Re: Gitweb with Httpd on openbsd server
> >> I am in trouble to set up gitweb with httpd. I am not aware with webersever. > > First thing to notice is that most web server (httpd(8) from base but > also a few of the ones you can get from ports) on OpenBSD runs by > default in the /var/www chroot. Problem arising, although it is about Gitweb, /var/www is chrooted by design. Two considerations to add in the thread: - as per suggestion of Omar not using chroot means indirectly trust Gitweb cgi - /var/www chrooted by design miss any chroot granular configuration at app level like it is with open_basedir for php (and phpfpm). However this design choise is a means to a secure environment..it is like that for pf, ubound and so forth.. I come also from many troubles caused by /var/www chrooted expecially configuring NextCloud because I was mounting on www, etc.. (by memory) I don't know..is there the option to make a port of Gitweb, eventually? -- Daniele Bonini
Re: disk integrity checking
On Wed, Feb 22, 2023 at 03:38:01PM +0100, Jan Stary wrote: > Some disks are supposed to replace a bad block with a spare, > as long as they have spare blocks. Running this, I hope to > trigger that before I see IO errors in production. Usually such re-allocation only happens on a _write_.
Re: disk integrity checking
On Feb 22 07:52:11, n...@holland-consulting.net wrote: > (this is a request for a "that's stupid", not a suggestion > of something people should do at this point) > > An idea that's been floating around in my head, inspired > by the ZFS "scrubbing" idea: rather than build that "check > your data" process into the file system, just do something > periodically like this: > > # dd if=/dev/rsd0c of=/dev/null bs=1m Yes; this line has been in my weekly.local for years now, for every disk that matters. > and repeat against all physical drives. The logic being, > all hard drives have some kind of error detection logic > in them, at least a checksum of some kind on all data blocks. > See if you can read every block on the disk. No errors, your > data might be intact. Errors, it probably isn't (or won't > be in the future). Crypto-grade integrity, probably not... > but probably quite sufficient for spotting most bad spots > on the disk. Exactly. This has been an early warning to me more than once. Any IO errors, throw the disk out. Some disks are supposed to replace a bad block with a spare, as long as they have spare blocks. Running this, I hope to trigger that before I see IO errors in production. > So...I tried it against disks with mounted file systems and > softraid partitions on them. > > It...seems to work. I did have one laptop with a softraid > encrypted drive that gave a nice, clear "Input/output error", > but I can't reproduce it (maybe it got locked out? Seems > odd on a read, but ... > > Is this sane? is it safe to attempt to read all the blocks > on an entire 'c' partition of a disk that's doing "other > things" at the same time, including a layers of softraid? Being run in weekly.local, which is 03:30 in the Sat morning, my machines are not doing much; but I have also run that on workstations while firefoxing as usual, no problems except the occassional slowdown. I keep a log of the times it takes for each disk, observing how they get slower over time, gradually replacing rotating plates with SSDs everywhere. (Strangely, it seems to matter in which of the "same" PCIe slots you put an NVME disk, for example.) Jan
disk integrity checking
(this is a request for a "that's stupid", not a suggestion of something people should do at this point) An idea that's been floating around in my head, inspired by the ZFS "scrubbing" idea: rather than build that "check your data" process into the file system, just do something periodically like this: # dd if=/dev/rsd0c of=/dev/null bs=1m and repeat against all physical drives. The logic being, all hard drives have some kind of error detection logic in them, at least a checksum of some kind on all data blocks. See if you can read every block on the disk. No errors, your data might be intact. Errors, it probably isn't (or won't be in the future). Crypto-grade integrity, probably not... but probably quite sufficient for spotting most bad spots on the disk. So...I tried it against disks with mounted file systems and softraid partitions on them. It...seems to work. I did have one laptop with a softraid encrypted drive that gave a nice, clear "Input/output error", but I can't reproduce it (maybe it got locked out? Seems odd on a read, but ... Is this sane? is it safe to attempt to read all the blocks on an entire 'c' partition of a disk that's doing "other things" at the same time, including a layers of softraid? Nick.
