Re: "switching console to com0"

[tinkr]

> Greetings all - what does one do when during the install you set the default 
> console to com0 and now your serial cable is not working? I cannot login to 
> set the default console back to use the keyboard and monitor. Instead of the 
> boot prompt where I can normally change settings and/or enter single user 
> mode I just get the message "switching console to com0" immediately without 
> any delay to enter boot commands. Thanks for your time.
> 
> J

Just reboot and start over?

Implementing two parallell inputs, one from the console and one via COM, is 
above the OS boot loader's design goals really, as reboot fills the function 
you're asking for very well.

"switching console to com0"

[Justin Mayes]

Greetings all - what does one do when during the install you set the default 
console to com0 and now your serial cable is not working? I cannot login to set 
the default console back to use the keyboard and monitor. Instead of the boot 
prompt where I can normally change settings and/or enter single user mode I 
just get the message "switching console to com0" immediately without any delay 
to enter boot commands. Thanks for your time.

J

Re: Install process: couple of comments

[Nick Holland]

On 10/16/17 18:38, Limaunion wrote:
> On 10/16/2017 06:55 PM, Limaunion wrote:
>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE 
>> boot method. In previous years I used an internal FTP server to perform 
>> the upgrade, but for some reason this is not supported any more since a 
>> couple of releases. I mounted and published the ISO image using a 
>> raspberrypi and NGINX (HTTP method). During the install process I hit 
>> the following error 'unable to get a verified list of distribution 
>> sets'(*). I couldn't find much help from google but after some time I 
>> figured out that the install was looking for a file named index.txt, 
>> that is not included in the ISO.
>> Maybe some of this information can be included to the install guide for 
>> those of us doing a local HTTP upgrade, and also it would be great to 
>> have the index.txt file included in the ISO.
>> For the record, the kernel relinking (Relinking to create unique 
>> kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 
>> minutes the library reordering during the boot process.
>> Just my .02 cents.
>> J.
>> 
>> (*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"
>> 
> 
> I know about this, but its not crystal clear (at least for me):
> 
> https://www.openbsd.org/faq/faq4.html
>   Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz 
> in your source directory and include it in your index.txt. It will then 
> be an option at install time.
> 
> Best regards.

There are a few ways of doing things right.
There is a near infinite number of doing things, if not wrong, at least
"oddly".

Mounting an ISO file as a file system and using that as the source of
your files for a web install qualifies as "at least, oddly", defeating
the purpose of both an ISO and a web install.  In fact, you may well be
over the "wrong" line on that.  I don't think you will see any special
documentation or file changes supporting that way of doing things.

Nick.

Re: 6.2-Release - Firefox and Codeblocks Issues

[Josh Grosse]

1. Discussion was moved to ports@.
2. I have tested a fix, which I will publish for -current and 6.2-stable.
3. I will need to build and test the -stable package, and can then make it
   available to you if you want to trust an unsigned package from the 
   port maintainer.

Re: Install process: couple of comments

[Limaunion]

On 10/16/2017 06:55 PM, Limaunion wrote:
Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE 
boot method. In previous years I used an internal FTP server to perform 
the upgrade, but for some reason this is not supported any more since a 
couple of releases. I mounted and published the ISO image using a 
raspberrypi and NGINX (HTTP method). During the install process I hit 
the following error 'unable to get a verified list of distribution 
sets'(*). I couldn't find much help from google but after some time I 
figured out that the install was looking for a file named index.txt, 
that is not included in the ISO.
Maybe some of this information can be included to the install guide for 
those of us doing a local HTTP upgrade, and also it would be great to 
have the index.txt file included in the ISO.
For the record, the kernel relinking (Relinking to create unique 
kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 
minutes the library reordering during the boot process.

Just my .02 cents.
J.

(*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"



I know about this, but its not crystal clear (at least for me):

https://www.openbsd.org/faq/faq4.html
 Note: If you intend to provide the sets over HTTP(s), place siteXX.tgz 
in your source directory and include it in your index.txt. It will then 
be an option at install time.


Best regards.

Install process: couple of comments

[Limaunion]

Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE 
boot method. In previous years I used an internal FTP server to perform 
the upgrade, but for some reason this is not supported any more since a 
couple of releases. I mounted and published the ISO image using a 
raspberrypi and NGINX (HTTP method). During the install process I hit 
the following error 'unable to get a verified list of distribution 
sets'(*). I couldn't find much help from google but after some time I 
figured out that the install was looking for a file named index.txt, 
that is not included in the ISO.
Maybe some of this information can be included to the install guide for 
those of us doing a local HTTP upgrade, and also it would be great to 
have the index.txt file included in the ISO.
For the record, the kernel relinking (Relinking to create unique 
kernel...) took about 14 minutes in my ALIX board and it takes about 2.5 
minutes the library reordering during the boot process.

Just my .02 cents.
J.

(*): server: localhost, request: "GET /OpenBSD/i386/index.txt HTTP/1.0"


OpenBSD 6.2 (GENERIC) #163: Tue Oct  3 19:51:20 MDT 2017
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 
586-class) 499 MHz

cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
real mem  = 267931648 (255MB)
avail mem = 248758272 (237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
mtrr: K6-family MTRR support (2 registers)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, 
address 00:0d:b9:12:d5:4c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
vr1 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, 
address 00:0d:b9:12:d5:4d
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034

ath0 at pci0 dev 12 function 0 "Atheros AR5212" rev 0x01: irq 9
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6 eeprom 4.8, FCC2A*, address 
00:0b:6b:85:20:5f
glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, 
32-bit 3579545Hz timer, watchdog, gpio, i2c

gpio0 at glxpcib0: 32 pins
iic0 at glxpcib0
maxtmp0 at iic0 addr 0x4c: lm86
pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 1-sector PIO, LBA, 967MB, 1981728 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, 
version 1.0, legacy support

ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev 
2.00/1.00 addr 1

isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 
1.00/1.00 addr 1

nvram: invalid checksum
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (c0ea1143b236330f.a) swap on wd0b dump on wd0b
clock: unknown CMOS layout

Re: chronium ports

[Marc Espie]

On Tue, Oct 17, 2017 at 04:27:55AM +0900, Tuyosi T wrote:
> what a fast machine Espie uses !

Nope, it's called a dedicated cluster...

I don't even pay for it, fortunately.

But there are a few clusters dedicated to either building package snapshots 
OR to quickly test various things, fortunately.

Mostly so that you don't feel the pain.

Don't get me wrong, playing with the ports tree is fun, but we have
working packages, and it's often not worth the pain.

Almost everyone uses the snapshots in production.

