Re: C style in OpenBSD
When you write code by yourself: On Tue, Jun 29, 2021 at 6:15 AM Reuben ua Bríġ wrote: > a style i came up with in imitation of some disgusting haskell code. When you write code with others: On Wed, Jun 30, 2021 at 7:34 AM Todd C. Miller wrote: > It is because consistency makes the code > easier to read for anyone familiar with that style. Part of that > means using common idioms that are immediately recognizable by > someone familiar with the style. This reduces the amount of time > is takes someone to understand the code. -- andrew fabbro and...@fabbro.org
Re: Microsoft's war on plain text email in open source
On Wed, Aug 26, 2020 at 2:36 AM Frank Beuth wrote: > “It is a fairly specific workflow that is a challenge for some newer > developers to engage with. As an example, my partner submitted a patch > to OpenBSD a few weeks ago, and he had to set up an entirely new mail > client which didn’t mangle his email message to HTML-ise or do other > things to it, so he could even make that one patch. That’s a barrier to > entry that’s pretty high for somebody who may want to be a first-time > contributor.”" > If someone struggles to send a plain-text email, what are the odds their OpenBSD patch is going to be accepted... -- andrew fabbro and...@fabbro.org
Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog
On Wed, May 27, 2020 at 9:22 PM Quantum Robin wrote: > While surfing on the Google to learn more about OpenBSD, I encountered this > one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure ( > https://aboutthebsds.wordpress.com/2013/01/25/20/) > If OpenBSD was to have a sex scandal, I would have hoped for something more colorful. Ho hum. Is the author telling the truth? Or just yet another anti-BSD thing? > The author isn't even lying well, much less telling the truth. -- andrew fabbro and...@fabbro.org
Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic
On Fri, Apr 10, 2020 at 2:55 AM Martin wrote: > I'm looking for relatively cheap VPS with OpenBSD installation support and > with ~1Tb of unfiltered traffic. In any words all in/out VPS ports must be > opened by default. > FYI, virtually any provider who offers KVM-based VMs can run OpenBSD. There are literally tons of KVM-based providers out there. These days, it's no longer a case of "finding a provider that supports OpenBSD" as much as just making sure you're getting a KVM-based VPS (and not OpenVZ, for example). Then you mount the virtual CD of your choice and away you go, booting bsd.rd and installing your OS. Bigger players like Vultr will have fancy features like snapshots, APIs, etc. I like Vultr, but I also like supporting indy companies. BuyVM.net is one I can recommend, but you'll need to open a ticket to have them remove the mail port restrictions. RamNode is another quality host. I also have had a good experience at securedragon.net. Regardless of who you choose, I'd open a pre-sales ticket just to confirm they support what you want to run and what you want to do. I'd ask specifically if they have the OpenBSD version you want (and if not, every provider I've dealt with is happy to download the .iso and make it available...some even allow you to upload your own ISOs), and also ask about port restrictions. There are some forums dedicated to discussing cheap (and not so cheap) VPSes. I'm partial to lowendtalk.com, but there's also talk.lowendspirit.com and hostballs.com. I can't recommend WebHostingTalk.com any more as it's mostly turned into an advertising/sig spamming forum. -- andrew fabbro and...@fabbro.org
Re: BACK TO BASICS
On Fri, Oct 11, 2019 at 9:09 AM wrote: > Deep down, I'm actually so saddened to see the original, and still > performing, UNIX has become so divided first splitting into three > *BSD communities, and then further diluted efforts with GNU and the > Linux kernel... > The Unix landscape was fragmented long, long before Linux or the three modern BSDs even existed. -- andrew fabbro and...@fabbro.org
Re: What is you motivational to use OpenBSD
On Wed, Aug 28, 2019 at 7:45 AM Mohamed salah wrote: > I wanna put something in discussion, what's your motivational to use > OPENBSD The vastly superior mascot and soundtrack. -- andrew fabbro and...@fabbro.org
Re: OpenBSD on Macbook 12" 2017?
