Re: Very slow NFS writes
On Mon, Apr 22, 2013 at 2:46 PM, Mattieu Baptiste mattie...@gmail.comwrote: Hi, I'm currently trying to access files from my OpenBSD -current/amd64 workstation on a NAS under FreeNAS (8.3.1). On my workstation, the filesystem is a read/write NFS mounted share. Its size is about 5.2TB. While reading seems normal : about 45MB/s, writing is a lot slower (fluctuates between 10MB/s and 20MB/s) before eventually stall (under 1MB/s). Note that at the start, my box is totally unresponsive. When the writes fall below 1MB/s, the box became responsive again. PF is disabled on my box and on both sides, I have em(4) interfaces (autoneg at 1000 baseT). With CIFS shares, the NAS can do a lot more throughput : above 50MB/s writes. I suspect problems with the OpenBSD NFS client since I saw problems like that in the archive. Moreover, the behavior of my box which became unresponsive when writing at 20MB/s seems strange. Any clues ? I'm sorry to not have more factual numbers... except the dmesg of my box. The NAS isn't accessible to me all the time. I can provide more details in the future. You can start on client side as well to provide some numbers. nfsstat -c systat (check more screens) vmstat netstat -m top ... OpenBSD 5.3-current (GENERIC.MP) #12: Mon Apr 15 15:18:44 CEST 2013 matt...@kronenbourg.brimbelle.org:/usr/src/sys/arch/amd64/compile/ GENERIC.MP real mem = 8571518976 (8174MB) avail mem = 8335634432 (7949MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf0710 (68 entries) bios0: vendor American Megatrends Inc. version 2003 date 12/14/2010 bios0: ASUSTeK Computer INC. P7P55D acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET DMAR ASPT OSFR acpi0: wakeup devices P0P4(S4) BR1E(S4) UAR1(S4) PS2K(S4) PS2M(S4) EUSB(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USBE(S4) USB4(S4) USB5(S4) USB6(S4) BR21(S4) BR22(S4) BR23(S4) P0P1(S4) P0P3(S4) P0P5(S4) P0P6(S4) USB8(S4) BR20(S4) BR24(S4) BR25(S4) BR26(S4) BR27(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz, 3374.33 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 160MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz, 3373.90 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 2, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz, 3373.90 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU 660 @ 3.33GHz, 3373.90 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 6 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 6 acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 7 (BR1E) acpiprt2 at acpi0: bus -1 (BR21) acpiprt3 at acpi0: bus -1 (BR22) acpiprt4 at acpi0: bus -1 (BR23) acpiprt5 at acpi0: bus 1 (P0P1) acpiprt6 at acpi0: bus -1 (P0P3) acpiprt7 at acpi0: bus -1 (P0P5) acpiprt8 at acpi0: bus -1 (P0P6) acpiprt9 at acpi0: bus 6 (BR20) acpiprt10 at acpi0: bus 5 (BR24) acpiprt11 at acpi0: bus 4 (BR25) acpiprt12 at acpi0: bus 3 (BR26) acpiprt13 at acpi0: bus 2 (BR27) acpiec0 at acpi0 acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 aibs0 at acpi0: GGRP GITM SITM acpibtn0 at acpi0: PWRB pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core Host rev 0x12 ppb0 at pci0 dev 1 function 0 Intel Core PCIE rev 0x12: msi pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon HD 4670 rev 0x00 radeondrm0 at vga1: apic 6 int 16 drm0 at radeondrm0 wsdisplay0 at vga1 mux 1: console
Re: OBSD Router FW's and Centos TCP DUP ACK issues
After changing the following line on our edge Firewalls PC.conf the Centos server that was unusable is now usable. I've done another tcp dump and there are still lot's of TCP ACT DUP's but not as many as there were before, match on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing to... match in on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing I will have to do some reading so see exactly why the above rule is causing issue with Centos VM's but for now everything seems back to normal :) Keith On Tue, Apr 23, 2013 at 12:11 AM, Keith ke...