Re: Bluetooth support status

[John Brahy]

Ha. I was about to start out with how I can guess how complicated managing
an operating system is. Then I see the last line of your email saying, "How
about if you don't know, stop making guesses".

My comments only apply to my experience coding for bluetooth on mobile
devices and it was just overcomplicated for me and I felt it was opening up
an unnecessary attack surface. That opinion has nothing to do with OpenBSD.

Just writing this here in case someone tries to use this in a future
conversation.







On Wed, Aug 7, 2019 at 10:22 AM Theo de Raadt  wrote:

> Bryan Wright  wrote:
>
> > > On Aug 7, 2019, at 10:06, Theo de Raadt  wrote:
> > >
> > > Bryan Wright  wrote:
> > >
> > >> Are there technical/philosophical problems that make all versions of
> > >> Bluetooth incompatible with the project, or is it a just matter of
> > >> removing what is not being maintained?
> > >
> > > I'm sure a bunch of you can come up with theories about what actually
> > > transpired, without reading any of the code that used to be here, or
> > > the commit messages.
> > >
> > > Basically, feel free to keep making up stuff.
> > >
> >
> > I’m sorry, Theo.  I’ve read some, but I’m sure I haven’t read all the
> history.  I didn’t mean anything by my question, but perhaps I should have
> done more reading before asking.  Apologies.
>
> Beyond the commit messages, none of us owes anyone any sort of explanation,
> no matter how much it is begged for.
>
> What bothers me greatly is the begging pattern of introducing fake
> theories, and a year or so later those fake theories are used as part of
> the evidence chain in a new discussion, and another few years later even
> more fake discussion is used to create new fake discussion, and
> eventually everyone believes parts of it.
>
> How about if you don't know, stop making up guesses.
>
>
>

Re: Bluetooth support status

[John Brahy]

Right, without reading the code and only reading this commit message
it's all conjecture.

I was just hoping to hear something more if someone was inclined to share.

 inclined. The commit message seems like some sort of inside joke.




Log message:
"It's not the years, honey; it's the mileage."

bluetooth support doesn't work and isn't going anywhere. the current
design is a dead end, and should not be the basis for any future support.
general consensus says to whack it so as to not mislead the unwary.


On Wed, Aug 7, 2019 at 10:06 AM Theo de Raadt  wrote:

> Bryan Wright  wrote:
>
> > Are there technical/philosophical problems that make all versions of
> > Bluetooth incompatible with the project, or is it a just matter of
> > removing what is not being maintained?
>
> I'm sure a bunch of you can come up with theories about what actually
> transpired, without reading any of the code that used to be here, or
> the commit messages.
>
> Basically, feel free to keep making up stuff.
>
>

Re: Bluetooth support status

[John Brahy]

ok, thanks. Bluetooth is overcomplicated and if it's not managed properly
it just opens up the attack surface for no reason.

It definitely makes some things easy but there are always workarounds.


On Tue, Aug 6, 2019 at 11:52 PM Consus  wrote:

> On 17:12 Tue 06 Aug, John Brahy wrote:
> > Hello,
> >
> > Just curious if there was any change in OpenBSD supporting bluetooth.
>
> Sadly, there is none.
>

Bluetooth support status

[John Brahy]

Hello,

Just curious if there was any change in OpenBSD supporting bluetooth.

In this commit from tedu@ it's saying that support was ripped out of the
kernel because it never really worked.

https://marc.info/?l=openbsd-cvs=140511572108715=2

man -k blue brings up nothing appros.

Thanks,

JB

Apple Display via Thunderbolt on macbook pro

[John Brahy]

Hello,

I have OpenBSD 6.5 installed on a MacBook Pro (mid-2015) and I was hoping
to use a couple of my 27" Apple Displays with it. Has anyone had any
success with them? I don't see anything pop up in dmesg when I plug them in
so not sure if the system detects them or of OpenBSD recognizes the
Thunderbolt bus. I see "Intel DSL 5520 Thunderbolt" rev 0x00 at pci4 dev 0
function 0 not configured in the dmesg.

Thanks,

John

Re: Broadcom BCM5716 support in 4.6/snapshots

[John Brahy]

Sorry for the delay. Her'es the dmesg




On Sun, Sep 13, 2009 at 6:42 PM, David Gwynne l...@animata.net wrote:

 which dells specifically? are you able to get a dmesg off it?

 dlg


 On 14/09/2009, at 6:47 AM, John Brahy wrote:

 Hi,

 I bought a couple new dells with Broadcom BCM5716 chips on the motherboard
 for network support but everytime I boot and it gets to the starting
 network
 it reboots on me.

