Re: powering off with shutdown -hp?

[Fred Snurd]

Rene wrote:
> You can try to disable apm inthe kernel config. 

Christian wrote:
> Remco wrote:
>> If I remember correctly, the following hack in /etc/sysctl.conf worked for
>> me on a Pentium II machine:
>> machdep.apmhalt=1# 1=powerdown hack, try if halt -p doesn't work
>
> It does work for my Pentium III-based Thinkpad A20m.

Both methods worked!  Either by disabling apm at UKC> or by editing sysctl.conf.

Theo wrote:
> There is a sophisticated heuristic in play.

Thanks for jogging my memory!  Not that the following describes all the gory 
details, but part of this heuristic is based on the SMBIOS version.  Single 
processor system older than 2.4 (mine's 2.1) gets APM:

http://marc.info/?l=openbsd-tech&m=124545473209570&w=2

If anyone cares to indulge me further, is there any preference/advantage of 
going with ACPI over APM?

Thanks again for such a great operating system!  I'm always amazed at how 
OpenBSD helps keep old systems usable!

Re: Secure way to delete data in hard disc

[Alicornio]

2009/10/28 Marco Peereboom :
> They'll use it as torture material during the next krieg.

I never thought that an OBSD dev ass could be so destructive!

Re: Native Instruments 'Soundcards'

[Jacob Meuser]

>  Is there a chance in hell that BSD (or even
> > *BSD) would grow support for this card? Is the linux driver a hack or
> > does "caiaq" mean some new standard that may some day be supported?
> > (googling turned up only references to the driver itself).

the alsa driver looks to be a complete driver that has nothing to do
with any of the usb standards based drivers for audio or midi.  one
of the copyright holders on the alsa driver has an @caiaq.de email
address.  http://caiaq.de doesn't have much info, but it says
"hardware development".  I'm guessing these guys (caiaq.de) developed
this hardware and the drivers.  why it doesn't use the usb audio and
midi standards though, I cannot answer.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: wpa and wi

[Rafael Ferreira Neves]

It's better you figure out what is the chipset of your wireless card
and then search in the manpages to discover if WPA or WPA2 is
supported for your card.

This may help you: http://www.openbsd.org/faq/faq6.html#Wireless


On Thu, Oct 29, 2009 at 12:11 AM, Steve Shockley
 wrote:
>
> Can wi cards do wpa or wpa2?

wpa and wi

[Steve Shockley]

Can wi cards do wpa or wpa2?

Re: Native Instruments 'Soundcards'

[Jacob Meuser]

On Wed, Oct 28, 2009 at 08:48:54PM -0400, Nick Guenther wrote:
> I was very excited to open up my new Native Instruments Audio4DJ
> soundcard today, but when I plugged it in I found out the wool they're
> pulling over their customers eyes. With 4.5 it shows up as
> ugen0 at uhub0 port 1 "Native Instruments Audio 4 DJ" rev 2.00/0.92 addr 3
> which, you'll note, is NOT a uaudio(4).
> 
> The latest ALSA appearently supports it with sound/usb/caiaq (e.g.
> http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/sound/usb/caiaq/), so
> that means that it won't Just Work on Windows, Mac, or Linux without
> installing drivers. I'm writing though because I don't know enough
> about the various USB standards at play here; I'm writing to ask if I
> should return it or not.

definitely, unless you plan do add the support yourself.

 Is there a chance in hell that BSD (or even
> *BSD) would grow support for this card? Is the linux driver a hack or
> does "caiaq" mean some new standard that may some day be supported?
> (googling turned up only references to the driver itself).

there is only one usb audio standard.

> Proprietary devices are so frustrating, so paying-to-be-a-slave. I
> don't want to do that unless there's a good reason for it. A friend
> suggests that USB soundcards by default are "cpu driven" so there's a
> lower bound on the latency that can be achieved,

uaudio(4) currently uses 10ms buffers.  pretty much all PCI devices
can do better.  but, that's mostly a driver issue.  usb1 should be
able to operate at 1 or 2 ms latency.  usb2 could possibly be lower.

 but again I don't
> know enough about this area to judge that for myself, and I don't know
> where I'd start researching it.

well, I'm looking at adding basic usb2 support in uaudio now, and I've
not been having much luck.  I've not done much with usb before, and
there's plenty to learn just in that area, nevermind audio.

> Thanks for any insight at all.
> -Nick

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Native Instruments 'Soundcards'

[Nick Guenther]

I was very excited to open up my new Native Instruments Audio4DJ
soundcard today, but when I plugged it in I found out the wool they're
pulling over their customers eyes. With 4.5 it shows up as
ugen0 at uhub0 port 1 "Native Instruments Audio 4 DJ" rev 2.00/0.92 addr 3
which, you'll note, is NOT a uaudio(4).

The latest ALSA appearently supports it with sound/usb/caiaq (e.g.
http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/sound/usb/caiaq/), so
that means that it won't Just Work on Windows, Mac, or Linux without
installing drivers. I'm writing though because I don't know enough
about the various USB standards at play here; I'm writing to ask if I
should return it or not. Is there a chance in hell that BSD (or even
*BSD) would grow support for this card? Is the linux driver a hack or
does "caiaq" mean some new standard that may some day be supported?
(googling turned up only references to the driver itself).

Proprietary devices are so frustrating, so paying-to-be-a-slave. I
don't want to do that unless there's a good reason for it. A friend
suggests that USB soundcards by default are "cpu driven" so there's a
lower bound on the latency that can be achieved, but again I don't
know enough about this area to judge that for myself, and I don't know
where I'd start researching it.

Thanks for any insight at all.
-Nick

Re: Network problems with OpenBSD 4.6 on a IBM xSeries 335

[Mauro Rezzonico]

What bugs me the most is that on: 
http://www.openbsd.org/images/newrack.jpg you can see at least three 1U 
IBM xSeries eServers.
So it looks like (for Theo at least) running the latest version DOES 
work! And Still I am unable to diagnose mi problem!!!


--
Mauro Rezzonico , Como, Italia
"Maybe this world is another planet's hell" - H.Huxley

Re: Anyway to force IP to be assigned only if MAC matches?

[Sam Fourman Jr.]

On Wed, Oct 28, 2009 at 6:08 PM, Peter N. M. Hansteen 
wrote:
> Jorge Enrique Valbuena Vargas  writes:
>
>> You can do that using the arp(8) command
>>
>>  # arp -s 10.0.0.2 00:90:27:bb:cc:dd permanent
>>
>> take a look at the man page of the command
>
> and you could combine that with dhcpd -L to maintain a pf table and
> only pass traffic from addresses in the table, if you like

do you have a example of how to do this?

Sam Fourman Jr.

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Matt Bettinger]

On Oct 28, 2009, at 6:23 PM, Marco Peereboom  wrote:


In .nl?  puhlease!

On Wed, Oct 28, 2009 at 11:07:52PM +0100, Francesco Vollero wrote:

Il giorno mer, 28/10/2009 alle 22.20 +0100, chefren ha scritto:


On 28-10-09 16:11, Francesco Vollero wrote:

Il giorno mer, 28/10/2009 alle 14.08 +0100, chefren ha scritto:


[snip]


It's unfair :( i came back from Amsterdam this morning :(

Francesco


Ah, well, I will try to honor you by proposing Italian food, OK?



Thanks :) But i hope you propose a real italian place :)


+++chefren

Francesco




What ever happened to rubberhose.org


Sent from my iPhone

Re: Secure way to delete data in hard disc

[Noah Pugsley]

Can I interest you in a pair of steganograpanties? Or for cooler 
weather, steganograpantaloons?

Marco Peereboom wrote:

They'll use it as torture material during the next krieg.

On Wed, Oct 28, 2009 at 04:48:28PM -0600, Bob Beck wrote:

What, you have pictures of my ass too?

Obviously I must make something to write a random pattern over my
entire ass so that It won't be recognized if some germans steal it.

Re: Secure way to delete data in hard disc

[Marco Peereboom]

They'll use it as torture material during the next krieg.

On Wed, Oct 28, 2009 at 04:48:28PM -0600, Bob Beck wrote:
> > What, you have pictures of my ass too?
> 
> Obviously I must make something to write a random pattern over my
> entire ass so that It won't be recognized if some germans steal it.

