Re: leaving linux - questions about capabilities
On 12/30/14 03:45, Jonathan Gray wrote: On Mon, Dec 29, 2014 at 08:57:15PM +, Fred wrote: I currently have three monitors connected to my laptop but if I try to enable X on the third one I'm getting the following error: port:fred ~ xrandr --output VGA1 --auto xrandr: cannot find crtc for output VGA1 ... vga1 at pci0 dev 2 function 0 Intel HD Graphics 3000 rev 0x09 Sandy bridge only has two output pipes, it isn't possible to use three outputs. Radeon hardware tends to support more outputs http://xorg.freedesktop.org/wiki/RadeonFeature/#index7h2 Ivy bridge supports three outputs with two of them sharing a clock assuming the sytem has two displayport outputs (and none do?). Haswell is a bit less restrictive still. Quoting https://01.org/linuxgraphics/documentation/3-pipes 3-pipes is a feature that allows users to have 3 Monitors plugged in. It is present at 3rd Generation Intel Core processors with Intel HD Graphics (codenamed IvyBridge) and 4th Generation Intel Core processors with Intel HD Graphics (codenamed Haswell). For other platforms only Dual outputs are supported. IvyBridge limitations In order to get 3 screen outputs at Ivybridge you shall use 2 Display Ports + any display with some limitations on modes supported. Haswell limitations Haswell 3-pipes is less restrictive than Ivybridge. You can have 3 screns with * 2 Display Ports + any display * 1 Display Port and 2 HDMI or DVI * 1 VGA and 2 HDMI or DVI and no restrictions on mode combination. Thanks for the info - I had thought it might be a limitation of X - as all three worked when used in pairs. Cheers Fred
Re: iked (IKEv2) setup help on the simplest testing setup
On 2014-12-28, Daniel Ouellet dan...@presscom.net wrote: When all is done it will be ospf over vether over gif tunnel Does vether give any benefit here? I think that you should just be able to route the addresses over the gif interface without the extra layer of indirection (and overhead from carrying ethernet headers). The classic use case for vether is where you are bridging an ethernet at one location to a router at another (without needing to connect to a physical network at the second location).
Re: leaving linux - questions about capabilities
On 12/29/14 08:17, Christopher Barry wrote: Greetings All, I've used OpenBSD in the past to build redundant routers and firewalls and it was fantastic, but it's been quite a few years since I've played with it. I've also never used it as my default workstation. Yet. I've always used Debian GNU/Linux on my workstations in the past, but with jessie/sid (and practically all other linux distros) the direction the linux userspace has taken is a serious turn for the worst IMO. I am simply philosophically at odds with systemd, and I would like to stop relying on linux altogether if possible. My problem is I have specific needs, and it's not clear if I can meet them running OpenBSD. I'm hoping I can, and someone can share their experiences with making a similar setup work. Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI dongle) using the OpenSource Radeon linux driver @1920x1200 on each monitor. I'm using enlightenment 17.6 as my window manager. I use and rely on blender http://www.blender.org a /lot/ with hardware accelerated OpenGL, and having three monitors is important for my graphics work. Is anyone running OpenBSD with three monitors? With blender, hw-accel OpenGL, and/or E1{7,8,9}? Your thoughts, knowledge, and possibly links to more info would be very greatly appreciated. Thank You. -- -C As this is a getting to know you thread. I use OpenBSD in a desktop role. snapshots on an Intel i5 with a radeon 6950, two screens(my card chokes on the third screen but I think that is hardware) I like the one dimensional desktop style setup, that is, spectrwm and lots of xterms. For what its worth spectrwm has the best multiscreen support I have seen I don't use blender every day, but I do find it handy from time to time (for me 3d printing stuff) The maintainer tends to keep it nicly up to date, which I appreciate as it looks like it is a bitch and a half to build. I update the snapshots every couple weeks when I want to try what ever new stuff comes out of the pipe(*cough*, and libc bumps, *cough*). One thing I would recommend is to look at login.conf(5) and set the memory limits to something gratuitous, many of the desktop applications like to use a lot of memory. And as far as overall experience, I think obsd is a little slower than linux(whatever that means) but the simplicity and correctness of the system(obsd was the first/only system where I feel I understand how the whole thing works) means I enjoy using it quite a bit more. So good luck, and I hope it works out for you as well as it did for me.
