Re: httpd location statement

[Alexey Vatchenko]

> On 11 Dec 2020, at 00:16, Todd C. Miller  wrote:
> 
> On Thu, 10 Dec 2020 19:24:20 +0200, Alexey Vatchenko wrote:
> 
>> I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 OpenBSD’s htt
>> pd.
>> In my configuration I use Handler for .html, .htm, .css, .js and 4 more exten
>> sions.
>> I’ve found a way to configure it for one extension and it works great!
>> 
>> location “*.html” {
>>fastcgi {
>>socket “/run/slowcgi.sock”
>>param SCRIPT_FILENAME “/path/to/handler.pl"
>>}
>> }
> 
> Can't you just use lua-style patterns with "location match ..."?
> See the CAPTURES section in pattern(7) for details.

Sorry, still don’t understand how captures can help in this case.
In my understanding, it lacks "OR” to avoid duplicating identical location 
blocks.

location “*.html|*.css|*.js” {

}

instead of

location “*.html” {
}
location “*.css” {
}
location “*.js” {
}

Could you please give an example of using captures for this case?

Re: Default installurl and Package Source

[Chris Bennett]

On Thu, Dec 10, 2020 at 10:24:27PM -, Stuart Henderson wrote:
> > Please use https. Some ISP's insert crap into http.
> 
> Sounds a good reason to use a better ISP :)
> 

You're right about that and the CPU waste.
I had an ISP a few years ago at home that tampered with http.
Once burned, twice shy.

Chris

> Packages packing-lists are verified using signify signatures, and files
> inside the package using sha256 from the (signed) plist, so it will be
> very obvious if those files are changed.
> 
> And because pkg_add doesn't use persistent connections, https really
> slows it down as it has to make a new TLS handshake for every package
> you have installed (even if no update is needed).
> 
> > Certs are free, why doesn't a trusted source not have one?
> 
> Some mirror servers are not on especially new hardware and may not have
> loads of cpu to spare to encrypt everything. Also some may consider it a
> waste of cpu time if the files are signed anyway. (For file distribution
> where signature checks are not done automatically, I have a feeling
> that seeing something fetched over https might suggest to the user that
> things are safe and they don't need to bother to do a check manually -
> this is of course not the case as https does nothing to help if a server
> has been compromised, it only deals with the transport layer).
> 
> > IMHO, you really should run stable. Although you might look at the
> 
> Or -current :-)
> 
> > patches and decide not to. packages-stable may or may not have security
> > fixes you need. syspatch often, but not always, needs a reboot.
> >
> > But it's your system, do as you please. A security patch might not be
> > relevant to you.
> >
> > Chris Bennett
> >
> >
> >
> 

Re: Default installurl and Package Source

[Stuart Henderson]

On 2020-12-10, Chris Bennett  wrote:
> On Wed, Dec 09, 2020 at 11:22:58AM +0800, Tito Mari Francis Escaño wrote:
>> Hi misc,
>> I recently installed 6.8 on VM then applied errata patches.
>> When I tried to install git, it complained that git is not in the
>> packages-stable folder, I was pleasantly surprised. The
>> /etc/installurl by default is http://cdn.openbsd.org/pub/OpenBSD, and
>> I got error 503 on the site. Checking the default URL indicates it may
>> be down, same goes for Cloudflare CDN, Verizon seems working alright.
>> When I changed /etc/installurl to where I used to get packages:
>> http://ftp.jaist.ac.jp/pub/OpenBSD, it worked as expected.
>> This raised the following questions:
>> Does this mean when we apply errata patches, we're now automatically
>> using stable release and need to use stable packages?
>> Is it advisable to keep the /etc/installurl automatically default to
>> http://cdn.openbsd.org/pub/OpenBSD or should users be advised to
>> select packages from package sources geographically near them?
>> Please advise. Thanks and keep up the great work.

If you have a good local mirror then it is usually the best choice to
use it. In that case the actual files are present on the system near you.

With the CDNs, unless you pick a frequently accessed file that is cached
locally, they are fetched from the origin server (for cdn.openbsd.org
this is in Canada reached via Seattle). This is usually via a fairly
fast network and with various optimizations that mean it's likely to
be faster than fetching it directly from Canada yourself, but unless
you're fairly close then it's likely to still be slower than a local
"real" mirror.

For snapshots there are additional problems, you're very unlikely
to get any benefit from the cache at all, and because the filenames
don't change between snapshots if files are cached near you then
there can be problems getting a mix of two snaps.

