Re: opensmtpd / ldap unreliable
On Tue, 22 May 2018 18:13:23 -0700 "Paul B. Henson"wrote: > If the ldap server isn't available when opensmtpd is started, it says > it started: > > # /etc/rc.d/smtpd start Then apparently you should have done # /etc/rc.d/ldapd start or preferably # rcctl start ldapd first. Are you enabling them both at boot time? # rcctl enable ldapd # rcctl enable smtpd Are they being started in the wrong order at boot time? Otherwise, there may well be arguably a certain reliability or error reporting issue in the code for it, but there is a certain bottom line here in that if you configure ASDF to _require_ JKL for authentication, then you really do need to have JKL "available" if you expect ASDF to work the way you configured it. What you ask is a very general question: If A depends on B, and B is missing, how do expect A to behave? Anyways, smtpd is a daemon. It was forked off, and it was still running when it was checked immediately after you issued the command "/etc/rc.d/smtpd start". Its parent process had no doubt already terminated and control had reverted to the shell before the fatal error occurred. You would have to issue the command # rcctl check smtpd to check that smtpd is still running at some later time.
opensmtpd / ldap unreliable
So I recently converted my opensmtpd server to use ldap as the backend for user authentication. It seems it's a bit untolerant to ldap issues? If the ldap server isn't available when opensmtpd is started, it says it started: # /etc/rc.d/smtpd start smtpd(ok) But it isn't there: # ps -aux | grep smtpd root 89090 0.0 0.0 304 1208 p6 S+p5:52PM0:00.00 grep smtpd And it's not really obvious why: May 22 17:52:51 bart smtpd[46044]: info: OpenSMTPD 6.0.4 starting May 22 17:52:51 bart smtpd[23325]: warn: table-proc: pipe closed May 22 17:52:51 bart smtpd[23325]: lookup: table-proc: exiting May 22 17:52:51 bart smtpd[73239]: smtpd: process lka socket closed Starting in debug mode: # smtpd -d info: OpenSMTPD 6.0.4 starting users[43283]: debug: reading key "url" -> "ldap://localhost:3389; users[43283]: debug: reading key "basedn" -> users[43283]: debug: reading key "username" -> users[43283]: debug: reading key "password" -> users[43283]: debug: reading key "credentials_filter" -> "(&(objectClass=uidObject)(uid=%s))" users[43283]: debug: parsing attribute "credentials_attributes" (2) -> "uid,description" users[43283]: debug: done reading config users[43283]: warn: aldap_parse users[43283]: fatal: failed to connect warn: table-proc: pipe closed lookup: table-proc: exiting smtpd: process lka socket closed You can see it looks like it fails to connect to the ldap server at startup and just dies. Further, if the ldap server is up at startup, but ever restarts or has the connection broken, authentication just fails: May 21 13:22:10 bart smtpd[42132]: warn: user credentials lookup fail for users:henson The opensmtpd process needs to be restarted before authentication works again. In debug mode, it shows: users[7295]: debug: table_ldap: ldap_query: filter=(&(objectClass=uidObject)(uid=henson)), ret=0 5e46e2fabbf8d72e smtp event=authentication user=henson address=134.71.249.41 host=134.71.249.41 result=permfail Is it expected that the ldap support is currently not production ready? I see in a presentation from back in 2013 that ldap was classified experimental at the time, but it's not clear if that's still the case. I see in the repo at https://github.com/OpenSMTPD/OpenSMTPD-extras/blob/master/extras/tables/table-ldap/table_ldap.c there's a change to add ldap reconnection support: https://github.com/OpenSMTPD/OpenSMTPD-extras/commit/04e4c521b34d1987af915ff97dcb0d87daf122b0#diff-369c0fcbfbc85bf2cdad7dba1131b872 but it's dated 7/27/2017, and the last github release seems to be 201601072302 (although the openbsd port appears to be 201703132115, I guess it's not downloading it from github?). It looks like the code in head still fails to start if the ldap server isn't available when opensmtpd is started though. Is anybody using opensmtpd with ldap in production? If so, how are you working around this issue? Thanks...