Re: 6.2-Release - Firefox and Codeblocks Issues

[Bijan Ebrahimi]

On 2017-10-15 21:01, tec...@protonmail.com wrote:

> Hi,
> 
> Firefox / Firefox-ESR
> I can not access my protonmail.com email account on  both of these versions 
> as I can't get to the login screen (it hangs on the loading screen) - this is 
> evident by going to https://mail.protonmail.com/login.  I have experienced 
> this same issue on two different installs, so I believe anyone trying to 
> access this site or some others will face the same issue.  My guess is that 
> it is due to the JavaScript functions it is running on this page.
> 
> Chromium works without issue and shows the login form.  Problem is, I really 
> despise Chromium and actively try to stay away from all Google services.
> 
> ###
> 
> Codeblocks
> This crashes as soon as I open it.  I can briefly see the codeblocks graphic 
> before it does so.
> 
> $ codeblocks
> Starting Code::Blocks Release 16.01  rev 10692 Oct  2 2017, 19:06:03 - 
> wx2.8.12 (OpenBSD, unicode) - 64 bit
> Initialize EditColourSet .
> Initialize EditColourSet: done.
> Abort trap (core dumped)
> 
> $ gdb
> (gdb) core codeblocks.core
> Core was generated by `codeblocks'.
> Program terminated with signal 6, Aborted.
> #0  0x0f1d99cdb2da in ?? ()

Same problem here after upgrading to 6.2 (moved to latest snapshot and
it's still the same)
and I did pkg_add -u.
You can see the backtrace. I'm trying to compile the codeblocks ports
but for (another reason I should investigate), the build process is very
slow while the CPU
is almost (82%) idle and it will takes a while:

(gdb) bt
#0  thrkill () at -:3
#1  0x01c2120ac7fd in _libc_abort () at
/usr/src/lib/libc/stdlib/abort.c:51
#2  0x01c1ca250ec1 in wxFatalSignalHandler () from
/usr/local/lib/libwx_base.so.3.0
#3  
#4  0x01c1ca20d500 in wxStringBase::operator= () from
/usr/local/lib/libwx_base.so.3.0
#5  0x01c26c874b50 in wxPGProperty::wxPGProperty () from
/usr/local/lib/libcodeblocks.so.0.1
#6  0x01c26c8996e1 in wxStringProperty::wxStringProperty () from
/usr/local/lib/libcodeblocks.so.0.1
#7  0x01bfae5aba40 in WatchesProperty::wxCreateObject () from
/usr/local/bin/codeblocks
#8  0x01bfae5174ae in DebugInterfaceFactory::OnEditorDeactivate ()
from /usr/local/bin/codeblocks
#9  0x01c26c5ef3b1 in DebuggerManager::CreateWindows () from
/usr/local/lib/libcodeblocks.so.0.1
#10 0x01c26c5f0282 in DebuggerManager::SetInterfaceFactory () from
/usr/local/lib/libcodeblocks.so.0.1
#11 0x01bfae55cea7 in MainFrame::OnUnlockLogManager () from
/usr/local/bin/codeblocks
#12 0x01bfae5565c7 in MainFrame::OnMouseRightUp () from
/usr/local/bin/codeblocks
#13 0x01bfae554f18 in MainFrame::OnMouseRightUp () from
/usr/local/bin/codeblocks
#14 0x01bfae506e9d in CodeBlocksApp::OnTBIconLeftDown () from
/usr/local/bin/codeblocks
#15 0x01c1ca1e4200 in wxEntry () from
/usr/local/lib/libwx_base.so.3.0
#16 0x01bfae504f9f in wxCreateApp () from /usr/local/bin/codeblocks
#17 0x01bfae504e04 in ?? () from /usr/local/bin/codeblocks
#18 0x in ?? ()
Current language:  auto; currently asm

Re: PHP error running ownclouds occ

[Farid Joubbi]

I figured out that it's easier to disable the documents app directly in the
database than trying to get occ to work.
A kind person sent me an e-mail off this list and pointed me in the right
direction.

Anyway, if someone has the same problem, here is what I did:
# psql owncloud owncloud
owncloud=> update oc_appconfig set configvalue = 'no' where appid =
'documents' and configkey = 'enabled';

Thank you OpenBSD and misc@openbsd.org !

On Mon, Oct 16, 2017 at 9:57 AM, Farid Joubbi  wrote:

> Hi,
> I upgraded my OpenBSD installation from 6.1 to 6.2.
> In the upgrade process I also upgraded the ownCloud package to 10.0.3.
> Now when I browse to the ownCloud page, it wants to upgrade.
> The upgrade fails with this message:
>
>
>
> Repair warning: You have incompatible or missing apps enabled that
> could not be found or updated via the marketplace.
> Repair warning: Please install or update the following apps manually
> or disable them with: occ app:disable documents
> Repair warning: For manually updating, see https://doc.owncloud.org/
> server/10.0/go.php?to=admin-marketplace-apps
>
>
>
> So I figured that I will do as it says and run the occ command.
> But the command fails, and I don't understand why.
>
>
> su -l -s /bin/sh www
>
> $ cd /var/www/owncloud/
> $ ./occ
> PHP Warning: Module 'curl' already loaded in Unknown on line 0
> PHP Warning: Module 'gd' already loaded in Unknown on line 0
> PHP Warning: Module 'intl' already loaded in Unknown on line 0
> PHP Warning: Module 'zip' already loaded in Unknown on line 0
> The process control (PCNTL) extensions are required in case you want to
> interrupt long running commands - see http://php.net/manual/en/book.
> pcntl.php
> ownCloud or one of the apps require upgrade - only a limited number of
> commands are available
> You may use your browser or the occ upgrade command to do the upgrade
> Cannot create "data" directory
> This can usually be fixed by giving the webserver write access to the root
> directory.
>
> {"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+
> 00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module
> 'zip' already loaded at Unknown#0"}
> An unhandled exception has been thrown:
> exception 'Exception' with message 'Environment not properly prepared.' in
> /var/www/owncloud/lib/private/Console/Application.php:134
> Stack trace:
>
> 0 /var/www/owncloud/console.php(105): OC\Console\Application->
> loadCommands(Object(Symfony\Component\Console\Input\ArgvInput),
> Object(Symfony\Component\Console\Output\ConsoleOutput))
>
> 1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')
>
> 2 {main}$
>
> $ ls -l
> total 316
> -rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS
> -rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md
> -rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING
> drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps
> drwxr-x--- 2 www www 512 Oct 14 21:37 config
> -rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php
> drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core
> -rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php
> drwxr-x--- 6 www www 512 Nov 30 2016 data
> -rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml
> -rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html
> -rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php
> drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n
> drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib
> -rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ
> drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs
> drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider
> -rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php
> -rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php
> drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources
> drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings
> -rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php
> drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater
> -rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php
> $
>
> Any ideas?
> I have read the owncloud manual and all the file permissions seem to be ok.
> Could it be that I am missing some OpenBSD specific thing that makes it
> fail?
> Thanks in advance for any kind of help or pointers.
>
>

Re: chronium ports

[Tuyosi T]

what a fast machine Espie uses !

i am unfamiliar with programing .
so i say only from my little expirience .

when using 6.0 ,
a specific PC could not run xfce which was installed by pkg_add .

so i installed from ports ,  then  xfce run  well .

by the way it is astonishing that openbsd's  *all*  binary is made by
source ( ABC & 123 ).
this is very educational for young students .

the othe hand  linux is limitted to kernel and aplication only to  general
users .

