httpd and Wordpress
Hi guys, I have a small problem with httpd and Wordpress. When I go to https://myipaddress I get "Access denied". If I go to https://myipaddress/wordpress, everything works as expected. I have tried to change the appropriate line in the httpd.conf to: root "/htdocs/wordpress". In that case the webpage is loaded, but in the "broken" form. My current httpd.conf: # $OpenBSD: httpd.conf,v 1.16 2016/09/17 20:05:59 tj Exp $ # Macros ext_addr="*" # Global Options # prefork 3 # Servers # A minimal default server server "default" { listen on $ext_addr port 80 listen on $ext_addr tls port 443 block return 301 "https:// $SERVER_NAME$REQUEST_URI" tls { key "/etc/ssl/private/server.key" certificate "/etc/ssl/server.crt" } directory { no auto index, index "index.php" } location "*.php" { fastcgi socket "/run/php-fpm.sock" } root "/htdocs" } # Include MIME types instead of the built-in ones types { include "/usr/share/misc/mime.types" } Any ideas where I am making a mistake? Thank you Jan
Syncthing
Hi all, I am trying to sync my media libraries via Syncthing with other machine. However Syncthing on OBSD complains about "too many open files" and refuses therefore to scan and synchronize the folder. I have increased sysctl kern.maxfiles as well as openfiles-max for the staff group (of which the user is a member) in login.conf. Probably still not enough. What are safe maximal values for both (kern.maxfiles and openfiles-max) to use? Thank you Jan
Re: Syncthing
Hi Joshua, thank you very much, your solution helped. Jan On Sat, Nov 24, 2018 at 3:37 AM joshua stein wrote: > On Fri, 23 Nov 2018 at 19:48:04 +0100, Jan Betlach wrote: > > Hi all, > > > > I am trying to sync my media libraries via Syncthing with other machine. > > However Syncthing on OBSD complains about "too many open files" and > refuses > > therefore to scan and synchronize the folder. > > > > I have increased sysctl kern.maxfiles as well as openfiles-max for the > > staff group (of which the user is a member) in login.conf. Probably still > > not enough. > > > > What are safe maximal values for both (kern.maxfiles and openfiles-max) > to > > use? > > Hi, > > Newer versions of syncthing use kqueue by default to watch for file > changes which ends up using a couple file descriptors > per-sub-directory. > > You may be better off just disabling this on large shared folders > and go back to periodic scanning. This can be done through the web > interface by clicking on the folder, then Edit, then Advanced, then > uncheck 'Watch for Changes'. > > https://github.com/syncthing/syncthing/issues/5025 > >
Portslist
Hi all, strange problem. I am running -current. I have downloaded latest ports tree .tar.gz to /temp, then tar xzf in /usr. All ports are where they belong (/usr/ports). However when searching anything (make search key=package) I get following error: Please install portslist pkg_add portslist *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': @exit 1) Any help is appreciated. Thank you Jan
Re: Portslist
Because when I tried to add the portslist package, it has not been found ( ftp.spline.de mirror) yesterday. I have tried adding it again now after reading you message and it has been successfully installed. Looks like the problem is solved now. Thank you. Jan On Sat, Nov 24, 2018 at 7:10 PM Marc Espie wrote: > On Sat, Nov 24, 2018 at 02:32:02PM +0100, Jan Betlach wrote: > > Hi all, > > > > strange problem. I am running -current. I have downloaded latest ports > > tree .tar.gz to /temp, then tar xzf in /usr. > > All ports are where they belong (/usr/ports). > > However when searching anything (make search key=package) I get > > following error: > > Please install portslist > > pkg_add portslist > > *** Error 1 in /usr/ports (Makefile:80 '/usr/local/share/ports-INDEX': > > @exit 1) > > > > Any help is appreciated. Thank you > > > > Jan > So why don't you read the error message and do just that ? >
Re: Portslist
Yes, it probably was, sorry for that. I did not think adding the portslist package is a correct solution as it has not been found, therefore asked here... Jan On Sat, Nov 24, 2018 at 7:34 PM Marc Espie wrote: > On Sat, Nov 24, 2018 at 07:22:09PM +0100, Jan Betlach wrote: > > Because when I tried to add the portslist package, it has not been found > ( > > ftp.spline.de mirror) yesterday. I have tried adding it again now after > > reading you message and it has been successfully installed. > > Ah, so your reporting was very sloppy. > > Mirrors do tend to get out-of-date from time to time. >
Re: Recommendations for video call/conferencing server on OpenBSD?
