doas(1) -s argument; What's the benefit?
First, thank you Mr. Unangst for a beautifully simple piece of code. The configuration file is a delight as well. I was happy to remove sudo from my servers. What I don't understand is the `-s` argument used to execute a shell. What would a corresponding doas.conf(5) look like? Can't shell execution be accomplished using doas.conf only, without the need for the doas "-s" argument? For example, the following two configurations seem to accomplish the same with the exception of the environment variables explicitly set by su(1): $ cat /etc/doas.conf permit USR as root cmd su $ doas su # $ cat /etc/doas.conf permit USR as root cmd /bin/ksh $ doas -s # Other than compatibility with `sudo -s`, what are the benefits of `doas -s`? Thank you, Clint
Re: iwm0: could not initiate 2 GHz scan
On Mon, 11 Jan 2016 13:16:53 -0700 Stefan Sperling wrote > On Mon, Jan 11, 2016 at 11:13:03AM -0700, Chris Wojo wrote: > > I'm trying to connect to a wireless access point but receive "iwm0: could > > not initiate 2 GHz scan" from dmesg. > > I'm seeing these message sometimes but they are transient > and scanning usually works fine after another attempt. > So I haven't investigated this problem yet. > > > Wondering if this is due to being in a work environment with multiple > > access points with same nwid; although I doubt that because of seeing > > different mac address. > > That shouldn't be a problem. > > Do you see this issue only in that specific environment? > Does it also occur with OpenBD 5.8 release? > > > iwm0: device timeout > > That's bad. It means the device failed to transmit. > This is probably the reason you can't connect to the AP. > So it appears that iwm0 does work on snapshot #1800 on my home wireless AP. The errors previously reported still occur on the office network where several AP's are using the same NWID. I would be more than happy to troubleshoot this so others won't run into the same problem. Thank you.
Re: [DIFF] New Year's calendar
On Tue, Jan 12, 2016 at 09:41:47PM GMT, Craig Skinner wrote: > Hi Raf, Hi Craig, > On 2016-01-11 Mon 20:33 PM |, Raf Czlonka wrote: > > On Mon, Jan 11, 2016 at 07:35:50PM GMT, Craig Skinner wrote: > > > > > > This isn't _perfect_, but it could be a resonable starting point: > > > > > > +04/01April Fool's Day > > > > This I'm not entirely sure of but both Google and Wikipedia use plural > > possessive - "April Fools' Day". > > > > The Canadian file was used as a starting point, & the U.S. file has the > same entry: > > $ fgrep -iR Fool * > calendar.canada:04/01 April Fool's Day > calendar.united-kingdom:04/01 April Fool's Day > calendar.usholiday:04/01April Fool's Day As Jason already mentioned, singular possessive "Fool's" seems to be chiefly North American, whereas in UK plural possessive "Fools'" appears to be more common. > > > +11/05Guy Fawkes' Day > > > > If Google search results are anything to go by, then "Guy Fawkes Night" > > might be a bit better as it returns slightly more results. Regardless > > how you call it, however, it's neither possessive, nor plural. > > > > Night it is, thanks! > > The .history file has it as: > Guy Fawkes' Plot, 1605 > > "Fawkes" was his surname, with the 's' included. > > http://en.wikipedia.org/wiki/Guy_Fawkes_Night > Sure, I'm aware of that. What I was referring to was that usually the apostrophe is omitted and it is written "Guy Fawkes Day/Night", which I said that it's not possessive and Jason corrected me, as it obviously is - it's simply doesn't appear as such when written that way. The way you wrote it (Fawkes') is usual for plural possessive and at first it would seem that, if using an apostrophe, Fawkes's would have been more appropriate. However, after some reeducation, I can see that it is not the case, as the "rules" are all over the place and they vary from country to country, or region to region. I'll shut up now :^) BTW, also +1 for Bonfire Night as it is indeed referred to as such more often than the former. Regards, Raf
Re: [DIFF] New Year's calendar
