Re: No audio on auvia0 / VIA VT8233 AC97

[Peter Laufenberg]

Not 100% sure from the logs but you've got a lot of mixer channels muted, maybe 
PCM isn't getting amped. Also try 44100 Hz.

I don't have windows available to update bios

You probably don't need Windows, just a boot CD like from PE Builder, Ultimate 
Boot CD, etc. Intel and Dell also have some ISO images you can reuse.

Is there something else I can try before getting a PCI soundcard?

Update BIOS and any other firmware.

-- p

dmesg, pcidump, mixerctl, audioctl, and mplayer output below all came from 
amd64-5.1 and mplayer from packages:

==

OpenBSD 5.1 (GENERIC) #181: Sun Feb 12 09:35:53 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1072365568 (1022MB)
avail mem = 1029746688 (982MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0720 (45 entries)
bios0: vendor American Megatrends Inc. version 0210 date 09/05/2005
bios0: ASUSTeK Computer INC. A8V-MX
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices PCI0(S4) PS2K(S4) PS2M(S4) UAR1(S4) P7P8(S4) USB1(S4) 
USB2(S4) USB3(S4) USB4(S4) EHCI(S4) ILAN(S4) SLPB(S4) PWRB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) 64 Processor 3500+, 2200.45 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD errata 89, 97 present, BIOS upgrade may be required
cpu0: apic clock running at 200MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P0P7)
acpiprt3 at acpi0: bus 4 (P7P9)
acpiprt4 at acpi0: bus 3 (P7P8)
acpicpu0 at acpi0: PSS
aibs0 at acpi0: RTMP RVLT RFAN
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
cpu0: Cool'n'Quiet K8 2200 MHz: speeds: 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 VIA K8M800 Host rev 0x00
agp at pchb0 not configured
pchb1 at pci0 dev 0 function 1 VIA K8M800 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA K8M800 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA K8M800 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA K8M800 Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA K8M800 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA K8HTB AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon VE rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16
drm0 at radeondrm0
pciide0 at pci0 dev 15 function 0 VIA VT8251 SATA rev 0x00: DMA
pciide0: using apic 1 int 21 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: ST380011A
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, DMA mode 2
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x90: apic 1 int 20
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x90: apic 1 int 22
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x90: apic 1 int 21
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x90: apic 1 int 23
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: apic 1 int 22
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 VIA VT8251 ISA rev 0x00: SMI
iic0 at viapm0
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL3.0
spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC3200CL3.0
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x70: apic 1 int 22
ac97: codec id 0x414c4761 (Avance Logic ALC655 rev 1)
audio0 at auvia0
pchb6 at pci0 dev 17 function 7 VIA VT8251 VLINK rev 0x00
vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x7c: apic 1 int 23, address 
00:13:d4:cc:b4:36
rlphy0 at vr0 phy 1: RTL8201L 10/100 PHY, rev. 1
ppb1 at pci0 dev 19 function 0 VIA VT8251 PCIE rev 0x00
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 VIA VT8251 PCIE rev 0x00
pci3 at ppb2 bus 3
ppb3 at pci2 dev 0 function 1 VIA VT8251 PCIE rev 0x00
pci4 at ppb3 bus 4
pchb7 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
pchb8 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
pchb9 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 VIA UHCI root hub rev 

Re: No audio on auvia0 / VIA VT8233 AC97

[Peter Laufenberg]

Also try 44100 Hz.

I tried but audioctl will not let me lower the Hz rate below 48000 Hz.

Probably the native freq but it's strange it'd interpolate in software.

 Is there something else I can try before getting a PCI soundcard?
 
 Update BIOS and any other firmware.

As far as I know, the BIOS is the only firmware existing on this computer.

The on-board audio firmware could be embedded in the BIOS.

I'm on BIOS version 210. According to 
http://www.asus.com/Motherboards/AMD_Socket_939/A8VMX/#download the 2 BIOS 
updates more recent than this one are to Support new CPUs. I wonder how 
accurate this info is (i.e. do they fail to mention other things the BIOS 
update achieves...). I'm kind of reluctant to flash the BIOS in case I brick 
the beast.

Forthcoming technical docs are rare in my experience.

Other stuff you can try: measure voltage on your minijacks (or sample from 
other PC), check any digital audio jumpers, make sure your AMD videocard has no 
audio out like HDMI, some multimedia-heavy Linux live CD.

cheers,

-- p

Re: No audio on auvia0 / VIA VT8233 AC97

[Peter Kay]

On 5 June 2012 12:18, Brett brett.ma...@gmx.com wrote:


 doh! I tried that and it does not work for me. Perhaps the connector or
 chip is flaky, and the PCI is the way to go.

 I suspect it's the chipset support rather than the connector. Google
suggests that it's actually a Realtek ALC653 and there were difficulties
getting it working in Linux.

See  : https://bugtrack.alsa-project.org/alsa-bug/view.php?id=1622

Re: Large (3TB) HDD support

[Peter Laufenberg]

 2012/6/1 Tyler Morgan tyl...@tradetech.net:
  http://www.openbsd.org/faq/faq14.html#LargeDrive
 
 That doesn't mention GPT, which is the problem with drives 2TB.
 https://en.wikipedia.org/wiki/GUID_Partition_Table
 
 Can OpenBSD already boot from a 4TB drive on an UEFI system?

Try to buy systems that don't rely on UEFI.  In the next few years,
prepare to buy systems and find out they require UEFI, and then demand
a refund.  Prepare for it to get even worse than that.

There are already a number of BIOSes out there capable of nasty (or really 
cool) stuff pre-OS boot. The BIOS setup page may look like a DOS relic but it 
doesn't mean it actually is. F.ex. prior to Vista's launch, MS demoed a 
fullscreen video before any boot code was actually run.

UEFI has gotten more press, and given RH an opportunity to present itself as 
defender of freedom, but it's really an evolution of PCs running black-box code 
when and where it can do most harm.

-- p

Re: Large (3TB) HDD support

[Peter Laufenberg]

Of course, it isn't /quite/ that simple. GPT is still fairly new, and
whilst it's not too difficult to get a number of operating systems to boot
from GPT, sharing a disk has a number of gotchas.

Exposing dormant OpenBSD partitions to an untrusted OS is stupid unless you 
have no other choice like on a single-HDD laptop -- but it's unlikely to be a 
3TB HDD.

I think docs should actively discourage multibooting and present it as a 
potential risk rather than a feature so people stop bragging how many OSes they 
crammed on a single disk. Most live-CD firmware updates should also be done 
with the OpenBSD HDD unplugged.

-- p

Re: apmd closes/crashes on lid close

[Peter Laufenberg]

dump xset -q and wsconsctl -a, compare working/non-working states, check 
for possible race condition?

-- p

xset dpms 5 10 15 isn't doing anything either, nor xset s 4.

On Sun, Jun 3, 2012 at 11:40 PM, Robert Connolly 
robertconnolly1...@gmail.com wrote:

 Sometimes apmd crashes from a system suspend, and sometimes it does not.

 Sometimes xidle runs xlock, and sometimes it does not.

 Sometimes xlock asks for a password, and sometimes it does not.

 Can anyone tell me whether they have all of these working consistently and
 reliably?

 They were not working for me yesterday. This morning it all worked
 perfectly. Hours later, none of it worked.

Re: Large (3TB) HDD support

[Peter Laufenberg]

On Mon Jun  4 2012 08:16, Peter Laufenberg wrote:
 UEFI has gotten more press, and given RH an opportunity to present
 itself as defender of freedom

I meant that sarcastically

-- p

Re: Large (3TB) HDD support

[Peter Laufenberg]

On Mon Jun  4 2012 08:16, Peter Laufenberg wrote:
 UEFI has gotten more press, and given RH an opportunity to present
 itself as defender of freedom, but it's really an evolution of PCs
 running black-box code when and where it can do most harm.

In fact, RH betrayed the OSS community

It's not exactly their 1st offence :)

They probably say, it's only 99 dollars, so what?

$99 is too little, hopefully they'll charge a lot more so they'll break 
economies of scale while users scramble to avoid Win8 and possibly we'll see 
mobos without a mind-boggling array of environmental sensors every web browser 
already wired to javascript.

-- p

Re: SMTP server pools at odds with the RFC?

[Peter N. M. Hansteen]

Simon Perreault simon.perrea...@viagenie.ca writes:

 Not only is greylisting fine from a protocol point of view (as others
 have pointed out), the IETF is also well aware of it. This is about to
 become an RFC:
 http://tools.ietf.org/html/draft-ietf-appsawg-greylisting

That's a marked improvement over what appeared to be the status only a
few years back.  I still don't quite see why they left the crucial parts
of RFC5321 as ambigous as they had been in the predecessor, but a
greylisting RFC on the standards track is a very welcome development.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: SMTP server pools at odds with the RFC?

[Peter N. M. Hansteen]

Theo de Raadt dera...@cvs.openbsd.org writes:

 it is still false to say that greylisting wasn't permitted by the
 original RFC's.

 it was, and it is.

Any reasonable interpretation (IMO) of the relevant parts of RFC5321 and
RFC2821 means that greylisting is well within the protocol specs.  That
did however not stop people from claiming otherwise, and it was a bit
disappointing back in 2008 to find that the update did not provide even
clearer language. All water under the bridge soonish now, it seems.

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Large (3TB) HDD support

[Peter Kay]

On 4 June 2012 15:06, Christian Weisgerber na...@mips.inka.de wrote:

 Peter Kay syllops...@syllopsium.co.uk wrote:

  GPT is a foregone conclusion unless you are blind to the future. The only
  alternative is OS specific disk hackery, and that does no-one any
 favours.

 Well, OpenBSD/i386 (and now /amd64) has used such hackery since the
 very beginning and doesn't fare too badly with it.

 Back in the day, I used to run FreeBSD with dangerously dedicated
 disks that didn't have MBR partitioning at all, just a pure BSD
 disklabel.  (FreeBSD eventually discouraged/abolished this due to
 some BIOSes refusing to boot disks without an MBR partition table.)

 Let's leave aside the boot techie stuff which I included mainly as a
interesting (to me) related point.

I don't have a particular issue with most of the disk hackery that OpenBSD
currently performs, but the key detail is that at least under x86, powermac
and sgi platforms [1] it seems to work within the boundaries of the native
disk partitioning by using a custom disk format, performing custom
partition labelling or using a native partition as a container for a custom
format (disklabel inside MBR partition).

That strategy tends to co-exist quite nicely with other tools/BIOSes/OSes
that might inadvertently read the disk (with the exception of the pure BSD
disklabel as you say).

That's not the case with storing data outside the 2TB limit enforced by the
MBR design. It seems to me it would be more sensible to stick a disklabel
inside a new OpenBSD GPT partition type. All the data are successfully
protected by a known standard and both the users and disk tools are happy.

I'll grant that multiboot is a rare and usually inadvisable configuration
(although I'd suggest it's useful on laptops sometimes), but protecting all
the data on a uniboot system sounds advisable.

GPT's main selling point is that it is superior to MBR if you use
 either as your native partitioning scheme.  That doesn't apply to
 OpenBSD.

 GPT is also useful if you want different operating systems to coexist
 on the same disk.  For OpenBSD, that's more of a grudgingly tolerated
 configuration and not recommended.


[1] I don't have experience of the other platforms apart than sparc, and
that was some time ago.

Re: Large (3TB) HDD support

[Peter Kay]

Can we please differentiate GPT from EFI. GPT may be part of the EFI
specification, but it's a standalone piece - implementing GPT is not going
to restrict anyone's freedom to do what they want with a machine. Some
possibilities EFI offers are more contentious..

GPT is a foregone conclusion unless you are blind to the future. The only
alternative is OS specific disk hackery, and that does no-one any favours.
Single disk 2TB+ partitions will not even attract comment inside the next 5
years.

Several operating systems out there can happily read GPT disks using a non
EFI BIOS (provided it's not necessary to boot from it), and even in the
case where it's a GPT disk with a GPT only OS (i.e OS X Intel) on a non EFI
BIOS, there are workarounds to get it to boot.

Of course, it isn't /quite/ that simple. GPT is still fairly new, and
whilst it's not too difficult to get a number of operating systems to boot
from GPT, sharing a disk has a number of gotchas. Google is your friend for
details here.

I can also say, having done it (and the fact it's not easily googleable)
that although 'hybrid GPTs' (a GPT disk where the protective fake MBR is
hacked to become a real MBR) are frowned upon (there is potential for
breakage) it does work and it's even possible to hack in an extended
partition (OpenBSD's Fdisk is much better than the alternatives for doing
this piece of hackery). It's entirely possible to get a disk sharing
OpenBSD, NetBSD, Linux, Vista Windows 7 and OS X without any of them
overwriting data from the others. Just be careful.

(for clarity, OS X was the only OS using a real GPT partition : everything
else was on MBR, despite the fact that Windows 7/Vista SP2 x64 (not 32bit),
Linux and NetBSD will boot from GPT partitions with appropriate hackery.
Note that IIRC vanilla NetBSD 5.x will need a customised kernel to run from
a hybrid MBR on GPT, otherwise it gets confused by the presence of a GPT
header. The boot loader was the hackintosh chameleon with  Windows 7's
partition manager as a slave (very flexible once you get to know it. Use
easyBCD))

Re: ikev2 between openbsd and windows

[Peter J. Philipp]

On Tue, May 29, 2012 at 01:55:45PM +0200, Mike Belopuhov wrote:
 On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote:
  2. Doesn't work EAP mode - Windows stops on Checking username and
  password error. Then #13803, 1931...
 
 Hi,
 
 Just to mention it for those not following source-changes@
 that there was a bug in the message ID handling that prevented
 EAP from working correctly.  The fix was committed on Friday.
 
