Booting bsd.rd via PXE on uefi system
Greetings OpenBSD users and developers! I am experimenting with PXE booting on uefi based virtual machine (qemu with ovmf uefi firmware). Currently, I am having difficulty to boot OpenBSD bsd.rd installer via PXE with uefi firmware. Supplying pxeboot as uefi pxe boot file would lead to unsupported format error. Supplying BOOTX64.EFI as pxe boot file doesn't bring the nice OpenBSD boot prompt. Instead, BOOTX64.EFI will only stuck at probing device. Is there a way to boot OpenBSD ramdisk on uefi system via PXE? Thanks.
Re: Driving 4k Display for OpenBSD Workstation
On Fri, Jul 22, 2016 at 02:05:07PM +1000, Jonathan Gray wrote: > There is no kernel support for skylake and it will require firmware. > https://01.org/linuxgraphics/intel-linux-graphics-firmwares > > The intel code in Mesa does not use gallium or LLVM. > > Using efifb with a 4k display would likely be horribly slow due to the > high number of pixels to push. I guess I will find out just how slow. I have two 4k monitors on the way (the Dell P4317W and also an HP Z27s). Perhaps I will pick up some more 30-inch 2560x1600 monitors for now. Thanks for all the info. Bryan
Re: Driving 4k Display for OpenBSD Workstation
On Thu, Jul 21, 2016 at 08:41:04PM -0700, Bryan Vyhmeister wrote: > On Fri, Jul 22, 2016 at 01:25:58PM +1000, Jonathan Gray wrote: > > There is kernel support for TAHITI/PITCAIRN/CAPE VERDE southern > > islands but no userland acceleration as both 2d and 3d acceleration > > require LLVM. > > > > The marketing names are a mess, see > > https://www.x.org/wiki/RadeonFeature/ > > to decode them. > > Thanks for the clarification. That makes sense. Sounds like the better > option is to wait for Skylake inteldrm(4) and use efifb(4) and wsfb(4) > for now. Does Skylake inteldrm(4) require LLVM or anything like that? There is no kernel support for skylake and it will require firmware. https://01.org/linuxgraphics/intel-linux-graphics-firmwares The intel code in Mesa does not use gallium or LLVM. Using efifb with a 4k display would likely be horribly slow due to the high number of pixels to push.
Re: Driving 4k Display for OpenBSD Workstation
On Fri, Jul 22, 2016 at 01:25:58PM +1000, Jonathan Gray wrote: > There is kernel support for TAHITI/PITCAIRN/CAPE VERDE southern > islands but no userland acceleration as both 2d and 3d acceleration > require LLVM. > > The marketing names are a mess, see > https://www.x.org/wiki/RadeonFeature/ > to decode them. Thanks for the clarification. That makes sense. Sounds like the better option is to wait for Skylake inteldrm(4) and use efifb(4) and wsfb(4) for now. Does Skylake inteldrm(4) require LLVM or anything like that? Bryan
Re: Driving 4k Display for OpenBSD Workstation
On Thu, Jul 21, 2016 at 07:44:47PM -0700, Bryan Vyhmeister wrote: > On Thu, Jul 21, 2016 at 10:27:18PM +0300, li...@wrant.com wrote: > > Thu, 21 Jul 2016 11:45:01 -0700 Bryan Vyhmeister> > > My goal for this project is to have an OpenBSD workstation (I run > > > -current) built around 4k displays. > > > > Short answer from user level: I'd personally get more 2560x1440 27" IPS > > monitors for now, and use the excess budget for another set of the same. > > You'd probably have to get a slightly older & cheaper video card (6450). > > I know of no justification for a 5K monitor yet, though I want one too.. > > I am not interested in a 5k monitor, only 4k monitors. I recognize the > Radeon HD 6450 cards work well. I have one now. I also have a 30-inch > 2560x1600 and 34-inch 3440x1440 monitor which all work well. I would > just like more screen real estate which is why 4k monitors are > interesting, particularly the 43-inch Dell P4317W. I would like some > feedback if the Radeon HD 7750 cards work decently with radeondrm(4). I There is kernel support for TAHITI/PITCAIRN/CAPE VERDE southern islands but no userland acceleration as both 2d and 3d acceleration require LLVM. The marketing names are a mess, see https://www.x.org/wiki/RadeonFeature/ to decode them.
