Re: Access from LAN
On Fri, 27 Sep 2024 03:01:21 +0200, Jesse Lawton wrote: > > E.g. I put up a web server on 192.168.1.2 but can only access it on my > laptop. > With an assumption that you're connecting via WiFi I'd like to suggest that you have access between clients on that network. -- wbr, Kirill
Tracking not working webcam in LG 5K Display
misc@, I hope that this is the rigth place for this email. I do have LG 5K Display which works well as external monitor. It has embeded audio which works, and webcam which doesn't. Here an attempt to run ffplay as: ktrace ffplay -f v4l2 -input_format mjpeg -video_size 1920x1080 -i /dev/video0 which turn for a moment green led inside cam on, but just for a moment. Quite soon it had an error: ioctl(VIDIOC_DQBUF): Invalid argument and ffplay goes to state from where I can't kill it, nor exit. ps shows it as: catap32871 0.0 0.3 29236 45860 p1 RE+/3 10:37PM0:00.55 (ffplay) Anyway, I can share dmesg from kernel which was build with UVIDEO_DEBUG, ktrace on ffplay and its stdout here: - https://kirill.korins.ky/pub/LG-UltraFine-video.dmesg - https://kirill.korins.ky/pub/LG-UltraFine-video.ffplay - https://kirill.korins.ky/pub/LG-UltraFine-video.ktrace.out kdump shows calls near ioctl(VIDIOC_DQBUF): 32871 ffplay CALL kbind(0xebc99793208,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL kbind(0xebc997932a8,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL ioctl(9,VIDIOC_DQBUF,0xebc99793280) 32871 ffplay STRU struct timespec { 0 } 32871 ffplay RET nanosleep 0 32871 ffplay CALL write(2,0x6ff015cd47d4,0x45) 32871 ffplay GIO fd 2 wrote 69 bytes "nan: 0.000 fd= 0 aq=0KB vq=0KB sq=0B f=0/0 \r" 32871 ffplay RET write 69/0x45 32871 ffplay CALL recvmsg(3,0x6ff015cd4dc0,0) 32871 ffplay RET recvmsg -1 errno 35 Resource temporarily unavailable 32871 ffplay CALL recvmsg(3,0x6ff015cd4de0,0) 32871 ffplay RET recvmsg -1 errno 35 Resource temporarily unavailable 32871 ffplay CALL recvmsg(3,0x6ff015cd4d90,0) ... 32871 ffplay RET recvmsg -1 errno 35 Resource temporarily unavailable 32871 ffplay CALL nanosleep(0x6ff015cd50c0,0x6ff015cd50c0) 32871 ffplay STRU struct timespec { 0.01000 } 32871 ffplay RET ioctl -1 errno 22 Invalid argument 32871 ffplay CALL kbind(0xebc99793158,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL kbind(0xebc99793158,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL kbind(0xebc99793118,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL kbind(0xebc99791c18,24,0x5736b1de16970d69) 32871 ffplay RET kbind 0 32871 ffplay CALL write(2,0xebc99791420,0x2f) 32871 ffplay GIO fd 2 wrote 47 bytes "\^[[0;35m[video4linux2,v4l2 @ 0xebd29912000] \^[[0m" 32871 ffplay RET write 47/0x2f 32871 ffplay CALL write(2,0xebc99791420,0x31) 32871 ffplay GIO fd 2 wrote 49 bytes "\^[[1;31mioctl(VIDIOC_DQBUF): Invalid argument \^[[0m" and dmesg has only: uvideo0: uvideo_open: sc=0x81ecd000 uvideo0: uvideo_s_fmt: requested width=1920, height=1080 uvideo0: uvideo_find_res: frame index 0: width=1920, height=1080 uvideo0: uvideo_find_res: frame index 1: width=1280, height=720 uvideo0: uvideo_find_res: frame index 2: width=1024, height=768 uvideo0: uvideo_find_res: frame index 3: width=640, height=480 uvideo0: uvideo_find_res: frame index 4: width=320, height=240 uvideo0: SET probe request successfully bmHint=0x01 bFormatIndex=0x02 bFrameIndex=0x02 dwFrameInterval=33 (100ns units) wKeyFrameRate=0 wPFrameRate=0 wCompQuality=0 wCompWindowSize=0 wDelay=0 (ms) dwMaxVideoFrameSize=0 (bytes) dwMaxPayloadTransferSize=0 (bytes) uvideo0: GET probe request successfully bmHint=0x00 bFormatIndex=0x02 bFrameIndex=0x02 dwFrameInterval=33 (100ns units) wKeyFrameRate=0 wPFrameRate=0 wCompQuality=0 wCompWindowSize=0 wDelay=0 (ms) dwMaxVideoFrameSize=4147200 (bytes) dwMaxPayloadTransferSize=46080 (bytes) uvideo0: SET commit request successfully uvideo0: uvideo_s_fmt: offered width=1920, height=1080 uvideo0: uvideo_reqbufs: count=256 uvideo0: allocated 33177600 bytes mmap buffer uvideo0: uvideo_reqbufs: index=0, offset=0, length=4147200 uvideo0: uvideo_reqbufs: index=1, offset=4147200, length=4147200 uvideo0: uvideo_reqbufs: index=2, offset=8294400, length=4147200 uvideo0: uvideo_reqbufs: index=3, offset=12441600, length=4147200 uvideo0: uvideo_reqbufs: index=4, offset=16588800, length=4147200 uvideo0: uvideo_reqbufs: index=5, offset=20736000, length=4147200 uvideo0: uvideo_reqbufs: index=6, offset=24883200, length=4147200 uvideo0: uvideo_reqbufs: index=7, offset=29030400, length=4147200 uvideo0: uvideo_querybuf: index=0, offset=0, length=4147200 uvideo0: uvideo_querybuf: index=1, offset=4147200, length=4147200 uvideo0: uvideo_querybuf: index=2, offset=8294400, length=4147200 uvideo0: uvideo_querybuf: index=3, offset=12441600, length=4147200 uvideo0: uvideo_querybuf: index=4, offset=16588800, length=4147200 uvideo0: uvideo_qu
Re: softdep as well as noatime on each partition?
On Tue, 17 Sep 2024 21:11:10 +0200, Ronny Machado wrote: > > Thanks, that's what I'm doing right now, opened ungoogled-chromiun with > some windows opened, crawl-ss, and I'm gonna start my vmd up...will see > ;) > Chrome and it's fork is quite gredy for resources applicattion. ungoogled-chromiun containes serverla flags [1], and --enable-low-end-device-mode may improve expirence on some slow machines. Footnotes: [1] https://github.com/ungoogled-software/ungoogled-chromium/blob/master/docs/flags.md -- wbr, Kirill
Re: softdep as well as noatime on each partition?
On Tue, 17 Sep 2024 18:32:08 +0200, Geoff Steckel wrote: > > Noatime only matters when the CPU outruns the mass storage long enough > for memory to fill with dirty inodes. > Then the system seems to pause while they are pushed out to storage. > Using a SSD and the large RAM in modern systems that rarely happens. > With a regular backup via restic or something like that, running against something like a chromium profile or src folder containing some large projects, this can happen on a regular basis, heh. -- wbr, Kirill
Re: checksums to detect/correct bit-rot
On Sun, 15 Sep 2024 09:12:08 +0200, Jonathan Thornburg wrote: > > But before I reinvent the wheel, can anyone point me to software > which already does this? Bonus points if the software is already > in ports. > yabitrot? -- wbr, Kirill
Re: mount -a ingores NFS record in /etc/fstab
On Tue, 10 Sep 2024 23:29:58 +0200, Kirill A. Korinsky wrote: > > 10.36.25.1:/usr/src /usr/src nfs nodev,nosuid 0 0 Here the issue. This line misses fs_type. It requires rw, ro, or something. -- wbr, Kirill
mount -a ingores NFS record in /etc/fstab
misc@, I'm running the last snapshot (GENERIC#306) and I had discovered odd behaviour, it is quite possible but I had typo somewhere... well... I do have /etc/fstab which looks like: obsd$ cat /etc/fstab ad54be54ae12251d.b none swap sw ad54be54ae12251d.a / ffs rw 1 1 ad54be54ae12251d.j /home ffs rw,nodev,nosuid 1 2 ad54be54ae12251d.d /tmp ffs rw,nodev,nosuid 1 2 ad54be54ae12251d.f /usr ffs rw,nodev 1 2 ad54be54ae12251d.g /usr/X11R6 ffs rw,nodev 1 2 ad54be54ae12251d.h /usr/local ffs rw,wxallowed,nodev 1 2 ad54be54ae12251d.i /usr/obj ffs rw,nodev,nosuid 1 2 ad54be54ae12251d.e /var ffs rw,nodev,nosuid 1 2 10.36.25.1:/usr/src /usr/src nfs nodev,nosuid 0 0 obsd$ When I attempt to mount /usr/src via record in fstab it doesn't work: obsd$ mount /dev/sd1a on / type ffs (local) /dev/sd1j on /home type ffs (local, nodev, nosuid) /dev/sd1d on /tmp type ffs (local, nodev, nosuid) /dev/sd1f on /usr type ffs (local, nodev) /dev/sd1g on /usr/X11R6 type ffs (local, nodev) /dev/sd1h on /usr/local type ffs (local, nodev, wxallowed) /dev/sd1i on /usr/obj type ffs (local, nodev, nosuid) /dev/sd1e on /var type ffs (local, nodev, nosuid) obsd$ doas mount -a obsd$ mount /dev/sd1a on / type ffs (local) /dev/sd1j on /home type ffs (local, nodev, nosuid) /dev/sd1d on /tmp type ffs (local, nodev, nosuid) /dev/sd1f on /usr type ffs (local, nodev) /dev/sd1g on /usr/X11R6 type ffs (local, nodev) /dev/sd1h on /usr/local type ffs (local, nodev, wxallowed) /dev/sd1i on /usr/obj type ffs (local, nodev, nosuid) /dev/sd1e on /var type ffs (local, nodev, nosuid) obsd$ doas mount /usr/src mount: can't find fstab entry for /usr/src. obsd$ but if I do it by hand, it works: obsd$ doas mount -t nfs 10.36.25.1:/usr/src /usr/src obsd$ mount /dev/sd1a on / type ffs (local) /dev/sd1j on /home type ffs (local, nodev, nosuid) /dev/sd1d on /tmp type ffs (local, nodev, nosuid) /dev/sd1f on /usr type ffs (local, nodev) /dev/sd1g on /usr/X11R6 type ffs (local, nodev) /dev/sd1h on /usr/local type ffs (local, nodev, wxallowed) /dev/sd1i on /usr/obj type ffs (local, nodev, nosuid) /dev/sd1e on /var type ffs (local, nodev, nosuid) 10.36.25.1:/usr/src on /usr/src type nfs (v3, udp, timeo=100, retrans=101) obsd$ what have I missed? Thanks and sory for noise. -- wbr, Kirill
YubiKey replacment
misc@, due to the discovered vulnerability in YubiKey [1] which leads to buying a new device, I'm thinking of changing the used vendor because OTP HID doesn't work on OpenBSD. So here is the question, can you suggest a device that has: - FIDO2 - OATH - OpenPGP - USB-C - and small, ideally in the size of YubiKey nano. Thanks! Footnotes: [1] https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf -- wbr, Kirill
Re: How to add support to OpenSMTPD to distinguish between MTA and MSA operation mode?
