Re: magic code in /src/sys/net/if_spppsubr.c

[Dan Harnett]

On Wed, Jul 25, 2012 at 08:02:16AM +0800, f5b wrote:
 /src/sys/net/if_spppsubr.c 
 rev=1.98
 
 1. line 3557
 p opt[i++] = 0;   /* TBD */
 
 2. see line  (begin with ^L)
 466
 1145
 1276
 1991
 2675
 4116
 4430
 
 compare to line  (insert empty line)
 3150
 3642


For anyone interested in this.


Index: if_spppsubr.c
===
RCS file: /home/danh/.cvs/openbsd/src/sys/net/if_spppsubr.c,v
retrieving revision 1.98
diff -u -p -r1.98 if_spppsubr.c
--- if_spppsubr.c   24 Jul 2012 15:16:20 -  1.98
+++ if_spppsubr.c   25 Jul 2012 09:28:36 -
@@ -463,7 +463,7 @@ static const struct cp *cps[IDX_COUNT] =
 };
 
 
-/*
+/*
  * Exported functions, comprising our interface to the lower layer.
  */
 
@@ -1142,7 +1142,7 @@ sppp_ioctl(struct ifnet *ifp, u_long cmd
 }
 
 
-/*
+/*
  * Cisco framing implementation.
  */
 
@@ -1273,7 +1273,7 @@ sppp_cisco_send(struct sppp *sp, u_int32
ifp-if_obytes += m-m_pkthdr.len + sp-pp_framebytes;
 }
 
-/*
+/*
  * PPP protocol implementation.
  */
 
@@ -1988,7 +1988,7 @@ sppp_cp_change_state(const struct cp *cp
break;
}
 }
-/*
+/*
  *--*
  *  *
  * The LCP implementation.  *
@@ -2672,7 +2672,7 @@ sppp_lcp_check_and_close(struct sppp *sp
 
lcp.Close(sp);
 }
-/*
+/*
  *--*
  *  *
  *The IPCP implementation.  *
@@ -3554,7 +3554,7 @@ sppp_ipv6cp_scr(struct sppp *sp)
if (sp-ipv6cp.opts  (1  IPV6CP_OPT_COMPRESSION)) {
opt[i++] = IPV6CP_OPT_COMPRESSION;
opt[i++] = 4;
-p  opt[i++] = 0;   /* TBD */
+   opt[i++] = 0;   /* TBD */
opt[i++] = 0;   /* TBD */
/* variable length data may follow */
}
@@ -4113,7 +4113,7 @@ sppp_chap_scr(struct sppp *sp)
   sp-myauth.name,
   0);
 }
-/*
+/*
  *--*
  *  *
  *The PAP implementation.   *
@@ -4427,7 +4427,7 @@ sppp_pap_scr(struct sppp *sp)
   (size_t)pwdlen, sp-myauth.secret,
   0);
 }
-/*
+/*
  * Random miscellaneous functions.
  */

Re: switching between ethernet and wifi

[Dan Harnett]

On Wed, Jul 25, 2012 at 09:59:29AM +0200, frantisek holop wrote:
 now the only last question remaining: should any commands
 be executed before removing the usb wifi?  sometimes i get this:
 
 /bsd: ehci_idone: ex=0xd1f4b000 is done!

I don't believe you have to execute anything before removing the usb
wifi.  Did you receive that message previously when not using trunk?

Re: switching between ethernet and wifi

[Dan Harnett]

On Tue, Jul 24, 2012 at 06:15:02PM +0200, frantisek holop wrote:
 hmm, on Mon, Jul 23, 2012 at 08:10:49PM -0400, Dan Harnett said that
  On Tue, Jul 24, 2012 at 01:13:29AM +0200, frantisek holop wrote:
   what i do: insert the usb wifi (/etc/hostname.urtwn0
   contains the correct network data), i disconnect the
   ethernet cable, route -n flush, ifconfig re0 down,
   sh /etc/netstart.
  
  I would recommend 'ifconfig re0 down delete', and do that before
  flushing the routing table.  I would also make sure the dhclient
  process for that interface was dead.
 
 could you explain the reason behind the order?
 the routing table would contain a default route
 on a non-existing nic, no?

The order is to make sure re0 is no longer associated with anything in
your routing table.  The interface would be down, which makes the
default gateway unreachable anyway.  Considering that you're tearing
down the interface manually, and changing the default route, it hardly
matters that it is temporarily unreachable.

 let's say if trunk did not exist, what would be the correct
 way to do this?

The way you're approaching it is alright.  There are just some oddities
with your setup.

It would be more convenient to just have trunk handle it, though.  Any
connections will not be disrupted and you don't have to mess around with
any part of the network.  You can have hotplugd(8) handle it for you.

/etc/hostname.re0:
up

/etc/hostname.trunk0:
trunkproto failover trunkport re0
dhcp NONE NONE NONE

Then have hotplugd setup urtwn0 on attach.

  ifconfig urtwn0 nwid BLAH wpa wpakey blahblah up
  ifconfig trunk0 trunkport urtwn0

When you want to switch back to the wired interface, just plug the cable
in, wait a few seconds for any autonegotiation, and you can safely
unplug the urtwn0.

Re: switching between ethernet and wifi

[Dan Harnett]

On Tue, Jul 24, 2012 at 01:13:29AM +0200, frantisek holop wrote:
 what i do: insert the usb wifi (/etc/hostname.urtwn0
 contains the correct network data), i disconnect the
 ethernet cable, route -n flush, ifconfig re0 down,
 sh /etc/netstart.

I would recommend 'ifconfig re0 down delete', and do that before
flushing the routing table.  I would also make sure the dhclient
process for that interface was dead.

 $ sudo route -n flush
 default  10.10.10.1   done
 default  10.10.10.1   done

Why do you have two default routes?  I also do not see the deletion of
10.10.10.0/24 or any route containing that subnet.

 question: why don't the re0 lines disappear from the inet6 lines
 after ifconfig re0 down?

Most likely because you didn't delete the addresses from the re0
interface.

 $ sudo sh /etc/netstart
 DHCPREQUEST on urtwn0 to 255.255.255.255 port 67
 DHCPREQUEST on urtwn0 to 255.255.255.255 port 67
 DHCPACK from 10.10.10.1 (00:22:bb:aa:aa:cc)
 bound to 10.10.10.136 -- renewal in 604780 seconds.
 
 $ route -n show
 Routing tables
 
 Internet:
 DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
 default10.10.10.1 GSP46 - 8 re0  
 ^^^
 default10.10.10.1 GS 00 - 8 re0  
 ^^^

You shouldn't have two default routes with the network you're
describing.  Make sure you don't have a /etc/mygate file laying around.

Re: apmd closes/crashes on lid close

[Dan Harnett]

On Sun, Jun 03, 2012 at 12:41:31AM -0700, Philip Guenther wrote:
 On Sat, Jun 2, 2012 at 11:38 PM, Robert Connolly
 robertconnolly1...@gmail.com wrote:
  I am running apmd without arguments from rc.conf. I am also running lid
  close suspend from sysctl.conf. When I close the lid, and open it again,
  apmd is gone from 'ps auxw'.
 
 ktrace?
 run it under gdb (passing it the -d option to not go into the
 background) and see what signal kills it and where?


I'm pretty sure I ran into this same issue a while ago.  I tried to use
/etc/apm/{powerup,powerdown} to switch between 'apm -C' and 'apm -A'
when undocking/docking my laptop.  apmd didn't like being poked by apm
from those files.  Just use apm in one of the related /etc/apm files to
reproduce.

  [danh@t obj] $ cat /etc/apm/resume
  apm -A

  [danh@t obj] $ sudo gdb apmd
  (gdb) set args '-d'
  (gdb) run
  Starting program: /usr/obj/usr.sbin/apmd/apmd '-d'
  [New process 12159]

[... enter suspend, then resume here ...]

  Terminated 

  Program received signal SIGPIPE, Broken pipe.
  0x00020a543c6a in sendto () from /usr/lib/libc.so.64.1
  (gdb) bt
  #0  0x00020a543c6a in sendto () from /usr/lib/libc.so.64.1
  #1  0x004020e9 in handle_client (sock_fd=Variable sock_fd is not 
available.
  ) at /usr/src/usr.sbin/apmd/apmd.c:469
  #2  0x004027cd in main (argc=Variable argc is not available.
  ) at /usr/src/usr.sbin/apmd/apmd.c:728

Re: Unbound

[Dan Harnett]

On Mon, May 21, 2012 at 03:30:49PM -0400, Geoff Steckel wrote:
 My site needs both split horizon and pretty complete authoritative support.
 Does anyone have suggestions about BIND replacement(s) for this scenario?
 Right now BIND works for me (for some value of works.)
 
 One machine serving as:
   1) primary nameserver for multiple domains
   2) secondary nameserver for multiple domains
   3) internal nameserver for domains in (1) with additional records
   4) internal nameserver for internal domains
 
 If there is a discussion of this in an archive some place I'll look for it.
 I didn't see much useful searching for split horizon and unbound.

You would have to run multiple instances of nsd and/or unbound for the
equivalent of BIND views.  It's pretty flexible, but you might have to
get a little creative.

For example, in your scenario, one instance of nsd could be used for 1
and 2, and then a second instance for 3 and 4 that serves a different 
set of zone files with the additional records.  You can even toss pf or
something into the mix to redirect to the proper instance based on 
source or destination IP address.

unbound also has the ability to serve authoritative data.  If in your
scenario the internal nameserver is also used for recursive queries,
then you can just add the additional records to unbound and have unbound
redirect the rest to nsd.  In this case, you might only need one
instance of unbound and one instance of nsd.

Re: release failing to build. hardware related?

[Dan Harnett]

On Wed, May 16, 2012 at 10:05:18AM +0200, Marc Peters wrote:
 /tmp # cat /etc/disktab
 
 #   $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $
 
 floppy288|3in|3.5in High Density Floppy, 2.88MB:\
 :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
 :pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
 :pb#5760:ob#0:\
 :pc#5760:oc#0:
[...]


You have the disktab file from the i386 arch installed on a amd64
system.

Re: how to set an alias on a carp interface?

[Dan Harnett]

On Thu, Feb 17, 2011 at 05:37:34PM +0100, Henning Brauer wrote:
 your way to configure aliases is correct, however, the masks are not.
 you are screwing up routing. you want an all-ones netmask on each and
 every IP address except one per subnet. alas you want 255.255.255.255
 on the carp if's IPs.

IIRC, aliases in hostname.if add an explicit route to lo0.  This means
should something on one of the backup carp nodes attempt to connect to
one of the shared IP addresses on the master carp node, they will follow
the lo0 route on the backup and not connect to the master node.

IMHO, it would be better to use a new carp device for each alias.  The
routes will be created and destroyed properly with the status change of
each carp device.

Re: Weird syslog message from Kernel/PF

[Dan Harnett]

On Thu, Feb 10, 2011 at 10:16:42AM -0500, Steve Johnson wrote:
 I've seen the following message on the system console:
 
 Message from syslogd@host at Thu Feb 10 10:11:51 2011 ...
 host /bsd: pf: complete: 0xfe80d026ad00(1552)
 
 Is this something I should worry about? I've tried searching for this and
 haven't seem to be able to find a reference

Do you have the debug option set to notice or lower?  That's the only
time you should see something like that.  It's telling you that a packet
was successfully reassembled.

Re: mod_frontpage fopen fail for fpEXEC log after upgrade.

[Dan Harnett]

On Tue, Jan 11, 2011 at 09:04:20AM -0500, Paul Pruett wrote:
 I have a legacy server,  that supports some older frontpage website,
 yes I know..  but the customer wants it and the i886 still has
 mod_frontpage in ports. so
 
 I upgraded from i386 openbsd 4.6 to openbsd 4.8
 and everything seemed to make it.  it was brought to my attetion that
 while frontpage does log activity like couunter to fpEXEC log,
 /var/log/fpexec_log
 when a form is used, it does not log and as a cgi has a premature end.
 
 Anyone else out there still using mod_frontpage
 and on an openbsd 4.8,
 and if so does it still process forms?


I don't use it anymore, but try using the Linux or FreeBSD binaries
rather than the BSDi BSD/OS binaries the port suggests.  BSD/OS
compatibility was removed, AFAIK.

