Re: OpenBSD 6.1: BOOTIA32 3.32 issue
On Wed, May 10, 2017 at 08:35:28PM +0200, Patrick Wildt wrote: > On Wed, May 10, 2017 at 03:14:30PM +0200, Stefan Sperling wrote: > > On Tue, May 09, 2017 at 09:47:14PM +0200, Michele Curti wrote: > > > On Tue, May 09, 2017 at 09:36:02PM +0200, Michele Curti wrote: > > > > On Tue, May 09, 2017 at 10:20:03AM +0200, Michele Curti wrote: > > > > > Hi all, I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay > > > > > trail, 32 bit efi, 64 bit os) but the bootloader do not correctly > > > > > detect the internal disk. > > > > > > > > > > I also tried a fresh install, but things do not change. Boot fails > > > > > and when I do a "machine diskinfo" I got a lot of "?" symbols (a video > > > > > here https://www.youtube.com/watch?v=fsomNX-oFTQ ) > > > > > Thanks to yasuoka fix I just noted that using dp0 instead of dp changes the diskinfo disks order # setting efi_bootdp = dp; DiskBlkSiz IoAlign SizeFlags Checksum hd0 512 1 29GB0x2 0xad4a42c3 hd1 512 1 4MB 0x0 0x0 hd2 512 1 4MB 0x0 0x0 # setting efi_bootdp = dp0; DiskBlkSiz IoAlign SizeFlags Checksum hd0 512 1 4MB 0x0 0x0 hd1 512 1 4MB 0x0 0x0 hd2 512 1 29GB0x2 0xad4a42c3 So I can use the stock bootloader without changes but I must do a boot> set device hd2a Do not know how much useful is this info... Michele
Re: OpenBSD 6.1: BOOTIA32 3.32 issue
On Thu, May 11, 2017 at 10:42:04AM +0900, YASUOKA Masahiko wrote: > Hi, > > On Tue, 9 May 2017 10:20:03 +0200 > Michele Curtiwrote: > > I also tried a fresh install, but things do not change. > > Boot fails and when I do a "machine diskinfo" I got a lot of "?" > > symbols (a video here https://www.youtube.com/watch?v=fsomNX-oFTQ ) > > Hanging on "machine diskinfo" seems to be a different problem. > The diff is already committed. Can you test this? Yes, no more hangs, thank you! boot> machine diskinfo DiskBlkSiz IoAlign SizeFlags Checksum hd0 512 1 4MB 0x0 0x0 hd1 512 1 4MB 0x0 0x0 hd2 512 1 29GB0x2 0xad4a42c3 Michele > > (I'll look into another problem later) > > Index: sys/arch/amd64/stand/efiboot/efidev.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efidev.c,v > retrieving revision 1.24 > diff -u -p -r1.24 efidev.c > --- sys/arch/amd64/stand/efiboot/efidev.c 24 Dec 2016 08:41:13 - > 1.24 > +++ sys/arch/amd64/stand/efiboot/efidev.c 11 May 2017 01:31:13 - > @@ -789,7 +789,7 @@ efi_dump_diskinfo(void) > printf("hd%d\t%u\t%u\t%u%s\t0x%x\t0x%x\t%s\n", > (bdi->bios_number & 0x7f), > ed->blkio->Media->BlockSize, > - ed->blkio->Media->IoAlign, siz, sizu, > + ed->blkio->Media->IoAlign, (int)siz, sizu, > bdi->flags, bdi->checksum, > (ed->blkio->Media->RemovableMedia)? "Removable" : ""); > } >
Re: OpenBSD 6.1: BOOTIA32 3.32 issue
Hi, On Tue, 9 May 2017 10:20:03 +0200 Michele Curtiwrote: > I also tried a fresh install, but things do not change. > Boot fails and when I do a "machine diskinfo" I got a lot of "?" > symbols (a video here https://www.youtube.com/watch?v=fsomNX-oFTQ ) Hanging on "machine diskinfo" seems to be a different problem. The diff is already committed. Can you test this? (I'll look into another problem later) Index: sys/arch/amd64/stand/efiboot/efidev.c === RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efidev.c,v retrieving revision 1.24 diff -u -p -r1.24 efidev.c --- sys/arch/amd64/stand/efiboot/efidev.c 24 Dec 2016 08:41:13 - 1.24 +++ sys/arch/amd64/stand/efiboot/efidev.c 11 May 2017 01:31:13 - @@ -789,7 +789,7 @@ efi_dump_diskinfo(void) printf("hd%d\t%u\t%u\t%u%s\t0x%x\t0x%x\t%s\n", (bdi->bios_number & 0x7f), ed->blkio->Media->BlockSize, - ed->blkio->Media->IoAlign, siz, sizu, + ed->blkio->Media->IoAlign, (int)siz, sizu, bdi->flags, bdi->checksum, (ed->blkio->Media->RemovableMedia)? "Removable" : ""); }
Re: PF queueing confusion
Il 11/05/2017 01:42, Erling Westenvik ha scritto: > Check out pfctl(8) and the -F option. The issue might be resolvable > simply by flushing one or more of the filter parameters you'll find > there. I had always assumed that loading a new ruleset with pfctl -f also implied "-F all". This explains a lot :) Thank you
Re: Why would I need a container like Docker?!
> Now, everyone is telling me I should run Docker and a completely different > setup. "devops" are web developers with root, they need stuff like Docker or they end up breaking everything. "sysadmin" knows how to handle the bare metal! > What the fuck?! Why in the world would anyone setup Debian as a testing > environment > and then use Red Hat on production?! And different network topology? > > Are people really that stupid? Yes.
Re: PF queueing confusion
On Thu, May 11, 2017 at 12:09:26AM +0200, Gabriele Tozzi wrote: > > Looks like I've solved by only renaming the queues. > > Instead of naming them "high", "normal" and "low", I have now named them > "exthi", "extstd" and "extlo" and then everything seems to work as expended. > > Maybe "high" is a (maybe undocumented) reserved queue name? Check out pfctl(8) and the -F option. The issue might be resolvable simply by flushing one or more of the filter parameters you'll find there. (Beware though - you may get kicked out of the server when flushing states if you're connecting via ssh, and may have to log back in. tmux(1) is your friend!) -- Erling Westenvik
Re: OpenBSD 6.1: BOOTIA32 3.32 issue
On Wed, May 10, 2017 at 08:35:28PM +0200, Patrick Wildt wrote: > On Wed, May 10, 2017 at 03:14:30PM +0200, Stefan Sperling wrote: > > On Tue, May 09, 2017 at 09:47:14PM +0200, Michele Curti wrote: > > > bios_bootdev = 0x80; > > > - efi_bootdp = dp0; > > > + efi_bootdp = dp; > > > break; > > > } > > > } > > > > > > > I don't think this is the correct fix. It might solve your issue, but I > don't think it's completely right. So EFI has those so called device > paths. A path is basically a list of nodes. To compare two paths you > need to compare the whole path and not just a single node of it. If you > store dp instead of dp0 you will basically only save a part of the path, > not the full path. > > What you can do is print the full path of efi_bootdp like.. > > for (dp = efi_bootdp; !IsDevicePathEnd(dp); > dp = NextDevicePathNode(dp)) { > printf("%x %x - ", DevicePathType(dp), DevicePathSubType(dp)); > } > printf("\n"); > 4e 6f - 5f 2d - 22 4e - 4e 55 - 3a 48 - 1e ce - and many others I got the same values starting the for loop with dp = dp0 or dp = NULL So dp0 was not intialized by the EFI_CALL() above? if (status == EFI_SUCCESS) status = EFI_CALL(BS->HandleProtocol, imgp->DeviceHandle, _guid, (void **)); if (status == EFI_SUCCESS) { I'm going to study a bit about EFI.. :p Thanks, Michele > And do the same for the DPs that are being put into the > efi_device_path_cmp function. That will at least print the types, but > not the content of the nodes. That's a start into figuring out why it > does not correctly compare the paths. > > Maybe there's a bug in the compare code?
Re: PF queueing confusion
Looks like I've solved by only renaming the queues. Instead of naming them "high", "normal" and "low", I have now named them "exthi", "extstd" and "extlo" and then everything seems to work as expended. Maybe "high" is a (maybe undocumented) reserved queue name?
