Re: respawn-like behaviour ?
On 07/16/13 21:45, éÌØÑ ûÉÐÉÃÉÎ wrote: Hello! I used to run crashy daemons under respawn inittab capability on Linux. Is there similar thing on OpenBSD ? Cheers, Ilya Shipitsin In addition to Theo's extremely valid point, might not a better question be, I used to run this crashy daemon on Linux to accomplish task _. What does a similar task, but works better on OpenBSD? Running crappy code on a good OS is still running crappy code. Nick.
Re: cvs -z compression to reduce network traffic
On 07/16/13 22:25, Amit Kulkarni wrote: Hi, Are the various cvs mirrors allowing compression? I tried with cvs -z 5. I currently sync from anoncvs3.usa and I think it doesn't, atleast the option of tcpdump -A didn't show me any decompression activity, just ssh packets being sent. top also didn't show any unzip or tar in the -I option If any mirror admin allows compression, please let me/us know. If they are willing to publicize the allowed compression level, please put in the list of cvs mirrors page! Syncing to src, ports, xenocara wastes many MB per month per person...and any help would be appreciated to cut down network traffic. I would be willing to be test this if it is not enabled currently, and a cvs server admin would like to enable it and check the load. thanks in advance how about doing your compression at the SSH transport level, rather than the cvs level? something like a .ssh/config: host MyFavMirror.com Compression yes Be forewarned, I've seen /some/ systems do a horrible slow-down with compression, but since your concern is bandwidth, probably not your issue. Nick.
Re: crypto softraid usb stick and the docs
On 07/13/13 12:34, frantisek holop wrote: hi there, i have decided to create an encrypted usb stick that would be the rsynced backup of my $HOME. i started by reading softraid(4). and its only example looks scary -- it destroys all data on sd0, my main drive for years :] i know, it is only an _example_ and should never be copied verbatim, but perhaps it also doesnt have to be something so in-my-face desctructive just becuse it is an example, especially when i am trying to do something totally new and potentionally very destructive... it was not clear to me right from the beginning that the raid volume to be created will be just another sd* drive (some other systems have special devices), explaining that was left enterily to the example, and me having only sd* drives (hard drives, memory cards, usb sticks) it is not a very useful one for me... Hopefully that was a little more clear in the FAQ. i also had a look at the FAQ: 14.21.5 - Softraid Crypto and there is this paragraph that does not seem to work: Once this is set up, you can then unlock the crypto volume when desired with: # bioctl -c C -l /dev/sd1m Passphrase: My Crypto Pass Phrase softraid0: CRYPTO volume attached as sd1 You can then mount the encrypted volume's partitions using mount as usual. whoops. yep, that should be bioctl -c C -l /dev/sd1m softraid0. fixed. i am not sure what unlock means. but the command does not work, bioctl(4) always takes a device parameter according to the man page. but so far so good. the stick appears to be under bioctl's care and i could mount it. i will still have to experiment with hotplug and friends, and what exactly does softraid0: roaming device sd2a - sd1a mean, as sd2 is the sd card reader showing up as a usb device... Roaming means the device isn't where it was previously. USB devices are very prone to this, as they are often plugged in post-boot in varying orders, and that will very often result if a device was hot-plugged last boot and plugged in at boot this time. In the case of USB devices, it is probably a non-event, but if you have physical SCSI-like devices hard-attached to your system, you probably have had an event, like a drive failure or removal. Softraid adjusts quite well, but YOU may wish to think about if there is a larger issue or not. Nick.
Re: Wake via serial port?
On 07/12/2013 09:45 AM, Craig R. Skinner wrote: I've a box that won't self start after a power failure. The BIOS docs shows: Remote Ring On This allows you to wake up the system from a serial port modem. How could this be done from another OpenBSD box connected via a serial cross over cable + cu/tip/etc? The serial link is operational I get the console on the non-self-starting box after I manually press the power button. Thoughts? not going to give you a do this and all will work, but I'll tell you how to figure it out. 1) verify that this feature really works on this machine... a) Get a nine volt battery and a battery clip ending in two wires. b) Connect the battery between the Ring Indicator (RI) pin and the ground pin. c) If it doesn't turn on, swap the red and black wires, and try again. d) If it still doesn't work, it's a left over feature in the bios, your hardware doesn't actually support this. 2) Find a line you can control on the terminal machine. man 4 tty, man 4 termios appear to be useful. a) Get/build an RS232 monitoring plug, and figure out what RS232 handshake line you can control (std two-pin, red/green LEDs and 1K resistors do just fine here) b) the pin you can control should default to the right polarity for what you wish to accomplish. 3) Make it work Build a custom cable which connects the line you can control to the ring detect line. Note that standard null modem cables don't generally pass the RI pin, so you will be building one. Maybe easier: just strap the RI pin to a level that causes the machine to light up on its own. An old cell phone charger or other wall wart may be usable to do this. A stupidly simple trick to make a box auto-start after a power failure, and I think I can credit Henning@ with suggesting it to me, is to put a capacitor across the power button lines. On power-up, the capacitor is discharged, so passes current, acting like someone was pushing the power button. It quickly charges up, and now it acts as if someone released the button. IIRC, 100uF worked pretty well on one machine I did this with, your results will vary. Make sure you get the cap polarity right, or it won't last very long!! I found it good to put a bleeder resistor across the cap/switch combo, too, as otherwise the power had to be off too long to auto-start when it came back up (the capacitor was still charged!), you will have to experiment with this. The bleeder resistor should be as low in resistance as doesn't cause the machine to think the button is pushed, maybe try 1k, 10k, 100k, 1M values. Nick.
Re: Wake via serial port?
On 07/12/13 20:05, patrick keshishian wrote: On Fri, Jul 12, 2013 at 4:39 PM, Diana Eichert deich...@wrench.com wrote: Thomas What you are asking only makes sense, unfortunately Craig appears to be like a lot of malling list subscribers. They are takers not givers. Nick already explained and outlined all the necessary steps. Did he not? --patrick yeah, but people usually nod off after the second or third sentence. :) Nick. (Curing Insomnia since 1983)
Re: IDE disk erasing/zeroing at ~2.4MB/s
On 07/12/13 19:11, Alexander Hall wrote: On 07/12/13 23:50, Nathan Goings wrote: ... However, when I run `dd if=/dev/zero of=/dev/wd0c bs=1M' After 3-4 use the raw device, /dev/rwd0c, not the block device. I have found close to no speed improvements with bs 64k. A few years ago, after someone said basically the same thing (actually, I think it was more emphatic -- as in, it is impossible to see gains beyond ...), I played with it and saw significant gains well beyond bs=64k for raw devices. I'd be surprised if individual experience didn't vary, though. Personally, I like bs=1m for another reason, though. pkill -INFO dd produces very readable output. hours, it's only running at ~2.4MB/s. CPU usage is about 30%. First, shouldn't SATA drives be sd0? (Looked in BIOS, can't find any SATA-to-IDE options enabled) Second, what can I do to speed it up? or troubleshoot it at least? well, maybe they SHOULD be (philosophically), but they WILL be whatever your controller hardware supports. If your controller is ahci(4) compliant, it will be sd(4) devices, if it isn't, it ends up being pciide(4) and wd(4). Nick.
Re: new topic: blind support for OpenBSD.
Keeping in mind that that those of us who have not had the opportunity to work with computer tools used by the blind or visually challenged know very little about them, so naming names of products by themselves doesn't help us understand the process well...what would the ideal solution look like to you? Modern hardware seems to be a problem here, too... I don't think we can do anything about that. I don't think OpenBSD is going to give up the One Floppy Install any time soon, nor do I think we will cram a text-to-speech reader into a floppy (or even a bsd.rd), so I'm doubting a pure OpenBSD solution will be coming soon, but it might be possible to have an independent OpenBSD installer, perhaps a live USB media, which might provide clues and assistance for an install for OpenBSD and initial package install. Ideally, this would be in a moderately release-independent form, so it wouldn't have to be updated for each snapshot. On the other hand, an option to simply beep or chirp at the login prompt when the system is ready for you might be helpful, too, and might be able to be added to the base system (though off by default!) Feel free to take this off list with me if you prefer. Nick. On 07/06/13 23:54, eric oyen wrote: I have tried windows XP with NVDA on that laptop. I have also tried Vinux on there as well. Windows did to me the same thing that OpenBSD does. I had to have someone else install it (ugh!). Vinux was a bit better as it allowed me to install using orca speech on a live dvd. The problem is that I want something a bit more secure and a lot more powerful (hello! OpenBSD) Windows is not useful for me and Vinux has some package and support issues going on right now. so, I want something that is secure (OpenBSD), stable (OpenBSD again) and perfect for the blind user (with the addition of speech/braille of course). With the exception of the last, OpenBSD would be perfect for me. Its stable, doesn't require a fancy graphical interface to run and has plenty of available ports that work. what more could a blind power computer user want? -eric Have you tried other OS besides openbsd where everything worked during install? If so, you can point that out to Alexander Hall who is one of those who commit to the installer. On Sat, 6 Jul 2013 19:43:07 -0700 eric oyen eric.o...@gmail.com wrote: what hardware? my laptop machine. also, its new enough that the only serial it has is USB (which, as far as I know, doesn't support sserial redirection). I also have a desktop machine and its new enough not to have any classic serial ports either. so, no redirection there either. and since there is no way for me to actually tell when it boots, getting to a login prompt and then redirecting the screen output is not entirely possible without someone sitting right there to tell me whats going on. This isn't anything like the old sparc pizza boxes where you could do this at the outset and actually have it work the first time. anyway, thats the rub for me. I like the OS, but this is the show stopper for me. -eric On Jul 6, 2013, at 5:49 PM, Alexander Hall wrote: Letting the installer redirect the console to com0 does not cut it? What hardware are we talking about? /Alexander -- Amit Kulkarni amitk...@gmail.com
Re: softraid: adding volumes, CPU requirements, RAID5
On 07/04/13 09:46, Boris Goldberg wrote: Hello guys, ... If the softraid is so raw yet, why the old good RAIDFrame was removed starting the 5.2? It works just fine for me. Big volumes rebuilds take a long while, but it's something working. That's quite a leap from RAID 5 is not ready for use to softraid is so raw. RAID5 is one discipline of several that isn't complete. RAID0 is ready for use, RAID1 is ready for use, crypto is ready for use. It is also quite a leap to call old RAIDframe good. It was horribly old, unmaintained code, which wasn't well loved by developers when it was fresh and current. Your assumptions are wrong. Nick.
Re: OpenBSD Doesn't Support 64-Bit Intel
On 07/03/2013 01:15 PM, Chris Cappuccio wrote: Nick Holland [n...@holland-consulting.net] wrote: On 07/02/2013 11:44 AM, noah pugsley wrote: More wrong? Maybe so. My point was that both are and either way it's inconsistent. not anymore. new text, as of last night: Processors All CPUs compatible with the Intel 80486 or better, with Intel-compatible hardware floating point support should work. Is there floating-point hardware for 486 or higher that isn't Intel-compatible? This text seems superfluous. an unlikely combination, but a 486sx with a Weitek 4167 would qualify. Plus... I would not be surprised if some day, someone (probably Chinese/Taiwanese/Indian) did an embedded x86 compatible-ish chip optimized for low price and power consumption without any FPU. Whether this could run any modern off-the-shelf OS as-is, no idea..but someone will post on misc@ will it will run OpenBSD? within thirty minutes of the very first press release. Nick.
Re: OpenBSD Doesn't Support 64-Bit Intel
On 07/02/2013 11:44 AM, noah pugsley wrote: More wrong? Maybe so. My point was that both are and either way it's inconsistent. not anymore. new text, as of last night: Processors All CPUs compatible with the Intel 80486 or better, with Intel-compatible hardware floating point support should work. Nick.
Re: softraid: adding volumes, CPU requirements, RAID5
On 07/02/13 17:07, Jean-Francois Simon wrote: Le 20/05/2013 13:46, Nick Holland a écrit : On 05/20/13 00:52, Hugo Osvaldo Barrera wrote: ... 3) The man pages report RAID5 as experimental. I'm curious, why is this so? Is it just not-very-thoroughly tested, or is there some missing feature? I read on a 2010 presentation that rebuild was not implemented yet, is this still so? That's really a question you will need to find out though experimentation before you implement (i.e., you MUST practice this recovery stuff before going into production), but yes, RAID5 rebuild is still not there, so I would NOT recommend going this route. However, a nice little RAID1 system to start, hopefully leaving you two SATA ports for the next generation/upgrade disks. Nick. RAID5 rebuild is still not there Can you please make it more clear what actual state of soft raid can and what it cannot do under RAID 5 ... I'm not so sure to get it, thank you. J.-F. RAID5 rebuild is still not there - there's no RAID5 rebuild. I'm not sure how to make it more clear... Ok, let's try this... Today, you take four 1TB disks, and make a 3TB RAID5 volume. You can do that. Works great. Now, a lot of people might call this Job Done. Not me. The point of RAID isn't to build complicated systems, but to have the system keep your butt out of the fire when things go wrong. Next month, one of those drive fail. That's ok, RAID5 is designed to keep your data usable with one drive down. THAT is the point of RAID. You pat yourself on the back and say, I'm glad I am using RAID5. You replace the failed drive and... ... um... now what? You have a three drive degraded RAID5 system with no remaining redundancy...and a new drive that is currently unused. You have no ability to rebuild the function of the failed drive into the new drive...because the RAID5 rebuild is not there. Oh, poo. Your options? Well, * you can build a NEW array on other disks (hope you have enough ports to plug them into), copy the data from the old one to the new one * you can hope your backup system is perfect, and rebuild the entire array and reload from backup * you can hope a second drive doesn't fail in your array... for the life of the system. Not much else I can think of. If you want to play with softraid and raid5, hey, have a blast. You want to put critical data on it? I'd not suggest that. A job ago, I had some relatively large chunks of data to hash through to find some needles of data in and no disks handy that could do it in one chunk...but I had some big disk array boxes, and a lot of smallish SCSI disks I could stick in them (and the office space was really cold, so a bit of heat under my desk was not unappreciated). I think I did them as softraid RAID0, but I could have done it as RAID5 with this system -- the data is there just for analysis, not storage. RAID5 might give me a few minutes to pull data off that I realized was important only after the drive failed, but otherwise the loss of data on this array would not have been catastrophic at all. Now, anyone who drops important data on any kind of RAID system without figuring out how to deal with disk (and controller) failures deserves what they get. So if I was a nice guy, I'd have said Go try it out on some spare hardware and unimportant data and answer your own question, but being the evil bastard that I am, I'm denying you a very important learning experience. Nick.
Re: OpenBSD Doesn't Support 64-Bit Intel
On 07/01/2013 09:27 AM, noah pugsley wrote: ... At first I thought this was a wonderful troll. Guy's got a point though. Look at the i386 page. http://www.openbsd.org/i386.html: Supported hardware: The list of supported hardware is relevant to OpenBSD-current. It will differ slightly from the support provided in the latest release version. Processors All CPU chips compatible with the Intel 80386 (i386) architecture, except for the 80386 itself, are supported: 80486 (DX/DX2/DX4) ...[snip painful, incomplete list]... Transmeta TM3200, TM5400, TM5600, TM5800 Regular floating-point coprocessors (80487SX) are required when not built into the processor. really, I think that's more wrong. Trying to itemize the list when various manufacturers are constantly cranking out new and reusing old names is misleading in the other direction. I think it could be reduced to just: Everything that is a clone of the 486 or up should work fine. maybe adding a blurb about how a standard hardware FPU is required, as someone out there might still have some 486SX systems laying around. This is easier than amd64... just about everything works, and if it doesn't, it is not likely a processor issue. amd64...well, some of the Intel chips, you just need (or it is easier) to test to find out if you got the right bit of magic. Nick.
Re: www.openbsd.org down?
On 06/25/13 07:12, Killman BOFH wrote: Apparently a problem with DNS A record www.openbsd.org is down but openbsd.org is up! congrats, you just rediscovered that those are two different machines. Nick.
Re: Non-intel desktop/laptop
On 06/24/13 16:33, Laurence Rochfort wrote: Hi all, I'm looking for advice on what the best bet for well supported non-intel hardware would be. AMD. Doesn't have to be lightning fast, but being able to run a modern browser at reasonable rate is a must. i.e., must be lighting fast. What general user app needs more processing power these days than your modern web browser? My initial thoughts were either a Mac PowerBook G5 or Sun Ultra 25/45. I really like the HP C series workstations, but it seems support is a bit lacking. I'm not sure what your goal is; your only named goals are well supported and fast by modern terms and non-intel That's AMD. Everything else is basically specialty stuff. Low power consumption, good remote management, cool old hardware I love, whatever. Hey, I love oddball hw more than most people, but be realistic... multi-year old tech is multi-year old slow. Apple hasn't built a G5 in many years (2006). Sun kept (started?) building the U25/U45 long after they were being whooped in performance by very cheap consumer stuff, and the power consumption and noise levels on some of this stuff is stunning. Nick.
