Re: Go programs only using one CPU core

[john slee]

Hi,

> On 2021-03-26, Richard Ulmer  wrote:
> > The `go` directive starts a new goroutine, which I would expect to be
> > put into it's own process here. However, using htop(1) I can see, that
> > only one of my two cores gets load. Running the same program on Linux,
> > two cores are utilized.

That's not how the Go runtime works, I think?

You shouldn't expect to see a 1:1 mapping of goroutines:OS processes.

Quoting Russ Cox on the golang-nuts list:

  "This is a popular split but hardly the only definition
  of those terms. One reason we use the name goroutine
  is to avoid preconceptions about what those terms mean.
  For many people threads also connotes management by
  the operating system, while goroutines are managed first
  by the Go runtime"

More here:

https://medium.com/the-polyglot-programmer/what-are-goroutines-and-how-do-they-actually-work-f2a734f6f991

Are you actually seeing a problem (an actual problem, not "I can only see
one line for my app in "top") specific to OpenBSD?

John

Re: Recommendations for USB Barcode Scanner and Thermal Receipt Printer

[john slee]

+1 for Symbol here. Have used them in factory environments and I can’t
recall one ever failing.

If buying used, be sure you can get the documentation for it, as these are
often configurable (eg. continuous vs. triggered scanning) via scanning
special barcodes.

John


On Sun, Jul 26, 2020 at 07:20 Erling Westenvik 
wrote:

> On Sat, Jul 25, 2020 at 08:47:48PM +0200, Rubén Llorente wrote:
> > Anybody in the list has good (or bad) experiences with USB Barcode
> > Scanners? Which models with?
>
> I have a working barcode scanner, Symbol Technologies LS2208, that
> shows up in dmesg as:
>
> uhidev4 at uhub3 port 6 configuration 1 interface 0 "?Symbol
> Technologies, Inc, 2002 Symbol Bar Code Scanner" rev 2.00/2.01 addr 4
> uhidev4: iclass 3/1
> ukbd1 at uhidev4: 8 variable keys, 6 key codes, country code 33
> wskbd2 at ukbd1 mux 1
> wskbd2: connecting to wsdisplay0
>
> It's an old model, manufactured in 2005, and I can't say that I've used
> it extensively, but it seems to work well with at least "normal"
> barcodes typically found on groceries, books (ISBN), receipts and so on.
> There are barcodes that it cannot read but I have not investigated the
> matter. The manufacturer still exists.
>
> Good luck!
>
> Erling
>
>

Re: dynamic dns updates for clients in my home network?

[john slee]

I also encountered this requirement and created a tool to handle it. It
runs as a non-privileged user and is independent of dhclient and the like.
My DNS zones are hosted in AWS, so it uses their API. No other DNS
providers are supported.

https://github.com/jsleeio/ru1

I'm much more sysadmin than developer but this has been sufficiently
reliable that I forget it's there

John

On Sun, 26 Apr 2020 at 12:00, Bryan Stenson  wrote:

> I've thought about this as welland would love to use native
> OpenBSD tools for the job.
>
> Just a design idea:
>
> 1. Use dhcpd(8) synchronization
> (https://man.openbsd.org/dhcpd.8#SYNCHRONISATION) to send details of
> dhcp leases to a DNS creator/listener.
> 2. The dns creator/listener creates/updates the zone file, and
> 3. Send a SIGHUP to nsd(8) (https://man.openbsd.org/nsd.8#SIGHUP) to
> reload the zone details.
>
> Issues to consider:
> 1. hostname collisions - what happens (what should happen?) when more
> than one dhcp client has the same hostname?
> 2. what should ttl on these A records be?  probably something much
> less than the dhcp lease duration (depending on how aggressive clients
> are at renewing soon-to-be-expired leases).
>
> I'm sure there are a thousand other things to consider
> here...thoughts/ideas?
>
> On Sat, Apr 25, 2020 at 3:10 PM Raymond, David 
> wrote:
> >
> > I use dnsmasq (an openbsd package) on the gateway for my lab ethernet
> > network and it works great with minimal configuration as a local DNS
> > server.  At home I have a Synology wireless router which does the same
> > as long as you tell it to make DNS reservations.  Your mileage may
> > vary with cheaper routers.  One could in principle use dnsmasq even in
> > this case, but I haven't tried it.
> >
> >
> > Dave Raymond
> >
> > On 4/25/20, bofh  wrote:
> > > Hi,
> > > I searched through the archives and saw a couple of discussions about
> using
> > > Dnsmasq from a long time ago.
> > >
> > > Is that the best way to let the stuff in my home to have valid dns
> entries
> > > in my home network?
> > >
> > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do
> > > this?
> > >
> > > Thanks.
> > >
> >
> >
> > --
> > David J. Raymond
> > david.raym...@nmt.edu
> > http://physics.nmt.edu/~raymond
> >
>
>

Re: Tools for writers

[john slee]

I really like Markdown for actual writing, because its markup for logical
structure is quite low-key and non-distracting, and (unlike *roff or LaTeX)
it also reads pretty well in source form. Tables are fairly annoying,
particularly if I later have to insert a column in mid table.

Use whatever editor works best for you. I use Vim because when I switched
from Emacs back in 1999 my wrist problems disappeared almost overnight, a
consequence of replacing almost all of the multi-key combinations with
single keystrokes. If not for the physiological consequences I would
probably still be using Emacs, or an emacslike such as jed or mg.

