Re: Your worst dream comes true, thanks to Intel
On Mon, May 30, 2005 at 10:56:30PM -0400, Constantine A. Murenin wrote: > Intel announced its new dual-core Intel Pentium D processors and 945 > chipsets, [...] > However, sources indicate that being dual-core is not the major > feature of the new technologies. Guess what is? DRM. [...] According to this German site (haven't found an English source yet) http://www.golem.de/0505/38320.html Intel has denied that the 945 had DRM built-in. They say that it only has the option to connect "Trusted Platform Modules" to it, which - according to Intel - is not news, as other chipsets are already able to do so. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Sun Netra T1 105
On Thu, Jun 02, 2005 at 08:04:38PM +0200, mdff wrote: [...] > for dell i'd choose obsd as well... but not for sun. theres trusted > solaris and very good sec-features starting from sol9. also, i figured > out that machine specific tools from the solaris os are not even planned > under obsd. Nonetheless, if I need to choose between trusting closed-source Solaris and the open OpenBSD for security, I tend to trust OpenBSD more. > furthermore for security, i guess it's always good 2 have a mix of > hardware and os's. In that sense it's even more interesting to run OpenBSD on Sparc, as OpenBSD/Sparc would be a less common combination than Solaris/Sparc... ;-) In addition, until the advent of Solaris 10 (which doesn't support older Sparc hardware anymore), Solaris was far too expensive for home users like myself - there was a so-called "free" (as in cost) licence, but that was only valid for a limited set of machines and - even worse - only for machines bought from Sun or a licenced dealer. None of my Suns falls under that category, hence, Solaris 9 is a no-no for me. With OpenBSD (or even Linux), at least I don't have to worry about all that licence nonsense. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Sun Netra T1 105
On Thu, Jun 02, 2005 at 10:09:58AM -0500, Kevin wrote: [...] > The Netra T1/105 (and the Telco-grade CP1500) are nice machines, [...] > System stability is great, like the Sun hardware of old. Performance is > what you'd expect from a 360Mhz or 440Mhz UltraSparc IIi, not stellar > but more than sufficient for a small mail gateway or packet filter. [...] I'm curious: Given that the Netras use the same CPUs as the U5/U10, do you happen to have any idea how they compare? I've been using U5(first)/U10(now) as my home firewall/web and mail server, originally with a 360MHz CPU, later with a 333 (which has more cache than the 360) and now with a 400/440 - for what I'm using them for they seem to be very sufficient - if not over the top... :-} I'd expect the Netra T1/105 to perform similarly - or even better? Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: OpenBSD's 10th birthday
On Tue, Oct 18, 2005 at 03:00:12AM -0600, Theo de Raadt wrote: > Now it is really OpenBSD's 10th birthday ;) Well then: "Herzlichen Glueckwunsch!" and 'Gefeliciteerd!' from the Netherlands! Thanks for all the good work! Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.org "You have to live on the edge of reality - to make your dreams come true!"
Re: Rename multiple files at once
On Wed, Jun 27, 2007 at 09:52:29AM -0700, Marco S Hyman wrote:
> > for FILE in *jpg; do
> > NEW=$(echo $FILE | sed -e 's/\.jpg$/_thumb.jpg/')
> > mv "${FILE}" "${NEW}"
> > done
> There is no need for echo and sed. OpenBSD sh and ksh support
> ${var%suffix} which evaluates to the contents of var less the suffix.
For completeness' sake: so does bash, apparently.
Cheerio,
Thomas
--
-
Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
Re: Sparc64 ATI cards
On Thu, Sep 06, 2007 at 01:52:20PM +0100, Edd Barrett wrote: > Hi, > "ATI Rage (vgafb), includes the PGX and PGX24 on-board frame buffers" > Does that include PGX32 cards (X3668A-370-3753)? AFAIR, the PGX32 (aka Raptor GFX 8P) is made by Tech-Source and not ATI based, hence, I'd be surprised if the ATI driver supports it. Some time back, I ran into the same under Linux/Sparc and the PGX32 was definitely not supported by ATI drivers. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Sparc64 ATI cards
On Fri, Sep 07, 2007 at 02:12:49PM +0100, Fergus Wilde wrote: > I couldn't get one of those Raptor cards working either. I have taken it out > of the Ultra5 it was in, and am using the built in PGX24 on the motherboard. > That works fine. However, I did have to do something complex and numinous at > the OBP prompt in order to tell the BIOS to send the video signal to that > output rather than to the PCI Raptor. That depends on how the Raptor was installed. You can find the installation manual on the Tech-Source website. The manual describes the various ways of installing a Raptor (including configuration of the OBP) and will hence also give some ideas as to how to revert this. Or you could boot the machine while holding Ctrl-N, which should reset the OBP to default values - I think that should also revert the frame buffer settings. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Problems installing 4.2 from CD
