Re: You have installed OpenBSD. Now for the daily tasks (blog post)
On Mon, 2 Sep 2024 23:01:07 +0200 "Peter N. M. Hansteen" wrote: > You Have Installed OpenBSD. Now For The Daily Tasks. > https://nxdomain.no/~peter/openbsd_installed_now_for_the_daily_tasks.html > (prettified, tracked: > https://bsdly.blogspot.com/2024/09/you-have-installed-openbsd-now-for.html) > > - Consider this an update with additional explanation over the >10 > years old pieces I dug out recently. > > Comments and corrections welcome, as always. Just one little typo stands out: --- openbsd_installed_now_for_the_daily_tasks.html.orig Tue Sep 3 13:06:15 2024 +++ openbsd_installed_now_for_the_daily_tasks.html Tue Sep 3 13:06:39 2024 @@ -197,7 +197,7 @@ For -current or snapshots, syspatch is not really relevant anymore. Instead you run the https://man.openbsd.org/sysupgrade";>sysupgrade command with the -s flag: - $ doas sysmerge -s + $ doas sysupgrade -s The command runs much like it would for -stable versions, but with a slightly elevated risk of needing to run a manually supervised https://man.openbsd.org/sysmerge";>sysmerge after booting into the upgraded system.
Re: Viewport for man.openbsd.org -- readability on phones
On Thu, 17 May 2018 18:32:44 -0400
Aner Perez wrote:
> First non-comment line of mandoc.css says:
>
> html {max-width: 100ex; }
>
> Removing this line allows the use of the full browser width. I'm
> sure that it was put there for a reason (maybe to approximate the
> width of a terminal?).
Some browsers simply don't calculate lengths expressed in exes correctly
-- seen that in many other contexts. Last time I checked (about 3 years
ago, so it might well have changed since), two of the four most common
browsers still exhibited that fault.
As a quick experiment, try looking up the metrics of the font your
browser actually uses to render man pages, then convert 100ex into ems
for your font and put the result in the max-width attribute in your
local copy of mandoc.css.
If that fixes your width issue then you'll have clear evidence that the
bug lies in the browser (specifically in its routine for converting
exes to whatever its native display length unit is).
Re: Hardware recommendations for compact 1U firewall
On 2016-12-15, Stuart Henderson wrote: > If you want to cut down on weight+noise at the expense of more cost > and a less powerful cpu, maybe APU2 in a 1U case or something like > supermicro SYS-5018A-FTN4. I can second this recommendation, it's what I use at home.
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Matthew Weigel wrote: On 2016-10-18 12:43, Jack J. Woehr wrote: Routing, firewalling, DMZing, net address translation, OpenSSL, LibreSSL. :-) My apologies, I sit corrected. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Chris Bennett wrote: Asking about what apps someone would run is a legitimate question. Mikael, most Linux apps port to most OpenBSD flavors. Probably much of the OpenBSD ports tree could easily be converted to a prospective little-endian Power8 OpenBSD. The very popular (in the IBM i world) Perzl-on-PASE effort is probably more difficult and less satisfactory than porting the OpenBSD ports tree would be to a prospective little-endian Power8 OpenBSD. One would hope that IBM would lend support and some engineering assistance to the OpenBSD project in the event of a little-endian Power 8 OpenBSD port being planned. PASE: https://www.ibm.com/support/knowledgecenter/ssw_ibm_i_73/rzalf/rzalfintro.htm Perzl: http://perzl.org/ -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Chris Bennett wrote: Does anyone need a Power8? Chris, this is the hottest high-end server in the IBM universe today. It runs Linux, AIX and IBM i (OS/400). They are very widely in use deep under many organizations. IBM is currently energetically supporting Open Source development (as their vendors are becoming disillusioned about industry growth). The Power8 *needs* OpenBSD because they don't have a really good firewalling regimen at that level. At the z/OS level, they have world-class stuff, but not around the neighborhood of IBM i, which is actually selling better than z/OS these days. If you haunt the IBM world as I do, you'd realize that this could be a very big cash cow for OpenBSD supportniks if Mikael's idea flies. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Would you use OpenBSD on Power8, and if so what applications? (IBM asks! They're thinking about donating hw.)
Mikael wrote: Please describe the practical and technical utility and value, the organization/social context, scope, duration, anything that is relevant to motivate them. Mikael, thanks for urging IBM to support OpenBSD. I've been urging them to do so for about 15 years, good luck! OpenBSD provides the most secure, mature, reliable, and actively maintained open source toolchain relating to TCP/IP networking. Routing, firewalling, DMZing, net address translation, OpenSSL, OpenSSH, IPSec, spam blocking, and especially the open source world's supreme packet filter all are part of the core OpenBSD mission and among the list of supported mission-critical applications. If the organizational mission is sophisticated and secure use of the Internet/Intranet, OpenBSD should be stationed like Horatio at the bridge as the nexus between the organization and the outside world. While Linux offers a better end-user experience and arguably a more mature web development environment, OpenBSD stands ready and able to guard your all-too-vulnerable Linux cloud. For that matter, the security regimen of OpenBSD almost without a doubt surpasses that of IBM i itself. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
6.0 appreciation
Props to the team. It's amazing that with the rapid march to W^X that 6.0 works at all, but it works well. All the ports I need are updated successfully with only one that I would hope for being broken (Seamonkey). I can continue to do everything I need to do to stay in business on OpenBSD 6.0. Donation sent. Thanks! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD 6.0 release and errata60.html
Etienne wrote: I have noticed that some people tend to use "I have a doubt" with the meaning "I have a question/issue/problem". And the native French speaker will sometimes say, "I doubt" meaning "I suspect ..." or "I think that ..." -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Security updates and packages
Theo de Raadt wrote: Especially since OpenBSD isn't a PRODUCT. If product-servicing is a requirement, first of all choose something which is a PRODUCT, then choose a PRODUCT VENDOR who actually does SERVICING. Nicely put. My open source Ublu (https://github.com/jwoehr/ublu) is currently attracting attention in the IBM record-based systems world (for precisely which Ublu was coded) and people keep referring to it as a "product" and I have to make similar corrections to their understanding ... AND WHERE IS THE PONY. Much easier question to answer: https://az616578.vo.msecnd.net/files/responsive/embedded/any/desktop/2015/12/18/6358600036517504461717781900_maxresdefault.jpg -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: github
Ingo Schwarze wrote: Hi, Dariusz Sendkowski wrote on Sun, Aug 07, 2016 at 02:44:58PM +0200: Is this https://github.com/openbsd the official OpenBSD github site? As one of the OpenBSD developers, i don't know and frankly i don't care. You certainly shouldn't trust it in any way. It seems this discussion has gone on quite a while without stating the obvious: 1. The developers are happy with CVS. 2. As is, OpenBSD has full goddawmitey control of their source repository whereas on GitHub it would belong to a corporation. Doesn't that simply end the discussion right there? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: openbsd book references
Book _Absolute BSD_ francois miville-deschenes wrote: hello, i am looking for a good reference book for an IT beginner that wants to learn the basics of openbsd, and has little experience with unix. (ideally with examples of commands, such as in the freebsd handbook). any suggestions ? thank you, francois -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: the balance between OpenBSD and life
Luca Ferrari wrote: On Tue, May 31, 2016 at 1:02 PM, Teng Zhang wrote: >I'm an OpenBSD user and not an linux user. I study in university. I usually >have too much homework need to do and sometimes have no time to play >OpenBSD(the situation is similar to @Luca Ferrari). I just want to know how >do you do when you don't have time to play OpenBSD. Maybe a more helpful answer would be, "Yes, OpenBSD is a minority voice in the open source operating system entries. It does require a bit more effort on the part of the user than does a masses-oriented operating system like Linux. The tradeoff is more transparency, simplicity, personal control and security with OpenBSD. If you need the convenience Linux offers, then by all means, use Linux, and godspeed to you." -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Regina Rexx doesn't build on 5.9
