unknown USB vendor

[Peter J. Philipp]

Hi,

I got a "are you a human?" on google so I switched to qwant.com for searching
but the search is not as good.  I'm looking for the USB vendor of this USB
vendor id.  0x02d0, and the device id is 0xa9a6.  Afaict this is a ure(4)
device with a builtin usb hub.  But there is no other markings on the outside, 
related to manufacturer.  It does not get detected by default on an April
kernel code.  It does have a micro-USB cable for the raspberry pi zero 2 that
I wanted to use this with.

Anyone have any details on these vendor and device id's?

Best Regards,
-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: how to fsck automatically at boot

[Mik J]

Hello Nick, Stuart, Kirill, Jan,
Thank you for all your answers.






Le mardi 21 mai 2024 à 14:31:13 UTC+2, Stuart Henderson 
 a écrit : 





On 2024-05-21, Nick Holland  wrote:
> On 5/20/24 09:37, Jan Stary wrote:
>> On May 20 13:22:26, mikyde...@yahoo.fr wrote:
>>> Hello,
>>> 
>>> I have two use cases and problems with fsck.
>>> 
>>> 1) When my openbsd boots after an outage, the system asks me to fsck /, 
>>> /usr, /var or /home manually.
>>> So I do
>>> fsck /dev/sd0a
>>> And then I'm asked questions and I usually answer F
>>> 
>>> So my question is that I want this process to be done automatically at boot 
>>> time for each partition that has a problem.
>> 
>> The /etc/rc boot script calls fsck -p;
>> if that fails, it means fsck -p was unable to fix a major problem.
>> It is the point that it requires an admin's intervention.
>> 
>> You would have to change the fsck call to fsck -y;
>> but don't do that.

AIUI the rationale for not using -y by default is that fsck may do
further damage to a badly damaged disk. But in practice many people
wouldn't do anything other than hit 'y' lots or 'F' when fsck
complains, in which case patching /etc/rc to run -y by default
isn't going to be any worse... And there are certainly some classes
of system where you don't really care about losing data (i.e. you
can recreate from config management or backups) but you do want to
maximise the chances of being able to connect in remotely, and in
that case -y can definitely help.

> I'd look at why your file systems are always needing these manual
> interventions after a hard shutdown.  I routinely power down my
> personal systems with yanking the power cord if it would take me
> longer "properly" connect a console and properly shut down.

That really depends on what the system is doing.

>>> When I remove that disk the boot sequence stops and asks for a fsck
>>> I would like that this disk is mounted when it's present, but when it's not 
>>> installed I don't want the boot sequence to stop
>> 
>> Make it also "noauto" in fstab and mount it in rc.local.
>
> Last I tried this, it didn't do what I wanted -- "noauto" still expects
> to have the disk there and will fsck it on boot.  Failure to be able to
> do this stops the boot.  It's been a while since I last tried this, so
> perhaps something has changed (including my recollection?)

See fstab(5) about fs_passno.

> And this might be a solution for the OP's problem:
> make /usr and /usr/* "ro" during normal operation

reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.

-- 
Please keep replies on the mailing list.

how to fsck automatically at boot

[Mik J]

Hello,

I have two use cases and problems with fsck.

1) When my openbsd boots after an outage, the system asks me to fsck /, /usr, 
/var or /home manually.
So I do
fsck /dev/sd0a
And then I'm asked questions and I usually answer F

So my question is that I want this process to be done automatically at boot 
time for each partition that has a problem.
If there's no problem, the system would boot at usual.

This is because I use a small server without screen and keyboard.

2) I have another disk in my small server, and I mount one partition of it with 
in fstab
aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2
When I remove that disk the boot sequence stops and asks for a fsck

I would like that this disk is mounted when it's present, but when it's not 
installed I don't want the boot sequence to stop


Is there a way to do these tasks or should I use a script that is executed by 
/etc/rc.local ?

Thank you

Re: What software to debugging and analyzing C?

[j]

But you do realise that adding printf() calls to the code can also 
change,
for example, the memory layout that the compiler uses, so certain 
memory

allocation bugs might become more or less easily triggerable?


This is a big deal especially debugging code that fails with -O3 but 
succeeds

otherwise.

My approach (shamelessly stolen from GSL) is to write a debug callable
and let your debugger perform the "printf", rather than your own code.

$ cat oopsie.c
/* define an extern iff debugging */
#ifdef DEBUG
void oopsie(char *s,...){ }
#endif

And in your main code:

...
/* define an extern iff debugging */
#ifdef DEBUG
void oopsie(char *s,...);
#else
void oopsie(char *s,...){ }
#endif

int main(){
int i, j;
printf("%s\n","this is main.c demonstrating debug printing");

i = rand();
if(i> 5) oopsie("i more than 5");
...

Compile with DEBUG on.  Run your code with the debugger, and break on 
oopsie.


$ gdb ./main
...
(gdb) break oopsie
(gdb) run
Starting program: /home/jal/debug/a.out
...
this is main.c demonstrating debug printing
...
Breakpoint 1, oopsie (s=0x9766035d548 "i more than 5") at oopsie.c:4
4   void oopsie(char *s,...){ }

Backtrace tells you where oopsie was called.

J

Re: Localnet Hacking

[Peter J. Philipp]

On Tue, May 14, 2024 at 01:54:52AM +0200, Peter J. Philipp wrote:
> Hi,
> 
> A few more people responded, I'm falling behind on priorities though because

Hi again,

https://mainrechner.de/Buecher2024/batch1.png

Here is the first batch that will be mailed out on Friday at the latest.  I
still have to find cartons for these.  We have Sweden, Israel, Turkeye, 
Germany, USA, Canada, Spain, Australia, with some of them double or triple.
Thanks to all.

If you waould like to be on the second batch which goes out Friday the
24th please start writing me in private starting Saturday the 18th. I have
my hands full with this and life in general.

Thanks to all that participated.

-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: viomb0 unable to allocate256 physmem pages, error 12

[Peter J. Philipp]

On Tue, May 14, 2024 at 01:58:18PM -0400, F Bax wrote:
> Recently installed 7.5 amd64 in qemu VM (8G RAM) under proxmox. See this
> message many times on console and dmesg.
> 
> viomb0 unable to allocate 256 physmem pages, error 12
> 
> What does this mean? How to resolve this issue?

Hi,

When you see "error " it's good to look up the manpage on errno.
Under number 12 it says:  ENOMEM "Cannot Allocate Memory".  But look for
yourself for a deeper explanation.  Also if you want to hunt for this errno
in the code you would most likely grep for ENOMEM.

Best Regards,
-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: Localnet Hacking

[Peter J. Philipp]

On Tue, May 14, 2024 at 01:54:52AM +0200, Peter J. Philipp wrote:
> Hi,
> 
> A few more people responded, I'm falling behind on priorities though because
> I am very close to cracking AES-128 I have reduced it to a complexity of
> 2 ^ 64.  However I have some old code to get the first 32 bits identified but
> I want to find a cleaner way.  I'll upload my code to the https://centroid.eu
> misc repo tomorrow.  Once I have the crib for the first 32 bits in a sureshot
> everything falls into place and the complexity falls to 2 * (2 ^ 32).  I guess
> that's the same a 2 ^ 33.

Well my sugar high is over.  It was good for a week or two.  I spotted the
error in my logic.  I'll still be working on this tough.

I passed rk into gosh() and used it.. I totally oversaw that.

Best Regards,
-pjp

Re: Localnet Hacking

[Peter J. Philipp]

On Sat, May 11, 2024 at 10:35:38AM +0200, Peter J. Philipp wrote:
> On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote:
> > Contact me privately if you would like a batch with what you like.  I'll
> > make note on that webpage of what's given away.  Offer ends July 1st of this
> > year.
> 
> Three books have already been given away.  They went to Finland.  Look for
> a marking of a flag beside the name of the title of the book.
> 
> Also if I may interest some people:  The Java book is autographed by Ian F.
> Darwin who is also on this list.  Also the 4.4BSD book which is quite beaten
> up was autographed by 3 of the 4 authors at BSDCon 2000.  They were everyone
> other than John Quarterman.  Maybe I'll run into him one day but then I'll
> be missing 3 signatures hehe.
> 
> -pjp

Hi,

A few more people responded, I'm falling behind on priorities though because
I am very close to cracking AES-128 I have reduced it to a complexity of
2 ^ 64.  However I have some old code to get the first 32 bits identified but
I want to find a cleaner way.  I'll upload my code to the https://centroid.eu
misc repo tomorrow.  Once I have the crib for the first 32 bits in a sureshot
everything falls into place and the complexity falls to 2 * (2 ^ 32).  I guess
that's the same a 2 ^ 33.

It's kept me up most of the day and night today as it's exciting work.  I
promise to send your books by friday as wednesday and thursday are booked
for me too.  Also there has been close to 10 people now, for any new request
I plea you to wait until next week.  This is an exciting May.

(Are you ready for the non-quantum cryptography apocalypse?, I'm starting to
believe we're in a game like tron or something.. let's work together)

-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: Localnet Hacking

[Peter J. Philipp]

On Sat, May 11, 2024 at 05:55:11PM +, Lucretia wrote:
> I would love some used books but don't have 1000???. I will have $750 around 
> beginning of June if you want to send me a Paypal invoice to my Apple email: 
> openbsd.g...@icloud.com I was going to buy my second laptop but books are 
> probably better for me at this point in time.
> 
> Your other message was crammed full of info, I don't know most of what you 
> said but I'll try to spend time in the mentioned manpages this week.

Hi Lucretia,

Sorry there is a communication failure.  I meant you should pick three books
for 20 EUR shipping or whatever it was for your country.  I'll have to look it
up.  I'm distributing it to anyone interested, first come first serve.  With
a limit of up to 3 (sometimes an exception for a 4th book is made) per person.

Best Regards,
-pjp

Re: Localnet Hacking

[Peter J. Philipp]

On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote:
> If you want some used books, I'm moving across the Atlantic soon and I can't
> take my books along.  In total the new value of them was 8000 odd EUR.  If
> I send three books to kyrgystan and it's under 2 kg, I checked with DHL
> it will cost under 20 EUR.  If I send all these books out in batches of three
> it will cost 1000 odd EUR, which I don't have.  So I ask you pay shipping if
> you want any of these.  They are all dear to me, however I tried donating them
> to local clubs, libraries and noone wants them, and I can't take them along.
> 
> Even if you don't like what you're getting (or you don't like used books.. I
> know I don't) you can pass them on to someone who doesn't mind.  However you
> can also just request three books, in order to look into them and if you like
> them you can repurchase them.  I know in some locations it's very hard to get
> a peek into a book.
> 
> So willing to end out 53-54 batches of 3 books to people who want some of
> these.  Very little of these I got used but they are all mostly 5 years+
> old.  Some were purchased in Canada and most were purchased in Germany while
> I had work.
> 
> Here is the booklist:  https://mainrechner.de/Buecher2024/
> 
> Contact me privately if you would like a batch with what you like.  I'll
> make note on that webpage of what's given away.  Offer ends July 1st of this
> year.

Wow, thanks for the 4 people who got some books already!  They come from all
over the world, Australia, Germany, Finland, and United States.

Just to clarify, anyone can get around 3 books.  Look at the book chart of
mine if you see a country flag beside the title it's taken.  I thank you
all for taking this off my hands (like said I can't take them along on the
plane, they don't fit in a suitcase).

I'm happy to be mailing out a batch of 10 parcels per week give or take a few.
More I can probably not handle before July 1st.

Lux, get a book or three, sorry to be hijacking your thread here, I mean well.

-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: Localnet Hacking

[Peter J. Philipp]

On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote:
> Contact me privately if you would like a batch with what you like.  I'll
> make note on that webpage of what's given away.  Offer ends July 1st of this
> year.

Three books have already been given away.  They went to Finland.  Look for
a marking of a flag beside the name of the title of the book.

Also if I may interest some people:  The Java book is autographed by Ian F.
Darwin who is also on this list.  Also the 4.4BSD book which is quite beaten
up was autographed by 3 of the 4 authors at BSDCon 2000.  They were everyone
other than John Quarterman.  Maybe I'll run into him one day but then I'll
be missing 3 signatures hehe.

-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: Localnet Hacking

[Peter J. Philipp]

On Sat, May 11, 2024 at 02:52:32AM +, Lucretia wrote:
> Book recommendations are most welcome!
> 
> Lux of the Agony
> 720077 Bishkek
> Altyn Kazyk 31A
> KYRGYZSTAN
> l...@openbsdgirl.com

If you want some used books, I'm moving across the Atlantic soon and I can't
take my books along.  In total the new value of them was 8000 odd EUR.  If
I send three books to kyrgystan and it's under 2 kg, I checked with DHL
it will cost under 20 EUR.  If I send all these books out in batches of three
it will cost 1000 odd EUR, which I don't have.  So I ask you pay shipping if
you want any of these.  They are all dear to me, however I tried donating them
to local clubs, libraries and noone wants them, and I can't take them along.

Even if you don't like what you're getting (or you don't like used books.. I
know I don't) you can pass them on to someone who doesn't mind.  However you
can also just request three books, in order to look into them and if you like
them you can repurchase them.  I know in some locations it's very hard to get
a peek into a book.

So willing to end out 53-54 batches of 3 books to people who want some of
these.  Very little of these I got used but they are all mostly 5 years+
old.  Some were purchased in Canada and most were purchased in Germany while
I had work.

Here is the booklist:  https://mainrechner.de/Buecher2024/

Contact me privately if you would like a batch with what you like.  I'll
make note on that webpage of what's given away.  Offer ends July 1st of this
year.

Best Regards,
-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: Localnet Hacking

[Peter J. Philipp]

Hi Lux,

In my opinion if you want to study networking load up on every distfile in
/usr/ports/net as these tools will help you.  ipcalc is valuable even pros
use it because doing CIDR and netmasks in your head is possible but not 
practical in all scenarios.

That said you should look into bridging (start with bridge(8)) with OpenBSD 
along with the vether(4) manpage.  Along with vmd and vmm's you can set 
up a deep network based on vether's and tap(4)'s.  

Don't be afraid to use tcpdump(4) especially with the icmp filter along with 
ping/ping6 which are run continuous you can/could find problems.

I don't know how much RAM you have on your machines but pretend you have 16GB
that's enough for roughly 12-14 vmm's if each takes 1 GB RAM.  Each with one 
or two tap(4)'s to become a router.  You may want to look into autoinstall(8) 
scripts to configure these "routers" quickly.  For that you'll need some 
knowledge perhaps of the vnconfig(8), rdsetroot(8), and how to compile 
RAMDISK kernels.

What else do we need... you may want to look at a networking scenario using
PPPoE.  So perhaps look into npppd(8) for the server side and pppoe(4) for
the client side.  Then another scenario uses DHCP so look into dhcpd(8).
Another one will use IPv6 perhaps, here, rad(8) and co will help.  For DNS
on the authoritative side look into nsd(8), and unbound(8) for the recursive.

Look into DNSSEC, nsd is fully capable of this.  And unwind(8) will validate
the answers or it should SERVFAIL (a specific DNS error).

For a start that is good enough, bridging, routing, dhcp, pppoe, dns.  You
can also make your network 4x4 matrix like or even 16 hosts deep.  This will
help you learning how to traceroute and icmp timex messaging.  With so many
virtual hosts in different configurations you may find that configuration is
a pain in the *** (PITA).  Perhaps use some cluster management like puppet
or ansible, or write your own scripts.  You'll also need ssh key management,
perhaps even coupled with the autoinstall file.  All configurations should
be in a got(1) tree which is like git.  gotwebd will help you see differences
in setups.

Usually it's said that "communication is key" but in this scenario you are
establishing communication so perhaps "organization is key".  I personally
found my own hardships last week on revisions, until I got confused and didn't
have a real history so I'm trying to pick up where the going was good.

BTW, manpage(8) would mean you type "man 8 manpage", or "man -s 8 -k manpage".

Hope that helps,
-pjp

On Sat, May 11, 2024 at 02:52:32AM +, Lucretia wrote:
> I have a laptop and am looking to purchase a second computer. Neither of them 
> will be connected to The Internet, but will be networked together.
> 
> My goal is to study networking, starting with some of the most basic commands 
> and routines. This will be purely for educational purposes. I may build upon 
> the network later, perhaps with unconventional devices, but for now I want to 
> focus just on having two Amd64 machines communicating with one another.
> 
> What are some basic networking commands from the base installation or from 
> ports that would be good for a novice to learn more in-depth?
> 
> I have no plans to connect this system to The Internet now or in the future, 
> so keep that in mind when suggesting.
> 
> Book recommendations are most welcome!
> 
> Lux of the Agony
> 720077 Bishkek
> Altyn Kazyk 31A
> KYRGYZSTAN
> l...@openbsdgirl.com
> 

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: AES-256 ist sicher wie AES-128 im brute force

[Peter J. Philipp]

On Mon, May 06, 2024 at 10:51:05PM +0200, Peter J. Philipp wrote:
> The title says "AES-256 is as safe as AES-128" for a translation.

Just an update:  with this method the key can be recovered with a complexity
of 2^96, working on a complexity of 2^64 now.  Please help if you have fast
equipment, fork my misc directory and do your own, maybe you can be at the
final outcome paper/report.

https://en.wikipedia.org/wiki/Talk:Advanced_Encryption_Standard#AES-128_broken_to_a_complexity_of_2%5E96

https://github.com/pbug44/misc/tree/main/cg4

Best Regards, and happy holidays (if you're bavarian)..

-pjp

AES-256 ist sicher wie AES-128 im brute force

[Peter J. Philipp]

The title says "AES-256 is as safe as AES-128" for a translation.

Hi,

Dear everyone who I contacted and haven't contacted so far.  I have run
a test program against a practiced attack against AES-256.  While trying
to restore the key with just 1 guessed t0 value (I have almost given up)
But in spirit of international cooperation I'm going to pass the torch to
someone else to continue on this work as priorities shift me to my main
project which was supposed to start today.

Earlier today I sent a mail to b...@openbsd.org commemorating their good
efforts in bringing us security.  Earlier this week I wondered on the tech@
mailing list if chacha20 or whatever it's called could be made functional.

I personally have switched to 3des as to me AES is insecure now.  When I
get chacha20 working on OpenBSD I will switch to that and continue on.

Details of the attack are simple.  In the modules of AES there is an
AddRoundKey functionality.  This key is generated before encryption and used
as keying boxes.  It is possible to reverse this given any point below the
main key.  Just, one needs to inverse the order of all variables and the
main key is recovered.  This works for 10 rounds as well as 100 million rounds
given you have a large enough memory.  This function has 4 "T" variables which
are temporary.  They are discarded at the end but not wiped.

In the another bug report (which I will post the URL) I recommended wiping
these values to NULL (zeroize) before exiting the function.  One t0 value is
32 bit.  This means 4.2 billion operations are needed to recover it's value...
just what value is it.  Taking into consideration that the main key flies
past in row 0 over and over, there is still no solid sure shot method of
finding it.  But I will work on it when I see fit, believe me.

The fact is.  Given that there is four "t" values of 32 bits this adds up to
128 bits.  The operation of brute forcing this 128 bits is just shorter than
a full decrypt() as many parts have been able to be cut out.  This makes
AES-192 and AES-256 just as strong as AES-128.  However there is a catch.

You must know the plaintext and the ciphertext of the first block (16 or 32
bytes).  In many cases on TLS this may be "GET / HTTP/1.1\n" or an additional
Host: www.example.org which fills out the full 32 bytes for AES-256.

This part is theory and I don't have code right now to prove this.  I'm a 
single unemployed ex-sysadmin and my resources are limited.  But I believe
the sending side of a TLS transaction may be breakable, which may include
all the sensitive data.

Here is my work so far that demonstrates study and run with a practice key:

https://github.com/pbug44/misc/tree/main/cg4

Here is my original post to b...@openbsd.org (first responders):

https://marc.info/?l=openbsd-bugs=171500211927736=2

Here is a small explanation of AddRoundKey:

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

I'm sending this mail to BSI, CERT, Theo de Raadt and the misc@openbsd.org
mailing list.  Just so that it doesn't get lost.  Please when you mention
a credit give credit to OpenBSD as this would not have been possible without
that project.

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: ubnt edgerouter 8

[Peter J. Philipp]

On Mon, Apr 29, 2024 at 05:35:49PM +0200, Janne Johansson wrote:
> > Any help is much appreciated.  The ER-8 right now idles a lot anyhow and
> > I plan on using it for the 8 RJ45 ports.
> 
> I run some Pro 8s in a small rack where I have ripped out the internal
> fan of the edgerouters, and then I put one single large fan behind the
> rack of Pro8s which cools several of them at reasonable speed.
> 
> -- 
> May the most significant bit of your life be positive.
> 

Thanks!  This is inspiring.

-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

ubnt edgerouter 8

[Peter J. Philipp]

Hi,

What sort of things can I do to keep an edgerouter 8 cool that doesn't have
fans?  I'm ready to pull the fans out of it because they have a certain
harmonic that makes me physically ill.  But I like the octeon!

So short of throwing it out I'm thinking of pulling the plug (on the fans).
Would running it with 1 core instead of multicpu keep it cooler?  Would it
be enough?  Should I glue some rasperry pi heatsinks to the CPU?  I have a
few extra.

These are the 2nd fans on this thing they were supposed to be quieter but
they still annoy me.  I understand I'm a very sensitive person to noise and
vibration (ever since I was a baby).

