Re: sensorsd, upd, and state changes

[Marcus MERIGHI]

j...@entropicblur.com (Joe Gidi), 2014.11.27 (Thu) 16:41 (CET):
> I just spent some more time poking at this and I'm still unable to get

So did I...

> sensorsd to recognize upd state changes. This is a bit of a frustrating
> regression from my point of view, since I can no longer use apcupsd unless
> I disable uhidev in the kernel.
> 
> Does anyone have a working example configuration for sensorsd/upd?

What I have now:

$ getcap -a -f /etc/sensorsd.conf
hw.sensors.upd0.indicator0:low=1:high=2:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4
hw.sensors.upd0.indicator1:low=1:high=2:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4
hw.sensors.upd0.indicator2:low=1:high=2:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4
hw.sensors.upd0.indicator3:low=1:high=2:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4
hw.sensors.upd0.indicator4:low=1:high=2:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4
hw.sensors.upd0.percent0:low=10:high=100:command=\
/etc/sensorsd/upd-capacityremaining.sh %l %n %s %x %t %2 %3 %4
hw.sensors.upd0.percent1:low=95:high=100:command=/etc/sensorsd/upd.sh \
%l %n %s %x %t %2 %3 %4

The ``command=/etc/sensorsd/upd.sh'' lines are just informational.

The workhorse is "command=/etc/sensorsd/upd-capacityremaining.sh":

#!/bin/sh -e
if [[ X"${1}" == X"below" ]]; then
logger -t "UPD-capacityremaining" "SHUTDOWN (${@})"
shutdown -hp +1
else
logger -t "UPD-capacityremaining" "NON-SHUTDOWN (${@})"
fi


I did some testing (plug/unplug, wait for hw.sensors.upd0.percent0 to go
below low=) and left it as "working".

Bye, Marcus

> On Sun, November 23, 2014 11:51 am, Marcus MERIGHI wrote:
> > j...@entropicblur.com (Joe Gidi), 2014.11.23 (Sun) 17:19 (CET):
> >> Just after I sent this, I happened to notice these lines in
> >> /var/log/messages. These came from the tests with the "low=1:high=2"
> >> attributes set in sensorsd.conf per the Undeadly example.
> >>
> >> Nov 23 10:58:08 microserver sensorsd[6250]: upd0.indicator2: exceeds
> >> limits: On is below On
> >> Nov 23 10:59:54 microserver sensorsd[12047]: upd0.indicator2: exceeds
> >> limits: On is below On
> >> Nov 23 11:07:00 microserver sensorsd[27413]: upd0.indicator0: exceeds
> >> limits: On is below On
> >
> > As I had just copied the undeadly example as-is to my sensorsd.conf I
> > did receive the e-mail (i.e. command= worked). It was a false positive,
> > though, as no one had pulled the plug. Did you really pull the plug or
> > was yours a false positive, too?
> >
> > Bye, Marcus
> >
> >> On Sun, November 23, 2014 11:15 am, Joe Gidi wrote:
> >> > Hi Marcus,
> >> >
> >> > Thanks for the reply. Unfortunately, the "low=1:high=2" doesn't seem
> >> to
> >> > work for indicator2. When I start sensorsd I see an initial event
> >> logged
> >> > as the status goes from undefined to OK, but no further events as I
> >> > unplug/plug the UPS. I tried monitoring indicator0 as in the Undeadly
> >> > example, and I see exactly the same behavior.
> >> >
> >> > It appears to me that the driver should be changing the status (%s
> >> token)
> >> > of the indicators to something other than "OK" when the UPS loses
> >> mains
> >> > power, but it simply doesn't.
> >> >
> >> > BTW, I've tested with various check interval values for sensorsd, from
> >> the
> >> > default 20 seconds down to as low as 1 second, with no change in
> >> results.
> >> >
> >> > Is anyone successfully using sensorsd with upd?
> >> >
> >> > Thanks,
> >> >
> >> > Joe
> >> >
> >> > On Sun, November 23, 2014 4:13 am, Marcus MERIGHI wrote:
> >> >> j...@entropicblur.com (Joe Gidi), 2014.11.23 (Sun) 01:22 (CET):
> >> >>> I'm running OpenBSD 5.6/amd64 on my fileserver. It has an APC UPS
> >> that
> >> >>> was
> >> >>> previously managed with apcupsd. Since I upgraded to 5.6, the UPS
> >> now
> >> >>> attaches as a upd device:
> >> >>>
> >> >>> $ dmesg | grep uhidev3
> >> >>> uhidev3 at uhub3 port 5 configuration 1 interface 0 "APC Back-UPS ES
> >> >>> 450
> >> >>> FW:844.K2 .D USB FW:K2" rev 1.10/1.06 addr 2
> >> >>> uhidev3: iclass 3/0, 123 report ids
> >> >>> upd0 at uhidev3
> >> >>>
> >> >>> And it reports sensible values in hw.sensors:
> >> >>> $ sysctl hw.sensors.upd0
> >> >>> hw.sensors.upd0.indicator0=On (Charging), OK
> >> >>> hw.sensors.upd0.indicator1=Off (Discharging), OK
> >> >>> hw.sensors.upd0.indicator2=On (ACPresent), OK
> >> >>> hw.sensors.upd0.indicator3=On (BatteryPresent), OK
> >> >>> hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
> >> >>> hw.sensors.upd0.percent0=79.00% (RemainingCapacity), OK
> >> >>> hw.sensors.upd0.percent1=100.00% (FullChargeCapacity), OK
> >> >>>
> >> >>> So far, so good. Now, I'd like to configure sensorsd to monitor the
> >> >>> device
> >> >>> and invoke a script when the power goes out. I have this line in
> >> >>> sensorsd.conf:
> >> >>>
> >> >>> hw.sensors.upd0.indicator2:command=/etc/sensorsd/ups.sh %s %2
> >> >>>
> >> >>> The ups.sh script currently just echoes the token values that it's
> >> >>> passed

Re: Packet Filter router i368 vs 64bit

[Blaise Hizded]

On 11/28/2014 06:01 AM, Brad Smith wrote:
> On 11/27/14 23:50, jungle Boogie wrote:
>> Hi,
>> On 27 November 2014 at 20:38,   wrote:
>>>
>>> you can just use old hardware for these purposes.
>>>
>>> from the man who literally wrote the book on pf (from pf tutorial via
>>> http://home.nuug.no/~peter/pf/en/long-firewall.html):
>>>
>>>I have not seen comparable tests performed recently [3.1 era],
>>> but in my
>>>own experience and that of others, the PF filtering overhead is
>>> pretty
>>>much negligible. As one data point, the machine which gateways
>>> between
>>>one of the networks where I've done a bit of work and the world is a
>>>Pentium III 450MHz with 384MB of RAM. When I've remembered to
>>> check, I've
>>>never seen the machine at less than 96 percent 'idle' according
>>> to top.
>>>
>>
>> Yes, that's true! But less fun. ;)
>>
>> I do have some Dell dimensions machine with OpenBSD -current running
>> now that I could easily get two NICs but its kinda old and slow to
>> update current. I'll measure the power to see how much it uses.
>>
>> With the fact that old hardware, why would the APU be "OK" and not good?
>
> I don't see anyone claiming it would not be good. It's more like if you
> happen to have some old hw around that it would probably be good enough
> for what you're describing but the APU system would also do the job just
> fine.
>
>
I run the previous generation ALIX 2D13 with OpenBSD 5.6 on it for a
home firewall with 10MB WAN broadband and 100MB between computers.
All is fine: low temperature, low consumption, same speed as with a
basic 100MBB switch.

So I guess the APU1C is fast enought for a home network.

Re: Packet Filter router i368 vs 64bit

[Christopher Vance]

I only have ADSL with downloads < 23Mb/s. A PC Engines ALIX does just fine
for my pf.

On Fri, Nov 28, 2014 at 3:25 PM, jungle Boogie 
wrote:

> Hi Stan,
> On 27 November 2014 at 20:09, Stan Gammons  wrote:
> >
> > The latest BIOS, 9/8/2014, doesn't fix the LED issue.
> >
> > I saw Brad's comments in the other email. The APU is Ok to use as a home
> > firewall. I have no experience on using one in more demanding
> environment.
> >
> >
>
> Well what would be something above OK? A soekris? It doesn't seem
> those have as much RAM, though.
>
> > Stan
> >
>
> Thanks,
> jb
>
>
>
> --
> ---
> inum: 883510009027723
> sip: jungleboo...@sip2sip.info
> xmpp: jungle-boo...@jit.si
>
>


-- 
Christopher Vance

Re: Confused about authpf real world usage

[bodie]

On 27.11.2014 17:09, Martin Hanson wrote:

Hi

So I am looking into authpf and I am wondering about some real world
applications.

I have a bunch of users, but I also have just a bunch of machines.

The machines cannot login via SSH and should not try to do so (via 
some

script or otherwise). However, these machines needs access 24/7.

So I was thinking about fixing rules to those machines before any
anchors for users, but I cannot see how this provides any security at
all - and bear with me if I am overlooking something.

If say machine 192.168.0.2 and 192.168.0.3 needs unrestricted access 
to

the net, then wont it be as easy as "Joe" changing his machines IP
address to 192.168.0.2 to gain access without authentication?

And what about other kinds of access? Now I get a brand new box in 
that

needs a fresh installation of some Linux distribution that we install
over HTTP. This new box doesn't come with a SSH console and the 
install

disk doesn't provide a console with SSH during installation.

Then I am beginning to see signs of "network segmentation" in my 
head,
but that kindda makes authpf more or less useless then - unless I 
need

to grant different people different access on the same segment I can
just segment the entire net.

Anyway, I hope I make sense! :)

How do you use authpf in real life?


Quite old, but still good and usable reading 
http://www.openbsd.org/papers/authgw-paper.pdf and 
http://www.openbsd.org/papers/authgw-slides.pdf




Kind regards.