 Anyone have any ideas on this?

 thanks,

 JB




** *John Brahy  *|  CTO  |  P 310.356.7500  |  F 310.356.7520
jbr...@snowball-media.com  |  1990 East Grand Ave, Suite 200, El Segundo, CA
90245

[demime 1.01d removed an attachment of type application/zip which had a name of 
dmesg.zip]

Re: Broadcom BCM5716 support in 4.6/snapshots

[John Brahy]

com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
rd0: fixed, 3800 blocks
uhub8 at uhub0 port 3 vendor 0x0424 product 0x2514 rev 2.00/0.00 addr 2
uhub9 at uhub2 port 1 Dell Dell USB Keyboard Hub rev 1.10/48.00 addr 2
umass0 at uhub4 port 1 configuration 1 interface 0 TEAC TEAC FD-05PUB rev
2.00/0.00 addr 2
umass0: using UFI over CBI with CCI
scsibus2 at umass0: 2 targets, initiator 0
sd1 at scsibus2 targ 1 lun 0: TEAC, FD-05PUB, 3000 ATAPI 0/direct
removable
sd1: 1MB, 512 bytes/sec, 2880 sec total
uhidev0 at uhub9 port 1 configuration 1 interface 0 Dell Dell USB Keyboard
Hub rev 1.10/48.00 addr 3
uhidev0: iclass 3/1
ukbd0 at uhidev0
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub9 port 1 configuration 1 interface 1 Dell Dell USB Keyboard
Hub rev 1.10/48.00 addr 3
uhidev1: iclass 3/0, 3 report ids
uhid at uhidev1 reportid 1 not configured
uhid at uhidev1 reportid 2 not configured
uhid at uhidev1 reportid 3 not configured
softraid0 at root
root on rd0a swap on rd0b dump on rd0b
bnx0: address 00:24:e8:6c:2d:99
brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8
bnx1: address 00:24:e8:6c:2d:9a
brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8
sd1(umass0:1:0): Check Condition (error 0x70) on opcode 0x2a
SENSE KEY: Not Ready
 ASC/ASCQ: ASC 0x3a ASCQ 0x00


On Sun, Sep 13, 2009 at 6:42 PM, David Gwynne l...@animata.net wrote:

 which dells specifically? are you able to get a dmesg off it?

 dlg


 On 14/09/2009, at 6:47 AM, John Brahy wrote:

  Hi,

 I bought a couple new dells with Broadcom BCM5716 chips on the motherboard
 for network support but everytime I boot and it gets to the starting
 network
 it reboots on me.

 Anyone have any ideas on this?

 thanks,

 JB




** *John Brahy  *|  CTO  |  P 310.356.7500  |  F 310.356.7520
jbr...@snowball-media.com  |  1990 East Grand Ave, Suite 200, El Segundo, CA
90245

Broadcom BCM5716 support in 4.6/snapshots

[John Brahy]

Hi,

I bought a couple new dells with Broadcom BCM5716 chips on the motherboard
for network support but everytime I boot and it gets to the starting network
it reboots on me.

Anyone have any ideas on this?

thanks,

JB

newfs block device

[John Brahy]

Have I completely lost my mind or should I be able to give newfs a block device?

# df -ht ffs
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a 1006M203M753M21%/
/dev/wd0j  7.9G6.0G1.5G81%/home
/dev/wd0i 1006M6.0K956M 0%/tmp
/dev/wd0d  3.9G1.2G2.6G32%/usr
/dev/wd0k  9.8G730M8.6G 8%/usr/local
/dev/wd0f  2.0G   66.6M1.8G 3%/usr/obj
/dev/wd0e  2.0G1.1G774M60%/usr/src
/dev/wd0h 1006M123M833M13%/var
/dev/wd0l  114G   78.4G   30.1G72%/virtualhosts
/dev/wd1a  367G   84.9G264G24%/backups
/dev/wd0g  2.0G221M1.7G12%/usr/ports
# umount obj
# newfs /dev/wd0f
newfs: /dev/wd0f: block device
#

I thought that I have done that before. Have we lost functionality in
4.5 or just my mind?

PF/NAT Issue

[John Brahy]

Hello,

I'm having a problem with NAT. I have given up trying fancy pf stuff
and I am using a barely modified version of the example ruleset from
the using pf guide on the OpenBSD site:

# OpenBSD Packet Filter Configuration
#

# macros
ext_if=dc0
int_if=sis0

tcp_services={ 22, 113 }
icmp_types=echoreq

# options
set block-policy return
set loginterface $ext_if

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $ext_if from !($ext_if) - ($ext_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021

# filter rules
block in

pass out keep state

anchor ftp-proxy/*
antispoof quick for { lo $int_if }

pass in on $ext_if inet proto tcp from any to ($ext_if) port
$tcp_services flags S/SA keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in quick on $int_if


the only thing that I took out was the web server, so there is no
inbound access in this configuration. I have the same pf.conf file on
both of my servers. The layout looks like this.