Re: Compaq nx6310 does not suspend/resume
On Wed, May 10, 2017 at 05:19:04PM +0200, Jan Stary wrote: > This is current/i386 on a Compaq nx6310 laptop (dmesg below). This machine is notoriously bad. Did this ever work for you? -ml > Mostly works, but I experience trouble with suspend/resume. > > apmd(8) is running with apmd_flags="-A", but closing the lid does nothing, > eventhough machdep.lidsuspend=1 and machdep.lidaction=1 > Trying to suspend manually with Fn+F3 does nothing as well. > Trying to suspend with apm(8)'s options does this: > > apm -S says > > May 10 16:12:32 hp apmd: system entering standby > May 10 16:12:33 hp /bsd: uhub1 detached > May 10 16:12:33 hp /bsd: uhub2 detached > May 10 16:12:33 hp /bsd: uhub3 detached > > and, presumably, goes into standby. The power led is blinking. > It will not resume: pressing the power button makes the power led > light up again, but that's it. Even the display backlight > stays turned off. The machine is not accessible remotely > and needs to be forcefully restarted. > /etc/apm/standby does not get called. > > apm -z says > > May 10 16:31:26 hp apmd: system suspending > May 10 16:31:28 hp /bsd: uhub1 detached > May 10 16:31:28 hp /bsd: uhub2 detached > May 10 16:31:28 hp /bsd: uhub3 detached > > and, presumably, goes to suspend, but never resumes. > The symptoms are the same as with apm -S. > /etc/apm/suspend does not get called. > > apm -Z puts the system into hibernation, and it works. > After pressing the power button, the machine boots, > and unhibernates at the end of the boot sequence. > /etc/apm/{hibernate,resume} get called. > > How can I help debug this? > > http://stare.cz/dmesg/compaq-nx6310.20170509 > http://stare.cz/dmesg/compaq-nx6310.acpidump.tar > http://stare.cz/dmesg/compaq-nx6310.pcidump > > Jan > > > OpenBSD 6.1-current (GENERIC) #0: Tue May 9 17:46:04 CEST 2017 > h...@hp.stare.cz:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz ("GenuineIntel" 686-class) 1.73 > GHz > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,SSE3,MWAIT,TM2,xTPR,PDCM,PERF,SENSOR > real mem = 1601519616 (1527MB) > avail mem = 1558122496 (1485MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: date 04/17/07, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.4 @ > 0xf38eb (23 entries) > bios0: vendor Hewlett-Packard version "68YDU Ver. F.0D" date 04/17/2007 > bios0: Hewlett-Packard 30AA > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SLIC HPET APIC MCFG TCPA SSDT SSDT SSDT SSDT > acpi0: wakeup devices C096(S5) C0F1(S3) C0F8(S3) C0F9(S3) C0FA(S3) C0FB(S3) > C102(S5) C22B(S5) C115(S5) C22C(S5) C118(S5) C22C(S5) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 132MHz > cpu0: mwait min=64, max=64, C-substates=0.1.1.1, IBE > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > acpimcfg0 at acpi0 addr 0xf800, bus 0-63 > acpiprt0 at acpi0: bus 2 (C096) > acpiprt1 at acpi0: bus 8 (C102) > acpiprt2 at acpi0: bus 24 (C115) > acpiprt3 at acpi0: bus 32 (C118) > acpiprt4 at acpi0: bus 0 (C002) > acpiec0 at acpi0 > acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 > halt) > acpipwrres0 at acpi0: C1F0, resource for C1EC > acpipwrres1 at acpi0: C1FD, resource for C1F1 > acpipwrres2 at acpi0: C21A, resource for C218 > acpipwrres3 at acpi0: C222, resource for C121 > acpipwrres4 at acpi0: C321, resource for C325 > acpipwrres5 at acpi0: C322, resource for C326 > acpipwrres6 at acpi0: C323, resource for C327 > acpipwrres7 at acpi0: C324, resource for C328 > acpitz0 at acpi0: critical temperature is 256 degC > acpitz1 at acpi0: critical temperature is 105 degC > acpitz2 at acpi0: critical temperature is 105 degC > acpitz3 at acpi0: critical temperature is 105 degC > acpitz4 at acpi0: critical temperature is 110 degC > "PNP0A06" at acpi0 not configured > "PNP0303" at acpi0 not configured > "SYN0112" at acpi0 not configured > "HPQ0006" at acpi0 not configured > acpibat0 at acpi0: C1BC model "Primary" serial 08083 2016/11/05 type LIon oem > "Hewlett-Packard" > acpibat1 at acpi0: C1BB not present > acpiac0 at acpi0: AC unit online > acpibtn0 at acpi0: C23F > acpibtn1 at acpi0: C238 > "PNP0C14" at acpi0 not configured > "PNP0C0B" at acpi0 not configured > "PNP0C0B" at acpi0 not configured > "PNP0C0B" at acpi0 not configured > "PNP0C0B" at acpi0 not configured > acpivideo0 at acpi0: C083 > bios0: ROM list: 0xc/0x1! 0xd/0x1000 0xd1000/0x1800 > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 > inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev
Re: OT: Recommendations for a CMS?
Paul Suhwrites: > About Drupal: > >> every major version of drupal is a pain. They generally don't have any >> kind of same migration plan from version to version. Especially the user >> interface, which changed a lot, so you're often better off reimporting >> your data and starting the menu design from scratch > > This is a serious negative for me. Also that it's PHP-based -- I know > PHP has gotten better, but there's been just too many potential > problems in PHP for me to really feel good about it. It is true that Drupal changes are significant between major version releases (6, 7, 8). That said the changes are improvements, if somewhat painful. Be cautious about contributed modules. Some are of questionable quality and most of the Drupal security advisories I see are related to contributed modules not the core. I run Drupal 8 on OpenBSD 6.0 with good results. Will be moving to 6.1 soon. Note that you do need nginx as well, since httpd will not (as far as I can tell) handle the URL rewrites that Drupal demands. https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/ These days I would not worry much more about PHP than Python or Ruby but perhaps I'm naive. Allan
Re: OCSP stapling issues with httpd(8) and ocspcheck(1)
to note, I am running 6.1-stable.
OCSP stapling issues with httpd(8) and ocspcheck(1)
Hello, I am attempting to enable OCSP stapling with httpd, however when clients attempt to verify said signature, they fail. My process for generating the staplefile is as follows: # ocspcheck -N -o /etc/ssl/ocsp/.com.der \ /etc/ssl/private/.com.fullchain.pem This appears to generate a valid OCSP responsefile as verified by ocsptool(1): # cat /etc/ssl/ocsp/.com.der | ocsptool --response-info OCSP Response Information: Response Status: Successful Response Type: Basic OCSP Response Version: 1 Responder ID: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US Produced At: Tue May 09 10:51:00 UTC 2017 Responses: Certificate ID: Hash Algorithm: SHA1 Issuer Name Hash: 7ee66ae7729ab3fcf8a220646c16a12d6071085d Issuer Key Hash: a84a6a63047dddbae6d139b7a64565eff3a8eca1 Serial Number: 04dbfc34be721f3824e59ada8489c6c00492 Certificate Status: good This Update: Tue May 09 10:00:00 UTC 2017 Next Update: Tue May 16 10:00:00 UTC 2017 Extensions: However when I add in an OCSP directive into http.conf(5) in order to enable stapling, it seems OCSP verification fails: # cat /etc/httpd.conf server ".com" { listen on * tls port 443 tls { certificate "/etc/ssl/private/.com.fullchain.pem" key "/etc/ssl/private/.com.key" ocsp "/etc/ssl/ocsp/.com.der" } } # nc -zvc .com 443 Connection to .com 443 port [tcp/https] succeeded! nc: tls handshake failed (ocsp verify failed: no result for cert) Firefox also gives an error of: An error occurred during a connection to .com. The OCSP response does not include a status for the certificate being verified. Error code: MOZILLA_PKIX_ERROR_OCSP_RESPONSE_FOR_CERT_MISSING Both work when the ocsp directive is removed from http.conf(5). openssl(1) s_client confirms that the OCSP response is being sent: # openssl s_client -connect .com:443 -tlsextdebug -status -8<-8<-8<-8<-8<-8<-8<-8<-8<- OCSP response: == OCSP Response Data: OCSP Response Status: successful (0x0) Response Type: Basic OCSP Response Version: 1 (0x0) Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 Produced At: May 9 10:52:00 2017 GMT Responses: Certificate ID: Hash Algorithm: sha1 Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1 Serial Number: 0474005E94C1946D6FD3EB7A486278E9F643 Cert Status: good This Update: May 9 10:00:00 2017 GMT Next Update: May 16 10:00:00 2017 GMT Signature Algorithm: sha256WithRSAEncryption 53:f9:c7:f6:49:15:29:ce:87:1b:8e:86:47:d2:a1:b2:c7:2d: 1d:da:9c:87:9d:45:60:9c:e7:57:ec:b5:57:f1:7c:5c:88:b4: db:67:04:16:6f:b4:93:0b:d4:93:b6:08:a8:03:17:f3:f4:b3: 54:1f:b5:d0:f4:ca:29:6f:ca:02:68:3a:ec:19:4b:f5:5f:51: 53:43:b1:44:95:f4:e9:51:d4:43:54:89:0b:30:fa:17:30:0d: 31:33:c3:3d:91:36:9c:b3:7a:df:6e:07:cb:5d:b9:15:65:37: 01:0a:2e:0d:96:4c:9e:83:36:7b:34:a7:3d:f1:3d:5d:a1:c7: bc:fc:f1:a6:cf:1e:16:71:88:55:5d:f3:b4:8f:63:e3:90:e5: 1f:63:46:34:be:45:7f:1a:56:27:b9:7e:ba:03:0d:95:b4:01: 84:49:06:65:93:aa:8b:23:35:18:fe:d9:45:e5:a6:82:ee:e4: 03:ea:b9:58:94:c6:18:1f:d9:8e:31:1a:00:4f:f1:87:eb:17: ca:a9:10:ed:81:c8:4a:4d:f7:44:82:ff:f1:18:f6:e7:eb:f6: 3d:85:27:0b:27:5e:58:00:67:f7:cd:e4:25:32:ed:52:08:ec: 8b:c3:4a:c3:40:eb:47:a2:14:07:17:5d:42:a4:d3:75:c1:45: a6:55:7a:23 == -8<-8<-8<-8<-8<-8<-8<-8<-8<- Can anyone shed any light on whats going on here? Is it related to the fact that Lets Encrypt OCSP responder doesn't use nonces? (meaning one has to use the -N flag with ocspcheck(1).) Any cluebyfour responses would be appreciated.
