Re: IPv6 autoconf

2017-07-29 Thread Florian Obser
On Fri, Jul 28, 2017 at 06:29:12PM -0700, Thomas Smith wrote: > One question??? > > What would be necessary to bake this functionality into OpenBSD base? IPv6 > is pretty ubiquitous nowadays???most ISPs support it, most cloud providers > support it???it seems common enough that much of this functi

Re: DNSSEC solution

2017-08-15 Thread Florian Obser
On Tue, Aug 15, 2017 at 09:03:26AM +0200, Thuban wrote: > Hi > since we have nsd and unbound included in base, I was wondering what > tool you use to deal with DNSSEC and sign your zone ? > I use zkt, but your advices would be nice. > > Regards > -- > thuban I use powerdns from ports as a hidden

Re: slaacd.sock

2017-08-22 Thread Florian Obser
On Tue, Aug 22, 2017 at 01:56:10PM +0200, Christer Solskogen wrote: > Running the latest snapshot (amd64) I see that slaacd.sock is in /dev, > while documentation says that is should be in /var/run. What is correct? Friend Computer is of course right. Just fixed the man page. Thanks! -- I'm not

Re: slaacd.sock

2017-08-22 Thread Florian Obser
On Tue, Aug 22, 2017 at 08:06:08PM +0200, Christer Solskogen wrote: > On Tue, Aug 22, 2017 at 4:01 PM, Florian Obser wrote: > > > On Tue, Aug 22, 2017 at 01:56:10PM +0200, Christer Solskogen wrote: > > > Running the latest snapshot (amd64) I see that slaacd.sock is

Re: reiser4fs in openbsd

2017-08-25 Thread Florian Obser
reply-to: misc could you all please fix your email client to not strip diffs when posting to tech@? thanks zfs is already there: https://marc.info/?l=openbsd-cvs&m=136482823110105&w=2 On Fri, Aug 25, 2017 at 05:39:11PM +0200, Philipp Buehler wrote: > Am 25.08.2017 17:35 schrieb Daniil Berendeev:

Re: [PATCH] Off-by-one bug in httpd, ldapd, relayd, smtpd, switchd and ypldap

2017-08-27 Thread Florian Obser
On Sun, Aug 27, 2017 at 07:18:55PM -0500, Kris Katterjohn wrote: > On Mon, Aug 21, 2017 at 09:04:33AM +0200, Gilles Chehade wrote: > > On Sat, Aug 19, 2017 at 04:20:31PM -0500, Kris Katterjohn wrote: > > > On Fri, Aug 18, 2017 at 09:24:33AM -0700, Chris Cappuccio wrote: > > > > This looks correct.

Re: 6.2 starts nsd before slaacd binds ipv6 address

2017-10-10 Thread Florian Obser
On Mon, Oct 09, 2017 at 06:31:06PM +, lists+m...@ggp2.com wrote: > Hello all - > > I don't feel this warrants a bug report, but nevertheless feel that this > behavior is inconsistent with the way dhclient works. I have a vultr there is a school of thought that says dhclient should not delay

Re: acme-client new cert error

2018-05-27 Thread Florian Obser
On Sat, May 26, 2018 at 09:14:35AM -0700, Scott Vanderbilt wrote: > On 5/26/2018 4:54 AM, Stuart Henderson wrote: > > > aeneas.datagenic.com doesn't respond on port 80. (And if I can't > > fetch it, letsencrypt's checkers are also unlikely to be able to). > > > > Firewall issue? > > Oh, FFS. >

Re: virtual colocation? Amazon/cloud?

2018-06-15 Thread Florian Obser
On Fri, Jun 15, 2018 at 08:09:40AM +1000, Stuart Longland wrote: > On 15/06/18 06:50, Steve Fairhead wrote: > > I gather Amazon are not quite there yet re OpenBSD virtual machines. Can > > anyone here provide a cluebat as to prospects or alternatives? I don't > > want to move away from OpenBSD - it

Re: rtadvd bug ?

2018-06-18 Thread Florian Obser
Be careful not to break dhcpv6-pd. I suspect the problem is actually in make_prefix() in config.c which unconditionally sets onlink and autoconf. I stared at this for some time but can't figure out how to fix this. RFC 4861 has this which I don't think rtadvd is implementing correctly: P

Re: cgi issues

2018-07-08 Thread Florian Obser
On Sun, Jul 08, 2018 at 07:53:41AM -0500, Edgar Pettijohn III wrote: > I am playing around with cgi written in c. I am getting what seems like a > weird error though. I'm starting off with a very basic program: > > #include > > int > main(void) > { >     fprintf(stdout, >    "\n"

Re: cgi issues

2018-07-08 Thread Florian Obser
On Sun, Jul 08, 2018 at 08:30:29AM -0500, Edgar Pettijohn III wrote: > > > On 07/08/18 08:09, Florian Obser wrote: > > On Sun, Jul 08, 2018 at 07:53:41AM -0500, Edgar Pettijohn III wrote: > > > I am playing around with cgi written in c. I am getting what seems like a

call for testing: rad(8) - a rtadvd(8) replacement

2018-07-17 Thread Florian Obser
During g2k18 I commited rad(8). The latest amd64 and i386 snapshots should contain it with enough features to replace rtadvd(8). If you are using rtadvd(8) I'd appreciate if you could switch to rad(8) and report back if any features are missing. The plan is to unhook rtadvd(8) from the build soon

