Looking for a laptop in the Toronto area

[Brad Smith]

Hi,

I added an entry to want.html as I am looking for a laptop to replace 
the laptop I have at the moment which has some really bad heat related 
issues and I have been hobbling along with it for awhile now. I am in 
the Toronto area. I thought I would post to misc@ for some greater 
exposure. Is there anyone that would be able to help me out?


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

5.4 CDs in New Zealand

[Richard Toohey]

Hi, all.

CD sets arrived today in Tauranga, New Zealand.

Thanks to Theo and all the developers and other people behind OpenBSD - 
your work is much appreciated.

OpenBSD maintenance compared to FreeBSD

[David Noel]

I started playing around with FreeBSD back in the 2.2.7 days. I'd
describe myself as a casual desktop/workstation user. Back in the day
I was attracted to OpenBSD's heavy focus on security but was pulled
towards FreeBSD due to a good friend of mine being a FreeBSD
contributor ("dude, trust me, it's the way to go"). Recently I've
purchased a handful of servers for a software project I've been
working on and have started reconsidering my choice of OS's.
Administering a single FreeBSD workstation isn't too much of a
headache; I've kind of gotten used to having to rebuild kernel and
world every few months as security advisories are released. But now
that I'm administering 6 of them I'm really starting to get annoyed by
the whole process: rebuild kernel... rebuild world... reboot, and then
pray that it doesn't blow up in my face (as it often does). That got
me thinking about OpenBSD. Looking at the security advisories the last
one I see was from nearly a year and a half ago! That's pretty
incredible to me. Does this mean that I could theoretically have
gotten away with a year and a half uptime? What's the catch here? I'm
sorry but I'm incredulous by how good it sounds so I have to ask. For
me the biggest selling points of an operating system are security and
maintenance. I've been wowed by ZFS, but really how often do
filesystems need to be fsck'd? --and I never take snapshots. I feel
like I could do without it. UFS+J is good enough. Given my priorities,
does it sound like OpenBSD could be the one for me?

Coursera

[Maurice McCarthy]

Yes, I'd forgotten about demime. For anyone who is interested the screen dump 
is now
posted at https://ubuntuone.com/3PBTfO0UENZO8yS8xvVqcF

Apologies to Monty, I'd intend to reply to the list and not personally. So this 
is a
resend to the right address.

As it happens next week's lecture is on morality. That should be another fine 
place
to raise the issue. As you say though I ought to raise it with Coursera 
themselves.

Thanks
Moss


> On Wed, 30 Oct 2013, Maurice McCarthy wrote:
>
>> OK here is the screen dump.
>
> Demime took those out.  But this really isn't the place
> to discuss this.  You might try Coursera's forums instead.
> They shouldn't mind a rational discussion of risks...
>
> m
>
> --
> Monty Brandenberg

[Fwd: Coursera]

[Maurice McCarthy]

OK here is the screen dump.
Moss

- Original Message 
-
Subject: Coursera
From:"McCarthy, Maurice" 
Date:Wed, October 30, 2013 12:47 am
To:  "'m...@mythic-beasts.com'" 






---
Janice Control Room Operator

FPU Janice A
Maersk Oil North Sea UK Limited
Maersk House
Crawpeel Road
Altens
Aberdeen
AB12 3LG
Tel: +44 (0)1224 242000
Direct: +44 (0)1224 856732
Email: janprodcont...@maerskoil.com



Maersk Oil North Sea UK Limited, registered in England and Wales No. 03682299.
Registered office Maersk House, Braham Street, London E1 8EP. This e-mail and 
any
files transmitted with it are confidential and intended solely for the use of 
the
individual or entity to which they are addressed. If you have received this 
e-mail
in error please notify the system manager at hotl...@maerskoil.com.

[demime 1.01d removed an attachment of type image/gif which had a name of 
image001.gif]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
Signature Track.jpg]

Coursera

[moss]

Hi,

I lurk here as I'm learning OpenBSD but I write now because I'm a little
alarmed with a feature called Signature Track on Coursera.

I'm doing a free online course on the Introduction to Philosophy run from
the University of Edinburgh. https://www.coursera.org/course/introphil The
course is so good I wanted to give a little something in return. The only
way of doing this offered was pay $50.00 for a course certificate.

However to get this they want to verify who you are. OK seems reasonable.
But on going to the Signature Track to do this
https://www.coursera.org/signature/course/introphil/970720?utm_source=spark&utm_medium=bannerbox
the verification consists of recording your typing pattern, taking a photo
from your webcam and a photo of your drivers ID (the latter is supposed to
be deleted when once it is used for  verification.)

>From the FAQ
Q. How does typing pattern recognition work?
A.We will ask you to type a short phrase. Then we use the characteristics
of your unique typing pattern, such as the time (in milliseconds) between
your keystrokes and the duration you press a key down, to confirm your
identity. Small typos and minor day-to-day changes in your typing pattern
are okay.

I tried to attach a small screen dump but failed.

Now I cannot know how any of this might be used in the future can I? So
I'm giving them nothing at this point. Do you think I'm right?

