"&gt;keygen&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;generating&lt;/span&gt; &lt;span class="n"&gt;new&lt;/span&gt; &lt;span class="n"&gt;host&lt;/span&gt; &lt;span class="nl"&gt;keys&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;RSA&lt;/span&gt; &lt;span class="n"&gt;DSA&lt;/span&gt; &lt;span class="n"&gt;ECDSA&lt;/span&gt; &lt;span class="n"&gt;ED25519&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;early&lt;/span&gt; &lt;span class="nl"&gt;daemons&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;syslogd&lt;/span&gt; &lt;span class="n"&gt;pflogd&lt;/span&gt; &lt;span class="n"&gt;ntpd&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;RPC&lt;/span&gt; &lt;span class="nl"&gt;daemons&lt;/span&gt;&lt;span class="p"&gt;:.&lt;/span&gt;
-&lt;span class="nl"&gt;savecore&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;no&lt;/span&gt; &lt;span class="n"&gt;core&lt;/span&gt; &lt;span class="n"&gt;dump&lt;/span&gt;
-&lt;span class="n"&gt;checking&lt;/span&gt; &lt;span class="nl"&gt;quotas&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;done&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;clearing&lt;/span&gt; &lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;tmp&lt;/span&gt;
-&lt;span class="n"&gt;kern&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="nl"&gt;securelevel&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="mi"&gt;0&lt;/span&gt; &lt;span class="o"&gt;-&amp;gt;&lt;/span&gt; &lt;span class="mi"&gt;1&lt;/span&gt;
-&lt;span class="n"&gt;creating&lt;/span&gt; &lt;span class="n"&gt;runtime&lt;/span&gt; &lt;span class="n"&gt;link&lt;/span&gt; &lt;span class="n"&gt;editor&lt;/span&gt; &lt;span class="n"&gt;directory&lt;/span&gt; &lt;span class="n"&gt;cache&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;preserving&lt;/span&gt; &lt;span class="n"&gt;editor&lt;/span&gt; &lt;span class="n"&gt;files&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;network&lt;/span&gt; &lt;span class="nl"&gt;daemons&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;sshd&lt;/span&gt; &lt;span class="n"&gt;smtpd&lt;/span&gt; &lt;span class="n"&gt;sndiod&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;running&lt;/span&gt; &lt;span class="n"&gt;rc&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;firsttime&lt;/span&gt;
-&lt;span class="n"&gt;Path&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="nl"&gt;firmware&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="nl"&gt;http&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="c1"&gt;//firmware.openbsd.org/firmware/snapshots/&lt;/span&gt;
-&lt;span class="n"&gt;No&lt;/span&gt; &lt;span class="n"&gt;devices&lt;/span&gt; &lt;span class="n"&gt;found&lt;/span&gt; &lt;span class="n"&gt;which&lt;/span&gt; &lt;span class="n"&gt;need&lt;/span&gt; &lt;span class="n"&gt;firmware&lt;/span&gt; &lt;span class="n"&gt;files&lt;/span&gt; &lt;span class="n"&gt;to&lt;/span&gt; &lt;span class="n"&gt;be&lt;/span&gt; &lt;span class="n"&gt;downloaded&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;starting&lt;/span&gt; &lt;span class="n"&gt;local&lt;/span&gt; &lt;span class="nl"&gt;daemons&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt; &lt;span class="n"&gt;cron&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;
-&lt;span class="n"&gt;Wed&lt;/span&gt; &lt;span class="n"&gt;Oct&lt;/span&gt; &lt;span class="mi"&gt;18&lt;/span&gt; &lt;span class="mi"&gt;17&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;52&lt;/span&gt;&lt;span class="o"&gt;:&lt;/span&gt;&lt;span class="mi"&gt;37&lt;/span&gt; &lt;span class="n"&gt;MDT&lt;/span&gt; &lt;span class="mi"&gt;2017&lt;/span&gt;
-
-&lt;span class="n"&gt;OpenBSD&lt;/span&gt;&lt;span class="o"&gt;/&lt;/span&gt;&lt;span class="n"&gt;arm64&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;alpaga&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;chown&lt;/span&gt;&lt;span class="p"&gt;.&lt;/span&gt;&lt;span class="n"&gt;me&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt; &lt;span class="p"&gt;(&lt;/span&gt;&lt;span class="n"&gt;console&lt;/span&gt;&lt;span class="p"&gt;)&lt;/span&gt;
-
-&lt;span class="nl"&gt;login&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;And now, I just have to wait for
-&lt;a href="https://chown.me/iota/pics/IMG_0675.JPG"&gt;Jean Canard&lt;/a&gt; to destroy the
-whole thing.&lt;/p&gt;</summary></entry><entry><title>Hackathon report - t2k17</title><link href="https://chown.me/blog/t2k17" rel="alternate"></link><published>2017-08-21T10:00:00Z</published><updated>2017-08-21T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2017-08-21:/blog/t2k17</id><summary type="html">&lt;p&gt;I also wrote &lt;a href="http://undeadly.org/cgi?action=article&amp;amp;sid=20170821231153"&gt;a shorter and less personal report on undeadly&lt;/a&gt;, feel free
-to read it rather than this one if you don't want to know about other things than
-the hackathon.&lt;/p&gt;
-&lt;p&gt;August was a busy month events-wise. I had the visit of coworkers who
-work in France, because &lt;a href="https://debconf17.debconf.org/"&gt;this year's Debconf&lt;/a&gt; took place here, in Montreal.&lt;/p&gt;
-&lt;p&gt;After a week of fun activities,
-&lt;a href="https://twitter.com/Vigdis_/status/894318053093146624"&gt;I went to debconf&lt;/a&gt;
-with them.
