Re: The rant about browsers

[Mihai Popescu]

> ok, how do I put this nicely...
> To run a modern browser, you need a modern computer.  1.5GB RAM and a
> celeron processor doesn't cut it.

> Nick

Moving towards a "modern" computers one will have problems with
supported hardware. Maybe some desktops are ok, but what can you do
about laptops. There is no documentation and manufactures are pushing
all kinds of crazy shits like fake RAID, UEFI, ACPI, etc. New software
is pressing for new hardware too.
There is a stupid movement for browsers too: W3C approves and is
trying to make a strandard for any shit you can bring inside a
browser. Developers are following - who would want users to leave
because "X" browser doesn't support "Y" feature. This rush has only
one 'benefit', more money for harware manufacturers' pockets. I let
the people with more experience to anticipate and describe the future.

Thanks.

Re: amavisd uses high cpu usage?

[Indunil Jayasooriya]

> Hi Stuart,
>


>  > I think may be something is wrong with perl modules.
>
> Could be. How did you install things? Is this a fresh 5.5 install or an
> upgrade from an earlier version? Did you upgrade all packages?
>

Yeah, This is a fresh 5.5 64 bit.


I downloaded iso from this

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/amd64/install55.iso

and burnt it to CD and installed.

Then, I downloaded below stuffs and copied to a CD .

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/src.tar.gz

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/sys.tar.gz

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/ports.tar.gz


Then I mounted the cd and copied them  to /usr directory and ran below
commands as explained here.

http://www.openbsd.org/anoncvs.html#starting


# *cd /usr/src*
# *tar xzf ../sys.tar.gz*
# *tar xzf ../src.tar.gz*
# *cd /usr*
# *tar xzf ports.tar.gz*


But, I still have NOT updated src and port tree.

Could you pls let me kow which command do I need?

I want to stay in Stable branch - it is patched branch isn't it?


Are below commands ok?

to update the src

# cd /usr/src

Now which is the right command for a patch branch?

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -Pd

or

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -rOPENBSD_5_5 -Pd


to update the port tree.

# cd /usr/ports

Again, which is the right command for a patch branch?


cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -Pd

or

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -rOPENBSD_5_5 -Pd


Pls let me know. I will run and add a cronjob on daily  basis.

Anyway, I installed posfix amavisd-new with pkg_add -v command.

export PKG_PATH=http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/packages/amd64/

then

pkg_add -v postfix

pkg_add -v amavisd-new


potput of  pkg_info

amavisd-new-2.8.1p0 interface between mailer MTA and content checkers
arc-5.21p   create & extract files from DOS .ARC files
autoconf-2.13p3 automatically configure source code on many Un*x
platforms
autoconf-2.65p0 automatically configure source code on many Un*x
platforms
autoconf-2.67p0 automatically configure source code on many Un*x
platforms
autoconf-2.68p0 automatically configure source code on many Un*x
platforms
autoconf-2.69p1 automatically configure source code on many Un*x
platforms
automake-1.10.3p7   GNU Standards-compliant Makefile generator
automake-1.11.6p1   GNU Standards-compliant Makefile generator
automake-1.12.6p0   GNU Standards-compliant Makefile generator
avahi-0.6.31p13 framework for Multicast DNS Service Discovery
bash-4.2.45p0   GNU Bourne Again Shell
bison-2.3p1 GNU parser generator
bzip2-1.0.6p0   block-sorting file compressor, unencumbered
cabextract-1.4  extracts files from Microsoft CAB archives
cairo-1.12.16   vector graphics library
clamav-0.98.1   virus scanner
cups-libs-1.7.1 CUPS libraries and headers
curl-7.34.0p0   get files from FTP, Gopher, HTTP or HTTPS servers
cyrus-sasl-2.1.26p10 RFC  SASL (Simple Authentication and Security
Layer)
db-4.6.21p0v0   Berkeley DB package, revision 4
dbus-1.8.0v0message bus system
docbook-4.5p1   technical documentation XML/SGML definitions
docbook-dsssl-1.79  modular DSSSL stylesheets for the DocBook DTD
docbook-xsl-1.68.1p5 docbook XSL modular stylesheet
e2fsprogs-1.42.7p0  utilities to manipulate ext2 filesystems
easy-rsa-2.2.0p0small RSA key management package
gd-2.0.35p1 library for dynamic creation of images
gdbm-1.10p0 GNU dbm
gettext-0.18.2p4GNU gettext
glib2-2.38.2p6  general-purpose utility library
gmake-4.0p0 GNU make
gnugetopt-1.1.4p2   GNU getopt(1) utility
gnupg-1.4.16GNU privacy guard - a free PGP replacement
gobject-introspection-1.38.0p1 GObject Introspection
gperf-3.0.4p0   perfect hash functions, to help write parsers
groff-1.22.2p4  GNU troff typesetter
help2man-1.41.1p0   generates simple manual pages from program output
icu4c-52.1  International Components for Unicode
iftop-1.0pre2p0 display bandwidth usage on an interface
intltool-0.50.2 internationalization tools
iso8879-1986p0  character entity sets from ISO 8879:1986 (SGML)
jdk-1.6.0.32p6  Java2(TM) SE Dev Kit v1.6.0.32
jnettop-0.13.0p1capture network traffic, display streams sorted by
bandwidth
jpeg-9p0IJG's JPEG compression utilities
lha-1.14i.ac20050924.1 archive files using LZW compression (.lzh files)
libdaemon-0.14p0lightweight C library that eases the writing of daemons
libelf-0.8.13p1 read, modify, create ELF files on any arch
libexecinfo-0.2p3v0 clone of backtrace facility found in the GNU libc
libffi-3.0.9p6  Foreign Function Interface
libgcrypt-1.6.1 crypto library based on code used in GnuPG
libghttp-1.0.9p2GNOME http client library
libgpg-error-1.12p0 error codes for GnuPG related software
libiconv-1.14p1 character set conversion library
libidn-1.28p0   internationalized string handling
libltdl-2.4.2p0 GNU

