Re: 5.6 arrived
Harald Dunkel wrote Hopefully you agree that the file name snapshots/amd64/install56.iso is misleading? Looking at the file name I had assumed/hoped there is some kind of upgrade path from the install56.iso snapshot to the 5.6 release. Who is being misled? (from an outsider) The overriding purpose of the snapshots and their files and the names of those files is to assist the OpenBSD folk in producing their semiannual release of the next stable release of OpenBSD. Guessing games as to which snapshot and exactly how the developers proceed from snapshot to CD is unlikely to be productive. I expect the exact path is never closely duplicated from one release to the next. Apparently sometimes the new will not even compile on the old. OpenBSD is one of very few places not firmly committed to preserving old mistakes.
Re: openbsdstore: enable javascript and buy something or gtfo
Matti Karnaattu wrote snip How I can have you to be more relaxed? With beer? Just what I need. Life support on drunk programs writ by drunk programmers. Please. You are a threat to my continued existence.
Re: unlink utility
Ted Unangst wrote Sometimes I think refusing to implement stupid standards is the only way to fight back. Thank you. For such as this I lurk on this list, not for help with OpenBSD, but for help with everything else. Something OpenBSD does get right. Good Stuff is not made from more of Bad Stuff.
Re: Security
Harry Callahan: A man's GOT to know his limitations. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of agrquinonez Sent: Friday, January 10, 2014 10:20 AM To: misc@openbsd.org Subject: Re: Security On 01/10/2014 04:44 AM, Nick Holland wrote: On 01/10/14 01:36, agrquinonez wrote: ... [compromised box] ... Ideas are going to be really appreciated, because i am not a technical guy. ok, this is the unpopular answer, but here it is anyway: Stop. You should not be running your own web and mail server. popular/unpopular it is a dhycotomy without any value! Years ago, I used to say that I could make a good case that anyone running a mail server or DNS server should require a license, for much the same reason as one should have a driver's license to drive on public roads: to indicate you have some minimum level of skill so you don't hurt others on the road. (NOT that I would in any way welcome more government involvement in the Internet). I do not care about this comment! (I've run mail servers for around 35,000 users and maybe a hundred domains, and DNS for hundreds of domains...I'd consider myself BARELY sufficiently skilled to pass my hypothetical license requirement. I'm also probably better than 80+% of the people running DNS and e-mail systems in the Corporate World. Be scared.) it seems good for you, i do not care about it! I exempted running a webserver because I felt that your average website was safe to other people...kinda like painting your own car -- you may do a lousy job, but no one has to look at your car/site. Well, these days of web applications pretty much means I was wrong, and yes, they are just as able to harm others on the Internet as mail and dns servers -- maybe even more so these days. Oops, are talking tongues? what is the relation between feeling and objectivity? If you don't know how to track down what happened -- and more importantly, don't know how to KEEP it from happening in the first place -- you should not be running services on the Internet. Using OpenBSD does not render your system unbreakable, any more than putting a five year old behind the wheel of a safe car makes them or the world safe. Correction, if i do not know yet, how to deal with this situation; then i should learn, no? and how do you think genius, that one can learn; If it is not reading and testing? As for what happened in your case, with a total lack of facts from you, I'm going to say you left a guessable password on an account. Someone then threw a list of a few thousand username and password combinations at it, succeeded, and moved in, probably within 24 hours of your setup. If you think your password was really clever, that was almost CERTAINLY your problem, I've seen these lists, they are funny -- you can just imagine people patting themselves on the back over how clever their password is...and there it is on the list to be tried on thousands of boxes an hour. You are really interesting; have you read about .php? I think, that the breach came from php on the web server; it could be because the wrong httpd.conf vhost, or directly to web pages, or to sendmail; which do not really seems the case. The key thing to know is that Internet attacks are not a oh, I was unlucky here thing -- if you expose a service, you are under CONSTANT attack, if you have any kind of vulnerability, it WILL be exploited, and rather soon. Nick. I do not share your way to see the life Nick, I am a responsible man! Thanks for your comments. agrquinonez. PS: Tito: i only have the mentioned services running. ZE: I downloaded it from http://ftp.Openbsd.org; yes, it was checked; DokuWiki came from pkg_add; password is never used; i do ssh-copy-id and then ssh key + pass-phrase. Ville: No, i did not disabled chroot for www Thanks to all. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: cvsync, rsync
INSUFFICIENT DATA -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of hru...@gmail.com Sent: Tuesday, September 17, 2013 10:28 AM To: misc@openbsd.org Subject: Re: cvsync, rsync Marc Espie es...@nerim.net wrote: You have strings A and B, and you know only that hash(A)=hash(B): what is the probability that A=B? 2^-160? No, that's never the problem. You have a *given* string A, and another string B. O.K. You have string A in the client with hash(A)=n. You find string B in the server also with hash(B)=n. What is the probability that A=B? Rodrigo.
Re: Two primary OBSD partitions on a HDD
josef.win...@email.de wrote I read fdisk(8) carefully (At least I think so), but I repeatedly failed to install two OBSDS on two primary partitions of a HDD. The idea was to realize a multiboot by toogleing the boot-flag to the primary partition of the particular OBSD system I want to boot. However, I think that the install process always chooses the same primary OBSD partition for installation (the first that appears in the table?) and I have no control. /jo ##- I'm sure Nick Holland will explain it better, but OpenBSD works from THE (singular) disklabel on the physical disk Other than keeping other OS's out, and a bit of help booting, the fdisk partitions are actually completely irrelevant.
Re: softraid: adding volumes, CPU requirements, RAID5
It works. Translation: It has worked (mostly) for me. (A few times) (Seems like Theo has a good quote about gcc) Boris Goldberg wrote: Hello guys, Thursday, July 4, 2013, 12:40:50 PM, Nick Holland wrote: If the softraid is so raw yet, why the old good RAIDFrame was removed starting the 5.2? It works just fine for me. Big volumes rebuilds take a long while, but it's something working. NH That's quite a leap from RAID 5 is not ready for use to softraid is NH so raw. RAID5 is one discipline of several that isn't complete. RAID0 NH is ready for use, RAID1 is ready for use, crypto is ready for use. I've tried to use the nicer word. Not fully functional and raw are synonyms. NH It is also quite a leap to call old RAIDframe good. NH It was horribly old, unmaintained code, which wasn't well loved by NH developers when it was fresh and current. NH Your assumptions are wrong. I am not assuming, I'm talking from experience. It works. I can install to it (after a small tweak in the script). I boot from it (after a small tweak in the code to pick up swap on raid). It continues to work if one disk fails. It repairs (automatically if you replace the disk and boot - doing much better job than md from Linux). In other words - it's fully functional with some flaws. Fully functional is the key expression here. Is the RAIDFrame old? Yes, but old isn't necessary bad if it's working. Did it need a replacement? Yes if no one was willing to maintain it. Did you need to kill it *before* the replacement is ready? Definitely no. Could you, please, return the RAIDframe support until the softraid is ready? -- Best regards, Borismailto:bo...@twopoint.com
Re: !!!!
Eric Furman wrote: A very simple addition to the FAQ would not be a problem. WOW! This question seems to be asked a lot! A simple addition to the FAQ does not seem to be a problem, Nick. Yes, I know , a very stupid question asked many times. A simplele FUCJ IR Perhaps because it is a FAQ not a FASQ. Seems like stupid questions tend to produce stupid answers. Seems like users BELIEVING in signatures would make for a much more easily crackable system. I always want my enemy to feel secure in quick and easy fixes.
Re: More sensible and consistent rc.conf.local
Mikkel Bang wrote: I'm just thinking that from a layman's perspective named_flags= doesn't make as much sense as named=YES if all you want to do is start named. The way it is right now seems more like monkey patching from the days before OpenBSD became popular. I acknowledge the whole it's been like this for ages, but it's 2012 - it's time to make some power moves. If OpenBSD was on Git / at GitHub, youngins like me would have patched this baby up a long time ago. Mikkel named_flags=NO gives ONE way of NOT starting named. Why should there only be ONE way to start named? Power Moves is to limit named to NO command line parameters???
Re: nonexistent tables in pf.conf
Jan Stary wrote: There is a difference between an empty table and a nonexistent table, and there is a difference between a table not existing at load time and table being deleted. Exactly what difference in behavior is expected? This seems too much like NULL pointer exceptions in Java, where the value of the expression is a crashed program.
Re: What generates the OpenBSD page?
John Tate wrote: Don't enter a logical debate with me. I am not interested. Kinda says it all, don't your think?
Re: Narcicism?
Something about gladly making fools suffer as opposed to gladly suffering fools. Actually they are a lot kinder and gentler than I would be. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John Tate Sent: Thursday, December 01, 2011 1:28 AM To: misc Subject: Narcicism? I think I've found a bug in the OpenBSD crowd. They bug the hell out of me and my little mistakes. I am not talking about people who actually have a solution, but I can't seem to ask anything on this list without parrots coming along picking on me. I think some people just hang out here because it's the most anal bunch of hackers ever, in recorded history. What are your experiences? Is it true that occasionally we attract people who either love bullying or are just lazy and pretending to be one of the clever? It just figures some of these people sit on the list, and email you poorly researched crap with no answers contain. If you hate a question, it truly doesn't belong, bug me. But if you just can't answer a question, ignore it. John Tate. Note: Yes, it's not my list. -- www.johntate.org
Re: USB WD HDD 1.5Tb read/write for files larger than 2048mb
Vitali wrote: I had some big movie files, development directories and so on which I ... Vital information missing: File system on the USB drive Guessing: The USB Drive is FAT32 which has a size limit of 2G on individual files
Re: Burning DVDs
Out of curiosity, WHY should any make install in ports actually DO anything? Seems like the object of ports is to make packages and packages are installed by pkg_add. If you want to be something, say a packager, it helps if you have at least a slight clue what it is all about. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John Tate Sent: Monday, November 14, 2011 9:04 AM To: Fubar Cc: Richard Toohey; misc Subject: Re: Burning DVDs Make install does nothing in /usr/ports/sysutils/dvd+rw-tools/, and the ports is the tarball from ftp://ftp.openbsd.org/pub/OpenBSD/5.0/ports.tar.gz - it does not error there is simply no output. It does compile. I honestly think something has been missed. As for my confused posts, well, it happens I'm not perfect, but it has little baring on anything. On Mon, Nov 14, 2011 at 10:49 PM, Rod Whitworth glis...@witworx.com wrote: On Mon, 14 22:07:06 +1100, John Tate wrote: This has no 'make install' for some odd reason. I clearly should become a packager. I don't see that happening soon given your confused posts here. It seems to be about time you did some learning. packages are provided and are installed by using pkg_add(1). They are pre-compiled and packaged for you. You don't need make install unless you are compiling ports and raw beginners are advised to use packages not ports. In fact the only people who should be compiling ports are those who are 1) competent in the art, 2) are doing it to test patches or upgrades reported by maintainers or 3) have the skills in (1) and need to upgrade to a published port for some technical reason and who know how to make sure that their kernel and userland are recent enough to match the new port version. On Mon, Nov 14, 2011 at 4:31 PM, Richard Toohey richardtoo...@paradise.net.nz wrote: On 14/11/2011, at 6:13 PM, John Tate wrote: Device seems to be: Generic mmc2 DVD-R/DVD-RW. cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code. cdrecord: If you need DVD-R/DVD-RW support, ask the Author for cdrecord-ProDVD. cdrecord: Free test versions and free keys for personal use are at ftp://ftp.berlios.de/pub/cdrecord/ProDVD/ Apparently this support code has been in cdrtools since 2009, the site it tells me to go to tells me I don't need it. It's like bureaucracy, lol. I could build their cdrtools, but the port must be ancient or something. Perhaps I could become a packager. Another port, gtk-gnutella, isn't even worth having if its not maintained. John Tate. http://openports.se/sysutils/dvd+rw-tools http://openports.se/search.php?so=dvd *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it. -- www.johntate.org
Re: Burning DVDs
You might try reading your own message. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of John Tate Sent: Monday, November 14, 2011 9:19 AM To: Fubar Cc: Richard Toohey; misc Subject: Re: Burning DVDs I have dvd+rw tools and cdrecord still gives me this message... cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code. cdrecord: If you need DVD-R/DVD-RW support, ask the Author for cdrecord-ProDVD. cdrecord: Free test versions and free keys for personal use are at ftp://ftp.berlios.de/pub/cdrecord/ProDVD/ On Tue, Nov 15, 2011 at 2:04 AM, John Tate j...@johntate.org wrote: Make install does nothing in /usr/ports/sysutils/dvd+rw-tools/, and the ports is the tarball from ftp://ftp.openbsd.org/pub/OpenBSD/5.0/ports.tar.gz - it does not error there is simply no output. It does compile. I honestly think something has been missed. As for my confused posts, well, it happens I'm not perfect, but it has little baring on anything. On Mon, Nov 14, 2011 at 10:49 PM, Rod Whitworth glis...@witworx.com wrote: On Mon, 14 22:07:06 +1100, John Tate wrote: This has no 'make install' for some odd reason. I clearly should become a packager. I don't see that happening soon given your confused posts here. It seems to be about time you did some learning. packages are provided and are installed by using pkg_add(1). They are pre-compiled and packaged for you. You don't need make install unless you are compiling ports and raw beginners are advised to use packages not ports. In fact the only people who should be compiling ports are those who are 1) competent in the art, 2) are doing it to test patches or upgrades reported by maintainers or 3) have the skills in (1) and need to upgrade to a published port for some technical reason and who know how to make sure that their kernel and userland are recent enough to match the new port version. On Mon, Nov 14, 2011 at 4:31 PM, Richard Toohey richardtoo...@paradise.net.nz wrote: On 14/11/2011, at 6:13 PM, John Tate wrote: Device seems to be: Generic mmc2 DVD-R/DVD-RW. cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code. cdrecord: If you need DVD-R/DVD-RW support, ask the Author for cdrecord-ProDVD. cdrecord: Free test versions and free keys for personal use are at ftp://ftp.berlios.de/pub/cdrecord/ProDVD/ Apparently this support code has been in cdrtools since 2009, the site it tells me to go to tells me I don't need it. It's like bureaucracy, lol. I could build their cdrtools, but the port must be ancient or something. Perhaps I could become a packager. Another port, gtk-gnutella, isn't even worth having if its not maintained. John Tate. http://openports.se/sysutils/dvd+rw-tools http://openports.se/search.php?so=dvd *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it. -- www.johntate.org -- www.johntate.org
Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?
