Re: Docker on OpenBSD?
Hi! On Tuesday, August 04, 2015 at 4:47 PM, Mike Larkin mlar...@azathoth.net wrote: From your first link: Docker on FreeBSD relies heavily on ZFS, jail and the 64bit Linux compatibility layer I think that says enough to answer your question. Sort of, but https://news.ycombinator.com/item?id=8480433 does mention sysjail for OpenBSD. That post is quite old, so maybe things have changed since then? Thanks! O.D.
Docker on OpenBSD?
Hi! Are there any efforts being made to port the FreeBSD Docker port to OpenBSD? https://wiki.freebsd.org/Docker https://github.com/kvasdopil/docker Wish I didn't have to ask, but it's the only way I can install Discourse (https://github.com/discourse/discourse) without being shunned by its community (https://forums.docker.com/t/solutions-for-docker-on-freebsd/2082/). Thanks! O.D.
Re: Docker on OpenBSD?
Hi! On Tuesday, August 04, 2015 at 4:44 PM, Giancarlo Razzolini grazzol...@gmail.com wrote: From what I read on their site, they use off the shelf software that might have a package/port on OpenBSD. You could succeed in installing it outside a docker. Unless their software is stupid and try to verify if you're inside a docker and refuses to run if not. Well, sort of. You can install it outside Docker but a) Discourse is not a conventional Rails app. It has been abstracted to the point of insanity and will require you to make a ton of modifications and disable a ton of stuff if you decide to go that route, b) if you don't use their official Docker image, the user community will simply refuse to help you over at http://meta.discourse.org. Thanks! O.D.
Re: Quick and dirty way to have OpenBSD running on Linode
Hi! On Wednesday, July 22, 2015 at 3:24 PM, Jorge Castillo voo...@gmail.com wrote: Since I am on topic! If you want to run OpenBSD on DigitalOcean check this: http://www.tubsta.com/2015/04/openbsd-on-digital-ocean/ Remember use snapshots, not release. Nice find - thanks for sharing! DigitalOcean all the way baby! O.D.
Quick and dirty way to have OpenBSD running on Linode
For those of you who are interested: https://news.ycombinator.com/item?id=9916005 Many thanks! O.D.
Re: Installing Discourse (Rails) on OpenBSD
On 13. juni 2015 at 1:47 PM, Edho Arief m...@myconan.net wrote: You need to install postgresql-contrib. Have you managed to install Discourse yourself? Not via Docker but as a regular Rails app. If so, would you happen to know how to make it send emails? All my normal Rails apps can send emails just fine (Action Mailer + OpenSMTPD, localhost). Thanks. O.D.
httpd and Ruby on Rails
Hi! OpenBSD's httpd and Ruby on Rails - is this a reality yet? Thanks! O.D.
Re: Installing Discourse (Rails) on OpenBSD
Hi! On 13. juni 2015 at 1:47 PM, Edho Arief m...@myconan.net wrote: You need to install postgresql-contrib. That did the trick - thank you so much! O.D.
Installing Discourse (Rails) on OpenBSD
Hi! Trying to install the Discourse forum (https://github.com/discourse/discourse) manually without Docker. I got PostgreSQL 9.4, Redis and my bundle all set up, however the migration seems to fail: == 20120921162512 AddMetaDataToForumThreads: migrating -- execute(CREATE EXTENSION IF NOT EXISTS hstore) rake aborted! StandardError: An error has occurred, this and all later migrations canceled: PG::UndefinedFile: ERROR: could not open extension control file /usr/local/share/postgresql/extension/hstore.control: No such file or directory : CREATE EXTENSION IF NOT EXISTS hstore/home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' ActiveRecord::StatementInvalid: PG::UndefinedFile: ERROR: could not open extension control file /usr/local/share/postgresql/extension/hstore.control: No such file or directory : CREATE EXTENSION IF NOT EXISTS hstore /home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' PG::UndefinedFile: ERROR: could not open extension control file /usr/local/share/postgresql/extension/hstore.control: No such file or directory /home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' Tasks: TOP = db:migrate (See full trace by running task with --trace) I then did a `touch /usr/local/share/postgresql/extension/hstore.control` and now on `rake db:migrate` I get: ps: %p|$|%a: keyword not found ps: no valid keywords == 20120921162512 AddMetaDataToForumThreads: migrating -- execute(CREATE EXTENSION IF NOT EXISTS hstore) rake aborted! StandardError: An error has occurred, this and all later migrations canceled: PG::InvalidParameterValue: ERROR: version to install must be specified : CREATE EXTENSION IF NOT EXISTS hstore/home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' ActiveRecord::StatementInvalid: PG::InvalidParameterValue: ERROR: version to install must be specified : CREATE EXTENSION IF NOT EXISTS hstore /home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' PG::InvalidParameterValue: ERROR: version to install must be specified /home/od/discourse/db/migrate/20120921162512_add_meta_data_to_forum_threads.rb:3:in `change' Tasks: TOP = db:migrate (See full trace by running task with --trace) Only Docker installs are supported meaning the Discourse team won't help me with this one. Docker or not though, it's still odd that the migration should fail like this. O.D.
Re: ruby-therubyracer with Ruby 2.2.0p0
Cool, there's a package. Super awesome, thanks Jeremy! Sorry for not noticing it during my struggles. Have a great day! O.D. On 12. juni 2015 at 6:12 AM, Jeremy Evans jeremyeva...@gmail.com wrote: To install the ruby 2.2 version via a package: pkg_add ruby22-therubyracer To install the ruby 2.2 package using ports: cd /usr/ports/devel/ruby-therubyracer FLAVOR=ruby22 make install Thanks, Jeremy
ruby-therubyracer with Ruby 2.2.0p0
Hi! Is there a way to install devel/ruby-therubyracer with the latest Ruby 2.2.0p0 package as a dependency? It seems to require Ruby 2.1 and I'd rather not install that. Thanks! O.D.
Re: What's wrong with script(1)?
Hi Marc / Otto! On 29. januar 2015 at 7:07 PM, Marc Espie es...@nerim.net wrote: And it shouldn't ! script(1) is often used for debugging purposes, and that noise becomes paramount to figuring out what's going on. Thanks, I had no idea. Would it be possible though to mention some use cases where the noise is necessary? Many thanks! O.D.
Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?
Greetings Nick! On 29. januar 2015 at 12:48 PM, Nick Holland n...@holland-consulting.net wrote: On 01/28/15 17:25, openda...@hushmail.com wrote: ... Most of my daemons don't have any flags ... ... Really? Look closer... IF the vast majority of daemons didn't have any flags at all, maybe there'd be some merit to this, but I don't think that's true. Here's a moderately simple rc.conf.local on one of my machines ftpd_flags=-llSA mountd_flags= nfsd_flags=-tun 4 ntpd_flags= pkg_scripts=rsyncd portmap_flags= rsyncd_flags= slowcgi_flags= unbound_flags= portmap has one option flag which is not useful in startup scripts. mountd has two, one of which might be useable in startup scripts, though admittedly really making things unusual. The rest all have important and often useful flags. YOU may not use them often, but some people probably do. OpenBSD uses a Sane Default model, so very often the flags ARE empty, but a lot (I'd guess most, based on that model and spot checking of daemons listed in rc.conf) of the daemons have knobs that some people need to twist. You may not, but while we appreciate your support, you aren't our only user. :) Indeed, don't get me wrong, I use flags all the time as well. I'm just arguing for a cleaner separation between startup and configuration for a slightly more semantic (and better looking) `rc.conf.local`, ie.: ftpd_enable=YES ftpd_flags=-llSA mountd_enable=YES nfsd_enable=YES nfsd_flags=-tun 4 ntpd_enable=YES portmap_enable=YES rsyncd_enable=YES slowcgi_enable=YES unbound_enable=YES Thanks for your feedback! O.D.
Re: What's wrong with script(1)?
Hi, On 27. januar 2015 at 11:14 PM, Andy Bradford amb-sendok-1424992915.iclgpijjkmllbbajd...@bradfords.org wrote: man script: ``script makes a typescript of everything printed on your terminal.'' That's fine, I just don't understand why it can't do it without all the noise and ^Ms. O.D.
Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?
Hi, On 28. januar 2015 at 11:45 PM, James Ryland Miller james.ryland.mil...@gmail.com wrote: As a brand new OpenBSD user, I *love* how the flags work in rc.conf.local: says to me that the daemon is being called with no flags. YES doesn't tell me that; it just tells me that I might have to look in another config file somewhere. Indeed, `daemon_flags=YES` wouldn't make any sense at all. What I'd like to see is: ntpd_enable=YES ntpd_flags=-s Considering we're talking about two different things here (one for enabling it and one for configuring it), one could argue that this would be more in line with the core Unix philosophy (1) of doing one thing and doing it well. Thanks. O.D. (1) http://en.wikipedia.org/wiki/Unix_philosophy On Wed, Jan 28, 2015 at 5:33 PM, openda...@hushmail.com wrote: Hello, On 28. januar 2015 at 11:02 PM, Ingo Schwarze schwa...@usta.de wrote: When you do need flags, it needs only one variable instead of two, which means less complexity. Due to OpenBSD's excellent convention over configuration (1), most people don't need flags. Your argument that the current scheme leads to less complexity is nonsensical at best. Less characters maybe, but are we really joining together two different variables (startup and configuration) for the sake of saving space? Like Einstein said, things should be as simple as possible, but not any simpler. `daemon_flags` carries absolutely no indication of whether this daemon is to be enabled or not. Like my teacher used to say, good design should, where possible, make immediate sense to the user (2). In the case of `rc.conf.local`, this is possible by splitting the current variable into `daemon_enable=YES` and `daemon_flags=` respectively. As for `pkg_scripts`, I'm also a fan of the way FreeBSD handles this by letting you specify `pkg_enable=YES` directly in order to keep things consistent. Having said that, this is pretty much where my admiration of FreeBSD ends :-) Many thanks! O.D. (1) https://en.wikipedia.org/wiki/Convention_over_configuration (2) http://www.amazon.com/Dont-Make-Think-Revisited- Usability/dp/0321965515 -- James R. Miller
Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?
On 29. januar 2015 at 12:02 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: I've think you've had your say. Thank you sir! O.D.
Re: Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?