Re: OT: Recommendations for a CMS?
Thanks to everyone for suggestions and ideas. My comments on some of the suggestions, in more or less chronological order: > I would recommend something like Magento Magento is total overkill -- this is not an e-commerce site and the additional exposed attack surface is horrendous. > https://www.locomotivecms.com/ Worth looking into, at first glance. Thanks! > https://redaxo.org I guess it's ok, but the site is entirely in German, und mein Deutsch ist nicht gut. My staff's German is non-existent. About Drupal: > every major version of drupal is a pain. They generally don't have any > kind of same migration plan from version to version. Especially the user > interface, which changed a lot, so you're often better off reimporting > your data and starting the menu design from scratch This is a serious negative for me. Also that it's PHP-based -- I know PHP has gotten better, but there's been just too many potential problems in PHP for me to really feel good about it. > So, the suggestion is.. to just start setting up an OpenBSD web stack. > You are going to make good progress, just better compared to other OS. Actually, I can spin up OpenBSD pretty easily for myself, either in VirtualBox or vmm, but the point is to make it sustainable by my staff, who just don't have the technical skills to sysadmin OpenBSD or another unix variant, for that matter. The choice of a CMS is almost orthogonal to the choice of the underlying OS, since they're all pretty much built on common web programming languages (PHP, Python, Ruby, etc.) and databases (MySQL/MariaDB, Postgresql), all of which run on a variety of server OS platforms. > erpnext.com is the most featurefull free erp I have found, including cms. > may take a little work to port to OpenBSD and unfortunately uses nodejs Ugh, again complete overkill. This is using a tactical nuke to kill an ant. I'm not looking for a full ERP solution, really! And I'm not thrilled with anything based on node.js. Node.js has a really strange dependency system and any language that allows the JSF*ck mess is not something that I would trust in terms of security. Thanks again to everyone who chimed in. --Paul smime.p7s Description: S/MIME cryptographic signature
Ipsec - Problem configuring host-to-host
Hello. I am trying to establish an ipsec connection in transport mode between two hosts located in the same LAN, using PSK for authentication and ikev1 for automatic keying. So far, my attempts have resulted in failure. Host A ( 192.168.1.11 ) runs OpenBSD 6.1 and uses the following configurations: /etc/ipsec.conf ike passive esp transport from 192.168.1.11 to 192.168.1.12 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes group modp1024 \ psk "test" /etc/rc.conf.local isakmpd_flags=-K -T ipsec=YES Host B ( 192.168.1.12 ) runs Knoppix 7.7.1, Strongswan 5.5.0, and uses the following configurations: /etc/ipsec.conf [...] conn test left=192.168.1.12 right=192.168.1.11 authby=secret auto=start type=transport ike=aes-sha1-modp1024 esp=aes-sha1-modp1024 compress=no /etc/ipsec.secrets 192.168.1.12 192.168.1.11 : PSK "test" This shows up in /var/log/messages on Host A when establishing ipsec between both hosts is attempted: May 10 16:57:39 server isakmpd[37746]: isakmpd: starting May 10 16:57:58 server isakmpd[4052]: attribute_unacceptable: ENCRYPTION_ALGORIT HM: got AES_CBC, expected 3DES_CBC May 10 16:57:58 server isakmpd[4052]: message_negotiate_sa: no compatible propos al found May 10 16:57:58 server isakmpd[4052]: dropped message from 192.168.1.12 port 500 due to notification type NO_PROPOSAL_CHOSEN Notice that isakmpd is expecting 3DES, when I configured the connection to use aes at both ends. More worrysome: When I configure the Host B to use 3DES for phase 1, isakmpd complains because it was offered PSK, but RSA_SIG was expected! This leads me to believe that isakmpd is ignoring the configuration parameters. Any help is appreciated.
Re: PF queueing confusion
Il 10/05/2017 20:56, Luis Coronado ha scritto: > but perhaps someone else would be able to see something that you didn't, > hence the requirement to share the file. I understand, but it contains sensitive information that I prefer not to share. If you could tell me what to look for, I will look for it. I have also checked "pfctl -s rules | grep high" and it returns no data. To the best of my knowledge, this confirms that there is no pf rule explicitly sending packets to the "high" queue... but lots of packets are queued there anyway, so I am supposing there should be some other queueing mechanism that I do not know of. Apart from using the "set queue" directive in pf.conf, what could cause this behaviour?
Re: Compaq nx6310 does not suspend/resume
On Wed, May 10, 2017 at 05:19:04PM +0200, Jan Stary wrote: > How can I help debug this? This might be of interest, mlarkin@ posted a detailed write-up[1] on how to debug suspend issues. [1] http://marc.info/?l=openbsd-bugs=147440712910124=2
Re: PF queueing confusion
but perhaps someone else would be able to see something that you didn't, hence the requirement to share the file. -luis On Wed, May 10, 2017 at 12:50 PM, Gabriele Tozziwrote: > > Il 10/05/2017 14:45, Daniel Melameth ha scritto: > >> queue ext on $Ext bandwidth 900K > >> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default > >> queue high parent ext bandwidth 193K qlimit 10 > >> queue low parent ext bandwidth 193K, max 540Kb qlimit 10 > > > > You'll have to post your pf.conf. > > The whole pf.conf is very long but I have checked multiple times and > there is no rule with the "set queue high" or "set queue ( *, high )" > syntax. > >
Re: PF queueing confusion
Il 10/05/2017 14:45, Daniel Melameth ha scritto: >> queue ext on $Ext bandwidth 900K >> queue normal parent ext bandwidth 386K, max 850K qlimit 10 default >> queue high parent ext bandwidth 193K qlimit 10 >> queue low parent ext bandwidth 193K, max 540Kb qlimit 10 > > You'll have to post your pf.conf. The whole pf.conf is very long but I have checked multiple times and there is no rule with the "set queue high" or "set queue ( *, high )" syntax.
