Re: Unable to connect to Xvfb using sshd
On Sat, Jul 19, 2008 at 11:53:44PM -0600, Anathae Townsend wrote: | I am running an HP Vectra VL400 system under OpenBSD 4.4 beta 2007-07-11. | | When I attempt to connect using ssvnc from my windows box using the ssh | option I am getting connection refused by server: Administratively | prohibited | | When I check authlog, the error message is | July 19 23:19:22 kendra sshd[4501]: error: connect to 127.0.0.1 port 5900 | failed: Undefined error: 0 | | /etc/ssh/sshd_config is set to defaults which appears to allow for port | forwarding. | | Any additional information or suggestions on how to resolve this issue? I ran into the same problem with that particular version. Apparently, it's a buglet that somehow crept into this snapshot, upgrade to more a recent snap and you should be golden (I was). Oh, and I'm assuming you meant 2008, not 2007 ;) Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: apc Back-UPS ES 525
On Wed, 16 Jul 2008 19:41:55 +0700, sonjaya wrote: i have small ups seri APC / Back-UPS ES 525 , how to joint and control with openbsd , i try using apc-upsd when test not working. then i try nut but unknown driver. if any sucsess story can share to me :) Yes, but not with ports, this tine. Here I use apcupsd, as in http://www.apcupsd.org/ Check out: they have a (slightly) outdated section on OpenBSD, how to install. Uwe
Re: Postfix race condition at boot
On Mon, 14 Jul 2008 12:47:40 -0500, Karl O. Pinc wrote: I've an OpenBSD box that's been running postfix for a few years, strictly as a send-only mta, and every night the box gets rebooted. Every couple of months postfix does not come up on reboot. All that shows up in the logs is: snip postfix/postfix-script[3005]: fatal: Postfix integrity check failed! My suspicion is that syslogd has not yet finished making the log socket and the postfix check that happens at postfix start fails. (/etc/rc.conf.local has: syslogd_flags=-a /var/spool/postfix/dev/log ) I can always log in and start postfix manually using the same sendmail command that the rc scripts use. Any suggestions as to how to confirm the problem and/or what to do about it? Does anyone else have this problem? Should I be talking to the postfix port maintainer? Alright. I have exactly the same problem, asked ports@ and got only an off-list mail, confirming this. Plus, one of a chap who has a similar problem with another application. I wonder why there was nothing on the list, though. I know all too well, that the people here care for correctness, though the start sequence seems faltering, or maybe unclear? I do also confirm, that the problem appears only on my smallest and oldest box: 1.7 GHz, 256 MB. Solution? Remove the sendmail-flags from rc.conf.local and put a 'postfix start' at the end of rc.local. That should help. Uwe
Re: Unable to connect to Xvfb using sshd
On Sunday, July 20, 2008 1:45 AM Paul de Weerd wrote: |On Sat, Jul 19, 2008 at 11:53:44PM -0600, Anathae Townsend wrote: | | I am running an HP Vectra VL400 system under OpenBSD 4.4 beta 2007-07-11. | | | | When I attempt to connect using ssvnc from my windows box using the ssh | | option I am getting connection refused by server: Administratively | | prohibited | | | | When I check authlog, the error message is | | July 19 23:19:22 kendra sshd[4501]: error: connect to 127.0.0.1 port 5900 | | failed: Undefined error: 0 | | | | /etc/ssh/sshd_config is set to defaults which appears to allow for port | | forwarding. | | | | Any additional information or suggestions on how to resolve this issue? | | I ran into the same problem with that particular version. Apparently, | it's a buglet that somehow crept into this snapshot, upgrade to more a | recent snap and you should be golden (I was). | | Oh, and I'm assuming you meant 2008, not 2007 ;) | | Cheers, | | Paul 'WEiRD' de Weerd | | -- | [++-]+++.+++[---].+++[+ | +++-].++[-]+.--.[-] | http://www.weirdnet.nl/ bleh... yes. Will update if this fixes issue.
Re: Unable to connect to Xvfb using sshd
Tried your fix and the progress is that I'm now getting 'Jul 20 03:14:06 kendra sshd[23354]: error: connect to 127.0.0.1 port 5910 failed: Connection refused' in authlog. I think I have to look in the direction of the ssvnc people now... seems to be a usage Problem on my Vista box now. On Sunday, July 20, 2008 1:45 AM Paul de Weerd wrote | On Sat, Jul 19, 2008 at 11:53:44PM -0600, Anathae Townsend wrote: | | I am running an HP Vectra VL400 system under OpenBSD 4.4 beta 2007-07-11. | | | | When I attempt to connect using ssvnc from my windows box using the ssh | | option I am getting connection refused by server: Administratively | | prohibited | | | | When I check authlog, the error message is | | July 19 23:19:22 kendra sshd[4501]: error: connect to 127.0.0.1 port 5900 | | failed: Undefined error: 0 | | | | /etc/ssh/sshd_config is set to defaults which appears to allow for port | | forwarding. | | | | Any additional information or suggestions on how to resolve this issue? | | I ran into the same problem with that particular version. Apparently, | it's a buglet that somehow crept into this snapshot, upgrade to more a | recent snap and you should be golden (I was). | | Oh, and I'm assuming you meant 2008, not 2007 ;) | | Cheers, | | Paul 'WEiRD' de Weerd | | -- | [++-]+++.+++[---].+++[+ | +++-].++[-]+.--.[-] | http://www.weirdnet.nl/
Re: svnd questions (encrypting all of a partition or disk)
On Sun, Jul 20, 2008 at 12:44:04AM -0400, Ted Unangst wrote: On 7/19/08, Tobias Ulmer [EMAIL PROTECTED] wrote: [4] # mount -o softdep /dev/sd0a /mnt [5] # dd if=/dev/arandom bs=1m of=/mnt/imagefile count=... prepare to wait a few days... there is known plaintext at specific locations anyway, disklabel, filesystem metadata,... very little really. especially if you create the inner filesystem/disklabel with anything other than the default of all space in one partition. it's easy to verify a correctly guessed key, but probably not enough to perform any interesting attacks. 3. What are the error propagation properties of the svnd encryption? That is, for example, if a disk/USB/memory error corrupts a single 512-byte block in the middle of /dev/sd0a, will that show up as 512 bytes of corruption in /dev/svnd0c, or will the entire /dev/svnd0c be corrupted from that point onwards? Afaik it uses blowfish in CBC mode, so you're fscked... Otoh modern disks make quite some noise before they start running out of spare blocks. CBC only for disk blocks. Each disk block is independent, otherwise you get the seek performance of a tape drive. Doh, right, that wouldn't make any sense. 4. Is there any upper size limit to the size of an encrypted image apart from the kernel 8TB limit and fsck time and memory usage? For example, is there any problem with using the above on (say) a 250GB disk? No problem, for the paranoid however you might want to read up on the birthday paradox ;) Not sure what you mean here. There's only 23 hard drives? :) Afaik there are (can be?) collisions in images bigger than ~40GB because of blowfishs block size.
