Re: Rate limit the httpd web server for signup requests
On Thu, Jun 13, 2024 at 04:30:27AM -0700, Paul Pace wrote: > On 6/12/24 10:32 PM, Chris Bennett wrote: > > It's not perfect, but I have a long list of regexes that I know are spam > > that I have my Perl code that processes the form block. Trying to block > > from a log is not very helpful. It can let through thousands of the same > > spam attempts before the log catches up to the attempts reaching the log, > > which is a pretty long time. > > I was just wondering if you've tried requiring email or SMS link to unique > signup URL? > If it's a form to make a payment, it just gets sent off to another site. If it's a general contact us form, I just try to keep the spam down to a bearable level. Every couple of months I add new regexes. Speaking of which, I really need to do that now. Form spam is now annoying again. I do use an email address for each form and nothing else. That way I can just pick a day to wade through the trash. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Wed, Jun 12, 2024 at 10:27:15PM -0700, Chris Bennett wrote: > > For fixing problems with tiny pointers in just xterm under fvwm3 I did this: > in .Xresources > XTerm*pointerShape: left_ptr > XTerm*cursorThem: Adwaita Oops XTerm*cursorTheme: Adwaita > Xcursor.size: 32 > > Xcursor.size can be 64 and also a couple of smaller sizes. > There may be other variations on this. I don't know, but this really saved me > from a micro pointer. > -- > Regards, > Chris Bennett > > "Who controls the past controls the future. Who controls the present controls > the past." > George Orwell - 1984 > -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: Rate limit the httpd web server for signup requests
On Tue, Jun 11, 2024 at 10:41:33PM +, Martin wrote: > I already do some rate limiting with stateful tracking options for PF, > which works really great for the stuff I use it for. > > I also use block lists of known bad IP addresses etc. > > But what useful methods exists that prevent spamming a HTML signup form > from stuffing the database with useless signups? > > Naturally the accounts that haven't been validated one way or another > gets deleted, but the initial signup is a problem as thousands upon > thousands of requests are stored before deletion. > > I have tried blocking by IP, but this is difficult as the IP changes > faster than it can be blocked. > > The User Agent is spoofed with random garbage. > > Honey pot empty hidden fields gets detected and ignored. > > Randomly generated form IDs that gets submitted and validated using a > session cookie also doesn't work as the cookie is just stored and then > send along. > > A simple CAPTCHA reduces some of the irrelevant noise, but the more > sophisticated bots solves the CAPTCHA. > > Using Cloudflare's or Google's CAPTCHA is frowned upon by the real > users, which I fully understand. > > So I was wondering, if some other clever method can reduce the noise? > It's not perfect, but I have a long list of regexes that I know are spam that I have my Perl code that processes the form block. Trying to block from a log is not very helpful. It can let through thousands of the same spam attempts before the log catches up to the attempts reaching the log, which is a pretty long time. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Tue, Jun 11, 2024 at 09:41:00PM -, Stuart Henderson wrote: > > On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: > >> Hello, > >> > >> I'm not sure if this is expected behavior or not, but it seems that > >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from > >> an arrow pointer to a hand when I hover over links in Firefox. It does > >> work for some other programs though. Also, moving the mouse over other > >> elements (like text entry) does work. It's just moving over links that > >> no longer visibly changes the mouse cursor. > >> > >> Is this a problem isolated to Firefox? Is anyone aware of a change > >> that would cause this and more to the point, how to recover the > >> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: > > iirc it can be worked around by setting in about:config: > > > > widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. > > For fixing problems with tiny pointers in just xterm under fvwm3 I did this: in .Xresources XTerm*pointerShape: left_ptr XTerm*cursorThem: Adwaita Xcursor.size: 32 Xcursor.size can be 64 and also a couple of smaller sizes. There may be other variations on this. I don't know, but this really saved me from a micro pointer. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: [OT] Keyboards, a trick I found and advice requested
On Tue, Jun 04, 2024 at 08:31:04AM -0400, Scott Reese wrote:
>
>
> - Original Message -
> > I have really bad repetitive stress problems, so I have been looking at
> > split mechanical keyboards. The Glove80 looks might it might be OK, but
> > it's very expensive. Anyone used it?
> >
> >
> > After watching various reviews, it suddenly occurred to me that I
> > already have a keyboard without a number pad and one with a number pad.
> > I connected both and used my left hand with one and my right hand with
> > the one with the keypad. A little weird but I can now touch type
> > comfortably now with my hands spread far apart.
> > I posted this with the hope that someone else might find this trick as
> > much of a lifesaver as I did. I can finally touch type again.
> >
> > I'm really not sure that I want to spend $400 on a keyboard that I can't
> > take for a test drive first.
> >
>
> I have both a Model 01 and a Model 100 from Keyboardio. The interconnect
> between the two halves is a standard ethernet cable, so you can position
> the two halves any distance you like.
>
> On the plus side, they have completely relieved all of the pain in my wrists.
> They're also quite attractive, although that's always in the eye of the
> beholder.
>
> On the negative side, they require a bit of muscle training - many of the
> common keys are in different locations (enter, tab), and some common
> programming keys ( {}, [] ) are in different locations. It took a couple
> of weeks to get used to, and if you regularly go back and forth with a
> standard keyboard (like on a laptop), it might take even longer to train
> your fingers. And, well, $350.
>
> I hope you find something that works for you. Wrist pain sucks.
>
This one looks very interesting. I use the keypad with combos of Shift,
Alt, Ctrl, Win for a lot of commands in Fvwm. I will definitely consider
this one. Thank you.
Chris Bennett
[OT] Keyboards, a trick I found and advice requested
I have really bad repetitive stress problems, so I have been looking at split mechanical keyboards. The Glove80 looks might it might be OK, but it's very expensive. Anyone used it? After watching various reviews, it suddenly occurred to me that I already have a keyboard without a number pad and one with a number pad. I connected both and used my left hand with one and my right hand with the one with the keypad. A little weird but I can now touch type comfortably now with my hands spread far apart. I posted this with the hope that someone else might find this trick as much of a lifesaver as I did. I can finally touch type again. I'm really not sure that I want to spend $400 on a keyboard that I can't take for a test drive first. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: vim editor with TERM
On Fri, May 31, 2024 at 04:52:29PM +0100, 04-psyche.tot...@icloud.com wrote: > > export EDITOR=vim > > Does anyone have a clue as to what could cause this issue? > > Thanks, > Jake Your ksh is now using vi editing mode instead of emacs. You can verify this by hitting esc, then i and you can then type normally, but with some different conditions. If you want to keep this, hit esc and k for earlier commands, j for later commands. I use both vi and emacs editing modes (this has nothing to do with the actual editors. man ksh will help. vi editing mode has very similar commands to the vi editor. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: ifconfig autoconf stopped working - how to debug?
On Mon, May 27, 2024 at 03:06:04PM +0100, Zé Loff wrote: > On Mon, May 27, 2024 at 01:51:25PM +0100, Chris Narkiewicz wrote: > dhcpleased now handles this. You can run it with -d and with one or > more "-v"s. You can also use dhcpleasectl to request a new lease. I run dhcpleased -d -vvv and here is the output: state_transition[vio0] Down -> Rebooting, timo: 1 DHCPREQUEST on vio0 iface_timeout[1]: Rebooting state_transition[vio0] Rebooting -> Rebooting, timo: 2 DHCPREQUEST on vio0 iface_timeout[1]: Rebooting deleting AAA.BBB.CCC.DDD from vio0 (lease from 0.0.0.0) state_transition[vio0] Rebooting -> Init, timo: 1 DHCPDISCOVER on vio0 deconfigure_interface vio0 iface_timeout[1]: Init state_transition[vio0] Init -> Init, timo: 2 DHCPDISCOVER on vio0 iface_timeout[1]: Init state_transition[vio0] Init -> Init, timo: 4 and so on, so on, so on, timo: 8, 16, 32, 64... The weird thing is that AAA.BBB.CCC.DDD is the IP address I'm expecting to receive, but it's not listed in ifconfig vio0 output. Best regards, Chris Narkiewicz
ifconfig autoconf stopped working - how to debug?
I have a netcup VPS and it crashed recently. After service restoration and fsck, the system cannot obtain IPv4 using autoconf. I'm wondering how I can debug DHCP autoconfiguration. dhclient -v -d doesn't show anything, as the functionality has been mmoved to ifconfig. ifconfig vio0 debug doesn't print anything. Best regards, Chris Narkiewicz
Re: What software to debugging and analyzing C?
On Tue, May 14, 2024 at 05:19:43AM -0300, Crystal Kolipe wrote: > On Sun, May 12, 2024 at 10:26:55PM +0200, Tomasz Rola wrote: > > I am sure gdb has some merits but for whatever C programs I wrote so > > far, a much more useful debugging technique was putting printf in > > right places and isolate the problem, and after that doing some mental > > work to actually understand why this seemingly correct line does > > something so wrong. > > Exactly. What you describe is likely the best method to fully understand the > code, what it's supposed to do and what it actually does, and by extension > avoid making the same coding mistakes in the future. Finding and fixing a > single error with gdb doesn't have the same educational benefit, nor in > many cases such a guarantee that other nearby bugs have also been noticed. > > > Besides, all debuggers introduce their own perturbation and thus > > certain classes of error will be very hard to catch with them, if > > ever. > > But you do realise that adding printf() calls to the code can also change, > for example, the memory layout that the compiler uses, so certain memory > allocation bugs might become more or less easily triggerable? Yes, I do realize that printf has that flaw. I also program some in Perl. print, warn, die, etc. can sometimes help, but often they don't. Carefully studying or just trying to rewrite a section of code from scratch is the only solution. Many years ago I wrote a trivial Perl script wrong. It very slowly grabbed more and more memory until it crashed the server about every two days. After very carefully watching, I figured out it was my script and I fixed a rather silly bug. I'll never forget that experience. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: What software to debugging and analyzing C?
On Mon, May 13, 2024 at 08:24:38AM +0200, Janne Johansson wrote: > pkg_add llvm and run "scan-build" on your code, then you get a quite > thorough analysis on what potential error code paths it detects, with > fancy webpages to go along with the explanations for each found issue: > > http://c66.it.su.se:8080/obsd/scan-build-2019-10-10-202112-79522-1/report-3f2f00.html#EndPath > > It's not 100% perfect of course, but it still is a neat way to point > out where in the code you may need to make an extra effort to cover > corner cases. > > > I also wouldn't mind any other useful tips that might not be software. > > Any help very appreciated. > > Perhaps this fuzzing guide helps a bit getting programs to run better? > https://undeadly.org/cgi?action=article=20150121093259 Thank you and to the others replying. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
What software to debugging and analyzing C?
I found a YouTube channel LowLevelLearning that covers various programming languages in a manner that I find particularly helpful and clear. For example comparing C and assembly on the same code is superb. In a short, he recommended valgrind to help finding memory leaks. Other than splint and gdb, what other software is useful for working with C? I also wouldn't mind any other useful tips that might not be software. Any help very appreciated. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: https://twitter.com/openbsd
On Sun, May 12, 2024 at 09:53:00AM +, Rubén Llorente wrote: > > I think it is worth mentioning I know of a number of small operations that > have announced their complete withdrawal from social media - Twitter, > Facebook, Instagram, the Fediverse - because the benefit they get from > social media presence is not worth the labor time required to sustain social > media presence. > > That said, when those operations ceased social media activity, they took > care of making it widely known among their audience rather than just let > their social media accounts rot... > I saw a news bit yesterday that in one town, all of the school children are buying old fashioned typewriters to break their link to computers and do things the old fashioned way. +1 to them. I prefer real text on paper myself. I learn things much better that way. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: Favorite configuration and system replication tools?
On Sun, May 12, 2024 at 01:40:25PM +0200, Walter Alejandro Iglesias wrote: > > Unix development. Given that i've been using computers for a few > > decades, i still instinctively don't use spaces in filenames, even > > though they're very much allowed. But of course, that's not what > > most of the world does, and this is an example of trying to work > > out what the best tradeoffs might be when dealing with the > > messiness of the real world. > > I overlooked this in my example because I *never* use spaces, UTF-8 or > any special characters to name my file names. Lately, I finally > persuaded my wife to use Linux, after decades of having to use Windows. > Even when I educated her in this matter she has clients who send her > files named with any kind of crap, so taking care of this issue is still > convenient. > I download a lot of files with a hideous mess of characters. I wrote a small script to substitute in acceptable characters. I can enter a regex, select to just use a directory or go down recursively. Also I can select to only change filenames or directories or both. After reading this thread I see I need to update the script. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: https://twitter.com/openbsd
Yeap a reason why ML suck Sent from Proton Mail Android Original Message On 5/11/24 7:02 PM, tux2bsd wrote: > On Sunday, May 12th, 2024 at 11:25 AM, Stuart Longland > > since you seem to want evidence that it was announced… > > Learn to read: > > > No post about the 7.5 release on https://twitter.com/openbsd > > The rest of what you blathered about is in your head, I only ever mentioned > the lack of an (singular) announcement via Twitter. At no point in time did > I suggest it was not announced via standard channels. > > You and T.J. Townsend have a personal issue with Twitter, so much so that > the pair of you are being irrational. > > tux2bsd > >
Re: Fwd: RTL8192EU wifi issue
Hello, Posting and re posting isn't going to get you help any quicker if no one has that card there won't be any interest and wifi is badly supported on any BSD. This looks more of a PR issue rather a ML issue Chris Sent from Proton Mail Android Original Message On 5/10/24 12:34 PM, Mizsei Zoltán wrote: > Crossposting on misc aswell > > 2024. máj. 7. 14:50:33 Mizsei Zoltán : > > Hi, > > I have a so called "Tenda 300Mbps Mini Wireless N Adapter" (this is not the > terribly small one). It reports itself as: > > urtwn0 at uhub0 port 2 configuration 1 interface 0 "Realtek 802.11n NIC" rev > 2.10/2.00 addr 2 > urtwn0: MAC/BB RTL8192EU, RF 6052 2T2R, address 50:2b:73:c9:11:00 > > It associates sucessfully with the AP, but it can't reliaby communicate > because OBSD reports 98% packet loss. However the same adapter works just > fine with the same router on the same machine using NetBSD. > > NetBSD reports: > [ 1.809012] urtwn0 at uhub3 port 1 > [ 1.809012] urtwn0: Realtek (0x0bda) 802.11n NIC (0x818b), rev 2.10/2.00, > addr 1 > [ 1.859025] urtwn0: MAC/BB RTL8192EU, RF 6052 2T2R, address 50:2b:73:c9:11:00 > [ 1.869029] urtwn0: 1 rx pipe, 3 tx pipes > > Interestingly OpenBSD thinks it is 2T2R while NBSD says it is 3T1R. <- maybe > a bug? > > This is the firmware from OpenBSD: > -rw-r--r-- 1 root bin 31818 Mar 20 22:17 urtwn-rtl8192eu > And this is the firmware from NetBSD: > -r--r--r-- 1 root bin 13904 May 7 14:31 urtwn-rtl8192eu > > As you can see, the file size is clearly different, so I have tried to > replace the OpenBSD firmware in /etc/firmware with the one from NetBSD, but > it fails to load correctly: > > urtwn0: timeout waiting for firmware readiness > > strings and file doesn't gives any hint about the content of the firmwares, > so I'd like to know what's the difference, and if it is possible to > update6replace the firmware in OBSD with the one from NetBSD? > > Thank You! > > --ext
Re: ATB.com
Hello,
Try changing the version to say windows using a extension I've seen a few
banking sites that will fail to load if it's not a supported OS or browser they
use or recommend luckily navy fed hasn't done anything like that.