---
regards

Re: CoDel Flows

[Daniel Melameth]

On Fri, Oct 13, 2017 at 7:47 PM, Mike Belopuhov  wrote:
> On Fri, Oct 13, 2017 at 05:33 +, Daniel Melameth wrote:
>> In playing around with the new CoDel/fair traffic sharing, it's not
>> clear to me the best way to work with this when also using the
>> previous queuing.
>
> It's not clear to me either at least not in the generic case :-)
> I guess it depends on what you're trying to achieve.
>
>> Will CoDel still work as expected if all my child queues have flows,
>> but my root queue is using "fifo" (revealed with systat queues)?
>
> Depends on what you expect CoDel to do.  Normally the idea here is
> to set an upper bound on latency that all outgoing packets experience.
> For example if you have 10 connections and 2 are uploading data and
> other 8 are a mix of ACKs and SSH keystrokes, with FIFO you'd normally
> see bulk connections saturating the link and not leaving other 8
> connections a chance to send a packet.
>
> So you go and create those HFSC queues and try to reserve the bandwidth
> for your ACKs, SSH and whatnot.  The approach that FQ-CoDel takes is
> different.  You no longer need to reserve bandwidth as FQ-CoDel attempts
> to make the bandwidth "available" when needed -- this is what is fair
> sharing essentially.  Which in practice means that those 8 connections
> are able to send their small packets "practically" whenever they want
> without disrupting your uploads.
>
> This means that if all you want is to be able for your outgoing
> connections to fair share the bandwidth you don't need to reserve the
> bandwidth at all.
>
>> Assuming it does, if one of my child queues is just for TCP ACKs, does
>> it make sense to have a small quantum for this queue, but a larger
>> quantum for a child queue that focuses on bulk file transfers?
>
> Quantum of service just tilts the balance at the expense of extra CPU
> cycles and potentially extra overall latency.  I think you need to
> figure out the big picture first and then fine tune.
>
>> Or is
>> CoDel orthogonal of child queues and it only really works well with a
>> single root flow queue (and requires me to give up bandwidth control
>> with child queues)?
>
> "Works well this way or that way" would imply that we have enough data
> to make such a judgement.  At the moment we don't.  Last week we had it
> running with 8192 flows feeding into an LTE connection with a rather
> flaky 50Mbit/s downlink (150Mbit/s up) for about a hundred of users.
> With a few HFSC tweaks we had almost no observable SSH latency with
> ping times to 8.8.8.8 of about 25ms with fairly low variation.  This
> setup used two root queues: one on the uplink, one on the downlink.
>
>> Also, the pf.conf man page says the default qlimit is 1024, but, if I
>> don't specify a qlimit, pfctl –vsq shows a qlength of 50 when I was
>> expecting it to be 1024.  What am I missing?
>
> I've updated the man page today to address some of the concerns since
> the same question was also brought up on reddit yesterday:
>
> https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/
>
> The gist of it is that 1024 is not the HFSC default.  When you're
> specifying both "flows" and "bandwidth" thus requesting an FQ-CoDel
> queue manager for your HFSC queue, the HFSC default qlimit (50) is
> still applied.  It's a bit counter-intuitive I guess, so I've removed
> mention of this from the man page.

Thanks for taking the time for a detailed reply Mike.  From your
Reddit post, it seems, for those queues that use both flows and
bandwidth, it makes sense to always override the HFSC qlimit default,
but will this increase latency (in the same way a queue with no flows
will increase latency with a higher qlimit)?  I'll see what I can dig
up on CoDel and quantum outside of OpenBSD circles.

That said, I've been piloting various queuing scenarios in a Hyper-V
environment, but I haven't been able to make much progress here as, it
appears, there's some timing issue with HFSC and/or hvn(4) (thank you
for terminating my use of de(4), which was horrible under Hyper-V!); I
can never seem to reach my modest bandwidth specifications with
something like tcpbench, but perhaps this is better left for another
thread or I should just get on the vmd(8) bandwagon.

Cheers.

OpenBGPd Templates for IXP Manager

[Mike Hammett]

Here's a quick summary for those outside of the IX community. 

OpenBGPd used to be the spine of the IX route server community. Once IXes like 
AMS-IX and DE-CIX ran into scaling issues with the number of prefix filters, a 
ton of IXes moved with them over to BIRD. Most IXes will never see the scale 
that the previously mentioned do. This was around the 2012 time-frame. Also 
around the 2012 time-frame INEX released v3 of IXP Manager, which took off 
among IXes. It automated many aspects of the IX. 

Despite IXP Manager being fairly open and templated, INEX uses BIRD and 
therefore only produces BIRD templates. We went OpenBGPd on OpenBSD for our 
IXes due to OpenBSD's reputation for stability and security. Things have been 
manual thus far. 

We started a new IX earlier this year, which took advantage of the about to be 
released IXP Manager v4. Still only BIRD templates, however Barry O'Donovan (of 
INEX) mentioned that Peter Hessler had expressed interest in working on 
OpenBGPd templates for IXP Manager. I had reached out to him, but he's a busy 
guy and hasn't been able to follow up much. 

I figured with OpenBGPd largely resolving the prefix filter performance issues 
that getting templates for IXP Manager would allow IXes to find some parity in 
OpenBGPd with BIRD and hopefully win back market share. However, I'm not a 
programmer. I Google for what others have done and mash it together, at least 
sometimes successfully. I attempted to forge through the IXP Manager BIRD 
templates to convert them myself, but once I got to the meat and potatoes of 
the config, I was in way over my head. There's PHP logic, some template system 
logic, BIRD logic and no understanding from me. 

I came here hoping to come across someone with more time than Peter who can 
help me out with this. 


https://www.inex.ie/pipermail/ixpmanager/2017-January/000905.html 
http://ixp-manager.readthedocs.io/en/latest/features/router-configuration.html 
http://ixp-manager.readthedocs.io/en/latest/features/looking-glass.html 
https://github.com/inex/IXP-Manager/tree/17b5d36a57f40569c0da4fbb8e4f666d5e62921c/resources/views/api/v4/router
 
https://github.com/inex/IXP-Manager/tree/50c3781711ed38e773f86a8f3017d669d18e464d/resources/skins/inex/api/v4/router
 




Thanks. 



- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[x9p]

Thanks Ajitabh, Christoph

will give a try with the small island.

cheers.

x9p


> As already recommanded in another post www.1984.is They are located in
> Reykjavík / Iceland. I had in the past a OpenBSD VPS there (now shared
> hosting but maybe again a VPS). They provide by default Ubuntu /
> Debian but you also could use .ISO's. Drop them a mail about the
> .ISO's, they are friendly but thats are Debian people and they are
> unexperienced about OpenBSD - as they host using Debian / KVM.
>
> Remember, it is a island and sometimes they are not reachable  or slow
> (based on my location).
>

Re: rsa 4096 or ed25519 for ssh keys ?

[Mike Coddington]

On Mon, Oct 16, 2017 at 05:29:34PM +0200, Joel Carnat wrote:
> Hi,
> 
> If both server and client are ed25519 compatible.
> When generating (user) SSH keys, is it recommended to use ed25519 rather
> than rsa 4096bits?
> 

AFAIK, either would be fine. I believe ED25519 is more CPU-intensive, so
if that's a factor then stick with RSA. I like ED25519 personally
because the keys are small and my CPUs can all handle the workload.

-- 
Put your Nose to the Grindstone!
-- Amalgamated Plastic Surgeons and Toolmakers, Ltd.

Re: rsa 4096 or ed25519 for ssh keys ?

[Stephane HUC "PengouinBSD"]

Yes, of course.

Or RSA with option -o to use PKBDF and option -a to specify numbers
rounds (16, by defaults; 64, as paranoid), if you want to continue using
RSA.