Frankly I think it’s a bit weird that so many people are using an editor
with key mappings expressly designed for a (Space Cadet) keyboard that few
people ever had even seen in real life, never mind actually used. But
evidently people cope just fine. That’s good, I guess?

John



On Sun, Nov 3, 2019 at 02:07 Oliver Leaver-Smith  wrote:

> Hello,
>
> What tools do people find useful for writing on OpenBSD? By writing I mean
> long form such as novels and technical books, including plot and character
> development, outlining, and formatting for publishing (not all the same
> application necessarily)
>
> I have found a number which boast Linux support, but not really anything
> that stands out which supports OpenBSD (aside from the obvious LaTeX et al.)
>
> Mich appreciated
>
>  ~ols
> --
> Oliver Leaver-Smith
> +44(0)114-360-1337
> TZ=Europe/London
>

Re: What is you motivational to use OpenBSD

[john slee]

User since ~2001 here, albeit intermittently. My first encounter with it
was where it was used — mostly to run Postfix, Squid and BIND, if my hazy
memory is trustworthy — by a private company who was effectively an ISP for
many Australian Federal Government departments.

I think the aspect I like most is the gradual, carefully-considered but
also inexorable flow of improvements that may individually look small, but,
when viewed collectively, represent a huge improvement.

A [software developer] colleague recently said, in a different context, "a
big-bang release only guarantees a big bang". Seems appropriate here. I
might have missed one but I can't remember a "big bang" OpenBSD release.
That's a good thing.

John

On Thu, 29 Aug 2019 at 00:32, Mohamed salah 
wrote:

> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
>

Re: IPv6 NDP not completing

[john slee]

Hi,

I'm having very similar problems to this, I think. Syspatch'ed OpenBSD 6.5
on an apu4c4, with my ISP-supplied termination device (cable modem,
effectively) directly attached to an ethernet interface. No switch. IPv4
works fine. DHCPv6 NA+PD seems to work OK — I get v6 NA & PD assignments —
but I can't ping anything beyond my gateway. If I use the ISP-supplied
router I have fully functional dualstack networking.

I saw sthen@'s recent post on this topic with his configs included. I
adjusted my configs (which were already pretty close) to reflect what he'd
done, but no joy :-(.

FWIW my ISP is Telstra in Australia. Looking around a bit I found a pfSense
discussion wherein the suggestion was to make a config change to what I
assume underneath the pfSense UI is FreeBSD's
"net.inet6.icmp6.nd6_onlink_ns_rfc4861" sysctl:

https://whirlpool.net.au/wiki/pfsense_ipv6_telstra

But I also found this old discussion that suggested that OpenBSD's
behaviour here — and lack of this particular knob — was a result of a nasty
old CVE:


https://misc.openbsd.narkive.com/3KdNDcEM/openbsd-ignoring-rfc-compliant-ipv6-neighbor-solicitation#post1

My next discovery step is to boot Debian on my spare apu4c4 and see if it
works there, capture some traffic, etc. I don't want to use that as a
gateway, though.

John

On Tue, 30 Jul 2019 at 16:22, Kyle  wrote:

