Re: mplayer-port - No picture but sound works well?

[Mike]

[EMAIL PROTECTED] wrote:
> I'm sorry maybe somebody else noticed that "problem" already but I noticed
> that mplayer displays nothing if I wanna watch a movie. I can hear the
> sound but there nothing visual (realy nothing, just sound output).
> 
> I did the same things like on 3.6 and installed mplayer from the ports but
> seams it's brocken in 3.7.
> I tested it on AMD64 and i386 (diffrent computers) and would be happy if
> somebody could tell me what I missed this time.
> 
> Kind regards,
> Sebastian
> 
> 

Maybe your video is using unsupported codec or your video output setting
is wrong.

You probaly have missed something important as example reading mplayer
man page and other documents or you should just switch your OS to
something else.

Re: ifconfig, lladr, netstart and booting

[Mike]

-f wrote:
> hi there,
> 
> now that openbsd supports ethernet address changes,
> what is the proper way of doing it for a particular
> interface?  i did not find references to it in
> hostname.if, will there be an option for it?

maybe you should read the hostname.if(5) man page again.

Re: OPEN SOURCE MASTERPLANS

[Mike]

if you people forget to read OpenBSD Mailing Lists page,
here is one interesting thing to you should read:

Respect differences in opinion and philosophy

Intelligent people may look at the same set of facts and come to very
   different conclusions. Repeating the same points that didn't convince
someone previously rarely changes their mind and irritates all the other
readers.

Re: 3.7CDs arrived today...

[Mike]

> Of course, this misses the fact that this has been a problem 
> with *all* jewel cases since time immemorial. I've got a 
> stack of a dozen music CDs in jewel cases on my desk right 
> now. Some of them are mine; some mine that I've lent out; 
> some that I'm borrowing. At least a third have broken jewel 
> cases. Maybe more.
> 
> If you look in your music collection, you'll almost certainly 
> discover the same thing.
> 
> But do you complain to the record companies about their jewel cases?
> 
> If you *really* care about the state of your jewel case when 
> it arrives, there *is* an official option to ship the CDs 
> wrapped in lots of soft cloth padding. It costs an extra $20, 
> but the bonus is that the cloth comes pre-printed with 
> OpenBSD artwork and is in a shape suitable for covering your torso.
> 

I don't want to put myself on the "unhappy" list, but I got my CD a few days
ago and the middle jewel case prongs were f'ed up too. 

Eh, it happens. Whatever.

However, I also ordered two tshirts which did not seem to provide adequate
padding. So... It's not the end-all solution to the problem.

Beyond that, I'd have to say that I've probably only had a small handful of
CD cases purchased from stores have any problems with them. Sure if you
treat them badly they can break because they're not made of steel, but
buying them new has given me almost no problems. And the few times I have
had problems I just have returned them to the music store for an exchange
for an unbroken case and all was good.

Unfortunately, it's more a factor of shipping than the CD cases.

I just took a double CD case I had laying around and pulled out the middle
part and put it in place of the one that was broken on the 3.7 case. It's
not a perfect fit, but it works. 

-M

Re: F-Secure Computer Virus Information Pages: Googkle

[Mike]

> For the OpenBSD experts on this list:
> 
> Can the malware at Gookle.com described at the link crack 
> OpenBSD and/or Konqueror?
> (I am far from an expert, so I practice 'better safe than 
> sorry' when I see f-secure's explicit warnings).
> 
> http://www.f-secure.com/v-descs/googkle.shtml
> 
> Thanks,
> Dave Feustel

I may not be an OpenBSD expert, but I do tech support at an anti-virus
company and deal with viruses, disinfection and the like all day long. :)

My initial reaction is that an OpenBSD machine isn't at risk from this at
all. First reason is that the only way this will work is if you're using a
web browser that has the vulnerabilities that it uses to run the
executables. F-secure didn't give any details, but these problems are
typically IE issues. While it *could* be present in other browsers, I'd be
surprised.

So even if you were running a browser on an OpenBSD machine that somehow had
an exploit that allowed the code to run, the files that they're talking
about are all Windows executables aside from the JAR file - which is still
expecting to find a Windows environment for extraction.

I'm very prone to go and poke around there with Firefox - though I wish
F-secure was more explicit about the "exploits" that they're describing - as
most of the really dangerous ones do have patches available for
irresponsible Windows users.

Just my $.02

-M 

Re: F-Secure Computer Virus Information Pages: Googkle

[Mike]

Dave Feustel wrote:
> For the OpenBSD experts on this list:
> 
> Can the malware at Gookle.com described at the link
> crack OpenBSD and/or Konqueror?
> (I am far from an expert, so I practice 'better safe
> than sorry' when I see f-secure's explicit warnings).
> 
> http://www.f-secure.com/v-descs/googkle.shtml
> 
> Thanks,
> Dave Feustel
> 
> 

get some brains dude.

xconsole customize.

[Mike]

i was not able to find any information from anywhere, how could i split
long messages to many lines instead of one line in xconsole, so i don't
have to scroll horizontal?

risky alias..

[Mike]

just a question that has been in my mind for several years, as for
aliases isn't that a bit risky to allow to do something like:
 alias /usr/bin/su='echo "damn."'

as PATH and other enviroment values are strictly parsed and stuff
shouldn't there be something for this too or do i miss something
important or is this too paranoid..

Re: "Desktop" chrooted

[Mike]

Stephan Wehner wrote:
> Mainly I'm worried about running a lot of user applications which
> connect to the Internet. But I can't estimate the overhead.
> 

choose wisely your applications and systrace(1) would most likely give
you some extra security.

Re: risky alias..

[Mike]

Adam Gleave wrote:
> I don't understand your point
> 
> --- START: Shell output ---
> 
> puffy:nard {109} alias foo 'echo bar'
> puffy:nard {110} foo
> bar
> puffy:nard {111} su -
> Password:
> Terminal type? [screen]
> puffy# foo
> foo: Command not found.
> 
> --- END: Shell output ---
> 

the thing i meant was something more like this:

puffy:nard {109} alias su 'echo bar'
puffy:nard {110} su
bar

 --- END: Shell output ---


would be easily to get password or something else.

Re: risky alias..

[Mike]

Jason Opperisano wrote:
> On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote:
> 
>>would be easily to get password or something else.
> 
> 
> if $bad_person has the ability to modify your user's or the system-wide
> shell initialization files, why exactly would they need to steal your
> password at that point?
> 
> -j
> 
> --
> "Brian: Congratulations, Peter. You're the Spalding Gray of crap."
> --Family Guy
> 
> 

i was just thinking that maybe my friend is a bad person or double agent
or maybe the janitor is clever and attacks silently in that time when im
going to bathroom and in a one time i forget to lock my desktop, then
all is lost and disaster is there.

question regarding to antispoof directive.

[Mike]

i was writing my pf rules and and i noticed following:

the rule, antispoof quick log for fxp0 inet
expands to this when loading the rulesets to packet filter:

 block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any
 block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any
 block drop in log quick on ! fxp0 inet from 172.16.0.0/12 to any
 ...

 the ruleset optimizer removes the duplicated entries but is it normal
it to translate the rule in this way in the first place?


Regards Mike.

Re: read-only storage media

[Mike]

Matt Garman wrote:

Is there any kind of storage media that can be set as read-only, and
only reset to read and write by physical access?



Transcend makes IDE flash modules with a jumper for read-write or 
read-only.  Might be a good fit for your needs:


http://www.transcendusa.com/products/ModList.asp?CatNo=19&LangNo=0


Mike

VIA IPSec acceleration

[Mike]

19 angelos Exp $
$EOM: policy,v 1.6 2000/10/09 22:08:30 angelos Exp $
Authorizer: "POLICY"
Licensees: "passphrase:mekmitasdigoat"
Conditions: app_domain == "IPsec policy" &&
esp_present == "yes" &&
    esp_enc_alg == "aes" &&
esp_auth_alg == "hmac-sha" -> "true";


Does anyone have suggestions about how to take advantage of the hardware 
features for IPSec?



Thanks!

Mike



Dmesg below (both machines are identical hardware):

# dmesg
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE
cpu0: RNG AES
real mem  = 502837248 (491052K)
avail mem = 451956736 (441364K)
using 4278 buffers containing 25243648 bytes (24652K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(d9) BIOS, date 03/11/04, BIOS32 rev. 0 @ 0xface0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdba4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb10/144 (7 entries)
pcibios0: PCI Exclusive IRQs: 9 11 12
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT82C596A ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xe000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT8623 PCI" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8633 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA CLE266" rev 0x03: aperture at 
0xd800, size 0x1000

wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vr0 at pci0 dev 15 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 12 
address 00:40:63:db:53:5d

ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface
ukphy0: OUI 0x004063, model 0x0034, rev. 9
uhci0 at pci0 dev 16 function 0 "VIA VT83C572 USB" rev 0x80: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 "VIA VT83C572 USB" rev 0x80: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 "VIA VT83C572 USB" rev 0x80: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 3 "VIA VT6202 USB" rev 0x82: irq 12
ehci0: EHCI version 1.0
ehci0: companion controllers, 2 ports each: uhci0 uhci1 uhci2
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: VIA EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: single transaction translator
uhub3: 6 ports with 6 removable, self powered
pcib0 at pci0 dev 17 function 0 "VIA VT8235 ISA" rev 0x00
pciide0 at pci0 dev 17 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom removable
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
auvia0 at pci0 dev 17 function 5 "VIA VT8233 AC97" rev 0x50: irq 9
ac97: codec id 0x56494161 (VIA Technologies VT1612A)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr1 at pci0 dev 18 function 0 "VIA RhineII-2" rev 0x74: irq 11 address 
00:40:63:db:53:c1

ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface
ukphy1: OUI 0x004063, model 0x0032, rev. 8
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0

pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pccom2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
biomask ff45 netmask ff45 ttymask ffc7
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

Re: Via C3 IPSec test result

[Mike]

On Wed, 2005-08-03 at 15:29 +0200, Massimo wrote:
> I've made up a test LAN built on two mini-ITX Via C3 based board to test
> the AES encryption functionality of this CPU on a real setup.
> 
> I've used flashboot 0.7.2 from Damien simply for a matter of time (I've
> some flash card already configured) and since it seems to me a very good
> product, the kernel is GENERIC-MD

I made a similar post recently [1].  One difference was that I was using
regular 3.7-release.

> Now the result.
> Iperf with 3DES suite show a 6.7Mbit/s with AES suit 16.8Mbit/s
> 
> The LAN with no IPSec, just routing show a 86Mbit/s, the two OBSD boxe
> wired together show up to 94Mbit/s

...

> During tests, top shows from 70% to 80% of system CPU usage and here are
> the vmstat output:

I showed similar performance numbers.  

I got a suggestion off-list to try a current release because this could
be related to the hlt hlt bug.  I installed a snapshot from 31 July but
it didn't improve things.  I changed my quick mode transforms from AES
SHA to BLF MD5 and improved IPSec performance to about 35Mbps.

I also tried the OpenVPN 2.0 package and got around 45Mbps doing AES
SHA.  Something that didn't make sense to me was disabling
kern.usercrypto had no impact on OpenVPN performance.

I'd appreciate any suggestions about mistakes I might have made or
things to try.


Thanks!

Mike


[1]: http://marc.theaimsgroup.com/?l=openbsd-misc&m=112275803416870&w=2

Need Opteron Motherboard Help - Supermicro?

[Mike]

Hi All,

Anyone here using one of the Supermicro AMD 8131-based
motherboards on their OBSD system?  If these are
unsuitable for OpenBSD, then what AMD64 or Opteron
motherboards are the current cream of the crop that do
work well with OpenBSD?

Thanks in advance,
Mike

Re: stubid litte "speaker beep" that doesn't stop

[Mike]

--- Didier Wiroth <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> I've installed 3.7 on a new pc. The motherboard has
> an onboard very
> small speaker. 
> As soon as 3.7 boots the speaker starts to beep and
> doesn't stop
> anymore.
> How can I stop this annoying beep.
> 
> I tried: to disable sysbeep (with config), a bios
> update but these
> didn't help. 
> 
> What else can I try?
> thx
> didier
> 
> 

Try unplugging the speaker lead from your motherboard.
 I'll go out on a limb here and assume that the
speaker is not soldered onto the motherboard.  :)

You can thank me later.

Mike

Re: Need Opteron Motherboard Help - Supermicro?

[Mike]

--- "Johan M:son Lindman" <[EMAIL PROTECTED]>
wrote:

> On Wednesday 28 September 2005 03.31, you wrote:
> > On Tuesday 27 September 2005 18.47, Mike wrote:
> > > Hi All,
> > >
> > > Anyone here using one of the Supermicro AMD
> 8131-based
> > > motherboards on their OBSD system?  If these are
> > > unsuitable for OpenBSD, then what AMD64 or
> Opteron
> > > motherboards are the current cream of the crop
> that do
> > > work well with OpenBSD?
> >
> > HP DL145 (G1) work well, dmesg below, haven't
> tried Supermicro.
> > Though you should probably want to avoid the newer
> Nvidia nForce 4 based
> > Opteron motherboards which seems to be all the
> rage these days.
> > nForce4 has got several issues with smp (ehci,
> AC97 and SATA not working
> > with GENERIC.MP) and it's not able to find all
> ppb(4)s properly.
> 
> 
> It should be noted that the ppb problem is only
> known to happen on the HP 
> DL145 G2 server.
> 
> 
> Regards
> Johan M:son
> 
> 

Thanks for the heads up on the Proliants.  I got a few
replies to my inquiry offlist as well, which I'd like
to thank everyone for once again.

Right now I'm leaning very heavily towards the
Supermicro H8DAE motherboard.  It looks like
everything is supported on the board by OpenBSD and
appears to be built like a brick sh*thouse.

There is an optional IMPI (Intelligent Platform
Management Interface) 2.0 and a RMM (remote management
module) card for this thing and I'm clueless - would
anyone know if OpenBSD would make use of these?

http://www.supermicro.com/Aplus/motherboard/Opteron/8131/H8DAE.cfm

Anywho, unless something else climbs up my shorts,
this looks to be the board I want.

Mike

Re: ThinkPad 600x Com Port

[Mike]

--- Roy Morris <[EMAIL PROTECTED]> wrote:

> Theo de Raadt wrote:
> 
> >>a cisco router "cu -s 9600 -l tty00" now that's
> what I
> >>would normally do to get access, any hints to
> where I
> >>am going wrong here would be great.
> >>
> >>"pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16
> byte fifo"
> >>
> >>
> >
> >try using cua00 instead of tty00
> >
> >The difference between these device nodes
> documented in tty(4).
> >This semantic behaviour is a copy of something
> SunOS 4.x did very
> >right.
> >
> >  
> >
> nope! here's what I get
> /root# cu  -l cua00 -s 9600
> Connected
> (then no response)
> 
> I switched to a Windows machine, same cable and used
> hyper term works fine. I must be missing something
> simple
> here!
> 
> 

I just the other day went into a Cisco 2950-24 switch
and was staring at a blank screen until I typed
"connect" and pressed the enter key. YMMV

Mike

Re: how to tell if I getting anything out of my hifn1411 card

[Mike]

Stuart Henderson wrote:

--On 13 October 2005 17:50 -0400, Andrew Atrens wrote:


 >> Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :)


If you want a low-ish power cpu for running crypto, the newer c3/eden 
are better.