Re: Poor disk performance

[bodie]

On 27.11.2014 19:37, David Unric wrote:

Thanks for the quick answer !

ad 1) disabled AHCI in BIOS as the only available option
 OpenBSD now boots with hdd attached as wd0 device, UDMA mode 
6 and
it did a significant improvement - unpacking finishes in about 6 
minutes,

but still magnitude worse then in NetBSD.


ad 2) Not slowed down by terminal/console output. Tar command miss 
`-v'
argument as you may notice from my original post, so no stdout at 
all.



ad 3) bellow is the output from vmstat, when tested with AHCI 
disabled (see

par. 1)
interrupt   total rate
irq0/clock  58557  750
irq0/ipi 2521   32
irq144/acpi0   160
irq96/ppb0  00
irq97/inteldrm0 80
irq97/ehci0500
irq176/azalia0  10
irq98/ppb1  00
irq99/ppb2  00
irq112/re0  00
irq100/ppb3 00
irq101/ehci1   690
irq102/pciide0   8970  115
irq103/ichiic0  00
irq102/pciide1  00
irq145/pckbc0 2633
irq146/pckbc0 1401
Total   70595  905

irq0/clock interrupts count is constantly increasing during test. Is 
the

number too high ? Possible issue here ?


ad 4) apm was set to high, CPUs were running at max frequency 2 GHz 
(shown

by sysctl)


ad 5) partition mounted with rw, softdep and noatime options. I'm 
reluctant
to turn async option on, as it shouldn't be enabled for normal 
operation.



Take care.


And now something completely else http://www.openbsd.org/report.html

Can you try to install latest snapshot on your laptop and do the same 
test and see results?

Are there any BIOS updates for your machine?
Seems like completely Samsung machine, they do funny stuff with ACPI 
like eg. Toshiba, maybe devs are interested in acpidump output?





On Thu, Nov 27, 2014 at 6:58 PM, Mike Larkin  
wrote:



On Thu, Nov 27, 2014 at 06:41:17PM +0100, David Unric wrote:
> Here is a full dmesg output if you think it would help:

Next steps I would try.

1. If you really wanted to verify this is a wd vs sd issue, you can 
usually
change the SATA controller mode in the BIOS to IDE instead of AHCI. 
As long
as you used DUIDs in fstab, the kernel should be able to find that 
you
moved from sd -> wd. I don't think you're going to find much here, 
but

worth
a try, I guess.

2. Are you unpacking this at the console? in X? I've sometimes seen 
console
output scrolling cause lots of delays. Try unpacking it and 
redirecting the

output to /dev/null and see if that helps.

3. vmstat -zi during unpack and systat vm 1 can help you identify 
what's

going on sometimes as well.

4. make sure apm is set to high performance (apmd, apm -H)

5. make sure you aren't doing something obvious like mounting the
filesystem
as 'sync', etc.

Your machine has hardware that is pretty similar to what many of us 
have

,so I
doubt this is some systemic problem and likely an issue either with 
your

machine
specifically or the way you are doing your test.

-ml

>
> OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
> 
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

> real mem = 6333923328 (6040MB)
> avail mem = 6156533760 (5871MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
> bios0: vendor American Megatrends Inc. version 
"13HX.M038.20110729.SSH"

> date 07/29/2011
> bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC HPET SLIC MCFG SSDT SSDT SSDT SSDT
> acpi0: wakeup devices USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3)
USB6(S3)
> USB7(S3) RP01(S3) RP04(S4) PEGA(S4) PWRB(S5)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.80 MHz
> cpu0:
>

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>

H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>

,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu1:
>

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SE

Confused about authpf real world usage

[thevoid]

On Thu, 27 Nov 2014 17:09:02 +0100 Martin Hanson  
wrote:
> Hi
> 
> So I am looking into authpf and I am wondering about some real world
> applications.
> 
> I have a bunch of users, but I also have just a bunch of machines.
> 
> The machines cannot login via SSH and should not try to do so (via some
> script or otherwise). However, these machines needs access 24/7.

then authpf may not be what you need. the purpose of authpf is to ensure that
the person needing outside access has to authenticate first, and it needs ssh.

> 
> So I was thinking about fixing rules to those machines before any
> anchors for users, but I cannot see how this provides any security at
> all - and bear with me if I am overlooking something.
> 
> If say machine 192.168.0.2 and 192.168.0.3 needs unrestricted access to
> the net, then wont it be as easy as "Joe" changing his machines IP
> address to 192.168.0.2 to gain access without authentication?

theoretically this is possible, but only if the original machine holding
the ip was down. just as a nameserver converts to an ip, the ip is converted
to a MAC-address, which is associated with the NIC. if you want you can
permantly associate an ip with a mac, that way another machine cannot use
that ip address, even if the rightful holder is down. see arp(8).

> 
> And what about other kinds of access? Now I get a brand new box in that
> needs a fresh installation of some Linux distribution that we install
> over HTTP. This new box doesn't come with a SSH console and the install
> disk doesn't provide a console with SSH during installation.

this is not a problem, you can configure a gateway to allow any access you
want. you can't use authpf for this however, but you could restrict the
machine being updated to only use http and only to a particular address
if you want.

pf is VERY flexible.

the pf firewall tutorial is here:
http://home.nuug.no/~peter/pf/en/long-firewall.html

> 
> Then I am beginning to see signs of "network segmentation" in my head,
> but that kindda makes authpf more or less useless then - unless I need
> to grant different people different access on the same segment I can
> just segment the entire net.
> 
> Anyway, I hope I make sense! :)
> 
> How do you use authpf in real life?

just like the man page says. that way you can know who is using the network
as opposed to what (machine) is using it.

> 
> Kind regards.

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hi Brad,
On 27 November 2014 at 21:01, Brad Smith  wrote:
>
> I don't see anyone claiming it would not be good. It's more like if you
> happen to have some old hw around that it would probably be good enough
> for what you're describing but the APU system would also do the job just
> fine.
>
>

Fair enough. ;) Thanks for the info!

>

Best,
j.b.



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

[Brad Smith]

On 11/27/14 23:50, jungle Boogie wrote:

Hi,
On 27 November 2014 at 20:38,   wrote:


you can just use old hardware for these purposes.

from the man who literally wrote the book on pf (from pf tutorial via
http://home.nuug.no/~peter/pf/en/long-firewall.html):

   I have not seen comparable tests performed recently [3.1 era], but in my
   own experience and that of others, the PF filtering overhead is pretty
   much negligible. As one data point, the machine which gateways between
   one of the networks where I've done a bit of work and the world is a
   Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've
   never seen the machine at less than 96 percent 'idle' according to top.



Yes, that's true! But less fun. ;)

I do have some Dell dimensions machine with OpenBSD -current running
now that I could easily get two NICs but its kinda old and slow to
update current. I'll measure the power to see how much it uses.

With the fact that old hardware, why would the APU be "OK" and not good?


I don't see anyone claiming it would not be good. It's more like if you
happen to have some old hw around that it would probably be good enough
for what you're describing but the APU system would also do the job just
fine.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Packet Filter router i368 vs 64bit

[Edgar Pettijohn]

On Nov 27, 2014, at 9:35 PM, jungle Boogie wrote:

> Hello All,
> On 25 November 2014 at 12:52, Motty Cruz  wrote:
>> Hello all,
>> I am searching for hardware to build a router with OpenBSD. I have found
>> mixed signals as to fastest system with i386 or 64bit. I know in the past
>> i386 OpenBSD used to perform a lot better than 64bit system.
>> 
> 
> I'm in similar situation as Motty, I'd like an OBSd to use for pf.
> 
> I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx
> with the msata drive.
> 
> Anyone have any objections? I know the NICs are not intel so that will
> probably get a strike against it, but I like the low power.
> 
>> Any suggestions!
>> Thanks,
>> Motty
>> 
> 
> Thanks,
> Jb
> 
> 
> -- 
> ---
> inum: 883510009027723
> sip: jungleboo...@sip2sip.info
> xmpp: jungle-boo...@jit.si
> 
> 


This is something I've been interested in trying, but I would want it as a 
wireless access point as well and not sure what cards are supported and work 
well.  Does anyone know of any good choices?

thanks

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hi,
On 27 November 2014 at 20:38,   wrote:
>
> you can just use old hardware for these purposes.
>
> from the man who literally wrote the book on pf (from pf tutorial via
> http://home.nuug.no/~peter/pf/en/long-firewall.html):
>
>   I have not seen comparable tests performed recently [3.1 era], but in my
>   own experience and that of others, the PF filtering overhead is pretty
>   much negligible. As one data point, the machine which gateways between
>   one of the networks where I've done a bit of work and the world is a
>   Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've
>   never seen the machine at less than 96 percent 'idle' according to top.
>

Yes, that's true! But less fun. ;)

I do have some Dell dimensions machine with OpenBSD -current running
now that I could easily get two NICs but its kinda old and slow to
update current. I'll measure the power to see how much it uses.

With the fact that old hardware, why would the APU be "OK" and not good?


jb
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

[thevoid]

On Thu, 27 Nov 2014 20:10:14 -0800 jungle Boogie  
wrote:
> Hi Brad,
> On 27 November 2014 at 19:51, Brad Smith  wrote:
> > On 11/27/14 22:35, jungle Boogie wrote:
> >> Anyone have any objections? I know the NICs are not intel so that will
> >> probably get a strike against it, but I like the low power.
> >
> >
> > Unless you guys give some sort of hints as to what these routers and /
> > or firewalls are going to be used for just asking for hardware
> > recommendations without such details is useless. What sort of throughput
> > / packets per second do you forsee on the inside network? What is your
> > target or expectation? If there is a WAN connection how fast is it? Are
> > you lucky enough to have Gbit or is it only say a 50Mbps connection?
> > Those types of details matter.
> >
> >
> 
> I think the WAN on my home connection is 100Mbit. I'd essentially like
> it to replace the cable company netgear router.
> 
> Regarding PPS, I have no idea how I'd measure that. It would be
> serving a home network with moderate network usage. I'd like basically
> have a router that I can experiment with pf and openbsd without the
> worry that the hardware is no good.
> 
> >
> > --
> >
> 
> Thanks,
> jb
> 
> -- 
> ---
> inum: 883510009027723
> sip: jungleboo...@sip2sip.info
> xmpp: jungle-boo...@jit.si
> 

you can just use old hardware for these purposes.

from the man who literally wrote the book on pf (from pf tutorial via
http://home.nuug.no/~peter/pf/en/long-firewall.html):

  I have not seen comparable tests performed recently [3.1 era], but in my
  own experience and that of others, the PF filtering overhead is pretty
  much negligible. As one data point, the machine which gateways between
  one of the networks where I've done a bit of work and the world is a
  Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've
  never seen the machine at less than 96 percent 'idle' according to top.

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hi Stan,
On 27 November 2014 at 20:09, Stan Gammons  wrote:
>
> The latest BIOS, 9/8/2014, doesn't fix the LED issue.
>
> I saw Brad's comments in the other email. The APU is Ok to use as a home
> firewall. I have no experience on using one in more demanding environment.
>
>

Well what would be something above OK? A soekris? It doesn't seem
those have as much RAM, though.

