Re: "switching console to com0"
> Greetings all - what does one do when during the install you set the default > console to com0 and now your serial cable is not working? I cannot login to > set the default console back to use the keyboard and monitor. Instead of the > boot prompt where I can normally change settings and/or enter single user > mode I just get the message "switching console to com0" immediately without > any delay to enter boot commands. Thanks for your time. > > J Just reboot and start over? Implementing two parallell inputs, one from the console and one via COM, is above the OS boot loader's design goals really, as reboot fills the function you're asking for very well.
"switching console to com0"
Greetings all - what does one do when during the install you set the default console to com0 and now your serial cable is not working? I cannot login to set the default console back to use the keyboard and monitor. Instead of the boot prompt where I can normally change settings and/or enter single user mode I just get the message "switching console to com0" immediately without any delay to enter boot commands. Thanks for your time. J
Re: Install process: couple of comments
On 10/16/17 18:38, Limaunion wrote: > On 10/16/2017 06:55 PM, Limaunion wrote: >> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE >> boot method. In previous years I used an internal FTP server to perform >> the upgrade, but for some reason this is not supported any more since a >> couple of releases. I mounted and published the ISO image using a >> raspberrypi and NGINX (HTTP method). During the install process I hit >> the following error 'unable to get a verified list of distribution >> sets'(*). I couldn't find much help from google but after some time I >> figured out that the install was looking for a file named index.txt, >> that is not included in the ISO. >> Maybe some of this information can be included to the install guide for >> those of us doing a local HTTP upgrade, and also it would be great to >> have the index.txt file included in the ISO. >> For the record, the kernel relinking (Relinking to create unique >> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 >> minutes the library reordering during the boot process. >> Just my .02 cents. >> J. >> >> (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0" >> > > I know about this, but its not crystal clear (at least for me): > > https://www.openbsd.org/faq/faq4.html > Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz > in your source directory and include it in your index.txt. It will then > be an option at install time. > > Best regards. There are a few ways of doing things right. There is a near infinite number of doing things, if not wrong, at least "oddly". Mounting an ISO file as a file system and using that as the source of your files for a web install qualifies as "at least, oddly", defeating the purpose of both an ISO and a web install. In fact, you may well be over the "wrong" line on that. I don't think you will see any special documentation or file changes supporting that way of doing things. Nick.
Re: 6.2-Release - Firefox and Codeblocks Issues
1. Discussion was moved to ports@. 2. I have tested a fix, which I will publish for -current and 6.2-stable. 3. I will need to build and test the -stable package, and can then make it available to you if you want to trust an unsigned package from the port maintainer.
Re: Install process: couple of comments
On 10/16/2017 06:55 PM, Limaunion wrote: Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE boot method. In previous years I used an internal FTP server to perform the upgrade, but for some reason this is not supported any more since a couple of releases. I mounted and published the ISO image using a raspberrypi and NGINX (HTTP method). During the install process I hit the following error 'unable to get a verified list of distribution sets'(*). I couldn't find much help from google but after some time I figured out that the install was looking for a file named index.txt, that is not included in the ISO. Maybe some of this information can be included to the install guide for those of us doing a local HTTP upgrade, and also it would be great to have the index.txt file included in the ISO. For the record, the kernel relinking (Relinking to create unique kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 minutes the library reordering during the boot process. Just my .02 cents. J. (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0" I know about this, but its not crystal clear (at least for me): https://www.openbsd.org/faq/faq4.html Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz in your source directory and include it in your index.txt. It will then be an option at install time. Best regards.
Install process: couple of comments
Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE boot method. In previous years I used an internal FTP server to perform the upgrade, but for some reason this is not supported any more since a couple of releases. I mounted and published the ISO image using a raspberrypi and NGINX (HTTP method). During the install process I hit the following error 'unable to get a verified list of distribution sets'(*). I couldn't find much help from google but after some time I figured out that the install was looking for a file named index.txt, that is not included in the ISO. Maybe some of this information can be included to the install guide for those of us doing a local HTTP upgrade, and also it would be great to have the index.txt file included in the ISO. For the record, the kernel relinking (Relinking to create unique kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 minutes the library reordering during the boot process. Just my .02 cents. J. (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0" OpenBSD 6.2 (GENERIC) #163: Tue Oct 3 19:51:20 MDT 2017 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW real mem = 267931648 (255MB) avail mem = 248758272 (237MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) mtrr: K6-family MTRR support (2 registers) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31 glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, address 00:0d:b9:12:d5:4c ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, address 00:0d:b9:12:d5:4d ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ath0 at pci0 dev 12 function 0 "Atheros AR5212" rev 0x01: irq 9 ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6 eeprom 4.8, FCC2A*, address 00:0b:6b:85:20:5f glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio, i2c gpio0 at glxpcib0: 32 pins iic0 at glxpcib0 maxtmp0 at iic0 addr 0x4c: lm86 pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 1-sector PIO, LBA, 967MB, 1981728 sectors wd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00 addr 1 nvram: invalid checksum vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (c0ea1143b236330f.a) swap on wd0b dump on wd0b clock: unknown CMOS layout
Re: chronium ports
On Tue, Oct 17, 2017 at 04:27:55AM +0900, Tuyosi T wrote: > what a fast machine Espie uses ! Nope, it's called a dedicated cluster... I don't even pay for it, fortunately. But there are a few clusters dedicated to either building package snapshots OR to quickly test various things, fortunately. Mostly so that you don't feel the pain. Don't get me wrong, playing with the ports tree is fun, but we have working packages, and it's often not worth the pain. Almost everyone uses the snapshots in production.