Re: nsd question

2018-09-11 Thread Florian Obser
On Tue, Sep 11, 2018 at 04:12:48PM +0200, Peter J. Philipp wrote: > Hi, > > I wasn't going to ask, but the book I have (alternative dns servers - jpm) is > somewhat outdated on nsd. > > If I'm correct, in order to pull the zones to disk on a slave nsd setup, one > has to manually or crontab "nsd-

Re: Munin node over IPv6

2018-11-08 Thread Florian Obser
On Thu, Nov 08, 2018 at 12:21:58PM +0100, Solene Rapenne wrote: > Alarig Le Lay wrote: > > Hi, > > > > I would like to pull my munin node over IPv6, but the process is only > > listening on IPv4. > > > > guinch# grep '^host' /etc/munin/munin-node.conf > > host * > > guinch# netstat -af inet | gr

Re: iridium-browser + unveil

2018-11-08 Thread Florian Obser
On Thu, Nov 08, 2018 at 10:52:11AM +0200, Dumitru Moldovan wrote: > On Thu, 8 Nov 2018 09:03:51 +0100, Stefan Wollny wrote: > > > > I changed the 'exec' command in /usr/local/bin/iridium like so: > > - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}" > > + LANG=${_l} exec "/usr/local/iridium/i

Re: iridium-browser + unveil

2018-11-08 Thread Florian Obser
On Thu, Nov 08, 2018 at 09:45:38AM +0100, Stefan Wollny wrote: > Am 08.11.18 um 09:03 schrieb Stefan Wollny: > > Hi there, > > > > just a little nit with the iridium-browser unveiled: > > > > I changed the 'exec' command in /usr/local/bin/iridium like so: > > - LANG=${_l} exec "/usr/local/iridium

Re: Permission on virtual user password file [dovecot+smtpd]

2018-11-13 Thread Florian Obser
On Tue, Nov 13, 2018 at 07:38:04PM +0100, Thuban wrote: > Hi, > I use dovecot and smtpd on my personal mail server. > They both share the same password file. > > I works very well, but I'm concerned about permissions on this file : > > -rw-r--r-- 1 root wheel passwd > > It's world reada

Re: memmem

2020-04-14 Thread Florian Obser
On Tue, Apr 14, 2020 at 06:52:21AM +, Roderick wrote: > Is that not a little too primitive? I thought so, too. No context, no explanation just a one-liner. -- I'm not entirely sure you are real.

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

2020-05-12 Thread Florian Obser
Please leave, optionally seek professional help and never come back. -- I'm not entirely sure you are real.

Re: acme client failing [SOLVED]

2020-05-23 Thread Florian Obser
A common problem. :( I finally got around to improve acme-client's error reporting, it should be better in -current and 6.8 On 23 May 2020 21:28:23 CEST, Teno Deuter wrote: >On Sat, May 23, 2020 at 8:22 PM Stuart Henderson >wrote: >> >> On 2020-05-23, Teno Deuter wrote: >> > acme-client: chall

Re: sysupgrade confused by additional disk?

2020-05-26 Thread Florian Obser
On Mon, May 25, 2020 at 12:26:43PM -0400, Nick Holland wrote: > While OpenBSD itself is great about using duids, those are defined in > the 'a' partition of the boot disk..which is usually the first disk. But > in your case, the "first disk" doesn't include the 'a' partitionand the > /etc/fstab fil

Re: Sysupgrade fails with "cannot create SHA256.sig: Permission denied"

2020-06-17 Thread Florian Obser
Wild guess, /home is an nfs mount or mounted read-only? That's not going to work unfortunately. On 17 June 2020 22:23:13 CEST, "Raymond, David" wrote: >I am trying to upgrade a bunch of machines from 6.6 to 6.7 using >sysupgrade and I get the message > >/usr/sbin/sysupgrade[136]: cannot create

Re: unwind, is it possible to prevent validation failures?

2020-08-04 Thread Florian Obser
On Wed, Aug 05, 2020 at 07:19:29AM +0200, Peter J. Philipp wrote: > Hi, > > Aug 5 07:09:55 beta unwind[1703]: startup > Aug 5 07:09:59 beta unwind[62921]: validation failure > . A IN>: no DNSSEC records from 192.168.177.1 for DS internal.centroid.eu. > while > building chain of trust > > Le

Re: bgpd config advice needed

2020-08-25 Thread Florian Obser
On Tue, Aug 25, 2020 at 09:48:04AM -, Stuart Henderson wrote: > > Guesses can be made, but a quick email might get a more accurate > answer :) "Hi, I see you are padding your announcements at $IX and we > are seeing you from other peers with the same path length, would you > prefer we send to

Re: Is altroot a sysupgrade foe?

