Limiting CPU to a process or process group?
Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Limiting CPU to a process or process group?
On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description.
Zend Optimizer with apache and php5 on 4.2
Hi all, I want use Zend optimizer with apache and php5. I downloaded ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend website (latest version is only for 3.4) and unpacked archive and copied PHP module from /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so I put lines below to php.ini ;zend_optimizer.optimization_level=15 zend_extension=/var/www/lib/ZendOptimizer.so Module not loading :( # php -v Failed loading /var/www/lib/ZendOptimizer.so: Cannot load specified object PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Is it possible run Zend optimizer with -current or 4.2 ? Please give a bit instructions how make it workable. -- Best regards, Evgeniy mailto:[EMAIL PROTECTED]
Re: facts about OpenBSD
Joe [EMAIL PROTECTED] writes: # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. You should create your own binaries if you want secure binaries. He's also conveniently forgetting about the MD5 sums, conveniently provided in a file called MD5 along with the installables. IMO 'signed binaries' is an overhyped buzzword. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: facts about OpenBSD
Nikns Siankin [EMAIL PROTECTED] writes: When we will meet in Riga, I will like to hear from you explanation, how does putting md5 checksum file *along* with installables on the same vulnerable channel, helps to make sure, that they are not backdoored ;] you don't have to wait that long. fetch the files from different mirrors. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: facts about OpenBSD
On Mon, Jan 14, 2008 at 12:11:13PM +0100, Peter N. M. Hansteen wrote: Joe [EMAIL PROTECTED] writes: # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. You should create your own binaries if you want secure binaries. He's also conveniently forgetting about the MD5 sums, conveniently provided in a file called MD5 along with the installables. IMO 'signed binaries' is an overhyped buzzword. When we will meet in Riga, I will like to hear from you explanation, how does putting md5 checksum file *along* with installables on the same vulnerable channel, helps to make sure, that they are not backdoored ;] -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Limiting CPU to a process or process group?
On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: facts about OpenBSD
On Mon, Jan 14, 2008 at 01:14:07PM +0100, Peter N. M. Hansteen wrote: Nikns Siankin [EMAIL PROTECTED] writes: When we will meet in Riga, I will like to hear from you explanation, how does putting md5 checksum file *along* with installables on the same vulnerable channel, helps to make sure, that they are not backdoored ;] you don't have to wait that long. fetch the files from different mirrors. hahaha. yeah. different vulnerable mirror, while I'm MITM'ing your ISP. see ya -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: facts about OpenBSD
Nikns Siankin P=P0P?P8QP0: On Mon, Jan 14, 2008 at 01:14:07PM +0100, Peter N. M. Hansteen wrote: Nikns Siankin [EMAIL PROTECTED] writes: When we will meet in Riga, I will like to hear from you explanation, how does putting md5 checksum file *along* with installables on the same vulnerable channel, helps to make sure, that they are not backdoored ;] you don't have to wait that long. fetch the files from different mirrors. hahaha. yeah. different vulnerable mirror, while I'm MITM'ing your ISP. see ya -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. Go buy the CD set, Mr. Security - or you don't trust the postman either? Now - seriuosly - let's stop all the shit. The misc@ has been 99% flame these days... Regards, Doichin
Re: Limiting CPU to a process or process group?
On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK Yes, you are right. It is also possible to set a priority for a process in a login class. From login.conf(5) priority number Initial priority (nice) level. This is not exactly what you want, but it is pretty close. I am curious why do you want to set an exact limit and not let the scheduler do this for you?
Re: facts about OpenBSD
Nikns Siankin [EMAIL PROTECTED] writes: hahaha. yeah. different vulnerable mirror, while I'm MITM'ing your ISP. see ya the other option of course is to just buy the CDs. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
pflogd -p problems
Hello, I'm running current (a few days old). I would like to log some traffic to the pflog1 interface. Everything works fine except a problem with pflogd and the -p switch. I use the following as default: 1) pflogd -s 116 -i pflog0 -f /var/log/pflog The process is: $ cat /var/run/pflogd.pid 9293 Everything is fine here! Now, I would like to use the following for the pflog1 interface: 1) pflogd -s 116 -i pflog1 -f /var/log/pflog1 -p /var/log/pflogd1.pid But the -p switch doesn't work -p /var/log/pflogd1.pid, pflogd does not write the PID to pflogd1.pid ... sudo cat /var/run/pflogd1.pid returns nothing. It looks like -p is simply ignored. The (old/previous) PID file is still the same which is actually normal ... but just in case ...: $ sudo cat /var/run/pflogd.pid 9293 Here is the output of pstree: $ pstree -s pflogd -w -+= 1 root /sbin/init |-+= 09293 root pflogd: [priv] (pflogd) | \--- 18342 _pflogd pflogd: [running] -s 116 -i pflog0 -f /var/log/pflog (pflogd) \-+= 19480 root pflogd: [priv] (pflogd) \--- 19710 _pflogd pflogd: [running] -s 116 -i pflog1 -f /var/log/pflog1 (pflogd) I'm not a specialist and may be I overlooked something. How can I make this to work: pflogd -s 116 -i pflog1 -f /var/log/pflog1 -p /var/log/pflogd1.pid Thanks a lot!!! Didier
XING ağıma davet
Merhaba, Sizi XING C'evreme davet etmek isterim! Kararlar sC6zkonusu olduDunda iliEkiler gittikC'e daha C'ok C6nem kazanD1yor. XING Czerinden iliEkileri gCncel tutmak, geliEtirmek ve onlardan yararlanmak C'ok kolay. D0liEkilerim arasD1nda sizi de gC6rebilirsem memnun olurum. Candan selamlar MUSTAFA MESUT NEBD0ODLU --- MUSTAFA MESUT NEBD0ODLU sizi XING platformundaki aDD1na davet ediyor: http://www.xing.com/go/inv/14755969.b7b977 ArtD1k XING davetiyesi almak istemiyorum: http://www.xing.com/go/opt_out_invite/U2FsdGVkX189MreMiOactwZkxsirJ91rhN0iRZtqGybJ8zTEZPv2Yg
Re: Limiting CPU to a process or process group?
On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK Yes, you are right. It is also possible to set a priority for a process in a login class. From login.conf(5) priority number Initial priority (nice) level. This is not exactly what you want, but it is pretty close. I am curious why do you want to set an exact limit and not let the scheduler do this for you? As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). Maybe no-one has these kind of requirements? Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: cwm: root window unavailable
On Sat, Jan 12, 2008 at 08:32:50PM +0100, Martin Toft wrote: Hi, when starting X (and thereby cwm due to my .xinitrc), I get the following error: cwm: root window unavailable - perhaps another wm is running? It happens right after boot up, where I'm sure no other wm is running. My computer boots up without starting e.g. xdm and I type startx to launch X. For the archive: I've solved the problem. cwm echoes the error message above and terminates if xbindkeys is running. My solution at the moment is to not use xbindkeys... Martin
Re: facts about OpenBSD
Lots of whining. Where are your diffs to fix these issues ? Oh, no wait. you want *other* people todo the work for you, its not enough that you got what they gave already you want more, you ungrateful whining dick. -- Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang. (Who does not love wine, women, and song, Remains a fool his whole life long.) -- Johann Heinrich Voss
Re: Limiting CPU to a process or process group?
On Jan 14, 2008 2:34 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK Yes, you are right. It is also possible to set a priority for a process in a login class. From login.conf(5) priority number Initial priority (nice) level. This is not exactly what you want, but it is pretty close. I am curious why do you want to set an exact limit and not let the scheduler do this for you? As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. What you describe here is exactly what you can accomplish with either nice or the priority option in login.conf. Also, I am not exactly sure what you mean with percent of CPU. Do you mean the difference of cpu time scheduled between a 'normal' process? Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). I think this is a different issue. I don't know how this can be solved. An idea might be to underclock your cpu at night. Maybe no-one has these kind of requirements? Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Software for traffic analyzer
Hi Folks, I would like to know what web traffic analyzer should I use on my network. I mean, what do you recommend. Thanks in advance. -- Joao Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: Limiting CPU to a process or process group?
