Re: Problem with WireGuard on OpenBSD 7.3

[Andre Smagin]

On Sat, 6 May 2023 02:18:30 +0200
Odd Martin Baanrud  wrote:

> Hello Stuart,
> 
> Thanks for a detailed and good explenation!
> 
> I choosed the WireGuard-tools solution, because I understood how it works, 
> and it is easy to configure.
> I*ve read a bit in the wg(4) manual, and I get confused of how things 
> actually works.
> Is it possible to use wireguard-tools*s private/public key e.g?
> If not, is the actual configuration using the included tools easy to do?
> 
> I*m blind, so reading lots of documentation, when not knowing what to look 
> for, can be pritty time consuming.
> So, if it is an easy way to set up a wireguard-tools style vpn using tools 
> from the base system, please let me know.
> 
> Regarding pf, thanks for good advice regarding how to use NAT rules.
> 
> Regards, Martin.

Hello Martin.

I just recently started using WireGuard, as a client only, using
commercial VPN service. I did not have to use wireguard-tools.

In addition to the manual pages for wireguard and rdomain, I also
consulted several online guides that helped clarify how everything
should work (DNS is the tricky part).

1. Solene Rapenne - "Full WireGuard setup with OpenBSD"

Solene explains how to setup both wireguard server and client on
OpenBSD without using wireguard-tools. She uses openssl to generate
private keys. Note: page has one ASCII network diagram.
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html

2. Matthieu Herrb - "Setting up a WireGuard client with routing domains
on OpenBSD".

Matthieu explains step-by-step how to setup OpenBSD as wireguard client
for 3rd party VPN. He uses wireguard-tools, but only to generate the
private key initially. Note: page includes one long output of ps
command.
https://md.laas.fr/s/NMc3qt5PQ

Since both of the above guides use rdomains for their setup, I found
this writeup about rdomains and rtables useful:

3. Joel Knight - "Virtualizing the OpenBSD Routing Table"
Note: page has four images of network diagramms.
https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/

It is a lot of reading, and I apologize for that. I can see, but it
still took me couple days to figure out how to get just the client part
working right, and you are trying to do both server and client at once.
I hope you succeed.

--
Andre

Re: sndio and bit perfect playback

[Andre Smagin]

On Tue, 25 Oct 2022 16:44:59 +0200
Christian Weisgerber  wrote:

> Andre Smagin:
> 
> > There is possibly one more use case for "bit-perfect". I have a small
> > collection of surround sound (5.1, 4.1, quad, etc) recordings extracted
> > from various DVDs, SACDs, and other sources.
> 
> Yup.
> I even have a commercially released DTS-CD lying around somewhere,
> which is basically an ordinary CD except that the audio is encoded
> as DTS and not PCM.
> 
> > My desktop is connected to a receiver via optical SPDIF cable. To get
> > the surround sound, I use mpd with 'device "snd/0"' option and Ario to
> > control the mpd daemon.
> 
> I'm curious, what's the actual audio hardware?  azalia(4) or uaudio(4)?

It is azalia, built-in on the motherboard (dmesg at the end).
 
> > Bit depth does not seem to matter. I don't care about "bit-perfect", but
> > only about sending the dts stream to the receiver as-is, which works.
> 
> S/PDIF actually has a native depth of 20 bits per sample.  There
> are also 4 spare bits in the frame, which can optionally be used
> to transport 24 bits.  If an audio source provides only 16 bits per
> sample, those are fit into the 20 bit frame with the remaining bits
> unused.  DTS and AC3 encodings for S/PDIF only use 16 bits.

Ah, thank you for the explanation! I tried reading the DTS
specification once, but it is way over my head. 

-- 
Andre Smagin 

OpenBSD 7.2-current (GENERIC.MP) #778: Mon Oct 10 22:34:04 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 68596912128 (65419MB)
avail mem = 66500554752 (63419MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (59 entries)
bios0: vendor American Megatrends International, LLC. version "A.I0" date 
08/10/2022
bios0: Micro-Star International Co., Ltd. MS-7C37
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT FIDT MCFG HPET SSDT IVRS FPDT PCCT SSDT 
CRAT CDIT SSDT SSDT SSDT SSDT WSMT APIC SSDT
acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) 
GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) 
GPPF(S4) GP10(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 9 5950X 16-Core Processor, 3400.06 MHz, 19-21-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 32MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 9 5950X 16-Core Processor, 3400.00 MHz, 19-21-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 32MB 64b/line 16-way L3 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 9 5950X 16-Core Processor, 3400.00 MHz, 19-21-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 32MB 64b/line 16-way L3 cache
cpu2: smt 0, core 2, package 0
cpu3 at mai

Re: sndio and bit perfect playback

[Andre Smagin]

On Thu, 13 Oct 2022 22:14:33 +0200
Alexandre Ratchov  wrote:

> On Thu, Oct 13, 2022 at 03:11:50AM +, s...@skolma.com wrote:
> > in summary, audio works.. just not bit-perfectly :)
> > does anyone know if SNDIO supports such mode ? and how i might configure it.
> 
> bit-perfect is practical for one thing only: avoid questionings about
> whether the processing adds audible noise & distortion. I've tryed
> various hacks, including bypassing sndiod and neither was very
> practical.
> 
> IMHO, the sndiod resampler covers 99% of the cases. To handle the
> remaining 1%, I just resample the files off-line. audio/sox is
> excellent for that.
> 
> So, I'd suggest you to add "-e s24" to sndiod_flags and resample
> off-line when needed.
> 
> HTH
 
There is possibly one more use case for "bit-perfect". I have a small
collection of surround sound (5.1, 4.1, quad, etc) recordings extracted
from various DVDs, SACDs, and other sources. They are encoded in DTS
and Dolby Digital formats, as plain WAV files, and "compressed" to flac
format to prevent "smart" applications, such as ffmpeg, mpd, etc. from
trying to decode them and convert to stereo.

My desktop is connected to a receiver via optical SPDIF cable. To get
the surround sound, I use mpd with 'device "snd/0"' option and Ario to
control the mpd daemon. mpd decodes the top layer (flac), but stops
there and sends DTS-wav to the sndiod without mangling it further.
However, if sndiod's sample rate does not match that of the recording,
it resamples the stream, which ruins the DTS and results in white noise.

I found out that I have to restart sndiod with either
'sndiod_flags="-m play -r 44100"' or 'sndiod_flags="-m play -r 48000"'
flags in /etc/rc.conf.local depending on the files I am playing,
and then it gets to the receiver without issues.

I have each music directory annotated with the sample rate used, like so:

HAMLET: /storage $ ls music/dts/Pink\ Floyd/
(1970) Atom Heart Mother (Quadrophonic Vinyl Conversion) (Dolby Digital Quad 
16-48)
(1973) Dark Side of the Moon (Alan Parson's Mix) (DVD-Audio) (DTS 4.1 24-48)
(1971) Echoes (Original 4.0 Quad Mix) (From Pink Floyd the Early Years 
1965-1972, Volume 5) (DTS Quad 16-48)
(1973) Dark Side of the Moon (Analogue Transfer From SACD) (DTS 5.1 16-44.1)
(1971) Meddle (From Pink Floyd the Early Years 1965-1972, Volume 5) (DTS 5.1 
16-48)
(1994) The Division Bell (2014, Warner Music Group, 20th Anniversary Edition) 
(DTS 5.1 16-48)
Live: (1974) Live at Pompeii (DTS Quad 24-48)

For '16-48' and '24-48' (bit depth-samplerate), I start sndiod with
sndiod_flags="-m play -r 48000"
for '16-44.1', I restart sndiod with
sndiod_flags="-m play -r 44100"

Bit depth does not seem to matter. I don't care about "bit-perfect", but
only about sending the dts stream to the receiver as-is, which works.

--
Andre

Re: New desktop CPU/chipset recommendation

[Andre Smagin]

On Sun, 13 Feb 2022 21:46:30 -0700
Thomas Frohwein  wrote:

> On Thu, 3 Feb 2022 19:16:55 -0500
> Andre Smagin  wrote:
> > ...
> > Ryzen 9 5950x on x570 chipset motherboard, should last ten years at
> > least. Everything "just works" - NVMe hard drives, SPDIF audio, video,
> > etc.
> 
> Does the audio work? No audio hangs/wedging anymore on more than just
> a few minutes of usage? I have a machine like this, too, but audio would
> hang with MSI on like previous Ryzen generations. Unlike previous Ryzen
> generations, patching to switch to legacy interrupts didn't work. That
> was about 1.5 years ago; it currently serves as a Windows box ...
> 
> It would be good to know if that issue went away... I wouldn't mind
> putting a better OS on my machine again *cough*.

Thomas,

I play music all day long on the desktop on weekends, going out via
SPDIF (optic fiber) to a receiver. I have not tried direct speakers or
headphones. The only change to configuration I made was setting
outputs.mode=digital in /etc/mixerctl.conf

I play audio with mpd (local network files and internet streams),
and sometimes audacious and vlc for local files, and web audio with
chrome. Had couple strange lock-ups when streaming web-radio with mpd.
In fact, one happened just now - internet radio stream via mpd/Ario
started stattering and stopped as I was typing this email - restarting
sndiod and mpd did not help, had to reboot.

So, overall, little bit less reliable than my old pre-Ryzen desktop,
but not too bad - does not happen very often, may be once a week.
Not sure how to troubleshoot it.

--
Andre

Re: New desktop CPU/chipset recommendation

[Andre Smagin]

On Sun, 13 Feb 2022 20:55:26 +0200
Mihai Popescu  wrote:

> > ... Ryzen 9 5950x on x570 chipset motherboard ...
> 
> Can you post the output of
> sysctl | grep hw.
> please?

Here, with smt disabled and smt enabled:

HAMLET: /home/andre $ sysctl | grep hw
hw.machine=amd64
hw.model=AMD Ryzen 9 5950X 16-Core Processor
hw.ncpu=32
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:,sd1:2c4f0a976c44c833,cd0:
hw.diskcount=3
hw.sensors.ksmn0.temp0=36.62 degC
hw.cpuspeed=3400
hw.setperf=100
hw.vendor=Micro-Star International Co., Ltd.
hw.product=MS-7C37
hw.version=2.0
hw.uuid=c9bca978-eca9-1a51-aece-2cf05d9a5218
hw.physmem=68596871168
hw.usermem=68596854784
hw.ncpufound=32
hw.allowpowerdown=1
hw.perfpolicy=auto
hw.smt=0
hw.ncpuonline=16
hw.power=1

HAMLET: /home/andre $ doas sysctl hw.smt=1
hw.smt: 0 -> 1

HAMLET: /home/andre $ sysctl | grep hw 
hw.machine=amd64
hw.model=AMD Ryzen 9 5950X 16-Core Processor
hw.ncpu=32
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:,sd1:2c4f0a976c44c833,cd0:
hw.diskcount=3
hw.sensors.ksmn0.temp0=36.50 degC
hw.cpuspeed=3400
hw.setperf=100
hw.vendor=Micro-Star International Co., Ltd.
hw.product=MS-7C37
hw.version=2.0
hw.uuid=c9bca978-eca9-1a51-aece-2cf05d9a5218
hw.physmem=68596871168
hw.usermem=68596854784
hw.ncpufound=32
hw.allowpowerdown=1
hw.perfpolicy=auto
hw.smt=1
hw.ncpuonline=32
hw.power=1

Re: New desktop CPU/chipset recommendation

[Andre Smagin]

On Mon, 20 Sep 2021 14:56:31 -0400
Andre Smagin  wrote:

> I am looking for a hardware advice.
> I don't upgrade my desktop very often - last one was about ten
> years ago (AMD FX-8350 CPU), which I recently made my home server
> running -current, no issues. Now I am looking for a new desktop that
> will last another ten years, hence the question: if I buy the latest
> available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any
> current issues with using it for OpenBSD desktop? I would like to
> overkill it with the choice of hardware now, so I don't have to worry
> about it for a while.

Replying to my own thread from months ago. Took some time to get
this done, buying one part per paycheck, but I have a new desktop now.
Ryzen 9 5950x on x570 chipset motherboard, should last ten years at
least. Everything "just works" - NVMe hard drives, SPDIF audio, video,
etc.

Big thanks to OpenBSD developers! No issues to complain about, fresh
install, copied my configuration files from old desktop, was up and
running in 30 minutes. Day 3 to configure Windows 11 on a second hard
drive (to run 3d CAD software mostly) and now I have to reinstall -
broke something completely while trying to set it up to be usable...

Dmesg:

OpenBSD 7.0-current (GENERIC.MP) #303: Wed Feb  2 13:26:47 MST 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 68596871168 (65419MB)
avail mem = 66500714496 (63420MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (60 entries)
bios0: vendor American Megatrends International, LLC. version "A.F0" date 
12/16/2021
bios0: Micro-Star International Co., Ltd. MS-7C37
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT FIDT MCFG HPET SSDT IVRS TPM2 PCCT SSDT 
CRAT CDIT SSDT SSDT SSDT SSDT WSMT APIC SSDT FPDT
acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) 
GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) 
GPPF(S4) GP10(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 9 5950X 16-Core Processor, 3400.48 MHz, 19-21-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 9 5950X 16-Core Processor, 3400.02 MHz, 19-21-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 9 5950X 16-Core Processor, 3400.02 MHz, 19-21-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entr

Re: Should 80MB of RAM be enough for kernel relinking on i386?

[Andre Smagin]

On Wed, 22 Sep 2021 17:27:30 +0100
"Patrick Harper"  wrote:

> If the situation isn't going to change anytime soon then I have some 
> diffs for INSTALL.i386 and INSTALL.amd64. The latter has not specified 
> disk requirements, I guess since anyone who owns an amd64 system will 
> very likely be using a disk big enough for X, so I figured that the 
> same would apply to any user of an i386 system that meets the proposed 
> minimum RAM. These are based on the 2021-09-21 snapshot versions.
> 
> --- INSTALL.i386.txtWed Sep 22 16:52:38 2021
> +++ INSTALL.i386_newWed Sep 22 16:51:17 2021
> @@ -201,10 +201,7 @@ OpenBSD/i386 7.0 supports most SMP (Symmetrical 
> MultiP
>  systems.  To support SMP operation, a separate SMP kernel (bsd.mp)
>  is included with the installation file sets.
>  
> -The minimal configuration to install the system is 32MB of RAM and
> -at least 250MB of disk space to accommodate the `base' set.
> -To install the entire system, at least 600MB of disk are required,
> -and to run X or compile the system, more RAM is recommended.
> +The minimal configuration to install the system is 512MB of RAM.
>  
>  Please refer to the website for a full list of supported hardware:
>  https://www.openbsd.org/i386.html

Hello.

I have Soekris net4801 gateway/firewall and it only has 128Mb of RAM.
I usually upgrade to -current by putting the CF card into a different
machine, since writing to CF card is slow on Soekris, but tonight I
upgraded to -current using the box itself and timed how long it took to
relink the kernel - 25 minutes.
It has 256Mb of swap. Eh, 259.9M apparently.

After-reboot relinking is currently disabled until I figure out
what to put in the new bsd.re-config to change flags for
wd to 0x0ff0 automatically, no luck yet.


Soekris dmesg:

OpenBSD 7.0 (GENERIC) #203: Wed Sep 22 19:24:38 MDT 2021
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
real mem  = 133709824 (127MB)
avail mem = 114921472 (109MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 20/80/03, BIOS32 rev. 0 @ 0xf7840
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0x9000
cpu0 at mainbus0: (uniprocessor)
cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 
586-class) 267 MHz, 05-04-00
cpu0: FPU,TSC,MSR,CX8,CMOV,MMX
cpu0: TSC disabled
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00
sis0 at pci0 dev 6 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 
00:00:24:c3:54:68
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
sis1 at pci0 dev 7 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 
00:00:24:c3:54:69
nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1
sis2 at pci0 dev 8 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 
00:00:24:c3:54:6a
nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1
ral0 at pci0 dev 10 function 0 "Ralink RT2860" rev 0x00: irq 11, address 
00:1d:6a:0e:80:cd
ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R)
ral1 at pci0 dev 14 function 0 "Ralink RT2560" rev 0x01: irq 5, address 
00:13:d3:00:9f:7a
ral1: MAC/BBP RT2560 (rev 0x04), RF RT2525
gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00
gpio0 at gscpcib0: 64 pins
"NS SC1100 SMI" rev 0x00 at pci0 dev 18 function 1 not configured
pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA48, 3811MB, 7806960 sectors
wd0(pciide0:0:0): using PIO mode 4
geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6 revision 3 
wdstatus 0
ohci0 at pci0 dev 19 function 0 "Compaq USB OpenHost" rev 0x08: irq 9, version 
1.0, legacy support
isa0 at gscpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
gpio1 at nsclpcsio0: 29 pins
gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1:
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Compaq OHCI root hub" rev 1.00/1.00 
addr 1
dt: 445 probes
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (1f081011692bae0c.a) swap on wd0b dump on wd0b

Re: New desktop CPU/chipset recommendation

[Andre Smagin]

On Mon, 20 Sep 2021 18:59:11 -0400
Daniel Wilkins  wrote:

> On Mon, Sep 20, 2021 at 02:56:31PM -0400, Andre Smagin wrote:
> > Good day.
> >
> > I am looking for a hardware advice.
> > I don't upgrade my desktop very often - last one was about ten
> > years ago (AMD FX-8350 CPU), which I recently made my home server
> > running -current, no issues. Now I am looking for a new desktop that
> > will last another ten years, hence the question: if I buy the latest
> > available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any
> > current issues with using it for OpenBSD desktop? I would like to
> > overkill it with the choice of hardware now, so I don't have to worry
> > about it for a while.
> >
> > I am ten years out of touch with hardware development progress, so will
> > appreciate any input you may have.
> >
> > --
> > Andre
> >
> You got me curious, so I went ahead and installed OpenBSD on the desktop
> I rebuilt this year.
> I've got a Ryzen R9 3900X with an MSI MAG B550 TOMAHAWK for the motherboard,
> and an R9 380 for the graphics card.
> 
> Works totally fine from my initial impressions. Sound works, USB works,
> plays full HD videos fine over DP, drives the 1440p display with no issues, 
> etc.
> 
> The only thing "wrong" is that I don't think Audio-over-HDMI works.
> 
> Hope this might help a bit,
> Danny
> 

Thank you very much for the test! I feel more comfortable now, will
probably get the B550 chipset motherboard and CPU like yours.