Re: OpenBSD 6.1: BOOTIA32 3.32 issue
On Wed, May 10, 2017 at 03:14:30PM +0200, Stefan Sperling wrote: > On Tue, May 09, 2017 at 09:47:14PM +0200, Michele Curti wrote: > > On Tue, May 09, 2017 at 09:36:02PM +0200, Michele Curti wrote: > > > On Tue, May 09, 2017 at 10:20:03AM +0200, Michele Curti wrote: > > > > Hi all, I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay > > > > trail, 32 bit efi, 64 bit os) but the bootloader do not correctly > > > > detect the internal disk. > > > > > > > > I also tried a fresh install, but things do not change. Boot fails > > > > and when I do a "machine diskinfo" I got a lot of "?" symbols (a video > > > > here https://www.youtube.com/watch?v=fsomNX-oFTQ ) > > > > > > > > How can I debug the issue? > > > > > > > > > > Compiling bootia32.efi :p > > > > > > With sys/arch/amd64/stand/efiboot/efiboot.c revision 1.15 it works, > > > revision 1.16 it fails. > > > > > > I'll try to understand, thanks, Michele > > > > > > With the following diff it works, bye! > > Looks good to me. Is anyone handling this patch? > > > Index: efiboot/efiboot.c > > === > > RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efiboot.c,v > > retrieving revision 1.17 > > diff -u -p -r1.17 efiboot.c > > --- efiboot/efiboot.c 3 Mar 2017 08:56:18 - 1.17 > > +++ efiboot/efiboot.c 9 May 2017 19:44:30 - > > @@ -92,7 +92,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA > > if (DevicePathType(dp) == MEDIA_DEVICE_PATH && > > DevicePathSubType(dp) == MEDIA_HARDDRIVE_DP) { > > bios_bootdev = 0x80; > > - efi_bootdp = dp0; > > + efi_bootdp = dp; > > break; > > } > > } > > > I don't think this is the correct fix. It might solve your issue, but I don't think it's completely right. So EFI has those so called device paths. A path is basically a list of nodes. To compare two paths you need to compare the whole path and not just a single node of it. If you store dp instead of dp0 you will basically only save a part of the path, not the full path. What you can do is print the full path of efi_bootdp like.. for (dp = efi_bootdp; !IsDevicePathEnd(dp); dp = NextDevicePathNode(dp)) { printf("%x %x - ", DevicePathType(dp), DevicePathSubType(dp)); } printf("\n"); And do the same for the DPs that are being put into the efi_device_path_cmp function. That will at least print the types, but not the content of the nodes. That's a start into figuring out why it does not correctly compare the paths. Maybe there's a bug in the compare code?
Compaq nx6310 does not suspend/resume
This is current/i386 on a Compaq nx6310 laptop (dmesg below). Mostly works, but I experience trouble with suspend/resume. apmd(8) is running with apmd_flags="-A", but closing the lid does nothing, eventhough machdep.lidsuspend=1 and machdep.lidaction=1 Trying to suspend manually with Fn+F3 does nothing as well. Trying to suspend with apm(8)'s options does this: apm -S says May 10 16:12:32 hp apmd: system entering standby May 10 16:12:33 hp /bsd: uhub1 detached May 10 16:12:33 hp /bsd: uhub2 detached May 10 16:12:33 hp /bsd: uhub3 detached and, presumably, goes into standby. The power led is blinking. It will not resume: pressing the power button makes the power led light up again, but that's it. Even the display backlight stays turned off. The machine is not accessible remotely and needs to be forcefully restarted. /etc/apm/standby does not get called. apm -z says May 10 16:31:26 hp apmd: system suspending May 10 16:31:28 hp /bsd: uhub1 detached May 10 16:31:28 hp /bsd: uhub2 detached May 10 16:31:28 hp /bsd: uhub3 detached and, presumably, goes to suspend, but never resumes. The symptoms are the same as with apm -S. /etc/apm/suspend does not get called. apm -Z puts the system into hibernation, and it works. After pressing the power button, the machine boots, and unhibernates at the end of the boot sequence. /etc/apm/{hibernate,resume} get called. How can I help debug this? http://stare.cz/dmesg/compaq-nx6310.20170509 http://stare.cz/dmesg/compaq-nx6310.acpidump.tar http://stare.cz/dmesg/compaq-nx6310.pcidump Jan OpenBSD 6.1-current (GENERIC) #0: Tue May 9 17:46:04 CEST 2017 h...@hp.stare.cz:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M CPU 430 @ 1.73GHz ("GenuineIntel" 686-class) 1.73 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,SSE3,MWAIT,TM2,xTPR,PDCM,PERF,SENSOR real mem = 1601519616 (1527MB) avail mem = 1558122496 (1485MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 04/17/07, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.4 @ 0xf38eb (23 entries) bios0: vendor Hewlett-Packard version "68YDU Ver. F.0D" date 04/17/2007 bios0: Hewlett-Packard 30AA acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC HPET APIC MCFG TCPA SSDT SSDT SSDT SSDT acpi0: wakeup devices C096(S5) C0F1(S3) C0F8(S3) C0F9(S3) C0FA(S3) C0FB(S3) C102(S5) C22B(S5) C115(S5) C22C(S5) C118(S5) C22C(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 132MHz cpu0: mwait min=64, max=64, C-substates=0.1.1.1, IBE ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 2 (C096) acpiprt1 at acpi0: bus 8 (C102) acpiprt2 at acpi0: bus 24 (C115) acpiprt3 at acpi0: bus 32 (C118) acpiprt4 at acpi0: bus 0 (C002) acpiec0 at acpi0 acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 halt) acpipwrres0 at acpi0: C1F0, resource for C1EC acpipwrres1 at acpi0: C1FD, resource for C1F1 acpipwrres2 at acpi0: C21A, resource for C218 acpipwrres3 at acpi0: C222, resource for C121 acpipwrres4 at acpi0: C321, resource for C325 acpipwrres5 at acpi0: C322, resource for C326 acpipwrres6 at acpi0: C323, resource for C327 acpipwrres7 at acpi0: C324, resource for C328 acpitz0 at acpi0: critical temperature is 256 degC acpitz1 at acpi0: critical temperature is 105 degC acpitz2 at acpi0: critical temperature is 105 degC acpitz3 at acpi0: critical temperature is 105 degC acpitz4 at acpi0: critical temperature is 110 degC "PNP0A06" at acpi0 not configured "PNP0303" at acpi0 not configured "SYN0112" at acpi0 not configured "HPQ0006" at acpi0 not configured acpibat0 at acpi0: C1BC model "Primary" serial 08083 2016/11/05 type LIon oem "Hewlett-Packard" acpibat1 at acpi0: C1BB not present acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: C23F acpibtn1 at acpi0: C238 "PNP0C14" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpivideo0 at acpi0: C083 bios0: ROM list: 0xc/0x1! 0xd/0x1000 0xd1000/0x1800 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0: apic 1 int 16 inteldrm0: 1024x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0
Why would I need a container like Docker?!
I have occasionally used virtualization (Qemu) for easy testing of some OS. I have also played around with "containers" using FreeBSD Jails and Linux LXC, but I have never ever thought of any of this as a security measurement or anything needed beyond testing. When I want isolation I run a single box (or boxes) and install OpenBSD on the bare metal. Then I run whatever services are needed on that box or boxes. I would then deploy a network with isolated segments. Now, everyone is telling me I should run Docker and a completely different setup. I read up about Docker and found this: "Containers are a solution to the problem of how to get software to run reliably when moved from one computing environment to another. This could be from a developer's laptop to a test environment, from a staging environment into production and perhaps from a physical machine in a data center to a virtual machine in a private or public cloud." "Problems arise when the supporting software environment is not identical, says Solomon Hykes, the creator of Docker, "You're going to test using Python 2.7, and then it's going to run on Python 3 in production and something weird will happen. Or you'll rely on the behavior of a certain version of an SSL library and another one will be installed. You'll run your tests on Debian and production is on Red Hat and all sorts of weird things happen." "And it's not just different software that can make a difference, he added, "The network topology might be different, or the security policies and storage might be different but the software has to run on it." What the fuck?! Why in the world would anyone setup Debian as a testing environment and then use Red Hat on production?! And different network topology? Are people really that stupid? If people really are that stupid they shouldn't be allowed near a computer in the first place and certainly Docker or any container technology isn't going to solve their problems! It seems like the OpenBSD project is about the only project left nowadays where people are still using their brains!
Re: OpenBSD and you
On Wed, May 10, 2017 at 01:20:06PM +0300, Manolis Tzanidakis wrote: > On Wed (10/05/17), Peter N. M. Hansteen wrote: > > That was the first option that came to mind, and the one I may go for as > > a supplemental format *if* I can find a way to generate PDFs from this > > source format *and* get the page breaks right. The print preview is > > available browsers does not leave much hope of that actually happening, > > however. > > You can give wkhtmltopdf (https://wkhtmltopdf.org/) a shot; it's in packages. > > A quick test I ran: > > $ wkhtmltopdf "https://home.nuug.no/~peter/openbsd_and_you/; output.pdf > > produces nice results, but omits the titles. I guess adding ", sans-serif" in > the "font-family" lines in your css should fix that, eg: > > - body { font-family: 'Droid Serif'; } > + body { font-family: 'Droid Serif', sans-serif; } Thanks for a potentially useful set of suggestions! The index.html that's out there now has that change in it. However, likely due to some local silliness with fonts here I get missing italics (starting p 7) and missing monospace in 'shell' environments or config listings starting a few pages later. If you get better output, I'd be much indebted if you send me your pdf output so I can put it in place while I sort of the fonts issue. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Why would I need a container like Docker?!