Re: The rant about browsers

[Zeljko Jovanovic]

On 23.08.2014. 18:16, Nick Holland wrote:


real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)

...

cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz


ok, how do I put this nicely...
To run a modern browser, you need a modern computer.  1.5GB RAM and a
celeron processor doesn't cut it.
NOW, that doesn't cause CRASHES, but when you fix the crashes by
cranking up your login.conf specs, you will be so far into swap you will
wish your browser crashed.


Well, nowadays one can get a very fast CPU and lot of RAM cheaply, but that does 
not mean all of this is necessary in order to just browse the web.


From time to time, I must use a 12-year old Pentium 4 Northwood, 1.8 GHz, 512 
kB cache with 512 MB RAM, it has Windows XP installed and is quite usable with 
modern web browsers.


Until recently, I also regularly used an Athlon64 Venice, 2.0 GHz, 1 MB cache 
and 1 GB RAM under Linux, and it was usable even with many tabs/sites open. The 
only problem was Adobe flash Linux plugin, which was for some reason slower than 
its Windows counterpart.


Current Pentiums and Celerons (such as this G530) are based on Core i 
architecture, have more than one core, and are much faster than the two 
mentioned processors. 1.5 GB RAM is also _a lot of memory_, regardless how easy 
is to get more today.


The point is: It should work just fine. Just raise the OS memory limits.

Re: Dell PE2900 instant-reboot with 5.5-RELEASE

[Stan Gammons]

On 08/23/14 18:30, Adam Thompson wrote:

On 14-08-23 05:49 PM, Adam Thompson wrote:
Copying install55.fs to a USB stick and booting from it starts to 
boot, gets part-way through the boot process, then suddenly reboots.


All amd64 images fail in exactly the same way.  The server logs a 
Machine Check Exception on CPU1 along with a bunch of "Unknown OEM 
Sensor triggered" events.  (It's a Dell - how can the OEM [i.e. Dell!] 
sensors be unknown???)


And now begins the torturous process of determining what changed - 
booting a 4.0 amd64 CD works just fine.


I was about to start a binary search to find the last version that 
worked correctly, but I see the main site and mirrors all go back as 
far as 5.3 and no further.


My google-fu is weak, apparently - where do I find (i.e. download) 
older releases that I can't find my CDs for?





I would try a CD image to see if it reboots.  Use the DRAC, if 
available,  to log the output.


I have seen bad memory cause machine check exceptions.  Although it's 
odd that an older OpenBSD image boots.  Might want to run Dell diags to 
see if it turns up anything.  Or reseat all of the DIMMs to see if that 
helps.


The PE2900 is a bit old.  A little more modern hardware, if possible,  
might be a better option.  One of my favourite Dell machines is the 
R900, but it's pretty old too...



