Re: Question about logo

[Janne Johansson]

http://www.openbsd.org/art1.html says:

Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by
other members or developers of the OpenBSD group. However, it is our intent
that anyone be able to use these images to represent OpenBSD in a positive
light -- but do not make profit from them. [...] So enjoy them and let the
world see them, if that is your wish.


2016-03-03 3:31 GMT+01:00 Leonardo Santagostini :

> Hello @misc,
>
> Just wondering and bothering you, if i can use for my twitter account and
> mi personal blog, a puffy image.
>
> Kind regards
>
> Saludos.-
> Leonardo Santagostini
>
> 
>
>


-- 
May the most significant bit of your life be positive.

Question about logo

[Leonardo Santagostini]

Hello @misc,

Just wondering and bothering you, if i can use for my twitter account and
mi personal blog, a puffy image.

Kind regards

Saludos.-
Leonardo Santagostini

em(4) interface hangs randomly, receive buffer full (Intel i210)

[Juuso Lapinlampi]

First and foremost, I'll be warned that third-party kernels (by MTier) are
generally unsupported. MTier's kernels should be very close to official kernels
though, only with errata patches applied. I'll share my issue anyway before
trying an official kernel if anyone can find it helpful.

I have this server which is abruptly dropping all network connectivity on em1
interface (Intel i210AT), starting from last week. It takes at least 10 minutes
to recover from a network hang, so that all existing connections are
disconnected.

This server has been running fine on the same NIC since OpenBSD 5.6(?) and did
also work for a long while on 5.8. Nothing significant has changed recently as
far as I believe. The kernel I'm using has all the errata patches for 5.8.
Truth said, I have been running MTier kernels since OpenBSD 5.6.

This NIC gets a lot of persisting connections from the Tor network. This seems
like nothing unusual, it has been fine in 5.8 and earlier and very stable with
it (though for some reason it would never go over 1 MB/s for the Tor network,
even if higher was advertised).

There's no time correlation when the network is going to hang: it can be 20
minutes, 3 hours, 24 hours or anywhere from between. But it seems to happen
every day now for the past week.

Here's what I got when the network was down:

$ ping 8.8.8.8
ping: Could only allocate a receive buffer of 8191 bytes (default 65535)
PING 8.8.8.8 (8.8.8.8): 56 data bytes
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 packets received, 100.0% packet loss

After recovering from the network issue, the buffers are of course (mostly)
empty and everything works normally again until the buffers are full again?

I have netstat logs from the time of the hang, though I'd hesitate to share
them publicly on this list. Let's just say the output of `netstat -an` is 2595
lines long with 2332 tcp connections (IPv4), most on the Tor IPv4-address. It
doesn't seem like a denial of service attack or anything unusual.
Packets/traffic in/out drop to ~0 during the hang according to systat.

The traffic is typically quite low for this NIC, about 10-20 Mbps - nowhere
near the 1 Gbps limit. I can max out the NIC's capability with a speedtest.

What could I do in this situation? The next thing I may try is using a snapshot
kernel, or using the second i217-LM NIC on the mobo. Though I believe there
seems to be a bug with this NIC which I don't understand.