2020-09-20 Thread Florian Obser
On Sun, Sep 20, 2020 at 01:19:17AM -0400, Predrag Punosevac wrote: > > Hi Misc, > > For number of years I had a very simple scheme to backup my OpenBSD > infrastructure servers running critical network services for our small > university lab. Namely, I would put a low profile usb flash drive and

Re: OpenDNSSEC signer engine: Bus error: How to get debug information?

2020-09-22 Thread Florian Obser
On Tue, Sep 22, 2020 at 04:08:16PM +0200, Why 42? The lists account. wrote: > > On Tue, Sep 22, 2020 at 07:12:47AM -, Stuart Henderson wrote: > > Sounds like they are trapping sigbus themselves but the handler isn't > > giving useful information. > > > > Try just running it under gdb: > > pkg

Re: How do I publish default router preferences using rad?

2019-08-07 Thread Florian Obser
On Tue, Aug 06, 2019 at 11:17:04PM +0200, Sebastian Benoit wrote: > Caleb(enlightened.des...@gmail.com) on 2019.08.06 08:05:48 -0700: > > How do I publish default router preferences as defined in RFC 4191 > > (https://tools.ietf.org/html/rfc4191) using rad in OpenBSD 6.5? > > I've read the friendly

Re: How do I publish default router preferences using rad?

2019-08-18 Thread Florian Obser
"%lu", __func__, IMSG_DATA_SIZE(imsg)); > >memcpy(&verbose, imsg.data, sizeof(verbose)); > >log_setverbose(verbose); > >break; > > @@ -754,6 +754,7 @@ config_new_empty(void) > >xconf->ra_options.cur_hl =

Re: IPv6 problems

2019-08-21 Thread Florian Obser
On Sun, Aug 18, 2019 at 07:36:55PM +0200, list wrote: > Hi, > > The output of slaacctl show interface vio0 ist the following: > > # slaacctl show interface vio0 > > slaacctl: connect: /dev/slaacd.sock: Connection refused > > This is not how it is supposed to be i guess. it would be interesting

Re: Package -stable updates

2019-08-29 Thread Florian Obser
On Thu, Aug 29, 2019 at 09:39:40AM +0300, Consus wrote: > On 19:59 Wed 28 Aug, Steven Shockley wrote: > > So, many thanks to everyone who put together the new -stable updates for > > packages. Is there a command I can put in the crontab that will only > > output if there are updates? Similar to w

Re: handling snapshot installation in production environment

2019-09-02 Thread Florian Obser
This will only work if you stop upgrading snapshots long before 6.6 is announced. Otherwise you will be on 6.6-current by November 1st and -r will wait for 6.7. On September 2, 2019 1:15:26 PM GMT+02:00, Ian Darwin wrote: >> The sysupgrade tool is a nice way to install the newest snapshot, >nev

Re: acme-client no longer usable on -stable?

2019-09-12 Thread Florian Obser
On Thu, Sep 12, 2019 at 12:42:58PM +0200, Henry Jensen wrote: > Greetings, > > A tweet[0]from @romanzolotarev confused some people, including me. > > Basically he says, that if you wish co continue to use acme-client you > have to upgrade to -current, because of the switch to ACME v02 API and > t

Re: How can I remove sets installed by sysupgrade?

2019-09-17 Thread Florian Obser
On Tue, Sep 17, 2019 at 09:43:20AM +0200, Marc Espie wrote: > I'm a bit surprised nobody looked at instrumenting what sets are actually > installed on a machine during install/manual upgrade and cloning that > into sysupgrade to avoid this kind of surprise... > Yeah, I think sysupgrade was a mis

Re: acme-client issue with domain w/ alternative name

2019-10-22 Thread Florian Obser
On Tue, Oct 22, 2019 at 09:56:57AM +0100, Daniel Winters wrote: > Good morning, > > > Today acme-client renewed all but 2 of my domains; the two that have > > "alternative names" in the certificates. I cannot get it to renew > > those two. This is on amd64 on 6.6-current, updated today. > > I ca

Re: But there is Fossil...

2020-01-04 Thread Florian Obser
On Sat, Jan 04, 2020 at 04:59:40PM +, go...@disroot.org wrote: > I never read Please stop wasting our time then. Thanks, Florian -- I'm not entirely sure you are real.

Re: OpenBSD's extremely poor network/disk performance?

2020-01-07 Thread Florian Obser
On Tue, Jan 07, 2020 at 05:35:13PM +0300, Hamd wrote: > It's 2020 and it's -still- sad to see OpenBSD -still- has the > lowest/poorest (general/overall) performance ever: Thank you for your kind and encouraging words. I will get right on fixing these issues for you. -- I'm not entirely sure you

Re: sysupgrade woes on beaglebone black

2020-01-10 Thread Florian Obser
On Fri, Jan 10, 2020 at 10:06:41AM +0100, Jan Stary wrote: > It seems it's the SD card that is slow (the machine > is a BeagleBone Black) - will try with a faster one. > > It seems I am missing out on > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/miniroot/install.sub.diff?r1=1.1141&r2=1.1

Re: 6.6 pflow IPFIX removed?