Stan

Re: Dell PE2900 instant-reboot with 5.5-RELEASE

[Nick Holland]

On 08/23/14 18:49, Adam Thompson wrote:
> Posting here before filing a bug in case this rings a bell...
> 
> Dell PowerEdge 2900, with PERC 5 "integrated" controller.  All BIOSes 
> and firmware levels up to date as of ~6 months ago.  (Which should be 
> pretty current, since this isn't a new system!)
> 
> Copying install55.fs to a USB stick and booting from it starts to boot, 
> gets part-way through the boot process, then suddenly reboots.

This machine has a CDROM drive on it, and Dell has had some fantasticly
buggy USB support in the BIOS in the past.  Use the CDROM.  Or the ISO
file through the DRAC.  I know I've booted some OSs from USB drives on
2950s, but I don't recall if OpenBSD was one of them.

> This server does the exact same thing with Ubuntu 12.04.x, but otherwise 
> works fine: FreeBSD (via FreeNAS), DragonflyBSD 3.8.2, Debian (via 
> ProxmoxVE), CentOS 6.4 all boot and work just fine; it's been operating 
> as a Proxmox server in production for the last 12 months without any 
> issues, so I'm fairly confident it's not a hardware problem.
> 
> I don't even know where to start with this... ideas?  Right now, I'm 
> re-writing the install FS so I can re-test, then I'll try an actual 
> CD-ROM.  I can take video of the boot screen, not sure how to get serial 
> console output that early in the process.

If your machine won't boot a CDROM image, I suspect your machine is
broke.  While I've never had a Dell PE2900 in my hands, the PE2950 is
supposedly a very similar machine...and I think it is very very safe to
say that OpenBSD works wonderfully on 2950s, and I'm pretty sure I've
loaded Ubuntu 12.04 on 'em, as well.

Nick.

Re: Dell PE2900 instant-reboot with 5.5-RELEASE

[Adam Thompson]

On 14-08-23 05:49 PM, Adam Thompson wrote:
Copying install55.fs to a USB stick and booting from it starts to 
boot, gets part-way through the boot process, then suddenly reboots.


All amd64 images fail in exactly the same way.  The server logs a 
Machine Check Exception on CPU1 along with a bunch of "Unknown OEM 
Sensor triggered" events.  (It's a Dell - how can the OEM [i.e. Dell!] 
sensors be unknown???)


And now begins the torturous process of determining what changed - 
booting a 4.0 amd64 CD works just fine.


I was about to start a binary search to find the last version that 
worked correctly, but I see the main site and mirrors all go back as far 
as 5.3 and no further.


My google-fu is weak, apparently - where do I find (i.e. download) older 
releases that I can't find my CDs for?


--
-Adam Thompson
 athom...@athompso.net

Dell PE2900 instant-reboot with 5.5-RELEASE

[Adam Thompson]

Posting here before filing a bug in case this rings a bell...

Dell PowerEdge 2900, with PERC 5 "integrated" controller.  All BIOSes 
and firmware levels up to date as of ~6 months ago.  (Which should be 
pretty current, since this isn't a new system!)


Copying install55.fs to a USB stick and booting from it starts to boot, 
gets part-way through the boot process, then suddenly reboots.


This server does the exact same thing with Ubuntu 12.04.x, but otherwise 
works fine: FreeBSD (via FreeNAS), DragonflyBSD 3.8.2, Debian (via 
ProxmoxVE), CentOS 6.4 all boot and work just fine; it's been operating 
as a Proxmox server in production for the last 12 months without any 
issues, so I'm fairly confident it's not a hardware problem.


I don't even know where to start with this... ideas?  Right now, I'm 
re-writing the install FS so I can re-test, then I'll try an actual 
CD-ROM.  I can take video of the boot screen, not sure how to get serial 
console output that early in the process.


--
-Adam Thompson
 athom...@athompso.net

Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

[Zach Leslie]

> > >Are there any YubiKey-like devices that can contain many static
> > >password, not one like YubiKey?
> >
> > Not sure it helps, but mine contains two...
>
> It helps! I need one for login password and second for firefox's password
> manager. Which model do you use?

All yubikeys have the two slots, to my knowledge, which can be set either
static or otp.