Re: max RAM
I had a chance to briefly play with a monster amd64 system. 511GB worked, 520GB didn't. Machine had 1.5TB RAM in it and took over five minutes to initialize memory, before even starting the POST, so that's as far as I got. It is entirely possible that this was HW dependent. Nick. On 06/15/13 14:10, Tony Berth wrote: on a amd64 server. I don't know if the 4GB limit is still in place. Thanks Tony On Sat, Jun 15, 2013 at 8:07 PM, Zé Loff zel...@zeloff.org wrote: On your Zaurus or on your old mac or on your 386 or on your amd64 server or on your VAX or on your sparc64 or...? On 15/06/2013, at 18:37, Tony Berth tonybe...@googlemail.com wrote: Dear group, what is the max RAM the current release can support? Thanks Tony
Re: Compiler error building 5.3
On 06/07/13 03:58, John Tate wrote: Just curious would have going into /usr/src/gnu/usr.bin/binutils and doing make and make install have made it possible to build 5.3 on 5.2? Read http://www.openbsd.org/faq/faq5.html again, starting at the very top. Nick.
Re: Header files for C/C++ development [SOLVED]
On 06/03/13 03:39, eatg75 wrote: Thank you guys for time and attention, I have just tried the solution @Tito presented and It works! Again thank you all. eatg75 This is one of many reasons we recommend new users just install the entire system, not pick and chose the things they think they will need. Nick.
Re: softraid: adding volumes, CPU requirements, RAID5
On 05/20/13 00:52, Hugo Osvaldo Barrera wrote: Hi, I'm building myself an openbsd-based fileserver, which will initially have three disks with softraid in RAID5 mode. I've three questions regarding softraid: 1) I intend on using a single-core 1.8Ghz Atom processor I have lying around. Would that limit my performance too much? I'll be using this fileserver mostly for media (movies/series/music) and some ocassional backups. Can anyone share what CPU they've used and their experience? (I'm clarifying my intended usage for the fileserver since I think it's quite relevant to say if the CPU is or isn't enough). Wrong question, I think. More than processor is memory (caching) and disk interface (ahci rocks), network interface, etc. 2) How do I add additional volumes to an already created softraid volume? I intend on adding additional disks as necessary. Is it possible? Not in the way you are likely thinking. Besides, your Atom board probably has a rather finite amount of expandability. 3) The man pages report RAID5 as experimental. I'm curious, why is this so? Is it just not-very-thoroughly tested, or is there some missing feature? I read on a 2010 presentation that rebuild was not implemented yet, is this still so? That's really a question you will need to find out though experimentation before you implement (i.e., you MUST practice this recovery stuff before going into production), but yes, RAID5 rebuild is still not there, so I would NOT recommend going this route. However, a nice little RAID1 system to start, hopefully leaving you two SATA ports for the next generation/upgrade disks. Nick.
Re: remote management
On 05/13/2013 03:24 PM, Tony Berth wrote: Dear Group, I would like to know what kind of environment you use for remote management of one or more openbsd servers. Which KVM over IP solution would you recomend. Oh, I remember those. Last IP KVM switch I used worked BETTER for OpenBSD than it did for Windows... Seriously. Windows desktop was a garbled mess, looked like a badly tuned TV set (for those that remember when you could and needed to tune TVs), but running OpenBSD with X, it Just Worked. Go figure. Getting the client software to run was another matter all together, as I recall, it was a horribly Windows/IE dependent. Really, though. If it's in a data center, usually I just use the remote access controller on most servers these days or a serial console. Just remember... if you got a big *** lock on the data center door (you should), make sure your remote console (however you do it) is comparably secure. Putting your remote access on the same network as all your users is similar to removing the locks on the data center door. Not changing the default RAC password and/or IDs is like putting a Welcome mat under the (unlocked) door of the data center. And ask yourself...why do you run OpenBSD? Maybe because of the security. What OS do you think is at the base of your IP KVM? Probably not OpenBSD. Strength of a chain is the weakest link and all that -- if someone can knock over your KVM, they own your box. Don't compromise your machine with a bad remote console. Nick.
Re: Why does OpenBSD use CVS?
On 04/29/13 00:00, Hugo Osvaldo Barrera wrote: On 2013-04-20 23:32, Nick Holland wrote: On 04/20/13 03:42, Alokat MacMoneysack wrote: Hi, first, I don't want to start a flame war about why is CVS better or not better than X - it's just a question. If you say, we use it because it just works - it's okay. :) Good, 'cause it does. :) So why does OpenBSD still uses CVS and don't migrate to SVN or something like git as other OSS projekts do? * it works * migrating - and not losing history is difficult. * migrating versioning systems is something you don't want to do every few weeks (or even every few years)...so you want to make sure it is really worth it if/when you do. SVN today? GIT next week? something else next year? Please, no. * Tolerable -- and in the case of opencvs, ideal -- license. * its glitches are hated, but known (the devil you know how to subdue, vs. the devil who beats the sh*t out of you) * relatively light weight -- runs fine on a 486, hp300, or on a modern, fast machine, fits nicely into existing distribution, easy to drop into a chroot. * Infrastructure exists. To change it all would require a really good reason. * it fits the OpenBSD development model. * Many of the features of alternatives are not desired in the OpenBSD development model. Out of curiosity; what are these features? Honestly, I haven't played much with the alternatives...but usually I hear about how wonderful the branching and merging is in these other products...but that is NOT something we wish to be doing (see the presentations on the OpenBSD development process in the papers section of the website). Our model is all development is done at HEAD, if something is committed, it is supposed to be better than what was there before (which in some cases, may be nothing, in which case, the bar is more it is in a state where at least the group can work on it). Without bothering to dig up references...I recall there have been people singing the praises of how the various CVS alternatives try to handle the management of development teams, and OpenBSD developers (most of whom have day jobs related to their work) commenting along the lines of doesn't work, still need real human leadership. I think a better question, considering the pain of conversion, is what features would give OpenBSD a clear gain by converting? Want to sell OpenBSD on an alternative? Find a product that was really crappy, switched development tools, and suddenly started rivaling OpenBSD for quality for no reason other than the switch of development tools. Nick.
Re: Why does OpenBSD use CVS?
On 04/20/13 03:42, Alokat MacMoneysack wrote: Hi, first, I don't want to start a flame war about why is CVS better or not better than X - it's just a question. If you say, we use it because it just works - it's okay. :) Good, 'cause it does. :) So why does OpenBSD still uses CVS and don't migrate to SVN or something like git as other OSS projekts do? * it works * migrating - and not losing history is difficult. * migrating versioning systems is something you don't want to do every few weeks (or even every few years)...so you want to make sure it is really worth it if/when you do. SVN today? GIT next week? something else next year? Please, no. * Tolerable -- and in the case of opencvs, ideal -- license. * its glitches are hated, but known (the devil you know how to subdue, vs. the devil who beats the sh*t out of you) * relatively light weight -- runs fine on a 486, hp300, or on a modern, fast machine, fits nicely into existing distribution, easy to drop into a chroot. * Infrastructure exists. To change it all would require a really good reason. * it fits the OpenBSD development model. * Many of the features of alternatives are not desired in the OpenBSD development model. Obviously, it is possible to build a quality-focused product of Operating System magnitude using CVS. I don't think one can quite say CVS is the REASON for OpenBSD's quality, but it obviously hasn't hurt. Nick.
Re: Important: following -current update!
On 04/16/13 06:13, Michał Markowski wrote: $ cd /usr/src/sys/arch/`uname -m`/config cd: no such file or directory: /usr/src/sys/arch/i386/config $ cd /usr/src/sys/arch/`uname -m`/conf $ --- /cvs/www/faq/current.html Tue Apr 16 11:54:22 2013 +++ /tmp/current.html Tue Apr 16 12:10:27 2013 @@ -597,7 +597,7 @@ ul liUpdate entire source tree using cvs liconfigure and build a new kernel: -blockquotepreb cd /usr/src/sys/arch/`uname -m`/config +blockquotepreb cd /usr/src/sys/arch/`uname -m`/conf config GENERIC # or GENERIC.MP or whatever config you use cd ../compile/GENERIC # or GENERIC.MP or ... make clean -- MichaÅ‚ Markowski yep, fixed, thanks! Nick.
Re:
On 04/13/13 07:52, Jan Stary wrote: Going over the X FAQ, I see 11.1.1 - How much computer do I need to run X? While How much computer is slightly amusing, was it meant to be how much computer power or something? Jan It was meant to be slightly amusing. :) It is definitely an or something situation. It certainly isn't a matter of simple computer power -- I'd be hard pressed to want to run X on a 400MHz PentiumII w/256M RAM now... Most graphical apps will take more processor or memory, and vastly better machines of the same platform are being tossed in trash cans every day. But on a 100MHz 192M SPARCstation20 (or even a 40MHz SPARCstation2), if you have the keyboard, mouse and display that work, I'd be hard-pressed NOT to want to run X on it, as these are graphical machines, they have a fantastic keyboard, a mouse that was DESIGNED for X, and clip along pretty well once X is running, and X configuration Just Works...even if just as a bunch of Xterms. Don't run firefox on it, though... Nick.
Re: FAQ - Disk Imaging
On 04/13/13 19:27, Kevin Chadwick wrote: 4.15 of the faq says Unfortunately, there are no known disk imaging packages which are FFS-aware. I haven't tested ... Get back with me when you have. I'll be happy to find out that statement is now wrong, but I've been doing this about 20 years too long to believe everything that's put out on a website. Note that OpenBSD, FreeBSD and NetBSD are not directly file system compatible anyway, as I recall...and also note that OpenBSD has two things you need to check -- ffs and ffs2, so yes, I'm quite skeptical that we have a just works with OpenBSD solution here. Hopefully I'm wrong. If it's true, this would be way-cool, but I'm not selling my air conditioners yet. Prove me wrong, I'll thank you. Nick.
Re: SDHC cards under OpenBSD.
On 04/05/2013 08:53 AM, Luis Suzuki wrote: I used dmesg to discover if my SDHC card is recognized but I see things like sdhc0 and sdmmc0 and no one works when I do : disklabel sdhc0 or disklabel sdmmc0.So,Is there a more common,usual device name for SDHC cards? Thanks. the device you want is the card itself, not the reader. It will show up as sdX, for example, sd1. SDHC cards work fine IF you have a supported reader. I use 8G and 16G in my cameras, and there's an 8G in my netbook as a kinda backup medium. However, I find readers that work with SDHC cards are not universal. The reader in my netbook Just Works (though it has to be in place at boot, otherwise the reader isn't powered), I unload my camera's cards with a SD-USB adapter. Nick.
Re: Announce: OpenSMTPD 5.3 released
On 03/23/13 15:12, Evan Root wrote: Gilles, How would you recommend a new unix admin learn OpenSMTPD? -Evan Same way you learn most things in this business... sit down and do it. In my case, I just recently had my local Internet provider start blocking outbound port 25 traffic, so all my internal machines couldn't get to my external mail server to send out their daily reports. There are a several of potential solutions to this...last time they did that, I did a little PF redirection magic on both my home firewall and my mail server. This time, though, I figured I'd set up an internal mail server and a little DNS magic to snag all the queued up mail (rather than reconfiguring 20 machine), and this would be a good time to learn OpenSMTPD (I know...lame of me to not have been doing anything with it before. Life has been..busy) (and yes, my personal designs are way more complicated than they should be...it gets it out of my system so I'm more inclined to go with really simple solutions for my employer... also, while simple systems have simple problems, complex systems and their complex problems are good training, if bad engineering) I already had an internal IMAP server, so figured that would be the logical place to put the SMTP server for daily reports. Started with the sample config file...and had things running rather quickly. Spent a little time testing it using telnet (hint: opensmtpd is picky -- you have to put around e-mail addresses, which is correct, and all real mail servers do it, but many internet guides to talking SMTP via telnet skip over that little detail, and many major mail servers will happily let you not put them in) (and yes, I do consider my ability to remember the details of an smtp session a measure of quality of life...if I don't have to look it up, my life sucks. It's been a couple years since I managed mail servers for a living, and I've managed to forget if it is rcpt to or rcpt from or whatever, so life is good). While reading the man pages I discovered, joy of joys, OpenSMTPd can drop mail directly into a maildir! So, just injected my log traffic directly into the already existing maildirs. Life is so good. So, I did my dns hocus-pocus, and a few minutes later, hundreds of backlogged messages and error messages, and error messages from the error messages were rolling into my inbox. OpenSMTPd's config file format just rocks. You really don't need a 500 page book to tell you how to use OpenSMTPd. Just read the man pages -- man 8 smtpd, man 5 smtpd.conf and look at the sample provided. You DO need to understand Internet E-mail...and there, the Bat Book is still a good guide, you can just skip the parts about configuring sendmail (that's most of the book). There aren't five million options to OpenSMTPD. That being said... There are two Internet services that you really should almost need a license to be allowed to run -- DNS and e-mail, as if you do it wrong, you can mess up OTHER people, not just yourself. If you think running e-mail is fun, you are probably doing it wrong. If you are good at it, you probably hate doing it. Wonderful as OpenSMTPD is, it probably only simplifies about 5% of the total of running a mail server...but that's still a nice feature. (if you don't understand what I mean...I'm responding to an e-mail that was originally sent Mar 23, and arrived in my inbox on April 1. Now, imagine the customer calling you up to find out why...and look at the headers and see that more than one thing seems to have gone wrong...and there are twenty other people on hold right now, each with different problems) Nick.
Re: Openbsd openrisc opencores arm
On 03/24/13 21:36, max.stalna...@gmail.com wrote: I do not know anything but I lurk here for most of the millennia or more. Openbsd arm seems to lack a frame buffer. you mean like the one on the Zaurus? If I try to ssh in thenci do not need a frame buffer? Openrisc has a MMU or three and boots Linux with TFPD? Booter. It does not presently have atomic operations. Is the lack of atomic operators currently represent a death blow to running openbsd on it? don't talk, write code. My interests revolve around how cheap android tablets can be and useful without a functional GPU and the nice feel you could have starting with a raw FPGA. Not that nice feel is easy to justify. Just thinking out loud with the hope these are sane questions. With respect to arm tablets I like allwinter but have read about the boot loader issue on all these arm tablets. And I do know that I cannot take any existing openbsd distribution and boot it on openrisc. And I do note that your preferred C compiler is going away from the openrisc tool chain. Just wondering to myself if it is worth thinking about more. You are wasting your time thinking about things. As Yoda would say, do or don't do. If your reaction is, well, I can't do, then please be assured, OpenBSD is not the corporate world, we don't need managers who claim to think, but can't do. The problem with ARM is there is no ARM reference platform. Every machine is significantly different than every other machine, technical details of how it is built are not published (why should they be? They aren't being sold as general purpose computers). By the time a machine is reverse engineered and the code written for it, it's obsolete and discontinued. Its replacement is significantly different hw, and a significantly different processor. We've seen this over and over, and if you have truly been following OpenBSD for as long as you say, you have seen it, too. I've got a Thecus sitting here. I paid more for it -- AFTER it was discontinued and on close-out -- than a three-core AMD64 board, proc, and memory was when new. My Thecus may be one of the last ones running, as they appear to have been low-quality stuff and drop like flies. Meanwhile, old P3 systems that are seemingly indestructible, much faster, and highly useful are free for the hauling. They use more power, but the pay-off is /never/ at my electrical rates (considering cost-of-money and relative life span of the Arm systems). I can't do anything really cool with it, because I can't easily replace it when it dies. I do not get the excitement over ARM. Sorry. Its design complete and total chaos at this point. Assume whatever OS you get on the thing is what you will live with, and you will be getting your updates from the vendor of the device (if you are lucky. How's this working out so far for you?). As the vendors are quite volatile at the moment, assume a very short useful life span for your hw, and assume ZERO reuse potential. I also do not understand the point of OpenBSD on a tablet. Ok, I've got OpenBSD running on this ... tablet. there's no touch screen, since that's undocumented. There's no keyboard, well, because there's no keyboard. There's no mouse, because there's no place to plug it in and the touch screen is undocumented. There's no real network port because it is supposed to be wireless. What do I do with it besides stare at the boot messages? I love dmesg porn as much as anyone, but... uhm. after a certain point, you memorize it and it stops being interesting. Nick.
Re: Base Packages
On 03/19/2013 12:00 PM, Steve Pribyl wrote: Is there a way to determine which base packages are installed during the initial install. Thanks Steve Pribyl if the machine boots, baseXX.tgz, etcXX.tgz, bsd* if man man works, manXX.tgz if gcc works, compXX.tgz if tetris works, gameXX.tgz if /usr/X11R6 exists, xbaseXX.tgz if X works (or at least tries) the rest of x* was installed. (that's all off the top of my head... errors possible. But then, as one could easily tar tzf ... and see files in each tar set, I'm not going to waste too much time on this) That's assuming a healthy install thought process. Nothing stops you from installing xshareXX.tgz without the rest of X, but it would be silly. Really, if you care about it, just (re)install everything. It will still be smaller than almost anything else. Nick.
Re: This is my first time to use OpenBSD
On 03/17/13 22:10, ¿àÄյıý×Ð wrote: Yesterday£¬I just install OpenBSD 5.2 in my little server. I found that OpenBSD 5.2 seem no support for TRIM, it's terrible to our ssd user. How can I run just like 'fstrim' in Linux in OpenBSD? How is this terrible? If you want things just like Linux, I'd suggest you run Linux. If you have a real problem, let us know...but things not like Linux is generally considered a Thank goodness moment around here. (hint: soft updates. See FAQ 14) Nick.