frantisek holop wrote: but for me it's really time to move on. Bye.
Re: I don't get where the load comes from
Joel Carnat wrote well, compared to my previous box, running NetBSD/xen, the same services and showing about 0.3-0.6 of load ; I thought a load of 1.21 was quite much. Different systems will agree on the spelling of the word load. That is about as much agreement as you can expect. Does the 0.3-0.6 really mean 30-60 percent loaded? 1.21 tasks seems kinda low for a multi-tasking system.
Re: I don't get where the load comes from
Joel Carnat wrote: But one thing that didn't convinced me is that, if I shutdown apmd and configure hw.setperf=100, the load drops down to 0.30-0.20. I don't get how A high load is just that: high. It means you have a lot of processes that sometimes run. can show load variation depending on CPU speed only. Actually that should convince you that the numbers do not mean much. You are measuring the difference between just barely being counted and just barely not being counted.
Re: is SHA256 file used or not ?
Methinks this project is somehow about good code, not good moods. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Mihai Popescu Sent: Tuesday, February 08, 2011 9:19 AM To: misc Subject: Re: is SHA256 file used or not ? Hi Henning, It looks like you are in a bad mood. Please read my entire post and don't cut and paste out of context. Man, if you do not want to answer, please don't. You have spent a lot of time bitching and no time to give a damn clear answer. It's not my problem that you attract idiots ( I failed to see who are we from we keep attracting idiots...). Maybe you should read about how a documentation can or cannot help. Hapilly, Otto and Philip did participate with good answers.
Re: Dynamic web hosting and OpenBSD
Marcos Laufer wrote Is this a prank message? starting my very own Obviously I take security seriously, and therefore will be using OpenBSD exclusively. One thing is bothering me though. I hope you friendly folks would help me. ---to quote a rabbit He don't know me do he?
Re: nfsv4?
Benny LC6fgren wrote: Oh come on, surely you can't fail to realize that there are actually benefits to having all your data on one place, always? Especially if you have an environment where you might need to access it from several different platforms. Not only in terms of user friendliness but also to avoid the problem of having to cope with several versions of the same data, or even the problem of the data producer and consumer not being the same. And those were just some examples where a central networked file system comes in really handy. If I have an enemy I REALLY want him to bunch everything up. Makes a much more convenient target.
Re: i386 and amd64 snapshots - kernel SHA256 mismatch
Frank Bax wrote: Marco Peereboom wrote: On Sat, Oct 16, 2010 at 01:08:25AM +, JC Choisy wrote: That being out of the way, you got me wondering what good is any integrity check which failure is OK. It is only meant to help uptight people having some sort of false sense of integrity/security. It really is for release only because snapshots are a moving target. In my opinion the whole check is a giant waste of time because every damn time the snaps are out of sync for a reason or another people come whining to the list about something that is irrelevant. Am I correct in assuming that the code before this integrity check is not able to distinguish between release and snapshot? Imagine the fungames when the snapshots work and the release does not. Do people bother to think anymore?
Re: undeadly article
Personally, I liked the article. Small change in perspective changes an ordeal into an adventure. Jacob Meuser wrote: On Wed, Aug 18, 2010 at 04:28:57PM +0300, Mihai Popescu B.S. wrote: Hello, My post was not intended as a direct hit for the article. I told my opinion to misc@ because undeadly ask for subscription, no more anonymous coward post. Am I wrong ? I target airport behaviour with my comment. I use the airport for 6 flight until now, no problem at all with security teams. I was quick and polite in answers and the time with them was short. Most of them have the nose to see what they are dealing with. bullshit. sorry, but that is not true. Smart security will inevitably outsmart itself. Add respect to polite in the brew. He inspects you. You inspect him. You respect each other. Works better. I regularly get picked on by authority, but it's alwasy just been a pointless hassle. I'll never forget the time a cop stopped me in my own neighborhood, in the rain, for walking against a signal, when his car was the only moving vehicle within a half mile. the best part was when he dropped his papers in a puddle. If you start playing, they will answer accordingly, not because you look like a suspect, it is more like an answer. the only playing was their own game. after all, it is they who choose to start the games. If they are wasting your time they will keep it up. If you are wasting their time they will drop you in a hurry. The best tactic is when you are obviously suppressing a laugh. Have fun ! (but not in sensible areas). but see, if authority can't take that you're laughing because their questions and assumptions *really are* ridiculous ... the lady in the office where jcr was held when we met him was in charge of the place. and it's clear why she was in charge. she was sharp and no-nonsense. of course, you want such people in charge of such places. even after we got out of that office I still had to deal with another person who inspected my bags. with this uy though, I shared a good laugh, even though he was pretty thorough. Watch how a person laughs. Even more a window into the soul than the eyes. Customs tends to be sharper than security. They probably do have a sense of humor, but it is never shared with outsiders. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: mount ffs as msdos, system hangs
frantisek holop wrote: my whining, is a comparison of experiences with others, questions if someone can reproduce a particular problem i am having, whether it is considered a problem at all, and so on. a practice i thought about as the first step of bug reporting and as such a perfectly valid subject for a mailing list of this type. me and my assumptions. The responses to your whining indicate otherwise. i dont understand why some people take problems reported so personally, as if a personal attack, and/or also interpreting it as a demand for an instant fix or i dont know what. it is not, wake up please. Methinks you misinterpret who is being attacked. According to your interpretation, what was your purpose, if any, in your postings? as for go read the sources every time there is a problem, even the developers are not familiar on the source level with every single part of the kernel and the system. they will go and ask the guy who knows it the best. i dont get it why is it expected of us, the users. However those developers are not only capable of reading some of the source, they have WRITTEN some of it.
Re: mount ffs as msdos, system hangs
frantisek holop wrote: the borderline between the useful and useless error checking is sometimes a bit fuzzy i think. Not THAT fuzzy. Foreign file systems NEVER get prime attention. When you do stupid things the results are rather predictable and you compound your error by trying to blame everybody else for your own singular lack of sanity.
Re: mount ffs as msdos, system hangs
frantisek holop wrote: to know the road ahead, ask those coming back. You mean the ones who like it so much they travel it twice?
Re: Hardware Spec Search Engine?
Christian Weisgerber wrote: Somewhat embarrassingly, OpenBSD has never had a working Firewire implementation. As I understand it, only the malware writers are embarrassed. You don't need a back door when the front door is missing. Any time all of system memory is open to Read/Write access by hardware (with the assist of local BIOSes etc), ...
Re: PTY allocation error
Nick Holland wrote: On 07/12/10 03:11, czark...@gmail.com wrote: ... This is not about Theo personally, it's about everyone in this thread. Peter did't pretend to get a custommer support, neither he said someone is obliged to answer his question. He simply wanted someone familiar with pty allocation to give him an advice. They did, don't do this. If you don't want or don't know how to help him, why just not ignore the message? Why do you think saying don't do this is not helping him? It is certainly more productive than helping him continue down his wrong path. Nick. The most UNFRIENDLY thing anyone can do to me is to help me persist in some momentary delusion that cannot lead to anything worthwhile.
Re: Silent boot?
Eric S Pulley wrote: ... and I hate systems that hide that information from me, but that's just me. Nope. Not just you. A system that hides stuff has to be an order of magnitude more correct just to break even.
Re: 1 out of 3 hunks failed--saving rejects to kerberosV/src/lib/krb5/crypto.c.rej
Ingo Schwarze wrote: Hi Tony, Tony Berth wrote on Mon, Jun 21, 2010 at 08:11:31PM +0200: but FAQ5 is about 'Building the System from Source' which I don't want! I just want to patch an existing system! http://www.openbsd.org/faq/faq10.html#Patches Note that this one doesn't talk about cvs checkout at all, but recommends different ways to get the RELEASE sources. Instead of '# cd /usr; cvs checkout -P -rOPENBSD_4_7 src' I applied '# cd /usr; cvs checkout -P src' in order to get the current tree but patch001 still gives the same error! None of these is RELEASE. If you want to understand what these two commands do, follow Nick's advice and read FAQ 5. Granted, that's not required for patching your system, but maybe you want to understand what you are doing and why it fails... Sometimes, it *is* useful to read a bit more than the bare minimum required to type the right commands, in order to be able to understand your own errors and become able to help yourself. Yours, Ingo Maybe I'm just being dense, but HOW can you patch a system without building from source? ... unless you have binary patches for all the architectures and that gets much more complicated if you have combinations of patches ...
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
patrick keshishian wrote: On Fri, Jun 4, 2010 at 7:49 PM, Jacob Meuser jake...@sdf.lonestar.org wrote: I'm still curious how anything left in /usr/obj can be anything but a possible problem after updating system binaries and sources to a new release. especially for people who are just following the directions as they are written. Do you not agree barring broken makefiles and unreliable system clock (as someone pointed out), object files and binaries (in obj/) should have been rebuilt? --patrick ?? odds that OP found a bad date and fixed it (silently) ??
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Jacob Meuser wrote: ... On 5/06/2010, at 7:31 AM, Nick Holland wrote: a patch to the upgrade guide would be wrong. The problem is the patching process (a special case of the userland build process) assumes a clean obj dir. This has nothing to do with upgrades. If you try to rebuild the same userland utility more than once for /any/ reason without clearing the obj dir, you can run into problems. Clearing the obj directory as part of the upgrade is like flushing your toilet based on the date -- may help, but after a while, things start to stink. It isn't the general (or proper) solution. I'm still curious how anything left in /usr/obj can be anything but a possible problem after updating system binaries and sources to a new release. especially for people who are just following the directions as they are written. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org ANYTHING left in /usr/obj will be a possible problem. ANYTHING left ANYWHERE will be a possible problem anytime anything assumes (or has/likes to assume) that it is working with a clean slate. Fixing minor problems (and bending everything else out of shape) does NOT make for better systems. For me, I prefer things (upgrade/update/whatever) that do as little collateral damage as possible. (And anytime you want/need to find out what went wrong you do NOT clean up everything first.)