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Marco Peereboom]

In .nl?  puhlease!

On Wed, Oct 28, 2009 at 11:07:52PM +0100, Francesco Vollero wrote:
> Il giorno mer, 28/10/2009 alle 22.20 +0100, chefren ha scritto:
> > 
> > On 28-10-09 16:11, Francesco Vollero wrote:
> > > Il giorno mer, 28/10/2009 alle 14.08 +0100, chefren ha scritto:
> 
> [snip]
> 
> > > It's unfair :( i came back from Amsterdam this morning :(
> > >
> > > Francesco
> > 
> > Ah, well, I will try to honor you by proposing Italian food, OK?
> > 
> 
> Thanks :) But i hope you propose a real italian place :) 
> 
> > +++chefren
> Francesco

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Mauro Rezzonico]

Francesco Vollero wrote:
Thanks :) But i hope you propose a real italian place :) 
Unfortunately You get "proper Italian food", only if you come to Italy 
and some "local people" (i.e. local friends) send you to some "local 
proper place".
Have fun none the less, The main purpose is to celebrate this new nice 
release!
We all must understand this is the combined effort of lots of of people 
who have contributed without asking anything back: so lots of people 
made it possible and lots of people must be celebrated and thanked: best 
thing we all can do is raise our glasses in honor of them, for their 
making this achievement possible!


--
Mauro Rezzonico , Como, Italia
"Maybe this world is another planet's hell" - H.Huxley

Re: Anyway to force IP to be assigned only if MAC matches?

[Peter N. M. Hansteen]

Jorge Enrique Valbuena Vargas  writes:

> You can do that using the arp(8) command
>
>  # arp -s 10.0.0.2 00:90:27:bb:cc:dd permanent
>
> take a look at the man page of the command

and you could combine that with dhcpd -L to maintain a pf table and
only pass traffic from addresses in the table, if you like

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Anyway to force IP to be assigned only if MAC matches?

[Jorge Enrique Valbuena Vargas]

You can do that using the arp(8) command

 # arp -s 10.0.0.2 00:90:27:bb:cc:dd permanent

take a look at the man page of the command

I hope this can Help !

On Wed, Oct 28, 2009 at 5:29 PM, Andres Salazar wrote:

> Hello,
>
> I Have dhcp enabled on my LAN which assigns an IP according to the
> clients MAC address, however if a user wanted to be malicious he can
> statically assign any IP to his NIC.
>
> Isnt there anyway I can force my ARP tables to only allow IPs to be
> assigned if the MAC address matches?
>
>
> Thanks
> Andres

Re: Secure way to delete data in hard disc

[Bob Beck]

2009/10/28 Henning Brauer :
> * Bob Beck  [2009-10-28 20:57]:
>> > I would rather my family photos
>>
>> Yeah, but I hike with bastards who take pictures of my ass and put it
>> up on the internet for all to see..   So how can I delete the data
>> from his web server? Is there some kind of remote bioctl --de-assify I
>> could run?
>
> yes:
> echo "delete this pic of my ass: http:///"; | mail -s "asspic" henning
>

What, you have pictures of my ass too?

:)

Re: Secure way to delete data in hard disc

[Bob Beck]

> What, you have pictures of my ass too?

Obviously I must make something to write a random pattern over my
entire ass so that It won't be recognized if some germans steal it.

Anyway to force IP to be assigned only if MAC matches?

[Andres Salazar]

Hello,

I Have dhcp enabled on my LAN which assigns an IP according to the
clients MAC address, however if a user wanted to be malicious he can
statically assign any IP to his NIC.

Isnt there anyway I can force my ARP tables to only allow IPs to be
assigned if the MAC address matches?


Thanks
Andres

About priorities in /etc/resolv.conf

[Andres Salazar]

Hello,

I have experienced that even though I set up 3 servers in
/etc/resolv.conf , if the first one gets slow apparently it will not
utilize the others untill it is completely down. Is there anyway to
actually force the OS to pick another resolver if one of them is very
slow?

Thank you

Andres

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Francesco Vollero]

Il giorno mer, 28/10/2009 alle 22.20 +0100, chefren ha scritto:
> 
> On 28-10-09 16:11, Francesco Vollero wrote:
> > Il giorno mer, 28/10/2009 alle 14.08 +0100, chefren ha scritto:

[snip]

> > It's unfair :( i came back from Amsterdam this morning :(
> >
> > Francesco
> 
> Ah, well, I will try to honor you by proposing Italian food, OK?
> 

Thanks :) But i hope you propose a real italian place :) 

> +++chefren
Francesco

Re: Secure way to delete data in hard disc

[Henning Brauer]

* Bob Beck  [2009-10-28 20:57]:
> > I would rather my family photos
> 
> Yeah, but I hike with bastards who take pictures of my ass and put it
> up on the internet for all to see..   So how can I delete the data
> from his web server? Is there some kind of remote bioctl --de-assify I
> could run?

yes:
echo "delete this pic of my ass: http:///"; | mail -s "asspic" henning

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[chefren]

On 28-10-09 16:11, Francesco Vollero wrote:

Il giorno mer, 28/10/2009 alle 14.08 +0100, chefren ha scritto:

Tomorrow, Thursday 29th of October:

Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam




18:00 gathering in front of De Deugniet, we will find some food in the
neighborhood that has lots of places where we can eat.

> From 20:00 on we will gather into De Deugniet itself and have a drink on
OpenBSD 4.6!

+++chefren


It's unfair :( i came back from Amsterdam this morning :(

Francesco


Ah, well, I will try to honor you by proposing Italian food, OK?

+++chefren

Re: carp master <-> backup problem

[Bryan Irvine]

VVV
>   372 discarded for unknown vhid


I know someone else already pointed it out but this is worth drawing
your attention to as well.

-B

Re: Secure way to delete data in hard disc

[Ted Unangst]

Then the question asked should be "How do I keep my data safe if it's
stolen?", not "How do I overwrote data on my not-stolen hard drive?"

But if somebody would actually be able to sell your family photos to
the highest bidder, I'm extremely jealous.  My family is not nearly so
interesting.

On Wed, Oct 28, 2009 at 4:38 PM, Brad Tilley  wrote:
> On Wed, Oct 28, 2009 at 4:22 PM, Marco Peereboom  wrote:
>> What in the world do stolen disks have to do with over writing the
>> content on it?
>
> The thread suggested svnd, softraid and cfs as a counter measure. An
> encrypted disk with no key is effectively an over written disk. How is
> that point lost on you? What is the difference between data patterns
> in an AES encrypted file and a file created with /dev/arandom as
> input?
>
> Brad

Re: Sun V120 gem and hme interfaces hang

[Bryan S. Leaman]

Daniel Ouellet wrote:
I am not saying it's the same problem here, but it sure behave the 
exact same way. See if you have timeout in the logs or not from that 
hme driver. But without you doing more tests on your box, it will not 
be looked at before it's done for sure.


I really hope it help you never the less and give you some ideas to 
try. The best way to get help if to help yourself first and really try 
many things and then you have more valuable data to use and report with.


Thanks for the suggestions.  I have tried quite a few things so far, and 
will continue to test.  Since this is a production environment, I can 
only work on it off-hours.  The problem is intermittent and not always 
easy to reproduce, so it will take some time.  Last night I got it to 
hang several times, but later the same load tests running for hours were 
not triggering it.  The host and switch are forced to 100Mbps/Full and 
I've installed new cables.  I tried several other switches and ports, 
and no matter what I do, even if it doesn't hang I always get interface 
errors.  With gem it was ierrs, with hme it was oerrs, and I even tried 
an fxp card from a Compaq server and with that I get both ierrs and 
oerrs, but only a fraction of a percent of total packets.  Today so far 
I have 160 errors out of 30M packets along with some input and CRC 
errors on the Cisco switch port.  I would think these counters should be 
0 unless something is really wrong.  But throughput seems fine.


So right now I'm focusing more on trying to eliminate the error counts 
while giving the system "time" to get to the point where it may hang.  
No idea if the two issues are related.  I'm definitely not giving up or 
expecting someone else to do all the troubleshooting...I was just hoping 
that maybe someone either knew about a fix or could give me some ideas 
where to look.  Now that I have some more ideas, I will continue trying 
new things and look for an answer.