And if there are issues with sound as others mentioned, I can always
use an external USB card, have one somewhere I think.
Only need SPDIF output going to a receiver on my desk.

Thank you all for the replies!
--
Andre

New desktop CPU/chipset recommendation

[Andre Smagin]

Good day.

I am looking for a hardware advice.
I don't upgrade my desktop very often - last one was about ten
years ago (AMD FX-8350 CPU), which I recently made my home server
running -current, no issues. Now I am looking for a new desktop that
will last another ten years, hence the question: if I buy the latest
available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any
current issues with using it for OpenBSD desktop? I would like to
overkill it with the choice of hardware now, so I don't have to worry
about it for a while.

I am ten years out of touch with hardware development progress, so will
appreciate any input you may have.

--
Andre

Experience using httpd in production on busy machines?

[STeve Andre']

I am in the process of deploying an updated version of a PHP web 
application that has been running on Apache and Nginx on Linux. This time I 
have done all the development running the webserver on OpenBSD httpd+PHP. 
The setup is so much simpler and I am used to running OpenBSD boxes as 
gateways/firewall so I am familiar.


However, before I take the final step and deploy the new application on 
OpenBSD httpd in production I would like to hear if anyone has any 
experience to share regarding performance compared to running Apache or 
Nginx on Linux? Any caveats to look out for?


Kind regards!

Sent with [ProtonMail](https://protonmail.com/) Secure Email.

I never deployed it in the real world, but made a version of my web server 
using httpd.   To test it I beat the crap out of it with three other 
OpenBSD systems running wget scripts and programs simulating hordes of 
users.  It worked well, saturating a 100mb test network.


I have never cared for "speed", because a faster less secure site only 
leads to a notice of breakins or worse.  Regardless of the software you 
use, you should always be really mean to it
Try to crash it--multiple machines on your test network will really, really 
test it.


--STeve Andre'

Ps: if you do find weirdness, report it!

Sent with Aqua Mail for Android
https://www.mobisystems.com/aqua-mail

Re: TCP FIN hangups in encrypted ESP tunnel

[Andre Stoebe]

Hi Peter,

it's not just you, I have similar problems since around July 1, but with a
netcup server.

Since then, downloading a bigger file from the netcup server using scp or rsync
fails pretty consistently. Normal ssh sessions or other stuff like imap or xmpp
remain stable, as far as I can tell.

I run the scp/rsync over wg, but it doesn't matter, happens over pppoe too.

Like you, I also spent the last evenings looking for mistakes on my side,
besides having this working for years. So now I guess the problem is on their
side or somewhere in between?

I see the following when the file transfer fails:

192.168.100.1 is my router, where I run "scp 192.168.100.2:dump.gz ."
192.168.100.2 is the netcup server

237470  28.285237 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195360998 Win=120512 Len=0 TSval=2630531475 TSecr=89901171
237471  28.285242 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237472  28.285260 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237473  28.285288 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195363734 Win=117824 Len=0 TSval=2630531475 TSecr=89901171
237474  28.285293 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237475  28.285311 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237476  28.285339 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 TSecr=89901171
237477  28.285348 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP 
Previous segment not captured] , Encrypted packet (len=1368)
237478  28.285382 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#1] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195369206
237479  28.285498 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195369206
237480  28.285863 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237481  28.285906 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#2] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195370574
237482  28.285914 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237483  28.285941 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#3] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195371942
237484  28.285946 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237485  28.285973 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#4] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195373310
237486  28.285979 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237487  28.286006 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#5] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195374678
237488  28.286016 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237489  28.286044 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#6] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195376046
237490  28.286054 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237491  28.286081 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#7] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237492  28.286343 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=131456 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237493  28.286421 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237494  28.287076 192.168.100.2 -> 192.168.100.1 TCP 56 22 -> 12534 [FIN, ACK] 
Seq=195377414 Ack=55922 Win=16384 Len=0 TSval=89901171 TSecr=2630531475
237495  28.287141 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#8] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237496  28.288062 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=147712 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237497  28.288586 192.168.100.1 -> 192.168.100.2 SSHv2 104 Client: Encrypted 
packet (len=36)
237498  28.295439 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP Fast 
Retransmission] , 

Re: Filling a 4TB Disk with Random Data

[STeve Andre']

Even easier,  have stty status set to ^T, and run dd .

When you want to know where you are in the process hit ^T.  Lots (most?)
of programs will respond to a SIGINFO request.

--STeve Andre' ​

On Jun 10, 2020, 12:48, at 12:48, Luke Small  wrote:
>if you have access to packages, you could "pkg_add pv"
>
>and:
>
>"dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m"
>
>It will show you in real time how much random
>
>data has been written to disk.
>
>-Luke
>
>
>On Wed, Jun 10, 2020 at 11:43 AM Luke Small 
>wrote:
>
>> I mean: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m"
>>
>> -Luke
>>
>>
>> On Wed, Jun 10, 2020 at 11:41 AM Luke Small 
>wrote:
>>
>>> if you have access to packages, you could "pkg_add pv"
>>>
>>> and:
>>>
>>> "dd if=/dev/random | pv | of=/dev/rsdXc bs=1m"
>>>
>>> It will show you in real time how much random
>>>
>>> data has been written to disk.
>>>
>>> -Luke
>>>
>>

Re: Filling a 4TB Disk with Random Data

[STeve Andre']

The speed of writing is dependent on the rotational speed of the disk, and the 
i/o bandwidth of the system.

You want to do

   dd if=/dev/zero of=/dev/rsd1c bs=1m

Note that this writes to the sd1 disk!  Carefully,
carefully look at your disks and write to the correct
one.  Writing to sd0 is likely to be disastrous.

Do this on a test system.  dd is as efficient as it is ruthless.  You can 
irrevocably damage a system with it.

---STeve Andre'


⁣Sent from BlueMail ​

On Jun 1, 2020, 09:58, at 09:58, Justin Noor  wrote:
>Hi Misc,
>
>Has anyone ever filled a 4TB disk with random data and/or zeros with
>OpenBSD?
>
>How long did it take? What did you use (dd, openssl)? Can you share the
>command that you used?
>
>Thank you so much

Re: OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

[STeve Andre']

If you look at the titles of some of the other "articles"
You will see a trend of unhappiness.

The author has the right to write such things, just as everyone else has the 
right to ignore it.

--STeve Andre'


On May 28, 2020, 00:16, at 00:16, Quantum Robin  
wrote:
>Hi,
>
>While surfing on the Google to learn more about OpenBSD, I encountered
>this
>one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
>https://aboutthebsds.wordpress.com/2013/01/25/20/)
>
>Is the author telling the truth? Or just yet another anti-BSD thing?

sha256 of the install67.img is missing in the snapshot

[Andre S]

The sha256 checksum data of the install67.img file is missing in the 
snapshot.

Re: openbsd.org down?

[STeve Andre']

The proper people know already.  It's useless to make
further comments.  --STeve Andre'

On Apr 13, 2020, 03:14, at 03:14, Ilya Mitrukov  wrote:
>Hi,
>flushing the caches doesn't help and it's still unavailable.
>
>Does anybody know where to report the issue?
>(I'd look at openbsd.org but ... )
>
>- Ilya
>
>On 2020-04-13 05:00, zeurk...@volny.cz wrote:
>> "Durial EB"  wrote:
>>> Still down for me.
>> Appears intermittent. Cc'ing webmaster@ (assuming it exists).
>>
>>  --zeurkous.
>>
>>> On Sun, Apr 12, 2020 at 5:44 PM  wrote:
>>>
>>>>> Hello.
>>>>>
>>>>> What happened to the openbsd.org?
>>>>> I seems to be down for 10+ hours for now.
>>>> WFM. Empty your name swerver cache, it might help.
>>>>
>>>>> Regards,
>>>>>
>>>>> Roman
>>>> --zeur.
>>>>
>>>> --
>>>> Friggin' Machines!

"not MAP_STACK" message in dmesg / system message buffer

[Andre Smagin]

Hello.

While prototyping something in C, I made a mistake with
pre-processor macros, which I narrowed down to this:

int
main()
{
char *test[10][2097152] = { { 0 } };
}

Running it results in
$ ./a.out
Segmentation fault (core dumped) 

and it also logs it in dmesg as

Feb 25 20:05:49 hamlet /bsd: [a.out]52048/372328 sp=7f7ff5fd4150 inside 
7f7fff7d5000-7f7d5000: not MAP_STACK
Feb 25 20:06:49 hamlet /bsd: [a.out]94530/186499 sp=7f7ff5fe58c0 inside 
7f7fff7e7000-7f7e6000: not MAP_STACK
Feb 25 20:07:09 hamlet /bsd: [a.out]9523/344960 sp=7f7ff5fd9fd0 inside 
7f7fff7db000-7f7db000: not MAP_STACK

I have not seen a segfaulting program being logged in system
message buffer before. Is it expected behaviour?
Just curious, the message was a bit confusing.

The system is amd64-current.

--
Andre

Re: Tools for writers

[STeve Andre']

On 2019-11-02 15:07, Antoine Jacoutot wrote:

On Sat, Nov 02, 2019 at 03:04:34PM -0400, STeve Andre' wrote:



On 2019-11-02 11:00, Oliver Leaver-Smith wrote:

Hello,

What tools do people find useful for writing on OpenBSD? By writing I mean long 
form such as novels and technical books, including plot and character 
development, outlining, and formatting for publishing (not all the same 
application necessarily)

I have found a number which boast Linux support, but not really anything that 
stands out which supports OpenBSD (aside from the obvious LaTeX et al.)

Mich appreciated

   ~ols
--
Oliver Leaver-Smith
+44(0)114-360-1337
TZ=Europe/London



/usr/bin/vi


You obviously never wrote a book.
At least not with the requirements OP asked for. >


Actually, I am, right now.  I've found that "formatting" is an
annoyance, when writing material.  Get it written, *then* worry
about how it looks.  I've done this for more than 40 years when
creating documents, reports and such for work.

--STeve Andre'

Re: Tools for writers

[STeve Andre']

On 2019-11-02 11:00, Oliver Leaver-Smith wrote:

Hello,

What tools do people find useful for writing on OpenBSD? By writing I mean long 
form such as novels and technical books, including plot and character 
development, outlining, and formatting for publishing (not all the same 
application necessarily)

I have found a number which boast Linux support, but not really anything that 
stands out which supports OpenBSD (aside from the obvious LaTeX et al.)

Mich appreciated

  ~ols
--
Oliver Leaver-Smith
+44(0)114-360-1337
TZ=Europe/London



/usr/bin/vi

Re: Display flickers after upgrade to 6.6

[Andre Stoebe]

Hi,

I ran into the same issue this morning. Disabling the compositor worked
for me, but I noticed later that this is also documented in the package
readme:

Screen compositor
=
If you're using the modesetting X driver and experience window
flickering when
the compositor is enabled, you should force the window manager to use the
XPresent method for vblank:

$xfwm4 --vblank=xpresent --replace &

This is documented upstream at
https://git.xfce.org/xfce/xfwm4/tree/COMPOSITOR#n114

Haven't tested that yet and left the compositor disabled, but I guess
this will fix your issues. If it does, that's probably a good reminder
to first look in the readme next time (me included). ;)

Regards,
André

Nobody said it yet...

[STeve Andre']

Happy birthday to OpenBSD!

Re: Package -stable updates

[Andre Stoebe]

On 29.08.2019 01:59, Steven Shockley wrote:
> So, many thanks to everyone who put together the new -stable updates for
> packages.  Is there a command I can put in the crontab that will only
> output if there are updates?  Similar to what syspatch or openup does.
> I tried pkg_add -unx, but that still tells me to delete old files and
> prints the quirks line even if there are no updates.

Hi Steven,

here's what I came up with in my /etc/daily.local file...

(pkg_add -suv | sed -En 's/^Adding (.+)\(pretending\)/\1/p') 2>&1 \
| grep -v ': Requesting'

Initially I didn't use the verbose option and a simpler sed expression,
but I eventually found that pkg_add's output differs whether a terminal
is attached or not. So that's what works for me.

Regards
Andre

Re: When will OpenBSD become a friendly place for bug reporters?

[STeve Andre']

On 7/8/19 10:57 PM, mazoc...@disroot.org wrote:

Hi!

We all know that bugs don't get fixed without backtraces.

After few years of using OpenBSD I am annoyed to get mocked for not
sending backtraces, but why I don't send them? The answer is: OpenBSD
doesn't provide software packages with debugging symbols.

Do I look like a Gentoo user? It's not cool to leave no choice to bug
reporters but to make them rebuild all ports they use with:
$ env CFLAGS='-pipe -g' DEBUG=-g make -j $(sysctl -n hw.ncpu) reinstall

The current OpenBSD is definetely not friendly to bug reporters, so
don't blame me when I refuse to send backtraces, I am simply not in mood
to rebuild software when it shouldn't be necessary, I value my time.


For heavens sake, why don't you compile the code with symbols?  If you
have the ability to go inside and look for problems, you can compile
stuff yourself.  If you're going to submit a patch you have to build
to test the fix!

--STeve Andre'

Re: Evernote Alternative?

[Andre Ruppert]

Just a little addendum to your final post:

I use OpenBSD as my desktop environment (also MAC OS and Linux) and I 
was looking for years for an outline application which I can use on 
every OS.


Finally I switched from open to (paid) closed source *sigh* but now most 
of my problems were solved.


I use notecasepro, an I think I'm the only user who uses it on OpenBSD, 
because I have to ask for a version running on an actual OpenBSD release.


And no, this is not an advertisement, but my personal result after 
evaluating a lot of similar software which I can use on Linux, FreeBSD, 
MacOS but not on OpenBSD.


Regards
Andre

Am 29.06.19 um 22:56 schrieb Chris Humphries:

Final post.





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Blind OpenBSD users

[STeve Andre']

On 5/14/19 5:02 AM, Marc Espie wrote:

As far as I know, the only software we have for blind people
(and not just people with very poor eye sight)
is misc/brltty.

misc/screen  also has support in the form of the shm flavor,
which hooks to misc/brltty

The main issue for this kind of thing is of course testing.

This was done over 10 years ago.  I have zero idea if this
still works, or if there are better tools these days.


We also have (had?) a speech synthesis system in
audio/festival

Unfortunately, this is research code that predates the C++
standard by years, and thus is thoroughly rotten through.

I don't think we have any other speech synthesis open source
software in the ports tree.



There is  flite  which works but isn't great.


--STeve Andre'

Re: Code of Conduct location

[STeve Andre']

On 4/28/19 3:58 AM, Strahil Nikolov wrote:

Hello All,

can someone point me to the link of the OpenBSD code of Conduct ?

It seems that I can't find it even with the help of google.

Best Regards,
Strahil Nikolov



There isn't one that I have ever seen.  But the code of conduct here

is really the same as in life: be honest and fair, try to help and not

harass.  Deal with others as you would wish others would do to you.


A formal Code of Conduct is a rabbit hole, with no bottom.  The very

people who might need it will be its abusers, and how do you enforce

it on open mailing list?


--STeve Andre'

Can't boot up on -current of thursday

[STeve Andre']

For the first time in 14+ years I cant boot up.   I compiled -current yesterday 
but didnt reboot then. Rebooting today after the probe line  Spkr0 at pcppi0  I 
get

Usbd_free_xfer:  xfer=0xff087bb44c30 not free

And hangs.  So, I booted the previous kernel and got the same message.  Other 
kernels give the same message.  Bsd.rd did come up however.  This is a w541 
thinkpad.