2020-03-04 Thread Florian Obser
The ifconfig option parser is... special. You must set flowdst as well as pflowproto. On 4 March 2020 14:02:18 CET, Kapetanakis Giannis wrote: >Hi, > >Is IPFIX removed  from pflow in 6.6? > ># ifconfig pflow0 pflowproto 10 >ifconfig: SIOCSETPFLOW: Can't assign requested address > >pflow(4) still

Re: NSD/Unbound clarifications

2015-11-23 Thread Florian Obser
On Mon, Nov 23, 2015 at 04:27:08PM +0100, Alessandro Baggi wrote: > I've configured unbound for a small network. What is "maximum > capacity" of Unbound? Is suitable for big networks? What was the maximum capacity of bind? Was it suitable for big networks? How did you find out? -- I'm not entire

Re: TRIM on SSD

2017-12-06 Thread Florian Obser
On Wed, Dec 06, 2017 at 08:15:57AM +, Rupert Gallagher wrote: > I know well that article, because it is several years old with no updates. > > Those working on ffs should do what they are supposed to do. Lack of money? > Setup a stickers sale or a kickstarter, get the money and just fucking d

Re: OpenBSD 6.2 (up2date with syspatch) - HANGING

2017-12-22 Thread Florian Obser
On Thu, Dec 21, 2017 at 09:20:16PM +, Maxim Bourmistrov wrote: > > I had to bypass relayd to roll prod stable. > Down to apache. Taking care of http and https. > By redirect. > Now this setup (if I can call it) is stable. > > . > > P.S. > Looks like we have to move forward from here. Buy an

Re: Creating your individual git mirrors of OpenBSD

2017-12-28 Thread Florian Obser
On Wed, Dec 27, 2017 at 11:33:14PM +, Dinesh Thirumurthy wrote: > Hi, > > If you wanted your personal git mirrors of OpenBSD, then you can do it with: > > https://github.com/hakrtech/repogen/repogen.sh > > This will generate git repos of OpenBSD's source, xenocara, ports and www. > > You ca

Re: Wondering if any of my hardware is working on -current

2018-02-08 Thread Florian Obser
On Wed, Feb 07, 2018 at 09:03:09PM -0800, Chris Bennett wrote: > OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017 > > r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 3774021632 (3599MB) > avail mem = 3652612096 (3483MB) the ram will probably

Re: httpd / acme-client confusion

2018-03-16 Thread Florian Obser
this works for me: server "tlakh.xyz" { listen on 0.0.0.0 tls port 443 listen on :: tls port 443 tls certificate "/etc/ssl/tlakh.xyz.crt" tls key "/etc/ssl/private/tlakh.xyz.key" hsts location "/shop.6.html" { block return 402

Re: IPv6 problem after 6.3 upgrade

2018-04-03 Thread Florian Obser
On Tue, Apr 03, 2018 at 03:43:07PM +0200, Paul de Weerd wrote: > On Tue, Apr 03, 2018 at 03:23:19PM +0200, Miles wrote: > | > | Am 03.04.2018 um 14:56 schrieb Leo Unglaub: > | > Hello, > | > i have a IPv6 problem since i upgraded to 6.3. I cannot reach other > | > > | /etc/hostname.vio0 > | >> in

Re: IPv6 problem after 6.3 upgrade

2018-04-03 Thread Florian Obser
On Tue, Apr 03, 2018 at 04:05:44PM +0200, Leo Unglaub wrote: > Hey, > > > see "IPv6 broken on Hetzner.de vServer OpenBSD 6.3 / amd64" on bugs@ > > > > I'm pretty sure hetzner sets a static route to your link local address for > > the /64 they assign to you. > > > > Since the the link local addre

Re: Impact of 002_icmp6.patch

2020-10-30 Thread Florian Obser
On Fri, Oct 30, 2020 at 11:58:41AM +0100, Martin Schröder wrote: > Am Fr., 30. Okt. 2020 um 11:54 Uhr schrieb Denis Fondras > : > > Please, fix your tweet. The default install answer for IPv6 is 'none'. > > This borders on "switch off v6 for security reasons", which would be just > wrong. since

Re: httpd location statement

2020-12-10 Thread Florian Obser
I think the only way is to repeat the location statement for each extension :/ You can leave out the socket since that's the default On 10 December 2020 18:24:20 CET, Alexey Vatchenko wrote: >Hello! > >I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 >OpenBSD’s httpd. >In my conf

Re: Website - Missing kstat man page

2021-01-03 Thread Florian Obser
On 3 January 2021 15:25:13 CET, Ingo Schwarze wrote: >Hi, > >Daniel Jakots wrote on Sat, Jan 02, 2021 at 11:19:07PM -0500: >> On Sat, 2 Jan 2021 22:57:06 -0500, wrote: > >>> I came across a broken link during some pre-install research. >>> >>> While browsing URL https://www.openbsd.org/68.htm

