rnel",
that makes the bad idea of an upgrade look good (it isn't).
Reinstall from scratch. Good time to look at how you used disk and
partition better this time.
Nick.
(i.e., clock is hosed on your computer).
So ... unless some developer I really respect (which is just about
all of them1) tells me to change this, I'm not planning on
changing the behavior of the machines.
Nick.
s wrong. So keep your design flexible and be
willing and able to say, "Well, this isn't working, let's rebuild
it with the knowledge we now have". This idea that you have to have
the perfect build the first time out is ... well, just wrong.
Nick.
p/',
'PATH_INFO': '/',
'REQUEST_URI': '/path/to/app/',
'SCRIPT_NAME': '/path/to/app',
but I am second-guessing myself a lot.
Thank you for your time, and any clues you can toss my way
-Nick
[1] It's Radicale. But see below for my testing webapp that isolated the issue.
[2]
any port 1024:65535 to $ext_if
port $server_open tag n_traffic
#block all to start
block all
pass quick tagged RDR
pass quick tagged n_traffic
pass out on $ext_if
On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only
hitting
On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if prot
Hi Fabio,
I believe this will do what you want, seemed to work in quick testing
here, adjust to suit your environment.
match in on $ext_if proto tcp from to ($ext_if) port 25
rdr-to 200.200.200.200 port
match out on $ext_if proto tcp to 200.200.200.200 port received-on
$ext_if
On 2020-01-15 11:05, Strahil Nikolov wrote:
> On January 13, 2020 5:40:06 AM GMT+02:00, Nick Holland
> wrote:
>>On 2020-01-12 15:39, Antoine Jacoutot wrote:
>>> Sounds like something is keeping your fs busy. Could be gio-kqueue,
>>do you have glib2 installed?
>&g
t that something couldn't camp out on the
empty file system, but not much reason for something to do so.
Thanks for looking!
Nick.
> —
> Antoine
>
>> On 13 Jan 2020, at 06:01, Nick Holland wrote:
>>
>> Hiya.
>>
>> I'd like to use amd(8) to automatica
mounted when the power goes out.
Am I doing something wrong? Do I have inaccurate expectations of
what amd(8) does with local file systems?
Nick.
OpenBSD 6.6-current (GENERIC.MP) #599: Sat Jan 11 18:52:00 MST 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem
disk
space" error, and a minute later, see much more space than you
thought you could ever need to accomplish the task, once the deletions
have time to take effect.
So ... make sure you have lots of extra disk space...if things are
snug, it's a bad place to use softdeps.
Nick.
e rather than ACHI or "legacy" mode.
So ... is it possible the CMOS battery is bad on your machine? This would
explain a "Power up, set up machine, install, reboot -- ok". "power off,
power back on later, won't successfully boot" (the kernel would load, but
be unable to access the disks and then panic). I'm not convinced this is
the problem, but might be.
Nick.
ly the best place to put an AP
is not the best place to put a router. My AP is in my attic, my router
is in my basement, with one chunk of CAT6 between them.
Putting an important radio receiver next to a bunch of RF-noisy computers
doesn't work so hot. :)
Nick.
nning on licensing in that?
When they have something to show...let's be real, I'll probably
ignore that, too. There's nothing about their goals and
objectives that interests me at all.
Nick.
an incredible amount of information and context
here, so I'm going to say there's a PEBKAC here somewhere.
Now, if you want to tell us in detail what you are doing and
what is actually happening. Otherwise, best I can say is
something ain't right.
Nick.
trol" the
boot? plug in a keyboard and hold down either CTRL key, and you will be
given the boot> prompt.
Nick.
> Here is the dmesg from my latest Dell server:
>
> OpenBSD 6.6 (GENERIC.MP) #3: Thu Nov 21 03:20:01 MST 2019
> r...@syspatch-66-amd64.openbsd.org:/usr/src/
SSDs.
HOWEVER...if you don't need performance and you can't point to a
real benefit, as always, keep it on the default.
Nick.
On 2019-11-29 02:26, Clay Daniels wrote:
> Nick, thanks for straightening me out about what is actually going on here
> with the install. I see that there is now a fresh snapshot with today's
> date, not the one I downloaded and ran yesterday. This might tend to keep
> one busy. I'
d,
but read what I wrote earlier, it's no longer using that -- the boot has
completed, and it's running from RAM now, it's completely ignoring that
USB drive. So let's say you do this and you see it's sd4. Tell the
installer the files are coming from a file system not currently mounted
and when it asks, tell it "sd4"
Nick.
complish your task at hand.
