Re: Problem with WireGuard on OpenBSD 7.3
On Sat, 6 May 2023 02:18:30 +0200 Odd Martin Baanrud wrote: > Hello Stuart, > > Thanks for a detailed and good explenation! > > I choosed the WireGuard-tools solution, because I understood how it works, > and it is easy to configure. > I*ve read a bit in the wg(4) manual, and I get confused of how things > actually works. > Is it possible to use wireguard-tools*s private/public key e.g? > If not, is the actual configuration using the included tools easy to do? > > I*m blind, so reading lots of documentation, when not knowing what to look > for, can be pritty time consuming. > So, if it is an easy way to set up a wireguard-tools style vpn using tools > from the base system, please let me know. > > Regarding pf, thanks for good advice regarding how to use NAT rules. > > Regards, Martin. Hello Martin. I just recently started using WireGuard, as a client only, using commercial VPN service. I did not have to use wireguard-tools. In addition to the manual pages for wireguard and rdomain, I also consulted several online guides that helped clarify how everything should work (DNS is the tricky part). 1. Solene Rapenne - "Full WireGuard setup with OpenBSD" Solene explains how to setup both wireguard server and client on OpenBSD without using wireguard-tools. She uses openssl to generate private keys. Note: page has one ASCII network diagram. https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html 2. Matthieu Herrb - "Setting up a WireGuard client with routing domains on OpenBSD". Matthieu explains step-by-step how to setup OpenBSD as wireguard client for 3rd party VPN. He uses wireguard-tools, but only to generate the private key initially. Note: page includes one long output of ps command. https://md.laas.fr/s/NMc3qt5PQ Since both of the above guides use rdomains for their setup, I found this writeup about rdomains and rtables useful: 3. Joel Knight - "Virtualizing the OpenBSD Routing Table" Note: page has four images of network diagramms. https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ It is a lot of reading, and I apologize for that. I can see, but it still took me couple days to figure out how to get just the client part working right, and you are trying to do both server and client at once. I hope you succeed. -- Andre
Re: sndio and bit perfect playback
On Tue, 25 Oct 2022 16:44:59 +0200 Christian Weisgerber wrote: > Andre Smagin: > > > There is possibly one more use case for "bit-perfect". I have a small > > collection of surround sound (5.1, 4.1, quad, etc) recordings extracted > > from various DVDs, SACDs, and other sources. > > Yup. > I even have a commercially released DTS-CD lying around somewhere, > which is basically an ordinary CD except that the audio is encoded > as DTS and not PCM. > > > My desktop is connected to a receiver via optical SPDIF cable. To get > > the surround sound, I use mpd with 'device "snd/0"' option and Ario to > > control the mpd daemon. > > I'm curious, what's the actual audio hardware? azalia(4) or uaudio(4)? It is azalia, built-in on the motherboard (dmesg at the end). > > Bit depth does not seem to matter. I don't care about "bit-perfect", but > > only about sending the dts stream to the receiver as-is, which works. > > S/PDIF actually has a native depth of 20 bits per sample. There > are also 4 spare bits in the frame, which can optionally be used > to transport 24 bits. If an audio source provides only 16 bits per > sample, those are fit into the 20 bit frame with the remaining bits > unused. DTS and AC3 encodings for S/PDIF only use 16 bits. Ah, thank you for the explanation! I tried reading the DTS specification once, but it is way over my head. -- Andre Smagin OpenBSD 7.2-current (GENERIC.MP) #778: Mon Oct 10 22:34:04 MDT 2022 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 68596912128 (65419MB) avail mem = 66500554752 (63419MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (59 entries) bios0: vendor American Megatrends International, LLC. version "A.I0" date 08/10/2022 bios0: Micro-Star International Co., Ltd. MS-7C37 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT FIDT MCFG HPET SSDT IVRS FPDT PCCT SSDT CRAT CDIT SSDT SSDT SSDT SSDT WSMT APIC SSDT acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-127 acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 9 5950X 16-Core Processor, 3400.06 MHz, 19-21-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 9 5950X 16-Core Processor, 3400.00 MHz, 19-21-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line 16-way L3 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 9 5950X 16-Core Processor, 3400.00 MHz, 19-21-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line 16-way L3 cache cpu2: smt 0, core 2, package 0 cpu3 at mai
Re: sndio and bit perfect playback
On Thu, 13 Oct 2022 22:14:33 +0200 Alexandre Ratchov wrote: > On Thu, Oct 13, 2022 at 03:11:50AM +, s...@skolma.com wrote: > > in summary, audio works.. just not bit-perfectly :) > > does anyone know if SNDIO supports such mode ? and how i might configure it. > > bit-perfect is practical for one thing only: avoid questionings about > whether the processing adds audible noise & distortion. I've tryed > various hacks, including bypassing sndiod and neither was very > practical. > > IMHO, the sndiod resampler covers 99% of the cases. To handle the > remaining 1%, I just resample the files off-line. audio/sox is > excellent for that. > > So, I'd suggest you to add "-e s24" to sndiod_flags and resample > off-line when needed. > > HTH There is possibly one more use case for "bit-perfect". I have a small collection of surround sound (5.1, 4.1, quad, etc) recordings extracted from various DVDs, SACDs, and other sources. They are encoded in DTS and Dolby Digital formats, as plain WAV files, and "compressed" to flac format to prevent "smart" applications, such as ffmpeg, mpd, etc. from trying to decode them and convert to stereo. My desktop is connected to a receiver via optical SPDIF cable. To get the surround sound, I use mpd with 'device "snd/0"' option and Ario to control the mpd daemon. mpd decodes the top layer (flac), but stops there and sends DTS-wav to the sndiod without mangling it further. However, if sndiod's sample rate does not match that of the recording, it resamples the stream, which ruins the DTS and results in white noise. I found out that I have to restart sndiod with either 'sndiod_flags="-m play -r 44100"' or 'sndiod_flags="-m play -r 48000"' flags in /etc/rc.conf.local depending on the files I am playing, and then it gets to the receiver without issues. I have each music directory annotated with the sample rate used, like so: HAMLET: /storage $ ls music/dts/Pink\ Floyd/ (1970) Atom Heart Mother (Quadrophonic Vinyl Conversion) (Dolby Digital Quad 16-48) (1973) Dark Side of the Moon (Alan Parson's Mix) (DVD-Audio) (DTS 4.1 24-48) (1971) Echoes (Original 4.0 Quad Mix) (From Pink Floyd the Early Years 1965-1972, Volume 5) (DTS Quad 16-48) (1973) Dark Side of the Moon (Analogue Transfer From SACD) (DTS 5.1 16-44.1) (1971) Meddle (From Pink Floyd the Early Years 1965-1972, Volume 5) (DTS 5.1 16-48) (1994) The Division Bell (2014, Warner Music Group, 20th Anniversary Edition) (DTS 5.1 16-48) Live: (1974) Live at Pompeii (DTS Quad 24-48) For '16-48' and '24-48' (bit depth-samplerate), I start sndiod with sndiod_flags="-m play -r 48000" for '16-44.1', I restart sndiod with sndiod_flags="-m play -r 44100" Bit depth does not seem to matter. I don't care about "bit-perfect", but only about sending the dts stream to the receiver as-is, which works. -- Andre
Re: New desktop CPU/chipset recommendation
On Sun, 13 Feb 2022 21:46:30 -0700 Thomas Frohwein wrote: > On Thu, 3 Feb 2022 19:16:55 -0500 > Andre Smagin wrote: > > ... > > Ryzen 9 5950x on x570 chipset motherboard, should last ten years at > > least. Everything "just works" - NVMe hard drives, SPDIF audio, video, > > etc. > > Does the audio work? No audio hangs/wedging anymore on more than just > a few minutes of usage? I have a machine like this, too, but audio would > hang with MSI on like previous Ryzen generations. Unlike previous Ryzen > generations, patching to switch to legacy interrupts didn't work. That > was about 1.5 years ago; it currently serves as a Windows box ... > > It would be good to know if that issue went away... I wouldn't mind > putting a better OS on my machine again *cough*. Thomas, I play music all day long on the desktop on weekends, going out via SPDIF (optic fiber) to a receiver. I have not tried direct speakers or headphones. The only change to configuration I made was setting outputs.mode=digital in /etc/mixerctl.conf I play audio with mpd (local network files and internet streams), and sometimes audacious and vlc for local files, and web audio with chrome. Had couple strange lock-ups when streaming web-radio with mpd. In fact, one happened just now - internet radio stream via mpd/Ario started stattering and stopped as I was typing this email - restarting sndiod and mpd did not help, had to reboot. So, overall, little bit less reliable than my old pre-Ryzen desktop, but not too bad - does not happen very often, may be once a week. Not sure how to troubleshoot it. -- Andre
Re: New desktop CPU/chipset recommendation
On Sun, 13 Feb 2022 20:55:26 +0200 Mihai Popescu wrote: > > ... Ryzen 9 5950x on x570 chipset motherboard ... > > Can you post the output of > sysctl | grep hw. > please? Here, with smt disabled and smt enabled: HAMLET: /home/andre $ sysctl | grep hw hw.machine=amd64 hw.model=AMD Ryzen 9 5950X 16-Core Processor hw.ncpu=32 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:,sd1:2c4f0a976c44c833,cd0: hw.diskcount=3 hw.sensors.ksmn0.temp0=36.62 degC hw.cpuspeed=3400 hw.setperf=100 hw.vendor=Micro-Star International Co., Ltd. hw.product=MS-7C37 hw.version=2.0 hw.uuid=c9bca978-eca9-1a51-aece-2cf05d9a5218 hw.physmem=68596871168 hw.usermem=68596854784 hw.ncpufound=32 hw.allowpowerdown=1 hw.perfpolicy=auto hw.smt=0 hw.ncpuonline=16 hw.power=1 HAMLET: /home/andre $ doas sysctl hw.smt=1 hw.smt: 0 -> 1 HAMLET: /home/andre $ sysctl | grep hw hw.machine=amd64 hw.model=AMD Ryzen 9 5950X 16-Core Processor hw.ncpu=32 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=sd0:,sd1:2c4f0a976c44c833,cd0: hw.diskcount=3 hw.sensors.ksmn0.temp0=36.50 degC hw.cpuspeed=3400 hw.setperf=100 hw.vendor=Micro-Star International Co., Ltd. hw.product=MS-7C37 hw.version=2.0 hw.uuid=c9bca978-eca9-1a51-aece-2cf05d9a5218 hw.physmem=68596871168 hw.usermem=68596854784 hw.ncpufound=32 hw.allowpowerdown=1 hw.perfpolicy=auto hw.smt=1 hw.ncpuonline=32 hw.power=1
Re: New desktop CPU/chipset recommendation
On Mon, 20 Sep 2021 14:56:31 -0400 Andre Smagin wrote: > I am looking for a hardware advice. > I don't upgrade my desktop very often - last one was about ten > years ago (AMD FX-8350 CPU), which I recently made my home server > running -current, no issues. Now I am looking for a new desktop that > will last another ten years, hence the question: if I buy the latest > available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any > current issues with using it for OpenBSD desktop? I would like to > overkill it with the choice of hardware now, so I don't have to worry > about it for a while. Replying to my own thread from months ago. Took some time to get this done, buying one part per paycheck, but I have a new desktop now. Ryzen 9 5950x on x570 chipset motherboard, should last ten years at least. Everything "just works" - NVMe hard drives, SPDIF audio, video, etc. Big thanks to OpenBSD developers! No issues to complain about, fresh install, copied my configuration files from old desktop, was up and running in 30 minutes. Day 3 to configure Windows 11 on a second hard drive (to run 3d CAD software mostly) and now I have to reinstall - broke something completely while trying to set it up to be usable... Dmesg: OpenBSD 7.0-current (GENERIC.MP) #303: Wed Feb 2 13:26:47 MST 2022 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 68596871168 (65419MB) avail mem = 66500714496 (63420MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (60 entries) bios0: vendor American Megatrends International, LLC. version "A.F0" date 12/16/2021 bios0: Micro-Star International Co., Ltd. MS-7C37 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT FIDT MCFG HPET SSDT IVRS TPM2 PCCT SSDT CRAT CDIT SSDT SSDT SSDT SSDT WSMT APIC SSDT FPDT acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-127 acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 9 5950X 16-Core Processor, 3400.48 MHz, 19-21-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 9 5950X 16-Core Processor, 3400.02 MHz, 19-21-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 9 5950X 16-Core Processor, 3400.02 MHz, 19-21-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entr
Re: Should 80MB of RAM be enough for kernel relinking on i386?
On Wed, 22 Sep 2021 17:27:30 +0100 "Patrick Harper" wrote: > If the situation isn't going to change anytime soon then I have some > diffs for INSTALL.i386 and INSTALL.amd64. The latter has not specified > disk requirements, I guess since anyone who owns an amd64 system will > very likely be using a disk big enough for X, so I figured that the > same would apply to any user of an i386 system that meets the proposed > minimum RAM. These are based on the 2021-09-21 snapshot versions. > > --- INSTALL.i386.txtWed Sep 22 16:52:38 2021 > +++ INSTALL.i386_newWed Sep 22 16:51:17 2021 > @@ -201,10 +201,7 @@ OpenBSD/i386 7.0 supports most SMP (Symmetrical > MultiP > systems. To support SMP operation, a separate SMP kernel (bsd.mp) > is included with the installation file sets. > > -The minimal configuration to install the system is 32MB of RAM and > -at least 250MB of disk space to accommodate the `base' set. > -To install the entire system, at least 600MB of disk are required, > -and to run X or compile the system, more RAM is recommended. > +The minimal configuration to install the system is 512MB of RAM. > > Please refer to the website for a full list of supported hardware: > https://www.openbsd.org/i386.html Hello. I have Soekris net4801 gateway/firewall and it only has 128Mb of RAM. I usually upgrade to -current by putting the CF card into a different machine, since writing to CF card is slow on Soekris, but tonight I upgraded to -current using the box itself and timed how long it took to relink the kernel - 25 minutes. It has 256Mb of swap. Eh, 259.9M apparently. After-reboot relinking is currently disabled until I figure out what to put in the new bsd.re-config to change flags for wd to 0x0ff0 automatically, no luck yet. Soekris dmesg: OpenBSD 7.0 (GENERIC) #203: Wed Sep 22 19:24:38 MDT 2021 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC real mem = 133709824 (127MB) avail mem = 114921472 (109MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 20/80/03, BIOS32 rev. 0 @ 0xf7840 pcibios0 at bios0: rev 2.0 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc8000/0x9000 cpu0 at mainbus0: (uniprocessor) cpu0: Geode(TM) Integrated Processor by National Semi ("Geode by NSC" 586-class) 267 MHz, 05-04-00 cpu0: FPU,TSC,MSR,CX8,CMOV,MMX cpu0: TSC disabled pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00 sis0 at pci0 dev 6 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 00:00:24:c3:54:68 nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1 sis1 at pci0 dev 7 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 00:00:24:c3:54:69 nsphyter1 at sis1 phy 0: DP83815 10/100 PHY, rev. 1 sis2 at pci0 dev 8 function 0 "NS DP83815" rev 0x00, DP83816A: irq 10, address 00:00:24:c3:54:6a nsphyter2 at sis2 phy 0: DP83815 10/100 PHY, rev. 1 ral0 at pci0 dev 10 function 0 "Ralink RT2860" rev 0x00: irq 11, address 00:1d:6a:0e:80:cd ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (MIMO 2T3R) ral1 at pci0 dev 14 function 0 "Ralink RT2560" rev 0x01: irq 5, address 00:13:d3:00:9f:7a ral1: MAC/BBP RT2560 (rev 0x04), RF RT2525 gscpcib0 at pci0 dev 18 function 0 "NS SC1100 ISA" rev 0x00 gpio0 at gscpcib0: 64 pins "NS SC1100 SMI" rev 0x00 at pci0 dev 18 function 1 not configured pciide0 at pci0 dev 18 function 2 "NS SCx200 IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 1-sector PIO, LBA48, 3811MB, 7806960 sectors wd0(pciide0:0:0): using PIO mode 4 geodesc0 at pci0 dev 18 function 5 "NS SC1100 X-Bus" rev 0x00: iid 6 revision 3 wdstatus 0 ohci0 at pci0 dev 19 function 0 "Compaq USB OpenHost" rev 0x08: irq 9, version 1.0, legacy support isa0 at gscpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS gpio1 at nsclpcsio0: 29 pins gscsio0 at isa0 port 0x15c/2: SC1100 SIO rev 1: npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Compaq OHCI root hub" rev 1.00/1.00 addr 1 dt: 445 probes vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (1f081011692bae0c.a) swap on wd0b dump on wd0b
Re: New desktop CPU/chipset recommendation
On Mon, 20 Sep 2021 18:59:11 -0400 Daniel Wilkins wrote: > On Mon, Sep 20, 2021 at 02:56:31PM -0400, Andre Smagin wrote: > > Good day. > > > > I am looking for a hardware advice. > > I don't upgrade my desktop very often - last one was about ten > > years ago (AMD FX-8350 CPU), which I recently made my home server > > running -current, no issues. Now I am looking for a new desktop that > > will last another ten years, hence the question: if I buy the latest > > available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any > > current issues with using it for OpenBSD desktop? I would like to > > overkill it with the choice of hardware now, so I don't have to worry > > about it for a while. > > > > I am ten years out of touch with hardware development progress, so will > > appreciate any input you may have. > > > > -- > > Andre > > > You got me curious, so I went ahead and installed OpenBSD on the desktop > I rebuilt this year. > I've got a Ryzen R9 3900X with an MSI MAG B550 TOMAHAWK for the motherboard, > and an R9 380 for the graphics card. > > Works totally fine from my initial impressions. Sound works, USB works, > plays full HD videos fine over DP, drives the 1440p display with no issues, > etc. > > The only thing "wrong" is that I don't think Audio-over-HDMI works. > > Hope this might help a bit, > Danny > Thank you very much for the test! I feel more comfortable now, will probably get the B550 chipset motherboard and CPU like yours. And if there are issues with sound as others mentioned, I can always use an external USB card, have one somewhere I think. Only need SPDIF output going to a receiver on my desk. Thank you all for the replies! -- Andre
New desktop CPU/chipset recommendation
Good day. I am looking for a hardware advice. I don't upgrade my desktop very often - last one was about ten years ago (AMD FX-8350 CPU), which I recently made my home server running -current, no issues. Now I am looking for a new desktop that will last another ten years, hence the question: if I buy the latest available AMD chipset (X570 I think) and Ryzen 9 CPU - are there any current issues with using it for OpenBSD desktop? I would like to overkill it with the choice of hardware now, so I don't have to worry about it for a while. I am ten years out of touch with hardware development progress, so will appreciate any input you may have. -- Andre
Experience using httpd in production on busy machines?