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
IF YOU DON'T KNOW WHAT YOUR ARE DOING, INSTALL A NEW SNAPSHOT Theo de Raadt wrote: Miod, Dale, Kurt, Kettenis and I am quite often the first people to deal with bumping systems forward over bumps. Some bumps are so difficult that after they are done the rest of us jump over them using snapshots. When they happen, WE -- THE DEVELOPERS -- USE THE SNAPSHOTS! They happen in lots of releases. Why would we use snapshots, because we are stupid? Or are we smart enough to not waste our time doing things the hard way? IF YOU DON'T KNOW WHAT YOUR ARE DOING, INSTALL A NEW SNAPSHOT (Me, I never know what I am doing, but he KNOWS what he's talking about)
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Jacob Meuser wrote: On Sat, Jun 05, 2010 at 01:49:46AM -0400, Tony Abernethy wrote: Jacob Meuser wrote: ... On 5/06/2010, at 7:31 AM, Nick Holland wrote: a patch to the upgrade guide would be wrong. The problem is the patching process (a special case of the userland build process) assumes a clean obj dir. This has nothing to do with upgrades. If you try to rebuild the same userland utility more than once for /any/ reason without clearing the obj dir, you can run into problems. Clearing the obj directory as part of the upgrade is like flushing your toilet based on the date -- may help, but after a while, things start to stink. It isn't the general (or proper) solution. I'm still curious how anything left in /usr/obj can be anything but a possible problem after updating system binaries and sources to a new release. especially for people who are just following the directions as they are written. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org ANYTHING left in /usr/obj will be a possible problem. ANYTHING left ANYWHERE will be a possible problem anytime anything assumes (or has/likes to assume) that it is working with a clean slate. Fixing minor problems (and bending everything else out of shape) does NOT make for better systems. For me, I prefer things (upgrade/update/whatever) that do as little collateral damage as possible. (And anytime you want/need to find out what went wrong you do NOT clean up everything first.) so Tony, tell me, how does 'rm -rf /usr/obj/*', after installing new binaries and new sources code (from a tarball - not an insignificant part of the issue, and exactly what the directions say to do) create collateral damage? you're already past the point of no return anyway, right? maybe I worded it wrongly but that's what I'm asking. is telling people to 'rm -rf /usr/obj/*' after they have completed the update really a necessary part of the upgrade process. no. but I bet if it would say that in the upgrade guide, this stupid thread would never have happened. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org -- Ok, my take on this mess. If not this stupid thread, then some other stupid thread. You do not 'rm -rf /usr/obj/*' AFTER the update. You do the 'rm -rf /usr/obj/*' BEFORE you stick strange stuff into /usr/obj. Collateral damage is anything that gets in the way of finding out exactly what is or exactly what happened. This whole mess seems to be because some unstated something AFTER the update was claimed to be as a result of the update. How often should /tmp be obliterated? When you say after installing new sources, what exactly is left on the system? The new sources presumably are there, but what else is there and does it matter? The answer requires a directory listing of everything on the system that did not come from the new sources. Anything short of that and you cannot state what it is that you did. All I need to break any automated system you devise is to have some programs that I compile myself and use the system directories to hold the sources etc.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Jacob Meuser wrote: On Sat, Jun 05, 2010 at 05:13:19AM -0400, Tony Abernethy wrote: All I need to break any automated system you devise is to have some programs that I compile myself and use the system directories to hold the sources etc. then you are on your own, not someone who is just following the directions. you'd know that it doesn't apply to you. but whatever. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org --- It is essential that I understand the difference. (Although I have some difficulty in understanding how anybody could possibly actually be just following the directions.) As soon as I depart from the directions, everything downstream is my responsibility. The developers are not and can not be responsible for guessing what I have or have not squirreled away wherever. On this silly thread, the upgrade did actually function as it should. Some unmentioned stuff AFTER the upgrade put things in the state BEFORE the upgrade. I can imagine scenarios where that is EXACTLY the results I would want, but that was not the case for this silly thread. For this silly thread, there is nothing that I see in the OpenBSD system that needs any fixing. (but some people who know better may/will disagree) Until and unless selecting all also gets the sources, I must assume that setting up the system for following -stable is a separate process.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Jacob Meuser wrote: we have users that say they follow the install and upgrade guides to the letter and they get fucked. there is a problem. they don't even know /usr/obj exists. What they say. What they did. Two different things. There's lots of things they do not know about. I fail to understand why it is important to warn them about /usr/obj and not warn them about /usr/src. Surely there's lots of other things they need to be warned about. Enough warnings and you might even attain Microsoft Windows.
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Might be better to read and comprehend ``man patch'' before assuming limitations on the scope of patch's reach. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Uwe Dippel Sent: Friday, June 04, 2010 11:23 AM To: misc@openbsd.org Subject: Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64 Jacob Meuser jakemsr at sdf.lonestar.org writes: oh good grief. you had a dirty /usr/obj. just look at the pfctl snippet of the log you posted. do you see pfctl being built? do you see pfctl being installed from /usr/obj? Oh, yes. So the blame is on my side, I guess. Mea culpa maxima! I didn't know that the object directories need to be cleaned manually. Until yesterday, I would have taken a bet that the object directories lie within the source trees (/usr/xenocaram /usr/src), and be cleaned when cleaning the sources. Now I am aware that I need to know the location of the object directories and clean them manually. I was totally unaware that, in case of a patch, the installer would take the next best file of the correct name from there; irrespective of the underlying version. Though I feel in good company. I guess, a great number of people on this list were in a similar situation. Knowing the 'social contract' of OpenBSD, I only have to blame myself for ignorance. Still, may I suggest, that the next Upgrade Guide gets an extra line, with a remark pointing out the existence of /usr/obj; and the suggestion to clean it? Also, with respect to the 'errata', the patches, they describe in detail what needs to be done. Maybe here, it could as well be suggested, that before applying the first patch of a new version of OpenBSD, /usr/obj should be cleaned, or be verified to be clean? Thanks for the various people who helped me patiently at analysing this problem to the very end! Uwe
Re: Installer bug? - Upgrade 4.6 to 4.7 failed to upgrade base47, on i386 and amd64
Uwe Dippel wrote: drill it down to some 70 files being of the previous version. It might be tiring, but what evidence do you want? The error message(s) you are suppressing (or maybe didn't see) About the only way you can get some files but not all files from a tarball is some fatal error in the extraction of the tarball. Any such error tends to give an error message. I don't think this list likes to play guessing games as to exactly what mistakes you have made or what evidence you are suppressing.
Re: traffic management
Why? (There, I said it.) -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of irix Sent: Tuesday, June 01, 2010 7:38 PM To: misc@openbsd.org Subject: Re: traffic management Hello Misc, But at least you can say why? no kidding. As we've told irix before, it will not happen. -- Best regards, irix mailto:i...@ukr.net
Re: State of multiprocessing and multithreading in OpenBSD
Stas Miasnikou wrote: Marco Peereboom wrote: Wouldn't it be adorable if people learned to program FSMs instead of java in those fancy universities? Seconded. Do you seriously expect programmers to learn to program?
Re: State of multiprocessing and multithreading in OpenBSD
Lars Nooden wrote: On Wed, 5 May 2010, Geoff wrote: There's a paper from Berkeley showing how a threaded program can never be fully debugged and should be presumed to be broken, probably fatally broken. Geoff, can you post the URL or any details that might help finding and retrieving that particular article or ones like it? /Lars http://www.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-1.pdf first choice googling: threads berkeley Choice quote: (quoting Sutter and Laurs) humans are quicly overwhelmed by concurrency and find it much more difficult to reason about concurrent than sequential code. Even careful people miss possible interleavings among even simple collections of partially ordered operations. Other than some stunts with data binding I don't think I've seen anything that is competent to handle partial orders. And that one breaks down horribly if storage cells take on more than one value during execution.
Re: State of multiprocessing and multithreading in OpenBSD
Peter N. M. Hansteen wrote: pe...@bsdly.net (Peter N. M. Hansteen) writes: I would think that would be a fair question to ask the person who told you PF is garbage because it is multithreaded: eh, because it is *not* multithreaded: Now watch when application programmers use multithreaded stuff because they think it will somehow solve all their problems. If you ***CAN*** ***EVER*** make such a typo, do you really think that they even stand a chance? Couple this with wrong-way branches on equal comparisons (edges), and you do not even need to get into error-recovery stuff to find a mess.
Re: unreferenced files from MySQL.
Andreas Gerdd wrote: Hello. I noticed some unreferenced files from MySQL in my daily output mail; However, i don't have anything in /tmp or /var/tmp to check/fix the problem with fsck. Does this mean i lost some data from the database(s)? How may i fix or remove the reported bad files? Short answer: Ignore them. They are remnants of TEMPORARY tables which are supposed to vanish when connection is dropped. Here's the output: OpenBSD 4.6-stable (GENERIC.MP) #2: Mon Apr 19 08:20:01 PDT 2010 r...@test.domain.com:/usr/src/sys/arch/i386/compile/GENERIC.MP 1:32AM up 14:57, 0 users, load averages: 0.99, 0.47, 0.24 Backing up root=/dev/rwd0a to /dev/rwd0d: 33129+1 records in 33129+1 records out 271393792 bytes transferred in 13.506 secs (20093240 bytes/sec) ** /dev/rwd0d ** Last Mounted on / ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% fragmentation) MARK FILE SYSTEM CLEAN? yes * FILE SYSTEM WAS MODIFIED * Checking subsystem status: disks: Filesystem 1K-blocks Used Avail Capacity Mounted on /dev/wd0a 25966212930611737452%/ /dev/wd0i 519646 6493658 0%/tmp /dev/wd0e15486368 3657428 1105462225%/usr /dev/wd0f36116632138044 34172758 0%/var /dev/wd0h10323146 11208 9795782 0%/var/vmail /dev/wd0g 170281220150524 161616636 0%/var/www Last dump(s) done (Dump '' file systems): mail: -Queue ID- --Size-- Arrival Time -Sender/Recipient--- E083791EB7 880 Sat Apr 24 10:26:31 i...@mydomain.com (connect to 42.22.192.55 [42.22.192.55]:10024: Invalid argument) testm...@yahoo.com -- 1 Kbytes in 1 Request. network: NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33200 Link 30718 030718 0 0 lo0 33200 127/8 127.0.0.130718 030718 0 0 lo0 33200 ::1/128 ::1 30718 030718 0 0 lo0 33200 fe80::%lo0/64 fe80::1%lo0 30718 030718 0 0 bge01500 Link 00:19:b9:f9:0d:9560140 441720 0 0 bge01500 69.197.4.202/26 69.197.4.202 60140 4 41720 0 0 bge01500 fe80::%bge0/64 fe80::219:b9ff:fef9:d95%bge060140 441720 0 0 bge01500 72.20.55.89/29 72.20.55.89 60140 441720 0 0 bge01500 72.20.55.90/29 72.20.55.90 60140 441720 0 0 bge01500 72.20.55.91/29 72.20.55.91 60140 441720 0 0 bge01500 72.20.55.92/29 72.20.55.92 60140 441720 0 0 bge01500 72.20.55.93/29 72.20.55.93 60140 441720 0 0 bge01500 72.20.55.94/29 72.20.55.94 60140 441720 0 0 bge1* 1500 Link 00:19:b9:f9:0d:960 00 0 0 enc0* 1536 Link 0 00 0 0 pflog0 33200 Link 0 00 0 0 Checking filesystems: ** /dev/rwd0a (NO WRITE) ** Last Mounted on / ** Root file system 2602 files, 64653 used, 65178 free (394 frags, 8098 blocks, 0.3% fragmentation) ** /dev/rwd0i (NO WRITE) ** Last Mounted on /tmp UNREF FILE I=3 OWNER=_mysql MODE=100600 SIZE=0 MTIME=Apr 24 10:36 2010 CLEAR? no UNREF FILE I=4 OWNER=_mysql MODE=100600 SIZE=0 MTIME=Apr 24 10:36 2010 CLEAR? no UNREF FILE I=5 OWNER=_mysql MODE=100600 SIZE=0 MTIME=Apr 24 10:36 2010 CLEAR? no UNREF FILE I=6 OWNER=_mysql MODE=100600 SIZE=0 MTIME=Apr 24 10:36 2010 CLEAR? no UNREF FILE I=7 OWNER=_mysql MODE=100600 SIZE=0 MTIME=Apr 24 10:36 2010 CLEAR? no 8 files, 3 used, 259820 free (20 frags, 32475 blocks, 0.0% fragmentation) ** /dev/rwd0e (NO WRITE) ** Last Mounted on /usr 314304 files, 1828714 used, 5914470 free (62566 frags, 731488 blocks, 0.8% fragmentation) ** /dev/rwd0f (NO WRITE) ** Last Mounted on /var 1117 files, 69019 used, 17989297 free (505 frags, 2248599 blocks, 0.0% fragmentation) ** /dev/rwd0h (NO WRITE) ** Last Mounted on /var/vmail 133 files, 5604 used, 5155969 free (193 frags, 644472 blocks, 0.0% fragmentation) ** /dev/rwd0g (NO WRITE) ** Last Mounted on /var/www 5502 files, 75262 used, 85065348 free (244 frags, 10633138 blocks, 0.0% fragmentation) Thanks. MySQL (at least the one I've got running -current) keeps Files for ISAM tables in /var/mysql and files for TEMPORARY (ISAM) tables in /var like so: # ls -l /tmp/#sql* -rw-rw 1 _mysql wheel 0 Apr 25 06:02 /tmp/#sql7dd3_7_2.MYD -rw-rw 1 _mysql wheel 1024 Apr 25 06:02 /tmp/#sql7dd3_7_2.MYI -rw-rw 1 _mysql wheel
Re: Generic Discuss about CPU resource scheduling
Otto Moerbeek wrote: On Sun, Apr 18, 2010 at 09:35:42PM +0800, Aaron Lewis wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm reading Operating System Concepts (7th Edition) , Written by Abraham , Peter Greg. In chapter 5.3 , it talks about a schedule algorithm: SJF SJF means shortest jobs schedules firstly. To compare different process , thy use a process running time. e.g P1 takes 6 secs to run P2 takes 3 seconds P3 takes 10 secs Then we should put those tasks in array like this: P2 = P1 = P3 That looks much reasonable , but my question is , how does an OS know that a process will takes longer time to finish its life ? I think it's impossible to let OS know exactly how long a process will take to run. So far in my experience , i think there's a few ways to compare Process running time: Forgive me if i have a poor experience on OS ;-) I) Number of Loops in a Program , can be detected by compiler As long as you have any loops , you are slower than any straight ahead program II) Length of Program , longer code takes longer time sometimes , not a good way. Anyone wants to share some experience with me ? You cannot tell in general, that's a basic result from CS. But you can measure previous runs and do predictions based on that, in some cases at least. I hope I'm not answering a homework assignment... -Otto In general you cannot predict, however there are many (long) jobs with very predictable times to completion: sorts, merges, most anything that processes thousands of records in one batch operation. (and ties up various resources for the duration --- thein is the gotcha) I would not trust counting instructions, loops, subroutine calls as being usefully predictive of execution time. The fun thing about scheduling algorithms is that any one of them is usually theoretically capable of giving the worst possible overall performance.