Stuart Henderson wrote: use cc, not ld, to link. works for me, thanks Stuart -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Regina Rexx doesn't build on 5.9
Regina Rexx ( svn checkout svn://svn.code.sf.net/p/regina-rexx/code/ regina-rexx-code ), an admittedly aging body of code, was successfully built under 5.8. It now fails under 5.9 as follows. Any tips? on i386: ld -Bdynamic -Bshareable -o libregina.so funcs.so.o builtin.so.o error.so.o variable.so.o interprt.so.o debug.so.o dbgfuncs.so.o memory.so.o parsing.so.o files.so.o misc.so.o unxfuncs.so.o cmsfuncs.so.o shell.so.o os2funcs.so.o rexxext.so.o stack.so.o tracing.so.o interp.so.o cmath.so.o convert.so.o strings.so.o library.so.o strmath.so.o signals.so.o macros.so.o envir.so.o expr.so.o extstack.so.o yaccsrc.so.o lexsrc.so.o wrappers.so.o options.so.o os_unx.so.o rexxbif.so.o drexx.so.o client.so.o rexxsaa.so.o mt_posix.so.o instore.so.o arxfuncs.so.o -lpthread -lpthread funcs.so.o: In function `__regina_myatol': ./funcs.c:(.text+0x69c): undefined reference to `__guard_local' ./funcs.c:(.text+0x6d4): undefined reference to `__guard_local' funcs.so.o: In function `__regina_atozpos': ./funcs.c:(.text+0x71d): undefined reference to `__guard_local' ./funcs.c:(.text+0x7b5): undefined reference to `__guard_local' funcs.so.o: In function `__regina_atozposrx64': ./funcs.c:(.text+0x7fd): undefined reference to `__guard_local' funcs.so.o:./funcs.c:(.text+0x898): more undefined references to `__guard_local' follow ld: libregina.so: hidden symbol `__guard_local' isn't defined ld: final link failed: Nonrepresentable section on output Makefile:342: recipe for target 'libregina.so' failed gmake: *** [libregina.so] Error 1 on amd64: ld -Bdynamic -Bshareable -o libregina.so funcs.so.o builtin.so.o error.so.o variable.so.o interprt.so.o debug.so.o dbgfuncs.so.o memory.so.o parsing.so.o files.so.o misc.so.o unxfuncs.so.o cmsfuncs.so.o shell.so.o os2funcs.so.o rexxext.so.o stack.so.o tracing.so.o interp.so.o cmath.so.o convert.so.o strings.so.o library.so.o strmath.so.o signals.so.o macros.so.o envir.so.o expr.so.o extstack.so.o yaccsrc.so.o lexsrc.so.o wrappers.so.o options.so.o os_unx.so.o rexxbif.so.o drexx.so.o client.so.o rexxsaa.so.o mt_posix.so.o instore.so.o arxfuncs.so.o -lpthread -lpthread funcs.so.o: In function `__regina_myatol': ./funcs.c:(.text+0x64c): undefined reference to `__guard_local' ld: funcs.so.o: relocation R_X86_64_PC32 against `__guard_local' can not be used when making a shared object; recompile with -fPIC ld: final link failed: Bad value Makefile:342: recipe for target 'libregina.so' failed gmake: *** [libregina.so] Error 1 -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Error pkg_add -ui 5.8 -> 5.9
{snip}
--- -upower-0.99.3 ---
You should also run rm -f /var/db/upower/history-*
--- +cantarell-fonts-0.0.21 ---
You may wish to update your font path for /usr/local/share/fonts/cantarell
Fatal error: can't parse OpenBSD::RequiredBy: writing /var/db/pkg/colord-1.2.11/+REQUIRED_BY: No such file or directory
at /usr/libdata/perl5/OpenBSD/RequiredBy.pm line 30.
OpenBSD::RequirementList::fatal_error(OpenBSD::RequiredBy=HASH(0xe5511ccc058), "writing") called at
/usr/libdata/perl5/OpenBSD/RequiredBy.pm line 67
OpenBSD::RequirementList::synch(OpenBSD::RequiredBy=HASH(0xe5511ccc058)) called at
/usr/libdata/perl5/OpenBSD/RequiredBy.pm line 122
OpenBSD::RequirementList::add(OpenBSD::RequiredBy=HASH(0xe5511ccc058), "gnome-color-manager-3.18.0") called at
/usr/libdata/perl5/OpenBSD/Dependencies.pm line 713
OpenBSD::Dependencies::Solver::register_dependencies(OpenBSD::Dependencies::Solver=HASH(0xe550e23b058),
OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 864
OpenBSD::PkgAdd::really_add(OpenBSD::UpdateSet=HASH(0xe54c00d2bf8), OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called
at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 1057
OpenBSD::PkgAdd::process_set("OpenBSD::PkgAdd", OpenBSD::UpdateSet=HASH(0xe54c00d2bf8),
OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 127
OpenBSD::AddDelete::process_setlist("OpenBSD::PkgAdd", OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at
/usr/libdata/perl5/OpenBSD/PkgAdd.pm line 1205
OpenBSD::PkgAdd::main("OpenBSD::PkgAdd", OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at
/usr/libdata/perl5/OpenBSD/AddDelete.pm line 50
eval {...} called at /usr/libdata/perl5/OpenBSD/AddDelete.pm line 50
OpenBSD::AddDelete::do_the_main_work("OpenBSD::PkgAdd", OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at
/usr/libdata/perl5/OpenBSD/AddDelete.pm line 64
OpenBSD::AddDelete::__ANON__ called at
/usr/libdata/perl5/OpenBSD/AddDelete.pm line 87
OpenBSD::AddDelete::__ANON__ called at
/usr/libdata/perl5/OpenBSD/Error.pm line 173
eval {...} called at /usr/libdata/perl5/OpenBSD/Error.pm line 173
OpenBSD::Error::try(CODE(0xe55762fae68), OpenBSD::Error::catch=CODE(0xe554c5156a0)) called at
/usr/libdata/perl5/OpenBSD/AddDelete.pm line 95
OpenBSD::AddDelete::framework("OpenBSD::PkgAdd", OpenBSD::PkgAdd::State=HASH(0xe54c604db98)) called at
/usr/libdata/perl5/OpenBSD/AddDelete.pm line 108
OpenBSD::AddDelete::parse_and_run("OpenBSD::PkgAdd", "pkg_add") called
at /usr/sbin/pkg_add line 30
main::run("pkg_add", "PkgAdd") called at /usr/sbin/pkg_add line 46
--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Upgrade to 5.9 full disk encryption
Niels wrote: As Bryan stated, bioctl will prompt for the (existing) passphrase and then bring up the (existing) crypto volume. I took the manual to mean that, but asked to confirm. Bryan's answer was correct, we're all upgraded to 5.9, thanks all. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Upgrade to 5.9 full disk encryption
Bryan Everly wrote: Boot the installer. Exit to the shell. Then do: bioctl -c C -l /dev/sd0a softraid0 (Substitute for your actual device that is the softraid container). You will be promoted for your password. Watch for the console message telling you what it mounted as. Then type exit to return to the installer and upgrade that disk. Works for me. Thanks, Bryan. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Upgrade to 5.9 full disk encryption
How does one upgrade a full-disk encrypted OpenBSD boot disk? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: carp dhclient
Josh Grosse wrote: On 2016-02-01 11:32, sven falempin wrote: Dear Readers, Without IP carp is marked as inactive, See https://sites.google.com/site/bsdstuff/dhcarp and adapt to your requirements. The Book of PF, 3rd Edition A No-Nonsense Guide to the OpenBSD Firewall by Peter N. M. Hansteen ISBN-10: 1-59327-589-7 ISBN-13: 978-1-59327-589-1 Copyright 2015. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Doubts about groups who have made Free-to-Non-Free transition and groups that are all free
Jorge Luis wrote: OpenBSD was the first operating system I can't parse legal arguments with any degree of expertise. I simply bless the day I found OpenBSD! I now use the BSD-2 license for all my own open source software. Long live truly free software, despite a world-wide legal climate increasingly hostile to the existence of same. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: the location of openbsd.pbr
Nick Holland wrote: You are confusing the MASTER Boot Record (first 512 bytes of the physical disk) with the PARTITION Boot Record (first 512 bytes of the OpenBSD partition). Of course, you're right. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: the location of openbsd.pbr
dan mclaughlin wrote: did you dd the 'c' partition on the underlying disk (not the softraid disk)? Underlying disk is sd0 ... I did "dd if=/dev/rsd0a" like the fellow posted yesterday. I see your point, of course it would be the c label. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: the location of openbsd.pbr
Brian McCafferty wrote: Are you referring to the file you need to create for dual booting with the windows ntldr? Check the FAQ: http://www.openbsd.org/faq/obsd-faq.txt Just out of curiousity, I dd'ed that sector and it didn't end in AA55. Did I get something wrong? I'm doing full-disk encryption so I'm not sure how grabbing the "real" boot sector works in that circumstance. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Fvwm
Edgar Pettijohn wrote: I have learned a lot about fvwm configuration Learn more from the fvwm support community: http://www.fvwm.org/contact/ -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: text-mode gui
Stuart Henderson wrote: On 2015-12-23, Jack J. Woehr wrote: Ted Unangst wrote: improvements to the installer are welcome. suggestions that the installer could use javascript to write cookies are not an improvement. The installer could use a beer tap so we could have a cold one during a long mkfs. We already have that feature: use autoinstall, set it running, go down the pub. *forehead slap* Dang! You're right! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: text-mode gui