Thanks
Moss

Re: Yubikey login: bad file descriptor.

[Stuart Henderson]

On 2013-10-28, Pieter Verberne  wrote:
> What I actually wanted to do: I want to use two-factor authentication
> over ssh using passwd+yubikey. Is this possible? It looks like yubikey
> will 'replace' passwd authentication, and cannot supplement it.

You're right, login_yubikey does replace passwd auth. bsdauth doesn't
let you request multiple passwords. Only way I came up with to achieve
this was to have a single bsdauth method which requests an otp *and*
password, and checks both of them (used for login_totp-and-pwd in the
login_oath package)..

> Off topic:
> How safe is certificate authentication? I'll use an encrypted private
> key on my client computers. If someone gets his hands on the encrypted
> key, they can do an offline password attack, which seems less safe than
> an online attack.

Certainly less noisy..

SSH will let you require 2-factor auth with both a "password-like login
method" which could be a password or a yubikey, and the ssh key. See
sshd_config(5):

 AuthenticationMethods
 Specifies the authentication methods that must be successfully
 completed for a user to be granted access.  This option must be
 followed by one or more comma-separated lists of authentication
 method names.  Successful authentication requires completion of
 every method in at least one of these lists.

Re: General question about openbgpd and PF

[Sebastian Benoit]

OCEANET - C?dric BASSAGET(ced...@oceanet.com) on 2013.10.29 18:27:09 +0100:
> Hi,
> Simple and general question :
> Is it a good thing to run PF on an openbgpd server (for security 
> reasons), or should I de-activate PF ?

Yes, in general you should:

At least to make sure only traffic from your own address space leaves your
network, and only traffic to your own address space enters your network,
read http://tools.ietf.org/html/bcp38

If you run BGP, chances are that you will have more than one router. In that
case you have to consider that a router does not see both directions of the
traffic. In that case use either "no state" or sloppy rules.

/Benno

Re: General question about openbgpd and PF

[Stuart Henderson]

On 2013-10-29, OCEANET - Cédric BASSAGET  wrote:
> Hi,
> Simple and general question :
> Is it a good thing to run PF on an openbgpd server (for security 
> reasons), or should I de-activate PF ?

I use it, partly to mitigate ssh brute-force, partly so I can easily enable
pflow if I want to get stats, and partly so I can block crap at the borders
without having to send it over wan links.

Re: bgpd(8) EGP vs IGP question

[Stuart Henderson]

On 2013-10-29, Sebastian Benoit  wrote:
> It is a information added by the originating router of that route:

or in some cases, by a transit provider trying to steer traffic towards them ;)

Re: bgpd(8) EGP vs IGP question

[Sebastian Benoit]

Adam Thompson(athom...@athompso.net) on 2013.10.29 15:20:04 -0500:
> I've got two border gateways that peer (eBGP) with the same external AS; 
> they also peer with each other (iBGP) as per normal BGP design.
> 
> Naturally, the BGP RIB contains two copies of every route; one learned 
> from the external peer and one learned from the internal peer.
> 
> However, when I run "bgpctl show", both routes are marked with origin 
> "i" (i.e. IGP).
> 
> Do I have to use "set origin egp" in the external neighbour's stanza in 
> /etc/bgpd.conf?  Doing so works, and produces the expected output, but 
> should it be necessary?

The origin attribute doesn't mean what you think it does!

It is a information added by the originating router of that route:

"i" stands for "IGP" (not "iBGP") and means the route was redistributed from
an IGP (e.g. OSPF) into BGP.

"e" means EGP, meaning the route was learned by an EGP.

and "?" or incomplete is used for everything else (for example static routes
being redistributed).

The origin is used in step 5 of the decision process in bgpd (see bgpd(8)),
and the "set origin" option can be used to change the origin of routes to
manipulate the process of selecting routes.

But you should never just use "set origin" on all your bgp sessions to other
ASes just because they are "eBGP" sessions.

/Benno

Re: General question about openbgpd and PF

[Loïc BLOT]

Hi,
I use PF on some OpenBSD BGP+OSPF routers on Renater (IPv4 + IPv6), it
works like a charm.
Why this question ?

pf rule are simple:

pass in quick proto tcp from $bgp_neighbor_1 to $self_peering_1 port 179
pass out quick proto tcp from $self_peering_1 to $bgp_neighbor_1 port
179


--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr



Le mardi 29 octobre 2013 à 18:27 +0100, OCEANET - Cédric BASSAGET a
écrit :
> Hi,
> Simple and general question :
> Is it a good thing to run PF on an openbgpd server (for security
> reasons), or should I de-activate PF ?
>
> Regards,
> Cédric

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Request to OpenBSD Dev's - Beer on offer

[Kenneth R Westerback]

On Tue, Oct 29, 2013 at 03:01:22PM +, Andy wrote:
> On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:
> >On 13-10-28 11:54 AM, Andy wrote:
> >>Would any of the esteemed OpenBSD developers be interested in adding
> >>support for BFD (Bidirectional Forward Detection) to OpenBSD.
> >>[...]
> >>'+1's welcome from others who would be interested to show signs of
> >>support/interest..
> >
> >I can only agree, BFD support would be a very nice thing to have,
> >considering that in other ways OpenBSD is already a very capable
> >router.  I'm not in a position right now to pay someone properly to
> >implement it, but I can sustain the cost of another case or three of
> >beer.
> >
> 
> Amazing!
> 
> So we just need to find an alcoholic developer and we're on our way
> ;) Could maybe send some caffeine and pro plus in the mean time ..
> 

Finding an alcoholic developer is not a challenge. :-)

 Ken

bgpd(8) EGP vs IGP question

[Adam Thompson]

I've got two border gateways that peer (eBGP) with the same external AS; 
they also peer with each other (iBGP) as per normal BGP design.