Chris
Sent from Proton Mail Android
Original Message
On 5/5/24 1:49 PM, Austin Hook wrote:
> {I'm currently still using release version of 7.4}
>
> {This may be of interest mainly to residents of Alberta, Canada}
>
> ATB.COM -- (i.e. Alberta Treasury Branch) is a provincially owned bank in
> Alberta, Canada. In general it is nicer, and friendlier to use than most
> big commercial banks. Not so, anymore, with their web page.
>
> In the past 6 months is has gotten more and more difficult to sign-on
> to with Firefox and OpenBSD, as they have tried to make their sites more
> and more bullet proof.
>
> Now, starting from atb.com it's hard to even get to where one signs into
> personal banking, and to where it requests a username and password.
>
> It seems to go through an amazing number of redirects, and then gets hung
> up in the process. Sometimes, tapping different cadences with lots of
> control-R or control-F5 sequences, I can get through. It must be a matter
> of timing.
>
> I guess it works better with other operating systems and/or browsers. In
> fact I do have much better luck with Chromium + OpenBSD although not
> always.
>
> I'd prefer to use Firefox, so long as it exists semi-independently of
> monsters like Google.
>
> So, if anyone is interested, perhaps it would be nice if we could qualify
> to the ATB web page design team, what doesn't work well for everybody,
> and if anything they are doing is beyond being reasonable.
>
> I also wonder if anyone has problems with Firefox and other operating
> systems, accessing ATB.COM, and even getting to the personal sign in page.
>
> Additionally, even getting that far, doesn't guarantee one actually can
> get beyond the next sequence of redirects, when signing in. It only works
> about half the time, from that point.
>
> An additional reason, for us Albertans, to try to keep ATB.COM from going
> outside the normal bounds of web site protection, and hence making it work
> only from certain operating systems and browsers, is that the Alberta
> Government has become so sold on their toy bank, and it's website
> developers, that they have recently decided to put that team in charge of
> all the website development for the government of Alberta, which means I
> won't even be able to access my health records -- the online ability to do
> that they are so proud of
>
> Whew... apologies for that run on sentence, above.
>
> Anyone game to help push the point?
>
> Sure, this is not really just an OpenBSD project question, but the project
> does have it's origins here in Alberta
>
> One doesn't have to be a resident of Alberta to see the problem (try it)
> -- but I am curious if the trend towards using timing to allow access to
> web sites is going to become more and more common, and how to fight back.
>
> Austin
>
> Milk River, Alberta
>
>
>
>
>
Re: obsd wifi
Hello, You need to pre search for devices before you buy or you will run into this. A device driver needs the code and the fw sometimes it's not the code but the fw luckily OpenBSD has fw_uodate which does an awesome job. But if you want to use any BSD you need to either do a approps for supported HW or create your own driver just how it is. You can't buy a new pre built computer and not have something not be supported mostly being wifi not to mention WiFi is limited to 2.4 so what's the point and this isnt the projects fault buy companies that don't have docs for drivers the BSDs are awesome for a server but they aren't good desktops and this to be fair includes Linux the whole what's makes a desktop a desktop is plugging something in and it works if you have to mess with it and install firmwares due to people wanting free software well this happens. WiFi 7 came out but most drivers only support g and g these days is not good enough. Another issue is tech speed we just got the pi5 and this only works on Linux cause the devs only care about it so what's the point in calling it open if the manu only bounds it devs to one set of software ? This is mostly why I'm starting to move away from OSS and go back to Mac os and Windows as it just works (TM) Chris Sent from Proton Mail Android Original Message On 5/4/24 3:11 PM, Peter N. M. Hansteen wrote: > On Sat, May 04, 2024 at 03:01:54PM -0300, Gustavo Rios wrote: > > I have just installed OpenBSD in my brand new notebook. It is a dell > > notebook that came with just a wifi NIC. How do i discover the name o my > > wifi nic ? > > ifconfig with no arguments should list all network interfaces the kernel has > recognized. > > There is a catch, though. For wifi interfaces it is likely that the interface > can not be configured until the device's firmware is installed. > > If that is the situation, a common workaround is to use some device that > *is* configurable (most USB Ethernet dongles I have encountered Just Work), > configure that, then run fw_update. Once the firmware is in place, the rest > should be straightforward. > > Good luck! > > - Peter > > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
Re: Desktop performance
Hello, The best docs I've seen are the ones in OpenBSD they praise to provide very nice docs, Linux by fare sucks in this regard the issue is most people who provide howtos are just kids who try to setup a web server and document how they did it, as well as you get 45 people replying the same out come but in different wording which makes it confusing, but it's how the BSD community is these days. I still run OpenBSD as a server but I stopped using FreeBSD as I don't see how putong all the basics of a is in the ports tree and how installing OpenBSD and having a working GUI and just need to install either gbome xfce or kde while others require you to spend time messing with drm since it's a port it doesn't get the same testing, then you have to add it in and setup x11 for simple people this is too much work and this is why I've started using Open or Net. Too find good searches on Google is pretty much a dead boss and IRC is more about pride and I know more and you're doing it wrong and I'm right to make it a waste of time as well so your best bet if reading man pages or asking for help on a ML Sadmy these projects you need to search before you buy you can't just buy a computer and expsct it to work in any BSD to be fare however OpenBSD has less bs in regards to drivers and the fact that fw_update makes it easier. Never understood the whole let's place this driver in the ports tree they make it as hard as it can be to install it without any internet ?? Chris Sent from Proton Mail Android Original Message On 5/4/24 4:46 PM, Kirill A. Korinsky wrote: > On Sat, 04 May 2024 22:32:46 +0200, > Chris Bennett wrote: > > > > My luck with web searches is about zero. Even swapping to different > > search engines just gives me crap that's too old or ridiculously wrong. > > > > I have a strong feeling that LLM models adds too much "new" text that makes > the OpenBSD community, which is quite small... how can I put it? Well, it > looks like that search engine like Google or Bing seems this community to be > too small fraction of knowledge which isn't worth to be indexed. > > Yes, the indexes include some old sites, but it looks like the mail listings > are ignored, for example. > > -- > wbr, Kirill > >
Re: Desktop performance
On Sat, May 04, 2024 at 06:19:54PM +0200, Peter N. M. Hansteen wrote: > Hm. Back in the day I did some conference tutorials on "transition to the most > recent OpenBSD release", with some desktop/laptop oriented tweaks I had found > useful myself. Some of those tweaks may still apply, but some are likely to > be outdated or just plain wrong to start with. But perhaps an updated version > would be useful to somebody? > I wouldn't mind that. I adjusted some stuff a long time ago for some specific need, but it was so long ago that I can't remember why. I was really new to OpenBSD (4.7 or 4.9, I can't remember which. I have two servers, both need extra PostgreSQL connections because of a few pages, for example. Not relevant, but just mentioning it. I have a desktop at home. That's where I have some really old changes. I will go read some man pages, but that isn't always helpful for specific uses. I also have a mailbox where I keep posts that I don't want to lose track of with good info. My luck with web searches is about zero. Even swapping to different search engines just gives me crap that's too old or ridiculously wrong. But if there isn't anyone with the time or desire to do it, no problem. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: obsd wifi
On Sat, May 04, 2024 at 03:40:18PM -0300, Gustavo Rios wrote: > how to install via pkg_add if i have no network connection ? dmesg and ifconfig should give you a name of the wifi chipset already. To install required packages and firmware, buy a USB adapter. They are $5 and work out of the box. I keep RTL dongle around for such situations: https://man.openbsd.org/urtwn.4 You can also buy a USB ethernet dongle. Those are also dirt-cheap. Best regards, Chris Narkiewicz
Re: >10W idle power usage on framework laptop 12th gen 13inch
Hello, Failure to read man pages before posting. Chris Sent from Proton Mail Android Original Message On 5/1/24 5:42 PM, Kirill A. Korinsky wrote: > On Thu, 02 May 2024 00:33:47 +0200, > "Nathaniel Griswold" wrote: > > > > Does apmd keep a running average for the current and voltage or is it > based on instantaneous (as close as that can be)? > > > > As far as I understand the code it devides hw.sensors.acpibat0.amphour3 > (remaining capacity, Ah) by hw.sensors.acpibat0.current0 (rate, A) to > compute life estimation. See acpi.c > > -- > wbr, Kirill > >
Re: fw_update
Hello, Firmwares aren't drivers per say they are required along with the driver Chris Sent from Proton Mail Android Original Message On 4/30/24 5:35 AM, wrote: > How does fw_update install the drivers? > How does it know which driver is missing on the system? > All these questions to install the drivers manually (offline) > > Tks > > > >
Re: bad first impression of OpenBSD at install time
Hello, Please don't bash the OS based on unsupported HW or not I knowing what HW is or not supported before I stalling it that's the users fault. Blame the companies that fail to provide documentation to make oss drivers etc.. as you use any BSD you will learned that looking through the current drivers is crucial. I use openbsd for pretty much everything however I tend to buy hw that is found using the approps command and not just any HW. P.S I'm a 90% disabled vet so sorry for typos :( Chris Sent from Proton Mail Android Original Message On 4/25/24 1:28 PM, Peter N. M. Hansteen wrote: > On Thu, Apr 25, 2024 at 05:46:04PM +0200, Harald Dunkel wrote: > > > > I posted this before, without any response from the community: > > > > At the boot> prompt of the installer image my USB keyboard still works, > > but at the install prompt the keyboard is ignored. I cannot press "i" > > to actually install OpenBSD. > > I remember vaguely something that matches the description, and I think > the feedback then too was that more information about the hardware involved > would be needed in order to help. Preferably full sendbug output, but > a dmesg (preferably from OpenBSD but even from some other unixlike like > Linux will do). > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
Re: Getting "Boot error" after replacing a disk in softraid [SOLVED]
Hello, Remember softraid isn't the same as hw raid and I will always chose hw over soft this includes zfs. Chris Sent from Proton Mail Android Original Message On 4/25/24 3:14 PM, Martin wrote: > > On Thu, Apr 25, 2024 at 09:12:47AM +0200, Stefan Sperling wrote: > > > > > I checked, the softraid manual page already has an example installboot > > > invocation in EXAMPLES, which should be clear enough. > > > > > > Regardless, I've tweaked the wording a bit. Hopefully more clear now. > > Indeed :) Thank you very much! > >
Booting with secure boot enabled
Is it possible to boot OpenBSD with secure boot enabled? I'd like to try unattended installation over WiFi on ThinkPad X1 and my UEFI firmware supports PXE over WiFi, but it works only in Secure Boot mode. Best regards, Chris Narkiewicz
Re: No coloring with colorls
On Mon, Mar 25, 2024 at 11:40:52PM +0100, Karel Lucas wrote: > Hi all, > > LSCOLORS=exfxcxdxbxegedabagacad > I just use TERM=xterm If you use a black background (or some other dark colors), you will want to change LSCOLORS to not use a dark blue. I find that color combo unreadable. I just use alias ls='colorls -Gla'. You can either have other aliases or just type colorls with the same arguments as ls to get other options. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: Trying to access /dev/ttyUSB0 device from VM
Hardware passthrough is not supported by vmd. Best regards, Chris Narkiewicz
Re: Ctrl+A shortcut not working on the browser
On my machine, Ctrl-A moves cursor to the beginning of input field, while Ctrl-E to the end. I think it emulates Emacs input mode. Best regards, Chris Narkiewicz
Re: USB peripherals hang, nothing in messages
On Fri, Mar 15, 2024 at 01:40:56PM +0100, Dan via misc wrote: > > Interesting.. > > Laurence Tratt via misc : > > > This sounds to me like it might be due to USB stack performance problems, > > though you'll at least want to give `dmesg` output so that those who better > > understand this have a chance of helping. > > > > FWIW, there seem to be notable differences in USB performance on nominally > > similar hardware with OpenBSD. > > Do you suggest to phisically (hub) separate peripherals from > eg. storage devices for who is working in this kind of fashion? > > -Dan > I used a powered USB hub on a laptop that somehow solved a bunch of connectivity problems to the laptop's USB3 port. I needed a powered hub to run both the wifi dongle and a spinning USB hard drive. No idea why it worked, but it did. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: MCU recommendations to program on OpenBSD?
On Sun, Mar 03, 2024 at 05:11:17PM +0800, Sadeep Madurange wrote: > Any recommendations for MCUs with C > language SDKs supported by OpenBSD? AVR - 8 bit ARM - 32 bit Especially AVRs are top of the game when it comes to open source toolchain support. Best regards, Chris Narkiewicz
Re: Pre-built images for embeded machines
On Sat, Mar 02, 2024 at 12:51:05PM -0700, Theo de Raadt wrote: > It might be easy, but it is wrong. Besides extra burden on the build infrastructure, are there other issues? Curiosity calling, as I'm not using any arm64 devices personally. I'd assume that such image would be very challenging to tailor for the general use, as embedded systems are ususally highly specialized. What are perceived issues with approach? Best regards, Chris Narkiewicz
Re: 10gbps pf nat firewall ix to mcx
j...@openbsd.org [j...@openbsd.org] wrote: > On Sun, Feb 11, 2024 at 10:42:32AM -0800, Chris Cappuccio wrote: > > huh, after i migrated nat fw from 82599 (ix) with LRO on (default) to > > a CX4121A (mcx) flashed to latest nvidia firmware and now i'm getting > > 900mbps on single tcp throughput > > > (endpoints still using lro on em and ix) > em(4) does not support the LRO feature, just TSO with mglocker's diff. > > > and very consistently getting close to the full 1gbps > > thruoghput on single tcp connections now instead of slower and slightly > > varying results. guess i should go back and test ix with LRO off on > > the pf box. > > Sorry, I don't get your problem. You changed your firewall NICs from > ix(4) to mcx(4) and the throughput got slower? Or, the speed it varying > between 0.9 gbps and 1.0 gbps? got faster, notably faster and more consistent TCP performance as tested with an ix sender, through mcx firewall, to a 1Gbps em endpoint, 1500 byte normal mtu, all default settings across the board i would have to test more to understand what was going on, but this took me for surprise chris
Re: Installing shellinabox on OpenBSD
On Mon, Feb 12, 2024 at 02:38:25PM -0500, Daniel Ouellet wrote: > I am not sure why people say they can't have a safe ssh client for window... OP mentioned he cannot install software on the machine. This is pretty common issue if machine is managed by somebody else. Best regards, Chris Narkiewicz
Re: Installing shellinabox on OpenBSD
On Mon, Feb 12, 2024 at 07:12:49PM +, Chris Narkiewicz wrote: > If security is not a problem, you can use telnet. Windows has telnet > client built-in. Also, ttyd is in ports. This could be handy: https://openports.pl/path/www/ttyd Best regards, Chris Narkiewicz
Re: Installing shellinabox on OpenBSD
On Mon, Feb 12, 2024 at 07:01:11PM +0300, Odhiambo Washington wrote: > The VM is NOT exposed to the Internet so I am not worried. If security is not a problem, you can use telnet. Windows has telnet client built-in. Best regards, Chris Narkiewicz
10gbps pf nat firewall ix to mcx
huh, after i migrated nat fw from 82599 (ix) with LRO on (default) to a CX4121A (mcx) flashed to latest nvidia firmware and now i'm getting 900mbps on single tcp throughput (endpoints still using lro on em and ix) and very consistently getting close to the full 1gbps thruoghput on single tcp connections now instead of slower and slightly varying results. guess i should go back and test ix with LRO off on the pf box.
