Re: Segmentation fault / firefox (core dumped)
>> Have you tried increasing datasize-cur and -max under "default:\" >> in /etc/login.conf ? I have mine set to 2048M > >I have 512 MB there. My computer has 1024MB Ram. It will be slow, but you can increase datasize beyond physical RAM. How much swap space do you have? You can use swapctl to check, blocks / 2 * 1024 = swap in MB >For what does firefox need so much memory?! I have no idea why browsers need so much RAM, now. I remember Mozilla working fine on a SPARCstation with 128 MB RAM. Probably all the ad scripts. I've only used Firefox on OpenBSD, recently, so I don't know about the other browsers. -Meghan
Re: wxallowed flag
I think you have interpreted the situation backwards. The wxallowed flag is not on other filesystems. Therefore, binaries on those filesystems which misbehave will fail. There are about 15 programs which need fixing, and the wxallowed could become a piece of history. Unfortunately some of those 15 are very large ecosystems, and their upstreams are not yet concerned about this problem. >Is this a really good idea to keep wxallowed flag on /usr/local by >default? Is this so scary that many poop software will break (this is >not a big loss at all)? After all not enabling this flag by default is >the right thing to do, reliance on W|X should go to /dev/null > >The only problem I see after removing this flag and removing python >is that it also removes packages which, for example, have >devel/desktop-file-utils in run dependencies, but they work without it. > >
Re: Segmentation fault / firefox (core dumped)
Fri, 26 Jan 2018 00:26:11 + (GMT) Roderick> I get continously this and other errors. In OpenBSD, in FreeBSD. > > I think it is time to change browser, but I distrust chrome as comming > from data collector google. > > The problem is that those that make WEB pages decide more or less what > browser I must use. > > What is the real alternative? > > Rodrigo. > Hi Rodrigo, Try the commands in this order, see what you get with a recent snapshot: $ pkg_info -d lynx; pkg_info -d w3m--image; pkg_info -d dillo; \ pkg_info -d pkg_mgr Note, and beware Firefox IS dropping i386 and we all have issues with P3 and previous generations CPUs lacking SSEx (wtf). Landry Breul packages the latest Firefox for many years, if only we could get a -noJS flavour. https://packages.rhaalovely.net/ https://rhaalovely.net/ Kind regards, Anton Lazarov
on-line kernel debugging
Hi! does OpenBSD supports on-line kernel debugging as FreeBSD does[1]? The only tutorial I managed to find was a fairly old one[2] by QEMU over GNU/Linux but it seems kgdb(7) is removed since 6.2 (apparently for not even working before[3]). Thank you! [1]: https://www.freebsd.org/doc/en/books/developers-handbook/kerneldebug-online-ddb.html [2]: https://markshroyer.com/2013/01/debugging-openbsd-via-qemu/ [3]: https://github.com/openbsd/src/commits/master/sys/sys/kgdb.h
Re: Unexpected security(8) output
Hi Clint, Clint Pachl wrote on Fri, Jan 26, 2018 at 10:43:47AM -0700: > I received the following output from security(8): > > Running security(8): > Can't > opendir(/home/pachl/.cache/mozilla/seamonkey/e8cxa4g0.default/safebrowsing-backup): > No such file or directory at /usr/libexec/security line 594. > > I didn't realize security parses through user files; beyond a few dot > files. It does so to find SUID/SGID files and special files, see the function find_special_files(). Messages like the one you encountered are rare, and it would be hard to suppress them without introducing a risk to hide actual problems. > I don't understand perl. Is the script keeping state somewhere? Yes, in /var/backups/{setuid,device}.{current,backup}, see the function check_filelist() for details. I just looked at what we wrote in the security(8) manual. In the DESCRIPTION, we say: * Check for changes in setuid/setgid files and devices. * Check for changes in the device file list. Below FILES, /var/backups is listed, without any further details. I guess the documentation is good enough. As a rule, users are not required to worry about the details of the algorithm or bookkeeping, the script is supposed to just work and speak up if it notices anything fishy. If somebody is curious, they can inspect the code, it is not very long. > How did it know to even try opening the safebrowsing-backup directory? It looks everywhere because dangerous special files might hide anywhere. It uses File::Find(3p) to do so. Arguably, part of these checks have become less important since we are mounting /home/ and other directories nodev and nosuid by default. Then again, finding weird files in weird places is still weird and should maybe still be noted. In any case, restricting the search would complicate matters and increase the risk of missing something relevant. > The missing directory isn't listed in /etc/changelist or > /etc/mtree/{special,*.secure}. I couldn't find any trace of it in /var/. > > So I manually ran the security script again. It returned no output. The file of the name you quote above probably was a dead symbolic link; it may only have existed for a short time, for example while your browser was shuffling stuff around. Your seamonkey likely removed it before your manual run - programs are kind of expected to create and delete files in their own cache directories. > I'm confused. > Can anyone explain this? I tried, with a bit of guessing. Yours, Ingo