I'm going to install on an external disk, but have others seen this?  Given 
multiple kernel failures I fear hardware problems. And of course I dont have 
other working hardware with me so I have to deal with that to get comparison 
systems up.

Thanks for any clues.

--STeve Andre'

Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache

[Andre Stoebe]

Use "rcctl set unbound timeout 300", which sets "unbound_timeout=300" in
rc.conf.local. The variables are documented in rc.d(8).

Regards
André

Re: TypeO

[STeve Andre']

On 10/19/18 6:29 PM, david long wrote:

I'm the first to admit I don't know anything about anything. Should it be
iwn or iwm for the wireless firmware drivers. Because I get an error say
unable to load iwm. I thought the wireless drivers for the Intel chipset
are iwn



David,  I would suggest reading https://www.openbsd.org/mail.html.

Actually, reading the entire FAQ is a good idea for newcomers.

Both iwn and iwm are wireless drivers, for different species of Intel

wireless chips.


Reading is a really good thing when delving into a new op system.

Fortunately OpenBSD is great docs.


In addition, https://undeadly.org/ is good reading, as is

http://daemonforums.org/forumdisplay.php?f=11


There are others but that should get you started.


--STeve Andre'

Re: Going nuts

[STeve Andre']

Thanks very much to Stewart and Josh.  My new little beast is on the net now 
and everything seems to work.  Now the W541 can go to the hospital as I leave 
mine. (-;

STeve Andre'


On Sep 11, 2018, 06:16, at 06:16, Stuart Henderson  wrote:
>On 2018-09-11, STeve Andre'  wrote:
>> My main laptop is going south on me and I'm trying to get an
>alternate thinkpad working.  Adding to my joy is that I'm in the
>hospital currently.
>>
>> I have a stock X220.  What firmware file do I want for -current? 
>Sorry for the question but I plead antibiotics!  Most frustrating not
>having access to normal items.
>>
>> Thank you all...
>>
>> STeve Andre'
>>
>
>Files for -current are at
>http://firmware.openbsd.org/firmware/snapshots/,
>"fw_update -i" will tell you which ones you need.
>
>If you need to load them from USB stick or similar to get wlan working,
>you can use fw_update -p /path/to/files.

Going nuts

[STeve Andre']

My main laptop is going south on me and I'm trying to get an alternate thinkpad 
working.  Adding to my joy is that I'm in the hospital currently.

I have a stock X220.  What firmware file do I want for -current?  Sorry for the 
question but I plead antibiotics!  Most frustrating not having access to normal 
items.

Thank you all...

STeve Andre'

Re: Lesser evil

[STeve Andre']

On 09/04/18 20:04, Heinz Kampmann wrote:

--
*Gesendet:* Dienstag, 04. September 2018 um 23:00 Uhr
*Von:* "STeve Andre'" 
*An:* "Kevin Chadwick" , misc@openbsd.org
*Betreff:* Re: Lesser evil

On 09/04/18 09:09, Kevin Chadwick wrote:
Um, maybe I'm not writing well.  I'm talking about a dual-boot Windows
OpenBSD system, which gets a Windows virus, which wipes out the
disk.  Effectively asleep, OpenBSD gets creamed.   That's what I mean
about dual-booting being a risk.

Hi,
I understand you in that way, but I thougt win10 can´t read/write 
ufs-partitions.

Maybe I´am wrong.
I use Windows for one program (PsyPrax), cause I won´t run it in an 
emulation.
I only trust in OpenBSD. Lean and clean code shifts security - plus 
the extra work
like pledge, KARL, w^x etc. ... and the most reviews praise the high 
quality code

of OpenBSD.
Sometimes I use win10 or mac high sierra for amazon prime.
best wishes,
Heinz

Heinz,

Think disk, not partitions.  Smash the raw disk and it matters not
what was on it; it will be obliterated.  That's what some Win viri do.

--STeve Andre'

Re: Lesser evil

[STeve Andre']

On 09/04/18 09:09, Kevin Chadwick wrote:

On Mon, 3 Sep 2018 18:03:06 -0400



I would not try to dual boot Windows and OpenBSD.  There are too
many disgusting viri out that smash parts of partitions.   OpenBSD
or anything else on the disk is a sitting duck once not active. Don't
do it.  The AV situation on Windows is out of control--a conservative
estimate is that there are 4M pieces of malware out for Windows.

Personally I feel this is a red herring. If you are finding viri on
your system then OpenBSD helps but could be hacked too. Viri are
unlikely with a security conscious OpenBSD user. You are doing
something wrong or need to silo your actions.



Um, maybe I'm not writing well.  I'm talking about a dual-boot Windows
OpenBSD system, which gets a Windows virus, which wipes out the
disk.  Effectively asleep, OpenBSD gets creamed.   That's what I mean
about dual-booting being a risk.

--STeve Andre'

Re: Lesser evil

[STeve Andre']

On 09/03/18 14:42, - - wrote:

Hello all,


I am running OpenBSD on my desktop, which is suitable for 99% of my
needs. However I have to run certain proprietary software, which is
available on Linux, Mac OSX and Windows.

I cannot decide which of the three would be a "lesser evil" to run in
respect with security and privacy. The software (video and photo editing)
runs best on Windows, almost as good on OSX  and it runs on Linux with
some compromises.
Does it make sense to accept such compromises and run Linux for security
and privacy OR is the better security and privacy of Linux more or less a
myth and running Windows would be almost the same in that respect?

I understand that any response is to be just an opinion.

Thank you

Jan


I would not try to dual boot Windows and OpenBSD.  There are too
many disgusting viri out that smash parts of partitions.   OpenBSD
or anything else on the disk is a sitting duck once not active. Don't
do it.  The AV situation on Windows is out of control--a conservative
estimate is that there are 4M pieces of malware out for Windows.
If your AV software knows how to deal with 98%, that means 80K
things aren't dealt with.  Ugh!  I know of a dual booting Win/Obsd
laptop that was damaged by a viri and afterwards the owner could
not find the OpenBSD partition at all.  Pity I was never able to see it
to do analysis.

Here in the US, you can get used thinkpads for an astonishing small
amount of money.  My wife just got a T430 with 8G ram, 500G disk,
2.6GHz I5, 1366x768 display, 2 USB 3 ports, for $167.  The battery is
even decent.  This is at Newegg.   Used macs look like $400.

For that money I would advocate that a separate machine is best,
AND you have an emergency OpenBSD backup system.

--STeve

Re: Installed current on top of FAT32 flash, Recover old filesystem??

[STeve Andre']

On 07/14/18 15:16, Chris Bennett wrote:

I very carefully and surely tested which flash drive to use and then
pulled out the wrong one.
I stopped the install with halt and done nothing else.
Should I have yanked it, halted it or just said goodbye?

ddrescue or something else or nothing else?

Thanks, I hope,
Chris Bennett





https://www.r-studio.com/

This is software I have used in the past to deal with disk disasters.
It's about $80 the last time I used it but it worked pretty well.

Good luck.  If you find some other method, let misc@ know.

--STeve Andre'

Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?

[Andre Ruppert]

Hello Philipp,
hello @misc

I thought the problems were gone, but often deleting an unmamed phase 1 
SA didn't work with the "cookie method" at least with 6.3/amd64.


My way:

1.)
# sh -c "echo S > /var/run/isakmpd.fifo"
# less /var/run/isakmpd.result

--> identify the dead phase 1 SA

SA name:  (Phase 1/Responder)
src:  dst: 
Lifetime: 28800 seconds
Flags 0x
icookie 7e0aab1278867246 rcookie f26398203e60007f

2.)
try to delete the unnamed SA with your method:

# sh -c "echo 'd 7e0aab1278867246f26398203e60007f -' \
> /var/run/isakmpd.fifo"

results mostly in:
ui_delete: command "d 7e0aab1278867246f26398203e60007f -" found no SA

3.)
collateral problem:
I'm not able to accept a new connection by the remote peer (with a new 
cookie) because isakmpd logs:


transport_send_messages: giving up on exchange peer-, no response 
from peer .


With tcpdump I can see that isakmpd refuses to answer peer  
requests 'till lifetime end or the crippled phase 1 is totally dropped...


Resarting isakmpd is not advised 'cause of a lot of other active vpn 
sessions.


The question: isakmpd bug or may brain incapabillities?

Best regards
Andre


Am 15.05.18 um 05:15 schrieb Philipp Buehler:

Hello Andre,

Am 14.05.2018 13:38 schrieb Andre Ruppert:

I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article=20131125041429


Apparently I wrote that article, and I feel your pain :-)


2.) less /var/run/isakmpd.result
...
SA name:  (Phase 1/Responder)
src:  dst: 
Flags 0x
icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec
...


Feeding the fifo with
sh -c "echo 't ' > /var/run/isakmpd.fifo"
only deletes phase 2.

But I didn't have an SA name at this time... ??


The problem here is you only have an 'unnamed' SA, indeed; but
you have cookies..
What you can do - found that a bit later after the undeadly article:
echo 'd 9f5bf7497f0ebe108a6c7b1b1f5923ec -' > isakmpd.fifo
which is "d $icookie$rcookie -" (no space between the cookie values).

If I am changing a peer configuration, I also block 500/udp for the
time being to avoid these 'Responder' SAs altogether. Think along
pf.conf:pass in proto udp from  to $myself port 500
pfctl -T delete -t vpn_peers $thatpeer
pfctl -k $thatpeer
ipsecctl -d -f $thatpeer.conf
vi $thatpeer.conf
ipsecctl -f $thatpeer.conf
pfctl -T add -t vpn_peers $thatpeer

HTH,




smime.p7s
Description: S/MIME Cryptographic Signature

Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?

[Andre Ruppert]

Hello Philipp,

sorry for the late answer

Thanks for the hint with the cookies.

Works in my environment

I'm much happier now ;-)

Best regards
Andre

Am 15.05.18 um 05:15 schrieb Philipp Buehler:

Hello Andre,

Am 14.05.2018 13:38 schrieb Andre Ruppert:

I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article=20131125041429


Apparently I wrote that article, and I feel your pain :-)


2.) less /var/run/isakmpd.result
...
SA name:  (Phase 1/Responder)
src:  dst: 
Flags 0x
icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec
...


Feeding the fifo with
sh -c "echo 't ' > /var/run/isakmpd.fifo"
only deletes phase 2.

But I didn't have an SA name at this time... ??


The problem here is you only have an 'unnamed' SA, indeed; but
you have cookies..
What you can do - found that a bit later after the undeadly article:
echo 'd 9f5bf7497f0ebe108a6c7b1b1f5923ec -' > isakmpd.fifo
which is "d $icookie$rcookie -" (no space between the cookie values).

If I am changing a peer configuration, I also block 500/udp for the
time being to avoid these 'Responder' SAs altogether. Think along
pf.conf:pass in proto udp from  to $myself port 500
pfctl -T delete -t vpn_peers $thatpeer
pfctl -k $thatpeer
ipsecctl -d -f $thatpeer.conf
vi $thatpeer.conf
ipsecctl -f $thatpeer.conf
pfctl -T add -t vpn_peers $thatpeer

HTH,




smime.p7s
Description: S/MIME Cryptographic Signature

Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?

[Andre Ruppert]

Remark below...



Am 14.05.18 um 13:38 schrieb Andre Ruppert:

Hello @misc,

I use a CARPed pair of 6.2 gateways as vpn access nodes, running "plain" 
ISAKMPD/ipsec.


The peering vpn gateways have different brandings from OpenBSD, linux, 
cisco to watchguard appliances etc...


Interoperability works most like a charm and is a no-brainer in most cases.

I have only access to the OpenBSD peering gateways, but most other 
brands belong to partners / customers.


Sometimes I first have problems with some of these peering boxes and 
only partial tunnels came up (only phase 1 or - more bad - phase 1 only 
partial).


Then I check the logs and - if I got wrong credentials or parameters 
from the peering partner - I change the configs on my side.
It needs mostly much less time than to discuss with the technicians from 
the peering partners - their problems have to te solved by them by 
clicking somewhere in a webinterface *sigh*.


Ok, back to _my_ problem:

If a ipsec tunnel is running with phase 1 and 2, I can stop it with
"ipsecctl -d -f ". Works.

If the ipsec tunnel is only partial working, I can delete it by using 
the fifo mechanism. Sometimes.


(
I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article=20131125041429
)

But I have always problems if only a part of phase 1 came up.

1.) sh -c "echo S > /var/run/isakmpd.fifo"

2.) less /var/run/isakmpd.result
...
SA name:  (Phase 1/Responder)
src:  dst: 
Flags 0x
icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec
...


Feeding the fifo with
sh -c "echo 't ' > /var/run/isakmpd.fifo"
only deletes phase 2.

But I didn't have an SA name at this time... ??

Question to the community: how is it possible to reliable stop partial 
tunnels without restarting isakmpd/ipsec (e.g. disturbing all other 
running tunnels)?


I'm clueless

Best regards
Andre



...and
sh -c "echo 't main ' > /var/run/isakmpd.fifo"
doesn't work either ...

/var/log/daemon reports "...ui_teardown: teardown connection 
"", phase 1

but that doesn't do anything.

Man isakmpd reads for fifo using:
"t [phase] name"
Tear down the named connection, if active. For name, the tag
specified in isakmpd.conf(5) or the IP address of the remote host
can be used.



Hm.
Again clueless...

Best regards
Andre



smime.p7s
Description: S/MIME Cryptographic Signature

OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?

[Andre Ruppert]

Hello @misc,

I use a CARPed pair of 6.2 gateways as vpn access nodes, running "plain" 
ISAKMPD/ipsec.


The peering vpn gateways have different brandings from OpenBSD, linux, 
cisco to watchguard appliances etc...


Interoperability works most like a charm and is a no-brainer in most cases.

I have only access to the OpenBSD peering gateways, but most other 
brands belong to partners / customers.


Sometimes I first have problems with some of these peering boxes and 
only partial tunnels came up (only phase 1 or - more bad - phase 1 only 
partial).


Then I check the logs and - if I got wrong credentials or parameters 
from the peering partner - I change the configs on my side.
It needs mostly much less time than to discuss with the technicians from 
the peering partners - their problems have to te solved by them by 
clicking somewhere in a webinterface *sigh*.


Ok, back to _my_ problem:

If a ipsec tunnel is running with phase 1 and 2, I can stop it with
"ipsecctl -d -f ". Works.

If the ipsec tunnel is only partial working, I can delete it by using 
the fifo mechanism. Sometimes.


(
I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article=20131125041429
)

But I have always problems if only a part of phase 1 came up.

1.) sh -c "echo S > /var/run/isakmpd.fifo"

2.) less /var/run/isakmpd.result
...
SA name:  (Phase 1/Responder)
src:  dst: 
Flags 0x
icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec
...


Feeding the fifo with
sh -c "echo 't ' > /var/run/isakmpd.fifo"
only deletes phase 2.

But I didn't have an SA name at this time... ??

Question to the community: how is it possible to reliable stop partial 
tunnels without restarting isakmpd/ipsec (e.g. disturbing all other 
running tunnels)?


I'm clueless

Best regards
Andre

relayd as websocket proxy?

[Andre Ruppert]

Hello @misc,

is it possible to configure relayd to act as a websocket proxy with 
v6.2/v6.3?


I set up relayd as ssl accelerator:

excerpt from relayd.conf:


http protocol "httpfilter2" {

tcp { nodelay, sack, socket buffer 65536, backlog 100 }

return error
match request header set "Connection" value "close"
match header set "Keep-Alive" value "$TIMEOUT"
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" value \
  "$SERVER_ADDR:$SERVER_PORT"

tls { tlsv1, ciphers "HIGH:!ADH:!NULL:!RC4:-ECDH:ECDHE" }
}
...

relay webrtc_wsc {
listen on $webrtc_wsc_relayd_addr \
port $webrtc_wsc_relayd_port tls
protocol "httpfilter2"
transparent forward to  port $webrtc_wsc_web_port \
mode loadbalance http “/” code 200
}
...

valid .key and .crt-files are placed in /etc/ssl/private and /etc/ssl.


First: "standard" SSL acceleration works fine without problems.

Second: websocket connections don't  :-(

As far I can see websocket upgrade messages (decoded in wireshark as
"HTTP/1.1 101 Switching Protocols" packets) from the internal server are 
replaced by relayd with packets with the RST-flag set directed to the 
WAN client and the connection is closed.



My head-scratching question:
is this possible at all with relayd?

Or do I have to switch to nginx?