Re: Driving 4k Display for OpenBSD Workstation
On Thu, Jul 21, 2016 at 10:27:18PM +0300, li...@wrant.com wrote: > Thu, 21 Jul 2016 11:45:01 -0700 Bryan Vyhmeister> > My goal for this project is to have an OpenBSD workstation (I run > > -current) built around 4k displays. > > Short answer from user level: I'd personally get more 2560x1440 27" IPS > monitors for now, and use the excess budget for another set of the same. > You'd probably have to get a slightly older & cheaper video card (6450). > I know of no justification for a 5K monitor yet, though I want one too.. I am not interested in a 5k monitor, only 4k monitors. I recognize the Radeon HD 6450 cards work well. I have one now. I also have a 30-inch 2560x1600 and 34-inch 3440x1440 monitor which all work well. I would just like more screen real estate which is why 4k monitors are interesting, particularly the 43-inch Dell P4317W. I would like some feedback if the Radeon HD 7750 cards work decently with radeondrm(4). I also know Skylake inteldrm(4) is in the works but is not here yet. Bryan
Re: Question on Theo's dotSecurity paper
patrick keshishian wrote: > Hi, > > Quick question about Theo de Raadt's "Presentations: dotSecurity > 2016"[1]. Slide 11 says "Most violations result in process being killed", > not all violations? > > Just wanted clarification here. If you look at kern_pledge.c, you'll see a couple instances where EPERM is returned instead of killing the process.
Re: httpd/slowcgi - httpoxy vurnerability
Good. Now take the steps to fix the problem you've created. Further reading at https://httpoxy.org On Jul 21, 2016 21:54, "Jiri B"wrote: Hi, Red Hat found a vulnerability in various web servers and frameworks related to env variable passed to cgi scripts, see below: HTTPoxy - CGI "HTTP_PROXY" variable name clash https://access.redhat.com/security/vulnerabilities/httpoxy I was able to reproduce on OpenBSD httpd/slowcgi (6.0-beta from Jul 1). j. ~~~ # slowcgi -d slowcgi: socket: /var/www/run/slowcgi.sock slowcgi: slowcgi_user: www slowcgi: chroot: /var/www slowcgi: inflight incremented, now 1 slowcgi: version: 1 slowcgi: type:1 slowcgi: requestId: 1 slowcgi: contentLength: 8 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: role 1 slowcgi: flags0 slowcgi: version: 1 slowcgi: type:4 slowcgi: requestId: 1 slowcgi: contentLength: 448 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: env[0], PATH_INFO= slowcgi: env[1], SCRIPT_NAME=/cgi-bin/testovic slowcgi: env[2], SCRIPT_FILENAME=//cgi-bin/testovic slowcgi: env[3], QUERY_STRING= slowcgi: env[4], DOCUMENT_ROOT=/ slowcgi: env[5], DOCUMENT_URI=/cgi-bin/testovic slowcgi: env[6], GATEWAY_INTERFACE=CGI/1.1 slowcgi: env[7], HTTP_ACCEPT=*/* slowcgi: env[8], HTTP_HOST=localhost slowcgi: env[9], HTTP_PROXY=AFFECTED slowcgi: env[10], HTTP_USER_AGENT=curl/7.49.0 slowcgi: env[11], REMOTE_ADDR=127.0.0.1 slowcgi: env[12], REMOTE_PORT=30357 slowcgi: env[13], REQUEST_METHOD=GET slowcgi: env[14], REQUEST_URI=/cgi-bin/testovic slowcgi: env[15], SERVER_ADDR=127.0.0.1 slowcgi: env[16], SERVER_PORT=80 slowcgi: env[17], SERVER_NAME=default slowcgi: env[18], SERVER_PROTOCOL=HTTP/1.1 slowcgi: env[19], SERVER_SOFTWARE=OpenBSD httpd slowcgi: version: 1 slowcgi: type:4 slowcgi: requestId: 1 slowcgi: contentLength: 0 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: fork: //cgi-bin/testovic slowcgi: version: 1 slowcgi: type:5 slowcgi: requestId: 1 slowcgi: contentLength: 0 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: resp version: 1 slowcgi: resp type:6 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 47 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp version: 1 slowcgi: resp type:6 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 0 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp version: 1 slowcgi: resp type:7 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 0 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: wait: //cgi-bin/testovic slowcgi: resp version: 1 slowcgi: resp type:3 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 8 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp appStatus: 0 slowcgi: resp protocolStatus: 0 $ curl -H 'Proxy: AFFECTED' http://localhost/cgi-bin/testovic HTTP_PROXY='AFFECTED' $ cat /var/www/cgi-bin/testovic #!/bin/sh echo "Content-Type:text/plain " echo "HTTP_PROXY='$HTTP_PROXY'" ~~~
Re: how would you troubleshoot your wifi?
Worked! Thanks Stefan! On Thu, Jul 21, 2016 at 8:34 PM, Stefan Sperlingwrote: > > On Thu, Jul 14, 2016 at 01:13:21PM +0800, Miles Keaton wrote: > > iwm0: hw rev 0x140, fw ver 25.228 (API ver 9), address 5b:51:4f:a1:16:d9 > > iwm0: fatal firmware error > > You got some answers already but they were all misleading. > I believe I've already fixed this bug. Please verify my assumption by > upgrading to -current now and letting me know if the problem persists. > (Run fw_update iwm before upgrading or iwm won't work during the upgrade!)