Naturally, the BGP RIB contains two copies of every route; one learned 
from the external peer and one learned from the internal peer.


However, when I run "bgpctl show", both routes are marked with origin 
"i" (i.e. IGP).


Do I have to use "set origin egp" in the external neighbour's stanza in 
/etc/bgpd.conf?  Doing so works, and produces the expected output, but 
should it be necessary?


--
-Adam Thompson
 athom...@athompso.net

downing vlan(4) doesn't remove routes

[Adam Thompson]

(Posted last week to tech@, no bites there.  Re-summarizing here.)

I've noticed that downing a vlan(4) interface does not remove the 
associated link-local route from the default routing table.
This seems to directly contradict the ifconfig(8) manpage, which says 
"This action automatically disables routes using the interface."


I can achieve the desired behaviour by deleting the vlan(4) interface, 
but I really don't want to do that.
I can also achieve the deisred behaviour by setting the IP address to 
0.0.0.0, but that also is undesirable.


Am I missing something, or is this broken?

--
-Adam Thompson
 athom...@athompso.net

Re: Request to OpenBSD Dev's - Beer on offer

[Claudio Jeker]

On Tue, Oct 29, 2013 at 11:16:20AM +, Andy wrote:
> Yea its 24.. Would even be happy to offer some champers..
> 
> I think this is more of a Maudite crowd.. Connoisseurs on here...
> 
> As I understand it you would need to write a small daemon to do the BFD 
> state monitoring for the transmission and reception of the heartbeats 
> with various peers. The protocol is fairly simple so for an experienced 
> dev this should be easy.
> 
> Then in OpenBGPD you would need to have a way of gracefully and 
> forcefully immediately shutting down the BGP neighbor that matches the 
> BFD peer. This could be achieved by simply having the BFD daemon call 
> 'bgpctl neighbor $bfdpeer down'
> 
> It is not so important for OSPF as that already has fast convergence 
> time with fast hello's etc.. But for BGP this would make a world of 
> difference to remove the BGP routes immediately (in less than a second) 
> as soon as the BGP neighbor goes down/becomes unreachable (even if not a 
> direct link (multi-hop etc)).
> 

BFD should be in kernel and it should change the linkstate like the GRE
keepalive protocol does. Everything else is pretty much madness and
somewhat impossible to do.

PS: I think a I have a tree somewhere hiding with some bits added but I
never cared enough to move one. So no beer for me (even though I'm just
getting free belgium beer). 
-- 
:wq Claudio

> On 28/10/13 21:10, Dan Farrell wrote:
> > I'm not sure how much a crate is, but if it's a case (24 bottles), 
> > then I'll throw in a case as well for this work.
> > Blanche de Chambly, anyone? Or is this more a Maudite crowd?
> >
> >
> > Sincerely,
> >
> > Dan Farrell
> >
> >
> > On Mon, Oct 28, 2013 at 12:54 PM, Andy  > > wrote:
> >
> > Hi all,
> >
> > Would any of the esteemed OpenBSD developers be interested in
> > adding support for BFD (Bidirectional Forward Detection) to OpenBSD.
> >
> > The protocol itself seems pretty simple and provides a sub-second
> > keep-alive mechanism to monitor links for routes. E.g. Upon BFD
> > failure BGP or OSPF can be torn down etc thus allowing for
> > sub-second re-convergence of i/eBGP!
> >
> > I can only offer a crate of beer to anyone who has the skills and
> > is willing :)
> >
> > '+1's welcome from others who would be interested to show signs of
> > support/interest..
> >
> > Cheers, Andy.

Re: /dev/urandom in chroot

[Gabriel Guzman]

On 10/29, Theo de Raadt wrote:
> >I have a web program that attempts to access /dev/urandom from within the
> >/var/www chroot.  Based on archive searches and googling, I've removed 
> >the nodev flag from that mount and have created the random devices in 
> >/var/www/dev/* 
> 
> So basically remove a layer of security.  Awesome.  See what they made
> you do?

Yeah, I didn't feel like that was a great idea.  I was fairly sure the
nodev flag was put there on purpose.  

> 
> The /dev/*random nodes are not specified in any standard, furthermore
> once you get into chroot all bets are off (like you discovered).
> 
> >This allows the program to work, but I'm wondering if there is a better
> >way to do this that doesn't involve removing the nodev setting from
> >/var.  
> 
> Rewrite it so that it uses other ways to get randomness.  The arc4random
> API is exposed in various programming layers.
> 
> >Would it be preferable to use a language function for getting pseudo 
> >random bytes instead of relying on the device?
> 
> Yes.  Definately.