On Sun, 01 Sep 2024 13:12:19 +0200, Christian Schulte wrote: > > I just started to read OpenSMTPD sources. Regarding the latest > discussions on tech@, there maybe seems to be the need to instruct > OpenSMTPD listeners to behave differently when acting as MTA or MSA. > Reading man smtpd.conf(5)[1] there is an option to add a tag to the > "listen on [socket]" directive. Those tags are currently used in "match" > directives. Maybe this could be extended to add well known tags to a > listener to control operation modes like MTA or MSA. Both of this is > documented in corresponding RFCs. Is there any interest for me to take a > closer look any maybe come up with some patches tech@? I am really just > starting to read OpenSMTPD sources. If there already is a way to > instruct OpenSMTPD listeners to behave differently regarding to - for > example - handling message ids based on in either MTA or MSA mode, > please let me know. I would like to avoid spending time into this, if > there is no interest but I think there really should be a way to > configure listeners to specific operation modes like MTA or MSA. > As far as I know and had discovered by reading sources the specified behaviour for the MSA like adding Message-Id is triggered only when listener is used submission port. So, simple use submission port and that's it. P.S. I think that m...@opensmtpd.org is the right misc@ for this email. -- wbr, Kirill
Re: wtmp/$M1D4 values
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Oooh. Lost knowledge begins. On Sat, 24 Aug 2024 04:23:01 -0600 Duncan Patton a Campbell wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > On a 7.4 AMD system I have modified some config file > so that /var/log/wtmp is extended to 15 day: > > atlas:/$ date > Sat Aug 24 04:18:40 MDT 2024 > atlas:/$ last > dhu : Thu Aug 15 22:52 still logged in > reboot~ Thu Aug 15 22:51 > shutdown ~ Thu Aug 15 22:50 > dhu : Thu Aug 15 22:36 - shutdown > (00:14) > reboot~ Thu Aug 15 22:36 > shutdown ~ Thu Aug 15 22:35 > dhu : Thu Aug 15 22:16 - shutdown > (00:18) > reboot~ Thu Aug 15 22:16 > shutdown ~ Thu Aug 15 22:15 > dhu ttypc184.70.166.126 Fri Aug 09 13:49 - 13:49 (00:00) > > wtmp begins Fri Aug 9 13:49 2024 > atlas:/$ > > And now I cannot find where this is set. It is not in /etc/syslog.conf or > /etc/newsyslog.conf > > If anyone can tell me where this is set OR where the value for $M1D4 in > /etc/newsyslog.conf is > obtained from, I would greatly appreciate it. > > Thanks, > > Dhu > > >-- > Je suis Canadien. Ce n'est pas Francais ou Anglais. > C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) > Duncan Patton a Campbell > -BEGIN PGP SIGNATURE- > > iHUEARYKAB0WIQTKdleqECmr94McXWPR6f/NOjb3lQUCZsm0hQAKCRDR6f/NOjb3 > lSF7AQCh7OwPnCgp8jNemhuz388onviVCzw6vE96MHiWuoPvGgEAntUsNdaBU2s7 > u5M4qrS+hPO2XRNC6WiY919ZdOH01wI= > =APll > -END PGP SIGNATURE----- > > -- Je suis Canadien. Ce n'est pas Francais ou Anglais. C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) Duncan Patton a Campbell -BEGIN PGP SIGNATURE- iHUEARYKAB0WIQTKdleqECmr94McXWPR6f/NOjb3lQUCZs+ZwQAKCRDR6f/NOjb3 lcGTAPwNv/zamSm4/quSxkY7VBkAaCMAjuHt7TrqqVMhdzRJQwEAloEjvxU1/8Vp Q/6oMeCpM3lBXaTa6/z7PDenPSF0TQU= =wKaD -END PGP SIGNATURE-
wtmp/$M1D4 values
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On a 7.4 AMD system I have modified some config file so that /var/log/wtmp is extended to 15 day: atlas:/$ date Sat Aug 24 04:18:40 MDT 2024 atlas:/$ last dhu : Thu Aug 15 22:52 still logged in reboot~ Thu Aug 15 22:51 shutdown ~ Thu Aug 15 22:50 dhu : Thu Aug 15 22:36 - shutdown (00:14) reboot~ Thu Aug 15 22:36 shutdown ~ Thu Aug 15 22:35 dhu : Thu Aug 15 22:16 - shutdown (00:18) reboot~ Thu Aug 15 22:16 shutdown ~ Thu Aug 15 22:15 dhu ttypc184.70.166.126 Fri Aug 09 13:49 - 13:49 (00:00) wtmp begins Fri Aug 9 13:49 2024 atlas:/$ And now I cannot find where this is set. It is not in /etc/syslog.conf or /etc/newsyslog.conf If anyone can tell me where this is set OR where the value for $M1D4 in /etc/newsyslog.conf is obtained from, I would greatly appreciate it. Thanks, Dhu -- Je suis Canadien. Ce n'est pas Francais ou Anglais. C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) Duncan Patton a Campbell -BEGIN PGP SIGNATURE- iHUEARYKAB0WIQTKdleqECmr94McXWPR6f/NOjb3lQUCZsm0hQAKCRDR6f/NOjb3 lSF7AQCh7OwPnCgp8jNemhuz388onviVCzw6vE96MHiWuoPvGgEAntUsNdaBU2s7 u5M4qrS+hPO2XRNC6WiY919ZdOH01wI= =APll -END PGP SIGNATURE-
Re: Automatic Disk Partitioning
On Wed, 07 Aug 2024 01:38:05 +0200, David Uhden Collado wrote: > > > Generally I would expect somebody who is new to OpenBSD to do a scratch > > install on a spare machine to try out the system, but then re-install at > > least once rather than continue using that scratch system as their 'final' > > installation. For nothing else, because generally people fiddle with all > > sorts of settings that have effects beyond what they realise, (including > > security related effects), and it's not always obvious how to twiddle the > > knobs back. Also, some people install without FDE and later want it. A > > re-install is not a bad thing. > > > > (In fact, part of my job is to re-install our servers from scratch for every > > release - we never use the upgrade tools.) > > The issue at hand is the limitation of time. Personally, I have made > irreversible installation errors on operating systems that I currently > use. However, I am unable to afford the time required to reinstall and > reconfigure everything to its present state. I think this situation is > common for many individuals. > With assumption that you doesn't mean settings in your home, you may recover almost all changes in the system via: echo | doas sysmerge -d > /tmp/sysmerge.diff also, here sysutils/sysclean which allows to track some manually added files. -- wbr, Kirill
Re: how do I debug this? any hints?
On Sun, 11 Aug 2024 12:44:40 +0200, Peter Philipp wrote: > > Would this patch then, make any sense? > I don't think so. Right now it works out of the box on 7.5: /etc/acme-client.conf: domain kirill.korins.ky { domain key "/etc/ssl/private/kirill.korins.ky.key" domain full chain certificate "/etc/ssl/kirill.korins.ky.crt" sign with letsencrypt } /etc/relayd.conf: http protocol https { ... tls keypair kirill.korins.ky ... } -- wbr, Kirill
Re: how do I debug this? any hints?
On Sun, 11 Aug 2024 09:57:31 +0200, Peter Philipp wrote: > > openssl s_client returns this: > > Verify return code: 20 (unable to get local issuer certificate) > > > based on these two command which the first one fails hard: > > 34 ftp > https://download.delphinusdns.org/pub/delphinusdnsd/snapshot/INSTALL/goldflipper11.png > 35 openssl s_client -connect download.delphinusdns.org:443 > > how do I debug this? If anyone can hold my hand a little bit here, I would > appreciate it. I have added TLSA DNS entries for all the port 443's on my > DNS! > I see that you're using a ceritficate which was issued by Let's Encryption, and I asee that certificate which is sent from your server hasn't got full chain: Certificate chain 0 s:/CN=download.delphinusdns.org i:/C=US/O=Let's Encrypt/CN=R10 I think that distributing the whole chain should fix that issue. -- wbr, Kirill
Chromium and microphone at slack
misc@, I'm having a strange problem with Cromium and Slack: I can't use my microphone. Webcam and sound work, but not the microphone. Wired things that google meet work perfectly with microphone on the next tab. I run -current which I update once-twice per week, and I defently had used microphone in Slack in June. I have no idea how to dig this out, so any advice is welcome. -- wbr, Kirill
Re: doas tab completion
On Mon, 29 Jul 2024 17:32:06 +0200, Florian Obser wrote: > > in .kshrc: > > set -A complete_doas_1 -- $(ls /sbin /usr/sbin /bin /usr/bin /usr/X11R6/bin \ > /usr/local/sbin /usr/local/bin) > I think this way is cleaner, isn't it? set -A complete_doas_1 -- $(echo $PATH | tr ':' '\n' | xargs ls) -- wbr, Kirill
Re: doas tab completion
On Mon, 29 Jul 2024 17:32:06 +0200, Florian Obser wrote: > > again, in .kshrc: > > HOST_LIST=`awk '{print $1}' < ~/.ssh/known_hosts | cut -f 1 -d, \ > | egrep -v '^[[:digit:]]|^$|\:\:' | sort -u` > > set -A complete_ssh -- ${HOST_LIST} > set -A complete_ping -- ${HOST_LIST} > set -A complete_ping6 -- ${HOST_LIST} > set -A complete_traceroute -- ${HOST_LIST} > set -A complete_traceroute6 -- ${HOST_LIST} > Thanks for this pice. I love it. -- wbr, Kirill
Re: doas tab completion
On Mon, 29 Jul 2024 09:47:39 +0200, Robert Palm wrote: > > wonder how I can get TAB completion in the shell when using doas ... > > Do I need to add something to .profile ? > Depends on the shell you are using. Assuming you are using BASH, you will probably get what you want by: complete -cf doas but if you have bash-completion installed, you probably expect something like this complete -F _command doas -- wbr, Kirill
Re: Running OpenBSD on a VPS.
On Thu, 11 Jul 2024 03:10:43 +0100, Christian Schulte wrote: > > Running OpenBSD since then personally. Never had a chance to install it > to a server, because the providers did not support it. Now they do. Not all of them. Special in case like Hetzner, online.net and similar one. But they allow to load the server from rescue mode with some linux, what opens a kind of backdoor where you run QEMU to install OpenBSD :) You may achive some kind of semi-automatic installation with answer files, but QEMU uses only tftp-server-name which support was removed at 7.0, so, semi-automatic installation via QEMU works for OpenBSD up to 6.9. -- wbr, Kirill
Re: Filesystem corruption on OpenBSD routers after power outage?
On Wed, 10 Jul 2024 17:40:17 +0100, Tom Smyth wrote: > > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144 0 0 > swap /var/log mfs rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > swap /var/run mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0 > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0 > I'd like to share https://marc.info/?l=openbsd-bugs&m=171959901216119&w=2 Here I have a pretty simple way to block mfs when the system starts to use swap. Not sure if it is achievable by you, but still worth mentioning -- wbr, Kirill
Re: Filesystem corruption on OpenBSD routers after power outage?
On Wed, 10 Jul 2024 14:44:28 +0100, Tom Smyth wrote: > > #cat /etc/fstab > > ff0023511d131fc2.a / ffs rw,softdep,noatime 1 1 > ff0023511d131fc2.b /usr/local ffs rw,wxallowed,nodev,softdep,noatime 1 2 > ff0023511d131fc2.d /var ffs rw,nodev,nosuid,softdep,noatime 1 2 > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/tmp 0 0 > swap /var/log mfs rw,nosuid,noexec,nodev,-s=524288,-P=/persist-fs/var/log 0 0 > swap /var/run mfs rw,nosuid,noexec,nodev,-s=262144,-P=/persist-fs/var/run 0 0 > swap /dev mfs rw,nosuid,noexec,-P=/persist-fs/dev,-i=2048,-s=32768 0 0 > You can dramatically reduce the probability of errors that can't be fixed by fsck on boot by adding sync. Especially with noatime, this seems like a bulletproof setup. -- wbr, Kirill
Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?
I'm thinking probably Intel themselves invested money into their own engineers to power optimize their hardware for Linux (arguably too little too late considering the inefficiencies of CISC-to-RISC in hardware and the growth of ARM as a result). Surely they would do it for servers (big electricity costs for buyers), there may be some overrun into other form factors. I guess there will always be these kinds of momentum-investment issues (need users for investment, need investment for users), for smaller players, generally speaking.
Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?
> Unfortunately power management related code is pretty difficult to write > unless you know > the hardware very well. Basically, for now, run you machines warm and be... > proud! ;) Totally understand. I wouldn't want to delve too deeply into Intel-specific hardware quirks either. Will have to try some basic physical hardware maintenance sometime.
Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?
On Tue, 02 Jul 2024 09:54:09 +0100, Stuart Henderson wrote: > > A lot of this is down to Linux having spent more time on optimising > things for power consumption. Things like choices made in the scheduler > (deciding which cpu to run a process on) have an effect, especially on > certain cpu types, as well as code selecting cpu frequencies etc. > Also, not all drivers support hardware power saving features. For example, as far as I know, iwx and similar drivers do not. -- wbr, Kirill
OpenBSD runs hotter than Linux with same laptop, draws more electricity?