Re: mplayer tip

[Dan Harnett]

On Fri, Dec 24, 2010 at 10:46:36PM -0500, Ted Unangst wrote:
 This is a laptop with intel video, other systems may be different, but
 if you're having any trouble with mplayer video, the gl driver is
 worth trying.

I used to notice a lot of tearing on Intel X3100 chipsets (GM965).  I
don't see any issues anymore, but maybe someone will find this useful
anyway.

Another tip is to check the output of xvinfo.  For example, on a
ThinkPad X61s, xvinfo gives the following results.

  X-Video Extension version 2.2
  screen #0
Adaptor #0: Intel(R) Textured Video
  number of ports: 16
  port base: 86
  operations supported: PutImage 
  supported visuals:
depth 24, visualID 0x21
  number of attributes: 3
XV_BRIGHTNESS (range -128 to 127)
client settable attribute
client gettable attribute (current value is 0)
XV_CONTRAST (range 0 to 255)
client settable attribute
client gettable attribute (current value is 0)
XV_SYNC_TO_VBLANK (range -1 to 1)
client settable attribute
client gettable attribute (current value is 1)
  maximum XvImage size: 2048 x 2048
  Number of image formats: 5
id: 0x32595559 (YUY2)
  guid: 59555932--0010-8000-00aa00389b71
  bits per pixel: 16
  number of planes: 1
  type: YUV (packed)
id: 0x32315659 (YV12)
  guid: 59563132--0010-8000-00aa00389b71
  bits per pixel: 12
  number of planes: 3
  type: YUV (planar)
id: 0x30323449 (I420)
  guid: 49343230--0010-8000-00aa00389b71
  bits per pixel: 12
  number of planes: 3
  type: YUV (planar)
id: 0x59565955 (UYVY)
  guid: 55595659--0010-8000-00aa00389b71
  bits per pixel: 16
  number of planes: 1
  type: YUV (packed)
id: 0x434d5658 (XVMC)
  guid: 58564d43--0010-8000-00aa00389b71
  bits per pixel: 12
  number of planes: 3
  type: YUV (planar)
Adaptor #1: Intel(R) Video Overlay
  number of ports: 1
  port base: 102
  operations supported: PutImage 
  supported visuals:
depth 24, visualID 0x21
  number of attributes: 11
XV_COLORKEY (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 66046)
XV_BRIGHTNESS (range -128 to 127)
client settable attribute
client gettable attribute (current value is -19)
XV_CONTRAST (range 0 to 255)
client settable attribute
client gettable attribute (current value is 75)
XV_SATURATION (range 0 to 1023)
client settable attribute
client gettable attribute (current value is 146)
XV_PIPE (range -1 to 1)
client settable attribute
client gettable attribute (current value is -1)
XV_GAMMA0 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 526344)
XV_GAMMA1 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 1052688)
XV_GAMMA2 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 2105376)
XV_GAMMA3 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 4210752)
XV_GAMMA4 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 8421504)
XV_GAMMA5 (range 0 to 16777215)
client settable attribute
client gettable attribute (current value is 12632256)
  maximum XvImage size: 2048 x 2048
  Number of image formats: 4
id: 0x32595559 (YUY2)
  guid: 59555932--0010-8000-00aa00389b71
  bits per pixel: 16
  number of planes: 1
  type: YUV (packed)
id: 0x32315659 (YV12)
  guid: 59563132--0010-8000-00aa00389b71
  bits per pixel: 12
  number of planes: 3
  type: YUV (planar)
id: 0x30323449 (I420)
  guid: 49343230--0010-8000-00aa00389b71
  bits per pixel: 12
  number of planes: 3
  type: YUV (planar)
id: 0x59565955 (UYVY)
  guid: 55595659--0010-8000-00aa00389b71
  bits per pixel: 16
  number of planes: 1
  type: YUV (packed)


The Intel(R) Textured Video adaptor was absolutely awful and it is
with that I would see all of the tearing and sync issues.  AFAIK,
mplayer uses the first adaptor it comes across if not explicitly
specified.  Switching to the Intel(R) Video Overlay, all of my issues
just went away (mplayer 

Re: ports/root/make install

[Dan Harnett]

On Thu, Oct 21, 2010 at 05:33:24PM +, Jay K wrote:
 sudo won't work for me -- root password is *.
 I'll have to try it with ssh r...@localhost, which will work.

sudo prompts you for the password to your user account, not the root
account.  Also, you can setup sudo to not require a password for
whatever commands it needs to run when building a port.

Re: how to repeat messages about manual configuration

[Dan Harnett]

On Thu, Oct 21, 2010 at 05:59:32PM +, Jay K wrote:
 When building a package from source, I want a way to prefer installing
 dependencies from prebuilt packages.

You can set PKG_PATH to your favorite mirror and FETCH_PACKAGES=Yes.
The dependencies will be installed from packages if they exist.

Re: openbsd not blob free?

[Dan Harnett]

On Wed, May 05, 2010 at 11:32:47AM -0400, Kent Watsen wrote:
 There is a discussion on the osol-discuss mailing list this morning where
 it's pointed out that OpenBSD source tree has a blob in it:
 
 http://osdir.com/ml/opensolaris-discuss/2010-05/msg00095.html

In OpenBSD's case, binary blob refers to binary-only drivers, not
firmware.  Firmware is usually okay if it is documented and under an
acceptable license.

Re: intel drm problems in current

[Dan Harnett]

On Fri, Apr 30, 2010 at 07:10:01PM +0200, Didier Wiroth wrote:
 Hello,
 I've updated to current, sources are from a few hours ago.
 
 I'm experiencing (stuttering) problems on a thinkpad w500 in x11. X11
 is mostly unusable if I don't disable drm in the kernel.

[...]

 Does anyone else experience these problems?
 
 I saw that there where some intel driver change in the cvs sources.


I'm seeing the same thing using OpenBSD/amd64 on a ThinkPad T500 and
T400.  When I was testing, 'sysctl hw.setperf=0' seemed to stop the
stuttering (apm -C, apm -L).

I do not see the issue on a ThinkPad X61s.

While testing the newer Intel driver and directions from Owain Ainsworth
posted to tech@, I do not experience the problem.


===[ ThinkPad T500 ]===
OpenBSD 4.7-current (GENERIC.MP) #227: Wed Apr 28 11:55:45 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3110801408 (2966MB)
avail mem = 3014275072 (2874MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (80 entries)
bios0: vendor LENOVO version 6FET81WW (3.11 ) date 11/24/2009
bios0: LENOVO 2242CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA SSDT 
SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB3(S3) USB5(S3) EHC0(S3) 
EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.32 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, 2394.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu1: 3MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4777 serial  6056 type LION oem SONY
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2401, 2400, 1600, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at inteldrm0
Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured
Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1 int 20 
(irq 11), address 00:22:68:1b:65:4f
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 (irq 
11)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 (irq 
11)
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 (irq 
11)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: apic 1 int 
17 (irq 11)
azalia0: codecs: Conexant CX20561
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 
11)
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int 21 (irq 
11)
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 Intel WiFi Link 5300 rev 0x00: apic 1 int 17 
(irq 11), MIMO 3T3R, MoW, address 00:21:6a:95:cb:52
ppb2 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int 23 (irq 
11)
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 
11)
pci4 at ppb3 bus 13
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16 (irq 
11)
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 

Re: SSH chroot and ForceCommand

[Dan Harnett]

On Fri, Mar 19, 2010 at 03:58:07PM +0100, Bambero wrote:
 
 Match User !admin
   ChrootDirectory /var/www/users/%u
   ForceCommand internal-sftp
   X11Forwarding no
   AllowTcpForwarding no


Match User *,!admin
ChrootDirectory /var/www/users/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

Re: FWIW Current snapshot Apache/PHP buggy

[Dan Harnett]

On Thu, Feb 25, 2010 at 03:30:47AM -0700, Duncan Patton a Campbell wrote:
 I've just installed a server using current and have found that 
 there are problems with session_destroy(); such that is just 
 does not work.  
 
 The Apache is the installed (1.3) version and PHP is from 
 packages.
 
 I have tested the same software and setup on a 4.5 Release 
 (no patches) and there are no problems with sessions.  


Can you provide any more detail?  session_destroy() appears to work fine
with the i386 snap dated 2/23/2010 and latest php5-core snapshot
package.

Re: dhcpd no longer providing default route

[Dan Harnett]

On Thu, Feb 25, 2010 at 06:47:32PM +0200, Lars Nooden wrote:
 
   subnet 192.168.100.0 netmask 255.255.255.196 {
   option routers 192.168.100.1;
   range 192.168.101.9 192.168.101.14;
   option domain-name-servers 192.168.101.1;
   }
 
   subnet 192.168.101.0 netmask 255.255.255.196 {
   #option routers 192.168.101.1;
   range 192.168.101.9 192.168.101.14;
   option domain-name-servers 192.168.101.1;
   }
 
 OpenBSD clients work fine.  What needs changing in the configuration?
 
 Fully installed debian and debian-based distros' dhclient give and error
 SIOCSIFNETMASK: Invalid argument but otherwise seem to function:


Your netmask is invalid.  The closest valid netmask to that one is
255.255.255.192.

Re: pfctl table cleared time is jumping around

[Dan Harnett]

On Wed, Feb 24, 2010 at 08:30:05AM +0100, Henning Brauer wrote:
 * Dan Harnett dan...@harnett.name [2010-02-23 21:19]:
  
  Probably wrong, but this fixes it.
 
 i would not call that wrong.
 
 i don't understand how this ever worked and I don't understand what
 broke it. the only commit in that timeframe that could cause this is
 ryan's pool removal and that doesn't touch anything near that
 codepath. puzzled.


Ryan's commit actually removed a very similar line.

$ cd /usr/src/sys/net
$ cvs diff -D 2010/01/11 -D 2010/01/12 pf_table.c
Index: pf_table.c
===
RCS file: /home/cvs/openbsd/src/sys/net/pf_table.c,v
retrieving revision 1.80
retrieving revision 1.81
diff -u -p -r1.80 -r1.81
--- pf_table.c  24 Nov 2008 13:22:09 -  1.80
+++ pf_table.c  12 Jan 2010 03:20:51 -  1.81

[... snip! ...]

@@ -1087,7 +,6 @@ pfr_walktree(struct radix_node *rn, void
as.pfras_a.pfra_fback = PFR_FB_NOCOUNT;
}
splx(s);
-   as.pfras_tzero = ke-pfrke_tzero;
 
if (COPYOUT(as, w-pfrw_astats, sizeof(as), flags))
return (EFAULT);

[... snip! ...]

Re: dumpdates

[Dan Harnett]

On Wed, Feb 24, 2010 at 07:00:44PM +0100, Didier Wiroth wrote:
 Hello,
 I would like to backup the /etc directory, like this:
 sudo dump -0uan -f - /etc | gzip -9 | ssh -i .ssh/id_rsa_host2 m...@host2 dd 
 of=/home/me/dump-files/dump-etc-l0-`date +%d%m%Y`.gz
 
 a) Is it normal that /etc/dumpdates is empty after the backup?
 b) What do I have to modify to add the information into /etc/dumpdates?


Only filesystem backups are recorded in /etc/dumpdates.  If you dump the
filesystem that /etc is in (/), then it'll be recorded as you expect.

Re: pfctl table cleared time is jumping around

[Dan Harnett]

On Mon, Feb 22, 2010 at 10:40:29PM +0100, Michael Lechtermann wrote:
  it's a slightly weird side-effect. a quick glance indicates that the
  tzero timestamp is part of the stats struct and tables don't keep
  stats/counters by default any more. for some time tho. i don't
  remember any recent changes to the table code (as if anybody wanted to
  touch that mess)
  by default, does that mean it is possible to somehow keep the
  stats/counters with a configuration option and have it work again?
  
  Add 'counters' to the table definition.
 
 That didn't fix it. The stats are shown now, but the dates are still
 jumping around. :-(


'pfctl -t tablename -T expire ' is also currently broken.
Everything appears to be removed from the table immediately regardless
of ''.

$ sudo cat /etc/pf.conf
table testing persist counters

$ sudo pfctl -vv -t testing -T add 172.16.1.8 172.16.1.9
2/2 addresses added.
A  172.16.1.8
A  172.16.1.9

$ sudo pfctl -vv -t testing -T expire 7200
2/2 addresses expired.
D  172.16.1.8
D  172.16.1.9

Re: Is it time to replace this hard disk?