Interesting - I thought SPI was as old as the hills, but I see Intel has an "enhanced" SPI now. https://en.wikipedia.org/wiki/Serial_Peripheral_Interface On Fri, Mar 15, 2019 at 10:31 AM joshua stein wrote: > On Fri, 15 Mar 2019 at 09:18:02 +0100, Harald Dunkel wrote: > > Hi folks, > > > > does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once, > > but keyboard and trackpad were not working, so I kept MacOS. > > The keyboard and touchpad are connected over SPI now, so they > require a new Intel SPI controller driver and then two custom > drivers for the keyboard and touchpad. > > So no, the device does not work on OpenBSD unless you use a USB > keyboard/mouse. > > -- andrew fabbro and...@fabbro.org
Re: Automated remote install
On Tue, Dec 18, 2018 at 1:03 AM Frank Beuth wrote: > On Mon, Dec 17, 2018 at 02:35:41PM -0200, Daniel Bolgheroni wrote: > >If you're going to run on some public cloud, they usually offer the > >possibility of keeping a custom image you provide, and use this image to > >deploy new VMs based on it. > > "usually" being the key word here :) > Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my experience, 100% will add it to their library if you request it. Note that I'm referring to KVM providers (traditional VPS providers), not "public cloud". The big boys - AWS, Azure, Google, etc. are not interested in OpenBSD. The mid-tier players - DigitalOcean, Vultr, Linode - are semi-interested. Vultr offers it natively. You can shim on Linode or DO but why bother then the main field of KVM players (there are thousands) offer it. If you search for a VPS provider that offers KVM (not OpenVZ, VIrtuozzo, or Xen) you will find many. -- andrew fabbro and...@fabbro.org
Re: pledge & unveil
Also worth searching YouTube for "openbsd pledge" and/or "openbsd unveil". There's at least four talks by Theo on pledge and a recent presentation by Bob Beck on pledge/unveil, as well as many others. On Sun, Oct 21, 2018 at 3:02 PM Heinz Kampmann wrote: > Hello, > > is there a paper on the web that explains work and relationship > from pledge and unveil for dummies? > > Best wishes, > Heinz > > -- andrew fabbro and...@fabbro.org
Re: user directory and wheel group
On Fri, Jun 15, 2018 at 2:42 PM, Stuart Henderson wrote: > One thing to be aware of is the not-very-well-known restriction that one > user can be in a maximum of 16 groups. If memory serves, this limitation derives from an nfs limitation. -- andrew fabbro and...@fabbro.org
Re: CVE-2018-8897
"A statement...was mishandled in the development of some or all operating-system kernels..." I think it's really "some" and the reason it's "some" and not "all" is OpenBSD. On Thu, May 10, 2018 at 9:51 PM, John Long <codeb...@inbox.lv> wrote: > On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote: > > > Dare I ask what lead to OpenBSD not being affected. > > > > > > Sorry if it is a dumb question but since this hit FreeBSD as well I > > > am > > > wondering > > > what OpenBSD did differently. > > > > > > Was this caught in an audit? > > > > > > I am just curious about causality that kept OpenBSD in the clear of > > > this one > > > that made such headlines yesterday. > > > > > > We didn't chase the fad of using every Intel cpu feature. > > This goes into the achive! Thank you for the slice of sanity in an > insane word. > > /jl > > -- andrew fabbro and...@fabbro.org
Re: Community-driven OpenBSD tutorials wiki?
On Thu, Jan 4, 2018 at 3:21 PM, Chris Bennett < webmas...@bennettconstruction.us> wrote: > But before you get your hopes up, go check out the various worldwide > community groups websites with similar attempts. > > Mexico, Russia, etc. > You will find the same thing. Instructions for something to do with 5.7, > all > of which is no longer applicable do to the constant change in OpenBSD. > We should wait until OpenBSD is completely done before tutorials are written :-) Kidding... The OpenBSD community has historically taken a different approach than That Other Open Source OS Family, frowning on tutorials, wikis, blog howtos, etc. in favor of saying "read the man pages, read the FAQ, read the source code". I suspect some of this comes from the incredible craftsmanship put into those resources. OpenBSD man pages are the best in the world, and I'd defend them even against commercial Unixes. They're the Sistine Chapel ceiling of man pages. So then to turn around and see howtos written by non-devs...it's kind of like a chess book by a GM versus one by a 1100 player. No one objects to Michael Lucas's book because he's a fine writer. Writing articles is not too difficult. Updating them, just doesn't happen. > Seriously, will I really want to spend the time updating an article about > something I now thoroughly understand and which has changed? Or would I > really just prefer to watch the latest movie that looks good? It's just > human > nature. > The situation is rather different for OpenBSD vs. other FOSS. Plenty of people are still running Debian 7 or CentOS 5. Those tutorials have enduring value. Relatively few people run OpenBSD from three or four versions back (or at least, they shouldn't). Debian 7 or Scientific Linux 6 or whatever is a branch with ongoing support and intended to be a lasting product, whereas OpenBSD is always a moving target. There are no "OpenBSD LTS" versions. So while I might legitimately consume a 5-year-old Linux tutorial and find it's still very applicable if you're still on Debian 7, deploying, reading and trying to use a 5-year-old OpenBSD tutorial would not be helpful. Trying to form a community project outside just doesn't seem to work, sadly. > > But if you've got the desire to do something, then have at it. Just don't > do > a ton of hard work only to be disappointed. > I do think there's a gap between man pages/source code and practical instructions on how to fix a problem or deploy a solution. But the problem you highlight is very real - things get out of date very fast. Ultimately, this is like the thread recently on using something other than CVS. The onus is on the proposer to demonstrate value. -- andrew fabbro and...@fabbro.org
Re: Domain redirections to Openbsd.org?