I am in the process of deploying an updated version of a PHP web application that has been running on Apache and Nginx on Linux. This time I have done all the development running the webserver on OpenBSD httpd+PHP. The setup is so much simpler and I am used to running OpenBSD boxes as gateways/firewall so I am familiar. However, before I take the final step and deploy the new application on OpenBSD httpd in production I would like to hear if anyone has any experience to share regarding performance compared to running Apache or Nginx on Linux? Any caveats to look out for? Kind regards! Sent with [ProtonMail](https://protonmail.com/) Secure Email. I never deployed it in the real world, but made a version of my web server using httpd. To test it I beat the crap out of it with three other OpenBSD systems running wget scripts and programs simulating hordes of users. It worked well, saturating a 100mb test network. I have never cared for "speed", because a faster less secure site only leads to a notice of breakins or worse. Regardless of the software you use, you should always be really mean to it Try to crash it--multiple machines on your test network will really, really test it. --STeve Andre' Ps: if you do find weirdness, report it! Sent with Aqua Mail for Android https://www.mobisystems.com/aqua-mail
Re: TCP FIN hangups in encrypted ESP tunnel
Hi Peter, it's not just you, I have similar problems since around July 1, but with a netcup server. Since then, downloading a bigger file from the netcup server using scp or rsync fails pretty consistently. Normal ssh sessions or other stuff like imap or xmpp remain stable, as far as I can tell. I run the scp/rsync over wg, but it doesn't matter, happens over pppoe too. Like you, I also spent the last evenings looking for mistakes on my side, besides having this working for years. So now I guess the problem is on their side or somewhere in between? I see the following when the file transfer fails: 192.168.100.1 is my router, where I run "scp 192.168.100.2:dump.gz ." 192.168.100.2 is the netcup server 237470 28.285237 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] Seq=55922 Ack=195360998 Win=120512 Len=0 TSval=2630531475 TSecr=89901171 237471 28.285242 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237472 28.285260 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237473 28.285288 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] Seq=55922 Ack=195363734 Win=117824 Len=0 TSval=2630531475 TSecr=89901171 237474 28.285293 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237475 28.285311 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237476 28.285339 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 TSecr=89901171 237477 28.285348 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP Previous segment not captured] , Encrypted packet (len=1368) 237478 28.285382 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#1] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195369206 237479 28.285498 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195369206 237480 28.285863 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237481 28.285906 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#2] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195370574 237482 28.285914 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237483 28.285941 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#3] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195371942 237484 28.285946 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237485 28.285973 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#4] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195373310 237486 28.285979 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237487 28.286006 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#5] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195374678 237488 28.286016 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237489 28.286044 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#6] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195376046 237490 28.286054 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted packet (len=1368) 237491 28.286081 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#7] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195377414 237492 28.286343 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=131456 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195377414 237493 28.286421 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195377414 237494 28.287076 192.168.100.2 -> 192.168.100.1 TCP 56 22 -> 12534 [FIN, ACK] Seq=195377414 Ack=55922 Win=16384 Len=0 TSval=89901171 TSecr=2630531475 237495 28.287141 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#8] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195377414 237496 28.288062 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=147712 Len=0 TSval=2630531475 TSecr=89901171 SLE=195367838 SRE=195377414 237497 28.288586 192.168.100.1 -> 192.168.100.2 SSHv2 104 Client: Encrypted packet (len=36) 237498 28.295439 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP Fast Retransmission] ,
Re: Filling a 4TB Disk with Random Data
Even easier, have stty status set to ^T, and run dd . When you want to know where you are in the process hit ^T. Lots (most?) of programs will respond to a SIGINFO request. --STeve Andre' On Jun 10, 2020, 12:48, at 12:48, Luke Small wrote: >if you have access to packages, you could "pkg_add pv" > >and: > >"dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" > >It will show you in real time how much random > >data has been written to disk. > >-Luke > > >On Wed, Jun 10, 2020 at 11:43 AM Luke Small >wrote: > >> I mean: "dd if=/dev/random | pv | dd of=/dev/rsdXc bs=1m" >> >> -Luke >> >> >> On Wed, Jun 10, 2020 at 11:41 AM Luke Small >wrote: >> >>> if you have access to packages, you could "pkg_add pv" >>> >>> and: >>> >>> "dd if=/dev/random | pv | of=/dev/rsdXc bs=1m" >>> >>> It will show you in real time how much random >>> >>> data has been written to disk. >>> >>> -Luke >>> >>
Re: Filling a 4TB Disk with Random Data
The speed of writing is dependent on the rotational speed of the disk, and the i/o bandwidth of the system. You want to do dd if=/dev/zero of=/dev/rsd1c bs=1m Note that this writes to the sd1 disk! Carefully, carefully look at your disks and write to the correct one. Writing to sd0 is likely to be disastrous. Do this on a test system. dd is as efficient as it is ruthless. You can irrevocably damage a system with it. ---STeve Andre' Sent from BlueMail On Jun 1, 2020, 09:58, at 09:58, Justin Noor wrote: >Hi Misc, > >Has anyone ever filled a 4TB disk with random data and/or zeros with >OpenBSD? > >How long did it take? What did you use (dd, openssl)? Can you share the >command that you used? > >Thank you so much
Re: OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog
If you look at the titles of some of the other "articles" You will see a trend of unhappiness. The author has the right to write such things, just as everyone else has the right to ignore it. --STeve Andre' On May 28, 2020, 00:16, at 00:16, Quantum Robin wrote: >Hi, > >While surfing on the Google to learn more about OpenBSD, I encountered >this >one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure ( >https://aboutthebsds.wordpress.com/2013/01/25/20/) > >Is the author telling the truth? Or just yet another anti-BSD thing?
sha256 of the install67.img is missing in the snapshot
The sha256 checksum data of the install67.img file is missing in the snapshot.
Re: openbsd.org down?
The proper people know already. It's useless to make further comments. --STeve Andre' On Apr 13, 2020, 03:14, at 03:14, Ilya Mitrukov wrote: >Hi, >flushing the caches doesn't help and it's still unavailable. > >Does anybody know where to report the issue? >(I'd look at openbsd.org but ... ) > >- Ilya > >On 2020-04-13 05:00, zeurk...@volny.cz wrote: >> "Durial EB" wrote: >>> Still down for me. >> Appears intermittent. Cc'ing webmaster@ (assuming it exists). >> >> --zeurkous. >> >>> On Sun, Apr 12, 2020 at 5:44 PM wrote: >>> >>>>> Hello. >>>>> >>>>> What happened to the openbsd.org? >>>>> I seems to be down for 10+ hours for now. >>>> WFM. Empty your name swerver cache, it might help. >>>> >>>>> Regards, >>>>> >>>>> Roman >>>> --zeur. >>>> >>>> -- >>>> Friggin' Machines!
"not MAP_STACK" message in dmesg / system message buffer
Hello. While prototyping something in C, I made a mistake with pre-processor macros, which I narrowed down to this: int main() { char *test[10][2097152] = { { 0 } }; } Running it results in $ ./a.out Segmentation fault (core dumped) and it also logs it in dmesg as Feb 25 20:05:49 hamlet /bsd: [a.out]52048/372328 sp=7f7ff5fd4150 inside 7f7fff7d5000-7f7d5000: not MAP_STACK Feb 25 20:06:49 hamlet /bsd: [a.out]94530/186499 sp=7f7ff5fe58c0 inside 7f7fff7e7000-7f7e6000: not MAP_STACK Feb 25 20:07:09 hamlet /bsd: [a.out]9523/344960 sp=7f7ff5fd9fd0 inside 7f7fff7db000-7f7db000: not MAP_STACK I have not seen a segfaulting program being logged in system message buffer before. Is it expected behaviour? Just curious, the message was a bit confusing. The system is amd64-current. -- Andre
Re: Tools for writers
On 2019-11-02 15:07, Antoine Jacoutot wrote: On Sat, Nov 02, 2019 at 03:04:34PM -0400, STeve Andre' wrote: On 2019-11-02 11:00, Oliver Leaver-Smith wrote: Hello, What tools do people find useful for writing on OpenBSD? By writing I mean long form such as novels and technical books, including plot and character development, outlining, and formatting for publishing (not all the same application necessarily) I have found a number which boast Linux support, but not really anything that stands out which supports OpenBSD (aside from the obvious LaTeX et al.) Mich appreciated ~ols -- Oliver Leaver-Smith +44(0)114-360-1337 TZ=Europe/London /usr/bin/vi You obviously never wrote a book. At least not with the requirements OP asked for. > Actually, I am, right now. I've found that "formatting" is an annoyance, when writing material. Get it written, *then* worry about how it looks. I've done this for more than 40 years when creating documents, reports and such for work. --STeve Andre'
Re: Tools for writers
On 2019-11-02 11:00, Oliver Leaver-Smith wrote: Hello, What tools do people find useful for writing on OpenBSD? By writing I mean long form such as novels and technical books, including plot and character development, outlining, and formatting for publishing (not all the same application necessarily) I have found a number which boast Linux support, but not really anything that stands out which supports OpenBSD (aside from the obvious LaTeX et al.) Mich appreciated ~ols -- Oliver Leaver-Smith +44(0)114-360-1337 TZ=Europe/London /usr/bin/vi
Re: Display flickers after upgrade to 6.6
Hi, I ran into the same issue this morning. Disabling the compositor worked for me, but I noticed later that this is also documented in the package readme: Screen compositor = If you're using the modesetting X driver and experience window flickering when the compositor is enabled, you should force the window manager to use the XPresent method for vblank: $xfwm4 --vblank=xpresent --replace & This is documented upstream at https://git.xfce.org/xfce/xfwm4/tree/COMPOSITOR#n114 Haven't tested that yet and left the compositor disabled, but I guess this will fix your issues. If it does, that's probably a good reminder to first look in the readme next time (me included). ;) Regards, André
Nobody said it yet...
Happy birthday to OpenBSD!
Re: Package -stable updates
On 29.08.2019 01:59, Steven Shockley wrote: > So, many thanks to everyone who put together the new -stable updates for > packages. Is there a command I can put in the crontab that will only > output if there are updates? Similar to what syspatch or openup does. > I tried pkg_add -unx, but that still tells me to delete old files and > prints the quirks line even if there are no updates. Hi Steven, here's what I came up with in my /etc/daily.local file... (pkg_add -suv | sed -En 's/^Adding (.+)\(pretending\)/\1/p') 2>&1 \ | grep -v ': Requesting' Initially I didn't use the verbose option and a simpler sed expression, but I eventually found that pkg_add's output differs whether a terminal is attached or not. So that's what works for me. Regards Andre
Re: When will OpenBSD become a friendly place for bug reporters?
On 7/8/19 10:57 PM, mazoc...@disroot.org wrote: Hi! We all know that bugs don't get fixed without backtraces. After few years of using OpenBSD I am annoyed to get mocked for not sending backtraces, but why I don't send them? The answer is: OpenBSD doesn't provide software packages with debugging symbols. Do I look like a Gentoo user? It's not cool to leave no choice to bug reporters but to make them rebuild all ports they use with: $ env CFLAGS='-pipe -g' DEBUG=-g make -j $(sysctl -n hw.ncpu) reinstall The current OpenBSD is definetely not friendly to bug reporters, so don't blame me when I refuse to send backtraces, I am simply not in mood to rebuild software when it shouldn't be necessary, I value my time. For heavens sake, why don't you compile the code with symbols? If you have the ability to go inside and look for problems, you can compile stuff yourself. If you're going to submit a patch you have to build to test the fix! --STeve Andre'
Re: Evernote Alternative?
