Re: Bad network performance on apu2c4

[Christer Solskogen]

On Thu, Nov 9, 2017 at 1:42 AM, Rupert Gallagher 
wrote:

> New speed record today: 963Mbps between apu2c4 and a PC, both ways.
>
>
I never get above 550Mbit with pf enabled.

Re: Debugging a php's script startup

[C. L. Martinez]

On Wed, Nov 08, 2017 at 08:43:55PM +0100, Martijn van Duren wrote:
> Hello C.,
> 
> Can you start up the daemon process from the CLI (without the rc
> script)? If not and it still has the same error message as below (which
> I reckon it will) you might want to change your mysqli.default_socket =
> in your /etc/php-7.0.ini.
> Do note however that this will also affect php-fpm and mod_php which run
> chrooted by default (hence the weird path), so if you need those installs
> unaffected try to create a custom ini-file and specify it with -c as a
> php-argument.
> 
> Also note that php is not designed to write daemons in and should only
> be done if there are no other options. The rc-script won't restart your
> daemon automatically if it crashes.
> 
> Hope this helps.
> 
> martijn@
> 
> > 

Wow!! ... Many many thanks Martijn. I have added "-c" switch to daemon_args and 
created another .ini file for this "daemon", and it works. Here it is:

#!/bin/sh -x
#

daemon="/usr/local/bin/php-7.0"
daemon_flags="-c /etc/tt-rss/php-7.0.ini /var/www/htdocs/rss/update_daemon2.php 
--log /tmp/update_rss.log"
daemon_user="www"

. /etc/rc.d/rc.subr

pexp="${daemon}${daemon_flags:+ ${daemon_flags}}"

rc_bg=YES
rc_reload=NO

rc_post() {
rm -f /var/www/htdocs/rss/lock/update_daemon.lock
}

rc_cmd $1

 Inside .ini I have configured mysqli.default_socket option:

mysqli.default_socket = /var/www/var/run/mysql/mysql.sock

-- 
Greetings,
C. L. Martinez

Re: Debugging a php's script startup

[Martijn van Duren]

Hello C.,

Can you start up the daemon process from the CLI (without the rc
script)? If not and it still has the same error message as below (which
I reckon it will) you might want to change your mysqli.default_socket =
in your /etc/php-7.0.ini.
Do note however that this will also affect php-fpm and mod_php which run
chrooted by default (hence the weird path), so if you need those installs
unaffected try to create a custom ini-file and specify it with -c as a
php-argument.

Also note that php is not designed to write daemons in and should only
be done if there are no other options. The rc-script won't restart your
daemon automatically if it crashes.

Hope this helps.

