Re: I can use snapshots packages in a release?

[Scott McEachern]

On 10/24/11 17:29, Zantgo wrote:

What happens is that usually we talk about unified and synchronized to the
manual, but I have not seen anything about the packages, then my question is,
I can use packet-release snapshots?, ie have my
PKG_PATH =.../snapshots/packages.

Zantgo



If you're asking if you can use -release packages with -current, then in 
a word, no.


If you are running -stable (which is -release + patches), you can use 
the precompiled packages or build them yourself.  (Note: packages for 
5.0 won't be available until after Nov. 1st, so if you get your CD set 
early, you either have to wait or compile them yourself.)  This info can 
be found in the FAQ.


If you are running -current from source, update the ports tree source at 
the same time and compile them yourself.  If you are running a snapshot, 
download the ports tree for that day and compile them yourself.  This 
info can be found in the FAQ.


Go read the freaking FAQ -- it's there for a reason -- instead of 
sending these silly emails.  Or better yet, do as others have suggested: 
install OpenBSD on a spare machine and play around.  Read the FAQ again 
and again before spamming the list (even) more, wasting everyone's 
time.  You are either dense or just not listening.

Re: USB mouse

[Scott McEachern]

On 10/26/11 18:52, Zantgo wrote:

How I can run USB mouse?

Zantgo



Did you try formatting it first?

Re: USB mouse

[Scott McEachern]

On 10/26/11 20:05, Christiano F. Haesbaert wrote:

On 26 October 2011 20:52, Zantgozan...@gmail.com  wrote:

How I can run USB mouse?

Zantgo



It should work just by plugging it, have you tried ?



Oh that's just pie-in-the-sky craziness.

The next thing you'll be saying is that USB keyboards should just work.

Re: Multi Link PPP support in Kernel

[Scott McEachern]

On 11/17/11 19:43, Stuart Henderson wrote:
wow, people really still use multilink? i remember it being a fair 
hassle on the lns side back when we did it with dialup... over here 
(UK) the few people doing this sort of thing use per-packet IP 
load-balancing these days. 


Over here (Canada; Ontario specifically), where Russell and I are both 
located, the copper is owned by Bell Canada, a private company.  They 
resell their bandwidth to independent ISPs, but *everyone* is stuck with 
the throttling that Bell applies during certain hours of the day.


You mentioned dialup.  Bell's throttle drops P2P traffic to the speed of 
a 56k modem, and to 28.8k during the most restrictive hours.


I can't speak to Russell's reasons for using MLPPP, but myself and many 
others that use independent ISPs use MLPPP to evade the throttle.  I 
don't know the technical details behind how it works, but it's currently 
the only way to get around Bell's throttle.  Most people use the 
Tomato firmware on their modems, but OpenBSD does it perfectly for me. :)


- Scott

Re: Narcicism?

[Scott McEachern]

On 12/01/11 02:28, John Tate wrote:

I think I've found a bug in the OpenBSD crowd. They bug the hell out of me
and my little mistakes.

I am not talking about people who actually have a solution, but I can't
seem to ask anything on this list without parrots coming along picking on
me. I think some people just hang out here because it's the most anal bunch
of hackers ever, in recorded history. What are your experiences?

Is it true that occasionally we attract people who either love bullying or
are just lazy and pretending to be one of the clever?

It just figures some of these people sit on the list, and email you poorly
researched crap with no answers contain.

If you hate a question, it truly doesn't belong, bug me.

But if you just can't answer a question, ignore it.

John Tate.

Note: Yes, it's not my list.



John, if you don't mind, I'll give you some advice:  Do your homework 
before posting to the list.  Your basic instinct is to click Send 
instead of thinking first.  I've lost count of how many of your posts 
were retracted by yourself, with a big oops, my bad or were replied to 
with RTFM-type responses.  I got a kick out of one retraction where you 
said something like Sorry, I was drunk.


You're obviously new here.  Sure, it's a tough crowd at times, but that 
only happens when people don't bother reading the FAQ, or the man pages, 
or trying things out for themselves.  A lot of people have asked 
stupid questions or said something dumb -- myself included -- and 
got painful responses.  I've had my share of facepalm experiences and 
had my ass handed to me plenty of times, but I deserved it.


But you know what?  I try to not make a regular occasion of it.  It 
seems you do.


I help a lot of people off-list, and I know for a fact many others do 
the same.  I've found through years of experience there are two kinds of 
people on this list: those that need a little help and pointed in the 
right direction, and those that need their hands held for every step.  
Guess which category I put you in?  And that's exactly why I've helped 
you a grand total of zero times.


Now you have the gall to come on this list and insult the people that 
are trying to help you.  I don't think there's anyone on this list that 
sits idly, waiting for an opportunity to pick on or bully someone.  
Get a grip, get some thicker skin, and most of all, RTFM first.


I guarantee that if you take my advice, you'll find this list to be a 
very, very valuable resource.  Remember, there is a difference between 
*reading* and *comprehension*.  Work a little harder on the latter and I 
think you'll find you won't be picked on.


Stop playing the victim.  You're not the first and it's old.

--
Scott McEachern

https://www.blackstaff.ca

Re: Narcicism?

[Scott McEachern]

On 12/01/11 10:25, John Tate wrote:

I'm 24 years old. I was a Linux hacker since I was 13. I am a bit of a guru
and do my own Kerberos and such on an all BSD/Linux network. OpenBSD and
Debian Linux. I love OpenBSD, I'm a bit weird because I use bash. I can put
up with being made fun of. At 13 I didn't just start learning Linux I
started learning C++ as well. I failed to apprehend it properly at that
age, but at an older age I relearned it well. I am the guru sort of guy, I
know a hell of a lot but I'm still connecting it and in that sense still
learning.



John, sorry to burst your bubble, but in your case it really must be done.

You are not a hacker.  Really.

You are not a guru.  Really.

You are a kid who is having a great deal of difficulty learning the 
basics.  You say you're 24, but I seriously doubt that, considering you 
cannot spell narcissism and cannot distinguish between apprehend and 
comprehend.  I think you are in dire need of a dictionary (I recommend 
Oxford).


John, you are a legend, but only in your own mind.  Your gun has no 
bullets; your pencil has no lead; your tree has no wood.


You have some miles to go beyond setting up basic NFS before you can be 
called a hacker.


This is a good start to your journey:

$ man man

Thanks for the laughs.  No reply is necessary.  Really.


--
Scott McEachern

https://www.blackstaff.ca

Radeon 4200 and azalia audio problems

[Scott McEachern]

I recently upgraded to the most recent (Jan. 26) snapshot from a system 
built from source on Jan. 24th, with mixed results: (dmesg follows)


- Jan. 24th: using the xf86-video-ati-6.14.3.tar.gz driver from x.org, 
mplayer video output was jittery, like the driver couldn't keep up, but 
audio was fine[*1].  I got the your computer is too slow! message from 
mplayer (no, it isn't).


- Jan. 26th: Not using the 6.14.3 driver, mplayer output was the same as 
above.  With the x.org driver, mplayer video output is now fine, but 
there is a noticeable crackling/distortion during playback of some (not 
all) movie/TV files.  It sounds like the audio levels of the media files 
is too high, but audio was fine on these same files the other day.


[*1] - I'm not sure exactly when this popped up, only in the last week 
maybe, but now I can hear interference on the computer speakers during 
some (usually intense) HDD activity.  The connections are solid (no 
recent changes/moves), but now when there is no background noise in the 
room, the HDD squealing sounds are quite noticeable.


I just thought I'd let people know.  Any suggestions would be 
appreciated, and I'll keep trying new snaps as they are released.


- Scott

dmesg:

OpenBSD 5.1-beta (GENERIC.MP) #188: Thu Jan 26 15:00:02 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4023975936 (3837MB)
avail mem = 3902701568 (3721MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) 
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) 
UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) 
UHC7(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.23 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu4: DTLB 48 4KB entries fully 

A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

sd0 at scsibus2 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd0: 36985MB, 512 bytes/sector, 75745947 sectors
root on wd0a (383cb6009c765d64.a) swap on wd0b dump on wd0b


---
 Scott McEachern

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
I'm not familiar with nginx but in general, the crazy-simple 
explanation I can think of is that you're running from a chroot. So 
the daemon will look for files relative to its chroot. 


That's *hilarious*.

And of course, you're quite right.  It works perfectly fine.  Now, I can 
only hope it stays alive, unlike php-fastcgi...


Thanks Remco!

--
Scott McEachern

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
If the file on your file system is /var/nginx/html/who_is_online.php, 
a daemon chrooted to /var/nginx will see it as 
/html/who_is_online.php. If the daemon chrooted to /var/nginx should 
really see /var/nginx/html/who_is_online.php, the file should live in 
/var/nginx/var/nginx/html/who_is_online.php on your file system. Hope 
this helps. 


Oh, I just wanted to mention one more thing for the archives/google:

php-fpm takes on the chroot of the web server.

Ignore the php-fpm.conf documentation where it says Default value: not 
set and When this value is not set, chroot is not used.  Bah.  :/


--
Scott McEachern

Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

I originally sent this message to misc@ on April 17/2011, but I never 
got a response and I can't find it in the archives.  (I found this copy 
in my sent mail).


I guess it never went through.  Since I never heard anything back, I 
figured I'd wait a while and see if the problem got corrected after the 
kernel hackathon finished.  (It didn't.)


I gave the most recent snapshot (June 29) a try, and the problem 
remains, so I'll try sending this again.  I haven't seen anything 
about this on the list since; surely I can't be the only person who has 
run into this.


My original message:


After some experimenting, I've discovered that userland ppp stopped 
working normally at some point between the March 24th and April 8th 
snapshots.


I've been using the same ppp.{conf,linkup,linkdown} files for 6 months 
now with 4.8-stable without any problems.  This weekend I decided to 
change firewall hardware and use -current, and the same configuration fails.


It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work 
just fine.  The next snap I have in my collection is Apr. 8th, and 
everything since then including Apr. 17th, fails.


Replication is simple:

- clean install, not an upgrade.  No customizing/tweaking anything.
- copy my known-good ppp.* files over
- up the interface my DSL modem is on
- adjust syslog.conf to allow ppp logging to /var/log/ppp.log
# ppp -ddial mlppp (config file below; normally this done from rc.local)

- with anything = Mar 24th, the connection works straight away
- with anything = Apr. 8th, the ppp process loops continuously trying 
to establish the connection


Looking at the log, the old version shows LCP: 2: RecvConfigReq, after 
which my MRU drops from 1500 to 1492, and the connection ultimately 
succeeds.  The new version only shows LCP: 2: SendConfigReq and the 
redial process loops until manually stopped.


Does anyone have any idea if my config needs adjusting, or have I found 
a bug?  The only variable is the version of -current I use, and the 
ppp(8) man page is the same.  Nothing to indicate that my config needs 
adjusting.


I'm not sure if the following log snippets show the proper information, 
so I'll wait for requests for full logs instead of spamming the list 
with a hugely long post.


Thanks,

- Scott


Log snippet from successful connection:
Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected!
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- 
Closed
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1500
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x48a3693d
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- 
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- 
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = 
Ack-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = 
Ack-Sent


Log snippet from unsuccessful connection:
Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier
Apr 17 

Re: Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

On 07/04/11 10:56, Stuart Henderson wrote:

On 2011-07-04, Scott McEachernsc...@blackstaff.ca  wrote:

I gave the most recent snapshot (June 29) a try, and the problem
remains, so I'll try sending this again.  I haven't seen anything
about this on the list since; surely I can't be the only person who has
run into this.

does this help?




It is now working perfectly, thank-you very much Stuart!  (Truth be 
told, I saw your commit on src, so I just did a cvs update vs. applying 
the patches by hand.)


They were applied against the known bad Apr 8th snapshot, but I'll 
confirm with -current when a new snap is released.


- Scott

xf86 driver won't compile

[Scott McEachern]

I think I'm missing something obvious here, so a clue-stick beating 
would be appreciated.


In order to get applications like mplayer to work properly, I need to 
compile an ATI Radeon 4200 driver from x.org.  (Thanks to brynet for 
that tip.)  That used to work fine, but around mid-May it stopped 
compiling (details below).  The configure script output has this slight 
difference:


$ diff configure.ok configure.failure
88c88
 checking for LIBDRM_RADEON... no
---
 checking for LIBDRM_RADEON... yes
132c132
 Kernel modesetting:  no
---
 Kernel modesetting:  yes

so I think I'm missing something simple, but with my limited knowledge, 
I'm just not understanding it.  The driver compiles just fine when 
LIBDRM_RADEON is _not_ found, but craps out when it is found.  I don't 
get it.


Any help would be appreciated.


Make spits out this:

$ sudo make
make  all-recursive
Making all in src
  CC ati.lo
  CC atimodule.lo
  CCLD   ati_drv.la
  CC radeon_accel.lo
radeon_accel.c: In function 'RADEONHostDataBlit':
radeon_accel.c:866: warning: '__expected' may be used uninitialized in 
this function

  CC radeon_cursor.lo
  CC radeon_legacy_memory.lo
  CC radeon_driver.lo
In file included from radeon_atombios.h:151,
 from radeon_driver.c:77:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_video.lo
  CC radeon_bios.lo
In file included from radeon_atombios.h:151,
 from radeon_bios.c:42:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_mm_i2c.lo
  CC radeon_vip.lo
  CC radeon_misc.lo
  CC radeon_probe.lo
  CC legacy_crtc.lo
In file included from radeon_atombios.h:151,
 from legacy_crtc.c:48:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC legacy_output.lo
In file included from radeon_atombios.h:151,
 from legacy_output.c:49:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_textured_video.lo
  CC radeon_pm.lo
In file included from radeon_atombios.h:151,
 from radeon_pm.c:39:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_crtc.lo
In file included from radeon_atombios.h:151,
 from radeon_crtc.c:703:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_output.lo
In file included from radeon_atombios.h:151,
 from radeon_output.c:50:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_modes.lo
In file included from radeon_atombios.h:151,
 from radeon_modes.c:51:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_tv.lo
In file included from radeon_atombios.h:151,
 from radeon_tv.c:26:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC CD_Operations.lo
In file included from ./AtomBios/includes/Decoder.h:52,
 from AtomBios/CD_Operations.c:47:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC Decoder.lo
In file included from ./AtomBios/includes/Decoder.h:52,
 from AtomBios/Decoder.c:45:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_atombios.lo
In file included from radeon_atombios.h:151,
 from radeon_atombios.c:34:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

radeon_atombios.c: In function 'rhdAtomParseI2CRecord':
radeon_atombios.c:1608: warning: initialization from incompatible 
pointer type

  CC radeon_atomwrapper.lo
In file included from radeon_atomwrapper.c:33:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_dri.lo
  CC radeon_exa.lo
  CC 

Re: xf86 driver won't compile

[Scott McEachern]

On 07/20/11 11:06, David Coppa wrote:

I think you need to pass --disable-kms to ./configure



Thank-you David and Nigel!

That works perfectly, and I'm now (very happily) back to running 
-current.  (I'm currently compiling a bunch of ports, and waited until 
thunderbird finished before replying.)


I _knew_ I was overlooking something simple...  When it came to the 
configure script diff, I was paying attention to LIBDRM_RADEON and 
trying to include this and that, while kernel modesetting was the 
problem.  And to think, I _almost_ didn't paste those lines from the 
diff thinking they were irrelevant.


Thanks again guys,

- Scott

two IP addresses on one pppoe connection

[Scott McEachern]

Hello all,

I currently have a single line DSL connection with my ISP and I am 
considering getting a 2nd IP from them for a second domain.  The DSL 
modem  (a speedtouch 516 which has a single ethernet connection to the 
LAN) is in bridge mode so the OpenBSD firewall handles the 
connection/authentication.


I was wondering if there is a way to have ppp/pppoe bind a second IP 
address to one DSL connection?  And if this is possible, would the IPs 
then be bound to tun0:0 and tun0:1?  I cannot find an answer to this in 
my research.


This is my current setup for a single IP, which works wonderfully:

In /etc/rc.local:

if [ -f /is_fw0 ]; then
   echo -n ' PPPoE ';
   ppp -ddial pppoe
   sleep 2
fi

In /etc/ppp/ppp.conf:

default:
set log Phase Chat IPCP CCP tun command
set redial 3 0
set reconnect 5 10

pppoe:
set device !/usr/sbin/pppoe -i ne3
set mtu 1492
set mrru 1524
set speed sync
set cd 5
set dial
set login
set timeout 0
set authname myusername
set authkey mypassword
add! default HISADDR
enable dns
enable mssfixup



--

- RSM

http://erratic.ca

Re: two IP addresses on one pppoe connection

[Scott McEachern]

Todd T. Fries wrote:

If you use the kernel mode pppoe, you can ifconfig add them as an
alias to the interface, you might be able to do the same to the tun
interface, see if it works...

  
I was hoping to accomplish this with userland pppoe as it is simpler to 
configure, and it already works.  Would userland pppoe pick up a second 
set of PAD* communications?  I can look into switching my setup to 
kernel mode pppoe but didn't want to completely redo a working config.

You are showing your roots, tun0:0 and tun0:1 are Linux naming
conventions, here in OpenBSD we just add addresses to the device
itself as 'aliases' aka:
  
Uhm, no. I haven't touched Linux in probably 10 years (and would like to 
keep it that way! :).  I was referring to something I read years ago 
about pf being able to handle pass in from fxp0:0-type names in 
filtering interface aliases and wondered if that convention would apply 
here, since I would be using pf to handle incoming traffic (from the one 
connection) to the appropriate internal network based on either 
originating IP or aliased interface.


The point being that ne3 happens to be the interface (its hostname.ne3 
reads up only) for the pppoe connection which magically creates the 
tun0 interface, and wondered if it would create such a beast as tun0:1 
(or a tun1 for that matter) that could be used in pf rules, but I wasn't 
sure.  I've never had occasion (yet) to use pf to address an interface 
alias directly.


Regardless of interface naming conventions, am I to understand that as a 
no, userland pppoe cannot handle a 2nd IP address on the same 
connection?  Before I tear down an existing config for a new one, I 
would like to ensure my goals are not do-able by the existing one.

  # ifconfig fxp0 inet 1.2.3.4 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.5 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.6 netmask 255.255.255.0
  # ifconfig fxp0
  fxp0: flags=...
  [..]
inet 1.2.3.4 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.5 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.6 netmask 0xff00 broadcast 1.2.3.255

For further reading see ifconfig(8), hostname.if(5), and
pppoe(4) (as opposed to pppoe(8)).

Penned by Scott McEachern on 20090525 11:26.33, we have:
  

Hello all,

I currently have a single line DSL connection with my ISP and I am  
considering getting a 2nd IP from them for a second domain.  The DSL  
modem  (a speedtouch 516 which has a single ethernet connection to the  
LAN) is in bridge mode so the OpenBSD firewall handles the  
connection/authentication.


I was wondering if there is a way to have ppp/pppoe bind a second IP  
address to one DSL connection?  And if this is possible, would the IPs  
then be bound to tun0:0 and tun0:1?  I cannot find an answer to this in  
my research.


This is my current setup for a single IP, which works wonderfully:

In /etc/rc.local:

if [ -f /is_fw0 ]; then
   echo -n ' PPPoE ';
   ppp -ddial pppoe
   sleep 2
fi

In /etc/ppp/ppp.conf:

default:
set log Phase Chat IPCP CCP tun command
set redial 3 0
set reconnect 5 10

pppoe:
set device !/usr/sbin/pppoe -i ne3
set mtu 1492
set mrru 1524
set speed sync
set cd 5
set dial
set login
set timeout 0
set authname myusername
set authkey mypassword
add! default HISADDR
enable dns
enable mssfixup



--

- RSM

http://erratic.ca



  



--

- RSM

http://erratic.ca

Re: two IP addresses on one pppoe connection

[Scott McEachern]

Todd T. Fries wrote:

If you use the kernel mode pppoe, you can ifconfig add them as an
alias to the interface, you might be able to do the same to the tun
interface, see if it works...

You are showing your roots, tun0:0 and tun0:1 are Linux naming
conventions, here in OpenBSD we just add addresses to the device
itself as 'aliases' aka:

  # ifconfig fxp0 inet 1.2.3.4 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.5 netmask 255.255.255.0
  # ifconfig fxp0 inet alias 1.2.3.6 netmask 255.255.255.0
  # ifconfig fxp0
  fxp0: flags=...
  [..]
inet 1.2.3.4 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.5 netmask 0xff00 broadcast 1.2.3.255
inet 1.2.3.6 netmask 0xff00 broadcast 1.2.3.255

For further reading see ifconfig(8), hostname.if(5), and
pppoe(4) (as opposed to pppoe(8)).

Penned by Scott McEachern on 20090525 11:26.33, we have:
  

Hello all,

I currently have a single line DSL connection with my ISP and I am  
considering getting a 2nd IP from them for a second domain.  The DSL  
modem  (a speedtouch 516 which has a single ethernet connection to the  
LAN) is in bridge mode so the OpenBSD firewall handles the  
connection/authentication.


I was wondering if there is a way to have ppp/pppoe bind a second IP  
address to one DSL connection?  And if this is possible, would the IPs  
then be bound to tun0:0 and tun0:1?  I cannot find an answer to this in  
my research.


This is my current setup for a single IP, which works wonderfully:

In /etc/rc.local:

if [ -f /is_fw0 ]; then
   echo -n ' PPPoE ';
   ppp -ddial pppoe
   sleep 2
fi

In /etc/ppp/ppp.conf:

default:
set log Phase Chat IPCP CCP tun command
set redial 3 0
set reconnect 5 10

pppoe:
set device !/usr/sbin/pppoe -i ne3
set mtu 1492
set mrru 1524
set speed sync
set cd 5
set dial
set login
set timeout 0
set authname myusername
set authkey mypassword
add! default HISADDR
enable dns
enable mssfixup



--

- RSM

http://www.erratic.ca



  
Thanks Todd, and sorry for getting back to you so late.  I'll leave this 
here so others searching, like I did, can get an answer.


As it turns out, at least with my ISP (TekSavvy in Canada if that helps 
anyone) once you go past having a single IP assigned to you, that IP 
becomes a gateway for the new IPs in the ISPs eyes.


I was thinking there would be some type of PAD* interaction beyond 
getting the first IP, but there isn't, you just use the new IPs by 
exactly what you said above, aliasing them to your $ext_if.


So the specifics for OpenBSD is that this is completely do-able with 
userland pppoe.  Keep the existing pppoe setup for the single IP as is, 
and just modify the /etc/ppp/ppp.linkup file as such:  (Assuming you 
were given a.b.c.d/30)


MYADDR:
!bg sh -c /sbin/ifconfig tun0 alias a.b.c.d netmask 255.255.255.255
[...]
!bg sh -c /sbin/ifconfig tun0 alias a.b.c.d+3 netmask 255.255.255.255
!bg sh -c /sbin/pfctl -ef /etc/pf.conf
!bg sh -c pkill -1 named

 The last two lines are to load a pppoe-aware pf.conf and to let the 
name server start listening on any external address per named.conf.
 The result is that adding a /30 actually gives a total of 5 usable 
IPs: the original IP, what you would think are the 'network' and 
'broadcast' addresses for the /30, plus the two 'normal' usable addresses.
 After that, it was just a matter of myself and pf.conf having a chat, 
and all is well. :)


--

- RSM

http://www.erratic.ca

Re: New Translation Options in PF

[Scott McEachern]

Anathae Townsend wrote:

match out on external from mynetwork to any nat-to (external) round-robin

Should round-robin be showing up in the rule?

  
Remove the parentheses on external and it will use the first IP assigned 
to external and not use round-robin.


--

- RSM

http://www.erratic.ca

Re: carp master - backup problem

[Scott McEachern]

Peter Hessler wrote:

On 2009 Oct 28 (Wed) at 01:55:40 -0400 (-0400), Scott wrote:
:$ cat /etc/hostname.carp0:
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 1 carpdev fxp0
-snip-
:$ cat /etc/hostname.carp0
:inet 192.168.0.9 255.255.255.0 192.168.0.255 vhid 2 advbase 1 advskew
:100 carpdev xl0

The vhids need to be identical.

  
And therein lies the solution.  I misunderstood the documents and 
thought that each carp node had a unique vhid.


I've since tested with both online, the master offline, then put back, 
etc. and all works *perfectly* fine now!  I knew it was my bad.


Thank-you very much for pointing out my error, and to the others that 
helped out.  I'm sorry for the noise.


BTW: I forgot to mention this, but thanks to all the folks involved with 
4.6.  The CDs arrived just outside of Toronto on 19 Oct (Monday last 
week.)  :) :)


--

-RSM

http://www.erratic.ca

Re: carp master - backup problem

[Scott McEachern]

Bryan Irvine wrote:

I do believe preempt should be 1 on both servers. Let the advskew
handle which one is primary.

What do you see for output of 'netstat -s -p carp' and 'netstat -s -p pfsync'

-B

  
I tried it with both servers set to preempt=1, with the same results, 
but to double check I did it again.  The results are identical to 
everything I posted previous, except (on the secondary server):


$ sysctl net.inet.carp
net.inet.carp.allow=1
net.inet.carp.preempt=1
net.inet.carp.log=2

Per your request:

(on the primary:)
$  netstat -s -p carp
carp:
   226 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   226 discarded for unknown vhid
   0 discarded because of a bad address list
   387 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

(on the secondary:)
$  netstat -s -p carp
carp:
   335 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   335 discarded for unknown vhid
   0 discarded because of a bad address list
   236 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

This was done after a clean reboot (both) and my accessing the site from 
an external shell account I have (using lynx).  The secondary still 
responds first, and when it is taken offline (halt -p), the primary does 
not take over (no answer).  The primary only takes over normal duties 
when the hostname.carp0 file has been renamed on the secondary, the 
secondary has actually been rebooted and sh /etc/netstart has been run 
on the primary.  After the secondary was taken offline, and sh 
/etc/netstart run on the primary, I accessed the site again (the primary 
is then the only carp node), and did this: (from the primary)


$ netstat -s -p carp
carp:
   372 packets received (IPv4)
   0 packets received (IPv6)
   0 packets discarded for bad interface
   0 packets discarded for wrong TTL
   0 packets shorter than header
   0 discarded for bad checksums
   0 discarded packets with a bad version
   0 discarded because packet too short
   0 discarded for bad authentication
   372 discarded for unknown vhid
   0 discarded because of a bad address list
   704 packets sent (IPv4)
   0 packets sent (IPv6)
   0 send failed due to mbuf memory error
   1 transition to master

As for output regarding pfsync, all values are zero because I do not use 
pfsync.  It is a single firewall with two web servers internally, not a 
redundant firewall situation.  No changes have been made to the firewall 
at all.


I'm at my wits end for why this doesn't work.  It *must* be something 
wrong with my config, as I just don't believe it's a bug in carp.  
This config is practically straight out of the FAQ so I'm at a total 
loss. :(


FWIW, the pf.conf on the firewall uses these values (which normally work 
fine):

(...)
gw_ext=$ext_ip4 -- my external IP addy for that web site, I have 5 IPs
gw_int=192.168.0.9 -- the carp node, or when not using carp, the 
primary web server
#gw_int=192.168.0.19  -- for when I manually switch to the secondary 
server

gw_ports={ 80, 443 }
int0_if=xl0
tcp_flags=flags S/SA modulate state
(...)
not_private={ \
   !0.0.0.0/8, \
   !10.0.0.0/8, \
   !127.0.0.0/8, \
   !169.254.0.0/16, \
   !172.16.0.0/12, \
   !192.8.2.0/24, \
   !192.168.0.0/16, \
   !240.0.0.0/4, \
   !255.255.255.255/32 \
}
(...)
rdr on $ext_if proto tcp from $not_private to $gw_ext port \
   $gw_ports - $gw_int
(...)
pass in log quick on $ext_if inet proto tcp from $not_private to $gw_int \
   port $gw_ports flags S/SA synproxy state
(...)
pass out quick on $int0_if proto tcp from $not_private to $gw_int \
   port $gw_ports $tcp_flags

The firewall config has worked fine and hasn't been changed in ages, but 
I can't help wonder if something there is screwing up carp.  Redoing and 
simplifying the fw rules (using tags) is next on my todo list, but I 
figured I'd get carp working first before changing a known good fw 
config and adding another change to the mix.


--

-RSM

http://www.erratic.ca

Where are ports changes for -stable?

[Scott McEachern]

Henning Brauer wrote:

yyou need to upgrade php to 5.2.11, from -stable.

  
Sorry if I have missed something, but where would I find the ports 
changes for -stable?  (Other than manually looking in each port's 
Makefile details.)  Until Henning mentioned the new version, I had no 
idea php had been upgraded.


--

-RSM

http://www.erratic.ca

Re: Where are ports changes for -stable?

[Scott McEachern]

Robert wrote:

First there are the commit messages on the ports-changes mailinglist.
Look for those tagged OPENBSD_4_6.

When you update your local cvs checkout, just ommit the -q option and
you will see every changed file, so you don't have to manually dive into
the tree.


- Robert





I have subscribed to the ports-changes list and watch for the 
OPENBSD_4_6 tag as that seems most appropriate for my situation.  The 
only problem with watching the cvs output is a catch-22: I don't do cvs 
up and a fresh build until there is a change to -stable.


Thanks for the many replies folks, as always, problem solved.

--

-RSM

http://www.erratic.ca

Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/

[Scott McEachern]

Theo de Raadt wrote:

   http://article.gmane.org/gmane.linux.kernel/706950


  
I replaced Linux around '01 or '02 with OpenBSD both at companies I've 
worked for since and at home.  I don't really care what other people use 
for their needs, and I've been neutral in my opinion about Torvalds and 
Linux (mostly because I don't pay any attention to what he or anyone 
else in the Linux crowd have to say.)  I didn't move to, or stick with, 
OpenBSD as an anti-Linux (or anti-anything) statement.


My opinion changed today when I read Linus' email from Theo's link.

Linus seriously thinks that any random bug in any app that causes a 
crash is just as important as a security hole that gets your box rooted?


Now I don't just think he's an idiot, I know it.  Now I understand the 
background to the disparaging comments Theo has made about Linus now and 
then.


--

-RSM

http://www.erratic.ca

Re: OpenBSD culture?

[Scott McEachern]

On 04/15/10 01:39, VICTOR TARABOLA CORTIANO wrote:

Fascinating. I predicted Peereboom would post the same old rant.

   

My fix has nothing to do with childish attitude or being more nerdy than
you.  It has everything do with GNU's twisted definition of  freedom.

 

Yet, that's YOUR view on the subject. My views are quite different.
   

His view is right and your's is incorrect.

 

You can not dictate the truth.

   



If you think the GPL == freedom, you wouldn't know the truth if it bit 
you on the ass.




You probably hate the GPL. I like it.
   

Because you hate freedom and are self proclaimed hippie.

 

I do not dictate my views to others.  Your typical insults and
testosterone bursts aren't effective where logical thinking is
present.
   



Then apply some logical thinking yourself, and quit drinking Stallman's 
kool-aid.


How many restrictions are in the BSD and ISC licenses?  For all intents 
and purposes, one: keep the copyright message intact.  Otherwise, *free* 
to do with as you please.  That's a fact.


Now go look at the GPL, any version, and list the restrictions.  You 
can't do this, you can't do that, unless you do this, unless you do that.


There's a clue in having many versions over the years: refinements of 
the restrictions.  That's a fact.


Here's a short overview:  http://www.openbsd.org/policy.html

If you don't believe the GPL has more restrictions, ask a lawyer and see 
for yourself.  The lawyer will give you some facts.


Maybe the GPL is best for *your* needs, but don't blather on about it 
being 'free'.  You sound like an idiot.




   

So let's stop arguing because this is already off-topic. You won't
be able to change my views, and I won't even try to change yours.
   

Why not?  You are wrong, and worse not admitting it.

 

Yelling that I'm wrong and testosterone bursts won't make me wrong.
Maybe logical arguments would change my mind, but that requires
intelligence, not superficial whining.

   


You are whining.  And not sounding particularly intelligent in the process.


The GPL is a promise of good communism.  Wake me up when it starts
working.

 

Yet you use GCC.

Marco, instead of complaining about GNU, GPL, FSF, Linux, etc. Why
don't you write some code instead? I know it's a strange concept.

   


WTF are you talking about?  I don't recall seeing your name on any 
OpenBSD commits.  I know about marco@, but not *you*.  Where are your 
commits?  STFU already.



--
- RSM
www.erratic.ca

Re: OpenBSD culture?

[Scott McEachern]

On 04/15/10 23:14, VICTOR TARABOLA CORTIANO wrote:

The dictionary definition of freedom is no restrictions

 

NO RESTRICTIONS

May I point out to you that ISC has restrictions. You are
contradicting yourself.

Logic works the same for everyone, since it's an abstract
field, but apparently you did not study it.

   


You do realize that you are completely insane, right?

(And obviously, that's not just _my_ opinion.)


--
- RSM
www.erratic.ca

Re: Routing on two Nic's

[Scott McEachern]

On 04/16/10 13:26, Ted Roby wrote:

On Fri, Apr 16, 2010 at 10:54 AM, Danny de Bontdannydeb...@telkomsa.netwrote:

   


All jokes aside 

My router is on 10.0.0.2


 

Which router? The ADSL router?
Can you configure it as a transparent bridge instead?
Then you can let the OBSD box sit on the same subnet
as the rest of your network, and it can handle whatever
appropriate connection your provider wants. (PPPoE?)

   


That's my favoured approach, but be careful: if you have monthly 
bandwidth caps, you could be looking for trouble.  Junk filtered by 
the xDSL modem doesn't count against you.  Using OpenBSD's pf to filter 
out the bad stuff *will* count against your b/w cap and you could find 
yourself paying for the overage.



--
- RSM
www.erratic.ca

Re: crypt question/server hotel

[Scott McEachern]

On 04/17/10 04:49, Jozsi Vadkan wrote:

I want to put my server in a server hotel.

But: I don't trust my server hotel owner.

What can I do?

   


If someone has physical access to your box, there is nothing you can do, 
period.


There are some really extraordinary (insane) things you can do to 
prevent it, but most of those solutions are only viable in lands where 
unicorns roam free.


This discussion has taken place before on this list (search the 
archives) and the answer to a truly secure machine involved it being 
placed in a 2km thick block of steel reinforced concrete at the bottom 
of an ocean.


I'm also pretty certain this has been asked on Slashdot (search their 
archives) and the simple answer involved an unmanaged server plan with a 
provider other than the untrusted one.


--
- RSM
www.erratic.ca

Re: low httpd performance. Apache 2.2 as default? never? *sighs

[Scott McEachern]

On 05/02/10 20:31, VICTOR TARABOLA CORTIANO wrote:

OpenBSD's stock httpd is very slow and outdated. It is about 6 years old.
Almost an abandonware.
 

I will print this mail and laugh everyday with it. :)

   


Ya, me too.  It'll sit beside your laughable emails where you argued 
that the GPL is more free than the BSD/ISC license.  That whole 
'definition of freedom' thing is still hilarious!


--
- RSM
www.erratic.ca

Re: Relayd on localhost with multiple SSL Certificates

[Scott McEachern]

On 05/12/10 04:53, Keith wrote:
Were doing the above and have relayd listening in 127.0.0.1 port 8080 
and have pf rdr rules redirecting https traffic to 127.0.0.1:8080 and 
the certificate that the https relay is using is called 127.0.0.1.crt
This works fine but what if we want to host another ssl certificate ? 
I can add another IP address to the firewall and put a rdr rules in to 
pf and can put another relay in to relayd.conf but what name does the 
certificate get now ?  This is where I am stuck..





I think you might be looking for something like this:

[ fw0:/etc ]
# cat hostname.lo0
inet alias 127.0.0.10 255.255.255.0
inet alias 127.0.0.11 255.255.255.0
inet alias 127.0.0.12 255.255.255.0
inet alias 127.0.0.13 255.255.255.0
inet alias 127.0.0.14 255.255.255.0
[ fw0:/etc ]
# ls -l /etc/ssl/127*
-rw-r--r--  1 root  wheel  928 Mar  8 03:12 /etc/ssl/127.0.0.10.crt
-rw-r--r--  1 root  wheel  940 Mar  8 03:12 /etc/ssl/127.0.0.11.crt
-rw-r--r--  1 root  wheel  940 Mar  8 03:12 /etc/ssl/127.0.0.12.crt
-rw-r--r--  1 root  wheel  936 Mar  8 03:12 /etc/ssl/127.0.0.13.crt
-rw-r--r--  1 root  wheel  936 Mar  8 03:12 /etc/ssl/127.0.0.14.crt

Tweak to your needs, of course.

--
- RSM
www.erratic.ca

Re: Traffic redirect no longer working

[Scott McEachern]

On 05/21/10 05:37, lheck...@users.sourceforge.net wrote:

rdr on $ext_if proto tcp from $work_hosts to any port ssh -  $ssh_host
pass in quick on $ext_if proto tcp \
  from $work_hosts to $ssh_host port ssh flags S/SA modulate state

  In 4.7, I changed this to

match in on $ext_if proto tcp from $work_hosts to any port ssh rdr-to $ssh_host
pass in quick on $ext_if proto tcp \
  from $work_hosts to $ssh_host port ssh flags S/SA modulate state

   

[...]

  I can ssh from the firewall to $ssh_host just fine; I haven't tested ssh
  from Internet to firewall (with suitable pass rule). What am I missing?
  I guess that some packet information isn't being rewritten correctly or
  completely.

   


Without knowing your details, I'm going to guess you need a pass out 
rule for your internal interface.  Give it a try.  I use this:


pass out quick on $int1_if tagged ext_ssh

but I also tag the matching incoming traffic.

--
- RSM
www.erratic.ca

System Hang - unknown cause [was Re: Running systat queues Leads to System Hang]

[Scott McEachern]

On 07/08/10 02:34, Richard Toohey wrote:

On 8/07/2010, at 2:45 PM, Daniel Melameth wrote:

   

On Fri, Jun 18, 2010 at 11:08 PM, Daniel Melamethdan...@melameth.com
wrote:
 

On my firewall at home, on occasion, running systat queues leaves me with
   

an
 

unresponsive system.  pings are not returned and the keyboard at the
   

console
 

is unresponsive.  Sometimes the command works fine and sometimes it does
not--though it does seem the issue is more likely to occur when the system
has an uptime of more than a week or two.  I'm uncertain how to
   

troubleshoot
 

this further and I have been unable to reproduce the issue on other
4.7-stable systems (though these other systems are not running the same
hardware and software).
   

I upgraded the system several days ago to a snapshot from just before
the hackathon, and the system appeared more stable, but I can now also
instantly kill the box by running netstat -m after about five days of
uptime.

Ideas appreciated...

 

Hardware?

Tried different NICs?  RAM?  Put the HD in another machine?

No-one else seems to be seeing this (or reporting it) and you can't
reproduce on other machines, so worth eliminating hardware.

Anything unusual or different about this machine or what you run on it?

   


I said much the same thing to Daniel off-list when he first posted 
almost two weeks ago, suggesting he try both a new snapshot (at the 
time) and trying another after the hackathon.


Interestingly, since then I've installed the June 23rd snapshot (and 
built to -current on June 27th) and guess what?  Sporadic freezes under 
different circumstances, none of which are the same as Daniel's (netstat 
-m seems to work fine for me.)  When I say freeze, I mean locked up 
hard: no mouse, no keyboard, no pings, nothing; I have to power cycle it.


Two freezes have occurred when I wasn't using the system locally, just 
watching movies (on another PC) using Samba.  One freeze when I was 
reading my mail locally (like now), but an ssh network backup was taking 
place from /etc/daily.local.


I'll be trying a newer snap this weekend (or before) and see how things 
go.  This is using the same hardware and same setup that has been fine 
for almost two years (except a new HDD from Nov/09), so I seriously 
doubt it's hardware.  Three random freezes in a week and a half when 
it's never happened on this hardware before, ever.  My previous install 
was running -current from early(?) May.


Sorry for the completely vague message, I know it won't help anyone 
debug anything.  The problem can't be reproduced, but I'm guessing some 
networking changes have happened that are affecting Daniel and myself.


I'm only posting this in case there are other lurkers that this is 
happening to, who haven't mentioned anything because there just aren't 
any leads to go on.


So, anyone else having mysterious intermittent lockups when the network 
is in use?


Dmesg  processes: (the unmounted warning is from the last time it froze 
up, 27h ago)


OpenBSD 4.7-current (GENERIC.MP) #0: Sun Jun 27 01:54:59 EDT 2010
r...@blackstaff.erratic.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SS

E,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem  = 1061974016 (1012MB)
avail mem = 1035464704 (987MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/14/06, BIOS32 rev. 0 @ 0xfd61a, 
SMBIOS rev. 2.34 @ 0xf0320 (59

entries)
bios0: vendor IBM version 2EKT33AUS date 02/14/2006
bios0: IBM 8215W97
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP TCPA MCFG APIC BOOT ASF! SSDT
acpi0: wakeup devices AZAL(S3) EXP0(S5) EXP1(S5) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USBE(S3) SLOT(S5) K

BC_(S3) PSM_(S3) COMA(S5) COMB(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SS

E,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 4 (EXP1)
acpiprt4 at acpi0: bus 10 (SLOT)
acpicpu0 at acpi0: FVS, 1600, 1400 MHz
acpicpu1 at acpi0: FVS, 1600, 1400 MHz
acpitz0 at acpi0: critical temperature 255 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xac00! 0xcb000/0x1000 0xcc000/0x1000 
0xcd000/0x800 0xe/0x1800!

pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945G Host rev 0x02
vga1 at pci0 dev 2 function 0 Intel 82945G 

testing a drive with dd -- odd results

[Scott McEachern]

I've been using dd to test some of my hard drives and just ran into the 
oddest of coincidences.


I used this command (or variation without the time command)

# time dd if=/dev/rwd0c of=/dev/null

on three machines with three HDD's of sizes 40GB SATA, 40GB IDE and 30GB 
IDE, one of those 40GB (SATA) drives was in my workstation.  The result 
is basically the same: x number of bytes transferred, etc. with no 
problems.  They are all a few years old.  I bought a brand-new Seagate 
Barracuda SATA/1.5TB/7200/32MB, installed it into my workstation and ran 
the same test to get this:


# dd if=/dev/rwd0c of=/dev/null
dd: /dev/rwd0c: Input/output error

268435455+0 records in
268435455+0 records out
137438952960 bytes transferred in 23763.827 secs (5783536 bytes/sec)

What got me doing that in the first place was my workstation locking up 
hard 3 times in the past few weeks.  I have no idea why, nothing in the 
system logs, etc, and the only change was the HDD.  I figured the drive 
was defective, ran the above test, and returned it for a replacement.  
While there, I also picked up a WD 500GB SATA drive and installed that 
in my workstation (to be pre-built and installed in another PC), which 
gave this result:


# time dd if=/dev/rwd0c of=/dev/null
976773168+0 records in
976773168+0 records out
500107862016 bytes transferred in 93283.067 secs (5361186 bytes/sec)
1554m43.06s real (etc)

No I/O error, so it should be good.  That's 2 drives ok (40 and 500 GB) 
and 1 drive bad in the same PC, now for the 2nd new 1.5TB drive:


dd: /dev/rwd0c: Input/output error
268435455+0 records in
268435455+0 records out
137438952960 bytes transferred in 23740.766 secs (5789154 bytes/sec)
395m40.76s real (etc)

Oh, another crappy drive, I guess I have bad luck.  Probably from a bad 
batch or something.  But wait...


Look at the amounts transferred.  Exactly the same for both of the 1.5TB 
drives, and I assure you it's not accidentally the same drive, just the 
exact same make / model.  The cables / connections are good on known 
good hardware, plus two other different drives were fine.  It can't be 
some odd variable limit (or similar thing) because the 500GB values went 
well beyond where the 1.5TB drives crapped out.


I don't believe it's the hardware (other than the drive), nor the 
software, but seeing those numbers being identical down to the byte is 
either incredibly coincidental or .. ?  I'm going to run the test again, 
but as you can see from the time it won't be done for another 6.5 
hours.  Betcha it'll be the same.


Can anyone think of a plausible explanation for this, other than maybe a 
bad batch where the drives are all equally defective at the exact same 
spot?  While I'm here, can anyone recommend another tool than dd for 
testing drives?  Seems to me with those numbers, to finish a 1.5TB drive 
it'll take around 76 hours.  I don't mind the time, I need 
thoroughness.  It's better than having a workstation (or server) 
mysteriously lock up after the 30-day return/exchange is over.


Just in case, here's a dmesg with some errors at the bottom regarding 
the drive.


OpenBSD 4.6-stable (GENERIC.MP) #0: Sat Dec 26 23:19:02 EST 2009
   r...@blackstaff.erratic.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS

,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem  = 1061974016 (1012MB)
avail mem = 1018036224 (970MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/14/06, BIOS32 rev. 0 @ 0xfd61a, 
SMBIOS rev. 2.

34 @ 0xf0320 (59 entries)
bios0: vendor IBM version 2EKT33AUS date 02/14/2006
bios0: IBM 8215W97
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP TCPA MCFG APIC BOOT ASF! SSDT
acpi0: wakeup devices AZAL(S3) EXP0(S5) EXP1(S5) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) US

BE(S3) SLOT(S5) KBC_(S3) PSM_(S3) COMA(S5) COMB(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS

,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 4 (EXP1)
acpiprt4 at acpi0: bus 10 (SLOT)
acpicpu0 at acpi0: FVS, 1600, 1400 MHz
acpicpu1 at acpi0: FVS, 1600, 1400 MHz
acpitz0 at acpi0: critical temperature 255 degC
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xac00! 0xcb000/0x1000 0xcc000/0x1000 
0xcd000/0x800 0xe/0x

1800!
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 

Further testing a drive with dd running -current

[Scott McEachern]

Sorry if this shows up again. I sent this twice yesterday and for some 
reason it hasn't appeared on the list.


David Gwynne wrote:

id try this on a sili(4), ahci(4), or mpi(4) controller and see what happens.

my guess is you're hitting issues in the ata stack, specifically to do with the 
block offsets of your io ops.

dlg

On 01/01/2010, at 12:03 AM, Scott McEachern wrote:

  

Unfortunately, I do not have any of those available to me.

I tried Marco's suggestion (use -current) and let the test run
overnight, and the results were the same:

Using -current dmesg follows.

# date; time dd if=/dev/rwd0c of=/dev/null; date
Thu Dec 31 23:44:32 EST 2009
dd: /dev/rwd0c: Input/output error
268435455+0 records in
268435455+0 records out
137438952960 bytes transferred in 23954.900 secs (5737404 bytes/sec)
 399m14.93s real 2m12.93s user   174m4.64s system
Fri Jan  1 06:23:47 EST 2010

Then I tried these just to see what would happen:

Here we get the same result (but quicker) by skipping everything:

# dd if=/dev/rwd0c of=/dev/null skip=268435454
dd: /dev/rwd0c: Input/output error
1+0 records in
1+0 records out
512 bytes transferred in 3.975 secs (129 bytes/sec)

And as I guessed, using a bs != 512, but a multiple, it gives no error:

# dd if=/dev/rwd0c of=/dev/null skip=134217726 bs=1024
^C729161+0 records in
729161+0 records out
746660864 bytes transferred in 69.331 secs (10769439 bytes/sec)

The drive is laid out like so:  (Yes, it's kinda crazy and there is a
bit of unallocated space at the end.)

# mount
/dev/wd0a on / type ffs (local, softdep)
/dev/wd0e on /home type ffs (local, nodev, nosuid, softdep)
/dev/wd0d on /tmp type ffs (local, nodev, nosuid, softdep)
/dev/wd0f on /usr type ffs (local, nodev, softdep)
/dev/wd0l on /usr/chroots type ffs (local, nosuid, softdep)
/dev/wd0g on /usr/ftp type ffs (local, nodev, nosuid, softdep)
/dev/wd0h on /usr/local type ffs (local, nodev, softdep)
/dev/wd0i on /usr/obj type ffs (local, nodev, nosuid, softdep)
/dev/wd0j on /var type ffs (local, nodev, nosuid, softdep)
/dev/wd0k on /var/mysql type ffs (local, nodev, nosuid, softdep)
blackstaff:~
# disklabel /dev/wd0c
# /dev/wd0c:
type: ESDI
disk: ESDI/IDE disk
label: ST31500341AS
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 182401
total sectors: 2930277168
rpm: 3600  /* Huh?  This is a 7200RPM drive */
interleave: 1
boundstart: 63
boundend: 2930272065
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
 a: 20980827   63  4.2BSD   2048 163841
 b:  1060290 20980890swap
 c:   29302771680  unused
 d: 20980890 22041180  4.2BSD   2048 163841
 e:419441085 43022070  4.2BSD   2048 163841
 f:419441085462463155  4.2BSD   2048 163841
 g:629153595881904240  4.2BSD   2048 163841
 h:419441085   1511057835  4.2BSD   2048 163841
 i:  8401995   1930498920  4.2BSD   2048 163841
 j:419441085   1938900915  4.2BSD   2048 163841
 k:104872320   2358342000  4.2BSD   2048 163841
 l:209728575   2463214320  4.2BSD   2048 163841

So it would seem the block in question resides in my (grossly oversized)
/tmp partition.  I figured that might explain my 3 mysterious hangs, so
let's try to trigger it by filling up /tmp:

# dd if=/dev/zero of=/tmp/test
/tmp: write failed, file system is full
dd: /tmp/test: No space left on device
20640897+0 records in
20640896+0 records out
10568138752 bytes transferred in 198.879 secs (53138397 bytes/sec)

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
/dev/wd0a  9.8G537M8.8G 6%/
/dev/wd0e  197G2.4G185G 1%/home
/dev/wd0d  9.8G9.8G   -504M   105%/tmp
/dev/wd0f  197G6.9G180G 4%/usr
/dev/wd0l 98.4G   34.6M   93.5G 0%/usr/chroots
/dev/wd0g  295G   52.0K281G 0%/usr/ftp
/dev/wd0h  197G1.3G186G 1%/usr/local
/dev/wd0i  3.9G2.0K3.7G 0%/usr/obj
/dev/wd0j  197G8.4G179G 4%/var
/dev/wd0k 49.2G   67.4M   46.7G 0%/var/mysql

Obviously, /tmp filled up with no crash or hang.  If there's anything
else I can do, just let me know.  Here's the dmesg plus some kernel
errors as it downgrades UDMA modes.  (The snapshot was dated 11/31 on
ftp.openbsd.org, all disksets installed and not compiled from source.)

OpenBSD 4.6-current (GENERIC.MP) #370: Wed Dec 30 00:20:24 MST 2009
   dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS
,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem  = 1061974016 (1012MB)
avail mem = 1020313600

Re: Further testing a drive with dd running -current

[Scott McEachern]

David Vasek wrote:

Out of curiosity, does the same happen if you dd from /dev/rwd0d?

As Matthew Szudzik pointed out, dd is failing when it attempts to read 
(2^28)th sector of the current device you are reading from. Up to, 
including, 2^28-1 everything is ok.


Regards,
David




I made an error in my last post.  I said the problem sector was in 
/tmp on wd0d, but it was actually in /home on wd0e.  With that in mind, 
I tried two tests.


First, filling up /home.  The only result was the expected reaction of 
apps using /home to find it full, but no I/O error from dd while filling 
it up.  I was thinking that my previous system hangs had to do with a 
read or a write to that particular sector during normal system use, but 
I guess not.


The second was your suggestion, and interestingly, it produces the error.

Partition e starts at 43 022 070, the problem is at 268 435 455, so 
we'll skip 225 413 380 to start just before that spot:


# dd if=/dev/rwd0e of=/dev/null skip=225413380
dd: /dev/rwd0e: Input/output error
5+0 records in
5+0 records out
2560 bytes transferred in 4.084 secs (627 bytes/sec)

Doing the same thing with bs=1024:

# dd if=/dev/rwd0e of=/dev/null skip=112706690 bs=1024
^C164347+0 records in
164347+0 records out
168291328 bytes transferred in 15.241 secs (11041848 bytes/sec)
(I aborted it)

I've managed to figure out:

1) there's nothing wrong with that actual sector on the drive.
2) it's related to _this_ particular make/model.  (The 500GB Western 
Digital was fine.)

3) it's not a problem with dd.
4) there is no difference between -stable and -current for this.
5) using a bs other than 512 in dd has no problem.

Of course, there is no proof my previous hangs have anything to do with 
this.  I haven't had the system lock up in the 5 days I've been using 
this drive, so that doesn't really mean anything vs. no hangs in say, 30 
days.


--

-RSM

http://www.erratic.ca

Re: The insecurity of OpenBSD

[Scott McEachern]

ropers wrote:

2010/1/22 Zamri Besar zam4e...@gmail.com:
  

The insecurity of OpenBSD
http://allthatiswrong.wordpress.com/2010/01/20/the-insecurity-of-openbsd/


So... the author prefers shoddy, buggy, non-quality code as long as it
provides extra access control granularity.
Yeah...
I stopped reading at that point.


  


I saw a patch committed for the non-OpenBSD version of ntpd a couple of 
days ago.  I wonder what ACL solves that problem?


Wuhoo! SELinux just stopped a cracking attempt tomorrow!  Hey, wait...

--

-RSM

http://www.erratic.ca

Re: Fw: pico and/or nano in the releases and snapshots

[Scott McEachern]

Giridhari wrote:

blah blah

pico or nano

blah blah

part of the distribution.

and more blah blah blah.

All that because you find 'pkg_add pico or pkg_add nano too difficult 
to type?


--

-RSM

http://www.erratic.ca

Re: Problems with Build World

[Scott McEachern]

Ron McDowell wrote:

I'm relatively new to OpenBSD but have been working with FreeBSD for 15+
years and ATT/USL before that.


Welcome.

Rebuilt the kernel, reboot, build World, reboot.
make clean  make depend  make install is used for kernels, and make 
build is used for userland.  I do not know what this World is that you 
speak of.

cvs -d anon...@anoncvs3.usa.openbsd.org:/cvs up -rOPENBSD_4_6 -Pd
rebuilt kernel, reboot.
all good to this point.
make build fails with a ton of errors in the krb tree.
Without any information, nobody can help you, but if you do things 
correctly, you won't need help anyway.


I'm not as worried about the actual error...I'm sure it'll be fixed
soon and I'll rebuild in a day or two...but I'm concerned about the 
current state of the system, and what 'make world' actually does.


To borrow from Inigo Montoya, You keep using this 'world' word.  I do 
not think it means what you think it means.


You are obviously trying to build -stable, so I doubt you will find it 
will be 'fixed' in a day or two, because there is nothing to fix.  
Really.  You are doing something wrong, but we are back to that little 
'Without any information' problem.
Does 'make world' build and install in subdirectories or does it build 
everything first, then install everything?
I am not entirely sure of the answer because the build output flies by 
too quickly.  Either way, it does not matter.  As long as you reboot 
into the new kernel, you are good.  I generally reboot after building 
userland ('make build') to refresh any running daemons, or you can 
kill/restart them manually.
Is there a way to separately build everything, then install it all?  
That way I'd know that all's well before actually committing to my tree.


Short of manually building in each directory with 'make clean  make 
depend  make', then going back and doing a 'make install' in each 
subdirectory, I don't think so (but could be wrong).  Why would you 
bother with this anyway?


Make sure you follow the directions carefully in 
http://www.openbsd.org/faq/faq5.html.  It works. Really.


From what you have said, you can afford the downtime on your box to 
build from source, so you are probably not doing this on a production 
server.  If that is the case, you are strongly urged to use -current and 
start from the most recent snapshot.  Again, follow the directions in 
the faq.  It works.  Really.  Just because the name -current does not 
have the word 'stable' in it, it does NOT imply that -current is not a 
stable OS.  It will not fall down on you.  (It does happen, but very 
rarely, and _that_ you will see 'fixed in a day or two'.)  Getting all 
the cool goodies in -current (plus the goodies in the -current ports) is 
_well_ worth it.  It is also worth mentioning that -current (aka 
4.7-beta) is close enough to 4.7-release that you might as well use it 
anyway, so that the config changes (eg. the changed syntax in pf.conf) 
are not 'new' to you, and save yourself the aggravation of updating a 
4.6 box in a short while.  Don't let the word 'beta' fool you either.  
This isn't a product by a big vendor that you don't touch until at least 
service pack 1.


--

-RSM

http://www.erratic.ca

Re: -current or -stable [was: Not another Browser Question]

[Scott McEachern]

Manuel Giraud wrote:

Using -current, I sometimes have had to upgrade to the latest snapshot
just because I wanted to install some new package and bumped into an
error like not good version of libc.

In fact, I thought that having a -release (and -stable) was a strength
of OpenBSD (if not why put so much effort for that).

  
Huh?  Let me get this straight.  You want to use a *new* package.  You 
have to use -current to get the new package.  How do you figure running 
-stable will help?


I'm with J.C. Roberts on this one.  I got tired of seeing the cool kids 
playing with the new toys on -current, got over the (wrong) impression 
that -current is unstable, and started using -current with the goodies.  
I haven't looked back since.


--

-RSM

http://www.erratic.ca

Re: -current or -stable [was: Not another Browser Question]

[Scott McEachern]

Manuel Giraud wrote:

I wasn't clear enough: by new package, I meant a package not
installed on my system yet and not the bleeding edge version of one
package.

  

Ah ok, sorry, I misunderstood.

Maybe I'll stick to -current too. But I'd like to give try staying
-stable for a while and I could still play with the new toys every 6
month anyway. I wonder why does the FAQ recommend -stable over -current?

  

From the FAQ:

Put bluntly, the best version of OpenBSD is /-current/.

Please read the FAQ.  It is explained why there are situations where 
-stable is more _suitable_ for some people, -current for others.



--

-RSM

http://www.erratic.ca

Re: OT: vmware mind control (WAS: Re: Dell PE850 CERC SATA controller)

[Scott McEachern]

Ted Roby wrote:


Hey, I got a 2 GB usb stick for my troubles over a recent fiasco with
VMWare's release of Fusion 3.
It seems their PR department is doing a better job than QC.


  
Ooo, a trinket from WallyMart that you can buy for pocket change!  
Thanks.. I think.


Hey, it's better than a(nother) kick in the pants.  BTW: a bootable 
OpenBSD with X, scrotwm, firefox, mplayer, and a bunch of other handy 
stuff all fits in well under a gig on a USB stick.  Make sure to mention 
that in your follow-up Thank-You note for the stick. :)


--

-RSM

http://www.erratic.ca

Re: loongson was -current or -stable [was: Not another Browser Question]

[Scott McEachern]

Eric Furman wrote:

Yea ,and its made by the Chinese.

  


Awww, what a *cute* little troll!  I wonder if he realizes ...

*squish*

--

-RSM

http://www.erratic.ca

OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)

[Scott McEachern]

bofh wrote:

Is there *ANY* good virtualization software out there?  I don't care what OS
it needs to host it (preferably not windows :)) - my needs are simple (home
use):

  


This doesn't answer your question or help you in any way, but I thought 
I'd mention it for the list archives (with a nicely searchable subject).


A while back I was considering using some type of virtualization for 
running 5 web servers on the same box.  I ended up tossing the idea of 
virtualization for a couple of reasons:


1) I couldn't really find any VM software I liked that ran nicely on 
OpenBSD.  I was not aware of qemu at the time, so no flames please.  (I 
didn't look all that hard, apparently.)


2) The performance hit you'll inevitably take.  (Why I didn't look too 
hard.)


There are probably many (better) ways to go about this, and I'd love to 
hear them, but I ended up doing this:


- one OpenBSD box, with multiple IP address aliases
- one OpenBSD firewall, which rdr's external IPs to the appropriate web 
server IP
- 5 chrooted OpenBSD default (1.3.29) Apache's (at this time, I have no 
need for Apache 2, but hey, it's in ports.)

- 5 custom httpd.conf files for each
- 5 custom php.ini files for each (plus other related config file friends)
- 5 different httpd daemons for each (httpd0-4), just in case
- virtual aliases with Apache is not a solution because the sites use 
https/ssl

- all the sites have all the php-*, pear-*, mod_* stuff at their disposal

I did have to change /etc/rc (I know, I'm a sinner) so it did it's 
normal things, but slightly adjusted for each of the 5 servers.


I run a single instance each of chrooted MySQL and PostgreSQL servers, 
which the various sites can access by IP as their own restricted 
database users.


I considered using FreeBSD's jail functionality, but the drawbacks were 
thus:


1) for the time it would take to learn about configuring FreeBSD's 
jails, I could do the stuff above many times over.


2) I wouldn't get the OpenBSD version of httpd that has much love from 
the team (tx henning@ and others).


I'm probably forgetting details, since it's been a while since I did 
it.  The end result works just fine for *my* needs, and best of all it's 
still on my OS of choice so well within my comfort zone.  I haven't a 
clue how this would scale for a web hosting provider, but then again, 
that's not my problem. :)


Sorry for the noise.  I once searched for this a long time ago and 
didn't find anything, so for future reference, yes, it's easily doable.


PS: I'm dying for the day that relayd handles https too. :)

--

-RSM

http://www.erratic.ca

Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)

[Scott McEachern]

Scott McEachern wrote:


PS: I'm dying for the day that relayd handles https too. :)



Many thanks to Todd T. Fries for pointing out relayd does SSL/https.  
Dunno if it changed, or if I misread at the time, but I could have sworn 
it only did layer 7.  My bad.


--

-RSM

http://www.erratic.ca

Re: Joomla - MySQL Problem: Could not connect to MySQL

[Scott McEachern]

Jan wrote:


I added the following 3 packets, installed MySQL and set the symbolic 
links:

mysql-server-5.0.51ap1.tgz
php5-core-5.2.6.tgz
php5-mysqli-5.2.6.tgz


Any ideas?


Jan



At the very least you'll also need the php5-mysql-5.2.6.tgz package 
installed as well.  It contains the base mysql stuff, mysqli is 
additional to the base.  Try that and see how it goes.


--

-RSM

http://www.erratic.ca

Re: Update: ftp-proxy and pf on OpenBSD 4.5

[Scott McEachern]

tsg12...@gmx.de wrote:

A rule like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1 port ftp

does not do the trick, I still have to use something like:
pass in on $client_if proto { tcp udp } from $client \
to 127.0.0.1

(opening everything up for the ftp data connection myself)


Any clue sticks, so I get at least a direction for my
search?

  


You're passing the traffic in, but are you passing it back out?  Try 
enabling logging on your default block rule (you do block by default, 
right?) and see what's being blocked and where.


--

-RSM

http://www.erratic.ca

Re: OT: multiple web servers on OpenBSD (WAS: OT: vmware blah blah)

[Scott McEachern]

Claus wrote:


I have the same setup running.  Each apache instance runs chrooted 
under their own user id and home directory.




I realized after I sent that message that I left out a couple of 
details, like each instance also having its own user (www0-4).  I leave 
the default www user and /var/www stuff pretty much untouched in case I 
need to look at something 'untainted' by my fingers.  The normal install 
of the modules modifies those bits of course, which are later copied to 
the individual httpd homedirs as needed.  I don't recall exactly what 
does and doesn't need copying, I have it all _very_ throughly documented 
kinda script-like so I can reproduce it quickly if need be, with my 
notes and copy/paste-able mass link / copy / etc commands.


The setup I had before that was more interesting as it only needed one 
IP.  A main httpd instance was setup to do proxy for the individual 
httpd instances of each site.  The main instance ran on port 80 with 
the real IP.  The site instances ran on localhost with each their own 
port number and weren't accessible from outside of the machine.  
Logging, SSL and maintenance is a pain though.


I never tried the proxy method simply because I wanted all daemons to be 
autonomous.  If something died, so be it (I should note it's never 
happened yet).  Not to mention, I use a couple of the sites for 
development, so sometimes I have to kill an individual httpd{x} instance 
when I monkey with the config.


I have briefly considering moving from Apache to nginx, but haven't for 
a few reasons:


1) ATM, I don't need the performance of nginx vs. Apache, not by a long shot
2) I love the track record of OpenBSD's Apache.  It's been fine for me 
for years.
3) just when I was peeking into nginx (stable) a security vuln popped 
up.  I'm sure it's excellent, but *to me* it could mature, 
security-wise.  (no flames please)

4) time to play with it all and get everything nicely together
5) simple philosophy: if it ain't broke, don't fix it.

When I have time, I need to figure out some automated solution to deal 
with the logs.  I use cronolog for rotation with custom log file 
formats, and have plans to do some things with webalizer-type apps, but 
that's still on the back burner.


My interest is in using relayd to filter bad requests (again, back 
burner for now.)  I have *not* done my homework on this yet, but when I 
farted around with it briefly a few days back, I ran into problems with 
the relayd config for SSL acceleration.  Again, when I have time I'll 
look into it, but I was stumped and figured I'll make sure my RTFM-fu is 
strong before I post here about it.  (Besides, isn't it somehow more 
satisfying to finally go *aha I fixed my mistake* without asking for help?)


I knew I wasn't the only one that realized (for many circumstances, I'm 
not saying _all_) that VM'ing a lot of services is just silly, but it's 
nice to hear from others also doing the multiple httpd thing with OpenBSD.


For Matthew Weigel:

Yes, there are a lot of httpd instances.  I'm not entirely sure of how 
shared memory applies in this case (probably not), but on my web server 
my memory use is 129M/316M, and that includes a bunch of other daemons 
(eg. databases), when pretty much idle.  It has plenty of room to grow, 
but if memory becomes an issue, I'll look harder into nginx.  (I'd like 
to do it just for the knowledge, but again, time constraints.)


For the installation of everything into the chroot, I can't comment on 
non-Apache setups, but with Apache it loads that stuff before chrooting 
so only one installed version needs to be done, which makes life 
easier.  The links (etc) still have to be done.  It could easily be 
scripted, but I prefer to have my notes (with my big don't forget 
warnings) where I can just paste the commands.  If your documentation 
(notes) are solid, you'll be fine, and I just played musical tables with 
the servers (new drives for both) using carp and another box a few 
months back with no probs.  As long as your notes are thorough enough 
that a blind drunk moron could do it.. :)


Hope this isn't noise on the list.

--

-RSM

http://www.erratic.ca

Re: Buying ThinkPad for OpenBSD

[Scott McEachern]

James Hozier wrote:

I'm buying a new laptop specifically for OpenBSD but I want to make sure
everything is compatible first. Has anyone ever purchased the
ThinkPad T410?

CPU: Intel Core i7-620M Processor (2.66GHz, 4MB L3, 1066MHz FSB)
Screen: 14.1 WXGA+ TFT, w/ LED Backlight (WWAN antenna)
Graphics (avoiding nVidia): Intel Graphics Media Accelerator HD - AMT
RAM: 4 GB PC3-8500 DDR3 SDRAM 1067MHz SODIMM Memory (2 DIMM)
HDD: 128 GB Solid State Drive, Serial ATA
DVD Recordable 8x Max Dual Layer, Ultrabay Slim (Serial ATA)
Wireless: Intel Centrino Ultimate-N 6300 (3x3 AGN)

My main concerns are compatibility issues with wireless (I'll probably
just use G, not N). I'm pretty sure Intel as the graphics is fine and I
think I've heard OpenBSD has SSD support. Everything else should basically
be good, right?

  


Save yourself some grief:

1) get a $5 USB stick from $discount_store
2) install a OpenBSD on a bootable partition on the stick
3) boot the laptop into OpenBSD from the USB stick
4) examine the dmesg output, and save a copy

If you don't have physical access to the laptop (eg. buying online) then 
you're SOL and can only hope for the best.  I'm sure others here will 
point out that the SuperCard 2000 might have the same packaging 
outside, but different chipsets inside.


Booting it and looking at a dmesg is the only way to know 100%.

--
- RSM
www.erratic.ca

routing question: 2 mail servers sending from their own IPs

[Scott McEachern]

Hi folks, I'm running into a bit of a routing gotcha getting two mail 
servers to send mail out using their own respective IP addresses.  
(While this involves postfix, this is not a postfix support question, 
it's a routing question)


What I'm trying to accomplish is this:
- two autonomous domains, each with their own mail server instance 
(postfix in this case) so that one domain never 'mentions' the other 
domain.  Using one instance of postfix to relay for the 2nd domain is 
not an option, as domain1.com will be shown in the headers when mail is 
from domain2.com.  The reason is that 2nd domain is a business entity 
and should not be associated in any way with the first.


The setup (which works fine):
- the two domains have their own external IPs, dns-wise.
- two instances of postfix listen on their respective external IPs 
taking mail for their domains (set in master.cf)
- postfix acts as a mail gateway on the firewall, which shuffles mail to 
either of two instances of postfix on an internal mail server
- 5 (non-contiguous) IPs are assigned to me by ADSL, so I have one 
physical connection, with 1 'main' IP and 4 aliases.


That works fine and dandy: two independent domains.  I should mention 
that (some) internal traffic, depending on its origin, is NAT'd out with 
pf on those aliases, appearing to come from independent networks.


The problem:
- mail sent out via either instance of postfix, regardless of the 
master.cf setting, go out on the 'main' IP, such that mail headers 
appear like such:


Received: from mail.domain2.com (erratic.ca [75.119.251.119])

The goal:
I'd prefer it to read .. from mail.domain2.com (domain2.com [a.b.c.d])

The untouched firewall routing table looks like this:

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio 
Iface
default206.248.154.122UGS322803 56410450 - 8 
tun0

127/8  127.0.0.1  UGRS   00 33200 8 lo0
(snipping a bunch of lo0 stuff)
192.168.0/24   link#1 UC 10 - 4 nfe0
192.168.0.200:0d:60:91:5d:a4  UHLc   143271 - 4 nfe0
192.168.1/24   link#5 UC 20 - 4 sk0
192.168.1.200:19:5b:68:91:20  UHLc   1 7177 - 4 sk0
192.168.1.300:10:c6:b5:c1:72  UHLc   4   136762 - 4 sk0
192.168.2/24   link#5 UC 10 - 4 sk0
192.168.2.1127.0.0.1  UGHS   00 33200 8 lo0
192.168.3/24   link#5 UC 00 - 4 sk0
192.168.3.1127.0.0.1  UGHS   00 33200 8 lo0
206.248.154.12275.119.251.119 UH 10  1492 4 tun0
224/4  127.0.0.1  URS00 33200 8 lo0

I've tried this:
# route add 206.248.154.122 a.b.c.d

but my routing-fu is not strong.  That command gives all of the above, 
plus this:


206.248.154.122a.b.c.dUGHS   00 - 8 tun0

Of course, sending mails from domain2.com still appears from erratic.ca.

Any suggestions?  Clear as mud?  The firewall does not have an 
/etc/mygate set, and is OpenBSD 4.6-current (GENERIC) #7: Sat Jan 23 
16:34:02 EST 2010, but I don't think a dmesg is of much use here.


Unrelated question: can smtpd handle this kind of funkiness?  I'd like 
to switch to smtpd eventually if it can, but that's another project for 
another day.


Thanks!

--
- RSM
www.erratic.ca

Re: routing question: 2 mail servers sending from their own IPs

[Scott McEachern]

James Shupe wrote:

Check into smtp_bind_address in Postfix. If you're still having issues,
binat rather than rdr to internal IPs so connections will originate
properly. Without seeing your pf.conf or master.cf, this is a guess, but
I think these tips should lead you in the right direction.

...master.cf:
smtp ... smtp -o smtp_bind_address=11.22.33.44


  


Thank-you James and Philip, problem solved!  Between using 
inet_interfaces in main.cf and a.b.c.d:smtp... in master.cf, I figured 
it was covered, but I was wrong.  The smtp_bind_address works like a 
charm, which I didn't see when searching for multiple instances of postfix.


I did find it rather odd that I'd have to use routing.  I thought it was 
like using a sledgehammer to solve a thumbtack problem, when it was just 
a leaky screwdriver.


--
- RSM
www.erratic.ca

Re: OT: marco@ misc@ behavior Re: whiteboard over the net

[Scott McEachern]

Marco Peereboom wrote:

Oh hai!
  


Marco does it for the lulz.

You know you don't have to read what I write you know.  If it irritates
you that is your problem, not mine.  Feel free to ignore this.

On Tue, Mar 30, 2010 at 09:52:46PM -0500, Neal Hogan wrote:
  

On Tue, Mar 30, 2010 at 6:34 PM, Marco Peereboom sl...@peereboom.us wrote:


oooh that looks perfect; let me try that.

On Tue, Mar 30, 2010 at 06:27:13PM -0400, Ted Unangst wrote:
  

On Tue, Mar 30, 2010 at 4:15 PM, Marco Peereboom sl...@peereboom.us wrote:


Drawing shit with the mouse. ?Not typing stuff with the keybored.
  

webcanvas.com ?Just carve off a section as your territory, like
http://webcanvas.com/100N600W#-228000,-3,0

  

I understand that mr. peereboom (thinks he) is rather important to the
obsd project . . . no doubt he (thinks) he is, but I was wondering if
mr. peereboom ever thought about the silliness of top-posting (I'm
sure he has and that's why he does it ;-).

I've not been here that long, but it seems that his mailing list
behavior is okay . . .?

Other than his sarcasm, he has useful posts that are fucked up by his
apparent need/desire to top post.

Marco . . . can you please use accepted (i.e., rational) protocol from
now on?  misc@ is not personal correspondence . . . many of us
appreciate what goes on here and your top-posting is  . . . well . . .
annoying (to say the least).



  



--
- RSM
www.erratic.ca

Re: Same shit all over again

[Scott McEachern]

On 08/16/10 03:42, ropers wrote:


The trick worked:

   


LMAO.

Clicking on tinyurls: hilarity often ensues.

Nice trick David. *laughs more*

--
- RSM
www.erratic.ca

Re: man page for .xinitrc location is wrong

[Scott McEachern]

 On 10/01/10 16:54, Amit Kulkarni wrote:

http://www.openbsd.org/cgi-bin/man.cgi?query=startxsektion=1

mentions location of .xinitrc but it is not present on my current system in
that location as there is no xinit directory.

The system-wide xinitrc and xserverrc files are found in the
/usr/X11R6/lib/X11/xinit directory.

P.S I was looking for a way to shut off xdm and I found it in the README
under /usr/X11R6

Thanks



For whatever reason, that online page is incorrect.

$ man startx
[...]
   The  system-wide  xinitrc  and  xserverrc  files  are  found   
in   the

   /etc/X11/xinit directory.
[...]

HTH

Re: FreeBSD isn't Free

[Scott McEachern]

 On 10/06/10 12:50, Theo de Raadt wrote:


Then you may be detained next time you attempt to travel
internationally.

You are free to stay at home, though.



I'm not trying to be a wise-acre here, I agree with Theo 100%.  I doubt 
anyone wants to be screwed by customs (anywhere) due to licencing 
issues.  I also don't doubt that customs would dig deep to find dirt 
if they really wanted to.


My question is: Has it ever happened to anyone?

Has anyone actually had a customs agent say Wait a minute, you're using 
/foo/ OS.  You can't be crossing our border.


No flames please; I'm just curious.  I realize the distinction here is 
between it not being possible (OpenBSD) and theoretically possible 
(FreeBSD).

Re: FreeBSD isn't Free

[Scott McEachern]

 On 10/06/10 14:32, Peter J. Philipp wrote:

I believe the US
government put pressure on sourceforge.net to adhere to export restrictions
even if the developer is from outside of the US.  Could it be that the same
happened to FreeBSD and that's why the license change?



IIRC, sourceforge was required by some US agency to block IPs from 
various countries or else remove the given projects from the site.  It 
boiled down to We don't want to do this, but we have to, unless we want 
to locate our servers on non-US soil.

Re: FreeBSD isn't Free

[Scott McEachern]

 On 10/06/10 16:01, Chris Cappuccio wrote:

You are aware that US customs is regularly seizing laptop hard drives of people 
who enter the US, copying them, and returning them at a future date?  This was 
challenged in court and naturally the government won their case.

This is such a problem that some companies are mailing hard drives, instead of 
having people transport them on planes.  Not that customs would stop at copying 
a mailed hard disk, but the chance that they bother to even look at a package 
is slim.



Thank-you, Chris.  No, I was not aware of that, but I am not the least 
bit surprised.


I have not travelled to the US since '98.  Post-9/11 and the PATRIOT 
act, I have no intention of returning to the US (I am a Canadian 
citizen) due to similar stories, but I didn't know about that fun 
fact.  Everything since then hasn't smelled right to me.


Believe it or not, I don't personally know anyone that has entered the 
US post-9/11.  When I think about it, everyone I know has been on 
international flights that did not involve entering the US at all.


Thanks again for the information.  I've had a long suspicion that if I 
got to the border, I'd say No to something and would be denied entry, 
so I haven't even tried.  I miss Hawaii, but apparently it doesn't miss 
me. ;)

Re: i386 and amd64 snapshots - kernel SHA256 mismatch

[Scott McEachern]

 On 10/15/10 20:29, Theo de Raadt wrote:


Another alternative is that I only do snapshot builds about every
2 weeks.  How's that idea?




A little off-topic, but now's as good a time as any to ask:

I sometimes see the snaps (or X) haven't been built for a few or more 
days, and I was just wondering why that is?


Is the build automated, or manually run?  I see the times are usually 
~2pm and ~10pm, Mountain time.


If I see a snap hasn't been built for a while, I'll usually hold off on 
updating the source because something major might be only part way 
complete.  I'll wait until a new snap, install (or update) it, then 
update the source and build.  Is this silly?


Don't get me wrong, I'm not complaining, I'm just wondering.

Re: help

[Scott McEachern]

On 11/08/10 06:40, Gaby Vanhegan wrote:

On 8 Nov 2010, at 11:33, Joe Warren-Meeks wrote:


On 8 November 2010 10:46, stevest...@crs.com  wrote:

help

I need somebody.

help...



Not just anybody.

OT - secondary DNS recommendations

[Scott McEachern]

 It seems my free-as-in-beer secondary DNS service, EveryDNS.net, has 
abandoned WikiLeaks, so I'd like to return the favour.


Given the (general) support of WikiLeaks here, I was wondering if anyone 
could recommend a free alternative to replace EveryDNS.net?


I know how to use Google to find free alternatives, I'm looking for 
*recommendations* for a simple two-domain home network.


Thanks in advance,

- Scott

Re: OT - secondary DNS recommendations

[Scott McEachern]

 To the folks that replied on- and off-list with their 
_recommendations_ from personal experience, thank-you very much!  That's 
exactly what I was looking for.  I'm doing my due diligence and will 
investigate them all.


For the folks that replied with alternatives but no actual 
recommendation, thanks anyway. :)  At least you tried.


Regards,

- Scott

Re: OT - gmail alternatives

[Scott McEachern]

 On 12/09/10 10:01, lh wrote:

Hi,

what are the good available alternatives (security/privacy) for gmail
you're using?

Cheers!



As many others suggested, using your own mail server that you control is 
the *best* way, but that doesn't answer your question.


I know people that use Lavabit.com for free email and they swear by it. 
(I use my own mail server, thank-you.)


The lavabit page boasts of privacy (a system so secure 
http://lavabit.com/secure.html that even our administrators cant read 
your e-mail) but you can never really know unless you're an admin 
there. They offer encrypted connections/ports to send/receive on top of 
port 25.


HTH,

- Scott

amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 I bought some new hardware the other day, including an Asus M4A785TD-V 
EVO motherboard and an AMD Phenom II X6 1100T CPU.


The problem is that the kernel freezes when booting any of: bsd.rd, for 
either amd64 or i386, -current or 4.8-stable; any GENERIC kernel for 
amd64/i386 -current or 4.8-stable on an installed system. (partial 
dmesgs below).


I have a spare P4 and can easily swap the HDD between it and the new 
box, so I can install i386 or amd64 on it, and drop the drive into the 
new box to test.


Although I haven't a clue what most of the BIOS knobs actually do, I've 
tried fiddling with every setting I can, and I always get the same 
freeze.  The knobs I've played with include:


- ACPI SRAT table enabled/disabled
- Plug and Play OS No/Yes
- Suspend mode Auto/S1 (POS) only/S3 only
- ACPI 2.0 support enabled/disabled

If anyone has any suggestions, I'd love to hear them.  I'm dying to get 
my OS of choice working on this machine!


Since I have a spare box and can swap HDDs easily, I'm more than willing 
to work with anyone to test code in amd64 or i386-land in 4.9-current.  
I'm ready to freak out that my brand-new workstation won't run OpenBSD. :(


Below are (probably too many) hand-typed dmesgs in the hope that 
together they might help someone deduce what the problem is.


FWIW, I've just tried today's amd64-current snapshot (March 14) and I 
get the same results as with the March 2 snap shown below.



OpenBSD amd64/4.9-current installed on a P4, HDD moved to AMD box:

(off screen)
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD
cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu4: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu5 at mainbus0: apid 5 (application processor)
cpu5: AMD
cpu5: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu5: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu5: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu5: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
(frozen)


bsd.rd for amd64/4.9-current (booted from a USB stick):

(off screen)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus 0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.17 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu0: apic clock running at 200MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins
(frozen)


bsd.rd for i386/4.9-current (Feb 16th):

(off screen)
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: AMD Phenom(tm) II X6 1100T Processor (AuthenticAMD 686-class, 
512KB L2 cache) 3.32 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT

real mem  = 3219283968 (3070MB)
avail mem = 3159662592 (3013MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/18/10, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.5 @ 0x9f000 (68 entries)

bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus 0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T 

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/16/11 10:54, Tero Koskinen wrote:

I have exactly same motherboard with Phenom II X4. For me, it helps
when I disable acpi. (boot -c  disable acpi during the boot)



You know, I'd absolutely *swear* I tried that to no avail, but trying it 
again, I can get it to boot.


I have a funny feeling I went too quickly before and typed disable 
ahci by accident.


With acpi disabled for the test install of both 4.8-release and -current 
it didn't see all six cores and installed bsd.sp as bsd.  After fixing 
that manually it sees all cores.


Now I'll try a full install on the desired HDD, build the system from 
scratch and see how that goes.  If it works, I'll post a dmesg in a 
bit.  So far, it looks like everything will be fine but it does indicate 
there are still issues in the ACPI code.  But hey, at least it seems to 
work and is a lot better than a kernel hang and not having OpenBSD at 
all! :)


- Scott

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/17/11 18:22, Stuart Henderson wrote:


Modern machines *expect* to have the acpi code running, acpi controls
many aspects of the system including some methods to maintain correct
system temperature.



Absolutely.  Which is why this box, (once it has completed some build 
tasks for other machines), will be running -current in the hope that 
acpi works some day soon.  Either that, or I have to use FreeBSD until 
5.0 (and hope acpi works then), and I'm not too keen on that idea. ;)

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/17/11 19:31, Jordan Hargrave wrote:

It looks like there is a bug in the AML on that particular system (the code is
being called in from the atk0110 driver).
bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO

Eventually the AML code tries to execute the following:
 Store (SMBU, Local5)
 While (Not (LEqual (And (Local5, 0x02), Zero)))
 {
 Sleep (0x64)
 Store (SMBU, Local5)
 }

It should be:
 While (LNot (LEqual (And (Local5, 0x02), Zero)))


The first code, the while loop is always true since they are using a bitwise
Not not a Logical Not.

So the issue is with that specific system/BIOS/AML.



If anyone has any patches they want tested, I'm more than happy to do so 
for both i386 and amd64. :)

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/14/11 21:06, Scott McEachern wrote:
The problem is that the kernel freezes when booting any of: bsd.rd, 
for either amd64 or i386, -current or 4.8-stable; any GENERIC kernel 
for amd64/i386 -current or 4.8-stable on an installed system. (partial 
dmesgs below).




My apologies for the delay:

A big thank-you to Jordan Hargrave (jordan@) for working with myself and 
Tero Koskinen and having a fully working patch within a day.  Impressive!


ACPI works perfectly in my testing with 4.9-current (amd64 and i386) on 
Pentium 4 and Asus/Phenom hardware.  As a bonus, it also works for the 
above hardware with i386/4.8-stable and amd64/4.8-release.


So thanks again Jordan!

- Scott

mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

 Hi,

I'm having an issue where video playback in mplayer is sluggish in 
full-screen mode with Radeon HD 4200 onboard video.  This applies only 
to -current, with either i386 or amd64.  In 4.8-stable (amd64 or i386), 
Mplayer is perfectly fine in either normal or full-screen mode on the 
same hardware.  x.org.conf, dmesg, xdpyinfo and xvinfo files are below.


Mplayer is the same version between 4.8 and -current, but the X.Org 
version goes from 1.8.2 to 1.9.3.  Googling for mplayer + x.org 1.9.3 + 
radeon hd 4200 doesn't yield anything useful, and the archives only 
offer tedu@'s post about using gl instead of x11 for Intel chipsets.


I've tried all vo= modes available, including x11, xv, gl and 
gl2.  x11 works best, but video playback appears to be somewhat less 
than 1.00 speed.  All frames appear correctly without any distortion, 
just slower than normal, as if the frame rate was lowered.  Audio is 
fine but out of sync, of course.


Has anyone else experienced similar problems / found solutions?  I can't 
find any setting in the man page that corrects this behaviour, but it's 
worth noting that for full-screen to work, the zoom=1 setting has to 
be enabled, even for -stable.


I'm out of gas on this.

- Scott


xvinfo for both -current and 4.8-stable only gives:

$ cat xvinfo.output
X-Video Extension version 2.2
screen #0
 no adaptors present


xorg.conf:

Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section Files
ModulePath   /usr/X11R6/lib/modules
FontPath /usr/X11R6/lib/X11/fonts/misc/
FontPath /usr/X11R6/lib/X11/fonts/TTF/
FontPath /usr/X11R6/lib/X11/fonts/OTF/
FontPath /usr/X11R6/lib/X11/fonts/Type1/
FontPath /usr/X11R6/lib/X11/fonts/100dpi/
FontPath /usr/X11R6/lib/X11/fonts/75dpi/
EndSection

Section Module
Load  dbe
Load  dri
Load  dri2
Load  extmod
Load  glx
Load  record
EndSection

Section InputDevice
Identifier  Keyboard0
Driver  kbd
EndSection

Section InputDevice
Identifier  Mouse0
Driver  mouse
Option  Protocol wsmouse
Option  Device /dev/wsmouse
Option  ZAxisMapping 4 5 6 7
EndSection

Section Monitor
#DisplaySize  450   280 # mm
Identifier   Monitor0
VendorName   HWP
ModelNameHP f2105
HorizSync30.0 - 94.0
VertRefresh  48.0 - 85.0
Option  DPMS
EndSection

Section Device
### Available Driver options are:-
### Values: i: integer, f: float, bool: True/False,
### string: String, freq: f Hz/kHz/MHz,
### percent: f%
### [arg]: arg optional
#Option NoAccel   # [bool]
#Option SWcursor  # [bool]
#Option Dac6Bit   # [bool]
#Option Dac8Bit   # [bool]
#Option BusType   # [str]
#Option CPPIOMode # [bool]
#Option CPusecTimeout # i
#Option AGPMode   # i
#Option AGPFastWrite  # [bool]
#Option AGPSize   # i
#Option GARTSize  # i
#Option RingSize  # i
#Option BufferSize# i
#Option EnableDepthMoves  # [bool]
#Option EnablePageFlip# [bool]
#Option NoBackBuffer  # [bool]
#Option DMAForXv  # [bool]
#Option FBTexPercent  # i
#Option DepthBits # i
#Option PCIAPERSize   # i
#Option AccelDFS  # [bool]
#Option IgnoreEDID# [bool]
#Option DisplayPriority   # [str]
#Option PanelSize # [str]
#Option ForceMinDotClock  # freq
#Option ColorTiling   # [bool]
#Option VideoKey  # i
#Option RageTheatreCrystal# i
#Option RageTheatreTunerPort  # i
#Option RageTheatreCompositePort  # i
#Option RageTheatreSVideoPort # i
#Option TunerType # i
#Option RageTheatreMicrocPath # str
#Option RageTheatreMicrocType # str
#Option ScalerWidth   # i
#Option RenderAccel   # [bool]
#Option SubPixelOrder # [str]
#Option ShowCache # [bool]
#Option DynamicClocks # [bool]
#Option VGAAccess # [bool]
#Option 

Re: mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

On 03/25/11 19:47, Scott McEachern wrote:


dmesg:

OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011

sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP


Sorry, I posted the dmesg for a system with POOL_DEBUG disabled.  There 
is no dmesg difference between it and GENERIC.MP, but the diff is below 
anyway.  The problem remains the same.  This is using -current from 
anoncvs as of about two hours ago.


I also forgot to mention I've tried playback with -framedrop and yes, 
the video is in sync with the audio, but looks like crap with a bunch of 
frames missing.  Go figure. :)


- Scott


dmesg diff from previous message:  (the iic0 values change on every boot 
anyway)


 OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011
 
sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP

---
 OpenBSD 4.9-current (GENERIC.MP) #0: Fri Mar 25 20:56:58 EDT 2011
 
sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP

89c89
 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

---
 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2b 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

Re: mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

On 03/26/11 12:11, Brynet wrote:

Hi Scott,

I have a Mobility Radeon HD 4200, indeed, xf86-video-ati in base lacks 2D/3D
XVideo acceleration.

Compiling a newer version of the radeon DDX driver works for me, trying the
obsolete radeonhd driver is also an option (..I found it unstable).

So far, 6.14.0 works.. 6.14.1 does not (X server segfaults).



Hi Bryan,

I tried the new driver you suggested and with light testing it works 
quite well.


For standard apps (firefox, thunderbird, amarok), and mplayer with 
regular def and HD it's just fine.  mplayer with 1080p is slow, but 
since I only have a handful of vids at that resolution, I'm not too 
concerned.


In other words, it's good enough and I'm far better off than I was 
yesterday, so thank-you very much for your suggestion! :D  Later, I 
might give 6.14.1 a shot just for giggles.

Re: kernel panic after install reboot

[Scott McEachern]

On 03/27/11 19:21, Sha'ul wrote:


At the boot prompt I put bsd.rd and it probes and gives me the 
install options (I)nstall (U)pgrade (S)hell, I went to shell and dmesg 
worked, but how can I supply a copy of it here without net connection 
and without OS login capabilities?




FYI, trying to help you off-list results in this:

sh...@lavabit.com: host lavabit.com[72.249.41.52] said: 451 This user account
has been configured not to accept more than 10 messages per twenty-four
hour period. Please try again later. (in reply to RCPT TO command)


You may want to fix that.

Re: MAXDSIZ

[Scott McEachern]

On 03/30/11 19:18, Henning Brauer wrote:

* Amit Kulkarniamitk...@gmail.com  [2011-03-31 01:09]:

On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauerlists-open...@bsws.de  wrote:

* Amit Kulkarniamitk...@gmail.com  [2011-03-31 00:45]:

Nothing directly, just observing a comparison of default choice.
OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts
for another (bufcache close to 100%).

you are wrong.

where? please educate me.

your guess on the reasoning for the default is oh so wrong.

nuff said. have a beer or 13, relax and wait.
(and your 13 gonna be cheaper than one bjor here)



Gonna chime in that I'm quite curious as well.  Anyone else care to 
explain why?  My assumptions for why OpenBSD's bufcache percent being 
low are probably quite wrong.


And what are we readers to wait for, anyway?

Re: Is VPN initiation by traffic possible?

[Scott McEachern]

On 04/13/11 05:19, nemir nemirius wrote:

Hi,

One of my clients is a major bank.   We need to exchange data a few
times a day at different intervals,  and they're insisting that we
initiate the VPN on demand with relevent traffic.

It works from their end.  Tunnel is down, they send a ping,  first
packet is dropped as the tunnel is brought up,  subsequent traffic
reaches its destination.



It's called port knocking.  Google is your friend here.

Re: Is VPN initiation by traffic possible?

[Scott McEachern]

On 04/13/11 09:38, Randal L. Schwartz wrote:

Scott == Scott McEachernsc...@blackstaff.ca  writes:

Scott  It's called port knocking.  Google is your friend here.

And if you recommend or use port knocking, you're an amateur at crypto.
If adding 8 sniffable bits to your effective key length makes you
significantly more secure, you've lost the game already.



I'm not advocating it, but it is what he's asking about.

I should have added This is not a good idea, but I was hoping he'd 
figure that out by reading about it.


Nemir, you might want to go back and find out exactly what problem the 
bank is trying to solve with their idea.

Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

After some experimenting, I've discovered that userland ppp stopped 
working normally at some point between the March 24th and April 8th 
snapshots.


I've been using the same ppp.{conf,linkup,linkdown} files for 6 months 
now with 4.8-stable without any problems.  This weekend I decided to 
change firewall hardware and use -current, and the same configuration fails.


It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work 
just fine.  The next snap I have in my collection is Apr. 8th, and 
everything since then including Apr. 17th, fails.


Replication is simple:

- clean install, not an upgrade.  No customizing/tweaking anything.
- copy my known-good ppp.* files over
- up the interface my DSL modem is on
- adjust syslog.conf to allow ppp logging to /var/log/ppp.log
# ppp -ddial mlppp (config file below; normally this done from rc.local)

- with anything = Mar 24th, the connection works straight away
- with anything = Apr. 8th, the ppp process loops continuously trying 
to establish the connection


Looking at the log, the old version shows LCP: 2: RecvConfigReq, after 
which my MRU drops from 1500 to 1492, and the connection ultimately 
succeeds.  The new version only shows LCP: 2: SendConfigReq and the 
redial process loops until manually stopped.


Does anyone have any idea if my config needs adjusting, or have I found 
a bug?  The only variable is the version of -current I use, and the 
ppp(8) man page is the same.  Nothing to indicate that my config needs 
adjusting.


I'm not sure if the following log snippets show the proper information, 
so I'll wait for requests for full logs instead of spamming the list 
with a hugely long post.


Thanks,

- Scott


Log snippet from successful connection:
Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected!
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- 
Closed
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1500
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x48a3693d
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- 
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- 
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = 
Ack-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = 
Ack-Sent


Log snippet from unsuccessful connection:
Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: carrier - login
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: login - lcp
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: FSM: Using 1 as a 
transport
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Initial 
-- Closed
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Closed 
-- Stopped

Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: opening - dial
Apr 17 21:07:32 

Large (3TB) HDD support

[Scott McEachern]

 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 
int 16

azalia1: codecs: VIA/0x0397
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci3 at ppb2 bus 3
D-Link DGE-530T C1 rev 0x10 at pci3 dev 5 function 0 not configured
VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured
ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00
km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00
pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1
usb4 at ohci2: USB revision 1.0
uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1
usb5 at ohci3: USB revision 1.0
uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290
usb6 at ohci4: USB revision 1.0
uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhub7 at uhub0 port 3 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2
uhidev0 at uhub5 port 1 configuration 1 interface 0 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub5 port 1 configuration 1 interface 1 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev1: iclass 3/1, 8 report ids
ums0 at uhidev1 reportid 2: 16 buttons, Z dir
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0
uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0
uhidev2 at uhub5 port 1 configuration 1 interface 2 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev2: iclass 3/0, 33 report ids
uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0
uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0
uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0
uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (6992ea307afaad04.a) swap on sd0b dump on sd0b


--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 15:13, Otto Moerbeek wrote:
Do a 'b *' command here, see the man page. That will make the whole 
disk available and the a command will do what you expect. -Otto


Thank-you Otto and others for your assistance, that did the trick!

I got both drives online, and set them up as a RAID 1 volume.  A little 
geek porn if I may (I've never seen anything quite like that before.  
Ha!  Until sthen@ posted his message):


# df -h /st4
Filesystem  SizeUsed   
Avail Capacity  Mounted on
/dev/sd3a   2.7T8.0K
2.6T 0%/st4


Some snipped dmesg:

sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd3: 2861588MB, 512 bytes/sector, 5860532640 sectors

Now I can lighten the load on some of my other drives. :)

On 06/01/12 15:27, Nick Holland wrote:

0/direct fixed naa.50014ee001cbd923
sd0: 476940MB, 512 bytes/sector, 976773168 sectors
sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3
0/direct fixed naa.5000c5004a6e56f1
sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3
0/direct fixed naa.5000c5004a5baa2e
sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors



Life is good.



Oh, indeed!  However, it'll take me at least a week to xfer my DVD stuff 
onto it...




A few words of warning...

* This really messes up your ability to multiboot, as non-OpenBSD OSs 
will think anything beyond the fdisk/MBR partition might be available. 
But then, most other OSs choke pretty badly at this point anyway.  may 
not be that big a problem.


I won't be multibooting this box any more.  (It was once a triple boot 
WinXP/Win7/OpenBSD machine.)  These days, I just buy really cheap used 
PCs for my occasional Windows needs.  Life is easier with cheap hardware 
than bothering with multiple OSes on one box.



* Lots of BIOSes that see 128G disks still won't let you boot from 
partitions higher than 128G.
* I haven't actually TRIED this.  I was planning on buying a 3TB disk 
to experiment on and update FAQ14...but just before I did, there was 
this little flood issue, and being a cheapskate, I didn't want to sink 
a lot of money into a drive I didn't really need quite yet (or more 
accurately, I need TWO of...)


I was in the exact same boat; I'm a cheapskate too.  I watched the same 
model drive double in price (about $180 CDN to about $400) overnight, 
and eventually they went down to $170.  I kept scratching my chin on the 
idea, and the last straw was when (yet again) if I wanted a file 
(typically a movie), I'd have to dig up the DVD.  I literally have 
hundreds of DVDs.  It's seriously inconvenient to buy blanks, burn the 
data, hope it hasn't degraded when you need it, load it back...  I 
figured Screw it, take the plunge.  I think you know what I'd 
recommend... :)



* Rebuilding the mirror will be a beast.
* you don't want to fsck a 3TB file system, 'specially if it is 
rebuilding the mirror at the same time, though with 12G RAM, you might 
be able to do it.


Nick.



I'm hoping luck will stay on my side and I don't have to rebuild any 
time soon.  And if things go sideways, which I always assume, I have 
other workstations I can use (that one just happens to be the 'best').  
Good eye on noticing the 12GB of RAM; I'm sure that will come in handy 
when things go wrong.  I'll be ordering a third 3TB drive as a spare, 
but in a while.  I don't want them all to be from the same batch.


I have a web server (Pentium 4) with two 40GB drives in RAID 1 as well, 
plus a spare in storage.  (Not a typo, 40GB.)  As you've written before, 
don't trust it, test it, so I pulled a drive, threw in my spare and let 
it rebuild.  I believe that took half a day.  I'm sure 3TB will be very, 
very ugly even on a machine considerably faster than a P4.


BTW, I'm nicely UPSed and have pretty reliable hydro where I live, but 
stuff happens.  That Pentium 4 with the 1.5TB drive only has 1GB of RAM, 
but I've been pleasantly surprised on the couple of times it's had to 
fsck the drive.  I believe it only took about 10 minutes for it to sort 
things out the last time, but it's pretty much read-only.



So thanks again folks for the advice!

--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 20:54, Christian Weisgerber wrote:

David Digglesda...@elven.com.au  wrote:


I fsck'd two 3TB filesystems yesterday with 512MB ram, on 5.1...
it took a while, but worked.

I just fsck'ed a 2.7TB filesystem in 1 minute, 43 seconds.
61% full, 447166 files.



What CPU and how much RAM?  SATA2 or 3?

--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 19:18, Eric Furman wrote:

Looks like Nick and OBSD could use a Donation.
Anyone here in the community willing to step up
and donate a couple 3TB drives?
I would if I could so I understand if some people can't,
but I'm sure there are a few people out there.



I'm willing to step up.

Hopefully, between your post and mine, we can get people to look under 
their cushions for spare change. :)


I buy the CD sets and accessories like the rest of you, but honestly, 
it's been too long since I donated.  Time to fix that situation.


I could swing another 3TB drive, which is about $200 CDN, but not a 
pair.  It was going to be my spare for the RAID array, but hey, it's 
time to give something back.


My only question is whether the $200 for a 3TB drive is the best use of 
my donation.  Is a big HDD actually useful to anyone?  Would the money 
be better applied to something else that OpenBSD can use?  It strikes me 
as rather pointless to order another drive, pay for shipping (even 
though it's only about $8), have it arrive and then ship it to someone 
else.  (I'm sure my credit card company would be curious about why I'm 
buying something and having the goods shipped to a different address, 
possibly half-way around the world.)


Enough of my yapping.  I'm not interested in debating what's the best 
idea.  I'm sure Theo can figure that out.  Time to put up, and shut up, 
so I'm outta here.


Order number 2012/6/1-19:42:43-30258:
Your order currently is:
-  CDN $200.00 [DON] DONATION to the OpenBSD Project
-  Total: CDN $200.00 + Shipping.


Danke,

--
Scott McEachern

https://www.blackstaff.ca

Nitpick: typo in mv(1) man page

[Scott McEachern]

$ diff mv.1.new mv.1
79c79
 when the respective destination path is a non-empty directory,
---
 when the respective destination path is a non-empy directory,


--
Scott McEachern

https://www.blackstaff.ca

Re: Nitpick: typo in mv(1) man page

[Scott McEachern]

On 06/18/12 14:44, Scott McEachern wrote:

$ diff mv.1.new mv.1
79c79
 when the respective destination path is a non-empty directory,
---
 when the respective destination path is a non-empy directory,




Erm, sorry 'about that...

$ diff -u mv.1 mv.1.new
--- mv.1Wed Jun  6 14:22:11 2012
+++ mv.1.newMon Jun 18 15:11:35 2012
@@ -76,7 +76,7 @@
 In both forms, a
 .Ar source
 operand is skipped with an error message
-when the respective destination path is a non-empy directory,
+when the respective destination path is a non-empty directory,
 or when the source is a non-directory file but the destination path
 is a directory, or vice versa.
 .Pp


--
Scott McEachern

https://www.blackstaff.ca

Re: Calomel.org

[Scott McEachern]

On 07/26/12 03:53, Peter Laufenberg wrote:

Apparently calomel is full of bad and/or outdated advice for openbsd,
especially the sysctl tuning stuff.

Your best advice is to follow the official FAQ's on openbsd.org, and
read openbsd man pages to learn your techniques.

Maybe there needs to be a calomel faq on openbsd.org.

a rule that whoever gets a question answered on misc has to add an entry with 
the cleaned reply. It'd do wonders for misc's signal/noise because lazy fucks, 
retards and trolls would think twice before posting


That'll happen right after I'm done cleaning up the unicorn shit from my 
back yard.


You're not the first person to mention a wiki for OpenBSD, and look how 
well that turned out.


--
Scott McEachern

https://www.blackstaff.ca

Diskset arrival today -- sort of (funny)

[Scott McEachern]

I pre-ordered the 5.2 disksets and four t-shirts on September 8th. I'm 
located just outside of Toronto, so there shouldn't be a problem with 
international shipping.


November 1st came and went, with no disksets or t-shirts in sight. Since 
the days of 2.8, I've always received the disksets before the release 
date.  I'm a patient guy, so it's no big deal.  (I've already downloaded 
the amd64 and i386 sets for my servers, and I run -current on my 
workstations, but geez, I'd really like to get my hands on those 
shirts... and the stickers!)


Today the OpenBSD package arrives.  Four new t-shirts, but no disksets 
(and no stickers, dammit!)


The packing list has five checkmarks made in pencil beside each item, so 
somebody made an oops.  Shit happens..


The funny part?  They mailed me the freaking pencil!  I never thought 
I'd buy a $50 pencil, but I guess I was wrong.  I laughed my ass off.


Wondering where my package was, I exchanged emails with Pam at the 
computershop.ca on Nov. 6th.  They were having some shipping issues, but 
she was *really* nice about it.  No joke, she was a real sweetie.


I've since emailed her again, and I'm certain this will eventually get 
sorted out, but until then I just had to share this story.


A pencil?  Seriously?  Hilarious!  I'm still laughing!

--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/11/13 16:38, Paolo Aglialoro wrote:

sparc64 machine, a neglected typo in fstab while changing a disk mountpoint
and boom! - no boot :(




ed(1) isn't hard to use, but if you haven't used it in a while, as 
espie@ said, having another machine handy to hit the man page is 
useful.  Go play with ed(1) now when you aren't in panic mode to get a 
feel for it.


However, if you really feel the need to use vi, then do something like this:

1) use disklabel(8) to see what partition on your HDD contains the /usr 
partition.  vi(1) lives in /usr/bin, so I'm assuming you don't have 
/usr/bin/ mounted somewhere other than /usr.


Pretend it's on partition 'f' of sd0.  Let's also pretend your root 
partition is on 'a'.


2) #mount /dev/sd0a /
#mount /dev/sd0f /usr

If you run vi now, it'll bitch about your terminal type not being set, so:

3) #export TERM=vt220 (or whatever is applicable to you)

4) #vi /etc/fstab (fix your mistake(s))

5) #reboot

and you should be good.

Keep in mind, my workaround above won't always be there for you, so 
I'll say it again:  Go play with ed(1) now on a dummy file when you 
aren't in panic mode to get a feel for it.


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 07:25, Marc Espie wrote:

On Sat, Jan 12, 2013 at 07:17:25AM -0500, Scott McEachern wrote:

On 01/11/13 16:38, Paolo Aglialoro wrote:

sparc64 machine, a neglected typo in fstab while changing a disk mountpoint
and boom! - no boot :(



ed(1) isn't hard to use, but if you haven't used it in a while, as
espie@ said, having another machine handy to hit the man page is
useful.  Go play with ed(1) now when you aren't in panic mode to
get a feel for it.

However, if you really feel the need to use vi, then do something like this:

1) use disklabel(8) to see what partition on your HDD contains the
/usr partition.  vi(1) lives in /usr/bin, so I'm assuming you don't
have /usr/bin/ mounted somewhere other than /usr.

Pretend it's on partition 'f' of sd0.  Let's also pretend your root
partition is on 'a'.

2) #mount /dev/sd0a /
#mount /dev/sd0f /usr

If you run vi now, it'll bitch about your terminal type not being set, so:

3) #export TERM=vt220 (or whatever is applicable to you)

4) #vi /etc/fstab (fix your mistake(s))

5) #reboot

Did you actually test that ? vi wants /var/tmp rw as well...



Nah, just going from memory.  It's been a while.  However, the same 
logic applies:  Look at what partition /var is on and mount it too.


But thanks for illustrating my point:  It's just easier to learn a 
little ed(1) when not panicking in single-user mode.  I'm also assuming 
that his _only_ problem is a typo (or whatever) in fstab, otherwise 
things get more complicated. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 08:24, Paolo Aglialoro wrote:

Thank you Scott!

Your tutorial is really nice :)
I'll star it in my gmail.




Uhm, you're welcome.  Just FYI, it's bad form to reply to a private 
email onto a public mailing list.


I'm no ed(1) expert.  Since it's now on the list, maybe more experienced 
ed users can suggest more efficient ways to do things.


And like espie@ noted in a previous email, no I didn't test it out. 
Practise it for yourself to ensure there aren't any gotchas.. Like how I 
forgot that you will also want to mount /var/ since vi stores its 
recovery files in /var/tmp/.  Oops. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 09:19, Paolo Aglialoro wrote:

Sorry for fwd ur mail in list Scott, didn't notice it was in pvt.

As for the tyre comparison, I agree with you Nick. Better getting your
hands dirty than being laughed at. Which is btw what I did in that nasty
event. But I also remember the cold sweat out of it.


I don't think anyone ever forgets their first time being dropped into 
single-user mode.  While it's a bit of a shocker, what really makes the 
blood run cold is when you realize there's no vi(1) to fix a borked 
config.  I think it was after the second time I screwed up my fstab that 
I broke down and learned the basics of ed.


The timing of you bringing this up is funny to me.  I have a build box 
that I've been screwing around with lately and sometimes I'll copy a 
handful of backup files from my old /etc/ directory onto the new 
install.  And of course I always forget to tweak the fstab.


In the last week alone I've found myself in single-user mode at least 
three times, only instead of fear/sweating, I'm kicking myself (while 
using ed(1) to fix my fstab) for forgetting again.



I mean, plus instead of versus, when space is enough, considering that
nowadays vi is a widespread standard too (can't think of a modern unix
distro without it), shouldn't be asking for the impossible :)
(basically not opening a race for I want this tool too, but reasoning
about an update of survival tools)



FWIW, I couldn't care less if vi(1) is added.  In fact, if it _does_ get 
added, I'll probably forget it's there and continue using ed(1) like 
normal anyway.


PS:  Good analogy Nick.

--
Scott McEachern

https://www.blackstaff.ca

Re: integrated graphics

[Scott McEachern]

 
0xba: msi

pci13 at ppb12 bus 58
ppb13 at pci8 dev 9 function 0 vendor PLX, unknown product 0x8608 rev 
0xba: msi

pci14 at ppb13 bus 59
em1 at pci14 dev 0 function 0 Intel PRO/1000 (82583V) rev 0x00: msi, 
address c8:60:00:cc:4b:65

ehci1 at pci0 dev 29 function 0 Intel 7 Series USB rev 0x04: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 Intel Z77 LPC rev 0x04
ahci2 at pci0 dev 31 function 2 Intel 7 Series AHCI rev 0x04: msi, 
AHCI 1.3

scsibus2 at ahci2: 32 targets
sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct 
fixed naa.5e83a97ba7b2fd30

sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin
sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct 
fixed naa.500a0751032e95ec

sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin
sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct 
fixed naa.5000c50019d9277e

sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors
cd0 at scsibus2 targ 4 lun 0: ASUS, DRW-24B1ST c, 1.05 ATAPI 5/cdrom 
removable
sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 
0/direct fixed naa.5000

sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin
ichiic0 at pci0 dev 31 function 3 Intel 7 Series SMBus rev 0x04: apic 
2 int 18

iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600
spdmem2 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 4GB DDR3 SDRAM PC3-10600
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
mtrr: Pentium Pro MTRR support
uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
ugen0 at uhub2 port 1 Broadcom Corp BCM20702A0 rev 2.00/1.12 addr 3
uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
uhidev0 at uhub3 port 1 configuration 1 interface 0 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev1: iclass 3/1, 8 report ids
ums0 at uhidev1 reportid 2: 16 buttons, Z dir
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0
uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0
uhidev2 at uhub3 port 1 configuration 1 interface 2 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev2: iclass 3/0, 33 report ids
uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0
uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0
uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0
uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b


--
Scott McEachern

https://www.blackstaff.ca

Re: integrated graphics

[Scott McEachern]

On 01/12/13 11:12, Peter Hessler wrote:

On 2013 Jan 12 (Sat) at 10:57:56 -0500 (-0500), Scott McEachern wrote:
:
:I also have an onboard Intel 4000:
:
:vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09
:

Just works.  I have no xorg.conf or any special configuration.


vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09





Hmm, exact same line in both our dmesg's.

Unfortunately, when I run #xdm, my screen goes blank and locks up.  My 
ssh connections are gone, the keyboard and mouse are dead so I can't get 
back to the console and I have to hard reset.  When I reboot, I find 
nothing in /root/.xsession-errors.


Running #X -configure causes a segfault, or so it says at the bottom 
of my Xorg.0.log (below).


It's too bad really, because this is a pretty sweet machine and I'd 
really like to use it as my primary work*station* instead of a 
work*horse*.  Although I haven't tried it lately (as in, the last few 
months), I have tried fooling around with a custom Xorg.conf with no 
success.


Methinks I'm just going to have to wait until either it starts to just 
work (I really don't care about acceleration) or KMS arrives.



[   803.243]
X.Org X Server 1.12.3
Release Date: 2012-07-09
[   803.243] X Protocol Version 11, Revision 0
[   803.243] Build Operating System: OpenBSD 5.2 amd64
[   803.243] Current Operating System: OpenBSD elminster.blackstaff.ca 
5.2 GENERIC.MP#13 amd64

[   803.244] Build Date: 07 January 2013  09:18:33AM
[   803.244]
[   803.244] Current version of pixman: 0.28.0
[   803.244]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[   803.244] Markers: (--) probed, (**) from config file, (==) default 
setting,

(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[   803.244] (==) Log file: /var/log/Xorg.0.log, Time: Sat Jan 12 
11:23:17 2013

[   803.244] (II) Loader magic: 0x10d932b53e0
[   803.244] (II) Module ABI versions:
[   803.244]X.Org ANSI C Emulation: 0.4
[   803.244]X.Org Video Driver: 12.0
[   803.244]X.Org XInput driver : 16.0
[   803.244]X.Org Server Extension : 6.0
[   804.095] (--) checkDevMem: using aperture driver /dev/xf86
[   804.095] (--) PCI:*(0:0:2:0) 8086:0162:1043:84ca rev 9, Mem @ 
0xf380/4194304, 0xd000/268435456, I/O @ 0xf000/64

[   804.096] List of video drivers:
[   804.096]apm
[   804.096]ark
[   804.096]ati
[   804.096]chips
[   804.096]cirrus
[   804.096]dummy
[   804.096]glint
[   804.096]i128
[   804.096]intel
[   804.096]mach64
[   804.096]mga
[   804.096]neomagic
[   804.096]nv
[   804.096]openchrome
[   804.096]r128
[   804.096]radeon
[   804.096]rendition
[   804.096]s3
[   804.096]s3virge
[   804.096]savage
[   804.096]siliconmotion
[   804.096]sis
[   804.096]tdfx
[   804.096]trident
[   804.096]tseng
[   804.096]wsudl
[   804.096]wsudl
[   804.096]vmware
[   804.096]vesa
[   804.096] (II) LoadModule: apm
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/apm_drv.so
[   804.097] (II) Module apm: vendor=X.Org Foundation
[   804.097]compiled for 1.12.3, module version = 1.2.5
[   804.097]Module class: X.Org Video Driver
[   804.097]ABI class: X.Org Video Driver, version 12.0
[   804.097] (II) LoadModule: ark
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ark_drv.so
[   804.097] (II) Module ark: vendor=X.Org Foundation
[   804.097]compiled for 1.12.3, module version = 0.7.5
[   804.097]Module class: X.Org Video Driver
[   804.097]ABI class: X.Org Video Driver, version 12.0
[   804.097] (II) LoadModule: ati
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ati_drv.so
[   804.098] (II) Module ati: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 6.14.6
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: chips
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/chips_drv.so
[   804.098] (II) Module chips: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 1.2.5
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: cirrus
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/cirrus_drv.so
[   804.098] (II) Module cirrus: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 1.5.1
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: dummy
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/dummy_drv.so
[   804.099] (II) Module dummy: vendor=X.Org Foundation
[   804.099]compiled for 1.12.3, module version = 0.3.6
[   804.099]Module class: X.Org Video

softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

 16, 
version 1.0, legacy support
ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 6 int 16, 
version 1.0, legacy support

ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support
ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3c: SMI
iic0 at piixpm0
iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=22 0f=92 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600
spdmem2 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 
int 16

azalia1: codecs: VIA/0x0397
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci3 at ppb2 bus 3
re1 at pci3 dev 5 function 0 D-Link DGE-530T C1 rev 0x10: 
RTL8169/8110SB (0x1000), apic 6 int 20, address 5c:d9:98:ae:3c:7b

rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3
VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured
ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00
km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00
pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1
usb4 at ohci2: USB revision 1.0
uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1
usb5 at ohci3: USB revision 1.0
uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290
usb6 at ohci4: USB revision 1.0
uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhub7 at uhub0 port 4 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2
ugen0 at uhub2 port 3 APC Back-UPS ES 550G FW:843.K4 .D USB FW:K4 rev 
1.10/1.06 addr 2
uhidev0 at uhub4 port 3 configuration 1 interface 0 Logitech USB 
Optical Mouse rev 2.00/43.01 addr 2

uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd3: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd2a (27a551cc8502d62c.a) swap on sd2b dump on sd2b
softraid0: sd4 was not shutdown properly
softraid0: sd4 was not shutdown properly
sd4 at scsibus3 targ 2 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed
sd4: 1430793MB, 512 bytes/sector, 2930265808 sectors

--
Scott McEachern

https://www.blackstaff.ca

Re: pf blocking active connections

[Scott McEachern]

On 02/07/13 15:13, Martijn van Duren wrote:

Hello misc,

Today I watch the current connections on my small home server and I
noticed an unfamiliar ftp-connection. Upon inspecting the connection I
noticed it was a brute force attack, so I fired up my pfctl-utility and
tried to block the attack by adding the ip to my quick drop table.
After adding the ip to the table I noticed that the connection was still
happily active and even reloading my entire ruleset with pfctl
-f /etc/pf.conf didn't help, so I resorted to tcpdrop.

My question is, is it possible to destroy an active connection by
something like adding an ip to a drop quick table (did I miss a certain
flag?) or do I, in an event that something like this happens again,
always have to perform a two stage drop?

Sincerely,

Martijn



I've seen this before.  The attack continued because you have an 
existing state entry on the firewall that is allowing packets to continue.


Use 'pfctl -k (host)' to kill off existing states.

--
Scott McEachern

https://www.blackstaff.ca

Re: pf blocking active connections

[Scott McEachern]

On 02/07/13 15:31, Martijn van Duren wrote:

Thanks for all the quick responses, but if I understand you all
correctly there is no way to cut off an established connection by adding
an ip address to a blocked table, so I'm still left with my two stage
drop off the connection (both adding the the ip to the table and killing
the connection manually).

Martijn




Yes.  But it's not like it's hard to type pfctl -ef /etc/pf.conf  
pfctl -k 192.168.1.1 either. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 11:26, Joel Sing wrote:

On Sat, 9 Feb 2013, Jiri B wrote:

On Sat, Feb 09, 2013 at 02:56:47AM +1100, Joel Sing wrote:

While stacked softraid volumes generally work, they are not officially
supported (for a variety of reasons). The problem that you mention above
is due to the way that softraid volumes are shutdown - the shutdown order
is approximately the same as the order they are created. In your case
this means that sd3 gets shutdown before sd4, hence sd4 is unable to
write metadata to sd3. For the time being, in order to avoid the issue
you should disassemble the CRYPTO volume (sd4) before the RAID 1 volume
(sd3).


Shit, I forgot to mention that I already gave that a whirl by putting:

umount -f /st3 -- the mount point of the crypto volume

in /etc/rc.shutdown.  It makes no difference; I still get that 
warning/error.


I also tried:

umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume

and, curiously, it says that it's not currently mounted.  (Yet that's 
exactly how I mount it with bioctl in rc.securelevel, where it prompts 
me for the password.)  I've also tried doing it by hand (vs. 
rc.shutdown) and it still doesn't matter.


Any other suggestions?

Also, as I said I haven't lost any data thus far and other than seeing 
that message it works just fine.  Am I 1) just lucky so far (and will 
eventually not be so lucky), 2) is it just cleaning up after itself on 
reboot (my rc.securelevel script runs an fsck -p on the volume before 
mounting it), or 3) is it actually working but just not very pretty?



Would stackable softraid volumes work in near future or is it big
problem as how softraid was designed?

Generally speaking they already work - there are just some caveats,
primarily relating to assembly and shutdown. Most of the issues are fairly
easily fixed or are at least solvable (the shutdown ordering should be
simple - I just need to move it up the priority list). That said, longer term
I would rather have disciplines such as RAID1C and RAID10 that handle the
stacking internally and allow for better operation and management.


With that approach (RAID1C) would that also work when the entire volume 
isn't encrypted, like in my case where only one partition of the HDD is 
crypto?


Either way, it sounds fantastic and having smooth RAID (esp. crypto) 
operations, l think, would be a huge feather in OpenBSD's cap.  I 
haven't tried full disk encryption yet, maybe on a test box one day, 
because I just don't need that overhead for every disk access.


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 13:00, Stefan Sperling wrote:

On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote:

Shit, I forgot to mention that I already gave that a whirl by putting:

umount -f /st3 -- the mount point of the crypto volume

in /etc/rc.shutdown.  It makes no difference; I still get that
warning/error.

I also tried:

umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume

and, curiously, it says that it's not currently mounted.  (Yet
that's exactly how I mount it with bioctl in rc.securelevel, where
it prompts me for the password.)  I've also tried doing it by hand
(vs. rc.shutdown) and it still doesn't matter.

Any other suggestions?

You have to destroy the softraid volume, too, in addition to unmounting
the filesystem. Running 'bioctl -d sd4' should do the trick.
You want to see 'sd4 detached' in dmesg before 'sd3 detached'.



Aha!  I gave that a shot and everything works *perfectly*.  No more 
ugly messages and I feel much better about the integrity of my data.


Thanks very much Joel and Stefan, your work and help has been invaluable!


Now, the fun begins:  I have two 3TB RAID1 volumes, with no encryption, 
on another machine (acting like an OpenBSD NAS box, really) at 65% and 
40% capacity (do the math..)  Because I was unsure of the crypto 
volume's integrity on this machine, stuff is rsynced to that machine.  
Now that I know to destroy the crypto volumes I get to do some juggling 
in order to create crypto partitions on those volumes.  This is gonna 
take a while. *laughs*


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 13:32, Paul de Weerd wrote:

On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote:
| Either way, it sounds fantastic and having smooth RAID (esp.
| crypto) operations, l think, would be a huge feather in OpenBSD's
| cap.  I haven't tried full disk encryption yet, maybe on a test box
| one day, because I just don't need that overhead for every disk
| access.

Full disk encryption works fine for me on the two systems where I run
it on. I found that most disk IO is to the FS I want crypted anyway,
so I thought let's not optimize the infrequent path and just went
FDE.  The only real downside is that it's currently lacking installer
integration, but doing those few steps by hand isn't exactly rocket
science anyway, so FDE is definitely my preferred aproach for my
(future) installs.

Paul 'WEiRD' de Weerd



What kind of hardware do you have powering those machines?  Besides, I 
don't use the crypto partition too often and I really should make it 
smaller (it's only at 17% capacity out of 1.4TB).


I should also run some simple benchmarks here to get a vague idea of 
what kind of overhead is actually involved on my own hardware.


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 15:19, Paul de Weerd wrote:

Admittedly, these are pretty powerful machines.  And Antoine was
right, it's amd64 (I don't have i386 in real day-to-day use anymore).


I have a couple of P4s (no HT) running i386 (firewall, and my web/db 
server), but otherwise everything is amd64.



But here are the dmesgs for my office workstation and my laptop:

--- office workstation ---
OpenBSD 5.3-beta (GENERIC.MP) #27: Sun Feb  3 18:03:44 MST 2013
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8541622272 (8145MB)
avail mem = 8291753984 (7907MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec1b0 (83 entries)
bios0: vendor Dell Inc. version A08 date 09/19/2012
bios0: Dell Inc. OptiPlex 9010
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT DMAR ASF! SLIC
acpi0: wakeup devices PS2K(S3) PS2M(S3) UAR1(S3) P0P1(S4) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) 
RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) 
PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S0) EHC2(S0) XHC_(S0) HDEF(S4) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, 3392.85 MHz


Geez, that looks familiar... :)  My workhorse (not workstation since X 
doesn't work):


OpenBSD 5.3-beta (GENERIC.MP) #29: Thu Feb  7 19:31:06 MST 2013
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16851365888 (16070MB)
avail mem = 16380297216 (15621MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb410 (112 entries)
bios0: vendor American Megatrends Inc. version 0408 date 06/05/2012
bios0: ASUSTeK COMPUTER INC. P8Z77-V PREMIUM
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT MSDM BGRT
acpi0: wakeup devices PS2K(S4) PS2M(S4) P0P1(S4) PXSX(S4) RP01(S4) 
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) 
PXSX(S4) RP06(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) 
PEG3(S4) RP07(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) PWRB(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, 3606.12 MHz


So if your 3770 can handle it fine, mine probably can too. :)  I should 
also mention that I have three boot SSDs (various OSes, runs OpenBSD 90% 
of the time) plus the two big RAID volumes for data, so going FDE isn't 
entirely useful.


My workstation isn't too shabby either:

OpenBSD 5.2-current (GENERIC.MP) #20: Mon Jan 21 17:23:23 MST 2013
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12613910528 (12029MB)
avail mem = 12255641600 (11687MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f400 (68 entries)
bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) 
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) 
UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) 
UHC7(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.25 MHz

but again, the big volumes are just for storage and the OS/boot is also 
from an SSD.


I have a 3.2GHz P4 (with HT, so it's amd64) as a general server and it 
has a crypto volume.  I don't think FDE would fly quite so well on 
it...  I'd love for the web/database server to be FDE, but a 2.8GHz i386 
P4 would probably cry in pain.


The bottom line is that for the machines that are capable of FDE, I run 
an SSD/HDD split for the OS/data.  Not a lot of point in encrypting the 
OS for the sake of it, at least in my case.


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy


Oddly enough, no.  The reason I find it odd is that in my script to ask 
for my password in rc.securelevel, the bioctl command uses DUIDs.  My 
rc.shutdown:


snip
umount -f /st7
umount -f /home

bioctl -d sd10
#bioctl -d 485a9f963f9cf9ea
#bioctl -d 485a9f963f9cf9ea.a

bioctl -d sd11
#bioctl -d 36d18f2cde909b01
#bioctl -d 36d18f2cde909b01.a
/snip

The commented lines are what I tried and found not to work.  Which kinda 
blows because if I change anything in the BIOS, the drives get 
renumbered so I pretty much *have* to use DUIDs.  (I have other OpenBSD 
installations and other OSes on other drives.)


This can get quite messy and I end up with roaming drive warnings:

# dmesg |grep sd[0-9]
sd0 at scsibus0 targ 0 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c500525bf426

sd0: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5005265ff15

sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5004a5baa2e

sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd3 at scsibus0 targ 3 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5004a6e56f1

sd3: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct 
fixed naa.5e83a97ba7b2fd30

sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin
sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct 
fixed naa.500a0751032e95ec

sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin
sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct 
fixed naa.5000c50019d9277e

sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors
sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 
0/direct fixed naa.5000

sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b
sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd10: 666MB, 512 bytes/sector, 1365008 sectors
sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd11: 858476MB, 512 bytes/sector, 1758159312 sectors


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 15:06, Stefan Sperling wrote:

On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote:

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy

Oddly enough, no.

See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch.
It hasn't been committed yet because jsing didn't ok it. Perhaps he
will change his mind if we ask again nicely :)



Will do, but since I've only been running snapshots for ages, I'm going 
to have to get the -current sources against what's on the 5.2 CDs.  This 
is gonna take a while, but I'll test it out.


And thank-you, that patch will be quite useful for me. :)

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 15:06, Stefan Sperling wrote:

On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote:

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy

Oddly enough, no.

See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch.
It hasn't been committed yet because jsing didn't ok it. Perhaps he
will change his mind if we ask again nicely :)



The patch applied cleanly, I rebuilt the system and rebooted.  All 
looked good.


Then I adjusted my /etc/rc.shutdown to this:

umount -f /st7
umount -f /home

#bioctl -d sd10  -- this was used before
bioctl -d 485a9f963f9cf9ea
#bioctl -d 485a9f963f9cf9ea.a

#bioctl -d sd11  -- this was used before
bioctl -d 36d18f2cde909b01
#bioctl -d 36d18f2cde909b01.a

and executed a reboot.

The bad news?  I got the same error as before:

syncing disks... done
sd3 detached
softraid0: I/O error 5 on dev 0x433 at block 16
softraid0: could not write metadata to sd3d
sd4 detached
rebooting...

at least I think that's what it said, it went by rather quickly.  I 
definitely saw the could not write metadata part.


At this point I figured no harm, no foul.  Was I ever wrong.

Upon reboot the system shit all over the place and dropped me to single 
user mode.  The offending partitions were /dev/sd8a and /dev/sd9a.  In 
my fstab, I have the following:


6be798121798a5a7.b none swap sw
6be798121798a5a7.a / ffs rw,softdep 1 1
6be798121798a5a7.d /tmp ffs rw,nodev,nosuid,softdep 1 2
6be798121798a5a7.f /usr ffs rw,nodev,softdep 1 2
6be798121798a5a7.g /usr/X11R6 ffs rw,nodev,softdep 1 2
6be798121798a5a7.i /usr/local ffs rw,nodev,softdep 1 2
6be798121798a5a7.h /usr/obj ffs rw,nodev,nosuid,softdep 1 2
6be798121798a5a7.e /var ffs rw,nodev,nosuid,softdep 1 2
e1d635ac777ed919.a /st5 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2
3131dc858bdefd32.a /st6 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2
darkon:/st1/ /st1 nfs rw,nodev,soft,intr 0 0

See the /st5 (e1d..919.a, aka sd8a) and /st6 (313..f32.a, aka sd9a) 
mount points?  Those are my two 3TB RAID1 volumes.  Or should I say, 
*were*.  You can see where this is going, right?


I used ed(1) to comment those lines out, rebooted.  Things seemed to 
come up normally and I figured I might have to fsck the big drives 
when oh *fuck*.  sd8 and sd9 no longer exist.


The tail end of my dmesg normally looks like this (before I added the 
crypto volumes):


softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b

Now it looks like this:

softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b

I didn't know what to wipe first, the sweat off my forehead or ... well, 
you get the idea.


I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 
and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the volumes 
(just like how I created them the first time around), and *hope like 
hell* I can get my shit back, but before I do that, I wanted to get your 
advice to ensure that's my best possible move.


Hey, you know, maybe it would be best if I reinstalled my previous 
snapshot (Feb7 I think) and use _that_ version of bioctl, no?


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW

[Scott McEachern]

On 02/09/13 22:16, Scott McEachern wrote:
I didn't know what to wipe first, the sweat off my forehead or ... 
well, you get the idea.


I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 
and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the 
volumes (just like how I created them the first time around), and 
*hope like hell* I can get my shit back, but before I do that, I 
wanted to get your advice to ensure that's my best possible move.


Hey, you know, maybe it would be best if I reinstalled my previous 
snapshot (Feb7 I think) and use _that_ version of bioctl, no?




I could have sworn the man page for fsck(8) said something about rule #1 
being don't panic, but I couldn't find it in there.  Must be somewhere 
else.  So I didn't panic, watched a bit of TV and thought about it...


If bioctl -d destroys my crypto partitions but yet they can be found 
upon reboot (with the appropriate bioctl command), wouldn't the same 
thing apply if bioctl somehow destroyed my RAID1 volumes?


I went back to the previous snapshot and with very sweaty hands I gave 
it a try, and yes, it does work.  Rerunning the RAID1 creation commands 
happily brought back both volumes.  I then brought back my crypto 
volumes and voila:


softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b
sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd10: 666MB, 512 bytes/sector, 1365008 sectors
softraid0: volume sd10 is roaming, it used to be sd11, updating metadata
sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd11: 858476MB, 512 bytes/sector, 1758159312 sectors
softraid0: volume sd11 is roaming, it used to be sd10, updating metadata

All is well. :)  I feel like I just got off a really wild rollercoaster 
and want to go back for more abuse.  With that said...


I'm going to try that patch again, only this time I'm going to try it 
out a little differently (more slowly, ahem) and see what's happening.  
I'm filled with self-doubt that *I* did something wrong, somewhere.  
Besides, my nerves are shot, so I couldn't sleep now if I tried.


I really want that patch to work, dammit.

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW

[Scott McEachern]

On 02/10/13 14:17, Alexander Hall wrote:

On 02/10/13 08:13, Scott McEachern wrote:


I could have sworn the man page for fsck(8) said something about rule #1
being don't panic, but I couldn't find it in there.  Must be somewhere
else.  So I didn't panic, watched a bit of TV and thought about it...


I'm pretty sure you're thinking about scan_ffs(8), which however 
suggests the following:


 1. Panic.  You usually do so anyways, so you might as well get it over
with.  Just don't do anything stupid.  Panic away from your
machine.  Then relax, and see if the steps below won't help you
out.
 2. ...

:-)

/Alexander



Ah yes, thanks for the reminder.

--
Scott McEachern

https://www.blackstaff.ca

Re: bootable OpenBSD USB stick from windows?

[Scott McEachern]

On 02/12/13 08:10, Heptas Torres wrote:

On 2/12/13, Jan Stary h...@stare.cz wrote:

On Feb 11 23:48:09, hepta...@gmail.com wrote:

On 2/11/13, christopher sasarak chris.sasa...@gmail.com wrote:

I had a similar situation with my laptop and found a solution in the
FAQ:
http://www.openbsd.org/faq/faq14.html#flashmemLive

Essentially what I had to do was boot from CD on the desktop system
(using
an ISO for the desktop system's architecture)

That assumes that my windows machine can boot from a CD which is not
the case (I have no CD-ROM neither on my windows machine nor on the
machine where I want to install OpenBSD).

I only have access to a windows machine to burn an iso image, do you

How do you do it then, exactly?


In case of Linux images with one of the tools I mentioned in one of my
previous messages.
-h



Oh for pete's sake, it's 2013.  Go to your local computer store and 
spend (at most) $20 dollars on an optical drive.  Install the damn thing 
on your Winbox, follow the many directions already posted here, and be 
done with it.


It's not rocket surgery and optical drives really do come in handy. And 
they're dirt cheap.


Or, save the $20 and install VirtualBox like people have suggested.

Just end this stupid thread because you're talking in circles.

--
Scott McEachern

https://www.blackstaff.ca