Hello, I just tried installing OpenBSD 4.2 on an older PIII box I got a while back - but I can't get the install to boot from CD. Here's what I have so far: - The PC has an Intel server board, L440GX+, with two PIII/550 (Slot 1) on it. This board has both IDE and SCSI (Dual channel U2W, Adaptec AIC-7896) on-board. - The CD-ROM is SCSI and connected to channel B of the U2W controller. - There are two IDE disks - a 20GB connected to IDE1 (master) and a 160GB on IDE2 (master). - The SCSI controller is set to support bootable CDs and the OpenBSD CD is recognised as such. If I try to boot from CD, the only lines I get are: CR-ROM: 9F Loading /4.2/I386/CDBOOT probing: pc0 com0 com1 mem[635K 638M a20=on] disk: At this point, the machine hangs hard, i.e. neither keyboard, nor reset/power buttons work anymore. I litterally have to pull the plug. If I disable *both* IDE drives in the BIOS, booting from CD-ROM works (or at least I get to the 'boot>' prompt, haven't tested further yet). Disabling only one of them doesn't help, though. As a test, I also tried to boot from an OpenBSD 3.9 CD, but that showed the same symptoms. Same goes for a Kubuntu 7.04 live CD - got stuck right after the boot menu. The odd thing is: I *have* installed OpenBSD on this PC in the past (must have been 4.0 or 4.1). The changes I have made since then were - as far as I can remember: - I removed a second 20GB IDE drive that was slave on IDE1. - I added the 160GB drive on IDE2 - I think I removed a PCI VGA card and a sound card, but I'm not 100% whether they were actually in there when I installed OpenBSD the last time. - I added a 3C509B(?) NIC. Any insight on this would be most welcome. I saw one related thread in the archives, but that seemed to deal with PCI cards rather than on-board devices. One of the solutions offered there was to remove the boot-eeprom from one of those cards - but I don't thinks I have that option in this case... :-} Regards, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Problems installing 4.2 from CD
On Fri, Jan 11, 2008 at 11:29:37AM +0100, Fridiric Pli wrote: > Did you check errata 003 ? > http://openbsd.org/errata42.html Embarrassingly, I forgot to check the erratas - thanks for the reminder. I tried that now, but CD2 isn't even recognised as bootable by the SCSI-controller, hence, the PC does not even try to boot from it... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Problems installing 4.2 from CD
On Fri, Jan 11, 2008 at 10:37:16AM +0100, T. Ribbrock wrote: [...] > If I try to boot from CD, the only lines I get are: > CR-ROM: 9F > Loading /4.2/I386/CDBOOT > probing: pc0 com0 com1 mem[635K 638M a20=on] > disk: I just tried a PXE boot using the on-board NIC - *that* works without a problem. I wonder why booting from the CD doesn't. :-/ Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Problems installing 4.2 from CD - SOLVED?!
On Fri, Jan 11, 2008 at 10:37:16AM +0100, T. Ribbrock wrote: [...] > If I try to boot from CD, the only lines I get are: > CR-ROM: 9F > Loading /4.2/I386/CDBOOT > probing: pc0 com0 com1 mem[635K 638M a20=on] > disk: > At this point, the machine hangs hard, i.e. neither keyboard, nor > reset/power buttons work anymore. I litterally have to pull the plug. [...] I have no idea why, but this is working now. It started working when I removed the 3COM NIC (which, by the way, was a 3c905B, not 3c509B...). When I tried again with the NIC back in place, it kept working. I then proceeded to replace the 3COM NIC with a DEC DE500 (had better experience with those in the past) and added a Promise FastTrack 2000 ATA-133 controller for the 160GB drive. Still working. I was able to boot from CD and install 4.2 without a hitch. I hate it when problems "vanish" like this - always causes some lingering suspicion... :-/ Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Vague NFS problem
Hi all, I ran into a vague NFS problem today: At home, I currently have an OpenBSD firewall/server and two Linux workstations. Last weekend, I finally replaced my Ultrasparc 10 with OpenBSD 3.8 with a dual PIII running OpenBSD 4.2. Initially, all seemed well, but today I got problems with NFS. When I started them up today, one of the Linux boxes (Kubuntu 7.10 on AMD64) had no problems at all and could get all NFS shares, while the older one (SuSE 10.0 on x86) was no longer able to mount any NFS shares from the OpenBSD server. Any mount attempt would take a long time and then fail with an RPC error 5 and some message about an invalid superblock(?) on the NFS share. The same machine was working perfectly fine yesterday and I haven't made any changes on either the server or the Linux box since. I went through /var/log/messages, /var/log/daemon and dmesg on the server but could not find anything out of the ordinary. 'rpcinfo -p' on the server didn't show anything unusual. As far as I could see, portmap, nfsd and lockd were still running - and as I said, the second Linux box had no problems at all. On the Linux box, any DNS lookups of the server worked just fine and I could ping the server without problem. Connections from the Linux box through the firewall/server to the internet worked fine as well. Finally, I started tcpdump on the server and performed another mount on the Linux box. I could see packages go both directions, but don't know enough to judge whether this was a "normal" exchange. In the end, I ended up rebooting the server (rebooting the Linux box hadn't helped) - and this solved the problem. Of course, this is rather frustrating, as I have no idea what happened here and why. Hence, I'm primarily looking for some ideas how to investigate should this happen again... I know it's not that much to go on, but maybe someone has some hint as to what I could look at or test. I never had any problems like this before with the old server, so I'm a bit wary as whether I can trust the new box. Thanks in advance, Thomas P.S.: Another, possibly related oddity: After the server reboot, NFS was working again on the SuSE box - but I got an error from its NTP that it could not get its initial time and date from the OpenBSD server. I had to reboot the Linux box once more to make that one go away. Iffy - no idea what's going on there. -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: the death of the oldest OpenBSD system on the net...
