Re: OpenBSD on Wyse C90LE

[Paul de Weerd]

On Thu, Jan 28, 2010 at 01:59:59AM -0500, Predrag Punosevac wrote:
| Dear All,
|
| I was wondering if anybody tried to install OpenBSD on Wyle C90LE.
|
| http://www.wyse.com/products/hardware/thinclients/C90LE/index.asp
|
| We are planning to equip 120 thin clients computer lab with those. I got
| today one for my office for evaluation purposes and I really liked the
| toy. It comes with Windows XPe but I almost can feel that it is crying
| to be reinstalled with OpenBSD. I looked and it does support PXE boot.
| I have not checked yet if it can boot via USB. Specifications can be
| found at
|
| http://www.wyse.com/products/hardware/thinclients/C90LE/index.asp

I've evaluated another model (R50L) at my place of work somewhere last
year. As our main question was 'can it drive 2x 30" monitors' and the
default Linux install was both a pain to use and configure and didn't
properly support 2x 30", I quickly installed OpenBSD (yes, from USB,
worked flawlessly), fired up X with the two monitors attached, and it
came up in all its 5120x1600 glory (this model had ATI graphics so was
no problem to get running).

So, I'm not sure if the C90LE will work for you, the moral of the
story is to just give it a shot. And if it doesn't, and this is
important to you, at least the R50L works great so you could consider
switching to that model.

Cheers,

Paul 'WEiRD' de Weerd

--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/

OpenBSD on Wyse C90LE

[Predrag Punosevac]

Dear All,

I was wondering if anybody tried to install OpenBSD on Wyle C90LE.

http://www.wyse.com/products/hardware/thinclients/C90LE/index.asp

We are planning to equip 120 thin clients computer lab with those. I got
today one for my office for evaluation purposes and I really liked the
toy. It comes with Windows XPe but I almost can feel that it is crying
to be reinstalled with OpenBSD. I looked and it does support PXE boot.
I have not checked yet if it can boot via USB. Specifications can be 
found at 

http://www.wyse.com/products/hardware/thinclients/C90LE/index.asp

Cheers,
Predrag

Re: fsck segfault on a big partition, 4.6

[Robert]

nixlists wrote:

The idea is to limit memory such that running out of RAM+swap is not
possible, or unlikely. You can set the limit on the allowed number of
processes as well.


I do use ulimit / login.conf for some processes, but does anybody really 
use it for *all possible* processes on each production machine?
Including the necessary research into what could be the max. memory they 
*might* need in a spike situation?

I honestly doubt that...

So I think the "safe option" is so far to have enough physical RAM for 
the usual workload (based on an estimate), and then add a generous swap 
space for the worst cases.
Does this sound practical? Or am I running into other issues with a 20GB 
swap?



regards,
Robert

Re: Postgresql and Memory Usage

[Bret S. Lambert]

On Wed, Jan 27, 2010 at 06:55:29PM -0500, Ted Unangst wrote:
> Shm shouldn't be mapped in the kernel, so large values won't be that
> bad.

But the way that shared mem is implemented means that larger
values require a larger malloc(9), which can increase the
pressure on kva space, which can panic your machine; in
fact, there was someone asking about this on misc@ not too
long ago. Changing this to a better data structure is on
my list of things to (eventually) do.

> 
> On Jan 27, 2010, at 5:01 PM, Tobias Ulmer  wrote:
> 
> >On Wed, Jan 27, 2010 at 02:13:45PM -0700, Jeff Ross wrote:
> >>I have searched (and searched) so I wonder if I'm running into the
> >>i386 1GB limit I see referenced, as in the thread today about fsck
> >>on larger partitions.
> >
> >Yes you do. Also, kernel memory is limited, insane shm value will
> >probably (havn't looked at the code) have bad effects.

Re: File system

[Duncan Patton a Campbell]

On Wed, 27 Jan 2010 18:54:31 -0500
Ted Unangst  wrote:

> I suspect man growfs may be closer to his needs. Hopefully g is at the  
> end of a drive with some space left.
> 
> On Jan 27, 2010, at 5:11 PM, "L. V. Lammert"  wrote:
> 
> > On Wed, 27 Jan 2010, Yamidt Henao wrote:
> >
> >> Hi,
> >>
> >> somebody know how I can change the mount available in me file system?
> >>
> >> # df -h
> >> Filesystem SizeUsed   Avail Capacity  Mounted on
> >> /dev/wd0a  159M   70.5M   80.4M47%/
> >> /dev/wd0f 11.6M130K   10.9M 1%/home
> >> /dev/wd0d 19.3M   12.0K   18.3M 0%/tmp
> >> /dev/wd0g  632M632M  -31.6M   105%/usr
> >> /dev/wd0e  2.3G641M1.6G28%/var
> >>
> > man fstab
> 

He's growing something fat in /usr.  This content should
moved to somewhere in /var, say /var/youser/, and then
linked back into /usr with

ln -s /var/youser /usr/youser 

ergo, 
man mv
 and
man ln
have my vote ;-)

Dhu

Re: fsck segfault on a big partition, 4.6

[nixlists]

On Wed, Jan 27, 2010 at 9:23 PM, bofh  wrote:
>> The idea is to limit memory such that running out of RAM+swap is not
>> possible, or unlikely. You can set the limit on the allowed number of
>> processes as well.
>
>
> $ ulimit -m
> 971876
> $ dmesg | grep real\ mem
> real mem  = 1039691776 (991MB)
>
> So... this box should run only one process?
>
> $ ps -auxww|wc
>  54 7134936
>
> If I were to use the max memory usage of each process, I would need a
> 53Gig ram machine?

Hmm seems like someone is playing dumb or trolling... Have you read
the man pages? Read setrlimit(2), read your shell's man page. Read the
login.conf man page.

$ man ksh:

[snip]

-d n   Impose a size limit of n kilobytes on the size of the data
area.

 -f n   Impose a size limit of n blocks on files written by the
shell and its child processes (files of any size may be
read).

 -H Set the hard limit only (the default is to set both hard
and soft limits).

 -l n   Impose a limit of n kilobytes on the amount of locked
(wired) physical memory.

 -m n   Impose a limit of n kilobytes on the amount of physical
memory used.

 -n n   Impose a limit of n file descriptors that can be open at
once.

 -p n   Impose a limit of n processes that can be run by the user
at any one time.

 -S Set the soft limit only (the default is to set both hard
and soft limits).

 -s n   Impose a size limit of n kilobytes on the size of the
stack area.

 -t n   Impose a time limit of n CPU seconds spent in user mode
to
be used by each process.

[/snip]


I use 'chpst' from the runit package in my run scripts though.
$ man chpst

[snip]

 -m bytes
  limit memory.  Limit the data segment,  stack  seg-
  ment,  locked physical pages, and total of all seg-
  ment per process to bytes bytes each.

   -d bytes
  limit data segment.  Limit  the  data  segment  per
  process to bytes bytes.

   -o n   limit  open  files.   Limit the number of open file
  descriptors per process to n.

   -p n   limit processes.  Limit the number of processes per
  uid to n.

   -f bytes
  limit  output  size.  Limit the output file size to
  bytes bytes.

   -c bytes
  limit core size.  Limit the core file size to bytes
  bytes.

[/snip]

I just use '-m' with it.

An additional layer of protection from setrlimit() is great to have
even if your daemon limits itself. If there's a bug and a process
starts eating away at memory, it will be killed.

Services as run by 'runit' are supervised by 'runsv' so if a daemon
dies (for any reason, just think of some reasons) it will get
restarted in a second. With runit you can configure some services not
to get restarted, run a script when a service exits, etc, etc. More
features than 'daemontools', but daemontools-compatible.

smarden.org/runit

Re: fsck segfault on a big partition, 4.6

[Ted Unangst]

Obviously, as any competent sysadmin like nixlists knows, you should  
restrict all your processes to a max of 20 megs.


On Jan 27, 2010, at 9:23 PM, bofh  wrote:


On Wed, Jan 27, 2010 at 8:14 PM, nixlists  wrote:

On Wed, Jan 27, 2010 at 7:53 PM, Denis Doroshenko
 wrote:

aren't you missing the point of original comment made by Otto?

consider a situation, when all the processes in the system "are
behaving", none of them violates their rlimits, but they all  
together

have allocated more memory than the box contains (RAM + swap).


The idea is to limit memory such that running out of RAM+swap is not
possible, or unlikely. You can set the limit on the allowed number of
processes as well.



$ ulimit -m
971876
$ dmesg | grep real\ mem
real mem  = 1039691776 (991MB)

So... this box should run only one process?