Hello, On 28. januar 2015 at 11:02 PM, Ingo Schwarze schwa...@usta.de wrote: When you do need flags, it needs only one variable instead of two, which means less complexity. Due to OpenBSD's excellent convention over configuration (1), most people don't need flags. Your argument that the current scheme leads to less complexity is nonsensical at best. Less characters maybe, but are we really joining together two different variables (startup and configuration) for the sake of saving space? Like Einstein said, things should be as simple as possible, but not any simpler. `daemon_flags` carries absolutely no indication of whether this daemon is to be enabled or not. Like my teacher used to say, good design should, where possible, make immediate sense to the user (2). In the case of `rc.conf.local`, this is possible by splitting the current variable into `daemon_enable=YES` and `daemon_flags=` respectively. As for `pkg_scripts`, I'm also a fan of the way FreeBSD handles this by letting you specify `pkg_enable=YES` directly in order to keep things consistent. Having said that, this is pretty much where my admiration of FreeBSD ends :-) Many thanks! O.D. (1) https://en.wikipedia.org/wiki/Convention_over_configuration (2) http://www.amazon.com/Dont-Make-Think-Revisited-Usability/dp/0321965515
Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=` in rc.conf.local?
Hello, Wouldn't `daemon_enable=YES` (like FreeBSD's rc.conf) make more sense for enabling daemons than `daemon_flags=` in rc.conf.local? Most of my daemons don't have any flags so it looks a bit strange (and messy) with all these empty flag specs. Thanks! O.D.
What's wrong with script(1)?
Hi, I find myself using script(1) (together with https://github.com/defunkt/gist) all the time. I was wondering though: 1. Why does it use CRLF line endings? 2. What's with all the startup noise? Script started on Tue Jan 27 23:47:12 2015 [1m[7m#[27m[1m[m [m[27m[24m[Jroot@mybox:~# [Kssmtpd -dv Many thanks! O.D.
PostgreSQL 9.4: initdb: invalid locale settings
Hello, Why won't `postgresql-server-9.4.0` accept my locale? Just upgraded to 5.7 from 5.5. Whatever `postgresql-server` version was in 5.5 didn't have this problem. % su _postgresql % initdb -D /var/postgresql/data/ The files belonging to this database system will be owned by user _postgresql. This user must also own the server process. initdb: invalid locale settings; check LANG and LC_* environment variables `env` says `LC_ALL=en_US.UTF-8`, which according to `locale -a` does exist. Thanks. O.D.
Re: PostgreSQL 9.4: initdb: invalid locale settings
Hello, On 21. januar 2015 at 8:26 PM, frantisek holop min...@obiit.org wrote: LC_ALL is not supported yet, try LC_CTYPE. $ sudo su - _postgresql $ export LC_CTYPE=en_US.UTF-8 $ initdb -D /var/postgresql/data -U postgres -E UTF8 -A md5 -W $ psql -U postgres -l I couldn't get it to work with `LC_CTYPE`. It did, however, work with `initdb -D /var/postgresql/data/ --no-locale`. O.D.
Re: PostgreSQL 9.4: initdb: invalid locale settings
On 21. januar 2015 at 8:44 PM, frantisek holop min...@obiit.org wrote: you are not giving details, so i don't know. but a non-utf8 database nowadays is very limiting. Indeed, thanks for your example. I'm now rolling with `initdb -D /var/postgresql/data/ --no-locale -E UTF8`. O.D.
Re: Ruby 2.2.0 build fails on OpenBSD 5.5
On 19. januar 2015 at 6:45 PM, Jeremy Evans jeremyeva...@gmail.com wrote: Our make doesn't handle some syntax they used in that file. I'm not sure if it's an issue with our make or a bug in exts.mk. It's currently patched out in the lang/ruby/2.2 port. Great news -- thanks Josh and Jeremy! O.D.
Please help upvote OpenBSD at DigitalOcean (again)
Hi, As we all know DigitalOcean now supports FreeBSD. Despite over half of the upvotes at the main BSD thread (https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3232571-support-bsd-os) being for OpenBSD, OpenBSD users have been forced to open up their own separate request thread: http://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/6963821-support-openbsd So please stop by and give us your upvotes. Thanks! O.D.
Ruby 2.2.0 build fails on OpenBSD 5.5
Hi! Anybody know why I'm getting this Ruby 2.2.0 build error? % uname -a OpenBSD dev.my.domain 5.5 GENERIC#276 i386 % ruby-install ruby 2.2.0 ... linking shared-object digest/sha2.so installing default sha2 libraries generating constant definitions compiling etc.c linking shared-object etc.so compiling fcntl.c linking shared-object fcntl.so compiling fiber.c linking shared-object fiber.so *** Parse error in /home/dev/src/ruby-2.2.0/ext/fiddle: Wrong mix of special targets (Makefile:370) .PHONYclean-libffidistclean-libffirealclean-libffi *** Parse error: Wrong mix of special targets (Makefile:371) .PHONYclean-nonedistclean-nonerealclean-none *** Parse error: Wrong mix of special targets (Makefile:377) .PHONYconfigure *** Error 1 in . (exts.mk:177 'ext/fiddle/all') *** Error 1 in /home/dev/src/ruby-2.2.0 (Makefile:684 'build-ext') !!! Compiling ruby 2.2.0 failed! Thanks! O.D.
Re: DigitalOcean's BSD debut is FreeBSD only
Hi, On 16. desember 2014 at 11:14 PM, Jan Stary h...@stare.cz wrote: On Dec 16 17:58:37, openda...@hushmail.com wrote: I think the typical user will eventually realize that OpenBSD is one of the most valuable assets he or she can use in the pursuit of happiness and livelihood for ones family. Once that time comes, he or she will most definitely be looking for something like DigitalOcean. Right, because once you realize OpenBSD is a valuable asset, you are obviously gonna need cloud-based storage. Idiot. I don't see the need to twist my words like that. Should the average user decide to become a web or mobile app developer, cloud-based hosting would surely be the most convenient, and surely OpenBSD would give him or her a competitive advantage over the others. O.D.
DigitalOcean's BSD debut is FreeBSD only
Hi, It seems that DigitalOcean's BSD debut is going to be FreeBSD only. We, in the OpenBSD community, are being asked to open up a separate UserVoice vote for OpenBSD -- despite the fact that we've worked so hard to promote the existing one. So, please drop by and share your frustrations: https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3232571-support-bsd-os -- I reckon around half the votes are from OpenBSD users. Many thanks! O.D.
Re: DigitalOcean's BSD debut is FreeBSD only
What is digital ocean? They're touted as the new rock stars of the hosting industry. Cheap SSD-enabled cloud hosting for your apps. You do have apps don't you? O.D. On 16. desember 2014 at 3:43 PM, Richard E. Thornton thornton.rich...@gmail.com wrote: What is digital ocean? On Tue, 16 Dec 2014, openda...@hushmail.com wrote: Hi, It seems that DigitalOcean's BSD debut is going to be FreeBSD only. We, in the OpenBSD community, are being asked to open up a separate UserVoice vote for OpenBSD -- despite the fact that we've worked so hard to promote the existing one. So, please drop by and share your frustrations: https://digitalocean.uservoice.com/forums/136585- digitalocean/suggestions/3232571-support-bsd-os -- I reckon around half the votes are from OpenBSD users. Many thanks! O.D.
Re: DigitalOcean's BSD debut is FreeBSD only
Hi, On 16. desember 2014 at 4:17 PM, Lars li...@srdn.de wrote: Says who? Now it's digital ocean - next month it will be somebody else. I seem to fall out of the target group for this. As I don't share your obvious enthusiasm and just don't care - so many rock stars rise and fall. There's never been anyone as cheap, as well-designed and as quickly growing as DigitalOcean. Call them The Beatles, The Bob Marley and the Wailers or what have you. I wrote this thread for the people who do care, and I know a lot of you are lurking out there. O.D.
Re: DigitalOcean's BSD debut is FreeBSD only
Hi, On 16. desember 2014 at 4:20 PM, jungle Boogie jungleboog...@gmail.com wrote: I have not personally tested openBSD on https://www.vultr.com/ but I have read (tweets, probably) that it will work. I'm not so sure about Vultr. Icelandic Greenqloud (https://www.greenqloud.com/) are nice though. O.D.
Re: DigitalOcean's BSD debut is FreeBSD only
On 16. desember 2014 at 5:46 PM, Richard E. Thornton thornton.rich...@gmail.com wrote: So, its a cloud based server farm? What's the point for the typical user? I think the typical user will eventually realize that OpenBSD is one of the most valuable assets he or she can use in the pursuit of happiness and livelihood for ones family. Once that time comes, he or she will most definitely be looking for something like DigitalOcean. Thanks. O.D. On Tue, 16 Dec 2014, openda...@hushmail.com wrote: Hi, On 16. desember 2014 at 4:17 PM, Lars li...@srdn.de wrote: Says who? Now it's digital ocean - next month it will be somebody else. I seem to fall out of the target group for this. As I don't share your obvious enthusiasm and just don't care - so many rock stars rise and fall. There's never been anyone as cheap, as well-designed and as quickly growing as DigitalOcean. Call them The Beatles, The Bob Marley and the Wailers or what have you. I wrote this thread for the people who do care, and I know a lot of you are lurking out there. O.D.
Intra-BSD desktop environment based on Google's Material Design guidelines
Hi, An intra-BSD desktop environment based on Google's Material Design guidelines [1] -- would anyone be interested in something like that? This way we could retire PC-BSD, and, coupled with the fact that OpenBSD is the world's only OS allowing you to run Xorg as an unprivileged user [2], we could make a fresh, renewed effort at conquering the Linux desktop market. Not only could this expand OpenBSD's user base by tens of millions, it would also make it clear to smartphone manufacturers which OS they should be basing all their future products on. http://google.com/design/spec/material-design/introduction.html For ol' times sake, let's throw the IRIX® Interactive Desktop User Interface Guidelines in there as well: http://menehune.opt.wfu.edu/Kokua/Irix_6.5.21_doc_cd/usr/share/Insight/library/SGI_bookshelves/SGI_Developer/books/UI_Glines/sgi_html/index.html Many thanks! O.D. -- [1] Quantum OS (Linux): https://news.ycombinator.com/item?id=8645504 [2] Xorg can now run without privilege on OpenBSD: http://undeadly.org/cgi?action=articlesid=20140223112426
FreeBSD's Capsicum
Hi, From what I gather, RBAC / MAC isn't really necessary unless you add people to your system that you don't really trust (ref. Nick Holland @ http://marc.info/?l=openbsd-miscm=139321387226212). But what about FreeBSD's Capsicum? Thanks! O.D.