On Thu, May 18, 2017 at 8:13 AM, Wylie Bayes <m...@wyliebayes.com> wrote: > Just curious if is a normal thing for folks to be redirecting their domain > to Openbsd.org, in turn keeping their domain name in their browsers but > ultimately getting Openbsd.org's content? > > Such as: http://nathanalexander.uk/ ? > I don't think that's a redirect. It looks like the owner of that site simply ripped the OpenBSD main page and placed it on his site. At least he was thorough - images are served from his site and not via hotlink. As to normal thing...I'd say not. -- andrew fabbro and...@fabbro.org
Re: list all system users, eg. _x11
Listing all users is trivial - I don't think that's what he's asking. He's asking is "how do I list all *system* users", presumably in a way that differentiates them from user accounts in some kind of authoritative way. I don't think there is a way. You could: - Assume all users < uid 1000 are system users, but that is not hard enforced to my knowledge. IIRC the OS will start with 1001 but an admin could override that at user creation time. - Use your preferred programming language or utility to parse out entries that begin with _ in /etc/passwd. That won't get non-service-account entries like root, bin, etc. Also, I don't think there's a technical prohibition to creating a new user account that starts with an underscore. - Differentiate by groups. i.e., if all your users are in one group, then you know who isn't. I think if your admins don't do stupid things (create user accounts under 1000, create accounts starting with _, etc.) then just parsing /etc/passwd would likely be the simplest way. As practical experience, that's what I've done when migrating systems, etc. I assume that people play by the rules, so if I need to identify all the user accounts (to recreate them on a new system or something), I exclude uids under 1000 as a starting point. On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> wrote: > and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST): > > On 05/06/17 14:27, Luke Small wrote: > > > Is there a way to determine all users on a system that the users > command > > > doesn't seem to show? like _x11 and _ntpd > > users(1) - list current users > > I'd try ps(1) and get all active users from there. > > If you are after *all* users (inactive ones as well) you could use > "getent(1) passwd" and parse from there. > > Marcus > > > What's a user? > > > > Maybe you want to look at /etc/passwd. The first four lines are > > > > root:*:0:0:Charlie &:/root:/bin/ksh > > daemon:*:1:1:The devil himself:/root:/sbin/nologin > > operator:*:2:5:System &:/operator:/sbin/nologin > > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin > > > > You can parse that with awk and do stuff. Read about passwd(5) to > > understand the format. A login shell of /sbin/nologin means > > it isn't interactive. That might get you started? > > > > --STeve Andre' > > > > > > !DSPAM:590e28ea17913841584367! > > > > -- andrew fabbro and...@fabbro.org
Re: Is randomizing UID/GUID would make sense?
On Mon, Jan 23, 2017 at 11:00 AM, Martin Schröder <mar...@oneiros.de> wrote: > And what if my UID/GUIDs are random on every host and server? Would > nfs handle that? > Sure. Why not? But then, I'm only talking about UID/GID selection. I'm assuming that jsmith is UID 2000 on every system, regardless of how he got the number. Now if someone meant using *different* UID/GID on every system and they're not synchronized...right, that'd be a nightmare. The OP was just talking about changing from "last +1" to arc4random. Synchronizing UID/GID across servers (if you're not using a directory of some sort) is the same headache regardless of how you pick them. If the OP meant every server has different, unique randomized UID/GIDs then that's a separate craziness. -- andrew fabbro and...@fabbro.org
Re: Is randomizing UID/GUID would make sense?