httpd/slowcgi - httpoxy vurnerability
Hi, Red Hat found a vulnerability in various web servers and frameworks related to env variable passed to cgi scripts, see below: HTTPoxy - CGI "HTTP_PROXY" variable name clash https://access.redhat.com/security/vulnerabilities/httpoxy I was able to reproduce on OpenBSD httpd/slowcgi (6.0-beta from Jul 1). j. ~~~ # slowcgi -d slowcgi: socket: /var/www/run/slowcgi.sock slowcgi: slowcgi_user: www slowcgi: chroot: /var/www slowcgi: inflight incremented, now 1 slowcgi: version: 1 slowcgi: type:1 slowcgi: requestId: 1 slowcgi: contentLength: 8 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: role 1 slowcgi: flags0 slowcgi: version: 1 slowcgi: type:4 slowcgi: requestId: 1 slowcgi: contentLength: 448 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: env[0], PATH_INFO= slowcgi: env[1], SCRIPT_NAME=/cgi-bin/testovic slowcgi: env[2], SCRIPT_FILENAME=//cgi-bin/testovic slowcgi: env[3], QUERY_STRING= slowcgi: env[4], DOCUMENT_ROOT=/ slowcgi: env[5], DOCUMENT_URI=/cgi-bin/testovic slowcgi: env[6], GATEWAY_INTERFACE=CGI/1.1 slowcgi: env[7], HTTP_ACCEPT=*/* slowcgi: env[8], HTTP_HOST=localhost slowcgi: env[9], HTTP_PROXY=AFFECTED slowcgi: env[10], HTTP_USER_AGENT=curl/7.49.0 slowcgi: env[11], REMOTE_ADDR=127.0.0.1 slowcgi: env[12], REMOTE_PORT=30357 slowcgi: env[13], REQUEST_METHOD=GET slowcgi: env[14], REQUEST_URI=/cgi-bin/testovic slowcgi: env[15], SERVER_ADDR=127.0.0.1 slowcgi: env[16], SERVER_PORT=80 slowcgi: env[17], SERVER_NAME=default slowcgi: env[18], SERVER_PROTOCOL=HTTP/1.1 slowcgi: env[19], SERVER_SOFTWARE=OpenBSD httpd slowcgi: version: 1 slowcgi: type:4 slowcgi: requestId: 1 slowcgi: contentLength: 0 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: fork: //cgi-bin/testovic slowcgi: version: 1 slowcgi: type:5 slowcgi: requestId: 1 slowcgi: contentLength: 0 slowcgi: paddingLength: 0 slowcgi: reserved:0 slowcgi: resp version: 1 slowcgi: resp type:6 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 47 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp version: 1 slowcgi: resp type:6 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 0 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp version: 1 slowcgi: resp type:7 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 0 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: wait: //cgi-bin/testovic slowcgi: resp version: 1 slowcgi: resp type:3 slowcgi: resp requestId: 1 slowcgi: resp contentLength: 8 slowcgi: resp paddingLength: 0 slowcgi: resp reserved:0 slowcgi: resp appStatus: 0 slowcgi: resp protocolStatus: 0 $ curl -H 'Proxy: AFFECTED' http://localhost/cgi-bin/testovic HTTP_PROXY='AFFECTED' $ cat /var/www/cgi-bin/testovic #!/bin/sh echo "Content-Type:text/plain " echo "HTTP_PROXY='$HTTP_PROXY'" ~~~
Re: choosing OpenBSD for fileserver instead of FreeBSD + ZFS
On 20 July 2016, Miles Keatonwrote: > Got a fileserver with a few terabytes of important personal media, > like all old home movies, baby photos, etc. Files that I want my > family to have access to when I die. > > Really it's more of a file archive. A backup. Just rsync + ssh. > Serving it isn't the point. Just preserving it forever. [...] Don't rely on your machines alone. As other people have pointed out, a fire can ruin your backup in a few minutes. There are online storage services, make copies of your backups to two or more separate systems like this, and make sure your family know about them, and know how to restore your files from them. Only when you have that sorted out spend time optimizing your local bakup system. Regards, Liviu Daia
spreed server
Has anyone tried to build the spreed server? https://github.com/strukturag/spreed-webrtc I tried, but the configure would not run with openbsd automake, autoconf and m4 packages. When I loaded the GNU equivalents, the configure ran but the makefile produced did not work, probably because the openbsd packages were not used.
Re: Driving 4k Display for OpenBSD Workstation
Thu, 21 Jul 2016 11:45:01 -0700 Bryan Vyhmeister> My goal for this project is to have an OpenBSD workstation (I run > -current) built around 4k displays. [...] > Any recommendations? Thank you. Short answer from user level: I'd personally get more 2560x1440 27" IPS monitors for now, and use the excess budget for another set of the same. You'd probably have to get a slightly older & cheaper video card (6450). I know of no justification for a 5K monitor yet, though I want one too..