> Stan
>

Thanks,
jb



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

[Stan Gammons]

On 11/27/14 22:01, jungle Boogie wrote:

Hi Stan,
On 27 November 2014 at 19:49, Stan Gammons  wrote:

On 11/27/14 21:35, jungle Boogie wrote:

Anyone have any objections? I know the NICs are not intel so that will
probably get a strike against it, but I like the low power.



I have a couple of the APU1C's and they are Ok.  They had and to some extent
still have a few BIOS issues. Perhaps it's nit picking, but I wish they
would fix the LED link rate issue.  The APU's do run pretty warm, but that
doesn't seem to hurt reliability.



Well I think to run free/openBSD, you have to run a bios update.
Hopefully there's a newer bios that resolved those issues you




The latest BIOS, 9/8/2014, doesn't fix the LED issue.

I saw Brad's comments in the other email. The APU is Ok to use as a home 
firewall. I have no experience on using one in more demanding environment.



Stan

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hi Brad,
On 27 November 2014 at 19:51, Brad Smith  wrote:
> On 11/27/14 22:35, jungle Boogie wrote:
>> Anyone have any objections? I know the NICs are not intel so that will
>> probably get a strike against it, but I like the low power.
>
>
> Unless you guys give some sort of hints as to what these routers and /
> or firewalls are going to be used for just asking for hardware
> recommendations without such details is useless. What sort of throughput
> / packets per second do you forsee on the inside network? What is your
> target or expectation? If there is a WAN connection how fast is it? Are
> you lucky enough to have Gbit or is it only say a 50Mbps connection?
> Those types of details matter.
>
>

I think the WAN on my home connection is 100Mbit. I'd essentially like
it to replace the cable company netgear router.

Regarding PPS, I have no idea how I'd measure that. It would be
serving a home network with moderate network usage. I'd like basically
have a router that I can experiment with pf and openbsd without the
worry that the hardware is no good.

>
> --
>

Thanks,
jb

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hi Stan,
On 27 November 2014 at 19:49, Stan Gammons  wrote:
> On 11/27/14 21:35, jungle Boogie wrote:
>>
>> Anyone have any objections? I know the NICs are not intel so that will
>> probably get a strike against it, but I like the low power.
>>
>>
>
> I have a couple of the APU1C's and they are Ok.  They had and to some extent
> still have a few BIOS issues. Perhaps it's nit picking, but I wish they
> would fix the LED link rate issue.  The APU's do run pretty warm, but that
> doesn't seem to hurt reliability.
>
>

Well I think to run free/openBSD, you have to run a bios update.
Hopefully there's a newer bios that resolved those issues you

> Stan
>

jb


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

[Brad Smith]

On 11/27/14 22:35, jungle Boogie wrote:

Hello All,
On 25 November 2014 at 12:52, Motty Cruz  wrote:

Hello all,
I am searching for hardware to build a router with OpenBSD. I have found
mixed signals as to fastest system with i386 or 64bit. I know in the past
i386 OpenBSD used to perform a lot better than 64bit system.



I'm in similar situation as Motty, I'd like an OBSd to use for pf.

I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx
with the msata drive.

Anyone have any objections? I know the NICs are not intel so that will
probably get a strike against it, but I like the low power.


Unless you guys give some sort of hints as to what these routers and /
or firewalls are going to be used for just asking for hardware
recommendations without such details is useless. What sort of throughput
/ packets per second do you forsee on the inside network? What is your
target or expectation? If there is a WAN connection how fast is it? Are
you lucky enough to have Gbit or is it only say a 50Mbps connection?
Those types of details matter.


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Packet Filter router i368 vs 64bit

[Stan Gammons]

On 11/27/14 21:35, jungle Boogie wrote:

Hello All,
On 25 November 2014 at 12:52, Motty Cruz  wrote:

Hello all,
I am searching for hardware to build a router with OpenBSD. I have found
mixed signals as to fastest system with i386 or 64bit. I know in the past
i386 OpenBSD used to perform a lot better than 64bit system.


I'm in similar situation as Motty, I'd like an OBSd to use for pf.

I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx
with the msata drive.

Anyone have any objections? I know the NICs are not intel so that will
probably get a strike against it, but I like the low power.




I have a couple of the APU1C's and they are Ok.  They had and to some 
extent still have a few BIOS issues. Perhaps it's nit picking, but I 
wish they would fix the LED link rate issue.  The APU's do run pretty 
warm, but that doesn't seem to hurt reliability.



Stan

Re: Packet Filter router i368 vs 64bit

[jungle Boogie]

Hello All,
On 25 November 2014 at 12:52, Motty Cruz  wrote:
> Hello all,
> I am searching for hardware to build a router with OpenBSD. I have found
> mixed signals as to fastest system with i386 or 64bit. I know in the past
> i386 OpenBSD used to perform a lot better than 64bit system.
>

I'm in similar situation as Motty, I'd like an OBSd to use for pf.

I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx
with the msata drive.

Anyone have any objections? I know the NICs are not intel so that will
probably get a strike against it, but I like the low power.

> Any suggestions!
> Thanks,
> Motty
>

Thanks,
Jb


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: smtpd: mail stuck in queue

[Hugo Villeneuve]

On Fri, Nov 28, 2014 at 01:31:53AM +0100, Alexander Hall wrote:
> Hi,
> 
> I noticed a box of mine having had a misconfigured mail relay, resulting 
> in lots of mail queuing up. Now, after fixing the configuration, new 
> mail are properly sent.
> 
> However, it seems the invalid 'mta-relay' setting, as seen in the 
> envelopes of the queued mail does not get revised while issuing 'smtpctl 
> schedule ...'. Thus, the old mail stays in the queue.

I saw that too while configuring my first smtpd attempt (5.6-stable/sparc).
It made me realize that smtpd is still a young MTA.

> 
> Any pointers on how to proceed is appreciated, possibly including 
> cluesticks as of why the observed behaviour might be the proper one.

No, it is not proper behavior. As a store and forward system with
potentially 4-5 days between submission and delivery, any MTA needs
to be able to adapt in configuration changes across a long period.

I haven't tested the HEAD release yet and didn't found anything in
smptd and smtpctl manual page how to fix it in stable.

My guess is that you will have to resubmit them. Parse "smtpctl
show queue" output, pick field 1,5,6 and then refeed the output of
"smtpctl show message field1" to "sendmail -f field5 -- field6" for
each line. Then delete the stuck ones. (Yeah test that first.)


Good luck.

Hopefully it will get fixed.

Re: Major KDE4 problems

[Amit Kulkarni]

If you want the best KDE4 experience, use a more modern machine within the
last 3 years. AFAIK, Dell Optiplex GX 270 is atleast 8 years old. From
reading KDE blogs, some parts of KDE4 have switched to using the graphics
card for rendering using QML, and the CPU is fallback option. I don't see a
separate radeon or nvidia card in your dmesg, that inteldrm line might be
one of the ancient inbuilt Intel graphics. So the entire rendering load may
fall on your dog slow CPU.

You have less than 1 GB RAM which is very tough for KDE4. For KDE4 you will
have to follow this advice
http://www.openbsd.org/faq/upgrade56.html#Pkgup

Your best bet is to run KDE3 on this particular machine, or one of the
other slimmer desktop environment. I can recommend ede for a simple Windows
like experience.

On Thu, Nov 27, 2014 at 3:06 PM, Chris Bennett <
chrisbenn...@bennettconstruction.us> wrote:

> I haven't used any KDE in a long while but my Father uses it.
> I decided to install KDE4.
>
> It starts up very slowly. But only the widgets and settings menus show
> up. No startup programs bar, button, whatever shows up.
> Leave buttons fail. I can only get out with Ctrl-Alt-Backspace.
>
> Here is my dmesg and package list:
>
> OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF
> real mem  = 795836416 (758MB)
> avail mem = 770387968 (734MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: AT/286+ BIOS, date 06/26/06, BIOS32 rev. 0 @ 0xffe90,
> SMBIOS rev. 2.3 @ 0xf0450 (69 entries)
> bios0: vendor Dell Computer Corporation version "A07" date 06/26/2006
> bios0: Dell Computer Corporation OptiPlex GX270
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
> acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3)
> USB3(S3) PCI1(S5) KBD_(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
> ioapic0: misconfigured as apic 0, remapped to apid 1
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (PCI1)
> acpicpu0 at acpi0
> acpibtn0 at acpi0: VBTN
> bios0: ROM list: 0xc/0xa800 0xca800/0x1800!
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
> vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
> intagp0 at vga1
> agp0 at intagp0: aperture at 0xf000, size 0x800
> inteldrm0 at vga1
> drm0 at inteldrm0
> inteldrm0: 1680x1050
> wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1
> int 16
> uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1
> int 19
> uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1
> int 18
> uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1
> int 16
> ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1
> int 23
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
> ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
> pci1 at ppb0 bus 1
> ral0 at pci1 dev 7 function 0 "Ralink RT2561S" rev 0x00: apic 1 int 16,
> address 00:0c:0a:49:9c:98
> ral0: MAC/BBP RT2561C, RF RT2527
> em0 at pci1 dev 12 function 0 "Intel 82540EM" rev 0x02: apic 1 int 18,
> address 00:0d:56:81:e2:e6
> ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
> pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA,
> channel 0 configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom
> removable
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA,
> channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide1: using apic 1 int 18 for native-PCI interrupt
> ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic
> 1 int 17
> iic0 at ichiic0
> auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1
> int 17, ICH5 AC97
> ac97: codec id 0x41445374 (Analog Devices AD1981B)
> ac97: codec features headphone, 20 bit DAC, 

Re: Major KDE4 problems

[Stan Gammons]

On 11/27/14 15:06, Chris Bennett wrote:

I haven't used any KDE in a long while but my Father uses it.
I decided to install KDE4.

It starts up very slowly. But only the widgets and settings menus show
up. No startup programs bar, button, whatever shows up.
Leave buttons fail. I can only get out with Ctrl-Alt-Backspace.