On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder <mar...@oneiros.de> wrote: > 2017-01-20 8:43 GMT+01:00 minek van <minek...@mail.com>: > > Could it bring more security if the UIDs/GUIDs would be random? > > Why? What's the attack you want to defend against? > I suppose there's some information leakage in the sense that any given OpenBSD server is much more likely to have a UID of 1005 than a UID of 10005. And the first dozen or two lines in /etc/passwd are the same for every OpenBSD installation. But is there an arena where an attacker could make effective use of this information? If you wanted a different UID/GID for all the service accounts (everything >0) you're going to have a significantly more complicated installer...indeed, the whole tarball distro method would need to be examined. Random UID/GIDs for user accounts are something an admin could already do without needing to change anything - just pick random numbers for the adduser flags. > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it > only do pain? > > Yes. Not sure about that...it would certainly be a headache to change UIDs/GIDs if you already have them in place, but for setting up a new server/new accounts, nfs doesn't care what number you are (well, 0 excepted). Whether the algorithm is "last used +1" or arc4random, you have the same sync/directory problems regardless. That's for user accounts...service accounts might need a bit more thought. So in summary, if you want random UID/GID for user accounts, that's a one-liner shell script - go for it! But if you want random UID/GID for service accounts, I think there would need to be a lot more justification for what would be a lot more work. -- andrew fabbro and...@fabbro.org
Re: DigitalOcean and OpenBSD
Maybe this should be a FAQ. You can run OpenBSD on nearly any KVM VPS provider. I have some favorites, but it isn't right for me to shill here. You could visit LowEndTalk for discussion of cheap VPSes, or WebHostingTalk for more structured discussion of expensive ones. Or email me and I'll share my opinions and bread crumbs. I pay $3-5 per month to run OpenBSD on 512MB VPSes, and I also have some $15/year 128MB VPSes that run just fine for DNS, mail, etc. You can pay more to get much bigger specs of course. You need to read the vio(4) man page if you're going to run with virtio drivers (which you will if you use KVM). As for the "cloud" providers: - EC2, Azure: forget it. - Vultr: works well, officially supported - DigitalOcean: it's an "install through FreeBSD" hack. That said, once setup, I've had no issues. Note that snapshots may not work (per the tutorial link above). And of course there are cheap dedicated offers: OVH, SoYouStart, Kimsufi, online.net, hertzner, etc. If you can get the ISO presented to the hardware, of course OpenBSD works there. It's worth pointing out that: - if you just need a virtualized crash place to test OpenBSD, you can use virtualbox, etc. to do this on your PC/laptop for free - there are specialized OpenBSD hosters, so maybe giving them some love is appropriate - there are specialized OpenBSD shell account providers (devi.os) if that's all you need - some day in the bright shining future when vmm is done, you may be able to buy an OpenBSD guest VM on an OpenBSD host...and then these piddling Amazon and Microsoft Azure empires will fall as Puffy storms the net. To the cloud! -- andrew fabbro and...@fabbro.org
Re: Freezing VMs on Bytemark Hosting
You're running on KVM, which probably means you're using virtio. Have you set the 0x2 flag on the vio driver? I experienced hangs on my KVM-hosted OpenBSD VMs until I read the vio(4) man page: http://man.openbsd.org/vio.4 "The *vio* driver provides support for the virtio(4) <http://man.openbsd.org/virtio.4> network interface provided by bhyve, KVM, QEMU, and VirtualBox. Setting the bit 0x2 in the flags disables the RingEventIndex feature. This can be tried as a workaround for possible bugs in host implementations of *vio* at the cost of slightly reduced performance." An example of how to do this: http://blather.michaelwlucas.com/archives/2083 On Tue, Jul 26, 2016 at 2:02 AM, Edd Barrett <e...@theunixzoo.co.uk> wrote: > Hi, > > This is very much off-topic, and a long shot. > > I have a VM hosted at Bytemark, which seems to have started freezing > about once a week. It stops responding to the network, and if I bring up > the console, I see the login prompt with a flashing cursor, but it is > not responsive to key-presses. > > I have a support ticket open, but we are not sure if it's an OpenBSD > problem, or something on their end. The VM is running 5.9-stable with > all patches applied. FWIW, Bytemark uses KVM + Qemu, so this question may > extend to ARP networks VMs too(?). > > Wondering if anyone else here is hosting on Bytemark (or ARP) and had a > similar issue, or even a workaround. > > Like I said, long shot. > > Cheers > > -- > Best Regards > Edd Barrett > > http://www.theunixzoo.co.uk > > -- andrew fabbro and...@fabbro.org
Re: Clean OpenBSD's httpd logs
Create a favicon.ico file, or ignore the error. httpd is just reporting that the user's browser is trying to fetch /favicon.ico and apparently it doesn't exist. Logging that as a 404 is standard behavior. You don't have one so httpd reports a 404. There are ways of telling the browser to not expect a favicon.ico or telling it that it exists somewhere else (that perhaps doesn't exist), but httpd in this case is really doing nothing wrong. The wisdom of favicons is a different story but they are standard. http://stackoverflow.com/questions/1321878/how-to-prevent-favicon-ico-requests One could argue that perhaps the web server shouldn't log favicon-related 404s...but then there will be someone trying to figure out why his/her favicons aren't showing up and will be looking at logs. On Thu, Jun 30, 2016 at 8:50 AM, C. L. Martinez <carlopm...@gmail.com> wrote: > Hi all, > > Sorry if this question sounds stupid, but how can I avoid this type of > entry in OpenBSD's httpd access.log: > > 172.22.55.1:44710 -> 172.22.55.10, /favicon.ico (404 Not Found), [/] > [/favicon.ico] > > ?? > > Thanks. > -- > Greetings, > C. L. Martinez > > -- andrew fabbro and...@fabbro.org