A question about logging--why do I not get any log entries or console 
messages about these failures?  Almost everyone else that had these 
kinds of problems had log messages.  Is there a way to enable verbose 
logging in the network drivers?  Or is there something I can do or 
capture when the failure is occurring that would help me see what is 
going on?  Without that, I feel like I'm just guessing.


Bryan

Re: Secure way to delete data in hard disc

[Brad Tilley]

On Wed, Oct 28, 2009 at 4:22 PM, Marco Peereboom  wrote:
> What in the world do stolen disks have to do with over writing the
> content on it?

The thread suggested svnd, softraid and cfs as a counter measure. An
encrypted disk with no key is effectively an over written disk. How is
that point lost on you? What is the difference between data patterns
in an AES encrypted file and a file created with /dev/arandom as
input?

Brad

Re: carp master <-> backup problem

[Scott McEachern]

Bryan Irvine wrote:

I do believe preempt should be 1 on both servers. Let the advskew
handle which one is primary.

What do you see for output of 'netstat -s -p carp' and 'netstat -s -p pfsync'

-B

  
I tried it with both servers set to preempt=1, with the same results, 
but to double check I did it again.  The results are identical to 
everything I posted previous, except (on the secondary server):


$ sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2

Per your request:

(on the primary:)
$  netstat -s -p carp
carp:
   226 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   226 discarded for unknown vhid
   0 discarded because of a bad address list
   387 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

(on the secondary:)
$  netstat -s -p carp
carp:
   335 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   335 discarded for unknown vhid
   0 discarded because of a bad address list
   236 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

This was done after a clean reboot (both) and my accessing the site from 
an external shell account I have (using lynx).  The secondary still 
responds first, and when it is taken offline (halt -p), the primary does 
not take over (no answer).  The primary only takes over normal duties 
when the hostname.carp0 file has been renamed on the secondary, the 
secondary has actually been rebooted and sh /etc/netstart has been run 
on the primary.  After the secondary was taken offline, and sh 
/etc/netstart run on the primary, I accessed the site again (the primary 
is then the only carp node), and did this: (from the primary)


$ netstat -s -p carp
carp:
   372 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   372 discarded for unknown vhid
   0 discarded because of a bad address list
   704 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

As for output regarding pfsync, all values are zero because I do not use 
pfsync.  It is a single firewall with two web servers internally, not a 
redundant firewall situation.  No changes have been made to the firewall 
at all.


I'm at my wits end for why this doesn't work.  It *must* be something 
wrong with my config, as I just don't believe it's a "bug" in carp.  
This config is practically straight out of the FAQ so I'm at a total 
loss. :(


FWIW, the pf.conf on the firewall uses these values (which normally work 
fine):

(...)
gw_ext=$ext_ip4 <-- my external IP addy for that web site, I have 5 IPs
gw_int="192.168.0.9" <-- the carp node, or when not using carp, the 
primary web server
#gw_int="192.168.0.19"  <-- for when I manually switch to the secondary 
server

gw_ports="{ 80, 443 }"
int0_if="xl0"
tcp_flags="flags S/SA modulate state"
(...)
not_private="{ \
   !0.0.0.0/8, \
   !10.0.0.0/8, \
   !127.0.0.0/8, \
   !169.254.0.0/16, \
   !172.16.0.0/12, \
   !192.8.2.0/24, \
   !192.168.0.0/16, \
   !240.0.0.0/4, \
   !255.255.255.255/32 \
}"
(...)
rdr on $ext_if proto tcp from $not_private to $gw_ext port \
   $gw_ports -> $gw_int
(...)
pass in log quick on $ext_if inet proto tcp from $not_private to $gw_int \
   port $gw_ports flags S/SA synproxy state
(...)
pass out quick on $int0_if proto tcp from $not_private to $gw_int \
   port $gw_ports $tcp_flags

The firewall config has worked fine and hasn't been changed in ages, but 
I can't help wonder if something there is screwing up carp.  Redoing and 
simplifying the fw rules (using tags) is next on my todo list, but I 
figured I'd get carp working first before changing a "known good" fw 
config and adding another change to the mix.


--

-RSM

http://www.erratic.ca

Re: Secure way to delete data in hard disc

[Marco Peereboom]

What in the world do stolen disks have to do with over writing the
content on it?

On Wed, Oct 28, 2009 at 03:34:07PM -0400, Brad Tilley wrote:
> On Wed, Oct 28, 2009 at 2:27 PM, Marco Peereboom  wrote:
> > or you should realize that you and your data really aren't that important.
> 
> It's an issue about privacy, not self-importance. Pawn shops are full
> of stolen computers with other people's data. That's the *only* reason
> I overwrite and/or encrypt data. I would rather my family photos and
> tax documents not be sold to the highest bid.
> 
> Brad

Re: carp master <-> backup problem

[Scott McEachern]

Peter Hessler wrote:

On 2009 Oct 28 (Wed) at 01:55:40 -0400 (-0400), Scott wrote:
:$ cat /etc/hostname.carp0:
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0
-snip-
:$ cat /etc/hostname.carp0
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew
:100 carpdev xl0

The vhids need to be identical.

  
And therein lies the solution.  I misunderstood the documents and 
thought that each carp node had a unique vhid.


I've since tested with both online, the master offline, then put back, 
etc. and all works *perfectly* fine now!  I knew it was my bad.


Thank-you very much for pointing out my error, and to the others that 
helped out.  I'm sorry for the noise.


BTW: I forgot to mention this, but thanks to all the folks involved with 
4.6.  The CDs arrived just outside of Toronto on 19 Oct (Monday last 
week.)  :) :)


--

-RSM

http://www.erratic.ca

Re: Secure way to delete data in hard disc

[Brad Tilley]

On Wed, Oct 28, 2009 at 3:44 PM, Bob Beck  wrote:
>Is there some kind of remote bioctl --de-assify I could run?

I'm not sure you can be de-assified.

Re: carp master <-> backup problem

[Peter Hessler]

On 2009 Oct 28 (Wed) at 01:55:40 -0400 (-0400), Scott wrote:
:$ cat /etc/hostname.carp0:
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0
-snip-
:$ cat /etc/hostname.carp0
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew
:100 carpdev xl0

The vhids need to be identical.


-- 
Legalize free-enterprise murder: why should governments have all the
fun?

Re: Secure way to delete data in hard disc

[Darrin Chandler]

On Wed, Oct 28, 2009 at 01:44:00PM -0600, Bob Beck wrote:
> > I would rather my family photos
> 
> Yeah, but I hike with bastards who take pictures of my ass and put it
> up on the internet for all to see..   So how can I delete the data
> from his web server? Is there some kind of remote bioctl --de-assify I
> could run?

It's awfully hard to unbreak an egg. Perhaps bobctl --ass-in-pants is
what's needed?

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
dwchand...@stilyagin.com   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: carp master <-> backup problem

[Michiel van Baak]

On 01:55, Wed 28 Oct 09, Scott wrote:
> I must be missing something in my config, and I'd appreciate it if my
> blunder could be pointed out to me.
>

[snip]

Do you have pf enabled ?
If so, make sure you allow carp traffic on the physical interface that
runs carp.
-- 

Michiel van Baak
mich...@vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"

Re: Secure way to delete data in hard disc

[Bob Beck]

> I would rather my family photos

Yeah, but I hike with bastards who take pictures of my ass and put it
up on the internet for all to see..   So how can I delete the data
from his web server? Is there some kind of remote bioctl --de-assify I
could run?

Re: Secure way to delete data in hard disc

[Brad Tilley]

On Wed, Oct 28, 2009 at 2:27 PM, Marco Peereboom  wrote:
> or you should realize that you and your data really aren't that important.

It's an issue about privacy, not self-importance. Pawn shops are full
of stolen computers with other people's data. That's the *only* reason
I overwrite and/or encrypt data. I would rather my family photos and
tax documents not be sold to the highest bid.

Brad

Re: Sun V120 gem and hme interfaces hang

[Daniel Ouellet]

Did you try the mp kernel to see if that makes a difference for you.

