Re: amavisd uses high cpu usage?

2014-08-23 Thread Stuart Henderson
On 2014/08/23 09:02, Indunil Jayasooriya wrote:
 
 
 Hi Stuart,
 
 
 
 amavisd-new runs fine for me on OpenBSD without particularly high
 CPU use.
 
 
    I am very glad to hear that it is running fine on my favourite
 Operating system OpenBSD.
 
  is  Amavisd-new running on OpenBSD 5.5 ?

I've had it running on every version since about 5.2.
 
    I did a debug with the command  /usr/local/sbin/amavisd debug   
 (I set $log_level = 5 in /etc/amavisd.conf file)
 
 it says
 
 Segmentation fault 
 
 Then, I uncommented @bypass_spam_checks_maps  = (1);  in /etc/
 amavisd.conf file.
 
 Pls see below
 
 
 # @bypass_virus_checks_maps = (1);  # controls running of anti-virus
 code
  @bypass_spam_checks_maps  = (1);  # controls running of anti-spam code
 # $bypass_decode_parts = 1; # controls running of decoders
 dearchivers
 
 
 Then. restarted amavisd (  /etc/rc.d/amavisd restart ) . Then, It
 started working..




 I did a debug with the command  /usr/local/sbin/amavisd debug   again
 
 then, it gave this.
 
 The amavisd daemon is already running, PID: [4909]

amavisd debug runs a standalone copy, displaying log entries on screen
rather than to a file. You should run it when amavisd is not already running.

 I think may be something is wrong with perl modules.

Could be. How did you install things? Is this a fresh 5.5 install or an
upgrade from an earlier version? Did you upgrade all packages?



Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

2014-08-23 Thread Stuart Henderson
On 2014-08-22, Julien Meister julien.meist...@gmail.com wrote:
 Thank you very much.

 So there is really really no way for the system to retrieve the key stored
 on the smart card (using GnuPG) at boot in order to decrypt
 the volumes?

Correct, you can't run application programs like GnuPG before the
system has booted.



Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)

2014-08-23 Thread Stuart Henderson
On 2014-08-22, Maurice McCarthy m...@mythic-beasts.com wrote:
 Hi,

 /boot is found by block number and offset of its inode so I think the root 
 partition should be copied using dd. 

It may be easier to installboot(8) after copying.



Re: New queueing system and HZ value limits

2014-08-23 Thread Stuart Henderson
On 2014-08-22, Henning Brauer hb-open...@ml.bsws.de wrote:
 * Stuart Henderson s...@spacehopper.org [2014-08-22 13:51]:
 On 2014-08-22, Henning Brauer hb-open...@ml.bsws.de wrote:
  * Federico Giannici giann...@neomedia.it [2014-08-22 09:51]:
  On 08/22/14 08:22, Henning Brauer wrote:
  * Adam Thompson athom...@athompso.net [2014-08-21 19:13]:
  Unless I've mis-understood all the emails and reports about this, it 
  affects low-bandwidth queues, not low-bandwidth interfaces.
  In other words, limiting traffic to 50Mbps on a 1Gb link will work 
  fine, limiting it to 50kbps on the same link will not.
  Yes/no?
  pretty much.
  I can imagine that it could be rather complicated to give the exact 
  numbers,
  but can you give me an idea where the problem comes from, and maybe where 
  I
  can find more info about it?
  kinda obvious: BW measurement and go/holdoff decision is (at most) once per
  tick. ticks @ HZ, aka 100 ticks per second with HZ=100. If the NIC can
  transfer too much data within one tick, the bw shaping becomes
  inaccurate. Obviously worse the bigger the difference between
  interface speed and desired queue speed is.
 Any idea why this was so much less of a problem with altq?

 it wasn't... the hfsc core was the same, and cbq worked exactly the same
 way too.

 People might not have paid as much attention? I dunno.

If anything I'd expect altq to be less accurate as IIRC it used
getmicrouptime rather than microuptime But somehow, my setup with
512K-1Mb queues (pppoe with pppoedev on em0, 100Mb link on a 1Gb nic)
worked ok with altq with default HZ.



Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)

2014-08-23 Thread Alan McKay
On Sat, Aug 23, 2014 at 6:21 AM, Stuart Henderson s...@spacehopper.org wrote:
 It may be easier to installboot(8) after copying.