Just a little addendum to your final post: I use OpenBSD as my desktop environment (also MAC OS and Linux) and I was looking for years for an outline application which I can use on every OS. Finally I switched from open to (paid) closed source *sigh* but now most of my problems were solved. I use notecasepro, an I think I'm the only user who uses it on OpenBSD, because I have to ask for a version running on an actual OpenBSD release. And no, this is not an advertisement, but my personal result after evaluating a lot of similar software which I can use on Linux, FreeBSD, MacOS but not on OpenBSD. Regards Andre Am 29.06.19 um 22:56 schrieb Chris Humphries: Final post. smime.p7s Description: S/MIME Cryptographic Signature
Re: Blind OpenBSD users
On 5/14/19 5:02 AM, Marc Espie wrote: As far as I know, the only software we have for blind people (and not just people with very poor eye sight) is misc/brltty. misc/screen also has support in the form of the shm flavor, which hooks to misc/brltty The main issue for this kind of thing is of course testing. This was done over 10 years ago. I have zero idea if this still works, or if there are better tools these days. We also have (had?) a speech synthesis system in audio/festival Unfortunately, this is research code that predates the C++ standard by years, and thus is thoroughly rotten through. I don't think we have any other speech synthesis open source software in the ports tree. There is flite which works but isn't great. --STeve Andre'
Re: Code of Conduct location
On 4/28/19 3:58 AM, Strahil Nikolov wrote: Hello All, can someone point me to the link of the OpenBSD code of Conduct ? It seems that I can't find it even with the help of google. Best Regards, Strahil Nikolov There isn't one that I have ever seen. But the code of conduct here is really the same as in life: be honest and fair, try to help and not harass. Deal with others as you would wish others would do to you. A formal Code of Conduct is a rabbit hole, with no bottom. The very people who might need it will be its abusers, and how do you enforce it on open mailing list? --STeve Andre'
Can't boot up on -current of thursday
For the first time in 14+ years I cant boot up. I compiled -current yesterday but didnt reboot then. Rebooting today after the probe line Spkr0 at pcppi0 I get Usbd_free_xfer: xfer=0xff087bb44c30 not free And hangs. So, I booted the previous kernel and got the same message. Other kernels give the same message. Bsd.rd did come up however. This is a w541 thinkpad. I'm going to install on an external disk, but have others seen this? Given multiple kernel failures I fear hardware problems. And of course I dont have other working hardware with me so I have to deal with that to get comparison systems up. Thanks for any clues. --STeve Andre'
Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache
Use "rcctl set unbound timeout 300", which sets "unbound_timeout=300" in rc.conf.local. The variables are documented in rc.d(8). Regards André
Re: TypeO
On 10/19/18 6:29 PM, david long wrote: I'm the first to admit I don't know anything about anything. Should it be iwn or iwm for the wireless firmware drivers. Because I get an error say unable to load iwm. I thought the wireless drivers for the Intel chipset are iwn David, I would suggest reading https://www.openbsd.org/mail.html. Actually, reading the entire FAQ is a good idea for newcomers. Both iwn and iwm are wireless drivers, for different species of Intel wireless chips. Reading is a really good thing when delving into a new op system. Fortunately OpenBSD is great docs. In addition, https://undeadly.org/ is good reading, as is http://daemonforums.org/forumdisplay.php?f=11 There are others but that should get you started. --STeve Andre'
Re: Going nuts
Thanks very much to Stewart and Josh. My new little beast is on the net now and everything seems to work. Now the W541 can go to the hospital as I leave mine. (-; STeve Andre' On Sep 11, 2018, 06:16, at 06:16, Stuart Henderson wrote: >On 2018-09-11, STeve Andre' wrote: >> My main laptop is going south on me and I'm trying to get an >alternate thinkpad working. Adding to my joy is that I'm in the >hospital currently. >> >> I have a stock X220. What firmware file do I want for -current? >Sorry for the question but I plead antibiotics! Most frustrating not >having access to normal items. >> >> Thank you all... >> >> STeve Andre' >> > >Files for -current are at >http://firmware.openbsd.org/firmware/snapshots/, >"fw_update -i" will tell you which ones you need. > >If you need to load them from USB stick or similar to get wlan working, >you can use fw_update -p /path/to/files.
Going nuts
My main laptop is going south on me and I'm trying to get an alternate thinkpad working. Adding to my joy is that I'm in the hospital currently. I have a stock X220. What firmware file do I want for -current? Sorry for the question but I plead antibiotics! Most frustrating not having access to normal items. Thank you all... STeve Andre'
Re: Lesser evil
On 09/04/18 20:04, Heinz Kampmann wrote: -- *Gesendet:* Dienstag, 04. September 2018 um 23:00 Uhr *Von:* "STeve Andre'" *An:* "Kevin Chadwick" , misc@openbsd.org *Betreff:* Re: Lesser evil On 09/04/18 09:09, Kevin Chadwick wrote: Um, maybe I'm not writing well. I'm talking about a dual-boot Windows OpenBSD system, which gets a Windows virus, which wipes out the disk. Effectively asleep, OpenBSD gets creamed. That's what I mean about dual-booting being a risk. Hi, I understand you in that way, but I thougt win10 can´t read/write ufs-partitions. Maybe I´am wrong. I use Windows for one program (PsyPrax), cause I won´t run it in an emulation. I only trust in OpenBSD. Lean and clean code shifts security - plus the extra work like pledge, KARL, w^x etc. ... and the most reviews praise the high quality code of OpenBSD. Sometimes I use win10 or mac high sierra for amazon prime. best wishes, Heinz Heinz, Think disk, not partitions. Smash the raw disk and it matters not what was on it; it will be obliterated. That's what some Win viri do. --STeve Andre'
Re: Lesser evil
On 09/04/18 09:09, Kevin Chadwick wrote: On Mon, 3 Sep 2018 18:03:06 -0400 I would not try to dual boot Windows and OpenBSD. There are too many disgusting viri out that smash parts of partitions. OpenBSD or anything else on the disk is a sitting duck once not active. Don't do it. The AV situation on Windows is out of control--a conservative estimate is that there are 4M pieces of malware out for Windows. Personally I feel this is a red herring. If you are finding viri on your system then OpenBSD helps but could be hacked too. Viri are unlikely with a security conscious OpenBSD user. You are doing something wrong or need to silo your actions. Um, maybe I'm not writing well. I'm talking about a dual-boot Windows OpenBSD system, which gets a Windows virus, which wipes out the disk. Effectively asleep, OpenBSD gets creamed. That's what I mean about dual-booting being a risk. --STeve Andre'
Re: Lesser evil
On 09/03/18 14:42, - - wrote: Hello all, I am running OpenBSD on my desktop, which is suitable for 99% of my needs. However I have to run certain proprietary software, which is available on Linux, Mac OSX and Windows. I cannot decide which of the three would be a "lesser evil" to run in respect with security and privacy. The software (video and photo editing) runs best on Windows, almost as good on OSX and it runs on Linux with some compromises. Does it make sense to accept such compromises and run Linux for security and privacy OR is the better security and privacy of Linux more or less a myth and running Windows would be almost the same in that respect? I understand that any response is to be just an opinion. Thank you Jan I would not try to dual boot Windows and OpenBSD. There are too many disgusting viri out that smash parts of partitions. OpenBSD or anything else on the disk is a sitting duck once not active. Don't do it. The AV situation on Windows is out of control--a conservative estimate is that there are 4M pieces of malware out for Windows. If your AV software knows how to deal with 98%, that means 80K things aren't dealt with. Ugh! I know of a dual booting Win/Obsd laptop that was damaged by a viri and afterwards the owner could not find the OpenBSD partition at all. Pity I was never able to see it to do analysis. Here in the US, you can get used thinkpads for an astonishing small amount of money. My wife just got a T430 with 8G ram, 500G disk, 2.6GHz I5, 1366x768 display, 2 USB 3 ports, for $167. The battery is even decent. This is at Newegg. Used macs look like $400. For that money I would advocate that a separate machine is best, AND you have an emergency OpenBSD backup system. --STeve
Re: Installed current on top of FAT32 flash, Recover old filesystem??
On 07/14/18 15:16, Chris Bennett wrote: I very carefully and surely tested which flash drive to use and then pulled out the wrong one. I stopped the install with halt and done nothing else. Should I have yanked it, halted it or just said goodbye? ddrescue or something else or nothing else? Thanks, I hope, Chris Bennett https://www.r-studio.com/ This is software I have used in the past to deal with disk disasters. It's about $80 the last time I used it but it worked pretty well. Good luck. If you find some other method, let misc@ know. --STeve Andre'
Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?
Hello Philipp, hello @misc I thought the problems were gone, but often deleting an unmamed phase 1 SA didn't work with the "cookie method" at least with 6.3/amd64. My way: 1.) # sh -c "echo S > /var/run/isakmpd.fifo" # less /var/run/isakmpd.result --> identify the dead phase 1 SA SA name: (Phase 1/Responder) src: dst: Lifetime: 28800 seconds Flags 0x icookie 7e0aab1278867246 rcookie f26398203e60007f 2.) try to delete the unnamed SA with your method: # sh -c "echo 'd 7e0aab1278867246f26398203e60007f -' \ > /var/run/isakmpd.fifo" results mostly in: ui_delete: command "d 7e0aab1278867246f26398203e60007f -" found no SA 3.) collateral problem: I'm not able to accept a new connection by the remote peer (with a new cookie) because isakmpd logs: transport_send_messages: giving up on exchange peer-, no response from peer . With tcpdump I can see that isakmpd refuses to answer peer requests 'till lifetime end or the crippled phase 1 is totally dropped... Resarting isakmpd is not advised 'cause of a lot of other active vpn sessions. The question: isakmpd bug or may brain incapabillities? Best regards Andre Am 15.05.18 um 05:15 schrieb Philipp Buehler: Hello Andre, Am 14.05.2018 13:38 schrieb Andre Ruppert: I got the tips from this 2013 undeadly.org article: Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway https://undeadly.org/cgi?action=article=20131125041429 Apparently I wrote that article, and I feel your pain :-) 2.) less /var/run/isakmpd.result ... SA name: (Phase 1/Responder) src: dst: Flags 0x icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec ... Feeding the fifo with sh -c "echo 't ' > /var/run/isakmpd.fifo" only deletes phase 2. But I didn't have an SA name at this time... ?? The problem here is you only have an 'unnamed' SA, indeed; but you have cookies.. What you can do - found that a bit later after the undeadly article: echo 'd 9f5bf7497f0ebe108a6c7b1b1f5923ec -' > isakmpd.fifo which is "d $icookie$rcookie -" (no space between the cookie values). If I am changing a peer configuration, I also block 500/udp for the time being to avoid these 'Responder' SAs altogether. Think along pf.conf:pass in proto udp from to $myself port 500 pfctl -T delete -t vpn_peers $thatpeer pfctl -k $thatpeer ipsecctl -d -f $thatpeer.conf vi $thatpeer.conf ipsecctl -f $thatpeer.conf pfctl -T add -t vpn_peers $thatpeer HTH, smime.p7s Description: S/MIME Cryptographic Signature
Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?
Hello Philipp, sorry for the late answer Thanks for the hint with the cookies. Works in my environment I'm much happier now ;-) Best regards Andre Am 15.05.18 um 05:15 schrieb Philipp Buehler: Hello Andre, Am 14.05.2018 13:38 schrieb Andre Ruppert: I got the tips from this 2013 undeadly.org article: Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway https://undeadly.org/cgi?action=article=20131125041429 Apparently I wrote that article, and I feel your pain :-) 2.) less /var/run/isakmpd.result ... SA name: (Phase 1/Responder) src: dst: Flags 0x icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec ... Feeding the fifo with sh -c "echo 't ' > /var/run/isakmpd.fifo" only deletes phase 2. But I didn't have an SA name at this time... ?? The problem here is you only have an 'unnamed' SA, indeed; but you have cookies.. What you can do - found that a bit later after the undeadly article: echo 'd 9f5bf7497f0ebe108a6c7b1b1f5923ec -' > isakmpd.fifo which is "d $icookie$rcookie -" (no space between the cookie values). If I am changing a peer configuration, I also block 500/udp for the time being to avoid these 'Responder' SAs altogether. Think along pf.conf:pass in proto udp from to $myself port 500 pfctl -T delete -t vpn_peers $thatpeer pfctl -k $thatpeer ipsecctl -d -f $thatpeer.conf vi $thatpeer.conf ipsecctl -f $thatpeer.conf pfctl -T add -t vpn_peers $thatpeer HTH, smime.p7s Description: S/MIME Cryptographic Signature
Re: OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?
Remark below... Am 14.05.18 um 13:38 schrieb Andre Ruppert: Hello @misc, I use a CARPed pair of 6.2 gateways as vpn access nodes, running "plain" ISAKMPD/ipsec. The peering vpn gateways have different brandings from OpenBSD, linux, cisco to watchguard appliances etc... Interoperability works most like a charm and is a no-brainer in most cases. I have only access to the OpenBSD peering gateways, but most other brands belong to partners / customers. Sometimes I first have problems with some of these peering boxes and only partial tunnels came up (only phase 1 or - more bad - phase 1 only partial). Then I check the logs and - if I got wrong credentials or parameters from the peering partner - I change the configs on my side. It needs mostly much less time than to discuss with the technicians from the peering partners - their problems have to te solved by them by clicking somewhere in a webinterface *sigh*. Ok, back to _my_ problem: If a ipsec tunnel is running with phase 1 and 2, I can stop it with "ipsecctl -d -f ". Works. If the ipsec tunnel is only partial working, I can delete it by using the fifo mechanism. Sometimes. ( I got the tips from this 2013 undeadly.org article: Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway https://undeadly.org/cgi?action=article=20131125041429 ) But I have always problems if only a part of phase 1 came up. 1.) sh -c "echo S > /var/run/isakmpd.fifo" 2.) less /var/run/isakmpd.result ... SA name: (Phase 1/Responder) src: dst: Flags 0x icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec ... Feeding the fifo with sh -c "echo 't ' > /var/run/isakmpd.fifo" only deletes phase 2. But I didn't have an SA name at this time... ?? Question to the community: how is it possible to reliable stop partial tunnels without restarting isakmpd/ipsec (e.g. disturbing all other running tunnels)? I'm clueless Best regards Andre ...and sh -c "echo 't main ' > /var/run/isakmpd.fifo" doesn't work either ... /var/log/daemon reports "...ui_teardown: teardown connection "", phase 1 but that doesn't do anything. Man isakmpd reads for fifo using: "t [phase] name" Tear down the named connection, if active. For name, the tag specified in isakmpd.conf(5) or the IP address of the remote host can be used. Hm. Again clueless... Best regards Andre smime.p7s Description: S/MIME Cryptographic Signature
OpenBSD 6.2: how to tear down partial ipsec tunnels without restarting ipsec/isakmpd?
Hello @misc, I use a CARPed pair of 6.2 gateways as vpn access nodes, running "plain" ISAKMPD/ipsec. The peering vpn gateways have different brandings from OpenBSD, linux, cisco to watchguard appliances etc... Interoperability works most like a charm and is a no-brainer in most cases. I have only access to the OpenBSD peering gateways, but most other brands belong to partners / customers. Sometimes I first have problems with some of these peering boxes and only partial tunnels came up (only phase 1 or - more bad - phase 1 only partial). Then I check the logs and - if I got wrong credentials or parameters from the peering partner - I change the configs on my side. It needs mostly much less time than to discuss with the technicians from the peering partners - their problems have to te solved by them by clicking somewhere in a webinterface *sigh*. Ok, back to _my_ problem: If a ipsec tunnel is running with phase 1 and 2, I can stop it with "ipsecctl -d -f ". Works. If the ipsec tunnel is only partial working, I can delete it by using the fifo mechanism. Sometimes. ( I got the tips from this 2013 undeadly.org article: Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway https://undeadly.org/cgi?action=article=20131125041429 ) But I have always problems if only a part of phase 1 came up. 1.) sh -c "echo S > /var/run/isakmpd.fifo" 2.) less /var/run/isakmpd.result ... SA name: (Phase 1/Responder) src: dst: Flags 0x icookie 9f5bf7497f0ebe10 rcookie 8a6c7b1b1f5923ec ... Feeding the fifo with sh -c "echo 't ' > /var/run/isakmpd.fifo" only deletes phase 2. But I didn't have an SA name at this time... ?? Question to the community: how is it possible to reliable stop partial tunnels without restarting isakmpd/ipsec (e.g. disturbing all other running tunnels)? I'm clueless Best regards Andre
relayd as websocket proxy?