$ ps -auxww|wc
 54 7134936

If I were to use the max memory usage of each process, I would need a
53Gig ram machine?


--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: way to help: laptops and weekly

[Jonathan Thornburg]

"Bofh (Peter Kay)"  suggested
> System maintenance, IMO, should be invisible to the user unless it
> requires input. Shutdown is
> a poor time to run maintenance because it's (probably) run more often 
> when something needs to
> be done to the machine or the user has to go somewhere in a hurry.
>   
> I like the ideas of running it say half an hour after startup,

You mean right in the middle of an hour-long presentation whose
movies don't really play fast enough as it is?  Ick.

A few days ago I had to give a presentation using a laptop running
Windows 95 (my OpenBSD laptop can't seem to do external video output
properly, and I've been too busy to track down the problem or file a
proper bug report).  Every 10-15 minutes during the talk, a window
would pop up saying that the system was about to update virus
definitions, and giving me 15 seconds or so to click the "go away,
don't bother me now" button.  This sort of experience is *not* one
that I'd like to repeat under OpenBSD...

Some of the /etc/weekly stuff (eg rebuilding locatedb) involves
walking all (non-NFS) mounted filesystems, so it really eats disk
seek bandwidth, i.e., it makes the machine painfully slow for most
other use while it's running.  So, only a human can decide when a
good "quiet" time is to run the disk-cruncher.  No automatic scheme
can avoid being at a bad time occasionally for some users.

So, what's needed is a cron with flexible-enough specification
semantics (a.k.a. "crontab on steroids") so a human can tell cron
what the ok-to-run times are.

Alas, I am *not* vounteering to write such a program at this time
(way too much "life" happening already), so in the OpenBSD spirit,
I hereby forfeit any rights-to-complain-loudly that I might otherwise
have had.

ciao,

-- 
-- "Jonathan Thornburg [remove -animal to reply]" 

   Dept of Astronomy, Indiana University, Bloomington, Indiana, USA
   "If the triangles made a god, it would have three sides." -- Voltaire

Re: fsck segfault on a big partition, 4.6

[bofh]

On Wed, Jan 27, 2010 at 8:14 PM, nixlists  wrote:
> On Wed, Jan 27, 2010 at 7:53 PM, Denis Doroshenko
>  wrote:
>> aren't you missing the point of original comment made by Otto?
>>
>> consider a situation, when all the processes in the system "are
>> behaving", none of them violates their rlimits, but they all together
>> have allocated more memory than the box contains (RAM + swap).
>
> The idea is to limit memory such that running out of RAM+swap is not
> possible, or unlikely. You can set the limit on the allowed number of
> processes as well.


$ ulimit -m
971876
$ dmesg | grep real\ mem
real mem  = 1039691776 (991MB)

So... this box should run only one process?

$ ps -auxww|wc
  54 7134936

If I were to use the max memory usage of each process, I would need a
53Gig ram machine?


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Re: fsck segfault on a big partition, 4.6

[nixlists]

On Wed, Jan 27, 2010 at 7:53 PM, Denis Doroshenko
 wrote:
> On 1/28/10, nixlists  wrote:
>>  Why kill random processes that may not be misbehaving and/or cause a
>>  kernel panic when you want to kill the process(es) that leak memory or
>>  are hungry in the first place? It's possible to avoid kernel panics in
>>  this case IMO, and not kill random processes.
>
> aren't you missing the point of original comment made by Otto?
>
> consider a situation, when all the processes in the system "are
> behaving", none of them violates their rlimits, but they all together
> have allocated more memory than the box contains (RAM + swap).

The idea is to limit memory such that running out of RAM+swap is not
possible, or unlikely. You can set the limit on the allowed number of
processes as well.

You know how much memory you have, you know how much memory to give to
your processes. You can set limits. IOW, you should tell the system
which processes to kill when they use too much, and how many processes
to run - not let the system reach the OOM state and start killing
random processes (and I think this is stupid) or panic.

> so the OS needs to do something. what should it do? should it just
> panic? or may be losing one process is better than losing them all?
> then, what are the criteria for choosing processes to be killed?..

Again, the configuration should be such that reaching the OOM state is
unlikely. If after all, this state is reached, I think letting the
kernel going berserk and kill random processes isn't helping much.

> wondering if "random" means the process with PID 1 could be one of them...

Re: fsck segfault on a big partition, 4.6

[Johan Beisser]

On Wed, Jan 27, 2010 at 4:53 PM, Denis Doroshenko
 wrote:

> so the OS needs to do something. what should it do? should it just
> panic? or may be losing one process is better than losing them all?
> then, what are the criteria for choosing processes to be killed?..
>
> wondering if "random" means the process with PID 1 could be one of them...

The process killer in modern Linux 2.6 doesn't quite suffer the same
stupid as early versions. It doesn't mean I like it, but it's unlikely
to cause you nearly as much pain.

Back to your regularly scheduled OpenBSD fsck(8) discussion.

Re: fsck segfault on a big partition, 4.6

[Denis Doroshenko]

On 1/28/10, nixlists  wrote:
>  Why kill random processes that may not be misbehaving and/or cause a
>  kernel panic when you want to kill the process(es) that leak memory or
>  are hungry in the first place? It's possible to avoid kernel panics in
>  this case IMO, and not kill random processes.

aren't you missing the point of original comment made by Otto?

consider a situation, when all the processes in the system "are
behaving", none of them violates their rlimits, but they all together
have allocated more memory than the box contains (RAM + swap).

so the OS needs to do something. what should it do? should it just
panic? or may be losing one process is better than losing them all?
then, what are the criteria for choosing processes to be killed?..

wondering if "random" means the process with PID 1 could be one of them...

Re: Postgresql and Memory Usage

[Ted Unangst]

Shm shouldn't be mapped in the kernel, so large values won't be that  
bad.


On Jan 27, 2010, at 5:01 PM, Tobias Ulmer  wrote:


On Wed, Jan 27, 2010 at 02:13:45PM -0700, Jeff Ross wrote:

I have searched (and searched) so I wonder if I'm running into the
i386 1GB limit I see referenced, as in the thread today about fsck
on larger partitions.


Yes you do. Also, kernel memory is limited, insane shm value will
probably (havn't looked at the code) have bad effects.

Re: File system

[Ted Unangst]

I suspect man growfs may be closer to his needs. Hopefully g is at the  
end of a drive with some space left.


On Jan 27, 2010, at 5:11 PM, "L. V. Lammert"  wrote:


On Wed, 27 Jan 2010, Yamidt Henao wrote:


Hi,

somebody know how I can change the mount available in me file system?

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  159M   70.5M   80.4M47%/
/dev/wd0f 11.6M130K   10.9M 1%/home
/dev/wd0d 19.3M   12.0K   18.3M 0%/tmp
/dev/wd0g  632M632M  -31.6M   105%/usr
/dev/wd0e  2.3G641M1.6G28%/var


man fstab

Re: Postgresql and Memory Usage

[Jeff Ross]

Tobias Ulmer wrote:

On Wed, Jan 27, 2010 at 02:13:45PM -0700, Jeff Ross wrote:

I have searched (and searched) so I wonder if I'm running into the
i386 1GB limit I see referenced, as in the thread today about fsck
on larger partitions.


Yes you do. Also, kernel memory is limited, insane shm value will
probably (havn't looked at the code) have bad effects.



Thanks!

By what definition of insane?  I'd like to be able to say to the PostgreSQL 
folks that their sizing model doesn't work on OpenBSD because of x but this is 
the correct way to size on OpenBSD.


Also, I just saw a message from in the same thread referenced above that amd64 
is also limited to, if I'm reading between the lines correctly, 3GB physical 
memory.


The postgresql people suggest it is a ulimit problem but I have followed the 
README.OpenBSD there as well and put the _postgresql user in its own login 
class with increased openfiles-cur limits.  Unfortunately that has not helped.


Jeff

Re: fsck segfault on a big partition, 4.6

[nixlists]

On Wed, Jan 27, 2010 at 10:35 AM, Robert  wrote:
> frantisek holop wrote:
>>
>> the kernel will kill random processes?  are we talking about linux's OOM
>> here or openbsd?  since when is this in openbsd?  i seem to recall
>> some debate where openbsd devs found that idea ridiculous.  i know i do,
>> and the machine should panic instead of starting shooting down processes.
>>
>> -f
>
> Am I missing something here?
> If the OS runs out of (any) memory then there is already a serious problem.
> In such a case I would prefer that the kernel kills some random
applications
> but protects itself, so that I can login on the console and check what's
> going on. It might even be possible to make a clean reboot (avoiding a long
> fsck).
> A kernel panic is IMHO the worst option.