martijn@

On 11/08/17 20:22, C. L. Martinez wrote:
> Hi all,
> 
>  I am trying to setup a startup file for TT-Rss (installed under OpenBSD 6.2 
> host, fully patched). This is the script:
> 
> #!/bin/sh -x
> #
> 
> daemon="/usr/local/bin/php-7.0"
> daemon_flags="/var/www/htdocs/rss/update_daemon2.php --log 
> /tmp/update_rss.log"
> daemon_user="www"
> 
> . /etc/rc.d/rc.subr
> 
> pexp="${MODPHP_BIN} ${daemon}${daemon_flags:+ ${daemon_flags}}"
> 
> rc_bg=YES
> rc_reload=NO
> 
> rc_post() {
> rm -f /var/www/htdocs/rss/lock/update_daemon.lock
> }
> 
> rc_cmd $1
> 
>  And when I try to start it, this is the output:
> 
> root@rssweb:/etc/rc.d# ./tt_rss start
> + daemon=/usr/local/bin/php-7.0
> + daemon_flags=/var/www/htdocs/rss/update_daemon2.php --log 
> /tmp/update_rss.log
> + daemon_user=www
> + . /etc/rc.d/rc.subr
> + _rc_actions=start stop restart reload check
> + readonly _rc_actions
> + [ -n  ]
> + basename ./tt_rss
> + _name=tt_rss
> + _rc_check_name tt_rss
> + [ -n /usr/local/bin/php-7.0 ]
> + unset _RC_DEBUG _RC_FORCE
> + getopts df c
> + shift 0
> + _RC_RUNDIR=/var/run/rc.d
> + _RC_RUNFILE=/var/run/rc.d/tt_rss
> + _rc_do _rc_parse_conf
> + eval _rcflags=${tt_rss_flags}
> + _rcflags=
> + eval _rcrtable=${tt_rss_rtable}
> + _rcrtable=
> + eval _rcuser=${tt_rss_user}
> + _rcuser=
> + eval _rctimeout=${tt_rss_timeout}
> + _rctimeout=
> + getcap -f /etc/login.conf tt_rss
> + > /dev/null 
> + 2>&1 
> + daemon_class=daemon
> + [ -z  ]
> + daemon_rtable=0
> + [ -z www ]
> + [ -z  ]
> + daemon_timeout=30
> + [ -n  -o start != start ]
> + [ -n  ]
> + [ -n  ]
> + [ -n  ]
> + [ -n  ]
> + [ -n  ]
> + readonly daemon_class
> + unset _rcflags _rcrtable _rcuser _rctimeout
> + pexp=/usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
> /tmp/update_rss.log
> + rcexec=su -l -c daemon -s /bin/sh www -c
> + [ 0 -eq 0 ]
> + pexp= /usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
> /tmp/update_rss.log
> + rc_bg=YES
> + rc_reload=NO
> + rc_cmd start
> tt_rss(failed)
> 
>  pexp's option seems good ... I think the problem is with 'www' user and with 
> this command: "su -l -c daemon -s /bin/sh www -c". Launching from console 
> returns an error:
> 
> root@rssweb:/etc/rc.d# su -l -c daemon -s /bin/sh www -c 
> '/usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
> /tmp/update_rss.log'
> PHP Warning:  mysqli_connect(): (HY000/2002): Can't connect to local MySQL 
> server through socket '/var/run/mysql/mysql.sock' (2 "No such file or 
> directory") in /var/www/htdocs/rss/classes/db/mysqli.php on line 8
> Unable to connect to database (as rss to localhost, database dbrss): Can't 
> connect to local MySQL server through socket '/var/run/mysql/mysql.sock'
> 
>  mysql's socket is created under www's chroot like in pkg-readme says: 
> srwxrwxrwx  1 _mysql  _mysql  0 Nov  8 17:45 /var/www/var/run/mysql/mysql.sock
> 
>  If I am not wrong, then, how can I configure this startup script?
> 
> Thanks
> 

Debugging a php's script startup

[C. L. Martinez]

Hi all,

 I am trying to setup a startup file for TT-Rss (installed under OpenBSD 6.2 
host, fully patched). This is the script:

#!/bin/sh -x
#

daemon="/usr/local/bin/php-7.0"
daemon_flags="/var/www/htdocs/rss/update_daemon2.php --log /tmp/update_rss.log"
daemon_user="www"

. /etc/rc.d/rc.subr

pexp="${MODPHP_BIN} ${daemon}${daemon_flags:+ ${daemon_flags}}"

rc_bg=YES
rc_reload=NO

rc_post() {
rm -f /var/www/htdocs/rss/lock/update_daemon.lock
}

rc_cmd $1

 And when I try to start it, this is the output:

root@rssweb:/etc/rc.d# ./tt_rss start
+ daemon=/usr/local/bin/php-7.0
+ daemon_flags=/var/www/htdocs/rss/update_daemon2.php --log /tmp/update_rss.log
+ daemon_user=www
+ . /etc/rc.d/rc.subr
+ _rc_actions=start stop restart reload check
+ readonly _rc_actions
+ [ -n  ]
+ basename ./tt_rss
+ _name=tt_rss
+ _rc_check_name tt_rss
+ [ -n /usr/local/bin/php-7.0 ]
+ unset _RC_DEBUG _RC_FORCE
+ getopts df c
+ shift 0
+ _RC_RUNDIR=/var/run/rc.d
+ _RC_RUNFILE=/var/run/rc.d/tt_rss
+ _rc_do _rc_parse_conf
+ eval _rcflags=${tt_rss_flags}
+ _rcflags=
+ eval _rcrtable=${tt_rss_rtable}
+ _rcrtable=
+ eval _rcuser=${tt_rss_user}
+ _rcuser=
+ eval _rctimeout=${tt_rss_timeout}
+ _rctimeout=
+ getcap -f /etc/login.conf tt_rss
+ > /dev/null 
+ 2>&1 
+ daemon_class=daemon
+ [ -z  ]
+ daemon_rtable=0
+ [ -z www ]
+ [ -z  ]
+ daemon_timeout=30
+ [ -n  -o start != start ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ [ -n  ]
+ readonly daemon_class
+ unset _rcflags _rcrtable _rcuser _rctimeout
+ pexp=/usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
/tmp/update_rss.log
+ rcexec=su -l -c daemon -s /bin/sh www -c
+ [ 0 -eq 0 ]
+ pexp= /usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
/tmp/update_rss.log
+ rc_bg=YES
+ rc_reload=NO
+ rc_cmd start
tt_rss(failed)

