Re: how to properly rebuild or delete crypto softraid?
> On 2017-12-15, Stuart wrote: > You can use dd to write zeroes over the start of the device to overwrite > the partition table and disklabel, I'm not surehow far you have to go > but would expect "dd if=/dev/zero of=/dev/rsdXc bs=1m count=8" to do > the trick (with the correct disk number here ^ obviously). .. Hi, In the past I thought the principle was that you wipe the disklabel by overwriting the first megabyte (bs=1m count=1). What is the safe practice really, 1MB or 8MB? Tinker
Re: 18-year-old laptop "Compaq Armada 1750" still works fine ...
Hi Jens, On 2017-12-03 19:24:48 +0100 Jens A. Griepentrogwrote: OpenBSD 6.2 (GENERIC) #1: Fri Dec 1 12:00:30 CET 2017 r...@syspatch-62-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Celeron ("GenuineIntel" 686-class, 256KB L2 cache) 366 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF real mem = 200785920 (191MB) avail mem = 182915072 (174MB) mpath0 at root <...> rl0 at cardbus0 dev 0 function 0 "Realtek 8139" rev 0x10: irq 11, address 00:19:e0:18:0c:fe rlphy0 at rl0 phy 0: RTL internal PHY root on wd0a (98c8f8a7f56949dd.a) swap on wd0b dump on wd0b That is cool.. BSD rocks, doesn't it? At least OpenBSD and NetBSD are still very capable here. Question: how do you configure your network and does it work? I just upgraded a similar vintage ThinkPad from 6.1 to 6.2 and network stopped working after the upgrade, both using a Wired and a Wiredless card: can get an IP address, but not ping even a local address. I did not make a report yet because getting a dmesg and more information is a bit cumbersome, so just curious how it i for you. You have your network card on cardbus like me. Riccardo
Re: What would you like to see in upcoming PF tutorials?
On 12/15/17 15:11, Steve Litt wrote: > a pretty good job of it, but is very lacking in explanations. Tutorials > are for people who currently know nothing, so a word by word > explanation should be given for both of these lines: > > * match out on egress inet nat-to ($ext_if) > * pass proto tcp from { self, $int_if:network } > > There are many other places needing explanations. If you could include > a few diagrams to make the point, that would help immensely. Keep in mind that those are the slides only, those participating in the session will hear a fuller explanation and have the option to interrupt us with questions or even start discussions. I do know of a PF presentation that was by increments turned into a book, but this presentation is not quite at that stage yet (though you never know what might happen at some point in the future). The book is still reasonably useful, I hear ;) - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: What would you like to see in upcoming PF tutorials?
On Thu, 14 Dec 2017 21:27:17 +0100 "Peter N. M. Hansteen"wrote: > We're in the process of preparing for upcoming conferences with > updates to the ever-in-progress PF tutorial. > > If you have thoughts on what you would like to see in a tutorial > session and would like to share them either with me or the list, we > would love to hear from you. I'd love to see a step by step creation of a NATting firewall, with exact explanations of each step. I'd like to see a version with IPV4 on the Internet side, and one with IPV6 on the Internet side. https://home.nuug.no/~peter/pftutorial/ does a pretty good job of it, but is very lacking in explanations. Tutorials are for people who currently know nothing, so a word by word explanation should be given for both of these lines: * match out on egress inet nat-to ($ext_if) * pass proto tcp from { self, $int_if:network } There are many other places needing explanations. If you could include a few diagrams to make the point, that would help immensely. SteveT Steve Litt December 2017 featured book: Thriving in Tough Times http://www.troubleshooters.com/thrive
OpenBSD Foundation on HTTPS
Hello, Just noticed that the: http://www.openbsdfoundation.org/ doesn't supports HTTPS, while in 2017 Dec, ~70% of the websites does: https://letsencrypt.org/stats/#percent-pageloads Can we have HTTPS for the OpenBSD Foundation? Which Official OpenBSD related domain hasn't got HTTPS yet? I whish you happy holidays and again, Thanks for all the work! BTW, wow: https://www.reddit.com/r/Bitcoin/comments/7jj0oa/im_donating_5057_btc_to_charitable_causes/dr6q6tj/?context=3
Re: how to properly rebuild or delete crypto softraid?
On 2017-12-13, soko.ticawrote: > I have successfully built an encrypted bootable usb according to the > instructions https://www.openbsd.org/faq/faq14.html#softraidFDE > > After booting successfully several times, the device went to ddb after I > installed chrome without previously adding xfonts during the install. > Subsuequent attempts to boot were unsuccessfull. > > I have erased partitions by disklabel and fdisk and tried to repeat the > installation process. However, the encrypted raid device appeared and I was > able to unlock it by the same passphrase, so I ceased the installation. > > Is it possible to delete the crypto raid properly at this stage? Should I > tri to rebuild it? > > Any advice is appreciated. > > Thanks in advance. > You can use dd to write zeroes over the start of the device to overwrite the partition table and disklabel, I'm not surehow far you have to go but would expect "dd if=/dev/zero of=/dev/rsdXc bs=1m count=8" to do the trick (with the correct disk number here ^ obviously). No idea why it would have gone to ddb, your report is very lacking in information!
Re: Suggestions home server
I am considering buying a not so expensive home server. [snip] This might be a bit above "not so expensive" (~1,200), but I've been running this at home for just under a year and have been very pleased: http://www.supermicro.com/products/system/midtower/5028/sys-5028d-tn4t.cfm Caveat: I'm running SmartOS on the metal and OpenBSD (and other OSs) in zones/KVM. ---Alex
Re: Suggestions home server
On 14/12/17 20:40, Peter N. M. Hansteen wrote: On Thu, Dec 14, 2017 at 07:23:51PM +0100, Oliver Marugg wrote: The HPE Gen10 MicroServer (but BIOS only with contract or under warranty) could be as a possible solution (does anyone using it with OpenBSD?). The Gen8 works fine once you set the disk controller to plain SATA mode instead of the default hardware raid mode. Haven't had a chance to try the newer versions, but I wouldn't expect any trouble Unfortunately it's barely more powerful and the Marvell RAID/S-ATA controller seems to be really buggy on opensource OSes. And no iLO. It's closer to the G7 than the G8 in design. At least it does 32Gb of ram. Next step up is the Supermicro, but it's also a step up in budget : https://www.supermicro.com/products/system/midtower/5028/SYS-5028D-TN4T.cfm 128Gb of ram, and a Xeon-D 1541 included. It can be boosted to a Xeon 1567 for 4 extra cores. I decided to boost my MicroServer G8 to the max whilst I save up for the SuperMicro... Noth