Re: Intranet routing with dynamic IPs
Regardless of which routing protocol I use, I run into the same problem. I can't find a way to configure this on OpenBSD. Is this such an exotic set-up? On 2018-05-21 22:23, Raul Miller wrote: I would try OpenOSPFD for this situation, instead of OpenBGPD.
vlan without IP address not working (parent not in promisc mode)
Hi misc@, I'm trying to bridge a VLAN between two routers with a vxlan(4) interface. Setup: router 1 (6.3): physical interface (em) - vlan (with IP address) - bridge - vxlan The two routers are connected directly, the traffic is encrypted with IPSec and encapsulated in etherip(4), routed traffic is working perfectly. router 2 (6.3-current): vxlan - bridge - vlan (no IP address) - parent interface (sk0) - switch - devices With this configuration, the parent interface on router 2 (sk0) isn't in promiscous mode and no traffic can pass into the vlan interface on router 2 (the devices attached to the switch receive echo requests and answer, but the answer is not received on the vlan interface, only on the parent interface (sk0) in encapsulated form). Outgoing traffic can be seen on the vlan interface. If I assign an IP address to the vlan device on router 2, the parent interface (sk0) flags change from: sk0: flags=8843mtu 1500 to: sk0: flags=8b43 mtu 1500 and traffic can flow over the vlan interface, it keeps working even after deleting the IP address (sk0 stays in promisc. mode). Even when I delete the vlan interface after deleting the IP address and add the vlan interface again it keeps working until I reboot. running tcpdump on sk0 or adding it to a bridge with no other members also makes traffic flow and puts sk0 in promisc mode, but exiting tcpdump/destroying the bridge removes the PROMISC flag again. Easiest way to reproduce this is creating a vlan interface on top of a ethernet interface with and without an IP address for the vlan interface. (also tried it with an rl interface, got the same behaviour). disabling pf doesn't change anything. Am I doing something wrong/is this behaviour intended or indeed a bug? If you need any more information/want me to reproduce this with a simpler setup, I'll be happy to help. dmesg of router 2 is attached. Thanks for any help! Regards, Sigi Rudzio dmesg router 2: OpenBSD 6.3-current (GENERIC) #41: Sat May 19 22:35:35 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 989462528 (943MB) avail mem = 951570432 (907MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f400 (51 entries) bios0: vendor American Megatrends Inc. version "080014" date 09/12/2008 bios0: ECS GeForce7050M-M acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET NVHD SSDT acpi0: wakeup devices NSMB(S4) USB0(S4) USB2(S3) US15(S4) US12(S3) NMAC(S5) P0P1(S4) HDAC(S4) BR10(S4) BR11(S4) BR12(S4) BR13(S4) BR14(S4) BR15(S4) BR16(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor LE-1150, 1995.48 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,EAPICSP,AMCR8,3DNOWP cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 2500 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (BR10) acpiprt3 at acpi0: bus 3 (BR11) acpiprt4 at acpi0: bus 4 (BR12) acpiprt5 at acpi0: bus 5 (BR13) acpiprt6 at acpi0: bus 6 (BR14) acpiprt7 at acpi0: bus 7 (BR15) acpiprt8 at acpi0: bus 8 (BR16) acpicpu0 at acpi0: C1(@1 halt!), PSS acpitz0 at acpi0: critical temperature is 110 degC acpicmos0 at acpi0 "*pnp0c14" at acpi0 not configured acpibtn0 at acpi0: PWRB cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1000 MHz pci0 at mainbus0 bus 0 "NVIDIA MCP67 Memory" rev 0xa2 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA MCP67 ISA" rev 0xa2 nviic0 at pci0 dev 1 function 1 "NVIDIA MCP67 SMBus" rev 0xa2 iic0 at nviic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL6 iic1 at nviic0 ohci0 at pci0 dev 2 function 0 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 10, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1 ohci1 at pci0 dev 4 function 0 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 10, version 1.0, legacy support ehci1 at pci0 dev 4 function 1 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 10 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "NVIDIA EHCI root hub" rev 2.00/1.00 addr 1
Re: socket permissions inside /var/www chroot
On Tue, 22 May 2018 06:04:57 +0300 IL Kawrote: > I am definitely not an expert in this field, but here are some > thoughts: Exactly. There is always more than one way to skin a cat. I'm not looking for a perfectly spelled out "solution" I must follow to the letter. > So, you can create "_fastcgi" group, add www to this group, and > configure php-fpm > to create socket with this group (it must be main group of user used > by php-fpm). I was thinking more the other way around: creating a "_fastcgi" *user* and inviting that user into the "www" group. > See listen.group and listen.mode options. These are a little odd because OpenBSD's httpd apparently refuses to connect to the php fastcgi socket unless these are both set to "www" in /etc/php-fpm.conf > In PHP world maybe, but for Python/Django Postgres is default > database. Sure. There are plenty of good reasons to consider languages other than PHP for the web. > Again, you can add _postgres to some group, and give it permissions to > create socket in this folder. Very good observation. > > although the chrooted user must specify the username together with a > > dummy password (which is not used) to connect to the socket inside > > the chroot, apparently because there is no access to /etc/passwd > > or /etc/group inside the chroot. > > > /etc/passwd must be accessed by postgres (which is not chrooted, > right?) but not by client. > Client (php) just opens socket file, and postgres uses openbsd API to > get its user id. The client (inside the chroot) has its numeric userid, but cannot even look up its own username (in /etc/passwd) from inside the chroot to supply to PostgreSQL for the connection. That's why it must be specified manually from within the chroot.