 pexp's option seems good ... I think the problem is with 'www' user and with 
this command: "su -l -c daemon -s /bin/sh www -c". Launching from console 
returns an error:

root@rssweb:/etc/rc.d# su -l -c daemon -s /bin/sh www -c 
'/usr/local/bin/php-7.0 /var/www/htdocs/rss/update_daemon2.php --log 
/tmp/update_rss.log'
PHP Warning:  mysqli_connect(): (HY000/2002): Can't connect to local MySQL 
server through socket '/var/run/mysql/mysql.sock' (2 "No such file or 
directory") in /var/www/htdocs/rss/classes/db/mysqli.php on line 8
Unable to connect to database (as rss to localhost, database dbrss): Can't 
connect to local MySQL server through socket '/var/run/mysql/mysql.sock'

 mysql's socket is created under www's chroot like in pkg-readme says: 
srwxrwxrwx  1 _mysql  _mysql  0 Nov  8 17:45 /var/www/var/run/mysql/mysql.sock

 If I am not wrong, then, how can I configure this startup script?

Thanks
-- 
Greetings,
C. L. Martinez

Re: spamd.conf with rsync and DNS-based lists

[Pierre Emeriaud]

2017-11-08 17:01 GMT+01:00 Mark Carroll :
> I am looking to expand my spamd.conf's blacklisting and I now see that
> some providers prefer one to rsync their blacklist rather than simply
> fetching it and more others make their lists queryable by DNS only.

> Is there a "good" OpenBSD way to do it or maybe the whole idea is
> ill-conceived.

I'd say go with bgp-spamd (http://bgp-spamd.net), but that's the
networker I am talking :)

Peter Hessler gave several talks about it, here are the slides from
one of his talks:
https://www.openbsd.org/papers/asiabsdcon2015-bgp-spamd.pdf

Re: Suppessing logging of arp movement messages

[torsten]

> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of OpenBSD
> Sent: 08 November 2017 15:44
> To: misc@openbsd.org
> Subject: Suppessing logging of arp movement messages
> 
> hello all,
> 
> I have finally build an internet gateway with OpenBSD 6.2 (AMD64),
> including pf and IPSec. Great stuff.
> Now I am seeing a lot of arp movement, that I know are caused by
> Apple's Bonjour Sleep Proxy.
> 
> Nov  8 00:00:27 gatekeeper /bsd: arp info overwritten for 192.168.20.99
> by 00:46:ab:ba:19:87 on vmx0 Nov  8 00:00:58 gatekeeper /bsd: arp info
> overwritten for 192.168.20.99 by 9c:ab:3b:ca:fe:99 on vmx0 Nov  8
> 00:01:57 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by
> 00:46:ab:ba:19:87 on vmx0 Nov  8 00:02:04 gatekeeper /bsd: arp info
> overwritten for 192.168.20.99 by 9c:ab:3b:ca:fe:99 on vmx0 Nov  8
> 00:02:35 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by
> 00:46:ab:ba:19:87 on vmx0 Nov  8 00:03:28 gatekeeper /bsd: arp info
> overwritten for 192.168.20.99 by 9c:ab:3b:ca:fe:99 on vmx0 Nov  8
> 00:03:42 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by
> 00:46:ab:ba:19:87 on vmx0 Nov  8 00:04:27 gatekeeper /bsd: arp info
> overwritten for 192.168.20.99 by 9c:ab:3b:ca:fe:99 on vmx0
> 
> These messages are repeating every 15-30 seconds for Apple devices like
> laptops that are in standby (sleep mode).
> 
> On pfSense and FreeBSD you have a sysctl:
> net.link.ether.inet.log_arp_movements
> when set to zero it will no longer log the messages.
> 
> Discussions can be found on internet dating back to 2010, but no
> solution has been provided for what I could find.
> I have not yet found any sysctl in OpenBSD to do the same. Did I miss
> something or does OpenBSD have any trick to not log these messages.
> Currently these messages are filling up the logs /var/run/dmesg.boot
> and /var/log/messages.
> 
> Marco PC