I just wonder why OpenBSD requires more CPU load for the same kind of activity (web browsing), and also appears to draw more electricity from the power supply when measured, compared to Linux, when using the same laptop? Perhaps more Assembly instructions to complete the same task? But why? Memory protection kinds of checks? Note this is also when using the integrated (Intel) GPU.
wsconsctl display.brightness non-functional
I am using OpenBSD on a 15" 2011 Macbook Pro. The 2011 models have faulty Radeon GPU, so to use Intel graphics, I run: config -ef /bsd disable radeondrm quit And this solution is very stable. However, it is impossible to adjust the monitor backlight (may be unrelated to above?), for example: wsconsctl display.brightness=50% I am aware there is some (open source) 3rd party software from Intel, floating around Github, but I don't know what exactly it does, how it works: https://github.com/jcs/intel_backlight_fbsd Is there any other solution? Many thanks
Re: /tmp on mfs is blocked
and here we go: ~ $ ps auxl | grep D USER PID %CPU %MEMVSZ RSS TT STAT STARTED TIME COMMAND UID PPID CPU PRI NI WCHAN root 40744 0.0 1.3 1049488 218256 ?? D 2:59PM0:13.90 /sbin/mount_nfs 0 1 0 -18 0 anonget catap 13530 0.0 2.0 1039528 330124 ?? DpU 3:04PM0:23.48 ungoogled-chromi 1000 68942 0 -18 0 fltasgi catap 7160 0.0 0.7 821464 107612 ?? DpU 3:04PM0:04.48 ungoogled-chromi 1000 68942 0 -5 0 biowait catap 26061 0.0 0.6 766536 92496 ?? DpU 3:05PM0:00.77 ungoogled-chromi 1000 68942 0 -5 0 biowait catap 81520 0.0 0.0 1528 1176 p3 D+p 5:23PM0:00.00 ls /tmp 1000 62543 0 10 0 inode catap 57257 0.0 0.0 108 384 C0 R+/1 5:24PM0:00.00 grep D 1000 70049 29 53 0 - ~ $ doas sysctl ddb.trigger=1 Stopped at db_enter+0x14: popq%rbp ddb{0}> show locks exclusive rwlock sysctllk r = 0 (0x82739928) exclusive kernel_lock &kernel_lock r = 0 (0x827c32d0) ddb{0}> Thus, doas reboot won't reboot machine from this state. After that machine is completly stuck. Reboot from ddb works. shutdown -r now also doesn't work. And easy way to achive this is run VM inside VMD which forces system to start using swap. As soon as it uses swap, around 500-700 mb is enough, 300 doesn't, it goes into this state. Should I dulicate it inside bugs@? -- wbr, Kirill
Re: /tmp on mfs is blocked
> > I never doubt that, but I had rebuild kernel on my machine with WITNESS, to > be able to get more usefull reason if such case happened again. > Seems that I had boot wrong kernel, or option WITNESS option WITNESS_WATCH wasn't enough, will reboot and double test it. The good news that I can reproduce it releativly easy. Anyway, here ps with l: src $ ps auxl | grep D USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND UID PPID CPU PRI NI WCHAN root 55404 0.0 4.5 1049492 734588 ?? D Fri02AM0:14.09 /sbin/mount_mfs 0 1 0 -18 0 anonget catap66849 0.0 2.6 395840 427736 ?? DpUFri02AM3:41.21 ungoogled-chromi 1000 82788 1 -5 0 vinvalb catap56100 0.0 1.4 895404 235868 ?? DpUFri02AM1:39.80 ungoogled-chromi 1000 82788 0 -5 0 getblk catap33124 0.0 1.7 988916 287816 ?? DpUFri02AM0:39.19 ungoogled-chromi 1000 82788 0 -5 0 biowait catap22342 0.0 1.0 820260 173008 ?? DpU10:46AM0:06.15 ungoogled-chromi 1000 82788 0 -5 0 getblk catap64977 0.0 0.0 1348 4044 ?? D 2:12PM0:00.01 /usr/X11R6/bin/x 1000 70379 0 10 0 inode catap93974 0.0 0.0 1140 1804 p2 D+p 2:12PM0:00.00 man ps 1000 6039 0 -5 0 getblk catap68803 0.0 0.0 796 1332 p3 S+p 2:16PM0:00.00 grep D 1000 55628 0 -6 0 piperd src $ anything which is touching /tmp is blocked, and df -i says: mfs:55404 2028910296608 163085816% 326 269816 1% /tmp and top says about this load averages: 0.75, 0.94, 1.26 matebook.local 14:21:53 135 processes: 1 running, 130 idle, 4 on processorup 0 days 12:13:33 4 CPUs: 2.3% user, 0.0% nice, 0.9% sys, 0.5% spin, 0.0% intr, 96.3% id Memory: Real: 10G/14G act/tot Free: 895M Cache: 2631M Swap: 555M/16G -- wbr, Kirill
Re: /tmp on mfs is blocked
On Fri, 28 Jun 2024 11:09:56 +0100, Crystal Kolipe wrote: > > The mfs code has been stable for many releases in all of these scenarios. > I never doubt that, but I had rebuild kernel on my machine with WITNESS, to be able to get more usefull reason if such case happened again. -- wbr, Kirill
Re: /tmp on mfs is blocked
On Fri, 28 Jun 2024 07:24:16 +0100, Dan wrote: > > What about permissions over /tmp? > > I really think you are talking of /tmp over mfs, mh.. in my own > flavour (different setup) I have to *very versatilly* adjust permissions > to use it. Never mind.. I'm wondering you remain locked there.. > Well, I had issue with wrong permission at /tmp on mfs and it lead to discover a bug inside emacs' tram mode :) Neverless this setup with /tmp on mfs seems to have right perssion, at least right enough to run X11 and things like Chrome for something like a month. -- wbr, Kirill
/tmp on mfs is blocked
misc@, I just encountered wired case when my /tmp was blocked, and nothing had worked. via ps I saw: root 59095 0.0 1.1 1049488 174152 ?? D Wed10PM0:40.02 /sbin/mount_mfs -o rw -o nodev -o nosuid -s 1024m swap /tmp and fstat -p 59095 points nothing abnormal: USER CMD PID FD MOUNTINUM MODE R/WSZ|DV root mount_mfs 59095 text / 53639 -r-xr-xr-x r 240160 root mount_mfs 59095 wd / 2 drwxr-xr-x r 512 htop reports that some swap was used and df points that ~200mb were used and /tmp had plenty of free space. Have you seen that before? How can I dig it future? -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 21:33:15 +0100, Anon Loli wrote: > > It'd be nice if someone can share any experiences with this matter (which > fall under the > conditions that which I imposed on myself), especially fsdb, assuming that it > can actually help in this matter... in an understandable fashion... unless I > waste 5 days on it (and still get nothing lol) > Something like 20 years ago I had reformated XFS with some data and rebuild it's from scratch. I have lost almost none metadata, and it was possible to rebuild. It took me couple of weeks to do it. Your case much worst. I have no idea how FFS is designed, but I bet that you had lost all your file names. Anyway, content of files should be intact that can be extracted with some kind of fuzzy search. But if you have some encrypted blobs, find them can be another challenge. Can you rebuild your FS from scratch by hand? Well, it is possible, but I think that you need to invest months, maybe years, of work. > > So as far as I understand, because of the 1st 74M being gone (the index of the > FS and stuff I'm guessing), that's like the entire FS is corrupt, so I'm > guessing I'd somehow have to go trough the entire 220/239G of data with > fsdb... > and my guess is that it won't be fast > I suggest you to use some software that may scan your image and try to extract something. But I can't suggest anything which may support OpenBSD FS. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 16:02:36 +0100, Anon Loli wrote: > > I'm not using anything commercial OR proprietary > [...] > > No one is getting any image or file or anything from me, and I'm not sending > my > drives to anyone. This might sound rude or stupid to you, I'm sorry, but > that's > not debatable.. > Well, when you're on you own. I really doubt that many software supports OpenBSD FS. > It sure does sound like a hobby for a while! > > Can't I just need to somehow fix the 1st 74M, and then somehow magically the > FFS sd3i magically is alive again, mountable and ridable? (get the > double-meaning? > xD) > I'm wondering how filesystems and how FFS2 works, and if maybe the 74M can be > somewhat easily fixable, like do filesystems keep an index of files and I > overwrote 74M of that index, or something like that? > "something like that", indeed. At begining FS, far less that the first 74M, it has the header and some structures that defines trees and other things like file names. Can you recreate it? Perhabs. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Thu, 27 Jun 2024 05:12:57 +0100, Anon Loli wrote: > > But the steps that I already took is good, right? Is my corrupt data backed up > at least? I need the raw disc copy, not the sd3i copy, right? Should I copy > both? I have space > Made as many copy of different things as you can. Better to make useless copy here now than miss something and understand it when no return. > > why is everyone recommending rsync then? > Personally, I understand your emails at some point like you had FS with files mounted. Probably not only I had understand it that way. > > No kidding? The 1st few people made it sound like it's going to be relatively > easy :( > Depends on your luck. Right now we have some comercial and open-source software which may support OpenBSD FS, or may simple make a search in data to get some files. Anyway, this isn't easy and fast task. If you really need your data I suggest to contact a few companies which recover data, explain to them that had happened and provide to them your images. Different tools may find different files, or different part of the same file :) and after that you need to recombinided it into your real files. Sounds like a hobby for a while, isn't it? -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Tue, 25 Jun 2024 04:05:45 +0100, "B. Atticus Grobe" wrote: > > A word of warning: even multiple overwrites are not guaranteed to erase any > kind > of flash-based storage. This applies even to some spinning rust now that have > intermediate flash storage caches on them (although those tend to be > enterprise-level devices). > > SSD/NVME's made by a reputable manufacturer usually have a secure delete > function, > but there are cases where this doesn't work, or doesn't work entirely, etc. > This is a very interesting point, thank you. Do you know any kind of behavior for TRIM? So, literally, here no way to secure remove data from SSD/NVME. -- wbr, Kirill
Re: accidentally overwritten wrong drive with DD, please help
On Mon, 24 Jun 2024 19:29:52 +0100, Anon Loli wrote: > > Encryption is a must, it's not just family photos, but even if it was, I'm > still not putting them on clear disk > You may fill your disk, after you recover everything with random data. Couple of times. It removes everything. -- wbr, Kirill
Re: libopensmtpd with res_query_async never calls cb
On Fri, 14 Jun 2024 13:13:17 +0100, Kirill A. Korinsky wrote: > > Anyway, I'm puzzling that to do next. > long story short: my code contains asr_abort and when it had happened it doesn't decrease internal counter that lead to the deadlock. Anyway, I suggest to add DEBUG print into asr_abort because right now it is missed, and such output may save many hours of debuging. Something like this: diff --git lib/libc/asr/asr.c lib/libc/asr/asr.c index c4ee2dd103f..afdbe00 100644 --- lib/libc/asr/asr.c +++ lib/libc/asr/asr.c @@ -173,6 +173,8 @@ DEF_WEAK(asr_resolver_free); void asr_abort(struct asr_query *as) { + DPRINT("asr: asr_abort(%p) %s ctx=[%p]\n", as, + _asr_querystr(as->as_type), as->as_ctx); _asr_async_free(as); } -- wbr, Kirill
Re: booting and RAID-5
On Sat, 15 Jun 2024 14:05:07 +0100, Marco van Hulten wrote: > > Would a good approach be to create a root device on one disk (and maybe > altroots on one or both of the others) and use the rest of all disks as > RAID-5 device? Or is there a good reason to boot from a disk separate > from the envisioned RAID-5 configuration? > Why not use dedicated RAID-1 for / instead? -- wbr, Kirill
Re: Do I need to wipe encrypted dual boot NVME before installation
On Sat, 15 Jun 2024 10:01:51 +0100, lafermedesanim...@posteo.net wrote: > > I have a dual boot Devuan/OpenBSD, I wrote random data on my > drive and then install the OSes, both are encrypted. > Now, I want to remove this dual boot to have only OpenBSD > and use it as a daily driver. > My plan for this is to boot a GNU/Linux live usb, erase LUKS keys > with cryptsetup command, use the wipefs command to erase LUKS > header and reinstall OpenBSD with full disk encryption. > Is it secure enough ? Do I need to do something with OpenBSD > encrypted data as I have to with the LUKS keys/header on GNU/Linux ? > Probably I don't understand your attack vecor, but where I stay if you reinstall with reformat whole disk, old data on the disk will be replaced or not, but it shouldn't create an issue, should it? -- wbr, Kirill
Re: crippled my laptop trying to reclaim root space
On Thu, 13 Jun 2024 02:29:02 +0100, "Brian Conway" wrote: > > A note on how you got into the original situation without addressing all > the things you've done since: /dev should only be a few dozen KB in size > (less than 50). Some time in the past, you likely wrote a significant > amount of data to a new file in /dev rather than the device you intended. just an example of such application is logfmon which has cachefile which it removes and creates, after it was read. So, if you run it under root with /dev/null as cache file, you'll lose your /dev/null, and soon it will be quite big. -- wbr, Kirill