On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 2:34 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. [cut sigs] Yes, you are right. It is also possible to set a priority for a process in a login class. From login.conf(5) priority number Initial priority (nice) level. This is not exactly what you want, but it is pretty close. I am curious why do you want to set an exact limit and not let the scheduler do this for you? As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. What you describe here is exactly what you can accomplish with either nice or the priority option in login.conf. Also, I am not exactly sure what you mean with percent of CPU. Do you mean the difference of cpu time scheduled between a 'normal' process? It is not quite the same because a process, even running at niceness level 20, will grab as much CPU as it can (unless it has to wait for data). What I mean is what I wrote in my first email: For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). I think this is a different issue. I don't know how this can be solved. An idea might be to underclock your cpu at night. Yes, I could sysctl -w hw.setperf=0 or something like that on my SpeedStep'able CPU, but with hw.setperf=0, a process still have the possibility to get 100% of the CPU. It will be a slower CPU, but it's still not limiting the process to use only a fraction of the CPU at any instance in time. Again, maybe no-one has these kind of requirements in real life? Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: cwm: root window unavailable
On Jan 14 14:55:32, Martin Toft wrote: On Sat, Jan 12, 2008 at 08:32:50PM +0100, Martin Toft wrote: when starting X (and thereby cwm due to my .xinitrc), I get the following error: cwm: root window unavailable - perhaps another wm is running? cwm echoes the error message above and terminates if xbindkeys is running. My solution at the moment is to not use xbindkeys... This is strange. I am running xbindkeys and it never bothered cwm (or any other WM). This is my ~/.xinitrc: --- cut - #!/bin/sh xset -b -c dpms 300 600 900 m 4 100 r rate 400 30 s off xsetroot -solid black xrdb $HOME/.Xresources xbindkeys setxkbmap -rules xorg -model pc105 -layout us,cz \ -option grp:shifts_toggle,grp_led:scroll exec cwm --- cut - What exactly is yours? In particular, how are you launching xbindkeys? I really doubt xbindkeys would be causing it. Looking at the source, if (Starting e-error_code == BadAccess e-request_code == X_GrabKey) errx(1, root window unavailable - perhaps another wm is running?); is the only place where the message appears. What exactly is a BadAccess when trying to X_GrabKey? Jan
Re: Limiting CPU to a process or process group?
2008/1/14, Andreas Kahari [EMAIL PROTECTED]: What I mean is what I wrote in my first email: For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. This not possible in OpenBSD (and AFAIK no Unix scheduler does that). Best Martin
Re: [Fwd: Open-Hardware]
On Sun, Jan 06, 2008 at 01:10:01PM -0500, Richard Stallman wrote: If users don't normally install microcode in the CPU, then ethically it may as well be a circuit. It is not built as a circuit, but that's a different question. That may as well be an ethically confusing sentence. If users don't normally install ice cream in the banana, then ethically it may as well be a fruit. Oh My Gnu!... We shall not endorse restaurants which serve pre-compiled banana split for dessert to innocent guests when those guests ask for it, unless the restaurant provides them with the complete recipe and all ingredients!
Re: Bluetooth on 4.2
On Sun, Jan 13, 2008 at 03:20:46AM +, Wim Lewis wrote: How much should I expect Bluetooth to be working on OBSD 4.2? I can get some things to work, but I can't successfully open an RFCOMM connecton. The ubt(4) driver was fixed in -current, -r1.10 of sys/dev/usb/ubt.c. Uwe
Re: Limiting CPU to a process or process group?
On Mon, Jan 14, 2008 at 04:10:12PM +0100, Martin Schr?der wrote: | 2008/1/14, Andreas Kahari [EMAIL PROTECTED]: | What I mean is what I wrote in my first email: For example, I would | want the build of the qt4 port to use a maximum of 25% of the | available CPU, leaving the CPU 75% idle if nothing else is happening | on the machine. | | This not possible in OpenBSD (and AFAIK no Unix scheduler does that). The best you can get is on an SMP system consuming 100% of 1 CPU, in effect consuming only 50% (or 25% or whatever) of all available cpu cycles, but this is cheating as it's not really doing what you want. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: pflogd -p problems
On Mon 2008.01.14 at 14:17 +0100, Didier Wiroth wrote: How can I make this to work: pflogd -s 116 -i pflog1 -f /var/log/pflog1 -p /var/log/pflogd1.pid you want: pflogd -s 116 -i pflog1 -f /var/log/pflog1 -p pflogd1 which will write /var/run/pflogd1.pid .
Re: Limiting CPU to a process or process group?
On Jan 14, 2008 9:27 AM, Andreas Kahari [EMAIL PROTECTED] wrote: It is not quite the same because a process, even running at niceness level 20, will grab as much CPU as it can (unless it has to wait for data). What I mean is what I wrote in my first email: For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. This is impossible in OpenBSD, and afaik it's also impossible in any other *nix. Just curious: why would you want the cpu to stay 75% idle when nothing else is running? What you're specifically asking for is impossible, but I believe what you want is possible (and quite common). Again, maybe no-one has these kind of requirements in real life? Some of us have some very similar requirements, but we accomplish them differently. For example, to keep firefox from bringing my box to a crawl, I'll usually run it with a priority (nice) much lower than normal. When I'm not doing anything else, firefox still uses nearly 100% of the cpu, but that's only because *nothing* else is running. When I alt-tab over to an xterm and kick-off a large compile (or something of the sort), the build job will then eat up most of the cpu and firefox will be reduced to only a few percent. Bottom line: firefox doesn't slow anything else down (at least not too much), since it has a lower scheduling priority. Good use of nice(1) and renice(8) are what allows one to run processes that do not interfere (too much) with other processes, which is what I believe you are wanting. Apologies if I misunderstood you. -ryan
Re: Limiting CPU to a process or process group?
On Mon, 14 Jan 2008 16:10:12 +0100 Martin SchrC6der [EMAIL PROTECTED] wrote: 2008/1/14, Andreas Kahari [EMAIL PROTECTED]: What I mean is what I wrote in my first email: For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. This not possible in OpenBSD (and AFAIK no Unix scheduler does that). Best Martin What about Solaris or plan9? I remember those could do something tricky with CPU. Do I remember wrong or was I asleep? -- Henri Salo fgeek at hack.fi +358407705733 GPG ID: 2EA46E4F fp: 14D0 7803 BFF6 EFA0 9998 8C4B 5DFE A106 2EA4 6E4F [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Limiting CPU to a process or process group?
On Mon, Jan 14, 2008 at 01:34:13PM +, Andreas Kahari wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. Well, if firefox is set to be quite nice, then your normal user session should end up with a higher priority and you shouldn't notice that firefox has gone haywire. In this instance, you really don't have a need to keep the CPU from being at 0% idle but rather want to maintain responsiveness with other processes. This is what nice is for. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. As above. Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). What you want to do here is throttle the CPU down. Maybe no-one has these kind of requirements? On my machines, if something is going haywire its more likely that its I/O bound and regular nice doesn't help. If I want a process to plod along, I'll farm it out to a slower box, eg a P-II instead of the Athlon64. So perhaps this is your answer. Get a slow quiet box for your SETI-at-home or whatever for over night and use your main box during the day. Doug.