[Dan Harnett]

On Tue, Feb 23, 2010 at 09:17:58AM +0530, Siju George wrote:
 On Tue, Feb 23, 2010 at 7:45 AM, Jason Beaudoin jasonbeaud...@gmail.com 
 wrote:
  not necessarily.. I had a wacky HD controller that provided similar
  results in dmesg, but if the op asked, I'm guessing that isn't the
  case :P
 
 
 Ok I am running with that disk any way to see how far it goes :-)
 It is a second firewall and if it goes I can route the traffic throguh
 the first one. So no problem


atactl(8) can possibly give you some more data.

 # atactl wd0 smartenable
 # atactl wd0 readattr
 Attributes table revision: 16
 ID  Attribute name  Threshold   Value   Raw
   1 Raw Read Error Rate   51200 0x
   3 Spin Up Time  21100 0x05e4
   4 Start/Stop Count  40100 0x0067
   5 Reallocated Sector Count 140200 0x
   7 Seek Error Rate   51200 0x
   9 Power-On Hours Count   0 63 0x6bef
  10 Spin Retry Count  51100 0x
  11 Calibration Retry Count   51100 0x
  12 Device Power Cycle Count   0100 0x004c
 194 Temperature0115 0x001c
 196 Reallocation Event Count   0200 0x
 197 Current Pending Sector Count   0200 0x
 198 Off-Line Scan Uncorrectable Sect   0200 0x
 199 Ultra DMA CRC Error Count  0200 0x
 200 Write Error Rate  51200 0x

You should have similar attributes.  If the Reallocated Sector Count and
Reallocation Event Count are non-zero, then you have failing sectors on
that drive (which is a good sign your disk is starting to head down
hill).

Re: pfctl table cleared time is jumping around

[Dan Harnett]

On Tue, Feb 23, 2010 at 05:24:30PM +0100, Henning Brauer wrote:
 * Dan Harnett dan...@harnett.name [2010-02-23 17:19]:
  'pfctl -t tablename -T expire ' is also currently broken.
  Everything appears to be removed from the table immediately regardless
  of ''.
  
  $ sudo cat /etc/pf.conf
  table testing persist counters
  
  $ sudo pfctl -vv -t testing -T add 172.16.1.8 172.16.1.9
  2/2 addresses added.
  A  172.16.1.8
  A  172.16.1.9
  
  $ sudo pfctl -vv -t testing -T expire 7200
  2/2 addresses expired.
  D  172.16.1.8
  D  172.16.1.9
 
 I don't remember any changes in that area lately so this puzzles me.
 do we know when this breakage was introduced, approximately?

I have narrowed it down to between 2010/01/11 and 2010/01/12.  It worked
fine on 2010/01/11.

Re: pfctl table cleared time is jumping around

[Dan Harnett]

On Tue, Feb 23, 2010 at 02:28:17PM -0500, Dan Harnett wrote:
 On Tue, Feb 23, 2010 at 05:24:30PM +0100, Henning Brauer wrote:
  I don't remember any changes in that area lately so this puzzles me.
  do we know when this breakage was introduced, approximately?
 
 I have narrowed it down to between 2010/01/11 and 2010/01/12.  It worked
 fine on 2010/01/11.
 


Probably wrong, but this fixes it.


Index: pf_table.c
===
RCS file: /cvs/src/sys/net/pf_table.c,v
retrieving revision 1.82
diff -N -u -p pf_table.c
--- pf_table.c  18 Jan 2010 23:52:46 -  1.82
+++ pf_table.c  23 Feb 2010 20:09:59 -
@@ -1112,6 +1112,7 @@ pfr_walktree(struct radix_node *rn, void *arg)
as.pfras_a.pfra_fback = PFR_FB_NOCOUNT;
}
splx(s);
+   as.pfras_tzero = ke-u._ke._pfrke_tzero;
 
if (COPYOUT(as, w-pfrw_astats, sizeof(as), flags))
return (EFAULT);

Re: Apache Firefox and Ogg Theora (Byte-range requests)

[Dan Harnett]

On Wed, Feb 17, 2010 at 02:04:03AM +, Stuart Henderson wrote:
 On 2010-02-16, trustlevel-...@yahoo.co.uk trustlevel-...@yahoo.co.uk wrote:
  I've seen examples of earlier versions than Apache 1.3.29 said to be working
  with byte-range requests, has anyone got the byte range requests to work 
  with
  openbsd without using php code or know how this can be done or if it works 
  by
  default.
 
 sorry, it's broken, maybe someone who uses base httpd and has some
 spare time might like to look into fixing it...
 
 http://permalink.gmane.org/gmane.os.openbsd.misc/169541
 


This appears to be due to the format of the string being passed to
strtonum().  ap_strtol() was tolerant of it.  It's being passed the
string from the Range: header.

For example, the following valid request (taken directly from sniffing a
wget session).

  GET /testfile HTTP/1.0
  Range: bytes=300417024-

This ends up following the code path of the first strtonum() call around
line 159 in http_protocol.c in the parse_byterange() function.  The
string passed to strtonum to convert (r-range) not only contains the
number from the header, but the trailing dash (300417024-), which
strtonum does not like.  As strtonum fails, the start offset is set to
0.

This bug should be present on a 64-bit arch as well.

Re: Switching to Postfix Using OpenBSD Package

[Dan Harnett]

On Thu, Feb 04, 2010 at 07:07:35AM -0500, Kenneth R Westerback wrote:
 or (even better)
 
 export PKG_PATH=mirror of your choice
 pkg_add postfix-2.7.20091209-sasl2.tgz
 
 or, if you want -stable rather than -snapshot
 
 pkg_add postfix-2.6.5-sasl2.tgz
 
 And follow the Postfix manual/web/whatever. That's what I did. I also bought
 some Postfix books. Eventually I got it working with TLS.


FWIW, postfix also supports the dovecot sasl implementation without the
need for the sasl2 flavor.

Re: The insecurity of OpenBSD

[Dan Harnett]

On Fri, Jan 22, 2010 at 07:22:58AM -0600, Marco Peereboom wrote:
 It doesn't and I'll argue all day that it won't help you a bit.

I couldn't agree more.

 BTW, microsoft implemented every single ACL type mechanism the NSA ever
 made public.  Tell me again how well it worked for them.

More importantly, how well has it worked for end users doing general
computing tasks?

Glancing through the author's other posts, I don't get the feeling that
this person is in an environment that needs the level of security that
the NSA does or has ever been in one.  Most of the posts revolve around
removing malware from Windows XP or which virus scanner is the best...
sarcasmI'm not sure why ACLs have not helped this person in those
situations./sarcasm

Nowhere in the article is proof provided that OpenBSD is insecure.
There are comparisons made.  OS A has 'this', OS B has 'that'.  OpenBSD
does not.  So, OpenBSD by comparison is less secure, therefore
insecure.  It's non-sense.  There isn't even proof that feature this
or feature that have provided stronger security.  Those features are
not enabled by default and are often tedious to get working correctly.
Basically, OS A does not benefit from this out of the box and OS B
does not benefit from that out of the box.  They are strawman
arguments with no actual facts.

The benefits of OpenBSD are not even covered.  The author claims OpenBSD
makes no effort to contain unauthorized remote access, yet many of the
default daemons attempt to contain security breaches through reduced
privileges and chroot.  Basically, the same effect the author claims a
MAC system would give you (if that system were infallible and effective,
as the author blindly believes).  It's built into the daemon, by
default.  How did the author miss this?

I also do not understand why strlcpy and strlcat are causing the author
so much grief.  This person didn't seem to know they existed before
writing the article.  I work in an ISP environment and it has caused
zero issues to both myself and our users.  Of course, the author does
not provide any real world examples of issues or exactly what code has
been broken by use of strlcpy or strlcat.

The author also missed how OpenBSD's current methods match it's
development model very well.  The OpenBSD developers are in control of
all the code.  There aren't 3rd party patches being introduced daily
that change thousands of lines of code with unknown consequences or
unintended interactions with the existing code base.  Correcting the
code works very well for OpenBSD.

The only facts I actually got from the article are (1) OpenBSD does not
have some type of MAC, which I already know, and have no problem with,
and (2) the author does not like OpenBSD and wants you not to like it,
too.

Re: The insecurity of OpenBSD

[Dan Harnett]

On Fri, Jan 22, 2010 at 02:47:27PM +1100, Aaron Mason wrote:
 On Fri, Jan 22, 2010 at 1:56 PM, Zamri Besar zam4e...@gmail.com wrote:
  The insecurity of OpenBSD
  http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/
 
  -zamri-
 
 
 
 An interesting read - but seems to just be ACLs, ACLs, ACLs and that's
 about it.  And this person's source on the failings of strl{cat,cpy}
 cite a guy from Redhat calling it ineffiient BSD crap and that's
 about it.

It's better if you remove all the non-sense, hypocrisy, and political
bull.  OpenBSD does not have some sort of MAC.  Okay, nothing new there.
Move along.

Re: X issue with Nov 24 amd46 snap

[Dan Harnett]

On Tue, Nov 24, 2009 at 02:58:18PM -0600, Neal Hogan wrote:
 Earlier today I upgraded my machine to the latest snapshot (nov 24) and
 there seems to be a problem with X. It starts okay, but then shortly
 after that it fails to respond to anything but the mouse. Also, the
 programs that I have running stop (ff35, mplayer, etc). I tried under both
 scrotwm and cwm . . . same behavior in each case.
 
 The freeze doesn't not appear to occur at the same time. During one
 attempt, all I had open were fetchmail/mutt and ff35 and after several
 minutes it locked up. However, when started ff35 and then mplayer the
 lock up occurs more quickly (within seconds).

I am able to reproduce this on a ThinkPad X40 (i386), Dell Mini 10v
(i386), and ThinkPad T61 (amd64).  Previous snapshots worked fine.  I
open a xterm then run the command 'ls -lR /'.  It doesn't take long to
freeze.  All those systems have Intel integrated graphics.  I am unable
to reproduce it on a ThinkPad X32 (i386 w/ATI radeon).  I'm also unable
to reproduce it with inteldrm disabled in the kernel.

dmesg for x40:

OpenBSD 4.6-current (GENERIC) #422: Tue Nov 24 01:33:16 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.40GHz (GenuineIntel 686-class) 1.40 
GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem  = 1600614400 (1526MB)
avail mem = 1542238208 (1470MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/21/06, BIOS32 rev. 0 @ 0xfd740, SMBIOS 
rev. 2.33 @ 0xe0010 (56 entries)
bios0: vendor IBM version 1UETD3WW (2.08 ) date 12/21/2006
bios0: IBM 2372CU5
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xdc000/0x4000! 
0xe/0x1
cpu0 at mainbus0: (uniprocessor)
cpu0: Enhanced SpeedStep 1396 MHz: speeds: 1400, 1300, 1200, 1100, 1000, 900, 
800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
io address conflict 0x5800/0x8
io address conflict 0x5808/0x4
io address conflict 0x5810/0x8
io address conflict 0x580c/0x4
mem address conflict 0x5f70/0x400
pchb0 at pci0 dev 0 function 0 Intel 82855GM Host rev 0x02
Intel 82855GM Memory rev 0x02 at pci0 dev 0 function 1 not configured
Intel 82855GM Config rev 0x02 at pci0 dev 0 function 3 not configured
vga1 at pci0 dev 2 function 0 Intel 82855GM Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x800
inteldrm0 at vga1: irq 11
drm0 at inteldrm0
Intel 82855GM Video rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81
pci1 at ppb0 bus 2
mem address conflict 0xb000/0x1000
cbb0 at pci1 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11
sdhc0 at pci1 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 5
sdmmc0 at sdhc0
em0 at pci1 dev 1 function 0 Intel PRO/1000MT Mobile (82541GI) rev 0x00: irq 
11, address 00:0a:e4:3b:a1:4d
ral0 at pci1 dev 2 function 0 Ralink RT2860 rev 0x00: irq 11, address 
00:0e:8e:1d:a6:93
ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R)
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01: 24-bit timer 
at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: MTRON MSD-PATA3018-ZIF2
wd0: 1-sector PIO, LBA, 30520MB, 62504960 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 5
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC2700CL2.5
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 5, ICH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 

Re: Problem with iwn firmware on 4.6 snapshots

[Dan Harnett]

On Fri, Oct 30, 2009 at 02:09:00PM +0100, Toma?? Bod??ar wrote:
 I'm using snapshots :
 
 $ sysctl kern.version
 kern.version=OpenBSD 4.6-current (GENERIC.MP) #259: Thu Oct 22 20:46:08 MDT
 2009
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 
 $
 
 So I will wait for next one. This is last available on mirros.