Re: 500 httpd error with owncloud
Reading the recent post on misc, Best way forward w.r.t. apache/nginx/httpd?, I don't think httpd is ready for owncloud, especially for someone with little experience running web servers. Anyway, thanks guys for your support. Clemens On 30.12.14 08:03, Jona Joachim wrote: [This message has also been posted to gmane.os.openbsd.misc.] On 2014-12-29, Clemens Gößnitzer e1126...@student.tuwien.ac.at wrote: Hey, Since your initial email you have not included any config files, i.e. httpd.conf, etc. Would you, perhaps, care to share them with us? My shew stone is being serviced. Of course. Here they are: # cat /etc/httpd.conf server default { listen on wpi0 port 80 directory { no index, index index.php } location *.php { fastcgi socket /run/php-fpm.sock } } types { include /usr/share/misc/mime.types } /etc/php-5.5.ini: everything default except the values mentioned in the pkg-readme of owncloud: allow_url_fopen = On memory_limit = 512M upload_max_filesize = 1024M # to accept large files upload post_max_size = 1030M# sync with above value all other php module config files unchanged, and active according to phpinfo(). # cat /var/www/owncloud/config/config.php ?php $CONFIG = array ( 'instanceid' = 'MY_ID', 'passwordsalt' = 'MY_PW-SALT', 'secret' = 'MY_SECRECT', 'trusted_domains' = array ( 0 = '192.168.178.49', ), 'datadirectory' = '/owncloud-data', 'overwrite.cli.url' = 'http://192.168.178.49/owncloud', 'dbtype' = 'sqlite3', 'version' = '7.0.4.2', 'dbname' = 'owncloud_db', 'dbhost' = '127.0.0.1', 'dbtableprefix' = 'oc_', 'dbuser' = 'oc_clemens', 'dbpassword' = 'MY_DB-PASSWORD', 'installed' = true, ); Was the sqlite database created? 'installed = true' means that it assumes that the database is functional and it will not be initialized. Also you will not need the hostname, user, db prefix, etc. with sqlite. Also make sure that you don't need any url rewrites. I'm using owncloud-6.0.4 and the documentation recommends url rewrites which are not mandatory for owncloud to work but perhaps this changed in the new version. Perhaps you should try with nginx and the recommended configuration and see if it works and then go back to httpd. Best regards, Jona
unbound problem in 5.6
Hello misc@! I have a router (peaking at 70Mbps of aggregated traffic) that acts as a recursive internal DNS server too (this configuration will die soon, as my traffic is growing), but Unbound keep saying, in /var/log/messages: Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too many open files Dec 30 09:57:08 myhost last message repeated 20284 times Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too many open files Dec 30 10:26:50 myhost last message repeated 24896 times Sometimes it says: Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer space available I have: kern.maxfiles=16384 kern.somaxconn=16384 And in login.conf: daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=4096:\ :openfiles-max=8192:\ :stacksize-cur=8M:\ :localcipher=blowfish,9:\ :tc=default: unbound:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=8192:\ :openfiles-max=16384:\ :stacksize-cur=32M:\ :localcipher=blowfish,9:\ :tc=default: With many resources just for Unbound, how can it keep complaining? Thandk you in advance, and happy new year! Raimundo Santos -- Here are some more info... # systat -B mbufs 1 usersLoad 0.16 0.12 0.09 Tue Dec 30 11:02:00 2014 IFACE LIVELOCKS SIZE ALIVE LWM HWM CWM System0 256 194 93 2048 184 442 lo0 em0 20489010 25690 xl0 re0 re1 enc0 pflog0 ...and the dmesg: OpenBSD 5.6 (GENERIC) #310: Fri Aug 8 00:14:24 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 8502595584 (8108MB) avail mem = 8267517952 (7884MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe84b0 (59 entries) bios0: vendor Intel Corp. version NBG4310H.86A.0051.2008.0804.1738 date 08/04/2008 bios0: Intel Corporation DP43TF acpi0 at bios0: rev 2couldn't map rsdt , can't load tables cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2394.30 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel G45 Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel G45 PCIE rev 0x03: irq 11 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Intel, unknown product 0x2e24 (class communications subclass miscellaneous, rev 0x03) at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH10 R BM V rev 0x00: irq 10, address 00:1c:c0:91:9f:c3 uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: irq 11 uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: irq 5 uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: irq 3 ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 28 function 0 Intel 82801JI PCIE rev 0x00: irq 7 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 3 Intel 82801JI PCIE rev 0x00: irq 4 pci3 at ppb2 bus 3 jmb0 at pci3 dev 0 function 0 JMicron JMB368 IDE rev 0x00 pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 4 for native-PCI interrupt pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: irq 11 uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: irq 4 uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: irq 3 ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: irq 11 ehci1: timed out waiting for BIOS usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90 pci4 at ppb3 bus 4 xl0 at pci4 dev 0 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10, address 00:50:da:0d:d8:b9 bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 6 re0 at pci4 dev 2 function 0 Realtek 8169 rev 0x10: RTL8169/8110SB (0x1000), irq 5, address 00:0c:76:86:02:37 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 re1 at pci4 dev 4 function 0 Realtek 8169 rev 0x10: RTL8169/8110SB (0x1000), irq 10, address 00:0c:76:87:03:23 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 pcib0 at pci0 dev 31 function 0 Intel 82801JIB LPC rev 0x00 ahci0 at pci0 dev 31
Re: unbound problem in 5.6
On Tue, Dec 30, 2014 at 11:09:44AM -0200, Raimundo Santos wrote: Hello misc@! I have a router (peaking at 70Mbps of aggregated traffic) that acts as a recursive internal DNS server too (this configuration will die soon, as my traffic is growing), but Unbound keep saying, in /var/log/messages: Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too many open files Dec 30 09:57:08 myhost last message repeated 20284 times Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too many open files Dec 30 10:26:50 myhost last message repeated 24896 times Sometimes it says: Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer space available I have: kern.maxfiles=16384 kern.somaxconn=16384 And in login.conf: daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=4096:\ :openfiles-max=8192:\ :stacksize-cur=8M:\ :localcipher=blowfish,9:\ :tc=default: unbound:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-cur=8192:\ :openfiles-max=16384:\ :stacksize-cur=32M:\ :localcipher=blowfish,9:\ :tc=default: With many resources just for Unbound, how can it keep complaining? There's an undocumented feature with unbound: it (only) sets its resource limits based on the class of its user (_unbound by default). So set the class of the _unbound user to unbound and you're all set. -Otto Thandk you in advance, and happy new year! Raimundo Santos -- Here are some more info... # systat -B mbufs 1 usersLoad 0.16 0.12 0.09 Tue Dec 30 11:02:00 2014 IFACE LIVELOCKS SIZE ALIVE LWM HWM CWM System0 256 194 93 2048 184 442 lo0 em0 20489010 25690 xl0 re0 re1 enc0 pflog0 ...and the dmesg: OpenBSD 5.6 (GENERIC) #310: Fri Aug 8 00:14:24 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 8502595584 (8108MB) avail mem = 8267517952 (7884MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe84b0 (59 entries) bios0: vendor Intel Corp. version NBG4310H.86A.0051.2008.0804.1738 date 08/04/2008 bios0: Intel Corporation DP43TF acpi0 at bios0: rev 2couldn't map rsdt , can't load tables cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2394.30 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel G45 Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel G45 PCIE rev 0x03: irq 11 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) vendor Intel, unknown product 0x2e24 (class communications subclass miscellaneous, rev 0x03) at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH10 R BM V rev 0x00: irq 10, address 00:1c:c0:91:9f:c3 uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: irq 11 uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: irq 5 uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: irq 3 ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 28 function 0 Intel 82801JI PCIE rev 0x00: irq 7 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 3 Intel 82801JI PCIE rev 0x00: irq 4 pci3 at ppb2 bus 3 jmb0 at pci3 dev 0 function 0 JMicron JMB368 IDE rev 0x00 pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 4 for native-PCI interrupt pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: irq 11 uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: irq 4 uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: irq 3 ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: irq 11 ehci1: timed out waiting for BIOS usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90 pci4 at ppb3 bus 4 xl0 at pci4 dev 0 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10, address 00:50:da:0d:d8:b9 bmtphy0 at xl0 phy
Re: Openbsd broke my hard drive twice! Getting frustrated
On Dec 29, 2014, at 5:02 PM, Eric Furman ericfur...@fastmail.net wrote: Linux supports the UEFI boot loader. OpenBSD does not. ...and that is all we need to know. Shame on them! Shame Shame Shame! -- Mark [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
latest snapshot gives errors for libfreetype.so.23.0
I upgraded to the amd64 snapshot today (30 December) and since then lots of programs in X (gvim, firefox, libreoffice) give a warning for /usr/X11R6/lib/libfreetype.so.23.0: size mismatch, relink your program. The affected programs run with incorrect fonts. Is it just a matter of waiting a few days for a fix or can I do something about it?