Re: renaming name of interfaces
On 03/14/2013 11:31 AM, Jiri B wrote: On Thu, Mar 14, 2013 at 12:17:50PM +0100, Peter N. M. Hansteen wrote: On Thu, Mar 14, 2013 at 07:12:08AM -0400, Jiri B wrote: just for curiosity, is it planned for future? I can't just now think about real usability... Me neither. For most use cases I can think of, interface groups (a feature we do have, see ifconfig(8) and possibly other references elsewhere) will give you what others have implemented interface renaming for. Situation: onboard network card is broken and was used in OS. You just plug additional network card, and disable the old one via `config' (is this right?). The policy in your setup is the order of network cards make some logic: * 1st backup/installation * 2nd service * 3rd admin access Now you don't use old broken card but you can't make new one being first for example. I don't say this is good design but I saw it used a lot in my previous job. Renaming new card to old one is impossible. disable the on-board card in BIOS, or since you obviously aren't repairing the board, pry the chip off the mobo (yes, I've done this...friend of mine gave me some re-badged Sokris 4501 machines with bad NICs -- I popped off dead chip (it was the one getting too hot), and suddenly my remaining ones became sis0 and sis1 (and the heat generation dropped a lot). A little hot glue in the deactivated port, and I now have a perfectly good 2 port Soekris. But really...if you are living with dead on-board hardware, you need to have the ability to make exceptions to policies like that...and in all cases, some kind of labeling should be done. [elsewhere in thread] So what is this good for in other OS? ... other OSs have really stupid naming conventions. They make up for the problems with their naming conventions by adding features. Those features create new problems, which are solved by adding other features. Those features create new problems, so that creates opportunity to make MORE features. And everyone knows, the more features you have, the better it is, right? The OS with the most features wins! OpenBSD is for losers who actually have to get work done, not just fiddle with time-saving features all day. (yes, the default naming convention of OpenBSD causes some problems, but they are easy to understand and easy to deal with. Certainly easier than the fixes that try to eliminate dealing with the simple problems by creating massive problems) Me? If I have two identical machines with RAID 1 disks, and I have one configured Just Like I Want It, I think I should be able to pull one drive from the configured machine, pop both drives out of the second machine, stick the removed disk from the configured machine in the secondary, change the IP address and machine name, maybe remove the host SSH keys, and be up and running. I should then be able to insert the two free drives into the open slots and have the mirrors rebuild. OR, if a machine fails and I have an identical machine, I should be able to remove the disks, put them in the spare machine, plug the wires in the same place in the spare machine, power on and be back in operation with ZERO reconfiguration. This is something I should be able to walk a non-technical person through over the phone (i.e., secretary, janitor. Not managers, I have given up walking them through things). This Just Works on OpenBSD. It doesn't work easily in most other OSs. Nick.
Re: OpenBSD 5.2 AHCI problems with IBM x3250 M4
On 03/09/13 19:26, Roger Wiklund wrote: If I enable AHCI mode in UEFI/BIOS and boot from the cd52.iso, the installation finds the disk (sd0) and I can setup everything in fdisk and complete the installation. However when I reboot, the system can't find any operation system. It works if I change it to IDE mode, but I don't want that. VMware ESXi 5.1 installs and boots just fine with AHCI mode. I'm trying to figure out if the problem is with OpenBSD or my hardware as the x3250 M4 runs UEFI and I guess has some sort of BIOS emulation. I've tried 5.3 snapshot with the same result. Any pointers? Thanks! You will need to make sure the machine is in plain ol' BIOS mode. Sounds like you have something fancier than anything I've got. :) But... if the system is coming back saying it can't find an os, that is a more basic problem than OpenBSD -- that's a flubbed boot loader install or a BIOS trying to boot from the wrong device. To get the system to try to boot, very little is required -- a partition marked active in the MBR, and a valid signature (0xAA55), and the MBR code, and the BIOS to try to boot from that. If you aren't getting that, either the OpenBSD installer is freaking out in some really odd way that I don't think we've seen before on just your machine or you did something odd during the install that you didn't think was important, or your BIOS is trying to boot off the wrong thing (which I'm currently leaning towards). You can test my theory... boot off your CD, when you get to the boot prompt, try boot hd0a:/bsd, see if it boots. If not, try hd1a:/bsd and any other hd*a that shows up before the boot prompt. If it boots, you have proven OpenBSD is compatible with your machine. If you needed to tell it hd1a or hd2a, then your BIOS is trying to boot from the wrong device. If that doesn't work, boot from the CD in ahci mode, and show us what the output of fdisk sd0 looks like. Nick.
Re: Intel hyperthreading w/ Atom E6xx OpenBSD 5.2?
On 03/07/13 23:24, David Ruggiero wrote: I've been using OpenBsd for 8+ years on my main router/firewall (4 NICs). Time to upgrade (I'm back on v3.8, yikes). Past time, really. Solots to learn / re-learn here. Have patience. First question: I'll be loading 5.2 on a low-power, Atom E640-based box (the Soekris net6501). That chip has two Hyperthreading cores. Several net-references (esp. calomel.org ) advocate turning off HTT in the bios when using OpenBSD for faster interrupt servicing / task switching latency. Butperhaps that advice is pre-5.2, when we got pthreads(3) support? What's the best current advice for that kind of one-cpu, multi-logical-thread system? 1) Single processor kernel or multi-processor (smp) kernel? 2) If the latter, HTT turned on or off? it is extremely unlikely that you would ever notice the difference. This is like arguing about which motor oil gives you the best top-end speed of your car...while you are stuck commuting in bumper-to-bumper traffic. This is not the knob you need to turn. It seems to be a computer industry obsession about tuning the system for optimal performance when you aren't coming anywhere close to maxing anything out (hey, I've done it, often to pathetically comical results, myself). It is also absolutely trivial to test these things yourself... One BIOS setting, a choice in kernels. Nick.
Re: SSH public key auth vs OTP auth
On 03/05/13 15:36, Lars Noodén wrote: On 03/05/2013 10:29 PM, Peter Bisroev wrote: [snip] 100% agree. Having unencrypted private keys was one of the reasons that I have started looking into OTP/TOTP. At this point, I think it is probably better to force untrusted users (those who cannot be trusted to keep their private keys encrypted) to use TOTP with sufficiently long passwords (login_totp-and-pwd) and allow trusted users a bit more freedom. [snip] What level of encryption is deemed adequate nowadays? Regards, /Lars who have you pissed off/enticed, and what other entry methods are you exposing? Realistically, cracking encryption is not high on attacker's list of methods at the moment...usually other ways are faster and more productive. On the other hand...if this is the only exposure you have AND they want you...crank it. Otherwise, you are probably putting too many big locks on the secure door...and neglecting the open window next to it. Nick.
Re: Softraid 3TB Problems
On 03/03/13 00:34, Joel Sing wrote: On Sun, 3 Mar 2013, Brandon Tanner wrote: ... OpenBSD area: 64-5860533168; size: 2.7T; free: 0.0T #size offset fstype [fsize bsize cpg] a: 2.7T 64RAID c: 2.7T0 unused # bioctl -c 1 -l /dev/sd1a,/dev/sd2a softraid0 softraid0: SR RAID 1 volume attached as sd3 This will assemble the volume from existing metadata if it exists. Any chance you created a 2TB 'a' partition to start with and created a softraid volume with it, then resized/recreated the disklabels? I'd certainly suggest zeroing the drives (via dd or similar), or using -C force (dd is more certain). The size is read directly from the disklabel, but only when the metadata is first created (after the metadata exists, we read the size from the metadata). All of the variables involved appear to be 64-bit types so I do not think that 32-bit truncation is occurring, although there are some signed/unsigned issues that should be addressed at some point. If zeroing and recreating the metadata fails to solve the issue, I can provide a diff that adds some debug info. I just took my pair of test 3TB disks (thanks to the donor!) and verified that, if zeroed first, there is no issue setting up a (most of) 3TB RAID1 via softraid. Nick.
Re: rsync too slow between two disks with softraid crypto
On 03/01/13 19:16, Luis P. Mendes wrote: Hi, I installed a new disk to my small home server in order to have a backup of the previous disk. The backup is intended to run during late night hours using rsync. First time, I rsynced some system directories to the second disk and it worked quickly. Now, I'm trying to rsync a big encrypted data partition to another (almost same size) encrypted data partition in the second disk. And speed is abysmal. ... My system: OpenBSD 5.2-current (GENERIC.MP) #107: Mon Nov 19 12:58:00 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz Why does this happen? What can I do to improve the crawling speed? quit using an anemic processor for real work? Atom = low power consumption for low performance processing. Crypto = high processor utilization per unit of data moved. Atom + lots of crypto = unhappy user Slow processor is often backed with slow supporting hw, too (i.e., disk IO) (Keep in mind...what does sufficient crypto at ISP link speeds is completely insufficient for what you probably want out of disk speeds.) 'course, since you SNIPPED YOUR DMESG, it could probably be a lot of other things too... (hint: if you are so sure you know the minimal amount of info we need to resolve your problem, you can undoubtedly solve your own problem) Nick.
Re: Softraid 1 Help
On 02/22/2013 01:00 PM, Brandon Tanner wrote: Hello, This is my first time posting to this list. I am wanting to setup a softraid 1 array, with two 3TB drives. Every guide or howto I can find though is about installing onto such an array. My case however, the boot drive is on its own, a 250GB'er. I simply want to create the array with softraid, mount it at /storage, and use it. Does anyone know of any guides that cover this kind of scenario? man bioctl. I also have a few questions about what I read so far. 1. a few guides talk about using the MAKEDEV shell script. Do I still need to use that for my scenario? oy. You have to understand what you are doing...not just type things randomly that you find on the 'net... (I sometimes get tempted to post a page (anonymously, of course) of tips for people to do... all of which being slightly obfuscated versions of major data loss instructions, such as rm -rf / or format c:, to use as a way to encourage people to understand what they are typing. Other times, looking at some of the crap on the 'net, I see people have beat me to it, unintentionally) 2. Also, since my target array will not be a bootable array, do I still need to fdisk -yi the devices? I read in the FAQ that fdisk won't report the sizes correctly, but that I shouldn't worry though, since disklabel with the b option will cover it. why would you not want to do the fdisk step? Can you live without it?...well, if done perfectly, probably. I'd suggest just following the man page... If you got to ask, just do it right. If you understand, you will probably opt to do it right, too. 3. My two identical 3TB drives are sd1 and sd2, and bioctl reported that sd3 is created. I ran newfs -O 2 on it, and that seemed to work. I can't figure out how to mount it though. mount /dev/rsd3c /storage says something about block device required. um. you ran newfs on what? yes, you created sd3...but you still have to fdisk it, disklabel it, and THEN you can format the partitions. And, you don't use the 'c' partition as a file system. ever. Just don't. (and for those in the peanut gallery who say, but I got away with it!, no, it just didn't bite you yet). See FAQ14... you can skip the -O2, unless you are making an under-sized partition you may later want to growfs to FFS2 size. Nick.
Re: Millions of files in /var/www inode / out of space issue.
On 02/19/13 05:47, MJ wrote: Which app are you running that is generating millions of tiny files in a single directory? Regardless, in this case OpenBSD is not the right tool for the job. You need either FreeBSD or a Solaris variant to handle this problem because you need ZFS. What limits does ZFS have? --- The limitations of ZFS are designed to be so large that they will never be encountered in any practical operation. ZFS can store 16 Exabytes in each storage pool, file system, file, or file attribute. ZFS can store billions of names: files or directories in a directory, file systems in a file system, or snapshots of a file system. ZFS can store trillions of items: files in a file system, file systems, volumes, or snapshots in a pool. I'm not sure why ZFS hasn't yet been ported to OpenBSD, but if it were then that would pretty much eliminate the need for my one and only FreeBSD box ;-) The usual stated reason is license, it is completely unacceptable to OpenBSD. The other reason usually not given which I suspect would become obvious were the license not an instant non-starter is the nature of ZFS. As it is a major memory hog, it works well only on loaded 64 bit platforms. Since most of our 64 bit platforms are older, and Alpha and SGI machines with many gigabytes of memory are rare, you are probably talking an amd64 and maybe some sparc64 systems. Also...see the number of ZFS Tuning Guides out there. How...1980s. The OP here has a special case use, but virtually all ZFS uses involve knob twisting and experimentation, which is about as anti-OpenBSD as you can get. Granted, there are a lot of people who love knob-twisting, but that's not what OpenBSD is about. I use ZFS, and have a few ZFS systems in production, and what it does is pretty amazing, but mostly in the sense of the gigabytes of RAM it consumes for basic operation (and unexplained file system wedging). I've usually seen it used as a way to avoid good system design. Yes, huge file systems can be useful, but usually in papering over basic design flaws. Nick.
Re: [obsd] Re: Assigning an IP address to a bridge
On 02/14/13 06:50, Stuart Henderson wrote: On 2013/02/14 12:19, Jeremie Le Hen wrote: One minor comment: you don't *need* to reboot. Although it's a good practice to reboot after you're done setting things up to make sure you don't have any ephemeral configurations (that you will obviously have forgotten about when you reboot for some other reason and find you something is not working as expected). I fully agree on your comment. Provided this is explained in 6.2.5, perhaps the 'Reboot and voil?' line should be removed ? We need to say something; we could either leave it as-is about rebooting, or we could add the same information that is scattered through half the other examples in the file. I think it's fine as-is, really. On the other hand, the section right before the one Jeremie wrote also recommends a reboot, so it is consistent in that way. ehis is one of the reason I put this line. Also, my reasoning was that people who are skilled enough to configure this manually (I mean, without a reboot) probably don't need to go through this document. I agree, (well, either they don't need to use the document, or they can pick the relevant bits). No need to complicate it with you can do it this way, or do it that way, but if you do it that way then watch out for this and this. agreed. I have no desire to reinforce many people's bad habit of making config changes, manually implementing them, and not rebooting to find out of the machine comes up as they hope. Many people consider it a badge of honor that they don't have to reboot their machine to make config changes, and most of their coworkers would like to slap 'em silly every time they have to reboot one of their machines when they aren't around...and half the services don't come up, the mount points are all wrong, and things are generally just bad. I'm good with this diff going in as-is, but a few comments regarding style... We don't need to be naming specific machines and manufacturers. ...we have a machine with four vr(4) interfaces ... would work just fine. I see Stuart did this. While I personally love the Reboot and voila, I'm always concerned about how non-English/French readers would handle this -- does a Chinese person reading the FAQ understand this? I'm hopelessly monolingual, so maybe I worry about the wrong things here (and this from the guy who re-styled the FAQ as the Hitchhiker's Guide / Bugbuster's Guide, so what do I know? :) but...good work, thanks! Nick.
Re: need help --reboot of newly installed OpenBSD 4.7 on Toshiba Libretto 70 neds in integet divide
On 02/14/13 03:41, Hugo Villeneuve wrote: On Fri, Jul 09, 2010 at 17:07:53, Hugo Villeneuve wrote: On Fri, Jul 09, 2010 at 11:20:51AM +0200, Ariel Burbaickij wrote: Hello all, following situation: I installed OpenBSD 4.7 on Toshiba Libretto 70 4.7 using hard drive donor installation method, i.e. I used the original Libretto harddrive and installed OpenBSD 4.7 from install47.iso on it using different machine. Space is left on the disk for hybernation information to be saved. Once installed back to Libretto 70 I am able to boot but only up to following point (last 3 messages from dmesg and message from kernel): vscsi0 at root scsibus0 at vscsii0: 256 targets softraid0 at root kernel: integer divide fault trap, code=0 Stopped at cpu_switchto+0x76 My Compaq 433 20MB upgraded to 486DX2 stop one instruction before that. So it's probably unrelated. http://eintr.net/temporaire/GENERIC.47.issue.full.txt I thought it was a combinaison of low memory (originaly 12MB and then 20MB) and the archaic hardware being left behind so I haven't made an proper bug yet. But the machine works with a slimed-down 4.7 kernel. (One where every non-necessary driver is commented.) I self reply to this very old email for prosperity and because I was asked off list how I boot GENERIC on my Compaq Presario 433 (486). I figured which drivers to disable via trial and error and it has worked every release since. I can boot GENERIC by disabling: it schsio Disabling one or the other doesn't work. Both need to be disabled. See boot(8/i386) and boot_config(8) for details on how to do that. dmesg with trace/ps: http://eintr.net/temporaire/486-issues.txt I don't know if that would work with the original Toshiba Libretto 70, but it works for my Compaq Presario 433 and I've been told for an IBM ValuePoint 486DX2/66. [Note: GENERIC compiled without it,schsio works fine. GENERIC with every drivers, that attach to isa, not in RAMDISK disabled and it and/or schsio re-enabled fails. Beside this, my Compaq Presario 433 works fine. It's my only OpenBSD computer running 24/7 and occasionally does NFS/Diskless server duty.] An fyi: you will probably find that (near) future OpenBSD versions will not run on machines with less than 32M RAM. The kernel will be moved up to the 16M point, to allow space for ISA DMA buffers, so stripping the kernel of unneeded drivers won't get you below 16M (and probably not below 24M). Nick.