Hi, I am using jitsi.org and tox.chat (on Linux VM). Jan On 1 Apr 2020, at 22:53, T. Ribbrock wrote: > Hi all, > > with more and more colleagues and friends sitting at home, I'm > considering installing some video call/conferencing software on my > existing OpenBSD server. > > I currently have Nextcloud installed on that server, so the easiest > option was the Nexcloud Talk plugin, which I'm playing with now. > > Nonetheless, I'd be curious about what others use/recommend for video > calls/conferencing - any suggestions? > > Thanks in advance, > > Thomas
Re: More than 16 partitions
For a non-native English speaker like myself, it is very difficult to read your mestuff… Jan On 23 Apr 2020, at 19:47, zeurk...@volny.cz wrote: theo wrote: That is a rewriting of history. It's history the way meknows it. Mecertainly predates some of it. The disklabel format predates the PC. Indeed. Mewasn't sure where and when exactly it appeared, so meleft that bit out. But medid know it was older, and metried to communicate that fact (obviously mefailed -- meapologizes). It came from the the ancient attempt to handle things in CSRG's 4.3reno/4.4 work on the hp300. It was probably a rewrite of the native HPUX disk format. Hmm, hp300, eh? This was then put on all the other architectures, as a unified view of the disk. It was modified and extended on as as-needed basis. Rewriting the history like this is pathetic inaccurate and narrowminded. Your history is absolutely false and you've made up a bunch of balony. So, what did memake up? Did mepresent a timeline? An exact order of events? Did mepresent a scientific study? Or didmejust try to give an overview of things in terms that Groot (and many others, mesuspects) may just understand? It is not true, and even a elementary review of the history of disklabel.h back into the early NetBSD tree will make it clear what's going on. Like mesaid, it's the history the way meknows it. Me's not a bloody authority on the history of either BSD or the IBM pee-cee, *at all*. Perhaps meshould've made that clearer. OH, and I did most of the early work post-CSRG, because we needed to "emulate" this on SunOS, and I ported Torek's sparc code into NetBSD. Mehas _no doubt at all_ that you know BSD (including its history) better than me (that is, of course, an understatement). I urge you to stop posting such balony. Then it's me turn to urge you to not read me overview as an historical account of any exactness. After all, the goal, for me, was trying to help Groot understand the relationships he sought clarification for. Perhaps meindeed should've included a disclaimer. Then again, mehas no offical role here (nor does mewant one), and in no way are me words to be taken for the one and universal truth. Can we please just assume that Groot is mature enough to be able to form his own view based on our individual contributions? Me'd like that. --zeurkous. -- Friggin' Machines!
Re: pkg_add -u: no such dir
Is 6.7 being released already? Jan On 5 May 2020, at 13:28, Groot wrote: > I tried updating all applications, only to be greeted with > the following message. > > doas pkg_add -u > https://ftp.OpenBSD.org/pub/OpenBSD/6.7/packages/amd64/: no such dir > list of applications > > I'm sure someone must have noticed by now. > Only the directories within https://ftp.OpenBSD.org/pub/OpenBSD/6.7/ > give 404 Not found error in a browser.