NOW you will be able to do what you wish. Yes, the installer script
does this for you. And yes, this is a common issue regardless of
platform.
Nick.
y does not exist or today is newer, copy the file
> # else hard link the file to yesterday
rsync --link-dest -- it's been in rsync for well over 10 years at this
point. Little wrapper shell script and away you go...
Nick.
primary killer, it's
just a predictable one.
Nick.
can dance on the head
of a pin or "best programming languages" or "desktop experience",
please, go elsewhere.
Nick.
ens if you change that?
And to be clear -- when you say it doesn't see the SCSI drive, how
are you not seeing it (i.e., what did you do to "see it" and what
was the result?).
Nick.
On 10/9/19 11:19 AM, openbsd.s...@0sg.net wrote:
> Here's what I think.
...[bla bla bla]...
> Amirite ? ;)
I don't know. Let's see your work.
I don't care what your theoretical arguments are, I want to see
results.
Nick.
y. If you have a bad drive, one of those
physical drives is going to not be online.
Nick.
do with either fsck or RAID -- you have to have
a backup. RAID doesn't change that.
Nick.
the committer is trying to
help you get a point your submissions DON'T suck
initially.
Find something you want to fix or improve...do it,
and enter the loop. :)
Nick.
ork great on some really slow storage, like USB flash drives.
Leaving out x*tgz, and compXX.tgz are big time savers when upgrading
a flash based install.
On the other hand, KARL and library randomization are also killing those
solutions...so I guess it might be time to move on?
Nick.
erver for malicious
reasons (and they find it!) is pretty small. But that might not be
your use case. If you need to close those openings...you had best
think hard about how you expect that to happen.
Nick.
s has dropped a LOT
to the point that it's difficult to catch. I think Ian's tip is a bit
safer.
Nick.
httpd.d directory and create a template domain.conf file in
there for each one, and just add an "include" line in your
httpd.conf for each new domain. Now when you decide that all your
domains are NOT just alike, you can easily rev the ones that are
different.
Nick.
essor requirements for the database.
>
> As for the web server daemon itself, I think Reyk Floeter would be the
> best placed to answer that question - also paging Nick Holland for
> more hardware expertise.
>
> On Thu, Aug 15, 2019 at 12:57 PM Tito Mari Francis Escano
> wrote:
>>
essor requirements for the database.
>
> As for the web server daemon itself, I think Reyk Floeter would be the
> best placed to answer that question - also paging Nick Holland for
> more hardware expertise.
>
> On Thu, Aug 15, 2019 at 12:57 PM Tito Mari Francis Escano
> wrote:
>>
stance in the other
screen. Not the end of the world, there are more browsers out there,
I suspect I can run iridium or something similar in one "screen" and
a cousin in the other.
My "screens" are slightly dissimilar -- screen 0 is two 1920x1200
monitors, screen 1 is two 1920x1
deliberately set to,
"don't work properly" you need to change to "work correctly" in OpenBSD.
Nick.
quot;?
To save 45k per copy of this message, links to dmesg and xorg log:
http://nickh.org/Xorg.0.log.txt
http://nickh.org/dmesg.txt
Nick.
ember: Security is important for ethical reasons. Compliance is
important for legal reasons. The key to workplace contentment is
understanding they are unrelated to each other. Both are important, but
one does not lead to the other.
And audits go better when the auditor finds something to complain about
and get you to change.
Nick.
lex ways. You want me to swear you'll never have to manually
intervene in boot after an "event"? Nope. But I've walked
non-technical people through single-user fsck's over the phone; when
your bastardized system breaks, you will be down for a lot longer and
you will be going on-site to fix.
Nick.
u have "unlocked" the encryped partition and it becomes a new
logical drive, make note of that, and answer that drive to the installer
if it doesn't figure it out on its own.
Nick.
rade, if the upgrade deleted
all those libraries BEFORE you had a chance to upgrade that binary, it
would quit working. While I'm all for "Fail Closed", it might be
premature to call it a failure. Or not.
It is very hard to please all, and even harder to cover all possible
situations.
Nick.
