Re: experience with supermicro based Network Devices for 1Gb/s Ipsec throughput

2020-01-28 Thread Andrew Luke Nesbit
On 01/10/2019 21:17, Lyndon Nerenberg wrote:
>> SYS-5018A-FTN4
> 
> If you have any of these, replace them.  They have known buggy CPUs
> and will randomly fail without warning.  We replaced about a dozen
> of them after >50% failed within the first year of installation.

I have several of these boards that need RMA'ing.  Fingers are crossed,
and holding thumbs, that this gets a positive result.

> Note this isn't an OpenBSD problem -- the 5018As are just bad hardware.
> (They also have APIC interrupt issues, most likely due to a buggy ACPI
> implementation.)

I know a lot about the above bricking issue ("Erratum AVR.54") but I
never heard anything about an ACPI problem.  Do you have a link to
further information please?

I also have several servers that were produced *after* the SoC was fixed
(C0 stepping instead of B0).  I don't know if any ACPI fixes were
implemented though.  It would be good to get some kind of understanding
on this.

> We replaced all our SYS-5018A-FTN4s with SYS-5018D-FN8Ts.

Did the slightly more powerful cores (and potential for much more RAM,
plus other various improvements) in the replacement server compensate
sufficiently for the number of cores being halved?

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Home NAS

2019-11-15 Thread Andrew Luke Nesbit

On 15/11/2019 10:11, gwes wrote:

On 11/14/19 3:52 PM, Andrew Luke Nesbit wrote:

On 15/11/2019 07:44, Raymond, David wrote:

I hadn't heard about file corruption on OpenBSD.  It would be good to
get to the bottom of this if it occurred.


I was surprised when I read mention of it too, without any real claim 
or detailed analysis to back it up.  This is why I added my disclaimer 
about "correcting me if I'm wrong because I don't want to spread 
incorrect information".


[...]


There was a thread a couple of months ago started by someone either pretty
ignorant or a troll.
The consensus answer: no more than any other OS, less than many.


Thank you gwes, for the clarification.

The thread is vaguely coming back to my memory now.  I was dipping in 
and out of it at the time as I didn't have time to study the details at 
the time.



One size definitely doesn't fit all.


That is pretty obvious.  I never mentioned a blanket rule, and I assume 
that OP is able to tailor any suggestion to their needs.



Backup strategies depend on user's criteria, cost of design and
cost of doing the backups - administration & storage, etc.


Sure.  I don't have a personal archival storage system yet for long term 
storage that satisfies my specifications because I don't have the 
infrastructure and medium yet to store it.  I plan on investing in LTO 
tape but I can not afford the initial cost yet.



In an ideal world every version of every file lasts forever.
Given real limitations, versioning filesystems can't and don't.


Indeed.  But having archival snapshots at various points in time 
increases the _probability_ that the version of the file that you need 
will be present if+when you need it.



If your data are critical, invest in a dozen or more portable
USB drives. Cycle them off-site. Reread them (not too often)
to check for decay.


Yes, this is part of the backup system that I'm designing for my NAS, 
but it's not so much for archiving.



If you have much  available, get a
modern tape system.


Yes, as I mentioned above LTO would be great if+when I can afford it.


The backup system used over 50 years ago still suitable for many
circumstances looks something like this:
   daily backups held for 1 month
   weekly backups held for 6-12 months
   monthly backups held indefinitely offsite.
Hold times vary according to circumstances.


I think something like this is a good plan.


The backup(8) program can assist this by storing deltas so that
more frequent backups only contain deltas from the previous
less frequent backup.


I've not used backup(8) before, thanks for the suggestion.  I will have 
a look.



The compromise between backup storage requirements and granularity
of recovery points can be mitigated. The way to do it depends on
the type and structure of the data:

Some data are really transient and can be left out.

Source code control systems (or whatever the name is this week)
are a good way for intermittent backups to capture a good history
of whatever data is around if it's text.


I don't understand how SCM's are supposed to help with this...


DBs often have their own built-in backup mechanisms.


This underscores the difference between file system-level backups, 
block-level backups, and (for DBs) application-level backups.  In 
particular I'm trying to figure out a generally applicable way of taking 
a _consistent_ backup of a disk without resorting to single user mode.


I think COW file systems might help in this regard but I don't think 
anything like this exists in OpenBSD.



Binary files can be regenerated if the source *and* environment
are backed up.


Storing the environment is a tricky problem that I haven't found an 
entirely satisfactory solution for, yet.



been there, mounted the wrong tape... what write protect ring?


O yeah... me too.  My team inherited a hosted service and upon 
auditing we discovered its backup system was stranger than fiction.  But 
it was so bizarre that we couldn't determine whether it was _supposed_ 
to be that way or if our reasoning was flawed.  A classic type of problem.


Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Home NAS

2019-11-14 Thread Andrew Luke Nesbit

Hi Dave,

On 15/11/2019 07:44, Raymond, David wrote:

I hadn't heard about file corruption on OpenBSD.  It would be good to
get to the bottom of this if it occurred.