Re: HUNSN routers - N100 I226-V
Kapetanakis Giannis [bil...@edu.physics.uoc.gr] wrote: > Has anyone tried these HUNSN mini pcs/routers with multiple interfaces? > > I'm thinking of getting one for home routing. Does it work with OpenBSD? > (dmesg?) > > Performance? Will it route/firewall at 1Gbps? Intel N100 seems to be low on > TDP and gives numbers. > > Any problems with I226? I've read about issues with I225 in the past. > Some of the N100 boards are missing options in the BIOS like default power-on from what I've read. I have a couple and my complaint is the build quality is poor. I got 8 units and at least 1 is questionable. USB ports blink on and off when you breathe on it and probably more, i haven't spent much time yet. I don't know if these are the same as the HUNSN brand, just some shitty manufacturer, or something else. I haven't even looked to see if the BIOS has power-on default yet. I don't have a ton of experience with them but my early and late i225 boards don't seem to have the problems under if_igc that they have under Windows where the chip isn't initialized, shuts off, whatever. I had nothing but trouble with cards based on the early realtek 2.5gbps chips, despite kevlo's attempts to improve if_rge. I ended up throwing them away before his last round of fixes. My i225 and i226 are consistently good for whatever that's worth. I'd expect i226 to be ok. Chris
Re: socket cores
i Gustavo Rios [rios.gust...@gmail.com] wrote: > Hi folks! > > I have a simple question: how many cores does OBSD support ? > There's various hard-coded limits at something like 64-128 cores (depending on architecture) Depending on your application, a useful number of cores is somewhere between 4 and 16 right now, although a purely computational multi-thread/multi-process application could perhaps use much more. Applications that make heavy use of kernel services are all undergoing acceleration as the kernel unlocks and things are changed to take advantage of parallelization where this is possible. Here's a 16 core box doing NAT on 250kpps (250k in and out) with vlan tagging and if_ix multiqueue. One more interesting item here is that the majority of work is spread across four CPUs. It's running OpenBSD 7.4 (not current which is has a bit more unlocked.) The same config starts to putter around 800-900kpps in/out (increased latency) but doesn't drop traffic. load averages: 1.91, 2.11, 2.04test 18:33:34 35 processes: 34 idle, 1 on processorup 0 days 09:56:29 CPU00: 0.0% user, 0.0% nice, 0.0% sys, 0.4% spin, 4.8% intr, 94.8% idle CPU01: 0.0% user, 0.0% nice, 39.4% sys, 1.4% spin, 0.0% intr, 59.2% idle CPU02: 0.0% user, 0.0% nice, 36.8% sys, 0.4% spin, 1.0% intr, 61.8% idle CPU03: 0.0% user, 0.0% nice, 32.6% sys, 1.6% spin, 0.8% intr, 65.0% idle CPU04: 0.0% user, 0.0% nice, 23.6% sys, 0.6% spin, 0.8% intr, 75.0% idle CPU05: 0.0% user, 0.0% nice, 6.0% sys, 0.2% spin, 0.6% intr, 93.2% idle CPU06: 0.0% user, 0.0% nice, 0.2% sys, 0.2% spin, 1.4% intr, 98.2% idle CPU07: 0.0% user, 0.0% nice, 0.0% sys, 0.4% spin, 1.8% intr, 97.8% idle CPU08: 0.0% user, 0.0% nice, 0.0% sys, 0.0% spin, 1.8% intr, 98.2% idle CPU09: 0.0% user, 0.0% nice, 0.0% sys, 0.0% spin, 2.0% intr, 98.0% idle CPU10: 0.0% user, 0.0% nice, 0.0% sys, 0.2% spin, 1.8% intr, 98.0% idle CPU11: 0.0% user, 0.0% nice, 0.0% sys, 0.2% spin, 0.8% intr, 99.0% idle CPU12: 0.0% user, 0.0% nice, 0.0% sys, 0.0% spin, 1.4% intr, 98.6% idle CPU13: 0.0% user, 0.0% nice, 0.0% sys, 0.2% spin, 1.4% intr, 98.4% idle CPU14: 0.0% user, 0.0% nice, 0.0% sys, 0.2% spin, 1.0% intr, 98.8% idle CPU15: 0.0% user, 0.0% nice, 0.0% sys, 0.0% spin, 1.8% intr, 98.2% idle Memory: Real: 57M/M act/tot Free: 60G Cache: 815M Swap: 0K/2035M
Re: disk not found after first reboot
On Fri, Jan 19, 2024 at 12:38:03AM +, Isak Lyberth wrote: > Hello guys, I am sorry to bother you with such a basic question. > After many years of only using my favorite OS on my firewall, I have > decided to install OpenBSD 7.4 on my Dell Latitude 7490 laptop, fitted with > a 500 GB Samsung 980 (non pro) nvme disk i use the entire disk with auto > partitioning). > it had Windows on it when iÍ got it, I removed it and used Linux Mint for > about a week and now i have installed OpenBSD 7.4. i have tried it a lot of Did you read the FAQ carefully? Did you read the message in the directory about installing? When you say that you installed it, how? Which OS did you install? i386 or amd64? Usually amd64 is the correct answer. What does disk not found mean? What did you see during the failed boot process? ERR M? Are you trying to multi-boot with another OS too? Have you tried installing to a USB drive? This will, if successful, make you able to submit a dmesg. That's very helpful. You do not need to use a regular hard drive of any kind to get it up and running. Why are you using dd? > times, clearing the disk with the dd if=/dev/zero of=/dev/sd0 command and > also dd'd to sd0a, rsd0 and anything i could think of, i also tried exiting > to shell and done some fdisk -iy sd0 (suggested on reddit) Following advice from the general Internet is rarely useful. Usually out of date or just plain wrong. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
systat mbuf vs. netstat -m
In various places, netstat/mbuf.c does stuff like this against the hiwat value:
printf("%u/%lu mbuf %d byte clusters in use"
" (current/peak)\n",
mclpools[i].pr_nout,
(unsigned long)
mclpools[i].pr_hiwat * mclpools[i].pr_itemsperpage,
mclpools[i].pr_size);
for this result:
3/144 mbuf 2048 byte clusters in use (current/peak)
1011/83430 mbuf 2112 byte clusters in use (current/peak)
the hiwat according to systat mbuf is:
IFACERING LIVELOCKS SIZE ALIVE LWM HWM CWM
System mbufs 0 256 23115254
mcl2k2048 6 18
mcl2k2 2112 10145562
Is this sensible?
unwind not picking up autoconf resolver from wg0
I have a setup where a machine has 2 network interfaces:
host fqdn: foo.company.com - public address
vio0 - autoconf'd from internet provider, public IP
wg0 - intranet with it's own DNS intra.company.com dns domain and 10.0.0.0/8
network
Wireguard is configured in star topology, with 10.0.0.1 server providing
org-wide
DNS, router, printing, etc.
unwind.conf: --
forwarder {
1.1.1.1 port 853 authentication name cloudflare-dns.com DoT
1.0.0.1 port 853 authentication name cloudflare-dns.com DoT
}
force accept bogus autoconf {
intra.company.com
}
preference { autoconf forwarder }
wg0 has DNS resolver added using route, as instructed in man resolvd(8)
/etc/hostname.wg0: --
inet ...
wgkey ...
... snip wg vpn config here ...
!route nameserver wg0 10.0.0.1
--
I can definitely observe commented out 10.0.0.1 resolver in /etc/resolv.conf,
as expected when unwind and resolvd are running.
However, when I try to resolve anything with unwind, it fails:
# host foo.intra.company.com localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:
Host foo.intra.company.com not found: 3(NXDOMAIN)
Resolver on the other side of wg0 is working:
# host foo.intra.company.com 10.0.0.1
Using domain server:
Name: 172.16.0.1
Address: 10.0.0.1#53
Aliases:
foo.intra.company.com has address 10.0.0.xx
When checking autoconf status, I see that unwind is not picking
up resolver from wg0:
# unwindctl status autoconf
autoconfiguration forwarders:
DHCP[vio0]: aa.bb.cc.dd ee.ff.gg.hh
I'm out of ideas here. How can convince unwind to use resolver
from wg0?
Cheers,
Chris
ntpd not adjusting clock in vm
I'm running OpenBSD 7.4 in qemu VM on my laptop. After hibernation, vm clock is delayed. ntpd works in background, but it fails to adjust the clock: reply from 162.159.200.1: offset 0.005599 delay 0.013842, next query 32s reply from 139.162.219.252: offset 0.007199 delay 0.011274, next query 30s reply from 162.159.200.123: offset 0.007154 delay 0.010765, next query 31s reply from 131.111.8.61: offset 0.007642 delay 0.016057, next query 30s adjusting local clock by 4686.953122s (...) reply from 83.151.207.133: offset 0.011828 delay 0.014193, next query 33s reply from 139.162.219.252: offset 0.009902 delay 0.011271, next query 32s reply from 131.111.8.61: offset 0.010350 delay 0.015616, next query 33s adjusting local clock by 4686.164970s reply from 162.159.200.1: offset 0.013156 delay 0.011764, next query 34s reply from 131.111.8.61: offset 0.013905 delay 0.017363, next query 30s adjusting local clock by 4686.001301s However, the lock does not budge at all. I can still manually set the clock by date -s HHMM. Not sure how to debug it. Is it because I'm using vm and it doesn't support? diso# dmesg | grep pvclock pvclock0 at pvbus0 Best regards, Chris Narkiewicz
Re: netcup.eu arm64 (kvm, Ampere Altra), bsd.rd hangup
On Sun, Dec 17, 2023 at 09:56:04PM +0100, Sven Wolf wrote: > I only have access to the graphical console IIRC they have a forum where some support could be provided. I'd ask about serial over lan access. Hetzner have it, but I'm not sure about netcup. Best regards, Chris Narkiewicz
Auto-install over network using UEFI
I'm experimentin with auto-install over network using linux libvirt (qemu). I managed to load pxeboot in BIOS mode and I'm wondering if UEFI is supported. According to this blog, I should load BOOTX64.EFI instead of pxeboot. https://eradman.com/posts/autoinstall-openbsd.html I was skeptical but tried it neverthekess and system immediately reboots after probing disk: probing: p0 com0 mem[640K 2029M 9M 3M] disk:BS->LocateHandle() returns 14 Is it possible to net-boot installer in UEFI using QEMU? Cheers, Chris
Re: my first patch
On Wed, Oct 25, 2023 at 10:10:32AM +0600, Maria Morisot wrote: > > > that you're using correct lengths though, it is possible to get things > > wrong and break programs. > > I was careful to look at the buffer lengths being written and to match them > in strlcpy and snprintf. I peeked at the source for instances of strcpy and > found a lot in xenocara; less in the main source tree. > > I'm willing to change these but I need to know how to submit the altered > files and since it's my first time contributing, I'd love if someone could > double check a bit of my work. > I think that the explanation of what you are doing and trying to accomplish was a little bit unclear from the responses you got. Upstream means sending your work "up" to the programmers elsewhere who are creating and developing the program. This can allow, if they want to and it doesn't cause problems with other OS's, your changes to be incorporated into the software. This doesn't have anything to do with OpenBSD, except that it will make porting the program into being usable with OpenBSD different. (See ports on the website and the po...@openbsd.org mailing list). So, there is a big difference between changing the original program to work better with OpenBSD or porting it in. Porting in a program means adapting it, possibly with patches that make the changes *only* for OpenBSD. So, Libreoffice isn't an OpenBSD program. Certain patches or changes shouldn't be done locally unless upstream refuses your change. Then, that program will be ported in officially, just marked as broken or dropped as a program for OpenBSD. A really good and simple example is an error in a man page. That sort of change should always be sent upstream first. If they refuse to accept that change, then patch it here. If some flags for our compiler are different, then that is a local adaptation *for OpenBSD*. Do that here and don't bother upstream unless you have questions. Updating programs that are ported in can sometimes be quite difficult when the version changes. That is what Stuart meant about having a nightmare when changing the local copy for us in the way you are doing it. Also, even if everything you have done is 100% perfect, don't be disappointed if your work isn't accepted. Just learn from it and start a new project. OpenBSD has extremely picky and overworked developers. Which is probably why I sleep well at night knowing I have an excellent and secure OS. They do amazingly good work! So even if your first ten tries at different things fail, by the time of your eleventh, you will probably be getting it right by then. Enjoy! -- Chris Bennett
Custom siteXY.tgz and signature verification
I'm trying to automate some deployment and I use miniroot image with HTTPS repository containing site74.tgz and site74-$(hostname -s).tgz. Custom file sets are not signed (obviously) so the installer complains about fileset validation. Is there a way to supply custom signing key for the installer, in a similar way we bootstrap firwmware files by mounting the image using vnd? Best regards, Chris Narkiewicz
Limiting RAM on boot to emulate low-memory situation
Is it possible to decrease amount of available RAM at boot time? I'm about to migrate some VPS system to a significantly cheaper option that comes with less RAM and I need to evaluate how existing system will behave. Sadly, I can't reconfigure RAM in VPS config. Cheers, Chris
Re: OT: Github requiring 2FA auth, meaning
On Tue, Aug 29, 2023 at 08:40:38PM +0200, Daniele B. wrote: > Since today powers and financial interests will be able to block me > access to the Github platform by their discrection. All ready for > that? Yes, Firefox from ports seems to handle Yubikey 2FA just fine. Best regards, Chris Narkiewicz
Re: sed and tab
On Tue, Aug 22, 2023 at 04:03:57PM +0300, kasak wrote: > > > Oh, thanks! I didn't know about that ctrl+v tab feature! > Just so you know, ctrl+ other stuff also works. I'll let you experiment and discover those. -- Chris Bennett
Re: Mouse not working via KVM switch
On Fri, Aug 18, 2023 at 07:58:03PM +0200, Karel Lucas wrote: > > Dear Nick, > > For more than ten years I have been working with an ATEN brand KVM switch > together with several computers, including linux and openBSD (version 4.1). > In all these years I have had no problems, not with my KVM switch, nor with > any degree of disconnection. The keyboard works flawlessly via the switch, > it's only the mouse that I have a problem with, and only with openBSD. > This is not very clear at all. You have used the same KVM switch for ten years, but haven't considered it having hardware degradation over that time? Capacitors are well known for having limited lifetimes and are *usually* the first item looked at in repairs. Switches also fail due to dirty contacts. Or, are you saying that everything worked fine for OpenBSD 4.1, but not for OpenBSD 7.3? The changes over that time have been enormous. > Op 17-08-2023 om 13:56 schreef Nick Holland: > > > > First of all, does your mouse work directly plugged into the OpenBSD > > computer? > Yes, it does. > > If so, it's your KVM switch. > As I mentioned above I have been working with my KVM switch and openBSD for > over ten years with very good results. > > > Second...if you boot the OpenBSD machine with the KVM pointed at the > > OpenBSD machine, does it work? > No, even then it won't work. Have you swapped ports on the KVM switch to rule out a partial hardware failure on the switch? Have you also disconnected the other hardware and OS inputs to rule out them as the source of the problem? Have you checked that the other machines are producing the correct supply voltages? Power supply failures are a consistent problem with computers. High or low voltages don't mix well. Have you checked with your switch manufacturer to make sure there wasn't a problem with your switches model? It happens a lot. After ten years of service, if you insist that the switch isn't the problem, (Prove it) then you need to also prove that the other hardware is functioning properly. Do not believe what the BIOS or sensors say that the voltage is. A bad voltage will cause those readings to fail. Get a good voltmeter with excellent probes for this kind of work and check *everything*. Please use a great deal of care. You will need to measure voltages on the motherboards in addition to what the power supply puts out. Everything is running and you will need to check in many spots. Also, there are high voltages inside the power supply. Don't get electrocuted. Drain the voltages off the capacitors in there with a suitable tool for that purpose if you go inside there. Yes, even with the power off and power cable disconnected. And it's tricky. I have a power supply cable for two hard drives. Two connectors crimped across the same cable. One of the crimps is bad. Recognizing that saved me a trip to hell after about an hour. Easy to fix, damned hard to locate. Chris Bennett > > You > > might be able to improve how OpenBSD deals with KVM switched mice, > > because yes, it does seem to be a little more touchy than some other > > OSs, but someone with good programming and HW trouble shooting > > skills AND a cheap-*** POS KVM switch would have to care. Most people > > that skilled generally just buy a better KVM switch and move on. > That more than ten years of loyal service proves that my KVM is of good > quality. > > What does the dmesg show as you switch the KVM around? That would tell > > us how the KVM works. Some are equiv. of plugging and unplugging the > > mouse/keyboard/monitor, some do some kind of "keep alive" so the > > computer thinks the mouse is still there. Both can cause problems of > > different types (my "good" one seems to plug/unplug the mouse/keyboard, > > but has a great keep-alive for the monitor). > What I've learned about my KVM switch over the past ten years is that both > the mouse and keyboard are emulated when they are switched to another > computer. Never have I had any problems with my computers when switching > with my KVM switch. > > >
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Wed, Aug 16, 2023 at 10:21:34AM +0200, Bruno Flückiger wrote: > How about something like this? > > match from mail-from regex "@example.net" action send_example_net > match from mail-from regex "@example.com" action send_example_com > > Cheers, > Bruno > Thank you very much. I just had to add for any and it works perfectly. My dad and I ate some bad food at a restaurant, so this is a happy moment. -- Chris Bennett
Re: My /usr cleaning campaign..
