Re: edge router lite with double NAT

2017-01-23 Thread jungle Boogie 
On 23 January 2017 at 08:29, trondd  wrote:
>
> Can the BBB ping the ISP router internal interface IP?
>

Yes, it can ping 192.168.0.1 and anything else connected to the ISP router.

> Double check your default gateway settings on the BBB and ERL.

BBB:

Internet:
DestinationGatewayFlags Netif Expire
default172.16.13.1UGS   cpsw0
127.0.0.1  link#2 UH  lo0
172.16.13.0/24 link#1 U cpsw0
172.16.13.4link#1 UHS lo0


from ERL here's 172.16.13:
172.16.13/24   172.16.13.1UCn0   10 - 4 cnmac1
172.16.13.100:be:ef:10:00:01  UHLl   0  695 - 1 cnmac1
172.16.13.255  172.16.13.1UHb00 - 1 cnmac1


>
> Fire up tcpdump on each interface along the way and see how far the
> packets get.
>

I've done this from the BBB and see the requests but not any replies
for pings. I'll run it on ERL while doing pings on BBB.


Do you have a double-NAT pf example you can share?

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: edge router lite with double NAT

2017-01-22 Thread jungle boogie 

On 01/22/2017 04:44 PM, trondd wrote:

On Sun, January 22, 2017 7:19 pm, jungle boogie wrote:

On 01/22/2017 04:13 PM, trondd wrote:

On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:

Hi All,

So I want to actually use my edge router lite instead of it collecting
dust. At the moment I don't have a way to put my ISP provided
router/modem into bridge mode. It acts as a DHCP server for my devices
and does all gateway stuff. This means it's double NATTed. Not ideal,
but I don't have a choice right now.





Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
172.16.13.0/24, like curl websites, ping websites, etc.

pfctl is completely disabled on the ERL. What should I look at next to
see how I can get internet to the BBB?



First thought, if you have pf disabled on the ERL, then its not doing
NAT.

Can the ERL get to the internet?


Ok, and did you enable and configure pf on the ERL so it does NAT for BBB?



Shamefully copying the pf example from the FAQ:
int_if="{ cnmac0 cnmac1 }"
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
#block all
pass out quick inet
pass in on $int_if inet


I removed the martins bit because I'm expecting traffic from 192.168.0.0 
from cnmac0.


I can connect to the BBB but still cannot ping.

Is this not actually establishing NAT?

Thanks!

Re: edge router lite with double NAT

2017-01-22 Thread jungle boogie 

On 01/22/2017 04:13 PM, trondd wrote:

On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:

Hi All,

So I want to actually use my edge router lite instead of it collecting
dust. At the moment I don't have a way to put my ISP provided
router/modem into bridge mode. It acts as a DHCP server for my devices
and does all gateway stuff. This means it's double NATTed. Not ideal,
but I don't have a choice right now.





Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
172.16.13.0/24, like curl websites, ping websites, etc.

pfctl is completely disabled on the ERL. What should I look at next to
see how I can get internet to the BBB?



First thought, if you have pf disabled on the ERL, then its not doing NAT.

Can the ERL get to the internet?



Yes, I can ping google in this example:

$ ping -c 5 google.com
PING google.com (172.217.4.142): 56 data bytes
64 bytes from 172.217.4.142: icmp_seq=0 ttl=55 time=28.383 ms
64 bytes from 172.217.4.142: icmp_seq=1 ttl=55 time=27.436 ms
64 bytes from 172.217.4.142: icmp_seq=2 ttl=55 time=27.636 ms
64 bytes from 172.217.4.142: icmp_seq=3 ttl=55 time=29.606 ms
64 bytes from 172.217.4.142: icmp_seq=4 ttl=55 time=28.146 ms

--- google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 27.436/28.241/29.606/0.762 ms

edge router lite with double NAT

2017-01-22 Thread jungle boogie 

Hi All,

So I want to actually use my edge router lite instead of it collecting 
dust. At the moment I don't have a way to put my ISP provided 
router/modem into bridge mode. It acts as a DHCP server for my devices 
and does all gateway stuff. This means it's double NATTed. Not ideal, 
but I don't have a choice right now.


The edge router lite is connected to it via port 0 and has an IP of 
192.168.0.16. I have setup forwarding:

$ cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

Setup DHCPD on port 1 on the ERL for an ip range 172.16.13.0/24 along 
with unbound querying various DNS providers. I have a port 1 on the ERL 
connected to a switch, which then has a beaglebone black connected to 
it. The BBB gets an IP and can do DNS queries with drill.


Problem is the BBB cannot do anything outside either 192.168.0.0/24 or 
172.16.13.0/24, like curl websites, ping websites, etc.


pfctl is completely disabled on the ERL. What should I look at next to 
see how I can get internet to the BBB?


ERL running:
OpenBSD 6.0-current (GENERIC) #0: Fri Jan 20 02:55:59 UTC 2017
build@octeon:/usr/src/sys/arch/octeon/compile/GENERIC


BBB is running freeBSD current, but I don't think the results would be 
different if it were openBSD.


I made a little diagram at the link below with some output from BBB/ERL:
https://clbin.com/Skby4

The switch isn't the problem because the same thing happens when the BBB 
is plugged into port 1 on the ERL.


What am I overlooking that's preventing internet access?

Many thanks!

cvsweb offline

2017-01-16 Thread jungle Boogie 
Hi All,

I don't know if it's planned, unplanned or if there's been a change
but it seems cvsweb is offline.
http://cvsweb.openbsd.org/

Any clues?

Thanks!

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: -current not autobooting?

2017-01-14 Thread jungle boogie 

On 01/14/2017 01:40 AM, ludovic coues wrote:

Have you read the manpage for boot.conf ?
With your config, the boot> prompt should wait a full minute before
trying to load a kernel. Default is 5 seconds.



Yes, but it doesn't boot after a full minute or two minutes or likely 
any time until I press enter.



Also, I don't have a boot.conf file on my system.



That's fine.

-current not autobooting?

2017-01-14 Thread jungle boogie 

Hi All,

Running OpenBSD 6.0-current (GENERIC.MP) #137: Fri Jan 13 21:37:22 MST 2017

I'm noticing that when I reboot the machine, it doesn't boot past boot> 
unless I press enter. I do have a timeout set for 60 seconds, which 
allows me time to boot the bsd.rd file.


$ cat /etc/boot.conf
set tty com0
set timeout 60

Has anyone else noticed this?

Thanks!

Re: autoinstall with local file

2017-01-13 Thread jungle Boogie 
On 13 January 2017 at 04:20, Ed Ahlsen-Girard  wrote:
> The man page seems to indicate that autoinstall will work with an
> auto_upgrade.conf file on the local machine, but specifying the path as:
>
> /auto_upgrade.conf
> or
> file://auto_upgrade.conf
> or
> file:auto_upgrade.conf
>
> do not work.
>
> Is this still a "watch this space!" feature?
>

On my actual disk at / I have auto_upgrade.conf and when I start the
upgrade process at boot, I press s.
This will allow me to mount /dev/wd0a mnt; cp mnt/auto_upgrade .; autoinstall



> --
>
> Edward Ahlsen-Girard
> Ft Walton Beach, FL
>



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

https for pkg_add?

2017-01-05 Thread jungle boogie 

Hi All,

With all the recent changes to supporting https on the various mirrors, 
does that mean https may also be used with the PKG_PATH variable?


Thanks,
jb

Re: doas prompting for password in script

2016-12-15 Thread jungle Boogie 
On 15 December 2016 at 10:42, trondd  wrote:
> On Thu, December 15, 2016 12:28 pm, Ax0n wrote:
>> I don't know how doas is keeping track of a session. If it's by
>> interactive
>> tty session only, that could cause problems with non-interactive scripts.
>> I'll let someone closer to the code answer that question.
>>
>
> It's tied to the shell.
>
> http://www.tedunangst.com/flak/post/doas-mastery
>
> "If you have multiple shell logins to a machine, each login will require
> authentication. Additionally, the authentication information includes the
> parent shell process ID. This means that executing doas again in a shell
> script will require authentication."
>


Ah, I knew I should have checked Ted's blog!

Re: doas prompting for password in script

2016-12-15 Thread jungle Boogie 
On 15 December 2016 at 09:21, Ax0n  wrote:
> In -CURRENT, doas.conf has a "persist" keyword that will only prompt once
> per session. This isn't available in OpenBSD 6.0, but should work when 6.1
> is released. Here's a fairly minimal rule that would allow wheel group users
> to do whatever they want with doas after authenticating once:

DOH! I forgot to mention that I'm running a snapshot from this morning.

OpenBSD 6.0-current (GENERIC.MP) #38: Thu Dec 15 08:24:17 MST 2016
bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

by doas.conf:
permit persist :wheel
permit persist keepenv jungle as root

With this, should I be re-prompted for the password?


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

doas prompting for password in script

2016-12-15 Thread jungle Boogie 
Hi All,

Should I be prompted for a password during this scenario?