Re: The rant about browsers

[Stefan Berger]

On Sat, Aug 23, 2014 at 08:15:23PM +0200, Peter J. Philipp wrote:
> However I have a different problem.  I use firefox over ssh to another
> user on the same system.  I do this because I don't want a would-be
> attacker to get to sensitive files such as my ssh keys.  Now this setup
> runs pretty good, except at one point and perhaps someone can look into
> this for me.  When I control-f for searching a website and enter 3
> characters the browser crashes.  However it doesn't happen always and it
> never happens when I run firefox as my own user.

works for me.  

> Another drawback to my using another user to sandbox firefox is that I
> cannot copy-paste from browser to another window, not sure if that is
> related.

just select the text, and paste it with the third mouse button 
(usually the mouse wheel)

> Anyhow for memory I'm set with 32 GB so that's not the problem in this
> system.

32 GB RAM?  Not bad... 



berger s. 

Re: The rant about browsers

[Peter J. Philipp]

On 08/23/14 19:59, Amit Kulkarni wrote:

> That is your problem...memory You will definitely see better performance
> with more memory. I use Pentium G2020 with 8GB of memory and the
> performance is good for browsing/occasional video with daily restart. Tweak
> the follwoing variables in /etc/login.conf
> 
> datasize-max === 3G
> datasize-cur   === 2G
> 

I'm going to say something but not sure if it would be seen as a
hijacking of the thread, if so, let me know and I'll take it to another
thread.

I use firefox too and I have never adjusted my datasize yet, never
needed too.  There is only a few websites that crash it and I don't
usually visit those.

However I have a different problem.  I use firefox over ssh to another
user on the same system.  I do this because I don't want a would-be
attacker to get to sensitive files such as my ssh keys.  Now this setup
runs pretty good, except at one point and perhaps someone can look into
this for me.  When I control-f for searching a website and enter 3
characters the browser crashes.  However it doesn't happen always and it
never happens when I run firefox as my own user.

Another drawback to my using another user to sandbox firefox is that I
cannot copy-paste from browser to another window, not sure if that is
related.

Anyhow for memory I'm set with 32 GB so that's not the problem in this
system.

Sincerely,

-peter

Re: The rant about browsers

[Amit Kulkarni]

On Sat, Aug 23, 2014 at 11:16 AM, Nick Holland 
wrote:

> On 08/23/14 10:30, Gregory Edigarov wrote:
> > Hello Everybody.
> >
> > Before anything I want to say big thanks to the developers of OpenBSD,
> > for maintaining it. After some ~10 years of being the loyal OpenBSD
> > user, I never had any problem with OpenBSD itself, besides may be 2 or
> > three times.
> > It is impressive. Every other system I use gives problems from time to
> > time, so I am thanking you, guys, every time I type a command.
> >
> > Now onto the bitter part. For some reason, since, may be, AFAIR 5.2
> > times, I do not see any browser that is working flawlessly under our
> > loved system.
> > Everything is happened on the same set of sites I use routinely everyday.
> >
> > I tried:
> > Firefox - bad, bad, bad. It fails 1000 times a day.
>
> On your machine, firefox couldn't be restarted 1000 times a day.
> (ok, not sure where my sense if irony is today...)
> ...
>
> > dmesg follows:
> > OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 1568260096 (1495MB)
> > avail mem = 1517772800 (1447MB)
> ...
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
>
> ok, how do I put this nicely...
> To run a modern browser, you need a modern computer.  1.5GB RAM and a
> celeron processor doesn't cut it.
> NOW, that doesn't cause CRASHES, but when you fix the crashes by
> cranking up your login.conf specs, you will be so far into swap you will
> wish your browser crashed.
>
> Modern browsers leak memory like everyone has 16GB and a quad-core proc,
> AND restarts their browser several times a day.  Look at those same
> browsers on Windows (their target market), you see the same thing. The
> difference is, OpenBSD kicks out programs that exceed predefined limits,
> that's what you are most likely seeing.
>
> But most likely, login.conf will fix your crash problem, as I use
> firefox, Chromium and Thunderbird on my amd64 system (three-core, 4G
> RAM), and usually get a week or two uptime between shutdowns (because of
> hitting RAM limits).
>
> Nick.
>

+1

That is your problem...memory You will definitely see better performance
with more memory. I use Pentium G2020 with 8GB of memory and the
performance is good for browsing/occasional video with daily restart. Tweak
the follwoing variables in /etc/login.conf

datasize-max === 3G
datasize-cur   === 2G

Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

[Артур Истомин]

On Sat, Aug 23, 2014 at 02:09:20PM +0200, Alexander Hall wrote:
> 
> 
> On August 23, 2014 4:33:55 AM CEST, "Артур Истомин"  
> wrote:
> >On Fri, Aug 22, 2014 at 04:03:59PM -0700, Zach Leslie wrote:
> >> > However, I don't know how it is seen by the system and if it would
> >> > show up as a drive. Anyone in here is using a smart card to decrypt
> >> > volumes at boot?
> >> 
> >> You could use a YubiKey with a static long password to unlock the
> >boot
> >> volume.
> >
> >[offtop]
> >
> >Are there any YubiKey-like devices that can contain many static
> >password, not one like YubiKey?
> 
> Not sure it helps, but mine contains two...