Out of curiosity, what effect would this have on a single CPU box?


Using a different kernel with different options compile in it.

For me at the time the MP kernel didn't have the problem that the sp had 
and looking the difference in between them pointed out to look in one 
direction to address the patch at the time.


That's why I asked if you tried it.

The bottom line is MP kernel does wok on single core processor. It's 
just like having a CPU with one core only really. There is nothing wrong 
trying it, it will not kill your box. (;>



Also, don't forget that the fix here is not in 4.5, but pass 4.5

And anything in your logs for timeout message may be?

And 4.6 is really around the corner now. Might be best to run it and see.
I know the fix for gem is in 4.6, but does the same problem affect hme?  
Since I'm having the problem with both drivers, I'm not sure if the 4.6 
fix is related to the problem I'm seeing.  Unlike your experience, I'm 
not getting any error messages in any logs or on the console.  The only 
clue is the ierrs/oerrs and some error counts on the switch.


There might be the same type of watch dog issue in the hme that it was 
on the gem. I can't tell you for sure, but the bottom line here as well 
if you really want to find a problem or possibly a bug like it's explain 
n the FaQ, you need to try the latet snapshot first and report if that 
still have your problem with it or not. There is so many changes lately 
in it. Your problem may well be gone, or still present, however you need 
to help yourself and try to find more and the start of it is to try all 
you can, witch you still haven't done it. Don't forget, you are the one 
with the problem, not the dev, but you would like them to look into it. 
Start by providing valuable details and may be if one have time, or an 
idea it he/she might look into it. But you need to provide more details 
first and at a minimum try to isolate it. Many tests do not need to be a 
programmer to do them and provide valuable details. For all everyone 
knows, the problem may well be fix by now, or not.


I was able to kill the interface several times by pushing data through 
the firewall (into hme0 and out hme1) at around 70Mbps for 5-10 
minutes.  Same result--hme1 stopped responding but I could ping hosts on 
the hme0 side.  I'm fairly sure (it was a long night...) that one time I 
did the ifconfig down/up on *hme0* and that revived hme1, which seemed odd.


I am not saying it's the same problem here, but it sure behave the exact 
same way. See if you have timeout in the logs or not from that hme 
driver. But without you doing more tests on your box, it will not be 
looked at before it's done for sure.


I ran "systat ifstat" during the failure, and it showed data flowing 
inbound through the firewall into hme0 and out hme1, but nothing in the 
other direction.  So hme1 seems to be half working.  Not sure if it 
matters, but I'm using altq with hfsc.


May be an auto duplex negotiation issue, or not. But did you try and see 
if that might help or even make a difference? Just try to think or all 
possibility and tests some. Like different switch, or fix the port speed 
 on the switch and hme card just to test. Try MOP kernel, try snapshot 
( and if you do, don't forget that changes were done in PF that may 
affect you and need changes to the PF configuration in 4.6) Then and 
only then will you have more data to report and may be look into what 
might be the issue.


Hope this help you some and provide you some tests that really out to be 
done to be helpful.


Just think about it as it is now. You report an issue, but it would be 
much more helpful if thee is a case that remove the issue and then 
compare between the two setup could be looked at. For all we know now it 
may just be a switch port issue really. I am not saying it is, but could 
be as that's the same element in the picture as before on one end of it.


I know you have that for many weeks now based on your previous email, so 
you try to isolate it, witch is good, but then go all the way to find it 
and really try more stuff then what you do now. You may fix it real 
quick doing so and wonder why you didn't do it sooner after that fact.


I really hope it help you never the less and give you some ideas to try. 
The best way to get help if to help yourself first and really try many 
things and then you have more valuable data to use and report with.


Best,

Daniel

Re: Secure way to delete data in hard disc

[Marco Peereboom]

or you should realize that you and your data really aren't that important.

Re: Secure way to delete data in hard disc

[Gonzalo Lionel Rodriguez]

2009/10/28 Joachim Schipper :
> On Wed, Oct 28, 2009 at 08:52:20AM -0300, Gonzalo Lionel Rodriguez wrote:
>> 2009/10/28 Jan Stary :
>> > On Oct 27 16:12:54, Jordi Espasa Clofent wrote:
>> > Could we please stop this thread now and never bring it back?  Thank
you.
>> >
>> > (1) Your data is not that interesteing to anyone. (...)
>> > (2) If you think you work with data that is so sensitive (which it
isn't),
>> >then you surely have the money needed to buy a new disk. (...)
>> > (3) [Otherwise,] just dd if=/dev/zero of=/dev/sd0c (...)
>> > (4) [Ignore Slashdot articles on this subject]
>>
>> Put the sensitive files in a pseudo-device vnd and then delete it.
>
> I think you mean "put the sensitive files in a pseudo-device vnd[1] and
> then delete _the key_".
>

Yes.

> This, in fact, is the proper way to secure data. If your data is
> important enough that it needs to be deleted this thoroughly, you can't
> risk someone jacking your laptop/a disk out of your computer, either.
>
>Joachim
>
> [1] Or softraid crypto partition.

Re: carp master <-> backup problem

[Bryan Irvine]

On Tue, Oct 27, 2009 at 10:55 PM, Scott  wrote:
> I must be missing something in my config, and I'd appreciate it if my
> blunder could be pointed out to me.
>
> I have two web servers behind a firewall (all machines are running
> 4.6-stable, generic kernel).  The firewall has rdr & pass rules to both web
> servers, with one commented out at a time.  I change it manually when I
want
> to switch them.  This same setup has been working fine since 4.4.
>  Generally, pf routes web traffic to the primary web server (192.168.0.9)
> but sometimes I use it's twin at 192.168.0.19.
>
> Today I decided to try using carp to *not* load balance, but use the
> primary and have the secondary kick in when I have the primary offline
> for maintenance instead of me changing the pf rule by hand.  Simple
> enough.  I read the man pages for carp and ifconfig, and read the
> example in the FAQ.  (This will eventually be load balanced in the
> future if I can get MySQL clustering to work on OpenBSD... haven't tried
> that yet.)
>
> The problem is that when I access my site from an external account, my
> primary never gets used, the secondary takes all connections, and to make
it
> worse, if the secondary (which is being used first) is taken offline, the
> primary doesn't even get touched.  I have to delete the carp i/f on the
> secondary and reboot the primary for web access to go back to normal.
>
> On the primary web server:
>
> $ sysctl net.inet.carp
> net.inet.carp.allow=1
> net.inet.carp.preempt=1
> net.inet.carp.log=2
>
> $ cat /etc/hostname.carp0:
> inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0
>
> $ cat /etc/hostname.fxp0
> inet 192.168.0.2 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
> inet alias 192.168.0.9 255.255.255.0
> inet alias 192.168.0.10 255.255.255.0
> inet alias 192.168.0.11 255.255.255.0
> inet alias 192.168.0.12 255.255.255.0
> inet alias 192.168.0.13 255.255.255.0
>
> $ ifconfig carp0
> carp0: flags=8843 mtu 1500
>   lladdr 00:00:5e:00:01:01
>   priority: 0
>   carp: MASTER carpdev fxp0 vhid 1 advbase 1 advskew 0
>   groups: carp
>   inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x5
>   inet 192.168.0.9 netmask 0xff00 broadcast 192.168.0.255
>
>
> On the secondary web server:
>
> $ sysctl net.inet.carp
> net.inet.carp.allow=1
> net.inet.carp.preempt=0
> net.inet.carp.log=2
>
> $ cat /etc/hostname.carp0
> inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew
> 100 carpdev xl0
>
> $ cat /etc/hostname.xl0
> inet 192.168.0.3 255.255.255.0 NONE media 100baseTX mediaopt full-duplex
> inet alias 192.168.0.20 255.255.255.0
> inet alias 192.168.0.21 255.255.255.0
> inet alias 192.168.0.22 255.255.255.0
> inet alias 192.168.0.23 255.255.255.0
>
> $ ifconfig carp0
> carp0: flags=8843 mtu 1500
>   lladdr 00:00:5e:00:01:02
>   priority: 0
>   carp: MASTER carpdev xl0 vhid 2 advbase 1 advskew 100
>   groups: carp
>   inet6 fe80::200:5eff:fe00:102%carp0 prefixlen 64 scopeid 0x5
>   inet 192.168.0.9 netmask 0xff00 broadcast 192.168.0.255
>
>
> I have tried making slight changes to the hostname files, such as
> including "advbase 1 advskew 1" to the primary, adding and removing the
> alias for .9 on the master, changing preempt=1 on the secondary, and none
of
> it makes any difference.  I continually see what (I think) should be the
> backup on the secondary server shown as a master (above), and it takes all
> the web server connections.  Other than my carp experiments, everything
> works perfectly fine.  I must be missing
> something, somewhere, but I'm out of clues.  Any pointers in the right
> direction would be appreciated,
> Thanks.
>
> --
>
> -RSM
>
>

I do believe preempt should be 1 on both servers. Let the advskew
handle which one is primary.