The kernel you are using predates the iwn changes.  The man page you
read postdates the changes.  So, yes, use the 5.1 firmware until you
update to a snapshot after 10/24.  That should match the firmware that
the iwn manual page included with the snapshot refers to.

Re: OT: Laptop advice. SSD costs.

[Dan Harnett]

On Mon, Sep 14, 2009 at 02:37:39PM +, Christian Weisgerber wrote:
  b) Any other comments?
 
 I don't think there is any SSD available that (1) can be fitted
 into an X40/X41, (2) is available in 64 GB or more, and (3) has
 reasonable performance for small random writes.
 
 It's frustrating as hell.

RunCore also makes a drive that fits without an adaptor.  AFAIK, it's
available in capacities ranging from from 16 to 128 GB.  Seems quite
expensive, though.

  http://www.runcorestore.com/ProductDetail.jsp?LISTID=80A5-1249409435

At least here, one could get a used X60 for the cost of the 128GB drive.

Re: Q: How to shop for a laptop to run OpenBSD?

[Dan Harnett]

On Sun, Aug 09, 2009 at 07:02:45PM +, Matthew Szudzik wrote:
 On Sun, Aug 09, 2009 at 07:39:19PM +0100, Edd Barrett wrote:
  Get a thinkpad, and replace the wireless card :)
 
 Maybe I'm paranoid, but I've been reluctant to get a new ThinkPad
 because they all have Intel AMT nowadays.
 
  http://marc.info/?l=openbsd-miscm=118302016430106
  
 http://software.intel.com/en-us/articles/architecture-guide-intel-active-management-technology/
 
 And according to the following forum post, there's no way to disable it
 
  http://forum.thinkpads.com/viewtopic.php?f=25t=62992

More recent BIOS updates have included an option to disable it.

Re: Q: How to shop for a laptop to run OpenBSD?

[Dan Harnett]

On Sun, Aug 09, 2009 at 11:46:50PM +, Matthew Szudzik wrote:
 On Sun, Aug 09, 2009 at 11:09:49PM +0100, Edd Barrett wrote:
  mode so well. Remember if you do want to change the wifi card in a
  thinkpad, use tpwireless to unlock the bios check.
 
 But does tpwireless work on recent ThinkPads?  According to the list of
 successful BIOS modifications at

tpwireless does not work on recent ThinkPads.  You can find recent
modified BIOS images (including for the W500) by reading the first
message here: http://forum.thinkpads.com/viewtopic.php?f=29t=55837

Re: mount point busy, can't find process holding it

[Dan Harnett]

On Wed, Jul 29, 2009 at 06:06:16AM +0200, frantisek holop wrote:
 
 amaaq$ sudo fstat /adata
 USER CMD  PID   FD MOUNTINUM MODE   R/WSZ|DV NAME

You should use the '-f' option to fstat.

  $ sudo fstat -f /adata

One possibility is shared libraries or objects.

Re: LocalKeyword in CVSROOT/config

[Dan Harnett]

On Thu, Jul 23, 2009 at 06:44:31PM +0300, Soner Tari wrote:
 I am trying to achieve a custom $Id$ keyword in my source files with a
 cvs repository on OpenBSD, just like $OpenBSD$ keyword expansion.

Did you create your repository on OpenBSD?  If so, then your
CVSROOT/config should have already mentioned this at one point.  If not,
here are the default comments.

CVSROOT/config created by /usr/bin/cvs:

  # Set this to the name of a local tag to use in addition to Id
  #tag=OurTag

CVSROOT/config created by /usr/bin/opencvs:

  # Set name of the local tag to use in addition to `Id'
  #tag=OpenBSD

Re: sendmail: restrict sender domain for authenticated users

[Dan Harnett]

On Sun, Jun 21, 2009 at 05:42:22PM +0200, Markus Wernig wrote:
 
 I have sendmail on 4.4 as MX and relay for outgoing mail using smtp
 auth. Now some users started using arbitrary from: addresses in their
 mail clients. I would like to restrict those sender addresses to the
 local domains, i.e. allow them to send mail from u...@my.domain or
 u...@my.other.domain, and reject their mails from u...@foreign.domain,
 preferably during the smtp dialog between MUA and sendmail.
 
 I've searched the sendmail docs and google, but can't find how to do
 this. Is it possible at all?

Without modifying rulesets or running multiple instances of sendmail, I
think the simplest way is to use milter-regex.  You can even match the
authenticated username against specific envelope senders rather than any
local domain.  Otherwise, you're probably looking at implementing
something similar to this[1] in your configuration file.

[1] http://www.sendmail.org/~ca/email/restrict.html

Re: OpenBSD 4.4: dnsbl just for port 25 (not msa 587)

[Dan Harnett]

On Tue, Jun 23, 2009 at 07:33:15AM -0700, Philip Guenther wrote:
 Hmm, this seems to not match the documentation in
 /usr/share/doc/smm/08.sendmailop: the meaning you give for the 'a' and
 'l' flags are correct for the srv_features ruleset, but not for the
 DaemonPortOptions option.

My mistake.  You're absolutely right.

Re: OpenBSD 4.4: dnsbl just for port 25 (not msa 587)

[Dan Harnett]

On Mon, Jun 22, 2009 at 07:19:09PM -0600, Alvaro Mantilla Gimenez wrote:

According to the /usr/share/sendmail/README file, it is necessary to
 add the a modifier to the line that define the MSA: Additionally, by
 using the M=a modifier you can require authentication before messages
 are accepted by the MSA

Actually, 'a' will only advertise that SMTP AUTH is available, it does
not require it.  You want to use 'l' to enforce it.

  DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=El')dnl

This won't even allow mail to local recipients without authentication
first.

   Why the original line (without the a modifier) port 587 requires
 authentication as well?. Is it implicit in other place? I already
 checked several times the send process with/without the a modifier and
  I needed the authentication in both cases all the times to be able to
 send an email trough the 587 port.

How did you test this?  Do you have any Srv_Features listed in your
access map?  Authentication is not required in the default config.  In
fact, it's not even available.  Some clients (like Thunderbird, IIRC)
will always try to authenticate if the mail server announces SMTP AUTH
as a feature during the EHLO/HELO state.  Are you sure you're not
confusing an annoying client feature with enforcing authentication?

  Spamhouse said that the only thing I need to avoid that error is to
 have SMTP AUTH enable on the server on port 587 (which I already have as
 my previous question about the lines on openbsd-proto.mc).

Authenticated users will skip the DNSBL checks if you use
FEATURE(`delay_checks') in your .mc file.

 587? Sadly I can test it myself because my IP does not appear on PBL
 lists and my users will connect during my sleep time (I am 8 hours behind).

You can always setup your own test DNSBL that lists just your IP
address.

Re: azalia

[Dan Harnett]

On Tue, Jun 09, 2009 at 05:19:21AM +, Jacob Meuser wrote:
 On Mon, May 04, 2009 at 08:21:52AM +, Jacob Meuser wrote:
  I put a lot of work into azalia(4) in the last release cycel, and I'd
  like to be able to say, when 4.6 release comes, that azalia is
  completed.
  
  by completed I mean it just works as expected, by default, everywhere.
  
  so, if you are using OpenBSD 4.5 or -current, and you have *any*
  issues with azalia(4) (I mean anything, even if it seems small or 
  is not really a bug but I change this everytime), please let me
  know.
 
 if anyone still has any problems with azalia, please let me know.

I noticed this a while ago, but don't really care because I disable it
anyway.  However, if you're interested...

The alarm on my ThinkPad T61 and ThinkPad X61s no longer seem to work.
It's just a beep or series of beeps when the A/C power state changes or
the battery starts to run low.

Here is the mixerctl and dmesg output for the X61s.

inputs.dac=186,186 
inputs.dac2=186,186 
inputs.hp_source=sel6,mix6  { sel6 mix6 }
inputs.spkr_source=dac2,mix6  { dac2 mix6 }
record.adc2_source=mic2  [ mic mic2 ]
record.adc2_mute=on  [ off on ]
record.adc2=124,124 
record.adc_source=mic  [ mic mic2 ]
record.adc_mute=on  [ off on ]
record.adc=216,156 
inputs.sel3_source=dac  [ dac dac2 ]
inputs.sel4_source=dac  [ dac dac2 ]
inputs.beep_mute=off  [ off on ]
inputs.beep=119 
outputs.hp_mute=off  [ off on ]
outputs.hp_boost=off  [ off on ]
outputs.spkr_mute=off  [ off on ]
outputs.spkr_boost=off  [ off on ]
outputs.spkr_eapd=on  [ off on ]
inputs.mic=85,85 
outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50 input-vr80 
input-vr100 ]
inputs.mic2=85,85 
outputs.mic2_dir=input-vr80  [ none input input-vr0 input-vr50 input-vr80 
input-vr100 ]
outputs.mic3_mute=on  [ off on ]
outputs.mic3_dir=input-vr80  [ none output input input-vr0 input-vr50 
input-vr80 input-vr100 ]
outputs.vendor_source=hp  [ hp spkr adc2 adc sel3 sel4 beep hp ]
inputs.mix4_source=sel3,mix6  { sel3 mix6 }
inputs.mix6_source=mic,mic2  { mic mic2 }
inputs.mix6_mic=120,120 
inputs.mix6_mic2=120,120 
outputs.mix6_mute=off  [ off on ]
outputs.mix6=120,120 
inputs.sel6_source=dac  [ dac dac2 ]
inputs.sel7_source=dac  [ dac dac2 ]
inputs.mic3_source=sel7,mix6  { sel7 mix6 }
inputs.mic3=85,85 
outputs.vendor2_source=mic  [ mic mic2 mic3 ]
outputs.hp_sense=plugged  [ unplugged plugged ]
outputs.mic_sense=unplugged  [ unplugged plugged ]
outputs.mic3_sense=unplugged  [ unplugged plugged ]
outputs.spkr_muters=hp,mic,mic3  { hp mic mic3 }
outputs.master=190,190 
outputs.master.mute=off  [ off on ]
outputs.master.slaves=dac,dac2,hp,spkr  { dac dac2 beep hp spkr mic3 mix6 mic3 }
record.volume=124,124 
record.volume.mute=on  [ off on ]
record.volume.slaves=adc2,adc  { adc2 adc mic mic2 }

OpenBSD 4.5-current (GENERIC.MP) #16: Tue Jun  9 02:21:45 EDT 2009
d...@ares.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2119892992 (2021MB)
avail mem = 2046922752 (1952MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (63 entries)
bios0: vendor LENOVO version 7NETB8WW (2.18 ) date 09/26/2008
bios0: LENOVO 7668CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) IGBE(S4) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz, 1596.30 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz, 1596.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus -1 (EXP3)
acpiprt6 at acpi0: bus -1 (EXP4)
acpiprt7 at acpi0: bus 5 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4631 serial  4147 type LION oem SONY
acpibat1 at acpi0: BAT1 not present

Re: fc -l only showing 16 commands not 500

[Dan Harnett]

On Tue, Jun 09, 2009 at 05:06:57PM -0700, Mark Yieh wrote:
 I just noticed that when I try to recall my history of commands by  
 issuing a fc -l command it only shows me the last 16 commands even  
 though my $HISTSIZE is the default 500. Anyone know why it's doing this? 
 I also tried to set my $HISTFILE to $HOME/.history just to see if that 
 makes any difference, but it doesn't.

 I'm using the default ksh shell on a GENERIC 4.5 kernel.

fc -l -500 would show you the last 500 commands.  See ksh(1) for the
proper usage.

Re: Incredibly strange DNS / Sendmail problem

[Dan Harnett]

On Thu, May 14, 2009 at 10:43:54AM -0500, Eric wrote:
 I'm encountering a strange DNS / e-mail problem an a mail server 
 running OpenBSD 4.3.
 
 Sometimes, DNS returns completely unexpected results.  I get two
 completely different answers to the same DNS query with the incorrect
 answers being returned by the DNS server that is being used by the
 mail server.