$ doas date
doas (jun...@openbsd.my.domain) password:
Thu Dec 15 08:55:39 PST 2016
$ ./date.sh
doas (jun...@openbsd.my.domain) password:
Thu Dec 15 08:55:46 PST 2016

As you see, only seconds past from both commands and yet, I'm prompted
for my password again.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: autoupgrade without all sets

2016-12-06 Thread jungle Boogie 
Hi Stuart, Erling, Alexander,
On 6 December 2016 at 04:10, Stuart Henderson <s...@spacehopper.org> wrote:
> On 2016-12-06, Erling Westenvik <erling.westen...@gmail.com> wrote:
>> On Tue, Dec 06, 2016 at 12:27:33AM -0800, jungle boogie wrote:
>>> Reading the autoinstall page for openbsd, I don't see how I can select what
>>> packages are installed. Does that mean all packages will be installed and
>>> subsequent upgrades will also download and install all packages?
>>
>> When installing manually, the installer provides a prompt for all
>> configurable/selectable options. For autoinstall you simply need to
>> provide the same prompt in your autoinstall.conf file (without the
>> question mark) along with the answer you'd give if it was a manual
>> installation, like this:
>>
>> ---8<---
>> Set name(s) = -xbase60.tgz
>> Set name(s) = -xetc60.tgz
>> Set name(s) = -xshare60.tgz
>> Set name(s) = -xfont60.tgz
>> Set name(s) = -xserv60.tgz
>> --->8---
>>
>> Erling
>>
>
> You can even do something like
>
> Set name(s) = -x* -game*
>
> Or
>
> Set name(s) = * site60.tgz
>

Thank you all for your replies!

Is there a method to have autoupgrade always use a certain interface
and fetch the upgrade file from a certain host?

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

autoupgrade without all sets

2016-12-06 Thread jungle boogie 

Hi All,

Reading the autoinstall page for openbsd, I don't see how I can select 
what packages are installed. Does that mean all packages will be 
installed and subsequent upgrades will also download and install all 
packages?


http://man.openbsd.org/OpenBSD-current/man8/autoinstall.8

Thanks,
j.b.

Re: openbsd -current: can't find firefox

2016-11-29 Thread jungle Boogie 
Hi All,
On 29 November 2016 at 07:57, Carlin Bingham <c...@viennan.net> wrote:
> On Tue, Nov 29, 2016 at 07:30:42AM -0800, jungle boogie wrote:
>> You mean like this:
>> $ cat /etc/doas.conf
>> permit persist :wheel
>> permit persist keepenv jungle as root
>>
>> $ doas pkg_add base64
>> doas (jungle@host) password:
>> quirks-2.270 signed on 2016-11-26T13:32:57Z
>> base64-1.5: ok
>>
>
> Ah, sorry. The problem is that there's no package for standard firefox
> there. What's there is firefox-esr and the il8n packages.
>

How do I install any firefox version?

At the least, should I not have a list of available options, like with python:

$ doas pkg_add python
quirks-2.270 signed on 2016-11-26T13:32:57Z
Ambiguous: choose package for python
a   0: 
1: python-2.7.12p1
2: python-3.4.5p1
3: python-3.5.2p1
Your choice: 0


> --
> Carlin



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: openbsd -current: can't find firefox

2016-11-29 Thread jungle boogie 

On 11/29/2016 02:08 AM, Carlin Bingham wrote:

On Mon, Nov 28, 2016 at 11:50:25PM -0800, jungle boogie wrote:

Hi All,

I'm running the latest i386 snapshot:

[...]

I'd like to install firefox:
$ doas pkg_add firefox
quirks-2.270 signed on 2016-11-26T13:32:57Z
Can't find firefox

$ echo $PKG_PATH
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/

At the link above, I can clearly see dozens of firefox versions.

Can I not install it because pkg_add knows my system is newer than packages
listed?


doas doesn't preserve the PKG_PATH variable by default. You need to use
keepenv in doas.conf or set the path in pkg.conf instead.



You mean like this:
$ cat /etc/doas.conf
permit persist :wheel
permit persist keepenv jungle as root

$ doas pkg_add base64
doas (jungle@host) password:
quirks-2.270 signed on 2016-11-26T13:32:57Z
base64-1.5: ok





--
Carlin

openbsd -current: can't find firefox

2016-11-28 Thread jungle boogie 

Hi All,

I'm running the latest i386 snapshot:
OpenBSD 6.0-current (GENERIC.MP) #0: Mon Nov 28 20:52:50 MST 2016
bu...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz ("GenuineIntel" 686-class) 
2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR

real mem  = 3210760192 (3062MB)
avail mem = 3136524288 (2991MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 12/18/06, BIOS32 rev. 0 @ 0xffa10, SMBIOS rev. 
2.4 @ 0xf6e60 (62 entries)



I'd like to install firefox:
$ doas pkg_add firefox
quirks-2.270 signed on 2016-11-26T13:32:57Z
Can't find firefox

$ echo $PKG_PATH
http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/i386/

At the link above, I can clearly see dozens of firefox versions.

Can I not install it because pkg_add knows my system is newer than 
packages listed?


Thanks!

Re: console mode not allowing login

2016-10-21 Thread jungle Boogie 
Hi Todd,
On 21 October 2016 at 12:58, Todd C. Miller  wrote:
> It sounds like you need to enable getty on the serial port.  To
> login on the serial console you should have a line like the following
> in /etc/ttys:
>
> tty00   "/usr/libexec/getty std.9600" vt220   on  secure
>

That did it! Thanks so much for the simple fix.

>  - todd



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

console mode not allowing login

2016-10-21 Thread jungle Boogie 
Hi All,

After my machine is completed booting up and ready for login, I can't
see anymore text in the console. Which also means I can't login to the
machine via console.

# cat /etc/boot.conf
set tty com0
set timeout 60

I'm connecting to the openbsd machine via freebsd with this command:
cu -l /dev/cuaU0 -9600


DHCPREQUEST on bge0 to 255.255.255.255
DHCPACK from 192.168.0.1 (6c:b0:ce:59:cf:bb)
bound to 192.168.0.20 -- renewal in 1800 seconds.
reordering libraries: done.
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
acpidump: RSDT entry 6 is corrupt
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd smtpd sndiod.
starting local daemons: cron.
Fri Oct 21 12:45:19 PDT 2016

The date is the last line printed.

Any suggestions?


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: How to both redirect to console and screen

2016-10-19 Thread jungle Boogie 
On 18 October 2016 at 23:42, Mik J  wrote:
> Stuart, why is it not possible. Is it a real limitation or because openbsd is
> just not coded to do that and it could be possible if the proper code was
> implemented ?


I asked about this a few months back. Stuart recommended it as a good
project to get started:
http://marc.info/?l=openbsd-misc=146180222606547=2

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: bsd.rd September 15 can't unmount /mnt

2016-09-16 Thread jungle Boogie 
On 16 September 2016 at 08:32, jungle Boogie <jungleboog...@gmail.com> wrote:
> On 15 September 2016 at 16:53, Christoph R. Murauer <n...@nawi.is> wrote:
>> I tried today to upgrade a snapshot from September 4 (using FDE) to a
>> snapshot from September 15 and, got a error message like (text was not
>> copied) can't unmount /mnt device busy unable to unmount sd2a
>
>
> I have the same problem, but this is going from 13th of September to
> 16th of September:


Important clarification that I overlooked: I DO NOT have FDE on this setup.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: bsd.rd September 15 can't unmount /mnt

2016-09-16 Thread jungle Boogie 
On 15 September 2016 at 16:53, Christoph R. Murauer  wrote:
> I tried today to upgrade a snapshot from September 4 (using FDE) to a
> snapshot from September 15 and, got a error message like (text was not
> copied) can't unmount /mnt device busy unable to unmount sd2a


I have the same problem, but this is going from 13th of September to
16th of September:

Welcome to the OpenBSD/i386 6.0 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? u
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN.  You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.

Terminal type? [vt220]
Available disks are: wd0.
Which disk is the root disk? ('?' for details) [wd0]
Checking root filesystem (fsck -fp /dev/wd0a)...OK.
Mounting root filesystem (mount -o ro /dev/wd0a /mnt)...OK.
bge0: no link ... sleeping
DHCPDISCOVER on wpi0 - interval 1
DHCPOFFER from 192.168.0.1 (6c:b0:ce:59:cf:bb)
DHCPREQUEST on wpi0 to 255.255.255.255
DHCPACK from 192.168.0.1 (6c:b0:ce:59:cf:bb)
bound to 192.168.0.19 -- renewal in 1800 seconds.
Force checking of clean non-root filesystems? [no]
fsck -p 9094ef8d3c9a35a0.k...OK.
fsck -p 9094ef8d3c9a35a0.d...OK.
fsck -p 9094ef8d3c9a35a0.f...OK.
fsck -p 9094ef8d3c9a35a0.g...OK.
fsck -p 9094ef8d3c9a35a0.h...OK.
fsck -p 9094ef8d3c9a35a0.j...OK.
fsck -p 9094ef8d3c9a35a0.i...OK.
fsck -p 9094ef8d3c9a35a0.e...OK.
umount: /mnt: Device busy
Can't umount wd0a!

I don't know the source code well enough to start looking for changes.
Who can give me a hint?



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: doas.conf, no persist option in 6.0 Release

2016-09-13 Thread jungle Boogie 
On 13 September 2016 at 05:55, Eike Lantzsch  wrote:
> but in man doas.conf of 6.0 Release it is not mentioned and using that option
> rightly results in a syntax error if used.

It's not in -release.

If you take a look here:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/doas/doas.c?r1=1.64

You'll notice doas has been modified after -release was made.


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: Suggestion: new webpage for openbsd.org

2016-05-20 Thread jungle Boogie 
On 20 May 2016 at 07:00, Mike <the.li...@mgm51.com> wrote:
> On 5/19/2016 6:03 PM, jungle Boogie wrote:
>>[snip]
>>
>> I find this page easier to read
>
> I'm having difficulty understanding the seemly wholesale rush toward
> low-contrast and [sometimes] nearly-illegible [very light grey on white]
> text on "modern" web pages.
>

Fortunately you're allowed to keep your opinion.