5.6, IPv6: is autoconf set by default?
Hi folks, AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a local autoconf flag for each interface. I wonder if autoconf is set or cleared by default, if inet6 is configured for the network interfaces and if net.inet6.ip6.forwarding is enabled? Every helpful comment is highly appreciated Harri
freeradius problem - ephemeral RSA key generation
Hi, After upgrading to latest snapshot I have problems with freeradius 2.2.5 package not starting. Especially the problem occurs in loading of module eap-tls rlm_eap_tls: Couldn't set ephemeral RSA key rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap I've tried installing version 2.2.6 but I have the same problem. The program fails at: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c /* * Generate ephemeral RSA keys. */ static int generate_eph_rsa_key(SSL_CTX *ctx) { RSA *rsa; rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { radlog(L_ERR, rlm_eap_tls: Couldn't set ephemeral RSA key); return -1; } RSA_free(rsa); return 0; } is this related to freeradius or something with OpenBSD ssl libraries? regards, Giannis
Re: OpenBSD projects
Dear Bryan, From: Bryan Steele bry...@gmail.com Sent: Sun, 28 Dec 2014 22:01:16 -0500 To: misc@openbsd.org Subject: Re: OpenBSD projects AnonCVS is probably a worthy addition to the list. OpenBSD is the first open source project to expose their repos publically. By this I mean allowing read-only CVS access, history as it happened. The functionally was added to GNU CVS by Theo and Chuck Cranor, and prior to this work, you were lucky to get weekly source snapshots with changelogs, which required manual reconstruction. There's probably some historical significance to their work.. http://www.openbsd.org/papers/anoncvs-paper.pdf http://www.openbsd.org/papers/anoncvs-slides.pdf .. right? :-) http://marc.info/?l=freebsd-hackersm=94346786026588w=2 Wow, thanks for sharing! We all take instant source control code viewing for granted with things like github, fossil-scm and even https://secure.freshbsd.org/ Now that we have this read only instant access, I hope its never reverted in the name of security. -Bryan. Thanks, Jungle -- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: 5.6, IPv6: is autoconf set by default?
On Tue, Dec 30, 2014 at 06:16:04PM +0100, Harald Dunkel wrote: I wonder if autoconf is set or cleared by default, if inet6 is configured for the network interfaces and if net.inet6.ip6.forwarding is enabled? It certainly doesn't seem to be enabled by default as I just had to enable it to get an IPv6 assigned. This was on -CURRENt, though.
Re: 5.6, IPv6: is autoconf set by default?
On 30/12/14 19:16, Harald Dunkel wrote: Hi folks, AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a local autoconf flag for each interface. I wonder if autoconf is set or cleared by default, if inet6 is configured for the network interfaces and if net.inet6.ip6.forwarding is enabled? Every helpful comment is highly appreciated Harri Not sure about autoconf but you can check status of net.inet6.ip6.forwarding with sysctl -a | grep net.inet6.ip6.forwarding which is off by default. You can enable it realtime with sysctl and make it permanent in /etc/sysctl.conf G
usmb/FUSE on 5.6
Using the package usmb to mount a share from a Windows 2008R2 server does not seem reliable. FUSE/usmb dismounts the share after a while (less than 24 hours) with the following error: Dec 30 01:30:07 fileshare /bsd: fuse: device close without umount Usmb is not typically running afterwards. Anyone tried using usmb or have any suggested next steps for troubleshooting? -Steve S.