I saw something to this on a Dell Latitude D630.  I can't say as this is 
the fix for you, but adding this to sysctl.conf seems to have fixed it 
for me


kern.shminfo.shmall=51200
kern.shminfo.shmmni=1024
kern.maxfiles=2

If you start kde from the command line, run the commands manually like 
this to see if kde starts ok.


sysctl kern.shminfo.shmall=51200
sysctl kern.shminfo.shmmni=1024
sysctl kern.maxfiles=2


Stan

Re: Confused about authpf real world usage

[Martin Hanson]

> Here is a case where you trust the machines, but do not trust Joe.  
> 
> Commonly, trusted servers are deployed on network segments that are
> separate from untrusted users - via Ethernet segments or VLANs.  It
> is also possible to use VPNs to provide functional separation of
> servers from users, if separate Ethernet tiers is not possible.

Sure, but in this case some users still needs access to these servers.

But I was thinking about have those servers logging into the
gateway/authpf via some boot script and then keeping that connection
open.

>> And what about other kinds of access? Now I get a brand new box in
>> that needs a fresh installation of some Linux distribution that we
>> install over HTTP. This new box doesn't come with a SSH console and
>> the install disk doesn't provide a console with SSH during
>> installation.

> The provisioning if performed on the untrusted network, would require 
> the distribution server to be accessible.  Simple enough with a pass
> rule to your organization's deployment server.
 
We don't run with a deployment server, but maybe this is one use case
in which all the different OS'es we use could be deployed over network
boot.

However, we do a lot of testing on many different distributions etc.,
but maybe in this particular case a isolated segment can be created.

Kind regards.

smtpd: mail stuck in queue

[Alexander Hall]

Hi,

I noticed a box of mine having had a misconfigured mail relay, resulting 
in lots of mail queuing up. Now, after fixing the configuration, new 
mail are properly sent.


However, it seems the invalid 'mta-relay' setting, as seen in the 
envelopes of the queued mail does not get revised while issuing 'smtpctl 
schedule ...'. Thus, the old mail stays in the queue.


Any pointers on how to proceed is appreciated, possibly including 
cluesticks as of why the observed behaviour might be the proper one.


/Alexander

Re: CUPS printer problems Yes!

[Duncan Patton a Campbell]

On Thu, 27 Nov 2014 14:53:05 -0700
Duncan Patton a Campbell  wrote:

> On Thu, 27 Nov 2014 14:27:56 -0700
> Duncan Patton a Campbell  wrote:
> 
> > cd /var/log
> > tar cf log.cups.1.tar
> > mv log.cups.1.tar /tmp/
> > cd /tmp
> > # l
> 
> Oi.  Cut'n'pasted from the wrong window...  
> the attached log.cups.2.tar.gz contains
> the complete record.. it was made after
> I noticed the foomatic(!bash) log.
> 
> Dhu
> 
> -- 
> Ne obliviscaris, vix ea nostra voco.

The kludge that killz (bugz;):

# cd /bin
# ln -s sh bash

And now my printer works!

Dhu

Thanks to all.  I wouldn't have got to this point
without Antoine killing some real bugs along the way.



-- 
Ne obliviscaris, vix ea nostra voco.

Major KDE4 problems

[Chris Bennett]

I haven't used any KDE in a long while but my Father uses it.
I decided to install KDE4.

It starts up very slowly. But only the widgets and settings menus show
up. No startup programs bar, button, whatever shows up.
Leave buttons fail. I can only get out with Ctrl-Alt-Backspace.

Here is my dmesg and package list:

OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF
real mem  = 795836416 (758MB)
avail mem = 770387968 (734MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/26/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS 
rev. 2.3 @ 0xf0450 (69 entries)
bios0: vendor Dell Computer Corporation version "A07" date 06/26/2006
bios0: Dell Computer Corporation OptiPlex GX270
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
PCI1(S5) KBD_(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xa800 0xca800/0x1800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1680x1050
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci1 at ppb0 bus 1
ral0 at pci1 dev 7 function 0 "Ralink RT2561S" rev 0x00: apic 1 int 16, address 
00:0c:0a:49:9c:98
ral0: MAC/BBP RT2561C, RF RT2527
em0 at pci1 dev 12 function 0 "Intel 82540EM" rev 0x02: apic 1 int 18, address 
00:0d:56:81:e2:e6
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 for native-PCI interrupt
ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic 1 int 
17
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1 int 
17, ICH5 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
umass0 at uhub0 port 1 configuration 1 interface 0 "Maxtor Corporation Maxtor 
3200" rev 2.00/77.f8 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd0 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed 
serial.0d493210602010029079
sd0: 95611MB, 512 bytes/sector, 195813072 sectors
uhidev0 at uhub4 port 1 configuration 1

Minor problem with vim, 5.6 release

[Chris Bennett]

Starting gvim, it complained that:
.local/share/recently-used.xbel did not exist, including the .local
directory. I created these and problem went away. Wht did I have to do
this manually?

OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF
real mem  = 795836416 (758MB)
avail mem = 770387968 (734MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/26/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS 
rev. 2.3 @ 0xf0450 (69 entries)
bios0: vendor Dell Computer Corporation version "A07" date 06/26/2006
bios0: Dell Computer Corporation OptiPlex GX270
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
PCI1(S5) KBD_(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xa800 0xca800/0x1800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1680x1050
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci1 at ppb0 bus 1
ral0 at pci1 dev 7 function 0 "Ralink RT2561S" rev 0x00: apic 1 int 16, address 
00:0c:0a:49:9c:98
ral0: MAC/BBP RT2561C, RF RT2527
em0 at pci1 dev 12 function 0 "Intel 82540EM" rev 0x02: apic 1 int 18, address 
00:0d:56:81:e2:e6
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 for native-PCI interrupt
ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic 1 int 
17
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1 int 
17, ICH5 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
umass0 at uhub0 port 1 configuration 1 interface 0 "Maxtor Corporation Maxtor 
3200" rev 2.00/77.f8 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd0 at scsibus2 targ 1 lun 0:  SCSI2 0/direct fixed 
serial.0d493210602010029079
sd0: 95611MB, 512 bytes/sector, 195813072 sectors
uhidev0 at uhub4 port 1 configuration 1 interface 0 "Logitech USB-PS/2 Optical 
Mouse" rev 2.00/18.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 6 buttons, Z dir
wsmo

firefox problem under 5.6 release

[Chris Bennett]

I can type in a URL, but afterwards it goes either all black or black 
and grey as a rectangular box. The other section in front of that area 
goes orange.

I get this under about:support

Graphics
Adapter Description Intel Open Source Technology Center -- Mesa DRI
Intel(R) 865G x86/MMX/SSE2
Device ID   Mesa DRI Intel(R) 865G x86/MMX/SSE2
Driver Version  1.3 Mesa 10.2.3
GPU Accelerated Windows 0/1 Basic Blocked for your graphics card because
of unresolved driver issues.
Vendor ID   Intel Open Source Technology Center
WebGL Renderer  Blocked for your graphics card because of unresolved
driver issues.
windowLayerManagerRemotefalse
AzureCanvasBackend  cairo
AzureContentBackend cairo
AzureFallbackCanvasBackend  none
AzureSkiaAccelerated0

I got errors like these:

error: [drm:pid8595:i915_get_vblank_timestamp] *ERROR* Invalid crtc 1,
until the dmesg would only show a small listing of these and nothing
else at all!

OpenBSD 5.6 (GENERIC) #274: Fri Aug  8 00:05:13 MDT 2014
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF
real mem  = 795836416 (758MB)
avail mem = 770387968 (734MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/26/06, BIOS32 rev. 0 @ 0xffe90, SMBIOS 
rev. 2.3 @ 0xf0450 (69 entries)
bios0: vendor Dell Computer Corporation version "A07" date 06/26/2006
bios0: Dell Computer Corporation OptiPlex GX270
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF!
acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
PCI1(S5) KBD_(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: VBTN
bios0: ROM list: 0xc/0xa800 0xca800/0x1800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82865G Host" rev 0x02
vga1 at pci0 dev 2 function 0 "Intel 82865G Video" rev 0x02
intagp0 at vga1
agp0 at intagp0: aperture at 0xf000, size 0x800
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1680x1050
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic 1 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci1 at ppb0 bus 1
ral0 at pci1 dev 7 function 0 "Ralink RT2561S" rev 0x00: apic 1 int 16, address 
00:0c:0a:49:9c:98
ral0: MAC/BBP RT2561C, RF RT2527
em0 at pci1 dev 12 function 0 "Intel 82540EM" rev 0x02: apic 1 int 18, address 
00:0d:56:81:e2:e6
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
pciide1 at pci0 dev 31 function 2 "Intel 82801EB SATA" rev 0x02: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 1 int 18 for native-PCI interrupt
ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02: apic 1 int 
17
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801EB/ER AC97" rev 0x02: apic 1 int 
17, ICH5 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma

Re: running rtsold on obsd 5.6 while also forwarding ipv6 traffic?

[Forman, Jeffrey]

On Wed, Nov 26, 2014 at 4:26 PM, Stefan Sperling  wrote:

> On Wed, Nov 26, 2014 at 04:05:42PM -0500, Forman, Jeffrey wrote:
> > How do I reconcile rtsold's requirement of not running on a router while
> > still attempting to provide IPv6 connectivity to hosts behind my OpenBSD
> > fw/router?
>
> There's http://tools.ietf.org/html/rfc7084 but it's not implemented by
> OpenBSD yet.
>
> For now, try to ignore the IPS's WAN prefix and route outgoing
> IPv6 traffic over link-local. This might work:
>
>route add -inet6 default -ifp em0 fe80::
>

I hadn't ever thought of this, as this is my first foray into IPv6 on any
level. This actually worked! Using ndp, I was able to set the IPv6 default
gateway for my connection to this address associated with my cable modem.
I'm trying to come up with ways to programmatically do such a thing and
launch it as the dhclient-script, but that is for another time.


>
> For incoming traffic you can assign an address from the LAN /64 on
> your router's internal interface and tell pf to make that address
> reachable from the internet.
>

Yes. The next part of this plan will be to provide connectivity to my LAN.
Thanks Stefan!

Confused about authpf real world usage

[Martin Hanson]

Hi

So I am looking into authpf and I am wondering about some real world
applications.

I have a bunch of users, but I also have just a bunch of machines.

The machines cannot login via SSH and should not try to do so (via some
script or otherwise). However, these machines needs access 24/7.

So I was thinking about fixing rules to those machines before any
anchors for users, but I cannot see how this provides any security at
all - and bear with me if I am overlooking something.

If say machine 192.168.0.2 and 192.168.0.3 needs unrestricted access to
the net, then wont it be as easy as "Joe" changing his machines IP
address to 192.168.0.2 to gain access without authentication?