Ted Unangst wrote: improvements to the installer are welcome. suggestions that the installer could use javascript to write cookies are not an improvement. The installer could use a beer tap so we could have a cold one during a long mkfs. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Can't build kernel GENERIC.MP on Dell Inspiron E1045
li...@wrant.com wrote: Is there any benefit to install -current on this antique? Yes. I did so and sent report to dmesg@ -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Can't build kernel GENERIC.MP on Dell Inspiron E1045
Philip Guenther wrote: The 'config' binary doesn't match the source tree: either the config binary is from 5.8-release (or earlier) and your source tree is -current, or vice versa. Weird, just installed 5.8 today and downloaded source. I *thought* I invoked CVS right but what the hey. Is there any benefit to OpenBSD project for me to install -current on this antique? If so, I will do so. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Can't build kernel GENERIC.MP on Dell Inspiron E1045
Daniel Ouellet wrote: Sure, use snapshots! Be glad to if it helps. I just wondered what stupid I had done. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Wireless connection mystery two OpenBSD machines suddenly cannot connect
li...@wrant.com wrote: The next suggestion is to check the modem as well and fix it with a couple of cents worth of capacitor(s). It is more likely the modem is source of the problem, especially if it is running a bit hotter than designed t You're quite sharp. I actually had a brand new one in the closet which I bought a year ago and forgot about, so I removed the old one from service and replaced it. Thanks for taking time to reply. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Can't build kernel GENERIC.MP on Dell Inspiron E1045
a0: codecs: Sigmatel STAC9200, Conexant/0x2bfa, using Sigmatel STAC9200 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 2 int 16 pci1 at ppb0 bus 11 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: apic 2 int 17 pci2 at ppb1 bus 12 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, MoW1, address 00:13:02:a8:de:dd ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01: apic 2 int 19 pci3 at ppb2 bus 13 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 20 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 21 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 22 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 23 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 20 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe1 pci4 at ppb3 bus 2 bce0 at pci4 dev 0 function 0 "Broadcom BCM4401B1" rev 0x02: apic 2 int 17, address 00:14:22:af:6c:0d bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0 "Ricoh 5C832 Firewire" rev 0x00 at pci4 dev 1 function 0 not configured sdhc0 at pci4 dev 1 function 1 "Ricoh 5C822 SD/MMC" rev 0x19: apic 2 int 18 sdmmc0 at sdhc0 "Ricoh 5C843 MMC" rev 0x01 at pci4 dev 1 function 2 not configured "Ricoh 5C592 Memory Stick" rev 0x0a at pci4 dev 1 function 3 not configured "Ricoh 5C852 xD" rev 0x05 at pci4 dev 1 function 4 not configured ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x01: PM disabled pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 93958MB, 192426570 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 2 int 17 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-4200CL5 SO-DIMM spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM non-parity PC2-4200CL5 SO-DIMM usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pms0: Synaptics touchpad, firmware 6.2 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 ugen0 at uhub2 port 1 "Dell Bluetooth" rev 2.00/24.22 addr 2 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on wd0a (f2fb1f29a0b7b449.a) swap on wd0b dump on wd0b wpi0: error, 2, could not read firmware wpi-3945abg wpi0: could not read firmware -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Wireless connection mystery two OpenBSD machines suddenly cannot connect
Carl Trachte wrote: from the command line ifconfig down I think this resets the device IIRC Mystery solved. The $3 transformer for the DSL modem is dying. If I unplug it and let it cool off everything works again :) Off to buy a new $3 transformer :) Thanks Carl and Unixreader for replying! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Wireless connection mystery two OpenBSD machines suddenly cannot connect
I have two very different laptops running OpenBSD 5.8 with all patches. Both were connected to my home wireless via very simple hostname files: nwid foo wpakey bar dhcp Both stopped connecting today .. no link (sleeping). Both see the station via ifconfig scan with reasonable dB levels (>55dBm) My mobile phone still connects to the station with the same credentials, as does my Kindle. Of course this is ridiculous. I don't know enough to be dangerous on this one. Any tips? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: home keys in tmux
Philip Guenther wrote: My crystal ball says that you changed the prefix but didn't change the binding of 'a'. I would verify my crystal ball against your config...but you didn't show your config... I only made the change I noted, and thank you for some helpful advice! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: home keys in tmux
Johan Mellberg wrote: Anyway, screen steals C-a so to jump to the start of a line, hit C-a, then a again. Doesn't work :( -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: home keys in tmux
Ax0n wrote: Do you have anything in your .tmux.conf? Ha, I have a funny problem in tmux that thwarts me. I changed the prefix key to C-a but the sequence C-a C-a doesn't work like C-b C-b, the C-a doesn't ever seem to get sent to the shell. Which means I can't jump to head-of-line Emacs-style like I'm used to. Maybe I could figure this out with a hour of study but maybe somebody on the list knows ;) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Paypal donation in Euros, not $US
Gerald Hanuer wrote: Workaround http://www.openbsdfoundation.org/donations.html I solved it ... I sent donations to both! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Paypal donation in Euros, not $US
When I click PayPal on http://www.openbsd.org/donations.html PayPal wants me to donate in Euros. Is there any way to make it offer me a $US option? I'm not sure I want to donate to PayPal itself whatever margin it claims on exchanges :) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: Sony Vaio OBSD 5.8 screen blanking forever
Dutch Ingraham wrote: xset -dpms Bingo. Thanks! -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Sony Vaio OBSD 5.8 screen blanking forever
I've done xset s off. KDE is set not to blank. But on my Sony Vaio OBSD 5.8 in Xwindows with any manager after about 10 minutes of inactivity the screen blanks and won't come back, forcing me to kill the session (ctl-alt-bkspc). Must be something in the card's VGA graphics mode? Any tips or tricks? Last note in the archives I find about this was over a decade ago. Yes, I know about NVIDIA vs. open source operating systems but this laptop was used, cheap, powerful and has a large solid-state disk :) It runs OpenBSD just great otherwise on 7 cores and thanks to OpenBSD porter Daniel Dickman I've got NetBeans 8.1 running on it and am in heaven except for the gosh-durned screen blanking when I turn my back! OpenBSD 5.8-stable (GENERIC.MP) #0: Fri Nov 13 18:35:52 MST 2015 root@varian.jaxrcfb:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8553762816 (8157MB) avail mem = 8290631680 (7906MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb040 (17 entries) bios0: vendor American Megatrends Inc. version "R0200V3" date 02/10/2011 bios0: Sony Corporation VPCF215FX acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC HPET SLIC MCFG SSDT SSDT ECDT SSDT acpi0: wakeup devices PEG0(S4) B0D4(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) HDEF(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.78 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 1, core 0, package 0 cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu5: 256KB 64b/line 8-way L2 cache cpu5: smt 1, core 1, package 0 cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu6: 256KB 64b/line 8-way L2 cache cpu6: smt 1, core 2, package 0 cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz, 1995.47 MHz cpu7: FPU,VME,
Re: Linus Torvalds thoughts on Linux Security
Some Developer wrote: I thought this might provoke a bit of a debate on this list :). What do you think of what Linus has to say about security? http://linux.slashdot.org/story/15/11/06/132209/linuss-thoughts-on-linux-security I think he knows his market and his product. Securing Linux would require undoing a lot of what Linus and Linux has struggled to achieve. Linux can never return to the simplicity of OpenBSD, and simplicity is the key to security. He has his space, and his clarity in defining that space is a boost to the entrepreneurial opportunities for OpenBSD. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: The OpenBSD developers approve “optimizing assembler” and compilers?