It's not that strange.

d...@noc:~$ dig @dns1.name-services.com ruhl.in   

;  DiG 9.4.2-P2  @dns1.name-services.com ruhl.in
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 6509
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ruhl.in.   IN  A

;; ANSWER SECTION:
ruhl.in.1800IN  CNAME   ghs.google.com.

;; Query time: 281 msec
;; SERVER: 98.124.192.1#53(98.124.192.1)
;; WHEN: Thu May 14 12:49:13 2009
;; MSG SIZE  rcvd: 53
  
'ruhl.in' has a CNAME record.  Technically, it shouldn't be advertising
any other records, but it is, and this is the source of the issue.

If your first query is for the MX record, then your resolver will cache
the the authoritative MX records from dnsN.name-services.com.  If your
first query is for an A record or anything that will return and cache
the CNAME, then your resolver will cache that as the authoritative
answer and use that instead of making new MX queries.

##
## MX queried first (after flushing the cache)
##
d...@noc:~$ host -t mx ruhl.in  # first query
ruhl.in mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 30 ALT2.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 40 ASPMX2.GOOGLEMAIL.COM.
ruhl.in mail is handled by 50 ASPMX3.GOOGLEMAIL.COM.
ruhl.in mail is handled by 10 ASPMX.L.GOOGLE.COM.

d...@noc:~$ host ruhl.in  # second query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
ghs.l.google.com has address 209.85.171.121

d...@noc:~$ host -t mx ruhl.in  # cached
ruhl.in mail is handled by 50 ASPMX3.GOOGLEMAIL.COM.
ruhl.in mail is handled by 10 ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 20 ALT1.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 30 ALT2.ASPMX.L.GOOGLE.COM.
ruhl.in mail is handled by 40 ASPMX2.GOOGLEMAIL.COM.

##
## MX queried second (after flushing the cache)
##
d...@noc:~$ host ruhl.in  # first query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
ghs.l.google.com has address 209.85.171.121

d...@noc:~$ host -t mx ruhl.in  # second query
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.

d...@noc:~$ host -t mx ruhl.in  # cached
ruhl.in is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.


named-checkzone even complains if you setup a zone like this.

d...@noc:~$ cat example.txt 
$TTL 1d

@   SOA noc.example.com. hostmaster.example.com. (
2009051400  ; serial
16384   ; refresh
2048; retry
1048576 ; expire
2560 )  ; minimum

@   NS  ns1.example.com.
@   NS  ns2.example.com.

@   CNAME   ghs.google.com.

@   A   192.168.1.1
@   MX  10 mx0
@   MX  20 mx1

mx0 A   192.168.1.2
mx1 A   192.168.1.3

d...@noc:~$ named-checkzone example.com example.txt
dns_master_load: example.txt:17: example.com: CNAME and other data
dns_master_load: example.txt:17: example.com: CNAME and other data
dns_master_load: example.txt:17: example.com: CNAME and other data
zone example.com/IN: loading from master file example.txt failed: CNAME and 
other data

For more info: http://www.zytrax.com/books/dns/ch8/cname.html

Re: sendmail vs. other MTAs

[Dan Harnett]

On Tue, May 12, 2009 at 09:55:48PM +0200, Felipe Alfaro Solana wrote:
 On Tue, May 12, 2009 at 9:31 PM, L. V. Lammert l...@omnitec.net wrote:
  At 09:16 PM 5/12/2009 +0200, Felipe Alfaro Solana wrote:
 
   If you want simple, install Webmin. Runs fine with sendmail, default
   install!
 
  I'm not that crazy to combine something that remembers passwords in
  clear text with an MTA that has a horrible security track record.
 
  If this is clear text, I want to know where you got your glasses:
 
  B  B  B  B admin:XXl2dzFGzv.Yk:0
 
  Also, if sendmail has such a horrible track record, why is it the default
  MTA on this system? We handle 40K+ emails daily on a single box with no
  problems at all.
 
 http://en.securitylab.ru/nvd/378946.php

http://www.sendmail.org/releases/8.13.2

sarcasmWow.  A bug in a version of sendmail 4+ years old.  I better switch 
away
immediately./sarcasm

Maybe you should advocate avoiding Postfix as well.

http://www.postfix.org/announcements.html

Re: sendmail vs. other MTAs

[Dan Harnett]

On Tue, May 12, 2009 at 09:55:48PM +0200, Felipe Alfaro Solana wrote:
 On Tue, May 12, 2009 at 9:31 PM, L. V. Lammert l...@omnitec.net wrote:
  At 09:16 PM 5/12/2009 +0200, Felipe Alfaro Solana wrote:
 
   If you want simple, install Webmin. Runs fine with sendmail, default
   install!
 
  I'm not that crazy to combine something that remembers passwords in
  clear text with an MTA that has a horrible security track record.
 
  If this is clear text, I want to know where you got your glasses:
 
  B  B  B  B admin:XXl2dzFGzv.Yk:0
 
  Also, if sendmail has such a horrible track record, why is it the default
  MTA on this system? We handle 40K+ emails daily on a single box with no
  problems at all.
 
 http://en.securitylab.ru/nvd/378946.php
 

Of course, the really funny thing is that gmail.com is running sendmail.

Re: autowhitelister for spamd needs testing

[Dan Harnett]

On Fri, Apr 24, 2009 at 02:16:57PM +1000, Aaron Mason wrote:
 On Fri, Apr 24, 2009 at 11:01 AM, Dan Harnett dan...@harnett.name wrote:
  On top of that, if VeriSign could be tricked into signing a fake
  Microsoft ActiveX key, can you really trust the authorities?
 
  Are you implying SPF records are validated somewhere and signed by a
  trusted third party?  They're not.  They're provided by the bad guys.  A
  more proper analogy would be that you received an ActiveX control signed
  by The Bad Guys Who Do Bad Things.  They were nice enough to sign it,
  so you accept it.
 
 
 I was implying no such thing.  I was referring to using WHOIS to block
 spammers on the basis of the date the domain was registered.

Then your analogy didn't even make sense.  No one is being tricked.  I
can recycle old domains as well.  You don't get it.

  asfjsakf1359.com TXT v=spf1 a:mail.asfjsakf1359.com ip4:0.0.0.0/0 ~all
 
 Ok, now that gives us a pointer by which to block fraudulent folk.
 That record means anyone and everyone can send an email using that
 domain name.  A proper SPF record wouldn't have an all-encompassing IP
 range.  In fact, who in the world would have anything more than a /7
 block?

That is a proper SPF record.  So, in addition to filtering e-mail,
you're going to start using complicated filters to screen out SPF
records because you're dumb enough to whitelist everything the spammer
tells you to?  Go for it.  Have fun with that.

 However that alone wouldn't deter any spammer - just limit the range
 to what's accepted and you're in.  And any limit you set will only
 cause more dramas.  Sure you could limit it to /24 and smaller, or
 even to single addresses, but what about those select folk who have
 been assigned /8 classless subnets?  That's a whole lotta SPF records
 for one subdomain.

I gave you the simplest and quickest example that came to mind.  If you
have even half a brain, then you'd realize how trivial it would be to
list single IP addresses.  I can even obfuscate it to the point of
nested 'include:'s to keep the TXT records a decent size.  Spammers have
always been one step ahead.  Anything like auto-whitelisting SPF records
would be picked up rather fast and abused easily if it gained widespread
acceptance.  They don't even need to go as far as my example did.  They
just need to whitelist their own little spam haven, which you'll happily
do.

 No solution is perfect, but a small group of imperfect solutions is a
 far cry better than no solutions at all and our mailboxes being
 inundated with spam.  The problem's here to stay, all we can do is
 deal with it as best we can.

You're auto-whitelisting whatever the spammer tells you to and you think
that is preventing spam?  LOL.  The only hinderance here is the brief
moment greylisting was working until you whitelisted the entire
internet.  I think you still don't get it.

Re: autowhitelister for spamd needs testing

[Dan Harnett]

On Thu, Apr 23, 2009 at 03:32:49PM +1000, Aaron Mason wrote:
 On Thu, Apr 23, 2009 at 10:30 AM, Stuart Henderson s...@spacehopper.org 
 wrote:
 
  I see a tiny little problem with this method... sometimes people send
  spam from domains whose DNS they control.
 
 If this is the case, then you have an almost direct pointer to the cause.
 
 The only way this wouldn't work is if the SPF records get spoofed as a
 result of a lazy sysadmin not updating the DNS server with a more
 secure version.

Huh?  Spammers have been using throw away domains for ages.  Adding a
SPF record to their own domains has been trivial.  No spoofing required.
Basically, you're accepting input from the bad guys and treating it as
valid and trusted.  Bad idea.

 You could blacklist domains that fraudulently pass the SPF filter, but
 that would defeat the purpose - you'd be working as hard as you would
 be if you were maintaining manual whitelists or blacklists.

Auto-whitelisting based on input from the spammer is bad.  You may as
well save yourself the trouble and not use spamd.

Re: spam from chrooted CMSes

[Dan Harnett]

On Fri, Apr 10, 2009 at 09:42:21AM +0800, Uwe Dippel wrote:
 I'm running postfix as MTA on a machine with several CMS, on a chrooted  
 Apache.  Recently, there is a huge number of spam being sent from there,  
 alas. When I scan the postfix-logs, all those come from 'root', meaning  
 they don't come through port 25. I run OpenBSD with mini-sendmail, and  
 now I wonder how I could find out from which CMS they are sent. Is there  
 any chance to find out from which CMS they are sent?

It'll take a little bit of effort on your part, but you can compare the
time and date in the maillog with the apache logs.  It should become
apparent very quickly which CMS the spam is coming from as you will see
a repeated number of hits in your apache log within close proximity of
the times in the maillog.

Re: Overlay missing with intel(4)

[Dan Harnett]

On Tue, Mar 24, 2009 at 06:00:24PM -0400, Aaron W. Hsu wrote:
 I have an intel device which seems to work pretty well if I use the
 VBLANK mode trick with glxgears, but it plays large videos terribly. I
 am wondering why. I noticed that overlay does not seem to be configured
 when I ran xvinfo. Is there some reason for this? Is this normal for my
 chipset? Did I misconfigure something?

From here[1]:

The 2D Video Overlay Adaptor for Xvideo isn't available anymore.
(Xvideo or xv is the xorg way of displaying vidoes and do fast
scaling (to fullscreen output and stuff)) However the textured video
adaptor for Xv is still available BUT it's broken.  Since nobody
cared about this before (because there was the better Video Overlay
available) the textured video causes a effect called Tearing (or
horizontal flicker) ...

[1] http://www.thinkwiki.org/wiki/Intel_GMA_X4500HD

Re: 4.5-beta - x61s - headphones silent and no way to get the music loud :)

[Dan Harnett]

On Thu, Mar 05, 2009 at 11:31:53PM +0100, Sebastian Rother wrote:
 After updating to 4.5-beta I noticed that my headphones are very very
 silent and I don't find a way to turn them luder somehow.
 
 I raised any setting, even those who where no even supposed to turn the
 headphones louder but I wanted to ensure there's no naming issue.
 The speakers work perfectly!

Set inputs.sel6_source=dac.  You can make it persistent across reboots
by setting it in /etc/mixerctl.conf.

 I can also hear everything recorded by the microphone.

So, play with the varius mute toggles and mute the mic?

Re: 4.5-beta - x61s - headphones silent and no way to get the music loud :)

[Dan Harnett]

On Thu, Mar 05, 2009 at 11:31:53PM +0100, Sebastian Rother wrote:
 After updating to 4.5-beta I noticed that my headphones are very very
 silent and I don't find a way to turn them luder somehow.
 
 I raised any setting, even those who where no even supposed to turn the
 headphones louder but I wanted to ensure there's no naming issue.
 The speakers work perfectly!

Set inputs.sel6_source=dac.  You can make it persistent across reboots
by setting it in /etc/mixerctl.conf.

 I can also hear everything recorded by the microphone.

You can play with the various toggles and mute the mic.

Re: -current cwm toggle full-screen

[Dan Harnett]

On Mon, Mar 02, 2009 at 06:53:48PM +0100, Pau wrote:
 funny, I have the problem with all applications... I will check which
 snapshot I am using

Are you using RandR?  Or more specifically, changing the resolution,
number of heads, or screen orientation dynamically?