I, too, was looking for a low power, low cost platform for doing IPSec 
VPN at fairly high speeds.  I'm not sure the hardware acceleration on 
the VIA boards (called ACE, padlock, etc.) is supported for IPSec [1,2]. 
 I got these results:


Pair of EPIA PD1 with RNG and AES [3]:
AES SHA: 24 Mbps
BLF MD5: 34 Mbps

Add Soekris VPN 1401s to PD1s:
AES SHA: 50 Mbps

Same tests on Opteron 248:
AES SHA: 80 Mbps (limited by testing on 10/100 LAN)



Hope this helps,

Mike


[1] http://marc.theaimsgroup.com/?l=openbsd-misc&m=112319509403282&w=2
[2] http://marc.theaimsgroup.com/?l=openbsd-misc&m=112275803416870&w=2
[3] Check carefully, many of these boards only support RNG

Re: Anyone tried a sun fire X2100 server yet?

[Mike]

Timo Schoeler wrote:

thus Reyk Floeter spake:


a sun guy said that the x2100 is based on the same platform as the U20
workstation. in contrast to the x4x00 "galaxy" servers

reyk


or is a dmesg from this machine available (had a short glimpse at the 
archive, noone appeared)?




I don't know how similar the Ultra20 and X2100 are, but here's dmesg 
output from an Ultra20:



OpenBSD 3.8 (RAMDISK_CD) #472: Sat Sep 10 16:09:03 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 1073278976 (1048124K)
avail mem = 909955072 (888628K)
using 22937 buffers containing 107536384 bytes (105016K) of memory
mainbus0 (root)
cpu0 at mainbus0: (uniprocessor)
cpu0: AMD Opteron(tm) Processor 148, 1005.28 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
pci0 at mainbus0 bus 0: configuration mode 1
"Nvidia nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured
"Nvidia nForce4 ISA" rev 0xa3 at pci0 dev 1 function 0 not configured
"Nvidia nForce4 SMBus" rev 0xa2 at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 "Nvidia nForce4 USB" rev 0xa2: irq 10, 
version 1.0, legacy support

usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ehci0 at pci0 dev 2 function 1 "Nvidia nForce4 USB" rev 0xa3: irq 11
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: Nvidia EHCI root hub, rev 2.00/1.00, addr 1
uhub1: 8 ports with 8 removable, self powered
"Nvidia nForce4 AC97" rev 0xa2 at pci0 dev 4 function 0 not configured
pciide0 at pci0 dev 6 function 0 "Nvidia nForce4 IDE" rev 0xf2: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 7 function 0 "Nvidia nForce4 SATA 1" rev 0xf3: DMA
pciide1: using irq 11 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide2 at pci0 dev 8 function 0 "Nvidia nForce4 SATA 2" rev 0xf3: DMA
pciide2: using irq 10 for native-PCI interrupt
ppb0 at pci0 dev 9 function 0 "Nvidia nForce4 PCI-PCI" rev 0xa2
pci1 at ppb0 bus 1
"VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured
skc0 at pci1 dev 9 function 0 "Marvell SKv2" rev 0x12: irq 5
skc0: Marvell Yukon (0x1)
sk0 at skc0 port A: address 00:04:e2:d7:33:05
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 3
"Nvidia CK804 LAN" rev 0xa3 at pci0 dev 10 function 0 not configured
ppb1 at pci0 dev 11 function 0 "Nvidia nForce4 PCIE" rev 0xa3
pci2 at ppb1 bus 2
ppb2 at pci0 dev 12 function 0 "Nvidia nForce4 PCIE" rev 0xa3
pci3 at ppb2 bus 3
ppb3 at pci0 dev 13 function 0 "Nvidia nForce4 PCIE" rev 0xa3
pci4 at ppb3 bus 4
ppb4 at pci0 dev 14 function 0 "Nvidia nForce4 PCIE" rev 0xa3
pci5 at ppb4 bus 5
vga1 at pci5 dev 0 function 0 "Nvidia Quadro FX 330" rev 0xa2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00
pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
rd0: fixed, 3584 blocks
wd0: no disk label
dkcsum: wd0 matches BIOS drive 0x80
root on rd0a
rootdev=0x1100 rrootdev=0x2f00 rawdev=0x2f02
uhidev0 at uhub0 port 2 configuration 1 interface 0
uhidev0: vendor 0x0430 product 0x0005, rev 1.10/2.00, addr 2, iclass 3/1
ukbd0 at uhidev0
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub0 port 6 configuration 1 interface 0
uhidev1: vendor 0x0430 product 0x0100, rev 2.00/1.07, addr 3, iclass 3/1
uhid at uhidev1 not configured
umass0 at uhub1 port 4 configuration 1 interface 0
umass0: vendor 0x0457 USB Mass Storage Device, rev 2.00/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  SCSI2 0/direct 
removable

sd0: 1000MB, 1000 cyl, 64 head, 32 sec, 512 bytes/sec, 2048000 sec total

Re: Anyone tried a sun fire X2100 server yet?

[Mike]

Martin Schrvder wrote:

On 2005-11-09 22:24:41 -0500, Mike wrote:


cpu0: AMD Opteron(tm) Processor 148, 1005.28 MHz



1Ghz? So slow? :-)



Good catch.  The dmesg came from an install CD from a couple months old 
snapshot... It really is a 148, not sure where the 1GHz came from.



Mike

Re: Anyone tried a sun fire X2100 server yet?

[Mike]

JD Harrington wrote:

Mike wrote:

I don't know how similar the Ultra20 and X2100 are, but here's dmesg 
output from an Ultra20:


This is completely off-topic, but how do you like the Ultra 20 overall? 
I need a new workstation for home, 



First, I should have mentioned that I added the sk (4) to this system --
it didn't come that way from the factory.  Sorry if that caused anyone
confusion.

My opinion: I like it.  In fairness, I've generally had a high opinion 
of Sun hardware quality.  The Ultra20 is no exception.  This is
the first amd64 workstation I've used, and it IS fast.  I'm sure you 
could get the same or similar components from another manufacturer (or 
build it yourself), but I'm not sure you'd save yourself much.


The upgraded video card has an odd connector, then a Y cable that
splits into two DVI outputs.  Maybe that's common these days -- I
haven't played with new video toys in a while.  I put a DVI-VGA adapter
on one of them and moved on...

It's USB only for keyboard and mouse, and there's no serial.
 I run mine in a noisy computer room, so I can't tell you how loud it
would in your home.

Aside from that, nothing unexpected -- just a fast, well-made system.


Cheers,

Mike

Re: Upgrading questions

[mike]

On Tue, 4 Jul 2006 00:34:53 -0700 (PDT)
Rob Baldassano <[EMAIL PROTECTED]> wrote:

> I have been running OpenBSD 3.6 since the day it came out, and am now
> in need up going to 3.9
> 
> The question is: 
> What upgrade issues have folks run into? 
> I'm running it on a DELL desktop. 
> 
> BTW, some of the reasons I want to upgrade: 
> 1. Support for PHP in the Apache mods.
> 2. Increased security
> 3. webmail
> 4. I REALLY want to get the Xwindows environment working (never did
> on 3.6) 5. I'm looking to expand some functionality and want to
> include things like: PHP, MySQL, Apache, a PHP based store front,
> Java - if it's available yet, and general "client side functionality"
> 6. So that I can deploy my current windows box as a backup server (It
> sucks  low memory and CPU for windows, but I know OpenBSD will
> run fine on it -- I hope). 
> 
> 
> So... Any hints, pitfalls, suggestions that people have run into
> before? in general is it safe to do an Upgrade? a former co-worker
> says "NO don't do that, never trust upgrades". I tend to disagree. 
> 
> Thanks, 
> --Rob
> 
> 
> - 
>  
> Eirik Goransson / Rob Baldassano
> Member, Barony of Endless Hills; 
> House Odlahorde; 
> Viking & All around Good Egg ; 
> VROC #5029 (Tigger)
> come visit http://www.dracowolf.com 
> Yahoo! Music Unlimited - Access over 1 million songs.Try it free. 
> 
> 
why don't you start here:
http://www.openbsd.org/faq/upgrade39.html

Re: vlan configuration: off-topic

[Mike]

Hey Brian,



I read your post about removing dell switches from your network.  



Just curious which models are you referring to?



And what problems have run into using dell switches?



Thanks,

Mike

Sent via BlackBerry from T-Mobile



-Original Message-

From: "Brian A. Seklecki (Mobile)" <[EMAIL PROTECTED]>



Date: Fri, 18 Jan 2008 10:26:08 

To:misc 

Subject: Re: vlan configuration: off-topic





On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote:

> Dear gentleman,

> 

> i am starting with vlan topic right now. I am in need to get two dell

> powerconnect 2724 switches to implement 3 vlan. I know how to



The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1)

wont transmit VLAN 1 as tagged (per spec).



The work around is to assign VLAN1's IP on your *BSD gear to the

physical interface of your VLAN trunk.



I'm about to remove the last of any/all Dell switches from my network --

an announcement which I'm sure Dell will censure from their forums.



Ass - Holes.



~BAS

Re: BDB simple program compile problem

[mike]

> # cc t2.c


To compile use cc -I/usr/local/include/db -o t2 t2.c -L/usr/local/lib/db -ldb
-Mike

Re: PC Camera?

[Mike]

did you try lsusb ?

is anything reported through lsusb?

also look in your syslog while your attaching the usb cam.

hope this helps.

peace,


On Sun, Mar 23, 2008 at 5:59 PM, Sunnz <[EMAIL PROTECTED]> wrote:

> 2008/3/23, Girish Venkatachalam <[EMAIL PROTECTED]>:
> > -BEGIN PGP SIGNED MESSAGE-
> >  Hash: SHA1
> >
> >
> >  On 22:59:31 Mar 23, Sunnz wrote:
> >  > Well well, I am basically interested to set up a home monitoring
> >  > system with a PC, OpenBSD, and a Webcam... PC and OpenBSD I had it
> >  > going, but what about the webcam? Are there much webcam support for
> >  > it?
> >  >
> >  > I have plugged in my old webcam in to the USB port just to see what
> >  > gives... it reports the ugen0 device, Vimicro Corp. PC Camera, rev
> >  > 1.10/1.00, addr 10... if it got this far instead of being "not
> >  > configured", does it mean it has some support for it?
> >  >
> >  > What should I do next?
> >
> >
> > What should you do next?
> >
> >  Wait for webcam support to be added. Short of that I have no other
> >  advice.
> >
> >  Perhaps one of these days someone will do it.
> >
> >  I too want this. If it comes to it I might do it but don't count on it.
> >
> >  - -Girish
> >
> >  - --
> >  "unix soi qui mal y pense"
> >
> >  UNIX to him who evil thinks
> >
> >  +--+
> >  | GnuPG key  : 0x48E0DA0A  |  http://wwwkeys.nl.pgp.net|
> >  | Fingerprint:  B9AF 854C 154F DB3D BF33  2C2D 0FDF 3BAD 48E0 DA0A |
> >  +--+
> >  iD8DBQFH5k5XD987rUjg2goRAn5bAJ9+v0od4wC/3C0o01r2TGQoGQm1lQCdGVe5
> >  1X9o34I8SYPgcOUQuWexaDM=
> >  =durj
> >  -END PGP SIGNATURE-
> >
> >
>
> Ah, I guess my question is, what is missing link here... like... do we
> need driver for this to function? Do we need documentation to webcams
> so dev can write driver for it... or is a port missing that can
> actually take videos?
>
> --
> This e-mail may be confidential. It may also be legally privileged.
> You may not copy, forward, distribute, disclose, or, use any part of
> it. If you haveb(received this message in error, please delete it and
> all copies from your systemb(and notify the sender immediately by
> return e-mail. Internet communicationsb(cannot be guaranteed to be
> timely, secure, error, or, virus-free. The sender do not accept
> liability for any errors, or, omissions. Nevertheless, this text has
> no effective legal binding on your part. There is no obligation to
> abide any or all parts of this, just as any texts appended to e-mail
> on rest of the Internet.

Re: IPv6 LAN -> IPv4 Internet

[Mike]

My question might take this thread else where's,  why hasn't the internet 
community adopted ipv6?  



ipv6 wasn't it to replace ipv6?



And what are the pros vs cons to using internal ipv6 on ones net work?



Peace,

Sent via BlackBerry from T-Mobile



-Original Message-

From: Henning Brauer <[EMAIL PROTECTED]>



Date: Thu, 20 Mar 2008 12:56:13 

To:misc@openbsd.org

Subject: Re: IPv6 LAN -> IPv4 Internet





* Jonathan Schleifer <[EMAIL PROTECTED]> [2008-03-19 15:29]:

> "Barry Commander" <[EMAIL PROTECTED]> wrote:

> 

> > I basically want the IPv6 clients on my LAN to be able to access IPv4

> > servers on the

> > internet transparantly - the router doing the IPv6->IPv4/IPv4->IPv6

> > conversion.

> 

> You'd have to use IPv4 inside then LAN and NAT at the router as well for

> that to properly work. There was some way to map IPv4 adresses inside

> the IPv6 space, but IIRC, there were some issues with it.



yes, but that is totally unrelated.



faithd is made for that purpose.



-- 

Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]

BS Web Services, http://bsws.de

Full-Service ISP - Secure Hosting, Mail and DNS Services

Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam

Re: Logging failed SSH users and the passwords they typed

[Mike]

HDC,

I am interested in finding out more of how to setup something like that .



On Wed, Apr 23, 2008 at 4:06 PM, HDC <[EMAIL PROTECTED]> wrote:

> I have 3 sshd deamons in my border firewall, 2 in no common ports for
> my use, and 1 on default port (without real access) for "prevention
> statistics".
> Depending of the "prevention statistic" I design de security policy to
> SSH and passwords.
>
> It nice to see the statistics of ilegal access on the default port of
> your sshd :)
>
> Greetings,
> Hernan
> OpenBSDeros.org
>
> On Wed, Apr 23, 2008 at 11:12 AM, Peter N. M. Hansteen <[EMAIL PROTECTED]>
> wrote:
> > "Ed Ahlsen-Girard" <[EMAIL PROTECTED]> writes:
> >
> > > When I was getting brute forced that way I just turned off remote
> password
> > > login and use keypairs exclusively.
> > >
> > > Which won't work for everybody, I guess.
> >
> > plus, of course, the fact that overload + flush global is fun to watch
> >
> > - P
> > --
> > Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> > "Remember to set the evil bit on all malicious network traffic"
> > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> >
> >
>
>
>
> --
> # /dev/hdc
> -> OpenBSDeros.org
> hdc [at] openbsderos [dot] org

Problems going from 4.3-release to -stable

[Mike]

Hello,

After a fresh install of obsd on a new server, I cannot update my system 
to -stable.


The src has been obtained from cvs in the usual manner.