Hi Stuart, On 2016-01-12 Tue 18:14 PM |, Stuart Henderson wrote: > > > >> > +11/05 Guy Fawkes' Day > >> > > +1 for bonfire night. It looks like there's a different bonfire night > in N.Ireland though. > Ahhh yes, you're right. Keeping it the traditional name of Guy Fawkes' Night would solve the clash there. It is usually also called that in many of the 72 British Commonwealth countries, such as New Zealand. > April Fools, solstices and equinoxes aren't just UK. > There are lots of internationally popular events to consolidate into .holiday, which involve changing a pile of files: $ fgrep -iR Fool * calendar.canada:04/01 April Fool's Day calendar.united-kingdom:04/01 April Fool's Day calendar.usholiday:04/01April Fool's Day To my mind, that is fairly internationally recognised, so could be doing with shifting from .canada & .usholiday into .holiday. This also is pretty global: $ fgrep -iR Valentine * calendar.canada:02/14 St. Valentine's Day calendar.usholiday:02/14St. Valentine's Day The solstices and equinoxes are already in a variety of files. To my thinking, they could be doing with consolidation into just 1 file, probably .pagan: $ fgrep -iR solst * calendar.canada:06/21* Summer Solstice calendar.canada:12/21* Winter Solstice calendar.pagan:06/202nd Quarter Day - Summer Solstice calendar.pagan:12/204th Quarter Day - Winter Solstice calendar.united-kingdom:06/21* Summer Solstice calendar.united-kingdom:12/21* Winter Solstice calendar.usholiday:06/21* Summer Solstice calendar.usholiday:12/21* Winter Solstice $ fgrep -iR equino * calendar.canada:03/20* Vernal Equinox calendar.canada:09/22* Autumnal Equinox calendar.pagan:03/191st Quarter Day - Spring (Vernal) Equinox calendar.pagan:09/213rd Quarter Day - Fall (Autumnal) Equinox calendar.united-kingdom:03/20* Vernal Equinox calendar.united-kingdom:09/22* Autumnal Equinox calendar.usholiday:03/20* Vernal Equinox calendar.usholiday:09/22* Autumnal Equinox What also jumps out at me is those seasonal qualifiers are only valid for half the planet, and are swapped about for the hemispheres. I just duplicated & left them as I don't know if there is any pagan significance to the naming of them. In my New Zealand file, I simply swapped the seasons about. As it was getting complicated (there's other items too), I made an imperfect U.K. file, with mininal interruption to existing files. What's the order of business here? *) Get a semi shipshape U.K. file imported soon? *) Consolidate as much as possible first? I'm OK with slowly chugging through some sort of tidy up of common items, a diff for a Day. Which could take time & be divisive...
Re: [DIFF] New Year's calendar
Hi Raf, On 2016-01-11 Mon 20:33 PM |, Raf Czlonka wrote: > On Mon, Jan 11, 2016 at 07:35:50PM GMT, Craig Skinner wrote: > > > > This isn't _perfect_, but it could be a resonable starting point: > > > > +04/01 April Fool's Day > > This I'm not entirely sure of but both Google and Wikipedia use plural > possessive - "April Fools' Day". > The Canadian file was used as a starting point, & the U.S. file has the same entry: $ fgrep -iR Fool * calendar.canada:04/01 April Fool's Day calendar.united-kingdom:04/01 April Fool's Day calendar.usholiday:04/01April Fool's Day > > +11/05 Guy Fawkes' Day > > If Google search results are anything to go by, then "Guy Fawkes Night" > might be a bit better as it returns slightly more results. Regardless > how you call it, however, it's neither possessive, nor plural. > Night it is, thanks! The .history file has it as: Guy Fawkes' Plot, 1605 "Fawkes" was his surname, with the 's' included. http://en.wikipedia.org/wiki/Guy_Fawkes_Night
Re: Doubts about groups who have made Free-to-Non-Free transition and groups that are all free
Jorge Luis wrote: OpenBSD was the first operating system I can't parse legal arguments with any degree of expertise. I simply bless the day I found OpenBSD! I now use the BSD-2 license for all my own open source software. Long live truly free software, despite a world-wide legal climate increasingly hostile to the existence of same. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: [DIFF] New Year's calendar
On 2016-01-11, Jason McIntyre wrote: > On Mon, Jan 11, 2016 at 08:33:56PM +, Raf Czlonka wrote: >> > +04/01 April Fool's Day >> >> This I'm not entirely sure of but both Google and Wikipedia use plural >> possessive - "April Fools' Day". >> > > oxford style manual notes "Fool's" (singular) as being of US in origin, > and "Fools'" as UK. i would probably use "Fools'" myself. > >> > +11/05 Guy Fawkes' Day >> >> If Google search results are anything to go by, then "Guy Fawkes Night" >> might be a bit better as it returns slightly more results. Regardless >> how you call it, however, it's neither possessive, nor plural. >> > > it is possessive. but it may well be more usually written without the > apostrophe. apostrophes often get applied illogically. i can;t say in > this case, since i can;t find anything definitive. personally i would > use an apostrophe. but everyone i know calls it bonfire night. +1 for bonfire night. It looks like there's a different bonfire night in N.Ireland though. April Fools, solstices and equinoxes aren't just UK.