> Hi all,
>
> I'm trying to get IPv6 set up on a firewall box running 6.4. I'm using
> dhcpcd to get an NA and several PDs, which appears to be working fine, but
> no normal v6 traffic can be sent or received. tcpdump on the egress
> interface (em3) shows lots of icmp6 neighbor solicits going back and forth,
> but no responses from either side:
>
>
> $ ifconfig em3
> em3: flags=8843 mtu 1500
>  lladdr 0c:c4:7a:ad:2a:e7
>  index 4 priority 0 llprio 3
>  groups: egress
>  media: Ethernet autoselect (1000baseT full-duplex)
>  status: active
>  inet6 fe80::8dfc:5795:8ab7:e2b%em3 prefixlen 64 scopeid 0x4
>  inet  netmask 0xe000 broadcast 
>  inet6 2605:a601:fe07:c900::1 prefixlen 128 pltime 64553 vltime
> 86153
>
>
> $ tcpdump -nlp -i em3 ip6
> ... neighbor sol repeating many times ...
> 22:46:53.876457 fe80::8dfc:5795:8ab7:e2b > ff02::1:ffea:4ff0: icmp6:
> neighbor sol: who has fe80::2d0:f6ff:feea:4ff0
> 22:47:01.876688 fe80::2d0:f6ff:feea:4ff0 > 2605:a601:fe07:c900::1: icmp6:
> neighbor sol: who has 2605:a601:fe07:c900::1 [class 0xc0]
> 22:47:01.876778 fe80::8dfc:5795:8ab7:e2b > ff02::1:ffea:4ff0: icmp6:
> neighbor sol: who has fe80::2d0:f6ff:feea:4ff0
> 22:47:01.877542 fe80::2d0:f6ff:feea:4ff0 > fe80::8dfc:5795:8ab7:e2b:
> icmp6: neighbor sol: who has fe80::8dfc:5795:8ab7:e2b [class 0xc0]
> 22:47:02.876594 fe80::8dfc:5795:8ab7:e2b > ff02::1:ffea:4ff0: icmp6:
> neighbor sol: who has fe80::2d0:f6ff:feea:4ff0
> 22:47:03.876603 fe80::8dfc:5795:8ab7:e2b > ff02::1:ffea:4ff0: icmp6:
> neighbor sol: who has fe80::2d0:f6ff:feea:4ff0
> 22:47:32.337233 fe80::8dfc:5795:8ab7:e2b.546 > ff02::1:2.547: dhcp6
> release [hlim 1]
> 22:47:32.515413 fe80::2d0:f6ff:feea:4ff0.547 >
> fe80::8dfc:5795:8ab7:e2b.546: dhcp6 [class 0xc0]
>
>
> I added "pass quick on em3 inet6" to the top of pf.conf to make sure the
> responses aren't being filtered.
>
> The peer LL address is always marked incomplete:
>
> $ ndp -na | grep em3
> 2605:a601:fe07:c900::1   0c:c4:7a:ad:2a:e7 em3 permanent R
> l
> fe80::2d0:f6ff:feea:4ff0%em3 00:d0:f6:ea:51:96 em3 expired   I
> R
> fe80::8dfc:5795:8ab7:e2b%em3 0c:c4:7a:ad:2a:e7 em3 permanent R
> l
>
>
> Pinging any v6 address outside my network only results in one
> fe80::8dfc:5795:8ab7:e2b > ff02::1:ffea:4ff0: icmp6: neighbor sol: who has
> fe80::2d0:f6ff:feea:4ff0
>
> per ping sent.
>
> Routes:
>
> $ route -n show -inet6 | grep em3
> default fe80::2d0:f6ff:feea:4ff0%em3   UGS053699 - 8 em3
> 2605:a601:fe07:c900::1 0c:c4:7a:ad:2a:e7  UHLl   0
> 1752 - 1 em3
> fe80::%em3/64 fe80::8dfc:5795:8ab7:e2b%em3   UCn11 - 4
> em3
> fe80::2d0:f6ff:feea:4ff0%em3 00:d0:f6:ea:51:96  UHLch  1
> 720183 - 3 em3
> fe80::8dfc:5795:8ab7:e2b%em3 0c:c4:7a:ad:2a:e7  UHLl   0
> 110606 - 1 em3
> ff01::%em3/32 fe80::8dfc:5795:8ab7:e2b%em3   Um 03 - 4
> em3
> ff02::%em3/32 fe80::8dfc:5795:8ab7:e2b%em3   Um 0   161322 - 4
> em3
>
>
> There is a managed switch between the firewall's egress and the ISP, but
> it's not doing any packet filtering. I'm currently out of ideas; any
> suggestions would be much appreciated.
>
>
>

Re: gcc-4.9.4 package build signal 11 [Segmentation fault] on Ubiquiti Unifi Security Gateway

[john slee]

I also had a similar experience trying to build gcc6 on my Edgerouter Lite
(same model
as linked on tedu's blog page, which is how I discovered this little
machine initially) on
a snapshot from ~2 weeks ago. MP kernel, with the ERL's /usr/ports on an
NFS volume
hosted by an amd64 OpenBSD system.

I had a 'vmstat 15' running in another terminal throughout and it did dip
down into low
double-digits a few minutes before the segfault

I realise this post is not terribly useful other than being a "me too". If
it's worth my trying
a non-MP kernel I'll do that and report back

John


On 1 January 2018 at 05:52, Janne Johansson  wrote:
>
> 2017-12-30 5:01 GMT+01:00 Diana Eichert :
>
> > Hi misc@ long time since I posted
> >
> > collect2: error: ld terminated with signal 11 [Segmentation fault]
> >
> > while building gcc-4.9.4 package on Ubiquiti Unifi Security Gateway
> >
> > I'm running 12/22/2017 octeon snapshot, bsd.mp GENERIC.MP kernel.
> >
> > System built 109 packages before Seg Fault when building gcc-4.9.4
> >
> >
> I think I got those on my Octeon also, but I thought gcc had figured out a
> way to drive my
> box into swap and die so I just stopped trying to build gcc from ports.
>
>
> --
> May the most significant bit of your life be positive.

Re: Config-/Dotfiles in CVS

[john slee]

I've not gone beyond a few thousand servers with Puppet but I can share a
few things.

* initially it feels like a *whole lot* of busy-work to get to a
minimally-useful level

* once there, knowing you can rapidly replace things is good for your
stress levels!

* in my experience the community Puppet modules are almost universally
garbage
  (even when used on the Linux systems they are typically designed for)

* don't split your Puppet code up into lots of separate repositories, it
becomes too
  difficult to do very basic things like "check all production environments
for X" (been
  there/done that, it was an unmitigated disaster)

* some kind of monitoring of "how recently did Puppet succesfully apply a
manifest?"
  is important to prevent config drift

* listen to the linter!

Other than the Puppet community module "quality", the same probably applies
to
any config management tooling; I'm just talking about Puppet because I've
used it.

I would consider it (much) more important to understand the tools you are
using
than to change tooling to be fashionable.

