Re: how to properly rebuild or delete crypto softraid?

2017-12-15 Thread tinkr 
> On 2017-12-15, Stuart wrote:
> You can use dd to write zeroes over the start of the device to overwrite
> the partition table and disklabel, I'm not surehow far you have to go
> but would expect "dd if=/dev/zero of=/dev/rsdXc bs=1m count=8" to do
> the trick (with the correct disk number here ^ obviously).
..

Hi,

In the past I thought the principle was that you wipe the disklabel by 
overwriting the first megabyte (bs=1m count=1).

What is the safe practice really, 1MB or 8MB?

Tinker

Re: 18-year-old laptop "Compaq Armada 1750" still works fine ...

2017-12-15 Thread Riccardo Mottola 

Hi Jens,

On 2017-12-03 19:24:48 +0100 Jens A. Griepentrog 
 wrote:



OpenBSD 6.2 (GENERIC) #1: Fri Dec  1 12:00:30 CET 2017

r...@syspatch-62-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Celeron ("GenuineIntel" 686-class, 256KB L2 cache) 366 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF

real mem  = 200785920 (191MB)
avail mem = 182915072 (174MB)
mpath0 at root


<...>

rl0 at cardbus0 dev 0 function 0 "Realtek 8139" rev 0x10: irq 11, 
address 
00:19:e0:18:0c:fe

rlphy0 at rl0 phy 0: RTL internal PHY
root on wd0a (98c8f8a7f56949dd.a) swap on wd0b dump on wd0b



That is cool.. BSD rocks, doesn't it? At least OpenBSD and NetBSD are 
still very capable here.


Question: how do you configure your network and does it work?

I just upgraded a similar vintage ThinkPad from 6.1 to 6.2 and network 
stopped working after the upgrade, both using a Wired and a Wiredless 
card: can get an IP address, but not ping even a local address.
I did not make a report yet because getting a dmesg and more 
information is a bit cumbersome, so just curious how it i for you. You 
have your network card on cardbus like me.


Riccardo

Re: What would you like to see in upcoming PF tutorials?

2017-12-15 Thread Peter N. M. Hansteen 
On 12/15/17 15:11, Steve Litt wrote:

> a pretty good job of it, but is very lacking in explanations. Tutorials
> are for people who currently know nothing, so a word by word
> explanation should be given for both of these lines:
> 
> * match out on egress inet nat-to ($ext_if)
> * pass proto tcp from { self, $int_if:network }
> 
> There are many other places needing explanations. If you could include
> a few diagrams to make the point, that would help immensely.

Keep in mind that those are the slides only, those participating in the
session will hear a fuller explanation and have the option to interrupt
us with questions or even start discussions.

I do know of a PF presentation that was by increments turned into a
book, but this presentation is not quite at that stage yet (though you
never know what might happen at some point in the future). The book is
still reasonably useful, I hear ;)

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: What would you like to see in upcoming PF tutorials?

2017-12-15 Thread Steve Litt 
On Thu, 14 Dec 2017 21:27:17 +0100
"Peter N. M. Hansteen"  wrote:

> We're in the process of preparing for upcoming conferences with
> updates to the ever-in-progress PF tutorial. 
> 
> If you have thoughts on what you would like to see in a tutorial
> session and would like to share them either with me or the list, we
> would love to hear from you.

I'd love to see a step by step creation of a NATting firewall, with
exact explanations of each step.

I'd like to see a version with IPV4 on the Internet side, and one with
IPV6 on the Internet side. https://home.nuug.no/~peter/pftutorial/ does
a pretty good job of it, but is very lacking in explanations. Tutorials
are for people who currently know nothing, so a word by word
explanation should be given for both of these lines:

* match out on egress inet nat-to ($ext_if)
* pass proto tcp from { self, $int_if:network }

There are many other places needing explanations. If you could include
a few diagrams to make the point, that would help immensely.
 
SteveT

Steve Litt 
December 2017 featured book: Thriving in Tough Times
http://www.troubleshooters.com/thrive

OpenBSD Foundation on HTTPS

2017-12-15 Thread Hess THR 
Hello, Just noticed that the: http://www.openbsdfoundation.org/ doesn't
supports HTTPS, while in 2017 Dec, ~70% of the websites does:
https://letsencrypt.org/stats/#percent-pageloads Can we have HTTPS for
the OpenBSD Foundation? Which Official OpenBSD related domain hasn't got
HTTPS yet? I whish you happy holidays and again, Thanks for all the work!
BTW, wow:
https://www.reddit.com/r/Bitcoin/comments/7jj0oa/im_donating_5057_btc_to_charitable_causes/dr6q6tj/?context=3

Re: how to properly rebuild or delete crypto softraid?

2017-12-15 Thread Stuart Henderson 
On 2017-12-13, soko.tica  wrote:
> I have successfully built an encrypted bootable usb according to the
> instructions https://www.openbsd.org/faq/faq14.html#softraidFDE
>
> After booting successfully several times, the device went to ddb after I
> installed chrome without previously adding xfonts during the install.
> Subsuequent attempts to boot were unsuccessfull.
>
> I have erased partitions by disklabel and fdisk and tried to repeat the
> installation process. However, the encrypted raid device appeared and I was
> able to unlock it by the same passphrase, so I ceased the installation.
>
> Is it possible to delete the crypto raid properly at this stage? Should I
> tri to rebuild it?
>
> Any advice is appreciated.
>
> Thanks in advance.
>

You can use dd to write zeroes over the start of the device to overwrite
the partition table and disklabel, I'm not surehow far you have to go
but would expect "dd if=/dev/zero of=/dev/rsdXc bs=1m count=8" to do
the trick (with the correct disk number here ^ obviously).

No idea why it would have gone to ddb, your report is very lacking in
information!

Re: Suggestions home server

2017-12-15 Thread Alex Waite 

I am considering buying a not so expensive home server.
[snip]
This might be a bit above "not so expensive" (~1,200), but I've been 
running this at home for just under a year and have been very pleased: 
http://www.supermicro.com/products/system/midtower/5028/sys-5028d-tn4t.cfm


Caveat: I'm running SmartOS on the metal and OpenBSD (and other OSs) in 
zones/KVM.


---Alex

Re: Suggestions home server

2017-12-15 Thread Noth 



On 14/12/17 20:40, Peter N. M. Hansteen wrote:

On Thu, Dec 14, 2017 at 07:23:51PM +0100, Oliver Marugg wrote:

The HPE Gen10 MicroServer (but BIOS only with contract or under warranty)
could be as a possible solution (does anyone using it with OpenBSD?).

The Gen8 works fine once you set the disk controller to plain SATA mode
instead of the default hardware raid mode.

Haven't had a chance to try the newer versions, but I wouldn't expect
any trouble

Unfortunately it's barely more powerful and the Marvell RAID/S-ATA 
controller seems to be really buggy on opensource OSes. And no iLO. It's 
closer to the G7 than the G8 in design. At least it does 32Gb of ram.


Next step up is the Supermicro, but it's also a step up in budget : 
https://www.supermicro.com/products/system/midtower/5028/SYS-5028D-TN4T.cfm 
128Gb of ram, and a Xeon-D 1541 included. It can be boosted to a Xeon 
1567 for 4 extra cores.


I decided to boost my MicroServer G8 to the max whilst I save up for the 
SuperMicro...


Noth