Why kill random processes that may not be misbehaving and/or cause a
kernel panic when you want to kill the process(es) that leak memory or
are hungry in the first place? It's possible to avoid kernel panics in
this case IMO, and not kill random processes.

When starting daemons (and other stuff you suspect can be hungry), you
can use the shell's 'ulimit' to tell the kernel to kill the process
should it try to allocate more memory than you think it needs.

look up setrlimit(2)

The 'chpst' utility from the 'runit' package or 'softlimit' from
daemontools is more convenient for this purpose than the shell. Many,
if not most people run their daemons without memory limits though.

Re: fsck segfault on a big partition, 4.6

[Brad Tilley]

Whoops... re-reading, I see that I missed your disklabel output... sorry.


On Wed, 27 Jan 2010 17:25 -0500, "Brad Tilley"  wrote:
> On Wed, 27 Jan 2010 20:43 +, "Rob Sheldon" 
> wrote:
> 
> [snip]
> 
> > softraid0 at root
> > root on sd1a swap on sd1b dump on sd1b
> > 
> > ...that's odd, it's showing swap (and dump) on sd1b, but there's no such
> > thing:
> > 
> > $ sudo df /dev/sd1b
> > df: /dev/sd1b: Device not configured
> >
> > ...maybe it really doesn't like running without swap?
> 
> It's there. disklabel -vh sd1 and you'll see b is swap. Try swapctl as
> well... also dmesg | grep swap:
> 
> root on sd1a swap on sd1b dump on sd1b
>  
> 
> > Oh wait, it's showing only 3G of memory installed. I just physically
> > checked the machine, and it has 4 full banks of 2G each. amd64 should be
> > able to address that, right?
> 
> I think you would need a bigmem enabled kernel.
>  
> > That could certainly explain why fsck is unhappy.
> > 
> > Thanks,
> > 
> > - R.
> > 
> > -- 
> > [__ Robert Sheldon
> > [__ Founder, No Problem
> > [__ Information technology support and services
> > [__ Software and web design and development
> > [__ (530) 575-0278
> > [__ "You must be the change you wish to see in the world." -- Mahatma
> > Gandhi

Re: fsck segfault on a big partition, 4.6

[Stuart Henderson]

On 2010-01-27, Rob Sheldon  wrote:
> The longer version: this is a backup server running backuppc for a
> corporate client ("large enough number of workstations") that does research
> work ("some really big files"). I _thought_ I had read the big filesystem
> FAQ carefully, but somehow missed that fsck simply couldn't handle anything
> over 1TB without doing funny things during the fs setup.

"The default is to create an inode for each 8192 bytes of data space".

They aren't especially funny things; if you have a fairly large
filesystem with files most people would now call "medium" or larger,
you'll probably be rather surprised at the difference in fsck time
if you lower the inode density a bit...

If it's not essential data I don't think I'd waste time tryings
to fsck it. Force a read-only mount and copy any backuppc config
you need off first, disklabel, allocate some swap, consider
splitting into smaller chunks, and newfs with more appropriate
settings, you'll still have the main OS install on the other
partitions. Or, indeed, use a different OS if you prefer.

Re: fsck segfault on a big partition, 4.6

[Brad Tilley]

On Wed, 27 Jan 2010 20:43 +, "Rob Sheldon"  wrote:

[snip]

> softraid0 at root
> root on sd1a swap on sd1b dump on sd1b
> 
> ...that's odd, it's showing swap (and dump) on sd1b, but there's no such
> thing:
> 
> $ sudo df /dev/sd1b
> df: /dev/sd1b: Device not configured
>
> ...maybe it really doesn't like running without swap?

It's there. disklabel -vh sd1 and you'll see b is swap. Try swapctl as well... 
also dmesg | grep swap:

root on sd1a swap on sd1b dump on sd1b
 

> Oh wait, it's showing only 3G of memory installed. I just physically
> checked the machine, and it has 4 full banks of 2G each. amd64 should be
> able to address that, right?

I think you would need a bigmem enabled kernel.
 
> That could certainly explain why fsck is unhappy.
> 
> Thanks,
> 
> - R.
> 
> -- 
> [__ Robert Sheldon
> [__ Founder, No Problem
> [__ Information technology support and services
> [__ Software and web design and development
> [__ (530) 575-0278
> [__ "You must be the change you wish to see in the world." -- Mahatma
> Gandhi

Re: File system

[L. V. Lammert]

On Wed, 27 Jan 2010, Yamidt Henao wrote:

> Hi,
>
> somebody know how I can change the mount available in me file system?
>
> # df -h
> Filesystem SizeUsed   Avail Capacity  Mounted on
> /dev/wd0a  159M   70.5M   80.4M47%/
> /dev/wd0f 11.6M130K   10.9M 1%/home
> /dev/wd0d 19.3M   12.0K   18.3M 0%/tmp
> /dev/wd0g  632M632M  -31.6M   105%/usr
> /dev/wd0e  2.3G641M1.6G28%/var
>
man fstab

Re: Postgresql and Memory Usage

[Tobias Ulmer]

On Wed, Jan 27, 2010 at 02:13:45PM -0700, Jeff Ross wrote:
> I have searched (and searched) so I wonder if I'm running into the
> i386 1GB limit I see referenced, as in the thread today about fsck
> on larger partitions.

Yes you do. Also, kernel memory is limited, insane shm value will
probably (havn't looked at the code) have bad effects.

File system

[Yamidt Henao]

Hi,

somebody know how I can change the mount available in me file system?

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  159M   70.5M   80.4M47%/
/dev/wd0f 11.6M130K   10.9M 1%/home
/dev/wd0d 19.3M   12.0K   18.3M 0%/tmp
/dev/wd0g  632M632M  -31.6M   105%/usr
/dev/wd0e  2.3G641M1.6G28%/var


Regards,

Yamidt Henao

Re: Sed and GNU-like

[Stuart Henderson]

On 2010-01-27, ropers  wrote:
> Or maybe FreeBSD uses GNU sed -- I haven't checked.)

nope, that's GNU sort that they use (ya rly). they use BSD sed.

Re: Using Facebook API: URL file-access is disabled in the server configuration

[Chazza]

Alexander Farber  wrote:
> Hello,
> 
> does anybody please have experience in using Facebook API
> from OpenBSD with chrooted Apache and the php5 from packages?
> 
> I'm trying to call theirs $fb->api_client->admin_setAppProperties()
> but get the error:
> 
> Warning: fopen() [function.fopen]: URL file-access is disabled in the
> server configuration in /htdocs/facebook/facebookapi_php5_restlib.php
> on line 3343
> 
> How could I enable that URL file-access temporarily?
> (I need to run the admin_setAppProperties just once).
> I've tried changing following lines in php.ini with no success:
> 
> ; Whether to allow the treatment of URLs (like http:// or ftp://) as
> files.
> allow_url_fopen = On
> 
> ; Whether to allow include/require to open URLs (like http:// or
> ftp://) as files.
> allow_url_include = On
> 
> And I can't run my php-script at the CLI, since Facebook
> is supposed to HTTP post some info to it.
> 
> Regards
> Alex

Take a look at your php.ini file to allow fopen to work on URLs.

Re: Alternatives to Wireshark.

[Stuart Henderson]

On 2010-01-27, Christiano F. Haesbaert  wrote:
> My main need is debugging DNS packets (mDNS), and reading raw tcpdump
> output isn't very easy, I need to really debug the protocol, so
> something that could show me field names and values would be cool.
>
> Right now I'm using tcpdump and accounting stuff like: ok this is the
> id, so the next 2 bytes is the query type and so on... (this isn't
> working :-D).

tcpdump already handles mDNS, it shouldn't be too hard to extend
and add what you're missing...

Re: fsck segfault on a big partition, 4.6

[Rob Sheldon]

On Wed, 27 Jan 2010 22:06:19 +0100, Otto Moerbeek  wrote:
>
> No, currently the amount of physical memory an amd64 can address is
> limited.

Well, F___. :-(

The rule here then is, if you've got a partition bigger than 1TB, you
*must* have swap?

- R.

-- 
[__ Robert Sheldon
[__ Founder, No Problem
[__ Information technology support and services
[__ Software and web design and development
[__ (530) 575-0278
[__ "You must be the change you wish to see in the world." -- Mahatma
Gandhi

Postgresql and Memory Usage

[Jeff Ross]

I'm not getting something about the best way to set up a server using 
PostgreSQL as a backend for a busy web server running drupal.


The postgresql performance tuning folks
http://wiki.postgresql.org/wiki/Tuning_Your_PostgreSQL_Server
say that in a server with more that 1GB of ram

"a reasonable starting value for shared_buffers is 1/4 of the memory in your 
system."