Re: pkg_add -u: no such dir
Thanks. My bad, I’ve realized that as soon as I’ve hit the send button. On 5 May 2020, at 17:19, Andinus wrote: > Jan Betlach @ 2020-05-05 17:05 IST: > >> Is 6.7 being released already? > > No, they're probably using a snapshot.
pf and Wireguard
Hi, I’ve setup Wireguard on my home router running -current. The tunnel works, I have access to my LAN resources ONLY in case pf is disabled. When I enable pf, Wireguard connects, does handshakes, however I cannot even ping the router nor access anything in the network. So that it seems my rules in pf are the reason. I admit I am a novice in respect with pf. Therefore I’d like to ask you to help or direct me to a solution. My pf rules are pretty easy, basically taken from FAQ - building a router. Here they are: wan="em0" lan="em1" localnet=$lan:network table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\ 203.0.113.0/24 } set skip on lo0 set block-policy drop set loginterface egress match in all scrub (no-df random-id max-mss 1440) match out on egress inet from !(egress:network) to any nat-to (egress:0) antispoof quick for { egress $lan } block in quick on egress from to any block return out quick on egress from any to block all pass out quick inet keep state pass in on { $lan } inet keep state pass in proto udp from any to any port XXX keep state match out on egress from (wg0:network) to any nat-to (egress:0) Last two lines are Wireguard related. Being a noob, I suspect the last NAT line may be the problem, Thank you in advance for any comments. Regards Jan
OpenBSD was right
I hope it is OK to share here: https://www.youtube.com/watch?v=jI3YE3Jlgw8 Jan
Home NAS
Hi guys, I am setting up a home NAS for five users. Total amount of data stored on NAS will not exceed 5 TB. Clients are Macs and OpenBSD machines, so that SSHFS works fine from both (no need for NFS or Samba). I am much more familiar and comfortable with OpenBSD than with FreeBSD. My dilema while stating the above is as follows: Will the OpenBSD’s UFS stable and reliable enough for intended purpose? NAS will consist of just one encrypted drive, regularly backed to hardware RAID encrypted two-disks drive via rsync. Should I byte the bullet and build the NAS on FreeBSD taking advantage of ZFS, snapshots, replications, etc? Or is this an overkill? BTW my most important data is also backed off-site. Thank you in advance for your comments. Jan
Re: Home NAS
Hi, thank you all for comments. I am restoring backup to my new OpenBSD based home NAS as of writing this. Why I have decided to go this route and not with other option like ZFS: - FFS seems to be reliable and stable enough for my purpose. ZFS is too complicated and bloated (of course it has its advantages), however major factor for me has been that it is not possible to encrypt ZFS natively on FreeBSD as of now. I am also more comfortable with Open BSD than with Free BSD. I did not want to go with Linux at all. - I have installed Open BSD on an external unencrypted USB stick. So that I don’t need to have access to the box in case of restart. Main data NAS disk is 2TB internal one in the box (Zotac nano), which is encrypted. I can easily mount it via SSH in case of restart. Backups are automated via rsync to the encrypted external hardware RAID disks. Using DUIDs for all drives. - I do keep offsite backup as well. I have tested this setup in the last couple of days before going all in. So far so good. Performance is plenty acceptable for my usage. Mounting the NAS storage via SSHFS on client machines (Macs and OpenBSDs) works flawlessly and speed is also OK. Thanks again Jan On 15 Nov 2019, at 16:02, pierre1.bar...@orange.com wrote: Hello, I tried a home NAS with ZFS, then BTRFS. Those filesystems needs tons of RAM (~1 GB of RAM by TB of disk), preferably ECC. I found it very expensive for home usage, so I wouldn't recommend it. Recovy systems were also inexistent at the time (no btrfsck), I don't know if it has improved since. I ended with LVM : cheap to implement and very easy to extend. I am very happy with it. -- Cordialement, Pierre BARDOU -Message d'origine- De : owner-m...@openbsd.org De la part de Rafael Possamai Envoyé : vendredi 15 novembre 2019 14:35 À : Jan Betlach Cc : misc@openbsd.org Objet : Re: Home NAS My experience with ZFS (FreeNAS for the most part) is that it becomes more "expensive" to expand your pool after the fact (for a couple of different reasons, see below), but if 5TB is all you're ever going to need in this specific case, I think you should be fine and can take advantage of ZFS features like you said. I have sources for this at home (a couple of articles and link to a forum thread), but these are saved on my desktop at home. Just let me know and I'll share them with you later. On Thu, Nov 14, 2019, 8:27 AM Jan Betlach wrote: Hi guys, I am setting up a home NAS for five users. Total amount of data stored on NAS will not exceed 5 TB. Clients are Macs and OpenBSD machines, so that SSHFS works fine from both (no need for NFS or Samba). I am much more familiar and comfortable with OpenBSD than with FreeBSD. My dilema while stating the above is as follows: Will the OpenBSD’s UFS stable and reliable enough for intended purpose? NAS will consist of just one encrypted drive, regularly backed to hardware RAID encrypted two-disks drive via rsync. Should I byte the bullet and build the NAS on FreeBSD taking advantage of ZFS, snapshots, replications, etc? Or is this an overkill? BTW my most important data is also backed off-site. Thank you in advance for your comments. Jan _ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
Re: Why isn't ChallengeResponseAuthentication NO in sshd_config?
