upsdrvctl issue (nut/UPS) since sysupgrade to 7.5 (and nut update)
Hi folks, I have no doubt this will turn out to be pilot error, so apologies in advance. We have a server with an APC UPS via USB, which was working fine over several sysupgrades to 7.4. Since 7.5, not so much. I also did a package update (pkg_add -ui) as part of the process, and saw that nut was updated - but didn't see anything change of significance. I'm familiar with restoring the ownerships and rights to /dev/ugen0.00 and /dev/usb0 (in my case) after the sysupgrade. Running "upsdrvctl start" now returns an error, including: USB communication driver (libusb 1.0) 0.46 interrupt pipe disabled (add 'pollonly' flag to 'ups.conf' to get rid of this message) libusb1: Could not open any HID devices: insufficient permissions on everything No matching HID UPS found The thing I find very odd is that running nut-scanner before the sysupgrade gave me a sensible result: Scanning USB bus. [nutdev1] driver = "usbhid-ups" port = "auto" vendorid = "051D" productid = "0003" product = "Smart-UPS_3000 FW:UPS 06.0 / ID=1027" serial = "xxx" vendor = "American Power Conversion" bus = "000" Afterwards, it's odd: Cannot load SNMP library (libnetsnmp.so) : file not found. SNMP search disabled. Cannot load XML library (libneon.so) : file not found. XML search disabled. Scanning USB bus. [nutdev1] driver = "apc_modbus" port = "auto" vendorid = "051D" productid = "0003" product = "Smart-UPS_3000 FW:UPS 06.0 / ID=1027" serial = "xxx" vendor = "American Power Conversion" bus = "000" device = "002" busport = "003" ###NOTMATCHED-YET###bcdDevice = "0001" Modbus? Really? (I tried it anyway; didn't work. No surprise.) I conclude that I've missed permissions on something (new?), as suggested by the error message. But what? Any help gratefully received. Steve
Re: errors rebuilding binaries after sysupgrade to 7.5 - apologies for noise
My last response to Otto seems to have had a lot of noise appended. I replied via gmail, which seems to have added all sorts of things, as my own SPF/DMARC rules seem too strict, and seem to stop the mailing list relaying. Will review. Humbly, Steve
Re: errors rebuilding binaries after sysupgrade to 7.5
On 23/04/2024 06:30, Otto Moerbeek wrote: > What you normally do in these cases of build errors: > > - Make sure that you do not have sticky tags in your tree (use -A with cvs up) > - Double check that the cvs update did not produce a report line on > any file > - Clean your object dir: rm -rf/usr/obj/* > > Then try again. Nuking /usr/obj/* did the trick. Thanks! I think I'll tweak my process to use a fresh tree checkout after a sysupgrade (as suggested by Marc Peters - thanks!). Steve On Mon, 22 Apr 2024 at 22:09, Steve Fairhead wrote: > Hi folks, > > (Apologies if this is a dupe. Looks to me like this didn't originally get > far.) > > Pretty sure this is pilot error, so please be gentle. > > I sysupgraded 3 machines (all different) to 7.5; no problems. I then > updated installed packages; again no problem. > > Then I updated the source trees: > > cd /usr/src > cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd > cd /usr/ports > cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd > > I then (following https://man.openbsd.org/release) rebuilt the kernel: > > cd /sys/arch/amd64/compile/GENERIC.MP > make obj > make config > make && make install > reboot > > Still no problem. Then I started to rebuild the binaries: > > cd /usr/src > make obj && make build > > ... but eventually ran into shedloads of errors until it bailed. The first > few errors are: > > c++ -O2 -pipe -fno-ret-protector -mno-retpoline -ffunction-sections > -fdata-sections -std=c++17 -fvisibility-inlines-hidden -fno-exceptions > -fno-rtti -fno-semantic-interposition -Wall -Wc++98-compat-extra-semi > -Wcast-qual -Wcovered-switch-default -Wctad-maybe-unsupported > -Wdelete-non-virtual-dtor -Werror=date-time > -Werror=unguarded-availability-new -Wextra -Wimplicit-fallthrough > -Wmisleading-indentation -Wmissing-field-initializers -Wno-long-long > -Wno-noexcept-type -Wno-unused-parameter -Wnon-virtual-dtor > -Wstring-conversion -Wsuggest-override -Wwrite-strings -fno-pie -MD -MP > -I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include/clang/AST > -I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/include > -I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/llvm/include > -I/usr/src/gnu/usr.bin/clang/libclangAST/../include > -I/usr/src/gnu/usr.bin/clang/libclangAST/obj > -I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include -DNDEBUG > -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -c > /usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp > -o ByteCodeExprGen.o > /usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:119:18: > error: no member named 'emitCast' in > 'clang::interp::ByteCodeExprGen' > return this->emitCast(*FromT, *ToT, CE); > ^ > /usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16: > note: in instantiation of member function > 'clang::interp::ByteCodeExprGen::VisitCastExpr' > requested here > template class ByteCodeExprGen; >^ > /usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:204:26: > error: no member named 'emitRem' in > 'clang::interp::ByteCodeExprGen' > return Discard(this->emitRem(*T, BO)); > ^ > /usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16: > note: in instantiation of member function > 'clang::interp::ByteCodeExprGen::VisitBinaryOperator' > requested here > template class ByteCodeExprGen; >^ > > What did I do wrong? > > Thanks, > > Steve > > > > <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=webmail> > Virus-free.www.avg.com > <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=webmail> > <#m_-5374596809996890135_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >
errors rebuilding binaries after sysupgrade to 7.5
Hi folks,
(Apologies if this is a dupe. Looks to me like this didn't originally get
far.)
Pretty sure this is pilot error, so please be gentle.
I sysupgraded 3 machines (all different) to 7.5; no problems. I then
updated installed packages; again no problem.
Then I updated the source trees:
cd /usr/src
cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd
cd /usr/ports
cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd
I then (following https://man.openbsd.org/release) rebuilt the kernel:
cd /sys/arch/amd64/compile/GENERIC.MP
make obj
make config
make && make install
reboot
Still no problem. Then I started to rebuild the binaries:
cd /usr/src
make obj && make build
... but eventually ran into shedloads of errors until it bailed. The first
few errors are:
c++ -O2 -pipe -fno-ret-protector -mno-retpoline -ffunction-sections
-fdata-sections -std=c++17 -fvisibility-inlines-hidden -fno-exceptions
-fno-rtti -fno-semantic-interposition -Wall -Wc++98-compat-extra-semi
-Wcast-qual -Wcovered-switch-default -Wctad-maybe-unsupported
-Wdelete-non-virtual-dtor -Werror=date-time
-Werror=unguarded-availability-new -Wextra -Wimplicit-fallthrough
-Wmisleading-indentation -Wmissing-field-initializers -Wno-long-long
-Wno-noexcept-type -Wno-unused-parameter -Wnon-virtual-dtor
-Wstring-conversion -Wsuggest-override -Wwrite-strings -fno-pie -MD -MP
-I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include/clang/AST
-I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/include
-I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/llvm/include
-I/usr/src/gnu/usr.bin/clang/libclangAST/../include
-I/usr/src/gnu/usr.bin/clang/libclangAST/obj
-I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include -DNDEBUG
-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -c
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp
-o ByteCodeExprGen.o
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:119:18:
error: no member named 'emitCast' in
'clang::interp::ByteCodeExprGen'
return this->emitCast(*FromT, *ToT, CE);
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16:
note: in instantiation of member function
'clang::interp::ByteCodeExprGen::VisitCastExpr'
requested here
template class ByteCodeExprGen;
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:204:26:
error: no member named 'emitRem' in
'clang::interp::ByteCodeExprGen'
return Discard(this->emitRem(*T, BO));
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16:
note: in instantiation of member function
'clang::interp::ByteCodeExprGen::VisitBinaryOperator'
requested here
template class ByteCodeExprGen;
^
What did I do wrong?
Thanks,
Steve
Virus-free.www.avg.com
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
errors rebuilding binaries after sysupdate to 7.5
Hi folks,
Pretty sure this is pilot error, so please be gentle.