Re: Unexpected security(8) output
On Fri, Jan 26, 2018 at 10:43:47AM -0700, Clint Pachl wrote: > I received the following output from security(8): > > Running security(8): > Can't > opendir(/home/pachl/.cache/mozilla/seamonkey/e8cxa4g0.default/safebrowsing-backup): > No such file or directory at /usr/libexec/security line 594. That likely comes from the File::Find inside of find_special_files where security(8) looks for changed setuid files and devices. Most likely that cache directory was cleaned up between reading the directory listing of the parent and actually trying to recurse into that directory. You could add your home directory to the SUIDSKIP environment variable in /etc/daily.local to avoid searching there if this message keeps annoying you and you don't care about devices and suid changes there. http://man.openbsd.org/security#SUIDSKIP l8rZ, -- andrew - http://afresh1.com Instructions are just another man's opinion of how to do something. -- Weldboy #DPWisdom
Re: Segmentation fault / firefox (core dumped)
On Fri, 26 Jan 2018 17:50:02 + > On Fri, 26 Jan 2018 17:13:47 + (GMT) > > > > (1) "even *running* firefox on an i386 netbook with 1Gb of memory > > is unbearable." > > We still have a 1.73 Ghz 1.5 Gigabyte Ram laptop that does OK with > firefox. It is running fvwm 1 as a desktop though which requires > clicks occasionally for some windows to show these days? Oh and evince maximise controls don't work at all because they have somehow hidden the fvwm ones... clever breakage whatever they have done. Haven't found another app with the same issue. I was thinking of switching from fvwm to either fvwm2 or xfce (not a gnome fan) but not sure now, atleast until those laptops are replaced. I also love it's single config file and reliability (config screw ups and load failures have happened on xfce in the past on Debian, many years ago though).
Re: Segmentation fault / firefox (core dumped)
You can try Otter-browser. It is a fork of the Opera browser. My bank website and a few other websites refuse secure logins but in general it works well. I am using it on OpenBSD 6.1. It won't play videos until you install the necessary plugins. Here is how to fix it. >Description: The Otter Browser cannot play videos such as at YouTube >How-To-Repeat: Go to YouTube and try to play a video. You will get an error message. >Fix: The fix is to install gstreamer1-plugins-good-1.* and gstreamer1-plugins-libav-1.* as root do the following: # export PKG_PATH=https://mirrors.syringanetworks.net/pub/OpenBSD/6.1/packages/amd64/ # pkg_add gstreamer-plugins-good-0.10.31p18v0.tgz and # pkg_add gstreamer1-plugins-libav-1.10.4.tgz The above is only an example. Your OpenBSD system may have different versions. The Otter-Browser will now play videos On Jan 26, 2018 10:51 AM, "Kevin Chadwick"wrote: On Fri, 26 Jan 2018 17:13:47 + (GMT) > (1) "even *running* firefox on an i386 netbook with 1Gb of memory is > unbearable." We still have a 1.73 Ghz 1.5 Gigabyte Ram laptop that does OK with firefox. It is running fvwm 1 as a desktop though which requires clicks occasionally for some windows to show these days?
Re: Segmentation fault / firefox (core dumped)
On Fri, 26 Jan 2018 17:13:47 + (GMT) > (1) "even *running* firefox on an i386 netbook with 1Gb of memory is > unbearable." We still have a 1.73 Ghz 1.5 Gigabyte Ram laptop that does OK with firefox. It is running fvwm 1 as a desktop though which requires clicks occasionally for some windows to show these days?
Re: Segmentation fault / firefox (core dumped)
On Fri, 26 Jan 2018 11:10:45 -0500 > > I have 512 MB there. My computer has 1024MB Ram. For what does > > firefox need so much memory?! I think that puzzles everyone. Browsers are often full of memory leaks too. I haven't had any crashes on 57 or 58 btw. I haven't checked quantum but priorly it used ~300 Megabytes before opening a web page. Chromium was similar but in many processes. Edge used far less but I guess it goes up with every additional feature they add like drawing over web pages, extensions etc.. Over a decade ago, firebird used to use ~30 megabytes if I remember correctly. Windows is terrible with hdd and ram usage, about a decade ago people started marketing huge ram computers as it was apparent that it would avoid Windows paging and thrashing so much. It's gone crazy since I guess, though Windows update and installers are still terrible disk users. Probably largely what has driven the SSD market too despite it's downsides like capacity and cost (every time you boot or connect the internet especially after being disconnected or off for a week, Windows is crazy slow due to HDD contention).