Re: svnd questions (encrypting all of a partition or disk)
I'd like to publicly thank all those who are contributing to this thread -- the discussion is very informative. I suggested initially creating the imagefile with [5] # dd if=/dev/arandom bs=1m of=/mnt/imagefile count=... Several people have commented on this from the perspective of cryptographic security (not leaking where data has hasn't been written). However, I actually had a rather different goal in mind: I'm thinking of squeezing 5-10% more space out of a given-size disk by tuning the underlying filesystem parameters to 'newfs': (a) Since the underlying filesystem will ony hold a single huge 'imagefile', it only needs one inode (or maybe a handful to allow for directories), so I can specify something like 'newfs -i 1048576' or even 'newfs -i 1073741824'. (b) If I pre-allocate the imagefile with dd from /dev/arandom, all its blocks will actually be allocated, so it won't grow thereafter, and hence no more block allocations will be needed, so I (I think) can save the default 5% freespace via 'newfs -m 0'. In contrast, an initially-zeroed imagefile would be sparse, with most blocks not actually allocated, so I'd need the freespace reserve to make imagefile block allocation reasonably fast vaguely-contiguous-on-disk as the encrypted filesystem is used. Browsing newfs(8), '-g very_big_number -h small_number' also look useful. Perhaps I'm being overly agressive in my disk-space optimization... but I've been using computers for 30+ years, and every disk I've ever used has reached an equilibrium of over-full, so an easy 5-10% is tempting... -- -- Jonathan Thornburg [remove -animal to reply] [EMAIL PROTECTED] t = 31.Aug.2008: School of Mathematics, U of Southampton, England t1.Sep.2008: Dept of Astronomy, Indiana University, Bloomington, USA Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam
Re: Postfix race condition at boot
On Sun, 20 Jul 2008, Uwe Dippel wrote: On Mon, 14 Jul 2008 12:47:40 -0500, Karl O. Pinc wrote: I've an OpenBSD box that's been running postfix for a few years, strictly as a send-only mta, and every night the box gets rebooted. Every couple of months postfix does not come up on reboot. All that shows up in the logs is: snip postfix/postfix-script[3005]: fatal: Postfix integrity check failed! My suspicion is that syslogd has not yet finished making the log socket and the postfix check that happens at postfix start fails. That shouldn't happen, because syslogd delays its exit until after its log sockets have been established. Maybe this will help (but I think not): Index: syslogd.c === RCS file: /cvs/src/usr.sbin/syslogd/syslogd.c,v retrieving revision 1.101 diff -u -p -r1.101 syslogd.c --- syslogd.c 21 Apr 2008 22:09:51 - 1.101 +++ syslogd.c 20 Jul 2008 10:18:24 - @@ -485,7 +485,8 @@ main(int argc, char *argv[]) break; default: close(lockpipe[1]); - read(lockpipe[0], c, 1); + while (read(lockpipe[0], c, 1) == -1 errno == EINTR) + ; _exit(0); } }
Re: Unable to connect to Xvfb using sshd
On 2008-07-20, Anathae Townsend [EMAIL PROTECTED] wrote: Tried your fix and the progress is that I'm now getting 'Jul 20 03:14:06 kendra sshd[23354]: error: connect to 127.0.0.1 port 5910 failed: Connection refused' in authlog. I think I have to look in the direction of the ssvnc people now... seems to be a usage Problem on my Vista box now. It should be fairly straightforward, does it fail if you do vncviewer -via machine with sshd VNC host? Also check the mirror you updated from is up-to-date.
Re: This is what Linus Torvalds calls openBSD crowd
On Fri, 18 Jul 2008 17:29:35 +0530 Amarendra Godbole [EMAIL PROTECTED] wrote: On Thu, Jul 17, 2008 at 12:40 AM, Aaron Glenn [EMAIL PROTECTED] wrote: On Wed, Jul 16, 2008 at 11:47 AM, Nuno Magalhces [EMAIL PROTECTED] wrote: Here it's rtfm and chest-thumping. because here, many people have spent many hours making sure tfm gives you all the information you need [...] Absolutely! I find the OpenBSD man pages to be dead accurate, and to-the-point. Typos, and grammar are considered too! -Amarendra This looks like about as good a place as any to stick my 3 worth in, tho' Nick Guenther also comes close to the mark with his comments about system correctness. Linus is obviously worried about something of more than passing import, and I think that he's begun to realize that OBSD's correctness extends beyond code quality and technical security. Linux is a Utopian product that carries substantial ideological baggage rendering it's use problematic to business/commercial concerns _except_ by the largest of institutions. *BSD has a license structure that makes it commercially safe for use by small/medium business... OpenBSD being only the most consistent in this purpose with it's development of a genuine engineering culture and product. Utopian endevours all fall on their real intent to be all things to all people, which, because of the inherent logical relationships of things like consistency and completness, is a fruitless vanity. Such Complete systems require the deep hypocrisy of limiting everything and everyone in order to function at all. In political systems this is often evidenced by difficult people just disappearing in ones and twos and droves. Dhu (carry on in awareness!)
Re: This is what Linus Torvalds calls openBSD crowd
On Thu, 17 Jul 2008 21:37:27 +0200 Marc Balmer [EMAIL PROTECTED] wrote: * Shizzle Cash wrote: On Jul 17, 2008, at 8:42 AM, Giancarlo Razzolini wrote: agreed. I barely can wait to see Ty Semaka artwork for 4.4. Definitively it should include monkeys. And amoebas too. I agree, monkeys should definitely be somehow incorporated into the artwork for the next release. ty draws openbsd developers as fish. and I think that we, the openbsd developers, did enough to warrant a nice topic for the next release. no need to resort to that strange monkey business. or do you want to honour a stupid remark made by l. by making him the main theme of our next release? I don't think so. we have more substantial work that goes into our next release than the stupid remark of a wanking fat penguin that all to obviously does not understand what we do. Wanking Sea Monkeys, then: the oceanic analogue of fleas, at least in the area of genital proportion ;-) Dhu
Re: This is what Linus Torvalds calls openBSD crowd
On Sun, Jul 20, 2008 at 7:42 PM, Duncan Patton a Campbell [EMAIL PROTECTED] wrote: Wanking Sea Monkeys, then: the oceanic analogue of fleas, at least in the area of genital proportion ;-) Dhu lol. Looks like someone is selling new stuffs over the net: http://www.cafepress.com/spankymm -zamri-
Panic in latest snapshot - vr, perhaps
Greetings: Sorry for not using sendbug, but I wanted to get something out quickly while I have a moment. Summary: I have a jetway board with two interfaces. vr0 (external) and ral0 (wireless access point). When I boot up a laptop that uses the wireless access point, the jetway board panics. This is repeatable. dmesg, ifconfig, trace, ps follow... OpenBSD 4.4-beta (GENERIC) #979: Wed Jul 16 09:40:32 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1200MHz (CentaurHauls 686-class) 1.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 1005023232 (958MB) avail mem = 963469312 (918MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/15/08, BIOS32 rev. 0 @ 0xfa130, SMBIOS rev. 2.3 @ 0xf (34 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 01/15/2008 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xc964 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc890/208 (11 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1200 MHz (860 mV): speeds: 1200, 1000, 800, 600, 400 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: v3, aperture at 0xe800, size 0x1000 ral0 at pci0 dev 8 function 0 Ralink RT2561S rev 0x00: irq 11, address 00:0e:2e:b3:0a:a1 ral0: MAC/BBP RT2561C, RF RT2527 VIA VT6306 FireWire rev 0x80 at pci0 dev 10 function 0 not configured pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 disabled (no drives) wd0 at pciide1 channel 1 drive 0: ST340014A wd0: 16-sector PIO, LBA48, 38166MB, 78165360 sectors wd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-4200CL5 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 5 ac97: codec id 0x56494170 (VIA Technologies 70) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: irq 10, address 00:30:18:a6:91:2e ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI 0x004063, model 0x0032 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com1: probed fifo depth: 15 bytes pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fins0 at isa0 port 0x4e/2 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef65 netmask ef65 ttymask softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted vtest$ ifconfig -a lo0:
Re: OpenBSD AMD64 install snapshot (from 17.07.2008) halts while booting.