Other than running off one core only to keep thermals low, is there any
other stuff one can do like step the processor cycles down?

Any help is much appreciated.  The ER-8 right now idles a lot anyhow and
I plan on using it for the 8 RJ45 ports.

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

hyperv(4) on arm64?

[Peter J. Philipp]

Has anyone tried this?  I read that Microsoft has Hyper-V for ARM.

I've been running OpenBSD on amd64 hardware in Hyper-V for a while.  I suspect
there wouldn't be endian issues since arm64 and amd64 are both LE, is there any
other concerns?

I'm inquiring because mainly I know I have my sights on a non-amd64 laptop.  And
I'm doing the edwin project which would make it logical that I virtualize
OpenBSD on the laptop for the first year while edwin is in the works.

https://blog.delphinusdns.org/c?article=1692598798   <-- for explanation

In terms of OpenBSD I have been announcing that I'm interested in porting
the imsg framework to the windows operating system and open source it.  I've
contacted Henning, Claudio and Brent (of LibreSSL) letting them in on it.
There was some expressed interest in having an open source Windows imsg.

An imsg functionality is within the core of my dns server software, so I'm
faced with porting it either way.

I'd be interested if anyone has a windows 11 pro on arm and compile the
hyperv(4) code into the kernels if OpenBSD would boot.  Send me a dmesg :-).

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Peter J. Philipp]

On Sun, Apr 28, 2024 at 08:01:58PM +0200, Jan Stary wrote:
> > hw.sensors.acpibat0.volt0=15.40 VDC (voltage)
> > hw.sensors.acpibat0.volt1=14.29 VDC (current voltage)
> > hw.sensors.acpibat0.current0=0.69 A (rate)

I think he got it from here (from dc):

14.29 0.69 * p 
9.86

This is explained in wikipedia's article on "Watt":

https://en.wikipedia.org/wiki/Watt#Overview

Where 1 Watt == 1 Volt * 1 Ampere

I don't know if you can apply this, but I'm a 1st semester computer engineering
college drop-out from 1996, so it's been a while.  I have remembered Ohm's law
so far and was recently working on Kirchhoff's Law, Watt's law was covered but
it took the "VA" in advertisings of UPS's that made me learn that these are
Watts, whether that 100% correct I don't know, a physicist may mention that
there is temperature offsets as well.

Hope you're well Jan!

-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: Is there access to dm...@openbsd.org? / arm64 laptops

[Peter J. Philipp]

I found a dmesg!  Thank you!

https://marc.info/?l=openbsd-bugs=171430467412856=2

No other needed!

-pjp

Re: Is there access to dm...@openbsd.org? / arm64 laptops

[Peter J. Philipp]

On Sat, Apr 27, 2024 at 12:29:43PM +0330, Jadi Mirmirani wrote:
> Try:
> https://dmesgd.nycbug.org/index.cgi?do=index=OpenBSD
> Its an awesome list of people submitting their `dmesg`s whils using OpenBSD. 
> Have not checked if the ones you mentioned are there or not. But its 
> frequently updated.
> 
> Yours,
> Jadi

Hi,

Yes I like that webpage too, and I did check it.  There is an Intel based
x13s running OpenBSD but nothing of the snapdragon kind.  Thanks!

-pjp

Is there access to dm...@openbsd.org? / arm64 laptops

[Peter J. Philipp]

Hi,

I'm looking for a dmesg of an arm64 laptop, the time I think has come to
mothball the apple macbook pro from early 2015 (my old laptop called spica),
I could put a new battery in it but the 80 EUR is not worth it anymore.  I'm
also gearing up for job interviews overseas in the summer where I need a 
nice laptop.

Anyone have dmesgs of "Lenovo Thinkpad X13s Gen 1" or the Apple M1/M2?

I'd also like to know if you've used these and would like to discourage their
purchase.

I'm looking at the snapdragon 16 GB lenovo, the price is not quite right but
I think I can scrounge up the money begging someone in my family to help me
finance it.

Best Regards,
-pjp

has dump(8) changed or something? recently?

[Peter J. Philipp]

Hi!

I've had some problems with dump(8) lately.  A 800 GB SSD partition on a
raspberry pi 4b (via USB) that is 50% filled had trouble with dump.  I don't
know why this could be, but it used to work.

Here is my backup script that I used to run in my "nodump" chflagged
/home/pjp/Backup directory.  Notice the old behaviour, which is hashed out.
For some odd reason the not so large dump's have seemed to make it.

->
#!/bin/sh

umask 027
dump -0ua -h 0 -f - / | gzip -c > vega-root-backup.dump.gz
dump -0ua -h 0 -f - /var | gzip -c > vega-var-backup.dump.gz
#dump -0ua -h 0 -f - /home | gzip -c > vega-home-backup.dump.gz

find /home -type f -print > filelist.txt
find /home -type f -size +80 -print > excludelist.txt
fgrep -v -f excludelist.txt filelist.txt | cpio -oz -H pax > 
vega-home.cpio.pax.gz

echo These files were excluded from packing with cpio format pax:
cat excludelist.txt

exit 0
<

I actually haven't run this script yet since I did all of these commands
manually on the command line but they are 100% compatible.

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: maximum file system size

[Peter J. Philipp]

On Thu, Apr 25, 2024 at 12:45:29AM -0300, Gustavo Rios wrote:
> Hi folks!
> 
> What is the maximum file size in OpenBSD ?
> 
> Thanks a lot.
> 
> -- 
> The lion and the tiger may be more powerful, but the wolves do not perform
> in the circus

There is this comment in /usr/include/ufs/ffs/fs.h:

/* Maximum file size the kernel allows.
 * Even though ffs can handle files up to 16TB, we do limit the max file
 * to 2^31 pages to prevent overflow of a 32-bit unsigned int.  The buffer
 * cache has its own checks but a little added paranoia never hurts.
 */
#define FS_KERNMAXFILESIZE(pgsiz, fs)   ((u_int64_t)0x8000 * \
MIN((pgsiz), (fs)->fs_bsize) - 1)


Now page sizes differ within OpenBSD, so then it depends between 8 TB (4096
bytes page size) and higher perhaps?

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty

[Peter J. Philipp]

On Tue, Apr 16, 2024 at 06:08:13PM +0200, Peter J. Philipp wrote:
> On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote:
> 
> > Does anyone have any suggestions on what I could try?

> OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024
> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP

Oops that was the wrong dmesg:

-pjp

OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024
dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
real mem  = 8432803840 (8042MB)
avail mem = 8131481600 (7754MB)
random: good seed from bootblocks
mainbus0 at root: ACPI
psci0 at mainbus0: PSCI 1.1, SMCCC 1.2
efi0 at mainbus0: UEFI 2.7
efi0: https://github.com/pftf/RPi4 rev 0x1
smbios0 at efi0: SMBIOS 3.3.0
smbios0: vendor https://github.com/pftf/RPi4 version "UEFI Firmware v1.21" date 
11/13/2020
smbios0: Raspberry Pi Foundation Raspberry Pi 4 Model B
cpu0 at mainbus0 mpidr 0: ARM Cortex-A72 r0p3
cpu0: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache
cpu0: 1024KB 64b/line 16-way L2 cache
cpu0: CRC32,ASID16
cpu1 at mainbus0 mpidr 1: ARM Cortex-A72 r0p3
cpu1: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache
cpu1: 1024KB 64b/line 16-way L2 cache
cpu2 at mainbus0 mpidr 2: ARM Cortex-A72 r0p3
cpu2: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache
cpu2: 1024KB 64b/line 16-way L2 cache
cpu3 at mainbus0 mpidr 3: ARM Cortex-A72 r0p3
cpu3: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache
cpu3: 1024KB 64b/line 16-way L2 cache
apm0 at mainbus0
ampintc0 at mainbus0 nirq 256, ncpu 4 ipi: 0, 1, 2: "interrupt-controller"
agtimer0 at mainbus0: 54000 kHz
acpi0 at mainbus0: ACPI 6.3
acpi0: sleep states
acpi0: tables DSDT FACP CSRT DBG2 GTDT IORT APIC PPTT SSDT BGRT
acpi0: wakeup devices
acpiiort0 at acpi0
"BCM2849" at acpi0 not configured
"BCM2835" at acpi0 not configured
"BCM2854" at acpi0 not configured
"ACPI0004" at acpi0 not configured
xhci0 at acpi0 XHC0 addr 0x6/0x1000 irq 175, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Generic xHCI root hub" rev 3.00/1.00 
addr 1
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0004" at acpi0 not configured
"BCM2848" at acpi0 not configured
"BCM2850" at acpi0 not configured
"BCM2856" at acpi0 not configured
"BCM2845" at acpi0 not configured
"BCM2841" at acpi0 not configured
"BCM2841" at acpi0 not configured
"BCM2838" at acpi0 not configured
"BCM2839" at acpi0 not configured
"BCM2844" at acpi0 not configured
pluart0 at acpi0 URT0 addr 0xfe201000/0x1000 irq 153
"BCM2836" at acpi0 not configured
"BCM2EA6" at acpi0 not configured
"MSFT8000" at acpi0 not configured
sdhc0 at acpi0 SDC1 addr 0xfe30/0x100 irq 158
sdhc0: base clock frequency unknown
"BCM2855" at acpi0 not configured
bse0 at acpi0 ETH0 addr 0xfd58/0x1 irq 189: address dc:a6:32:cc:db:a7
brgphy0 at bse0 phy 1: BCM54210E 10/100/1000baseT PHY, rev. 2
"PNP0C06" at acpi0 not configured
"PNP0C0B" at acpi0 not configured
acpitz0 at acpi0: critical temperature is 90 degC
acpipwrres0 at acpi0: PFAN, resource for FAN0
uhub1 at uhub0 port 1 configuration 1 interface 0 "VIA Labs USB2.0 Hub" rev 
2.10/4.21 addr 2
uhidev0 at uhub1 port 3 configuration 1 interface 0 "American Power Conversion 
Back-UPS CS 650 FW:817.v9.I USB FW:v9" rev 1.10/0.06 addr 3
uhidev0: iclass 3/0, 98 report ids
upd0 at uhidev0
uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1
uhid1 at uhidev0 reportid 2: input=0, output=0, feature=1
uhid2 at uhidev0 reportid 3: input=0, output=0, feature=1
uhid3 at uhidev0 reportid 4: input=0, output=0, feature=1
uhid4 at uhidev0 reportid 5: input=0, output=0, feature=1
uhid5 at uhidev0 reportid 6: input=0, output=0, feature=2
uhid6 at uhidev0 reportid 8: input=0, output=0, feature=2
uhid7 at uhidev0 reportid 9: input=0, output=0, feature=2
uhid8 at uhidev0 reportid 10: input=0, output=0, feature=2
uhid9 at uhidev0 reportid 11: input=0, output=0, feature=2
uhid10 at uhidev0 reportid 12: input=1, output=0, feature=1
uhid11 at uhidev0 reportid 13: input=2, output=0, feature=2
uhid12 at uhidev0 reportid 14: input=0, output=0, feature=2
uhid13 at uhidev0 reportid 15: input=0, output=0, feature=1
uhid14 at uhidev0 reportid 16: input=0, output=0, feature=2
uhid15 at uhidev0 reportid 17: input=0, output=0, feature=1
uhid16 at uhidev0 reportid 18: input=0, output=0, feature=2
uhid17 at uhidev0 reportid 19: input=0, output=0, feature=3
uhid18 at uhidev0 reportid 20: input=0, output=0, feature=1
uhid19 at uhidev0 reportid 21: input=0, output=0, f

Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty

[Peter J. Philipp]

On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote:

> Does anyone have any suggestions on what I could try?

Hi, I too have a RPI 4b that is currently my workstation.  Near the time of
release I was building my own base and packages, which was right near the
times of the ld.so changes, things stopped working.  For a while I was X11
forwarding browsers to this because everything else failed.

I finally gave up, and installed a snapshot and packages from cdn.

Right now everything seems to work great.

My status report for you,
-pjp

PS: I'll share a dmesg (from /var/run/dmesg.boot) below my signature:

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de


OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024
dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
real mem  = 4185792512 (3991MB)
avail mem = 3971813376 (3787MB)
random: good seed from bootblocks
mainbus0 at root: ACPI
psci0 at mainbus0: PSCI 1.0, SMCCC 1.1
efi0 at mainbus0: UEFI 2.7
efi0: EDK II rev 0x1
smbios0 at efi0: SMBIOS 3.0.0
smbios0: vendor Hetzner version "2017" date 11/11/2017
smbios0: Hetzner vServer
cpu0 at mainbus0 mpidr 0: ARM Neoverse N1 r3p1
cpu0: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache
cpu0: 1024KB 64b/line 8-way L2 cache
cpu0: 
DP,RDM,Atomic,CRC32,SHA2,SHA1,AES+PMULL,LRCPC,DPB,ASID16,PAN+ATS1E1,LO,HPDS,VH,HAFDBS,CSV3,CSV2,SSBS+MSR
cpu1 at mainbus0 mpidr 1: ARM Neoverse N1 r3p1
cpu1: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache
cpu1: 1024KB 64b/line 8-way L2 cache
apm0 at mainbus0
agintc0 at mainbus0 shift 4:4 nirq 288 nredist 2 ipi: 0, 1, 2: 
"interrupt-controller"
agintcmsi0 at agintc0
agtimer0 at mainbus0: 25000 kHz
acpi0 at mainbus0: ACPI 5.1
acpi0: sleep states
acpi0: tables DSDT FACP APIC GTDT MCFG SPCR DBG2 IORT BGRT
acpi0: wakeup devices
acpimcfg0 at acpi0
acpimcfg0: addr 0x401000, bus 0-255
acpiiort0 at acpi0
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pluart0 at acpi0 COM0 addr 0x900/0x1000 irq 33
pluart0: console
"LNRO0015" at acpi0 not configured
"LNRO0015" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
"LNRO0005" at acpi0 not configured
acpipci0 at acpi0 PCI0
pci0 at acpipci0
"Red Hat Host" rev 0x00 at pci0 dev 0 function 0 not configured
virtio0 at pci0 dev 1 function 0 "Qumranet Virtio 1.x GPU" rev 0x01
viogpu0 at virtio0: 1024x768, 32bpp
wsdisplay0 at viogpu0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
virtio0: msix per-VQ
ppb0 at pci0 dev 2 function 0 "Red Hat PCIE" rev 0x00: irq 37
pci1 at ppb0 bus 1
virtio1 at pci1 dev 0 function 0 "Qumranet Virtio 1.x Network" rev 0x01
vio0 at virtio1: address 96:00:02:1f:61:38
virtio1: msix shared
ppb1 at pci0 dev 2 function 1 "Red Hat PCIE" rev 0x00: irq 37
pci2 at ppb1 bus 2
xhci0 at pci2 dev 0 function 0 "Red Hat xHCI" rev 0x01: msix, xHCI 0.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00 
addr 1
ppb2 at pci0 dev 2 function 2 "Red Hat PCIE" rev 0x00: irq 37
pci3 at ppb2 bus 3
virtio2 at pci3 dev 0 function 0 "Qumranet Virtio 1.x Console" rev 0x01
virtio2: no matching child driver; not configured
ppb3 at pci0 dev 2 function 3 "Red Hat PCIE" rev 0x00: irq 37
pci4 at ppb3 bus 4
virtio3 at pci4 dev 0 function 0 "Qumranet Virtio 1.x Memory Balloon" rev 0x01
viomb0 at virtio3
virtio3: irq 37
ppb4 at pci0 dev 2 function 4 "Red Hat PCIE" rev 0x00: irq 37
pci5 at ppb4 bus 5
virtio4 at pci5 dev 0 function 0 "Qumranet Virtio 1.x RNG" rev 0x01
viornd0 at virtio4
virtio4: irq 37
ppb5 at pci0 dev 2 function 5 "Red Hat PCIE" rev 0x00: irq 37
pci6 at ppb5 bus 6
virtio5 at pci6 dev 0 function 0 "Qumranet Virtio 1.x SCSI" rev 0x01
vioscsi0 at virtio5: qsize 128
scsibus0 at vioscsi0: 255 targets
cd0 at scsibus0 targ 0 lun 0:  removable
sd0 at 

Compilation fails for port ruby-passenger - Openbsd 7.5

[Mik J]

Hello,

when I try to install ruby passenger from ports it fails.

mkdir -p buildout/nginx_dynamic/module_libpassenger_common/AppTypeDetector
c++ -o 
buildout/nginx_dynamic/module_libpassenger_common/AppTypeDetector/CBindings.o  
-Isrc/cxx_supportlib -Isrc/cxx_supportlib/vendor-copy 
-Isrc/cxx_supportlib/vendor-modified -Isrc/cxx_supportlib/vendor-modified/libev 
-Wno-ambiguous-member-template -DUSE_VENDORED_LIBEV 
-Isrc/cxx_supportlib/vendor-copy/libuv/include -fPIC -D_REENTRANT 
-I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses 
-Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers 
-Wno-ambiguous-member-template -fvisibility=hidden 
-DVISIBILITY_ATTRIBUTE_SUPPORTED -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE 
-DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -g -fno-limit-debug-info -std=gnu++11 
-Wno-unused-local-typedefs -Wno-format-nonliteral -DHAS_UNORDERED_MAP -c 
src/cxx_supportlib/AppTypeDetector/CBindings.cpp
mkdir -p buildout/nginx_dynamic/module_libpassenger_common/WrapperRegistry
c++ -o 
buildout/nginx_dynamic/module_libpassenger_common/WrapperRegistry/CBindings.o  
-Isrc/cxx_supportlib -Isrc/cxx_supportlib/vendor-copy 
-Isrc/cxx_supportlib/vendor-modified -Isrc/cxx_supportlib/vendor-modified/libev 
-Wno-ambiguous-member-template -DUSE_VENDORED_LIBEV 
-Isrc/cxx_supportlib/vendor-copy/libuv/include -fPIC -D_REENTRANT 
-I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses 
-Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers 
-Wno-ambiguous-member-template -fvisibility=hidden 
-DVISIBILITY_ATTRIBUTE_SUPPORTED -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE 
-DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -g -fno-limit-debug-info -std=gnu++11 
-Wno-unused-local-typedefs -Wno-format-nonliteral -DHAS_UNORDERED_MAP -c 
src/cxx_supportlib/WrapperRegistry/CBindings.cpp
c++ -o buildout/nginx_dynamic/module_libpassenger_common/Utils/CachedFileStat.o 
 -Isrc/cxx_supportlib -Isrc/cxx_supportlib/vendor-copy 
-Isrc/cxx_supportlib/vendor-modified -Isrc/cxx_supportlib/vendor-modified/libev 
-Wno-ambiguous-member-template -DUSE_VENDORED_LIBEV 
-Isrc/cxx_supportlib/vendor-copy/libuv/include -fPIC -D_REENTRANT 
-I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses 
-Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers 
-Wno-ambiguous-member-template -fvisibility=hidden 
-DVISIBILITY_ATTRIBUTE_SUPPORTED -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE 
-DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -g -fno-limit-debug-info -std=gnu++11 
-Wno-unused-local-typedefs -Wno-format-nonliteral -DHAS_UNORDERED_MAP -c 
src/cxx_supportlib/Utils/CachedFileStat.cpp
mkdir -p buildout/nginx_dynamic/module_libpassenger_common/JsonTools
c++ -o buildout/nginx_dynamic/module_libpassenger_common/JsonTools/CBindings.o  
-Isrc/cxx_supportlib -Isrc/cxx_supportlib/vendor-copy 
-Isrc/cxx_supportlib/vendor-modified -Isrc/cxx_supportlib/vendor-modified/libev 
-Wno-ambiguous-member-template -DUSE_VENDORED_LIBEV 
-Isrc/cxx_supportlib/vendor-copy/libuv/include -fPIC -D_REENTRANT 
-I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses 
-Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers 
-Wno-ambiguous-member-template -fvisibility=hidden 
-DVISIBILITY_ATTRIBUTE_SUPPORTED -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE 
-DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -g -fno-limit-debug-info -std=gnu++11 
-Wno-unused-local-typedefs -Wno-format-nonliteral -DHAS_UNORDERED_MAP -c 
src/cxx_supportlib/JsonTools/CBindings.cpp
c++ -o 
buildout/nginx_dynamic/module_libpassenger_common/FileTools/PathManipCBindings.o
  -Isrc/cxx_supportlib -Isrc/cxx_supportlib/vendor-copy 
-Isrc/cxx_supportlib/vendor-modified -Isrc/cxx_supportlib/vendor-modified/libev 
-Wno-ambiguous-member-template -DUSE_VENDORED_LIBEV 
-Isrc/cxx_supportlib/vendor-copy/libuv/include -fPIC -D_REENTRANT 
-I/usr/local/include -Wall -Wextra -Wno-unused-parameter -Wno-parentheses 
-Wpointer-arith -Wwrite-strings -Wno-long-long -Wno-missing-field-initializers 
-Wno-ambiguous-member-template -fvisibility=hidden 
-DVISIBILITY_ATTRIBUTE_SUPPORTED -DHAVE_ACCEPT4 -DHAS_SFENCE -DHAS_LFENCE 
-DPASSENGER_DEBUG -DBOOST_DISABLE_ASSERTS -g -fno-limit-debug-info -std=gnu++11 
-Wno-unused-local-typedefs -Wno-format-nonliteral -DHAS_UNORDERED_MAP -c 
src/cxx_supportlib/FileTools/PathManipCBindings.cpp
mkdir -p 'buildout/ruby/ruby-3.2.3-x86_64-openbsd7.5/'
cd 'buildout/ruby/ruby-3.2.3-x86_64-openbsd7.5/' && /usr/local/bin/ruby32 
'/usr/ports/pobj/passenger-6.0.18-ruby32/gem-tmp/.gem/ruby/3.2/gems/passenger-6.0.18/src/ruby_native_extension/extconf.rb'
checking for alloca.h... no
checking for ruby/version.h... yes
checking for ruby/io.h... yes
checking for ruby/thread.h... yes
checking for ruby_version... no
checking for rb_thread_io_blocking_region() in ruby/io.h... yes
checking for rb_thread_call_without_gvl() in ruby/thread.h... yes
creating Makefile
cd 

sip proxy (I'm starting one)

[Peter J. Philipp]

Hi,

In this mail:  https://marc.info/?l=openbsd-misc=170759396512738=2

I asked people what sip proxy they use.  And got feedback, thank you!
However after a short code-reading of the software mentioned I became
distraught and want to do my own.  I have worked on this saturday and
sunday and it's taking shape, based on another transparent proxy of mine
called sipdiv.c:  The code is here:

https://github.com/pbug44/misc/tree/main/proximasip

Right now the skeleton is finished, it pledges, chroot, privseps and unveils
and sets up sockets, as well as creating a rudamentary state.  This week
I'm going to develop on this a little more along side of the risc-v project
that I'm also working on.  My systems caused me a bit of sysadmin last week,
so I couldn't get started on either too much.