Kimmo Paasiala wrote: On Fri, Oct 30, 2015 at 3:41 PM, Raul Miller wrote: On Fri, Oct 30, 2015 at 8:13 AM, français wrote: The OpenBSD developers approve “optimizing assembler” and compilers? You are overgeneralizing from jokes. -- Raul I believe you're feeding a troll. Possibly just a silly person, and one whose English is limited. Those *are* true stories. Their relevance to misc@ is questionable. But they are indeed funny stories, even if we've all heard them many times already. If you read older programmer discussion groups, esp. mainframe groups, these same stories are told over and over again. Maybe we're just attracting an older crowd these days :) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: requesting help working around boot failures with supermicro atom board
I have a great relationship with some SuperMicro engineers, if others can provide part #'s and firmare/bios revs, I can bring this up with them. From: owner-m...@openbsd.org on behalf of li...@wrant.com Sent: Wednesday, October 21, 2015 8:50 PM To: misc@openbsd.org Subject: Re: requesting help working around boot failures with supermicro atom board Synopsis: if sensors show missing data then reset the BMC unit before rebooting the system to prevent unable to boot long beep issue. I found a reliably reproducible workaround for this problem retaining control continuity without the need to trip the mains breaker. This entirely prevents the long beep issue and allows the system to be used in headless remote environments without ensuring remote mains power cycle capability and/or remote hands intervention. I have not had to disable the lm(4) sensor as advised previously for the workaround and reached the conclusion this problem is not caused by the driver itself in the first place, but by a buggy BMC firmware. For this it is advisable to contact again the technical support at Supermicro and ask them for a reliable BMC firmware update which does not manifest the problem. After running for a longer period (non specific or deterministic, above 30min), the sensors start to display wrong (missing) values and can not provide data points to the BMC firmware. This is seen both in IPMI direct and networked access and in the web based management interface. At this point, a reboot would get the system unable to boot manifesting the dreaded long beep. Only a power cycle of mains (power supply breaker or power distribution unit) for a couple of seconds unblocks the system and it is capable of successfully booting up again. This however totally undermines the remote control capabilities of the system effectively turning it into a continuous source of remote management manual reboot requests via intervention events for mains power cycle (stop and start). The workaround for this is to reset the BMC before attempting to reboot the system, and it works over the network directly over IPMI and also via the web based BMC interface likewise. This only reboots the IPMI controller (not the system) and its embedded firmware, then after a couple of minutes the sensors poll actual correct data and display it properly. At this point a system reboot issued succeeds as expected and everything the system boots up and works properly, until some non specific longer time passes again (from 1h to days) and the BMC controller gets stuck again (with a certainty it gets stuck) for which the indication is missing sensors data and no reboot capability with the long beep indication. This is NOT OS specific unless the driver polling the sensors causes the sensors sub-system in the embedded controller OS to crash, the only factor affecting it so far is found to be the time running the system without mains power cycle. It is a flaw of the BMC firmware for which the solution for sure is to demand an updated firmware from Supermicro without this fault. It would help if more people voice their concerns over this so an updated BMC firmware is issued from Supermicro technical support and published on their web site. Here is how it looks when the BMC is stuck: $ ipmi-sensor System Temp | no reading| ns CPU Temp | no reading| ns CPU FAN | no reading| ns SYS FAN | no reading| ns CPU Vcore | no reading| ns Vichcore | no reading| ns +3.3VCC | no reading| ns VDIMM| no reading| ns +5 V | no reading| ns +12 V| no reading| ns +3.3VSB | no reading| ns VBAT | no reading| ns Chassis Intru| no reading| ns PS Status| 0x00 | ok $ ipmi-sensor-detail System Temp | na || na| na | na| na| na| na| na CPU Temp | na || na| na| na| na| na| na | na CPU FAN | na || na| na| na | na| na| na| na SYS FAN | na | | na| na| na| na| na| na| na CPU Vcore| na || na| na| na| na | na| na| na Vichcore | na || na | na| na| na| na| na| na +3.3VCC | na || na| na| na| na| na | na| na VDIMM| na || na| na | na| na| na| na| na +5 V | na || na| na| na| na| na| na | na +12 V| na || na| na| na | na| na| na| na +3.3VSB | na | |
How is the NSA breaking so much crypto?
https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Predrag Punosevac wrote: The only time I ever had problems connecting to third party commercial VPN from OpenBSD was connecting to Have you connected to a Fortinet SSL VPN? How did you do it? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Dimitris Papastamos wrote: Dimitris Papastamos wrote: On Sun, Oct 11, 2015 at 01:06:58PM -0600, Jack J. Woehr wrote: I am not sure what's wrong. I guess you see traffic leaving your external interface but not getting any replies? I've got it, thanks! I forgot to do the sysctls necessary to let the packets thru: sysctl net.inet.esp.enable=0 sysctl net.inet.esp.udpencap=0 Thanks for your help, and to everyone who tried to help this confused soul :) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: who(XXXXX): syscall 54 in the last few snapshots
Atanas Vladimirov wrote: I think that I found it - Nagios. Now the question is how to debug it further? lsof? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Dimitris Papastamos wrote: I use vpnc regularly on -current without any special configuration and it works fine with my network. My config is as follows: IPSec gateway vpn.example.net IPSec ID FOO IPSec obfuscated secret BAR Xauth username BAZ DPD idle timeout (our side) 0 Yeah, that's mine too. Seems to work. But no traffic goes through. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Jiri B wrote: c Cisco's AnyConnect SSL VPN and Juniper SSL VPN which is now known as Pulse Connect Secure is supported by openconnect which is in ports. I found vpnc in ports/net and that almost works. It connects and shows it is adding the correct routes that I would expect. And then no traffic comes through. 'route show' looks correct but nothing seems to be going back and forth. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Pedro Tender wrote: They also have a Linux client. I've looked for it, any tips where it might be found? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Jack J. Woehr wrote: I'm sort of stuck at the moment on these macros where "rt" is an instance of struct rtentry : #define route_dest(route) \ I meant "route" is an instance of struct rtentry. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Jack J. Woehr wrote: Steve Shockley wrote: A quick search found https://github.com/adrienverge/openfortivpn, but I haven't tested it. It's clearly the right product. However. I've been trying to build it for an hour now. It requires Much Work for OpenBSD, it's somewhat wed to the Linux stack. I'm sort of stuck at the moment on these macros where "rt" is an instance of struct rtentry : #define route_dest(route) \ (((struct sockaddr_in *) &(route)->rt_dst)->sin_addr) #define route_mask(route) \ (((struct sockaddr_in *) &(route)->rt_genmask)->sin_addr) #define route_gtw(route) \ (((struct sockaddr_in *) &(route)->rt_gateway)->sin_addr) #define route_iface(route) \ ((route)->rt_dev) If anyone can help me translate this to OpenBSD ... :) -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Joel WirÄmu Pauling wrote: > I am unsure if Fortinet have a linux client, I imagine they must. I think just Windows and Mac, thanks. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Steve Shockley wrote: A quick search found https://github.com/adrienverge/openfortivpn, but I haven't tested it. Thank you for the pointer. I didn't find that. What was your search string? It's clearly the right product. However. I've been trying to build it for an hour now. It requires Much Work for OpenBSD, it's somewhat wed to the Linux stack. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: OpenBSD <> Commercial VPNs
Janne Johansson wrote: Try ipsec, I hear some of the commercial offerings almost manage that too. I just can't figure out how to connect to VPN's I don't have any control of. I've found articles where the user had admin control of the Cisco or Fortinet device. I just need to log into nets I don't administer. I'm forced off OpenBSD in the workplace when I the connection is thru a VPN. I don't understand the minutiae of VPN's enough to figure this out and I find no useful examples on the web. -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
OpenBSD <> Commercial VPNs
Googled and not found much on connecting OpenBSD to proprietary VPN offerings. I looked at OpenVPN which conceptually resembles Fortinet but doesn't seem to have any way to connect to Fortinet SSL VPN. Any pointers or tips? -- Jack J. Woehr # Science is more than a body of knowledge. It's a way of www.well.com/~jax # thinking, a way of skeptically interrogating the universe www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan
Re: httpd stops accepting connections after a few hours on current
On Wed, 2015-07-15 at 12:56 +, Mike Burns wrote: > On 2015-07-15 21.49.11 +0930, Jack Burton wrote: > > Sorry, didn't realise I couldn't post a patch to the misc@ (I've never > > needed to before). > > > > Please excuse my ignorance, but what is the accepted way to contribute a > > patch? > > Post it to tech@ . Done. See post to tech@ titled "httpd: patch to close TLS sockets that fail before TLS handshake".