 Cheers,
 Mike

Hi,

I still can't get it to work.  I made two screenshots they are here:

http://ipv4.goldflipper.net/private/iked-eap1.jpg

and

http://ipv4.goldflipper.net/private/iked-eap2.jpg

My iked config looks like this:

ikev2 win7 passive esp \
from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \
srcid 10.0.0.1 \
eap mschap-v2 \
config address 172.16.20.1 \
config name-server 212.18.3.5 \
tag $name-$id

I installed the iked from the -current source on top of the 5.0 binary 
I believe these are the right ones because I see your recent timestamp
in them:

ikev2_msg.c:/*  $OpenBSD: ikev2_msg.c,v 1.15 2012/05/30 09:18:14 mikeb Exp $

Any hint on what I'm doing wrong?  Sorry the screenshots are in german,
Fehler 13843 is Error 13843.  I googled for that but wasn't any wiser after.

Regards,
-peter

Re: ikev2 between openbsd and windows

[Peter J. Philipp]

On Thu, May 31, 2012 at 12:28:47PM +0200, Mike Belopuhov wrote:
  My iked config looks like this:
  
 
 do you have a user specification in your iked.conf?
 which user are you trying to authenticate as?
 user specification occupies a separate line and looks
 like that:
 
 user username password
 
 iked can't consult the local password database or radius
 or any other authentication service at the moment except
 this internal database.

Yes I do have a user entry, right at the top.  I didn't think posting
it was a good idea.

 also, have you tried w/o mschap? you need to select the
 Computerzertifikate verwenden radio button to turn eap off.

I tried that but it had an error, which made me want to try EAP again.

  ikev2 win7 passive esp \
  from 172.16.20.0/24 to 0.0.0.0/0 local any peer any \
  srcid 10.0.0.1 \
  eap mschap-v2 \
  config address 172.16.20.1 \
  config name-server 212.18.3.5 \
  tag $name-$id
  
 
 looks fine except of absent of the user specification.
 i'd ditch the tag though as i didn't test it but it shouldn't
 affect anything.

Hmm.  What to do... Any hint on how to debug this best?

-peter

Re: (Kinda O.T.) Digital Millennium Copyright Act used to censor hardware specifications

[Peter Laufenberg]

On Thu, May 31, 2012 at 11:11, Brett wrote:

 Pursuant to a rights owner notice under the Digital Millennium Copyright
 Act (DMCA), the Wikimedia Foundation acted under the law and took down and
 restricted the content in question. A copy of the received notice can be

 Reverse engineering necessary to have open source in the brave new world?

PCI spec docs (and many others) are copyrighted.  Maybe they should be,
maybe they shouldn't, but they are.

As far as I know, the actual specs cannot be copyrighted (or it's
murky), but knowing wikipedia, somebody probably copied an entire
table from the doc and dropped it into the article.  that's a no-no,
and not something I'd find nearly as alarming as censorship.

A DCMA notice is an improvement over the furious clean-up happening behind the 
scenes.

For example: search for CIPSO, a NetLabel protocol with an IETF RFC, the word 
appears 1263 times in Linux kernel 3.3. No Wikipedia entry but 
Linux_Security_Modules links to an ex-entry... without deletion log. Try the 
Multi ADM link on the same page: dead again, no deletion log. Hmm, the page 
was last edited yesterday. Date of its most recent reference? June 2010. Second 
most recent? 2006.

If you're lucky you can come across time travel pages: a days-old edit using 
future tense to refer to events years in the past.

Entrusting the very definition of reality to a bunch of LSD-dropping hippies is 
JUST NOT RESPONSIBLE :)

-- p

Re: Thinkpad T60 sticky touchpad (amd64/5.1-stable)

[Peter Laufenberg]

I have a Lenovo Thinkpad T60 amd64 laptop (dmesg below) running 5.1-stable
(fresh install of -release from the CD set, then CVS update to -stable).
The touchpad

  pms0 at pckbc0 (aux slot)
  wsmouse0 at pms0 mux 0
  wsmouse1 at pms0 mux 0
  pms0: Synaptics touchpad, firmware 6.2

has an irritating problem in 5.1 (which was *not* present on this same
machine when running 5.0-{release,stable} with X video acceleration
disabled):  When running X (autoconfigured with no xorg.conf), the
pointer will intermittently jump to and stick at either the left side
of the screen, the top of the screen, or the top left corner.
(snip)

Has anyone else seen this sticky touchpad problem?

I've had problems with a synaptics touchpad + USB laser mouse but wasn't using 
the touchpad at all. It wasn't stick-related, possibly not X-related, the mouse 
would connect/disconnect randomly but it's an old laptop so it's possible the 
mouse was just drawing too much power. I haven't investigated the issue further 
yet.

-- p

Re: OpenBSD in April's issue of the CACM

[Peter Laufenberg]

Ad hominem attacks on people they obviously know nothing about

Actually it's this kind of slander that brought me to OpenBSD. While looking 
for an OS that didn't embrace Trusted Computing, I came across Theo's 
wikipedia entry which pounded on him so extensively that it raised a flag. 
Extra points for the stab from Linus 
no-lube-needed/I-can't-feel-a-thing-by-now. Without the slander I probably 
would have stuck with Plan 9.

If you care about setting the record straight (or avoid further distortions) I 
suggest a short in response to section on openbsd.org, more reputable 
publications may pick it up and of course love being able to quote someone else 
criticising the powerful. Cherry on the cake would be a quip from Berners-Lee 
on how the Internet would look had he patented HTTP.

As for ACM, I dropped my subscription a year ago cause they were wasting my 
time on the crapper (admittedly quality reading time:)

 From: Peter Laufenberg [mailto:pe...@x.com] 
 Sent: Thursday, August 18, 2011 5:28 PM
 To: xx...@acm.org
 Subject: Re: Welcome to your second year as an ACM member!
 
 Hi,
 
 I would like to unsubscribe from ACM immediately; I understand there may be 
 remaining months on my last credit card charge.
 
 My main motive is the wildly uneven quality of CACM articles. F.ex. the one 
 about home networking explaining what D-H-C-P is so it can spawn a dozen 
 pages.
 
 Thanks

Re: Plan 9 to OpenBSD (Was Re: OpenBSD in April's issue of the CACM)

[Peter Laufenberg]

I'm not sure what you mean by social but Plan 9 development from Bell is pretty 
slow/opaque and the rest of the community scattered and headless. I don't care 
for Inferno and Rob Pike unfortunately took a job at Google (why Rob, 
why??:-). Plan 9's file paradigm is great but their 3-button mouse UI is crap.

Security-wise Plan 9 doesn't have any creds, good or bad, but hardware support 
without source review is worthless, i.e. you don't know where that code has 
been. OpenBSD's proactive about security and privacy (f.ex autoconfigprivacy 
to mask your MAC on ipv6 sockets), pf is unmatched, etc.

The only thing I miss is an X-less framebuffer in OpenBSD even it'd support 
just a console and text editor. IMHO X has to die, it's a huge pile of crap.

-- p


Hi,

Peter Laufenberg wrote on Wed, May 30, 2012 at 07:51:13AM MST:
 Actually it's this kind of slander that brought me to OpenBSD. While looking
 for an OS that didn't embrace Trusted Computing, I came across Theo's
 wikipedia entry which pounded on him so extensively that it raised a flag.
 Extra points for the stab from Linus
 no-lube-needed/I-can't-feel-a-thing-by-now. Without the slander I probably
 would have stuck with Plan 9.
I have been using OpenBSD exclusively for the last 6 months and I really do
prefer it (both technically and socially) to Linux (which I had used for the
past 15 years) and FreeBSD (which I used to administer at work). I only
started learning about Plan 9 over the past few months and I really like what
I see so far. The one thing that is keeping me from trying to make more use of
it is the lack of drivers for some of my hardware. I am curious about what led
you to go from Plan 9 to OpenBSD. Were they technical in nature or social, or
a little of both?

Thanks,

David

Re: realtek 8188ce not configured

[Peter Laufenberg]

Lenovo won't let me replace the Realtek 8188CE mini-pci card that came
with it with another. The hardware refuses to boot with an
unauthorized network card detected or somesuch error (brilliant!).

What are the chances of getting this card working with obsd? :)

bios-mods.com has high-wire patches to bypass the whitelist, thinkwiki.org a 
couple of less risky tricks but I'd just return the laptop. Some Lenovos have 
the closed-source Express Gate BIOS-level remote desktop, w/ GPU encoding so 
your system load won't even blink.

-- p

Re: spamd-setup fails from cron

[Peter N. M. Hansteen]

On Tue, May 29, 2012 at 08:24:07AM +0200, Jan Stary wrote:
 
 When I run the same command from the command line,
 everything goes fine. Is the cron job run in a more
 restricted environment?

you could be hitting the 'zero minute rush', where world+dog tries to 
connect simultaneously.  try shifting to a few minutes past the hour and
see if that helps.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: More bgpd problems

[Peter J. Philipp]

On Tue, May 29, 2012 at 04:21:12PM +, Matt Hamilton wrote:
 I will happily supply what I can. Just let me know how.

Hello, I've never used BGPd personally but perhaps I can help you get a
backtrace.  There is quite possibly two ways to get a backtrace.  

1. Make BGPD dump core

Recompile the bgpd with debugging symbols (CFLAGS+=-g, LDFLAGS+=-g).  And
install that.

Check the directory of the _bgpd user and make the directory writeable for
the _bgpd user.  If after another crash a bgpd.core file pops up you got it.

You can test this by sending bgpd a SIGABRT and if it didn't core something
is wrong, see #2.

You then type 'gdb /usr/sbin/bgpd bgpd.core' and type backtrace within gdb.
Type quit to exit gdb.  Keep the bgpd.core file around by saving it to another
location as it should overwrite with each subsequent segfault.

2. Attach gdb to the process and wait

Recompile the bgpd with debugging symbols (CFLAGS+=-g, LDFLAGS+=-g).  And
install that.

su to root, tmux the session and from within tmux attach to the bgpd process
gdb /usr/sbin/bgpd pid of bgpd once you're attached bgpd will cease
running temporarily, just type continue (make sure you don't set any 
breakpoints).

You can now wait until bgpd crashes on signal 11.  gdb will break back to
the debugger command line and you can type backtrace within gdb.
Type quit to exit gdb.

When you get to it when it crashed you can attach to the tmux session with
tmux att -d and have before you the gdb command line.  Even better than
just a backtrace is going up and down the stack to see where the program
crashed.  Google for gdb commands.

3. Ask someone else who may have better Ideas.

 Although as you said in another post
 it is hard to replicate. All I seem to be able to see is that this happens
 during some period of network instability. It seems that there is a 
 ripple affect that something happens and that then causes a bgpd
 process to die which then propagates more changes to iBGP peers
 and they then sometimes die as well.
 
 -Matt

Cheers,
-peter

Re: spamd greylisting: false positives

[Peter N. M. Hansteen]

David Diggles da...@elven.com.au writes:

 So there you have it.  Don't use spamd with greytrapping if your
 secondary MX is going to deliver a bounce.  It will confuse SMTP
 servers into giving up.

Secondary MXes that are not set up to actually receive mail for your
domain is one thing (annoying, but just a simple misconfiguration),
another thing you need to do is make sure the secondaries have the same
or equivalent level of spam and malware protection.  That's where things
like spamd's syncronization options come in handy. 

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: spamd greylisting: false positives

[Peter N. M. Hansteen]

In response to various tidbits that popped up in this thread, I put
together some notes on setting up a sane email system, in a works for
me article:

http://bsdly.blogspot.com/2012/05/in-name-of-sane-email-setting-up-spamd.html
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Notebook

[Peter Laufenberg]

I installed VLC, and my webcam works, but my microphone does not seem to be
detected at all. dmesg does not list a usb audio device. What should I do
to investigate this? Is there a better application, other than VLC, for
using a webcam with OpenBSD?

Before you install X/KDE, etc., do a vanilla OpenBSD install and read FAQ 13
multimedia then test sound from the commandline.

From past experience VLC's docs were way behind implementation (on top of
being gigantic) so for debugging it may be the worst application unless you
work from source code.

-- p

Re: spamd greylisting: false positives

[Peter N. M. Hansteen]

David Diggles da...@elven.com.au writes:

 Or did you mean, this breaks spamlogd, rather?

 pass in on egress proto tcp from any to egress \
 port smtp rdr-to 127.0.0.1 port spamd synproxy state

 This is what it was.  The logging is on now.

The important ones to log are the rules that pass smtp traffic from the
members of the spamd-white table (and nospamd if you're using that) plus
the one that passes smtp traffic from your real mail server to
elsewhere. See the spamd and spamlogd man pages, it's explained there.

But why are you synproxying for spamd?

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: spamd greylisting: false positives

[Peter N. M. Hansteen]

David Diggles da...@elven.com.au writes:

But why are you synproxying for spamd?

 Why shouldn't I?

The synproxy was added way back as a way to protect back ends that were
less intelligent about connection setup and IIRC even had one or more
known SYN-related vulnerabilities, so we had a way to only pass valid,
completed connections.  In relation to spamd, it doesn't add any
security, but carries with it the slight overhead of the syn proxying.

 These guys do in their example.
 https://calomel.org/spamd_config.html

I'd ask them the same question.  It rarely if ever makes sense to pile
on options just because they're available.

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: German Government claims to be able to break PGP and SSH

[Peter Laufenberg]

Peter Laufenberg open...@laufenberg.ch wrote:

 My German's rusty but the follow-up article quoting Symantec mentions
 spyware/keylogging, which has been the traditional technique used in
 in the past.

But that's for targeted surveillance.

They still cast a wide net: on ccc.de there's a detailed report of one target
wanking to phone-sex.

The original article refers
to a bulk grep of 16,400 search terms over 37 million e-mail messages.

I just read the PDF, in 2010 they dumped a raw IP stream from which they
extracted individual emails (90% spam) in which they searched for words like
bomb. High-tech stuff. The one-sentence answer about PGP has so many
qualifiers that only an idiot would read it as a blanket success claim, the
gov official was probably puzzled by the question's half-pregnant
formulation.

Golem seem to have buried their story in an embarrassed rush; whoever came up
with the title must be flipping BratwCrste right now.

-- p

Re: German Government claims to be able to break PGP and SSH

[Peter Laufenberg]

car + eimer? ay carambas?!!

Autoeimer, with unlimited strcat() known to overflow students' brains.

Yes the Bundestrojaner. I pictured a fat politician's soggy condom on the 
back of his doggy-style mistress: one for the country! Mild stuff considering 
German pr0n culture.