Yeah I used installboot


-- 
Don't eat anything you've ever seen advertised on TV
 - Michael Pollan, author of In Defense of Food



Re: iked troubles, SA not installed

2014-08-23 Thread Stuart Henderson
On 2014-08-21, Vincent Gross dermi...@kilob.yt wrote:
 here is the routing table on the gateway once S[AP] are installed:

 Encap:
 Source Port  DestinationPort  Proto 
 SA(Address/Proto/Type/Direction)
 192.168.55.220/32  0 192.168.56.1/320 0 
 37.160.166.168/esp/use/in
 192.168.56.1/320 192.168.55.220/32  0 0 
 37.160.166.168/esp/require/out
 default0 default0 0 none/esp/deny/out

 Yet, tcpdump on gateway's enc0 shows this:

 tcpdump: listening on enc0, link-type ENC
 tcpdump: WARNING: compensating for unaligned libpcap packets
 11:29:00.455369 (authentic,confidential): SPI 0xa5ba5ce9: 79.143.250.153.22 
 37.160.166.168.16215: P 1027357934:1027357978(44) ack 3953089614 win 2112 (DF)
 [tos 0x10] (encap)
 11:29:00.456355 (authentic,confidential): SPI 0xa5ba5ce9: 79.143.250.153.22 
 37.160.166.168.16215: P 44:88(44) ack 1 win 2112 (DF) [tos 0x10] (encap)

I've reported problems like this before, where traffic is handled by IPsec
that shouldn't be - and mostly (or possibly always) connected with IPsec
flows that restrict traffic by protocol.

 When I got this dump, I already had an SSH connection between laptop and
 gateway, and I tried to connect to gateway's 222/tcp using telnet.

 In my previous message, I put a tcpdump trace showing what happens when
 I try to establish a TCP connection: I had the TCP handshake completed
 over raw IP, the laptop sent its first data packet, but I had no
 response whatsoever, just a bunch of ESP packets.

 So This is what I conclude form all that stuff:
 1) IPSec parameters are negociated between ikeds
 2) gateway installs SPs and SAs
 3) TCP handshake goes on raw IP, no problem
 4) gateway routes all established TCP flows through IPSec, including those
 already established and not matched by the installed SPs ...

 I ran a test over UDP using inetd echo on gateway, and nc -u on the
 laptop. After the gateway installed the SAs and SPs, I had no problem
 having the data I sent form the laptop to the gateway echoed back, so
 whatever is going on during the routing phase, it leaves UDP traffic
 alone.

I have seen it with UDP as well, at least DNS and NTP traffic.

 I will update both systems tonight with the latest snapshot, and seen if
 the problem persists.

It has persisted for at least several years :(



Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

2014-08-23 Thread Alexander Hall
On August 23, 2014 4:33:55 AM CEST, Артур Истомин art.is...@yandex.ru wrote:
On Fri, Aug 22, 2014 at 04:03:59PM -0700, Zach Leslie wrote:
  However, I don't know how it is seen by the system and if it would
  show up as a drive. Anyone in here is using a smart card to decrypt
  volumes at boot?
 
 You could use a YubiKey with a static long password to unlock the
boot
 volume.

[offtop]

Are there any YubiKey-like devices that can contain many static
password, not one like YubiKey?

Not sure it helps, but mine contains two...

/Alexander



The rant about browsers

2014-08-23 Thread Gregory Edigarov

Hello Everybody.

Before anything I want to say big thanks to the developers of OpenBSD, 
for maintaining it. After some ~10 years of being the loyal OpenBSD 
user, I never had any problem with OpenBSD itself, besides may be 2 or 
three times.
It is impressive. Every other system I use gives problems from time to 
time, so I am thanking you, guys, every time I type a command.


Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
times, I do not see any browser that is working flawlessly under our 
loved system.

Everything is happened on the same set of sites I use routinely everyday.

I tried:
Firefox - bad, bad, bad. It fails 1000 times a day.

Chromium - it is better, in terms. Yes, it will not fail on the plain 
place (it is a Russian idiom, which means 'from nothing' or 'from no 
reason one can observe'), but left for some time it starts to be so 
slow... was forced  to stay away from it too. but after all it is the 
only browser under OpenBSD that have a working lastpass plugin. (and I 
need lastpass, if I want to share my passwords between home and job 
computers)


Seamonkey - potentially good project. but suffers from the same problems 
like firefox. although it is fails much much less, the frequency is 
still unacceptable for me.


I also used xombrero and it was good, but again, from somewhere between 
5.2 - 5.3 times it has started to fail with an unacceptable frequency.