$ uname -a
OpenBSD partyvan.eu 5.8 GENERIC.MP#0 amd64
$ cat /etc/sysctl.conf
# Increase max file descriptors to 20k for Tor
kern.maxfiles=2
$ cat /etc/hostname.em1 # I believe the addresses may be in use as aliased 
right now
inet 188.126.81.149 255.255.255.128
inet 188.126.81.150 255.255.255.128
inet 188.126.81.151 255.255.255.128
inet 188.126.81.152 255.255.255.128
inet 188.126.81.153 255.255.255.128
inet 188.126.81.154 255.255.255.128
inet 188.126.81.155 255.255.255.128
inet6 2a00:1a28:1510:1::149 64
inet6 2a00:1a28:1510:1::150 64
inet6 2a00:1a28:1510:1::151 64
inet6 2a00:1a28:1510:1::152 64
inet6 2a00:1a28:1510:1::153 64
inet6 2a00:1a28:1510:1::154 64
inet6 2a00:1a28:1510:1::155 64
$ ifconfig em1
em1: flags=8843 mtu 1500
lladdr 00:25:90:47:6e:f4
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet6 fe80::225:90ff:fe47:6ef4%em1 prefixlen 64 scopeid 0x2
inet6 2a00:1a28:1510:1::149 prefixlen 64
inet6 2a00:1a28:1510:1::150 prefixlen 64
inet6 2a00:1a28:1510:1::151 prefixlen 64
inet6 2a00:1a28:1510:1::152 prefixlen 64
inet6 2a00:1a28:1510:1::153 prefixlen 64
inet6 2a00:1a28:1510:1::154 prefixlen 64
inet6 2a00:1a28:1510:1::155 prefixlen 64
inet 188.126.81.149 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.150 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.151 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.152 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.153 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.154 netmask 0xff80 broadcast 188.126.81.255
inet 188.126.81.155 netmask 0xff80 broadcast 188.126.81.255
$ dmesg
OpenBSD 5.8 (GENERIC.MP) #0: Tue Nov 10 11:57:58 CET 2015

jas...@stable-58-amd64.mtier.org:/binpatchng/work-binpatch58-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17118748672 (16325MB)
avail mem = 16596041728 (15827MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec0f0 (76 entries)
bios0: vendor American Megatrends Inc. version "2.0" date 04/24/2014
bios0: Supermicro X10SLL-F
acpi0 at bios0: rev 2
acpi

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[ropers]

On 2 March 2016 at 23:59, Jason Barbier  wrote:

> [You're] probably going to have to suck it up at some point and use +
> [delimiters] like most people have moved to doing since according to the
> RFC - is a valid email address char.
>

So is +.
http://tools.ietf.org/html/rfc3696#section-3
- is not any more legal than +, just maybe more common, and you're still
more likely to encounter non-RFC compliant implementations that don't deal
with plus correctly, especially in web form email "verification" scripts --
but many of those suck monkey balls anyway.

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

[Jason Barbier]

On Wed, Mar 2, 2016, at 12:19 PM, Claus Niesen wrote:
> Sorry for the off topic question but I'm hoping that maybe some of your
> know of or work for an email hosting provider that provides minus/hyphen
> ("-") addressing with custom domain.  All I can find are provider that
> offer plus addressing, which makes it hard for a smooth transition since
> I'm using minus addressing extensively. 
> 
> I used to run my own at home mailserver (openbsd + qmail) .  Since I no
> longer have a static IP, I switched to an email provider that supports
> minus addressing but operates in the dark ages, especially in regards to
> security updates.  Needless to say I need a better host.  I'd rather not
> host my own mailserver but so far haven't been able to find an
> alternative.
> 
> Your suggestions are greatly appreciated.  Feel free to contact me off
> list.
> Thanks,
> Claus
> 
> Specific requirements:
> - allows usage of custom domain
> - allows multiple email accounts
> - qmail style '-' addressing
> - some kind of spam filtering (gray-listing & bayes filter)
> - alias
> - imap
> - reliable and secure
> 

Your probably going to have to suck it up at some point and use +
delmiters like most people have moved to doing since according to the
RFC - is a valid email address char. But with that rant out of the way
honestly if you are not opposed to running your own server DigitalOcean
is cheap, reliable, and with some work you can have openbsd in any
config you see fit.

-- 
Jason Barbier | E: jab...@serversave.us
GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc)

Re: Gif tunnel / pf / queueing

[Christopher Sean Hilton]

On Wed, Mar 02, 2016 at 10:46:08PM +1000, David Gwynne wrote:
> > On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton  
> > wrote:
> > 
> > I would like to apply queueing to packets traversing a gif tunnel. I'd
> > like to know what works better, Tagging outbound packets on the gif
> > interface and applying them to queues by tag when they leave on the
> > external interface? Or assigning packets to the queues directly when
> > they are on the gif interface?
> > 
> > If I understand things correctly queues work on interfaces. That leads
> > me to think that tagging for later queueing is the better approach.
> 
> in this instance it shouldn't matter. however, if you have multiple
> outgoing interfaces the gif traffic can leave on, it's better to
> apply the policy on the gif interface.