Also here's some notes I took last year on running Ruby things on OpenBSD:

http://jslee.io/post/151188252217/rubygems-and-openbsd

Pupistry as mentioned in that post is great if you want to use Puppet but
don't
want to run a Puppet master server

John

On 29 December 2017 at 22:31, Ingo Schwarze  wrote:

> Hi Micheal,
>
> it all depends on your specific needs and the scale of your deployment.
>
> When people maintain very large numbers of machines and very often
> commission new ones and decommission old ones, i often hear such
> people say that they wouldn't be able to handle their workload
> without tools like ansible or puppet, but i don't have experience
> with such tools.
>
> I still use RCS for a number of config files on a number of machines
> where backup is taken care of in some different way.
>
> I don't have the slightest doubt that there may be situations where
> CVS achieves the best balance of simplicity and features provided.
> Even if you would give more details about your deployments, nobody
> could judge better than you yourself whether that is the case for
> your specific purposes.
>
> CVS is not very actively maintained, neither by the crowd at
> nongnu.org nor by OpenBSD, but that shouldn't be much of a problem
> for the purpose at hand.  It poorly handles branches, renames, and
> reverts of change sets touching many files, but probably neither
> is relevant for your purpose.  In principle, i don't see anything
> wrong with using it, if it fits your task.
>
> Yours,
>   Ingo
>
>

Re: OpenBSD httpd and HTTP/2

[john slee]

I think it ends up neutral or slightly positive. If your site developers
have got rid of the old HTTP/1.x antipatterns (separate FQDN for static
resources, FQDN sharding, etc), turning on HTTP/2 will probably be a net
win. Easily enough to cancel out the added cost of mandatory TLS?

But just adopting HTTP/2 won't help anywhere near as much as a couple of
hours optimising your app to work at a very basic, conservative level with
a content delivery network...

John

On 2 April 2017 at 01:14, Nicolai  wrote:

> On Sat, Apr 01, 2017 at 03:04:50AM +1100, bytevolc...@safe-mail.net wrote:
>
> > The benefits are there, but I feel it encourages lazy and disorganized
> > web development, leading to stupidly bloated and inefficient sites,
>
> HTTP/2 multiplexing is only "effective" when web designers have built
> websites without lots of 3rd party content, so IMO HTTP/2 discourages
> (this kind of) bloat.  That said, modern web design is in a pretty bad
> state.  I don't think web designers have any idea what they're doing, so
> in effect HTTP/2 won't lead to better websites.  What needs to happen is
> for Google to punish bloated websites.  THAT will get people to care.
>
> Nicolai

Re: Correct shebang for Python 3

[john slee]

Meta: this "how do I manage multiple Pythons?" thing has come up a couple
of times lately; are people interested in a FAQ section?

On 23 October 2016 at 03:54, Eugene Yunak  wrote:
> I'd set the shebang to `/usr/bin/env python3`, or `/usr/bin/env python`
if you
> do not care whether 2 or 3 would be used.

Use `virtualenv' (you may need to install it separately; `pip install
virtualenv')
if you need to use a mix of Python versions, and always use the latter
shebang
form.

So, an example. Say you found two Python apps that you want to use.
Let's call them "oldapp" and "newapp". oldapp needs python 2.7 and
newapp is OK with python 3+. Both include 'requirements.txt' files to
indicate what their Python package dependencies are.

If it's a popular app you may be able to install the app this way as well,
with the `pip' utility, thus keeping it all nicely contained within the
virtualenv. But I'll assume that that's not possible here.

The apps are installed in $HOME/apps/oldapp and $HOME/apps/newapp

1. After installing both Pythons, make a place to keep your virtualenvs

mkdir $HOME/py

2. Create the virtualenvs and install dependencies

virtualenv -p /usr/local/bin/python2.7 $HOME/py/oldapp
. $HOME/py/newapp/bin/activate
python --version ### to demonstrate that virtualenv works
pip install -r $HOME/apps/oldapp/requirements.txt

virtualenv -p /usr/local/bin/python3 $HOME/py/newapp
. $HOME/py/newapp/bin/activate
python --version ### to demonstrate that virtualenv works
pip install -r $HOME/apps/newapp/etc/requirements.txt

3. Observe that all of these dependencies are installed inside the
relevant virtualenv. So they will never conflict with each other or
pollute your /usr/local tree.

4. To actually run an app

. $HOME/py/newapp/bin/activate
$HOME/apps/newapp/bin/newapp.py

. $HOME/py/oldapp/bin/activate
$HOME/apps/oldapp/bin/oldapp.py

Hope this helps.

John

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

[john slee]

On 29 September 2016 at 03:20, Chris Bennett <
chrisbenn...@bennettconstruction.us> wrote:
> I am not sure what is appropriate, given netiqette and practicality for
> my server. I am sick of thousands of identical requests in my error log,
> plus I want to be able to look over my logs easily to find any real
> problems.

Varnish. Keep as many requests as you can away from the webserver
and let it just deal with mod_perl.

If you later decide to integrate with a third-party CDN, being able to
express your wishes in VCL will make for a much more pleasant journey.

I will admit to having not deployed it on OpenBSD (other than quickly
checking that it would at least install and work at a basic level before
posting), but my team at work do use it in anger on some very busy
sites.