Re: facts about OpenBSD
On Mon, Jan 14, 2008 at 02:58:17PM +0100, Thordur I. Bjornsson wrote: Lots of whining. Where are your diffs to fix these issues ? Well, before you ask for diffs, I have to hear from devs, that these ARE considered to be issues that MUST be fixed. Until that, i can stick my diffs in your ass. Oh, no wait. you want *other* people todo the work for you, its not enough that you got what they gave already you want more, you ungrateful whining dick. -- Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang. (Who does not love wine, women, and song, Remains a fool his whole life long.) -- Johann Heinrich Voss
Re: cwm: root window unavailable
On Mon, Jan 14, 2008 at 03:54:33PM +0100, Jan Stary wrote: On Jan 14 14:55:32, Martin Toft wrote: cwm echoes the error message above and terminates if xbindkeys is running. My solution at the moment is to not use xbindkeys... This is strange. I am running xbindkeys and it never bothered cwm (or any other WM). This is my ~/.xinitrc: [snip] After a bit of poking around, I've discovered that the error only occurs if I define one or more short cuts using xbindkeys that use the same keys as the short cuts in cwm do. I guess this behaviour should be expected, even though I was confused about cwm's error message. I had this short cut for starting firefox in .xbindkeysrc: firefox control + alt + q After replacing q with b (b for browser ;-)), xbindkeys and cwm are friends again. Jan: You ask how I start xbindkeys -- if you still want to know, my .xinitrc is attached inline in my original mail. Martin
Re: Zend Optimizer with apache and php5 on 4.2
Evgeniy Sudyr schreef: Hi all, I want use Zend optimizer with apache and php5. I downloaded ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend website (latest version is only for 3.4) and unpacked archive and copied PHP module from /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so I put lines below to php.ini ;zend_optimizer.optimization_level=15 zend_extension=/var/www/lib/ZendOptimizer.so Module not loading :( # php -v Failed loading /var/www/lib/ZendOptimizer.so: Cannot load specified object PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Is it possible run Zend optimizer with -current or 4.2 ? Please give a bit instructions how make it workable. Zend does not care about OpenBSD. I once had contact with the Zend Optimizer devs (around 3.9 I think) and there were no plans to keep up to date. Using 3.4 is never going to work; I can tell you that much. Don't even bother trying. Look for an alternative PHP op-cache. OpenBSD includes APC in ports which works good. If you need encryption look at Ioncube they tend to be more flexible and will compile it for you on your box. Matt
Re: Zend Optimizer with apache and php5 on 4.2
Hello Evgeniy, You can try this how-to, this might work for you: Solution for ZendOptimizer to work under OpenBSD 4.1/i386 1. Download the file for OpenBSD 3.x as distributed by Zend currently ZendOptimizer-3.2.8-openbsd3.4-i386.tar.gz 2. Untar (tar -xzf ZendOpt*), and fetch the files - ZendOptimizer*/data/ZendExtensionManager.so - ZendOptimizer*/data/5_1_x_comp/ZendOptimizer.so where 5_1_x is the php you have installed 3. Put those file somewhere clean like - /var/www/lib/php/ZendExtensionManager.so - /var/www/lib/php/ZendOptimizer.so you NEED to keep the names unchanged 4. Simulate old libs (here's the magic) type in the console the following command # ln -s libm.so.2.3 /usr/lib/libm.so.1.0 Alternatively, if you don't like symlinking you can edit the binaries and change the string 'libm.so.1.0' into 'libm.so.2.3' in both of Zend*.so files - change 0x[31 2E 30] - 0x[32 2E 33] in ZendExtensionManager.so at offset 0x0720 - change 0x[31 2E 30] - 0x[32 2E 33] in ZendOptimizer.so at offset 0xCEAE 5. Edit your /var/www/conf/php.ini and add the section [Zend] zend_extension=/var/www/lib/php/ZendExtensionManager.so zend_extension=/var/www/lib/php/ZendOptimizer.so 6. Test Reboot your webserver # apachectl stop # apachectl start Write down one php page containing ? phpinfo(); ? and browse it ! - Original Message - From: Evgeniy Sudyr [EMAIL PROTECTED] To: misc@openbsd.org Sent: Monday, January 14, 2008 9:25 AM Subject: Zend Optimizer with apache and php5 on 4.2 Hi all, I want use Zend optimizer with apache and php5. I downloaded ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend website (latest version is only for 3.4) and unpacked archive and copied PHP module from /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so I put lines below to php.ini ;zend_optimizer.optimization_level=15 zend_extension=/var/www/lib/ZendOptimizer.so Module not loading :( # php -v Failed loading /var/www/lib/ZendOptimizer.so: Cannot load specified object PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Is it possible run Zend optimizer with -current or 4.2 ? Please give a bit instructions how make it workable. -- Best regards, Evgeniy mailto:[EMAIL PROTECTED]
Re: cwm: root window unavailable
On Mon, Jan 14, 2008 at 05:35:25PM +0100, Martin Toft wrote: After a bit of poking around, I've discovered that the error only occurs if I define one or more short cuts using xbindkeys that use the same keys as the short cuts in cwm do. I guess this behaviour should be expected, even though I was confused about cwm's error message. If you want to solve this (in current): either use cwm's keybinding support (it abuses symlinks right now, which is evil, but at least it works), or look into the unmap keyword. For both man 1 cwm is your friend. I may look into if there's a nicer way of dealing with this conflict. Cheers, -0- -- Learned men are the cisterns of knowledge, not the fountainheads.
Re: 7800GS + 2 monitors under 4.2-release
Just checking if anyone has made any progress thus far getting dual screens to function ? On 05/11/2007, Paulo Rodriguez [EMAIL PROTECTED] wrote: Hi misc, Just wondering about any success stories getting dual-screen/xinerama running under OpenBSD 4.2-release with nVidia cards (G73) under X. If I read correctly the necessary code for this was imported by matthieu@ after 4.2-release code was frozen, so it should be in -current. Kind regards, Paulo
spamd not un-greylisting entries?
Hello everyone, I would greatly appreciate it someone would help me diagnose this spamd problem. We've been running spamd since last October, and until this past Thursday, it was working great. I may be mistaken, but I don't think I've ever seen entries like the following before (email addresses munged intentionally): GREY|76.96.62.64|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1200331179|1200345579|1200345579|8|0 Notice that the block column count is high. In the past, I don't recall this number ever exceeding 2. Our users are now complaining that they are not receiving many expected inbound emails. My understanding is that the GREY spamdb entry should turn to WHITE upon the remote MTA's retry. No? I was troubleshooting a separate issue that required a restart of our firewall (spamd is running on the firewall and not the mail servers), and this problem popped up shortly thereafter. I have not changed anything with our pf.conf or spamd.conf that I know of, except that I've added a number of crucial mailhosts to our PF whitelist-- something I've done dozens of times before. This is on an OpenBSD 4.0 machine. Any suggestions? Many thanks, Dan
spamd not un-greylisting entries?