Re: N7260 wifi card bug (hardware or driver?)
Well, this problem just magically went away, and all I did was complain about it here and run syspatch and fw_update regularly. Are there any chances that someone fixed it? Or should I attribute this problem and its solution to something else other than OpenBSD? I looked at the changelog from 6.3 to -current but didn't see anything that could justify this. bit shifter, is it also fixed on your machine? On Tue, May 01, 2018 at 01:45:53PM -0600, bit shifter wrote: > On Tue, May 1, 2018 at 6:16 AM, Daniel Camol??swrote: > > Does anyone in here happens to be running openbsd 6.3 in some machine > > which has a N7260 wifi card? I have problems with mine (thinkpad > > x240), and since it only happens on openbsd as far as I can tell, I > > was wondering if it is some kind of driver problem. I tested ubuntu > > 16.04, which uses version 17 of the intel firmware, and the problem > > doesn't happen. Openbsd is using version 16 of intel firmware. > > > > The problem is that whenever I am downloading or uploading any file > > bigger than a couple of megabytes, performance will degrade during the > > transmission and speed will drop to a halt, often timing out. Doing > > some research on the web, I was able to find users of other OS'es > > complaining about a similar problem with N7260, but the reports I > > found were a couple of years old, which made me think that it was > > possibly a bug in the intel firmware which they probably fixed since > > then. > > > > It does not seem to be related to my wifi router nor service provider, > > since the same happens with another router and provider. It also > > happens not only in http transfers, but also in ssh. > > > > I didn't try to run -current because I didn't saw any change in iwm. > > > > Thanks in advance for any help. Below is my dmesg output: > > > I have the same machine, same wifi card, and definitely similar > issues. I'm kind of relieved to know I'm not the only one. I've > tried multiple access points, forced 11g mode, 5GHz band, but the > issue persists. I get poor speeds and stalls -- some web pages never > finish loading. I've also tested with iperf on my LAN and have poor > results there as well. In a live Antergos Linux environment, I > achieve the full potential speed. > > This issue has been ongoing for me since I installed OpenBSD 6.1 on > this machine, and I'm now running a snapshot from April 22. Until > pretty recently, I've only used this machine casually, so aside from a > little frustration, it hasn't affected me much. I would love to be > able to get this resolved though. > > My dmesg is below. Please let me know what other information I can > provide or troubleshooting steps I can take. > > > dmesg: > > OpenBSD 6.3-current (GENERIC.MP) #10: Sun Apr 22 10:09:36 MDT 2018 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8447578112 (8056MB) > avail mem = 8184410112 (7805MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (60 entries) > bios0: vendor LENOVO version "GIET88WW (2.38 )" date 02/09/2017 > bios0: LENOVO 20AMS0HH00 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT > SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI POAT ASF! BATB FPDT UEFI DMAR > acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpihpet0 at acpi0: 14318179 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1796.09 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 1, core 0, package 0 > cpu2 at mainbus0: apid 2 (application
Re: ikev2 All incoming/outgoing traffic over IPsec?