Re: 6.2-Release - Firefox and Codeblocks Issues
On 2017-10-15 21:01, tec...@protonmail.com wrote: > Hi, > > Firefox / Firefox-ESR > I can not access my protonmail.com email account on both of these versions > as I can't get to the login screen (it hangs on the loading screen) - this is > evident by going to https://mail.protonmail.com/login. I have experienced > this same issue on two different installs, so I believe anyone trying to > access this site or some others will face the same issue. My guess is that > it is due to the JavaScript functions it is running on this page. > > Chromium works without issue and shows the login form. Problem is, I really > despise Chromium and actively try to stay away from all Google services. > > ### > > Codeblocks > This crashes as soon as I open it. I can briefly see the codeblocks graphic > before it does so. > > $ codeblocks > Starting Code::Blocks Release 16.01 rev 10692 Oct 2 2017, 19:06:03 - > wx2.8.12 (OpenBSD, unicode) - 64 bit > Initialize EditColourSet . > Initialize EditColourSet: done. > Abort trap (core dumped) > > $ gdb > (gdb) core codeblocks.core > Core was generated by `codeblocks'. > Program terminated with signal 6, Aborted. > #0 0x0f1d99cdb2da in ?? () Same problem here after upgrading to 6.2 (moved to latest snapshot and it's still the same) and I did pkg_add -u. You can see the backtrace. I'm trying to compile the codeblocks ports but for (another reason I should investigate), the build process is very slow while the CPU is almost (82%) idle and it will takes a while: (gdb) bt #0 thrkill () at -:3 #1 0x01c2120ac7fd in _libc_abort () at /usr/src/lib/libc/stdlib/abort.c:51 #2 0x01c1ca250ec1 in wxFatalSignalHandler () from /usr/local/lib/libwx_base.so.3.0 #3 #4 0x01c1ca20d500 in wxStringBase::operator= () from /usr/local/lib/libwx_base.so.3.0 #5 0x01c26c874b50 in wxPGProperty::wxPGProperty () from /usr/local/lib/libcodeblocks.so.0.1 #6 0x01c26c8996e1 in wxStringProperty::wxStringProperty () from /usr/local/lib/libcodeblocks.so.0.1 #7 0x01bfae5aba40 in WatchesProperty::wxCreateObject () from /usr/local/bin/codeblocks #8 0x01bfae5174ae in DebugInterfaceFactory::OnEditorDeactivate () from /usr/local/bin/codeblocks #9 0x01c26c5ef3b1 in DebuggerManager::CreateWindows () from /usr/local/lib/libcodeblocks.so.0.1 #10 0x01c26c5f0282 in DebuggerManager::SetInterfaceFactory () from /usr/local/lib/libcodeblocks.so.0.1 #11 0x01bfae55cea7 in MainFrame::OnUnlockLogManager () from /usr/local/bin/codeblocks #12 0x01bfae5565c7 in MainFrame::OnMouseRightUp () from /usr/local/bin/codeblocks #13 0x01bfae554f18 in MainFrame::OnMouseRightUp () from /usr/local/bin/codeblocks #14 0x01bfae506e9d in CodeBlocksApp::OnTBIconLeftDown () from /usr/local/bin/codeblocks #15 0x01c1ca1e4200 in wxEntry () from /usr/local/lib/libwx_base.so.3.0 #16 0x01bfae504f9f in wxCreateApp () from /usr/local/bin/codeblocks #17 0x01bfae504e04 in ?? () from /usr/local/bin/codeblocks #18 0x in ?? () Current language: auto; currently asm
Re: PHP error running ownclouds occ
I figured out that it's easier to disable the documents app directly in the database than trying to get occ to work. A kind person sent me an e-mail off this list and pointed me in the right direction. Anyway, if someone has the same problem, here is what I did: # psql owncloud owncloud owncloud=> update oc_appconfig set configvalue = 'no' where appid = 'documents' and configkey = 'enabled'; Thank you OpenBSD and misc@openbsd.org ! On Mon, Oct 16, 2017 at 9:57 AM, Farid Joubbi wrote: > Hi, > I upgraded my OpenBSD installation from 6.1 to 6.2. > In the upgrade process I also upgraded the ownCloud package to 10.0.3. > Now when I browse to the ownCloud page, it wants to upgrade. > The upgrade fails with this message: > > > > Repair warning: You have incompatible or missing apps enabled that > could not be found or updated via the marketplace. > Repair warning: Please install or update the following apps manually > or disable them with: occ app:disable documents > Repair warning: For manually updating, see https://doc.owncloud.org/ > server/10.0/go.php?to=admin-marketplace-apps > > > > So I figured that I will do as it says and run the occ command. > But the command fails, and I don't understand why. > > > su -l -s /bin/sh www > > $ cd /var/www/owncloud/ > $ ./occ > PHP Warning: Module 'curl' already loaded in Unknown on line 0 > PHP Warning: Module 'gd' already loaded in Unknown on line 0 > PHP Warning: Module 'intl' already loaded in Unknown on line 0 > PHP Warning: Module 'zip' already loaded in Unknown on line 0 > The process control (PCNTL) extensions are required in case you want to > interrupt long running commands - see http://php.net/manual/en/book. > pcntl.php > ownCloud or one of the apps require upgrade - only a limited number of > commands are available > You may use your browser or the occ upgrade command to do the upgrade > Cannot create "data" directory > This can usually be fixed by giving the webserver write access to the root > directory. > > {"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+ > 00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module > 'zip' already loaded at Unknown#0"} > An unhandled exception has been thrown: > exception 'Exception' with message 'Environment not properly prepared.' in > /var/www/owncloud/lib/private/Console/Application.php:134 > Stack trace: > > 0 /var/www/owncloud/console.php(105): OC\Console\Application-> > loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), > Object(Symfony\Component\Console\Output\ConsoleOutput)) > > 1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...') > > 2 {main}$ > > $ ls -l > total 316 > -rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS > -rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md > -rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING > drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps > drwxr-x--- 2 www www 512 Oct 14 21:37 config > -rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php > drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core > -rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php > drwxr-x--- 6 www www 512 Nov 30 2016 data > -rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml > -rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html > -rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php > drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n > drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib > -rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ > drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs > drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider > -rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php > -rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php > drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources > drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings > -rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php > drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater > -rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php > $ > > Any ideas? > I have read the owncloud manual and all the file permissions seem to be ok. > Could it be that I am missing some OpenBSD specific thing that makes it > fail? > Thanks in advance for any kind of help or pointers. > >
Re: chronium ports