@scott-land.net wrote: Hi, we recently switched our squid server from a OBSD server on VMware a Centos server on XEN but there appears to be an issue somewhere between the centos server and our OBSD Routers (DMZ) or our external OBSD firewalls. If I log into the Centos server and run either wget or curl to an exnternal http server I get a kind of random 1 in 3 chance or it working or taking upto 30 seconds to complete. I've run tcpdump on the Centos box and on the router and have imported the results into wireshare and they both show lots of TCP Dup ACK's as shown below. We don't have any issues with any of our other servers that are also on the same lan as this squid server so I think it's either a Centos, Centos/Xen, or a OBSD issue. does anyone have any ideas what might be going on here ? This dump was captured on our OBSD router. No. TimeSourceDestination Protocol Length Info 3917 2.79731010.0.0.X 20.0.0.X TCP 74 35247 http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=2936085 TSecr=0 WS=64 3922 2.79941110.0.0.X 20.0.0.X TCP 66 35247 http [ACK] Seq=1 Ack=1 Win=14656 Len=0 TSval=2936087 TSecr=0 3923 2.79954310.0.0.X 20.0.0.X HTTP 175GET / HTTP/1.0 3926 2.80133110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3927 2.80133310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3930 2.80242310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 3931 2.80242510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#4] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 4140 3.00258510.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 4142 3.00339110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4140#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936291 TSecr=0 4663 3.41063210.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 4665 3.41145110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4663#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936699 TSecr=0 5538 4.22661110.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 5541 4.22744510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2937515 TSecr=0 9846 5.84396110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939132 TSecr=0 9851 5.84481110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939133 TSecr=0 9861 5.85863310.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 9863 5.85943210.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 9861#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939147 TSecr=0 14821 9.12271810.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 14823 9.12352610.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2942411 TSecr=0 17858 11.859699 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2945148 TSecr=0 17863 11.860531 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2945148 TSecr=0 25393 15.650790 10.0.0.X 20.0.0.X HTTP 175[TCP Retransmission] GET / HTTP/1.0 25395 15.651626 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 25393#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2948939 TSecr=0 45327 23.890899 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK
Re: OBSD Router FW's and Centos TCP DUP ACK issues
On Tue, 23 Apr 2013, keith scott wrote: After changing the following line on our edge Firewalls PC.conf the Centos server that was unusable is now usable. I've done another tcp dump and there are still lot's of TCP ACT DUP's but not as many as there were before, match on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing to... match in on $ExtIf scrub (random-id min-ttl 64 set-tos lowdelay reassemble tcp max-mss 1472) label Scrubbing I will have to do some reading so see exactly why the above rule is causing issue with Centos VM's but for now everything seems back to normal :) My guess is that you previously did not have reassemble tcp enabled. Generally speaking, you will not want to enable reassemble tcp if you're talking to certain non-RFC1323 compliant hosts since the PAWS checks will potentially result in stalled TCP connections. On Tue, Apr 23, 2013 at 12:11 AM, Keith ke...@scott-land.net wrote: Hi, we recently switched our squid server from a OBSD server on VMware a Centos server on XEN but there appears to be an issue somewhere between the centos server and our OBSD Routers (DMZ) or our external OBSD firewalls. If I log into the Centos server and run either wget or curl to an exnternal http server I get a kind of random 1 in 3 chance or it working or taking upto 30 seconds to complete. I've run tcpdump on the Centos box and on the router and have imported the results into wireshare and they both show lots of TCP Dup ACK's as shown below. We don't have any issues with any of our other servers that are also on the same lan as this squid server so I think it's either a Centos, Centos/Xen, or a OBSD issue. does anyone have any ideas what might be going on here ? This dump was captured on our OBSD router. No. TimeSourceDestination Protocol Length Info 3917 2.79731010.0.0.X 20.0.0.X TCP 74 35247 http [SYN] Seq=0 Win=14600 Len=0 MSS=1460 SACK_PERM=1 TSval=2936085 TSecr=0 WS=64 3922 2.79941110.0.0.X 20.0.0.X TCP 66 35247 http [ACK] Seq=1 Ack=1 Win=14656 Len=0 TSval=2936087 TSecr=0 3923 2.79954310.0.0.X 20.0.0.X HTTP 175GET / HTTP/1.0 3926 2.80133110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3927 2.80133310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936089 TSecr=0 3930 2.80242310.