What do you see for output of 'netstat -s -p carp' and 'netstat -s -p pfsync'

-B

Re: Secure way to delete data in hard disc

[AG]

Jordi Espasa Clofent wrote:

Hi all,

The subject is auto-descriptive ;)
After reading a while about wiping [1] I think there's not a unique 
way to do it. Finally I've chosen a simple double-step method:


First,

$ dd if=/dev/urandom of=

and next

$ dd if=/deb/zero of=

?Do you think is it safe enough? I mean ?is it enough against the 
common recovery low-level data tools?


[1] http://en.wikipedia.org/wiki/Data_erasure#Standards
Slightly tangential to your scripting but have you considered pre-made 
tools?  Overkill perhaps, but in Linux world there is secure-delete.  
srm (the command) +options will provide 38 wipes with randomised numbers 
as well as recursivity and a number of even more detailed capabilities.  
I haven't checked, but perhaps this tool exists in OBSD world as well?

Re: carp master <-> backup problem

[Scott]

Marco Pfatschbacher wrote:

Hi,

I actually didn't read your entire mail..
but:

Having 192.168.0.9 on both the physical and the carp interface
cannot really work.   
  
Thanks for trying!  Unfortunately, I tried that as well (and double 
checked it again after your reply) where the carp IP is not assigned 
anywhere else.  Still the problem remains: the backup (secondary server) 
insists on being the master, and it is given priority when the firewall 
sends web traffic to the 192.168.0.9 address.


Unfortunately, the ifconfig output with both machines reading "MASTER" 
remains 100% identical to those in my original message, so I've ruled 
out that it's somehow a problem with the addresses being aliases.  I 
still have to mv the /etc/hostname.carp0 file to anything else and 
reboot for web traffic to flow to the primary server.  Grr.


--

-RSM

http://www.erratic.ca

Re: powering off with shutdown -hp?

[Christian Weisgerber]

Remco  wrote:

> If I remember correctly, the following hack in /etc/sysctl.conf worked for
> me on a Pentium II machine:
> machdep.apmhalt=1# 1=powerdown hack, try if halt -p doesn't work

It does work for my Pentium III-based Thinkpad A20m.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Massive 75% off high street prices with free delivery PLUS £5 off*

[OK-mail & M & M Direct Ltd]

This email has been sent to you by OK-mail.co.uk

---

M and M Direct
Save up to 75% off your favourite brands

---

Start your christmas shopping early with B#5 off your first order
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSQ00AOGYGI

---

Home
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSR00AOGYGI

Mens
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSS00AOGYGI

Womens
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGST00AOGYGI

Boys
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSU00AOGYGI

Girls
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSV00AOGYGI

New
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSW00AOGYGI

Clearance
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSX00AOGYGI

---

Helly Hansen
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSY00AOGYGI

Bench
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGSZ00AOGYGI

Timberland
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT000AOGYGI

Adidas
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT100AOGYGI

K-Swiss
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT200AOGYGI

Firetrap
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT300AOGYGI

Henleys
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT400AOGYGI

Puma
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT500AOGYGI

---

Save up to 75% off your favourite brands

>> Shop now
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT600AOGYGI

Free delivery on orders over B#50*

Our deliveries are not affected by the Royal Mail strike

---

Shop all Jackets
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT700AOGYGI

Shop all Party
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT800AOGYGI

Shop all Boots
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGT900AOGYGI

Shop all Mens
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTA00AOGYGI

Shop all Kids
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTB00AOGYGI

Shop all Gifts
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTC00AOGYGI

---

All this plus... B#5 OFF when you spend B#50 or more*
Just enter your exclusive offer code IPE1 at the checkout, but
hurry - offer ends 30th November

>> Shop now
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTD00AOGYGI

---

* If you have spent over B#50, delivery will automatically be
reduced to free from the standard rate of B#3.99 in your shopping
basket. This offer is only available for UK mainland and BFPO
standard delivery purchases, excluding P&P (normally B#3.99). The
free delivery offer will end at midnight on the 11th November,
2009. However, the B#5 off when you spend B#50 or more offer ends at
midnight 30th November, 2009 and you will need to enter your
exclusive offer code to redeem your B#5. Your code can only be used
once and you must sign in using the email address that this email
was sent to.

See our website for full Terms and Conditions.
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTE00AOGYGI

M and M Direct Ltd Registered office: M and M Direct, Clinton Road,
Leominster, Herefordshire, HR6 0SP VAT registration number: GB 844
2725 24 Company registration number: 5069228 Copyright B) 2009 M and
M Direct Ltd. All rights reserved.

---

If you no longer wish to receive M & M Direct Ltd emails
from OK-mail, click here:
http://tr1.mailperf.com/r5.aspx?GV1=TYOP0BG003GL000G8J000OGTF00AOGYGI&fguidv5
=000B1U


You have received this email because you are a member of OK-mail.
If you no longer wish to receive messages from us, click here:
http://www.emb1.co.uk/Unsubscribe.asp?id=4&email=m...@openbsd.org&MailingList
ID=3

OK-mail Ltd, 46 Gillingham Street, London SW1V 1HU.






mailcode=50871

Re: 4.6 reboots x336 ibm server(s)

[Joachim Schipper]

On Wed, Oct 28, 2009 at 03:36:34PM +, FRLinux wrote:
> On Mon, Oct 26, 2009 at 9:03 PM, Marco Peereboom  wrote:
> > Does it have broadcom nics?
> >
> > if do disable those and try again.
> 
> Hello still the same problem. Out of curiosity, tried to boot off the
> amd64 CD but failing the same. Suggestions?
> 
> As I asked, can anyone tell me which flags are disabled during the
> install ? (disabling acpi during install was enough to get the system
> installed but then it won't boot...)

Just to check the obvious: did you disable acpi when booting after the
install? (And did you try both bsd and bsd.mp? The latter is less like
the install kernel than the former.)

Otherwise, you could look at
/usr/src/sys/arch//conf/{GENERIC,RAMDISK_CD}. But that's likely a
bit daunting.

Joachim

Re: powering off with shutdown -hp?

[Remco]

Fred Snurd wrote:

> I've just resurrected an old Pentium 3 system with the 22 October i386
> snapshot of OpenBSD 4.6-current.  It works great, however after issuing
> "shutdown -hp now" (I'm greeted with the message "shutdown: switch -p must
> be used with -h." when using "shutdown -p now"), I'm getting the system
> message "syncing disks... done" followed by "Attempting to power down...".
>  The system never shuts off.
> 
> From the dmesg (below), this appears to be an old APM-based motherboard. 
> The shutdown(8) manpage states that  not all hardware supports automatic
> power down.  That's fine if this hardware doesn't support it, but given
> the "Attempting to power down..." message, I am curious if it might be
> possible.
> 

If I remember correctly, the following hack in /etc/sysctl.conf worked for
me on a Pentium II machine:
machdep.apmhalt=1# 1=powerdown hack, try if halt -p doesn't work

(I can't verify it because the machine is totally disconnected right now)

regards,
Remco

Re: 4.6 reboots x336 ibm server(s)

[Vadim Zhukov]

On 28 October 2009 c. 18:36:34 FRLinux wrote:
> On Mon, Oct 26, 2009 at 9:03 PM, Marco Peereboom 
wrote:
> As I asked, can anyone tell me which flags are disabled during the
> install ? (disabling acpi during install was enough to get the system
> installed but then it won't boot...)