Re: nginx how to run first site as open , and second
thanks for einfach's kind advise , i at last do it. final nginx.conf is worker_processes 1; worker_rlimit_nofile 1024; events { worker_connections 800; } #h http { include mime.types; default_type application/octet-stream; index index.html index.htm; keepalive_timeout 65; server_tokens off; server { listen 80; listen [::]:80; server_name localhost;#-for test root /var/www/d1; auth_basic Restricted; auth_basic_user_file /var/www/1/.htpasswd; } #0 server { listen 80; listen [::]:80; server_name a.mydns.jp; root /var/www/d0; auth_basic Restricted; auth_basic_user_file /var/www/1/.htpasswd; } #1 server { listen 80; listen [::]:80; server_name s.sun.ddns.vc; root /var/www/d1; auth_basic Restricted; auth_basic_user_file /var/www/1/.htpasswd; } #2 server { listen 80; listen [::]:80; server_name k.sun.ddns.vc; root /var/www/d2; auth_basic Restricted; auth_basic_user_file /var/www/2/.htpasswd; } #11 server { listen 80; listen [::]:80; server_name member.planex.ddns.vc; root /var/www/d11; auth_basic Restricted; auth_basic_user_file /var/www/11/.htpasswd; } #12 server { listen 80; listen [::]:80; server_name n.luna.ddns.vc; root /var/www/d12; auth_basic Restricted; auth_basic_user_file /var/www/12/.htpasswd; } #h } and i run openbsd on USB only about 4GB . so i must use hard sisk . Filesystem 512-blocks Used Avail Capacity Mounted on /dev/sd1a 8293692 5045444 283356464%/ /dev/sd0a 58566000 30109240 2548143254%/var/www so # cat /etc/rc.local umount /var/www mount_ext2fs /dev/sd0a /var/www # -ext2fs if [ -x /usr/local/sbin/nginx ]; then echo ' - Starting nginx - '; /etc/rc.d/nginx -f start fi because cat /etc/rc.d/nginx #!/bin/sh # # $OpenBSD: nginx,v 1.1 2012/02/19 11:34:36 robert Exp $ daemon=/usr/local/sbin/nginx #-- . /etc/rc.d/rc.subr pexp=nginx:.*master.*process rc_reload() { ${daemon} -s reload } rc_stop() { ${daemon} -s stop || pkill -f ^${pexp} } rc_cmd $1 and cat /etc/rc.shutdown umount /var/www/ thanks thanks -- tuyosi * http://marc.info/?a=14167909673r=1w=2*
Re: leaving linux - questions about capabilities
On Mon, 29 Dec 2014 20:57:15 + Fred open...@crowsons.com wrote: On 12/29/14 17:45, Christopher Barry wrote: On Mon, 29 Dec 2014 09:29:15 -0800 Ryan Freeman r...@slipgate.org wrote: On Mon, Dec 29, 2014 at 11:17:55AM -0500, Christopher Barry wrote: Greetings All, I've used OpenBSD in the past to build redundant routers and firewalls and it was fantastic, but it's been quite a few years since I've played with it. I've also never used it as my default workstation. Yet. I've always used Debian GNU/Linux on my workstations in the past, but with jessie/sid (and practically all other linux distros) the direction the linux userspace has taken is a serious turn for the worst IMO. I am simply philosophically at odds with systemd, and I would like to stop relying on linux altogether if possible. My problem is I have specific needs, and it's not clear if I can meet them running OpenBSD. I'm hoping I can, and someone can share their experiences with making a similar setup work. Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI dongle) using the OpenSource Radeon linux driver @1920x1200 on each monitor. Hey, not 100% the same but similar setup on a workstation at work: Radeon HD4550 using radeondrm and two 1920x1080 monitors: DisplayPort-0 connected 1920x1080+1920+0 DVI-0 connected 1920x1080+0+0 Also have used multiple monitors on my i5-powered laptop, using its integrated intelHD video. I'm using enlightenment 17.6 as my window manager. I use and rely on I use openbox myself but enlightenment 0.17.5 is an available package. blender http://www.blender.org a /lot/ with hardware accelerated OpenGL, and having three monitors is important for my graphics work. blender is available in packages as well, though I have never used it. Is anyone running OpenBSD with three monitors? With blender, hw-accel OpenGL, and/or E1{7,8,9}? I'm sure three monitors would work just as well as two :) E17 does work, I have used it in the past. I play with OpenGL stuff quite regularly and it is my opinion that the recent drivers for intel and radeon video devices respectively perform roughly the same here as they do on freebsd or linux. No formal tests have been done by myself, strictly subjective experience. Your thoughts, knowledge, and possibly links to more info would be very greatly appreciated. Thank You. I would like to point out that I do follow current, both on my own workstations and my work workstation :) The FAQ on http://www.openbsd.org/ is always a good read. Cheers! --ryan Hey Ryan, Thanks for the thoughtful response. The