Re: Bare-metal PM953 / 850/950 PRO/EVO IO benchmark anyone? Re: Disk I/O performance of OpenBSD 5.9 on Xen
On 07/20/16 04:20, Tinker wrote: > It would be more interesting to get an idea of how a quality SSD such as > how the Samsung PM953 / 850/950 PRO/EVO performs on various hardware > with OpenBSD running bare-metal. TL;DR no bonnie, but direct comparison of rotating rust vs ssd, on a recent snapshot. Slightly longer version - this list and tech@ have seen numerous posts involving the Clevo laptop I bought rougly two years ago. Nice machine really, the first dmesg relevant to this post is up at https://home.nuug.no/~peter/dmesg.hd.txt - the machine came with both SSD sd1 at scsibus1 targ 1 lun 0:SCSI3 0/direct fixed naa.500a07510c250249 sd1: 228936MB, 512 bytes/sector, 468862128 sectors, thin and a somewhat larger hard disk sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed naa.50014ee659ea420c sd0: 953869MB, 512 bytes/sector, 1953525168 sectors I of course went with the SSD as the system disk (there was no way to convince the firmware to make the SSD appear as sd0, so whenever I upgrade I need to remember that root is on sd1, but I digress), and the sold-as-terabyte hard drive for my /home partition. I kind of liked having that space, and well, it's quite a nice machine. The only problem really is that whenever there's significant disk IO, there is more noise than the lady of the house appreciates having within a meter or two of her ears. So this week, not really for performance reasons but rather hoping that solid state storage would produce less noise than rotating rust platters, I decided that I would replace the hard drive with an SSD of equal size. After *several minutes* of browsing, I decided a Samsung 850 PRO SSD 1TB - MZ-7KE1T0BW was what I wanted. The package arrived yesterday but for various practical reasons I only got around to doing the switch this morning. The last thing I did before shutting down to switch the storage units was this: [Mon Jul 18 18:12:27] peter@elke:~$ time dd if=/dev/random of=foo.out bs=1k count=1k 1024+0 records in 1024+0 records out 1048576 bytes transferred in 0.023 secs (45375222 bytes/sec) real0m0.426s user0m0.000s sys 0m0.020s [Thu Jul 21 10:41:25] peter@elke:~$ time dd if=/dev/random of=foo.out bs=1k count=1m 1048576+0 records in 1048576+0 records out 1073741824 bytes transferred in 14.856 secs (72274766 bytes/sec) real0m16.745s user0m0.070s sys 0m5.870s [Thu Jul 21 10:55:38] peter@elke:~$ time du -hs . 355G. real13m56.428s user0m0.930s sys 0m12.530s Not really a benchmark, but data points. The system with the SSD for the /home drive looks like this: https://home.nuug.no/~peter/dmesg.ssd.txt For the impatient, [Thu Jul 21 20:26:57] peter@elke:~/20160721_ssd_before-after$ diff dmesg.hd.txt dmesg.ssd.txt 18c18 < cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 2793.92 MHz --- > cpu0: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 2793.89 MHz 36c36 < cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 2793.54 MHz --- > cpu3: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, 2793.53 MHz 108,109c108,109 < sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed naa.50014ee659ea420c < sd0: 953869MB, 512 bytes/sector, 1953525168 sectors --- > sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed naa.500253884019088e > sd0: 976762MB, 512 bytes/sector, 2000409264 sectors, thin Then after dealing with various $DAYJOB-related stuff while my data was copied, I re-ran that sequence of commands: [Thu Jul 21 20:23:52] peter@elke:~$ time dd if=/dev/random of=foo.out bs=1k count=1k 1024+0 records in 1024+0 records out 1048576 bytes transferred in 0.010 secs (104471057 bytes/sec) real0m0.017s user0m0.000s sys 0m0.010s [Thu Jul 21 20:23:53] peter@elke:~$ time dd if=/dev/random of=foo.out bs=1k count=1m 1048576+0 records in 1048576+0 records out 1073741824 bytes transferred in 10.468 secs (102565159 bytes/sec) real0m10.473s user0m0.100s sys 0m10.290s [Thu Jul 21 20:24:13] peter@elke:~$ time du -hs . 357G. real0m12.800s user0m0.730s sys 0m7.270s At this point, I hear you say, "in other news, 'Water Still Wet'", or, as expected, solid state storage does indeed perform better than rotating platters with rust on them. And for the noise level part, when I said I thought the machine was both lighter and quieter, my sweetheart answered she hadn't noticed I had the machine perched on my knees. So it's a success on all stated criteria, only the monetary unit per unit of storage is still slightly disadvantageous for the solid state units, to the point that I'll need to hold on to this particular laptop for a while longer than I had originally imagined. Then again, now that the thing is actually silent for the most part, that may not be a bad thing. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember
Driving 4k Display for OpenBSD Workstation
My goal for this project is to have an OpenBSD workstation (I run -current) built around 4k displays. I have a Dell P4317W 4k display on order and I am going to order a couple of other 4k displays as well. I have a Radeon HD 6870 Eyefinity 6 card which should be supported by radeondrm(4) but it does not support 4k displays at 60Hz. There is a Radeon HD 7750 card that also has six Mini DisplayPort connectors and does support 4k displays but I am not totally clear if it will work well with radeondrm(4). Reading the archives is not quite clear on this. The alternative is to use a Skylake processor with integrated graphics and use efifb(4) and wsfb(4) for now which I presume would work well enough although not as well as something supported by inteldrm(4). I am using my ThinkPad X260 with efifb(4) and wsfb(4) which works pretty well but it would be nice to have properly accelerated Xorg. Any recommendations? Thank you. Bryan
Re: how would you troubleshoot your wifi?
sorry, my response was not precise - the "fatal" error is gone now but the observed performance problems are still there.