And what about other kinds of access? Now I get a brand new box in that
needs a fresh installation of some Linux distribution that we install
over HTTP. This new box doesn't come with a SSH console and the install
disk doesn't provide a console with SSH during installation.

Then I am beginning to see signs of "network segmentation" in my head,
but that kindda makes authpf more or less useless then - unless I need
to grant different people different access on the same segment I can
just segment the entire net.

Anyway, I hope I make sense! :)

How do you use authpf in real life?

Kind regards.

Re: Poor disk performance

[David Unric]

Thanks for the quick answer !

ad 1) disabled AHCI in BIOS as the only available option
 OpenBSD now boots with hdd attached as wd0 device, UDMA mode 6 and
it did a significant improvement - unpacking finishes in about 6 minutes,
but still magnitude worse then in NetBSD.


ad 2) Not slowed down by terminal/console output. Tar command miss `-v'
argument as you may notice from my original post, so no stdout at all.


ad 3) bellow is the output from vmstat, when tested with AHCI disabled (see
par. 1)
interrupt   total rate
irq0/clock  58557  750
irq0/ipi 2521   32
irq144/acpi0   160
irq96/ppb0  00
irq97/inteldrm0 80
irq97/ehci0500
irq176/azalia0  10
irq98/ppb1  00
irq99/ppb2  00
irq112/re0  00
irq100/ppb3 00
irq101/ehci1   690
irq102/pciide0   8970  115
irq103/ichiic0  00
irq102/pciide1  00
irq145/pckbc0 2633
irq146/pckbc0 1401
Total   70595  905

irq0/clock interrupts count is constantly increasing during test. Is the
number too high ? Possible issue here ?


ad 4) apm was set to high, CPUs were running at max frequency 2 GHz (shown
by sysctl)


ad 5) partition mounted with rw, softdep and noatime options. I'm reluctant
to turn async option on, as it shouldn't be enabled for normal operation.


Take care.

On Thu, Nov 27, 2014 at 6:58 PM, Mike Larkin  wrote:

> On Thu, Nov 27, 2014 at 06:41:17PM +0100, David Unric wrote:
> > Here is a full dmesg output if you think it would help:
>
> Next steps I would try.
>
> 1. If you really wanted to verify this is a wd vs sd issue, you can usually
> change the SATA controller mode in the BIOS to IDE instead of AHCI. As long
> as you used DUIDs in fstab, the kernel should be able to find that you
> moved from sd -> wd. I don't think you're going to find much here, but
> worth
> a try, I guess.
>
> 2. Are you unpacking this at the console? in X? I've sometimes seen console
> output scrolling cause lots of delays. Try unpacking it and redirecting the
> output to /dev/null and see if that helps.
>
> 3. vmstat -zi during unpack and systat vm 1 can help you identify what's
> going on sometimes as well.
>
> 4. make sure apm is set to high performance (apmd, apm -H)
>
> 5. make sure you aren't doing something obvious like mounting the
> filesystem
> as 'sync', etc.
>
> Your machine has hardware that is pretty similar to what many of us have
> ,so I
> doubt this is some systemic problem and likely an issue either with your
> machine
> specifically or the way you are doing your test.
>
> -ml
>
> >
> > OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 6333923328 (6040MB)
> > avail mem = 6156533760 (5871MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
> > bios0: vendor American Megatrends Inc. version "13HX.M038.20110729.SSH"
> > date 07/29/2011
> > bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP APIC HPET SLIC MCFG SSDT SSDT SSDT SSDT
> > acpi0: wakeup devices USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3)
> USB6(S3)
> > USB7(S3) RP01(S3) RP04(S4) PEGA(S4) PWRB(S5)
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.80 MHz
> > cpu0:
> >
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> >
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> >
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> > SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 99MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> > cpu1:
> >
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> >
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> >
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> > SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt

Re: Confused about authpf real world usage

[Josh Grosse]

On Thu, Nov 27, 2014 at 05:09:02PM +0100, Martin Hanson wrote:
> Hi
> 
> So I am looking into authpf and I am wondering about some real world
> applications.
> 
> I have a bunch of users, but I also have just a bunch of machines.
> 
> The machines cannot login via SSH and should not try to do so (via some
> script or otherwise). However, these machines needs access 24/7.
> 
> So I was thinking about fixing rules to those machines before any
> anchors for users, but I cannot see how this provides any security at
> all - and bear with me if I am overlooking something.
> 
> If say machine 192.168.0.2 and 192.168.0.3 needs unrestricted access to
> the net, then wont it be as easy as "Joe" changing his machines IP
> address to 192.168.0.2 to gain access without authentication?

Here is a case where you trust the machines, but do not trust Joe.  

Commonly, trusted servers are deployed on network segments that are
separate from untrusted users - via Ethernet segments or VLANs.  It is
also possible to use VPNs to provide functional separation of servers
from users, if separate Ethernet tiers is not possible.

> And what about other kinds of access? Now I get a brand new box in that
> needs a fresh installation of some Linux distribution that we install
> over HTTP. This new box doesn't come with a SSH console and the install
> disk doesn't provide a console with SSH during installation.

The provisioning if performed on the untrusted network, would require 
the distribution server to be accessible.  Simple enough with a pass
rule to your organization's deployment server.
 
> Then I am beginning to see signs of "network segmentation" in my head,
> but that kindda makes authpf more or less useless then - unless I need
> to grant different people different access on the same segment I can
> just segment the entire net.
> 
> Anyway, I hope I make sense! :)
> 
> How do you use authpf in real life?
> 
> Kind regards.

Re: Poor disk performance

[Alexander Hall]

The obvious issue is that the computer lacks a CPU. Given that, I'd say those 
numbers are pretty impressive.

/Alexander

On November 27, 2014 6:27:08 PM CET, Mike Larkin  wrote:
>On Thu, Nov 27, 2014 at 06:04:46PM +0100, David Unric wrote:
>> Bellow are relevant rows of dmesg output:
>
>And here is the relevant part of a solution:
>
>
>
>
>
>What do you think? Helpful, huh?
>
>Next time please provide a complete dmesg. There is a reason he didn't 
>ask you to parse it yourself. There are other things we look for.
>Without
>the full report, we can't see if you have conflicts, etc.
>
>-ml
>
>> 
>>  snip
>>
>--
>> OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
>>
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
>> bios0: vendor American Megatrends Inc. version
>"13HX.M038.20110729.SSH"
>> date 07/29/2011
>> bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
>> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
>> pci0 at mainbus0 bus 0
>> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
>> pcib0 at pci0 dev 31 function 0 "Intel HM65 LPC" rev 0x04
>> ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi,
>AHCI
>> 1.3
>> scsibus1 at ahci0: 32 targets
>> sd0 at scsibus1 targ 0 lun 0:  SCSI3
>0/direct
>> fixed naa.5000cca63fc2c8ee
>> sd0: 715404MB, 512 bytes/sector, 1465149168 sectors
>> cd0 at scsibus1 targ 2 lun 0:  ATAPI
>> 5/cdrom removable
>> ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04:
>apic 2
>> int 18
>> iic0 at ichiic0
>> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM
>> spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
>> isa0 at pcib0
>> isadma0 at isa0
>> vscsi0 at root
>> scsibus2 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus3 at softraid0: 256 targets
>> root on sd0a (60b75564032edafa.a) swap on sd0b dump on sd0b
>>  snip
>>
>--
>> 
>> Thanks.
>> 
>> On Thu, Nov 27, 2014 at 5:01 PM, Brad Smith 
>wrote:
>> 
>> > On 11/27/14 10:57, David Unric wrote:
>> >
>> >> Hello,
>> >>
>> >> I'd like to figure out what causes very low performance of disk
>operations
>> >> on my laptop.
>> >>
>> >> I've tested it by unpacking gzipped tar archive (
>> >> http://ftp.heanet.ie/pub/OpenBSD/5.6/src.tar.gz) about 125 MiB
>big.
>> >> On the same machine, not cached, various results by operating
>system:
>> >>
>> >> NetBSD 6.1.522 secs
>> >> Linux 3.14.228 secs
>> >> OpenBSD 5.6 aborted after 10 minutes as still not finished
>> >>
>> >> Unpacking was done with `tar xzf src.tar.gz', even tried on
>uncompressed
>> >> src.tar but roughly same results.
>> >>
>> >> By comparing with more similar NetBSD I've found the SATA disk is
>attached
>> >> differently:
>> >>   -  in OpenBSD detected as SCSI, `sd' driver used, no sign of
>Ultra-DMA
>> >> access
>> >>   -  in NetBSD detected as (SATA) IDE, `wd' driver used, UDMA/133
>> >> activated
>> >>
>> >> I've tried mount the partition with softdeps and noatime options,
>but
>> >> that's only a slight improvement.
>> >>
>> >> Any idea how to fix this issue (like forcing use of wd?) or I'm
>out of
>> >> luck
>> >> and my 750GB Hitachi SATA IDE is unsupported in OpenBSD and no
>generic
>> >> driver can be used ?
>> >>
>> >
>> > Reply with the output of dmesg to the list as a start.
>> >
>> > --
>> > This message has been scanned for viruses and
>> > dangerous content by MailScanner, and is
>> > believed to be clean.

Re: making firefox less insecure

[Martin Brandenburg]

Jonathan Thornburg  wrote:

> Summary
> ---
> As described in another thread
> (),
> I'm trying to run firefox as a non-privileged user _firefox, talking
> to my X server (no Xephyr yet) via an ssh tunnel.  But I've discovered
> a serious flaw in this scheme: cut-n-paste is completely broken.  In
> fact, it looks like cut-n-paste from any X client with a diferent
> uid/gid than the X server is broken. :(
> 
> My basic question is, is there any way to fix this?

This is the point, of course, that the client cannot communicate with
the host X server. It's not just from a different uid. I think the
easiest solution would be to write a script which you can run in a host
xterm "ffpaste ..." which makes ... the clipboard in the Xephyr window.
Of course you could probably also write a script to sync the clipboard
automatically (and in fact this is the top result for a Google search
"Xephyr copy paste"), but perhaps this would default the purpose of
running Firefox in a different X server.

Oh I'm sorry, I read that wrong. If you use Xephyr the clients cannot
communicate clipboards (of course they can communicate otherwise if they
are running as the same user). The above is right for a client in
Xephyr.

I can, however, paste into an X client running on another machine in the
same X server. I don't have a local SSH server and didn't try that, but
I fail to see why that shouldn't work since it goes over the network 
irregardless of what user the process runs as. But that X client can
talk to all the other X clients on this server and that defeats the
whole point of all this.