libopensmtpd with res_query_async never calls cb
misc@, I dig into issue when callback which is scheduled via res_query_async never fired inside opensmtpd filter which uses libopensmtpd. I've tried both res_query_async and getrrsetbyname_async without any differences on OpenBSD 7.5 The code looks like: if ((query = getrrsetbyname_async(domain, C_IN, T_TXT, 0, NULL)) == NULL) osmtpd_err(1, "res_query_async"); if ((sig->query = event_asr_run(query, ar_rr_resolve, sig)) == NULL) osmtpd_err(1, "event_asr_run"); where ar_rr_resolve is callback which need to be fired, the whole code: https://github.com/catap/opensmtpd-filter-auth/blob/master/main.c#L863-L881 For one event loop it may setup a few quereis and some domain migth similar. After spending a lot of time with debug I narrow down to the issue in event_asr_dispatch which re-schedule event_add, and it never had happened. Nor timeout, nor inout, nothing. Not always. Sometimes. Thus, I've rebuild libc with enabled debug to use ASR_DEBUG and here an output which proves that behaviour. Anyway, I'm puzzling that to do next. tcpdump: 14:09:36.760807 127.0.0.1.44226 > 127.0.0.1.53: [bad udp cksum 50fe! -> de34] 64311+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 35656, len 81, bad ip cksum 0! -> f151) 14:09:36.785096 127.0.0.1.53 > 127.0.0.1.44226: 64311$ q: TXT? 20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net. CNAME[|domain] (ttl 64, id 25945, len 533, bad ip cksum 0! -> 157d) 14:09:36.785283 127.0.0.1.15520 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 6b81] 2100+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 27815, len 77, bad ip cksum 0! -> ff7) 14:09:36.785305 127.0.0.1.53 > 127.0.0.1.15520: 2100$ q: TXT? 20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net. TXT[|domain] (ttl 64, id 15297, len 493, bad ip cksum 0! -> 3f3d) 14:09:36.863795 127.0.0.1.18298 > 127.0.0.1.53: [bad udp cksum 50fe! -> 4fc4] 53518+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 23044, len 81, bad ip cksum 0! -> 2296) 14:09:36.863838 127.0.0.1.53 > 127.0.0.1.18298: 53518$ q: TXT? 20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net. CNAME[|domain] (ttl 64, id 51168, len 533, bad ip cksum 0! -> b2f5) 14:09:36.863990 127.0.0.1.36692 > 127.0.0.1.53: [bad udp cksum 4dfe! -> 41fd] 14366+ TXT? 20240125rsa._domainkey.korins.ky.(50) (ttl 64, id 61731, len 78, bad ip cksum 0! -> 8b79) 14:09:36.865962 127.0.0.1.2727 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 94e4] 55043+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 32069, len 77, bad ip cksum 0! -> ff58) 14:09:36.865977 127.0.0.1.53 > 127.0.0.1.2727: 55043$ q: TXT? 20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net. TXT[|domain] (ttl 64, id 57083, len 493, bad ip cksum 0! -> 9c02) 14:09:36.866528 127.0.0.1.45954 > 127.0.0.1.53: [bad udp cksum 51fe! -> 8452] 25459+ TXT? 20240125ed25519._domainkey.korins.ky.(54) (ttl 64, id 15424, len 82, bad ip cksum 0! -> 4059) 14:09:36.896741 127.0.0.1.53 > 127.0.0.1.36692: 14366$ q: TXT? 20240125rsa._domainkey.korins.ky. 2/0/0 20240125rsa._domainkey.korins.ky. CNAME[|domain] (ttl 64, id 1532, len 539, bad ip cksum 0! -> 74d4) 14:09:36.997396 127.0.0.1.53 > 127.0.0.1.45954: 25459$ q: TXT? 20240125ed25519._domainkey.korins.ky. 2/0/0 20240125ed25519._domainkey.korins.ky. CNAME[|domain] (ttl 64, id 37600, len 208, bad ip cksum 0! -> e93a) asr log: Jun 14 14:09:36 mx0 smtpd[37708]: auth: using thread-local resolver Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: checking for update of "/etc/resolv.conf" Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_ref(ctx=0x22f67302840) refcount=1 Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840) type=2 refcount=2 Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_unref(ctx=0x22f67302840) refcount=3 Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f672e1460, 0x72f8081d0ea8) ASR_GETRRSETBYNAME ctx=[0x22f67302840] Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: res_query_async_ctx("20240125rsa._domainkey.mx.catap.net.", 1, 16) Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840) type=0 refcount=2 Jun 14 14:09:36 mx0 smtpd[37708]: auth: - asr_setup_query - Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; HEADER id:0x37fbop:0 RD z:0 ADr:NOERROR qd:1 an:0 ns:0 ar:0 Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; QUERY SECTION: Jun 14 14:09:36 mx0 smtpd[37708]: auth: 20240125rsa._domainkey.mx.catap.net. IN TXT Jun 14 14:09:36 mx0 smtpd[37708]: auth: -- Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_GETRRSETBYNAME@0x22f672e1460] ASR_STATE_INIT -> ASR_STATE_SUBQUERY Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f67310620, 0x72f8081d0ea8)
Re: cpu cores
Greetings, On Mon, 10 Jun 2024 13:15:13 +0100, Riccardo Mottola wrote: > > This is for workstation use, mixed user and developer. To each its own. > I bet it ends depending also on cache, memory and specific jobs. > Do not forget about IO, which can be a bottel neck in case of compiling. Have you tried to run compilation with the same parallerism with and without HT enabled? For example build kernel with -j10 which is bigger than number of CPU with enabled HT on that machine (4 / 8): without HT: 8m42.07s real27m31.80s user 4m55.68s system vs with HT: 8m38.82s real50m47.22s user 8m41.53s system -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Sat, 08 Jun 2024 15:56:06 +0100, Stuart Henderson wrote: > > I think this should be possible with the standard route table, without > route-to. Essentially you need: > > 1. your machine to answer arp for the wg ip so other hosts will send > ethernet packets to it > > 2. your machine to not be configured with the wg ip itself > > 3. route entries such that those packets end up sent out the wg interface > (you may possibly need a route command with -ifp wg0) > Thanks, after re-reading map page for route I was able to figure it out in quite simple way, without NAT, routing domain, dedicated MAC which was added to separate things with hope to make things easy. So, here the resulted config: Client: rdomain 1 wgrtable 0 wgkey ... wgpeer ... \ wgendpoint 1.2.3.4 51820 \ wgaip 0.0.0.0/0 \ wgpka 25 \ wgpsk ... inet 1.2.4.5/28 up !route -T 1 add default 1.2.4.1 Server: wgkey ... wgpeer ... \ wgaip 1.2.4.5/32 \ wgpka 25 \ wgpsk ... wgport 51820 inet 127.255.255.255/32 up !route add -inet 1.2.4.5 -llinfo -link -static -iface \$if Without inet 127.255.255.255/32 adding a static route fails as: add host 1.2.4.5: gateway wg0: Network is unreachable -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Fri, 07 Jun 2024 16:25:48 +0100, Stuart Henderson wrote: > > I think you'll need proxy ARP then. > After a few attempts to make it works, I think I need help. My setup. Server: where em0 is uplink with routed 1.2.3.4/24 and 1.2.4.5/24 with expected gateway 1.2.3.1 and 1.2.4.1, em0 is included into bridge0 and 1.2.3.4/24 is configured as input point at route domain 0. To make things simpler each IP is associeted with it's own MAC address and switch expects that 1.2.4.5 with 00:50:56:01:1d:40. So, I have: $ cat /etc/hostname.vether1 lladdr 00:50:56:01:1d:40 rdomain 2 up !arp -s 1.2.4.5 00:50:56:01:1d:40 pub $ cat /etc/hostname.wg0 rdomain 2 wgkey ... wgpeer ... \ wgaip 1.2.4.5/32 \ wgpka 25 wgport 51820 wgrtable 0 up $ when I run ping from client to 1.2.4.1 I see traffic on wg0 on the server, but I can't figure out how to redirect it to vether1 and send to the switch. I feel that I miss some pice. I see route-to in pf.conf which probably the missed pice but I can't figure out how to use it. -- wbr, Kirill
Re: cpu cores
On Sat, 08 Jun 2024 11:09:29 +0100, Omar Polo wrote: > > On 2024/06/08 10:09:07 +0100, Kirill A. Korinsky wrote: > > On Sat, 08 Jun 2024 04:57:49 +0100, > > Gustavo Rios wrote: > > > > > > i have installed obsd on my dell notebook 8 cores processor. When i > > > execute > > > the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but > > > cpu1 and cpu3 is not listed. What is the problem ? > > > > > > > A blind guess: sysctl hw.smt=1 may return your hypertreading cores. > > which is a very bad advice to give. There's a reason sysctl hw.smt=1 > defaults to that value. One should rather give a "blind guess" of "your > hyperthread cores are disabled by default" rather than give a bad advice > without explanation. I'll make my advice cleaner, I defently mean that missed cores probably is disabled becuae it is hyperthreading ones which can be seen as offline in htop, or enable via sysctl. Also, I'd like to add that from security point of view SMT in general and hyperthreading as an example is very bad idea. Thus, here old but interesting results that enabling hyperthreading has negative effect on performance of have CPU used applications: https://web.archive.org/web/20220325090914/http://users.telenet.be/nicvroom/performanceP4.htm -- wbr, Kirill
Re: cpu cores
On Sat, 08 Jun 2024 04:57:49 +0100, Gustavo Rios wrote: > > i have installed obsd on my dell notebook 8 cores processor. When i execute > the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but > cpu1 and cpu3 is not listed. What is the problem ? > A blind guess: sysctl hw.smt=1 may return your hypertreading cores. -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Fri, 07 Jun 2024 12:08:45 +0100, Florian Obser wrote: > > On 2024-06-07 12:04 +02, "Peter N. M. Hansteen" wrote: > > I tend to summarize along the lines of "BSD licensed means you can do > > whatever > > you damned well please with the code except claim that you wrote it all > > yourself" > > And this is why I get very grumpy when things like copilot steal my > code. I'm already giving it away, but oooh no, that's not enough. > ...and things will be quite ugly for users of that technology as soon as it steals AGPL or patented code. -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Fri, 07 Jun 2024 10:48:45 +0100, Stuart Longland wrote: > > GPL means they have to share changes they make with the person > "receiving" the binaries (which includes the end user, since they were > shipped the binaries stored on the boot device in said appliance). As > the copyright holder, you can then take people to court if they withhold > such modified sources, since that's a license violation. > I'd like to add that AGPL requires to share the code of netwrok services as well to anyone who uses it. Yep, via network. At the end of the day this license if banned in Google: https://opensource.google/documentation/reference/using/agpl-policy/ -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On Fri, 07 Jun 2024 12:36:20 +0100, Stuart Henderson wrote: > > Configure the IP address on the wg interface with some subnet of 1.2.4.0/24 > that > includes 1.2.4.5, and use wgaip 1.2.4.5/32 (or a larger block if you wish to > route > multiple addresses over wg) for the relevant peer. > Here the catch on which I blocked: I do have only two IPs from two different network on em0 and it's all. The switch on ISP side I assume simple routes to my port traffic for both IP and I strugle on how redirect traffic from wg interface to em, I can't use bridge and I can't expect that traffic is routed via em's IP. -- wbr, Kirill
Share one of machines IP via WireGuard
misc@, I wonder if it is possible to share an IP associated with a machine through a WireGuard connection? Suppose I have a machine that has two IPs on different networks: - 1.2.3.4/24 gw 1.2.3.1 - 1.2.4.5/24 gw 1.2.5.1 I'd like to allow incoming connections via WG to 1.2.3.4 and forward 1.2.4.5 to the WG client. The best I can do now is create rdomain with wg and vether interfaces, and use PF nat to vether. But maybe it is possible to avoid NAT somehow? -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
On Thu, 06 Jun 2024 03:33:53 +0100, "Peter J. Philipp" wrote: > > This isn't about Patents, this is about Copyright. And that's the sole > interest of mine, and Lawyers are there for a reason. It should interest > OpenBSD in one form or another since i used the same Copyright and License > as them, if the outcome may be that the Copyright does not protect my works > and its license then there is no need to retain a license at the top of every > source file at all. I do not understand how you plan to prove that someone infringed on some part of your code by removing copyrigths from it and selling it. Especially if the result is binary and the copyrights are comments in the source code. > Again, like I said, all I have to go on is hearsay, and I'm looking for a > mistake that the entity did indeed change the license and copyright of the > original source code. If they did that mistake, then I got them. And they > will be sued. > > This should also be interesting to the GNU open sourcers because as far as > their "Copyleft" is concerned it has come to my attention that Artificial > Intelligence has been ripping off their code, stripping their licenses in the > process and making the final outcome theirs. If you're watching the scene, > programmers are suing. And rightfully so. > This door has already been opened, and the most notable case I suppose is that Linux developers took some code from BSD and put GPL on it: https://marc.info/?l=linux-wireless&m=117572345902445&w=2 Anyway, I have seen more than once when someone puts components under a different OpenSource license and relicenses them under something else. The last example that I've seen is bzip3: https://github.com/kspalaiologos/bzip3?tab=readme-ov-file#licensing -- wbr, Kirill