I was surprised when I read mention of it too, without any real claim or 
detailed analysis to back it up.  This is why I added my disclaimer 
about "correcting me if I'm wrong because I don't want to spread 
incorrect information".


The reason why I brought it up on a public mailing list was to find out 
if anybody else has heard any inkling _at all_ regarding this, even a 
skerrick of a mention.


I have a feeling I may have even heard about it on this list but I'm not 
sure.  If somebody out there genuinely suspects that this happened then 
it would be good to know so we can clear it up.


Kind regards,

Andrew


On 11/14/19, U'll Be King of the Stars  wrote:

On 15/11/2019 04:45, Raymond, David wrote:

I have done similar things on Linux for years and am now doing them on
OpenBSD.  Sounds like what you want to do can be done with a simple
rsync script.  OpenBSD ffs (ufs) should be stable, it has been around
for decades in various incarnations.  I have never noticed bit rot in
this system, though I imagine it could happen if a disk is gradually
going bad.


Please correct me if I'm wrong because I don't want to spread incorrect
information.

A couple of months ago I read a couple of reports of filesystem
corruption on OpenBSD.  I didn't have time to investigate deeply and I
don't know if these issues were even real.  Even if they were real I
don't know if the problem was due to user error or a defect in the OS.

Does anybody know anything about this?


That's why multiple backups help.


Agreed.  See below.


You might want to set
up a raid5 backup, as this detects parity errors.  More complicated
though.


This is exactly the kind of reason that hybrid volume management systems
+ filesystems such as Btrfs and ZFS have become popular.

I do not know anything about OpenBSD's LVM.


One weakness in such as system (ask me how I know!) is that
if the NAS goes gradually bad, the errors will propagate to the
backup.  Using rsync without the --delete option most of the time
alleviates this somewhat.  Only run with --delete when the backup
starts getting full and you are confident that your NAS drive is ok.


This is an excellent reason for implementing a system that includes not
only backups, but long term storage /archives/ too.

Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9






--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Tools for writers

2019-11-05 Thread Andrew Luke Nesbit

On 05/11/2019 17:38, Ingo Schwarze wrote:

Hi,


Hello Ingo!


Andrew wrote on Sun, Nov 03, 2019 at 12:56:58PM +:

[ Pandoc ]

is one of the most useful tools I have ever used.  If you are writing
any sort of documentation then I *highly* recommend checking it out


I strongly oppose that point.  There is no need at all to bother
with pandoc when you write documentation.


I think you shoud re-read that, especially the second sentence.  Do you 
realize how ridiculous it is?


Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Skype alternatives for OpenBSD

2019-11-03 Thread Andrew Luke Nesbit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 03/11/2019 10:55, Frank Beuth wrote:
> Not sure about the original poster but I would be interested in
> any end-to-end encrypted video/audio/chat programs that are
> available.

Have a look at Tox.  It might work out for you on a technical level.

I don't use Tox.  I got involved with the project's development and I
left very quickly.  Personally I don't even want to be a user if I can
help it.  This is my own personal issue.

If you check it out I sincerely hope you have a better experience than
I did.  Sociotechnologically it is an important project and I hope it
succeeds on that level in the long run.

Andrew
- -- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9
-BEGIN PGP SIGNATURE-

iQGzBAEBCgAdFiEE/ASxpcFcqIVqgGgxgfJdKbhCoRcFAl2+tisACgkQgfJdKbhC
oRdBugv+P/BIwuNWxmC0kEDiQUWt/E6TjXDwToMch71w0VsWASzM9dUErBTBMOhM
BsW2s4J+vbec9PWlBqKogPcU57OlqnzPQgqiBQiCfsf/405DpSIfQcC/U/ZNTG3W
RBiWzXFRKzfO3hbRQq8G5Q+mPB9fOffmJLJDosTDdSiPefdPNuH6ClcTTpi98pEZ
67ZQhTAE1IZp6pB1t124LMAz50VRY7mfPYuZBqLCPzFmpflilB0qjWmoH0T9BgMa
hFQl8Yd/Bv5ypDTH3n13SsR9uXBR1wGic5j0XmZbaKtygn2eGfZqKBwLCmt+Cfvm
ESLP3lG89hK95KstxIRFbPoWhsp+zuMCooIXr62Ik/a0FqHLw8nj9HQCv4FnAoQY
KObNvTXsoQec5ojDoRWfPtM+LtjQJ+pYD6xEMYT04OPTKg5/K+HyOaVwCcZFzqdI
IpdnO8TeKjNA/qLDAd3z49xgzet+IJDKUYx380XJDSVENkZcz2FNsIrhghXny4lQ
ZA0JuJhZ
=QUzB
-END PGP SIGNATURE-



Re: SCM

2019-07-22 Thread Andrew Luke Nesbit

On 22/07/2019 16:13, Raul Miller wrote:

Both git and OpenBSD run on patches.

That said, OpenBSD has a cultural restriction of requiring people to
inspect the patches before incorporating them. Adopting git would be a
step away from that practice.

Does that help make sense of the current situation?


Raul, Австин, I hope you don't mind me jumping in.

Raul's answer raises fascinating questions about the nature of software 
development and SCM.