Update! The machine boots fine with 2GB and 4GB RAM. Output from loading bsd from harddrive with 8GB RAM: - snip - uhci5: host controller process error uhci5: host controller halted ehci0: unrecoverable error, controller halted echi0: blocking intrs 0x10 uhci2: host controller process error uhci2: host controller halted uhci1: host controller process error uhci1: host controller halted uhci0: host controller process error uhci0: host controller halted ehci1: unrecoverable error, controller halted echi1: blocking intrs 0x10 uhci3: host controller process error uhci3: host controller halted uhci4: host controller process error uhci4: host controller halted mtrr: Pentium Pro MTRR support uhci_freex: xfer=0x801a5000 not busy, 0x4f4e5155 uhci_freex: xfer=0x8019b200 not busy, 0x4f4e5155 uhci_freex: xfer=0x801a2800 not busy, 0x4f4e5155 uhci_freex: xfer=0x801a3e00 not busy, 0x4f4e5155 uhci_freex: xfer=0x801a3400 not busy, 0x4f4e5155 uhci_freex: xfer=0x801a4a00 not busy, 0x4f4e5155 Full dmesg with 2GB RAM: OpenBSD 4.4-beta (GENERIC) #1528: Wed Jul 16 10:01:03 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2133999616 (2035MB) avail mem = 2072133632 (1976MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf0720 (70 entries) bios0: vendor American Megatrends Inc. version 0703 date 06/12/2008 bios0: ASUSTeK Computer INC. P5Q-PRO acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG OEMB HPET OSFR SSDT acpi0: wakeup devices P0P2(S4) P0P3(S4) P0P1(S4) UAR1(S4) PS2K(S4) PS2M(S4) EUSB(S4) USBE(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBEC(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) P0P4(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P2) acpiprt2 at acpi0: bus -1 (P0P3) acpiprt3 at acpi0: bus 5 (P0P1) acpiprt4 at acpi0: bus -1 (P0P5) acpiprt5 at acpi0: bus -1 (P0P6) acpiprt6 at acpi0: bus -1 (P0P7) acpiprt7 at acpi0: bus 3 (P0P8) acpiprt8 at acpi0: bus 2 (P0P9) acpiprt9 at acpi0: bus 4 (P0P4) acpicpu0 at acpi0: PSS acpibtn0 at acpi0: PWRB cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz, 2500.04 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR,NXE,LONG cpu0: 3MB 64b/line 8-way L2 cache cpu0: Enhanced SpeedStep 2500 MHz: speeds: 2499, 2003 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x2e20 rev 0x02 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x2e21 rev 0x02: irq 10 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x95c5 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci1 dev 0 function 1 vendor ATI, unknown product 0xaa28 rev 0x00: irq 11 azalia0: /usr/src/sys/dev/pci/azalia.c/1348 invalid PCM format: 0x azalia0: No codecs found uhci0 at pci0 dev 26 function 0 vendor Intel, unknown product 0x3a37 rev 0x00: irq 10 uhci1 at pci0 dev 26 function 1 vendor Intel, unknown product 0x3a38 rev 0x00: irq 14 uhci2 at pci0 dev 26 function 2 vendor Intel, unknown product 0x3a39 rev 0x00: irq 15 ehci0 at pci0 dev 26 function 7 vendor Intel, unknown product 0x3a3c rev 0x00: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia1 at pci0 dev 27 function 0 vendor Intel, unknown product 0x3a3e rev 0x00: irq 3 azalia1: codec[s]: Realtek/0x0888 audio0 at azalia1 ppb1 at pci0 dev 28 function 0 vendor Intel, unknown product 0x3a40 rev 0x00: irq 11 pci2 at ppb1 bus 4 ppb2 at pci0 dev 28 function 4 vendor Intel, unknown product 0x3a48 rev 0x00: irq 11 pci3 at ppb2 bus 3 pciide0 at pci3 dev 0 function 0 Marvell 88SE6121 SATA rev 0xb2: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using irq 10 for native-PCI interrupt pciide0: channel 0 ignored (not responding; disabled or no drives?) pciide0: channel 1 ignored (not responding; disabled or no drives?) ppb3 at pci0 dev 28 function 5 vendor Intel, unknown product 0x3a4a rev 0x00: irq 10 pci4 at ppb3 bus 2 vendor Attansic Technology, unknown product 0x1026 (class network subclass ethernet, rev 0xb0) at pci4 dev 0 function 0 not configured uhci3 at pci0 dev 29 function 0 vendor Intel, unknown product 0x3a34 rev 0x00: irq 7 uhci4 at pci0 dev 29 function 1 vendor Intel, unknown product 0x3a35 rev 0x00: irq 5 uhci5 at pci0 dev 29 function 2 vendor Intel, unknown product 0x3a36 rev 0x00: irq 15 ehci1 at pci0 dev 29 function 7 vendor Intel, unknown product 0x3a3a rev 0x00: irq 7 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90 pci5 at ppb4
Re: Light HTTP servers.