Martin Hanson wrote: > I have occasionally used virtualization (Qemu) for easy testing of some > OS. I have \ also played around with "containers" using FreeBSD Jails > and Linux LXC, but I have \ never ever thought of any of this as a > security measurement or anything needed beyond \ testing. > > When I want isolation I run a single box (or boxes) and install OpenBSD > on the bare \ metal. Then I run whatever services are needed on that box > or boxes. I would then \ deploy a network with isolated segments. > > Now, everyone is telling me I should run Docker and a completely > different setup. > > I read up about Docker and found this: > > "Containers are a solution to the problem of how to get software to > run reliably \ when moved from one computing environment to another. > This could be from a \ developer's laptop to a test environment, from a > staging environment into production \ and perhaps from a physical > machine in a data center to a virtual machine in a \ private or public > cloud." > > "Problems arise when the supporting software environment is not > identical, says \ Solomon Hykes, the creator of Docker, "You're going to > test using Python 2.7, and \ then it's going to run on Python 3 in > production and something weird will happen. Or \ you'll rely on the > behavior of a certain version of an SSL library and another one \ will > be installed. You'll run your tests on Debian and production is on Red > Hat and \ all sorts of weird things happen." > > "And it's not just different software that can make a difference, he > added, "The \ network topology might be different, or the security > policies and storage might be \ different but the software has to run on > it." > > What the fuck?! Why in the world would anyone setup Debian as a testing > environment \ and then use Red Hat on production?! And different network > topology? > Let me give you an example. I run Red Hat on all our computing nodes and clusters in the Lab. Among 90+ people in our crew we have deep-learning guys guys who like to use shit like Caffe and TensorFlow http://caffe.berkeleyvision.org/ https://www.tensorflow.org/ which is a research grade software. We even use shit like http://www.ros.org/ to collect data. Building such things on Ubuntu let alone anything else on which the software has not being even tested can make grown up man cry. So guess what is my solution. I use http://singularity.lbl.gov/ to run Ubuntu virtual kernel in Red Hat userland (to anybody familiar with vkernel on DragonFly BSD this should sound familiar) and DOCKER to install the software we need. Please don't try to read the documentation for Singularity as the guy is in the serious need for some kind mental help or at least a good technical writer on his team. Our "deliverables" to many government agencies are Docker images. That is the contract which pays mine and many other salaries. Hopefully now it makes sense. > Are people really that stupid? > I am not a particularly bright guy but I never thought of myself as stupid. Now when you brought to my attention it makes perfect sense. That is exactly the reason why I am struggling so much to produce any publications. Cheers, Predrag > If people really are that stupid they shouldn't be allowed near a > computer in the \ first place and certainly Docker or any container > technology isn't going to solve \ their problems! > > It seems like the OpenBSD project is about the only project left > nowadays where \ people are still using their brains!
Re: OpenBSD and you
Peter, With a presentation like that, everyone is tempt to met Mr. Puffy Thank you for keep it uptated ! ( ~6.1 ) It's amazing job ! You rock . Cheers, 2017-05-10 7:20 GMT-03:00 Manolis Tzanidakis: > On Wed (10/05/17), Peter N. M. Hansteen wrote: > > That was the first option that came to mind, and the one I may go for as > > a supplemental format *if* I can find a way to generate PDFs from this > > source format *and* get the page breaks right. The print preview is > > available browsers does not leave much hope of that actually happening, > > however. > > You can give wkhtmltopdf (https://wkhtmltopdf.org/) a shot; it's in > packages. > > A quick test I ran: > > $ wkhtmltopdf "https://home.nuug.no/~peter/openbsd_and_you/; output.pdf > > produces nice results, but omits the titles. I guess adding ", sans-serif" > in > the "font-family" lines in your css should fix that, eg: > > - body { font-family: 'Droid Serif'; } > + body { font-family: 'Droid Serif', sans-serif; } > >
Re: CGI script to see collectd stats
Ajitabh Pandey wrote: > Hello, > > I am running Collectd server on my OpenBSD 6.1 box and various clients > are > sending stats to this box. I see /var/collectd that various RRDs are > getting created. However, I am not sure what should I used to see the > graphs. I looked at RRDCGI but it looks way complicated to setup. I > could > not find collectd-web package also. > Hi, I have being using Collectd for remote telemetry in my Lab for over 4 years and I have being running Collectd server on OpenBSD for the past two. The lack of decent working front-end is the Achilles tendon of Collectd which IMHO is eventually going to kill the project now when it is becoming clear that Whisper has some advantages over RRD. Before I go any further let me know what I do and what works really well. The best front end for Collectd is in fact Observium and its fork LibreNMS which is in OpenBSD ports. http://www.observium.org/ Observium is main polling protocol is SNMP. Setting Observium/LibreNMS is not trivial but it is not too difficult either. You can find my and Stuart's discusion on misc how to set LibreNMS which runs fairly well on OpenBSD. His pkg-readme is must! Before the LibreNMS fork which occurred 2 years ago I was using https://www.turnkeylinux.org/observium since Observium project explicitly doesn't support anything except Ubuntu and Debian. Once you have Observium or LibreNMS polling your devices displaying collectd graphs is just adding a line in the Observium/Collectd config file which will point the application to the location of RRD files gathered by collectd server. The only caveat is that you have to poll the device to be able to see collectd button which will take you to magnificent graphs. This did hurt me personally as I don't SNMP poll KVM guests on one of my KVM hosts but I do have RRD data for the guests via collectd KVM plugin. The another really big problem with Observium/LibreNMS is the lack of a proxy which is needed for monitoring devices behind firewalls. You don't have that problem with collectd which works on the push principle. It is a bit of problem for me as I do have a private subnet behind somebody's else firewall. Recently, a front-end for Collectd, called facette has being added to ports http://openports.se/sysutils/facette It is dead simple to set up but useless as each graph has to be created manually from data. With my RRD folder containing close to 1500 files that is just ridicules. Observium/LibreNMS automatically create graphs for all available RRDs minus the KVM guest caveat. The only other front-end for Collectd which actually works (at least for me) is Collectd-web https://collectd.org/wiki/index.php/File:Collectd-web.png It does create graphs automatically for all available devices but the quality of both interface and graphs is inferior comparing to Observium/LibreNMS. I will finish this long post by bringing to your attention that Collectd can send time-series directly to carbon-aggregator which in turns writes it to Wisper. https://collectd.org/wiki/index.php/Plugin:Write_Graphite That will enable you to see your time-series using Graphite-web (IIRC doesn't run on OpenBSD). We have played in my Lab (machine learning/statistical data-mining) with Graphite-web due to our internal needs for a good tool for time-series display. I can tell you that Graphite is second to none in what it does and we are using it for our research (but not for infrastructure monitoring). Best, Predrag P.S. I am looking forward to see what other people have to say about this topic. > Searching on web I see that for a non-chrooted web server there are > straight forward scripts available. Most of the instructions are for > linux. > > I would prefer to use OpenBSD httpd and not resort to non-chrooted > apache > or nginx. I am finding it really difficult to find something suitable > which > works under chroot. > > I am able to run a hello world cgi script in chroot. > > If any of you guys have some information/config/tool etc to share for > collectd graphs, it would be of great help. > > Thanks & Regards. > -- > Ajitabh Pandey
Re: [PATCH] Installer bug (MSDOS tildes)
On Wed, May 10, 2017 at 12:51:45PM +, Michal Bozon wrote: > There was a "typo" in my patch, this should be a correct one: > > --- /usr/src/distrib/miniroot/install.sub.ooo Wed May 10 12:19:56 2017 > +++ /usr/src/distrib/miniroot/install.sub Wed May 10 12:48:31 2017 > @@ -1804,7 +1804,7 @@ > fi > > # Always mount msdos partitions with -s to get lower case names. > -grep -q "^ $resp: .*MSDOS" $_file && _opts="-s" > +grep -q "^ $resp: .*MSDOS" $_file && _opts="-l" > mount -o ro,$_opts /dev/$_dev$resp /mnt2 > } > > I am not sure why "-s" flag is used, maybe it fixed some problem, > but it has introduced another one. A similar diff was briefly committed in 1.750 for the reason you mention: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/miniroot/install.sub#rev750 It was backed out again in https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/miniroot/install.sub#rev752 > > MB > > > On 2017-05-10 Wed 12:34, Michal Bozon wrote: > > Hi, > > there is a typo in install.sub > > causing problems e.g. when removable FAT32 formatted > > disk with installation files is attached, > > and "disk" is selected as install media: > > > > INSTALL.i386 not found ... > > (because it is visible as instal~1.i38) > > > > Directory does not contain SHA256.sig ... > > (because it is visible as sha256.sig) > > > > here is the patch: > > > > --- /usr/src/distrib/miniroot/install.sub > > +++ /usr/src/distrib/miniroot/install.sub > > @@ -1805,7 +1805,7 @@ > > > > # Always mount msdos partitions with -s to get lower case names. > > grep -q "^ $resp: .*MSDOS" $_file && _opts="-s" > > -mount -o ro,$_opts /dev/$_dev$resp /mnt2 > > +mount -o ro $_opts /dev/$_dev$resp /mnt2 > > } > > > > > > regards, > > Michal Bozon >