Okay, this server has 4GB of ram.  pgtune suggests the following values for 
predominately web based usage:


maintenance_work_mem = 240MB # pgtune wizard 2010-01-27
checkpoint_completion_target = 0.7 # pgtune wizard 2010-01-27
effective_cache_size = 2816MB # pgtune wizard 2010-01-27
work_mem = 18MB # pgtune wizard 2010-01-27
wal_buffers = 4MB # pgtune wizard 2010-01-27
checkpoint_segments = 8 # pgtune wizard 2010-01-27
shared_buffers = 960MB # pgtune wizard 2010-01-27
max_connections = 200 # pgtune wizard 2010-01-27

As the README.OpenBSD installed with the port suggests, postgresql will not 
even start with the default values.


"The default sizes in the GENERIC kernel for SysV semaphores
are not really large enough for a database with more than a
handful of connections. A server running such a database should
have at least the following in /etc/sysctl.conf:

kern.seminfo.semmni=256
kern.seminfo.semmns=2048

To serve a large number of connections (>250), you may also need
to increase the maximum shared memory segment size, on the i386
try:

kern.shminfo.shmmax=50331648# this is 48MB.
# default on i386 is 32MB
# other archs will vary

These numbers should be tuned depending on system use. You will also
need to tune the values in the postgresql.conf file to increase the
number of connections to the backend."

Here is where I'm not doing something right.  With my shared_buffers at 960MB, 
I need to adjust kern.shminfo.shmmax to 1GB (1073741824) to get postgres to 
start.  I thought I'd need to also adjust kern.shminfo.shmmall value as well 
but that seems to change automatically whenever I adjust kern.shminfo.shmmax.


$ sysctl -a | grep kern.s

kern.securelevel=1
kern.saved_ids=1
kern.somaxconn=128
kern.sominconn=80
kern.sysvmsg=1
kern.sysvsem=1
kern.sysvshm=1
kern.stackgap_random=262144
kern.splassert=1
kern.seminfo.semmni=256
kern.seminfo.semmns=2048
kern.seminfo.semmnu=30
kern.seminfo.semmsl=60
kern.seminfo.semopm=100
kern.seminfo.semume=10
kern.seminfo.semusz=100
kern.seminfo.semvmx=32767
kern.seminfo.semaem=16384
kern.shminfo.shmmax=1073741824
kern.shminfo.shmmin=1
kern.shminfo.shmmni=128
kern.shminfo.shmseg=128
kern.shminfo.shmall=262144

At these values postgres will start and top shows a large amount of memory 
still free:

Memory: Real: 55M/465M act/tot  Free: 3433M  Swap: 0K/8197M used/tot

Running a simple select only pgbench test against it will fail with an out of 
memory error as it tries to vacuum --analyze the newly created database with 
750 tuples.


When I run this command and have top refreshing every second, I never see the 
free memory drop below 3400M, so I'm not sure what memory we are running out 
of.  systat -i shows similar amounts of memory yet free.


I have searched (and searched) so I wonder if I'm running into the i386 1GB 
limit I see referenced, as in the thread today about fsck on larger partitions.


I've already tried running the amd64 kernel on this server and it won't even 
boot.  Do I need to find a better use for this box and go find a real Opteron 
to run PostgreSQL on?


Jeff Ross

OpenBSD 4.6-current (GENERIC.MP) #25: Mon Jan 25 21:15:48 MST 2010
r...@varley.openvistas.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(TM) CPU 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

real mem  = 4160253952 (3967MB)
avail mem = 4053823488 (3866MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/18/03, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.3 @ 0xf84b0 (39 entries)

bios0: vendor American Megatrends Inc. version "080009" date 09/18/2003
bios0: Supermicro X5DPA
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices PS2K(S1) PS2M(S1) SMBS(S1) AUDI(S1) MODM(S1) USB0(S1) 
USB1(S1) USB2(S1) P0P1(S1) GLN1(S1) GLN2(S1) BT64(S1) PWRB(S1) SLPB(S1)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(TM) CPU 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR

cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Xeon(TM) CPU 2.40GHz ("GenuineIntel" 686-class) 2.41 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,M

Re: fsck segfault on a big partition, 4.6

[Otto Moerbeek]

On Wed, Jan 27, 2010 at 08:43:40PM +, Rob Sheldon wrote:

> On Wed, 27 Jan 2010 07:42:42 +0100, Otto Moerbeek  wrote:
> > On Wed, Jan 27, 2010 at 12:38:47AM +, Rob Sheldon wrote:
> > 
> >> There's no dmesg attached because I'm not on-site with the server at
> the
> >> moment, and because AFAICT this is a known problem.
> > 
> > A pity, since it does matter what platform you run on. fsck needing a
> > lot of memory is indeed a known problem, but the SEGVs are not. You
> > might want to check if they still occur when you have enough swap.
> 
> OK, I was able to visit for a few minutes today, enough to get the machine
> answering ssh again.
> 
> First, disklabel so you know what it actually has:
> 
> $ sudo disklabel sd1
> # /dev/rsd1c:
> type: SCSI
> disk: SCSI disk
> label: Transcend 4GB   
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 488
> total sectors: 7843840
> rpm: 3600
> interleave: 1
> boundstart: 63
> boundend: 7839720
> drivedata: 0 
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>   a:  7839657   63  4.2BSD   2048 163841 # /
>   c:  78438400  unused   
> 
> $ sudo disklabel sd0 
> # /dev/rsd0c:
> type: SCSI
> disk: SCSI disk
> label: ARC-1220-VOL#00 
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 255
> sectors/cylinder: 16065
> cylinders: 729458
> total sectors: 11718749184
> rpm: 1
> interleave: 1
> boundstart: 63
> boundend: 3128808178
> drivedata: 0 
> 
> 16 partitions:
> #size   offset  fstype [fsize bsize  cpg]
>   a:  11718749121   63  4.2BSD   2048 163841 
>   c:  117187491840  unused   
> 
> ...and the dmesg...
> 
> $ dmesg
> OpenBSD 4.6 (GENERIC.MP) #81: Thu Jul  9 21:26:19 MDT 2009
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 3486973952 (3325MB)
> avail mem = 3370655744 (3214MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries)
> bios0: vendor Phoenix Technologies LTD version "1.2a" date 12/19/2008
> bios0: Supermicro X7SB4/E
> acpi0 at bios0: rev 2
> acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ SLIC
> SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> acpi0: wakeup devices PXHA(S5) PXHB(S5) PEX_(S5) LAN_(S5) USB4(S5)
> USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5)
> USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5)
> PWRB(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, 2494.07 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
> cpu0: 2MB 64b/line 8-way L2 cache
> cpu0: apic clock running at 199MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, 2493.75 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
> cpu1: 2MB 64b/line 8-way L2 cache
> ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
> ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins
> ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 2 (PXHA)
> acpiprt2 at acpi0: bus 3 (PXHB)
> acpiprt3 at acpi0: bus 4 (PEX_)
> acpiprt4 at acpi0: bus 7 (EXP1)
> acpiprt5 at acpi0: bus 13 (EXP5)
> acpiprt6 at acpi0: bus 15 (EXP6)
> acpiprt7 at acpi0: bus 17 (PCIB)
> acpicpu0 at acpi0: C3, PSS
> acpicpu1 at acpi0: C3, PSS
> acpibtn0 at acpi0: PWRB
> acpivideo0 at acpi0: IGD0
> ipmi at mainbus0 not configured
> cpu0: Enhanced SpeedStep 2493 MHz: speeds: 2500, 2400, 2000, 1600, 1200
> MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
> ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: apic 2 int
> 16 (irq 5)
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
> pci2 at ppb1 bus 2
> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
> ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
> pci3 at ppb2 bus 3
> "Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 3 not configured
> ppb3 at pci0 dev 6 function 0 "Intel 3210 PCIE" rev 0x01: apic 2 int 16
> (irq 5)
> pci4 at ppb3 bus 4
> ppb4 at pci4 dev 0 function 0 "Intel IOP333 PCIE-PCIX" rev 0x00
> pci5 at ppb4 bus 5
> arc0 at pci5 dev 14 function 0 "Areca ARC-1220" rev 0x00: apic 2 int 18
> (irq 11)
> arc0: 8 ports, 256MB SDRAM, firmware V1.46 2009-01-06
> scsibus0 at arc0: 16 targets
> sd0 at scsibus0 targ 0 lun 0:  SCSI3
> 0/direct fixed
> sd0: 5722

Re: Alternatives to Wireshark.

[Bryan Irvine]

I like ettercap for that.