Re: Generic Discuss about CPU resource scheduling
Aaron Lewis wrote: Yeah , looping time depends the complexity of that loop , i've learned that , We use a O(n) to present such complexity of a program. Counterexample: Simple solution to 9 body problem Any much quicker solution to same problem. Do you really have an O(n) solution to a sort?, to solving a Linear Program?
Re: OpenBSD culture?
Donald Allen wrote: On Fri, Apr 16, 2010 at 4:16 AM, Artur Grabowski a...@blahonga.org wrote: On Thu, Apr 15, 2010 at 10:52 PM, Donald Allen donaldcal...@gmail.com wrote: Thanks for the compliment, but I'm a *lot* older than nine. Yet you still believe that it's ok for guests to tell the hosts how to behave in their home. Your analogy doesn't go far enough. Better: guests in a home being asked for contributions and also being insulted, both by the hosts. Amazing. What culture are you from? One that values civility. That means that you prefer systems that can do anything wrong just as long as they talk nice to you. Me, I prefer systems that actually work, and a wee bit of seeming rudeness is a very small price to pay.
Re: OpenBSD culture?
Donald Allen wrote: So you believe civility and correctness are mutually exclusive? Interesting. Hardly, but if I am given a choice, I will take correctness. You seem to be under the impression that either correctness is irrelevant or that somehow civility implies correctness. As for mutual exclusivity, seems like intelligence and your brain have said condition.
Re: OpenBSD culture?
VICTOR TARABOLA CORTIANO wrote: Logic works the same for everyone, since it's an abstract field, but apparently you did not study it. It weems that you did not learn it.
Re: OpenBSD culture?
Marco Peereboom wrote: See I told you logic wouldn't work for you. snip Since _my_ definition of freedom for software is different, I reach different conclusions. Right. It didn't.
Re: OpenBSD culture?
VICTOR TARABOLA CORTIANO wrote: Please do not take my mesages out of context. Removing sentences, and twisting what I said can be very convenient to put me in the wrong whithout factual evidence. I do not please. Since no message can be completely within context, that implies that your are logically always in the wrong. The context is that you are in an OpenBSD mailing list. All your blathering is out of that context and you are by your own logic in the wrong. Please get yourself right (out of here)
Re: OpenBSD culture?
Zachary Uram wrote: Your attitude proves my point. I was not trolling. Grow up! Another of the type of statement guaranteed to be false.
Re: OpenBSD culture?
Zachary Uram wrote: You get lost. You seem to think the project exists as an end unto itself. Develop the most wonderful kernel and userspace in the world but if no one uses it what is the point? Since your attitude to new users is get lost that reflects very poorly on yourself and indirectly OpenBSD. You seem to be under the misconception that you alone are the rest of the universe. Did it ever occur to you that the developers just might be doing what they are doing for their own purposes? How many people get to have an operating system that does exactly as their whims dictate?
Re: OpenBSD culture?
I am POSITIVE you are a troll. -Original Message- From: Zachary Uram [mailto:net...@gmail.com] Sent: Wednesday, April 14, 2010 7:58 PM To: Tony Abernethy Cc: Bret S. Lambert; misc@openbsd.org Subject: Re: OpenBSD culture? As does yours. Try being positive instead of negative. Zach http://www.fidei.org On Wed, Apr 14, 2010 at 8:50 PM, Tony Abernethy t...@servasoftware.com wrote: Zachary Uram wrote: Your attitude proves my point. I was not trolling. Grow up! Another of the type of statement guaranteed to be false.
Re: OpenBSD culture?
Zachary Uram wrote: Sorry a lot of people got upset by my message. I will try to learn OpenBSD on my own since that is the way to do it here. That is the way to learn most anything that actually matters. I don't think that people were so much upset as they prefer to gladly make fools suffer than to gladly suffer fools. They're actually very nice people. (I have yet to get my just deserts:-)
Re: ZFS in OpenBSD
Dan Naumov wrote: ... I can only suggest therapy, it works for millions of people. That explains the state of Information Technology. I'll take the code, snide remarks and all. Thanks.
Re: softdeps enabled = poor concurrent access?
Noah McNallie wrote: please read latest post Doesn't get any lazier than that.
Re: Open Source hardware (Re: can't get vesa @ 1280x800 or nv)
rhubbell wrote: Another sensitive type. Guess there are always a few on every list. As distinguished from insensitive twerps like yourself.
Re: Partitioning an external USB drive through OpenBSD -- disklabel
Sorry for top-posting, but please: Disk sectors start with 1 (unless you are reformatting the entire track and something like Write Record zero still exists) On DOS-FORMATTED disks, the initial sector is at cylinder 0, head 0, sector 1, and contains within the bootstrap loader what DOS and Windows calls a Partition Table. The rest of track 0 is empty, unless you are running a boot sector virus or such. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Kenneth R Westerback Sent: Friday, October 30, 2009 5:38 PM To: Josh Grosse Cc: Amarendra Godbole; misc Subject: Re: Partitioning an external USB drive through OpenBSD -- disklabel On Fri, Oct 30, 2009 at 08:53:45AM -0500, Josh Grosse wrote: On Fri, 30 Oct 2009 18:44:08 +0530, Amarendra Godbole wrote Thank you all for responses -- I have a better idea now. The only thing that I noticed was newfs_msdos wipes out the entire disklabel as well as any fdisk created partitions and gobbles up the entire disk. I guess what James Hartley said in this thread is correct -- Windows must be used to create the DOS partition, and then disklabel to get the OpenBSD one. No, the reason the MBR and disklabel were wiped out was due to an error you made: starting the partition at sector #0. That sector contians the MBR and the MBR primary partition table, and the OpenBSD disklabel follows behind. Normally, one would begin the first partition -after- the first track (typically sectors 0-62). But, If you were to use Windows disk management to create a FAT partition of some size on the disk, Windows will begin it at sector #63 for you. Knowledge of disk geometry and usage is not required by a Windows user, as the tools do not allow you the control that fdisk(8) does. On MBR formatted disks, sector 0 is the MBR. So overwriting that will indeed toast important information about the disk. However the OpenBSD disklabel is not written to the sector after the MBR if there is an OpenBSD partition, it is written to the second sector of the first OpenBSD partition. So whacking the MSDOS partition starting at sector 0 toasts the MBR, which means the OpenBSD partition cannot be found, which means the disklabel is inaccessable. If you were to re-create the MBR with the correct partitions, the disklabel would re-appear. The MSDOS parition would now be broken of course. :-). As an example here is one of my disks, and a hexdump of the first 65 sectors. The MBR can be seen at sector 0, and the disklabel at sector 64. (64*512 = 32768 = 0x8000). You'll have to take my word I did dd if=/dev/rsd0c of=~/tmp/sect0to64 bs=512 count=65 hexdump -C ~/tmp/sect0to64 ~/tmp/sect0to64.txt Ken Script started on Fri Oct 30 18:11:16 2009 # fdisk sd0 Disk: sd0 geometry: 38913/255/63 [625142448 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] - -- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 1 - 38912 254 63 [ 63: 625137282 ] OpenBSD # disklabel sd0 # /dev/rsd0c: type: SCSI disk: SCSI disk label: WDC WD3200AAKS-0 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 38913 total sectors: 625142448 rpm: 3600 interleave: 1 boundstart: 63 boundend: 625137345 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 417627 63 4.2BSD 2048 163841 # / b: 25173855 417690swap c:6251424480 unused d: 417690 25591545 4.2BSD 2048 163841 # /tmp e: 417690 26009235 4.2BSD 2048 163841 # /var g: 20980890 26426925 4.2BSD 2048 163841 # /usr h:514786860110350485 4.2BSD 2048 163841 # /home i: 20980890 47407815 4.2BSD 2048 163841 # /usr/src j: 20980890 68388705 4.2BSD 2048 163841 # /usr/ports k: 20980890 89369595 4.2BSD 2048 163841 # /usr/xenocara # cat sect0to64.txt ea 05 00 c0 07 8c c8 8e d0 bc fc ff 8e d8 b8 a0 |j...@..h.p|.X8 | 0010 07 8e c0 31 f6 31 ff b9 00 02 fc f3 a4 ea 22 00 |@1v19..|s$j.| 0020 a0 07 1e 07 0e 1f b4 02 cd 16 a8 03 74 0a b0 07 | .4.M.(.t.0.| 0030 e8 cb 00 80 0e b4 01 01 f6 c2 80 75 08 be 36 01 |hK...4..vB.u.6.| 0040 e8 af 00 b2 80 be be 01 b9 04 00 8a 04 3c 80 74 |h/.2..9.t| 0050 0f 83 c6 10 e2 f5 be 6a 01 e8 96 00 fb f4 eb fc |..F.buj.h..{tk|| 0060 88 d0 24 0f 04 30 a2 27 01 b0 34 28 c8 a2 34 01 |.P$..0'.04(H4.|
Re: 4.6 will be released on October 1st?
Nice Daemon wrote: [nothing of interest] [nothing but bad gas] about 23 times worse than CO2. Amazing how the nicknames are what one should be as opposed to what one is. There are a few exceptions, but not this idiot who cannot tell the difference between a cup holder and a disk drive.
Re: boot disk ???
I've managed by myself so far That's the wierdest idea of by myself I've ever seen. Go back to your cup holder.
Re: boot disk ???
Nick Bender wrote: On Wed, Aug 5, 2009 at 6:08 PM, PJaf.gour...@videotron.ca wrote: Peter N. M. Hansteen wrote: Once you've cleared that hurdle, It would help a lot with more details about the hardware, what image file you are using and where it came from (ie is it the i386 one, the amd64 one, off an official mirror site, or something different) and what application and options you use to burn the CD. I already posted wherefrom - openBSD ftp site; the burning was done exaactly the same as for the FreeBSD and many other files without ever having any problems... and I mean, EVER ! How about giving actual details. Here let me help: Downloaded install45.iso from ftp://ftp.openbsd.org/pub/OpenBSD/4.5/amd64/. Attempted to boot on an IBM x305 with the following errors: ... Maybe a dmesg from another OS would help... See? That wouldn't be too hard now would it? Burning CD images to DVD media does not always work, for example (probably a stupid one that risks insistent contradictions, but well,), so any detail you supply could be helpful in sorting out whatever the problem is. It really pisses me off that everyone assumes that the poor sap who is asking for help is too stupid to have done things right and they just forget that maybe the problem is in the SOURCE ! Rather than details you get all defensive. And for the record I assume that you are doing something wrong. Why? Because I've booted both install45.iso and install46.iso hundreds of times without any problems. Notice I didn't say stupid, just wrong. I've made my share of brainos over the years - are you capable of laughing at yourself? I know what a bootable image usually looks like... but neither of those I downloaded look right. What color is yours? I see the amd64 installer as mauve and the i386 as more of a dark green. Again, no details... Unless, of course the booting is supposed to be done in some incomprehesible way from some other operating system in some mysterious way that is not spelled out anywhere where I can find it, anyway. :-) Search the archives. Very few people get stuck at the same point as you. Sorry, but I'm ust laughing all theway back to FreeBSD... they may be fucked-up but at least I can managed to figure out how to to deal with them. I liked the idea of how your head honcho runs things and the general response to the OS, but by gosh and by golly, Molly, somebody ai'nt got the steering sheel pointed right! Buh-bye. Don't let the iso hit you in the ass on the way out... -N Maybe it really IS a cup holder. Those do not give out very good diagnostics.