Great, thanks for confirmation on that, I'll fix the program so I don't
need to make devices inside my cozy chroot and push the changes upstream.  

gabe.

General question about openbgpd and PF

[OCEANET - Cédric BASSAGET]

Hi,
Simple and general question :
Is it a good thing to run PF on an openbgpd server (for security 
reasons), or should I de-activate PF ?


Regards,
Cédric


--
OCEANET
---
[AGENCE DU MANS]
7, rue des Frênes
ZAC de la Pointe
72190 SARGE LES LE MANS
[t] +33 (0)2.43.50.26.50
[f] +33 (0)2.43.72.21.14

[AGENCE D'ANGERS]
5, rue Fleming
Angers Technopole
49066 ANGERS
[t] +33 (0)2.41.19.28.65
[f] +33 (0)2.52.19.22.00

http://www.oceanet.com
http://www.oceanet-telecom.com

Re: nvidia driver what do you recommend

[Gilles Cafedjian]

I have the same problem but on a dell laptop with integrated NVidia
chip. 
The chip is NVidia Geforce 8600M GS and since I upgraded to 5.4 my
laptop is 
unusable (very slow window movement). I'm thinking of reinstall 5.3 to
have a 
working laptop. I can't change GPU chipset. 
There is a solution to get a working window manager back? 

Thanks,
Gilles Cafedjian. 

Le 2013-10-29 11:34, Peter J. Philipp a écrit : 

> On 10/28/13 11:44, Brett Mahar wrote:
> 
>> On Mon, 28 Oct 2013 11:20:32 +0100 "Peter J. Philipp"  
>> wrote: | I remember someone else writing to this list before saying the 
>> nvidia | driver is really slow. I just upgraded my main workstation from 5.3 
>> to | 5.4 and it indeed is. | | So I'm wondering what driver I should use 
>> because the choppyness of | moving windows is laughable, a sad kind of 
>> laugh. | | Do you recommend I get an ATI/AMD card? What sorts of models 
>> would you | recommend? | The "ATI Radeon HD 5450" works great with the 
>> recently added radeon KMS code, I got one for A$30 a few weeks ago, no 
>> problems seen, definitely no chopppyness using mplayer -vo xv in fullscreen 
>> 1080p, did have problems with a 96fps 4096x2304 video I tried out, 
>> however:-) Brett.
> 
> Hi Brett,
> 
> Well I took your advice and bought this card. I'm not a high
> performance freak when it comes to monitor so I think it'll be alright.
> I paid 27 euros on amazon.de for it. It does match my MSI N250GTS Twin
> Frozr 1G in DDR3 1 GB RAM but not sure about performance, I'll have to
> see. :-)
> 
> Cheers,
> 
> -peter

Re: /dev/urandom in chroot

[Theo de Raadt]

>I have a web program that attempts to access /dev/urandom from within the
>/var/www chroot.  Based on archive searches and googling, I've removed 
>the nodev flag from that mount and have created the random devices in 
>/var/www/dev/* 

So basically remove a layer of security.  Awesome.  See what they made
you do?

The /dev/*random nodes are not specified in any standard, furthermore
once you get into chroot all bets are off (like you discovered).

>This allows the program to work, but I'm wondering if there is a better
>way to do this that doesn't involve removing the nodev setting from
>/var.  

Rewrite it so that it uses other ways to get randomness.  The arc4random
API is exposed in various programming layers.

>Would it be preferable to use a language function for getting pseudo 
>random bytes instead of relying on the device?

Yes.  Definately.

/dev/urandom in chroot

[Gabriel Guzman]

Hello Misc, 

I have a web program that attempts to access /dev/urandom from within the
/var/www chroot.  Based on archive searches and googling, I've removed 
the nodev flag from that mount and have created the random devices in 
/var/www/dev/* 

This allows the program to work, but I'm wondering if there is a better
way to do this that doesn't involve removing the nodev setting from
/var.  

Would it be preferable to use a language function for getting pseudo 
random bytes instead of relying on the device?

Thanks for your time,
gabe.

Re: Request to OpenBSD Dev's - Beer on offer

[David Coppa]

On Tue, Oct 29, 2013 at 4:53 PM, Antoine Jacoutot  wrote:
> On Tue, Oct 29, 2013 at 10:15:38AM -0500, Adam Thompson wrote:
>> Are there any OpenBSD developers who don't like beer and/or caffeine?
>
> You can try bananas, but only monkeys will step up.

masturbating monkeys.

Re: Request to OpenBSD Dev's - Beer on offer

[Antoine Jacoutot]

On Tue, Oct 29, 2013 at 10:15:38AM -0500, Adam Thompson wrote:
> Are there any OpenBSD developers who don't like beer and/or caffeine?

You can try bananas, but only monkeys will step up.

-- 
Antoine

Re: Help vote for OpenBSD

[opendaddy]

Don't forget to vote!