Unexpected security(8) output
I received the following output from security(8): Running security(8): Can't opendir(/home/pachl/.cache/mozilla/seamonkey/e8cxa4g0.default/safebrowsing-backup): No such file or directory at /usr/libexec/security line 594. I didn't realize security parses through user files; beyond a few dot files. I don't understand perl. Is the script keeping state somewhere? How did it know to even try opening the safebrowsing-backup directory? The missing directory isn't listed in /etc/changelist or /etc/mtree/{special,*.secure}. I couldn't find any trace of it in /var/. So I manually ran the security script again. It returned no output. I'm confused. Can anyone explain this? Thank you, Clint
Re: Segmentation fault / firefox (core dumped)
> > > I only need a browser. > > > > Surf? w3m? > > w3m is a phantastic tool! When it gets unbearable, I copy the location > from firefox and feed w3m with it. > > I will try later surf. > > iridium does not convince me till now. It seems to be a new browser > (different from chrome) as any linux distribution is a new operating > system. It seems to be slower than firefox, the window for everything > (url, search, etc) is a risk. > > Rodrigo. > I can vouch for surf, not too hard to get running, composes well with other unix tools and it's built by the suckless community, so you know they value a small footprint as well. But dont expect to have all websites render and work flawlessly, it's browser engine wasnt the most up to date last time I checked. Mathuin
Re: Segmentation fault / firefox (core dumped)
On Fri, 26 Jan 2018, Allan Streib wrote: > Mine is set to 2048M also. I almost never have Firefox crashes > esp. on newer builds from Landry Breuil as described here: > > https://undeadly.org/cgi?action=article=20170425173917 (1) "even *running* firefox on an i386 netbook with 1Gb of memory is unbearable." (2) "PS: No i can't do anything about the crashes or the OOMs ! Send your reports directly upstream !" The Browser is a program I need that needs by far much more resources than any other program I need. > > I only need a browser. > > Surf? w3m? w3m is a phantastic tool! When it gets unbearable, I copy the location from firefox and feed w3m with it. I will try later surf. iridium does not convince me till now. It seems to be a new browser (different from chrome) as any linux distribution is a new operating system. It seems to be slower than firefox, the window for everything (url, search, etc) is a risk. Rodrigo.
Re: Segmentation fault / firefox (core dumped)
Roderickwrites: > On Thu, 25 Jan 2018, meg...@r53sound.com wrote: > >> Have you tried increasing datasize-cur and -max under "default:\" >> in /etc/login.conf ? I have mine set to 2048M > > I have 512 MB there. My computer has 1024MB Ram. For what does firefox > need so much memory?! Mine is set to 2048M also. I almost never have Firefox crashes esp. on newer builds from Landry Breuil as described here: https://undeadly.org/cgi?action=article=20170425173917 I Run three or four browser profiles simultaneously, use Gmail, Google Docs, Google Sheets, etc. quite well. With Firefox Quantum it's even more stable than Chromium which is the reverse of my prior experience using Google services. > I only need a browser. Surf? w3m? Allan
Re: gzip compression and httpd/relayd
On 2018-01-25, Thubanwrote: > I'm very happy with relayd + httpd. > Relayd deals with headers and httpd serve files. > > I know httpd doesn't have gzip compression. > > 1. Do you know if it's planned in the future? https://github.com/reyk/httpd/issues/21
Re: wxallowed flag
Well, I've just checked python's port and created a package without USE_WXNEEDED and it works pretty well. How about I'll send a patch to ports@ which will create "wx" or "no_wx" flavor?
Re: IPsec help: too much NAT!