Nuno, I would highly suggest looking into Nginx. It is easy to build from source and runs efficiently, using little memory or CPU time. Even though it is a light web server compared to Apache, Nginx is able to handle high traffic loads. The WordPress blogging system recently converted all of its load balancers to Nginx, using the upstream hash module to serve 8-9 thousand requests per second. Unlike lighttpd, the author is actively developing Nginx and the community is constantly building add on modules. Finally, you can easily secure Nginx to better protect your machine from abusive clients. Nginx web server how to https://calomel.org/nginx.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sun, Jul 20, 2008 at 03:14:40PM +0100, Nuno Magalh??es wrote: I have an old Compaq Armada 1500c with 32MB of RAM i want to use as a webserver. Having it support PHP and mySQL would be fun since i intend to use both. The same machine has sshd running and might also become a print-server for a parallel Epson Stylus Color 740 if i can decide on the print server (apparently either cups or lpd, whichever's lighter). I haven't fiddled with it a whole lot, it's mostly just on and showing top through ssh. Right now its memory line is this: Memory: Real: 7200K/20M act/tot Free: 3944K Swap: 0K/66M used/tot with its most cpu-intensive process being sendmail. I have no mailserver, what's that for? So, big servers like Apache are kind of out of the question. From the package list i found Bozotic, lighttpd, nginx, p5-HTTP-Server-Simple and thttpd. Of those, nginx caught my eye and while searching i came across cherokee-project.com, Hiawatha (hiawatha.leisink.org) and also shttpd.sourceforge.net Is anyone using any of these or a lightweight httpd in general? I don't mean small as in d116.com/ace/ nor are my resources as low as d116.com/spud/ but useful input would be welcome. Ya know, the constructive criticism type. TIA -- Nuno MagalhC#es
Intel Xeon 64 Bit
Dear gentleman, i am planning to install openbsd on a 64 bit intel dual core server. But, i believe that openbsd plataform i386 runs only on 32 bit mode. Which plataform should i choose from http://www.openbsd.org/plat.html ? Thanks in advance.
Re: Intel Xeon 64 Bit
John Nietzsche wrote: Dear gentleman, i am planning to install openbsd on a 64 bit intel dual core server. But, i believe that openbsd plataform i386 runs only on 32 bit mode. Which plataform should i choose from http://www.openbsd.org/plat.html ? http://www.openbsd.org/amd64.html Which is named so just like Debian, because amd64 was first and then Intel made EMT64. Some distro's renamed their amd64 branch to x86_64 for this reason because that is a better name for the instruction set. Note that AMD64/EMT64 is not equal to IA-64 which is Itanium. Greets, Jeroen [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Light HTTP servers.
There is also a package of the stable version of nginx. If you need features from the development version or want different modules than the package then build from source. But why not use the existing port/package if it suits you? As for which light http server, it might be best to try out several and see which works best for you, Nuno. I think any of them will work, but which works best for *your* needs on *that* machine is the real question. On Sun, Jul 20, 2008 at 11:12:22AM -0400, Calomel wrote: Nuno, I would highly suggest looking into Nginx. It is easy to build from source and runs efficiently, using little memory or CPU time. Even though it is a light web server compared to Apache, Nginx is able to handle high traffic loads. The WordPress blogging system recently converted all of its load balancers to Nginx, using the upstream hash module to serve 8-9 thousand requests per second. Unlike lighttpd, the author is actively developing Nginx and the community is constantly building add on modules. Finally, you can easily secure Nginx to better protect your machine from abusive clients. Nginx web server how to https://calomel.org/nginx.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sun, Jul 20, 2008 at 03:14:40PM +0100, Nuno Magalh??es wrote: I have an old Compaq Armada 1500c with 32MB of RAM i want to use as a webserver. Having it support PHP and mySQL would be fun since i intend to use both. The same machine has sshd running and might also become a print-server for a parallel Epson Stylus Color 740 if i can decide on the print server (apparently either cups or lpd, whichever's lighter). I haven't fiddled with it a whole lot, it's mostly just on and showing top through ssh. Right now its memory line is this: Memory: Real: 7200K/20M act/tot Free: 3944K Swap: 0K/66M used/tot with its most cpu-intensive process being sendmail. I have no mailserver, what's that for? So, big servers like Apache are kind of out of the question. From the package list i found Bozotic, lighttpd, nginx, p5-HTTP-Server-Simple and thttpd. Of those, nginx caught my eye and while searching i came across cherokee-project.com, Hiawatha (hiawatha.leisink.org) and also shttpd.sourceforge.net Is anyone using any of these or a lightweight httpd in general? I don't mean small as in d116.com/ace/ nor are my resources as low as d116.com/spud/ but useful input would be welcome. Ya know, the constructive criticism type. TIA -- Nuno MagalhC#es -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Light HTTP servers.
On Sun, Jul 20, 2008 at 10:12 PM, Calomel [EMAIL PROTECTED] wrote: Nuno, I would highly suggest looking into Nginx. It is easy to build from source and runs efficiently, using little memory or CPU time. Even though it is a light web server compared to Apache, Nginx is able to handle high traffic loads. The WordPress blogging system recently converted all of its load balancers to Nginx, using the upstream hash module to serve 8-9 thousand requests per second. Unlike lighttpd, the author is actively developing Nginx and the community is constantly building add on modules. Finally, you can easily secure Nginx to better protect your machine from abusive clients. current problem for nginx is, it doesn't handle php-fastcgi process spawning. AFAIK it can be solved with either patching php manually with php-fpm ( http://php-fpm.anight.org/ ) or using lighttpd's spawn-fcgi. IMO, in general, configuring lighttpd+php is easier than nginx+php. YMMV Nginx web server how to https://calomel.org/nginx.html -- Calomel @ https://calomel.org Open Source Research and Reference On Sun, Jul 20, 2008 at 03:14:40PM +0100, Nuno Magalh??es wrote: I have an old Compaq Armada 1500c with 32MB of RAM i want to use as a webserver. Having it support PHP and mySQL would be fun since i intend to use both. The same machine has sshd running and might also become a print-server for a parallel Epson Stylus Color 740 if i can decide on the print server (apparently either cups or lpd, whichever's lighter). I haven't fiddled with it a whole lot, it's mostly just on and showing top through ssh. Right now its memory line is this: Memory: Real: 7200K/20M act/tot Free: 3944K Swap: 0K/66M used/tot with its most cpu-intensive process being sendmail. I have no mailserver, what's that for? So, big servers like Apache are kind of out of the question. From the package list i found Bozotic, lighttpd, nginx, p5-HTTP-Server-Simple and thttpd. Of those, nginx caught my eye and while searching i came across cherokee-project.com, Hiawatha (hiawatha.leisink.org) and also shttpd.sourceforge.net Is anyone using any of these or a lightweight httpd in general? I don't mean small as in d116.com/ace/ nor are my resources as low as d116.com/spud/ but useful input would be welcome. Ya know, the constructive criticism type. TIA -- Nuno MagalhC#es
Re: Light HTTP servers.