On 9. oktober 2013 at 2:09 PM, openda...@hushmail.com wrote:
>
>Hi,
>
>Could you guys help me vote for OpenBSD at Digital Ocean?
>
>https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-
>
>Basically it's the only SSD cloud hosting provider 
>(https://www.youtube.com/watch?v=vHZLCahai4Q)
>in existence and if the response is good enough, they'll start offering 
>OpenBSD.
>
>Thanks!
>
>O.D.

Re: Request to OpenBSD Dev's - Beer on offer

[Peter Hessler]

On 2013 Oct 29 (Tue) at 17:44:51 +0200 (+0200), Gregory Edigarov wrote:
:On 10/28/2013 06:54 PM, Andy wrote:
:>Hi all,
:>
:>Would any of the esteemed OpenBSD developers be interested in adding support 
for BFD (Bidirectional Forward Detection) to OpenBSD.
:>
:>The protocol itself seems pretty simple and provides a sub-second keep-alive 
mechanism to monitor links for routes. E.g. Upon BFD failure BGP or OSPF can be 
torn down etc thus allowing for sub-second re-convergence of i/eBGP!
:>
:>I can only offer a crate of beer to anyone who has the skills and is willing 
:)
:>
:>'+1's welcome from others who would be interested to show signs of 
support/interest..
:
:I still don't see how is this different from ifstated?
:You can use it to ping your neighbour then issue bgpctl neighbor 
$your_fallen_neighbour down command.
:
:
:-- 
:With best regards,
: Gregory Edigarov
:

A) It's at the router level
B) *they* also run it
C) This is at ultra-tiny MS resolution
D) Somebody got paid a bonus for the RFC


-- 
A little inaccuracy sometimes saves tons of explanation.
-- H. H. Munroe, "Saki"

Re: Request to OpenBSD Dev's - Beer on offer

[Gregory Edigarov]

On 10/28/2013 06:54 PM, Andy wrote:

Hi all,

Would any of the esteemed OpenBSD developers be interested in adding support 
for BFD (Bidirectional Forward Detection) to OpenBSD.

The protocol itself seems pretty simple and provides a sub-second keep-alive 
mechanism to monitor links for routes. E.g. Upon BFD failure BGP or OSPF can be 
torn down etc thus allowing for sub-second re-convergence of i/eBGP!

I can only offer a crate of beer to anyone who has the skills and is willing :)

'+1's welcome from others who would be interested to show signs of 
support/interest..


I still don't see how is this different from ifstated?
You can use it to ping your neighbour then issue bgpctl neighbor 
$your_fallen_neighbour down command.


--
With best regards,
 Gregory Edigarov

Re: Request to OpenBSD Dev's - Beer on offer

[Andy]

No this is more than ping..

In essence it is, but is standardised and is supported on many vendors 
equipment including Cisco and Juniper etc as used by all our Transit 
providers..

It means that not only do we remove our BGP routes, but it means that 
our carriers also remove the routes for our ASN immediately allowing 
inbound traffic destined for us to be instantly rerouted via another one 
of the redundant Transit links for example instead of waiting a /long/ 
time for BGP..

http://en.wikipedia.org/wiki/Bidirectional_Forwarding_Detection


On 29/10/13 15:05, sven falempin wrote:
> So this is an ICMP ping with some authentification (on the gateway of a
> route) ??
>
> Why is this not overkill ?
>
>
> On Tue, Oct 29, 2013 at 11:01 AM, Andy  wrote:
>
>> On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:
>>
>>> On 13-10-28 11:54 AM, Andy wrote:
>>>
 Would any of the esteemed OpenBSD developers be interested in adding
 support for BFD (Bidirectional Forward Detection) to OpenBSD.
 [...]
 '+1's welcome from others who would be interested to show signs of
 support/interest..

>>> I can only agree, BFD support would be a very nice thing to have,
>>> considering that in other ways OpenBSD is already a very capable
>>> router.  I'm not in a position right now to pay someone properly to
>>> implement it, but I can sustain the cost of another case or three of
>>> beer.
>>>
>>>
>> Amazing!
>>
>> So we just need to find an alcoholic developer and we're on our way ;)
>> Could maybe send some caffeine and pro plus in the mean time ..

Re: Request to OpenBSD Dev's - Beer on offer

[Adam Thompson]

On 13-10-29 10:01 AM, Andy wrote:

Amazing!

So we just need to find an alcoholic developer and we're on our way ;) 
Could maybe send some caffeine and pro plus in the mean time ..


Are there any OpenBSD developers who don't like beer and/or caffeine?

Mind you, many of them are getting as old as I am, so large quantities 
of beer and caffeine may no longer be ideal.


--
-Adam Thompson
 athom...@athompso.net

Re: Request to OpenBSD Dev's - Beer on offer

[sven falempin]

So this is an ICMP ping with some authentification (on the gateway of a
route) ??

Why is this not overkill ?