A note however: it would be very nice if Firefox would fork, chroot, and
drop privileges on the renderer. Perhaps I shouldn't say this without
having Mozilla's opinion on such a scheme, but Mozilla seems more
interested in shiny redesigns. As Theo said to your inquiry about a
secure image viewer, such behavior is rare outside OpenBSD.

> 
> 
> 
> Details:
> ---
> 
> Lenovo Thinkpad T60, 3GB RAM + 6GB swap.  Fresh install of OpenBSD 5.6
> from the CD, updated to -stable as of 2014-11-19.  My usual login is
> in login class staff, for which I've edited /etc/login.conf to set the
> memoryuse, datasize, and stacksize limits (all both -cur and -max) to
> 'infinity', so there should be enough memory for firefox to run ok.
> 
> I use twm(1) as my window manager.  firefox is the 5.6 package, but
> I've renamed the binary:
> 
> # cd /usr/local/bin; mv firefox firefox.bin
> 
> I used adduser(8) to create a new unpriviliged user _firefox,
> group _firefox, no other group memberships, login class staff.
> I've set up ssh authentication so I can ssh to _firefox.
> 
> Now, in an xterm, call it xterm #1:
> % ssh -X -i $HOME/.ssh/firefox_id_rsa _firefox@localhost
> 
> This gives me a shell (in that same xterm #1) running as uid/gid
> _firefox, with ssh proxying and tunneling X back to my X server.
> (I'm not using Xephyr(1) at this point.)
> 
> Now, in the _firefox shell,
> 
> $ firefox.bin &
> 
> I get a a couple of warning messages that the ssh proxy/tunnel is
> lacking some X protocol extensions
> 
> Xlib:  extension "RANDR" missing on display "localhost:10.0".
> Xlib:  extension "MIT-SHM" missing on display "localhost:10.0".
> 
> but then firefox starts and runs fine.
> 
> Now suppose I try to cut-n-paste some text from the firefox window to
> (say) a vi (in insert mode) which is running in some other xterm window
> (call this one xterm #2).  [For twm, 'cut-n-paste' means double- or
> triple-left-click to select, then middle-click to paste.]  This goes
> badly awry:
> * the cut appears to work normally (text is highlighted)
> * the paste appears to be a no-op, ... but
> * a few seconds later, the target xterm window (#2) disappears (and
>   the vi and xterm processes are gone)
> 
> 
> 
> To see if this is a firefox issue, or a more generic problem with
> cut-n-paste between X clients running with different uid/gid, I tried
> starting an xterm instead of a firefox process.  That is, from the
> _firefox shell, I typed
> 
> $ xterm &
> 
> and in the newly-started xterm (call it xterm #3) typed a few commands
> to put some text on the screen
> 
> $ echo hello world
> hello world
> $ banner hello
> 
>  ##  ##  #   #
>  ##  #   #   #   ##
>  ##  #   #   #   ##
>  ##  #   #   #   ##
>  ##  #   #   #   ##
>  ##  ##  ##  ##   
> 
> $
> 
> then I tried to cut-n-paste the banner 'hello' text from xterm #3
> into somewhere else.
> 
> The result was that the cut operation killed the xterm #3 window, with
> the following X error message displayed back in the _firefox shell
> running in xterm #1:
> 
> $ xterm &
> [1] 25801
> $ xterm: warning, error event received:
> X Error of failed request:  BadAccess (attempt to access private resource 
> denied)
>   Major opcode of failed request: 

Re: Poor disk performance

[Mike Larkin]

On Thu, Nov 27, 2014 at 06:41:17PM +0100, David Unric wrote:
> Here is a full dmesg output if you think it would help:

Next steps I would try.

1. If you really wanted to verify this is a wd vs sd issue, you can usually
change the SATA controller mode in the BIOS to IDE instead of AHCI. As long
as you used DUIDs in fstab, the kernel should be able to find that you
moved from sd -> wd. I don't think you're going to find much here, but worth
a try, I guess.

2. Are you unpacking this at the console? in X? I've sometimes seen console
output scrolling cause lots of delays. Try unpacking it and redirecting the
output to /dev/null and see if that helps.

3. vmstat -zi during unpack and systat vm 1 can help you identify what's
going on sometimes as well.

4. make sure apm is set to high performance (apmd, apm -H)

5. make sure you aren't doing something obvious like mounting the filesystem
as 'sync', etc.

Your machine has hardware that is pretty similar to what many of us have ,so I
doubt this is some systemic problem and likely an issue either with your machine
specifically or the way you are doing your test.

-ml

> 
> OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 6333923328 (6040MB)
> avail mem = 6156533760 (5871MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
> bios0: vendor American Megatrends Inc. version "13HX.M038.20110729.SSH"
> date 07/29/2011
> bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC HPET SLIC MCFG SSDT SSDT SSDT SSDT
> acpi0: wakeup devices USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3)
> USB7(S3) RP01(S3) RP04(S4) PEGA(S4) PWRB(S5)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.80 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 0, core 3, package 0
> cpu4 at mainbus0: apid 1 (application processor)
> cpu4: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu4:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu4: 256KB 64b/line 8-way L2 cache
> cpu4: smt 1, core 0, package 0
> cpu5 at mainbus0: apid 3 (application processor)
> cpu5: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
> cpu5:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
> SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
> cpu5: 256KB 64b/line 8-way L2 cache
> cpu5: smt 1, core 1, package 0
> cpu6 at mainbus0: apid 5 (application processor)
> cpu6: Intel(R) Core(TM) i7-26

Re: incomplete FTP mirrors

[Nick Holland]

On 11/27/14 08:50, Lars wrote:
> Hi,
> 
> I am not sure how and where to address this properly.
> 
> The European mirrors:
> http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/
> http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/
> 
> are incomplete in terms of packages for the 5.6 release.
> 
> http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.6/ only has packages for 
> software from "a to f" while http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/ 
> is completely missing the "packages" folder.
> 
> I just wanted to give a heads-up here.
> 
> Thanks
> 
> Lars
> 

Looks like something went wrong with the distribution system, causing
massive deletions.  It has been fixed, but the refill process is slow
(150+G x lots of mirrors...)

Nick.
(glad to see it WASN'T his fault this time)

Re: Poor disk performance

[David Unric]

Here is a full dmesg output if you think it would help:

OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6333923328 (6040MB)
avail mem = 6156533760 (5871MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
bios0: vendor American Megatrends Inc. version "13HX.M038.20110729.SSH"
date 07/29/2011
bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC HPET SLIC MCFG SSDT SSDT SSDT SSDT
acpi0: wakeup devices USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3)
USB7(S3) RP01(S3) RP04(S4) PEGA(S4) PWRB(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.80 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 1, core 2, package 0
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz
cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,X
SAVE,AVX,NXE,LONG,LAHF,PERF,ITSC
cpu7: 256KB 64b/line 8-way L2 cache
cpu7: smt 1, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 3 (RP04)
acpiprt6 at acpi0: bus 4 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt

Re: making firefox less insecure

[Jonathan Thornburg]

In message ,
I wrote
> [For twm, 'cut-n-paste' means double- or
> triple-left-click to select, then middle-click to paste.]

Oops, that's wrong -- there are also other ways to select in twm.
The distinction between different ways of selecting is irrelevant here,
so what I should have written was

  [For twm, 'cut-n-paste' means select the text to be cut
  in the source window, then middle-click in the destination
  window to paste.]

Sorry for the confusion,

-- 
-- Jonathan Thornburg 
   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

Re: Poor disk performance

[Mike Larkin]

On Thu, Nov 27, 2014 at 06:04:46PM +0100, David Unric wrote:
> Bellow are relevant rows of dmesg output:

And here is the relevant part of a solution:





What do you think? Helpful, huh?

Next time please provide a complete dmesg. There is a reason he didn't 
ask you to parse it yourself. There are other things we look for. Without
the full report, we can't see if you have conflicts, etc.

-ml

> 
>  snip
> --
> OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
> bios0: vendor American Megatrends Inc. version "13HX.M038.20110729.SSH"
> date 07/29/2011
> bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
> pcib0 at pci0 dev 31 function 0 "Intel HM65 LPC" rev 0x04
> ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI
> 1.3
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct
> fixed naa.5000cca63fc2c8ee
> sd0: 715404MB, 512 bytes/sector, 1465149168 sectors
> cd0 at scsibus1 targ 2 lun 0:  ATAPI
> 5/cdrom removable
> ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2
> int 18
> iic0 at ichiic0
> spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM
> spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
> isa0 at pcib0
> isadma0 at isa0
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on sd0a (60b75564032edafa.a) swap on sd0b dump on sd0b
>  snip
> --
> 
> Thanks.
> 
> On Thu, Nov 27, 2014 at 5:01 PM, Brad Smith  wrote:
> 
> > On 11/27/14 10:57, David Unric wrote:
> >
> >> Hello,
> >>
> >> I'd like to figure out what causes very low performance of disk operations
> >> on my laptop.
> >>
> >> I've tested it by unpacking gzipped tar archive (
> >> http://ftp.heanet.ie/pub/OpenBSD/5.6/src.tar.gz) about 125 MiB big.
> >> On the same machine, not cached, various results by operating system:
> >>
> >> NetBSD 6.1.522 secs
> >> Linux 3.14.228 secs
> >> OpenBSD 5.6 aborted after 10 minutes as still not finished
> >>
> >> Unpacking was done with `tar xzf src.tar.gz', even tried on uncompressed
> >> src.tar but roughly same results.
> >>
> >> By comparing with more similar NetBSD I've found the SATA disk is attached
> >> differently:
> >>   -  in OpenBSD detected as SCSI, `sd' driver used, no sign of Ultra-DMA
> >> access
> >>   -  in NetBSD detected as (SATA) IDE, `wd' driver used, UDMA/133
> >> activated
> >>
> >> I've tried mount the partition with softdeps and noatime options, but
> >> that's only a slight improvement.
> >>
> >> Any idea how to fix this issue (like forcing use of wd?) or I'm out of
> >> luck
> >> and my 750GB Hitachi SATA IDE is unsupported in OpenBSD and no generic
> >> driver can be used ?
> >>
> >
> > Reply with the output of dmesg to the list as a start.
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.