Internet
 |
 - public ip
OpenBSD box A running as router
 - public ip
 |
 - public ip
OpenBSD box B running as firewall
 - 10.100.100.1
 |
 - 10.100.100.120
OpenBSD box C running as desktop


The problem that I am having is that I can't surf the information
superhighway from box C. So I've been looking at the network traffic
to see how far it is going and it's getting past the firewall but not
past the router.

I believe the problem is that box B is not preforming network address
translation for box C. When I do a tcpdump on the interface connection
box A and box B I see packets with 10.100.100.120 as the address.

Is there a magic Turn Nat On switch I'm not using? I have modified
by /etc/sysctl.conf to enable ip forwarding.

I'm stuck... Does anyone have a suggestion on what I can try or what I
am doing wrong?

Thanks,

JB

Re: PF/NAT Issue

[John Brahy]

It must have been a hardware issue, I just replaced the ethernet card
and things are working fine.

thanks anyway.

Best hardware platform for home automation system

[John Brahy]

Hi Everyone,

I wanted to find out if anyone has experience with creating home
automation systems using OpenBSD. I was planning on buying a random
fanless micro atx system. I was hoping to get some suggestions from
y'all. I know there is a hardware compatibility list at
http://www.openbsd.org but I was looking for specific experience with
motherboards with supported ethernet chips (I'm sure most work anyway)
and devices to turn things on and off.

Thanks for your time,

JB

what's the best way to configure a 3.75TB datastore?

[John Brahy]

Hello List,

We're the proud new owner of a 10x750GB appliance. We're going to put
OpenBSD on it and I was looking for suggestions or feedback on a
configuration we were considering. This server is going to be stored at our
colo and we have a point to point T1 directly connected to it. (We're going
to initially populate it here and only have to rsync daily differences after
hours.) 

Luca-Brozzi.ad2.com
-

Partition   Size(GB)
 /  2
 swap   8
 /usr   4
 /usr/local 4
 /usr/obj   4
 /usr/src   4
 /var   2
 /home  20
 /tmp   2
 /backups/server1   400
 /backups/server2   400
 /backups/server3   400
 /backups/server4   400
 /backups/server5   400
 /backups/server6   400
 /backups/server7   400
 /backups/server8   400
 /backups/server9   400


Is this the best way to do it? Does anyone have suggestions on a better way
to do it?

Thanks,

John

Re: what's the best way to configure a 3.75TB datastore?

[John Brahy]

  I'd really recommend to run, if possible, Solaris and take advantage of
ZFS with
  all its nice tools and features.

That's a great idea, I always think OpenBSD for everything but I don't want
to know how long it would take to fsck 3.75TB. 

I'm going to go with Solaris w/ZFS. 

Thanks!

rmoption INET6

[John Brahy]

Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't use
IPV6.

Re: rmoption INET6

[John Brahy]

You don't recompile your kernel? Isn't that part of keeping with stable?

-Original Message-
From: Paul de Weerd [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, March 28, 2007 2:27 PM
To: John Brahy
Cc: misc@openbsd.org
Subject: Re: rmoption INET6

On Wed, Mar 28, 2007 at 01:54:48PM -0700, John Brahy wrote:
| Is there any reason I shouldn't add rmoption INET6 to my kernel? I don't
use
| IPV6.

The fact that you will run your own, unsupported, frankensteined
kernel may be detrimental to your quest. You may want to remove driver
support for all the hardware that you don't have, remove support for
ccd, pfsync, carp and other fun software goodies you never plan on
using, but to what end ?

If you really fear the IPv6-beast, use pf to 'block in all inet6' and
just don't care. Don't build your own kernel. See the FAQ.

Cheers,

Paul 'WEiRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: rmoption INET6

[John Brahy]

So if I use GENERIC and then disable ipv6 is that a safe thing do to? In
light of the recent security issue and since I don't use ipv6 I thought it
would make the system more secure, but I definitely don't want to make it
unstable. 

Problem routing 10.x.x.x networks through a firewall

[John Brahy]

Hello,

I am having a problem routing IP traffic on my network. my firewall
has three interfaces.

 |
+-+--+
|  P2P - t1  |
|   router   |
|  10.1.2.1  |
+-+--+
 |
+-+--+
|  10.1.2.2  |
|   router   |
|  10.1.3.1  |
+-+--+
 |
+-+--+ +---+
|  10.1.3.2  | |  DMZ host |
|  firewall  +-+ 10.1.15.10 |
|  10.1.1.1  | +---+
+-+--+
 |
+-+--+
| 10.1.11.100 |
++

I have net.ip.forwarding=1 and my pf.conf is completely empty right
now. From the 10.1.1.100 client, I can't ping the internet from
10.1.11.100, but I can from my firewall. Is there anything special I
have to do to route private networks? Here's the ipv4 info from
netstat.

Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  Interface
default10.1.3.1   UGS 03  -   em0
10.1.3/24  link#1 UC  10  -   em0
10.1.3.1   00:b0:a2:89:13:45  UHLc1 1469  -   em0
10.1.11/24 link#3 UC  00  -   em2
10.1.15/24 link#2 UC  00  -   em1
127/8  127.0.0.1  UGRS00  33192   lo0
127.0.0.1  127.0.0.1  UH  10  33192   lo0
224/4  127.0.0.1  URS 00  33192   lo0

Any help would be greatly appreciated.

Thanks!

John

Re: Problem routing 10.x.x.x networks through a firewall

[John Brahy]

On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote:

John Brahy wrote:
 Hello,

 I am having a problem routing IP traffic on my network. my firewall
 has three interfaces.

  |
 +-+--+
 |  P2P - t1  |
 |   router   |
 |  10.1.2.1  |
 +-+--+
  |
 +-+--+
 |  10.1.2.2  |
 |   router   |
 |  10.1.3.1  |
 +-+--+
  |
 +-+--+ +---+
 |  10.1.3.2  | |  DMZ host |
 |  firewall  +-+ 10.1.15.10 |
 |  10.1.11.1  | +---+
 +-+--+
  |
 +-+--+
 | 10.1.11.100 |
 ++

 I have net.ip.forwarding=1 and my pf.conf is completely empty right
 now. From the 10.1.1.100 client, I can't ping the internet from
 10.1.11.100, but I can from my firewall. Is there anything special I
 have to do to route private networks? Here's the ipv4 info from
 netstat.

 Routing tables

 Internet:
 DestinationGatewayFlagsRefs  UseMtu
 Interface
 default10.1.3.1   UGS 03  -   em0
 10.1.3/24  link#1 UC  10  -   em0
 10.1.3.1   00:b0:a2:89:13:45  UHLc1 1469  -   em0
 10.1.11/24 link#3 UC  00  -   em2
 10.1.15/24 link#2 UC  00  -   em1
 127/8  127.0.0.1  UGRS00  33192   lo0
 127.0.0.1  127.0.0.1  UH  10  33192   lo0
 224/4  127.0.0.1  URS 00  33192   lo0

 Any help would be greatly appreciated.

 Thanks!

 John

You have a network behind a network.
The router that is connected to the internet only knows about the
networks that it is directly attached to.
You would need to tell the external router about the innermost network
through a static route.




From 10.1.11.100 I am not able to ping 10.1.3.1.

Re: Problem routing 10.x.x.x networks through a firewall

[John Brahy]

On 1/30/07, John Brahy [EMAIL PROTECTED] wrote:

On 1/30/07, Will H. Backman [EMAIL PROTECTED] wrote:
 John Brahy wrote:
  Hello,
 
  I am having a problem routing IP traffic on my network. my firewall
  has three interfaces.
 
   |
  +-+--+
  |  P2P - t1  |
  |   router   |
  |  10.1.2.1  |
  +-+--+
   |
  +-+--+
  |  10.1.2.2  |
  |   router   |
  |  10.1.3.1  |
  +-+--+
   |
  +-+--+ +---+
  |  10.1.3.2  | |  DMZ host |
  |  firewall  +-+ 10.1.15.10 |
  |  10.1.11.1  | +---+
  +-+--+
   |
  +-+--+
  | 10.1.11.100 |
  ++
 
  I have net.ip.forwarding=1 and my pf.conf is completely empty right
  now. From the 10.1.1.100 client, I can't ping the internet from
  10.1.11.100, but I can from my firewall. Is there anything special I
  have to do to route private networks? Here's the ipv4 info from
  netstat.
 
  Routing tables
 
  Internet:
  DestinationGatewayFlagsRefs  UseMtu
  Interface
  default10.1.3.1   UGS 03  -   em0
  10.1.3/24  link#1 UC  10  -   em0
  10.1.3.1   00:b0:a2:89:13:45  UHLc1 1469  -   em0
  10.1.11/24 link#3 UC  00  -   em2
  10.1.15/24 link#2 UC  00  -   em1
  127/8  127.0.0.1  UGRS00  33192   lo0
  127.0.0.1  127.0.0.1  UH  10  33192   lo0
  224/4  127.0.0.1  URS 00  33192   lo0
 
  Any help would be greatly appreciated.
 
  Thanks!
 
  John
 
 You have a network behind a network.
 The router that is connected to the internet only knows about the
 networks that it is directly attached to.
 You would need to tell the external router about the innermost network
 through a static route.


From 10.1.11.100 I am not able to ping 10.1.3.1.




ok, thank you very much. I put static routes into my router and now
it's dialed in.

thanks!

carp for one server?

[John Brahy]

I know carp is the way to go to provide address redundancy but I was
wondering if it's the best way to do it on one server? I've got two
interfaces and I'd like to only use one public ip address.
Is carp the way to go or is there a better way?

thanks!

Re: carp for one server?