Le 10/16/17 à 17:29, Joel Carnat a écrit :
> Hi,
>
> If both server and client are ed25519 compatible.
> When generating (user) SSH keys, is it recommended to use ed25519 rather
> than rsa 4096bits?
>
> Thank you.
>

-- 
Stéphane HUC | 06 66 84 24 76 | cons...@stephane-huc.net
"Shell : Serviable, Honnête & Efficace (LL) ... Ecce Homo"
 0xEBD72DA8C1C023F3 
 310D AA3C 5B35 AB97 7520  5ED4 EBD7 2DA8 C1C0 23F3

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<

Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net



signature.asc
Description: OpenPGP digital signature

rsa 4096 or ed25519 for ssh keys ?

[Joel Carnat]

Hi,

If both server and client are ed25519 compatible.
When generating (user) SSH keys, is it recommended to use ed25519 rather 
than rsa 4096bits?


Thank you.

Re: PHP error running ownclouds occ

[Steve Williams]

On 16/10/2017 1:57 AM, Farid Joubbi wrote:

Hi,
I upgraded my OpenBSD installation from 6.1 to 6.2.
In the upgrade process I also upgraded the ownCloud package to 10.0.3.
Now when I browse to the ownCloud page, it wants to upgrade.
The upgrade fails with this message:



 Repair warning: You have incompatible or missing apps enabled that
could not be found or updated via the marketplace.
 Repair warning: Please install or update the following apps manually or
disable them with: occ app:disable documents
 Repair warning: For manually updating, see
https://doc.owncloud.org/server/10.0/go.php?to=admin-marketplace-apps



So I figured that I will do as it says and run the occ command.
But the command fails, and I don't understand why.


su -l -s /bin/sh www

$ cd /var/www/owncloud/
$ ./occ
PHP Warning: Module 'curl' already loaded in Unknown on line 0
PHP Warning: Module 'gd' already loaded in Unknown on line 0
PHP Warning: Module 'intl' already loaded in Unknown on line 0
PHP Warning: Module 'zip' already loaded in Unknown on line 0
The process control (PCNTL) extensions are required in case you want to
interrupt long running commands - see
http://php.net/manual/en/book.pcntl.php
ownCloud or one of the apps require upgrade - only a limited number of
commands are available
You may use your browser or the occ upgrade command to do the upgrade
Cannot create "data" directory
This can usually be fixed by giving the webserver write access to the root
directory.

{"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module
'zip' already loaded at Unknown#0"}
An unhandled exception has been thrown:
exception 'Exception' with message 'Environment not properly prepared.' in
/var/www/owncloud/lib/private/Console/Application.php:134
Stack trace:

0 /var/www/owncloud/console.php(105):
OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput),
Object(Symfony\Component\Console\Output\ConsoleOutput))

1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')

2 {main}$

$ ls -l
total 316
-rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS
-rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md
-rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING
drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps
drwxr-x--- 2 www www 512 Oct 14 21:37 config
-rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php
drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core
-rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php
drwxr-x--- 6 www www 512 Nov 30 2016 data
-rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml
-rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html
-rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php
drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib
-rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider
-rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php
-rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php
drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources
drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings
-rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater
-rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php
$

Any ideas?
I have read the owncloud manual and all the file permissions seem to be ok.
Could it be that I am missing some OpenBSD specific thing that makes it
fail?
Thanks in advance for any kind of help or pointers.

Hi,

Are you running ownCloud in a chroot environment?  I'm running NextCloud 
and it takes a bit of a dance to get "occ" to work because of the chroot 
environment.


It might be a red herring that occ isn't working.

I am on OpenBSD 6.1 so can't help with your upgrade issue, but thought 
I'd mention the chroot issue with occ.


Cheers,
Steve W.

Re: About WPA2 compromised protocol

[Lampshade]

Stefan Sperling:
> Also this was *NOT* a protocol bug.
> arstechnica claimed such nonesense without any basis in fact and
> now everybody keeps repeating it :(

Actually, the researcher claimed that are in the standard itself.

https://www.krackattacks.com/
The weaknesses are in the Wi-Fi standard itself, and not in individual products 
or implementations. Therefore, any correct implementation of WPA2 is likely 
affected.

Some paragraphs remarks about OpenBSD in a direct way.

Paper
Although this paper is made public now, it was already submitted for review on 
19 May 2017. After this, only minor changes were made. As a result, the 
findings in the paper are already several months old. In the meantime, we have 
found easier techniques to carry out our key reinstallation attack against the 
4-way handshake. With our novel attack technique, it is now trivial to exploit 
implementations that only accept encrypted retransmissions of message 3 of the 
4-way handshake. In particular this means that attacking macOS and OpenBSD is 
significantly easier than discussed in the paper.

Some attacks in paper seem hard
We have follow-up work making our attacks (against for example macOS and 
OpenBSD) significantly more general and easier to execute. So although we agree 
that some of the attack scenarios in the paper are rather impractical, do not 
let this fool you into believing key reinstallation attacks cannot be abused in 
practice.

How did you discover these vulnerabilities?
When working on the final (i.e. camera-ready) version of another paper, I was 
double-checking some claims we made regarding OpenBSD's implementation of the 
4-way handshake. In a sense I was slacking off, because I was supposed to be 
just finishing the paper, instead of staring at code. But there I was, 
inspecting some code I already read a hundred times, to avoid having to work on 
the next paragraph. It was at that time that a particular call to ic_set_key 
caught my attention. This function is called when processing message 3 of the 
4-way handshake, and it installs the pairwise key to the driver. While staring 
at that line of code I thought “Ha. I wonder what happens if that function is 
called twice”. At the time I (correctly) guessed that calling it twice might 
reset the nonces associated to the key. And since message 3 can be 
retransmitted by the Access Point, in practice it might indeed be called twice. 
“Better make a note of that. Other vendors might also call such a function 
twice. But let's first finish this paper...”. A few weeks later, after 
finishing the paper and completing some other work, I investigated this new 
idea in more detail. And the rest is history.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

Ok, thanks for the clarification.

On 16 Oct 2017 1:20 p.m., "Christoph R. Murauer"  wrote:

> It is not OpenBSD related. The OP meaned the Digital Millennium
> Copyright Act - as the question was related to non US hosting
> locations.
>
> See https://en.m.wikipedia.org/wiki/Digital_Millennium_Copyright_Act
>
>
> > Non-dcma a bit confusing for me becouse of I'm totally stranger those
> > things. I've a vps on TransIP and they support OpenBSD.
> >
> > On 16 Oct 2017 4:21 a.m., "x9p"  wrote:
> >
> >> Hi,
> >>
> >> Anyone know a good non-DMCA-compliant (outside US) VPS hosting,
> >> OpenBSD-firendly? Traffic is mostly torrent-related.
> >>
> >> Good bandwidth and Bitcoin payments also a plus.
> >>
> >> Most offshore VPS providers offers default ubuntu-debian or centos
> >> iso
> >> images, some even FreeBSD iso, but OpenBSD is being a bit hard to
> >> find. In
> >> the past i saw some provider offering to mount your own custom iso
> >> via a
> >> webpanel, but this contact I have no more.
> >>
> >> If have any tips, will be welcomed.
> >>
> >> cheers.
> >>
> >> x9p
> >>
> >>
> >
>
>
>

Re: About WPA2 compromised protocol

[Eric Johnson]

Apparently, it has already been patched on OpenBSD.