Re: Native C written i2pd port for OpenBSD
On Thu Jul 21, 2016 at 12:49:25PM +0300, Denis Lapshin wrote: > Hi there. > > Looking for a OpenBSD port of PurpleI2P/i2pd C written project (non java > version). > Github link: https://github.com/PurpleI2P/i2pd > > Building it from scratch make a lot of errors. > > Please suggest. > > Denis I try to port i2pd for you today: https://github.com/jasperla/openbsd-wip/commit/670284343b3d8c7b99f36514c2aa9a9040d32e52 https://github.com/jasperla/openbsd-wip/tree/master/net/i2pd My first test looks good. Runtime feedback is obligation (not @misc) ;) Kind Regards, Rafael
Re: how would you troubleshoot your wifi?
On 07/21/16 10:34, Stefan Sperling wrote: > On Thu, Jul 14, 2016 at 01:13:21PM +0800, Miles Keaton wrote: >> iwm0: hw rev 0x140, fw ver 25.228 (API ver 9), address 5b:51:4f:a1:16:d9 >> iwm0: fatal firmware error > > You got some answers already but they were all misleading. > I believe I've already fixed this bug. Please verify my assumption by > upgrading to -current now and letting me know if the problem persists. > (Run fw_update iwm before upgrading or iwm won't work during the upgrade!) > > I'm also observing this error and I'm experiencing massive problems with regard to wireless performance on current (compared to 5.9 at some point) - unfortunately, I've been observing these for some time now. My guess would be that its related to iwm(4) but it could potentially also be related to the ral(4) side which runs in 802.11g hostap mode on current. I didn't have any time in order to look into this deeper yet -- I also made some changes with regard to the position of my access point but this (at least now) seems to be completely unrelated to the observed problems. Sorry for being of no help atm with regard to reporting observed problems with current in a timely manner. Best regards Andreas OpenBSD 6.0 (GENERIC.MP) #0: Thu Jul 21 04:55:30 CEST 2016 a...@obsd.bartelt.name:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8277159936 (7893MB) avail mem = 8021778432 (7650MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xccbfd000 (64 entries) bios0: vendor LENOVO version "N10ET38W (1.17 )" date 08/20/2015 bios0: LENOVO 20CMCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 798.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 798.15 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 798.15 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 798.15 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148
Question on Theo's dotSecurity paper
Hi, Quick question about Theo de Raadt's "Presentations: dotSecurity 2016"[1]. Slide 11 says "Most violations result in process being killed", not all violations? Just wanted clarification here. Thanks, --patrick [1] http://www.openbsd.org/papers/dot2016.pdf
Install OpenBSD on disks larger than 2TB
Hey, i am using OpenBSD with two harddrives. Both of them are 2 TB and i put them in a Raid 1 (mirroring) using softraid0. It works perfect, the system boots from the raid 1 and runs perfectly. Sadly now 2 TB is not enought disc space anymore and i got some new 4TB drives. I suceeded in crating a raid 1 on them, but i am unable to boot of those drives. Do you have any ideas what i could try next? Here is what i did so far: fdisk -igy sd0 fdisk -igy sd1 disklabel -E sd0 (created a partition of type RAID) disklabel -E sd1 (created the same disklayout) bioctl -c1 -l sd0a,sd1a softraid0 (resulted in sd2 beeing created) I can install OpenBSD on the new sd2 but i cannot boot from it. I used the latest snapshot to try this. Any ideas? Thanks and greetings Leo
Re: choosing OpenBSD for fileserver instead of FreeBSD + ZFS
Hello Miles, I did research the matter about 18 month (or maybe 2 years) ago for the business, even asked the list. Decided in favor of FreeNAS (based on FreeBSD+ZFS if someone doesn't know). Can't tell how it went because the project died for reasons unrelated to the storage. If you decide to go with OpenBSD I'd strongly suggest to use a good hardware RAID controller (not relaying on the softraid). Make sure it's supported. I've had a good experience with HP Smart Array Pxx series. You can buy older models quite cheap on ebay (if you trust ebay). Haven't checked it on a "generic" PC though. Install the battery and replace it than the system complains (on boot or otherwise) - also sold on ebay. RAID5 might not be enough than dealing with "few terabytes" - there is a risk of a second disk corruption due a high activity during recovery (google the subject). Consider RAID6 or RAID10 (1E, 1C, etc.) - both require a minimum of four disks. I was told that fsck requires about 1G of memory per 1T of space. Could be dealt with by splitting to multiple partitions (labels). The ZFS memory requirements aren't lower anyway. You need some sort of snapshoted (!) backup. Even if the RAID saves you from the disk corruption (the "if" here