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Alternate Puffy Logo Design

2016-05-19 Thread jungle Boogie 
On 19 May 2016 at 14:34, Aner Perez  wrote:
> On 05/19/2016 03:18 PM, Ted Unangst wrote:
>>
>> Mihai Popescu wrote:
>>>
>>> First, the webpage design change suggestion, then the logo alternative
>>> ...
>>> I guess a project name change suggestion will follow, I'm curious if
>>> this will be till weekend.
>>
>>
>> We're changing version scheme instead. OpenBSD 6.0 will actually be
>> OpenBSD 60.
>>
>
> Roman Numerals would look more distinguished.
>
> OpenBSD LX
>
> If it was good enough for the Romans and the Super Bowl...
>

And car models!
http://www.lexus.com/models/LX



> - Aner
>



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Suggestion: new webpage for openbsd.org

2016-05-19 Thread jungle Boogie 
On 17 May 2016 at 00:11, Joakim Frostegård 
wrote:
> I’ve made a responsive new webpage replacement for the
> in my opinion somewhat aged openbsd.org .
>
> It’s available at http://greatest-ape.github.io/openbsd-site/public_html/
> 
> with the repo at https://github.com/greatest-ape/openbsd-site
>  .
>
> The idea is to replace index.html but for all other pages just
> replace the stylesheets. In so far, I’ve included a few other
> pages, including plat.html, goals.html and alpha.html.


I don't know a whole lot about web dev but I like it. It's still
responsive and uncluttered.

I find this page easier to read over the openbsd layout:
http://greatest-ape.github.io/openbsd-site/openbsd/innovations.html
vs.
http://www.openbsd.org/innovations.html

I'd personally prefer is both of the pages below were organized with
anchors by year, speaker, event location, etc:
http://greatest-ape.github.io/openbsd-site/openbsd/papers/index.html
http://www.openbsd.org/papers/index.html

For instance, AsiaBSDCon is listed 12 times. Maybe it would be a
better layout to group by that event.
Henning Brauer has 28 entries. I'd prefer a nice, clean way to list
all his papers, not a need to comb through all entries on the page.

Anchors work well on the FAQ: http://www.openbsd.org/faq/


As I said, I'm no web dev--just a user of it for a long time.




--
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

serial & console access

2016-04-27 Thread jungle Boogie 
Hi All,

I would like to connect to a laptop via serial so I set this in /etc/boot.conf:
set tty com0

Unexpectedly to me, I could not see the machine actually boot up until
it went to the login prompt.

Is there an /etc/boot.conf option I can set to support both console
and serial access?

Thanks!



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: syscall 5 "cpath" continues with octeon

2015-12-14 Thread jungle Boogie 
Hi All,
On 13 December 2015 at 05:22, Ted Unangst <t...@tedunangst.com> wrote:
> jungle Boogie wrote:
>> Hello All,
>>
>> Despite the very helpful reply from Daniel on this thread:
>> http://marc.info/?l=openbsd-misc=14493626054=2
>>
>> I'm faced with the same message upon accepting the default partition
>> and disk layout:
>> disklabel(19593): syscall 5 "cpath"
>> Abort trap
>>
>> When attempting to use the Octeon snapshot from November:
>> http://ftp.openbsd.org/pub/OpenBSD/snapshots/octeon/
>>
>> Is there something more I can do to get this working or is this some
>> pledge issue? To rule out a USB disk problem or edge router lite
>> problem, I can load the previous bsd.rd file but I would need someone
>> to share that with me because I don't have it anymore.
>
> You need a newer snapshot with a fix for disklabel.


Daniel and I worked things out earlier in the week and I got my edge
router lite booted up. I'm happy to have this platform sponsored by
openBSD and I hope it remains.

Here's the dmesg:
$ dmesg
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2015 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 5.8-current (GENERIC) #1: Thu Nov 26 15:01:01 CET 2015
jas...@erl-2.jasper.la:/usr/src/sys/arch/octeon/compile/GENERIC
real mem = 247463936 (236MB)
avail mem = 245170176 (233MB)
warning: no entropy supplied by boot loader
mainbus0 at root
cpu0 at mainbus0: Cavium OCTEON CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
dwctwo0 at iobus0 base 0x118006800 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 "Octeon DWC2 root hub" rev 2.00/1.00 addr 1
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800 irq 48
cnmac0 at cn30xxgmx0: RGMII, address 00:be:ef:10:00:00
atphy0 at cnmac0 phy 7: F1 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address 00:be:ef:10:00:01
atphy1 at cnmac1 phy 6: F1 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address 00:be:ef:10:00:02
atphy2 at cnmac2 phy 5: F1 10/100/1000 PHY, rev. 2
uartbus0 at mainbus0
com0 at uartbus0 base 0x118000800 irq 34: ns16550, no working fifo
com0: console
com1 at uartbus0 base 0x118000c00 irq 35: ns16550, no working fifo
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "Kingston
DataTraveler 2.0" rev 2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: <Kingston, DataTraveler 2.0, PMAP> SCSI2
0/direct removable serial.09306545EE21BA140020
sd0: 14887MB, 512 bytes/sector, 30489408 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (0e569f35522c5ff9.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!



Thank you Daniel for your assistance!



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

syscall 5 "cpath" continues with octeon

2015-12-12 Thread jungle Boogie 
Hello All,

Despite the very helpful reply from Daniel on this thread:
http://marc.info/?l=openbsd-misc=14493626054=2

I'm faced with the same message upon accepting the default partition
and disk layout:
disklabel(19593): syscall 5 "cpath"
Abort trap

When attempting to use the Octeon snapshot from November:
http://ftp.openbsd.org/pub/OpenBSD/snapshots/octeon/

Is there something more I can do to get this working or is this some
pledge issue? To rule out a USB disk problem or edge router lite
problem, I can load the previous bsd.rd file but I would need someone
to share that with me because I don't have it anymore.

Thanks!


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si
irc: jungle-boogie

Re: Octeon snapshots

2015-12-05 Thread jungle Boogie 
On 5 December 2015 at 01:36, Daniel Ouellet  wrote:
> I very much appreciate it.


I appreciate this too, but I can't complete the install. I tried an
update and now an install.

Like the first time, I'm following the network boot instructions here:
ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/octeon/INSTALL.octeon

I can get the bsd.rd file fine from my server and boot into the installer.

This is the problem:
Available disks are: sd0.
Which disk is the root disk? ('?' for details) [sd0]
Disk: sd0   geometry: 1946/255/63 [31266816 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
*0: 0C  0   1   2 -  2  11   9 [  64:   32768 ] Win95 FAT32L
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
 3: A6  2  11  10 -   1946  68  42 [   32832:31233984 ] OpenBSD
Use (W)hole disk, use the (O)penBSD area or (E)dit the MBR? [OpenBSD]
The auto-allocated layout for sd0 is:
#size   offset  fstype [fsize bsize  cpg]
  a:   464.9M32832  4.2BSD   2048 163841 # /
  b:   465.1M   984896swap
  c: 15267.0M0  unused
  d:   735.8M  1937472  4.2BSD   2048 163841 # /tmp
  e:  1080.7M  316  4.2BSD   2048 163841 # /var
  f:  1284.9M  5657696  4.2BSD   2048 163841 # /usr
  g:   742.9M  8289120  4.2BSD   2048 163841 # /usr/X11R6
  h:  2817.8M  9810624  4.2BSD   2048 163841 # /usr/local
  i:16.0M   64   MSDOS
  j:  1178.0M 15581408  4.2BSD   2048 163841 # /usr/src
  k:  1607.9M 17993856  4.2BSD   2048 163841 # /usr/obj
  l:  4872.9M 21286848  4.2BSD   2048 163841 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]
disklabel(27018): syscall 5 "cpath"
Abort trap


What's syscall 5 cpath and why does it cause an abort trap?

I've tried with two different thumb drives with the same abort trap message.

Thanks!






-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Octeon snapshots

2015-11-13 Thread jungle Boogie 
On 13 November 2015 at 09:02, Daniel Ouellet  wrote:
> I saw a commit today on this platform. The last snapshot is almost a
> month old.
>
> 10/18/152:19:00 AM.
>
> Just wonder if the snapshot might get some love.
>
> If not, totally fine, just wonder.


I would also gratefully appreciate an updated Octeon build. I'm happy
to have one post 5.8, but openbsd is a fast moving target and many
great changes have already occurred for -current.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: What hardware spec would I need to push 20 gigabit of network traffic on an OpenBSD server?

2015-10-27 Thread jungle Boogie 
On 27 October 2015 at 12:53, Martin Schröder  wrote:
> 2015-10-27 20:24 GMT+01:00 Adam Thompson :
>> You talk about storing the data - *writing* data to disk at 10Gbps
>> (sustained) is currently in the realm of high-energy physics, with
>> multi-million-dollar budgets for the storage arrays.  A 7200rpm disk can
>
> And then there are SSDs. PCIE SSDs do up to 3000 MB/s write throughput.
>
https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-dr
ives-dc-p3608-series.html
>
> And I'm sure there are tape libraries that can write that, too. :-)
>
> Best


So he would need 600+ 4.0TB drives to keep 2.5TB of data for a month.