Re: Constant attacks and ISP's are ignoring them
On 02/14/13 18:24, Daniel Bertrand wrote: Hello, Thanks for providing such great software. It really is much appreciated. I was wondering what your stance is about the constant hack attempts on machines on our ISP networks.. It happens. You can't stop the attack attempts. You can stop them from being successful. It takes more than technology. (that's MY stance) It costs them nothing to try to hit your systems. The likelihood you can prosecute them is just about zero. Even if your computer has no useful data sitting on it, it is still a very useful resource to them. No cost, no risk, high potential gain. Guess what is going to happen... I see CONSTANT scanning for ports from all over the world, mostly from Italy, Russia, and China. Doesn't matter where they are from (well, you can argue this. China and India are mostly after Intellectual Property. Russian mob is after financial info. Your next door neighbor is after adding you to their botnet. That's assuming your attackers are after you in particular. Most likely, it's just an automated scan from someone's compromised machine). Some people spend a lot of time classifying them. Me? I don't want any of them in my network, I don't care who they are or what their motives are...I only care about their methods...and how I can counter them. Every firewall/router product that I have purchased has been compromised so far. I don't believe this at all. Not one bit. More likely, your machines BEHIND your firewall/router have been compromised by careless users. Unfortunately, no firewall will prevent stupid...and lots of people think they can. I work in an environment where people ARE after us in particular, they want OUR data, it's targeted attacks, not (just) random knob twisting (that's part of the fun -- the roar of the random knob twists helps hide the targeted attacks). They don't compromise our firewalls, they aim for our users. The normal configuration for most home firewalls or routers is block incoming, pass outgoing, which is easy for the users, but all that does is block unsolicited incoming attempts. If you can be persuaded to open the channel to the bad guys (that's the pass outgoing), they can then utilize your systems. That's not your firewall/router being compromised, that is your users being exploited. Is there really a secure, trustworthy adaptive filtering firewall configuration for each OS configuration out there? If you have stupid users, it's unplug the wires from the back of the computer. If you have a block all incoming rule, your users will end up being the weak link. You don't need specific rule sets for each OS, and in fact, it won't help...you are already (hopefully) blocking unsolicited outside contact. The problem is the invited contact: the website visited, the application downloaded. Most people who are on the net are completely oblivious and helpless when it comes to this constant trolling for access, they have no idea what to do to secure their machines. Shaw has neglected me and left me for dead when I ask for better control and protection from malicious attackers. not their job. AOL tries to make it their job...and totally your machine up in the process (got that, Mom? no, didn't think so. *sigh*). Meanwhile...if you have a simple block all incoming router/firewall, disable Java, remove any product put out by Adobe, and practice safe computing, you can live a pretty safe life at the moment on the 'net. At the moment, Java and Adobe products are the primary things that let bad guys onto your system through your firewall while you are behaving yourself (that is not to say they are the only potential risk, but when it comes to exploits in mass-market OSs, thar's whar da gold is). What do I do to make sure I don't spend money on new hardware but get a PF configuration that I can trust besides block in all? Are there published rulesets for Mac/Windows etc. that we can just drop into our pf.conf and /etc/pf.anchors/ directory? No. Your problem is basically one of users, which is outside our ability to save you. For sake of analogy (and my apologies to my those who have heard me babble this one many times before) ... let's say you run a business, and as part of that business, you have a fleet of vehicles that are used as an important part of that business. You find you have a few drivers who are responsible for a large number of events with those vehicles. Do you: 1) Fire those employees? 2) Reassign them to non-driving occupations? 3) Retrain those employees to be better drivers? 4) Put bigger bumpers and better airbags on the vehicles? In the computer industry, we do #4. We never do 1 through 3. There is a belief that technology can make dumb people safe...and it just isn't true. Note: as I'm using it here, dumb or stupid doesn't necessarily mean a character flaw...it's just the people who haven't been trained or learned how attackers hit you. Why do
Re: OpenBSD-Update Tool
On 02/10/13 08:33, Crookedmaze wrote: ... Thanks for replying guys, I have looked into using snapshots but it looks like the snapshots are based off of current and I had a look at the FAQ and in section 5.1 of the FAQ it says. Between formal releases of OpenBSD, /snapshots/ are made available through the FTP sites http://www.openbsd.org/ftp.html. As the name implies, these are builds of whatever code is in the tree at the instant the builder grabbed a copy of the code for that particular platform. Remember, on some platforms, it may be DAYS before the snapshot build is completed and put out for distribution. There is no promise that the snapshots are completely functional, or even install. This makes me a little nervous and I think I would rather just follow release with errata patches or just follow stable. One thing that is different between OpenBSD and most other open source projects (and probably most closed source projects) is that we work hard to keep the source tree ALWAYS functional -- if something goes into the tree and is attached to the build, it either works, or beatings will be applied. If you install a snapshot and it doesn't work, someone screwed up, it's your job at that time to scream loudly and make sure people know, so the offending code is fixed or backed out, and measures will be taken to deter the offender from doing it again. (You don't want to know, it isn't pretty.) Unfortunately, our practice is rare enough that most people have a (justified) fear of living at HEAD of the source tree, and even an expectation that it is completely broken. Things are different here in OpenBSD. But really, it's an extraordinary event for snapshots to be broken, and it is important that people test them. (That particular part of the FAQ has been updated repeatedly to try to get the tone Just Right, and probably responsible for more..uh.. heated e-mails from Theo to me than anything else. And, I it looks like I missed this particular section last time I updated the paragraphs very shortly before it. Improvements are taking place now, see if I can get it in before Theo lights his flame thrower...) OK, System Administrator I see what you mean by overhead now, now that I think about it I am starting to see what you mean by undue burdon (why would you add something new if what is being used right now works just fine?) I will have to have a look at marc.info and see what I can find on the topic on binary updates there also. Nick your right I should stop trying to make OpenBSD like FreeBSD or Linux, in all honestly I don't really mind the current update process, really the only actual problem I have had with it is simply that if you had multiple servers running OpenBSD (eg if you had 200 servers why would you build the patch on all 200 of them) yes, don't. Build on one, fast, otherwise mostly idle machine. Build a release. Install to your 200 other machines. Done. but the tool Brian suggested I look at looked promising in that it looks like you could just apply the patch on a single system build a package and have all the other servers install the package. Nick I also agree with you that there is a certain simple elegance about OpenBSD its actually one of my favorite things about OpenBSD in that it is secure by default and the installer for it is great because I can install OpenBSD in about 3 minutes (as opposed to 20-30+ minutes on others) not to mention all the time I would normally have to spend hardening the system post install. With OpenBSD its just a matter of checking the errata page. I think 'e's got it. :) Nick.
Re: OpenBSD-Update Tool
On 02/09/13 21:23, Crookedmaze wrote: Dear OpenBSD Community, Hello I am wondering if there is a tool similar to FreeBSD-update on OpenBSD? If not are there any reasons for why a tool like this hasn't been developed? Also if there isn't a tool like this (I am pretty sure there isn't one as I have checked) if I were to develop one do you think it would be accepted into OpenBSD? Please let me know what you think! Sincerely, Crookedmaze actually, I have been wondering why FreeBSD doesn't have a simple process for upgrading like OpenBSD's. Before any tool as you propose would be accepted, it would have to be proven to be better than what we have, not just different. I'd suggest spending a little time learning OpenBSD as OpenBSD, rather than trying to make it like FreeBSD (or Linux, or ...), and you would probably find a simple elegance unrivaled in the free software world. After doing some FreeBSD work for my day-job, my primary reaction to FreeBSD is, well, beats Linux, but geez they really need to be looking over our shoulders more than we need to be looking over theirs. Nick.
Re: openbsd and vmware
On 02/05/13 06:03, Bogdan Andu wrote: Hello, A few questions related to openbsd and vmware. What are the best practices to run OpenBSD in vmware? Just Do It? I haven't found any problems running OpenBSD in VMware ESXi or whatever they call it this week. I usually just tell the management tool the VM is a FreeBSD system. However, I'll admit my uses are fairly simple and more development/testing/low-need type stuff...i.e., VM appropriate. Are there any known problems one should take into consideration before virtualization? Lots. The exact same as any other OS, though. All eggs in one basket, security farce, complexity leading to increasing downtime, etc. In short, take almost everything VMware calls a benefit, invert, and you are close to reality. But again, nothing to do with OpenBSD. In terms of OpenBSD on VMware benefits...forget vmware tools. Much of the functionality is built into OpenBSD, unlike most other OSs pushed for virtualizing. I already have a functional machine runnig OpenBSD 5.2 /amd64 on bare metal. It is possible to create a virtual machine from one already running apart from installing the os in vm and then migrating and installing all applications? In almost all cases, you will find OpenBSD much easier than most other OS for this kind of stuff. Take a physical machine, disk image it, drop it on vmware, boot single user, mount root partition, rename hostname.whatever0 to hostname.em0, if you are not using DUIDs (and you switched from wd(4) to sd(4) disks), fix fstab (not necessary if you are using DUIDs), and it will just work (I may be forgetting something, but it's all totally simple). Try that with Windows or Linux -- not gonna happen. Note: P2V by raw disk image is not my recommended way of doing it, but I find the ability to do it shows how darned nifty OpenBSD is about things like this. Nick.
Re: Still possible to get OpenBSD onto Soekris net5501 via qemu install to flashcard?.
On 01/14/2013 10:15 AM, Sarah Caswell wrote: Hi all, I'm having a frustrating problem getting OpenBSD-current (or snapshot) to run on my Soekris net5501. With previous versions of OBSD I was able to use qemu to install to a compact flashcard directly, by connecting the flashcard to my laptop and then starting qemu like so: sudo qemu -hda /dev/sd0i -cdrom install52.iso -boot d (and many variations of this command mostly pertaining to the /dev/sd0 section) funny definition of directly. ... P.S.: I know there are other ways to get OpenBSD running on a Soekris but I've always liked the utter simplicity of the qemu-based install. using an emulator = simple? If you don't understand the tools well enough to troubleshoot the problem, I really don't believe your assessment there. I don't know much about qemu, but I see a problem in the command line. This is what *I* call simple: Take your USB flash card reader to a free machine with a USB port. Put an OpenBSD CD in it. Boot off CD. Install to CF device. Use DUIDs. Create a /etc/hostname.vr0 (or whatever your soekris uses for its primary NIC), and do other network configuration as needed. Put flash device in Soekris. Done. direct, simple, bare minimum of extra tools. Machine doesn't even have to be able to boot from the USB port, though you can't test it before installing on soekris if it isn't. (variation: install bare minimum system on flash drive, move to Soekris, at the boot prompt, tell it bsd.rd and re-install exactly as you wish. If *I* were doing that, I could do it from an installed OpenBSD machine of the same platform without taking down the machine or booting from a CD. I'd call that simple, but I understand some basic tools that we try to keep normal people from having to use. The info for figuring out how to do that is all in the OpenBSD FAQ, though not in recipe form.) Nick.
Re: OT using absolute paths in scripts
On 01/13/13 12:03, Maximo Pech wrote: At work, we have an information security area for IT. They mandate that on all shell scripts we have to use absolute paths for every single command. I feel that this does not provide real security and only makes scripts somewhat more painful to write. What's your opinion on this? I'm not too impressed by this plan for system scripts. If someone got in to add files to default path...they've already been in your system. They are worried about someone dropping a new perl in /sbin which does something you aren't desiring, but if they can do that, they can generally modify the /usr/bin/perl or similar. It sounds like a lot of modern model security...let 'em in, make their life difficult once they are there (oh, and really annoy administrators in the mean time). pain = security, right? (oh, and difficult can mean make 'em die laughing). Now...if you are talking about scripts that ordinary users are intended to run, slightly different story, as users are relatively easy to trick into changing their $PATH and/or adding things to $HOME/bin... or doing it on their own, and wondering why YOUR script blew up shortly after they installed their own custom 'cp' command, and put it in their path before your silly, boring system 'cp'... Nick.
Re: vi vs ed in bsd.rd - proposal
On 01/12/13 06:22, Paolo Aglialoro wrote: So guys, I perfectly understand (and respect) how much many of you use and value ed. As much as others have a repulsion for it, but this is not my point: no, it's like the scissor jack and lug wrench in my Jeep. If I get a flat tire on the side of the road, I'd really wish I had my hydraulic floor jack with me, along with a spinner wrench or maybe even my impact driver and sockets. 'cept...my Jeep has very limited storage...and a tire goes flat very rarely. But when it does... I have a few choices... 1) sit and cry, I want my floor jack! 2) wait a few hours for someone else to come and help me. 3) grab the lug wrench and scissor jack and be back on the road in 15 minutes. ed isn't a contender in the my favorite editor contest. I doubt anyone uses it when another option is available for anything other than practice. But sometimes, you have a downed system, you need an editor, you don't have a valid or known terminal config in place or enough system running to use 'vi'. I've had to rescue enough systems with invalid/unknown/messed up terminal configurations that I'd never support REPLACEMENT of 'ed' with a full screen editor. Some day...you may need to, as well. Spend 15 minutes, and become capable with ed. You don't need to be fluent...just capable of fixing an /etc/fstab file, and other basic things. Beats having people driving by, laughing at you for sitting on the curb crying about the lack of your favorite tool. Nick.
Re: vi vs ed in bsd.rd - proposal
On 01/11/13 16:38, Paolo Aglialoro wrote: ... Btw, how many are really using ed everyday, now in 2013? I believe I'm not the only one who thinks this. My guess is that vi could be more appreciated by most of the user base more than ed. If you claim to be a unix administrator, learn ed. If you have to bring up your OpenBSD or Solaris machine in single user mode with an unavailable /usr (and thus, no dynamically linked apps), you will be glad you know it. It's an always there tool...it just works, and it ain't so bad if you spend 15 minutes to learn how it works before you need it. Nick.
Re: growfs on bsd.rd
On 01/08/13 23:38, Hugo Osvaldo Barrera wrote: On 2013-01-04 00:41, Aaron Mason wrote: On Fri, Jan 4, 2013 at 1:28 PM, Hugo Osvaldo Barrera h...@osvaldobarrera.com.ar wrote: Hi all, I'm curious as to why growfs is not included in bsd.rd. Is there any particular reason for this? I belive it would be inmensly useful - since bsd.rd is the first thing one would think of when needing to grow a root partition (or a partition you don't want normally want to unmount). I've googled a bit, but haven't found anything related. Cheers, -- Hugo Osvaldo Barrera It's not too difficult to add tools to the ramdisk. http://www.thats-too-much.info/2013/01/04/work-smarter-not-harder-roll-your-own-openbsd-ram-disk/ My goal with this email was rather aimed to suggest growfs be included, or to ask why it isn't, I've found I can easily mount /, copy growfs, and umount / as a quick workaround anyway. space is at a premium on the ramdisk kernels. Since there's a quick workaround, I think I'll take drivers or other things where there is no workaround... Nick.
Re: 3k machines
On 01/01/2013 05:15 PM, Friedrich Locke wrote: Hi folks, i am managing some openbsd machines. There are a company, here, in the city a live that holds about 3k machines and i not including servers hardware; only desktop. I was wondering: How do you manage such a volume of nodes, i mean, in an efficient manner. Any experience with that ? Thanks. depends on your definition of manage and how the machines will be used...and I'm assuming 3k means around three thousand computers, not MIPS3000 systems. If they are, for example, student machines, you probably want them re-imaged regularly (weekly? daily? between each user?), so building an app to do this into a PXE booting system might take care of a great part of your challenge (bsd.rd hacked to have its install script do a forced reload/reimage) I'm guessing that diskless (or mostly diskless) workstations wouldn't give the performance users expect, but if that's wrong, that's a better choice. If they are business workstations, you probably DON'T want to do complete reloads unless someone really hoses their machine, and you probably don't want auto forced updates all at the same time. I'd probably set up a hacked bsd.rd to be PXE booted when someone wanted to upgrade, and you would monitor your daily reports (automated!) to produce a list of out-of-compliance machines that need to be updated for manual poking. btw: rdist is in base. Key thing is to decide for yourself exactly what manage means, then work out the tools that can help. But when you have lots of similar machines, things need not be difficult. Nick.
Re: Running OpenBSD on Raspberry Pi
If you think you can implement OpenBSD on a Raspberry Pi machine, shut up and hack. Then, make the result fit with the OpenBSD policy statements in http://www.openbsd.org/goals.html and http://www.openbsd.org/policy.html THEN talk about it. If you can't do it, no point talking about it. OpenBSD Developers have made their opinions on this system quite clear. If you look at what NetBSD and FreeBSD are saying about their Raspberry Pi support, it doesn't look at all Ready for use -- NetBSD doesn't seem to have any useful I/O (i.e., USB, network), and doesn't list it on their platform port pages. FreeBSD is not self-supporting, and the information about it seems to be only in blogs, not the main freebsd website (type Raspberry into their search box). The Raspberry Pi people have not seemed overly cooperative with people wishing to port other OSs to their platform, which is, of course, their right...but it is also our right to not show great interest in the system for that reason. Nick.