I sysupdated 3 machines (all different) to 7.5; no problems. I then
updated installed packages; again no problem. I then (following
https://man.openbsd.org/release) rebuilt the kernel:
cd /sys/arch/amd64/compile/GENERIC.MP
make obj
make config
make && make install
reboot
Still no problem. Then I started to rebuild the binaries:
cd /usr/src
make obj && make build
... but eventually ran into shedloads of errors until it bailed. The
first few errors are:
c++ -O2 -pipe -fno-ret-protector -mno-retpoline -ffunction-sections
-fdata-sections -std=c++17 -fvisibility-inlines-hidden -fno-exceptions
-fno-rtti -fno-semantic-interposition -Wall -Wc++98-compat-extra-semi
-Wcast-qual -Wcovered-switch-default -Wctad-maybe-unsupported
-Wdelete-non-virtual-dtor -Werror=date-time
-Werror=unguarded-availability-new -Wextra -Wimplicit-fallthrough
-Wmisleading-indentation -Wmissing-field-initializers -Wno-long-long
-Wno-noexcept-type -Wno-unused-parameter -Wnon-virtual-dtor
-Wstring-conversion -Wsuggest-override -Wwrite-strings -fno-pie -MD
-MP -I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include/clang/AST
-I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/include
-I/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/llvm/include
-I/usr/src/gnu/usr.bin/clang/libclangAST/../include
-I/usr/src/gnu/usr.bin/clang/libclangAST/obj
-I/usr/src/gnu/usr.bin/clang/libclangAST/obj/../include -DNDEBUG
-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS
-c
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp
-o ByteCodeExprGen.o
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:119:18:
error: no member named 'emitCast' in
'clang::interp::ByteCodeExprGen'
return this->emitCast(*FromT, *ToT, CE);
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16:
note: in instantiation of member function
'clang::interp::ByteCodeExprGen::VisitCastExpr'
requested here
template class ByteCodeExprGen;
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:204:26:
error: no member named 'emitRem' in
'clang::interp::ByteCodeExprGen'
return Discard(this->emitRem(*T, BO));
^
/usr/src/gnu/usr.bin/clang/libclangAST/../../../llvm/clang/lib/AST/Interp/ByteCodeExprGen.cpp:1428:16:
note: in instantiation of member function
'clang::interp::ByteCodeExprGen::VisitBinaryOperator'
requested here
template class ByteCodeExprGen;
^
What did I do wrong?
Thanks,
Steve
--
------
Steve Fairhead
www: http://www.fivetrees.com
--
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
Re: errors rebuilding binaries after sysupdate to 7.5
On 21/04/2024 18:46, Steve Fairhead wrote:
Still no problem. Then I started to rebuild the binaries:
cd /usr/src
make obj && make build
... but eventually ran into shedloads of errors until it bailed. The
first few errors are:
Sorry, missed a bit. Before kernel/binaries rebuilds, I also did
cd /usr/src
cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd
cd /usr/ports
cvs -q -d anon...@anoncvs.spacehopper.org:/cvs up -rOPENBSD_7_5 -Pd
Steve
--
--
Steve Fairhead
www: http://www.fivetrees.com
--
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
smtpd: access.db?
Hi, I'm in newbie mode again. I'm working on replacing an old OpenBSD server running Sendmail with a new one running smtpd. With Sendmail, I rely heavily on the access.db feature to block TLDs, usernames, email addresses, and domains. Is there an equivalent feature with smtpd? Also I can't see any reason why spamd shouldn't play well with smtpd, since it's more a feature of pf.conf than Sendmail. Please yell if I'm wrong. Thanks, Steve
Re: Weirdness with du/df/my brain (latter more likely)
On 23/01/2023 01:47, NilsOla Nilsson wrote: Possible explanation: if you have several hard links pointing to the same file (inode) rsync will expand those to separate files, unless you give the option -H And you were quite right, and I apologise for missing this - I really wasn't expecting hard links in a Maildir. Same apology goes to Steve Litt, whose message I've not received (saw it just now on the marc.info board). Thanks, chaps. Steve -- -- Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: Weirdness with du/df/my brain (latter more likely) - SOLVED
On 23/01/2023 19:00, Steve Fairhead wrote: On 22/01/2023 21:06, Steve Fairhead wrote: After a lot of analysis, I found that all user folders (and all other folders/partitions) were near-enough identical on both machines, except for one - my boss's . After more analysis, I found that it was his Maildir (using dovecot) that was weird: - Old machine: 49 GB - New machine: 188 GB Jan Stary solved it by asking "Have you tried -H to preserve hardlinks?". And no, I hadn't. Wasn't expecting any in a Maildir. I've learned something - wahay! One more detail for the record: I've just learned that my boss uses a Mac to deal with mail - everyone else uses Windoze. May be significant, although I would have thought that Dovecot dealt with the actual storage... Steve -- -- Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: Weirdness with du/df/my brain (latter more likely) - SOLVED
On 22/01/2023 21:06, Steve Fairhead wrote: After a lot of analysis, I found that all user folders (and all other folders/partitions) were near-enough identical on both machines, except for one - my boss's . After more analysis, I found that it was his Maildir (using dovecot) that was weird: - Old machine: 49 GB - New machine: 188 GB Jan Stary solved it by asking "Have you tried -H to preserve hardlinks?". And no, I hadn't. Wasn't expecting any in a Maildir. I've learned something ;) - wahay! New machine is now 49 GB too. And I've tweaked my rsync script to no longer use "-avz --delete", but "-avSH --delete". Thanks, Jan! Steve -- ------ Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: Weirdness with du/df/my brain (latter more likely)
On 23/01/2023 02:23, Todd C. Miller wrote: After yet more testing, I did a recursive copy of the old 49 GB Maildir to a spare folder on the same home partition on the old machine. This came up, again, as 188 GB. You probably copied a large number of sparse files where the holes got expanded. If you use rsync with the -S flag (or use tar) you should end up with a similar disk usage on the new machine. I did actually consider this. I had tried (after deleting the copy): rsync -avzS No change - still 188 GB. So I've just tried (again after deleting the copy): rsync -avS ... in case using compression somehow negated the sparse files setting. Again no change - still 188 GB. Mysterious. Thanks, Steve aka Baffled of Bursledon -- -- Steve Fairhead fivetrees ltd - for the complete music service tel: (+44)(0)(23) 8056 9013 mobile: (+44)(0)(7899) 847346 email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: Weirdness with du/df/my brain (latter more likely)
On 22/01/2023 23:55, Alexis wrote: - Old machine: 49 GB - New machine: 188 GB Figures as measured with du -sk, which I realise is sector-oriented, but still... And yes, my boss does a *lot* of email. i might well be barking up the wrong tree, but the first thing that comes to mind is inode usage. OpenBSD du(1) doesn't appear to have an inode-related option, but df(1) does; what numbers does `df -i` report in each case? Old machine: Filesystem 512-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/sd0a 2130681584 1414199968 60994755270% 2632753 30977229 8% /home New machine: Filesystem 512-blocks Used Avail Capacity iused ifree %iused Mounted on /dev/sd0a 2130681584 1691626016 33252150484% 2679491 30930491 8% /s0 Thanks, Steve -- -- Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: Weirdness with du/df/my brain (latter more likely)
On 23/01/2023 00:37, Philip Guenther wrote: You'll need to be specific about what rsync options you used, and perhaps eyeball what the manpage says about them. For example, the description of the -a option has a specific warning which seems a plausible explanation of the expansion. Apologies for being too brief. I was using: /usr/local/bin/rsync -avz --delete src dest There are no symlinks etc in the Maildir folder in question. I'm not sure if that's what you meant re warning. Thanks, Steve -- -- Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
Weirdness with du/df/my brain (latter more likely)
Hi folks, I was cloning a server with rsync in preparation for a major upgrade (elderly OpenBSD to 7.2). I noticed that the home partition usage was a good deal greater on the new machine than the old (as seen by df). After a lot of analysis, I found that all user folders (and all other folders/partitions) were near-enough identical on both machines, except for one - my boss's ;) . After more analysis, I found that it was his Maildir (using dovecot) that was weird: - Old machine: 49 GB - New machine: 188 GB Figures as measured with du -sk, which I realise is sector-oriented, but still... And yes, my boss does a *lot* of email. After yet more testing, I did a recursive copy of the old 49 GB Maildir to a spare folder on the same home partition on the old machine. This came up, again, as 188 GB. (FWIW, Windows via Samba reported "140 GB; size on disk 204 GB" for both the original "49 GB" Maildir and the 188 GB copy.) I'm just puzzled, and clearly missing something. Can anyone enlighten me as to the large (nearly 4*) discrepancy? Thanks, Steve -- ------ Steve Fairhead email: st...@fivetrees.com www: http://www.fivetrees.com --
embarrassing mail problem
I've searched and failed, and I realise I'm going to show my total ignorance by not having found an answer (and no, I've not been keeping up these last few years - mea culpa - demanding day-job). But - I'd be grateful for any (gentle or otherwise) cluebats. I have several OpenBSD email servers, some elderly (Sendmail) and some brand-spanking new (smtpd). Recently I've noticed that some (of both kinds) are failing to deliver mail to some major UK ISPs. (Mostly domestic; business ISPs not so much.) For Sendmail, the error is "TLS handshake failed"; for smtpd, it's "Network error on destination MXs". I do have SPF etc setup; thought that might be it, but no. I've read that some ISPs have closed port 25. I presume that's relevant, but I simply don't know. As I said, all cluebats gratefully (and probably painfully) accepted. Steve -- ------ Steve Fairhead email: st...@fivetrees.com --