Re: Open Source / BSD License Copyright infringements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, 5 Jun 2024 13:33:39 +0200 "Peter J. Philipp" wrote: > On Wed, Jun 05, 2024 at 08:04:49AM -, Stuart Henderson wrote: > > On 2024-06-05, Peter J. Philipp wrote: > > > I have been made aware of hearsay that someone took my open source code > > > protected under the same license as OpenBSD and sold it for a lot of > > > money. > > > > There is nothing in either the ISC license used in OpenBSD (or in the > > GNU public license for that matter), to prevent people from doing that. > > People who receive the code under that license are of course allowed > > to pass it on though. > > > > The ethos of the license typically used for OpenBSD code is basically > > "do what you want with this code" (but expressed in a way that tries to > > cover all the bases). If you want to restrict commercial use then it's > > the wrong license to use. > > > > > I have no proof of this personally but I ask you to help me find evidence > > > of > > > this. There is not much I can do about this, except if the person or > > > persons > > > were stupid enough to change the license to their names. > > > > If they've removed or changed the license, that isn't allowed (though they > > can add an additional license for changes). Actual enforcement might well > > be difficult/expensive though. > > That's why I'm spreading the word for people to keep their eyes open for me as > just gathering proof is difficult for one person alone. They would surely > report pirate copies of OpenBSD if they existed as well. > > In regards to forking and leaving the license in place that is 100% ok with > me. I even advocated this to others. It is the removal of the license that > is the offence. Otherwise we'd all be using Microsoft OpenBSD written by > Bill Gates himself by now (sarcasm). > > If the person who did this is living in a communist country there is little > chance that I would reach them as WIPO has no jurisdiction there. However > through sanctions and tariffs large countries like the US can cause pressure > on the other system as we've seen with the whole risc-v debacle which I'm > sure isn't over yet. Wouldn't wanna get caught up in that cluskerthuck, mate. There's plenty of the One-eyed there too, so just breathin' the what where when or why of Who cheated Whom will see some justice served on the ground. Dhu > > It needs to be said that Open Source does not mean free for all to do whatever > they please. You are still locked into the IP laws of your country and if the > software has a license you must abide to that. Removing Copyright and putting > your own license on it, is something an idiot who has no clue would do. > > And I plan to sue whoever damages the intellectual property system that I've > built on top of with Open Source. I believe in this system. > > Best Regards, > -pjp > > -- > ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org ** > > -- Je suis Canadien. Ce n'est pas Francais ou Anglais. C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) Duncan Patton a Campbell -BEGIN PGP SIGNATURE- iQGzBAEBCAAdFiEEqge1PVqb4YiiKJRjW+0jaAWoWygFAmZhG3oACgkQW+0jaAWo Wyiv/gv+Kns6ICurcUnmXtGRbfFEepBs0foe4AbpbG+Bu6J3zD02zcgOtMpc+BqY zLXiA87h3yb14IMasqm1FBiJr1gljsRnwLr/sSzQups2ynM3JI/cJX/cYa2HWVf6 PK2aWc7IFTAR8CZP7pAfpnlipUT2kGyo/DdRmA60bYDopIfh6YCNeXNbm6dMk22a CMvYRUQ1g7xVVVRsj9iI0YkDld3Ls/ffQHNRTlQqrHLV5iWSHiWvM9AvNVeGcxD/ QeWthOyjkCnxm8W2FzO2CB8pJPw9RS784wl6FKnHy6xiyIH0EHr6qXXxj6JxoeHY 9x/AZeR1Epr1rv90NrD946Z8+m9OyuEFOhvzBeh+TQi8gZKHX8DjmLRWKtX/SxJh DfY5v7sS4NsM1kD5ZrJ+D6S4kz9jHiincBxe2EN4lqIv7VRLOsko/gi1+0v2kSYg tyI0mpSIXs2zy7Wcophu6/a1Qzl02cqlw5LruSmtyAJUyT3i7sK3jzifyIWQreC/ GZ3RhzG3 =gXJs -END PGP SIGNATURE-
Re: Open Source / BSD License Copyright infringements
On Wed, 05 Jun 2024 06:08:23 +0100, "Peter J. Philipp" wrote: > > I have been made aware of hearsay that someone took my open source code > protected under the same license as OpenBSD and sold it for a lot of money. > I have no proof of this personally but I ask you to help me find evidence of > this. There is not much I can do about this, except if the person or persons > were stupid enough to change the license to their names. > The only way to be protected is to try to make patent for some algorithms, but it is expensive in terms of fee to support in different countries (for example Germany fee is close to ā¬2k/year at the end of the table) and requires a lot of paperwork by quite expensive lawyers. So in the end you never know the outcome and predicting the decision of the court is impossible. Ok, the only known outcome of the court is that your lawyer makes very good money. -- wbr, Kirill
Re: mounting audio cd
On Sat, 01 Jun 2024 07:44:10 +0100, Geoff Steckel wrote: > > On 5/31/24 15:46, Harald Arnesen wrote: > > MIZSEI ZoltƔn [31/05/2024 20.15]: > > > >> Interestingly BeOS and Haiku lets you to mount an audio cd, it > >> generates a vfs from the toc and shows the tracks as wav or flac > >> (fixme), it does an automatic conversion behind the courtains if you > >> copy a file from an audio cd. > > > > Linux also had such a thing in the past - I can't remember the name of > > the file-system. > fuse(4) + part of a CD player + A Simple Matter of Programming > Here quite old FUSE project which can be, probably, brings to live https://github.com/steelcandy2/audiofs -- wbr, Kirill
Re: New filters auth and sign
On Sat, 01 Jun 2024 08:45:00 +0100, "Corey Hickman" wrote: > > does it have policy server included? for instance, when DKIM fails, the > policy can be set up to deny the message. > Right now it ignores DMARC as if it doesn't exist. Doing a DMARC lookup for domain and inserting it's results into the header is possible and not a big deal, but it has some issues. The first is parsing the From header. It is durable, but different MUA may follow different logic and parser for this can be quite complicated. And complicated means bugs. The second is more ideological. DMARC needs something that aggregates the results and sends out reports. It shouldn't be a filter for smtpd. But a filter can write it's decision to log, and something should harvest it to process and create reports that need to be sent. Anyway, forensic reports, which should be close to real-time and include a lot of things from the original email, is a much more complicated story. All this brings up the question of personal data / GDPR and DMARC. I know of a very good analysis of DMARC and GDPR in the case of German law [1], which can be summarized as a quote: The reports are fundamentally permitted and justified under data protection law. However, the principle of proportionality is to be complied with at all times. Based on this analysis, I assume that only aggregated reports can be used without legal headaches in the EU. But implementing only a part of DMARC seems as much worse than not implementing it at all, and implementing it in its entirety requires a lot of pieces in place, much more than just a filter. Thus, DMARC was discussed on the OpenBSD mailing lists a few months ago [2]. As a conclusion, I personally use the p=none policy, because I assume that my mail should be delivered, and To is not the final destination, it's a kind of starting direction of the mail's way to the recipient. Footnotes: [1] https://certified-senders.org/wp-content/uploads/2018/08/Report_DMARC_and_GDPR.pdf [2] https://marc.info/?l=openbsd-misc&m=171015367409290&w=2 -- wbr, Kirill
Re: New filters auth and sign
On Sat, 01 Jun 2024 00:34:41 +0100, Kirill A. Korinsky wrote: > > Greetings, > > I'd like to announce a two new filters for OpenSMTD which better to use > together: auth and sign. > Oops, wrong list. It should be m...@opensmtpd.org. Sorry for nosy. -- wbr, Kirill
New filters auth and sign
Greetings, I'd like to announce a two new filters for OpenSMTD which better to use together: auth and sign. auth is a filter which verify DKMI, ARC and SPF, and iprev. It adds Authentication-Results header or ARC-Authentication-Results. sign is a filter which adds DKMI or ARC signature, or ARC seal. For example, I run configuration: filter "auth" proc-exec "filter-auth" listen on egress port smtp ... filter { admdscrub, "auth", dnsbl } filter sign_ed25519 proc-exec "filter-sign -a ed25519-sha256 -D /etc/mail/domains \ -s 20240125ed25519 -k /etc/mail/dkim/20240125.ed25519.key" user _dkimsign group _dkimsign filter sign_rsa proc-exec "filter-sign -a rsa-sha256 -D /etc/mail/domains \ -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign group _dkimsign filter arc_auth proc-exec "filter-auth -A" filter arc_sign proc-exec "filter-sign -A -a rsa-sha256 -d mx.catap.net \ -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign group _dkimsign filter arc_seal proc-exec "filter-sign -S -a rsa-sha256 -d mx.catap.net \ -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign group _dkimsign filter sign chain { sign_ed25519 sign_rsa arc_auth arc_sign arc_seal } listen on egress port submission ... filter sign Here all incomming messages is autorised by adding Authentication-Results, and all outcomming messages: - signed by two DKMI signature with correct domain (list in /etc/mail/domains) - signed by one ARC signature with domain mx.catap.net - seal by one ARC seal with domain mx.catap.net Yeah, it is possible to use different selectors for ARC signature and seal, but I haven't tested it. The code is based on Martijn van Duren's filter-dkimsign, filter-dkimverify and filter-spf, and I also used some pices from spfwalk.c from OpenSMTPD. Man pages for both filters are updated. Thus, sign filter is drop-in replacment for filter-dkimsign. Code available here: - https://github.com/catap/opensmtpd-filter-auth - https://github.com/catap/opensmtpd-filter-sign I also attached ports for OpenBSD which I used to run it. How stable it is? Well, enough to share and ask for feedback. It may contains bugs, but it should be fine to use. Produced signature was tested against gmail, yahoo, icloud.com and dkimpy and it holds. Anyway, outlook.com fails on ARC signature with errors 35 or 47 (what does it mean?) and produced invalid signature as the next in ARC chain (tested by dkimpy). Thus, this email were sent via server which uses that filters, so, headers from this email a good example. -- wbr, Kirill filters.tgz Description: Binary data
Re: amd64 bsd.rd for 7.0, 7.1, 7.2
On Fri, 31 May 2024 10:02:57 +0100, "Quentin Carbonneaux" wrote: > > I want to upgrade an amd64 system running 6.9. Following > the guide I would like to upgrade to 7.{0,1,2,3,4,5} > sequentially. However it looks like > > wget https://cdn.openbsd.org/pub/OpenBSD/7.{0,1,2}/amd64/bsd.rd > > returns 404 for all three queries. > > Where can I find the bsd.rd images for these versions? > > Thanks for your help. > Not all mirrors hosts old versions. For example https://mirror.leaseweb.com/pub/OpenBSD/ from europe has old versions, but it migth be different from your location. -- wbr, Kirill
Re: How to set number of blocks in fdisk GPT
On Thu, 30 May 2024 10:06:11 +0100, 04-psyche.tot...@icloud.com wrote: > > How can I choose the blocks parametres in the command: > > fdisk -gy -b blocks disk > > The man page does not indicate how to make an informed choice. I couldnāt > find relevant help on the internet. > As suggested at https://www.openbsd.org/faq/faq14.html you may use 532480. Which is the minimum size of such partition due to a limitation of FAT32. Some details can be found here: https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions -- wbr, Kirill
Re: Configure User-Agent is relayd HTTP Check ?
On Wed, 29 May 2024 17:19:32 +0100, Joel Carnat wrote: > > Thank you! I went for solution 2 but it seems the string is not send > properly by relayd. > It sends as is, so the rigth approach, let me quote the man is: check binary send data expect data [tls] For each host in the table, a TCP connection is established on the port specified, then the send data is converted into binary and sent. Incoming (binary) data is then read and is expected to match against a binary conversion of the expect data using memcmp(3). data must be populated with a string containing an even number of hexadecimal single-byte characters and must not be empty. This can be useful with binary protocols such as LDAP and SNMP. If the tls keyword is present, the transaction will occur in a TLS tunnel. -- wbr, Kirill
Re: Configure User-Agent is relayd HTTP Check ?