bigger than most people think), a human error (or a virus on someone's computer/phone) can destroy all your data, and than a rsync can propagate the "changes" to the backup (also destroying it if you don't have proper snapshots). The snapshots don't need to be called "snapshots" - any sort of backup with possibility to restore to an older date will do. Wednesday, July 20, 2016, 6:52:04 AM, you wrote: MK> Got a fileserver with a few terabytes of important personal media, like all MK> old home movies, baby photos, etc. Files that I want my family to have MK> access to when I die. MK> Really it's more of a file archive. A backup. Just rsync + ssh. Serving MK> it isn't the point. Just preserving it forever. MK> (It's all unencrypted. It's not that kind of private. Private and offline MK> from the outside world, but public within the family.) MK> For years it's been on a Synology, Linux ext4 filesystem. Now I'm making a MK> new clone of it (new PC) to be in a different location. MK> I assumed I'd use FreeBSD + ZFS because of ZFS's checksum features. But MK> really I love and prefer OpenBSD for everything else, and don't want any MK> other ZFS features : just that checksum. MK> So I figure if I use OpenBSD + softraid RAID 5 (across 4 disks) and then MK> write my own little shell script to track the MD5 (find . -type f -exec md5 MK> {} \;) whenever I make changes, that should be enough to see if a file has MK> been changed due to disk corruption. MK> (Which makes me realize I don't know a damn thing about disk corruption, MK> only that it's happened a few times in the past. The occasional JPG or MP3 MK> from the late 90s that used to work but now doesn't, and who-knows-why.) MK> Before I embark on this direction for a fileserver, I thought I should MK> check with the smart people here on misc: MK> Any tips from anyone who's done something similar? MK> Or would anyone advise me against OpenBSD or this MD5 log approach for a MK> fileserver like this? -- Best regards, Borismailto:psi...@prodigy.net
Re: choosing OpenBSD for fileserver instead of FreeBSD + ZFS
On Wed, Jul 20, 2016 at 02:00:33PM +0200, Solène wrote: > Also, make backup. Raid5 will prevent data loss when a disk fail, but if 2 > disks fails or if the filesystem get corrupted, you will lose your data. > When you have multiple terabyte of data, if you use multiple disks that have > been made at the same time, chances are that they can fail at the same time, > also, rebuilding a few terabytes can takes time. Having backup with > rsnapshot to keep track of a few days changes can be a good idea, or at > least save very important data if you can't afford saving everything (maybe > the loss of the musics or videos files is acceptable ?) > As I understand, the worst thing you can do to your hardware and your disks is to power off. Shock to the power supply, motherboard components and the disks have to spin up again, which often times they can't do, but would keep spinning reliably for another couple of years if never powered down. So would it be best to keep a system like this up 24/7? How does life expectancy compare using home PC versus server PC? Are there hard drives out there that stop spinning on their own after a certain time if inactive? SSD's are getting much bigger now. Are they now considered more reliable, less reliable or not decided yet against spinning disks? Chris Bennett
strange behaviour spamd
Hi there, I noticed that a trapped ip gets whitelisted when there are still greylisted messages. this shouldn't happen when I use the -a -t switches to trap the ip or do I miss something here ? Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
Thu, 21 Jul 2016 09:54:05 +0200 Denis Fondras> Hi John, > > > Can anybody recommend a good cloud storage provider that has access > > via sftp or rsync tunneled through ssh? Everything I have found > > seems targeted at Windows, Linux, phones etc. with no > > platform-agnostic interface. > > French hoster Online.net has a new storage service called C14. > https://blog.online.net/2016/07/04/c14-the-secure-cold-storage-platform-for-free-during-the-summer/ > > It is cheap and you can access with rsync but it is "cold storage" > and the delay might make it a no-go. It is also hosted in France so > the government blackboxes will read all your traffic :o Also, French OVH offers personal dedicated servers (kimsufi.com brand), located in FR and CA for lower monthly than most virtual server offers. OVH Kimsufi (USD) [https://www.kimsufi.com/us/en/servers.xml] OVH Kimsufi (EUR) [https://www.kimsufi.com/en/servers.xml] You can install OpenBSD and get away with real HDD storage inexpensive. They also offer OpenStack KVM SSD VPS packages, these I've not tested: OVH VPS SSD (USD) https://www.ovh.com/us/vps/vps-ssd.xml OVH VPS SSD (EUR) https://www.ovh.ie/vps/vps-ssd.xml I'm not related to these, it's inexpensive enough to self host though..