-&lt;a href="https://twitter.com/Vigdis_/status/893877976235991042"&gt;With my badge&lt;/a&gt;,
-people noticed I liked OpenBSD and during the 'Wine and Cheese' event,
-someone came to me to talk about OpenBSD. In fact he was
-&lt;a href="https://qa.debian.org/developer.php?login=sf"&gt;sf@debian.org&lt;/a&gt; who is also
-&lt;a href="https://v4.freshbsd.org/search?committer=sf&amp;amp;project=openbsd"&gt;sf@openbsd.org&lt;/a&gt;. I
-was very surprised to meet another OpenBSD developer at debconf!&lt;/p&gt;
-&lt;p&gt;I finally left debconf on Tuesday evening because I had to take the
-train on Wednesday morning with mpi@ to go to Toronto. In the train I
-was slacking on the Internet when I noticed mpi@ was already hacking
-with his $EDITOR. I felt guilty so I began to update
-graphics/pqiv. Fortunately, jca@ was already in the hackroom so he was
-available to help/review. It was cool to begin with that port because
-it's a very simple port and I had to learn about the new COMPILER
-variable, thus I could easily focus just on that.&lt;/p&gt;
-&lt;p&gt;I also took the opportunity of the train journey to ask mpi@ questions
-about networking stuff which leaded to more things I want to dig in.&lt;/p&gt;
-&lt;p&gt;Once I arrived in the hackroom, I committed a duplicity update I had
-in my tree for a long time. I also looked at a submission on ports@
-which needed some help because of libressl vs openssl and once I
-received some ok I put it in the tree.&lt;/p&gt;
-&lt;p&gt;Over the last few weeks I've been looking at porting some OpenBGPD
-check for nagios-like monitoring system to improve my &lt;a href="https://evolix.ca/"&gt;dayjob&lt;/a&gt;'s
-monitoring system. I realized then that I didn't even check what we
-already had in the ports tree. We had a check that I quickly tested
-and it appeared to be broken. afresh1@, who is the check maintainer
-and upstream hadn't arrived yet, I asked other developers that I know
-they run BGPd in production what they use. I got to know about how
-they did their monitoring which was pretty interesting!&lt;/p&gt;
-&lt;p&gt;To look at something else than the ports tree, I began to look at
-updating xkeyboard-config which is one of the tool used by xenocara. I
-already did the last update but at the time I didn't notice we had
-some local patches so I wanted to do it more carefully this time. I
-had some troubles doing this update so I took care of writing some
-notes about how I did it so next time should be easier.&lt;/p&gt;
-&lt;p&gt;Finally afresh1@ arrived and I told him about the bgpd check problem
-and in fact he had fixed it two years ago but forgot to update the
-port. He quickly committed an update to close the case.&lt;/p&gt;
-&lt;p&gt;One thing I wanted to do during this hackathon was updating
-haproxy. A few months ago when they release the latest branch, I
-didn't succeed to update our port to it because of libressl vs
-openssl. It wasn't such a big deal because old-stable branch was still
-supported. After waiting 9 months, I just grabbed
-&lt;a href="https://github.com/trueos/freebsd-ports/blob/3745ead2e0f43985c3647e1e3aecae2751decfda/net/haproxy/files/patch-src_ssl__sock.c"&gt;the patch Bernard Spil did for TrueOS&lt;/a&gt;
-and it just worked so I was really happy!&lt;/p&gt;
-&lt;p&gt;In addition of that, I updated the other ports I maintained and I
-finally reached a state where all the ports I maintained were up to
-date \o/&lt;/p&gt;
-&lt;p&gt;To sum up, I did everything I wanted during this hackaton, with more
-ease than I thought. I had the opportunity to have really interesting
-discussions with a lot of other developers (during &lt;a href="https://twitter.com/Vigdis_/status/895794041450897408"&gt;our social event&lt;/a&gt; but not only). Thanks a lot to the
-University of Toronto for hosting us (in a
-&lt;a href="https://twitter.com/Vigdis_/status/896356797988167681"&gt;very nice part of the city&lt;/a&gt;