Re: Tor and Polipo
Hello! Thank you so much. You're most right, there was no need for Polipo, uncommenting the control port in `torrc` was enough. I really appreciate the help, and I hope that I one day can make it up to you. Sharing with you a little bit of music for what it's worth: https://soundcloud.com/jakarta-records/radio-jakarta-003-radio-juicy-radio-juicy-for-jakarta Take care! O.D. On 22. oktober 2014 at 9:15 PM, Dawe dawed...@gmx.de wrote: On Oct 22, 2014 20:44, openda...@hushmail.com wrote: Hi! On 22. oktober 2014 at 8:23 PM, Dawe dawed...@gmx.de wrote: Could you try a connection without the control port? I'm afraid that's mandatory. Can you test with firefox or another browser to make sure it's a tor/polipo problem? Do I even need Polipo, can't I just use Tor directly? Well, Tor speaks socks on the 9050 port. If the client can speak that, you don't need a web proxy like polipo. Also, the default control port is 9051. My bad. Just to be sure: Is your browser inside of the vm? Yes, everything is inside of the vm. What does a telnet 127.0.0.1 9050 telnet 127.0.0.1 8123 say? % telnet 127.0.0.1 9050 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ^CConnection closed by foreign host. % telnet 127.0.0.1 8123 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. ^CConnection closed by foreign host. Ok, and telnet 127.0.0.1 9051? The control port isn't open if you don't change the torrc. Hope
Tor and Polipo
Hi, Does anyone know what's wrong with my Tor + Polipo setup? So far I've done `pkg_add tor pkg_add polipo`, uncommented `socksParentProxy` and `socksProxyType` in `/etc/polipo/config` and then `/etc/rc.d/tor start /etc/rc.d/polipo start`. However I'm still getting connection refused for 10.0.0.5:9050 / 10.0.0.5:9150. Thanks! O.D.
Re: Tor and Polipo
On 22. oktober 2014 at 3:55 PM, Dawe dawed...@gmx.de wrote: I think you have to configure proxyAddress if you want polipo to listen on more than localhost: # Uncomment one of these if you want to allow remote clients to # connect: # proxyAddress = ::0# both IPv4 and IPv6 # proxyAddress = 0.0.0.0# IPv4 only If you use one machine for everything, you should point your browser proxy config at 127.0.0.1:8123 Hi, I'm still getting connection refused when trying to connect: ./my_text_browser --proxy 127.0.0.1:8123 --tor-control 127.0.0.1:9151 ./my_text_browser --proxy 10.0.0.5:8123 --tor-control 10.0.0.5:9151 I'm using one machine for everything (my OpenBSD VirtualBox at 10.0.0.5). Here's my current settings from `/etc/polipo/config`: # proxyAddress = 10.0.0.5 proxyAddress = 127.0.0.1 allowedClients = 127.0.0.1 socksParentProxy = localhost:9050 socksProxyType = socks5 Both Tor and Polipo seems to have started successfully according to `/var/log/messages`. Thank you! O.D.
Node.js core dumps after upgrading packages
Hi, After upgrading all of my OpenBSD packages (http://lteo.net/blog/2012/11/08/reinstalling-all-your-openbsd-packages-with-pkg-adds-fuzzy-matching-feature/) I've started getting frequent core dumps in Node.js. All I'm seeing is `segmentation fault (core dumped)`. I wanted to try https://github.com/ddopson/node-segfault-handler to debug what's going on but it doesn't seem to want to build on OpenBSD. Has anybody experienced anything similar? Thanks. O.D.
Help compiling Ruby libv8 JavaScript engine
Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ % /usr/local/bin/eg++ -v Using built-in specs. COLLECT_GCC=/usr/local/bin/eg++ COLLECT_LTO_WRAPPER=/usr/local/libexec/gcc/i386-unknown-openbsd5.5/4.8.2/lto-wrapper Target: i386-unknown-openbsd5.5 Configured with: /usr/obj/gcc-4.8.2/gcc-4.8.2/configure --enable-libgcj --without-jar --verbose --program-transform-name='s,^,e,' --disable-nls --disable-checking --with-system-zlib --disable-libmudflap --disable-libgomp --disable-tls --with-as=/usr/bin/as --with-ld=/usr/bin/ld --with-gnu-ld --with-gnu-as --enable-threads=posix --enable-wchar_t --with-gmp=/usr/local --enable-languages=c,c++,fortran,objc,java,ada --disable-libstdcxx-pch --enable-cpp --enable-shared --prefix=/usr/local --sysconfdir=/etc --mandir=/usr/local/man --infodir=/usr/local/info --localstatedir=/var --disable-silent-rules Thread model: posix gcc version 4.8.2 (GCC) % gem install libv8 Building native extensions. This could take a while... ERROR: Error installing libv8: ERROR: Failed to build gem native extension. /home/dev/.rubies/ruby-2.1.1/bin/ruby extconf.rb creating Makefile Compiling v8 for ia32 Using python 2.7.6 Using compiler: /usr/local/bin/eg++ (GCC version 5.5) Unable to find a compiler officially supported by v8. It is recommended to use GCC v4.4 or higher In file included from ../src/mark-compact.h:32:0, from ../src/incremental-marking.h:33, from ../src/heap.h:35, from ../src/elements.h:33, from ../src/objects-inl.h:38, from ../src/v8.h:60, from ../src/accessors.cc:28: ../src/spaces.h: In member function 'bool v8::internal::MemoryChunk::TryParallelSweeping()': ../src/spaces.h:467:62: error: invalid conversion from 'intptr_t* {aka long int*}' to 'volatile Atomic32* {aka volatile int*}' [-fpermissive] return NoBarrier_CompareAndSwap(parallel_sweeping_, 1, 0) == 1; ^ In file included from ../src/v8.h:62:0, from ../src/accessors.cc:28: ../src/heap-inl.h: In member function 'intptr_t v8::internal::Heap::AdjustAmountOfExternalAllocatedMemory(intptr_t)': ../src/heap-inl.h:516:49: warning: format '%d' expects argument of type 'int', but argument 2 has type 'long int' [-Wformat=] reinterpret_cast(isolate())); ^ ../src/heap-inl.h:516:49: warning: format '%d' expects argument of type 'int', but argument 3 has type 'long int' [-Wformat=] ../src/heap-inl.h:516:49: warning: format '%x' expects argument of type 'unsigned int', but argument 4 has type 'intptr_t {aka long int}' [-Wformat=] gmake[1]: *** [/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/v8_base/src/accessors.o] Error 1 gmake: *** [ia32.release] Error 2 /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:36:in `block in verify_installation!': libv8 did not install properly, expected binary v8 archive '/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/tools/gyp/libv8_base.a'to exist, but it was not found (Libv8::Location::Vendor::ArchiveNotFound) from /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:35:in `each' from /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:35:in `verify_installation!' from /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/ext/libv8/location.rb:26:in `install!' from extconf.rb:7:in `' GYP_GENERATORS=make build/gyp/gyp --generator-output=out build/all.gyp -Ibuild/standalone.gypi --depth=. -Dv8_target_arch=ia32 -S.ia32 -Dv8_enable_backtrace=1 -Dv8_can_use_vfp2_instructions=true -Darm_fpu=vfpv2 -Dv8_can_use_vfp3_instructions=true -Darm_fpu=vfpv3 -Dwerror='' gmake[1]: Entering directory '/home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out' CXX(target) /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/allocation.o CXX(target) /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/atomicops_internals_x86_gcc.o CXX(target) /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/bignum.o CXX(target) /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/bignum-dtoa.o CXX(target) /home/dev/.gem/ruby/2.1.1/gems/libv8-3.16.14.7/vendor/v8/out/ia32.release/obj.target/preparser_lib/src/cached-powers.o
Re: Help compiling Ruby libv8 JavaScript engine
Hi! Thanks for your help. Actually I am using Node, but for some reason ruby-clean-css (https://github.com/joseph/ruby-clean-css) -- which looks like it's specifically made for Node -- requires libv8 as well. I've contacted the author. All the best, O.D. On 29. september 2014 at 1:12 PM, Edho Arief wrote:On Mon, Sep 29, 2014 at 9:40 PM, wrote: Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ the correct variable is CXX (and make sure to install gmake). Also it's better to just install nodejs if what you need is execjs' javascript runtime. -bash-4.2$ CXX=/usr/local/bin/eg++ GEM_HOME=$HOME/app/rubygems gem install libv8 Building native extensions. This could take a while... ...a long time with hopefully expected result but I stopped because it's running in a low end box... alternatively, install libv8 package and tell gem installer to use system libv8 library as per documentation: -bash-4.2$ GEM_HOME=$HOME/app/rubygems gem install libv8 -- --with-system-v8 Fetching: libv8-3.16.14.7.gem (100%) Building native extensions with: '--with-system-v8' This could take a while... Successfully installed libv8-3.16.14.7 Parsing documentation for libv8-3.16.14.7 Installing ri documentation for libv8-3.16.14.7 Done installing documentation for libv8 after 2 seconds 1 gem installed
Re: Help compiling Ruby libv8 JavaScript engine
Some clarification: On 29. september 2014 at 2:04 PM, Joseph Pearson wrote: Ruby needs an interface into the JavaScript runtime, which libv8 provides. Node is a different concept entirely (though it too needs such an interface, which internally V8 provides). You can see this here: https://github.com/joseph/ruby-clean-css/blob/master/lib/ruby-clean-css/compressor.rb#L41-L45 If you have a Node project, you may just want the Clean-CSS JavaScript library. If you have a Ruby project, you want Ruby-Clean-CSS and its deps. Node itself does not act as a JS engine. Cheers, â J Thanks. O.D. On 29. september 2014 at 1:12 PM, Edho Arief wrote:On Mon, Sep 29, 2014 at 9:40 PM, wrote: Hi, Does anybody have experience compiling the Ruby libv8 JavaScript engine (https://github.com/cowboyd/libv8) on OpenBSD 5.5? It says it can't find a supported compiler despite repeated attempts to point it to `gcc` or `g++` 4.8.2 or 4.6.4 (https://github.com/cowboyd/libv8#bring-your-own-compiler), either via the environment variable below or through symlinking: % export cxx=/usr/local/bin/eg++ the correct variable is CXX (and make sure to install gmake). Also it's better to just install nodejs if what you need is execjs' javascript runtime. -bash-4.2$ CXX=/usr/local/bin/eg++ GEM_HOME=$HOME/app/rubygems gem install libv8 Building native extensions. This could take a while... ...a long time with hopefully expected result but I stopped because it's running in a low end box... alternatively, install libv8 package and tell gem installer to use system libv8 library as per documentation: -bash-4.2$ GEM_HOME=$HOME/app/rubygems gem install libv8 -- --with-system-v8 Fetching: libv8-3.16.14.7.gem (100%) Building native extensions with: '--with-system-v8' This could take a while... Successfully installed libv8-3.16.14.7 Parsing documentation for libv8-3.16.14.7 Installing ri documentation for libv8-3.16.14.7 Done installing documentation for libv8 after 2 seconds 1 gem installed
Re: Why are there no PKG_PATH defaults?