Regards
Andre Ruppert





smime.p7s
Description: S/MIME Cryptographic Signature

Re: IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC

[Andre Ruppert]

Fri, 16 Mar 2018 13:25:49 +0100
Janne Johansson <icepic...@gmail.com>:

> 2018-03-16 12:26 GMT+01:00 Andre Ruppert <a...@in-telegence.net>:
> 
> > Hello @misc,
> >
> > after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via
> > 6.1 to 6.2 (amd64) I noticed some trouble with my VPN connections.
> >  
> 
> Almost always when you get "expected 3DES" it means "the confs are not
> matching so obsd chose some default thing which includes 3DES
> which is not what the other side is running".
> 
> Things like mixing up "from NetA to NetB" and the other side not
> having the exact opposite is a decent way to get that exact error.
> 
> I don't know what part changed so that it is no longer matching for
> you, but something makes the negotiations not think
> the remote proposal is what it expects, so it goes into some default
> mode from which it will never make a connection.
> 

I agree with you in principle, but the question is: why drop these
connections (with untouched configurations) sporadically with 6.2
and _not_ with 6.0?

Some of these connections drop several times in 24h.

No problems at all with 6.0.

And it's always the same behavior: 
first drops the esp tunnel and the esp flows remain active.
And its not possible to stop them with 'ipsecctl -d -f  '

Is it only possible to stop zombie-type flows with fifo commands?

Best regards
Andre

IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC

[Andre Ruppert]

Hello @misc,

after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via 6.1 
to 6.2 (amd64) I noticed some trouble with my VPN connections.


Scenario:

- a CARPed OpenBSD VPN gateway with sasyncd (master and backup)
- a bunch of customer VPN client gateways (several brands -> Sophos, 
Fortigate, Cisco , ... ).

- ISAKMPD/ipsec  (no iked yet)
- no syntax errors in ipsec.conf files (checked)
- with release 6.0 no problems at all.
- with 6.2 sometimes several of the connections drop nearly at the same 
time and I have do restart them manually.


Configuration:

ipsec.conf includes - configuration is pretty simple - one include-file 
for every connection:


# --
LOCAL_PEER = "IP_of_my_gateway"
LOCAL_NET = "my_network/mask bits"
REMOTE_NET_XY = "foreign_network_YX/mask bits"
REMOTE_PEER_XY = "IP_of_remote_gateway"

ike esp from $LOCAL_NET to $REMOTE_NET_XY \
peer $REMOTE_PEER_XY \
main auth hmac-sha2-256 enc aes-256 group modp1536 lifetime 3600 \
quick auth hmac-sha2-256 enc aes-256 group modp1536 lifetime 1200 \
srcid $LOCAL_PEER psk "SomethingTotalSecretAsPSKsCanBe"


Single VPNs are startet by "ipsecctl -f /etc/ipsec/ipsec.include.xy"
and deleted by "ipsecctl -d -f /etc/ipsec/ipsec.include.xy)

(Deleting connections is a special matter and doesn't work well, but 
that is not the point here)


The problem so far: prior to the connection drops I see isakmpd error 
messages:


isakmpd[35939]: dropped message from "REMOTE_PEER_XY" port 500 due to 
notification type NO_PROPOSAL_CHOSEN
isakmpd[35939]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got 
AES_CBC, expected 3DES_CBC

isakmpd[35939]: message_negotiate_sa: no compatible proposal found

My question: why (and where) do I expect 3DES_CBC encrytion ?


And sometimes also other additional error messages appear in the Log.
Example:
...
ipsec_get_id: section to-10.10.244.0/25 has no "ID-type" tag
Mar 16 08:06:11 redacc01-a isakmpd[35939]: connection_init: could not 
record connection "from-172.16.0.0/16-to-10.10.244.0/25"

...


I'm clueless...

There are no infos in the upgrade guides (6.0 to 6.1 and 6.1 to 6.2) 
concerning isakmpd/ipsec changes



Sysctl lists:

net.inet.ip.ipsec-expire-acquire=30
net.inet.ip.ipsec-invalid-life=60
net.inet.ip.ipsec-pfs=1
net.inet.ip.ipsec-soft-allocs=0
net.inet.ip.ipsec-allocs=0
net.inet.ip.ipsec-soft-bytes=0
net.inet.ip.ipsec-bytes=0
net.inet.ip.ipsec-timeout=86400
net.inet.ip.ipsec-soft-timeout=8
net.inet.ip.ipsec-soft-firstuse=3600
net.inet.ip.ipsec-firstuse=7200
net.inet.ip.ipsec-enc-alg=aes
net.inet.ip.ipsec-auth-alg=hmac-sha1
net.inet.ip.ipsec-comp-alg=deflate


Any hints?

Best regards
Andre Ruppert




smime.p7s
Description: S/MIME Cryptographic Signature

Re: Hard disk controller not recognized

[STeve Andre']

On 02/12/18 12:07, Xianwen Chen wrote:

Dear OpenBSD users,

I am not able to run OpenBSD 6.2 amd64 on a Dell Latitude E6330. The
installation was done by taking out the hard drive and hook it through
a USB reader to another machine.

I boot the hard drive through Legacy Boot menu. The boot process stops with
root device:

It is possible to boot through bsd.rd. However, the hard drive is not
recognized there.

Here is the dmesg from bsd.rd:

[snip]

Xianwen,

Obviously the best thing is for IT to release the BIOS control to you,
but if they won't, get a USB SATA disk interface, and try to use that.
Your IT department might have figured out how to interfere with that 
too, but that might be a solution.  You'd have to keep that external 
disk and its interface with you, but at least you could use OpenBSD.


--STeve Andre'

Re: Writing "ones" instead of "zeroes" when wiping disk

[STeve Andre']

Don't bother.   Wiping the disk twice is enough.   If you are storing state 
secrets melt the disk.


Back in the days of sub 1G disks it might have been possible to get inter 
track gap data that was usable. Maybe.  But not multi T disks.


Sectors mapped out are a problem though, and multiple writes aren't going 
to touch those.  If you encrypt the disk I question how much value a few 
encrypted sectors would be to anyone.


Worry far more over lost usb sticks or portable usb disks.  That's a far 
bigger problem.


STeve Andre'


Sent with AquaMail for Android
http://www.aqua-mail.com


On January 11, 2018 9:46:25 AM Andreas Thulin <andreasthu...@gmail.com> wrote:


Hi!

Again, an ignorant question (as usual):

How might I do something similar to

# dd if=/dev/one of=/dev/sd0 bs=1M

as a complement to the usual and well-described

# dd if=/dev/zero of=/dev/sd0 bs=1M

followed by

# dd if=/dev/urandom of=/dev/sd0 bs=1M

in order to achieve paranoid disk-wiping?

BR
Andreas

Re: fsck: CANNOT READ: BLK 4235468160

[STeve Andre']

When you enter the realm of hardware errors, anything can happen.  If 
you are lucky you will see the same hard and soft errors every time you 
cross a bad sector, but I have seen many cases wildly varying block 
numbers on really sick disks.  And yes, bad cables and USB interfaces 
can be a problem too.  Try wiggling the cable disk the disk stable and 
see if you can produce errors.


Try doing a read with that USB hardware on another disk, too. That will 
tell you something.  I'll bet that the disk is bad.  If it stops 
producing errors, don't forgive it!  Get a new one.


--STeve Andre'

On 01/06/18 21:45, Maximilian Pichler wrote:

Hi,

I'm running fsck on an external USB hard drive, using OpenBSD 6.2
inside VirtualBox on MacOS.

On each run it gives a handful of "CANNOT READ: BLK ..." messages, but
the block numbers reported are different (!) each time.

If the disk is damaged, shouldn't the problematic blocks be
consistent? Does this point to a communication problem with the disk
(e.g. faulty USB cable)? Or is this a hopelessly unstable situation
given the general screwiness of USB over VirtualBox/Mac OS...?

Also, does answering "y" to "CANNOT READ" modify the disk contents?

Thanks for any insights!

Max


xhci0 at pci0 dev 12 function 0 "Intel 7 Series xHCI" rev 0x00: apic 2 int 20
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
umass0 at uhub0 port 9 configuration 1 interface 0 "Seagate Expansion"
rev 3.00/0.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus4 at umass0: 2 targets, initiator 0
sd0 at scsibus4 targ 1 lun 0: <Seagate, Expansion, 9300> SCSI4 0/direct fixed
sd0: 3815447MB, 512 bytes/sector, 7814037167 sectors

$ doas fsck /dev/sd0a
** /dev/rsd0a
** Last Mounted on /home/max/mnt
** Phase 1 - Check Blocks and Sizes

CANNOT READ: BLK 4235468160
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:

CANNOT READ: BLK 4128081280
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
CANNOT READ: BLK 4194986880
CONTINUE? [Fyn?] y
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
** Phase 2 - Check Pathnames

CANNOT READ: BLK 4195146384
CONTINUE? [Fyn?] y
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups
614222 files, 408012667 used, 76524122 free (3658 frags, 9565058
blocks, 0.0% fragmentation)

MARK FILE SYSTEM CLEAN? [Fyn?] y


* FILE SYSTEM WAS MODIFIED *


$ doas fsck -f /dev/sd0a
** /dev/rsd0a
** File system is already clean
** Last Mounted on /home/max/mnt
** Phase 1 - Check Blocks and Sizes

CANNOT READ: BLK 4236615424
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
** Phase 2 - Check Pathnames

CANNOT READ: BLK 3732315520
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:

CANNOT READ: BLK 4161885792
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:

CANNOT READ: BLK 4201995728
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:

CANNOT READ: BLK 4202008160
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:

CANNOT READ: BLK 4202013680
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
** Phase 3 - Check Connectivity
** Phase 4 - Check Reference Counts
** Phase 5 - Check Cyl groups

CANNOT READ: BLK 5011229824
CONTINUE? [Fyn?] y

THE FOLLOWING DISK SECTORS COULD NOT BE READ:
614222 files, 408012667 used, 76524122 free (3658 frags, 9565058
blocks, 0.0% fragmentation)

VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

[Andre Ruppert]

Hello @misc,

perhaps I'm stupid, but I don't see my fault in a vlan network 
configuration:


I got a OpenBSD 6.1 gateway box, connected to several switches.

On em0 I habe to serve two networks:
172.16.210.0  (direct em0 - no vlan)
172.16.211.0  (VLAN 211 tagged on em0)



On of my connections (em0) has a simple configuration on standard VLAN 1 
(untagged):


# ifconfig em0
em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> 
mtu 1500

lladdr a0:36:9f:36:49:e6
description: sbc-ect-lan-ext
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255

# cat /etc/hostname.em0
inet 172.16.210.3 255.255.255.0 172.16.210.255 description "sbc-ect-lan-ext"

--

This interface also is "CARPed":

# ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
index 8 priority 15 llprio 3
carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
groups: carp
status: backup
inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255

# cat /etc/hostname.carp0
inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass 
 advskew 100


(this gateway is the CARP slave (backup) of a pair of redundant gateways)

---

Next: I want to have a VLAN on this interface em0:
(the connected switch has a trunk configured this VLAN 210 (untagged) 
and VLAN 211 (tagged) - but I don't know if this information makes sense 
here)


# ifconfig vlan211
vlan211: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr a0:36:9f:36:49:e6
index 15 priority 0 llprio 3
vlan: 211 parent interface: em0
vnetid: 211
parent: em0
groups: vlan
status: active
inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255

# cat /etc/hostname.vlan211
inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0

--

corresponding routing table (excerpt):

 # netstat -nr
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio 
Iface

default172.16.0.15UGS1  191 - 8

...
...

172.16.210/24  172.16.210.3   UCn1 1094 - 4 em0
172.16.210/24  172.16.210.1   Cn 00 -19 
carp0
172.16.210.1   00:00:5e:00:01:01  UHLl   0  153 - 1 
carp0

172.16.210.3   a0:36:9f:36:49:e6  UHLl   0  275 - 1 em0
172.16.210.10  00:08:25:22:50:e0  UHLc   0  158 - 3 em0
172.16.210.255 172.16.210.3   UHPb   00 - 1 em0
172.16.210.255 172.16.210.1   HPb00 - 1 
carp0
172.16.211/24  172.16.211.3   UCn0 1215 - 4 
vlan211
172.16.211.3   a0:36:9f:36:49:e6  UHLl   00 - 1 
vlan211
172.16.211.255 172.16.211.3   UHb00 - 1 
vlan211


-

My problem:

I am only able to ping myself (VLAN 211)  - end I _don't_ think it's a 
switch problem - because I get an "no route to host" error

# ping 172.16.211.3 # (my IP)
PING 172.16.211.3 (172.16.211.3): 56 data bytes
64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms
64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms
...
...stupid but working as expected...


# ping 172.16.211.2 # some other IP, same network
PING 172.16.211.2 (172.16.211.2): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 172.16.211.2 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 172.16.211.2 64 chars, ret=-1
ping: sendmsg: No route to host
...


The routing table then has added one new entry:

172.16.211/24  172.16.211.3   UCn1 1743 - 4 
vlan211
172.16.211.2   link#15UHLc   0 1684 - 3 
vlan211  !
172.16.211.3   a0:36:9f:36:49:e6  UHLl   0   18 - 1 
vlan211
172.16.211.255 172.16.211.3   UHb00 - 1 
vlan211



I'm clueless and don't know how to investigate further...

In my pf.conf I tried to "temporarly annihilate" the rules on the em0 
interface ("set skip on em0"), but that didn't help


Any hints?

head-scratching regards

Andre Ruppert



smime.p7s
Description: S/MIME Cryptographic Signature

Guess what today is

[STeve Andre']

Happy birthday to OpenBSD--22 years old!

Re: A stupid question, re: xargs(1)

[Andre Smagin]

On Fri, 13 Oct 2017 18:03:59 -0400
Raul Miller <rauldmil...@gmail.com> wrote:

> "Because then you don't need xargs, normal tooling seperates each line
> into a seperate argv entry regardless of other spacing."
> 
> If there's some existing way (portable or not) to build this kind of
> argv in a shell script - using newline separation and nothing else - I
> would really appreciate another hint.

I wish you would have given an exact problem you are having
difficulties with...

I've been using

ls | while read i; do echo "$i"; done
or
cat /tmp/tmp_file | while read i; do echo "$i"; done

type of constructs for years and have never even needed xargs...

--
Andre

Trying to burn a 4.5G dvd

[STeve Andre']

Doing my usual

   growisofs -dvd-compat -Z /dev/rcd0c=image.iso

results in the error

mkisofs: Value too large to be stored in data type. File 
4P4WFA00_W10x64ROW_proDL.iso is too large for current mkisofs settings - 
ignoring


So far I do not see what needs to be changed in order to do this and a 
scan of marc.info and faq aren't helping.


Clues?  I'm pinched for time.  Thanks...

--STeve Andre'

Re: Limits on OBSD amd64

[STeve Andre']

On 05/26/17 10:28, Stuart Henderson wrote:

On 2017-05-26, Friedrich Locke <friedrich.lo...@gmail.com> wrote:

Hi folks,

i wonder what is the maximum file system size OBSD supports using different
file systems like FFS


afaik, this is 1TB


FFS2


"as much as you have RAM to fsck"...


and ZFS ?


0 bytes.





On a 10T disk I created an 8T file with dd=/dev/zero of=bff.  I didn't
test it, but saw that I had the correct amount of space left.

--STeve Andre'

Re: list all system users, eg. _x11

[STeve Andre']

On 05/06/17 14:27, Luke Small wrote:

Is there a way to determine all users on a system that the users command
doesn't seem to show? like _x11 and _ntpd


What's a user?

Maybe you want to look at /etc/passwd.  The first four lines are

root:*:0:0:Charlie &:/root:/bin/ksh
daemon:*:1:1:The devil himself:/root:/sbin/nologin
operator:*:2:5:System &:/operator:/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin

You can parse that with awk and do stuff.  Read about passwd(5) to
understand the format.  A login shell of /sbin/nologin means
it isn't interactive.  That might get you started?

--STeve Andre'

Re: OpenBSD 6.1: relayd does not start more than 3 processes

[Andre Ruppert]

Hm, I got a relayd-problem with a similar config.

100% CPU load nearly all 10 days with 5.9,
same behavior all 3-4 weeks with 6.0.

Wrong-ordered relayd.conf too.

looks like this when running in trouble:

_relayd  33851 100.0  0.1  2004  4496 ??  Rp15Apr17  3363:59.52 
relayd: relay (relayd)
_relayd  94800  0.0  0.1  2208  4720 ??  Sp15Apr171:01.44 
relayd: relay (relayd)
root 92841  0.0  0.1  1724  3996 ??  Is15Apr170:01.70 
/usr/sbin/relayd -v
_relayd  65955  0.0  0.1  1328  3436 ??  Sp15Apr170:11.41 
relayd: pfe (relayd)
_relayd  40687  0.0  0.1  1240  3264 ??  Sp15Apr170:28.04 
relayd: hce (relayd)
_relayd  75933  0.0  0.1  1220  3404 ??  Ip15Apr170:37.44 
relayd: ca (relayd)
_relayd  82476  0.0  0.1  1216  3304 ??  Ip15Apr170:35.52 
relayd: ca (relayd)


I just re-ordered my config.