-- p

On Thu, May 24, 2012 at 10:13 PM, Stuart VanZee stua...@datalinesys.com 
wrote:
What do you guys think about the reliability of the news
(unfortunatelly in German only) on www.golem.de

My German's rusty but the follow-up article quoting Symantec mentions
 spyware/keylogging, which has been the traditional technique used in
 in the past.

-- p

 Quick, someone, how do you say autobucket in German!

 s

Re: German Government claims to be able to break PGP and SSH

[Peter Laufenberg]

What do you guys think about the reliability of the news (unfortunatelly
in German only) on www.golem.de

My German's rusty but the follow-up article quoting Symantec mentions 
spyware/keylogging, which has been the traditional technique used in in the 
past.

-- p

Re: Upgrading OpenBSD

[Peter Laufenberg]

Outstanding point. The thing is this: With MS
PHP is clearly distinct from the OS. I go get it
from php.org. With BSD I must rely on the
package system.

This is taking up a lot of ink; is this a genuine enquiry or a provocation?

Search for Extraneous entries for Visual C++ Standard hotfixes and ponder the 
litany of known issues.

-- p

Re: chromium can't start since two snapshots

[Peter N. M. Hansteen]

Mihai Popescu mih...@gmail.com writes:

 I confirm this is happening on i386 too, but I removed the entire
 chromium folder and cache. OK, it needs to reconfigure the options ...

Here, on amd64, removing only the .config/chromium/SingletonLock did the
trick.  It would have taken me a while to infer that from the error
message, though ;)

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

A totally meaningless statistics that may serve to cheer you up

[Peter N. M. Hansteen]

It seems that with a boost from the recent http://undeadly.org mention,
the online version of my PF tutorial sped past 120,000 unique visitors
total, with

peter@nerdhaven:~$ grep peter/pf /var/log/httpd/home.nuug.no_log | awk '{print 
$1}' | sort | uniq |wc -l
  121150

(total # of unique ip addresses/host names hitting somewhere under
http://home.nuug.no/~peter/pf/, with http://home.nuug.no/~peter/pf/newest/ 
the likely main contributor recently)

and just to produce a meaningless statistic, 

peter@nerdhaven:~$ grep -c peter/pf /var/log/httpd/home.nuug.no_log
  1916849

for raw # of hits to somewhere in that tree. Here's hoping this produced 
at least some CD sales and perhaps the odd book sale.

- Peter

PS Do get your EuroBSDCon submission in, tomorrow's the deadline

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: greylisting and blacklisting rules in pf.conf

[Peter N. M. Hansteen]

ager39...@mypacks.net writes:

 What rules should I have in pf.conf for both greylisting and
 blacklisting? I'd like to blacklist those site that got spam through
 the greylisting.

Unless you explicitly start spamd in blacklisting-only mode, it will
greylist.  

The spamd related rules I have in a typical pf.conf are

table spamd-white persist
table nospamd persist file /etc/mail/nospamd

pass in log on egress proto tcp to port smtp rdr-to 127.0.0.1 port spamd queue 
spamd
pass in log on egress proto tcp from nospamd to port smtp
pass in log on egress proto tcp from spamd-white to port smtp
pass out log on egress proto tcp to port smtp

it's possible you will find my tutorial and slides over at
http://home.nuug.no/~peter/pf/ helpful, and you'll find some
spamd-related field notes via the blogspot link in my .signature

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: IPs in the facebook.com domain accessing OpenSBD firewall

[Peter Laufenberg]

I wonder if these machines in the facebook.com domain are infected
with some malware bots?

Facebook *is* a malware bot:)

Let the request through and log what it tries to do next, this could be quite a 
story.

-- p

Unuseful error message in BIND 9.4.2-P2

[Peter Fraser]

I am putting up OpenBSD 5.1 for the first time and I am getting

May 17 11:36:59 mail named[6539]: starting BIND 9.4.2-P2
May 17 11:37:00 mail named[6539]: command channel listening on 127.0.0.1#953
May 17 11:37:00 mail named[6539]: running
May 17 11:37:00 mail named[6539]:
/usr/src/usr.sbin/bind/lib/isc/unix/socket.c:1218: unexpected error:
May 17 11:37:00 mail named[6539]: internal_send: 192.168.209.2#53: Message too
long
May 17 11:37:00 mail named[6539]:
/usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:111: unexpected error:
May 17 11:37:00 mail named[6539]: unable to convert errno to isc_result: 40:
Message too long
May 17 11:37:00 mail named[6539]: zone 254.168.192.IN-ADDR.ARPA/IN: expired
May 17 11:37:00 mail named[6539]: zone xxx.xxx/IN: expired
May 17 11:37:00 mail named[6539]:
/usr/src/usr.sbin/bind/lib/isc/unix/socket.c:1218: unexpected error:
May 17 11:37:00 mail named[6539]: internal_send: 192.168.209.2#53: Message too
long
May 17 11:37:00 mail named[6539]:
/usr/src/usr.sbin/bind/lib/isc/unix/errno2result.c:111: unexpected error:
May 17 11:37:00 mail named[6539]: unable to convert errno to isc_result: 40:
Message too long

I have hid the domain name with xxx.xxx.
I am building the system as a firewall and the eithernet card with sub network
192.168.209/24 has nothing plugged in.

I expect the error will go away the master dns server does actually exist.

Re: Thank you for an awsome product...

[Peter Laufenberg]

if you ssh from Windows try Bitvise Tunnelier instead of putty. If you ssh from 
*nix... just use ssh.

-- p

 Hello, And thank you for an awsome product...I am a novice,
(just starting out in the linux/unix/bsd world), been a windows server guy and
3d modeler/animator, graphic artist for the last 20 years.I was always afraid
of unix, until recently, I purchased two sun netra x1's, a V100,  a V20z from
ebay cheap with the hopes of learing this new world (for me anyway's) and
setting up a inexpensive render farm.  Being completely new to UNIX, I
have learned LOM on these systems, and have successfully installed openBSD on
these systems with little trouble. I of course did my homework on google, and
there is a great deal of information on what to do. Trial and error, but I
have learned so much in the last couple of weeks. I can remote into these
systems with puTTY now that the network is setup.  I would like to add,
this was the only OS that installed on my SPARC IIe systems without any
issues! I tried netBSD, freeBSD, and some other crap, and all error out before
install starts. Solaris 11 Express installed fine, (for me a major learning
curve) but I learned from google forums. Unfortunatley, solaris 11 finale
release does not run on older architectures, and was removed. But I found you
guys!  I just want to express my grattitude for all of your efforts, and
when I can afford it, I will make some donations to help, (only working part
time at the moment) I am really excited to have accesss to all of the low cost
older servers and be able to implement them into a working secure environment!
I love it!!! Thanks again for all of your hard work, I am sold, and will
continue to learn this, I am not affraid of Unix anymore!
Michael J. Summerfield
Cocoa Florida
Graphic Artist - 3D Modeler - 3D Content Provider





 http://www.turbosquid.com/Search/Artists/imagetek?referral=imagetek

Re: ikev2 between openbsd and windows

[Peter J. Philipp]

On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote:
 4) Install the server certificate on the server:
 
ikectl ca vpn certificate 10.1.0.1 install
 
 5) To export the client certificate in a ZIP'ed PFX format, you need
to install zip utility (pkg_add -i zip).
 
ikectl ca vpn certificate 10.5.0.1 export
 

Does the .tgz file need to be extracted at all on the server?  I've tried
and tried for too long and my certificates are out of sync I think, is there
a command to delete everything and just keep the original blank iked structure
so that one can start over without old certificates in the way?

 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates
by doubleclicking on them.  Make sure that certificates are valid
in the MMC Certificates Snap-In.

This gave me a huge headache.  I tried using MMC (as administrator and other
user) but my vpn client stayed at 13806 error.  Perhaps VPN wasn't meant for 
people like me. 

 7) Configure iked to do RSA auth w/o EAP (for the start):
 
 ikev2 win7 passive esp \
 from 192.168.0.0/24 to 192.168.1.0/24 local any peer any \
 srcid 10.1.0.1 \
 config address 192.168.1.100 \
 config name-server 192.168.0.1
 
Here, 192.168.0.0/24 is a network client is getting access to,
192.168.1.0/24 is a DHCP-like network from which client is
getting an ip address (192.168.1.100 specifically).  Please
note, that the code to turn this awkwardness into real (DHCP-like)
address pool specification is not written yet.  Note that srcid
has to match the host that the certificate is issued to, otherwise
windows will refuse to connect. 
 
Once you do that you can load iked and see that it hooks up the
server certificate (in the iked -dvv output that is).
 
 7) Now on the windows box, go to the Network Connections Center
and create an IKEv2 VPN connection with the client.  Make sure
to check the Certificate radio button on the Security tab in
the connection properties, so that you won't do EAP.
 
 8) Start the connection.
 
 9) Profit!!!
 
 PS.
 
 If someone thinks that this might be turned into some sort of a
 howto or FAQ entry or whatever, please feel free to reuse any
 piece of text.  Attribution is welcomed but not required.

Would love to write something if it worked considering I've struck out
so many times with this.

-peter

Re: stresstest + safest crashlog?

[Peter Laufenberg]

On May 13 17:47:55, Petah wrote:
 I've had a bunch of crashes freezing one PC to such an extent I couldn't 
 recover any log,

You mean, after a reboot?

Ctrl-alt-del won't reboot (pc has no X), I have to keep powerbutton down 5 
secs. There's one post-reboot log entry unrelated to the panic message I got on 
screen; the sys drive is an SSD, which may account for the volatility, panic 
occured while doing a chrooted rsync on the 2nd HDD.

Keyboard input seems flaky, tried a bunch.

If you can exit to ddb, the extraction of information (dmesg, panic,
etc) is easy.

man 8 crash
man 4 ddb
man 8 savecore

thx I'll check those,

-- p


 switch tty, ssh from outside and the machine has no serial port.
 
 What's the surest way to get a crashlog? syslog to a 2nd PC, a USB key with 
 log-cow, buy a PCI serial port card?
 
 Is there a stress script that can be run on a crashtest dummy PC?
 
 thx,
 
 -- p

Re: a live cd/dvd?

[Peter Hessler]

Can you please let us know how you run it, and which packages you needed?

The one at www.linux-speakup.org is a kernel module, and it isn't
obvious how you use this with OpenBSD.


On 2012 May 12 (Sat) at 03:48:35 -0700 (-0700), Eric Oyen wrote:
:since when? h. let me think since about OpenBSD 4.2 or so. and yes, I
:still need some visual assistance when doing an install/upgrade.
:
:also, to answer another poster's question: I use speakup from a linux source
:package (with the proper line in sysctl.conf enabled for linux binaries.
:getting speakup to compile required that I also install a number of packages
:not currently in the ports tree.  lets just say that it is a real headache.
:
:now, orca for X using XFCE works ok. it only requires the GTK dependencies,
:python 5, some misc dependencies (almost all of which can be found in the
:ports tree. still, I don't like using X as it can be a little less than
:intuitive for us blind users.
:
:still, given the number of access avenues we can use (serial port redirect,
:virtual framebuffer devices that can be remotely connected to, cheap sound
:devices and the like) a number of good possibilities can be taken advantage
:of.
:
:I have had chance to start trouble shooting the raw source code for speakup
:and I know what the headache it has: sloppy code and failed documentation.
:considering the time it takes to get that binary working, I am opting for a
:more hardware solution and get a network capable framegrabber device and run a
:lane cable from it to a dedicated lane port on my OS X machine. $234 will get
:me one next month. now, if there were a device/brain interface, then I could
:see the words in my braincase without the additional distractions of sound.
:still, it would be glorious to be able to interface in a way thought possible.
:
:I wish I could be able to plug right into my brain and show what it has been
:missing.
:
:as for my feat: I installed  and hop it works.4.5 openbsd

-- 
Baruch's Observation:
If all you have is a hammer, everything looks like a nail.

Re: Watchdog timeout reset in 5.1 on intel nic:s

[Peter Laufenberg]

I've had the same problem with a KVM, maybe worth a note in the install docs?

-- p

On May 11, 2012, at 19:05, Per-Olov Sjvholm p...@incedo.org wrote:

 On 11 maj 2012, at 11:16, Stuart Henderson wrote:

 On 2012/05/11 01:15, Garry Dolley wrote:
 On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote:
 In gmane.os.openbsd.misc, Garry Dolley wrote:
 On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
 On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
 It says em1: watchdog timeout -- resetting

 aol
 I saw the same on an amd64 VPS from arpnetworks.com. Network was not
 functional. Backed out. Did not investigate further.
 /aol

 Simon

 I had another customer on amd64 report this problem today.  Not sure
 what the solution is.  I'm recommending either downgrade to 5.0 or
 use i386 arch for now.

 If possible, tracking down the commit which broke it, or at least
 narrow it to a reasonably small date range, would help. I have
 an archive of snapshot kernels if you want to work through them
 rather than cvs checkouts, contact me if you'd like access to them.

 Guys,

 I now have an amd64 test VM set up, where I installed stock 5.0.

 I ran a lot of traffic over em0 without any timeouts.

 I also have been trying several -current kernels.

 As of:

 OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012

 I don't see any em0 timeouts.

 I will continue to try newer ones and report back here...

 Hmm - Mar 28 is already after 5.1 was released.

 Could somebody seeing the problem (sperreault?) please send a
 dmesg from a kernel showing the problem?



 Hi Stuart

 Here is a dmesg on 4.9 where it's working and on 5.1 when it's not working.

 http://www.incedo.eu/~sjoholmp/misc_internet_links/timer_problem_openbsd/

 Note that both are virtual OpenBSDs running on the exact same KVM host
version
 and use the same bios etc.

 Regards
 P-O
 --
 GPG keyID: 5231C0C4
 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4


I had this once back in the day, not sure which release but it was
mid-4-point-something.  It turned out to be the presence of my
external real-hardware (IO-GEAR) KVM switch's - internal - USB HUB
monkeying detection of the upstream real USB keyboard.  Once a
keyboard was direct connected, then everything was fine.