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 3931 2.80242510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 3923#4] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936090 TSecr=0 4140 3.00258510.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 4142 3.00339110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4140#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936291 TSecr=0 4663 3.41063210.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 4665 3.41145110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 4663#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2936699 TSecr=0 5538 4.22661110.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 5541 4.22744510.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2937515 TSecr=0 9846 5.84396110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939132 TSecr=0 9851 5.84481110.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 5538#3] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939133 TSecr=0 9861 5.85863310.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 9863 5.85943210.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 9861#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2939147 TSecr=0 14821 9.12271810.0.0.X 20.0.0.X HTTP 175 [TCP Retransmission] GET / HTTP/1.0 14823 9.12352610.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#1] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2942411 TSecr=0 17858 11.859699 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#2] 35247 http [ACK] Seq=110 Ack=1 Win=14656 Len=0 TSval=2945148 TSecr=0 17863 11.860531 10.0.0.X 20.0.0.X TCP 66 [TCP Dup ACK 14821#3] 35247 http [ACK] Seq=110 Ack=1
default config of BSD : mod_perl and chroot
Hello, If I want to perform a httpS requests (with cookies) from mod_perl into chroot what would be the 'best' way ? use something like curl and copy it to the chroot ? use specific perl module ? Best regards :-) -- - () ascii ribbon campaign - against html e-mail /\
Re: default config of BSD : mod_perl and chroot
I've written an article about this but it's in Bulgarian and I hardly doubt you could understand it. Basically what I've done is this: 1. Copy the perl binary (and the libraries it uses) somewhere in the chroot jail (following the respective paths of course). 2. pkg_add mod_perl. It modifies your httpd.conf so it would load mod_perl. If you need to be able to run CGI scripts there's some additional stuff to be done, let me know if you need it too. Of course, this is the way I've done this, feel free to go another way. Best regards, Nikola Gyurov Best regards, Nikola Gyurov On Tue, Apr 23, 2013 at 2:32 PM, sven falempin sven.falem...@gmail.com wrote: Hello, If I want to perform a httpS requests (with cookies) from mod_perl into chroot what would be the 'best' way ? use something like curl and copy it to the chroot ? use specific perl module ? Best regards :-) -- - () ascii ribbon campaign - against html e-mail /\
setting ttl
Seems that pf can enforce a min-ttl but can it explicitly set the ttl on packets leaving an interface?
Re: faxing
On 2013-04-22, Richard Toohey richardtoo...@paradise.net.nz wrote: On 04/23/13 05:30, Peter Fraser wrote: [cut] The charity operates in a Windows environment. To the problem is: how does a person (probably a volunteer) on a Windows machine put a TIFF file into a directory on an OpenBSD, and in addition send the information as to where send the fax and get back a status on success or failure of sending a fax. [cut] Sounds like a job for Samba - at least the putting a TIFF file from Windows onto an OpenBSD directory. Or you could use something like fdm to process a mailbox, taking TIFF attachments and moving them to the spool directory.
Re: faxing
On 2013-04-22, Mikkel C. Simonsen m...@post5.tele.dk wrote: Peter Fraser wrote: I would like to know if anyone has done something similar or any good suggestions on what I should do to get faxing to work Connect the existing fax to a Linksys PAP2 (or whatever the current model is called), use the g711 codec, setup the PAP2 correctly, and faxing will work great. No need for a separate phone line anymore. Best regards, Mikkel C. Simonsen This depends on latency and jitter to your SIP provider. FAX is very sensitive to this.