Mi Marco
In freebsd is is usually done with 
sysctl net.link.ether.inet.log_arp_movements=0

and I guess this applies to openbsd too.
T

spamd.conf with rsync and DNS-based lists

[Mark Carroll]

I am looking to expand my spamd.conf's blacklisting and I now see that
some providers prefer one to rsync their blacklist rather than simply
fetching it and more others make their lists queryable by DNS only.

I am not missing some easy rsync syntax for spamd.conf right? It is a
sufficient workaround to just rsync to a local file then have the base
spamd look at that. The fast table lookups that pf can do are great.

As for the DNSBLs, last year Clint Pachl kindly shared a spamd-dnsbl
script here which every few minutes looks to trap hosts while they are
graylisted. Also promising is https://github.com/echothrust/pf-diverters
though the README warns "IN NO-WAY PRODUCTION READY" and dnsbl-divert
is "still work-in-progress" and there are no recent commits. Maybe it's
more reliable than it seems though I am still trying to understand the
implications of a divert-packet to something that then does DNS lookups:
this is a side of pf that's new to me.

For using IP blacklists to immediately divert senders to spamd, it'd be
interesting to try Spamhaus Zen and similar. How are people approaching
this? Is there a "good" OpenBSD way to do it or maybe the whole idea is
ill-conceived.

-- Mark

Re: mandoc -Tlint requires Mdocdate and RCS id

[Ingo Schwarze]

Hi Jan,

Jan Stary wrote on Wed, Nov 08, 2017 at 04:13:19PM +0100:

> this is a minimalized manpage that currently fails mandoc -Tlint:
> 
> .Dd November 8, 2017
> .Dt AUDIO 3
> .Os
> .Sh NAME
> .Nm libaudio

This is broken, .Dt/.Nm mismatch.
Mandoc should probably warn, but doesn't.

> .Nd manipulate digital audio formats and files
> .Sh SYNOPSIS
> .In audio.h
> .Ft AUFILE*

Missing blank, same problem reappears twice below.

> .Fn au_open "const char* path" "AUMODE mode" "AUINFO* info"
> .Ft int
> .Fn au_close "AUFILE* file"
> .Sh DESCRIPTION
> .Nm
> provides a simple uniform interface to manipulating
> digital audio data in various formats and file types.
> .Sh RETURN VALUES
> .Fn au_open
> returns a pointer to an initialized
> .Ft AUFILE

That ought to be .Vt.

> structure, or NULL

Missing .Dv.

> if an error occurs.
> .Fn au_close
> returns 0 upon successfully closing the file,
> or -1 if an error occurs.
> 
> $ mandoc -Tlint /tmp/libaudio.3  
> mandoc: /tmp/libaudio.3:1:5: STYLE: Mdocdate missing: Dd November (OpenBSD)
> mandoc: /tmp/libaudio.3: STYLE: RCS id missing: (OpenBSD)
> 
> I remember this was not the case.

True, this feature is newish.

> Is it considered bad style if
> a manpage does not have "$Mdocdate: ... $" and a RCS id such as
> .\" $OpenBSD: ls.1,v 1.79 2016/10/24 13:46:58 schwarze Exp $ ?

No.

Try

  $ mandoc -Tlint -Wstyle tmp.1

and you will see that it does not raise a STYLE message.

> I tried looking for this -Tlint change in cvsweb but could not find it.

RTFS is good, but RTFM first:

  https://man.openbsd.org/mandoc.1#base

> This particular manpage is stored in git repo and does not have a RCS id.
> In fact, it uses none of the $...$ constructs of CVS.