--
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: pip for python3.4

2015-10-17 Thread jungle Boogie 
On 17 October 2015 at 08:58, Joseph Oficre  wrote:
> Hello!
> How can i install pip for 3.4 python? I want to set up virtualenv and
> stuff, but in packages just 2.7 version.
> I've found out that pip3 can be installed from ports, but i want easy way
> solution without ports. Is it possible or ports is only way?

I have not tried this on openBSD but probably would work:
https://bootstrap.pypa.io/get-pip.py



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

2015-09-27 Thread jungle Boogie 
On 27 September 2015 at 17:34, Eric Furman  wrote:
> Just search for VM and security on the internets and see
> what comes up. Secure they are not.


Where in the blog does Matt discuss 'secure' and/or 'security' outside
of discussing freebsd binary updates system? It seems he's aware of
how insecure the setup is and its more of a convenience.

I think it's quite clear what Matt wants: ipsec without the need to
compile in the special bits needed for it in freebsd.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2015-07-23 Thread jungle Boogie 
On 28 December 2014 at 15:14, Ingo Schwarze schwa...@usta.de wrote:
 Hi,

 as this request met quite a bit of interest, i have drafted
 a list at this *temporary* URI:

   http://mdocml.bsd.lv/openbsd_projects.html

 If developers want it, moving it to the OpenBSD web site would
 be fine with me.


Looks like doas, tame and resflash need to be added! What about rcctl?

Nice work, devs!


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Alleged OpenSSH bug

2015-07-23 Thread jungle Boogie 
On 23 July 2015 at 09:15, Giancarlo Razzolini grazzol...@gmail.com wrote:
 Em 23-07-2015 11:16, Peter N. M. Hansteen escreveu:
 However, running that command pinting at a FreeBSD 10.1 box in my care
 gave more than three tries. I aborted well before reaching 1 for
 obvious reasons.
 Digging some more, I've found this:

 http://seclists.org/oss-sec/2015/q3/156

 It seems to affect only FreeBSD. But it's bad, and affect a lot of
 versions, dating back to 2007. And also, as I guessed, interaction with
 PAM is the culprit.

And there's this:
https://lists.freebsd.org/pipermail/freebsd-security/2015-July/008527.html

Hopes to have it corrected before the next freebsd release.


 Cheers,
 Giancarlo Razzolini




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

openssh client alive not default

2015-06-27 Thread jungle Boogie 
Hello All,

I know fewer defaults the better for all, but if there a reason
TCPKeepAlive in openssh is disabled along with the clientalive option?
Is it just too risky and/or unneeded?

How do you folks manage ssh sessions not dying? Do you enable these
options every time you install openssh on a new machine? Is there a
better option?

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: openssh client alive not default

2015-06-27 Thread jungle Boogie 
Hi Josh,
On 27 June 2015 at 17:59, Josh Grosse j...@jggimi.homeip.net wrote:
 On Sat, Jun 27, 2015 at 05:10:54PM -0700, jungle Boogie wrote:
 Hello All,

 I know fewer defaults the better for all, but if there a reason
 TCPKeepAlive in openssh is disabled along with the clientalive option?
 Is it just too risky and/or unneeded?

 Well, Mr. Boogie, TCPKeepAlive is enabled and ClientAliveInterval is 0,
 which is disabled, in both 5.7 and -current, if I'm reading the source
 file correctly.

I'm sure you're reading it correctly. Maybe in the portable its
disabled, I'll have to check closely.


 And, according to sshd_config(5), It is important to note that the
 use of client alive messages is very different from TCPKeepAliveThe
 client alive messages are sent through the encrypted channel and
 therefore will not be spoofable.  The TCP keepalive option enabled by
 TCPKeepAlive is spoofable.

quite interesting, thanks!


 How do you folks manage ssh sessions not dying? Do you enable these
 options every time you install openssh on a new machine? Is there a
 better option?

 The man page continues with, The client alive mechanism
 is valuable when the client or server depend on knowing when a
 connection has become inactive.

 I don't adjust the defaults for these.  I use some terrible
 WiFi connections and occaisionally have to reconnect.  If I need
 to keep a shell running in the event of an unintentional
 disconnect --- or an intentional one -- I use tmux(1).
 I can reconnect and continue operating one or more shells
 without any operational impact.

Yes, tmux is wonderful and I'm thankful for Nicholas' work on it! The
problem is if you're doing reverse tunnelling, the tmux connection
doesn't really solve that problem, though.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: openssh client alive not default

2015-06-27 Thread jungle Boogie 
On 27 June 2015 at 18:17, Benny Lofgren bl-li...@lofgren.biz wrote:
 Let's say you have an open, but idle, ssh session to your remote server
 and there's a short outage in the network somewhere between the two
 endpoints. If there are no keep-alive packets trying to get through and
 the actual session remains idle, then you'll never notice that there was
 an outage. But if there are keep-alive packets being sent that never
 reaches the destination the endpoints will terminate the connection and
 you will lose your terminal session no matter what.


Ah, that's a very interesting and likely to happen example. ssh
sessions can die when you don't have these two enabled but it seems to
take much longer.

 (Moral of the story: +1 for using tmux/screen/nohup/batch/at/whatever to
 keep long-running jobs safe. And when interactive, save your work often.
 :-) )

my favorite is definitely tmux!


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: NetBSD has now support for USB on EdgeRouter Lite

2015-06-18 Thread jungle Boogie 
On 17 June 2015 at 03:24, Jonathan Gray j...@jsg.id.au wrote:
 On Wed, Jun 17, 2015 at 12:25:54PM +0300, lausg...@gmail.com wrote:
 Just a heads up. Anyone to merge this into OpenBSD?

 http://mail-index.netbsd.org/source-changes/2015/05/01/msg065510.html
 [ https://blog.netbsd.org/tnf/entry/hands_on_experience_with_edgerouter ]

 Thanks.


 http://marc.info/?l=openbsd-cvsm=143005106108571w=2
 http://marc.info/?l=openbsd-cvsm=143387765930344w=2



ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/octeon/INSTALL.octeon

Ubiquiti Networks EdgeRouter Lite / PoE
 onboard serial port and Ethernet are supported; it's possible
 to boot OpenBSD/octeon on this machine over NFS. There is no
 USB support yet, which means that there is no local storage
 (no onboard CompactFlash).

Is this different than what the install file states?



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

openntpd portable sync fails

2015-05-29 Thread jungle Boogie 
Hello All,

Running openntpd portable version 5.7 without HTTPS contraint, like I
have been doing for many months now, but upon rebooting, a machine
can't sync:

% ntpdate -d hank
29 May 09:37:10 ntpdate[39781]: ntpdate 4.2.4p5-a (1)
transmit(192.168.0.14)
receive(192.168.0.14)
transmit(192.168.0.14)
receive(192.168.0.14)
transmit(192.168.0.14)
receive(192.168.0.14)
transmit(192.168.0.14)
receive(192.168.0.14)
transmit(192.168.0.14)
192.168.0.14: Server dropped: Leap not in sync
server 192.168.0.14, port 123
stratum 3, precision -29, leap 11, trust 000
refid [192.168.0.14], delay 0.02574, dispersion 0.0
transmitted 4, in filter 4
reference time:d91313a4.69eeb7ff  Fri, May 29 2015  9:34:44.413
originate timestamp: d9131436.716697ff  Fri, May 29 2015  9:37:10.442
transmit timestamp:  d9131436.712cd40d  Fri, May 29 2015  9:37:10.442
filter delay:  0.02585  0.02576  0.02574  0.02576
 0.0  0.0  0.0  0.0
filter offset: 0.000820 0.000801 0.000802 0.000805
 0.00 0.00 0.00 0.00
delay 0.02574, dispersion 0.0
offset 0.000802

29 May 09:37:10 ntpdate[39781]: no server suitable for synchronization found

Same messages here:
% ntpdate hank
29 May 09:38:11 ntpdate[39783]: no server suitable for synchronization found

% ntpdate -u hank
29 May 09:38:39 ntpdate[39785]: no server suitable for synchronization found


On hank, I see this connection:
_ntp ntpd   2021  7  udp4   192.168.0.14:123  *:*
_ntp ntpd   2021  10 udp4   127.0.0.1:123 *:*
_ntp ntpd   2021  14 udp4   192.168.0.14:61375192.241.209.150:123
_ntp ntpd   2021  15 udp4   192.168.0.14:19628108.61.194.85:123
_ntp ntpd   2021  16 udp4   192.168.0.14:3415570.35.113.44:123
_ntp ntpd   2021  17 udp4   192.168.0.14:43924129.6.15.30:123


ntpd file is nothing special:
% cat /usr/local/etc/ntpd.conf
# sample ntpd configuration file, see ntpd.conf(5)

# Addresses to listen on (ntpd does not listen by default)
listen on *

# sync to a single server
#server ntp.example.org

# use a random selection of NTP Pool Time Servers
# see http://support.ntp.org/bin/view/Servers/NTPPoolServers
server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org
server 3.pool.ntp.org

Even running ntpdate to adjust time fails:
% ntpdate 0.pool.ntp.org
29 May 09:44:43 ntpdate[2031]: no server suitable for synchronization found

But when running:
% ntpdate -d 0.pool.ntp.org

its final output adjusts the time:
29 May 09:49:23 ntpdate[2041]: adjust time server 192.241.209.150
offset -0.003387 sec


Any ideas what prevents openntpd from syncing?