Here is the error :-

# cd /usr/src/sys/arch/sparc64/conf/
# ls
CVS GENERIC.MP  RAMDISK RAMDISKU5
GENERIC Makefile.sparc64RAMDISKU1   files.sparc64
# config GENERIC
../../../../conf/files:1005: syntax error
../../../../conf/files:1006: syntax error
../../../../conf/files:1007: syntax error
../../../../conf/files:1008: syntax error
../../../../conf/files:1009: syntax error
../../../../conf/files:1010: syntax error
../../../../conf/files:1011: syntax error
../../../../conf/files:1012: syntax error
../../../../conf/files:1013: syntax error
../../../../conf/files:1014: syntax error
../../../../conf/files:1015: syntax error
../../../../conf/files:1016: syntax error
../../../../conf/files:1017: syntax error
../../../../conf/files:1018: syntax error
../../../../conf/files:1019: syntax error
../../../../conf/files:1020: syntax error
../../../../conf/files:1021: syntax error
../../../../conf/files:1022: syntax error
../../../../conf/files:1023: syntax error
../../../../conf/files:1024: syntax error
../../../../conf/files:1025: syntax error
../../../../conf/files:1026: syntax error
../../../../conf/files:1027: syntax error
../../../../conf/files:1028: syntax error
../../../../conf/files:1029: syntax error
../../../../conf/files:1030: syntax error
../../../../conf/files:1031: syntax error
../../../../conf/files:1032: syntax error
../../../../conf/files:1033: syntax error
../../../../conf/files:1034: syntax error
../../../../conf/files:1035: syntax error
../../../../conf/files:1036: syntax error
../../../../conf/files:1037: syntax error
../../../../conf/files:1038: syntax error
*** Stop.
# uname -a
OpenBSD atom 4.2 GENERIC#1427 sparc64

Am i missing something obvious?  This has not occured on 4.2

Cheers, Mike

Re: Problems going from 4.3-release to -stable

[Mike]

Ignore that question, the 'obvious' has come and hit me in the face after 
scratching my head for 4 hours, answer - I have installed 4.2 and not 4.3 
hence it wont build

Sorry guys!

On Thu, 8 May 2008, Mike wrote:


Hello,

After a fresh install of obsd on a new server, I cannot update my system to 
-stable.


The src has been obtained from cvs in the usual manner.

Here is the error :-

# cd /usr/src/sys/arch/sparc64/conf/
# ls
CVS GENERIC.MP  RAMDISK RAMDISKU5
GENERIC Makefile.sparc64RAMDISKU1   files.sparc64
# config GENERIC
../../../../conf/files:1005: syntax error
../../../../conf/files:1006: syntax error
../../../../conf/files:1007: syntax error
../../../../conf/files:1008: syntax error
../../../../conf/files:1009: syntax error
../../../../conf/files:1010: syntax error
../../../../conf/files:1011: syntax error
../../../../conf/files:1012: syntax error
../../../../conf/files:1013: syntax error
../../../../conf/files:1014: syntax error
../../../../conf/files:1015: syntax error
../../../../conf/files:1016: syntax error
../../../../conf/files:1017: syntax error
../../../../conf/files:1018: syntax error
../../../../conf/files:1019: syntax error
../../../../conf/files:1020: syntax error
../../../../conf/files:1021: syntax error
../../../../conf/files:1022: syntax error
../../../../conf/files:1023: syntax error
../../../../conf/files:1024: syntax error
../../../../conf/files:1025: syntax error
../../../../conf/files:1026: syntax error
../../../../conf/files:1027: syntax error
../../../../conf/files:1028: syntax error
../../../../conf/files:1029: syntax error
../../../../conf/files:1030: syntax error
../../../../conf/files:1031: syntax error
../../../../conf/files:1032: syntax error
../../../../conf/files:1033: syntax error
../../../../conf/files:1034: syntax error
../../../../conf/files:1035: syntax error
../../../../conf/files:1036: syntax error
../../../../conf/files:1037: syntax error
../../../../conf/files:1038: syntax error
*** Stop.
# uname -a
OpenBSD atom 4.2 GENERIC#1427 sparc64

Am i missing something obvious?  This has not occured on 4.2

Cheers, Mike

Re: External Bridging Access Point Recommendations?

[Mike]

I've used openwrt on a bridged linksys wrt54gl with good results.
This method lets me have an obsd access point with wpa.
hth,
mike

http://wiki.openwrt.org/BridgingAccessPointHowto?highlight=%28HowTo%29


On Sun, Jan 21, 2007 at 06:48:53PM -0500, [EMAIL PROTECTED] wrote:
> I've been having issues with my Atheros-based wirless card operating in
> HostAP mode for several weeks now, and between that and the fact that
> my wife's Acer/WinXP laptop never worked with our previous Prism
> 2.5-based card (and only intermittenly with the Atheros card), I'm
> getting to the point that I'd like to just go with an external bridging
> access point, so I no longer have to worry about compatibility,
> different chipsets on different versions of a card, etc.
>
> Before I go out and spend my money, though, I'd like to hear any
> success stories my fellow OpenBSD users may have with such devices. If
> possible, I'd prefer to send my dollars to a vendor who's been friendly
> about documentation and/or other aspects of working with OpenBSD,
> though my primary concern is reliability. If you've got a horror story
> or vendor/product I should pay particular attention to avoiding, I'm
> interested in that, too.
>
> Thanks in advance for any info you can pass along. Hopefully others on
> the list will benefit equally from your knowledge.
>
> Alex Kirk

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: "Correct" directory for group files

[mike]

On Sun, 19 Feb 2006 16:19:01 -0500
William Kranec <[EMAIL PROTECTED]> wrote:

> Hi,
> 
> I have a photo collection which I would like multiple users to be
> able to access, and I would like to do this by storing the files in a
central location on my disk and linking /home/$USER/photos to that
directory.
> 
> Where is the most appropriate place in the filesystem for this
> directory?  I've considered both /home/photos and /var/photos, but
> I'm not quite if one is better than the other, or if it just doesn't
> make a difference.
> 
> Any advice would be appreciated.
> 
> Thanks,
> 
> Bill
> 
> 

I'm partial to /pub

Re: ADSL with pppoa (over ATM)

[mike]

On Tue, 21 Mar 2006 20:53:41 +
Simon Slaytor <[EMAIL PROTECTED]> wrote:

> Half Bridge mode is your friend here.
> 
> Not sure if the D-Link supports this mode however, Google is less
> than helpful. Essentially in half bridge mode the modem handles the
> PPPoA authentication with the ISP, as in NAT mode obtaining an IP
> address from the remote provider as normal. Unlike NAT mode however
> the modem then leases out this exact same IP address to the connected
> ethernet host, thereby presenting the external IP directly to your
> external ethernet port. Finally the modem begins to transparently
> bridge the ADSL/Ethernet connections.
> 
> I can vouch for Zoom X3/4 and ADSL Nation X-Modems working in this
> mode without issue.
> 
> 
My Aethra Starbridge-EU works fine in half-bridge, although I had to
set VCI=0 in the modem, whatever that is.

I would much rather have my ext_if assigned the routable ip, and do all
of the nat and rdr from pf :)

Mike

Re: ADSL with pppoa (over ATM)

[mike]

On Wed, 22 Mar 2006 11:14:07 +
Craig Skinner <[EMAIL PROTECTED]> wrote:

> On Wed, Mar 22, 2006 at 04:29:56AM -0600, mike wrote:
> > > 
> > My Aethra Starbridge-EU works fine in half-bridge, although I had to
> > set VCI=0 in the modem, whatever that is.
> 
> You need to set the VPI & VCI, encapsulation & modulation. It is
> different for many countries depending on how the telcos deceide to
> run their network. See:
> 
> http://www.patton.com/support/faqs_detail.asp?id=142
> http://www.adslguide.org.uk/qanda.asp?faq=DSLHardware
> 
I was mistaken, my VPI=0, VCI=35 per my ISP. 
Note that this is in Wisconsin, USA, so the above link's table is not
quite correct, as it lists the USA's VPI as 8, which also was the
modem's default.
> > 
> > I would much rather have my ext_if assigned the routable ip, and do
> > all of the nat and rdr from pf :)
> 
> As you seem to have a static IP on the router's WAN, your ISP will
> probably be able to provide a /30 routeable LAN for the asking!
> 
> eg: I have 84.19.247.29/32 on the WAN of the router, and
> 84.19.247.232/29 as a routeable LAN.
> 
> 
A /30 would be nice, but I have no complaints with a dynamic /32,
dyndns, and then rdr'ing ssh & smtp via pf.

Re: Limit number of login sessions

[Mike]

just curious why the pf solution would not work for you?



On Sun, Sep 21, 2008 at 2:16 AM, Maximo Pech <[EMAIL PROTECTED]> wrote:
> Hi I'm looking for a way to configure a limit for the maximum number of
> simultaneous login sessions for a user. I want to do this for preventing
> users to create multiple ssh sessions. I think something similar can be done
> trough pf, but that's not the approach I'm looking for.

ntpd constraints and RFC4193 IPv6 addresses

[Mike]

Using OpenBSD 5.8-current (GENERIC) #0, amd64

I have a simple ntpd.conf:

 server 10.20.1.1
 constraints from "https://www.google.com";


The ifconfig for the NIC in question is:

% ifconfig em0
em0: flags=8843 mtu 1500
lladdr 00:22:68:99:41:8e
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.20.1.150 netmask 0xff00 broadcast 10.255.255.255
inet6 fe80::222:68ff:fe99:418e%em0 prefixlen 64 scopeid 0x1
inet6 fdcf:b715:2f4d:1::150 prefixlen 64



I noticed in my pf logs that a RFC4193 IPv6 address was trying to access
google.  My understanding is that the RFC4193 addresses, while routable,
should not be routed over the global Internet.  Fortunately, I block/log
all such attempts at my firewall.

Here's one of the log records:

 pf: rule 1..16777216/0(match): block out on em0:
  fdcf:b715:2f4d:1::150.3664 > 2607:f8b0:4004:808::1012.443: tcp 0


The 2607 address is google's, which was my first clue when I started to
backtrace the source of the traffic.



So my question is --- should ntpd's constraint traffic use the NIC's
IPv4 address when there is no globally routable IPv6 address available?
 Is there something else I need to configure to nudge ntpd's constraint
traffic in the correct direction?

top crash - pledge issue?

[Mike]

OpenBSD 5.8-current (GENERIC) #1: Tue Oct 27 12:31:10 EDT 2015
m...@otest.24cl.home:/usr/src/sys/arch/amd64/compile/GENERIC


I didn't see anything in current.html that may affect this.

I downloaded the Oct 20 snapshot.  Then I updated the source to current
this morning.  After the build, top crashes immediately upon invocation.

# top
Abort (core dumped)


In messages.log, I see two lines:

Oct 27 14:52:22 otest /bsd: top(12603): sysctl 2: 1 40 -2129088583 -1
981777920 -255

Oct 27 14:52:22 otest /bsd: top(12603): syscall 202 "stdio"


which looks like it may be pledge output.

If I need to do something else to track this let me know.  I can make
the core dump available to download, if needed.

thx.

Re: Configure NTP servers from DHCP response?

[Mike]

On 12/15/2015 3:23 AM, Stuart Henderson wrote:
> On 2015-12-14, Mark Carroll  wrote:
>> I'm using the dhclient and ntpd from base OpenBSD 5.8. Given the
>> apparent lack of dhclient-script or suchlike, I've added a line to the
>> end of my hostname.if file so that, after dhcp, I have another line,
>>
>> !/usr/local/sbin/dhcp-ntp-update \$if
>>
>> where dhcp-ntp-update is a little Perl script I added that just reads
>> /var/db/dhclient.leases.: if ntp-servers are listed then it writes
>> them into /etc/ntpd.conf and restarts ntpd.
>>
>> It seems to work fine. Is this what I should have done, or was there
>> something easier? I'm guessing that wanting to set ntpd's servers based
>> on what the DHCP server told the system is a fairly typical use case but
>> I didn't see anything canned for this. (I'm trying to use what's
>> included in the base system rather than just adding the packages for
>> whatever I was used to using elsewhere.)
> 
> I don't think there's an easier way without modifying dhclient (and the
> latter is tricky with the current privilege model as it would need to
> at least signal ntpd to restart).
> 
> The optional file that you can have written with "dhclient -L" may be
> a little better than dhclient.leases as then you can be sure the address
> is from a current lease.
> 

In the example mentioned above, does the command

!/usr/local/sbin/dhcp-ntp-update \$if

run every time dhclient renews the lease, or just the first time a lease
is acquired upon system start up?

panic in Dec 23 snapshot

[Mike]

I just downloaded and installed the Dec 23 snapshot.  The install goes
fine.  However, when I reboot and sit at the login: prompt for a few
seconds, a panic screen appears.  I could't capture the screen, so I
took a picture of it.

The picture of the screen is here:

 https://archive.mgm51.com/OpenBSD5.9-current-20151223-snapshot.jpg


The install was all the defaults, using dhcp for IPv4 and rtsol for IPv6.

If there's anything I can provide, let me know.


I could not get a dmesg before the panic occurred, so here's the dmesg
taken with the live shell:


OpenBSD 5.9-beta (RAMDISK_CD) #1608: Wed Dec 23 01:48:01 MST 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 6348410880 (6054MB)
avail mem = 6154293248 (5869MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (68 entries)
bios0: vendor Dell Inc. version "2.4.0" date 05/24/2007
bios0: Dell Inc. Dell DM061
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT MCFG HPET DUMY SLIC
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz, 2128.29 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 266MHz
cpu0: mwait min=64, max=64, C-substates=0.2, IBE
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpiprt0 at acpi0: bus 3 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus -1 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
memory map conflict 0xbf655c00/0x9aa400
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G965 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82G965 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 "Intel 82G965 Video" rev 0x02
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
"Intel 82G965 Video" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 8 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 8 int 17
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 8 int 22
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb1 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: msi
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel 82572EI" rev 0x06: apic 8 int 16,
address 00:15:17:24:0f:0b
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: apic 8 int 23
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: apic 8 int 17
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x02: apic 8 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: apic 8 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xf2
pci3 at ppb2 bus 3
em1 at pci3 dev 2 function 0 "Intel 82540EM" rev 0x02: apic 8 int 18,
address 00:07:e9:0f:29:cf
em2 at pci3 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 8 int 19,
address 00:07:e9:09:b8:da
"Intel 82801HH LPC" rev 0x02 at pci0 dev 31 function 0 not configured
pciide0 at pci0 dev 31 function 2 "Intel 82801H SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 8 int 20 for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6
"Intel 82801H SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
pciide1 at pci0 dev 31 function 5 "Intel 82801H SATA" rev 0x02: DMA,
channel 0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using apic 8 int 20 for native-PCI interrupt
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay1
umass0 at uhub0 port 3 configuration 1 interface 0 "USB 2.0 Flash Disk"
rev 2.00/11.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI0 0/direct
removable serial.090c10003835
sd0: 967MB, 512 bytes/sector, 1981440 sectors
uhidev0 at uhub5 port 1 configuration 1 i

Re: panic in Dec 23 snapshot

[Mike]

On 12/23/2015 5:44 PM, Theo Buehler wrote:
> [snip]
> The commit that caused this was backed out for now, so the next snapshot
> should be ok:


thanks!