On Tue, Aug 15, 2023 at 01:19:06PM +0200, Daniele B. wrote: > Thanks for the help, > > Unfortuately I have no clean system nor knowledge about these files.. > Do you mind to point me out almost the direction how to fix things correctly? > Read these manpages: ls ln I strongly suggest that you take this a bit further and learn how to pull out the information in a better way. Possibilities include sh scripts, awk, grep, sed, perl, uniq, sort and maybe other methods. You *need* to be able to use these tools at a basic level in order to get anything done in a reasonably efficient way. Learn the versions in the base system! There are different versions also available in ports. Sometimes they are preferable if you already know why. Otherwise, don't use them. mawk, gawk, gmake, etc. You will find very, very few OpenBSD users who prefer GUI versions of tools. It is called the *command* line because it is yours to issue clean and powerful *commands* with. Feel free to panic, scream, run in circles and collapse with exhaustion. It's a good way to relieve stress. ;-} -- Chris Bennett
Re: non-amd64 vps's in europe?
On Sun, Aug 13, 2023 at 09:17:58AM +0200, Peter J. Philipp wrote: > He doesn't want to deal with hetzner because of their tight control checks > regarding id cards and stuff. Huh? They didn't check my national ID nor passport. Payment card was enough. Is he using some dodgy payment method that triggered KYC alarm? Given that VPS can be used for criminal activity, I doubht he will find anyone willing to provide the service without KYC. Best regards, Chris Narkiewicz
Re: [cpb_m...@bennettconstruction.us: I would like help matching my outgoing domains to the right IP for smtpd]
It's the weekend. I will see if anyone has any advice later. I will spend my time looking at perhaps solving the problem with a filter and using tcpdump and the debug features of smtpd to follow what I come up with. -- Chris Bennett
Re: Feedback on redesigned OpenBSD.org
On Sat, Aug 12, 2023 at 06:23:07PM +0200, Wolfgang Pfeiffer wrote: > > On Fri, Aug 11, 2023 at 10:38:46PM -0400, Amelia A Lewis wrote: > > On Fri, 11 Aug 2023 20:11:02 -0600, Theo de Raadt wrote: > > > When did it become an assumption that we would adopt any of these > > > changes? > > > > I don't think that it did become an assumption, but as a number of > > people have responded to the initial design, to the point that the > > designer offered a revision, I thought I might add to the discussion. I > > apologize if it was out place to do so. > > The debate - since three days now - strongly suggests, that at least > some of those contributing to the debate were assuming that a change > of the looks of openbsd.org might be accepted. Otherwise: what sense > would it make to debate it here? > > The point tho seems: there were at least two threads over the last 11 > years on that topic: > > 2012: > "OpenBSD's webpage desing" > https://marc.info/?l=openbsd-misc=2=4=desing+webpage=b > > 2016: > "Suggestion: new webpage for openbsd.org" > https://marc.info/?t=14634695033=2=2 > > Result: > Just compare the archived version of the site from 2011 to the > present one: > https://web.archive.org/web/20111223000626/http://www.openbsd.org/ > > So to make sure my effort is making sense: what I most certainly would > have done before working on a redesign of the current page would have > been to ask its maintainers, whether they wanted the change. And if > yes: what sort of change. Because obviously it's, well: their page. > Not mine. Plus: they probably have specific needs that I don't know > about for the coding of it, to make it compatible with the frequent > changes of it: updates, announcement of patches etc. - Meaning: Before > doing any attempt to rewrite the code, I would have asked the > current maintainers about the constraints for a change. > > Theo de Raadt about a rewrite of openbsd.org in 2016: > > -- > https://marc.info/?l=openbsd-misc=146378604413389=2 > > "We rarely do whole-scale replacements of anything in OpenBSD, unless > there is compelling reason the old should be discarded. I have > probably received 500+ proposals for website rewrites, a handful with > the effort already expended. This is another offer which will be > rejected. It is kind of sad. > > I think the site is fine. [ ... ] I agree there would be value in > small tweaks to improve the view for narrow displays. > > This is a project that does rapid incremental changes. This entire > concept of throw-it-away, you-want-the-new-warts; I don't get where > it comes from." > > -- > > Nice weekend, everyone! > >From what I am reading in this thread, nobody seems to agree about what they really want. I think that that is a pretty good sign that a consensus is not going to happen. openbsd.org is on CVS. OpenBSD comes with a built-in httpd. As long as it's not publicly available, anyone can run a copy and insert whatever CSS meets their needs. The current website version can be updated from CVS. Just change the stylesheet link to whatever your favorite styling looks like and you are good. If you don't know how to write CSS, learn it. What doesn't require learning something new to use or contribute to OpenBSD? Nothing. That is my opinion. I definitely do not get a vote, especially since I have never even submitted a diff for the website. Unless I am using my phone, I give it a 50% chance that I will be using a text browser to view the site. I use lynx 100% to look at the packages and installation files. It just works. -- Chris Bennett
Re: Feedback on redesigned OpenBSD.org
On Sat, Aug 12, 2023 at 07:21:24PM +0900, Pontus Stenetorp wrote: > On Sat 12 Aug 2023, Stuart Henderson wrote: > > > > To me, it looks just "different" rather than particularly better > > (except on mobile browsers, where I find the redesigned one a bit worse > > by having the links hidden away down the bottom. Scrolling to read the > > text on mobile browsers with the existing version is a bit of a > > nuisance, but so is scrolling to access the links in this rework). > > > > And "different" is a bit of a problem, there are at least 7 associated > > websites which intentionally have the same basic design, which now > > no longer match up. > > > > (I found v1 a lot worse than the existing one, mostly due to overriding > > browser default font/colour choices and disabling underlining for links). > > As someone using the current website both on desktop and phone, the > only thing that has ever sprung to mind as a possible improvement would > be to constrain the line length, as I often have to tighten the window a > bit (interestingly, a good line length tends to be around 80 > characters [1] and where have we heard that number before?). On > man.openbsd.org there is a fixed line length, just that it is a tiny > bit too wide for reading comfort. > I have always found that 72 characters is a bit better than 80. In CSS, that would be 72ch. Versus 80ch. I often adjust the width of the window my browser is in to control that width, assuming the website doesn't fight me and force horizontal scrolling. I have key bindings on fvwm2/3 to do that. But definitely add the viewport to the head. Nothing bad can happen with that and FWIW, it bumps up OpenBSD in many searching algorithms (assuming that that is desirable). -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > Am 12.08.2023 03:13 schrieb Chris Bennett: > > I can't figure out how to match the outgoing mails to the correct IP/mx > > they are coming from. Just one server, different A records for the mx > > versus domain name. > > Difficult to understand what you're trying there... > I kinda understand that you have multiple IP-addresses on that smtpd > machine and need to send from a "correct" one? > If so, check back that 'action' with a relay delivery has a 'src' option. > > HTH, > -- > pb > action "benn_to_outbound" relay src 108.181.26.184 helo mx.bennettconstruction.us If this is correct, it works fine. However, right now, I am forcing a match with match from local for anyaction "benn_to_outbound" I haven't been able to think of a way to match each individual one. -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > Am 12.08.2023 03:13 schrieb Chris Bennett: > > I can't figure out how to match the outgoing mails to the correct IP/mx > > they are coming from. Just one server, different A records for the mx > > versus domain name. > > Difficult to understand what you're trying there... > I kinda understand that you have multiple IP-addresses on that smtpd > machine and need to send from a "correct" one? > If so, check back that 'action' with a relay delivery has a 'src' option. > > HTH, > -- > pb > I have one server with multiple IP addresses. For example, bennettconstruction.us at one IP, with A record mx.bennettconstruction.us at the same machine, different IP with it's own A record. Plus, several other website and mail domains on the same server. In each case, each has it's own A record and IP, one for a domain name, the other for it's mail domain. bennettconstruction.us 1.2.3.4 mx.bennettconstruction.us 1.2.3.5 moron.org 1.2.3.6 mail.moron.org 1.2.3.7 wisecracker.com 1.2.3.8 mx.wisecracker.com 1.2.3.9 I'm trying to get the proper mail server to match the sent From: domain. Also, with this switch changing the hostname, root now comes through bennettconstruction.us instead of the other one that was the hostname before. The change in hostname was planned. In case it's relevant, I always use ssh and neomutt to the server for reading and sending. I only use K9 on my phone to read or click a link. Thank you for putting up with my hard to understand posts. It's not deliberate, but a lifelong problem. -- Chris Bennett
I would like help matching my outgoing domains to the right IP for smtpd
Hello, as I was updating to the new IP ranges, I changed ~all to -all (My old IP's were crap filled with spam, so I just didn't send mails to the big guys.) I tried sending to gmail.com and got smacked that the spf was referring to an unexpected address on the server. I found that I was getting "random" choices from the tables I had setup. Reading the manpage carefully, I saw that this was the correct behaviour. If the headers in this email are correct, then I have the right action. I can't figure out how to match the outgoing mails to the correct IP/mx they are coming from. Just one server, different A records for the mx versus domain name. Right now, I'm just forcing all local to this action. After several hours trying different options and testing sending to my other server, I'm coming up blank. Except that I now understand much more from the manpages that confused me previously. I've been reading a lot of other manpages lately, too. Time well spent. Any advice would be nice. -- Chris Bennett
[cpb_m...@bennettconstruction.us: I would like help matching my outgoing domains to the right IP for smtpd]
- Forwarded message from Chris Bennett - To: misc@openbsd.org From: Chris Bennett Subject: I would like help matching my outgoing domains to the right IP for smtpd Date: Fri, 11 Aug 2023 18:13:59 -0700 Hello, as I was updating to the new IP ranges, I changed ~all to -all (My old IP's were crap filled with spam, so I just didn't send mails to the big guys.) I tried sending to gmail.com and got smacked that the spf was referring to an unexpected address on the server. I found that I was getting "random" choices from the tables I had setup. Reading the manpage carefully, I saw that this was the correct behaviour. If the headers in this email are correct, then I have the right action. I can't figure out how to match the outgoing mails to the correct IP/mx they are coming from. Just one server, different A records for the mx versus domain name. Right now, I'm just forcing all local to this action. After several hours trying different options and testing sending to my other server, I'm coming up blank. Except that I now understand much more from the manpages that confused me previously. I've been reading a lot of other manpages lately, too. Time well spent. Any advice would be nice. -- Chris Bennett - End forwarded message - --
Re: Feedback on redesigned OpenBSD.org
I haven't even looked at these changes, yet. But I have a terrible time reading text on mobile devices. There doesn't seem to be any way (that I know of), to change text size without either using the phones settings for text size (Yuck) or changing the default size or accessibility settings in the browser. I always grab a tablet for sites that really screw up text sizing. My phone is just too small for sites with tiny text or huge text. That's just my opinion and experience with bad eyesight. -- Chris Bennett
Re: Two problems
On Fri, Aug 04, 2023 at 04:12:49PM +0200, Karel Lucas wrote: > > Hi all, > > On a desktop PC on which I have openBSD, I installed KDE. When I start the > X-window system, I still see Fvwm, and no KDE. I also want to start the X > window system when I start this PC, and that is not yet the case. How can I > solve both problems? > > As some others have already commented, there are significant security issues with a big desktop like KDE or Gnome. FVWM in base is setup just enough to let you have an X gui. It is highly customizable to almost whatever you can come up with. FVWM2 is available in ports. It is no longer being developed. It has configuration like the built-in version. Many use it. FVWM3 is under active development and has a very similar configuration, but some notable changes. I use FVWM3 (or 2 from ports if I want to since I already am happy with the configuration I came up with.) If you want to use FVWM and you don't know how to configure it, consider using FVWM3. There is an active forum which provides lots of help. It also has a default configuration that works nicely, but I personally don't like it. It has a menu that will pull up most programs you have installed from KDE, Gnome and others like GIMP, etc. Spectrwm is also nice, small and easy to configure. There are tons of window managers, feel free to try out many until you find what you need and like. I originally came to OpenBSD from Windows, so I used KDE3 a long time ago. Easy switch. But I wouldn't use something like it ever again. xenodm is a good choice. The login screen can be easily customized and you can add functions like shutdown, reboot and a choice of different window managers to start. -- Chris Bennett
Re: Mouse does not work
On Fri, Aug 04, 2023 at 05:33:48PM +0200, Karel Lucas wrote: > dmesg: > ... > uhub5 at uhub0 port 1 configuration 1 interface 0 "NEC hub" rev 2.00/1.00 > addr 2 > uhidev0 at uhub5 port 1 configuration 1 interface 0 "Logitech HID compliant > keyboard" rev 1.10/1.80 addr 3 > uhidev0: iclass 3/1 > ukbd0 at uhidev0: 8 variable keys, 6 key codes > wskbd0 at ukbd0: console keyboard > uhidev1 at uhub5 port 1 configuration 1 interface 1 "Logitech HID compliant > keyboard" rev 1.10/1.80 addr 3 > uhidev1: iclass 3/0, 2 report ids > ... > uhub6 at uhub5 port 4 configuration 1 interface 0 "ATEN International > product 0x8021" rev 1.10/1.00 addr 4 > uhidev2 at uhub6 port 1 configuration 1 interface 0 "Logitech USB Receiver" > rev 2.00/12.11 addr 5 > uhidev2: iclass 3/1 > ukbd1 at uhidev2: 8 variable keys, 6 key codes > wskbd2 at ukbd1 mux 1 > uhidev3 at uhub6 port 1 configuration 1 interface 1 "Logitech USB Receiver" > rev 2.00/12.11 addr 5 > uhidev3: iclass 3/1, 8 report ids > ums0 at uhidev3 reportid 2: 16 buttons, Z and W dir > wsmouse0 at ums0 mux 0 > ... > ^ This is not a dmesg. People are helping you. People want to help you. People are busy. People might stop wanting to help you. Don't let that happen. Please do the following, without delay. Read the entire FAQ page on the website. man afterboot man intro. It also suggests additional intro pages. If you don't know how to access those or otherwise need to `man man` Read all of those. Look through all of the default installed directories `man hier` See which ones you know, which ones you don't Every entry on the dmesg refers to a driver (remove the number at the end) run man on each of those too. Don't worry if you don't understand everything right now. Search for existing answers at marc.info. It has many mailing lists for many OS's. It is traditional to refer to existing previous mailing-list posts using that URL for that message from marc.info Etc. When you get a response here: RTFM It means you have not done your homework first. If you don't like reading plain text for manual pages, you can convert those to many different outputs. HTML, pdf, etc. I leave that for you to discover how either through the manual pages or from searching the mailing lists. Subscribe to all of the mailing lists ports@, misc@, tech@. Read tech@. Do not post there until you understand what it is for. Personality and mood come through strong here. Sometimes dogs ignore you, bark happily at you, bark menacingly at you, slobber all over you or bite you with the whole pack. These mailing lists reflect real life and real people. IMHO, I think that that is a good thing. OK I just woke up. Coffee will help greatly. Then I myself have many manpages to read and cogitate. Enjoy. -- Chris Bennett