On Wed, Jan 27, 2010 at 12:23 PM, Christiano F. Haesbaert
 wrote:
> Hi there,
>
> I've always used wireshark for packet sniffing, it solved most of my needs.
>
> First of all, I'm not questioning the why of not having a port, I've
> read the previous posts (I really don't care why, don't start a
> discussion).
>
> My main need is debugging DNS packets (mDNS), and reading raw tcpdump
> output isn't very easy, I need to really debug the protocol, so
> something that could show me field names and values would be cool.
>
> Right now I'm using tcpdump and accounting stuff like: ok this is the
> id, so the next 2 bytes is the query type and so on... (this isn't
> working :-D).
>
> I understand I could make some script to interpret the values, but I'm
> sure you guys already though of something better.
>
> Thanks.

Re: fsck segfault on a big partition, 4.6

[Rob Sheldon]

On Wed, 27 Jan 2010 07:42:42 +0100, Otto Moerbeek  wrote:
> On Wed, Jan 27, 2010 at 12:38:47AM +, Rob Sheldon wrote:
> 
>> There's no dmesg attached because I'm not on-site with the server at
the
>> moment, and because AFAICT this is a known problem.
> 
> A pity, since it does matter what platform you run on. fsck needing a
> lot of memory is indeed a known problem, but the SEGVs are not. You
> might want to check if they still occur when you have enough swap.

OK, I was able to visit for a few minutes today, enough to get the machine
answering ssh again.

First, disklabel so you know what it actually has:

$ sudo disklabel sd1
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: Transcend 4GB   
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 488
total sectors: 7843840
rpm: 3600
interleave: 1
boundstart: 63
boundend: 7839720
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:  7839657   63  4.2BSD   2048 163841 # /
  c:  78438400  unused   

$ sudo disklabel sd0 
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: ARC-1220-VOL#00 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 729458
total sectors: 11718749184
rpm: 1
interleave: 1
boundstart: 63
boundend: 3128808178
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:  11718749121   63  4.2BSD   2048 163841 
  c:  117187491840  unused   

...and the dmesg...

$ dmesg
OpenBSD 4.6 (GENERIC.MP) #81: Thu Jul  9 21:26:19 MDT 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3486973952 (3325MB)
avail mem = 3370655744 (3214MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries)
bios0: vendor Phoenix Technologies LTD version "1.2a" date 12/19/2008
bios0: Supermicro X7SB4/E
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ SLIC
SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices PXHA(S5) PXHB(S5) PEX_(S5) LAN_(S5) USB4(S5)
USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5)
USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5)
PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, 2494.07 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz, 2493.75 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0 apid 3 pa 0xfecc, version 20, 24 pins
ioapic2 at mainbus0 apid 4 pa 0xfecc0400, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PXHA)
acpiprt2 at acpi0: bus 3 (PXHB)
acpiprt3 at acpi0: bus 4 (PEX_)
acpiprt4 at acpi0: bus 7 (EXP1)
acpiprt5 at acpi0: bus 13 (EXP5)
acpiprt6 at acpi0: bus 15 (EXP6)
acpiprt7 at acpi0: bus 17 (PCIB)
acpicpu0 at acpi0: C3, PSS
acpicpu1 at acpi0: C3, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: IGD0
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2493 MHz: speeds: 2500, 2400, 2000, 1600, 1200
MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: apic 2 int
16 (irq 5)
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 2
"Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
ppb2 at pci1 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci3 at ppb2 bus 3
"Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 3 not configured
ppb3 at pci0 dev 6 function 0 "Intel 3210 PCIE" rev 0x01: apic 2 int 16
(irq 5)
pci4 at ppb3 bus 4
ppb4 at pci4 dev 0 function 0 "Intel IOP333 PCIE-PCIX" rev 0x00
pci5 at ppb4 bus 5
arc0 at pci5 dev 14 function 0 "Areca ARC-1220" rev 0x00: apic 2 int 18
(irq 11)
arc0: 8 ports, 256MB SDRAM, firmware V1.46 2009-01-06
scsibus0 at arc0: 16 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3
0/direct fixed
sd0: 5722045MB, 512 bytes/sec, 11718749184 sec total
ppb5 at pci4 dev 0 function 2 "Intel IOP333 PCIE-PCIX" rev 0x00
pci6 at ppb5 bus 6
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x02: apic 2 int 16
(irq 5)
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x02: apic 2 int 17
(irq 10)
uhci2 at pci0 dev 26 function 2 "Int

Re: Using Facebook API: URL file-access is disabled in the server configuration

[Alexander Farber]

Tried adding

   66.220.146.15   api.facebook.com

to /var/www/etc/hosts  as well...

Alternatives to Wireshark.

[Christiano F. Haesbaert]

Hi there,

I've always used wireshark for packet sniffing, it solved most of my needs.

First of all, I'm not questioning the why of not having a port, I've
read the previous posts (I really don't care why, don't start a
discussion).

My main need is debugging DNS packets (mDNS), and reading raw tcpdump
output isn't very easy, I need to really debug the protocol, so
something that could show me field names and values would be cool.

Right now I'm using tcpdump and accounting stuff like: ok this is the
id, so the next 2 bytes is the query type and so on... (this isn't
working :-D).

I understand I could make some script to interpret the values, but I'm
sure you guys already though of something better.

Thanks.

Re: Change root password from shell-script

[Chris Dukes]

On Wed, Jan 27, 2010 at 05:14:51PM +, Paul Branston wrote:
> On Wed, Jan 27, 2010 at 05:48:15PM +0100, Jordi Espasa Clofent wrote:
> >> Have you looked at man usermod? -p flag in particular.
> >
> > Shame on me, indeed. It has been a game:
> >
> > #!/bin/sh
> > PASSWORD=$(echo "my_new_password" | encrypt -b 6)
> > usermod -p $PASSWORD root
> >
> 
> A little more generic in case there is no usermod -p
> 
> PASSWORD=$(echo "my_new_password" | encrypt -b 6)
> perl -p -i.bk -e  's/^root:.*?:/root:$PASSWORD:/' /etc/shadow

Breaks on AIX :-).  Breaks with NIS and LDAP as well :-).

I've always had the pipe dream of there being a chpasswd(8)
on *BSD like there is on current AIX and Linux distros.
But usually there isn't that much headache using something like usermod.


> 

-- 
Chris Dukes

Re: fsck segfault on a big partition, 4.6

[frantisek holop]

hmm, on Wed, Jan 27, 2010 at 04:35:19PM +0100, Robert said that
> If the OS runs out of (any) memory then there is already a serious

there's plenty of discussion about the virtues/stupidity
of the OOM killer approach, including various "pardon" policies.
google for "out of fuel linux" for amusement.

> problem. In such a case I would prefer that the kernel kills some
> random applications but protects itself, so that I can login on the
> console and check what's going on. It might even be possible to make

riiight.  and how pray if that random process happens to be the
ssh daemon or some other process supporting your infrastructure?

if a process is out of control, i'd rather have the system complain
loudly and angrily.  i am not keen on seeing mysterious missing
processes, user/customer complaints because of untraceable failures
of transactions, tasks, jobs, whatever.

-f
-- 
fish and guests smell in three days.

Using Facebook API: URL file-access is disabled in the server configuration

[Alexander Farber]

Hello,

does anybody please have experience in using Facebook API
from OpenBSD with chrooted Apache and the php5 from packages?

I'm trying to call theirs $fb->api_client->admin_setAppProperties()
but get the error:

Warning: fopen() [function.fopen]: URL file-access is disabled in the
server configuration in /htdocs/facebook/facebookapi_php5_restlib.php
on line 3343

How could I enable that URL file-access temporarily?
(I need to run the admin_setAppProperties just once).
I've tried changing following lines in php.ini with no success:

; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
allow_url_fopen = On

; Whether to allow include/require to open URLs (like http:// or
ftp://) as files.
allow_url_include = On

And I can't run my php-script at the CLI, since Facebook
is supposed to HTTP post some info to it.

Regards
Alex

Re: Announcing: JigglyPuffBSD

[Jussi Peltola]

http://www.gossipgamers.com/pokemon-redesigned-in-traditional-japanese-style-artwork/

Re: Change root password from shell-script

[Brynet]

Paul Branston wrote:
> A little more generic in case there is no usermod -p
> 
> PASSWORD=$(echo "my_new_password" | encrypt -b 6)
> perl -p -i.bk -e  's/^root:.*?:/root:$PASSWORD:/' /etc/shadow

Wow,

Question: are you even using OpenBSD?

-Bryan.