-and krw@ for organizing!&lt;/p&gt;</summary></entry><entry><title>My recent journey with 2FA</title><link href="https://chown.me/blog/my-recent-journey-with-2FA" rel="alternate"></link><published>2017-02-26T10:00:00Z</published><updated>2017-02-26T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2017-02-26:/blog/my-recent-journey-with-2FA</id><summary type="html">&lt;h2 id="2FA"&gt;&lt;a href="#2FA"&gt;2FA&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Of course by 2FA I mean
-&lt;a href="https://en.wikipedia.org/wiki/Multi-factor_authentication"&gt;two-factor authentication&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I've been using that for a long time for ssh with
-&lt;a href="./yubikey-en.html"&gt;my yubikey on OpenBSD&lt;/a&gt; but I've never enabled 2FA
-on the online services I use. The main reason for not doing it before was
-that I thought that my phone had to play a central role (which in fact
-is not much the case). While it's the most critical device I have, my
-phone is the device I trust the least.&lt;/p&gt;
-&lt;p&gt;However, yesterday I saw a comment on lobste.rs asking about
-&lt;a href="https://lobste.rs/s/1cyltz/two_factor_authentication_now_available/comments/a9xvvg#c_a9xvvg"&gt;how to use TOTP on OpenBSD&lt;/a&gt;.
-In addition to that, I guess seeing
-&lt;a href="https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/"&gt;what happened to cloudflare&lt;/a&gt;
-and everything what's happening if you want to cross the US border
-made me more interested in 2FA than before.&lt;/p&gt;
-&lt;p&gt;So I began to look into how it works.&lt;/p&gt;
-&lt;h2 id="how"&gt;&lt;a href="#how"&gt;How it works&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;The concept of 2FA is that you may lose your password (or your ssh
-key) and in that case the person who takes control of it can
-successfully impersonate you. The goal is that a login system will
-require something else to verify that it's really you.&lt;/p&gt;
-&lt;p&gt;One way to achieve this is to use SMS but that sucks: &lt;a href="http://www.baltimoresun.com/features/baltimore-insider-blog/bal-black-lives-matter-activist-deray-mckesson-s-twitter-hacked-friday-morning-20160610-story.html"&gt;circumventing it
-is not even restricted to Nation State Actors&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;Another can be something biometric but then users need to access to a
-scanner which is quite impractical in every day life. Even if iPhones
-have a fingerprint reader, it's not usable by third parties.&lt;/p&gt;
-&lt;p&gt;It must be something that keeps changing otherwise it's both
-subject to replay attack and it's just another password.&lt;/p&gt;
-&lt;p&gt;Here comes the OTP.&lt;/p&gt;
-&lt;h2 id="OTP"&gt;&lt;a href="#OTP"&gt;One Time Password&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;One Time Password was defined in
-&lt;a href="https://tools.ietf.org/html/rfc2289"&gt;RFC2289&lt;/a&gt; (which is quite old:
-February 1998). Then they made HOTP (H is for &lt;em&gt;HMAC-Based&lt;/em&gt;) in
-&lt;a href="https://tools.ietf.org/html/rfc4226"&gt;RFC4226&lt;/a&gt; and finally the TOTP (T
-is for &lt;em&gt;Time-Based&lt;/em&gt;) in &lt;a href="https://tools.ietf.org/html/rfc6238"&gt;RFC&lt;/a&gt;
-which is an extension of the HOTP to support the time-based moving
-factor.&lt;/p&gt;
-&lt;p&gt;To understand in more details you can either read in the RFC4226
-&lt;a href="https://tools.ietf.org/html/rfc4226#page-7"&gt;5.4. Example of HOTP Computation for Digit = 6&lt;/a&gt;
-and then the short RFC6238 or you can just read this &lt;a href="https://pthree.org/2014/04/15/time-based-one-time-passwords-how-it-works/"&gt;random blog
-article on the Internet which explains clearly the same thing&lt;/a&gt;.&lt;/p&gt;
-&lt;h3 id="tldr"&gt;&lt;a href="#tldr"&gt;tl;dr&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;There's a secret shared and then you compute the HMAC-SHA1 of the
-shared secret and epoch.&lt;/p&gt;
-&lt;h3 id="sha1"&gt;&lt;a href="#sha1"&gt;Wait, did you just say sha1?!?1?&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;Even if there's now a sha1 collision, it's not really a problem. To
-quote Schneier: "[collision] pretty much puts a bullet into
-SHA-1 as a hash function for digital signatures (although it doesn't
-affect applications such as HMAC where collisions aren't important)."