lighttpd. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: svnd questions (encrypting all of a partition or disk)
On Sun, Jul 20, 2008 at 3:00 AM, Jonathan Thornburg [EMAIL PROTECTED] wrote: ... In contrast, an initially-zeroed imagefile would be sparse, with most blocks not actually allocated, so I'd need the freespace reserve to make imagefile block allocation reasonably fast vaguely-contiguous-on-disk as the encrypted filesystem is used. wrong. if you write just one sector at the end, yes, you'll create a sparse file. dd if=/dev/zero of=image.bin bs=64k will actually write to each and every one of those sectors. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Postfix race condition at boot
On Sun, 20 Jul 2008 20:19:05 +1000, Damien Miller wrote: My suspicion is that syslogd has not yet finished making the log socket and the postfix check that happens at postfix start fails. That shouldn't happen, because syslogd delays its exit until after its log sockets have been established. Damien, I am not so sure if it is syslog that fails. I have something else failing before, please see my maillog in the ports@: Jul 11 11:56:19 claude authdaemond: modules=authuserdb authpwd authpgsql authld ap authmysql authpipe, daemons=5 Jul 11 11:56:19 claude authdaemond: Installing libauthuserdb Jul 11 11:56:19 claude authdaemond: File not found Jul 11 11:56:19 claude authdaemond: Installing libauthpwd Jul 11 11:56:19 claude authdaemond: Installation complete: authpwd Jul 11 11:56:19 claude authdaemond: Installing libauthpgsql Jul 11 11:56:19 claude authdaemond: File not found Jul 11 11:56:19 claude authdaemond: Installing libauthldap Jul 11 11:56:19 claude authdaemond: File not found Jul 11 11:56:19 claude authdaemond: Installing libauthmysql Jul 11 11:56:19 claude authdaemond: File not found Jul 11 11:56:19 claude authdaemond: Installing libauthpipe Jul 11 11:56:19 claude authdaemond: Installation complete: authpipe Jul 11 11:56:20 claude postfix/postfix-script[17841]: fatal: Postfix integrity c heck failed! I am not aware that I'd use courier-authlib for that postfix, but who knows what it checks? in any case, postfix seems to wait for something, that slower machines cannot provide fast enough. If you have any idea how to debug this and find out *what* it can't find, let me know, Uwe
Re: svnd questions (encrypting all of a partition or disk)
On 7/20/08, Tobias Ulmer [EMAIL PROTECTED] wrote: Afaik there are (can be?) collisions in images bigger than ~40GB because of blowfishs block size. Right. Unfortunately, the only online reference I could find indicating the significance of this is wikipedia's talk (!) page for birthday attack. Neither the actual birthday attack page nor the disk encryption theory page mention it at all, and just about every other search hit is a cheap wikipedia knockoff. So sad.
Re: svnd questions (encrypting all of a partition or disk)
On 7/20/08, Chris Kuethe [EMAIL PROTECTED] wrote: wrong. if you write just one sector at the end, yes, you'll create a sparse file. dd if=/dev/zero of=image.bin bs=64k will actually write to each and every one of those sectors. until you cp or tar it. :)
This is what Linus Torvalds calls openBSD crowd
We need a Button. Reminds me of the advert in Comic Books of my youth, for Sea Monkeys, Maybe we need Puffy looking concerned, with Sea Monkeys facing away from the perspective doing something that most Prudes would find offensive.. Nothing Obvious mind-you, just a perspective of backs of Sea Monkeys'. Oooh Sea-Monkey...:- -sean http://www.sea-monkeys.com/ http://en.wikipedia.org/wiki/Sea-Monkeys . _ Try Chicktionary, a game that tests how many words you can form from the letters given. Find this and more puzzles at Live Search Games! http://g.msn.ca/ca55/207
Re: Unable to connect to Xvfb using sshd
Stuart Henderson, on Sunday, July 20, 2008 at 4:40 AM wrote On 2008-07-20, Anathae Townsend [EMAIL PROTECTED] wrote: Tried your fix and the progress is that I'm now getting 'Jul 20 03:14:06 kendra sshd[23354]: error: connect to 127.0.0.1 port 5910 failed: Connection refused' in authlog. I think I have to look in the direction of the ssvnc people now... seems to be a usage Problem on my Vista box now. It should be fairly straightforward, does it fail if you do vncviewer -via machine with sshd VNC host? Also check the mirror you updated from is up-to-date. Updated from ftp.openbsd.org. I have the joy of living in Edmonton. :) vncviewer -via [EMAIL PROTECTED] faith Results in unable to connect because vmrc version 3.6 or later required. When I have been able to get vncviewer to run, I've gotten an error message about unable to connect to Kendra:30 on the vista side.
Re: Light HTTP servers.
Henning Brauer wrote: lighttpd. So far I am very happy with lighttpd, including running with PHP via FastCGI. I don't really trust the PHP applications I run, so they operate in a separate chroot (via spawn-php.sh) as a separate user in addition to lighttpd itself being chroot as a separate user. Another poster said lighttpd isn't being actively developed, but it's active enough for me - my bug reports have been fixed and new releases put out to address them. Other than setting up the chroot FastCGI, it was quite easy to configure and get running. I think the biggest problem will be running MySQL and PHP in 32MB, the OP may need to tweak MySQL to not use too much memory and restrict the number of PHP processes to run (1 or 2, I'd say). -- Matthew Weigel hacker unique idempot.ent
Re: Light HTTP servers.
* Henning Brauer wrote: lighttpd. can it do reverse proxying, as needed for zope? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: svnd questions (encrypting all of a partition or disk)
On Sat, Jul 19, 2008 at 11:58:11AM -0500, Marco Peereboom wrote: This might be a good time to try my giant softraid diff that makes crypto useful. Hello Marco, Greatly appreciate your work on softraid(4). I've decided to play around with Crypto discipline w/ softraid, created 60GB partition in the disklabel, marked it as RAID: n:117194175195382530RAID then created the softraid0 device, backup by sd0n: scsibus2 at softraid0: 1 targets, initiator 1 sd1 at scsibus2 targ 0 lun 0: OPENBSD, SR CRYPTO, 002 SCSI2 0/direct fixed sd1: 57223MB, 7294 cyl, 255 head, 63 sec, 512 bytes/sec, 117194096 sec total Everything seems fine, performance is not bad at all, ~4% higher than svnd0 on the same box. (could be the difference of Blowfish_CBC vs AES_XTS). However, when playing with tools like bonnie++, my T61 w/ 2.4GHZ duo becomes barely responsive. But, it's perfectly understandable, writing massive amounts of data to crypto backed device with putc() is insane. Now, on boot, the softraid0 doesn't attach itself to sd0n, perhaps not implemented yet? I was wondering if there were any plans to create support for crypto devices so that they could be mounted on boot as specified in fstab(5). Also, is there any plans to be able to specify which key size you'd want to use with AES_XTS? Thank you.
correct way to run kdm?