No let's see if it still comes to trouble in the next weeks... ;-)

Andre

Am 05.05.17 um 16:05 schrieb Maxim Bourmistrov:


Hm, I tried this out - re-ordering the layout of the config.
You are, indeed, correct here.

Strange that this runs on 6.0.

Case closed.
Sorry for the noise.

Br





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Kernel panic on Dell R210 with OpenBSD 6.0 (relayd related ?)

[Andre Ruppert]

Hi,

Im running 6.0 amd64 on a pair of R210 with relayd, but these are R210 (II).

No kernel panics at all, and these systems are working in a live 
environment...


Regards
Andre



Am 02.05.17 um 15:03 schrieb Mathieu BLANC:

On Wed, Mar 29, 2017 at 02:06:23PM +0200, Mathieu BLANC wrote:

It also kernel panics with just this pf rules :
# cat pf_minimal.conf
set limit { states 10 }
set skip on lo
anchor "relayd/*"
pass



I upgraded the system to 6.1 release last week, the kernel panic is still here
(with the same logs).





smime.p7s
Description: S/MIME Cryptographic Signature

Re: Etnernal & infernal browser woes

[STeve Andre']

On 04/28/17 09:00, David Coppa wrote:

On Fri, Apr 28, 2017 at 2:18 PM, Jyri Hovila [iki.fi]
<jyri.hov...@iki.fi> wrote:

Dear everyone,



With the above disclaimer said, and still knowing the potential for a
war, I must say this: There is not much hope for OpenBSD to ever become
a desktop (or laptop) OS if the nightmarish sluggishness of ALL modern
web browsers can not be solved.


Have you properly configured your user?

What I usually do is:

1) be sure my user has the "staff" class:

# grep dcoppa /etc/master.passwd
dcoppa:***:1000:1000:staff:0:0:David Coppa:/home/dcoppa:/bin/ksh

2) I have this at the top of my ~/.profile:

---8<---

# bump limits
ulimit -S -d $(ulimit -H -d)
ulimit -S -n $(ulimit -H -n)
ulimit -S -p $(ulimit -H -p)
ulimit -S -s $(ulimit -H -s)

---8<---

With chromium or iridium it's not as bad as you have described.
Personally I use iridium on a daily basis.

Ciao!
David


I agree with David.  It's manageable.  I switched from Firefox to chrome 
some time ago, along with otter and Iridium--the three browser 
lifestyle.  Firefox causes my wife to snarl all too often, so it isn't 
the case that FF on Windows is so great.


Gone are the days of a 2G web browsing system, mostly.  I have a 32G 
thinkpad and make sure limits are ramped up to absurd limits.  Is is 
slower?  Sure, but I'll take that over a faster, diseased system any

time.  OpenBSD will improve.  Windows will not.

--STeve Andre'

Re: Load average changed in 6.1?

[STeve Andre']

On 04/24/17 04:42, Christoph Borsbach wrote:

Hello everyone,
first off: I know that the topic of "load" has been discussed numerous 
times, and been a topic on undeadly [1]. I know that this number is not 
that important.


However:
After upgrading 3 of my systems to 6.1 (from 6.0) I noticed the load 
average (15min value) has gone up by roughly 1.0, both in the output of 
daily(8) over some days now and when checking manually with w, top, or 
uptime.

The systems in question differ a bit:
- amd64 MP (KVM-Guest, dmesg [2], load-example [3])
- amd64 SP (VMware Guest, dmesg and examples not handy right now)
- i386 SP (Alix, dmesg [4], load examples [5])

All were upgraded last week with bsd.rd to 6.1-RELEASE. The systems 
perform as well as ever and nothing was changed aside from upgrading 
system and packages. I'm just interested what could change the behavior. 
A quick check of src/sys/uvm/uvm_meter.c does not show me any changes 
recently.


Has anybody observed this as well and has an explanation for this?

Thanks,
Christoph


Christoph,

What has changed 6.0 - 6.1 is the entire operating system.  uvm_meter.c
may not have changed but the other sub-systems have, which effects
the way things works.  It's the same with playing mp3's and you get 
stutter (or not) when disk I/O or other things are in play.


Any OS is a city; largely invisible to us, interactions go on that can 
have ripple effects in how things work.  The concept of a load average

is nebulous at best.  You can spike the system averages any number of
ways so using it to determine how busy the system is at any point in
time is not great.  Better to see how fast the system delivers web pages 
or files, or ...


Perhaps the uptime / w documentation should explicitly say that 
comparing load avs on different versions is a bit like comparing apples 
to spark plugs.


--STeve Andre'

Re: GUI desktop autologin options

[Andre Smagin]

On Tue, 18 Apr 2017 20:44:05 -0700
"Sha'ul"  wrote:

> I'm trying to figure how setup an auto login from boot to some kind of GUI
> desktop interface. What are my options? I'm not interested in Gnome 3, but
> I will use anything else like Lumina, KDE, XFCE, etc. as long as it can
> load straight into desktop environment when I turn on computer. Which
> ones, besides Gnome 3, support autologin?

Just add to /etc/X11/xenodm/xenodm-config

DisplayManager.*.autoLogin: your_user_name

enable xenodm in /etc/rc.conf.local with

xenodm_flags=

and add the startup command for your window manager to ~/.xsession

If I remember correctly, it's something like
xfce4-session || startkde || gnome-session || xterm
to start those DEs. Other window managers are more straightforward and
usually use their name as the main executable.

Re: Please: Is there ANY chance that Linux binaries might run again???

[Andre Ruppert]

Softmaker doesn't support any of the BSDs - they've done it years ago
for FreeBSD but the customer's interest was too little.

Am 07.03.17 um 23:52 schrieb Damian McGuckin:
> On Tue, 7 Mar 2017, Stefan Wollny wrote:
>
>> Yes - I will (again) contact SoftMaker trying to persuade them to
>> provide an OpenBSD-version of their office suite. But they seem to have
>> none with some decent Unix/OpenBSD-knowledge, just Linux. Sigh...
>
> I would buy SoftMaker on OpenBSD.




Andre Ruppert

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Can't install -current on a Dell precision t3500

[STeve Andre']

   I'm puzzled and am asking for help.  I'm attempting to install
the -current snapshot (feb 12) on a Dell precision t3500.  The
install formats a 6T disk very quickly, like in 25 seconds.  Hmm.

   After installing the tar files, installboot fails with a
"Bad magic number in superblock".  If I mount the a partition I
see real data.  Changing to a 160G disk everything works & boots,
but not with the 6T disk.

   The t3500 is a sata 2 machine, as is the 160G disk. The 6T disk
is sata 3, but since I see the OS written to the 6T disk it's been
written out OK so thats not it.  I'm missing something with regards
the size of the disk?   Probably I'm forgetting to include something
relevant but I've been dealing with this last night and am tired.
Clues?

Thanks to all -- STeve Andre'

dmesg
OpenBSD 6.0-current (RAMDISK_CD) #164: Sun Feb 12 14:02:22 MST 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
RTC BIOS diagnostic error 11
real mem = 12865998848 (12269MB)
avail mem = 12472324096 (11894MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf0450 (77 entries)
bios0: vendor Dell Inc. version "A17" date 05/28/2013
bios0: Dell Inc. Precision WorkStation T3500
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET TCPA  SLIC SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU W3680 @ 3.33GHz, .73 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,SENSOR,ARAT

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 731530 Hz
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (PCI1)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus 3 (PCI3)
acpiprt3 at acpi0: bus 4 (PCI4)
acpiprt4 at acpi0: bus 5 (PCI5)
acpiprt5 at acpi0: bus 6 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"PNP0C0C" at acpi0 not configured
"*pnp0c14" at acpi0 not configured
"PNP0401" at acpi0 not configured
"PNP0501" at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel X58 Host" rev 0x22
ppb0 at pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x22: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x22: msi
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 "ATI FirePro V4800" rev 0x00
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
"ATI Radeon HD 5600 Audio" rev 0x00 at pci2 dev 0 function 1 not configured
ppb2 at pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x22: msi
pci3 at ppb2 bus 3
"Intel X58 Misc" rev 0x22 at pci0 dev 20 function 0 not configured
"Intel X58 GPIO" rev 0x22 at pci0 dev 20 function 1 not configured
"Intel X58 RAS" rev 0x22 at pci0 dev 20 function 2 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 17
uhci2 at pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22
ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 22
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 
2.00/1.00 addr 1ppb3 at pci0 dev 28 function 0 "Intel 82801JI PCIE" rev 
0x00: msi

pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 5 "Intel 82801JI PCIE" rev 0x00
pci5 at ppb4 bus 5
bge0 at pci5 dev 0 function 0 "Broadcom BCM5761" rev 0x10, BCM5761 A1 
(0x5761100): msi, address b8:ac:6f:96:76:63

brgphy0 at bge0 phy 1: BCM5761 10/100/1000baseT PHY, rev. 0
uhci3 at pci0 dev 29 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 23
uhci4 at pci0 dev 29 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 17
uhci5 at pci0 dev 29 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 
2.00/1.00 addr 1

ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x90
pci6 at ppb5 bus 6
"Intel 82801JIR LPC" rev 0x00 at pci0 dev 31 function 0 not configured
ahci0 at pci0 dev 31 function 2 "Intel 82801JI AHCI" rev 0x00:

Re: OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest

[Andre Ruppert]

Hello again,

Date: 17.11.16 time: 18:32 - Christer Solskogen wrote:

> Try use bridge mode instead of NAT. I had the exact same problem on
> Windows 10 as a host.
>
> --
> chs
>

...that hit the point.

Tested on Mac OS and Win10 as host - same solution.

Thank You!

My former tested bridged-setup failed due to stupidity of myself...

But what I yet not know: what's the reason for this kind of error ... 
but that's maybe a academical question ;-)


regards
Andre

OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest

[Andre Ruppert]

Hello to the list,

this morning I stumbled about a "pkg_add" problem when running OpenBSD
6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which
host platform (I tried Mac OS Sierra and Windows 10 and 7).

Virtualbox settings:
5GB hardisk
512 MB RAM
tested two network card settings: virtio-net and Intel 1000 Pro desktop
tested NATed and bridged settings.

Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016

for example: (used a local mirror)

# pkg_add wget
quirks-2.241 signed on 2016-07-26T16:56:10Z
wget-1.18:libunistring-0.9.6p0: ok
Fatal error: Ustar
[http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t
gz][share/emacs/site-lisp/idna.el]:
Premature end of archive
Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from
DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Fatal error: Installation of libidn-1.32p1 failed, partial installation
recorded as partial-libidn-1.32p1
  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.

-- doesn't depend on mirror
-- doesn't depend on guest RAM settings
-- doesn't depend on guest network card settings
-- doesn't depend on acceleration settings in Virtualbox (well, I think
so...)

...and a little bit strange:
_sometimes_ pkg_add works with small packages:


example 2a (same as ex 1):

# pkg_add ipcalc
quirks-2.241 signed on 2016-07-26T16:56:10Z
Fatal error: Ustar
[http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg
z][bin/ipcalc]:
Premature end of archive
Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from
Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to
47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=
Fatal error: Installation of ipcalc-1.4p0 failed, partial installation
recorded as partial-ipcalc-1.4p0
  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817.


example 2b:

# rm -R /var/db/pk/partial-*
# pkg_add ipcalc
quirks-2.241 signed on 2016-07-26T16:56:10Z
ipcalc-1.4p0: ok



Building packages from ports works fine (apparently)


Any hints to look further?
Anyone who had similar problems?

Every hint is welcome, I'm clueless... ;-)

best regards
Andre Ruppert

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Laptop Recommendations?

[STeve Andre']

On 11/10/16 00:47, Nathan Koch wrote:

Greetings Fair BSD Wizards,
I am new to the lists. I am currently shopping for a new Xmas present for 
myself and am looking for a laptop that's portable and lightweight. Preferably 
fast, cheap (close to free),  light, and secure. If you have any 
recommendations before the stormy winter hits the prairies please let me know.

Thank you.
Nate


Sailing the South Saskatchewan.




I have used ThinkPads with great success:

 - T60p: everything worked

 - W500: everything worked

 - W541: camera and SDHC cards wern't working last time I checked,
   which was a while ago.  Everything else is fine.  Well, maybe
   the docking adaptor is still problematic.

 - A31p: which is now long obsolete, but it worked well.

W500's can be had on ebay in the $280 class range, then add extra mem
and a large disk, etc.

--STeve Andre

Re: Dell R930 server

[STeve Andre']

On 11/06/16 20:35, Philip Guenther wrote:

On Sun, Nov 6, 2016 at 4:42 PM, Friedrich Locke
<friedrich.lo...@gmail.com> wrote:
...

Does OBSD "see" all the 96*128G memory available ?


We only allocate a single PML4 slot for the direct map on amd64, so
it's currently limited to seeing 2^39 == 512GB.

To expand that, the size and base-slot/address of the direct map
really need to be made variable, based on the number of physical
address bits supported by the CPU (as found by CPUID), preferably then
clamped by the range of the actual memory installed, and then set up
in locore.S and pmap.c


Philip Guenther




Thanks for the explanation of the memory limit.  I'm not needing a
system with more than 512G yet, but how much of a project would it
be to dynamically expand to whatever?

--STeve Andre'

Happy Birthday

[STeve Andre']

Happy Birthday to OpenBSD.

Hey, it's 21.  It can drink in Michigan now!

Re: i386 or amd64?

[STeve Andre']

On 09/20/16 19:38, Jeff Ross wrote:

Hi all,

I've had a server with corenetworks for quite a few years now but after
changes at corenetworks (their recent name change after acquisition by
another company, no current servers available, no communication about
the change of ownership with existing customers and an email exchange
with sales@), I've decided it is best jump ship now rather than wait for
a hard and possibly immediate deadline.

I've just rented a server with 8GB of ram from m5hosting (based in large
part from the many recommendations I read while searching misc@ on
marc.info).  Now the question is: i386 which is what I've always run on
my 2 GB ram server, or amd64? http://www.openbsd.org/amd64.html and
http://www.openbsd.org/i386.html are curiously silent on the amount of
ram that can be accessed.  If I have 8GB, I for sure want to use it all.

I know there was a time when i386 was limited to the amount of ram it
can access (32 bit) but now amd64 has this caveat: "(Some Intel
processors lack support for important PAE NX bit, which means those
machines will run without any W^X support -- it is thus safer to run
those machines in i386 mode)."  How does this fit with the recent work
in 6.0+?  How can I tell if the Xeon 3220 processor has the PAE NX bit?
I see nothing in the tech sheet about PAE NX.
http://ark.intel.com/products/28034/Intel-Xeon-Processor-X3220-8M-Cache-2_40-GHz-1066-MHz-FSB


I have a little less than 2 weeks to make the transition so not a lot of
time for install and try.

Thanks in advance for any suggestions--dmesgs supplied once I get access.

Jeff Ross

Open Vistas Networking




AMD64.  There isn't a real future in 32-bit stuff.  I have some great
old Dells ("white optiplex") that I'll eventually get rid of but have
kept because of their quality.  But they do have the 3G problem.  So
look forwards at 65-bit.  I don't think you'll look back.

--STeve Andre'

Re: Building OpenBSD 6.0 -stable - Error

[STeve Andre']

On 09/03/16 11:32, Harald Dunkel wrote:

On 09/03/16 12:40, Ted Unangst wrote:

Teno Deuter wrote:

installed a fresh 6.0 AMD64 and tried to build 'stable' from source.

Here is what I did as 'root' (as described in:
http://www.openbsd.org/stable.html):

export CVSROOT=anon...@anoncvs1.ca.openbsd.org:/cvs
cd /usr; cvs checkout -P -rOPENBSD_6_0 src

there's some repo surgery in progress. it should be fixed eventually.


What exactly does this mean?



It means that something went wrong, and steps were being taken

to fix it.  Not very often, cvs has problems and getting good copies

of stuff doesn't work.  This is always noticed and repaired fairly quickly.


Also, if a repository is down, people have noticed it and are working

on it, so messages to @misc such as "I can't update from xxx" are

somewhat useless.


The ecosystem for distributing software is not perfect.  When you find

a problem, wait, and try again.  Repeat if needed.


--STeve Andre'

Strange problem with symlink usage in apache2 / wordpress-4.5.3

[STeve Andre']

   I write this having solved the problem I was having, but I

feel weird about my solution for it.


This is an amd64 -current system compiled on Aug 8th, with

packages from Aug 9th.  An Optiplex 745 at 2.4GHz, 8G ram

using the stock GENERIC kernel.  A vanilla system for Wordpress 4.53

using PHP-5.6.23 and Maria 10.0.26v1 with apache 2.4.23.

/etc/login.conf had limits raised to infinity.  The system was updated

just before the wx changes.