Not sure I quite understand this setup. Why redirect over port 9222 on the client—can’t you just do “pass in … rdr-to 192.168.6.1 port ssh” on the server? That said, I do believe you’ll need NAT on the server, because it’s now masquerading its own 192.168.5.0/24 network as well as the 192.168.6.0/24 network of the client. // Johan > On May 21, 2018, at 05:11, Deniswrote: > > I can successful ping both sides of IPsec tunnel: > > server$ ping -I 192.168.5.1 192.168.6.1 > 64 bytes from 192.168.6.1 icpm_seq... > > client$ ping -I 192.158.6.1 192.168.5.1 > 64 bytes from 192.168.6.1 icpm_seq...\ > > tcpdump -en -i pflog0 > shows nothing about blocked traffic while connecting by "external machine" > > I tried to do external connection to server's public IP (a.b.c.d) and > redirect this connection by PF trough IPsec tunnel to client's IPsec IP: > 192.168.6.1. Then client's PF rules redirect connection from server's > IPsec IP: 192.168.5.1 to a client's 127.0.0.1 and must reply to external > machine from a.b.c.d > > My test conditions: > > external machine > #ssh -p 9922 to a.b.c.d > | > | > server's public IP is a.b.c.d > PF rule: > pass in quick on a.b.c.d inet proto tcp from any to (a.b.c.d) \ > port 9922 rdr-to 192.168.6.1 queue (ssh_bulk, ssh_login) > || > || > IPsec tunnel (working): > srv IP: 192.168.5.1 > clnt IP: 192.168.6.1 > || > || > client's PF rule: > pass in quick on enc0 inet proto tcp from any to any port 9922 rdr-to > lo0 port 22 modulate state > > Incoming packets from "external machine" with SSH client seems to be > redirected to client's 127.0.0.1 port 22, but client not replied to a > "externa machine". > > It seems I have to implement NAT rule for IPsec or what? > > Please advise. > > Denis > > > On 5/15/2018 5:12 AM, Johan Hattne wrote: >> I don’t know that outgoing traffic from lo is expected to go through the >> tunnel. If you’re doing these tests with ping, does e.g. >> >> server$ ping -I 192.168.6.1 192.168.5.1 >> >> yield the expected results? I’d expect ping responses, and tcpdump on the >> enc interfaces on both sides to show both the request and the response. >> >> // Johan >> >>> On May 14, 2018, at 07:34, Denis wrote: >>> >>> I have added to /etc/pf.conf: >>> >>> $ipsec_if = "axen0" >>> $ipsec_remote_lan = "192.168.5.0/24" >>> >>> pass out quick on $ipsec_if proto tcp from lo0 to $ipsec_remote_lan >>> >>> but outgoing traffic from client's lo0 is blocked anyway: >>> >>> rule 14/(match) block out on axen0: 127.0.0.1:port > 192.168.5.1:port: S 776927979:776927979(0) ack 896868769 win 16384 >> >>> Denis >>> >>> On 5/14/2018 2:17 PM, Denis wrote: Incoming connections to client's IP (192.168.6.1) is established and seems redirected to lo0:port, but outgoing connection from client's lo0 to a server's IP (192.168.5.1) is blocked according to # tcpdump -en -i pflog0 output: ... rule 14/(match) block out on axen0: 127.0.0.1:port > 192.168.5.1:port: S 776927979:776927979(0) ack 896868769 win 16384 >>> ... Do I need to add a NAT rule to have reply passed to server's source IP (192.168.5.1) or what? Thanks. Denis On 5/13/2018 7:12 PM, Johan Hattne wrote: > Nah, sorry, I misread your rules—on second look, I don’t see what’s gone > wrong. What about logging blocked packets > > block log (all, to pflog0) > > in pf.conf and dumping it > > # tcpdump -en -i pflog0 > > while doing what you expect should work? > > // Johan > >> On May 13, 2018, at 02:15, Denis wrote: >> >> Johan, >> >> Do I have to remove these two rules or modify them by removing ipencap? >> >> pass in quick on $ipsec_enc_if proto ipencap from any to ($ipsec_if) \ >> keep state (if-bound) >> pass out quick on $ipsec_enc_if proto ipencap from ($ipsec_if) to any \ >> keep state (if-bound) >> >> On 5/12/2018 10:11 AM, Johan Hattne wrote: >>> On May 11, 2018, at 06:21, Denis wrote: Hello, I have working ikev2 tunnel between two virtual aliased subnets. But no traffic over IPsec tunnel from $ext_if on server machine to $ext_if on client machine and vice-versa. Both machines are using in production and firewalled by PF. # cat /etc/hostname.em1 ### server $ext_if dhcp alias 192.168.5.1 255.255.255.0 | | IPsec
Re: sndio multiple interfaces