Hello @misc, is it possible to configure relayd to act as a websocket proxy with v6.2/v6.3? I set up relayd as ssl accelerator: excerpt from relayd.conf: http protocol "httpfilter2" { tcp { nodelay, sack, socket buffer 65536, backlog 100 } return error match request header set "Connection" value "close" match header set "Keep-Alive" value "$TIMEOUT" match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" value \ "$SERVER_ADDR:$SERVER_PORT" tls { tlsv1, ciphers "HIGH:!ADH:!NULL:!RC4:-ECDH:ECDHE" } } ... relay webrtc_wsc { listen on $webrtc_wsc_relayd_addr \ port $webrtc_wsc_relayd_port tls protocol "httpfilter2" transparent forward to port $webrtc_wsc_web_port \ mode loadbalance http “/” code 200 } ... valid .key and .crt-files are placed in /etc/ssl/private and /etc/ssl. First: "standard" SSL acceleration works fine without problems. Second: websocket connections don't :-( As far I can see websocket upgrade messages (decoded in wireshark as "HTTP/1.1 101 Switching Protocols" packets) from the internal server are replaced by relayd with packets with the RST-flag set directed to the WAN client and the connection is closed. My head-scratching question: is this possible at all with relayd? Or do I have to switch to nginx? Regards Andre Ruppert smime.p7s Description: S/MIME Cryptographic Signature
Re: IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC
Fri, 16 Mar 2018 13:25:49 +0100 Janne Johansson <icepic...@gmail.com>: > 2018-03-16 12:26 GMT+01:00 Andre Ruppert <a...@in-telegence.net>: > > > Hello @misc, > > > > after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via > > 6.1 to 6.2 (amd64) I noticed some trouble with my VPN connections. > > > > Almost always when you get "expected 3DES" it means "the confs are not > matching so obsd chose some default thing which includes 3DES > which is not what the other side is running". > > Things like mixing up "from NetA to NetB" and the other side not > having the exact opposite is a decent way to get that exact error. > > I don't know what part changed so that it is no longer matching for > you, but something makes the negotiations not think > the remote proposal is what it expects, so it goes into some default > mode from which it will never make a connection. > I agree with you in principle, but the question is: why drop these connections (with untouched configurations) sporadically with 6.2 and _not_ with 6.0? Some of these connections drop several times in 24h. No problems at all with 6.0. And it's always the same behavior: first drops the esp tunnel and the esp flows remain active. And its not possible to stop them with 'ipsecctl -d -f ' Is it only possible to stop zombie-type flows with fifo commands? Best regards Andre
IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC
Hello @misc, after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via 6.1 to 6.2 (amd64) I noticed some trouble with my VPN connections. Scenario: - a CARPed OpenBSD VPN gateway with sasyncd (master and backup) - a bunch of customer VPN client gateways (several brands -> Sophos, Fortigate, Cisco , ... ). - ISAKMPD/ipsec (no iked yet) - no syntax errors in ipsec.conf files (checked) - with release 6.0 no problems at all. - with 6.2 sometimes several of the connections drop nearly at the same time and I have do restart them manually. Configuration: ipsec.conf includes - configuration is pretty simple - one include-file for every connection: # -- LOCAL_PEER = "IP_of_my_gateway" LOCAL_NET = "my_network/mask bits" REMOTE_NET_XY = "foreign_network_YX/mask bits" REMOTE_PEER_XY = "IP_of_remote_gateway" ike esp from $LOCAL_NET to $REMOTE_NET_XY \ peer $REMOTE_PEER_XY \ main auth hmac-sha2-256 enc aes-256 group modp1536 lifetime 3600 \ quick auth hmac-sha2-256 enc aes-256 group modp1536 lifetime 1200 \ srcid $LOCAL_PEER psk "SomethingTotalSecretAsPSKsCanBe" Single VPNs are startet by "ipsecctl -f /etc/ipsec/ipsec.include.xy" and deleted by "ipsecctl -d -f /etc/ipsec/ipsec.include.xy) (Deleting connections is a special matter and doesn't work well, but that is not the point here) The problem so far: prior to the connection drops I see isakmpd error messages: isakmpd[35939]: dropped message from "REMOTE_PEER_XY" port 500 due to notification type NO_PROPOSAL_CHOSEN isakmpd[35939]: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC isakmpd[35939]: message_negotiate_sa: no compatible proposal found My question: why (and where) do I expect 3DES_CBC encrytion ? And sometimes also other additional error messages appear in the Log. Example: ... ipsec_get_id: section to-10.10.244.0/25 has no "ID-type" tag Mar 16 08:06:11 redacc01-a isakmpd[35939]: connection_init: could not record connection "from-172.16.0.0/16-to-10.10.244.0/25" ... I'm clueless... There are no infos in the upgrade guides (6.0 to 6.1 and 6.1 to 6.2) concerning isakmpd/ipsec changes Sysctl lists: net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=8 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 net.inet.ip.ipsec-comp-alg=deflate Any hints? Best regards Andre Ruppert smime.p7s Description: S/MIME Cryptographic Signature
Re: Hard disk controller not recognized
On 02/12/18 12:07, Xianwen Chen wrote: Dear OpenBSD users, I am not able to run OpenBSD 6.2 amd64 on a Dell Latitude E6330. The installation was done by taking out the hard drive and hook it through a USB reader to another machine. I boot the hard drive through Legacy Boot menu. The boot process stops with root device: It is possible to boot through bsd.rd. However, the hard drive is not recognized there. Here is the dmesg from bsd.rd: [snip] Xianwen, Obviously the best thing is for IT to release the BIOS control to you, but if they won't, get a USB SATA disk interface, and try to use that. Your IT department might have figured out how to interfere with that too, but that might be a solution. You'd have to keep that external disk and its interface with you, but at least you could use OpenBSD. --STeve Andre'
Re: Writing "ones" instead of "zeroes" when wiping disk
Don't bother. Wiping the disk twice is enough. If you are storing state secrets melt the disk. Back in the days of sub 1G disks it might have been possible to get inter track gap data that was usable. Maybe. But not multi T disks. Sectors mapped out are a problem though, and multiple writes aren't going to touch those. If you encrypt the disk I question how much value a few encrypted sectors would be to anyone. Worry far more over lost usb sticks or portable usb disks. That's a far bigger problem. STeve Andre' Sent with AquaMail for Android http://www.aqua-mail.com On January 11, 2018 9:46:25 AM Andreas Thulin <andreasthu...@gmail.com> wrote: Hi! Again, an ignorant question (as usual): How might I do something similar to # dd if=/dev/one of=/dev/sd0 bs=1M as a complement to the usual and well-described # dd if=/dev/zero of=/dev/sd0 bs=1M followed by # dd if=/dev/urandom of=/dev/sd0 bs=1M in order to achieve paranoid disk-wiping? BR Andreas
Re: fsck: CANNOT READ: BLK 4235468160
When you enter the realm of hardware errors, anything can happen. If you are lucky you will see the same hard and soft errors every time you cross a bad sector, but I have seen many cases wildly varying block numbers on really sick disks. And yes, bad cables and USB interfaces can be a problem too. Try wiggling the cable disk the disk stable and see if you can produce errors. Try doing a read with that USB hardware on another disk, too. That will tell you something. I'll bet that the disk is bad. If it stops producing errors, don't forgive it! Get a new one. --STeve Andre' On 01/06/18 21:45, Maximilian Pichler wrote: Hi, I'm running fsck on an external USB hard drive, using OpenBSD 6.2 inside VirtualBox on MacOS. On each run it gives a handful of "CANNOT READ: BLK ..." messages, but the block numbers reported are different (!) each time. If the disk is damaged, shouldn't the problematic blocks be consistent? Does this point to a communication problem with the disk (e.g. faulty USB cable)? Or is this a hopelessly unstable situation given the general screwiness of USB over VirtualBox/Mac OS...? Also, does answering "y" to "CANNOT READ" modify the disk contents? Thanks for any insights! Max xhci0 at pci0 dev 12 function 0 "Intel 7 Series xHCI" rev 0x00: apic 2 int 20 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 umass0 at uhub0 port 9 configuration 1 interface 0 "Seagate Expansion" rev 3.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus4 at umass0: 2 targets, initiator 0 sd0 at scsibus4 targ 1 lun 0: <Seagate, Expansion, 9300> SCSI4 0/direct fixed sd0: 3815447MB, 512 bytes/sector, 7814037167 sectors $ doas fsck /dev/sd0a ** /dev/rsd0a ** Last Mounted on /home/max/mnt ** Phase 1 - Check Blocks and Sizes CANNOT READ: BLK 4235468160 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4128081280 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4194986880 CONTINUE? [Fyn?] y CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: ** Phase 2 - Check Pathnames CANNOT READ: BLK 4195146384 CONTINUE? [Fyn?] y CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 614222 files, 408012667 used, 76524122 free (3658 frags, 9565058 blocks, 0.0% fragmentation) MARK FILE SYSTEM CLEAN? [Fyn?] y * FILE SYSTEM WAS MODIFIED * $ doas fsck -f /dev/sd0a ** /dev/rsd0a ** File system is already clean ** Last Mounted on /home/max/mnt ** Phase 1 - Check Blocks and Sizes CANNOT READ: BLK 4236615424 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: ** Phase 2 - Check Pathnames CANNOT READ: BLK 3732315520 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4161885792 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4201995728 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4202008160 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: CANNOT READ: BLK 4202013680 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups CANNOT READ: BLK 5011229824 CONTINUE? [Fyn?] y THE FOLLOWING DISK SECTORS COULD NOT BE READ: 614222 files, 408012667 used, 76524122 free (3658 frags, 9565058 blocks, 0.0% fragmentation)
VLAN configuration problem on 6.1 ("no route to host" on other than own IP)
Hello @misc, perhaps I'm stupid, but I don't see my fault in a vlan network configuration: I got a OpenBSD 6.1 gateway box, connected to several switches. On em0 I habe to serve two networks: 172.16.210.0 (direct em0 - no vlan) 172.16.211.0 (VLAN 211 tagged on em0) On of my connections (em0) has a simple configuration on standard VLAN 1 (untagged): # ifconfig em0 em0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST> mtu 1500 lladdr a0:36:9f:36:49:e6 description: sbc-ect-lan-ext index 1 priority 0 llprio 3 media: Ethernet autoselect (1000baseT full-duplex,master) status: active inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255 # cat /etc/hostname.em0 inet 172.16.210.3 255.255.255.0 172.16.210.255 description "sbc-ect-lan-ext" -- This interface also is "CARPed": # ifconfig carp0 carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr 00:00:5e:00:01:01 index 8 priority 15 llprio 3 carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100 groups: carp status: backup inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255 # cat /etc/hostname.carp0 inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass advskew 100 (this gateway is the CARP slave (backup) of a pair of redundant gateways) --- Next: I want to have a VLAN on this interface em0: (the connected switch has a trunk configured this VLAN 210 (untagged) and VLAN 211 (tagged) - but I don't know if this information makes sense here) # ifconfig vlan211 vlan211: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 lladdr a0:36:9f:36:49:e6 index 15 priority 0 llprio 3 vlan: 211 parent interface: em0 vnetid: 211 parent: em0 groups: vlan status: active inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255 # cat /etc/hostname.vlan211 inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0 -- corresponding routing table (excerpt): # netstat -nr Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default172.16.0.15UGS1 191 - 8 ... ... 172.16.210/24 172.16.210.3 UCn1 1094 - 4 em0 172.16.210/24 172.16.210.1 Cn 00 -19 carp0 172.16.210.1 00:00:5e:00:01:01 UHLl 0 153 - 1 carp0 172.16.210.3 a0:36:9f:36:49:e6 UHLl 0 275 - 1 em0 172.16.210.10 00:08:25:22:50:e0 UHLc 0 158 - 3 em0 172.16.210.255 172.16.210.3 UHPb 00 - 1 em0 172.16.210.255 172.16.210.1 HPb00 - 1 carp0 172.16.211/24 172.16.211.3 UCn0 1215 - 4 vlan211 172.16.211.3 a0:36:9f:36:49:e6 UHLl 00 - 1 vlan211 172.16.211.255 172.16.211.3 UHb00 - 1 vlan211 - My problem: I am only able to ping myself (VLAN 211) - end I _don't_ think it's a switch problem - because I get an "no route to host" error # ping 172.16.211.3 # (my IP) PING 172.16.211.3 (172.16.211.3): 56 data bytes 64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms 64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms ... ...stupid but working as expected... # ping 172.16.211.2 # some other IP, same network PING 172.16.211.2 (172.16.211.2): 56 data bytes ping: sendmsg: No route to host ping: wrote 172.16.211.2 64 chars, ret=-1 ping: sendmsg: No route to host ping: wrote 172.16.211.2 64 chars, ret=-1 ping: sendmsg: No route to host ... The routing table then has added one new entry: 172.16.211/24 172.16.211.3 UCn1 1743 - 4 vlan211 172.16.211.2 link#15UHLc 0 1684 - 3 vlan211 ! 172.16.211.3 a0:36:9f:36:49:e6 UHLl 0 18 - 1 vlan211 172.16.211.255 172.16.211.3 UHb00 - 1 vlan211 I'm clueless and don't know how to investigate further... In my pf.conf I tried to "temporarly annihilate" the rules on the em0 interface ("set skip on em0"), but that didn't help Any hints? head-scratching regards Andre Ruppert smime.p7s Description: S/MIME Cryptographic Signature
Guess what today is
Happy birthday to OpenBSD--22 years old!
Re: A stupid question, re: xargs(1)
On Fri, 13 Oct 2017 18:03:59 -0400 Raul Miller <rauldmil...@gmail.com> wrote: > "Because then you don't need xargs, normal tooling seperates each line > into a seperate argv entry regardless of other spacing." > > If there's some existing way (portable or not) to build this kind of > argv in a shell script - using newline separation and nothing else - I > would really appreciate another hint. I wish you would have given an exact problem you are having difficulties with... I've been using ls | while read i; do echo "$i"; done or cat /tmp/tmp_file | while read i; do echo "$i"; done type of constructs for years and have never even needed xargs... -- Andre
Trying to burn a 4.5G dvd
Doing my usual growisofs -dvd-compat -Z /dev/rcd0c=image.iso results in the error mkisofs: Value too large to be stored in data type. File 4P4WFA00_W10x64ROW_proDL.iso is too large for current mkisofs settings - ignoring So far I do not see what needs to be changed in order to do this and a scan of marc.info and faq aren't helping. Clues? I'm pinched for time. Thanks... --STeve Andre'
Re: Limits on OBSD amd64
On 05/26/17 10:28, Stuart Henderson wrote: On 2017-05-26, Friedrich Locke <friedrich.lo...@gmail.com> wrote: Hi folks, i wonder what is the maximum file system size OBSD supports using different file systems like FFS afaik, this is 1TB FFS2 "as much as you have RAM to fsck"... and ZFS ? 0 bytes. On a 10T disk I created an 8T file with dd=/dev/zero of=bff. I didn't test it, but saw that I had the correct amount of space left. --STeve Andre'
Re: list all system users, eg. _x11
On 05/06/17 14:27, Luke Small wrote: Is there a way to determine all users on a system that the users command doesn't seem to show? like _x11 and _ntpd What's a user? Maybe you want to look at /etc/passwd. The first four lines are root:*:0:0:Charlie &:/root:/bin/ksh daemon:*:1:1:The devil himself:/root:/sbin/nologin operator:*:2:5:System &:/operator:/sbin/nologin bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin You can parse that with awk and do stuff. Read about passwd(5) to understand the format. A login shell of /sbin/nologin means it isn't interactive. That might get you started? --STeve Andre'
Re: OpenBSD 6.1: relayd does not start more than 3 processes
Hm, I got a relayd-problem with a similar config. 100% CPU load nearly all 10 days with 5.9, same behavior all 3-4 weeks with 6.0. Wrong-ordered relayd.conf too. looks like this when running in trouble: _relayd 33851 100.0 0.1 2004 4496 ?? Rp15Apr17 3363:59.52 relayd: relay (relayd) _relayd 94800 0.0 0.1 2208 4720 ?? Sp15Apr171:01.44 relayd: relay (relayd) root 92841 0.0 0.1 1724 3996 ?? Is15Apr170:01.70 /usr/sbin/relayd -v _relayd 65955 0.0 0.1 1328 3436 ?? Sp15Apr170:11.41 relayd: pfe (relayd) _relayd 40687 0.0 0.1 1240 3264 ?? Sp15Apr170:28.04 relayd: hce (relayd) _relayd 75933 0.0 0.1 1220 3404 ?? Ip15Apr170:37.44 relayd: ca (relayd) _relayd 82476 0.0 0.1 1216 3304 ?? Ip15Apr170:35.52 relayd: ca (relayd) I just re-ordered my config. No let's see if it still comes to trouble in the next weeks... ;-) Andre Am 05.05.17 um 16:05 schrieb Maxim Bourmistrov: Hm, I tried this out - re-ordering the layout of the config. You are, indeed, correct here. Strange that this runs on 6.0. Case closed. Sorry for the noise. Br smime.p7s Description: S/MIME Cryptographic Signature
Re: Kernel panic on Dell R210 with OpenBSD 6.0 (relayd related ?)