Re: Native C written i2pd port for OpenBSD
Short answer: you'll probably have to get your hands dirty and help port it. Open an issue, talk to maintainers, see what you can do to help. On Thu, 21 Jul 2016, Denis Lapshinwrote: > Hi there. > > Looking for a OpenBSD port of PurpleI2P/i2pd C written project (non java > version). > Github link: https://github.com/PurpleI2P/i2pd > > Building it from scratch make a lot of errors. > > Please suggest. > > Denis
Native C written i2pd port for OpenBSD
Hi there. Looking for a OpenBSD port of PurpleI2P/i2pd C written project (non java version). Github link: https://github.com/PurpleI2P/i2pd Building it from scratch make a lot of errors. Please suggest. Denis
Re: openbgpd blackhole community
On Wed, Jul 20, 2016 at 11:05:03PM +0200, Hrvoje Popovski wrote: > Hi all, > > here at CIX we want to implement BLACKHOLE based on > https://tools.ietf.org/html/draft-ietf-grow-blackholing > > presentation > https://www.ietf.org/proceedings/94/slides/slides-94-grow-1.pdf > > Recommendation is to have Blackhole BGP Community: 65535:666, but when > configure that community i'm getting "Bad community AS number". > > Is there any problem to allow 65535 in community ? > > > configuration: > > AS 65005 > router-id 10.192.192.124 > listen on 10.192.192.124 > holdtime 180 > holdtime min 3 > fib-update no > log updates > nexthop qualify via bgp > transparent-as yes > > group rsip4 { > local-address 10.192.192.124 > announce IPv6 none > announce IPv4 unicast > set nexthop no-modify > enforce neighbor-as yes > announce all > neighbor 10.192.192.65 { > remote-as 123 > max-prefix 1024 restart 5 > passive > } > neighbor 10.192.192.87 { > remote-as 124 > max-prefix 1024 restart 5 > passive > } > neighbor 10.192.192.66 { > remote-as 125 > max-prefix 1024 restart 5 > passive > } > } > > deny from any inet prefixlen 8 >< 24 > allow from any inet prefixlen 16 - 32 community 65535:666 > > match from any community 65535:666 set nexthop 10.192.192.90 > match from any set community 65005:65000 > > deny to group rsip4 community 65005:65000 > deny to group rsip4 community 0:65005 > allow to group rsip4 community 65005:65005 > deny to group rsip4 community 0:neighbor-as > allow to group rsip4 community 65005:neighbor-as > > match to group rsip4 prefix 10.192.192.64/26 set prepend-self 1 > Just use "community BLACKHOLE" instead of 65535:666 and it will work. -- :wq Claudio
Re: how would you troubleshoot your wifi?
On Thu, Jul 14, 2016 at 01:13:21PM +0800, Miles Keaton wrote: > iwm0: hw rev 0x140, fw ver 25.228 (API ver 9), address 5b:51:4f:a1:16:d9 > iwm0: fatal firmware error You got some answers already but they were all misleading. I believe I've already fixed this bug. Please verify my assumption by upgrading to -current now and letting me know if the problem persists. (Run fw_update iwm before upgrading or iwm won't work during the upgrade!)
Re: how would you troubleshoot stuttering video? (Lenovo Thinkpad)
On Tue, Jul 19, 2016 at 5:31 AM, Alexandre Ratchovwrote: > If you have some time, could you build a kernel with the > AZALIA_DEBUG option, reboot using the new kernel and send me the > output of dmesg once with the mic disabled in the bios and once > with the mic enabled. This way we could compare them and possibly > find a fix. > Happy to help! Here are the two dmesg, using -current. Let me know if I can help/test in any way. # DISABLED: OpenBSD 6.0 (AZALIA) #0: Thu Jul 21 11:52:32 NZST 2016 derek@t440s.x:/usr/src/sys/arch/amd64/compile/AZALIA real mem = 8246124544 (7864MB) avail mem = 7991668736 (7621MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (61 entries) bios0: vendor LENOVO version "GJET67WW (2.17 )" date 12/10/2013 bios0: LENOVO 20AQCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI POAT ASF! BATB FPDT UEFI SSDT DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 1995.67 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT ,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE, BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 1995.38 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT ,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE, BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 1995.38 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT ,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE, BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 1995.38 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT ,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE, BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 200 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN0036" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1773" serial 32828 type LION oem "SANYO" acpibat1 at acpi0: BAT1 model "45N1737" serial 26275 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured "INT33A0" at acpi0 not configured acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
Hi John, > Can anybody recommend a good cloud storage provider that has access via sftp > or rsync tunneled through ssh? Everything I have found seems targeted at > Windows, Linux, phones etc. with no platform-agnostic interface. > French hoster Online.net has a new storage service called C14. https://blog.online.net/2016/07/04/c14-the-secure-cold-storage-platform-for-free-during-the-summer/ It is cheap and you can access with rsync but it is "cold storage" and the delay might make it a no-go. It is also hosted in France so the government blackboxes will read all your traffic :o Denis
Re: vm example
On 2016 Jul 20 (Wed) at 21:43:33 -0700 (-0700), Stephen Graf wrote: :Does anyone have an example of setting up vm? : : : :I am running into a problem with /dev/vmm not configured when trying to run :vmd. (OpenBSD 5.9, amd64) : vmm is not yet ready, so it is not enabled. You won't have the experience you desire, so I recommend waiting until we turn it on. -- Matter cannot be created or destroyed, nor can it be returned without a receipt.