-(&lt;a href="https://www.schneier.com/blog/archives/2005/02/sha1_broken.html"&gt;source&lt;/a&gt;)&lt;/p&gt;
-&lt;p&gt;And for a more complete answer, see this
-&lt;a href="http://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure"&gt;answer&lt;/a&gt;.&lt;/p&gt;
-&lt;h2 id="howuse"&gt;&lt;a href="#howuse"&gt;How to use it&lt;/a&gt;&lt;/h2&gt;
-&lt;h3 id="lockedout"&gt;&lt;a href="#lockedout"&gt;Don't be locked out&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;I wanted to use my phone (something distinct that my computer to
-compartment things a bit). Obviously the goal is to secure your
-account without losing it so that means that losing your phone
-shouldn't prevent you to retrieve access to your accounts. Unusable
-security is unusable.&lt;/p&gt;
-&lt;p&gt;If you read about 2FA, you'll see that some services that provide it,
-give you some backup code to not to be locked out. But I don't want to
-locked out from services don't provide backup codes either.&lt;/p&gt;
-&lt;p&gt;So my phone must not be a single point of failure.&lt;/p&gt;
-&lt;p&gt;We saw earlier that {T,H}OTP are based on a shared secret so let's
-backup it.&lt;/p&gt;
-&lt;h3 id="backups"&gt;&lt;a href="#backups"&gt;Backuping shared secrets and backup codes&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;For my regular passwords, I use keepassx which is shared/backuped across my
-different computers. I created another database to store those. Of
-course you shouldn't use the same database to keep your passwords and the
-other secrets in case of you leak one of the two database's password.&lt;/p&gt;
-&lt;h3 id="clients"&gt;&lt;a href="#clients"&gt;Clients&lt;/a&gt;&lt;/h3&gt;
-&lt;h4 id="android"&gt;&lt;a href="#android"&gt;Android phone&lt;/a&gt;&lt;/h4&gt;
-&lt;p&gt;Now that I'm ready to activate 2FA, let's see how to use it. The plan
-is to use my android phone. On the
-&lt;a href="https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm"&gt;Time-based One-time Password Algorithm Wikipedia page&lt;/a&gt;
-there was a list of clients but sadly it was deleted.
-You can still find it
-&lt;a href="https://en.wikipedia.org/w/index.php?title=Time-based_One-time_Password_Algorithm&amp;amp;oldid=724156353#Client_implementations"&gt;in the history&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;I wanted a FOSS application and Google Authenticator is now closed
-source so I went with FreeOTP which is not completely dead compared to
-others (but it's not thriving either), so far it works good.&lt;/p&gt;
-&lt;h4 id="OpenBSD"&gt;&lt;a href="#OpenBSD"&gt;OpenBSD&lt;/a&gt;&lt;/h4&gt;
-&lt;p&gt;In the case I don't have a phone, I still want to be able to
-log in my different accounts. In the lobste.rs' link that I gave at the
-beginning of this article, someone mentioned oath-toolkit which works
-very easily:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;$ oathtool --totp -b deafcafe
-&lt;span class="m"&gt;405723&lt;/span&gt;
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;(with deafcafe being the shared secret).&lt;/p&gt;
-&lt;h2 id="activation"&gt;&lt;a href="#activation"&gt;Activating it&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Now that we're ready to use it, let's do it. So where to activate
-it? Actually, there's &lt;a href="https://twofactorauth.org/"&gt;a cool site&lt;/a&gt; that
-lists services that provide or not (and then you can shame them on
-twitter) 2FA with a link to the service's documentation.&lt;/p&gt;
-&lt;h3 id="feedback"&gt;&lt;a href="#feedback"&gt;My Feedback&lt;/a&gt;&lt;/h3&gt;
-&lt;p&gt;So far I activated 2FA on about half a dozen of website. The first one was
-the &lt;a href="https://www.ripe.net/"&gt;RIPE NCC&lt;/a&gt; (if you don't want people to
-steal your precious IP addresses and/or your atlas credit) and it was
-actually a good one to try it.&lt;/p&gt;
-&lt;p&gt;To activate it usually the website gives you a qrcode which is in fact
-just a URL looking like:&lt;/p&gt;
-&lt;div class="codehilite"&gt;&lt;pre&gt;&lt;span&gt;&lt;/span&gt;otpauth://totp/Example:foo@example.com?secret=DEAFCAFE&amp;amp;issuer=Example
-&lt;/pre&gt;&lt;/div&gt;
-
-
-&lt;p&gt;which is fine for my phone but sadly my eyes can't decode qrcode and I
-need the shared secret to put it my keepassx. Most of the time
-websites gives you by default the qrcode but also gives you the
-possibility to access the shared secret.&lt;/p&gt;
-&lt;p&gt;For now, everything works fine, I use my phone to unlock my different
-accounts and if anything happens to it, I can just unlock my second