Re: I am thankful for OpenBSD quality docs
On Tue, May 17, 2016 at 10:30 AM, Ingo Schwarze <schwa...@usta.de> wrote: > In general, BSD documentation tends to be better > than Linux documentation A while back, feeling somewhat bitter after struggling with Linux docs after growing accustomed to OpenBSD docs, I made this image which summarizes my feelings: http://i.imgur.com/EKsD7aG.png OpenBSD's documentation, in my experience, exceeds the docs provided by some commercial operating systems, and those companies can afford to have full-time doc writers on staff. OpenBSD documentation is the gold standard. -- andrew fabbro and...@fabbro.org
Re: Standard way to create a generic queue in ksh
On Sat, Apr 16, 2016 at 4:32 AM, Craig Skinner <skin...@britvault.co.uk> wrote: > A bloated way to do that is with an SQLite database, with a table's > unique primary key being some (job number) attribute. Another column > could auto timestamp on row insertion, so you could query on job number > or time added. Unless you've other data to retain, it is rather bloated. > Not sure I agree - sqlite is pretty lightweight. I have a job system that runs hundreds of jobs on many systems, each dumping results into local daily sqlite files which are then scp'd back and consolidated for reporting. This gives us the ease of standardized job results and reporting without the need to have an HA DB every system can report to, load DB clients all over the place, DB security with remote access, etc. (We need to gather results somehow, so rather than write some custom format or something like XML, sqlite is an easy format to use). You can access sqlite on the command line in shell scripts if need be. DB sizes are in MB. You might be saying bloated because it's writing SQL, etc. and for a sysadmin who's focused on systems and is not a code-writer, that's totally fair - SQLite is much more pleasant when you have perl or python and can properly bind variables, etc. I'd say the OP is crossing into programming rather than scripting. I'm making an artificial distinction (since shell scripts are certainly programs) but in my experience, once you start needing more complex data structures, you've outgrown the shell and should look at something like perl, python, etc. Not saying there aren't ways to do queues in bash/ksh/etc., just...why would you? -- andrew fabbro and...@fabbro.org
Re: Question about logo
On Wed, Mar 2, 2016 at 11:37 PM, Janne Johansson <icepic...@gmail.com> wrote: > http://www.openbsd.org/art1.html says: > > Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by > other members or developers of the OpenBSD group. However, it is our intent > that anyone be able to use these images to represent OpenBSD in a positive > light -- but do not make profit from them. [...] So enjoy them and let the > world see them, if that is your wish. There are people selling shirts on Zazzle, CafePress, etc. which have the OpenBSD logo - easy to find via google. I'm assuming those people are not authorized by OpenBSD nor do they pass on profits, alas. -- andrew fabbro and...@fabbro.org
Re: Can I accelerate my magnet HDD using a SSD in any way?? E.g. softraid patch/ARC, dedicated hardware e.g. Intel RCS25ZB040LX="Nytro MegaRAID", anything
On Mon, Feb 1, 2016 at 8:16 AM, patric conant <mirage.comput...@gmail.com> wrote: > Why can't the solution be all flash? $400 for 1 TB flash, * 7 sata ports on > a decent $100 Motherboard, gets you 7TB of flash for under $3000 > Well, yes, and for a few hundred thousand you can get persistent DRAM fusion-io. OTOH, you can get 4TB SATA drives for $250. The OP was just pointing out that SSD-acceleted (aka SSD-cached) SATA/SAS is very common in Win/Lin/OSX and was wondering what the status is on OpenBSD. -- andrew fabbro and...@fabbro.org
Re: Any books about OpenBSD ARM programming?
On Wed, Jun 24, 2015 at 6:57 PM, Geoff Steckel g...@oat.com wrote: The McKusick books are a reasonable introduction to the kernel as it was some decades ago. There was a 2nd edition of The Design and Implementation of the FreeBSD Operating System released September 2014. I haven't looked at it - was it updated to reflect current design? -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: Any books about OpenBSD ARM programming?
On Wed, Jun 24, 2015 at 9:38 PM, Hrishikesh Muruk hris...@gmail.com wrote: But it does not seem to get a complete list of pages in section 9 I asked Kristaps Dzonsos this question a while back and he was kind enough to send me the answer. If you want to get a list of man pages in, say, section 9: http://www.openbsd.org/cgi-bin/man.cgi?query=any~.*sec=9arch=defaultmanpath=OpenBSD-5.7apropos=1 -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: when SSDs are not so solid or why no TRIM support can be a good thing :)
On Wed, Jun 17, 2015 at 8:27 PM, Nick Holland n...@holland-consulting.net wrote: been meaningless for some time). When the disk runs out of places to write the good data, it throws a permanent write error back to the OS and you have a really bad day. The only difference in this with SSDs is the amount of storage dedicated to this (be scared?). I'm guessing that spare space management is typically handled entirely within the drive and is not exposed as an API, right? In other words, you can't say to the drive you say you're out of spare space, but let's take this space here that I'm not using and use those as new spare space so I can keep using this drive with a reduced capacity.