Re: OpenBSD 4.5 pf port forwarding
Anathae Townsend wrote: I am currently trying to open up a few ports on my firewall to allow an internal windows home server to provide services to the outside world. My OpenBSD version is OpenBSD 4.5-current (GENERIC) #6: Sat May 16 21:50:41 MDT 2009 I am trying to use the simple proxy method mentioned in the faq on the OpenBSD.org to forward internal requests to the external ip address to the home server. However, I can't get there from here. Neither internal nor external requests to the on page 58 of Hansteen's excellent The Book of PF there is an incantation. -- from slightly sanitized /etc/pf.conf -- OpenBSD vintage aprox 4.4 -- scrub is now automatic, ftp-proxy may have changed Both local and internet refer to the server (Linux) by the one external IP (on the OpenBSD gateway/firewall/router), including the local server talking to itself (and it does a lot of that). Seems like the last two lines below are the critical ones. scrub in## this would be redundant and wrong on -current nat on $ext_if from !($ext_if) - ($ext_if:0) nat-anchor ftp-proxy/* rdr-anchor ftp-proxy/* rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 rdr on $ext_if proto tcp from any to any port $services - $server ### (p 58 The Book of PF ) rdr on $int_if proto tcp from $localnet to $ext_if port $services - $server no nat on $int_if proto tcp from $int_if to $localnet nat on $int_if proto tcp from $localnet to $server port $services - $int_if external ip address work. A msdos telnet session to the external ip address, port 25 returns an SMTP 421 error immediately and exits. Any help on opening up these ports would be greatly appreciated, below is my current pf.conf, as well as (slightly edited) output of ifconfig for the internal (ingress) and external (egress) interfaces on the firewall. NAT is working internally, and I am able to both send email and read web pages (among other stuff.) --pf.conf- -- -- # pf.conf created july 6, 2009 # author: Anathae Townsend # macros homeserv = 192.168.0.195 homeport = {http, https, 4125, smtp, pop3, imap } # skip loop back, makes rules quicker set skip on lo # redirects for home server rdr on egress proto tcp from any to egress port $homeport - $homeserv # redirects for internal web access to proxy server rdr on ingress proto tcp from ingress:network to egress port 80 - 127.0.0.1 port 5000 # NAT rules to allow inside-out nat on egress from ingress:network - (egress) # allow internal systems to make connection pass in # to establish keep-state # allow home server services pass proto tcp from any to $homeserv port $homeport synproxy state pass proto tcp from $homeserv to any port smtp synproxy state # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp from any to any port 6000 --ifconfig sk0--- - sk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:1e:58:ab:13:8c priority: 0 groups: ingress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 inet 192.168.0.51 netmask 0xff00 broadcast 192.168.0.255 --ifconfig rl0--- - rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:05:5d:d2:6e:48 priority: 0 groups: egress media: Ethernet autoselect (10baseT half-duplex) status: active inet #.#.#.# netmask 0xff80 broadcast #.#.#.#
Re: Floating disk geometry
Sergey Yudin wrote: Please can someone tell why disk geometry changed after install in installation time on empty sd0: Disk: sd0 geometry: 78753/2/911 [143638992 Sectors] I don't know what that is, or where it came from, but I don't think any 80386-type pc-BIOS could handle that geometry. sectors per track show 911 but the maximum is 63 Looks like the install changed ramdom garbage into something useable. (subject of course to correction from people on this list who actually know what they are talking about) Offset: 0 Signature: 0x0 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] -- - 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused after install geometry shown as: Disk: sd0 geometry: 8941/255/63 [143638992 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] -- - 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 14 30 - 8931 181 48 [ 911: 143487055 ] OpenBSD thanks a lot OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 350 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV, PAT,PSE36,MMX,FXSR real mem = 268005376 (255MB) avail mem = 250855424 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/30/98, BIOS32 rev. 0 @ 0xfd760 mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 99MHz mpbios0: bus 0 is type PCI mpbios0: bus 1 is type PCI mpbios0: bus 2 is type PCI mpbios0: bus 3 is type ISA ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins pcibios0 at bios0: rev 2.1 @ 0xfd760/0x8a0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries) pcibios0: PCI Interrupt Router at 000:02:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus WARNING: can't reserve area for I/O APIC. bios0: ROM list: 0xc/0x8000 0xc8000/0x5000 0xcd000/0x800 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x02 intelagp0 at pchb0 agp0 at intelagp0: aperture at 0x1000, size 0x400 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x02 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 2 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 2 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 ignored (disabled) pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 2 function 2 Intel 82371AB USB rev 0x01: apic 1 int 19 (irq 11) piixpm0 at pci0 dev 2 function 3 Intel 82371AB Power rev 0x02: SMI iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 128MB SDRAM ECC PC100CL3 spdmem1 at iic0 addr 0x51: 128MB SDRAM ECC PC100CL3 fxp0 at pci0 dev 3 function 0 Intel 8255x rev 0x05, i82558: apic 1 int 16 (irq 9), address 00:c0:0d:00:94:4f inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 vga1 at pci0 dev 4 function 0 Cirrus Logic CL-GD5430 rev 0x22 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 5 function 0 DEC 21150 PCI-PCI rev 0x04 pci_intr_map: bus 0 dev 5 func 0 pin 1; line 9 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 5 func 0 pin 2; line 10 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 5 func 0 pin 3; line 9 pci_intr_map: no MP mapping found pci_intr_map: bus 0 dev 5 func 0 pin 4; line 11 pci_intr_map: no MP mapping found pci2 at ppb1 bus 2 ahc0 at pci2 dev 1 function 0 Adaptec AIC-7890/1 U2 rev 0x00: apic 1 int 17 (irq 10) scsibus0 at ahc0: 16 targets, initiator 7 sd0 at scsibus0 targ 0 lun 0: FUJITSU, MAW3073NC, 0104 SCSI3 0/direct fixed sd0: 70136MB, 512 bytes/sec, 143638992 sec total ahc1 at pci2 dev 9 function 0 Adaptec AIC-7890/1 U2 rev 0x00: apic 1 int 17 (irq 10) scsibus1 at ahc1: 16 targets, initiator 7 cd0 at scsibus1 targ 5 lun 0: PLEXTOR, CD-ROM PX-32TS, 1.03 SCSI2 5/cdrom removable eap0 at pci0 dev 20 function 0 Ensoniq AudioPCI97 rev 0x06: apic 1 int 16 (irq
Re: Can't boot scsi drive from floppy boot prompt?
Eric d'Alibut On Thu, Jun 11, 2009 at 7:57 PM, Kenneth R Westerbackkwesterb...@rogers.com wrote: Try floppyB or bsd.rd or cdrom. You are probably missing the driver for your scsi card. Kinda hard to tell since you have provided no information. I am booting with teh same floppy I used to do the installation. What do you suggest for syntax at the floppy boot prompt? I'm guessing that the scsi drive cannot be referenced by an 'hd*' argument since it is not on one of the four IDE channels. Seems like the distinctions are wd0 1 2 3 ... IDE drives sd0 1 2 3 ... SCSI drives hd0 1 2 3 are hard drives, might be IDE might be SCSI might be USB flash drives.
Re: newfs_msdos alters disklabel?
Jan Stary wrote: This is 4.5 trying to create a FAT partition on an external (USB) 80G disk. snip Also, why does disklabel say '16 partitions'? Thanks Jan fdisk plays with DOS (windows) partitions. There are 4 of them. disklabel plays with OpenBSD partitions. There are 16 of them. This is from a Lenovo T43 booted from 2G USB drive. Fdisk partition 0 (DOS fdisk will call it partition 1) Dos partition This is the same disk as disklable partition i (sd0i) There is also fdisk partition 3 (DOS fdisk would call it partition 4) OpenBSD partition. The OpenBSD space is sd0a and sd0b The c partition refers to the entire disk regardless of who does or does not own any part of it. # fdisk sd0 Disk: sd0 geometry: 3949/16/63 [3981312 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 0B 0 1 1 - 1928 6 63 [ 63: 1943802 ] Win95 FAT-32 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 1928 7 1 - 3936 8 63 [ 1943865: 2024190 ] OpenBSD # disklabel sd0 # /dev/rsd0c: ... 16 partitions: #size offset fstype [fsize bsize cpg] a: 1992675 1943865 4.2BSD 2048 163841 # / b:31515 3936540swap c: 39813120 unused i: 1943802 63 MSDOS (This is after several rounds of messing around including completely zeroing the drive, so the disk geometry may be the worst possible. So far it seems to work, kinda slow)
Re: Raid controller?
Duncan Patton a Campbell wrote: On Fri, 15 May 2009 20:40:44 -0600 (MDT) Theo de Raadt dera...@cvs.openbsd.org wrote: If any of the people we talked to at 3ware weren't such LYING BAGS OF HYPOCRITICAL SHIT we'd support their hardware Hard words, Theo. Do you think anyone you talked to could actually understand what you were sayin'? Dhu Some of us lurk on this list specifically to get a handle on what hardware to avoid.