Re: Change root password from shell-script

[Paul Branston]

On Wed, Jan 27, 2010 at 05:48:15PM +0100, Jordi Espasa Clofent wrote:
>> Have you looked at man usermod? -p flag in particular.
>
> Shame on me, indeed. It has been a game:
>
> #!/bin/sh
> PASSWORD=$(echo "my_new_password" | encrypt -b 6)
> usermod -p $PASSWORD root
>

A little more generic in case there is no usermod -p

PASSWORD=$(echo "my_new_password" | encrypt -b 6)
perl -p -i.bk -e  's/^root:.*?:/root:$PASSWORD:/' /etc/shadow

Re: Sun Fire x4170

[Luca Corti]

On Tue, Jan 26, 2010 at 11:44:01AM -0500, Bryan Allen wrote:
> They're solid, and they fly.

That's what I hoped to hear.

> You can pick up RAM cheap from crucial, and get disk sleds from memoryx
> (541-2123) so you don't have to pay disk markup.

This is not an issue. The one I'll have at hand has 4GB RAM, which is more than 
what is currently supported by the OS.
 
> I do not use the SAS RAID card, and couldn't speak its being supported by
> OpenBSD regardless. (I have a J4200 plugged into the non-RAID SAS card, 
> because
> ZFS > hardware RAID.)

Having at least RAID1 hardware would be nice for resilence in case of a disk 
failure.
I won't even touch the ZFS part, I don't want to even accidentally start 
falmewars! ;)

> You may find that you'll need to disable some of the em(4) ports so you can 
> get
> access to the Service Processor. I run OpenBSD on my X2100 M2s and have to
> disable bge* (via config(8)) so I can get at the SP. Just something to keep in
> mind when provisioning.

Having a few ports on the x4170 is nice for many purposes. LOM is nice too, but 
I can use a serial console if the box comes with a serial port. Have to check 
this.

thanks a lot

Luca

Re: Change root password from shell-script

[Jordi Espasa Clofent]

Have you looked at man usermod? -p flag in particular.


Shame on me, indeed. It has been a game:

#!/bin/sh
PASSWORD=$(echo "my_new_password" | encrypt -b 6)
usermod -p $PASSWORD root

Thanks.

--
I must not fear. Fear is the mind-killer. Fear is the little-death that 
brings total obliteration. I will face my fear. I will permit it to pass 
over me and through me. And when it has gone past I will turn the inner 
eye to see its path. Where the fear has gone there will be nothing. Only 
I will remain.


Bene Gesserit Litany Against Fear.

Re: Announcing: JigglyPuffBSD

[Vadim Zhukov]

On 26 January 2010 c. 02:14:22 Eric wrote:
> By the way, I like your sig.

It's just seen by me on misc@ a long time ago :)

--
  Best wishes,
Vadim Zhukov

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: fsck segfault on a big partition, 4.6

[Otto Moerbeek]

On Wed, Jan 27, 2010 at 10:31:40AM -0500, Ted Unangst wrote:

> On Wed, Jan 27, 2010 at 10:00 AM, frantisek holop  wrote:
> > hmm, on Wed, Jan 27, 2010 at 03:28:12PM +0100, Otto Moerbeek said that
> >> Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
> >> process.  What happens if more memory is allocated than the available
> >> swap is that the kernel will kill random processes to free swap. That
> >> might be what is going on in your case. Also, in some cases a lack of
> >> physical memory might kill processes.
> >
> > the kernel will kill random processes?  are we talking about linux's OOM
> > here or openbsd?  since when is this in openbsd?  i seem to recall
> > some debate where openbsd devs found that idea ridiculous.  i know i do,
> > and the machine should panic instead of starting shooting down processes.
> 
> Some archs will kill processes, some will panic.  i386 and amd64
> should both panic I believe.

Somewhere in my memory is says that on i386 at least, it can happen
that a trap handler isn't able to allocate a physcial page which
eventually leads to a SEGV of the process.

But my memory isn't what it used to be, and I do not have time to dig
into this further right now.

-Otto

Re: Change root password from shell-script

[Gregory Edigarov]

On Wed, 27 Jan 2010 17:05:17 +0100
Jordi Espasa Clofent  wrote:

> HI all,
> 
> ?Is there any way t change the root password using a shell-script
> (aka non-interactive mod as passwd uses)?
> 
> I've used pw in FreeBSD and chpasswd in Debian GNU/Linux to do it,
> bit I've not found a way/command to do it with my OpenBSD boxes.
> 
> At present my approach will be install except from ports and use it
> to get my goal.
> 
Have you looked at man usermod? -p flag in particular. 

-- 
With best regards,
Gregory Edigarov

Change root password from shell-script

[Jordi Espasa Clofent]

HI all,

?Is there any way t change the root password using a shell-script (aka 
non-interactive mod as passwd uses)?


I've used pw in FreeBSD and chpasswd in Debian GNU/Linux to do it, bit 
I've not found a way/command to do it with my OpenBSD boxes.


At present my approach will be install except from ports and use it to 
get my goal.


--
I must not fear. Fear is the mind-killer. Fear is the little-death that 
brings total obliteration. I will face my fear. I will permit it to pass 
over me and through me. And when it has gone past I will turn the inner 
eye to see its path. Where the fear has gone there will be nothing. Only 
I will remain.


Bene Gesserit Litany Against Fear.

Re: fsck segfault on a big partition, 4.6

[Robert]

frantisek holop wrote:

the kernel will kill random processes?  are we talking about linux's OOM
here or openbsd?  since when is this in openbsd?  i seem to recall
some debate where openbsd devs found that idea ridiculous.  i know i do,
and the machine should panic instead of starting shooting down processes.

-f


Am I missing something here?
If the OS runs out of (any) memory then there is already a serious 
problem. In such a case I would prefer that the kernel kills some random 
applications but protects itself, so that I can login on the console and 
check what's going on. It might even be possible to make a clean reboot 
(avoiding a long fsck).

A kernel panic is IMHO the worst option.

?
Please explain your point of view, or why the devs consider it a bad 
idea (a quick search on the list didn't show anything).
(I understand that in case of kernel development a panic would be useful 
as it shows information, but I consider the "daily usage" case)


regards,
Robert

PS:
What is the actual situation in OpenBSD? Does it have some OOM killer?

Re: fsck segfault on a big partition, 4.6

[Ted Unangst]

On Wed, Jan 27, 2010 at 10:00 AM, frantisek holop  wrote:
> hmm, on Wed, Jan 27, 2010 at 03:28:12PM +0100, Otto Moerbeek said that
>> Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
>> process.  What happens if more memory is allocated than the available
>> swap is that the kernel will kill random processes to free swap. That
>> might be what is going on in your case. Also, in some cases a lack of
>> physical memory might kill processes.
>
> the kernel will kill random processes?  are we talking about linux's OOM
> here or openbsd?  since when is this in openbsd?  i seem to recall
> some debate where openbsd devs found that idea ridiculous.  i know i do,
> and the machine should panic instead of starting shooting down processes.

Some archs will kill processes, some will panic.  i386 and amd64
should both panic I believe.

Re: fsck segfault on a big partition, 4.6

[Otto Moerbeek]

On Wed, Jan 27, 2010 at 10:11:57AM -0500, Joe Gidi wrote:

> On Wed, January 27, 2010 9:28 am, Otto Moerbeek wrote:
> > Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
> > process.  What happens if more memory is allocated than the available
> > swap is that the kernel will kill random processes to free swap. That
> > might be what is going on in your case. Also, in some cases a lack of
> > physical memory might kill processes.
> >
> > -Otto
> 
> Does this mean that amd64 can now handle >4G of RAM, or is that a separate
> issue?

virtual mem != physical mem, so that's indeed a different issue.

-Otto

Re: Killing Random Processes [was: fsck segfault on a big partition, 4.6]

[Rob Sheldon]

On Wed, 27 Jan 2010 16:00:32 +0100, frantisek holop 
wrote:
> hmm, on Wed, Jan 27, 2010 at 03:28:12PM +0100, Otto Moerbeek said that
> 
> the kernel will kill random processes?  are we talking about linux's OOM
> here or openbsd?  since when is this in openbsd?  i seem to recall
> some debate where openbsd devs found that idea ridiculous.  i know i do,
> and the machine should panic instead of starting shooting down
processes.

I remember reading a thread here about killing random processes a long
time ago, but I don't recall the results of that. I can't find it (quickly)
in the archives.

If you (and all) don't mind, if there's going to be any debate about this,
I'd like to see it under a different thread instead.

- R.