On Tue, Oct 29, 2013 at 11:01 AM, Andy  wrote:

> On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:
>
>> On 13-10-28 11:54 AM, Andy wrote:
>>
>>> Would any of the esteemed OpenBSD developers be interested in adding
>>> support for BFD (Bidirectional Forward Detection) to OpenBSD.
>>> [...]
>>> '+1's welcome from others who would be interested to show signs of
>>> support/interest..
>>>
>>
>> I can only agree, BFD support would be a very nice thing to have,
>> considering that in other ways OpenBSD is already a very capable
>> router.  I'm not in a position right now to pay someone properly to
>> implement it, but I can sustain the cost of another case or three of
>> beer.
>>
>>
> Amazing!
>
> So we just need to find an alcoholic developer and we're on our way ;)
> Could maybe send some caffeine and pro plus in the mean time ..
>
>


-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: Request to OpenBSD Dev's - Beer on offer

[Andy]

On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:

On 13-10-28 11:54 AM, Andy wrote:

Would any of the esteemed OpenBSD developers be interested in adding
support for BFD (Bidirectional Forward Detection) to OpenBSD.
[...]
'+1's welcome from others who would be interested to show signs of
support/interest..


I can only agree, BFD support would be a very nice thing to have,
considering that in other ways OpenBSD is already a very capable
router.  I'm not in a position right now to pay someone properly to
implement it, but I can sustain the cost of another case or three of
beer.



Amazing!

So we just need to find an alcoholic developer and we're on our way ;) 
Could maybe send some caffeine and pro plus in the mean time ..

Re: Request to OpenBSD Dev's - Beer on offer

[Adam Thompson]

On 13-10-28 11:54 AM, Andy wrote:
Would any of the esteemed OpenBSD developers be interested in adding 
support for BFD (Bidirectional Forward Detection) to OpenBSD.

[...]
'+1's welcome from others who would be interested to show signs of 
support/interest..


I can only agree, BFD support would be a very nice thing to have, 
considering that in other ways OpenBSD is already a very capable 
router.  I'm not in a position right now to pay someone properly to 
implement it, but I can sustain the cost of another case or three of beer.


--
-Adam Thompson
 athom...@athompso.net

Re: Unattended installation - install.conf per server

[Uwe Stuehler]

On Tue, Oct 29, 2013 at 06:16:54AM -0400, Jiri B wrote:
> Hi,
> 
> how would we define specific install.conf for specific host?
> We could you rewrite rules based on client's IP but what
> based on other attributes (hwaddr...)?
> 
> I was thinking if it would be possible to pass such values
> as HTTP headers values but our `ftp' seems to not allow us
> to define own HTTP headers.
> 
> So... what is the plan?

The HTTP GET request can pass query arguments, so it would look like:

http:///install.conf?mac=xx:xx:xx:xx:xx:xx&...

That way a static file can be served or it can be generated by a CGI
script.

Re: Request to OpenBSD Dev's - Beer on offer

[Artturi Alm]

On 10/29/13 13:45, Andy wrote:

Code snippets can be seen on;

http://sourceforge.net/projects/kbfd/
http://sourceforge.net/projects/bfdd/

Editing these to compile and work on OpenBSD and run 'bgpctl neighbor
$bfdpeer down' etc is beyond my skills..



No editing will make the license work in OpenBSD kernel, i think.

-Artturi


Thanks for reading, Andy.

On Tue 29 Oct 2013 11:16:20 GMT, Andy wrote:

Yea its 24.. Would even be happy to offer some champers..

I think this is more of a Maudite crowd.. Connoisseurs on here...

As I understand it you would need to write a small daemon to do the BFD
state monitoring for the transmission and reception of the heartbeats
with various peers. The protocol is fairly simple so for an experienced
dev this should be easy.

Then in OpenBGPD you would need to have a way of gracefully and
forcefully immediately shutting down the BGP neighbor that matches the
BFD peer. This could be achieved by simply having the BFD daemon call
'bgpctl neighbor $bfdpeer down'

It is not so important for OSPF as that already has fast convergence
time with fast hello's etc.. But for BGP this would make a world of
difference to remove the BGP routes immediately (in less than a second)
as soon as the BGP neighbor goes down/becomes unreachable (even if not a
direct link (multi-hop etc)).


On 28/10/13 21:10, Dan Farrell wrote:

I'm not sure how much a crate is, but if it's a case (24 bottles),
then I'll throw in a case as well for this work.
Blanche de Chambly, anyone? Or is this more a Maudite crowd?


Sincerely,

Dan Farrell


On Mon, Oct 28, 2013 at 12:54 PM, Andy mailto:a...@brandwatch.com>> wrote:

 Hi all,

 Would any of the esteemed OpenBSD developers be interested in
 adding support for BFD (Bidirectional Forward Detection) to
OpenBSD.

 The protocol itself seems pretty simple and provides a sub-second
 keep-alive mechanism to monitor links for routes. E.g. Upon BFD
 failure BGP or OSPF can be torn down etc thus allowing for
 sub-second re-convergence of i/eBGP!

 I can only offer a crate of beer to anyone who has the skills and
 is willing :)

 '+1's welcome from others who would be interested to show signs of
 support/interest..

 Cheers, Andy.