Perhaps your real- and/or pseudo- hardware (and firmware/bios) chain
is impairing similarly.

Good luck,

block return on bridge(4)

[Peter Hallin]

Hello,

From man pf.conf:

Options returning ICMP packets currently have no effect if pf(4)
operates on a bridge(4), as the code to support this feature has
not yet been implemented.

Just wondering, will this be implemented?

If I understand correctly, if block return is set on a bridging 
firewall TCP RST will be sent out when TCP is blocked, but nothing is
sent out when UDP or any other protocol is blocked. Right?

Thanks,

Peter Hallin, Lund University

Re: Sendmail at home

[Peter N. M. Hansteen]

Laurence Rochfort laurence.rochf...@gmail.com writes:

 I want to setup sendmail so that I can send mail from my home network.

Shouldn't be too hard, but make sure you get your mail server machine a
static IP address *and* a correct DNS entry, complete with reverse
resolution.  Largish chunks of the net will simply drop SMTP traffic
from hosts without correct reverse on the floor.

And then of course you get to poke into all the pleasures of striving to
keep your inbox relatively sanitary - spamd, spamassassin, clamd etc
come to mind. All the necessary tools are ither in base or within easy
reach as packages. Do remember to read the supplied documentation and
config file comments properly, and you'll get there.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

keyboard question

[Peter J. Philipp]

Hi,

I have a USB Keyboard that when I unplug it and plug it back in it doesn't
come back as recognized by the system.  So I have to log in from the net-
book and reboot.  Is this common to all OpenBSD workstations or just mine?

Here is some info:

jupiter$ dmesg|grep -i nova
uhidev0 at uhub6 port 1 configuration 1 interface 0 NOVATEK USB Keyboard rev 
1.10/1.12 addr 2
uhidev1 at uhub6 port 1 configuration 1 interface 1 NOVATEK USB Keyboard rev 
1.10/1.12 addr 2

I noticed it shows up twice in dmesg here.. but not in usbdevs:

jupiter$ usbdevs
addr 1: EHCI root hub, Intel
addr 1: EHCI root hub, Intel
 addr 2: product 0x0819, Logitech
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
addr 1: UHCI root hub, Intel
 addr 2: EPSON Scanner, EPSON
addr 1: UHCI root hub, Intel
 addr 2: USB Keyboard, NOVATEK
 addr 3: USB-PS/2 Optical Mouse, Logitech
addr 1: UHCI root hub, Intel

Here is a dmesg:

OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8579973120 (8182MB)
avail mem = 8337412096 (7951MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf06f0 (79 entries)
bios0: vendor American Megatrends Inc. version 0805 date 02/24/2010
bios0: ASUSTeK Computer INC. P6T SE
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET OSFR SSDT
acpi0: wakeup devices NPE2(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE8(S4) NPE9(S4) 
NPEA(S4) P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB5(S4) 
EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) P0P5(S4) P0P6(S4) 
P0P7(S4) P0P8(S4) P0P9(S4) NPE1(S4) NPE3(S4) NPE7(S4) GBE_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 3368.06 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu3: 256KB 64b/line 8-way L2 cache
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu4: 256KB 64b/line 8-way L2 cache
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu5: 256KB 64b/line 8-way L2 cache
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.37 MHz
cpu6: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu6: 256KB 64b/line 8-way L2 cache
cpu7 at mainbus0: apid 7 (application processor)
cpu7: Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz, 2806.36 MHz
cpu7: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu7: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec8a000, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (NPE2)
acpiprt2 at acpi0: bus -1 (NPE4)
acpiprt3 at acpi0: bus -1 

FYA: problem with a few mirrors + SHA256 question + rsync + missing package signings

[Gasko, Peter]

FYA (I have to post here, because I can't find e-mail address to these
mirrors):
-

# having install50.iso
ftp://ftp2.eu.openbsd.org/pub/OpenBSD/5.1/amd64/install50.iso

# not having 5.1
ftp://ftp.arcane-networks.fr/pub/OpenBSD/5.1/amd64/
ftp://ftp.irisa.fr/pub/OpenBSD/5.1/amd64/
ftp://ftp.bytemine.net/pub/OpenBSD/5.1/amd64/
ftp://mirror.yongbok.net/pub/OpenBSD/5.1/amd64/
ftp://ftp.piotrkosoft.net/pub/OpenBSD/5.1/amd64/
ftp://ftp.lambdaserver.com/pub/OpenBSD/5.1/amd64/


Question#1: What is the /pub/OpenBSD/5.1/packages/amd64/SHA256? Can
anyone tell?
-

# wget -q 'ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/SHA256'
-O - | grep curl-7.24.0.tgz
SHA256 (curl-7.24.0.tgz) = sRgMosGh+e8luNn+WJhufPBEKVaN0CU+jn/VbQZkBuk=


# wget -q
'ftp://ftp5.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/curl-7.24.0.tgz'
# cksum -a cksum curl-7.24.0.tgz
2242721359 659163 curl-7.24.0.tgz
# cksum -a md4 curl-7.24.0.tgz
MD4 (curl-7.24.0.tgz) = 539aa5a88ca01d8e9fc344be89ed3ec2
# cksum -a md5 curl-7.24.0.tgz
MD5 (curl-7.24.0.tgz) = 4d7c00292dfb35a3a791f08e677d30e2
# cksum -a rmd160 curl-7.24.0.tgz
RMD160 (curl-7.24.0.tgz) = 8b9fcbbb4b8a4de4db922e70062a529035b29618
# cksum -a sha1 curl-7.24.0.tgz
SHA1 (curl-7.24.0.tgz) = 8f04f07cffc3f54b17210c50423e9e1c92aa9985
# cksum -a sha256 curl-7.24.0.tgz
SHA256 (curl-7.24.0.tgz) =
b1180ca2c1a1f9ef25b8d9fe58986e7cf04429568dd0253e8e7fd56d066406e9
# cksum -a sha384 curl-7.24.0.tgz
SHA384 (curl-7.24.0.tgz) =
bf93674e1807d9c8181065f79e268845ae145e01f419bb487362aacb0bf00cf1a2553c809ba3d
9d83b8caa0631cb71aa
# cksum -a sha512 curl-7.24.0.tgz
SHA512 (curl-7.24.0.tgz) =
a12eb464625ae9a44c8ce441040081b96e04fa708fc06be8337d9e556caa5b2290748be35fcc3
7bd2c7ba6bcbc8deddffc91fdbca3040e979d42129b80fa09c8
# cksum -a sum curl-7.24.0.tgz
23485 644 curl-7.24.0.tgz
# cksum -a sysvsum curl-7.24.0.tgz
65416 1288 curl-7.24.0.tgz
#


Question#2: Can rsync work with ssh? Or just rsync?
-

rsync -v -e ssh rsync://ftp5.eu.openbsd.org/OpenBSD/5.1/packages/amd64/SHA256
.
u...@ftp5.eu.openbsd.org's password:


Question#3: Why are package signings missing?
-

Why aren't the packages from ex.:
ftp2.eu.openbsd.org/pub/OpenBSD/5.1/packages/amd64/ signed? Would it
be a big deal to give out a few extra commands? :O :\
AFAIK pkg_add checks the keys of the downloaded packages if the
package is signed (FIXME).



Thank you for your attention  Have a nice day!

Re: kqemu in 5.1

[Peter Ericson]

Could there be a KVM for OpenBSD? I have been wondering for a while if the
answer is an absolute no because it could never be trustworthy enough, not
likely to happen because of lack of interest, or somewhere in between.

Peter Ericson

On 04/05/2012, at 8:28 PM, Weldon Goree wel...@b.rontosaur.us wrote:

 On 05/04/12 06:12, Jes wrote:
 Hi all:

 I can't find kqemu between snapshots packages, ports, or even in 5.1
 packages. I think I've read something about kqemu is deprecated in
 newer versions of qemu (1.0.1) Is this correct? Because performance
 without kqemu is horrible. Any solution?



 Yes, it was killed upstream since Linux now comes with its own hypervisor
(KVM).

 AFAIK OpenBSD currently does not have a working hypervisor since it also
can't be dom0 on xen until such time as xen stops randomly overwriting
register contents at unpredictable times.

 So, as of now, any virtualization will have to be of the plain qemu or bochs
variety. Sorry.

 Best,
 Weldon

Re: AR5212

[Peter Hessler]

Just like everything in OpenBSD, there needs to be people with the
desire and time to make them work.  We welcome any and all
contributions.


On 2012 May 02 (Wed) at 12:40:05 +0400 (+0400), Pavel Shvagirev wrote:
:Hi everyone
:
:Seems like there were no progress for making AR5212-based Atheros
:Wireless cards 802.11g/n capable. Is there any hope for it in the future?
:

-- 
Yeah, but you're taking the universe out of context.

Re: pfsync changes in current?

[Peter Hessler]

On 2012 May 02 (Wed) at 12:09:52 +0300 (+0300), Kapetanakis Giannis wrote:
:On 27/04/12 12:58, Kapetanakis Giannis wrote:
:
:Hi,
:
:After upgrading today to latest -current (i386)
:(f1) OpenBSD 5.1-current (GENERIC.MP) #252: Tue Apr 24 15:58:54 MDT 2012
:(f2) OpenBSD 5.1-current (GENERIC) #209: Tue Apr 24 15:50:09 MDT 2012
:
:I still have the same problem.
:When the primary firewall reboots, It becomes MASTER on the carp
:interfaces
:before the pfsync bulk transfer ends:
:
:
:
:
:This might be related. I've seen it on the 5.1 announcement:
:
:  o Many pfsync(4) fixes and improvements including jumbo frames and
: automatically requesting a bulk update after a physical interface
: comes online.
:
:
:When the secondary firewall is MASTER and sees link-up on the
:dedicated network interface to the primary firewall (which is
:booting) it issues pfsync bulk transfer start thus a carpdemote on
:carp and pfsync groups.
:
:So when the primary firewall comes online it takes over before even
:his bulk transfer ends.
:

No, that is not what that feature does.

When pfsync starts any sort of bulk update, it will increase the carp
demotion counter which makes it refuse MASTER.  Only when the bulk
update finishes (or times out), will it decrease the carp demote
counter, which will allow it to take MASTER, subject to the normal rules.


:Giannis
:

-- 
Never offend people with style when you can offend them with substance.
-- Sam Brown, The Washington Post, January 26, 1977

intel h61 sata ahci problem

[Peter Blokland]

hi,

I got a new Intel dh61ag board, with onboard sata provided through the
h61 chipset. When booting with the controller set to ahci, obsd does not
find any disks. trying to install 5.0/amd64, I see :

ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x05: msi,
unable to reset controller

and no drives are detected. I can boot in IDE-mode, but performance is
dreadful, I get 1MB/s rsyncing from wd0 to wd1, and the machine spends 97%
cpu at handling interrupts.

Any advice ? Will 5.1 have better support ?

-- 
CUL8R, Peter.

Re: intel h61 sata ahci problem

[Peter Blokland]

hi,

 ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x05: msi,
 unable to reset controller

disregard, I thought I had the latest BIOS, but I didn't. updating it
fixed all of my problems. on to installing...

-- 
CUL8R, Peter.

Re: all freezes when I move windows in twm

[Peter Hessler]

On 2012 Apr 23 (Mon) at 17:35:19 +0400 (+0400), Alexei Malinin wrote:
:ropers wrote:
: 2012/4/23 Alexei Malinin alexei.mali...@mail.ru:
:   
: I tried OpaqueMove option in my .twmrc - it helped to eliminate
: freezing during moving of windows.
:
: But freezing still occurs under the following conditions:
: 1) I create an xterm window with undefined geometry resourse,
: 2) twm draws the window outline and waits until I place it
: to somewhere on the screen,
: 3) xmms sound stops during the above twm waiting.
:
: PS. Also I noticed that xmms sound was twitching when
:I was reading e-mail with SeaMonkey :(
: 
: When you say you're still having the problem under those conditions
: and with SeaMonkey  - is that with -CURRENT now? Or what version? (If
: it's not -CURRENT, try that next.)
:   
:
:the problem is on i386 OpenBSD-4.9,
:my next step will be to check the problem with upcoming OpenBSD-5.1...
:

-current != 5.1.

5.1 should have the same behaviour as what you are seeing right now.

-current has rthreads enabled, which is a 1:1 threading mechanism, and
will allow better threading behaviour.

fwiw, -current is what 5.2 will become.

-- 
You don't sew with a fork, so I see no reason to eat with knitting
needles.
-- Miss Piggy, on eating Chinese Food

Re: Kernel roughing in tool

[Peter N. M. Hansteen]

Otto Moerbeek o...@drijf.net writes:

 And as explained in FAQ section 5.6, there are many more reasons not
 to do it.

and amplified by 5.7

It is assumed you have read the above[Section 5.6], and really enjoy
pain.

before it proceeds to a description of how you would go about
customizing.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Help to compile

[Peter J. Philipp]

On Sat, Apr 07, 2012 at 06:13:07PM +, Morten B. Christensen wrote:
 Dear OpenBSD friends,
 
 Is somebody (with programming experience) willing to compile a small DNS
 server for me?
 
 The source code is a single .c file but my lack of skills is annoying :-(
 
 The link to Microdns is here http://samiam.org/software/microdns.html
 
 It is basically an app that gives the same ip out to any query - very easy
 instead of taming the beast bind. The usage is for an http catch-all walled
 garden.
 
 Thanks in advance
 
 Morten Bech Christensen

Interesting little server.  I think someone who does a little bit of 
packetry (very small packet about 4 bytes in length) can find out what 
the person queried before him, so it leaks some data.  Perhaps I can
turn you on to my dns server called wildcarddnsd. 
 http://wildcarddns.sourceforge.net I developed this daemon on openbsd 
from the start.  Granted it's a little more code than microdns but may not
leak like that.