On Mon, Mar 17, 2008 at 09:56:44PM +0100, Marc Balmer wrote: > back in time (but not to long ago), I served 3000 email accounts for > a Swiss multinational insurance company on a P133 with 32MB RAM. Out of curiousity: Was that with or without spamfilters and virusscanning? These two seem to cause most of the "power demands" of mail servers these days, not the number of accounts... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Installing apsfilter package fails
On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote: [...] > You said, "If I remember correctly, you need to have the x-base > package installed > for the libiconv / gettext dependencies to be met. It's an issue with > 4.2." > How did you know that? Is there a "source" that I should reference > that I'm not aware of to "keep up" on the latest idiosyncrasies, bugs, > etc.??? This list for starters - that's where I learned about it... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Sun Netra X1 Firewall Throughput?
On Sat, May 19, 2007 at 10:16:33PM -0700, Bryan Vyhmeister wrote: > On May 18, 2007, at 2:09 PM, Daniel Ouellet wrote: [drive > 137GB on Sun X1?] > >No it doesn't. I have about 30 of them and putting any drives > >bigger then that will simply not work. Well, actually it work, but > >you can't use above that. If you try to even partition it like > >that, the system will crash and not start, period. I try a good > >Seagate 180MB for test and can't use it all. > That's too bad. I was hoping I could put larger drives in them. Oh > well, 120 GB it is. Maybe you can use the same approach I used with my U10 - I've put in a Promise PCI IDE controller and a 160GB and that worked fine (see the archives of the sparc list - I had some crashes in the beginning which were due to bad RAM). Downside is that you can't boot from them. I don't know whether the X1 has free PCI slots, but if it has, it might be an option. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: console xterm
On Wed, Aug 13, 2008 at 07:26:52AM +0200, ropers wrote: [...] > Is there a way to have a colour ls and still be able to page through it? With gls (which I use), there is. Example: gls -lF --color=always|less -r Suitable aliases should do the rest, I suppose. You'll have to use less with '-r', otherwise the colour control codes are not interpreted. This can have some downsides - see "man less". Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: 012_openssl
On Wed, Apr 08, 2009 at 04:31:27PM +0930, Damon McMahon wrote: > Just to let anybody else know who ran into this, rebuilding the /sbin > binaries to ensure that statically linked binaries are patched against > the recent openssl vulnerability needed a "make depend" in > sbin/wdconsctl otherwise make fails for this directory. Thank you! I had just started to wonder why this failed... :-} Regards, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.org "You have to live on the edge of reality - to make your dreams come true!"
Re: Low power OpenBSD machine
On Mon, Apr 13, 2009 at 12:52:23PM -0400, Nick Holland wrote: [...] > a PIII-class system with an i810 chipset will probably come in below 30W > when idle. (Other chipsets may, too...but I put the Wattmeter on a 500MHz > PIII with an i810 chipset, with both a real disk and a flash disk, and it > came in at under 30W when CPU was idle). That is consistent with my findings - the dual PIII/550 on an Intel L440GX server board I use as home server clocks in at about 50W idle with two HDs. Even the HP Kayak XU800 (dual PIII/866) I have only uses some 60W idle, but peaks much higher than the Intel. So, PIIIs can still go a long way, but I would not vouch for them matching a suitable laptop set-up. [...] > Get a wattmeter. Great investment... True, that. :-) Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Best way forward w.r.t. apache/nginx/httpd?
Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache -> nginx -> httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same "developer attention" caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: Best way forward w.r.t. apache/nginx/httpd?
I'll answer to this one, but I'll start with a big thanks to all who responded - some interesting points were made! On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: > apache-httpd-openbsd is a dead-end, it's not actively developed, ssl > support is poor, third-party documentation relating to use of webapps > with Apache has long since moved to Apache 2. It's mainly there to > provide a quick migration path for existing OpenBSD users and to > ease the pain in ports. In fact, the Apache 1 vs. 2 problem has already hit me in the past and forced me not to use a photogallery application I wanted to use. You make a very valid point here: Contrary to nginx, there is indeed nobody developing Apache 1 anymore (not even the OpenBSD developers who kept it running for so long). > > b) Migrate to nginx [...] > This might be a reasonable choice, especially if the CMS you're looking > at already documents how to use it with nginx. I had a quick look - CMS Made Simple (which is what I'm using) has aparently been used with nginx by some people, so there is some documentation around. phpGedView (which is another application I use) is no longer developed anymore and I was thinking about replacing it anyway, so this might be a good time. Same goes for the gallery I'm currently using. There will be some work involved, but this has been coming a long time now... Time for some clean-up work. > > c) Migrate to httpd [...] > Personally I don't think httpd is quite ready for use with a typical > PHP-based CMS yet (including -current). Two big issues for this type > of use: "clean urls" functionality in most CMS needs rewrite support > which httpd doesn't have. httpd's fastcgi support passes every url > matching a location block to the handler meaning there's no mitigation > for the issue described in > http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP > (which also affects naive nginx configurations). Thanks for those two insights. Based on what I've read so far, I will give nginx a try - that will at least place me on a server that is a) well known on OpenBSD and b) still under active development - that should buy me enough time to wait for the day that httpd can take over this job - given the track record of OpenBSD, I very much like to stay within base where possible. Thanks again! And now off to read up on how to use nginx with PHP etc.pp ;-) Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: missing packages for SPARC
On Fri, Dec 05, 2014 at 07:37:39PM +0100, Riccardo Mottola wrote: > That's a good idea. My SS20 which has 2 HDDs, CD and floppy, has a fan in > between, it looks it is wired properly and has an attachment, so it looks > "original" for certain hotter configurations. IIRC, that's one of the newer SS20, then - they added that extra fan later and at least one of my own SS20 has it (been a while since I opened them...). Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
APC UPS & sensorsd - how?