Re: GROUP CHANGED
On Sun, Jun 14, 2015 at 10:17 AM, Marc Espie es...@nerim.net wrote: Note that the description of wheel characteristics in FSF's Linux used to be hilarious. Yes, it was on the su(1) man page...it's still in their docs: http://www.gnu.org/software/coreutils/manual/html_node/su-invocation.html#index-fascism-2365 So welcome to the oppressive, totalitarian regime of *BSD. If you've got root, be sure to claim your free pair of hobnailed boots to place on the necks of your users. CEMENT THE POWER! -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: Best filesystem options for large drive
On Wed, Feb 11, 2015 at 6:43 AM, Janne Johansson icepic...@gmail.com wrote: You can invent how many journals and whatevers you like to hope to prevent the state from being inconsistent, but broken or breaking sectors will sooner or later force you to run over all files and read/check them, and in that case you will need lots of ram anyhow. The data in this thread seems to show that this is not true. 4TB fs with 1,642 files = 83MB of RAM, ~60 seconds 4TB fs with 3,900,811 files = 137MB of RAM, 30 minutes (Sure, on some platforms, 137MB is a lot of RAM but I don't think we're talking about.) Granted it's only two data points, but when number of files went up by 2375x, time to fsck went up by ~60x however RAM usage only went up by 1.7x. It seems as if increase in number of files requires only a modest increase in RAM. (Small disclaimer: we don't know platforms involved). On Wed, Feb 11, 2015 at 8:58 AM, Jan Stary h...@stare.cz wrote: FAQ4 still says If you make very large partitions, keep in mind that performing filesystem checks using fsck(8) requires about 1M of RAM per gigabyte of filesystem size ^^^ Does that still apply? A 4TB filesystem would mean 4GB of RAM, and neither fsck in the examples above was close to that. -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: Adding encryption support to vi(1)
On Fri, Dec 26, 2014 at 12:02 AM, thornton.rich...@gmail.com wrote: I live in NJ. Should I beâ this paranoid, that every file I edit should be encrypted? Who has time for this type of craziness? Well, no one. I encrypt very few files. But keeping one's passwords and related administrivia safe, preventing unencrypted versions/tempfiles from accidentally being captured by running backups, etc. is hardly a rare use case. pwsafe (referring to the nox11 version) is a fine program but comes up a bit short if you want to include notes that are more than a brief comment, or what you want to save is not password/account-related. That's really all I was describing. On Thu, Dec 25, 2014 at 11:07 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: So you describe something which is shit. Why would we want to add something shit to vi? It would fool people into bad practices. Who benefits? Exactly. Is there no middle ground between an encrypted partition and plain text? That's an honest question. Short of encrypting a partition, most tools (gpg, etc.) require decrypting a file to plain text and then reencrypting. I was just trying to avoid having to create unencrypted temporary/intermediate/recovery copies of files as part of the editing process. Can I ask what kind of plant are you? Most people have to content themselves with the I Got Flamed By Theo de Raadt http://www.zazzle.com/i_got_flamed_by_theo_de_raadt_t_shirt-2354533488287291 21 shirt, but I seem to have qualified for the new Theo de Raadt Asked if I Was a Spy shirt :-) -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Adding encryption support to vi(1)
vim (in ports) offers an encryption option ( http://vimdoc.sourceforge.net/htmldoc/editing.html#encryption) Invoking vim with -x prompts for a key and then encrypts the file on save. It appears to do the right thing as far as encrypting the .swp (temporary recovery) file as well. If you later edit the file (without the -x option) it will detect the file is encrypted based on a magic it prepends and prompt for a key. Unfortunately, by default vim uses the 'zip' algorithm which is quite insecure, though you can optionally specify blowfish as your preferred algorithm. The nice thing about this versus a gpg decrypt/edit/re-encrypt cycle is that you don't have an unencrypted file temporarily lying around (or an unencrypted vi-recover file for that matter). I'm wondering if there is any interest in adding this feature to vi(1) given OpenBSD's interest in integrated crypto? Unfortunately, as a US citizen/resident, it's not clear to me that I would be able to contribute code (beyond an implementation that uses the zip algorithm) so it is probably a moot point unless one of the devs is interested but...I figured there was no harm in mentioning it. -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: Any experience running OpenBSD 5.6 or current on a Shuttle DS437?
On Sun, Dec 21, 2014 at 11:45 PM, Marcus MERIGHI mcmer-open...@tor.at wrote: No boot? With mine (XS35, DS437) it's just no VGA. On my Shuttle, without a display plugged in, it will not boot. Unfortunately, I don't know why since to see any kind of error message...:-) I haven't found anything relevant in the BIOS - the ignore all errors doesn't fix it. It's possible this particular box is buggy.
Re: Any experience running OpenBSD 5.6 or current on a Shuttle DS437?