Re: Notifies on CARP failover

[Andy]

Thanks for ideas and examples guys :)

Cheers, Andy.


On 24/10/13 14:18, Comète wrote:

I use ifstated for that. This is my config file:

init-state auto

carp_up = "carp3.link.up && carp10.link.up && carp101.link.up && 
carp100.link.up && carp254.link.up && carp2.link.up && carp7.link.up 
&& carp4.link.up"


carp_down = "carp3.link.down && carp10.link.down && carp101.link.down 
&& carp100.link.down && carp254.link.down && carp2.link.down && 
carp7.link.down && carp4.link.down"


state auto {
if $carp_up {
set-state primary
}
if $carp_down {
set-state backup
}
}

state primary {
init {
run "/root/scripts/alert_ifstated.sh MASTER"
}

if $carp_down {
set-state backup
}
}

state backup {
init {
run "/root/scripts/alert_ifstated.sh BACKUP"
}

if $carp_up {
set-state primary
}
}

This is the little script "alert_ifstated.sh" too:

#/bin/sh
ifconfig carp | mail -s "[RTR Failover] `hostname` is now $1" 
m...@address.me



Hope this helps...

Morgan


Le 24/10/2013 10:59, Andy a écrit :

Hi,

Could anyone point me in the right direction on how to have a script
be executed whenever a CARP failover or preempt event occurs?

Need to write a script to send an event message into our monitoring
systems so we can see when a change has occurred.

I haven't used ifstated yet, is this the right tool for this? and if
so could someone throw me an example if you have one?

Thanks, Andy.

Re: Request to OpenBSD Dev's - Beer on offer

[Andy]

Code snippets can be seen on;

http://sourceforge.net/projects/kbfd/
http://sourceforge.net/projects/bfdd/

Editing these to compile and work on OpenBSD and run 'bgpctl neighbor 
$bfdpeer down' etc is beyond my skills..


Thanks for reading, Andy.

On Tue 29 Oct 2013 11:16:20 GMT, Andy wrote:

Yea its 24.. Would even be happy to offer some champers..

I think this is more of a Maudite crowd.. Connoisseurs on here...

As I understand it you would need to write a small daemon to do the BFD
state monitoring for the transmission and reception of the heartbeats
with various peers. The protocol is fairly simple so for an experienced
dev this should be easy.

Then in OpenBGPD you would need to have a way of gracefully and
forcefully immediately shutting down the BGP neighbor that matches the
BFD peer. This could be achieved by simply having the BFD daemon call
'bgpctl neighbor $bfdpeer down'

It is not so important for OSPF as that already has fast convergence
time with fast hello's etc.. But for BGP this would make a world of
difference to remove the BGP routes immediately (in less than a second)
as soon as the BGP neighbor goes down/becomes unreachable (even if not a
direct link (multi-hop etc)).


On 28/10/13 21:10, Dan Farrell wrote:

I'm not sure how much a crate is, but if it's a case (24 bottles),
then I'll throw in a case as well for this work.
Blanche de Chambly, anyone? Or is this more a Maudite crowd?


Sincerely,

Dan Farrell


On Mon, Oct 28, 2013 at 12:54 PM, Andy mailto:a...@brandwatch.com>> wrote:

 Hi all,

 Would any of the esteemed OpenBSD developers be interested in
 adding support for BFD (Bidirectional Forward Detection) to OpenBSD.

 The protocol itself seems pretty simple and provides a sub-second
 keep-alive mechanism to monitor links for routes. E.g. Upon BFD
 failure BGP or OSPF can be torn down etc thus allowing for
 sub-second re-convergence of i/eBGP!

 I can only offer a crate of beer to anyone who has the skills and
 is willing :)

 '+1's welcome from others who would be interested to show signs of
 support/interest..

 Cheers, Andy.

Re: Request to OpenBSD Dev's - Beer on offer

[Andy]

Yea its 24.. Would even be happy to offer some champers..

I think this is more of a Maudite crowd.. Connoisseurs on here...

As I understand it you would need to write a small daemon to do the BFD 
state monitoring for the transmission and reception of the heartbeats 
with various peers. The protocol is fairly simple so for an experienced 
dev this should be easy.

Then in OpenBGPD you would need to have a way of gracefully and 
forcefully immediately shutting down the BGP neighbor that matches the 
BFD peer. This could be achieved by simply having the BFD daemon call 
'bgpctl neighbor $bfdpeer down'

It is not so important for OSPF as that already has fast convergence 
time with fast hello's etc.. But for BGP this would make a world of 
difference to remove the BGP routes immediately (in less than a second) 
as soon as the BGP neighbor goes down/becomes unreachable (even if not a 
direct link (multi-hop etc)).