>From https://www.krackattacks.com/

  When did you first notify vendors about the vulnerability?

  We sent out notifications to vendors whose products we tested ourselves
  around 14 July 2017. After communicating with these vendors, we realized
  how widespread the weaknesses we discovered are (only then did I truly
  convince myself it was indeed a protocol weaknesses and not a set of
  implementation bugs). At that point, we decided to let CERT/CC help with
  the disclosure of the vulnerabilities. In turn, CERT/CC sent out a broad
  notification to vendors on 28 August 2017.

  Why did OpenBSD silently release a patch before the embargo?

  OpenBSD was notified of the vulnerability on 15 July 2017, before
  CERT/CC was involved in the coordination. Quite quickly, Theo de Raadt
  replied and critiqued the tentative disclosure deadline: In the open
  source world, if a person writes a diff and has to sit on it for a
  month, that is very discouraging. Note that I wrote and included a
  suggested diff for OpenBSD already, and that at the time the tentative
  disclosure deadline was around the end of August. As a compromise, I
  allowed them to silently patch the vulnerability. In hindsight this was
  a bad decision, since others might rediscover the vulnerability by
  inspecting their silent patch. To avoid this problem in the future,
  OpenBSD will now receive vulnerability notifications closer to the end
  of an embargo.

Eric

Re: About WPA2 compromised protocol

[Marc Espie]

On Mon, Oct 16, 2017 at 12:58:45PM +0200, Stefan Sperling wrote:
> On Mon, Oct 16, 2017 at 12:45:24PM +0200, Erik van Westen wrote:
> > But did every manufacturer make the same mistake then?
> 
> Yes.

To sum up what I know:
- WPA2 is still sound cryptographically;
- there was no formal analysis of the protocol itself, in terms of
exchanged messages;   most everybody forgot that bugs in there can
be as deadly as cryptographic error.
- in some cases, you get some stuff to resend, but it should repeat the
same thing, so not a bug per-se;
- WPA2 strongly suggests zeroing memory areas that used to hold secrets.

The common implementation error is to zero some memory areas holding secrets
that you have to retransmit, thus leading to establishing a bunch of zeroes
as an actual secret.

Release 62 not booting on MacBook Pro mid-12 (9,3)

[SFM]

I had been able to boot and run releases 60 and 61 in exactly the same 
hardware, but the install 62CD didn’t boot, and neither does the OS, which I 
then successfully installed from a USB stick. Screen goes blank (backlight on) 
and freezes after printing the CPU cores to the screen. No dmesg and no 
keyboard or mouse interaction possible.

Ax0n Reported the same Problem with a snapshot and similar hardware in this 
mailing list, but the thread is a month old and it isn’t clear if he managed to 
solve it or not. 

Any ideas about what could be causing this problem and how should I solve it ? 
Thanks in advance!



الْسَّلامُ عَليكُم وَ رَحمةُ اْلله وَ بَرَكاتُهُ
محمّد مختار سوتو

Re: chronium ports

[Marc Espie]

On Mon, Oct 16, 2017 at 05:28:19PM +0900, Tuyosi T wrote:
> i build my openbsd snapshots machine from source
> (kernel , userland and xenodm )
> 
> the PC complied from source works more correctly
> as if ready made suite is not my just size ,
> tailered one is very fit , so i think .

Unless you have masochistic tendencies, use pkg_add.

If you tailor ports to your own usage, you're very likely to
end up with incompatible versions thanks to unnecessary tweaks.

Oh, and you're also likely to kill your machine slowly, because it
takes a lot of cpu.

Most port builders these days (I mean developers being part of the project)
use really fast machines in clusters to build ports.

chromium took you 18 hours ? that's slightly less than the time I need to
rebuild the full package collection.

Think about it.

Re: Japanese Input in xterm

[Marc Espie]

On Sun, Oct 15, 2017 at 08:56:36PM +0200, Niels Kobschaetzki wrote:
> On 17/10/15 19:43, Cág wrote:
> >Niels Kobschaetzki wrote:
> >
> >>Thanks a lot. But you are using sakura and not xterm for typing
> >>Japanese. I want to use xterm so that I can leave more dependencies
> >>behind :)
> >
> >You can build st (recommended) as it doesn't have any dependencies that
> >aren't in the install, if I amn't mistaken; or try rxvt-unicode.
> >
> >xterm is an unholy mess and shouldn't be used by anybody.
> 
> But xterm is in base unlike urxvt or the VTE-terminals. Maybe OpenBSD
> should change to urxvt in base. Seems to me, from the user-perspective,
> that it would be a simmilar change as from screen to tmux.
> 
> Niels

You're talking nonsense.

rxvt-unicode is GPLv3, so that's a no-no.

cyrus imapd in 6.2 ports

[Peter J. Philipp]

Hi,

I got these messages with the new 6.2 cyrus imapd:

Oct 14 11:03:26 mercury imaps[55561]: client id sessionid=:
"name" "Thunderbird" "version" "52.2.1"
Oct 14 11:03:26 mercury imaps[55561]: Fatal error: Internal error:
assertion failed: imap/message.c: 4286: !message_need(m, M_RECORD)
Oct 14 11:03:26 mercury master[70566]: process type:SERVICE name:imaps
path:/usr/local/cyrus/libexec/imapd age:0.542s pid:55561 exited, status 75


I didnt know what to do with this, so I ran "reconstruct -O -V max" as
_cyrus user, but that had the same failure in an assert failure.

So I decided to downgrade after upgrading to a new version wasn't
possible.  I put the 6.1 /usr/ports/mail/cyrus_imapd in the 6.2 tree
(after backign up the 6.2 cyrus_imapd) and made install after
pkg_delete'ing the 6.2 cyrus_imapd.  It worked I, I made sure that that
I ran the reconstruct again and it did mention there was a diff version
and probably fixed it.  Either way I have my important mail running
again and wanted to share.

If I want to go back to cyrus imapd version 3.x.x what should I look
for?  or wait for?

If anyone has had the same problems perhaps they took greater care than
me to get this going otherwise the downgrade seems to have worked for me.

Cheers,

-peter

Re: chronium ports

[Nick Holland]

On 10/16/17 04:28, Tuyosi T wrote:
> i build my openbsd snapshots machine from source
> (kernel , userland and xenodm )
> 
> the PC complied from source works more correctly
> as if ready made suite is not my just size ,
> tailered one is very fit , so i think .

I think you think wrong.

Just on your one example, you have to make up 18 hours of productivity
to break even.  Feel free to generate and post your own benchmarks, but
I think logic pretty well dictates you won't get those 18 hours back
before your next upgrade...IF there is any difference, and last I looked
there is none.  Not "just a little", but no difference in the code
generated based on the details of the machine you are running on.

Nick.

Re: About WPA2 compromised protocol

[Stefan Sperling]

On Mon, Oct 16, 2017 at 06:47:21AM -0400, Raul Miller wrote:
> What is the relevant language from the spec?

Well, the spec is huge. The section on WPA is pretty long.
Everyone can download the spec from IEEE.
I am not going to quote it here.

Re: About WPA2 compromised protocol

[Stefan Sperling]

On Mon, Oct 16, 2017 at 12:45:24PM +0200, Erik van Westen wrote:
> But did every manufacturer make the same mistake then?

Yes.