Re: unbound(8) generating too many log messages

[Mike]

On 1/14/2016 2:26 AM, Philippe Meunier wrote:
>[snip]
> The problem is that unbound(8) generates such a pair of messages up to
> 20 times for each root server!  That's 2 lines * 20 times * 13 root
> servers = 520 lines that end up going to syslog.  Then 15 seconds
> later ntpd(8) tries again and you get another 520 lines, and so on.
> This continues until a network interface is configured.  The result is
> that I've accumulated over 16000 lines of log messages like the ones
> above over just the past three days...
>[snip]

That's a big improvement over the way unbound used to be.

I have experienced unbound generating 20,000 log records PER SECOND.
http://marc.info/?l=unbound-users&m=137166462329717&w=2

What you're seeing is the fixed version which, imo, is still excessive
logging.

Re: Unified BSD?

[Mike.]

On 11/12/2012 at 5:20 PM Nick Holland wrote:

|On 11/12/12 15:37, Robin  Björklin wrote:
|
| [snip]
}
|"compromise".  That is almost always an evil word.
|
| [snip]
|
 =

Agreement abounds.

"Compromise" takes two good ideas and results in a mediocre idea that
is in the average of those two good ideas.

Many like a compromised idea, because the idea is exactly that -
compromised.



If your goal is to please as many people as possible, then compromise
is the way to go.

If your goal is to produce outstanding software then, well, you're
gonna have to piss off a few people.

X on sparc64 - weird "sticky return key" problem

[mike]

Hello,

Having recently got my hands on a sun blade 1500 red with a PGX64
graphics card, I installed 5.2 on it and went to configure X.
Everything is working fine, except that like this thread:
http://marc.info/?l=openbsd-misc&m=124135318627156&w=2
the enter key seems to get stuck in X, without a "pattern", or a
way to force it. Sometimes I can unstuck it by pressing it a few
times, and sometimes it won't work. While the key is stuck, the
system still respond to network and mouse, but is slow.
Like the original thread, no problem in console or openboot.

Seeing that there was no answers, I wonder if someone knows
anything about this.

I'll post the dmesg and X.log this week end.

Regards,
Mike

split-logfile

[Mike.]

I've been watching as OpenBSD seems to be moving towards the nginx
webserver, and I've made the switch from apache to nginx for all the
web servers I run.  One thing that was missing from the nginx installs
was the perl script that is used in apache-land to split a single
server access file into separate files for each virtual host -
split-logfile.

So I wrote a c language program with the functionality of
split-logfile, available here:
http://archive.mgm51.com/sources/split-logfile.html

Excessive logging by rtadvd?

[Mike.]

I use OpenBSD 5.2 as a firewall / router connected to my cable modem.
My ISP (Comcast) is rolling out dual-stack IPv6 support.  It has not
yet reached my area, but I am seeing signs of life in the IPv6 area on
my cable modem.  One of the signs of life is the following message
logged in daemon.log every three seconds, all day, every day.


rtadvd[17294]: received RA from fe80::::::1 on
non-advertising interface(fxp0)



Looking through rtadvd.c, I see the following:


/*
 * RA consistency check according to RFC-2461 6.2.7
 */
if ((rai = if_indextorainfo(pi->ipi6_ifindex)) == 0) {
log_info("received RA from %s on non-advertising interface(%s)",
inet_ntop(AF_INET6, &from->sin6_addr, ntopbuf,
INET6_ADDRSTRLEN),
if_indextoname(pi->ipi6_ifindex, ifnamebuf));
goto done;
}



and the "goto done" skips the rest of the consistency checks on the
content of an RA packet.


I looked through RFC-2461 6.2.7, and I don't see anything that would
encourage this type of logging.  That section of the RFC seems to be
more interested in the contents of the RA packets, not the presence of
them on a non-advertising interface.



Is there a needed purpose to this code logging the packets being
received to a non-advertising interface and filling up a log file?

RFC 6204 and ip6.accept_rtadv

[Mike.]

RFC 5204 (Basic Requirements for IPv6 Customer Edge Routers) states:
( http://tools.ietf.org/html/rfc6204#section-4.2 )

WAN-side requirements:

 W-1:  When the router is attached to the WAN interface link, it MUST
   act as an IPv6 host for the purposes of stateless [RFC4862] or
   stateful [RFC3315] interface address assignment.

 W-2:  The IPv6 CE router MUST generate a link-local address and
   finish Duplicate Address Detection according to [RFC4862] prior
   to sending any Router Solicitations on the interface.  The
   source address used in the subsequent Router Solicitation MUST
   be the link-local address on the WAN interface.

 W-3:  Absent other routing information, the IPv6 CE router MUST use
   Router Discovery as specified in [RFC4861] to discover a
   default router(s) and install default route(s) in its routing
   table with the discovered router's address as the next hop.




Do the W-2 and W-3 paragraphs run counter to what OpenBSD allows, i.e.,
do those paragraphs imply that 

  net.inet6.ip6.accept_rtadv=1
  net.inet6.ip6.forwarding=1

be an acceptable configuration?

wsmouse not working after suspend

[mike]

Hello all,

I just received a new ThinkPad E130 and I want to use OpenBSD on it.
Everything works fine but after a suspend/resume cycle, the
touchpad/trackpoint stops working. In the X logs there is:
[62.905] (EE) xf86OpenSerial: Cannot open device /dev/wsmouse0
Device busy.

To get it to work again, I have to kill X. At the moment I kill X,
a message pop up on the console:

wsmouse2 at pms0 mux 0
pms0: Synaptics clickpad, firmware 8.1

And each time I suspend/resume, kill X, the device increments
(wsmouse3, wsmouse4, ...).
Is this a known bug ? Have someone already seen it ?

Mike

OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8280211456 (7896MB)
avail mem = 8052084736 (7679MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae3a000 (50 entries)
bios0: vendor LENOVO version "H4ET91WW (2.51 )" date 01/11/2013
bios0: LENOVO 3358CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG FPDT SSDT SSDT UEFI UEFI
MSDM UEFI DBG2 acpi0: wakeup devices P0P1(S4) EHC1(S3) EHC2(S3)
XHC_(S3) HDEF(S4) RP04(S4) PXSX(S4) RP06(S4) PXSX(S4) BLAN(S4) PEG0(S4)
PEGP(S4) PEG1(S4) PEG2(S4) PEG3(S4) LID_(S4) acpitimer0 at acpi0:
3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0
addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) CPU 997 @ 1.60GHz, 1596.61 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Pentium(R) CPU 997 @ 1.60GHz, 1596.38 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa
0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus
0-63 acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 3 (RP02)
acpiprt4 at acpi0: bus 4 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus 9 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpitz0 at acpi0: critical temperature is 99 degC
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model "45N1059" serial   812 type LION oem "LGC"
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PWRB
cpu0: Enhanced SpeedStep 1596 MHz: speeds: 1600, 1500, 1400, 1300,
1200, 1100, 1000, 900, 800 MHz pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: apic 2 int 16
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 7 Series xHCI" rev 0x04 at pci0 dev 20 function 0 not configured
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2
int 16 usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04:
msi azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 3
vendor "Intel", unknown product 0x0888 (class network subclass
miscellaneous, rev 0xc4) at pci2 dev 0 function 0 not configured ppb2
at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi pci3 at
ppb2 bus 4 rtsx0 at pci3 dev 0 function 0 "Realtek RTS5209 Card Reader"
rev 0x01: msi sdmmc0 at rtsx0
ppb3 at pci0 dev 28 function 5 "Intel 7 Series PCIE" rev 0xc4: msi
pci4 at ppb3 bus 9
re0 at pci4 dev 0 function 0 "Realtek 8168" rev 0x07: RTL8168E/8111E-VL
(0x2c80), apic 2 int 17, address 08:9e:01:99:bf:f4 rgephy0 at re0 phy
7: RTL8169S/8110S PHY, rev. 5 ehci1 at pci0 dev 29 function 0 &q

Re: DHCP server for IPv6

[Mike]

On 6/18/2017 9:20 AM, mabi wrote:
> Hello,
> 
> Does anyone have any recommendations on which package to use on OpenBSD 6.1 
> for a DHCP server for IPv6? AKFAIK the default dhcpd does not do IPv6.

I've used both isc-dhcp (isc-dhcp-4.3.5) and kea (kea-1.1.0) packages on
my home network as an IPv6 DHCP server.

Currently I am using Kea, and plan to stay with it.

Re: Stack clash and OpenBSD

[Mike]

On 6/20/2017 11:29 AM, Luis Coronado wrote:
> If you run -current most likely you already have the patched code, if you
> run -stable 6.1 follow https://www.openbsd.org/faq/faq10.html#Patches:
> 
> "If you're running the -release branch of OpenBSD, you can simply use the
> syspatch(8)  utility to upgrade any files
> in need of security or reliability fixes. This is the quickest and easiest
> method to get the base system up to date. Note that binary patches are only
> available for the amd64 and i386 architectures."
> 
> -l
> 
> On Tue, Jun 20, 2017 at 9:12 AM, Jasper Siepkes 
> wrote:
> 
>> Hi all,
>>
>> I'm trying to determine which action I should take in response to the Stack
>> Clash thing  https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
>> . I
>> suspect that "008: SECURITY FIX: May 19, 2017"
>> (https://www.openbsd.org/errata61.html) is the mitigation for OpenBSD 6.1?
>>
>> On a related note; Does anyone know where can I order my Stack Clash
>> t-shirts
>> and mugs? I'm also really disappointed there is no clever flashy logo :-(.
>>
>> Kind regards,
>>
>> Jasper
>>


Does 008: SECURITY FIX: May 19, 2017 fix the Stack Clash bug?

Or is a fix forthcoming?

Re: IPv6 with wide-dhcpv6

[Mike]

On 7/17/2017 11:09 PM, David Higgs wrote:
>[snip]
> After a good amount of trial and error, it appears that Comcast will only
> dole out a single /128 via DHCPv6.  Annoying but easy enough to work around
> with pf(4) nat-to and some static RFC 4193 prefixes.


I have Comcast as my ISP.

Comcast's IPv6 DHCP, by default, doles out a /128.  If you also want a
prefix delegation, you have to ask for it.  Comcast will give out up to
a /60 prefix delegation.  I ask for and receive a /62.  If you don't
specify a prefix delegation length, you'll get a /64 prefix.

I use the ISC-DHCP dhclient with this patch:
https://archive.mgm51.com/sources/pd-pref.html

It's been running reliably ever since Comcast fired up IPv6 in my area,
i.e., more than three years.

IPv6 is deployed nationwide on Comcast's network for at least a couple
of years now.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[Mike]

On 10/19/2017 11:36 AM, Michael Hekeler wrote:
> Am Thu, 19 Oct 2017 16:32:34 +0200
> schrieb "Christoph R. Murauer" :
> 
>> To the other things spoken here (which I don't quote to keep it more
>> short). Hetzner is a German company, which is part of the EU. There
>> are not so many OpenBSD friendly hoster outside the USA and the EU.
> 
> At the risk of sounding stupid, what is an "OpenBSD friendly hoster"?

For me, that's an easy answer.

An "OpenBSD friendly hoster" is one who knows you are running an OpenBSD
VPS, and doesn't suggest you change iptables settings when talking about
your firewall with their support team.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[Mike]

On 10/19/2017 5:28 PM, Peter Faiman wrote:
> You use OpenBSD, so why are you worried about DMCA? 

Well.. I'll admit that DMCA was the main thrust of the thread.

However, I was replying to the:

   At the risk of sounding stupid, what is an "OpenBSD friendly hoster"?

question that was posed.

But I also have to admit that your reply has sent me into a google
exploratory journey, in which I learned ~stuff~.

Thanks for that.  :)

6.2: dhclient -L option appends, not overwrites

[Mike]

I just upgraded from 6.1 to 6.2 (amd64) and I'm noticing a differing
behavior with dhclient.

I use the -L option to write out the offered and effective leases.

With 6.1, when a lease was renewed, the -L lease file was overwritten
with the new information.

With 6.2, when a lease is renewed, it appears that the new information
is appended to the file specified by the -L option.

I had to implement a workaround in the scan of the lease file for the
information I need, and I've got that working again.  But the lease file
seems be increasing in size with each lease renewal (or when a lease is
obtained via a system reboot).  I had an ISP that put a 5 minute length
on their leases, and I have a concern that a short lease length like
that could generate a large -L lease file due to the appends.

Is this new behavior of appending to the file, rather than overwriting
it, expected behavior?

Thanks.

Re: openbsd in virtualization

[Mike]

> Installing 60 physical servers to give the students something to play
> with is not fun :(
>


I am interested in a simalir situation, how did you achieve the 60 VM's?

BTW, how many VM's can I setup using a fast/supped up laptop in a
@home environment which would be something that one would setup in
work environment.

thanks

Re: Thanks for ksh

[Mike.]

On 9/30/2014 at 1:06 AM Stuart Henderson wrote:

| [snip]
|
|Some other vectors:
|
|dhclient script - the dhclient in base doesn't have scripts any
more,
|so no issue there. Other dhclient implementations still do, unlikely
|to use bash *by default*, though who knows what people may change on
|their systems.
|
| [snip]
 =

Some *distributions* symlink /bin/sh to bash, so even though a script
says #!/bin/sh, it gets bash.

devtree: A utility for printing device trees

[Mike]

There is also dmassage -t which is a package that can be installed.

A christmassy related issue with traceroute

[Mike]

Hi All,

While performing an install and catching up with some Christmas spirited
news, I heard that someone had put a Christmas song in DNS records for our
enjoyment.