Hi, Im running 6.0 amd64 on a pair of R210 with relayd, but these are R210 (II). No kernel panics at all, and these systems are working in a live environment... Regards Andre Am 02.05.17 um 15:03 schrieb Mathieu BLANC: On Wed, Mar 29, 2017 at 02:06:23PM +0200, Mathieu BLANC wrote: It also kernel panics with just this pf rules : # cat pf_minimal.conf set limit { states 10 } set skip on lo anchor "relayd/*" pass I upgraded the system to 6.1 release last week, the kernel panic is still here (with the same logs). smime.p7s Description: S/MIME Cryptographic Signature
Re: Etnernal & infernal browser woes
On 04/28/17 09:00, David Coppa wrote: On Fri, Apr 28, 2017 at 2:18 PM, Jyri Hovila [iki.fi] <jyri.hov...@iki.fi> wrote: Dear everyone, With the above disclaimer said, and still knowing the potential for a war, I must say this: There is not much hope for OpenBSD to ever become a desktop (or laptop) OS if the nightmarish sluggishness of ALL modern web browsers can not be solved. Have you properly configured your user? What I usually do is: 1) be sure my user has the "staff" class: # grep dcoppa /etc/master.passwd dcoppa:***:1000:1000:staff:0:0:David Coppa:/home/dcoppa:/bin/ksh 2) I have this at the top of my ~/.profile: ---8<--- # bump limits ulimit -S -d $(ulimit -H -d) ulimit -S -n $(ulimit -H -n) ulimit -S -p $(ulimit -H -p) ulimit -S -s $(ulimit -H -s) ---8<--- With chromium or iridium it's not as bad as you have described. Personally I use iridium on a daily basis. Ciao! David I agree with David. It's manageable. I switched from Firefox to chrome some time ago, along with otter and Iridium--the three browser lifestyle. Firefox causes my wife to snarl all too often, so it isn't the case that FF on Windows is so great. Gone are the days of a 2G web browsing system, mostly. I have a 32G thinkpad and make sure limits are ramped up to absurd limits. Is is slower? Sure, but I'll take that over a faster, diseased system any time. OpenBSD will improve. Windows will not. --STeve Andre'
Re: Load average changed in 6.1?
On 04/24/17 04:42, Christoph Borsbach wrote: Hello everyone, first off: I know that the topic of "load" has been discussed numerous times, and been a topic on undeadly [1]. I know that this number is not that important. However: After upgrading 3 of my systems to 6.1 (from 6.0) I noticed the load average (15min value) has gone up by roughly 1.0, both in the output of daily(8) over some days now and when checking manually with w, top, or uptime. The systems in question differ a bit: - amd64 MP (KVM-Guest, dmesg [2], load-example [3]) - amd64 SP (VMware Guest, dmesg and examples not handy right now) - i386 SP (Alix, dmesg [4], load examples [5]) All were upgraded last week with bsd.rd to 6.1-RELEASE. The systems perform as well as ever and nothing was changed aside from upgrading system and packages. I'm just interested what could change the behavior. A quick check of src/sys/uvm/uvm_meter.c does not show me any changes recently. Has anybody observed this as well and has an explanation for this? Thanks, Christoph Christoph, What has changed 6.0 - 6.1 is the entire operating system. uvm_meter.c may not have changed but the other sub-systems have, which effects the way things works. It's the same with playing mp3's and you get stutter (or not) when disk I/O or other things are in play. Any OS is a city; largely invisible to us, interactions go on that can have ripple effects in how things work. The concept of a load average is nebulous at best. You can spike the system averages any number of ways so using it to determine how busy the system is at any point in time is not great. Better to see how fast the system delivers web pages or files, or ... Perhaps the uptime / w documentation should explicitly say that comparing load avs on different versions is a bit like comparing apples to spark plugs. --STeve Andre'
Re: GUI desktop autologin options
On Tue, 18 Apr 2017 20:44:05 -0700 "Sha'ul"wrote: > I'm trying to figure how setup an auto login from boot to some kind of GUI > desktop interface. What are my options? I'm not interested in Gnome 3, but > I will use anything else like Lumina, KDE, XFCE, etc. as long as it can > load straight into desktop environment when I turn on computer. Which > ones, besides Gnome 3, support autologin? Just add to /etc/X11/xenodm/xenodm-config DisplayManager.*.autoLogin: your_user_name enable xenodm in /etc/rc.conf.local with xenodm_flags= and add the startup command for your window manager to ~/.xsession If I remember correctly, it's something like xfce4-session || startkde || gnome-session || xterm to start those DEs. Other window managers are more straightforward and usually use their name as the main executable.
Re: Please: Is there ANY chance that Linux binaries might run again???
Softmaker doesn't support any of the BSDs - they've done it years ago for FreeBSD but the customer's interest was too little. Am 07.03.17 um 23:52 schrieb Damian McGuckin: > On Tue, 7 Mar 2017, Stefan Wollny wrote: > >> Yes - I will (again) contact SoftMaker trying to persuade them to >> provide an OpenBSD-version of their office suite. But they seem to have >> none with some decent Unix/OpenBSD-knowledge, just Linux. Sigh... > > I would buy SoftMaker on OpenBSD. Andre Ruppert [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Can't install -current on a Dell precision t3500
I'm puzzled and am asking for help. I'm attempting to install the -current snapshot (feb 12) on a Dell precision t3500. The install formats a 6T disk very quickly, like in 25 seconds. Hmm. After installing the tar files, installboot fails with a "Bad magic number in superblock". If I mount the a partition I see real data. Changing to a 160G disk everything works & boots, but not with the 6T disk. The t3500 is a sata 2 machine, as is the 160G disk. The 6T disk is sata 3, but since I see the OS written to the 6T disk it's been written out OK so thats not it. I'm missing something with regards the size of the disk? Probably I'm forgetting to include something relevant but I've been dealing with this last night and am tired. Clues? Thanks to all -- STeve Andre' dmesg OpenBSD 6.0-current (RAMDISK_CD) #164: Sun Feb 12 14:02:22 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD RTC BIOS diagnostic error 11 real mem = 12865998848 (12269MB) avail mem = 12472324096 (11894MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf0450 (77 entries) bios0: vendor Dell Inc. version "A17" date 05/28/2013 bios0: Dell Inc. Precision WorkStation T3500 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET TCPA SLIC SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU W3680 @ 3.33GHz, .73 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 731530 Hz cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins acpiprt0 at acpi0: bus 1 (PCI1) acpiprt1 at acpi0: bus 2 (PCI2) acpiprt2 at acpi0: bus 3 (PCI3) acpiprt3 at acpi0: bus 4 (PCI4) acpiprt4 at acpi0: bus 5 (PCI5) acpiprt5 at acpi0: bus 6 (PCI6) acpiprt6 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured "PNP0C0C" at acpi0 not configured "*pnp0c14" at acpi0 not configured "PNP0401" at acpi0 not configured "PNP0501" at acpi0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel X58 Host" rev 0x22 ppb0 at pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x22: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x22: msi pci2 at ppb1 bus 2 vga1 at pci2 dev 0 function 0 "ATI FirePro V4800" rev 0x00 wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) "ATI Radeon HD 5600 Audio" rev 0x00 at pci2 dev 0 function 1 not configured ppb2 at pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x22: msi pci3 at ppb2 bus 3 "Intel X58 Misc" rev 0x22 at pci0 dev 20 function 0 not configured "Intel X58 GPIO" rev 0x22 at pci0 dev 20 function 1 not configured "Intel X58 RAS" rev 0x22 at pci0 dev 20 function 2 not configured uhci0 at pci0 dev 26 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 16 uhci1 at pci0 dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 17 uhci2 at pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22 ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 22 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1ppb3 at pci0 dev 28 function 0 "Intel 82801JI PCIE" rev 0x00: msi pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 5 "Intel 82801JI PCIE" rev 0x00 pci5 at ppb4 bus 5 bge0 at pci5 dev 0 function 0 "Broadcom BCM5761" rev 0x10, BCM5761 A1 (0x5761100): msi, address b8:ac:6f:96:76:63 brgphy0 at bge0 phy 1: BCM5761 10/100/1000baseT PHY, rev. 0 uhci3 at pci0 dev 29 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 23 uhci4 at pci0 dev 29 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 17 uhci5 at pci0 dev 29 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 18 ehci1 at pci0 dev 29 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x90 pci6 at ppb5 bus 6 "Intel 82801JIR LPC" rev 0x00 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 82801JI AHCI" rev 0x00:
Re: OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest
Hello again, Date: 17.11.16 time: 18:32 - Christer Solskogen wrote: > Try use bridge mode instead of NAT. I had the exact same problem on > Windows 10 as a host. > > -- > chs > ...that hit the point. Tested on Mac OS and Win10 as host - same solution. Thank You! My former tested bridged-setup failed due to stupidity of myself... But what I yet not know: what's the reason for this kind of error ... but that's maybe a academical question ;-) regards Andre
OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest
Hello to the list, this morning I stumbled about a "pkg_add" problem when running OpenBSD 6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which host platform (I tried Mac OS Sierra and Windows 10 and 7). Virtualbox settings: 5GB hardisk 512 MB RAM tested two network card settings: virtio-net and Intel 1000 Pro desktop tested NATed and bridged settings. Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016 for example: (used a local mirror) # pkg_add wget quirks-2.241 signed on 2016-07-26T16:56:10Z wget-1.18:libunistring-0.9.6p0: ok Fatal error: Ustar [http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t gz][share/emacs/site-lisp/idna.el]: Premature end of archive Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= Fatal error: Installation of libidn-1.32p1 failed, partial installation recorded as partial-libidn-1.32p1 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. -- doesn't depend on mirror -- doesn't depend on guest RAM settings -- doesn't depend on guest network card settings -- doesn't depend on acceleration settings in Virtualbox (well, I think so...) ...and a little bit strange: _sometimes_ pkg_add works with small packages: example 2a (same as ex 1): # pkg_add ipcalc quirks-2.241 signed on 2016-07-26T16:56:10Z Fatal error: Ustar [http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg z][bin/ipcalc]: Premature end of archive Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= Fatal error: Installation of ipcalc-1.4p0 failed, partial installation recorded as partial-ipcalc-1.4p0 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. example 2b: # rm -R /var/db/pk/partial-* # pkg_add ipcalc quirks-2.241 signed on 2016-07-26T16:56:10Z ipcalc-1.4p0: ok Building packages from ports works fine (apparently) Any hints to look further? Anyone who had similar problems? Every hint is welcome, I'm clueless... ;-) best regards Andre Ruppert [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Laptop Recommendations?
On 11/10/16 00:47, Nathan Koch wrote: Greetings Fair BSD Wizards, I am new to the lists. I am currently shopping for a new Xmas present for myself and am looking for a laptop that's portable and lightweight. Preferably fast, cheap (close to free), light, and secure. If you have any recommendations before the stormy winter hits the prairies please let me know. Thank you. Nate Sailing the South Saskatchewan. I have used ThinkPads with great success: - T60p: everything worked - W500: everything worked - W541: camera and SDHC cards wern't working last time I checked, which was a while ago. Everything else is fine. Well, maybe the docking adaptor is still problematic. - A31p: which is now long obsolete, but it worked well. W500's can be had on ebay in the $280 class range, then add extra mem and a large disk, etc. --STeve Andre
Re: Dell R930 server
On 11/06/16 20:35, Philip Guenther wrote: On Sun, Nov 6, 2016 at 4:42 PM, Friedrich Locke <friedrich.lo...@gmail.com> wrote: ... Does OBSD "see" all the 96*128G memory available ? We only allocate a single PML4 slot for the direct map on amd64, so it's currently limited to seeing 2^39 == 512GB. To expand that, the size and base-slot/address of the direct map really need to be made variable, based on the number of physical address bits supported by the CPU (as found by CPUID), preferably then clamped by the range of the actual memory installed, and then set up in locore.S and pmap.c Philip Guenther Thanks for the explanation of the memory limit. I'm not needing a system with more than 512G yet, but how much of a project would it be to dynamically expand to whatever? --STeve Andre'
Happy Birthday
Happy Birthday to OpenBSD. Hey, it's 21. It can drink in Michigan now!
Re: i386 or amd64?
On 09/20/16 19:38, Jeff Ross wrote: Hi all, I've had a server with corenetworks for quite a few years now but after changes at corenetworks (their recent name change after acquisition by another company, no current servers available, no communication about the change of ownership with existing customers and an email exchange with sales@), I've decided it is best jump ship now rather than wait for a hard and possibly immediate deadline. I've just rented a server with 8GB of ram from m5hosting (based in large part from the many recommendations I read while searching misc@ on marc.info). Now the question is: i386 which is what I've always run on my 2 GB ram server, or amd64? http://www.openbsd.org/amd64.html and http://www.openbsd.org/i386.html are curiously silent on the amount of ram that can be accessed. If I have 8GB, I for sure want to use it all. I know there was a time when i386 was limited to the amount of ram it can access (32 bit) but now amd64 has this caveat: "(Some Intel processors lack support for important PAE NX bit, which means those machines will run without any W^X support -- it is thus safer to run those machines in i386 mode)." How does this fit with the recent work in 6.0+? How can I tell if the Xeon 3220 processor has the PAE NX bit? I see nothing in the tech sheet about PAE NX. http://ark.intel.com/products/28034/Intel-Xeon-Processor-X3220-8M-Cache-2_40-GHz-1066-MHz-FSB I have a little less than 2 weeks to make the transition so not a lot of time for install and try. Thanks in advance for any suggestions--dmesgs supplied once I get access. Jeff Ross Open Vistas Networking AMD64. There isn't a real future in 32-bit stuff. I have some great old Dells ("white optiplex") that I'll eventually get rid of but have kept because of their quality. But they do have the 3G problem. So look forwards at 65-bit. I don't think you'll look back. --STeve Andre'
Re: Building OpenBSD 6.0 -stable - Error
On 09/03/16 11:32, Harald Dunkel wrote: On 09/03/16 12:40, Ted Unangst wrote: Teno Deuter wrote: installed a fresh 6.0 AMD64 and tried to build 'stable' from source. Here is what I did as 'root' (as described in: http://www.openbsd.org/stable.html): export CVSROOT=anon...@anoncvs1.ca.openbsd.org:/cvs cd /usr; cvs checkout -P -rOPENBSD_6_0 src there's some repo surgery in progress. it should be fixed eventually. What exactly does this mean? It means that something went wrong, and steps were being taken to fix it. Not very often, cvs has problems and getting good copies of stuff doesn't work. This is always noticed and repaired fairly quickly. Also, if a repository is down, people have noticed it and are working on it, so messages to @misc such as "I can't update from xxx" are somewhat useless. The ecosystem for distributing software is not perfect. When you find a problem, wait, and try again. Repeat if needed. --STeve Andre'
Strange problem with symlink usage in apache2 / wordpress-4.5.3
I write this having solved the problem I was having, but I feel weird about my solution for it. This is an amd64 -current system compiled on Aug 8th, with packages from Aug 9th. An Optiplex 745 at 2.4GHz, 8G ram using the stock GENERIC kernel. A vanilla system for Wordpress 4.53 using PHP-5.6.23 and Maria 10.0.26v1 with apache 2.4.23. /etc/login.conf had limits raised to infinity. The system was updated just before the wx changes. Under a light load Wordpress worked as expected. But every once in a while, an ah00037 ( Symbolic link not allowed or link target not accessible) error popped up. The client would see a page not accessible message. Under a heavy load of wget scripts the error was just about constant. Going back in the browser would get things working after a page denial, at least for a bit. Pages that once worked came up with the error often. After a period of time pages would generally not work at all. The fix to get apache working again was to restart it, but lots of wget scripts would ramp the problem up again. My "fix" was to get rid of the symlink of /var/www/htdocs to /u, and making /var/www/htdocs the main code area. In a 4 hour test with multiple wget scripts, it served about 113,000 pages without error, about 8 per second. After that test I was convinced the "fix" worked. But why? The basic apache/system setup was correct I pretty sure, or wordpress would have never worked. The problem seems like it's load related. If anyone can say "idiot--you forgot N Q and Z" I'd like top hear it, but I think I have found a bug either in Apache or OpenBSD. Ideas on the best way to test symlinks? I haven't found any comments on a symlink problem in apache or wrodpress. All the ah00037 comments talk of stuff I already verified. I'm certainly willing to do more work on this--I'd appreciate any ideas on what to test. I've never seen an error like this before... Right now I feel uncomfortably dumb. Thanks for ideas... --STeve Andre'
Re: Recent package archives?