Re: CGI script to see collectd stats
Em 10/05/2017 07:54, Ajitabh Pandey escreveu: Hello, I am running collectd server on my OpenBSD 6.1 box and various clients are sending stats to this box. I see /var/collectd that various RRDs are getting created. However, I am not sure what should I used to see the graphs. I looked at RRDCGI but it looks way complicated to setup. I could not find collectd-web package also. Searching on web I see that for a non-chrooted web server there are straight forward scripts available. Most of the instructions are for linux. I would prefer to use OpenBSD httpd and not resort to non-chrooted apache or nginx. I am finding it really difficult to find something suitable which works under chroot. I am able to run a hello world cgi script in chroot. If any of you guys have some information/config/tool etc to share for collectd graphs, it would be of great help. Thanks & Regards. Can't help with your chroot requisite. But I did spent some doing looking into that and can share something. All (Perl) CGI's is something I don't recommend to. First, they are CGIs, second, even if you're able to configure them you will get a lot of warnings because the CGI module in Perl is getting deprecated. I went with rrdscout (Flask web application). It should be enough for your needs and uses a modern framework. On the other hand, I'm not sure it is being maintained anymore. I forked it on Github and generate a INSTALL document specific for OpenBSD: https://github.com/glasswalk3r/rrdscout/blob/master/INSTALL-openbsd.txt I had to install freetype from ports too to be able to generated readable charts from the RRD: cd /usr/ports/print/freetype make install make clean make clean=depends Hope that helps you. Regards, Alceu
Re: OpenBSD 6.1: BOOTIA32 3.32 issue
On Tue, May 09, 2017 at 09:47:14PM +0200, Michele Curti wrote: > On Tue, May 09, 2017 at 09:36:02PM +0200, Michele Curti wrote: > > On Tue, May 09, 2017 at 10:20:03AM +0200, Michele Curti wrote: > > > Hi all, I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay > > > trail, 32 bit efi, 64 bit os) but the bootloader do not correctly > > > detect the internal disk. > > > > > > I also tried a fresh install, but things do not change. Boot fails > > > and when I do a "machine diskinfo" I got a lot of "?" symbols (a video > > > here https://www.youtube.com/watch?v=fsomNX-oFTQ ) > > > > > > How can I debug the issue? > > > > > > > Compiling bootia32.efi :p > > > > With sys/arch/amd64/stand/efiboot/efiboot.c revision 1.15 it works, > > revision 1.16 it fails. > > > > I'll try to understand, thanks, Michele > > > With the following diff it works, bye! Looks good to me. Is anyone handling this patch? > Index: efiboot/efiboot.c > === > RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efiboot.c,v > retrieving revision 1.17 > diff -u -p -r1.17 efiboot.c > --- efiboot/efiboot.c 3 Mar 2017 08:56:18 - 1.17 > +++ efiboot/efiboot.c 9 May 2017 19:44:30 - > @@ -92,7 +92,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA > if (DevicePathType(dp) == MEDIA_DEVICE_PATH && > DevicePathSubType(dp) == MEDIA_HARDDRIVE_DP) { > bios_bootdev = 0x80; > - efi_bootdp = dp0; > + efi_bootdp = dp; > break; > } > } >
Re: Why would I need a container like Docker?!
Em 10/05/2017 00:53, Martin Hanson escreveu: I have occasionally used virtualization (Qemu) for easy testing of some OS. I have also played around with "containers" using FreeBSD Jails and Linux LXC, but I have never ever thought of any of this as a security measurement or anything needed beyond testing. When I want isolation I run a single box (or boxes) and install OpenBSD on the bare metal. Then I run whatever services are needed on that box or boxes. I would then deploy a network with isolated segments. Now, everyone is telling me I should run Docker and a completely different setup. I read up about Docker and found this: "Containers are a solution to the problem of how to get software to run reliably when moved from one computing environment to another. This could be from a developer's laptop to a test environment, from a staging environment into production and perhaps from a physical machine in a data center to a virtual machine in a private or public cloud." "Problems arise when the supporting software environment is not identical, says Solomon Hykes, the creator of Docker, "You're going to test using Python 2.7, and then it's going to run on Python 3 in production and something weird will happen. Or you'll rely on the behavior of a certain version of an SSL library and another one will be installed. You'll run your tests on Debian and production is on Red Hat and all sorts of weird things happen." "And it's not just different software that can make a difference, he added, "The network topology might be different, or the security policies and storage might be different but the software has to run on it." What the fuck?! Why in the world would anyone setup Debian as a testing environment and then use Red Hat on production?! And different network topology? Are people really that stupid? If people really are that stupid they shouldn't be allowed near a computer in the first place and certainly Docker or any container technology isn't going to solve their problems! It seems like the OpenBSD project is about the only project left nowadays where people are still using their brains! It seems you didn't read the documentation correctly. Do it again, specially because containers do have their own security issues. After that, I'm sure you will understand what the given example is trying to achieve. You can use Debian as your (DEV/TEST) environment because the image used on Docker will be RedHat based, but using the kernel you're on. It is possible to do that, although it makes sense to use the same RedHat as well, at least for QA environments. Containers (and Docker didn't start as a container itself, but as tooling to provide easy to use containers on Linux) is a different concept of VMs because you don't need to run a entire operational system just to get some isolation between applications. A container to boot takes much less time than a VM, for example, and should use less resources. Requirements are different too. But those are not the only benefits. You should check about the relation of Docker and DevOps. As always, there is no silver bullet, but those practices makes some things possible and even easier to implement. On the other hand, yes, all those layers of abstraction (e.g. AWS) leave some IT professionals without really understanding what they are doing... if this will be really a problem in the future it something we will need to wait to see.
Re: [PATCH] Installer bug (MSDOS tildes)
There was a "typo" in my patch, this should be a correct one: --- /usr/src/distrib/miniroot/install.sub.ooo Wed May 10 12:19:56 2017 +++ /usr/src/distrib/miniroot/install.sub Wed May 10 12:48:31 2017 @@ -1804,7 +1804,7 @@ fi # Always mount msdos partitions with -s to get lower case names. -grep -q "^ $resp: .*MSDOS" $_file && _opts="-s" +grep -q "^ $resp: .*MSDOS" $_file && _opts="-l" mount -o ro,$_opts /dev/$_dev$resp /mnt2 } I am not sure why "-s" flag is used, maybe it fixed some problem, but it has introduced another one. MB On 2017-05-10 Wed 12:34, Michal Bozon wrote: > Hi, > there is a typo in install.sub > causing problems e.g. when removable FAT32 formatted > disk with installation files is attached, > and "disk" is selected as install media: > > INSTALL.i386 not found ... > (because it is visible as instal~1.i38) > > Directory does not contain SHA256.sig ... > (because it is visible as sha256.sig) > > here is the patch: > > --- /usr/src/distrib/miniroot/install.sub > +++ /usr/src/distrib/miniroot/install.sub > @@ -1805,7 +1805,7 @@ > > # Always mount msdos partitions with -s to get lower case names. > grep -q "^ $resp: .*MSDOS" $_file && _opts="-s" > -mount -o ro,$_opts /dev/$_dev$resp /mnt2 > +mount -o ro $_opts /dev/$_dev$resp /mnt2 > } > > > regards, > Michal Bozon
Re: PF queueing confusion
On Wed, May 10, 2017 at 4:47 AM, Gabriele Tozziwrote: > I have a quite simple pf setup: I have defined 3 queues for my external > interface in my pf.conf: > > queue ext on $Ext bandwidth 900K > queue normal parent ext bandwidth 386K, max 850K qlimit 10 default > queue high parent ext bandwidth 193K qlimit 10 > queue low parent ext bandwidth 193K, max 540Kb qlimit 10 > > I have noticed that the "high" queue got the wide majority of traffic, > so I have removed all the rules referencing it from pf.conf and, > surprisingly, this is the result after reloading the ruleset: > > # pfctl -s queue -v > [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: > 0 ] > [ qlength: 0/ 50 ] > queue ext on pppoe0 bandwidth 900K qlimit 50 > [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: > 0 ] > [ qlength: 0/ 50 ] > queue normal parent ext bandwidth 386K, max 850K default qlimit 10 > [ pkts: 1555 bytes: 130921 dropped pkts: 0 bytes: > 0 ] > [ qlength: 0/ 10 ] > queue high parent ext bandwidth 193K qlimit 10 > [ pkts: 19303 bytes: 28319771 dropped pkts:179 bytes: > 255401 ] > [ qlength: 0/ 10 ] > queue low parent ext bandwidth 193K, max 540K qlimit 10 > [ pkts: 4863 bytes:4044635 dropped pkts:487 bytes: > 176124 ] > > Still a lot of data is sent through the "high" queue, even if no rules > in pf.conf is referencing it. As a counter-proof, I can remove the queue > creation line from pf.conf and reload the ruleset without triggering any > error, so the queue is definitely not referenced. > > What could be wrong? You'll have to post your pf.conf.