I think I can re-phrase the question in a better way: I'm using gif0
to tunnel IPv6 over IPv4 from my local network via Hurricane Electric
to the internet. Since gif0 is a tunnelling interface all my outbound
traffic will ultimately traverse my external interface, ext_if, which
has a set of queues. I want my IPv6 traffic to be subject to queues on
ext_if.

My understanding is that queues are interface specific so I suspect
that doing this:

queue ob_root on $ext_if bandwidth 1000M qlimit 304
  queue ob_ext parent ob_root bandwidth 40M qlimit 48
queue ob_ext_priority parent ob_ext ...
queue ob_ext_ssh parent ob_ext ...
queue ob_ext_default parent ob_ext ... default
queue ob_ext_low parent ob_ext ...
  queue ob_local parent ob_root bandwidth 960M qlimit 256

...

## Example (1): Will this work?

pass out on gif0 proto tcp to any port 22 \
flags S/SA keep state \
queue (ob_ext_ssh, ob_ext_priority) prio (4, 5)

## Example (2): I expect this to work because tags are designed to be sticky

match out on gif0 proto { udp, tcp } to any port 53 \
flags S/SA keep state \
tag OB_EXT_PRIORITY

...

match out on $ext_if tagged OB_EXT_PRIORITY \
queue ob_ext_priority prio 5

I don't know what will happen with example (1). But I expect that
example (2) will work because tags are designed to be sticky.

This thread implies that at one time queues were not sticky:

http://misc.openbsd.narkive.com/BXucT1to/pf-queue-filter-directive-sticky

The pf man page and later threads imply that queues have become sticky
but the man page only refers to the match keyword.

Is it the match keyword that makes queues sticky or did the change in
pf way back when, change them from non-sticky to sticky?

-- 
Chris

  __o  "All I was trying to do was get home from work."
_`\<,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]

OT: Flash Reliability in Production: The Expected and the Unexpected

[Karel Gardas]

Hello,

sorry for off-topic, but this is indeed interesting flash drive study done by
Bianca Schroeder, University of Toronto; Raghav Lagisetty and Arif
Merchant, Google Inc

http://0b4af6cdc2f0c5998459-c0245c5c937c5dedcca3f1764ecc9b2f.r43.cf2.rackcdn.com/23105-fast16-papers-schroeder.pdf

Karel

OT: Looking for email host with qmail like minus-addressing for custom domain

[Claus Niesen]

Sorry for the off topic question but I'm hoping that maybe some of your
know of or work for an email hosting provider that provides minus/hyphen
("-") addressing with custom domain.  All I can find are provider that
offer plus addressing, which makes it hard for a smooth transition since
I'm using minus addressing extensively. 

I used to run my own at home mailserver (openbsd + qmail) .  Since I no
longer have a static IP, I switched to an email provider that supports
minus addressing but operates in the dark ages, especially in regards to
security updates.  Needless to say I need a better host.  I'd rather not
host my own mailserver but so far haven't been able to find an
alternative.

Your suggestions are greatly appreciated.  Feel free to contact me off
list.
Thanks,
Claus

Specific requirements:
- allows usage of custom domain
- allows multiple email accounts
- qmail style '-' addressing
- some kind of spam filtering (gray-listing & bayes filter)
- alias
- imap
- reliable and secure

Re: Gif tunnel / pf / queueing

[David Gwynne]

> On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton 
wrote:
>
> I would like to apply queueing to packets traversing a gif tunnel. I'd
> like to know what works better, Tagging outbound packets on the gif
> interface and applying them to queues by tag when they leave on the
> external interface? Or assigning packets to the queues directly when
> they are on the gif interface?
>
> If I understand things correctly queues work on interfaces. That leads
> me to think that tagging for later queueing is the better approach.

in this instance it shouldn't matter. however, if you have multiple outgoing
interfaces the gif traffic can leave on, it's better to apply the policy on
the gif interface.