-keepassx database and use oathtool (or use a backup code) to get my
-account back.&lt;/p&gt;</summary></entry><entry><title>Hackathon report - p2k16</title><link href="https://chown.me/blog/p2k16" rel="alternate"></link><published>2016-08-11T10:00:00Z</published><updated>2016-08-11T10:00:00Z</updated><author><name>Daniel Jakots</name></author><id>tag:chown.me,2016-08-11:/blog/p2k16</id><summary type="html">&lt;h2 id="account"&gt;&lt;a href="#account"&gt;Getting an account&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Since end of March I have had an OpenBSD account which means that I can do
-some commits on my own, the login I use is &lt;em&gt;danj&lt;/em&gt;. I was then invited
-to &lt;a href="https://www.openbsd.org/images/hackathons/p2k16.gif"&gt;p2k16&lt;/a&gt; which
-took place in Nantes, about 100kms from where I live (Rennes).&lt;/p&gt;
-&lt;h2 id="planning"&gt;&lt;a href="#planning"&gt;Planning&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I read most of hackathons report (if not all) on undeadly, and people
-often says that they had plans. So I thought I was going to do the
-same. Finally I did only a few things that I planned and other things
-I didn't plan at all :)&lt;/p&gt;
-&lt;h2 id="meetingpeople"&gt;&lt;a href="#meetingpeople"&gt;Meeting people&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Since 2013 I've been talking with jca@ (mainly about OpenBSD but not only),
-though I never had the chance to meet him. Finally at p2k16 I could
-finally meet him.&lt;/p&gt;
-&lt;p&gt;I've also been talking on irc with landry@ for quite a long time, I
-was eager to meet him as I really appreciate him because we laugh
-together.&lt;/p&gt;
-&lt;p&gt;I could also see again mpi@, who I didn't saw since my
-&lt;a href="./some-news-from-my-internship.html"&gt;internship&lt;/a&gt;.&lt;/p&gt;
-&lt;p&gt;During the hackathon I could also talk with people that I had never
-talked to, before like espie@ or eric@. It was both funny and
-interesting as I learnt a couple of things while I was chatting with
-them.&lt;/p&gt;
-&lt;h2 id="teaching"&gt;&lt;a href="#teaching"&gt;Even teaching people&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I was still heavily learning at lot of things, whatever I was doing,
-though I was looking forward to share my (little) knowledge. I could
-show some tricks to tsg@ who was porting some python ports and at the
-same time working on
-&lt;a href="http://man.openbsd.org/OpenBSD-current/man1/portgen.1"&gt;portgen&lt;/a&gt; to
-teach it to handle python ports. I was really happy/proud to be able to
-help him.&lt;/p&gt;
-&lt;p&gt;I even could teach eric@ how to use cvs again :D. He didn't touch cvs
-for a while and in the mean time, new tools were created to help us like
-&lt;a href="http://man.openbsd.org/OpenBSD-current/man1/portimport.1"&gt;portimport&lt;/a&gt;
-and he didn't know its existence so I showed him thus he could use it
-rather than importing his port (that I reviewed as it was a python
-port :3) manually.&lt;/p&gt;
-&lt;h2 id="work"&gt;&lt;a href="#work"&gt;The work&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;I begun the week with committing an update to legit and its chains of
-*_DEPS, it was quite a pain so I was happy to be over. After that, I
-updated a bunch of little ports. I reviewed a few ports for
-shadchin@. Python ports are usually easy (IMO) but the problem is
-that there are always tons of *_DEPS which quickly sums up.&lt;/p&gt;
-&lt;p&gt;I left a bit the python ports to update osm2pgsql. They switched their
-build system from autotools to cmake. Some people don't like
-autotools, other don't like cmake and many hate both but in my case I
-don't know them well so it doesn't make a lot of difference. At first
-I didn't succeed to make the test pass (but of course osm2pgsql was
-tested to be working), but after being home I worked on it again, and
-I was glad of my work.&lt;/p&gt;
-&lt;p&gt;One of my plan was to port py-tox as it's used by nearly all python
-software for the tests. jca@ told me to look into
-&lt;a href="https://github.com/jasperla/openbsd-wip"&gt;openbsd-wip&lt;/a&gt; and indeed it
-was already done by shadchin@, I bring it to ports@ and ok'ed it so he
-imported it.&lt;/p&gt;
-&lt;p&gt;Finally, I begin to work on poezio, a python3 xmpp client. I needed
-some directions as some of its *_DEPS were python3-only and currently
-the port infrastructure for python ports is mainly axed towards
-python2, and sthen@ kindly helped me.&lt;/p&gt;
-&lt;h2 id="end"&gt;&lt;a href="#end"&gt;The end&lt;/a&gt;&lt;/h2&gt;
-&lt;p&gt;Of course, I was sad when it ended, seeing people leaving
