Re: Cheap 2x NIC OpenBSD device

[Sean Murphy]

Check out the Ubiquiti Edgerouter Lite.  Sub $100 (US), three NICs,
and runs OpenBSD.

I've used it as a router, firewall, dhcp server, you name it.  Versatile device.

On Wed, Nov 1, 2017 at 10:27 AM, Alex Waite  wrote:
> I'm deploying a server to a different data center and I don't want to expose
> the IPMI interface of the machine to their semi-trusted management network.
> So, I'm planning on putting a simple OpenBSD device in front of it, logging
> and filtering.
>
> Can someone here recommend a relatively cheap (< ~100 EUR) device that runs
> OpenBSD and has 2 NICs?
>
> ---Alex
>

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[Andy Lowton]

>  Original Message 
> Subject: Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox
> Local Time: November 1, 2017 7:12 PM
> UTC Time: November 1, 2017 7:12 PM
> From: astr...@indiana.edu
> To: techay\@protonmail.com , vincent.de...@gmail.com
> misc@openbsd.org
>
> "tec...@protonmail.com"  writes:
>
>> Do you happen to know what the issue with Firefox is with this website
>> on OpenBSD? I mean my guess is that it has to do with JavaScript in
>> some way but why now? It wasn"t like this on 6.1, so what changed?
>
> Firefox version went from 52 -> 56 in 6.1 -> 6.2.
>
> You might peruse the release notes for those firefox releases.
>
> Allan

I disagree about it it working in 6.1. protonmail hasn't worked for me using 
Firefox since 5.8 or 5.9. At one point the ESR worked but not the main version.

Cheers

Andy

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[tec...@protonmail.com]

I always kept stable with mtier, although I don't know if it updated to full 
releases of FF or security patches only.

My MacOS/Win7/Debian systems have never had an issue with protonmail and new 
Firefox versions so I can be quite confident in saying this seems to effect 
just OpenBSD. In fact tell a lie, noScript add-on broke it recently but that 
was fixed pretty quick.

I did read the pkg-readme for Firefox when I first encountered this 2 weeks 
ago, but it didn't prove fruitful as I tried the 'create a new profile' 
recommendation but never solved the issue. I didn't try the '--safe-mode' as 
the pkg-readme only suggested using that if FF was not opening at all.

Och, who knows. I'm sure the issue will crop up for the maintainers at some 
point when it effects some web service they use so will eventually be rooted 
out I'm sure. In the mean time, suppose I can just use my other systems for 
logging on to email. It's not like OpenBSD is absolutely necessary to get on to 
my email or anything.

Thanks for the help/input, mate.

Regards.

 Original Message 
On Nov 1, 2017, 7:12 PM, Allan Streib wrote:

> "tec...@protonmail.com"  writes:
>
>> Do you happen to know what the issue with Firefox is with this website
>> on OpenBSD? I mean my guess is that it has to do with JavaScript in
>> some way but why now? It wasn't like this on 6.1, so what changed?
>
> Firefox version went from 52 -> 56 in 6.1 -> 6.2.
>
> You might peruse the release notes for those firefox releases.
>
> Allan @protonmail.com>

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[manuelsolis]

Maybe you should try qutebrowser,

it is a great browser, very good for using with kb, and it works on the common 
stuff ( protonmail, gmail, hotmail, youtube, and so)

I don't like to be within the google lens working with chrome, but i neither 
like the way FF has evolved recently (no priv sep, too much ram and so)

Hope you can give a try to qutebrowser, like it and see if it solve your 
problems.

Reggards,

Manuel 

>>  Original Message 
>> Subject: Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox
>> Local Time: November 1, 2017 7:12 PM
>> UTC Time: November 1, 2017 7:12 PM
>> From: astr...@indiana.edu
>> To: techay\@protonmail.com , vincent.de...@gmail.com
>> misc@openbsd.org
>>
>> "tec...@protonmail.com"  writes:
>>
>>> Do you happen to know what the issue with Firefox is with this website
>>> on OpenBSD? I mean my guess is that it has to do with JavaScript in
>>> some way but why now? It wasn"t like this on 6.1, so what changed?
>>
>> Firefox version went from 52 -> 56 in 6.1 -> 6.2.
>>
>> You might peruse the release notes for those firefox releases.
>>
>> Allan
> 
> I disagree about it it working in 6.1. protonmail hasn't worked for me using 
> Firefox since 5.8 or 5.9. At one point the ESR worked but not the main 
> version.
> 
> Cheers
> 
> Andy

Re: Cheap 2x NIC OpenBSD device

[Sean Murphy]

You can install OpenBSD on it.  As noted in the thread by techay Ted
Unangst has a good write up on the unit on his blog.

On Wed, Nov 1, 2017 at 2:50 PM, Peter Faiman  wrote:
> Do you mean it runs OpenBSD by default, or you can install OpenBSD? I have a 
> Ubiquiti UniFi and it runs Linux.
>
> The Edgerouter Lite looks like a cool little piece of hardware, good tip!
>
>> On Nov 1, 2017, at 11:36 AM, Sean Murphy  wrote:
>>
>> Check out the Ubiquiti Edgerouter Lite.  Sub $100 (US), three NICs,
>> and runs OpenBSD.
>>
>> I've used it as a router, firewall, dhcp server, you name it.  Versatile 
>> device.
>>
>> On Wed, Nov 1, 2017 at 10:27 AM, Alex Waite  wrote:
>>> I'm deploying a server to a different data center and I don't want to expose
>>> the IPMI interface of the machine to their semi-trusted management network.
>>> So, I'm planning on putting a simple OpenBSD device in front of it, logging
>>> and filtering.
>>>
>>> Can someone here recommend a relatively cheap (< ~100 EUR) device that runs
>>> OpenBSD and has 2 NICs?
>>>
>>> ---Alex
>>>
>>
>

Re: Cheap 2x NIC OpenBSD device

[Peter Faiman]

Do you mean it runs OpenBSD by default, or you can install OpenBSD? I have a 
Ubiquiti UniFi and it runs Linux.