sysupgrade from -stable (was: error rebuilding binaries after 6.9->7.0 sysupgrade)
On 04/04/2022 13:10, owner-m...@openbsd.org wrote: sysupgrade only copes with what look like release versions (no version suffix, upgrades to release+0.1 with no arguments, or snapshot with -s) or snapshots (-current or -beta suffix, by default -current upgrades to release+0.1 or -beta upgrades to release, or snapshot with -s). It doesn't handle -stable, and it doesn't handle going from the current situation which is "it's still snapshots rather than release but there's no suffix" to the forthcoming release. I've now upgraded a couple of systems from 6.8 -stable, using "sysupgrade -r", through 6.9 and then 7.0 (rebuilding and rebooting after patches). They seem fine. Any gotchas with this? To put it another way, what is the recommended way of upgrading a production system with patches applied (so -stable)? Thanks, Steve -- ------ Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: error rebuilding binaries after 6.9->7.0 sysupgrade
On 07/11/2021 10:35, Steve Fairhead wrote: That's what I'd expect, and I did indeed run sysupgrade without specific options. Nonetheless I seem to have wound up with -current when I would have expected -stable: # dmesg | grep OpenBSD OpenBSD 6.9-stable (GENERIC.MP) #0: Mon Aug 23 21:44:18 BST 2021 OpenBSD 6.9-stable (GENERIC.MP) #0: Sun Oct 31 10:03:46 GMT 2021 OpenBSD 6.9-stable (GENERIC.MP) #0: Sun Oct 31 10:03:46 GMT 2021 OpenBSD 7.0-current (RAMDISK_CD) #71: Fri Nov 5 10:13:26 MDT 2021 OpenBSD 7.0-current (GENERIC.MP) #72: Fri Nov 5 10:08:43 MDT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 13:30:45 GMT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 16:15:08 GMT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 19:53:47 GMT 2021 I have no idea how this can have happened. I would dearly love to understand what I did wrong. I *finally* figured out what happened, after some experimenting with a spare machine. Running sysupgrade with no parameters on -stable (i.e. -release + patches, rebuilt) upgrades to a snapshot (i.e. -current). Is this expected behaviour? Again, apologies if this is obvious to everyone but me ;) . Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: error rebuilding binaries after 6.9->7.0 sysupgrade
On 07/11/2021 08:44, Sebastien Marie wrote: You didn't need to remove the previous; you could have just updated the source you had. running cvs update (with -r OPENBSD_7_0) is a possibility, but removing files and reinstall is another. Nothing wrong here. Actually I did try a CVS update first, before nuking/reinstalling. That's when I first saw the error, so I kinda started over. for the errata; still fine. For errate to 7.0? If you have a -current system for sysupgrade and only updated to the 7.0 errata, the source you have in /usr/src is behind what you have installed. sysupgrade (when used without specific options) is used to upgrade a system from one release to next release. If you are on 6.9 (-release or -stable) and run `doas sysupgrade', you will get a 7.0 system (and not -current). That's what I'd expect, and I did indeed run sysupgrade without specific options. Nonetheless I seem to have wound up with -current when I would have expected -stable: # dmesg | grep OpenBSD OpenBSD 6.9-stable (GENERIC.MP) #0: Mon Aug 23 21:44:18 BST 2021 OpenBSD 6.9-stable (GENERIC.MP) #0: Sun Oct 31 10:03:46 GMT 2021 OpenBSD 6.9-stable (GENERIC.MP) #0: Sun Oct 31 10:03:46 GMT 2021 OpenBSD 7.0-current (RAMDISK_CD) #71: Fri Nov 5 10:13:26 MDT 2021 OpenBSD 7.0-current (GENERIC.MP) #72: Fri Nov 5 10:08:43 MDT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 13:30:45 GMT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 16:15:08 GMT 2021 OpenBSD 7.0-stable (GENERIC.MP) #0: Sat Nov 6 19:53:47 GMT 2021 I have no idea how this can have happened. I would dearly love to understand what I did wrong. (The last 3 lines are, presumably, because I rebuilt the kernel after re-installing the source. But I now have a mismatch. Maybe my best bet is to stay with -current on this machine.) Thanks for your responses. Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
error rebuilding binaries after 6.9->7.0 sysupgrade
Hi folks, I think I've probably done something stupid, but I'm not sure where. Not used sysupgrade before; I usually reinstall. So this is new to me. I updated a system from 6.9 to 7.0 with sysupgrade; no problems at all. I then nuked the contents of /usr/src, and decanted the 7.0 src.tar.gz and sys.tar.gz files as usual with a new install. Then did a cvs update for the errata; still fine. Rebuilt kernel, installed it, rebooted; no problem. Then tried rebuilding binaries, and it failed with: ld: error: undefined symbol: X509_STORE_get_by_subject >>> referenced by x509.c >>> x509.o:(x509_generate_kn) >>> referenced by x509.c >>> x509.o:(x509_generate_kn) cc: error: linker command failed with exit code 1 (use -v to see invocation) *** Error 1 in sbin/isakmpd (:126 'isakmpd') *** Error 2 in sbin (:48 'all': @for entry in atactl badsect bioctl clri dhclient dhcpleased disklabel dmesg dump dumpfs fdi...) *** Error 2 in . (:48 'all': @for entry in lib include bin libexec sbin usr.bin usr.sbin share games gnu sys; do set -e; if ...) *** Error 2 in . (Makefile:97 'do-build') *** Error 2 in /usr/src (Makefile:74 'build') Where did I goof? Thanks, and apologies for my dumbassness, Steve -- ------ Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Any love for HPGL?
Hi folks, Years back (late 80s, 90s) I wrote a comprehensive HPGL emulation package, with support from a hardware manufacturer (and HP): http://www.sfdesign.co.uk/hpglexp.htm Over the years I've seen it integrated into several HPGL viewer utilities (without my permission, of course). Would this be of any use/interest to the open-source community? Or is HPGL now toast? The C code is just sitting here gathering dust (as is my one remaining HP plotter). Steve
Re: pf: brute-force ssh defence no longer working in OpenBSD 6.8
I'd said: >> Checking the pf log, it's definitely the final (pass quick) rule which is letting them in. And yes, dumping the table does indeed show the IP address(es) in question. So the block doesn't appear to be doing anything. Am I being a dumbass? Have I missed some subtle change in pf behaviour which is breaking my filter? << Peter N. M. Hansteen replied: >> Taking a peek at what I run the main difference I see is that I do a block by default at the very beginning of my pf.conf << Well, that's embarrassing. I'm officially an idiot. I *always* have a default deny at the start of pf.conf. Except this time, I didn't, and didn't spot the omission depsite reviewing it, well, a lot. Oops. (I did say it'd been a while...) Thank you, Peter, for setting this old twit right. Steve -- ------ Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
pf: brute-force ssh defence no longer working in OpenBSD 6.8
Hi folks, I hope I'm just missing something stupid. It's been a while since I deployed public OpenBSD servers, but I've done plenty. I always use a defence in pf.conf against brute-force SSH attacks, which has served me well in the past. On a new machine running 6.8, this no longer appears to work. I've stripped it back to: table persist file "/etc/scanners" block quick from pass quick proto tcp from any to any port ssh flags S/SA keep state \ (max-src-conn 10, max-src-conn-rate 3/15, overload flush global) (taken directly from https://home.nuug.no/~peter/pf/en/bruteforce.html ) But: am still seeing e.g. Jan 10 13:25:20 ns3 sshd[3233]: Failed password for invalid user admin from 67.1.238.105 port 47102 ssh2 Jan 10 13:25:21 ns3 last message repeated 5 times Jan 10 13:25:21 ns3 sshd[3233]: error: maximum authentication attempts exceeded for invalid user admin from 67.1.238.105 port 47102 ssh2 [preauth] Jan 10 13:25:21 ns3 sshd[3233]: Disconnecting invalid user admin 67.1.238.105 port 47102: Too many authentication failures [preauth] Jan 10 13:25:25 ns3 sshd[98147]: Invalid user admin from 67.1.238.105 port 47232 Jan 10 13:25:25 ns3 sshd[98147]: Failed password for invalid user admin from 67.1.238.105 port 47232 ssh2 Jan 10 13:25:26 ns3 last message repeated 5 times Jan 10 13:25:26 ns3 sshd[98147]: error: maximum authentication attempts exceeded for invalid user admin from 67.1.238.105 port 47232 ssh2 [preauth] Jan 10 13:25:26 ns3 sshd[98147]: Disconnecting invalid user admin 67.1.238.105 port 47232: Too many authentication failures [preauth] Jan 10 13:25:32 ns3 sshd[17711]: Invalid user admin from 67.1.238.105 port 47366 On an older server, searching for "repeated" in authlog shows a typical max of 2 times. Checking the pf log, it's definitely the final (pass quick) rule which is letting them in. And yes, dumping the table does indeed show the IP address(es) in question. So the block doesn't appear to be doing anything. Am I being a dumbass? Have I missed some subtle change in pf behaviour which is breaking my filter? Thanks, Steve -- ------ Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: CIDR vs aliases with ifconfig/hostname.if
On 03/12/2020 13:20, Steve Fairhead wrote: There's also this, which I wrote to help a student (my daughter) understand netmasks and CIDR notation: http://www.fivetrees.com/netmasks/netmasks.php It's kinda fun to watch the bit patterns move around... I can see from my logs that this has proven popular today. It was written as a bit of fun; it it's actually useful, please let me know if it's missing something, could use a new feature, or if you figure it's just plain wrong ;) . Also: for me, CIDR is the only sane way to describe netmasks. There are 4,294,967,296 possible values for an IPV4 netmask, but just 33 (or fewer, depending on your level of pedantry) of these are valid. Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: CIDR vs aliases with ifconfig/hostname.if
Mike Coddington writes:
> There was a useful tool that someone posted on misc a while back called
> netcalc. I think this is its website:
>
https://jamsek.dev/posts/2019/Sep/21/ipv4-and-ipv6-cidr-subnet-calculator/
> Check it out if you want to get a better grasp on CIDR notation.