Re: About WPA2 compromised protocol

[Raul Miller]

On Mon, Oct 16, 2017 at 6:43 AM, Stefan Sperling  wrote:
> On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote:
>>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
>> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
>> connection to authenticate and protect clients and hostAP comms, is
>> this vulnerability mitigated?
>
> Also this was *NOT* a protocol bug.
> arstechnica claimed such nonesense without any basis in fact and
> now everybody keeps repeating it :(
>
> It was an implementation bug.

What is the relevant language from the spec?

Thanks,

-- 
Raul

Re: 6.2-Release - Firefox and Codeblocks Issues

[Josh Grosse]

On Sun, Oct 15, 2017 at 12:31:42PM -0400, tec...@protonmail.com wrote:
> Hi,
> 
> Firefox / Firefox-ESR
> I can not access my protonmail.com email account on  both of these versions 
> as I can't get to the login screen (it hangs on the loading screen) - this is 
> evident by going to https://mail.protonmail.com/login.  I have experienced 
> this same issue on two different installs, so I believe anyone trying to 
> access this site or some others will face the same issue.  My guess is that 
> it is due to the JavaScript functions it is running on this page.
> 
> Chromium works without issue and shows the login form.  Problem is, I really 
> despise Chromium and actively try to stay away from all Google services.
> 
> ###
> 
> Codeblocks
> This crashes as soon as I open it.  I can briefly see the codeblocks graphic 
> before it does so.

Thank you for your report regarding codeblocks.  I am able to 
replicate the abort signal, and will try to diagnose.  

--->>> Transitioning this discussion to ports@ <<<---

> 
> $ codeblocks
> Starting Code::Blocks Release 16.01  rev 10692 Oct  2 2017, 19:06:03 - 
> wx2.8.12 (OpenBSD, unicode) - 64 bit
> Initialize EditColourSet .
> Initialize EditColourSet: done.
> Abort trap (core dumped)
> 
> $ gdb
> (gdb) core codeblocks.core
> Core was generated by `codeblocks'.
> Program terminated with signal 6, Aborted.
> #0  0x0f1d99cdb2da in ?? ()

Re: About WPA2 compromised protocol

[Erik van Westen]

Op 16-10-2017 om 12:43 schreef Stefan Sperling:
> On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote:
>> HI all,
>>
>>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
>> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
>> connection to authenticate and protect clients and hostAP comms, is
>> this vulnerability mitigated?
>>
>>  Thanks.
>>
> Also this was *NOT* a protocol bug.
> arstechnica claimed such nonesense without any basis in fact and
> now everybody keeps repeating it :(
>
> It was an implementation bug.
>
Ah, good to know. But did every manufacturer make the same mistake then?

Erik

Re: About WPA2 compromised protocol

[Stefan Sperling]

On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote:
> HI all,
> 
>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
> connection to authenticate and protect clients and hostAP comms, is
> this vulnerability mitigated?
> 
>  Thanks.
> 

Also this was *NOT* a protocol bug.
arstechnica claimed such nonesense without any basis in fact and
now everybody keeps repeating it :(

It was an implementation bug.

Re: About WPA2 compromised protocol

[Stefan Sperling]

On Mon, Oct 16, 2017 at 10:22:26AM +, C. L. Martinez wrote:
> is this vulnerability mitigated?

Yes. This was 6.1 errata 027.

Re: About WPA2 compromised protocol

[Erik van Westen]

Op 16-10-2017 om 12:22 schreef C. L. Martinez:
> HI all,
>
>  Regarding WPA2 alert published today: https://www.krackattacks.com/,
> if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
> connection to authenticate and protect clients and hostAP comms, is
> this vulnerability mitigated?
>
>  Thanks.
>
Sure. A tunnel over WIFI is the preferred option anyway. WIFI cannot be
assumed to be safe.

Erik

Re: bgpd.conf invalidated on 6.2

[Marko Cupać]

On Mon, 16 Oct 2017 12:18:40 +0200
Claudio Jeker  wrote:

> On Mon, Oct 16, 2017 at 12:13:14PM +0200, Marko Cupa?? wrote:
> > Hi,
> > 
> > I've just upgraded one of my firewalls to 6.2, but bgpd won't start
> > with bgpd.conf which worked for 5 releases or so.
> > 
> > Here's error message:
> > /etc/bgpd.conf:11: duplicate prefix in network statement
> > config file /etc/bgpd.conf has errors, not reloading
> > 
> > The problem appears to be with the two following lines in bgpd.conf
> > (redacted):
> > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1
> > network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2
> > 
> > Any idea how to make this work on 6.2?
> >   
> 
> Remove one of the two lines.

IIRC, those lines were added more than 5 years ago, because they made
CARPed setup work, and have instant failover (IP.ADD.RE.SS1 and
IP.ADD.RE.SS2 are IP adresses of CARP interfaces facing ISP1 and ISP2).
So, the session is established from physical interface (local-address),
but nexthops are set to respective carp interfaces, so that BGP session
is always up, even from CARP BACKUP, and failover is instantaneous.

Are you suggesting I will have the same functionality even after
removal of any of the two lines?

Here's my complete non-redacted bgpd.conf for better understanding:

# MACROS
orion = "178.253.194.253"
sbb   = "82.117.192.121"

# GLOBAL CONFIGURATION
AS 12823
router-id 193.53.106.253
network 193.53.106.0/24 set nexthop 178.254.158.60
network 193.53.106.0/24 set nexthop 82.117.192.124

# NEIGHBORS AND PEERS
neighbor $orion {
remote-as 9125
descr "orion"
multihop 10
local-address 178.254.158.59
demote carp
set localpref -10
}

neighbor $sbb {
remote-as 31042
descr "sbb"
local-address 82.117.192.123
demote carp
set localpref +10
}
(default filters below)

Thank you in advance,
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

About WPA2 compromised protocol

[C. L. Martinez]

HI all,

 Regarding WPA2 alert published today: https://www.krackattacks.com/,
if I use an IPSec tunnel with shared-key or certifcate or an OpenVPN
connection to authenticate and protect clients and hostAP comms, is
this vulnerability mitigated?

 Thanks.

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

[Christoph R. Murauer]

It is not OpenBSD related. The OP meaned the Digital Millennium
Copyright Act - as the question was related to non US hosting
locations.

See https://en.m.wikipedia.org/wiki/Digital_Millennium_Copyright_Act


> Non-dcma a bit confusing for me becouse of I'm totally stranger those
> things. I've a vps on TransIP and they support OpenBSD.
>
> On 16 Oct 2017 4:21 a.m., "x9p"  wrote:
>
>> Hi,
>>
>> Anyone know a good non-DMCA-compliant (outside US) VPS hosting,
>> OpenBSD-firendly? Traffic is mostly torrent-related.
>>
>> Good bandwidth and Bitcoin payments also a plus.
>>
>> Most offshore VPS providers offers default ubuntu-debian or centos
>> iso
>> images, some even FreeBSD iso, but OpenBSD is being a bit hard to
>> find. In
>> the past i saw some provider offering to mount your own custom iso
>> via a
>> webpanel, but this contact I have no more.
>>
>> If have any tips, will be welcomed.
>>
>> cheers.
>>
>> x9p
>>
>>
>

Re: bgpd.conf invalidated on 6.2

[Claudio Jeker]

On Mon, Oct 16, 2017 at 12:13:14PM +0200, Marko Cupa?? wrote:
> Hi,
> 
> I've just upgraded one of my firewalls to 6.2, but bgpd won't start
> with bgpd.conf which worked for 5 releases or so.
> 
> Here's error message:
> /etc/bgpd.conf:11: duplicate prefix in network statement
> config file /etc/bgpd.conf has errors, not reloading
> 
> The problem appears to be with the two following lines in bgpd.conf
> (redacted):
> network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1
> network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2
> 
> Any idea how to make this work on 6.2?
> 

Remove one of the two lines.