Hello everyone, My apologies if you get this twice-- it just occurred to me that I sent my original message out using the wrong email address. I would greatly appreciate it someone would help me diagnose this spamd problem. We've been running spamd since last October, and until this past Thursday, it was working great. I may be mistaken, but I don't think I've ever seen entries like the following before (email addresses munged intentionally): GREY|76.96.62.64|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1200331179|1200345579|1200345579|8|0 Notice that the block column count is high. In the past, I don't recall this number ever exceeding 2. Our users are now complaining that they are not receiving many expected inbound emails. My understanding is that the GREY spamdb entry should turn to WHITE upon the remote MTA's retry. No? I was troubleshooting a separate issue that required a restart of our firewall (spamd is running on the firewall and not the mail servers), and this problem popped up shortly thereafter. I have not changed anything with our pf.conf or spamd.conf that I know of, except that I've added a number of crucial mailhosts to our PF whitelist-- something I've done dozens of times before. This is on an OpenBSD 4.0 machine. Any suggestions? Many thanks, Dan
Re: Zend Optimizer with apache and php5 on 4.2
Hello Marcos, Monday, January 14, 2008, 7:18:27 PM, you wrote: Hello Evgeniy, You can try this how-to, this might work for you: Solution for ZendOptimizer to work under OpenBSD 4.1/i386 1. Download the file for OpenBSD 3.x as distributed by Zend currently ZendOptimizer-3.2.8-openbsd3.4-i386.tar.gz 2. Untar (tar -xzf ZendOpt*), and fetch the files - ZendOptimizer*/data/ZendExtensionManager.so - ZendOptimizer*/data/5_1_x_comp/ZendOptimizer.so where 5_1_x is the php you have installed 3. Put those file somewhere clean like - /var/www/lib/php/ZendExtensionManager.so - /var/www/lib/php/ZendOptimizer.so you NEED to keep the names unchanged 4. Simulate old libs (here's the magic) type in the console the following command # ln -s libm.so.2.3 /usr/lib/libm.so.1.0 Alternatively, if you don't like symlinking you can edit the binaries and change the string 'libm.so.1.0' into 'libm.so.2.3' in both of Zend*.so files - change 0x[31 2E 30] - 0x[32 2E 33] in ZendExtensionManager.so at offset 0x0720 - change 0x[31 2E 30] - 0x[32 2E 33] in ZendOptimizer.so at offset 0xCEAE 5. Edit your /var/www/conf/php.ini and add the section [Zend] zend_extension=/var/www/lib/php/ZendExtensionManager.so zend_extension=/var/www/lib/php/ZendOptimizer.so 6. Test Reboot your webserver # apachectl stop # apachectl start Write down one php page containing ? phpinfo(); ? and browse it ! - Original Message - From: Evgeniy Sudyr [EMAIL PROTECTED] To: misc@openbsd.org Sent: Monday, January 14, 2008 9:25 AM Subject: Zend Optimizer with apache and php5 on 4.2 Hi all, I want use Zend optimizer with apache and php5. I downloaded ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend website (latest version is only for 3.4) and unpacked archive and copied PHP module from /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so I put lines below to php.ini ;zend_optimizer.optimization_level=15 zend_extension=/var/www/lib/ZendOptimizer.so Module not loading :( # php -v Failed loading /var/www/lib/ZendOptimizer.so: Cannot load specified object PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38) Copyright (c) 1997-2007 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies Is it possible run Zend optimizer with -current or 4.2 ? Please give a bit instructions how make it workable. Thanks! I used this how-to but its not work for me :( -- Best regards, Evgeniymailto:[EMAIL PROTECTED]
Re: [Fwd: Open-Hardware]
I really tried resisting replying to this but this is simply too much. On Mon, Jan 14, 2008 at 06:27:24AM -0500, Richard Stallman wrote: And who controls GPL? What will you do when all GPL software and subsequent developments are kept on servers out of reach of users (BSD situation...)? You are making an extreme projection, which I doubt will happen. I am going to urge people to avoid using servers to do their own computing. I am not making an extreme projection. The FSF for all intents and purposes outlived its usefulness 10 years ago. It was reinvented to remain relevant. It'll fade away just like any other organization that has no real use anymore. Then what? To remain in power the FSF needs to collect ownership of as much software as possible. That's where things like GPLv3 come in because your organization is losing control. Retain control as long as possible! However, as regards the release of source code for those modified, we've already taken a step to deal with that. We have already published the GNU Affero GPL which deals with the issue that someone might use an improved version on a public server and never release his changes. This is such a dumb argument that I don't even know where to start. The anti-tivo argument is shallow because there is no difference between a TiVo that boots linux and a CPU that needs micro code. The they will close the code argument is 100% a farce; one can not close code, it is still out there on the mirrors; licenses can not retroactively be revoked. You have regurgitated some lame arguments on ethics however you clearly don't subscribe to them. Then you go around and claim ignorance on topics that you are supposed to be an expert on. Your arguments have therefore lost all credibility. I can go on and point out all fallacies in your arguments but I am pretty sure we have covered that ad nauseam. What will be in GPLv4? GPLv4 will be basically the same as all previous versions: it will grant the four freedoms to everyone, and protect them for everyone, as best as we can achieve. We will change only details. Those so called freedoms are covered by copyright law. You really don't need a 1 word license. The only thing you are trying to protect is the relevance of the FSF. Why more rights to the user than to the creator? By the creator, do you mean the author of a program? When the author releases a program under the GNU GPL, he gives users a subset of his legal rights. So your question is based on a misunderstanding. No it is not. Copyright takes good care of author. The GPL revokes copyright holders rights and therefore is a bad license for people authoring software. It is however a fantastic license for large corporations to give away code without giving it away. This is an awesome marketing tool. As usual your arguments are backwards. You say you protect one group but really you are protecting self interests. Why do you Balkanize the open source community without any sound reason? There is no such thing as the open source community. Open source supporters are part of the free software community, which was built by the free software movement starting in 1983. This sentence does not even make sense. If I read this correctly you are claiming 100% credit of all Open and Free software (man do I hate these made up words) efforts because you started a foundation that has something to do with FOSS. The only credit you get to claim is the fact that there was no user space available when Linus launched Linux and it filled a nice niche. There was all kinds of open/free/gratis code available long before you came up with the FSF. You got to piggy back Linus' work and the fear of the outcome of the BSD legal battle in California. You didn't do that much; you were simply lucky that at that time you had something that did something. All this grandeur that *you* did it is quite frankly delusional. You got lucky, that's it. If balkanize refers to incompatible licenses, that would not happen if everyone followed our licensing recommendations. If all free software were released under GPL version N or later, as we recommend, then all free software would be license-compatible. This is the most insulting thing you have said so far. Now you are challenging everyone's intelligence who does not agree with your license. Wow, I really thought that I had heard it all from you. I know this will sound foreign to you but are you aware that the GPL is not everyone's first choice? Are you aware that large corporations are using the GPL to pretend to be open source friendly? The GPL has a virus clause and by that definition it is a balkanizing license. People will not agree with you and by throwing a tantrum saying boohoo you should agree with my license is childish at best and power mongering for your irrelevant foundation at worst. All your code are belong to FSF!
Re: Limiting CPU to a process or process group?
On 1/14/08, Andreas Kahari [EMAIL PROTECTED] wrote: As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. nice. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. nice. Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). while true do kill -STOP pid, sleep 1; kill -CONT pid; sleep 1; done
NVidia 8800GT (not GTS or GTX) and X @ 1680x1050 not fully working?
Hi, Has anyone been able to get X (xenocara?) working properly with an nvidia 8800GT (not GTS or GTX). It worked right out of the box with my 8600GTS but so far, not the 8800GT. Would it help if I include any logs or anything specific or any recommendations as to what I can try to get full support working? TIA!
Re: spamd not un-greylisting entries?