-gradually. I was really happy of the whole week, meeting people I was
-quite fond of. The meals were goods, with lots of
-&lt;a href="https://fr.wikipedia.org/wiki/Galette_de_sarrasin"&gt;galettes&lt;/a&gt; and
-&lt;a href="https://en.wikipedia.org/wiki/Cr%C3%AApe"&gt;crepes&lt;/a&gt; (even though we
-were not in Brittany). Thanks to all who made it possible! Would
-definitely do again.&lt;/p&gt;</summary></entry></feed>
\ No newline at end of file
blob - 63c668bad6b0e9d32194b4803dfac6635af773f8 (mode 644)
blob + /dev/null
--- output/blog/infrastructure-2019
+++ /dev/null
@@ -1,218 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
- <link rel="stylesheet" href="https://chown.me/style.css" type="text/css"/>
- <link rel="stylesheet" href="https://chown.me/pygmentize.css" type="text/css"/>
- <link rel="alternate" type="application/atom+xml" title="Feed" href="https://chown.me/blog/feeds/atom.xml" />
- <link rel="icon" type="image/png" href="https://chown.me/favicon.png">
- <title>My infrastructure as of 2019</title>
-</head>
-
-<body>
- <div class="sidebar">
- <a href="https://chown.me" style="background-color:inherit;"><h1>Hi, I'm Daniel Jakots!</h1></a>
- <a href="https://chown.me">Home</a>
- <a href="https://chown.me/about">About</a>
- <a href="https://chown.me/contact">Contact</a>
- <a href="https://chown.me/blog/feeds/atom.xml">Feed</a>
- <a href="https://oldblog.chown.me">Old blog</a>
- <a href="https://px.chown.me">Pictures</a>
- </div>
- <div class="notsidebar">
-<a href="./infrastructure-2019"><h1>My infrastructure as of 2019</h1></a>
-<p><b>Posted on 2020-03-06</b></p>
-<p>I've wanted to write about my infrastructure for a while, but I kept thinking,
-"I'll wait until after I've done $next_thing_on_my_todo." Of course this cycle
-never ends, so I decided to write about its state at the end of 2019. Maybe
-I'll write an update on it in a couple of moons; who knows?</p>
-<h2 id="goal"><a href="#goal">Goal for this infrastructure</a></h2>
-<p>The goal for my infrastructure is to run the services I need. While a lot of
-people in the homelab community experiment and play with software for its own
-sake, I actively use the stuff I host. When I stop, I kill the service (though
-I'm not as proficient at this as <a href="https://killedbygoogle.com/">Google</a>). These
-are my production systems, and when one of them is down, I do miss it.</p>
-<p>I kind of enjoy working on this infrastructure, but not that much (I used to
-enjoy it more), so I'm careful with the software I choose. I want to spend time
-on it when <em>I want to</em>, not because <em>I have to</em> (e.g. because something broke).
-Consequently, I do my best to pick reliable, boring and easy software. Those
-are my kinks.</p>
-<p>Why do I host this myself? Mostly trust issues, and the fact that I care about
-sovereignty.</p>
-<p>I tend to lock down services as much as I can, either cutting them off
-completely from the Internet (e.g. for <em>imap</em>) or running them on a
-non-standard port and <a href="./2FA-with-ssh-on-OpenBSD.html">enabling 2FA</a>. I don't
-use a VPN (mostly because I haven't come up with a nice, clean option yet), so
-I restrict access to my services in different ways.</p>
-<p>For most things, I'm the only user, which is both sad (as it's a waste of
-resources) and great (as I can be more nimble). A notable exception is my
-mastodon instance which is also used by <a href="https://awoo.chown.me/@jeancanard">my
-cat</a>.</p>
-<h2 id="machines"><a href="#machines">Machines</a></h2>
-<p>My machines are hosted in 3 different places. First is at
-<a href="https://www.exoscale.com/">Exoscale</a>, second is
-<a href="https://www.vultr.com/">Vultr</a> and the third is... my flat.</p>
-<p>All of them run either OpenBSD on its -current branch, or the latest version of
-Ubuntu. At this time, that's Ubuntu 19.10. After a couple of years working on
-OpenBSD ports (i.e. packaging), I believe fresh software is better,
-security-wise.</p>
-<p>They're managed with Ansible. I began my Ansible repository 4 years ago and it
-has about 1500 commits in it. I wrote the Ansible to fit my needs rather than
-making generic (and therefore reusable) roles, so it's not public.</p>
-<p>I update the OpenBSD machines regularly to a newer OpenBSD snapshot (so of
-course the process has been
-<a href="./upgrading-openbsd-with-ansible.html">automated</a>). For Ubuntu, I prefer to
-reinstall them, since they're managed by Ansible and they don't have any data
-on them. Reinstalling machines regularly helps spot missing pieces in Ansible.