Re: openbsd clusters
On 12/27/12 17:25, Jiri B wrote: On Wed, Dec 26, 2012 at 03:26:43PM -0500, Nick Holland wrote: Probably thinking of this thread: http://marc.info/?t=117689108200011r=1w=2 and my two contributions to it. A number of other people provided some good (and some bad) comments, too...read through 'em all. You get to decide which are useful and which are not, and what is right and what is wrong. Keep in mind that thread is almost six years old...500GB was a big disk back then. However, I'm still quite proud of that system. (and in case you were wondering, my employment ended with that employer about four months later. That also makes a great story, but quite off-topic. They did replace my system with a proprietary system that cost many times as much). Only setup I can imagine which cannot fit into this setup of small partitions combined with filesystem structure and symlinks is this one 'unrestricted space offered directly to a user via ftp/sftp/ssh' As we cannot predict how fast and when he/she would fit the storage, moving later user's whole data to bigger one is slow and still not a solution. It seems to me that giving a user direct access to his data root dir while telling him about no space restriction is not possible. I would say that's true, period. Fancy stuff only lets you push off the problem to a bigger number, but you always have some finite storage available, and if given no limits, no checks, no costs, you WILL fill it eventually...unless you have an inbound pipe that's slower than your procurement process for new storage (and I'm going to argue, that's cheating! :) If your task definition is give a user direct access to unlimited storage, well, yes... I may not have the greatest solution in the world for you...but then, you crafted the question in a non-business savvy way to stump me (me: you don't need unlimited storage for most real world tasks you: My real world task is to give someone unlimited storage) -- you are ignoring all laws of economics, and your solution WILL have serious issues because of that (why do we have a problem with spam? Because it's painless and risk-free for the sender. Why are we seeing a resurgence in telephone-based scams? Because it's become painless and risk-free for the scammer. Why will your task blow up in your face in predictable ways? Because there's no cost to the consumer of your disk space. Econ 101). But still...this is not a statement of an actual problem to be solved (I need to be able to upload lots of huge video files for exchange with other people), but a proposed solution (unlimited direct access to file systems). So I'm not going to admit defeat. :) On the other hand, if the user would not require one big directory for his data, then filesystem layout could be hidden to the user and mentioned setup would fit - although instead of direct ftp/sftp the user would use some specialized client to get his files, the setup would use some UUID and keep track of UUID and his owner (or something similar). Any comments? Do exists some proxies which would mirror files immediately when a user is uploading them via some common protocol? And when the user deletes some of his files the proxy would delete the copy? (rsyncing later regularly could be quite problematic if you would have many users uploading for example a couple of GB files...). actually, rsyncing is fantastic for huge files...it can verify quickly and sync at hardware's capability for mismatches. Lots of small files, you start having file system overhead. If you look at some of the Big File Sharing Services, I think you will find this problem has been solvedand considering the fact that many of them offer some service for free, or at least a fraction of the price per gigabyte that many high-end solutions give you, I think it is safe to say it is NOT being done with high-end SANs, but cheap commodity hw and disks (and low maintenance solutions, too). Realistically, you will have upload limits. 2GB is an upload limit above which, http starts having issues and some file systems start having issues (note: USB devices are still often formatted with variations of FAT file systems, which have a 2GB limit). So..you let people upload to a temp area...if you accept 2GB as an upload limit, a 500GB upload area would cover a fair number of uploads. If you want 100GB upload limit, well...500GB will fill rapidly, but you can have a lot of these temp areas, and a 2TB file system isn't so crazy anymore. Your user uploads to this area, the received file name is uniquely generated and tracked by a database. When uploads are complete, you give the user some kind of key to identify THEIR file (maybe just the original name, when combined with their user ID), and the database tracks it. After the upload is complete, the system identifies the size of the file, and looks around in its storage chunks for a place to put it, and slowly (to not tax the disk
Re: how to save /home during reinstall
On 12/27/12 05:57, lilit-aibolit wrote: On 12/27/2012 12:29 PM, Wesley wrote: Le 2012-12-27 14:15, lilit-aibolit a écrit : Hello misc. I have a /home at old system and I want to install new one from scratch. But I need to save all data in /home without moving it out of box. As I understood I need to stop at this point: Use (W)hole disk or (E)dit the MBR? [whole] At this prompt, hit Ctrl+C or ! and Why don't you mount a second disk and backup /home to this one? just before fdisk part. Cheers, Wesley . For example I don't have physical access or second disk. Or I have a situation when I need to roll back to previous 5.1 system version and then probably to 5.0 due to Dec 11 14:13:38 gw /bsd: rum0: device timeout Dec 11 14:13:39 gw /bsd: rum0: could not transmit buffer: TIMEOUT In 5.0 I had no problem with rum0 in AP mode, but in 5.2 I have. well... you need to get a bug report in; I see no bug reports on rum issues in over a year. That's the real problem here. Reverting is not a good answer here. As for your question... Before reinstalling, make note of where all your partitions are mounted currently. For a reinstall, the fdisk prompt will include Existing OpenBSD partition or something along those lines...you will chose that (the default). After that, you will be brought to the disklabel options -- you want to chose CUSTOM Layout. Define a mount point for all partitions you wish to reformat, do NOT define mount points for the /home partition or any others you wish to retain. You aren't marking don't reformat partitions, you need to mark where all partitions will be mounted, leaving out the ones you wish to retain. After you complete your install, edit your /etc/fstab to point to your old /home partition, mount it (I'd suggest a reboot), done. btw: you will want to practice this locally on a test system first. Nick.
Re: how to save /home during reinstall
On 12/27/2012 07:48 AM, lilit-aibolit wrote: On 12/27/2012 02:24 PM, Nick Holland wrote: On 12/27/12 05:57, lilit-aibolit wrote: On 12/27/2012 12:29 PM, Wesley wrote: Le 2012-12-27 14:15, lilit-aibolit a écrit : Hello misc. I have a /home at old system and I want to install new one from scratch. But I need to save all data in /home without moving it out of box. As I understood I need to stop at this point: Use (W)hole disk or (E)dit the MBR? [whole] At this prompt, hit Ctrl+C or ! and Why don't you mount a second disk and backup /home to this one? just before fdisk part. Cheers, Wesley . For example I don't have physical access or second disk. Or I have a situation when I need to roll back to previous 5.1 system version and then probably to 5.0 due to Dec 11 14:13:38 gw /bsd: rum0: device timeout Dec 11 14:13:39 gw /bsd: rum0: could not transmit buffer: TIMEOUT In 5.0 I had no problem with rum0 in AP mode, but in 5.2 I have. well... you need to get a bug report in; I see no bug reports on rum issues in over a year. That's the real problem here. Reverting is not a good answer here. As for your question... Before reinstalling, make note of where all your partitions are mounted currently. For a reinstall, the fdisk prompt will include Existing OpenBSD partition or something along those lines...you will chose that (the default). After that, you will be brought to the disklabel options -- you want to chose CUSTOM Layout. Define a mount point for all partitions you wish to reformat, do NOT define mount points for the /home partition or any others you wish to retain. You aren't marking don't reformat partitions, you need to mark where all partitions will be mounted, leaving out the ones you wish to retain. After you complete your install, edit your /etc/fstab to point to your old /home partition, mount it (I'd suggest a reboot), done. btw: you will want to practice this locally on a test system first. Nick. Thanks for reply Nick, I just did it: 1) select openBSD area 2) select custom 3) delete and create all partition except /home 4) reboot 5) edit /etc/fstab and add line for my /home end it's work! You may find my letter about rum0 with subject rum0: device timeout from 12/11/2012 03:15 PM I'll look into how to create bug report, but how to be sure that it's not my issue? I just reverted to 5.1 and it seems to work much more stable: I can start several ping in wireless and sit in ssh via wifi without lags. You don't actually need to delete and recreate partitions...simply name the mount points you wish to reload, and ignore the ones you don't. Nick.
Re: Request improvement for faq 15.2
On 12/27/2012 10:10 AM, Live user wrote: I think 15.2.2 should go before 15.1.1, since if there's no point in running pkg_* when the PKG_PATH is empty, which is after installing using the interactive method. there is no 15.1.1. 15.1 is an introduction, no commands where PKG_PATH would be used are given. Assuming you meant 15.2.1, that's just a list of tools and what they do. I see no implication that you have been given enough information -- other than the man pages, which do mention PKG_PATH -- to expect that you should be executing commands based on 15.2.1's content. If that brief introduction is prompting you to start running commands, there's a problem, and I don't think it is with the documentation... I think this section is ordered quite correctly, actually. Furthermore, using 'export PKG_PATH=' sets a volatile variable, which in blank again after restarting. I think the faq may include the guideline to make it persistent as well. um. it does... in 15.2.2, in fact. Nick.
Re: openbsd clusters
On 12/25/12 19:50, Eric Furman wrote: Not long ago Nick did go into some detail about this very thing. I don't remember how long ago or what the thread was about, but you might find it in the archives. Just search for Nick Holland. Anything you find will be worth reading in any case. :) *blush* Do not feed The Ego. :) Probably thinking of this thread: http://marc.info/?t=117689108200011r=1w=2 and my two contributions to it. A number of other people provided some good (and some bad) comments, too...read through 'em all. You get to decide which are useful and which are not, and what is right and what is wrong. Keep in mind that thread is almost six years old...500GB was a big disk back then. However, I'm still quite proud of that system. (and in case you were wondering, my employment ended with that employer about four months later. That also makes a great story, but quite off-topic. They did replace my system with a proprietary system that cost many times as much). Nick. On Tue, Dec 25, 2012, at 04:03 PM, Sebastian Neuper wrote: On Sat, 22 Dec 2012 22:43:54 -0500 Nick Holland n...@holland-consulting.net wrote: On 12/22/12 07:54, Friedrich Locke wrote: ... But for other services i don't have now what i could use. A example: i need a file system that must expand by adding more machine in the network in a simple way. in plain English: I'm not thinking out the design carefully, so I'm going to rely on fancy shit to haul my ass out of the fire when the predictable (and not so predictable) happens. You don't need that for your problem, you need that for the solution you came up with for your problem. Your solution is wrong. So, please let's go more in detail. If you want a openbsd fileserver with a few terra bytes storage, secured by a raid; the file server should handle a lot of media files in future and should provide them via network; what motherboard, cpu, network and (perhaps) raid controller would you buy, to assure, that it is best supported by openbsd, reliable, easy to maintain and costs less then 0,5k? In our company, we purchased a media file server (48TB for 40k+) a year ago based on Linux and it sucks. Promised features only work sporadic, and to make it work, there are workarounds around workarounds. But I don't want to get more in detail. I think, nobody of you heard of Avid or Editshare or work alot with the Adobe Suite. Now, this server is almost full and we will have to buy an expansion. Exact the scenario, Nick explained. I'm looking for an openbsd solution for my home since I first throw a glance at our new expensive 'thing'. But I don't know, if I should follow the blog entry build a home server with openbsd 3.9 or the 'howto make a fileserver with openbsd' dated 2 years ago. So what hardware would you buy for an openbsd file server, to get it fast enough to provide hd video media assets via network? Which set is a robust and good solution and tested and proven by yourself? Best, Sebastian. -- Sebastian Neuper pha...@gmx.de
Re: Nginx log rotation
On 12/26/12 17:02, Paolo Aglialoro wrote: ... Btw, as apache is still present in faq, is any man nginx.conf / faq entry planned or the only nginx.org is THE doc resource? Thanks The reason for FAQ entries about things like Apache/httpd being chrooted is that it isn't standard in the main Apache distribution (STILL...but that's another rant), and creates an unexpected surprise for OpenBSD users. So, we document it. An alert about the nginx default chrooting would definitely be in order. Other things? Not sure. I just lit up nginx on one of my systems to replace the apache-derived httpd, and it was pretty darned simple, so we'll have to see if OpenBSD-specific Questions end up being Frequently Asked...but I have no desire for OpenBSD.org to become a primary source of information about generic nginx usage. Nick.
Re: Compression is broken on (S)hell booting install52.iso
On 12/26/12 19:38, Live user wrote: When using (S)hell from live cd installer, the what? the /install CD/ produced by the OpenBSD project? or a live cd that someone else produces? I'm going to assume you mean the install CD...which is in no way to be confused with what people traditionally call a live CD. # gzip something file.gz gzip: compression not supported right. compression is not something that the install media has to do -- it's a decompression tool only. # tar -jcvf archive.bz2 something tar: could not exec bzip2: No such file or directory bzip2 isn't on the install disks at all, nor is it part of the base system. Is this intentional? quite. In the case of i386, sparc and some other platforms, the installer image is crafted to fit within a single 1.44MB floppy. A complete OpenBSD install is a few hundreds of MB. Obviously a few things need to be left out or minimized. Every byte counts on the install images, it really does. Now, if you really mean someone's live CD, then yes, maybe you have grounds to complain...to them, not to us. Nick.
Re: Broken link on faq14
On 12/26/12 19:30, Live user wrote: On this page http://www.openbsd.org/faq/faq14.html at see the Setting up disks part of the Installation Guide The link redirects to faq4.html#Disks which no longer exists. yes, thanks. I just committed a fix, it is on the main site already. Nick.
Re: openbsd live cd installable?
On 12/23/12 17:24, Francesco Cardi wrote: Hello, for the longest time I try to read more material useful for openbsd to learn as much as possible, I bought the book :) I always follow the project carefully because it is my preferred system, I have done many tests with the system but i never managed to create a live cd installable, there are links to the live version but it is not installable. Dovo I can find some information material on this? greetings Understand how things work and it's trivial. Sounds like you already found a Live CD version of OpenBSD. I fail to understand the point, but they are out there, some people like 'em great (be aware, they ARE unofficial...but then, so is this advice). You want to install, too? ok, if it isn't there already, put bsd.rd in the root file system. Put the install files in the same place they'd be in the install CD. When you boot it, specify bsd.rd instead of the default kernel, ta-da, you got an install disk. You will probably want to use a DVD, as you won't have a lot of spare space for running files, install files and applications. Or just build yourself a usb disk. MUCH more useful, 'cept for really old machines which don't boot from USB. Nick.
Re: openbsd clusters
On 12/22/12 07:54, Friedrich Locke wrote: ... But for other services i don't have now what i could use. A example: i need a file system that must expand by adding more machine in the network in a simple way. in plain English: I'm not thinking out the design carefully, so I'm going to rely on fancy shit to haul my ass out of the fire when the predictable (and not so predictable) happens. You don't need that for your problem, you need that for the solution you came up with for your problem. Your solution is wrong. You know your needs will change in the future, so build the whole system around the idea of modular storage and other scalability design features -- not unlimited expandable storage. Chunk your data from the very beginning. In the case of a mail server, part of the user's LDAP record indicates the storage unit where it is stored. Yes, this is a better design. I've seen many designs where the answer was toss it all in one pool, let some 'advanced technology' keep my ass out of the fire. They have all been total shit. Usual result: the advanced technology gathers the kindling, splits the logs, lights the fire, and tosses your ass on the pyre before you ever get around to the first expansion. If you wish to argue that your problem is special, and requires One Big Pool of Storage, feel free to tell me about it (off list), maybe someone's got one. More likely, you will be telling me about your SOLUTION which requires one big pool, not the root problem. (I'm not above learning new stuff, but I'm done with assuming most people know something I don't -- that's something that is really annoying to be wrong about, I'm finding). Your design should incorporate (among other things): * initial load handling. * future load handling improvements. * future storage upgrade. * future storage REPLACEMENTS (you want to remove your three year old storage module in favor of a new one ten times the size, but your six month old one is still quite good) * future complete solution replacements. (*) the simplest possible solutions that will accomplish the above within acceptable business frameworks (i.e., not we'll have our entire IT staff working a major multi-day holiday because that's the only way we can accomplish this) Nick. (*) if you ever wish to keep a closed source solution OUT of your operations, this is your magic weapon to use with responsible, thinking people. Every closed source solution is built around the idea of keeping you a captive customer. But the fact is, if your business is run well, in 50 years, it can still be around. You will almost certainly have to replace entire systems with competing products some day -- your company's success should not be dependent upon a third party remaining in business. So, an exit strategy has to be part of any good system design (even though it almost never is). How are you going to scrape your legacy data off your old system and install it into its replacement? When the APIs are proprietary, you won't... Ask your prospective vendor If you go bankrupt or otherwise leave the business next year, how will we move OUR data stored in your system to another product? They will start with We aren't going anywhere, which you know they would say if they weren't sure about getting their paychecks next week. 'course, most people are not thinking about the long-term health of the company, but the short-term what can I stuff on my resume on my way out the door before this blows up
Re: Help with the board H77-D3H
On 12/20/2012 11:01 AM, What you get is Not what you see wrote: I try to install OpenBSD 5.2 i386 to a box with this board. It has an Intel G645 Pentium processor with 4GB of ram and a 500G of Sata3 hard drive. It has an onboard AR8151 ethernet which I understand is not supported by the generic kernel. There is a web page about a diff workaround which dont I dont bother now because I plan to use other nics in the worst case. So my problem is not currently with this nic now. I hardly installed 5.2 generic (it took 5-6 hours, because the cdrom was too slow) and now it cant boot. clue! I mean, when booting it comes to this line in dmesg root on wd0a . swap on wd0b dump on wd0b wd?? another clue! and the error occurs init : cannot stat /etc/login.conf No such file or directory sh: /etc/rc No such file or directory init: /etc/pwd.db No such file Enter pathname of shell . I guess the /etc/ filesystem is not mounted or there is no such filesystem. I try to change some bios settings without success. Even I tried disable acpi option when booting but this leads to debugger menu from where I dont know how to report the dump etc. So any help would be appreciated. Here is the board manifacture's web page http://www.gigabyte.com/products/product-page.aspx?pid=4141 and no dmesg. that's the missing clue, of course. serial console collection would be nice. I'm guessing, as it sounds fairly new-ish, that you have an option to run the SATA ports in AHCI mode, and obviously, you are not. I've found at least some AHCI controllers in compatibility mode are between glacial and unusable. Yours sounds like it was glacial during install and unusable after boot. Dig through your BIOS for options to change the mode of the SATA ports to AHCI (enhanced good non-sucky no idea what they'll call it). You will know you are in AHCI mode if your disks come up as sd rather than wd devices. Nick.