I'm trying to setup a machine running KDE. it's supposed to look pretty (no need for console), so I want kdm. xdm isn't pretty enough, and lacks the shutdown option which is a must. First, I tried running kdm from the command line. Kind of worked, but when I logged in, no matter what session I picked, i wound up with just an xterm. This was fixed by running genkdmconf which did some stuff. I don't know why this was needed. Now, the problem was whenever I quit KDE, it would drop me back at a command prompt. xdm didn't have this problem. I thought maybe kdm is only a one shot deal? After finding the handbook (which cannot be located by searching for either kdm documentation or kdm manual), it has a part about FreeBSD and changing /etc/ttys to run kdm like a getty. DO NOT DO THIS. It kinda works, except your keyboard will go crazy. Solution to this: Edit /usr/local/share/config/kdmrc and find the line about TerminateServer and change it to true. For some reason, when you quit KDE, kdm can't talk to X anymore. If it kills and restarts the server, all is well. Of course, now the screen blinks a few more times and it takes longer. Final part. I wanted kdm to start automatically on boot. Once it was out of /etc/ttys, I had to put it back into /etc/rc.local. Doing that appeared to work, except there was no keyboard input. See above. Finally I resorted to writing a script, startkdm, which I run in the background from rc.local. startkdm sleeps 10 seconds before actually execing kdm. So, everything works now, but I'm fairly certain this was harder than it was supposed to be. How is it supposed to work?
Re: neomagic and the needs-update entries
--- On Sat, 7/12/08, Charles Smith [EMAIL PROTECTED] wrote: From: Charles Smith [EMAIL PROTECTED] Subject: neomagic and the needs-update entries To: misc@openbsd.org Date: Saturday, July 12, 2008, 6:09 PM Good afternoon! In xenocara/MODULES file a needs-update entry, eg by neomagic, can provoke errors, like PR pending/5836 [0]? The PR in short: On i386 ThinkPad 600X (NeoMagic 256ZX NM2360) doesn't work WindowMaker since 2008.04.10 (or before too, that was my first test after 4.3 RELEASE branch fork.) With 4.3 RELEASE works. The very odd thing: cwm, fvwm; and icewm from ports work. All application works, that I use. WindowMaker didn't change since 2007.09.15. After branch fork in xenocara/MODULES file the neomagic has been updated two times: on 2008.03.19 from 1.1.1 to 1.2.0 and on 2008.05.21 to 1.2.1. In xenocara/driver/xf86-video-neomagic/ directory remained 1.1.1. The needs-update appeared with 1.2.0. Are they not in sync? Is this rate major update? Are the needs-update entries like as public todo lists? [0]: http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=5836 Synopsis and Subject: wmaker on ThinkPad600X Fatal server error These found today: [1] [2] On FreeBSD 7.0 X.org 7.3. ThinkPad600 Neomagic Wmaker and GNUStep application problem. icewm works. Very likewise than by me on OpenBSD. I don't know if it helps. [1] http://permalink.gmane.org/gmane.os.freebsd.questions/225666 [2] http://permalink.gmane.org/gmane.os.freebsd.questions/225665
Re: svnd questions (encrypting all of a partition or disk)
On Sun, Jul 20, 2008 at 12:22:24PM -0700, Aaron Stellman wrote: On Sat, Jul 19, 2008 at 11:58:11AM -0500, Marco Peereboom wrote: This might be a good time to try my giant softraid diff that makes crypto useful. Hello Marco, Greatly appreciate your work on softraid(4). I've decided to play around Thank hshoexer and djm for the crypto stuff. with Crypto discipline w/ softraid, created 60GB partition in the disklabel, marked it as RAID: n:117194175195382530RAID then created the softraid0 device, backup by sd0n: scsibus2 at softraid0: 1 targets, initiator 1 sd1 at scsibus2 targ 0 lun 0: OPENBSD, SR CRYPTO, 002 SCSI2 0/direct fixed sd1: 57223MB, 7294 cyl, 255 head, 63 sec, 512 bytes/sec, 117194096 sec total Pretty pretty :-) Everything seems fine, performance is not bad at all, ~4% higher than svnd0 on the same box. (could be the difference of Blowfish_CBC vs AES_XTS). However, when playing with tools like bonnie++, my T61 w/ 2.4GHZ duo becomes barely responsive. But, it's perfectly understandable, writing massive amounts of data to crypto backed device with putc() is insane. Yes it is. It really is meant as an actual disk device that moves normal amounts of data. The putc/getc stuff doesn't prove or disprove anything anyway. Now, on boot, the softraid0 doesn't attach itself to sd0n, perhaps not implemented yet? I was wondering if there were any plans to create support for crypto devices so that they could be mounted on boot as specified in fstab(5). Currently this is deliberate because we haven't implemented boot support yet. This in time will be implemented but not until we can get it right. For now look at the benefit that the disk is there without letting anyone now :-) Also, is there any plans to be able to specify which key size you'd want to use with AES_XTS? Maybe, it is easy enough to implement and if someone can convince me of the benefit of a knob I might add it. Thank you.
Re: correct way to run kdm?
I've had kdm/kde on my laptop running for a couple of releases and I
recall having keyboard problems initially; now it just works.
2008/7/20, Ted Unangst [EMAIL PROTECTED]:
just an xterm. This was fixed by running genkdmconf which did some
stuff. I don't know why this was needed.
it builds the kdm config file I guess..
I have rc.local fire kdm:
if [ X${kdm_flags} != XNO ]; then
/usr/local/bin/kdm ${kdm_flags} ;
echo -n 'kdm '
fi
without any flags/options
Solution to this: Edit /usr/local/share/config/kdmrc and find the
line about TerminateServer and change it to true. For some reason,
this would be /usr/local/share/config/kdm/kdmrc
I don't have this option in mine; I have the shutdown command modified
so it shuts down the machine on logout:
HaltCmd=/sbin/shutdown -ph now
Re: correct way to run kdm?
Ted Unangst wrote: I'm trying to setup a machine running KDE. it's supposed to look pretty (no need for console), so I want kdm. xdm isn't pretty enough, and lacks the shutdown option which is a must. First, I tried running kdm from the command line. Kind of worked, but when I logged in, no matter what session I picked, i wound up with just an xterm. This was fixed by running genkdmconf which did some stuff. I don't know why this was needed. Now, the problem was whenever I quit KDE, it would drop me back at a command prompt. xdm didn't have this problem. I thought maybe kdm is only a one shot deal? After finding the handbook (which cannot be located by searching for either kdm documentation or kdm manual), it has a part about FreeBSD and changing /etc/ttys to run kdm like a getty. DO NOT DO THIS. It kinda works, except your keyboard will go crazy. Solution to this: Edit /usr/local/share/config/kdmrc and find the line about TerminateServer and change it to true. For some reason, when you quit KDE, kdm can't talk to X anymore. If it kills and restarts the server, all is well. Of course, now the screen blinks a few more times and it takes longer. Final part. I wanted kdm to start automatically on boot. Once it was out of /etc/ttys, I had to put it back into /etc/rc.local. Doing that appeared to work, except there was no keyboard input. See above. Finally I resorted to writing a script, startkdm, which I run in the background from rc.local. startkdm sleeps 10 seconds before actually execing kdm. So, everything works now, but I'm fairly certain this was harder than it was supposed to be. How is it supposed to work? I am not running it but I thought that this was more or less correct way http://www.openbsdsupport.org/KDM.html
Re: correct way to run kdm?