You can just diff /usr/src/sys/arch/`uname -m`/conf/GENERIC
and /usr/src/sys/arch/`uname -m`/conf/RAMDISK.

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: 4.6 reboots x336 ibm server(s)

[FRLinux]

On Mon, Oct 26, 2009 at 9:03 PM, Marco Peereboom  wrote:
> Does it have broadcom nics?
>
> if do disable those and try again.

Hello still the same problem. Out of curiosity, tried to boot off the
amd64 CD but failing the same. Suggestions?

As I asked, can anyone tell me which flags are disabled during the
install ? (disabling acpi during install was enough to get the system
installed but then it won't boot...)

Cheers,
Steph

Re: powering off with shutdown -hp?

[Theo de Raadt]

> >From the dmesg (below), this appears to be an old APM-based
> >motherboard.  The shutdown(8) manpage states that  not all hardware
> >supports automatic power down.  That's fine if this hardware doesn't
> >support it, but given the "Attempting to power down..." message, I am
> >curious if it might be possible.
> > 
> > apm0 at bios0: Power Management spec V1.2
> > apm0: AC on, battery charge unknown
> > acpi at bios0 function 0x0 not configured
> 
> Your dmesg show that your machine can do apm and acpi. OpenBSD uses
> always apm if both is possible.

Wrong.  There is a sophisticated heuristic in play.

> Sometimes these old machines can
> poweroff only with acpi, but not with apm.

Wrong.  Something else is wrong.

> You can try to disable apm in
> the kernel config. OpenBSD then uses acpi. Maybe this works for
> poweroff. I have a old machine that can't poweroff with apm, but can do
> it with acpi.

Re: Error messages from bridge machines

[Joachim Schipper]

On Wed, Oct 28, 2009 at 06:40:41AM -0500, stan wrote:
> I have 2 OpenBSD machines providing a bridge between 2 physical locations
> for a specific subnet. Last night, I got the following error messages on
> them:
> 
> Oct 28 07:23:13 pb48 isakmpd[11605]: message_recv: invalid cookie(s)
> +0e113721bf798717 6b4e0004066c308e
> Oct 28 07:23:13 pb48 isakmpd[11605]: dropped message from 10.209.120.15
> port 500
> +due to notification type INVALID_COOKIE
> 
> and on the other:
> 
> Oct 28 07:23:13 pblab isakmpd[2851]: message_recv: invalid cookie(s)
> +0e113721bf798717 6b4e0004066c308e
> Oct 28 07:23:13 pblab isakmpd[2851]: dropped message from 10.209.142.156
> port
> +500 due to notification type INVALID_COOKIE
> 
> Would I be correct in assuming thta these indicate packet coruption on the
> network connecting these 2 machines?
> 
> BTW, we have been having a lot of trouble with UDP based  protocols here, I
> have even switched NFS over to TCP to try to work around this. Is this
> error UDP? Or TCP?

Without NAT-traversal, which does use UDP, IPv4 IPsec uses a special IP
protocol (that is, a "sibling" of TCP, not a "child"). See `grep IPSEC
/etc/protocols`.

I'm not sure what caused that message, although corrupted packets might
be a possibility. You should look into that, really - networks shouldn't
randomly corrupt packets. (Are you aware that ping(8) takes -p and -s
options?)

Joachim

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Francesco Vollero]

Il giorno mer, 28/10/2009 alle 14.08 +0100, chefren ha scritto:
> Tomorrow, Thursday 29th of October:
> 
> Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam
> 
> 
> 
> 
> 18:00 gathering in front of De Deugniet, we will find some food in the
> neighborhood that has lots of places where we can eat.
> 
> >From 20:00 on we will gather into De Deugniet itself and have a drink on
> OpenBSD 4.6!
> 
> +++chefren
> 
It's unfair :( i come back from Amsterdam this morning :( 

Francesco

Re: Sun V120 gem and hme interfaces hang

[Bryan S. Leaman]

Daniel Ouellet wrote:

Bryan S. Leaman wrote:

Hi All,

I have a production firewall on a Sun V120 running OpenBSD 4.5 sparc64,
with 2 active interfaces.  Two weeks ago, the gem1 interface suddenly 
hung
and I was able to revive it using "ifconfig gem1 down; ifconfig gem1 
up". I found the following m...@openbsd thread from March 2009:


http://www.mail-archive.com/misc@openbsd.org/msg73257.html


Did you try the mp kernel to see if that makes a difference for you.

Out of curiosity, what effect would this have on a single CPU box?

Also, don't forget that the fix here is not in 4.5, but pass 4.5

And anything in your logs for timeout message may be?

And 4.6 is really around the corner now. Might be best to run it and see.
I know the fix for gem is in 4.6, but does the same problem affect hme?  
Since I'm having the problem with both drivers, I'm not sure if the 4.6 
fix is related to the problem I'm seeing.  Unlike your experience, I'm 
not getting any error messages in any logs or on the console.  The only 
clue is the ierrs/oerrs and some error counts on the switch.


I was able to kill the interface several times by pushing data through 
the firewall (into hme0 and out hme1) at around 70Mbps for 5-10 
minutes.  Same result--hme1 stopped responding but I could ping hosts on 
the hme0 side.  I'm fairly sure (it was a long night...) that one time I 
did the ifconfig down/up on *hme0* and that revived hme1, which seemed odd.


I ran "systat ifstat" during the failure, and it showed data flowing 
inbound through the firewall into hme0 and out hme1, but nothing in the 
other direction.  So hme1 seems to be half working.  Not sure if it 
matters, but I'm using altq with hfsc.


IFACE   STATE  IPKTS  IBYTES   IERRS   OPKTS  OBYTES   
OERRS   COLLS
hme0up:U   2 599   0   0   0   
0   0
hme1up:U   0   0   0   2 599   
0   0
Totals 2 599   0   2 599   
0   0


Any other suggestions?

Bryan

Re: Secure way to delete data in hard disc

[Joachim Schipper]

On Wed, Oct 28, 2009 at 08:52:20AM -0300, Gonzalo Lionel Rodriguez wrote:
> 2009/10/28 Jan Stary :
> > On Oct 27 16:12:54, Jordi Espasa Clofent wrote:
> > Could we please stop this thread now and never bring it back?  Thank you.
> >
> > (1) Your data is not that interesteing to anyone. (...)
> > (2) If you think you work with data that is so sensitive (which it isn't),
> >then you surely have the money needed to buy a new disk. (...)
> > (3) [Otherwise,] just dd if=/dev/zero of=/dev/sd0c (...)
> > (4) [Ignore Slashdot articles on this subject]
> 
> Put the sensitive files in a pseudo-device vnd and then delete it.

I think you mean "put the sensitive files in a pseudo-device vnd[1] and
then delete _the key_".

This, in fact, is the proper way to secure data. If your data is
important enough that it needs to be deleted this thoroughly, you can't
risk someone jacking your laptop/a disk out of your computer, either.

Joachim

[1] Or softraid crypto partition.

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Marco Peereboom]

I miss de deugniet :-)

Y'all have fun.

On Wed, Oct 28, 2009 at 02:08:07PM +0100, chefren wrote:
> Tomorrow, Thursday 29th of October:
> 
> Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam
> 
> 
> 
> 
> 18:00 gathering in front of De Deugniet, we will find some food in the
> neighborhood that has lots of places where we can eat.
> 
> >From 20:00 on we will gather into De Deugniet itself and have a drink on
> OpenBSD 4.6!
> 
> +++chefren

Tabela

[karoline . g . ferraz]

  1 anexo(s). Tabela.zip (171.KB)



Transportadora Sotran Ltda
Av Tiradentes, 2560, Londrina, PR
CNPJ: 79.086.468/0001-09 IE: 6011974056

Londrina-PR 28 de Outubro de 2009.

Prezado(a) Senhor(*),

Ola, solicitamos atravis desta orgamento dos itens discriminados na
tabela em anexo.
Desde ja agradecemos vossa colaboragco.

Atenciosamente,
Karoline Ferraz (Dep.Compras)
Transportadora Sotran Ltda

Re: Tomorrow: Amsterdam OpenBSD 4.6 release party!