Re: can not use USB drive with recent snapshot
Otto Moerbeek wrote Thanks for the report, but please also provide the output of fdisk. We are working on a more strict mbr validation, but this is all quite tricky and will take some iterations to get right. This thing seems to be aimed at reading my mind. Not what is IN my mind, but what SHOULD BE in my mind. Loverly if you can pull it off. Upgrade USB stick (sdb) on Lenovo T60 gives: (there may be typos) Available disks are: sd0 sd1. Which one is the root disk? (or 'done') [sd0] sd1 Root filesystem? [sd1a] Checking root filesystem (fsck -fp /dev/sd1a)...OK. Mounting root file system (mount -o ro /dev/sd1a /mnt)...OK. DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPACK from 192.168.2.1 (00:11:50:72:b5:ac) bound to 192.168.2.12 -- renewal in 905174339 seconds. Do you want to do any manual network configuration? [no] Force checking of non-root filesystems? [yes] no fsck -p /dev/sd0a...1 is after 0, ok 2 is after 0, ok 0 is before 1, ok 2 is after 1, ok 0 is before 2, ok 1 is before 2, ok 1 is after 0, ok 2 is after 0, ok 0 is before 1, ok 2 is after 1, ok 0 is before 2, ok 1 is before 2, ok FAILED. You must fsck /dev/sd0a manually. # Cause: upgrade on T60 where sd1 is OpenBSD USB flash drive and sd0 is the NTFS hard drive. Install was on T41 where sd0 is OpenBSD flash drive and wd0 is the NTFS hard drive. Something got confused. Understandably. Holds together remarkably well, considering! Looks like I need TWO flash drives: for sd0a and for sd1a. following are dmesg fdisk and disklabel for T60 and T41 T60 dmesg OpenBSD 4.5-current (RAMDISK_CD) #148: Wed May 13 12:44:58 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLU SH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xT PR real mem = 1063677952 (1014MB) avail mem = 1021804544 (974MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/29/06, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version 79ETC1WW (2.01 ) date 09/29/2006 bios0: LENOVO 1953DDU acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GM Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured Intel 82801GB HD Audio rev 0x02 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 20 (irq 11) pci1 at ppb0 bus 2 em0 at pci1 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 1 int 16 (irq 11), address 00:15:58:7d:ad:11 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 21 (irq 11) pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 1 int 17 (irq 11), MoW1, address 00:18:de:b0:54:13 ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 22 (irq 11) pci3 at ppb2 bus 4 ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 23 (irq 11) pci4 at ppb3 bus 12 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 17 (irq 11) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 1 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 1 int 19 (irq 11) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 1 int 19 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci5 at ppb4 bus 21 cbb0 at pci5 dev 0 function 0 TI PCI1510 CardBus rev 0x00: apic 1 int 16 (irq 11) cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at
Re: can not use USB drive with recent snapshot
Robert wrote: On Thu, 14 May 2009 18:01:25 -0500 Tony Abernethy t...@servacorp.com wrote: Otto Moerbeek wrote Thanks for the report, but please also provide the output of fdisk. We are working on a more strict mbr validation, but this is all quite tricky and will take some iterations to get right. This thing seems to be aimed at reading my mind. Not what is IN my mind, but what SHOULD BE in my mind. Loverly if you can pull it off. Upgrade USB stick (sdb) on Lenovo T60 gives: (there may be typos) Available disks are: sd0 sd1. Which one is the root disk? (or 'done') [sd0] sd1 Root filesystem? [sd1a] Checking root filesystem (fsck -fp /dev/sd1a)...OK. Mounting root file system (mount -o ro /dev/sd1a /mnt)...OK. DHCPREQUEST on em0 to 255.255.255.255 port 67 DHCPACK from 192.168.2.1 (00:11:50:72:b5:ac) bound to 192.168.2.12 -- renewal in 905174339 seconds. Do you want to do any manual network configuration? [no] Force checking of non-root filesystems? [yes] no fsck -p /dev/sd0a...1 is after 0, ok 2 is after 0, ok 0 is before 1, ok 2 is after 1, ok 0 is before 2, ok 1 is before 2, ok 1 is after 0, ok 2 is after 0, ok 0 is before 1, ok 2 is after 1, ok 0 is before 2, ok 1 is before 2, ok FAILED. You must fsck /dev/sd0a manually. # Cause: upgrade on T60 where sd1 is OpenBSD USB flash drive and sd0 is the NTFS hard drive. Install was on T41 where sd0 is OpenBSD flash drive and wd0 is the NTFS hard drive. Something got confused. Understandably. Holds together remarkably well, considering! Looks like I need TWO flash drives: for sd0a and for sd1a. uhm, just guessing, but ... so the fstab on your usb stick references sd0, but the stick is now actually connected as sd1? the upgrade script uses the info from the fstab on the rootfile system selected and tries to find those partitions on the wrong disk? edit the fstab and be happy? - Robert Sounds like on-target guess. Also can boot bsd.rd and fixup if wrong flash drive for the laptop. I was happy (even) before. To actually test a system, watch how it tries to cope when somebody rearranged the furniture ;-)
Re: removing a pesky file
Ryan Flannery wrote: On Thu, May 14, 2009 at 10:53 PM, Jordi Beltran Creix jbcreix.m...@gmail.com wrote: rm `ls | grep E` would delete that file leaving others alone. Regards, Just for the list... I had tried that incantation, and others involving grep, and they all failed. Output (I just reproduced the file) from your example is: tarski wget ftp://rt.fm/pub/OpenBSD/snapshots/ports.tar.gz ...(wget output)... tarski tar xf ports.tar.gz ...(tar output, lots-o-errors, obviously)... now the file exists with the mucked-up name (see previous post for how ls(1) displays it) and here's what happens when I use the rm `ls | grep E` you suggested (and I tried earlier... again with many variations) tarski rm `ls | grep E` ~,u?}w=R1T)U7r5\4gm(_EW]W-sn^[[?1;2c: No such file or directory Ec?J9K%Mx/!...@ss,W7g?5 0,z: No such file or directory M}OWDt?Yw?rB~[*6t?0h|7aBz_ tarski You might try something like mkdir /usr-new mv /usr/[a-z0-9A-Z]* /usr-new ls -l /usr AFTER EVERYTHING mentionaable has been moved rm -rf /usr mv /usr-new /usr
Re: removing a pesky file
Ryan Flannery wrote: On Thu, May 14, 2009 at 11:42 PM, Tony Abernethy t...@servacorp.com wrote: Ryan Flannery wrote: On Thu, May 14, 2009 at 10:53 PM, Jordi Beltran Creix jbcreix.m...@gmail.com wrote: rm `ls | grep E` would delete that file leaving others alone. Regards, Just for the list... I had tried that incantation, and others involving grep, and they all failed. Output (I just reproduced the file) from your example is: tarski wget ftp://rt.fm/pub/OpenBSD/snapshots/ports.tar.gz ...(wget output)... tarski tar xf ports.tar.gz ...(tar output, lots-o-errors, obviously)... now the file exists with the mucked-up name (see previous post for how ls(1) displays it) and here's what happens when I use the rm `ls | grep E` you suggested (and I tried earlier... again with many variations) tarski rm `ls | grep E` ~,u?} w=R1 T)U7r 5\4gm(_EW]W-sn^[[?1;2c: No such file or directory Ec?J9 K%Mx/!...@s S,W7g?5 0,z: No such file or directory M}OWDt?Yw?rB~[*6t?0h|7aBz_ tarski You might try something like mkdir /usr-new mv /usr/[a-z0-9A-Z]* /usr-new ls -l /usr AFTER EVERYTHING mentionaable has been moved rm -rf /usr mv /usr-new /usr I thought about this... moving everything out of /usr so I could just delete the mischievous file's parent directory, which would certainly have worked. The /usr slice is quite hefty, and the time to move everything to a new partition would have been a while... I kept trying to find another way around this (which probably took way longer than it would have to just copy everything out of /usr to a new partition :) Out of curiosits, what does ls -il /usr/*w=R1* ls -il /usr/[^a-zA-Z0-9]* produce? You might get it with a pattern that gets nothing of value. rm -f /usr/[^a-zA-Z0-9]*
Re: problems setting up a firewall with nat
Dorian B|ttner wrote: Jean-Frangois SIMON schrieb: Hello James, If no output to parse means no errors, and verbose mode just repeat all the lines of the pf.conf, then yes it parses. pflog0 keeps silent, nothing in here while trying to connect from the subnet to the internet. 2009/5/10 James Records james.reco...@gmail.com Does your pf.conf parse? Try pfctl -nf /etc/pf.conf if it's not parsing it will not load and behave as you describe also tcpdump on the pflog interface as well to give yourself another data point J Sent from my iPhone On May 9, 2009, at 3:05 PM, Jean-Frangois SIMON jfsimon1...@gmail.com wrote: Sorry for forgotting the rest, here you are : ext_if is actlually working, configures to an adsl box using DHCP and actually lynx displays pages. int_if is the local network that I want to go through openbsd box to access to internet so I can filter with pf. The configuration is a standard nat rule + packet forwarding between the two interfaces so called em0 and em1 resp ext_if and int_if. As indicated before, I have pf enables, inet forward lines uncommented in sysctl.con Packets are received on int_if but not forwarded to ext_if. Did I miss something ? Here below pf.conf 2009/5/9 Robert rob...@openbsd.pap.st On Sat, 9 May 2009 22:52:32 +0200 Jean-Frangois SIMON jfsimon1...@gmail.com wrote: # cat /etc/pf.conf # $OpenBSD: pf.conf,v 1.38 2009/02/23 01:18:36 deraadt Exp $ # # See pf.conf(5) for syntax and examples; this sample ruleset uses # require-order to permit mixing of NAT/RDR and filter rules. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if=em0 int_if=em1 set loginterface $ext_if set require-order no set skip on lo scrub in all # NAT/filter rules and anchors for ftp-proxy(8) #nat-anchor ftp-proxy/* #rdr-anchor ftp-proxy/* nat on $ext_if from ($int_if:network) - ($ext_if) #rdr pass on ! egress proto tcp to port ftp - 127.0.0.1 port 8021 #anchor ftp-proxy/* #pass out proto tcp from $proxy to any port ftp # NAT/filter rules and anchors for relayd(8) #rdr-anchor relayd/* #anchor relayd/* # NAT rules and anchors for spamd(8) #table spamd-white persist #table nospamd persist file /etc/mail/nospamd #no rdr on egress proto tcp from nospamd to any port smtp #no rdr on egress proto tcp from spamd-white to any port smtp #rdr pass on egress proto tcp from any to any port smtp - 127.0.0.1 port spamd #block in pass in pass out #pass in on $int_if proto tcp to any port 80 #block in quick from urpf-failed to any # use with care # By default, do not permit remote connections to X11 block in on ! lo0 proto tcp from any to any port 6000 antispoof for ext_if Hello, Please can you help me with this : I just installed the 4.5 OpenBSD, set up the inet forwarding for unicast and multicase, include the standard NAT rule in pf.conf such as : nat on $ext_if from ($int_if:network) - ($ext_if) enable pf check with pfctl -s nat that the correct rule is set. That does not work, with tcpdump i see that packets are not forwarded, i see them on int_if but not on ext_if. Can you give me some help to find out where the problem is ? Thanks. Because you dont have a pass rule they get blocked? Guessing only goes so far. Tell us what you want to do. Tell us what you tried to get it working. Tell us what is in your relevant configs. Perhaps then someone can tell you what to do. - Robert Do you have sysctl net.inet.ip.forwarding=1? As described on top of pf.conf? Have you booted since?
Re: HD 'Analysis'
Marco Peereboom wrote: On Monday 04 May 2009 17:56:43 L. V. Lammert wrote: What is the best way to do a surface analysis on a disk? 2009/5/5 Tony Abernethy t...@servacorp.com: There is, in the e2fsprogs package, something called badblocks. On Thu, May 07, 2009 at 01:10:56AM +0200, ropers wrote: I also would recommend badblocks(8), but I would recommend badblocks -svn instead of badblocks -sw. badblocks -svn also (s)hows its progress as it goes along, but does a (v)erbose (n)on-destructive read/write test (as opposed to either the default read-only test or the destructive read/write test). You can check an entire device with badblocks, or a partition, or a file. The great thing about using badblocks to check a partition is that it's filesystem-agnostic. It will dutifully check every bit of its target partition regardless of what's actually on it. And if you give badblocks -svn an entire storage device to test, it will not even care about the actual partition scheme used. Because this read/write test can trigger the disk's own built-in bad sector relocation, this means you can even have a disk that you can't read the partition table from, and running badblocks -svn over it may at least temporarily fix things. And I've used badblocks -svn e.g. to check old Macintosh floppies. Who cares that OpenBSD doesn't know much about the filesystem on those? badblocks does the job anyway. Oh, and of course it would probably be prudent to do a backup before read/write tests, even though badblocks is well-established and (with -n) supposed to be non-destructive. Supposed to... ;-) I've never been disappointed but YMMV. 2009/5/7 Marco Peereboom sl...@peereboom.us: You people crack me up. I have been trying to ignore this post for a while but can't anymore. Garbage like badblock are from the era that you still could low level format a drive. Remember those fun days? When you were all excited about your 10MB hard disk? Use dd to read it; if it is somewhat broken the drive will reallocate it. If it is badly broken the IO will fail and it is time to toss the disk. Those are about all the flavors you have available. Running vendor diags is basically a fancier dd. Why do you consider badblocks garbage? OK, I'll take a nibble. (flames invited where I've got anything wrong) You use OpenBSD where sloppy doesn't quite do what you need to be done. This is a world where a false sense of security is not your friend. This disk is good because it passed badblocks is NOT valid. I've got too many rescued disks that will probably keep on working. probably: better then 50%. (but it sounds good) depending on lots of probables is really instant death. IF badblocks passed a disk as clean, and there were good reason to beleieve that that disk was actually clean, and that it would STAY clean, then it (badblocks) would be a good program. Unfortunately, there is not much of anything that badblocks, or the vendors' programs CAN do that is much of an assurance of reliability. You might get some idea from the reliability of reconditioned drives versus the reliability of actually new drives. And the vendors have better tools (if such as better tools actually exist). WITHOUT going into HW or OS handling of bad sectors, simply rename files or directories something like BAD_STUFF and NEVER delete 'em. There are exotic ways of increasing risk by keeping the most of the not-failed-yet neighbors as supposedly good sectors. You can do much of that by partitioning to avoid places with a lot of bad stuff. With the prices and capacities of modern disks, all of this must assume that you have lots of time and need something to occupy that time. Watching grass grow is probably more exciting. For a new disk (one that does not need to go into production soon) you can run a very long winded excercise. Seroing and reading probably as effective and certainly faster than 0xAA 0x55 0xFF 0x00 There SHOULD be good data forthcoming from the SMART stuff. BUT, so far I've haven't heard noises from that corner, just wise- cracks about vendor diags. Presumably, SHOULD does not imply IS. IF you have anything resembling money, and do not have lots of free time on your hands, the best advice seems to be to replace quickly anything that shows any sign of trouble. (This might be an actual good use of benchmarks ;-) Reading will reallocate sectors. The sector after the reallocation will be readable. The contents of this now readable sector will be the orginal contents if the drive managed to successully eventually read those original contents, seems like whatever the drive can fake in some cases. Seems like with NO indication of problems in some cases at least. Very hard to be certain at this level (using inferior OSes) Short answer, is that AFTER a long and complicated process, there is no reason to believe that the contents of the now
Re: HD 'Analysis'
STeve Andre' wrote: On Monday 04 May 2009 17:56:43 L. V. Lammert wrote: Been trying to build a replacement HD for a system, .. and it seems impossible to verify whether a disk is bad or not (having wasted some hours rsync'ing data only to have the HD lock up the system when doing the final rsync). What is the best way to do a surface analysis on a disk? badsect seems like a holdover from MB-sized disks, and it doesn't do any analysis. TIA, Lee The best way is to get a new disk. I'm serious. Disks are cheap enough, and the value of whats on them is high enough that if you think its going, get a new one. Even if this is a hobby system, I'd do that. There is disk testing software from the OEMs you can use. But if you think its acting weird don't trust it. --STeve Andre' There is, in the e2fsprogs package, something called badblocks. I have used it (on Linux) to rescue bad disks. (Windows laptops -- kinda redundant?) If you care about your data, follow Steve's advice. The reality seems to be that this does exercise a disk's ability to relocate bad sectors so that a bad disk suddenly goes good. This is using a destructive surface test (badblocks -sw ...) Realistically, seems like the most reliable test is that disk is slower than it should be. Me, if I want to rely on a disk drive, I will run badblocks on it. The long-winded destructive test And I will time it, at least sporadically. (New disks are not immune from having problems ;-) The exercise maybe loses out to watching grass grow.