> If you find a good mirror, you can hard code the PKG_PATH
> export PKG_PATH=...
> it can use multiple servers separated by :
> Be sure to change it to 6.9 later!

Assuming they use the standard /pub/OpenBSD paths then you can
set PKG_PATH to just the mirror name and the version (or "snapshots")
and arch will be filled in. Or if you always use snapshots you can
use http://whatever/pub/OpenBSD/snapshots/%a then you don't need to
mess about with pkg_add -Dsnap around release time.

> That's what I do when I have cdn problems.
> Avoid the OpenBSD source, if possible.
> Please use https. Some ISP's insert crap into http.

Sounds a good reason to use a better ISP :)

Packages packing-lists are verified using signify signatures, and files
inside the package using sha256 from the (signed) plist, so it will be
very obvious if those files are changed.

And because pkg_add doesn't use persistent connections, https really
slows it down as it has to make a new TLS handshake for every package
you have installed (even if no update is needed).

> Certs are free, why doesn't a trusted source not have one?

Some mirror servers are not on especially new hardware and may not have
loads of cpu to spare to encrypt everything. Also some may consider it a
waste of cpu time if the files are signed anyway. (For file distribution
where signature checks are not done automatically, I have a feeling
that seeing something fetched over https might suggest to the user that
things are safe and they don't need to bother to do a check manually -
this is of course not the case as https does nothing to help if a server
has been compromised, it only deals with the transport layer).

> IMHO, you really should run stable. Although you might look at the

Or -current :-)

> patches and decide not to. packages-stable may or may not have security
> fixes you need. syspatch often, but not always, needs a reboot.
>
> But it's your system, do as you please. A security patch might not be
> relevant to you.
>
> Chris Bennett
>
>
>

Re: httpd location statement

[Todd C . Miller]

On Thu, 10 Dec 2020 19:24:20 +0200, Alexey Vatchenko wrote:

> I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 OpenBSD’s htt
> pd.
> In my configuration I use Handler for .html, .htm, .css, .js and 4 more exten
> sions.
> I’ve found a way to configure it for one extension and it works great!
>
> location “*.html” {
> fastcgi {
> socket “/run/slowcgi.sock”
> param SCRIPT_FILENAME “/path/to/handler.pl"
> }
> }

Can't you just use lua-style patterns with "location match ..."?
See the CAPTURES section in pattern(7) for details.

 - todd

Re: httpd location statement

[Alexey Vatchenko]

> On 10 Dec 2020, at 20:51, Florian Obser  wrote:
> 
> I think the only way is to repeat the location statement for each extension :/

If preparing a patch, what is the preferable syntax for this functionality?

location regex “/.*\.(html|css){1}$” {
# something
}

Re: httpd location statement

[Florian Obser]

I think the only way is to repeat the location statement for each extension :/

You can leave out the socket since that's the default

On 10 December 2020 18:24:20 CET, Alexey Vatchenko  
wrote:
>Hello!
>
>I’m migrating from ancient server with OpenBSD’s apache1 to 6.8
>OpenBSD’s httpd.
>In my configuration I use Handler for .html, .htm, .css, .js and 4 more
>extensions.
>I’ve found a way to configure it for one extension and it works great!
>
>location “*.html” {
>fastcgi {
>socket “/run/slowcgi.sock”
>param SCRIPT_FILENAME “/path/to/handler.pl"
>}
>}
>
>And I havn't found a way to specify multiple extensions.
>
>Any advice how to do it?
>
>Thanks in advance!

-- 
Sent from a mobile device. Please excuse poor formating.

httpd location statement

[Alexey Vatchenko]

Hello!

I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 OpenBSD’s httpd.
In my configuration I use Handler for .html, .htm, .css, .js and 4 more 
extensions.
I’ve found a way to configure it for one extension and it works great!

location “*.html” {
fastcgi {
socket “/run/slowcgi.sock”
param SCRIPT_FILENAME “/path/to/handler.pl"
}
}

And I havn't found a way to specify multiple extensions.

Any advice how to do it?

Thanks in advance!