-- 
:wq Claudio

bgpd.conf invalidated on 6.2

[Marko Cupać]

Hi,

I've just upgraded one of my firewalls to 6.2, but bgpd won't start
with bgpd.conf which worked for 5 releases or so.

Here's error message:
/etc/bgpd.conf:11: duplicate prefix in network statement
config file /etc/bgpd.conf has errors, not reloading

The problem appears to be with the two following lines in bgpd.conf
(redacted):
network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS1
network NE.TW.OR.K/24 set nexthop IP.ADD.RE.SS2

Any idea how to make this work on 6.2?

Thank you in advance,
-- 
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: CoDel Flows

[Mike Belopuhov]

On Mon, Oct 16, 2017 at 03:24 +, Glenn Faustino wrote:
> Thanks Mike!
> 
> When I was using newqueue/hfsc I used to assign queues to certain traffic
> like below:
> 
> match inet proto tcp from any to any port ssh set queue (ssh_bulkq,
> ssh_prioq)
> match inet proto {tcp,udp} from any to any port {domain,ntp} set queue
> (dnsq, ackq)
> match inet proto {tcp,udp} from any to any port {www,https} set queue
> (webq, ackq)
> match inet proto tcp from any to any port ftp set queue (webq, ackq)
> 
> And I was looking how to do that when using flow queues but it seems that
> it is not needed anymore (if I'm not mistaken) ,
> all you need to do is define a flow queue and that's it.
>

I see.  Indeed, I'd start with a single flow queue, but that doesn't
necessarily mean that this is going to work in 100% of cases.  Please
take a look at the approach I've outlined here:

https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/doemlgi/

I don't have enough feedback and experience with this exact setup so
I'm treading carefully here until there's a clear understanding what
works and what doesn't.

And please let me remind you again, that first of all you need to
identify whether or not the problem actually exists.  Once you figured
that your setup is prone to exposing the bufferbloat on the uplink,
setup the flow queue as I've suggested here:

https://www.reddit.com/r/openbsd/comments/75ps6h/fqcodel_and_pf/doemlgi/

Test and then re-evaluate the situation and only if you see the problem
with downloads, attempt to fix it.

Cheers,
Mike

> 
> Regards,
> Glenn
> 
> 
> 
> On Mon, Oct 16, 2017 at 2:06 AM, Mike Belopuhov  wrote:
> 
> > On Sat, Oct 14, 2017 at 02:51 +, Glenn Faustino wrote:
> > > Hi Mike,
> > >
> > > I'm using HFSC with two root queues (1 for uplink and 1 for downlink),
> > can
> > > you please share your config for FQ-CoDel with HFSC with two queues if
> > you
> > > don't mind?
> > >
> > > Regards,
> > > Glenn
> > >
> >
> > I'm not certain which config you're talking about but there's nothing
> > particularly different about any of those that I've used. I'd like to
> > know instead what might be causing trouble for you to figure out what
> > piece of documentation can be improved.
> >
> > Having said that I tend to set quantum a bit lower when CPU resources
> > are abundant and latency is not increased as a result. For example,
> > OpenWRT sets it to 300 by default which might mean that they optimize
> > for an average packet size on the internet (or it might not, I don't
> > know for sure why do they do it). My limited testing hasn't shown any
> > quantifiable gain when doing that.
> >
> > Regards,
> > Mike
> >

Re: DMCA Free OpenBSD VPS Hosting, multiple payment methods

Non-dcma a bit confusing for me becouse of I'm totally stranger those
things. I've a vps on TransIP and they support OpenBSD.

On 16 Oct 2017 4:21 a.m., "x9p"  wrote:

> Hi,
>
> Anyone know a good non-DMCA-compliant (outside US) VPS hosting,
> OpenBSD-firendly? Traffic is mostly torrent-related.
>
> Good bandwidth and Bitcoin payments also a plus.
>
> Most offshore VPS providers offers default ubuntu-debian or centos iso
> images, some even FreeBSD iso, but OpenBSD is being a bit hard to find. In
> the past i saw some provider offering to mount your own custom iso via a
> webpanel, but this contact I have no more.
>
> If have any tips, will be welcomed.
>
> cheers.
>
> x9p
>
>

Re: chronium ports

[Tuyosi T]

i build my openbsd snapshots machine from source
(kernel , userland and xenodm )

the PC complied from source works more correctly
as if ready made suite is not my just size ,
tailered one is very fit , so i think .

---
regards

PHP error running ownclouds occ

[Farid Joubbi]

Hi,
I upgraded my OpenBSD installation from 6.1 to 6.2.
In the upgrade process I also upgraded the ownCloud package to 10.0.3.
Now when I browse to the ownCloud page, it wants to upgrade.
The upgrade fails with this message:



Repair warning: You have incompatible or missing apps enabled that
could not be found or updated via the marketplace.
Repair warning: Please install or update the following apps manually or
disable them with: occ app:disable documents
Repair warning: For manually updating, see
https://doc.owncloud.org/server/10.0/go.php?to=admin-marketplace-apps



So I figured that I will do as it says and run the occ command.
But the command fails, and I don't understand why.


su -l -s /bin/sh www

$ cd /var/www/owncloud/
$ ./occ
PHP Warning: Module 'curl' already loaded in Unknown on line 0
PHP Warning: Module 'gd' already loaded in Unknown on line 0
PHP Warning: Module 'intl' already loaded in Unknown on line 0
PHP Warning: Module 'zip' already loaded in Unknown on line 0
The process control (PCNTL) extensions are required in case you want to
interrupt long running commands - see
http://php.net/manual/en/book.pcntl.php
ownCloud or one of the apps require upgrade - only a limited number of
commands are available
You may use your browser or the occ upgrade command to do the upgrade
Cannot create "data" directory
This can usually be fixed by giving the webserver write access to the root
directory.

{"reqId":"uds8VWpXGYWCkIjzmcjW","level":3,"time":"2017-10-14T22:40:06+00:00","remoteAddr":"","user":"--","app":"PHP","method":"--","url":"--","message":"Module
'zip' already loaded at Unknown#0"}
An unhandled exception has been thrown:
exception 'Exception' with message 'Environment not properly prepared.' in
/var/www/owncloud/lib/private/Console/Application.php:134
Stack trace:

0 /var/www/owncloud/console.php(105):
OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput),
Object(Symfony\Component\Console\Output\ConsoleOutput))

1 /var/www/owncloud/occ(11): require_once('/var/www/ownclo...')