what a fast machine Espie uses ! i am unfamiliar with programing . so i say only from my little expirience . when using 6.0 , a specific PC could not run xfce which was installed by pkg_add . so i installed from ports , then xfce run well . by the way it is astonishing that openbsd's *all* binary is made by source ( ABC & 123 ). this is very educational for young students . the othe hand linux is limitted to kernel and aplication only to general users . --- regards
Re: CoDel Flows
On Fri, Oct 13, 2017 at 7:47 PM, Mike Belopuhov wrote: > On Fri, Oct 13, 2017 at 05:33 +, Daniel Melameth wrote: >> In playing around with the new CoDel/fair traffic sharing, it's not >> clear to me the best way to work with this when also using the >> previous queuing. > > It's not clear to me either at least not in the generic case :-) > I guess it depends on what you're trying to achieve. > >> Will CoDel still work as expected if all my child queues have flows, >> but my root queue is using "fifo" (revealed with systat queues)? > > Depends on what you expect CoDel to do. Normally the idea here is > to set an upper bound on latency that all outgoing packets experience. > For example if you have 10 connections and 2 are uploading data and > other 8 are a mix of ACKs and SSH keystrokes, with FIFO you'd normally > see bulk connections saturating the link and not leaving other 8 > connections a chance to send a packet. > > So you go and create those HFSC queues and try to reserve the bandwidth > for your ACKs, SSH and whatnot. The approach that FQ-CoDel takes is > different. You no longer need to reserve bandwidth as FQ-CoDel attempts > to make the bandwidth "available" when needed -- this is what is fair > sharing essentially. Which in practice means that those 8 connections > are able to send their small packets "practically" whenever they want > without disrupting your uploads. > > This means that if all you want is to be able for your outgoing > connections to fair share the bandwidth you don't need to reserve the > bandwidth at all. > >> Assuming it does, if one of my child queues is just for TCP ACKs, does >> it make sense to have a small quantum for this queue, but a larger >> quantum for a child queue that focuses on bulk file transfers? > > Quantum of service just tilts the balance at the expense of extra CPU > cycles and potentially extra overall latency. I think you need to > figure out the big picture first and then fine tune. > >> Or is >> CoDel orthogonal of child queues and it only really works well with a >> single root flow queue (and requires me to give up bandwidth control >> with child queues)? > > "Works well this way or that way" would imply that we have enough data > to make such a judgement. At the moment we don't. Last week we had it > running with 8192 flows feeding into an LTE connection with a rather > flaky 50Mbit/s downlink (150Mbit/s up) for about a hundred of users. > With a few HFSC tweaks we had almost no observable SSH latency with > ping times to 8.8.8.8 of about 25ms with fairly low variation. This > setup used two root queues: one on the uplink, one on the downlink. > >> Also, the pf.conf man page says the default qlimit is 1024, but, if I >> don't specify a qlimit, pfctl –vsq shows a qlength of 50 when I was >> expecting it to be 1024. What am I missing? > > I've updated the man page today to address some of the concerns since > the same question was also brought up on reddit yesterday: > > https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/ > > The gist of it is that 1024 is not the HFSC default. When you're > specifying both "flows" and "bandwidth" thus requesting an FQ-CoDel > queue manager for your HFSC queue, the HFSC default qlimit (50) is > still applied. It's a bit counter-intuitive I guess, so I've removed > mention of this from the man page. Thanks for taking the time for a detailed reply Mike. From your Reddit post, it seems, for those queues that use both flows and bandwidth, it makes sense to always override the HFSC qlimit default, but will this increase latency (in the same way a queue with no flows will increase latency with a higher qlimit)? I'll see what I can dig up on CoDel and quantum outside of OpenBSD circles. That said, I've been piloting various queuing scenarios in a Hyper-V environment, but I haven't been able to make much progress here as, it appears, there's some timing issue with HFSC and/or hvn(4) (thank you for terminating my use of de(4), which was horrible under Hyper-V!); I can never seem to reach my modest bandwidth specifications with something like tcpbench, but perhaps this is better left for another thread or I should just get on the vmd(8) bandwagon. Cheers.
OpenBGPd Templates for IXP Manager
Here's a quick summary for those outside of the IX community. OpenBGPd used to be the spine of the IX route server community. Once IXes like AMS-IX and DE-CIX ran into scaling issues with the number of prefix filters, a ton of IXes moved with them over to BIRD. Most IXes will never see the scale that the previously mentioned do. This was around the 2012 time-frame. Also around the 2012 time-frame INEX released v3 of IXP Manager, which took off among IXes. It automated many aspects of the IX. Despite IXP Manager being fairly open and templated, INEX uses BIRD and therefore only produces BIRD templates. We went OpenBGPd on OpenBSD for our IXes due to OpenBSD's reputation for stability and security. Things have been manual thus far. We started a new IX earlier this year, which took advantage of the about to be released IXP Manager v4. Still only BIRD templates, however Barry O'Donovan (of INEX) mentioned that Peter Hessler had expressed interest in working on OpenBGPd templates for IXP Manager. I had reached out to him, but he's a busy guy and hasn't been able to follow up much. I figured with OpenBGPd largely resolving the prefix filter performance issues that getting templates for IXP Manager would allow IXes to find some parity in OpenBGPd with BIRD and hopefully win back market share. However, I'm not a programmer. I Google for what others have done and mash it together, at least sometimes successfully. I attempted to forge through the IXP Manager BIRD templates to convert them myself, but once I got to the meat and potatoes of the config, I was in way over my head. There's PHP logic, some template system logic, BIRD logic and no understanding from me. I came here hoping to come across someone with more time than Peter who can help me out with this. https://www.inex.ie/pipermail/ixpmanager/2017-January/000905.html http://ixp-manager.readthedocs.io/en/latest/features/router-configuration.html http://ixp-manager.readthedocs.io/en/latest/features/looking-glass.html https://github.com/inex/IXP-Manager/tree/17b5d36a57f40569c0da4fbb8e4f666d5e62921c/resources/views/api/v4/router https://github.com/inex/IXP-Manager/tree/50c3781711ed38e773f86a8f3017d669d18e464d/resources/skins/inex/api/v4/router Thanks. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods
Thanks Ajitabh, Christoph will give a try with the small island. cheers. x9p > As already recommanded in another post www.1984.is They are located in > Reykjavík / Iceland. I had in the past a OpenBSD VPS there (now shared > hosting but maybe again a VPS). They provide by default Ubuntu / > Debian but you also could use .ISO's. Drop them a mail about the > .ISO's, they are friendly but thats are Debian people and they are > unexperienced about OpenBSD - as they host using Debian / KVM. > > Remember, it is a island and sometimes they are not reachable or slow > (based on my location). >
Re: rsa 4096 or ed25519 for ssh keys ?