Isn’t it commented out by default? Jan Hello, nobody about the $subject? :) Why isn't ChallengeResponseAuthentication NO in sshd_config by default? It would be more secure, afaik. Many thanks. Sent: Thursday, December 19, 2019 at 7:58 PM From: "lu hu" To: misc@openbsd.org Subject: Re: Why isn't ChallengeResponseAuthentication NO in sshd_config? Sent: Wednesday, December 18, 2019 at 9:49 PM From: "Bodie" To: misc@openbsd.org, owner-m...@openbsd.org Subject: Re: Why isn't ChallengeResponseAuthentication NO in sshd_config? On 18.12.2019 18:48, lu hu wrote: Hello, # what am I talking about? https://man.openbsd.org/sshd_config#ChallengeResponseAuthentication ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed. All authentication styles from login.conf(5) are supported. The default is yes. # what does linux distros use: If I ex.: read: https://access.redhat.com/solutions/336773 then I can see ChallengeResponseAuthentication is NO for security reasons. Ubuntu too. # what else says ChallengeResponseAuthentication should be NO? https://www.openwall.com/lists/oss-security/2019/12/04/5 -> These issues were quickly fixed in OpenBSD as you can see in Security This isn't related to the subject. 1. CVE-2019-19521: Authentication bypass this attack should be more mitigated if ChallengeResponseAuthentication would be by default set to NO. # FIX: from this: cat /etc/ssh/sshd_config ... # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ... to this: vi /etc/ssh/sshd_config cat /etc/ssh/sshd_config ... # Change to no to disable s/key passwords ChallengeResponseAuthentication no ... But of course by default, without fixing sshd_config it should be NO. Who the hell uses s/key with sshd nowadays? And you are aware that this option is not there just for S/Key, right? It's for example PAM Google authenticator too on Linux and others I think you missed couple of points. Eg.: https://www.openbsd.org/faq/faq10.html#SKey and the fact that login.conf(5) on OpenBSD by default enables S/Key. I checked the https://www.openbsd.org/faq/faq10.html#SKey first step is to have a /etc/skey dir. So checked it: 66# ls /etc/skey ls: /etc/skey: No such file or directory 66# There is no /etc/skey by default. So you have to do the "skeyinit -E" as root, etc. Same for Google authenticator, etc. So ChallengeResponseAuthentication should be only enabled then.. when you set up extra auth methods. So afaik skey isn't enabled by default on OpenBSD, but for still some unkown reason (for me) ChallengeResponseAuthentication is set to yes by default on OpenBSD. Why? So please, can we make the default sshd_config more secure and set the "ChallengeResponseAuthentication to NO"? Some practical examples at hand of the current vulnerability which will make this change reasonable? It is about proactive security, to avoid future possible security issues. Many thanks and whishing a peaceful xmas!