Alas, I was disappointed to see that the OpenBSD traceroute seems to munge
the output. :(

To test, run traceroute -m 255 xmas.futile.net

19  ae0-1203.edge00.sov.uk.hso-group.net (46.17.60.117)  105.723 ms
xe-4-1.core00.gs1.uk.hso-group.net (77.75.108.154)  103.314 ms  103.614 ms
20  xoxoxoxoxoxo.ho.ho.ho.xoxoxoxoxoxo (93.89.84.75)  105.471 ms  132.29
ms  107.2 ms
21  xoxoxoxoxoxo.ho.ho.ho.xoxoxoxoxoxo (93.89.84.75)  108.492 ms
xooxooo.v.ooxx (82.133.91.37)  108.058 ms  107.941 ms
22  ooxoxo.mmm.xxoooxo (82.133.91.18)  106.83 ms  108.685
ms  107.696 ms
23  oooxoxooo.e.oooxox (82.133.91.63)  107.973 ms
ooxoxo.mmm.xxoooxo (82.133.91.18)  106.141 ms
oooxoxooo.e.oooxox (82.133.91.63)  108.806 ms
24  oooxoxooo.e.oooxox (82.133.91.63)  107.613 ms
xooxooox.rrr.ooxox (82.133.91.56)  108.305 ms  107.374 ms
25  xooxooox.rrr.ooxox (82.133.91.56)  111.154 ms
oxooxoo.r.oooxooxo (82.133.91.55)  108.526 ms  107.664 ms
26  xoooxo.yyy.oooxxoo (82.133.91.58)  107.733 ms  107.989
ms  107.786 ms
27  xoooxo.yyy.oooxxoo (82.133.91.58)  106.585 ms
ooxoxo.ccc.xoooxoo (82.133.91.96)  107.828 ms  106.856 ms
28  ooxoxo.ccc.xoooxoo (82.133.91.96)  107.588 ms
oxooo.h.oxooox (82.133.91.23)  107.61 ms  108.565 ms
29  oxooo.h.oxooox (82.133.91.23)  107.838 ms  107.937
ms  107.702 ms
30  oxoooxo.i.oooxooxo (82.133.91.60)  107.265 ms
ooxooxoo.rrr.ooxoooxoo (82.133.91.49)  106.525 ms  107.202 ms
31  oxoooxo.i.oooxooxo (82.133.91.60)  107.548 ms  107.774
ms oooxoo.sss.oox (82.133.91.42)  109.753 ms
32  oooxoo.sss.oox (82.133.91.42)  109.124 ms  107.059
ms oooxoooxoo.ttt.xoo (82.133.91.61)  107.594 ms
33  ooxoo.mm.oooxo (82.133.91.34)  105.772 ms
oooxoooxoo.ttt.xoo (82.133.91.61)  108.293 ms  109.012 ms
34  xxoo..oxoo (82.133.91.80)  106.597 ms  105.654
ms  107.52 ms
35  xxoo..oxoo (82.133.91.80)  107.791 ms
oxo.ss.ooo (82.133.91.40)  108.62 ms  106.741 ms
36  ooxooo.xxx.oxo (82.133.91.35)  107.052 ms
oxo.ss.ooo (82.133.91.40)  109.249 ms
ooxooo.xxx.oxo (82.133.91.35)  106.286 ms
37  ooxooo.xxx.oxo (82.133.91.35)  108.768 ms  107.679
ms ox.xxx.xxo (82.133.91.10)  107.724 ms
38  oh.the.weather.outside.is.frightful (82.133.91.41)  107.047 ms
ox.xxx.xxo (82.133.91.10)  107.326 ms
oh.the.weather.outside.is.frightful (82.133.91.41)  108.77 ms
39  but.the.fire.is.so.delightful (82.133.91.19)  107.702 ms
oh.the.weather.outside.is.frightful (82.133.91.41)  106.393 ms
but.the.fire.is.so.delightful (82.133.91.19)  108.201 ms
40  and.since.weve.no.place.to.go (82.133.91.77)  107.784 ms
but.the.fire.is.so.delightful (82.133.91.19)  108.056 ms  107.828 ms
41  and.since.weve.no.place.to.go (82.133.91.77)  106.999 ms
let.it.snow.let.it.snow.let.it.snow (82.133.91.43)  108.463 ms  121.098 ms
42  let.it.snow.let.it.snow.let.it.snow (82.133.91.43)  107.73 ms  107.386
ms xxx (82.133.91.24)  107.646 ms
43  xxx (82.133.91.24)  108.149 ms it.doesnt.show.signs.of.stopping
(82.133.91.36)  106.863 ms  111.677 ms
44  it.doesnt.show.signs.of.stopping (82.133.91.36)  106.86 ms
and.ive.bought.some.corn.for.popping (82.133.91.73)  109.033 ms
it.doesnt.show.signs.of.stopping (82.133.91.36)  109.991 ms
45  the.lights.are.turned.way.down.low (82.133.91.76)  108.123 ms  107.468
ms and.ive.bought.some.corn.for.popping (82.133.91.73)  109.016 ms
46  the.lights.are.turned.way.down.low (82.133.91.76)  110.615 ms
let.it.snow.let.it.snow.let.it.snow (82.133.91.67)  108.396 ms  107.587 ms
47  xxx (82.133.91.38)  108.78 ms let.it.snow.let.it.snow.let.it.snow
(82.133.91.67)  106.134 ms  107.904 ms
48  xxx (82.133.91.38)  108.937 ms when.we.finally.kiss.good.night
(82.133.91.62)  106.634 ms xxx (82.133.91.38)  106.076 ms
49  how.ill.hate.going.out.in.the.storm (82.133.91.45)  108.747 ms  107.71
ms when.we.finally.kiss.good.night (82.133.91.62)  106.428 ms
50  how.ill.hate.going.out.in.the.storm (82.133.91.45)  111.109 ms
but.if.youll.really.hold.me.tight (82.133.91.78)  121.498 ms
how.ill.hate.going.out.in.the.storm (82.133.91.45)  106.965 ms
51  but.if.youll.really.hold.me.tight (82.133.91.78)  107.51 ms
all.the.way.home.ill.be.warm (82.133.91.17)  109.429 ms  107.344 ms
52  xxx (82.133.91.70)  107.918 ms all.the.way.home.ill.be.warm
(82.133.91.17)  108.745 ms xxx (82.133.91.70)  106.146 ms
53  the.fire.is.slowly.dying (82.133.91.95)  10

Re: Blocking facebook.com: PF or squid?

[Mike.]

On 10/19/2013 at 12:27 AM Stefan Wollny wrote:

|Hi there,
|[snip]
|
|My question is on the squid-server I have running at home: What
|would make more sense - blocking facebook.com via pf.conf alike
or are
|there reasons to use squid's ACL instead? Performance? Being
|ultra-paranoid and implementing both (or even additionally the
|hosts-file-block?)? From my understanding squid should not be
able to
|block https-traffic as it is encrypted - or am I wrong here?
|
|Curious if there is a particular (Open)BSD solution or simply
how you
|'guys and gals' would do it.
 =


I put privoxy between the browser and squid on my home network.
The privoxy mailing list has discussion about blocking facebook.

Additionally, if you're running firefox, look to see if the
ghostery plug-in would work for you.

Re: Blocking facebook.com: PF or squid?

[Mike.]

On 10/18/2013 at 8:41 PM Chris Cappuccio wrote:

|i'd imagine that putting 'www.facebook.com' in your hosts file
will do it,
|unless the browser ignores /etc/hosts
|
|[snip]
 =


Don't forget to also block  fbcdn.com, fbcdn.net and fb.com

Tiny characters on screen with drm (radeon)

[Mike.]

Yesterday I loaded OpenBSD 5.5-current on an old notebook (ThinkPad
a31p).  I had not used OpenBSD on that particular notebook for a few
years.   I run OpenBSD in character-based command line mode.

The screen on the notebook is a dense 1600x1200 pixels on 12x9
inches.  Something called drm is giving me 132x50 characters on the
screen.   Tiny, little characters in a serif font.   These old eyes
need larger characters.  :)

I've looked and searched, but I've been unable to find a way return
to the usual 80x25, or even 80x40, screen setup.  Is it possible to
change the font in drm?  Is it possible to disable drm and get back
the 80x25 screen?

Thanks.


dmseg:

OpenBSD 5.5-current (GENERIC) #0: Fri Mar 21 22:31:58 EDT 2014
r...@a31p.24cl.home:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 Mobile CPU 1.70GHz ("GenuineIntel"
686-class) 1.70 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFL
USH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PERF
real mem  = 1072656384 (1022MB)
avail mem = 1042726912 (994MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/05/05, BIOS32 rev. 0 @
0xfd7e0, SMBIOS rev. 2.31 @ 0xe0010 (51 entries)
bios0: vendor IBM version "1GET40WW (1.12 )" date 04/05/2005
bios0: IBM 2653H4U
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT BOOT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) PCI0(S4) PCI1(S4)
DOCK(S4) USB0(S3) USB1(S3) USB2(S3) AC97(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0: C3, C2, FVS, 1700, 1200 MHz
acpipwrres0 at acpi0: PUBS, resource for USB0, USB1
acpitz0 at acpi0: critical temperature is 94 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model "IBM-COMPATIBLE" serial 17772 type LION
oem "PS"
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: DOCK not docked (0)
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xdc000/0x4000! 0xe/0x1
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x04
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0xe000, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x04
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 0 function 0 "ATI FireGL Mobility 7800 M7" rev
0x00
drm0 at radeondrm0
radeondrm0: irq 11
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq
11
uhci1 at pci0 dev 29 function 1 "Intel 82801CA/CAM USB" rev 0x02: irq
11
uhci2 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq
11
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
2:0:0: mem address conflict 0x5000/0x1000
2:0:1: mem address conflict 0x5010/0x1000
cbb0 at pci2 dev 0 function 0 "Ricoh 5C476 CardBus" rev 0xa8: irq 11
cbb1 at pci2 dev 0 function 1 "Ricoh 5C476 CardBus" rev 0xa8: irq 11
"Ricoh 5C552 Firewire" rev 0x00 at pci2 dev 0 function 2 not
configured
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VE" rev 0x42, i82562:
irq 11, address 00:0e:
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 6 device 0 cacheline 0x0, lattimer 0xb0
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: 
ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801CA/CAM SMBus" rev 0x02:
irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801CA/CAM AC97" rev 0x02:
irq 11, ICH3 AC97
ac97: codec id 0x41445348 (Analog Devices AD1881A)
ac97: codec features headphone, Analog Devices Phat Stereo
audio0 at auich0
"Intel 82801CA/CAM Modem" rev 0x02 at pci0 dev 31 function 6 not
configured
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci2: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard
pms0 a

Re: Tiny characters on screen with drm (radeon)

[Mike.]

On 3/22/2014 at 4:43 PM Stuart Henderson wrote:

|On 2014-03-22, Mike.  wrote:
|> I've looked and searched, but I've been unable to find a way
return
|> to the usual 80x25, or even 80x40, screen setup.  Is it possible
to
|> change the font in drm?  Is it possible to disable drm and get
back
|> the 80x25 screen?
|
|Not sure about changing fonts or char size, but you can disable drm:
|
|config -ef /bsd
|disable radeondrm
|quit
|
|(for your case; others need "disable inteldrm").
|
|You also need this if you've got a machine which boots with the
monitor
|powered off (or has no vesa ddc) and the default 1024x768 resolution
isn't
|supported by the monitor.
 =


Many thanks.  That brought me back to 80x25, which is OK for my
needs.

split-logfile

[Mike.]

I noticed there was a commit this morning that removed apache from
current.  Among the removed was the appache support directory,
usr.sbin/httpd/src/support, which included the split-logfile perl
script.

A few months ago, I wrote a drop-in c-language replacement for that
perl script.  My source code is available under the BSD license.

If you are interested, the source lives here:

http://archive.mgm51.com/sources/split-logfile.html

Re: Suggestion: new webpage for openbsd.org

[Mike]

On 5/19/2016 6:03 PM, jungle Boogie wrote:
>[snip]
> 
> I find this page easier to read 

I'm having difficulty understanding the seemly wholesale rush toward
low-contrast and [sometimes] nearly-illegible [very light grey on white]
text on "modern" web pages.

LibreSSL, openssl.cnf and using ENV to pass values

[Mike]

First, some quick background.

I wrote some scripts to help me manage a self-signing cert authority for
my home network, partly to use the certs and partly to learn about TLS
and such.

The CA is currently running on FreeBSD (AMD64, 10.3) using OpenSSL.  I
have wanted to move it over to LibreSSL, so I started to look into that
aspect.  I installed the LibreSSL port of FreeBSD and started testing
the scripts.

I immediately ran into a problem, values did not seem to be passed into
the openssl config file via the environment.  It worked with OpenSSL but
not with LibreSSL.

Wanting to eliminate one factor, I moved the testing over to OpenBSD
(AMD64, current).  I still see the issue.

The command I run, and the resulting error message are:

===
/usr/bin/openssl req -new -newkey rsa:4096 -text -subj
/C=US/ST=State/L=Area/O=Disorganized/OU=InternetServices/emailAddress=c...@example.com/CN=zCA
-reqexts ca_req -config /usr/local/etc/zca/zca-openssl.conf -keyout
/var/zca/private/zca-key.pem -out /var/zca/ca-certs/zca-req.pem

error on line 4 of /usr/local/etc/zca/zca-openssl.conf
2020983463892:error:0E065068:configuration file
routines:STR_COPY:variable has no
value:/usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/conf/conf_def.c:573:line
4
===


The first few lines of zca-openssl.conf are:

===

[ zca ]

certs   = $ENV::zca_CertsDBDir
new_certs_dir   = $certs
database= $ENV::zca_IndexFile
serial  = $ENV::zca_SerialFile
crldir  = $ENV::zca_CRLDir
crlnumber   = $ENV::zca_CRLNumberFile
===

(line #4 starts with "certs")


Before the command is run, the values are exported to the environment:

===
# export all the variables that ${mc_OpenSSLConfig} file requires
export zca_CertsDBDir=${mc_CertsDBDir}
export zca_IndexFile=${mc_IndexFile}
export zca_SerialFile=${mc_SerialFile}
export zca_CRLDir=${mc_CRLDir}
export zca_CRLNumberFile=${mc_CRLNumberFile}
export zca_CRL_URI=${CRL_URI}

env | grep zca
===

The env command shows the correct values in the environment at this point.

As I mentioned earlier, OpenSSL has no issues with this, but LibreSSL
picks up an error.  The error is probably right in front of my eyes, but
I cannot find it.  What am I doing wrong?

The full script and conf files can be downloaded from my site:
https://archive.mgm51.com/cache/zca-otest.tar.gz

thx.

Re: LibreSSL, openssl.cnf and using ENV to pass values

[Mike]

On 7/28/2016 10:57 AM, Theo de Raadt wrote:

> 
> ENV support was removed entirely.
> 
> A few people found convenient ways to use that hack.  
> 
> However, the support is baked in -- unavoidable -- and occurs in all
> library use-contexts. In some of those contexts, this environment
> variable support is super dangerous.
> 
> Since we cannot toggle support on & off based upon the usage case and
> provide selective security -- the support was removed.
> 
> Imagine if libc had a pile of environment variables that behaved like
> this.  If the practice is is unsafe in a library like libc, then it
> should be looked at with an equally critical eye in a library used for
> security purposes...


Ahhh... OK.  Makes sense (and the background explanation you give is
precisely the reason why I'm moving to LibreSSL)

I'll do what I need to do without the ENV stuff.

Thanks for the quick reply!


(as an aside to anyone reading this a few months from now, I've taken
down the download file from my server)

Difficulty compiling 6.0 on amd64 ...