2008/7/20, Predrag Punosevac [EMAIL PROTECTED]: I am not running it but I thought that this was more or less correct way http://www.openbsdsupport.org/KDM.html step 2.2-2.6 should do the trick. the rest of the document, i find, is just plain confusing
Trying to get a very large array online
Having myself a bit of a problem that the man pages haven't helped me
figure out. Running 4.3-RELEASE(amd64) with an Areca 1220 host
controller, I'm trying to bring a 5T RAID-5 array online (nothing but
samba storage, everything OS lives on sd0). In the dmesg, the
card+array show up thus when initialized using 64bit LBA:
arc0 at pci6 dev 14 function 0 Areca ARC-1220 rev 0x00: irq 11
arc0: 8 ports, 256MB SDRAM, firmware V1.43 2007-4-17
scsibus1 at arc0: 16 targets
sd0 at scsibus1 targ 0 lun 0: Areca, ARC-1220-VOL#00, R001 SCSI3
0/direct fixed
sd0: 305245MB, 54265 cyl, 24 head, 480 sec, 512 bytes/sec, 625141760 sec
total
sd1 at scsibus1 targ 0 lun 1: Areca, ARC-1220-VOL#01, R001 SCSI3
0/direct fixed
sd1: 4769346MB, 74959 cyl, 511 head, 255 sec, 512 bytes/sec, 9767621120
sec total
Trying to fdisk, this is what I get:
# fdisk -e sd1
Enter 'help' for information
fdisk: 1 p
Disk: sd1 geometry: 608006/255/63 [1177686528 Sectors]
Offset: 0 Signature: 0x0
Starting Ending LBA Info:
#: id C H S - C H S [ start:size ]
---
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
fdisk: 1 e 3
Starting Ending LBA Info:
#: id C H S - C H S [ start:size ]
---
3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
Partition id ('0' to disable) [0 - FF]: [0] (? for help) A6
Do you wish to edit in CHS mode? [n] y
BIOS Starting cylinder [0 - 608005]: [0]
BIOS Starting head [0 - 254]: [0]
BIOS Starting sector [1 - 63]: [1]
BIOS Ending cylinder [0 - 608005]: [267349] 608005
BIOS Ending head [0 - 254]: [89] 254
BIOS Ending sector [1 - 63]: [4] 63
fdisk:*1 p
Disk: sd1 geometry: 608006/255/63 [1177686528 Sectors]
Offset: 0 Signature: 0x0
Starting Ending LBA Info:
#: id C H S - C H S [ start:size ]
---
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
3: A6 0 0 1 - 73307 76 55 [ 0: 1177681798 ] OpenBSD
fdisk:*1
Clearly that's not right. Trying fdisk -i sd1 results in an MBR that
starts at 0-1-1, but still ends at 73307-76-55. If I use 4k blocks
instead of 64bit LBA...
sd1 at scsibus1 targ 0 lun 1: Areca, ARC-1220-VOL#01, R001 SCSI3
0/direct fixed
sd1: 4769346MB, 80750 cyl, 252 head, 60 sec, 4096 bytes/sec, 1220952640
sec total
# fdisk sd1
Disk: sd1 geometry: 80750/252/60 [1220952640 4096-byte Sectors]
Offset: 0 Signature: 0xAA55
Starting Ending LBA Info:
#: id C H S - C H S [ start:size ]
---
0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused
*3: A6 0 0 1 - 80749 251 60 [ 0: 122094 ] OpenBSD
So far, so good. But now disklabel+newfs cause problems...
# disklabel -E sd1
Initial label editor (enter '?' for help at any prompt)
a d
offset: [0]
size: [1220952640] 900g
Rounding to cylinder: 235932480
FS type: [4.2BSD]
...
#size offset fstype [fsize bsize cpg]
c: 12209526400 unused 0 0
d:2359324800 4.2BSD 2048 163841
e:235932480235932480 4.2BSD 2048 163841
f:235932480471864960 4.2BSD 2048 163841
g:235932480707797440 4.2BSD 2048 163841
h:235932480943729920 4.2BSD 2048 163841
i: 41290240 1179662400 4.2BSD 2048 163841
q
Write new label?: [y] y
# newfs sd1d
newfs: wtfs: write error on block 1887459839: Invalid argument
Since each individual slice is only 900g, I would have thought I'm
safely below the sector addressing limits of an FFS filesystem, and it
would have worked. Granted, I could split the array itself into three
sub-2T logical volumes, but I've noticed a very large performance hit
just on the initialization stage in doing so (5 hours for 64bit/4k,
nearly a day when split). Am I doing something wrong, or bashing up
against a subtle limitation of fdisk/disklabel/newfs somewhere? Full
Re: correct way to run kdm?
On Sun, Jul 20, 2008 at 11:24:14PM +0200, Mark Prins wrote: http://www.openbsdsupport.org/KDM.html step 2.2-2.6 should do the trick. And that's what? I don't see something called 2.2-2.6 there (but I'm old and lazy and I don't understand those HOWTOs). the rest of the document, i find, is just plain confusing Of course. It's a typical HOWTO. Anyway, I just gave kdm a try. First, just disabling xdm and running kdm from /etc/rc.local, leading to the problems tedu@ mentioned (just an xterm, blue background, keyboard input garbled). The problem here is that kdm by default launches an X server on vt1. However, after a genkdmconf, everything looks fine here, so I'll do some more checks tomorrow (or later[tm[). (I still don't know why tedu@'s setup fails after genkdmconf). Ciao, Kili
Re: 'Nother broken package - git-1.5.4.2
On Wed, Jul 16, 2008 at 03:04:57PM -0500, L. V. Lammert wrote: Why do you think that discussing problems with packages constitutes whining? Are the developers now supposed to get feedback from the user community by divination? please go read your original post. is that useful feedback or whining/complaining/bitching? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: svnd questions (encrypting all of a partition or disk)
On Sun, 20 Jul 2008, Aaron Stellman wrote: Now, on boot, the softraid0 doesn't attach itself to sd0n, perhaps not implemented yet? I was wondering if there were any plans to create support for crypto devices so that they could be mounted on boot as specified in fstab(5). Yes, but someone needs to wrtie the bits for /etc/rc to implement this. We also plan to add bootloader support for root on softraid, but that will take longer. Also, is there any plans to be able to specify which key size you'd want to use with AES_XTS? The kernel code already mostly support AES-XTS-128, but it can only create the volume with AES-XTS-256 at present. Supporting this will require extending the BIOCCREATERAID ioctl to allow it to specify which algorithm to use. -d
PF issue
My home network. Firewall is openbsd (4.3). DSL setup with PPPOE (in
kernel):
cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev dc0 authproto pap \
authname '[EMAIL PROTECTED]' authkey 'password' up
!/sbin/route add default
#
Here is my /etc/pf.conf for this network (HOME). Very simple blocking
everything and allowing everything to go out from my internal network.