So for proximasip.c here are my immediate goals:

1. allow incoming sip calls, proxied to the fritz!box that I use for my phones
2. UDP only at first TLS (sips) later
3. this proxy will be stateful, so the state machine will have to be programmed

To reach these goals I'm hoping to get this working (possibly without tls) by
end of month, at which an old project is calling me back to do work.  So in
May I'm reprioritizing.

I invite you to help.  If you're interested in SIP on a VPS tunneled to home,
then this may be for you.  As I'm developing this with github, you're invited
to fork and cause pull requests.  Though commits may happen quicker initially
than later when there is a debug to make it all work.  I haven't given RTP
much thought yet, I may use a pf rule to make it work.

Here is my setup:

[superpod.delphinusdns.org] < this is where the proximasip proxy is on
|
|
|   < this is a wireguard tunnel inside IPSEC to tunnel things
home
|
|
[stern (router)] <-- this is riscv64 gateway at my ISP it is vlan'ing
|   everything and has the transparent sipdiv.c
|   proxy to shorten SIP UDP packets for talking
|   with my parents fritz!box on another network
|
[AVM fritzbox]  <-- This is an old AVM 7390 that is my Wifi and SIP
|   gateway.  The DSL modem in it is not connected.
|   It will eventually register to proximasip proxy 
|
[2 telephones]  <-- older SIP telephones (Aastra and Grandstream)


Since the fritzbox has a default profile registered to my parents fritzbox via
superpod, I'm going to make a new profile on it for registering to proximasip.
It will only accept inbound calls eventually and outbound calls will go through
parents and eventually the PSTN.

I could have installed a kamailio in proximasip's place but I lack the config
skills and I don't want it to waste my time.  Better write something anew and
know it's safetied.

Once it's ready to receive I'm going to install a sip.callpeter.tel record with
SRV to a non-standard port (in order to evade automated voicemail sip bots).
Right now I've picked 12345/udp but I seem to recall that's some P2P botnet,
I may change it in time.

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: Ping blocked by firewall

[Peter J. Philipp]

On Sat, Apr 13, 2024 at 09:32:48PM +0200, Karel Lucas wrote:
> What should I add then, considering my PF ruleset? To be honest, all of this
> is very unclear to me at the moment, so any help is appreciated.

How about:

pass out inet  proto { tcp, udp } from any to any port { 53, 853 }  keep state
pass out inet6 proto { tcp, udp } from any to any port { 53, 853 }  keep state

see if that will do it for you.  You have a service called "domain" in your
rules but it's only a macro/alias and not active

Also if I remember it right (without looking) traceroute defaults to UDP mode
by default, with ports (32768 + 666) + (every "*" in every hop counting as 1)
so depending on how many hops outbound you want to traceroute you'll have to
open those udp ports outbound.

Of course you can be like windows and do traceroute -P1 to traceroute with
ICMP.

Remember, from your basic networking texts that each hop decrements (-1) the
time to live, or the hop count.  When a router encounters an IP[46] packet
that would decrement to 0 it will not get forwarded and will reply an ICMP
time exceeded message aka timex reply.

Please familiarize yourself with tcpdump and for learning purposes wireshark
and really analyze the packet headers with RFC's 791, 792, 8200 found at
https://rfc-editor.org.

Best of Luck!
-pjp

> Op 13-04-2024 om 02:39 schreef Alexis:
> > 
> > Karel Lucas  writes:
> > 
> > > Ping only works partially. For example, this works: ping -c 10
> > > 195.121.1.34. But this doesn't work: ping -c 10 www.apple.com. I
> > > suspect this has to do with DNS servers, but I don't know where to
> > > start troubleshooting.
> > 
> > Indeed, you appear to have no rules allowing outgoing requests to DNS
> > servers for name resolution.
> > 
> > 
> > Alexis.
> > 
> 

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

MANGOPI - anyone else have reboot problems?

[Peter J. Philipp]

Hi,

I have found that my Mango Pi is very jittery, also when I reboot it there
is probably garble on the UART link causing it to fall into u-boot prompt.

I have tried:

env set bootdelay 0
env set bootdelay -1

saveenv

and reset

but it doesn't seem to work.  Any garble will still cause a break to u-boot
console.  There is a firmware image on the flash and in DTB under config
but how do I access that from OpenBSD?  Is there any drivers I can look at
for making this work?  I believe it goes on the "binman" device that is not
configured.

deneb# dmesg|grep binman
"binman" at mainbus0 not configured

Granted that there isn't an easy answer, I'll look at this perhaps in autumn.

Here is my dmesg:

OpenBSD 7.5-current (GENERIC) #5: Mon Apr  8 08:27:57 MDT 2024
dera...@riscv64.openbsd.org:/usr/src/sys/arch/riscv64/compile/GENERIC
real mem  = 1073741824 (1024MB)
avail mem = 1008369664 (961MB)
SBI: OpenSBI v1.3, SBI Specification Version 1.0
random: good seed from bootblocks
mainbus0 at root: MangoPi MQ Pro
cpu0 at mainbus0: T-Head arch 0 imp 0 rv64imafdc
intc0 at cpu0
cpu0: 32KB 64b/line 128-way L1 I-cache, 32KB 64b/line 256-way L1 D-cache
"fit-images" at mainbus0 not configured
"dcxo-clk" at mainbus0 not configured
simplebus0 at mainbus0: "soc"
sxipio0 at simplebus0: 88 pins
sxiccmu0 at simplebus0
plic0 at simplebus0
sxitimer0 at simplebus0: 24000 kHz
sxidog0 at simplebus0
com0 at simplebus0: dw16550
com0: console
com1 at simplebus0: dw16550
"syscon" at simplebus0 not configured
"dma-controller" at simplebus0 not configured
"efuse" at simplebus0 not configured
"crypto" at simplebus0 not configured
"dram-controller" at simplebus0 not configured
sximmc0 at simplebus0
sdmmc0 at sximmc0: 4-bit, sd high-speed, mmc high-speed, dma
sximmc1 at simplebus0
sdmmc1 at sximmc1: 4-bit, sd high-speed, mmc high-speed, dma
"usb" at simplebus0 not configured
"phy" at simplebus0 not configured
ehci0 at simplebus0
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Generic EHCI root hub" rev 2.00/1.00 
addr 1
ohci0 at simplebus0: version 1.0
"clock-controller" at simplebus0 not configured
"mixer" at simplebus0 not configured
"mixer" at simplebus0 not configured
"phy" at simplebus0 not configured
"tcon-top" at simplebus0 not configured
"lcd-controller" at simplebus0 not configured
"lcd-controller" at simplebus0 not configured
"power-controller" at simplebus0 not configured
"clock-controller" at simplebus0 not configured
sxirtc0 at simplebus0
sxidog1 at simplebus0
sxidog2 at simplebus0
gpio0 at sxipio0: 32 pins
gpio1 at sxipio0: 32 pins
gpio2 at sxipio0: 32 pins
gpio3 at sxipio0: 32 pins
gpio4 at sxipio0: 32 pins
gpio5 at sxipio0: 32 pins
gpio6 at sxipio0: 32 pins
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Generic OHCI root hub" rev 1.00/1.00 
addr 1
"opp-table-cpu" at mainbus0 not configured
"pmu" at mainbus0 not configured
"vcc" at mainbus0 not configured
"vcc-3v3" at mainbus0 not configured
"leds" at mainbus0 not configured
"avdd2v8" at mainbus0 not configured
"dvdd" at mainbus0 not configured
"vdd-cpu" at mainbus0 not configured
"wifi-pwrseq" at mainbus0 not configured
"binman" at mainbus0 not configured
scsibus0 at sdmmc0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  removable
sd0: 121942MB, 512 bytes/sector, 249737216 sectors
manufacturer 0x024c, product 0xd723 at sdmmc1 function 1 not configured
uhub2 at uhub0 port 1 configuration 1 interface 0 "vendor 0x1a40 USB 2.0 Hub" 
rev 2.00/1.11 addr 2
ure0 at uhub2 port 4 configuration 1 interface 0 "Realtek USB 10/100 LAN" rev 
2.10/20.00 addr 3
ure0: RTL8152 (0x4c10), address 00:e0:4c:36:00:e9
rlphy0 at ure0 phy 0: RTL8201E 10/100 PHY, rev. 2
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on sd0a (ff09abc802626de6.a) swap on sd0b dump on sd0b
sxiccmu_d1_set_frequency: 0x0084
cpu0: clock not implemented

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: Ping blocked by firewall

[Peter J. Philipp]

On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote:
> Hi all,
> 
> For the first time I tested my new firewall with ping, and it is blocked. I
> don't know what the reason is, you can find the information below. I have a
> network with only regular clients, so no servers. I'm still using OpenBSD
> V7.4, and will upgrade once the firewall is up and running so I can test the
> upgrade process.
> 
> /etc/pf.conf:
> ext_if = igc0 # Extern interface
> int_if = "{ igc1, igc2 }" # Intern interfaces
> localnet = "192.168.2.0/24"
> tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }"
> udp_services = "{ domain, ntp }"
> email = "{ smtp, imap, imaps, imap3, pop3, pop3s }"
> icmp_types = "{ echoreq, unreach }"
> icmp6_types = "{ echoreq, unreach }"
> nameservers = "{ 195.121.1.34, 195.121.1.66 }"
> client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \
> ?? ?? ?? ?? 446, cvspserver, 2628, 5999, 8000, 8080 }"
> Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
> ?? ?? ?? 10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
> ?? ?? ?? 0.0.0.0/8, 240.0.0.0/4 }"
> set skip on lo
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
> block log all?? ?? ?? ?? # block stateless traffic
> # Letting ping through:
> pass log on inet proto icmp icmp-type $icmp_types
> pass log on inet6 proto icmp6 icmp6-type $icmp6_types
> # Allow out the default range for traceroute(*):
> # "base+nhops*nqueries-1" (3434+64*3-1)
> pass log out on ext_if inet proto udp to port 33433:33626 # for IPv4
> pass log out on ext_if inet6 proto udp to port 33433:33626 # for IPv6
> pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> ?? ?? to port $udp_services
> pass log on $ext_if inet proto icmp all icmp-type $icmp_types
> pass log on $ext_if inet proto tcp from $localnet to port $client_out
> block log in quick on $ext_if from $martians to any
> block log out quick on $ext_if from any to $martians
> pass log out proto tcp to port $tcp_services # establish keep-stat
> pass log log proto udp to port $udp_services # Establish keep-state
> 
> /var/log/pflog:
> tcpdump: WARNING: snaplen raised from 116 to 160
> Apr 09 08:16:45.009497 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]
> apr 09 08:16:45.009500 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]

Hi Karel,

Hope you're well!  Here is what you should add to your IPv6 icmp_types:

pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbrsol
pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbradv

This allows the NDP protocol to converse (it's similar to the IPv4 ARP).

I didn't see you had the problem with only IPv6, but the way I tested it, the
IPv4 worked fine.  It was IPv6 that had the missing neighbour solicititation
and advertising.

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: Minimum viable HW for OpenBSD

[Peter J. Philipp]

Hi,

I lost the thread in my mutt, so I'm hoping marc.info will adjust it in there,
the thread is here:  https://marc.info/?l=openbsd-misc=171059471410619=2

Thank you Gabor Nagy!  Here is my RPI zero 2W(H) with working wifi in hostap
mode, and hopefully working GPIO's I'm going to be studying those closer in
the future when I have some time.

https://mainrechner.de/P4080036.JPG  <-- on my tarot table

Best Regards,
-pjp

-- 
my associated domains:  callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de

Re: wifi hotspot workaround

[Peter J. Philipp]

On Tue, Apr 02, 2024 at 11:20:52PM +0500, ofthecentury wrote:
> I'll take a look at those locations, thanks. It might just be arp
> that's the authenticated client data store from the point of view of
> the wireless interface.

If you really want to debug what's going on I suggest you put another
machine like a laptop into monitor mode and use the -Y flag with tcpdump
to capture what's going on at a frequency.  Beware of beacons, they clutter
up the frequencies.

> I do know German, I'll see if I can get the book, or if I even need it
> after I poke around.

Here is the ISBN along with all my techie books that I was going to donate
away.  Thankfully noone wanted them because I was going to go to college
but didn't have the highschool marks to get accepted at the course I wanted
to take.  http://mainrechner.de/Buecher2024/

> My OpenWrt router got fried by a remote electric directional beam of a
> digital weapon from an apartment across the wall a few years ago. Even
> a simple digital thermometer near the router was getting broken and
> showing weird stuff on display. How can this be legal? We must mandate
> RF detectors in all homes for everyone's electronic device safety and
> personal safety.

Yes radio can get really nasty especially when it's directed with a parabolic
dish or phased array antenna.  I have images in my head, that the military 
has on trucks with huge parabolic dishes.  Those were intended to "zap" civil
unresters and make them disperse.  Whether they are torture or not is not
in my scope, but I understand that when a human can get zapped at 60 feet that
a electronic device can get zapped as well.

I don't know what your laws are where you live, but I tend to agree with that
statement.  Eventually there may be sensors on your cellphone/smartphone, is
what I suspect because I've seen google talks about measuring radioactivity
with geiger counters built into android phones, so it definitely is going
around the heads of implementors.

> I'm 100% cabled at home for a while now too, but trying to see if I
> can make this hostap work in OpenBSD, since it's the golden standard
> for security?
> 
> Thanks again for your help.

No problem, and my pleasure.  I once had this idea to make 3 types of accesses
in my home once.  One would be an open access point (like freifunk maybe),
2nd would be password protected with a QR code displaying the password inside
the apartment on a digital photo picture frame, changing the password daily or
semi-daily.  And finally one for private communications.  They could 
potentially all be on the same hardware but vlan'ed and firewalled to sh*ts,
including IPSEC.  Strangers at the door can use the open access point, friends
inside the apartment can use the encrypted 2nd access point and close friends
such as spouse or girlfriend would be allowed on the highest layer of private
Wifi.  The only problem is getting friends these days is hard for loners like
myself, so there is really no point for me.  But if I had frequent guests and
such I'd want such a system.

I remember years ago OpenBSD devs were suggesting to "just buy a consumer AP".
But times can change.  Maybe in the future some time :P, it's still unwritten.
Since I had wifi gear there was a guy named Bergamini who was very skilled in
writing drivers.  He left though, and since then the wifi stack afaik has been
nurtured mostly by Stefan Sperling and anyone else who has the skill to help
him.  I'm obviously missing some names but these are the people who impressed
me.  Since last week I've been wanting to port OpenBSD to Pine64 Ox64.  

The idea is that we'd let the SoC run two OS's in parallel asynchronously 
since I think the 64-bit C906 core doesn't have access to the Wifi.  Some 
people are lightly helping and I asked them to get familiar with Apache NuttX 
which could run on the 32-bit cores and we'd communicate somehow between 
the OS's (perhaps a mailbox driver or shared memory).  Anyhow I was sorta 
side-tracked by easter weekend, and hope to pick up where I left off by friday.

Anyhow long typing, I'm gonna call it a day and go to sleep.  Later!

-pjp

Re: wifi hotspot workaround

[Peter J. Philipp]

On Tue, Apr 02, 2024 at 10:31:59PM +0500, ofthecentury wrote:
> Where does OpenBSD keep a list of all wireless clients that have
> been authenticated? Not the dhcpd leases list. Actual wireless stations
> that have authenticated to an interface running in hostap mode. Not arp
> cache, is it?
> 
> This way I can cycle the wireless interface in hostap mode, which
> resolves the hardware issue. But that resets authenticated clients so
> then I need to add the authenticated clients manually, and the end user
> won't be sent through a deauth/reauth sequence and will see an
> almost seamless experience. Should be doable on OpenBSD?
> clients manually

Hi,

I'd check in /usr/src/sys/net80211/* that should be everything having to do
with wifi, other than the drivers themselves which are in /usr/src/sys/dev/*
and /usr/src/sys/arch/*.

If you want a guide to help you with these get a book.  If you know german
I'd get the wireless lans book by joerg rech (heise verlag) it actually is
quite good.

I personally use access points of other OS's (probably most openwrt based).
However I'm mostly cabled at home and seldomly switch an AP on these days, due
to the density of living quarters in here.

I also have access points that are openwrt that is modded to report association
requests per mac address via radiotap to a daemon that is running on OpenBSD.
If you're interested in that send me a private mail.  I used to want to use
these for triangulation problems but the clock counter on openwrt devices is
not finely grained enough for results.  AFAIK it's safe to assume that a radio
signal through vacuum is less than the speed of light.  Take 1/3 or 1/2.  

Either way it's a waste of time to try to triangulate unless consumer hardware
becomes a lot faster and solid.  Personally if someone is on my access point
and authenticated and using the Internet there is going to be an arp entry like
you hinted on.  Or an ndp entry for IPv6.  Without these... they only have
access to the link itself.

Best Regards,
-pjp

Re: Minimum viable HW for OpenBSD

[Peter J. Philipp]

On 3/30/24 14:18, Peter J. Philipp wrote:


PS:  I'll probably do this next week I have a need for different 
hardware in my 9U rackmount cabinet.  And one particular one needs 
powercycles (and possibly console) as well.  It's the mango pi, which 
is currently in panic mode most likely or it's hung up, I was building 
ports on it and the 100 Mbit connection went down. 


Hi,

I rebooted the mango pi, btw and I've enabled the watchdogd, hoping it 
will work.  It's awesome that sxidog(4) configures on these!


Best,

-pjp

Re: Minimum viable HW for OpenBSD

[Peter J. Philipp]

On 3/16/24 14:32, Peter J. Philipp wrote:

On 3/16/24 14:10, Gabor Nagy wrote:

hello,

maybe?

Running OpenBSD on Raspberry Pi Zero 2 W
https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/


This is incredible!  I have a zero 2W somewhere, though I put it into 
a GPI case.  The drawback with the GPI case is it will not boot with 
batteries, because it's really made for the zero 1W,  so it's bonded 
to the USB power cable.  I'm gonna try putting this on!  Thank you in 
advance.


The GPI case uses a LCD display (It's the gameboy) do you know any BSD 
drivers for this?


Best Regards,

-pjp

I have another use for this RPI Zero 2W, I want to make it a remote 
power switch for 5x USB and 3x 220V AC.  I once purchased this (for 
another project and I think I'll reuse this):


https://www.waveshare.com/catalog/product/view/id/3616/s/rpi-relay-board-b/category/37/

My question then is... would I have any problems with the GPIO controls 
with OpenBSD on RPI zero 2W?


Otherwise I'll have to make it another OS.

Best Regards,

-pjp

PS:  I'll probably do this next week I have a need for different 
hardware in my 9U rackmount cabinet.  And one particular one needs 
powercycles (and possibly console) as well.  It's the mango pi, which is 
currently in panic mode most likely or it's hung up, I was building 
ports on it and the 100 Mbit connection went down.




Olaf Schreck  ezt írta (időpont: 2024. márc. 15., 
P, 23:43):


> Could you point out a hardware for this kind of use-case? I
would liek to have something smaller than a regular-Pi SBC.

I'm still playing with this kind of stuff.  Good luck on your
journey, but
it will be a rough ride.  You already mentioned some issues.

I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs,
running
OpenBSD 7.x and CARP failover for experimental things. Working,
but not as
reliable as I would like.

You seem to aim at even smaller boards like that, and newer ones
should match
the specs of Raspi3B or Pine64.  However:

- there is no fine "sysupgrade" for these platforms, so you need
to reinstall
  every time
- which means fiddling with non-OpenBSD "uboot" and EFI
definition files
- consider creating a network boot infrastructure
- these devices are very sensitive to power voltage
instabilities, triggering
  spontaneous reboots.  You may want to run them from stable USB
power source
- I doubt this can be reasonably battery-powered, over longer
time periods
- storage like SD-card or eMMS draw extra power during operation,
writes may
  be unreliable during voltage drops
- storage like SD-card or eMMS will wear out and die hard, sooner
or later
- Wifi hardware may not be supported
- RS232 serial usually provided (and working) by bus pinout, but
you need to
  add a FTDI232 or CH340 adapter

That said, I'd like to hear about it if you find interesting
hardware :)

Olaf


--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.