When faced with an ISP modem/router, I generally try to switch it to bridge mode and move the PPPoE / DHCP client formerly handled by the ISP hardware to the OpenBSD system instead. This rather simplifies things if you can make it work because then your OpenBSD system has the Internet-facing address and you remove a layer of NAT. It's unclear to me whether you are stuck with the ISP hardware (but can change it to bridged if you like) or if you are also stuck with it being configured as a NAT router as well so I don't know if this is something you can do. -ken On Thu, Jan 25, 2018 at 6:01 PM, Stuart Hendersonwrote: > On 2018-01-25, Lyndon Nerenberg wrote: >> I have an IPsec conundrum I'm trying to solve. Yes, the scenario >> is somewhat absurd; it's also the problem I've been taksed with >> solving, so spare the peanut gallery comments, okay? >> >> >> NET-P GW-Q <-> internet <-> GW-H GW-V NET-V >> >> NET-P is 10.0.2.0/24 >> NET-V is 10.0.11.0/24 >> >> GW-Q is an OpenBSD host with fixed addresses 10.0.2.1 (inside) and >> 1.2.3.4 (internet). >> >> GW-H is some random ISP cable/DSL modem that NATs everything behind >> it, with a random external address. (I.e., assume DHCP on the >> "internet" side.) >> >> GW-V is an OpenBSD host. It has a variable upstream address obtained >> from the back end of GW-H (DHCP). On the other side, GW-V presents >> 10.0.11.1 to NET-V. >> >> The goal here is to establish an IPsec tunnel that links NET-P and >> NET-V together, in the face of all the other nonsense in between. >> >> In the schematic above, '' represents a NAT translation point. >> '<->' is a regular router interconnect. >> >> I have tried setting up an IKEv2 passive connection from GW-V to >> GW-Q (connections in the other direction are impossible), but I'll >> be damned if I can figure out how to specify the SA associations >> and ESP flows on GW-V, given the lack of fixed addresses on the >> upstream sides of GW-V and GW-H. (Or in the other direction, for >> that matter.) >> >> Is there any hope this can possibly work? > > That's a pretty standard setup. I don't have an iked one handy to crib > from but ipsec.conf/isakmpd looks like this: > > - natted side > > ike dynamic esp from $natted_side_net/27 to $other_net/21 \ > peer $remote_external_IP \ > main auth hmac-sha1 enc aes group modp3072 \ > quick enc aes-128-gcm group modp3072 srcid myname > > - side with real ip > > ike passive esp from $other_net/21 to any \ > main auth hmac-sha1 enc aes group modp3072 \ > quick enc aes-128-gcm group modp3072 srcid othername > > iked should be similar, use "ikev2 active" on the natted side, "ikev2 > passive" on the static-ip side. > > Watch out for "nat helpers" on GW-H that try to fix things up but actually > break them but there aren't usually problems these days. > >
Re: nat-to (least-states / round-robin) problem
On 23/01/18 11:54, Kapetanakis Giannis wrote: > On 23/01/18 11:08, Kapetanakis Giannis wrote: >> Hi, >> >> I've discovered something that looks like a bug in nat translation with >> least-states or round-robin >> >> Instead of using the nat-pool is uses wrong IPs >> >> # pfctl -sr -R0 >> pass out log quick on vlan123 inet from xx.xx.xx.xx to 188.113.88.193 flags >> S/SA tagged from_internal nat-to xx.xx.yy.24/29 least-states >> >> Jan 23 10:59:06.602884 rule 0/(match) pass out on vlan123: 0.0.0.0.62722 > >> 188.113.88.193.80: S 3243156923:3243156923(0) win 29200 > 1460,sackOK,timestamp 3169583207 0,nop,wscale 9> (DF) >> Jan 23 10:59:21.836380 rule 0/(match) pass out on vlan123: 0.0.0.1.57696 > >> 188.113.88.193.80: S 1280038032:1280038032(0) win 29200 > 1460,sackOK,timestamp 3169598441 0,nop,wscale 9> (DF) >> >> See the 0.0.0.0 address? That's the first packet. The second packet (2nd >> wget) uses the next IP, 0.0.0.1 etc. >> >> The same problem is with round-robin >> 10:54:24.750786 0.0.0.2.50332 > 188.113.88.193.80: S >> 1923288633:1923288633(0) win 29200 > 0,nop,wscale 9> (DF) >> 10:54:28.078831 0.0.0.3.50350 > 188.113.88.193.80: S 925801869:925801869(0) >> win 29200 (DF) >> >> If I use random or source-hash I have no problem. >> >> Maybe this is fixed in current but I though I should report. >> # head -1 /var/run/dmesg.boot >> OpenBSD 6.2-beta (GENERIC.MP) #104: Mon Sep 18 23:31:27 MDT 2017 >> >> I'll try an upgrade later today... >> >> G >> > same problem with latest snapshot: > OpenBSD 6.2-current (GENERIC.MP) #382: Sun Jan 21 14:13:38 MST 2018 > > G > Hi, any luck with the above? thanks, G
Re: wxallowed flag
On Fri, Jan 26, 2018 at 01:52:10PM +0200, mazocomp wrote: > On Fri, Jan 26, 2018 at 12:28:00PM +0100, Marc Espie wrote: > > On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote: > > > Hi! > > > > > > Is this a really good idea to keep wxallowed flag on /usr/local by > > > default? Is this so scary that many poop software will break (this is > > > not a big loss at all)? After all not enabling this flag by default is > > > the right thing to do, reliance on W|X should go to /dev/null > > > > > > The only problem I see after removing this flag and removing python > > > is that it also removes packages which, for example, have > > > devel/desktop-file-utils in run dependencies, but they work without it. > > > > I don't see your patches for fixing the rather important shit that still > > requires wxallowed. > > > > So you mean broken packages are more important than system's default > security? Was that true when ProPolice was enabled by default? Obviously, you don't understand the difference between fixing factually broken software and enforcing supplementary restrictive semantics on top of the traditional posix api that actually requires actual changes to adapt.