2 {main}$

$ ls -l
total 316
-rw-r--r-- 1 root bin 8859 Sep 15 16:43 AUTHORS
-rw-r--r-- 1 root bin 25213 Sep 15 16:43 CHANGELOG.md
-rw-r--r-- 1 root bin 34520 Sep 15 16:43 COPYING
drwxr-xr-x 37 www www 1024 Oct 14 21:40 apps
drwxr-x--- 2 www www 512 Oct 14 21:37 config
-rw-r--r-- 1 root bin 4345 Sep 15 16:42 console.php
drwxr-xr-x 17 root daemon 1024 Oct 14 21:37 core
-rw-r--r-- 1 root bin 4969 Sep 15 16:42 cron.php
drwxr-x--- 6 www www 512 Nov 30 2016 data
-rw-r--r-- 1 root bin 30898 Sep 15 16:42 db_structure.xml
-rw-r--r-- 1 root bin 179 Sep 15 16:42 index.html
-rw-r--r-- 1 root bin 3898 Sep 15 16:42 index.php
drwxr-xr-x 3 root daemon 512 Oct 14 21:37 l10n
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 lib
-rwxr-xr-x 1 root bin 289 Oct 2 20:10 occ
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs
drwxr-xr-x 2 root daemon 512 Oct 14 21:37 ocs-provider
-rw-r--r-- 1 root bin 3197 Sep 15 16:42 public.php
-rw-r--r-- 1 root bin 5481 Sep 15 16:42 remote.php
drwxr-xr-x 4 root daemon 512 Apr 25 09:42 resources
drwxr-xr-x 12 root daemon 512 Oct 14 21:37 settings
-rw-r--r-- 1 root bin 1757 Sep 15 16:42 status.php
drwxr-xr-x 6 root daemon 512 Oct 14 21:37 updater
-rw-r--r-- 1 root bin 278 Oct 2 20:10 version.php
$

Any ideas?
I have read the owncloud manual and all the file permissions seem to be ok.
Could it be that I am missing some OpenBSD specific thing that makes it
fail?
Thanks in advance for any kind of help or pointers.

Re: Cups not run after Upgrade 6.2

[Stephane HUC "PengouinBSD"]

Ok, i delete cups package.
And, after new install, cupsd run!

$ ls -al /etc/cups/
total 92
drwxr-xr-x   4 root  _cups512 Oct 16 08:58 ./
drwxr-xr-x  59 root  wheel   2560 Oct 16 09:21 ../
-rw---   1 root  _cups  0 Oct 16 08:58 classes.conf
-rw-r--r--   1 root  _cups  0 Oct 16 08:58 client.conf
-rw-r--r--   1 root  _cups936 Oct  9 19:30 command.types
-rw-r-   1 root  _cups   2979 Oct 16 08:58 cups-files.conf
-rw-r--r--   1 root  _cups  10802 Oct 16 08:58 cups-pdf.conf
-rw-r-   1 root  _cups   6278 Oct 16 08:58 cupsd.conf
-rw-r--r--   1 root  _cups  0 Oct 16 08:58 lpoptions
drwxr-xr-x   2 root  _cups512 Oct  9 19:30 ppd/
-rw-r--r--   1 root  _cups273 Sep 15 19:58 printcap
-rw---   1 root  _cups  0 Oct 16 08:58 printers.conf
-rw---   1 root  _cups886 Oct  9 15:39 printers.conf.O
-rw-r-   1 root  _cups142 Oct 16 08:58 snmp.conf
drwx--   2 root  _cups512 Oct 16 08:58 ssl/
-rw-r-   1 root  _cups111 Oct 10 13:28 subscriptions.conf
-rw-r-   1 root  _cups401 Oct  9 20:10 subscriptions.conf.O

$ doas /usr/local/sbin/cupsd -t
"/etc/cups/cups-files.conf" is OK.
"/etc/cups/cupsd.conf" is OK.

Ty!

Le 10/16/17 à 08:50, Stephane HUC "PengouinBSD" a écrit :
> Hi :p
> 
> Ok, i delete /var/cache/cups.
> 
> And, into /etc/cups/, i've not file cupsd.conf!
> 
> $ ls -al /etc/cups/
> total 64
> drwxr-xr-x   4 root  _cups512 Oct 10 13:28 .
> drwxr-xr-x  59 root  wheel   2560 Oct 16 01:10 ..
> -rw-r--r--   1 root  _cups936 Oct  9 19:30 command.types
> -rw-r--r--   1 root  _cups  10802 Oct  9 17:41 cups-pdf.conf
> -rw-r--r--   1 root  _cups  0 Oct  9 16:34 lpoptions
> drwxr-xr-x   2 root  _cups512 Oct  9 19:30 ppd
> -rw-r--r--   1 root  _cups273 Sep 15 19:58 printcap
> -rw---   1 root  _cups886 Oct  9 15:39 printers.conf.O
> drwx--   2 root  _cups512 Aug 29 20:37 ssl
> -rw-r-   1 root  _cups111 Oct 10 13:28 subscriptions.conf
> -rw-r-   1 root  _cups401 Oct  9 20:10 subscriptions.conf.O
> 
> 
> Le 10/16/17 à 08:45, Robert Klein a écrit :
>> Hi,
>>
>> On Mon, 16 Oct 2017 08:10:41 +0200
>> "Stephane HUC \"PengouinBSD\""  wrote:
>>
>>> The output is none:
>>>
>>> [08:07:05] :root@ptb-zou: ~ $ /usr/local/sbin/cupsd -t
>>> [08:07:05] :root@ptb-zou: ~ $
>>>
>>
>> I'd have expected something like
>>
>> "/etc/cups/cupsd.conf" is OK.
>>
>>
>> but you probably don't need cupsd.conf/
>>
>>
>>> And about file log:
>>>
>>> $ cat
>>> /var/log/cups/error_log 
>>>   
>>>
>>> E [09/Oct/2017:20:10:22 +0200] Unable to create
>>> "/var/cache/cups/job.cache.N": No such file or directory
>>> E [10/Oct/2017:13:28:09 +0200] Unable to create
>>> "/var/cache/cups/job.cache.N": No such file or directory
>>>
>>> $ ls -al /var/cache/ | grep cups
>>> drwxr-xr-x   2 root  wheel   512 Oct 15 21:24 cups
>>>
>>> do i need _cups user rights?
>>>
>>
>> yes.  You can just delete the directory, cups recreates it on start.
>>
>>
>> Best regards
>> Robert
>>
>>
>>
>>
>>
>>
>>>
>>> Le 10/16/17 à 08:01, Robert Klein a écrit :
 Hi,

 On Sun, 15 Oct 2017 21:35:30 +0200
 "Stephane HUC \"PengouinBSD\""  wrote:
  
> Hi,
>
> After upgrade to 6.2 (amd64), Cups not run!
>
> $ doas rcctl start cupsd
> cupsd(failed)  

 What is the output of 

 /usr/local/sbin/cupsd -t

 run as root?


 Is there anything in the /var/log/cups/error_log logfile?


 Best regards
 Robert  
>>>
>>
> 

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<

Stephane HUC as PengouinBSD or CIOTBSD
b...@stephane-huc.net



signature.asc
Description: OpenPGP digital signature

Re: chronium ports

[Stuart Henderson]

On 2017-10-15, Tuyosi T  wrote:
> owing to the great effort of ports maintener ,
> i finsh ' make install ' of chronium's port in openbsd *snapshot* installed
> PC  .
>
> but it takes long time ( 18hr ) on my old machime .

I recommend using pkg_add. Unless you are working on the port, there's
no advantage to building it yourself.