On 08/21/16 17:29, Stuart Henderson wrote: On 2016-08-21, STeve Andre' <and...@msu.edu> wrote: Does anyone have archives of recent amd64 snapshot packages? I blew my aug-09 set away and I'd like libreoffice back. Anyone? (And yes, I know it's always a gamble to mismatch packages and the OS) Thanks, STeve Andre' The last snapshot package built for libreoffice is against old X libraries so if you run them you get symbol conflicts (old package wanting libfreetype.so.25.0 but *also* pulling in X libraries linked against libfreetype.so.26.0). libreoffice builds from ports are currently failing due to W^X enforcement ("uno.bin(39666): mprotect W^X violation" when running code which is produced during the build as part of the build). I'm hoping that the recently committed change to ports gcc will let us work around this for now (I'll be testing this shortly) and then once we've got a working build of libreoffice again it will hopefully be simpler to track down the libreoffice code that currently needs W+X mappings - we can set kern.wxabort=1 sysctl and get some kind of coredump. Thanks Stuart. I figured that was the general problem. --STeve Andre'
Re: Recent package archives?
On 08/21/16 01:01, bytevolc...@safe-mail.net wrote: STeve Andre' wrote: Does anyone have archives of recent amd64 snapshot packages? I blew my aug-09 set away and I'd like libreoffice back. Anyone? (And yes, I know it's always a gamble to mismatch packages and the OS) Thanks, STeve Andre' You won't get it from the original *.openbsd.org mirrors but try it from the other mirrors; sometimes they have versions back to the good old days. Heh. I've been trawling the list of mirrors on the download page, and I'm impressed--the oldest I've yet seen is the 18th. I'd say that the mirrors are more up to date than 5+ years ago. I'm mostly done trawling, hence this query. --STeve Andre'
Recent package archives?
Does anyone have archives of recent amd64 snapshot packages? I blew my aug-09 set away and I'd like libreoffice back. Anyone? (And yes, I know it's always a gamble to mismatch packages and the OS) Thanks, STeve Andre'
Re: problem trying to import a 3.4m database with phpmyadmin
Well guess what--I fixed it. In /etc/php5-6.ini, a semi-colon is used for comment lines. I used a colon. It misparses things when you do that. Silently. I need to clean my eyeballs now... Sorry for the noise, but at least you can remember this. (reason 416 to not be crazy about php...) --STeve Andre' On 08/15/16 05:41, STeve Andre' wrote: This is on an amd64 -current system updated/compiled as of Aug 8 7am; using the 8/13 packages. I'm trying to use phpMyAdmin to import a database into maria. in /etc/php-5.6ini I've set memory_limit to 256m, post_max_size to 16m and upload_max_filesize to 8m. The db I'm trying to import is 3.4m. Under import in phpmyadmin it says (max 2,048k) for importing, hence my doing what php faq 1.16 said about the above three params in php.ini. Now I notice that suhosin says in /var/log/messages ALERT - script tried to disable memory_limit by setting it to a negative value -1 bytes which is not allowed (attacker '10.0.0.5', file '/u/php/www/import.php', line 296) So, I am wondering how suhosin is seeing this, and how one gets phpmyadmin to deal with > 2M files. That is always says 2,048K says I'm not changing things correctly? I've restarted apache and even rebooted but I always get the 2M max notice. Any ideas? I'm pressed for time on this, sigh. Pointers would be much appreciated. --STeve Andre'
problem trying to import a 3.4m database with phpmyadmin
This is on an amd64 -current system updated/compiled as of Aug 8 7am; using the 8/13 packages. I'm trying to use phpMyAdmin to import a database into maria. in /etc/php-5.6ini I've set memory_limit to 256m, post_max_size to 16m and upload_max_filesize to 8m. The db I'm trying to import is 3.4m. Under import in phpmyadmin it says (max 2,048k) for importing, hence my doing what php faq 1.16 said about the above three params in php.ini. Now I notice that suhosin says in /var/log/messages ALERT - script tried to disable memory_limit by setting it to a negative value -1 bytes which is not allowed (attacker '10.0.0.5', file '/u/php/www/import.php', line 296) So, I am wondering how suhosin is seeing this, and how one gets phpmyadmin to deal with > 2M files. That is always says 2,048K says I'm not changing things correctly? I've restarted apache and even rebooted but I always get the 2M max notice. Any ideas? I'm pressed for time on this, sigh. Pointers would be much appreciated. --STeve Andre'
Interesting error message from disk testing
I am testing some new 8TB disks. I've taken to doing dd if=/dev/zero of=/dev/rsd3c bs=64k and dd if=/dev/rsd3c of=/dev/null bs=64k as a first test. It's depressing how often I've found problems on big disks. Today, the read test produced an error in the messages file I've not seen before: Jun 28 16:17:39 paladin /bsd: sd3(umass0:1:0): Check Condition (error 0x70) on opcode 0x28 Jun 28 16:17:39 paladin /bsd: SENSE KEY: Aborted Command Jun 28 16:17:39 paladin /bsd: ASC/ASCQ: Information Unit iuCRC Error Detected So it isn't a soft read error -- what is it? It might be useful to indicate where the error occurred? This is the second of three disks to be tested. It's connected to a Thermaltake USB 3.0 disk enclosure. Thanks for any pointers. --STeve Andre'
Re: Is it possible and not unadvisable to make /src with the -O3 option?...
Go for it. The beauty of open source is that you are free to try things. I would submit your first step of learning is how to figure out where all the -O2's are. You will learn a lot about things if you really dig into the weird problems you will hit. Probably you won't get much help here, but that shouldn't stop you. Hint: start reading about compilers. --STeve Andre' On 06/16/16 11:12, Luke Small wrote: Eh, I run it on a VM. I could copy one and somehow locate all the -O2's and replace them with -O3's in the files. I'd probably have to write a program to do it, unless there are easy to find, centrally located ones? On Thu, Jun 16, 2016 at 9:54 AM Janne Johansson <icepic...@gmail.com> wrote: Do you have the skills to detect and handle if gcc miscompiles something at -O3? If not, then don't. Noone else will help you getting a zomg-fast -O3 system working after a slight miscompile gets a few bad instructions stuffed into some lib somewhere, so if you break your system, you get to keep all the pieces. Short version: "if you had to ask, then the answer was no". 2016-06-16 15:42 GMT+02:00 Luke Small <lukensm...@gmail.com>: -- May the most significant bit of your life be positive.
OpenBSD on a Chuwi hi12 tablet - dmesg
Hello. Occasionally it is asked if OpenBSD can run on a tablet, so I wanted to share a dmesg showing what it looks like on one. It is a dual-boot (Windows 10 and Android), Chinese designed and made Chuwi Hi12 tablet with attachable keyboard: http://en.chuwi.com/product/items/Chuwi-Hi12.html (Very affordable tablet considering the screen size and resolution, pretty happy with it, even though it has some rough edges and bugs.) I installed OpenBSD on a usb flash drive and can boot it from there. It is mostly a "not configured" galore, no X, net, or audio, but dockable keyboard works. dmesg, usbdevs, and pcidump: OpenBSD 6.0-beta (GENERIC.MP) #2165: Thu Jun 2 08:37:59 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 3freal mem = 4179439616 (3985MB) avail mem = 4048146432 (3860MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b76e000 (51 entries) bios0: vendor American Megatrends Inc. version "5.11" date 04/28/2016 bios0: Default string Default string acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MSDM MCFG SSDT SSDT SSDT UEFI SSDT HPET SSDT SSDT SSDT LPIT BCFG PRAM CSRT BCFG OEM0 OEM1 PIDV RSCI WDAT acpi0: wakeup devices XHC1(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1440.29 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpicpu0 at acpi0 C2: state 6: substate 8 >= num 3 C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS acpicpu1 at acpi0 C2: state 6: substate 8 >= num 3 C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS acpicpu2 at acpi0 C2: state 6: substate 8 >= num 3 C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS acpicpu3 at acpi0 C2: state 6: substate 8 >= num 3 C3: state 7: substate 4 >= num 3: C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: ID3C, resource for ISP3 acpipwrres1 at acpi0: WWPR, resource for HS03, MDM1 acpipwrres2 at acpi0: WWPR, resource for HS13, MDM1 acpipwrres3 at acpi0: WWPR, resource for SSC1, MDM3 acpipwrres4 at acpi0: WWPR, resource for SSCW, MDM3 acpipwrres5 at acpi0: WWPR, resource for HSC1, MDM2 acpipwrres6 at acpi0: WWPR, resource for HSC3, MDM4 acpipwrres7 at acpi0: CLK2, resource for CAM7, CAM3 acpipwrres8 at acpi0: CLK4, resource for CAM4, CAM8 acpipwrres9 at acpi0: CLK3, resource for RTEK, ESSX, RTK1 acpipwrres10 at acpi0: CLK4 acpipwrres11 at acpi0: CLK2 acpipwrres12 at acpi0: CLK1 acpipwrres13 at acpi0: CLK0 acpipwrres14 at acpi0: CLK1 acpipwrres15 at acpi0: CLK5 acpipwrres16 at acpi0: USBC, resource for XHC1, OTG1 acpipwrres17 at acpi0: P28X acpipwrres18 at
Mod_rewrite.so use
Sorry not my usual mail program Sent with AquaMail for Android http://www.aqua-mail.com --- Forwarded message --- From: STeve Andre' <and...@msu.edu> Date: May 17, 2016 4:16:13 PM Subject: Mod_rewrite.so use I am creating a Web server using apache2. For the moment I need to use it. To enable mod_rewrite.so you simply uncomment it in httpd2.conf and restart apache, correct? I haven't used a2 before. This is a -current system with amd64 packages of may 15. Verifying that what I think is correct. This is using WordPress 4.5.2. Cough... Thanks for any clue bats. STeve Andre' Sent with AquaMail for Android http://www.aqua-mail.com
Re: support new
On 02/09/16 07:41, Ingo Schwarze wrote: Hi, William Mimart wrote on Mon, Feb 08, 2016 at 08:36:59PM +0100: 0 C FRANCE P Normandie T Rouen Z 76000 O mimart.info Sorry, but this doesn't make any sense to me. This entry wouldn't be related to OpenBSD at all. It seems to be something about kittens... Consequently, entry not added. Yours, Ingo Perhaps they can assist with kitten cake? I William Mimart A 63 rue des Hallettes M will...@mimart.info B +33 6 86 11 19 43 N Almost 30 years of experience in Unix systems including more than 10 on OpenBSD with a specialty in firewalls. Consulting, installation, maintenance, formation and support. Presque 30 ans d'exprience dans les systmes Unix dont plus de 10 sur OpenBSD avec une spcialit?? dans les pare-feu. Consulting, installation, maintenance, training and support.
Re: Pledge problem in tsort?
On 01/09/16 07:46, Sebastien Marie wrote: On Sat, Jan 09, 2016 at 03:40:08AM -0500, STeve Andre' wrote: I got the following error below after updating my tree about 02:42 am Jan 9 EST. Amd64 -current. I don't see anything special the the -current update faq. Are others seeing this? --STeve Andre' [...] tsort: pledge: Invalid argument cc: no input files Well, maybe we should document that in -current update faq. Several things occurs at near same time: - tsort was using the 2nd argument of pledge(2) : it has been corrected in tsort.c rev 1.35 (3 days old) - for preparing 5.9 release, we turn off this specific argument in rev 1.143 of sys/kern/kern_pledge.c (2 days old) So your "old" tsort (which use whitepaths in pledge) is incompatible with the "new" kernel you just compiled and booted (as it don't allow using whitepaths in pledge). And as tsort is used during building... "paf". You should be able to recompile and reinstall tsort, before rerun your make build. Something like: cd /usr/src/usr.bin/tsort && make clean && make obj && make depend && make && doas make install Thanks. Yes, my pea brain figured this out just about the time that Theo said to do this. It worked.Thanks to all.. --STeve Andre'
Pledge problem in tsort?