Re: Installer loop on apu6b4
Ronald Dahlgren [ronald.dahlg...@gmail.com] wrote: > I have a PC Engines apu6b4 that is acting up during the installation > process. I want to see if this group has any insight before I try an RMA > with the seller. > > entry point at 0x8100100PC Engines apu6 This should be an FAQ entry. You need to setup the serial console in the boot blocks: boot> stty com0 115200 boot> set tty com0 Chris
Re: Installing openBSD
On Mon, Jul 31, 2023 at 04:08:49PM +0200, Karel Lucas wrote: > > Hi, > > Multi-boot is not an option here. The intention is to replace the entire > PfSense installation with openBSD. Eventually this computer becomes a > firewall with PF, so the current installation is unnecessary. But my > question remains whether I need the (U)EFI partition for that or not. Can > anyone give me some helpful advice? > Also, give some serious thought about the partition sizes AND order that you create them. The order matters if you ever suspect that you will need to make a partition bigger. Read the growfs man page. You can only make a partition bigger by sacrificing the immediate partition after it. So if you have /home then /usr/local and you need /home bigger. Bad ordering of the partitions. But if you have /home followed by /usr/kittens and you can get rid of having /usr/kittens as a partition (but back it up!) and just add it to the /usr directory afterwards Also, don't create "useless" partitions. If you will never use /usr/src as a separate partition, don't put it in it's own partition. Developers or people wanting to play around with source code like having it. Please read the entire FAQ page. growfs can only make a partition bigger ( and you keep existing files as a bonus ). There isn't a tool to make them smaller and keep data on it. Also, the partitions that are normally created has a big effect on security. nodev, nosuid, wxallowed are important. Most important is to not get freaked out. Just do it and see what happens. Screwing up is half the fun! Cleaning up isn't fun, but a good way to learn. ;-} -- Chris Bennett
Re: Installing openBSD
On Sun, Jul 30, 2023 at 07:30:27PM +0200, Karel Lucas wrote: > > Hi all, > > I'm going to install openBSD on a small PC that currently has PfSense on it. > This PC boots this OS via (U)EFI, and therefore has an EFI partition on the > existing SSD. The current partition table looks like, as shown by openBSD > fdisk: > > 0: efiboot0 > 1: gptboot0 > 2: swap0 > 3: zfs0. > > Should I keep the (U)EFI partition? And if so, how do I mount the future > openBSD root partition to this (U)EFI installation? Are there any other > things I should watch out for? I look forward to receiving responses from > this community. Sincerely, Karel. > If you can afford a 2nd hard drive, that makes life very easy. Just have a partition that is MSDOS if you need exchange files between all OS's If you can't install a 2nd hard drive, OpenBSD runs fantastic on USB sticks. (Assuming that the BIOS allows it.) Plus, you can put it in your pocket and boot other computers somewhere else. Plus, you can get USB SSD or spinning hard drives. However, if you are doing disk intensive work, USB is slow. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 07:41:18PM +, Philipp Buehler wrote: > Am 29.07.2023 21:29 schrieb Chris Bennett: > > The other IP's are randomly missing or give this: > > > > link#2 UHLc 0 450 - 3 em1 > > Hi, I'm happy. I practiced on the other server until I was sure, then I changed the first server over to the new way. I got one link#2 on the last IP, so I aliased that one in too and rebooted. Everything is great. What does link#2 mean in a more literal sense? Tomorrow all I have to do is new DNS records and swap the IP addresses for the other server. Tell them to switch me over to the new IP's and I'm done. I have no idea what the network problem was, but I leave my desktop on 24/7. It crashed for the first time ever. Most likely it was the problem. Thank you for the education. I fully approve of getting little pieces at a time. Change this. Doesn't work. Study it carefully. Post again. More problems. Then more help. I have always liked OpenBSD's policy of not giving information to just copy/paste. Now I need to go make a donation. Have a great day. -- Chris
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 07:41:18PM +, Philipp Buehler wrote: > Oh, you need an alias for each IP that should be bound on em1 > so, like: > # cat /etc/hostname.em1 > inet 103.103.103.170/29 > inet alias 103.103.103.171/32 > inet alias 103.103.103.172/32 > inet alias 103.103.103.173/32 > inet alias 103.103.103.174/32 > This seemed to work. The network is very strange for me. Not sure if my hotspot is bad or if they are having network problems at the company. New network, new problems? I will get back later if this is a real problem or not. I was reading route manpage. Next is netstart script and manpage. Thanks. I really appreciate it. Chris Bennett > > mygate and netstart has a manpage, as there is 'hostname.if' to read :) > > PS: pointless to use '-x'; just a lot of debug noise > > -- > pb > --
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 06:18:40PM +, Philipp Buehler wrote: > Am 29.07.2023 20:04 schrieb Chris Bennett: > > inet 103.103.103.168/29 > > That's wrong, you put the "first" IP-address you want to > use/have on em1. So that would be 170/29 > Well, that half-worked. Always get ...170, works. ssh works. autossh with -M no longer works except with autossh -M 0 ...169 is the gateway. ...175 is broadcast. The other IP's are randomly missing or give this: link#2 UHLc 0 450 - 3 em1 Each route flush;sh -x /etc/nestart or a reboot changes the result. I just tried mygate at ...174. No good. > (168 is this network's BSD-broadcast or "net address") > > > > /etc/mygate is > > 103.103.103.169 > Cannot forsee what your ISP provides as the gateway, but > likely that's correct. > Feel free to offer me a good man page to start with. Coffee is working. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 04:34:17AM +, Philipp Buehler wrote: > > To save mindboggling counting of 'f' or similar, just write this to > /etc/hostname.em1 > inet 108.181.26.178/28 > The ifconfig called from netstart will figure it out ;-) That's a headups > for everybody, so cc misc@. > Hmm, I also have a newer server with the same company that does have a usable IPMI. I also have to change IP's with it too. It is running -current from a few weeks ago, so this is a fictional address except for the last three digits (168) 103.103.103.168/29 Right now, I have my first IP I'm using at 103.103.103.170 I put into /etc/hostname.em1: inet 103.103.103.168/29 /etc/mygate is 103.103.103.169 /etc/myname is network-moron.com I did not change /etc/hosts which just has the addresses from 103.103.103.170 to 103.103.103.175 added. I rebooted, but couldn't ping the server at any address. In IPMI, there were no network problems on the boot screen, but apache2 failed to start. ifconfig gave 103.103.103.168 as the IP address route -n show gave 103.103.103.168 as the gateway. For the heck of it, I changed /etc/mygate to 103.103.103.168, just to see if that provided any useful information. Same failed outcome, as I expected. .later I tried every obvious variation I could think of. Nothing works except what I used on the other server. A couple of years ago I tried to do what you suggested with a script to swap back in the old hostname and reboot. I couldn't ever get it to work Since what I had worked (not what I really wanted to use with the aliases), I just blew it off. I took a good while with my brain in sludge mode last night to change some essential passwords and shut off imap, etc. I still lacking enough sleep. Having coffee, going to eat and probably go back to bed. I just wanted to try this out while I could. I wanted to post about this and then RTFM's later with a clear head. I did not change or remove what's in /etc/hostname which is at 103.103.103.170. Does that matter? -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI 11 Perhaps they just don't have a proper setup or are not using it.
On Sat, Jul 29, 2023 at 04:34:17AM +, Philipp Buehler wrote: > Moin Chris, > > Am 29.07.2023 04:17 schrieb Chris Bennett: > > The network is 108.181.26.176/28. > > > > Right now,the first IP is 108.181.26.178 and the last regular address is > > 108.181.26.190, which might be wrong. I'm too tired to read any more > > man pages or web pages. I needed more than 2hrs of sleep. > > I'm super worn out, so forgive my mistakes. > > > > Any help appreciated. I don't want the next syspatch reboot to fail. > > To save mindboggling counting of 'f' or similar, just write this to > /etc/hostname.em1 > inet 108.181.26.178/28 > The ifconfig called from netstart will figure it out ;-) That's a headups > for everybody, so cc misc@. > Yes, there was a big delay when he put in one f too few. Besides changing IP ranges, they also just started pushing a single IP address that serves as everything, but also a different checkbox for the same thing for Linux only. I know essentially nothing about Linux besides the fact that I quickly tried several, but I didn't like them. I then ran into something mentioning OpenBSD. After reading the website, I saw that OpenBSD was and has been an excellent choice. No regrets. I already know from experience that if I asked them for any details about that networking change, I would NOT get a useful answer. After I got to multiple days, my goal had to be getting able to ssh in and start fixing things. Security through obscurity does not work. So I think it is well worth it to show and get help. I am so tired right now, that my Dad had a problem with sound using YouTube on a Firestick. I couldn't tell him even the simplest step, so I just had him reboot it. I'm going to kill everything that has outside access, get a good night's sleep and then change every password for inside stuff and all emails. Then I'm going to carefully read every man page, etc. until I understand everything fully. Now is the right time for this. Until recently, I only had a laptop stuck at 6.6 and a lousy phone hotspot or an even crappier access to almost useless wifi in places like libraries. Two used computers and a really great phone hotspot make everything good now. Thank you very much. > The current ifconfig em1 shows a bit wild setup for 108.181.26.179; but that > > is likely unintended and the wrong mask/bc will be gone with the above > setting. > > The route output shows several hosts in 108.136/108.137 ranges where there > is no corresponding setup given. > > But to reach the system via 108.181.26.178 again, this looks sound. > > HTH, > -- > pb > > PS: > tyo# cat /etc/hostname.vlan1 > vlandev vio0 > inet 108.181.26.178/28 > tyo# sh /etc/netstart vlan1 > tyo# ifconfig vlan1 > vlan1: flags=8843 mtu 1500 > lladdr fe:e1:bb:6e:63:36 > index 7 priority 0 llprio 3 > encap: vnetid none parent vio0 txprio packet rxprio outer > groups: vlan > media: Ethernet autoselect > status: active > inet 108.181.26.178 netmask 0xfff0 broadcast 108.181.26.191 > PPS: to check quickly on reachability of a gateway directly: > ping -I 108.181.26.178 -t 1 108.181.26.177 > and check arp table accordingly I will try this right now and save this email in the mailbox for important things to keep long term. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 03:45:36AM +, All wrote: > Your network has first usable IP address 108.181.26.177, not > 108.181.26.178. Also, your broadcast address is 108.181.26.191 and not > 108.181.26.190 > Yes, I had things setup with 108.181.26.177 as the first IP, but they changed it. It was extremely frustrating to watch someone making changes that I did not request. They also don't seem to have the capability to read the support messages I sent them while actually making incorrect changes. Perhaps they just don't have a proper setup or are not using it. I could see what they were doing by refreshing the IPMI preview screen. But that really is just a poor set of images. It did let me see the contents of files if I refreshed the image at just the right moment. Getting them to type sh -x /etc/netstart or reboot despite giving them detailed instructions beforehand. It took about 1 1/2hrs to get someone to finally type sh /etc/netstart after doing all of the above. But I have never worked in that field, so I really don't know what goes on in their server farms. There was another issue that I did not know how to deal with. I will mention that in replying to another in this thread. -- Chris Bennett
I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Hi. My server company either was bought by another company or just hooked up new IP ranges. I have a super cheap server with 13 IP addresses. This only has ancient Java KVM which I can't hook up to, but I can use the console preview only as single refreshable images. So I had to coach them along. I had to really rush due to the cutoff date. I made a few mistakes, inet isn't spelled ine, etc. A power screwup, my fault. Watching someone trying to use ed was amusing. I had to get /home commented out since it needed manual fsck. It was a long day and all night and morning today. Everything is apparently working fine, but a little different than my previous setup. I would like some help to know if this setup will work after a reboot. I really don't want to ask for more help from support. The network is 108.181.26.176/28. Right now,the first IP is 108.181.26.178 and the last regular address is 108.181.26.190, which might be wrong. I'm too tired to read any more man pages or web pages. I needed more than 2hrs of sleep. I'm super worn out, so forgive my mistakes. Any help appreciated. I don't want the next syspatch reboot to fail. Chris Bennett cat /etc/hostname.em1 inet 108.181.26.178 0xfff0 108.181.26.190 inet alias 108.181.26.179 255.255.255.255 inet alias 108.181.26.180 255.255.255.255 inet alias 108.181.26.181 255.255.255.255 inet alias 108.181.26.182 255.255.255.255 inet alias 108.181.26.183 255.255.255.255 inet alias 108.181.26.184 255.255.255.255 inet alias 108.181.26.185 255.255.255.255 inet alias 108.181.26.186 255.255.255.255 inet alias 108.181.26.187 255.255.255.255 inet alias 108.181.26.188 255.255.255.255 inet alias 108.181.26.189 255.255.255.255 #inet alias 108.181.26.190 255.255.255.255 cat /etc/hosts 127.0.0.1 localhost ::1 localhost #108.181.26.177 gateway 108.181.26.178bennettconstruction.us 108.181.26.179strengthcouragewisdom.rocks 108.181.26.180mail.strengthcouragewisdom.rocks 108.181.26.181freedomforlife.rocks 108.181.26.182mx.freedomforlife.rocks 108.181.26.183bsd-sec.dev 108.181.26.184mx.bennettconstruction.us 108.181.26.185bsd-sec.com 108.181.26.186mail.bsd-sec.com 108.181.26.187cowboyup.xyz 108.181.26.188mail.cowboyup.xyz 108.181.26.189capuchado.com 108.181.26.190# Using for development, unassigned cat /etc/myname bennettconstruction.us cat /etc/mygate 108.181.26.177 route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default108.181.26.177 UGS 1125504 - 8 em1 108/8 108.181.26.179 UCn 110 - 4 em1 108.136.59.3 00:1f:6d:eb:60:00 UHLc 04 - 3 em1 108.136.125.13700:1f:6d:eb:60:00 UHLc 02 - 3 em1 108.136.179.19100:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.136.182.16100:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.136.235.20600:1f:6d:eb:60:00 UHLc 08 - 3 em1 108.136.238.23200:1f:6d:eb:60:00 UHLc 0 10 - 3 em1 108.136.248.92 00:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.137.2.300:1f:6d:eb:60:00 UHLc 03 - 3 em1 108.137.73.28 00:1f:6d:eb:60:00 UHLc 0 15 - 3 em1 108.137.74.160 00:1f:6d:eb:60:00 UHLc 04 - 3 em1 108.137.155.20900:1f:6d:eb:60:00 UHLc 03 - 3 em1 108.181.26.176/28 108.181.26.178 UCn12 - 4 em1 108.181.26.177 00:1f:6d:eb:60:00 UHLch 1 44 - 3 em1 108.181.26.178 00:25:90:6c:43:43 UHLl 0 4741 - 1 em1 108.181.26.179 00:25:90:6c:43:43 UHLl 0 3443 - 1 em1 108.181.26.180 00:25:90:6c:43:43 UHLl 0 4510 - 1 em1 108.181.26.180/32 108.181.26.180 UCn00 - 4 em1 108.181.26.181 00:25:90:6c:43:43 UHLl 0 3004 - 1 em1 108.181.26.181/32 108.181.26.181 UCn00 - 4 em1 108.181.26.182 00:25:90:6c:43:43 UHLl 0 4192 - 1 em1 108.181.26.182/32 108.181.26.182 UCn00 - 4 em1 108.181.26.183 00:25:90:6c:43:43 UHLl 0 4767 - 1 em1 108.181.26.183/32 108.181.26.183 UCn00 - 4 em1 108.181.26.184 00:25:90:6c:43:43 UHLl 0 8119 - 1 em1 108.181.26.184/32 108.181.26.184 UCn00 - 4 em1 108.181.26.185 00:25:90:6c:43:43 UHLl 0 4902 - 1 em1 108.181.26.185/32 108.181.26.185 UCn00 - 4 em1 108.181.26.186 00:25:90:6c:43:43 UHLl 0 3049 - 1 em1 108.181.26.186/32 108.181.26.186 UCn00 - 4 em1 108.181.26.187 00:25:90:6c:43:43 UHLl
Re: how to startx with kde?