There's also this, which I wrote to help a student (my daughter)
understand netmasks and CIDR notation:
http://www.fivetrees.com/netmasks/netmasks.php
It's kinda fun to watch the bit patterns move around...
Steve
--
--
Steve Fairhead
fivetrees ltd - for the complete music service
www: http://www.fivetrees.com
--
Re: Daily digest, Issue 4662 (14 messages)
On 22/12/2018 13:20, Stuart Henderson wrote: On 2018-12-20, Steve Fairhead wrote: On 20/12/2018 13:20,tors...@cnc-london.net wrote: Try to add below to your pf.conf table persist pass in on $ext_if inet proto tcp from any to $ext_if port 1194 \ (max-src-conn 10, max-src-conn-rate 30/5, \ overload flush global) This is pretty much exactly what I have for ssh scanners (with different limits). Aha! On 20/12/2018 13:20,pe...@bsdly.net wrote: The good thing about the pf.conf state tracking options is that they're service agnostic. That's the bit I wasn't entirely sure about - thanks. Makes sense now - of course! It's nothing to do with service, just connections. D'oh! I now have a cunning plan, a plan so cunning etc etc. Thanks to all who responded, on- and off-list. That works for TCP. If you're running openvpn over UDP, as most people do, options are more limited - max-src-conn and max-src-conn-rate are not available. See the pf.conf manual for reasons. Aw fork. Missed that detail. Will re-read. A curious detail: the day after I posted my enquiry, brute-force attacks dropped from several thousand a day to... 2 or 3. I hadn't yet made any changes... Steve
Re: blocking openvpn port scanners
On 20/12/2018 13:20, tors...@cnc-london.net wrote: Try to add below to your pf.conf table persist pass in on $ext_if inet proto tcp from any to $ext_if port 1194 \ (max-src-conn 10, max-src-conn-rate 30/5, \ overload flush global) This is pretty much exactly what I have for ssh scanners (with different limits). Aha! On 20/12/2018 13:20, pe...@bsdly.net wrote: > The good thing about the pf.conf state tracking options is that they're > service agnostic. That's the bit I wasn't entirely sure about - thanks. Makes sense now - of course! It's nothing to do with service, just connections. D'oh! I now have a cunning plan, a plan so cunning etc etc. Thanks to all who responded, on- and off-list. Steve
blocking openvpn port scanners
I'm probably missing something obvious. Cluebats invited. A few OpenBSD servers I look after have OpenVPN server installed (for homeworkers' access), which means port 1194 is open. Recently they seem to have appeared on some scumbag's "hack this" list, as they're constantly deluged with brute-force hack attacks. A snippet from openvpn.log: >> Wed Dec 19 18:28:53 2018 185.81.153.117:55881 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Dec 19 18:28:53 2018 185.81.153.117:55881 TLS Error: TLS handshake failed Wed Dec 19 18:28:53 2018 185.81.153.117:64379 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Dec 19 18:28:53 2018 185.81.153.117:64379 TLS Error: TLS handshake failed Wed Dec 19 18:28:53 2018 185.81.153.117:27493 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Wed Dec 19 18:28:53 2018 185.81.153.117:27493 TLS Error: TLS handshake failed << (IP addresses obscured to protect the sinner - no, wait...)(and logfile filtered by "failed".) For now, I manually log the above IPs and add them to a badhosts file - no more access of any kind for you, mwahaha. But it's a lot of work, and my logfile is just noise... I already use pf.conf to protect my ssh port against such attacks (rate-limiting). Can I do anything similar with pf for the openvpn port? Don't want to block real users if they screw up once or twice... although they are few enough that I can be super-aggressive in denying access, and sort it out by phone... Maybe I shouldn't even worry about it, but I'd really like to hit back. (See above re "mwahaha".) Steve
Re: virtual colocation? Amazon/cloud?
On 15/06/2018 00:12, Fred wrote: I like mythic beasts[1] - they have data centres in Cambridge and London - they are technically literate and both my OpenBSD VM are with them. Cheers Fred [1]https://www.mythic-beasts.com/ Aha. Looks interesting. Thanks. Steve
virtual colocation? Amazon/cloud?
Yes, I have consulted the interwebs. But, forsooth, the interwebs have forsaken me... I've been running various colocated OpenBSD boxen for a long time (19 years?). The hardware is mine; the phat pipe I pay for, in some aircon'ed warehouse somewhere in southern England... never been... (I'm in West Sussex/Surrey, but I doubt that matters these days.) Two of my machines are getting a little elderly, and need replacing... and my son-in-law (I quite like him) said "have you considered virtual hosting?". Hmmm. I would love to be able to do this - make the hardware someone else's problem - and maybe into the bargain pay less per month. I gather Amazon are not quite there yet re OpenBSD virtual machines. Can anyone here provide a cluebat as to prospects or alternatives? I don't want to move away from OpenBSD - it's my security blanket... and I love it *so* much... Steve
Re: new (nasty) spam pattern
On 05/08/2015 22:41, Steve Fairhead wrote: FWIW I nowadays record the last IP so that I can see patterns, and at the very least identify spammers which otherwise I would have missed. Finally, this has paid off. After a couple of years of collecting stats, I've identified some patterns, which I'm happy to share - but maybe not here. About a week ago I tentatively setup a spamd.conf blacklist based on those IP addresses which originated most of the spam I see on the (two, entirely separate) systems I admin. The results have been HUGELY satisfying - these senders now get tarpitted and I've wasted so much of their servers' time, it's lovely (sob). Mwahaha. Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service tel: (+44)(0)(1730) 814091 mobile: (+44)(0)(7899) 847346 email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: new (nasty) spam pattern
On 05/08/2015 16:40, Seth wrote: (PS: went after one of the main spammers - nice house in New Jersey. We have a rep in the USA... non-violent suggestions for retribution? Jalapeño bean dip under the car door handle always works. There's a thing: I'm currently growing two kinds of chilli: Jalapeno (3,500–10,000 on the Scoville scale) and Apache F1 (70,000-80,000). Want some? Another thing I forgot to mention with regards to selecting black lists. If possible, immediately take the IP address of any spam delivery that makes it past your greylisting and blacklisting setup, and plug the address into the search box at https://mxtoolbox.com/blacklists.aspx to see what blacklists it pops up on. This will help you select which blacklists are actually identifying problem IPs in a timely enough manner so that you can cut 'em off at the pass with your firewall and spamd. Totally understood, but about half of the IP addresses I'm seeing are proxies or relays (identified in maillog as something altogether different)... FWIW I nowadays record the last IP so that I can see patterns, and at the very least identify spammers which otherwise I would have missed. Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: new (nasty) spam pattern
On 30/07/2015 23:07, Steve Fairhead wrote: Oooh, nice. Some meat there for me to look into. Thanks. Well, it seems I could have phrased that better... (one private response had me nonplussed until I googled the phrase - refers to a male with a larger than average... errr... never mind.) Thanks to all those who responded - apologies if I haven't responded individually - this old dog has learned some new tricks, which can't be bad. Meanwhile, my database of sinners really should be out there to ... But where? I update it several times a day... Have decided I'll publish the list somewhere on my site soon. Details will include: - domain or email pattern (as /etc/mail/access) - IP address of mailserver (or relayer, as reported in /var/log/maillog) - whois ID of domain (which has proved interesting - it's a small number of players) - datestamp when added to my dbase Hopefully this will help some other admins... Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: new (nasty) spam pattern
On 30/07/2015 16:09, Seth wrote: Steve, I had the some problem, lots of spammers were figuring out how to 'climb over the greywall', so I added spamd-bpgd [1] and a few blacklists [2] into the mix. I haven't figure out how to incorporate DNSBL into spamd, so I use the cruder method of downloading the blacklists every 20 minutes via ftp or rsync and a cronjob. I also found a post in the mailing list archives which describes how to use greyscanner to trap any mailservers sending to addresses with numbers in them. [3] (hat tip to Joakim Aronius) Oooh, nice. Some meat there for me to look into. Thanks. Meanwhile, my database of sinners really should be out there to ... But where? I update it several times a day... Steve (PS: went after one of the main spammers - nice house in New Jersey. We have a rep in the USA... non-violent suggestions for retribution? -- -- Steve Fairhead fivetrees ltd - for the complete music service email: st...@fivetrees.com www: http://www.fivetrees.com --