For checking manual pages of portable software,

  mandoc -Tlint -Wstyle

is recommended, and

  mandoc -Tlint -Wbase

is excessive.

> Is this enforced for base manpages,

Exactly.

> so that the OpenBSD mandoc requires it, while the portable mandoc
> does not require it?

No.  OpenBSD and portable mandoc do not differ in functionality -
oh well, with very few exceptions, for example portable mandoc
honours .Lb while OpenBSD partially ignores it.

Both do checking based on the -W and -Ios= arguments, and -Ios=
defaults to what uname(3) returns.

If you test on a different operating system, or if you run the
OpenBSD version but test *for* a different system, you will see
results that differ in just these tiny details:

  schwarze@isnote $ uname -a
  OpenBSD isnote.usta.de 6.2 GENERIC.MP#123 amd64
  schwarze@isnote $ mandoc -Tlint tmp.1; echo $? 
  mandoc: tmp.1:1:5: STYLE: Mdocdate missing: Dd November (OpenBSD)
  mandoc: tmp.1: STYLE: RCS id missing: (OpenBSD)
  1
  schwarze@isnote $ mandoc -Tlint -I os=Linux tmp.1; echo $?
  0
  schwarze@isnote $ mandoc -Tlint -Wnetbsd tmp.1; echo $?
  mandoc: tmp.1: STYLE: RCS id missing: (NetBSD)
  1

> I don't find it bad style in general to not have a RCS id ...

Everybody i talked to agrees with that, and so do i.

But when i originally made the message

  mandoc: tmp.1:1:5: BASE: Mdocdate missing: Dd November (OpenBSD)

people rightfully complained that BASE is not only hard to understand
but also sounds much too scary, much too serious, as if something
were fundamentally broken.  So we agreed to print "STYLE:" in the
message.

Yours,
  Ingo

Suppessing logging of arp movement messages

[OpenBSD]

hello all,

I have finally build an internet gateway with OpenBSD 6.2 (AMD64), including pf 
and IPSec. Great stuff. 
Now I am seeing a lot of arp movement, that I know are caused by Apple's 
Bonjour Sleep Proxy.

Nov  8 00:00:27 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
00:46:ab:ba:19:87 on vmx0
Nov  8 00:00:58 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
9c:ab:3b:ca:fe:99 on vmx0
Nov  8 00:01:57 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
00:46:ab:ba:19:87 on vmx0
Nov  8 00:02:04 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
9c:ab:3b:ca:fe:99 on vmx0
Nov  8 00:02:35 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
00:46:ab:ba:19:87 on vmx0
Nov  8 00:03:28 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
9c:ab:3b:ca:fe:99 on vmx0
Nov  8 00:03:42 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
00:46:ab:ba:19:87 on vmx0
Nov  8 00:04:27 gatekeeper /bsd: arp info overwritten for 192.168.20.99 by 
9c:ab:3b:ca:fe:99 on vmx0

These messages are repeating every 15-30 seconds for Apple devices like laptops 
that are in standby (sleep mode).

On pfSense and FreeBSD you have a sysctl: net.link.ether.inet.log_arp_movements
when set to zero it will no longer log the messages.

Discussions can be found on internet dating back to 2010, but no solution has 
been provided for what I could find.
I have not yet found any sysctl in OpenBSD to do the same. Did I miss something 
or does OpenBSD have any trick to not log these messages.
Currently these messages are filling up the logs /var/run/dmesg.boot and 
/var/log/messages.

Marco PC

Re: iked + gif + ospfd - use null-route to stop default route being used in case of no vpn

[Kim Zeitler]

On 11/08/17 08:37, Claudio Jeker wrote:

On Tue, Nov 07, 2017 at 04:13:51PM +0100, Jeremie Courreges-Anglas wrote:

On Tue, Nov 07 2017, Kim Zeitler  wrote:

On 11/07/17 15:31, Jeremie Courreges-Anglas wrote:

On Tue, Nov 07 2017, Stuart Henderson  wrote:




I have a question concerning routes and ospf.
We are using iked(8) with a gif(4) interface and ospfd(8) to set up=20
routing.