--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.

Re: porting OpenBSD to Ox64

[Peter J. Philipp]

[CC'ed to Kettenis in case he doesn't read misc@]

On 3/24/24 20:43, Peter J. Philipp wrote:



On 3/24/24 14:09, Slava Voronzoff wrote:

On Fri, 22 Mar 2024 04:28:15 +0100
"Peter J. Philipp"  wrote:

  

No I didn't try a newer OBSD, I will soon though. :-)  And no I didn't
change anything in the DTB.

While this is an EXTREMELY dirty attempt to add it can you try somehow this 
patch for OpenBS-current kernel?
OR try to decompile dtb, edit dts file to change "bflb,bl808-uart" to something 
supported generic like ns16550a, recompile it back to dtb and load from OpenBSD's boot 
loader

Index: sys/dev/fdt/com_fdt.c
===
RCS file: /cvs/src/sys/dev/fdt/com_fdt.c,v
retrieving revision 1.9
diff -u -p -r1.9 com_fdt.c
--- sys/dev/fdt/com_fdt.c   31 Jan 2024 01:01:10 -  1.9
+++ sys/dev/fdt/com_fdt.c   24 Mar 2024 13:04:37 -
@@ -59,7 +59,8 @@ com_fdt_init_cons(void)
(node = fdt_find_cons("ns16550a")) == NULL &&
(node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
(node = fdt_find_cons("ti,omap3-uart")) == NULL &&
-   (node = fdt_find_cons("ti,omap4-uart")) == NULL)
+   (node = fdt_find_cons("ti,omap4-uart")) == NULL &&
+   (node = fdt_find_cons("bflb,bl808-uart")) == NULL)
return;
if (fdt_get_reg(node, 0, ))
return;
@@ -101,7 +102,8 @@ com_fdt_match(struct device *parent, voi
OF_is_compatible(faa->fa_node, "ns16550a") ||
OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
-   OF_is_compatible(faa->fa_node, "ti,omap4-uart"));
+   OF_is_compatible(faa->fa_node, "ti,omap4-uart") ||
+   OF_is_compatible(faa->fa_node, "bflb,bl808-uart"));
  }
  
  void




Hi,

I don't know if it's so simple... but I just finished a bflbuart.c

driver. It is based on the sfuart.c driver and I used the

linux sources, and the bl808 reference manual to guide me.

https://github.com/pbug44/openbsd-src/commit/996f961786d17399d68ef8aef547a10ef22ca82b

However I noticed that there is no PLIC/INTR activity. Does

anyone know if this is due to no clock driver? If so that's

my next thing to do unless someone beats me to it. I have

another question. I added the bflbuart to the files.riscv64

and the Makefile doesn't update in 
/sys/arch/riscv64/compile/RAMDISK/obj/Makefile.. I don't know what I 
have to do it..for


now I manually updated this file.

Please excuse for the weird formatting. I'm still on thunderbird on 
OpenBSD and I'm not fully comfy with it.


Best Regards,

-pjp



Just a small update, this morning I wrote another driver bflbtimer.c 
based on sxitimer.c.  However there is no interrupts. But I'm glad to 
say that I possibly found the problem.  It's another T-HEAD problem and 
this time it's got to do with Strong-Ordering on mapping data, and the 
Ox64, which seems to be a little bit more strict than the Mango Pi.  To 
do this though the SBI needs to be recompiled and reflashed, I was going 
to do this anyhow but now I'm forced to.  Here is some developer from 
NUTTX documenting his work, which I gladly will learn from.


https://lupyuen.github.io/articles/plic3#enable-strong-order

I'm CC'ing this to Mark Kettenis in case he wanted to be informed on 
this.  Eventually I may even boot into an Ox64 by end of April!  I have 
my hopes up. :-)


Best Regards,

-pjp

--
*** I used to sign with -peter, but noticed it's not unique, -pjp may come up 
in the future, so please adjust for that ***

Re: porting OpenBSD to Ox64

[Peter J. Philipp]

On 3/24/24 14:09, Slava Voronzoff wrote:

On Fri, 22 Mar 2024 04:28:15 +0100
"Peter J. Philipp"  wrote:

  

No I didn't try a newer OBSD, I will soon though. :-)  And no I didn't
change anything in the DTB.

While this is an EXTREMELY dirty attempt to add it can you try somehow this 
patch for OpenBS-current kernel?
OR try to decompile dtb, edit dts file to change "bflb,bl808-uart" to something 
supported generic like ns16550a, recompile it back to dtb and load from OpenBSD's boot 
loader

Index: sys/dev/fdt/com_fdt.c
===
RCS file: /cvs/src/sys/dev/fdt/com_fdt.c,v
retrieving revision 1.9
diff -u -p -r1.9 com_fdt.c
--- sys/dev/fdt/com_fdt.c   31 Jan 2024 01:01:10 -  1.9
+++ sys/dev/fdt/com_fdt.c   24 Mar 2024 13:04:37 -
@@ -59,7 +59,8 @@ com_fdt_init_cons(void)
(node = fdt_find_cons("ns16550a")) == NULL &&
(node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
(node = fdt_find_cons("ti,omap3-uart")) == NULL &&
-   (node = fdt_find_cons("ti,omap4-uart")) == NULL)
+   (node = fdt_find_cons("ti,omap4-uart")) == NULL &&
+   (node = fdt_find_cons("bflb,bl808-uart")) == NULL)
return;
if (fdt_get_reg(node, 0, ))
return;
@@ -101,7 +102,8 @@ com_fdt_match(struct device *parent, voi
OF_is_compatible(faa->fa_node, "ns16550a") ||
OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
-   OF_is_compatible(faa->fa_node, "ti,omap4-uart"));
+   OF_is_compatible(faa->fa_node, "ti,omap4-uart") ||
+   OF_is_compatible(faa->fa_node, "bflb,bl808-uart"));
  }
  
  void




Hi,

I don't know if it's so simple... but I just finished a bflbuart.c

driver. It is based on the sfuart.c driver and I used the

linux sources, and the bl808 reference manual to guide me.

https://github.com/pbug44/openbsd-src/commit/996f961786d17399d68ef8aef547a10ef22ca82b

However I noticed that there is no PLIC/INTR activity. Does

anyone know if this is due to no clock driver? If so that's

my next thing to do unless someone beats me to it. I have

another question. I added the bflbuart to the files.riscv64

and the Makefile doesn't update in 
/sys/arch/riscv64/compile/RAMDISK/obj/Makefile.. I don't know what I 
have to do it..for


now I manually updated this file.

Please excuse for the weird formatting. I'm still on thunderbird on 
OpenBSD and I'm not fully comfy with it.


Best Regards,

-pjp

--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.

Re: porting OpenBSD to Ox64

[Peter J. Philipp]

On 3/21/24 17:43, Mizsei Zoltán wrote:

Hi,

have you tried to boot a vanilla-current OBSD? Do you know if that "old 
7.4-current" version you have mentioned contains any not-yet-upstreamed patches?

Have you made any changes to the DTB or U-Boot?

Regards,
--ext


Already replied privately, but for the public record: 
https://mainrechner.de/dot.config.txt


This is the .config I used with the u-boot.

No I didn't try a newer OBSD, I will soon though. :-)  And no I didn't 
change anything in the DTB.


Best Regards,

-pjp



Peter J. Philipp írta 2024. márc.. 21, Cs-n 08:50 órakor:

Hi,

If anyone is interested in helping or just plain interested, here is my
prep work documented.  I've been on it sparingly since beginning of March.
I don't know how much time I want to invest in this but we'll see...

https://github.com/pbug44/openbsd-src/tree/Ox64

The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other cores).  I
intend to use this for a Freifunk-like project which I call GardenNet.

https://sky.delphinusdns.org/eap-tls-idea.txt
(following link in german use chromium to translate or something):
https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten

Best Regards,
-pjp


--
*** I used to sign with -peter, but noticed it's not unique, -pjp may come up 
in the future, so please adjust for that ***

Re: porting OpenBSD to Ox64

[Peter J. Philipp]

On 3/21/24 12:27, Benjamin Stürz wrote:

Hi,

I'm also interested.
I might be able to provide testing.

OK great!  I'm going to help you  all a little by providing what I have 
so far.


These flash images were built on a devuan Linux (like debian), on a vmm

running on OpenBSD.  They seem to work for me rudamentally, thus far.

https://mainrechner.de/images/

(it's still uploading as I write this mail)

There is a SHA256 file and a SHA256.sig file along with a 
oceans11-openbsd.pub


signify key.  So that you can quickly confirm the checksum. Ultimately 
it would


be cool to build this all on native OpenBSD, if someone wants to attempt 
that,


you're more than welcome to!

https://wiki.pine64.org/wiki/Ox64

that link is the instructions on how to do this, including flashing 
(which is also


mentioned on my README.md on the first mentioned URL at github).

And as mentioned before here is some datasheets and other documents that

I collected over the last year or so: https://mainrechner.de/riscv.html

Best Regards,

-pjp


On 21.03.24 08:50, Peter J. Philipp wrote:

Hi,

If anyone is interested in helping or just plain interested, here is my
prep work documented.  I've been on it sparingly since beginning of 
March.

I don't know how much time I want to invest in this but we'll see...

https://github.com/pbug44/openbsd-src/tree/Ox64

The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other 
cores).  I

intend to use this for a Freifunk-like project which I call GardenNet.

https://sky.delphinusdns.org/eap-tls-idea.txt
(following link in german use chromium to translate or something):
https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten 



Best Regards,
-pjp




--
*** I used to sign with -peter, but noticed it's not unique, -pjp may come up 
in the future, so please adjust for that ***

Re: porting OpenBSD to Ox64

[Peter J. Philipp]

On 3/21/24 09:10, Mizsei Zoltán wrote:

Hi.

I am interested in this topic, as i have one in my drawer. My programming 
skills probably not up to the task, but I would be more than happy to help you 
with testing, etc.

Regards,

--ext


Excellent!

Yes I could use this sort of help.  In particular if you want to fiddle 
with Apache NUTTX and see if you can utilize the wifi.  It seems to


me that I can use a little bit of RAM for this.  My idea is this:

If it is at all possible, boot on cpu 0 (OpenBSD) and then alloc some 
contiguous RAM (10 MB perhaps?) from the PSRAM.  Once that is


done we need to fork a thread or process from the kernel and start the 
bootprocess with it for the c905(?) 32-bit core which has direct


access to the wifi device.  Then we need some interprocess communication 
between the 802.11 stack on OpenBSD and the NUTTX


wifi driver.  Both CPU's will run in a hybrid/asynchronous fashion (as 
far as I understand it if either doesn't touch the RAM of the other


it will be ok locking wise).  If anyone wants to chime in here, if this 
is an insane idea let me know.  I understand that a async mode is


possible afaik.  So we need the NUTTX as a firmware (perhaps 2 MB in 
size or so), it needs programming to communicate with the


c906 64-bit core, we can work that out somehow.  If you want to build a 
toolbox for this entire thing where we can just convert it to a


firmware.  What do you think does this make sense, are you up for it?  
It really needs little programming, perhaps a make file or a


script to build NUTTX, I have linux devuan here (on native hardware and 
vmm) and this is what I could use.


https://nuttx.apache.org/  and here is the Reference manual for the 
BL808:  https://mainrechner.de/BL808_RM_en_1.3.pdf


So as a first step we need to figure out if NUTTX actually has drivers 
for this SoC and that they work.  If not, we'll have to consider


another approach.

Best Regards,

-pjp


--
*** I used to sign with -peter, but noticed it's not unique, -pjp may come up 
in the future, so please adjust for that ***

porting OpenBSD to Ox64

[Peter J. Philipp]

Hi,

If anyone is interested in helping or just plain interested, here is my
prep work documented.  I've been on it sparingly since beginning of March.
I don't know how much time I want to invest in this but we'll see...

https://github.com/pbug44/openbsd-src/tree/Ox64

The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other cores).  I
intend to use this for a Freifunk-like project which I call GardenNet.

https://sky.delphinusdns.org/eap-tls-idea.txt
(following link in german use chromium to translate or something):
https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten

Best Regards,
-pjp

Re: VPS power consumption

[Peter J. Philipp]

On 3/19/24 08:42, Mizsei Zoltán wrote:

Hi,

i have installed OBSD on a small KVM based VPS [1]. The VPS dashboard provides 
knobs to enable/disable the following options (current setting in brackets)

- APIC (On)
- ACPI (On)

As this VPS have a miniscule load I would like to reduce its energy consumption 
to the minimum and because this I have started to think about the  power 
management.
Would it make sense to use obsdfreqd on a VPS? Could you give me any hint to 
make sure my VPS doesn't consume power unnecessarily? Is there any way to 
measure or estimate the power usage of a VPS?

As you can see, i tried to use virtio based disk and network devices because 
emulating quirks of hardware may increase power consumption.

Thank You!

Regards,
-- ext


In my experience the kernel at idle will take about 5% of a core on the 
host system.  Just keep your system idle and you won't use up more than 
you should.  Let your host system limit your resources, not the other 
way around.


That's just my opinion.

Best Regards,

-pjp






[1] https://extrowerk.com/2024-02-29/Tiny-OpenBSD-VPS.html

-

Dmesg:

OpenBSD 7.4 (GENERIC) #3: Wed Feb 28 06:23:08 MST 2024
 r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056813056 (1007MB)
avail mem = 1005203456 (958MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5a20 (9 entries)
bios0: vendor SeaBIOS version "1.13.0-2.module_el8.5.0+2608+72063365" date 
04/01/2014
bios0: Red Hat KVM
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: QEMU Virtual CPU version 2.5+, 2600.51 MHz, 06-0d-03
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 4MB 64b/line 
16-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 00:16:3c:xx:xx:xx
virtio0: msix shared
virtio1 at pci0 dev 4 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio1
scsibus2 at vioblk0: 1 targets
sd0 at scsibus2 targ 0 lun 0: 
sd0: 20480MB, 512 bytes/sector, 41943040 sectors
virtio1: msix per-VQ
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
viomb0 at virtio2
virtio2: apic 0 int 10
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb at uhci0 not configured
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
sd1 at scsibus4 targ 1 lun 0: 
sd1: 20479MB, 512 bytes/sector, 41942448 sectors
root on sd1a (859d9465c27b589f.a) swap on sd1b dump on sd1b
fd0 at fdc0 drive 1: density unknown

-

$ sysctl hw
hw.machine=amd64
hw.model=QEMU Virtual CPU version 2.5+
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=cd0:,sd0:9db9effb02148826,sd1:859d9465c27b589f,fd0:
hw.diskcount=4
hw.sensors.viomb0.raw0=0 (desired)
hw.sensors.viomb0.raw1=0 (current)
hw.sensors.softraid0.drive0=online (sd1), OK
hw.cpuspeed=2600
hw.vendor=Red Hat
hw.product=KVM
hw.version=RHEL 7.6.0 PC (i440FX + PIIX, 1996)

Re: Minimum viable HW for OpenBSD

[Peter J. Philipp]

On 3/16/24 14:10, Gabor Nagy wrote:

hello,

maybe?

Running OpenBSD on Raspberry Pi Zero 2 W
https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/


This is incredible!  I have a zero 2W somewhere, though I put it into a 
GPI case.  The drawback with the GPI case is it will not boot with 
batteries, because it's really made for the zero 1W,  so it's bonded to 
the USB power cable.  I'm gonna try putting this on!  Thank you in advance.


The GPI case uses a LCD display (It's the gameboy) do you know any BSD 
drivers for this?


Best Regards,

-pjp



Olaf Schreck  ezt írta (időpont: 2024. márc. 15., P, 
23:43):


> Could you point out a hardware for this kind of use-case? I
would liek to have something smaller than a regular-Pi SBC.

I'm still playing with this kind of stuff.  Good luck on your
journey, but
it will be a rough ride.  You already mentioned some issues.

I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs,
running
OpenBSD 7.x and CARP failover for experimental things. Working,
but not as
reliable as I would like.

You seem to aim at even smaller boards like that, and newer ones
should match
the specs of Raspi3B or Pine64.  However:

- there is no fine "sysupgrade" for these platforms, so you need
to reinstall
  every time
- which means fiddling with non-OpenBSD "uboot" and EFI definition
files
- consider creating a network boot infrastructure
- these devices are very sensitive to power voltage instabilities,
triggering
  spontaneous reboots.  You may want to run them from stable USB
power source
- I doubt this can be reasonably battery-powered, over longer time
periods
- storage like SD-card or eMMS draw extra power during operation,
writes may
  be unreliable during voltage drops
- storage like SD-card or eMMS will wear out and die hard, sooner
or later
- Wifi hardware may not be supported
- RS232 serial usually provided (and working) by bus pinout, but
you need to
  add a FTDI232 or CH340 adapter

That said, I'd like to hear about it if you find interesting
hardware :)

Olaf


--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.

Re: dmesg hangs 7.4

[Peter J. Philipp]

On 3/9/24 17:07, Laura Smith wrote:

Hi

I've got a fresh install of 7.4 on a new box and am seeing a very weird problem.

If I enter "dmesg" I get a few lines of output and then it hangs and my ssh 
connection gets dropped.  I ran syspatch, rebooted and the problem persists.

Example:

# dmesg
MX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu19: 32KB 64b/line 8-way D-cache, 64KB 64b/line 8-way I-cache, 2MB 64b/line 
16-way L2 cache, 30MB 64b/line 12-way L3 cache
cpu19: smt 0, core 35, package 0
cpu20 at mainbus0: apid 72 (application processor)
cpu20: 12th Gen Intel(R) Core(TM) i9-12900TE, 3392.18 MHz, 06-97-02, patch 
0025
Timeout, server 10.1.2.3 not responding.


Hi,

I don't know if it's relevant but I have a VPS at openbsd.amsterdam that 
seems to have similar behaviour.  I can type top, or any command like ps 
and it will hang a bit before continuing.  There is a mode in SSH to 
enable keepalives, perhaps play with that?  As per my vps, I have 
mentioned it to the admin of the vps (Mischa) and he made me some vps's 
to compare, however I'm leaving that service next month so there is 
really no need.  I had suspected perhaps a drive failure on the RAID but 
Mischa had replaced the drive on that server (I think it has 12 cores or 
something) and it shouldn't be that, but I dunno (shrug).  Do you 
perhaps use vmm on your 2x cpu machine?


Best Regards,

-pjp

--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.

dhcpleaseed message in cloud environment

[J Doe]

Hi,

I have an OpenBSD 7.4 VM on Vultr and I sometimes notice the following
from dhcpleased in syslogd:

Feb 22 21:50:51 server dhcpleased[83222]: parse_dhcp: message from
 too short

Although the message is referred to as being "too short", dhcpleased
successfully acquires an IP for the VM and all is good.

With everything being virtual for my VM, why would there be truncation
in the DHCP message ?  Secondly, is this something I should be concerned
about ?

Thanks,

- J

Re: KeyTrap DNS vulnerability

[Peter J. Philipp]

On 2/14/24 04:55, b...@fea.st wrote:

“A single packet can exhaust the processing
capacity of a vulnerable DNS server, effectively
disabling the machine, by exploiting a
20-plus-year-old design flaw in the DNSSEC
specification.

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/


Thank you for sharing this, it's good to talk about this, as it affects 
any cryptographic keying system.  I was aware of this for a few years 
without giving it more thought because sending random garble instead of 
DNSSEC keys was mentioned on chat channels such as #dns before.


In my opinion, the defenses are not to turn off DNSSEC, but rather, to 
do some sanitizing of the cryptographic data with a lesser cost 
algorithm.  Such as length checks, heuristic collection identifying an 
algorithm before using the main decryption algorithm on it *.


To be honest I looked at the patches but wasn't any wiser that this was 
really done.  Another approach is to flag abusers of DNSSEC keys and 
block them for some time penalty, and if repeated abuse happens then to 
block the entire site.


* I'm not a cryptographer, mathematician nor do I program DNS on the 
recursive end.  I program on the authoritative server end, where you 
can't do anything about something like a MITM anyhow. Donald Knuth and 
other books using algorithmic approaches may be good reading for this.


Best Regards,

-peter

httpd generating: read_errdoc entries in syslog

[J Doe]

Hi,

I have a custom error template that I use for the error documents for
httpd, as described in: man httpd.conf

In /var/www I have created:

/errroot:daemon chmod 0755

Within /var/www/err I have created:

err.htmlwww:www chmod 0444

In my httpd.conf I have a global configuration that points to this:

/etc/httpd.conf
. . .
errdocs "/err"

When I cause an error with httpd, the error document template I have
created gets rendered to the client, but I get entries in syslog like
the following:

serv1 httpd[23368]: read_errdoc: open: No such file or directory

This also happens if a create a copy of err.html and name it 404.html.

How can I modify my configuration to stop the: read_errdoc entries in
syslog ?

Thanks,

- J

what do people use for a sip proxy?

[Peter J. Philipp]

Hi,

I'm back from my hiatus.

what I'm looking for is something like a kamailio but much much easier 
and straight forward and perhaps a BSD license instead of GPL.