Under a light load Wordpress worked as expected.  But every

once in a while, an ah00037 ( Symbolic link not allowed or link target

not accessible) error popped up.  The client would see a page not

accessible message.  Under a heavy load of wget scripts the error was

just about constant.  Going back in the browser would get things

working after a page denial, at least for a bit.  Pages that once worked

came up with the error often.  After a period of time pages would generally

not work at all.  The fix to get apache working again was to restart it, but

lots of wget scripts would ramp the problem up again.


My "fix" was to get rid of the symlink of /var/www/htdocs to /u, and

making /var/www/htdocs the main code area.  In a 4 hour test with

multiple wget scripts, it served about 113,000 pages without error,

about 8 per second.  After that test I was convinced the "fix" worked.


But why?  The basic apache/system setup was correct I pretty sure,
or wordpress would have never worked.  The problem seems like it's
load related.

If anyone can say "idiot--you forgot N Q and Z" I'd like top hear it,

but I think I have found a bug either in Apache or OpenBSD.


Ideas on the best way to test symlinks?  I haven't found any comments

on a symlink problem in apache or wrodpress.  All the ah00037 comments

talk of stuff I already verified.


I'm certainly willing to do more work on this--I'd appreciate any ideas

on what to test.  I've never seen an error like this before... Right now

I feel uncomfortably dumb.


Thanks for ideas...   --STeve Andre'

Re: Recent package archives?

[STeve Andre']

On 08/21/16 17:29, Stuart Henderson wrote:

On 2016-08-21, STeve Andre' <and...@msu.edu> wrote:

 Does anyone have archives of recent amd64 snapshot packages?

I blew my aug-09 set away and I'd like libreoffice back.  Anyone?

(And yes, I know it's always a gamble to mismatch packages and the OS)


Thanks, STeve Andre'



The last snapshot package built for libreoffice is against old X
libraries so if you run them you get symbol conflicts (old package
wanting libfreetype.so.25.0 but *also* pulling in X libraries linked
against libfreetype.so.26.0).

libreoffice builds from ports are currently failing due to W^X enforcement
("uno.bin(39666): mprotect W^X violation" when running code which is produced
during the build as part of the build).  I'm hoping that the recently
committed change to ports gcc will let us work around this for now (I'll
be testing this shortly) and then once we've got a working build of libreoffice
again it will hopefully be simpler to track down the libreoffice code that
currently needs W+X mappings - we can set kern.wxabort=1 sysctl and
get some kind of coredump.



Thanks Stuart.  I figured that was the general problem.

--STeve Andre'

Re: Recent package archives?

[STeve Andre']

On 08/21/16 01:01, bytevolc...@safe-mail.net wrote:

STeve Andre' wrote:

Does anyone have archives of recent amd64 snapshot packages?

I blew my aug-09 set away and I'd like libreoffice back. Anyone?

(And yes, I know it's always a gamble to mismatch packages and the OS)


Thanks, STeve Andre'

You won't get it from the original *.openbsd.org mirrors but try it 
from the other mirrors; sometimes they have versions back to the good 
old days.



Heh.   I've been trawling the list of mirrors on the download page, and I'm

impressed--the oldest I've yet seen is the 18th.  I'd say that the 
mirrors are


more up to date than 5+ years ago.  I'm mostly done trawling, hence this 
query.



--STeve Andre'

Recent package archives?

[STeve Andre']

   Does anyone have archives of recent amd64 snapshot packages?

I blew my aug-09 set away and I'd like libreoffice back.  Anyone?

(And yes, I know it's always a gamble to mismatch packages and the OS)


Thanks, STeve Andre'

Re: problem trying to import a 3.4m database with phpmyadmin

[STeve Andre']

Well guess what--I fixed it.

In /etc/php5-6.ini, a semi-colon is used for comment lines.
I used a colon.

It misparses things when you do that.  Silently.

I need to clean my eyeballs now...

Sorry for the noise, but at least you can remember this.
(reason 416 to not be crazy about php...)

--STeve Andre'

On 08/15/16 05:41, STeve Andre' wrote:

   This is on an amd64 -current system updated/compiled as of

Aug 8 7am; using the 8/13 packages.


I'm trying to use phpMyAdmin to import a database into maria.

in /etc/php-5.6ini I've set memory_limit to 256m, post_max_size

to 16m and upload_max_filesize to 8m.


The db I'm trying to import is 3.4m.  Under import in phpmyadmin

it says (max 2,048k) for importing, hence my doing what php faq

1.16 said about the above three params in php.ini.


Now I notice that suhosin says in /var/log/messages

 ALERT - script tried to disable memory_limit by setting it to a 
negative value -1 bytes which is not allowed (attacker '10.0.0.5', 
file '/u/php/www/import.php', line 296)



So, I am wondering how suhosin is seeing this, and how one gets

phpmyadmin to deal with > 2M files.  That is always says 2,048K

says I'm not changing things correctly?  I've restarted apache and

even rebooted but I always get the 2M max notice.


Any ideas?  I'm pressed for time on this, sigh.  Pointers would be

much appreciated.


--STeve Andre'

problem trying to import a 3.4m database with phpmyadmin

[STeve Andre']

   This is on an amd64 -current system updated/compiled as of

Aug 8 7am; using the 8/13 packages.


I'm trying to use phpMyAdmin to import a database into maria.

in /etc/php-5.6ini I've set memory_limit to 256m, post_max_size

to 16m and upload_max_filesize to 8m.


The db I'm trying to import is 3.4m.  Under import in phpmyadmin

it says (max 2,048k) for importing, hence my doing what php faq

1.16 said about the above three params in php.ini.


Now I notice that suhosin says in /var/log/messages

 ALERT - script tried to disable memory_limit by setting it to a 
negative value -1 bytes which is not allowed (attacker '10.0.0.5', file 
'/u/php/www/import.php', line 296)



So, I am wondering how suhosin is seeing this, and how one gets

phpmyadmin to deal with > 2M files.  That is always says 2,048K

says I'm not changing things correctly?  I've restarted apache and

even rebooted but I always get the 2M max notice.


Any ideas?  I'm pressed for time on this, sigh.  Pointers would be

much appreciated.


--STeve Andre'

Interesting error message from disk testing

[STeve Andre']

I am testing some new 8TB disks.  I've taken to doing

  dd if=/dev/zero of=/dev/rsd3c bs=64k

and

  dd if=/dev/rsd3c of=/dev/null bs=64k


as a first test.  It's depressing how often I've found problems

on big disks.  Today, the read test produced an error in the messages

file I've not seen before:

Jun 28 16:17:39 paladin /bsd: sd3(umass0:1:0): Check Condition (error 
0x70) on opcode 0x28

Jun 28 16:17:39 paladin /bsd: SENSE KEY: Aborted Command
Jun 28 16:17:39 paladin /bsd:  ASC/ASCQ: Information Unit iuCRC 
Error Detected



So it isn't a soft read error -- what is it?  It might be useful to

indicate where the error occurred? This is the second of three

disks to be tested.  It's connected to a Thermaltake USB 3.0

disk enclosure.


Thanks for any pointers.


--STeve Andre'

Re: Is it possible and not unadvisable to make /src with the -O3 option?...

[STeve Andre']

Go for it.  The beauty of open source is that you are free to
try things.   I would submit your first step of learning is how
to figure out where all the -O2's are.  You will learn a lot about
things if you really dig into the weird problems you will hit.
Probably you won't get much help here, but that shouldn't
stop you.  Hint: start reading about compilers.

--STeve Andre'

On 06/16/16 11:12, Luke Small wrote:

Eh, I run it on a VM. I could copy one and somehow locate all the -O2's and
replace them with -O3's in the files. I'd probably have to write a program
to do it, unless there are easy to find, centrally located ones?

On Thu, Jun 16, 2016 at 9:54 AM Janne Johansson <icepic...@gmail.com> wrote:


Do you have the skills to detect and handle if gcc miscompiles something
at -O3?
If not, then don't.

Noone else will help you getting a zomg-fast -O3 system working after a
slight miscompile gets a few bad instructions stuffed into some lib
somewhere, so if you break your system, you get to keep all the pieces.

Short version: "if you had to ask, then the answer was no".


2016-06-16 15:42 GMT+02:00 Luke Small <lukensm...@gmail.com>:


--
May the most significant bit of your life be positive.

OpenBSD on a Chuwi hi12 tablet - dmesg

[Andre Smagin]

Hello.

Occasionally it is asked if OpenBSD can run on a tablet, so I wanted
to share a dmesg showing what it looks like on one.
It is a dual-boot (Windows 10 and Android), Chinese designed and made
Chuwi Hi12 tablet with attachable keyboard:

http://en.chuwi.com/product/items/Chuwi-Hi12.html

(Very affordable tablet considering the screen size and resolution,
pretty happy with it, even though it has some rough edges and bugs.)

I installed OpenBSD on a usb flash drive and can boot it from there.
It is mostly a "not configured" galore, no X, net, or audio, but
dockable keyboard works.

dmesg, usbdevs, and pcidump:

OpenBSD 6.0-beta (GENERIC.MP) #2165: Thu Jun  2 08:37:59 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 3f
real mem = 4179439616 (3985MB)
avail mem = 4048146432 (3860MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b76e000 (51 entries)
bios0: vendor American Megatrends Inc. version "5.11" date 04/28/2016
bios0: Default string Default string
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MSDM MCFG SSDT SSDT SSDT UEFI SSDT HPET 
SSDT SSDT SSDT LPIT BCFG PRAM CSRT BCFG OEM0 OEM1 PIDV RSCI WDAT
acpi0: wakeup devices XHC1(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1440.29 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 79MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpicpu0 at acpi0
C2: state 6: substate 8 >= num 3
C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0
C2: state 6: substate 8 >= num 3
C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0
C2: state 6: substate 8 >= num 3
C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0
C2: state 6: substate 8 >= num 3
C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: ID3C, resource for ISP3
acpipwrres1 at acpi0: WWPR, resource for HS03, MDM1
acpipwrres2 at acpi0: WWPR, resource for HS13, MDM1
acpipwrres3 at acpi0: WWPR, resource for SSC1, MDM3
acpipwrres4 at acpi0: WWPR, resource for SSCW, MDM3
acpipwrres5 at acpi0: WWPR, resource for HSC1, MDM2
acpipwrres6 at acpi0: WWPR, resource for HSC3, MDM4
acpipwrres7 at acpi0: CLK2, resource for CAM7, CAM3
acpipwrres8 at acpi0: CLK4, resource for CAM4, CAM8
acpipwrres9 at acpi0: CLK3, resource for RTEK, ESSX, RTK1
acpipwrres10 at acpi0: CLK4
acpipwrres11 at acpi0: CLK2
acpipwrres12 at acpi0: CLK1
acpipwrres13 at acpi0: CLK0
acpipwrres14 at acpi0: CLK1
acpipwrres15 at acpi0: CLK5
acpipwrres16 at acpi0: USBC, resource for XHC1, OTG1
acpipwrres17 at acpi0: P28X
acpipwrres18 at 

Mod_rewrite.so use

[STeve Andre']

Sorry not my usual mail program

Sent with AquaMail for Android
http://www.aqua-mail.com


--- Forwarded message ---
From: STeve Andre' <and...@msu.edu>
Date: May 17, 2016 4:16:13 PM
Subject: Mod_rewrite.so use

I am creating a Web server using apache2. For the moment I need to
use it.

To enable mod_rewrite.so you simply uncomment it in httpd2.conf and
restart apache, correct?  I haven't used a2 before.

This is a -current system with amd64 packages of may 15.  Verifying that
what I think is correct.  This is using WordPress 4.5.2. Cough...

Thanks for any clue bats.

STeve Andre'

Sent with AquaMail for Android
http://www.aqua-mail.com

Re: support new

[STeve Andre']

On 02/09/16 07:41, Ingo Schwarze wrote:

Hi,

William Mimart wrote on Mon, Feb 08, 2016 at 08:36:59PM +0100:


0
C FRANCE
P Normandie
T Rouen
Z 76000
O mimart.info

Sorry, but this doesn't make any sense to me.
This entry wouldn't be related to OpenBSD at all.

It seems to be something about kittens...

Consequently, entry not added.

Yours,
   Ingo


Perhaps they can assist with kitten cake?




I William Mimart
A 63 rue des Hallettes
M will...@mimart.info
B +33 6 86 11 19 43
N Almost 30 years of experience in Unix systems including more than 10 on
OpenBSD with a specialty in firewalls.
Consulting, installation, maintenance, formation and support.
Presque 30 ans d'exprience dans les systmes Unix dont plus
de 10 sur OpenBSD avec une spcialit?? dans les pare-feu.
Consulting, installation, maintenance, training and support.

Re: Pledge problem in tsort?

[STeve Andre']

On 01/09/16 07:46, Sebastien Marie wrote:

On Sat, Jan 09, 2016 at 03:40:08AM -0500, STeve Andre' wrote:

I got the following error below after updating my tree about 02:42 am
Jan 9 EST.  Amd64 -current.

I don't see anything special the the -current update faq.

Are others seeing this?

--STeve Andre'

[...]

tsort: pledge: Invalid argument
cc: no input files


Well, maybe we should document that in -current update faq.

Several things occurs at near same time:
   - tsort was using the 2nd argument of pledge(2) : it has been
 corrected in tsort.c rev 1.35 (3 days old)
   
   - for preparing 5.9 release, we turn off this specific argument in rev

 1.143 of sys/kern/kern_pledge.c (2 days old)

So your "old" tsort (which use whitepaths in pledge) is incompatible
with the "new" kernel you just compiled and booted (as it don't allow using
whitepaths in pledge). And as tsort is used during building... "paf".

You should be able to recompile and reinstall tsort, before rerun your
make build.

Something like:
cd /usr/src/usr.bin/tsort && make clean && make obj && make depend && make && 
doas make install

Thanks.

Yes, my pea brain figured this out just about the time that Theo said
to do this.  It worked.Thanks to all..

--STeve Andre'

Pledge problem in tsort?

[STeve Andre']

I got the following error below after updating my tree about 02:42 am
Jan 9 EST.  Amd64 -current.

I don't see anything special the the -current update faq.

Are others seeing this?

--STeve Andre'