Hi all,
one of the remaining "kinks in the cable" that still need working out
after me updating to OpenBSD 5.6 is the fact that I can no longer use
apcupsd to monitor the "APC Back-UPS CS 500" that is connected to the
server via USB. From what I have gathered so far, one has to use
sensorsd instead, so I've been through the man pages (sensorsd(8) and
sensorsd.conf(5)) as well as through the archives of this list. The one
relevant thread I found was this one:
http://marc.info/?t=14167023941&r=1&w=2
Despite this, I cannot seem to get sensorsd to monitor the state of the
ups. Here's what I have so far:
The ups is detected properly as can be seen from dmesg:
[...]
uhidev0 at uhub4 port 2 configuration 1 interface 0 "American Power Conversion
Back-UPS CS 500 FW:808.q8.I USB FW:q8" rev 1.10/0.06 addr 2
uhidev0: iclass 3/0, 98 report ids
upd0 at uhidev0
[...]
It is also seen properly by sysctl:
# sysctl | grep upd
hw.sensors.upd0.indicator0=On (Charging), OK
hw.sensors.upd0.indicator1=Off (Discharging), OK
hw.sensors.upd0.indicator2=On (ACPresent), OK
hw.sensors.upd0.indicator3=On (BatteryPresent), OK
hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
hw.sensors.upd0.percent0=100.00% (FullChargeCapacity), OK
hw.sensors.upd0.percent1=55.00% (RemainingCapacity), OK
When removing AC power, I can see that the ups reports this as expected:
# sysctl | grep upd
hw.sensors.upd0.indicator0=Off (Charging), OK
hw.sensors.upd0.indicator1=On (Discharging), OK
hw.sensors.upd0.indicator2=Off (ACPresent), OK
hw.sensors.upd0.indicator3=On (BatteryPresent), OK
hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
hw.sensors.upd0.percent0=100.00% (FullChargeCapacity), OK
hw.sensors.upd0.percent1=55.00% (RemainingCapacity), OK
(see changes in "Charging", "Discharging" and "ACPresent")
What I cannot seem to get to work is that sensorsd *reacts* to these
changes. Based on the examples in the thread mentioned above, I've
created a small script "/etc/sensorsd/upd.sh" that looks as follows:
# cat /etc/sensorsd/upd.sh
echo "${@}" | logger -t UPD
I have then created the following sensorsd.conf:
hw.sensors.upd0.indicator0:high=0:command=/etc/sensorsd/upd.sh %x.%t%n Charging
%2 %s
hw.sensors.upd0.indicator1:high=0:command=/etc/sensorsd/upd.sh %x.%t%n
Discharging %2 %s
hw.sensors.upd0.indicator2:low=1:command=/etc/sensorsd/upd.sh %x.%t%n ACPresent
%2 %s
hw.sensors.upd0.indicator3:low=1:command=/etc/sensorsd/upd.sh %x.%t%n
BatteryPresent %2 %s
hw.sensors.upd0.indicator4:high=0:command=/etc/sensorsd/upd.sh %x.%t%n
ShutdownImminent %2 %s
hw.sensors.upd0.percent0:low=25:command=/etc/sensorsd/upd.sh %x.%t%n
FullChargeCapacity %2 %s
hw.sensors.upd0.percent1:low=25:command=/etc/sensorsd/upd.sh %x.%t%n
RemainingCapacity %2 %s
When I start sensorsd, I get this output:
sensorsd[31995]: upd0.indicator2: exceeds limits: On is below On
sensorsd[31995]: upd0.indicator3: exceeds limits: On is below On
UPD: upd0.indicator2 ACPresent On OK
UPD: upd0.indicator3 BatteryPresent On OK
UPD: upd0.percent0 FullChargeCapacity 100.00% OK
UPD: upd0.indicator4 ShutdownImminent Off OK
UPD: upd0.indicator1 Discharging Off OK
UPD: upd0.percent1 RemainingCapacity 61.00% OK
UPD: upd0.indicator0 Charging On OK
However, when I subsequently remove AC power, nothing happens - no more
messages from sensorsd are forthcoming. I've also tried running sensorsd
with '-c 1' and left the system for more than a minute after the change,
but no avail. Also, some variations on the limits (e.g. "low=1:high=2"
for indicator3) did not change anything. I get the sneaking feeling that
I might miss something obvious, but so far have no idea. Hence, if
someone out there *does* have an idea, I'd be very interested to hear
and learn.
Thanks in advance,
Thomas
--
-
Thomas Ribbrockhttp://www.ribbrock.org/
"You have to live on the edge of reality - to make your dreams come true!"
Re: APC UPS & sensorsd - how?