It helps! I need one for login password and second for firefox's password
manager. Which model do you use?

Re: New queueing system and HZ value limits

[Chris Cappuccio]

Henning Brauer [hb-open...@ml.bsws.de] wrote:
> > Any idea why this was so much less of a problem with altq?
> 
> it wasn't... the hfsc core was the same, and cbq worked exactly the same
> way too.
> 
> People might not have paid as much attention? I dunno.
> 

Raising HZ was frowned upon when I ported altq because it sped up
_everything_ for the benefit of a potentially unused subsystem.

I bet there is a technique to be learned from tickless kernels here.

Re: The rant about browsers

[Timo Myyrä]

23.8.2014 17:31, Gregory Edigarov kirjoitti:

Hello Everybody.

Before anything I want to say big thanks to the developers of OpenBSD, 
for maintaining it. After some ~10 years of being the loyal OpenBSD 
user, I never had any problem with OpenBSD itself, besides may be 2 or 
three times.
It is impressive. Every other system I use gives problems from time to 
time, so I am thanking you, guys, every time I type a command.


Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
times, I do not see any browser that is working flawlessly under our 
loved system.

Everything is happened on the same set of sites I use routinely everyday.

I tried:
Firefox - bad, bad, bad. It fails 1000 times a day.

Chromium - it is better, in terms. Yes, it will not fail on the plain 
place (it is a Russian idiom, which means 'from nothing' or 'from no 
reason one can observe'), but left for some time it starts to be 
so slow... was forced  to stay away from it too. but after all it is 
the only browser under OpenBSD that have a working lastpass plugin. 
(and I need lastpass, if I want to share my passwords between home and 
job computers)


Seamonkey - potentially good project. but suffers from the same 
problems like firefox. although it is fails much much less, the 
frequency is still unacceptable for me.


I also used xombrero and it was good, but again, from somewhere 
between 5.2 - 5.3 times it has started to fail with an unacceptable 
frequency.


I know, I should write to upstream mailing lists of the projects I've 
mentioned above, but before that, I want to know if somebody else is 
suffering such problems and I am still sure maintatiners of the 
corresponding ports will do it better than me if they find it is a 
problem.


--
With best regards,
   Gregory Edigarov

dmesg follows:
OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb170 (91 entries)
bios0: vendor American Megatrends Inc. version "0701" date 07/04/2012
bios0: ASUSTeK COMPUTER INC. P8H61-M2 USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) USBE(S4) 
PEX0(S4) PEX1(S4) PEX3(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) 
P0P2(S4) P0P3(S4) P0P4(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PEX0)
acpiprt2 at acpi0: bus 3 (PEX1)
acpiprt3 at acpi0: bus 5 (PEX3)
acpiprt4 at acpi0: bus 6 (PEX5)
acpiprt5 at acpi0: bus -1 (PEX6)
acpiprt6 at acpi0: bus -1 (PEX7)
acpiprt7 at acpi0: bus 1 (P0P1)
acpiprt8 at acpi0: bus -1 (P0P2)
acpiprt9 at acpi0: bus -1 (P0P3)
acpiprt10 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 
2000, 1900, 1800, 1700, 1600 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
ppb0 at pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 0 
int 23

usb0 at 

Re: The rant about browsers

[Nick Holland]

On 08/23/14 10:30, Gregory Edigarov wrote:
> Hello Everybody.
> 
> Before anything I want to say big thanks to the developers of OpenBSD, 
> for maintaining it. After some ~10 years of being the loyal OpenBSD 
> user, I never had any problem with OpenBSD itself, besides may be 2 or 
> three times.
> It is impressive. Every other system I use gives problems from time to 
> time, so I am thanking you, guys, every time I type a command.
> 
> Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
> times, I do not see any browser that is working flawlessly under our 
> loved system.
> Everything is happened on the same set of sites I use routinely everyday.
> 
> I tried:
> Firefox - bad, bad, bad. It fails 1000 times a day.