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: openntpd portable sync fails

2015-05-29 Thread jungle Boogie 
Hi Brent,
On 29 May 2015 at 10:47, Brent Cook bust...@gmail.com wrote:

 On May 29, 2015, at 11:51 AM, jungle Boogie jungleboog...@gmail.com wrote:

 Hello All,

 Running openntpd portable version 5.7 without HTTPS contraint, like I
 have been doing for many months now, but upon rebooting, a machine
 can't sync:

 The ntpdate command is not a part of openntpd.

 'ntpctl all' would show information about the state of openntpd and its peers.


Wonderful! I see good syncing on hank and hank's peer so it seems to work now.

Just a quick question, why is S in sensors uppercase? Is that not to
confuse it with status?

% ntpctl
usage: ntpctl -s all | peers | Sensors | status

Thanks!

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Router performance amd64 vs i386

2015-05-25 Thread jungle Boogie 
On 25 May 2015 at 20:05, Nick Holland n...@holland-consulting.net wrote:
 Many seem to think tuning a firewall is like drag racing, where every 1%
 might be the difference between winning and losing.  It isn't.  It is
 like driving in traffic -- you can't go faster than any of a number of
 potential bottlenecks (speed limit [network adapters], car in front of
 you [other users], police [ISP bandwidth], etc.).


Great analogy. Thanks for making this so clear!

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: sftp script put help

2015-05-17 Thread jungle Boogie 
On 16 May 2015 at 01:19, Craig Skinner skin...@britvault.co.uk wrote:

 I used to have a script create batch files in /tmp,
 each with the full name of the incremental dump file to sftp.

 But I've found rdist. (OpenBSD uses ssh by default.)

 Look at rdist(1) EXAMPLES section, 
 http://www.benedikt-stockebrand.de/rdist-intro_en.html


Unfortunately, the sftp system I'll eventually be connecting to won't
have rdist, but I'll definitely try to use rdist for future usage.
Does it allow throttling?

Thanks for teaching me about rdist!

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

sftp script put help

2015-05-15 Thread jungle Boogie 
Hello All,

Running Openssh's sftp version 3 on both client and server but the OS
is not openBSD.

I want to upload a file automatically with a cron job so I'm using the -b flag.

% cat fetch2.sh
#!/bin/sh

cd /home/jungle
put file_*.csv aaa_completed


I can't specify the file name completely because it changes monthly
(based on the month  year), but using batch file results in the file
not being uploaded. When I connect directly, I can use the * just
fine:

% sftp jungle@host
Connected to host.
sftp cd home/jungle
sftp put file_*.csv
Uploading  file_foo2015-05-15.csv to /usr/home/jungle/file_foo2015-05-15.csv
file_foo2015-05-15.csv



Any ideas how I can achieve the latter with the former?

Thanks,
Jungle

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: sftp script put help

2015-05-15 Thread jungle Boogie 
Hi Barry,
On 15 May 2015 at 20:58, Barry Grumbine barry.grumb...@gmail.com wrote:
 Hi,

 I have never used sftp, but from the man page it looks like the sftp
 commands need to be in a separate file. Something like:

 fetch2.sh:
 #!/bin/sh
 sftp -b /home/jungle/batchfile jungle@host

 /home/jungle/batchfile:
 cd /home/jungle
 put file_*.csv aaa_completed


Ah, that's excellent! Thanks!!


 If it were me, I would just use scp in my crontab, something like:

 0 1 * * * /usr/bin/scp /home/jungle/file_*csv jungle@host:/usr/home/jungle/


In my testing I'd be able to use scp or rsync but when I deploy, I'll
only have sftp available.

Thanks for trying this out and giving me input.


 ...or maybe rsync if the file is large.


 -Barry



Best,
j

Re: OpenBSD 5.7 release -- CD2 issues

2015-05-15 Thread jungle Boogie 
On 15 May 2015 at 11:35, Denis Fondras open...@ledeuns.net wrote:
 This will be shipped out to everyone, and will be inserted into the
 orders not yet shipped.


 If shipping to everyone costs money to the project, I don't want to receive
 mine. I will burn a CD and keep my non-working set :)


I hope this is not at the cost of the customer (openBSD)!


 Denis




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: offtopic: political correctness

2015-05-08 Thread jungle Boogie 
On 8 May 2015 at 07:30, Marko Cupać marko.cu...@mimar.rs wrote:
 Hi,

 I am reading 2nd edition of Absolute OpenBSD 2nd Edition and can't
 but notice paragraph Confidentiality on XXX page of Introduction:

 ---cut-here---
 Confidentiality
 This means that secret data should remain secret. Your private infor-
 mation must not get into the public eye. That Eastern European kiddie
 porn syndicate should not get your credit card number.
 ---cut-here---

This means that secret data should remain secret. Your private infor-
mation must not get into the public eye. No one should get your credit
card number but they do because you're not using OpenBSD yet.



 I guess this was intended to be a joke, but in my opinion it sucks.


Will Windows users be insulted?

 --
 Marko Cupać
 https://www.mimar.rs




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Fund raising

2015-03-26 Thread jungle Boogie 
On 26 March 2015 at 05:20, Nick Holland n...@holland-consulting.net wrote:
 Realistically, the money that we get for this e-document is really just
 an act of charity anyway.  Why not just give the project the money, and
 not make us jump through hoops that cost lots of money and provide no
 benefit to anyone?


Yes, donate on release day. I plan to do that in May and then in
November. I'll probably donate again for the use of openntpd, openssh,
libressl and all the other small wonderful projects everyone forgets
about.

 Besides, the artwork and stickers in the CD sets are great.  Really.
 I've been buying CDs since 2.6, and I look forward to getting every
 single one.  And this is from someone who works with the project and
 pays the same price everyone else does (and historically, usually got it
 AFTER many of you guys are bragging about getting yours).

The artwork and songs are great! I've annoyed my family by playing
almost all the songs on more than one occasion. I can't say I'll buy
the CD set but I ordered the 5.7 poster the moment I found out it was
available. I'll get the 5.7, if it's made.

I'm actually wearing an openbsd shirt now with an openssh poster
behind me on the wall.

What's the URL to the legacy store? I want to see what remains in
their inventory.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Does LibreSSL support RSA export-grade keys? - FREAK Attack

2015-03-06 Thread jungle Boogie 
On 6 March 2015 at 07:43, someone thisistheone8...@gmail.com wrote:
 I still don't understand why couldn't we put the KNOWN weak ciphers in the
 fucking trash.. do you really think servers that are installed nowadays are
 still using RC4? WHAT A BRIGHT FUTURE. Cryptographers are shouting LOUDly
 that do not use RC4/*DES ciphers, use ONLY PFS!!!


It's not just webservers that are affected, unfortunately, load
balancer things in front of webservers can't all support great
encryption yet, so that means you have to use the least common
denominator to do the job.



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Maintaining your system with snapshots

2015-02-20 Thread jungle Boogie 
On 20 February 2015 at 07:38, trondd tro...@gmail.com wrote:
 It is so quick and easy to update to another snapshot, if I find a
 package that doesn't work, I simply update to the latest snapshot.


If you are on -current but you haven't updated in many, many snapshot
cycles, do you update current or just get the latest snapshot? By
updating current, I mean getting source from CVS:
cvs -q up -Pd

 It's still less time lost than rebuilding the packages locally.

 Tim.




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Raspberry Pi 2 Model B

2015-02-02 Thread jungle Boogie 
Hi Einfach,
On 2 February 2015 at 07:43, Einfach Jemand rru@gmail.com wrote:
 Am 02.02.2015 um 15:20 schrieb Janne Johansson:
 But it still requires a blob to actually run, does it not?

 The fact that there is docs for the blob isn't as important as being forced
 to have someone elses code running alongside your kernel in order to even
 boot it, let alone produce graphics on it.


 2015-02-02 13:47 GMT+01:00 Lampshade lampsh...@poczta.fm:

 Hi
 New version of Raspberry Pi is announced. Its SoC have four cores in
 Cortex-A7 microarchitecture so it is compatible with ARMv7. It also have 1
 GB of RAM. Have the same GPU as its predecessor: VideoCore IV 3d. For some
 time GPU have open documentation and open (BSD licence) driver in Linux
 world. Price is still $35. It should be electrically compatible with
 predecessor and have the same dimensions.
 Are you going to support this hardware in OpenBSD?





 Hmm, isn't an unknown blob involved in every access to a hard-disc  be
 it spinning rust or SSD and the protocol involved ATA, SATA, SCSI or FC?
 I haven't seen one disc yet where the firmware of the interface
 controller was open sourced or even 'freely' documented. (Of course that
 could simply be because I did not search hard enough to find one...)

 Or is this outside the scope since there is a well behaved (and
 documented) programming interface that keeps you away for the internal
 operations of the device?

 Sometimes for me the discussion of libre hardware seems moot - you
 would have to start with sand and your own fab and thoroughly document
 every step of designing and manufacturing a chip in order to get there.


My two cents:
https://marc.info/?l=openbsd-miscm=132788027403910w=2



 My 2 cents
 rru




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: httpd: multiple addresses for one server

2015-01-04 Thread jungle Boogie 
Hi Clint, Geoff,
On 4 January 2015 at 10:14, Clint Sand clint@incidentresponse.services wrote:
 On Sat, Jan 03, 2015 at 12:39:06PM -0500, Geoff Steckel wrote:
 1000 thanks for an almost instantaneous and complete extension!!
 This makes httpd a complete replacement for apache in my host.

 Geoff Steckel

 Just last night I dupilcated many virtual hosts and wished there
 was an easy way to alias domain.foo to www.domain.foo.