On Sun, Mar 22, 2015 at 03:26:30PM +, Stuart Henderson wrote:
> On 2015-03-22, T. Ribbrock wrote:
> > What I cannot seem to get to work is that sensorsd *reacts* to these
> > changes. Based on the examples in the thread mentioned above, I've
> > created a small script "/etc/sensorsd/upd.sh" that looks as follows:
> > # cat /etc/sensorsd/upd.sh
> > echo "${@}" | logger -t UPD
> > I have then created the following sensorsd.conf:
> > hw.sensors.upd0.indicator0:high=0:command=/etc/sensorsd/upd.sh %x.%t%n
> > Charging %2 %s
> > hw.sensors.upd0.indicator1:high=0:command=/etc/sensorsd/upd.sh %x.%t%n
> > Discharging %2 %s
> > hw.sensors.upd0.indicator2:low=1:command=/etc/sensorsd/upd.sh %x.%t%n
> > ACPresent %2 %s
> > hw.sensors.upd0.indicator3:low=1:command=/etc/sensorsd/upd.sh %x.%t%n
> > BatteryPresent %2 %s
> > hw.sensors.upd0.indicator4:high=0:command=/etc/sensorsd/upd.sh %x.%t%n
> > ShutdownImminent %2 %s
> > hw.sensors.upd0.percent0:low=25:command=/etc/sensorsd/upd.sh %x.%t%n
> > FullChargeCapacity %2 %s
> > hw.sensors.upd0.percent1:low=25:command=/etc/sensorsd/upd.sh %x.%t%n
> > RemainingCapacity %2 %s
> It's a bit of a hack, but for the "normally on" sensors like ACPresent you
> can use :low=1:high=2
> http://www.undeadly.org/cgi?action=article&sid=20140320093943&pid=1
Thanks for the suggestion! I tried that just now for the ACPresent
sensor and changed the corresponding rule to
hw.sensors.upd0.indicator2:low=1:high=2:command=/etc/sensorsd/upd.sh %x.%t%n
ACPresent %2 %s
Upon starting sensorsd (with '-c 1'), I got the following messages:
sensorsd[23468]: upd0.indicator2: exceeds limits: On is below On
sensorsd[23468]: upd0.indicator3: exceeds limits: On is below On
UPD: upd0.indicator3 BatteryPresent On OK
UPD: upd0.indicator2 ACPresent On OK
UPD: upd0.percent0 FullChargeCapacity 100.00% OK
UPD: upd0.indicator0 Charging On OK
UPD: upd0.indicator4 ShutdownImminent Off OK
UPD: upd0.indicator1 Discharging Off OK
UPD: upd0.percent1 RemainingCapacity 88.00% OK
Then, I removed the power and waited for almost two minutes, but no
further messages appeared and no apparent reaction from sensorsd was
visible.
To be certain, I also tried the other way round, i.e. I restarted
sensorsd while the power was still removed:
sensorsd[24532]: upd0.indicator2: exceeds limits: Off is below On
sensorsd[24532]: upd0.indicator3: exceeds limits: On is below On
UPD: upd0.indicator0 Charging Off OK
UPD: upd0.indicator4 ShutdownImminent Off OK
UPD: upd0.indicator3 BatteryPresent On OK
UPD: upd0.indicator2 ACPresent Off OK
UPD: upd0.indicator1 Discharging On OK
UPD: upd0.percent1 RemainingCapacity 79.00% OK
UPD: upd0.percent0 FullChargeCapacity 100.00% OK
Then, I re-applied power, but that, too, was never flagged by sensorsd.
For some reason, it looks like sensorsd only ever detects a status
change (for these rules) when it gets started - but not afterwards.
Regards,
Thomas
--
-
Thomas Ribbrockhttp://www.ribbrock.org/
"You have to live on the edge of reality - to make your dreams come true!"
Recommendations for video call/conferencing server on OpenBSD?
Hi all, with more and more colleagues and friends sitting at home, I'm considering installing some video call/conferencing software on my existing OpenBSD server. I currently have Nextcloud installed on that server, so the easiest option was the Nexcloud Talk plugin, which I'm playing with now. Nonetheless, I'd be curious about what others use/recommend for video calls/conferencing - any suggestions? Thanks in advance, Thomas
Re: Recommendations for video call/conferencing server on OpenBSD?