John

Re: videos in httpd

[john slee]

apologies, that was *supposed* to be off-list but I failed at mail :-/

John

On 23 June 2016 at 21:37, john slee <indig...@oldcorollas.org> wrote:

> Hi,
>
> Replying off-list because not an OpenBSD issue.
>
> On 22 June 2016 at 01:49, jsg <f...@speednet.com> wrote:
>
>>For those of you running http in support of your business, are any of
>> you providing
>> videos for your customers ?
>>   If so what packages and set-up are you using?
>>   Any advice guidance appreciated.
>>
>
> Some background: I look after video transcoding and delivery for a
> news-media organisation. We serve around 200-250TB of video content a
> month, mostly short videos up to a couple of minutes long, sometimes much
> longer. New videos every day, sometimes hundreds of them.
>
> There's a lot to learn here but I'll make a few major points:
>
> * there's two major types of video delivery (plus Adobe Flash, but we're
> in 2016 now!):
> - Progressive: one big file per video bit-rate. Nice and simple, and works
> on pretty much all non-Apple devices, including Chrome/Firefox
> - Adaptive: multiple files per video bit-rate, with manifest files to help
> devices find all the files. Used on Apple devices. Otherwise known as HLS,
> or HTTP Live Streaming. Check browser support carefully. When I last tried
> it, this HLS was not supported in Chrome/Firefox.
>
> * some web platforms also only support one or the other. Eg. Facebook, as
> far as I'm aware, only supports Progressive delivery.
>
> * a webserver that supports Range headers/HTTP 206 responses is important
> if you are serving Progressive videos that aren't very short; this can help
> the user seek within your video
>
> * don't forget to set Cache-Control headers
>
> * if you expect to serve a lot of content, consider a CDN. We use Akamai,
> but they are quite expensive and if you don't need all the fancy features,
> not worth the money. Maybe Fastly, Amazon Cloudfront or even Varnish
> Software's "DIY CDN" toolset?
>
> * it's easy to provide users on desktop and iOS a consistent, pleasant
> user experience with video
>
> * two years ago it was pretty much impossible to provide users on Android
> a consistent user experience with video. I don't know if this situation has
> improved or not. Probably not :-(
>
> For transcoding, the standard seems to be ffmpeg. I strongly suspect this
> is what underpins most commercial transcoding platforms (eg. Brightcove's
> Zencoder [which is what we use...], Amazon ElasticTranscoder, Akamai's
> transcoding product, etc) and that what you pay for with the commercial
> products is support and "glue" infrastructure. I don't have any references
> to back this up, though. I do know that ffmpeg is what we used before we
> (for unrelated reasons) switched over to Brightcove's platform, and at
> least one other major media organisation here also uses ffmpeg. Probably
> most of them do, really.
>
> Put some serious effort into tracking what your users are viewing. Eg.
> with the previous version of our video platform, we noticed that >98% of
> Progressive video views were of the maximum bitrate, and ~95% for Adaptive.
> So we were able to eliminate the renditions that almost nobody looked at,
> and saved a lot of storage. It also tells us that maybe we could look at
> offering our users higher bitrates.
>
> I'd like to echo the other comment on-list: seriously consider YouTube.
> It's free, it works everywhere, and doesn't need Flash. The only reason we
> don't use it ourselves is that people in our organisation wanted (much)
> more control of video advertising than YouTube offer.
>
> Happy to help with anything else video, just ask :-)
>
> John

Re: videos in httpd

[john slee]

Hi,

Replying off-list because not an OpenBSD issue.

On 22 June 2016 at 01:49, jsg  wrote:

>For those of you running http in support of your business, are any of
> you providing
> videos for your customers ?
>   If so what packages and set-up are you using?
>   Any advice guidance appreciated.
>

Some background: I look after video transcoding and delivery for a
news-media organisation. We serve around 200-250TB of video content a
month, mostly short videos up to a couple of minutes long, sometimes much
longer. New videos every day, sometimes hundreds of them.

There's a lot to learn here but I'll make a few major points:

* there's two major types of video delivery (plus Adobe Flash, but we're in
2016 now!):
- Progressive: one big file per video bit-rate. Nice and simple, and works
on pretty much all non-Apple devices, including Chrome/Firefox
- Adaptive: multiple files per video bit-rate, with manifest files to help
devices find all the files. Used on Apple devices. Otherwise known as HLS,
or HTTP Live Streaming. Check browser support carefully. When I last tried
it, this HLS was not supported in Chrome/Firefox.

* some web platforms also only support one or the other. Eg. Facebook, as
far as I'm aware, only supports Progressive delivery.

* a webserver that supports Range headers/HTTP 206 responses is important
if you are serving Progressive videos that aren't very short; this can help
the user seek within your video

* don't forget to set Cache-Control headers

* if you expect to serve a lot of content, consider a CDN. We use Akamai,
but they are quite expensive and if you don't need all the fancy features,
not worth the money. Maybe Fastly, Amazon Cloudfront or even Varnish
Software's "DIY CDN" toolset?

* it's easy to provide users on desktop and iOS a consistent, pleasant user
experience with video

* two years ago it was pretty much impossible to provide users on Android a
consistent user experience with video. I don't know if this situation has
improved or not. Probably not :-(

For transcoding, the standard seems to be ffmpeg. I strongly suspect this
is what underpins most commercial transcoding platforms (eg. Brightcove's
Zencoder [which is what we use...], Amazon ElasticTranscoder, Akamai's
transcoding product, etc) and that what you pay for with the commercial
products is support and "glue" infrastructure. I don't have any references
to back this up, though. I do know that ffmpeg is what we used before we
(for unrelated reasons) switched over to Brightcove's platform, and at
least one other major media organisation here also uses ffmpeg. Probably
most of them do, really.

Put some serious effort into tracking what your users are viewing. Eg. with
the previous version of our video platform, we noticed that >98% of
Progressive video views were of the maximum bitrate, and ~95% for Adaptive.
So we were able to eliminate the renditions that almost nobody looked at,
and saved a lot of storage. It also tells us that maybe we could look at
offering our users higher bitrates.