[Paul de Weerd]

Hi Chefren, others,

On Wed, Oct 28, 2009 at 02:08:07PM +0100, chefren wrote:
| Tomorrow, Thursday 29th of October:
| 
| Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam
| 
| 

| 
| 
| 18:00 gathering in front of De Deugniet, we will find some food in the
| neighborhood that has lots of places where we can eat.
| 
| >From 20:00 on we will gather into De Deugniet itself and have a drink on
| OpenBSD 4.6!

I won't be able to stay all too long but I'll definitely join you guys
tomorrow evening for some food and a drink.

Cheers,

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Tomorrow: Amsterdam OpenBSD 4.6 release party!

[chefren]

Tomorrow, Thursday 29th of October:

Cafe de Deugniet Oude Brugsteeg 12, 1012 JP Amsterdam




18:00 gathering in front of De Deugniet, we will find some food in the
neighborhood that has lots of places where we can eat.

>From 20:00 on we will gather into De Deugniet itself and have a drink on
OpenBSD 4.6!

+++chefren

Re: Secure way to delete data in hard disc

[Gonzalo Lionel Rodriguez]

Put the sensitive files in a pseudo-device vnd and then delete it.

2009/10/28 Jan Stary :
> On Oct 27 16:12:54, Jordi Espasa Clofent wrote:
>> $ dd if=/dev/urandom of=
>> $ dd if=/deb/zero of=
>> ?Do you think is it safe enough? I mean ?is it enough against the common
>> recovery low-level data tools?
>
> Could we please stop this thread now and never bring it back?  Thank you.
>
> (1) Your data is not that interesteing to anyone. Nobody cares about
>the data on your wiped disks and nobody will ever spend any
>resources trying to read it.
>
> (2) If you think you work with data that is so sensitive (which it isn't),
>then you surely have the money needed to buy a new disk. Just
>destroy the old disk and be done with it. (You can even have fun
>doing it.)
>
> (3) If you simultaneously
>(a) work with sensitive data that cryptoaliens might be interested in
>(b) don't have the money to buy a new disk
>then just dd if=/dev/zero of=/dev/sd0c
>which _is_ enough; nobody ever recovered jack shit from this,
>and never will, period.
>
> (4) If you come accross a slashdot article that says that with a million
>dollars and loads of time to spend you _can_ recover a byte here and
>there, don't mail it to nobody.

Error messages from bridge machines

[stan]

I have 2 OpenBSD machines providing a bridge between 2 physical locations
for a specific subnet. Last night, I got the following error messages on
them:

Oct 28 07:23:13 pb48 isakmpd[11605]: message_recv: invalid cookie(s)
+0e113721bf798717 6b4e0004066c308e
Oct 28 07:23:13 pb48 isakmpd[11605]: dropped message from 10.209.120.15
port 500
+due to notification type INVALID_COOKIE

and on the other:

Oct 28 07:23:13 pblab isakmpd[2851]: message_recv: invalid cookie(s)
+0e113721bf798717 6b4e0004066c308e
Oct 28 07:23:13 pblab isakmpd[2851]: dropped message from 10.209.142.156
port
+500 due to notification type INVALID_COOKIE

Would I be correct in assuming thta these indicate packet coruption on the
network connecting these 2 machines?

BTW, we have been having a lot of trouble with UDP based  protocols here, I
have even switched NFS over to TCP to try to work around this. Is this
error UDP? Or TCP?


-- 
One of the main causes of the fall of the roman empire was that, lacking
zero, they had no way to indicate successful termination of their C
programs.

Re: Dual core install problems with ichiic

[Vadim Zhukov]

On 28 October 2009 c. 14:13:52 Marcus Booth wrote:
> I looked through GENERIC after reading a bit and uncommented this
>
> #pseudo-device raid 4
>
>   I also added the following line after reading a tutorial.
>
> option   RAID_AUTOCONFIG
>
> The OBSD FAQ indicates I have to uncomment the first line to get raid
> support.  Am I missing something?

Yes. Those options are related to RAIDFrame, see raid(4).

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Dual core install problems with ichiic

[Marcus Booth]

I looked through GENERIC after reading a bit and uncommented this

#pseudo-device raid 4

  I also added the following line after reading a tutorial.

option   RAID_AUTOCONFIG

The OBSD FAQ indicates I have to uncomment the first line to get raid
support.  Am I missing something?
Thanks


On Wed, Oct 28, 2009 at 5:40 AM, Kenneth R Westerback <
kwesterb...@rogers.com> wrote:

> On Wed, Oct 28, 2009 at 04:14:55AM -0500, Marcus Booth wrote:
> > With good advice supplied earlier, I was able to get my install booting
> on
> > an intel dual core after some of you
> > suggested disabling ichiic.  While struggling (prior to the advice) with
> > that, I installed on a quad core with Gigabyte mobo and had
> > no problems at all.  AFter the succesful boot on the dual core I tried to
> > enable softraid and rebuilt the kernel.  That yielded a kernel panic so
> > I reverted to the old kernel.  Would the gigabyte mobo possibly solve the
> > ichiic problem as well as the kernel panic issues?
> > Thanks,
> > Marcus Booth
> >
>
> Hard to tell without seeing the trace from the panic.
>
> As far as I can see softraid was enabled by default in GENERIC in
> November of 2007, so it's also unclear what you mean by 'enable
> softraid and rebuilt the kernel'.
>
>  Ken

Re: Multiple ssl servers on one external IP by using internal addresses?

[Sunnz]

On 2008-11-10, Damien Miller wrote:

> Source code to implement SNI is present in OpenBSD -current's OpenSSL
> but is disabled. I'll look at turning it on when OpenSSL makes a stable
> release with it enabled.
>
> SNI in OpenSSL is only one prerequisite though, it also need to be
> supported by Apache or whatever HTTP server you are using. The in-tree
> Apache doesn't support SNI, but perhaps apache2 in ports does.

Just wondering, how has this been going for after nearly a year?

I am guessing that -current as of October 2009 have SNI turned on
OpenSSL? Apache2 seem to support it since 2.2.12, and the -current
ports have 2.2.13... I am guess that OpenBSD-current with apache2 from
ports would be able to provide SNI functionality?

What about apache 1.3 as included in the base? Does anybody know if it
supports SNI?

Cheers.

Re: Dual core install problems with ichiic

[Kenneth R Westerback]

On Wed, Oct 28, 2009 at 04:14:55AM -0500, Marcus Booth wrote:
> With good advice supplied earlier, I was able to get my install booting on
> an intel dual core after some of you
> suggested disabling ichiic.  While struggling (prior to the advice) with
> that, I installed on a quad core with Gigabyte mobo and had
> no problems at all.  AFter the succesful boot on the dual core I tried to
> enable softraid and rebuilt the kernel.  That yielded a kernel panic so
> I reverted to the old kernel.  Would the gigabyte mobo possibly solve the
> ichiic problem as well as the kernel panic issues?
> Thanks,
> Marcus Booth
> 

Hard to tell without seeing the trace from the panic.

As far as I can see softraid was enabled by default in GENERIC in
November of 2007, so it's also unclear what you mean by 'enable
softraid and rebuilt the kernel'.

 Ken

Re: printing

[Fred Crowson]

On 10/28/09, igor denisov  wrote:
> Hi, there,
> I have this and no idea what to do
> lpq
> Warning: no daemon present
> Rank   Owner  Job   Files
> Total Size
> 1st  me 14 (standard input)
>
> regards
> --
> igor denisov.

Read the man pages?

printing

[igor denisov]

Hi, there,
I have this and no idea what to do
lpq
Warning: no daemon present
Rank   Owner  Job   Files 
Total Size

1st  me 14 (standard input)

regards
--
igor denisov.