I got the following error below after updating my tree about 02:42 am Jan 9 EST. Amd64 -current. I don't see anything special the the -current update faq. Are others seeing this? --STeve Andre' building shared crypto library (version 37.0) cc -shared -fpic -o libcrypto.so.37.0 `lorder cryptlib.so malloc-wrapper.so mem_dbg.so cversion.so ex_data.so cpt_err.so o_time.so o_str.so o_init.so mem_clr.so aes_misc.so aes_ecb.so aes_cfb.so aes_ofb.so aes_ctr.so aes_ige.so aes_wrap.so a_object.so a_bitstr.so a_time.so a_int.so a_octet.so a_print.so a_type.so a_dup.so a_d2i_fp.so a_i2d_fp.so a_enum.so a_utf8.so a_sign.so a_digest.so a_verify.so a_mbstr.so a_strex.so x_algor.so x_val.so x_pubkey.so x_sig.so x_req.so x_attrib.so x_bignum.so x_long.so x_name.so x_x509.so x_x509a.so x_crl.so x_info.so x_spki.so nsseq.so x_nx509.so d2i_pu.so d2i_pr.so i2d_pu.so i2d_pr.so t_req.so t_x509.so t_x509a.so t_crl.so t_pkey.so t_spki.so t_bitst.so tasn_new.so tasn_fre.so tasn_enc.so tasn_dec.so tasn_utl.so tasn_typ.so tasn_prn.so ameth_lib.so f_int.so f_string.so n_pkey.so f_enum.so x_pkey.so a_bool.so x_exten.so bio_asn1.so bio_ndef.so asn_mime.so asn1_gen.so asn1_par.so asn1_lib.so asn1_err.so a_bytes.so a_strnid.so evp_asn1.so asn_pack.so p5_pbe.so p5_pbev2.so p8_pkey.so asn_moid.so a_set.so a_time_tm.so bf_skey.so bf_ecb.so bf_cfb64.so bf_ofb64.so bio_lib.so bio_cb.so bio_err.so bss_mem.so bss_null.so bss_fd.so bss_file.so bss_sock.so bss_conn.so bf_null.so bf_buff.so b_print.so b_dump.so b_posix.so b_sock.so bss_acpt.so bf_nbio.so bss_log.so bss_bio.so bss_dgram.so bn_add.so bn_div.so bn_exp.so bn_lib.so bn_ctx.so bn_mul.so bn_mod.so bn_print.so bn_rand.so bn_shift.so bn_word.so bn_blind.so bn_kron.so bn_sqrt.so bn_gcd.so bn_prime.so bn_err.so bn_sqr.so bn_recp.so bn_mont.so bn_mpi.so bn_exp2.so bn_gf2m.so bn_nist.so bn_depr.so bn_const.so bn_x931p.so buffer.so buf_err.so buf_str.so cmll_cfb.so cmll_ctr.so cmll_ecb.so cmll_ofb.so c_skey.so c_ecb.so c_enc.so c_cfb64.so c_ofb64.so chacha.so cmac.so cm_ameth.so cm_pmeth.so comp_lib.so comp_err.so c_rle.so c_zlib.so conf_err.so conf_lib.so conf_api.so conf_def.so conf_mod.so conf_mall.so conf_sap.so cbc_cksm.so cbc_enc.so cfb64enc.so cfb_enc.so ecb3_enc.so ecb_enc.so enc_read.so enc_writ.so fcrypt.so ofb64enc.so ofb_enc.so pcbc_enc.so qud_cksm.so rand_key.so set_key.so xcbc_enc.so str2key.so cfb64ede.so ofb64ede.so ede_cbcm_enc.so dh_asn1.so dh_gen.so dh_key.so dh_lib.so dh_check.so dh_err.so dh_depr.so dh_ameth.so dh_pmeth.so dh_prn.so dsa_gen.so dsa_key.so dsa_lib.so dsa_asn1.so dsa_vrf.so dsa_sign.so dsa_err.so dsa_ossl.so dsa_depr.so dsa_ameth.so dsa_pmeth.so dsa_prn.so dso_dlfcn.so dso_err.so dso_lib.so dso_null.so dso_openssl.so ec_lib.so ecp_smpl.so ecp_mont.so ecp_nist.so ec_cvt.so ec_mult.so ec_err.so ec_curve.so ec_check.so ec_print.so ec_asn1.so ec_key.so ec2_smpl.so ec2_mult.so ec_ameth.so ec_pmeth.so eck_prn.so ecp_nistp224.so ecp_nistp256.so ecp_nistp521.so ecp_nistputil.so ecp_oct.so ec2_oct.so ec_oct.so ech_lib.so ech_key.so ech_err.so ecs_lib.so ecs_asn1.so ecs_ossl.so ecs_sign.so ecs_vrf.so ecs_err.so eng_err.so eng_lib.so eng_list.so eng_init.so eng_ctrl.so eng_table.so eng_pkey.so eng_fat.so eng_all.so tb_rsa.so tb_dsa.so tb_ecdsa.so tb_dh.so tb_ecdh.so tb_rand.so tb_store.so tb_cipher.so tb_digest.so tb_pkmeth.so tb_asnmth.so eng_openssl.so eng_cnf.so eng_dyn.so err.so err_all.so err_prn.so encode.so digest.so evp_enc.so evp_key.so e_des.so e_bf.so e_idea.so e_des3.so e_camellia.so e_rc4.so e_aes.so names.so e_xcbc_d.so e_rc2.so e_cast.so m_null.so m_md4.so m_md5.so m_sha1.so m_wp.so m_dss.so m_dss1.so m_ripemd.so m_ecdsa.so p_open.so p_seal.so p_sign.so p_verify.so p_lib.so p_enc.so p_dec.so bio_md.so bio_b64.so bio_enc.so evp_err.so e_null.so c_all.so evp_lib.so evp_pkey.so evp_pbe.so p5_crpt.so p5_crpt2.so e_old.so pmeth_lib.so pmeth_fn.so pmeth_gn.so m_sigver.so e_aes_cbc_hmac_sha1.so e_rc4_hmac_md5.so e_chacha.so evp_aead.so e_chacha20poly1305.so e_gost2814789.so m_gost2814789.so m_gostr341194.so m_streebog.so gost2814789.so gost89_keywrap.so gost89_params.so gost89imit_ameth.so gost89imit_pmeth.so gost_asn1.so gost_err.so gostr341001.so gostr341001_ameth.so gostr341001_key.so gostr341001_params.so gostr341001_pmeth.so gostr341194.so streebog.so hmac.so hm_ameth.so hm_pmeth.so i_cbc.so i_cfb64.so i_ofb64.so i_ecb.so i_skey.so krb5_asn.so lhash.so lh_stats.so md4_dgst.so md4_one.so md5_dgst.so md5_one.so cbc128.so ctr128.so cts128.so cfb128.so ofb128.so gcm128.so ccm128.so xts128.so o_names.so obj_dat.so obj_lib.so obj_err.so obj_xref.so ocsp_asn.so ocsp_ext.so ocsp_ht.so ocsp_lib.so ocsp_cl.so ocsp_srv.so ocsp_prn.so ocsp_vfy.so ocsp_err.so pem_sign.so pem_seal.so pem_info.so pem_lib.so pem_all.so pem_err.so pem_x509.so pem_xaux.so pem_oth.so pem_pk8.so pem_pkey.so pvkfmt.so p12_add.so p12_asn.so p12_attr.so p12_crpt.so p12_crt.so p12_decr.so p12_init.so p12_key.so p12_kiss.so
Re: dpb build box performance suggestions.
On Wed, 16 Dec 2015 23:15:29 + Tati Chevron <chev...@swabsit.com> wrote: > Really, have a look at the dependencies for ImageMagick, and ask yourself > who really uses djvu, for example. Removing it and ghostscript reduces > the dependencies from: Plenty of people read books in djvu format and use ImageMagick to work with it. There are many old and valuable, but long out of print books that were scanned and encoded to djvu format a decade or more ago. Converting such books to pdf format using open source tools is usually difficult without drastically reducing the quality or increasing the file size two- or threefold. And when you do decide to convert, you need the ImageMagick or similar software. I am grateful to OpenBSD developers and porters for supporting various seemingly obscure dependencies and software packages, even though they may seem to be useless to the majority of the users. -- Andre
Re: USB external floppy
On Sun, 13 Dec 2015 18:11:07 -0500 "Bryan C. Everly" <br...@bceassociates.com> wrote: > Hi, > > I'm wanting to create a boot floppy for a Vaxstation. Could someone > recommend a USB floppy that I could plug into my amd64 laptop that would > allow me to create a boot floppy for a VAX? > > Thanks, > Bryan Hi. I don't know anything about VAXes, but I do use USB floppy drive often. The drive I have is a bit flaky, equally so under OpenBSD and Windows, and needs the disk to be ejected and reinserted, or the drive unplugged and reconnected sometimes, but, generally speaking, it works. A bit slow under OpenBSD when mounting and using FAT disks. Sold by Amazon as "Nippon Labs" USB floppy drive: umass0 at uhub7 port 1 configuration 1 interface 0 "TEAC TEAC FD-05PUB" rev 2.00/0.00 addr 2 umass0: using UFI over CBI with CCI scsibus2 at umass0: 2 targets, initiator 0 sd3 at scsibus2 targ 1 lun 0: <TEAC, FD-05PUB, 3000> ATAPI 0/direct removable Just tried dd'ing the vax image onto a disk using that drive: $ time sudo dd if=/tmp/floppy58.fs of=/dev/rsd3c bs=1m 1+1 records in 1+1 records out 1474560 bytes transferred in 51.998 secs (28358 bytes/sec) 0m53.58s real 0m00.00s user 0m00.01s system -- Andre
Re: Is OpenSMTPD worthy of OpenBSD inclusion?
You obviously never lived through the sendmail era. The smtpd code is very good. Bugs happen, and how the creators of a program react to them is what matters. The qualsys results were promptly dealt with. I don't think there is much to discuss other than diffs that further the project. STeve Andre' On October 5, 2015 12:47:18 PM EDT, "Jason A. Donenfeld" <ja...@zx2c4.com> wrote: >Hi folks, > >Like many others, when I learned that OpenBSD was creating from >scratch an SMTP daemon, I was thrilled. The OpenBSD name has for a >long time been connected with security, stability, and reliability. I >was excited to see an extremely easy to configure yet powerful SMTP >daemon coming from such a venerable project as OpenBSD. Overtime, >OpenSMTPD has replaced all other mail daemons for me, and I've been >pleased to use another OpenBSD project as part of my critical >infrastructure. Code from OpenBSD is code that the community has >learned to trust, a reputation matched by few other projects. > >It has been, therefore, to my extreme dismay to discover in recent >months the sheer number of critical security vulnerabilities - in some >cases, remotely exploitable - in OpenSMTPD. Just this past week, >Qualys has reported an impressive audit result [1], with a scary >remote code execution vulnerability among others, and last night I >discovered a remotely exploitable buffer overflow that was being >triggered in the wild [2]. If you comb through the OpenSMTPD misc >mailing list, you'll find scattered reports of other similar bugs -- >buffer overflows, remote denial of service vectors, and a host of >other nasty glitches and security vulnerabilities -- and if you look >at the CVS repository or git repository, you'll see other such goodies >baked in there; most of them haven't been publicly revealed as >security vulnerabilities and were not assigned CVEs, which is an >irreverent point for most reasonably skilled malicious actors. > >The fact is, OpenSMTPD has suffered a disproportionately high number >of security issues, especially for a daemon as important as it. It is >not living up to OpenBSD's reputation, and it threatens the >OpenBSD.org frontpage security claim. I do not any longer believe >OpenSMTPD to be software that is trustable for use in critical >infrastructure at this point in time. > >Personally, I am very attached to OpenSMTPD. I have contributed to its >development in, what I think to be, significant ways, and I maintain >both distribution packages for it (Gentoo), as well as my entire >infrastructure, which is based on OpenSMTPD. I've "bet the farm" on >the project, so to speak. > >But I think it's time we take a step back and reassess the situation. >There are some critical questions that need to be answered. What >accounts for the high proportion of security vulnerabilities in a >project renowned for its brilliant developers and stringent review >processes? Do the OpenSMTPD developers have time -- and have they >displayed a presence of necessary free time -- to keep the project >healthy and moving toward stability at an acceptable pace? Have the >correct standards of releases been applied to the OpenSMTPD release >process? > >And most importantly: should OpenSMTPD continue to be a part of the >core OpenBSD project? Or should it rather spend some time maturing and >securing commitments from developers for maintaining it in a >consistent manner, before being accepted by such a reputable >organization as OpenBSD? > >Finally, if OpenSMTPD does continue to exist as a part of core >OpenBSD, I would strongly recommend some effort is organized to bring >top quality code reviewers and auditors to the source code, in order >to give the project the eyeballs it deserves. It would be a great >boost in confidence for many who use - or hoped to someday use - >OpenSMTPD to see that intelligent minds, capable of securing large >codebases, have put their efforts into making it secure. > >I hope this can begin some discussion on the best way forward toward >making OpenSMTPD a piece of infrastructure we can trust. My best >wishes for the project. > >Regards, >Jason > > >[1] http://seclists.org/oss-sec/2015/q4/17 >[2] http://seclists.org/oss-sec/2015/q4/25
Re: carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart
...I don't believe it... I ssh'd all the time to the gateways and never had a look to the bootmessages 2x "ifconfig invalid argument" was the hint at boot. The fault (syntax typo?) was included in hostname.carp[0,1] - "\" for a 2-liner didn't work... despite the usage of blanks only. Crunched it to a 1-liner and all worked... Seems that the parsing is different at booting? Andre Am 02.10.15 um 10:37 schrieb Andre Ruppert: Hello @list, perhaps I'm stupid but I've got a problem with two CARPed gateways running 5.7-amd64 stable. Hardware: two supermicro-board machines with four network interfaces each (em0 .. em3). Networks: LAN A : 172.16.210/24 via em0 LAN B : 172.16.0/24 via em1 direct connect for pfsync: 1.1.1.0/30 via em3 Gateway A setup --- (master) --- hostname.em0: "inet 172.16.210.2 255.255.255.0" hostname.em1: "inet 172.16.0.30 255.255.255.0" hostname.em3 "inet 1.1.1.1 255.255.255.252 1.1.1.3" hostname.carp0 "inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \ carpdev em0 pass gwvoip01carppass advskew 0" hostname.carp1 "inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \ carpdev em1 pass gwvoip01carppass advskew 0" hostname.pfsync0 "up syncdev em3 syncpeer 1.1.1.2" sysctl net.inet.carp -> net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=7 #debugging Gateway B setup --- (backup) --- hostname.em0: "inet 172.16.210.3 255.255.255.0" hostname.em1: "inet 172.16.0.31 255.255.255.0" hostname.em3 "inet 1.1.1.2 255.255.255.252 1.1.1.3" hostname.carp0 "inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \ carpdev em0 pass gwvoip01carppass advskew 100" hostname.carp1 "inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \ carpdev em1 pass gwvoip01carppass advskew 100" hostname.pfsync0 "up syncdev em3 syncpeer 1.1.1.1" sysctl net.inet.carp -> net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=2 problem description -- (remark: failover-switching works on both machines in both directions) If one of the machines reboots, the local carp-interfaces stuck in "INIT" state. Same behavior on both systems. The log (A) after reboot: carp: carp0 demoted group carp by -1 to 162 (carpdev) carp: carp1 demoted group carp by -1 to 161 (carpdev) carp: pfsync0 demoted group carp by -1 to 32 (pfsync bulk done) carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk done) carp: pfsync0 demoted group carp by -32 to 0 (pfsync init) carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init) If the carp-interfaces are subsequently restartet via netstart command, all works like a charm again... The log (A) after "sh /etc/netstart [carp0,carp1]": carp0: state transition: INIT -> BACKUP state transition: BACKUP -> MASTER state transition: INIT -> BACKUP state transition: BACKUP -> MASTER No PF-ruleset-problem! resulting question - what the heck is going on here? ;-) alternative: what did I forgot to configure? Thanks for reading... Andre Ruppert
carp/pfsync-problem: carp states stuck in "INIT" on boot on both machines but work correctly if called manually via /etc/netstart
Hello @list, perhaps I'm stupid but I've got a problem with two CARPed gateways running 5.7-amd64 stable. Hardware: two supermicro-board machines with four network interfaces each (em0 .. em3). Networks: LAN A : 172.16.210/24 via em0 LAN B : 172.16.0/24 via em1 direct connect for pfsync: 1.1.1.0/30 via em3 Gateway A setup --- (master) --- hostname.em0: "inet 172.16.210.2 255.255.255.0" hostname.em1: "inet 172.16.0.30 255.255.255.0" hostname.em3 "inet 1.1.1.1 255.255.255.252 1.1.1.3" hostname.carp0 "inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \ carpdev em0 pass gwvoip01carppass advskew 0" hostname.carp1 "inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \ carpdev em1 pass gwvoip01carppass advskew 0" hostname.pfsync0 "up syncdev em3 syncpeer 1.1.1.2" sysctl net.inet.carp -> net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=7 #debugging Gateway B setup --- (backup) --- hostname.em0: "inet 172.16.210.3 255.255.255.0" hostname.em1: "inet 172.16.0.31 255.255.255.0" hostname.em3 "inet 1.1.1.2 255.255.255.252 1.1.1.3" hostname.carp0 "inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 \ carpdev em0 pass gwvoip01carppass advskew 100" hostname.carp1 "inet 172.16.0.29 255.255.255.0 172.16.0.255 vhid 2 \ carpdev em1 pass gwvoip01carppass advskew 100" hostname.pfsync0 "up syncdev em3 syncpeer 1.1.1.1" sysctl net.inet.carp -> net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=2 problem description -- (remark: failover-switching works on both machines in both directions) If one of the machines reboots, the local carp-interfaces stuck in "INIT" state. Same behavior on both systems. The log (A) after reboot: carp: carp0 demoted group carp by -1 to 162 (carpdev) carp: carp1 demoted group carp by -1 to 161 (carpdev) carp: pfsync0 demoted group carp by -1 to 32 (pfsync bulk done) carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk done) carp: pfsync0 demoted group carp by -32 to 0 (pfsync init) carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init) If the carp-interfaces are subsequently restartet via netstart command, all works like a charm again... The log (A) after "sh /etc/netstart [carp0,carp1]": carp0: state transition: INIT -> BACKUP state transition: BACKUP -> MASTER state transition: INIT -> BACKUP state transition: BACKUP -> MASTER No PF-ruleset-problem! resulting question - what the heck is going on here? ;-) alternative: what did I forgot to configure? Thanks for reading... Andre Ruppert
Package for taking a picture