I'd like to echo the other comment on-list: seriously consider YouTube.
It's free, it works everywhere, and doesn't need Flash. The only reason we
don't use it ourselves is that people in our organisation wanted (much)
more control of video advertising than YouTube offer.

Happy to help with anything else video, just ask :-)

John

Re: Shadow TCP stacks

[john slee]

On 20 October 2014 14:13, Worik Stanton worik.stan...@gmail.com wrote:
 Yes all traffic of a country can be analysed, fairly close to real time.
  With some basic statistics, smart sampling and a dedicated team
 crafting cleaver algorithms...  That is what those big budgets are for!

Can throw in some real-world experience here - worked on a project in
Malaysia that was doing near-realtime (no more than 5 minutes lag)
analytics of cellular and data traffic on that country's largest cellular
network. The kit fit in less than five 42U racks, including dev/test kit,
and four of those racks were an inefficiently-used Netezza appliance.

It wasn't even that expensive - private industry budget.

John

Re: xSSL stuff

[John Slee]

On 13/06/2014, at 14:23, Christian Pedaschus open...@matt-schwarz.com wrote:
 One could have said the same about OpenSSH... or not?

 That doesn't even make any sense.

 What i was trying to say:
 if OpenBSD does it right, then (maybe) the others will follow...

It would be totally ok if OpenSSH programs were all converted to
longopts-only, and XML config files, right? After all, it won't take
long to fix all your cron jobs/scripts/clusterssh/...

That's approximately what you're suggesting folks do with the SSL libraries.

John

Re: ftp/sftp file size limit

[john slee]

On 21 September 2013 17:07, joso...@hush.com wrote:

 Is it possible to limit the accepted file size of any uploaded file by
 configuring the ftp or the sftp server (OpenBSD 5.3/amd64)?


You can do this on a per-user basis with a login class (man login.conf,
then man useradd) but the user experience is not exactly ideal. I set a
filesize limit of 1048576 bytes, then uploaded a file:

sftp put /usr/share/dict/web2
Uploading /usr/share/dict/web2 to /home/uploader/web2
/usr/share/dict/web2  100% 2435KB 187.3KB/s   00:13
   Connection closed

/home/uploader/web2 was indeed limited to 1048576 bytes.

John

Re: Feedback about Desktop Environments

[john slee]

On 17 September 2013 20:37, Jes jjje...@gmail.com wrote:

  but if you want you can mount them in /etc/fstab. Simply read the
 documentation about permissions and syntax. It's very easy.

 For NFS the best way is mount them in /etc/fstab too.


/Why/ is it the best way, though?

Unlike automounters, static fstab entries don't address the problem
of network filesystems being unreachable during boot. They will
eventually time out and fail, requiring manual intervention. Fine if
you have only a small group of systems... Failures may also rather
substantially lengthen the boot process.

Perhaps there are nasty side-effects of using automounters, but
I've never encountered any. If there are I'd love to hear about them!

John

Re: Developing device driver for parallel lcd dispaly modules

[john slee]

Hi,

On 26 August 2013 14:11, Denis Maros denisalima...@gmail.com wrote:

 Yes, i'm talking about 2*20 character LCD display connected to 24 pin
 parallel port on motherboard.
 I've tried to access this device simply via this command:
 # echo Test  /dev/lpt0


If it's one of the common Hitachi-compatible LCDs (and it almost
certainly is)

https://en.wikipedia.org/wiki/Hitachi_HD44780_LCD_controller

 You can't just send characters at it like that; the dance is a little more
complicated. Strongly recommend reading the datasheet that came
with the device.

You shouldn't need a kernel driver. As long as you've got it wired up
correctly you should be able to do everything in userspace.

John

Re: new computer

[john slee]

On 10 January 2013 22:21, Matt Morrow cmorrow...@gmail.com wrote:

 You do realize the typical life of a battery is about a year?


Poppycock.

My FondletopPro battery still gives damn close to the performance
it gave new in early 2011. The battery in my Fondleslab 3GS is
near 4 years now and hasn't degraded that much either. Same
again for my Dell Latitude corporate drone unit.

If so many folks here are recommending Thinkpads, it's probably
because (a) they are (or at least used to be) very well engineered
laptops, and (b) shit works, yo.

John

Re: Strange ksh history behaviour

[john slee]

On 8 January 2013 03:56, Jan Stary h...@stare.cz wrote:
 e.g. mutt:

   EDITOR Specifies the editor to use if VISUAL is unset.
   VISUAL Specifies the editor to use when composing messages.

If in vi mode and have set $VISUAL, it will be used when you
press v to edit the commandline in an editor.  At least it does
on 5.1 with EDITOR=vi and VISUAL=mg (for testing's sake
only)

Probably best to learn one set of keys and use them in the
shell as well.

John

Re: greyscanner - sender with no MX or A

[john slee]

On 27 December 2012 23:59, Marc Espie es...@nerim.net wrote:

 I would be careful with that guy's work... you may suddenly find yourself
 in the bathroom with a backed up toilet gargling shitz out.


I wouldn't use language quite that strong, not knowing anything about
Bob, but it looks like he didn't read 'perldoc -f system' (badrcpt will trap
hosts if system() fails to spawn the external address checker) and also
he should really use a proper SMTP address parser rather than a regexp
hack.

John

Re: OpenBSD Cloud Offerings

[John Slee]

On 28/11/2012, at 11:31, C. Bensend be...@bennyvision.com wrote:
 Small price to pay, though - ARP is fantastic and I've had nothing
 but good experiences with them.