Cheers,
-peter

ALTQ and VLAN interfaces

[Peter Farmer]

Hi All,

I have the following OpenBSD multi-tenant firewall setup:

   |
+-+---+++---+---+
| |   vlan10  |||vlan11 |   |
| | 195.188.200.a |--(em0)--| 195.188.201.a |   |
| | 195.188.200.b | | 195.188.201.b |   |
| |   rdomain 1   | |   rdomain 2   |   |
| +---+ +---+   |
|   |
| +---+ +---+   |
| |vlan160| |vlan161|   |
| |  10.1.160.1   |--(em1)--|  10.1.160.1   |   |
| |  rdomain 160  |||  rdomain 161  |   |
+-+---+++---+---+
   |

vlan10 and vlan11 represent the PUBLIC side of the firewall and each
vlan has a separate rdomain. A customer could be assigned IP addresses
from both vlan10 and vlan11. Traffic from vlans 160 and 161 is then
natted out of vlan10 and vlan11 using pf rules (and vice-verse, with
some tagging). vlan160 and vlan161 represent the customer side of the
firewall, ip addresses on this side can only be rfc1918, but can be
the same subnets in each vlan (hence separate rdomains). What I'd like
to be able to do is queue traffic as it leaves the firewall, both
north and south, but I'm unsure as to where to enable altq. Should I
do:

# out being out of em0
altq on em0 cbq bandwidth 300Mb queue { INT_em0, queue1_out, queue2_out }
queue INT_em0 bandwidth 100Mb cbq(default)
queue queue1_out bandwidth 100Mb cbq(ecn)
queue queue2_out bandwidth 100Mb cbq(ecn)

# Using pass in to keep state for packets coming back out of vlan10
pass in on vlan10 from any to 195.188.200.a queue queue1_out
pass in on vlan10 from any to 195.188.200.b queue queue2_out

# in being out of em1
altq on em1 cbq bandwidth 300Mb queue { INT_em1, queue1_in, queue2_in }
queue INT_em1 bandwidth 100Mb cbq(default)
queue queue1_in bandwidth 100Mb cbq(ecn)
queue queue2_in bandwidth 100Mb cbq(ecn)

# Using pass in to keep state for packets coming back out of vlan160 or vlan161
pass in on vlan160 from any to any queue queue1_in
pass in on vlan160 from any to any queue queue2_in



or should I do:

altq on vlan10 cbq bandwidth 300MB queue { INT_vlan10, queue1_out, queue2_out }
queue INT_vlan10 bandwidth 100Mb cbq(default)
queue queue1_out bandwidth 100Mb cbq(ecn)
queue queue2_out bandwidth 100Mb cbq(ecn)

# Using pass in to keep state for packets coming back out of vlan10
pass in on vlan10 from any to 195.188.200.a queue queue1_out
pass in on vlan10 from any to 195.188.200.b queue queue2_out

# in being out of vlan160
altq on vlan160 cbq bandwidth 100Mb queue { INT_vlan160 }
queue INT_vlan160 bandwidth 100Mb cbq(default)

# Using pass in to keep state for packets coming back out of vlan160 or vlan161
pass in on vlan160 from any to any queue queue1_in
pass in on vlan160 from any to any queue queue2_in


With altq statements for each vlan interface.

Ideally I'd want to do altq on the vlan parent interface.


Thanks,

Peter

Re: hi...

[Peter Hessler]

don't respond to the spammer, idiot.


On 2012 Mar 15 (Thu) at 21:49:56 +0100 (+0100), Francois Pussault wrote:
:When it will be 200% discount  free shipping it then only be interesting
:
:morron spammer


-- 
When you have an efficient government, you have a dictatorship.
-- Harry Truman

Re: Which automake and autoconfig versions to compile NTOP v4?

[Peter Hessler]

On 2012 Mar 12 (Mon) at 00:44:15 + (+), Kaya Saman wrote:
:Would it not just be easier and cleaner to create a new list for
:newbies? That way the more advanced stuff could be taken care of on
:this list and only people willing to help others could post useful
:comments and help on the other list.

This mailing list does exist.  I've been running it (in a very lazy
fasion) since 2002.

You can sign up for it at http://mailman.theapt.org/listinfo/openbsd-newbies


-- 
We can predict everything, except the future.

Re: Which high end multichannel audio interfaces work?

[Peter Hessler]

On 2012 Mar 10 (Sat) at 10:07:25 +0100 (+0100), Jan Stary wrote:
:On Mar 09 18:17:50, Jochen Fabricius wrote:
: I want to build a very flexible PC based digital crossover solution,
:
:What's a digital crossover solution?
:

Ok, seriously.  If you do not know what someone is talking about, please
do not send noise to the mailing list.  I took your exact quote, put it
in google, and found relevant answers in *every* *single* *link* on the
first few pages.  Heck, even the previews had relevance.


-- 
Old age is the most unexpected of things that can happen to a man.
-- Trotsky

Re: Request for a new list: trolling

[Peter N. M. Hansteen]

0xAAA 0x...@online.de writes:

 My suggestion: We  create a new list, eg. trolling  or smalltalk where 
 other
 users can discuss about senseless questions.

Wouldn't it be even better if we headed them off with a web forum or
even a facebook group? 

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: pfsync changes in current?

[Peter Hessler]

On 2012 Mar 07 (Wed) at 15:58:21 +0200 (+0200), Kapetanakis Giannis wrote:
:Hi,
:
:I'm running a setup of Active/backup firewalls with carp/pfsync
:successfully for the last year.
:
:Today I've upgraded the primary firewall to the latest snapshot (12 Feb),
:and as soon as the firewall booted it became MASTER before pfsync
:bulk transfer completed.
:
:Mar  7 15:42:04 echidna /bsd: carp: pfsync0 demoted group carp by 1
:to 133 (pfsync bulk start)
:Mar  7 15:42:04 echidna /bsd: carp: pfsync0 demoted group pfsync by 1
:to 1 (pfsync bulk start)
:Mar  7 15:42:04 echidna /bsd: carp: pfsync0 demoted group carp by -1
:to 128 (pfsyncdev)
:Mar  7 15:42:04 echidna /bsd: carp: pfsync0 demoted group pfsync by
:-1 to 0 (pfsyncdev)
:
:At this point carp group is also automatically demoted to 0-zero and
:it takes over as MASTER.

Can you show this piece from the logs?  Do you have additional logs?

How are the interfaces connected, do you have a dedicated link for the
pfsync traffic?

Can you also share your ruleset?



:I manually did ifconfig -g carp carpdemote to force it to SLAVE
:in order for pfsync bulk transfer to complete and don't loose active
:connections.
:
:Mar  7 15:46:11 echidna /bsd: carp: pfsync0 demoted group carp by -1
:to 0 (pfsync bulk done)
:Mar  7 15:46:11 echidna /bsd: carp: pfsync0 demoted group pfsync by
:-1 to 0 (pfsync bulk done)
:
:Secondary firewall is running 5.0 GENERIC#96 i386 from 21 Nov 2011.
:Can it be a mis-communication between the 2 firewalls due different
:versions?
:
:regards,
:
:Giannis
:

-- 
Perfect day for scrubbing the floor and other exciting things.

Re: Snappy Answers to Stupid Questions - WTF?

[Peter N. M. Hansteen]

On Fri, Mar 09, 2012 at 08:28:37AM +0100, Fredrik Staxeng wrote:
 Do you want users at all? Or was Linus right?

well, we *do* prefer those who come with a sense of humor.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: current releases not updated?

[Peter N. M. Hansteen]

On Wed, Mar 07, 2012 at 09:07:32AM +0100, Didier Wiroth wrote:

 In the past current os packages were updated more often, is there a
 reason why packages are (somewhat old) or are there some changes in
 current update behavior?

There was a similar pause in production of snapshots and their packages 
around release-cutting time about half a year ago too.  I'd expect snapshot 
updates to resume soonish, but I have no firm dates or actual officialish info. 

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: My OpenBSD 5.0 installation experience (long rant)

[Peter N. M. Hansteen]

On Wed, Mar 07, 2012 at 01:26:41PM +0100, Leonardo Sabino dos Santos wrote:
 Next, the disk stuff comes up. A lot of partition information appears
 on the screen, followed by the question:
 
   Use (W)hole disk or (E)dit the MBR? [whole]
 
 At this point I'm actually trying to remember if there's a way to
 scroll back the console, because some information has scrolled of the
 screen. I try PageUp, PageDown, Ctrl-UpArrow, Ctrl-DownArrow, but
 nothing works, so I press Enter.

the OpenBSD installer looks somewhat simplistick, but it's quite consistent
in its chosen conventions, such as displaying the default action in square 
brackets and pressing Enter to accept the entered or displayed value.

or the TL;DR version: you said you wanted to use the whole disk for OpenBSD,
so of course it took you seriously.

 I joined this mailing list just to tell you this: Right now, I feel
 like never, ever touching OpenBSD with a ten-foot pole again.

The best advice you'll ever get about this paricular situation is to read the 
FAQ
(http://www.openbsd.org/faq/), with particular attention to part 4 (the 
installation 
part) and perhaps http://www.openbsd.org/faq/faq4.html#Multibooting for the 
various 
multiboot options. 

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: My OpenBSD 5.0 installation experience (long rant)

[Peter Hessler]

On 2012 Mar 07 (Wed) at 13:26:41 +0100 (+0100), Leonardo Sabino dos Santos 
wrote:
...
:I'm not actually paying
:a whole lot of attention to the questions as this is just a test
:installation and I figure I can always explore and configure the
:system later.
:

You should always pay attention to an *installation* program.
Especially one that installs an *OS*, which is likely to erase your
drive.


:Next, the disk stuff comes up. A lot of partition information appears
:on the screen, followed by the question:
:
:  Use (W)hole disk or (E)dit the MBR? [whole]
:
:At this point I'm actually trying to remember if there's a way to
:scroll back the console, because some information has scrolled of the
:screen. I try PageUp, PageDown, Ctrl-UpArrow, Ctrl-DownArrow, but
:nothing works, so I press Enter.
:
:And my partition table is gone. Poof! Instantly, with no confirmation.


The confirmation was the part that you quoted.  Sorry, but you *do* need
to read what the installation program tells you.  That is the entire
point of having instructions on the screen.


-- 
I really hate this damned machine
I wish that they would sell it.
It never does quite what I want
But only what I tell it.

Re: My OpenBSD 5.0 installation experience (long rant)

[Peter N. M. Hansteen]

Dmitrij D. Czarkoff czark...@gmail.com writes:

 OpenBSD installer should be tuned so that hitting [Enter] all the way
 gets you to a bootable system without side effects

My typical install is almost all hitting Enter (with a couple of obvious
exceptions9, and it ends with a bootable and very usable system. But
then I tend to want OpenBSD as the main or only system. 

Multiboot setups like the one the OP wanted requires a bit of paying
attention and is risky in general.

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Any experience with AMD Fusion?

[Peter Hessler]

I have a Lenovo e205, with the AMD Fusion CPU.

no 2d accel, no Xv.  other than that, I haven't noticed any probems.


On 2012 Mar 06 (Tue) at 20:34:23 +0100 (+0100), Dmitrij D. Czarkoff wrote:
:Hi!
:
:I consider buying Lenovo ThinkPad E325. Among other hardware it features
:AMD Fusion E450 APU with Evergreen graphics.
:
:AFAIK, on linux it is already supported, but the radeon(4) doesn't list
:AMD's HD5xxx series, so I wanted to ask:
:
:*Did anyone have any experience with this hardware under OpenBSD?
:
:*What should I expect from it (2D acceleration, Xv, UVD support)?
:
:--
:Dmitrij D. Czarkoff
:

-- 
The earth is like a tiny grain of sand, only much, much heavier.

Re: OpenBSD 5.0 Trunk with Netgear Managed Switch

[Peter Erickson]

If it is a bug, I wouldn't know where to begin to try and solve it,  
but am willing to do whatever to help figure it out.


On Sat Mar  3 19:05:39 2012, Christian Weisgerber na...@mips.inka.de wrote:


Peter Erickson redlam...@gmail.com wrote:


without any problems when using a trunk so I'm pretty confident that the
switch is configured properly, but am confused about why the trunk
interface will work on a net5501 and not a net6501. The only thing I can
thing of at this point is the net6501 is using the em driver with 4x
Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr
driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why
it would matter.


Those vr's don't have hardware VLAN tagging support, but the em's do.
That shouldn't matter, but maybe there is a bug in that area.
Hmmm.

--
Christian naddy Weisgerber  na...@mips.inka.de

OpenBSD 5.0 Trunk with Netgear Managed Switch

[Peter Erickson]

I have a soekris net6501 running obsd 5.0 and am having problems
creating a trunk interface between it and a Netgear GSM7228PS managed
switch. The switch is configured such that ports 23 and 24 are in a LAG
group and all traffic from vlan id's 2 and 3 should leave the lag
tagged. After creating the trunk and vlans on the net6501, I'm finding
that all traffic traveling through the switch is not properly tagged
even though traffic from the net6501 is. If I remove the lag on the
switch and create the vlans on a single interface, everything works as
expected. Based on that, I thought it was a netgear issue and contacted
them. After hours of trouble shooting with no luck, I just happened to
take the same 5.0 image and run it on a soekris net5501. This worked
without any problems when using a trunk so I'm pretty confident that the
switch is configured properly, but am confused about why the trunk
interface will work on a net5501 and not a net6501. The only thing I can
thing of at this point is the net6501 is using the em driver with 4x
Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr
driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why
it would matter. Any help in identifying the problem would be
appreciated.

This is how I created the interfaces... the only difference between how
I configured the net6501 and the net5501 was that the net5501 uses the
vr driver as opposed to the em.