Syspatch
Hi, I am getting following error when running syspatch as root on my APU2C4: ftp: SSL write error: certificate verification failed: certificate is not yet valid I am using Fastly in my installurl: https://cdn.openbsd.org/pub/OpenBSD Other machines run syspatch without any problem, using Fastly CDN as well. Any ideas what is wrong? Might as well be a pebkac I am unaware of… Thanks Jan
Fwd: Syspatch
Forwarded message: From: Jan Betlach To: stan Subject: Re: Syspatch Date: Thu, 16 Jan 2020 13:50:59 +0100 Wow / pebkac as I’ve said. Of course date/time was off for some reason. Thank you very much. Jan On 16 Jan 2020, at 13:48, stan wrote: On Thu, Jan 16, 2020 at 01:43:44PM +0100, Jan Betlach wrote: Hi, I am getting following error when running syspatch as root on my APU2C4: ftp: SSL write error: certificate verification failed: certificate is not yet valid I am using Fastly in my installurl: https://cdn.openbsd.org/pub/OpenBSD Other machines run syspatch without any problem, using Fastly CDN as well. Any ideas what is wrong? Might as well be a pebkac I am unaware of??? Have you verifed the date/time is corect on the machine in question? -- "They that would give up essential liberty for temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
Re: Syspatch
Thank you. Yes, as I had already replied, it has been out-of-sync clock. Interestingly enough ntpd was running. Anyway, clock has been corrected and everything is working OK now. Jan On 16 Jan 2020, at 15:13, Edgar Pettijohn wrote: On Jan 16, 2020 8:09 AM, Christer Solskogen wrote: On Thu, Jan 16, 2020 at 1:45 PM Jan Betlach wrote: Any ideas what is wrong? Might as well be a pebkac I am unaware of… Clock out of sync? I have seen this a few times and it was always my system clock out of whack. Might be as easy as making sure ntpd is running.
Re: Full disk encryption including /boot, excluding bootloader?
I’m interested as well. Jan On 17 Feb 2020, at 17:10, Kevin Chadwick wrote: On 2020-02-17 15:09, Julius Zint wrote: Some feedback from the OpenBSD community on this would also be appreciated. Are there enought people interessted in a Trusted Boot with OpenBSD? I'm interested
Re: can texlive package be installed ?
Are you using Fastly? Try PlanetUnix, it should work… Jan > On 27. 2. 2021, at 15:18, Shadrock Uhuru wrote: > > system information. > OpenBSD 6.9 GENERIC.MP#343 amd64 > flavor: current > > when i try to install texlive, > all i get is :- > > doas pkg_add -v texlive_texmf-full > Update candidates: quirks-3.588 -> quirks-3.588 > quirks-3.588 signed on 2021-02-26T23:14:00Z > Ustar > [https://ftp.OpenBSD.org/pub/OpenBSD/snapshots/packages/amd64/texlive_texmf-full-2020p1.tgz][share/texmf-dist/bibtex/bib/beebe/printing-history.bib]: > Premature end of archive in header: > pkg_add: Installation of texlive_texmf-full-2020p1 failed, partial > installation recorded as partial-texlive_texmf-full-2020p1.6 > > > any suggestions ? > > shadrock >
Thinkpad donation
Hi, I may have one spare Thinkpad X270 in mint conditions, which I would be willing to donate to one of the OpenBSD developers. Not sure how to proceed with this. I would probably prefer a developer located somewhere close to me (Czech Republic, eastern part of Germany,…) as it will be possible for me to hand it over personally. Regards Jan
Re: Reboot and re-link (fwd) Maxim Bourmistrov: Re: Reboot and re-link (fwd) Maxim Bourmistrov: Re: Reboot and re-link (fwd) Maxim Bourmistrov: Re: Reboot and re-link
It was either a really bad joke or mental. Now it is threatening. So sad. Jan On 20 Jun 2019, at 23:54, Theo de Raadt wrote: Someone is going to have regrets. Maxim Bourmistrov wrote: IF NOT, I'll start to talk to Canadian govs On Thu, 20 Jun 2019 at 23:48, Maxim Bourmistrov wrote: Now, I'd like to se all bills.As I'm funding this project. 5 years from now on. On Thu, 20 Jun 2019 at 23:25, Maxim Bourmistrov wrote: I'd say this whole project is your milking cow.