On 28/10/13 21:10, Dan Farrell wrote:
> I'm not sure how much a crate is, but if it's a case (24 bottles), 
> then I'll throw in a case as well for this work.
> Blanche de Chambly, anyone? Or is this more a Maudite crowd?
>
>
> Sincerely,
>
> Dan Farrell
>
>
> On Mon, Oct 28, 2013 at 12:54 PM, Andy  > wrote:
>
> Hi all,
>
> Would any of the esteemed OpenBSD developers be interested in
> adding support for BFD (Bidirectional Forward Detection) to OpenBSD.
>
> The protocol itself seems pretty simple and provides a sub-second
> keep-alive mechanism to monitor links for routes. E.g. Upon BFD
> failure BGP or OSPF can be torn down etc thus allowing for
> sub-second re-convergence of i/eBGP!
>
> I can only offer a crate of beer to anyone who has the skills and
> is willing :)
>
> '+1's welcome from others who would be interested to show signs of
> support/interest..
>
> Cheers, Andy.

Re: nvidia driver what do you recommend

[Peter J. Philipp]

On 10/28/13 11:44, Brett Mahar wrote:
> On Mon, 28 Oct 2013 11:20:32 +0100
> "Peter J. Philipp"  wrote:
> 
> | I remember someone else writing to this list before saying the nvidia
> | driver is really slow.  I just upgraded my main workstation from 5.3 to
> | 5.4 and it indeed is.
> | 
> | So I'm wondering what driver I should use because the choppyness of
> | moving windows is laughable, a sad kind of laugh.
> | 
> | Do you recommend I get an ATI/AMD card?  What sorts of models would you
> | recommend?
> | 
> 
> The "ATI Radeon HD 5450" works great with the recently added radeon KMS code, 
> I got one for A$30 a few weeks ago, no problems seen, definitely no 
> chopppyness using mplayer -vo xv in fullscreen 1080p, did have problems with 
> a 96fps 4096x2304 video I tried out, however:-) 
> 
> Brett.
> 

Hi Brett,

Well I took your advice and bought this card.  I'm not a high
performance freak when it comes to monitor so I think it'll be alright.
 I paid 27 euros on amazon.de for it.  It does match my MSI N250GTS Twin
Frozr 1G in DDR3 1 GB RAM but not sure about performance, I'll have to
see. :-)

Cheers,

-peter

Unattended installation - install.conf per server

[Jiri B]

Hi,

how would we define specific install.conf for specific host?
We could you rewrite rules based on client's IP but what
based on other attributes (hwaddr...)?

I was thinking if it would be possible to pass such values
as HTTP headers values but our `ftp' seems to not allow us
to define own HTTP headers.

So... what is the plan?

jirib

Re: system seems deadlock

[Sébastien Marie]

Hi,

Just to signal that the last change on spec_vnops.c (1.77) correct my
problem: now the system don't deadlock.

Thanks a lot.
-- 
Sebastien Marie

On Mon, Oct 21, 2013 at 09:59:43AM +0200, Sébastien Marie wrote:
> On Sat, Oct 19, 2013 at 05:54:22PM +0200, Sébastien Marie wrote:
> > Hi,
> > 
> > I fall in a system problem using tmux: the system (OpenBSD -current
> > on i386) freeze (but no panic).
> > 
> 
> The freeze seems to be a dead-lock, and tmux expose it. 
> 
> ddb> ps
>PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
> [...]
>  13243  1  13243  0  3   0  inode tmux
> [...]
> 
> Here, tmux is waiting "inode".
> 
> This wait message is set here:
>  ufs/ext2fs/ext2fs_vfsops.c
>  831: lockinit(&ip->i_lock, PINOD, "inode", 0, 0);
>  
>  ufs/ffs/ffs_vfsops.c
>  1257:lockinit(&ip->i_lock, PINOD, "inode", 0, 0);
> 
> And if I let the system running, several others process fall in
> "inode" waiting (as cron, or login_passwd if I try login).
> 
> 
> With ddb, if I check locked vnodes, there are two on root partition.
> 
> ddb> show all mounts
> flags 5
> vnodecovered 0x0 syncer 0xd316aa60 data 0xd108a200
> vfsconf: ops 0xd098d7a0 name "ffs" num 1 ref 3 flags 0x1000
> statvfs cache: bsize 800 iosize 4000
> blocks 403383 free 375320 avail 355151
>   files 102910 ffiles 100646 favail 100646
>   f_fsidx {0x400, 0xc8a5ad54} owner 0 ctime 0x52640b1d
>   syncwrites 325 asyncwrites = 340
>   syncreads 8881 asyncreads = 0
>   fstype "ffs" mnton "/" mntfrom "/dev/sd0a" mntspec "ab8fcda4850f14e9.a"
> locked vnodes:
> 0xd3165ea8, 0xd316a310
> [... others partitions stripped ...]
> 
> ddb> show vnode 0xd3165ea8
> tag UFS(1) type VCHR(4) mount 0xd108b400 typedata 0xd0ffb100
> data 0xd3161298 usecount 2 writecount 0 holdcnt 0 numoutput 0
> 
> ddb> show vnode 0xd316a310
> tag UFS(1) type VDIR(2) mount 0xd108b400 typedata 0x0
> data 0xd31851ec usecount 1 writecount 0 holdcnt 3 numoutput 0
> 
> 
> Does someone have any clue, about what to check or how to debug this ?
> I think I will try the option VFSLCKDEBUG in kernel, but what else ?
> -- 
> Sébastien Marie