If the ipsec tunnel is down, no ospf route is set and the default route=20
used.

Is it sensible and possible to add a null-route from the vpn-gateway to=20
the remote-networks so a 'Network not reachable' is sent immediately?


Sensible - yes.

Possible - not sure but I think you would probably need to monitor the ipsec
status and add the route and/or gif interface only once the SA is up.


I may be missing something, but maybe just add a -reject route with
a low -priority for each of your ospf routes?  When an ospf route
disappears the -reject one would be preferred.

(And if all your "vpn" routes are in a common prefix, you can just use
a single -reject route for that prefix and let more-specifics win.)


something like this was actually my plan. just wasn't so sure if one
actually does it like this or if there are other ways of doing it.

so basically a
route add -inet 172.16/12 -reject -priority 33
would suffice (33 as the ospf routes have a prio of 32)


Yes, but I think that what Stuart points out is that your gif tunnel
might be used even if ipsec isn't protecting it...



I use pf(4) to make sure that gif is not leaking outside of the enc
interface (more or less):
block out proto { ipencap ipv6 }
pass on enc0 keep state (if-bound)

Using if-bound is needed else the enc0 state would float to the egress
interface.



I want to thank all for there time and answers.

not sure how I will implement this yet, but Stuart's and Claudio's 
clearly made me think a bit further.


Cheers,
Kim



smime.p7s
Description: S/MIME Cryptographic Signature

mandoc -Tlint requires Mdocdate and RCS id

[Jan Stary]

Hi Ingo,

this is a minimalized manpage that currently fails mandoc -Tlint:

.Dd November 8, 2017
.Dt AUDIO 3
.Os
.Sh NAME
.Nm libaudio
.Nd manipulate digital audio formats and files
.Sh SYNOPSIS
.In audio.h
.Ft AUFILE*
.Fn au_open "const char* path" "AUMODE mode" "AUINFO* info"
.Ft int
.Fn au_close "AUFILE* file"
.Sh DESCRIPTION
.Nm
provides a simple uniform interface to manipulating
digital audio data in various formats and file types.
.Sh RETURN VALUES
.Fn au_open
returns a pointer to an initialized
.Ft AUFILE
structure, or NULL if an error occurs.
.Fn au_close
returns 0 upon successfully closing the file,
or -1 if an error occurs.

$ mandoc -Tlint /tmp/libaudio.3  
mandoc: /tmp/libaudio.3:1:5: STYLE: Mdocdate missing: Dd November (OpenBSD)
mandoc: /tmp/libaudio.3: STYLE: RCS id missing: (OpenBSD)

I remember this was not the case. Is it considered bad style if
a manpage does not have "$Mdocdate: ... $" and a RCS id such as
.\" $OpenBSD: ls.1,v 1.79 2016/10/24 13:46:58 schwarze Exp $ ?
I tried looking for this -Tlint change in cvsweb but could not find it.

This particular manpage is stored in git repo and does not have a RCS id.
In fact, it uses none of the $...$ constructs of CVS.

Is this enforced for base manpages, so that the OpenBSD mandoc requires it,
while the portable mandoc does not require it? I don't find it bad style
in general to not have a RCS id ...

Jan

Re: [cwm] ability to autogroup kbfunc_menu_ssh clients

[Julien Steinhauser]

Please disregard previous mail:
https://marc.info/?l=openbsd-misc=151000897902424=2

The patch in there would break any terminal emulator which does not use
"-class" to set a class. Rereading the man page, I now see it is easy
to achieve the same behaviour from ~/.cwmrc:

command term"xterm -class Ssh"

and override the binding with

bind-key CM-Return  xterm

so that every single terminal emulator spawned via the default shortcut
does not get a 'Ssh' class

Sorry for the noise.

Re: motion detection video surveillance

[Mihai Popescu]

> I am really curious about the type of video hardware people are using.

Long time ago, in a far far away company ... I used some boards based
on Conexant BT878 chipset. The driver for this is bktr(4).
As an application, I compiled something called camserv if I remember
corectly, since it was not available as a port for OpenBSD. It is an
app who can extract jpeg images for you and allows http web connection
to it.

I was extracting those images using some php framework and did some
animation in another web page.