building shared crypto library (version 37.0)
cc -shared -fpic -o libcrypto.so.37.0  `lorder cryptlib.so 
malloc-wrapper.so mem_dbg.so cversion.so ex_data.so cpt_err.so o_time.so 
o_str.so o_init.so mem_clr.so aes_misc.so aes_ecb.so aes_cfb.so 
aes_ofb.so aes_ctr.so aes_ige.so aes_wrap.so a_object.so a_bitstr.so 
a_time.so a_int.so a_octet.so a_print.so a_type.so a_dup.so a_d2i_fp.so 
a_i2d_fp.so a_enum.so a_utf8.so a_sign.so a_digest.so a_verify.so 
a_mbstr.so a_strex.so x_algor.so x_val.so x_pubkey.so x_sig.so x_req.so 
x_attrib.so x_bignum.so x_long.so x_name.so x_x509.so x_x509a.so 
x_crl.so x_info.so x_spki.so nsseq.so x_nx509.so d2i_pu.so d2i_pr.so 
i2d_pu.so i2d_pr.so t_req.so t_x509.so t_x509a.so t_crl.so t_pkey.so 
t_spki.so t_bitst.so tasn_new.so tasn_fre.so tasn_enc.so tasn_dec.so 
tasn_utl.so tasn_typ.so tasn_prn.so ameth_lib.so f_int.so f_string.so 
n_pkey.so f_enum.so x_pkey.so a_bool.so x_exten.so bio_asn1.so 
bio_ndef.so asn_mime.so asn1_gen.so asn1_par.so asn1_lib.so asn1_err.so 
a_bytes.so a_strnid.so evp_asn1.so asn_pack.so p5_pbe.so p5_pbev2.so 
p8_pkey.so asn_moid.so a_set.so a_time_tm.so bf_skey.so bf_ecb.so 
bf_cfb64.so bf_ofb64.so bio_lib.so bio_cb.so bio_err.so bss_mem.so 
bss_null.so bss_fd.so bss_file.so bss_sock.so bss_conn.so bf_null.so 
bf_buff.so b_print.so b_dump.so b_posix.so b_sock.so bss_acpt.so 
bf_nbio.so bss_log.so bss_bio.so bss_dgram.so bn_add.so bn_div.so 
bn_exp.so bn_lib.so bn_ctx.so bn_mul.so bn_mod.so bn_print.so bn_rand.so 
bn_shift.so bn_word.so bn_blind.so bn_kron.so bn_sqrt.so bn_gcd.so 
bn_prime.so bn_err.so bn_sqr.so bn_recp.so bn_mont.so bn_mpi.so 
bn_exp2.so bn_gf2m.so bn_nist.so bn_depr.so bn_const.so bn_x931p.so 
buffer.so buf_err.so buf_str.so cmll_cfb.so cmll_ctr.so cmll_ecb.so 
cmll_ofb.so c_skey.so c_ecb.so c_enc.so c_cfb64.so c_ofb64.so chacha.so 
cmac.so cm_ameth.so cm_pmeth.so comp_lib.so comp_err.so c_rle.so 
c_zlib.so conf_err.so conf_lib.so conf_api.so conf_def.so conf_mod.so 
conf_mall.so conf_sap.so cbc_cksm.so cbc_enc.so cfb64enc.so cfb_enc.so 
ecb3_enc.so ecb_enc.so enc_read.so enc_writ.so fcrypt.so ofb64enc.so 
ofb_enc.so pcbc_enc.so qud_cksm.so rand_key.so set_key.so xcbc_enc.so 
str2key.so cfb64ede.so ofb64ede.so ede_cbcm_enc.so dh_asn1.so dh_gen.so 
dh_key.so dh_lib.so dh_check.so dh_err.so dh_depr.so dh_ameth.so 
dh_pmeth.so dh_prn.so dsa_gen.so dsa_key.so dsa_lib.so dsa_asn1.so 
dsa_vrf.so dsa_sign.so dsa_err.so dsa_ossl.so dsa_depr.so dsa_ameth.so 
dsa_pmeth.so dsa_prn.so dso_dlfcn.so dso_err.so dso_lib.so dso_null.so 
dso_openssl.so ec_lib.so ecp_smpl.so ecp_mont.so ecp_nist.so ec_cvt.so 
ec_mult.so ec_err.so ec_curve.so ec_check.so ec_print.so ec_asn1.so 
ec_key.so ec2_smpl.so ec2_mult.so ec_ameth.so ec_pmeth.so eck_prn.so 
ecp_nistp224.so ecp_nistp256.so ecp_nistp521.so ecp_nistputil.so 
ecp_oct.so ec2_oct.so ec_oct.so ech_lib.so ech_key.so ech_err.so 
ecs_lib.so ecs_asn1.so ecs_ossl.so ecs_sign.so ecs_vrf.so ecs_err.so 
eng_err.so eng_lib.so eng_list.so eng_init.so eng_ctrl.so eng_table.so 
eng_pkey.so eng_fat.so eng_all.so tb_rsa.so tb_dsa.so tb_ecdsa.so 
tb_dh.so tb_ecdh.so tb_rand.so tb_store.so tb_cipher.so tb_digest.so 
tb_pkmeth.so tb_asnmth.so eng_openssl.so eng_cnf.so eng_dyn.so err.so 
err_all.so err_prn.so encode.so digest.so evp_enc.so evp_key.so e_des.so 
e_bf.so e_idea.so e_des3.so e_camellia.so e_rc4.so e_aes.so names.so 
e_xcbc_d.so e_rc2.so e_cast.so m_null.so m_md4.so m_md5.so m_sha1.so 
m_wp.so m_dss.so m_dss1.so m_ripemd.so m_ecdsa.so p_open.so p_seal.so 
p_sign.so p_verify.so p_lib.so p_enc.so p_dec.so bio_md.so bio_b64.so 
bio_enc.so evp_err.so e_null.so c_all.so evp_lib.so evp_pkey.so 
evp_pbe.so p5_crpt.so p5_crpt2.so e_old.so pmeth_lib.so pmeth_fn.so 
pmeth_gn.so m_sigver.so e_aes_cbc_hmac_sha1.so e_rc4_hmac_md5.so 
e_chacha.so evp_aead.so e_chacha20poly1305.so e_gost2814789.so 
m_gost2814789.so m_gostr341194.so m_streebog.so gost2814789.so 
gost89_keywrap.so gost89_params.so gost89imit_ameth.so 
gost89imit_pmeth.so gost_asn1.so gost_err.so gostr341001.so 
gostr341001_ameth.so gostr341001_key.so gostr341001_params.so 
gostr341001_pmeth.so gostr341194.so streebog.so hmac.so hm_ameth.so 
hm_pmeth.so i_cbc.so i_cfb64.so i_ofb64.so i_ecb.so i_skey.so 
krb5_asn.so lhash.so lh_stats.so md4_dgst.so md4_one.so md5_dgst.so 
md5_one.so cbc128.so ctr128.so cts128.so cfb128.so ofb128.so gcm128.so 
ccm128.so xts128.so o_names.so obj_dat.so obj_lib.so obj_err.so 
obj_xref.so ocsp_asn.so ocsp_ext.so ocsp_ht.so ocsp_lib.so ocsp_cl.so 
ocsp_srv.so ocsp_prn.so ocsp_vfy.so ocsp_err.so pem_sign.so pem_seal.so 
pem_info.so pem_lib.so pem_all.so pem_err.so pem_x509.so pem_xaux.so 
pem_oth.so pem_pk8.so pem_pkey.so pvkfmt.so p12_add.so p12_asn.so 
p12_attr.so p12_crpt.so p12_crt.so p12_decr.so p12_init.so p12_key.so 
p12_kiss.so

Re: dpb build box performance suggestions.

[Andre Smagin]

On Wed, 16 Dec 2015 23:15:29 +
Tati Chevron <chev...@swabsit.com> wrote:

> Really, have a look at the dependencies for ImageMagick, and ask yourself
> who really uses djvu, for example.  Removing it and ghostscript reduces
> the dependencies from:

Plenty of people read books in djvu format and use ImageMagick to work
with it. There are many old and valuable, but long out of print books
that were scanned and encoded to djvu format a decade or more ago.
Converting such books to pdf format using open source tools is usually
difficult without drastically reducing the quality or increasing the
file size two- or threefold. And when you do decide to convert, you
need the ImageMagick or similar software.

I am grateful to OpenBSD developers and porters for supporting various
seemingly obscure dependencies and software packages, even though they
may seem to be useless to the majority of the users.

--
Andre

Re: USB external floppy

[Andre Smagin]

On Sun, 13 Dec 2015 18:11:07 -0500
"Bryan C. Everly" <br...@bceassociates.com> wrote:

> Hi,
> 
> I'm wanting to create a boot floppy for a Vaxstation.  Could someone
> recommend a USB floppy that I could plug into my amd64 laptop that would
> allow me to create a boot floppy for a VAX?
> 
> Thanks,
> Bryan

Hi.

I don't know anything about VAXes, but I do use USB floppy drive often.
The drive I have is a bit flaky, equally so under OpenBSD and Windows,
and needs the disk to be ejected and reinserted, or the drive unplugged
and reconnected sometimes, but, generally speaking, it works. A bit slow
under OpenBSD when mounting and using FAT disks.

Sold by Amazon as "Nippon Labs" USB floppy drive: 

umass0 at uhub7 port 1 configuration 1 interface 0 "TEAC TEAC FD-05PUB" rev 
2.00/0.00 addr 2
umass0: using UFI over CBI with CCI
scsibus2 at umass0: 2 targets, initiator 0
sd3 at scsibus2 targ 1 lun 0: <TEAC, FD-05PUB, 3000> ATAPI 0/direct removable


Just tried dd'ing the vax image onto a disk using that drive:

$ time sudo dd if=/tmp/floppy58.fs  of=/dev/rsd3c bs=1m
1+1 records in
1+1 records out
1474560 bytes transferred in 51.998 secs (28358 bytes/sec)
0m53.58s real 0m00.00s user 0m00.01s system

--
Andre

Re: Is OpenSMTPD worthy of OpenBSD inclusion?

[STeve Andre']

You obviously never lived through the sendmail era.  The smtpd code is very
good.  Bugs happen, and how the creators of a program react to them is
what matters.  The qualsys results were promptly dealt with.

I don't think there is much to discuss other than diffs that further the 
project.

STeve Andre'


On October 5, 2015 12:47:18 PM EDT, "Jason A. Donenfeld" <ja...@zx2c4.com> 
wrote:
>Hi folks,
>
>Like many others, when I learned that OpenBSD was creating from
>scratch an SMTP daemon, I was thrilled. The OpenBSD name has for a
>long time been connected with security, stability, and reliability. I
>was excited to see an extremely easy to configure yet powerful SMTP
>daemon coming from such a venerable project as OpenBSD. Overtime,
>OpenSMTPD has replaced all other mail daemons for me, and I've been
>pleased to use another OpenBSD project as part of my critical
>infrastructure. Code from OpenBSD is code that the community has
>learned to trust, a reputation matched by few other projects.
>
>It has been, therefore, to my extreme dismay to discover in recent
>months the sheer number of critical security vulnerabilities - in some
>cases, remotely exploitable - in OpenSMTPD. Just this past week,
>Qualys has reported an impressive audit result [1], with a scary
>remote code execution vulnerability among others, and last night I
>discovered a remotely exploitable buffer overflow that was being
>triggered in the wild [2]. If you comb through the OpenSMTPD misc
>mailing list, you'll find scattered reports of other similar bugs --
>buffer overflows, remote denial of service vectors, and a host of
>other nasty glitches and security vulnerabilities -- and if you look
>at the CVS repository or git repository, you'll see other such goodies
>baked in there; most of them haven't been publicly revealed as
>security vulnerabilities and were not assigned CVEs, which is an
>irreverent point for most reasonably skilled malicious actors.
>
>The fact is, OpenSMTPD has suffered a disproportionately high number
>of security issues, especially for a daemon as important as it. It is
>not living up to OpenBSD's reputation, and it threatens the
>OpenBSD.org frontpage security claim. I do not any longer believe
>OpenSMTPD to be software that is trustable for use in critical
>infrastructure at this point in time.
>
>Personally, I am very attached to OpenSMTPD. I have contributed to its
>development in, what I think to be, significant ways, and I maintain
>both distribution packages for it (Gentoo), as well as my entire
>infrastructure, which is based on OpenSMTPD. I've "bet the farm" on
>the project, so to speak.
>
>But I think it's time we take a step back and reassess the situation.
>There are some critical questions that need to be answered. What
>accounts for the high proportion of security vulnerabilities in a
>project renowned for its brilliant developers and stringent review
>processes? Do the OpenSMTPD developers have time -- and have they
>displayed a presence of necessary free time -- to keep the project
>healthy and moving toward stability at an acceptable pace? Have the
>correct standards of releases been applied to the OpenSMTPD release
>process?
>
>And most importantly: should OpenSMTPD continue to be a part of the
>core OpenBSD project? Or should it rather spend some time maturing and
>securing commitments from developers for maintaining it in a
>consistent manner, before being accepted by such a reputable
>organization as OpenBSD?
>
>Finally, if OpenSMTPD does continue to exist as a part of core
>OpenBSD, I would strongly recommend some effort is organized to bring
>top quality code reviewers and auditors to the source code, in order
>to give the project the eyeballs it deserves. It would be a great
>boost in confidence for many who use - or hoped to someday use -
>OpenSMTPD to see that intelligent minds, capable of securing large
>codebases, have put their efforts into making it secure.
>
>I hope this can begin some discussion on the best way forward toward
>making OpenSMTPD a piece of infrastructure we can trust. My best
>wishes for the project.
>
>Regards,
>Jason
>
>
>[1] http://seclists.org/oss-sec/2015/q4/17
>[2] http://seclists.org/oss-sec/2015/q4/25

Re: carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart

[Andre Ruppert]

...I don't believe it...

I ssh'd all the time to the gateways and never had a look to the 
bootmessages


2x "ifconfig  invalid argument" was the hint at boot.

The fault (syntax typo?) was included in hostname.carp[0,1] -
"\" for a 2-liner didn't work... despite the usage of blanks only.

Crunched it to a 1-liner and all worked...

Seems that the parsing is different at booting?

Andre

Am 02.10.15 um 10:37 schrieb Andre Ruppert:

Hello @list,

perhaps I'm stupid but I've got a problem with two CARPed gateways
running  5.7-amd64 stable.

Hardware:
two supermicro-board machines with four network interfaces each (em0 ..
em3).

Networks:
LAN A : 172.16.210/24 via em0
LAN B : 172.16.0/24   via em1
direct connect for pfsync: 1.1.1.0/30 via em3


Gateway A setup --- (master) ---

hostname.em0:
"inet 172.16.210.2 255.255.255.0"

hostname.em1:
"inet 172.16.0.30 255.255.255.0"

hostname.em3
"inet 1.1.1.1 255.255.255.252 1.1.1.3"

hostname.carp0
"inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \
   carpdev em0 pass gwvoip01carppass advskew 0"

hostname.carp1
"inet 172.16.0.29  255.255.255.0 172.16.0.255 vhid 2 \
   carpdev em1 pass gwvoip01carppass advskew 0"

hostname.pfsync0
"up syncdev em3 syncpeer 1.1.1.2"

sysctl net.inet.carp ->
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=7  #debugging


Gateway B setup --- (backup) ---

hostname.em0:
"inet 172.16.210.3 255.255.255.0"

hostname.em1:
"inet 172.16.0.31 255.255.255.0"

hostname.em3
"inet 1.1.1.2 255.255.255.252 1.1.1.3"

hostname.carp0
"inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \
carpdev em0 pass gwvoip01carppass advskew 100"

hostname.carp1
"inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \
carpdev em1 pass gwvoip01carppass advskew 100"

hostname.pfsync0
"up syncdev em3 syncpeer 1.1.1.1"

sysctl net.inet.carp ->
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2


problem description --

(remark: failover-switching works on both machines in both directions)

If one of the machines reboots, the local carp-interfaces stuck in
"INIT" state. Same behavior on both systems.

The log (A) after reboot:
carp: carp0 demoted group carp by -1 to 162 (carpdev)
carp: carp1 demoted group carp by -1 to 161 (carpdev)
carp: pfsync0 demoted group carp by -1 to 32 (pfsync bulk done)
carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk done)
carp: pfsync0 demoted group carp by -32 to 0 (pfsync init)
carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init)

If the carp-interfaces are subsequently restartet via netstart command,
all works like a charm again...

The log (A) after "sh /etc/netstart [carp0,carp1]":
carp0: state transition: INIT -> BACKUP
state transition: BACKUP -> MASTER
state transition: INIT -> BACKUP
state transition: BACKUP -> MASTER

No PF-ruleset-problem!


resulting question -

what the heck is going on here? ;-)
alternative: what did I forgot to configure?

Thanks for reading...


Andre Ruppert

carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart

[Andre Ruppert]

Hello @list,

perhaps I'm stupid but I've got a problem with two CARPed gateways 
running  5.7-amd64 stable.


Hardware:
two supermicro-board machines with four network interfaces each (em0 .. 
em3).


Networks:
LAN A : 172.16.210/24 via em0
LAN B : 172.16.0/24   via em1
direct connect for pfsync: 1.1.1.0/30 via em3


Gateway A setup --- (master) ---

hostname.em0:
"inet 172.16.210.2 255.255.255.0"

hostname.em1:
"inet 172.16.0.30 255.255.255.0"

hostname.em3
"inet 1.1.1.1 255.255.255.252 1.1.1.3"

hostname.carp0
"inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \
  carpdev em0 pass gwvoip01carppass advskew 0"

hostname.carp1
"inet 172.16.0.29  255.255.255.0 172.16.0.255 vhid 2 \
  carpdev em1 pass gwvoip01carppass advskew 0"

hostname.pfsync0
"up syncdev em3 syncpeer 1.1.1.2"

sysctl net.inet.carp ->
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=7  #debugging


Gateway B setup --- (backup) ---

hostname.em0:
"inet 172.16.210.3 255.255.255.0"

hostname.em1:
"inet 172.16.0.31 255.255.255.0"

hostname.em3
"inet 1.1.1.2 255.255.255.252 1.1.1.3"

hostname.carp0
"inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \
carpdev em0 pass gwvoip01carppass advskew 100"

hostname.carp1
"inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \
carpdev em1 pass gwvoip01carppass advskew 100"

hostname.pfsync0
"up syncdev em3 syncpeer 1.1.1.1"

sysctl net.inet.carp ->
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2


problem description --

(remark: failover-switching works on both machines in both directions)

If one of the machines reboots, the local carp-interfaces stuck in 
"INIT" state. Same behavior on both systems.


The log (A) after reboot:
carp: carp0 demoted group carp by -1 to 162 (carpdev)
carp: carp1 demoted group carp by -1 to 161 (carpdev)
carp: pfsync0 demoted group carp by -1 to 32 (pfsync bulk done)
carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk done)
carp: pfsync0 demoted group carp by -32 to 0 (pfsync init)
carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init)

If the carp-interfaces are subsequently restartet via netstart command,
all works like a charm again...

The log (A) after "sh /etc/netstart [carp0,carp1]":
carp0: state transition: INIT -> BACKUP
state transition: BACKUP -> MASTER
state transition: INIT -> BACKUP
state transition: BACKUP -> MASTER

No PF-ruleset-problem!


resulting question -

what the heck is going on here? ;-)
alternative: what did I forgot to configure?

Thanks for reading...