The Edgerouter Lite looks like a cool little piece of hardware, good tip!

> On Nov 1, 2017, at 11:36 AM, Sean Murphy  wrote:
> 
> Check out the Ubiquiti Edgerouter Lite.  Sub $100 (US), three NICs,
> and runs OpenBSD.
> 
> I've used it as a router, firewall, dhcp server, you name it.  Versatile 
> device.
> 
> On Wed, Nov 1, 2017 at 10:27 AM, Alex Waite  wrote:
>> I'm deploying a server to a different data center and I don't want to expose
>> the IPMI interface of the machine to their semi-trusted management network.
>> So, I'm planning on putting a simple OpenBSD device in front of it, logging
>> and filtering.
>> 
>> Can someone here recommend a relatively cheap (< ~100 EUR) device that runs
>> OpenBSD and has 2 NICs?
>> 
>> ---Alex
>> 
> 

Re: ikectl errors

[Mike Larkin]

On Wed, Nov 01, 2017 at 09:08:08AM +, Andreas Thulin wrote:
> Hi!
> 
> I’m trying to set up iked on machine A, to create a tunnel between machines
> A and B. ikectl produces errors when creating a certificate with my ”test”
> ca, and I have failed to understans why:
> 
> # ikectl ca test certificate 192.168.1.1 create
> Generating RSA private key, 2048 bit long modulus
> ..+++
> ..+++
> e is 65537 (0x10001)
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blankFor some fields
> there will be a default value,
> If you enter '.', the field will be left blank.
> -
> Country Name (2 letter code) [DE]:
> State or Province Name (full name) [Lower Saxony]:
> Locality Name (eg, city) [Hanover]:
> Organization Name (eg, company) [OpenBSD]:
> Organizational Unit Name (eg, section) [iked]:
> Common Name (eg, fully qualified host name) [192.168.1.1]:
> Email Address [r...@openbsd.org]:
> Using configuration from /etc/ssl/test/192.168.1.1-ssl.cnf
> Check that the request matches the signature
> Signature ok
> The Subject's Distinguished Name is as follows
> countryName   :PRINTABLE:'DE'
> stateOrProvinceName   :ASN.1 12:'Lower Saxony'
> localityName  :ASN.1 12:'Hanover'
> organizationName  :ASN.1 12:'OpenBSD'
> organizationalUnitName:ASN.1 12:'iked'
> commonName:ASN.1 12:'192.168.1.1'
> emailAddress  :IA5STRING:'r...@openbsd.org'
> ERROR: adding extensions in section x509v3_IPAddr
> 2226969360:error:22FFF06D:X509 V3 routines:func(4095):invalid null
> value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355:
> 2226969360:error:22FFF069:X509 V3 routines:func(4095):invalid extension
> string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=IP:
> 2226969360:error:22FFF080:X509 V3 routines:func(4095):error in
> extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName,
> value=IP:
> #
> 
> The machine is i386 running 6.2-stable.
> 
> I assume I’m doing something wrong, or have missed something in previous
> steps (I followed the example steps from the ikectl man page). Any tips on
> where to start digging/understanding/learning/fixing would be highly
> appreciated.
> 
> BR, Andreas

Search the archives, there's a diff to fix this from Oct 25 or so, but it
has not been committed yet.

-ml

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[Allan Streib]

"tec...@protonmail.com"  writes:

> Do you happen to know what the issue with Firefox is with this website
> on OpenBSD? I mean my guess is that it has to do with JavaScript in
> some way but why now? It wasn't like this on 6.1, so what changed?

Firefox version went from 52 -> 56 in 6.1 -> 6.2.

You might peruse the release notes for those firefox releases.

Allan

Re: AMD Ryzen 7 1700, Gigabyte AB350-GA, Gigabyte AMD RADEON R5 230

[Mike Larkin]

On Wed, Nov 01, 2017 at 09:52:20AM +0530, Siju George wrote:
> Automatically detects the right resolution.  1440x900  59.90*+
> ( For debian an extra manual step to install nofree drivers is required )
> Sound works for youtube after executing
> # mixerctl outputs.master=256,256
> 
> dmesg for those who are interested
> 

Odd, I'd have expected vmm to attach on this machine. Is virtualization
disabled in your BIOS?

If not, I'll have to see why it's failing.

-ml

> OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 17112383488 (16319MB)
> avail mem = 16586743808 (15818MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xeb3b0 (57 entries)
> bios0: vendor American Megatrends Inc. version "F6" date 04/07/2017
> bios0: Gigabyte Technology Co., Ltd. AB350-Gaming 3
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT SSDT FIDT SSDT SRAT CRAT CDIT SSDT MCFG
> HPET SSDT UEFI IVRS SSDT SSDT
> acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) PTXH(S4) GPP3(S4) GPP4(S4)
> GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4)
> GPPD(S4) GPPE(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD Ryzen 7 1700 Eight-Core Processor, 2994.86 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
> cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu0: TSC frequency 2994864300 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
> cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
> cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
> cpu3: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu3: smt 0, core 3, package 0
> cpu4 at mainbus0: apid 4 (application processor)
> cpu4: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz
> cpu4:
> 

Re: Cheap 2x NIC OpenBSD device

[tec...@protonmail.com]

Interesting, just found this on it:

https://www.tedunangst.com/flak/post/OpenBSD-on-ERL

 Original Message 
On Nov 1, 2017, 6:50 PM, Peter Faiman wrote:

> Do you mean it runs OpenBSD by default, or you can install OpenBSD? I have a 
> Ubiquiti UniFi and it runs Linux.
>
> The Edgerouter Lite looks like a cool little piece of hardware, good tip!
>
>> On Nov 1, 2017, at 11:36 AM, Sean Murphy  wrote:
>>
>> Check out the Ubiquiti Edgerouter Lite. Sub $100 (US), three NICs,
>> and runs OpenBSD.
>>
>> I've used it as a router, firewall, dhcp server, you name it. Versatile 
>> device.
>>
>> On Wed, Nov 1, 2017 at 10:27 AM, Alex Waite  wrote:
>>> I'm deploying a server to a different data center and I don't want to expose
>>> the IPMI interface of the machine to their semi-trusted management network.
>>> So, I'm planning on putting a simple OpenBSD device in front of it, logging
>>> and filtering.
>>>
>>> Can someone here recommend a relatively cheap (< ~100 EUR) device that runs
>>> OpenBSD and has 2 NICs?
>>>
>>> ---Alex
>>>
>>
>
> @waite.eu>@gmail.com>

Re: fw_update signify unsigned package on current and 6.2-stable -SOLVED

[Theodore Wynnychenko]

-Original Message-
From: Theodore Wynnychenko 
Sent: Wednesday, November 01, 2017 8:43 AM
To: misc@openbsd.org
Subject: fw_update signify unsigned package on current and 6.2-stable

Hello:



How do I install the iwm-firmware without a network connection on either
6.2-stable or -current?

Thanks
Ted



I just wanted to say thank you to Nigel Taylor who sent some advice off list.
I don't know how I f...ed up, but the problem was one of my own doing apparently
(somehow, I had downloaded install media and firmware that were out of sync, and
did not realize I had done so).

So, after purging and then re-downloading the correct files, everything "just
worked."

Sorry for the noise.

Re: pkg_info fails for non-installed packages when PKG_CACHE is set to a directory the current user can't write to

[Lari Rasku]

Marc Espie kirjoitti 11/01/17 klo 20:11:

On Wed, Nov 01, 2017 at 11:51:52AM +0100, Marc Espie wrote:

>> Somewhat low priority.
>
> Fairly easy to fix actually, so it's going to be in current, thx

Sweet.


Well, people usually don't define PKG_CACHE manually, but rely
on the ports tree to do it when needed.


Oh, it's a ports tree mechanism?  I only use packages, so I've been 
using it for a fast reinstall/lookup cache in case I come to second 
thoughts about some package:


$ cat /etc/profile
export PKG_CACHE=/var/cache/pkg
export PKG_PATH=$PKG_CACHE:installpath

Though this came back to bite me when I tried upgrading packages 
yesterday, as pkg_add -u naturally quit its search at the cache.  This 
one probably isn't a supported use case...

Release 62 i386 not booting on MacBook Pro 13” mid 2012

[SFM]

Hi everyone ! I posted this a while ago but got absolutely no answers. As a 
couple of weeks have gone by, I was hoping *maybe* someone out there already 
has an explanation or solution to this problem. Thanks in advance !

I had been able to boot and run releases 60 and 61 in exactly the same 
hardware, but the install 62CD did not boot (strangely enough), and neither 
does the OS, which I successfully installed from a USB stick. During the first 
boot, Screen goes blank (backlight on) and freezes right after printing the CPU 
cores to the screen. No dmesg and no keyboard or mouse interaction possible.

Ax0n Reported the same Problem with a snapshot and similar hardware in this 
mailing list, but the thread is already about two months old and it is not  
clear if he managed to solve it or not.

ikectl errors

[Andreas Thulin]

Hi!

I’m trying to set up iked on machine A, to create a tunnel between machines
A and B. ikectl produces errors when creating a certificate with my ”test”
ca, and I have failed to understans why:

# ikectl ca test certificate 192.168.1.1 create
Generating RSA private key, 2048 bit long modulus
..+++
..+++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blankFor some fields
there will be a default value,
If you enter '.', the field will be left blank.
-
Country Name (2 letter code) [DE]:
State or Province Name (full name) [Lower Saxony]:
Locality Name (eg, city) [Hanover]:
Organization Name (eg, company) [OpenBSD]:
Organizational Unit Name (eg, section) [iked]:
Common Name (eg, fully qualified host name) [192.168.1.1]:
Email Address [r...@openbsd.org]:
Using configuration from /etc/ssl/test/192.168.1.1-ssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName   :PRINTABLE:'DE'
stateOrProvinceName   :ASN.1 12:'Lower Saxony'
localityName  :ASN.1 12:'Hanover'
organizationName  :ASN.1 12:'OpenBSD'
organizationalUnitName:ASN.1 12:'iked'
commonName:ASN.1 12:'192.168.1.1'
emailAddress  :IA5STRING:'r...@openbsd.org'
ERROR: adding extensions in section x509v3_IPAddr
2226969360:error:22FFF06D:X509 V3 routines:func(4095):invalid null
value:/usr/src/lib/libcrypto/x509v3/v3_utl.c:355:
2226969360:error:22FFF069:X509 V3 routines:func(4095):invalid extension
string:/usr/src/lib/libcrypto/x509v3/v3_conf.c:143:name=subjectAltName,section=IP:
2226969360:error:22FFF080:X509 V3 routines:func(4095):error in
extension:/usr/src/lib/libcrypto/x509v3/v3_conf.c:96:name=subjectAltName,
value=IP:
#

The machine is i386 running 6.2-stable.

I assume I’m doing something wrong, or have missed something in previous
steps (I followed the example steps from the ikectl man page). Any tips on
where to start digging/understanding/learning/fixing would be highly
appreciated.