Re: wxallowed flag
Le 2018-01-26 12:52, mazocomp a écrit : On Fri, Jan 26, 2018 at 12:28:00PM +0100, Marc Espie wrote: On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote: > Hi! > > Is this a really good idea to keep wxallowed flag on /usr/local by > default? Is this so scary that many poop software will break (this is > not a big loss at all)? After all not enabling this flag by default is > the right thing to do, reliance on W|X should go to /dev/null > > The only problem I see after removing this flag and removing python > is that it also removes packages which, for example, have > devel/desktop-file-utils in run dependencies, but they work without it. I don't see your patches for fixing the rather important shit that still requires wxallowed. So you mean broken packages are more important than system's default security? Was that true when ProPolice was enabled by default? That doesn't change base system security if you don't install packages.
Re: wxallowed flag
On Fri, Jan 26, 2018 at 12:28:00PM +0100, Marc Espie wrote: > On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote: > > Hi! > > > > Is this a really good idea to keep wxallowed flag on /usr/local by > > default? Is this so scary that many poop software will break (this is > > not a big loss at all)? After all not enabling this flag by default is > > the right thing to do, reliance on W|X should go to /dev/null > > > > The only problem I see after removing this flag and removing python > > is that it also removes packages which, for example, have > > devel/desktop-file-utils in run dependencies, but they work without it. > > I don't see your patches for fixing the rather important shit that still > requires wxallowed. > So you mean broken packages are more important than system's default security? Was that true when ProPolice was enabled by default?
Re: wxallowed flag
On Fri, Jan 26, 2018 at 12:56:15PM +0200, mazocomp wrote: > Hi! > > Is this a really good idea to keep wxallowed flag on /usr/local by > default? Is this so scary that many poop software will break (this is > not a big loss at all)? After all not enabling this flag by default is > the right thing to do, reliance on W|X should go to /dev/null > > The only problem I see after removing this flag and removing python > is that it also removes packages which, for example, have > devel/desktop-file-utils in run dependencies, but they work without it. I don't see your patches for fixing the rather important shit that still requires wxallowed.
Re: Segmentation fault / firefox (core dumped)
On Thu, 25 Jan 2018, meg...@r53sound.com wrote: > Have you tried increasing datasize-cur and -max under "default:\" > in /etc/login.conf ? I have mine set to 2048M I have 512 MB there. My computer has 1024MB Ram. For what does firefox need so much memory?! And seemonkey seems to be more bloated than firefox. I only need a browser. Perhaps I should try iridium, but really reliable inspite of chrome base? Rodrigo.
wxallowed flag
Hi! Is this a really good idea to keep wxallowed flag on /usr/local by default? Is this so scary that many poop software will break (this is not a big loss at all)? After all not enabling this flag by default is the right thing to do, reliance on W|X should go to /dev/null The only problem I see after removing this flag and removing python is that it also removes packages which, for example, have devel/desktop-file-utils in run dependencies, but they work without it.
Re: gzip compression and httpd/relayd
On Thu, Jan 25, 2018 at 09:37:06PM +0100, Michael Hekeler wrote: > Am Thu, 25 Jan 2018 19:47:09 +0100 > schrieb Thuban: > > > I'm very happy with relayd + httpd. > > Relayd deals with headers and httpd serve files. > > > > I know httpd doesn't have gzip compression. > > > > 1. Do you know if it's planned in the future? > > 2. Does anyone has a workaround to advise? > > > > regards > > > > to 1. > https://marc.info/?l=openbsd-misc=142407262812306=2 > > Hi, In some servers there were some security issues with compression like: https://en.wikipedia.org/wiki/BREACH I don't know if thats the reason httpd doesn't have it though. > to 2. > I never tested it myself, but ,maybe you can compress the files before > you place them in htdocs!? > Yes it's possible. Make sure to set the appriopriate HTTP headers aswell with relayd: read "Accept-Encoding" and if it's acceptable set "Content-Encoding". > ...or use ngingx reverse-proxy? > -- Kind regards, Hiltjo