(Having a good times biking??) You really don't move froward much. Except poor guy trying to fix net stack. You move around vars, back and forward. But really - no progress. Community thinks their push money to dev stuff, in real - their push Theos bills forward. Nice illusion. I'm yet another one in this line. Disappointed, seen to much AND been rejected by Theos. One in line. On Thu, 20 Jun 2019 at 23:08, Maxim Bourmistrov wrote: For me, this does not really matter. ) I give a sh. You just loose yet another testbed. On Thu, 20 Jun 2019 at 23:05, Maxim Bourmistrov wrote: The OpenBSD user community is has too many people like this. I think ppl get frustrated. Like me, been following obsd since 3.2. I think look down on those whom uses your fork. and yet, you want donations. I think that you have to ask first, if you want to get public private conversation. I think this is controlled by law. On Thu, 20 Jun 2019 at 22:51, Theo de Raadt wrote: The OpenBSD user community is has too many people like this. From: Maxim Bourmistrov Date: Thu, 20 Jun 2019 22:34:54 +0200 Subject: Re: Reboot and re-link To: Theo de Raadt Go away?! I'm your user - FIX IT. On Thu, 20 Jun 2019 at 22:32, Theo de Raadt wrote: I take a lot of responsibility, which is why the system has KARL. Go away. From: Maxim Bourmistrov Date: Thu, 20 Jun 2019 22:35:21 +0200 Subject: Re: Reboot and re-link To: Theo de Raadt Fix it NOW! On Thu, 20 Jun 2019 at 22:34, Maxim Bourmistrov wrote: Go away?! I'm your user - FIX IT. On Thu, 20 Jun 2019 at 22:32, Theo de Raadt wrote: I take a lot of responsibility, which is why the system has KARL. Go away. From: Maxim Bourmistrov Date: Thu, 20 Jun 2019 22:41:25 +0200 Subject: Re: Reboot and re-link To: Theo de Raadt You are not true here. You get paid. Fuck man, I like OS and been following for a long time. Team does good stuff. But something is not OK, since 6.5. Question is what is not OK. You devs might help out.
Re: 4GB RAM too little for Firefox?
Richard, have you increased the shared memory limits and kern parameters in the sysctl.conf for more relaxed desktop usage? Jan On 6 Jul 2019, at 10:11, maillists.rul...@mailbox.org wrote: Otto Moerbeek wrote: On Sat, Jul 06, 2019 at 09:32:22AM +0200, maillists.rul...@mailbox.org wrote: Otto Moerbeek wrote: You still did not tell which platform you are running. It matters. -Otto I'm using a ThinkPad T450 (i5-5300U, SSD, FullHD Display for which 0.5G of the RAM are used by the graphics card). Im running OpenBSD 6.5 and use full disk encryption (don't know if this matters for swapping performance). Best Regards, Richard Ulmer That does not tell us the platform. It matters a lot if you are running i386 or amd64. To make it explcit: what does "uname -p" say? -Otto Oh, sorry, platform is amd64.
Re: OpenBSD and you
I am (almost) total newbie in respect with networks. Currently in process of building my own firewall/gateway for home network (based on APU 2C4), I've decided to take the right (and difficult, at least for me) way of doing so by using OpenBSD's pf. Peter's excellent book is my main help and knowledge source and I am grateful it has been written :-) On Sat, Nov 26, 2016 at 1:23 PM, Peter N. M. Hansteen wrote: > On 11/26/16 04:57, R0me0 *** wrote: > > As I did see any mention around here, I was boosted to post this great > > presentation by Peter N . M. Hansteen. > > > > https://home.nuug.no/~peter/blug2016/ > > It's nice to hear you like it! > > The meeting where I presented this was a lot less well attended than I > had hoped but the web server logs seem to indicate that it has some use > as advocacy on the web. > > (The odd format is kind of an accident - this is a descendant of a > company-internal presentation I did for a group of colleagues and in > $dayjob land it's the branded pptx templates or no go. Trying to convert > to something marginally saner only served to re-ignite the passion with > which I hate 'office'-style presentation apps.) > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ral(4) problems on current/i386 ALIX