Re: sysupgrade failure logs

2021-02-14 Thread Florian Obser
What are the permissions on the bsd.upgrade that's left behind? If they are still +x then your issue is with the boot loader, maybe that boot.conf otto suggested. If they are -x then the boot loader started the install kernel but something went wrong. On 14 February 2021 18:02:07 CET, Judah Koch

Re: acme-client, error 21 at 0 depth lookup:unable to verify the first certificate

2021-04-03 Thread Florian Obser
https://xkcd.com/979/ On Sat, Apr 03, 2021 at 05:43:36PM +0200, open...@crw.name wrote: > Self solved. > > Am 02.04.2021 14:02, schrieb open...@crw.name: > > Hello, I need some help to configure my acme-client the right way. > > > > Obtain certificates itself works using OpenBSD -current #434 fr

Re: nc(1) fails the tls handshake when destination ends with a full stop

2021-05-30 Thread Florian Obser
On 2021-05-30 19:55 +02, Theo Buehler wrote: > On Sun, May 30, 2021 at 01:43:54PM -0400, Daniel Jakots wrote: >> On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler >> wrote: >> >> > Unsure. If people really think this is useful and necessary, I can be >> > convinced. It's easy enough to do. And yo

Re: How Do I Get The OpenBSD Install Procedure To Stop Trashing My Bootloader?

2023-07-14 Thread Florian Obser
On 2023-07-13 13:53 -05, "Jay F. Shachter" wrote: > (Parenthetically, when is OpenBSD going to support ZFS, and join the > category of operating systems in which I can do serious work, i.e., What makes you think that's a goal for the people working on OpenBSD? An actual, professional clown, who

Re: Require host-name from DHCP clients

2023-09-26 Thread Florian Obser
On 2023-09-27 01:01 +02, Joel Carnat wrote: > Hi, > > Because of Apple Private Address feature, my static IP allocations based > on MAC address (hardware ethernet) doesn't work anymore. Looking at > dhcpd.leases, some devices provide a client-hostname value ; but not > every one. > > Is there a dh

Re: Upgrading from 7.3 to 7.4 with sysupgrade

2023-11-17 Thread Florian Obser
On 2023-11-17 16:06 +01, Odd Martin Baanrud wrote: > Hello Jan, > > Thanks for the tip. > The upgrade went smoothly. > I ran “sysupgrade -n”, deleted the game set and the X sets and rebooted. > > Perhaps sysupgrade should be enhanced, so one could either choose > which sets should be upgraded, or

Re: Upgrading from 7.3 to 7.4 with sysupgrade

2023-11-18 Thread Florian Obser
On 2023-11-18 15:57 +01, m...@emailgroups.net wrote: > On Sat, Nov 18, 2023, at 11:57, Mark wrote: >> "> That will never happen." >> >> And some serious reason? >> >> It was a great idea indeed. :/ > > They don't go out of their way to assist with foot shooting. Oh, we like foot guns as much as

Re: slaacd + Thread networks = log spam

2024-02-03 Thread Florian Obser
On 2024-02-03 12:55 -05, "Stefan R. Filipek" wrote: > For some time, my /var/log/messages has been filled with entries like: > > Dec 31 14:03:58 odin slaacd[56869]: last solicitation less then 4 seconds ago > Dec 31 14:04:08 odin last message repeated 2 times > Dec 31 15:50:07 odin slaacd[56869]:

Re: Automatic OS updates

2024-02-15 Thread Florian Obser
On 15 February 2024 19:12:11 CET, b...@fea.st wrote: >So I was curious, am I the only one using automatic OS updates >in cron to keep the fish fresh and the bits dust free? > >I think I read somewhere that it's not recommended but I'm not >running a server so it seems like a good idea to me. > >

Re: Programmatically add default IPv6 route

2024-02-23 Thread Florian Obser
You can probably steal the code from slaacd(8). On 23 February 2024 20:58:59 CET, Claudio Jeker wrote: >On Fri, Feb 23, 2024 at 06:25:18PM +0100, Denis Fondras wrote: >> Hello, >> >> I am trying to add IPv6 support for pppd(8) (IPv6CP) and I encounter a >> blocker >> when adding a default IPv6

Re: unbound signature expired

2024-03-18 Thread Florian Obser
They seem to be using extremely short-lived signatures, probably created by an online-signer. $ dig +short ns slack.com ns-1493.awsdns-58.org. ns-166.awsdns-20.com. ns-1901.awsdns-45.co.uk. ns-606.awsdns-11.net. $ TZ=UTC dig @ns-1493.awsdns-58.org. +norec +dnssec +multiline +nocrypto slack.com

Re: sysupgrade doesn't work unless monitor is attached

2024-03-21 Thread Florian Obser
On 2024-03-21 10:33 +01, Christer Solskogen wrote: > Nick Holland reported this with a HP T430 Thin Client already in May > 2022, and I see the same problem on two of my new firewalls. I was > hoping a HDMI dummy plug would work as a workaround, but it doesn't. > I'm not sure when or what marks t