I'm looking in the ports tree for something to test a camera that shows up as uvideo0. It looks like uvideo0 at uhub0 port 12 configuration 1 interface 0 8SSC20F26960L1GZ52304E9 Integrated Camera rev 2.00/10.04 addr 4 video0 at uvideo0. I'm sure I used something several years ago. It's great that the ports tree has gotten so big that you can't remember it all. ;-) Something to take a pic and put it in a file would be OK. --STeve Andre'
Re: hp laptop with nvidia - slow X11
On 06/15/15 17:19, Riccardo Mottola wrote: Hi, for the same laptop for which I just posted a full dmesg about the battery problem, which reports this video card: vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8400M GS rev 0xa1 I get a super-slow X11. Dragging an xterm may take half a second, up to the point where X11 looses track of the mouse move events. Scrolling XTerm is unusably slwo too. Using a larger editor like Emacs or Firefox... even worse. It looks totally unacelercated. [snip] Sadly, Nvidia video cards are to be avoided. I think it would be fair to say that Nvidia is the most open-source hostile company out there. Because of this there is no Nvidia specific driver in OpenBSD. You are using it in vga compatible mode. Things work, but hardly with the speed that it delivers on Windows. There is a reverse engineered driver called nouveau. Look at https://en.wikipedia.org/wiki/Nouveau_(software) for more info. While theoretically portable to OpenBSD, it involves work, and when I looked at it a bit it was under constant change, such that a port dated Monday might be outdated by Saturday. I have a LOT of respect for the people doing this. It's hard. I did a little hardware poking on the 286, a long time ago. It's isn't simple. I also hope it was written under a reasonable license. Once nouveau stabilizes (I have no idea of its current state), someone may get the interest to port it. Maybe. But as of right now, it ought to be avoided. --STeve Andre'
Major improvement in CPU temperatures for -current
I just did a build of the world after seeing Philip Guenther's post on better using C-states in ACPI for cooler CPU temperatures. This is a *significant* improvement. I'm using a new ThinkPad, a w541. During my first world build I saw temperatures as high as 94C. It did not hit the fatal temperature to force a reboot but it was pretty hot. This was at 3.3GHz. After booting with the new kernel I wondered what the results would be. Keeping track of hw.sensors.acpithinkpad0.temp3 on my older w500 would typically be in the 86 - 92C range and then reboot if I was wasn't careful. This build the temperature was typically 78 - 80C, with one spike at 82C during the latter part of the xenocara build. My script checked every 17 seconds. I can say from this one test that there is a huge difference--10C, at least! The last time I saw such a significant change to OpenBSD was when soft deps came into the tree. If you can run -current on your laptop, you should consider it. It really is amazing. Later I will try to get a test jig in place such that I can measure current draw and compare, but heat == power, so I'm sure it's a success. Thank you Philip, et al! --STeve Andre' ps: more on the w541 later and a description to dm...@openbsd.org. -- original email Date: Sat, 13 Jun 2015 15:15:59 -0700 Subject: Re: CPU power consumption on thinkpad x201 From: Philip Guenther guent...@gmail.com To: Jingcheng Zhang dio...@gmail.com Cc: Shaun Reiger srei...@sprmail.net, misc@openbsd.org misc@openbsd.org On Thu, May 28, 2015 at 6:53 AM, Jingcheng Zhang dio...@gmail.com wrote: Another x201 user here, suffering from the same problem. Any news/solutions on this issue? I just committed support for using the deeper C-states advertised by ACPI, which in testing dropped the temperature on most laptops. Don't forget to send a dmesg to dm...@openbsd.org some time after you upgrade, so we can check for any problems found by the code! Philip Guenther -- w541 dmesg OpenBSD 5.7-current (GENERIC.MP) #0: Mon Jun 8 20:49:25 EDT 2015 r...@paladin.home.network:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 33950375936 (32377MB) avail mem = 32917573632 (31392MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7cd2d000 (68 entries) bios0: vendor LENOVO version GNET72WW (2.20 ) date 02/26/2015 bios0: LENOVO 20EGCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCP A UEFI MSDM ASF! BATB FPDT UEFI acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) EXP3(S4) XHCI(S3) EHC1(S3) EHC2(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.31 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR, SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID, SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR, SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID, SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,IT SC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR, SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID, SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,IT SC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4940MX CPU @ 3.10GHz, 798.15 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR, SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID, SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C
Re: New LibreSSL mailing lists
On 06/03/15 22:23, Doug Hogan wrote: We have two new lists for LibreSSL: libre...@openbsd.org - public list for technical discussion about LibreSSL on any operating system. libressl-secur...@openbsd.org - private list for reporting severe vulnerabilities in OpenSSL or LibreSSL to the core LibreSSL team. See http://www.openbsd.org/mail.html for more details. libressl-security gives me an error: The libressl-security mailing list is not supported at OpenBSD Mailing List Server.
Re: offtopic: political correctness
Any other problems? Am 08.05.15 um 16:30 schrieb Marko Cupać: Hi, I am reading 2nd edition of Absolute OpenBSD 2nd Edition and can't but notice paragraph Confidentiality on XXX page of Introduction: ---cut-here--- Confidentiality This means that secret data should remain secret. Your private infor- mation must not get into the public eye. That Eastern European kiddie porn syndicate should not get your credit card number. ---cut-here--- This sound quite nazi to me. Should Western European kiddie porn syndicate be able to get my credit card number, as opposed to Eastern European kiddie porn syndicate, which should not? Or does that mean that kiddie porn syndicate exists only in Eastern Europe, but not in - let's say - New Zealand or Canada? I guess this was intended to be a joke, but in my opinion it sucks. -- Andre Ruppert
Re: OpenBSD on Dell m4800 -- Anybody tried it?
I would like to believe that, but OEMs are constantly changing hardware. Since everyone runs Windows, all they have to do is make sure the new frotzel works, and ship it. Over time, the parts that don't work will likely get drivers, but if you need a laptop that just runs right now, I would find a way to test it. --STeve Andre' On 04/15/15 14:28, Shaun Reiger wrote: Hi Ray, I haven't used a Dell Precision M4800 with OBSD yet, but I found that under PCBSD it should work. Given OBSD has very good laptop support I believe everything should be detected. I have included a link to the PCBSD site where I found the your laptop listed. http://wiki.pcbsd.org/index.php/Hardware Cheers, Shaun On Tue, Apr 14, 2015 at 6:17 PM, Raymond Lillard r...@prosysmeg.com wrote: I am considering the purchase of a Dell Precision M4800 laptop with the intention of installing OpenBSD on it. Has anyone here ran OBSD on one of these? I will configure it with an AMD FirePro M5100. Google has fail to find anyone who has tried this. Thanks Ray
Suggestion for the 5.7 page
It might be good to include R under the highlights section. It's growing in popularity; I know I've gotten questions about it being in OpenBSD. It's really cool to show the ports tree now. Most all the important things are there now, at least for non-technical people. R is a useful addition to that, I think. --STeve Andre'
Re: What's wrong with script(1)?
On 01/29/15 18:16, openda...@hushmail.com wrote: Hi Marc / Otto! On 29. januar 2015 at 7:07 PM, Marc Espie es...@nerim.net wrote: And it shouldn't ! script(1) is often used for debugging purposes, and that noise becomes paramount to figuring out what's going on. Thanks, I had no idea. Would it be possible though to mention some use cases where the noise is necessary? Many thanks! O.D. When you want to know exactly what a process is spewing out. CR's and all. Really, script(1) says that it catches everything printed onto the terminal in the first line. I've used script to find out escape sequences from programs, to figure out how cursor movement worked. I've also caught programs with many gigs of output, so I could look for weird little things it said (not my code, but I had to figure it out). Having the line breaks in there let me see each individual line which was useful. Lastly if you don't want to see them make an alias of cat/more with output going through tr(1) and you'll never see them again. That's the beauty of this world--you have little tools to make stuff happen the way you want. --STeve Andre'
Re: Following Current / Flag Day
On 01/26/15 19:34, Kurt Miller wrote: We narrowed the definition of what a static pie binary is in the kernel. This change is a flag day where newer kernels will not recognize older pie binaries making upgrading via source hard. If you are running an older version of -current, upgrade via snapshots prior to building a new kernel from source to get over this flag day. -Kurt Is the below the change that is the flag day? Or, when is the FD? Modified files: sys/kern : exec_elf.c Log message: Require EFT shared objects have a PT_PHDR entry to be considered a pie binary. The kernel will now reject executing a typical shared library with EINVAL. This breaks compatibility with initial static pie binaries and requires a recent user-land prior to upgrading. In addition, more fine grained errors can be returned from execve(2) when errors occur while attempting to execute ELF objects. okay guenther@, kettenis@, deraadt@ --STeve Andre'
Re: Following Current / Flag Day
On 01/27/15 00:16, Theo de Raadt wrote: On 01/26/15 19:34, Kurt Miller wrote: We narrowed the definition of what a static pie binary is in the kernel. This change is a flag day where newer kernels will not recognize older pie binaries making upgrading via source hard. If you are running an older version of -current, upgrade via snapshots prior to building a new kernel from source to get over this flag day. -Kurt Is the below the change that is the flag day? Or, when is the FD? Modified files: sys/kern : exec_elf.c Log message: Require EFT shared objects have a PT_PHDR entry to be considered a pie binary. The kernel will now reject executing a typical shared library with EINVAL. This breaks compatibility with initial static pie binaries and requires a recent user-land prior to upgrading. In addition, more fine grained errors can be returned from execve(2) when errors occur while attempting to execute ELF objects. okay guenther@, kettenis@, deraadt@ Look, you'll be fine. There is approximately a 3-4 day window about a 4 weeks or a month back, depending on architecture. Use snapshots, if in doubt. OK, already did that. The tense of the message is what made me question this. Thanks. --STeve Andre'
Re: AMD64 packages
On 12/11/14 05:59, FRIGN wrote: On Wed, 10 Dec 2014 21:27:46 -0500 STeve Andre' and...@msu.edu wrote: You might want to subscribe to the ports-changes changes list, which will show you what's been changed. The source-changes list will show you all the other cvs commits. Look at http://www.openbsd.org/mail.html Btw, now that the topic has come up. Is there a way to view the diffs quickly on a source- or port-change? Just reading the titles is not very helpful and I also don't feel like pulling the entire OpenBSD CVS-tree just to view the recent code-changes. I'm subscribed to numerous mailing lists, and all of them provide diff-data in the mail itself. I'm sure more people would subscribe to such a list if it actually encouraged to read and check the source. Cheers FRIGN Have you looked at http://cvsweb.openbsd.org/cgi-bin/cvsweb/ ? You can get a diff of the change of any revision, which should help out. --STeve Andre'
Re: AMD64 packages
On 12/10/14 20:51, Stan Gammons wrote: When will new packages be built for AMD64? I'm getting library errors with the latest snapshot and the current packages. Stan They come out frequently, but not on a set schedule. Since the last set came out on the 6th, I would expect the next set in the next several days -- unless some change caused a cascade of non-compiles in which case the problem will be worked on before the next release. You might want to subscribe to the ports-changes changes list, which will show you what's been changed. The source-changes list will show you all the other cvs commits. Look at http://www.openbsd.org/mail.html
intermittent problems compiling kdrive in xenocara
So, I am dumb. Problem is, I don't know what it is that I don't know. Every once in a while compiling xenocara, I get a fatal error when dealing with kdrive. I've looked for emails talking about this and haven't found anything. I've gone over release(8) and think I'm OK. What's frustrating is that this error comes and goes. Sometimes for months at a time things are OK. I've resorted to getting a new copy of xenocara when this happens, which is dumb. I'm using the anoncvs server at spacehopper.org. Since others aren't complaining about this it must be me. So then, how am I shooting myself (this time) ? Clue sticks? Error below. tnx, STeve Andre' === kdrive cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/kdrive exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/lib/pkgconfig:/usr/X11R6/lib/pkgconfig CONFIG_SITE=/usr/xenocara/etc/config.site CFLAGS=-O2 -pipe MAKE=make PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin exec sh /usr/xenocara/kdrive/../xserver/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 --localstatedir=/var --sysconfdir=/etc/X11 --with-xkb-path=/usr/X11R6/share/X11/xkb --with-xkb-output=/var/db/xkb --with-default-xkb-rules=base --disable-xorg --enable-xcsecurity --enable-kdrive --disable-dmx --disable-xnest --disable-xvfb --without-fop --without-xmlto --without-xsltproc --disable-silent-rules configure: loading site script /usr/xenocara/etc/config.site configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/kdrive/../xserver/configure[3569]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory checking for a BSD-compatible install... (cached) /usr/bin/install -p checking whether build environment is sane... yes checking for a thread-safe mkdir -p... (cached) /bin/mkdir -p checking for gawk... (cached) awk checking whether make sets $(MAKE)... (cached) yes configure: error: source directory already configured; run make distclean there first *** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:179 'config.status') *** Error 1 in kdrive (/usr/X11R6/share/mk/bsd.xorg.mk:211 'build') *** Error 1 in . (bsd.subdir.mk:48 'realbuild') *** Error 1 in /usr/xenocara (Makefile:36 'build')
Re: Non-functional battery stuck at 55% on ThinkPad T420 upgrade since 5.6-stable upgrade
On 11/05/14 11:40, Peter wrote: Hello all, Since upgrading to 5.6-stable my ThinkPad T20 battery doesn't work. The OS recognizes the battery but it's stuck at 55% and won't recharge. It won't boot without AC power. I'm running apmd(8) without modifications. Did I forget some option when I reinstalled? Any help would be greatly appreciated. Thanks, Peter [snip] I had a Windows user on a Txxx thinkpad last year that had the same kind of problem. Sometimes things get weird with tp batteries. Three suggestions: 1. Take the battery out, unplugged from AC and try to start it. This drains whatever capacitive storage it might have. Leave it alone for an hour then plug it together and try it. 2. Boot anything else, like a live CD and see if the battery problem is the same. 3. kill apmd and see if that changes anything. --STeve Andre'
nobody spoke up, about today?
Happy birthday, OpenBSD!
Re: Trying to create softraid crypto part
So The partition has to be raid, vs 4.2 BSD Onward to my new disk... --STeve Andre' Sent with AquaMail for Android http://www.aqua-mail.com On October 6, 2014 12:22:25 AM STeve Andre' and...@msu.edu wrote: So I am missing something, or being dumb. sd0j is a 128g piece of disk. Doing bioctl -c C -l /dev/sd0j softraid0 Gives softraid0: invalid metadata format What am I missing? This is an amd64 snap of Oct 4th. The vnconfig way of encryption has worked till I decided to do things the new way. Thanks for clues, STeve Andre' Sent with AquaMail for Android http://www.aqua-mail.com
Trying to create softraid crypto part
So I am missing something, or being dumb. sd0j is a 128g piece of disk. Doing bioctl -c C -l /dev/sd0j softraid0 Gives softraid0: invalid metadata format What am I missing? This is an amd64 snap of Oct 4th. The vnconfig way of encryption has worked till I decided to do things the new way. Thanks for clues, STeve Andre' Sent with AquaMail for Android http://www.aqua-mail.com