I plan to use Ubiquiti Unifi AC LR. On Sun, Nov 27, 2016 at 4:25 PM, Jan Stary wrote: > After an upgrade to the latest i386 snapshots, > those messages have disappeared. Looking at the source, > it's because it became a DEBUG only message. > (Yes, the ral throughput still sucks.) > > What kind of wifi are people using > on the ALIX serving as an AP? > > Jan > > OpenBSD 6.0-current (GENERIC) #0: Fri Nov 25 10:47:36 MST 2016 > bu...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class) > 432 MHz > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW > real mem = 133713920 (127MB) > avail mem = 118501376 (113MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 > pcibios0 at bios0: rev 2.1 @ 0xf/0x1 > pcibios0: pcibios_get_intr_routing - function not supported > pcibios0: PCI IRQ Routing information unavailable. > pcibios0: PCI bus #0 is the last bus > bios0: ROM list: 0xe/0xa800 > cpu0 at mainbus0: (uniprocessor) > mtrr: K6-family MTRR support (2 registers) > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x31 > glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES > vr0 at pci0 dev 9 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 10, > address 00:0d:b9:12:9f:2c > ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > vr1 at pci0 dev 10 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, > address 00:0d:b9:12:9f:2d > ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > vr2 at pci0 dev 11 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 12, > address 00:0d:b9:12:9f:2e > ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI > 0x004063, model 0x0034 > ral0 at pci0 dev 12 function 0 "Ralink RT2560" rev 0x01: irq 9, address > 00:11:09:0d:d3:36 > ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 > glxpcib0 at pci0 dev 15 function 0 "AMD CS5536 ISA" rev 0x03: rev 3, > 32-bit 3579545Hz timer, watchdog, gpio, i2c > gpio0 at glxpcib0: 32 pins > iic0 at glxpcib0 > pciide0 at pci0 dev 15 function 2 "AMD CS5536 IDE" rev 0x01: DMA, channel > 0 wired to compatibility, channel 1 wired to compatibility > wd0 at pciide0 channel 0 drive 0: > wd0: 1-sector PIO, LBA, 7279MB, 14909328 sectors > wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > pciide0: channel 1 ignored (disabled) > ohci0 at pci0 dev 15 function 4 "AMD CS5536 USB" rev 0x02: irq 15, version > 1.0, legacy support > ehci0 at pci0 dev 15 function 5 "AMD CS5536 USB" rev 0x02: irq 15 > usb0 at ehci0: USB revision 2.0 > uhub0 at usb0 configuration 1 interface 0 "AMD EHCI root hub" rev > 2.00/1.00 addr 1 > isa0 at glxpcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com0: console > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > usb1 at ohci0: USB revision 1.0 > uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev > 1.00/1.00 addr 1 > vmm at mainbus0 not configured > nvram: invalid checksum > vscsi0 at root > scsibus1 at vscsi0: 256 targets > softraid0 at root > scsibus2 at softraid0: 256 targets > root on wd0a (bf940e6c7aaf2c50.a) swap on wd0b dump on wd0b > clock: unknown CMOS layout > On Sep 20 10:46:54, h...@stare.cz wrote: > > > This is ALIX 2C1, just upgraded to current/i386 (dmesg below). > > It serves as a wifi AP using ral(4). The console gets spammed with > > > > ral0: sending data frame failed 0x02faaafa > > > > This used to work fine since 5.9/i386. > > > > $ cat /hostname.ral0 > > inet 192.168.33.1 255.255.255.0 NONE \ > > media autoselect mediaopt hostap nwid stare.cz chan 11 \ > > wpakey XXX > > > > $ netstat -I ral0 > > NameMtu Network Address Ipkts IerrsOpkts > Oerrs Colls > > ral0150000:11:09:0d:d3:36 310 327 326 > 120 0 > > ral01500 192.168.33/ 192.168.33.1 310 327 326 > 120 0 > > > > Typical wifi clients of this AP are the phones > > and tablets in the family; they all seem to connect fine. > > > > How can I help debug this? > > > > Jan > > > > > > OpenBSD 6.0-current (GENERIC) #2064: Mon Sep 19 20:35:29 MDT 2016 > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" > 586-class) 432 MHz > > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW > > real mem = 133713920 (127MB) > > avail mem = 118611968 (113MB) > > mpath0 at root > > scsibus0 at mpath0: 256 targets > > mainbus0 at root > > bios0 at mainbus0: date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 > > pcibios0 at bios0: rev 2.1 @ 0xf/0x1 > > pcibios0: pcibios_get_
Encrypted data partition
Hello, I'd like to have an encrypted Ext2 data partition, which can be shared between OpenBSD and Linux. LUKS probably does not work in OpenBSD. Maybe something like EncFS is the way to go? Thank you Jan