On Mon, 14 Jan 2008, Daniel Barowy wrote: I would greatly appreciate it someone would help me diagnose this spamd problem. We've been running spamd since last October, and until this past Thursday, it was working great. I may be mistaken, but I don't think I've ever seen entries like the following before (email addresses munged intentionally): GREY|76.96.62.64|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1200331179|1200345579|1200345579|8|0 I was pressed for time, and users were beginning to revolt, so I shut down spamd, moved the /var/db/spamd and /var/log/spamd files, and started the whole thing back up again. spamd appears to be normal again, but if anyone would like to see these files, I will be happy to send them along. They're big-- we ran spamd nonstop for an entire year before we had this problem. Dan
Re: facts about OpenBSD
Nikns Siankin wrote: On Mon, Jan 14, 2008 at 02:58:17PM +0100, Thordur I. Bjornsson wrote: Lots of whining. Where are your diffs to fix these issues ? Well, before you ask for diffs, I have to hear from devs, that these ARE considered to be issues that MUST be fixed. Until that, i can stick my diffs in your ass. you are correct that some of the issues you brought up are actual shortcomings in openbsd. however, **bitching** that these are problems that need to be fixed is about as rude as you can get. a number of the issues you complained about are in the process of getting fixed, but you obviously neglected to thoroughly investigate the options. i see no reason these issues MUST be fixed (you've provided no compelling argument) only that they can and likely are being fixed. if openbsd had a steady budget of several 100K CAD per annum and more devs, your bitching might be perceived as reasonable since it would likely mean that those areas had been disproportionately or unreasonably neglected. as it stands there is only so much dev time for so many things and nobody is actively neglecting the areas you've complained about. i was just thinking about emailing volkswagen corporate HQ and bitching about how my VW is not a porsche and that they should immediately double my car's horsepower and torque, fix the suspension, refit the brakes, etc. does that seem reasonable? Oh, no wait. you want *other* people todo the work for you, its not enough that you got what they gave already you want more, you ungrateful whining dick. -- Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang. (Who does not love wine, women, and song, Remains a fool his whole life long.) -- Johann Heinrich Voss --
Re: facts about OpenBSD
On Monday 14 January 2008 11:30:11 Nikns Siankin wrote: On Mon, Jan 14, 2008 at 02:58:17PM +0100, Thordur I. Bjornsson wrote: Lots of whining. Where are your diffs to fix these issues ? Well, before you ask for diffs, I have to hear from devs, that these ARE considered to be issues that MUST be fixed. Until that, i can stick my diffs in your ass. Actually, writing something and submitting it is a very reasonable thing to do. It could solve your problem, and might help someone else. It's also educational, in that diffs need to be of high quality (ie, correct) to be accepted. --STeve Andre'
Re: [Fwd: Open-Hardware]
On 1/14/08 7:58 PM, Marco Peereboom wrote: On Mon, Jan 14, 2008 at 06:27:24AM -0500, Richard Stallman wrote: What will be in GPLv4? GPLv4 will be basically the same as all previous versions: it will grant the four freedoms to everyone, and protect them for everyone, as best as we can achieve. We will change only details. Those so called freedoms are covered by copyright law. You really don't need a 1 word license. My idea. And every new word can hide a new bug or even more, so the version count will get much higher than 4. Less code is by design the only thing that gives more clarity and security... The only thing you are trying to protect is the relevance of the FSF. It's clear that one of Richard Stallman's main goals is further Balkanizing the open source community. Divide and conquer, a primitive and mean way to proceed with this idealistic matter. Really very sad that such an influential person uses this kind of methods. But yes, you may Richard, you may. This is a BSD list, nobody here holds you with your primitive pursuit of happiness. .. [ All your code are belong to FSF! The funniest remark in this sad thread. ] +++chefren
Re: facts about OpenBSD
On Mon, Jan 14, 2008 at 01:39:15PM -0600, Jacob Yocom-Piatt wrote: you are correct that some of the issues you brought up are actual shortcomings in openbsd. however, **bitching** that these are problems that need to be fixed is about as rude as you can get. a number of the issues you complained about are in the process of getting fixed, but you obviously neglected to thoroughly investigate the options. i see no reason these issues MUST be fixed (you've provided no compelling argument) only that they can and likely are being fixed. if openbsd had a steady budget of several 100K CAD per annum and more devs, your bitching might be perceived as reasonable since it would likely mean that those areas had been disproportionately or unreasonably neglected. as it stands there is only so much dev time for so many things and nobody is actively neglecting the areas you've complained about. i was just thinking about emailing volkswagen corporate HQ and bitching about how my VW is not a porsche and that they should immediately double my car's horsepower and torque, fix the suspension, refit the brakes, etc. does that seem reasonable? If you get money from selling CDs/soft, its just clearly unfair to not support it. Yes, I'm talking about stable ports. If you claim to produce the most secure OS, you have to prove that by provaiding secure wifi encryption for masses (WPAx) and usable disk encryption design for laptops and so on... ...or let's just call it perfect wired firewall... Oh, no wait. you want *other* people todo the work for you, its not enough that you got what they gave already you want more, you ungrateful whining dick. -- Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang. (Who does not love wine, women, and song, Remains a fool his whole life long.) -- Johann Heinrich Voss --
Re: Limiting CPU to a process or process group?
Maybe it would be feasible to run your ideal user space in a virtual environment (i.e. qemu), where the guest user space thinks it can use the CPU for itself when in fact it's just 50-75% of the actual machine. On Jan 14, 2008 10:27 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 2:34 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 1:30 PM, Andreas Kahari [EMAIL PROTECTED] wrote: On 14/01/2008, Alexander Schrijver [EMAIL PROTECTED] wrote: On Jan 14, 2008 11:52 AM, Andreas Kahari [EMAIL PROTECTED] wrote: Hi, Is there a way of limiting the amount of CPU given to a particular process or process group? For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. I know about 'nice', but it doesn't fulfil the criteria that the machine is left otherwise idle if nothing else runs on it. I don't have a real reason for why I would want to do this, I'm mainly curious as to if it's possible. [cut] I have never done this myself, but I believe this is possible by creating a login class in /etc/login.conf and set the cputime option. See login.conf(5) for a better description. Hi Alexander, I believe that the cputime resource limit will limit the maximum amount of CPU time that the user may use in a session, which is not really what I asked for. I'd like the process or process group to run for as long as it needs to run, but that it only ever uses a fraction of the CPU power. It's like limiting the network bandwidth for a particular type of traffic, only this is about time on the CPU. [cut sigs] Yes, you are right. It is also possible to set a priority for a process in a login class. From login.conf(5) priority number Initial priority (nice) level. This is not exactly what you want, but it is pretty close. I am curious why do you want to set an exact limit and not let the scheduler do this for you? As I said, I don't have a good reason for wanting to do this. It just seemed like something someone might want to do. But let me dream up three examples: Sometimes firefox (or whatever program) goes a bit haywire and brings the machine to a crawl. It would be nice to limit firefox's CPU to a maximum of, say, 50% so that I'm guaranteed to have 50% of the machine to work with. Another example: Let's say I'm rebuilding the kernel, base system, and all my packages after a major update from CVS after a long time away. I'm not worried about how long this takes so I'm quite happy to run the build at 5% of the CPU while I get on with my work. What you describe here is exactly what you can accomplish with either nice or the priority option in login.conf. Also, I am not exactly sure what you mean with percent of CPU. Do you mean the difference of cpu time scheduled between a 'normal' process? It is not quite the same because a process, even running at niceness level 20, will grab as much CPU as it can (unless it has to wait for data). What I mean is what I wrote in my first email: For example, I would want the build of the qt4 port to use a maximum of 25% of the available CPU, leaving the CPU 75% idle if nothing else is happening on the machine. Third example, similar to the last one: I'm running a distributed.net or SETI-at-home client in the background, but I don't ever want it to run at 100% of the CPU, maybe because that would make the machine too noisy during the night (due to the fans). I think this is a different issue. I don't know how this can be solved. An idea might be to underclock your cpu at night. Yes, I could sysctl -w hw.setperf=0 or something like that on my SpeedStep'able CPU, but with hw.setperf=0, a process still have the possibility to get 100% of the CPU. It will be a slower CPU, but it's still not limiting the process to use only a fraction of the CPU at any instance in time. Again, maybe no-one has these kind of requirements in real life? Regards, Andreas -- Andreas Kahari Somewhere in the general Cambridge area, UK -- Tito Mari Francis H. EscaC1o Computer Engineer and Free Software Proponent
Re: facts about OpenBSD
On 1/14/08, Nikns Siankin [EMAIL PROTECTED] wrote: Well, before you ask for diffs, I have to hear from devs, that these ARE considered to be issues that MUST be fixed. they are not issues that must be fixed.
Re: facts about OpenBSD
On Jan 14, 2008 10:09 PM, Nikns Siankin [EMAIL PROTECTED] wrote: On Mon, Jan 14, 2008 at 01:39:15PM -0600, Jacob Yocom-Piatt wrote: you are correct that some of the issues you brought up are actual shortcomings in openbsd. however, **bitching** that these are problems that need to be fixed is about as rude as you can get. a number of the issues you complained about are in the process of getting fixed, but you obviously neglected to thoroughly investigate the options. i see no reason these issues MUST be fixed (you've provided no compelling argument) only that they can and likely are being fixed. if openbsd had a steady budget of several 100K CAD per annum and more devs, your bitching might be perceived as reasonable since it would likely mean that those areas had been disproportionately or unreasonably neglected. as it stands there is only so much dev time for so many things and nobody is actively neglecting the areas you've complained about. i was just thinking about emailing volkswagen corporate HQ and bitching about how my VW is not a porsche and that they should immediately double my car's horsepower and torque, fix the suspension, refit the brakes, etc. does that seem reasonable? If you get money from selling CDs/soft, its just clearly unfair to not support it. Yes, I'm talking about stable ports. If you claim to produce the most secure OS, you have to prove that by Cam you prove that another OS is more secure? provaiding secure wifi encryption for masses (WPAx) and usable disk encryption design for laptops and so on... ...or let's just call it perfect wired firewall... Less talking. More coding. kthnkbye Oh, no wait. you want *other* people todo the work for you, its not enough that you got what they gave already you want more, you ungrateful whining dick. -- Wer nicht liebt Wein, Weib und Gesang / Der bleibt ein Narr sein Lebelang. (Who does not love wine, women, and song, Remains a fool his whole life long.) -- Johann Heinrich Voss --
Re: Limiting CPU to a process or process group?