move looks promising then. I'll definitely read the FAQ - thanks for the reminder. RE: OpenGL: It's great that it works, but is it taking advantage of the hw, or do you know if it is sw only? Some posts I've read seem less positive about that. Anyone else have any experiences to share? Thanks again, -- -C I currently have three monitors connected to my laptop but if I try to enable X on the third one I'm getting the following error: port:fred ~ xrandr --output VGA1 --auto xrandr: cannot find crtc for output VGA1 Thanks Fred. what happens when you disconnect HDMI1? Does VGA1 light up? I'm thinking the mobile gpu has 2 active outputs, the LCD built-in, plus one additional monitor of VGA or HDMI type. But blender 2.72 is running fine (I wish I new how to use it properly). It's huge, and the learning curve is steep. I've been using it daily for a year and still don't know squat... Output of xrandr and dmesg below if interested. hth Fred PS twitter pic of two monitors: https://twitter.com/fcbsd/status/549669313268170752 port:fred ~ xrandr Screen 0: minimum 320 x 200, current 3286 x 1080, maximum 32767 x 32767 LVDS1 connected 1366x768+1920+0 (normal left inverted right x axis y axis) 0mm x 0mm 1366x768 60.17*+ 1024x768 60.00 800x600 60.3256.25 640x480 59.94 VGA1 connected (normal left inverted right x axis y axis) 1920x1080 60.00 + 1680x1050 59.95 1600x900 59.98 1280x1024 75.0260.02 1440x900 59.89 1280x800 59.81 1152x864 75.00 1280x720 59.97 1024x768 75.0870.0760.00 832x624 74.55 800x600 72.1975.0060.3256.25 640x480 72.8166.6760.00 720x400 70.08 HDMI1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 477mm x 268mm 1920x1080 60.00*+ 50.00 1920x1080i60.00 1680x1050 59.88 1400x1050 59.95 1600x900 59.98 1280x1024 60.02 1440x900 59.90 1280x800 59.91 1152x864 59.97 1280x720 50.00 1024x768 60.00 800x600 60.32 720x576 50.00 720x480 59.94 640x480 60.0059.94 DP1 disconnected (normal left inverted
Re: leaving linux - questions about capabilities
On Mon, 29 Dec 2014 20:19:12 -0800 Rusty rus...@outband.net wrote: On 12/29/14 08:17, Christopher Barry wrote: Greetings All, I've used OpenBSD in the past to build redundant routers and firewalls and it was fantastic, but it's been quite a few years since I've played with it. I've also never used it as my default workstation. Yet. I've always used Debian GNU/Linux on my workstations in the past, but with jessie/sid (and practically all other linux distros) the direction the linux userspace has taken is a serious turn for the worst IMO. I am simply philosophically at odds with systemd, and I would like to stop relying on linux altogether if possible. My problem is I have specific needs, and it's not clear if I can meet them running OpenBSD. I'm hoping I can, and someone can share their experiences with making a similar setup work. Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI dongle) using the OpenSource Radeon linux driver @1920x1200 on each monitor. I'm using enlightenment 17.6 as my window manager. I use and rely on blender http://www.blender.org a /lot/ with hardware accelerated OpenGL, and having three monitors is important for my graphics work. Is anyone running OpenBSD with three monitors? With blender, hw-accel OpenGL, and/or E1{7,8,9}? Your thoughts, knowledge, and possibly links to more info would be very greatly appreciated. Thank You. -- -C As this is a getting to know you thread. I use OpenBSD in a desktop role. snapshots on an Intel i5 with a radeon 6950, two screens(my card chokes on the third screen but I think that is hardware) I like the one dimensional desktop style setup, that is, spectrwm and lots of xterms. For what its worth spectrwm has the best multiscreen support I have seen I don't use blender every day, but I do find it handy from time to time (for me 3d printing stuff) The maintainer tends to keep it nicly up to date, which I appreciate as it looks like it is a bitch and a half to build. I update the snapshots every couple weeks when I want to try what ever new stuff comes out of the pipe(*cough*, and libc bumps, *cough*). One thing I would recommend is to look at login.conf(5) and set the memory limits to something gratuitous, many of the desktop applications like to use a lot of memory. And as far as overall experience, I think obsd is a little slower than linux(whatever that means) but the simplicity and correctness of the system(obsd was the first/only system where I feel I understand how the whole thing works) means I enjoy using it quite a bit more. So good luck, and I hope it works out for you as well as it did for me. Very encouraging. Thanks. It seems I'll need to downgrade my video card somewhat to get hw-accel, but found one refurbed for $145US, so I think I'll go for it. -- -C