On Wed, 29 May 2024 12:19:15 +0100, Joel Carnat wrote: > > Is there a way to specify a User-Agent value for the check http or shall I > rather tell relayd to validate on "code 418"? here two possible way to overstep it. 1. Use `check script /some/script` which uses curl, wget, ftp or any other way to make HTTP call which is accepted by that server. 2. Use `check send "HEAD /health HTTP/1.1\r\nHost: host\r\nUser-Agent: dummy\r\n\r\n" expect "200 OK HTTP/1.1"` (I haven't tested it, it may contains typos, but it should make an idea) -- wbr, Kirill
Re: httpd & pixelfed
Greetings, On Wed, 29 May 2024 00:01:07 +0100, Am Jam wrote: > > For posterity's sake, my working /etc/httpd.conf is below: > Maybe it is worth making a port for pixelfed to allow others to install it as easily as pkg_add pixelfed with some polish documented in the description? -- wbr, Kirill
Re: how to fsck automatically at boot
On Wed, 22 May 2024 12:53:11 +0100, Nick Holland wrote: > > For reasons of multi-hour fsck's on a few systems, I'm looking at > remounting the problem file systems as "rw" when writing is actually > needed and "ro" after the writing is complete (IN THIS APPLICATION, this > is known) to reduce my "at risk of power outage" window a lot, but I > suspect this will fall deeply within the category of "when I break > things, I get to keep all the pieces". :) > Do you need atime on that FS? Disable it dramatically reduces chances of manual interraction with fsck. If you move forward and add sync which slow down write but allows to get almost zero porbability of fsck interraction. -- wbr, Kirill
Re: how to fsck automatically at boot
On Mon, 20 May 2024 14:22:26 +0100, Mik J wrote: > > aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2 You may add noatime which should decrease probability of issues when an outage had happened. Also, you may consider to use sync option which should future decrease probability of issues on an outage. -- wbr, Kirill
Re: kernel rebuild to debug problem
On Sun, 19 May 2024 20:52:56 +0100, Kapetanakis Giannis wrote: > > I'm trying to bisect a bug and compile an older kernel from cvs > > cvs checkout -D "2023-01-05" src/sys > > and following https://www.openbsd.org/faq/faq5.html#Options > + make install > > New kernel compiles and boots but I get: > > # pfctl -f /etc/pf.conf > pfctl: DIOCADDRULE: Operation not supported by device > > # pfctl -sr > pfctl: Permission denied > > # pfctl -si | head -1 > Status: Enabled for 0 days 00:05:03Ā Debug: err > > any ideas about this? > You need to build / use no only old kernel but the whole system. The simplest way is to use archived version of snapshots from https://openbsd.cs.toronto.edu/archive/ or another mirror. -- wbr, Kirill
Re: Kernel debugging
On Sat, 11 May 2024 21:49:42 +0100, Daniel Hejduk wrote: > > Is there any way to build the kernel on Linux preferably Arch Linux? > It is theoretically possible, but you need to change Makefiles a lot, and probably to hack your toolchain. -- wbr, Kirill
Re: Kernel debugging
On Sat, 11 May 2024 20:28:08 +0100, Daniel Hejduk wrote: > > I want to enable kernel debugging how can I do it? > See: https://man.openbsd.org/options -- wbr, Kirill
Re: Localnet Hacking
On Sat, 11 May 2024 03:52:32 +0100, Lucretia wrote: > > I have a laptop and am looking to purchase a second computer. Neither of them > will be connected to The Internet, but will be networked together. > > My goal is to study networking, starting with some of the most basic commands > and routines. This will be purely for educational purposes. I may build upon > the network later, perhaps with unconventional devices, but for now I want to > focus just on having two Amd64 machines communicating with one another. > I wonder why to buy any physical devices if you may run virtual machines? -- wbr, Kirill
Re: webssh does not install
On Mon, 06 May 2024 04:14:16 +0100, EyĆ¼p Hakan Duran wrote: > >--- stderr >thread 'main' panicked at cryptography-cffi/build.rs:61:49: >unable to find openssl include path Try to run it with env OPENSSL_DIR="/usr" OPENSSL_STATIC=0 -- wbr, Kirill
Re: Desktop performance
On Sun, 05 May 2024 21:52:11 +0200, Bodie wrote: > > openfiles is very questionable, did you measure with fstat(1) how many of > them do you have when you run Firefox or Chrome or did you have any errors > in logs regarding exhausting that limit? > I run my desktop with default settings (512) and got an issue only once, when tried to build huge Java project with very complicated maven build which includes a few custom plugins. Restart of that build helps. Ok, I know second way to encoutner it. doveadm fetch over archive of mail which contians a user with hundreds of folders. -- wbr, Kirill
Re: ATB.com
On Sun, 05 May 2024 20:49:32 +0200, Austin Hook wrote: > > In the past 6 months is has gotten more and more difficult to sign-on > to with Firefox and OpenBSD, as they have tried to make their sites more > and more bullet proof. > Yeah, an industry to figth bots is qutie popular these days and a lot of companies tries to use it or make their own, in-house, solution. The worst things waits us tomorrow, when you can't go to the web site without using Apple or Google kind of VPN which works only on their devices and OS. Until that tomorrow is happened, here alway a hope. > It seems to go through an amazing number of redirects, and then gets hung > up in the process. Sometimes, tapping different cadences with lots of > control-R or control-F5 sequences, I can get through. It must be a matter > of timing. > > I guess it works better with other operating systems and/or browsers. In > fact I do have much better luck with Chromium + OpenBSD although not > always. Have you tried to enable WebAssembly? I do use chromium with WebAssembly enabled without any issue had openned https://personal.atb.com/ from Europe, note Canada. > > I'd prefer to use Firefox, so long as it exists semi-independently of > monsters like Google. See www/ungoogled-chromium which is chromium without google. -- wbr, Kirill
Re: Desktop performance
On Sat, 04 May 2024 22:32:46 +0200, Chris Bennett wrote: > > My luck with web searches is about zero. Even swapping to different > search engines just gives me crap that's too old or ridiculously wrong. > I have a strong feeling that LLM models adds too much "new" text that makes the OpenBSD community, which is quite small... how can I put it? Well, it looks like that search engine like Google or Bing seems this community to be too small fraction of knowledge which isn't worth to be indexed. Yes, the indexes include some old sites, but it looks like the mail listings are ignored, for example. -- wbr, Kirill
Re: obsd wifi
On Sat, 04 May 2024 21:39:18 +0200, Manuel Solis wrote: > > You could check your interfaces with "ifconfig", then you could see which > interface you have, the most common are iwm0, iwn0, or something like that, > Here the catch: they need a firmware and system needs an internet to get one. -- wbr, Kirill
Re: panic: unix: lock not held
On Fri, 03 May 2024 04:29:24 +0200, Amit Kulkarni wrote: > > Unable to boot to a prompt. How do I recover by booting an older kernel? > There is no /obsd to try out. Keep current /bsd as /obsd in the case of snapshot migth work only if you're updating quite oftne, otherwise the userland migth not work with old kernel due to changes in syscalls for example. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Thu, 02 May 2024 00:33:47 +0200, "Nathaniel Griswold" wrote: > > Does apmd keep a running average for the current and voltage or is it based > on instantaneous (as close as that can be)? > As far as I understand the code it devides hw.sensors.acpibat0.amphour3 (remaining capacity, Ah) by hw.sensors.acpibat0.current0 (rate, A) to compute life estimation. See acpi.c -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Wed, 01 May 2024 23:58:53 +0200, "Nathaniel Griswold" wrote: > > I guess it's a matter of figuring out which drivers or kernel features are > saving so much power. > From your dmesg: iwx0 at pci6 dev 0 function 0 "Intel Wi-Fi 6 AX210" rev 0x1a, msix if you read the end of man page for iwx you'll see: This driver does not support powersave mode. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Wed, 01 May 2024 23:54:52 +0200, "Nathaniel Griswold" wrote: > > Interesting, maybe i'll test on it. > I've played with this patch a bit more today, as result I've inlined an updated version to end of this email. > > Regarding estimated life time: > > > > Battery state: high, 66% remaining, 152 minutes life estimate > > AC adapter state: not connected > > Performance adjustment mode: powersaving (400 MHz) > > > > which is like 2x from usual numbers. > > > > This is for idle current usage? > > I tried disabling cores in my bios down to 3 CPUs and did comparisons and i > didn't really notice a savings. Yep, it is. With a few reboot and restart heavy application like chrome with ton of tabs, rebuilding whole kernel a few times on battery (!), it running 3 hours 10 minutes, and I've started with ~95% battery, not 100%. A bit history from logs regarding apmd: 1. Snapshot's kernel: Apr 28 13:32:23 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 14% (11 minutes life time estimate) 2. Solene's patch: May 1 11:52:28 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 14% (14 minutes life time estimate) 3. Attached patch: Battery state: CRITICAL, 13% remaining, 31 minutes life estimate AC adapter state: not connected Performance adjustment mode: powersaving (400 MHz) Thus, the current version quite comfortable to use. diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c index 25b221c1ee2..c01bb93d94f 100644 --- sys/kern/sched_bsd.c +++ sys/kern/sched_bsd.c @@ -65,8 +65,11 @@ void update_loadavg(void *); void schedcpu(void *); uint32_t decay_aftersleep(uint32_t, uint32_t); +extern struct cpuset sched_all_cpus; extern struct cpuset sched_idle_cpus; +extern int sched_smt; + /* * constants for averages over 1, 5, and 15 minutes when sampling at * 5 second intervals. @@ -573,6 +576,7 @@ void (*cpu_setperf)(int); #define PERFPOL_MANUAL 0 #define PERFPOL_AUTO 1 #define PERFPOL_HIGH 2 +#define PERFPOL_POWERSAVING 4 int perflevel = 100; int perfpolicy = PERFPOL_AUTO; @@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO; #include void setperf_auto(void *); +void setperf_powersaving(void *); struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL); +struct timeout setperf_to_powersaving = TIMEOUT_INITIALIZER(setperf_powersaving, NULL); extern int hw_power; void @@ -653,6 +659,101 @@ faster: timeout_add_msec(&setperf_to, 100); } +void +setperf_powersaving(void *v) +{ + static uint64_t *idleticks, *totalticks; + static int downbeats; + int i, j = 0; + int speedup = 0; + CPU_INFO_ITERATOR cii; + struct cpu_info *ci, *firstoffline = NULL, *lastidle = NULL; + uint64_t idle, total, allidle = 0, alltotal = 0; + + if (perfpolicy != PERFPOL_POWERSAVING) + goto recover; + + if (cpu_setperf == NULL) + goto recover; + + if (hw_power) + goto recover; + + if (!idleticks) + if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) + return; + if (!totalticks) + if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) { + free(idleticks, M_DEVBUF, + sizeof(*idleticks) * ncpusfound); + return; + } + CPU_INFO_FOREACH(cii, ci) { + if (!cpu_is_online(ci)) { + if (!firstoffline && (sched_smt || ci->ci_smt_id == 0)) + firstoffline = ci; + continue; + } + total = 0; + for (i = 0; i < CPUSTATES; i++) { + total += ci->ci_schedstate.spc_cp_time[i]; + } + total -= totalticks[j]; + idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j]; + if (idle < total / 3) + speedup = 1; + alltotal += total; + allidle += idle; + idleticks[j] += idle; + totalticks[j] += total; + /* it shoul keep at least one CPU online */ + if (j++ && cpuset_isset(&sched_idle_cpus, ci)) + lastidle = ci; + } + if (allidle < alltotal / 3) + speedup = 1; + if (speedup) + /* twice as long here because we check every 200ms */ + downbeats = 1; + + if (speedup && perflevel != 100) { + perflevel = 100;