Re: Internal Microphone on Thinkpad X1 Carbon 7th gen not working

[Stefan Hagen]

Alexandre Ratchov wrote:
> On Thu, Dec 10, 2020 at 10:30:56AM +0100, Anders Damsgaard wrote:
>> * Stefan Hagen [2020-12-10 10:14:35 +0100]:
>>> Bodie wrote:
 On 9.12.2020 20:43, Stefan Hagen wrote:
> Hello Zachary,
>
> Zachary Campbell wrote:
>> Any luck with this? I am also struggling to get the internal
>> mic to work on the X1 Carbon 7th Gen. Have gone through
>> everything discussed here, but still no luck.
>>
>> My dmesg and mixerctl match those already shared in thread.
>> Happy to share anything else that might be helpful, but after
>> reading through the multimedia FAQ and this thread I am
>> not quite sure where to go next.
>
> No progress here.
>
> I think all needed information is in here.
> https://bbs.archlinux.org/viewtopic.php?id=249900

 That part on SST remind me my problem with audio on T590 under Windows.
 For at least two patch builds Windows had issue to picking up wrong
 driver for audio. Instead of regular HD Audio they were setting
 up SST HD Audio and then output/input were not working.

 So maybe it is something wrong inside that HW like reporting wrong
 capabilities?
>>>
>>> Not unlikely as "microphone not working on x1 carbon gen 7" complaints
>>> are all over the place. The solution for ms windows is upgrade + use
>>> newest drivers. So yes, I assume there's something off that has been
>>> fixed in software.
>>>
>>> I've seen similar complaints about Dell Laptops that are also using
>>> the Realtek ALC285 chip.
>>>
>>> If it's just this one chip, then fine, let's ignore it.
>>>
>>> Can someone with a X1 Carbon Gen 8 report it working?
>>
>> The same issue persists on 8th generation, also reported to dmesg@.
>>
>> azalia0 at pci0 dev 31 function 3 "Intel 400 Series HD Audio" rev 0x00: msi
>> azalia0: codecs: Realtek ALC285, Intel/0x280b, using Realtek ALC285
>> audio0 at azalia0
>>
>> Also, the mic is enabled in BIOS and kern.audio.record=1.
>
> AFAIU, all audio components but the internal microphone are connected
> to the "Realtek ALC285" codec which is handled by azalia(4). The
> internal microphone uses the Intel Smart Sound Technology, which needs
> a dedicated driver.
 ^^
Right! That's how it shows up on windows.

I think it's *not* worth to create a driver for the internal microphone.
It's really not that useful most of the time.

But it's good to know that it's not just configuration that's missing.
So I can stop fiddling and accept that it does not work.

Thanks,
Stefan

Re: Internal Microphone on Thinkpad X1 Carbon 7th gen not working

[Alexandre Ratchov]

On Thu, Dec 10, 2020 at 10:30:56AM +0100, Anders Damsgaard wrote:
> * Stefan Hagen  [2020-12-10 10:14:35 +0100]:
> 
> > Bodie wrote:
> > > 
> > > 
> > > On 9.12.2020 20:43, Stefan Hagen wrote:
> > > > Hello Zachary,
> > > > 
> > > > Zachary Campbell wrote:
> > > > > Any luck with this? I am also struggling to get the internal
> > > > > mic to work on the X1 Carbon 7th Gen. Have gone through
> > > > > everything discussed here, but still no luck.
> > > > > 
> > > > > My dmesg and mixerctl match those already shared in thread.
> > > > > Happy to share anything else that might be helpful, but after
> > > > > reading through the multimedia FAQ and this thread I am
> > > > > not quite sure where to go next.
> > > > 
> > > > No progress here.
> > > > 
> > > > I think all needed information is in here.
> > > > https://bbs.archlinux.org/viewtopic.php?id=249900
> > > > 
> > > 
> > > That part on SST remind me my problem with audio on T590 under Windows.
> > > For at least two patch builds Windows had issue to picking up wrong
> > > driver for audio. Instead of regular HD Audio they were setting
> > > up SST HD Audio and then output/input were not working.
> > > 
> > > So maybe it is something wrong inside that HW like reporting wrong
> > > capabilities?
> > 
> > Not unlikely as "microphone not working on x1 carbon gen 7" complaints
> > are all over the place. The solution for ms windows is upgrade + use
> > newest drivers. So yes, I assume there's something off that has been
> > fixed in software.
> > 
> > I've seen similar complaints about Dell Laptops that are also using
> > the Realtek ALC285 chip.
> > 
> > If it's just this one chip, then fine, let's ignore it.
> > 
> > Can someone with a X1 Carbon Gen 8 report it working?
> > 
> > Best Regards,
> > Stefan
> > 
> 
> The same issue persists on 8th generation, also reported to dmesg@.
> 
> azalia0 at pci0 dev 31 function 3 "Intel 400 Series HD Audio" rev 0x00: msi
> azalia0: codecs: Realtek ALC285, Intel/0x280b, using Realtek ALC285
> audio0 at azalia0
> 
> Also, the mic is enabled in BIOS and kern.audio.record=1.
> 

AFAIU, all audio components but the internal microphone are connected
to the "Realtek ALC285" codec which is handled by azalia(4). The
internal microphone uses the Intel Smart Sound Technology, which needs
a dedicated driver.