Dual core install problems with ichiic

[Marcus Booth]

With good advice supplied earlier, I was able to get my install booting on
an intel dual core after some of you
suggested disabling ichiic.  While struggling (prior to the advice) with
that, I installed on a quad core with Gigabyte mobo and had
no problems at all.  AFter the succesful boot on the dual core I tried to
enable softraid and rebuilt the kernel.  That yielded a kernel panic so
I reverted to the old kernel.  Would the gigabyte mobo possibly solve the
ichiic problem as well as the kernel panic issues?
Thanks,
Marcus Booth

Christmas on the beach at the best price

[Crown Paradise Resorts]

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation DealsClub Vacation Deals

Club Vacation Deals

This is an exclusive promotion from Crown Paradise Resorts
Mexico +52 (322) 224 0347
Los Angeles, CA (310) 598 1844
Click here to unsubscribe from our mailing list

Re: Sun V120 gem and hme interfaces hang

[Daniel Ouellet]

Bryan S. Leaman wrote:

Hi All,

I have a production firewall on a Sun V120 running OpenBSD 4.5 sparc64,
with 2 active interfaces.  Two weeks ago, the gem1 interface suddenly hung
and I was able to revive it using "ifconfig gem1 down; ifconfig gem1 up". 
I found the following m...@openbsd thread from March 2009:


http://www.mail-archive.com/misc@openbsd.org/msg73257.html


Did you try the mp kernel to see if that makes a difference for you.

Also, don't forget that the fix here is not in 4.5, but pass 4.5

And anything in your logs for timeout message may be?

And 4.6 is really around the corner now. Might be best to run it and see.

Best,

Daniel

Re: powering off with shutdown -hp?

[Rene Maroufi]

On Tue, Oct 27, 2009 at 10:22:59PM -0700, Fred Snurd wrote:
> 
>From the dmesg (below), this appears to be an old APM-based
>motherboard.  The shutdown(8) manpage states that  not all hardware
>supports automatic power down.  That's fine if this hardware doesn't
>support it, but given the "Attempting to power down..." message, I am
>curious if it might be possible.
> 
> apm0 at bios0: Power Management spec V1.2
> apm0: AC on, battery charge unknown
> acpi at bios0 function 0x0 not configured

Your dmesg show that your machine can do apm and acpi. OpenBSD uses
always apm if both is possible. Sometimes these old machines can
poweroff only with acpi, but not with apm. You can try to disable apm in
the kernel config. OpenBSD then uses acpi. Maybe this works for
poweroff. I have a old machine that can't poweroff with apm, but can do
it with acpi.

Regards
Rene
-- 
Reni Maroufi
i...@maroufi.net

Re: 200g harddisk after newfs = Available 174g?

[Peter Strömberg]

On 28 Oct 2009 at 14:59, Jennifer Ma wrote:

> hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder
> brother, after i disklabel, newfs and mount the disk.  only 174g is
> shown as available, in windows(through samba), said 9.16g already been
> used.  is there any way i can claim those space back?  much thanks!
> ...
> bytes/sector: 512
> total sectors: 390721968

Harddisk manufacturers gigabyte != computer gigabyte

$ bc
scale=2
390721968*512/10^9 
200.04
390721968*512/2^30
186.31

So, you have a 186GB disk

Re: 200g harddisk after newfs = Available 174g?

[Robert]

On Wed, 28 Oct 2009 14:59:01 +0800
Jennifer Ma  wrote:

> hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder
> brother, after i disklabel, newfs and mount the disk.  only 174g is
> shown as available, in windows(through samba), said 9.16g already been
> used.  is there any way i can claim those space back?  much thanks!
> 
> # disklabel wd1
> # /dev/rwd1c:
> type: ESDI
> disk: ESDI/IDE disk
> label: ST3200826A
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 16383
> total sectors: 390721968
> rpm: 3600
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>   a:390721905   63  4.2BSD   2048 163841
>   c:3907219680  unused
> 
> 
> # df -h
> # Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/wd0a  1.8G1.4G313M82%/
> /dev/wd1a  183G2.0K174G 0%/www01


newfs(8):

 -m free-space
 The percentage of space reserved from normal users; the mini-
 mum free space threshold.  The default value used is 5%.  See
 tunefs(8) for more details on how to set this option.

tunefs(8):

 -m minfree
 This value specifies the percentage of space held back from nor-
 mal users; the minimum free space threshold.  The default value
 is set during creation of the filesystem; see newfs(8).  This
 value can be set to zero, however up to a factor of three in
 throughput will be lost over the performance obtained at a 5%
 threshold.  Note that if the value is raised above the current
 usage level, users will be unable to allocate files until enough
 files have been deleted to get under the higher threshold.


- Robert

Re: 200g harddisk after newfs = Available 174g?

[Paul de Weerd]

Hi Jennifer,

On Wed, Oct 28, 2009 at 02:59:01PM +0800, Jennifer Ma wrote:
| 16 partitions:
| #size   offset  fstype [fsize bsize  cpg]
|   a:390721905   63  4.2BSD   2048 163841
|   c:3907219680  unused
| 
| 
| # df -h
| # Filesystem SizeUsed   Avail Capacity  Mounted on
| /dev/wd0a  1.8G1.4G313M82%/
| /dev/wd1a  183G2.0K174G 0%/www01

390721905 sectors of 512 bytes each gives you 200049615360 bytes of
storage. That's ~195360952 kilobyte or ~190782 megabyte or ~186
gigabyte. Unlike storage vendors, df considers a kilobyte to be 1024
bytes, a megabyte to be 1048576 bytes and a gigabyte to be 1073741824
bytes; storage vendors take the mega and giga prefixes to take their
original SI meaning. (there's even a small army gathering on the
internet that wants everybody to use special terms for these amounts,
but you can safely ignore them as it doesn't really matter all that
much for practical purposes)

Add to this the fact that the filesystem reserves 5% of space for
"overflowing" purposes (which can only be used by root) and the
numbers add up nicely.

For more details on the reserved space, see the tunefs(8) manpage,
specifically the -m option.

Cheers,

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: 200g harddisk after newfs = Available 174g?

[Johan Beisser]

Two words: Filesystem Overhead.

On Tue, Oct 27, 2009 at 11:59 PM, Jennifer Ma  wrote:
> hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder
> brother, after i disklabel, newfs and mount the disk.  only 174g is
> shown as available, in windows(through samba), said 9.16g already been
> used.  is there any way i can claim those space back?  much thanks!
>
> # disklabel wd1
> # /dev/rwd1c:
> type: ESDI
> disk: ESDI/IDE disk
> label: ST3200826A
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 16383
> total sectors: 390721968
> rpm: 3600
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>  a:390721905   63  4.2BSD   2048 163841
>  c:3907219680  unused
>
>
> # df -h
> # Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/wd0a  1.8G1.4G313M82%/
> /dev/wd1a  183G2.0K174G 0%/www01

200g harddisk after newfs = Available 174g?

[Jennifer Ma]

hi all, lately, i obtained a seagate 200g(wd1) harddisk from my elder
brother, after i disklabel, newfs and mount the disk.  only 174g is
shown as available, in windows(through samba), said 9.16g already been
used.  is there any way i can claim those space back?  much thanks!

# disklabel wd1
# /dev/rwd1c:
type: ESDI
disk: ESDI/IDE disk
label: ST3200826A
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16383
total sectors: 390721968
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:390721905   63  4.2BSD   2048 163841
  c:3907219680  unused


# df -h
# Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  1.8G1.4G313M82%/
/dev/wd1a  183G2.0K174G 0%/www01

Re: Secure way to delete data in hard disc

[Jan Stary]

On Oct 27 16:12:54, Jordi Espasa Clofent wrote:
> $ dd if=/dev/urandom of=
> $ dd if=/deb/zero of=
> ?Do you think is it safe enough? I mean ?is it enough against the common  
> recovery low-level data tools?

Could we please stop this thread now and never bring it back?  Thank you.

(1) Your data is not that interesteing to anyone. Nobody cares about
the data on your wiped disks and nobody will ever spend any
resources trying to read it.

(2) If you think you work with data that is so sensitive (which it isn't),
then you surely have the money needed to buy a new disk. Just
destroy the old disk and be done with it. (You can even have fun
doing it.)

(3) If you simultaneously
(a) work with sensitive data that cryptoaliens might be interested in
(b) don't have the money to buy a new disk
then just dd if=/dev/zero of=/dev/sd0c
which _is_ enough; nobody ever recovered jack shit from this,
and never will, period.

(4) If you come accross a slashdot article that says that with a million
dollars and loads of time to spend you _can_ recover a byte here and
there, don't mail it to nobody.