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 18:07:50 +0200, "Nathaniel Griswold" wrote: > > What could be taking so much power? CPUs are idling. You may try this patch. It is extention of powersave mode which disabling / enabling CPUs. It should degradate to single-core mode, but it may contains bugs :) Right now I'm writing this email from kernel with this patch, on this mode. Well. It had boot and seems to work. Anyway, I not sure that I'll run it for long, it had feeling that idle system is overload, but I'll try. Regarding estimated life time: Battery state: high, 66% remaining, 152 minutes life estimate AC adapter state: not connected Performance adjustment mode: powersaving (400 MHz) which is like 2x from usual numbers. diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c index 25b221c1ee2..8941675a7f9 100644 --- sys/kern/sched_bsd.c +++ sys/kern/sched_bsd.c @@ -65,8 +65,11 @@ void update_loadavg(void *); void schedcpu(void *); uint32_t decay_aftersleep(uint32_t, uint32_t); +extern struct cpuset sched_all_cpus; extern struct cpuset sched_idle_cpus; +extern int sched_smt; + /* * constants for averages over 1, 5, and 15 minutes when sampling at * 5 second intervals. @@ -573,6 +576,7 @@ void (*cpu_setperf)(int); #define PERFPOL_MANUAL 0 #define PERFPOL_AUTO 1 #define PERFPOL_HIGH 2 +#define PERFPOL_POWERSAVING 4 int perflevel = 100; int perfpolicy = PERFPOL_AUTO; @@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO; #include void setperf_auto(void *); +void setperf_powersaving(void *); struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL); +struct timeout setperf_to_powersaving = TIMEOUT_INITIALIZER(setperf_powersaving, NULL); extern int hw_power; void @@ -653,6 +659,77 @@ faster: timeout_add_msec(&setperf_to, 100); } +void +setperf_powersaving(void *v) +{ + static uint64_t *idleticks, *totalticks; + static int downbeats; + int i, j = 0; + int speedup = 0; + CPU_INFO_ITERATOR cii; + struct cpu_info *ci, *firstidle = NULL, *lastonline = NULL; + uint64_t idle, total, allidle = 0, alltotal = 0; + + if (perfpolicy != PERFPOL_POWERSAVING) + return; + + if (cpu_setperf == NULL) + return; + + if (!idleticks) + if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) + return; + if (!totalticks) + if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) { + free(idleticks, M_DEVBUF, + sizeof(*idleticks) * ncpusfound); + return; + } + CPU_INFO_FOREACH(cii, ci) { + if (!cpu_is_online(ci)) { + if (!firstidle && (sched_smt || ci->ci_smt_id == 0)) + firstidle = ci; + continue; + } + total = 0; + for (i = 0; i < CPUSTATES; i++) { + total += ci->ci_schedstate.spc_cp_time[i]; + } + total -= totalticks[j]; + idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j]; + if (idle < total / 3) + speedup = 1; + alltotal += total; + allidle += idle; + idleticks[j] += idle; + totalticks[j] += total; + if (j++) + lastonline = ci; + } + if (allidle < alltotal / 3) + speedup = 1; + if (speedup) + /* twice as long here because we check every 200ms */ + downbeats = 1; + + if (speedup && perflevel != 100) { + perflevel = 100; + cpu_setperf(perflevel); + } else if (speedup && firstidle) + cpuset_add(&sched_all_cpus, firstidle); + else if (!speedup && perflevel != 0 && --downbeats <= 0) { + perflevel = 0; + cpu_setperf(perflevel); + } else if (!speedup && lastonline) + cpuset_del(&sched_all_cpus, lastonline); + + /* every 200ms to have a better resolution of the load */ + timeout_add_msec(&setperf_to_powersaving, 200); +} + + int sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen) { @@ -691,6 +768,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) case PERFPOL_AUTO: strlcpy(policy, "auto", sizeof(policy)); break; + case PERFPOL_POWERSAVING: + strlcpy(policy, "powersaving", sizeof(policy)); + break; case PERFPOL_HIGH: s
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 21:00:25 +0200, Kirill A. Korinsky wrote: > > On Tue, 30 Apr 2024 18:36:57 +0200, > Stuart Henderson wrote: > > > > https://cneira.github.io/posts/openbsd-save-battery-changes/ > > Do you have an idea what had happened with it? > After reading some code I have a conclusion that such hack doesn't required anymore. At least after [1]. RR works strickly from active CPU, so, no need to skip idle one. Have I missed something? Footnotes: [1] https://github.com/openbsd/src/commit/9ac452c773fe76f659962b5d2542d591385a4b06 -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 18:36:57 +0200, Stuart Henderson wrote: > > On 2024-04-30, Nathaniel Griswold wrote: > > What could be taking so much power? CPUs are idling. > > some things in this area that people have been looking into: > > https://cneira.github.io/posts/openbsd-save-battery-changes/ Quite interesting patch and approach. Seems that code were changed and such approach should be re-invented. Do you have an idea what had happened with it? -- wbr, Kirill
Re: Caddy webserver is not in the ports tree
On Tue, 30 Apr 2024 15:30:25 +0200, "Souji Thenria" wrote: > > Could you elaborate on your point that Go ports are a pain? I thought a > port written in Go would probably be easier to maintain > because no additional libraries are needed to run the program, and > cross-compilation is relatively easy, too. > Just an example of a go port which creates some issue you may see docker-compose. It requires to be patched for some dependencies to fix syscalls, and an update may requires additional patches. Also, it is distributed without vendor folder that means it requires internet access during the build. So, instead I prepare vendor folder as the second artifact. -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 15:01:43 +0200, "Nathaniel Griswold" wrote: > > My serperf seems to be at a consistent zero in my idle tests which makes > me think the patch may not help my idle tests much, but may help actual > usage. > In my personal use case it allows to win near 30 minutes of battery life. As example I've picked two morning when I haven't run anything heavy like calls in zoom. Without powersaving: Apr 27 10:13:42 matebook apmd: system resumed from sleep Apr 27 10:13:42 matebook apmd: battery status: high. external power status: not connected. estimated battery life 100% (1130 minutes life time estimate) Apr 27 11:27:52 matebook apmd: battery status: low. external power status: not connected. estimated battery life 50% (65 minutes life time estimate) Apr 27 12:24:12 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 15% (20 minutes life time estimate) after 1h 14m I had left 50% of battery, and aftre 2h 11m had 15%. With powersaving: Apr 30 11:07:21 matebook apmd: system resumed from sleep Apr 30 11:07:21 matebook apmd: battery status: high. external power status: not connected. estimated battery life 100% (2506 minutes life time estimate) Apr 30 12:46:12 matebook apmd: battery status: low. external power status: not connected. estimated battery life 50% (111 minutes life time estimate) Apr 30 13:56:00 matebook apmd: battery status: CRITICAL. external power status: not connected. estimated battery life 15% (32 minutes life time estimate) after 1h 29m I had left 50% of battery, and after 2h 39m had 15%. So, this patch allows to run the same machine on the same usage longer with some performance penalty which seems quite fair. -- wbr, Kirill
Re: fw_update
On Tue, 30 Apr 2024 12:35:17 +0200, fr...@lilo.org wrote: > > How does fw_update install the drivers? It downloads firmware from http://firmware.openbsd.org/firmware/ and installs it as package in system. > How does it know which driver is missing on the system? It checks patterns from /usr/share/misc/firmware_patterns which maps firmware to a pattern in dmesg. > All these questions to install the drivers manually (offline) You may download it by hand and install as fw_update /path/to/firmware.tgz -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 11:17:35 +0200, Kirill A. Korinsky wrote: > > Frankly speaking I never care about watt consumption, but offline time which > is depend on it is important in my case, so here the recovered patch. > Here a bit updated version which introduced a flag -P in apmd which you may control via rcctl and enable / disable that feature without rebooting and recompiling kernel, apmd and apm. diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c index 25b221c1ee2..b1e5bd142c3 100644 --- sys/kern/sched_bsd.c +++ sys/kern/sched_bsd.c @@ -573,6 +573,7 @@ void (*cpu_setperf)(int); #define PERFPOL_MANUAL 0 #define PERFPOL_AUTO 1 #define PERFPOL_HIGH 2 +#define PERFPOL_POWERSAVING 4 int perflevel = 100; int perfpolicy = PERFPOL_AUTO; @@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO; #include void setperf_auto(void *); +void setperf_powersaving(void *); struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL); +struct timeout setperf_to_powersaving = TIMEOUT_INITIALIZER(setperf_powersaving, NULL); extern int hw_power; void @@ -653,6 +656,76 @@ faster: timeout_add_msec(&setperf_to, 100); } +void +setperf_powersaving(void *v) +{ + static uint64_t *idleticks, *totalticks; + static int downbeats; + int i, j = 0; + int speedup = 0; + CPU_INFO_ITERATOR cii; + struct cpu_info *ci; + uint64_t idle, total, allidle = 0, alltotal = 0; + + if (perfpolicy != PERFPOL_POWERSAVING) + return; + + if (cpu_setperf == NULL) + return; + + if (hw_power) { + speedup = 1; + goto faster; + } + + if (!idleticks) + if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) + return; + if (!totalticks) + if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) { + free(idleticks, M_DEVBUF, + sizeof(*idleticks) * ncpusfound); + return; + } + CPU_INFO_FOREACH(cii, ci) { + if (!cpu_is_online(ci)) + continue; + total = 0; + for (i = 0; i < CPUSTATES; i++) { + total += ci->ci_schedstate.spc_cp_time[i]; + } + total -= totalticks[j]; + idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j]; + if (idle < total / 3) + speedup = 1; + alltotal += total; + allidle += idle; + idleticks[j] += idle; + totalticks[j] += total; + j++; + } + if (allidle < alltotal / 3) + speedup = 1; + if (speedup) + /* twice as long here because we check every 200ms */ + downbeats = 1; + + if (speedup && perflevel != 100) { +faster: + perflevel = 100; + cpu_setperf(perflevel); + } else if (!speedup && perflevel != 0 && --downbeats <= 0) { + perflevel = 0; + cpu_setperf(perflevel); + } + + /* every 200ms to have a better resolution of the load */ + timeout_add_msec(&setperf_to_powersaving, 200); +} + + int sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen) { @@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) case PERFPOL_AUTO: strlcpy(policy, "auto", sizeof(policy)); break; + case PERFPOL_POWERSAVING: + strlcpy(policy, "powersaving", sizeof(policy)); + break; case PERFPOL_HIGH: strlcpy(policy, "high", sizeof(policy)); break; @@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) perfpolicy = PERFPOL_MANUAL; else if (strcmp(policy, "auto") == 0) perfpolicy = PERFPOL_AUTO; + else if (strcmp(policy, "powersaving") == 0) + perfpolicy = PERFPOL_POWERSAVING; else if (strcmp(policy, "high") == 0) perfpolicy = PERFPOL_HIGH; else @@ -716,6 +794,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) if (perfpolicy == PERFPOL_AUTO) { timeout_add_msec(&setperf_to, 200); + } else if (perfpolicy == PERFPOL_POWERSAVING) { + timeout_add_msec(&setperf_to_powersaving, 200); } else if (perfpolicy == PERFPOL_HIGH) { perflevel = 100; cpu_setperf(perflevel); diff --git usr.sbin/apmd/apm-proto.h usr.sbin/apmd/apm-proto.h i
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Tue, 30 Apr 2024 05:31:21 +0200, "Nathaniel Griswold" wrote: > > > I had near the same question sometime ago but on different machine, and I've > > discovered a patch which I've inlinded into this email. > > > > Hm, ok, i'll try it. Do you have any insight into whether obsdfreqd has > similar power saving to this patch? It seems to set the perf similarly. I > wasn't having much luck with obsdfreqd as far as wattage, however... > Well, I haven't tried it but I've read documentation [1] and it seems a bit differently, isn't it? On idle this laptop has on 400 MHz, and provided patch decrease responsibility of system when it runs on battery, but allows to win some time on it. Like additionall half an hour or a bit more. Frankly speaking I never care about watt consumption, but offline time which is depend on it is important in my case, so here the recovered patch. Footnotes: [1] https://git.sr.ht/~solene/obsdfreqd -- wbr, Kirill
Re: >10W idle power usage on framework laptop 12th gen 13inch