[John Brahy]

perfect! thank you!

On 1/9/07, Bret Lambert [EMAIL PROTECTED] wrote:

On Tue, 2007-01-09 at 10:12 -0800, John Brahy wrote:
 I know carp is the way to go to provide address redundancy but I was
 wondering if it's the best way to do it on one server? I've got two
 interfaces and I'd like to only use one public ip address.
 Is carp the way to go or is there a better way?


Depending on your setup, trunk(4) in failover mode might be just
as useful.

-Bert

 thanks!

ifconfig commands for trunk0 to hostname.trunk0

[John Brahy]

How would I translate this into  /etc/hostname.trunk0?

ifconfig em0 up
ifconfig em1 up
ifconfig trunk0 trunkport em0 trunkport em1 xx.xx.xx.xx netmask 255.255.255.0

should it just be
!/sbin/ifconfig em0 up
!/sbin/ifconfig em1 up
!/sbin/ifconfig trunk0 trunkport em0 trunkport em1 xx.xx.xx.xx netmask
255.255.255.0

or is there a more syntactically correct way to to it?

Partitions

[John Brahy]

At first I didn't understand the reason for all the partitions (
http://archives.neohapsis.com/archives/openbsd/2001-01/1654.html) now I
can't have enough partitions

In my official OpenBSD CD sleeve it says to create these partitions:
/
swap
/tmp
/var
/usr
/home

and over time I have learned to appreciate these, but lately I have been
creating more partitions
/usr/src
/usr/obj
are two of the ones that are suggested when rebuilding my system and I
definitely like the speed of doing a newfs to /usr/obj

I also have been putting mysql on it's own partition and then I got a little
crazier and added more partitions and my list has grown to this:

/
/home
/tmp
/var
/var/mysql
/usr
/usr/local
/usr/src
/usr/obj
/usr/Xbld
/usr/XF4
/usr/local
/virtualhosts

So am I going overboard? or am I missing any good partions.

when I first posted Nick Holland replied with several reasons to have
multiple partions. Those being
security, fragmentation, protecting the filesystem from overfilling,
organization and space tracking.

does increasing the amount of partitions increase access to the files on
that partition?

Any feedback would be appreciated.

Thanks,

John

T1 and DSL failover? redundancy?

[John Brahy]

I was hoping to get some suggestions on the best way to handle this. We just
put a DSL line for inet backup and I'd like to have it automagically
failover.

We are running OpenBSD 3.9 -stable on a box with four interfaces. Currently
we have one interface connected to our private network and one interface
connected to our router.

I could connect the DSL router and the t-1 router directly to my firewall on
two seperate interfaces and maintain two seperate pf.conf files and manually
change the active interface.
this isn't what I want to do but I know it will work.

What are my other options? I'd like to have it automatically fail over but
I'm not sure what is required to do that.

Thanks,

John

problems booting off wrong drive

[John Brahy]

I've got two drives in a OpenBSD 3.9 amd64 server. one that used to be the
root drive in an old 3.8 system and a new drive that I've installed a fresh
copy of OpenBSD 3.9.

I want to boot up on just one of the drives but for some reason when I put
the second drive in the server it tries to take over the root drive. I've
tried switching the SATA cables between them and changing the boot option
for boot hd0a:/bsd and hd1a:/bsd and I get the same errors.

I attempted to find a way to make the secondary drive not bootable by
booting up on my Official OpenBSD 3.9 CD and running a shell and then
fdisking it, but I didn't find anywhere I could turn the bootable flag off.

Any suggestions on what I can do?

Thanks,

John

Re: problems booting off wrong drive

[John Brahy]

WOOHOO I figured it out. It was my root device.

http://www.openbsd.org/faq/faq8.html#Bootloader

boot -a allowed me to chose a different root device. I didn't realize that
was going on but after booting several times I realized there was a line
that said root_device wd1a

thanks to the FAQ maintainer!



On 6/2/06, John Brahy [EMAIL PROTECTED] wrote:

 I've got two drives in a OpenBSD 3.9 amd64 server. one that used to be the
 root drive in an old 3.8 system and a new drive that I've installed a
 fresh copy of OpenBSD 3.9.

 I want to boot up on just one of the drives but for some reason when I put
 the second drive in the server it tries to take over the root drive. I've
 tried switching the SATA cables between them and changing the boot option
 for boot hd0a:/bsd and hd1a:/bsd and I get the same errors.

 I attempted to find a way to make the secondary drive not bootable by
 booting up on my Official OpenBSD 3.9 CD and running a shell and then
 fdisking it, but I didn't find anywhere I could turn the bootable flag off.

 Any suggestions on what I can do?

 Thanks,

 John

Re: one drive in a raid 0 failed, can I save any data?