Because /etc/pkg.conf ? Sorry, no such file over here. O.D. On 23. september 2014 at 1:47 PM, Alexander Hall wrote:On September 23, 2014 3:00:41 PM CEST, openda...@hushmail.com wrote: Hi, Expanding on the whole http://en.wikipedia.org/wiki/Convention_over_configuration thing -- why aren't there any sane PKG_PATH defaults? Ie.: release=$(uname -r) architecture=$(uname -p) export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${architecture}/ Because /etc/pkg.conf ? /Alexander Thanks! O.D.
Re: Why are there no PKG_PATH defaults?
OpenBSD solution is to ask the user to choose a mirror at installation time. I don't see this preference being remembered after the installation though. O.D. On 23. september 2014 at 1:25 PM, ludovic coues wrote: why aren't there any sane PKG_PATH defaults? Ie.: release=$(uname -r) architecture=$(uname -p) export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${architecture}/ The point of such default would be to not change the server, resulting in a big load on it. Such problem prompted archlinux to throttle their main repository server to force user to choose a mirror more adapted to geographic situation. OpenBSD solution is to ask the user to choose a mirror at installation time. -- Cordialement, Coues Ludovic +336 148 743 42
Re: Why are there no PKG_PATH defaults?
Because your sane default includes ftp.openbsd.org, which is not sane at all. If PKG_PATH or /etc/pkg.conf were set to default to ftp.openbsd.org then that host would get hammered instead of the user being put in the position of choosing a local mirror. The proper local mirror should ofcourse be set during the installation. O.D. On 24. september 2014 at 5:37 AM, openbsd2012 wrote:| -Original Message- | From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On | Behalf Of openda...@hushmail.com | Sent: Tuesday, September 23, 2014 6:01 AM | Subject: Why are there no PKG_PATH defaults? ... | Expanding on the whole | http://en.wikipedia.org/wiki/Convention_over_configuration thing -- why | aren't there any sane PKG_PATH defaults? Ie.: | | release=$(uname -r) | architecture=$(uname -p) | | export | PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${arc | hitecture}/ | Because your sane default includes ftp.openbsd.org, which is not sane at all. If PKG_PATH or /etc/pkg.conf were set to default to ftp.openbsd.org then that host would get hammered instead of the user being put in the position of choosing a local mirror. -Breeno PS - In anticipation of the typical follow-up argument, whether or not there is a large existing base of lazy people who fail to choose a local mirror is not a valid argument for defaulting all users to ftp.openbsd.org. Such reasoning would merely exacerbate the trouble with the hypothetical status quo.
Re: Why are there no PKG_PATH defaults?
Indeed, the installer only creates that if you install from a mirror. Apart from that, as someone else pointed out, which mirror should one choose? Cool, I didn't know that. Then, in the event that someone installed via an ISO or some pre-defined VM (ie. a DigitalOcean droplets) -- how about a one-time script upon first root login to ask for such info? You do not have a `PKG_PATH` set for `pkg_add`. Would you like us to set it for you? (Y/n) y Choose your nearest mirror: 1. Continent 2. Whatever 3. ... There is currently no ports collection in `/usr/ports`. Would you like us to get it for you? (Y/n) Thanks! O.D. On 24. september 2014 at 1:05 PM, Alexander Hall wrote:On September 24, 2014 12:44:14 PM CEST, openda...@hushmail.com wrote: Because /etc/pkg.conf ? Sorry, no such file over here. Indeed, the installer only creates that if you install from a mirror. Apart from that, as someone else pointed out, which mirror should one choose? /Alexander O.D. On 23. september 2014 at 1:47 PM, Alexander Hall wrote:On September 23, 2014 3:00:41 PM CEST, openda...@hushmail.com wrote: Hi, Expanding on the whole http://en.wikipedia.org/wiki/Convention_over_configuration thing -- why aren't there any sane PKG_PATH defaults? Ie.: release=$(uname -r) architecture=$(uname -p) export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${architecture}/ Because /etc/pkg.conf ? /Alexander Thanks! O.D.
Why are there no PKG_PATH defaults?
Hi, Expanding on the whole http://en.wikipedia.org/wiki/Convention_over_configuration thing -- why aren't there any sane PKG_PATH defaults? Ie.: release=$(uname -r) architecture=$(uname -p) export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${architecture}/ Thanks! O.D.
Re: Vision 2020: Making OpenBSD the world's fastest OS
On 5. mars 2014 at 5:11 PM, Peter N. M. Hansteen wrote: [...snip...] So here's your chance! A good article could earn you undeadly.org fame and megabytes of fan mail! I'll get started right away! O.D. On 5. mars 2014 at 5:11 PM, Peter N. M. Hansteen wrote:openda...@hushmail.com writes: Anybody have any thoughts on how to achieve this? Speed is desirable, of course, at least to some degree. I for one would appreciate much if somebody beat me to writing a well researched article about how to optimize OpenBSD as it is *right now* for desktop wonderfulness. The reason I say this is after mucking about quite a bit with more or less relevant settings (on my by now four years old laptop) in order to get back some of the performance lost to endless code bloat in windowing environments, desktop suites, browsers and websites, I was at least a bit relieved to find yesterday evening that tweaking some settings in login.conf actually had enough effect that I consider the machine mostly usable again. There's bound to be quite a few other things you can do, but digging deep enough is almost certain to be time consuming enough that I'm likely to postpone doing further research or a writeup until my now relatively usable system has helped me finish a few delayed tasks. So here's your chance! A good article could earn you undeadly.org fame and megabytes of fan mail! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
LibreSSL appreciation thread
Just wanted to say great job guys! A gift to humanity and a serious power move for OpenBSD. O.D.
Re: LibreSSL appreciation thread
I'm sending 200 dollars... after I clear the blood from my eye sockets... Comic Sans... Now I know how the Nazis felt in Raiders of the Lost Ark I use it all the time to piss off hipsters too. It's a beautiful font. O.D. Ref. http://helveticafilm.com/ On 22. april 2014 at 2:10 PM, Bryan wrote:I'm sending 200 dollars... after I clear the blood from my eye sockets... Comic Sans... Now I know how the Nazis felt in Raiders of the Lost Ark On Tue, Apr 22, 2014 at 7:05 AM, wrote: Just wanted to say great job guys! A gift to humanity and a serious power move for OpenBSD. O.D.
Vision 2020: Making OpenBSD the world's fastest OS
Anybody have any thoughts on how to achieve this? Thanks. O.D.
Re: php or nginx chroot?
And this: http://openbsd.7691.n7.nabble.com/Ruby-on-Rails-and-the-chrooted-nginx-8-td229745.html If you're new to webdev perhaps it's best to avoid PHP while you can so you don't regret having made the wrong choice later down the line. O.D. On 2. mars 2014 at 4:58 AM, Jay Patel wrote:May be this will be helpful : http://www.h-i-r.net/p/openbsd.html On Sun, Mar 2, 2014 at 12:25 AM, Aaron wrote: Hi, I've been using openbsd for a while now but just recently decided to use nginx to provide http services. Currently I'm running OBSD 5.4 stable on a HP dl360 g6. I'm new to php-fpm and nginx but trying to work through it. Previously I worked through the issues of having apache chrooted and made things work but I've been having a bit of difficulty with the new setup. This is of course an subjective question but do the guru's here feel it's more important to chroot nginx or to use a chroot for php-fpm? I've had a difficult time getting quite a few different php applications working with a chroot set with php-fpm, and of course since most of them (piwigo, modx, coppermine etc) seem to be developed for an apache2/mod_php environment, the forums there aren't a ton of help usually. Since this isn't a specific issue I haven't provided any configs, but if someone would like, I certainly can. Thanks, Aaron
Re: More OpenBSD on Hacker News -- RBAC and jails anyone?