I know, I should write to upstream mailing lists of the projects I've 
mentioned above, but before that, I want to know if somebody else is 
suffering such problems and I am still sure maintatiners of the 
corresponding ports will do it better than me if they find it is a problem.


--
With best regards,
   Gregory Edigarov

dmesg follows:
OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb170 (91 entries)
bios0: vendor American Megatrends Inc. version 0701 date 07/04/2012
bios0: ASUSTeK COMPUTER INC. P8H61-M2 USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) USBE(S4) 
PEX0(S4) PEX1(S4) PEX3(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) P0P2(S4) 
P0P3(S4) P0P4(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PEX0)
acpiprt2 at acpi0: bus 3 (PEX1)
acpiprt3 at acpi0: bus 5 (PEX3)
acpiprt4 at acpi0: bus 6 (PEX5)
acpiprt5 at acpi0: bus -1 (PEX6)
acpiprt6 at acpi0: bus -1 (PEX7)
acpiprt7 at acpi0: bus 1 (P0P1)
acpiprt8 at acpi0: bus -1 (P0P2)
acpiprt9 at acpi0: bus -1 (P0P3)
acpiprt10 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 2000, 
1900, 1800, 1700, 1600 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09
ppb0 at pci0 dev 1 function 0 Intel Core 2G PCIE rev 0x09: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel HD Graphics 2000 rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 0 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 

[patch] www/faq/faq6.html: add otus(4), rsu(4), urtwn(4) to wireless networking list

2014-08-23 Thread Carlin Bingham

Just noticed that these drivers are not listed



Index: faq6.html
===
RCS file: /cvs/www/faq/faq6.html,v
retrieving revision 1.318
diff -u -r1.318 faq6.html
--- faq6.html7 Aug 2014 01:51:34 -1.318
+++ faq6.html23 Aug 2014 14:20:42 -
@@ -2053,6 +2053,8 @@
 Intel WiFi Link 4965/5100/5300 802.11a/b/g/Draft-N wireless.
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=maloamp;sektion=4;malo(4)/a

 Marvell Libertas 802.11b/g
+lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=otusamp;sektion=4;otus(4)/a

+Atheros USB 802.11a/g/n
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=pgtamp;sektion=4;pgt(4)/a

 Conexant/Intersil Prism GT Full-MAC 802.11a/b/g
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=ralamp;sektion=4;ral(4)/a

@@ -2060,6 +2062,8 @@
 Ralink Technology RT25x0 802.11a/b/g. sup(AP)/sup
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=rayamp;sektion=4;ray(4)/a

 Raytheon Raylink/WebGear Aviator 802.11FH
+lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=rsuamp;sektion=4;rsu(4)/a

+Realtek RTL8188SU/RTL8192SU USB 802.11b/g/n
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=rtwamp;sektion=4;rtw(4)/a

 Realtek 8180 802.11b. sup(AP)/sup
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=rumamp;sektion=4;rum(4)/a

@@ -2072,6 +2076,8 @@
 Conexant/Intersil PrismGT SoftMAC USB 802.11b/g
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=urtwamp;sektion=4;urtw(4)/a

 Realtek RTL8187L USB 802.11b/g
+lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=urtwnamp;sektion=4;urtwn(4)/a

+Realtek RTL8188CU/RTL8192CU USB 802.11b/g/n
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=wiamp;sektion=4;wi(4)/a

 Prism2/2.5/3. sup(AP)/sup
 lia 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=wpiamp;sektion=4;wpi(4)/a




Re: The rant about browsers

2014-08-23 Thread Nick Holland
On 08/23/14 10:30, Gregory Edigarov wrote:
 Hello Everybody.
 
 Before anything I want to say big thanks to the developers of OpenBSD, 
 for maintaining it. After some ~10 years of being the loyal OpenBSD 
 user, I never had any problem with OpenBSD itself, besides may be 2 or 
 three times.
 It is impressive. Every other system I use gives problems from time to 
 time, so I am thanking you, guys, every time I type a command.
 
 Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
 times, I do not see any browser that is working flawlessly under our 
 loved system.
 Everything is happened on the same set of sites I use routinely everyday.
 
 I tried:
 Firefox - bad, bad, bad. It fails 1000 times a day.