[Mike]

I'm trying to compile the source for 6.0 release, and I'm running into a
100% reproducible error.  The error is the following:

ld  -nostdlib -Bstatic -Ttext 0x40120 -N -x -nopie -melf_i386
-L/usr/libdata -o boot.new srt0.o conf.o boot.o bootarg.o cmd.o vars.o
gidt.o random_i386.o cmd_i386.o dev_i386.o exec_i386.o gateA20.o
machdep.o bioscons.o biosdev.o diskprobe.o memprobe.o time.o softraid.o
alloc.o ctime.o exit.o getchar.o memcmp.o memcpy.o memset.o printf.o
putchar.o snprintf.o strcmp.o strerror.o strlen.o strncmp.o strncpy.o
strtol.o strtoll.o close.o closeall.o cons.o cread.o dev.o disklabel.o
dkcksum.o fstat.o lseek.o open.o read.o readdir.o stat.o elf32.o elf64.o
loadfile.o ufs.o aes_xts.o explicit_bzero.o hmac_sha1.o pbkdf2.o
rijndael.o sha1.o divdi3.o moddi3.o qdivrem.o strlcpy.o adler32.o
crc32.o inflate.o inftrees.o
.text has incorrect file offset 0x140 (should be 0x120)
.data has incorrect file offset 0x11334 (should be 0x11314)
*** Error 1 in sys/arch/amd64/stand/boot (Makefile:62 'boot': @perl
/usr/src/sys/arch/amd64/stand/boot/../boot/check-boot.pl boot.new)
*** Error 1 in sys/arch/amd64/stand (:48 'all')
*** Error 1 in sys/arch/amd64 (:48 'all')
*** Error 1 in sys (:48 'all')
*** Error 1 in . (:48 'all')
*** Error 1 in /usr/src (Makefile:82 'build')



Here's how I got to that point:

as root

 user mod -G wsrc user


as user...

 cd /usr && cvs -d anon...@anoncvs3.usa.openbsd.org:/cvs up -r
OPENBSD_6_0_BASE -Pd src

 cd /usr/src/sys/arch/amd64/conf

 config GENERIC.MP

 cd ../compile/GENERIC.MP

 make clean && make

 su

 ( need to be in the right directory, cd
/usr/src/sys/arch/amd64/compile/GENERIC.MP )


as root

 make install

 shutdown -r now


as user

 cd /usr/obj && mkdir -p .old && doas /bin/mv * .old && doas /bin/rm -rf
.old &

 cd /usr/src && make obj

 cd /usr/src/etc && doas /usr/bin/env DESTDIR=/ make distrib-dirs

 cd /usr/src && make SUDO=doas build


Everything goes OK until about an hour into that last command:

cd /usr/src && make SUDO=doas build


That's when the error appears.  I've no idea what I'm doing wrong, I
know I must be overlooking something obvious.  I've not had issues
compiling from source in the past.

Any ideas?





doas.conf:

permit nopass user as root cmd /bin/rm
permit nopass user as root cmd /bin/mv
permit nopass user as root cmd /usr/bin/env
permit nopass user as root cmd make



dmesg:

OpenBSD 6.0 (GENERIC.MP) #0: Sun Sep  4 14:01:33 EDT 2016
u...@otest.24cl.home:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3177906176 (3030MB)
avail mem = 3077185536 (2934MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (73 entries)
bios0: vendor LENOVO version "7LET56WW (1.26 )" date 10/18/2007
bios0: LENOVO 7658CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT ASF!
SSDT SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) IGBE(S4)
EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3)
USB2(S3) USB3(S3) USB4(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 2194.85 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.01 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10),
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10),
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB4, EHC0, EHC1
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"PNP0303" at acpi0 not configured
"IBM0057" at acpi0 not configured

Re: Difficulty compiling 6.0 on amd64 ...

[Mike]

On 9/4/2016 5:08 PM, Theo de Raadt wrote:
> Upgrade to a snapshot.
> 
> We do not gaurantee cross-builds release to release, and never will.
> 

Thanks for the quick reply.  I did some backtracking and I believe I
found my problem.

I wasn't trying to cross-build.  I had installed 6.0 amd64 on the system
(wipe and install) and that is the place I was building when I
encountered the error.

It appears I had a bad memory-stick image from which I installed.
Everything had been working fine except for that build error.   When I
recreated the memory stick, everything worked without error.

Quite ironically, the reason I am putting together the test system was
to have a place where I could write a script to verify and signify the
installation images.

In any case, everything is working fine now.

Thanks again for the quick assistance.

httpd and php script

[Mike]

I'm moving the server side of an IoT application from the 'net (FreeBSD
10.3 and nginx) to a server on my home network (OpenBSD 6.0 and httpd).
The server runs a php script.  The IoT device POSTs an xml file to the
server and the php script processes it.

I set up php on httpd and redirected (using pf) the IoT device to the
server.  Unfortunately, the IoT device acted as if the server were not
seeing the traffic, even though httpd's log file said differently.

Wanting to eliminate a difference, I loaded the nginx pkg onto OpenBSD.
The IoT device works fine using nginx on OpenBSD, but doesn't work using
httpd on OpenBSD.

I also simplified the POST so that it is a simple text string.



Diving into tcpdump, I found an important difference between httpd and
nginx.  Here are the details of the setup, php script and tcpdump info:


server section of httpd.conf:

server "plink.24cl.home" {
listen on 10.20.1.1 port 8081

root "/htdocs/plink/data/"

log style   combined
log access  plink-access.log
log error   plink-error.log

location "/scripts/*.php" {
fastcgi socket "/run/php-fpm.sock"
}
}



server section of nginx.conf:

server {
listen   8080;
server_name  localhost;
root /var/www/htdocs/plink/data;

location ~ \.php$ {
try_files  $uri $uri/ =404;
fastcgi_pass   unix:run/php-fpm.sock;
fastcgi_index  index.php;
fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
includefastcgi_params;
}
}

(note: the fastcgi_param line wrapped)




Here is what I use to do the POST: (note, they wrapped)

curl -X POST -d "port 8080 - nginx"  http://10.20.1.1:8080/scripts/test.php

curl -X POST -d "port 8081 - httpd"  http://10.20.1.1:8081/scripts/test.php



Here is test.php:





And, finally, here are the tcpdump outputs:


httpd:

11:03:49.907047 10.20.1.1.8081 > 10.20.3.31.52481: P [tcp sum ok]
1:221(220) ack 182 win 2142 
(ttl 64, id 24106, len 272)
  : 4500 0110 5e2a  4006 0377 0a14 0101  E...^*..@..w
  0010: 0a14 031f 1f91 cd01 d665 d72e 2805 7228  .e..(.r(
  0020: 8018 085e 05b0  0101 080a cb82 905b  ...^...[
  0030: 281a 7489 4854 5450 2f31 2e31 2032 3030  (.t.HTTP/1.1 200
  0040: 204f 4b0d 0a43 6f6e 6e65 6374 696f 6e3a   OK..Connection:
  0050: 206b 6565 702d 616c 6976 650d 0a43 6f6e   keep-alive..Con
  0060: 7465 6e74 2d74 7970 653a 2074 6578 742f  tent-type: text/
  0070: 786d 6c3b 6368 6172 7365 743d 5554 462d  xml;charset=UTF-
  0080: 380d 0a44 6174 653a 2054 6875 2c20 3133  8..Date: Thu, 13
  0090: 204f 6374 2032 3031 3620 3135 3a30 333a   Oct 2016 15:03:
  00a0: 3439 2047 4d54 0d0a 5365 7276 6572 3a20  49 GMT..Server:
  00b0: 4f70 656e 4253 4420 6874 7470 640d 0a54  OpenBSD httpd..T
  00c0: 7261 6e73 6665 722d 456e 636f 6469 6e67  ransfer-Encoding
  00d0: 3a20 6368 756e 6b65 640d 0a58 2d50 6f77  : chunked..X-Pow
  00e0: 6572 6564 2d42 793a 2050 4850 2f35 2e36  ered-By: PHP/5.6
  00f0: 2e32 330d 0a0d 0a66 0d0a 7468 6973 2069  .23f..this i
  0100: 7320 6120 7465 7374 0a0d 0a30 0d0a 0d0a  s a test...0


nginx:

11:04:28.659022 10.20.1.1.8080 > 10.20.3.31.61550: P [tcp sum ok]
1:195(194) ack 182 win 2142  (ttl
64, id 25269, len 246)
  : 4500 00f6 62b5  4006 ff05 0a14 0101  E...b...@...
  0010: 0a14 031f 1f90 f06e 83b4 841e 3c15 56b8  ...n<.V.
  0020: 8018 085e fcaf  0101 080a 06df bf50  ...^...P
  0030: 281b 0be9 4854 5450 2f31 2e31 2032 3030  (...HTTP/1.1 200
  0040: 204f 4b0d 0a53 6572 7665 723a 206e 6769   OK..Server: ngi
  0050: 6e78 0d0a 4461 7465 3a20 5468 752c 2031  nx..Date: Thu, 1
  0060: 3320 4f63 7420 3230 3136 2031 353a 3034  3 Oct 2016 15:04
  0070: 3a32 3820 474d 540d 0a43 6f6e 7465 6e74  :28 GMT..Content
  0080: 2d54 7970 653a 2074 6578 742f 786d 6c3b  -Type: text/xml;
  0090: 6368 6172 7365 743d 5554 462d 380d 0a43  charset=UTF-8..C
  00a0: 6f6e 7465 6e74 2d4c 656e 6774 683a 2031  ontent-Length: 1
  00b0: 350d 0a43 6f6e 6e65 6374 696f 6e3a 206b  5..Connection: k
  00c0: 6565 702d 616c 6976 650d 0a58 2d50 6f77  eep-alive..X-Pow
  00d0: 6572 6564 2d42 793a 2050 4850 2f35 2e36  ered-By: PHP/5.6
  00e0: 2e32 330d 0a0d 0a74 6869 7320 6973 2061  .23this is a
  00f0: 2074 6573 740atest.




The difference between the two is that httpd does not include the
Content-length header that I specify in the php script, while nginx does.

Is there a way to encourage httpd to include the Content-length header,
or do I need to stay with nginx for this app?

Thanks.

Re: httpd and php script

[Mike]

On 10/13/2016 1:53 PM, Robert Klein wrote:
> Hi,
> 
> Mike  wrote:
>>
>> Diving into tcpdump, I found an important difference between httpd and
>> nginx.  
> 
> 
> See /usr/src/usr.sbin/httpd/server_fcgi.c
> 
> Transfer Encoding `chunked' is set for HTTP/1.1 in lines 389 and 390.
> 
> In lines 620 to 634 the Content-Length Header is removed. Note, if
> there is already another Transfer-Encoding set by the FastCGI, the
> connection is aborted (lines 553 to 559).
> 
> When looking at RFC2616 (HTTP/1.1) both versions seem to be valid (see
> section 14.3 for the Context-Length Header and section 4.4 `Message
> Length', paragraph 2 about Transfer-Encoding and paragraph three about
> mismatching(?) both.
> 
>> The difference between the two is that httpd does not include the
>> Content-length header that I specify in the php script, while nginx
>> does.
>>
>> Is there a way to encourage httpd to include the Content-length
>> header, or do I need to stay with nginx for this app?
> 
> Doesn't look this way at the moment.  If your C skills are better than
> mine, look at the lines in the server_fcgi.c file.
> 
> The FastCGI specifiction RFC 3875 part corresponding to HTTP Headers
> seems to be section 6.3, in this case especially subsection 4.  See the
> nginx forum post
> (https://forum.nginx.org/read.php?2,235985,235988#msg-235988) for an
> explanation.
> 

Hi Robert,

Many thanks for the quick reply.

My c skills are reasonable, but the time needed to dig through and learn
httpd source and the RFCs, and implement something useful, is not
currently available.

Unfortunately, the client in my scenario is an IoT device, as such, it
is immutable.  I have to deal with any quirks on the server side of things.

For now, I'm going to clean up the nginx conf and go with that until I
have the appropriate amount of time to investigate other options.

Thanks again for your reply.

Re: How to both redirect to console and screen

[Mike]

On 10/17/2016 6:02 PM, Alexander Hall wrote:

> # dmesg -s
> 
> which may or may not be an alternative solution to the problem at hand.


Thank-you for that dmesg pointer.  That solves a low-grade issue for me.

Re: Home server rack recommendations?

[Mike.]

On 3/10/2015 at 5:46 PM Nick Holland wrote:

|On 03/10/15 09:27, Kent R. Spillner wrote:
|> Can anyone recommend a good server rack for home?  Ideally
something
|> with casters so I can move it around, preferably 12-16U.  I found
|> several via Google but my primary concern is the quality &
durability
|> of the casters.  Not that I plan on wheeling this old gear around
a
|> lot, I just want the piece of mind that a caster won't snap off
when
|> I do.  :)
|
|Bang for the buck, hard to beat a "Lack Rack" (google for it.  And 
|laugh.  But ... it works!).  You'd have to put your own wheels on
it, 
|and for 12-16U, probably need to stack two of them, but should be
doable.
 =


So long as we're assembling Ikea ...

Take one of these:
http://www.ikea.com/us/en/catalog/products/44361109/

And install rack rails:
http://www.amazon.com/Raxxess-Rack-Rails-Black-Space/dp/B000K6B38C



>From the Q&A section of the rack rails page:

does it fit the ikea rast

A:
Yup, I bought two sets and slapped them both in a rast bedside no
problem. Just needed a few additional screw to attach them to the
inside of the wood, but the fit is perfect with no modifications.

Re: Alleged OpenSSH bug

[Mike]

On 7/23/2015 12:29 PM, Garance A Drosehn wrote:
> On 23 Jul 2015, at 10:06, Emilio Perea wrote:
[snip]
> 
> It is a real issue.  Your servers might not see the issue depending on 
> what
> options have been set for sshd_config.  My freebsd boxes do *not* have 
> the
> problem, but that's because I have set 'ChallengeResponseAuthentication 
> no'.
> I don't even remember why I set that on my freebsd boxes.  I change very
> few settings, but for some reason I decided to change that one.
[snip]

When you set ChallengeResponseAuthentication to "no", the pop-up "Enter
your Authentication Response" that appears after you enter your password
is suppressed.

Re: Formal verification as another tool for ensuring OpenBSD quality

[mike]

Andris wrote:

Hi, I have read about formal verification, and it sounds like a
perfect tool to outreach the project goals. I'm pretty sure developers
know about it, so I'd like to read comments or opinions.

http://en.wikipedia.org/wiki/Formal_verification

Greetings.



Well, just go ahead and do it. Please post your findings afterwards.

Re: Will future programmers probably warn people not to use high-level programming languages just as most programmers today warn people not to use assembler?

[Mike]

On 10/29/2019 1:17 PM, Nathan Hartman wrote:
> On Tue, Oct 29, 2019 at 7:41 AM Clark Block  wrote:
> 
>> Just as most programmers today warn people not to use assembler, probably
>> future programmers will warn people not to use high-level programming
>> languages.
> 
> 
> In the future, computers will program programmers.
> 

I remember programming back when it was the programmer, and not the
compiler, that did the optimizations.

:)

Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

[Mike]

On 5/28/2020 7:27 AM, infoomatic wrote:
> I just don't get it why some people put so much energy into bashing a
> free product instead of just ignoring it if they really hate it.
> [snip]

It is an easy way to get attention.

Re: bug tracking system for OpenBSD

[Mike]

On 12/22/2017 11:26 AM, Kapetanakis Giannis wrote:
> On 22/12/17 17:36, Stuart Henderson wrote:
> 
>> The important part is the data itself.
>> ...
>> IMHO if anything is going to happen with this it's going to come
>> from someone who just gets on and does it. Maybe someone who just
>> throws a spreadsheet or something together to keep track of
>> tech@/bugs@ mails. I'd be very surprised if a useful system
>> comes from someone who is looking at it as a technical exercise
>> of setting up the system.
> 
> 
> I agree with you that the important is the data itself and not the system 
> chosen for the work.
> 
> Such a movement can start from zero ground without migrating data from @bugs 
> or @tech.
> 
> But to be fair with the OP it all depends on dev's (mainly) willingness to 
> track/respond/close tickets.
> I say devs because these are the people who commit fixes of bugs and so they 
> should monitor/update this system as well. It's extra work for them instead 
> of developing... and I understand that.
> 
> I don't see a reason @tech should be forwarded to this ticket system.
> 
> @bugs can be eventually closed or somehow migrated to this system (new mails 
> and not existing ones).
> 
> Personally I would like to see such a system in OB.