Re: leaving linux - questions about capabilities
On 12/30/14 21:08, Christopher Barry wrote: /snipped I currently have three monitors connected to my laptop but if I try to enable X on the third one I'm getting the following error: port:fred ~ xrandr --output VGA1 --auto xrandr: cannot find crtc for output VGA1 Thanks Fred. what happens when you disconnect HDMI1? Does VGA1 light up? I'm thinking the mobile gpu has 2 active outputs, the LCD built-in, plus one additional monitor of VGA or HDMI type. All three and useable, but only two at a time - due to the limitation that Johnathan mentioned. I can use any two of the three monitors - if I disconnect any I have to re-run xrandr or arandr (gui xrandr in ports). But blender 2.72 is running fine (I wish I new how to use it properly). It's huge, and the learning curve is steep. I've been using it daily for a year and still don't know squat... :~) OpenBSD can be a bit like that but the documentation is excellent - and I have been using it as my main desktop since 2.9 cheers Fred
Re: iked (IKEv2) setup help on the simplest testing setup
On 12/30/14 4:49 AM, Stuart Henderson wrote: On 2014-12-28, Daniel Ouellet dan...@presscom.net wrote: When all is done it will be ospf over vether over gif tunnel Does vether give any benefit here? I think that you should just be able to route the addresses over the gif interface without the extra layer of indirection (and overhead from carrying ethernet headers). The classic use case for vether is where you are bridging an ethernet at one location to a router at another (without needing to connect to a physical network at the second location). Hi Stuart. This is still a work in progress and all is in the lab so things are changing. The Vether was to eliminate get MTU aspect after reading Theo paper on the setup in Calgary. At this point I have taken out the vether and the bridge, making it simpler. But I have to say there is some much to read on the net and many choices that coming with the simplest and most efficient one is not always easy. It sure if fun to play around and tests things, even if at time I pull my hairs a bit like I did with ikev2. Even GIF I wasn't sure and did start with GRE instead. Much easier to setup with Cisco router, or I should say, the only one that works with Cisco, but then I decided to scrap Cisco all together from the picture! That's for taking the time to answer this regardless. Te only answer I got. Always nice to see you interested in some weird things still. (: I have lots more coming down, but may well be boring for most. I am testing now the processing with different encryption supported on Iked with and without the ASE instruction set enable or disable on Xeon processor to see for various setup's. One interesting things I am working on as well is a way, or try to find a way to do the queue and have decent QoS on lines like Fios and the like where you really have no QoS what so ever. Yes you can do outgoing, not much you can do on the incoming, but I am looking at how I could for example limit the incoming traffic a bit lower then what's there to not have congestion and not provide QoS, but at a minimum allow the important traffic to come in easier then in congested line. Like I am playing with 75/75Mb Fios at home for testing, except there is plenty of time where that 75 Mb goes down to 2 or 3 Mb, most of the time down to 35/12 and I have seen rare occasion, but it happen, where it went as low as 750K. I am not sure of what I will do, but one idea was as I do have both GIF for not encrypted traffic when I actually use it to carry over routable IP's on a single not fix one and ipsec tunnel as well where may be a health check would identify congestion and then restrict the incoming lower then what the connection is at that time to permit the critical one to work. I am not sure I explain it well as it's work in progress as well, but fun and yes so far I have success, or mostly success anyway. In short is a way to dynamically adjust the queue in pf to adapt itself to the capacity available that is always changing and always keeping it someone what lower and allowing what I would call a poor man QoS by default, even if that's not the case at all! One fun part was to change the remote part of the GIF configuration automatically when the local outside IP's is changing on Fios or Comcast for example. (: Same with Iked oppose to use npppd. Anyway, thanks for your input, it's a;ways well received. (: Daniel
Re: Best way forward w.r.t. apache/nginx/httpd?