On your machine, firefox couldn't be restarted 1000 times a day.
(ok, not sure where my sense if irony is today...)
...

> dmesg follows:
> OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 1568260096 (1495MB)
> avail mem = 1517772800 (1447MB)
...
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz

ok, how do I put this nicely...
To run a modern browser, you need a modern computer.  1.5GB RAM and a
celeron processor doesn't cut it.
NOW, that doesn't cause CRASHES, but when you fix the crashes by
cranking up your login.conf specs, you will be so far into swap you will
wish your browser crashed.

Modern browsers leak memory like everyone has 16GB and a quad-core proc,
AND restarts their browser several times a day.  Look at those same
browsers on Windows (their target market), you see the same thing. The
difference is, OpenBSD kicks out programs that exceed predefined limits,
that's what you are most likely seeing.

But most likely, login.conf will fix your crash problem, as I use
firefox, Chromium and Thunderbird on my amd64 system (three-core, 4G
RAM), and usually get a week or two uptime between shutdowns (because of
hitting RAM limits).

Nick.

[patch] www/faq/faq6.html: add otus(4), rsu(4), urtwn(4) to wireless networking list

[Carlin Bingham]

Just noticed that these drivers are not listed



Index: faq6.html
===
RCS file: /cvs/www/faq/faq6.html,v
retrieving revision 1.318
diff -u -r1.318 faq6.html
--- faq6.html7 Aug 2014 01:51:34 -1.318
+++ faq6.html23 Aug 2014 14:20:42 -
@@ -2053,6 +2053,8 @@
 Intel WiFi Link 4965/5100/5300 802.11a/b/g/Draft-N wireless.
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=malo&sektion=4";>malo(4)

 Marvell Libertas 802.11b/g
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=otus&sektion=4";>otus(4)

+Atheros USB 802.11a/g/n
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=pgt&sektion=4";>pgt(4)

 Conexant/Intersil Prism GT Full-MAC 802.11a/b/g
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=ral&sektion=4";>ral(4)

@@ -2060,6 +2062,8 @@
 Ralink Technology RT25x0 802.11a/b/g. (AP)
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=ray&sektion=4";>ray(4)

 Raytheon Raylink/WebGear Aviator 802.11FH
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=rsu&sektion=4";>rsu(4)

+Realtek RTL8188SU/RTL8192SU USB 802.11b/g/n
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=rtw&sektion=4";>rtw(4)

 Realtek 8180 802.11b. (AP)
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=rum&sektion=4";>rum(4)

@@ -2072,6 +2076,8 @@
 Conexant/Intersil PrismGT SoftMAC USB 802.11b/g
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=urtw&sektion=4";>urtw(4)

 Realtek RTL8187L USB 802.11b/g
+href="http://www.openbsd.org/cgi-bin/man.cgi?query=urtwn&sektion=4";>urtwn(4)

+Realtek RTL8188CU/RTL8192CU USB 802.11b/g/n
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=wi&sektion=4";>wi(4)

 Prism2/2.5/3. (AP)
 href="http://www.openbsd.org/cgi-bin/man.cgi?query=wpi&sektion=4";>wpi(4)

The rant about browsers

[Gregory Edigarov]

Hello Everybody.

Before anything I want to say big thanks to the developers of OpenBSD, 
for maintaining it. After some ~10 years of being the loyal OpenBSD 
user, I never had any problem with OpenBSD itself, besides may be 2 or 
three times.
It is impressive. Every other system I use gives problems from time to 
time, so I am thanking you, guys, every time I type a command.


Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
times, I do not see any browser that is working flawlessly under our 
loved system.

Everything is happened on the same set of sites I use routinely everyday.

I tried:
Firefox - bad, bad, bad. It fails 1000 times a day.

Chromium - it is better, in terms. Yes, it will not fail on the plain 
place (it is a Russian idiom, which means 'from nothing' or 'from no 
reason one can observe'), but left for some time it starts to be so 
slow... was forced  to stay away from it too. but after all it is the 
only browser under OpenBSD that have a working lastpass plugin. (and I 
need lastpass, if I want to share my passwords between home and job 
computers)


Seamonkey - potentially good project. but suffers from the same problems 
like firefox. although it is fails much much less, the frequency is 
still unacceptable for me.


I also used xombrero and it was good, but again, from somewhere between 
5.2 - 5.3 times it has started to fail with an unacceptable frequency.