On Mon, Oct 16, 2017 at 05:29:34PM +0200, Joel Carnat wrote: > Hi, > > If both server and client are ed25519 compatible. > When generating (user) SSH keys, is it recommended to use ed25519 rather > than rsa 4096bits? > AFAIK, either would be fine. I believe ED25519 is more CPU-intensive, so if that's a factor then stick with RSA. I like ED25519 personally because the keys are small and my CPUs can all handle the workload. -- Put your Nose to the Grindstone! -- Amalgamated Plastic Surgeons and Toolmakers, Ltd.
Re: rsa 4096 or ed25519 for ssh keys ?
Yes, of course. Or RSA with option -o to use PKBDF and option -a to specify numbers rounds (16, by defaults; 64, as paranoid), if you want to continue using RSA. Le 10/16/17 à 17:29, Joel Carnat a écrit : > Hi, > > If both server and client are ed25519 compatible. > When generating (user) SSH keys, is it recommended to use ed25519 rather > than rsa 4096bits? > > Thank you. > -- Stéphane HUC | 06 66 84 24 76 | cons...@stephane-huc.net "Shell : Serviable, Honnête & Efficace (LL) ... Ecce Homo" 0xEBD72DA8C1C023F3 310D AA3C 5B35 AB97 7520 5ED4 EBD7 2DA8 C1C0 23F3 -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< Stephane HUC as PengouinBSD or CIOTBSD b...@stephane-huc.net signature.asc Description: OpenPGP digital signature
rsa 4096 or ed25519 for ssh keys ?
Hi, If both server and client are ed25519 compatible. When generating (user) SSH keys, is it recommended to use ed25519 rather than rsa 4096bits? Thank you.
Re: PHP error running ownclouds occ
On 16/10/2017 1:57 AM, Farid Joubbi wrote: Hi, I upgraded my OpenBSD installation from 6.1 to 6.2. In the upgrade process I also upgraded the ownCloud package to 10.0.3. Now when I browse to the ownCloud page, it wants to upgrade. The upgrade fails with this message: Repair warning: You have incompatible or missing apps enabled that could not be found or updated via the marketplace. Repair warning: Please install or update the following apps manually or disable them with: occ app:disable documents Repair warning: For manually updating, see https://doc.owncloud.org/server/10.0/go.php?to=admin-marketplace-apps So I figured that I will do as it says and run the occ command. But the command fails, and I don't understand why. su -l -s /bin/sh www $ cd /var/www/owncloud/ $ ./occ PHP Warning: Module 'curl' already loaded in Unknown on line 0 PHP Warning: Module 'gd' already loaded in Unknown on line 0 PHP Warning: Module 'intl' already loaded in Unknown on line 0 PHP Warning: Module 'zip' already loaded in Unknown on line 0 The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php ownCloud or one of the apps require upgrade - only a limited number of commands are available You may use your browser or the occ upgrade command to do the upgrade Cannot create "data" directory This can usually be fixed by giving the webserver write access to the root directory. {"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module 'zip' already loaded at Unknown#0"} An unhandled exception has been thrown: exception 'Exception' with message 'Environment not properly prepared.' in /var/www/owncloud/lib/private/Console/Application.php:134 Stack trace: 0 /var/www/owncloud/console.php(105): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput)) 1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...') 2 {main}$ $ ls -l total 316 -rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS -rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md -rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps drwxr-x--- 2 www www 512 Oct 14 21:37 config -rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core -rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php drwxr-x--- 6 www www 512 Nov 30 2016 data -rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml -rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html -rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib -rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider -rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php -rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings -rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater -rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php $ Any ideas? I have read the owncloud manual and all the file permissions seem to be ok. Could it be that I am missing some OpenBSD specific thing that makes it fail? Thanks in advance for any kind of help or pointers. Hi, Are you running ownCloud in a chroot environment? I'm running NextCloud and it takes a bit of a dance to get "occ" to work because of the chroot environment. It might be a red herring that occ isn't working. I am on OpenBSD 6.1 so can't help with your upgrade issue, but thought I'd mention the chroot issue with occ. Cheers, Steve W.
Re: About WPA2 compromised protocol
Stefan Sperling: > Also this was *NOT* a protocol bug. > arstechnica claimed such nonesense without any basis in fact and > now everybody keeps repeating it :( Actually, the researcher claimed that are in the standard itself. https://www.krackattacks.com/ The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected. Some paragraphs remarks about OpenBSD in a direct way. Paper Although this paper is made public now, it was already submitted for review on 19 May 2017. After this, only minor changes were made. As a result, the findings in the paper are already several months old. In the meantime, we have found easier techniques to carry out our key reinstallation attack against the 4-way handshake. With our novel attack technique, it is now trivial to exploit implementations that only accept encrypted retransmissions of message 3 of the 4-way handshake. In particular this means that attacking macOS and OpenBSD is significantly easier than discussed in the paper. Some attacks in paper seem hard We have follow-up work making our attacks (against for example macOS and OpenBSD) significantly more general and easier to execute. So although we agree that some of the attack scenarios in the paper are rather impractical, do not let this fool you into believing key reinstallation attacks cannot be abused in practice. How did you discover these vulnerabilities? When working on the final (i.e. camera-ready) version of another paper, I was double-checking some claims we made regarding OpenBSD's implementation of the 4-way handshake. In a sense I was slacking off, because I was supposed to be just finishing the paper, instead of staring at code. But there I was, inspecting some code I already read a hundred times, to avoid having to work on the next paragraph. It was at that time that a particular call to ic_set_key caught my attention. This function is called when processing message 3 of the 4-way handshake, and it installs the pairwise key to the driver. While staring at that line of code I thought “Ha. I wonder what happens if that function is called twice”. At the time I (correctly) guessed that calling it twice might reset the nonces associated to the key. And since message 3 can be retransmitted by the Access Point, in practice it might indeed be called twice. “Better make a note of that. Other vendors might also call such a function twice. But let's first finish this paper...”. A few weeks later, after finishing the paper and completing some other work, I investigated this new idea in more detail. And the rest is history.
Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods
Ok, thanks for the clarification. On 16 Oct 2017 1:20 p.m., "Christoph R. Murauer" wrote: > It is not OpenBSD related. The OP meaned the Digital Millennium > Copyright Act - as the question was related to non US hosting > locations. > > See https://en.m.wikipedia.org/wiki/Digital_Millennium_Copyright_Act > > > > Non-dcma a bit confusing for me becouse of I'm totally stranger those > > things. I've a vps on TransIP and they support OpenBSD. > > > > On 16 Oct 2017 4:21 a.m., "x9p" wrote: > > > >> Hi, > >> > >> Anyone know a good non-DMCA-compliant (outside US) VPS hosting, > >> OpenBSD-firendly? Traffic is mostly torrent-related. > >> > >> Good bandwidth and Bitcoin payments also a plus. > >> > >> Most offshore VPS providers offers default ubuntu-debian or centos > >> iso > >> images, some even FreeBSD iso, but OpenBSD is being a bit hard to > >> find. In > >> the past i saw some provider offering to mount your own custom iso > >> via a > >> webpanel, but this contact I have no more. > >> > >> If have any tips, will be welcomed. > >> > >> cheers. > >> > >> x9p > >> > >> > > > > >
Re: About WPA2 compromised protocol
Apparently, it has already been patched on OpenBSD. >From https://www.krackattacks.com/ When did you first notify vendors about the vulnerability? We sent out notifications to vendors whose products we tested ourselves around 14 July 2017. After communicating with these vendors, we realized how widespread the weaknesses we discovered are (only then did I truly convince myself it was indeed a protocol weaknesses and not a set of implementation bugs). At that point, we decided to let CERT/CC help with the disclosure of the vulnerabilities. In turn, CERT/CC sent out a broad notification to vendors on 28 August 2017. Why did OpenBSD silently release a patch before the embargo? OpenBSD was notified of the vulnerability on 15 July 2017, before CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt replied and critiqued the tentative disclosure deadline: In the open source world, if a person writes a diff and has to sit on it for a month, that is very discouraging. Note that I wrote and included a suggested diff for OpenBSD already, and that at the time the tentative disclosure deadline was around the end of August. As a compromise, I allowed them to silently patch the vulnerability. In hindsight this was a bad decision, since others might rediscover the vulnerability by inspecting their silent patch. To avoid this problem in the future, OpenBSD will now receive vulnerability notifications closer to the end of an embargo. Eric
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 12:58:45PM +0200, Stefan Sperling wrote: > On Mon, Oct 16, 2017 at 12:45:24PM +0200, Erik van Westen wrote: > > But did every manufacturer make the same mistake then? > > Yes. To sum up what I know: - WPA2 is still sound cryptographically; - there was no formal analysis of the protocol itself, in terms of exchanged messages; most everybody forgot that bugs in there can be as deadly as cryptographic error. - in some cases, you get some stuff to resend, but it should repeat the same thing, so not a bug per-se; - WPA2 strongly suggests zeroing memory areas that used to hold secrets. The common implementation error is to zero some memory areas holding secrets that you have to retransmit, thus leading to establishing a bunch of zeroes as an actual secret.
Release 62 not booting on MacBook Pro mid-12 (9,3)
I had been able to boot and run releases 60 and 61 in exactly the same hardware, but the install 62CD didn’t boot, and neither does the OS, which I then successfully installed from a USB stick. Screen goes blank (backlight on) and freezes after printing the CPU cores to the screen. No dmesg and no keyboard or mouse interaction possible. Ax0n Reported the same Problem with a snapshot and similar hardware in this mailing list, but the thread is a month old and it isn’t clear if he managed to solve it or not. Any ideas about what could be causing this problem and how should I solve it ? Thanks in advance! الْسَّلامُ عَليكُم وَ رَحمةُ اْلله وَ بَرَكاتُهُ محمّد مختار سوتو
Re: chronium ports
On Mon, Oct 16, 2017 at 05:28:19PM +0900, Tuyosi T wrote: > i build my openbsd snapshots machine from source > (kernel , userland and xenodm ) > > the PC complied from source works more correctly > as if ready made suite is not my just size , > tailered one is very fit , so i think . Unless you have masochistic tendencies, use pkg_add. If you tailor ports to your own usage, you're very likely to end up with incompatible versions thanks to unnecessary tweaks. Oh, and you're also likely to kill your machine slowly, because it takes a lot of cpu. Most port builders these days (I mean developers being part of the project) use really fast machines in clusters to build ports. chromium took you 18 hours ? that's slightly less than the time I need to rebuild the full package collection. Think about it.
Re: Japanese Input in xterm
On Sun, Oct 15, 2017 at 08:56:36PM +0200, Niels Kobschaetzki wrote: > On 17/10/15 19:43, Cág wrote: > >Niels Kobschaetzki wrote: > > > >>Thanks a lot. But you are using sakura and not xterm for typing > >>Japanese. I want to use xterm so that I can leave more dependencies > >>behind :) > > > >You can build st (recommended) as it doesn't have any dependencies that > >aren't in the install, if I amn't mistaken; or try rxvt-unicode. > > > >xterm is an unholy mess and shouldn't be used by anybody. > > But xterm is in base unlike urxvt or the VTE-terminals. Maybe OpenBSD > should change to urxvt in base. Seems to me, from the user-perspective, > that it would be a simmilar change as from screen to tmux. > > Niels You're talking nonsense. rxvt-unicode is GPLv3, so that's a no-no.
cyrus imapd in 6.2 ports
Hi, I got these messages with the new 6.2 cyrus imapd: Oct 14 11:03:26 mercury imaps[55561]: client id sessionid=: "name" "Thunderbird" "version" "52.2.1" Oct 14 11:03:26 mercury imaps[55561]: Fatal error: Internal error: assertion failed: imap/message.c: 4286: !message_need(m, M_RECORD) Oct 14 11:03:26 mercury master[70566]: process type:SERVICE name:imaps path:/usr/local/cyrus/libexec/imapd age:0.542s pid:55561 exited, status 75 I didnt know what to do with this, so I ran "reconstruct -O -V max" as _cyrus user, but that had the same failure in an assert failure. So I decided to downgrade after upgrading to a new version wasn't possible. I put the 6.1 /usr/ports/mail/cyrus_imapd in the 6.2 tree (after backign up the 6.2 cyrus_imapd) and made install after pkg_delete'ing the 6.2 cyrus_imapd. It worked I, I made sure that that I ran the reconstruct again and it did mention there was a diff version and probably fixed it. Either way I have my important mail running again and wanted to share. If I want to go back to cyrus imapd version 3.x.x what should I look for? or wait for? If anyone has had the same problems perhaps they took greater care than me to get this going otherwise the downgrade seems to have worked for me. Cheers, -peter
Re: chronium ports
On 10/16/17 04:28, Tuyosi T wrote: > i build my openbsd snapshots machine from source > (kernel , userland and xenodm ) > > the PC complied from source works more correctly > as if ready made suite is not my just size , > tailered one is very fit , so i think . I think you think wrong. Just on your one example, you have to make up 18 hours of productivity to break even. Feel free to generate and post your own benchmarks, but I think logic pretty well dictates you won't get those 18 hours back before your next upgrade...IF there is any difference, and last I looked there is none. Not "just a little", but no difference in the code generated based on the details of the machine you are running on. Nick.