On Sun, Jul 23, 2023 at 03:22:13AM +0800, ykla wrote: > Hi, > > I install kde by pkg_add kde but how to boot it? There is no Plasma desktop on OpenBSD. KDE metapackage installs KDE applications. Best regards, Chris Narkiewicz
Re: Syspatch https://cdn.openbsd.org/pub/OpenBSD
On Wed, Jul 12, 2023 at 03:19:17PM -0700, latin...@vcn.bc.ca wrote: > Is it working? > https://cdn.openbsd.org/pub/OpenBSD Works for me. Best regards, Chris Narkiewicz
Re: Audio issue: noise/interference
On Fri, Jul 07, 2023 at 06:23:26PM -0400, Ricky Cintron wrote: > I recently resolved an audio issue where I could hear a constant, light > static noise in my earphones. It wasn't loud or distracting, but it was > always there. The solution was to remove 'mix' as a source for mix2 and > mix3. > I wouldn't call this resolved. This is just a useful step in troubleshooting. You now have more information towards a resolution. That's a good thing, but not enough. "My toaster shocks me every time I touch the metal case. I resolved it by not touching the metal part of the toaster." > However, once I got rid of that static, I noticed some additional noise > that was apparently hidden behind the original static. Compared to the > first issue, this noise is quieter and not constant. Don't assume that there are actually two issues here. It may all have one cause or be two (or more) different problems. > Anyway, it > manifests itself in the following ways: > > 1) Very light static noise that never increases, but I've noticed that > when I load a web page (YouTube, for example), the noise is silenced > until the page finishes loading. This also sometimes happens when I > move the mouse cursor around the web browser window, but very briefly. > It's easier to notice when loading a page since it lasts longer. > > 2) Moving the mouse generates a barely audible buzzing sound, but this > either doesn't occur or is barely noticeable when moving the cursor on > a web browser window. > > To troubleshoot, I inspected all the cables in the back of the > computer (power, DP, ethernet, USB keyboard, USB mouse, speakers/line), > and unplugged them (except the power cable) one at a time. I didn't > hear a difference, good or bad. I also turned some mixerctl knobs with > no noticeable effects. > Did you troubleshoot your earphones? It is very reasonable that they could now have bad wires or other problems. Do you still hear these noises with other earphones or speakers? > Does anyone have any ideas? This isn't a big deal since I can't notice > it while listening to audio, and it's pretty easy to tune out even > without audio, but I'd still like to remove it if possible. I'm > considering buying a USB audio interface, so if that even works, that > could be a solution. > I advise finding out what the problem is before buying anything new. You might find the same problem getting passed through another audio device. I suspect that you will need to fix a hardware problem. Don't assume that audio noise is in software. You are surrounded by 50/60Hz noise caused by the power in your house/office/workshop. Electrolytic capacitors can go bad (Even brand new capacitors can be defective). Look up bad motherboard capacitors and you can find some pretty good pictures and information. You can find some good YouTube videos on it too. I would also suspect grounding problems as a possibility. Which can mean bad connections with cables even if they look good. You can be having a power supply problem too. Check for loose motherboard screws. Are you using the computer with the cover off? Do you get these noises with the computer on, but then turning off the monitor and moving the mouse around? Is your electrical wiring done properly? Do you have any other equipment hooked up that might be causing ground loops? Excellent videos on YouTube about ground loops and audio problems. Do you have any OLD radio or TV equipment that could be latching onto the computer noise and amplifying it? Also, if you can, go unplug (not turn off) things around that could be defective. For example, I have to throw away 3-4 USB chargers every year. Nowadays, hardly anything is actually turned off anymore. I used to hear noises like these too, but that was a long time ago... I could hear them in my memory while reading your email. Good luck, Chris Bennett > $ dmesg > OpenBSD 7.3-current (GENERIC.MP) #1269: Sun Jul 2 12:21:03 MDT 2023 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 16934760448 (16150MB) > avail mem = 16401862656 (15642MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.1 @ 0xe (99 entries) > bios0: vendor Dell Inc. version "1.20.0" date 12/15/2022 > bios0: Dell Inc. OptiPlex 5070 > efi0 at bios0: UEFI 2.7 > efi0: American Megatrends rev 0x5000d > acpi0 at bios0: ACPI 6.1 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT BOOT SSDT SSDT HPET SSDT > SSDT UEFI LPIT SSDT SSDT DBGP DBG2 MSDM SLIC DMAR SSDT VFCT BGRT TPM2 ASF! > WSMT > acpi0: wakeup devices PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) RP01(S4) PXSX(S4) > RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) > RP06(S4) PXSX(
Re: Intel DRM error on T 440
I am also getting this (or a similar) error on a different computer. Please note that this might be a longer story. I'll put some details before the dmesg. drm:pid96852:intel_dp_aux_wait_done *ERROR* [drm] *ERROR* AUX C/DDI C/PHY C: did not complete or timeout within 10ms (status 0xa023003f) I don't know quite what to make of the overall story with this box. It cannot boot even to the BIOS or anything at all on the screen unless the DP is converted to a working HDMI port at the monitor. I truly mean nothing at all shows up. DP directly to DP fails. Not below. Then it works fine. Right now, I am booting into HDMI. When it gets to the xenodm screen, I have xenodm kill that DP->HDMI connection and switch over to the other DP port on the computer and into a DP port on my 4k monitor instead. I have to manually change to that port from my monitor. Annoying, but it works 97% of the time. I briefly used Windows 10 that came with the computer to verify a few things. The display port does carry sound. Not on OpenBSD. Back to just OpenBSD use. The beep speaker carries real audio. I cannot find a way to turn this off other than just using the headphone jack to grab the audio. However, the actual beep by itself sticks around no matter what. At some point I would like to add a video card that will let me run programs like chrome or iridium. Any recommendations? I am clueless how to figure out that question. Thanks for any help. Sorry if I missed making anything clear. Just ask for any clarifications. -- Chris Bennett OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34179473408 (32596MB) avail mem = 33124184064 (31589MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec410 (93 entries) bios0: vendor Dell Inc. version "A23" date 06/25/2018 bios0: Dell Inc. OptiPlex 9020 efi0 at bios0: UEFI 2.3.1 efi0: American Megatrends rev 0x4028d acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT SLIC LPIT SSDT SSDT SSDT HPET SSDT MCFG SSDT ASF! MSDM DMAR acpi0: wakeup devices UAR1(S3) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4) GLAN(S4) EHC1(S3) EHC2(S3) XHC_(S4) HDEF(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 3791.34 MHz, 06-3c-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 3791.45 MHz, 06-3c-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 3791.49 MHz, 06-3c-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 3791.54 MHz, 06-3c-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
Re: latest amd64 snap hangs on "root on sdoa..."
On Wed, Jun 21, 2023 at 04:40:59PM -0500, Scott Cheloha wrote:
> On Wed, Jun 21, 2023 at 01:03:03PM -0600, Chris Waddey wrote:
> > Sorry for breaking the thread, I wasn't subscribed to misc, but found
> > this in the archives.
> >
> > After some testing, it looks like the recent uvm_meter() commit is what
> > did this (to my machine at least).
> >
> > The git commit for that is 71d823ace2523fb9fee2d1ab9b4d92a18d3f5714.
> >
> > I compiled the commit right before it in the logs and booted no problems
> > with a GENERIC.MP kernel config, but that one broke it.
> >
> > I'm not as familiar with CVS, so apologies for not having the commit
> > from there.
> >
> > Here is the commit message if that helps, though I those on tech will
> > know it regardless:
> >
> > schedcpu, uvm_meter(9): make uvm_meter() an independent timeout
> >
> > uvm_meter(9) should not base its periodic uvm_loadav() call on the UTC
> > clock. It also no longer needs to periodically wake up proc0 because
> > proc0 doesn't do any work. schedcpu() itself may change or go away,
> > but as kettenis@ notes we probably can't completely remove the concept
> > of a "load average" from OpenBSD, given its long Unix heritage.
> >
> > So, (1) remove the uvm_meter() call from schedcpu(), (2) make
> > uvm_meter() an independent timeout started alongside schedcpu() during
> > scheduler_start(), and (3) delete the vestigial periodic proc0 wakeup.
> >
> > With input from deraadt@, kettenis@, and claudio@. deraadt@ cautions
> > that this change may confuse administrators who hold the load average
> > in high regard.
> >
> > Thread: https://marc.info/?l=openbsd-tech=168710929409153=2
> >
> > general agreement with this direction from kettenis@
> > ok claudio@
> >
> > If I should repost on tech, let me know.
>
> Thank you for bisecting the issue.
>
> Could you try this tweaked version of that patch? I am trying to
> narrow down the chunk responsible for the hang. I cannot trigger the
> hang on any of my machines. Clearly you have something in your setup
> that I don't.
>
> There aren't many possibilities.
>
> 1. Separating uvm_meter() from schedcpu().
> 2. Not using the UTC clock to decide when to update load averages.
> 3. Not periodically awakening proc0.
>
> Let's try 3.
>
> Index: kern/sched_bsd.c
> ===
> RCS file: /cvs/src/sys/kern/sched_bsd.c,v
> retrieving revision 1.76
> diff -u -p -r1.76 sched_bsd.c
> --- kern/sched_bsd.c 21 Jun 2023 21:16:21 - 1.76
> +++ kern/sched_bsd.c 21 Jun 2023 21:40:17 -
> @@ -234,7 +234,6 @@ schedcpu(void *arg)
> }
> SCHED_UNLOCK(s);
> }
> - uvm_meter();
> wakeup();
> timeout_add_sec(to, 1);
> }
> @@ -669,6 +668,7 @@ scheduler_start(void)
>
> rrticks_init = hz / 10;
> schedcpu(_to);
> + uvm_meter(NULL);
>
> #ifndef SMALL_KERNEL
> if (perfpolicy == PERFPOL_AUTO)
> Index: uvm/uvm_meter.c
> ===
> RCS file: /cvs/src/sys/uvm/uvm_meter.c,v
> retrieving revision 1.44
> diff -u -p -r1.44 uvm_meter.c
> --- uvm/uvm_meter.c 21 Jun 2023 21:16:21 - 1.44
> +++ uvm/uvm_meter.c 21 Jun 2023 21:40:17 -
> @@ -65,6 +65,9 @@
> int maxslp = MAXSLP; /* patchable ... */
> struct loadavg averunnable;
>
> +#define UVM_METER_INTVL 5
> +struct timeout uvm_meter_to = TIMEOUT_INITIALIZER(uvm_meter, NULL);
> +
> /*
> * constants for averages over 1, 5, and 15 minutes when sampling at
> * 5 second intervals.
> @@ -85,10 +88,10 @@ void uvmexp_read(struct uvmexp *);
> * uvm_meter: calculate load average and wake up the swapper (if needed)
> */
> void
> -uvm_meter(void)
> +uvm_meter(void *unused)
> {
> - if ((gettime() % 5) == 0)
> - uvm_loadav();
> + timeout_add_sec(_meter_to, UVM_METER_INTVL);
> + uvm_loadav();
> if (proc0.p_slptime > (maxslp / 2))
> wakeup();
> }
> Index: uvm/uvm_extern.h
> ===
> RCS file: /cvs/src/sys/uvm/uvm_extern.h,v
> retrieving revision 1.170
> diff -u -p -r1.170 uvm_extern.h
> --- uvm/uvm_extern.h 21 Jun 2023 21:16:21 - 1.170
> +++ uvm/uvm_extern.h 21 Jun 2023 21:40:17 -
> @@ -414,7 +414,7 @@ void uvmspace_free(struct vmspace *);
> struct vmspace
Re: latest amd64 snap hangs on "root on sdoa..."