-- 
[__ Robert Sheldon
[__ Founder, No Problem
[__ Information technology support and services
[__ Software and web design and development
[__ (530) 575-0278
[__ "You must be the change you wish to see in the world." -- Mahatma
Gandhi

Re: fsck segfault on a big partition, 4.6

[Joe Gidi]

On Wed, January 27, 2010 9:28 am, Otto Moerbeek wrote:
> Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
> process.  What happens if more memory is allocated than the available
> swap is that the kernel will kill random processes to free swap. That
> might be what is going on in your case. Also, in some cases a lack of
> physical memory might kill processes.
>
>   -Otto

Does this mean that amd64 can now handle >4G of RAM, or is that a separate
issue?

-- 
Joe Gidi
j...@entropicblur.com

Re: fsck segfault on a big partition, 4.6

[frantisek holop]

hmm, on Wed, Jan 27, 2010 at 03:28:12PM +0100, Otto Moerbeek said that
> Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
> process.  What happens if more memory is allocated than the available
> swap is that the kernel will kill random processes to free swap. That
> might be what is going on in your case. Also, in some cases a lack of
> physical memory might kill processes. 

the kernel will kill random processes?  are we talking about linux's OOM
here or openbsd?  since when is this in openbsd?  i seem to recall
some debate where openbsd devs found that idea ridiculous.  i know i do,
and the machine should panic instead of starting shooting down processes.

-f
-- 
to get a loan you must prove you don't need it.

Popusti i do 62% samo do 10. februara

[E-topshop]

Iskoristite do 10. februara - "Dole kilogrami!"

Samo u ovoj akciji E!tedite i do neverovatnih

-62%!

B;

smrE!ajte jednostavno, bez truda - imamo prava reE!enja

B;

uE!tedite pri kupovini i dostavi hit proizvoda za dijetu i lepotu

B;

PodseDamo - super cene i uslovi joE! 14 dana, do 10.2.2010.

B;

za prvih 20 poklon: BMI metar za praDenje rezultata

Opredelite se za zdraviji naD
in E>ivota, lepE!i i vitkiji - NARUDITE
odmah! B;

Ovu elektronsku poE!tu primate, ukoliko ste svojevoljno ostavili svoju
e-mail adresu na nekom od sajtova Top Shop-a, uD
estvovali u naE!oj
poklon igri ili nagradnom kvizu ili se prijavili za e-D
asopis Top Shop-a
ili nekog od nasih brendova.

Ponude date u ovom e-mailu vaE>e iskljuD
ivo za porudE>bine upuDene
putem Interneta ili broja telefona 021 489 26 60. Ponude vaE>e do 10. 02.
2010. ili do isteka zaliha. Isporuku vrE!imo samo u Srbiji.

Ukoliko ne E>elite viE!e da primate naE!e elektronske poruke, za
odjavljivanje sa naE!e e-mailing liste, , kliknite ovde. U obrazac na
internet stranici upiE!ite svoju taD
nu e-mail adresu i odjavu potvrdite.

Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021
489 26 60, Fax: 021 489 29 08, E-mail: i...@news.e-topshop.tv

[IMAGE]If you would no longer like to receive our emails please
unsubscribe by clicking here.

Re: rename(2) man page (was: Re: OpenSMTPd actual development and integration)

[Christiano Farina Haesbaert]

Can't we all just get along ?

Fuck sake, does someone here thinks this thread is going anywhere ?

Re: fsck segfault on a big partition, 4.6

[Otto Moerbeek]

On Wed, Jan 27, 2010 at 02:06:20PM +, Rob Sheldon wrote:

> On Wed, 27 Jan 2010 07:42:42 +0100, Otto Moerbeek  wrote:
> > On Wed, Jan 27, 2010 at 12:38:47AM +, Rob Sheldon wrote:
> > 
> >> Hi,
> > 
> > Therse days, amd64 is the only platform that increases the limit
> > (MAXDSIZE) to 8G. Though you venture into untested territory, we
> > (myself at least) just do not have the hardware to test anything
> > beyond 2T. 
> 
> OK. I just went back and looked at the order sheet for this thing, and it
> looks like it shipped with enough RAM to require amd64, so it should be
> (had better be!) running that kernel.
> 
> I'd like to help, if at all possible. I should be able to get on-site with
> the client for at least a couple of hours today, and I can probably draw
> this out for a few days before I have to get the server back on-line. I can
> provide a dmesg and any other system specs without too much trouble -- is
> there any way to help track down the exact source of the segfault?
> 
> > The SEGVs may be related to not having swap. Running OpenBSD in
> > overcommitted state is not what you want. 
> 
> What do you mean by "overcommitted state" -- not enough resources? The
> only thing this machine is supposed to do is run backuppc, which is just
> rsync with some Perl scripts. The old backup server was doing the same job
> with less resources for quite a while. The old server did have a swap
> partition, but as near as I could tell it was rarely used. ...In fact, I
> just logged in to the old server; it has an 8G swap partition, and top says
> it's not using any of it.

The point is that fsck_ffs need loads of memory.

> 
> So here's something I don't understand then: in the generic kernel, will
> fsck allocate more than 1G if swap is available, or is it still limited to
> just 1G?

Depends on the arch. i386 is limited to 1G, amd64 is limited to 8G per
process.  What happens if more memory is allocated than the available
swap is that the kernel will kill random processes to free swap. That
might be what is going on in your case. Also, in some cases a lack of
physical memory might kill processes. 

-Otto

> 
> >> There's no dmesg attached because I'm not on-site with the server at
> the
> >> moment, and because AFAICT this is a known problem.
> > 
> > A pity, since it does matter what platform you run on. fsck needing a
> > lot of memory is indeed a known problem, but the SEGVs are not. You
> > might want to check if they still occur when you have enough swap.
> 
> OK. I'll get that info to you, and anything else you need (that I can
> handle), and I'll futz around with it and see if I can cable in a spare
> drive for swap.
> 
> - R.
> 
> -- 
> [__ Robert Sheldon
> [__ Founder, No Problem
> [__ Information technology support and services
> [__ Software and web design and development
> [__ (530) 575-0278
> [__ "You must be the change you wish to see in the world." -- Mahatma
> Gandhi

Re: OpenVPN problem. [SOLVED]

[Alessandro Baggi]

I've solved my problem, It was a routing problem caused by a 
misconfiguration with a client-config-ccd with a wrong parameter.


client-conf-ccd ccd

but with an absolute path (ex /etc/openvpn/ccd) it works.
Thanks.
Hi Simen. Then 10.0.8.1 and 10.0.8.2 are allocate by openvpn server 
and in the client are 10.0.8.6 and 10.0.8.5

they appear in ifconfing of tun0 on client and server side in this form:

10.0.8.1 -> 10.0.8.2
10.0.8.6 -> 10.0.8.5

My purpose is to study VPN with openvpn and i've not a remote place to 
get this setup and then I've reproduced a little reality.

Simen Stavdal wrote:

Ciao Alessandro,

So, from the server, the client gets allocated 10.0.8.5/32
(btw, probably a minor thing, but in your server conf file, you have 
a mismatch on the host/mask when you push the routes- it reads

push "route 10.1.1.1 255.255.0.0"  while it should read 10.1.0.0)
(doesn't seem to bother the client too much, but it might be worth a 
try to correct it).


Also, on the server side routing table, you have the following :
192.168.7/24  10.0.8.2   UGS0  175 
- 8 tun0


Where is 10.0.8.2?
This is from the pool of client addresses, but does not exist anywhere?

You also have som route statements in your server conf file, like 
this one :

route 192.168.7.0 255.255.255.0
It doesn't have a gateway, and is not locally connected
This tells the client host to route 192.168.7.0 to nowhere (even 
though it is locally connected on the client side).


On my config, the client side routing table looks like this (windows 
host) :

   10.10.177.0255.255.255.0  10.10.177.5 10.10.177.6   1
   10.10.177.4  255.255.255.252  10.10.177.6 
10.10.177.6   30



Also, the two hosts are not connected with public addresses, can I 
ask why you want to use NAT between to RFC1918 networks that don't 
overlap?
I am trying to understand your objective and the purpose of the 
setup, maybe there is a different way of setting it up?


Cheers,
Simon.


Alessandro Baggi wrote:

Simen Stavdal wrote:

and...

do you have the routing table for some of the hosts that can/cannot 
ping each other?
Are there other gateways out of the networks, other than the 
openvpn box?


S.


I'm trying openvpn in my internal network:
 
   internet

 |
   primary node
192.168.1.1

/ \
  OBSD  
OBSD 2
  192.168.1.33   
192.168.1.2
  10.1.0.0/16   
192.168.7.0/24
   
||

..