Re: httpd stops accepting connections after a few hours on current
On Wed, 2015-07-15 at 21:41 +0930, Jack Burton wrote: > The fix is trivial -- see attached patch (against 5.7-stable -- sorry, > I don't have any hosts running -current at present). <...> > [demime 1.01d removed an attachment of type text/x-patch which had a > name of httpd_server_accept_tls.patch"; charset="UTF-8] Sorry, didn't realise I couldn't post a patch to the misc@ (I've never needed to before). Please excuse my ignorance, but what is the accepted way to contribute a patch?
Re: httpd stops accepting connections after a few hours on current
On Mon, 2015-07-13 at 16:19 +0200, Tor Houghton wrote:
> On Mon, Jul 13, 2015 at 10:52:46PM +0930, Jack Burton wrote:
> > >
> > > I don't pretend to know httpd (at all), but I'm wondering, what should
> > > fstat(1) say, over time, for the httpd processes?
> >
> > Thanks Tor -- that was exactly the clue I needed to isolate the
> > problem.
> >
> > [snip]
> >
> > admin talks to a custom FastCGI daemon, which is most likely the culprit
> > -- I'll debug it tomorrow.
<...>
>
> I am not sure you should conclude yet. I don't use FastCGI. ;-}
>
> Now, as I write, I have 218 open fd's, compared to the 206 or whatever I had
> in my previous post. I've got a few "dangling" :443 streams (the :80 ones
> seem to disappear like they should), and then a bunch of these:
You're absolutely right -- I spoke too soon.
After double-checking that every possible path a request could take
through the custom FastCGI daemon used by admin ends by sending an
FCGI_END_REQUEST record back to httpd (it does), I turned my attention
back to the httpd logs & debug messages gathered.
This time I had my little script check the remote IP addresses of those
socket against all the httpd access logs (not just the current ones) and
where nothing matched there, finally check the httpd debug output too.
Again, only the admin server (the only one here that's Internet-facing)
had stale sockets (all open sockets for redir & portal matched log
entries) -- out of 26 open sockets, 4 matched log entries for current
HTTPS sessions, 2 matched "buffer event error" debug messages and the
other 20 didn't match in either the logs or debug messages.
I still don't know what's causing the buffer event error messages, but
as they accounted for only 2 of the 22 stale sockets, I figured it was
more important to focus on the other 20 first.
So, what sort of HTTPS event doesn't make it into the logs and doesn't
cause any debug messages containing the remote IP address to be emitted
either?
The only thing I could think of was a TCP connection to port 443 where
the remote end doesn't initiate a TLS handshake (that's nowhere near as
improbable as it sounds: think a simple port scan, or a network outage
commencing directly after the first ACK).
So, as a test I tried just that: establishing a TCP session from a
remote host then closing it without sending anything at all at layer 5.
Naturally, doing that where httpd expects plain HTTP causes only a
single debug message to be emitted ("...done"), and the socket gets
closed as expected.
But doing it where httpd expects HTTPS and the local side of the socket
remains open, nothing appears in the regular logs, and nothing
identifiable by remote IP address appears in debug messages either.
Trying to match log/debug entries that aren't identified by the remote
IP address on a host with even a modest amount of traffic struck me as
an exercise in futility, so I tried the same experiment on another host
(also running 5.7-stable) with no other load on httpd at all.
Result was the same: httpd did not close the socket or log anything in
the regular logs. However, one debug message was emitted, our old friend
"server_accept_tls: TLS accept failed - (null)"...
...which brings us right back to where this thread started.
Looking at the source, server_accept_tls() handles two types of
non-recoverable error condition: timeout after retry and outright
failure. In the first case (EV_TIMEOUT), server_accept_tls() calls
server_close() (which in turn calls server_close_http(), which closes
the socket) before returning; in the second case it does not.
I believe this is the bug we've been looking for.
The fix is trivial -- see attached patch (against 5.7-stable -- sorry,
I don't have any hosts running -current at present).
That works for me (tested here on two hosts: sparc64 with test load
only; and amd64 with modest production load).
Not sure if that's the best approach or not, but now that we've at
least established root cause, if there's a better way I'm sure someone
else on the list will point it out.
[demime 1.01d removed an attachment of type text/x-patch which had a name of
httpd_server_accept_tls.patch"; charset="UTF-8]
Re: httpd stops accepting connections after a few hours on current
On Mon, 2015-07-13 at 11:02 +0200, Tor Houghton wrote: > On Sun, Jul 12, 2015 at 07:56:37PM +0930, Jack Burton wrote: > > > > It is possible I simply failed to provision sufficient capacity -- > > which could easily be fixed by adding a login class for www with a > > higher limit on open fds -- but I fear that might just be hiding the > > problem rather than addressing it: exhausting a 512 fd limit with with > > peak load of only 48 req/sec (and average load of 2 req/sec) just > > doesn't feel right (especially when that peak load is all 303s > > generated internally by httpd, which each take only a tiny fraction of > > a second to process). > > I don't pretend to know httpd (at all), but I'm wondering, what should > fstat(1) say, over time, for the httpd processes? Thanks Tor -- that was exactly the clue I needed to isolate the problem. Wrote a short script to parse the output of running fstat -p for each running httpd (we're running with prefork 8, so I didn't fancy doing it by hand), and report the timestamp of the last request in the relevant access log of each client IP with an open socket (or 'missing' if no entry in the current access log). Ran it roughly 4 hours after the last log rotation and found only 34 matches out of 73 open sockets. We don't run anything here that would take anywhere near 4 hours to return a response, so the 39 that didn't match entries in any of the current access logs were clearly where I needed to look. All 39 related to "admin" -- the one HTTPS server that I hadn't spent any time looking into (since it accounts for only 0.02% of httpd's load here, it didn't occur to me that that tiny little thing could be bringing httpd to its knees ... famous last words). admin talks to a custom FastCGI daemon, which is most likely the culprit -- I'll debug it tomorrow. "portal" (the other HTTPS server) also talks to a (different) custom FastCGI daemon, but carries orders of magnitude more traffic and didn't have any stale sockets -- so clearly our problem is at the other end of admin's FastCGI socket (not with httpd itself). Sorry for the noise. Ted -- similarly, you may want to look into whatever is at the other end of your "server1"'s FastCGI socket. If your issue is the same as ours, that's likely where you'll find the cause.