 Thanks for the diff!


Consider donating to the foundation[0] to ensure this work continues!


[0] http://www.openbsdfoundation.org/donations.html

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Amv7 support sunxi SoC router board Lamobo R1 (BPi-R1)?

2015-01-01 Thread jungle Boogie 
Hi f5b,
On 1 January 2015 at 19:11, f5b f...@163.com wrote:
 Does Amv7 support sunxi SoC router board Lamobo R1 (BPi-R1)?

 Lamobo R1 (BPi-R1)

 highlight:
 1. Allwinner  A20 sunxi  SoC
 2 .FIVE 10/100/1000 Ethernet port
 3. native 2.5 SATA disk port
 4. about $75

 BPI- R1 - a 300Mbps Wireless N Router with both wired and wireless network, 
 Dual Core-CPU, 1G-RAM, GigaByte Ethernet, With two antennas

 website:
 http://www.bananapi.com/index.php/component/content/article?layout=editid=59


Looks interesting. Does any of it require binary blobs to run? If so,
then, I believe, openBSD won't run on it.




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-30 Thread Jungle Boogie 

Dear Bryan,

From: Bryan Steele bry...@gmail.com
Sent:  Sun, 28 Dec 2014 22:01:16 -0500
To: misc@openbsd.org
Subject: Re: OpenBSD projects


AnonCVS is probably a worthy addition to the list. OpenBSD is the
first open source project to expose their repos publically. By this I
mean allowing read-only CVS access, history as it happened.

The functionally was added to GNU CVS by Theo and Chuck Cranor, and
prior to this work, you were lucky to get weekly source snapshots
with changelogs, which required manual reconstruction.

There's probably some historical significance to their work..

http://www.openbsd.org/papers/anoncvs-paper.pdf
http://www.openbsd.org/papers/anoncvs-slides.pdf

.. right? :-)

http://marc.info/?l=freebsd-hackersm=94346786026588w=2



Wow, thanks for sharing! We all take instant source control code viewing for 
granted with things like github, fossil-scm and even

https://secure.freshbsd.org/

Now that we have this read only instant access, I hope its never reverted in 
the name of security.



-Bryan.



Thanks,
Jungle

--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Best way forward w.r.t. apache/nginx/httpd?

2014-12-29 Thread jungle Boogie 
Hi Thomas,
On 29 December 2014 at 05:30, T. Ribbrock emga...@gmx.net wrote:
 Hi all,

 I'm finally getting round to updating my home server (gets a fresh 5.6
 install).

 Of course, there were a lot of changes over the past versions, one of
 them being the whole apache - nginx - httpd migration. My webserver
 has a CMS running which requires PHP and MySQL, plus a few more
 PHP-applications. Also, I have two or three virtual sites running and
 I'm currently considering having a look at something like Owncloud
 and/or Citadel.


 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

Well you could try 5.6 with this patch:
http://ftp.openbsd.org/pub/OpenBSD/patches/5.6/common/009_httpd.patch.sig

Of course, visualize everything and test it out before going live!

But you are right, httpd is very fast moving:
https://secure.freshbsd.org/search?project=openbsdq=httpd



 Regards,

 Thomas
 --

Best,
jungle


 -
  Thomas Ribbrockhttp://www.ribbrock.org/
You have to live on the edge of reality - to make your dreams come true!



---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-28 Thread jungle Boogie 
Hi Marcus,
On 28 December 2014 at 07:50, Marcus MERIGHI mcmer-open...@tor.at wrote:

 Compiling the list was fun and easy: read /etc/rc.conf, do ``man '',
 jump to end, see HISTORY and AUTHORS, when in doubt take a look at
 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin//Makefile
 jump to end, see comments on first revision.


I knew about cvsweb but I didn't know exactly how I would look for the
first commit and at which file. Thanks for explaining that to me and
/etc/rc.conf as well as the man page history section.

There's also the online version of the man file. For example, iked:
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/iked.8?query=ikedsec=8



 Bye, Marcus

Best,
jungle

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-27 Thread jungle Boogie 
Hi Alexandre,
On 27 December 2014 at 04:01, Alexandre Ratchov a...@caoua.org wrote:
 Out of curiousity, what would you do with this list?


Well in the coming weeks you'll see a water color painting my wife did
of puffy and some bubbles of some of the openBSD projects. I didn't
know there were so many so I don't think all will fit on the painting.

Also, I'm genuinely interested in the lineage of the projects that
openBSD has created.

For instance, openNTPD is now ten years old! The oBSD developers saw
issues with the standard ntpd ten years ago and wrote their own. Ted's
signify was started about 1 year ago and was, I think, first used with
5.5 -release. oBSD didn't want to rely on existing tools to sign their
software so they wrote their own tool to do the signing and verifying.

From what I'm gathering, the newest project is httpd. Apache was too
old in base and nginx was becoming too bloated for something
lightweight so httpd was created.

Happy new year to all openBSD developers, fans, and users. October
2015 will be 19 years since the original release of openBSD.

 -- Alexandre

jungle

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: openiked status

2014-12-26 Thread jungle Boogie 
Hi Theo,
On 24 December 2014 at 18:02, Theo de Raadt dera...@cvs.openbsd.org wrote:
The website for openiked[0] indicates it's under active development
but I'm just curious to know if this is still a developing project or
if it has been pretty much met all the goal?.

 Almost 10K of lines changed in the last year, so quite active.

 It is /sbin/iked


I did not think to check there! Thanks for the pointer.

 (Would be difficult to make this portable to other systems, because
 the kernel / system interfaces vary so much in the ipsec area).

Perhaps that's why the portal version hasn't been updated in awhile:
https://github.com/reyk/openiked/

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hello All,

Here's a list of projects that I'm aware of that openBSD created. Is
that correct? (p) is for portable. What else am I missing?
openssh (p)
opensmtpd (p)
mandoc (p)
openntpd (p)
openbgpd
libressl (p)
openiked (p?)
pf
relayd
httpd
carp

Thanks,
Jungle

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Ludovic,
On 26 December 2014 at 09:46, ludovic coues cou...@gmail.com wrote:
 2014-12-26 18:42 GMT+01:00 jungle Boogie jungleboog...@gmail.com:
 openiked (p?)

 Thanks,
 Jungle



 openiked isn't portable.

Thanks for the confirmation, That's pretty much what Theo stated as
well but there's this page:
https://github.com/reyk/openiked/

Internet Key Exchange version 2 (IKEv2) daemon - portable version of
OpenBSD iked

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Miod,
On 26 December 2014 at 10:19, Miod Vallat m...@online.fr wrote:
 Here's a list of projects that I'm aware of that openBSD created. Is
 that correct? (p) is for portable. What else am I missing?

 mandoc (p)

 Mandoc was not initiated by OpenBSD, although it got engulfed very
 quickly thanks to Ingo's hard work.

Very true!
http://mdocml.bsd.lv/porthistory.html

(2008 Nov 22): start of development
1.7.12 (2009 Apr 6): OpenBSD base (2009 Apr 6, Kristaps Dzonsons)
pkgsrc (2009 Apr 9)

So about five months after it was created, it was in base!


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Carsten,0
On 26 December 2014 at 11:11, Carsten Kunze carsten.ku...@arcor.de wrote:
 jungle Boogie jungleboog...@gmail.com wrote:

 Here's a list of projects that I'm aware of that openBSD created. Is
 that correct? (p) is for portable. What else am I missing?

 How about tmux (p)?


Damn good one!

Apologizes to the developer for omitting that!

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Raf,
On 26 December 2014 at 12:13, Raf r...@devio.us wrote:
 On Fri, Dec 26, 2014 at 02:11:04PM EST, Carsten Kunze wrote:
 jungle Boogie jungleboog...@gmail.com wrote:

  Here's a list of projects that I'm aware of that openBSD created. Is
  that correct? (p) is for portable. What else am I missing?

 How about tmux (p)?

 Nope - tmux(1), similarly to mandoc(1), has been started outside of
 OpenBSD (in 2007) and hadn't made its way to the project's CVS tree
 until 2009.

 BTW, some think that sudo(8) is an OpenBSD creation - that's not the
 case either.

Was Tim Miller (guy that created sudo, right?) an openbsd developer
before/during/after/never when sudo was put in base in 2009?


 Regards,

 Raf




-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Raf,
On 26 December 2014 at 12:56, Raf r...@devio.us wrote:
 On Fri, Dec 26, 2014 at 03:36:11PM EST, jungle Boogie wrote:

 Hi Raf,

 Hi jungle Boogie,

 Was Tim Miller (guy that created sudo, right?) an openbsd developer
 before/during/after/never when sudo was put in base in 2009?

 As already pointed out - Todd C. Miller, not Tim.

 http://www.sudo.ws/sudo/history.html


Thanks! This looks really interesting.

 Regards,

 Raf

 P.S. Doing your own research doesn't hurt - I promise ;^)


You're right. I had his first name mixed up but I knew he is an
openbsd developer and at least maintained sudo.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Ted,
On 26 December 2014 at 13:23, Ted Unangst t...@tedunangst.com wrote:
 On Fri, Dec 26, 2014 at 09:42, jungle Boogie wrote:
 Hello All,

 Here's a list of projects that I'm aware of that openBSD created. Is
 that correct? (p) is for portable. What else am I missing?

 The now deleted gzsig!

Your too kind way to say that I forgot signigy!

http://www.tedunangst.com/flak/post/signify


And it looks like its portable as well.