> so they should monitor/update this system as well

Therein is the issue, in my eyes.

"should" instead of "want to."

The system needs to provide enough of a benefit to those who use it that
they want to use.

No amount of shiny objects is going to change that.

Re: Supermicro SuperServer E200-9A

[Mike]

On 2/27/2018 8:51 AM, Stuart Henderson wrote:
> On 2018/02/27 08:30, Rupert Gallagher wrote:
>> Not new at all. 
>>
>> https://www.servethehome.com/intel-atom-c3338-benchmarks-why-denverton-is-so-sweet/
>>
>> https://www.servethehome.com/intel-atom-c3558-linux-benchmarks-and-review/
>>
>> https://www.servethehome.com/
>> intel-atom-c3958-16-core-top-end-embedded-qat-linux-benchmarks-and-review/
> 
> Launch date q3 '17 is pretty new.
> 

fwiw, for a couple of years, I've been running what could be considered
the prior model of that motherboard, the A1SRi-2758F.  OpenBSD has no
issues running on it. I use CLI elusively, no X stuff..

The requisite dmesg:

OpenBSD 6.2-stable (GENERIC.MP) #4: Wed Feb  7 19:16:57 EST 2018
mik...@sentry.24cl.com:/sys/arch/amd64/compile/GENERIC.MP
real mem = 8544800768 (8148MB)
avail mem = 8278806528 (7895MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (50 entries)
bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015
bios0: Supermicro A1SAi
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET
SSDT HEST BERT ERST EINJ
acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.44 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: TSC frequency 2400442320 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu4: 1MB 64b/line 16-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu5: 1MB 64b/line 16-way L2 cache
cpu5: smt 0, core 5, package 0
cpu6 at mainbus0: apid 12 (application processor)
cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu6: 1MB 64b/line 16-way L2 cache
cpu6: smt 0, core 6, package 0
cpu7 at mainbus0: apid 14 (application processor)
cpu7: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz
cpu7:
FP

Re: Supermicro SuperServer E200-9A

[Mike]

On 2/26/2018 6:26 PM, Rupert Gallagher wrote:
> Note on passing: the C2000 are officially retired and discontinued.
> 
> Sent from ProtonMail Mobile
> 
> On Mon, Feb 26, 2018 at 23:21, Stuart Henderson  wrote:
> 
>> On 2018-02-26, OpenBSD user wrote: > Hello > > I want to build a OpenBSD 
>> firewall. And I have bought a Supermicro > SuperServer E200-9A. There is 
>> installed a A2SDi-4C-HLN4F motherboard in it. > > I'm trying to installed 
>> OpenBSD 6.2 on it, [snip]

Looks like ProtoMail Mobile could use some assistance with proper
quoting... :)

Re: Supermicro SuperServer E200-9A

[Mike]

On 2/27/2018 6:00 PM, li...@wrant.com wrote:
> Tue, 27 Feb 2018 10:42:42 -0500 Mike 
>> On 2/27/2018 8:51 AM, Stuart Henderson wrote:
>>> On 2018/02/27 08:30, Rupert Gallagher wrote:  
>>>> Not new at all. 
>>>>
>>>> https://www.servethehome.com/intel-atom-c3338-benchmarks-why-denverton-is-so-sweet/
>>>>
>>>> https://www.servethehome.com/intel-atom-c3558-linux-benchmarks-and-review/
>>>>
>>>> https://www.servethehome.com/
>>>> intel-atom-c3958-16-core-top-end-embedded-qat-linux-benchmarks-and-review/ 
>>>>  
>>>
>>> Launch date q3 '17 is pretty new.
>>>   
>>
>> fwiw, for a couple of years, I've been running what could be considered
>> the prior model of that motherboard, the A1SRi-2758F.  OpenBSD has no
>> issues running on it. I use CLI elusively, no X stuff..
> 
> Hi Mike,
> 

Hi.

> 
> Evasively this has not affected your system mainboard, very interesting:
> 
> https://www.servethehome.com/intel-atom-c2000-series-bug-quiet/
> https://www.google.com/search?q=atom+c2758+sudden+death
> 
> The fault affects various makers, manifests itself in dead system board.
> 
> https://www.supermicro.com/products/motherboard/atom/x10/a1sri-2758f.cfm
> https://en.wikipedia.org/wiki/List_of_Intel_Atom_microprocessors#Silvermont_microarchitecture_4
> 

I returned my two boards to SuperMicro about a year ago, and they
affected the fix on both of them and returned them to me.  SuperMicro
was even very flexible in the scheduling to fit within the spare board
constraints that I have.  And there was no charge except for the cost to
ship the boards to them.

Re: OT: Temperature sensors suggestions?

[Mike]

On 5/19/2018 4:52 AM, Hiltjo Posthuma wrote:
> On Fri, May 18, 2018 at 04:42:01PM -0400, Daniel Ouellet wrote:
>> Does anyone have a decent temperature sensors that can connect to an
>> OpenBSD server and be reliable and give any decent reading via either
>> USB or Serial port or even stand alone via Ethernet?
>>
[snip]
> 
> I use PCsensors TEMPer-based USB device and the ugold(4) driver.
> It works well.
> 

For a simple temperature sensor setup, the TEMPer-based sensor works
very well.

I just plugged it into the USB port via a short USB extension cable, and
started to monitor the temperature via OpenBSD's sensor framework.


# sysctl hw.sensors.cpu0.temp0
hw.sensors.cpu0.temp0=23.00 degC

Re: Upgrading from 7.0 to 7.1

[Mike]

Did you create an index.txt ?

On Sat., Aug. 6, 2022, 6:44 p.m. ,  wrote:

> Hello misc
> Does somebody know how to solve this please:
>
> Let's upgrade the sets!
> Location of sets? (cd0 disk http nfs or 'done') [http]
> HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
> HTTP Server? (hostname, list#, 'done' or '?') [cdn.openbsd.org]
> Server directory? [pub/OpenBSD/7.1/amd64]
> Unable to connect using HTTPS; using HTTP instead.
> Unable to get a verified list of distribution sets.
> Looked at  and found no OpenBSD/amd64 7.1 sets.  The set names looked for
> were:
> bsd   comp71.tgzxbase71.tgz   xserv71.tgz
> bsd.rdman71.tgz xshare71.tgz  site71.tgz
> base71.tgzgame71.tgzxfont71.tgz   site71-agrox.tgz
>
> Location of sets? (cd0 disk http nfs or 'done') [http]
>
> Note: After [http] there is one space. I did a new installation, and it
> failed stoping the download.
>
> Thanks
>
>

why is this pf rule logging?

[Mike]

OpenBSD 6.3, amd64

I am seeing this record being logged by pf.  The rule specified in the
record does not have logging enabled.  I must be missing something
simple as to why it is logging, but I can't see it.



20180623T112712.952EDT sentry pf: rule 12/(match) pass in on em0:
fe80::1a8b:9dff:fed4:7822 > ff02::1: HBH icmp6: multicast listener query
v2 [|icmp6] [class 0xe0] [hlim 1]



# pfctl -s rules -R 12
pass in quick inet6 proto ipv6-icmp all keep state (max 16,
adaptive.start 6, adaptive.end 12)


Actual pf.conf text for the rule:

pass in quick inet6 proto icmp6 from any to any keep state (max 16)


Why is it logging?

thx.

Crash when unplugging a UPS USB connection

[Mike]

I run NUT on OpenBSD to monitor a Cyperpower UPS.  The UPS plugs into
the OpenBSD box via a USB connection.

OpenBSD 6.8, I had no problems, everything ran fine.  When the power
went out, NUT saw that and reacted according to configuration.

After I upgraded to OpenBSD 6.9 (a fresh install, not an in-place
upgrade), when the power dropped, I'd be greeted with a blue crash screen.

It seems that when the power drops, the UPS temporarily drops the USB
connection, seemingly the equivalent of unplugging the USB connector.

I am able to reproduce that 100% by booting up OpenBSD 6.9 with the UPS
communications cable plugged into the USB port.  When I unplugged that
USB connector, the crash occurs.

This first occurred on my production box which is a Supermicro
motherboard.  I can provide that dmesg if needed.


Both OpenBSD 6.8 and current below are fresh installs on a test Lenovo
laptop.

On OpenBSD 6.8, when I plug in the UPS and unplug it, here is what I see
on the console (dmesg is included):

vvv= OpenBSD 6.8 ==

OpenBSD 6.8 (GENERIC.MP) #3: Sat Jun  5 10:34:16 MDT 2021

t...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4129800192 (3938MB)
avail mem = 3989590016 (3804MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
bios0: vendor LENOVO version "6IET75WW (1.35 )" date 02/01/2011
bios0: LENOVO 2522DU5
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT
TCPA SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4)
EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.44 MHz, 06-25-05
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.01 MHz, 06-25-05
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.02 MHz, 06-25-05
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.01 MHz, 06-25-05
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 2, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 5 (EXP4)
acpiprt6 at acpi0: bus 13 (EXP5)
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 UNCR
acpipci1 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
acpibat0 at acpi0: BAT0 model "42T4911" serial 21260 type LION oem "LGC"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0: version 1.0
"*pnp0c14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10),
C1(1000@3 mwait.1), PSS
acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10),
C1(1000@3 mwait.1), PSS
acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10),
C1(1000@3 mwait.1), PSS
a

Re: Crash when unplugging a UPS USB connection

[Mike]

On 7/12/2021 3:12 PM, Mike Larkin wrote:
> On Sun, Jul 11, 2021 at 04:11:39PM -0400, Mike wrote:
>> I run NUT on OpenBSD to monitor a Cyperpower UPS.  The UPS plugs into
>> the OpenBSD box via a USB connection.
>>
>> OpenBSD 6.8, I had no problems, everything ran fine.  When the power
>> went out, NUT saw that and reacted according to configuration.
>>
>> After I upgraded to OpenBSD 6.9 (a fresh install, not an in-place
>> upgrade), when the power dropped, I'd be greeted with a blue crash screen.
>>
>> It seems that when the power drops, the UPS temporarily drops the USB
>> connection, seemingly the equivalent of unplugging the USB connector.
>>
>> I am able to reproduce that 100% by booting up OpenBSD 6.9 with the UPS
>> communications cable plugged into the USB port.  When I unplugged that
>> USB connector, the crash occurs.
>>
>> This first occurred on my production box which is a Supermicro
>> motherboard.  I can provide that dmesg if needed.
>>
>>
>> Both OpenBSD 6.8 and current below are fresh installs on a test Lenovo
>> laptop.
>>
>> On OpenBSD 6.8, when I plug in the UPS and unplug it, here is what I see
>> on the console (dmesg is included):
>>
> 
> This crash happens to me as well when I unplug my upd(4). I'll try to find
> what diff caused this.
> 
> -ml


Many thanks for the confirmation!

Mike.

Re: Crash when unplugging a UPS USB connection

[Mike]

On 7/12/2021 4:16 PM, Mike wrote:
> On 7/12/2021 3:12 PM, Mike Larkin wrote:
>> On Sun, Jul 11, 2021 at 04:11:39PM -0400, Mike wrote:
>>> I run NUT on OpenBSD to monitor a Cyperpower UPS.  The UPS plugs into
>>> the OpenBSD box via a USB connection.
>>>
>>> OpenBSD 6.8, I had no problems, everything ran fine.  When the power
>>> went out, NUT saw that and reacted according to configuration.
>>>
>>> After I upgraded to OpenBSD 6.9 (a fresh install, not an in-place
>>> upgrade), when the power dropped, I'd be greeted with a blue crash screen.
>>>
>>> It seems that when the power drops, the UPS temporarily drops the USB
>>> connection, seemingly the equivalent of unplugging the USB connector.
>>>
>>> I am able to reproduce that 100% by booting up OpenBSD 6.9 with the UPS
>>> communications cable plugged into the USB port.  When I unplugged that
>>> USB connector, the crash occurs.
>>>
>>> This first occurred on my production box which is a Supermicro
>>> motherboard.  I can provide that dmesg if needed.
>>>
>>>
>>> Both OpenBSD 6.8 and current below are fresh installs on a test Lenovo
>>> laptop.
>>>
>>> On OpenBSD 6.8, when I plug in the UPS and unplug it, here is what I see
>>> on the console (dmesg is included):
>>>
>>
>> This crash happens to me as well when I unplug my upd(4). I'll try to find
>> what diff caused this.
>>
>> -ml
> 
> 
> Many thanks for the confirmation!
> 
> Mike.
> 
> 

This crash also occurs with the following two UPSs:

Cyberpower EC750G
Tripp-Lite OmniSmart1500LCDT

As before, to reproduce it

1) fresh install of OpenBSD current
2) do the reboot after the install
3) plug in the UPS
4) unplug it


I can supply images of the crash screens for the two UPSs above if they
are needed.

Thanks!

Re: How to troubleshoot DHCP issues?

[Mike]

On 8/3/2021 11:57 AM, beebeet...@posteo.de wrote:
> The router works fine most of the time -- except that it stops
> working every one and a half day, and I have to reset the modem
> for it to work again.

In my experience with my ISP (Comcast in the US), I note the following:

When the lladdr changes, the modem needs to be restarted in order for
the new lladdr to be seen.  If I don't restart the modem, I see the
symptoms you document.

My ISP gives out leases with a 3-day duration, so the leases renew every
day and a half.

The "random" lladdr catches my eye.  But I don't know how frequently
that changes.  Could it change every time the lease is renewed?

My first suggestion might be to stay with a single lladdr for a while to
see if your setup works for more than a day and a half.

Once (if) you have that working baseline, they start experimenting with
random lladdrs.

Re: Crash when unplugging a UPS USB connection

[Mike]

On 8/5/2021 8:18 AM, Stuart Henderson wrote:
> Please report to bugs@ with the following,
> 
> - quick summary of problem
> - dmesg
> - a text version of the panic/crash message
> - at least a text version of the function names from the backtrace
> if not the full thing
> - links to images hosted elsewhere (not attachments) if the text version
> of the above isn't the full thing

Thanks for the reply.

I did that on a week or two ago.  I was not able to get the text version
of the crash message, but the images show it clearly.

https://marc.info/?l=openbsd-bugs&m=162612361706514&w=2

To clarify, to reproduce...

- Reboot after the fresh install of OpenBSD current.

- plug in the USB comm cable from the UPS

- the console shows the USB connection details

- unplug the USB comm cable from the UPS

- the console shows the crash

Re: Crash when unplugging a UPS USB connection

[Mike]

On 8/5/2021 9:52 AM, Stuart Henderson wrote:

> 
> By requiring that somebody have an affected UPS to reproduce the
> bug you seriously reduce the number of people who can help.

OK, sorry for the noise.

I'll move on then.

Thanks for the reply.