Re: Poor disk performance

[David Unric]

Bellow are relevant rows of dmesg output:

 snip
--
OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xea450 (94 entries)
bios0: vendor American Megatrends Inc. version "13HX.M038.20110729.SSH"
date 07/29/2011
bios0: SAMSUNG ELECTRONICS CO., LTD. RF511/RF411/RF711
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
pcib0 at pci0 dev 31 function 0 "Intel HM65 LPC" rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 6 Series AHCI" rev 0x04: msi, AHCI
1.3
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct
fixed naa.5000cca63fc2c8ee
sd0: 715404MB, 512 bytes/sector, 1465149168 sectors
cd0 at scsibus1 targ 2 lun 0:  ATAPI
5/cdrom removable
ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 2
int 18
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 SO-DIMM
spdmem1 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600 SO-DIMM
isa0 at pcib0
isadma0 at isa0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (60b75564032edafa.a) swap on sd0b dump on sd0b
 snip
--

Thanks.

On Thu, Nov 27, 2014 at 5:01 PM, Brad Smith  wrote:

> On 11/27/14 10:57, David Unric wrote:
>
>> Hello,
>>
>> I'd like to figure out what causes very low performance of disk operations
>> on my laptop.
>>
>> I've tested it by unpacking gzipped tar archive (
>> http://ftp.heanet.ie/pub/OpenBSD/5.6/src.tar.gz) about 125 MiB big.
>> On the same machine, not cached, various results by operating system:
>>
>> NetBSD 6.1.522 secs
>> Linux 3.14.228 secs
>> OpenBSD 5.6 aborted after 10 minutes as still not finished
>>
>> Unpacking was done with `tar xzf src.tar.gz', even tried on uncompressed
>> src.tar but roughly same results.
>>
>> By comparing with more similar NetBSD I've found the SATA disk is attached
>> differently:
>>   -  in OpenBSD detected as SCSI, `sd' driver used, no sign of Ultra-DMA
>> access
>>   -  in NetBSD detected as (SATA) IDE, `wd' driver used, UDMA/133
>> activated
>>
>> I've tried mount the partition with softdeps and noatime options, but
>> that's only a slight improvement.
>>
>> Any idea how to fix this issue (like forcing use of wd?) or I'm out of
>> luck
>> and my 750GB Hitachi SATA IDE is unsupported in OpenBSD and no generic
>> driver can be used ?
>>
>
> Reply with the output of dmesg to the list as a start.
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.

Re: Poor disk performance

[Brad Smith]

On 11/27/14 10:57, David Unric wrote:

Hello,

I'd like to figure out what causes very low performance of disk operations
on my laptop.

I've tested it by unpacking gzipped tar archive (
http://ftp.heanet.ie/pub/OpenBSD/5.6/src.tar.gz) about 125 MiB big.
On the same machine, not cached, various results by operating system:

NetBSD 6.1.522 secs
Linux 3.14.228 secs
OpenBSD 5.6 aborted after 10 minutes as still not finished

Unpacking was done with `tar xzf src.tar.gz', even tried on uncompressed
src.tar but roughly same results.

By comparing with more similar NetBSD I've found the SATA disk is attached
differently:
  -  in OpenBSD detected as SCSI, `sd' driver used, no sign of Ultra-DMA
access
  -  in NetBSD detected as (SATA) IDE, `wd' driver used, UDMA/133 activated

I've tried mount the partition with softdeps and noatime options, but
that's only a slight improvement.

Any idea how to fix this issue (like forcing use of wd?) or I'm out of luck
and my 750GB Hitachi SATA IDE is unsupported in OpenBSD and no generic
driver can be used ?


Reply with the output of dmesg to the list as a start.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Poor disk performance

[David Unric]

Hello,

I'd like to figure out what causes very low performance of disk operations
on my laptop.

I've tested it by unpacking gzipped tar archive (
http://ftp.heanet.ie/pub/OpenBSD/5.6/src.tar.gz) about 125 MiB big.
On the same machine, not cached, various results by operating system:

NetBSD 6.1.522 secs
Linux 3.14.228 secs
OpenBSD 5.6 aborted after 10 minutes as still not finished

Unpacking was done with `tar xzf src.tar.gz', even tried on uncompressed
src.tar but roughly same results.

By comparing with more similar NetBSD I've found the SATA disk is attached
differently:
 -  in OpenBSD detected as SCSI, `sd' driver used, no sign of Ultra-DMA
access
 -  in NetBSD detected as (SATA) IDE, `wd' driver used, UDMA/133 activated

I've tried mount the partition with softdeps and noatime options, but
that's only a slight improvement.

Any idea how to fix this issue (like forcing use of wd?) or I'm out of luck
and my 750GB Hitachi SATA IDE is unsupported in OpenBSD and no generic
driver can be used ?

Thank

Re: making firefox less insecure

[Jonathan Thornburg]

Summary
---
As described in another thread
(),
I'm trying to run firefox as a non-privileged user _firefox, talking
to my X server (no Xephyr yet) via an ssh tunnel.  But I've discovered
a serious flaw in this scheme: cut-n-paste is completely broken.  In
fact, it looks like cut-n-paste from any X client with a diferent
uid/gid than the X server is broken. :(

My basic question is, is there any way to fix this?



Details:
---

Lenovo Thinkpad T60, 3GB RAM + 6GB swap.  Fresh install of OpenBSD 5.6
from the CD, updated to -stable as of 2014-11-19.  My usual login is
in login class staff, for which I've edited /etc/login.conf to set the
memoryuse, datasize, and stacksize limits (all both -cur and -max) to
'infinity', so there should be enough memory for firefox to run ok.

I use twm(1) as my window manager.  firefox is the 5.6 package, but
I've renamed the binary:

# cd /usr/local/bin; mv firefox firefox.bin

I used adduser(8) to create a new unpriviliged user _firefox,
group _firefox, no other group memberships, login class staff.
I've set up ssh authentication so I can ssh to _firefox.

Now, in an xterm, call it xterm #1:
% ssh -X -i $HOME/.ssh/firefox_id_rsa _firefox@localhost

This gives me a shell (in that same xterm #1) running as uid/gid
_firefox, with ssh proxying and tunneling X back to my X server.
(I'm not using Xephyr(1) at this point.)

Now, in the _firefox shell,

$ firefox.bin &

I get a a couple of warning messages that the ssh proxy/tunnel is
lacking some X protocol extensions

Xlib:  extension "RANDR" missing on display "localhost:10.0".
Xlib:  extension "MIT-SHM" missing on display "localhost:10.0".

but then firefox starts and runs fine.

Now suppose I try to cut-n-paste some text from the firefox window to
(say) a vi (in insert mode) which is running in some other xterm window
(call this one xterm #2).  [For twm, 'cut-n-paste' means double- or
triple-left-click to select, then middle-click to paste.]  This goes
badly awry:
* the cut appears to work normally (text is highlighted)
* the paste appears to be a no-op, ... but
* a few seconds later, the target xterm window (#2) disappears (and
  the vi and xterm processes are gone)



To see if this is a firefox issue, or a more generic problem with
cut-n-paste between X clients running with different uid/gid, I tried
starting an xterm instead of a firefox process.  That is, from the
_firefox shell, I typed

$ xterm &

and in the newly-started xterm (call it xterm #3) typed a few commands
to put some text on the screen

$ echo hello world
hello world
$ banner hello

 ##  ##  #   #
 ##  #   #   #   ##
 ##  #   #   #   ##
 ##  #   #   #   ##
 ##  #   #   #   ##
 ##  ##  ##  ##   

$

then I tried to cut-n-paste the banner 'hello' text from xterm #3
into somewhere else.

The result was that the cut operation killed the xterm #3 window, with
the following X error message displayed back in the _firefox shell
running in xterm #1:

$ xterm &
[1] 25801
$ xterm: warning, error event received:
X Error of failed request:  BadAccess (attempt to access private resource 
denied)
  Major opcode of failed request:  18 (X_ChangeProperty)
  Serial number of failed request:  599
  Current serial number in output stream:  600

[1] + Done (83)xterm 
$

(Interestingly, I had no problem cut-n-pasting that error text from
xterm #1 into a vi (in insert mode) over in still another xterm window.



What I conclude from all of this is that (apparently) my window manager
and/or X server have noticed that {firefox, xterm #3} are running as
uid/gid _firefox/_firefox, while my {window manager, X server} have my
usual (different) uid/gid, so the cut-n-paste attempt (indeed, the cut
itself, judging by the xterm error message) is blocked.

So... questions:
* is this indeed what's going on?
* it's been a long time since I tried cut-n-paste from a 'remote'
  window; is this what usually happens [I'll try some tests...]?
* what piece of software is enforcing this security policy?
  (once I find that out, then I can investigate if/how the policy
  might be configured to be more suitable to my needs)
* given my underlying goal of trying to exploit-mitigate firefox
  (),
  what other options are there for handling cut-n-paste?
  (Maybe xcutsel(1) and/or xclipboard(1) would be useful here?)

ciao,

-- 
-- "Jonathan Thornburg [remove -animal to reply]" 

   Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

Re: sensorsd, upd, and state changes

[Joe Gidi]

I just spent some more time poking at this and I'm still unable to get
sensorsd to recognize upd state changes. This is a bit of a frustrating
regression from my point of view, since I can no longer use apcupsd unless
I disable uhidev in the kernel.

Does anyone have a working example configuration for sensorsd/upd?