On 5/3/19 2:32 PM, Strahil Nikolov wrote:
> On May 3, 2019 10:49:55 PM GMT+03:00, Nick Holland
> wrote:
>> On 5/2/19 1:52 AM, Consus wrote:
>>> Hi,
>>>
>>> I've upgraded my systems from 6.4 to 6.5 without a glitch, but I
>>> see that /etc/n
On 5/2/19 8:04 AM, Ted Unangst wrote:
> Nick Holland wrote:
>> > In a shell script invoked by doas, is it possible to find which user
>> > invoke the script? my search a the moment has come up empty.
>>
>> most likely place would be an environment variable, right
On 5/1/19 10:28 PM, Adam Steen wrote:
> Hi
>
> In a shell script invoked by doas, is it possible to find which user
> invoke the script? my search a the moment has come up empty.
most likely place would be an environment variable, right?
So ...
$ whoami
nick
g to solve a non-problem. And sometimes, 'specially on an
upgraded machine, it's great to see how things WERE when the machine was
set up. If you really care, go ahead, delete stuff.
Nick.
/var/tmp is a symlink to /tmp.
It can't make the link. No surprise.
Answer "Yes" to the "Continue anyway?" prompt, and all will be fine, I
believe.
Nick.
is useful for real security reasons. You can't fix stupid
behavior with technology.
Nick.
be in business.
If that doesn't do it, show us your exact commands and exact output you
are seeing.
Nick.
) and an OpenBSD
fdisk partition (physically after the DOS/FAT partition), disklabel it
and format it on Windows, then format it on OpenBSD.
Few small files a few at a time? Just use the defaults.
If performance matters, mounting with "noatime" and "softdep" are HUGE
wins. If you aren't waiting, though, you won't get any benefit, so just
use the defaults.
Nick.
und just fine, but the rest
of the machine was "eh".
So... If you end up with an nvidia powered machine in your pile, give
it a try and see how it works for *your application*. If you are
buying, no, I'd just avoid it, the alternatives work better.
Nick.
other than some customized CSS.
>
> You can see the log here:
> https://cvsweb.openbsd.org/ports/devel/cvsweb/Makefile
>
customized CSS? You have more faith in my skills than you should. :)
It's the stock ports, with a few knobs twisted in the config file.
Nick.
same problem -- under
circumstances I haven't quite figured out, the CMOS resets to default,
which, oddly, is RAID.
Nick.
On 2/12/19 3:19 AM, ¯\_(ツ)_/¯ ¯\_(ツ)_/¯ wrote:
> try running stable.
>
Stunningly bad advice for a hardware problem.
There's literally nothing in -stable that isn't in -current, and when it
comes to hardware support, a most recent snapshot is always the best.
Nick.
t the decisions you make OTHER
than HW platform, as they matter far more.
Nick.
cares? Just use a -current bsd.rd!),
boot off that, reinstall exactly as you want it. The Vultr console
works great on OpenBSD chrome and firefox browsers. Use DHCP for
network. Done.
If you have ever used VMWare's craptastic management clients, you will
be amazed how well Vultr works.
Nick.
ain a
chain of custody; this won't happen if you roll your own. I'll admit I
hadn't thought of that until a police officer friend of mine started
telling me about the training he was taking on exactly this topic --
*they* need to be able to get the video out of the device in a timely
manner, and they have to explain to the judge and jury how it was done.
Nick.
or one and zero storage and remapped them.
Did this recently with some annoying SSDs that have been bugging me for
years, and the results have been ... promising (NO problems since).
Nick.
e
space and there isn't much I couldn't shuffle on a system, even remotely
(I can't move /. I can't necessarily save data without someplace else
to put it).
Nick.
:20:42 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
So ... Doesn't appear to be a systemic problem, most likely either a
knob you twisted before the upgrade or something about your upgrade process.
You need to provide more details about what you did...both before and
during the upgrade...and some indication of what platform you are
running and the snapshot you upgraded to.
Nick.
ng with randomly
assigned people and sharing a bathroom. You may end up learning things
about others you may not want to know.
Nick.
behaves as you describe with a very modest
(smaller than suggested) root partition, but I'm feeling very alone
here. :D
Nick.
probably
won't be breached by a Spectre or Meltdown-like attack. But it MIGHT
be. Obsessing about them is generally missing the real day-to-day risks.