I think what you're referring to is called process accounting. I don't know about OpenBSD's support for this, though. RJ
Re: facts about OpenBSD
On Jan 14, 2008, at 12:09 PM, Nikns Siankin wrote: If you get money from selling CDs/soft, its just clearly unfair to not support it. Yes, I'm talking about stable ports. Actually, the OpenBSD OS is supported. Your argument is pointless. Stable ports are NOT supported because, well, it's not really part of the OS. If you want stable ports, build it all yourself, for the architectures you need. If you really think they're so important, donate hardware to OpenBSD, and create your own position in the ranks of various devs. Bitching and whining get you nothing. If you claim to produce the most secure OS, you have to prove that by provaiding secure wifi encryption for masses (WPAx) and usable disk encryption design for laptops and so on... I fail to see where those features make you more secure. WPA is a clusterfuck. Wireless by its very nature is almost un-securable, even with cruft like WPA added in. If you want more secure you should look at alternate solutions (IPSec, OpenVPN, etc). And, even then, you may want to just review your code and implementation. Full disk encryption also only provides so much benefit to code complexity increase. I like OpenBSD, but if I need full disk encryption I still use vnd(4), a passphrase that's different from my account password, and mount that locally. Manually. Every time you mount the image. If you want FileVault style access, write your own login patch to handle mounting the image, and submit it. ...or let's just call it perfect wired firewall... Does quite well for me.
Re: facts about OpenBSD (FOOOLS)
On Mon, 14 Jan 2008 12:53:35 -0800 johan beisser [EMAIL PROTECTED] wrote: Bitching and whining get you nothing. When will you people stop responding to whiners like this!? He's bitching and your just bitching back. Leave the ignorant fool alone, and he will stop barking up your three! It's not that difficult!!
Re: spamd-setup hangup/timeout settings
Jason George wrote: My spamd-setup always takes 20-30 minutes on two servers (4.1 and 4.2). This is not normal? When I run it manually; most of the time is spent downloading traplist.gz You are all connecting to beck@'s machine at the University of Alberta (www.openbsd.org) ? I use the same major ISP that the U of A uses as one of its principal peers. I get timeouts, poor throughput and generally the same behaviour as mentioned above for all transfers to that site (spamd lists, snapshots, etc). It appears somebody changed something on Saturday. I had several downloads on that day timeout after 332 minutes. Since then, they are most often in 15-35 second range; never over 2 minutes. Thanks!
Re: spamd not un-greylisting entries?
Dan, The blocked while grey listed number of 8 is dependent on the amount of retries the remote mail server attempted while grey listed. Comcast servers for example will try once per minute to deliver their mail. For example, if you grey listed comcast for 25 minutes the blocked number would be around 24-26. What is your grey listed time out? By default I believe it is set at 25 minutes. (-G 25:4:864) Perhaps it is too low or too high? This is probably not your issue, but may give you a place to start. Spamd anti-spam how to (spamdb) http://calomel.org/spamd_config.html -- Calomel @ http://calomel.org Open Source Research and Reference On Mon, Jan 14, 2008 at 01:00:44PM -0500, Daniel Barowy wrote: Hello everyone, My apologies if you get this twice-- it just occurred to me that I sent my original message out using the wrong email address. I would greatly appreciate it someone would help me diagnose this spamd problem. We've been running spamd since last October, and until this past Thursday, it was working great. I may be mistaken, but I don't think I've ever seen entries like the following before (email addresses munged intentionally): GREY|76.96.62.64|[EMAIL PROTECTED]|[EMAIL PROTECTED]|1200331179|1200345579|1200345579|8|0 Notice that the block column count is high. In the past, I don't recall this number ever exceeding 2. Our users are now complaining that they are not receiving many expected inbound emails. My understanding is that the GREY spamdb entry should turn to WHITE upon the remote MTA's retry. No? I was troubleshooting a separate issue that required a restart of our firewall (spamd is running on the firewall and not the mail servers), and this problem popped up shortly thereafter. I have not changed anything with our pf.conf or spamd.conf that I know of, except that I've added a number of crucial mailhosts to our PF whitelist-- something I've done dozens of times before. This is on an OpenBSD 4.0 machine. Any suggestions? Many thanks, Dan
Need a major favor from Theo!
Hey guys!!! (with special request for Theor pls!) Theo, I need a favor big guy! (only an easy one this time, I swear to it sir! LOLSLS)! See, we have the audit happening here at the bank this time and it's causing me a lot of headaches and pains. A whiles back I replaced Cisco stuff here with OBSD and pf and OpenBPG and all that jazz because you (you = Theo) and Danny J. Harmminereater (or what everyour name is guy who wrote OepnBGP) said that is the smarty thing to do! Well, it turns out we still got some Cisco contracts open and all, and these auditors need some docs filled out by you two. It's no big deal, I swear! They just want me to sent these docs (only about twenty pages) titled Assumption of Vendor Liability off to you for you to fill out and send back. Easy as punch!!! So if you could give a an mailing address that would be swell. I promise that if you do this, I will buy a CD set this time and not take the bootlegs ISOs that Maddog releases! -- Mr. Billy B. Bilano, MSCE, CCNA, CISSP, and now QISP http://www.bilano.biz/ Expert Sysadmin Since 2003! 'C:\WINDOWS, C:\WINDOWS\GO, C:\PC\CRAWL' -- RMS
Re: Need a major favor from Theo!
http://www.encyclopediadramatica.com/Bilano Excerpt: Last name of Billy B. Bilano troll genius. Mr. Bilano posts incredibly plausible-sounding pleas for help on various alpha geek mailing lists... Is January some kind of official troll month? Why can't it be the shortest month of the year? -Ken Billy B. Bilano wrote: Hey guys!!! (with special request for Theor pls!) Theo, I need a favor big guy! (only an easy one this time, I swear to it sir! LOLSLS)! See, we have the audit happening here at the bank this time and it's causing me a lot of headaches and pains. A whiles back I replaced Cisco stuff here with OBSD and pf and OpenBPG and all that jazz because you (you = Theo) and Danny J. Harmminereater (or what everyour name is guy who wrote OepnBGP) said that is the smarty thing to do! Well, it turns out we still got some Cisco contracts open and all, and these auditors need some docs filled out by you two. It's no big deal, I swear! They just want me to sent these docs (only about twenty pages) titled Assumption of Vendor Liability off to you for you to fill out and send back. Easy as punch!!! So if you could give a an mailing address that would be swell. I promise that if you do this, I will buy a CD set this time and not take the bootlegs ISOs that Maddog releases!
Re: Limiting CPU to a process or process group?