Re: new (nasty) spam pattern
On 30/07/2015 03:15, Quartz wrote: Not sure if it will help your specific situation, but you could look into server side grey listing. This will cause your mail server to temporarily reject mail from them, forcing them to try again a couple hours later. Fly-by-night spam places almost never bother to resubmit, so it's pretty effective (it cut down my spam to under 5% literally overnight). Yep, already running greylisting. (I did say I was running spamd.) Thanks, Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
new (nasty) spam pattern
Hi folks, Am now seeing a recent (last few months) HEEEUUGE increase in spam to my (redirected mail) users with the following pattern: - spam sent to many email addresses with one-time-only domain, each of which has a barely traceable and mobile (and maybe temporary) IP, but with a whois record going back to a few repeating registrants (Batista Network, WhoisGuard in Panama, MXSPORT LLC, SHOUTMEDIA INC. being a few of several). Am happy to publish the list if this helps anyone else. I'm not sure I can do better than what I do now: record the domains (or email patterns) to a database, from which I derive an access db for sendmail, and reject them with a fairly polite message - which doesn't happen often. But when it does, I'd like to hurt them. I also run spamd; can't seem to find a way to tarpit based on domain rather than IP... This is happening often enough now that gmail and yahoo are rate-limiting my servers because of spam... meep! Seems hugely unfair, and I shall cry. Any cluebats? Steve -- -- Steve Fairhead fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: icalendar support on openbsd 5.5 - mod_dav removed
Thanks for the responses, Stuart and Johan. Will investigate and play... [I'm a little reluctant to go for Apache2, simply because I've never tried it, and I have other webserver stuff to support... perhaps I'm being a wuss ;).] Steve
icalendar support on openbsd 5.5 - mod_dav removed
Hi folks, I'm aware that mod_dav has been removed from 5.5. I was supporting a group of icalendar files under 5.3 with mod_dav. Do I have options for doing the same (read/write access) under 5.5, maybe using a different method or package? Or is there a way of using mod_dav, despite its antiquity, on 5.5? (Again I've searched with no success... I seem to be an edge case again...) Steve
dovecot-lda delivery failure: can't expand ~/
Hi folks, I'm preparing a new machine (OpenBSD 5.5, Dovecot 2.2.10) to replace an elderly but venerable (OpenBSD 4.3, Dovecot 1.0.10) mailserver. Access from mail clients to the IMAP Maildirs is working fine (so it's not an auth issue, I think), but local mail delivery (to/from system users) is failing. The maillog shows this: May 4 12:03:10 hglserver-test1 dovecot: lda(steve): Error: user steve: Initialization failed: Namespace '': Home directory not set for user. Can't expand ~/ for mail root dir in: ~/Maildir May 4 12:03:10 hglserver-test1 dovecot: lda(steve): Fatal: Invalid user settings. Refer to server log for more information. May 4 12:03:10 hglserver-test1 sendmail[5139]: s440WjIS026017: to=| /usr/local/libexec/dovecot/deliver, ctladdr=steve (1000/1000), delay=10:30:25, xdelay=00:00:00, mailer=prog, pri=2269378, dsn=4.0.0, stat=Deferred: prog mailer (/bin/sh) exited with EX_TEMPFAIL The configuration for mail location is: mail_location = maildir:~/Maildir and again, mail clients can see this. I'm using sendmail with .forward files calling the LDA as documented in the Dovecot wiki: | /usr/local/libexec/dovecot/deliver where dovecot/deliver is a stock symlink to dovecot-lda. The conf.d/15-lda.conf file is stock, which appears correct to me. I've searched and searched for clues; the lack of relevant results in e.g. Google leads me to the humbling conclusion that I'm doing something monumentally stupid. Any cluebats gratefully accepted. Steve
Re: dovecot-lda delivery failure: can't expand ~/
jca said:
I use the dovecot, just to fill and access my maildir (no listener or
auth involved), with ''dovecot-lda -kc conffile'' from my .forward. It
uses the environment to expand my ~/Maildir path, and userdb { driver =
passwd } (just to avoid spam about disabling the duplicates database).
I tried
| /usr/local/libexec/dovecot/dovecot-lda -kc /etc/dovecot/dovecot.conf
No change.
I did wonder about the user environment; but home is correctly set in
both old and new cases.
Also, given that sendmail runs the LDA as the user, I tried running
dovecot-lda manually as the user - it seemed to succeed (with no message
to deliver, but maillog showed delivery to INBOX, and the Maildir
indexes were updated. Now wondering if it's a sendmail issue...
Steve
--
--
Steve Fairhead
fivetrees ltd - for the complete music service
tel: (+44)(0)(1730) 814091
mobile: (+44)(0)(7899) 847346
email: st...@fivetrees.com
www: http://www.fivetrees.com
--
Re: dovecot-lda delivery failure: can't expand ~/
On 06/05/2014 14:56, Jérémie Courrèges-Anglas wrote:
I use the dovecot, just to fill and access my maildir (no listener or
auth involved), with ''dovecot-lda -kc conffile'' from my .forward. It
uses the environment to expand my ~/Maildir path, and userdb { driver =
passwd } (just to avoid spam about disabling the duplicates database).
Update - using just the -k flag *does* work for me, despite my earlier
test. I was fooled into thinking it had made no difference because I
couldn't force already-queued mail to be delivered - turns out the queue
includes the .forward file contents from the time the mail was queued. D'oh.
But queuing a fresh message results in delivery. Wahay! And it's clear
that clearing the environment was a change in dovecot between my two
versions, so I can see why it works, which is a bonus ;).
Thanks for your help.
Steve
--
--
Steve Fairhead
fivetrees ltd - for the complete music service
tel: (+44)(0)(1730) 814091
mobile: (+44)(0)(7899) 847346
email: st...@fivetrees.com
www: http://www.fivetrees.com
--
Re: Developing device driver for parallel lcd dispaly modules
On 26/08/2013 09:41, Denis Maros wrote: Yes, i'm talking about 2*20 character LCD display connected to 24 pin parallel port on motherboard. I've tried to access this device simply via this command: # echo Test /dev/lpt0 ksh: cannot create /dev/lpt0: Device busy Yeah, failed. Do you suggest any other method/code to try if /dev/lpt0 accessable? I had thought that a driver would be needed cause the vendor had Linux and FreeBSD driver included in CD. By the way that the vendor is Lanner INC and device is FW-7581A. I suspect an LCD module is unlikely to work while driving it as if it were a parallel port printer. The issue is the protocol. A printer uses the Centronics interface e.g.: http://retired.beyondlogic.org/epp/epp.htm LCD modules vary, but tend to use some variation of the following: http://www.newbiehack.com/MicrocontrollersABeginnersGuideIntroductionandInterfacinganLCD.aspx For one thing, an LCD module has commands (to set the mode, clear the display, configuration etc) - it doesn't just take ASCII characters. Using the parallel port however is often just a convenient way of getting some logic-level signals in and out... but you're probably going to need to bit-bang them (i.e. control them individually) yourself, rather than using a parallel-port protocol. HTH, Steve
New spammers' behaviour pattern
Hi folks, I'm seeing a new pattern of behaviour from spammers over the last few months, which shows signs of growing. Briefly: - Mail originates from a correctly-configured mailserver, typically called ssl.somedomain.com, so spamd doesn't catch it. - The domain is entirely sacrificial, and may only exist for a few days before being blocked by the registrar (or blacklisted by me). - Mailserver IP addresses tend to be in blocks (I'm logging them in order to anticipate and block new senders). - Spam content is commercial, and identical spams turn up from various of these domains. This is *almost* the only type of spam I'm seeing these days, which says a lot for the (continued) power of greylisting. Anyone else seeing this? Would it make sense for me to publish the IP addresses I've harvested so far? (I'm currently blocking these via accessdb; it would make far more sense for me to tarpit them...) Steve -- http://www.fivetrees.com
Re: bastille day in calendar
Jul 14 Storming of the Bastille by the citizens of Paris, 1789 Jul 14 Bastille Day is this needed twice? The first time was a rehearsal. Steve -- http://www.fivetrees.com
Re: Request for DVI monitors in the UK
Around two weeks ago Owain (oga@) mailed out a request for some monitors in the UK, so that he could hack better on X. This is now sorted. I'll be driving a pair up to Owain in the next few days, courtesy of my employer (HGL Dynamics Ltd). Steve -- http://www.fivetrees.com
Re: European orders - Thank you Theo and your team, some of us appreciate you!