Re: Request for a check 'relinking in progress' before a reboot

2024-03-23 Thread Florian Obser
On 2024-03-23 00:10 +01, Dan wrote: > Hello, > > To avoid prbs with the relinking of the kernel happening in background > I propose to set a little check during the shutdown to avoid to interrup it.. > > Thnx! Could you give this a spin please an report back? See release(8) for details. It's not

Re: Request for a check 'relinking in progress' before a reboot

2024-03-23 Thread Florian Obser
On 2024-03-23 08:47 +01, Dan wrote: > Florian, thanks a lot for your effort, really appreciable.. > >> Could you give this a spin please an report back? See release(8) for >> details. > > Unfortunately I'm still on 7.4 stable and I cant screw down any patch for you. > Maybe having a storagy with c

Re: configure rad for ULA addresses

2024-03-24 Thread Florian Obser
On 2024-03-24 23:33 +01, Evan Sherwood wrote: > I'm not sure how to configure rad (or if rad is the right program) to > help have my devices autoconfigured ULA addresses in a given prefix > (generated from https://www.unique-local-ipv6.com). > > I am debugging a new ISP and need to switch between

Re: rm: #08057459: Operation not permitted

2024-03-26 Thread Florian Obser
newfs(8), and restore from backup. Your filesystem is fubar. Or a hexeditor and a steady hand, but then you are very much on your own and we'll just watch in amazement. On 26 March 2024 21:30:14 CET, Peter Fraser wrote: >The reason why ls -l faulted has been found and is being worked on. > >The

Re: How to exit cu?

2024-03-29 Thread Florian Obser
On 2024-03-29 08:12 +01, Evan Sherwood wrote: > Before I learned about the tilde sequences, I just unplugged the USB > adapter. That quits cu. > > Worked in my case since my device was under its own power. FYI. > That's neat, I always just reboot :D Same for quitting vi... -- In my defence, I h

Re: ipv6 assistance

2024-04-06 Thread Florian Obser
Someone with pull at UPC^W ziggo^W vodafone^W liberty global could potentially get that situation improved. On 6 April 2024 19:04:52 CEST, Peter Hessler wrote: >OpenBSD natively supports IPv6 addressing via static configuration and >SLAAC. We do not have a DHCPv6 client in base, so currently yo

Re: ipv6 assistance

2024-04-07 Thread Florian Obser
On 2024-04-07 10:27 UTC, Stuart Henderson wrote: > On 2024-04-06, Florian Obser wrote: >> Someone with pull at UPC^W ziggo^W vodafone^W liberty global could >> potentially get that situation improved. > > Often on an OpenBSD box using one of these connections, you want >

Re: Changing sysctl hw.sensors names on a T410

2022-09-07 Thread Florian Obser
On 2022-09-07 15:09 UTC, Stuart Henderson wrote: > On 2022-09-07, Lévai Dániel wrote: >> Doesn't hurt anything really, was just wondering if anyone has seen this and >> maybe have a tech tale of an explanation for it. > > Does it depend on cold/warm boot, or whether it's on battery or plugged i

Re: Supposed way to have a login without password but still able to login via ssh?

2022-09-26 Thread Florian Obser
Set the password hash to 13 * using vipw(8) or usermod -p. I wonder if we document that somewhere. On 26 September 2022 20:27:07 CEST, Federico Giannici wrote: >I have a login that I want to be able to access only via ssh with a >certificate (in ~/.ssh/authorized_keys). > > >So I have disabled

Re: smtpd.comf: '... reject "message"' fails

2022-10-20 Thread Florian Obser
On 2022-10-20 21:38 -07, "Lyndon Nerenberg (VE7TFX/VE6BBM)" wrote: > My reading of smtpd.conf says that any reject action should be able > to take a message parameter. Yet the following line is rejected > with a syntax error message: > > match mail-from rdns regex "\.t-online\.de$" reject "550

Re: dhclient -d run0

2022-12-21 Thread Florian Obser
On 2022-12-21 15:04 UTC, Rodrigo Readi wrote: > Too much innovations, too much daemons ... :) Things kinda went downhill after CSRG disbanded.

Re: Possible off-by-one bug in usr.sbin/rad/engine.c

2022-12-31 Thread Florian Obser
On 2022-12-31 23:54 +01, Ingo Schwarze wrote: > Hi Alejandro, > > Alejandro Colomar wrote on Sat, Dec 31, 2022 at 05:56:27PM +0100: > >> I've started auditing the OpenBSD source code after the discussion on >> arc4random_uniform(3) and my suggestion of arc4random_range() on the glibc >> mailing

Re: pflow(4) and ipv6 flows

2023-02-21 Thread Florian Obser
Yes, wild guess, you are running with pflowproto 5. It probably works better with pflowproto 10. On 2023-02-21 13:12 +02, Kapetanakis Giannis wrote: > Hi, > > Does pflow(4) support export of ipv6 flows? > > I see none recorded. > > Thanks, > > G > -- In my defence, I have been left unsupervise