The issue referred to in that thread (boot hangs if there is no monitor) is common to many Shuttles. I experience the same thing on a Shuttle SD11G5, which is about 10 years old. I believe the problem at the BIOS level, not something you can work around in the OS. It's 100% consistent - if there is no monitor plugged in, no boot. The dummy plug may be a solution if you want it to run headless. On Sun, Dec 21, 2014 at 7:51 AM, Marcus MERIGHI mcmer-open...@tor.at wrote: greencopperm...@yandex.com (Martin Hanson), 2014.12.21 (Sun) 05:26 (CET): If so, how well does the driver for the two NICs work? How does the box perform in general? http://marc.info/?l=openbsd-miscm=141138265927863 Bye, Marcus !DSPAM:54965a15238762120714909! -- andrew fabbro and...@fabbro.org blog: https://raindog308.com
Re: DigitalOcean's BSD debut is FreeBSD only
Rather than discuss provider by provider, when looking for an OpenBSD VPS, look for KVM. OpenBSD runs on virtually any KVM provider and there are many, at both the low $3-4/month end and at the high end. I've run OpenBSD on KVM for several years at a variety of providers. OpenBSD obviously does not run on OpenVZ or Virtuozzo (as they are only virtualizing the OS, not the machine). With Xen, it depends as there are a couple different modes, but in the commercial marketplace, it seems most providers are supporting Linux only. Some providers (DO, Vultr, 6sync, etc.) are setup to only handle Linux but under the hood they'e running KVM and there is no technical barrier, though they may not want to support BSD. Other providers (AWS, Azure, etc.) are using internally modified Xen which may or may not provide full machine virtualization. People run FreeBSD at AWS and Azure, though I have not yet heard of anyone running OpenBSD there. OpenBSD also runs fine in VMware's server products but I haven't seen a lot of providers using that. In short - the list of VPS providers who can support OpenBSD is actually very big. Andrew Fabbro and...@fabbro.org https://raindog308.com
Re: DigitalOcean's BSD debut is FreeBSD only
On Thu, Dec 18, 2014 at 10:24 AM, Adam Thompson athom...@athompso.net wrote: The list of VPS providers where OpenBSD will run, more or less correctly, more or less all of the time, is actually very big. It will even run correctly all of the time on a fairly large list of providers. However, the list of VPS providers who are willing to *support* OpenBSD is extremely small Yes, this is true. With the unmanaged providers, OpenBSD is no better or worse than any other OS. The provider will help if there's something broken on the hardware they manage, but inside your VPS, you're on your own. And unfortunately, and perhaps not surprisingly, Linux distros running on a Linux virutalization tech (KVM) generally run fine out of the box while OpenBSD requires a bit more special handling (setting vio flags, turning APIC off, etc.) and tends to reveal more bugs in KVM. Even there, often times unmanaged providers are familiar with the typical problems a Debian or Centos VPS will have and will assist, while OpenBSD is alien to them. With managed providers...there are very few who support OpenBSD. running OpenBSD - tell you that's not supported, sorry and hang up. When ACPI goes haywire (normal under KVM so far)... I haven't had it go haywire per se, but sometimes have to turn it off during install, back on during regular use, and I have to turn APIC off. Oddly, the exact same settings with the exact same bsd.rd will cause a panic on one KVM and not on another.
Re: DigitalOcean's BSD debut is FreeBSD only
On Thu, Dec 18, 2014 at 10:57 AM, Mike Larkin mlar...@azathoth.net wrote: And your bug report for this is ... where? I thought about filing a bug report regarding a couple panics I've had on install (that went away with ACPI disabled in the provider's KVM control panel), but when I started to think about actually saying hey OpenBSD developers, I have a problem when running OpenBSD inside a Linux Kernel Virtualization Mode machine I just couldn't bring myself to do it. I was guessing that running OpenBSD inside the Linux kernel was not something that developers would be very interested in, particularly as the bugs are probably more likely to be outside OpenBSD than within it. However, if it would be beneficial to the project, I can certainly document and submit them.
Re: Contributing
On Sat, Nov 15, 2014 at 9:50 PM, Ingo Schwarze schwa...@usta.de wrote: What about writing tutorials/articles? That is most definitely *not* a job for beginners. The thread starter did not describe himself as a beginner, just a non-programmer. Since he was referring to old content on the web site, perhaps I'd erroneously assumed he was an experienced user. There are some people who don't speak C who've contributed excellent material. For example, Michael Lucas self-describes himself as a non-C-programmer in his talks, yet Absolute OpenBSD is a great resources for users. I was not advocating the here is a spellbook of magical incantations you can type into your terminal style of website that is popular in other communities nor that the blind lead the blind :-) I'm not sure how I formed the opinion openbsdsupport.org was blessed (probably someone's forum post somewhere) so thanks for the correction.
Re: Contributing
What about writing tutorials/articles? There's www.openbsdsupport.org which I believe is officially blessed though it doesn't look too active. Probably for lack of people submitting articles :-) Of course if you have a blog or web site you can write OpenBSD stuff for it. I know I've sometimes struggled with putting the pieces together where a step-by-step how to accomplish X with OpenBSD would have helped. Just last week, Ted Unangst's what I wish I known before setting up OpenBSD on my Beagle Bone Black on his blog saved me a lot of time and frustration.