BR, Andreas

Re: pkg_info fails for non-installed packages when PKG_CACHE is set to a directory the current user can't write to

[Marc Espie]

On Mon, Oct 30, 2017 at 09:05:53PM +0200, Lari Rasku wrote:
> Oct 27 snapshot, amd64.
> 
> When PKG_CACHE is set:
> 
>   $ cat /etc/profile
>   export PKG_CACHE=/var/cache/pkg
> 
> To a directory the current user lacks write access to:
> 
>   $ touch /var/cache/pkg/somefile
>   touch: /var/cache/pkg/somefile: Permission denied
> 
> Trying to call pkg_info on an uninstalled package fails:
> 
>   $ pkg_info -e lumina-1.3.0pl1p2; echo $?
>   1
>   $ pkg_info lumina-1.3.0pl1p2
>   Fatal error: bad PKG_CACHE directory /var/cache/pkg
>at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 669.
> 
> This is surprising, because I didn't expect pkg_info to write anything but
> temporary files; PKG_CACHE is not documented on pkg_info(1).  The program
> doesn't apparently even intend to cache anything, as when I temporarily set
> PKG_CACHE to something writable:

Fun one. Well, people usually don't define PKG_CACHE manually, but rely
on the ports tree to do it when needed.

Tweaking the full chain to only handle it with pkg_add would be feasible.

Somewhat low priority.

Bad network performance on apu2c4

[Christer Solskogen]

Hi!

I have a APU2C4 running OpenBSD-current (or.. .pretty current, from 27th of
October) - and according to iperf I'm not getting the speed that I was
expecting.

Between the APU and the other machines I have I get: 465 Mbits/sec - While
between two other machines, connected to the same switch I get 939
Mbits/sec. So I'm pretty sure that APU is to blame.

ifconfig:
em0: flags=8b43
mtu 1500
lladdr 00:0d:b9:41:6f:c8
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.0.2 netmask 0xff00 broadcast 192.168.0.255

I've tried different MTU sizes as well, but it does not seem to have any
effect.

Re: Bad network performance on apu2c4

[Christer Solskogen]

On Wed, Nov 1, 2017 at 10:35 AM, Dimitris Papastamos  wrote:

> On Wed, Nov 01, 2017 at 09:14:03AM +0100, Christer Solskogen wrote:
> > Hi!
> >
> > I have a APU2C4 running OpenBSD-current (or.. .pretty current, from 27th
> of
> > October) - and according to iperf I'm not getting the speed that I was
> > expecting.
> >
> > Between the APU and the other machines I have I get: 465 Mbits/sec -
> While
> > between two other machines, connected to the same switch I get 939
> > Mbits/sec. So I'm pretty sure that APU is to blame.
>
> Do you use the APU as a router?  If so you shouldn't run iperf on the
> APU.  Run iperf/tcpbench between two machines connected on different
> interfaces on the APU.
>
>
Yes, I do use it as a router normally, but these number are when it is not.

-- 
chs

Re: Bad network performance on apu2c4

[Dimitris Papastamos]

On Wed, Nov 01, 2017 at 09:14:03AM +0100, Christer Solskogen wrote:
> Hi!
> 
> I have a APU2C4 running OpenBSD-current (or.. .pretty current, from 27th of
> October) - and according to iperf I'm not getting the speed that I was
> expecting.
> 
> Between the APU and the other machines I have I get: 465 Mbits/sec - While
> between two other machines, connected to the same switch I get 939
> Mbits/sec. So I'm pretty sure that APU is to blame.

Do you use the APU as a router?  If so you shouldn't run iperf on the
APU.  Run iperf/tcpbench between two machines connected on different
interfaces on the APU.

see rfc2544 for more details

Re: Traffic Filtering

[10ejcpdjsc0]

OP here. I was reading more about it and you can
actually (mostly) block entire companies such as
ads networks, Google, Facebook, Akamai, Yahoo,
etc, using their AS number.
For example, use this tool to find the corporation:
https://www.ultratools.com/tools/asnInfo

Then get their IP list (substitute the "asn=x"
for the actual number):
https://www.enjen.net/asn-blocklist/index.php?asn=x=iplist=1

Use the IP list on pf(4) to drop everything.

You can also block entire countries using RIR:
http://lite.ip2location.com/database-ip-country
http://dev.maxmind.com/geoip/geoip2/geolite2/
http://www.ipdeny.com/ipblocks/data/countries/

Countries like China and Russia usually have a
bad log on attacks, tracking, ads, etc.

For Unbound, I've found these:
https://github.com/firehol/blocklist-ipsets/
https://github.com/StevenBlack/hosts/

--

P.S: Here's a list of ASN's you could want to block:

AS6432  - GOOGLE-FIBER - Google Fiber Inc., US
AS22577 - ADMOB-US - Google Inc., US
AS15169 - GOOGLE - Google Inc., US
AS36384 - GOOGLE-IT - Google Incorporated, US
AS36040 - YOUTUBE - Google Inc., US
AS36492 - GOOGLEWIFI - Google, Inc., US
AS41264 - GOOGLE-IT-RO-ISP, CH
AS45566 - GOOGLE-CORP-APAC-AS-AP AS number for Google Corporate Network 
in APAC, IN


AS32934 - FACEBOOK - Facebook, Inc., US
AS23455 - AKAMAI-AS - Akamai Technologies, Inc., US
AS21342 - AKAMAI-ASN2, EU
AS16702 - AKAMAI-AS - Akamai Technologies, Inc., US
AS22207 - AKAMAI-AS - Akamai Technologies, Inc., US
AS31377 - AKAMAI-BOS, US
AS23903 - AKAMAI-AS-BANGLORE Akamai Banglore Office ASN, IN
AS21399 - AKAMAI3, US
AS20189 - AKAMAI-AS - Akamai Technologies, Inc., US
AS33905 - AKAMAI-AMS, EU
AS43639 - AKAMAI-AMS2, NL
AS31109 - AKAMAI-LA, EU
AS31110 - AKAMAI-SJC, EU
AS34850 - AKAMAI-MUC, IR
AS1 - AKAMAI - Akamai Technologies, Inc., US
AS18680 - AKAMAI-AS - Akamai Technologies, Inc., US
AS35204 - AKAMAI-DUB, EU
AS39836 - AKAMAI-FRA, DE
AS35994 - AKAMAI-AS - Akamai Technologies, Inc., US
AS24319 - AKAMAI-TYO-AP Akamai Technologies Tokyo ASN, SG
AS23454 - AKAMAI-AS - Akamai Technologies, Inc., US
AS31108 - AKAMAI-VA, EU
AS34164 - AKAMAI-LON, GB
AS20940 - AKAMAI-ASN1, US
AS18717 - AKAMAI-AS - Akamai Technologies, Inc., US
AS35993 - AKAMAI-AS - Akamai Technologies, Inc., US