Slightly late in responding to this, but hey: Michael Grigoni wrote: William Chivers wrote: Thank you Theo and your team of developers for OpenBSD. Some people responding to the European Orders thread seem to have lost sight of what OpenBSD is and who develops it. I am a bit of a newbie here (although I have been using computers in my career since 1972)... I also add my thanks to the discussion. I do have a fundamental question to pose however. It seems that opensource culture for large projects is driven by featurism and the need to make massive changes incorporated into frequent releases. I come from a background of very long-term stability requirements for APIs and ABIs, performance figures on hardware over long life-cycles and stringent documentation. I do embedded work and expect to maintain a system for decades without massive overhaul. First, let me add my thanks to Theo and the guys for the continued existence of OpenBSD. You and your work *are* appreciated. Second, you mentioned embedded work, which is my main work area. Yes, embedded stuff needs to be stable long-term - but the Internet isn't: threats change, and OpenBSD evolves. A classic solution to that (which I've used) is to simply accept that the legacy embedded stuff should not be directly connected to the Internet, and to use a current (or at least regularly maintained) OpenBSD machine as a gateway. Or, to put it another way: use the right tools for the job. Steve -- http://www.fivetrees.com
Re: Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning
STeve Andre' said: You know what I expect? I expect the OpenBSD response will be excellent, and out on its own timeframe. Rushing a fix into place can be worse than not doing anything at all. I have no idea what they're doing, have no idea with whom they may be talking. But I know that it is being worked on, and will be a reasoned response to the problem. More than expect, I trust OpenBSD. My thoughts exactly. Steve -- fivetrees ltd - for the complete music service www: http://www.fivetrees.com --
Re: corrupt locate.database
My Problem is, that locate tells me: locate database header corrupt, bigram char outside 0, 32-127: 14 This has been discussed a couple of times here. Search the archives for problem with locate, e.g. http://marc.info/?l=openbsd-miscw=2r=1s=problem+with+locateq=b I had the same issue; Otto's patch fixed it. Steve http://www.fivetrees.com
Re: Hmm...
To upgrade to a newer network setup, we kind of need a particular piece of equipment: Cisco T1 DSU/CSU WAN Interface Card (WIC-1DSU-T1-V2) http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet0918 6a00801a9184.html It has to be the V2 model. If someone can get one to me, that would be great. I'm happy to put e.g. $50 towards it, if money can get you one. Steve http://www.fivetrees.com
Re: Zurich OpenBSD
Edd Barrett wrote: I have actually never seen anyone in the UK wearing a bsd shirt apart from my friends.Sometimes I wonder if I am the only british OpenBSD user :p 'nother one here in South Wales. And another (Selsey, near Chichester). Steve http://www.fivetrees.com
Re: problem with locate
On Thu, 15 Mar 2007, Otto Moerbeek wrote: I see the problem. The problem occurs if top bigrams contain spaces. These are not handled correctly by awk. We'll have to use a field separator that can not be in a bigram. A tab is well suited, AFAKS. Try this. patch snipped I've run into this same problem on 4.1 stable, fully patched: locate database header corrupt, bigram char outside 0, 32-127: 14 It's been there some weeks now; the weekly script completes just fine with no error messages, and the database exists. Deleting it and running weekly manually does not change anything. Hardware is fine. Did your patch not make it into 4.1, or have I a) run into a different issue, or b) totally misunderstood the way new releases get built? Steve http://www.fivetrees.com
Re: problem with locate
As cna be easily checed using cvs (http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/locate/locate/mklocatedb. sh) this diff was committed after 4.1 was tagged. Thanks and apologies; I am lacking in CVS-reading-fu. I shall patch and report. From CVS: Problem seen by Han Boetes and other people with too big mps3 collections; these typically contain lots of file names with spaces in them Ah. Too big MP3 collections? Oops... guilty as charged. And yes, some of the filenames are, err, different. Steve http://www.fivetrees.com
Re: problem with locate
I said: Thanks and apologies; I am lacking in CVS-reading-fu. I shall patch and report. Wahay! Works lovely. Thanks. Steve http://www.fivetrees.com
Apache/Perl oddness: Analog, maybe also Apache::MP3
Hi folks, It's possible that ports@ would be a better place for this, but since there is a possibility that Apache (base install) is involved, I thought I'd try here first. (I've also discussed this with Joachim on the misc newsgroup. Thanks, Joachim.) I recently upgraded my home server from 3.8 to 4.1 (via a clean install). I installed Analog from packages, as I've done many times before. Using IE7 (or IE6) as a browser resulted in IE trying to save the file returned (/var/www/cgi-bin/anlgform.pl) rather than rendering it. The CGI did run; it just didn't render. Later I tried it with Firefox and Konqueror; it worked fine. What's strange is that this worked ok with 3.8. While trying to understand what was going on, I tried some other Perl CGI files, all of which worked on 3.8 with IE and are unchanged. Some worked, some resulted in the browser trying to save the file. For a while I thought it was related to a known IE bug: http://www.howtocreate.co.uk/wrongWithIE/?chapter=Content-type%3A+text%2Fpla in But I'm now not so sure. I've checked the HTTP headers returned; they look fine. Has Apache changed the way it deals with HTTP headers in a subtle way that I'm missing? (The issue is not related to e.g. the file extension, but *may* be related to the content type.) Also I installed Apache::MP3 (also Perl) from packages; this works ok *except* that most (not all) of the MP3 tags are rendered as ARRAY(0x7efa8078) (where the hex value varies). I expect this is a different issue entirely, but I mention it in case it isn't. The server is otherwise fine. Any ideas? Am I missing something obvious? Steve http://www.fivetrees.com
Re: Needed: Loaner tape library
We need access to a robotic tape library (with barcode support) and a connected server (running -current) for thorough testing of the new Bacula port. Preferably something with multiple drives and an I/O slot. Speed is not as important as chio(1) compatibility. I might be able to help with this - except the robot in question is in the UK (Surrey) and is a large, heavy brute of a thing. Partial dmesg follows: iha0 at pci1 dev 4 function 0 DTC Tech DMX3194U rev 0x01: irq 11 scsibus0 at iha0: 8 targets iha0: target 1 using 8 bit async xfers ch0 at scsibus0 targ 1 lun 0: QUALSTAR, TLS-4212i, 2.07 SCSI2 8/changer removable iha0: target 2 using 8 bit 10.0 MHz 15 REQ/ACK offset xfers st0 at scsibus0 targ 2 lun 0: SONY, SDX-300C, 0404 SCSI2 1/sequential removable iha0: target 3 using 8 bit 10.0 MHz 15 REQ/ACK offset xfers st1 at scsibus0 targ 3 lun 0: SONY, SDX-300C, 0700 SCSI2 1/sequential removable Get back to me if this is of any use. Steve http://www.fivetrees.com
panic: ffs_alloccg: map corrupted - SCSI parity errors
Hi folks, One of the servers (running 4.0, generic, fully patched) I'm responsible for has had a panic (see title line). I'll confess right away that I wasn't able to run trace or ps; I was away from the machine at the time and had to guide a colleague by phone through restarting the machine in a hurry - he had an office full of users breathing down his neck... Briefly: this machine runs an external 3Tb RAID array (a Nexsan ATAboy) via an Adaptec 29160 SCSI card; the RAID array is configured as four logical drives. Checking the logs, I see a bunch of parity errors a few days before, and then another bunch immediately prior to the panic. (The log lines, and the dmesg, follow my sig.) After restarting, the ATAboy self-diagnostics reported no errors. (I've run other tests which have reassured me we've lost no data.) The log shows errors on three of the four drives, which perhaps is unsurprising if it's the SCSI connection which wobbled. Are there any known issues with this SCSI card or driver (ahc)? Or do we just have flakey hardware? I've run memtest86+ ad nauseam etc etc with no issues at all, so I'm fairly confident about the base machine, but now unsure about the Adaptec card. The machine has otherwise been running happily with no errors or issues for several months now. Perhaps significantly, a large amount of data was being copied to the RAID array at the time, but this had been done many times before without issue. All cluebats gratefully received. Steve http://www.fivetrees.com *** Extracts from /var/log/messages: May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x55) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x63) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch May 18 04:27:30 hglserver /bsd: sd3(ahc0:4:4): parity error detected in Data-in phase. SEQADDR(0x4e) SCSIRATE(0xc2) May 18 04:27:30 hglserver /bsd: CRC Value Mismatch (note: 4:27 corresponds to a time during which I run a crontab'ed rsync from another machine for partial offsite backup.) ... snip ... May 23 16:53:56 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:53:56 hglserver /bsd: CRC Value Mismatch May 23 16:54:22 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x84) SCSIRATE(0xc2) May 23 16:54:22 hglserver /bsd: CRC Value Mismatch May 23 16:54:25 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:25 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:27 hglserver /bsd: sd2(ahc0:4:3): parity error detected in Data-in phase. SEQADDR(0x54) SCSIRATE(0xc2) May 23 16:54:27 hglserver /bsd: CRC Value Mismatch May 23 16:54:38 hglserver /bsd: sd1(ahc0:4:2): parity error detected in Data-in phase. SEQADDR(0x1a7) SCSIRATE(0xc2) May 23 16:54:38 hglserver /bsd: CRC Value Mismatch May 23 18:31:21 hglserver syslogd: restart May 23 18:31:21 hglserver /bsd: start = 0, len = 9793, fs = /s1 May 23 18:31:21 hglserver /bsd: panic: ffs_alloccg: map corrupted (note: panic occurred at 16:54; machine restarted at 18:31 after lengthy fscks...) *** dmesg: OpenBSD 4.0-stable (GENERIC) #10: Mon May 14 20:04:41 BST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Sempron(tm) 2400+ (AuthenticAMD 686-class, 256KB L2 cache) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX, FXSR,SSE real mem = 1073246208 (1048092K) avail mem = 971010048 (948252K) using 4256 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/08/04, BIOS32 rev. 0 @ 0xfda50, SMBIOS rev. 2.3 @ 0xf0630 (29 entries) pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7f00/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x9000 0xc9000/0x5400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8377 PCI rev 0x80 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Matrox MGA G400/G450 AGP rev 0x85 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) re0 at pci0 dev 10 function 0 Realtek 8169 rev 0x10: irq 5, address 00:14:6c:c0:28:60