Thank you so much for the explanation guys. It makes perfect sense now. O.D. On 24. februar 2014 at 3:50 AM, Nick Holland wrote:On 02/23/14 21:09, openda...@hushmail.com wrote: Hello, Got some more layman's questions here after reading [url snipped] OpenBSD for security I dunno, I hear this a lot. Sure OpenBSD has created and implemented some (often very bleeding edge) hardening features, but nothing that hasn't seen the light of day in something like GRSecuriy. But the lack of other security layers and constructs seem puzzling to me. No RBAC-based system like selinux? No attempt to secure the supply chain until very recently with package signing? Chroot functionality inferior to something like FreeBSD's jails? Not to mention that many services you would deploy an OpenBSD server for are provided by ports and not the base system, forgoing the strict auditing that OpenBSD provides. [... snip ...] 1. Why doesn't OpenBSD have something like RBAC? Security means a lot of different things to different people. If you are running an old-style multi-user system (i.e., lots of people have terminals on their desk, all logging into the Big Computer In Another Room), where most of the users are of very limited access rights, and you need to carefully manage what they are getting to, yes RBAC (Role Based Access Control) is a great help. And maybe OpenBSD isn't your first choice. However, OpenBSD systems are often deployed for web services or network services (or single-user systems like desktops). The only people with access to the OpenBSD command prompt are usually either moderately trusted or have administrative rights through sudo anyway. For this, RBAC is just extra baggage, something that's more likely to be exploited than to be useful. OpenBSD's security model is more about -- as I phrase it -- keeping the bastards out, not controlling them (or hoping to control them) after they are in. Making life difficult for attackers once they get into your system is usually not going to be overly productive, and usually makes administration of the system much more difficult, which often creates NEW security problems of their own. While people like to talk about Defense in depth -- and it is not a bad idea -- your best goal is to keep the bastards on the outside of your systems, as once they are in, they can utilize anything you don't have perfectly bolted down to accomplish their goals (and yes, that statement puts me opposite a lot of people making a lot of money chasing down bad guys AFTER they inflitrate systems). In the Real World: First thing most people do on an SElinux system is disable SELinux. At that point, all the RBAC features are now just pure glossy advertising -- worthless. For fear of breaking things, the Linux people have chosen to put a big on-off switch on SELinux...and so given a choice between fixing applications and turning off the switch...people just turn off the switch. ANY claimed benefits of SELinux are ONLY there if it is enabled and used properly. 2. Is chroot really inferior to FreeBSD jails? define inferior. Properly implemented, a chroot is pretty close to doing exactly what it claims to do. Combined with good coding, like privilge separation, it can make apps pretty darned secure. But, it is hard to retrofit onto poorly designed apps. Stuffing a poorly designed app into a FreeBSD jail may be better than running it as it was intended, but history has shown that poorly designed applications are usually security problems, and a jail may not prevent that at all. At best, a jail will prevent Application A from messing with Application B or the underlying OS, but it won't help one bit in keeping Application A from being exploited, and if the exploit is useful, mission accomplished. Jails look like a maintenance nightmare... created by building from source? oh my... Haven't done this myself, but it doesn't look like fun on a large number of machines. Or a machine I have 30 minutes to do an upgrade on. or 90% of the machines here in my house. As for GRSecurity...well, looking at their website, it is still a bunch of patches for Linux to be applied by the user; it still doesn't seem to be incorporated into any mainline Linux distros. I suspect this says far more about the Linux mindset than the merits of GRSecurity (even if the GRSecurity implementation sucked horribly...FIX IT and then incorporate it! Sheesh!) What's different about OpenBSD is that the features like stack smash protection and W^X are in the base system, on all possible platforms (and a few that didn't seem possible at first!), always on, and there's no easy off-switch, so crapplications HAVE to be improved in order to work. I can't prove this (and I doubt anyone could), but I suspect that OpenBSD has resulted in more improvements to programs commonly used on Linux than GRSecurity has. A lot of people like to say OpenBSD doesn't matter because few uses it, if that's
Re: hey, undeadly WAKE UP
Your blog has potential. Protips: - simplify the design like Medium.com, or better, join Medium.com - make it mobile friendly---https://github.com/h5bp/mobile-boilerplate - remove the focus on DragonFly to avoid alienating non-DragonFly users - get yourself a relevant domain name O.D. On 22. februar 2014 at 9:51 PM, Justin Sherrill wrote:I know this isn't directly helpful, but I post 'from-any-BSD' content on the DragonFly Digest every Saturday, and I'll happily take anything OpenBSD related if someone wants to send it/point me at it. That still may be a bit of a delay since I do it weekly, but that's more a measure of my reading speed/spare time to assemble posts right now. On Sat, Feb 22, 2014 at 1:08 PM, Marc Espie wrote: I know there are some undeadly people that still read misc@ Guys, stop sitting on articles ! you can live with an empty queue. I know there are at least a few articles in the queue *right now*, some have been there for over two weeks. This is utterly utterly stupid. If someone spends time to write shitz for you, and if you sit on the article for a month, they are very much less likely to write again next time... ... so you get even less articles ... so you're worried about the next publication. Don't try to do any smart content management. You got five papers out in one day ? FINE. What's the problem really ? Oh right, BSD is dying. Well, you know OpenBSD is NOT. Stop making it look bad and appear LIKE IT IS.
More OpenBSD on Hacker News -- RBAC and jails anyone?
Hello, Got some more layman's questions here after reading https://news.ycombinator.com/item?id=7287639 -- OpenBSD for security I dunno, I hear this a lot. Sure OpenBSD has created and implemented some (often very bleeding edge) hardening features, but nothing that hasn't seen the light of day in something like GRSecuriy. But the lack of other security layers and constructs seem puzzling to me. No RBAC-based system like selinux? No attempt to secure the supply chain until very recently with package signing? Chroot functionality inferior to something like FreeBSD's jails? Not to mention that many services you would deploy an OpenBSD server for are provided by ports and not the base system, forgoing the strict auditing that OpenBSD provides. [... snip ...] 1. Why doesn't OpenBSD have something like RBAC? 2. Is chroot really inferior to FreeBSD jails? Thanks. O.D.
Re: OpenBSD rootkits
On 16. februar 2014 at 10:11 PM, Daniel CegieÅka wrote:try this: --- cat id0.c --- int getuid(){return 0;} int geteuid(){return 0;} int getgid(){return 0;} int getegid(){return 0;} --- end cut --- # shell (as normal user): id -un cc -shared id0.c -o id0 LD_PRELOAD=./id0 sh id -un What does that do? O.D. best, Daniel 2014-02-16 22:36 GMT+01:00 : Hello! Came across this on Hacker News earlier today: New Linux userland rootkit with anti-debugging, new backdoors and pcap hiding https://news.ycombinator.com/item?id=7246836 And it made me wonder -- how vulnerable is OpenBSD to this type of stuff? Thanks! O.D.
OpenBSD rootkits
Hello! Came across this on Hacker News earlier today: New Linux userland rootkit with anti-debugging, new backdoors and pcap hiding https://news.ycombinator.com/item?id=7246836 And it made me wonder -- how vulnerable is OpenBSD to this type of stuff? Thanks! O.D.
OpenBSD packages extremely outdated?
Hello, Are OpenBSD's packages extremely outdated? What would you say to this guy? At least with Linux I don't have to wait 6 hours for all my software to finish compiling. Think about all the trees that are unnecessarily cut down because of all that compiling. [...snip...] OpenBSD only has a small number of precompiled packages, and usually extremely outdated. If you want to get anything useful you have to compile ports. https://news.ycombinator.com/item?id=7196494 Thanks! O.D.
Re: OpenBSD VPS Providers
On 11. desember 2013 at 11:03 AM, Some Developer wrote:Hi, I'm looking for a VPS provider that supports OpenBSD (preferably the latest version). I've obviously found a few but what I really want is easy to create and destroy instances in the same way you can on Digital Ocean and Linode (which I use for my Linux boxes). We're all pretty much waiting for Digital Ocean. Unless it's a cloud, it's a no-go in my book. https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os- O.D. An API for automatic creation and destruction of virtual machines would be fantastic and if I was being really picky a European location for the servers. Does anyone have any suggestions and recommendations? I'd rather use a provider that has some positive customer reviews from this list. Some of the available options from a Google search look a bit shabby (I could be completely wrong and they are excellent companies I'm just basing it on what I can see). I'll be using this box as a VPN server.
OpenBSD for mobile
Hi, Are there any plans to make somelike like http://www.ubuntu.com/phone for OpenBSD? Thanks. O.D.
Should Android have used OpenBSD instead of Linux?
Hi, What are the ups and downs of replacing Linux with OpenBSD in Google's Android operating system? I guess this question would apply to the new Sailfish OS as well. Thanks. O.D.
Re: OpenBSD for mobile
* something like On 26. november 2013 at 4:09 PM, openda...@hushmail.com wrote: Hi, Are there any plans to make somelike like http://www.ubuntu.com/phone for OpenBSD? Thanks. O.D.
Re: Help building Node module on OpenBSD