AS6182 - MICROSOFT-CORP-MSN-AS-4 - Microsoft Corporation, US
AS3598 - MICROSOFT-CORP-AS - Microsoft Corporation, US
AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
AS8072 - MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
AS8069 - MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
AS8068 - MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US
AS13811 - MSLI - Microsoft Corporation, US
AS20046 - MICROSOFT-BOS - Microsoft Corporation, US
AS26222 - MS-DANGER - Microsoft Corporation, US
AS23468 - MICROSOFT-CORP-XBOX-ONLINE - Microsoft Corporation, US

AS7233 - YAHOO-US - Yahoo, US
AS5779 - YAHOO-DNB - Yahoo! Broadcast Services, Inc., US
AS7280 - YAHOO-FC - Yahoo! Inc., US
AS4694 - IDC Yahoo Japan Corporation, JP
AS2521 - IDC2521 Yahoo Japan Corporation, JP
AS2554 - IDC2554 Yahoo Japan Corporation, JP
AS7488 - IDC7488 Yahoo Japan Corporation, JP
AS55417 - YAHOO-SGA YAHOO! SGA, TW
AS40986 - YAHOO1-AS from AS28730 accept ANY, GB
AS22565 - YAHOO-NUQ - Yahoo, US
AS55517 - YAHOO-HKA YAHOO! HKA, HK
AS36752 - YAHOO-SP1 - Yahoo, US
AS36646 - YAHOO-NE1 - Yahoo, US
AS10310 - YAHOO-1 - Yahoo!, US
AS23816 - YAHOO Yahoo Japan Corporation, JP
AS34082 - YAHOO-AMA, GB
AS26101 - YAHOO-3 - Yahoo!, US
AS45915 - YAHOO-CORP-BWS-AS Yahoo! India Pvt Ltd., IN
AS45502 - YAHOO-CORP-MUMBAI-AP Yahoo Corp Network, KR
AS38689 - YHKR3-AS-KR KR3 Service Co,.Ltd., KR
AS24236 - YAHOO-BANGALORE-AS-AP Yahoo Bangalore Network Monitoring 
Center, HK

AS34010 - YAHOO-IRD, GB
AS36088 - YAHOO-BCST-AC2 - Yahoo, US
AS45863 - YAHOO-CORP-NDI-AS Yahoo! India Pvt Ltd., IN
AS17110 - YAHOO-US2 - Yahoo, US
AS10880 - YAHOO-AN2 - Yahoo, US
AS36129 - YAHOO-MAVEN - Yahoo, US
AS24376 - YAHOO-CN2-AP Yahoo China Datacenter, CN
AS14678 - YAHOO-HILLSBORO - Yahoo, US
AS10157 - YAHOO-AS-KR Yahoo! Korea, Corp., KR
AS55416 - YAHOO-KRA YAHOO! KRA, KR
AS24018 - YAHOO-BACKBONE-AP Yahoo Backbone Network, Asia Pacific, HK
AS36229 - YAHOO-YSM-SC8 - Yahoo! Inc., US
AS45501 - YAHOO-CORP-SG-AS-AP Yahoo Corp Network, SG
AS38072 - YAHOO-IN2-AS Yahoo! Web Services India Pvt Ltd., IN
AS55418 - YAHOO-ID1 YAHOO! ID1, SG
AS15635 - YAHOO-UKL, GB
AS43428 - YAHOO-ULS, GB
AS42173 - YAHOO-SWITZERLAND, CH
AS36647 - YAHOO-GQ1 - Yahoo, US
AS15896 - YAHOO-DEA, DE
AS24572 - YAHOO-JP-AS-AP Yahoo Japan, JP
AS24506 - YAHOO-TP2 YAHOO! TAIWAN, TW
AS26085 - YAHOO-2 - Yahoo!, US
AS14196 - YAHOO-CHA - Yahoo, US
AS23926 - YAHOO-JP3-AP JP DC, JP

Re: Xen based VPS / OpenBSD 6.2 / OpenVPN 2.4.4 => Slow download speed after upgrade

[Berry Wendermouth]

Hi again.   



   




   
After fiddling with pf and trying to statistically determine the cause  



  
of the problem I did another search on the net and found this thread
[1].



Here the author suggests:   



   




   
"when this slow problem occurs, you must disable the checksum on the



   
physical and virtual cards and restart the xenserver."  



   




   
Does anyone know what exactly is meant by that?



 




   
I then searched in the CVS log of xnf development [2] and found this



   
statement:  



   




   
"Emulated em(4) or re(4) drivers will   



   
take over if xnf(4) driver is disabled or not compiled in." 

The disconnected AC adapter affects Java application launch speed. (SqlDeveloper from Oracle)

[dmitry.sensei]

Hi!

Very slow start of the Java application (sqldeveloper) with the AC adapter
disconnected. When the adapter is paired - the speed is quite acceptable

Laptop HP Probook 6470b

OpenBSD 6.2 stable

is this a known strangeness? is there a workaround for the problem? where
and how to look / check to see for yourself, if nothing will help

-- 
Dmitry Orlov

Current #189 Nov 1 panic ONLY at first boot.

[Christoph R. Murauer]

Hello !

I think I miss some informations for a bug report so, I post here.

I did a upgrade from a snapshot (which was a clean install 2 or 3 days
ago) and also a clean install of this snapshot (booth with
install62.fs instead of bsd.rd). The result was in booth cases a panic
and I ended in ddb. But this happened only at the first boot - not on
following boots.

I have at boot time no internet connection as the script tries to
download the firmware. The bug happened also only with that snapshot
and with none before (there I had also no internet connection).

ddb trace and ddb boot reboot messages (with ps) as pictures are here

http://www.nawi.is/images/trace.jpg
http://www.nawi.is/images/boot.jpg

Thanks for answers.

Re: Current #189 Nov 1 panic ONLY at first boot.

[Martin Pieuchot]

Hello,

On 01/11/17(Wed) 13:38, Christoph R. Murauer wrote:
> I think I miss some informations for a bug report so, I post here.
> 
> I did a upgrade from a snapshot (which was a clean install 2 or 3 days
> ago) and also a clean install of this snapshot (booth with
> install62.fs instead of bsd.rd). The result was in booth cases a panic
> and I ended in ddb. But this happened only at the first boot - not on
> following boots.
> 
> I have at boot time no internet connection as the script tries to
> download the firmware. The bug happened also only with that snapshot
> and with none before (there I had also no internet connection).
> 
> ddb trace and ddb boot reboot messages (with ps) as pictures are here
> 
> http://www.nawi.is/images/trace.jpg
> http://www.nawi.is/images/boot.jpg

This has been fixed already, please updated from source or wait for the
next snapshot.

Re: Current #189 Nov 1 panic ONLY at first boot.

[Christoph R. Murauer]

Thanks for your fast answer.
I wait for the next snapshot.

> Hello,
>
> On 01/11/17(Wed) 13:38, Christoph R. Murauer wrote:
>> I think I miss some informations for a bug report so, I post here.
>>
>> I did a upgrade from a snapshot (which was a clean install 2 or 3
>> days
>> ago) and also a clean install of this snapshot (booth with
>> install62.fs instead of bsd.rd). The result was in booth cases a
>> panic
>> and I ended in ddb. But this happened only at the first boot - not
>> on
>> following boots.
>>
>> I have at boot time no internet connection as the script tries to
>> download the firmware. The bug happened also only with that snapshot
>> and with none before (there I had also no internet connection).
>>
>> ddb trace and ddb boot reboot messages (with ps) as pictures are
>> here
>>
>> http://www.nawi.is/images/trace.jpg
>> http://www.nawi.is/images/boot.jpg
>
> This has been fixed already, please updated from source or wait for
> the
> next snapshot.
>
>

Re: The disconnected AC adapter affects Java application launch speed. (SqlDeveloper from Oracle)

[Jay Williams]

Do you have apm enabled with the "-A" flag to enable automatic performance 
adjustment mode?

You can run $ apm to see what it says.

-- 
Jay Williams

> On Nov 1, 2017, at 7:05 AM, dmitry.sensei  wrote:
> 
> Hi!
> 
> Very slow start of the Java application (sqldeveloper) with the AC adapter
> disconnected. When the adapter is paired - the speed is quite acceptable
> 
> Laptop HP Probook 6470b
> 
> OpenBSD 6.2 stable
> 
> is this a known strangeness? is there a workaround for the problem? where
> and how to look / check to see for yourself, if nothing will help
> 
> -- 
> Dmitry Orlov

Re: The disconnected AC adapter affects Java application launch speed. (SqlDeveloper from Oracle)

[sven falempin]

On Wed, Nov 1, 2017 at 8:05 AM, dmitry.sensei  wrote:
> Hi!
>
> Very slow start of the Java application (sqldeveloper) with the AC adapter
> disconnected. When the adapter is paired - the speed is quite acceptable
>
> Laptop HP Probook 6470b
>
> OpenBSD 6.2 stable
>
> is this a known strangeness? is there a workaround for the problem? where
> and how to look / check to see for yourself, if nothing will help
>
> --
> Dmitry Orlov


News flash:
computer tries to save power on battery
devs are baffled

o/

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

fw_update signify unsigned package on current and 6.2-stable

[Theodore Wynnychenko]

Hello:

A couple of month ago, I decided to take the plunge and setup an openbsd laptop.
I bought a relatively newer ThinkPad, and (a couple of months ago) set it up and
started playing with the desktop environment.

Well, life happened, and I put it aside for a while.  Yesterday, I decided to
look at it again, and decided I would just start over.

So, I downloaded the current install image, and installed it on the laptop.

This laptop has no wired Ethernet port, just wireless which requires the
iwm-firmware.

So, after installing -current and booting into the system, I plugged in a USB
drive with the "iwm-firmware-0.20170105.tgz" on it, and issued:
# fw_update -p /mnt iwm

This worked a couple of months ago, and the wireless came up.  Yesterday (and
today), I got/get:

file:/mnt/iwm-firmware-0.20170105.tgz: unsigned package (signify(1) doesn't see
old-style signatures)

I see that how signify works had recently changed, so, I reinstalled with the
6.2 stable image.
But, I get the same error.

I would rather not go all the way back to 6.1.
I can find no way in the man page to get fw_update to install without checking
signatures.  I did try using "pkg_add -D unsigned" as a guess (with little
hope), but that did not work either.

It seems that the firmware package ("20170105") is from the time before signify
changed, and has not been brought into sync with the new signify (that's just a
guess).

How do I install the iwm-firmware without a network connection on either
6.2-stable or -current?

Thanks
Ted



---
This email has been checked for viruses by AVG.
http://www.avg.com

Re: switching to DUIDs (and back)

[Josh Grosse]

On 2017-11-01 10:08, Alan Corey wrote:


Thank you, I was thinking every partition has a UUID and I needed to
find and use those.  But even in Linux it's apparently only devices
that have UUIDs.  They're almost like DOS/Windows drive serial
numbers, but those are generated when you format a partition and only
apply to the partition.  Yes, I was looking at man pages but what I
was looking for doesn't exist.


I'm sorry.  Originally, you wrote:


I want to replace my fstab with one that accesses my current
partitions using DUIDs.  Disklabel shows me a DUID for the drive, how
do I set up individual partitions?  Or is there already a DUID (or
UUID) for each partition that I need to find and use?