On your machine, firefox couldn't be restarted 1000 times a day.
(ok, not sure where my sense if irony is today...)
...

 dmesg follows:
 OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 1568260096 (1495MB)
 avail mem = 1517772800 (1447MB)
...
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz

ok, how do I put this nicely...
To run a modern browser, you need a modern computer.  1.5GB RAM and a
celeron processor doesn't cut it.
NOW, that doesn't cause CRASHES, but when you fix the crashes by
cranking up your login.conf specs, you will be so far into swap you will
wish your browser crashed.

Modern browsers leak memory like everyone has 16GB and a quad-core proc,
AND restarts their browser several times a day.  Look at those same
browsers on Windows (their target market), you see the same thing. The
difference is, OpenBSD kicks out programs that exceed predefined limits,
that's what you are most likely seeing.

But most likely, login.conf will fix your crash problem, as I use
firefox, Chromium and Thunderbird on my amd64 system (three-core, 4G
RAM), and usually get a week or two uptime between shutdowns (because of
hitting RAM limits).

Nick.



Re: The rant about browsers

2014-08-23 Thread Timo Myyrä

23.8.2014 17:31, Gregory Edigarov kirjoitti:

Hello Everybody.

Before anything I want to say big thanks to the developers of OpenBSD, 
for maintaining it. After some ~10 years of being the loyal OpenBSD 
user, I never had any problem with OpenBSD itself, besides may be 2 or 
three times.
It is impressive. Every other system I use gives problems from time to 
time, so I am thanking you, guys, every time I type a command.


Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
times, I do not see any browser that is working flawlessly under our 
loved system.

Everything is happened on the same set of sites I use routinely everyday.

I tried:
Firefox - bad, bad, bad. It fails 1000 times a day.

Chromium - it is better, in terms. Yes, it will not fail on the plain 
place (it is a Russian idiom, which means 'from nothing' or 'from no 
reason one can observe'), but left for some time it starts to be 
so slow... was forced  to stay away from it too. but after all it is 
the only browser under OpenBSD that have a working lastpass plugin. 
(and I need lastpass, if I want to share my passwords between home and 
job computers)


Seamonkey - potentially good project. but suffers from the same 
problems like firefox. although it is fails much much less, the 
frequency is still unacceptable for me.


I also used xombrero and it was good, but again, from somewhere 
between 5.2 - 5.3 times it has started to fail with an unacceptable 
frequency.


I know, I should write to upstream mailing lists of the projects I've 
mentioned above, but before that, I want to know if somebody else is 
suffering such problems and I am still sure maintatiners of the 
corresponding ports will do it better than me if they find it is a 
problem.


--
With best regards,
   Gregory Edigarov

dmesg follows:
OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb170 (91 entries)
bios0: vendor American Megatrends Inc. version 0701 date 07/04/2012
bios0: ASUSTeK COMPUTER INC. P8H61-M2 USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) USBE(S4) 
PEX0(S4) PEX1(S4) PEX3(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) 
P0P2(S4) P0P3(S4) P0P4(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PEX0)
acpiprt2 at acpi0: bus 3 (PEX1)
acpiprt3 at acpi0: bus 5 (PEX3)
acpiprt4 at acpi0: bus 6 (PEX5)
acpiprt5 at acpi0: bus -1 (PEX6)
acpiprt6 at acpi0: bus -1 (PEX7)
acpiprt7 at acpi0: bus 1 (P0P1)
acpiprt8 at acpi0: bus -1 (P0P2)
acpiprt9 at acpi0: bus -1 (P0P3)
acpiprt10 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 
2000, 1900, 1800, 1700, 1600 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09
ppb0 at pci0 dev 1 function 0 Intel Core 2G PCIE rev 0x09: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel HD Graphics 2000 rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 0 
int 23

usb0 at ehci0: USB 

Re: New queueing system and HZ value limits

2014-08-23 Thread Chris Cappuccio
Henning Brauer [hb-open...@ml.bsws.de] wrote:
  Any idea why this was so much less of a problem with altq?
 
 it wasn't... the hfsc core was the same, and cbq worked exactly the same
 way too.
 
 People might not have paid as much attention? I dunno.
 

Raising HZ was frowned upon when I ported altq because it sped up
_everything_ for the benefit of a potentially unused subsystem.

I bet there is a technique to be learned from tickless kernels here.



Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

2014-08-23 Thread Артур Истомин
On Sat, Aug 23, 2014 at 02:09:20PM +0200, Alexander Hall wrote:
 
 
 On August 23, 2014 4:33:55 AM CEST, Артур Истомин art.is...@yandex.ru 
 wrote:
 On Fri, Aug 22, 2014 at 04:03:59PM -0700, Zach Leslie wrote:
   However, I don't know how it is seen by the system and if it would
   show up as a drive. Anyone in here is using a smart card to decrypt
   volumes at boot?
  
  You could use a YubiKey with a static long password to unlock the
 boot
  volume.
 
 [offtop]
 
 Are there any YubiKey-like devices that can contain many static
 password, not one like YubiKey?
 
 Not sure it helps, but mine contains two...

It helps! I need one for login password and second for firefox's password
manager. Which model do you use?



Re: The rant about browsers

2014-08-23 Thread Amit Kulkarni
On Sat, Aug 23, 2014 at 11:16 AM, Nick Holland n...@holland-consulting.net
wrote:

 On 08/23/14 10:30, Gregory Edigarov wrote:
  Hello Everybody.
 
  Before anything I want to say big thanks to the developers of OpenBSD,
  for maintaining it. After some ~10 years of being the loyal OpenBSD
  user, I never had any problem with OpenBSD itself, besides may be 2 or
  three times.
  It is impressive. Every other system I use gives problems from time to
  time, so I am thanking you, guys, every time I type a command.
 
  Now onto the bitter part. For some reason, since, may be, AFAIR 5.2
  times, I do not see any browser that is working flawlessly under our
  loved system.
  Everything is happened on the same set of sites I use routinely everyday.
 
  I tried:
  Firefox - bad, bad, bad. It fails 1000 times a day.

 On your machine, firefox couldn't be restarted 1000 times a day.
 (ok, not sure where my sense if irony is today...)
 ...

  dmesg follows:
  OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
  real mem = 1568260096 (1495MB)
  avail mem = 1517772800 (1447MB)
 ...
  cpu0 at mainbus0: apid 0 (boot processor)
  cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz

 ok, how do I put this nicely...
 To run a modern browser, you need a modern computer.  1.5GB RAM and a
 celeron processor doesn't cut it.
 NOW, that doesn't cause CRASHES, but when you fix the crashes by
 cranking up your login.conf specs, you will be so far into swap you will
 wish your browser crashed.

 Modern browsers leak memory like everyone has 16GB and a quad-core proc,
 AND restarts their browser several times a day.  Look at those same
 browsers on Windows (their target market), you see the same thing. The
 difference is, OpenBSD kicks out programs that exceed predefined limits,
 that's what you are most likely seeing.

 But most likely, login.conf will fix your crash problem, as I use
 firefox, Chromium and Thunderbird on my amd64 system (three-core, 4G
 RAM), and usually get a week or two uptime between shutdowns (because of
 hitting RAM limits).

 Nick.


+1

That is your problem...memory You will definitely see better performance
with more memory. I use Pentium G2020 with 8GB of memory and the
performance is good for browsing/occasional video with daily restart. Tweak
the follwoing variables in /etc/login.conf

datasize-max === 3G
datasize-cur   === 2G



Re: The rant about browsers

2014-08-23 Thread Peter J. Philipp
On 08/23/14 19:59, Amit Kulkarni wrote:

 That is your problem...memory You will definitely see better performance
 with more memory. I use Pentium G2020 with 8GB of memory and the
 performance is good for browsing/occasional video with daily restart. Tweak
 the follwoing variables in /etc/login.conf
 
 datasize-max === 3G
 datasize-cur   === 2G
 

I'm going to say something but not sure if it would be seen as a
hijacking of the thread, if so, let me know and I'll take it to another
thread.

I use firefox too and I have never adjusted my datasize yet, never
needed too.  There is only a few websites that crash it and I don't
usually visit those.

However I have a different problem.  I use firefox over ssh to another
user on the same system.  I do this because I don't want a would-be
attacker to get to sensitive files such as my ssh keys.  Now this setup
runs pretty good, except at one point and perhaps someone can look into
this for me.  When I control-f for searching a website and enter 3
characters the browser crashes.  However it doesn't happen always and it
never happens when I run firefox as my own user.

Another drawback to my using another user to sandbox firefox is that I
cannot copy-paste from browser to another window, not sure if that is
related.

Anyhow for memory I'm set with 32 GB so that's not the problem in this
system.