+1.

Also, a suggestion: if a VPS provider doesn't explicitly offer the OS you want, 
ask - even if they don't list the OS at all.

When I setup my VPS with ARP last year they listed OpenBSD 4.7 or some 
similarly old release, but were more than happy to organise a newer ISO.

Also before you sign up, ask how you get access to the console. One provider I 
tried was evidently using VMware, and no amount of dicking about in Linux or 
even OSX would give me a working console. Gave up and switched to ARP.

ARP provide serial console emulation, which is MUCH nicer for out-of-band admin 
than VGA emulation (they do this too, of course) if your internets have high 
RTT. Not all providers do this

John

Re: Smtpd disposable addresses

[John Slee]

On 31/08/2012, at 9:30, ml+helloke...@extensibl.com wrote:
 I think you can use '+' character instead (bob+canitrust...@bobszz.net,
bob+groupedascompanyc...@bobszz.net), can't you?

Tried it lately? Every other website incorrectly reinvents is this a valid
email address logic. It's just a trivial regex, amirite? :-/

Gmail supports +foo syntax, but the number of times I've actually successfully
used an address like that is vanishingly small

- is a much better separator IMHO

John

Re: OpenBSD's webpage desing

[john slee]

TLDR: It's not your place to tell others what they like.

On 28 June 2012 07:59, Peter Laufenberg open...@laufenberg.ch wrote:
 It took me _years_ to understand and respect that graphic design
 isn't all that subjective, that it's a craft, with harmonic rules similar
 to music

Maybe it does, but your comment sounds awfully like many other
designer's wa-wa, emitted when people simply _don't
like_ their creations

A good example is the fixed-width websites that someone else
mentioned earlier in the thread. Setting up sites like this takes
away a user's choice for no obvious gain, except perhaps some
laziness on the designer's part.  Users might want their content
wider for lots of reasons... such as, perhaps, displaying large
text to aid the vision-impaired.  Or they might be viewing it on
a small screen, eg. smartphone...

Do you think that if the reader finds reading to be optimal at a
particular column width, that said reader may well adjust their
browser window to suit?

John

Re: OpenBSD forked

[john slee]

On 22 June 2012 22:55, Gilles Chehade gil...@poolp.org wrote:
 Someone who really wants to understand things will look at the man
 pages and try to understand, someone who doesn't give a damn about
 getting things done right will produce crap with or without proper
 courses ...

hear = forget
see = remember
do = understand

And the manpages, while of admirable quality in OpenBSD, are
largely written for people who already understand (or aren't far off)
and just need a quick reference. For many things they don't go into
the details of 'why'

Someone who really, really wants to understand things will look at
the source code. eg. if I was sufficiently deranged to want to know
the guts of UNIX terminal IO, I might look at tmux

John

Re: Learning C Programming

[john slee]

On 22 June 2012 03:37, cody chandler cody.a.chand...@gmail.com wrote:
  Talk about learning C Programming and the KR book being a good one.  Is
 this the book?

 http://www.amazon.com/C-Programming-Language-2nd-Edition/dp/0131103628

I learned C from the first edition of this book:

http://www.amazon.com/Book-Programming-4th-Edition/dp/sitb-next/0201183994

The version I had only covered KR-era C, but it seemed to be well-written
and reasonably compact. Certainly not an enormous brick! AFAIK the newer
editions cover modern C

John

Re: UEFI BIOS

[john slee]

On 2 October 2011 08:03, LeviaComm Networks n...@leviacomm.net wrote:
 First off, the UEFI boot will *not* prevent other OS's from booting, it
will
 only pop up a message saying that the boot process was not secure, just
like
 how you can run unsigned code and it will only pop up a box stating as
much.
  It would be impossible to prevent an 'insecure' OS from booting since that
 would prevent you from booting a newer version of the Windows Installer.
  Ideally UEFI would post a warning stating that the OS signature is not on
 the list and allow you to add it.

... would it?  I should think that they could simply sign the new installer
with the existing keys.  OTOH it's quite possible that someone will extract
the private key(s) from the hardware, too.  It already happened for Apple's
Airport Express, no?

On balance, I really don't think this is worth the angst and scaremongering.

John

Re: My thoughts on OpenBSD - is advocacy working ?

[john slee]

Hi,

On 7 September 2011 01:34, Daniel Villarreal yclwebmas...@gmail.com wrote:
 Thanks, that's very interesting. Melkus Sportwagen GmbH is offering an RS
 2000 for only 109.900 EUR.  The RS 1000 had a 2-stroke engine. I bet that
 gets some attention.

 I was just studying production-line methods of Daimler AG's Mercedes-Benz
 SLS Gullwing and Automobili Lamborghini Holding Spa's MurciC)lago.

I'm glad Mercedes are careful about things.  Unfortunately this is not the
case
for BMW, at least not their motorcycles.

eg. with the F650GS single-cylinder bikes up to 2003 had a known problem
where the front wheel would occasionally separate from the rest of the bike.
This is a fairly major problem to have, and IIRC at least one lady ended up
with a badly broken leg as a direct result.

BMW's response was to do warranty replacements on the broken bikes,
admit no fault under any circumstances, yet the 2004 model suddenly had
a new design for the lower fork legs...  There was no safety recall issued.
Most of the BMW dealers I've spoken to haven't even noticed the difference
in the  forks, nevermind actually known about the problems.