I have about 4 weeks after next week of free time (god willing) and I'm 
thinking of expanding on a software of mine for a sip proxy.  But if 
it'll save time to have a straight forward software that's already 
written plus the config writing and understanding, then I need not code it.


The software should be able to answer a VOIP call for sip:callpeter.tel 
or whatever I put on https://callpeter.tel.


It should also be able to do sips:// or tls'ed sip.  It should register 
or be registerable to an already existing AVM sip server.  And it should 
be security conscious.


Thanks for feedback,

-peter

--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.

Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?

[Herbert J. Skuhra]

On Sat, Feb 03, 2024 at 09:19:47AM +0300, Mark wrote:
> An experimental, unstable package in packages-stable?
> 
> An outdated and potentially vulnerable software in the latest OpenBSD
> 7.4-stable?
> 
> I must really have been missing something here...

Just a few links:

https://github.com/openbsd/ports/blob/master/mail/postfix/snapshot/Makefile
http://ftp.porcupine.org/mirrors/postfix-release/index.html#experimental
https://www.postfix.org/smtp-smuggling.html

-- 
Herbert

Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?

[Herbert J. Skuhra]

On Fri, Feb 02, 2024 at 08:44:45PM -0600, Brian Conway wrote:
> On Fri, Feb 2, 2024, at 6:44 PM, Herbert J. Skuhra wrote:
> > On Sat, Feb 03, 2024 at 03:00:10AM +0300, Mark wrote:
> >> Hi.
> >> 
> >> It seems that the recent Postfix update under 7.4-amd64,
> >> (package: postfix-3.8.20221007p12-sasl2-mysql) breaks TLS connections,
> >> coming from Gmail servers, throwing a TLS library problem.
> >> 
> >> Here's the log output;
> >> 
> >> postfix/smtpd[32879]: connect from mail-yw1-f178.google.com[209.85.128.178]
> >> 
> >> postfix/smtpd[7374]: Trusted TLS connection established from
> >> mail-lf1-f45.google.com[209.85.167.45]: TLSv1.3
> >> with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519
> >> server-signature ECDSA (prime256v1) server-digest SHA256 client-signature
> >> RSA-PSS (2048 bits) client-digest SHA256
> >> 
> >> postfix/smtpd[7374]: warning: TLS library problem: error:0A000126:SSL
> >> routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:308:
> >> postfix/smtpd[7374]: lost connection after STARTTLS from
> >> mail-lf1-f45.google.com[209.85.167.45]
> >> postfix/smtpd[7374]: disconnect from mail-lf1-f45.google.com[209.85.167.45]
> >> ehlo=1 starttls=1 commands=2
> >> 
> >> Before updating the package, I had postfix-3.8.20221007p11, and it had no
> >> such problem.
> >
> > Why do you run such an outdated postfix snapshot?
> 
> That is the latest version that is supported/available in packages-stable:
> 
> https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/amd64/

Yeah, sadly! But no reason to install/run outdated and potentially
vulnerable server software. :-)

Postfix 3.8.20221007 is an old development snapshot (experimental!). It
should be either updated or removed. Latest version as of today is
postfix-3.9-20240129. There are also updates available for postfix35
(3.5.24) and postfix (3.7.10/3.8.5).

-- 
Herbert 

Re: New postfix-3.8.20221007p12 broken TLS for Gmail servers?

[Herbert J. Skuhra]

On Sat, Feb 03, 2024 at 03:00:10AM +0300, Mark wrote:
> Hi.
> 
> It seems that the recent Postfix update under 7.4-amd64,
> (package: postfix-3.8.20221007p12-sasl2-mysql) breaks TLS connections,
> coming from Gmail servers, throwing a TLS library problem.
> 
> Here's the log output;
> 
> postfix/smtpd[32879]: connect from mail-yw1-f178.google.com[209.85.128.178]
> 
> postfix/smtpd[7374]: Trusted TLS connection established from
> mail-lf1-f45.google.com[209.85.167.45]: TLSv1.3
> with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519
> server-signature ECDSA (prime256v1) server-digest SHA256 client-signature
> RSA-PSS (2048 bits) client-digest SHA256
> 
> postfix/smtpd[7374]: warning: TLS library problem: error:0A000126:SSL
> routines::unexpected eof while reading:ssl/record/rec_layer_s3.c:308:
> postfix/smtpd[7374]: lost connection after STARTTLS from
> mail-lf1-f45.google.com[209.85.167.45]
> postfix/smtpd[7374]: disconnect from mail-lf1-f45.google.com[209.85.167.45]
> ehlo=1 starttls=1 commands=2
> 
> Before updating the package, I had postfix-3.8.20221007p11, and it had no
> such problem.

Why do you run such an outdated postfix snapshot?

-- 
Herbert

Re: my software is changing its future

[Peter J. Philipp]

first, are you trolling me? :-)

I think my port to windows is more about choice for potential customers, 
than giving the world a virus.  Ie. if the customer would pay me money 
for my L7 DNS firewall, but is not able to quickly change to OpenBSD or 
Linux on their network, then that's where the Windows client would come in.


Until I'm ready though in setting up this firewall system, some time is 
going to pass.  Until then, it would be nice to offer people all 
versions (which are synced) for a small cost.  Think of it as a donation 
and you have the choice to use it on Windows, Linux, or BSD (and perhaps 
Mac OS).  I considered Solaris but noone uses that anymore do they?  I 
still have solaris 10 on an i386 bytemine firewall here, but I don't 
know if I should spend time on this.  I have a very strict timeline and 
plan for the next two years.


Take me back to 1995 I was convinced Linux was the best model for the 
world.  Take me back to 2000 I decided I wanted to give OpenBSD my 
primary focus.  Take me back to 2007, I realised sitting in a mental 
institution, that the program I started in 2005 was my best achievement 
to that date.  Take me back to 2015 I realised I need to get DNSSEC 
working on this, take me back to 2023 I realised that I'd never get a 
job as a 'sysadmin' since I was unemployed for 14 years since 2002.  I 
have about 200 EUR in pensions per month after retirement so I view my 
creation and the countless of hours I spent on it as part of my 
retirement bonus, so that I can retire perhaps like my dad.  And it 
would be nice to pay back some debts for the re-education I'm going 
through in the next 2 years.


Eventually we all break, until there is social changes making way for a 
true "digital information age".


Best,

-peter

PS: if all else fails, my backup is to become a social worker for 20 
years and help people overcome their pain and poverty because AI made 
them irrelevant.  Coincidentally I met one person in 2003 at a job 
coaching event that was one of the first "victims" of digitalization 
that I ran into.  She was a developer of film before digital cameras, 
when she was canned she was 53 years old and was visibly depressed.


People shouldn't have to go through this, but media news outlets are 
already saying that 40% of the entire world working people will get 
unemployment in the foreseeable future (maybe a dozen years to go).  I 
battled a mental illness since 2002, I also know the pain of stigma and 
everything that revolves around mental illnesses.  I think I can help 
people as well, and perhaps open source can help these people too.  It 
helped me in a time when I had no job offers and I do feel I have 
created some worth.


On 1/29/24 17:31, beecdadd...@danwin1210.de wrote:

open source model benefits everyone because people can check and know there
are no spyware/malware which affects people directly (use your software) or by
using some service that uses your software like companies getting hacked left
and right even the biggest companies get hacked because they are full of
idiots who use proprietary code

I am not familiar with the whole profiting thing, but the idea of paying only
for compiled binaries sounds reasonable (and accepting donations if they
don't)
like if someone is on windows, how are they going to compile it? I never seen
compiling done on MS Windows, so still profitable? this makes sense to me

and if you have money and time think of us who don't like viruses on our
computer because that's what proprietary is, virus

thank you

On Mon, January 29, 2024 3:07 pm, Peter J. Philipp wrote:

Hi,


I have written an authoritative DNS server since 2005.  This february 16th
it will have the last Open Source release at version 1.8.  The Open Source
development was a great prototype (for me), but I feel that asking for
donations is not going to make me a lot of money so I intend to port it to
Microsoft Windows (and perhaps Mac OS) in the next two years.


I also intend to keep this part non-open source, and you may be able to buy
that port in a microsoft store.  This is just part of a greater plan to
eventually enter the firewall market as a cloud based layer seven firewall.
Many systems already exist doing this, but I'm hoping my approach will
eventually get me a minute market share enough to pay some bills.

Now to my question(s):


1. Does the LibreSSL port to windows work?  If so, great!  That will easen
the porting work.

2. How hard would it be to port the imsg framework to Windows?  I understand
there is descriptor passing involved which windows doesn't know.  But I'm
confident that an alternative can be found.  Does a windows port to imsg
already exist?

3. Just out of the blue, is there Windows efforts for pledge and unveil?  I
don't intend to port them but leave them be just like the Linux port that is
already working.

Please, don't feel annoyed that I'm porting to Windows.  It is just an effort
  to gain a larger m

my software is changing its future

[Peter J. Philipp]

Hi,

I have written an authoritative DNS server since 2005.  This february 16th
it will have the last Open Source release at version 1.8.  The Open Source 
development was a great prototype (for me), but I feel that asking for 
donations is not going to make me a lot of money so I intend to port it to 
Microsoft Windows (and perhaps Mac OS) in the next two years.  

I also intend to keep this part non-open source, and you may be able to buy
that port in a microsoft store.  This is just part of a greater plan to 
eventually enter the firewall market as a cloud based layer seven firewall.  
Many systems already exist doing this, but I'm hoping my approach will 
eventually get me a minute market share enough to pay some bills.

Now to my question(s):

1. Does the LibreSSL port to windows work?  If so, great!  That will easen
the porting work.  

2. How hard would it be to port the imsg framework to Windows?  I understand
there is descriptor passing involved which windows doesn't know.  But I'm
confident that an alternative can be found.  Does a windows port to imsg
already exist?

3. Just out of the blue, is there Windows efforts for pledge and unveil?  I
don't intend to port them but leave them be just like the Linux port that is
already working.

Please, don't feel annoyed that I'm porting to Windows.  It is just an effort
to gain a larger marketshare of people that could use this as a product.  After
nearly 20 years I have finally a chance to make some money.  Something I never
had before.  Also version 1.8 will always be around, it will never go away.
And in a few years I do intend to release version 1.9 (without windows port),

I'm a firm believer that the Open Source model benefits the cream of the crop
(the people with skills on top), but it doesn't benefit everyone.  I'm not
a hotshot programmer, I'm mediocre at best.  This is why I want to adopt an
"open core" business model.  This may be selling out to some.  So what.

Also the days of closed source are almost finished.  People with enough ML/AI
power can devise decompilers that are able to make a fine human understandable
code (in C) of a binary.  I have seen screenshots of C decompilers that label
variables var0, var1, var2, var3 etc etc.  So non-coherent.  But with a bit of
AI the var1, var2, varN... can be rearranged to something more understandable.
This also means that open source will win, but its significance will not be
so obvious anymore.  So I give my "closed source" part a few years before they
are decompiled back into source.  Hopefully enough time to make a bit of money.

Thank you for your help along the way for the last 19 years!  And who knows
you can always fork my open source version and continue development for all.
It would be nice to see what you're doing with it and even participate but my
priority for the next two years is re-education as a social worker and when I
can to work on this windows port, so that I have more options to make money
in 2026 and beyond (before I reach retirement age in 20 odd years).

-peter

Please reply with CC to me since I'm not on tech@ and misc@ lists for the time
being.

Re: Script doesn't stop opensearch

[Mik J]

Hello Mike, Omar, Stuart,

Thank you for your answers, I've learnt a lot through these.

It seems that my problem was due to the fact that I added this variable in my 
/root/.profile
export JAVA_HOME=/usr/local/jdk-11/

# cat /var/run/rc.d/opensearch
was then showing a double slash
pexp=/usr/local/jdk-11//bin/java .*org.opensearch.bootstrap.OpenSearch.*

By removing the ending slash in the root .profile, the double slash disapeared 
and I have been able to use /etc/rc.d/opensearch stop since then. And also with 
the check parameter which didn't work at the time.

I still have a question Omar, you wrote that the pexp content would be matched
"the daemon is found by looking for a process matching that pexp and killing 
it."

Here I have
pexp="$(/usr/local/bin/javaPathHelper -c opensearch) 
.*org.opensearch.bootstrap.OpenSearch.*"

But in the ps command javaPathHelper doesn't appear so it can't match it
# COLUMNS=1600  ps ax -o command | grep Dopensearch
/usr/local/jdk-11/bin/java -Xshare:auto 
-Dopensearch.networkaddress.cache.ttl=60 
-Dopensearch.networkaddress.cache.negative.ttl=10 -XX:+AlwaysPreTouch -Xss1m 
-Djava.awt.headless=true -Dfile.encoding=UTF-8 -Djna.nosys=true 
-XX:-OmitStackTraceInFastThrow -Dio.netty.noUnsafe=true 
-Dio.netty.noKeySetOptimization=true -Dio.netty.recycler.maxCapacityPerThread=0 
-Dio.netty.allocator.numDirectArenas=0 -Dlog4j.shutdownHookEnabled=false 
-Dlog4j2.disable.jmx=true -Djava.locale.providers=SPI,COMPAT -Xms6g -Xmx6g 
-XX:+UseG1GC -XX:G1ReservePercent=25 -XX:InitiatingHeapOccupancyPercent=30 
-Djava.io.tmpdir=/tmp/opensearch-18321662122565322049 
-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=data 
-XX:ErrorFile=/var/log/opensearch/hs_err_pid%p.log 
-Xlog:gc*,gc+age=trace,safepoint:file=/var/log/opensearch/gc.log:utctime,pid,tags:filecount=32,filesize=64m
 
-Djava.util.concurrent.ForkJoinPool.common.threadFactory=org.opensearch.secure_sm.SecuredForkJoinWorkerThreadFactory
 -XX:MaxDirectMemorySize=3221225472 
-Dopensearch.path.home=/usr/local/opensearch 
-Dopensearch.path.conf=/etc/opensearch -Dopensearch.distribution.type=tar 
-Dopensearch.bundled_jdk=true -cp 
/usr/local/opensearch/lib/*:/usr/local/share/java//classes//jna.jar:/usr/local/share/java//classes//jna-platform.jar
 org.opensearch.bootstrap.OpenSearch -d -p /var/run/opensearch/opensearch.pid

Thank you




Le jeudi 4 janvier 2024 à 14:36:05 UTC+1, Stuart Henderson 
 a écrit : 





On 2024-01-03, Mik J  wrote:
> Hello,
>
> I don't understand how the startup/stop script works

It uses the string from pexp (as it was when the daemon was _started_;
changes to the rc script after startup are ignored) with pgrep(1) -xf to
identify the running process (and pkill -xf to actually signal it).

> I can confirm that the pid I see in /var/run/opensearch/opensearch.pid is the 
> same I see in ps ax | grep opensearch
>
> However when I want to stop the process
> # /etc/rc.d/opensearch stop
> Nothing happens

Show the contents of /var/run/rc.d/opensearch and the output of some
pgrep command that identifies the process (e.g. pgrep -lf opensearch).

> And I don't understand how this stop command would do something like that
> # kill -15 `cat /var/run/opensearch/opensearch.pid`

rc.d doesn't use pid files. If the daemon exited without cleaning the
file (e.g in a crash) the pid may have been re-used by another process.

-- 
Please keep replies on the mailing list.

Script doesn't stop opensearch

[Mik J]

Hello,

I don't understand how the startup/stop script works

# cat /etc/rc.d/opensearch
#!/bin/ksh

daemon="/usr/local/opensearch/bin/opensearch"
daemon_flags="-d -p /var/run/opensearch/opensearch.pid"
daemon_user="_opensearch"

. /etc/rc.d/rc.subr

pexp="$(/usr/local/bin/javaPathHelper -c opensearch) 
.*org.opensearch.bootstrap.OpenSearch.*"

rc_reload=NO

rc_pre() {
    install -d -o _opensearch /var/run/opensearch/
}

rc_cmd $1


I can confirm that the pid I see in /var/run/opensearch/opensearch.pid is the 
same I see in ps ax | grep opensearch

However when I want to stop the process
# /etc/rc.d/opensearch stop
Nothing happens

And I don't understand how this stop command would do something like that
# kill -15 `cat /var/run/opensearch/opensearch.pid`

Thank you

Re: mpv won't play video : "Consider fixing your graphic drivers"

[Anthony J. Bentley]

Sylvain Saboua writes:
> [vo/sdl] Using opengl
> [vo/sdl] Warning: this legacy VO has bad performance. Consider fixing 
> your graphics drivers, or not forcing the sdl VO.

This message is specific to the sdl and xv outputs. The mpv manpage says:

The recommended output driver is --vo=gpu, which is the default. All
other drivers are for compatibility or special purposes. If the
default does not work, it will fallback to other drivers (in the same
order as listed by --vo=help).

So either you're specifying sdl manually (in a config file?) or the 
default is not working and mpv is falling back to sdl. Can you confirm
which it is?

> What could go wrong ? I doubt that it would only be that my
> computer isn't powerful enough. I have tried different --vo
> arguments without success.

What does "without success" mean? That it continues to fall back to
sdl and print that message (say, if you specify --vo=gpu)?

Re: relayd https inspection certificate issue

[J Doe]

On 2023-12-11 14:06, Philipp Benner wrote:


Thank you for the infomation Claudio!
What a pitty!
I thought I found a tiny solution there.

Do you have any suggestions for an alternative? I don'´t want to install squid 
becaus of limited ressources on this machine.

Any ideas? Or should I try nginx?



Hi list,

Just wondering the same question - is there a open source TLS inspection 
proxy that anyone can recommend besides using relayd's functionality for 
this ?


Thanks,

- J

Re: relayd https inspection certificate issue

[J Doe]

On 2023-12-09 04:02, Claudio Jeker wrote:



Don't do it. This "TLS inspection" mode is broken and it is close to
impossible to fix it. The way the MITM cert is built is not smart enough
and does not consider many special cases like SAN certs and OCSP.
It works for simple things but does not work as a generic SSL interceptor.



Hi Claudio and list,

Ah, I was experimenting with this this week and couldn't understand why 
I was getting similar errors.


I'd still like TLS inspection on one of my routers and while I usually 
try to stick with the tools that ship with each OpenBSD install, I was 
wondering if anyone could recommend any third party software with a good 
security track record ?


I believe nginx can operate as a reverse proxy / application layer 
gateway ... can it also do TLS inspection for user traffic ?


Thanks,

- J

Re: NFS Server performance

[j]

On Tue, Dec 05, 2023 at 02:06:44PM +, Steven Surdock wrote:


Using an OBSD 7.4 VM on VMware as an NFS server on HOST02.   It is
primarily used to store VMWare VM backups from HOST01, so VMWare
is the NFS client.  I'm seeing transfers of about 1.2 MB/s.


Sounds about right.  On a single (magnetic) disk, assume 200 ops/sec
maximum, or about 5 kbyte per write op.

Remember that NFS is synchronous.  It is based on RPC, remote
procedure calls.  The call has to return a result to the client
before the next call can happen.  So your client (ESXi) is stuck
at the synchronous write rate of your disk, which is governed
by seek time and rotation rate.

To confirm, run systat and note the "sec" measurement for your disk.
It will likely be in the 0.5 to 1.0 range.  This means your
disk is 50% to 100% busy.  And the speed is about 1MB/s.

For improvement, use "-o noatime" on your exported partition
mount.  This reduces inode update IO.

Or, try "-o async" if you want to live dangerously.

Or, you could even try ext2 instead of ffs.rumour has it that
ext2 is faster.  I don't know, never having tried it.

Or use an SSD for your export partition.

Or, crank up a copy of Linux and run NFS v4 server.  That will
definitely be faster than any NFS v3 server.  V4 streams
writes, to be very simplistic about it.

(I think you already confirmed it's NFS v3 with TCP, not NFS v2.
You should turn UDP off for reliability reasons, not performance.)



J

Re: Thinkpad x260 not connecting to network

[Stephan, Corey J]

Mike,

1) Try quotation marks around the SSID and password.

2) Make sure that you have run

ifconfig iwm0 up
sh /etc/netstart

3) If you are still confused, you can check

a) man pages for hostname.if(5) or iwn(4)

b) FAQ entry for Wireless
https://www.openbsd.org/faq/faq6.html#Wireless

or, unofficially,

c) my blog post on configuring the X270, subsection #wifi:
https://www.coreystephan.com/openbsd-thinkpad/#wifi

Cheers,
Corey

-- 
Corey Stephan, Ph.D.
coreystephan.com

Re: OpenBSD alternative setup to ZFS on Linux or FreeBSD

[j]

And speaking from experience, it's _much_ more reliable than DVD-R or 
CD-R as

long as the discs are correctly written in the first place.



For long-term storage, you have other risks to manage, not the
simple technical risk of "will my portable-USB disk be readable in
2038?".

If you are a home-based user, or sole practitioner, or lone-gunman
archivist, you should consider the possibility that in 20 years you
will no longer be able to remember how to process old disks and
files.  Writing yourself some instructions would be essential.  On
paper. And, too, regularly practicing on old media.

In the small-business case, your technology, media, even corporate
culture can result in unexpected destruction of "important" media
by unaware individuals who will make some unbelievable decisions.
Like "throw out any media smaller than 5TB as it's obsolete."  "Toss
those old DLT-4000 drives as nobody uses them anymore."  "Nobody
needs this box of discs..."

(No shit, it happened to me.)