Thanks again Aaron, I really appreciate it. Sharing this back to the list for them other Node heads out there. All the best! O.D. On 6. november 2013 at 5:33 PM, Aaron Bieber def...@gmail.com wrote: On Wed, Nov 06, 2013 at 04:03:43PM +, openda...@hushmail.com wrote: On 6. november 2013 at 3:56 PM, Aaron Bieber def...@gmail.com wrote: Perfect - that's what we want :P Now do the export LDFLAGS=-L/usr/local/lib and it will build fine. Wow, what exactly happened here? :) It works! Thank you so much! Not 100% sure, but something was preventing /usr/local/lib/node_modules/node-gyp/gyp/gyp from picking up the gyp you had installed, so it was defaulting to the internal node version. The requirement for LDFLAGS being set is because some node modules only look in /usr/lib when they do the linking. 5.5 will have a fix that forces gyp to be installed as a node dependency. 5.4 works fine as long as gyp is installed. Also, in 5.4 everything should work flawless right? O.D. % npm install fibers npm http GET https://registry.npmjs.org/fibers npm http 304 https://registry.npmjs.org/fibers fibers@1.0.1 install /home/opendaddy/myapp/node_modules/fibers node ./build.js gmake: Entering directory `/home/opendaddy/myapp/node_modules/fibers/build' g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '- DBUILDING_NODE_EXTENSION' -I/home/opendaddy/myapp/.node- gyp/0.8.18/src -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/uv/include -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread - m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno- rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/fibers.o.d.raw - c - o Release/obj.target/fibers/src/fibers.o ../src/fibers.cc g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '- DBUILDING_NODE_EXTENSION' -I/home/opendaddy/myapp/.node- gyp/0.8.18/src -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/uv/include -I/home/opendaddy/myapp/.node- gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread - m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno- rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/coroutine.o.d.raw - c -o Release/obj.target/fibers/src/coroutine.o ../src/coroutine.cc cc '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '- DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_ASM' '-DBUILDING_NODE_EXTENSION' - I/home/opendaddy/myapp/.node-gyp/0.8.18/src - I/home/opendaddy/myapp/.node-gyp/0.8.18/deps/uv/include - I/home/opendaddy/myapp/.node-gyp/0.8.18/deps/v8/include - I/usr/include -fPIC -Wall -pthread -m64 -O2 -fno-strict- aliasing - fno-tree-vrp -fno-tree-sink -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/libcoro/coro.o.d.ra w -c -o Release/obj.target/fibers/src/libcoro/coro.o ../src/libcoro/coro.c flock ./Release/linker.lock g++ -shared -pthread -rdynamic - m64 -pthread -Wl,-soname=fibers.node -o Release/obj.target/fibers.node -Wl,--start-group Release/obj.target/fibers/src/fibers.o Release/obj.target/fibers/src/coroutine.o Release/obj.target/fibers/src/libcoro/coro.o -Wl,--end-group - lz - lv8 -L/usr/lib -lssl -lcrypto /usr/bin/ld: cannot find -lv8 collect2: ld returned 1 exit status gmake: *** [Release/obj.target/fibers.node] Error 1 gmake: Leaving directory `/home/opendaddy/myapp/node_modules/fibers/build' gyp ERR! build error gyp ERR! stack Error: `gmake` failed with exit code: 2 gyp ERR! stack at ChildProcess.onExit (/usr/local/lib/node_modules/node-gyp/lib/build.js:257:23) gyp ERR! stack at ChildProcess.EventEmitter.emit (events.js:99:17) gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:678:10) gyp ERR! System OpenBSD 5.3 gyp ERR! command node /usr/local/lib/node_modules/npm/node_modules/node-gyp/bin/node- gyp.js rebuild gyp ERR! cwd /home/opendaddy/myapp/node_modules/fibers gyp ERR! node -v v0.8.18 gyp ERR! node-gyp -v v0.8.2 gyp ERR! not ok Build failed npm ERR! fibers@1.0.1 install: `node ./build.js` npm ERR! `sh -c node ./build.js` failed with 1 npm ERR! npm ERR! Failed at the fibers@1.0.1 install script. npm ERR! This is most likely a problem with the fibers package, npm ERR! not with npm itself. npm ERR! Tell the author that this fails on your system: npm ERR! node ./build.js npm ERR! You can get their info via: npm ERR! npm owner ls fibers npm ERR! There is likely additional logging output above. npm ERR! System OpenBSD 5.3 npm ERR! command /usr/local/bin/node /usr/local/bin/npm install fibers npm ERR! cwd /home/opendaddy/myapp npm ERR! node -v v0.8.18 npm ERR! npm -v 1.2.2 npm ERR! code ELIFECYCLE npm ERR! npm ERR! Additional logging details can be found in: npm ERR! /home/opendaddy/myapp
Help building Node module on OpenBSD
Hi, I'm trying to install the Fibers (https://npmjs.org/package/fibers) Node module on OpenBSD but it seems to be failing. I contacted the author and he told me to check the bindings.gyp file: Anything here OpenBSD might react to? % cat .npm/fibers/1.0.1/package/binding.gyp { 'target_defaults': { 'default_configuration': 'Release', 'configurations': { 'Release': { 'cflags': [ '-O3' ], 'xcode_settings': { 'GCC_OPTIMIZATION_LEVEL': '3', 'GCC_GENERATE_DEBUGGING_SYMBOLS': 'NO', }, 'msvs_settings': { 'VCCLCompilerTool': { 'Optimization': 3, 'FavorSizeOrSpeed': 1, }, }, } }, }, 'targets': [ { 'target_name': 'fibers', 'sources': [ 'src/fibers.cc', 'src/coroutine.cc', 'src/libcoro/coro.c', # Rebuild on header changes 'src/coroutine.h', 'src/libcoro/coro.h', ], 'cflags!': ['-ansi'], 'conditions': [ ['OS == win', {'defines': ['CORO_FIBER', 'WINDOWS']}, # else { 'defines': ['USE_CORO', 'CORO_GUARDPAGES=1'], 'ldflags': ['-pthread'], } ], ['OS == linux or OS == solaris or OS == sunos or OS == freebsd', {'defines': ['CORO_UCONTEXT']}], ['OS == mac', {'defines': ['CORO_SJLJ']}], ['OS == openbsd', {'defines': ['CORO_ASM']}], ['target_arch == arm', { # There's been problems getting real fibers working on arm 'defines': ['CORO_PTHREAD'], 'defines!': ['CORO_UCONTEXT', 'CORO_SJLJ', 'CORO_ASM'], }, ], ], }, ], } Here is the build error itself: % npm install fibers npm http GET https://registry.npmjs.org/fibers npm http 304 https://registry.npmjs.org/fibers fibers@1.0.1 install /home/opendaddy/myapp/node_modules/fibers node ./build.js gmake: Entering directory `/home/opendaddy/myapp/node_modules/fibers/build' g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_UCONTEXT' '-DBUILDING_NODE_EXTENSION' -I/home/opendaddy/.node-gyp/0.8.18/src -I/home/opendaddy/.node-gyp/0.8.18/deps/uv/include -I/home/opendaddy/.node-gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread -m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno-rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/fibers.o.d.raw -c -o Release/obj.target/fibers/src/fibers.o ../src/fibers.cc In file included from ../src/coroutine.h:4, from ../src/fibers.cc:1: ../src/libcoro/coro.h:321:23: warning: ucontext.h: No such file or directory g++ '-D_LARGEFILE_SOURCE' '-D_FILE_OFFSET_BITS=64' '-DUSE_CORO' '-DCORO_GUARDPAGES=1' '-DCORO_UCONTEXT' '-DBUILDING_NODE_EXTENSION' -I/home/opendaddy/.node-gyp/0.8.18/src -I/home/opendaddy/.node-gyp/0.8.18/deps/uv/include -I/home/opendaddy/.node-gyp/0.8.18/deps/v8/include -I/usr/include -fPIC -Wall -pthread -m64 -O2 -fno-strict-aliasing -fno-tree-vrp -fno-tree-sink -fno-rtti -fno-exceptions -MMD -MF ./Release/.deps/Release/obj.target/fibers/src/coroutine.o.d.raw -c -o Release/obj.target/fibers/src/coroutine.o ../src/coroutine.cc In file included from ../src/coroutine.h:4, from ../src/coroutine.cc:1: ../src/libcoro/coro.h:321:23: warning: ucontext.h: No such file or directory ../src/coroutine.cc: In member function 'void Coroutine::transfer(Coroutine)': ../src/coroutine.cc:152: error: 'swapcontext' was not declared in this scope gmake: *** [Release/obj.target/fibers/src/coroutine.o] Error 1 gmake: Leaving directory `/home/opendaddy/myapp/node_modules/fibers/build' gyp ERR! build error gyp ERR! stack Error: `gmake
Re: Help building Node module on OpenBSD
Hello, On 5. november 2013 at 1:06 PM, David Coppa dco...@gmail.com wrote: OpenBSD lacks the ucontext.h and associated functions (setcontext/getcontext, swapcontext, and makecontext). Ouch. That does not look good. From https://code.google.com/p/cog/issues/detail?id=132 -- Secondly, its not about can i get this to work with my favorite distro. ucontext is a long deprecated library that makes use of long deprecated c functions. Using it goes against best practices. If it weren't for certain applications/distros, ucontext would be dead a long time ago. The idea is to replace the deprecated library with something that doesn't use deprecated c functions and is more portable. Any idea what to do? Thanks. O.D.
Re: Help building Node module on OpenBSD
On 5. november 2013 at 2:22 PM, Alexey E. Suslikov alexey.susli...@gmail.com wrote: David Coppa dcoppa at gmail.com writes: OpenBSD lacks the ucontext.h and associated functions (setcontext/getcontext, swapcontext, and makecontext). http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/node-fibers/ Thanks, didn't know that existed. O.D.
Re: Help building Node module on OpenBSD
Hello, On 5. november 2013 at 2:29 PM, Aaron def...@gmail.com wrote: The problem is because node's gyp was not taught (my bad - I fixed it for next release) what OpenBSD boxes are. To fix it - simply `pkg_add gyp` (obviously you will need to have PKG_PATH set). Once gyp is installed the ['OS == openbsd', {'defines': ['CORO_ASM']}], line will actually be picked up. Great, thanks for sharing :) O.D.
Re: Help building Node module on OpenBSD
Hello again, On 5. november 2013 at 2:31 PM, Aaron def...@gmail.com wrote: The problem is because node's gyp was not taught (my bad - I fixed it for next release) what OpenBSD boxes are. To fix it - simply `pkg_add gyp` (obviously you will need to have PKG_PATH set). Once gyp is installed the ['OS == openbsd', {'defines': ['CORO_ASM']}], line will actually be picked up. Any chance you could bump the version to 1.0.1? My `npm install` still trying to install node-fibers after installing it via ports, probably because the parent Node package requires Fibers 1.0.1 as opposed to 0.6.8p0 in ports. Thanks. O.D.
Re: Help building Node module on OpenBSD
Hello, On 5. november 2013 at 4:37 PM, Aaron def...@gmail.com wrote: If you need 1.0.1, I would recommend pkg_delete'ing the port version - and letting npm install it (just make sure gyp is installed). gyp-0.1282 is installed, but it seems I'm getting the same ../src/libcoro/coro.h:321:23: warning: ucontext.h: No such file or directory as earlier. What to do next? Thanks. O.D.
Re: Help vote for OpenBSD
Don't forget to vote! On 9. oktober 2013 at 2:09 PM, openda...@hushmail.com wrote: Hi, Could you guys help me vote for OpenBSD at Digital Ocean? https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os- Basically it's the only SSD cloud hosting provider (https://www.youtube.com/watch?v=vHZLCahai4Q) in existence and if the response is good enough, they'll start offering OpenBSD. Thanks! O.D.
Re: Best OpenBSD cloud hosting?
On 10. oktober 2013 at 7:15 AM, InterNetX - Robert Garrett robert.garr...@internetx.com wrote: I just want to know what a cloud is. Not really satisfied with the definition at http://en.wikipedia.org/wiki/Cloud_computing, here's my own attempt at one: A cloud is a bunch of machines connected into a distributed network, acting like a single virtual machine but with unlimited speed, memory and bandwidth, with the possibility of downtime completely eliminated, and where one only has to pay for the speed, memory and bandwidth one uses. Please correct me if I'm wrong. O.D.
Re: Best OpenBSD cloud hosting?
On 10. oktober 2013 at 10:34 AM, Janne Johansson icepic...@gmail.com wrote: Clouds solve problems for you. Like this: http://www.cloudave.com/17213/cloud-is-simple-well-its-real- complex-but-that-complexity-can-and-should-be-hidden-from- users/geek-poke-cloud-complex/ 2013/10/10 Florian Obser flor...@narrans.de On Thu, Oct 10, 2013 at 09:15:34AM +0200, InterNetX - Robert Garrett wrote: I just want to know what a cloud is. http://xkcd.com/908/ -- I'm not entirely sure you are real. -- May the most significant bit of your life be positive. Too cool :) O.D.
Help vote for OpenBSD
Hi, Could you guys help me vote for OpenBSD at Digital Ocean? https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os- Basically it's the only SSD cloud hosting provider (https://www.youtube.com/watch?v=vHZLCahai4Q) in existance and if the response is good enough, they'll start offering OpenBSD. Thanks! O.D.
Re: Help vote for OpenBSD
* existence On 9. oktober 2013 at 2:09 PM, openda...@hushmail.com wrote: Hi, Could you guys help me vote for OpenBSD at Digital Ocean? https://digitalocean.uservoice.com/forums/136585-digital- ocean/suggestions/3232571-support-bsd-os- Basically it's the only SSD cloud hosting provider (https://www.youtube.com/watch?v=vHZLCahai4Q) in existance and if the response is good enough, they'll start offering OpenBSD. Thanks! O.D.