[John Brahy]

It turned out that I actually configured it as a raid 1 so I have a mirrored
disk. I appreciate everyone's help and now I have options if I'm ever in the
situation that I thought I was in. The best advice that I got was from
Samuri Chef telling me to check out this software:

http://www.data-recovery-software.net

it turned out to be able to read ffs which was very nice. But when I went to
use it, I found out that I had a raid 1. I remember having two 80 GB drives
and my disk size was 160GB so I assumed that my raid was level zero. But it
turned out that I never used the 80 GB drives and I actually had two 160GB
drives.

So, I made a big mistake and I'm definitely feeling much better now. Thank
you to everyone for all your help and sorry for wasting your time.


John

one drive in a raid 0 failed, can I save any data?

[John Brahy]

For a couple weeks I was running without backups and one of the drives died.
Is there a way to recover any of the data from the drives?

Re: no data channel with pf/ftp-proxy on 3.9

[John Brahy]

ok, I just modified my configuration to be the same as the example pf.conf
I have ftp-proxy going and I've even tried setting -r but that still doesn't
do it.

Here is my pf.conf

# macros
externalInterface=sis0
internalInterface=fxp0

tcp_services={ 22, 113 }
icmp_types=echoreq

webServer=10.1.1.191

# options
set block-policy return
set loginterface $externalInterface

set skip on lo

# scrub
scrub in

# nat/rdr
nat on $externalInterface from !($externalInterface) -
($externalInterface:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*

rdr pass on $internalInterface proto tcp to port ftp - 127.0.0.1 port 8021
rdr on $externalInterface proto tcp from any to any port 80 - $webServer

# filter rules
block in

pass out keep state

anchor ftp-proxy/*
antispoof quick for { lo $internalInterface }

pass in on $externalInterface inet proto tcp from any to
($externalInterface) port $tcp_services flags S/SA keep state

pass in on $externalInterface inet proto tcp from any to $webServer port 80
flags S/SA synproxy state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass quick on $internalInterface

no data channel with pf/ftp-proxy on 3.9

[John Brahy]

on a fresh install of OpenBSD 3.9
from reading http://www.openbsd.org/faq/pf/ftp.html
edited my pf.conf and added these lines:
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr on $internalInterface proto tcp from any to any port 21 -
127.0.0.1port 8021
anchor ftp-proxy/*

I also uncommented ftp-proxy=NO in /etc/rc.conf
ftpproxy_flags=


debugged connection with ftp-proxy -d -D7 and saw that it gets to the data
portion showing the entire login sequence and stopping at LIST and my ftp
client shows this:

Command:LIST
Response:425 Can't open data connection.
Error:Could not retrieve directory listing

I use sftp whereever I can but some of my clients don't so I have to have
ftp available to my developers, but they can't get to certain ftp servers.

Is there something obvious that I am leaving out?

Here is my paired down pf.conf. I'm just trying to get things working again.

internalInterface=fxp0
externalInterface=sis0

nat-anchor ftp-proxy/*
nat on $externalInterface from $internalInterface:network to any -
($externalInterface)

rdr-anchor ftp-proxy/*
rdr on $internalInterface proto tcp from any to any port 21 -
127.0.0.1port 8021

anchor ftp-proxy/*
pass in log on $externalInterface inet proto tcp from any to
$externalInterface user proxy keep state

out of filehandles/ too many users/ mysql and apache problem

[John Brahy]

How do I increase my available filehandles? I tried sysctl
kern.maxfiles=32768 but it doesn't seem to help.

The reason that i think I need to increase my filehandles is because I'm
averaging about 1200 simutaneos users on a website that I'm hosting and the
mysql database keeps crashing with  (errno: 9) saying it can't find files
that I know are there. As soon as I do a pkill -HUP httpd and a
mysql.serverrestart everything works for a bit more until we get
another traffic surge.
fstat | wc -l usually returns about 6000 lines.

Am I crazy?

no content when sending mail to a program via .forward

[John Brahy]

I'm writing a program that will take email based searches, .forward seems
like the simplest way to accomplish this.
The problem that I am having is that I don't know how to access the content
of the email. I tried argv and env but neither gave me a clue on how to
access the actual message. I know there has to be a way to do this since
this is the way procmail works. Can anyone give me an idea of where do look
for the message data?

the variables I found were:

CLIENT_ADDRESS=
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
SHELL=/bin/ksh
USER=search
HOME=/home/search
[EMAIL PROTECTED]
MAIL_CONFIG=/etc/postfix
CLIENT_PROTOCOL=ESMTP
CLIENT_HELO=domain.com
DOMAIN=domain.com
LOCAL=search
[EMAIL PROTECTED]
LOGNAME=search

Re: no content when sending mail to a program via .forward

[John Brahy]

yeah, that was it. I should have thought of that. Too many beers and jager
shots last night at a punk rock show.



On 4/28/06, Darrin Chandler [EMAIL PROTECTED] wrote:

 Last time I messed with that I think everything was on stdin...