Sincerely,

-peter



Re: The rant about browsers

2014-08-23 Thread Stefan Berger
On Sat, Aug 23, 2014 at 08:15:23PM +0200, Peter J. Philipp wrote:
 However I have a different problem.  I use firefox over ssh to another
 user on the same system.  I do this because I don't want a would-be
 attacker to get to sensitive files such as my ssh keys.  Now this setup
 runs pretty good, except at one point and perhaps someone can look into
 this for me.  When I control-f for searching a website and enter 3
 characters the browser crashes.  However it doesn't happen always and it
 never happens when I run firefox as my own user.

works for me.  

 Another drawback to my using another user to sandbox firefox is that I
 cannot copy-paste from browser to another window, not sure if that is
 related.

just select the text, and paste it with the third mouse button 
(usually the mouse wheel)

 Anyhow for memory I'm set with 32 GB so that's not the problem in this
 system.

32 GB RAM?  Not bad... 



berger s. 



Re: OpenBSD 5.5-STABLE: Full Disk Encryption (bioctl) and Smard Cards

2014-08-23 Thread Zach Leslie
  Are there any YubiKey-like devices that can contain many static
  password, not one like YubiKey?
 
  Not sure it helps, but mine contains two...

 It helps! I need one for login password and second for firefox's password
 manager. Which model do you use?

All yubikeys have the two slots, to my knowledge, which can be set either
static or otp.



Dell PE2900 instant-reboot with 5.5-RELEASE

2014-08-23 Thread Adam Thompson

Posting here before filing a bug in case this rings a bell...

Dell PowerEdge 2900, with PERC 5 integrated controller.  All BIOSes 
and firmware levels up to date as of ~6 months ago.  (Which should be 
pretty current, since this isn't a new system!)


Copying install55.fs to a USB stick and booting from it starts to boot, 
gets part-way through the boot process, then suddenly reboots.


This server does the exact same thing with Ubuntu 12.04.x, but otherwise 
works fine: FreeBSD (via FreeNAS), DragonflyBSD 3.8.2, Debian (via 
ProxmoxVE), CentOS 6.4 all boot and work just fine; it's been operating 
as a Proxmox server in production for the last 12 months without any 
issues, so I'm fairly confident it's not a hardware problem.


I don't even know where to start with this... ideas?  Right now, I'm 
re-writing the install FS so I can re-test, then I'll try an actual 
CD-ROM.  I can take video of the boot screen, not sure how to get serial 
console output that early in the process.


--
-Adam Thompson
 athom...@athompso.net



Re: Dell PE2900 instant-reboot with 5.5-RELEASE

2014-08-23 Thread Adam Thompson

On 14-08-23 05:49 PM, Adam Thompson wrote:
Copying install55.fs to a USB stick and booting from it starts to 
boot, gets part-way through the boot process, then suddenly reboots.


All amd64 images fail in exactly the same way.  The server logs a 
Machine Check Exception on CPU1 along with a bunch of Unknown OEM 
Sensor triggered events.  (It's a Dell - how can the OEM [i.e. Dell!] 
sensors be unknown???)


And now begins the torturous process of determining what changed - 
booting a 4.0 amd64 CD works just fine.


I was about to start a binary search to find the last version that 
worked correctly, but I see the main site and mirrors all go back as far 
as 5.3 and no further.


My google-fu is weak, apparently - where do I find (i.e. download) older 
releases that I can't find my CDs for?


--
-Adam Thompson
 athom...@athompso.net



Re: Dell PE2900 instant-reboot with 5.5-RELEASE

2014-08-23 Thread Nick Holland
On 08/23/14 18:49, Adam Thompson wrote:
 Posting here before filing a bug in case this rings a bell...
 
 Dell PowerEdge 2900, with PERC 5 integrated controller.  All BIOSes 
 and firmware levels up to date as of ~6 months ago.  (Which should be 
 pretty current, since this isn't a new system!)
 
 Copying install55.fs to a USB stick and booting from it starts to boot, 
 gets part-way through the boot process, then suddenly reboots.

This machine has a CDROM drive on it, and Dell has had some fantasticly
buggy USB support in the BIOS in the past.  Use the CDROM.  Or the ISO
file through the DRAC.  I know I've booted some OSs from USB drives on
2950s, but I don't recall if OpenBSD was one of them.

 This server does the exact same thing with Ubuntu 12.04.x, but otherwise 
 works fine: FreeBSD (via FreeNAS), DragonflyBSD 3.8.2, Debian (via 
 ProxmoxVE), CentOS 6.4 all boot and work just fine; it's been operating 
 as a Proxmox server in production for the last 12 months without any 
 issues, so I'm fairly confident it's not a hardware problem.
 