In larger corporate cultures, for example with contract commitments
of decades, well, that's out of scope for this discussion.  But
it's fun to imagine "How do I support WordPerfect 2.3 in 2039?".

J

Re: Logging daemon message in a specific file

[Mik J]

 Hello Ze, Stuart,
Thank you for your answers.Yes I did read the man page before sending my 
message but I understood "that further blocks would be evaluated cancelling 
!!prog" and therefore isakmpd and unbound would be logged in messages. At the 
end I didn't give a chance to this !*. Probably I'm a bit confused by my 
reading in english.
Have a nice week


Le dimanche 12 novembre 2023 à 11:56:30 UTC+1, Stuart Henderson 
 a écrit :  
 
 On 2023-11-12, Rosen Iliev  wrote:
> Hello,
>
> man syslog.conf is your friend.
>
> /!!prog/ causes the subsequent block to abort evaluation when a message 
> matches, ensuring that only a single set of actions is taken. /!*/ 
> can be used to ensure that 
> any ensuing blocks are further evaluated (i.e. cancelling the effect of 
> a /!prog/ or /!!prog/).

Yes, this, and obviously consider the order in which the syslog.conf
entries are added, i.e. put your !! entries above the main set.


  

Logging daemon message in a specific file

[Mik J]

Hello,
I would like to log isakmpd and unbound messages in a specific file but I don't 
want them to be logged in messages or daemon.
1) With this first method, the messages are logged in their files but also in 
messages and I don't want them to be logged in messages: I find many queries 
and isakmpd logs in messages

!isakmpd
daemon.*    /var/log/isakmpd.log

!unbound
daemon.*    
/var/unbound/var/queries.log
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages



2) With this second method, the messages are logged in their files but not in 
messages. So I'm happy the way it behaves for isakmpd and unbound because it's 
logged in their files and not in messages.The problem is that any other message 
are not logged in messages. No more syslogs are added to messages.

!!isakmpd
daemon.*    /var/log/isakmpd.log

!!unbound
daemon.*    
/var/unbound/var/queries.log
*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages
How can I first filter syslogs so they can be logged in a specific log and 
everything that doesn't match would end in messages.That second solution should 
have done that but it doesn't.
Regards

Re: OpenBSD_one_site_web_hosting_software_recommendation

[Peter J. Philipp]

On Thu, Nov 09, 2023 at 12:38:27PM +0100, soko.tica wrote:
> Hello,
> 
> I have a task to launch from scratch one site web hosting google cloud
> instance.
> 
> I know OpenBSD does have httpd web server, but I couldn't have found
> neither wordpress nor joomla software neither in packages nor in ports (7.4
> -stable).
> 
> Is there a possibility to launch wordpress or joomla on such an instance on
> OpenBSD? Which manpages should I read?
> Thanks in advance,

Instead of wordpress I invite you to be creative with C programming language
and construct your own BCHS (pronounced beaches) website.  Many people have
written their own blogs this way, so have I.  Check out my source code for
this at:

https://gotweb.delphinusdns.org/?action=summary=centroidblog.got

It could be on github, but I haven't uploaded it there yet.

https://learnbchs.org/  <-- another great educational site

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: iPhone Charging

[Peter J. Philipp]

On Sat, Oct 28, 2023 at 06:33:59AM +, Lucretia wrote:
> From a security perspective, how dangerous is it to plug in my iPhone into 
> the USB port on my laptop?
> 
> I only have one charging cable, so I use my laptop to charge it, not having 
> the correct wall adapter. I've skimmed material about Vault 7 and know The 
> CIA actively develops tools which compromise Apple iPhones, and probably some 
> of those tools get leaked.
> 
> Can an iPhone plugged into the USB port be a potential security risk? I 
> assume so, but I haven't gotten around to buying a wall adapter. Not that I 
> have much which would interest hackers on my laptops, mostly just lists of 
> prayers.

No it's perfectly safe.  Go on.  Do know that you get only a certain amount
of amps though, a dedicated charger is probably a bit better.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: RISC-V questions

[Peter J. Philipp]

Hi Lucretia,

The mentioned boards are here:

Pioneer and Oasis should be found at:  https://milkv.io/

Lichee Pi should be found at:  

https://wiki.sipeed.com/hardware/en/lichee/th1520/lpi4a/1_intro.html

and the mentioned Sifive/Intel P550 was here:

https://www.sifive.com/boards/hifive-pro-p550


Best Regards,
-peter


On Fri, Oct 27, 2023 at 11:46:24AM +, Lucretia wrote:
> I've only used R-Pi and intel/AMD, what kind of setup are the Risc-V you are 
> looking at? On Wikipedia it says there are embedded, desktop, and servers 
> that use it. I can't say I'd be in for joining with a one for me, one for a 
> developer but I might be interested if I knew more. Shipping to Kyrgyzstan 
> might not be pretty either.
> 
> On Fri, Oct 27, 2023 at 17:30, Peter J. Philipp 
> <[p...@delphinusdns.org](mailto:On Fri, Oct 27, 2023 at 17:30, Peter J. 
> Philipp < wrote:
> 
> > Hi,
> >
> > I have very little insight other than google news what it means that the
> > flagship of risc-v, a company called sifive, had a lot of layoffs. I have
> > heard scarecrow stories of the US Chip Act or something that the US is 
> > moving
> > anti-riscv.
> >
> > I have three riscv computers right now, all of them come out of China and
> > one of them uses sifive cpu's, so it's half american. I had planned to
> > buy more american risc-v but the politics around chips and riscv aren't
> > particularily positive.
> >
> > I can probably forget buying a Sifive/Intel P550 now. It was in competition
> > with a Lichee Pi or a Milk-V Oasis-type board. And now the choice from three
> > became two. I want this as my workstation. I wrote about this before and it
> > was suggested to me that I get a Milk-V Pioneer but I can't afford the
> > electric bill for that, I figure.
> >
> > So, I have to ask does anyone have interesting insights as to perhaps US or
> > European riscv efforts? I would buy if affordable and competive with what
> > Chinese manufacturers are offering. I do believe risc-v with its openness
> > is my favourite architecture so far. Also, I told my close ones, that I
> > won't be buying for just myself but also for someone at OpenBSD (so twice)
> > as riscv is still bleeding edge somewhat especially on the desktop.
> >
> > I was very happy with what was announced with the Oasis board. The price is
> > right ($120) to perhaps get two boards to OpenBSD here, given that someone
> > at OpenBSD wants to give it a turn to do development on it, and they might
> > be able to do it with two+ people. I have been looking around others who in
> > the past wanted to donate and we could possibly get an even larger donation
> > together, given, only if there is interest in the OpenBSD developer 
> > community.
> >
> > That was a few weeks ago before Oasis was announced for the Lichee Pi, but I
> > think the Oasis to me is a lot more interesting than a Lichee Pi and may be
> > cheaper in the end. One particular nice thing about it is my interpretation
> > that it has non-soldered on RAM.
> >
> > Let me know if you have some answers and if potentially anyone is available 
> > to
> > receive Oasis-type boards perhaps after Christmas, I'll be following up with
> > a purchase in March 2024 or so. By then there might be even sweeter deals
> > considering how fast this all moves, we should see then.
> >
> > Best Regards,
> > -peter
> >
> > --
> > Over thirty years experience on Unix-like Operating Systems starting with 
> > QNX.

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

RISC-V questions

[Peter J. Philipp]

Hi,

I have very little insight other than google news what it means that the
flagship of risc-v, a company called sifive, had a lot of layoffs.  I have
heard scarecrow stories of the US Chip Act or something that the US is moving
anti-riscv.

I have three riscv computers right now, all of them come out of China and
one of them uses sifive cpu's, so it's half american.  I had planned to
buy more american risc-v but the politics around chips and riscv aren't
particularily positive.

I can probably forget buying a Sifive/Intel P550 now.  It was in competition 
with a Lichee Pi or a Milk-V Oasis-type board.  And now the choice from three
became two.  I want this as my workstation.  I wrote about this before and it
was suggested to me that I get a Milk-V Pioneer but I can't afford the
electric bill for that, I figure.

So, I have to ask does anyone have interesting insights as to perhaps US or
European riscv efforts?  I would buy if affordable and competive with what
Chinese manufacturers are offering.  I do believe risc-v with its openness
is my favourite architecture so far.  Also, I told my close ones, that I 
won't be buying for just myself but also for someone at OpenBSD (so twice) 
as riscv is still bleeding edge somewhat especially on the desktop.

I was very happy with what was announced with the Oasis board.  The price is
right ($120) to perhaps get two boards to OpenBSD here, given that someone 
at OpenBSD wants to give it a turn to do development on it, and they might
be able to do it with two+ people.  I have been looking around others who in
the past wanted to donate and we could possibly get an even larger donation
together, given, only if there is interest in the OpenBSD developer community.

That was a few weeks ago before Oasis was announced for the Lichee Pi, but I
think the Oasis to me is a lot more interesting than a Lichee Pi and may be
cheaper in the end.  One particular nice thing about it is my interpretation
that it has non-soldered on RAM.

Let me know if you have some answers and if potentially anyone is available to
receive Oasis-type boards perhaps after Christmas, I'll be following up with 
a purchase in March 2024 or so.  By then there might be even sweeter deals 
considering how fast this all moves, we should see then.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: How to break and smash things

[Peter J. Philipp]

On Thu, Oct 26, 2023 at 11:48:43AM +0600, Maria Morisot wrote:
> Hi,
> I've been frustrated in trying to find a way to help the project and thanks 
> to several people's replies I've been considering what I like to do with the 
> operating system.
> 
> My needs are simple, as far as personal usage goes; give me an offline system 
> with vi and hard drive access and I'll happily write poetry to my heart's 
> content in my favorite caf??.
> 
> But I really want to help the project. I like the idea of trying to break 
> things and get them to malfunction in order to expose bugs that have been 
> overlooked.
> 
> I like to smash things.
> 
> Does anyone know of any good resources for this, or recommended software in 
> ports that I should study and learn? I have an O'Reilly subscription, so and 
> book recommendations from on there I should have access to. Blogs are great 
> too.
> 
> I have a pretty good understanding of randomness and know about the concept 
> of fuzzing. I've done testing in my software courses and know a little about 
> writing code for explicit bad cases. But my schooling was very lax and was 
> easy to get A's so I didn't put much effort in.
> 
> Thanks again to everyone who has tried to help me find my path here in the 
> community, I know that I am a tough pill to swallow, that is why I generally 
> play alone.
> --
> Google doesn't need to
> know every time I fart.
> 

Just take it easy.  You don't enlighten us with your age, but I suspect you're
in the early twenties.  There is people here that are one to several generations
above you.  We were all young once and probably just as wild once.  If you
stick around for 20 years or so (which to me is a human generation), you'll be
like some of us.

What I found joy with when I was employed was tasting amazon books.  There
was some disappointment, but also some surprises.  If you don't like amazon
I understand, I use them because I live in a tiny city where computer books
are hard to find.  One disappointment was that after a certain experience
level certain books that are an advanced level are hard to find.  Most
will re-iterate the basics of someone who has perhaps up to 5 years 
experience.

Even though I never made monetary riches, I feel my history using open source
was great.  I started in 1995 and it wasn't until 2005 that I started on the
project that I'm still working on today which is nearly 20 years old.  Back
then I didn't realise a DNS server would keep me that busy.  But in 2007 I
realised that it was my best project and I should stick with it.  Meanwhile
I have a five year plan which involves some closed source to hopefully get
me some money.

So envision yourself in 20 years from now.  Luckily as humans we are great
dreamers and envisionaries so we are capable to put ourselves into such
positions.  What projects do you want to have under your belt?  Do you want
one project or several?  Do you want family, kids, spouse, house, boat, and
cottage?  Do you want a pet AI?  Or perhaps a robot?  If anything misses in
the mix it's time.  There is all these possibilities but not enough time to
do them all, so you must prioritize and drop some wants.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: What could cause high CPU load averages (no actual CPU usage)?

[j]

Mike Fischer  writes:



>
> Could this be caused by something on the VMWare host machine? (The
> host seems to be operating at limit regarding RAM for example. But the
> VM is only using the normal percentage of its allocated RAM — way
> below 100% and very constant usage, no swap.)
>


...snip...

The machines are very similar (RAM, CPU, storage, OS version), but here 
is the one I \

rebooted:

...snip...

OpenBSD 7.4 (GENERIC.MP) #0: Sun Oct 22 12:13:42 MDT 2023
   
r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

real mem = 4277010432 (4078MB)
avail mem = 4127657984 (3936MB)

...snip...

bios0: vendor Phoenix Technologies LTD version "6.00" date 12/12/2018
bios0: VMware, Inc. VMware Virtual Platform

...snip...

cpu0 at mainbus0: apid 0 (boot processor)

...snip...

cpu1 at mainbus0: apid 2 (application processor)

...

You have to fix two problems in VMware before you can look at your 
guests.


First, you say VMware is at it's limit for memory.  Don't forget that 
VMware is
a rebranded and hacked up Linux kernelit is an operating system and 
should
not be overcommitted in RAM.  In this state performance is 
unpredictable.  You

should leave 10% or 20% RAM uncommitted.

Second, you have dual-core guests.  On a VMware system, this guest has
to wait for exactly two cores to become available before it can be 
scheduled.

The busyness of other guests controls this, not VMware and not OpenBSD.

A single-core guest improves the schedulability by the VMware kernel.

I suggest you are complaining on the wrong list.


J

some sub-projects of openbsd have nameserver REFUSED...

[Peter J. Philipp]

Hi,

Oct  3 17:34:08 sky named[12837]: REFUSED unexpected RCODE resolving 
'LibreSsl.cOM/A/IN': 2001:4b98:d:1::4b#53
Oct  3 17:34:08 sky named[12837]: REFUSED unexpected RCODE resolving 
'wWw.LibResSL.ORg//IN': 2001:4b98:d:1::4b#53
Oct  3 17:34:08 sky named[12837]: REFUSED unexpected RCODE resolving 
'WWW.lIBRessl.ORG/A/IN': 2001:4b98:d:1::4b#53
Oct  3 17:43:37 sky named[12837]: REFUSED unexpected RCODE resolving 
'opENBsdfOUNDATioN.ORg/A/IN': 2001:4b98:d:1::4b#53
Oct  3 17:43:38 sky named[12837]: REFUSED unexpected RCODE resolving 
'WWw.opENbsDfoUNDATioN.org/A/IN': 2001:4b98:d:1::4b#53

It seems that some of these are refused by ns6.gandi.net.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: RISCV - port to Mango Pi MQ-Pro (D1)

[Peter J. Philipp]

On Sat, Sep 23, 2023 at 09:15:30AM +0200, Peter J. Philipp wrote:
> On Mon, Sep 18, 2023 at 02:37:50PM +0200, Peter J. Philipp wrote:
> > Hi,
> > 
> > I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
> > succeeded yet, but I think we're close.  My patches are here:
> > 
> > https://github.com/pbug44/openbsd-src/tree/MANGOPI
> 
> Just a status report, I got it to boot to the exec'ing init.  I had to
> disable plic0 and com0, and am running on the boot loaders console.  That is
> probably why I see no installer message (no /dev/console).

Well I'm out of time, given another month I might have made it work.  Here is
my final commit:

https://github.com/pbug44/openbsd-src/commit/e25ff39b81043bbfb71c588fec7eb6c3c0025d91

Another failure, but I learned a lot so it was a success in my eyes.  I'm going
back to programming on my delphinusdnsd for the rest of this year.  That's my
priority.

I'm passing the torch to Miguel, Moritz and Mark who I've been having steady
contact with throughout this.  They have this hardware and are able to
make it work given time.  If nothing happens by december, I may be able to
pick up on this (if I want).

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: RISCV - port to Mango Pi MQ-Pro (D1)

[Peter J. Philipp]

On Mon, Sep 18, 2023 at 02:37:50PM +0200, Peter J. Philipp wrote:
> Hi,
> 
> I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
> succeeded yet, but I think we're close.  My patches are here:
> 
> https://github.com/pbug44/openbsd-src/tree/MANGOPI

Just a status report, I got it to boot to the exec'ing init.  I had to
disable plic0 and com0, and am running on the boot loaders console.  That is
probably why I see no installer message (no /dev/console).

So that is the work that still needs to be done, getting the console working
right.  It's the same as the Allwinner H6 (APB driven), though when I enable
cn_tab (which I hashed out) in /sys/dev/fdt/com_fdt.c then all I see is 
one or two bytes in the serial cu, and it reminds me of a speedrate problem.
I haven't figured that out yet.

The other thing is the plic.  I did workarounds to get around its freezing,
but those are likely wrong.  Because when an IRQ gets enabled it freezes the
boot process.  I'll hopefully get this all fixed up by next weekend at which
time I'm going back to dns programming (shift of priorities).

Here is the dmesg to the point of WARNING: CHECK AND RESET THE DATE!


--->
U-Boot 2022.10 (Jul 20 2023 - 09:48:42 +) Allwinner Technology

DRAM:  1 GiB
sunxi_set_gate: (CLK#24) unhandled
Core:  54 devices, 20 uclasses, devicetree: separate
WDT:   Not starting watchdog@6011000
MMC:   mmc@402: 0, mmc@4021000: 1
Loading Environment from FAT... PLL reg = 0xf8216300, freq = 12
OK
In:serial@250
Out:   serial@250
Err:   serial@250
Net:   eth0: ethernet@450
starting USB...
Bus usb@4101000: USB EHCI 1.00
Bus usb@4101400: USB OHCI 1.0
Bus usb@420: USB EHCI 1.00
Bus usb@4200400: USB OHCI 1.0
scanning bus usb@4101000 for devices... 1 USB Device(s) found
scanning bus usb@4101400 for devices... 1 USB Device(s) found
scanning bus usb@420 for devices... 3 USB Device(s) found
scanning bus usb@4200400 for devices... 1 USB Device(s) found
   scanning usb for storage devices... 0 Storage Device(s) found
Hit any key to stop autoboot:  0
=> run bootobsd
24525 bytes read in 10 ms (2.3 MiB/s)
152332 bytes read in 30 ms (4.8 MiB/s)
Card did not respond to voltage select! : -110
** Unable to read file ubootefi.var **
Failed to load EFI variables
Booting /\EFI\OpenBSD\BOOTRISCV64.EFI
disks: sd0*
>> OpenBSD/riscv64 BOOTRISCV64 1.5
boot> boot -c
cannot open sd0a:/etc/random.seed: No such file or directory
booting sd0a:/bsd: 2142436+1168164+8505520+538824 
[181570+122+283152+186205]=0xf3f470
bootargs: -c
[oh it's a Mango Pi, hold on this might take a whi. :-)]
all mapped
type 0x0 pa 0x4000 va 0x4000 pages 0x40 attr 0x8
type 0x7 pa 0x4004 va 0x4004 pages 0x1c0 attr 0x8
type 0x2 pa 0x4020 va 0x4020 pages 0x4000 attr 0x8
type 0x7 pa 0x4420 va 0x4420 pages 0x3d00 attr 0x8
type 0x9 pa 0x47f0 va 0x47f0 pages 0x9 attr 0x8
type 0x7 pa 0x47f09000 va 0x47f09000 pages 0x36cd7 attr 0x8
type 0x2 pa 0x7ebe va 0x7ebe pages 0x8 attr 0x8
type 0x4 pa 0x7ebe8000 va 0x7ebe8000 pages 0x1 attr 0x8
type 0x7 pa 0x7ebe9000 va 0x7ebe9000 pages 0x1 attr 0x8
type 0x2 pa 0x7ebea000 va 0x7ebea000 pages 0x100 attr 0x8
type 0x1 pa 0x7ecea000 va 0x7ecea000 pages 0x26 attr 0x8
type 0x4 pa 0x7ed1 va 0x7ed1 pages 0x5 attr 0x8
type 0x6 pa 0x7ed15000 va 0x7ed15000 pages 0x1 attr 0x8008
type 0x4 pa 0x7ed16000 va 0x7ed16000 pages 0x3 attr 0x8
type 0x6 pa 0x7ed19000 va 0x7ed19000 pages 0x1 attr 0x8008
type 0x4 pa 0x7ed1a000 va 0x7ed1a000 pages 0x1 attr 0x8
type 0x6 pa 0x7ed1b000 va 0x7ed1b000 pages 0x6 attr 0x8008
type 0x4 pa 0x7ed21000 va 0x7ed21000 pages 0x17 attr 0x8
type 0x2 pa 0x7ed38000 va 0x7ed38000 pages 0x122c attr 0x8
type 0x5 pa 0x7ff64000 va 0x7ff64000 pages 0x1 attr 0x8008
type 0x2 pa 0x7ff65000 va 0x7ff65000 pages 0x9b attr 0x8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2023 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 7.3-current (MANGOPI) #185: Sat Sep 23 08:52:28 CEST 2023
p...@stern.mainrechner.de:/riscv64/compile/MANGOPI
real mem  = 1073741824 (1024MB)
avail mem = 988495872 (942MB)
SBI: OpenSBI v1.3, SBI Specification Version 1.0
User Kernel Config
UKC> disable com
 67 com* disabled
UKC> disable plic
  5 plic* disabled
UKC> quit
Continuing...
random: boothowto does not indicate good seed
mainbus0 at root: Allwinner D1 Nezha
cpu0 at mainbus0: T-Head C906 imp 0 rv64imafdc
intc0 at cpu0
cpu0: 32KB 64b/line 128-way L1 I-cache, 32KB 64b/line 256-way L1 D-cache
"dcxo-clk" at mainbus0 not configured
"display-engine" at mainbus0 not configured
simplebus0 at mainbus0: "soc"
sxipio0 at simplebus0: 88 pins
sxiccmu0 at simplebus0
syscon0 at simplebus0: "audio-codec"
"regulators" at syscon0 not configured
&

RISCV - port to Mango Pi MQ-Pro (D1)

[Peter J. Philipp]

Hi,

I've been working a little bit on making OpenBSD run on Mango Pi, I haven't
succeeded yet, but I think we're close.  My patches are here:

https://github.com/pbug44/openbsd-src/tree/MANGOPI

it's a forked version of OpenBSD src with a "MANGOPI" branch.  I used to
send patches around to several OpenBSD devs but now it's probably better
to have a repo for it.