 --
 Darrin Chandler|  Phoenix BSD Users Group
 [EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
 http://www.stilyagin.com/  |

Where can I buy Accoom Networks Artery WAN card?

[John Brahy]

ok, since an OpenBSD developer wrote the driver for the Accoom Networks
Artery WAN card, I'm going to use that over the other two but I can't find
anywhere to purchase it. The www.accoom.net site only has a pdf of it that
doen't have any contact information. Does anyone know where I can purchase
one? Preferably a dual t-1 card.

Thanks,

John

Best WAN Adaper?

[John Brahy]

On http://www.openbsd.org/i386.html#hardware it lists three WAN Adapters,
does anyone have any suggestions on one over the other?


   - Accoom Networks Artery T1/E1 WAN interfaces
(arthttp://www.openbsd.org/cgi-bin/man.cgi?query=artarch=i386sektion=4)
   (G)
   - SBE (formerly Lan Media Corporation) SSI (T1)/HSSI/DS1/DS3 WAN
   interfaces
(lmchttp://www.openbsd.org/cgi-bin/man.cgi?query=lmcarch=i386sektion=4)
   (G)
   - Sangoma Technologies AFT T1/E1 WAN interfaces
(sanhttp://www.openbsd.org/cgi-bin/man.cgi?query=sanarch=i386sektion=4)
   (G)

Thanks,

John

Is there a OpenBSD friendly hardware vendor out there?

[John Brahy]

I have always purchased dell servers but I got screwed by adaptec. 
   
  Does HP, IBM, or anyone else provide a 1u rack mount server with hardware 
raid that is fully supported by OpenBSD? Or do I have to go to each vendor and 
get them to tell me the chipset for each part?
   
  Thanks,
   
  John

Re: perl interface to pf?

[John Brahy]

You're totally correct and I replied to him and apologized.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Greg Thomas
Sent: Tuesday, November 01, 2005 1:09 PM
To: OpenBSD-Misc
Subject: Re: perl interface to pf?

On 11/1/05, John Brahy [EMAIL PROTECTED] wrote:

  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 Of
 Diana Eichert
  Sent: Tuesday, November 01, 2005 9:47 AM
  To: misc@openbsd.org
  Subject: Re: perl interface to pf?
 
  On Tue, 1 Nov 2005, Bob Beck wrote:
 
   * Marco Peereboom [EMAIL PROTECTED] [2005-11-01 10:11]:
This is the weirdest thing I have heard all week.
   
On Tue, Nov 01, 2005 at 08:36:59AM -0800, John N. Brahy wrote:
 Is there a perl interface to pf?
   
   8
   #!/usr/bin/perl
  
   if ((not 0  not 1) != (!0  !1)) {
   print No, just exec pfctl from within perl.\n;
   print But feed it carefully, and know how perl works.\n;
   } else {
   print Of course, that's a great idea! everyone groks perl!\n;
   }
 
  But, I need it in Ruby said the Whiney User.

 I can't believe all the stupid responses I received due to this email.


They were much smarter and better informed than your reply to Bob Ababurko.

Greg

Re: perl script for postfix logs to create spamd tables

[John Brahy]

 Does anyone have a script that parses postfix logs and adds servers to 
 the spamd tables?

I do use and love spamd, but what I want to accomplish is to add servers
that are attempting dictionary attacks and such into the spamd tables. 

Someone else emailed me directly and mentioned adding servers that I send
outgoing emails to, to a whitelist which I like also. 




-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Chad M Stewart
Sent: Monday, October 31, 2005 2:56 PM
To: John N. Brahy
Cc: misc@openbsd.org
Subject: Re: perl script for postfix logs to create spamd tables

Why would you want to do that?  Put spamd in front of postfix and sit  
back and watch the spammers waste their time.  Sure the first few  
hours can be trying as legitimate mail trickles through.  Before I  
deployed spamd for the first time I lowered the passtime and tested.   
Once I was satisfied that things would work as they should I put  
spamd in production.  When I started getting my misc@ messages again  
I knew things were working. :)

Today I got my first indication that another site is having  
problems.  A credit card company told me when I logged into their  
website that my email address was no longer valid and to please  
update.  The funny thing is that some messages from them do make it  
to me.  I look at it this way, the problem is on their end.  spamd  
simply enforces the RFCs and after all following the RFCs is a good  
thing.  I remember the mid 90s when there were so many totally  
ignorant SMTP servers out there.  Perhaps there are still some, but  
overall things appear to be much better now.  If the sending site  
can't be bothered to run a mail system that honors a simple and basic  
component of the RFCs then they don't take email seriously.

With my old bank I had to tell them to fix their sending gateways,  
they did and I started getting messages again.  I sent their zone  
contact the relevant part of the RFCs.