On Tue, May 22, 2018 at 07:56:31AM +0200, Alexandre Ratchov wrote: > On Sun, May 20, 2018 at 06:49:25PM -0400, Ken M wrote: > > Been looking around and can't find the answer to this question. If I missed > > it > > in some obvious place please excuse me. > > > > Anyway I am curious if sndio can support multiple simultaneous cards, either > > identical or different, particularly multiple standards compliant USB audio > > interfaces. Basically I am asking if it supports similar features to what > > one > > might use zita with jack on a linux system. > > This doesn't work with sndio. It's difficult to make work because each > audio interface would use its own clock source, and clocks would drift > sooner or later. Drift may be corrected, but this would cost > additional latency, complexity and (probably) quality problems. > > That's why certain devices have a "word clock", to allow audio devices > to by synchronized; OpenBSD doesn't support any of them, but > supporting them looks much easier than combining multiple devices. > > Nowadays many-channel devices are common, so supporting multiple cards > as one isn't that important, is it? OK, noted. The question was about a feature parity against a library in linux. Zita is a tool to help overcome the clock drift. Truth is in practice it is less than reliable so a single interface is better in practice. Thank you. Ken
Re: ping blocked for 12 minutes
On 2018-05-20, Patrick Dohmanwrote: > It appears there is an errata effecting Avoton and Rangeley products. > > AVR54: > > “System May Experience Inability to Boot or May Cease Operation Problem: > The SoC LPC_CLKOUT0 and/or LPC_CLKOUT1 signals (Low Pin Count bus clock > outputs) may stop functioning. > Implication: If the LPC clock(s) stop functioning the system will no longer > be able to boot. > Workaround: A platform level change has been identified and may be > implemented as a workaround for this erratum." That's unrelated to this issue - the hardware fault on c2xxx atom you're describing here results in the system not booting, not some very odd blocking of ping for 12 minutes overnight.
Re: Building OpenBSD and ports VS installing from packages
On 2018-05-21, Peter Hesslerwrote: > i386 and amd64 are different platforms, so of course you get different > packages. > > Within the same platform, all binaries that are built should run on all > possible members of that platform. > > So, code will be compiled WITHOUT AVX support, unless it can be detected > at runtime (e.g. mplayer/ffmpeg). I believe that firefox does not to > runtime detection, so firefox should not directly call AVX. Firefox isn't a great example, the rust code targets p4 with sse2. > On 2018 May 21 (Mon) at 18:37:43 -0300 (-0300), Elias M. Mariani wrote: >:Hi, >:I understand that about the builds and packages. >:I will re write my question in another form: >:If I build, say, firefox on a i386 machine I get a package, and >:another if I build firefox on amd64, they differ. >:If I build firefox on an amd64 machine WITHOUT AVX support I get a >:package, if now I build firefox in an amd64 machine WITH AVX support, >:do I still get the same package ? >:(firefox is a random pick) You may be able to build some things with different compiler flags to use different cpu-specific instructions (-march, -mtune). If you have some very specific computation-heavy software that needs to be high performance then *maybe* it's worth looking into this. But in the general case you're going to waste far more time than you save just in compiling, let alone if you have to spend any extra time debugging.
Re: 6.3 just died (not for the first time)
Hi Peter, please check the threads on the b...@openbsd.org mailing list. The patch posted by Martin Pieuchot seemst to help. Its running on my hosts for 5 days without any hiccup. Hope this helps Harri
Re: HPPA 720/60 and PS/2 Keyboard
On Mon, 21 May 2018, Otto Moerbeek wrote: > On Mon, May 21, 2018 at 12:29:13PM +0200, Markus Hennecke wrote: > > > I tried updating my HPPA box from 6.2 to 6.3, but when booting the release > > or -current bsd.rd kernel the keyboard repeats the last key pressed. The > > 6.2 release did not show this behaviour. Is there anyone out there running > > 6.3 or -current on hppa? > > > > Markus > > There was a diff from miod floating around to fix this: > > https://marc.info/?l=openbsd-tech=152536826316030=2 Thanks a lot. After installing via serial console and building a kernel over night I can confirm the patch fixed the problem. Markus
Re: Viewport for man.openbsd.org -- readability on phones
On Tue, May 22, 2018 at 06:35:17AM +0300, li...@wrant.com wrote: > For younger UNIX users, the real reason is technical limits of hardware then. > > https://en.wikipedia.org/wiki/Punched_card#IBM_80-column_punched_card_format_and_character_codes > https://en.wikipedia.org/wiki/Characters_per_line#History > > People tend to forget quickly historic evolution is the only reason there is. The actual "readability limit" is around 60 signs for variable-width fonts, that's what you use in typography, conventionally, to decide whether you want two columns text or one column. Longer than that, it becomes for your eyes to reset to the correct start of line. I suspect that somewhat larger text on screen with fixed width fonts has a somewhat bigger threshold, nobody knows exactly which, the cursor probably helps a bit. 80 looks like a good compromise.