If you have this hardware and want OpenBSD running on it, help us!  If you
don't know how to program perhaps you can build-test.  I haven't merged
this patch yet, but I'll be working on this (it was compiling on a sept. 1st
version of -current).

A Mango Pi was sent to OpenBSD but came back to me after some time waiting
to be picked up at a postal outlet.  I don't know why they didn't call the
OpenBSD dev, the number was on the address.  Or perhaps they did and he
was on vacation at the time.  I still want to give this to the OpenBSD dev
that I sent it to, unless he doesn't want it, I still want to give this to
OpenBSD.  OpenBSD, contact me with new postal address information.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Update from 6.5 to 7.3

[Herbert J. Skuhra]

On Fri, 08 Sep 2023 10:01:45 +0200, Alessandro Baggi wrote:
> 
> Hi list,
> I've a problem. I need to upgrade OpenBSD from 6.5 to 7.3 on an
> APU2D. This is a firewall.
> The problem is that I cannot find older ISO of OpenBSD. Can someone
> point me in the right direction?
> 
> Thank you in advance.

Mirror in Australia:

https://mirror.aarnet.edu.au/pub/OpenBSD/

--
Herbert

OT thunderbird oddities

[Peter J. Philipp]

Hi,

This is a off topic but I am a thunderbird user when I don't use mutt.
(using mutt right now, but the thunderbird window is open).  I upgraded my
home network from 7.3 to the latest snapshot in the last two days and I saw 
a that thunderbird did change, but oh it did change in behaviour too!

Last year almost to the day (August 30th, 2022) mozilla changed the code to
parsing the APOP greeting and I'd like to point out how I make use of that.

https://hg.mozilla.org/comm-central/diff/737cf4def8c2298f83504b7e99a2d1b9b6d9c1f5/mailnews/local/src/Pop3Client.jsm

So in the APOP greeting the statusText is allowed any character between 0x0
and 0x7f in this format /<[\x00-\x7F]+@[\x00-\x7F]+>/.  I have modified
my POP3s server now to give out these characters (it did give out base32
before but yesterday I saw disconnects on that for some reason by thunderbird).

This is the greeting that thunderbird for some odd reason disconnected on:

--->
   :  2b 4f 4b 20 3c 72 68 68 61 6d 61 35 39 62 67 6a  +OK .
   0030:  0a  
<---

I thought it was strange, maybe my tls'ized popa3d needed recompiling only?
So here is what I have done for this greeting:

--->
0812/stern$ openssl s_client -connect pop3.delphinusdns.org:995 -quiet|cat -v 
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = pop3.delphinusdns.org
verify return:1
+OK <$CMK^Gu3Z^^^A)j^]^Lf@vch^ZE^P$3g>^M
<---

What's weird is with this recompile and change we say in germany that 
thunderbird is "pudelwohl" (comfy like a poodle dog).  And I don't have any
more disconnects before authentication attempts.

It's not entirely compatible with say fetchmail (the first incarnation with the
base32 was though) but I only use thunderbird for pop3 these days.  And I
kicked my users off at the beginning of the year, so it's good.

I'm still boggled by the base32 trigger behaviour that thunderbird should
not authenticate.  It wasn't always and that hexdump is all I have before I
changed the code.

Best Regards,
-peter

PS: for trivia, what does javascript do when given a 0x0 character?  Does it
use that for terminating strings?  I was thinking of modifying my popa3d server
to do that but it's more trouble than it's worth becuase it passes a lot to
vsnprintf().

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

64 MB machine

[Peter J. Philipp]

Hi,

I modified the amd64 kernel with this:

diff -u -p -u -r1.287 machdep.c
--- machdep.c   23 Aug 2023 01:55:45 -  1.287
+++ machdep.c   27 Aug 2023 17:14:26 -
@@ -1403,7 +1403,7 @@ init_x86_64(paddr_t first_avail)
struct region_descriptor region;
bios_memmap_t *bmp;
int x, ist;
-   uint64_t max_dm_size = ((uint64_t)512 * NUM_L4_SLOT_DIRECT) << 30;
+   uint64_t max_dm_size = 64 * (1024 * 1024);


I then booted a RAMDISK_CD kernel that I compiled.  It worked.  OpenBSD boots
on 64MB RAM according to this right?  It reported 48 MB memory.

I had problems in the boot options setting "machine mem =64M" it didn't take
those options and always booted with the machine's 16GB.

The reason I'm excited is that Milk-V has a new product called the Duo taht
is 64 MB but costs only 9 USD not including the wifi adapter.  I really can
use this for some project that I have been working on on the side.

I'm also excited that the Mango Pi that I sent to an OpenBSD developer is the
same chipset.  So this is really awesome!

Should there be any monkey wrenches in the way?  I want to run OpenBSD for
a Freifunk-like Project on the Duo.

Best Regards,
-peter

PS: I noticed RAMDISK_CD is compressed now.  Good job!  Is anyone writing the
zlib parts for rdsetroot?

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

heck of a long time

[Peter J. Philipp]

Hi,

If this is a sensitive topic I apologize ahead of time.

I'm wondering... can we have a change in the OpenBSD front page (to say):

"Only two remote holes in the default install, in more than 26 years!"

I reason this with peter-math(tm)**

1. We switched to "heck of a long time" 14 years ago for the 4.5 Release.
2. We switched to "Only one remote hole.. in more than 10 years" on Sept. 26,
2006, which was 16 years ago.
(https://cvsweb.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.533=1.534=h)

So by that reasoning.  16 years + more than 10 years == > 26 years.  Another
thing that could be done is to wait a year and say "No hole in the default 
install, in more than 15 years", (see [1])  This looks very good and may be 
worth waiting for.


Best Regards,
-peter


** prone to flaws, self-admittedly.

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: riscv questions

[Peter J. Philipp]

On Thu, Aug 17, 2023 at 06:03:42PM +, Mike Larkin wrote:
> On Sun, Aug 13, 2023 at 06:27:20PM +0200, Peter J. Philipp wrote:
> > Hi,
> >
> > I was wondering two things currently, both having to do with QEMU on 
> > OpenBSD.
> >
> > I noticed in my QEMU that is running OpenBSD that it is supporting the
> > H-extension.  The H is hypervisor.  Does this mean that there is support
> > emulated for hypervisor host and guest in QEMU?  Also is there any efforts 
> > to
> > implement this where I can be an observer?
> 
> I believe they have some support for that.
> 
> There is no hardware currently available that has it though, from what I know.
> There is an FPGA core you can implement on a suitably large dev board though,
> but you'd be a 1-off.
> 
> When you say "implement this", what do you mean?

Oh I didn't know there was no hardware support for this yet.  What I meant
for implementing this was if there is anyone porting vmm to riscv64.  I guess
arm64 needs it too but riscv64 to me is the ultimate :-).

I was wondering Mike, do you offer any more workgroups like the one that
ported riscv64?  I know someone on IRC who lives in the Los Angeles region of
California that might be interested in such a workgroup.  Though he may
not be available until 2024/2025 for something such as this, but the interest
would be there.  I told him an effort to port vmm to riscv64 would be a
worthwhile endeavour, for everyone.  Obviously it depends on hardware support
and someone to guide the group.


> >
> > I saw somewhere that newer QEMU support RV128 cpu emulation.  While this
> > is something for 20 years from now perhaps, I'm still curious if anyone is
> > considering a port to the RV128, or is at least turned on by the thought of 
> > it.
> 
> no
> 
> > Unfortunately I believe the RV128 isn't intended for an 128 bit address 
> > space
> > but has something planned for partitioning it in half so it will be 64 bit
> > space.  With the other 64 bit for something security related.
> >
> > Also I'd like to say that I have my first piece of RV64 hardware for a few
> > weeks now and it can run linux ubuntu.  It's a Mango Pi which is the same
> > form factor as a RPI zero.  I also donated one to a developer so perhaps 
> > we'll
> > see OpenBSD running on it one day.  In half a dozen weeks or so I'm 
> > considering
> > getting my second RV64 computer, which will be somewhat of a visionfive 
> > 2-like
> > SBC for a router.  Not sure which yet, though, let's see who can deliver in
> > October.
> >
> > Next year I'd like to invest into a larger RV64 computer for workstation. As
> > you can see I'm starting to get a bit serious around Risc-V
> 
> get a milk-v pioneer then, it's the biggest you can currently buy.

Interesting.  Thanks!

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

urtwn(4) and IBSS?

[Peter J. Philipp]

Hi,

I saw on NetBSD's manpages that the urtwn(4) driver, which was ported from
OpenBSD,  that their driver has IBSS support.  I checked this out and saw
it was this commit:

http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/dev/usb/if_urtwn.c.diff?r1=1.25=1.26_with_tag=MAIN=h

It came from OpenBSD the revision log for 1.26 says.

Can we have this in OpenBSD, please?  The initial patch doesn't look
bad to me, I can even try to port it back to OpenBSD, as long as I have
assurances that it makes it into -current.

The reason I could use this is that I don't have an access point always on
and doing IBSS between two wifi devices would work for me.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

riscv questions

[Peter J. Philipp]

Hi,

I was wondering two things currently, both having to do with QEMU on OpenBSD.

I noticed in my QEMU that is running OpenBSD that it is supporting the
H-extension.  The H is hypervisor.  Does this mean that there is support
emulated for hypervisor host and guest in QEMU?  Also is there any efforts to
implement this where I can be an observer?

I saw somewhere that newer QEMU support RV128 cpu emulation.  While this
is something for 20 years from now perhaps, I'm still curious if anyone is
considering a port to the RV128, or is at least turned on by the thought of it.
Unfortunately I believe the RV128 isn't intended for an 128 bit address space
but has something planned for partitioning it in half so it will be 64 bit 
space.  With the other 64 bit for something security related.

Also I'd like to say that I have my first piece of RV64 hardware for a few
weeks now and it can run linux ubuntu.  It's a Mango Pi which is the same
form factor as a RPI zero.  I also donated one to a developer so perhaps we'll
see OpenBSD running on it one day.  In half a dozen weeks or so I'm considering
getting my second RV64 computer, which will be somewhat of a visionfive 2-like
SBC for a router.  Not sure which yet, though, let's see who can deliver in 
October.

Next year I'd like to invest into a larger RV64 computer for workstation. As 
you can see I'm starting to get a bit serious around Risc-V

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

non-amd64 vps's in europe?

[Peter J. Philipp]

Hi,

I'm asking for a friend in spain.  He would like to know if there is any
openbsd vps providers in europe that provide non-amd64 vps's such as 
hetzner's arm64 instance.

He doesn't want to deal with hetzner because of their tight control checks
regarding id cards and stuff.  Is there anything else out there that works
with OpenBSD?  He does not want amazon either.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Feedback on redesigned OpenBSD.org

[j]

When I first saw it there was this "aha" feeling that it was a big 
improvement.  Good stuff!


Then I read a few of the comments and looked at the pages with a bit 
more of a critical eye.  So here are some comments and suggestions:


- font size is too small; but so is the original.  Lato at 14px is 
similar to Times Roman at 16px in words per line but it's still too 
small.  (Chrome on windows, 100% zoom).Try 14.5px and letterspacing 
0.1px and see if this is better for you.


- the black box OpenBSD in top left of the index.html or part of the 
headers of other pages is not pretty.  Think about perhaps changing to 
light gray, or a link colour.  (Too bad there is no colour branding or 
other trademark colours otherwise a light blue would work.)


- the h2 header font is a bit too compressed, a little more whitespace 
between glyphs would look less anxious.  Noticed while looking at FAQ 
pages.


Overall the revision looks really good, thanks for the effort.  Hope 
some of this can be committed.



J

Re: Mouse does not work

[Peter J. Philipp]

On Fri, Aug 04, 2023 at 04:24:09PM +0200, Karel Lucas wrote:
> 
> Hi all,
> 
> I have a few computers that I control with the same keyboard, mouse and
> monitor via an electronic switch. Namely a Linux PC and an Apple (macos x),
> but now also a PC with openBSD. Both Linux PC and Apple work fine with the
> switch, only with the PC with openBSD the mouse does not work. No problem
> with the keyboard and monitor. The mouse is of the wireless type, so radio
> controlled. What is the problem here, and what can I do about it?
> 

Hi Karel,

I have a KVM switch too, though not sure if they are similar.  I can control
three computers and a possible fourth if I had it hooked up.  There is USB
inputs for keyboard and mouse and an extra USB port on a hub, as well as
a built in sound card that has an on/off switch.  I also have a selection
button that toggles the PC # I want to switch to.  This is also doable
by pressing shift-lock twice and the number 1 through 4.  This is a USB
intercept and not passed through to the computer which was selected's hardware.

The way I fathom your setup is similar to mine, with an adapter for the
wireless mouse to go into USB?  It is always good to post a dmesg with
any hardware description so I'm gonna ask you for yours, it also doesn't
hurt to give a usbdevs output.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: VisionFive 2

[Peter J. Philipp]

On Thu, Aug 03, 2023 at 03:39:37PM +0200, Mark Kettenis wrote:
> > Date: Tue, 01 Aug 2023 23:11:43 +0200
> > From: Robert Palm 
> > 
> > I own a VF 2 version 1.2a and can successfully install / boot the machine.
> > 
> > The inner network port (dwqe1) works at 100 full duplex and receives  
> > ipv4 via DHCP.
> > 
> > The outer port currently doesn't seem to get an ip, but gets active  
> > and in full-duplex 100.
> 
> There is a reason why the VisonFive 2 isn't listed as supported on
> 
>   https://www.openbsd.org/riscv64.html
> 
> There are stll bugs and...
> 
> > It seems a lot depends on proper .dtb files (which kind users shared
> > with me).
> 
> Yes, and it is a total mess.  The device trees are being changed as
> support for the board is upstreamed in the Linux kernel.  But their
> firmware still provides their hacked up device trees that they use
> with their hacked up vendor kernel.
> 
> > How did you create the .dtb files ?
> 
> They're build from:
> 
>   https://github.com/starfive-tech/linux/tree/JH7110_VisionFive2_upstream
> 
> But that branch keeps getting rebased, and they changed things again,
> so PCIe stopped working.  So I've decided to stick with what I have
> for development and wait until the device tree bindings have been
> accepted by the Linux maintainers.  Meanwhile, if you're running
> -current on one of these, expect your setup to break at some point in
> the future.
> 
> > Do you plan to update them ?
> 
> The plan is to provide usable device tree in ports as soon as there is
> an upstream Linux version that only needs minor patching.
> 
> > They seem to be quite different to the "official" starfive releases  
> > (which don't work for me with OpenBSD).
> 
> As I said, that's just the typical unmaintainable vendor crap.
> 
> > Do you plan more work on the VF2 ?
> 
> I probably consider it done as soon as I finc the remaining dwqe(4)
> bugs have been found and fixed.
> 
> Cheers,
> 
> Mark

Moving this to misc@ as it's not really technical with my words:

Thanks Mark for all the work you've done on the starfive VF2.  I suspect
that the riscv64 SBC board from pine64.org uses the same SoC so these are
probably very compatible.  I spoke to Miguel L. privately and we compared
what our goals were for a visionfive 2-like computer.  I won't say what he
said but my reply to him that my order of preference for this was
"router, build host, network bastion, GUI client.", so your quest to find
bugs with dwqe(4) give me that spark of hope in my eyes.  Perhaps if
networking is good I'll make one like this a router to replace the RPI4b
that I currently use as router.  

Things move so fast it seems just like yesterday when I configured my 
managed switch to do vlan routing with the raspberry pi.  So the 2nd 
ethernet interface on the starfive doesn't interest me all that much as 
long as I can get 600 Mbit/s or more through one port on a riscv64 computer.

One trend I've noticed in my usage of computers in Germany is that the
cost of electricity is high, the computers keep getting smaller and the end
of the days of PC's seem to be close.  My wish is to get a riscv64 workstation
one day and I've signed up to sifive's P550 (something likethat) notification,
when they ship that board.  My biggest computers (An Apple G5 close to 20 y.o.,
and a Xeon 4 core from 2015) are off these days.  They simply suck too much
electricity.  It is cheaper for me to rent a cloud computer from hetzner for
a year, than letting any of these just idle with no load in terms of
electricity costs.  And I've done just that for a new project of mine which
I'm hoping to complete in about four years time.

That said, I do need to sleep my workstation more when I'm not around to use
it.  I could save perhaps 100 EUR just by doing so.  In that regard I'm
very glad for the efforts that go into 'zzz' and perhaps even 'ZZZ'.

Regarding the RISC-V computers I do have my work cut out for them and I do
look forward with you sharing and testing patches on one board that you
agreed to take a look at.  The hardware isn't here yet so it's not on its
way to Netherlands yet.

Also I've moved my QEMU riscv64 instance to a VPS where I have a bit more
resources like faster disk lookup and soon after I move patches from the
old QEMU which ran on the raspberry pi 4b I'm able to retire that old
instance.  I'll be saving money locally by doing so.  Currently I'm
building kernels on it to have .o files premade so that compiling doesn't
take forever :-).

Long mail, I'll stop now I could go on and on, and who's got time? :-).

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Samsung NVMe M.2 SSD 970 EVO Plus fails to attach on VisionFive 2 (JH7110 SoC) board

[Peter J. Philipp]

[tying in misc@ for this resource]

On Fri, Jul 28, 2023 at 03:26:54PM +0200, develo...@robert-palm.de wrote:
> Many thanks! Please, will you commit it so I can test it with the next
> snapshot version ?

I have already contacted Robert (?) privately, here it is publically.

I have exported my QEMU script on github, in case anyone else needs to 
compile RISCV64 kernels and images (without having to wait on snapshots):

https://github.com/pbug44/openbsd-riscv-misc/blob/master/start-rv64.sh

I use this config to compile kernels for riscv64 (on a rpi4b it's slow!).

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Allwinner D1 riscv64 mango pi SBC

[Peter J. Philipp]

Hi all,

Just so we don't lose the warm fuzzy feelings around this.  Diana do you 
want to give me your paypal address so I can transfer the 30 EUR to 
you?  I'm very excited about this, particularily because the mango pi 
comes out of china.


Here is some interesting read I googled the other day: 
https://www.hpcwire.com/2023/07/19/how-china-is-building-an-open-national-chip-plan-around-risc-v/


Risc-v is really taking off!  I do hope that sifive can give us 
something of value, because I heard about this Milk-V computer giving 
Intel/Sifive a run for their products.


https://liliputing.com/milk-v-computers-feature-up-to-64-risc-v-cpu-cores/

That said I'm hoping on invest in another risc-v computer by next year.  
Support for it will probably lack and I'll run linux on it for a while 
perhaps.


Best Regards,

-peter

On 7/19/23 03:40, deich...@placebonol.com wrote:
I'm going to reach out to a few folks who I see are doing riscv64 
specific development.  I realize they might not want to take on yet 
another h/w design.


g.day


On July 18, 2023 3:14:18 PM MDT, Mike Larkin  wrote:

On Tue, Jul 18, 2023 at 02:02:45PM -0600, deich...@placebonol.com
wrote:

Hi Mike I've volunteered to coordinate a purchase of Mango Pi
to get them into OpenBSD developers working on riscv64
platform. It has been awhile but I used to facilitate getting
h/w into OpenBSD developers hands on a semi-regular basis. diana 


Great. I don't know who would be interested, so I'd wait to let
them speak up before ordering anything. -ml

On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"
 wrote:

On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:

On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J.
Philipp wrote:

Hi *, I'm back for the moment. I was wondering who
has a Allwinner D1 riscv64 SBC? This is the Mango
Pi SBC. I have one which has linux on it currently
but I'm trying to boot OpenBSD on it. But I'm
fairly lazy and haven't done much with this
lately. I can get to the riscv64 loader but when
it loads the kernel, it goes blind. So there is
more than just getting the GPIO pins configured
which I think I have been able to adjust. I use a
QEMU-based riscv64 emulation to compile kernels
which is slow but this SBC isn't much faster
either (1000 Mhz it claims). I use this u-boot
directive to get into the boot loader: setenv
bootobsd 'load mmc 0:1 0x4FA0

/boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb
; load mmc 0:f 0x4008
/EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008
0x4FA0' followed by a: run bootobsd I am
unsure how to save this though in the u-boot
itself. Any hints would be appreciated. I think we
need a specific riscv mailing list for this sort
of stuff perhaps it's too technical for misc.
Regarding to the nostradamus stuff of someone from
chicago (Re: A couple of Questions) , check out
"1st wave" and "cade foster" on youtube (reruns),
this will feed you more ideas. my personal opinion
is that time travel of information is possible,
contributing to major headaches when events get
changed (for the prometheus seers). Back to
"reality" I'm looking for a group of people to
help getting the mango pi working. I'm hampered by
pride to ask knowledged people and these people
have their own directions and I don't want to
bother their efforts. The more we are the more we
could possibly get something done. 