Re: kernel freeze randomly

[Dan Harnett]

On Wed, Feb 25, 2009 at 10:17:09AM -0500, Ted Unangst wrote:
 On Wed, Feb 25, 2009 at 9:22 AM, Andreas Kahari
 andreas.kah...@gmail.com wrote:
  That's exactly what I have as well in my dmesg with a kernel built
  from today's sources, well, almost:
 
  cpu0: unknown Enhanced SpeedStep CPU, msr 0x0615081906000615
  cpu0: using only highest and lowest power states
  cpu0: Enhanced SpeedStep 1200 MHz (1036 mV): speeds: 1600, 1200 MHz
 
  With apmd enabled, I experienced a freeze just hours ago, so I
  reverted to a kernel built on the 19th.
 
 you are apparently the lucky owner of a machine that crashes when
 other people's systems are stable and is stable when other people's
 machines crash...

It's a shame I don't have this kind of luck with lottery tickets.  I'm
able to reproduce the hang still using both -current and the latest
amd64 snap.  To reproduce, I just continuously scp a large file to
another machine while 'apmd -C' is running.  'apmd -L', 'apmd -H', or
not running apmd works fine.  I'm able to reproduce regardless of AC
status.  It's frozen completely when it happens.  I can't even break
into ddb.  Rather than sit there and wait for god knows how long to
trigger it (usually happens quickly), I play some music, run the scp in
a loop, and just wait to hear it.  I don't know if it is any indication
that the machine is stuck in an uninterruptable loop somewhere or just
the behavior of the sound hardware, but once it hangs, the song goes
into a quick repetitive loop.  Like a second or so of the song just
keeps repeating.

Here's my Lenovo ThinkPad X61s.

OpenBSD 4.5-beta (GENERIC.MP) #0: Wed Feb 25 19:33:20 EST 2009
d...@thor.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3210412032 (3061MB)
avail mem = 3101503488 (2957MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (63 entries)
bios0: vendor LENOVO version 7NETB8WW (2.18 ) date 09/26/2008
bios0: LENOVO 7668CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT 
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) DURT(S3) IGBE(S4) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz, 1596.24 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU L7500 @ 1.60GHz, 1596.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus -1 (EXP3)
acpiprt6 at acpi0: bus -1 (EXP4)
acpiprt7 at acpi0: bus 5 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4631 serial  4147 type LION oem SONY
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0615081a0600081a
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1600 MHz (1116 mV): speeds: 1600, 1200 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 10)
drm0 at inteldrm0
Intel GM965 Video rev 0x0c at pci0 dev 2 function 1 not configured
em0 at pci0 dev 25 function 0 Intel ICH8 IGP M AMT rev 0x03: apic 1 int 20 
(irq 11), address 00:1f:16:3a:0d:00
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 20 (irq 
11)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 21 (irq 
11)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 22 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root 

Re: kernel freeze randomly

[Dan Harnett]

On Wed, Feb 25, 2009 at 10:17:09AM -0500, Ted Unangst wrote:
 On Wed, Feb 25, 2009 at 9:22 AM, Andreas Kahari
 andreas.kah...@gmail.com wrote:
  That's exactly what I have as well in my dmesg with a kernel built
  from today's sources, well, almost:
 
  cpu0: unknown Enhanced SpeedStep CPU, msr 0x0615081906000615
  cpu0: using only highest and lowest power states
  cpu0: Enhanced SpeedStep 1200 MHz (1036 mV): speeds: 1600, 1200 MHz
 
  With apmd enabled, I experienced a freeze just hours ago, so I
  reverted to a kernel built on the 19th.
 
 you are apparently the lucky owner of a machine that crashes when
 other people's systems are stable and is stable when other people's
 machines crash...

I'm 2 for 2.  I can reproduce the hang on my Lenovo ThinkPad T61 as
well.  I'm gonna go hit up a casino.

OpenBSD 4.5-beta (GENERIC.MP) #0: Wed Feb 25 19:33:20 EST 2009
d...@thor.localdomain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2103115776 (2005MB)
avail mem = 2030100480 (1936MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (73 entries)
bios0: vendor LENOVO version 7LETC4WW (2.24 ) date 08/15/2008
bios0: LENOVO 7658CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT 
SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) IGBE(S4) EXP0(S4) 
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz, 2095.11 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz, 2094.75 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 3MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T5225 serial  2417 type LION oem Panasonic
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06174a2206004a22
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 14800 MHz (1244 mV): speeds: 14800, 1200 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1: apic 1 int 16 (irq 10)
drm0 at inteldrm0
Intel GM965 Video rev 0x0c at pci0 dev 2 function 1 not configured
em0 at pci0 dev 25 function 0 Intel ICH8 IGP M AMT rev 0x03: apic 1 int 20 
(irq 11), address 00:1c:25:78:07:ba
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 20 (irq 
11)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 21 (irq 
11)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 22 (irq 
11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: apic 1 int 
17 (irq 11)
azalia0: RIRB time out
azalia0: codecs: Analog Devices AD1984, Conexant/0x2bfa, using Analog Devices 
AD1984
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03: apic 1 int 20 (irq 
11)
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03: apic 1 int 21 (irq 
11)
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 1 int 
17 (irq 11), MoW1, address 00:1c:bf:cf:92:f9
ppb2 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x03: apic 1 int 22 (irq 
11)
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03: apic 1 int 23 (irq 
11)
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 

Re: kernel freeze randomly

[Dan Harnett]

On Wed, Feb 25, 2009 at 08:36:22PM -0500, Dan Harnett wrote:

 I'm 2 for 2.  I can reproduce the hang on my Lenovo ThinkPad T61 as
 well.  I'm gonna go hit up a casino.

Using em0, btw.  pf disabled.

em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:1c:25:78:07:ba
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::21c:25ff:fe78:7ba%em0 prefixlen 64 scopeid 0x1
inet 192.168.1.104 netmask 0xff00 broadcast 192.168.1.255

Re: kernel freeze randomly

[Dan Harnett]

On Wed, Feb 25, 2009 at 09:07:52PM -0500, Ted Unangst wrote:
 Ok, there are several code points here, and I'm having trouble keeping
 track of them all and who's machine worked how when.
 
 First, there's A.  This is the code that shipped in 4.4.
 Then we have B.  This was the code that went in ~2 months ago.
 Then there was C, part of B backed out, but much like A, (call it A')
 for a few days.
 Then we went back to B for a brief time.
 Now we are at D, all of B backed out.  I'll call this A''.
 
 So there are basically 2 varieties of the code, A and B.
 
 A and A'' should be identical, except for other unrelated changes in
 the kernel.  The first question is, did anyone experience these
 problems with 4.4?  If you are having trouble, is your system stable
 with B?

I'm not sure that this is a new bug recently introduced or if it has
always been there, but never triggered.  I haven't had the X61s long
enough to comment on it's stability.  The T61 I've had for close to a
year now and it appeared to be completely stable.  It's been following
amd64 snapshots just shy of 4.3-beta.  Even with the acpicpu.c and est.c
changes that were in 4.3-current, backed out for 4.4, reintroduced in
4.4-current, and now backed out once again, it appeared stable.  The
changes to apmd appear to trigger the bug.  Now, with 1.50 and 1.51 of
apmd.c reverted, I can no longer reproduce the bug.  With my recent luck
(or misfortune), I'd bet this is an old bug that has been lingering for
a while.  I also haven't been able to reproduce it on i386.

Re: SpeedStep on Intel Core2Duo not detected anymore

[Dan Harnett]

On Mon, Feb 23, 2009 at 09:32:24AM +0100, Robert wrote:
 Hi,
 
 perhaps i am totally missing something, but in the last snapshots
 speedstep isn't detected by the kernel anymore. (ergo no hw.setperf)
 
 I noticed this on my Thinkpad X200. [1]
 Tested the Feb 22 snapshots on another Core2Duo system [2] and there it
 doesn't work, too.
 It's the same with a kernel built from -current sources.
 
 I am sure it worked about 2 to 3 weeks ago. I might have missed to
 notice it since.
 
 Does anyone else see this behaviour?

Yep.  I believe this is the change you missed.

  Changes by: ma...@cvs.openbsd.org   2009/02/17 20:13:49

  Modified files:
  sys/dev/acpi   : acpicpu.c 

  Log message:
  Backout PDC  PPC changes because it hangs several laptops.

Re: kernel freeze randomly

[Dan Harnett]

On Wed, Feb 11, 2009 at 08:09:16PM +0100, Markus Bergkvist wrote:
 I get kernel freeze randomly on Compaq 6710b with -CURRENT synced today.  
 It is best reproduced by keeping the system busy, such as building  
 userland, but there are no guarantees.

 I've been running memtester and also memory and hd test in bios, no  
 errors were found.

 I get no ddb or any other output on terminal, it just freezes up. What  
 can I do to retrieve information so I can file a proper bug report?  
 There is no DE-9 contact but the serial port is enabled in BIOS and I do  
 have a uftdi-device, if that might be useful. Any help is appreciated.

I'm seeing the same issue on any amd64 machine I've tried.  The i386
snapshot from the same date works fine on the same machines.  I'm not
even able to invoke ddb from the console.  I've been able to trigger it
with a lot of disk activity (dd, scp or rsync of large files, etc).
Sometimes they lock up immediately, sometimes it takes a fews minutes,
but that always seems to trigger it for me.

Re: kernel freeze randomly

[Dan Harnett]

On Fri, Feb 13, 2009 at 11:46:37AM -0600, Marco Peereboom wrote:
 I think we have narrowed this down to acpicpu + apmd.  Do you run both
 as well?

Yes, I do.

 On Fri, Feb 13, 2009 at 11:42:34AM -0500, Dan Harnett wrote:
  On Wed, Feb 11, 2009 at 08:09:16PM +0100, Markus Bergkvist wrote:
   I get kernel freeze randomly on Compaq 6710b with -CURRENT synced today.  
   It is best reproduced by keeping the system busy, such as building  
   userland, but there are no guarantees.
  
   I've been running memtester and also memory and hd test in bios, no  
   errors were found.
  
   I get no ddb or any other output on terminal, it just freezes up. What  
   can I do to retrieve information so I can file a proper bug report?  
   There is no DE-9 contact but the serial port is enabled in BIOS and I do  
   have a uftdi-device, if that might be useful. Any help is appreciated.
  
  I'm seeing the same issue on any amd64 machine I've tried.  The i386
  snapshot from the same date works fine on the same machines.  I'm not
  even able to invoke ddb from the console.  I've been able to trigger it
  with a lot of disk activity (dd, scp or rsync of large files, etc).
  Sometimes they lock up immediately, sometimes it takes a fews minutes,
  but that always seems to trigger it for me.

Re: Backup strategies

[Dan Harnett]

On Tue, Feb 03, 2009 at 04:29:41PM -0500, Jonathan Thornburg wrote:
 Etienne Robillard robillard.etienne () gmail ! com wrote
  i kinda like cpio for fast backup of filesystems... for large media
  files (think anime movies) -- I think its generally best to just
  burn them on a iso..
 
 I have found rsync to an external usb hard disk to work very nicely;
 these are now cheap and readily available up to over a terabyte.
 Here are a few notes from my experience using this strategy for the
 past several years:

I do the same for my laptop.  I use a drive compatible with my laptop in
an USB enclosure.  I partition the USB disk identical to the one in my
laptop and use rsync to clone the data.  Should the drive in my laptop
fail, I can just pop the disk out of the USB enclosure and into the
laptop.  It's also possible to just boot off the USB disk.

  #!/bin/sh
  set -x
  rsync -aHESvv --delete \
--exclude '/home/jonathan/crypt/*' \
--exclude '/mnt/oxygen/home/jonathan/crypt/*' \
/home/jonathan/ /mnt/oxygen/home/jonathan/
   This works fine except that the --exclude options are not honored
   (files under those directories are still copied).  I don't know what's
   wrong there...

They are honored.  The path is relative.  You're actually excluding
'/home/jonathan/home/jonathan/crypt/*', etc.

  rsync -aHESvv --delete --exclude '/crypt/*' \
/home/jonathan/ /mnt/oxygen/home/jonathan/

This link[1] and rsnapshot in ports may also be of interest to some.

[1] http://www.mikerubel.org/computers/rsync_snapshots/

Re: Sendmail: new one on me..