Doubts about groups who have made Free-to-Non-Free transition and groups that are all free
It is written in Openbsd Lyrics: "David Dawes worked for years with a team of developers to make a free X11 distribution for us to use, called XFree86, 98% of which was based on entirely free code from MIT. Suddenly, one day, he decided that we must give him more credit (ie. advertise his name) or stop using it. Within about 4 months every project had told him to get stuffed, and the community has created a replacement effort. Now his team cannot even keep their web pages up to date... OpenBSD was the first operating system to integrate a packet filter, and it was the ipf codebase from Darren Reed that we chose. But a few years later he told us that we were not free to make changes to the code. So we deleted ipf, and our new packet filter far exceeds the capabilities of the one he wrote. And other projects are switching too... The Apache group started from the humble beginnings of just being 'a patchy' set of changes to a completely free web server of dubious quality. But the years have changed them, and what they supply is now quite non-free... released under a license so entangled in legalese that we have absolutely no doubt that there are encumbrances hidden within. Legal terms protect. Who are they protecting? Not your freedom. " Reference: http://www.openbsd.org/lyrics.html#36 What are all the others groups who have made Free-to-Non-Free transition? Because groups have made Free-to-Non-Free transition? What are all the groups who are all free? What are the operating systems that ship without blobs? What are the groups that ship without NDA? What are the others groups that ship without the other project non-free? I want programme and use only software and hardware that are all free in hobby, no blobs, no NDA... -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/Doubts-about-groups-who-have-made-Free-to-Non-Free-transition-and-groups-that-are-all-free-tp287434.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: iwm0: could not initiate 2 GHz scan
On Mon, Jan 11, 2016 at 11:13:03AM -0700, Chris Wojo wrote: Hello Chris, > Currently, I'm running a snapshot 5.9-beta # 1800. > > I'm trying to connect to a wireless access point but receive "iwm0: could > not initiate 2 GHz scan" from dmesg. > > dhclient comes back with no link. I saw this yesterday on a recent snapshot, although in an odd way. Despite the "could not initiate 2GHz scan" message, I could connect to a 2GHz network, but not a 5GHz one (with the same symptoms you saw: dhclient saying there was no link). Laurie -- Personal http://tratt.net/laurie/ Software Development Teamhttp://soft-dev.org/ https://github.com/ltratt http://twitter.com/laurencetratt
Re: PF: can't make queueing and priority work as expected
On Tue, Jan 12, 2016 at 05:33:06AM -0700, Daniel Melameth wrote: > On Mon, Jan 11, 2016 at 9:37 PM, David Gwynne wrote: > >> On 11 Jan 2016, at 22:43, Daniel Melameth wrote: > >> On Sun, Jan 10, 2016 at 7:58 AM, Marko Cupa?? > wrote: > >>> On Sat, 9 Jan 2016 11:11:27 -0700 > >>> Daniel Melameth wrote: > You NEED to set a max on your ROOT queues. > >>> I came to this conclusion as well. But not only on root queues. For > >>> example, when max is set on root queue but only bandwidth on child > >>> queues, no shaping takes place... > >> This works for me. > >>> Or, to cut the long story short, if someone can paste queue definition > >>> which accomplishes 'give both queues max bandwidth, but throttle > >>> traffic from first queue when traffic from the second one arrives', I > >>> will be more than happy to quit bothering misc@ list readers with my > >>> rants and observations. > >> I would expect this to be possible with prio alone, but I've never > >> been able to get it to work. Perhaps I'm misunderstanding how prio > >> works. > > prio is basically an array of lists of packets to be transmitted. high > priority packets go on a different list to low priority packets. > > > > the problem is the way packets go on and off these lists. basically as soon > as a packet is queued on one of these lists for transmission, we call the > driver immediately to send it. generally as soon as a packet is queued on the > interface, it immediately gets dequeued by the driver and transmitted on the > hardware. > > > > it is only when you build up a backlog of packets that priq can come into > effect. the only way you can build up a backlog of packets is if your hardware > is slower at transmitting packets than the thing that generates these packets > to send. > > > > in your case you're probably getting packets from a relatively slow internet > connection and transmitting them on a high speed local network. the transmit > hardware is almost certainly going to be faster than your source of packets, > so you'll never build up a queue of backlogged packets, so prio is effectively > a nop. > > > > dlg > > Thanks for taking the time to chime in guys. Prior to implementing > any queueing, I tested this stuff out on a LAN--so no slower > connectionswere involved--and I was unable to see prio in action, at > least not with any observable similarity to ALTQ's PRIQ. > > A simple rule set: > > match out on egress proto tcp to port 12345 set prio 7 > match out on egress proto tcp to port 12346 set prio 0 > pass > > Using tcpbench to push packets into both queues, I would have expected > the packets destined for port 12346 to get throttled, but both flows > simply reached an equilibrium, which I would have expected without > prio. Under PRIQ, I would have seen the flow to port 12346 get almost > completely starved of bandwidth. When doing non-prio queuing with a > similarly simple ruleset, both flows properly matched their target > bandwidth. This assumes that you manage to fill the TX interface queue to a level that it always fills the tx DMA rings before being empty. On high speed interfaces this most of the time not the case and so both sessions are able to reach the maximum bandwidth. To be honest prio queue only make sense when you have a slow interface (10Mbps) or a shaper in place that causes the queue to fill up. There is currently no shaper you can use together with the prio queues so only option one remains. -- :wq Claudio