Re: Override NGROUPS_MAX
> On Thu, Jul 21, 2016 at 2:31 AM, Artturi Almwrote: > > On Wed, Jul 20, 2016 at 06:32:49PM -0400, Eric Furman wrote: > >> The person didn't make a simple config change they made > >> a change to the actual kernal code. > >> Huge difference. > > > > thank you for your reply, but that's no answer to my question, and > > you have no sense for my lack of humour it seems. > > the Huge difference is between kernel and kernal code, now have you used > > config to make changes to usar code? you should test the diff i sent, if > so. > > There are a spectrum of possible changes that someone may make from > inconsequential to forked project. Your diff made running config(8) > emit a warning even if the user had made *no* changes to a provided > GENERIC config, effectively claiming that we deny support if they > don't ship a kernel theo builds, but that is *not* the case. Indeed, > we provide errata including kernel patches for the last couple > releases. We are not that dogmatic. > > What's we're saying is that while many changes have no effect on > support or will be gladly merged into the base in some form, other > changes go beyond what the project can or will support. There is no > easily stated rule for this and the effective rule changes in various > ways as our understanding changes and as the world changes. For > example, a year ago changes that would fail on static-lib-only archs > would not be accepted; now they are. Theo is saying that the world > and the project will need to change in many, many ways before > Sébastien's diff would be supported and we don't see that happening in > the foreseeable future. I'll add something more. We already suffer from low quality in many bug reports. People very often forget to mention they have tweaks of their own. Resizing such an array could lead to many unknown consequences, which we don't want to think though. Our function in this ecosystem definately does not include dealing with other people's bullshit decisions...
Re: openbgpd blackhole community
Hi We had previously limited which communities could be set within the Well Known Community range, but that limitation has been fixed in 5.9. We also support "community BLACKHOLE", as a convienence. -peter On 2016 Jul 20 (Wed) at 23:05:03 +0200 (+0200), Hrvoje Popovski wrote: :Hi all, : :here at CIX we want to implement BLACKHOLE based on :https://tools.ietf.org/html/draft-ietf-grow-blackholing : :presentation :https://www.ietf.org/proceedings/94/slides/slides-94-grow-1.pdf : :Recommendation is to have Blackhole BGP Community: 65535:666, but when :configure that community i'm getting "Bad community AS number". : :Is there any problem to allow 65535 in community ? : : :configuration: : :AS 65005 :router-id 10.192.192.124 :listen on 10.192.192.124 :holdtime 180 :holdtime min 3 :fib-update no :log updates :nexthop qualify via bgp :transparent-as yes : :group rsip4 { :local-address 10.192.192.124 :announce IPv6 none :announce IPv4 unicast :set nexthop no-modify :enforce neighbor-as yes :announce all :neighbor 10.192.192.65 { :remote-as 123 :max-prefix 1024 restart 5 :passive :} :neighbor 10.192.192.87 { :remote-as 124 :max-prefix 1024 restart 5 :passive :} :neighbor 10.192.192.66 { :remote-as 125 :max-prefix 1024 restart 5 :passive :} :} : :deny from any inet prefixlen 8 >< 24 :allow from any inet prefixlen 16 - 32 community 65535:666 : :match from any community 65535:666 set nexthop 10.192.192.90 :match from any set community 65005:65000 : :deny to group rsip4 community 65005:65000 :deny to group rsip4 community 0:65005 :allow to group rsip4 community 65005:65005 :deny to group rsip4 community 0:neighbor-as :allow to group rsip4 community 65005:neighbor-as : :match to group rsip4 prefix 10.192.192.64/26 set prepend-self 1 : -- Baruch's Observation: If all you have is a hammer, everything looks like a nail.
Re: Differences between etherip(4) and gif(4)
> I noticed that the etherip pseudo-device appeared with OpenBSD 5.9 which is > intended for tunnelling. > > Prior to this I have been using the gif pseudo device to accomplish much the > same thing (in my case L2 over L3). > > Apart from specifying the mtu to lower value to avoid problems with larger > frames, is there any real advantage with the new etherip device? Let me see if I know your pain. A route forcing traffic ipsec traffic into a gif that is a member of the bridge, to fragment; and on the other end, defragging it into full MTU traffic. Such a configuration requires a lot of pieces. It is fragile configuration, and you need to be very careful using such a machine for too many other network services. etherip makes a few of those steps easier. It is still new, so try it out.