[Dan Harnett]

On Thu, Jan 29, 2009 at 09:57:26AM -0500, Chris Ditri wrote:
 Wait... I get it now.  I did some more reading.  The dell server is
 trying to send the message to my server encrypted, it gets to my

The part of the log you pasted was an outgoing connection from your
server.  If it was incoming, then you would see STARTTLS=server.
You're barking up the wrong tree.  The only relevance that snippet may
have is that something was sent to Dell's server (possible bounce, virus
warning, etc).

 server, my server has a self-signed certificate and because of this,
 the transaction fails.  According to what I'm reading here
 (http://www.ietf.org/rfc/rfc2487.txt and
 http://www.sendmail.org/~ca/email/starttls.html), if I had my
 certificate signed, the two servers would have been able to negotiate
 a connection, and it would probably go through.

There hasn't been any indication that the message didn't go through.
The certificate that failed verification was Dell's, not yours.  Either
you don't have a proper chain of trust setup, or Dell is using a
certificate in which you do not have the signer's public certificate
(self-signed, oddball unpopular company, etc).

 So I am not misconfigured, I'm just not set up to receive this sort of
 communication...

Failing the certificate verification won't necessarily prevent the
encryption or the delivery.  It's just an indicator that you shouldn't
place any trust the communication channel.  You can configure sendmail
not to even bother trying to verify via the access map or the
configuration file.

An example for the access map.  This will enable verification for hosts
that resolve to 'my.domain', but not for anyone else.  Note that it will
not prevent delivery should the certificates in 'my.domain' fail
verification.

  Srv_Features:my.domainv
  Srv_Features: V

If you think you're having an issue with STARTTLS when communication
with Dell (which you haven't shown any indication of), then you can also
do something like this in the access map to disable it.

  Try_TLS:smtp.ins.dell.com NO
  Try_TLS:smtp2.ins.dell.comNO

Most of this is covered in /usr/share/sendmail/README.

Re: Sendmail: new one on me..

[Dan Harnett]

On Thu, Jan 29, 2009 at 09:57:26AM -0500, Chris Ditri wrote:
 So I am not misconfigured, I'm just not set up to receive this sort of
 communication...

Snippet from your own message headers.

 Received: from mx1.brokensolstice.com (h-72-245-233-170.sfldmidn.covad.net 
 [72.245.233.170])
 by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id n0TEvXXr014459 
 (version=TLSv1/SSLv3
 cipher=DHE-DSS-AES256-SHA bits=256 verify=FAIL) for 
 misc@openbsd.org; Thu, 29 Jan 2009
 07:57:34 -0700 (MST)

As you can see, verify=FAIL when your server was communicating with
the list server.  It neither stopped delivery of your message, or
prevented it from being encrypted.

If you know the recipient or sender address, then you should be able to
find the info you're looking for.  Just use grep to search your sendmail
logs.  Once you find a related bit, you can track the related log pieces
using the message ID.  If that comes up blank, then you could start
looking for other information like Dell's SPF records (host -t txt
dell.com), or spamd and other filters.

Re: Sendmail: new one on me..

[Dan Harnett]

On Wed, Jan 28, 2009 at 10:00:15PM -0500, Chris Ditri wrote:
 I haven't had an issue for 2 years... then suddenly I get this:
 sm-mta[23903]: STARTTLS=client, relay=smtp.ins.dell.com.,  
 version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA,  
 bits=256/256
 Jan 28 17:58:29 mx1 imapd[21971]:

 I am getting this when our dell rep is trying to send me a quote.  I  
 receive all of his other email just fine -- but when he sends a quote I 
 get the error above.

You haven't included an error in your message above.  In fact, the
message you did include is from your server connecting to Dell.  Your
server being the sending machine, and Dell the receiver.
STARTTLS=client is the clue there.

 I do not understand why TLS even comes into play here, because he is not 
 relaying off of my server (at least, he shouldn't be).  Is this a  
 misconfiguration on their end -- or mine?  I've been good for 2 years,  
 so I can't beleive it is something I did or did not do...

The verify=FAIL bit simply means your server could not verify the
certificate from smtp.ins.dell.com for whatever reason (misconfigured CA
path, self-signed cert, etc).  It doesn't indicate delivery failure.

Re: cwm and unbinding keys

[Dan Harnett]

On Wed, Jan 28, 2009 at 10:48:23PM -0500, Okan Demirmen wrote:
 On Thu 2009.01.29 at 14:33 +1300, Josh wrote:
  Ahh yes, ? was the wrong char to use, but I was also using /.
  
  Where do I get the list of names for characters like that? Eg, I also
  want to unbind Alt-. 
 
 bind M-period unmap
 
 that list can be found in /usr/X11R6/include/X11/keysymdef.h which is
 less than optimal.  i'm not sure we want to fully document that in
 cwmrc(5) though; it would be nice if X did so, but i'm afraid it is not
 to be found.  one place one may also look is cwm's source, if you have
 the tree handy, /usr/xenocara/app/cwm/conf.c in conf_init(); again not
 great.
 
 i'm not sure yet about how to document this stuff.

xev(1) will also spit out the keysym name.  Maybe a mention to that
utility.

Re: laptop choice

[Dan Harnett]

On Mon, Dec 29, 2008 at 12:09:25PM -0500, Jonathan Thornburg wrote:
 Ouch!  I have run OpenBSD on a T43 and two T41p-s for several years
 with excellent results (including working APM  suspend-to-RAM).
 I'm currently shopping for a replacement (used/reconditioned)
 Thinkpad following a back-to-back pair of T41p screen failures :(.
 Given my problems with gdb stack tracebacks on i386 gcc4 executables
 http://marc.info/?l=openbsd-portsm=123052182305592w=1, I had
 hoped to move to an amd64 model, but lack of suspend-to-RAM would
 be a killer.
 
 So... can anyone with a {T60,T60p,T61,T61p} clarify specifically
 * your exact IBM model number?

T61 7658-CTO.  CTO = configure to order.  A machine with the same model
number might end up being completely different.  This one has a 2.1GHz
Intel Core 2 Duo (T8100), 14.1 widescreen, WXGA+ resolution, and
integrated Intel graphics.

 * whether it's APM or ACPI?

ACPI only.

 * whether it's i386 or amd64?
 * what OpenBSD version you're using?

You can run with either arch.  I'm using amd64 and following snapshots.

 * whether suspend-to-RAM works?

Nope, as previously stated.  See here[1] also.  It is unlikely that you
will find any current laptop with APM support, which is required for
OpenBSD to suspend-to-RAM and resume at this time.  That doesn't mean it
won't ever be supported.

[1] http://www.openbsd.org/i386-laptop.html

Re: laptop choice

[Dan Harnett]

On Tue, Dec 23, 2008 at 01:15:31PM +0200, Mihai Popescu B.S. wrote:
 I don't need performance, I will use it only for some pdf read and
 browsing. Maybe some programming, but not much and not heavy compile
 actions for sure. So a P4 1.6 - 2GHz cpu is fine, 512MB of ram and
 maybe 40GB hdd. No fancy video card is necessary. Ethernet cooper
 interface is mandatory. Good OpenBSD compatibility will be nice. The
 screen should be around 15, 17 as a suggestion only.
 From what I saw, Lenovo/IBM X and T models are the first choice. I am
 also moved to DELL suite, but I don't have some experience with them.

I think you would be interested in checking out a 15 ThinkPad T60 with
a Flexview LCD.  I would avoid a 15 T61.  The T61 was available with
the choice of integrated graphics (Intel - supported well) or discrete
(Nvidia - avoid like the plague).  I believe the integrated graphics
were only available on the 14 models.  The larger T60 units use ATI
video chips to the best of my knowledge and are much better supported
than Nvidia.  The quality of the Flexview LCD is also outstanding, which
is not an option on a T61 or T500.

You should note, none of the newer ThinkPad machines support standby,
suspend, or hibernation under OpenBSD.  I don't know if that is
important to you.  The X3x/X4x/R5x/T4x series machines would be the most
recent ThinkPads to support that at this time.  Each of those series has
their own quirks.  If you're interested, you could look here[1] and
here[2] for more information.

[1] http://forum.thinkpads.com/
[2] http://www.thinkwiki.org/wiki/ThinkWiki

Re: fvwm - move a window freeze others

[Dan Harnett]

On Thu, Dec 11, 2008 at 02:10:04PM +0100, Hannah Schroeter wrote:
 Hi!
 
 On Wed, Dec 10, 2008 at 04:05:45PM -0500, Ted Unangst wrote:
 On Wed, Dec 10, 2008 at 3:29 PM, Jesus Sanchez [EMAIL PROTECTED] wrote:
  I'm using FVWM as window manager and works really fine but when I have
  various windows (xterms for example) and drag one window to move it
  around, after a few seconds, all of them stops doing its work, also
  gkrellm freezes until I drop the moving window in any place, this is
  normal?
 
 I don't consider it particularly desirable, but that's normal for fvwm.
 
 Yes, I can confirm that, too, also for fvwm2 from ports, alas.
 
 Nice if that interrupts xmms from playing sound (because it blocks on
 updating its display), for example.
 
 Of course, for fvwm2, it's an upstream issue rather than an OpenBSD (or
 port maintainer) issue.

Just a me too.

The best workaround that I'm aware of (and still use fvwm) is to disable
opaque window movements by setting OpaqueMoveSize to 0.  At least that
used to help things the last time I used fvwm.

Re: fvwm - move a window freeze others

[Dan Harnett]

On Thu, Dec 11, 2008 at 07:10:02PM +0100, Jesus Sanchez wrote:
 Indeed I tried a Opaquemovesize 100 and worked !
 I already didn't know why but if the window is opaque the
 activity dont stops.

Ah, that was it.  I had it backwards.  Window resizing should also
freeze things then.

Re: radeondrm issues

[Dan Harnett]

On Tue, Dec 02, 2008 at 04:40:28PM +0100, Mattieu Baptiste wrote:
 
 I noticed some problems with radeondrm since a few days. I have an IBM T43
 (dmesg following) and when I exit X, my system crashes. Since it is a laptop
 without serial port, I can not give further details.
 
 I contacted oga@ about this issue but it's impossible to diagnose without
 more details than a dmesg... So I send this email to misc to see if people
 are in the same situation but with a built-in serial port in the machine.

From http://www.openbsd.org/faq/faq2.html#Bugs

  ...  In this case, Smart User provided output captured on a serial
  console; if you can not do that, you will have to use paper and pencil
  to record the crash.

You can use any means necessary to copy that information.  Some methods
are more tedious than others.  As long as the end result is readable
plain text.

 kqemu: kqemu version 0x00010300 loaded, max locked mem=490732kB
 DDB symbols added: 331296 bytes

I also suggest using a vanilla GENERIC kernel from a snapshot or
-current without any kernel modules loaded when you gather the necessary
information.

Re: radeondrm issues

[Dan Harnett]

On Tue, Dec 02, 2008 at 10:08:49PM +0100, Peter Hessler wrote:
 
 minor problem.  X doesn't repaint the screen into text mode when it
 panics, so its not possible to read anything.

I'm aware of that.  Though, the OP simply mentioned not having a serial
port.  Nada about there being nothing to read.  Also, curious how one
can tell the machine panic'd rather than simply not repainting the
screen if there is nothing there.  Typing blindly and see what happens?
The OP hasn't mentioned anything like this.

 You can try `boot reboot`, or `boot dump`, either might give you
 information, but its not guarenteed.

The Xorg log for the failed session wouldn't hurt either.  Unless X is
spinning, the old log would be rotated and saved.

: CVSROOT:/cvs
: Module name:src
: Changes by: [EMAIL PROTECTED] 2008/11/24 16:00:33
: 
: Modified files:
: sys/dev/pci/drm: ati_pcigart.c radeon_cp.c radeon_drv.c 
:  radeon_state.c 
: 
: Log message:
: Work around the stupidity of radeondrm by double checking that things are
: running before we play with things.
: 
: Lots more cleanup needed, but now you can shut X without it crashing.

Suspicious, no?  Does the OP's source tree contain that fix?  I'll just
re-iterate my suggestion to use a vanilla GENERIC kernel from a snapshot
or -current.  Dropping kqemu to rule it out also does not hurt.  Trying
a kernel with drm and radeondrm disabled might also help to narrow down
the cause.

Re: radeondrm issues

[Dan Harnett]

On Wed, Dec 03, 2008 at 12:12:48AM +0100, Mattieu Baptiste wrote:
 
 You can imagine that if I had the oportunity to do something on the console,
 I would have already done that.