Nick.
ur backup. And, this should
be the lowest down-time -- you can fully test the new system (AND FIX
YOUR BACKUP PROCESS) before you flip the switch.
Nick.
On 11/07/18 11:34, Kihaguru Gathura wrote:
> Hi,
>
>
> On Wednesday, November 7, 2018, Nick Holland
> wrote:
>> On 11/05/18 23:51, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> From a security standpoint,
>>> which platform will offer bett
ning apps written by someone
without any idea what they are doing in an interpreted language like
PHP, and the exact same exploits will take out either platform, because
the exploits will be at a much higher level than the processor.
Nick.
I was wondering how you maintain and update such high quality content in
OpenBSD's site.
Do you manually edit html files, use a cms, or something else? I am asking to
shamelessly
copy your best practices. ;-)
Thanks,
Nick
r SATA disk as
non-boot space. Or perhaps a SATA to IDE adapter and attach it to the
factory IDE port.
Nick.
master.passwd and group files first.
Also -- assuming there was an OS upgrade, copying over the user and
group files just broke all new system users, so re-run sysmerge.
Nick.
while Realteks used to be condemned and insulted, the new
network devices on many ARM boards is making Realteks look good. At
least their limitations are understood and dealt with well in SW.
Most people don't need the absolute best HW. But in your case, you
probably want those PCI-PCI bridges configured. :)
Nick.
ortunately, most of the non-Intel
systems show why Intel (and AMD) own the serious computer market.
Nick.
rying to gain by moving a disk
from the old system to the new one? Just put a new disk on the new
system, load the platform of choice, and copy your key config files from
the old one to the new one, and that way, your old system still exists.
Nick.
hat was actually overwritten is not going to be recovered.
Nick.
e in a very
interesting direction a couple decades ago, and I'll thank this ass in
particular for reminding me that I'm a bit behind in my project
donations (I do miss the CDs). That has now been fixed.
Nick.
ed.
So...sounds like a lot of things are blocked.
> Does anyone know how I can fix this?
Unblock port 22? Or more likely, move to a non-port 22 blocking
network. Lots of businesses block port 22 outbound, which you need.
Nick.
match is:
match tag "SPAM_IN" from any for domain action "lmtp-local"
Hopefully this might help someone in the future.
Regards - Nick
On 28/05/2018 16:48, Nick Ryan wrote:
Hi Mark, viq, did either of you get it to work with the virtual table?
Mine mostly works with:
action &qu
Hi Edgar, this is the format:
postmas...@nr.ie n...@nr.ie
webmas...@nr.ien...@nr.ie
n...@nr.ie vmail
Is this where it's pulling the %{user.username} being vmail from?
Dovecot is expecting u...@domain.tld
Regards - Nick
On 28/05/2018 18:28, Edgar Pettijohn III wrote:
On 05/28/18 10
I get a no recipient specified and if I have
the {user.username} it gives a similar error.
Did your virtual work or am I doing something daft?
Regards - Nick
On 27/05/2018 08:51, viq wrote:
On 18-05-27 09:34:10, Mark Patruck wrote:
For me it works with %{user.username} as mail.lmtp(8
ed like a great idea at the
time that most OpenBSD would not do and the developers would not have
thought worth planning for in the upgrade scripts?
I'm thinking symlinks of something to somewhere else, etc.
Nick.
;> is already -current, right? Because I can't find answer from
>>> https://www.openbsd.org/faq/current.html, just want to confirm it.
Nope. As long as you move FORWARD, all is good. -current is just a
step along the way to next -release, the next -release is just a spot in
the -current continuum.
Nick.
l, done.
If not ... just make the fdisk partition something else, and create an
OpenBSD partition in that space using disklabel, format it as normal.
And don't ever us an OS on the machine of the type of the fdisk
partition you picked. :)
Nick.
not sure, but that sounds like you
have a HW problem. Keep in mind, when it comes to networks, it's not
just the computer -- the wire and the switch are also all suspect.
But it boils down to this: if you want help on OpenBSD, you play by the
rules and run either -current or at least a supported release (and if
you contend it's an OS issue, you verify it still exists in -current!).
If you don't need OpenBSD help...this isn't the place. And if you can
say with certainty, "everything is the same", you will have no trouble
adding debugging info and figure out your own problem.