 I don't even know where to start with this... ideas?  Right now, I'm 
 re-writing the install FS so I can re-test, then I'll try an actual 
 CD-ROM.  I can take video of the boot screen, not sure how to get serial 
 console output that early in the process.

If your machine won't boot a CDROM image, I suspect your machine is
broke.  While I've never had a Dell PE2900 in my hands, the PE2950 is
supposedly a very similar machine...and I think it is very very safe to
say that OpenBSD works wonderfully on 2950s, and I'm pretty sure I've
loaded Ubuntu 12.04 on 'em, as well.

Nick.



Re: Dell PE2900 instant-reboot with 5.5-RELEASE

2014-08-23 Thread Stan Gammons

On 08/23/14 18:30, Adam Thompson wrote:

On 14-08-23 05:49 PM, Adam Thompson wrote:
Copying install55.fs to a USB stick and booting from it starts to 
boot, gets part-way through the boot process, then suddenly reboots.


All amd64 images fail in exactly the same way.  The server logs a 
Machine Check Exception on CPU1 along with a bunch of Unknown OEM 
Sensor triggered events.  (It's a Dell - how can the OEM [i.e. Dell!] 
sensors be unknown???)


And now begins the torturous process of determining what changed - 
booting a 4.0 amd64 CD works just fine.


I was about to start a binary search to find the last version that 
worked correctly, but I see the main site and mirrors all go back as 
far as 5.3 and no further.


My google-fu is weak, apparently - where do I find (i.e. download) 
older releases that I can't find my CDs for?





I would try a CD image to see if it reboots.  Use the DRAC, if 
available,  to log the output.


I have seen bad memory cause machine check exceptions.  Although it's 
odd that an older OpenBSD image boots.  Might want to run Dell diags to 
see if it turns up anything.  Or reseat all of the DIMMs to see if that 
helps.


The PE2900 is a bit old.  A little more modern hardware, if possible,  
might be a better option.  One of my favourite Dell machines is the 
R900, but it's pretty old too...



Stan



Re: The rant about browsers

2014-08-23 Thread Zeljko Jovanovic

On 23.08.2014. 18:16, Nick Holland wrote:


real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)

...

cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz


ok, how do I put this nicely...
To run a modern browser, you need a modern computer.  1.5GB RAM and a
celeron processor doesn't cut it.
NOW, that doesn't cause CRASHES, but when you fix the crashes by
cranking up your login.conf specs, you will be so far into swap you will
wish your browser crashed.


Well, nowadays one can get a very fast CPU and lot of RAM cheaply, but that does 
not mean all of this is necessary in order to just browse the web.


From time to time, I must use a 12-year old Pentium 4 Northwood, 1.8 GHz, 512 
kB cache with 512 MB RAM, it has Windows XP installed and is quite usable with 
modern web browsers.


Until recently, I also regularly used an Athlon64 Venice, 2.0 GHz, 1 MB cache 
and 1 GB RAM under Linux, and it was usable even with many tabs/sites open. The 
only problem was Adobe flash Linux plugin, which was for some reason slower than 
its Windows counterpart.


Current Pentiums and Celerons (such as this G530) are based on Core i 
architecture, have more than one core, and are much faster than the two 
mentioned processors. 1.5 GB RAM is also _a lot of memory_, regardless how easy 
is to get more today.


The point is: It should work just fine. Just raise the OS memory limits.



Re: amavisd uses high cpu usage?

2014-08-23 Thread Indunil Jayasooriya
 Hi Stuart,



   I think may be something is wrong with perl modules.

 Could be. How did you install things? Is this a fresh 5.5 install or an
 upgrade from an earlier version? Did you upgrade all packages?


Yeah, This is a fresh 5.5 64 bit.


I downloaded iso from this

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/amd64/install55.iso

and burnt it to CD and installed.

Then, I downloaded below stuffs and copied to a CD .

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/src.tar.gz

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/sys.tar.gz

http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/ports.tar.gz


Then I mounted the cd and copied them  to /usr directory and ran below
commands as explained here.

http://www.openbsd.org/anoncvs.html#starting


# *cd /usr/src*
# *tar xzf ../sys.tar.gz*
# *tar xzf ../src.tar.gz*
# *cd /usr*
# *tar xzf ports.tar.gz*


But, I still have NOT updated src and port tree.