>
> --
> Chris
>
>  __o  "All I was trying to do was get home from work."
>_`\<,_   -Rosa Parks
> ___(*)/_(*).___o..___..o...ooO..._
> Christopher Sean Hilton[chris/at/vindaloo/dot/com]
>
> [demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]

Re: BlackBerry Classic to use OpenBSD

[Kapfhammer, Stefan]

Hello Karel,

seems for that issue there is a community project
at foundry27@QNX. Will investigate...
So far, thanks for the useful advise, Karel. :-)

Regards,
Stefan
___
From: Karel Gardas [gard...@gmail.com]
Sent: Wednesday, March 2, 2016 12:11 PM
To: Kapfhammer, Stefan
Cc: OpenBSD general usage list
Subject: Re: BlackBerry Classic to use OpenBSD

On Wed, Mar 2, 2016 at 11:51 AM, Kapfhammer, Stefan  wrote:
> Hello Karel,
>
> interesting aspect, how to go about it.
> The challenge would be, on how to root the
> device to move OpenBSD to it.

There is no chance to do that, that's the reason I've suggested
running OpenBSD inside Qemu on top of BB OS. You don't need to root it
then, just install Qemu user application. The tricky part may start
once you start with networking/tunnelling, but there is still a long
way to it.

> BB OS has
> something like VNC, but only client, not server.
> We have also a shell ;) http://imgur.com/RoG1Ukg

Qemu provides VNC server so with BB OS VNC client you may try to connect it.

Re: BlackBerry Classic to use OpenBSD

[Karel Gardas]

On Wed, Mar 2, 2016 at 11:51 AM, Kapfhammer, Stefan  wrote:
> Hello Karel,
>
> interesting aspect, how to go about it.
> The challenge would be, on how to root the
> device to move OpenBSD to it.

There is no chance to do that, that's the reason I've suggested
running OpenBSD inside Qemu on top of BB OS. You don't need to root it
then, just install Qemu user application. The tricky part may start
once you start with networking/tunnelling, but there is still a long
way to it.

> BB OS has
> something like VNC, but only client, not server.
> We have also a shell ;) http://imgur.com/RoG1Ukg

Qemu provides VNC server so with BB OS VNC client you may try to connect it.

Re: BlackBerry Classic to use OpenBSD

[Kapfhammer, Stefan]

Hello Karel,

interesting aspect, how to go about it.
The challenge would be, on how to root the
device to move OpenBSD to it. BB OS has
something like VNC, but only client, not server.
We have also a shell ;) http://imgur.com/RoG1Ukg

I agree, that it's one of the best end secure
smartphone OS with less to no viruses, malware
and trojans. The iOS and android fraction will
see what they will get by time ;)

Regards,
Stefan


From: Karel Gardas [gard...@gmail.com]
Sent: Wednesday, March 2, 2016 11:27 AM
To: Kapfhammer, Stefan
Cc: OpenBSD general usage list
Subject: Re: BlackBerry Classic to use OpenBSD

Sweet! I would recommend to port Qemu to QNX first, then add some UI
for BlackBerry to be at least able to start the Qemu. Also you will
probably need some kind of VNC for QNX/BB OS. Once you do have all
this on the phone you may try to install OpenBSD into Qemu. i guess
i386 or amd64 system support should work fine. I've also tested
OpenBSD insidde Qemu running sparc64 emulation and this was also
working fine. I'm not sure about PPC nor ARM, have not tested that. I
guess installing VM on your PC and then moving to phone should work
fine...

Good luck! QNX/BB OS is fine, pity that market is going against it
with Android/IOS duopoly...

On Tue, Mar 1, 2016 at 11:49 PM, Kapfhammer, Stefan  wrote:
> Hi list,
>
> I've 2 BlackBerry Classic (SQC100-1) here and want
> to try running OpenBSD on one of it. Is there a known way
> to get it on the device‎ (not an easy task I believe).
>
> Hints are welcome,
> regards,
> Stefan

Re: BlackBerry Classic to use OpenBSD

[Kapfhammer, Stefan]

Hello bofh,

1. ok, but it's my time, right?
2. Secure platform / BlackBerry good SP's
3. Doesn't matter

Regards,
Stefan

From: owner-m...@openbsd.org [owner-m...@openbsd.org] on behalf of bofh
Sent: Wednesday, March 2, 2016 4:11 AM
To: OpenBSD general usage list
Subject: Re: BlackBerry Classic to use OpenBSD

Things like this is just a freaking waste of time.  Why would you even
consider it?  How long have you been using OpenBSD that you would think
this is a good idea?