Nick.
orry for the noise
>
Did you disable the RAID functionality of this card? If not, the BIOS
probably tried to "rebuild" one disk onto the other, causing you all
kinds of pain. softraid has to do everything for this to work properly.
Nick.
w partition.
* Set up the boot code on the new disk.
Interestingly, that's basically the process for any Unix-Like OS (ULOS).
The last step (set up the boot code) will vary tremendously from ULOS
to ULOS, and SELinux will require some voodoo that few understand to
make things work after moving them in the name of security.
Nick.
On 04/12/18 09:47, Consus wrote:
> On 08:28 Thu 12 Apr, Nick Holland wrote:
>> Another "failure mode" of VirtualBox people should be aware of:
>> I understand through good sources, Oracle monitors the IP addresses that
>> it's downloaded from, and if they can t
(or update) the
"not for unrestricted free use" parts, their lawyers will contact you
and send you a bill...and they really don't care about "for work" or
"not for work related" uses.
I'd really recommend removing this product from your computers.
Nick.
I would like to install OpenBSD wirelessly, but my card requires additional
firmware (iwn) that is not included in the installer. Is there a way to
overcome this obstacle?
On 04/03/18 02:54, Mik J wrote:
> Thank you Nick, I understand
>
> I mount my partition like that
> /sbin/bioctl -s -c C -l /dev/sd0h softraid0
> /sbin/mount -o rw,nodev,nosuid,softdep /dev/sd1c encrypted
>
> And it appears this partition always have 0,1% of fragmentation
hink less than a tenth of a second is quite good. Superfast, even.
The message you got clearly indicates that an fsck was needed.
I use this technique myself on some systems. Just run fsck, it won't
slow you down unless needed.
Nick.
y the VGA was
attached to the computer, caused annoying flicker on the monitor that
mostly went away when I happened to need that HDMI cable elsewhere.
Nick.
est, then growfs each of them to fluff them out to the
size you got.
Not saying it's the best way to do things, but it's educational. :)
Nick.
gle Apps for Business accounts I know of
and adding a line for each.
= Nick
keyboard and
monitor aren't attached or hard to get attached. Realistically, it's
just that when you have keyboard and monitor attached, the fix is just a
few minutes away, rather than hours or days, and you can walk just about
anyone through it over the phone, and thus becomes a "non-event".
Nick.
has been already said. Otherwise, just edit
doas.conf, test, and have a great day!
Nick.
ssue than an OS or
application issue.
Step 3: contact the port maintainer. Maybe they are aware of something.
Do not do this before steps 1 and 2 are complete, however.
After that, file a proper bug report.
Nick.
a good starting point, but notice that
it is NOT part of the base system ... for a reason! (that's a custom
compiled kernel I showed a snippet of the dmesg of)
Nick.
time, because ... well, I slipped notes to myself
into the FAQ. And now that I'm not maintaining it, some of my crib
notes have been deleted! :)
Hopefully, I'm the only user of THAT type...
Nick.
it several times with
people, it is so stupidly easy to do in person, you can easily guide
someone through it over the phone, just having them read to you what is
on the screen, and tell them the appropriate response. They will be
wowed beyond belief, I suspect.
Nick.
On 01/11/18 09:45, Andreas Thulin wrote:
> Hi!
>
> Again, an ignorant question (as usual):
>
> How might I do something similar to
>
> # dd if=/dev/one of=/dev/sd0 bs=1M
>
> as a complement to the usual and well-described
>
> # dd if=/dev/zero of=/dev/sd0 bs=1M
>
> followed by
>
> # dd
you 1) think
I'm an idiot and storm off? 2) make the changes I suggest and decide
this isn't fun and then wander off? 3) decide I'm brilliant and start
writing the "Nick Way"? (hint: it won't be #3. In this case,
hopefully, it would be #4: kick me off the administration team, since
it's YOUR server, not mine! :) )
Bonus points for actually doing it, though.
Nick.
Hiya.
Due to facilities maintenance, the following resources will be
unavailable from somewhere around Jan 3 8:30pm EST until Jan 7 8:30am EST:
* openbsd.cs.toronto,edu
* obsdacvs.cs.toronto.edu
* man.openbsd.org
* cvsweb.openbsd.org
Thanks for your patience!
Nick.
201 - 300 of 2535 matches
Mail list logo