Re: 5.3 Installer Hangs After Entering Netmask (Broadcom NIC)
I apologize - it hadn't occurred to me that I could use a thumb drive to transport a dmesg. Bad hacker! Lose 10 hacker points! I tried installing without configuring network, which was successful, however once I tried to ifconfig bge0 (ifconfig bge0 192.168.x.x. netmask 255.255.255.0 broadcast 192.168.x.255) the console session hung. Here is the dmesg...had to hunt for a USB port that didn't device problem, disabling but found one: OpenBSD 5.3 (RAMDISK_CD) #49: Tue Mar 12 18:50:37 MDT 2013 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Celeron(R) M processor 1.50GHz (GenuineIntel 686-class) 1.51 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,PERF real mem = 2138566656 (2039MB) avail mem = 2095865856 (1998MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/24/06, BIOS32 rev. 0 @ 0xfa410, SMBIOS rev. 2.2 @ 0xf (39 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 03/24/2006 bios0: Shuttle Inc SD11V10 apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 3.0 @ 0xf/0xd1b4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd0d0/176 (9 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 12 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 3 4 5 7 10 11 pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801FBM LPC rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xe800! 0xd/0x8000! 0xd8000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x04 vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x04: irq 5 pci1 at ppb0 bus 1 bge0 at pci1 dev 0 function 0 Broadcom BCM5789 rev 0x11, BCM5750 B1 (0x4101): irq 10, address 00:30:1b:ba:c5:c0 brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb1 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x04: irq 7 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: couldn't map interrupt uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x04: irq 4 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x04: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x04: irq 7 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x04: irq 5 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x04: irq 4 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd4 pci3 at ppb2 bus 3 Creative Labs SoundBlaster Audigy LS rev 0x00 at pci3 dev 9 function 0 not configured VIA VT6306 FireWire rev 0x80 at pci3 dev 10 function 0 not configured pcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x04 pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x04: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD3200AAKS-00UU3A0 wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd1 at pciide0 channel 0 drive 1: WDC WD3200AAKS-22L6A0 wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 6 Intel 82801FB SMBus rev 0x04 at pci0 dev 31 function 3 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 umass0 at uhub0 port 4 configuration 1 interface 0 USB2.0 External Mass Storage Device rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 cd0 at scsibus0 targ 1 lun 0: Slimtype, eTAU208 2, ML07 SCSI0 5/cdrom removable serial.1c6ba22244F7 uhidev0 at uhub2 port 1 configuration 1 interface 0 Logitech USB-PS/2 Trackball rev 1.00/2.10 addr 2 uhidev0: iclass 3/1 uhid at uhidev0 not configured softraid0 at root scsibus1 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b uhub0: device problem, disabling port 8 uhub0: port 7, set config at addr 3 failed uhub0: device problem, disabling port 7 uhidev0 detached umass1 at uhub0 port 3 configuration 1 interface 0 Kingston DataTraveler 2.0 rev 2.00/1.00 addr 3 umass1: using SCSI over Bulk-Only scsibus2 at umass1: 2 targets, initiator 0 sd0 at scsibus2 targ 1 lun 0: Kingston,
Re: 5.3 Installer Hangs After Entering Netmask (Broadcom NIC)
On Mon, Sep 2, 2013 at 11:06 AM, Alexey E. Suslikov alexey.susli...@gmail.com wrote: andrew fabbro andrew at fabbro.org writes: apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured try acpi on this machine (boot -c and disable apm). Wow, that was the magic wand - after that, everything worked perfectly. Thank you very much. For future archive searchers - next step is to config the kernel to do that automatically: http://openbsd.org/faq/faq5.html#config
5.3 Installer Hangs After Entering Netmask (Broadcom NIC)
I have a Shuttle SD11G5, which is a small Celeron-based PC (1.5Ghz Celeron, 2GB RAM, a couple SATA drives). The OpenBSD 5.3 installer consistently hangs after I enter the Netmask for the onboard NIC. I'm booting the 32-bit x86 install53.iso. I start configuring bge0 (which is a BCM5789) and after IPv4 address for bge0, the installer asks for Netmask and after I enter it (255.255.255.0), the installer sits there forever. Same thing if I DHCP - after Issuing hostname-associated DHCP request for bge0 the installer hangs. I also have an Intel Pro/1000 gig-E card (82574L) in the PCI Express slot, which shows up on em0. Unfortunately dmesg says couldn't map interrupt and I'm not offered the chance to configure it. I haven't found anything useful via searching for fixing this. This box previously ran Debian Linux with no problems, so I'm skeptical it's a hardware problem. The BMC578x series is listed as supported on the bge(4) man page. Any advice?