Re: Why would I need a container like Docker?!
On Wed, May 10, 2017 at 05:53:07AM +0200, Martin Hanson wrote: > [... pathetic screaming ...] Pathetic screaming doesn't help to anything. And... there already has been an interest in zones/containers in OpenBSD, see https://marc.info/?l=openbsd-tech=144617514431852=2 j.
[PATCH] Installer bug (MSDOS tildes)
Hi, there is a typo in install.sub causing problems e.g. when removable FAT32 formatted disk with installation files is attached, and "disk" is selected as install media: INSTALL.i386 not found ... (because it is visible as instal~1.i38) Directory does not contain SHA256.sig ... (because it is visible as sha256.sig) here is the patch: --- /usr/src/distrib/miniroot/install.sub +++ /usr/src/distrib/miniroot/install.sub @@ -1805,7 +1805,7 @@ # Always mount msdos partitions with -s to get lower case names. grep -q "^ $resp: .*MSDOS" $_file && _opts="-s" -mount -o ro,$_opts /dev/$_dev$resp /mnt2 +mount -o ro $_opts /dev/$_dev$resp /mnt2 } regards, Michal Bozon
Re: smtpd aliases file issue
On Wed, May 10, 2017 at 04:32:55PM +0530, Ajitabh Pandey wrote: > > If my understanding about how this should work incorrect? If not then what > am I doing wrong? > What you are doing wrong is not showing your configuration file so we're able to check if it does what you think it is doing -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: smtpd aliases file issue
Did you restart smtpd? Sent from BlueMail On May 10, 2017, 6:03 AM, at 6:03 AM, Ajitabh Pandeywrote: >Hello, > >On an OpenBSD 6.1, I have default smtpd setup. > >I placed a .forward file in root's home and am able to receive the >emails >on an external address. > >I then removed the .forward from root's home and then placed a .forward >in >the home directory of normal user account (say user01). Emails directly >send to user01 are being forwarded to external email address as >expected. > >Next I edited the /etc/mail/aliases file and uncomment the line with >root's >name in it and placed an entry like - > >root: user01 > >After saving the file, I ran newaliases to generate >/etc/mail/aliases.db >file. > >This should forward all email's destined for root to user01 and >consequently to external email address as user01's home has a .forward >file >in it. > >This is not happening. Any email sent to root is being delivered to the >mailbox of root and the smtpd logs in /var/log/maillog confirmed the >same. > >If my understanding about how this should work incorrect? If not then >what >am I doing wrong? > >Thanks and Regards. >-- >Ajitabh Pandey >http://ajitabhpandey.info/
smtpd aliases file issue
Hello, On an OpenBSD 6.1, I have default smtpd setup. I placed a .forward file in root's home and am able to receive the emails on an external address. I then removed the .forward from root's home and then placed a .forward in the home directory of normal user account (say user01). Emails directly send to user01 are being forwarded to external email address as expected. Next I edited the /etc/mail/aliases file and uncomment the line with root's name in it and placed an entry like - root: user01 After saving the file, I ran newaliases to generate /etc/mail/aliases.db file. This should forward all email's destined for root to user01 and consequently to external email address as user01's home has a .forward file in it. This is not happening. Any email sent to root is being delivered to the mailbox of root and the smtpd logs in /var/log/maillog confirmed the same. If my understanding about how this should work incorrect? If not then what am I doing wrong? Thanks and Regards. -- Ajitabh Pandey http://ajitabhpandey.info/
CGI script to see collectd stats
Hello, I am running collectd server on my OpenBSD 6.1 box and various clients are sending stats to this box. I see /var/collectd that various RRDs are getting created. However, I am not sure what should I used to see the graphs. I looked at RRDCGI but it looks way complicated to setup. I could not find collectd-web package also. Searching on web I see that for a non-chrooted web server there are straight forward scripts available. Most of the instructions are for linux. I would prefer to use OpenBSD httpd and not resort to non-chrooted apache or nginx. I am finding it really difficult to find something suitable which works under chroot. I am able to run a hello world cgi script in chroot. If any of you guys have some information/config/tool etc to share for collectd graphs, it would be of great help. Thanks & Regards. -- Ajitabh Pandey http://ajitabhpandey.info/
PF queueing confusion
Hello there, I have noticed some weirdness when using "pfctl -s queue -v" so I have decided to investigate. I have a quite simple pf setup: I have defined 3 queues for my external interface in my pf.conf: queue ext on $Ext bandwidth 900K queue normal parent ext bandwidth 386K, max 850K qlimit 10 default queue high parent ext bandwidth 193K qlimit 10 queue low parent ext bandwidth 193K, max 540Kb qlimit 10 I have noticed that the "high" queue got the wide majority of traffic, so I have removed all the rules referencing it from pf.conf and, surprisingly, this is the result after reloading the ruleset: # pfctl -s queue -v [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] queue ext on pppoe0 bandwidth 900K qlimit 50 [ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 50 ] queue normal parent ext bandwidth 386K, max 850K default qlimit 10 [ pkts: 1555 bytes: 130921 dropped pkts: 0 bytes: 0 ] [ qlength: 0/ 10 ] queue high parent ext bandwidth 193K qlimit 10 [ pkts: 19303 bytes: 28319771 dropped pkts:179 bytes: 255401 ] [ qlength: 0/ 10 ] queue low parent ext bandwidth 193K, max 540K qlimit 10 [ pkts: 4863 bytes:4044635 dropped pkts:487 bytes: 176124 ] Still a lot of data is sent through the "high" queue, even if no rules in pf.conf is referencing it. As a counter-proof, I can remove the queue creation line from pf.conf and reload the ruleset without triggering any error, so the queue is definitely not referenced. What could be wrong? Thank You -- GPG Key Fingerprint: DAD1 E3E3 C3E9 36FB C570 F405 9B5F 7108 A1D0 2FFF
Re: OpenBSD and you
On Wed (10/05/17), Peter N. M. Hansteen wrote: > That was the first option that came to mind, and the one I may go for as > a supplemental format *if* I can find a way to generate PDFs from this > source format *and* get the page breaks right. The print preview is > available browsers does not leave much hope of that actually happening, > however. You can give wkhtmltopdf (https://wkhtmltopdf.org/) a shot; it's in packages. A quick test I ran: $ wkhtmltopdf "https://home.nuug.no/~peter/openbsd_and_you/; output.pdf produces nice results, but omits the titles. I guess adding ", sans-serif" in the "font-family" lines in your css should fix that, eg: - body { font-family: 'Droid Serif'; } + body { font-family: 'Droid Serif', sans-serif; }
Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)
On 2017-05-09, Caolan McMahonwrote: > I recently installed OpenBSD 6.1 on my Lenovo ThinkPad x250. I use a > USB DAC to listen to music because the built-in laptop audio is > terrible. That's useful information, the internal audio on older Thinkpads is pretty good so that's another reason not to get a newer one :) > OpenBSD appears to detect the USB audio device, but is unable to play > any sound through it. I've seen similar posts on this list regarding > USB 2.0 audio devices and various internal USB hub combinations > causing issues, and I'm wondering if this device + laptop combination > is a lost cause? Is there a way to disable USB3 in bios?