A DUID is per drive, and is reported to you by disklabel(8).

# disklabel wd0 | grep duid

You can change the DUID value as well, if you desire to.
See the "i" command in the disklabel editor section of the
man page.

You'd also written ...


I don't really like DUIDs ...


They were introduced specifically to eliminate needing to
edit fstab(5)entries in the event of device number changes.

Re: Android development on OpenBSD

[flipchan]

I'm sure u can compile the apps

On November 1, 2017 3:55:03 PM GMT+01:00, Jan Stary  wrote:
>What do people use to develop Android apps on OpenBSD?
>
>Currently, I am using the Android Studio on a Mac,
>I would very much rather use my favorite IDE of vim+make
>and just write C code and run it through NDK
>https://developer.android.com/ndk/guides/index.html
>but it seems some form of the Android SDK is unavoidable.
>
>   Jan

-- 
Take Care Sincerely flipchan layerprox dev

Re: switching to DUIDs (and back)

[Alan Corey]

>On Sun, Oct 29, 2017 at 11:30:51AM -0400, Josh Grosse wrote:
>> Basically, replace "wd0" with the drive's DUID.

>I'm wrong, of course.  Replace "/dev/wd0" with the drive's DUID,
>then append "." followed by the partition.

Thank you, I was thinking every partition has a UUID and I needed to
find and use those.  But even in Linux it's apparently only devices
that have UUIDs.  They're almost like DOS/Windows drive serial
numbers, but those are generated when you format a partition and only
apply to the partition.  Yes, I was looking at man pages but what I
was looking for doesn't exist.

pf and max bandwidth in nested queues (bug?)

[Oliver Humpage]

Hello,

I have an OpenBSD 6.2 router, set up in a test rig so there's no traffic apart 
from my tests. It has vmx interfaces. $int_if is a vlan on one of them.

I have an issue where if a child queue has a different “max” from a parent 
queue, the bandwidth is throttled down to much less than either.

I have the following simple queue tree (eventually it will be bigger, this is 
just for testing):

queue inbound on $int_if bandwidth 100M
  queue inbound_all parent inbound bandwidth 30M max 30M
queue inbound_std parent inbound_all bandwidth 20M max 30M default
pass on $int_if

This works, and an iperf test shunting data through the router from ext->int 
gets around 30Mb as expected.

If I change the inbound_all queue's max to a slightly higher number, this 
shouldn’t have any effect at all - after all, the inbound_std queue is still 
"bandwidth 20M max 30M", and neither of these numbers exceed the parent:

queue inbound on $int_if bandwidth 100M
  queue inbound_all parent inbound bandwidth 30M max 40M
 ^^^
queue inbound_std parent inbound_all bandwidth 20M max 30M default
pass on $int_if

However, when I do this, suddenly connections assigned to inbound_std only get 
around 2.3Mb. 

``systat q’’ shows all packets are going into the correct queue.

As an experiment, I put a “min” level on inbound_std:

queue inbound_std parent inbound_all bandwidth 20M min 10M max 30M default

Then connections get that minimum bandwidth (here, iperf reported around 10Mb), 
so it shows the queue *can* use more than 2.3Mb, but it still sticks to the min 
rather than using all available bandwidth.

This seems like a bug to me, although I’m hesitant to suggest it since I have a 
lot of respect for the OpenBSD team. Does anyone have a suggestion as to what’s 
happening?

Thanks,

Oliver.

Android development on OpenBSD

[Jan Stary]

What do people use to develop Android apps on OpenBSD?

Currently, I am using the Android Studio on a Mac,
I would very much rather use my favorite IDE of vim+make
and just write C code and run it through NDK
https://developer.android.com/ndk/guides/index.html
but it seems some form of the Android SDK is unavoidable.

Jan

Cheap 2x NIC OpenBSD device

[Alex Waite]

I'm deploying a server to a different data center and I don't want to 
expose the IPMI interface of the machine to their semi-trusted 
management network. So, I'm planning on putting a simple OpenBSD device 
in front of it, logging and filtering.


Can someone here recommend a relatively cheap (< ~100 EUR) device that 
runs OpenBSD and has 2 NICs?


---Alex

Re: pf and max bandwidth in nested queues (bug?)

[Erik van Westen]

Op 1-11-2017 om 14:22 schreef Oliver Humpage:
> Hello,
>
> I have an OpenBSD 6.2 router, set up in a test rig so there's no traffic 
> apart from my tests. It has vmx interfaces. $int_if is a vlan on one of them.
>
> I have an issue where if a child queue has a different “max” from a parent 
> queue, the bandwidth is throttled down to much less than either.
>
> I have the following simple queue tree (eventually it will be bigger, this is 
> just for testing):
>
> queue inbound on $int_if bandwidth 100M
>   queue inbound_all parent inbound bandwidth 30M max 30M
> queue inbound_std parent inbound_all bandwidth 20M max 30M default
> pass on $int_if
>
> This works, and an iperf test shunting data through the router from ext->int 
> gets around 30Mb as expected.
>
> If I change the inbound_all queue's max to a slightly higher number, this 
> shouldn’t have any effect at all - after all, the inbound_std queue is still 
> "bandwidth 20M max 30M", and neither of these numbers exceed the parent:
>
> queue inbound on $int_if bandwidth 100M
>   queue inbound_all parent inbound bandwidth 30M max 40M
>  ^^^
> queue inbound_std parent inbound_all bandwidth 20M max 30M default
> pass on $int_if
>
> However, when I do this, suddenly connections assigned to inbound_std only 
> get around 2.3Mb. 
>
> ``systat q’’ shows all packets are going into the correct queue.
>
> As an experiment, I put a “min” level on inbound_std:
>
> queue inbound_std parent inbound_all bandwidth 20M min 10M max 30M default
>
> Then connections get that minimum bandwidth (here, iperf reported around 
> 10Mb), so it shows the queue *can* use more than 2.3Mb, but it still sticks 
> to the min rather than using all available bandwidth.
>
> This seems like a bug to me, although I’m hesitant to suggest it since I have 
> a lot of respect for the OpenBSD team. Does anyone have a suggestion as to 
> what’s happening?
>
> Thanks,
>
> Oliver.
>

I might be mistaken, but doesn't queueing only work on OUTgoing traffic
since one cannot control the rate at which traffic is delivered to you,
but one can control the rate of traffic going out of an interface?