-:P</p>
-<p>All the three sites are as
-<a href="https://en.wikipedia.org/wiki/Loose_coupling">standalone</a> as possible. This is
-both so that in the case that one gets pwned it won't help the attacker to
-<a href="https://en.wikipedia.org/wiki/Network_Lateral_Movement">move laterally</a>, and
-so that if one is unavailable it shouldn't impact anything else.</p>
-<h3 id="ns3"><a href="#ns3">ns3.chown.me (OpenBSD)</a></h3>
-<p>It's my secondary name server and as you can guess, it replaced ns2. It's the
-only machine that I don't back up, since I can replace it with my Ansible
-without losing data.</p>
-<p>It's hosted by <em>Vultr</em>. I mostly picked them because they offer OpenBSD
-hosting. This virtual machine is in Toronto and has 1 CPU and 512M of ram.
-(Disk space is not relevant here).</p>
-<p>I wanted a different hosting provider/AS than my main name server for obvious
-reasons of resiliency. Every now and then I think about using another name
-server (whether instead of this machine or in addition to it, I don't know)
-provided by my registrar (Gandi), but it has a low priority on my todo list.</p>
-<p>The name server I use is <em>NSD</em>. I could use another one (like <em>knot</em>) as my
-main name server also uses <em>NSD</em>, but the issues related to running the same
-software on both aren't that serious in my case.</p>
-<p>Since this machine doesn't do much otherwise, it's running
-<a href="https://github.com/danieljakots/mownitoring">mownitoring</a> to check that
-everything works.</p>
-<h3 id="virtie"><a href="#virtie">virtie.chown.me (OpenBSD)</a></h3>
-<p>This virtual machine is the main one in my infrastructure. A moment ago your
-browser connected to it to get this page. :)</p>
-<p>It's hosted by Exoscale (with whom my experiences have been nothing less than
-perfect). It's my oldest VM (4 or 5 years old). It has 1 CPU, 1G of ram and 50G
-of disk space.</p>
-<p>To host my blog I use OpenBSD's httpd which is fronted by <em>HAProxy</em>. While I
-could remove <em>HAProxy</em>, I like this software and I trust it <a href="https://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/022_httpd.patch.sig">more
-than</a>
-<a href="https://github.com/openbsd/src/commit/49b1a9b154081c713af219b2422adaf51ca2584d">httpd</a>.</p>
-<p>In addition to hosting my blog, it hosts my email. I switched to <em>postfix</em> in
-the beginning of 2019 after a couple of years running <em>OpenSMTPD</em>. Since I
-switched to <em>postfix</em> I also dropped <em>spamd</em> (the OpenBSD greylisting daemon).
-I enabled <a href="https://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS">FCrDNS</a>
-on <em>postfix</em> when I switched (at the time it was not available on <em>OpenSMTPD</em>)
-and I didn't notice more spam. I use <em>Dovecot</em> for imap with only my IP
-allowed. I can easily allow another IP address with <code>pfctl -t imap_allowed -Ta
-203.0.113.47</code>.</p>
-<p>I've never really had deliverability problems (except with Microsoft, but who
-can say they haven't?) I assume my IP has a good reputation, which is why this
-VM is the oldest, as I've been reluctant to lose it.</p>
-<p>This machine also hosts a <em>gitolite</em> for a couple of different internal git
-repositories.</p>
-<h3 id="pancake"><a href="#pancake">pancake.chown.me (OpenBSD)</a></h3>
-<p>This machine is an <a href="https://pcengines.ch/apu2.htm">APU2</a>. It acts as a router
-for my flat. Since it's way more powerful than necessary for this task, I put
-some other stuff on it. It's a trade-off between increasing the attack surface
-of a critical machine and leaving a lot of CPU/RAM/SSD unused.</p>
-<p>I collect <a href="https://en.wikipedia.org/wiki/NetFlow">flows</a> on it, which in my
-opinion are super cool!</p>
-<p>It also hosts influxdb + grafana and some machines send their metrics with
-collectd (<a href="https://collectd.org/wiki/index.php/Networking_introduction#Cryptographic_setup">which allow signing/encrypting the network
-traffic</a>).