Re: PF: can't make queueing and priority work as expected
On Mon, Jan 11, 2016 at 9:37 PM, David Gwynne wrote: >> On 11 Jan 2016, at 22:43, Daniel Melameth wrote: >> On Sun, Jan 10, 2016 at 7:58 AM, Marko Cupać wrote: >>> On Sat, 9 Jan 2016 11:11:27 -0700 >>> Daniel Melameth wrote: You NEED to set a max on your ROOT queues. >>> I came to this conclusion as well. But not only on root queues. For >>> example, when max is set on root queue but only bandwidth on child >>> queues, no shaping takes place... >> This works for me. >>> Or, to cut the long story short, if someone can paste queue definition >>> which accomplishes 'give both queues max bandwidth, but throttle >>> traffic from first queue when traffic from the second one arrives', I >>> will be more than happy to quit bothering misc@ list readers with my >>> rants and observations. >> I would expect this to be possible with prio alone, but I've never >> been able to get it to work. Perhaps I'm misunderstanding how prio >> works. > prio is basically an array of lists of packets to be transmitted. high priority packets go on a different list to low priority packets. > > the problem is the way packets go on and off these lists. basically as soon as a packet is queued on one of these lists for transmission, we call the driver immediately to send it. generally as soon as a packet is queued on the interface, it immediately gets dequeued by the driver and transmitted on the hardware. > > it is only when you build up a backlog of packets that priq can come into effect. the only way you can build up a backlog of packets is if your hardware is slower at transmitting packets than the thing that generates these packets to send. > > in your case you're probably getting packets from a relatively slow internet connection and transmitting them on a high speed local network. the transmit hardware is almost certainly going to be faster than your source of packets, so you'll never build up a queue of backlogged packets, so prio is effectively a nop. > > dlg Thanks for taking the time to chime in guys. Prior to implementing any queueing, I tested this stuff out on a LAN--so no slower connectionswere involved--and I was unable to see prio in action, at least not with any observable similarity to ALTQ's PRIQ. A simple rule set: match out on egress proto tcp to port 12345 set prio 7 match out on egress proto tcp to port 12346 set prio 0 pass Using tcpbench to push packets into both queues, I would have expected the packets destined for port 12346 to get throttled, but both flows simply reached an equilibrium, which I would have expected without prio. Under PRIQ, I would have seen the flow to port 12346 get almost completely starved of bandwidth. When doing non-prio queuing with a similarly simple ruleset, both flows properly matched their target bandwidth.
Re: PF: can't make queueing and priority work as expected
On Tue, 12 Jan 2016 14:37:49 +1000 David Gwynne wrote: > prio is basically an array of lists of packets to be transmitted. high > priority packets go on a different list to low priority packets. > the problem is the way packets go on and off these lists. basically > as soon as a packet is queued on one of these lists for transmission, > we call the driver immediately to send it. generally as soon as a > packet is queued on the interface, it immediately gets dequeued by > the driver and transmitted on the hardware. > > it is only when you build up a backlog of packets that priq can come > into effect. the only way you can build up a backlog of packets is if > your hardware is slower at transmitting packets than the thing that > generates these packets to send. > > in your case you're probably getting packets from a relatively slow > internet connection and transmitting them on a high speed local > network. the transmit hardware is almost certainly going to be faster > than your source of packets, so you'll never build up a queue of > backlogged packets, so prio is effectively a nop. > > dlg > David, Thank you for the explanation of the mechanism. As you say, I am getting packets from a relatively slow internet connection (10M/1M), and transmitting them on a high speed (1G) local network. NICs are 1G. I guess this is standard for majority of smaller deployments (homes, smaller businesses). Besides what you explained now, I don't have the knowledge of underlying queueing mechanisms of PF. But from what you said, it seems logical that it should be possible to build up a queue of backlogged packets not only by hitting physical limit of the hardware, but also by setting logical limit. Otherwise PF prio is only useful to ISPs who can saturate 1G or 10G links. This may sound stupid, but perhaps it would be possible to keep prio values on packets in child queues and let all those queues transfer packets to additional 'outbound' queue before letting driver send it. Something like frame-relay, but not only flagging packets with discard bits and drop them first in cases of congestion, but something more intelligent, which takes into account target, min and max bandwiths, bursts and their timeperiods, priorities... ...which describes the idea of ALTQ HFSC. Which people who know what they are talking say wasn't working. But current queueing mechanism doesn't work for a lot of setups either. Now what? -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/