The best way to get that done is to get hardware in
the hands of developer(s). Wishing on misc@ is likely
not going to get anyone interested. Check the commit
logs for people working in this area, reach out to
them, and see if they are interested in helping. -ml 


Hi Mike, Thanks. This will take a bit, I'm in talks to get
a new job soon, which will put extra money in my pocket.
Then I may be able to get a handful of these perhaps. Do
you still keep tabs on Shivam, Mars, Brian, and Wenyan?
Are they still interested in riscv64 after the initial
port with yours and Dales guidance? I think I paid

Re: Allwinner D1 riscv64 mango pi SBC

[Peter J. Philipp]

On Mon, Jul 17, 2023 at 05:18:34PM +0200, Peter J. Philipp wrote:
> On Mon, Jul 17, 2023 at 08:41:56AM -0600, deich...@placebonol.com wrote:
> > Hi Peter
> > 
> > I don't have a lot of spare money lately, last week extensive car repair 
> > and the home air conditioner failed last week, however I can contribute 
> > funds for quantity 1 and maybe 2 Mango Pi.  Perhaps some one else can help 
> > too.
> > 
> > diana
> 
> OK you got me Diana, I'll pledge 60 EUR, I have some reserves.  That should
> be enough for 2 Mango Pi's.  So we have 3-4 Mango Pi's.  Anyone else willing
> to put in some money?  I don't know how to go about this best, should I
> pay my pledge to openbsdfoundation with the explicit request that this should
> go toward these?  Or how would we escrow this?  Does OpenBSD have the means
> of ordering from AliExpress?

Alright 60 EUR paid to the OpenBSD foundation.  Bob Beck or Ken Westerback 
can confirm this perhaps.  It didn't allow a comment to indicate that this is
for Mango Pi's specifically so I'm hoping the OpenBSD organisation can work 
it out.

Best Regards,
-peter

> I still have an outstanding pledge to OpenBSD of 5 EUR, which I'll pay when
> or if OpenBSD 7.4 gets ED448 support.  I'm really hoping it will go in before
> the release so that I can adjust my software accordingly for this year (my
> release is in November/December).
> 
> Best Regards,
> -peter
> 
> > On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"  
> > wrote:
> > >On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
> > >> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
> > >> > Hi *,
> > >> >
> > >> > I'm back for the moment.  I was wondering who has a Allwinner D1 
> > >> > riscv64 SBC?
> > >> > This is the Mango Pi SBC.
> > >> >
> > >> > I have one which has linux on it currently but I'm trying to boot 
> > >> > OpenBSD on
> > >> > it.  But I'm fairly lazy and haven't done much with this lately.  I 
> > >> > can get
> > >> > to the riscv64 loader but when it loads the kernel, it goes blind.  So 
> > >> > there
> > >> > is more than just getting the GPIO pins configured which I think I 
> > >> > have been
> > >> > able to adjust.
> > >> >
> > >> > I use a QEMU-based riscv64 emulation to compile kernels which is slow 
> > >> > but this
> > >> > SBC isn't much faster either (1000 Mhz it claims).
> > >> >
> > >> > I use this u-boot directive to get into the boot loader:
> > >> >
> > >> > setenv bootobsd 'load mmc 0:1 0x4FA0 
> > >> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb 
> > >> > ;  load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 
> > >> > 0x4008 0x4FA0'
> > >> >
> > >> > followed by a:
> > >> >
> > >> > run bootobsd
> > >> >
> > >> > I am unsure how to save this though in the u-boot itself.  Any hints 
> > >> > would be
> > >> > appreciated.
> > >> >
> > >> > I think we need a specific riscv mailing list for this sort of stuff 
> > >> > perhaps
> > >> > it's too technical for misc.  Regarding to the nostradamus stuff of 
> > >> > someone
> > >> > from chicago (Re: A couple of Questions) , check out "1st wave" and
> > >> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
> > >> > personal
> > >> > opinion is that time travel of information is possible, contributing 
> > >> > to major
> > >> > headaches when events get changed (for the prometheus seers).
> > >> >
> > >> > Back to "reality" I'm looking for a group of people to help getting 
> > >> > the mango
> > >> > pi working.  I'm hampered by pride to ask knowledged people and these 
> > >> > people
> > >> > have their own directions and I don't want to bother their efforts.  
> > >> > The more
> > >> > we are the more we could possibly get something done.
> > >> >
> > >> 
> > >> The best way to get that done is to get hardware in the hands of 
> > >> developer(s).
> > >> Wishing on misc@ is likely not going to get anyone interested. Check the 
> > >> commit
> > >> logs for people working in this area, reach out to them, and see if they 
> > >> are
> > >> interested in helping.
> > >> 
> > >> -ml
> > >
> > >Hi Mike,
> > >
> > >Thanks.  This will take a bit, I'm in talks to get a new job soon, which 
> > >will 
> > >put extra money in my pocket.  Then I may be able to get a handful of these
> > >perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are 
> > >they
> > >still interested in riscv64 after the initial port with yours and Dales
> > >guidance?  I think I paid something like 30 EUR for a Mango Pi from 
> > >AliExpress
> > >buying 4 would work but I can only do this when I have secured the job.
> > >
> > >Best Regards,
> > >-peter
> > >
> > >-- 
> > >Over thirty years experience on Unix-like Operating Systems starting with 
> > >QNX.
> > >
> 
> -- 
> Over thirty years experience on Unix-like Operating Systems starting with QNX.
> 

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Allwinner D1 riscv64 mango pi SBC

[Peter J. Philipp]

On Mon, Jul 17, 2023 at 08:41:56AM -0600, deich...@placebonol.com wrote:
> Hi Peter
> 
> I don't have a lot of spare money lately, last week extensive car repair and 
> the home air conditioner failed last week, however I can contribute funds for 
> quantity 1 and maybe 2 Mango Pi.  Perhaps some one else can help too.
> 
> diana

OK you got me Diana, I'll pledge 60 EUR, I have some reserves.  That should
be enough for 2 Mango Pi's.  So we have 3-4 Mango Pi's.  Anyone else willing
to put in some money?  I don't know how to go about this best, should I
pay my pledge to openbsdfoundation with the explicit request that this should
go toward these?  Or how would we escrow this?  Does OpenBSD have the means
of ordering from AliExpress?

I still have an outstanding pledge to OpenBSD of 5 EUR, which I'll pay when
or if OpenBSD 7.4 gets ED448 support.  I'm really hoping it will go in before
the release so that I can adjust my software accordingly for this year (my
release is in November/December).

Best Regards,
-peter

> On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"  
> wrote:
> >On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
> >> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
> >> > Hi *,
> >> >
> >> > I'm back for the moment.  I was wondering who has a Allwinner D1 riscv64 
> >> > SBC?
> >> > This is the Mango Pi SBC.
> >> >
> >> > I have one which has linux on it currently but I'm trying to boot 
> >> > OpenBSD on
> >> > it.  But I'm fairly lazy and haven't done much with this lately.  I can 
> >> > get
> >> > to the riscv64 loader but when it loads the kernel, it goes blind.  So 
> >> > there
> >> > is more than just getting the GPIO pins configured which I think I have 
> >> > been
> >> > able to adjust.
> >> >
> >> > I use a QEMU-based riscv64 emulation to compile kernels which is slow 
> >> > but this
> >> > SBC isn't much faster either (1000 Mhz it claims).
> >> >
> >> > I use this u-boot directive to get into the boot loader:
> >> >
> >> > setenv bootobsd 'load mmc 0:1 0x4FA0 
> >> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ;  
> >> > load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 
> >> > 0x4008 0x4FA0'
> >> >
> >> > followed by a:
> >> >
> >> > run bootobsd
> >> >
> >> > I am unsure how to save this though in the u-boot itself.  Any hints 
> >> > would be
> >> > appreciated.
> >> >
> >> > I think we need a specific riscv mailing list for this sort of stuff 
> >> > perhaps
> >> > it's too technical for misc.  Regarding to the nostradamus stuff of 
> >> > someone
> >> > from chicago (Re: A couple of Questions) , check out "1st wave" and
> >> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
> >> > personal
> >> > opinion is that time travel of information is possible, contributing to 
> >> > major
> >> > headaches when events get changed (for the prometheus seers).
> >> >
> >> > Back to "reality" I'm looking for a group of people to help getting the 
> >> > mango
> >> > pi working.  I'm hampered by pride to ask knowledged people and these 
> >> > people
> >> > have their own directions and I don't want to bother their efforts.  The 
> >> > more
> >> > we are the more we could possibly get something done.
> >> >
> >> 
> >> The best way to get that done is to get hardware in the hands of 
> >> developer(s).
> >> Wishing on misc@ is likely not going to get anyone interested. Check the 
> >> commit
> >> logs for people working in this area, reach out to them, and see if they 
> >> are
> >> interested in helping.
> >> 
> >> -ml
> >
> >Hi Mike,
> >
> >Thanks.  This will take a bit, I'm in talks to get a new job soon, which 
> >will 
> >put extra money in my pocket.  Then I may be able to get a handful of these
> >perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are 
> >they
> >still interested in riscv64 after the initial port with yours and Dales
> >guidance?  I think I paid something like 30 EUR for a Mango Pi from 
> >AliExpress
> >buying 4 would work but I can only do this when I have secured the job.
> >
> >Best Regards,
> >-peter
> >
> >-- 
> >Over thirty years experience on Unix-like Operating Systems starting with 
> >QNX.
> >

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Allwinner D1 riscv64 mango pi SBC

[Peter J. Philipp]

On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
> > Hi *,
> >
> > I'm back for the moment.  I was wondering who has a Allwinner D1 riscv64 
> > SBC?
> > This is the Mango Pi SBC.
> >
> > I have one which has linux on it currently but I'm trying to boot OpenBSD on
> > it.  But I'm fairly lazy and haven't done much with this lately.  I can get
> > to the riscv64 loader but when it loads the kernel, it goes blind.  So there
> > is more than just getting the GPIO pins configured which I think I have been
> > able to adjust.
> >
> > I use a QEMU-based riscv64 emulation to compile kernels which is slow but 
> > this
> > SBC isn't much faster either (1000 Mhz it claims).
> >
> > I use this u-boot directive to get into the boot loader:
> >
> > setenv bootobsd 'load mmc 0:1 0x4FA0 
> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ;  
> > load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008 
> > 0x4FA0'
> >
> > followed by a:
> >
> > run bootobsd
> >
> > I am unsure how to save this though in the u-boot itself.  Any hints would 
> > be
> > appreciated.
> >
> > I think we need a specific riscv mailing list for this sort of stuff perhaps
> > it's too technical for misc.  Regarding to the nostradamus stuff of someone
> > from chicago (Re: A couple of Questions) , check out "1st wave" and
> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
> > personal
> > opinion is that time travel of information is possible, contributing to 
> > major
> > headaches when events get changed (for the prometheus seers).
> >
> > Back to "reality" I'm looking for a group of people to help getting the 
> > mango
> > pi working.  I'm hampered by pride to ask knowledged people and these people
> > have their own directions and I don't want to bother their efforts.  The 
> > more
> > we are the more we could possibly get something done.
> >
> 
> The best way to get that done is to get hardware in the hands of developer(s).
> Wishing on misc@ is likely not going to get anyone interested. Check the 
> commit
> logs for people working in this area, reach out to them, and see if they are
> interested in helping.
> 
> -ml

Hi Mike,

Thanks.  This will take a bit, I'm in talks to get a new job soon, which will 
put extra money in my pocket.  Then I may be able to get a handful of these
perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are they
still interested in riscv64 after the initial port with yours and Dales
guidance?  I think I paid something like 30 EUR for a Mango Pi from AliExpress
buying 4 would work but I can only do this when I have secured the job.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Cologne/Bonn BSD user group?

[Peter J. Philipp]

On Fri, Jul 07, 2023 at 12:35:54PM +, Marco van Hulten wrote:
> Hello,
> 
> Is anyone interested helping setting up a user group in or around Bonn?
> 
> Marco, Bonn (Germany)

Hello Marco,

I'm not in the Bonn region unfortunately.  I'm looking for an OpenBSD or BSD
group near Schweinfurt, Bayern region.

Schweinfurt is no Bonn, we are a larger smaller town in comparison.

Best Regards,
-peter

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Allwinner D1 riscv64 mango pi SBC

[Peter J. Philipp]

Hi *, 

I'm back for the moment.  I was wondering who has a Allwinner D1 riscv64 SBC?
This is the Mango Pi SBC.

I have one which has linux on it currently but I'm trying to boot OpenBSD on
it.  But I'm fairly lazy and haven't done much with this lately.  I can get
to the riscv64 loader but when it loads the kernel, it goes blind.  So there
is more than just getting the GPIO pins configured which I think I have been
able to adjust.

I use a QEMU-based riscv64 emulation to compile kernels which is slow but this
SBC isn't much faster either (1000 Mhz it claims).

I use this u-boot directive to get into the boot loader:

setenv bootobsd 'load mmc 0:1 0x4FA0 
/boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ;  load 
mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008 
0x4FA0'

followed by a:

run bootobsd

I am unsure how to save this though in the u-boot itself.  Any hints would be
appreciated.

I think we need a specific riscv mailing list for this sort of stuff perhaps
it's too technical for misc.  Regarding to the nostradamus stuff of someone
from chicago (Re: A couple of Questions) , check out "1st wave" and 
"cade foster" on youtube (reruns), this will feed you more ideas.  my personal
opinion is that time travel of information is possible, contributing to major
headaches when events get changed (for the prometheus seers).

Back to "reality" I'm looking for a group of people to help getting the mango
pi working.  I'm hampered by pride to ask knowledged people and these people
have their own directions and I don't want to bother their efforts.  The more
we are the more we could possibly get something done.

Best Regards,
-peter

PS:  I'm looking at employment shortly as a stockboy internship.

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.

Re: Restart of syslogd every three hours ?

[J Doe]

On 2023-07-05 05:12, Stuart Henderson wrote:


On 2023-07-04, J Doe  wrote:

Hi,

I have a question about an OpenBSD 7.3 host that has syspatches up to
today (July 4, 2023).

I noticed in: /var/log/messages that the: syslogd process is restarting
every three hours:

  /var/log/messages

  Jun 18 11:00:01 server syslogd[83783]: restart
  Jun 18 14:00:01 server syslogd[83783]: restart
  . . .

I checked: man syslogd and looked at the cron tabs on the system and
there doesn't appear to be anything related to the restarts.


newsyslog signals syslogd with a HUP when rotating logs.



Hi Ricky and Stuart,

Thank you for your replies.  Ok, this definitely gives me some clues to 
work with.


- J

Re: ntpd and ppm

[J Doe]

On 2023-07-04 17:27, Martin Schröder wrote:


Am Di., 4. Juli 2023 um 23:20 Uhr schrieb J Doe :

I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq
mentions the same unit - "ppm" - it doesn't explain what that means.

What does "ppm" stand for ?


microseconds per second.


Hi Martin,

Ah, I see!  From Google there was a link that referenced PPM with a 
different: ntpd implementation and it mentioned "Parts Per Million", but 
I was confused by that as I have only heard of Parts Per Million with 
pollution / chemistry ... but microseconds per second makes sense.


Thanks!

-J


Links
=

[1] 
https://support.hpe.com/hpesc/public/docDisplay?cc=at=emr_na-c01534439=de-at

ntpd and ppm

[J Doe]

Hi,

I noticed when: ntpd logs time adjustments in: /var/log/daemon it uses a 
unit of "ppm":


Jun 22 23:22:20 server ntpd[45813]: adjusting clock frequency by 
-1.127600 to 0.056400ppm


I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq 
mentions the same unit - "ppm" - it doesn't explain what that means.


What does "ppm" stand for ?

Thanks,

- J

Restart of syslogd every three hours ?

[J Doe]

Hi,

I have a question about an OpenBSD 7.3 host that has syspatches up to 
today (July 4, 2023).


I noticed in: /var/log/messages that the: syslogd process is restarting 
every three hours:


/var/log/messages

Jun 18 11:00:01 server syslogd[83783]: restart
Jun 18 14:00:01 server syslogd[83783]: restart
. . .

I checked: man syslogd and looked at the cron tabs on the system and 
there doesn't appear to be anything related to the restarts.


Is this normal and if so, what is the purpose of the restarts ?

Thanks,

-J

Re: Specifying TLS versions for OpenSMTPD

[J Doe]

On 2023-05-26 18:30, J Doe wrote:


Hi,

I am currently configuring an e-mail server with OpenSMTPD.  While it is 
2023, I am aware of the fact that some remote mail servers will support 
insecure TLS protocols or fall back to plaintext.  Because of that, I 
want to advertise legacy TLS support (TLSv1.0 and up), for port 25 while 
keeping modern TLS versions (TLSv1.2-1.3), for submission.


An excerpt of my current config is:



Hi list, my apologies - I forget to specify versions.

This is with OpenSMTP version 7.0.0 running on OpenBSD 7.3 with 
syspatches up to today (Friday May 26th 2023).


Thanks,

- J

Specifying TLS versions for OpenSMTPD

[J Doe]

Hi,

I am currently configuring an e-mail server with OpenSMTPD.  While it is 
2023, I am aware of the fact that some remote mail servers will support 
insecure TLS protocols or fall back to plaintext.  Because of that, I 
want to advertise legacy TLS support (TLSv1.0 and up), for port 25 while 
keeping modern TLS versions (TLSv1.2-1.3), for submission.


An excerpt of my current config is:

/etc/mail/smtpd.conf
. . .
listen on lo0 port 25  tls pki my.server.com protocols "all"
listen on lo0 port 587 tls-require pki my.server.com protocols 
"secure" auth 


The strings I have used ("all", "secure") come from: man 3 
tls_config_parse_protocols, which is referenced in: man smtpd.conf under 
the "protocols" keyword.


A quick syntax check:

$ doas smtpd -n

... shows no issues.

When I test this via:

openssl s_client -connect 127.0.0.1:25 -starttls smtp -tls1

... I cannot conduct a regular interactive SMTP transaction - the 
connection is established and then drops before I can: EHLO example.com 
and so on.


Am I specifying this correctly ?  I tried enclosing "all" and "secure" 
in double quotes, but testing with: openssl does not seem to work when 
explicitly specifying TLSv1.0, TLSv1.1.  It seems that OpenSMTPD is only 
happy if the connection is TLSv1.2 or TLSv1.3.


Thanks,

-J

Re: OpenBSD support for xattr on file systems other than UFS ?

[J Doe]

On 2023-05-15 18:55, J Doe wrote:


On 2023-05-12, J Doe  wrote:

Hello,

I was configuring Samba on my OpenBSD 7.2 server and wanted to support
iOS/iPad OS and macOS clients.

The documentation for Samba states that the following vfs options are
required to support these clients:

  /etc/samba/smb.conf
  . . .
  vfs = catia fruit streams_xattr

... however, my server is using UFS2 (the default), which I am aware
does not support extended attributes.


OpenBSD doesn't support xattr at all.


Would it be possible to get around that by mounting an ext2 disk image
file on OpenBSD via: vnconfig and: mount and pointing: smb.conf to it ?


No.

You may be able to do something with
https://wiki.samba.org/index.php/Using_the_xattr_tdb_VFS_Module


Hi Stuart,

Thanks for your reply.  Ah, interesting!  I had not spotted that vfs 
module on the Samba site.


It appears to warn against using it in production, but I will be 
providing service to 2-3 clients at the most, so I will give it a try 
and report back on anything interesting I ran into.


Hi Stuart and list,

Just thought I'd post an update about this.  With the following: vfs stanza:

/etc/samba/smb.conf
[global]
vfs objects = catia fruit streams_xattr xattr_tdb

xattr_tdb:file = /var/samba/macosxattr.tdb

... and then the suggested: fruit config statements on the Samba 
wiki[1], I am having a better result.


While the Samba wiki does warn about using: xattr_tdb in production, I 
am servicing between 3-5 clients (iOS and macOS), not all of which are 
at the same time and it appears to be good.


Thanks,

-J

[1] 
https://wiki.samba.org/index.php/Configure_Samba_to_Work_Better_with_Mac_OS_X

Re: OpenBSD support for xattr on file systems other than UFS ?

[J Doe]

On 2023-05-12 03:22, Stuart Henderson wrote:


On 2023-05-12, J Doe  wrote:

Hello,

I was configuring Samba on my OpenBSD 7.2 server and wanted to support
iOS/iPad OS and macOS clients.

The documentation for Samba states that the following vfs options are
required to support these clients:

  /etc/samba/smb.conf
  . . .
  vfs = catia fruit streams_xattr

... however, my server is using UFS2 (the default), which I am aware
does not support extended attributes.


OpenBSD doesn't support xattr at all.


Would it be possible to get around that by mounting an ext2 disk image
file on OpenBSD via: vnconfig and: mount and pointing: smb.conf to it ?


No.

You may be able to do something with
https://wiki.samba.org/index.php/Using_the_xattr_tdb_VFS_Module


Hi Stuart,

Thanks for your reply.  Ah, interesting!  I had not spotted that vfs 
module on the Samba site.


It appears to warn against using it in production, but I will be 
providing service to 2-3 clients at the most, so I will give it a try 
and report back on anything interesting I ran into.


- J