On Wed, Apr 01, 2020 at 11:36:07PM +0200, Jan Betlach wrote: > I am using jitsi.org and tox.chat (on Linux VM). Have you by any chance tried to get jitsi running natively on OpenBSD? That would be my preference, if possible (especially as said server is not exactly "high end"...) Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
tmux redrawing issues after switch to 6.4
Hi all, last week, I finally got round to re-install my home server with OpenBSD 6.4 (was still on 5.6 - don't ask...). Everything is running smoothly (and I was quite impressed by all the improvements made - just took me quite some time to go through all the new docs... ;-) ). I just have one remaining problem that I have not been able to find a solution for: tmux. I've been using tmux under OpenBSD 5.6 extensively (usually via ssh) and never had any issues with it. However, with OpenBSD 6.4 and its version of tmux, tmux now fails to redraw the screen properly when paging through files in some applications via ssh. It works in vi, but in vim and less, lots of characters from previous pages remain on the screen. Interestingly, it only happens when paging or jumping (e.g. search) - not when scrolling line by line. I've been searching around for quite some time and found several old message "on the net" about similar issues, but have not found a solution. Has anybody maybe some pointers for me how to investigate/solve this? Thanks in advance, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: tmux redrawing issues after switch to 6.4
On Tue, Jan 08, 2019 at 03:08:49PM -0800, Jon Tabor wrote: > On Tue, Jan 08, 2019 at 11:25:36PM +0100, T. Ribbrock wrote: [...] > > However, with > > OpenBSD 6.4 and its version of tmux, tmux now fails to redraw the screen > > properly when paging through files in some applications via ssh. It > > works in vi, but in vim and less, lots of characters from previous pages > > remain on the screen. Interestingly, it only happens when paging or > > jumping (e.g. search) - not when scrolling line by line. [...] > What's your TERM variable set to? I've seen/read about issues if TERM > is set to something like xterm-256color. You might try changing it to > screen-256color and see if the problem goes away. I had it at the default "screen" all the time. I've now also tried "screen-256color" (via 'set -g default-terminal' in .tmux.conf), but that has not changed anything, unfortunately. Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Trying to understand/debug caldav vs. httpd issue
Hi all, this may be a long shot, but I'm looking for someone who can give me a few pointers (if this is better posted to another list, please let me know as well). TL;DR: I am running into issues with a webdav/caldav client connecting to a Nextcloud instance running on OpenBSD httpd, so someone with a more intimate knowledge of httpd would probably already be a great help. Long story: I have Nextcloud running on my OpenBSD server and have been doing so for several years now without any big issues. Recently, I was trying to connect the caldav client of a SailfishOS smartphone to this Nextcloud instance. As this was failing, I first turned to the Sailfish community, as other caldav clients (e.g. Android ones) connect without problems. One result is that the Sailfish-client seems to work well with other Nextcloud-servers (typically some Apache or Nginx on Linux), so the problem seems to lie somewhere in the interaction between this particular type of client (Qt) and this particular webserver (httpd). Eventually, with the help of one of the Sailfish-community members who is actively involved with the caldav/webdav stuff, I was able to determine that is the initial PROFIND request that already fails. He prepared a little Qt-program for me doing a PROPFIND in the same way as the actual client. In addition, I have created the same in Perl and I've set up a separate test server with a clean OpenBSD 6.8 (by now upgraded to 6.9) install and a fresh Nextcloud 20 installation so I could a) exclude any interference with other things running on my main server and b) experiment freely using plain http. Using this test set-up, I was able observer the same issues as on the main server, which boiled down to the following: - Using the Perl testclient, the PROPFIND always works - Using the Qt testclient, the PROPFIND (almost) always results in a "400 Bad Request" response from httpd, causing the PROPFIND to fail. Using tcpdump on the test server, I was able to determine some differences between the two test clients: The Perl-client seems to send both http-headers and the XML-body for the PROPFIND in one go, gets a 401 response and then re-issues the request with authorisation (which then succeeds). The Qt-client sends the http-headers first in one TCP-segment (I'm not too good on terminology...). Once that has happened, httpd already sends back the 401 - and *then* the Qt-client sends the XML-body in a second TCP-segment, causing the "400 Bad Request" response (I presume because httpd is expecting new headers at this point, not a content body). What I am now trying to figure out (and I neither know the relevant standards nor httpd well enough to do so) is whether this is something weird on the Qt side - or on the OpenBSD/httpd side so I can eventually provide input to the right people to hopefully get this fixed at some point. As mentioned above, any pointers would be greatly appreciated, as this has been bugging me for quite some time now. I have tcpdump traces as well as traces from httpd (which I have recompiled with debugging enabled on the test server) which I can provide. Thanks in advance, Thomas
Re: Trying to understand/debug caldav vs. httpd issue
On Fri, May 07, 2021 at 09:06:31AM -, Stuart Henderson wrote: > On 2021-05-05, T. Ribbrock wrote: [...] > This is not a bad place to ask. Your description is good but anyone > looking into what's up will want to test, so if you could include > the test tools and a description of setup needed to reproduce that > would help. Including the tcpdump traces would help too. Don't worry > about the mail being long. thank you! In that case, I'll spend some more time in providing the items you mentioned to get them even more generic - currently, the test config is based on my main server and has a few, let's say "historic idiosyncracies" in it. I have always installed Nextcloud manually up until now and I've already noticed some differences between the Nextcloud package-readme and my own config. Not that I think that this will have any significant influence on the issue at hand, but I want this to be as easy to reproduce as possible. I should be able to post them over the next few days (bit strapped for time). [...] > > The Qt-client sends the http-headers first in one TCP-segment (I'm not > > too good on terminology...). Once that has happened, httpd already sends > > back the 401 - and *then* the Qt-client sends the XML-body in a second > > TCP-segment, causing the "400 Bad Request" response (I presume because > > httpd is expecting new headers at this point, not a content body). > It makes no difference to the HTTP protocol whether headers and body are > in separate TCP segments, but some software may handle things wrongly. > httpd uses libevent and it wouldn't be the first time libevent-based > software has problems with data in separate TCP segments (I have a > feeling we might have had a problem with ftp-proxy related to this > but can't find any details, perhaps it was never fixed), That's what I thought as well, but I'm simply not deep enough in the matter to make that call. My skills are just about good enough to read through the httpd sources and with the help of the debug output to get *some* idea of the flow, but that whole libevent-part is beyond me. [...] > Pretty sure it will be on the httpd side. Ok, then I can at least already tell the SailfishOS community member who helped me that he can put this on hold for now on his side. That's something! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: Sending email in Apache chroot?