Re: Packet in and out on the same eithernet port.
On 2017-05-09, Peter Fraserwrote: > Because of one user's misconfiguration of Microsoft's HypeV, his > virtual machines were not getting the results of arp. As a result > of that configuration all the packets going to machines on the same > subnetwork were going to the default gateway. The default gateway was an > OpenBSD 6.1 server. OpenBSD very slowly forward the packets back out the > same if (an em0) and the packets got to where they were supposed to go. That's normal routing, I don't know why it's slow though. > I a long time ago I tried to redirect, using pf, an external ip > address back to an internal ip address. It did not work, and I believe I > was told it could not work. So I am surprised that the above was working > at all. I also don't understand why it was so slow. This works fine, but you have to NAT as well as redirect. Assume the following addresses: PF machine internal 10.0.0.1, external 192.0.2.1 Original machine internal 10.0.0.100 Target internal 10.0.0.200, external 172.16.1.1 With just rdr: Original machine -> PF 10.0.0.100 -> 172.16.1.1 PF -> rdr target10.0.0.100 -> 10.0.0.200 rdr target -> original 10.0.0.200 -> 10.0.0.100 sent directly The original machine doesn't accept the packet because it's expecting the source address to be the *external* one it sent it to. What should happen is that the packet goes back to PF to be "un-translated". With rdr and nat: Original machine -> PF 10.0.0.100 -> 172.16.1.1 PF -> rdr target10.0.0.1 -> 10.0.0.200 rdr target -> PF10.0.0.200 -> 10.0.0.1 PF -> original 172.16.1.1 -> 10.0.0.100
Re: With Multiple PPPoE interfaces on one will work
Hi, before anything it is necessary to provide a defintion of "not working" and some evidence, like ifconfig, netstat -rn, ping, etc. then somebody will be able to help you. the more information you will provide, the quicker response with a solution you will get. On 10.05.17 07:53, Steve wrote: Hello, In 5.7 it was possible to have multiple pppoe interfaces active and working.This used to work fine with ifstated monitoring for outage and changing routing appropriatelyIn either 5.8 or 5.9 this seems to have stopped working.With both interfaces configured only one interface will ever become active. I am unable to test with 6.0 or 6.1 at the moment. Is anyone familiar with this issue ? Can anyone confirm if this is resolved in 6.0 or 6.1. Thank you.
Re: problem with external disk on 6.1
small add on: this happens only when plug device on a working machine (if device recognized while system boot, it acts normal) And if unplug it later half (physically) and plug again it works ok. On 05/04/17 16:10, Kirill wrote: > Hello! > There is a problem with my WD external disk on 6.1. on 6.0 there are no > problems. > > dmesg: > nightlord@work:[~]% dmesg > OpenBSD 6.1 (GENERIC.MP) #5: Thu Apr 13 11:26:43 MSK 2017 > r...@work.nightbbs.ru:/usr/obj/sys/arch/amd64/compile/GENERIC.MP > real mem = 2056990720 (1961MB) > avail mem = 1990025216 (1897MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe9f80 (85 entries) > bios0: vendor Hewlett-Packard version "786G1 v01.08" date 08/25/2008 > bios0: Hewlett-Packard HP Compaq dc7900 Small Form Factor > acpi0 at bios0: rev 0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC ASF! MCFG TCPA SLIC HPET DMAR > acpi0: wakeup devices COM1(S4) PCI0(S4) PEG1(S4) PEG2(S4) IGBE(S4) > PCX1(S4) PCX2(S4) PCX5(S4) PCX6(S4) HUB_(S4) USB1(S3) USB2(S3) USB3(S3) > USB4(S3) USB5(S3) USB6(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, 3159.08 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu0: 6MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 332MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM)2 Duo CPU E8500 @ 3.16GHz, 3158.73 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR > cpu1: 6MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins > acpimcfg0 at acpi0 addr 0xf400, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (PEG1) > acpiprt2 at acpi0: bus -1 (PEG2) > acpiprt3 at acpi0: bus 32 (PCX1) > acpiprt4 at acpi0: bus -1 (PCX2) > acpiprt5 at acpi0: bus 48 (PCX5) > acpiprt6 at acpi0: bus -1 (PCX6) > acpiprt7 at acpi0: bus 7 (HUB_) > acpicpu0 at acpi0: !C2(500@17 mwait.3@0x10), C1(1000@1 mwait.1) > acpicpu1 at acpi0: !C2(500@17 mwait.3@0x10), C1(1000@1 mwait.1) > "PNP0F13" at acpi0 not configured > "PNP0303" at acpi0 not configured > "PNP0501" at acpi0 not configured > "PNP0700" at acpi0 not configured > "PNP0003" at acpi0 not configured > acpibtn0 at acpi0: PBTN > "PNP0C14" at acpi0 not configured > cpu0: unknown Enhanced SpeedStep CPU, msr 0x0616492206004922 > cpu0: using only highest and lowest power states > cpu0: Enhanced SpeedStep 3159 MHz: speeds: 24333, 2000 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel Q45 Host" rev 0x03 > inteldrm0 at pci0 dev 2 function 0 "Intel Q45 Video" rev 0x03 > drm0 at inteldrm0 > intagp0 at inteldrm0 > agp0 at intagp0: aperture at 0xe000, size 0x1000 > inteldrm0: msi > inteldrm0: 1280x1024, 32bpp > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) > wsdisplay0: screen 1-5 added (std, vt100 emulation) > "Intel Q45 Video" rev 0x03 at pci0 dev 2 function 1 not configured > "Intel Q45 HECI" rev 0x03 at pci0 dev 3 function 0 not configured > pciide0 at pci0 dev 3 function 2 "Intel Q45 PT IDER" rev 0x03: DMA > (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI > pciide0: using apic 1 int 18 for native-PCI interrupt > pciide0: channel 0 ignored (not responding; disabled or no drives?) > pciide0: channel 1 ignored (not responding; disabled or no drives?) > puc0 at pci0 dev 3 function 3 "Intel Q45 KT" rev 0x03: ports: 1 com > com4 at puc0 port 0 apic 1 int 17: ns16550a, 16 byte fifo > com4: probed fifo depth: 15 bytes > em0 at pci0 dev 25 function 0 "Intel ICH10 D BM LM" rev 0x02: msi, > address 00:23:7d:4e:a2:5c > uhci0 at pci0 dev 26 function 0 "Intel 82801JD USB" rev 0x02: apic 1 int 20 > uhci1 at pci0 dev 26 function 1 "Intel 82801JD USB" rev 0x02: apic 1 int 21 > uhci2 at pci0 dev 26 function 2 "Intel 82801JD USB" rev 0x02: apic 1 int 22 > ehci0 at pci0 dev 26 function 7 "Intel 82801JD USB" rev 0x02: apic 1 int 22 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev > 2.00/1.00 addr 1 > azalia0 at pci0 dev 27 function 0 "Intel 82801JD HD Audio" rev 0x02: msi > azalia0: codecs: Analog Devices AD1884A > audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel 82801JD PCIE" rev 0x02: msi > pci1 at ppb0 bus 32 > ppb1
Re: OpenBSD and you
On Wed, May 10, 2017 at 10:32:13AM +0500, ?? ?? wrote: > I think workaround is using pdf format. It's supported now by all > modern browsers. It's open crossplatform standard, simple to storing > and can be opened not only in browsers (obviously). That was the first option that came to mind, and the one I may go for as a supplemental format *if* I can find a way to generate PDFs from this source format *and* get the page breaks right. The print preview is available browsers does not leave much hope of that actually happening, however. The primary purpose here is, and will remain, to have the presentation look nice on any screen that's conveniently available while I do the presentation. If I can find a reasonably automatic way to render this without javascript that's a nice bonus, and I'll keep looking to the extent that it does not seriously disrupt other things I need to get done. The in-browser print preview method is simply not a practical option. And reverting to the previous powerpoint clone rubbish is right out. If I do find a workable option, I'll let you all know. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD and you
On Tue, May 09, 2017 at 10:22:21PM +0200, Peter N. M. Hansteen wrote: > And I was just reminded off-list that the remark markdown variant > (https://github.com/gnab/remark) used for this presentation requires > javascript enabled in your browser. > > Sorry about that. > > I'll be looking into workarounds, hopefully some can be found. I think workaround is using pdf format. It's supported now by all modern browsers. It's open crossplatform standard, simple to storing and can be opened not only in browsers (obviously). > > - Peter > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >