Re: Best OpenBSD cloud hosting?

[Darren Spruell]

On Tue, Oct 8, 2013 at 6:16 PM,  openda...@hushmail.com wrote:
 Hi,

 Can anyone recommend a decent OpenBSD cloud hosting provider?

No experience with their cloud services, but M5 Hosting proudly offers
OpenBSD options. Maybe worth checking out:

http://www.m5cloud.com/

-- 
Darren Spruell
phatbuck...@gmail.com

Re: Best OpenBSD cloud hosting?

[Paul Kelly]

On 9/10/2013 12:16 PM, openda...@hushmail.com wrote:
 Can anyone recommend a decent OpenBSD cloud hosting provider?

CloudSigma do. Looks like you can do a short trial as well.

http://www.cloudsigma.com/2013/09/26/running-freebsd-netbsd-and-openbsd-in-the-cloud/

altq on multiple interfaces

[Leonardo Lombardo]

Hi all,

is there a way to configure altq on multiple interfaces, sharing the same
parameters (bandwidth, priorities, etc) ?

If not, is there some other mechanism to obtain the same result ?

Thanks for any suggestion.

Leonardo

Re: Sorry OpenBSD people, been a bit busy

[Zé Loff]

On Oct 9, 2013, at 12:15 AM, Scott McEachern sc...@blackstaff.ca wrote:

 On 10/08/13 17:38, Richard Thornton wrote:
 I am not flippant enough to say that the NSA revelations do not matter,
 but what are we supposed to do?  The Middle Eastern terrorism threat is
 real and we need to be able to stop them anyway necessary.
 
 All it takes is one of them to hit every Walmart in the neighborhood,
 buy every pay-as-you-go phone they have, then pass them out to their
 friends in every Mosque.  Now you have a new terrorism threat.  So,
 welcome to the real world my friend, and wake up.

[...]

 And for the record, both you and Ze Loff should stick to facts and rational 
 discussion.  Bigots and morons are best defeated with those, and they'll show 
 their true colours, debasing their own opinions.  There's no need for insults 
 and ad hominem attacks.

First of all I owe an apology to the list and, albeit partially, to Richard. I 
now realise I overreacted a bit. I don't think hate (in the broadest sense of 
the word) belongs in this list and the comments the kind of which Richard made 
really get on my nerves. Ironically enough, I ended up spreading the hate 
myself. Again, my apologies.

That being said, Richard, if you still stand behind your comment and your gross 
generalisation about muslims, I must still call you a bigot. And just for the 
sake of clarity I have the utmost respect for the victims of 9/11, as I have 
for those in Boston, Fallujah, Gaza, Auschwitz, Sbrenica, Sudan, Rwanda, 
Chechnya or in that theatre in Moscow a few years ago. In short for every one 
who was harmed by some idiot/state who thinks his beliefs (religious or not) is 
better than the rest of them. The all muslims are terrorists generalisation 
is as dumb and shortsighted as saying all blond girls are stupid, all americans 
are fat gun fanatics, all germans are nazis, all jews are... I'm sure you get 
the point.

Just to bring this slightly back on-topic, please realise that terrorism (as 
real as it is) has been used as an pretext. Intercepting communications on the 
UN has nothing to do with it, nor does planting bugs on the European 
Parliament, nor does spying on Brasil's President or its state oil company.

And Scott, thanks for setting me straight and for the rest of your message.


Again sorry for the noise and kudos on the YYCIX, Theo.
Zé

Re: altq on multiple interfaces

[Andy]

# WAN egress Queues
altq on $if_ext bandwidth 970Mb hfsc queue { ext_local, ext_wan }
queue ext_local bandwidth 800Mb priority 4 hfsc(upperlimit 800Mb) { 
_local_kernel, _local_data }
queue _local_kernel on $if_ext bandwidth 1% priority 6 
hfsc(realtime 1%, linkshare 10%)
queue _local_data on $if_ext bandwidth 99% priority 0 
hfsc(linkshare 80%)
queue ext_wan bandwidth 100Mb priority 15 hfsc(linkshare 100Mb) { 
_wan_pri, _wan_int, _wan_web, _wan_dflt }
queue _wan_pri on $if_ext bandwidth 20% priority 6 qlimit 100 
hfsc(realtime 20%, linkshare 20%)
queue _wan_int on $if_ext bandwidth 5% priority 5 qlimit 100 
hfsc(realtime 5%, linkshare 5%)
queue _wan_web on $if_ext bandwidth 50% priority 4 qlimit 100 
hfsc(realtime(10%, 1000, 1%), linkshare 50%, ecn)
queue _wan_dflt on $if_ext bandwidth 5% priority 2 qlimit 100 
hfsc(realtime(10%, 1000, 1%), linkshare 5%, ecn, default)

# LAN egress Queues
altq on $if_lan bandwidth 970Mb hfsc queue { lan_local, lan_wan }
queue lan_local bandwidth 800Mb priority 4 hfsc(upperlimit 800Mb) { 
_local_kernel, _local_data }
queue _local_kernel on $if_lan bandwidth 1% priority 6 
hfsc(realtime 1%, linkshare 10%)
queue _local_data on $if_lan bandwidth 99% priority 0 
hfsc(linkshare 80%)
queue lan_wan bandwidth 100Mb priority 15 hfsc(linkshare 100Mb) { 
_wan_pri, _wan_int, _wan_web, _wan_dflt }
queue _wan_pri on $if_lan bandwidth 10% priority 6 qlimit 100 
hfsc(realtime 10%, linkshare 10%)
queue _wan_int on $if_lan bandwidth 5% priority 5 qlimit 100 
hfsc(realtime 5%, linkshare 5%)
queue _wan_web on $if_lan bandwidth 60% priority 4 qlimit 100 
hfsc(realtime(10%, 1000, 1%), linkshare 60%, ecn)
queue _wan_dflt on $if_lan bandwidth 5% priority 2 qlimit 100 
hfsc(realtime(10%, 1000, 1%), linkshare 5%, ecn, default)


Note the 'on $if_ext'

You can now write the rule;

pass quick proto { tcp } from { ext_trusted_netsv4 } to { 
int_ssh_serversv4 } port { ssh } queue (_wan_dflt,_wan_int) set prio (2,5)


This would queue the traffic in both directions with only one rule.

NB; I use '_local_kernel' for local CARP traffic etc, and '_local_data' 
for traffic which is not distined for the WAN link but other local 
networks and so can run at wire speed.

And _wan_* for the wan based traffic..

Hope this helps,
Andy.


On 09/10/13 07:47, Leonardo Lombardo wrote:

Hi all,

is there a way to configure altq on multiple interfaces, sharing the same
parameters (bandwidth, priorities, etc) ?

If not, is there some other mechanism to obtain the same result ?

Thanks for any suggestion.

Leonardo

Re: OpenBSD on 64 cores and 256 GB of RAM

[Kirill Bychkov]

On Wed, October 9, 2013 01:25, Predrag Punosevac wrote:
 We just received two new OEM Supermicro computing nodes for our Lab 4x16
 cores = 64 in total, 16x16GB RAM =256 GB of RAM in total.  NIC: Intel
 82574 Dual-Port Gigabit. I just could not resist and I had to install
 OpenBSD first. Everything works as expected. Please see the dmesg below
 to get an idea how OpenBSD handles 64 CPUs and 256 GB or RAM.

 I installed amd64 snapshot from 29 of July. I am guessing this is a very
 common hardware but if any of developers want me to spin the current on
 this thing and do some serious network packets pushing before I deploy
 this in production please let me know.  Unfortunately I will have to run
 RedHat on these two because we use MATLAB and few other proprietary
 things on our computing nodes but I can assure you that these two babies
 will be protected by OpenBSD boxes.

Hi.

 OpenBSD 5.4 (GENERIC.MP) #39: Mon Jul 29 00:28:39 MDT 2013
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
[snip]
 acpibtn0 at acpi0: PWRB
 ipmi at mainbus0 not configured
 cpu0: 2500 MHz: speeds: 2500 2300 2000 1700 1400 MHz
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 ATI SR5690 Host rev 0x02
 ppb0 at pci0 dev 13 function 0 ATI SR5690 PCIE rev 0x00: msi
 pci1 at ppb0 bus 2
 em0 at pci1 dev 0 function 0 Intel 82576 rev 0x01: msi, address
 00:25:90:5a:aa:2c
 em1 at pci1 dev 0 function 1 Intel 82576 rev 0x01: msi, address
 00:25:90:5a:aa:2d
 ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x00: apic 0 int 22, AHCI
 1.1
 scsibus0 at ahci0: 32 targets
 sd0 at scsibus0 targ 0 lun 0: ATA, INTEL SSDSC2BB60, D201 SCSI3 0/direct
 fixed naa.50015178f3650416
 sd0: 457860MB, 512 bytes/sector, 937698855 sectors, thin
 ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 0 int 16,
 version 1.0, legacy support
 ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 0 int 16,
 version 1.0, legacy support
 ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 0 int 17
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
 ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 0 int 18,
 version 1.0, legacy support
 ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 0 int 18,
 version 1.0, legacy support
 ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 0 int 19
 usb1 at ehci1: USB revision 2.0
 uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1
 piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3d: SMI
 iic0 at piixpm0
 sdtemp0 at iic0 addr 0x19: mcp98243
 sdtemp1 at iic0 addr 0x1b: mcp98243
 sdtemp2 at iic0 addr 0x1d: mcp98243
 sdtemp3 at iic0 addr 0x1f: mcp98243
 lm1 at iic0 addr 0x2d: W83627DHG
 nvt0 at iic0 addr 0x2f: W83795G
 spdmem0 at iic0 addr 0x51: 16GB DDR3 SDRAM registered ECC PC3-12800 with
 thermal sensor
 spdmem1 at iic0 addr 0x53: 16GB DDR3 SDRAM registered ECC PC3-12800 with
 thermal sensor
 spdmem2 at iic0 addr 0x55: 16GB DDR3 SDRAM registered ECC PC3-12800 with
 thermal sensor
 spdmem3 at iic0 addr 0x57: 16GB DDR3 SDRAM registered ECC PC3-12800 with
 thermal sensor

Strange. And where are other 12 banks of memory?

 pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
 ppb1 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
 pci2 at ppb1 bus 1
 vga1 at pci2 dev 4 function 0 Matrox MGA G200eW rev 0x0a
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 0 int 18,
 version 1.0, legacy support
 pchb1 at pci0 dev 24 function 0 AMD AMD64 15h Link Cfg rev 0x00
 pchb2 at pci0 dev 24 function 1 AMD AMD64 15h Address Map rev 0x00
 pchb3 at pci0 dev 24 function 2 AMD AMD64 15h DRAM Cfg rev 0x00
 km0 at pci0 dev 24 function 3 AMD AMD64 15h Misc Cfg rev 0x00
 pchb4 at pci0 dev 24 function 4 AMD AMD64 15h CPU Power rev 0x00
 pchb5 at pci0 dev 24 function 5 AMD AMD64 15h Host rev 0x00
 pchb6 at pci0 dev 25 function 0 AMD AMD64 15h Link Cfg rev 0x00
 pchb7 at pci0 dev 25 function 1 AMD AMD64 15h Address Map rev 0x00
 pchb8 at pci0 dev 25 function 2 AMD AMD64 15h DRAM Cfg rev 0x00
 km1 at pci0 dev 25 function 3 AMD AMD64 15h Misc Cfg rev 0x00
 pchb9 at pci0 dev 25 function 4 AMD AMD64 15h CPU Power rev 0x00
 pchb10 at pci0 dev 25 function 5 AMD AMD64 15h Host rev 0x00
 pchb11 at pci0 dev 26 function 0 AMD AMD64 15h Link Cfg rev 0x00
 pchb12 at pci0 dev 26 function 1 AMD AMD64 15h Address Map rev 0x00
 pchb13 at pci0 dev 26 function 2 AMD AMD64 15h DRAM Cfg rev 0x00
 km2 at pci0 dev 26 function 3 AMD AMD64 15h Misc Cfg rev 0x00
 pchb14 at pci0 dev 26 function 4 AMD AMD64 15h CPU Power rev 0x00
 pchb15 at pci0 dev 26 function 5 AMD AMD64 15h Host rev 0x00
 pchb16 at pci0 dev 27 function 0 AMD AMD64 15h Link Cfg rev 0x00
 pchb17 at pci0 dev 27 function 1 AMD AMD64 15h Address Map rev 0x00
 pchb18 at pci0 dev 27 function 2 AMD AMD64 15h DRAM Cfg rev 0x00
 km3 at pci0 dev 27 function 3 AMD AMD64 15h 

Re: Sorry OpenBSD people, been a bit busy

[Zé Loff]

On Oct 9, 2013, at 3:44 AM, Benjamin Heath benjamin.joel.he...@gmail.com 
wrote:

 But, people have given up this information. They weren't even paid or
 coerced. Why so naive?

(Quite) a few years ago, the Dutch government wanted to make sure everyone had 
a proper burial, according to each one's beliefs and rituals. So they asked 
people to state their religious beliefs. This is a good idea right? Everyone's 
wishes get respected even if you had no family or if your whole family died in 
an accident or fire or whatever. Besides, I've got nothing to hide, being 
insert your religion here is nothing to be ashamed of and I'm proud of my 
heritage. So the government made a nice list. And then a few years later 
Germany invaded the Netherlands.

Point being, it's not naiveté. It's this whole I've got nothing to hide 
anyway, let them look / I am not that important mentality. People fail to 
realise that this is not about you having something to hide or not. It's about 
your right to hide something /if and when you want to/.

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/09/13 05:08, Zé Loff wrote:


(Quite) a few years ago, the Dutch government wanted to make sure everyone had a proper burial, 
according to each one's beliefs and rituals. So they asked people to state their religious 
beliefs. This is a good idea right? Everyone's wishes get respected even if you had no family 
or if your whole family died in an accident or fire or whatever. Besides, I've got 
nothing to hide, being insert your religion here is nothing to be ashamed of and I'm 
proud of my heritage. So the government made a nice list. And then a few years later 
Germany invaded the Netherlands.

Point being, it's not naiveté. It's this whole I've got nothing to hide anyway, let them 
look / I am not that important mentality. People fail to realise that this is not 
about you having something to hide or not. It's about your right to hide something /if and when you 
want to/.


Both of your last two posts, well said.

Thanks for pointing out that it was the Netherlands that kept that data, 
and why.  When I mentioned it earlier, I wasn't sure earlier if it was 
the Belgians or the Dutch, or why.  Good to know, and remember.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Looking for good, small, canadian version laptop suggestions

[Tomas Bodzar]

On Wed, Oct 9, 2013 at 12:14 AM, g.lister g.lis...@nodeunit.com wrote:

 Hi guys,

 I am looking for some suggestions for a good, small quite laptop. I was
 looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 which
 runs OpenBSD 5.2 but it is veeey loud some issue with keeping heat down
 it has i7 cores but I am willing to settle for a lot less threads and power
 I need it for some vim C coding and basic duties.


Really 5.2 version? Why don't you try latest relase or better current which
will have much better support of HW in your laptop.



 I would like to get something quieter and that also runs OpenBSD without
 major issues. I saw a lenovo thinkpad x131e on futureshop but it is kind of
 small on the screen size 11.6 and I am not sure if OpenBSD will work on it.

 Does anyone care to mention what they are using.
 Thanks in advance.
 Cheers,
 George

Re: Sorry OpenBSD people, been a bit busy

[Richard Thornton]

I am not stupid  midwestern enough to believe that all Muslims are a
terrorist threat.  My son is half jewish and I am not even reflexively
pro-israel.  I find that when I enter a church or a temple, its a bit
of mental torture;  over the weekend I was at a bat mitzvah and believe
me, it was torture. I am about as far from the beliefs of david horowitz
as you can get.  I live near Princeton, and personally I think that NJ is
a police state;  they actually monitor people's license plates and I was
harrassed 5 years ago in a park near princeton, because I was caught
there after dark in my car with a partially used bottle of wine.
They harrassed me for over 15 minutes making me dance around out of my
car, then they let me go;  later I was in the starbucks in princeton,
about midnite, and these two saw me and started laughing.  Its all a joke
to these guys - law  order.

Anyway, according to bin laden, he just wanted us out
of arab lands.  That was his main gripe.  Boy, if thats all it takes, I
would go in a heart beat, why fight these guys?  But somehow I think they
also want us out of portugal, spain, turkey, north africa, and ultimately
israel.  Last year I saw David Broza at 92nd St Y;  he personally
sponsored 4 young musicians from Nazareth, 3 of whom were palestinian.
I have to tell you, at least 85% of the audience, standing room only was
jewish, and all loved this guy and the concert.  Obviously there are
people on the other side, including myself, looking for an olive branch
and a way out of this global mess, buts whats with all these draconian
blasphemy laws in places like pakistand, iran, and saudi arabia?  Why cant
a britsh citizen like Rushdie write a book iranians dont like and be in
hiding for literally years?  They even targeted publishers in NYC over his
book.  What about the Van Gogh murder? It is a concern of mine that
what is happening in France with Algerians, and others, and what is in
England with Pakistanis will spill into NJ.  We shouldnt unfairly target
muslims, but they should likewise leave me alone;  I may be the great
satan, but I have never advocated military action in any of their lands,
except to get bin laden in 2002.


On Wed, 9 Oct 2013, Zé Loff wrote:

 On Oct 9, 2013, at 12:15 AM, Scott McEachern sc...@blackstaff.ca wrote:

 On 10/08/13 17:38, Richard Thornton wrote:
 I am not flippant enough to say that the NSA revelations do not matter,
 but what are we supposed to do?  The Middle Eastern terrorism threat is
 real and we need to be able to stop them anyway necessary.

 All it takes is one of them to hit every Walmart in the neighborhood,
 buy every pay-as-you-go phone they have, then pass them out to their
 friends in every Mosque.  Now you have a new terrorism threat.  So,
 welcome to the real world my friend, and wake up.

 [...]

 And for the record, both you and Ze Loff should stick to facts and rational
discussion.  Bigots and morons are best defeated with those, and they'll show
their true colours, debasing their own opinions.  There's no need for insults
and ad hominem attacks.

 First of all I owe an apology to the list and, albeit partially, to Richard.
I now realise I overreacted a bit. I don't think hate (in the broadest sense
of the word) belongs in this list and the comments the kind of which Richard
made really get on my nerves. Ironically enough, I ended up spreading the hate
myself. Again, my apologies.

 That being said, Richard, if you still stand behind your comment and your
gross generalisation about muslims, I must still call you a bigot. And just
for the sake of clarity I have the utmost respect for the victims of 9/11, as
I have for those in Boston, Fallujah, Gaza, Auschwitz, Sbrenica, Sudan,
Rwanda, Chechnya or in that theatre in Moscow a few years ago. In short for
every one who was harmed by some idiot/state who thinks his beliefs (religious
or not) is better than the rest of them. The all muslims are terrorists
generalisation is as dumb and shortsighted as saying all blond girls are
stupid, all americans are fat gun fanatics, all germans are nazis, all jews
are... I'm sure you get the point.

 Just to bring this slightly back on-topic, please realise that terrorism (as
real as it is) has been used as an pretext. Intercepting communications on the
UN has nothing to do with it, nor does planting bugs on the European
Parliament, nor does spying on Brasil's President or its state oil company.

 And Scott, thanks for setting me straight and for the rest of your message.


 Again sorry for the noise and kudos on the YYCIX, Theo.
 Zé

Re: Sorry OpenBSD people, been a bit busy

[Peter Hessler]

This has gotten massively off topic.  Can we please let the thread end here?

Re: Sorry OpenBSD people, been a bit busy

[Christiano F. Haesbaert]

It might come as a shock for you all.

But we don't give a flying fuck for what you guys think about X where
X is not related to OpenBSD.

Try #ihavetheurgetoexpressmyfeeelings in irc.disney.com

Re: Sorry OpenBSD people, been a bit busy

[Richard Thornton]

You're right!  I am outa here!  Bye!


On Wed, Oct 9, 2013 at 7:18 AM, Peter Hessler phess...@theapt.org wrote:

 This has gotten massively off topic.  Can we please let the thread end
 here?

Re: altq on multiple interfaces

[Leonardo Lombardo]

Thanks for your reply Andy.

What if I have:

- multiple VLANs on an internal IF
- have a limited bandwidth on external (say 10/10Mbit/s)

and I want to share the external bandwidth among all VLANs giving some IPs
(from different VLANs) each a bandwidth guarantee ?

Sorry if I was not clear in my original question...

Thanks

Re: Sorry OpenBSD people, been a bit busy

[sbienddr...@googlemail.com]

Am I being monitored for receiving these emails?

On 10/09/13 12:18, Peter Hessler wrote:

This has gotten massively off topic.  Can we please let the thread end here?

Re: Sorry OpenBSD people, been a bit busy

[John Long]

On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote:
 Am I being monitored for receiving these emails?

No, you're being monitored for using google, stupid.

Did anybody consider the possibility Theo didn't start this thread? The
email headers looked ok at a quick glance but that didn't sound very much
like him.

Re: Sorry OpenBSD people, been a bit busy

[Jérémie Courrèges-Anglas]

John Long codeb...@inbox.lv writes:

 On Wed, Oct 09, 2013 at 12:41:07PM +0100, sbienddr...@googlemail.com wrote:
 Am I being monitored for receiving these emails?

 No, you're being monitored for using google, stupid.

Please follow Peter's advice:

On 10/09/13 12:18, Peter Hessler wrote:
 This has gotten massively off topic.  Can we please let the thread end here?


 Did anybody consider the possibility Theo didn't start this thread? The
 email headers looked ok at a quick glance but that didn't sound very much
 like him.

He did.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Sorry OpenBSD people, been a bit busy

[Peter Hessler]

Please stop

-- 
There are people so addicted to exaggeration
that they can't tell the truth without lying.
-- Josh Billings

Re: altq on multiple interfaces

[Andy]

On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote:

Thanks for your reply Andy.

What if I have:

- multiple VLANs on an internal IF


Just have a different set of queues for each 'on vlanX' etc.


- have a limited bandwidth on external (say 10/10Mbit/s)


Do as was suggested, have a smaller bandwidth for the WAN traffic 
(100Mbit in the example). Just change that to 10Mbit.




and I want to share the external bandwidth among all VLANs giving some IPs 
(from different VLANs) each a bandwidth guarantee ?


You cannot share the 'download' bandwidth across all internal VLANS for 
the inbound direction, you have to divide it out so that the egress 
bandwith of each of the internal VLANs sum to the total ingress 
bandwidth of your WAN. This is a horrible limitation which I *hate* :(


You can share the upstream bandwith however as this can be all applied 
to the single WAN interface.


Remember you can only queue egress, not ingress.



Sorry if I was not clear in my original question...

Thanks

Re: Best OpenBSD cloud hosting?

[Beto]

Hi, arpnetworks is other option.


2013/10/8 openda...@hushmail.com

 Hi,

 Can anyone recommend a decent OpenBSD cloud hosting provider?

 Digital Ocean looks nice but they don't yet offer OpenBSD (
 https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-
 ).

 There's ARP Networks and TransIP but they don't offer clouds.

 Thanks.

 O.D.

Help vote for OpenBSD

[opendaddy]

Hi,

Could you guys help me vote for OpenBSD at Digital Ocean?

https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-

Basically it's the only SSD cloud hosting provider 
(https://www.youtube.com/watch?v=vHZLCahai4Q) in existance and if the response 
is good enough, they'll start offering OpenBSD.

Thanks!

O.D.

Re: Help vote for OpenBSD

[opendaddy]

* existence

On 9. oktober 2013 at 2:09 PM, openda...@hushmail.com wrote:

Hi,

Could you guys help me vote for OpenBSD at Digital Ocean?

https://digitalocean.uservoice.com/forums/136585-digital-
ocean/suggestions/3232571-support-bsd-os-

Basically it's the only SSD cloud hosting provider 
(https://www.youtube.com/watch?v=vHZLCahai4Q) in existance and if 
the response is good enough, they'll start offering OpenBSD.

Thanks!

O.D.

Delay starting OpenOSPFd and OpenBGPd

[Andy]

Hi,

It seems that OSPF starts quite early in the boot process before other 
things have finished booting.


Is their a way to delay the start so that it only starts announcing once 
all the start up scripts have run etc?


Cheers, Andy.

Re: Delay starting OpenOSPFd and OpenBGPd

[Theo de Raadt]

 It seems that OSPF starts quite early in the boot process before other 
 things have finished booting.
 
 Is their a way to delay the start so that it only starts announcing once 
 all the start up scripts have run etc?

That would be wrong.  I can figure out why you want it.

The starting of routes from OSPF is not meant to indicate that higher
level services are now available.  In fact there may be higher-level
services which require that the routes are available before they can
start.

setgid problem

[Bambero]

Hello

I have a small php script which creates a file:


#!/usr/local/bin/php-5.2 -q

//set group ID to operator
posix_setgid(5);
posix_setegid(5);

//set user ID to nobody
posix_setuid($_uid);

// create file
touch('/tmp/permtest');

echo 'getuid: ' . posix_getuid() . \n;
echo 'getgid: ' . posix_getgid() . \n;
echo 'getegid: ' . posix_getegid() . \n;


Script returns (as expected):
--
getuid: 2
getgid: 5
getegid: 5
--

But file created with that script has perms:

-rw-r--r--   1 operator wheel 0 Oct  9 16:16 permtest

So it looks like the setgid not works ?

Can anyone help ?

Bambero

Re: setgid problem

[Otto Moerbeek]

On Wed, Oct 09, 2013 at 04:26:20PM +0200, Bambero wrote:

 Hello
 
 I have a small php script which creates a file:
 
 
 #!/usr/local/bin/php-5.2 -q
 
 //set group ID to operator
 posix_setgid(5);
 posix_setegid(5);
 
 //set user ID to nobody
 posix_setuid($_uid);
 
 // create file
 touch('/tmp/permtest');
 
 echo 'getuid: ' . posix_getuid() . \n;
 echo 'getgid: ' . posix_getgid() . \n;
 echo 'getegid: ' . posix_getegid() . \n;
 
 
 Script returns (as expected):
 --
 getuid: 2
 getgid: 5
 getegid: 5
 --
 
 But file created with that script has perms:
 
 -rw-r--r--   1 operator wheel 0 Oct  9 16:16 permtest
 
 So it looks like the setgid not works ?
 
 Can anyone help ?
 
 Bambero

On *BSD systems, the group owner of a file is inherited from the directory.

-Otto

Re: Delay starting OpenOSPFd and OpenBGPd

[Andy]

Hi Theo,

Agreed, I guess I'm really just concerned about CARP and PF and not 
wanting to direct packets to the firewall before its ready. But I guess 
this should be fine and I'm just worrying..


Because I cannot get the carp backup to announce routes with a higher 
cost I'm struggling to come up with a design which I think will be 
stable.


For all important purposes, our internal v4 nets are RFC1918 nets and 
so I have to run CARP on the internal NICs (server default routes), and 
CARP on the outside for NAT RDR BINAT etc, with filtering and state 
checking/modulation.


So v4 OSPF is mostly fine for now (adding 'network carp1' to area 0 
where carp1 is the internal carp) with 5.4 as I would like the 
different data centres to communicate across our layer 2 WAN without 
NATing reliably even during CARP failover.


The bad feeling I have ;) is to do with v6. We are trying to dual-stack 
our entire network, we have /many/ networks behind our BSD routers, and 
I'm freaked at the thought of loops (packet enters the backup firewall, 
ingresses the network, server replies, and the reply egresses the 
network via the master firewall.


'defer' seems like it would slow things down, and sloppy states scares 
me as it disables security (server has to use its own mechanism to 
prevent ICMP teardown attack and/or insertion attacks etc etc). But I 
admit I don't understand it properly yet.


To me being able to control route costs would be a better solution and 
stop any loops.
I appreciate this problem is being born out of the fact that I am 
trying to run the boxes as both firewalls /and/ routers.


Does this make sense, and does anyone have an idea of how to cope with 
this dual-stack scenario?


Cheers, Andy.

PS; ignore all the slanderus bull It's impossible to make everyone 
happy and to think the same way.. ;)



On Wed 09 Oct 2013 15:20:33 BST, Theo de Raadt wrote:

It seems that OSPF starts quite early in the boot process before other
things have finished booting.

Is their a way to delay the start so that it only starts announcing once
all the start up scripts have run etc?


That would be wrong.  I can figure out why you want it.

The starting of routes from OSPF is not meant to indicate that higher
level services are now available.  In fact there may be higher-level
services which require that the routes are available before they can
start.

Re: altq on multiple interfaces

[Andy]

On Wed 09 Oct 2013 13:53:06 BST, Andy wrote:

On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote:

Thanks for your reply Andy.

What if I have:

- multiple VLANs on an internal IF


Just have a different set of queues for each 'on vlanX' etc.


- have a limited bandwidth on external (say 10/10Mbit/s)


Do as was suggested, have a smaller bandwidth for the WAN traffic
(100Mbit in the example). Just change that to 10Mbit.



and I want to share the external bandwidth among all VLANs giving
some IPs (from different VLANs) each a bandwidth guarantee ?


You cannot share the 'download' bandwidth across all internal VLANS
for the inbound direction, you have to divide it out so that the
egress bandwith of each of the internal VLANs sum to the total ingress
bandwidth of your WAN. This is a horrible limitation which I *hate* :(



Thinking about it, this might not be true..

After-all the packets egress the physical underlying interface so I 
wonder if its possible to 'queue' on the physical interface 'on emX' 
for example underneath the 802.1Q tagging, such that all the traffic 
for all VLANs on top of that phys interface would go through the same 
queues!


If that were the case it would be wonderful :) and I would be changing 
my own topology immediately to take advantage of having all my 
different internal nets share the same WAN downstream bandwidth!


Someone on here who knows OpenBSD better than me might know if this is 
possible?




You can share the upstream bandwith however as this can be all applied
to the single WAN interface.

Remember you can only queue egress, not ingress.



Sorry if I was not clear in my original question...

Thanks

Re: Best OpenBSD cloud hosting?

[Francisco Valladolid H.]

On Wed, Oct 9, 2013 at 8:14 AM, Beto b...@compumundohypermegared.org wrote:
 Hi, arpnetworks is other option.


arpnetwork is simple VM, no cloud.

I think  no support for OpenBSD cloud at this time

Regards


 2013/10/8 openda...@hushmail.com

 Hi,

 Can anyone recommend a decent OpenBSD cloud hosting provider?

 Digital Ocean looks nice but they don't yet offer OpenBSD (
 https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-
 ).

 There's ARP Networks and TransIP but they don't offer clouds.

 Thanks.

 O.D.




-- 
Francisco Valladolid H.
 -- http://blog.bsdguy.net - Jesus Christ follower.

Re: setgid problem

[Bambero]

Thanks fo the answer.

But, another example:

#!/usr/local/bin/php-5.2 -q

//set group ID to operator
posix_setgid(5);
posix_setegid(5);

//set user ID to nobody
posix_setuid($_uid);

echo 'getuid: ' . posix_getuid() . \n;
echo 'getgid: ' . posix_getgid() . \n;
echo 'getegid: ' . posix_getegid() . \n;

echo file_get_contents('/etc/sudoers');


This script returns contents of /etc/sudoers file.
But it shouldn't becouse perms of /etc/sudoers permissions are:
-
-r--r-  1 root  wheel  1354 Aug 17  2011 /etc/sudoers


I'm I right ?

Bambero


On Wed, Oct 9, 2013 at 4:30 PM, Otto Moerbeek o...@drijf.net wrote:

 On Wed, Oct 09, 2013 at 04:26:20PM +0200, Bambero wrote:

  Hello
 
  I have a small php script which creates a file:
 
  
  #!/usr/local/bin/php-5.2 -q
 
  //set group ID to operator
  posix_setgid(5);
  posix_setegid(5);
 
  //set user ID to nobody
  posix_setuid($_uid);
 
  // create file
  touch('/tmp/permtest');
 
  echo 'getuid: ' . posix_getuid() . \n;
  echo 'getgid: ' . posix_getgid() . \n;
  echo 'getegid: ' . posix_getegid() . \n;
  
 
  Script returns (as expected):
  --
  getuid: 2
  getgid: 5
  getegid: 5
  --
 
  But file created with that script has perms:
 
  -rw-r--r--   1 operator wheel 0 Oct  9 16:16 permtest
 
  So it looks like the setgid not works ?
 
  Can anyone help ?
 
  Bambero

 On *BSD systems, the group owner of a file is inherited from the directory.

 -Otto

Re: setgid problem

[Otto Moerbeek]

On Wed, Oct 09, 2013 at 05:47:36PM +0200, Bambero wrote:

 Thanks fo the answer.
 
 But, another example:
 
 #!/usr/local/bin/php-5.2 -q
 
 //set group ID to operator
 posix_setgid(5);
 posix_setegid(5);
 
 //set user ID to nobody
 posix_setuid($_uid);
 
 echo 'getuid: ' . posix_getuid() . \n;
 echo 'getgid: ' . posix_getgid() . \n;
 echo 'getegid: ' . posix_getegid() . \n;
 
 echo file_get_contents('/etc/sudoers');
 
 
 This script returns contents of /etc/sudoers file.
 But it shouldn't becouse perms of /etc/sudoers permissions are:
 -
 -r--r-  1 root  wheel  1354 Aug 17  2011 /etc/sudoers
 
 
 I'm I right ?


No, there are also a group list. See getgroups(2) and setgroups().
getgroups(2) maps to posix_getgroups(). But is seems posix_setgroups() was
forgotten by the php folks.

-Otto

 
 Bambero
 
 
 On Wed, Oct 9, 2013 at 4:30 PM, Otto Moerbeek o...@drijf.net wrote:
 
  On Wed, Oct 09, 2013 at 04:26:20PM +0200, Bambero wrote:
 
   Hello
  
   I have a small php script which creates a file:
  
   
   #!/usr/local/bin/php-5.2 -q
  
   //set group ID to operator
   posix_setgid(5);
   posix_setegid(5);
  
   //set user ID to nobody
   posix_setuid($_uid);
  
   // create file
   touch('/tmp/permtest');
  
   echo 'getuid: ' . posix_getuid() . \n;
   echo 'getgid: ' . posix_getgid() . \n;
   echo 'getegid: ' . posix_getegid() . \n;
   
  
   Script returns (as expected):
   --
   getuid: 2
   getgid: 5
   getegid: 5
   --
  
   But file created with that script has perms:
  
   -rw-r--r--   1 operator wheel 0 Oct  9 16:16 permtest
  
   So it looks like the setgid not works ?
  
   Can anyone help ?
  
   Bambero
 
  On *BSD systems, the group owner of a file is inherited from the directory.
 
  -Otto

Re: My VPS is acting slow (KVM)

[opendaddy]

On 6. oktober 2013 at 1:15 PM, Manolis Tzanidakis mtzanida...@gmail.com 
wrote:

First, upgrade to STABLE to avoid potential kernel panics. Check 
patch 007 in http://openbsd.org/errata53.html for more info. M:Tier 
offers pre-built patches and packages, if you want to avoid compiling. 
Check https://stable.mtier.org/ .

To be able to switch back and forth from wd/em to vioblk/vio:
- make sure you use DUID in fstab. disklabel(8) for more info.
- copy /etc/hostname.em0 to /etc/hostname.vio0 .
- ask your vps provider to enable virtio for disk and net.

My VPS provider says it will take them a couple of weeks to enable virtio. Does 
it really take that long?

They also say they have virtio enabled for FreeBSD, meaning they were aware 
that their OpenBSD offering was going to be below par, but chose to sell it to 
me anyway.

O.D.

Re: Looking for good, small, canadian version laptop suggestions

[g.lister]

- Original message -
From Tomas Bodzar tomas.bod...@gmail.com
Sent   Wed Oct   9 2013 11:29:07 AM CEST
To g.lis...@nodeunit.com
Subject Re: Looking for good, small, canadian version laptop suggestions


On Wed, Oct 9, 2013 at 12:14 AM, g.lister g.lis...@nodeunit.com wrote:

 Hi guys,

 I am looking for some suggestions for a good, small quite laptop. I was
 looking at futureshop.ca and bestbuy.ca. I currently have an HP dv3 which
 runs OpenBSD 5.2 but it is veeey loud some issue with keeping heat down
 it has i7 cores but I am willing to settle for a lot less threads and power
 I need it for some vim C coding and basic duties.


Really 5.2 version? Why don't you try latest relase or better current which
will have much better support of HW in your laptop.


I tried 5.3, first, and it installed OK but at boot it stops at mtrr: 
Intel MTRR check after that is normally the USB stuff. I am not sure 
but I think I have to go into some kernel debugger to get anywhere from 
there and I needed to have OpenBSD setup so I can poke around using 
Michael's book.


Anyway the laptop is noisy with Linux and Windows and I have tried 
disabling fan always on in the BIOS to no avail, it is basically 
either badly made or the BIOS is to be blamed or..., which is why I 
decided to see what other people are using as a laptop and draw some 
conclusion from that.


Thanks for reading.





 I would like to get something quieter and that also runs OpenBSD without
 major issues. I saw a lenovo thinkpad x131e on futureshop but it is kind of
 small on the screen size 11.6 and I am not sure if OpenBSD will work on it.

 Does anyone care to mention what they are using.
 Thanks in advance.
 Cheers,
 George

Re: Best OpenBSD cloud hosting?

[William Light]

cloudsigma does qemu/KVM cloud hosting. i've spun up openbsd VMs there.
too pricey for my needs, but maybe it'll work out for you.

http://www.cloudsigma.com/

-w

On Wed, 9 Oct 2013, at 17:29, Francisco Valladolid H. wrote:
 On Wed, Oct 9, 2013 at 8:14 AM, Beto b...@compumundohypermegared.org
 wrote:
  Hi, arpnetworks is other option.
 
 
 arpnetwork is simple VM, no cloud.
 
 I think  no support for OpenBSD cloud at this time
 
 Regards
 
 
  2013/10/8 openda...@hushmail.com
 
  Hi,
 
  Can anyone recommend a decent OpenBSD cloud hosting provider?
 
  Digital Ocean looks nice but they don't yet offer OpenBSD (
  https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-
  ).
 
  There's ARP Networks and TransIP but they don't offer clouds.
 
  Thanks.
 
  O.D.
 
 
 
 
 -- 
 Francisco Valladolid H.
  -- http://blog.bsdguy.net - Jesus Christ follower.

Re: Best OpenBSD cloud hosting?

[Jiri B]

On Wed, Oct 09, 2013 at 01:16:54AM +, openda...@hushmail.com wrote:
 Hi,
 
 Can anyone recommend a decent OpenBSD cloud hosting provider?
 
 Digital Ocean looks nice but they don't yet offer OpenBSD 
 (https://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/3232571-support-bsd-os-).
 
 There's ARP Networks and TransIP but they don't offer clouds.
 
 Thanks.
 
 O.D.

What about Joyent? They ported KVM from Linux to Solaris
and they run it under zones. I would trust more Solaris based
solution they some hackish Linux setups where every VM runs under
root :)

j.

Upgrading by installing post time_t snapshot

[Jeff Ross]

I've got to upgrade some remote machines that I only have access via ssh.

I've been using a script based on the Upgrade without install kernel 
for years.  I modified it slightly for this upgrade by adding


/usr/sbin/pwd_mkdb /etc/master.passwd

to /etc/rc.local so the password databases can be updated and I can log 
in after the first reboot.


But how do I make the remote system reboot?  Attempting to use the 
/sbin/oreboot file I made in accordance to the Upgrade without install 
kernel method fails with a Bad system call (core dump) error, as does 
trying *any* command after base is extracted.


In the two systems I just upgraded (a pair of CARPed firewalls) I had a 
person on-site that could power-down the system I just updated but I 
have a few out there in the wild where that is more problematic--not 
impossible, but definitely inconvenient.


What am I missing?

Thanks,

Jeff Ross

Re: Best OpenBSD cloud hosting?

[Antoine Jacoutot]

On Wed, Oct 09, 2013 at 02:31:02PM -0400, Jiri B wrote:
 What about Joyent? They ported KVM from Linux to Solaris
 and they run it under zones. I would trust more Solaris based
 solution they some hackish Linux setups where every VM runs under
 root :)

I personally use SmartOS and while it is an awesome system, OpenBSD does not 
always behave perfectly well under Solaris KVM.
I've had several vdisk related issues.
In my experience, Linux KVM is a better container for our OS.

-- 
Antoine

Re: Best OpenBSD cloud hosting?

[Stephen Drake]

On 10/09/13 03:16, openda...@hushmail.com wrote:
 Can anyone recommend a decent OpenBSD cloud hosting provider?

RootBSD are quite good, I have been using them for a few years now with
zero downtime. A bit more pricey compaired to Digital Ocean, but they
are solid and support new releases rather quickly.

http://www.rootbsd.net/services/virtual-servers-vps/

Re: Best OpenBSD cloud hosting?

[Dorian H.]

I've got a few OpenBSD boxes running at TransIP, very satisfied about it.
QEMU/KVM based, and they recently added a new feature, 'private
networks' between
two or more VPS's.

It might not explicitly have the label 'cloud' attached to it, but
still very nice; and quite cheap as well.


On Wed, Oct 9, 2013 at 8:45 PM, Antoine Jacoutot ajacou...@bsdfrog.org wrote:
 On Wed, Oct 09, 2013 at 02:31:02PM -0400, Jiri B wrote:
 What about Joyent? They ported KVM from Linux to Solaris
 and they run it under zones. I would trust more Solaris based
 solution they some hackish Linux setups where every VM runs under
 root :)

 I personally use SmartOS and while it is an awesome system, OpenBSD does not 
 always behave perfectly well under Solaris KVM.
 I've had several vdisk related issues.
 In my experience, Linux KVM is a better container for our OS.

 --
 Antoine

Re: Upgrading by installing post time_t snapshot

[Nick Holland]

On 10/09/2013 02:43 PM, Jeff Ross wrote:

I've got to upgrade some remote machines that I only have access via ssh.

I've been using a script based on the Upgrade without install kernel
for years.  I modified it slightly for this upgrade by adding

 /usr/sbin/pwd_mkdb /etc/master.passwd

to /etc/rc.local so the password databases can be updated and I can log
in after the first reboot.

But how do I make the remote system reboot?  Attempting to use the
/sbin/oreboot file I made in accordance to the Upgrade without install
kernel method fails with a Bad system call (core dump) error, as does
trying *any* command after base is extracted.


I think you are doing something wrong here...
/sbin/oreboot should be the old binary, which should -- and can! -- run 
on the old kernel.


I just did this last night, so I know it can work. :)

Are you using standard, supplied shells, such as ksh, sh, or csh?  I 
could imagine that bash or something else would get really really 
unhappy there, but ksh et al. should be fully resident in RAM.


or did you happen to try sudo oreboot?  that also would be expected to 
not work, not because of oreboot, but because of sudo.


Do an ls -l /sbin/*reboot, I think your /sbin/oreboot isn't what you are 
thinking it is.


Nick.

GNOME on OpenBSD 5.3 amd64

[obsd, cgi]

I tried to install GNOME on OpenBSD 5.3 amd64 for Desktop use (on
VirtualBox), see the howto below.

But after the howto, reboot, startx with a normal user:
https://i.imgur.com/MaT8lcW.png

Xorg.0.log
https://pastee.org/p8ppa

# original:
http://www.gabsoftware.com/tips/tutorial-install-gnome-desktop-and-gnome-display-manager-on-openbsd-4-8/
---

when installing:
-g*

---

echo 'export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/'
 ~/.profile; . ~/.profile
pkg_add -i -vv gnome-session gdm
# if there was Can't install foo message, try the pkg_add line again

---

vi /etc/rc.local

Append/modify the following lines in /etc/rc.local:

if [ -x /usr/local/sbin/gdm ]; then
echo -n ' gdm'; (sleep 5; /usr/local/sbin/gdm) 
fi

---

echo 'exec gnome-session'  /root/.xinitrc; chmod +x /root/.xinitrc
exit
echo 'exec gnome-session'  .xinitrc; chmod +x .xinitrc

---

pkg_add -i -vv metacity
pkg_add -i -vv gnome-panel
pkg_add -i -vv nautilus

---

vi /etc/rc.conf.local

Append/modify the following lines :

xdm_flags=NO
gnome_enable=YES
gdm_enable=YES

---

pkg_add -i -vv gnome-terminal gnome-control-center gnome-menus
gnome-settings-daemon gnome-themes-standard
# for some reason, these aren't found: gnome-themes-extras gnome-utils
gnome-applets2 gnome-system-monitor gnome-nettool

---

So the question is anybody has a working howto for installing GNOME on
OpenBSD?

Thanks

Re: GNOME on OpenBSD 5.3 amd64

[Jérémie Courrèges-Anglas]

obsd, cgi obsd...@postafiok.hu writes:

 I tried to install GNOME on OpenBSD 5.3 amd64 for Desktop use (on
 VirtualBox), see the howto below.

 But after the howto, reboot, startx with a normal user:
 https://i.imgur.com/MaT8lcW.png

 Xorg.0.log
 https://pastee.org/p8ppa

 # original:
 http://www.gabsoftware.com/tips/tutorial-install-gnome-desktop-and-gnome-display-manager-on-openbsd-4-8/

External tutorial for 4.8 vs. official documentation for 5.3.
This leads to the nonsense you've done to your 5.3 system below.

 ---

 when installing:
 -g*

 ---

 echo 'export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/'
 ~/.profile; . ~/.profile
 pkg_add -i -vv gnome-session gdm
 # if there was Can't install foo message, try the pkg_add line again

 ---

 vi /etc/rc.local

 Append/modify the following lines in /etc/rc.local:

 if [ -x /usr/local/sbin/gdm ]; then
 echo -n ' gdm'; (sleep 5; /usr/local/sbin/gdm) 
 fi

 ---

 echo 'exec gnome-session'  /root/.xinitrc; chmod +x /root/.xinitrc
 exit
 echo 'exec gnome-session'  .xinitrc; chmod +x .xinitrc

 ---

 pkg_add -i -vv metacity
 pkg_add -i -vv gnome-panel
 pkg_add -i -vv nautilus

 ---

 vi /etc/rc.conf.local

 Append/modify the following lines :

 xdm_flags=NO
 gnome_enable=YES
 gdm_enable=YES

 ---

 pkg_add -i -vv gnome-terminal gnome-control-center gnome-menus
 gnome-settings-daemon gnome-themes-standard
 # for some reason, these aren't found: gnome-themes-extras gnome-utils
 gnome-applets2 gnome-system-monitor gnome-nettool

 ---

 So the question is anybody has a working howto for installing GNOME on
 OpenBSD?

Just so that Antoine doesn't feel forced to send another mail about this
recurring subject: pkg_add gnome, *read* the various readmes, don't use
virtualbox.

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Upgrading by installing post time_t snapshot

[Jeff Ross]

On 10/9/13 1:29 PM, Nick Holland wrote:

On 10/09/2013 02:43 PM, Jeff Ross wrote:
I've got to upgrade some remote machines that I only have access via 
ssh.


I've been using a script based on the Upgrade without install kernel
for years.  I modified it slightly for this upgrade by adding

 /usr/sbin/pwd_mkdb /etc/master.passwd

to /etc/rc.local so the password databases can be updated and I can log
in after the first reboot.

But how do I make the remote system reboot?  Attempting to use the
/sbin/oreboot file I made in accordance to the Upgrade without install
kernel method fails with a Bad system call (core dump) error, as does
trying *any* command after base is extracted.


I think you are doing something wrong here...
/sbin/oreboot should be the old binary, which should -- and can! -- 
run on the old kernel.


I just did this last night, so I know it can work. :)

Are you using standard, supplied shells, such as ksh, sh, or csh? I 
could imagine that bash or something else would get really really 
unhappy there, but ksh et al. should be fully resident in RAM.


or did you happen to try sudo oreboot?  that also would be expected 
to not work, not because of oreboot, but because of sudo.


Do an ls -l /sbin/*reboot, I think your /sbin/oreboot isn't what you 
are thinking it is.


Nick.


Hi Nick!

Just the person I was hoping to hear chime in!

Standard ksh shell, as root, although I got there via sudo.

I for sure thought it was odd, but actually on 4 separate systems I've 
had reboot fail.  The first was my little netbook in my lap, but that 
was not problem because I could physically access the keyboard.  The 
next was half of another pair of CARPed firewalls--I have yet to get 
someone in there to fix that--and then the CARPed pair at my 
work--yesterday for one and this morning for the other.


Here is the output of ls -l /sbin/*reboot

jross@samsara1:/home/jross $ ls -l /sbin/*reboot
-r-xr-xr-x  1 root  wheel  189236 Oct  8 13:42 /sbin/oreboot
-r-xr-xr-x  2 root  bin193332 Oct  1 11:46 /sbin/reboot

The oreboot is the copy of the previous /sbin/reboot--and the size 
matches exactly the /sbin/reboot file on another system from about a 
month before the time_t change.


Here's my update script from the first system I tried to upgrade at 
work.  In this case I tried running pwd_mkdb (since I'd checked that it 
was a static binary) before rebooting.


Every command after the extracting base failed.

#!/bin/sh
path=/usr/releasedir/

export RELEASEPATH=$path   # where you put the files
cd ${RELEASEPATH}
rm /obsd ; ln /bsd /obsd  cp bsd.mp /nbsd  mv /nbsd /bsd
cp bsd.rd  /
cp bsd  /bsd.sp

rm -rf /usr/X11R6/lib/modules/*

cp /sbin/reboot /sbin/oreboot
files=xserv xfont xshare xetc xbase game comp man base
for i in $files
  do
echo $i
tar -C / -xzphf $i*
rm -f $i*
sync
done
/usr/sbin/pwd_mkdb /etc/master.passwd
cp /dev/null /var/log/lastlog
cp /dev/null /var/log/wtmp
/sbin/oreboot


However, it just occurred to me that I was in a tmux shell as root--so 
it was *not* ksh!  I'll bet it was tmux that was croaking! I've gotten 
in the habit of using tmux since it's been in base so if my internet 
connection drops the script doesn't stop, leaving the whole system in an 
inconsistent state--which I had happen about halfway through extracting 
base one time.


Hmm--should (and can) tmux be switched to a static binary in base? It's 
great to have that safety net if either side of my sometimes crappy 
internet goes away.


Thanks, as always, Nick!

Jeff

Re: Upgrading by installing post time_t snapshot

[Nicholas Marriott]

So long as tmux is running and attached it is already in memory and
replacing the binary on disk should have no effect.

Also ksh is still ksh even if it's inside tmux. tmux is not a
shell. Once your script is going then whether you are running it inside
tmux or not should make no difference. Assuming the script doesn't
itself invoke tmux and you don't do anything to kill the tmux server.

Your script is running rm, sync, pwd_mkdb and cp after replacing them so
I guess they it is expected they will fail.

No idea why oreboot is failing.

Are you sure you aren't running an old version of the script by
accident, or something like that?


On Wed, Oct 09, 2013 at 02:47:52PM -0600, Jeff Ross wrote:
 On 10/9/13 1:29 PM, Nick Holland wrote:
 On 10/09/2013 02:43 PM, Jeff Ross wrote:
 I've got to upgrade some remote machines that I only have access
 via ssh.
 
 I've been using a script based on the Upgrade without install kernel
 for years.  I modified it slightly for this upgrade by adding
 
  /usr/sbin/pwd_mkdb /etc/master.passwd
 
 to /etc/rc.local so the password databases can be updated and I can log
 in after the first reboot.
 
 But how do I make the remote system reboot?  Attempting to use the
 /sbin/oreboot file I made in accordance to the Upgrade without install
 kernel method fails with a Bad system call (core dump) error, as does
 trying *any* command after base is extracted.
 
 I think you are doing something wrong here...
 /sbin/oreboot should be the old binary, which should -- and can!
 -- run on the old kernel.
 
 I just did this last night, so I know it can work. :)
 
 Are you using standard, supplied shells, such as ksh, sh, or csh?
 I could imagine that bash or something else would get really
 really unhappy there, but ksh et al. should be fully resident in
 RAM.
 
 or did you happen to try sudo oreboot?  that also would be
 expected to not work, not because of oreboot, but because of sudo.
 
 Do an ls -l /sbin/*reboot, I think your /sbin/oreboot isn't what
 you are thinking it is.
 
 Nick.
 
 Hi Nick!
 
 Just the person I was hoping to hear chime in!
 
 Standard ksh shell, as root, although I got there via sudo.
 
 I for sure thought it was odd, but actually on 4 separate systems
 I've had reboot fail.  The first was my little netbook in my lap,
 but that was not problem because I could physically access the
 keyboard.  The next was half of another pair of CARPed firewalls--I
 have yet to get someone in there to fix that--and then the CARPed
 pair at my work--yesterday for one and this morning for the other.
 
 Here is the output of ls -l /sbin/*reboot
 
 jross@samsara1:/home/jross $ ls -l /sbin/*reboot
 -r-xr-xr-x  1 root  wheel  189236 Oct  8 13:42 /sbin/oreboot
 -r-xr-xr-x  2 root  bin193332 Oct  1 11:46 /sbin/reboot
 
 The oreboot is the copy of the previous /sbin/reboot--and the size
 matches exactly the /sbin/reboot file on another system from about a
 month before the time_t change.
 
 Here's my update script from the first system I tried to upgrade at
 work.  In this case I tried running pwd_mkdb (since I'd checked that
 it was a static binary) before rebooting.
 
 Every command after the extracting base failed.
 
 #!/bin/sh
 path=/usr/releasedir/
 
 export RELEASEPATH=$path   # where you put the files
 cd ${RELEASEPATH}
 rm /obsd ; ln /bsd /obsd  cp bsd.mp /nbsd  mv /nbsd /bsd
 cp bsd.rd  /
 cp bsd  /bsd.sp
 
 rm -rf /usr/X11R6/lib/modules/*
 
 cp /sbin/reboot /sbin/oreboot
 files=xserv xfont xshare xetc xbase game comp man base
 for i in $files
   do
 echo $i
 tar -C / -xzphf $i*
 rm -f $i*
 sync
 done
 /usr/sbin/pwd_mkdb /etc/master.passwd
 cp /dev/null /var/log/lastlog
 cp /dev/null /var/log/wtmp
 /sbin/oreboot
 
 
 However, it just occurred to me that I was in a tmux shell as
 root--so it was *not* ksh!  I'll bet it was tmux that was croaking!
 I've gotten in the habit of using tmux since it's been in base so if
 my internet connection drops the script doesn't stop, leaving the
 whole system in an inconsistent state--which I had happen about
 halfway through extracting base one time.
 
 Hmm--should (and can) tmux be switched to a static binary in base?
 It's great to have that safety net if either side of my sometimes
 crappy internet goes away.
 
 Thanks, as always, Nick!
 
 Jeff

Re: Help vote for OpenBSD

[Stuart Henderson]

On 2013-10-09, openda...@hushmail.com openda...@hushmail.com wrote:
 Basically it's the only SSD cloud hosting provider 
 (https://www.youtube.com/watch?v=vHZLCahai4Q) in existance

No it isn't.

Re: Upgrading by installing post time_t snapshot

[Jeff Ross]

Speaking of failing internet...using my phone...

All of the programs at the end of my script are static binaries, either in /bin 
or /usr/sbin, so they should work, right?   Yet nothing ran, ls and cat both 
failed with the bad system call error. 

I only have one version of my script.  It doesn't call tmux nor did I kill the 
tmux server. 

Interesting!  Thanks for replying. 

Jeff
Sent from my iPhone,
Reluctantly hunting and pecking on a virtual keyboard :-)

 On Oct 9, 2013, at 3:19 PM, Nicholas Marriott nicholas.marri...@gmail.com 
 wrote:
 
 So long as tmux is running and attached it is already in memory and
 replacing the binary on disk should have no effect.
 
 Also ksh is still ksh even if it's inside tmux. tmux is not a
 shell. Once your script is going then whether you are running it inside
 tmux or not should make no difference. Assuming the script doesn't
 itself invoke tmux and you don't do anything to kill the tmux server.
 
 Your script is running rm, sync, pwd_mkdb and cp after replacing them so
 I guess they it is expected they will fail.
 
 No idea why oreboot is failing.
 
 Are you sure you aren't running an old version of the script by
 accident, or something like that?
 
 
 On Wed, Oct 09, 2013 at 02:47:52PM -0600, Jeff Ross wrote:
 On 10/9/13 1:29 PM, Nick Holland wrote:
 On 10/09/2013 02:43 PM, Jeff Ross wrote:
 I've got to upgrade some remote machines that I only have access
 via ssh.
 
 I've been using a script based on the Upgrade without install kernel
 for years.  I modified it slightly for this upgrade by adding
 
/usr/sbin/pwd_mkdb /etc/master.passwd
 
 to /etc/rc.local so the password databases can be updated and I can log
 in after the first reboot.
 
 But how do I make the remote system reboot?  Attempting to use the
 /sbin/oreboot file I made in accordance to the Upgrade without install
 kernel method fails with a Bad system call (core dump) error, as does
 trying *any* command after base is extracted.
 
 I think you are doing something wrong here...
 /sbin/oreboot should be the old binary, which should -- and can!
 -- run on the old kernel.
 
 I just did this last night, so I know it can work. :)
 
 Are you using standard, supplied shells, such as ksh, sh, or csh?
 I could imagine that bash or something else would get really
 really unhappy there, but ksh et al. should be fully resident in
 RAM.
 
 or did you happen to try sudo oreboot?  that also would be
 expected to not work, not because of oreboot, but because of sudo.
 
 Do an ls -l /sbin/*reboot, I think your /sbin/oreboot isn't what
 you are thinking it is.
 
 Nick.
 Hi Nick!
 
 Just the person I was hoping to hear chime in!
 
 Standard ksh shell, as root, although I got there via sudo.
 
 I for sure thought it was odd, but actually on 4 separate systems
 I've had reboot fail.  The first was my little netbook in my lap,
 but that was not problem because I could physically access the
 keyboard.  The next was half of another pair of CARPed firewalls--I
 have yet to get someone in there to fix that--and then the CARPed
 pair at my work--yesterday for one and this morning for the other.
 
 Here is the output of ls -l /sbin/*reboot
 
 jross@samsara1:/home/jross $ ls -l /sbin/*reboot
 -r-xr-xr-x  1 root  wheel  189236 Oct  8 13:42 /sbin/oreboot
 -r-xr-xr-x  2 root  bin193332 Oct  1 11:46 /sbin/reboot
 
 The oreboot is the copy of the previous /sbin/reboot--and the size
 matches exactly the /sbin/reboot file on another system from about a
 month before the time_t change.
 
 Here's my update script from the first system I tried to upgrade at
 work.  In this case I tried running pwd_mkdb (since I'd checked that
 it was a static binary) before rebooting.
 
 Every command after the extracting base failed.
 
 #!/bin/sh
 path=/usr/releasedir/
 
 export RELEASEPATH=$path   # where you put the files
 cd ${RELEASEPATH}
 rm /obsd ; ln /bsd /obsd  cp bsd.mp /nbsd  mv /nbsd /bsd
 cp bsd.rd  /
 cp bsd  /bsd.sp
 
 rm -rf /usr/X11R6/lib/modules/*
 
 cp /sbin/reboot /sbin/oreboot
 files=xserv xfont xshare xetc xbase game comp man base
 for i in $files
  do
echo $i
tar -C / -xzphf $i*
rm -f $i*
sync
done
 /usr/sbin/pwd_mkdb /etc/master.passwd
 cp /dev/null /var/log/lastlog
 cp /dev/null /var/log/wtmp
 /sbin/oreboot
 
 
 However, it just occurred to me that I was in a tmux shell as
 root--so it was *not* ksh!  I'll bet it was tmux that was croaking!
 I've gotten in the habit of using tmux since it's been in base so if
 my internet connection drops the script doesn't stop, leaving the
 whole system in an inconsistent state--which I had happen about
 halfway through extracting base one time.
 
 Hmm--should (and can) tmux be switched to a static binary in base?
 It's great to have that safety net if either side of my sometimes
 crappy internet goes away.
 
 Thanks, as always, Nick!
 
 Jeff

Re: Upgrading by installing post time_t snapshot

[Paul de Weerd]

On Wed, Oct 09, 2013 at 03:56:49PM -0600, Jeff Ross wrote:
| Speaking of failing internet...using my phone...
| 
| All of the programs at the end of my script are static binaries,
| either in /bin or /usr/sbin, so they should work, right?   Yet nothing
| ran, ls and cat both failed with the bad system call error. 

All of these programs have just been replaced with newer versions that
have a different idea of which system call does what compared to the
old situation (the one your running kernel knows about).  These
binaries being static or dynamic is irrelevant.  Only the old ones are
capable of still running, that's why you copy /sbin/reboot to
/sbin/oreboot.

Note that the oreboot trick isn't perfect: a proper shutdown will try
to nicely stop things (do you have stuff in /etc/rc.shutdown?) that
may fail too.

The only guarranteed way to not fuck this up is to shutdown the
system and boot an upgrade kernel (e.g. bsd.rd).

Paul 'WEiRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: Upgrading by installing post time_t snapshot

[Jeff Ross]

Ah, sure that makes perfect sense. 

I'll have to gather up someone to run the power button on the other servers 
that need upgrading.

Thanks!

Sent from my iPhone,
Reluctantly hunting and pecking on a virtual keyboard :-)

 On Oct 9, 2013, at 4:20 PM, Paul de Weerd we...@weirdnet.nl wrote:
 
 On Wed, Oct 09, 2013 at 03:56:49PM -0600, Jeff Ross wrote:
 | Speaking of failing internet...using my phone...
 | 
 | All of the programs at the end of my script are static binaries,
 | either in /bin or /usr/sbin, so they should work, right?   Yet nothing
 | ran, ls and cat both failed with the bad system call error. 
 
 All of these programs have just been replaced with newer versions that
 have a different idea of which system call does what compared to the
 old situation (the one your running kernel knows about).  These
 binaries being static or dynamic is irrelevant.  Only the old ones are
 capable of still running, that's why you copy /sbin/reboot to
 /sbin/oreboot.
 
 Note that the oreboot trick isn't perfect: a proper shutdown will try
 to nicely stop things (do you have stuff in /etc/rc.shutdown?) that
 may fail too.
 
 The only guarranteed way to not fuck this up is to shutdown the
 system and boot an upgrade kernel (e.g. bsd.rd).
 
 Paul 'WEiRD' de Weerd
 
 -- 
 [++-]+++.+++[---].+++[+
 +++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

growfs - thanks!

[Craig R. Skinner]

Thanks for growfs - phew

me@small-host$ sudo umount /var/growing-app

operator@larger-host$ ssh small-host dump -0anu -f - -h 0 /dev/rwd1f | dd 
of=small-host_var_growing-app.dump
operator@larger-host$ chflags nodump small-host_var_growing-app.dump
operator@larger-host$ restore -if small-host_var_growing-app.dump # just 
checking...

me@small-host$ disklabel -p G wd1
me@small-host$ sudo disklabel -E wd1 # increase the partition size with 'm f', 
then 'w', 'q'
me@small-host$ growfs -N /dev/rwd1f
me@small-host$ sudo growfs /dev/rwd1f
me@small-host$ sudo fsck /dev/wd1f
me@small-host$ sudo mount /var/growing-app
me@small-host$ df
me@small-host$ ls -lR /var/growing-app

operator@larger-host$ rm small-host_var_growing-app.dump

Happy,
-- 
Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7

Re: Upgrading by installing post time_t snapshot

[Nicholas Marriott]

No, if being static was enough you wouldn't need to copy
/sbin/reboot. Static binaries only help when library ABIs change, not
the kernel syscall ABI.

The kernel ABI has changed. By unpacking base*.tgz you have replaced the
binaries in /sbin with copies that expect a new kernel, but you are
still running the old kernel. In principle you can't safely run anything
you have unpacked from the new base*.tgz because they expect a newer
kernel than you are running. That's why you need to save a copy of the
old /sbin/reboot that matches the running kernel - the new /sbin/reboot
won't work.

Things that are already in memory should mostly be fine because they
were started (that is, the running binary was loaded from disk) before
you replaced the files. They won't always work though, for example if
you try to create a new tmux window it will try to run /bin/ksh which
has been replaced and won't start.

After you have unpacked the new sets, you should not expect anything
except /sbin/oreboot to work. Why that actually doesn't work for you is
a mystery.



On Wed, Oct 09, 2013 at 03:56:49PM -0600, Jeff Ross wrote:
 Speaking of failing internet...using my phone...
 
 All of the programs at the end of my script are static binaries, either in 
 /bin or /usr/sbin, so they should work, right?   Yet nothing ran, ls and cat 
 both failed with the bad system call error. 
 
 I only have one version of my script.  It doesn't call tmux nor did I kill 
 the tmux server. 
 
 Interesting!  Thanks for replying. 
 
 Jeff
 Sent from my iPhone,
 Reluctantly hunting and pecking on a virtual keyboard :-)
 
  On Oct 9, 2013, at 3:19 PM, Nicholas Marriott nicholas.marri...@gmail.com 
  wrote:
  
  So long as tmux is running and attached it is already in memory and
  replacing the binary on disk should have no effect.
  
  Also ksh is still ksh even if it's inside tmux. tmux is not a
  shell. Once your script is going then whether you are running it inside
  tmux or not should make no difference. Assuming the script doesn't
  itself invoke tmux and you don't do anything to kill the tmux server.
  
  Your script is running rm, sync, pwd_mkdb and cp after replacing them so
  I guess they it is expected they will fail.
  
  No idea why oreboot is failing.
  
  Are you sure you aren't running an old version of the script by
  accident, or something like that?
  
  
  On Wed, Oct 09, 2013 at 02:47:52PM -0600, Jeff Ross wrote:
  On 10/9/13 1:29 PM, Nick Holland wrote:
  On 10/09/2013 02:43 PM, Jeff Ross wrote:
  I've got to upgrade some remote machines that I only have access
  via ssh.
  
  I've been using a script based on the Upgrade without install kernel
  for years.  I modified it slightly for this upgrade by adding
  
 /usr/sbin/pwd_mkdb /etc/master.passwd
  
  to /etc/rc.local so the password databases can be updated and I can log
  in after the first reboot.
  
  But how do I make the remote system reboot?  Attempting to use the
  /sbin/oreboot file I made in accordance to the Upgrade without install
  kernel method fails with a Bad system call (core dump) error, as does
  trying *any* command after base is extracted.
  
  I think you are doing something wrong here...
  /sbin/oreboot should be the old binary, which should -- and can!
  -- run on the old kernel.
  
  I just did this last night, so I know it can work. :)
  
  Are you using standard, supplied shells, such as ksh, sh, or csh?
  I could imagine that bash or something else would get really
  really unhappy there, but ksh et al. should be fully resident in
  RAM.
  
  or did you happen to try sudo oreboot?  that also would be
  expected to not work, not because of oreboot, but because of sudo.
  
  Do an ls -l /sbin/*reboot, I think your /sbin/oreboot isn't what
  you are thinking it is.
  
  Nick.
  Hi Nick!
  
  Just the person I was hoping to hear chime in!
  
  Standard ksh shell, as root, although I got there via sudo.
  
  I for sure thought it was odd, but actually on 4 separate systems
  I've had reboot fail.  The first was my little netbook in my lap,
  but that was not problem because I could physically access the
  keyboard.  The next was half of another pair of CARPed firewalls--I
  have yet to get someone in there to fix that--and then the CARPed
  pair at my work--yesterday for one and this morning for the other.
  
  Here is the output of ls -l /sbin/*reboot
  
  jross@samsara1:/home/jross $ ls -l /sbin/*reboot
  -r-xr-xr-x  1 root  wheel  189236 Oct  8 13:42 /sbin/oreboot
  -r-xr-xr-x  2 root  bin193332 Oct  1 11:46 /sbin/reboot
  
  The oreboot is the copy of the previous /sbin/reboot--and the size
  matches exactly the /sbin/reboot file on another system from about a
  month before the time_t change.
  
  Here's my update script from the first system I tried to upgrade at
  work.  In this case I tried running pwd_mkdb (since I'd checked that
  it was a static binary) before rebooting.
  
  Every command after the extracting base failed.
  
  

Re: Best OpenBSD cloud hosting?

[opendaddy]

On 9. oktober 2013 at 7:06 PM, Dorian H. doj...@gmail.com wrote:

I've got a few OpenBSD boxes running at TransIP, very satisfied 
about it. QEMU/KVM based, and they recently added a new feature, 'private
networks' between two or more VPS's.

It might not explicitly have the label 'cloud' attached to it, but
still very nice; and quite cheap as well.

TransIP's OpenBSD boxes do not have virtio. Have you tried running I/O 
intensive tasks on your servers to see how they compare to normal servers?

O.D.

Re: Help vote for OpenBSD

[opendaddy]

Keep them coming guys! Couple hundred more and OpenBSD will top the list:

https://digitalocean.uservoice.com/forums/136585-digital-ocean/filters/top

Would be great PR for OpenBSD too.

On 9. oktober 2013 at 9:45 PM, Stuart Henderson s...@spacehopper.org wrote:

 On 2013-10-09, openda...@hushmail.com openda...@hushmail.com wrote:

 Basically it's the only SSD cloud hosting provider 
 (https://www.youtube.com/watch?v=vHZLCahai4Q) in existance

 No it isn't.

Do share.

O.D.

No console output on 5.4-Current

[Bryan Chapman]

Just installed the Oct 3rd snapshot on my desktop.  During the boot
process it loses console output and just shows a blank screen.  The
screen doesn't go into power saving - just no output.  At first I though
the machine froze, but it continued running and I was able to SSH into
the machine.  Here is the DMESG.  Looks like some issues with DRM.  At a
bit of a loss on the next troubleshooting steps, any ideas?

-Bryan

OpenBSD 5.4-current (GENERIC.MP) #65: Thu Oct  3 18:48:14 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6424166400 (6126MB)
avail mem = 6245064704 (5955MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f400 (68 entries)
bios0: vendor American Megatrends Inc. version 1005 date 08/24/2010
bios0: ASUSTeK Computer INC. M4A87TD EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4)
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) P0PC(S4) UHC1(S4)
UHC2(S4) USB3(S4) UHC4(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X4 925 Processor, 2809.76 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully
associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully
associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X4 925 Processor, 2809.44 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully
associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully
associative
cpu1: AMD erratum 721 detected and fixed
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X4 925 Processor, 2809.44 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully
associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully
associative
cpu2: AMD erratum 721 detected and fixed
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X4 925 Processor, 2809.44 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache, 6MB 64b/line 48-way L3 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully
associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully
associative
cpu3: AMD erratum 721 detected and fixed
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (PCE2)
acpiprt2 at acpi0: bus -1 (PCE3)
acpiprt3 at acpi0: bus -1 (PCE4)
acpiprt4 at acpi0: bus -1 (PCE5)
acpiprt5 at acpi0: bus -1 (PCE6)
acpiprt6 at acpi0: bus -1 (PCE7)
acpiprt7 at acpi0: bus 4 (PCE9)
acpiprt8 at acpi0: bus 3 (PCEA)
acpiprt9 at acpi0: bus -1 (PCEB)
acpiprt10 at acpi0: bus -1 (PCEC)
acpiprt11 at acpi0: bus 2 (P0PC)
acpiprt12 at acpi0: bus 1 (PE20)
acpiprt13 at acpi0: bus -1 (PE21)
acpiprt14 at acpi0: bus -1 (PE22)
acpiprt15 at acpi0: bus -1 (PE23)
acpiec0 at acpi0
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpicpu2 at acpi0: PSS
acpicpu3 at acpi0: PSS
aibs0 at acpi0: GGRP GITM SITM
acpibtn0 at acpi0: PWRB
cpu0: 2809 MHz: speeds: 2800 2100 1600 800 MHz
pci0 at mainbus0 bus 0
0:0:0: mem address conflict 0xe000/0x2000
pchb0 at pci0 dev 0 function 0 ATI RX780 Host rev 0x00
ppb0 at 

why icmp timestamping is enabled by default ?

[Илья Шипицин]

Hello!

it turned out that OpenBSD allows icmp timestamping by default:

net.inet.icmp.tstamprepl=1

what was that done for ?

Cheers,
Ilya Shipitsin

Re: why icmp timestamping is enabled by default ?

[Ted Unangst]

On Thu, Oct 10, 2013 at 09:21, Илья Шипицин wrote:

 it turned out that OpenBSD allows icmp timestamping by default:
 
 net.inet.icmp.tstamprepl=1
 
 what was that done for ?

well, why not?

if you have some program vulnerable to a the attacker knows the time
attack, i don't think turning off icmp timestamps will save you. the
attacker could reasonably guess that your system time is going to be
close to his system time. unless you are going to deliberately set the
clock wrong on all your systems. fixing the vulnerability seems like a
better idea.

Re: why icmp timestamping is enabled by default ?

[Theo de Raadt]

  it turned out that OpenBSD allows icmp timestamping by default:
  
  net.inet.icmp.tstamprepl=1
  
  what was that done for ?
 
 well, why not?
 
 if you have some program vulnerable to a the attacker knows the time
 attack, i don't think turning off icmp timestamps will save you. the
 attacker could reasonably guess that your system time is going to be
 close to his system time. unless you are going to deliberately set the
 clock wrong on all your systems. fixing the vulnerability seems like a
 better idea.

there is also this thing called ntp that is becoming rather common.
if you're not doing time distribution to your systems, ah, i see the
problem.

Re: GNOME on OpenBSD 5.3 amd64

[obsd, cgi]

Hi!

External tutorial for 4.8 vs. official documentation for 5.3.
This leads to the nonsense you've done to your 5.3 system below.

--

I went to openbsd.org, typed GNOME in the search form:
- the first hit was a PDF from 2007
- all the remaining were regarding packages

What now? Can you please point out where is the official GNOME install
documentation for 5.3? or no one uses GNOME with 5.3 on the misc list?

ps.: I found that other people have problems with GNOME on 5.3, maybe it's
a bug? (
http://community.spiceworks.com/topic/349701-gnome-on-openbsd-5-3-amd64 )

Thanks

UPDATE: oh, ok I just read the bottom part: don't use virtualbox. - so
the bug comes out when using virtualbox?, ok, Thanks! I will try it with
other VM's or directly!


2013/10/9 Jérémie Courrèges-Anglas j...@wxcvbn.org

 obsd, cgi obsd...@postafiok.hu writes:

  I tried to install GNOME on OpenBSD 5.3 amd64 for Desktop use (on
  VirtualBox), see the howto below.
 
  But after the howto, reboot, startx with a normal user:
  https://i.imgur.com/MaT8lcW.png
 
  Xorg.0.log
  https://pastee.org/p8ppa
 
  # original:
 

http://www.gabsoftware.com/tips/tutorial-install-gnome-desktop-and-gnome-disp
lay-manager-on-openbsd-4-8/

 External tutorial for 4.8 vs. official documentation for 5.3.
 This leads to the nonsense you've done to your 5.3 system below.

  ---
 
  when installing:
  -g*
 
  ---
 
  echo 'export PKG_PATH=
 ftp://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/'
  ~/.profile; . ~/.profile
  pkg_add -i -vv gnome-session gdm
  # if there was Can't install foo message, try the pkg_add line again
 
  ---
 
  vi /etc/rc.local
 
  Append/modify the following lines in /etc/rc.local:
 
  if [ -x /usr/local/sbin/gdm ]; then
  echo -n ' gdm'; (sleep 5; /usr/local/sbin/gdm) 
  fi
 
  ---
 
  echo 'exec gnome-session'  /root/.xinitrc; chmod +x /root/.xinitrc
  exit
  echo 'exec gnome-session'  .xinitrc; chmod +x .xinitrc
 
  ---
 
  pkg_add -i -vv metacity
  pkg_add -i -vv gnome-panel
  pkg_add -i -vv nautilus
 
  ---
 
  vi /etc/rc.conf.local
 
  Append/modify the following lines :
 
  xdm_flags=NO
  gnome_enable=YES
  gdm_enable=YES
 
  ---
 
  pkg_add -i -vv gnome-terminal gnome-control-center gnome-menus
  gnome-settings-daemon gnome-themes-standard
  # for some reason, these aren't found: gnome-themes-extras gnome-utils
  gnome-applets2 gnome-system-monitor gnome-nettool
 
  ---
 
  So the question is anybody has a working howto for installing GNOME on
  OpenBSD?

 Just so that Antoine doesn't feel forced to send another mail about this
 recurring subject: pkg_add gnome, *read* the various readmes, don't use
 virtualbox.

 --
 jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: GNOME on OpenBSD 5.3 amd64

[Jérémie Courrèges-Anglas]

obsd, cgi obsd...@postafiok.hu writes:

 Hi!

 External tutorial for 4.8 vs. official documentation for 5.3.
 This leads to the nonsense you've done to your 5.3 system below.

 --

 I went to openbsd.org, typed GNOME in the search form:
 - the first hit was a PDF from 2007
 - all the remaining were regarding packages

Very few (if any) external software packages are documented on the
website.

 What now? Can you please point out where is the official GNOME install
 documentation for 5.3? or no one uses GNOME with 5.3 on the misc list?

pkg_add gnome, *read* the various readmes, ...
The OpenBSD-specific documentation is either printed on screen at
pkg_add time or installed at /usr/local/share/doc/pkg-readmes/$package
(you *need* to read. pkg_add doesn't spit out information for fun).

 ps.: I found that other people have problems with GNOME on 5.3, maybe it's
 a bug? (
 http://community.spiceworks.com/topic/349701-gnome-on-openbsd-5-3-amd64 )

I don't think this page is of any value, neither for the OpenBSD porters
nor for you...

 Thanks

 UPDATE: oh, ok I just read the bottom part: don't use virtualbox. - so
 the bug comes out when using virtualbox?, ok, Thanks! I will try it with
 other VM's or directly!

Getting an accelerated Xorg using virtualbox is afaik not possible.
If you want gnome-shell, don't use vb or a non-intel graphics card (on
5.3, that is).

[...]

-- 
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494