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 06:47:21AM -0400, Raul Miller wrote: > What is the relevant language from the spec? Well, the spec is huge. The section on WPA is pretty long. Everyone can download the spec from IEEE. I am not going to quote it here.
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 12:45:24PM +0200, Erik van Westen wrote: > But did every manufacturer make the same mistake then? Yes.
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 6:43 AM, Stefan Sperling wrote: > On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote: >> Regarding WPA2 alert published today: https://www.krackattacks.com/, >> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN >> connection to authenticate and protect clients and hostAP comms, is >> this vulnerability mitigated? > > Also this was *NOT* a protocol bug. > arstechnica claimed such nonesense without any basis in fact and > now everybody keeps repeating it :( > > It was an implementation bug. What is the relevant language from the spec? Thanks, -- Raul
Re: 6.2-Release - Firefox and Codeblocks Issues
On Sun, Oct 15, 2017 at 12:31:42PM -0400, tec...@protonmail.com wrote: > Hi, > > Firefox / Firefox-ESR > I can not access my protonmail.com email account on both of these versions > as I can't get to the login screen (it hangs on the loading screen) - this is > evident by going to https://mail.protonmail.com/login. I have experienced > this same issue on two different installs, so I believe anyone trying to > access this site or some others will face the same issue. My guess is that > it is due to the JavaScript functions it is running on this page. > > Chromium works without issue and shows the login form. Problem is, I really > despise Chromium and actively try to stay away from all Google services. > > ### > > Codeblocks > This crashes as soon as I open it. I can briefly see the codeblocks graphic > before it does so. Thank you for your report regarding codeblocks. I am able to replicate the abort signal, and will try to diagnose. --->>> Transitioning this discussion to ports@ <<<--- > > $ codeblocks > Starting Code::Blocks Release 16.01 rev 10692 Oct 2 2017, 19:06:03 - > wx2.8.12 (OpenBSD, unicode) - 64 bit > Initialize EditColourSet . > Initialize EditColourSet: done. > Abort trap (core dumped) > > $ gdb > (gdb) core codeblocks.core > Core was generated by `codeblocks'. > Program terminated with signal 6, Aborted. > #0 0x0f1d99cdb2da in ?? ()
Re: About WPA2 compromised protocol
Op 16-10-2017 om 12:43 schreef Stefan Sperling: > On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote: >> HI all, >> >> Regarding WPA2 alert published today: https://www.krackattacks.com/, >> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN >> connection to authenticate and protect clients and hostAP comms, is >> this vulnerability mitigated? >> >> Thanks. >> > Also this was *NOT* a protocol bug. > arstechnica claimed such nonesense without any basis in fact and > now everybody keeps repeating it :( > > It was an implementation bug. > Ah, good to know. But did every manufacturer make the same mistake then? Erik
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote: > HI all, > > Regarding WPA2 alert published today: https://www.krackattacks.com/, > if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN > connection to authenticate and protect clients and hostAP comms, is > this vulnerability mitigated? > > Thanks. > Also this was *NOT* a protocol bug. arstechnica claimed such nonesense without any basis in fact and now everybody keeps repeating it :( It was an implementation bug.
Re: About WPA2 compromised protocol
On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote: > is this vulnerability mitigated? Yes. This was 6.1 errata 027.
Re: About WPA2 compromised protocol
Op 16-10-2017 om 12:22 schreef C. L. Martinez: > HI all, > > Regarding WPA2 alert published today: https://www.krackattacks.com/, > if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN > connection to authenticate and protect clients and hostAP comms, is > this vulnerability mitigated? > > Thanks. > Sure. A tunnel over WIFI is the preferred option anyway. WIFI cannot be assumed to be safe. Erik
Re: bgpd.conf invalidated on 6.2
On Mon, 16 Oct 2017 12:18:40 +0200 Claudio Jeker wrote: > On Mon, Oct 16, 2017 at 12:13:14PM +0200, Marko Cupa?? wrote: > > Hi, > > > > I've just upgraded one of my firewalls to 6.2, but bgpd won't start > > with bgpd.conf which worked for 5 releases or so. > > > > Here's error message: > > /etc/bgpd.conf:11: duplicate prefix in network statement > > config file /etc/bgpd.conf has errors, not reloading > > > > The problem appears to be with the two following lines in bgpd.conf > > (redacted): > > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1 > > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2 > > > > Any idea how to make this work on 6.2? > > > > Remove one of the two lines. IIRC, those lines were added more than 5 years ago, because they made CARPed setup work, and have instant failover (IP.ADD.RE.SS1 and IP.ADD.RE.SS2 are IP adresses of CARP interfaces facing ISP1 and ISP2). So, the session is established from physical interface (local-address), but nexthops are set to respective carp interfaces, so that BGP session is always up, even from CARP BACKUP, and failover is instantaneous. Are you suggesting I will have the same functionality even after removal of any of the two lines? Here's my complete non-redacted bgpd.conf for better understanding: # MACROS orion = "178.253.194.253" sbb = "82.117.192.121" # GLOBAL CONFIGURATION AS 12823 router-id 193.53.106.253 network 193.53.106.0/24 set nexthop 178.254.158.60 network 193.53.106.0/24 set nexthop 82.117.192.124 # NEIGHBORS AND PEERS neighbor $orion { remote-as 9125 descr "orion" multihop 10 local-address 178.254.158.59 demote carp set localpref -10 } neighbor $sbb { remote-as 31042 descr "sbb" local-address 82.117.192.123 demote carp set localpref +10 } (default filters below) Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
About WPA2 compromised protocol
HI all, Regarding WPA2 alert published today: https://www.krackattacks.com/, if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN connection to authenticate and protect clients and hostAP comms, is this vulnerability mitigated? Thanks.
Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods
It is not OpenBSD related. The OP meaned the Digital Millennium Copyright Act - as the question was related to non US hosting locations. See https://en.m.wikipedia.org/wiki/Digital_Millennium_Copyright_Act > Non-dcma a bit confusing for me becouse of I'm totally stranger those > things. I've a vps on TransIP and they support OpenBSD. > > On 16 Oct 2017 4:21 a.m., "x9p" wrote: > >> Hi, >> >> Anyone know a good non-DMCA-compliant (outside US) VPS hosting, >> OpenBSD-firendly? Traffic is mostly torrent-related. >> >> Good bandwidth and Bitcoin payments also a plus. >> >> Most offshore VPS providers offers default ubuntu-debian or centos >> iso >> images, some even FreeBSD iso, but OpenBSD is being a bit hard to >> find. In >> the past i saw some provider offering to mount your own custom iso >> via a >> webpanel, but this contact I have no more. >> >> If have any tips, will be welcomed. >> >> cheers. >> >> x9p >> >> >
Re: bgpd.conf invalidated on 6.2
On Mon, Oct 16, 2017 at 12:13:14PM +0200, Marko Cupa?? wrote: > Hi, > > I've just upgraded one of my firewalls to 6.2, but bgpd won't start > with bgpd.conf which worked for 5 releases or so. > > Here's error message: > /etc/bgpd.conf:11: duplicate prefix in network statement > config file /etc/bgpd.conf has errors, not reloading > > The problem appears to be with the two following lines in bgpd.conf > (redacted): > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1 > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2 > > Any idea how to make this work on 6.2? > Remove one of the two lines. -- :wq Claudio
bgpd.conf invalidated on 6.2
Hi, I've just upgraded one of my firewalls to 6.2, but bgpd won't start with bgpd.conf which worked for 5 releases or so. Here's error message: /etc/bgpd.conf:11: duplicate prefix in network statement config file /etc/bgpd.conf has errors, not reloading The problem appears to be with the two following lines in bgpd.conf (redacted): network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1 network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2 Any idea how to make this work on 6.2? Thank you in advance, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: CoDel Flows
On Mon, Oct 16, 2017 at 03:24 +, Glenn Faustino wrote: > Thanks Mike! > > When I was using newqueue/hfsc I used to assign queues to certain traffic > like below: > > match inet proto tcp from any to any port ssh set queue (ssh_bulkq, > ssh_prioq) > match inet proto {tcp,udp} from any to any port {domain,ntp} set queue > (dnsq, ackq) > match inet proto {tcp,udp} from any to any port {www,https} set queue > (webq, ackq) > match inet proto tcp from any to any port ftp set queue (webq, ackq) > > And I was looking how to do that when using flow queues but it seems that > it is not needed anymore (if I'm not mistaken) , > all you need to do is define a flow queue and that's it. > I see. Indeed, I'd start with a single flow queue, but that doesn't necessarily mean that this is going to work in 100% of cases. Please take a look at the approach I've outlined here: https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/doemlgi/ I don't have enough feedback and experience with this exact setup so I'm treading carefully here until there's a clear understanding what works and what doesn't. And please let me remind you again, that first of all you need to identify whether or not the problem actually exists. Once you figured that your setup is prone to exposing the bufferbloat on the uplink, setup the flow queue as I've suggested here: https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/doemlgi/ Test and then re-evaluate the situation and only if you see the problem with downloads, attempt to fix it. Cheers, Mike > > Regards, > Glenn > > > > On Mon, Oct 16, 2017 at 2:06 AM, Mike Belopuhov wrote: > > > On Sat, Oct 14, 2017 at 02:51 +, Glenn Faustino wrote: > > > Hi Mike, > > > > > > I'm using HFSC with two root queues (1 for uplink and 1 for downlink), > > can > > > you please share your config for FQ-CoDel with HFSC with two queues if > > you > > > don't mind? > > > > > > Regards, > > > Glenn > > > > > > > I'm not certain which config you're talking about but there's nothing > > particularly different about any of those that I've used. I'd like to > > know instead what might be causing trouble for you to figure out what > > piece of documentation can be improved. > > > > Having said that I tend to set quantum a bit lower when CPU resources > > are abundant and latency is not increased as a result. For example, > > OpenWRT sets it to 300 by default which might mean that they optimize > > for an average packet size on the internet (or it might not, I don't > > know for sure why do they do it). My limited testing hasn't shown any > > quantifiable gain when doing that. > > > > Regards, > > Mike > >
Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods
Non-dcma a bit confusing for me becouse of I'm totally stranger those things. I've a vps on TransIP and they support OpenBSD. On 16 Oct 2017 4:21 a.m., "x9p" wrote: > Hi, > > Anyone know a good non-DMCA-compliant (outside US) VPS hosting, > OpenBSD-firendly? Traffic is mostly torrent-related. > > Good bandwidth and Bitcoin payments also a plus. > > Most offshore VPS providers offers default ubuntu-debian or centos iso > images, some even FreeBSD iso, but OpenBSD is being a bit hard to find. In > the past i saw some provider offering to mount your own custom iso via a > webpanel, but this contact I have no more. > > If have any tips, will be welcomed. > > cheers. > > x9p > >
Re: chronium ports
i build my openbsd snapshots machine from source (kernel , userland and xenodm ) the PC complied from source works more correctly as if ready made suite is not my just size , tailered one is very fit , so i think . --- regards
PHP error running ownclouds occ
Hi, I upgraded my OpenBSD installation from 6.1 to 6.2. In the upgrade process I also upgraded the ownCloud package to 10.0.3. Now when I browse to the ownCloud page, it wants to upgrade. The upgrade fails with this message: Repair warning: You have incompatible or missing apps enabled that could not be found or updated via the marketplace. Repair warning: Please install or update the following apps manually or disable them with: occ app:disable documents Repair warning: For manually updating, see https://doc.owncloud.org/server/10.0/go.php?to=admin-marketplace-apps So I figured that I will do as it says and run the occ command. But the command fails, and I don't understand why. su -l -s /bin/sh www $ cd /var/www/owncloud/ $ ./occ PHP Warning: Module 'curl' already loaded in Unknown on line 0 PHP Warning: Module 'gd' already loaded in Unknown on line 0 PHP Warning: Module 'intl' already loaded in Unknown on line 0 PHP Warning: Module 'zip' already loaded in Unknown on line 0 The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php ownCloud or one of the apps require upgrade - only a limited number of commands are available You may use your browser or the occ upgrade command to do the upgrade Cannot create "data" directory This can usually be fixed by giving the webserver write access to the root directory. {"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module 'zip' already loaded at Unknown#0"} An unhandled exception has been thrown: exception 'Exception' with message 'Environment not properly prepared.' in /var/www/owncloud/lib/private/Console/Application.php:134 Stack trace: 0 /var/www/owncloud/console.php(105): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput)) 1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...') 2 {main}$ $ ls -l total 316 -rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS -rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md -rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps drwxr-x--- 2 www www 512 Oct 14 21:37 config -rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core -rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php drwxr-x--- 6 www www 512 Nov 30 2016 data -rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml -rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html -rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib -rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider -rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php -rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings -rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater -rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php $ Any ideas? I have read the owncloud manual and all the file permissions seem to be ok. Could it be that I am missing some OpenBSD specific thing that makes it fail? Thanks in advance for any kind of help or pointers.