*** Analogy: You're on a highway with a posted speed of 100 km/h. You want to operate your car and your car only 25 km/h only on the 100 km/h highway. *** And for this happy privilege, you want to impose the attendant nuisance (highway analogy), read overhead (o/s analogy), on all the other cars to have to slow behind and pass around you. Generally, a time slice is a time slice. Regardless whether you get 1 sec of every 10 sec or 100 ms of every 1 s, you're going to execute your instructions at a rate of 100% of the cpu within your time slice allocation. Now you can impose scheduler and threading overhead and discipline to make your time slices very, very fine grained so that overall at a system level it looks like 25% of a resource, but your rate of execution within your context is going to be 100%. That said and for the cited examples, the workable answer that I know of is virtual machines. Be it VMWare, XEN, solaris containers (zones), freeBSD jails, qemu(*) or to a degree dragonflybsd (vkernel(*) -- system-in-a-box running as a userland process), each has a means to say that VM(1) gets 25% of the CPU resources and the vm-engine by whatever implement will effectively do so. And you will see that seti, for example, takes 100% of its VM(1) resource but only 25% of machine as a whole, less the overhead. (*)Not used personally. And, yes, we're aware of the opines herein and about re VM. /S -Original Message- From: Andreas Kahari [EMAIL PROTECTED] To: Alexander Schrijver [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: Limiting CPU to a process or process group? Date: Mon, 14 Jan 2008 14:27:33 +
Re: [Fwd: Open-Hardware]
On 01/14/08 12:27, Richard Stallman wrote: And who controls GPL? What will you do when all GPL software and subsequent developments are kept on servers out of reach of users (BSD situation...)? You are making an extreme projection, which I doubt will happen. I see more revenue from our services, where we keep up servers for others, every moment. People who bought servers from us in the past would love to hire them, and yes yes yes, with maintenance. I am going to urge people to avoid using servers to do their own computing. You need programs for that, most new programs are offered as web services, out of reach of your GPLv0/1/2/3. .. What will be in GPLv4? GPLv4 will be basically the same as all previous versions: it will grant the four freedoms to everyone, and protect them for everyone, as best as we can achieve. We will change only details. If I read and read between the lines you clearly admit you are not satisfied with the current GPLvX more restrictions will follow. If I see your first line above I understand, but maybe better to ask it directly: How come you cannot fix a license for once and for all? I admit the BSD license has changed somewhat in time, it became =less= restrictive. You clearly want more restrictions. Am I right that it could end with the FSF looking over the shoulder of anybody who uses GPL to see if something is changed or added while being used for a third party? I presume you would love it if also scripts that connect GPLvX programs will automatically be GPLvX too? Why more rights to the user than to the creator? By the creator, do you mean the author of a program? Yes, or the creator of a change or extra line to a program. Someone who creates something in general. Preferable pushing the edge! When the author releases a program under the GNU GPL, he gives users a subset of his legal rights. So your question is based on a misunderstanding. Since you mention the word misunderstanding: Why don't you mention that (s)he also gives the clear =restriction= to open up all further changes? Why do you Balkanize the open source community without any sound reason? There is no such thing as the open source community. There is .., to your opionion I may hope?? I cannot remember anyone else denying that there is an open source community. People and companies who deliver publicly available sourcecode with various less or more restrictive licenses form the open source community. Open source supporters are part of the free software community, which was built by the free software movement starting in 1983. I know a lot of open source supporters who want no connection at all with the movement you started (don't ask around her at [EMAIL PROTECTED]), if only for your denying above of any =restrictions= in the GPLvX. Your publishings only uses pluses and no minuses concerning freedoms. Every of your four freedoms have accompanying restrictions equally big/bold if you like it or not. If you keep denying that it's not difficult to envision: Every subsequent GPLvX version will undoubtedly be more restrictive while you will need to scream louder and louder that it brings more freedom. Compare that with BSD, simple message, no screaming necessary, no serious changes in the license to be foreseen, its decent. If balkanize refers to incompatible licenses, that would not happen if everyone followed our licensing recommendations. If all free software were released under GPL version N or later, as we recommend, then all free software would be license-compatible. Did you recommend that since version 0 of GPL? I doubt so, that would have awakened more people at the right moment. Now with GPLv4 in the works people start thinking hey where will it end up? Who knows what will be in GPLv5? Is it possible that GPLv5 will be 100% compatible with the 2 clause BSD license? It's clear you doubt most GPLv0/1/2/3 will be behind servers but let's think and say it is so. In that situation for both users and programmers there is no difference between BSD and GPLv0/2/3 !!! My estimate is that the open source community will still take up and produce clever ideas and produce open source code. If it's not published (open) it doesn't exist and cannot be build upon by the community (world!). On the other hand, if most code is used for services on servers, there is often almost no way to check if GPLvX is used. Enforcing GPLvX in a services world seems a little bit clueless to me. You will need investigating searches by the police et cetera. You want too much and without a sound reason, only Balkanizes the community. BSD is good enough for the users of open source and clearly better for programmers and companies who use and produce code. Gives them maximum privacy and a better chance of earning money with it. +++chefren
Re: Need a major favor from Theo!
On Jan 14, 2008 6:00 PM, Billy B. Bilano [EMAIL PROTECTED] wrote: See, we have the audit happening here at the bank this time and it's causing me a lot of headaches and pains. A whiles back I replaced Cisco stuff here with OBSD and pf and OpenBPG and all that jazz because you (you = Theo) and Danny J. Harmminereater (or what everyour name is guy who wrote OepnBGP) said that is the smarty thing to do! Well, it turns out we still got some Cisco contracts open and all, and these auditors need some docs filled out by you two. It's no big deal, I swear! They just want me to sent these docs (only about twenty pages) titled Assumption of Vendor Liability off to you for you to fill out and send back. Easy as punch!!! Hey no problems. If Theo's too busy to do it, I'll be happy to step in, and you'll have the full backing of my organization too - the Church of Security! So if you could give a an mailing address that would be swell. I promise that if you do this, I will buy a CD set this time and not take the bootlegs ISOs that Maddog releases! Not a problem. As part of the service (minor detail, just sign here on the service agreement), we will even buy your CDs for you. And send it to you for free! The Grand bofh Church Of Security (.com) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: facts about OpenBSD
On Wed, Jan 09, 2008 at 05:07:35PM -0600, Jacob Yocom-Piatt wrote: Marc Balmer wrote: Nikns Siankin wrote: Facts about OpenBSD: # Stable release cycle. If you want to run latest bugfree ClamAV or FireFox - upgrade to CURRENT! But don't forget to buy release CD's!!! # Secure By Default. OpenBSD uses broken WEP for securing WiFi networks. Has no WPA/WPA2 support. # Do not let serious problems sit unsolved. OpenBSD doesn't need MAC because it has their own security flawed systrace. # Use of Cryptography. OpenBSD uses file-backed encryption (svnd) which is very suited for Full-disk-encryption. NOT. # Full Disclosure. OpenBSD at first denies remote exploitable flaws. DoS flaws gets marked as reliability not security issues. # Easy maintainable. OpenBSD distributes source patches to make your farm of Pentium2 firewalls updated easly. # Secure Distribution. The most secure operation system gets distributed on FTP servers as unsigned binaries. Facts about Nikns Siankin: # Whiner. He bitches incessantly about stuff and does nothing to fix it. AFAICT he's even saying that purchasing the CDs is pointless. # Jerk. He ignores that most of the development time that goes into OpenBSD is DONATED by highly-skilled individuals. You can only add as many bells and whistles as you have resources and time. # Misleading. He claims the system is distributed on FTP servers and elects not to note that code is available via cvs over ssh. # Ignorant. OpenBSD has myriad additional security technologies in it that help to moderate vulnerabilities in poorly coded applications like firefox and clamav. # Idiot. By whining in a totally counterproductive fashion he alienates himself from those who would otherwise, provided his requests were reasonable, help him out. I'd add some points: # Possibly frustrated because quite a few diffs never made it into ports. I guess due to lack of time or interest of the devs # Helpful with testing ports and get bugs fixed there Thanks Nikns, for your help so far. I don't feel great about the situation with -stable ports. But as I only run 2 OpenBSD boxes at the moment, I usually stick to -current anyway. And as I don't have time nor machines to contribute/test -stable ports I think I don't should complain about the -stable situation. What is a bit unclear to me: are some developers willing to commit security patches for -stable ports if # posts of security patches for -stable ports are welcome on @ports? # someone put them together? # they get enough testing? Apart from this, I haven't seen any posts of security patches (not updates) for -stable on @ports during last months. At least I can't remember any. Regards, Markus
Re: Suggested PF Setup when using BitTorrent?