Erik

protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[tec...@protonmail.com]

> Hello,
>
> Can't get to the login page on FF, just see a never ending loop of 'Loading 
> Protonmail...'
>
> Damn frustrating.  I can confirm this has happened with 3 different installs.
>
> Having to use chromium, definitely not a good solution for a Google-hater.
>
> Thanks

Re: Cheap 2x NIC OpenBSD device

[Peter Faiman]

I have an APU2 from PC Engines, which has 3 gigabit ports. I think it’s a bit 
above your budget of €100, but if you can’t find anything else I highly 
recommend it. I use one as my edge firewall and haven’t had any problems.

> On Nov 1, 2017, at 07:27, Alex Waite  wrote:
> 
> I'm deploying a server to a different data center and I don't want to expose 
> the IPMI interface of the machine to their semi-trusted management network. 
> So, I'm planning on putting a simple OpenBSD device in front of it, logging 
> and filtering.
> 
> Can someone here recommend a relatively cheap (< ~100 EUR) device that runs 
> OpenBSD and has 2 NICs?
> 
> ---Alex
> 

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[tec...@protonmail.com]

Hmm.. Yeah it works thanks. Well, it takes me to log in page. Once I enter my 
login information it took an age to actually get in to my account.. So much so 
that an alert box popped up within Firefox asking me if I want to wait or halt 
the page due to it taking a long time to load. I have never seen that Firefox 
alert in my puff before and. I have been using since '04.

Do you happen to know what the issue with Firefox is with this website on 
OpenBSD? I mean my guess is that it has to do with JavaScript in some way but 
why now? It wasn't like this on 6.1, so what changed?

Thanks for the temp fix though, much appreciated!
 Original Message 
On Nov 1, 2017, 6:22 PM, vincent delft wrote:

> Hello,
>
> Can you try with the safe mode: firefox --safe-mode.
>
> This should work fine.
>
> rgds
>
> On Wed, Nov 1, 2017 at 5:32 PM, tec...@protonmail.com  
> wrote:
>
>>> Hello,
>>>
>>> Can't get to the login page on FF, just see a never ending loop of 'Loading 
>>> Protonmail...'
>>>
>>> Damn frustrating.  I can confirm this has happened with 3 different 
>>> installs.
>>>
>>> Having to use chromium, definitely not a good solution for a Google-hater.
>>>
>>> Thanks

Re: Cheap 2x NIC OpenBSD device

[Oscar D. Knight]

Maybe ebay.  Maybe something like a Dell PowerEdge R200.
YMWV


On Wed, Nov 1, 2017 at 10:27 AM, Alex Waite  wrote:

> I'm deploying a server to a different data center and I don't want to
> expose the IPMI interface of the machine to their semi-trusted management
> network. So, I'm planning on putting a simple OpenBSD device in front of
> it, logging and filtering.
>
> Can someone here recommend a relatively cheap (< ~100 EUR) device that
> runs OpenBSD and has 2 NICs?
>
> ---Alex
>
>


-- 
NOTE: ASU ITS will NEVER ask you for your password in an email!
Oscar D. Knightknightod at appstate
dot edu
ITS, Office of Information Security   Voice:
828-262-6946
Appalachian State University, Boone, NC 28608 FAX: 828-262-2236

Re: pkg_info fails for non-installed packages when PKG_CACHE is set to a directory the current user can't write to

[Marc Espie]

On Wed, Nov 01, 2017 at 11:51:52AM +0100, Marc Espie wrote:
> On Mon, Oct 30, 2017 at 09:05:53PM +0200, Lari Rasku wrote:
> > Oct 27 snapshot, amd64.
> > 
> > When PKG_CACHE is set:
> > 
> > $ cat /etc/profile
> > export PKG_CACHE=/var/cache/pkg
> > 
> > To a directory the current user lacks write access to:
> > 
> > $ touch /var/cache/pkg/somefile
> > touch: /var/cache/pkg/somefile: Permission denied
> > 
> > Trying to call pkg_info on an uninstalled package fails:
> > 
> > $ pkg_info -e lumina-1.3.0pl1p2; echo $?
> > 1
> > $ pkg_info lumina-1.3.0pl1p2
> > Fatal error: bad PKG_CACHE directory /var/cache/pkg
> >  at /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 669.
> > 
> > This is surprising, because I didn't expect pkg_info to write anything but
> > temporary files; PKG_CACHE is not documented on pkg_info(1).  The program
> > doesn't apparently even intend to cache anything, as when I temporarily set
> > PKG_CACHE to something writable:
> 
> Fun one. Well, people usually don't define PKG_CACHE manually, but rely
> on the ports tree to do it when needed.
> 
> Tweaking the full chain to only handle it with pkg_add would be feasible.
> 
> Somewhat low priority.

Fairly easy to fix actually, so it's going to be in current, thx

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

[vincent delft]

Hello,

Can you try with the safe mode: firefox --safe-mode.

This should work fine.

rgds




On Wed, Nov 1, 2017 at 5:32 PM, tec...@protonmail.com  wrote:

> > Hello,
> >
> > Can't get to the login page on FF, just see a never ending loop of
> 'Loading Protonmail...'
> >
> > Damn frustrating.  I can confirm this has happened with 3 different
> installs.
> >
> > Having to use chromium, definitely not a good solution for a
> Google-hater.
> >
> > Thanks