Encryption
Hi misc, planning to install -current on my Thinkpad T450s (SSD). I need to have several data directories encrypted, however would not mind whole-disk encryption. Which method would be more supported / recommended? Whole-disk encryption or creating a container file, loop device and then virtual device with the encryption layer on it? Thanks in advance Jan
Re: Encryption
Solene, Ken, thanks a lot for quick responses. Primarily I need to protect the laptop against losing/stealing it. Therefore FDE would be ideal, however I've red somewhere that FDE is not officially supported on OpenBSD. It would probably make sense to combine both - FDE and to have most sensitive data additionally encrypted using virtual block device (as I do not need to have these permanently mounted). Jan On Wed, Mar 22, 2017 at 6:11 PM, Ken wrote: > To expand on Solène's reponse. Keep in mind if you need to cover both > scenarios for whatever your threat-model is... you can do both too. > > Another valuable result of FDE is that it helps ensure the integrity > of your boot drive (presuming your encrypting your boot volume). i.e. > prevents attacks like the sysadmin sticky-keys "attack" on windows > boxes. So someone can't just boot and mount the partition and modify > your shadow file to add a new root user or other backdoor. Good for > scenarios where physical access isn't necessarily controlled by the > 3Gs (guards, gates, guns). > > In my experience, setting up FDE with OpenBSD has been very easy with > just a couple of calls to bioctl to set it up. Pretty much seamless if > you have a quick tutorial on it. > > Don't lose your passphrases/keys, and have fun! > > On Wed, Mar 22, 2017 at 9:38 AM, Solène Rapenne wrote: > > Le 2017-03-22 17:28, Jan Betlach a écrit : > >> > >> Hi misc, > >> > >> planning to install -current on my Thinkpad T450s (SSD). > >> > >> I need to have several data directories encrypted, however would not > mind > >> whole-disk encryption. Which method would be more supported / > recommended? > >> Whole-disk encryption or creating a container file, loop device and then > >> virtual device with the encryption layer on it? > >> > >> Thanks in advance > >> > >> Jan > > > > > > Hello Jan, > > > > That would depend on your need, do you want to protect against someone > > who would steal your computer, or against some malicious software > > running under your system to read your data ? > > > > In the first case, you should go with FDE (full disk encryption), your > > data would be available only after you type the password at boot. > > > > In the second case, you should use some kind of encrypted volume that > > would be available only when you need to. I think that's possible to > > create an encrypted ffs volume contained into a file, that you can > > mount when you need. > > > > Regards
USB-C monitors
Hi guys, I am on -current and considering to purchase a USB-C monitor (power delivery to my Thinkpad over one cable). Do USB-C dislplays work on OpenBSD? Thanks in advance Jan
Re: USB-C monitors
Hi Peter, thanks for your prompt response. I believe it should work (it is actually a usb-c monitor, no usb-c to hdmi adapter needed). Nevertheless I'll just take my laptop to the store and try it, just to be sure it really works. Thanks again Jan On Sun, 2021-09-19 at 16:25 +0200, Peter Hessler wrote: > Yes, I've used that with a couple different monitors, and a handful > of usb-c to hdmi adapters. All worked fine, and behaved just like > normal hdmi/dvi/vga monitors. > > Power delivery and usb also worked as expected. > > > On 2021 Sep 19 (Sun) at 14:29:27 +0200 (+0200), Jan Betlach wrote: > :Hi guys, > : > :I am on -current and considering to purchase a USB-C monitor (power > :delivery to my Thinkpad over one cable). > :Do USB-C dislplays work on OpenBSD? > : > :Thanks in advance > : > :Jan > : >
Re: nvme boot
amd64 boots from nvme (i.e. recent Thinkpads) Jan On October 15, 2021 5:05:01 PM GMT+02:00, Jan Stary wrote: >Does any of the OpenSBD-supported platforms boot off nvme storage? >So far, I have been able to use nvme storage as a disk, >but not boot from it; but my HW is far from recent. > > Jan >