-Chad

Re: OpenBSD 3.8 song

[John Brahy]

I totally love the idea but it's not a song. The skit was great but I was
really hoping to blast some music everything I got a error from my raid
array because of this problem. It should be a good punk rock song! How about


God Save the RAID?

God save the RAID her fascist regime
Share the documentation, so we can fix our bugs!

God save the RAID she ain't no human being
There is no future in Adaptec's scheming

We want redundancy that's what we need!
There's no future no future no future for you

God save the RAID we mean it man (God save OpenBSD)
We love our RAID God saves (God save... human beings)

God save the RAID cos servers are money
And we don't want to buy new cards for them
Oh God save redundancy God save your auto repairs!
Oh lord God have mercy all crimes are paid

When there's no future how can there be sin
We're the db handles in the dustbin
We're the errors in your application
We're the future your future

God save the RAID we mean it man
There is no future in Adaptec's scheming

No future for you no future for me
No future no future for you


 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Theo de Raadt
Sent: Tuesday, September 27, 2005 9:25 AM
To: [EMAIL PROTECTED]
Subject: OpenBSD 3.8 song

The OpenBSD 3.8 song is now available, at

http://www.openbsd.org/lyrics.html#38

Many wonderful new things have made it into OpenBSD 3.8, but we wanted
to focus on one particular thing -- our support for native
free-software RAID management on at least one brand of RAID card,
those made by AMI.

The song is entitled Hackers of the Lost RAID.  I hope people
enjoy it.  Both ogg and mp3 versions are available.

But please also look at what is up and coming in 3.8

http://www.openbsd.org/38.html

(As always, the song is released a little bit after pre-orders go up,
to encourage a few more people to order our CDs or tshirts, or donate
to the project.  It is this small bit of revenue that keeps our
project active at doing these things.  And... the hackathon hotel is
already pre-booked for next year :)

Re: Dell PowerEdge 2650

[John Brahy]

I've got two poweredge 2650's w/ PERC 3/di raid cards and I've tried OpenBSD
3.7, 3.6 and 3.5. I've found that the aac in 3.7 is completely unstable, the
aac in 3.6 would have problems after an hour or so of heavy use. BUT, 3.5
seems to be stable but now I'm stuck on a version of an os that is about to
become unsupported. 

I think the only long term solution is to change hardware. I have been
considering Sun's trade in offer. I haven't found it on Sun's site but it is
mentioned here (http://www.theinquirer.net/?article=26143) 
I have a friend that's a Sun dealer www.acsacs.com and they said they honor
it. I don't believe they sell online. Does anyone know if OpenBSD likes this
hardware? 

It's really Adaptec's fault. Those fuckers won't give up the source so the
OpenBSD developers can't provide a good driver for their hardware. My
company will not purchase any more servers from Dell as long as they
continue to use Adaptec cards. 






-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jan Johansson
Sent: Tuesday, September 20, 2005 8:14 AM
To: Ryan Rothert
Cc: misc@openbsd.org
Subject: Re: Dell PowerEdge 2650

Ryan Rothert [EMAIL PROTECTED] wrote:
 3.6 will install on it. I believe the aac driver still exists
 but is disabled by default. You could install 3.6, recompile
 the kernel with aac support enabled then upgrade.

This is a bad advice.

The aac driver was disabled because it was broken and could not
be fixed because there was no documentation.

Using aac is like playing Russian Roulette with your data.

Re: MaxDB on 3.6? or just ndb_mgm[d ]?

[John Brahy]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Spruell, Darren-Perot
 Sent: Tuesday, August 30, 2005 1:11 PM
 To: misc@openbsd.org
 Subject: Re: MaxDB on 3.6? or just ndb_mgm[d ]?
 
 From: John N. Brahy [mailto:[EMAIL PROTECTED]
  I'm trying to build a OpenBSD mysql cluster and I haven't been able to 
  fully compile the mysql build tools that are required to compile the 
  MaxDB so I can get ndb_mgmd and ndb_mgm. Does anyone have a patch to 
  make it work or a package with those two binaries?
 
 John, the mysql cluster stuff is part of the stock mysql-4.1 source
distribution nowadays. At a previous company we used it with 4.1.7 and
higher. You shouldn't need to worry about MaxDB if you are after the cluster
stuff (don't know if you might need it for other reasons, but...)
 
 To my knowledge you should just be able to compile mysql-4.1 with cluster
it like any other app - there should be a configure switch that controls it.
 
 DS

Just for the archives I have three servers, one 3.5 and two 3.6 servers. I
tried to upgrade but 3.7 doesn't work with Dell PERC 3/Di raid arrays so I'm
stuck with older versions right now. 

I tried all the available binary versions of mysql and there were different
problems with each and the one for 3.5 was a beta version anyway. 
But, thanks to OpenBSD's linux emulation I was able to install the
/usr/ports/emul/redhat emulation port and then download statically linked
versions of linux mysql 4.1.14 max now everything is working fine.