# ifconfig trunk0 trunkproto lacp trunkport em2 trunkport em3 up
# ifconfig vlan2 inet 172.16.2.253 netmask 255.255.255.0 \
vlan 2 vlandev trunk0
# ifconfig
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:24:ce:69:c4
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 172.16.3.254 netmask 0xff00 broadcast 172.16.3.255
inet6 fe80::200:24ff:fece:69c4%em0 prefixlen 64 scopeid 0x1
em1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:24:ce:69:c5
priority: 0
media: Ethernet autoselect (none)
status: no carrier
em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 
1500
lladdr 00:00:24:ce:69:c6
priority: 0
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::200:24ff:fece:69c4%em2 prefixlen 64 scopeid 0x3
em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 
1500
lladdr 00:00:24:ce:69:c6
priority: 0
trunk: trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::200:24ff:fece:69c4%em3 prefixlen 64 scopeid 0x4
trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:24:ce:69:c6
priority: 0
trunk: trunkproto lacp
trunk id: [(8000,00:00:24:ce:69:c6,4044,,),
 (8000,c4:3d:c7:92:59:41,01A3,,)]
trunkport em3 active,collecting,distributing
trunkport em2 active,collecting,distributing
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::200:24ff:fece:69c6%trunk0 prefixlen 64 scopeid 0x8
vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:24:ce:69:c6
priority: 0
vlan: 2 priority: 0 parent interface: trunk0
groups: vlan
status: active
inet6 fe80::200:24ff:fece:69c6%vlan2 prefixlen 64 scopeid 0x9
inet 172.16.2.253 netmask 0xff00 broadcast 172.16.2.255

Re: OpenBSD 5.0 Trunk with Netgear Managed Switch

[Peter Erickson]

Yes to both... From the Netgear's perspective, the LAG looks good.
It's up and both interfaces are full-duplex.

On Sat Mar  3 14:21:36 2012, Dan Shechter dans...@gmail.com wrote:


Do you see the LAG up on the netgear?

Do you see the links on the netgear as FD?

Best regards,
Dan



On Sat, Mar 3, 2012 at 8:25 PM, Peter Erickson redlam...@gmail.com wrote:


I have a soekris net6501 running obsd 5.0 and am having problems
creating a trunk interface between it and a Netgear GSM7228PS managed
switch. The switch is configured such that ports 23 and 24 are in a LAG
group and all traffic from vlan id's 2 and 3 should leave the lag
tagged. After creating the trunk and vlans on the net6501, I'm finding
that all traffic traveling through the switch is not properly tagged
even though traffic from the net6501 is. If I remove the lag on the
switch and create the vlans on a single interface, everything works as
expected. Based on that, I thought it was a netgear issue and contacted
them. After hours of trouble shooting with no luck, I just happened to
take the same 5.0 image and run it on a soekris net5501. This worked
without any problems when using a trunk so I'm pretty confident that the
switch is configured properly, but am confused about why the trunk
interface will work on a net5501 and not a net6501. The only thing I can
thing of at this point is the net6501 is using the em driver with 4x
Intel 82574IT Gigabit Ethernet ports and the net5501 is using the vr
driver with 4 VIA VT6105M 10/100 Mbit Ethernet ports, but not sure why
it would matter. Any help in identifying the problem would be
appreciated.

This is how I created the interfaces... the only difference between how
I configured the net6501 and the net5501 was that the net5501 uses the
vr driver as opposed to the em.

# ifconfig trunk0 trunkproto lacp trunkport em2 trunkport em3 up
# ifconfig vlan2 inet 172.16.2.253 netmask 255.255.255.0 \
   vlan 2 vlandev trunk0
# ifconfig
em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:00:24:ce:69:c4
   priority: 0
   groups: egress
   media: Ethernet autoselect (1000baseT full-duplex)
   status: active
   inet 172.16.3.254 netmask 0xff00 broadcast 172.16.3.255
   inet6 fe80::200:24ff:fece:69c4%em0 prefixlen 64 scopeid 0x1
em1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:00:24:ce:69:c5
   priority: 0
   media: Ethernet autoselect (none)
   status: no carrier
em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
   lladdr 00:00:24:ce:69:c6
   priority: 0
   trunk: trunkdev trunk0
   media: Ethernet autoselect (1000baseT full-duplex)
   status: active
   inet6 fe80::200:24ff:fece:69c4%em2 prefixlen 64 scopeid 0x3
em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
   lladdr 00:00:24:ce:69:c6
   priority: 0
   trunk: trunkdev trunk0
   media: Ethernet autoselect (1000baseT full-duplex)
   status: active
   inet6 fe80::200:24ff:fece:69c4%em3 prefixlen 64 scopeid 0x4
trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:00:24:ce:69:c6
   priority: 0
   trunk: trunkproto lacp
   trunk id: [(8000,00:00:24:ce:69:c6,4044,,),
(8000,c4:3d:c7:92:59:41,01A3,,)]
   trunkport em3 active,collecting,distributing
   trunkport em2 active,collecting,distributing
   groups: trunk
   media: Ethernet autoselect
   status: active
   inet6 fe80::200:24ff:fece:69c6%trunk0 prefixlen 64 scopeid 0x8
vlan2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
   lladdr 00:00:24:ce:69:c6
   priority: 0
   vlan: 2 priority: 0 parent interface: trunk0
   groups: vlan
   status: active
   inet6 fe80::200:24ff:fece:69c6%vlan2 prefixlen 64 scopeid 0x9
   inet 172.16.2.253 netmask 0xff00 broadcast 172.16.2.255








--
Peter Erickson
redlam...@gmail.com

EuroBSDCon 2012 Call For Proposals

[Peter N. M. Hansteen]

EuroBSDcon 2012
===

EuroBSDcon is the European technical conference for users and
developers on BSD-based systems. The EuroBSDcon 2012 conference
will be held in Warsaw, Poland from Thursday 18 October 2012
to Sunday 21 October 2012, with tutorials on Thursday and Friday
and talks on Saturday and Sunday.

Call for Proposals
--

The EuroBSDcon conference is inviting developers and users of
BSD-based systems to submit innovative and original papers not
submitted to other European conferences on BSD-related topics.

Topics of interest to the conference include, but are not limited
to applications, architecture, implementation, performance and
security of BSD-based operating systems, as well as topics
concerning the economic or organizational aspects of BSD use.

Presentations are expected to be 45 minutes.

Call for Tutorial Proposals
---

The EuroBSDcon conference is inviting qualified practitioners in
their field to submit proposals for half or full day tutorials on
topics relevant to development, implementation and use of BSD-based
systems.

Submission address
--

Proposals should be submitted by email to submiss...@eurobsdcon.org.

Important dates
---

The EuroBSDcon conference is accepting abstracts and tutorial
proposals until 20 May 2012. Other important dates will be
announced soon at the conference website http://2012.eurobsdcon.org/.

Re: Router project on OpenBSD questions

[Peter Hessler]

On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote:
:OpenBSD is not perfect too, it would be nice that pflow handles ipv6

pflow now handles ipv6 (in 5.1)

:and the support of one year is a bit short. But nothing is perfect.

If you need support for longer than a year, you will need to contact a
vendor offering openbsd support.


-- 
Fights between cats and dogs are prohibited by statute in Barber, North
Carolina.

Re: pgt firmware ...

[Peter Hessler]

NO!

For the love of everything holy, don't fucking use wget.

the built-in ftp(1) client can download from http servers.

and, do NOT just extract the files.  we have package tools for a reason.

EITHER:
 a) pkg_add http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz

OR 

 b) ftp http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2.tgz  
pkg_add ./pgt-firmware-1.2.tgz

Anything else is stupid.



On 2012 Feb 26 (Sun) at 18:21:31 +0400 (+0400), Wesley M. wrote:
:Try this :
:add wget package using pkg_add -vi wget
:wget http://firmware.openbsd.org/firmware/5.0/pgt-firmware-1.2p2.tgz
:Then extract this in /etc/firmware.
:Halt your machine, Remove your network card, and now plug the new card,
:boot
:
:Hope that it will help.
:
:Wesley.
:
:
:On Mon, 27 Feb 2012 00:02:28 +1030, David Walker
:davidianwal...@gmail.com wrote:
: Thanks Wesley.
: 
: I forgot about that.
: I was going from man pgt which says:
: FILES
: 
:  A prepackaged version of the firmware, designed to be used with
:  pkg_add(1), can be found at:
: 
: http://firmware.openbsd.org/firmware/pgt-firmware-1.2.tgz
: 
: The problem I have is that fw_update doesn't accept arguments and I
: need the adjacent pcmcia slot for the ethernet card and they are both
: bulky cards.
: I need to remove the conexant card to insert the ethernet card to
: access the network and then fw_update reports there are no devices to
: update - the conexant card is no longer attached.
: :]
: 
: If you can think of a way to run this locally it'd be great.
: 
: On 26/02/2012, Wesley M. open...@e-solutions.re wrote:
: try fw_update (provided in OpenBSD 5.0)
:
: Wesley.
:
: On Sun, 26 Feb 2012 17:51:03 +1030, David Walker
: davidianwal...@gmail.com wrote:
: Hi.
:
: I'm trying to do:
: pkg_add http://firmware.openbsd.olg/firmware/pgt-firmware-1.2.tgz
:
: I get this:
: parsing pgt-firmware-1.2.tgz
: Bad pkg_db: No such file or directory at
: /usr/libdata/perl5/OpenBSD/PackageInfo.
: pm line 63.
:
: Do I need to add perl manually?
:
: Best wishes.
:

-- 
Cleaning your house while your kids are still growing is like
shoveling the walk before it stops snowing.
-- Phyllis Diller

Re: Unbound in base

[Peter van Oord van der Vlies]

Hello,

Why replacing bind ?

Kind Regards

Peter

- Oorspronkelijk bericht -
Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl]
Verzonden: Monday, February 13, 2012 10:35 PM
Aan: misc@openbsd.org
misc@openbsd.org; t...@openbsd.org t...@openbsd.org
Onderwerp: Unbound in base

Hello,

After some recent discussions [1, 2] on the topic of unbound in base, and
(more important) really liking the idea of an alternative for BIND in base, I
made a start with fitting the different pieces of the puzzle. What is
finished:

1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant
Makefile wrappers. Wrapper script also compiles and installs drill;
2.) Testing (read: does it compile and work) on AMD64.

Stuart Henderson had some good remarks on integrating the above [3]. What do
you guys think of the following:

What to do with the BIND tools (dig/host/nslookup)?

Unbound offers drill. From drill.1: The name drill is a pun on dig. With
drill you should be able get even more information than with dig.. Proposal
therefore is to replace the BIND tools with drill.

Do we run unbound-anchor automatically? if so, how do we handle possibly not
having working DNS at that time to resolve data.iana.org
(http://data.iana.org) (http://data.iana.org)?

From unbound-anchor.8 I understand that unbound-anchor can be run from the
command line, or run as part of startup scripts _before_ the actual (unbound)
DNS server is started. So there is no need for DNS. Proposal therefor is to
run unbound-anchor automatically before starting the unbound daemon (rc_pre
in
unbound rc-script).



How and when do we automatically generate unbound-control keys? if so, where
should that be done? b

From unbound-control.8: The script unbound-control-setup generates these
control keys in the default run directory. If you change the access control
permissions on the key files you can decide who can use unbound-control. Run
the script under the same username as you have configured in unbound.conf or
as root, so that the daemon is permitted to read the files, for example with:
sudo -u unbound unbound-control-setup. If you have not configured a username
in unbound.conf, the keys need read permission for the user credentials under
which the daemon is started. The script preserves private keys present in the
directory. After running the script as root, turn on control-enable in
unbound.conf.

The unbound-control-script can be called from rc-make_keys(). The knob
'control-enable' can be set as default.

After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to
large to send to this list. if anyone feels like looking at the workbdo not
hesitate to mail me.

Again, what do you guys think?

Kind regards,

BjC6rn


[1] http://marc.info/?l=openbsd-miscm=132205020820910w=2
[2] http://marc.info/?l=openbsd-techm=132573371521516w=2
[3] http://marc.info/?l=openbsd-miscm=132217547525487w=2

Re: Keeping installed ports up-to-date

[Peter N. M. Hansteen]

On Tue, Feb 14, 2012 at 07:06:26PM +1030, Giridhari wrote:
 whatbs the correct procedure for keeping ports that are installed up to
date
 when the system is updated with CVS?

Use packages. Set your PKG_PATH to something appropriate - since I'm based in
northern Europe,
the .profile for a i386 box of mine contains this line:

export
PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/`uname -m`/

then use pkg_add -vui or similar to fetch and install updated packages that
may be available.

Only very rarely does it make sense to build packages locally. Also the FAQ is
your best friend,
in this case specifically part 15 - http://www.openbsd.org/faq/faq15.html

- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Unbound in base

[Peter Hessler]

On 2012 Feb 14 (Tue) at 13:23:01 +0400 (+0400), Mo Libden wrote:
:14 QP5P2QP0P;Q 2012, 12:59 PQ Gregory Edigarov
g...@bestnet.kharkov.ua:
: On Tue, 14 Feb 2012 08:09:16 +
: Peter van Oord van der Vlies peter.vanoordvandervl...@itisit.nl wrote:
:
:  Hello,
: 
:  Why replacing bind ?
:
: Because bind is full of security related bugs and a bloatware.
:
:Oh come on!
:They say about the same thing about sendmail for years (decades already?).
:Still it is in the base.

Did you notice that there is lots of work being done to replace sendmail?

Yes, there is an interest in replacing bind (and sendmail).  However, we
are doing it slowly and cautiously, to ensure we do not make the
situation worse.


--
Any sufficiently advanced technology is indistinguishable from a rigged
demo.

Re: Unbound in base

[Oliver Peter]

On Tue, Feb 14, 2012 at 01:23:01PM +0400, Mo Libden wrote:
 14 QP5P2QP0P;Q 2012, 12:59 PQ Gregory Edigarov
g...@bestnet.kharkov.ua:
  On Tue, 14 Feb 2012 08:09:16 +
  Peter van Oord van der Vlies peter.vanoordvandervl...@itisit.nl wrote:
 
   Hello,
  
   Why replacing bind ?
 
  Because bind is full of security related bugs and a bloatware.

 Oh come on!
 They say about the same thing about sendmail for years (decades already?).
 Still it is in the base.

smtpd(8) is underway. Also there is no proper MTA implementation out
there served under the BSD license (i.e. Postfix has IBM license).

Unbound (and also nsd) is a good and lightweight alternative to
sendmail using the BSD license.  License stuff is more important than
it sounds.

IMO the separate development of a resolver (unbound) and an authoritive
nameserver (nsd) is better than having all functionality within one
server (named).

--
Oliver PETER   oli...@opdns.de   0x456D688F

Re: Compiling R from source

[Peter Hessler]

Including missing headers is completely the correct fix, please submit
the patches to the upstream author.