Re: faxing
On Tue, Apr 23, 2013 at 11:06 AM, Stuart Henderson s...@spacehopper.orgwrote: On 2013-04-22, Richard Toohey richardtoo...@paradise.net.nz wrote: On 04/23/13 05:30, Peter Fraser wrote: [cut] The charity operates in a Windows environment. To the problem is: how does a person (probably a volunteer) on a Windows machine put a TIFF file into a directory on an OpenBSD, and in addition send the information as to where send the fax and get back a status on success or failure of sending a fax. [cut] Sounds like a job for Samba - at least the putting a TIFF file from Windows onto an OpenBSD directory. Or you could use something like fdm to process a mailbox, taking TIFF attachments and moving them to the spool directory. +1 Always listen to Stuart ! -- - () ascii ribbon campaign - against html e-mail /\
Re: Fax -- IAXModem and hylafax
On Monday, April 22, 2013 21:08 CEST, Peter Fraser p...@thinkage.ca wrote: I looked at IAX modem, and most I know about it is from http://iaxmodem.sourceforge.net/faq.php and as far as I can tell IAXmodem doesn't do T.38 which I believe is the correct solution. But I did get pointed to t38modem at SourceForge.net which is not in ports. Again I have not tried it, and it may do the job to work with hylafax+. I would like to know if any one had done this. Haven't done that, but as others already pointed out as an option, that I forgot about: at work we are using multiple ATA boxes (e.g. GrandStream HandyTone 286), which just work perfectly with the faxes behind them. cheers, Sebastian -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Sebastian Reitenbach Sent: Monday, April 22, 2013 1:51 PM To: misc@openbsd.org Subject: Re: faxing On Monday, April 22, 2013 19:30 CEST, Peter Fraser p...@thinkage.ca wrote: Several years ago I put an OpenBSD system in as a firewall and mail server at a small charity that I volunteer at (kwaccessablility.ca) that fixed nearly all the problems that they had with viruses, spam etc. Last year I talked them in to switching to VOIP (on the OpenBSD server using Asterisk). Their phone costs dropped from over $250 per month to less than $30 per month (I used the service from unlimitel.ca). The change is costs per month made up for the costs of the new telephone equipment within the year. Nearly all their communication that was done by fax is now done by email, except for one organization. That organization which is run by the city supplies transportation for physically handicapped. That organization is insisting on faxes. They will not take email. The charity currently has an analog fax just for the purpose of arranging transportation, and that line is costing over $60 per month. I looked at email to fax services, but I believe those queue the faxes up and send them as time is available. The charity and the transportation organization need immediate sending and receiving. They carry out a conversation with hand written notes (requiring the charity to type the responses would not be a problem). Asterisk has a fax service, so I thought I could use that. But the Asterisk fax sending service requires TIFF in a directory and receiving service puts a TIFF file in a directory. The charity operates in a Windows environment. To the problem is: how does a person (probably a volunteer) on a Windows machine put a TIFF file into a directory on an OpenBSD, and in addition send the information as to where send the fax and get back a status on success or failure of sending a fax. I don't think receiving the fax will be that much of a problem; it should be easy to take the fax out the directory and send it as an email to a group mailbox. What I don't have is a good to solution for is how the person sitting at the Windows machine is to send a fax. There are some commercial solutions for Linux, but I have no idea if they operate OpenBSD. The commercial solutions are generally of the format that an email gets sent and fax is extracted from the text of the message. I would like to know if anyone has done something similar or any good suggestions on what I should do to get faxing to work I haven't had a need for FAX yet, but maybe give hylafax together with iaxmodem a try. Both are in ports. Or maybe read up here: http://www.voip-info.org/wiki/view/Asterisk+fax cheers, Sebastian
Re: How many rounds to use for a pbkdf2 encrypted disk?
On 04/21/13 23:57, Ted Unangst wrote: On Sun, Apr 21, 2013 at 19:00, and...@msu.edu wrote: The example in vnconfig shows 20,000. I picked 30K. This is a 2.8G core2 duo machine, encrypting mail and other stuff. I haven't found sources on the net that have explained what low security is, up to total paranoia with regards # of rounds. Ideas? URLs for good places to read? As many as don't annoy you. 100k will be about half a second on a CPU. The problem is the bad guys aren't going to be using CPUs. A single computer with a few high end graphics cards can do somewhere in the neighborhood of 3 billion hashes in one second. 1000 rounds (the bare minimum for pbkdf2) turns that into 3 million/s. 100k turns it into 30k/s. The work factor and time required scale linearly for both you and the attacker, the attacker just has somewhere ranging from 15000 to many more times more computing resources at his disposal. It's hard to directly equate time you spend waiting with time it will cost some unknown attacker. Your best bet is a longer password. Nothing will save you if your password is a word from a dictionary, or some 3lit3 spelling thereof. An interesting read: http://www.tarsnap.com/scrypt/scrypt.pdf There is a table at the top of page 14 that compares hypothetical hardware cracking costs. If you suspect somebody with a million dollars, access to chip fabrication facilities, and a year to wait will be interested in reading your email, you should use at least 100k rounds and and a ten character random password. Thank you, Ted. Well said and confirmed some thoughts I'd had. Something like this ought to go into the FAQ, perhaps Thanks again! --STeve Andre'