You'd be surprised.

 The point is the screen goes black and the only solution I have is to reboot
 the machine. oga@ suggested me to ask if other people with a proper serial
 console can reproduce the problem.

You failed to mention this in your first post.

 That is the reason I ask misc.

How up to date is your source tree?  You said you've had this problem
for a few days.  Have you updated since a few days ago?  There have been
several fixes for radeons.  Did you try a kernel with drm and radeondrm
disabled to see if it makes any difference?  Did you try backing out any
source to an earlier version to narrow down what change could have broke
this?  Does dropping kqemu change anything?

  You can try `boot reboot`, or `boot dump`, either might give you
  information, but its not guarenteed.
 
 Thanks for the suggestion Peter but it doesn't change anything. The machine
 has no reaction.

Well, you should notice the hard drive light go solid with a 'boot
dump'.  That is if you have enough space.  It will take a while as you
have quite a bit of memory.  Besides the light, the machine will appear
to be doing nothing.  I would suggest hitting enter before typing 'boot
dump' incase there is any garbage input on the console.  You're also
typing blind.  Don't assume that you're in DDB or that DDB is behaving
nicely.

Re: radeondrm issues

[Dan Harnett]

On Tue, Dec 02, 2008 at 11:50:16PM +, Stuart Henderson wrote:
 On 2008-12-02, Dan Harnett [EMAIL PROTECTED] wrote:
  Also, curious how one
  can tell the machine panic'd rather than simply not repainting the
  screen if there is nothing there.
 
 ssh'ing in from another machine...

Of course.  But the T43 is a laptop.  Anything else to try if you're out
in the field with it, or for whatever reason it's standalone?  My T42
stopped working with one of the recent changes (already fixed).  I blame
myself for installing a snapshot without testing it before heading out
with the unit.  I just found myself in the same boat as the OP.  There
have been several times X has crashed on this machine and the console
was left so dim I almost didn't notice that there was something to read.
I'm at a loss how one can tell the machine locked up, panic'd, or the
console is just dim without typing blindly.  The OP seems convinced it
panic'd, but then said he got no reaction to ddb commands.

Re: azalia -- no sound on CURRENT

[Dan Harnett]

On Fri, Oct 24, 2008 at 12:57:54AM -0700, Aaron Stellman wrote:
 Hello misc@,
 Compiled freshly checked out -current from 10/23/08 -- no sound.
 Looked through mixerctl and audioctl outputs, didn't find anything
 interesting.
 Downgraded azalia_codec.c to 1.49
azalia.h to 1.15
azalia.c to 1.55
 recompiled kernel -- sound works again.
 If needed, I could track down exact revision that causes the problem.
 Here's dmesg, GAMMA = GENERIC.MP + NTFS

 OpenBSD 4.4-current (GAMMA) #37: Fri Oct 24 00:47:46 PDT 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GAMMA
 real mem = 2090717184 (1993MB)
 avail mem = 2029920256 (1935MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (73 entries)
 bios0: vendor LENOVO version 7LETB9WW (2.19 ) date 06/06/2008
 bios0: LENOVO 7658CTO

I have run into the same problem.  Also, on a Lenovo ThinkPad T61
7658-CTO.

The regression happened in version 1.59 of azalia.c.  I don't have
access to the machine at the moment.  However, backing out this
particular change appears to fix it.

Index: azalia.c
===
RCS file: /cvs/src/sys/dev/pci/azalia.c,v
retrieving revision 1.61
diff -u -p -r1.61 azalia.c
--- azalia.c23 Oct 2008 02:06:53 -  1.61
+++ azalia.c24 Oct 2008 13:17:04 -
@@ -1562,7 +1562,8 @@ azalia_codec_connect_stream(codec_t *thi
this-comresp(this, nid, CORB_SET_DIGITAL_CONTROL_L,
v, NULL);
}
-   startchan += WIDGET_CHANNELS(this-w[nid]);
+   if (nchan  2)
+   startchan += WIDGET_CHANNELS(this-w[nid]);
}
 
 exit:

Re: Wireless once again being a pain, this time ipw

[Dan Harnett]

On Wed, Sep 24, 2008 at 06:39:54PM +0100, Edd Barrett wrote:
 On Wed, Sep 24, 2008 at 6:04 PM, Pierre Riteau [EMAIL PROTECTED] wrote:
  This could be the same problem than Linux users are seeing:
  http://kerneltrap.org/mailarchive/linux-kernel/2008/9/21/3358724
 
 
 This is not good especially as I have opened the back plate on my X31
 to find no mini-pci slot to put my wi in. It must be soldered on
 board.

It's under the keyboard on the X31 and relatively easy to get to.  The
hardware maintenance manual has full instructions.

  ftp://ftp.software.ibm.com/pc/pccbbs/mobiles_pdf/39t6189.pdf

I use a SparkLAN WMIR-215GN mini-pci card (Ralink RT2860) in my X31 and
am pretty happy with it.  It seems to be well supported and performs
very good.

Re: TV out for Xorg/OpenBSD? - OT

[Dan Harnett]

On Tue, Aug 26, 2008 at 07:14:17AM +0100, Tomas Bodzar wrote:
 Eh?
 
 My LCD is marked as 16:9 and 1440x900 is native resolution.
 Maybe this will be problem with my xorg.conf setup?

1440x900 is 16:10, not 16:9.

  (1440 / 810) = (16 /  9) = 1.77
  (1440 / 900) = (16 / 10) = 1.6

There is a check box on that form to restrict the aspect ratio.  If you
checked off 16:9 but still entered a 16:10 resolution, then it would
only generate the modeline for a 16:9 resolution, which happened to be
1440x810 in your case.

I also do not know if you're referring to a LCD TV, or a computer
monitor.  It's quite possible your LCD physically is 16:9, but still has
a 16:10 input resolution and the picture is scaled appropriately
internally.  For example, my LCD TV seems to only allow 4:3 resolutions
on the VGA input even though the physical aspect ratio is 16:9.  It will
take a 1400x1050 resolution and scale it to fit the full screen
(1920x1080).  I have to use 'mplayer -monitoraspect 16:9 ...' to prevent
videos from being displayed as a stretched out and misshaped 4:3 image.

Re: TV out for Xorg/OpenBSD? - OT

[Dan Harnett]

On Mon, Aug 25, 2008 at 08:21:00AM +0100, Tomas Bodzar wrote:
 Nice page,but I can't set my resolution 1440x900 ,it's changing to 1440x810

Did you restriction the aspect ratio to 16:9?  1440x900 is 16:10.

Re: OpenBSD 4.3 Screen Brightness on HP DV6000 laptop

[Dan Harnett]

On Wed, May 07, 2008 at 08:12:52AM -0700, Andrew Stone wrote:
 
 I'm currently having trouble getting my f7 and 78 brightness keys to
 work on my laptop. I would appreciate any help getting these to work,
 or alternative methods for changing my screen brightness. I think
 it must be configurable because it changes vastly when I am either
 plugged in to AC or running on battery.

 A dmesg is below.

 [...]
 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03

If you have Xorg configured, you should be able to use the intel(4)
driver with the xbacklight(1) utility.

Re: Apache suexec problem

[Dan Harnett]

On Mon, May 05, 2008 at 08:36:27AM -0500, Chris Bennett wrote:
 I am upgrading  4.0 to 4.3, overwriting everything to change partition 
 layout.
 Apache seems to be working fine except for cgi
 I get in suexec_log:
 [2008-05-05 00:53:03]: info: (target/actual) uid: (chris002/chris002) gid: 
 (bencon/bencon) cmd: search.pl
 [2008-05-05 00:53:03]: emerg: failed to setusercontext (5001: search.pl)
 [2008-05-05 00:56:54]: info: (target/actual) uid: (chris002/chris002) gid: 
 (bencon/bencon) cmd: search.pl
 [2008-05-05 00:56:54]: emerg: failed to setusercontext (5001: search.pl)

Did you remember to set the setuid bit on suexec after upgrading?  Your
suexec binary as well as it's permissions are reset after an upgrade.

See suexec(8).

Re: Apache suexec problem

[Dan Harnett]

On Mon, May 05, 2008 at 11:39:03AM -0500, Chris Bennett wrote:
 Actually I didn't, checked that right after I posted, BUT it was
 already set as setuid!! A mistake in release??

No.  There is no mistake.

$ sudo chmod u+s /usr/sbin/suexec
$ ls -l /usr/sbin/suexec
-r-sr-xr-x  1 root  bin  12068 Mar 12 12:41 /usr/sbin/suexec
$ ftp -V -o - $MIRROR/pub/OpenBSD/4.3/i386/base43.tgz \
| sudo tar zxphf - -C /
$ ls -l /usr/sbin/suexec
-r-xr-xr-x  1 root  bin  12068 Mar 12 12:41 /usr/sbin/suexec


Are you running in a chroot?

Re: Error with 002_openssl.patch

[Dan Harnett]

On Sat, Nov 11, 2006 at 03:40:34PM +0100, Federico Giannici wrote:
[...]
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: `NID_sha256'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: (Each
 undeclared identifier is reported only once
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:165: error: for each
 function it appears in.)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:168: error: `NID_sha384'
 undeclared (first use in this function)
 /usr/src/lib/libssl/src/crypto/rsa/rsa_x931.c:171: error: `NID_sha512'
 undeclared (first use in this function)
 *** Error code 1
 
 Stop in /usr/src/lib/libssl/crypto.
 *** Error code 1
 
 Stop in /usr/src/lib/libssl.
 
 
 What could be the problem?

Here are the instructions from the top of the patch.  You can't skip any
steps here.

Apply by doing:
cd /usr/src
patch -p0  002_openssl.patch

And then rebuild and install OpenSSL:
cd lib/libssl
make obj
make depend
make includes
make
make install

You appear to have at least skipped the 'make includes' step.

Re: rndc/named automatic key generation

[Dan Harnett]

On Fri, Sep 29, 2006 at 10:39:35AM +0200, Pete Vickers wrote:
 
 While I'm there though, is there any reason (other than historical)  
 for the following to anomalies:
 
 - the installer script turns sshd on in /etc/rc.conf rather than /etc/ 
 rc.conf.local

sshd is enabled by default.  There is no need to override it in
rc.conf.local if you choose yes.  rc.conf will remain the same no matter
what you choose.

 - the installer script's line for ntpd in /etc/rc.conf.local doesn't  
 use  like all the example's in /etc/rc

It matches the majority of defaults in /etc/rc.conf.  Only sshd_flags
and spamlogd_flags use '=' rather than '='.

Re: ksh vs bash

[Dan Harnett]

On Sun, Aug 27, 2006 at 11:22:13AM +0200, Martin Toft wrote:
 Sam Chill wrote:
 ksh does most everything bash does too, so it doesn't seem like a loss.
 
 FWIW, I miss a couple of features in ksh and consider to switch (back) 
 to bash:
 
 - When using tab completion, and you press tab two times to get a list 
 of possibilities, ksh doesn't use less/more to present the possibilities 
 (i.e. they just scroll by and I have to use shift+page-up).

 - When writing long commands, bash uses multiple lines to let me see the 
 whole command, whereas ksh scrolls the line horizontally, only showing 
 me a part of the command at a time. This is of course a matter of taste, 
 but I like the method of bash.


These are features of readline, which bash uses.  You can toggle them on
and off in your ~/.inputrc file.  I tend to prefer pdksh and usually
configure readline to mimic it when I have to use bash.

  set page-completions off
  set horizontal-scroll-mode on


One feature that is very annoying with bash is how it handles $BASH_ENV
and $ENV.  Some of bash's behavior appears to be specified at compile
time, and I don't think I have ever seen two systems with bash compiled
the same way.  You usually find something like this snippet in the
default installed .profile (or .bash_profile) on linux systems:

  if [ -f ~/.bashrc ] ; then
. ~/.bashrc
  fi

What is annoying about this is that .bashrc isn't read everytime a shell
is started, only at login.  So, some other programs may need extra hacks
to read your environment file correctly (ie.  setting XTerm*loginShell
to true).

I find this so much more simple and it always works consistently for
pdksh.

  export ENV=~/.kshrc

I don't have to do funny tricks in various programs to simulate a login
shell.  I can use su to change privileges and keep my environment much
more conveniently.  For bash, you have to figure out how it was compiled
first.  No thanks.