-This doesn't work well for a couple of reasons, so it's waiting to be replaced.</p>
-<h3 id="kvm"><a href="#kvm">kvm1, and sometimes kvm2 (Ubuntu)</a></h3>
-<p>These machines are hosted at home. kvm1 is the main machine, and kvm2 is the
-machine I use to play Windows games on another SSD. I boot on the Ubuntu SSD
-whenever I want to do something on kvm1 and then I live-migrate guests on it so
-I don't experience any downtime. I use full disk encryption on the guests, so
-live-migrating (instead of rebooting them) allows me to avoid having to
-manually unlock each guest. I encrypt the guests and not the kvm because in the
-event of a power outage, machines may come back on, in which case I don't want
-them to wait for the passphrase if I'm away. Some hacks could be done to
-encrypt them as well, but I'm not willing to do them since they're overkill for
-my threat model.</p>
-<p>Both machines have an i5-4590. kvm2 has 4x4G of ram with a 256G SSD (which is
-enough for the kvm system and all the guests). kvm1 also has a 256G SSD but
-while its ram layout would make anyone sensible cringe, it amounts to 20G of
-ram! I don't use RAID. kvm0 (the machine they replaced) used to and I wasn't
-sure it would work (and I couldn't test it safely since it was my only
-machine).</p>
-<p>To manage this part of the infrastructure I wrote a <a href="https://github.com/danieljakots/uv">python
-script</a>. This script is kind of a wrapper
-around libvirt, which itself is kind of a wrapper around qemu, which itself
-<a href="https://en.wikipedia.org/wiki/Turtles_all_the_way_down">wrangles turtles</a>.
-Contrary to what other people run, I think, a guest disk isn't a qcow2/raw
-file. I don't want to pile filesystems on one another, so I manage guests'
-disks on the hypervisor with LVM directly. I tend to have multiple disks to
-bring more flexibility to the disk layout/partitioning than OpenBSD would,
-thanks to LVM.</p>
-<p>It hosts all the following virtual machines:</p>
-<h3 id="manicouagan1"><a href="#manicouagan1">manicouagan1 (OpenBSD)</a></h3>
-<p>This machine's name dates from back when I used names from Québec to name my
-machines. The name comes from the <a href="https://en.wikipedia.org/wiki/Manicouagan_Reservoir">Manicouagan
-Reservoir</a>, as this
-machine is where I put my backups.</p>
-<p>My backups are in three different places:
-- locally, i.e. each machine stores its backup on itself
-- <em>manicouagan</em> copies all the backups onto itself
-- <em>manicouagan</em> ships the backups to an s3-like provider</p>
-<p>I use <em>BorgBackup</em> for the backup, <em>rsync</em> to copy them onto <em>manicouagan</em> and
-<em>s3cmd</em> to ship them away. I tried to use <em>rclone</em> but it used more ram. Once,
-I was away from my place for a long time, and my whole infra there became
-unreachable, so I decided to temporarily host stuff on the cloud in the
-meantime. I had to restore those backups and it went so nicely that I'm not
-looking to change anything. Borg is awesome!</p>
-<p>This machine is also a syslog server to which all my OpenBSD machines ship
-their logs. Thanks to OpenBSD syslogd (bluhm@ &lt;3), it uses TCP+TLS with a
-private PKI. This is mostly in case one machine gets hacked, to help with
-<a href="https://en.wikipedia.org/wiki/Forensic_science">forensics</a>.</p>
-<p>I wrote a short script that shows me the largest data transfers on my router. I
-use this to check that the backups are alive (I receive emails if the
-<em>BorgBackup</em> script fails, but isn't that less fun? :))</p>
-<h3 id="db1"><a href="#db1">db1 (OpenBSD)</a></h3>
-<p>This machine hosts postgresql and redis. Two boring pieces of software which I
-love. Redis requires so little care that when I moved from db0, I forgot I had
-it!</p>
-<h3 id="web1"><a href="#web1">web1 (OpenBSD)</a></h3>
-<p>This machine runs nginx for my whole web presence excluding my blog. It hosts
-<em>nextcloud</em>, <em>tt-rss</em>, <em>shaarli</em> and pics.chown.me (whose content I should
-update).</p>
-<p>Have you ever thought, "naah I'm too much paranoid"? Yeah, me neither. A few
-months ago, I restricted all the non-static websites (with the exception of
-Mastodon) behind an <em>htpasswd</em>. There was some value in having them publicly
-accessible, but at the time I thought it was not worth the risk. The php-fpm
-pools should be secure (they have their own users, they're chrooted and so on)
-but I'm not entirely sure I'm doing this stuff properly and it is such a pain
-to get it working that I'm not willing to look into it more than that.</p>
-<p>Nginx also acts as a reverse proxy for the docker con