Thanks,

On Sun, November 23, 2014 11:51 am, Marcus MERIGHI wrote:
> j...@entropicblur.com (Joe Gidi), 2014.11.23 (Sun) 17:19 (CET):
>> Just after I sent this, I happened to notice these lines in
>> /var/log/messages. These came from the tests with the "low=1:high=2"
>> attributes set in sensorsd.conf per the Undeadly example.
>>
>> Nov 23 10:58:08 microserver sensorsd[6250]: upd0.indicator2: exceeds
>> limits: On is below On
>> Nov 23 10:59:54 microserver sensorsd[12047]: upd0.indicator2: exceeds
>> limits: On is below On
>> Nov 23 11:07:00 microserver sensorsd[27413]: upd0.indicator0: exceeds
>> limits: On is below On
>
> As I had just copied the undeadly example as-is to my sensorsd.conf I
> did receive the e-mail (i.e. command= worked). It was a false positive,
> though, as no one had pulled the plug. Did you really pull the plug or
> was yours a false positive, too?
>
> Bye, Marcus
>
>> On Sun, November 23, 2014 11:15 am, Joe Gidi wrote:
>> > Hi Marcus,
>> >
>> > Thanks for the reply. Unfortunately, the "low=1:high=2" doesn't seem
>> to
>> > work for indicator2. When I start sensorsd I see an initial event
>> logged
>> > as the status goes from undefined to OK, but no further events as I
>> > unplug/plug the UPS. I tried monitoring indicator0 as in the Undeadly
>> > example, and I see exactly the same behavior.
>> >
>> > It appears to me that the driver should be changing the status (%s
>> token)
>> > of the indicators to something other than "OK" when the UPS loses
>> mains
>> > power, but it simply doesn't.
>> >
>> > BTW, I've tested with various check interval values for sensorsd, from
>> the
>> > default 20 seconds down to as low as 1 second, with no change in
>> results.
>> >
>> > Is anyone successfully using sensorsd with upd?
>> >
>> > Thanks,
>> >
>> > Joe
>> >
>> > On Sun, November 23, 2014 4:13 am, Marcus MERIGHI wrote:
>> >> j...@entropicblur.com (Joe Gidi), 2014.11.23 (Sun) 01:22 (CET):
>> >>> I'm running OpenBSD 5.6/amd64 on my fileserver. It has an APC UPS
>> that
>> >>> was
>> >>> previously managed with apcupsd. Since I upgraded to 5.6, the UPS
>> now
>> >>> attaches as a upd device:
>> >>>
>> >>> $ dmesg | grep uhidev3
>> >>> uhidev3 at uhub3 port 5 configuration 1 interface 0 "APC Back-UPS ES
>> >>> 450
>> >>> FW:844.K2 .D USB FW:K2" rev 1.10/1.06 addr 2
>> >>> uhidev3: iclass 3/0, 123 report ids
>> >>> upd0 at uhidev3
>> >>>
>> >>> And it reports sensible values in hw.sensors:
>> >>> $ sysctl hw.sensors.upd0
>> >>> hw.sensors.upd0.indicator0=On (Charging), OK
>> >>> hw.sensors.upd0.indicator1=Off (Discharging), OK
>> >>> hw.sensors.upd0.indicator2=On (ACPresent), OK
>> >>> hw.sensors.upd0.indicator3=On (BatteryPresent), OK
>> >>> hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
>> >>> hw.sensors.upd0.percent0=79.00% (RemainingCapacity), OK
>> >>> hw.sensors.upd0.percent1=100.00% (FullChargeCapacity), OK
>> >>>
>> >>> So far, so good. Now, I'd like to configure sensorsd to monitor the
>> >>> device
>> >>> and invoke a script when the power goes out. I have this line in
>> >>> sensorsd.conf:
>> >>>
>> >>> hw.sensors.upd0.indicator2:command=/etc/sensorsd/ups.sh %s %2
>> >>>
>> >>> The ups.sh script currently just echoes the token values that it's
>> >>> passed
>> >>> to a log file.
>> >>>
>> >>> The issue I'm running into is this: the status of the sensors seems
>> to
>> >>> always be "OK", even when their state changes. I can unplug the UPS
>> >>> from
>> >>> the wall and then I see this:
>> >>>
>> >>> hw.sensors.upd0.indicator0=Off (Charging), OK
>> >>> hw.sensors.upd0.indicator1=On (Discharging), OK
>> >>> hw.sensors.upd0.indicator2=Off (ACPresent), OK
>> >>> hw.sensors.upd0.indicator3=On (BatteryPresent), OK
>> >>> hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
>> >>> hw.sensors.upd0.percent0=76.00% (RemainingCapacity), OK
>> >>> hw.sensors.upd0.percent1=100.00% (FullChargeCapacity), OK
>> >>>
>> >>> We're not charging, we're discharging, AC power is not present, but
>> >>> none
>> >>> of the status indicators (the %s token) ever leaves the "OK" state.
>> As
>> >>> I
>> >>> understand it, that lack of state change results in sensorsd doing
>> >>> nothing, even though the sensor's value (the %2 token, On/Off)
>> changes.
>> >>>
>> >>> Can anyone clue me in? I feel like I must be missing something silly
>> >>> and
>> >>> obvious here.
>> >>
>> >> see here: http://undeadly.org/cgi?action=article&sid=20140320093943
>> >>
>> >> ``hw.sensors.upd0.indicator0:low=1:high=2:command=echo "who turned %2
>> \
>> >>   the lights?" | mail -s "power sensors" root''
>> >>
>> >> the trick seems to be to specify "low=1:high=2". I suppose that works
>> >> for indicator2, too.

Re: libxmmsmad.so: undefined symbol '__guard_local'

[Christian Weisgerber]

On 2014-11-27, Maximilian Pichler  wrote:

> By the way, I also get:
> xmms:/usr/local/lib/xmms/Input/libxmmstremor.so: undefined symbol
> '__guard_local'

Thanks.  I already found and fixed this right after xmms-mad by
grepping the build logs of all XMMS plug-ins for "-nostdlib".

>> As a simple workaround, remove the xmms-mad package and install
>> xmms-mp3 instead.
>
> That worked, thanks! (And installing xmms-faad also proved helpful for
> playing AAC files.)

xmms-mad and xmms-tremor are of limited interest.  As fixed-point
decoders they are useful if your CPU doesn't have floating-point
hardware, i.e., ARM.  Otherwise just use xmms-mp3 and xmms-vorbis.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: incomplete FTP mirrors

[bodie]

On 27.11.2014 14:51, Lars wrote:

Hi,

I am not sure how and where to address this properly.

The European mirrors:
http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/
http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/

are incomplete in terms of packages for the 5.6 release.


They don't have them for snapshots either and they are not alone in 
that (for example this one 
http://mirror.steadynet.cz/pub/OpenBSD/snapshots/ )


I thought it may be because of some special build run, but it's already 
at least 2 days like that so it must be something else.




http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.6/ only has packages for
software from "a to f" while
http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/ is completely missing the
"packages" folder.

I just wanted to give a heads-up here.

Thanks

Lars

Re: Patch 009_httpd.patch did not apply cleanly

[Raimo Niskanen]

On Tue, Nov 25, 2014 at 11:45:26AM -0500, trondd wrote:
> I had noticed the same thing.  The src tarball on the CD is different from
> the tarball on the mirrors.  I had taken a quick look and it was just
> whitespace differences that I saw.
> 
> Tim.

I have investigated more now, and it sure seems as the 5.6 CD src.tar.gz
does not have the same content as the download site's 5.6 src.tar.gz
(besides sys.tar.gz, of course).  Some parts of patch 009 (on httpd)
were already present in my source tree which is the CD src.tar.gz.

But on the downloadable 5.6 src.tar.gz patch 009 did apply cleanly.

That suggests that the CD src.tar.gz is a slightly later src tree then the
downloadable src.tar.gz.  I have not compared both trees in full,
only ./usr.sbin/httpd.

And yes, I have checked the signatures and SHA sums for both tarballs
against the pub key installed by the 5.6 CD set.

I have also learned to use the -C flag to patch...

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

incomplete FTP mirrors

[Lars]

Hi,

I am not sure how and where to address this properly.

The European mirrors:
http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/
http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/

are incomplete in terms of packages for the 5.6 release.

http://ftp5.eu.openbsd.org/ftp/pub/OpenBSD/5.6/ only has packages for 
software from "a to f" while http://ftp2.eu.openbsd.org/pub/OpenBSD/5.6/ 
is completely missing the "packages" folder.


I just wanted to give a heads-up here.

Thanks

Lars

Re: Can't boot Nov 21 amd64/bsd.rd - finishes at 'entry point'...

[Jes]

I was experimenting the same behaviour in my T410. With recent snapshots 
(november) or building a new GENERIC.MP kernel after update from CVS, 
the system freezes just when the boot process starts.


I can confirm that the system boots normally after activate NX. In my 
thinkpad's bios the NX is located at:


Security / Memory Protection / Execution Prevent

I don't know if this behaviour is intentionally or a bug. In 5.6 stable 
the system boots though NX is deactivated.


I must say too that the system is much more stable doing suspend/resume. 
With 5.6 stable the system tends to hang on resume. But with current 
suspend/resume works perfect.


BR

Jes

Re: Lenovo T500 doesn't boot [Was: Re: Can't boot Nov 21 amd64/bsd.rd - finishes at 'entry point'...]

[Ryan Freeman]

On Wed, Nov 26, 2014 at 12:45:18PM -0800, Mike Larkin wrote:
> On Wed, Nov 26, 2014 at 02:48:33PM -0500, Jiri B wrote:
> > Does anybody have an archive for each amd64 snapshot?
> > I'd like to check what is the latest amd64 kernel which can
> > boot on T500. Nov 7 snapshot works OK but recent ones do not.
> > 
> > I updated bios, ran memtest86+, still same problem.
> > 
> > But... I see I don't have any getty, strange, I haven't
> > observe it before as I use X.
> 
> Can you verify you've enabled NX (sometimes called execute disable)
> in your BIOS? We made some changes in this area recently and while
> I did test on a non-NX setup, maybe we missed something. I see your
> CPUID outputs in the dmesg that works don't have NXE, which leads
> me to believe you disabled it in the BIOS for some reason (as your
> CPU does support it).
> 
> -ml

Thank you Mike!  I ran into the same problem moving from a Nov 16th
snapshot to a Nov 19th (and then Nov 20th as main mirror had one
day newer).  I had gone into my bios and checked a few things over,
i flipped the nx option and a couple other things to try, in typical
bad diagnosic fashion :( and when it was fixed wasn't sure what it
was.  thank you!  for sake of info here is my dmesg:
(mac addys removed)

-ryan

OpenBSD 5.6-current (GENERIC.MP) #583: Thu Nov 20 11:47:06 MST 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 30
real mem = 4066766848 (3878MB)
avail mem = 3954667520 (3771MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf2480 (70 entries)
bios0: vendor Dell Inc. version "A05" date 08/10/2010
bios0: Dell Inc. Latitude E6410
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC TCPA MCFG HPET BOOT SLIC SSDT
acpi0: wakeup devices AGP_(S4) P0P1(S4) DIGC(S3) UAR1(S3) HDEF(S4) PXSX(S4) 
RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) 
RP05(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.49 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 2, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 2660.01 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 11 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus 2 (RP02)
acpiprt5 at acpi0: bus 3 (RP03)
acpiprt6 at acpi0: bus 5 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "DELL F8TTW24" serial 1689 type LION oem "SMP"
acpibat1 at acpi0: BAT1 not present
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID_
acpivout0 at acpivideo1: LCD_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2400, 2399, 2266, 2133, 1999, 1866, 
1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0