Re: flowcharts
[EMAIL PROTECTED] asked: Do any of you use flowcharting software, and if so what do you use? I am just beginning to explore the world of programming and have so far used Microsoft (spit) Visio. I tried both Kivio and Dia but they fall short for me. My code choices are (due to the course I am attending) limited to JavaScript and pseudocode. By all means experiment with flowcharts, but be prepared to move on: I haven't used flowcharts in nearly 30 years, and there are good reasons. First, they teach you nothing about good structure - it's too easy to draw spaghetti. Second, they're never maintained - code gets tweaked, but the (graphical) flowcharts don't - so they become misleading documentation. Lastly, if your code is so complex that it needs a flowchart to be comprehensible, you're doing something wrong - or, at least, there are better ways. My suggestion would be to flowchart in pseudocode (avoiding the infamous goto, of course - haven't used those in 30 years, either - there's always a better, cleaner way). If you have large, complex indents, consider decomposing further: turn the indented section into a function (with a simple, clean name and interface - think generality). Think in terms of vertical complexity rather than horizontal. Aim to make your code as readable as you can. Similarly, make the code self-documenting: if maintenance relies on separate documents, it'll become harder when the docs fall behind - as they invariably will. All IMHO, of course, but learned the hard way ;). And it is entirely possible that this is something you *have* to learn the hard way, hence my opening words. Steve [Oh - and while I'm at it: avoid global variables. They are evil. But that's maybe for later, in the OO chapter... ;)] http://www.sfdesign.co.uk http://www.fivetrees.com
Re: 4.1 Packages Page
Djgoku he say: http://www.openbsd.org/4.1_packages/ Gets a 404 error. http://www.openbsd.org/4.0_packages/ Works fine. This appears to be normal procedure when a new release comes out. Give it a few days, and it'll be fine. (He says, confidently.) Steve http://www.fivetrees.com
Re: SCSI, LUNs, and volume sizes - SOLVED
daniele.pilenga wrote: First, those SCSIFORCELUN* options are no longer used in 4.0... this cost me a few days to figure out! :-\ I did wonder about that; those options are missing from the manpage, but used to be there... All I was able to do was make my server see the first lun, but not the other two, until I realized I could remap the luns to be 1, 2 and 3, without 0. With that trick the kernel sees all the three. Wahay! Just did the same, and it's now detecting them all (with the generic kernel). Thanks a million ;). Steve http://www.fivetrees.com
SCSI, LUNs, and volume sizes
I'm running an OpenBSD 4.0 system (generic kernel), fitted with an Adaptec 29160 SCSI card (so using the ahc driver), with the intention of running an external 3Tb RAID5 array (a Nexsan ATAboy). The intention is to setup a variety of partitions, the largest of which is 900Gb. So far, so good. The FAQ (section 14.7) says: There is also a 1T limit on the size of the physical disk, although under *some* circumstances, that may not cause you problems up to 2T, although this is not guaranteed. So, I set the RAID array up as 4 volumes: 3 of 900Gb, one of 300Gb. The ATAboy allows me to set these as lun0, lun1, etc. So far, still so good. However, at boot my system only sees the first lun (lun0, as sd0). How do I get my system to recognise the other LUNs? Is it a limitation of the Adaptec card, or the ahc driver, or something else? I've tried adding the SCSIFORCELUN_BUSES and SCSIFORCELUN_TARGETS options to the kernel, so far without success. I've also tried explicit sd0-3 targets and luns, also without success. Alternatively, I *might* be able to set the ATAboy up as a single 3Tb volume. Is this even worth trying? TIA, Steve http://www.fivetrees.com
Re: C unit tests seen by OpenBSD developpers
Bruno said: I'm currently learning C. In many languages, you hear lots of stuff likes 'unit testing', 'refactoring', 'agile programming' and others... It seems that these techniques are not very present in C programming (whereas check framework is in packages, it seems too complex) Looking quickly at the OpenBSD's CVS, I found no unit test. I won't debate on the merit or cost of this approach, and I'm not really fond of it (add not-so-usefull complexity) but I'm just curious to know why OpenBSD developpers choose to not use this technique for userland tools (for kernel, it's obvious :). First, I'm not (perhaps yet) an OpenBSD developer, so I can't speak for them. I write a lot of C (and assembler), but my speciality is embedded work (e.g. instrumentation, controllers, the design of which uses embedded micros). In that field, the methodologies you cite are indeed used, albeit not necessarily fully and individually, and perhaps not as widely as they should be. With embedded devices, bugs are less forgiving. I've now spent nearly three decades acquiring techniques and methodologies that allow me to provide bug-free software (actually, usually firmware) by design, rather than by debugging (something I actively try to avoid) [1]. The methodologies you cite each contain valuable lessons and techniques, but I rarely come across full-blooded devotees of any one or more or them. Regression testing has its uses, and in some cases is absolutely necessary, but in others impractical. There are many other appropriate techniques; it's a large area which pretty much amounts to the entire craft of software engineering. There are many good books (perhaps starting with The Mythical Man-Month). Mostly, IMO, it's an attitude: developing an approach (to both design and coding) which results in clear, maintainable, and above all robust code. Back at OpenBSD, the developers are proactive on these things, and are actively encouraging the use of certain idioms and alternatives to classic library functions to avoid common bugs (e.g. buffer overflows). I've yet to read much source, but I'm confident you'd find it enlightening. [1] A typical response to this claim is get real! or must be really trivial software, then. I can understand that; the software industry at large is fixated on the myth that complex software must be buggy. I don't buy that; it's a question of managing complexity. Reducing the complex to a collection of inter-communicating trivial things is one of the most important skills there is. Steve http://www.fivetrees.com
Re: hearing complaints regarding pre-orders
Theo said: We don't have a shipping pricing system. Those are very finicky prediction systems, parsing hopelessly horridly entered address information all the time. I suppose Austin and Wim could set one up, for instance, a very simple one, like: $30 USD shipping to anywhere in the world. That's what lots of internet retailers do. But no, we don't do that. We instead ask you to trust us that it is in our interest to ship to you using the best shipment method, which is a combination of low cost and reliability. The text right there on the order page says so. Interesting. I do online (CDs etc) sales; here in the UK the Distance Selling Guidelines (from the Office of Fair Trading) say that I am obliged to show the total cost, including shipping, at the time of purchase. I had assumed there were equivalent rules elsewhere. Clearly not. Not complaining, you understand (I download, donate, and evangelise) - just comparing notes. Steve http://www.fivetrees.com [demime 1.01d removed an attachment of type application/ms-tnef which had a name of winmail.dat]
Re: hearing complaints regarding pre-orders
Michael Scheliga [EMAIL PROTECTED] said: This thread is such a waste of time for the people running the project you said you already donate to. What's the point? The point is to make it easy and attractive for people to pay money to OpenBSD. Or, at the very least, to not provide them with reasons not to. I'm not sure I understand the flames this thread seems to be generating; my (one) response was intended as an insight, not a criticism. I'll not respond further unless I can, as I intended, offer something constructive. Steve http://www.fivetrees.com
Re: Lost IP traffic
My PF edge router has been cruising along for sometime now (years) without problems, doing just ask I ask of it. For some reason today it decided to stop serving webpages from my internal webserver. NOTHING changed anywhere to the best of my knowledge. I'm the only user on all of the servers in question, so if something did change then I was haxored. The only thing that has broken apparently is inbound webpage redirects. I'm still getting my E-mail, I'm still browsing the Internet, and that's about all that I care about. Is it possible that your ISP is now blocking HTTP requests to your IP? Steve http://www.fivetrees.com
Re: What about Agile