Re: Plea for HELP on dual boot MAC/OpenBSD disaster with refit that turn really bad!
Daniel Ouellet wrote: Hi, Now sure if anyone could give me a hint or pointer, but I very much would appreciated ANY help if there is actually something possible to do. My Son did a mistake on his laptop tonight in trying to upgrade his OpenBSD partition to 4.5 and he is pretty devastated at the outcome. He put the CD 4.5 in his laptop and booted from it. Then started the install but at the question do you want to use all the disk space for OpenBSD he did answer Yes. Right after that even he realize it was wrong and didn't proceed to anything else, just did CTL-C and stop there. However looking back on his drive in shell mode with disklabel, of fdisk to look only, looks like there is only one partition now. Dunno if that is looking at MBR in memory or MBR on disk If MBR on disk is still the same, should be OK after boot. If MBR on disk has changed, need exact make model of disk drive and maybe somebody with same can read the critical values. Dunno about MAC, but I've had a Windows partition refdisked reformatted, should have been all gone and all the original contents showed back up. As for fdisk, it show 0, 1, 2, 3 with the #3 as OpenBSD for the full drive. What he had there before as a boot loader was refit that allow him to select either OpenBSD or MAC. He is pretty devastated and I am in unfamiliar territory here and before we do anything I try to research things, but I sure do not want to do anything that could destroy any data on the drive. For what I could see, the data should still be there, or I hope it is anyway, but the partition table may be is gone. I don't really know if there is a way, but ANY help would be extremely welcome right about now! I am trying to find a way to help, or plan a possible recovery, but I must admit that I am in green territory here. Sure not a MAC user and I do not know what the possibility are here. When you answer YES to the Use all drive at the install step, but do not do anything else, is there a way to restore that? Again, the only step he did was yes to all drive and when he saw the disklabel prompt, realize it was wrong, press CTL-C and reboot, but then the laptop didn't reboot. Looks like the MBR or what ever it is in MAC was/is gone. So, I guess all the data is there, but how to recover from that. I have no idea and I hope anyone could help me. I do not know where to start to be totally honest here. MAC is not my world and I don't really know where to turn. Sorry for the off topic question, I am hoping someone can land a hand if that's even possible to recover. My Son is 14 in a month from now and he lost all his school work, witch he does need to recover. This is a long email, sorry, I guess I plea for a generous hand if recover is possible. A dad that try to help, but really have no clue where to start other then trying to wipe tiers right now from a panic son. Many thanks in advance. Best, Daniel
Re: Plea for HELP on dual boot MAC/OpenBSD disaster with refit that turn really bad!
Daniel Ouellet wrote: Tony Abernethy wrote: disklabel, of fdisk to look only, looks like there is only one partition now. Dunno if that is looking at MBR in memory or MBR on disk If MBR on disk is still the same, should be OK after boot. That's not from memory for sure. Power off and on show the same thing. If MBR on disk has changed, need exact make model of disk drive and maybe somebody with same can read the critical values. Dunno about MAC, but I've had a Windows partition refdisked reformatted, should have been all gone and all the original contents showed back up. I don't think this will do anything really. As far as I understand trying to learn to may be fix is that you would have 4 partition there. 1. EFI 2. MAC OS X HFS+ 3. EFI System (FAT) 4. the OpenBSD one as id A6 Now, id for 1, 2 and 3 are 00 and 4 is A6 with type OpenBSD and all the size for that one and all the three others 0. For what I understand so far is that I would need to somehow restore these 4 partition informations with the right id on them and all should be fine as no data was changed on the data part of the drive anyway. I just have no clue yet as to how to do this, or if possible. How to even figure out what side each one should be and what type??? I won't do anything until I am sure, but I am disparately searching so far to find any clue as to how to proceed. I believe it should really be possible, but not there yet for sure anyway. Best, Daniel This is from an IBM T41 (booting from USB) sd0 is the USB drive. wd0 is the hard disk with only NT on it. YOURS will be considerable more complicated. ALL those numbers in the middle need their correct values. # fdisk sd0 Disk: sd0 geometry: 3949/16/63 [3981312 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 1 - 3936 8 63 [ 63: 3967992 ] OpenBSD # fdisk wd0 Disk: wd0 geometry: 4697/240/63 [71029746 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- *0: 07 0 1 1 - 4696 239 63 [ 63:71018577 ] NTFS 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused What you want are all those values relevant to YOUR system. Maybe somebody has a similar system (Sorry, no MACs here)
Re: Transparent firewall (bridge) with DMZ + LAN
Now it makes sense. Claudio Jeker wrote: snip but it is sitting in the middle of your network passing packets. I couldn't sleep with such a system in my core. It is also a lot easier to bypass unnoticed a bridging FW/IDS then a box that does actual routing. THAT's why it is called a TRANSPARENT firewall. There's nothing quite like an oxymoron that SOUNDS good. Perfect place to hide all sorts of bad stuff. There is not ONE reason it is a bad idea. There are MANY and I am neither industrious nor competent enough to even crack the surface. However, I am old and crafty enough to NOT stick my hand in the paper sack.
Re: Transparent firewall (bridge) with DMZ + LAN
Felipe Alfaro Solana wrote: Isn't this how humans learn? By making mistakes and learning from them? :) Nah not really. They watch their brother or sister get burned by a hot stove and decide maybe better not to find out for themselves. They watch one of their playmates drown or get run over and decide to not do things quite so risky. Every new generation, same thing.
Re: Transparent firewall (bridge) with DMZ + LAN
openbsd misc wrote: You can either read the code or listen to somebody who has. I don't know you either, but I know Henning and I know the bridge code, and the short version is he's right. Has anyone noticed That if you substitute BIble for code , in the section quoted above- its like listening to someone who believes in a technical high-priesthood - all blessed with the doctrine of technical infallibility Yep, I've noticed. This blessed with the doctirne of technical infallibility you spead of seems to be the proponents of sticking all sorts of wacko stuff into a transparent bridge and giving it blessing of many web links. Me, I'd rather trust the voice from the wildernss proclaiming truth.
Re: svnd is incredible slow... somebody else notice that?
sebastian.rot...@jpberlin.de wrote: Bonnie is retarded and proves nothing one way or another. Typical KY for masturbation. Well then simply tell me how to test/benchmark it? You could test the svnd on your own BTW because I doubt it's HW related... I asked you serval times to provide me some hints of what you may need related to results/tests and you never answered so don't fuck with my bonnie++ test. Seems like you've been answered. Until you understand how to make benchmarks lie creatively and some of the countermeasures that can theoretically be taken to prevent such, you are well-advised that comments like Bonnie is retarded are acutally much more relevant to effective throughput of systems than anything your feeble mind seems capable of comprehending. Quick, how much an speed improvement in svnd (or whatever you are whining about) is required to break even with making the system .013% less reliable? (Methinks a dirty look from a developer is worth more than .013%)
Re: svnd is incredible slow... somebody else notice that?
Sebastian Rother wrote: A 16GB backup of /home takes more then 10 hrs to restore. It's like ataching the device, rsync -av SOURCE:/FOO . and wait for 10+ hours. That sounds like you are doing something wrong. And then you come whining here because you do not know how to write to a disk? The object o9f the game is to find ways to do stuff quickly and efficiently, not to find assorted contraptions that work slowly and inefficiently. If it's speed you really want, dd if=/dev/zero of=/dev/whatever seems to write to disks pretty quickly.
Re: svnd is incredible slow... somebody else notice that?
If the way you do something take too long. Seems like that is a bug. Most likely in the way you are doing it. A lot of things, you can do them wrong and get away with it for a while. Getting away with doing something wrong is far from proof that you were doing it right. I reserve the right to be as annoying on this list as you are. -Original Message- From: Sebastian Rother [mailto:sebastian.rot...@jpberlin.de] Sent: Sunday, April 26, 2009 4:16 PM To: t...@servacorp.com Subject: Re: svnd is incredible slow... somebody else notice that? On Sun, 26 Apr 2009 14:38:12 -0500 Tony Abernethy t...@servacorp.com wrote: Sebastian Rother wrote: A 16GB backup of /home takes more then 10 hrs to restore. It's like ataching the device, rsync -av SOURCE:/FOO . and wait for 10+ hours. That sounds like you are doing something wrong. And I do it wrong since 4.2 and (no matter if the SAME procedure worked before) before I simply was FAULT FREE? The object o9f the game is to find ways to do stuff quickly and efficiently, not to find assorted contraptions that work slowly and inefficiently. Well my point is: Before it worked (TM). and I'm not the only one who complains... I just may post to misc@ and others do use other OSs and donate to other projects. Great deal, seriously... I pointed out how I create a svnd and co... If you FIND a bug.. tell me... I appoloize and praise the lord. Otherwise STFU... It's just like the PF bug which was no security bug of course either... And did you noticed that they don't even fix the affected code but added a workaround? That's some fact about your magical l33t devs of l335BSD... If they tell me: We've no manpower - hey, great... But telling me: na... NO... we don't see anything *closing eyes* like with the PF bug - wont work out on the long run. And it was me who pointed out bugs in NFS and PF... And what did you? :-) Don't mix personal attitudes with biz... ;-) Sebastian
Re: svnd is incredible slow... somebody else notice that?
Sebastian Rother wrote: ...but I somehow think I know how to use vnconfig. and it takes too long. way too long. Methinks there's something wrong with that logic. Does the excess time have something to do with bugs in pf? If so what? If not, where is the relevance? Seems like you are being tautologically stupid. You might have had a point sometime in the past, but at this stage you are only succeeding at undercutting any possible legitimacy that you might have previously posessed.
Re: Question about security
FRLinux wrote: On Sun, Apr 26, 2009 at 11:08 PM, Jean-Francois jfsimon1...@gmail.com wrote: This is just to have the taste of how good is the actual achievement of security in openbsd. Well, reading from the archives, that should give you a fairly good taste. Sorry please tell me how to proceed then ? For example gmail has to be very good at security due to their number of customers, therefore if one needs to have this level of interactivity such as login, etc ... and keep security high, how to proceed then ? For the moment I intend to use php/Myadmin but should one help me to setup higher level of security I take. That is beyond the scope of this list, you are actually talking about hardening your $webserver and php installation. There are many tutorials online. Sorry, couldn't let ... gmail has to be very good ... go by. There is a difference between need and ability. They are often confused. The consequences are not pretty. You can find some advice on how to harden certain aspects of a system. Your real opponent though is Mother Nature, and she doesn't even require that anybody have any kind of bad intentions. If you look closely at OpenBSD, you'll find that the emphasis has shifted to correctness from mere security.
Re: Transparent firewall (bridge) with DMZ + LAN
bofh wrote: ... When you're told there's a better way to do things, pay attention, instead of telling the experts here (and I'm talking about the openbsd developers in this thread - not me, I'm in management now, no brain cells left) ... old age is my excuse ... but it pays to pay attentiion to people who actually do know what they are talking about. That's why I lurk on this list. A better way (or not-so-bad) way of doing something that should not be done is not a winning situation, even when and if that is the only solution that is politically/etc viable.
Re: Slow SATA write speeds with SMB
frantisek holop wrote: all hw is unrealible to some degree, ... and all degrees of unreliability are equivalent? Methinks some people like stuff that is LESS unreliable. Even going so far as to make an OS that is LESS unreliable.