Re: httpd stops accepting connections after a few hours on current
On Sat, 2015-07-11 at 15:38 +0930, Jack Burton wrote: > It hasn't happened here in a few days now so I don't have a log extract > on hand to share (but can post one next time it happens). Okay, the issue returned this afternoon and the httpd debug output certainly sheds more light on the problem. This time we didn't see either the TLS or buffer event errors anywhere near the time at which httpd stopped responding to requests. Instead, we're getting "server_accept: deferring connections". According to the comments in server.c, that means we're running out of file descriptors. That struck me as odd, as our traffic generally isn't anywhere near high enough to expect that, so I checked the traffic at the time and there was indeed a spike although it didn't seem high enough to cause issues. Peak load was 48 requests in the one second before httpd stopped responding to requests. All 48 of those requests were to the trivial http server, whose config is just: listen on $int_addr port 80 block return 303 "https://portal.tvir.acscomp.net"; (yes I know that that hostname doesn't resolve publicly -- but it does when using the resolver assigned by dhcp on the semi-public [but not Internet-facing] network on which our httpd listens) As an aside, I didn't see in the debug output any requests during that final second [although there were two a couple of seconds later] to the target https server "portal" (which is served by the same instance of httpd) -- but I guess it's possible that all 48 clients either didn't act on the 303 or already had its target in their caches (environment is a residential building for tertiary students, so the user base is fairly static at this time of year -- so seems well within the realms of possibility that all 48 had / on portal cached). Debug output at the time httpd stopped responding reads (after 47 other requests to the trivial http server all timestamped 16:08:54): redir 192.168.137.160 - - [12/Jul/2015:16:08:54 +0930] "GET /personal HTTP/1.1" 303 0 server redir, client 119933 (505 active), 192.168.137.160:40521 -> 192.168.137.1, https://portal.tvir.acscomp.net (303 See Other) server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server redir, client 119935 (505 active), 192.168.137.160:45643 -> 192.168.137.1, done server redir, client 119934 (504 active), 192.168.137.160:40526 -> 192.168.137.1, done server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server redir, client 119936 (505 active), 192.168.137.160:47925 -> 192.168.137.1, done server_accept: deferring connections server_accept: deferring connections server redir, client 119938 (505 active), 192.168.137.160:40528 -> 192.168.137.1, done server redir, client 119937 (504 active), 192.168.137.160:40527 -> 192.168.137.1, done server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server redir, client 119940 (505 active), 192.168.137.160:37213 -> 192.168.137.1, done server_accept: deferring connections server_accept: deferring connections portal.tvir.acscomp.net 192.168.137.99 - - [12/Jul/2015:16:08:56 +0930] "GET / HTTP/1.1" 200 0 server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections server_accept: deferring connections portal.tvir.acscomp.net 192.168.137.112 - - [12/Jul/2015:16:08:57 +0930] "GET / HTTP/1.1" 200 0 server_accept: deferring connections Then nothing but "server_accept: deferring connections" over and over again. It is possible I simply failed to provision sufficient capacity -- which could easily be fixed by adding a login class for www with a higher limit on open fds -- but I fear that might just be hiding the problem rather than addressing it: exhausting a 512 fd limit with with peak load of only 48 req/sec (and average load of 2 req/sec) just doesn't feel right (especially when that peak load is all 303s generated internally by httpd, which each take only a tiny fraction of a second to process). I notice in the source that server_close_http() is responsible for freeing session-specific fds, and that it's called from server_close(), which is also responsible for generating the "..., done" debug messages and decrementing the active client count. We're only seeing those "..., done" messages in the debug output for a small proportion of completed HTTP sessions, and the active client count continues to grow (and only falls occasionally), even when there is much less HTTP traffic. Is seems as if some HTTP sessions get their fds freed on completion while others don't ... but I can't find anything in the source to support that conjecture. Could someone who's more familiar with httpd than I am offer a clue please?
Re: httpd stops accepting connections after a few hours on current
On Thu, 2015-07-09 at 11:59 +0200, Tor Houghton wrote: > On Wed, Jul 08, 2015 at 10:04:27PM -0500, Theodore Wynnychenko wrote: > > > > [snip] > > > > server https://server2.tldn.com, client 2067 (63 active), 10.0.28.254:60330 > > -> > > 10.0.28.130:443, buffer event error > > [..] > > server https://server2.tldn.com, client 2068 (63 active), 10.0.28.254:52350 > > -> > > 10.0.28.130:443, buffer event error > > I'm going to "me too" on this one (have not been until now, as I thought > perhaps it was due to my setup, and therefore off-topic). Likewise, seeing the same behaviour here on 5.7-stable -- so the problem is not confined to -current. Fairly small & simple httpd setup here, httpd configured with 3 server stanzas: 2 HTTPS-only (both using FastCGI) plus one trivial HTTP-only (just a block return 303 pointing to one of the HTTPS servers). Quite a light load too (averaging 178k requests/day -- about 2/sec). Frequency of problem varies wildly -- sometimes occurs after only an hour or two since last httpd restart and at other times httpd will last for up to 4 days before it stops responding to requests. Variation in volume of requests appears to have no effect on frequency of recurrence either. On every occasion, httpd continues to respond correctly to signals (httpd restarts are always clean), just not to HTTP[S] requests. On at least one occasion, the http socket continued to respond correctly to requests, whilst the two https ones stopped responding. On other occasions, all 3 stopped responding at around the same time. When a socket stops responding, it still accepts requests but httpd neither logs (at least, when not in debug mode) nor responds to them (i.e. I can successfully open a TCP session to the listening socket and send it a request, but nothing comes back after the initial ACK). It hasn't happened here in a few days now so I don't have a log extract on hand to share (but can post one next time it happens). >From memory in the past we were seeing TLS accept fail errors in the logs, as reported by the original poster, but not at the time the sockets stopped responding (only well beforehand), so I'd also assumed that those were unrelated. Running tcpdump on both user-facing interfaces (and on pflog0 just to rule out the possibility of some error in our pf.conf) whilst httpd was not responding to requests on previous occasions revealed nothing new. Have tried watching debug output a couple of times before, but it rapidly gets quite unwieldy, even with our modest load (especially over a remote ssh session -- both uplinks at that site are nearing capacity), given the length of time it can take for the problem to manifest (on each occasion I gave up after a few hours without the problem occurring). Am now running httpd -dvvv with stdout/err redirected to a temporary log file (probably should have done that in the first place). We are already seeing (after less than a minute) entries in the debug logs similar to those reported by Theodore, for example: * On an HTTPS server (using FastCGI): server portal, client 305 (14 active), 192.168.137.161:52224 -> 192.168.137.1:443, buffer event error and * On the trivial HTTP server (using just a block return 303): server redir, client 132 (11 active), 192.168.137.100:61081 -> 192.168.137.1, buffer event timeout However, the original problem (httpd stops responding to requests) is *not* occurring at present. Will post debug log extract & httpd.conf next time the problem recurs (should be within the next few days).
Re: Dell S300 controller
On Mon, May 04, 2015 at 08:22:28PM -0400, Steve Shockley wrote: >Does anyone know if the Dell PERC S300 controller will work under >OpenBSD as a non-RAID SAS HBA? It has an LSI SAS 1068e, but I didn't >know if they did something to make it not work as an HBA. Thanks. I don't believe the controller will automatically export unconfigured drives as single drive units. LSI makes 2 different versions of firmware for the unbranded controllers, IR mode for RAID and IT mode for HBA, but it's not possible/easy to flash them to the Dell branded controllers. Create RAID0 single drive units on each disk and it should export.
Re: OpenBSD Tablet-ish
Robert wrote: On Thu, 19 Feb 2015 13:23:47 -0600 Luis Coronado wrote: sharp zaurus? Anything that can be acquired outside of a museum? ;) Thanks everyone, Luis, Christopher, Robert, for all the ideas, and keep 'em coming if anyone has any more. I may not be able reply if any q's are asked until Monday, thanks again.. -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
OpenBSD Tablet-ish
What's the smallest, most tablet-ish device I can put OpenBSD on? Want to travel and stay connected. -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Shor
Re: integrity of commercial CD set
Theo de Raadt wrote: Finding them inside the global shipping system is easier than you think One of the joys of growing old is watching the really bad sci fi you read as a youth all come true :) -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Re: Discovering the keycode of key.
Eduardo Lopes wrote: May someone point to me how do I can obtain, in the console, the keycode of any particular key, in OpenBSD? in gforth (a port) you can do KEY . -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Re: USB hub stopped working
patrick keshishian wrote: Hi Martin, On 11/25/14, Martin Pieuchot wrote: Hello Patrick, On 24/11/14(Mon) 23:48, patrick keshishian wrote: Hi, I have this USB hub, which is connected to my desktop PC; External powered? Is it plugged in? Excuse me for asking. -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Update to gravely outdated quiz(6) datfiles
The Africa file still lists Egypt as United Arab Republic, which ceased
to exists de facto in 1961, and de jure in 1971...