Re: How to list available all hard disks in OpenBSD
On 12/20/12 22:17, Indunil Jayasooriya wrote: HI, I would like to know How to list available all hard disks in OpenBSD ? If I run below 2 commands, it will give an output. dmesg |grep wd0 fdisk wd0 If you want USEFUL, you might use: dmesg |grep ^[sw]d if you care about floppies and/or cdrom drives, add a cf in there, too. actually, if you want to script it, you will want to lock it down a lot further...but that gives a nice view for humans to read. If I install a new Hard Disk, How to get to know whether it is wd1 or anything eles? well, the numbers aren't picked randomly -- see start of http://www.openbsd.org/faq/faq14.html If you know your computer (and read that article a few times with no preconceptions), you can predict what the next hard disk name will be. In Linux, Fdisk -l show all the available hard disks. In OpenBSD what's the command for it? One of linux's many non-charming displays. Try this: $ sysctl hw.diskcount hw.diskcount=9 $ sysctl hw.disknames hw.disknames=sd0:4b8432d7819c0c85,cd0:,sd1:954c43c63da1e128,sd2:d9f3f58824ed9e20,sd3:4b8432d7819c0c85,sd4:ef8be159ad6b717f,sd5:eb3971fada5612b9,sd6:e4fc87e6abfa5e45,sd7:e92e54806f9e4124 In case you are wondering...that's a six physical disks and a couple softraid disks on a sun e250. (do a sysctl hw on your machine...in many cases, you will be amazed) Or use duids, and don't worry 'bout names. Keep reading in the above link. :) Nick.
Re: Plausible deniable encryption
On 12/19/12 00:50, Robert Connolly wrote: Assuming you have read what is out there, I have a technigur and the margin was too small...
Re: Wireless WPA and crypto hardware
On 12/15/12 11:45, Martin Kjær Jørgensen wrote: On Sat, Dec 15, 2012 at 11:03:00AM +0100, Tobias Ulmer wrote: On Sat, Dec 15, 2012 at 09:52:28AM +0100, Martin Kjær Jørgensen wrote: Hi misc Can a wireless interface (say, athn) make use of a hardware crypto card like hifn when using WPA/WPA2 as encryption? From a quick look through the kernel: No, net80211 does not use the crypto framework, therefore it can not use any hardware crypto devices. Usually the chip itself can do the necessary operations, but that seems disabled. It's all done in software, I think. More generally, modern CPUs hardly break a sweat doing a few crypto ops. The overhead to talk to accelerator cards is usually large and only makes sense on (really) slow hardware. Then there is the whole issue of bus bandwidth and transferring the same data n times. Do you think an AMD Elan 133 Mhz is modern enough for at 54/mbit wireless WPA2 throughput? Are you kidding me? That's about as non-modern as OpenBSD/i386 supports. Seriously. That's a 4x clock multiplied 486. The only things less modern and supported are 3x, 2x, and 1x 486 chips. The machines I have seen those chips in have difficulty pumping that much data, ignoring encryption (though in large part, I suspect, due to the crappy NIC chips). Nick.
Re: BSD licensed gnupg replacement question
On 12/10/12 21:45, Maximo Pech wrote: ... Well, with the information you have given me so far, I think the answer is something like nobody has written it because we have more important things to do and nobody believes there is a real need for that. Am I right? I have lived a long time and never used PGP, GNUpg, NetPGP...whatever on my own systems. Never had a reason to, never had the desire to. Got a task at work where this may be requested, and in that case, it's because they are doing it wrong, trying to make e-mail into a secure communications channel. In my mind, e-mail is a non-secure communications channel, and I'm not fond of trying to bolt-on gadgets to make non-secure things look secure. You seem to have a problem you expect all of us to have that requires a PGP-equivalent to solve. Apparently, we don't all share this problem. You have not told us what this problem is you are trying to solve...but in general, naming the tool rather than naming the problem you are attempting to solve is bad process. You are coming in as if you are trying to sound high-and-mighty and pointing out what fools we are for not having (yet again) reinvented your favorite tool in base. You have yet to make a case for: 1) why such a tool should be in base, when obviously no developers seem to think it should be. 2) why such a tool should be reinvented Yet Again, when there are multiple varying degrees of free implementations out there already. 3) why you care. What are you doing that could possibly be improved drastically by a BSD-licensed PGP implementation in base? In fact, your question appears to misunderstand the /reason/ we would want a BSD licensed anything in base -- it isn't over a my license is better than your license pissing match, it's about what you could DO with that. The GNU license on GNUgp puts limitations on your ability to modify and redistribute it in a commercial product. Being that PGP is sorta a standardized product...do you want people distributing modified versions of PGP? anyone who has reason to do that will find plenty of crypto libraries and tools in OpenBSD, they won't need to tear apart and rebuild a PGP tool. Yes, the OpenBSD project cares a lot about cryptography, but using it where it makes sense using as few tools as possible to do it right. Hey, why don't we have a crypto-ls? It's really important! What if someone is looking over your shoulder when you do an 'ls'? Nick.
Re: BSD licensed gnupg replacement question
On 12/09/12 06:50, Nico Kadel-Garcia wrote: On Fri, Dec 7, 2012 at 4:24 PM, Chris Cappuccio ch...@nmedia.net wrote: ,,, OpenSSH and OpenBSD IPsec represent the OpenBSD solutions to the quality and licensing problems in those areas. OpenSSH is still the gold standard, OCF/IPsec, maybe not. PGP worked, was public domain, encrypts files, and solved one problem. Network layer encryption is an entirely different, and for many, a much more important problem. SSH is the gold standard: OpenSSH is the popular and effective freeware version, which did solve a number of issues. i.e., the better than gold standard. Thanks for the clarification. I agree completely. :) I've actually used an appliance which used ssh.com's SSH. I suspect I am in the vast minority in that regard. That particular manufacturer switched to OpenSSH in a later version of their products. I talked to them about why they used SSH.com's product (and had a separate license key in place just for it) rather than OpenSSH. It appears it was something of an internal question; no one still there was quite sure why they did that. Nick.
Re: Installing 5.2 with PXE
On 12/09/12 11:17, ML mail wrote: Hi, I want to install OpenBSD 5.2 amd64 with PXE so I downloaded the latest bsd.rd and pxeboot file from: ftp://ftp.openbsd.org/pub/OpenBSD/5.2/amd64/ and put it on my TFTP/DHCP server but when I boot this specific files I get the installer for OpenBSD 5.1 and not 5.2. Is this intentional? Not even unintentional. or am I doing something wrong here? yeah, you are doing something wrong. The files your TFTP server is serving is not the files you think you downloaded. To prove it to yourself, assuming your TFTP server is the same platform you are trying to install, do a config -ef bsd.rd, it will show you the header of the file you think you are making available. If that says 5.1, you didn't download what you think you did. If it says 5.2, you aren't serving what you think you are serving (i.e., your tftp server isn't configured like you think it is). Nick.
Re: PRIMERGY RX200 S2 installation problems
On 11/29/12 06:42, Tony Berth wrote: Thanks Both i386 and amd64 fail! But, are that many differences between stable and current? You caught us, nothing has changed in OpenBSD since 1995, we just drink beer and increment the version number every six months. /sarcasm The most significant changes tend to take place just AFTER unlocking of a new version of OpenBSD -- i.e., BEFORE the CDs ship. So yes, -current is significantly different than the most recent release. Now, step away from the ! key, and lets see if we can help you help us help you. Here's the situation... apparently, no one has been installing OpenBSD on this particular machine before. Never heard of it myself, whatever that means. A quick google showed me a lot of PDF files I don't wish to look at, but apparently it is a rack-mount server. There's apparently a problem between this machine and OpenBSD. You have three choices I see: 1) provide one or two of these machines to developers. 2) provide useful information to developers 3) give up, as without either 1 or 2, we aren't going to be able to help you. I'm going to guess you don't have the spare money/machine to provide a few machines to the project. The first piece of useful information we could use would be a COMPLETE dmesg, collected via a serial port as an install kernel boots. So, grab a null modem cable and another computer, and gather that for us...then maybe we can give you some suggestions. The dmesg tells us what is in your machine, how it is connected, and sometimes, an idea of what went wrong. Nick. On Thu, Nov 29, 2012 at 11:20 AM, Michał Markowski markows...@gmail.comwrote: 2012/11/29 Tony Berth tonybe...@googlemail.com: s a fresh install! I couldn't find a CD image for current or did I miss something? Try latest snapshot, e.g. http://ftp.icm.edu.pl/pub/OpenBSD/snapshots/i386/ (or amd64, you didn't specify) -- Michał Markowski
Re: openbsd 5.2 i38 migrate to amd64
On 11/24/12 08:26, bofh wrote: On Thu, Nov 22, 2012 at 10:08 AM, Nick Holland n...@holland-consulting.net wrote: On 11/22/12 09:58, bofh wrote: Can I just run install - upgrade and install everything but etc.tgz and xetc.tgz? Any post installation stuff I have to worry about? No. Reinstall completely. Do not try to migrate without a complete wipe/reload. Thanks! Out of curiousity, are there executables that are in i386 but not amd64 or vice versa? I can see issues with libraries. Am just curious. Well...if your i386 install pre-dates your amd64 install... you might have abandoned binaries laying around (ccdconfig, for example). And that's not counting any other non-OpenBSD-provided binaries (i.e., things not managed by the package tools) you may have installed on the system. An upgrade between versions is one of those things you will often get away with. There are a lot of things in life you can get away with (often) which are not recommended. This is one of them. Nick.
Re: openbsd 5.2 i38 migrate to amd64
On 11/22/12 09:58, bofh wrote: Can I just run install - upgrade and install everything but etc.tgz and xetc.tgz? Any post installation stuff I have to worry about? No. Reinstall completely. Do not try to migrate without a complete wipe/reload. Let's phrase this differently... Pretend you could take a sparc64 disk and put it in an amd64 system and it was still readable. Would you think it reasonable to upgrade? Of course not, they are totally different platforms. In the case of OpenBSD, amd64 and i386 are /totally different platforms/. Under the cover, they are more similar than sparc64 and amd64, perhaps, but they are still /different platforms/. http://www.openbsd.org/faq/faq12.html#amd64i386bin Nick.
Re: Unified BSD?
On 11/12/12 15:37, Robin Björklin wrote: Hi! First and foremost I'd like to present myself, I'm a young and naive junior sys admin that think people should be able to compromise and see the bigger picture and the good of the cause. compromise. That is almost always an evil word. In school in the United States, they taught us the glories of the art of compromise, and told us about the wonderful compromises of our founding fathers (mothers need not apply). If you look at them, with one major exception, which I would call a nifty win-win solution rather than a compromise, most of them devalued people or kicked decisions down the road, clearly bad solutions that the wrong were glad to get and the right were willing to live with. By the logic of my teachers, if you wished to shoot me four times and I didn't wish to be shot at all, a good compromise would be to shoot me twice. How could either of us object? I have two fewer holes, you got to do some of what you wanted to do. yay. And of course, a compromised computer is a bad thing. You can accuse me of linguistic games, but I don't think the uses of compromise are as different as people like to pretend. Realistically, OpenBSD refuses to compromise on things it thinks are important. The small number of OpenBSD users like that; in fact, that's the reason we use OpenBSD. The lack of compromise results in high resistance to compromise. WE like it that way. Now over to the reason for my post. As all of you probably know there's a lot of buzz around Gnu/Linux these days and I'm pretty sure you couldn't care less. bingo. What I'm wondering is why the BSD community which from what I can gather isn't as big as the Linux community have decided to split their resources into several different projects/forks/distributions. To me it seems *BSD would be in a more competitive shape if all developers would get in under one roof? That is an opinion. It may be right. As someone who has watched the Unix world since the 1980s, I disagree. It's been diverse for decades; in fact, it's been diverse since it escaped from the first computers it was developed on. That's been both a strength and a weakness of Unix. Lots of attempts to unify it have been made in the past, all failed. All involved committees and compromise. And back to what you said earlier...yes, we couldn't care less. I suspect a number of OpenBSD developers would probably freak out if next year we were the #1 (or #3) OS in popularity...it would be a sign we are probably doing something terribly wrong. Am I bat crap crazy for thinking it could be good to merge the four largest BSD variants out there, take the best bits and pieces out of each and create a Unified BSD? I wholeheartedly support your right to give it a shot and see what happens. Maybe you can break the Winux mindset. The BSD license begs you to take your dream and run with it. I hope you succeed, but only on my terms, of course. :) Your theory has been thought of many times before: http://xkcd.com/927/ (and many people reading this list know exactly what cartoon that is BEFORE clicking on it!) And realistically, that's to be expected. Why are there solutions A and B? Because some people prefer A, some prefer B. Try to make a compromise solution C, you will have people who STILL prefer A, others that STILL prefer B, and a few that think the compromise version is good. OpenBSD's goal has never been to be The Biggest or Most Successful. Just The Best, by the definition we chose. We don't see the good of the cause to compromise being the best (by our terms) for being the biggest, or bigger. Personally, I think there are bigger issues that the computer world needs to address, very high on my list is the level of craptastic design and implementation people tolerate and even encourage in the computer world. Why are your credit cards splattered all over the 'net? Well, I can say with confidence, compromise was involved -- between good design and an arbitrary deadline, between good design and pretty pictures, between good design by a skilled (and expensive) programmer and the $5/day that a programmer in Elbonia charged. Nick.
Re: *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:816 'copy.o')
On 11/03/12 10:29, Hrvoje Popovski wrote: Hello, last few days I want to update the lastest current from cvs um. no. You compile for giggles, you update from binary. (ftp5.eu.openbsd.org or anoncvs.spacehopper.org) and I allways had this error. ... # dmesg OpenBSD 5.2-current (GENERIC.MP) #1: Tue Oct 16 13:12:07 CEST 2012 r...@bcbnfw01.srce.hr:/usr/src/sys/arch/amd64/compile/GENERIC.MP ... You skipped the instructions about start from most recent snapshot.
Re: Upgrade to 5.2?
On 10/31/12 00:13, Daniel Melameth wrote: On Tue, Oct 30, 2012 at 8:55 PM, Matt M. cmorrow...@gmail.com wrote: Yesterday I upgraded from 5.1-release to -current. Is there any need to upgrade to 5.2-release? Could this cause issues since -current is really newer than what's on the 5.2 media? You are now running bleeding edge software/what will evolve and become 5.3. Upgrading this machine to 5.2 will actually be a downgrade and this is unsupported. exactly. Please read the start of http://www.openbsd.org/faq/faq5.html Nick.
Re: Upgrade to 5.2?
On 10/31/2012 07:17 AM, Jamie Paul Griffin wrote: / Nick Holland wrote on Wed 31.Oct'12 at 7:03:48 -0400 / On 10/31/12 00:13, Daniel Melameth wrote: On Tue, Oct 30, 2012 at 8:55 PM, Matt M. cmorrow...@gmail.com wrote: Yesterday I upgraded from 5.1-release to -current. Is there any need to upgrade to 5.2-release? Could this cause issues since -current is really newer than what's on the 5.2 media? You are now running bleeding edge software/what will evolve and become 5.3. Upgrading this machine to 5.2 will actually be a downgrade and this is unsupported. exactly. Please read the start of http://www.openbsd.org/faq/faq5.html Nick. Will the 5.2 downloads be available tomorrow? I read 1 Nov is the release date for 5.2. and that would be tomorrow, yes. I will be doing my first OpenBSD upgrade as i've only been using the OS for a few weeks now. Is it best to remove all packages prior to upgrade and then reinstall them or should we simply upgrade the packges using pkg_add -i once the upgrade has been completed? (Ihave read the documentation on the website, but just for clarity I thought i'd ask on list.) Jamie. http://www.openbsd.org/faq/upgrade51.html (and tomorrow http://www.openbsd.org/faq/upgrade52.html ) I believe nowhere suggests unloading all packages before upgrading. If you have found something official and current that suggests this, please let me know. The only reason to totally unbuild your machine and rebuild it would be if your prior configuration was non-optimal (which is, admittedly, often the case). In that case, though, you are usually better off totally reloading the machine from scratch. Nick.
Re: OpenBSD upgrade guide 5.2?