Re: My VPS is acting slow (KVM)
On 6. oktober 2013 at 1:15 PM, Manolis Tzanidakis mtzanida...@gmail.com wrote: First, upgrade to STABLE to avoid potential kernel panics. Check patch 007 in http://openbsd.org/errata53.html for more info. M:Tier offers pre-built patches and packages, if you want to avoid compiling. Check https://stable.mtier.org/ . To be able to switch back and forth from wd/em to vioblk/vio: - make sure you use DUID in fstab. disklabel(8) for more info. - copy /etc/hostname.em0 to /etc/hostname.vio0 . - ask your vps provider to enable virtio for disk and net. My VPS provider says it will take them a couple of weeks to enable virtio. Does it really take that long? They also say they have virtio enabled for FreeBSD, meaning they were aware that their OpenBSD offering was going to be below par, but chose to sell it to me anyway. O.D.
Re: Best OpenBSD cloud hosting?
On 9. oktober 2013 at 7:06 PM, Dorian H. doj...@gmail.com wrote: I've got a few OpenBSD boxes running at TransIP, very satisfied about it. QEMU/KVM based, and they recently added a new feature, 'private networks' between two or more VPS's. It might not explicitly have the label 'cloud' attached to it, but still very nice; and quite cheap as well. TransIP's OpenBSD boxes do not have virtio. Have you tried running I/O intensive tasks on your servers to see how they compare to normal servers? O.D.
Re: Help vote for OpenBSD
Keep them coming guys! Couple hundred more and OpenBSD will top the list: https://digitalocean.uservoice.com/forums/136585-digital-ocean/filters/top Would be great PR for OpenBSD too. On 9. oktober 2013 at 9:45 PM, Stuart Henderson s...@spacehopper.org wrote: On 2013-10-09, openda...@hushmail.com openda...@hushmail.com wrote: Basically it's the only SSD cloud hosting provider (https://www.youtube.com/watch?v=vHZLCahai4Q) in existance No it isn't. Do share. O.D.
Best OpenBSD cloud hosting?
Hi, Can anyone recommend a decent OpenBSD cloud hosting provider? Digital Ocean looks nice but they don't yet offer OpenBSD (https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-). There's ARP Networks and TransIP but they don't offer clouds. Thanks. O.D.
Re: My VPS is acting slow (KVM)
On 6. oktober 2013 at 4:29 AM, Chris Cappuccio ch...@nmedia.net wrote: This is really vague. What tasks are taking so long? You are sharing disk I/O, oversubscribed. You are sharing CPU time, oversubscribed. Any clues? Good point. I'm doing asset precompilation in this Ruby on Rails app - a process that should only take a couple of minutes if not seconds, but ends up taking over 1 hour on my VPS. I asked around and it seems to be a very I/O intensive process. So what are my options? Demand better services from my ISP or stop using VPS altogether? Thanks! O.D.
Re: My VPS is acting slow (KVM)
Hi, On 6. oktober 2013 at 10:18 AM, Manolis Tzanidakis mtzanida...@gmail.com wrote: Hello, virtio(4) can make a big difference. Providing at least a dmesg dump will get you better answers :). Looks awesome! I just load this into my kernel? On 6. oktober 2013 at 10:35 AM, Darren Tucker dtuc...@zip.com.au wrote: one thing you can try is disabling mpbios and, if you don't need usb, uhci in the kernel. I've only seen this make a diffence on i386 and it may be specific to some versions of qemu. Here she is. Lemme know what you think. Thanks a lot guys. OpenBSD 5.3 (GENERIC) #53: Tue Mar 12 18:15:44 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1072685056 (1022MB) avail mem = 1021726720 (974MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfd900 (10 entries) bios0: vendor Bochs version Bochs date 01/01/2011 bios0: Bochs Bochs acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: QEMU Virtual CPU version 1.3.1, 2200.28 MHz cpu0: FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,POPCNT,NXE,LONG,LAHF cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: apic clock running at 999MHz mpbios0: bus 0 is type PCI mpbios0: bus 1 is type ISA ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK wd0: 16-sector PIO, LBA48, 51200MB, 104857600 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: QEMU, QEMU DVD-ROM, 1.3. ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 Intel 82371SB USB rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x03: apic 0 int 9 iic0 at piixpm0 iic0: addr 0x4c 48=00 words 00= 01= 02= 03= 04= 05= 06=0 000 07= iic0: addr 0x4e 48=00 words 00= 01= 02= 03= 04= 05= 06=0 000 07= vga1 at pci0 dev 2 function 0 unknown vendor 0x1234 product 0x rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 3 function 0 Intel PRO/1000MT (82540EM) rev 0x03: apic 0 int 11, address 52:54:00:8a:35:cc eap0 at pci0 dev 4 function 0 Ensoniq AudioPCI rev 0x00: apic 0 int 11 audio0 at eap0 midi0 at eap0: AudioPCI MIDI UART virtio0 at pci0 dev 5 function 0 Qumranet Virtio Memory rev 0x00: Virtio Memory Balloon Device viomb0 at virtio0 virtio0: apic 0 int 10 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 1: density unknown usb0 at uhci0: USB revision 1.0 uhub0 at usb0 Intel UHCI root hub rev 1.00/1.00 addr 1 nvram: invalid checksum mtrr: Pentium Pro MTRR support uhidev0 at uhub0 port 1 configuration 1 interface 0 QEMU QEMU USB Tablet rev 1.00/0.00 addr 2 uhidev0: iclass 3/0 uhid0 at uhidev0: input=6, output=0, feature=0 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (602ac4aec386954e.a) swap on wd0b dump on wd0b WARNING: / was not properly unmounted clock: unknown CMOS layout O.D.
Re: My VPS is acting slow (KVM)
Hi, On 6. oktober 2013 at 1:15 PM, Manolis Tzanidakis mtzanida...@gmail.com wrote: First, upgrade to STABLE to avoid potential kernel panics. Check patch 007 in http://openbsd.org/errata53.html for more info. M:Tier offers pre-built patches and packages, if you want to avoid compiling. Check https://stable.mtier.org/ . To be able to switch back and forth from wd/em to vioblk/vio: - make sure you use DUID in fstab. disklabel(8) for more info. - copy /etc/hostname.em0 to /etc/hostname.vio0 . - ask your vps provider to enable virtio for disk and net. This is great stuff man! 1. I've asked my VPS provider. Now, if they change to virtio(4) before I get a chance to complete the above steps, will I be locked out of my VPS? 2. Do these steps involve the actual switching from wd/em to vioblk/vio or is that something I must do afterwards? 3. You say to be able to switch back and forth. Is there any reason why I would want to switch back? 4. M:Tier looks hot! Thanks for the tip! I always figured OpenBSD to be so rock solid, at least compared to FreeBSD where I come from, that I wouldn't need to upgrade to STABLE. Thanks again. O.D.
My VPS is acting slow (KVM)
Hi, My OpenBSD VPS is taking way too long to complete certain tasks. Is there a way to stress test my system to find out if it's working the way it should? I'm suspecting my ISP is having trouble with their hardware or KVM setup, but I'd like to do everything I can before I take it to them. Thanks! O.D.
Re: Interrupts cause uaudio stuttering with mpd
Is this the Akai MPD18 or 24? O.D.
Re: DNS Proxy
On 15. september 2013 at 11:57 AM, Monah Baki monahb...@gmail.com wrote: Hi all, I'm running OpenBSD 5.2 with squid for a friend who owns an ISP outside the U.S and uses my OpenBSD squid proxy to access netflix. I've been told this can be also accomplished via DNS Proxy. Is it true? If yes which one do you recommend? I don't know about that, but the same can be accomplished if your server runs sshd and your friend sets up an SSH tunnel for instance using PuTTY and Firefox. O.D.
Re: Creating Mobile Apps ..
On 12. september 2013 at 12:04 PM, Peter N. M. Hansteen pe...@bsdly.net wrote: I assume you paid somebody for a list that includes addresses likely to produce negative reactions. I'll give you this much better list for free, with a total of 25083 adresses: http://www.bsdly.net/~peter/sortlist Please make sure any future mailings of yours are sent to those addresses first. I can vouch for this list. Helped me out when I was down. O.D. Yours sincerely Peter N. M. Hansteen -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Can't get PostgreSQL to run on startup
Hi, Anybody else having trouble getting PostgreSQL to run on startup? I always have to do /etc/rc.d/postgresql start manually. My line in /etc/rc.conf.local reads: pkg_scripts=postgresql,enginx. Nothing fishy in the logs. I'm using postgresql-server-9.2.3 (initdb -D /var/postgresql/data/) on OpenBSD 5.3. Thanks. O.D.
Re: Can't get PostgreSQL to run on startup
On 11. september 2013 at 3:19 PM, Antoine Jacoutot ajacou...@bsdfrog.org wrote: This is not how pkg_scripts works. See rc.conf.local(5). Thanks a lot Vijay, Antoine. Works great now. Can't recall where I got the pkg_scripts=foo,bar format from though. O.D.
Re: Data Mining/Crawling a Mailing List
On 5. september 2013 at 6:24 PM, Kasper Adel karim.a...@gmail.com wrote: Hello, A bit off topic but i was looking for a way/tool that could crawl through a mailing list/news archives and try to filter most common discussions and things like that, if anyone is aware of such a tool, pls let me know. Are you familiar with Node.js? O.D.
Re: Java on OpenBSD 5.3
On 19. juli 2013 at 9:13 PM, Miod Vallat m...@online.fr wrote: Pretty sure it takes more than 1.7G to build Java. But then how can java people pretend it has any usefulness, besides filing disks? They say Android apps are just an excuse for Java devs to keep programming in Java. Now that HTML5 can access the phone's camera, microphone etc., it's just a matter of time before native mobile apps become obsolete. O.D.
Re: Java on OpenBSD 5.3
On 20. juli 2013 at 3:54 PM, Amit Kulkarni amitk...@gmail.com wrote: Nope, plenty of disk space left in /usr/local (my ports are in /usr/local/ports). why are ports inside /usr/local. it should be /usr/ports. Some ports may fail. Maybe, yeah. I updated PORTSDIR in /etc/mk.conf though. Anyway I just gotta work on freeing up some space and I should be good. Thanks. O.D.
Re: Java on OpenBSD 5.3
On 20. juli 2013 at 5:34 PM, Jan Stary h...@stare.cz wrote: Why are you building the (huge) port, instead of simply installing the package? Whoa. When did that get there? Thanks man! O.D.
Java on OpenBSD 5.3
Hi, Anybody managed to build /usr/ports/devel/jdk on OpenBSD 5.3? Getting a rather nasty compile error here on amd64, was wondering if maybe someone could help? Tried asking on the ports mailinglist as well as reaching out to the port maintainer but no luck. http://pastie.org/8155843 O.D.