Cheers,
j
--- africa.orig Sat Nov 22 12:39:35 2014
+++ africa Sat Nov 22 13:34:47 2014
@@ -1,43 +1,54 @@
Algeria:Alg[iers|er]
+Angola:Luanda
Botswana:Gaborone
+Burkina Faso:Ouagadougou
Burundi:Bujumbura
-Cameroun:Yaound['e|e'|e]
+Camero[o|u]n:Yaound['e|e'|e]
+[Cabo|Cape] Verde:Praia
Central Africa{n Rep{ublic}}:Bangui
-Chad:Ndjamena
-Congo:Brazzaville
-Dahomey:Porto Novo
+Chad:N'Djamena
+{Union of the }Comoros:Moroni
+Republic of Congo:Brazzaville
+Democratic Republic of the Congo:Kinshasa
+Djibouti:Djibouti City
+Benin|Dahomey:Porto[-| ]Novo
Ethiopia:Addis Ababa
+Equatorial Guinea:Malabo
+Eritrea:Asmara
Gabon:Libreville
+Gambia:Banjul
Ghana:Accra
Guinea-Bissau:Bissau
Guinea:Conakry
-Ivory Coast:Abidjan
+C[^o|o^|o]te d'Ivoire|Ivory Coast:Yamoussoukro
Kenya:Nairobi
Lesotho:Maseru
Liberia:Monrovia
Libya:Tripoli
-Malagasy{ Rep{ublic}}|Madagascar:Tananarive
+Madagascar:Tananarive
Malawi:Lilongwe
Mali:Bamako
Mauritania:Nouakchott
+Mauritius:Port Louis
Morocco:Rabat
-Mo[z|,c|c,|c]ambique:Louren[,c|c,|c]o Marques
+Mo[z|,c|c,|c]ambique:Maputo
+Namibia:Windhoek
Niger:Niamey
Nigeria:Abuja
-Rhodesia:Salisbury
Rwanda:Kigali
+S[~a|a~|a]o Tom['e|e'|e] and Pr['i|i'|i]ncipe:S[~a|a~|a]o
Tom['e|e'|e]
Senegal:Dakar
+Seychelles:Victoria
Sierra Leone:Freetown
-Somali{ Rep{ublic}}:Mogadis[cio|hu]
+Somalia:Mogadishu
+{Rep{ublic} of }South Africa:Pretoria
+South Sudan:Juba
Sudan:Khartoum
Swaziland:Mbabane
-Tanzania:Dar es Salaam
+Tanzania:Dodoma
Togo:Lom['e|e'|e]
Tunisia:Tunis
Uganda:Kampala
-United Arab Rep{ublic}|Egypt:Cairo
-Upper Volta:Ouagadougou
+Egypt:Cairo
Zambia:Lusaka
-Za["i|i"|i]re:Kinshasha
-{Rep{ublic} of }South Africa:Pretoria
-{The }Gambia:Bathurst
+Zimbabwe:Harare
--- asia.orig Sat Nov 22 13:30:09 2014
+++ asiaSat Nov 22 13:42:08 2014
@@ -1,11 +1,16 @@
Afghanistan:Kabul
+Armenia:Yerevan
+Azerbaijan:Baku
Australia:Canberra
Bahrain:Manama
Bangladesh:Dacca
-Bhutan:Thimbu
-Burma:Rangoon
+Bhutan:Thim[b|ph]u
+Brunei:Bandar Seri Begawan
+Cambodia:P{h}nom Penh
China:Beijing|Peking
Cyprus:Nicosia
+East Timor:Dili
+Georgia:Tbilisi
India:New Delhi
Indonesia:Jakarta|Djakarta
Iran:Tehran
@@ -13,16 +18,17 @@
Israel:Jerusalem
Japan:Tokyo
Jordan:Amman
-Khmer|Cambodia:P{h}nom Penh
-Kuwait:Al-kuwait
+Kazakhstan:Astana
+Kuwait:Al-Kuwait|Kuwait City
+Kyrgyzstan:Bishkek
Laos:Vientiane
Lebanon:Beirut
Malaysia:Kuala Lumpur
Maldive Islands:Male
-Mongolia:Ulan Bator
-Nepal:Katmandu
+Mongolia:Ulaanbaatar|Ulan Bator
+Myanmar|Burma:Naypyidaw|Nay Pyi Taw
+Nepal:Kat{h}mandu
North Korea:P{'}yongyang
-North Yemen:San{'}a
Oman:Muscat
Pakistan:Islamabad
Papua[-| ]New Guinea:Port Moresby
@@ -31,11 +37,13 @@
Saudi Arabia:Riyadh
Singapore:Singapore
South Korea:Seoul
-South Yemen:Aden
Sri Lanka:Colombo
Syria:Damascus
Taiwan:Taipei
Thailand:Bangkok
Turkey:Ankara
+Turkmenistan:Ashgabat
United Arab Emirates:Abu Dhabi
+Uzbekistan:Tashkent
Vietnam:Hanoi
+Yemen:San{'}a
Re: The Dao of pf?
Steve Litt wrote: This time, I'd like to understand what I'm doing a little more. What are some broad principles of pf? Does pf have an overarching philosophy or architecture? Read the book :) http://www.amazon.com/Book-PF-No-Nonsense-OpenBSD-Firewall/dp/1593275897/ref=asap_B001JPCK0S_1_1?s=books&ie=UTF8&qid=1414126274&sr=1-1 -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Re: nobody spoke up, about today?
STeve Andre' wrote: Happy birthday, OpenBSD! Also John Le Carré's birthday. Coincidence? :) -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Re: OpenBSD 5.5: question regarding pf syntax
andy wrote: I have what I hope is a simple syntax question for pf rules. BTW 3rd edition about to be released. The Book of PF In the third edition of The Book of PF (No Starch Press, Oct 2014, 248 pp., $34.95), author Peter N.M. Hansteen returns with more of the life-saving PF and BSD help that made the first two editions such a hit. With the help of this fast-paced, clear, instructional guide, readers will master the latest PF developments to build strong and secure networks better able to handle today's network demands. -- Jack Woehr # "There's too much emphasis on things Box 51, Golden CO 80402 # like pawn structure in modern chess. http://www.softwoehr.com # Checkmate ends the game." - N. Short
Re: Why are there NSA, CSIS, and GOOGLE IDs in my ftplist.cgi
Theo de Raadt wrote: 1 person noticed. Took about 6 years. "Clark Kent, you're a real SOB when you're drunk!" :) -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: SHA file missing on CD1 of OpenBSD 5.5
Ted Unangst wrote: It's pretty difficult to create CDs that both contain signatures and are themselves signed. Yeah, you'd have to replace SHA with something like Ouroboros :) -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: OpenBSD on IBM Power
Nick Holland wrote: There's a lot of reasons developers can be interested in particular hardware The P series are perfectly good systems for AIX, Linux, and i Series OS (OS400). They would also be fine for OpenBSD if there were any call for that, but in the IBM community, the open-source *nix niche was filled in the 1999 by IBM mutineers creating a Linux port. The technology spread from the 390 to the AS400 and the P series (which latter subsumed the AS400). All attempts to revisit the issue of *nix-on-IBM-big-iron have been spectacularly unsuccessful at gaining adherents, e.g., the excellent SOL390 (Open Solaris for mainframes) port was born only to die a lonely death. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: OpenSSL heartbleed ?