On 10/21/12 07:29, Rares Aioanei wrote: On Sat, 20 Oct 2012 23:05:20 -0400 Nick Holland n...@holland-consulting.net wrote: On 10/19/12 23:25, Matt Morrow wrote: Does anyone know when the upgrade guides are usually posted? I know we're a couple of weeks away from the release, but I also thought I read that 5.2 cds had already been shipped to some locations, which would imply that it's pretty much ready for release? I figured I'd take some time to look over it ahead of time. usually, posted somewhat earlier than this. :-/ I hope to have upgrade52.html done and committed Very Soon. Nick. Need help? yep, check out what I just committed: http://www.openbsd.org/faq/upgrade52.html Test, verify, etc. Nick.
Re: OpenBSD upgrade guide 5.2?
On 10/19/12 23:25, Matt Morrow wrote: Does anyone know when the upgrade guides are usually posted? I know we're a couple of weeks away from the release, but I also thought I read that 5.2 cds had already been shipped to some locations, which would imply that it's pretty much ready for release? I figured I'd take some time to look over it ahead of time. usually, posted somewhat earlier than this. :-/ I hope to have upgrade52.html done and committed Very Soon. Nick.
Re: Upgrading 3.8 to current
On 10/13/12 13:18, Marc Espie wrote: On Sat, Oct 13, 2012 at 11:47:50AM -0500, Matt Morrow wrote: After dealing with a number of issues due to an old 3.8 install which have been resolved in current releases, I think I'm going to do the individual release upgrades (3.8-3.9-4.0, etc etc) ... Do you *really* want to go from 3.8 to 5.2 one release at a time ?.. I think this is just one case where I would backup, reinstall, fix things... As the guy who writes the upgrade guides... I agree 100% with this. Pop out the existing disk, pop in a new one, install to it, bring it up. Problem that takes you outside your downage window? revert to original disk. Nick.
Re: the idea of /fastboot ?
... I'm struggling with 7Tb filesystems, it takes about 30 minutes to check them in case of cold reset. Too much. Very too much. and currently, no journals or anything else which could speed up 7Tb filesystems check ? Almost always (in my mind/experience), file systems that big are bad design. Break your system into chunks, you will end up much happier, and I suspect your users will be, too. Advanced file systems have costs that have to be considered in system design. ZFS is everyone's favorite file system at the moment, but having played with it a bit, even if it re-released with a ISC/BSD license (don't wait up), I doubt it would ever be accepted into OpenBSD -- it's a knobfest, it's anything BUT set it and ignore it; it's job security for people setting up such systems. In your case...if you have multiple 500GB or 1TB file systems, you can hopefully mount most of them R/O, and not have to worry about fsck times at all. Nick.
Re: the idea of /fastboot ?
On 10/11/2012 01:15 PM, Илья Шипицин wrote: 2012/10/11 Jiri B ji...@devio.us On Thu, Oct 11, 2012 at 09:29:50PM +0600, Ã?лÑ?Ñ? ШипиÑ?ин wrote: there are http access logs for half an year. this is a trivial case where using multiple file systems works wonderfully. it's easier to rotate them on a single filesystem from many points of view, easier ONLY in the didn't have to think about anything sense. Not in the I'll be ripping my hair out over and over again sense. Doing it wrong is usually very easy...initially. we also share it via samba (very tricky to share many chunks). actually, no. /log shared here. Only this is shared. /log/a (full, ro) /b (full, ro) /c (partly full, rw) /d (empty, waiting to be used, rw) /curr - sym link to the active chunk -- in this case, /log/c /smb/[a..d] are individual file systems. and it is bad idea to mount access logs R/O. difficult to rotate. actually, your archival copies should be RO, if you are required to retain them for legal or security reasons. You don't want them changing...you probably want secure hashes made to prove they didn't change. Bad design totally! I remember struggling with backup/restore times to satisfy SLA with huge filesystems having many files... And those were logs. One of proposals we did was to split filesystem into smaller ones and keep old logs on filesystems with read-only. Backup would be skipped, and restore (in this it was TSM) would be much faster if image would be used. j. they are not old logs. generally, today's log is access.log, yesterday's log is access.log.0 and so on. every rotate renames all the logs. older logs are removed. too many tricks with r/o filesystems. also, when dealing with rotating logs within single filesystem, it's cheap, data is not moved. and what if I want to move/rotate many-many-gigabytes logs in case of better design when there're many chunks ? I guess it is hard (and pretty useless) operation from filesystem point of view. incorrect. ok, I can change configs of web-server to store logs in different location every day. you call it better design ?? First solution that leaps to my mind: move your logging to syslog, and send the syslog output to another machine. Now, the availability of your logging system doesn't impact the availability of your webserver. Set up your logging server to log to /log/curr. That's a symlink to a particular chunk of disk. At midnight, you have a little script run, it looks to see if you are within a couple days of being out of disk space on the current archive chunk, if so, you change the symlink (note files already open on the old one will stay open, be ready for that) to the next recording partition. (note: this symlink could also point to a directory within the partition). You can do this in a fixed rotation, I prefer to have a predefined list of use this next, as I've had to off-line storage that I wasn't likely to need, but needed to retain. Another solution: If you don't like remote syslogging (i.e., you absolutely have to retain every line of access, you can't tolerate losing log data when you reboot the log machine, and you don't want to use a buffering log agent app), you could simply scp off the old log files. Generate an sha256 hash for the file when it is rotated out, and when you see the hash, copy the file and its hash over to the log storage machine, verify the hash, and if it matches, delete it from the source machine. If it doesn't match, re-copy the file next time 'round. Really, simple stuff. Much simpler than trying to manage data in one big chunk. What do you plan to do when 7TB isn't enough to retain your required six months of data? How do you back it all up? How do you restore it when the array barfs? If you wish to upgrade your logging capability, build out a new logging system, point the systems at it, mothball the old system and when your retention period is over, wipe the old system (look ma! no copying terabytes of data!). I know some people trying to manage many terabytes of fast-moving data in one chunk. They started with FreeBSD and ZFS, but had problems with it (and a definite Linux bias), so they jumped to Linux, but again are finding Big File Systems are difficult. Would be so much easier for so many reasons if they just chunked their data across multiple file systems... Ah well... Nick.
Re: the idea of /fastboot ?
On 10/09/2012 12:55 PM, Илья Шипицин wrote: Hello! I'm investigating /etc/rc script. And I found the following there: if [ -e /fastboot ]; then echo Fast boot: skipping disk checks. elif [ X$1 = Xautoboot ]; then echo Automatic boot in progress: starting file system checks. hmm... if I put /fastboot, no filesystem will be checked ? so says the code, yes. how it supposed to work for non-nfs filesystems ? properly? they'll be not checked, too? I think I'm missing part of your question...but the answer is in the code, which you are already reading. You don't normally fsck an nfs mount (that advisory has always satisfied my curiosity sufficiently, I've never actually tried it. I probably should). is mount able to work with dirty filesystem ? for some definition of work with -- default is to refuse to mount dirty file systems. what will happen if I put /fastboot and cold reset (which leaves filesystems dirty) occures ? try it and find out? /fastboot is a marker to indicate the system was shut down cleanly, not a user-knob to twist for giggles. If you deliberately place a marker that is supposed to indicate the file system was shut down cleanly when it wasn't, you will break things. The good news is, you get to keep all the pieces. The other good news is it will be fairly easy to fix. Nick.
Re: fix for faq ?
On 10/05/2012 09:14 AM, Frans Haarman wrote: The line mentioning running tftpd from inetd is no longer valid! Its now started via /etc/rc.d/tftpd. this is true post 5.1, the FAQ follows the current release, which is 5.1. So, it is correct as it is now for what it is documenting. Nov 1, things change. Which isn't to say I won't forget to fix this :) Nick. http://www.openbsd.org/faq/faq6.html#PXE You will also have to activate the tftpd(8) daemon. This is typically done through inetd(8). The standard OpenBSD install has a sample line in inetd.conf which will do nicely for you: #tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot which simply needs to have the '#' character removed and send inetd(8) a -HUP signal to get it to reload /etc/inetd.conf. tftpd(8) serves files from a particular directory, in the case of this line, that directory is /tftpboot, which we will use for this example. Obviously, this directory needs to be created and populated. Typically, you will have only a few files here for PXE booting: Regards, Frans
Re: forgot to fdisk -i sd2
On 09/28/12 04:15, Jean-François SIMON wrote: Hello, Yesterday, I have asked someone to install, disklabel, newfs and mount a disk on a small local server machine. I have forgotten to fdisk -i in the first place, it does however apparently work well. Please could you let me know which type of problem there could be or not at all if we do not fdisk -i this particular disk in the future, for normal storage use ... Thanks for help, Jean-François you got a time bomb. it may never go off, or it may cause you problems tomorrow. IF everyone managing the machine does everything right for the life of the machine, you are fine. Its unlikely OpenBSD itself will break this on a second disk in the future (though, we did consciously break it on boot disks in the past, so I'm not going to say we won't break your system in the future). However, since the machine is non-standard, it is exceptionally prone to user errors that could cause you loss of data. If you have just one person administering the machine, you can probably just put a sticker on it that says, warning: wd1 has no fdisk partitioning, and never have a problem. However, you obviously have more than one person working on the system, and since you got this far, I'm going to assume that at least one person managing this machine doesn't know what that sticker would mean. I would highly suggest fixing the problem (unload data, rebuild properly, reload data). Nick.
Re: Compiling from the source on -current Failed
On 09/24/2012 01:52 PM, Stefan Sperling wrote: On Tue, Sep 25, 2012 at 12:29:25AM +0700, Insan Praja SW wrote: Hi Misc@, I was just trying to upgrade to -current by compiling from the source, on an old (6 years) server. I updated make(1) first to the latest (compiling from the source, of course) and compiling the kernel. Using the FAQ instruction, make(1) failed at; {standard input}: Assembler messages: {standard input}:376: Error: no such instruction: `rdrand %edx' *** Error code 1 in target cpu.o Stop in /usr/src/sys/arch/i386/compile/GENERIC.MP: Exit status 1 (line 933 of Makefile, target cpu.o) Upgrade the linker and compiler first, see http://www.openbsd.org/faq/current.html#20120823 and http://www.openbsd.org/faq/current.html#20120831 or actually follow the FAQ instructions... 5.3.2 - Install or Upgrade to closest available binary The first step in building from source is to make sure you have the closest available binary installed. You upgrade to -current by installing snapshots. Compiling from source is just what you do for fun, it is not part of the upgrade process. I think this is made pretty clear in the FAQ. Nick.
Re: How to PROVE your system is up to date?
On 09/18/2012 12:36 PM, Ed Flecko wrote: I have State and Federal regulators that want me to PROVE (since their only used to looking at Micro$oft servers) my OBSD 5.1 server is up to date, and there are no outstanding patches that need to be applied. *I* know that's the case, because I follow the patch branch, but how do I show (i.e., something I could print for them would be best) them my system is up to date and that all patches have been applied??? Thank you, Ed I believe it's a matter of process. Show them you have the check, update and upgrade process documented, including building both userland and kernel as two steps of ONE process, and then, the date of the kernel should show the date updates were last applied. Now, if the kernel date is newer than the most recent patch, you should be set. What if there's only a userland issue? well, you still follow YOUR PROCESS, building a new kernel and userland, and then you can follow the same process to show that yes, your system is up to date. On modern hw, that's easier and faster than documenting why a bug impacting tetris(6) isn't an issue on your firewall. There are other ways to do things, but as I understand it, the trick is you have a process documented (and that implies, you follow it). i.e., weekly, check errataXX.html for updates...if there are any, kick off the build cycle and then a reboot. You want a process you (and someone else) can and do follow...maybe you follow the mail lists, so you might get advanced warning before your weekly check, but your /process/ is to check weekly, and you do that. The idea is, if you get hit by a bus, your successor grabs the book and knows how to maintain the system to the documented level of security. i.e., if you check on Fridays and a fatal issue comes up on Tuesday, you know your maximum window of vulnerability. However, you have to talk to your auditor to make sure whatever you are doing is appropriate for your regulatory environment...
Re: Building a single driver in the source tree
On 09/14/12 20:16, jordon wrote: I am having trouble getting a Hifn7751 to work in an old Soekris box. I want to dig in and see if I can figure out what is going on but I am very new to this. From /usr/src/sys/dev/pci, I typed make hifn7751, but that leads to a lot of compiler errors. Is there some better way to do this or do I just have to build the entire tree first before I start working with some specific parts? Also, where should I looked to find the answer to this? I am very interested in getting into OpenBSD development but I am a little intimidated by the learning curve. jorj read up here: http://www.openbsd.org/faq/faq5.html (DO NOT skip the first section, it's probably the most important). Also, sounds like you need to read up on faq9.html, sounds like you come from another place, and are applying Linuxisms to non-Linux systems. (or typing randomly on the keyboard and expecting something magic to happen :) OpenBSD has a monolithic kernel...all the drivers are In There, you don't have separate drivers for each device. You need to build the entire kernel, but not the entire OpenBSD tree. Once you have the kernel built, you can poke at individual drivers all you want, and when you rebuild the kernel, only those parts that have changed, and things that depend on them, will be recompiled. HOWEVER, if you are having trouble with a HiFn device, you are probably having incorrect expectations, it's broke, or your Soekris has too small a power pack. If I recall correctly (I don't have one myself, nor do I have much need for one), they Just Work, which is also something very common on OpenBSD. Nick.
Re: OpenBSD hangs hard on a flashrd system with either 5.2 current or 5.1 stable with athn(4) patches
On 09/07/12 03:58, Peter Kay wrote: I have a Pentium III system running 5.1 current with athn(4) hostap power saving patches or 5.2 current. It has the slightly unusual configuration of an ISA video card (X not used) and a 64 bit PCI NIC hacked to run in a 32 bit slot, but is otherwise a bog standard desktop. It's running flashrd due to using an IDE to compact flash adaptor. No. You have a 1GB flash card, that's easily twice what you need to install standard OpenBSD, at which point, we would care about the results. ... I can try other hardware on a temporary basis, but what's the best method of diagnosing failure/possible things to try? Yes, flashrd does run a custom kernel, but the differences aren't that major and 5.1 release is reliable. just run standard OpenBSD. Or talk to the flashrd people. Nick. dmesg : OpenBSD 5.1-stable (FLASHRD) #0: Mon Sep 3 04:52:51 BST 2012 r...@fwbuilder.syllopsium.com:/usr/src/sys/arch/i386/compile/FLASHRD ... pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF Card wd0: 1-sector PIO, LBA, 961MB, 1969632 sectors wd0(pciide0:0:0): using PIO mode 4 ...
Re: Apache on OpenBSD 5.2 ?
On 09/05/12 06:15, Mik J wrote: Hello, The web page http://www.openbsd.org/52.htmlsays Added nginx(8), an HTTP server, reverse proxy server and mail proxy server. Does it mean that Apache 1.3 will be removed from the default install ? Thank you someday, perhaps. Maybe even probably. OpenBSD developers don't generally like to maintain two competing products in the tree, so I think the writing is on the wall for Apache 1.3, and we all know later versions are not going into the tree. Removed in 5.2? no. It is still in -current (which is quite post-5.2 now), which isn't hard for you to confirm. Nick.
Re: /etc/rc.d/httpd script : how to use it ?
On 08/28/12 06:34, Wesley wrote: Hi, I use OpenBSD 5.1 RELEASE. To start Apache, i usually use this command : '/usr/sbin/apachectl start' This, works good. Therefore, i tried to do the same using : '/etc/rc.d/httpd start' Nothing happens. What is the use of this last one ? Thank you very much for your reply. Cheers, Wesley # /etc/rc.d/httpd start # That's what you did, right? Problem is, the startup scripts are..uh..startup scripts. They run things if they are configured to run as they are configured to run. i.e., every time your system boots, /etc/rc.d/httpd start is run. But what if your machine, like mine there, wasn't configured to run httpd at boot? In that case, it shouldn't start when you do that...and that's what happens. So...configure httpd to start: # echo 'httpd_flags=' /etc/rc.conf.local and try again: # /etc/rc.d/httpd start httpd(ok) # ta-da! Curiously, this exact example is in the FAQ: http://www.openbsd.org/faq/faq10.html#rc Nick.
Re: /etc/rc.d/httpd script : how to use it ?
On 08/28/12 07:25, Wesley wrote: Thank you very much. But i don't want to have it at startup. It's why i didn't put this line 'httpd_flags=' in /etc/rc.conf.local I was testing radicale package, the famous caldav server. Now i understand better, why it doesn't work. And in my case, 'apachectl start' is enough. not only enough, but correct process. Startup scripts are used to create/emulate the system boot environment. If you just want to temporarily run a process, run it, as you did. Now, for proper system admin, you really should reboot your machine after changing the config to make sure you changed the config properly (and it comes back up without you playing Super Admin, rushing in to fix it after a reboot), but these scripts can minimize the reboots. If you think you have properly activated a daemon, and yet /etc/rc.d/bla start doesn't work, you can be fairly sure it won't work on reboot, too. Nick. Have a good day. Regards, Wesley. Le 2012-08-28 15:04, Nick Holland a écrit : On 08/28/12 06:34, Wesley wrote: # echo 'httpd_flags=' /etc/rc.conf.local and try again: # /etc/rc.d/httpd start httpd(ok) # ta-da! Curiously, this exact example is in the FAQ: http://www.openbsd.org/faq/faq10.html#rc Nick.