Re: fsck segfault on a big partition, 4.6

[Rob Sheldon]

On Wed, 27 Jan 2010 07:42:42 +0100, Otto Moerbeek  wrote:
> On Wed, Jan 27, 2010 at 12:38:47AM +, Rob Sheldon wrote:
> 
>> Hi,
> 
> Therse days, amd64 is the only platform that increases the limit
> (MAXDSIZE) to 8G. Though you venture into untested territory, we
> (myself at least) just do not have the hardware to test anything
> beyond 2T. 

OK. I just went back and looked at the order sheet for this thing, and it
looks like it shipped with enough RAM to require amd64, so it should be
(had better be!) running that kernel.

I'd like to help, if at all possible. I should be able to get on-site with
the client for at least a couple of hours today, and I can probably draw
this out for a few days before I have to get the server back on-line. I can
provide a dmesg and any other system specs without too much trouble -- is
there any way to help track down the exact source of the segfault?

> The SEGVs may be related to not having swap. Running OpenBSD in
> overcommitted state is not what you want. 

What do you mean by "overcommitted state" -- not enough resources? The
only thing this machine is supposed to do is run backuppc, which is just
rsync with some Perl scripts. The old backup server was doing the same job
with less resources for quite a while. The old server did have a swap
partition, but as near as I could tell it was rarely used. ...In fact, I
just logged in to the old server; it has an 8G swap partition, and top says
it's not using any of it.

So here's something I don't understand then: in the generic kernel, will
fsck allocate more than 1G if swap is available, or is it still limited to
just 1G?

>> There's no dmesg attached because I'm not on-site with the server at
the
>> moment, and because AFAICT this is a known problem.
> 
> A pity, since it does matter what platform you run on. fsck needing a
> lot of memory is indeed a known problem, but the SEGVs are not. You
> might want to check if they still occur when you have enough swap.

OK. I'll get that info to you, and anything else you need (that I can
handle), and I'll futz around with it and see if I can cable in a spare
drive for swap.

- R.

-- 
[__ Robert Sheldon
[__ Founder, No Problem
[__ Information technology support and services
[__ Software and web design and development
[__ (530) 575-0278
[__ "You must be the change you wish to see in the world." -- Mahatma
Gandhi

Re: fsck segfault on a big partition, 4.6

[Rob Sheldon]

On Tue, 26 Jan 2010 19:10:47 -0600 (CST), "L. V. Lammert"

wrote:
> On Wed, 27 Jan 2010, Rob Sheldon wrote:
> 
> Don't know if this is related to a problem I had on a machine recently,
..
> however I found that if I hung the 'bad' drive on ANOTHER machine, the
> fsck ran just fine!

To be honest, I'm not sure how I'd set that up without a ton of effort.
The 6TB are done through multiple drives (raid 6) through an Areca raid
controller; without having an identical machine to swap the hardware into,
I don't think I could pull that off. Even if I did have an identical system
to do that with, I doubt it would gain me anything in this case.

Thanks for the tip though. :-)

- R.

-- 
[__ Robert Sheldon
[__ Founder, No Problem
[__ Information technology support and services
[__ Software and web design and development
[__ (530) 575-0278
[__ "You must be the change you wish to see in the world." -- Mahatma
Gandhi

Re: PowerEdge 850 for a small office firewall

[Brad Tilley]

On Wed, 27 Jan 2010 07:54 -0500, "Chris Dukes"  wrote:
> On Tue, Jan 26, 2010 at 04:38:08PM -0800, mehma sarja wrote:
> > I am running an embedded 533 MHz with 256 MB memory and it is woefully
> > inadequate for an office setting. Even for a home setting which wants stuff
> > like snort running as well. I would WAG atleast a 2 GB memory and the Atoms
> > max out at that...? If the firewall will be doing other stuff like snort,
> > vpn, dns, dhcp, nat, (I am talking pfSense here), then 2 GB is rather short
> > and I'd like to see a beefier CPU as well. So, the question really is what
> > all are you going to be doing with it?
> 
> Is it still woefully inadequate if snort, vpn, and DNS are moved
> off the firewall?

On a busy interface, Snort can use a good deal of CPU consistently:

load averages:  0.50,  0.31,  0.24 08:09:25
33 processes:  31 idle, 2 on processor
CPU0 states:  4.4% user,  0.0% nice,  0.2% system,  8.8% interrupt, 86.6% idle
CPU1 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU2 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100% idle
CPU3 states: 11.8% user,  0.0% nice,  0.0% system,  0.0% interrupt, 88.2% idle
Memory: Real: 180M/542M act/tot  Free: 2819M  Swap: 0K/518M used/tot

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
16499 _snort310  171M  158M onproc/1  -24.9H 16.89% snort
 5502 root   20 1116K 2080K sleep/1   select0:51  0.00% sendmail
16446 _pflogd40  636K  444K sleep/0   bpf   0:06  0.00% pflogd


> I ask because running DNS on the firewall has given me the heebie jeebies
> for years.  And I have dim memories of a few security exploits for snort.
> > 
> 
> -- 
> Chris Dukes 

Re: PowerEdge 850 for a small office firewall

[Chris Dukes]

On Tue, Jan 26, 2010 at 04:38:08PM -0800, mehma sarja wrote:
> I am running an embedded 533 MHz with 256 MB memory and it is woefully
> inadequate for an office setting. Even for a home setting which wants stuff
> like snort running as well. I would WAG atleast a 2 GB memory and the Atoms
> max out at that...? If the firewall will be doing other stuff like snort,
> vpn, dns, dhcp, nat, (I am talking pfSense here), then 2 GB is rather short
> and I'd like to see a beefier CPU as well. So, the question really is what
> all are you going to be doing with it?

Is it still woefully inadequate if snort, vpn, and DNS are moved
off the firewall?
I ask because running DNS on the firewall has given me the heebie jeebies
for years.  And I have dim memories of a few security exploits for snort.
> 

-- 
Chris Dukes

Finding bsd.rd checksums for sets without booting?

[Lars Nooden]

What ways are there to get the checksums from bsd.rd without actually
booting with it and going through the installation of sets?

/Lars

Contester ses contraventions

[Permis de conduire]

Retrait de points
   Suspension du permis de conduire
Contester ses contraventions
 Doit on payer ses contraventions ?
  Comment contester un retrait de point
Comment contester une annulation du permis de conduire
  Annulation du permis de conduire
 
 
  
Cliquer ici
 
Si vous ne souhaitez plus recevoir dinformations de notre part, vous pouvez 
disinscrire votre adresse misc@openbsd.org ici

problem with make build on 4.6

[Maciej Jan Broniarz]

Hi,

I am trying to make build from the latest 4.6 sources. During the
compilation proces i encounter the following error:

make -f Makefile.old clean > /dev/null 2>&1
../../../miniperl "-I../../../lib" "-I../../../lib" Makefile.PL
"INSTALLDIRS=perl" "INSTALLMAN3DIR=none" "PERL_CORE=1"
"LIBPERL_A=libperl.so.11.0"
Warning: prerequisite Fcntl 0 not found.
Warning: prerequisite POSIX 0 not found.
Warning: prerequisite Socket 0 not found.
Writing Makefile for Sys::Syslog
==> Your Makefile has been rebuilt. <==
==> Please rerun the make command.  <==
false
*** Error code 1

Stop in /usr/src/gnu/usr.bin/perl/obj/ext/Sys/Syslog (line 884 of Makefile).
*** Error code 1

Stop in /usr/src/gnu/usr.bin/perl/obj (line 655 of makefile).
*** Error code 1

Stop in /usr/src/gnu/usr.bin/perl (line 80 of
/usr/src/gnu/usr.bin/perl/Makefile.bsd-wrapper).
*** Error code 1

Stop in /usr/src/gnu/usr.bin (line 48 of /usr/share/mk/bsd.subdir.mk).
*** Error code 1

Stop in /usr/src/gnu (line 48 of /usr/share/mk/bsd.subdir.mk).
*** Error code 1

Stop in /usr/src (line 48 of /usr/share/mk/bsd.subdir.mk).
*** Error code 1

Stop in /usr/src (line 73 of Makefile).


What might be the problem?

All best,
mjb

[no subject]

[Credito . Cooperativo]

Gentile Cliente,

da questo momento h disponibile on-line l'estratto conto mensile riferito
al codice del rapporto 01002-33047891: potr` consultarlo, stamparlo e
salvarlo
sul suo PC per creare un suo archivio personalizzato.

Le ricordiamo che ogni estratto conto rimane in linea fino al terzo mese
successivo all'emissione.

Grazie ancora per aver scelto i servizi on-line di BCC.

I migliori saluti.

Servizio Clienti BCC

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Movimenti Disposizioni - Servizi Clienti.574DEFANGED-html]