On Wed, Jan 21, 2009 at 03:34:57PM +1100, Sunnz wrote: > So in summary, the following was done: [...] > - cp /bin/ksh /var/www/bin/; cp /bin/sh /var/www/bin/; > "femail itself does not use or need sh. whatever invokes it might need > it.", Henning Brauer. I doubt you need to copy sh *and* ksh. sh only (which, as far as I can see, is the same binary as ksh, anyway) should suffice. Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Debugging apcupsd with Back-UPS CS 500
Hi *! I am in need of some help with debugging the UPS set-up I am running... I have an APC Back-UPS CS 500 connected to my server (OpenBSD 4.8) with an USB cable. When I connect the UPS to the server, I get this in dmesg: ugen0 at uhub4 port 2 "American Power Conversion Back-UPS 500 FW: 6.4.I USB FW: c1" rev 1.10/1.00 addr 2 To control the UPS, I have installed the apcupsd package. I'm using UPSCABLE smart UPSTYPE usb in apcupsd.conf, everything else is left at default. When I start apcupsd with "/usr/local/sbin/apcupsctl start" everything seems to work fine initially - I get a broadcast message about "Communications with UPS restored." and I can use apcaccess to get the status of the UPS. However, a short while later, I start getting "Communications with UPS restored." messages roughly every 10s or so, flooding the logs. For each of these events, dmesg shows ugen0 detached ugen0 at uhub4 port 2 "American Power Conversion Back-UPS 500 FW: 6.4.I USB FW: c1" rev 1.10/1.00 addr 2 So, it looks as if the UPS "falls off" the USB and reconnects again imediately and continues to do so indefinitely. I have seen this with two different motherboards running the same software, so I would tend to believe it's not the USB port itself. Also, I have had this same UPS running with an older version of this sever (still under OpenBSD 4.4, if I remember correctly) at some point, but unfortunately, I do not know anymore when exactly this problem started. Any hints as to what I could check are most welcome. Thanks in advance, Thomas P.S.: I've also dabbled with nut, but could not get it to work with the UPS at all - I probably just fail to understand the docs to get the correct incantation of "driver" and "port"... -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: Debugging apcupsd with Back-UPS CS 500
On Fri, Oct 21, 2011 at 12:21:14PM +0200, T. Ribbrock wrote: > I am in need of some help with debugging the UPS set-up I am running... > I have an APC Back-UPS CS 500 connected to my server (OpenBSD 4.8) with > an USB cable. When I connect the UPS to the server, I get this in dmesg: > ugen0 at uhub4 port 2 "American Power Conversion Back-UPS 500 FW: 6.4.I > USB FW: c1" rev 1.10/1.00 addr 2 > To control the UPS, I have installed the apcupsd package. I'm using > UPSCABLE smart > UPSTYPE usb As suggested to me by off-list mail, I've also tried UPSCABLE usb (instead of "smart") - unfortunately, that did not make any difference. After starting apcupsd, everything seems fine for a minute or two, then the UPS starts detaching from and attaching to the USB every 10-15s. Still not certain whether it's the UPS, the PC or the software but that's why I'm looking for ideas towards debugging this... Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: NFS problems w/ diskless client
On Tue, Mar 16, 2010 at 01:36:55PM +0100, Jan Stary wrote: > On Mar 15 21:18:15, Thomas Ribbrock wrote: [...] > > Apparently, something in NFS has changed between 4.2 and 4.5 (and > > higher) - and I just cannot figure out what... Hence, I have no idea > > what I would need to change nor what to investigate further. I've been > > over the release notes and the only NFS related change that I noticed > > was the addition of rpc.statd in 4.4 - could this have anything to do > > with the problems I'm seeing? > Are you sure that there is no pf standing in between the NFS client > (indy) and the NFS server (obsd)? In 4.6, the default is to run pf, > and the 4.6 version of pf (older versions too, probably) recognize > a 'no-df' option to 'scrub': http://www.openbsd.org/faq/pf/scrub.html > no-df > Clears the don't fragment bit from the IP packet header. > Some operating systems are known to generate fragmented > packets with the don't fragment bit set. This is > particularly true with NFS. Scrub will drop such packets > unless the no-df option is specified. > Could this be related to the "ERR 1448 (DF)" message above? Well, I've run into the same problem with a clean, "out-of-the-box" install of OpenBSD 4.5 on the test server. AFAIK, starting pf is not default before 4.6, so pf should be out of the picture. I *have* actually been experimenting with running pf and adding scrub rules with no-df but so far, I was not able to come up with an incantation that would make the set-up work. > Also, there might be differences in exactly what packets the nfs2 client > and the nfs3 client generates; have a look at a full tcpdump of the boot. I might try that, but the boot is very long (loads of packages), so that'll be extensive work. I'm also considering installing 4.3 and 4.4 on the test server to establish which release changed the behaviour - maybe that will give me a hint. Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
SOLVED (& new Q): NFS problems w/ diskless client
Ok, I have the Indy booting now, though I'm still not quite sure *why* it works now... What I have done: I discovered that the default read-/write-size for nfsroot is 1024bytes in the Linux kernel (or wherever that is defined). So I tried changing those values in the boot parameters to 8192bytes - and presto, that got rid of the timeouts. The Indy now boots happily off my regular OpenBSD 4.5 file server. Some more tweaking and I've got myself a nice little music player... ;-) Hence, somewhere between OpenBSD 4.2 and 4.5 a change was made that caused the OpenBSD NFS server not to like those small block sizes anymore. As my solution was purely trial and error based on some (semi-)educated guesses, this is somewhat unsatisfying... If anyone can shed some more light on this, I'd be much obliged. Oh, and for completeness: Before discovering this, I did experiment with the no-df flag in pf.conf under OpenBSD 4.6 (test server) - that didn't change anything. Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: Is OpenBSD + PF accredited or certified in any way ?