Using _any_ SCM system and having meaningful discussion among developers 
before integrating changes is much more important than the choice of 
actual SCM system.


Andrew
--
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Ansible install Re: Reboot and re-link

2019-06-22 Thread Andrew Luke Nesbit
On 21/06/2019 19:02, Frank Beuth wrote:
> I don't want to re-open the hostilities, but installing OpenBSD via
> Ansible is very relevant to my interests.

I feel exactly the same way and am surprised that Ansible caused
hostilities.  Can you send me a link to the thread where this happened
please?  I want to know why, i.e., pros and cons.

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Installing OpenBSD on Supermicro A2SDi-4C-HLN4F

2019-06-15 Thread Andrew Luke Nesbit
On 15/06/2019 10:36, Jonathan Gray wrote:
> On Sat, Jun 15, 2019 at 09:02:11AM +0100, Richard Laysell wrote:
>>
>> Hello,
>>
>> I was trying OpenBSD on a Supermicro A2SDi-4C-HLN4F which uses an Intel
>> Atom CPU (Denverton).  The board boots but most devices are not
>> detected because ACPI can't be enabled.
>>
>> Does anyone know if this is likely to be supported at some point?
> 
> Try a snapshot.  ACPI changes were made for a similiar machine
> (Lanner NCA-1510) in May.
> 
> However there is no support for the integrated X553 Ethernet at the
> moment.

Jonathan, thank you for the update.

Richard, I am in the market for one of these boards too, or some other
C3000 series model.  I'm a big fan of Supermicro's C2000 boards because
they are so versatile for low-power applications.  They are also
excellent home servers due to this and the correspondingly low heat and
noise.  Of course if you have a C2000 series board you would need to
ensure that it doesn't suffer from the notorious Erratum AVR.54 defect [1].

Please could you keep us updated re: your progress of getting OpenBSD
installed along with the support status of all devices?  If so this
would be greatly appreciated.  Thanks!!

[1] A little-known fact is that if you look through Intel's data sheets
and whitepapers you can find similar defects in the stepping errata for
other SoC's.  In my case I found an almost identical example in a recent
Celeron or Pentium J-series SoC.  To add to my disappointment, I later
discovered, entirely coincidentally, that it was used on the controller
boards for a model of Synology NAS that I was considering purchasing.

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: The su manual doesn't mention use root account by default

2019-06-13 Thread Andrew Luke Nesbit
On 13/06/2019 07:17, Theo de Raadt wrote:
> Mihai Popescu  wrote:
> 
>>> ... if no account is provided, root is the default
>>
>> I always considered that su is coming from _s_uper _u_ser. But maybe I
>> am wrong, I am not from old UNIX days.
> 
> incorrect.
> 
> NAME
>  su - substitute user identity
> 

I never noticed this before.  It's my favorite bit of *nix trivia that
defies misguided assumptions since I learned that `/etc` is apparently
an initialism for "editible text configuration".

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: Problems installing 6.5 on Supermicro X11SDV-8C-TP8 motherboard - can't see/find network interfaces

2019-05-18 Thread Andrew Luke Nesbit
On 19/05/2019 02:08, Don Jackson wrote:
> I recently acquired a Supermicro 1019D-FRN8TP server with a X11SDV-8C-TP8 
> motherboard.
> 
> When i attempt to install 6.5, (via PXE or USB), none of the network 
> interfaces are detected.
> A dmesg appears below, followed by a dmesg and ifconfig -a from successful 
> attempt installing FreeBSD 12.0
> 
> Any advice/recommendations about how I can get OpenBSD to see the network 
> interfaces?
> I’m hoping there is a BIOS setting that will help, but haven’t found it yet…..

Hi Don,

I had a very similar problem yesterday.  It presented itself after a
firmware upgrade.  There are many anecdotes on the web about firmware
upgrades on Supermicro boards causing these types of problems.

I don't know what to suggest apart from the fact that there might be
some correlation between firmware and these problems.

Also, the X11SDV and C3000 boards are relatively new.  They are still
not fully supported by many operating systems.

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



Re: 6.5 PowerPC Packages

2019-05-09 Thread Andrew Luke Nesbit
On 09/05/2019 14:56, Allan Streib wrote:
> Unless https://www.openbsd.org/plat.html is out of date, it doesn't look
> like OpenBSD is currently supporting POWER8 or POWER9 plaftorms.

I wonder what is the best way to determine interest in getting OpenBSD
to work on POWER8/9?

My first thought is to ask around in the OpenBSD and OpenPOWER
communities.  Then to see if there is any natural rapport between them.

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9



signature.asc
Description: OpenPGP digital signature


Re: 6.5 PowerPC Packages

2019-05-09 Thread Andrew Luke Nesbit
On 09/05/2019 14:26, Henry Bonath wrote:
> I'm not sure how many folks out there are PowerPC users

What exactly do you mean by PowerPC?

I am a user of Apple PowerBook G4, POWER8, and POWER9.  I am new to
OpenBSD and I intend to experiment with it on these architectures.

Andrew
-- 
OpenPGP key: EB28 0338 28B7 19DA DAB0  B193 D21D 996E 883B E5B9