Darrin Chandler said: At this point I'll add something else. Great coders will do fine with whatever methodology. Bad coders will do bad. Great coders see the value of tools and use them appropriately. Bad coders follow a list of rules without knowing what they mean or how to apply them and get poor results. Heh - took the words right out of my mouth. My field is embedded; the borderline between hardware and software. This means that software Must Not Crash - a failure can result in lawsuits. I've had many conversations about methodologies over the last three decades - back in the 70s I had a hard time convincing my seat-of-the-pants assembly-programming colleagues that structured design wasn't just a fad, and that spaghetti coding did not mean their creativity was stifled. More recently a manufacturing company took me on to help establish a Right First Time culture; they'd finally understood something I'd been preaching for years. I failed, I'm afraid. I knew I was in trouble when the internal project leader insisted that every Boolean be explicitly tested for equality with either TRUE or FALSE. I eventually walked. For the record, my view is that UML is flawed in the same way that flowcharts were flawed - the stickman diagrams never stay in sync with the production code. However, there are some good points buried in there - mainly to do with understanding the requirements (Use Cases) before doing anything else. Agile and Extreme programming both have elements of good sense, but tend to be obscured by dogma (IMHO). There are many others (the Personal Software Process is an interesting one). OO is again sensible, indeed mostly indispensable, but again gets obscured by its ties to C++, which is a deeply flawed language. Seems like most methodologies get corrupted by semantics. The only methodology that I whole-heartedly embrace is defensive programming. Beyond that, my approach amounts to a set of best practices (design before coding; avoid globals; communicate only via well-defined channels; break complex things down into a collection of simple things; synchronism; treat debugging as an admission of failure; etc etc). I get good results, but while customers appreciate these results and often ask how I do it, their eyes glaze over when I try to explain. Ho hum. Nowadays I sum it up in one word: Dijkstra. He da man. Steve http://www.fivetrees.com
Re: OpenBSD's own compiler
Rico Secada [EMAIL PROTECTED] said: I read about how Ada is been used in all areas where safety is of great issue, and about how it's being used in rockets, Boing Airplanes and so on because of it's high level of safety. What I understood from it is, that the demand and control upon compilers, rather than on the sourcecode, eliminates the possibility of a lot of errors in the sourcecode, the compiler will not compile the program, and since Ada is being used in a lot places, where lives dependt upon the software, it has to be very safe. I was wondering, would it be a stupid and bad idea, for the OpenBSD team to develope, an OpenBSD C compiler based upon the OpenBSD security knowledge and internal standards regarding the language? Making it impossible for the compiler to accept and compile programs with all the knows errors which cause problems. The OpenBSDs way of programming has clearly made it clear, what security and quality is all about. It's not just the compiler, it's the language. ADA is a heavily-constrained language. C is quite the opposite. ADA, IIRC, does not support interrupts (or other non-determistic events). The PC uses these quite a bit... Steve http://www.fivetrees.com
Re: OpenWebMail (package)
Steve [EMAIL PROTECTED] said: Just need to remember to change fstab to remove the nosuid switch on /var FWIW, the package (at least on OpenBSD 3.8) had problems - file ownerships were wrong. The port, OTOH, seems fine. Steve http://www.fivetrees.com
Re: OpenBSD 3.9 (i386) on a Nortel Contivity 100
NetNeanderthal [EMAIL PROTECTED] said: I finally got my hands on one of these beasts after seeing it 'supported' by someone on the m0n0wall forums (circa 2003) and decided to see what it takes to upgrade its hardware and retrofit it with a modern operating system -- OpenBSD of course. I'm providing this eMail as a bit of a prod for some extra information as well as to share my extrapolations to a publicly archived list. snip Now, to address an oddity that others have reported -- the watchdog circuit. I have NOT cut my watchdog circuit and have installed OpenBSD on 3 of these units so far. There is an apm0 device, but I'm not sure if it does much. There is not a watchdog device recognized by OpenBSD, nor are any of the sysctls for it set. My units do not reboot after 2 minutes -- in fact, some have been operating for days. Might anyone have an explanation for the phenom? In general terms, a watchdog is a hardware device that resets the CPU if it's not kicked regularly e.g. every few hundred milliseconds. It should not be disableable in software; i.e. the code going off in the weeds should not be able to disable the watchdog by accident. An embedded circuit running proprietary software from boot time can meet these requirements. However, in my experience PC-type boards with watchdogs (e.g. PC/104 boards) have a software-enabled watchdog. This is off by default, meaning that a standard OS can boot and run. It's conventional to allow the watchdog to be enabled under software control, so that a critical application can enable the device once running. Again in general terms, it makes little sense for the OS itself to kick the watchdog, since this does not prove that the application is running and in control. I emphasize that these are general observations which may or may not be relevant to your platform. HTH, Steve http://www.fivetrees.com
Re: Static functions in C code
Denis Doroshenko said: So how do you specify that a function should be visible only to the local compilation unit? Or, how do you keep others from using your locally-scoped (but not declared static) function in a global context? why would you even want that (moreover in opensource)? hide for what reason? I'm not a fan of C++, for many reasons. However some (not all) of the principles of OOP are conducive to good design practice. One of these has to do with distinguishing between private and public functions (I won't say variables; I avoid globals like the plague) within a module. The public interface is all-you-need-to-know about the module. The private (static) stuff is in the none-of-your-business category. There's a myth that complex software has to be buggy. I don't believe in it. The key lies in managing complexity. Hiding the internals of a module is one of the tools that allows us to manage complexity. Steve http://www.fivetrees.com [demime 1.01d removed an attachment of type application/ms-tnef which had a name of winmail.dat]
Re: diff: plug telldir/seekdir leaks and more (fwd)
Trying to find testers, see below Yep, count me in. (I installed 3.8 for a local company [instead of a broken W2k box] a while back. Worked well, except Samba panicked regularly - one specific user. After sitting down to watch said user, realised she was saving files into a folder already containing 22,000 files. Avoiding that folder solved the problem totally. I can replicate it on my test boxen here. I believe the issue is related - if not, ignore me, as I am clearly clueless.) Contact me off-list if I can help. Steve http://www.fivetrees.com
Re: embedded computers with RS485
anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? PC/104 CPU boards quite commonly have at least one serial port switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and you should find plenty. I was looking for something similar to the Soekris ones, i found some in www.acrosser.com but they have to much unuseful stuff. Anyway to find something runable with OBSD in the PC104 world should be a try and error thing, and to much money to make those tests. Understood. You might then consider using a board you're happy with, and using an external RS-232 to RS-485 converter. It's common to use the modem control lines (RTS etc) to control the bus state, whether internally or externally, so should make little difference. It may also give you the option of an opto-isolated RS-485 bus, which is often a Good Thing in such cases, and usually essential when routing the bus further than the next desk. If I can help further, let me know off-list. We're probably way OT. HTH, Steve http://www.fivetrees.com
Re: embedded computers with RS485
anyone knows where i can find embedded computers with RS485 ports on board, where i can run OBSD? PC/104 CPU boards quite commonly have at least one serial port switchable from RS-232 to RS-485. Try Googling for +CPU +RS485 +PC104, and you should find plenty. Steve http://www.fivetrees.com
Re: EPIA issues...
Running 12V fans at 7V often works nicely (easily achieved with PC hardware by connecting the fan to 5V and 12V rather than 0V and 12V). With my electronics-designer cap on, I'd advise a little caution with this. The 5V regulator is designed to source, not sink, current. If the fan current exceeds the current the 5V regulator is supplying (which is unlikely under normal conditions, but possible under stall or fault conditions), the 5V rail will go high and take out all hardware relying on it. One other possible problem is that a fan is an inductive load - you could be coupling large amounts of noise onto the 5V line. Summary: with small fans, it should work, but you've introduced a mechanism whereby a fan failure could destroy the machine. Steve http://www.fivetrees.com
Re: massive memory leak in 3.8-stable samba
One of my production machines (3.8-stable) has suddenly started panicing every couple of hours. I found out that the culprit is smbd, eating through memory like there's no tomorrow (approx. 10Mb / minute! ). Can't figure out what has triggered it, nothing changed on the machine lately and there is only one active w2k client, writing a 2.5kB file every 15 seconds or so. I'd be glad of any assistance, even pointing out any stupid mistakes I have made, because this is driving me nuts. I ran into something very similar recently. In my case I eventually discovered that one user was writing to a folder containing 22,000 files. Avoiding this folder has entirely solved the problem. (Or at least worked around it.) FWIW, the Samba logs were helpful only inasmuch as they pointed me to the user who was causing the problem. I had to sit down and watch her operate to find out what she was doing... Perhaps (indeed probably) not relevant to your problem, but might give you some ideas. If you're writing a file every 15s, perhaps your problem is related to mine. Steve http://www.fivetrees.com