Josh Grosse wrote: Please read: http://www.openbsd.org/errata53.html and note item #14. You may download the patch from there or for your convenience: http://ftp.openbsd.org/pub/OpenBSD/patches/5.3/common/014_openssl.patch You may also want to read the article published by the OpenBSD Journal: http://undeadly.org/cgi?action=article&sid=20140408063423 Thanks for the update. Should have read the errata list first. I'm getting old and slow. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
OpenSSL heartbleed ?
http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx accurate w/r/t 5.3? -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: OpenBSD Website, multilanguage faq
I would volunteer to translate the FAQ into Bazgelootz, a language my wife and daughter and I made up over 25 years around the dinner table, but they don't use OpenBSD. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Request for Funding our Electricity
Bob Beck wrote: so it's not a source of sustainable funding, unless we were to do something like introduce an annual quota of bugs http://dilbert.com/strips/comic/1995-11-13/ -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Request for Funding our Electricity
Daniel Cegiełka wrote: http://goteo.org/project/gnupg-new-website-and-infrastructure Why do not you do such a campaign? I think Theo has answered this previously. His point was that he doesn't want to spend his time year after year running campaigns. Being neither a politician nor a diplomat nor a grantmaster, he wants a sustainable model. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Virtualize or bare-metal?
Christopher Ahrens wrote: Wish I could split everything off to physical, but all I have for space for is a mini-rack that fits under my desk in my apartment Sounds like you have answered your own question! -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: NSA spy catalog
Erling Westenvik wrote: Anyway: When can we expect OpenBSD support for these devices? Erling made my day :) -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Are there OpenBSD users who are not IT professionals?
za...@gmx.com wrote: I have decided to adopt OpenBSD and use it for simple day-to-day tasks, as a desktop OS (as I would any popular Linux distribution). Does this choice of mine, and its underlying reasoning, make sense? Yes, it does most of the stuff Linux does, mostly except where prevented from doing so by closed source of the sort acceptable to Linux but not to OpenBSD> Are there any significant drawbacks to my adoption of OpenBSD (such as OpenBSD being too technical and too difficult, as compared, say, to Linux distros)? It is a tad more technical. It is not hideously difficult. It's fast enough to install and try that you might as well grab a spare computer and try it once. Read the directions, they're concise and accurate. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: time_t
Theo de Raadt wrote: double (or even better long double) would be a better underlying type for time_t than long long. If you believe strongly in this idea, you should take an entire operating system base and prove the case 15 years ago a gen-yoo-wine software engineer in our department suggested an optimization in an often-executed loop in our code. The curmudgeonly architect/programmer lowered his eyeglasses and stared across the table. "And if we make this change," he said, "and it passes testing, and is pushed to all our customers, each of them will save, oh, 1.5 seconds of execution time per year." -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Hardware backdoors in Lenovo?
Michael Motyka wrote: Meanwhile, even the new Beagle Bone has ~120KB of secure code and hands off execution to the user in non-secure supervisor mode. It's probably that way for my own good. Sigh. I may try to get past that since it's a cool little board. http://www.colorforth.com/ -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Java on OpenBSD 5.3
openda...@hushmail.com wrote: On 19. juli 2013 at 3:17 PM, "Matthew Dempsky" wrote: plenty of disk space left in /usr/local (my ports are in /usr/local/ports). /dev/wd0h 3.7G1.8G1.7G52%/usr/local Pretty sure it takes more than 1.7G to build Java. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Java on OpenBSD 5.3
Miod Vallat wrote: Pretty sure it takes more than 1.7G to build Java. But then how can java people pretend it has any usefulness, besides filing disks? Miod métaphysico-théologo-cosmolo-nigologie :) Language wars are s-o-o-o 20th century. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Boning the Troll
Notice that "Thomas" is also "Jash" of the "OpenBSD Doesn't Support 64-Bit Intel" troll which turns out to be word-for-word yet another posting on the previously cited troll blog site whose URL I will not reproduce here. Apparently we're dealing here with a dedicated (professional?) agent provacateur. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Recommended new laptop under US$800 for OpenBSD
Tito Mari Francis Escaño gmail.com> writes: > > Good day, > I'd like to seek your advise what new laptop brand and model should I buy > that is fully functional (video, LAN, Wifi, sound) with OpenBSD 5.x. I > searched online and found only older models. My sisters plan to give me a > laptop for Christmas so I'd like to make sure I get the laptop that works > with my OS of choice. > Thank you very much. > > My suggestions: Best Budget Laptop: ASUS K55A-DS51 or Best Hybrid Laptop: Lenovo IdeaPad Yoga 13 Convertible Touchscreen source: http://thebestlaptopbrands.com/best-laptops-2013/
Re: out-of-order TCP
Peter Bisroev wrote: Maybe I am missing something but how come there are so many out of order packets? What's missing may be methodical forensics. Can you monitor the incoming via some other device and see if they come "out of the wall socket" out of order? -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
Michael W. Lucas wrote: I should mention here: the Kindle conversion of AO2e had problems. Every Kindle book converted from print I have ever read does have problems. One of the worst was the chess book _The Life and Times of Mikhail Tal_. (my review of same: http://www.amazon.com/review/RX0JLQ3WC3KHW/ref=cm_cr_rdp_perm) I have pointed out several already in your 2nd Ed. to the publisher! -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )
Ingo Schwarze wrote: Hi, TRUNASUCI TRUNASUCI wrote on Wed, May 08, 2013 at 12:01:03AM -0400: I just wanna ask if there is a project for this official refernce book for all users ( if any please inform ). If you want to buy a very helpful book, _Absolute OpenBSD_ from No Starch Press just made second edition. I have the Kindle version to review and will be reviewing on Amazon soon. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Custom core dump folder ?
If there is a list of daemons, etc. running 24/7, it would be useful if they all dumped in 1 folder rather than using a script to search for them. This way we will actually notice when a core dumps; the core is not buried deep inside a current-working-directory waiting for it to be discovered by some script. Even Python dumps core sometimes. Anyway, my $0.02. On Thu, Apr 4, 2013 at 5:02 PM, Ted Unangst wrote: > On Thu, Apr 04, 2013 at 15:37, Jack N. Asher wrote: >> Is there a way to specify a custom core dump folder in OpenBSD ? I do >> not see any references to it in sysctl -a >> If not, is there a security reason for it not being supported or can >> it be added to a wishlist ? > > It is not supported, probably because nobody found any use for it. > > You can add anything you like to your wishlist, just keep your expectations > in check. :)
Custom core dump folder ?
Is there a way to specify a custom core dump folder in OpenBSD ? I do not see any references to it in sysctl -a If not, is there a security reason for it not being supported or can it be added to a wishlist ? This is the FreeBSD way (AFAIK, OpenBSD does not support it): sysctl.conf kern.corefile="/custom-folder/%U.%N.core"
Re: Legal Question: OpenBSD Spin-off
Crookedmaze wrote: On 02/10/2013 06:47 PM, Rod Whitworth wrote: On Sun, 10 Feb 2013 18:09:56 -0600, Maximo Pech wrote: Well, installing openbsd is not what I'd call easy for people with few technical skills. Crap! It is well documented and very little data needs to be typed in as most input can be done by accepting the default. If you need OpenBSD you have the technical skills to install it or you know (and possibly pay) someone who does. OpenBSD, which is 20-ish years old now, was designed and is designed and apparently always will be designed for those who have the technical skills. If no, there is always Linux. -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: Q: username policy in install and in adduser
Theo de Raadt wrote: It is good sense to push unix users into a mentality that usernames should be lower case by default. "Tis a gift to be simple" ... every time "plane" vanilla admin is warped to enable some unnecessary feature that tickles the user's fancy, eventually problems emerge. Why look for trouble? -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: [www.openbsd.org] Re: man pages with screen reader
Eric Oyen wrote: they have. however, thermoform paper is actually more expensive than standard paper stock. Ah. Real-world economics scotches another clever techno solution :( -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: [www.openbsd.org] Re: man pages with screen reader
Eric Oyen wrote: 120 pound bond paper is rather hard on the print heads they use (and its the only stuff that will reasonably hold braille). Bond paper is traditional. Haven't they figured out a way to emboss thin sheets of polymer yet? -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
Re: [www.openbsd.org] Re: man pages with screen reader
Eric Oyen wrote: btw, an actual braille embosser (a monster braille printer) costs about $10K. Hmm, sounds like an entrepreneurial opportunity making a cheaper unit. What's the input? Unicode? -- Jack Woehr # "We commonly say we have no time when, Box 51, Golden CO 80402 # of course, we have all that there is." http://www.softwoehr.com # - James Mason, _The Art of Chess_, 1905