Could you pls let me kow which command do I need?

I want to stay in Stable branch - it is patched branch isn't it?


Are below commands ok?

to update the src

# cd /usr/src

Now which is the right command for a patch branch?

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -Pd

or

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -rOPENBSD_5_5 -Pd


to update the port tree.

# cd /usr/ports

Again, which is the right command for a patch branch?


cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -Pd

or

cvs -d anon...@anoncvs.jp.openbsd.org:/cvs -q up -rOPENBSD_5_5 -Pd


Pls let me know. I will run and add a cronjob on daily  basis.

Anyway, I installed posfix amavisd-new with pkg_add -v command.

export PKG_PATH=http://ftp.jaist.ac.jp/pub/OpenBSD/5.5/packages/amd64/

then

pkg_add -v postfix

pkg_add -v amavisd-new


potput of  pkg_info

amavisd-new-2.8.1p0 interface between mailer MTA and content checkers
arc-5.21p   create  extract files from DOS .ARC files
autoconf-2.13p3 automatically configure source code on many Un*x
platforms
autoconf-2.65p0 automatically configure source code on many Un*x
platforms
autoconf-2.67p0 automatically configure source code on many Un*x
platforms
autoconf-2.68p0 automatically configure source code on many Un*x
platforms
autoconf-2.69p1 automatically configure source code on many Un*x
platforms
automake-1.10.3p7   GNU Standards-compliant Makefile generator
automake-1.11.6p1   GNU Standards-compliant Makefile generator
automake-1.12.6p0   GNU Standards-compliant Makefile generator
avahi-0.6.31p13 framework for Multicast DNS Service Discovery
bash-4.2.45p0   GNU Bourne Again Shell
bison-2.3p1 GNU parser generator
bzip2-1.0.6p0   block-sorting file compressor, unencumbered
cabextract-1.4  extracts files from Microsoft CAB archives
cairo-1.12.16   vector graphics library
clamav-0.98.1   virus scanner
cups-libs-1.7.1 CUPS libraries and headers
curl-7.34.0p0   get files from FTP, Gopher, HTTP or HTTPS servers
cyrus-sasl-2.1.26p10 RFC  SASL (Simple Authentication and Security
Layer)
db-4.6.21p0v0   Berkeley DB package, revision 4
dbus-1.8.0v0message bus system
docbook-4.5p1   technical documentation XML/SGML definitions
docbook-dsssl-1.79  modular DSSSL stylesheets for the DocBook DTD
docbook-xsl-1.68.1p5 docbook XSL modular stylesheet
e2fsprogs-1.42.7p0  utilities to manipulate ext2 filesystems
easy-rsa-2.2.0p0small RSA key management package
gd-2.0.35p1 library for dynamic creation of images
gdbm-1.10p0 GNU dbm
gettext-0.18.2p4GNU gettext
glib2-2.38.2p6  general-purpose utility library
gmake-4.0p0 GNU make
gnugetopt-1.1.4p2   GNU getopt(1) utility
gnupg-1.4.16GNU privacy guard - a free PGP replacement
gobject-introspection-1.38.0p1 GObject Introspection
gperf-3.0.4p0   perfect hash functions, to help write parsers
groff-1.22.2p4  GNU troff typesetter
help2man-1.41.1p0   generates simple manual pages from program output
icu4c-52.1  International Components for Unicode
iftop-1.0pre2p0 display bandwidth usage on an interface
intltool-0.50.2 internationalization tools
iso8879-1986p0  character entity sets from ISO 8879:1986 (SGML)
jdk-1.6.0.32p6  Java2(TM) SE Dev Kit v1.6.0.32
jnettop-0.13.0p1capture network traffic, display streams sorted by
bandwidth
jpeg-9p0IJG's JPEG compression utilities
lha-1.14i.ac20050924.1 archive files using LZW compression (.lzh files)
libdaemon-0.14p0lightweight C library that eases the writing of daemons
libelf-0.8.13p1 read, modify, create ELF files on any arch
libexecinfo-0.2p3v0 clone of backtrace facility found in the GNU libc
libffi-3.0.9p6  Foreign Function Interface
libgcrypt-1.6.1 crypto library based on code used in GnuPG
libghttp-1.0.9p2GNOME http client library
libgpg-error-1.12p0 error codes for GnuPG related software
libiconv-1.14p1 character set conversion library
libidn-1.28p0   internationalized string handling
libltdl-2.4.2p0 GNU libtool