Re: Crash when unplugging a UPS USB connection

[Mike]

On 8/6/2021 5:46 PM, Anindya Mukherjee wrote:
> I apologise for not following up. I relocated my UPS and a Pi is acting as the
> NUT server now, running several devices. As a result I am unable to easily
> connect my main OpenBSD desktop to test. However I am setting up another 
> machine
> and will have a chance to test the fix soon.
> 
> I am still running upsmon on my desktop which is working fine but this is just
> the net client.
> 
> Thanks to everyone for the rapid fix, and in particular sthen@ for his prompt
> and helpful responses.
> 

I was able to run a test this morning.

The fix works.  dmesg is below.  Note that I plugged in and unplugged
the USB comm cable a couple of times.


To reproduce the initial issue, and to test the fix, I did the following:

1) fresh install of OpenBSD current (no ports need be installed)
2) reboot after the install
3) plug in the USB comm cable
4) unplug the USB comm cable

Thank you to those who worked to fix this.

==


OpenBSD 6.9-current (RAMDISK_CD) #159: Sat Aug  7 05:11:58 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 4129800192 (3938MB)
avail mem = 4000620544 (3815MB)
random: good seed from bootblocks
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
bios0: vendor LENOVO version "6IET75WW (1.35 )" date 02/01/2011
bios0: LENOVO 2522DU5
acpi0 at bios0: ACPI 4.0
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT
TCPA SSDT SSDT SSDT
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 560 @ 2.67GHz, 2926.51 MHz, 06-25-05
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,AES,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 132MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpiprt5 at acpi0: bus 5 (EXP4)
acpiprt6 at acpi0: bus 13 (EXP5)
"PNP0C0D" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
acpipci0 at acpi0 UNCR
acpipci1 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0C0A" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"IBM0068" at acpi0 not configured
"*pnp0c14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
cpu0: using IvyBridge MDS workaround
pci0 at mainbus0 bus 255
pchb0 at pci0 dev 0 function 0 "Intel QuickPath" rev 0x02
pchb1 at pci0 dev 0 function 1 "Intel QuickPath" rev 0x02
pchb2 at pci0 dev 2 function 0 "Intel QPI Link" rev 0x02
pchb3 at pci0 dev 2 function 1 "Intel QPI Physical" rev 0x02
pchb4 at pci0 dev 2 function 2 "Intel Reserved" rev 0x02
pchb5 at pci0 dev 2 function 3 "Intel Reserved" rev 0x02
pci1 at mainbus0 bus 0
pchb6 at pci1 dev 0 function 0 "Intel Core Host" rev 0x02
ppb0 at pci1 dev 1 function 0 "Intel 3400 PCIE" rev 0x02: msi
pci2 at ppb0 bus 1
vga1 at pci2 dev 0 function 0 vendor "NVIDIA", unknown product 0x0a6c
rev 0xa2
vga1: aperture needed
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
vendor "NVIDIA", unknown product 0x0be3 (class multimedia subclass
hdaudio, rev 0xa1) at pci2 dev 0 function 1 not configured
"Intel 3400 MEI" rev 0x06 at pci1 dev 22 function 0 not configured
em0 at pci1 dev 25 function 0 "Intel 82577LM" rev 0x06: msi, address
f0:de:f1:50:6e:0a
ehci0 at pci1 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
"Intel 3400 HD Audio" rev 0x06 at pci1 dev 27 function 0 not configured
ppb1 at pci1 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: msi
pci3 at ppb1 bus 2
ppb2 at pci1 dev 28 function 1 "Intel 3400 PCIE" rev 0x06: msi
pci4 at ppb2 bus 3
iwn0 at pci4 dev 0 function 0 "Intel Centrino Advanced-N 6200" rev 0x35:
msi, MIMO 2T2R, MoW, address 18:3d:a2:2d:55:28
ppb3 at pci1 dev 28 function 3 "Intel 3400 PCIE" rev 0x06: msi
pci5 at ppb3 bus 5
ppb4 at pci1 dev 28 function 4 "Intel 3400 PCIE" rev 0x06: msi
pci6 at ppb4 bus 13
sdhc0 at pci6 dev 0 function 0 "Ricoh 5U822 SD/MMC" rev 0x01: apic 1 int 16
sdhc0: SDHC 1.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed
"Ricoh 5U230 Memory Stick" rev 0x01 at pci6 dev 0 function 1 not configured
"Ricoh 5U832 Firewire" rev 0x01 at pci6 dev 0 function 3 not configured
ehci1 at pci1 dev 

Re: Why the mail filter?

[Mike]

Yawn

On Mon, Dec 25, 2023, 11:05 a.m.  wrote:

> > On 2023-12-25 06:32, Jan Stary wrote:
> > There's nothing to "confront". Go away.
> The classic white belief:
> "You're not a real man if you're not an obedient worker drone for muh
> society (aka women)"
>
> Fuck you cunt.
> I'm glad the taliban and Iran have been slaughtering your kind.
> Guess they're "nothing to """confront""" " either.
>
> Bet you'd say the same thing to someone like Hans Reiser (kernel
> programmer (linux)).
> And then when he shows you he IS someone to confront;
> then he gets criticized from the other direction.
>
> There's no winning with you fucking faggots.
> You're simply a woman's society.
>
> Glad you lost in afghanistan :)
>
> Men are _FUCKING_ their young girl brides there.
> White CUNT.
>
> Oh: and please some help with Unreal Map format loading:
> sf.net/p/chaosesqueanthology/tickets/2/
>
> On 2023-12-25 06:32, Jan Stary wrote:
> > There's nothing to "confront". Go away.
> >
> > On Dec 25 05:31:13, mikee...@firemail.cc wrote:
> >> Got a problem with my emails? Can't confront me man to man? Like
> >> fucking
> >> faggot scum?
> >>
> >>
>
>

Re: What is you motivational to use OpenBSD

[Mike]

On 8/28/2019 10:32 AM, Mohamed salah wrote:
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
> 

I run a few different OS's here.  The reason I choose OpenBSD for the
tasks I use it for:

It just works.

It doesn't carry a lot of extra baggage.

It just works.

Re: reliable, dd over simple ip network

[Mike]

> will work out much faster and better than plain old dd(1).
>
> On the other side you have to run
>
> #  | restore xf -
>
> -Girish
>

whats the  going to be?

Re: reliable, dd over simple ip network

[Mike]

On Sat, Oct 18, 2008 at 6:57 AM, Matthew Dempsky <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 17, 2008 at 10:52 PM, Johan Beisser <[EMAIL PROTECTED]> wrote:
>> You know ssh will compress what goes through its tunnel to begin with, right?
>
> ssh_config(5) says Compression defaults to "no".
>
>

If you use ssh -C  it'll compress

Re: Recommend hardware for video surveillance system?

[Mike]

On Sun, Nov 2, 2008 at 5:59 AM, Brian Keefer <[EMAIL PROTECTED]> wrote:
> On Nov 1, 2008, at 10:21 PM, Duncan Patton a Campbell wrote:
>
>> On Fri, 31 Oct 2008 20:28:34 -0700
>> Brian Keefer <[EMAIL PROTECTED]> wrote:
>>
>>> I'm finally getting around to starting my project to build a home-
>>> monitoring system.  I'm going to need multiple capture devices inside
>>> the home, and at least one outside as well.  I'm looking for
>>> recommendations on a video capture card, and wireless video cameras.
>>> I don't mind spending > $100 US per cam if it's worth it.
>>>
>>
>> Unless you have a good reason not to, use "WebCams" that implement
>> an http(s) server on camera.
>>
>> The use of a standard protocol makes life much easier.
>>
>> Dhu
>
> I was under the impression that the quality would be bad and/or they would
> require a proprietary client application that only runs on Windows, etc...
> Am I mistaken?  If the cam has it's own webserver, is it simply serving
> static frames ever x seconds, or streams video as well?
>
> Sorry for the basic questions, but I hadn't even considered that approach.
>  I was planning on using bktr(4) with capture cards and cameras with
> coax/rca/s-video out.
>
> --
> bk
>
>


I am looking into this also,  there is linux friendly usb to rca
devices which sit on the computer via usb port. You connect rca cams
to usb device then have a software application which controls/monitors
the video input.

hope this helps

Re: microsoft and UEFI boot

[Mike.]

On 9/24/2011 at 6:57 PM Paolo Aglialoro wrote:

|Unfortunately, just a tiny percentage of sold X86 boxes is no-OS, and
also
|dell has stopped selling linux PCs.
|The last "no-OS" one I bought was an HP laptop (HP 360) with suse 11
|onboard. Drops within an ocean.
|Unless EU Commission helps, it'll be a hell of a scenery
 =


Interesting that all this is happening just after Microsoft comes out
from under the auspices of the DoJ for anti-trust violations.

GNOBSD

[Mike]

Hello, Can the Operating system be ported to AMD64? We need the safest
operating system in the world for our AMD64 Tyan Work Stations. Hopefully
you will make an installer for us. Your talent is world renowned, I can only
run your system live for now in i386, it is the best. Do you need money
donations to make this AMD64 compatable??? PAYPAL works well to send
donations, place a PAYPAL link on the GNOBSD home page, 1 link for Germany,
1 link for the United States, it makes it easier to get the donation to your
email addy. Thank You and God Bless. Mike

Re: pfctl - show port numbers

[Mike.]

> From: Henning Brauer (lists-openbsdbsws.de)
> Date: Sun Dec 02 2007 - 14:45:37 CST
> 
> * MikeM  [2007-12-02 15:35]:
> >
> > When I run the command
> >
> > pfctl -sr
> >
> > a list of the rules is displayed, a sample line is below.
> >
> > pass in log quick on fxp0 inet proto tcp from 226.174.167.164 to
> > (fxp0) port = smtp flags S/FSRA keep state
> >
> >
> > Is there a way for me to tell pfctl that I want to see
> >
> > port = 25
> >
> > instead of
> >
> > port = smtp
> >
> > ?
> 
> short of hacking pfctl source, no.
> 
> -- 
> Henning Brauer, hbbsws.de, henningopenbsd.org
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg &
Amsterdam 



Thank-you!   I see the change was made in 5.1.  Yea.   No more hacking
print_ports()!

openntpd siginfo status

[Mike.]

Recently I made the switch from ntp to openntpd.  Seemingly random
memory write errors by the ntp daemon finally convinced me that ntp had
become too bloated for the reliability I desired.

So far, my experience with openntpd has been very good.  But I missed
some of the status reporting ability of ntp (e.g, the 'ntpq -c peer'
command).  As part of the daily.local script, I like to capture the
openntpd SIGINFO status, but somehow "4 out of 4 peers valid" was not
the level of information I wanted.  I decided to offer my first code
patch here.

In this patch, I had the following goals:
- no changes to existing time-computation algorithms and data
structures
- no new include files required for compiling
- no new libraries required for linking
- no changes to any files used by make
- treat current openntpd data structures as read-only
- leave current status messages unchanged, as some folk may be using
log file scanners
- log the new status informaiton as "info" priority to avoid cluttering
more important log files
- within the above constraints, provide useful status of openntpd's
interaction with the peers

This is the output you will see in daemon.log when a SIGINFO signal is
received (presuming that syslog puts daemon.info into that file)

=== start of output
 ntpd[1503]: 4 out of 4 peers valid
 ntpd[1503]: clock is synced, stratum 3
 ntpd[1503]: peer
 ntpd[1503]:wt tl st  next  poll  offset   delay
jitter
 ntpd[1503]: 10.20.1.1 ntp.89lr.home 
 ntpd[1503]: 1 10  3  688s 1550s 0.985mS 0.346mS
0.081mS
 ntpd[1503]: 64.113.32.10 from pool 1.us.pool.ntp.org 
 ntpd[1503]: 1 10  2  721s 1609s 6.404mS51.893mS
2.624mS
 ntpd[1503]: 67.18.187.111 from pool 1.us.pool.ntp.org 
 ntpd[1503]: 1 10  2  684s 1533s-2.835mS80.682mS
4.734mS
 ntpd[1503]: 208.53.158.34 from pool 1.us.pool.ntp.org 
 ntpd[1503]: 1 10  2  641s 1547s-0.624mS41.273mS
0.388mS
=== end of output

where the columns for each peer are: weight, trustlevel, stratum, time
remaining to the next poll, poll interval, local clock's offset from
the peer's clock, network delay, jitter in the network delay.



With the above goals in mind, I offer the following patch for 5.1.  

=== begin file ntp_5-1.patch

Apply by doing:
cd /usr/src
patch -p0 < ntp_5-1.patch

And then rebuild and install ntpd:
cd /usr/src/usr.sbin/ntpd   
make obj
make depend
make
make install

And finally, run the new version:
/etc/rc.d/ntpd restart

===
--- usr.sbin/ntpd/ntp.c
+++ usr.sbin/ntpd/ntp.c  Sun Jun 10 15:07:30 2012
@@ -761,23 +761,103 @@
}
lastreport = now;
if (peer_cnt > 0) {
-   log_warnx("%u out of %u peers valid", peer_cnt - badpeers,
-   peer_cnt);
+
+   log_warnx("%u out of %u peers valid", 
+   peer_cnt - badpeers, peer_cnt);
+   
+   if (conf->status.synced == 1) 
+   log_info("clock is synced, stratum %u", 
+   conf->status.stratum);
+   else log_info("clock is unsynced");
+
+   log_info("peer");
+   log_info("   wt tl st  next  poll  offset   "
+   "delay  jitter");
+
TAILQ_FOREACH(p, &conf->ntp_peers, entry) {
+   const char *a = "not resolved";
+   const char *pool = "";
+
+   if (p->addr)
+   a = log_sockaddr(
+   (struct sockaddr *)&p->addr->ss);
+   if (p->addr_head.pool)
+   pool = "from pool ";
+
+   log_info("%s %s%s %s",
+   a, pool, p->addr_head.name, 
+   print_rtable(p->rtable) );
+
if (p->trustlevel < TRUSTLEVEL_BADPEER) {
-   const char *a = "not resolved";
-   const char *pool = "";
-   if (p->addr)
-   a = log_sockaddr(
-   (struct sockaddr *)&p->addr->ss);
-   if (p->addr_head.pool)
-   pool = "from pool ";
log_warnx("bad peer %s%s (%s) %s",
pool, p->addr_head.name, a,
print_rtable(p->rtable));
}
+   else {
+   u_int8_t shift, best, validdelaycnt, jittercnt;
+   double avg_offset, avg_delay, jitter;
+
+   validdelaycnt = best = 0;
+   avg_offset = avg_delay = 0.0;
+   

Re: Newbie Network/PF Question

[Mike.]

On 1/4/2011 at 10:57 PM Josh Smith wrote:

|
|pass in on $int_if0 # pass all incomming traffic on our internal
interface
|pass in on $int_if1 # pass all incomming traffic on our internal
interface from the test network
 =




I have two internal subnetworks, one for standard frames and one for
jumbo frames.

Instead of the two rules you cite, I use the following:




# macros
std_if = "em1"
jum_if = "em0"
loc_if = "lo0"


# let internal traffic flow unimpeded
pass  quick on $loc_if
pass  quick on $std_if
pass  quick on $jum_if