On Tue, Feb 02, 2010 at 02:15:00PM -0500, Brad Tilley wrote: > Common Criteria - http://www.iso15408.net [...] > I think the certification process can be very narrowly focused on a > few parts of the system [...] Yup, that's the whole idea behind CC - all the evaluation does is verify the claims that the vendor has outlined in the "Security Target" (ST). The "EAL" levels only tell you to what depth this has been done. Hence, the "EAL" tells you zilch unless you also read the ST (i.e. the vendor claims). In some areas (e.g. smartcards), requirements for STs have been standardised to some extent, so the CC results are more comparable - but in other areas, vendors can pretty much claim what they want... Cheerio, Thomas -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.org "You have to live on the edge of reality - to make your dreams come true!"
Re: Is OpenBSD + PF accredited or certified in any way ?
On Wed, Feb 03, 2010 at 11:10:59PM +0100, Martin Schr?der wrote:
> 2010/2/3 Jean-Francois :
> > Not clear for me, does this firewall reach EAL4+ or EAL6 as stated in their
> > doc
> "Certified by the BSI according to CC at the level EAL 4+"
> http://www.genua.de/genua/kunden/index.en.html
ITYM http://www.genua.de/produkte/firewall/genugate/zerti/index.en.html
The EAL6 refers to the augmentations they did to the EAL4 package (the
"+" in EAL4+). Nonetheless, neither means *anything* unless you've also
read the claims they've made ("Security Target"). In theory, they could
evaluate the whole firewall under the assumption that no network
connections are present and *still* get a valid EAL4+ certification - so
you really need to know what the claims were.
Genua themselves don't seem to provide easy access on their own site to
the Security Target (though I didn't search very thoroughly), but you
stand a good chance of finding the full public report on
http://www.commoncriteriaportal.org/
Cheerio,
Thomas
--
** PLEASE: NO Cc's to me privately, I do read the list - thanks! **
-
Thomas Ribbrockhttp://www.ribbrock.org
"You have to live on the edge of reality - to make your dreams come true!"
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Mon, Feb 22, 2010 at 04:04:39PM +0200, Aram H??v??rneanu wrote: > Besides what's written above. EAL is meaningless unless you read the > Protection Profile. EAL is the assurance level *against* the > protection profile. If your PP specifies only that in your systems, > users login using passwords you can easily get EAL7, but that would be > so meaningless... ITYM s/Protection Profile/Security Target/ Protection Profiles are optional. Security Targets are mandatory and *can* claim conformance to a PP, but don't need to unless you have a e.g. certain target market. Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: OpenBSD Volunteer needed today in Los Angeles - Solved!
On Mon, Feb 22, 2010 at 03:51:28PM +0200, Aram H??v??rneanu wrote: > EAL4 is meaningless. The auditor is not required to view the software > in any way (binary or source). Wrong. EAL4 is the lowest EAL that includes ADV_IMP.1, which in turn requires checking the actual implementation, i.e. source code in case of software TOEs. It does not, however, require a full code review - a sampling of whether the implementation actually implements the design is sufficient. > Any vendor with money can get its OS to > be certified at least at EAL 4 because all that means is that the OS > has some mechanisms in place for implementing security. It does not > guarantee that those mechanisms really work Again wrong. The mechanisms that are *claimed* by the vendor have to be implemented accurately. > or that the OS is not full of security holes. Now *that's* where it gets interesting because you're absolutely right on with this one - CC only verifies the claims made by the vendor, nothing more. There is no requirement as such to go looking for security holes that are outside the claimed scope. As you write in your other mail (and I've written myself before) EALx means zilch without reading the claims (i.e. Security Target). If the vendor does not claim a lot of security and/or lists a lot of environmental restrictions/assumptions (wasn't that the NT4 EAL4 where there was no network and suchlike) he might very well be able to get a reasonably high EAL without too much effort. Hence, whoever is looking at EALs does well to carefully read the corresponding Security Target, *especially* if it's not claiming conformance to a standardised Protection Profile[0]... Whether this type of evaluation/certification is of any use in "real life" is left as an exercise to the reader... Cheerio, Thomas [0] like e.g. smart cards -- ** PLEASE: NO Cc's to me privately, I do read the list - thanks! ** - Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919 "You have to live on the edge of reality - to make your dreams come true!"
Re: Architeture Choose
On Sun, Nov 07, 2010 at 12:11:51AM -0400, Nick Holland wrote: > and a U5 at work that has been running an app for probably the last > ten years with probably less than five hours total downtime (original > disk. I'm scared). In that case you were lucky to have a "good" version of the motherboard... There is at least one revision where the capacitors go bad - mostly those buffering the CPU, causing the machine to become unstable. Of the 3 U5/U10 I've seen with that revision, 2 were already bad... Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