On Wed, Jun 21, 2023 at 11:25:27PM +0200, Claudio Jeker wrote: > On Wed, Jun 21, 2023 at 01:03:03PM -0600, Chris Waddey wrote: > > Sorry for breaking the thread, I wasn't subscribed to misc, but found > > this in the archives. > > > > After some testing, it looks like the recent uvm_meter() commit is what > > did this (to my machine at least). > > > > The git commit for that is 71d823ace2523fb9fee2d1ab9b4d92a18d3f5714. > > > > I compiled the commit right before it in the logs and booted no problems > > with a GENERIC.MP kernel config, but that one broke it. > > > > I'm not as familiar with CVS, so apologies for not having the commit > > from there. > > > > Here is the commit message if that helps, though I those on tech will > > know it regardless: > > > > schedcpu, uvm_meter(9): make uvm_meter() an independent timeout > > > > uvm_meter(9) should not base its periodic uvm_loadav() call on the UTC > > clock. It also no longer needs to periodically wake up proc0 because > > proc0 doesn't do any work. schedcpu() itself may change or go away, > > but as kettenis@ notes we probably can't completely remove the concept > > of a "load average" from OpenBSD, given its long Unix heritage. > > > > So, (1) remove the uvm_meter() call from schedcpu(), (2) make > > uvm_meter() an independent timeout started alongside schedcpu() during > > scheduler_start(), and (3) delete the vestigial periodic proc0 wakeup. > > > > With input from deraadt@, kettenis@, and claudio@. deraadt@ cautions > > that this change may confuse administrators who hold the load average > > in high regard. > > > > Thread: https://marc.info/?l=openbsd-tech=168710929409153=2 > > > > general agreement with this direction from kettenis@ > > ok claudio@ > > > > If I should repost on tech, let me know. > > Just to be sure. Did you verify this with self compiled kernels with and > without that commit? > > Please do not compare self compiled kernels with snapshot kernels since > snapshots may carry additional diffs. I verified this with self compiled kernels with and without that commit (specifically, the git hash of the last commit for a self-compiled kernel that did not hang on boot was 43e70bb47b84874dbf5bedf42379b789cda2b076, Update ospfd to use new ibuf api). > -- > :wq Claudio >
Re: latest amd64 snap hangs on "root on sdoa..."
0: VMX/EPT efifb at mainbus0 not configured uvideo0 at uhub1 port 5 configuration 1 interface 0 " Integrated Camera" rev 2.01/0.07 addr 2 video0 at uvideo0 ugen0 at uhub1 port 5 configuration 1 " Integrated Camera" rev 2.01/0.07 addr 2 ugen1 at uhub1 port 7 "Generic Goodix FingerPrint Device" rev 2.00/1.00 addr 3 ugen2 at uhub1 port 10 "Intel Bluetooth" rev 2.01/0.02 addr 4 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets softraid0: sd1 was not shutdown properly sd1 at scsibus4 targ 1 lun 0: sd1: 244197MB, 512 bytes/sector, 500116607 sectors root on sd1a (ff5c235618013e79.a) swap on sd1b dump on sd1b inteldrm0: 1920x1080, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0 wsdisplay0: screen 1-5 added (std, vt100 emulation) iwx0: hw rev 0x350, fw 77.2dda880d.0, address dc:21:5c:86:aa:a6 On Wed, Jun 21, 2023 at 01:03:03PM -0600, Chris Waddey wrote: > Sorry for breaking the thread, I wasn't subscribed to misc, but found > this in the archives. > > After some testing, it looks like the recent uvm_meter() commit is what > did this (to my machine at least). > > The git commit for that is 71d823ace2523fb9fee2d1ab9b4d92a18d3f5714. > > I compiled the commit right before it in the logs and booted no problems > with a GENERIC.MP kernel config, but that one broke it. > > I'm not as familiar with CVS, so apologies for not having the commit > from there. > > Here is the commit message if that helps, though I those on tech will > know it regardless: > > schedcpu, uvm_meter(9): make uvm_meter() an independent timeout > > uvm_meter(9) should not base its periodic uvm_loadav() call on the UTC > clock. It also no longer needs to periodically wake up proc0 because > proc0 doesn't do any work. schedcpu() itself may change or go away, > but as kettenis@ notes we probably can't completely remove the concept > of a "load average" from OpenBSD, given its long Unix heritage. > > So, (1) remove the uvm_meter() call from schedcpu(), (2) make > uvm_meter() an independent timeout started alongside schedcpu() during > scheduler_start(), and (3) delete the vestigial periodic proc0 wakeup. > > With input from deraadt@, kettenis@, and claudio@. deraadt@ cautions > that this change may confuse administrators who hold the load average > in high regard. > > Thread: https://marc.info/?l=openbsd-tech=168710929409153=2 > > general agreement with this direction from kettenis@ > ok claudio@ > > If I should repost on tech, let me know. > > Chris >
Re: latest amd64 snap hangs on "root on sdoa..."
Sorry for breaking the thread, I wasn't subscribed to misc, but found this in the archives. After some testing, it looks like the recent uvm_meter() commit is what did this (to my machine at least). The git commit for that is 71d823ace2523fb9fee2d1ab9b4d92a18d3f5714. I compiled the commit right before it in the logs and booted no problems with a GENERIC.MP kernel config, but that one broke it. I'm not as familiar with CVS, so apologies for not having the commit from there. Here is the commit message if that helps, though I those on tech will know it regardless: schedcpu, uvm_meter(9): make uvm_meter() an independent timeout uvm_meter(9) should not base its periodic uvm_loadav() call on the UTC clock. It also no longer needs to periodically wake up proc0 because proc0 doesn't do any work. schedcpu() itself may change or go away, but as kettenis@ notes we probably can't completely remove the concept of a "load average" from OpenBSD, given its long Unix heritage. So, (1) remove the uvm_meter() call from schedcpu(), (2) make uvm_meter() an independent timeout started alongside schedcpu() during scheduler_start(), and (3) delete the vestigial periodic proc0 wakeup. With input from deraadt@, kettenis@, and claudio@. deraadt@ cautions that this change may confuse administrators who hold the load average in high regard. Thread: https://marc.info/?l=openbsd-tech=168710929409153=2 general agreement with this direction from kettenis@ ok claudio@ If I should repost on tech, let me know. Chris
Re: increasing NET_TASKQ for better performance?
Valdrin MUJA [valdrin_m...@outlook.com] wrote: > Hello Misc, > > I run OpenBSD 7.3 as L3 firewall under VMware. I have some rdr-to rules. > > Here System information: > cpu15: Intel(R) Xeon(R) Gold 6338 CPU @ 2.00GHz, 1995.63 MHz, 06-6a-06 > I know CPU cores are not at too important at the moment but this server has > 16 cores on it. > I use vmx nics. dmesg is attached. > > When traffic becomes high(*) systems slows. (Users say RDP connections are > slow) > When I checked uptime load average was ok but yeah OpenBSD was slow. > For example, when I enter ifconfig command system was not too fast. > > After that I looked at top -SH output and see 3 of softnet tasks were over > %74 and was ~%40. > > Would you suggest to increase the NET_TASKQ value to 8 or 16 (number of cores > in the system) and use a custom kernel? Probably 8 since the kernel isn't optimized for hyper-threading. > Also, just wonder if it's CPU core dedicated value or not? > > P.S. I don't use pfsync and it's not in my plan... > There's a possible MP rework hitting the tree soon if you did want to use pfsync.
Re: Hibernation on Thinkpad Carbon X1 gen 7 - unhibernate failed
On Sat, 2023-06-17 at 09:21 -0600, Ashlen wrote: > I have a 7th gen X1 Carbon and am not sure that the hardware is the > issue here. I've only experienced this very rarely. > I can confirm that I managed to unhibernate successfully and the error is no longer occuring, confirming your observation. However, image unhibernation took about 5 minutes. unhibernating @ block 50329532 length 750MB <- this takes ~5 minutes Unpacking image... <- this few seconds and I'm back in X11 I was so confused that I thought it just hangs. How long does it take to ZZZ and unhibernate? Cheers, Chris
Hibernation on Thinkpad Carbon X1 gen 7 - unhibernate failed
Hi, I got Thinkpad Carbon X1 gen7 and I tried to test hibernation (ZZZ). When system is resumed, it took several minutes to load image. dmesg shows: unhibernate failed: original kernel changed and my iwm0 wifi card is not visible anymore. Is there someobdy with 7th gen X1 that could confirm? According to https://jcs.org/2019/08/14/x1c7 it should work. Thanks for any suggestions, Chris
Generating xorg.conf
Hi, I'm trying to customize my touchpad input handling in X11. Normally I'd call X -configure to generate the config file and tune it to my needs. X -h lists -configure as available options. However, when calling X -configure, it says option is not recognized: # X -configure ... (EE) Fatal server error: (EE) Unrecognized option: -configure (EE) (EE) Please consult the The X.Org Foundation support ... I'm puzzled. Is it supported? Can I generate xorg config? Cheers, Chris
Re: program compiled with clang from base runs 4 times slower than compiled with gcc-11.2.0p6 from ports
Stuart Henderson [stu.li...@spacehopper.org] wrote: > On 2023-06-05, Kastus Shchuka wrote: > > Next I tried -fno-fixup-gadgets, and that made a radical difference: > > Not entirely a surprise, we have seen this a few times now. > Usually it is fine, but has quite bad effects on some programs, > however it is quite a nice mitigation (big reduction in the > number of available ROP gadgets in compiled code). > There are potentially more fixups that can be improved. A while back, the fixup was adding more work than necessary. Todd Mortimer fixed an obvious case where the DstReg form of the MOV instruction was being used, instead of the SrcReg instruction, so a swap was required to move the data between registers. There may be others, from Todd Mortimer: "If you are interested, try objdump -d /usr/lib/libc.so and categorize the instructions that have the xchg dance around them. Sort by most common instruction, and then check the Intel SDM to see if the most common instructions that get this treatment have SrcReg / DestReg forms that we can swap around instead of doing the xchg dance. :-)" Chris
Re: High Interrupt After 7.3 Upgrade
Samuel Jayden [samueljaydan1...@gmail.com] wrote: > Hi again, > > Just for the record: > I've downgraded to OpenBSD 7.2 (reinstalled) and everything is working like > a charm again. > I don't know what is wrong with 7.3 but ipi interrupt rate is too much and > somehow OpenBSD performance is too bad.. > Thanks for reading. > Sounds like you are using 'systat' to measure interrupts. This is a bug in systat was was fixed in 7.3. Here is Scott Cheloha's message from that fix: "systat(1): vmstat: measure elapsed time with clock_gettime(2) instead of ticks The vmstat view in systat(1) should not use statclock() ticks to count elapsed time. First, ticks are low resolution. Second, the statclock is sometimes randomized, so each tick is not necessarily of equal length. Third, we're counting ticks from every CPU on the system, so every rate in the view is divided by the number of CPUs. For example, on an amd64 system with 8 CPUs you currently see: 200 clock ... when the true clock interrupt rate on that system is 1600. Instead, measure elapsed time with clock_gettime(2). Use CLOCK_UPTIME here so we exclude time when the system is suspended. With this change we no longer need "stathz" or "hertz". We can also get rid of the anachronistic secondary clock failure test. Prompted by dlg@ and jmatthew@. deraadt@ says this has been in snaps since 2022-11-21; no complaints. Link: https://marc.info/?l=openbsd-tech=166898960831136=2 ok dlg@ deraadt@"
Battery not detected on StarLabs Starlite Mk IV
Hi, I'm struggling with a battery problem on StarLabs Starlite Mk IV. Laptop is flashed with AMI BIOS and I noticed that battery is not detected reliably. When battery is not detected, it does not detect AC adapter cable as well. I can see acpiac0 but the cable is not reported as connected in apm. In Linux it works reliably, so I suppose it must be some combination of firmware issue and/or better autodetection logic. I'm wondering how can I debug root cause of the issue? I'd be grateful for any suggestions. Cheers, Chris Narkiewicz
Re: OpenBSD Hackathons
On Fri, May 12, 2023 at 08:18:45PM +, Katherine Mcmillan wrote: > Hi all, > > Thank you for the helpful responses, this definitely explains some things! > > I'm looking at organizing an OpenBSD Hackathon in the National Capital Region > in Canada (could potentially be on the Gatineau, Quebec side) but having > never been to an OpenBSD Hackathon, my interpretation might be quite > different from the other Hackathons! That's fine, and I'm going to seek > inspiration from attending a FreeBSD Hackathon, as that project makes their > upcoming Hackathons public: https://wiki.freebsd.org/Hackathon/202305 > > Thank you very much for the help and please feel free to contact me privately > if you're interested in attending (either as a volunteer or developer) or > otherwise supporting an OpenBSD Hackathon in the National Capital Region in > Canada. > > Sincerely, > Katie > Hi Katie, I hope that your Hackathon works out. OpenBSD uses C, sh and Perl in base. That is three different skill sets. I would recommend that you ask the developers what sort of projects they would like to see get done at a hackathon. Then you could post here and elsewhere about those possibilities and see who would like to do which ones. Also, I wouldn't judge the "success" based on what get finished, but more so on if the hackers learn thoroughly about the code worked on. I see plenty of emails mentioning how the work started on during a hackathon was later completed and then submitted. Have fun! -- Chris Bennett
InfluxDB stopped working on OpenBSD 7.3
I have a fresh OpenBSD 7.3 install (no update) with InfluxDB installed
from packages.
When I try to start it, it did start initially, but eventually it
crashed. Now I can't start it again.
It complains about bad system call. Could that be related to latest
security features?