Re: Cups not run after Upgrade 6.2
Ok, i delete cups package. And, after new install, cupsd run! $ ls -al /etc/cups/ total 92 drwxr-xr-x 4 root _cups512 Oct 16 08:58 ./ drwxr-xr-x 59 root wheel 2560 Oct 16 09:21 ../ -rw--- 1 root _cups 0 Oct 16 08:58 classes.conf -rw-r--r-- 1 root _cups 0 Oct 16 08:58 client.conf -rw-r--r-- 1 root _cups936 Oct 9 19:30 command.types -rw-r- 1 root _cups 2979 Oct 16 08:58 cups-files.conf -rw-r--r-- 1 root _cups 10802 Oct 16 08:58 cups-pdf.conf -rw-r- 1 root _cups 6278 Oct 16 08:58 cupsd.conf -rw-r--r-- 1 root _cups 0 Oct 16 08:58 lpoptions drwxr-xr-x 2 root _cups512 Oct 9 19:30 ppd/ -rw-r--r-- 1 root _cups273 Sep 15 19:58 printcap -rw--- 1 root _cups 0 Oct 16 08:58 printers.conf -rw--- 1 root _cups886 Oct 9 15:39 printers.conf.O -rw-r- 1 root _cups142 Oct 16 08:58 snmp.conf drwx-- 2 root _cups512 Oct 16 08:58 ssl/ -rw-r- 1 root _cups111 Oct 10 13:28 subscriptions.conf -rw-r- 1 root _cups401 Oct 9 20:10 subscriptions.conf.O $ doas /usr/local/sbin/cupsd -t "/etc/cups/cups-files.conf" is OK. "/etc/cups/cupsd.conf" is OK. Ty! Le 10/16/17 à 08:50, Stephane HUC "PengouinBSD" a écrit : > Hi :p > > Ok, i delete /var/cache/cups. > > And, into /etc/cups/, i've not file cupsd.conf! > > $ ls -al /etc/cups/ > total 64 > drwxr-xr-x 4 root _cups512 Oct 10 13:28 . > drwxr-xr-x 59 root wheel 2560 Oct 16 01:10 .. > -rw-r--r-- 1 root _cups936 Oct 9 19:30 command.types > -rw-r--r-- 1 root _cups 10802 Oct 9 17:41 cups-pdf.conf > -rw-r--r-- 1 root _cups 0 Oct 9 16:34 lpoptions > drwxr-xr-x 2 root _cups512 Oct 9 19:30 ppd > -rw-r--r-- 1 root _cups273 Sep 15 19:58 printcap > -rw--- 1 root _cups886 Oct 9 15:39 printers.conf.O > drwx-- 2 root _cups512 Aug 29 20:37 ssl > -rw-r- 1 root _cups111 Oct 10 13:28 subscriptions.conf > -rw-r- 1 root _cups401 Oct 9 20:10 subscriptions.conf.O > > > Le 10/16/17 à 08:45, Robert Klein a écrit : >> Hi, >> >> On Mon, 16 Oct 2017 08:10:41 +0200 >> "Stephane HUC \"PengouinBSD\"" wrote: >> >>> The output is none: >>> >>> [08:07:05] :root@ptb-zou: ~ $ /usr/local/sbin/cupsd -t >>> [08:07:05] :root@ptb-zou: ~ $ >>> >> >> I'd have expected something like >> >> "/etc/cups/cupsd.conf" is OK. >> >> >> but you probably don't need cupsd.conf/ >> >> >>> And about file log: >>> >>> $ cat >>> /var/log/cups/error_log >>> >>> >>> E [09/Oct/2017:20:10:22 +0200] Unable to create >>> "/var/cache/cups/job.cache.N": No such file or directory >>> E [10/Oct/2017:13:28:09 +0200] Unable to create >>> "/var/cache/cups/job.cache.N": No such file or directory >>> >>> $ ls -al /var/cache/ | grep cups >>> drwxr-xr-x 2 root wheel 512 Oct 15 21:24 cups >>> >>> do i need _cups user rights? >>> >> >> yes. You can just delete the directory, cups recreates it on start. >> >> >> Best regards >> Robert >> >> >> >> >> >> >>> >>> Le 10/16/17 à 08:01, Robert Klein a écrit : Hi, On Sun, 15 Oct 2017 21:35:30 +0200 "Stephane HUC \"PengouinBSD\"" wrote: > Hi, > > After upgrade to 6.2 (amd64), Cups not run! > > $ doas rcctl start cupsd > cupsd(failed) What is the output of /usr/local/sbin/cupsd -t run as root? Is there anything in the /var/log/cups/error_log logfile? Best regards Robert >>> >> > -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< Stephane HUC as PengouinBSD or CIOTBSD b...@stephane-huc.net signature.asc Description: OpenPGP digital signature
Re: chronium ports
On 2017-10-15, Tuyosi T wrote: > owing to the great effort of ports maintener , > i finsh ' make install ' of chronium's port in openbsd *snapshot* installed > PC . > > but it takes long time ( 18hr ) on my old machime . I recommend using pkg_add. Unless you are working on the port, there's no advantage to building it yourself.