Re: pflow(4) and ipv6 flows

2023-02-21 Thread Florian Obser
On 2023-02-21 14:24 +02, Kapetanakis Giannis wrote: > Yes I'm using default netflow version 5. > > is IPFIX better in general or the only one that supports ipv6? Yes, version 5 is not specified for IPv6 flows, only IPFIX can export IPv6 flows. > > thanks > > G -- In my defence, I have been lef

Re: dhcpleased losing route

2023-05-10 Thread Florian Obser
( this is a good dhcp state diagram to follow along at home: https://commons.wikimedia.org/wiki/File:DHCP_Client_State_Diagram_-_en.png ) On 2023-05-10 23:07 +10, David Diggles wrote: > I probably should have done numeric tcpdump output. Here's both again. > > tcpdump: WARNING: snaplen raised fr

Re: dhcpleased losing route

2023-05-11 Thread Florian Obser
On 2023-05-11 08:08 +10, David Diggles wrote: > On Thu, May 11, 2023 at 07:27:22AM +1000, Jonathan Matthew wrote: >> >> This looks like the thing I ran into a while ago where I had an overly >> broad nat-to rule for outgoing traffic that applied to traffic from the >> host as well as the networks

Re: DHCP and apm suspend/resume

2023-05-17 Thread Florian Obser
On 2023-05-17 18:02 UTC, l...@fuji.kuistio.me wrote: > Hi > > I have a desktop machine I recently installed OpenBSD 7.3 on. Everything > seems to be working fine except that it doesn't obtain a DHCP lease when > waking up from suspend. I haven't found any docs saying if it even should > do this.

Re: unwind[92074]: bad packet: too large?

2023-07-03 Thread Florian Obser
On 2023-07-04 00:17 +03, Mark wrote: > Hi there. > > I'm getting this one in daemon/messages log files: > > Jul 3 20:52:53 unwind[92074]: bad packet: too large: 65552 - > 1.0.0.127.bl.blocklist.de. IN A > Jul 3 20:52:53 last message repeated 4 times > > What does that mean? The nameservers for

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

2013-07-09 Thread Florian Obser
On Tue, Jul 09, 2013 at 08:30:03PM +0300, BSD Kazakhstan wrote: > Thinking of chroot(), I have even tried adding a copy of perl binary to: > > # ls -l /var/www/usr/bin/ > -rwxr-xr-x 1 root daemon 10725 Jul 9 19:15 perl your perl is probably not statically linked, see http://www.openbsd.org/fa

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

2013-07-09 Thread Florian Obser
On Tue, Jul 09, 2013 at 09:18:40PM +0300, ?zg?r Kazan??? wrote: > It's the base' perl, > > # perl -v > This is perl 5, version 12, subversion 2 (v5.12.2 (*)) built for > amd64-openbsd > (with 10 registered patches, see perl -V for more detail) > > And using nginx with chroot-disabled, (-u) didn't

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

2013-07-09 Thread Florian Obser
On Tue, Jul 09, 2013 at 09:37:06PM +0300, ?zg?r Kazan??? wrote: > And the browser side: > "502 Bad Gateway" > (Actually the same error occurs when trying with any filenames (no matter > exists or not) ended with .cgi. ... and the log probably says "upstream prematurely closed FastCGI stdout". Wha

Re: 10GbE (Intel X540) performance on OpenBSD 5.3

2013-08-07 Thread Florian Obser
On Wed, Aug 07, 2013 at 10:26:22AM -0400, Maxim Khitrov wrote: > Hi all, > > I'm looking for performance measuring and tuning advice for 10 gigabit > Ethernet. I have a pair of Lanner FW-8865 systems that will be used as > firewalls for the local network. [...] > The initial iperf runs couldn't go

Re: 10GbE (Intel X540) performance on OpenBSD 5.3

2013-08-07 Thread Florian Obser
On Wed, Aug 07, 2013 at 12:57:55PM -0400, Maxim Khitrov wrote: > On Wed, Aug 7, 2013 at 11:44 AM, Florian Obser wrote: > > On Wed, Aug 07, 2013 at 10:26:22AM -0400, Maxim Khitrov wrote: > > [...] > >> Increasing the MTU on both ix0 interfaces to 9000 gives me ~7.2 Gbps:

Re: Join two overlapping subnets with two way NAT/BINAT

2013-09-07 Thread Florian Obser
On 09/07/13 21:32, Simon Slaytor wrote: > Hi Folks, > > I've been trying to wrap my head around a problem for a little while and > I'm getting nowhere fast so thought I'd ask the experts: > > Due to a company take over I have two networks, NetA and NetB, that I > need to link together for bi dire

Re: Bootparamd

2013-09-13 Thread Florian Obser
On Thu, Sep 12, 2013 at 08:17:56PM +, hru...@gmail.com wrote: > Miod Vallat wrote: > > Thanks for the good tips! > > > I think the bootparams swap file information will be used correctly (I > > remember seeing a fix in this area some time ago). It doesn't hurt > > anyway to mention it in /et

Re: Best OpenBSD cloud hosting?