I'll answer to this one, but I'll start with a big thanks to all who responded - some interesting points were made! On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: apache-httpd-openbsd is a dead-end, it's not actively developed, ssl support is poor, third-party documentation relating to use of webapps with Apache has long since moved to Apache 2. It's mainly there to provide a quick migration path for existing OpenBSD users and to ease the pain in ports. In fact, the Apache 1 vs. 2 problem has already hit me in the past and forced me not to use a photogallery application I wanted to use. You make a very valid point here: Contrary to nginx, there is indeed nobody developing Apache 1 anymore (not even the OpenBSD developers who kept it running for so long). b) Migrate to nginx [...] This might be a reasonable choice, especially if the CMS you're looking at already documents how to use it with nginx. I had a quick look - CMS Made Simple (which is what I'm using) has aparently been used with nginx by some people, so there is some documentation around. phpGedView (which is another application I use) is no longer developed anymore and I was thinking about replacing it anyway, so this might be a good time. Same goes for the gallery I'm currently using. There will be some work involved, but this has been coming a long time now... Time for some clean-up work. c) Migrate to httpd [...] Personally I don't think httpd is quite ready for use with a typical PHP-based CMS yet (including -current). Two big issues for this type of use: clean urls functionality in most CMS needs rewrite support which httpd doesn't have. httpd's fastcgi support passes every url matching a location block to the handler meaning there's no mitigation for the issue described in http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP (which also affects naive nginx configurations). Thanks for those two insights. Based on what I've read so far, I will give nginx a try - that will at least place me on a server that is a) well known on OpenBSD and b) still under active development - that should buy me enough time to wait for the day that httpd can take over this job - given the track record of OpenBSD, I very much like to stay within base where possible. Thanks again! And now off to read up on how to use nginx with PHP etc.pp ;-) Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
hp pavilion hpps5521 ?
Needing a new laptop, and this is one of the machines I've been looking at. Is it going to be one of those whose graphics acceleration is too new-fangled, etc.? -- Joel Rees
Re: freeradius problem - ephemeral RSA key generation
On Wednesday 31 December 2014, Kapetanakis Giannis wrote: Hi, After upgrading to latest snapshot I have problems with freeradius 2.2.5 package not starting. Especially the problem occurs in loading of module eap-tls rlm_eap_tls: Couldn't set ephemeral RSA key rlm_eap: Failed to initialize type tls /etc/raddb/eap.conf[17]: Instantiation failed for module eap I've tried installing version 2.2.6 but I have the same problem. The program fails at: src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c /* * Generate ephemeral RSA keys. */ static int generate_eph_rsa_key(SSL_CTX *ctx) { RSA *rsa; rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) { radlog(L_ERR, rlm_eap_tls: Couldn't set ephemeral RSA key); return -1; } RSA_free(rsa); return 0; } is this related to freeradius or something with OpenBSD ssl libraries? Support for ephemeral RSA keys was removed from LibreSSL, since it should only be needed for export ciphers (no longer supported) or otherwise violating RFCs (as at first glance FreeRADIUS appears to do above). Since you're already looking at the code, does it set SSL_OP_EPHEMERAL_RSA anywhere? If not, the above function is probably a noop. At the very least it is likely buggy since they are supposed to call SSL_CTX_need_tmp_RSA() to see if the temporary RSA key should be set, before calling SSL_CTX_set_tmp_rsa(). regards, Giannis -- Action without study is fatal. Study without action is futile. -- Mary Ritter Beard
Re: [probably solved] Re: Openbsd broke my hard drive twice! Getting frustrated
I had a machine that didn't like OpenBSD either, it froze during POST or Plop, basically when BIOS services were still usable. It was a BIOS-based system though, and I didn't patch it either. Luckily, I installed on an external disk. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Henrique Lengler Sent: December 23, 2014 12:56 PM To: misc@openbsd.org Subject: [probably solved] Re: Openbsd broke my hard drive twice! Getting frustrated I figured that my BIOS have a old firmware from 2013. So I decided to update it. At least this my motherboard did good, I easily updated the firmware by plugging a USB with the new firmware. Then It rebooted and yes, it worked as it should. Booted normally with the HDD sata connected. I cannot get satisfied yet, I will install a OS and see if it will still working. I'm in doubt about try openBSD again, I'm afraid everything could happen again. Also is there a explanation to this shitty behavior? My motherboard acted like having a short circuit, making everything stop working because a bad formatted HDD, this is a really unexpected behavior, which made me think the problem was openBSD. By now, thanks for helping. I expect don't need to post anything more here. Regards, -- Henrique Lengler
Reminder, today is the deadline for CanSecWest CFP submissions, (conf March 18-20)
So send something in very soon if you want it considered. Hope all of you have a Happy New Year. Cheers, --dr