I know, I should write to upstream mailing lists of the projects I've 
mentioned above, but before that, I want to know if somebody else is 
suffering such problems and I am still sure maintatiners of the 
corresponding ports will do it better than me if they find it is a problem.


--
With best regards,
   Gregory Edigarov

dmesg follows:
OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb170 (91 entries)
bios0: vendor American Megatrends Inc. version "0701" date 07/04/2012
bios0: ASUSTeK COMPUTER INC. P8H61-M2 USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) USBE(S4) 
PEX0(S4) PEX1(S4) PEX3(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) P0P2(S4) 
P0P3(S4) P0P4(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PEX0)
acpiprt2 at acpi0: bus 3 (PEX1)
acpiprt3 at acpi0: bus 5 (PEX3)
acpiprt4 at acpi0: bus 6 (PEX5)
acpiprt5 at acpi0: bus -1 (PEX6)
acpiprt6 at acpi0: bus -1 (PEX7)
acpiprt7 at acpi0: bus 1 (P0P1)
acpiprt8 at acpi0: bus -1 (P0P2)
acpiprt9 at acpi0: bus -1 (P0P3)
acpiprt10 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 2000, 
1900, 1800, 1700, 1600 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
ppb0 at pci0 dev 1 function 0 "Intel Core 2G PCIE" rev 0x09: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x05: apic 0 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI 

Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

[Alexander Hall]

On August 23, 2014 4:33:55 AM CEST, "Артур Истомин"  wrote:
>On Fri, Aug 22, 2014 at 04:03:59PM -0700, Zach Leslie wrote:
>> > However, I don't know how it is seen by the system and if it would
>> > show up as a drive. Anyone in here is using a smart card to decrypt
>> > volumes at boot?
>> 
>> You could use a YubiKey with a static long password to unlock the
>boot
>> volume.
>
>[offtop]
>
>Are there any YubiKey-like devices that can contain many static
>password, not one like YubiKey?

Not sure it helps, but mine contains two...

/Alexander

Re: iked troubles, SA not installed

[Stuart Henderson]

On 2014-08-21, Vincent Gross  wrote:
> here is the routing table on the gateway once S[AP] are installed:
>
> Encap:
> Source Port  DestinationPort  Proto 
> SA(Address/Proto/Type/Direction)
> 192.168.55.220/32  0 192.168.56.1/320 0 
> 37.160.166.168/esp/use/in
> 192.168.56.1/320 192.168.55.220/32  0 0 
> 37.160.166.168/esp/require/out
> default0 default0 0 none/esp/deny/out
>
> Yet, tcpdump on gateway's enc0 shows this:
>
> tcpdump: listening on enc0, link-type ENC
> tcpdump: WARNING: compensating for unaligned libpcap packets
> 11:29:00.455369 (authentic,confidential): SPI 0xa5ba5ce9: 79.143.250.153.22 >
> 37.160.166.168.16215: P 1027357934:1027357978(44) ack 3953089614 win 2112 (DF)
> [tos 0x10] (encap)
> 11:29:00.456355 (authentic,confidential): SPI 0xa5ba5ce9: 79.143.250.153.22 >
> 37.160.166.168.16215: P 44:88(44) ack 1 win 2112 (DF) [tos 0x10] (encap)

I've reported problems like this before, where traffic is handled by IPsec
that shouldn't be - and mostly (or possibly always) connected with IPsec
flows that restrict traffic by protocol.

> When I got this dump, I already had an SSH connection between laptop and
> gateway, and I tried to connect to gateway's 222/tcp using telnet.
>
> In my previous message, I put a tcpdump trace showing what happens when
> I try to establish a TCP connection: I had the TCP handshake completed
> over raw IP, the laptop sent its first data packet, but I had no
> response whatsoever, just a bunch of ESP packets.
>
> So This is what I conclude form all that stuff:
> 1) IPSec parameters are negociated between ikeds
> 2) gateway installs SPs and SAs
> 3) TCP handshake goes on raw IP, no problem
> 4) gateway routes all established TCP flows through IPSec, including those
> already established and not matched by the installed SPs ...
>
> I ran a test over UDP using inetd echo on gateway, and nc -u on the
> laptop. After the gateway installed the SAs and SPs, I had no problem
> having the data I sent form the laptop to the gateway echoed back, so
> whatever is going on during the routing phase, it leaves UDP traffic
> alone.