On 2012 Feb 06 (Mon) at 10:01:49 + (+), Zi Loff wrote:
:I managed to compile R-2.14.0 and .1 from source on OpenBSD 5.0 (i386).
:
:Make failed because that two of the tre source files require stdint.h
:(for WCHAR_MAX definition) but don't include it. I managed to build R by
:inserting
:#include stdint.h
:on src/extra/tre/tre-compile.c and src/extra/tre/tre-parse.c
:
:I know this is an ugly hack, and fiddling with the sources seldom is a
:good idea, but it got the job done...
:
:There are some additional issues with the Cairo graphics device,
:-pthread as a LDFLAG and some of the tests that configure runs, but I'm
:still working on that. I'll share my findings when I have more concrete
:answers (later today, hopefully).
:
:
:
:On 02/03/12 12:02, Richard Thornton wrote:
: Using OpenBSD 5 on an old sparc 64 sun blade, I am trying to compile R from
: source, downloaded from the cran-r website;
: The ./configure works, but make always fails.  I realize that there is a R
: package available already but it is a 2008 version, and it has terrible
: graphics, anyone have a more recent port for sparc64?
:

-- 
One planet is all you get.

Re: sendmail TLS errors

[Peter Fraser]

Thanks, particularly for the

Try_TLS:rci.rcimx.net NO

If fact I had to use

Try_TLS:rcimx.net NO
Try_TLS:securence.com NO

To get all the ones that I know about

-Original Message-
From: Philip Guenther [mailto:guent...@gmail.com]
Sent: Saturday, February 04, 2012 1:53 AM
To: Peter Fraser
Cc: misc@openbsd.org
Subject: Re: sendmail TLS errors

On Sat, Jan 28, 2012 at 1:59 PM, Peter Fraser p...@thinkage.ca wrote:
 I am getting the following errors, with sendmail (Openbsd 5.0 and
 errors were there for 4.9 as well)
...
 Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client:
 372:error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls
 invalid ecpointformat
 list:/usr/src/lib/libssl/ssl/../src/ssl/t1_lib.c:1470:
...
 From peering around with google these seem to come from an error in
 ssl. I assume that it is edgewave.com.mx1.rci.rcimx.net that has the
 error, not OpenBSD 5.0 but none the less I cannot send email to this
 site, with TLS enabled.

This was a bug in the EC point extension support in OpenSSL versions before
1.0.0c, including the version in OpenBSD 5.0.  It's fixed in the version of
OpenSSL that's been imported since then for OpenBSD 5.1.


 It my surprise I found that not configuring  TLS on sendmail.mc only
 turns it off for receiving not sending.

That's true.  There's a fundamental asymmetry to SSL/TLS, where servers have
to be configured with certs and such but clients require nothing.  My reading
of the history of the design of SSL is that that was intentional.

So, how do you turn TLS client support off completely in sendmail?
The easiest method is probably to use LOCAL_TRY_TLS in your .mc file to define
a try_tls ruleset that always returns NO.


 The only way I can find to turn it off for sending is by adding

 Try_TLS:edgewave.com.mx1.rci.rcimx.net NO
 Try_TLS:edgewave.com.mx2.rci.rcimx.net NO
 Try_TLS:edgewave.com.mx3.rci.rcimx.net NO
 Try_TLS:edgewave.com.mx4.rci.rcimx.net NO

 to sendmail's map access database.

That looks correct.  You could also apply that to the entire rci.rcimx.net
domain with a single entry:

Try_TLS:rci.rcimx.net NO


 It would have been nice if sendmail falls back to a none TLS
 connection if the handshake occurs.

Well, the handshake also fails whenever an attackers interferes with the
connection.  A revert to insecure when attacked behavior makes you secure
except when it matters.


Philip Guenther

sendmail TLS errors

[Peter Fraser]

I am getting the following errors, with sendmail (Openbsd 5.0 and errors were
there for 4.9 as well)

Jan 28 16:34:48 mail sm-mta[24871]: starting daemon (8.14.5):
SMTP+queueing@00:30:00
Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client, error: connect failed=-1,
SSL_error=1, errno=0, retry=-1
Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:1411809D:SSL
routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat
list:/usr/src/lib/libssl/ssl/../src/ssl/t1_lib.c:1470:
Jan 28 16:34:51 mail sm-mta[372]: STARTTLS=client: 372:error:14092113:SSL
routines:SSL3_GET_SERVER_HELLO:serverhello
tlsext:/usr/src/lib/libssl/ssl/../src/ssl/s3_clnt.c:945:
Jan 28 16:34:51 mail sm-mta[372]: ruleset=tls_server, arg1=SOFTWARE,
relay=edgewave.com.mx1.rci.rcimx.net, reject=403 4.7.0 TLS handshake failed.

From peering around with google these seem to come from an error in ssl. I
assume that it is edgewave.com.mx1.rci.rcimx.net that has the error, not
OpenBSD 5.0
but none the less I cannot send email to this site, with TLS enabled.

It my surprise I found that not configuring  TLS on sendmail.mc only turns it
off for receiving not sending.

The only way I can find to turn it off for sending is by adding

Try_TLS:edgewave.com.mx1.rci.rcimx.net NO
Try_TLS:edgewave.com.mx2.rci.rcimx.net NO
Try_TLS:edgewave.com.mx3.rci.rcimx.net NO
Try_TLS:edgewave.com.mx4.rci.rcimx.net NO

to sendmail's map access database.

The addresses belong to a email company that handles email for a other
companies.  I know of 5 companies that
I cannot send to.

You can try this yourself by sending email to x...@redcondor.com
The email doesn't exist but the connection is dropped before anyone discovers
that xxx is not valid.

It would have been nice if sendmail falls back to a none TLS connection if the
handshake occurs.
As it is I have to watch the maillog to identify which mail is being blocked
and adding the resulting address the access map

Re: Starting out

[Peter N. M. Hansteen]

Jannik Pruitt pruttel...@googlemail.com writes:

 I got my netier xl 1000 runing now.
 It has full network and I can ssh to and from.
 X does come up.

excellent, you're on your way to several good and interesting experiences!

 What I want to do now is put a better terminal in.
 A small office suite either console or X based or both.

 And I want to install a web browser

I'm not quite sure what your criteria are for any of these. The best
advice I can offer is to explore what the package system has to offer.
Read the man pages, man 7 packages might be appropriate, or you could
try browsing eg http://openports.se/ and see what strikes you as
appealing.  Also, a web search on OpenBSD + whatever will hopefully turn
up useful references for whatever, likely from the archives of
openbsd-misc.

 I know that Open BSD is not really a desk top system.

wut? it's been my main desktop since quite a while back (2005ish if
memory serves -- I was on FreeBSD or Linuxes until I came to my senses).

 But its so low in installed space

That it is. I think the numbers from the pix in my old blog post
http://bsdly.blogspot.com/2010/01/goodness-of-men-and-machinery.html are
still in the ballpark (except the compNN.tgz set, which shrunk to
sixtyish megs compressed by weedning out irrelevancies soon after)

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

5.1-beta compiler warning confuses me

[Peter J. Philipp]

Hi,

I have a vm that I upgraded to 5.1-beta last week some time.  One of my
software's is getting a compiler warning now that it didn't get in 5.0.

---
cc -Wall -g  -I/usr/local/include/db4   -c reply.c
reply.c: In function 'create_anyreply':
reply.c:2975: warning: array size (2) smaller than bound length (4)
reply.c:2975: warning: array size (2) smaller than bound length (4)
cc -Wall -g  -I/usr/local/include/db4   -c additional.c
---

The line of code looks like this:

---
memcpy((char *)answer-rdata, (char *)sd-a[pos++ % mo
d],
sizeof(in_addr_t));
---

The entire file can be found at sourceforge cvs repo here:

http://wildcarddns.cvs.sourceforge.net/viewvc/wildcarddns/wildcarddnsd/reply.c?view=log

What could cause this?  And how do I fix my code to get rid of this warning?

Thanks for any help,

-peter

Re: 5.1-beta compiler warning confuses me

[Peter J. Philipp]

On Thu, Jan 26, 2012 at 07:03:39PM +0100, Otto Moerbeek wrote:
  
  http://wildcarddns.cvs.sourceforge.net/viewvc/wildcarddns/wildcarddnsd/reply.c?view=log
 
 Which revision are you using?
 
   -Otto

Hi Otto,

I'm at HEAD with this, it requires berkeley db 4.6 (or higher) if you are
wanting to compile this.

-peter

  
  What could cause this?  And how do I fix my code to get rid of this warning?
  
  Thanks for any help,
  
  -peter

Re: 5.1-beta compiler warning confuses me

[Peter J. Philipp]

On Thu, Jan 26, 2012 at 07:22:37PM +0100, Otto Moerbeek wrote:
  cc -Wall -g  -I/usr/local/include/db4   -c reply.c
  reply.c: In function 'create_anyreply':
  reply.c:2975: warning: array size (2) smaller than bound length (4)
  reply.c:2975: warning: array size (2) smaller than bound length (4)
  cc -Wall -g  -I/usr/local/include/db4   -c additional.c

some cut


 
 2553  struct answer {
 2554  u_int16_t type; /* 0 */
 2555  u_int16_t class;/* 2 */
 2556  u_int32_t ttl;  /* 4 */
 2557  u_int16_t rdlength;  /* 8 */
 2558  char rdata[0];  /* 10 */
 2559  } __packed;
 
 Since rdate is an array, there's at least a redundant .
 
 Zero sized arrays are actually not legal and a gnu extension.  With
 ANDSI C, use [1] but note it changes the size of the struct), and with
 C99 use []. 
 
   -Otto

When I changed it to char rdata[4]; on line 2558 like you pointed me to
the message disappeared.  Now correct me if I'm wrong, __packed or 
__attribute__((packed)) which I throw out due to some code example eons ago,
should have packed the struct below a 2 byte boundary or something.  Is this
functionality gone now?  Because when I do rdata[4], the size of the struct
should be 14 bytes which lies on a 2 bytes boundary.  Thankfully my code is
forgiving on an rdata[4].  At least at first sight.

Thank you for solving my problem!  (Thanks to Christiano too!)

-peter

Re: OpenBSD 4.4

[Peter N. M. Hansteen]

R0me0 *** knight@gmail.com writes:

 I'm running a full patched OpenBSD 4.4 with very complex setup, and I'm
 planning an upgrade to 5.0.

That's a seriously long jump, but then again, that upgrade may very well
be a blessing in disguise -- an opportunity to identify what parts of
your complex setup are actually just cascades of accidents that followed
quasi-logically from other earlier accidents (no worries, this should
sound familiar to most of the people who've been around for a while) and
what actually matters and needs to be that way for a reason.

Do take the time for proper preparations, though: at the very least read
through the upgrade steps for each of the versions, starting from
http://www.openbsd.org/faq/upgrade45.html and proceeding through
http://www.openbsd.org/faq/upgrade50.html.  

The only *supported* method is to go through all of those upgrade steps,
but you might find it easier to back up your data and config, do a clean
install, restore data and then introduce those configuration elements
that are in fact essential or at least useful for your particular
environment.

 At this moment, if I execute nmap 10.20.0/16, I have a dbg . I've limited
 the number of max connections and connections per seconds, that solved the
 problem.
 When dbg occurs, I cannot do a trace because it completely hangs.

Others have offered as useful input as can be had on those.

Good luck with the upgrade!

All the best,
Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

youtube works, thanks!

[Peter J. Philipp]

Hi,

I noticed today by accident that the videos on Youtube work.  They are HTML5.
The sound I made happen by by starting aucat -l.  Is this old news or am
I dreaming?

-peter

Re: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011

[Peter Hessler]

This is not -current, this is -release.  This PKG_PATH will not work
with 5.0-current.


On 2012 Jan 19 (Thu) at 18:16:59 +0100 (+0100), Francois Pussault wrote:
:Hi,
:
:I use this :
:# echo $PKG_PATH
:ftp://ftp.openbsd.org/pub/OpenBSD/5.0/packages/sparc64/
:
:
: 
: From: Richard Thornton thornton.rich...@gmail.com
: Sent: Thu Jan 19 17:50:08 CET 2012
: To: misc misc@openbsd.org
: Subject: OpenBSD 5.0-current (GENERIC) #65: Thu Nov 3 00:58:36 MDT 2011
:
:
: Is this the most recent current version for sparc64 and does this imply
: that I have the true current kernel running, thus my PKG_PATH should be
: set to pull for the current set of packages?
:
:
:
:Cordialement
:Francois Pussault
:3701 - 8 rue Marcel Pagnol
:31100 ToulouseB 
:FranceB 
:+33 6 17 230 820 B  +33 5 34 365 269
:fpussa...@contactoffice.fr
:

-- 
You may easily play a joke on a man who likes to argue -- agree with
him.
-- Ed Howe

Re: locate weirdness

[Peter Hessler]

On 2012 Jan 18 (Wed) at 10:15:34 -0600 (-0600), L. V. Lammert wrote:
:Running the find separately identified the file system problem, and
:it was easily fixed as a result.

So, what was the actual problem?  Permissions?

-- 
There are two types of people in this world, good and bad.  The good
sleep better, but the bad seem to enjoy the waking hours much more.
-- Woody Allen

Re: mailserv project

[Peter Hessler]

On 2012 Jan 17 (Tue) at 09:17:35 -0500 (-0500), Nico Kadel-Garcia wrote:
:On Mon, Jan 16, 2012 at 9:32 AM, Nick Holland
:n...@holland-consulting.net wrote:
: On 01/16/12 02:09, Wesley M. wrote:
: On Mon, 16 Jan 2012 07:40:57 +0100, Tomas Bodzar tomas.bod...@gmail.com
: wrote:
: There's sendmail in base system and there's ongoing work on smtpd by
: OpenBDS devs (other components are in ports). Anyway you're welcome to
: start port see http://www.openbsd.org/faq/ports/index.html
:
:
: It is not an other MTA.
: It is a script with config files, it installs a secure mail server
: (Administration using a Web interface)
: Postfix+Nginx+Spamd+Spamassassin+Dovecot+Roundcube+sql database
: Actually works on OpenBSD 4.8 / 4.9
:
: It doesn't work on OpenBSD 5.0
: There's a lot of changes like Nginx/Dovecot/php
:
: If someone can update the work : http://[cobwebsite deleted]/
:
: Ah, sounds like you found a good reason NOT to use projects like this.
:  Do this, do that, download this, run that, *poof!* you have a mail
: server with no idea what you are doing!
:
:Be nice to tne newbs! Showing them a well written tool, especially a
:configuration interface, that they can follow the workflow of is
:priceless to a busy admin or a busy programmer.
:

Except, it ISN'T a well written tool.  It is horrifically bad.  And the
intention is not to teach, but to click-and-forget, which is dangerous
at best.