They seem to be great at building engines, and their bikes have wonderful
switchgear[1], and they have never hesitated to depart radically from the
motorcycling norm (look at their suspension designs!), but often the final
implementation of their good ideas is utterly woeful.

Thinking about the above highlighted for me the aspect of OpenBSD that
attracted me. It's not enough to have good ideas. Implementation quality
and subsequent maintenance/support matters just as much, if not more.

John

[1] yeah, seems like such a small thing... but it's the first thing I notice
whenever I ride a Japanese bike.  Switchgear quality = awful

Re: My thoughts on OpenBSD - is advocacy working ?

[John Slee]

On 01/09/2011, at 9:23 PM, Daniel Gracia lists.d...@electronicagracia.com
wrote:
 Lambo, Ferrari, Maserati, Aprilia... As you are an owner, you should know
their historic -let's call it- 'temperamental' behaviour ;-)

I thought Aprilia used Rotax engines in some (all, maybe?) of their bikes

Nein?

John

Re: CDDL vs GPL and maybe some implications for BSD?

[john slee]

On 27 August 2011 06:09, Rob Payne z...@cotse.net wrote:
 Chris, feel free to get out of the US.  We do not need any apologists
 here.  The free world would not be so without us.

Discouraging expression of ideas that don't toe the Party line sounds
rather like one of the USA's old enemies...

One can certainly be genuinely patriotic whilst in stark disagreement
with the status quo.

John

Re: Expected throughput in an OpenBSD virtual server

[john slee]

On 22 August 2011 23:45, Per-Olov Sjvholm p...@incedo.org wrote:
 As http://www.openbsd.org/faq/faq6.html states, there's little you can
tweak
 to improve your numbers; just get a nice-clocked, good cache-sized CPU and
 give it some loving.

 The FAQ you refer to seems to be of no use at all and is totally unrelated
to
 this post.

It is quite pertinent, actually. See the beginning of section 6.6;

http://www.openbsd.org/faq/faq6.html#Tuning

John

Re: Unix source code (was Re: Can command-line options be specified in any place?)

[john slee]

On 24 June 2011 04:57, Brett brett.ma...@gmail.com wrote:
Sure. Not to mention it came with source code, which you only got from

 ATT if you had a source license, and those were*expensive*. I was
 fortunate enough to work for a company that had exactly that source
 license during the 1980:s, and I learned a*lot*  just by reading the
 code. Wish I still had a copy of it today, for nostalgia. :-)

 Copies can be found free on the net, and in book form:

 http://www.softpanorama.org/Bookshelf/Classic/lions_book.shtml

Was the original Lions book different to the officially published version
I picked up on Amazon?

Mine explicitly doesn't include hardware drivers, eg. for the RK
disk packs, other than a sample driver, with a comment (presumably
from Lions) basically saying that such things weren't as interesting. It
also doesn't include much (if any? has been a while since I looked at
it) userland source code.

It is still a wonderful, educational book, though.

John

Re: Can command-line options be specified in any place?

[john slee]

On 22 June 2011 11:48, Benny Lofgren bl-li...@lofgren.biz wrote:
 Linux is, in that regard, an abomination. It's the bastard child of
 someone not properly trained in the unix way, who made stuff up
 as he went without regard for history, continuity, elegance or, for
 that matter, backwards compatibility.

Fair points, I suppose, but this gripe is really about glibc and its
getopt/getopt_long, not Linux. No?

John

Re: man cp: -i versus -f

[john slee]

On 16 June 2011 04:32, Otto Moerbeek o...@drijf.net wrote:
 Guideline 11:
 The order of different options relative to one another should not
 matter, unless the options are documented as mutually-exclusive and
 such an option is documented to override any incompatible options
 preceding it.

IMHO later options should override earlier options. To not do so may
yield somewhat unexpected results. In the below sample I prefer the
OpenBSD behaviour.

4.9:

$ echo hi  foo ; echo zing  bar
$ alias cp='cp -i'
$ cp foo bar
overwrite bar? n
$ cp -f foo bar
$ cat bar
hi

OSX 10.6.7:

$ alias cp='cp -i'
$ echo hi  foo ; echo zing  bar
$ cp foo bar
overwrite bar? (y/n [n]) n
not overwritten
$ cp -f foo bar
overwrite bar? (y/n [n]) n
not overwritten

Re: equivalent of Linux mount -o bind

[john slee]

On 3 February 2011 03:13,  travis+ml-openbsd-m...@subspacefield.org wrote:
 Update: I have it on fairly good authority that this behavior is
 considered a bug in the Linux kernel, which will be fixed as soon as
 someone gets around to it. If you are a kernel maintainer and know
 more about this issue, or are willing to fix it, I'd love to hear from
 you!

I'd suggest that

(a) an OpenBSD mailing list probably isn't the best place to talk
 about Linux kernel bugs or go looking for maintainers

(b) you patch your systems. Linux 2.4.9 is of a similar age
 to OpenBSD 3.0, says Google: released nine+ years ago.
 Linux 2.4.20 is a year or so newer than that

(c) you retest with a newer Linux kernel before reporting any
  bugs, once you have located the appropriate non-OpenBSD
  fora in which to do so

That said, I suppose you _could_ use this behaviour to populate
chroots, since you can use it for individual files and directories,
as well as whole filesystems. But OpenBSD preference seems
to be to keep such places as desolate as possible, so what use?

John