Brian, After your post (and several others), I tried BitTorrent out on my network (sparc64 router + DOCSIS 2.0 cable connection; see http://marc.info/?l=openbsd-miscm=120019379210857w=2) After some experimentation, I was able to determine that running BitTorrent with a large number of connections causes a huge increase in latency regardless of bandwidth. No one seems to know why this is, but that might just be because my thread got buried by trolls and other posts. I'm not having watchdog timeouts but there is an off chance that the latency increase that I experience and your timeout problem may be related. My work around is to use the max-src-states feature of pf to limit the number of bit torrent connections to a reasonable number (50 seems to be a good trade-off on my machine, YMMV). Could you modify your pf.conf to do this (or limit your connections at the client and use pf to confirm) and let us know if that works on your end as well? --MHC On Jan 5, 2008 1:22 PM, Brian [EMAIL PROTECTED] wrote: Is there any suggested PF setup when using BitTorrent? Right now, the biggest problem I have when using BitTorrent is watchdog timeouts. Thanks, Brian Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Suggested PF Setup when using BitTorrent?
On Jan 14, 2008 4:06 PM, Max Hayden Chiz [EMAIL PROTECTED] wrote: Brian, After your post (and several others), I tried BitTorrent out on my network (sparc64 router + DOCSIS 2.0 cable connection; see http://marc.info/?l=openbsd-miscm=120019379210857w=2) After some experimentation, I was able to determine that running BitTorrent with a large number of connections causes a huge increase in latency regardless of bandwidth. No one seems to know why this is, but that might just be because my thread got buried by trolls and other posts. My theory is that you're using a ... uh... well, not very good connection that bogs down easily. Some time ago, I tossed together a little undeadly article on how to use altq to keep bittorrent from dragging your network down - http://www.undeadly.org/cgi?action=articlesid=20061109202501 I think you can solve this by tuning your service classes a little better. I'm currently stuck on a 1.5M/384k dsl - to minimize the pain, I told altq that i have 1.3M/340k. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: spamd not un-greylisting entries?
On Mon, 14 Jan 2008, Calomel wrote: Dan, The blocked while grey listed number of 8 is dependent on the amount of retries the remote mail server attempted while grey listed. Comcast servers for example will try once per minute to deliver their mail. For example, if you grey listed comcast for 25 minutes the blocked number would be around 24-26. Aha! This explains the spamdb entry I posted, which also goes to show that no matter how many times I read something in the documentation, sometimes I just don't get it. I was under the mistaken impression that spamd simply counted retries and changed the GREY entries to WHITE once the block count reached a certain magic number. The fact that I could not find this magic number in the documentation should have tipped me off. I am using the spamd default timeouts-- on startup I only specify to use greylisting, that the hostname match our real MX, and to use 451's instead of 450's. So that particular problem was a red herring. I will upgrade my system to 4.2 before I complain about spamd any more. Thanks! Dan
Re: Need some guidance booting OpenBSD on an ALIX device,
I've always had consistent success with a crossover cable and ssh. Serial connections with Wrap and Alix can be hit and miss and it's hard to see why it worked yesterday but not today. You may consider spending the pesos on the cable instead of coffee, cigarettes or aspirin. Are you in BA? What a lovely country you have there. Gian
Re: Suggested PF Setup when using BitTorrent?
On Jan 14, 2008 6:30 PM, Chris Kuethe [EMAIL PROTECTED] wrote: My theory is that you're using a ... uh... well, not very good connection that bogs down easily. My connection normally works fine; even when I max out my 7Mb/512Kb line. Running BitTorrent (even with a fraction of the bandwidth) makes my latency go through the roof. Some time ago, I tossed together a little undeadly article on how to use altq to keep bittorrent from dragging your network down - http://www.undeadly.org/cgi?action=articlesid=20061109202501 See the thread I referenced in my previous email. The issue I am experiencing seems to have nothing to do with bandwidth usage. I think you can solve this by tuning your service classes a little better. If you have a specific suggestion, I will try it and post the result here, but as I discussed in the previous thread, altq shows that there is no backlog of packets, and even with BitTorrent rate limited to a small fraction of the bandwidth (via CBQ or HFSC) it is still able to cause the latency issue. By contrast if I limit the number of connections, BitTorrent can consume almost all of the bandwidth and the issue will not appear. Perhaps this problem is specific to my configuration (or specific to DOCSIS cable modems). But if it makes Brian (or someone else's problem) go away, then it is likely that this problem is not unique. --MHC
Re: Suggested PF Setup when using BitTorrent?
On Jan 14, 2008 5:00 PM, Max Hayden Chiz [EMAIL PROTECTED] wrote: cause the latency issue. By contrast if I limit the number of connections, BitTorrent can consume almost all of the bandwidth and the issue will not appear. Perhaps this problem is specific to my configuration (or specific to DOCSIS cable modems). But if it makes Brian (or someone else's problem) go away, then it is likely that this problem is not unique. i doubt it's your machine not being happy with number of connections - i routinely have hundreds of states. depends on your modem, maybe? or who made the board inside your modems? or what crack-addled rhesus monkey pretended to write the firmware. If several different manufacturers licensed the IP stack or NAT engine from the same vendor, then it's perfectly possible that you both have ill-designed hardware. if you have a shell host somewhere, you could use netcat to determine where your router falls over. use netcat to send /dev/zero over the wire, with just a single stream, that should be pretty fast. then start opening up more tcp connections (but don't send anything through them) until it starts to bog down. That should give you enough information to create several different rule classes to limit number of connections by port. Web,ssh, dns and chat get to open connections first, and can always open one more connection, all other ports get to share ... 80% of max connections? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Suggested PF Setup when using BitTorrent?
--- Max Hayden Chiz [EMAIL PROTECTED] wrote: Perhaps this problem is specific to my configuration (or specific to DOCSIS cable modems). But if it makes Brian (or someone else's problem) go away, then it is likely that this problem is not unique. --MHC Let me read through the documentation to figure out how to set this up. I am running a cable modem as well. Here are my bittorrent settings: --minport 13000 --maxport 14000 --max_initiate 15 --max_allow_in 15 --max_upload_rate 25 --max_uploads 5 Give me some time to figure out the altq and pf. I have only used pf for a week, so I'm still learning it. Thanks, Brian Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Suggested PF Setup when using BitTorrent?
On Jan 14, 2008, at 5:10 PM, Brian wrote: --- Max Hayden Chiz [EMAIL PROTECTED] wrote: Perhaps this problem is specific to my configuration (or specific to DOCSIS cable modems). But if it makes Brian (or someone else's problem) go away, then it is likely that this problem is not unique. It's not unique, I saw the same issue recently. I basically exceeded the number of states my CPU/RAM combo could handle easily (roughly 2400, normal average is 200 state rules) while pushing major amounts of data. If I reduced the number of connections through bittorrent, performance improved. During the download, at 350 peers, regardless of the download rate, I had 2400 some odd state rules. I suddenly saw round trip ICMP echo taking 900+ ms to the first hop. At 325, times were merely 90ms to the first hop, and normal is around 10ms. The hardware is a slightly loaded Soekris net4501 with 64mb of RAM running OpenBSD 4.1 (GENERIC). It does not have a crypto accelerator, and handles ssh and openvpn on the main CPU (both are fairly low in usage at this time). My guess, so far, is an issue with my ruleset, the hardware, and the use of synproxy for some of the TCP states (almost all of the BT clients I had were over TCP). OpenBSD itself seems to be fine, up until I get close to the limits of the hardware. Let me read through the documentation to figure out how to set this up. I am running a cable modem as well. Here are my bittorrent settings: --minport 13000 --maxport 14000 --max_initiate 15 --max_allow_in 15 --max_upload_rate 25 --max_uploads 5 Give me some time to figure out the altq and pf. I have only used pf for a week, so I'm still learning it. Ask around if you have questions. There are excellent articles and examples available.