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if=dc0
int_if=fxp0
loopback=lo0
pppoe_if=pppoe0
#table spamd-white persist
set skip on lo
set loginterface $ext_if
set loginterface $int_if
set loginterface $pppoe_if
set loginterface $loopback
scrub in all max-mss 1440
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
# nat on $pppoe_if from 172.16.200.0/24 - $pppoe_if
nat on $pppoe_if from !($pppoe_if) to any - ($pppoe_if)
block in log on $pppoe_if
pass out keep state
Here is my Lab network: setup on static DSL connection with 5 static
IPs:
I am using one for webserving: 75.44.224.2.
my /etc/hostname.sk0 looks like:
inet 75.44.229.1 255.255.255.248 NONE
alias 75.44.229.2 255.255.255.248
I also have a laptop behind this firewall on internal network. Used
for browsing etc.
# MACROS
ext_if=sk0
int_if=gem0
external_ip=75.44.229.1
external_net={75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}
internal_ip=172.16.10.10
webserver_ip=75.44.224.2
webserver_int=172.16.10.11
OPTIONS #
set loginterface $ext_if
set loginterface $int_if
scrub in
NAT/REDIRECTS
nat on $ext_if from !($ext_if) to any - ($ext_if:0)
rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 -
$webserver_int port 80
## FILTERS #
block in log on $ext_if
pass in on $ext_if proto tcp from any to $webserver_ext port 80 keep
state
pass out keep state
#
MY PROBLEM: Whenever I am on my home network and I try to reach
webserver on my lab network, I don't get anything. Whenever I try to
hit the webserver from my work network or several other networks, I
can access the webserver fine. Its only from my home network, I
cannot access the site on my webserver. Any other sites from the home
network work totally fine.
Can see what's wrong with my configs?
For troubleshooting this issue, i captured traffic on my webserver and
saw that requests from my home network DO ARRIVE at the webserver and
the webserver duely sends that data back BUT that data never arrives
on the home network.
If I try to hit any website from my webserver, I can reach it fine.
This is really weared, I would really appreciate any help. I have
tried almost everything to get this going.
Thanks
/Parvinder Bhasin
Re: how to undelete?
I stand corrected then =) However, while trying to salvage some files, I do remember that some info about the file was zeroed. It really wasn't the whole file data, but something related to blocks and/or inodes, like data that leads to the actual data, if that makes sense... Anyway, I couldn't recover the file. On Thu, Jul 10, 2008 at 4:04 AM, Janne Johansson [EMAIL PROTECTED] wrote: On Thu, 2008-07-10 at 03:40 -0300, Leonardo Rodrigues wrote: If I'm not mistaken, openbsd zeroes the data when you delete a file. I remember trying to recover a file and then receiving a 0Kb file =) I think you are mistaken. I would take ages to delete large files in those cases.
Re: PF issue
Parvinder Bhasin wrote:
My home network. Firewall is openbsd (4.3). DSL setup with PPPOE (in
kernel):
cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev dc0 authproto pap \
authname '[EMAIL PROTECTED]' authkey 'password' up
!/sbin/route add default
#
Here is my /etc/pf.conf for this network (HOME). Very simple blocking
everything and allowing everything to go out from my internal network.
# $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or
net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
ext_if=dc0
int_if=fxp0
loopback=lo0
pppoe_if=pppoe0
#table spamd-white persist
set skip on lo
set loginterface $ext_if
set loginterface $int_if
set loginterface $pppoe_if
set loginterface $loopback
scrub in all max-mss 1440
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
# nat on $pppoe_if from 172.16.200.0/24 - $pppoe_if
nat on $pppoe_if from !($pppoe_if) to any - ($pppoe_if)
block in log on $pppoe_if
pass out keep state
If you're able to connect to other stuff other than your webserver, than
this is probably not it. But I'd expect a rule like:
pass in $int_if
Have you tried no filtering at all to see if it works that way? What
about accessing your webserver directly from the firewall box?
Here is my Lab network: setup on static DSL connection with 5 static
IPs:
I am using one for webserving: 75.44.224.2.
my /etc/hostname.sk0 looks like:
inet 75.44.229.1 255.255.255.248 NONE
alias 75.44.229.2 255.255.255.248
I also have a laptop behind this firewall on internal network. Used
for browsing etc.
# MACROS
ext_if=sk0
int_if=gem0
external_ip=75.44.229.1
external_net={75.44.229.17 75.44.229.18 75.44.229.19 75.44.229.20}
internal_ip=172.16.10.10
webserver_ip=75.44.224.2
webserver_int=172.16.10.11
OPTIONS #
set loginterface $ext_if
set loginterface $int_if
scrub in
NAT/REDIRECTS
nat on $ext_if from !($ext_if) to any - ($ext_if:0)
rdr pass on $ext_if proto tcp from any to $webserver_ext port 80 -
$webserver_int port 80
## FILTERS #
block in log on $ext_if
pass in on $ext_if proto tcp from any to $webserver_ext port 80 keep
state
pass out keep state
#
MY PROBLEM: Whenever I am on my home network and I try to reach
webserver on my lab network, I don't get anything. Whenever I try to
hit the webserver from my work network or several other networks, I
can access the webserver fine. Its only from my home network, I
cannot access the site on my webserver. Any other sites from the home
network work totally fine.
Can see what's wrong with my configs?
For troubleshooting this issue, i captured traffic on my webserver and
saw that requests from my home network DO ARRIVE at the webserver and
the webserver duely sends that data back BUT that data never arrives
on the home network.
If I try to hit any website from my webserver, I can reach it fine.
This is really weared, I would really appreciate any help. I have
tried almost everything to get this going.
Thanks
/Parvinder Bhasin
Re: PF issue
On Sun, Jul 20, 2008 at 07:06:39PM -0700, Parvinder Bhasin wrote: my /etc/hostname.sk0 looks like: inet 75.44.229.1 255.255.255.248 NONE alias 75.44.229.2 255.255.255.248 Unrelated, but use 255.255.255.255 for your alias netmask. MY PROBLEM: Whenever I am on my home network and I try to reach webserver on my lab network, I don't get anything. Whenever I try to hit the webserver from my work network or several other networks, I can access the webserver fine. Its only from my home network, I cannot access the site on my webserver. Any other sites from the home network work totally fine. http://www.openbsd.org/faq/pf/rdr.html#reflect -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: PF issue
Have you tried doing a tcpdump on fxp0 and pflog0 while trying to access the web server on home firewall? Might give you clues. Srikant.
it's possible using cd43.iso when make OpenBSD 4.3 ISO?
i have success build OpenBSD 4.3 ISO using floppy43.fs, and after testing, this iso work perfectly. but when i build OpenBSD 4.3 ISO using cd43.iso, my ISO can't boot, i have using options -no-emul-boot because this file to large. it's possibel to using cd43.iso when make OpenBSD 4.3 ISO file? thx