Andre Ruppert

Package for taking a picture

[STeve Andre']

I'm looking in the ports tree for something to test a camera that shows up
as uvideo0.  It looks like

uvideo0 at uhub0 port 12 configuration 1 interface 0 
8SSC20F26960L1GZ52304E9 Integrated Camera rev 2.00/10.04 addr 4

video0 at uvideo0.

I'm sure I used something several years ago.  It's great that the ports 
tree has

gotten so big that you can't remember it all. ;-)

Something to take a pic and put it in a file would be OK.

--STeve Andre'

Re: hp laptop with nvidia - slow X11

[STeve Andre']

On 06/15/15 17:19, Riccardo Mottola wrote:

Hi,

for the same laptop for which I just posted a full dmesg about the
battery problem, which reports this video card:

vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8400M GS rev 0xa1

I get a super-slow X11. Dragging an xterm may take half a second, up to
the point where X11 looses track of the mouse move events. Scrolling
XTerm is unusably slwo too.

Using a larger editor like Emacs or Firefox... even worse. It looks
totally unacelercated.



[snip]

Sadly, Nvidia video cards are to be avoided.  I think it would be fair to
say that Nvidia is the most open-source hostile company out there.
Because of this there is no Nvidia specific driver in OpenBSD.  You are
using it in vga compatible mode.  Things work, but hardly with the
speed that it delivers on Windows.

There is a reverse engineered driver called nouveau.  Look at
https://en.wikipedia.org/wiki/Nouveau_(software) for more info.
While theoretically portable to OpenBSD, it involves work, and when
I looked at it a bit it was under constant change, such that a port
dated Monday might be outdated by Saturday.  I have a LOT of respect
for the people doing this.  It's hard.  I did a little hardware poking
on the 286, a long time ago.  It's isn't simple.   I also hope it was
written under a reasonable license.

Once nouveau stabilizes (I have no idea of its current state), someone
may get the interest to port it.  Maybe.  But as of right now, it ought
to be avoided.

--STeve Andre'

Major improvement in CPU temperatures for -current

[STeve Andre']

I just did a build of the world after seeing Philip Guenther's post on
better using C-states in ACPI for cooler CPU temperatures.

This is a *significant* improvement.  I'm using a new ThinkPad, a w541.
During my first world build I saw temperatures as high as 94C.  It did
not hit the fatal temperature to force a reboot but it was pretty hot.
This was at 3.3GHz.

After booting with the new kernel I wondered what the results would be.
Keeping track of hw.sensors.acpithinkpad0.temp3 on my older w500 would
typically be in the 86 - 92C range and then reboot if I was wasn't
careful.

This build the temperature was typically 78 - 80C, with one spike at
82C during the latter part of the xenocara build.  My script checked
every 17 seconds. I can say from this one test that there is a huge
difference--10C, at least!

The last time I saw such a significant change to OpenBSD was when
soft deps came into the tree.

If you can run -current on your laptop, you should consider it.  It
really is amazing.  Later I will try to get a test jig in place such
that I can measure current draw and compare, but heat == power, so I'm
sure it's a success.

Thank you Philip, et al!

--STeve Andre'

ps: more on the w541 later and a description to dm...@openbsd.org.


-- original email
Date: Sat, 13 Jun 2015 15:15:59 -0700
Subject: Re: CPU power consumption on thinkpad x201
From: Philip Guenther guent...@gmail.com
To: Jingcheng Zhang dio...@gmail.com
Cc: Shaun Reiger srei...@sprmail.net, misc@openbsd.org 
misc@openbsd.org

On Thu, May 28, 2015 at 6:53 AM, Jingcheng Zhang dio...@gmail.com wrote:
 Another x201 user here, suffering from the same problem. Any 
news/solutions

 on this issue?

I just committed support for using the deeper C-states advertised by
ACPI, which in testing dropped the temperature on most laptops.

Don't forget to send a dmesg to dm...@openbsd.org some time after you
upgrade, so we can check for any problems found by the code!


Philip Guenther


-- w541 dmesg
OpenBSD 5.7-current (GENERIC.MP) #0: Mon Jun  8 20:49:25 EDT 2015
r...@paladin.home.network:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 33950375936 (32377MB)
avail mem = 32917573632 (31392MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7cd2d000 (68 entries)
bios0: vendor LENOVO version GNET72WW (2.20 ) date 02/26/2015
bios0: LENOVO 20EGCTO1WW
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT PCCT SSDT TCP

A UEFI MSDM ASF! BATB FPDT UEFI
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) EXP3(S4) 
XHCI(S3) EHC1(S3) EHC2(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.31 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,

SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,
SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,

SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,
SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,IT
SC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,

SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,
SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,IT
SC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,

SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,
SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C

Re: New LibreSSL mailing lists

[STeve Andre']

On 06/03/15 22:23, Doug Hogan wrote:

We have two new lists for LibreSSL:

libre...@openbsd.org - public list for technical discussion about
LibreSSL on any operating system.

libressl-secur...@openbsd.org - private list for reporting severe
vulnerabilities in OpenSSL or LibreSSL to the core LibreSSL team.


See http://www.openbsd.org/mail.html for more details.



libressl-security gives me an error:

 The libressl-security mailing list is not supported at
 OpenBSD Mailing List Server.

Re: offtopic: political correctness

[Andre Ruppert]

Any other problems?

Am 08.05.15 um 16:30 schrieb Marko Cupać:

Hi,

I am reading 2nd edition of Absolute OpenBSD 2nd Edition and can't
but notice paragraph Confidentiality on XXX page of Introduction:

---cut-here---
Confidentiality
This means that secret data should remain secret. Your private infor-
mation must not get into the public eye. That Eastern European kiddie
porn syndicate should not get your credit card number.
---cut-here---

This sound quite nazi to me. Should Western European kiddie porn
syndicate be able to get my credit card number, as opposed to Eastern
European kiddie porn syndicate, which should not? Or does that mean
that kiddie porn syndicate exists only in Eastern Europe, but not in -
let's say - New Zealand or Canada?

I guess this was intended to be a joke, but in my opinion it sucks.


--


Andre Ruppert

Re: OpenBSD on Dell m4800 -- Anybody tried it?

[STeve Andre']

I would like to believe that, but OEMs are constantly changing hardware.
Since everyone runs Windows, all they have to do is make sure the new
frotzel works, and ship it.

Over time, the parts that don't work will likely get drivers, but if you
need a laptop that just runs right now, I would find a way to test it.

--STeve Andre'

On 04/15/15 14:28, Shaun Reiger wrote:

Hi Ray, I haven't used a Dell Precision M4800 with OBSD yet, but I found
that under PCBSD it should work. Given OBSD has very good laptop support I
believe everything should be detected. I have included a link to the PCBSD
site where I found the your laptop listed.

http://wiki.pcbsd.org/index.php/Hardware

Cheers,

Shaun

On Tue, Apr 14, 2015 at 6:17 PM, Raymond Lillard r...@prosysmeg.com wrote:


I am considering the purchase of a Dell Precision M4800 laptop with
the intention of installing OpenBSD on it. Has anyone here ran
OBSD on one of these?  I will configure it with an AMD FirePro M5100.

Google has fail to find anyone who has tried this.

Thanks
Ray

Suggestion for the 5.7 page

[STeve Andre']

   It might be good to include R under the highlights section.  It's
growing in popularity; I know I've gotten questions about it being
in OpenBSD.

  It's really cool to show the ports tree now.  Most all the important
things are there now, at least for non-technical people.  R is a
useful addition to that, I think.

--STeve Andre'

Re: What's wrong with script(1)?

[STeve Andre']

On 01/29/15 18:16, openda...@hushmail.com wrote:

Hi Marc / Otto!

On 29. januar 2015 at 7:07 PM, Marc Espie es...@nerim.net wrote:

And it shouldn't !   script(1) is often used for debugging
purposes, and that noise becomes paramount to figuring
out what's going on.

Thanks, I had no idea. Would it be possible though to mention some use cases 
where the noise is necessary?

Many thanks!

O.D.



When you want to know exactly what a process is spewing out. CR's
and all.

Really, script(1) says that it catches everything printed onto the
terminal in the first line.

I've used script to find out escape sequences from programs, to
figure out how cursor movement worked.  I've also caught programs
with many gigs of output, so I could look for weird little things
it said (not my code, but I had to figure it out).  Having the line
breaks in there let me see each individual line which was useful.

Lastly if you don't want to see them make an alias of cat/more
with output going through tr(1) and you'll never see them again.

That's the beauty of this world--you have little tools to make
stuff happen the way you want.

--STeve Andre'

Re: Following Current / Flag Day

[STeve Andre']

On 01/26/15 19:34, Kurt Miller wrote:

We narrowed the definition of what a static pie binary is in the kernel.
This change is a flag day where newer kernels will not recognize older
pie binaries making upgrading via source hard. If you are running an
older version of -current, upgrade via snapshots prior to building a new
kernel from source to get over this flag day.

-Kurt



Is the below the change that is the flag day?  Or, when is the FD?

Modified files:
sys/kern   : exec_elf.c

Log message:
Require EFT shared objects have a PT_PHDR entry to be considered
a pie binary. The kernel will now reject executing a typical shared
library with EINVAL. This breaks compatibility with initial static pie
binaries and requires a recent user-land prior to upgrading. In
addition, more fine grained errors can be returned from execve(2)
when errors occur while attempting to execute ELF objects.

okay guenther@, kettenis@, deraadt@


--STeve Andre'

Re: Following Current / Flag Day

[STeve Andre']

On 01/27/15 00:16, Theo de Raadt wrote:

On 01/26/15 19:34, Kurt Miller wrote:

We narrowed the definition of what a static pie binary is in the kernel.
This change is a flag day where newer kernels will not recognize older
pie binaries making upgrading via source hard. If you are running an
older version of -current, upgrade via snapshots prior to building a new
kernel from source to get over this flag day.

-Kurt



Is the below the change that is the flag day?  Or, when is the FD?

Modified files:
sys/kern   : exec_elf.c

Log message:
Require EFT shared objects have a PT_PHDR entry to be considered
a pie binary. The kernel will now reject executing a typical shared
library with EINVAL. This breaks compatibility with initial static pie
binaries and requires a recent user-land prior to upgrading. In
addition, more fine grained errors can be returned from execve(2)
when errors occur while attempting to execute ELF objects.

okay guenther@, kettenis@, deraadt@

Look, you'll be fine.  There is approximately a 3-4 day window about
a 4 weeks or a month back, depending on architecture.  Use snapshots,
if in doubt.



OK, already did that.  The tense of the message is what made me question
this.  Thanks. --STeve Andre'

Re: AMD64 packages

[STeve Andre']

On 12/11/14 05:59, FRIGN wrote:

On Wed, 10 Dec 2014 21:27:46 -0500
STeve Andre' and...@msu.edu wrote:


You might want to subscribe to the ports-changes changes list,
which will show you what's been changed.  The source-changes
list will show you all the other cvs commits.  Look at

http://www.openbsd.org/mail.html

Btw, now that the topic has come up. Is there a way to view the
diffs quickly on a source- or port-change?
Just reading the titles is not very helpful and I also don't feel
like pulling the entire OpenBSD CVS-tree just to view the recent
code-changes.

I'm subscribed to numerous mailing lists, and all of them provide
diff-data in the mail itself. I'm sure more people would subscribe
to such a list if it actually encouraged to read and check the
source.

Cheers

FRIGN


Have you looked at http://cvsweb.openbsd.org/cgi-bin/cvsweb/ ?

You can get a diff of the change of any revision, which should
help out.

--STeve Andre'

Re: AMD64 packages

[STeve Andre']

On 12/10/14 20:51, Stan Gammons wrote:

When will new packages be built for AMD64?   I'm getting library errors
with the latest snapshot and the current packages.

Stan



They come out frequently, but not on a set schedule.  Since the
last set came out on the 6th, I would expect the next set in the
next several days -- unless some change caused a cascade of
non-compiles in which case the problem will be worked on before
the next release.

You might want to subscribe to the ports-changes changes list,
which will show you what's been changed.  The source-changes
list will show you all the other cvs commits.  Look at

http://www.openbsd.org/mail.html

intermittent problems compiling kdrive in xenocara

[STeve Andre']

So, I am dumb.  Problem is, I don't know what it is that I don't know.

Every once in a while compiling xenocara, I get a fatal error when
dealing with kdrive.  I've looked for emails talking about this and
haven't found anything.  I've gone over release(8) and think I'm
OK.

What's frustrating is that this error comes and goes.  Sometimes
for months at a time things are OK.  I've resorted to getting a new
copy of xenocara when this happens, which is dumb.

I'm using the anoncvs server at spacehopper.org.

Since others aren't complaining about this it must be me.  So then,
how am I shooting myself (this time) ?  Clue sticks?  Error below.

tnx,  STeve Andre'

=== kdrive
cd /usr/xenocara/kdrive  exec make  -f Makefile.bsd-wrapper cleandir
cd /usr/xenocara/kdrive  exec make  -f Makefile.bsd-wrapper depend
no dependencies here yet
cd /usr/xenocara/kdrive  exec make  -f Makefile.bsd-wrapper all
PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig:/usr/X11R6/lib/pkgconfig 
CONFIG_SITE=/usr/xenocara/etc/config.site  CFLAGS=-O2 -pipe 
MAKE=make PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin  exec sh 
/usr/xenocara/kdrive/../xserver/configure --prefix=/usr/X11R6 
--sysconfdir=/etc  --mandir=/usr/X11R6/man 
--cache-file=/usr/xobj/xorg-config.cache.amd64  --localstatedir=/var 
--sysconfdir=/etc/X11  --with-xkb-path=/usr/X11R6/share/X11/xkb 
--with-xkb-output=/var/db/xkb  --with-default-xkb-rules=base 
--disable-xorg  --enable-xcsecurity  --enable-kdrive  --disable-dmx 
--disable-xnest  --disable-xvfb  --without-fop --without-xmlto 
--without-xsltproc --disable-silent-rules

configure: loading site script /usr/xenocara/etc/config.site
configure: creating cache /usr/xobj/xorg-config.cache.amd64
/usr/xenocara/kdrive/../xserver/configure[3569]: cannot create 
/usr/xobj/xorg-config.cache.amd64: No such file or directory

checking for a BSD-compatible install... (cached) /usr/bin/install -p
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... (cached) /bin/mkdir -p
checking for gawk... (cached) awk
checking whether make sets $(MAKE)... (cached) yes
configure: error: source directory already configured; run make 
distclean there first

*** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:179 'config.status')
*** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:211 'build')
*** Error 1 in . (bsd.subdir.mk:48 'realbuild')
*** Error 1 in /usr/xenocara (Makefile:36 'build')

Re: Non-functional battery stuck at 55% on ThinkPad T420 upgrade since 5.6-stable upgrade

[STeve Andre']

On 11/05/14 11:40, Peter wrote:

Hello all,

Since upgrading to 5.6-stable my ThinkPad T20 battery doesn't work. The
OS recognizes the battery but it's stuck at 55% and won't recharge. It
won't boot without AC power. I'm running apmd(8) without modifications.
Did I forget some option when I reinstalled? Any help would be greatly
appreciated.

Thanks,
Peter



[snip]

I had a Windows user on a Txxx thinkpad last year that had the same
kind of problem.  Sometimes things get weird with tp batteries. Three
suggestions:

1. Take the battery out, unplugged from AC and try to start it. This
drains whatever capacitive storage it might have.  Leave it alone for
an hour then plug it together and try it.

2. Boot anything else, like a live CD and see if the battery problem is
the same.

3. kill apmd and see if that changes anything.

--STeve Andre'

nobody spoke up, about today?

[STeve Andre']

  Happy birthday, OpenBSD!

Re: Trying to create softraid crypto part

[STeve Andre']

So The partition has to be raid, vs 4.2 BSD

Onward to my new disk...


--STeve Andre'


Sent with AquaMail for Android
http://www.aqua-mail.com


On October 6, 2014 12:22:25 AM STeve Andre' and...@msu.edu wrote:


So I am missing something, or being dumb.

sd0j is a 128g piece of disk.  Doing

   bioctl -c C -l /dev/sd0j softraid0

Gives

  softraid0: invalid metadata format

What am I missing?  This is an amd64 snap of
Oct 4th.  The vnconfig way of encryption has worked till I decided to do
things the new way.

Thanks for clues,  STeve Andre'

Sent with AquaMail for Android
http://www.aqua-mail.com

Trying to create softraid crypto part

[STeve Andre']

So I am missing something, or being dumb.

sd0j is a 128g piece of disk.  Doing

  bioctl -c C -l /dev/sd0j softraid0

Gives

 softraid0: invalid metadata format

What am I missing?  This is an amd64 snap of
Oct 4th.  The vnconfig way of encryption has worked till I decided to do 
things the new way.


Thanks for clues,  STeve Andre'

Sent with AquaMail for Android
http://www.aqua-mail.com