Linux has a driver written by Intel employees, which is around twice
as big as azalia. It's unclear how difficult it would be to write a
openbsd-ish driver that simply makes the hardware work. Sorry.

Meanwhile, if this is for voice calls, I'd suggest either using a
phone headset (the x1 probably has a trrs jack) or a comfortable
full-duplex usb headset; most work way better than the internal
mics/speakers.

Re: Internal Microphone on Thinkpad X1 Carbon 7th gen not working

[Anders Damsgaard]

* Stefan Hagen  [2020-12-10 10:14:35 +0100]:


Bodie wrote:



On 9.12.2020 20:43, Stefan Hagen wrote:

Hello Zachary,

Zachary Campbell wrote:

Any luck with this? I am also struggling to get the internal
mic to work on the X1 Carbon 7th Gen. Have gone through
everything discussed here, but still no luck.

My dmesg and mixerctl match those already shared in thread.
Happy to share anything else that might be helpful, but after
reading through the multimedia FAQ and this thread I am
not quite sure where to go next.


No progress here.

I think all needed information is in here.
https://bbs.archlinux.org/viewtopic.php?id=249900



That part on SST remind me my problem with audio on T590 under Windows.
For at least two patch builds Windows had issue to picking up wrong
driver for audio. Instead of regular HD Audio they were setting
up SST HD Audio and then output/input were not working.

So maybe it is something wrong inside that HW like reporting wrong
capabilities?


Not unlikely as "microphone not working on x1 carbon gen 7" complaints
are all over the place. The solution for ms windows is upgrade + use
newest drivers. So yes, I assume there's something off that has been
fixed in software.

I've seen similar complaints about Dell Laptops that are also using
the Realtek ALC285 chip.

If it's just this one chip, then fine, let's ignore it.

Can someone with a X1 Carbon Gen 8 report it working?

Best Regards,
Stefan



The same issue persists on 8th generation, also reported to dmesg@.

azalia0 at pci0 dev 31 function 3 "Intel 400 Series HD Audio" rev 0x00: msi
azalia0: codecs: Realtek ALC285, Intel/0x280b, using Realtek ALC285
audio0 at azalia0

Also, the mic is enabled in BIOS and kern.audio.record=1.

Cheers, Anders

Re: Internal Microphone on Thinkpad X1 Carbon 7th gen not working

[Stefan Hagen]

Bodie wrote:
>
>
> On 9.12.2020 20:43, Stefan Hagen wrote:
>> Hello Zachary,
>>
>> Zachary Campbell wrote:
>>> Any luck with this? I am also struggling to get the internal
>>> mic to work on the X1 Carbon 7th Gen. Have gone through
>>> everything discussed here, but still no luck.
>>>
>>> My dmesg and mixerctl match those already shared in thread.
>>> Happy to share anything else that might be helpful, but after
>>> reading through the multimedia FAQ and this thread I am
>>> not quite sure where to go next.
>>
>> No progress here.
>>
>> I think all needed information is in here.
>> https://bbs.archlinux.org/viewtopic.php?id=249900
>>
>
> That part on SST remind me my problem with audio on T590 under Windows.
> For at least two patch builds Windows had issue to picking up wrong
> driver for audio. Instead of regular HD Audio they were setting
> up SST HD Audio and then output/input were not working.
>
> So maybe it is something wrong inside that HW like reporting wrong
> capabilities?

Not unlikely as "microphone not working on x1 carbon gen 7" complaints
are all over the place. The solution for ms windows is upgrade + use
newest drivers. So yes, I assume there's something off that has been
fixed in software.

I've seen similar complaints about Dell Laptops that are also using
the Realtek ALC285 chip.

If it's just this one chip, then fine, let's ignore it.

Can someone with a X1 Carbon Gen 8 report it working?

Best Regards,
Stefan