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD projects

2014-12-26 Thread jungle Boogie 
Hi Nikolai,
On 26 December 2014 at 16:49, Nikolai Fetissov niko...@fetissov.org wrote:
 Looks like openospfd is missing from the list.


Would you consider that a companion to openbgpd since the site says:
OpenBGPD's companions, ospfd(8), ospf6d(8), ripd(8), and dvmrpd(8) add
support for the respective protocols. ldpd(8) and mpe(4) add MPLS
support.


http://www.openbgpd.org/



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

openiked status

2014-12-24 Thread jungle Boogie 
Hello All,

The website for openiked[0] indicates it's under active development
but I'm just curious to know if this is still a developing project or
if it has been pretty much met all the goal?.



Best,
jungle

[0] http://www.openiked.org/

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: current.html typo: essention - essential

2014-12-23 Thread Jungle Boogie 

Dear Marcus,

From: Marcus MERIGHI mcmer-open...@tor.at
Sent:  Tue, 23 Dec 2014 12:12:28 +0100
To: misc@openbsd.org
Subject: current.html typo: essention - essential

just in case someone is bored enough to fix:


Right, I noticed this yesterday and replied to the source-changes list and 
then Dorian Büttner also noticed a mistake. Since then, Mark hasn't corrected 
the couple small mistakes.




Index: faq/current.html
===
RCS file: /cvs/www/faq/current.html,v
retrieving revision 1.582
diff -u -r1.582 current.html
--- faq/current.html22 Dec 2014 20:44:49 -  1.582
+++ faq/current.html23 Dec 2014 11:10:30 -
@@ -398,7 +398,7 @@
make install
  /pre

-Then proceed with doing a full build.  It is essention that you don't
+Then proceed with doing a full build.  It is essential that you don't
  install the files in /usr/src/share/mk before completing the steps
  outlined above!

Bye, Marcus





--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: DigitalOcean's BSD debut is FreeBSD only

2014-12-16 Thread jungle Boogie 
Hi OD,
On 16 December 2014 at 07:10,  openda...@hushmail.com wrote:
 Hi,

 It seems that DigitalOcean's BSD debut is going to be FreeBSD only. We, in 
 the OpenBSD community, are being asked to open up a separate UserVoice vote 
 for OpenBSD -- despite the fact that we've worked so hard to promote the 
 existing one. So, please drop by and share your frustrations:


I have not personally tested openBSD on https://www.vultr.com/ but I
have read (tweets, probably) that it will work.


 https://digitalocean.uservoice.com/forums/136585-digitalocean/suggestions/3232571-support-bsd-os
  -- I reckon around half the votes are from OpenBSD users.

 Many thanks!

 O.D.


Best,
Jungle

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD 5.6/current on Soekris 6501-70

2014-12-07 Thread jungle Boogie 
Hi Martin,
On 7 December 2014 at 18:18, Martin Hanson greencopperm...@yandex.com wrote:
 I would like to be able to run ~100-120 MB/s from one NIC to the other
 on this box, if possible?

Take a look a look at these threads:
https://www.mail-archive.com/misc%40openbsd.org/msg133961.html
https://www.mail-archive.com/misc@openbsd.org/msg134259.html

And others from here: https://www.mail-archive.com/misc@openbsd.org/

I was looking at APU systems myself but now I'm leaning towards this:
http://www.newegg.com/Product/Product.aspx?Item=N82E16856205007

No intel NICs but I like the price.



Best,
j.b.

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: OpenBSD 5.6/current on Soekris 6501-70

2014-12-07 Thread jungle Boogie 
Hi Gene,
On 7 December 2014 at 20:39, Gene gh5...@gmail.com wrote:
 I mentioned it one of those threads, I have the 2550L2D-MxPC and one of the
 NICs died after nine months of use.

 I might just be unlucky, but I feel its worth mentioning.

I probably glossed right over that post. Would you still recommend the
2550L2D-MxPC or move on to something more?

Regarding the brand 'OEM Production' that's the only unit on
newegg.com with dual LAN.

From a brief search the other day, this Jetaway looks appealing, too,
but it is slightly more expensive and has fewer reviews:
http://www.newegg.com/Product/Product.aspx?Item=N82E16856107095cm_re=mini_pc-_-56-107-095-_-Product

It does have intel NICs and way more sata ports.


 -Gene


-jb

---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Staying -current with cvsup or cvsync

2014-12-02 Thread Jungle Boogie 

Dear Stuart,

From: Stuart Henderson s...@spacehopper.org
Sent:  Tue, 2 Dec 2014 10:40:22 + (UTC)
To: misc@openbsd.org
Subject: Re: Staying -current with cvsup or cvsync


On 2014-11-28, Jungle Boogie jungleboog...@gmail.com wrote:

Hello All,

For the last several updates I've applied to my system, I've used plain CVS:
cvs -q up -Pd

This is pretty slow for some reason, but I understand that's just how CVS works.


I just timed an update of /usr/ports on my laptop at 63 seconds. That's fetching
from a good anoncvs server, with /usr/ports on SSD and mounted like this

/dev/sd1j on /usr/ports type ffs (local, noatime, nodev, nosuid, softdep)


63 seconds is quite impressive! I've got a pata drive with only:
(local,  nodev)

How often do you fetch/rebuild?

I plan on making a low power router (not really looking at the APU devices 
anymore) and in that, I'll use SSD or msata.





Does this mean cvssup is no longer used?


Correct, the server side was written in Modula-3 which on OpenBSD has only
ever been ported to i386 (most anoncvs servers are now running amd64) and
it was not widely used, so wasn't worth the maintenance headache and extra
exposure on servers.


Well the book I referenced is from 2003, when i386 was common and 3.1  3.2 
were out so it's not surprising that technological advancements have been made. ;)





Then I came across cvsync: http://www.openbsd.org/cvsync.html

Is cvsync preferred now?


CVSup was able to either mirror the full repository, or make a checkout.
The method you were looking at for CVSup was just for making a checkout.
(This was quite widely used by FreeBSD in the past, but in OpenBSD the main
method of users fetching the tree was from anoncvs mirrors).

cvsync is only used for mirroring the full repo. Useful if connectivity
between you and an anoncvs mirror isn't very fast, or if you want to hack
offline and still be able to make diffs etc. Unlike CVSup it cannot do
a direct checkout.

I used to run a local cvsync mirror at home. But then the anoncvs server
I used had some upgrades and got much faster so I now just fetch directly
from there, unless I am going to be travelling and want an up-to-date
local copy of the tree on my laptop.



Now that I understand what cvsync is, I don't think it would have saved me any 
time with the updates as the longest time seems like my HDD searching for 
data, not the actual transmit.


--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Staying -current with cvsup or cvsync

2014-11-28 Thread Jungle Boogie 

Hello All,

For the last several updates I've applied to my system, I've used plain CVS: 
cvs -q up -Pd


This is pretty slow for some reason, but I understand that's just how CVS works.

Michael W. Lucas' book Absolute OpenBSD (first edition) talks about using 
CVSup to update the local copy against the remote repo. (Page 344)


I also found this page: http://www.openbsd.gr/cvsup.html (notice that this is 
NOT .org.) the .org site doesn't have the same page: 
http://www.openbsd.org/cvsup.html


But the problem is I can't find cvsup in /usr/ports/net

nor anywhere else:
# make search key=cvsup
#

Does this mean cvssup is no longer used?

Then I came across cvsync: http://www.openbsd.org/cvsync.html

Is cvsync preferred now?

If so, could you advise what to use for collections if you want to have the 
same effect of:

cd /usr/src
cvs -q up -Pd


The example file displays: name openbsd release rcs
But I don't know if that will yield the desired outcome.

Thanks for any assistance.

Best,
j.b.
--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Staying -current with cvsup or cvsync

2014-11-28 Thread Jungle Boogie 

Dear Einfach,

From: Einfach Jemand rru@gmail.com
Sent:  Fri, 28 Nov 2014 22:30:29 +0100
To: misc@openbsd.org
Subject: Re: Staying -current with cvsup or cvsync

On the footer of this site you will find

-- Quote --
This site Copyright © 1996-2009 OpenBSD.
$OpenBSD: index.html,v 1.605 2009/12/01 18:13:58 ajacoutot Exp $
-- end Quote --

so it's out of date and thus probably not authoritative.


Yes, I noticed that, too!




the .org site doesn't have the same page:
http://www.openbsd.org/cvsup.html

But the problem is I can't find cvsup in /usr/ports/net

nor anywhere else:
# make search key=cvsup
#

Does this mean cvssup is no longer used?


Yes.


Thank you for the confirmation, I'll disregard this section from the book and 
see what the updated book (edition 2) has to say about updates.





Then I came across cvsync: http://www.openbsd.org/cvsync.html



The example file /usr/local/share/examples/cvsync/cvsync.conf
installed by the cvsync package also has

#   # alternatively, fetch only selected parts
#   collection {
#   name openbsd-cvsroot release rcs
#   }
#   collection {
#   name openbsd-ports release rcs
#   }
#   collection {
#   name openbsd-src release rcs
#   }
#   collection {
#   name openbsd-www release rcs
#   }
#   collection {
#   name openbsd-xenocara release rcs
#   }
#
#   # the X11 and XF4 trees are of historical interest only
#   collection {
#   name openbsd-x11 release rcs
#   }
#   collection {
#   name openbsd-xf4 release rcs
#   }

so the third collection in this list
name openbsd-src release rcs
should be sufficient for you.