new support entry for vendors page
Hello everyone, I'm wondering if my company can be added to this page: https://www.openbsd.org/support.html I provide OpenBSD pre-installation on request, for hardware that I sell. I quite enjoy doing BSD installs. Huge fan, I use OpenBSD myself on a few of my machines. I often recommend it to people. The format as requested on that page, for the proposed entry: 0 C UK P Essex T Canvey Island Z SS8 9QA O Minifree Ltd I Leah Rowe A 19 Hilton Road M i...@minifree.org U https://minifree.org/ B no phone; email and irc only X no phone; email and irc only N Minifree has experience providing various OpenBSD configurations, specifically on serviced ThinkPads. On request, a laptop sold will come with OpenBSD, in a configuration of your choosing; the laptops also come with Libreboot, based on coreboot which replaces proprietary BIOS/UEFI firmware. Shipping worldwide. Thank you in advance for your consideration. PS: I'm also the founder of the Libreboot project, and I coordinate development on it. -- Leah Rowe, Company Director, Minifree Ltd Registered in England, registration No. 9361826 VAT Registration No. GB202190462 Minifree Ltd, 19 Hilton Road, Canvey Island Essex SS8 9QA, United Kingdom United Kingdom
Re: disk integrity checking
On Feb 22 07:52:11, n...@holland-consulting.net wrote: (this is a request for a "that's stupid", not a suggestion of something people should do at this point) An idea that's been floating around in my head, inspired by the ZFS "scrubbing" idea: rather than build that "check your data" process into the file system, just do something periodically like this: # dd if=/dev/rsd0c of=/dev/null bs=1m There is a lot of prior art on this concept. See https://www.nsc.liu.se/lcsc2007/presentations/LCSC_2007-kelemen.pdf for analysis of failure modes and frequencies. There is a background processing tool proposed too. See https://marc.info/?l=openbsd-ports=122889297621831=2 for a (probably terrible attempt at a) port. There was another thread titled "Ensuring data integrity" which I just noticed. It seems people adopt an assumption that a file system is the best way to store data. A slightly less conditioned view is to consider files, databases, and "objects" as possible solutions to a data storage problem or problems. "Just pick the best one." "Objects", aka AWS S3 to many people, is easily available on OpenBSD as minio and the replication options in that are many. Of course if you have 20GB of files accumulated in 20-years this newfangled database stuff won't fly. J
Re: disk integrity checking
On Wed, 22 Feb 2023 07:52:11 -0500, Nick Holland wrote: > So...I tried it against disks with mounted file systems and > softraid partitions on them. > > It...seems to work. I did have one laptop with a softraid > encrypted drive that gave a nice, clear "Input/output error", > but I can't reproduce it (maybe it got locked out? Seems > odd on a read, but ... Sounds like the read was successful on retry, which is certainly something that happens. However, there's no guarantee that what was eventually read is the _correct_ data. Without checksums you can't really tell. > Is this sane? is it safe to attempt to read all the blocks > on an entire 'c' partition of a disk that's doing "other > things" at the same time, including a layers of softraid? Just reading should be fine, it will simply slow down other operations. - todd
Compatible
Hi, Is OpenSSH compatible with an Azure VM, Windows Server OS 2016 ? Thanks
Re: new support entry for vendors page
Leah Rowe : > Thank you in advance for your consideration. > > PS: > > I'm also the founder of the Libreboot project, and I coordinate > development on it. Good luck and compliments for Libreboot. I think we should all call for *open hardware* activism and we can't miss to congrats to any tangible idea like yours, indeed. -- Daniele Bonini
Re: Compatible
Iwil C : > Is OpenSSH compatible with By guess: wrong place to wave the wrong flag.. -- Daniele Bonini