I have seen it with UDP as well, at least DNS and NTP traffic.

> I will update both systems tonight with the latest snapshot, and seen if
> the problem persists.

It has persisted for at least several years :(

Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)

[Alan McKay]

On Sat, Aug 23, 2014 at 6:21 AM, Stuart Henderson  wrote:
> It may be easier to installboot(8) after copying.

Yeah I used installboot


-- 
"Don't eat anything you've ever seen advertised on TV"
 - Michael Pollan, author of "In Defense of Food"

Re: New queueing system and HZ value limits

[Stuart Henderson]

On 2014-08-22, Henning Brauer  wrote:
> * Stuart Henderson  [2014-08-22 13:51]:
>> On 2014-08-22, Henning Brauer  wrote:
>> > * Federico Giannici  [2014-08-22 09:51]:
>> >> On 08/22/14 08:22, Henning Brauer wrote:
>> >> >* Adam Thompson  [2014-08-21 19:13]:
>> >> >>Unless I've mis-understood all the emails and reports about this, it 
>> >> >>affects low-bandwidth queues, not low-bandwidth interfaces.
>> >> >>In other words, limiting traffic to 50Mbps on a 1Gb link will work 
>> >> >>fine, limiting it to 50kbps on the same link will not.
>> >> >>Yes/no?
>> >> >pretty much.
>> >> I can imagine that it could be rather complicated to give the exact 
>> >> numbers,
>> >> but can you give me an idea where the problem comes from, and maybe where 
>> >> I
>> >> can find more info about it?
>> > kinda obvious: BW measurement and go/holdoff decision is (at most) once per
>> > tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can
>> > transfer "too much" data within one tick, the bw shaping becomes
>> > inaccurate. Obviously worse the bigger the difference between
>> > interface speed and desired queue speed is.
>> Any idea why this was so much less of a problem with altq?
>
> it wasn't... the hfsc core was the same, and cbq worked exactly the same
> way too.
>
> People might not have paid as much attention? I dunno.

If anything I'd expect altq to be less accurate as IIRC it used
getmicrouptime rather than microuptime But somehow, my setup with
512K-1Mb queues (pppoe with pppoedev on em0, 100Mb link on a 1Gb nic)
worked ok with altq with default HZ.

Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)

[Stuart Henderson]

On 2014-08-22, Maurice McCarthy  wrote:
> Hi,
>
> /boot is found by block number and offset of its inode so I think the root 
> partition should be copied using dd. 

It may be easier to installboot(8) after copying.

Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

[Stuart Henderson]

On 2014-08-22, Julien Meister  wrote:
> Thank you very much.
>
> So there is really really no way for the system to retrieve the key stored
> on the smart card (using GnuPG) at boot in order to decrypt
> the volumes?

Correct, you can't run application programs like GnuPG before the
system has booted.

Re: amavisd uses high cpu usage?

[Stuart Henderson]

On 2014/08/23 09:02, Indunil Jayasooriya wrote:
> 
> 
> Hi Stuart,
> 
> 
> 
> amavisd-new runs fine for me on OpenBSD without particularly high
> CPU use.
> 
> 
>    I am very glad to hear that it is running fine on my favourite
> Operating system OpenBSD.
> 
>  is  Amavisd-new running on OpenBSD 5.5 ?

I've had it running on every version since about 5.2.
> 
>    I did a debug with the command " /usr/local/sbin/amavisd debug  " 
> (I set $log_level = 5 in /etc/amavisd.conf file)
> 
> it says
> 
> Segmentation fault 
> 
> Then, I uncommented @bypass_spam_checks_maps  = (1);  in /etc/
> amavisd.conf file.
> 
> Pls see below
> 
> 
> # @bypass_virus_checks_maps = (1);  # controls running of anti-virus
> code
>  @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
> # $bypass_decode_parts = 1; # controls running of decoders&
> dearchivers
> 
> 
> Then. restarted amavisd (  /etc/rc.d/amavisd restart ) . Then, It
> started working..




> I did a debug with the command " /usr/local/sbin/amavisd debug  " again
> 
> then, it gave this.
> 
> The amavisd daemon is already running, PID: [4909]

"amavisd debug" runs a standalone copy, displaying log entries on screen
rather than to a file. You should run it when amavisd is not already running.

> I think may be something is wrong with perl modules.

Could be. How did you install things? Is this a fresh 5.5 install or an
upgrade from an earlier version? Did you upgrade all packages?