Re: Low power OpenBSD machine
Markus Hennecke wrote: Marco Peereboom schrieb: I work with people that run io tools against flash parts. I still have to see it fail too. Your puny little firewall will never write more to it than a month long stress test. This write fatigue argument is very silly. Generalization is always false. self-reference ?-) I killed a 1GB SanDisk CF Card because of excessive logging of OpenVPN Connections from WLAN Clients which unfortunately had power saving enabled and dropped the connection every few minutes. Took me around 2 or 3 weeks, I just forgot to reduce the log level. Perhaps those stress tests are not stressing enough? That Card was a little bit older, but seldom used, so there is a good chance that that scenario no longer applies. Kind regards, Markus Many writes, all on the same spot, like directory entry?
Re: Low power OpenBSD machine
Aaron Stellman wrote: On Fri, Apr 17, 2009 at 08:19:11AM +0200, Markus Hennecke wrote: Aaron Stellman schrieb: On Fri, Apr 17, 2009 at 07:54:11AM +0200, Markus Hennecke wrote: Generalization is always false. I killed a 1GB SanDisk CF Card because of excessive logging of OpenVPN And what makes you so sure that this was exact cause? Another generalization. The inode holding the log files metadata was no longer writeable. What else would cause that? I don't know what the cause is, and there is no point speculating. what matters is that you made a conclusion based on sample of grand total of 1 case -- that's a pretty bad generalization. Then you instantiate your previous generalization and accuse others of not stress testing enough. A sample size of one is quite sufficient in a number of cases: banging on a jar of nitroglycerin. (many) repetitive writes to one spot on the disk. The problem is that that one needs to be the right one.
Re: hello whiners and crybabies
Marco Peereboom wrote: On Fri, Apr 03, 2009 at 07:04:28PM +0200, RedShift wrote: Just because they (the openbsd team) give it away for free, people aren't allowed to voice their opinions on it? OpenBSD has its shortcomings, you cannot deny that, and people will always complain about those. Saying write it yourself is avoiding responsibility. But they have the right to avoid their responsibility because they gave it away for free. Nature does not recognize entitlement. That said I can guarantee that the OpenBSD project pays more attention to its users then other OS'. This does not mean that the users get to set the road-map. When an idea is not good the author is told so, usually, in strong language. The opposite is Linux and other unnamed BSDs where everyone agrees with each other paralyzing proper development. A stupid idea is still a stupid idea and it isn't magically going to mature like a good wine. RedShift's logic seems to be that those who do NOT write the stuff get to define the responsibilities of those who DO write the stuff. Seems to me like the most user-unfriendly thing that can be done is to promote and encourage stupid ideas. Actually, the rights of the developers come from having written it. Giving it away for free gives only what is given, no more no less. Further, seems like any quibbles must logically be settled in favor of the giver not the givee.
Re: Unfortunate dot was ... missing
Jason Dixon wrote: On Tue, Feb 24, 2009 at 07:43:18PM +0100, Jean-Francois wrote: All, I just forget the dot !! in the 'rm -r ./dev' so I have no /dev anymore on my server box. One can tell me if this is possible to backup the system without freshh install ? This is a i386 4.4 OpenBSD. One could eventually send me a way or another the full /dev in case this option actually works ? Just boot an install CD and do an upgrade. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/ Methinks THAT is the proper definition of user-friendly.
Re: bash for root?
Juan Miscaro wrote: I turn off those annoying checks and I use the same password. Works great. /juan ... until it doesn't.
Re: DHCP question
Hari wrote: On Wed, Jul 23, 2008 at 5:36 PM, Tony Abernethy [EMAIL PROTECTED] wrote: Silly question, but WHAT IP is actually assigned during install? I think something like ifconfig before the halt might work I assume you are installing from CD, not from network It might be as simple as a cable not completely plugged in. IIRC, it was 192.168.11.8. The DNS was properly identified as the router (192.168.11.1). I dont think there is a problem with the cabling. (I double checked this with a laptop). Hari If you got an IP, at lot of things have to be working. ?? What from /etc/hostname.fxp0
Re: DHCP question
Hari wrote: Hello. I just finished installing OpenBSD 4.3. The dhcp setup during network configuration was fine, meaning, IP address was properly assigned. I went ahead with the default values provided. However, after rebooting post installation, I am getting the following messages that seems to point to a network problem (and of course, no IP address is assigned): messages fxp0: warning: SCB timed out (x 3) fxp0: config command timeout DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 1 send_packet: Network is down No DHCPOFFERS received. No working leases in persistent database - sleeping. /messages Several `intervals` are tried. Dump of some relevant(?) files: #ifconfig lo0: flags-8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 fxp0: flags-8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 lladdr 00:16:76:13:ad:54 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::216::76ff::fe13::ad54%fxp0 prefixlen 64 tentative scopeid 0x1 enc0: flags=0 mtu 1536 Silly question, but WHAT IP is actually assigned during install? I think something like ifconfig before the halt might work I assume you are installing from CD, not from network It might be as simple as a cable not completely plugged in. Good Luck
Re: DHCP question
Hari wrote: On Wed, Jul 23, 2008 at 5:11 PM, Tomas Bodzar [EMAIL PROTECTED] wrote: Eh,I missed something.Look at /etc/hosts and $hostname Why is localhost.WORKGROUP localhost in /etc/hosts and mercury.my.domain in $hostname I have long suspected that this is the problem. I am a novice at this and I have little understanding. I have gone through the man pages for /etc/hosts but I could not figure out what exactly I was doing wrong. What should /etc/hosts read as? And what should the $hostname be? The machine is to be named mercury. $sudo ifconfig fxp0 up fxp0: warning: SCB timed out (x3) fxp0: config command timeout Hari My (not so) humble opinion. /etc/hosts is the poor man's DNS -- what name to what IP ::1 localhost.foo.bar localhost 127.0.0.1 localhost.foo.bar localhost ::1 gw.foo.bar gw this-box 192.168.10.1gw this-box gw.foo.bar 192.168.10.22 that-box Actually the local box can have a lot of names, all for the same IP. Looks like your hostname goes into /etc/myname
Re: DHCP question
Almir Karic wrote On Wed, Jul 23, 2008 at 04:33:27PM +0900, Hari wrote: Hello. I just finished installing OpenBSD 4.3. The dhcp setup during network configuration was fine, meaning, IP address was properly assigned. I went ahead with the default values provided. However, after rebooting post installation, I am getting the following messages that seems to point to a network problem (and of course, no IP address is assigned): messages fxp0: warning: SCB timed out (x 3) fxp0: config command timeout DHCPDISCOVER on fxp0 to 255.255.255.255 port 67 interval 1 send_packet: Network is down No DHCPOFFERS received. No working leases in persistent database - sleeping. /messages Several `intervals` are tried. Dump of some relevant(?) files: #ifconfig lo0: flags-8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 fxp0: flags-8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 isn't having LOOPBACK flag and mtu 33208 on a 'real' interface strange? mine shows (normal) MTU 1500 Overlength packets are treated like errors by most everything. (IIRC) # ifconfig fxp0 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:90:27:36:ef:22 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 12.49.127.241 netmask 0xff80 broadcast 12.49.127.255 inet6 fe80::290:27ff:fe36:ef22%fxp0 prefixlen 64 scopeid 0x1 -- vi vi vi -- the number fo the beast
Re: tcpdump -X
GVG GVG wrote: On Thu, Jul 17, 2008 at 9:04 AM, J.C. Roberts [EMAIL PROTECTED] wrote: On Tuesday 15 July 2008, GVG GVG wrote: On Tue, Jul 15, 2008 at 3:54 PM, David Hill [EMAIL PROTECTED] wrote: On Tue, Jul 15, 2008 at 03:42:58PM +0200, GVG GVG wrote: Use the size of your MTU, which can be found my using ifconfig. -- David Hill Thanks for your prompt reply. Just out of curiosity what's this 'MTU' stands for? MTU stands for Mark T Uemura, otherwise known as mtu@, an OpenBSD developer who has been kind enough to do some fantastic write-ups and interviews on the events and people of the two most recent hackathons. http://undeadly.org/cgi?action=searchmode=thres=method=and; sort=timequery=mtu Now, all kidding aside, please look at the length of your question above and compare it to the following URL: http://www.google.com/search?as_q=MTU Yep, the URL is shorter. Answering your own question would have been less typing, a whole lot faster, and far more complete than the simple expansion of an abbreviation given to you in replies. The half dozen idiots posting replies with the correct answer to your easily answered question have done a disservice to both you and everyone else subscribed to this list. Mindlessly blurting out an easily found answer is tantamount to bragging and makes the people doing it look stupid since it shows they failed to think things through. They robbed you of a chance to learn something on your own, they cluttered the mail boxes of thousands of people, and worst of all, they encouraged all the countless other people like you to be lazy. There's nothing wrong with not knowing things, but if you're unwilling to at least try learning and try solving your own problems *before* asking for help, then you obviously don't respect the time people commit to writing software and helping others on these lists. The correct order of operation is Think, Search, Study, and Try. When you've repeated the first four steps a few times and you're still at a loss for an answer, only then take the fifth step of Asking. It's the tough road to take rather than the easy way out, but in the end, you'll be stronger and better for it. In a similar vein, you might find the following thread enlightening: http://marc.info/?t=12143420236r=1w=2 Particularly: http://marc.info/?l=openbsd-miscm=121434335503622w=2 Yep, this crap happens all the time. It's not just new people showing up on the lists and not knowing the basics, but it's also long time users like Paul and Josh forgetting the end result of being overly helpful. Heck, if you search the list archives, you'll probably find places where *I* have made the exact same mistakes. I may seem like a complete ass for pointing the obvious, but none the less, all of the above are things you, and others, really need to learn and remember. Kind Regards jcr this kind of replies do have a long tradition in this list - probably most of the times for a good reason! On the other hand, calling people idiots, isn't really polite, to put it mildly, neither serves any good cause! I fully agree with your definition of the correct order of operation and it wasn't my intension to abuse any resources. I don't know if you read the whole thread but my initial question was a bit different! I didn't just jumped-in with the question 'what's MTU'. It was a result of a kind reply to my problem and after looking the man pages, where this acronym wasn't defined, assumed that a generic term like this will, most probably, produce a lot of unrelated and misleading hits in Google. Proved wrong! Still this wasn't an outcome of being lazy doing my homework. As a result, I think you heavily exaggerate with your strong wording. Thanks George If you watch the fungames from mis-matched MTUs, methinks you will discover that it is NO exaggeration.
Re: 'Nother broken package - git-1.5.4.2
MY APOLOGIES --- getting cross-eyed in my old age. On 7/16/08, Tony Abernethy [EMAIL PROTECTED] wrote: Ted Unangst wrote: anip If a command line tool like git has a 'GUI Helper', then that package is broken (which, I believe, is the case in this situation). I most certainly did not write that.
Re: 'Nother broken package - git-1.5.4.2
Ted Unangst wrote: anip If a command line tool like git has a 'GUI Helper', then that package is broken (which, I believe, is the case in this situation). The parallel argument is that if any GUI tool has a command line helper function, then that package is broken. (Microsoft Windows still has a command line) You might have a point of view, but it seems to me to be extremely naive and provincial and almost certainly wrong.
Re: 'Nother broken package - git-1.5.4.2
Ted Unangst wrote: On 7/15/08, L. V. Lammert [EMAIL PROTECTED] wrote: No, I'm sending an email to misc when a package depends on X that should **NOT** depend on X. That's what's broken, obviously, if you're saying I should be installing X on a production server. NOT. tar zxf X pkg_add crap rm -r /usr/X11R6 Lovely. Out of curiosity, what happens when you install X but answer no to the question about intending to RUN X? Seems like if a package has any kind of GUI helper/configurator thingee then it has a legitimate requirement for something in X. Does installing X on a production server require that you RUN X on that server?
Re: Wayyyyyy OT: WAS: RE: small, random essay on performance tuning, was: remove....
Douglas A. Tutty wrote: On Sat, Jun 07, 2008 at 12:56:55PM +, Miod Vallat wrote: God is real, unless declared integer. I thought about this for a while. Given that the Spirit of God was upon the waters in Genesis 1, I think it's likely that God is float. Remember, FORTRAN came before Genesis. In the beginning was the Word. I suppose the variable type which uses the same number of bits as a word depends on the hardware on which you are running. On amd64, what does that make God? If God always has something to say, perhaps God is an infinite string? Since God is everwhere in space-time, perhaps God is a SuperString. Doug. There's gotta be something about WORD MARKS on IBM 1401 and friends.
Re: Where I am? [Was: Rolling release?]
Zbigniew Baniewski wrote: Pay attention: there is a feedback. Seems like there has been a lot of feedback. Assuming that you can read, can you take your own advice?