2013-10-10 Thread Florian Obser
On Thu, Oct 10, 2013 at 09:15:34AM +0200, InterNetX - Robert Garrett wrote: > I just want to know what a cloud is. http://xkcd.com/908/ -- I'm not entirely sure you are real.

Re: sh /etc/netstart interface counter intuitive behaviour with multiple inet aliases 6.4 and 6.3

2018-12-07 Thread Florian Obser
One possible workaround is putting -inet as the first line in /etc/hostname.vio4 It will nuke all v4 addresses and re-add them. Depending on your usecase this might work for you or it might melt down your whole network ;) On Thu, Dec 06, 2018 at 10:49:01PM +, Tom Smyth wrote: > Hello, > > Im

Re: The Dark Side of the ForSSHe - OpenSSH malwares

2018-12-13 Thread Florian Obser
On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote: > Any creative hints to defend against these kind of threats? Your system has been compromised. The attacker is able to replace binaries, you have lost. If your package manager can still tell you that the sshd binary has been replaced

Re: The Dark Side of the ForSSHe - OpenSSH malwares

2018-12-13 Thread Florian Obser
On Thu, Dec 13, 2018 at 10:02:45AM +0100, Otto Moerbeek wrote: > On Thu, Dec 13, 2018 at 09:50:31AM +0100, Florian Obser wrote: > > > On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote: > > > Any creative hints to defend against these kind of threats? > >

Re: httpd option max body size is ignored for subdomain

2019-02-03 Thread Florian Obser
On Sun, Feb 03, 2019 at 03:43:20PM +, Chris Narkiewicz wrote: > Hi, > > I'm trying to configure Nextcloud on a subdomain. My config has 2 > vhosts and connection max request body is not respected for my subdomain. this has been fixed in current. Wild guess, you are on 6.4? This diff should a

Re: Reboot and re-link (fwd) Maxim Bourmistrov: Re: Reboot and re-link

2019-06-21 Thread Florian Obser
On Thu, Jun 20, 2019 at 10:47:49PM +0200, mathijs wrote: > this makes misc@ so much more amusing It really doesn't. We are not here to have manure tossed at us for the audience's amusement. Everytime something like this happens it takes time away from hacking on OpenBSD. It doesn't matter that it

Re: merge ping6(8) into ping(8)

2016-09-18 Thread Florian Obser
[moving to misc, as this thread is missing diffs] On Sun, Sep 18, 2016 at 09:38:49AM +0300, Mikhail wrote: > On Sun, Sep 18, 2016 at 12:11 AM, Theo de Raadt wrote: > >> > this does 2 things: > >> > [...] > >> > >> I may recall what I have sent to you in private email, excerpt from > >> FreeBSD

Looking for replacement of thinkpad x201

2017-02-26 Thread Florian Obser
I need some help since I'm terrible with hardware... So my x201 main hacking laptop is getting old and benno@ is always mocking me for the amount of gaffer and stickers that are holding it together. Long story short, I'm in the market for a new thinkpad. Yes it has to be a thinkpad. I require the

Re: Fw: Re: https://undeadly.org

2017-02-28 Thread Florian Obser
It is usually not considered polite to forward private mails to mailing lists. -- I'm not entirely sure you are real.

Re: Setting rtable 0 from >1 with ping et al

2017-03-18 Thread Florian Obser
On Thu, Mar 16, 2017 at 07:59:44PM +, Joe Holden wrote: > On 09/03/2017 23:35, Joe Holden wrote: > >On 09/03/2017 23:02, Joe Holden wrote: > >>Hi, > >> > >>So - it seems that pledge will deny a change of rtable to 0 when using > >>level SOL_SOCKET and the current rtable is >0, so eg if you're i

Re: running rtsold on obsd 5.6 while also forwarding ipv6 traffic?

2014-11-26 Thread Florian Obser
On Wed, Nov 26, 2014 at 04:05:42PM -0500, Forman, Jeffrey wrote: > Hi Misc, > > Long time listener, seldom caller. > > My problem statement: I run OpenBSD 5.6-stable on my fw/router. My ISP > (Comcast in the US) provides native IPv6 support for all their customers. > They provide a /128 address f

Re: free ipv6 KVM-based - cloudspin.me [was - Re: DigitalOcean's BSD debut is FreeBSD only]

2014-12-22 Thread Florian Obser
On Sun, Dec 21, 2014 at 06:08:04PM -0500, Jiri B wrote: > On Sun, Dec 21, 2014 at 01:54:50AM +, Some Developer wrote: > > Vultr already support OpenBSD on their servers (you upload the > > OpenBSD install ISO and install it yourself) and their servers cost > > the same as Digital Ocean. > > >

smtpd(8): running as backup MX with +TAG addresses

2014-12-27 Thread Florian Obser
Hi, so I want to run smtpd(8) as a backup MX and configure the list of valid email addresses so that the backup MX rejects invalid email addresses on accepting the message and not bounce the mail alter on when it tries to deliver to the primary mail server. Currently I have this: accept from any f

  1   2   >