Greetings, On Sun, 28 Apr 2024 18:53:09 +0200, "Nathaniel Griswold" wrote: > > Any ideas if it's remediable or where to start digging? > I had near the same question sometime ago but on different machine, and I've discovered a patch which I've inlinded into this email. My laptop on last snapshot has consumption: hw.sensors.acpibat0.volt1=11.14 VDC (current voltage) hw.sensors.acpibat0.current0=0.97 A (rate) and after this patch: hw.sensors.acpibat0.volt1=11.14 VDC (current voltage) hw.sensors.acpibat0.current0=0.52 A (rate) anyway, it has a price tag: response of the system is a bit slower. So, the Alternate cpu policy on battery patch. Original author of this patch is Solene which she announced at https://marc.info/?l=openbsd-tech&m=163259444331471&w=2 She also made benchmarks and some explanation: https://dataswamp.org/%7Esolene/2021-09-26-openbsd-power-usage.html Here the version which follows minor changes. It requires to rebuild kernel, apm and apmd. diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c index 25b221c1ee2..b1e5bd142c3 100644 --- sys/kern/sched_bsd.c +++ sys/kern/sched_bsd.c @@ -573,6 +573,7 @@ void (*cpu_setperf)(int); #define PERFPOL_MANUAL 0 #define PERFPOL_AUTO 1 #define PERFPOL_HIGH 2 +#define PERFPOL_POWERSAVING 4 int perflevel = 100; int perfpolicy = PERFPOL_AUTO; @@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO; #include void setperf_auto(void *); +void setperf_powersaving(void *); struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL); +struct timeout setperf_to_powersaving = TIMEOUT_INITIALIZER(setperf_powersaving, NULL); extern int hw_power; void @@ -653,6 +656,76 @@ faster: timeout_add_msec(&setperf_to, 100); } +void +setperf_powersaving(void *v) +{ + static uint64_t *idleticks, *totalticks; + static int downbeats; + int i, j = 0; + int speedup = 0; + CPU_INFO_ITERATOR cii; + struct cpu_info *ci; + uint64_t idle, total, allidle = 0, alltotal = 0; + + if (perfpolicy != PERFPOL_POWERSAVING) + return; + + if (cpu_setperf == NULL) + return; + + if (hw_power) { + speedup = 1; + goto faster; + } + + if (!idleticks) + if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) + return; + if (!totalticks) + if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks), + M_DEVBUF, M_NOWAIT | M_ZERO))) { + free(idleticks, M_DEVBUF, + sizeof(*idleticks) * ncpusfound); + return; + } + CPU_INFO_FOREACH(cii, ci) { + if (!cpu_is_online(ci)) + continue; + total = 0; + for (i = 0; i < CPUSTATES; i++) { + total += ci->ci_schedstate.spc_cp_time[i]; + } + total -= totalticks[j]; + idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j]; + if (idle < total / 3) + speedup = 1; + alltotal += total; + allidle += idle; + idleticks[j] += idle; + totalticks[j] += total; + j++; + } + if (allidle < alltotal / 3) + speedup = 1; + if (speedup) + /* twice as long here because we check every 200ms */ + downbeats = 1; + + if (speedup && perflevel != 100) { +faster: + perflevel = 100; + cpu_setperf(perflevel); + } else if (!speedup && perflevel != 0 && --downbeats <= 0) { + perflevel = 0; + cpu_setperf(perflevel); + } + + /* every 200ms to have a better resolution of the load */ + timeout_add_msec(&setperf_to_powersaving, 200); +} + + int sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen) { @@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) case PERFPOL_AUTO: strlcpy(policy, "auto", sizeof(policy)); break; + case PERFPOL_POWERSAVING: + strlcpy(policy, "powersaving", sizeof(policy)); + break; case PERFPOL_HIGH: strlcpy(policy, "high", sizeof(policy)); break; @@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void *newp, size_t newlen) perfpolicy = PERFPOL_MANUAL; else if (strcmp(policy, "auto") == 0) perfpolicy = PERFPOL_AUTO; + else if (strcmp(policy, "powersaving") == 0) + perfpolicy = PERFPOL_POWERSAVING; el
Re: OpenSMTP lmtp without unix users
Greetings, On Sat, 27 Apr 2024 17:31:24 +0200, "Nicolas Goy" wrote: > > How can I make it work with a single vmail unix user? Without losing the > catchall? > I do have a bit more complicated setup. smtpd.conf: table local-emails file:/etc/mail/local-emails table aliasesfile:/etc/mail/aliases table domainsfile:/etc/mail/domains table credentialspasswd:/etc/mail/credentials ... listen on egress inet4 port smtp tls pki mx.catap.net \ filter { admdscrub, "auth", dnsbl } action deliver_lmtp lmtp "/var/dovecot/lmtp" rcpt-to virtual match from any for domain \ ! rcpt-to action deliver_lmtp so tables: 1. local-emails is a list of email which can be reached only inside mail server. For example I like to have nice email for printer, but I don't like when it start to recieve spam :) 2. credentials is shared with dovecot and has format: :::extra_fields thus, usually I use short version: ::: where password is hash which I get via smtpctl encryp. 3. domains is just a list of supported domains. I don't really need it here, but keep it because it is re-used inside DKIM signature generator. 4. alisases, it is usual alliases plus each user from credentials should have record like: u...@email.com: vmail to redirect his email to dovecot. No record here means user may send email (auth on mail server) but never get anything back. And mail server says that user do not exists which can be an issue for some servers. -- wbr, Kirill
Re: mongo shell on openBSD
On Mon, 22 Apr 2024 17:40:22 +0200, Luca Leone wrote: > > I successfully installed the mongodb-4.4.2 package on the server which run > openBSD 7.4. It's the db of a node js app. > Locally on my Mac, I interact with the local mongo db through the mongo > shell. I'd like to do the same on the server with the installed mongo db BUT > there's no "mongo shell" package and I could not find any doc explaining how > to install the mongo shell on openBSD. Is there a way? Or is there an > alternative way to interact directly with the db? > Base on doc [1] you're looking for binary with name mongo which is part of port mongodb version 44 [2]. So, I assume that if you install mongodb, you'll have that you're looking for. Footnotes: [1] https://www.mongodb.com/docs/v4.4/mongo/ [2] https://github.com/openbsd/ports/blob/master/databases/mongodb/44/pkg/PLIST -- wbr, Kirill
Re: Fonts for wscons(4)
On Fri Apr 19 15:02:49 2024 Stuart Henderson wrote: > On 2024-04-19, Walter A Iglesias wrote: > > I designed some fonts for wscons(4). Once you decompress the tar file > > you'll find a test.sh script to test the fonts in a fullscreen xterm. I > > include the *.h files to try them in wscons, but you have to recompile > > the kernel for this. > > > > https://en.roquesor.com/Downloads/ape.tar.gz > > Fonts are loadable at runtime, see the terminus-font package for some details. > I thought that wasn't possible under drm(4), but choosing the right size I could load the terminus font (12x24 in my case). What I couldn't do is to correctly convert the bdf file to raw. I've tried first exporting from bdf to psf using gbdfont and then psf2raw, but when I load the font wscons shows garbage. -- To send this message I'm using my patched version of OpenBSD mail(1).
I betrayed myself :-)
I wanted to show off by sending the message from my patched mail(1) but I forgot that I had just run sysupgrade, ha, ha. Now I am using the patched version of mail(1). ;-)
Fonts for wscons(4)
I designed some fonts for wscons(4). Once you decompress the tar file you'll find a test.sh script to test the fonts in a fullscreen xterm. I include the *.h files to try them in wscons, but you have to recompile the kernel for this. https://en.roquesor.com/Downloads/ape.tar.gz -- To send this message I'm using my patched version of OpenBSD mail(1).
Re: syntax error in httpd.conf file
On Fri, 19 Apr 2024 13:30:47 +0200, Luca Leone wrote: > > I'll keep working on it, but after a couple of days spent on this stuff I'm > starting to think that maybe to serve my node app there should be an easier > way than openbsd ;) > I guess you mean someting like that? table { 127.0.0.1 } http protocol https { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" tls keypair birbi.biz:443 pass request forward to } relay https { listen on egress port https tls protocol https forward to port 3000 } -- wbr, Kirill
Re: Restic rest server broken with relayd.
Hi Stuart. Stuart Henderson wrote: > On 2024-04-10, a...@abiscuola.com wrote: > > Is there a way to restore the previous behaviour in relayd(8) > > Only by reverting the commit etc. > > > or, is there a known workaround for restic, in this case? > > That's probably a question for restic really (or possibly the > requirement is coming from a 3rd party REST library). > > > I know that relayd(8) is right > > It seems a little strict to me. Yes and no. I mean, while I agree that it looks a bit too strict, the restic developers are wrong assuming that *any* proxy, put between a restic HTTP server (that might not even be the packaged restic-rest-server) and the client would return the headers as they expect and they are also wrong assuming that the content-length will be the same between a HEAD call and a GET call. They even told me that there is no reason why a proxy would mangle the response headers. Probably they never had to deal with a setup in a classic corporate network. That said, IMHO relayd(8) should have shipped with an option, in the configuration file, to restore the previous behaviour, while keeping the new one the default. > > To my eye, the older version of the HTTP spec requires it ("The > Content-Length entity-header field indicates the size of the > entity-body, in decimal number of OCTETs, sent to the recipient or, in > the case of the HEAD method, the size of the entity-body that would have > been sent had the request been a GET"). > > That's been replaced now but it's still permitted: "The server SHOULD > send the same header fields in response to a HEAD request as it would > have sent if the request had been a GET, except that the payload header > fields (Section 3.3) MAY be omitted." It's permitted, but not mandatory. This is, of course, on the client program to fix properly. Anyway. I worked around the problem by putting the restic server behind a simple TCP relay in relayd(8). Of course, I also needed to change the public port, but that's a minor nuisance. Being able to keep the 443 would have been better. -- absc
Restic rest server broken with relayd.
Hi all. I've updated my server to OpenBSD 7.5, where relayd(8) works as a reverse proxy for a bunch of services, including the restic-rest-server from ports. However, with the change in version 1.87 of the usr.sbin/relayd/relay_http.c file, relayd(8) stopped forwarding the content-length header in response to HEAD requests. The restic client, before doing anything, does a HEAD request to understand the size of the repository config file but, of course, restic gives up because of the absence of the content-length header in the respone. Is there a way to restore the previous behaviour in relayd(8) or, is there a known workaround for restic, in this case? I know that relayd(8) is right and, luckily, the important files are backed-up locally using just http, so it's not an emergency. Thanks in advance. -- absc
Re: Migrate to different FS layout of OpenBSD
On Sun, 07 Apr 2024 12:02:05 +0200, Stuart Henderson wrote: > > softraid doesn't allow creating a 'degraded mirror' i.e. a single drive > that you can later add another drive to make a RAID1. You would need at > least one spare drive to do what you want. > Thanks, that is a kind of inside which I've been looking for. -- wbr, Kirill
Re: Migrate to different FS layout of OpenBSD
On Sat, 06 Apr 2024 23:14:39 +0200, Peter Hessler wrote: > > RAID0 is called that because zero is what you'll recover if you lose a > disk. This is amazingly dangerous, and you're going to have a bad time. > > Do a backup, then restore from backup. > I was totally misslead. I mean that I have RAID1 which is know as mirror. To be clear: here a two identical servers where I'd like to change FS layout, and before I go to reinstall everything, I can try this approach. -- wbr, Kirill
Migrate to different FS layout of OpenBSD
Folks, I'm looking for a way to migrate to different layout some OpenBSD systems. All of them has RAID0 and as far as I think I may something like this: 1. Remove second disk from RAID. 2. Build a new RAID0 on the second disk. 3. Make desires layout on the second RAID. 4. dump | restore 5. Boot from the second RAID. 6. Add the first disk to the second RAID. I have re-read https://www.openbsd.org/faq/faq14.html a few times and I feel that this is quite risky. So, questions: 1. Has anyone done something like this before? 2. Do you have any instruction or that to expect? Thanks in advance. -- wbr, Kirill
Re: Bash instead of ksh
On Mon, 01 Apr 2024 18:24:06 +0200, Karel Lucas wrote: > > Instead of ksh I want to use bash as a general shell. But how can I set > it up that way? Bash is already installed. > https://man.openbsd.org/chsh -- wbr, Kirill
Re: Today's snapshot brokes some Qt app?
On Mon, 01 Apr 2024 04:03:11 +0200, Lucas de Sena wrote: > > Telegram-desktop (net/tdesktop) also crashed here after a package update. > > I then noticed it was caused by linking issues with the qt6 libraries. > Deleting and adding net/tdesktop simply solved that. > > That should not be a problem tho. Applications are normally reinstalled > after the library is updated (or does that only happen when a major > version of the library is installed?). I'd like to confirm that reinstall of tdesktop helps. Also, when I run an upgrade of packgages, I saw that wireshark was updated after update of qt that may explains why did it work. -- wbr, Kirill
Today's snapshot brokes some Qt app?
Folks, I just run: pkg_add -D snap -u After that I've discovered that some Qt apps are crashing with errors like: Cannot add multiple registrations for QtQuick Abort trap (core dumped) for example telegram-desktop crashes but wireshark doesn't. -- wbr, Kirill