Re: sendmail vs. other MTAs

[Daniel Ouellet]

Dan Harnett wrote:

On Tue, May 12, 2009 at 09:55:48PM +0200, Felipe Alfaro Solana wrote:

On Tue, May 12, 2009 at 9:31 PM, L. V. Lammert l...@omnitec.net wrote:

At 09:16 PM 5/12/2009 +0200, Felipe Alfaro Solana wrote:

If you want simple, install Webmin. Runs fine with sendmail, default
install!

I'm not that crazy to combine something that remembers passwords in
clear text with an MTA that has a horrible security track record.

If this is clear text, I want to know where you got your glasses:

B  B  B  B admin:XXl2dzFGzv.Yk:0

Also, if sendmail has such a horrible track record, why is it the default
MTA on this system? We handle 40K+ emails daily on a single box with no
problems at all.

http://en.securitylab.ru/nvd/378946.php


http://www.sendmail.org/releases/8.13.2


If memory serve me well.

8.13.0 was in OpenBSD 3.6 and a few upgrades were done and by 3.7 we had 
sendmail 8.13.3. Pass any alerts from your security lab list you use to 
try to make your point.


So if you still run 3.6 today by all mean YOU DESERVED TO BE HACKED!!!

There is a load of very good people that do their very best to make the 
OS as secure as possible, clean and easy to use and the less whiner can 
do is justify their fricking complains with data that is years in the 
pass and use that as a fact for saying things are not good!


Just like I said, getting lower and lower every day on m...@.

LinuxOLuserFobia complains about missing feature and then complain about 
old crap because they can't stay current in their setup and justify 
their whining with old crap!


Can we just move on this sh*t hole please?

New version are release every 6 months. Even now with the new sysmerge 
toll there isn't a single reason not to stay up to date. You can eve 
skip many version all at once and it works flawlessly as well. I tested 
it for fun, Only from 3.8 or 3.9 up to 4.5 is an issue because of the 
zip part that is not compatible. I don't recall the exact version I did 
it from as a test, but even then you can get away very simply doing it 
too. Not recommended obviously, but just to show that it is working and 
all done in less then 10 minutes, even less with the new version now 
that does a lots of thinking for you should you have a void between the 
two ears you should use. Even the upgrade process almost become bullet 
proof as the OS itself. What else you want???


Stop whining and bringing very old and totally irrelevant data to try to 
make a point It only show stupidity and laziness as to not keep systems 
running up to date as they should!


So what's your point again with:

http://en.securitylab.ru/nvd/378946.php

Best,

Daniel

Re: sendmail vs. other MTAs

[Daniel Ouellet]

L. V. Lammert wrote:

At 02:22 PM 5/12/2009 -0700, Henry Sieff wrote:

On Tue, May 12, 2009 at 11:07 AM, L. V. Lammert l...@omnitec.net wrote:

 If you want simple, install Webmin. Runs fine with sendmail, default
 install!

Yeah, because if you can't see the complexity, it doesn't exist.


What does complexity have to do with a user interface?

Looks like someone else should go download their favorite Linux.


Or as in this case may be use @gmail.com email as they can't obviously 
setup their own mail server looks like. Or can make it secure, or set it 
up with spam filter properly so they use @gmail.com.


Not everyone that have @gmail.com can't do their mail server by all 
mean, I don't make it a general rule, but may be in this specific case 
here it might well be the case! (;


May be we should asked if Theo would create a linux@ list and let all 
these guys subscribe to it and beat each other up all day long, 
convincing each others of their ways and God thinking and leave misc@ 
alone for good stuff.


Can we?

OK, I need to stop feeding the trolls!

Re: sendmail vs. other MTAs

[Daniel Ouellet]

Theo de Raadt wrote:
I am waiting smtpd though, but I doubt it will be able replace my exim 
installations any time soon.


The best part is that noone cares about that.


Not totally true I hope. Many does, just doesn't look like it.

But, you are 150% right however, it sure DO NOT get the RESPECT it 
deserves!


Very sad!

Re: Multiboot OpenBSD with Vista

[Daniel Ouellet]

Lars Nooden wrote:

I've not see a port of WINE to OpenBSD for some time, but it'd be worth
a try, just in case.



Actually I was just looking at this last night and it's not working yet. 
Getting closer all the time and good progress was done for sure looks 
like, but still some issues are not worked out yet;


More details here:

http://wiki.winehq.org/OpenBSD

A specific wiki was setup just for OpenBSD to try to bring it up to 
speed should you be interested.


But the short of it, not a go yet. Looks like it might go one day. 
Austin was actually asking for some help on one of the issue he is 
working on and the last updates and diff he putted in was 4/20/2009 I think.

Re: Multiboot OpenBSD with Vista

[Daniel Ouellet]

Leonardo Rodrigues wrote:

It's really good to know that there's someone working recently on
bringing Wine to OpenBSD. It really isn't a trivial port =(


No it' snot. But I think Hustin is kind of stuck a bit. He got it to 
compile, etc. But it crash when run simple things and looks like it 
related to malloc may be. He can do the Wine part, but not as familiar 
for the OpenBSD part and was asking for help, or details on that side to 
see if he can finish it up.


He did lots of progress for sure and it's been a few months that he is 
working on it. If I recall, from last last summer or something like 
that. He had some stuff working on 4.4, but it's broken on 4.5, so he 
really try to bring it to current for sure. If successful, yes it sure 
would be nice! (;


Some issues were dependency wrong n 4.5, may be as the list of ports 
wasn't fully updated at the time he tried, but some testing might help.


Definitely much more ahead then last summer for sure and if successful, 
it would be current now.

Clarification needed on namespace export of the protocol include files definitions?

[Daniel Ouellet]

Hi,

This is very minor in all, but I would love some clarifications as I 
obviously don't understand this as clearly as I should looks like.


An example is in the commit Rev 1.5 of extern.h for tftp.

I see this commit from Theo

TIMEOUT* values are not part of the protocol. tftp.h is a namespace 
export of the protocol. you shall not add non-protocol stuff to such a 
file, period.


But the RFC 2349 page 2 extend the TFTP RCF 1350 with this:

  timeout
 The Timeout Interval option, timeout (case in-sensitive).
 This is a NULL-terminated field.

  #secs
 The number of seconds to wait before retransmitting, specified
 in ASCII.  Valid values range between 1 and 255 seconds,
 inclusive.  This is a NULL-terminated field.

So, the timeout value from 1 to 255 are valid and could have been 
defined into tftp.h for example couldn't it have been?


It's not a complain, but I really would love to understand the logic as 
to what goes or should go into YourGismo.h and YourGismod.h for 
YourGismo application?


For what I understand, the YourGismo.h would have definition of the 
protocol and what's defined in the RFC as YourGismod.h would have 
definitions use by your application design, but that may or may not be 
define in the RFC. Am I wrong?


Sorry if that's totally obvious, I thought I got it before and I really 
don't get it here and I would love for someone to provide me 
clarifications so that I do understand it properly. Clearly there is 
something missing in what I assumed before.


May be it could be that I do not understand the real English meaning of 
the namespace export of the protocol, but I took it to mean any 
variable that could be define as to help read the code that are included 
in RFC as well as any extension of them should they apply. It's it the 
case here?


I obviously would put it in there, but looks like I would be wrong and I 
would really love to understand it properly.


Please be generous on your comments if any so that it could be very 
clear to understand.


May be an example(s) might be best if you can think of any. It might 
help me get it.


Many thanks for your time.

Daniel

Re: OpenNTPD warning

[Daniel Ouellet]

Jordi Espasa Clofent wrote:

# sync to a single server
server yes
server hora.roa.es


You shouldn't have this here like that.

 server yes

The man(5) ntpd.conf if pretty clear on that.


server address [weight weight-value]
Specify the IP address or the hostname of an NTP server to syn-
chronize to.  If it appears multiple times, ntpd(8) will try to
synchronize to all of the servers specified.  If a hostname re-
solves to multiple IPv4 and/or IPv6 addresses, ntpd(8) uses the
first address.  If it does not get a reply, ntpd(8) retries with
the next address and continues to do so until a working address
is found.  For example:

  server 10.0.0.2 weight 5
  server ntp.example.org weight 1

server yes is neither an IP address or a full qualify name server.

So, as it say here, it will try to access hora.roa.es as well as 
yes, witch it will not be able to obvioulsy and will give you errors.


So, just make your configuration properly and you will fix your problem.

Best,

Daniel

List of old forked or frozen code like apache that needs cleanup?

[Daniel Ouellet]

Hi,

Is there some code in the tree that like apache a few years ago stop 
following the source for valid license reason, or was forked, kind of, 
that would need or benefit from cleanup just like I did apache in 2004-2006?


Kind of disgraceful janitor work if you like, but that would be 
beneficial never the less and sure clean the tree a little bit.


I am asking as I have a few guys that want to learn some stuff and I 
would take this on myself to make it happen somehow if there is a need 
for it or some that needs to be done. Worst case I could do some myself 
like in the pass years.


Anything that have a bunch of Windows, Novel, or what not code in there 
that is frozen or only maintain by OpenBSD now that needs cleanup would 
be nice to know.


Fell free to reply in private as to not pollute the list unless there is 
a need for it. Make your list as long as you want so that I may pick 
something interesting if possible, or that really is in bad need of dead 
code removal under OpenBSD.


If there is a real need for that, then I could start sending diff's for it.

Thanks for your time!

Daniel

Can't get tls on smtpd to work right, just can't connect to server using tls.

[Daniel Ouellet]

Hi,

I am having problem testing this and my be I am missing something 
simple, so any pointers would be appreciates.


To test this I created the cert as describe in man 8 starttls as follow 
and below are all the steps I did without success so far:


Create the missing directory and change to it.
# mkdir /etc/mail/certs
# cd /etc/mail/certs


Generate the key and certificate based on my interface name dc0 in this 
case as follow:

# openssl dsaparam 1024 -out dsa1024.pem

# openssl req -x509 -nodes -days 365 -newkey dsa:dsa1024.pem \
   -out /etc/mail/certs/dc0.crt -keyout /etc/mail/certs/dc0.key

I answer the various question about the country, start, city, etc.

Country Name (2 letter code) []:
State or Province Name (full name) []:
Locality Name (eg, city) []:
Organization Name (eg, company) []:
Organizational Unit Name (eg, section) []:
Common Name (eg, fully qualified host name) []:
Email Address []:

Then all look good after that.

I move my certificate and key to be root readable only as recommended in 
man 8 starttls as follow:


# chmod -R go-rwx /etc/mail/certs

And I finally removed the not needed dsa1024.pem file as well as 
suggested in man 8 starttls


# rm dsa1024.pem

Now it look like this:

# ls -al
total 16
drwx--  2 root  wheel   512 Jun  2 20:50 .
drwxr-xr-x  3 root  wheel  1024 Jun  2 20:44 ..
-rw---  1 root  wheel  1241 Jun  2 20:47 dc0.crt
-rw---  1 root  wheel   668 Jun  2 20:47 dc0.key


I also created a link for the lo0 interface, witch I am not sure why we 
should use tls there as it's local, but anyway, for completeness I did 
never the less. Here I used the same key, but I could created a second 
key too. Unless I am missing something, I guess for lo0 shou;dn't tls be 
ignore anyway? Just a thought as you are already on the system at that 
point so why use it, or even smtps?


Anyway, I do:

# ln -s dc0.crt lo0.crt
# ln -s dc0.key lo0.key

and I have the final needed files as this:

# ls -al
total 16
drwx--  2 root  wheel   512 Jun  2 20:53 .
drwxr-xr-x  3 root  wheel  1024 Jun  2 20:44 ..
-rw---  1 root  wheel  1241 Jun  2 20:47 dc0.crt
-rw---  1 root  wheel   668 Jun  2 20:47 dc0.key
lrwxr-xr-x  1 root  wheel 7 Jun  2 20:53 lo0.crt - dc0.crt
lrwxr-xr-x  1 root  wheel 7 Jun  2 20:53 lo0.key - dc0.key


Then I put the configuration in the /etc/mail/smtpd.conf file to use them:

listen on lo0 tls certificate /etc/mail/certs/lo0.crt enable auth
listen on dc0 tls certificate /etc/mail/certs/dc0.crt enable auth

and I get errors:

# pkill smtpd
# smtpd
/etc/mail/smtpd.conf:12: syntax error
/etc/mail/smtpd.conf:13: syntax error

Even only on dc0 only I get the same things:

# cat /etc/mail/smtpd.conf | grep listen
listen on dc0 tls certificate /etc/mail/certs/dc0.crt enable auth

# pkill smtpd
# smtpd
/etc/mail/smtpd.conf:6: syntax error


Any variation of it give me the same errors except this one:

listen on dc0 tls

If I try to specify the certificate name, location, full path, etc I get 
errors, even if I add or not the end options enable auth.


I can't connect to the smtpd using clients with only tls enable.
I test this using thunderbird and setup the sending mail server to use 
tls ONLY. I keep getting errors trying to connect to it. It refuse 
connection to it.


I try everything I can think of some far and I am still not successful 
doing it.


The only part that works very well for weeks so far is without any tls 
like this:


# cat /etc/mail/smtpd.conf | grep listen
listen on dc0
# pkill smtpd
# smtpd

But with tls configuration, I can see the starttls in the offering:

# telnet no-spam1.realconnect.com 25
Trying ::1...
Connected to no-spam1.realconnect.com.
Escape character is '^]'.
220 no-spam1.realconnect.com ESMTP OpenSMTPD
EHLO testing
250-no-spam1.realconnect.com Hello testing [IPv6:::1], pleased to meet you
250-8BITMIME
250-STARTTLS
250 HELP
quit
221 no-spam1.realconnect.com Closing connection
Connection closed by foreign host.

Anything I am forgetting that is obvious, or is it not ready to be use yet?

Thanks for the feedback.

Best,

Daniel

Re: Can't get tls on smtpd to work right, just can't connect to server using tls.

[Daniel Ouellet]

I didn't see you mention a certificate authority, is this self-signed?


Yes it is self signed.


starttls says:

If you don't intend to use TLS for authentication (and if you are using
self-signed certificates you probably don't) you can simply link 
your new

certificate to CAcert.pem.

  # ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem

If, on the other hand, you intend to use TLS for authentication you
should install your certificate authority bundle as
/etc/mail/certs/CAcert.pem.

You didn't mention this file.


Because it doesn't apply at all for smtpd and nowhere in the code does 
it look for that anyway.


So, no I didn't do anything about it. I did look at the code first and I 
did find the answer to one of my questions, (the part for the name) but 
still the smtpd refuse connections for tls exchange.


Just for the archive, the man smtpd on the configuration have:

listen on interface [port port] [tls | smtps] [certificate name] [enable 
auth]


where I was failing for the name part ONLY on the [certificate name] was 
that I use the full file name as dc0.crt instead of dc0 only as the code 
does add the .crt part to the name. But that address only the name part 
of the configuration I had errors with. It doesn't fix the issue I can't 
get the system to work with tls.


Most likely it is something stupid, but I can't se it never th eless.

Best,

Daniel

Re: Can't get tls on smtpd to work right, just can't connect to server using tls.

[Daniel Ouellet]

If you don't intend to use TLS for authentication (and if you are using
self-signed certificates you probably don't) you can simply link 
your new

certificate to CAcert.pem.

  # ln -s /etc/mail/certs/mycert.pem /etc/mail/certs/CAcert.pem

If, on the other hand, you intend to use TLS for authentication you
should install your certificate authority bundle as
/etc/mail/certs/CAcert.pem.

You didn't mention this file.


So, just in case something else in the system might look for this, I did 
the following:


ln -s dc0.crt CAcert.pem

I didn't think it would make any differencem but just for testing I did 
anyway and I now have;


# ls -al
total 16
drwx--  2 root  wheel   512 Jun  2 22:05 .
drwxr-xr-x  3 root  wheel  1024 Jun  2 20:56 ..
lrwxr-xr-x  1 root  wheel 7 Jun  2 22:05 CAcert.pem - dc0.crt
-rw---  1 root  wheel  1241 Jun  2 20:47 dc0.crt
-rw---  1 root  wheel   668 Jun  2 20:47 dc0.key
lrwxr-xr-x  1 root  wheel 7 Jun  2 20:53 lo0.crt - dc0.crt
lrwxr-xr-x  1 root  wheel 7 Jun  2 20:53 lo0.key - dc0.key

And still no go.

Obviously here the dc0.crt is what the mycert.pem would have been anyway.

smtpd.conf is looking for name.crt where the .crt is burned in the code, 
so it's not optional to have it.



# cat /usr/src/usr.sbin/smtpd/ssl.c | grep .crt
/etc/mail/certs/%s.crt, name)) {

So, that's for the clue, but that's not is yet anyway.

Best,

Daniel

Re: Can't get tls on smtpd to work right, just can't connect to server using tls.

[Daniel Ouellet]

Gilles Chehade wrote:

Daniel Ouellet a icrit :

Hi,

I am having problem testing this and my be I am missing something 
simple, so any pointers would be appreciates.


To test this I created the cert as describe in man 8 starttls as 
follow and below are all the steps I did without success so far:



[...]

Yes, for some reason you will not succeed having ssl/tls work by 
following the starttls
man page. Current workaround until I spot what's wrong, is to follow the 
same procedure

than for generating certificates for web servers in ssl(8), this will work.

I'm currently doing some ssl related work in smtpd so it's likely I'll 
have news soon.


Many thanks for the advise!

I will try that and see.

Great work by the way, I really love it so far!

I got use to update it every few days and more in the last week. (;

Best

Daniel

Re: List of old forked or frozen code like apache that needs cleanup?

[Daniel Ouellet]

Please guys, lets stop this. I now regret even asking. It wasn't mean to be as
it was taken down that path as what can we do to help, or what's needed, etc

I thought the title was clear. My fault and I apologies to have sent this in.

What I was really ONLY asking or looking for was an application, or multiple one
that STOP being sync with the original because of license issue or what not
and that kind of become OpenBSD only and that may have lots of GNU/Windows crap
in it like apache had before 2004 and that would definitely benefit from the
same idea of cleanup.

That was THE ONLY question I had and if there was still such a thing in the
tree that I could work with 4 kids in a special computer project at school where
I would take it on my own to process the what I would call DEAD CODE REMOVAL
just like I did here as an example:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/httpd/src/main/http_protocol.c.diff?r1=1.26;r2=1.27;f=h

Anything else or any other direction this tread took was unintentional and I
very much apologies for it. It wasn't my intention and I should have know better
when I sent it. My fault and I am very, very sorry about it.

If there is such a thing, I would love to know, if not, that's fine too, but
please lets not make this turn into a joke like it was a few years back.

Again, I am very sorry to have open that can of worms, it really wasn't what I
had in mind and how I thought I phrase the question, but obviously I was wrong.

My deepest apologies for the nose!

Daniel

Re: List of old forked or frozen code like apache that needs cleanup?

[Daniel Ouellet]

Alexander Hall wrote:
 Daniel Ouellet wrote:
 
 My deepest apologies for the nose!
 
 I don't mind it.

Men, should have been noise not nose.

Fair picking, I deserved it! (;

Re: MySQL and ulimit

[Daniel Ouellet]

Gaby Vanhegan wrote:
 I'm having an annoying time trying to make MySQL run with a large amount
 of buffer memory.  I have 4Gb of RAM and 8Gb of swap and I need to
 increase the data size limit for the _mysql login class.  Currently it's
 set to unlimited but it doesn't seem to be coming through to the _mysql
 login class:

How do you start your MySQL, do you actually tell it to use that class?

http://openbsdsupport.org/mysql.htm

For may be more details that you may have overlooked.

Best,

Daniel

Re: MySQL and ulimit

[Daniel Ouellet]

 If the machine has mare than enough physical RAM and tons of swap, is
 there no way to configure MySQL to hold a 2Gb buffer in memory?  I
 really want to avoid building a custom kernel and it feels like I should
 be able to get this working using login.conf, ulimit and sysctl
 settings.  Or is this a wall that is not meant to be broken through?

If I may asked, why would you really want to get a 2GB buffer???

I obviously do not know what your setup is or your application here, or how big
your database actually is, but if you are trying to have everything in ram for
speed for example and that your application do not make changes to the database,
then you could always setup a partition in ram disk only and put your table 
there.

You could mount /var/mysql/test in a ram disk that you configure to use 2GB or
ram and that would do what you want.

If you need to make changes to that database in RAM, then you could use
replication to save the changes to the physical hard disk, witch would need to
run to copy of MySQL obviously to replicate it live to a different table name.

I did that before and it does actually works well, that's when I had slow
hardware and I would around it that way, now I don't need that anymore, but
still possible to do it, if that's really want you need.

You can create your table to be loaded on the start and be put into ram disk, or
may be even under volatile table as well, but not knowing what you want to do,
these are just ideas that may or may not apply or may be even stupid as well to
do depending of what you really try to solved as a problem.

The ram disk I must say was a very cleaver idea and works very well back then,
but needed raidframe, witch I didn't really like to use.

I might do it again now with Marco softraide for fun and see if that would
actually works or not, just as a test.

Anyway, hope this may give you some thoughts or not as I am not really sure
where you try to go here.

But no matter what, you still limited to 4 GB for physical memory anyway.

Best,

Daniel

Re: junk directory cleanup question

[Daniel Ouellet]

jmc wrote:
 is this to suggest that the best thing to do is edit /etc/daily and
 wedge in the directories i need cleaned up? i'm only asking because my
 first thought of course would be to put this code in /etc/daily.local to
 ease merging in any diffs that future upgrades might provide.

From man 8 daily:

 These scripts should not be altered.  Local additions should be made to
 the files /etc/daily.local, /etc/weekly.local, and /etc/monthly.local,
 which will be executed by /etc/daily, /etc/weekly, and /etc/monthly, re-
 spectively.  The *.local files are executed first, which makes it conve-
 nient to do any necessary cleanup and backup before the script is run.

Re: apc ups daemon - SUCCESS

[Daniel Ouellet]

Thanasis wrote:
 on 06/11/2009 07:55 PM Diana Eichert wrote the following:
 On Thu, 11 Jun 2009, Thanasis wrote:

 As I said, the compilation didn't need anything special, except perhaps
 using gmake instead of make.
 That's all.
 So, it's minimum effort for someone experienced with the ports system
 and with the Makefile(s) to put it in.
 :-)
 So, I have to respond.  This is the most Give Me, Give Me, Give Me
 response I've heard in awhile.

 First you have problems and ask for help, plenty of people chime in
 with ideas, then you get it working, then someone suggests you give
 back to the project because to them, and perhaps the commuunity,
 it appears OpenBSD is useful to you.  You decline, suggesting it's
 a minimum effort for someone experienced with the posts system.

 How do you think these projects work?  People sitting on the their
 ass and expecting someone else to do things.

 This is why I quit trying to help people on misc@, to much give me,
 not enough give back.

 not a g.day

 diana


 Sorry, if I made you feel that way, but believe me, really, if I could
 do it (put apcupsd in the openbsd ports), I would happily do so.
 But not everyone is a developer ... O:-)
 PS: And thanks to every one for their help  :-)

You got it working never the less didn't you?

So, doesn't need to be a dev to get there.

Diana is 150% right once more!

Doing the port is in the FAQ and in response to the help you got, plenty of it,
you could do it, or worst case read the FAQ and create a port.

I am sure if it is not perfect and you submit it, as much as you got help to get
your stuff going, if there was something wrong in your port, or try of it
anyway, you would get even more help making it right!

Diana is right, you want to take and not give back what so ever and find excuses
not to even give it a shut!

This is a shame big time!

Take and never give back!

Real shame!

Re: BGP and NATting to multiple ISPs

[Daniel Ouellet]

Hi, here is a few ideas for you.

A few things to think about here depending on what issue you really try to 
solved.

First a good ISP after you actually reach them have built redundancy on their
network, so unless you try a cheap one, then you should be fine there.

Then what could go wrong? Well plenty yes, but less take them.

- Power, well UPS, if UPS runs out, two ISP will do nothing.

- single router blow up, same thing. So, you designed it with two as you put it,
great.

- Local loop, last mile, well if it get cut, then it's cut and needs to be fix.

So two line needs to come in.

One solution may be as simple as getting these two lines form the same ISP and
have them merge together.

Like if you use T1 for example, then they could be bundle together via PPP and
allow you to use the full capacity of both and if one goes down, you still have
the first one and nothing is lost, no traffic is lost and all continue, just
slower. You might be able to get it cheaper if both from the same ISP as well
and they would need to be provision on the same router on their end anyway to
merge them.

This way, you don't need BGP, you get backup as you want to get, on line goes
dead, you still have the second one.

But then, you don't have your IP problem and believe me, getting any IP's from
ARIN these days is pretty darn hard! Unless you want IPvShit, then you will be
giving them right away. They change their policy last month if my memory is good
and you sure can get it for your site, but then, you hell open a truck load of
other issues however.

This combine lines also address your requirement of balancing your traffic, but
in this case, you don't need anything special, it works no problem.

I don't know how things are in Chicago, but if it is like hereon the east coast,
looks like Verizon enjoy playing with wire in central office and disconnect
lines at random. I don't really think they are doing that, but sure hell look
like it however as problem are always with the local loop!

So, this may well works for you and get you want you want to do.

Just a thought anyway for your consideration that may address your needs in a
different way.

Best,

Daniel

Re: BGP and NATting to multiple ISPs

[Daniel Ouellet]

 I'm in *no* way convinced that running out of a resource (IPv4
 addresses) would be a good thing. It's been my experience that most
 network engineers agree with me.

Many will agree with you big time! There was a chance to make it right and
address many issues that could have been address with the new standard, but
instead, politics and power struggle got the best of it and they even try to
reintroduce old bugs that was/is in IPv4 and that everyone knows was bad. Looks
like history serve nothing, but just repeated itself. They had a chance to make
it right and easy, but sadly it wasn't the path that was taken.

Even one of my funniest reading was if memory served well a reply from Theo on
source originate routing if I remember well. That was in 2007 I think, or may be
older. I would need to dig it, but there is so many example of well known issue
in IPv4 that everyone try to work around it to make it better and the same issue
were re-introduce in IPv6... Why!?!?!

New disklable doesn't keep old partitions if requested

[Daniel Ouellet]

Hi,

I try to keep the actual partition of the disk as it was before and do a fresh
install, but the snapshots looks like simply do not allow this now.

You can select Custom label and it will show the previous label, but then when
you write it, obviously no changes are present, but when you Quit it, it comes
back to the same question and looks like you can't move on from there.

Good if you want to use the auto label, but if you want to keep the old one,
then what really should be the step then?

Here is an example:

No label changes.
'/' must be configured!
The auto-allocated layout for wd0 is:
#size   offset  fstype [fsize bsize  cpg]
  a: 1.0G0  4.2BSD   2048 163841 # /
  b: 1.3G  2097648swap
  c:74.5G0  unused
  d: 4.0G  4719456  4.2BSD   2048 163841 # /tmp
  e: 6.0G 13109040  4.2BSD   2048 163841 # /var
  f: 1.9G 25692912  4.2BSD   2048 163841 # /usr
  g: 1.0G 29778336  4.2BSD   2048 163841 # /usr/X11R6
  h: 5.4G 31875984  4.2BSD   2048 163841 # /usr/local
  i: 2.0G 43210944  4.2BSD   2048 163841 # /usr/src
  j: 2.0G 47406240  4.2BSD   2048 163841 # /usr/obj
  k:49.9G 51601536  4.2BSD   2048 163841 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] C

You will now create a Sun-style disklabel on the disk.  The disklabel defines
how OpenBSD splits up the disk into OpenBSD partitions in which filesystems
and swap space are created.  You must provide each filesystem's mountpoint
in this program.

This platform requires that partition offsets/sizes be on cylinder boundaries.
Partition offsets/sizes will be rounded to the nearest cylinder automatically.
Label editor (enter '?' for help at any prompt)
 p
OpenBSD area: 0-156301488; size: 156301488; free: 0
#size   offset  fstype [fsize bsize  cpg]
  a:  10493280  4.2BSD   2048 163841
  b:  8389584  1049328swap
  c:1563014880  unused
  d:  2097648  9438912  4.2BSD   2048 163841
  e: 20972448 11536560  4.2BSD   2048 163841
  f:  2097648 32509008  4.2BSD   2048 163841
  g: 10486224 34606656  4.2BSD   2048 163841
  h:  2097648 45092880  4.2BSD   2048 163841
  i:109110960 47190528  4.2BSD   2048 163841
 w
 q
No label changes.
'/' must be configured!
The auto-allocated layout for wd0 is:
#size   offset  fstype [fsize bsize  cpg]
  a: 1.0G0  4.2BSD   2048 163841 # /
  b: 1.3G  2097648swap
  c:74.5G0  unused
  d: 4.0G  4719456  4.2BSD   2048 163841 # /tmp
  e: 6.0G 13109040  4.2BSD   2048 163841 # /var
  f: 1.9G 25692912  4.2BSD   2048 163841 # /usr
  g: 1.0G 29778336  4.2BSD   2048 163841 # /usr/X11R6
  h: 5.4G 31875984  4.2BSD   2048 163841 # /usr/local
  i: 2.0G 43210944  4.2BSD   2048 163841 # /usr/src
  j: 2.0G 47406240  4.2BSD   2048 163841 # /usr/obj
  k:49.9G 51601536  4.2BSD   2048 163841 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] E
This platform requires that partition offsets/sizes be on cylinder boundaries.
Partition offsets/sizes will be rounded to the nearest cylinder automatically.
Label editor (enter '?' for help at any prompt)

Re: New disklable doesn't keep old partitions if requested

[Daniel Ouellet]

 No label changes.
 
 Wait.  Don't you see what is wrong above?
 
 Let me guess.  The last time you used this disk, partition d was your
 /home partition, right, and i is /var?

Nope.

Here is the standard setup on a truck load of servers. All use the same
partition table, unless there is a very special need.

I try to keep them all similar as much as possible and I do all fresh install
every 6 months (not upgrade) using the sitexx.tgz files. It's more work to keep
the sitexx.tgz files in sync, but at the same time, it provide for quick install
and always run clean fresh install, plus should one server blow up, putting one
back in service is just less the 10 minutes away max. And it force anyone to
keep documentation of the setup, or changes of it by needing to keep sitexx.tgz
in order.

Here is an example here for fstab:

# cat /etc/fstab
/dev/wd0a / ffs rw 1 1
/dev/wd0i /data ffs rw,nodev,nosuid 1 2
/dev/wd0h /home ffs rw,nodev,nosuid 1 2
/dev/wd0d /tmp ffs rw,nodev,nosuid 1 2
/dev/wd0g /usr ffs rw,nodev 1 2
/dev/wd0e /var ffs rw,nodev,nosuid 1 2
/dev/wd0f /var/log ffs rw,nodev,nosuid 1 2

 We don't know what partition to mount where.

That I totally agree, but when I do the custom, and make no changes to the
partition table, then why does it come back asking me to redo it instead of keep
going and then I can re-enter the old mount name in the old partitions as it
used to be?

Same results with edit auto label as well. I can pass this pass deleting all and
recreating all, but before (4.5 and before) I could keep the same label, and yes
I needed to enter the mount point in label, witch was fine and I have no issue
with that or doing it.

 You failed to fill in the information, using at least the 'm' command,
 and then when you quit disklabel it correctly says:

Theo, I failed to follow you here. Sorry if that's obvious, but I fail to see
it. The man page does say the m command is to modify parameters for an existing
partition. I am not creating a new one, but just want to use the old one and I
have no problem if I need to re inter the mount point obviously as it needed to
be done as well before. But it doesn't allow me to do so IF I do not make
changes to the partition table. It does force me to do m for each partition, not
changing any data other then entering the mount point. Before, I could pass this
and just enter the mount point and keep going.

So, I have redone it to test it and yes, I can use the m for each partitions and
not modify any data for the partition size and all and just provide the mount
point then when I write it and quit, it does continue the process as before. But
this wasn't required before. So, if one wants to keep the same partition then
before, what would be the best way then? I thought that it would be logical to
do the custom selection, not making any changes to the partition table as before
and then when save, just needed to type the mount point and move on. But I can't
do that now without needed to use the m for each partition, not making any
changes to the partition size, offset and all and then provide the mount point.

 '/' must be configured!
 
 Read what it says.
 
 The nice install script then nicely goes back to trying to see if you
 will learn to read next time.

I am sure not saying it's not nice. It is very nice and I like the new way for 
sure.

I just never used to have the need to do this before. It previous version allow
me to provide the name after no changes where done in the partition and the
system didn't know what the partition were instead of going back to it asking to
redo it all.

That part of the previous install made more sense to me, but I sure can do it
the new way. Instead of using the same partition table and then have to enter
the mount point for each one, now it needs to use m for each partition, keep the
setting the same for the size, offset and all and only enter the mount point 
now.

It does add way more steps in that situation yes. Is that a big deal, no, just
wonder why or if there was a way to skip that to be like in previous version?

Wouldn't it make more sense if a custom setup is selected and no changes are
done to the partition label, then to be assume the partition itself wanted to be
kept intact and then only the mount label needed to be provided as before?

The short of it is if you make no changes to the partition table, yes the system
do not know what mount point you want, then why not only asked for the mount
point then when getting out of the custom disklable part?

That's how it was before. Is there really a need not to allow this?

I really have no problem either way, but just wonder why or if there was a way
to skip it.

That was the essence of my question.

Best,

Daniel

Re: New disklable doesn't keep old partitions if requested

[Daniel Ouellet]

 You need to learn how to listen.

That's fair Theo.

But to make it short. Before when at the disklabel part of the install, one
could just type 'q' and it was then asked for the mount point of that actual
unchanged partition as before and skip the 'm' steps if you want. Now you can't
just type 'q' and do this, but needs to do 'm' for each partitions and keep the
same size, offset, etc the same and provide then the mount point, then save,
quit and keep going.

If there is a way to skip these additional steps using 'm' on disk unchanged
partition between install and just need to type 'q' as before and provide the
needed mount points obviously, I would like to know how now?

Doesn't appear to be possible anymore. Am I wrong?

Best,

Daniel

Re: New disklable doesn't keep old partitions if requested

[Daniel Ouellet]

Hi Matthew
 Use 'n' instead of 'm' to provide the needed mount points.

That address my question. An obvious over site on my part! I never used it until
today as far back as version 2.8.

 With the old installer, while in the disk label editor, you could name
 your mount points while creating (command 'a') or modifying (command 'm')
 your partitions, or you could just name the mount points for existing
 partitions without otherwise those partitions (command 'n').

I see that now.

 After you finished the disk label editor, the old installer would then
 prompt you to name your mount points.  If you'd already named them in the
 disk label editor, this was redundant.  The new installer removes the
 redundancy and requires that you name your mount points in the editor.

That's where my confusion came from. I wrongly assume that you create the
partitions and then named them after the fact. I was obviously wrong and made
the wrong assumptions here.

 When you choose C for a custom layout, the installer shows you this:
 
 --
 You will now create an OpenBSD disklabel inside the OpenBSD MBR
 partition. The disklabel defines how OpenBSD splits up the MBR partition
 into OpenBSD partitions in which filesystems and swap space are created.
 You must provide each filesystem's mountpoint in this program.
 --
 
 Note the last sentence.

I saw that one and obviously read it, but didn't sync in for me. Based on
previous years, I assume that, yes you need to partition your disk and then
obviously will also need to provide the mount point when you are done. Before,
you could provide them after the fact like you explain and obviously was a miss
understanding of the process on my part that you clarify for me.

Sorry for the noise.

And Theo, I am truly sorry you got upset on this question from me here. I
obviously failed to understand it properly and that's why I asked the question.

My apology for your increase in temper cause by my question, but I just
obviously didn't get it right and this clear it up for me. I was obviously
wrongly looking for the installer asking me for the mount point as before, witch
I see now was wrong to assume on my part.

Thanks for your time and clarification on my miss understanding. One need to be
ready to get a beat up to get clarifications, but that's fine.

And Theo, I NEVER intended to make you waste time here. It was an honest miss
understanding on my part obviously.

Best regards,

Daniel

delegation-only added in 3.5 and removed in 4.5 a few months ago.

[Daniel Ouellet]

Hi,

I was trying to find out the reason why the delegation-only zone was removed
in 4.5 as it was there as far back as 3.5. marc.info search on misc list show
the last reference to that as May 2007.

Not a big deal, I was just trying to understand why it may not be needed, or
seen as useful anymore?

There is lots of content at that regards years back, but not much anymore or as
to why not to be used now.

Any inside may be as to why then?

Just curious.

Regards,

Daniel

Re: delegation-only added in 3.5 and removed in 4.5 a few months ago.

[Daniel Ouellet]

Claudio Jeker wrote:
 On Fri, Jul 10, 2009 at 04:10:09AM -0400, Daniel Ouellet wrote:
 Hi,

 I was trying to find out the reason why the delegation-only zone was 
 removed
 in 4.5 as it was there as far back as 3.5. marc.info search on misc list show
 the last reference to that as May 2007.

 Not a big deal, I was just trying to understand why it may not be needed, or
 seen as useful anymore?

 There is lots of content at that regards years back, but not much anymore or 
 as
 to why not to be used now.

 Any inside may be as to why then?

 
 It was added during the time .com added a *.com entry to their zone to
 redirect everybody to some website. It was dropped a bit later because of
 all the compains and I hopefully doubt it will ever come back. So the
 delegation-only hack is no longer needed for these zones.

Thanks for the answer and the details. But Verisign wasn't the only one doing it
based on feedback on the net. But I could be wrong. Anyway, nice to know it's
getting better.

What might be th cause of psycho0: correctable DMA error AFAR xxx AFSR xxx on Sun V100?

[Daniel Ouellet]

Hi,

I wonder if there is anything else I could do here to find out what might be the
problem.

I get plenty of errors like this on the console:

psycho0: correctable DMA error AFAR 47b8c200 AFSR 406200ff0080
psycho0: correctable DMA error AFAR 47b90aa8 AFSR 4062ff00a080
psycho0: correctable DMA error AFAR 47b945e0 AFSR 486200ff8080
psycho0: correctable DMA error AFAR 47b980f0 AFSR 486200ffc080
psycho0: correctable DMA error AFAR 47b9c098 AFSR 4862ff006080
psycho0: correctable DMA error AFAR 47ba0028 AFSR 4062ff00a080
psycho0: correctable DMA error AFAR 47ba4018 AFSR 4862ff006080
psycho0: correctable DMA error AFAR 47ba8038 AFSR 4862ff00e080
psycho0: correctable DMA error AFAR 47bac010 AFSR 406200ff4080
psycho0: correctable DMA error AFAR 47bb00d8 AFSR 4862ff006080

Even if that doesn't really have anything to do with it, I replace the drive
just in case with a brand new one to see. Same results.

Searching on google I only came up with a diff that was put in lace in July 2008
here:

http://www.openbsd.org/cgi-bin/cvsweb/src/sys/arch/sparc64/dev/psycho.c.diff?r1=1.61;r2=1.62;f=h

That from the archive on tech@ point to the same problem and address this to at
a minimum clear these errors and keep going.

Is this really hardware failure, or bad driver may be somehow?

I can get these by doing a fresh install from scratch, do newfs and I can create
these errors as well sometime by just doing something like this for testing:

dd if=/dev/zero of=/free/test count=1000 bs=1m

Not really sure what it really mean here and it happens on one server only so
far but not on plenty of others of the same model. Sun V100.

dmesg below if needed, but it's the same as others. The drive is 160GB and less
then 137GB is use in disklabel, the rest simply through away like many others
system like this. 49 others have the same drive no problem. But doesn't appear
to be a drive issue anyway.

The server does hang time to time.

Any clue would be welcome.

Thanks

Daniel

==
console is /p...@1f,0/i...@7/ser...@0,3f8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2009 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.6 (GENERIC) #38: Fri Jul  3 18:45:13 MDT 2009
dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC
real mem = 2147483648 (2048MB)
avail mem = 2065604608 (1969MB)
mainbus0 at root: Sun Fire V100 (UltraSPARC-IIe 548MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIe (rev 3.3) @ 548 MHz
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 512K external (64 
b/l)
psycho0 at mainbus0: SUNW,sabre, impl 0, version 0, ign 7c0
psycho0: bus range 0-0, PCI bus 0
psycho0: dvma map 6000-7fff
pci0 at psycho0
ebus0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00
dma at ebus0 addr 0- ivec 0x2a not configured
rtc0 at ebus0 addr 70-71: m5819
power0 at ebus0 addr 2000-2007 ivec 0x23
SUNW,lomh at ebus0 addr 8010-8011 ivec 0x2a not configured
com0 at ebus0 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
com0: console
com1 at ebus0 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
flashprom at ebus0 addr 0-7 not configured
alipm0 at pci0 dev 3 function 0 Acer Labs M7101 Power rev 0x00: 74KHz clock
iic0 at alipm0
max1617 at alipm0 addr 0x18 skipped due to alipm0 bugs
spdmem0 at iic0 addr 0x54: 512MB SDRAM registered ECC PC133CL2
spdmem1 at iic0 addr 0x55: 512MB SDRAM registered ECC PC133CL2
spdmem2 at iic0 addr 0x56: 512MB SDRAM registered ECC PC133CL2
spdmem3 at iic0 addr 0x57: 512MB SDRAM registered ECC PC133CL2
dc0 at pci0 dev 12 function 0 Davicom DM9102 rev 0x31: ivec 0x7c6, address
00:03:ba:2a:89:64
amphy0 at dc0 phy 1: DM9102 10/100 PHY, rev. 0
dc1 at pci0 dev 5 function 0 Davicom DM9102 rev 0x31: ivec 0x7dc, address
00:03:ba:2a:89:65
amphy1 at dc1 phy 1: DM9102 10/100 PHY, rev. 0
ohci0 at pci0 dev 10 function 0 Acer Labs M5237 USB rev 0x03: ivec 0x7e4,
version 1.0, legacy support
pciide0 at pci0 dev 13 function 0 Acer Labs M5229 UDMA IDE rev 0xc3: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 0x7cc for native-PCI interrupt
wd0 at pciide0 channel 0 drive 0: ST3160815A
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, P.9A ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 Acer Labs OHCI root hub rev 1.00/1.00 addr 1
softraid0 at root
bootpath: /p...@1f,0/i...@d,0/d...@0,0
root on wd0a swap on wd0b dump on wd0b

Re: Problem getting packages

[Daniel Ouellet]

Simon Loewen wrote:
 Where can I get these from?

http://marc.info/?l=openbsd-ports-cvsm=123653096012674w=2

 Can't resolve p5-Compress-Raw-Zlib
In base.

 Can't resolve p5-IO-Compress-Base
In base.

 Can't resolve p5-IO-Compress-Zlib
In base.

 Can't resolve p5-Compress-Zlib
In base.

 Can't resolve p5-IO-Zlib
In base.

 Can't resolve p5-Archive-Tar
In base.

 Can't resolve p5-IO-INET6
http://marc.info/?l=openbsd-ports-cvsm=123088683223617w=2

Hope this help you some. There is many you don't need to install anymore. (;


Daniel

Re: Q: How to shop for a laptop to run OpenBSD?

[Daniel Ouellet]

 I will (hope) to buy a new laptop in a couple of months, how to make
 sure that the one I pick will work under OpenBSD.
 I understand that there is a list of supported hardware at:
 http://www.openbsd.org/i386.html

The way I do it and did it was simple really.

I burned myself a live cd that run OpenBSD with X already on it, a bunch of
applications and all.

http://bsdanywhere.org/download/

Then I boot the laptop by simply sticking the CD in the various laptop in 
display.

So, booted, but no X, some didn't boot and some ran well. Try a few applications
and all was good.

Checked the dmesg right there from the CD for some not supported hardware and 
all.

Pick the one I like and pay fir it and walk out of the store with it.

Was quick. I just told the rep that's what I was doing and asked him if he
wanted to watch as well. He watch the first one then let me do the rest alone.

Some store are more welling then others to let you do this, but make sure you
pick a day that is not full of customers in there as they may not like it so
much. (;

That's the quickest way I found out how to do as something the flash drive needs
to have the bios changed to boot from and some just don't, but the CD is always
on new stuff anyway the boot device before the hard drive, so no special changes
needed to test and with the CD you are sure it will not write to the drive as
well too. Well, not unless you really want to do so anyway.

Hope this help you some never the less.

Re: spawn: fork() failed

[Daniel Ouellet]

Siju George wrote:

Hi,

Some times i am not able to open more than n number of xterms in my
X ( fvwm2 ).
'n' varies but the error I get while trying to open xterm through
another x term is

$ xterm
xterm: Error 29, errno 35: Resource temporarily unavailable
Reason: spawn: fork() failed

If I try to open aterm through another aterm i get.

$ aterm
aterm: can't fork
aterm: aborting

Sometimes

$ls

jut hangs!

What could be the trouble?

Thanks

Siju


I am not saying for sure this is your problem, but every time I have 
seen issue with fork it's because you reach the number of process limits 
under the login class of that user. Cold be as simple as that really and 
increasing the running process limits for the class used by that user 
may just do the trick. They are use the default class, if that account 
is special and does need more, then may be you can create a special 
class for it and increase the limits process allow here.


Just something to think about and try that I could think of. If that's 
not it, then sorry for the noise. Hope it help you never the less.


Best,

Daniel

Re: Supporting OpenBSD

[Daniel Ouellet]

Hi Nick,

Great post!

Rod Whitworth wrote:

Good pitch, Nick. I'd love to see it on a wider screen somewhere.


As to have this on a bigger screen! It has! (;

April 21, 2009 at Apple Store in Tysons Virginia!

For the Apple Night School event. All night long from 5PM to ~10PM or so 
on it's own table and also bigger screen too.


The idea is what kids are doing with their computers and all as well as 
what they do with their MAC computers.


Well, this is not news to some on this list here, but my son did promote 
OpenBSD as well as I in a big way and a unique way too.


You can check the following pictures below if you want proof. 9 of them 
all around 3.5 to 4Mb sorry about that.


Specially you can notice the last 4 pictures and the last one with the 
big screen on it. That's in the Apple store for presentations.


Puffy did show up that night big time and a few Genius sure asked a few 
very interesting questions about the setup and all to witch my son 
provided all the answers they wanted.


Only one said that the warranty was not valid on the MAC laptop anymore 
as it was temper with for dual boot and all to witch my son proudly 
answer that's it's been like that for a very long time and to make the 
Genius happy also said something in the lines of


That's no problem is it? If Apple makes good hardware, I don't really 
need that Apple Care and all to run great software on it do I? Are you 
saying that Apple do not make good hardware and I should pick a 
different company then?


To witch the Genius didn't have any answer and left it alone and the 
other Genius got a good smile out of. (;


Anyway, my son is a freak of Lego's and OpenBSD and that night show up 
how to use BlockSmith on him workstation in dualboot and how to use 
OpenBSD to secure his MAC right there in the Apple store on bigger 
screen then his laptop! (; He even did a Lego figure of one of the 
Genius right there in BlockSmith witch I can tell you got him the hart 
of the various Genius there in the store too. (; I guess I call that 
Puffy PR!,(;


http://openbsdsupport.org/apple-night/OpenBSD-1.jpg
http://openbsdsupport.org/apple-night/OpenBSD-2.jpg
http://openbsdsupport.org/apple-night/OpenBSD-3.jpg
http://openbsdsupport.org/apple-night/OpenBSD-4.jpg
http://openbsdsupport.org/apple-night/OpenBSD-5.jpg
http://openbsdsupport.org/apple-night/OpenBSD-6.jpg
http://openbsdsupport.org/apple-night/OpenBSD-7.jpg
http://openbsdsupport.org/apple-night/OpenBSD-8.jpg
http://openbsdsupport.org/apple-night/OpenBSD-9.jpg

He got many questions and really got the curiosity of the people in the 
store that night going for sure. Did anyone got home and got a CD after 
that, obviously I can't say. I would like to believe that may be some 
did! But, did Puffy got visibility in the more obvious and may be hot 
places, I guess so. (;


Sometime you will never know where Puffy will show up and how big the 
screen he might end up on. (;


And you can notice the different OpenBSD T-Shirt's there as well 
including the Apple one around the neck oppose to hide the Puffy one.


Even to the question of Well, it might be difficult to install this OS 
then? by some of the visitors and Genius. Believe it or not, the answer 
came from my youngest son that was there too in the wireframe Puffy 
T-Shirt and that you can see there. He explain how to do it and also 
explain that he did many servers install as well in my business 
replacing hard drive and all. Even a demo install in 5 minutes was 
possible to do. (; If not even a Teenager can do it in public, then I 
guess a Genius should be able to right? Sure got the attention of many 
there and really show that installing OpenBSD is even much faster then 
Mac OS X. OK, not all the X was install, but you get the picture. 
Visitor sure did! (;


So, talk about big screen, well you got one. OK it's far from Australia 
I know, but never the less, you can fell the vibe now can you? (;


Best,

Daniel

Re: Defending OpenBSD Performance

[Daniel Ouellet]

Henning Brauer wrote:

* Nick n...@holland-consulting.net [2009-09-15 13:52]:

Yep.  Most performance-oriented thing I've done with OpenBSD was
firewalling a 45Mbps T3 line.  It did tax the machine a little bit,
but the primary firewall was a Celeron 600, about five years old at
the time it was put into service (failover was a PIII-750, which
showed a lot lower load, I think it was more the cache than the MHz).


i have a bgp machine forwarding 800MBit/s of real world generic
internet traffic. can handle at least twice that. enough of a
benchmark?


Henning,

If I may ask here. One thing that would be nice for the records is to 
get a little bit more details on your setup doing that if you have no 
problem providing it obviously. Specially the PF configuration tie to 
this bgp router as well may well be very educating to many.


I always wonder what simple difference from stock install might be there 
in the hardware or sysctl to get there, what network card are use now, 
but more important is the PF configuration use in some router as well. I 
really do not recall have seen one email on the subject. That would be 
great to have. Not something to preach by, but something useful and base 
line if you want to start with.


I for one would welcome it and would be curious as to what PF 
configuration tie with the bgp router are actually in use and proven to 
be good with decent speed. Obviously I assume there is a minimum of PF 
in use there, but may be not? Am I wrong?


I don't know if many would appreciate this for the records, but I sure 
would love it. Should you find a little time to put it on misc@ know you 
would have an avid reader for it! (;


Best,

Daniel

Re: Defending OpenBSD Performance

[Daniel Ouellet]

If I may ask here. One thing that would be nice for the records is to  
get a little bit more details on your setup doing that if you have no  
problem providing it obviously. Specially the PF configuration tie to  
this bgp router as well may well be very educating to many.


it doesn't run pf.


Interesting! I always thought that a minimum of PF was in use.

So, if I may ask, how you do some minimum like:

 ip verify unicast source reachable-via any

for announcement to you from multiple BGP sources or even:

 ip verify unicast source reachable-via rx

for announcement from a single and uniq bgp source then?

Or do you even do this?

No right or wrong answer, just curious?

No ban of not valid or spoof IP block then?

Or may be black hole? Or do you even bother with it and just let it be?

What about letting in only valid destination IP's or letting out valid 
originating IP's out then? No filter for it at all as no PF is there to 
do this?


Again not any tricky question, just wonder of what best practice then 
some may use bgp for their network, not only for one bgp feed obviously.


I obviously wrongly assume there was a minimum of PF in use as well, 
witch I see I was wrong to think so. I thought PF was use to validate 
traffic, letting only valid IP's in/out and not accepting range of not 
valid BGP announcement as well. Is there a way to do this that I may 
obviously have miss by not doing it via PF?

Re: Defending OpenBSD Performance

[Daniel Ouellet]

Ross Cameron wrote:

On 15/09/2009, Henning Brauer lists-open...@bsws.de wrote:

i have a bgp machine forwarding 800MBit/s of real world generic
internet traffic. can handle at least twice that. enough of a
benchmark?


Any chance you could post the spec. of said machine?
I'd especially be interested in CPU/Chipset/NICs/RAM,...



Hi Ross,

Not sure that Henning will give more details on this. I understand that 
prefer not to, witch is fine.


He did provide most of what you are asking here however.

Sun 4150, you can get the spec on that box. Not to many processor choise 
there, so even the slowest one will be good.


Ram, he said as close as 1Gb only and network cards, use em. Many Sun 
use that be default, not all the time but many.



For the chipset, well, the DMESG would help to get that, but sadly they 
changed time to time, so not sure you will always get the same anyway. (;


I have the 4100, not the 4150, I can send you that if you want, but not 
the same hardware obviously.


I was more curious about other component of the setup to do it right, 
but sadly I am not sure my questions were well received. I was more 
interested on what some users and specially Henning as he is involved in 
bgpd a lots as to what filtering a BGP setup would/could use to make it 
better. Not sure he is welling to offer more details, witch is totally 
fine really, I can understand not wanted to do so.


I hope this gives you some anywar to some of your questions never the less.

Best,

Daniel

Re: Sun V120 gem and hme interfaces hang

[Daniel Ouellet]

Bryan S. Leaman wrote:

Hi All,

I have a production firewall on a Sun V120 running OpenBSD 4.5 sparc64,
with 2 active interfaces.  Two weeks ago, the gem1 interface suddenly hung
and I was able to revive it using ifconfig gem1 down; ifconfig gem1 up. 
I found the following m...@openbsd thread from March 2009:


http://www.mail-archive.com/misc@openbsd.org/msg73257.html


Did you try the mp kernel to see if that makes a difference for you.

Also, don't forget that the fix here is not in 4.5, but pass 4.5

And anything in your logs for timeout message may be?

And 4.6 is really around the corner now. Might be best to run it and see.

Best,

Daniel

Re: Sun V120 gem and hme interfaces hang

[Daniel Ouellet]

Did you try the mp kernel to see if that makes a difference for you.

Out of curiosity, what effect would this have on a single CPU box?


Using a different kernel with different options compile in it.

For me at the time the MP kernel didn't have the problem that the sp had 
and looking the difference in between them pointed out to look in one 
direction to address the patch at the time.


That's why I asked if you tried it.

The bottom line is MP kernel does wok on single core processor. It's 
just like having a CPU with one core only really. There is nothing wrong 
trying it, it will not kill your box. (;



Also, don't forget that the fix here is not in 4.5, but pass 4.5

And anything in your logs for timeout message may be?

And 4.6 is really around the corner now. Might be best to run it and see.
I know the fix for gem is in 4.6, but does the same problem affect hme?  
Since I'm having the problem with both drivers, I'm not sure if the 4.6 
fix is related to the problem I'm seeing.  Unlike your experience, I'm 
not getting any error messages in any logs or on the console.  The only 
clue is the ierrs/oerrs and some error counts on the switch.


There might be the same type of watch dog issue in the hme that it was 
on the gem. I can't tell you for sure, but the bottom line here as well 
if you really want to find a problem or possibly a bug like it's explain 
n the FaQ, you need to try the latet snapshot first and report if that 
still have your problem with it or not. There is so many changes lately 
in it. Your problem may well be gone, or still present, however you need 
to help yourself and try to find more and the start of it is to try all 
you can, witch you still haven't done it. Don't forget, you are the one 
with the problem, not the dev, but you would like them to look into it. 
Start by providing valuable details and may be if one have time, or an 
idea it he/she might look into it. But you need to provide more details 
first and at a minimum try to isolate it. Many tests do not need to be a 
programmer to do them and provide valuable details. For all everyone 
knows, the problem may well be fix by now, or not.


I was able to kill the interface several times by pushing data through 
the firewall (into hme0 and out hme1) at around 70Mbps for 5-10 
minutes.  Same result--hme1 stopped responding but I could ping hosts on 
the hme0 side.  I'm fairly sure (it was a long night...) that one time I 
did the ifconfig down/up on *hme0* and that revived hme1, which seemed odd.


I am not saying it's the same problem here, but it sure behave the exact 
same way. See if you have timeout in the logs or not from that hme 
driver. But without you doing more tests on your box, it will not be 
looked at before it's done for sure.


I ran systat ifstat during the failure, and it showed data flowing 
inbound through the firewall into hme0 and out hme1, but nothing in the 
other direction.  So hme1 seems to be half working.  Not sure if it 
matters, but I'm using altq with hfsc.


May be an auto duplex negotiation issue, or not. But did you try and see 
if that might help or even make a difference? Just try to think or all 
possibility and tests some. Like different switch, or fix the port speed 
 on the switch and hme card just to test. Try MOP kernel, try snapshot 
( and if you do, don't forget that changes were done in PF that may 
affect you and need changes to the PF configuration in 4.6) Then and 
only then will you have more data to report and may be look into what 
might be the issue.


Hope this help you some and provide you some tests that really out to be 
done to be helpful.


Just think about it as it is now. You report an issue, but it would be 
much more helpful if thee is a case that remove the issue and then 
compare between the two setup could be looked at. For all we know now it 
may just be a switch port issue really. I am not saying it is, but could 
be as that's the same element in the picture as before on one end of it.


I know you have that for many weeks now based on your previous email, so 
you try to isolate it, witch is good, but then go all the way to find it 
and really try more stuff then what you do now. You may fix it real 
quick doing so and wonder why you didn't do it sooner after that fact.


I really hope it help you never the less and give you some ideas to try. 
The best way to get help if to help yourself first and really try many 
things and then you have more valuable data to use and report with.


Best,

Daniel

Re: anyone, low power rack-mount server for home usage?

[Daniel Ouellet]

Sergio Aguayo wrote:


I have a Sun Cobalt RaQ 550. However that one runs Linux but with latest 
firmware versions i've been told that it can run NetBSD, but not OpenBSD.


The RaQ 550 like all the other RaQ and cube units, never had a success 
at OpenBSD. There was a very old may be something going on for the RaQ 
2+ , many years ago, but the RaQ3 and up including the 550 run i386 
oppose to the previous version that run MIPS and to my knowledge and in 
the archive there isn't any success for OpenBSD on them. I wish someone 
would prove me wrong, but as far as I know there isn't been any success 
on it. Not much interest in it I guess, plus I am not sure anyone have 
any time for it either.


You can run NetBSD on them and it's pretty stable and good if you want 
to go that way and the RaQ 550 is dirt cheap on EBay too. You can have 
one for $20 or less including shipping to your house, in the US anyway.


What I do like for small server that are the same size is the Sun X1 if 
you can get them with good memory as if you need to add them later, it's 
not worth it really. I mean price wise anyway, but sure run well, nice 
and for a long time and just pretty lower in power too. Less the 10 
watts if you do it right. A bit noise with the default fan however.


But I wonder these days if you are not better just to built your own 
with the new very small board available and price wise they have been 
going down a lots in the last few years too and cpu power and all really 
do not compare anymore.


Good luck.

Re: anyone, low power rack-mount server for home usage?

[Daniel Ouellet]

supermicro has atom-based systems. i have such a board an am happy
with it.


Henning, how's the remote console redirection on that box? Any feedback 
may be?


Just looking for minimum like the LOM on the old SUN V100 and the like. 
Don't need CD remote mount and all that. SSH over Ethernet would be 
nice, but I can deal without it. Sad that none of these board actually 
have a decent remote console without the need for additional board when 
it's possible.


That's really all that I am really missing the most in the various new 
boxes these days. Just can't get one small with decent remote console 
access.


Thanks for any feedback if you have time and ever tried it.

Best,

Daniel

Re: anyone, low power rack-mount server for home usage?

[Daniel Ouellet]

Henning Brauer wrote:

* Daniel Ouellet dan...@presscom.net [2009-11-09 00:57]:

supermicro has atom-based systems. i have such a board an am happy
with it.

Henning, how's the remote console redirection on that box? Any
feedback may be?


same as on the real supermicros: works like a charm.


Many thanks for the feedback. Much appreciated! I guess I will need to 
try one next then.


Good to know.

Best as always,

Daniel

Re: Can't get carp to fail over all interfaces with pfsync

[Daniel Ouellet]

FW1 hostname.if files are:

 $ cat /etc/hostname.carp0

inet 192.168.167.54 255.255.255.248 192.168.167.55 vhid 1 advskew 0 pass
password
 $ cat /etc/hostname.carp1
inet 192.168.110.254 255.255.255.224 192.168.110.255 vhid 1 advskew 0 pass
password
 $ cat /etc/hostname.pfsync0


Shouldn't you run different vhid ID of carp on different carp instance. 
Here you have Carp0 and carp 1 both running with vhid 1, so how will the 
system see them as different one?

Re: aac raid status

[Daniel Ouellet]

Punchline: I had a chat with one of the top techs at this
mail system provider, and told him about the OpenBSD
experience with Adaptec.  He told me they have come to the
same conclusion and that their next generation product would
have a much better (by OpenBSD standards) manufacturer for
the RAID systems...


More of a punch line would be if they actually see the light for real as 
well and use OpenBSD instead with softraid and all. Wouldn't that be the 
killer. They already know about BSD, so using OpenBSD shouldn't really 
be such a problem but going from BSD to Linux for mail system? OK, I am 
not a big fan of Linux, I must confess, but using something rock solid 
and on email, I know of none that come close to OpenBSD for stability , 
security and all. That would make their stuff install and forget for 
ever! Call that good marketing, that's what company wants, install and 
forget.


But sure good writing as usual and I hope they listen to you too Nick. 
They couldn't have someone more convincing to listen too!


Best of luck.

Daniel

Re: Truncation Data Loss

[Daniel Ouellet]

Bryan Irvine wrote:
 I lost a picture of Bob Becks ass this same exact way.

Very popular piece of art!

And a collectors item these days, specially in Germany looks like! (;

Might be the next hot item on some stickers coming your way next release! (;

Probably would however need a disclaimer as a requirements of being 18 to open
the new packages.

Re: parfait

[Daniel Ouellet]

Theo de Raadt wrote:

This is the second time they have sent us a log.  For me, it is a game
to see how quickly we can go through the entire dump of errors they
give us, fixing all of them.  Almost done.


Very nice for you to play the game Theo!

And I for one, wants to thank you and all the other developers very much 
to always make it better each day and every day!


Thanks are sadly pretty rare on misc@ oppose to cry and demands, or real 
thanks at the:


http://openbsd.org/orders.html

Just wanted to take the time to acknowledge your constants effort!

Best,

Daniel

Sun X4100 M2 with amd64.mp kernel reboot constantly

[Daniel Ouellet]

This is an old issue and not new, but I tried the latest snapshot in 
case the situation have changed to no avail.


I git a little bit more details however after letting it reboot 
constantly may be 40 times or so.


Then it jam and was able to get a screen shut of the remote console 
before forcing it to reboot and here is what i got. Hopefully it will be 
more useful and yes I can't do ps, or ddb as it is totally jam, or 
simply reboot constantly, always at the same place.


See the console output, screen shut if you want to see it here and the 
dmesg below as well from the amd64 single kernel bot as I can't get it 
with the mp kernel.


I wish I could provide more, but I can't. No console, no ps, no ddb, 
nothing is possible pass this point here. I only was able to get this 
much twice be letting it reboot constantly for about 45 minutes before 
it jam again at the same stage so that I can get a screen shut of it to 
type it below.


The real screen shut is also available here

http://openbsdsupport.org/images/sun4100.png

if you want to see it, but that's the same as I type below as I copy it 
from the screen shut I was able to capture in the process when it 
actually didn't reboot constantly, but jam for good.


No issue with the i386 kernel, or the i386.mp, nor with the amd64, only 
the amd64.mp kernel does this problem and is reproduceable at will.



Not sure what else I could provide to help isolate this, but if 
anything, I would be more then happy to do so.


Best,

Daniel


==
Console output in free mode retype as seen on the console when crash and 
frozen and need to be unfrozen by doing a hard reset.


..
Automatic boot in progress: starting file system checks.
/dev/rsd0a: file system is clean; not checking
kernel:uvm_f kernel:  kernel: protection fault trap, code=0
Stopped at  Xintr_legacy7+0x24d:iret
ddb{2} kernel: privileged instruction fault trap, code=0
Faulted in DDB; continuing...




===
dmesg

OpenBSD 4.6-current (GENERIC) #6: Fri Dec  4 22:47:14 MST 2009
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 3756982272 (3582MB)
avail mem = 3650658304 (3481MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbd50 (70 entries)
bios0: vendor American Megatrends Inc. version 0ABJX039 date 04/11/2007
bios0: Sun Microsystems Sun Fire X4100 M2
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR SLIT OEMB HPET IPET SRAT SSDT
acpi0: wakeup devices PS2K(S1) PS2M(S1) USB0(S4) USB1(S4) MAC_(S5) 
P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) P0P5(S4) IO4B(S4) BR5B(S4) BR5C(S4) 
BR5D(S4) BR5E(S4) IOB2(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR2E(S4) PWRB(S1)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Dual-Core AMD Opteron(tm) Processor 2216, 2393.93 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 15 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 16 pa 0xfeafd000, version 11, 7 pins
ioapic1: misconfigured as apic 0, can't remap to apid 16
ioapic2 at mainbus0: apid 17 pa 0xfeafc000, version 11, 7 pins
ioapic2: misconfigured as apic 1, can't remap to apid 17
ioapic3 at mainbus0: apid 14 pa 0xfeaff000, version 11, 24 pins
acpihpet0 at acpi0: 2500 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 4 (P0P4)
acpiprt3 at acpi0: bus 5 (P0P5)
acpiprt4 at acpi0: bus 128 (PCIB)
acpiprt5 at acpi0: bus 133 (POGA)
acpiprt6 at acpi0: bus 134 (POGB)
acpiprt7 at acpi0: bus 131 (BR5D)
acpiprt8 at acpi0: bus 132 (BR5E)
acpicpu0 at acpi0: PSS
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: PowerNow! K8 2393 MHz: speeds: 2400 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
spdmem0 at iic0 addr 0x52: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5
spdmem1 at iic0 addr 0x53: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5

iic1 at nviic0
iic1: addr 0x18 00=01 01=01 02=00 03=00 words 00=0101 01=0101 02= 
03= 04= 05= 06= 07=
iic1: addr 0x19 00=01 01=00 02=00 03=01 words 00=0101 01= 02= 
03=0101 04= 05= 06= 07=
iic1: addr 0x1a 02=00 03=00 words 00= 01= 02= 03= 
04= 05= 06= 07=

Re: Sun X4100 M2 with amd64.mp kernel reboot constantly

[Daniel Ouellet]

Marco Peereboom wrote:

I did test i386 on it and that seemed to work ok but I did not run it
for more than a few builds.  amd64 UP seems fine too.


For the i386.mp or single kernel, it does run fine. I run it for two 
years so far no problem. The i386.mp needed to be rebooted twice with 
4.6 on it in the few months. I put the 4.6 on July 4 on it when it was 
tag as 4.6 and run ever sense no problem other then 2 reboot, but 
doesn't look to be related to the same issue. Before that, it ran well 
and I have them for 3= years by now no problem what so ever.

I ran amd64 as well well, only the mp give problem in the last 3 years.
Just can't get a ddb output to get more details.


These machines are of questionable quality.  Theo has one that will
crash just sitting at the boot prompt.


With the amd64.mp, yes it will crash at the boot prompt, it simply need 
to access the drive a little and will go south, but does run well for 
years on if the kernel is not installed. I used them on pretty heavy 
database for years on well as long as I agree to either use amg64 and 
let go of the extra core on both cpu's or run the i386 and I am fine.


Only one time so far did I get a bit more output on the console, but I 
can't say what it was and couldn't get a screen shut at the time. I can 
only recall something in regards to initializing the second cpu or 
something in these lines, but it shouldn't be consider as valid feedback 
as I sadly simply can't recall the output well to be of any value. I 
only kind of recall that, but take it as such, not more weight should be 
given to that part.


The only way I can get more output on the console is if I let it reboot 
constantly and watch it, sometime it will crash and giv more details on 
the console and freeze there, and some time it will freeze for may be 5 
or 10 minutes and reboot then. So, if I see it, I can grab it, but most 
of the time it just reboot all the time as soon as it gets to the line with


/dev/rsd0a: file system is clean; not checking

but 1 out of may be 40 times, +- 10 I guess it will crash a bit later 
and give more on the console and if you are lucky, you will get more 
output. However in all cases, it's not possible to get ddb, or trace or 
anything out of the console what so ever. I tried many times without 
success yet. Put different bios, different ilom, with raid or not, etc. 
All the same results.


Not much help I know, but that's all I have got so far.

May be a one second wait at each step pass that may give more, but 
that's just a stupid idea I guess.

Re: SMP

[Daniel Ouellet]

I don't, and many times we don't have the luxury of having such
examples or data. I'm in a different kind of real-world situation: I'm
setting up a database server on a 4-core machine that is going to
carry a heavy load -- it's performance will be critical to the success
of the project -- and I need to choose the OS that gives me the best
chance of meeting my performance and stability requirements. Since the
database will be large, I'd really like to get this right the first
time and don't have the time to do experiments/benchmarking to guide
me. That's why I'm asking questions, hopefully to improve the
probability of getting this right.


Hi,

I am not sure what database you will use, either ProgreSQL or MySQL. or 
something different.


You do not specify if your database applications will do heavy updates, 
or heavy read, two different approaches to the problem and can be solved 
differently as well. You do not say either what you defined as heavy either.


I have been using database on OpenBSD for 11 years now and yes I do 
heavy access as well as updates on it without issue. You can even find 
trace of this in archives for years back and many suggestions to improve 
the setup witch is overlook most of the time by to many. Both database 
operations are different, one can benefit from threads more, the other 
operate better without. Not really a multiple cores issues here.


And yes heavy load in my book is not define only as a small 100K query 
per hours either, nor one million would be consider to heavy either.


So, what's heavy for you may be just simple routine for others and no, I 
do not miss the fine lock either yet anyway. Would be nice, but really, 
I haven't run into it's need for me anyway yet.


Now if you have to do this project and want it right and aid you don't 
have the time to do it right, or experiment to make it right, I would 
really questions your reason here. Do you expect others to do the work 
for you? No offense intended, but if you want it right, wouldn't you 
think at a minimum you need to take the time to make it right and test 
it. If this is how you do things really, as a side note, I sure wouldn't 
want you to work for me for sure. How could I trust you to do it right 
if you don't even want to test it and spec what you need to start with?


Again, I don't mean to offend you, so if that does it, I am sorry for 
that, but I put it for your thoughts process and suggest to do your 
homework, not be a manager type form the start and try to find someone 
else to blame before you get started on your project in case it goes 
wrong and then jump to take all the credit if it does right oppose to 
give it to the one that would tell you all how to do it.


Make sense no?

Any just to make sure you understand it. You come and asked this, then 
justify it by saying its heavy and need fine lock, but still you do not 
put forward anything for anyone to tell you if yes or no it make sense 
for the load you expect, or that database of choice you want to use, but 
just to try to push your point forward and see if anyone would bite and 
do the work for you.


There is a lots of heavy users of database on this list and none 
complains not having fine lock. In some extreme cases, yes it may be 
helpful, but again replications for example for pretty darn heavy query 
is very simple to do and I can tell you that you would be hard press to 
run out of capacity.


All depend on what you define as heavy and what you do.

Hope this provide you some food for thoughts.

Best,

Daniel

Used of dd for mirroring of quick disk replacement across servers, and second question for bigger drives?

[Daniel Ouellet]

Hi,

I am pretty sure this is not possible at all, but again, may be 
something else is available that I haven't found/think yet.


Two questions I have.

1. use of dd across servers.
2. use dd or the like to increase disk size with same content in the end.

==

1. I am trying to see if I can mirror raw disks across servers just like 
I would do on the same server.


dd if=/dev/rsd0c of=/dev/rwd1c bs=1m

Not the end of the world, but if possible it would be great. I have 
situations where this would be very useful as I always have servers 
ready with nothing on them to take over if needed and if I get signed of 
possible failure of drives and all, be able to do this would be very 
nice oppose to drive and physically do it on the same server.


More of a convenience then a must have, but I can't come up with an idea 
to do so. Any way to do this anyone knows of?


2. The second question again relate to this is I also have the needs to 
replace with bigger drives now and this is on Solaris with plenty of 
hard and symbolic links and on system that include installations of 
software at the company that run proprietary software and really do not 
provide details sadly. So far I always take care of drives that may be 
flaky by simply booting an OpenBSD live CD and use DD to mirror the SCSI 
drive in it, remove the old, put the new one in and be done with it. I 
do that to keep drive in best shape and be sure it doesn't crash on me. 
Or provide me better chance not to anyway.


But now, I would really need to use bigger drives and dd is great fro 
identical drives, however doesn't really do a good job for different 
size obviously.


Anyone have a suggestion that may be as simple as the above describe one 
that works.


I always loved the dd way with drives in the same server.

- Shutdown server.
- Add new SCSI drive in the box.
- Boot OpenBSD live CD
- use dd to mirror drive as is, no need to know anything about it.
- Wait patently until it's done.
- Remove old drive.
- Put new drive in place.
- Reboot and all is back to work.

Then I can do this in two more years and sleep well in between time 
knowing that chances the SCSI drive failed on me is much more remote, 
still there, but less likely.


However, now this process do not really work obviously with different 
size hard drives... (;


I can't come up with an alternative solution as simple as this one. Any 
clue as to may be something that might work and somewhat guaranty to 
have identical ending working setup, but on a bigger drive?


Many thanks for any possible suggestion that may address these questions 
with simple alike solutions.

Re: SMP

[Daniel Ouellet]

On 12/11/09 12:51 PM, Donald Allen wrote:

Thanks to everyone who took the time to weigh in on this. Perhaps most
useful to me are the comments of those who have used OpenBSD for heavy
database work (I intend to use Postgresql) and have gotten
satisfactory results.


Then using PostgreSQL should really work well for you then and you 
wouldn't really need or benefit much from multicore kernel with the 
giant lock removed as PostgreSQL is not and do not use threads anyway by 
design oppose to MySQL that does. So, that choice of database eliminate 
your biggest concern form the start.


Enjoy your retirement and try to still have fun.

Best,

Daniel

Re: OT: Have you hugged your local OpenBSD dev lately?

[Daniel Ouellet]

On 12/14/09 11:43 AM, Bob Beck wrote:

 From past experience, I would expect much waving of hands over a two
weeks periods, with lots of expert telling you It's a complicated problem,
running around in circle finding even MORE complicated problems to solve,
and then things going back to its general state of apathy with respect
to security issues.


I don't believe it's apathy, as much as a realization that in general,
the focus of the developers will always be on speed and eye candy to
the expense of all else, including stability and security.

As such we concentrate on looking at things that can mitigate
somewhat, at least in the saner cases, such as when it is not an
accellerated driver with full access to the machine. Then we at least
have some more secure by default options.

The fact is though, Monsterously accellerated X with full access to
the machine hardware bypasseses much of the security protection
openbsd provides.  Do some people want/need it? sure. but they sould
do so understanding that they are incurring a greater risk by using
it. in this manner.


Well, Bob, this is much like the new study that just came out for kids, 
here replace kids by your favorite X users and X developers that wants 
these goodies.


The conclusion is pretty much the same and can read like:

The Journal Of Child Psychology And Psychiatry has concluded that an 
estimated 98 percent of children under the age of 10 are remorseless 
sociopaths with little regard for anything other than their own 
egocentric interests and pleasures.


http://www.theonion.com/content/news/new_study_reveals_most_children

I just don't think in this case here that it is limited to Children 
only. (;


Peace,

Daniel

How often packages are recompile when lib changes

[Daniel Ouellet]

Hi,

Just a quick question to know how often the current packages are 
recompile when there is a lib increase or if they are not unless the 
packages itself get an update too.


Just wonder as I install current December 4, and install current package 
as well if MySQL no problem.


I tried yesterday and now MySQL packages complain of lib not found and 
needs the previous version as the one install in the current system.


Not a big deal, just a simple question to know if the packages are 
recompile based on lib changes or only on packages changes itself only. 
Not a big deal as I manage anyway, just wonder for my knowledge as I 
never really came across that yet so far and just wonder.


Other then that, best wish to all for the holidays!

Daniel

Re: How often packages are recompile when lib changes

[Daniel Ouellet]

Chris Bennett wrote:

Daniel Ouellet wrote:

Hi,

Just a quick question to know how often the current packages are 
recompile when there is a lib increase or if they are not unless the 
packages itself get an update too.


Just wonder as I install current December 4, and install current 
package as well if MySQL no problem.


I tried yesterday and now MySQL packages complain of lib not found and 
needs the previous version as the one install in the current system.


Not a big deal, just a simple question to know if the packages are 
recompile based on lib changes or only on packages changes itself 
only. Not a big deal as I manage anyway, just wonder for my knowledge 
as I never really came across that yet so far and just wonder.


Other then that, best wish to all for the holidays!

Daniel

Packages that use a lib that changes need to reinstall to use the new 
correct lib.

Even if the package itself has no changes at all.


Both snapshots install on new system.


Are you using the correct package source?
Are you using pkg_add -ui -F update F updatedepends ?


Not an upgrade, but fresh install on new system with snapshots, not 
packages source as there isn't a need for that, snapshots packages are 
available as well. I just wonder how often they are recompile if they 
are at time other then when the package itself is updated due to lib 
changes may be or anything like that.


If you are using -current, then you can no longer use the -current 
package source until you update to latest -current. If you use -current, 
you need to stay put or upgrade everything together


Thanks for the feedback, but yes I know about using current and snapshots.

I did this on a brand new setup using snapshot for sparc64 and yes I was 
using the snapshots as well for packages too.


Install from

ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/sparc64/

and packages from the same:

$ export 
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/`machine -a`/


and doing pkg_add mysql-server, will not install mysql server or client, 
but only the perl dependency and not the packages for mysql 5.1.41 and 
will give error for libc.so.53.0, major error even if it is present and 
will want to have libc.so.52.0 that is not present and is not on the 
install I did December 4 either for amd64.

Re: How often packages are recompile when lib changes

[Daniel Ouellet]

Just for the records, this libc was bump up at the H2K9, witch is 
totally fine for sure and I have no issue or complains about it.


Log entry is clear about it

Bump the libc major for the post-h2k9 string of ABI changes and 
additions (rthreads, MB_LEN_MAX, rdomains)


and is also available here:

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/shlib_version.diff?r1=1.119;r2=1.120;f=h

I am only wonder if when this happened if the various packages that 
depend on them for example are redone. I know there was cut back in the 
pass as well for lack of men power for this.


Again not a complain what so ever. I just wanted to know if the built 
system actually redo them when this happened or not and only packages 
are rebuilt only when they are change themselves.


Sorry for the noise, just wanted to know for my own knowledge and I am 
fine redoing it from port, but I prefer use packages when available, 
thats' all.


Obviously the package now wants to use libc.so.52.0 witch is not present 
in a fresh new snapshots install as only the libc.so.53.0 is now, but 
would be present on an upgrade snapshots. I sure can copy over the 
libc.so.52.0 and be done with it.


My question was only in regards to packages rebuilt when this situation 
happened nothing more nothing less.


Sorry for the noise.

Best,

Daniel

Re: Disk errors

[Daniel Ouellet]

I can get a large SATA disk pretty cheap, but this board doesn't accept 
SATA.


Anyone have any thoughts on whether I should just pay more for a smaller 
PATA or get the SATA.


If I get the SATA, I will need to buy either a SATA pci card or get a 
SATA to IDE adapter.

Are there any problems I should expect with these two choices for SATA?


Well, I just finish one more replacement of SATA drive today. The forth 
time, yes you read it, 4 times so far in 2 years. Yes it is on a busy 
database, but never the less, I thought that SATA wasn't so bad! 
Even IDE drives were better then that. I reach the conclusion and will 
start this process to trash, yes trash any thing I use that happened to 
use SATA. I guess newer doesn't mean better and that cheap may be good 
for really cheap stuff as long as you really don't care about the data 
or the time wasted rebuilding this stuff.


Call me stupid, but I miss the OLD SCSI. At a minimum, they were fast, 
reliable, yes when they blow up they could just jam hard real fast, but 
in most cases, you got sign of them falling before they did. This SATA 
crap is really the worst drives I have seen in a long time. Of all 4, 
they were Western Digital, Seagate and Fujitsu.


I guess the only choices now is to use SAS and that's about it as all 
others are going out of the market, or use solid state drives, witch are 
still pretty expensive when the size go high.


So, do as you wish, but if you asked me, put a bit more money in it and 
get better drives then SATA one.


Every one have their opinion, but if the drives are real busy, I don't 
think many would recommend to use SATA unless you use softraid and all, 
but even then, I guess they might suggest to still use something better.


I know I am done with SATA drives experience have proven it just way to 
clearly to me!


Best,

Daniel

Is SOL redirection on OpenBSD IPMI kernel enable is possible with Winbond WPCM450 BMC?

[Daniel Ouellet]

Hi,

I have been digging a lots of reading in the last few days and I start 
to wonder if I am not running in a dead end.


I am testing the remote management capability. I got nice serial console 
access working very well based on the FAQ 7.6.


I also got the IMPI enable in kernel and get plenty of sensors reading.

I continue to play with the IPMI/BMC and got the packages impitool for 
my OpenBSD box and configure the access and all to that test box good.


I can even have a nice shell to the IMPI over TCP on that box too.

I can do changes for the TCP, do power cycle, reboot, monitoring, etc. 
Bunch of fun stuff. Get all the sensors over tcp good, or better yet on 
the local shell as well via the ipmitool package.


I try to read the IPMI 2.0 and 1.5 specs from Intel here:

http://www.intel.com/design/servers/ipmi/spec.htm

Pretty long stuff I must admit. Didn't read all for sure.

Various other documents there and look like SOL, ISOL, TSOL are all 
available on the shell to as well as over LAN, but pass that I hit a wall.


I know it does work for the box I am testing with as I get that remote 
console via their web access with java and all like Sun if you are 
familiar with that. It's cool, but I really like the CLI instead of the 
blotted java stuff.


What I am trying to do is to see if I can actually get console 
redirection, or serial redirection to that IPMI shell or not, or better 
yet to a remote connection, but I start to think that it may not be 
possible without a FULL iLOM like processor optional board may be? But 
with a local shell already and all, I would think it may be possible to 
do specially that the web interface to the IMPI/BCM allow all that I 
would need to do and more.


Reading all the specs and what ever I could put my hands on via google, 
I thought that it would be possible. But I am so close I can have the 
shell in impi using the impitool and issue the SOL activate command and 
looks like it may go do something, but then I just can't pass that.


I don't know what else I could read to get that going and start to think 
that may be it can't be done, or I haven't found the right info yet.


Anyone have a clue stick may be, or simply a NO answer so that I would 
stop pulling what ever hair I still have left?


Obviously I can't say how to connect the OpenBSD console to IPMI, like I 
can do the serial to the COM1 via the stty and tty, etc.


Based on the specs of IPMI I would think it should be possible.

But is it?

I would very much appreciate a pointer, may be a URL to some other good 
docs that I may have not find yet, or even a simple no, that's not 
possible to do at all with may be some meat details as to why so that I 
understand would be great!


I just fell there is a very stupid thing I am not doing right, but I 
can't find it!


The specs of the box say clearly that KVM-over-LAN is supported, virtual 
media over LAN, witch I really don't care for, but may be nice to play 
with. If I ever need that, then may be at that time I would use the java 
stuff, but for most of the time, why go that far.


dmesg below if that's of any value.

The box is this one if that needed too.

http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm

Thanks for your time.

Best,

Daniel

=
OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3219652608 (3070MB)
avail mem = 3126497280 (2981MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9ac00 (19 entries)
bios0: vendor American Megatrends Inc. version 1.0b date 01/19/2010
bios0: Supermicro X7SPA-HF
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET EINJ BERT ERST HEST
acpi0: wakeup devices P0P1(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) 
USB2(S4) USB5(S4) EUSB(S4) USB3(S4) USB4(S4) USB6(S4) USBE(S4) P0P4(S4) 
P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) GBE_(S4) SLPB(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.89 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG

cpu0: 512KB 64b/line 8-way L2 cache
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.67 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR,NXE,LONG

cpu1: 512KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU D510 @ 1.66GHz, 1666.67 MHz
cpu2: 

Re: Trying to boot OpenBSD on Juniper Networks J2320.

[Daniel Ouellet]

Well,

This is a purely selfish comment for sure.

But I must say that if OpenBSD could one day run on real router hardware 
and support theses various interface, that would be a dream come true 
for me for sure.


Not that OpenBSD can't do a lots already, it sure can, but still there 
in many places where I just can't use it and having a pure open source 
router where any bugs can be fix, etc and not be stuck with the endless 
(useless in many case) smartnet or Juno OS would sure be a plus.


I must say that I am very interested by this and it did trigger my 
curiosity for sure.


The issue still the same however with all these Cisco hardware, may not 
be the same for Juniper, the processor and memory is ALWAYS under power 
and scarce in size.


There is a lots to be said about using off the self hardware for router, 
but also, if the processor was any decent, running OpenBSD on a lower 
grade 26xx Cisco route would be absolutely great!


Then running OpenBSD on any decent Juniper hardware would be a real gift!



On 4/13/10 1:10 PM, Jason George wrote:

Top-posting because I am lazy...

Since those Junipers are pseudo-chassis-based with pluggable cards, I think
you are dying on how the backplane is laid out and detected by OpenBSD.

In the interim, please make sure that dms@ sees the dmesg, principally for the
em(4) interface.

For what it's worth, I have run OpenBSD successfully on a Cisco 4240 IDS/IPS
device,

--J


Hello m...@. Subj:

Trying to boot from Secondary Compact Flash ...
Using drive 0, partition 3.
Loading...
probing: pc0 com0 com1 apm pci mem[635K 1022M a20=on]
7156348+1055080 [52+363840+348188]=0x882ae8  OpenBSD/i386 BOOT 3.02
entry point at 0x200120
com0: 9600 baud
[ using 712452 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2010 OpenBSD. All rights reserved. http://www.OpenBSD.org

OpenBSD 4.7-current (GENERIC) #603: Mon Apr 12 16:28:26 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 1073115136 (1023MB)
avail mem = 1029746688 (982MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/20/07, BIOS32 rev. 0 @ 0xf0010, SMBIOS
rev. 2.3 @ 0xfbbf0 (71 entries)
bios0: vendor American Megatrends Inc. version 080012 date 06/20/2007
bios0: JUNIPER NETWORKS SHASTA_MBD_865
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC OEMB8b800) at pcib_callback+0x48
acpi0: wakeup devices P0P4(S4) MC97(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4)
EUSB(S4) GBEN(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat0) at config_attach+0x105
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 100MHzay+0x3a
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)678,d0203001) at isapnp_find+0x99
acpiprt1 at acpi0: bus 1 (P0P4)d0a84770,d08a8fdc) at isapnp_match+0x83
acpicpu0 at acpi0d1cc1900,4,1) at isascan+0xf9
acpibtn0 at acpi0: SLPBcc1b00,d0a84db0,d1ca4080,d1ca9000) at config_scan+0xaf
acpibtn1 at acpi0: PWRBd08a8280,d0a84db0,d061f134,d07d5557) at config_attach+0x
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x0248
Intel 82865G Video rev 0x02 at pci0 dev 2 function 0 not configuredonfig_proc
ppb0 at pci0 dev 3 function 0 Intel 82865G CSA rev 0x02
pci1 at ppb0 bus 2afc0,d08a6738,d0a84e70,d0502450) at config_attach+0x105
em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: apic 1 int 
18 (irq 5)
em0: The EEPROM Checksum Is Not Valid(0,d08a6714,0,0,0) at config_attach+0xfd
em0: Unable to initialize the hardware04d01ba) at config_rootfound+0x27
uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 1 int 16 
(irq 5)
uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 1 int 19 
(irq 5)
uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 1 int 18 
(irq 5)
uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 1 int 16 
(irq 5)
ppb1 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xc2
pci2 at ppb1 bus 1
fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x02, i82562: apic 1 int 
20 (irq 5),
address ff:ff:ff:ff:ff:ff
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
Cavium NITROX Lite rev 0x00 at pci2 dev 15 function 0 not configured
ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
wd0 at pciide0 channel 1 drive 0:
wd0: 1-sector PIO, LBA, 967MB, 1980720 sectors
wd0(pciide0:1:0): using PIO mode 4, DMA mode 2

Re: Source Overview

[Daniel Ouellet]

Please read as this is your challenge back should you actually step up 
to it with the usual line shut up and hack type of answer.


This tread now spread on tech@ too and include may be 3 or 4 treads all 
referring to todo lists, janitor and all.


I don't find it interesting anymore and plenty of answers were provided, 
but again nothing is done about it so in the same spirit of the well 
knows shut up and hack, I decided to show again how useless this might 
be and I would be more then happy to be proven wrong big time. I will 
even pay the beer if I am proven wrong for good.


Now to close this for good and to show as many time in the pass that it 
will not go anyway, I setup yet one more users maintain lists here:


http://todo.openbsdsupport.org/

or here if you prefer:

http://openbsdsupport.org/todo/

same place anyway, but the URL is obvious I guess in the first one.

There is nothing there and I challenge anyone that complain in the last 
week or so about not having a list and that it would be useful and allow 
great things to happened to do it.


I WILL PROVIDE AN ACCOUNT to anyone that is actualy serious in doing 
this list and that will take it on. Collect all the variosu todo lists, 
make it clean and real here, not with funny pictures, design, and all. 
Just the list. It could be even as simple as a simple list of URL to 
places that have todo already. I don't think it will go anyway, but in 
the same spirit of showing the true color of winners, I raise yet again 
this variation on the same idea and same challenge as before.


I have that domain as far back as 2004 following yet an other endless 
discussion about documentations/howto and all.


Yes, I got minimal amount of contributions to it after all was setup but 
the wining stop. Just no progress however. I do have very minimal 
contribution in my inbox that I haven't been able to update yet as for 
lack of time on my part, but at the same time I sure do not get a 
regular flow of updates either in the 6+ years it exists.


I know it will not go anywhere, but that's not the developers jog to 
make these lists that no one look at anyway, but many have done so.


Also, I want to make it VERY CLEAR that this have nothing to do with the 
project what so ever. It's not endorse or supported by the project what 
so ever and it not associated with it in any shape or form. If you have 
a problem with that, take it with me, not the project. Theo knows about 
it, he told me log ago that was a waste of time and useless things to do 
and he was 100% right! But it still exists to stop the wining if nothing 
else as looks like we have more noise on the list always as time pass.


So, may be if the only contribution this does is to reduce it, then so 
be it and just that is worth my time.


Now, take the challenge on and show that everyone was wrong by doing 
your part.


Contact me off list if you are serious and will do the list and i will 
give you access as long as you are not abusing of it.


Hopefully this will close the subject and if anything good come out of 
it then great.


Let see where it goes from here. The ball is in your camp now. You want 
a list, then make it so.


Best,

Daniel

Re: Source Overview

[Daniel Ouellet]

I simply requested the account on that persons system because I offered to
help maintain the task list.  I've not been contacted so I assume they're
not interested.


You are not the only one with limited time. Sorry for the late reply, 
but also I wanted to provide details as to why.


Your text was:

If you provide me an account and if everyone is OK sending me minimally
formatted TODO lists I will gladly be the point of contact and maintain that
list.

What qualifies as minimally formatted?

1) Each item on a separate line prepended with a *.
2) (OPTIONAL) If you want, order them by importance.

I will attempt to clean-up grammar and spelling.


The short of it is that in it if you look at it. It add more work to the 
developers by asking them to send in stuff. They already have it done 
for some. So, why duplicate the list. It will just get out of sync and 
obsolete very soon. Plus they have a list, so I think the most logical 
and efficient way to do it would be just like this:


1. Name

2. Very short blurb for area the todo cover

3. URL to the developers list.

And that's it.

Nothing more is needed. Frankly if a developer spend time making a todo 
list and publish it, then it must be some what maintain when ever they 
have time. Asking to add more management to track it and maintain yet an 
additional list is wrong in my book. Plus I am still not convince it's 
helpful, but never the less I would sure be welcome to be proven wrong.


The only think that this gives me as an idea that may have some merit is 
that a list of user group might be good to have and I can add that to 
the site. But again, that should be as minimal as possible.


City, state or province, country, language and URL to the site for the 
group. If no URL, then some details could be added and that may actually 
get some usage may be.


But keeping the time needed to maintain anything like this is a plus and 
not required any more from the developers have to be the goal. But 
again, I am not sure it's even good, but like I said, I am not oppose 
to. Like everyone else I have very little time and I didn't reply 
before, nor this morning to your email at 5:32AM when I saw it at 7:30 
AM EST as I just finish an other project and I do need to get some sleep 
sometime as little as it might be and I have some kind of a life too and 
kids to take care of as well.


So, sorry for the delay.

Like I said, I am not doing a perfect job and I will admit that, but I 
try. Better then most anyway that asked and do nothing.


I will continue off list for the rest as there is no point on doing it here.

I already saved the email from Alexandre Ratchov for his list that he 
sent to m...@. Just didn't have time to post it yet, but it will.


Now I need to go feed the kids, so more delay on my part.

Best,

Daniel

Re: newbie help with PF. block all, then allowing port 22 doesnt work.

[Daniel Ouellet]

   ## Traffic IN
   pass in log quick on $t_externa inet proto { tcp, udp } from any
to ($t_externa) \
  port { 22  8080 } keep state


In your pf configuration it doesn't show where you actually define the 
macro for your interface $t_externa.


Are you sure the rules you run are what you think they are.

Did it load properly and may be you want to check the rules as active with

pfctl -sr

And check that display. I think you may find what you are looking for.

Compare your pf.conf with what you actually see in pfctl -sr and you 
will work your issue out.


Best,

Daniel

Re: Source Overview

[Daniel Ouellet]

On 4/22/10 2:05 AM, Pete Vickers wrote:

In keeping with your 'lets get something up on there to point the whiners at',
how about adding this:

* Add support for RFC5837 to OpenBSD's IP stack.

This could be suitable task since it presumably has 'cool factor'  is an
easily definable task, and is not trivial to write.


/Pete


Hi Pete,

With all due respect. May be I didn't read the list right, but I didn't 
see your name here:


http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/geo/openbsd-developers/files/OpenBSD?rev=1.53;content-type=text%2Fplain

Meaning you are not a developers. May be I am wrong. That list is for 
what the developers fell they have on their todo list, not a list of 
users request. So, that may be they can get help, not for them to take 
requests!


If you want it, may be you could start it right?

I sure have no intention of starting a list of users requests at all.

Sorry not my intentions what so ever. I fell grateful to even get what 
they gracefully share with me and that's a gift in itself. For what 
was/is important to me, I pay them to do it, if they are interested in 
what I may need, or try to do it myself when time allow me to do so.


Best regards,

Daniel

Re: Source Overview

[Daniel Ouellet]

Neither are you, so why does that matter?


Never said on imply I was.

If you got a different feeling, my deepest apology to you Claudio!

Best,

Daniel

Re: Source Overview

[Daniel Ouellet]

On 4/21/10 8:47 PM, Adam M. Dutko wrote:

You are not the only one with limited time. Sorry for the late reply, but
also I wanted to provide details as to why.



I realize.


Hi Adam,

Sorry for the delay here. Just very limited time on my side.

Anyway, here is the credential to access the todo page on the site if 
you still want to do it.


I can put an ssh key if you like and that would be faster and easier for 
you.


Anyway have fun:

user: amdutko
password: Q2n9lPK

Then when you login, in your home directory, you will see a softlink 
that bring up directly into the todo directory of the openbsdsupport.org 
site.


For now, you can only change things in that directory only, but you can 
add, etc in there.


Thanks for your help on this.

Best,

Daniel

Re: Source Overview

[Daniel Ouellet]

Sorry for the delay here. Just very limited time on my side.


Obviously this was a mistake on my part and shoud;n't have been sent to 
misc@


The account is deleted now.

Don't even try.

Lack of sleep does crazy thing at time! (;

No need to say how stupid that was of me!

Re: Source Overview

[Daniel Ouellet]

On 4/25/10 6:24 PM, Daniel Ouellet wrote:

Sorry for the delay here. Just very limited time on my side.


Obviously this was a mistake on my part and shoud;n't have been sent to
misc@

The account is deleted now.

Don't even try.


Really, no point in trying to access it. User near Stuttgart, 
Baden-W|rttemberg located in Germany are pretty quick here I must say.


It was a stupid mistake on my part corrected right away before the 
follow up and I was just to quick on the reply list button oppose to 
reply button.


I saw it as I sent it, but couldn't stop it then. I deleted the account 
right away and it's gone. Really no need to even try, or you will just 
block yourself.


Just wonder what you wanted to do? No really, no need to answer that really!

Apr 25 18:35:42 www1 sshd[30701]: Invalid user amdutko from xx.xxx.81.65
Apr 25 18:35:42 www1 sshd[16332]: input_userauth_request: invalid user 
amdutko
Apr 25 18:35:42 www1 sshd[30701]: Failed none for invalid user amdutko 
from xx.xxx.81.65 port 26380 ssh2
Apr 25 18:35:48 www1 sshd[30701]: Failed password for invalid user 
amdutko from xx.xxx.81.65 port 26380 ssh2

Apr 25 18:35:56 www1 sshd[16332]: Connection closed by xx.xxx.81.65

Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Hi,

This is the only mailing I will do on this subject, but if you do have a 
OpenBSD specific users group meeting anywhere in the world, could/would 
you send me a very quick short details about it?


Nothing more then

city
state or province
country
usual meeting date
URL if any and if not, fell free to send a short blurb about it's 
locations and all so that users many find it.


Or even just the URL of a site for it is fine.

Send it off list to me if preferable as to not pollute this list here, 
or to the list if that's any good. Use your best judgment on this.


May be nice to collect this information and make it available so that 
users may find locations where they might go to share knowedge and 
interests on their favorite OS.


Sorry, I am not interested in Linux and the like. No offense intended.

OpenBSD only please.

It will be here:

http://openbsdsupport.org/ugs/

Adam Dutko offer to help me collect the details and hopefully make 
something good out of it. If not, then sorry for the noise and just 
ignore me.


Thanks

Daniel

Re: Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Actually there is a very good list here:

http://www.openbsd.org/groups.html

Sorry for the noise!

Re: Regular OpenBSD users group meeting location anyone?

[Daniel Ouellet]

Why duplicate the effort?

Please just link to http://www.openbsd.org/groups.html and ask people
to send updates to us.

-Otto


You are 100% right. It's just not my day today!

I was looking for it and find it a but later then sending my email. 
Might be a good idea to add the link to it from the front page may be.


Just an idea, but fell free to ignore me.

I need to go get some sleep and stop making a foll of myself...

Daniel

Re: 4.7 CDs arrived in Colorado

[Daniel Ouellet]

On 4/28/10 10:38 AM, Leonardo Rodrigues wrote:

Humm... will packages for 4.7 be available now on FTP, since people
are already getting their pre-order cd sets?


May 19. That's the date of the official release.

Same thing at each release cycle.

Re: State of multiprocessing and multithreading in OpenBSD

[Daniel Ouellet]

Someone told me my Atari ST was garbage and their Amiga was better.


Hey, I will stay out of the rest, but the Atari wasn't bad, however the 
Amiga was really great and many years ahead of it's time. (; I had to 
sale my 2000 and 1000 with all my books, my Astec compiler (Really 
expensive piece of software!) and plenty of other software including my 
co processor IBM board with at the time the math co processor as well, 
just so that I could pay part of my college education and even if it's 
been so many years, I still miss it! (;


Yea, these days.

Really an incredible machine!

A long way from my first sinclair Z80 with thermal printer and all. Talk 
about expensive toys! (;


Going back under my rock now. (;

Daniel

Re: State of multiprocessing and multithreading in OpenBSD

[Daniel Ouellet]

On 5/5/10 10:58 PM, Alvaro Mantilla Gimenez wrote:

On Thu, 2010-05-06 at 14:29 +1200, richardtoo...@paradise.net.nz wrote:

Quoting Juan Miscarojmisc...@gmail.com:

cut

Someone told me my Atari ST was garbage and their Amiga was better.


Of course Amiga was better!!! :-P


Yea men! Amen to that! (:::

Virtual domains/users setup with smtpd.

[Daniel Ouellet]

Hi,

I am very much hoping that I could get the input of a kind sole out 
there, or even to send me a working configuration is find. But I spend 
the last three days on/off to try to get the virtual alias/domains 
working on smtpd and I can't get there.


I read the man page no less the 20 times, google and all. Eve saw the 
changes in alias done a few days, ago. 13 now.


Even the latest fix here:

http://www.mail-archive.com/misc@openbsd.org/msg90204.html

Or the few example here:

https://calomel.org/opensmtpd.html

I try on 4.5, 4.7 and after the fix posted 13 days ago, I did try on 
current as well.


I even empty a bottle of wine tonight to calm me down as I hit the wall 
a few times and I am getting upset. May be I don't understand the 
english as it should be, but for me, there is something missing in the 
man page that I can't break yet.


I try no less then may be 100 variation on possible, and very unlikely 
possibility to get this working, but I cant get there.


I set up two servers to test, one with 4.5 one with current and even 
test on 4.6 a few times.


I strip to the minimum, but frankly, I hit the wall. It got to be the 
most stupid missing details, but please any help would be great. I can't 
figure it out with the docs I read so far and believe me I read a hell 
of a lots so far.


Below is what I understand, I guess at this time that should work as 
writing all that I tried would be way to long.


What am I missing?

Here are the details:

Now tested on current on sparc 64.

I have multiple domains for testing and ll.

All DNS are ok.

I see the incoming right.

I get constant errors at the receiving end:

May 11 21:07:45 spamtrap smtpd[24488]: 1273626465.PixuMJ6IS1qoctUk: 
from=dan...@presscom.net, relay=smtp1.realconnect.com [66.63.3.242], 
stat=LocalError (530 5.0.0 Recipient rejected: dan...@opensipd.com)


I can deliver local mail to local user on that box.

I try to setup virtual users on that box, or virtual users forwarded to 
remote address as well for testing.


That I can't get there.

Putting anything in /etc/mail/aliases and doing the newalias will not do it.

The simplest configuration as I understand it based on the man page and 
I even removed any tls stuff as well to keep it simple should be:


mail to root@ the hostname will work, no problem.

I create the virtual.db file with a single line as follow:

# cat virtual
dan...@opensipd.com: dan...@presscom.net

makemap -t aliases -o /etc/mail/virtual.db /etc/mail/virtual

the smtpd.conf have this:

listen on lo0
listen on dc0

map aliases { source db /etc/mail/aliases.db }
map virtual { source db /etc/mail/virtual.db }

accept for all relay
accept from all for local deliver to mbox
accept for domain opensipd.com alias virtual deliver to mbox

But the above isn't right and give configuration errors.

Even if the man page suggest it should be possible;

for domain domain [alias map]
  This rule applies to mail destined for the specified
  domain.  This parameter supports the `*' wildcard, so
  that a single rule for all sub-domains can be used, for
  example:

  accept for domain *.example.com deliver to mbox

  If specified, map is used for looking up alternative
  destinations for addresses in this domain.


May be I don't understand that part properly.

Anyway, putting:

accept from all for domain opensipd.com alias virtual deliver to mbox

give errors as well.

accept from all for virtual virtual deliver to mbox

give no success either.

even f there isn't any error at the start.

I still get the :

530 5.0.0 Recipient rejected: dan...@opensipd.com

Even trying this for a test;

accept from all for virtual virtual relay

will not go.

Or this;

accept from all for domain virtual deliver to mbox

no error at startup, but still no go.

Anyway, I got a very long list of variation and all kind of trial and 
nothing works for me so far.


Please anyone can tell me what actually works in a step by step as long 
like what ever I read just do not give me the answer and I am at a lost 
to get it going.


It got to very very stupid and I am sure I will beat myself over the 
head when it's working, but I can't get it, or understand the man page 
properly.


Some small details is definitely missing for me to get it and may be a 
very small additional example in the man page might help lost sole like me.


Anyone have a small amount of time to graciously offer me to light my 
candle here?


Best,

Daniel

PS; I didn't put all the variation I tried in the last three days as 
many were just plan stupid, but I tried anyway just in case. I just 
can't get there.

Re: Relayd on localhost with multiple SSL Certificates

[Daniel Ouellet]

On 5/11/10 8:05 PM, Keith wrote:

Hi. is it possible to get multiple http relayd relays listening on
localhost each with a different port # and each with a different ssl
certificate ?


SSL certificate are host name bound, not port bound isn't it?

So, I would say no, but I could be wrong.

Re: Virtual domains/users setup with smtpd.

[Daniel Ouellet]

On 5/12/10 4:21 PM, Gilles Chehade wrote:

I have very sporadic access to internet this week, your mail is
very hard to read, can you summarize as much as possible and
describe your exact issue with output from smtpd -dv, smtpd.conf
and making sure you are running the latest smtpd ?

Will check back my mails tomorrow evening


Hi Gilles,

Sorry for the long delay here. Just to mouch things in the works.

In Short what I try to do, spearing you all the details is to simply 
setup a virtual domain with a single user as a test.


For the example, I have a server setup and add one domain to it and try 
to have one user send emails to the server and getting it to a remote 
address. Something like:


dan...@opensipd.com to be relay to dan...@presscom.net

Nothing more for now.

Also, the setup is used with the latest snapshot to start with, but as 
it doesn't have all your two latest patch as well in the sparc64 yet, I 
did the CVS updates too and compile the absolute latest smtpd. I had 
already got the source as well.


# dmesg | grep '(GENERIC)'
OpenBSD 4.7-current (GENERIC) #315: Tue Apr 27 03:15:34 MDT 2010

# cd /usr
# cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -P src/usr.sbin/smtpd
# cd src/usr.sbin/smtpd
# make clean
=== makemap
snip Lots of output.

# make
=== makemap
snip Lots of output.

# pkill smtpd

# make install
=== makemap
snip Lots of output.

# smtpd

Now running the latest one.


Reading some of your previous answers on misc@, this configuration below 
have to do it. A side note, I also tried again tonight these two possibility


accept for domain opensipd.com deliver to mbox

replace with

accept for domain opensipd.com alias virtual deliver to mbox

just in case.

Still no go.

And I tried without the as well with both variation above:

accept from all for local deliver to mbox

Just in case it possibly could cause a problem as well, but no go either.

===
in /etc/smtpd.conf
===
listen on lo0
listen on dc0

map aliases { source db /etc/mail/aliases.db }
map virtual { source db /etc/mail/virtual.db }

accept from all for local deliver to mbox
accept for virtual virtual deliver to mbox
accept for domain opensipd.com deliver to mbox
accept for all relay



# cat virtual
dan...@opensipd.com: dan...@presscom.net



Create the db with. Full path just to be sure it use your version of 
makemap.


/usr/libexec/smtpd/makemap -t aliases -o /etc/mail/virtual.db 
/etc/mail/virtual




Still get the error:

530 5.0.0 Recipient rejected: dan...@opensipd.com

Full debug below as well and even disable pf to be 100%:

# smtpd -dv
startup [debug mode]
parent_send_config: configuring smtp
parent_send_config_client_certs: configuring smtp
parent_send_config_ruleset: reloading rules and maps
smtp_setup_events: listen on IPv6:fe80:1::203:baff:fe10:6165 port 25 
flags 0x0 cert dc0

smtp_setup_events: listen on 66.63.0.75 port 25 flags 0x0 cert dc0
smtp_setup_events: listen on IPv6:fe80:4::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert lo0
smtp: will accept at most 245 clients
smtp_new: incoming client on listener: 0x4beb6800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=402
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: dan...@opensipd.com
smtp: got imsg_mfa_mail/rcpt
1273802922.ANMDYzJ7fPexgiyX: from=dan...@realconnect.com, 
relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 
Recipient rejected: dan...@opensipd.com)

command: QUIT   args: (null)
session_destroy: killing client: 0x477fc000
^Csmtp server exiting
runner handler exiting
queue handler exiting
mail transfer agent exiting
mail filter exiting
mail delivery agent exiting
lookup agent exiting
control process exiting
parent terminating
#


*
I also try to create a user in the /etc/aliases file to see if that 
works. It do not either. Only works for real users, not aliases to local 
user.


the local server is spamtrp.realconnect.com, so email to

r...@spamtrap.realconnect.com

will be deliver to root local account.

In aliases I also created these two tests account to see:

# cat aliases | grep test
test: dan...@presscom.net
test2: root

and run newaliases obviously.

Still no go and debug show it as well:

# smtpd -dv
startup [debug mode]
parent_send_config: configuring smtp
parent_send_config_client_certs: configuring smtp
parent_send_config_ruleset: reloading rules and maps
smtp_setup_events: listen on IPv6:fe80:1::203:baff:fe10:6165 port 25 
flags 0x0 cert dc0

smtp_setup_events: listen 

Re: Virtual domains/users setup with smtpd.

[Daniel Ouellet]

 ^^^--- unless you mention from all, it will only accept from lo0


accept for domain opensipd.com deliver to mbox

 ^^^--- same here


accept for all relay

 ^^^--- but don't do it here



I had tried that before and no go.

The only one that works is to root at the local hostname, or real users, 
no aliases what so ever being virtual or local one.


Like r...@spamtrap.realconnect.com or r...@opensipd.com will do be in 
the local root mail account and that's the last two you can see in the 
log below showing it as well.


Here are all the details:

# hostname
spamtrap.realconnect.com
# cat /etc/mail/aliases | grep test
test: dan...@presscom.net
test2: root
# newaliases
/etc/mail/aliases: 56 aliases
# cat /etc/mail/smtpd.conf
listen on lo0
listen on dc0

map aliases { source db /etc/mail/aliases.db }
map virtual { source db /etc/mail/virtual.db }


accept from all for local deliver to mbox
accept from all for virtual virtual deliver to mbox
accept from all for domain opensipd.com deliver to mbox
accept for all relay
# cat virtual
te...@opensipd.com: dan...@presscom.net
te...@opensipd.com: root
# /usr/libexec/smtpd/makemap -t aliases -o /etc/mail/virtual.db 
/etc/mail/virtual

# pkill smtpd
# smtpd -dv
startup [debug mode]
parent_send_config: configuring smtp
parent_send_config_client_certs: configuring smtp
parent_send_config_ruleset: reloading rules and maps
smtp_setup_events: listen on IPv6:fe80:1::203:baff:fe10:6165 port 25 
flags 0x0 cert dc0

smtp_setup_events: listen on 66.63.0.75 port 25 flags 0x0 cert dc0
smtp_setup_events: listen on IPv6:fe80:4::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on IPv6:::1 port 25 flags 0x0 cert lo0
smtp_setup_events: listen on 127.0.0.1 port 25 flags 0x0 cert lo0
smtp: will accept at most 245 clients
smtp_new: incoming client on listener: 0x4bd55800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=412
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: t...@spamtrap.realconnect.com
smtp: got imsg_mfa_mail/rcpt
1273835446.EG3NGPKJR7lFn6wJ: from=dan...@realconnect.com, 
relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 
Recipient rejected: t...@spamtrap.realconnect.com)

command: QUIT   args: (null)
session_destroy: killing client: 0x437a8000
smtp_new: incoming client on listener: 0x4bd55800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=413
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: te...@spamtrap.realconnect.com
smtp: got imsg_mfa_mail/rcpt
1273835453.XUkSzWxzYz9J9W5C: from=dan...@realconnect.com, 
relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 
Recipient rejected: te...@spamtrap.realconnect.com)

command: QUIT   args: (null)
session_destroy: killing client: 0x437a8000
smtp_new: incoming client on listener: 0x4bd55800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=401
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: te...@opensipd.com
smtp: got imsg_mfa_mail/rcpt
1273835468.DrzO68BYcwUW9CEQ: from=dan...@realconnect.com, 
relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 
Recipient rejected: te...@opensipd.com)

command: QUIT   args: (null)
session_destroy: killing client: 0x4df54000
smtp_new: incoming client on listener: 0x4bd55800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=401
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: te...@opensipd.com
smtp: got imsg_mfa_mail/rcpt
1273835475.vpDWCOIUN0gNz1gP: from=dan...@realconnect.com, 
relay=host-2.ouellet.us [66.63.44.67], stat=LocalError (530 5.0.0 
Recipient rejected: te...@opensipd.com)

command: QUIT   args: (null)
session_destroy: killing client: 0x4df54000
smtp_new: incoming client on listener: 0x4bd55800
lookup_ptr 66.63.44.67
lookup_ptr success
session_pickup: greeting client
command: EHLO   args: host-2.ouellet.us
command: MAIL FROM  args: dan...@realconnect.com SIZE=400
session_rfc5321_mail_handler: sending notification to mfa
smtp: got imsg_mfa_mail/rcpt
smtp: imsg_queue_create_message returned
command: RCPT TOargs: r...@opensipd.com
smtp: got imsg_queue_commit_envelopes
command: DATA   

Re: Virtual domains/users setup with smtpd.

[Daniel Ouellet]

On 5/14/10 7:16 AM, Daniel Ouellet wrote:

 ^^^--- unless you mention from all, it will only accept from lo0


accept for domain opensipd.com deliver to mbox

^^^--- same here


accept for all relay

^^^--- but don't do it here

Also, just on case you wonder if it is working locally on the server 
itself. It doesn't:


# mail t...@spamtrap.realconnect.com
Subject: Test
.
EOT
Null message body; hope that's ok
# send-mail: 530 5.0.0 Recipient rejected: t...@spamtrap.realconnect.com

# mail te...@spamtrap.realconnect.com
Subject: Test
.
EOT
Null message body; hope that's ok
# send-mail: 530 5.0.0 Recipient rejected: te...@spamtrap.realconnect.com

# mail te...@opensipd.com
Subject: test
.
EOT
Null message body; hope that's ok
# send-mail: 530 5.0.0 Recipient rejected: te...@opensipd.com

# mail te...@opensipd.com
Subject: test
.
EOT
Null message body; hope that's ok
# send-mail: 530 5.0.0 Recipient rejected: te...@opensipd.com

Re: Virtual domains/users setup with smtpd.

[Daniel Ouellet]

On 5/14/10 9:10 AM, Owain G. ainsworth wrote:

You are missing aliasesname of aliases if you wish for your aliases to work.


For the alias it does, but the issue is for the virtual.

So changing:

accept from all for local deliver to mbox

to

accept from all for local alias aliases deliver to mbox

works yes.

I did put the URL for that correction in my original post:

http://www.mail-archive.com/misc@openbsd.org/msg90204.html

So, may be we should put into the man page as well for that example 
using alias then.


Here is a diff for that.
Index: smtpd.conf.5
===
RCS file: /cvs/src/usr.sbin/smtpd/smtpd.conf.5,v
retrieving revision 1.32
diff -N -u -p smtpd.conf.5
--- smtpd.conf.527 Apr 2010 14:39:24 -  1.32
+++ smtpd.conf.514 May 2010 23:44:49 -
@@ -332,7 +332,7 @@ would look like this:
 listen on lo0
 map aliases { source db /etc/mail/aliases.db }
 map secrets { source db /etc/mail/secrets.db }
-accept for local deliver to mbox
+accept for local alias aliases deliver to mbox
 accept for all relay via smtp.gmail.com tls enable auth
 .Ed
 .Pp


However for the original issue, still no virtual working yet.

One question that it bring to me however is this in the man page then:

-t type
  Specify the format of the resulting map file.  The default map
  format is suitable for storing simple, unstructured, key-to-value
  string associations.  However, if the mapped value has special
  meaning, as in the case of the virtual domains file, a suitable
  type must be provided.  The available output types are:

 aliases  The mapped value is a comma-separated list of mail
 destinations.  This format can be used for building user
 aliases and virtual domains files.

 set  There is no mapped value - a map of this type will only
  allow for the lookup of keys.  This format can be used
  for building primary domain maps.


When would the set type be use then?

If this is for primary domain only, I assume this mean domain to be 
deliver on the local server. If so, then the alias only is used to 
create the account in that case. If so and you have test in the aliases 
file, then test@ will answer for all the domains in on the server, not 
only a specific one?


I get the aliases type, but I do not get the set type here?

Best,

Daniel

Re: Virtual domains/users setup with smtpd.

[Daniel Ouellet]

On 5/17/10 4:41 AM, Gilles Chehade wrote:

You are confusing me :-)


I am very sorry! That's the last thing I want to do.

So, I will try to make it very short and as clear as I can. (;

I simplify the configuration to the minimum and as I still not able to 
get the virtual part working, I try something below that is simple and 
appear to be logical to me. If I am wrong, then take the 20 pound hammer 
and beat me over the head with it. I can't see it!




if I have the following smtpd.conf:


listen on lo0
listen on dc0

map vdomains { source db /etc/mail/vdomains.db }

accept from all for local deliver to mbox

#accept from all for domain opensipd.com deliver to mbox
#accept from all for virtual vdomains deliver to mbox

accept for all relay


The only two things I will do here between the restart of smtpd are to 
either comment out only one or the other below:


#accept from all for domain opensipd.com deliver to mbox
#accept from all for virtual vdomains deliver to mbox

one at a time to test it.

With

accept from all for domain opensipd.com deliver to mbox
#accept from all for virtual vdomains deliver to mbox

No other changes, I can send email to

r...@opensipd.com

and I get it into the root local account.

That works.

now, if I reverse it:

#accept from all for domain opensipd.com deliver to mbox
accept from all for virtual vdomains deliver to mbox

I should be able to get the email in the same local root account if the 
vdomains have the following in it:


# cat vdomains
r...@opensipd.com root

and I had created the vdomains.db with the makemap as this:

# /usr/libexec/smtpd/makemap -t aliases vdomains

Am I not understanding this properly?

It got to work right?

But it doesn't. I always get the error:

530 5.0.0 Recipient rejected: r...@opensipd.com

I haven't been able to get the virtual to works once and I can't say how 
many variation I did. Way to many to list them and a few totally stupid 
as well, but just in case I tried.


So, isn't the above is valid and should work as a simple test?

Daniel

Re: hfsc service curve

[Daniel Ouellet]

On 5/21/10 3:43 AM, Leonardo Lombardo wrote:

can someone describe me exactly how hfsc service curve works ?


Read this and it should provide a pretty good idea.

https://calomel.org/pf_hfsc.html

And complete your learning with the man page.

Best,

Daniel

Re: 4.7 identifies HDDs differently than 4.6 (during upgrade)

[Daniel Ouellet]

On 6/5/10 10:56 PM, Neal Hogan wrote:

I had not determined that. . . I did not see where somebody's HDDs
were interpreted differently.


Hi Neal,

It's not the HHD that is interpreted differently, it's the changes and 
improvement to the controller that is better supported in 4.7 then before.


Look at the DMESG again and you will see it.

The way to think about it if I may suggest an analogy is like for 
network cards. There is a hell of a lots of them that are n2000 
compatible, but they are not all the same. Over time if you design a 
driver that take advantage of some feature of your network card, then it 
may well not be seen as n2000 compatible anymore but as it's real 
hardware design.


So, before you had your controller using a compatible mode if you want 
to access your drive, but then it was improve and you get additional 
feature, speed and all.


Or would you have prefer that OpenBSD didn't work at all with your 
controller, meaning not even offering you the possibility of using a 
different driver that allow you to use your hardware. I suspect that you 
wouldn't have not wanted the possibility of using your computer right? 
Or am I wrong?


Your system benefit from improvement now that wasn't there before. So be 
happy and use it instead of seeing it as a flaw and raise objection to it.


But you can also tell me to get lost and that's fine too. But that's the 
logic you should take the improvement as.


There is always improvement to the system at each release.

Example of this, today I watch the presentation on mdocml and to be 
honest I was very surprise to learn that the roff, troff, nroff, what 
ever variations of *off was a real turn off! (; It include no less the 
700 files in base, 200K lines of code and around 50K line of C++ alone, 
etc and obviously is all GPL. All sooner or later will go and is already 
in the system now and much faster by a factor of 60 or so in speed and 
10K lines of code, meaning 200K down to 10K or 20 time smaller.


So, following your logic they shouldn't do these then?

I think it's much better to keep going and at that rate every 
improvement like this reduce bugs, improve security and all. Even if 
thee isn't any bug known yet, logic dictate that no matter what, less 
code reduce the chances of bugs and all.


So, be happy that your system got better and do not need to be use in 
compatible mode now if you want to thin about it that way.


If you keep complaining about improvement, well, you may one day not get 
any at all, then what!? Be grateful for what you got and be happy that 
your systen work better now then it was a few months ago.


Regards,

Daniel

Re: Processeur Atom ?

[Daniel Ouellet]

On 6/10/10 2:41 PM, FRLinux wrote:

I guess he is asking if all Atom processors are compatible with
OpenBSD, which i guess is pretty much a given :)

My question (sorry for hijacking this thread) is : is there any people
on this list who switched from soekris (geode) to atom, and are they
happy with speed and everything? Reason I mention that is i'd love to
move my setup to atom/ssd eventually but haven't seen much on the list
about it.


http://marc.info/?l=openbsd-miscm=127050936423288w=2

And pretty easy remote install and management of the box too:

http://marc.info/?l=openbsd-miscm=127078571618143w=2

Works well so far.

Daniel

Re: Processeur Atom

[Daniel Ouellet]

On 6/10/10 4:06 PM, E.T wrote:

My main
question and therefore, is that OpenBSD supports a 100%, the atom D510?.
The X server is configured with more time. But there will be no more bugs
or conflicts later, more severe and troublesome.


Same URL as earlier today.

You should check the archive first.

DMESG included:

http://marc.info/?l=openbsd-miscm=127078571618143w=2

http://marc.info/?l=openbsd-miscm=127050936423288w=2

Fully loaded with memory and two pretty good drives as wellas shown in 
dmseg.


Total power to run it is as follow:

Power: 31 Watts.

Power factor: 87%

No need to say this is very quiet, no fan, but I did add one blower type 
in it just to keep it real cool, even if not needed and it's a very 
quiet one too. Add 1.4 watt to the power, so really no big deal.


Best,

Daniel

Re: Why I left OpenBSD

[Daniel Ouellet]

These are all perception problems not real problems.  Again, if one
doesn't need flash one can do anything and everything on OpenBSD just
fine.  I am not claiming that OpenBSD should be used under all
circumstances however making blanket statements that OpenBSD can't
handle it is dumb.


Well, I agree up to 99%. I have been looking for a simple solution to 
remotely edit SQL database for years. Yes, solutions does exists, Open 
Office have db to, but none allow me to process, or paste multiple 
records at once for example.


The only solution I have is to use Access with the layer ODBC on Windows 
to do that very quickly And yes Access is strictly use as a GUI 
interface if you want to edit content of SQL database on remote servers 
and event if that's not as fast as it might be, doing 100K paste records 
in that SQL DB remotely works very well and no I can't do that with Open 
Office and I still haven't found something to do it that way yet. Open 
Office allow me to edit one records at a time. Fine for many cases, but 
not for all. Even on a MAC I do sadly use VMWare to run Windows and have 
Access there as I have no alternative. Call that sad and it is. But 
that's one case. Only one yes, but one case where I have no alternative, 
or find one yet and I sure have been looking for years.


All that said, for everything else yes I totally agree with you. I do 
not have any other case.


Best,

Daniel

Re: Why I left OpenBSD

[Daniel Ouellet]

This sounds like a very solvable problem unless it is a proprietary
database.


Nope. It's just MySQL. The only proprietary software I have to run on 
Solaris and that I wish I could run in OpenBSD is Broadworks from 
Broadsoft for VoIP. But I am dreaming to be able to do that!?


If you have a suggestion for the database I am all ears! (; I even sent 
a few emails for ideas in the last 10 years on the subject without any 
success yet.


This is how I do it and I sent that to MySQL list in 1999. Many users 
looks like use my suggestion to do the same. Works very well for 
everyone and is a big time savers I must admit.


http://lists.mysql.com/myodbc/638

Best,

Daniel

Re: Why I left OpenBSD

[Daniel Ouellet]

On 6/11/10 7:46 PM, Marco Peereboom wrote:

Haha odbc and mysqueel you do like pain eh?


I know. But it's fast and when customers use MySQL, then you flow with it.


Why do you need ms access?


Strictly as a GUI interface only. Liek select a row and paste huge 
quantity of data that customers sent to update their database, etc. All 
done at once and I get them most of the time in excel and sometime in 
Access. So, select all data, and paste in Access link to MySQL via ODBC 
and all is pasting all at once oppose to Open Office for example that 
will and can only do one row. Think of it as a quick interfcae of 
editing directly the database records. If oyu edit only one record, then 
you can do somethng else, but dong multiple one, then it's still the 
fastest way.



I still don't get what the problem is.


It's a speed of usage issue for multiple row editing. I can do quick 
edit directly with MySQL client in the DB, but when it comes to multiple 
rows entry, etc. If you get the data in either from and then try to 
convert in SQL statement for import and all. It takes way to much time 
to do it and in the end, What I do in 30 seconds would take a very long 
time doing it like that. It's a practical data editing and entry that 
it's used for. And again Access is only and strictly use for it's 
capability of GUI edit/paste only. And obviously I still need it to read 
the data I get obviously.


I know the idea looks stupid. I grant you that. (; But if you ever see 
it, you would see that it is darn quick and save countless hours and as 
time is always missing in my days, anything that same me some will be 
strongly consider. Plus ODBC is pretty darn old to and looks like places 
start to drop it's usage too. It's a very limited usage and I really do 
not care for any features of Access, etc. I could care less for it. As I 
sai,d I only and strictly use it as a GUI over ODBC to edit records 
directly in the remote database. Nothing else.


I may not explain myself very well I agree. Sometime I have problem 
doing so. but that's all there is to it really. Nothing more then that. 
That's why it looks to stupid doing so and replacing it should be very 
simple. But I just do not have an alternative for it and I looked for 
many years! That is really the only thing I still have that force me to 
keep VMWare, Microsoft and Access on a MAC for example. Everything else 
have been replaced and I do not have an alternative yet on an OpenBSD 
desktop. A very small price to pay, but never the less still stuck with it.

Re: Why I left OpenBSD

[Daniel Ouellet]

On 6/11/10 7:46 PM, Marco Peereboom wrote:

Haha odbc and mysqueel you do like pain eh?


Anyway, I will let the tread die. I don't think it's of any interest to 
anyone and I shouldn't hijack treads.


Thanks Marco. I am sure it's more boring them a great OpenBSD OS for 
sure! I wish I have an alternative, but I don't and I live with it. Not 
the end of the world.

Re: anyone use these for firewall?

[Daniel Ouellet]

On 6/15/10 11:58 AM, Chris Smith wrote:

Neither of which are listed as supported by 4.7, does -current
possibly support these?


It they worked and the dmesg is in the archive as well.

Best,

Daniel

Re: anyone use these for firewall?

[Daniel Ouellet]

On 6/15/10 11:58 AM, Chris Smith wrote:

Ran across these Supermicro boxes:

http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm
and
http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm?typ=E


dmesg in the archive and yes they work very well. Even very nice remote 
maintenance capability too.

Re: Multiple web servers hosting different sites behind single public IP (all listening on port 80)?

[Daniel Ouellet]

I can port-map to the various servers just fine (ie: abc.com:8080,
abc.com:,
etc.) but this is NOT the desired configuration.

The 3 different web servers should all be accessible via port 80:
   abc.com, coolstuff.abc.com, abc.com/coolstuff


Can you give me a bit more details as to what you really want to do.

- Look to me if I understand you right, it's pretty simple. All your 
servers would have the same content and you spread the load between them.


- And you try to have coolstuff.abc.com redirected to your web server 
directory at abc.com/coolstuff?


If so, that's pretty easy to do and rewrite module in httpd does do that 
for you.


I do that all the time!

Working live example if you need to see it to know and understand my 
question to you.


example

http://wheredoyoufit.org

will redirect you to

http://typology.people-press.org/

Or an other example redirecting oyu inside a sub directory of a site 
like this:


http://pandemicfluandyou.org

will redirect you inside a sub directory here:

http://healthyamericans.org/pandemic-flu/

Is that what you try to do?

If not, I do not follow your question.

Or if so, you sure can use relayd, but no need for it really.

You may even redirect your various URL to different port too if that 
makes your life easier and then in pf, you redirect them to a specific 
server at all times.


There is many solutions, but what is the problem you try to address. 
Sorry if I am tick, but that's what I understood from your question.


Best,

Daniel

Re: x4100

[Daniel Ouellet]

On 6/30/10 9:27 PM, Marco Peereboom wrote:

It seems that the sun X4100 works now with amd64 GENERIC.MP.  I'd like
to get some test reports from folks in the field.

You have to checkout a kernel using cvs because all niceness isn't in
snaps yet.


Just for the archive, but Marco already have feedback.

No go for the Sun x4100 M2 with latest snapshot

Thu Jul  1 15:28:35 MDT 2010

Only need to do:

dd if=/dev/zero of=/var/test bs=1m count=1000

And you have a crash right away and reboot.

dmesg below:

Best,

Daniel


OpenBSD 4.7-current (GENERIC.MP) #60: Thu Jul  1 15:28:35 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3756982272 (3582MB)
avail mem = 3643121664 (3474MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbd50 (70 entries)
bios0: vendor American Megatrends Inc. version 0ABJX039 date 04/11/2007
bios0: Sun Microsystems Sun Fire X4100 M2
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR SLIT OEMB HPET IPET SRAT SSDT
acpi0: wakeup devices PS2K(S1) PS2M(S1) USB0(S4) USB1(S4) MAC_(S5) 
P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) P0P5(S4) IO4B(S4) BR5B(S4) BR5C(S4) 
BR5D(S4) BR5E(S4) IOB2(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR2E(S4) PWRB(S1)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Dual-Core AMD Opteron(tm) Processor 2216, 2393.92 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 
64b/line 16-way L2 cache

cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 15 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 16 pa 0xfeafd000, version 11, 7 pins
ioapic1: misconfigured as apic 0, can't remap to apid 16
ioapic2 at mainbus0: apid 17 pa 0xfeafc000, version 11, 7 pins
ioapic2: misconfigured as apic 1, can't remap to apid 17
ioapic3 at mainbus0: apid 14 pa 0xfeaff000, version 11, 24 pins
acpihpet0 at acpi0: 2500 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 4 (P0P4)
acpiprt3 at acpi0: bus 5 (P0P5)
acpiprt4 at acpi0: bus 128 (PCIB)
acpiprt5 at acpi0: bus 133 (POGA)
acpiprt6 at acpi0: bus 134 (POGB)
acpiprt7 at acpi0: bus 131 (BR5D)
acpiprt8 at acpi0: bus 132 (BR5E)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: PowerNow! K8 2393 MHz: speeds: 2400 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5
spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5
spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5
spdmem3 at iic0 addr 0x53: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5

iic1 at nviic0
iic1: addr 0x18 00=01 01=01 02=00 03=00 words 00=0101 01=0101 02= 
03= 04= 05= 06= 

Re: x4100

[Daniel Ouellet]

Only difference I can see with what you have here is the bios is more 
recent on mine and I have two drives setup as raid 1.


 bios0: vendor American Megatrends Inc. version 0ABJX039 date 
04/11/2007


That's it.

I have 4 of them, all with the same problem.



On 7/2/10 12:47 AM, Marco Peereboom wrote:

# dd if=/dev/zero of=/var/test bs=1m count=1000
1000+0 records in
1000+0 records out
1048576000 bytes transferred in 21.012 secs (49901672 bytes/sec)

bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf8fb0 (65 entries)
bios0: vendor American Megatrends Inc. version 080010 date 08/10/2005
bios0: Sun Microsystems Sun Fire X4100 Server

Bah I had been testing on a non M2 version.  Well at least this one
works even though it used to have issues as well.

On Thu, Jul 01, 2010 at 11:16:45PM -0400, Daniel Ouellet wrote:

On 6/30/10 9:27 PM, Marco Peereboom wrote:

It seems that the sun X4100 works now with amd64 GENERIC.MP.  I'd like
to get some test reports from folks in the field.

You have to checkout a kernel using cvs because all niceness isn't in
snaps yet.


Just for the archive, but Marco already have feedback.

No go for the Sun x4100 M2 with latest snapshot

Thu Jul  1 15:28:35 MDT 2010

Only need to do:

dd if=/dev/zero of=/var/test bs=1m count=1000

And you have a crash right away and reboot.

dmesg below:

Best,

Daniel


OpenBSD 4.7-current (GENERIC.MP) #60: Thu Jul  1 15:28:35 MDT 2010
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3756982272 (3582MB)
avail mem = 3643121664 (3474MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfbd50 (70 entries)
bios0: vendor American Megatrends Inc. version 0ABJX039 date 04/11/2007
bios0: Sun Microsystems Sun Fire X4100 M2
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR SLIT OEMB HPET IPET SRAT SSDT
acpi0: wakeup devices PS2K(S1) PS2M(S1) USB0(S4) USB1(S4) MAC_(S5)
P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) P0P5(S4) IO4B(S4) BR5B(S4) BR5C(S4)
BR5D(S4) BR5E(S4) IOB2(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR2E(S4) PWRB(S1)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Dual-Core AMD Opteron(tm) Processor 2216, 2393.92 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Dual-Core AMD Opteron(tm) Processor 2216, 2393.64 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 15 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 16 pa 0xfeafd000, version 11, 7 pins
ioapic1: misconfigured as apic 0, can't remap to apid 16
ioapic2 at mainbus0: apid 17 pa 0xfeafc000, version 11, 7 pins
ioapic2: misconfigured as apic 1, can't remap to apid 17
ioapic3 at mainbus0: apid 14 pa 0xfeaff000, version 11, 24 pins
acpihpet0 at acpi0: 2500 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 4 (P0P4)
acpiprt3 at acpi0: bus 5 (P0P5)
acpiprt4 at acpi0: bus 128 (PCIB)
acpiprt5 at acpi0: bus 133 (POGA)
acpiprt6 at acpi0: bus 134 (POGB)
acpiprt7 at acpi0: bus 131 (BR5D)
acpiprt8 at acpi0: bus 132 (BR5E)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
acpibtn0 at acpi0: PWRB
ipmi

Re: what is the OpenBSd equivalent for kern.maxfilesperproc on OpenBSD?

[Daniel Ouellet]

On 7/2/10 1:25 AM, Siju George wrote:

Hi,

It is for Squid Optimizations from

http://wiki.squid-cache.org/SquidFaq/SystemSpecificOptimizations


Well your description is miss leading here.

The text on that page said:

... increase the number of system-wide ...

so, that would be

# sysctl | grep kern.maxfiles
kern.maxfiles=7030

and that is:

# The maximum number of open files that may be open in the system.

However, the name of the sysclt that your document refer at

kern.maxfilesperproc=8192

Of files per process is set in login.conf and as an example:
# Setting used by MySQL daemon

mysql:\
:openfiles-cur=2048:\
:openfiles-max=3072:\
:tc=daemon:


So, you set that up under the class you will use.

man(5) login.conf

So, depend what you really want to do, use the right place, or if you 
are not sure, then don't touch it.


Best,

Daniel




thanks :-)

Siju

Any interest to possibly make OpenBSD run on the iPad?

[Daniel Ouellet]

I am sure this wouldn't cover the time needed to make this happened by 
far and it may not be possible or easy for sure, I realize that. But if 
any developer(s) may have the interest and possibly the time to do so 
and actually make that a reality in a decent time frame, I would be more 
then happy to buy one iPad and have it ship to that person.


Depending on the interest and time frame, I might be able to do this two 
time, but I can't commit to two at this time, so keep that in mind. I 
pay for it from my pocket and funds are not as plenty as it was once.


May be if any other users want to see that possibly happening, then they 
might do a pool to buy more and have it ship to the right person.


This is an open offer and as long as Theo confirmed the genuine 
developer(s) to me, that's all good for me and like in the pass for a 
few other hardware I did, I would do this again.


My selfish interest in it for me is that I am getting older and yes 
small screen are getting harder to use for me and I do need bigger 
screen and how ever I still like to get minimal carrying hardware when I 
need to go to various POP to do work locally via console and all, I 
waste more time with smaller screen then the actual work. I guess age 
start to gets it's toll on me.


If there is any interest and possibility, great, if not that's totally 
fine too. I will not loose any sleep over it. (; It's more a cool wish 
then a real need to use the iPad.


I can be contacted off list if there is real interest and if not then 
the offer still stand. My only wish in exchange is to have OpenBSD run 
on it with the wireless and a nice addition to the FAQ to install 
OpenBSD on the iPad, that's all. But don't get me wrong, I realise that 
even that offer sure do not cover all the time that would be required to 
make that a reality, so it's more an interest of love then anythng else 
here, however I do know that support for OpenBSD on new hardware will 
not happened without some developers getting that hardware in their 
hands, so there it is.


And in case this wasn't obvious, the hardware provided is obviously for 
you to keep and enjoy should you want to and make that a reality.


Happy 4th of July.

Best,

Daniel

Re: Current fails to boot a Dell R300

[Daniel Ouellet]

On 1/4/10 6:12 PM, Edd Barrett wrote:

On Mon, Jan 04, 2010 at 04:17:31PM -0600, Bryan wrote:

I posted something earlier today about it as well...


The devs know about this.

Apparently some SCSI changes in the kernel broke this.


You could try again with the patch posted just few minutes ago by dlg@, 
or wait for the next snapshot to be ready.


http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/atapiscsi/atapiscsi.c?rev=1.85

May fix your problem.

Best,

Daniel

Re: routing and pf at 10Gbps

[Daniel Ouellet]

On 2/11/10 2:46 PM, Henning Brauer wrote:

disk i/o is irrelevant. you will need a very very very fast opengl
capable graphics card with loads of memory of course.


???

I am sure I am missing something big here, but Fast Video Card with 
OpenGL for router? Are you trying to look live every packets routed here?


If I may asked Henning, please give me a clue stick as that part I 
really do not understand what so ever. No bunt intended, I just do not 
understand that at all, please help me get it? What Video have to do 
with routing?


Best,

Daniel

Re: selling bsd in cd for profit??

[Daniel Ouellet]

On 2/26/10 7:44 PM, Citra Cool wrote:

Can I selling openBSD in CD for profit??


You can always become an OpenBSD reseller if you want.

If my memory served me right, you can buy the CD in bulk directly from 
Theo. If you buy 25 or more from him at once, he will give you a pretty 
good discount ( I think it was 40%, but please don't take it as being 
right!) on them and then you can sale them at the same price as the 
project if you like and that's one way for you to help some.


I can't recall right now the final price you would pay for 25 or more, 
but fell free to contact Theo directly and proceed. I am pretty sure he 
would be happy to work with you if you actually are serious about doing 
so. Just don't waste his time if you are not going to do 25 and more 
however.


If you are thinking of using the ISO and make CD to sale them, that's 
not allow and you would hurt the project doing so.


But don't take any of what I wrote here as the truth, I am not the final 
person to say yes or no on this. Theo is!


Best,

Daniel

Re: HPN SSH

[Daniel Ouellet]

Anyone taken a look at these patches?  I'm curious if there's security
implications to this.

http://www.psc.edu/networking/projects/hpn-ssh/


I can't say, but based on pass experience I would say that if the 
patches were god and pass upstream without any security issue that they 
would be part of OpenSSH already unless they are with GNU license obviously.


I know OpenBSD do not go after speed first, but security, however 
anytime efficient improvement do not go against the first goal of 
security, I didn't see to many patch refuse for sure, specially here for 
example where it is a factor of 10x.


So, may be that was a project on the side that no one knew, however I 
don't think so. So, based on that I would say that if the patches are 
not included in the main tree that the developers must think there are 
not right or that there is issues with them.


That's simple logic really.

I never say anyone rejecting patches just to reject them, following that 
logic I would say if they are not in the tree, then they must judge that 
there are issue with them, or that this project never cared to send them 
upstream to get them included and argue the pros/cons of them to a 
satisfaction to be included.


That's my take on it.

Draw your own conclusion however, your judgment is as good as mine.

Best,

Daniel

Both snapshots bsd/bsd.mp of Mach 7 on Sun X4100 M2 i386 crash n boot right away, but March 4 was running

[Daniel Ouellet]

Hi,

The new snapshots for March 7 on Sun X4100 M2 crash right away on boot
and go directly to bbd.

This was running with the March 4 snapshots.

Below you see the dmesg,  the trace and the ps.

The dmesg is from an other server running an earlier version of the OS
as I didn't keep the bsd for March 4 in my testing for the new release. (;

The screen capture of the console for the ps and trace is here as I
didn't want to retype everything.

http://openbsdsupport.org/BSD.2010-03-08.png

Dmesg below as well:

OpenBSD 4.5 (GENERIC.MP) #108: Sat Feb 28 14:58:58 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 686-class,
1024KB L2 cache) 2.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16
real mem  = 3757658112 (3583MB)
avail mem = 3649417216 (3480MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/11/07, BIOS32 rev. 0 @ 0xf0010,
SMBIOS rev. 2.3 @ 0xfbd50 (70 entries)
bios0: vendor American Megatrends Inc. version 0ABJX039 date 04/11/2007
bios0: Sun Microsystems Sun Fire X4100 M2
acpi at bios0 function 0x0 not configured
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 686-class,
1024KB L2 cache) 2.40 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 686-class,
1024KB L2 cache) 2.40 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 686-class,
1024KB L2 cache) 2.40 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16
mpbios0: bus 0 is type PCI
mpbios0: bus 1 is type PCI
mpbios0: bus 2 is type PCI
mpbios0: bus 3 is type PCI
mpbios0: bus 4 is type PCI
mpbios0: bus 5 is type PCI
mpbios0: bus 128 is type PCI
mpbios0: bus 129 is type PCI
mpbios0: bus 130 is type PCI
mpbios0: bus 131 is type PCI
mpbios0: bus 132 is type PCI
mpbios0: bus 133 is type PCI
mpbios0: bus 134 is type PCI
mpbios0: bus 135 is type ISA
ioapic0 at mainbus0: apid 15 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 16 pa 0xfeafd000, version 11, 7 pins
ioapic1: misconfigured as apic 0, can't remap to apid 16
ioapic2 at mainbus0: apid 17 pa 0xfeafc000, version 11, 7 pins
ioapic2: misconfigured as apic 1, can't remap to apid 17
ioapic3 at mainbus0: apid 14 pa 0xfeaff000, version 11, 24 pins
pcibios0 at bios0: rev 3.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4e20/272 (15 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0051
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xa000 0xca000/0x1800 0xcb800/0x1000 0xcc800/0x1000
0xcd800/0x5c00 0xd3800/0x1000
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
spdmem0 at iic0 addr 0x52: 1GB DDR2 SDRAM registered cmd/addr parity, data ECC
PC2-5300CL5
spdmem1 at iic0 addr 0x53: 1GB DDR2 SDRAM registered cmd/addr parity, data ECC
PC2-5300CL5
iic1 at nviic0
iic1: addr 0x18 00=01 01=01 02=00 03=00 words 00=0101 01=0101 02= 03=
04= 05= 06= 07=
iic1: addr 0x19 00=01 01=00 02=00 03=01 words 00=0101 01= 02= 03=0101
04= 05= 06= 07=
iic1: addr 0x1a 02=00 03=00 words 00= 01= 02= 03= 04=
05= 06= 07=
iic1: addr 0x1c 02=00 03=00 words 00= 01= 02= 03= 04=
05= 06= 07=
iic1: addr 0x48 01=00 03=50 07=00 0a=4b 0e=19 11=00 12=4b 13=50 14=19 15=50
16=50 17=50 18=19 19=00 1a=4b 1b=50 1c=50 1d=50 1e=50 1f=50 20=19 21=00 22=4b
23=50 24=50 25=19 26=50 27=50 28=19 29=00 2a=4b 2b=50 2c=4b 2d=4b 2e=4b 2f=4b
30=19 31=00 32=4b 33=50 34=50 35=50 36=00 37=50 38=19 39=00 3a=4b 3b=50 3c=00
3d=50 3e=19 3f=50 40=19 41=00 42=4b 43=50 44=4b 45=4b 48=19 49=00 4a=4b 4d=4b
4e=19 4f=4b 50=19 51=00 52=4b 53=50 54=50 55=50 56=50 57=00 58=19 59=00 5a=4b
5b=50 5c=50 5d=50 5e=50 5f=50 60=19 61=00 62=4b 63=50 64=50 65=50 66=19 67=50
68=19 69=00 6a=4b 6b=50 6c=19 6d=50 6e=50 6f=50 70=19 71=00 72=4b 73=50 74=50
75=50 76=50 77=50 78=19 79=00 7a=4b 7b=50 7c=50 7d=50 7e=19 7f=50 80=19 81=00
82=4b 83=50 84=19 85=50 86=50 87=50 88=19 89=00 8a=4b 8b=50 8c=50 8d=50 8e=50
8f=50 90=19 91=00 92=4b 93=50 94=50 

Re: Both snapshots bsd/bsd.mp of Mach 7 on Sun X4100 M2 i386 crash n boot right away, but March 4 was running

[Daniel Ouellet]

More updates on this.

I tested the new snapshots as well that just hit the tree a few minutes ago.

March 8, 2010 at 11:59 mts

and it is also still broken, but trace give different results, so here 
it is as well, but I had to do two screen shut this time as it didn't 
fit all on one screen for ps and trace.


http://openbsdsupport.org/ps.2010-03-08.11.59.mts.png

http://openbsdsupport.org/trace.2010-03-08.11.59.mts.png

Best,

Daniel

Re: Both snapshots bsd/bsd.mp of Mach 7 on Sun X4100 M2 i386 crash n boot right away, but March 4 was running

[Daniel Ouellet]

What's the panic message?


Sorry that it took me so long to answer back.

I had to get this back up and find an earlier snapshots that works and I 
found on in Brasil. However in my testing I saw also yet a new version 
that just hit the tree, this one at 14:50MST that works.


Here is the dmesg for both.

And now there is a new one as well that came up, this one is March 8 for 
14:50 MST, not the 11:59 and this time looks like it is booting again.


Both dmesg bellow for interest only I guess.

I tried to find the crash details, but I don't have it at this time.

Not sure if you still want it, I could try to find yet an other mirror 
that have the crashing snapshots, but not sure that it's productive now.


Anyway, I will redo it all now once more to be sure.



March 4 working.


OpenBSD 4.7-beta (GENERIC.MP) #435: Thu Mar  4 11:11:28 MST 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 
686-class, 1024KB L2 cache) 2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16

real mem  = 3757592576 (3583MB)
avail mem = 3657285632 (3487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/11/07, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.3 @ 0xfbd50 (70 entries)

bios0: vendor American Megatrends Inc. version 0ABJX039 date 04/11/2007
bios0: Sun Microsystems Sun Fire X4100 M2
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC SPCR SLIT OEMB HPET IPET SRAT SSDT
acpi0: wakeup devices PS2K(S1) PS2M(S1) USB0(S4) USB1(S4) MAC_(S5) 
P0P1(S4) P0P2(S4) P0P3(S4) P0P4(S4) P0P5(S4) IO4B(S4) BR5B(S4) BR5C(S4) 
BR5D(S4) BR5E(S4) IOB2(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR2E(S4) PWRB(S1)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 
686-class, 1024KB L2 cache) 2.40 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16

cpu2 at mainbus0: apid 2 (application processor)
cpu2: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 
686-class, 1024KB L2 cache) 2.40 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16

cpu3 at mainbus0: apid 3 (application processor)
cpu3: Dual-Core AMD Opteron(tm) Processor 2216 (AuthenticAMD 
686-class, 1024KB L2 cache) 2.40 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16

ioapic0 at mainbus0: apid 15 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 16 pa 0xfeafd000, version 11, 7 pins
ioapic1: misconfigured as apic 0, can't remap to apid 16
ioapic2 at mainbus0: apid 17 pa 0xfeafc000, version 11, 7 pins
ioapic2: misconfigured as apic 1, can't remap to apid 17
ioapic3 at mainbus0: apid 14 pa 0xfeaff000, version 11, 24 pins
acpihpet0 at acpi0: 2500 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 4 (P0P4)
acpiprt3 at acpi0: bus 5 (P0P5)
acpiprt4 at acpi0: bus 128 (PCIB)
acpiprt5 at acpi0: bus 133 (POGA)
acpiprt6 at acpi0: bus 134 (POGB)
acpiprt7 at acpi0: bus 131 (BR5D)
acpiprt8 at acpi0: bus 132 (BR5E)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xa000 0xca000/0x1800 0xcb800/0x1000 
0xcc800/0x1000 0xcd800/0x5c00 0xd3800/0x1000

ipmi at mainbus0 not configured
cpu0: PowerNow! K8 2394 MHz: speeds: 2400 2200 2000 1800 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
NVIDIA nForce4 DDR rev 0xa3 at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 NVIDIA nForce4 ISA rev 0xa3
nviic0 at pci0 dev 1 function 1 NVIDIA nForce4 SMBus rev 0xa2
iic0 at nviic0
spdmem0 at iic0 addr 0x52: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5
spdmem1 at iic0 addr 0x53: 1GB DDR2 SDRAM registered cmd/addr parity, 
data ECC PC2-5300CL5

iic1 at nviic0
iic1: addr 0x18 00=01 01=01 02=00 03=00 words 00=0101 01=0101 02= 
03= 04= 05= 06= 07=
iic1: addr 0x1c 02=00 03=00 words 00= 01= 02= 03= 
04= 05= 06= 07=
iic1: addr 0x1d 00=0f 01=0f 02=00 03=00 words 00= 01=0f0f 02= 
03= 04= 05= 06= 07=

admcts0 at iic1 addr 0x2c
admcts1 at iic1 addr 0x2d
iic1: addr 0x48 00=1a 01=ff 02=ff 03=50 04=4b 05=ff 06=ff 08=1a 09=00 
0a=4b 10=1a 11=00 12=4b 18=1a 19=00 1a=4b 20=1a 21=00 22=4b 28=1a 29=00 
2a=4b 30=1a 31=00 32=4b 38=1a 39=00 3a=4b 3e=1a 40=1a 41=00 42=4b 48=1a 
49=00 4a=4b 4e=1a 50=1a 51=00 52=4b 58=1a 59=00 5a=4b 60=1a 61=00 62=4b 
68=1a 69=00 6a=4b 70=1a 71=00 72=4b 78=1a 79=00 7a=4b 80=1a 81=00 82=4b 
88=1a 89=00 8a=4b 90=1a 

Re: A small research paper - Thoughts about Cisco.

[Daniel Ouellet]

On 3/11/10 6:13 AM, TS Lura wrote:

Dear OpenBSD community,

I'm doing a small research paper on Cisco and try to find out if they are
evil or not in relative to open/free source/standards, and business
practice. Eg. locking people to their product line aka the MS way.

I'm sending this mail to you guys because I think many of you know allot
about networking, and the networking industry. I'm hoping that someone would
be kind and share some of their impressions of Cisco with me.

My hypothesis is that Cisco is following the best business practice in
relation to proprietary and open/free source.
To answer this hypothesis I'm trying to find out if Cisco is using their
proprietary solution when there is a better open/free  alternative.

My preliminary thoughts is taken from what I have perceived, that Cisco
makes a proprietary solution to give them a edge and uniqueness in the
marked which they can harvest capital from. And when that solution has
become commonplace they switch over to non-proprietary solutions to become
more interoperable and thus stay competitive.

First, Is this reasonable observation?
Second, Are there any deviations from this trend? If so, why?


I'm very grateful for any reply I get.


Kind regards,

TSLura.



Well, this is a big question and you will get a very wide feedback and I 
would guess, not much good one, but I sure could wrong.


For my own having to deal with them for years and have sadly plenty of 
SmartNet contract as well, they only thing I can tell you, and there is 
a lot. The only time I ear from Cisco, even if some IOS may have big 
bugs in them and that may affect me, they will only contact me when the 
SmartNet time to renew comes! One would thank that they may follow up 
with their own urgent fix, but no!


For the ISL, you already got that reply, but a few years ago, they still 
were trying to force you to buy their switches and use ISL over the 
standard 802.11Q!


For VoIP, even if SIP is the wide standard, they still try to lock you 
in their Skiny protocol over the wide standard one and even if you hve 
smartnet on their 7960 SIP phones, unless you use their own proprietary 
system they will not support the SIP standard and provide IOS upgrade 
for it as they should, even with smartnet. They called meon that and try 
to talk me init, but I cancel ALL the smartnet for ANY Cisco IP phones 
and that's a lots of them. What's the point of having smartnet if you 
can't get IOS upgrades and there answer was for the physical device if 
it break, you get it replace and all. Well, you know what, if it break I 
can replace if with Polycom instead and they support it better then 
Cisco does! But if I can't do that, then even getting a new Cisco is 
better and cheaper int he end then having a worthless smartnet on the 
phones!


As for OpenStandard, CARP and VRRP is a good example, you can research 
that if you like. That's an OpenBSD solution over a Cisco suppose to be 
Open one!


Then you have the same thing when you need new equipment, if you tell 
Cisco that you are looking at competition product of their, then you 
will get discount as long as you know what you are talking about on the 
hardware. Never on the SmartNet. But very interestingly here, if you 
talk about Open solutions, like the bgpd or even the ospfd, or better 
yet, the upcoming MPLS, then you really get them talking and yes, they 
will call you and try to talk to you in not touching that telling you 
all kind of bullshit that it's not supported, that you will get problem, 
it will not work, that you will be better served by Cisco and they will 
stand by you to help you in emergency and all that crap sale talk.


Don't get me wrong Cisco does have good product for most of them. They 
will help some, may be not as they should for sure if you have SmartNet, 
but that will cost you big time!


However, you will be stuck in this endless continuous under power 
hardware that needs constant upgrade all the time and they will suck you 
dry in smartnet contract for not much servic in the end provided sadly 
in the last few years by 1/2 the time from people that you can't even 
understand when you talk to them. Sadly the one I find the best are when 
you open your ticket at night and you get them from down under in 
Australia. They follow up better and give you better feedback then sadly 
anyone so far I got in the US and definitely much better then when you 
are so unlucky to get them from Asia when they follow their script to 
the letter for most of them when you talk tot hem. You will get some 
good one at time, but by far it's not the norm as long as you can 
understand them. Don't get me wrong, some are very nice and know their 
stuff, but that's not the norm by far and for the price you have to pay 
for your smartnet, you sure hell have the right to expect BETTER!!!


In short, my own experience is as follow. The niceness of Cisco is 
directly in reverse of the choice of solution you pick being the start 

Re: any web management gui for pf ?

[Daniel Ouellet]

On 3/14/10 3:48 AM, PP;QQ P(P8P?P8QP8P= wrote:

the problem was described very precisely pf gui like pfsense, but
installable on clean OpenBSD box, wasn't it ?


Then why don't you use pfsense and port it back to OpenBSD.

After all pf was created on OpenBSD and works better on OpenBSD anyway 
and the license of pfsense is BSD.


http://www.pfsense.org/index.php?option=com_contenttask=viewid=42Itemid=62

So, if that's what you really want, then help yourself and make it work 
and you will have exactly what you want.


You have been told there isn't one decent and you want pfsense like, so 
use that and bring it to OpenBSD as you want.


And right on the pfsense website there is a big logo with Commercial 
Support Available If you can't do it, then pay them to do it for you 
and your team will have what they want.


But frankly, I would very much recommend you to simply edit the pf.conf 
and refer to the manual if you have question, there isn't anything that 
will ever do it better, really no joke or punch intended, there isn't 
anything that will come close to it.


Best of luck.

Daniel