Ah, the example was very close to what I was trying. I tried many variations 
to have src in the collection but it wouldn't work.


I'll give this a shot and see how much faster the update is with cvsync!



HTH
rru



Best,
j.b.

--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Staying -current with cvsup or cvsync

2014-11-28 Thread Jungle Boogie 

Dear Einfach,

From: Einfach Jemand rru@gmail.com
Sent:  Fri, 28 Nov 2014 22:59:05 +0100
To: misc@openbsd.org
Subject: Re: Staying -current with cvsup or cvsync


Am 28.11.2014 22:38, schrieb Jungle Boogie:
[...]

I'll give this a shot and see how much faster the update is with cvsync!


You are aware that this might not be much faster since

- first you synchronize your local repository with cvsync,
   which takes some time

- then you synchronize your working copy /usr/src
   with your local repository doing cvs up, which takes time as well.

See also

http://marc.info/?l=openbsd-miscm=138652306002368w=2




This helped out! I'll stick with the traditional way.


Cheers,
rru





--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hello All,
On 25 November 2014 at 12:52, Motty Cruz motty.c...@gmail.com wrote:
 Hello all,
 I am searching for hardware to build a router with OpenBSD. I have found
 mixed signals as to fastest system with i386 or 64bit. I know in the past
 i386 OpenBSD used to perform a lot better than 64bit system.


I'm in similar situation as Motty, I'd like an OBSd to use for pf.

I'm interested in this: http://store.netgate.com/kit-APU1C4.aspx
with the msata drive.

Anyone have any objections? I know the NICs are not intel so that will
probably get a strike against it, but I like the low power.

 Any suggestions!
 Thanks,
 Motty


Thanks,
Jb


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hi Stan,
On 27 November 2014 at 19:49, Stan Gammons sg063...@gmail.com wrote:
 On 11/27/14 21:35, jungle Boogie wrote:

 Anyone have any objections? I know the NICs are not intel so that will
 probably get a strike against it, but I like the low power.



 I have a couple of the APU1C's and they are Ok.  They had and to some extent
 still have a few BIOS issues. Perhaps it's nit picking, but I wish they
 would fix the LED link rate issue.  The APU's do run pretty warm, but that
 doesn't seem to hurt reliability.



Well I think to run free/openBSD, you have to run a bios update.
Hopefully there's a newer bios that resolved those issues you

 Stan


jb


-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hi Brad,
On 27 November 2014 at 19:51, Brad Smith b...@comstyle.com wrote:
 On 11/27/14 22:35, jungle Boogie wrote:
 Anyone have any objections? I know the NICs are not intel so that will
 probably get a strike against it, but I like the low power.


 Unless you guys give some sort of hints as to what these routers and /
 or firewalls are going to be used for just asking for hardware
 recommendations without such details is useless. What sort of throughput
 / packets per second do you forsee on the inside network? What is your
 target or expectation? If there is a WAN connection how fast is it? Are
 you lucky enough to have Gbit or is it only say a 50Mbps connection?
 Those types of details matter.



I think the WAN on my home connection is 100Mbit. I'd essentially like
it to replace the cable company netgear router.

Regarding PPS, I have no idea how I'd measure that. It would be
serving a home network with moderate network usage. I'd like basically
have a router that I can experiment with pf and openbsd without the
worry that the hardware is no good.


 --


Thanks,
jb

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hi Stan,
On 27 November 2014 at 20:09, Stan Gammons sg063...@gmail.com wrote:

 The latest BIOS, 9/8/2014, doesn't fix the LED issue.

 I saw Brad's comments in the other email. The APU is Ok to use as a home
 firewall. I have no experience on using one in more demanding environment.



Well what would be something above OK? A soekris? It doesn't seem
those have as much RAM, though.

 Stan


Thanks,
jb



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hi,
On 27 November 2014 at 20:38,  thev...@openmailbox.org wrote:

 you can just use old hardware for these purposes.

 from the man who literally wrote the book on pf (from pf tutorial via
 http://home.nuug.no/~peter/pf/en/long-firewall.html):

   I have not seen comparable tests performed recently [3.1 era], but in my
   own experience and that of others, the PF filtering overhead is pretty
   much negligible. As one data point, the machine which gateways between
   one of the networks where I've done a bit of work and the world is a
   Pentium III 450MHz with 384MB of RAM. When I've remembered to check, I've
   never seen the machine at less than 96 percent 'idle' according to top.


Yes, that's true! But less fun. ;)

I do have some Dell dimensions machine with OpenBSD -current running
now that I could easily get two NICs but its kinda old and slow to
update current. I'll measure the power to see how much it uses.

With the fact that old hardware, why would the APU be OK and not good?


jb
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Packet Filter router i368 vs 64bit

2014-11-27 Thread jungle Boogie 
Hi Brad,
On 27 November 2014 at 21:01, Brad Smith b...@comstyle.com wrote:

 I don't see anyone claiming it would not be good. It's more like if you
 happen to have some old hw around that it would probably be good enough
 for what you're describing but the APU system would also do the job just
 fine.



Fair enough. ;) Thanks for the info!



Best,
j.b.



-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Can't Install OpenBSD 5.6 with FTP

2014-11-22 Thread jungle Boogie 
Hi Kenneth,
On 22 November 2014 at 18:37, Hendrickson, Kenneth khend...@harris.com wrote:
 Note that I'm trying to install from my own private network.  Yes, I could 
 install from the servers on the web.  But I have many boxes to install, and I 
 want the installations to go fast.  I don't want to pound the servers with 
 hundreds of requests.  So I want to use my own servers.  And I can't.  That 
 is what I'm pissed off about.


Have you reviewed this tutorial: http://www.bsdnow.tv/tutorials/autoinstall

I don't have any experience with the autoinstall, though.

 !@#$%


Best,
jungle

---
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Updating ports from CVS question

2014-11-07 Thread Jungle Boogie 

Hello All,

# uname -a
OpenBSD jackknife.my.domain 5.6 GENERIC.MP#0 i386

This system should be -current as of last night.

I'm trying to build ports:
# cd /usr
# cvs -qd anon...@anoncvs.usa.openbsd.org:/cvs get -rOPENBSD_`uname -r | sed 
's/\./_/'` -P ports


Problem is that I got impatient and thought ports were hanging somewhere 
around the x11 stuff so I stupidly ^C


Now after rebooting the machine several times, I cannot connect back to 
anoncvs.usa.openbsd.org and the other mirrors don't do much. Meaning I can 
connect but no other message indicates ports are being downloaded.


For awhile the error message was that my IP address has a connection already 
but now it looks like the connection is dropped altogether as there's no message.


Although, I can open a telnet connection to the cvs port:
telnet anoncvs.usa.openbsd.org 2401
Trying 149.20.54.217...
Connected to anoncvs.usa.openbsd.org.
Escape character is '^]'.

cvs [pserver aborted]: bad auth protocol start:

Connection closed by foreign host.

Any recommendations on what to do?

--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Updating ports from CVS question

2014-11-07 Thread Jungle Boogie 

Dear Steve,

From: Steve Williams st...@williamsitconsulting.com
Sent:  Fri, 07 Nov 2014 09:11:51 -0700
To: misc@openbsd.org
Subject: Re: Updating ports from CVS question


Hi,

It is 1000 times faster (or some value... but wayyy faster)  to just ftp the
ports.tar.gz file over when compared to using CVS.



Great idea! How do you update your ports, then? Just download a new 
ports.tar.gz file or:

# cd /usr/ports
# cvs -d anon...@anoncvs.usa.openbsd.org:/cvs -q up -rOPENBSD_`uname -r | sed 
's/\./_/'` -Pd




Just saying...

Cheers,
Steve Williams




--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: Updating ports from CVS question

2014-11-07 Thread Jungle Boogie 

Dear Ingo, Misc

From: Ingo Schwarze schwa...@usta.de
Sent:  Fri, 7 Nov 2014 19:18:08 +0100
To: Jungle Boogie Cc: misc@openbsd.org
Subject: Re: Updating ports from CVS question


Jungle Boogie wrote on Fri, Nov 07, 2014 at 08:20:36AM -0800:


Great idea! How do you update your ports, then?
Just download a new ports.tar.gz file


If you are running -stable, that doesn't help.
The file ports.tar.gz doesn't get updated for -stable after release.


or:
# cd /usr/ports
# cvs -d anon...@anoncvs.usa.openbsd.org:/cvs -q up -rOPENBSD_`uname
-r | sed 's/\./_/'` -Pd


Yes, you start from ports.tar.gz, and then, you update that tree
with cvs(1) as needed.

I don't like your uname(1) hackery, though.  It's unsafe, giving you
a false sense of security.  For example, i'm running -current, but
your uname(1) says, on my -current machine:

$ uname -r | sed 's/\./_/'
   5_6
$ uname -a
   OpenBSD isnote.usta.de 5.6 GENERIC.MP#5 i386


I followed directions here:
http://www.bsdnow.tv/tutorials/stable-current-obsd

I did skip one reboot, though.

Also, I went from 5.6 -release to -current and now looking at the directions, 
following a snapshot is recommended. I would expect my uname to update, though.





To update my ports tree, i have to do:

$ cd /usr/ports  cvs -d ... up -dP

without any -r argument, but your uname(1) would give me a bogus -r
argument, so in some situations, it does the wrong thing.

I'd recommend that you just supply the correct -r by hand if needed.


I think I'll rebuild the machine based on a snapshot THEN update to -current!



KISS!

Yours,
   Ingo





--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

<    1   2