Below is rcctl -d output. I'd be thankful for any suggestions.
dev# rcctl -d start influxdb
doing _rc_parse_conf
influxdb_flags empty, using default ><
doing rc_check
influxdb
doing rc_start
doing _rc_wait_for_start
doing rc_check
influxdb[2285]: ts=2023-04-15T00:19:33.358242Z lvl=info msg="InfluxDB
starting" log_id=0hC_LoRW000 version=unknown branch=unknown
commit=unknown
influxdb[2285]: ts=2023-04-15T00:19:33.358479Z lvl=info msg="Go
runtime" log_id=0hC_LoRW000 version=go1.20.1 maxprocs=1
influxdb[2285]: ts=2023-04-15T00:19:33.383092Z lvl=info msg="Using data
dir" log_id=0hC_LoRW000 service=store path=/var/influxdb/data
influxdb[2285]: ts=2023-04-15T00:19:33.383498Z lvl=info msg="Compaction
settings" log_id=0hC_LoRW000 service=store max_concurrent_compactions=1
throughput_bytes_per_second=50331648
throughput_bytes_per_second_burst=50331648
influxdb[2285]: ts=2023-04-15T00:19:33.383565Z lvl=info msg="Open store
(start)" log_id=0hC_LoRW000 service=store trace_id=0hC_LoXl000
op_name=tsdb_open op_event=start
influxdb[2285]: SIGSYS: bad system call
influxdb[2285]: PC=0x23c8afdf7 m=0 sigcode=0
influxdb[2285]:
influxdb[2285]: goroutine 0 [idle]:
influxdb[2285]: syscall.rawSyscall10X(0x1d704e0, 0xc5, 0x0, 0x10248,
0x1, 0x1, 0x18, 0x0, 0x0, 0x0, ...)
influxdb[2285]: runtime/sys_openbsd3.go:114 +0x4d
fp=0xc6d820 sp=0xc6d800 pc=0x1d10bad
influxdb[2285]: syscall.rawSyscall10X(0x0?, 0xc6d900?, 0x1ce9291?,
0x1?, 0x0?, 0xc0002b7380?, 0xc6d900?, 0x0?, 0xc6d938?, 0x0,
...)
influxdb[2285]: :1 +0x59 fp=0xc6d8a0
sp=0xc6d820 pc=0x1d16d79
influxdb[2285]: syscall.syscall9Internal(0xc0002b7380?, 0x20003?,
0xc6d958?, 0x1ce89e5?, 0xc0002b7380?, 0xc6d978?, 0x1d0eabb?,
0xc0002b7380?, 0x20003?, 0x0)
influxdb[2285]: syscall/syscall_openbsd_libc.go:38 +0x49
fp=0xc6d908 sp=0xc6d8a0 pc=0x1d6a489
influxdb[2285]: syscall.syscall9Internal(0xc5, 0x0, 0x10248, 0x1, 0x1,
0x18, 0x0, 0x0, 0x0, 0x0)
influxdb[2285]: :1 +0x68 fp=0xc6d968
sp=0xc6d908 pc=0x1d70f08
influxdb[2285]: golang.org/x/sys/unix.mmap(0x1d6d534?, 0x0?,
0xc6da60?, 0xc6da18?, 0x1d90366?, 0xc0005275f8?)
influxdb[2285]:
golang.org/x/sys@v0.0.0-20201119102817-f84b799fce68/unix/zsyscall_openbsd_amd64.go:1639+0x52fp=0xc6d9e8sp=0xc6d968pc=0x2062532
influxdb[2285]: golang.org/x/sys/unix.(*mmapper).Mmap(0x2a60da0,
0xc6dab0?, 0xcc4900?, 0x10248, 0xc6db20?, 0x1d902cc?)
influxdb[2285]:
golang.org/x/sys@v0.0.0-20201119102817-f84b799fce68/unix/syscall_unix.go:113+0x89fp=0xc6da90sp=0xc6d9e8pc=0x2061d69
influxdb[2285]: golang.org/x/sys/unix.Mmap(...)
influxdb[2285]:
golang.org/x/sys@v0.0.0-20201119102817-f84b799fce68/unix/syscall_bsd.go:650
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1.mmap(0xc0003a61d0?,
0xc0003a61d0?, 0x60?)
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/mmap_unix.go:18 +0x65
fp=0xc6dad8sp=0xc6da90pc=0x29b5d65
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1.(*mmapAccessor).init(0x
c000430d20)
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/reader.go:1335 +0x113
fp=0xc6db70sp=0xc6dad8pc=0x29bedf3
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1.NewTSMReader(0xc0003a61
d0, {0xc6dc80, 0x1, 0x0?})
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/reader.go:239 +0x18d
fp=0xc6dbe8sp=0xc6db70pc=0x29b802d
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1.(*FileStore).Open.func1
(0x0, 0xc0003a61d0)
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/file_store.go:543
+0x115fp=0xc6dfc0sp=0xc6dbe8pc=0x299f1d5
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1.(*FileStore).Open.func3
()
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/file_store.go:565
+0x2efp=0xc6dfe0sp=0xc6dfc0pc=0x299f08e
influxdb[2285]: runtime.goexit()
influxdb[2285]: runtime/asm_amd64.s:1598 +0x1 fp=0xc6dfe8
sp=0xc6dfe0 pc=0x1d14141
influxdb[2285]: created by
github.com/influxdata/influxdb/tsdb/engine/tsm1.(*FileStore).Open
influxdb[2285]:
github.com/influxdata/influxdb/tsdb/engine/tsm1/file_store.go:535 +0x4a5
influxdb[2285]:
influxdb[2285]: goroutine 16 [running]:
influxdb[2285]: runtime.systemstack_switch()
influxdb[2285]: runtime/asm_amd64.s:463 fp=0xc6d7d0
sp=0xc6d7c8 pc=0x1d11f00
influxdb[2285]: runtime.libcCall(0x0?, 0xc0002b7380?)
influxdb[2285]: runtime/sys_libc.go:49 +0x66 fp=0xc6d800
sp=0xc6d7d0 pc=0x1cfdee6
influxdb[2285]: syscall.rawSyscall10X(0x1d704e0, 0xc5, 0x0, 0x10248,
0x1,
Re: Route selected IP traffic across wg(4) tunnel
On 9 Mar 2023, at 12:01, Zack Newman wrote: Wondering if anyone has a "best practice" for pealing IP traffic off (in this case an AppleTV) and routing all the traffic across a Wireguard tunnel. Not sure what you mean by "pealing [sic] IP traffic off"; but when I need source-based routing, I prefer using rdomain(4)s and rtable(4)s. wg(4) is even rtable-aware. Now I am not in a position to anoint something as "best practice", but I couldn't be happier with my setup. Hey Zach, sorry it was poor description of PBR / source-based routing ;) Someone else also suggested using rdomain and rtable but I thought I would try to use the pf routing option `route-to` to accomplish this as it seemed like it might be a simple solution. I guess I just don't quite understand how it works. If I was to use a new rdomain/rtable, how would I go about routing a single IP from a /24 prefix across the wg(4) tunnel and let all the other IPs in that prefix use the default route (in the default rdomain/rtable)? It's like the traffic gets dropped (MTU issue?). MTU should always be taken into consideration. The default MTU for wg is 1420, so any traffic that is sent through the WireGuard tunnel directly or indirectly should be sent from an interface with MTU less than or equal to that value. Makes sense.
Route selected IP traffic across wg(4) tunnel
Good afternoon,
Wondering if anyone has a "best practice" for pealing IP traffic off (in
this case an AppleTV) and routing all the traffic across a Wireguard
tunnel. I've looked at the pf(4) routing option **route-to** and tried
setting this up to the best of my knowledge (I seem to be missing
something). I have a working Wireguard tunnel up between my local
OpenBSD 7.2 firewall and an OpenBSD 7.2 VPS server. I can confirm the
connectivity by pining from the two local prefixes (the WG /30 prefix
and my home prefix — 172.16.1.0/24), so I know the tunnel is healthy
and working as expected.
When I setup the **route-to** pf rule, I occasionally see (tcpdump)
traffic hit the wg0 interface from 172.16.1.73 on the local firewall,
but the traffic stops here and I dont see anything on the wg0 interface
on the VPS server. It's like the traffic gets dropped (MTU issue?). I
also feel like I should be seeing more IP traffic than I am. For the
destination address in the route-to rule I've used the far side tunnel
IP (172.31.255.254). From my understanding this is the right way to do
it?
I appreciate any sight or advice you may have on this matter.
Cheers,
-Chris
## Local firewall
/etc/hostname.aggr0
---
```
trunkport em0
trunkport em1
up
```
/etc/hostname.em0
-
```
up
```
/etc/hostname.em1
-
```
up
```
/etc/hostname.vlan99
```
#! sleep 60
parent aggr0
vnetid 99
descr "Home Network"
inet 172.16.1.1/24
inet6 autoconf
```
/etc/hostname.vlan999
-
```
#! sleep 30
parent aggr0
vnetid 999
descr "ISP"
inet autoconf
inet6 autoconf
```
/etc/hostname.wg0
---
```
descr "WireGuard tunnel"
inet 172.31.255.253/30
wgkey
wgport 51821
wgpeer wgendpoint 51821 wgaip
172.31.255.254/32 wgaip 10.0.0.0/24
```
/etc/pf.conf
```
### Macros
home_if = "vlan99"
#int_bridge = "em1"
guest_if = "vlan100"
kids_if = "vlan105"
#work_if = "vlan1000"
integration_if = "vlan2000"
tailscale = "tun0"
wg_seate1 = "wg0"
ifgrp_gre = "{ gre0, gre1, gre2, gre3 }"
appletv_livingroom = "172.16.1.73"
tcp_services = "{ ssh, auth }"
icmp_types = "echoreq"
icmp6_types = "{ unreach, toobig, timex, paramprob, echoreq, echorep, \
routeradv, routersol, neighbradv, neighbrsol }"
### Tables
table { 10.10.77.0/24, 10.10.70.32/27 }
table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 192.168.0.0/16
\
198.18.0.0/15 198.51.100.0/24 203.0.113.0/24
\
::/128 ::/96 ::1/128 :::0:0/96 100::/64 2001:10::/28 2001:2::/48
\
2001:db8::/32 3ffe::/16 fec0::/10 fc00::/7 }
### Options
set block-policy drop
set loginterface egress
#set state-defaults pflow
set skip on lo0
### Queues
#queue outq on em0 flows 1024 bandwidth 300M max 300M qlimit 1024
default
#queue inq on em1 flows 1024 bandwidth 300M max 300M qlimit 1024 default
### Match Rules
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
### Filter Rules
## Protect against spoofing ##
antispoof quick for { egress $home_if $guest_if $kids_if }
block in quick on egress from to any
block return out quick on egress from any to
block all
pass out quick inet
pass out quick inet6
pass out log (all) quick on enc0 keep state (if-bound)
## Pass traffic for bridge members except home_if (vether0) ##
#pass quick on $int_bridge
## Pass traffic on internal integration network between firewall and SRX
pass quick on $integration_if
## Pass IPSec traffic on egress interface ##
pass in on egress proto esp from any to (egress)
pass in on egress proto udp from any to (egress) \
port {isakmp, ipsec-nat-t}
pass in on enc0 proto ipencap from any to (egress) \
keep state (if-bound)
pass in log on enc0 from 10.255.255.1/32 to 10.255.255.10/32 \
keep state (if-bound)
pass in log on enc0 from 10.199.0.4/32 to 10.199.0.7/32 \
keep state (if-bound)
pass in log on enc0 from 10.255.0.2/32 to 10.255.0.1/32 \
keep state (if-bound)
pass in log on enc0 from 10.198.0.2/32 to 10.198.0.1/32 \
keep state (if-bound)
## Pass Wireguard traffic ##
pass in on $wg_seate1 from $wg_seate1:network
pass in log on $ifgrp_gre inet proto ospf
pass in log on $ifgrp_gre inet proto { tcp, udp } from any \
to 10.1.1.1 port domain
pass in log on $ifgrp_gre inet proto udp from any \
to 10.1.1.0/24 port tftp
pass in log (all) on $ifgrp_gre from to any
pass in on $tailscale from 100.64.0.0/10
pass in log on $home_if inet from $home_if:network
pass in log on $kids_if inet from $kids_if:network
pass in log on $guest_if inet from $guest_if:network
pass in log on $home_if inet6
pass in on $home_if inet proto tcp from $home_if:network port ssh
#pass in log on $
Using fvwm2 or fvwm3 and another using gnome. Need advice on best setup. startx/xenodm/gdm both users wheel
Hi, I have finally been able to get a decent desktop and a new 4k monitor. I use fvwm2 right now (probably fvwm3 soon). Another new user will be using gnome. Both of us are in wheel group. First, do I need to use xenodm with either fvwm? Or will startx do the trick? Second, it sounds like using gdm is best with gnome. So I was thinking that the gnome user could login and type: doas rcctl -f start gdm Then login again. - fvwm user could either do the same to start xenodm or would startx be better? Lastly, is there any way to automate that upon login? Or just make aliases? -- Thanks, Chris Bennett
Re: Reinstalling kernel with full disk encryption
I fixed it by booting into snapshots install72.img (-stable kernel turns out to not boot -current) and going thorugh the upgrade process. installboot must've been what I needed to do. For the sake of the archive: Initially I couldn't upgrade because I exited to shell from the installer to decrypt the disk right at the prompt asking which disk to upgrade, and the installer didn't recognize the disk at that point. I had to exit at the keyboard layout prompt right beforehand to have it recognized. Thank you for the help. On December 29, 2022 10:00:30 AM UTC, Crystal Kolipe wrote: >On Wed, Dec 28, 2022 at 09:01:26PM +0000, Chris wrote: >> After that however, the bootloader no longer prompts me for the full disk >> encryption passphrase. Previously it was prompting me for the FDE passphrase >> before it tried to boot the broken kernel. > >I'm assuming that you only have a single disk in this machine, and that you >are not multi-booting with another OS. If this is not the case, let us know. > >Does the machine actually boot in to your old system now if you do: > >boot sr0a:/bsd > >at the boot prompt? > >Or does the kernel boot, but complain that it cannot find the root volume? > >If the machine does boot, you probably just need to run: > ># installboot -v sd1
Reinstalling kernel with full disk encryption
Hello misc, I tried to stop a sysupgrade before it updated anything by pressing the power button, but by the time the computer shut off the install script was already midway through updating the kernel. I know, bad idea on my part. I was left with an unbootable kernel. To repair it I booted into install72.img, decrypted the disk and copied over the 7.2 kernel from sets. The machine was running -current but I assume the 7.2 kernel would boot it as well. After that however, the bootloader no longer prompts me for the full disk encryption passphrase. Previously it was prompting me for the FDE passphrase before it tried to boot the broken kernel. How to fix this? Help would be much appreciated.
Re: Installing OpenBSD on new Chromebook
You can't just boot any old USB from a Chromebook. It has a locked down BIOS. More information here: https://mrchromebox.tech/ On 10/28/22 17:59, Jeff Ross wrote: Hi all, I got a nice new laptop at Costco for under $200. I did the developer mode to get to a linux shell and installed a bunch of programs but I'd rather just wipe the whole disk and install OpenBSD. All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? Thanks! Jeff Ross
Re: PC Engines APU alternative for OpenBSD - 2022h2
Denis Fondras [open...@ledeuns.net] wrote: > Le Wed, Sep 28, 2022 at 04:55:51PM +0200, Erik van Westen a ?crit : > > > > Have a look at shop.opnsense.com, they might have something. > > > > The DEC6xx/7xx/8xx are not fully supported by OpenBSD. > I don't know about the bigger boxes but being based on the same SoC they are > probably not supported. What's unsupported? These seem like garden variety AMD Epyc.
Re: Mutt smtp configuration
I am assuming that mutt can use a debug file like neomutt. That can be very helpful. -- Chris Bennett
Re: Yet Another Laptop Recommendation Thread
Christoff Humphries [christ...@sogonsecurity.com] wrote: > Just ordered this from eBay after looking at jcs??? list again: > - Lenovo ThinkPad X1 Carbon 7th Gen i7-8565U 16GB RAM 512GB SSD 14" FHD Touch > 2019 > > Woot, back to OpenBSD as a daily driver again and looking forward to helping > with ports and stuff. > Pretty much any amd64 laptop that doesn't have a bunch of weird custom stuff should mostly or fully work out-of-the-box. Nvidia graphics is not supported, of course. Then there are arm64 laptops like the x13s and the apple stuff that are coming out now, too. Kinda neat! Lots of custom stuff on these new apple and qualcomm platforms.