Re: BlackBerry Classic to use OpenBSD

[Kapfhammer, Stefan]

Hello Nick,

thank you for your explanation. If it's not for that architecture,
it's almost done for me.

Joke was nice ;)

Regards,
Stefan

From: owner-m...@openbsd.org [owner-m...@openbsd.org] on behalf of Nick
Holland
Sent: Wednesday, March 2, 2016 3:46 AM
To: misc@openbsd.org
Subject: Re: BlackBerry Classic to use OpenBSD

On 03/01/16 17:49, Kapfhammer, Stefan wrote:
> Hi list,
>
> I've 2 BlackBerry Classic (SQC100-1) here and want
> to try running OpenBSD on one of it. Is there a known way
> to get it on the device (not an easy task I believe).
>
> Hints are welcome,

Place smart phone on table.
Place laptop running OpenBSD on top of phone.
done.

But otherwise, no...there's no port of OpenBSD to this or any other
phone-like device at the moment...and considering the effort involved in
porting to undocumented hardware and the life expectancy of the platform
(both in new availability and life span once the embedded batteries
die), I'd be surprised if anyone was jumping for joy over the idea of
spending time on it.

Feel free to prove me wrong.

Nick.

Re: BlackBerry Classic to use OpenBSD

[Karel Gardas]

Sweet! I would recommend to port Qemu to QNX first, then add some UI
for BlackBerry to be at least able to start the Qemu. Also you will
probably need some kind of VNC for QNX/BB OS. Once you do have all
this on the phone you may try to install OpenBSD into Qemu. i guess
i386 or amd64 system support should work fine. I've also tested
OpenBSD insidde Qemu running sparc64 emulation and this was also
working fine. I'm not sure about PPC nor ARM, have not tested that. I
guess installing VM on your PC and then moving to phone should work
fine...

Good luck! QNX/BB OS is fine, pity that market is going against it
with Android/IOS duopoly...

On Tue, Mar 1, 2016 at 11:49 PM, Kapfhammer, Stefan  wrote:
> Hi list,
>
> I've 2 BlackBerry Classic (SQC100-1) here and want
> to try running OpenBSD on one of it. Is there a known way
> to get it on the device‎ (not an easy task I believe).
>
> Hints are welcome,
> regards,
> Stefan

Re: Dualbooting with GRUB in a UEFI environment

[Remi Locherer]

On Mon, Feb 29, 2016 at 11:19:57AM -0600, joshua stein wrote:
> On Mon, 29 Feb 2016 at 15:19:24 +0100, Noth wrote:
> > Hi misc@,
> > 
> >   I just cracked this and it doesn't seem to be well documented so I thought
> > I'd stick it here.
> > 
> > My setup is a VAIO laptop dualbooting Ubuntu 16.04 and OpenBSD -CURRENT.
> > I've got sd0a setup as a cryptoraid partition, so I needed a way to
> > chainload into the OBSD bootloader to get a prompt to decrypt the partition.
> 
> FWIW, I use rEFInd to manage EFI booting between OpenBSD, Linux, and
> FreeBSD on my laptop:
> 
> http://www.rodsbooks.com/refind/
> 
> Just putting the OpenBSD bootx64.efi file into /efi/openbsd/ will
> allow rEFInd to find it and show an OpenBSD logo on boot:
> 
> https://i.imgur.com/y2PHRFu.jpg
> 
> This way OpenBSD does not depend on grub and Linux can do whatever
> it wants to the grub config without locking me out of OpenBSD.
> rEFInd can be configured by editing the /efi/refind/refind.conf file
> but by default it will automatically find things.

I'm also using refind for that purpose. Just make sure you copy the
OpenBSD efi boot program to an other directory than /efi/boot as joshua
suggested. Otherwise installers from other OSs will likely overwrite
OpenBSD's efiboot.

It would be nice if installboot(8) could do that:
http://marc.info/?l=openbsd-tech&m=145396912725902&w=2

Remi