Re: Dilemma: between OpenBSD and NetBSD
On 08/12/12 06:32, Ed Ahlsen-Girard wrote: On 2012-08-11 18:43:56, Miod Vallat miod () online ! fr wrote: You will find idiots on @misc. It's one of the few things not in the FAQ. We'd rather not have idiots in the FAQ (-: Miod Alfred E. Neumann was in FAQ until May; the precedent is set. hardly -- the person who plays the fool is often not the idiot. (though, I've seen some pretty convincing performances) Nick.
Re: softraid 5 current state?
On 08/06/12 17:22, Geoff Steckel wrote: Does anyone know what the current state of softraid 5 is? The man page says rebuild and scrub are not supported. The last checkin was about 6 months ago. sounds like your question is answered. Scrub and rebuild are critical for RAID5, if that wasn't obvious... Play, write code, don't put into production yet. Any information would be appreciated. I've got 3 or 4 terabytes that need a reliable home. And yes, RAID is no substitute for backups. One place I worked put 4 drives in a case with fans for 1. RAID go bye-bye. Sometimes, the lack of ability to use your first choice of a design causes you to look closer, think harder, and often you come up with a better solution. For the amount of data you are talking, and the lack of other key words like access time and such, I'm guessing you are looking at music, video and picture-type files. Mostly static stuff. If your issue is not losing data, and your data is mostly static, get a few 2-3TB disks, break them up into 1TB partitions. Fill a chunk, SHA256 all the files on that chunk, mark it read only. Fill next chunk, SHA256 all the files, mark it read only, etc. As the chunks are filling, rsync them to another disk, preferably in another machine. Your actively filling chunk, maybe you want to make that RAID1 until it is full, then copy it off to two separate chunks, and start over. Periodically, re-run your SHA256's against your RO files, looking for changed data...and fix (from the other copy) if found. Note: this can give you an actual backup of your data. Good as a one month rotation with monthly pulls? Of course not, but beats the heck out of RAID(anything). Why chunks (partitions) of 1TB rather than one Huge Disk? Several reasons: * Encourages you to lock file systems and mount them only as read-only. * Encourages you to PLAN for filled file systems. This file system WILL fill in the near future. You will have to do something different in the near future. Plan for it now. * Makes upgrading storage easier: * Install new disk. * Point new files to go to new disk. * if new disk is significantly bigger than old disk: * at leisure, copy chunks from old disk to new disk. * Verify successful copy * remove old disk. (note: 1TB takes a while to move. I don't care how you do it) * Beats the heck out of copying all data from old to new system and being down until it is done!! * RO partitions contain and minimize some kinds of disasters. I did this some years back on an e-mail archive (actually, I used a number of small arrays, rather than individual disks). I must say, there was no question in my mind after running it through a number of technology improvements and other events, several small partitions beat the heck out of one big array. Blew out a big chunk of the storage at one point...no big deal, was restoring from (a snoot-load of) DVDs while it was gathering more data at the same time -- downtime measured in a small number of hours (and no lost data). In my day job, I do have the opportunity to use ZFS and other volume managers and fancy file systems. For the most part, they just cover for bad (or no) system design rather than solving problems that can't be solved better in other ways. Not that I haven't had them help me out (maybe even haul my ass out of the fire), but usually the message should be, your design sucked, you didn't know what you were doing, maybe you should start over. Nick.
Re: getty
On 08/05/12 07:14, Friedrich Locke wrote: I would like to change /etc/ttys to get, for instance: ttyC3 /usr/libexec/getty std.192600 vt220 on secure instead of : ttyC3 /usr/libexec/getty std.9600 vt220 on secure Why? This is not a serial console. (for those that missed it, on a i386/amd64 with onboard video and keyboard, this is what you get on console CTRL-ALT-F4.) Do you think i could run into problems ? Thanks in advance. Here's a knob I don't understand, let's give it a big hard twist. What could happen? Ok, better question: when it won't do what you presumably want (faster console I/O), why are you twiddling with knobs? If you think your VGA is running at 9600bps, either you have a really really slow computer, or more likely (as I have a 25mhz 486, and it throws text on the screen much faster than 9600bps), you don't know what 9600bps looks like (I have used 9600bps consoles. Not at all unusable, but never confused for a VGA adapter). Just...leave it alone. don't touch. Btw: this WILL cause some (hopefully, minor) issues when upgrading. Again: when faced with ZERO benefit, don't take minimal harm. Nick.
Re: That 'C.......org' website
On 07/26/12 06:04, Peter Laufenberg wrote: ... That's bullshit; Google's pagerank means more people are linking to C.l, period. yeah... and by providing another almost 50 pages in every e-mail archive with that website in the topic, we've just perpetuated the problem. Big time. Oops. Please...if you are going to respond to a posting about a website that has crap on it, at least delete or mangle the URL. Don't provide what the website most wants...more links. Nick.
Re: is it legal?
On 07/23/2012 12:01 PM, Wojciech Puchar wrote: http://www.gwebtools.com/ns-spy/put your primary or secondary server here Anyone know from what data does it get such an info? By scanning every possible registered domain ? Could be by recording the info used by a dns resolver they manage. I suspect lots of other ways. I do not want other to get list of what domains my DNS server serve. u sorry? that's not how DNS works. Anyone querying a domain will know who serves that domain. Building a list is trivial. Delivering it to someone else is trivial. Look at why you don't want people to know what you are serving authoritative DNS for...and ask yourself why, and fix it. This is not secret. In general, if you are hoping DNS is keeping secrets for you, you are doing it wrong. And this works - never gives complete list but always a good part. thank you what it gives is interesting -- I'm guessing logs from a big resolver, a search engine, or maybe domain registration changes. Just punched up something I thought could be interesting (a small NS, keeping a lot of unused domains from hostiles/squatters), and it told me things I didn't know, and other things that I think could be more public knowledge didn't show up at all, so I'm guessing domain registration changes (though I don't have a lot to go on there, either). Legal? That would be kinda like telling drivers they can't make note of where stop signs are. Nick.
Re: is it legal?
On 07/23/2012 12:53 PM, Wojciech Puchar wrote: Could be by recording the info used by a dns resolver they manage. I suspect exactly what i thing they do. Actually, they give a pretty good idea how they do what they do on the website: How it works? We have a system running in background that monitor changes on .COM and .NET domains, this system update our domains nameserver database monthly. all public info... Though really, doesn't explain the omissions very well. u sorry? that's not how DNS works. Anyone querying a domain will know who serves that domain. that's true. But anyone knowing one of my nameserver should not be able to know all my domains. That may be your wish, but that wasn't how the Internet was built. the solution seems to not keep domains of more than a few owners on primary/secondary single DNS. not entirely practical, of course. Still i don't really understand why people do such a services that are pure spying. Unfortunately, in the Internet of the 1990s, 2000s and later, build as if everyone knows everything about you and your systems. If you are right, you are safer. if you are wrong, you are still safer. Sites like this do a service by reminding you how public some of your information is. Don't get pissed off at the guy who tells you your fly is open...just take it as additional knowledge you didn't previously have, and use that information to decide how you act before you get up on stage. (sometimes I wonder how well my analogies port to people for whom English is a non-primary language... :) Many things leak information. NEVER assume leaked information soaks into the ground and is never seen again. Good guys let it go, the bad guys scoop it up and make something of it. Worry about what the bad guys are doing... They ARE out to get you... *twitch* *twitch* Nick.
Re: cvsync - creating empty dir 'cvsync'
On 07/13/12 19:38, Jiri B wrote: Hello, does anybody know why does cvsync create empty 'cvsync' dir inside the prefix for repositories? The config is same style as on OpenBSD page with refuse file excluding 'X11' and 'XF4'. (here localhost is ftp5.eu.openbsd.org via http proxy) # cvsync -c /etc/cvsync.conf Connecting to localhost port Connected to 127.0.0.1 port Running... Updating (collection openbsd/rcs) Mkdir cvsync Done (collection openbsd/rcs) Finished successfully # ls -ltr /cvs/OpenBSD/ total 32 drwxrwxr-x 64 root wheel 1536 Jul 13 03:16 ports drwxrwxr-x 16 root wheel 512 Jul 13 07:25 xenocara drwxr-xr-x 4 root wheel 2048 Jul 14 00:18 CVSROOT drwxrwxr-x 19 root wheel 512 Jul 14 00:20 src drwxrwxr-x 46 root wheel 5632 Jul 14 00:21 www drwxr-xr-x 2 root wheel 512 Jul 14 01:33 cvsync # ls -latr /cvs/OpenBSD/cvsync/ total 8 drwxr-xr-x 8 root wheel 512 Jul 14 01:33 .. drwxr-xr-x 2 root wheel 512 Jul 14 01:33 . jirib sounds like a scrap directory in your mirror, probably the result of a minor oops. Check with another CVSync mirror, and talk to the maintainer of your mirror. However, as it is obviously empty, nothing to worry about. Nick.
Re: Running OpenBSD on an Acer Aspire One 110L netbook
On 07/06/12 06:17, David Coppa wrote: On Fri, Jul 6, 2012 at 12:00 PM, Stuart Henderson s...@spacehopper.org wrote: ... N.B. you would need a MiniPCIE card, not MiniPCI. This card, for example, works beautifully with OpenBSD: http://www.computeruniverse.net/products/e90335991/delock-industry-wlan-minipci-modul-2t3r.asp but not with the machine in question, due to the missing 'e' on the end of MiniPCIe. Nick.
Re: Running OpenBSD on an Acer Aspire One 110L netbook
On 07/04/12 12:33, mlambda wrote: Before installing OpenBSD on my Acer Aspire One 110L netbook, I've tried to run it from a USB flash drive and have noticed the following problems (I have also tried the 5.1 release and an earlier snapshot, they showed the same problems): I've been running my Acer Aspire One with OpenBSD since late 2008, and I love it. Mine seems to be a model AOA150, which appears to be the same as yours. Sometimes the touchpad doesn't work (the two buttons work, but the cursor doesn't move), unfortunately this doesn't seem to be reproducible and can only be fixed by rebooting. Disabling and re-enabling the touchpad via the function keys doesn't help either, although they work fine if the touchpad already works. I attached dmesg and Xorg log files for both cases. In my experience, you have to cold boot when switching OSs (mine is dual boot OpenBSD/windows XP). It used to be OpenBSD wouldn't work after Windows had done its thing with the trackpad, now (I believe with the 5.1 support of the Synaptics touchpads), OpenBSD screws up Windows, too (and for some reason, I think this is very cool). So...make sure you are doing a complete power down between switching OSs. I've not noted any problem simply rebooting OpenBSD. HOWEVER, I do think I've seen other people complaining about the trackpad similar to yours -- not sure if I just happen to have a good AAO, or it really is just the power-off between OS switches trick. So it is possible my advice here is not sufficient for you. Is the ath driver supposed to work with this chipset? If I try connecting to a network I get the following error in dmesg: ath0: unable to reset hardware; hal status 3523306684 ath0: unable to reset hardware; hal status 4120431260 nope. Undocumented chip, doesn't work, and at this point, unlikely ever to work. Replace the thing with some other mini-PCIe wireless card, mine has a ral(4) device, others use various Intel cards. Both SD card readers only work if an SD card was already inserted at boot time. Otherwise the following error occurs: sdmmc0 at sdhc0 JMicron Memory Stick rev 0x00 at pci1 dev 0 function 3 not configured JMicron xD rev 0x00 at pci1 dev 0 function 4 not configured sdmmc0: can't enable card JMicron SD/MMC rev 0x00 at pci4 dev 0 function 0 not configured sdhc1 at pci4 dev 0 function 2 JMicron SD Host Controller rev 0x00: apic 4 int 19 sdmmc1 at sdhc1 JMicron Memory Stick rev 0x00 at pci4 dev 0 function 3 not configured JMicron xD rev 0x00 at pci4 dev 0 function 4 not configured sdmmc1: can't enable card Is there any PCI hotplug support in OpenBSD or another possibility to make them work without inserting an SD card at boot time? iirc, the issue was that power is not applied to the card readers by the BIOS unless cards are installed, and no one has figured out the ACPI voodoo to power the cards on from OpenBSD. Find a couple 128M or 256M cards no one cares about anymore, keep 'em in your machine, and you can use the sd card slots any time you want. I keep an 8G card in one of mine (the one that the card goes all the way into) as a backup. At boot, I have the thing rsync a directory of important files to the card (--link-dest rocks, btw), so I've got one usable SD slot... all-in-all, I really love my Acer Aspire One. I've had it since the day the six cell version hit my local retailer in 2008. It spends most of its time running OpenBSD. It suspends/resumes very well, the battery life is quite good (and still is, after almost four years!), the keyboard is usable, the trackpad beats the hell out of the modern Dell machines I've been subjected to. People keep telling me the screen is too small, I usually respond, that's ok, I didn't want you looking over my shoulder anyway. Nick.
Re: Invallid signature in the boot block 2700
On 07/03/2012 02:23 PM, Predrag Punosevac wrote: Dear All, I messed up my wife's USB (FAT16) by accidentally pulling it from my OpenBSD box before it was completely umounted. Running fsck_msdos is producing message Invalid signature in the boot block 2700 Windows 7 is reporting USB drive as non-formated and chkdsk tool is not even attempting to recover anything. Could people who are familiar with forensic/data recovery tools share their wisdom with me and let me know if I can repair this thing and how? In the past based upon recommendation on this list I used PhotoRec to recover erased pictures. Some other recommendations that came up during that conversation were: sysutils/testdisk sysutils/sleuthkit and fatback I wonder if any of those would help now? Thank you! Predrag Punosevac START by making an image of your existing flash drive to another one or a file, using dd. (dd if=/dev/rsd3c of=/home/me/oh-shit.img bs=32k) Now you can poke at it with any tools you wish, and roll back if need be and poke at it with OTHER tools. Nick.
Re: OpenBSD's webpage desing
On 06/27/2012 10:19 AM, Alvaro Mantilla Gimenez wrote: Really? Can we do that? Seems, by this thread and previous about this subject, that nobody is waiting for any diffs regarding this - Alvaro Of course, you can do anything you wish. No one is EXPECTING quality diffs, for our definition of quality, and therefore, waiting would be silly. But...if someone shows us something that is a REAL improvement and not just window dressing, or moving stuff for the sake of moving stuff, I'm sure we'd look at it. Most of what we've seen in the past has been AT BEST, shuffling things around to be more aesthetically pleasing to the one doing the shuffling, and indifferent to most of the rest of us. Maybe that says something about us, but have you actually LOOKED at any OpenBSD developers lately? Provinding visual pleasure is NOT our strong point! The ones that get our attention are the ones that say, here, I redesigned a few pages of your website, what do you think? We (obviously) haven't seen one that made us think, Wow, that's what we need to do!, but it shows someone cared enough to put some work behind their words. Others in this thread have described what would need to be maintained in any improvement. Let me add (as I don't think it was mentioned), static pages, managed by CVS, able to be mirrored by anyone, publicly or privately. Multiple rendering options would be nice. Oh, and we need to keep support for translations to other languages. Keep in mind, I don't think anyone in the project sees any major PROBLEMS with the current website desing, so you must not break anything that developers like right now. This will be difficult. The most interesting suggestion I've heard was to switch to mdoc-based source, then use that to generate html. Note the lack of any cool HTML buzzwords in that statement (and the end goal would be to end up with something that looks and feels very similar to the current site, so I'm sure the suggestions to improve the design would continue), but this might actually IMPROVE things for developers (saner layout language, known by virtually all the developers) hopefully leading to better consistency for readers, and a bunch of other wild ideas that I'm not ready to talk about publicly yet. Maybe one of those Lottery e-mails I keep getting will turn out to be true, allowing me to devote more time to this. :) Something about doing a .Xr cat 1 instead of the monstrosity which is a man page link currently is just SO bloomin' attractive to me... Nick. El 27/06/2012, a las 02:12, Eric Furman escribió: We are all anxiously awaiting your diffs... On Tue, Jun 26, 2012, at 07:52 PM, Alvaro Mantilla Gimenez wrote: Why is not possible to apply a new css style to the current site? That has nothing to do with joomla (and similar) and would keep the site fast and compatible with, let's saylynx or whatever browser do you want to try with the site. I mean, for me the site is ok but a new css style could be a great thing too. Same speed, same compatibility, new design. - Alvaro El 26/06/2012, a las 16:25, STeve Andre' escribió: On 06/26/12 17:57, Pablo Velasco Fernández wrote: I mean.. A modern style. El 26/06/2012 23:55, Miod Vallatm...@online.fr escribió: Hi. I was loolong the FreeBSD web page. And its a cool page with a cool desing. Maybe OpenBSD should change their own page to a most visual web page. ( Its only my opinion ) What do you think? Last time I checked, you could use eyes to browse the OpenBSD website. Why do you consider it non-visual? Miod OK, a modern style. But why? Why is it that a web site that does what web sites should do--convey information--have to be redesigned in order to keep up with other sites? I see this all the time, at work where people seem to think that things like Joomlacough are a good thing. I shouldn't say just work, as I see it everywhere. The OpenBSD site is simple and fast. I keep it in /usr/www which consumes 291M as of today. It's a great web site as it is. --STeve Andre' [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc] [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]