-- 
Draft beer, not people

Re: No schizophrenia

[Peter Hunčár]

Omg,  this one is still going on?

Please stop filling those Internet tubes with useless attempts to argument
with a troll. You'd never win. And this whole topic...  Waste of time...

Peter
On Jan 11, 2012 12:24 AM, John Tate j...@johntate.org wrote:

 Just an idiot, Jan Stary, who turned the sentence 7 years of
 FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and
 less faith in minds like hers. What an embarrassment... oh dear. She should
 learn to read.

 I'm back, healthy as can be. I had a nice holiday.

 I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD
 GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE
 WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER
 SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I
 NEVER SAID THE WORD GURU

 John Tate

 --
 www.johntate.org

Re: PF Snort tutorial

[Peter N. M. Hansteen]

Wesley M. open...@e-solutions.re writes:

 Perhaps, this can be helpful ;-)
 http://www.procyonlabs.com/guides/openbsd/snort/

It's possible it's quite valid for the Snort parts, but unfortunately
this HOWTO shows several of the features typical of docs maintained by
people who are not, in fact, terribly familiar with OpenBSD:

first off, consider the statement

   One thing a lot of people overlook is patching their OpenBSD
system(s). This is because it is a major pain in the ass. 

Show of hands, how many of people here agree with that statement?

Next, the only part of the system he considers important enough to patch
is the kernel.  (OpenBSD has patches for all parts of the base system,
the only patch so far for 4.9 is for bind, not the kernel).

He then moves on to rebuild all packages locally from the ports tree,
but there are no indications that he builds special flavors that are not
already available as downloadable packages.

And finally, he then proceeds to download -- to /usr/src of all places
-- the source archives for Snort and supporting software (which may or
may not be due to some appropriate reason such as the packages (aka
ports) lagging behind upstream), builds and installs them.

All this while working as root (not a sudo in sight, but this may be one
of my grumpier nights). 

If you find this is a useful document, it would be a very smart move to
prod its author to check that the information is still up to date and to
make any changes that are necessary for OpenBSD 5.0. It's only been two
months, but even busy and forgetful people who take an active interest
*should* be able to find the time for keeping their stuff up to date.

As others have said here earlier, any document that claims to be about
OpenBSD and does not live somewhere on http://www.openbsd.org/ should
be treated with caution, one of the things to look out for is some basic
familiarity with OpenBSD such as the points (possibly minor) I pointed
out earlier.

Cheers,
Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: CF Card setup

[Peter N. M. Hansteen]

Jannik Pruitt pruttel...@googlemail.com writes:

 ifconfig says
 lo0 (up loop back running multicast mtu 33196
 R10 Media enthernet auto  (This is normally the IP address I think but
 there is not one)
 Enco - also active
 PFlog0 also active

I assume R10 is actually rl0, indicating that the Ethernet card is a
Realtek based part (see man rl).  You need to put together a valid
config file for that one, /etc/hostname.rl0, with appropriate contents
using your favorite text editor (mg and vi are in the base system).

Reading at least man hostname.if and http://www.openbsd.org/faq/faq6.html 
is a really good idea at this point.  Most likely you need a file that
consists of a single line, either

dhcp 

for a simple dhcp setup, or for a fixed address and a specific link
speed something like (lifted from man hostname.if)

inet 10.0.0.1 255.255.255.0 10.0.0.255 description Bob's uplink

in which case you will also need to add useful content to
/etc/resolv.conf (and likely /etc/hosts) for name resolution to work
plus possibly a few other wrinkles such as enabling forwarding if it's a
gateway you're building, and so on.  

The best place to start is to read the relevant parts of the FAQ and the
man pages.  OpenBSD documentation is both accessible and useful, and if
you're still stuck some of us have written supplementary docs that are
not that hard to find.  Or come back here, reasonable questions usually
generate somewhat useful answers.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: CF Card setup

[Peter N. M. Hansteen]

pe...@bsdly.net (Peter N. M. Hansteen) writes:

 for a simple dhcp setup, or for a fixed address and a specific link
 speed something like (lifted from man hostname.if)

 inet 10.0.0.1 255.255.255.0 10.0.0.255 description Bob's uplink

actually that does not specify a line speed, but the man pages will tell
you how to do that too :)

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Peter Hessler]

there is an excellent blog called www.openbsd.org/faq/. Check out the
advice there.  It's pretty awesome.


On 2011 Dec 20 (Tue) at 07:49:11 -0500 (-0500), Richard Thornton wrote:
:I used the advice from the blog called gab software.  Perhaps he was wrong.   
I am willing to reinstall.  I have no personal data to lose on this old box.
:
:Nick Holland n...@holland-consulting.net wrote:
:
:On 12/19/11 14:39, Stuart Henderson wrote:
: On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote:
: Do a simple clean 5.0 install.  One would assume any browser package in the
: packages folder would install. None do for me on sparc, but with a clean
: 4.9 install all 4.9 packages install.  I am not a Unix specialist by any
: means but I do know how to type pkg_add .
:
: Please send a mail to ports@ detailing exactly what you are doing (what
: you're typing, what PKG_PATH is set to if you're using it, the contents
: of /etc/pkg.conf if you're using that) and what output you see.
: 
: This is the first I've heard of any major problem with 5.0 release
: packages on any arch, if there is a problem obviously we need to know
: what went wrong so we can avoid it happening in future, but before
: digging into that we need to first rule out incorrect procedure.
:
:Don't bother, he's doing something very wrong.  This is a PEBKAC
:diagnostic issue, not an OpenBSD issue.
:
:Just happened to have a blade100 (the machine he named) sitting here,
:just loaded it up, but not into production yet, so blew it away (it was
:at -current, of course) and did exactly what he said:
:
:* simple 5.0 install from CD (only non-default was to use ntpd)
:* set PKG_PATH to my local mirror
:* pkg_add xxxterm
:* pkg_add firefox36 (didn't seem to be newer ones for sparc64)
:* pkg_add dillo
:* pkg_add conkeror
:* pkg_add midori
:* pkg_add kazehakase
:* pkg_add links+2.2p2
:* pkg_add elinks
:* pkg_add w3m-0.5.3
:* pkg_add links  FINALLY! an error!  conflict with links+.  Package
:management system worked fine :)
:
:Other than links after links+, all installed fine.
:
:Starting them all at the same time on a blade100 with only 512M RAM was
:not my most productive move, but they all seemed to be trying to work,
:until something ran out of something and X blew me back to a command
:prompt :)
:
:(I gotta play with some of these alternate browsers)
:
:Personally, I think he's screwing up between sparc and sparc64.  He's
:being VERY sloppy with the platform name_s_ in his posting, so I suspect
:it is safe to assume he's doing that elsewhere.
:
:Nick.
:

-- 
Drew's Law of Highway Biology:
The first bug to hit a clean windshield lands directly in front
of your eyes.

Re: Upgrading AMD64 4.9-stable to 5.0

[Peter N. M. Hansteen]

Richard Thornton thornton.rich...@gmail.com writes:

 I upgraded my sun blade 100 from 4.9 to 5.0;  no issues but, it appears
 that the packages in 4.9 are not always upgradeable to those in 5.0 and
 most packages in 5.0 fail to install due to library dependencies.  

This sounds suspicously like you're mixing base and packages releases in
some sort of unsupported combination.  A wild guess -- trying to upgrade
the packages not to 5.0, but rather packages matching a snapshot, perhaps?

 one would assume all 5.0 packages are created using the dev tools from
 5.0 but this does not seem to be true.  

Once again, do not attempt to install packages built on and intende for
-current on a system running -stable. 

 I do not have time to track down all these issues, so for me openbsd
 will always remain a fun toy, but no better.

Please go back and check what you did leading up to those errors.  This
sounds like the result of some fairly basic mistake, like trying to
install -current packages on -stable.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Setting up access point multiple radios

[Peter Kay]

I'm looking at rebuilding my OpenBSD firewall to include a wireless
access point using a discrete card rather than an external access
point.

Can I just verify : athn(4) is a decent choice, but the docs are a bit
out of date (CVS commits and comments seem to suggest power saving has
been fixed, and later chipsets such as 9002/9003 are now supported?)

Does OpenBSD support simultaneous 802.11a and 802.11b/g in a dual band
card? I imagine the answer is 'no' (can't see how it's possible in
ifconfig) - which makes the card I was previously considering (the
JJPlus MR9 http://www.jjplus.com/?page_id=359) unrealistic. Thinking
of the TL-WN951N (AR5008-3NG chipset) instead :
http://www.cclonline.com/product/39855/TL-WN951N/Wireless-Adapters/TP-Link-300Mbps-Wireless-N-PCI-Adapter/NET1196/

Assuming the answer is no, any recommendations for an 802.11a AP
capable card? I'm guessing 802.11n is some way off.

Cheers!

PK

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

[Peter Kay]

Google is informative. It depends on your stepping. Try it and find out.

Wikipedia says 'AMD64 supported by: all models with an OPN ending in
BX and CV' and 'E6 stepping or later'

If you don't have an OS installed, a boot disk with a CPU information
tool would help.

On 12/12/2011, sc...@web.de sc...@web.de wrote:
 Hallo!

 I took the subjectline from INSTALL.amd64.

 I hope this is also the right ISO for other AMD processors, not amd64.

 I have a Sempron 3000+ with 754 sockel, but I am not sure if it
 supports amd64 instructions.

 Rod.

Re: OpenBSD/amd64 runs on computers equipped with AMD Athlon64

[Peter Kay]

On 12 December 2011 21:29, Henning Brauer lists-open...@bsws.de wrote:

 * sc...@web.de sc...@web.de [2011-12-12 16:06]:

  BTW: the ethernet on the motherboard (Asus K8U-X) does not work.
  Acer Labs M5263 LAN rev 0x40 at pci0 dev 13 function 0 not configured

 indeed. never heard of it, might be as simple as a missing pcidevs
 entry and driver matching code entry, might require a new driver from
 scratch. or something in between.


Score one for 'something in-between', but at least the work has been done
on another BSD.

http://lists.freebsd.org/pipermail/freebsd-stable/2011-October/064346.html

PK

Re: Mplayer vo on loongson, change resolution

[Peter Hessler]

No, the loongson does not support this yet.


On 2011 Dec 08 (Thu) at 21:34:07 +0400 (+0400), alies wrote:
:Hello
:
:What mplayer -vo I need to use for best performance in loongson Yeeloong 
netbook? Can I use full fullscreen in mplayer?
:What about sdl games (quake, doom etc), can I change resolution?
:

-- 
All progress is based upon a universal innate desire on the part of
every organism to live beyond its income.
-- Samuel Butler, Notebooks

Re: OpenBSD PF tables

[Peter Hessler]

Yes, tables in PF only support IP addresses.


On 2011 Dec 08 (Thu) at 22:11:19 +1100 (+1100), John Tate wrote:
:At the moment I am working on doing some things as tables. I want tables to
:hold the ports, but it appears perhaps they can only hold IP addresses. The
:following tables do not work from line 10-11...

-- 
Renning's Maxim:
Man is the highest animal.  Man does the classifying.

Re: OpenBSD PF tables

[Peter N. M. Hansteen]

On Thu, Dec 08, 2011 at 10:21:14PM +1100, John Tate wrote:
 Is there a way to control ports on a filter from the command line? I guess
 I just have manually adding and deleting rules.

the cycle


$ sudo mg /etc/pf.conf
$ sudo pfctl -vf /etc/pf.conf

doesn't take terribly long to begin with, but you could possibly achieve what 
you want
by putting your rules inside anchors and then do whatever manipulations you 
want to 
rules in the anchors from the command line.  man pf.conf and man pfctl are your 
friends.

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD PF tables

[Peter N. M. Hansteen]

On Thu, Dec 08, 2011 at 10:11:19PM +1100, John Tate wrote:
 I have sucessfully got an OpenBSD machine to connect via ADSL and forward
 packets, I am gradually upgrading my pf.conf. I am having trouble with this
 configuration (ignore some obvious bugs related to table names where tables
 are defined and the rules I have seen them).

what are those obvious bugs? please describe in detail.

 At the moment I am working on doing some things as tables. I want tables to
 hold the ports, but it appears perhaps they can only hold IP addresses. The
 following tables do not work from line 10-11...

from man pf.conf:

TABLES
 Tables are named structures which can hold a collection of addresses and
 networks.  Lookups against tables in pf(4) are relatively fast, making a
 single rule with tables much more efficient, in terms of processor usage
 and memory consumption, than a large number of rules which differ only in
 IP address (either created explicitly or automatically by rule
 expansion).


 table etcpserv { 22 }
 table itcpserv { 22, 53 }

this is what macros are for:

etcpserv =  { 22 }
itcpserv = { 22, 53 }

Other parts of your config uses tables correctly.  You may want to browse 
the PF faq, with http://home.nuug.no/~peter/pf/en/ or the book it spawned 
(http://www.nostarch.com/pf2.htm) as a useful supplement.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Short adsuck guide (local resolver setup)

[Peter Hessler]

On 2011 Dec 05 (Mon) at 17:32:48 + (+), Stuart Henderson wrote:
:On 2011-12-05, ?ime Ramov s...@ramov.com wrote:
: Great job on your video! Too bad I can only enjoy it at work where I have
: flash installed :(
:
:
:there are various ports/packages which can fetch these:
:
:get_flash_videos
:youtube-dl
:yt
:

also, www.youtube.com/html5

-- 
Honesty is the best policy, but insanity is a better defense.