Re: Java on OpenBSD 5.3
On 19. juli 2013 at 3:17 PM, Matthew Dempsky matt...@dempsky.org wrote: write error? Did you run out of disk space? Nope, plenty of disk space left in /usr/local (my ports are in /usr/local/ports). % df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 985M 50.8M885M 5%/ /dev/wd0k 9.2G434M8.3G 5%/home /dev/wd0d 1.5G 12.0K1.5G 0%/tmp /dev/wd0f 1.8G404M1.3G24%/usr /dev/wd0g 1005M192M763M20%/usr/X11R6 /dev/wd0h 3.7G1.8G1.7G52%/usr/local /dev/wd0j 2.0G2.0K1.9G 0%/usr/obj /dev/wd0i 1.3G2.0K1.3G 0%/usr/src /dev/wd0e 2.4G 77.5M2.2G 3%/var O.D. On Fri, Jul 19, 2013 at 7:55 AM, openda...@hushmail.com wrote: Hi, Anybody managed to build /usr/ports/devel/jdk on OpenBSD 5.3? Getting a rather nasty compile error here on amd64, was wondering if maybe someone could help? Tried asking on the ports mailinglist as well as reaching out to the port maintainer but no luck. http://pastie.org/8155843 O.D.
Re: Snort vs Suricata
On 11. juli 2013 at 9:23 PM, Chris Cappuccio ch...@nmedia.net wrote: Anybody have any thoughts on Snort vs Suricata? Code quality is going to be a big question with the new one, as it always has been with Snort (does running this utility open up a new attack vector on your network) Yeah, good point. Also, how important is it to use an IDS if you run a server that hosts a popular website? Depends on how well you configure the IDS and how well you monitor it (and if you know what to even look for...) Maybe Snorby can help with that? https://github.com/Snorby/snorby I'm reading here (http://www.aldeid.com/wiki/Suricata-vs-snort): Suricata offers new features that Snort could implement in the future: multi-threading support, capture accelerators [...snip...] One advantage Suricata has is its ability to understand level 7 of the OSI model, which enhances its ability of detecting malwares. Suricata has demonstrated that it is far more efficient than Snort for detecting malwares, viruses and shellcodes. Snort is different, I don't see why you expect that it will suddenly become equivalent. Both are supposed to help you detect intrusions so in that sense I guess they're the same? For high-speed capture and analysis, a dedicated box with netmap is much better for tools like this. I think i should finish the port that I was working on :) Which one, /usr/ports/security/suricata? O.D.
Re: Management of pf.conf
Hi, I use Capistrano (http://www.capistranorb.com/) in a super simple Rails app with similar schematics to the ones provided by Jummo. O.D. On 11. juli 2013 at 1:41 PM, Andy a...@brandwatch.com wrote: Hi, I use 'puppet' for this to manage over 20 OpenBSD firewalls now. I don't know how I would manage without it to be honest ;) Puppet manages all my pf's (by simply defining multiple files, each containing different common parts for different zones/roles etc, and then site specific files etc. Using puppet to 'include' each of the different parts as necessary, I only have to maintain one code base in git, make one change to just the one appropriate file, and then push out that pf change to every single/or group of firewalls using puppet to do the leg work. This provides control and 'standardisation' across everything :) I also use it to manage, and deploy many various different daemons including Snort etc which signals alerts via syslog to a central OSSIM server for event correlation. Anyway, the main point I'm suggesting is it sounds like you need a change control and deployment system like puppet if you have that many and are growing. It took me about 4 or 5 months to develop a complete puppet code base which manages every aspect of our OpenbSD firewalls, and as a result I can now keep up with change requests and deploy to the entire fleet in a matter of minutes without getting myself in a tangle trying to remember everything/special cases, and most importantly get close to the holly grail of 'standardisation' and 'normalisation' ;) https://puppetlabs.com/ http://projects.puppetlabs.com/projects/1/wiki/Puppet_Books Hope this helps, Andrew Lemin On Thu 11 Jul 2013 12:18:13 BST, Jummo wrote: Hi, How do you manage your pf.conf? My setup: I have 9 firewalls with carp and each with around 500 lines of pf.conf, except one firewall, later more. I edit the pf.conf manually. Every logical pf rule has a unique identifier (a number) which I add manually and maps to the rule on a wiki page. The wiki page has this format. START WIKI PAGE === Firewall This firewall is for ... == ID A ID identify one or more rules for a particular service. Please use the next free ID. Last used ID: 21 == Changelog No | Date | Action | Executed by == Tables Table | Content == NAT/Redirection ID | Description | Source | Port | Destination | Port | NAT-To | Redirect-To | Protocol | Date == Rules ID | Description | Direction (outgoing/incoming/forwarded) | Source | Port | Destination | Port | Protocol | Date END WIKI PAGE I use a script to manually copy the changed pf.conf to the corresponding carp partner to keep the firewall pair in sync. Idea: To check the sync state of pf.conf, Icinga cloud compare the file date of the two pf.conf. This works quiet good for me and my firewalls with one exception, my big fat central router/firewall. This firewall has around 2000 lines of pf.conf, is attached with 12 VLAN interfaces and get slowly unmanageable with this concept. How to you manage such big firewalls? Do you split the pf.conf into logical parts? Do you use a base structure for every pf.conf? Do you use a tool for automatic creation of pf.conf? How do you tests your old rules after you changed something? I'm happy about any feedback. Best Regards, Patrick
Snort vs Suricata
Hi, Anybody have any thoughts on Snort vs Suricata? Also, how important is it to use an IDS if you run a server that hosts a popular website? I'm reading here (http://www.aldeid.com/wiki/Suricata-vs-snort): Suricata offers new features that Snort could implement in the future: multi-threading support, capture accelerators [...snip...] One advantage Suricata has is its ability to understand level 7 of the OSI model, which enhances its ability of detecting malwares. Suricata has demonstrated that it is far more efficient than Snort for detecting malwares, viruses and shellcodes. O.D.
Re: new topic: blind support for OpenBSD.
The ironic thing is that OpenBSD is being widely used in the world's largest tissue engineering labs -- which, and as crazy as it might seem, should be able to generate new eyes for blind people (based on their existing cells) in 5-10 years from now. O.D. On 7. juli 2013 at 11:41 AM, ropers rop...@gmail.com wrote: You could try buying a USB-to-serial adapter or two. Simpler ones aren't that expensive. These generally have limitations for technical/electrical reasons: E.g. some serial devices may expect to be able to draw more juice than USB ports have. The gold standard would be an optically isolated adapter with transient voltage suppressors and an independent power supply – but using even a simple one just for console redirection ought to work. Ought to. I haven't actually tried this and I do not currently own a USB-to-serial adapter. Anyway, you would stick one of these into your laptop and then connect a null modem cable from that to another computer that has a serial port. If your desktop computer doesn't have a serial port (WTF? I've never heard of that.), then you could do the same thing in reverse with another USB-to-serial adapter. Once you have the console redirected to serial, you could use a terminal emulator in connection with a screen reader to actually read that console output to you on the other computer at the other end of the cable. To be really good for you, this might however require a change in the installer: Maybe the Change the default console to com0? question could be moved up or duplicated, i.e. it would be asked very early on, pretty much as the first installer question, and there would take effect immediately, and maybe beep as well when asked. This would be a change to the installer (that I can't submit), but it oughtn't really take up that much additional space on the boot floppy. I admit this is idle speculation from an almost good-for-nothing hanger-on, but I thought I'd share these ideas; maybe they'll end up actually helping you. I know this would be relying on you retrofitting legacy tech (RS232), and I admit that the inclusion of full-on native screen reader and Braille terminal support in some installer USB stick might be easier for you, but in terms of the least effort overall to get something that works, the console redirection might be easier overall, since building and maintaining an all-singing, all-dancing USB stick installer with all that good stuff included (and vetted for vulnerabilities) would be a lot more additional work. Good luck! ropers On 7 July 2013 04:43, eric oyen eric.o...@gmail.com wrote: what hardware? my laptop machine. also, its new enough that the only serial it has is USB (which, as far as I know, doesn't support sserial redirection). I also have a desktop machine and its new enough not to have any classic serial ports either. so, no redirection there either. and since there is no way for me to actually tell when it boots, getting to a login prompt and then redirecting the screen output is not entirely possible without someone sitting right there to tell me whats going on. This isn't anything like the old sparc pizza boxes where you could do this at the outset and actually have it work the first time. anyway, thats the rub for me. I like the OS, but this is the show stopper for me. -eric On Jul 6, 2013, at 5:49 PM, Alexander Hall wrote: Letting the installer redirect the console to com0 does not cut it? What hardware are we talking about? /Alexander
Re: Why I abandoned OpenBSD, and why you should too...
On 5. juli 2013 at 6:49 AM, Luca Ferrari fluca1...@infinito.it wrote: Uhm...and I guess OpenBSD is feeling the same for abandoning you ;)! I believe people, from time to time, should try to read source code and track the development. It will remove this stupid messages. No it won't. Stop talking shit man. O.D.
Re: Why I abandoned OpenBSD, and why you should too...
On 5. juli 2013 at 4:30 AM, Tito Mari Francis Escaño titomarifran...@gmail.com wrote: [...snip...] Can't you tell by the way he wrote that that he's just a kid (or an uneducated adult)? I oughta smack y'all faces in for even replying to this shit. O.D.
Re: Why I abandoned OpenBSD, and why you should too...
On 5. juli 2013 at 4:59 AM, eric oyen eric.o...@gmail.com wrote: My only problem (and it seems none of the devs really understand this) is that I must have sighted assistance to install and initially configure the OS. What do you mean sighted assistance? O.D.
Re: Why I abandoned OpenBSD, and why you should too...
On 5. juli 2013 at 5:13 AM, Marc Espie es...@nerim.net wrote: I actually, no, we don't. You're not anybody I've ever heard of, and your opinion doesn't matter. I have no particular reason to trust you. They said the same of Edward Snowden you know. Now, I read your hilarious email. You have real crackpot talent, you should go on a show with the Bogdanof and various other crackpots from other the world. That would certainly be funnier than a lot of reality television out there. I don't get the reference. I take it you watch a lot of reality television? O.D.
Re: Why I abandoned OpenBSD, and why you should too...
On 5. juli 2013 at 5:31 AM, Jean-Francois Simon jfsimon1...@gmail.com wrote: May I understand you U go for Microsoft instead ? That would be great idea, they are said to be free from backdoors. Sorry France is in the house y'all. O.D.