Re: best armv7 device for fw
I guess amd64 or other modern platform will also work as long as its small. Any suggestions for a low footprint (SoC) board that support gb nic and has good wifi support (ap mode and all)? Check out: http://www.pcengines.ch/ Also, lots of miniITX boards out there that may fit the bill, though these will consume more watts, generally. The nice thing about true industrial boards is you pay for things like capacitors that don't dry out in 4 years, etc. -- John D. Verne j...@clevermonkey.org
Re: Secure PDF viewer
I sometimes have to deal with PDF files (ugh) and all I need is the ability to view and print them, nothing fancy. With security in mind I would like to get opinions on the best one to use. Thanks. There are PDF-to-mandoc converters out there. Assuming the conversion tool is sound, I imagine OBSD mandoc is pretty secure. -- John D. Verne j...@clevermonkey.org
Re: dmesg after install
Path C: - Just directly install a snapshot - send dmesg? Note that this path means staying on -current, if my understanding of the FAQ is correct. I only mention this because I've recently had some hardware where I have to decide to stay on -current (or not boot OBSD), using occasional snapshots as my upgrade path. Or wait for 5.7 and keep up with -stable. I'm impatient, so I'm going to try -current for awhile and see how it goes. -- John D. Verne j...@clevermonkey.org
Re: Vision 2020: Making OpenBSD the world's fastest OS
On Mon, Jun 09, 2014 at 04:12:07PM -0400, STeve Andre' wrote: On 03/05/14 10:08, openda...@hushmail.com wrote: Anybody have any thoughts on how to achieve this? Thanks. O.D. Lots of others have replied to this, but I'm going to jump in with a few comments. Probably the biggest reason OpenBSD will never be the fastest OS around is the simple fact that when optimizing for speed, you sacrifice other things. Like security. Security, or correctness, means you are looking for the most reliable way to do something, not the fastest. Mechanisms like pro-police (or a new name for it?) are going to slow things down a little. I think Theo said that all the security systems slow a system down by less than 5%. I believe that. The effect isn't huge but some would call that too much. Indeed. Good, fast, or cheap. Choose any two. This is an engineering maxim that has held up for quite some time now. There is a tension between these that cannot be resolved completely, and there will always be trade-offs to be made. -- John D. Verne j...@clevermonkey.org
Re: running cvs update as root (was: Re: New install)
On Mon, Jun 09, 2014 at 03:07:17PM -0700, Jonathan Thornburg wrote: In message http://marc.info/?l=openbsd-miscm=140224659303522w=1, Miod Vallat wrote (about an anoncvs update to /usr/src) you should not run this command as root http://www.openbsd.org/anoncvs.html shows the 'cvs update' command being run by root (# shell prompt), and I wouldn't expect any non-root user to have write permission to /usr/src anyway. So... why is doing the cvs-update as root a bad idea? I'd like to hear from the experts, as well. That being said, if you make /usr/src, /usr/xenocara, usr/ports owned by root:wsrc, and chmod g+rwx all the directories, a regular user in that group seems to be able to do everything but install. With the caveat that if root has built previously in the same tree, you might have to clean up some stuff by hand. For example, I can build a kernel as a regular user, but I had to have root clear out the compile dir made by config, as this was last invoked by root. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Tue, May 20, 2014 at 09:51:50AM -0400, John D. Verne wrote: On Mon, May 19, 2014 at 11:19:23AM -0700, Mike Larkin wrote: On Mon, May 19, 2014 at 01:42:49PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. NetBSD 6.1.4 manages to enumerate all the ACPI stuff when I use their boot image. So there's that. As an aside, I was surprised at how different the src/sys tree is from OpenBSD. But I'm going to try and see how they handle the Intel ACPICA 20110623 device, which seems to be the thing that is not working right. Get a dump of the AML using FreeBSD then. Can't really help otherwise. Ok, thanks for the tip. I managed to get FreeBSD 11-current to boot, and I've run acpidump -td to get the attached output. I hope this is what you wanted. If not, I have the FreeBSD liveCD running on the OpenBSD snapshot install on this hardware. I am at your disposal. I've also booted the OpenBSD snapshot from May 19 by disabling the acpi0 device via UKC, and then tweaked the kernel in the same manner FreeBSD does, which allows the boot process to not panic with acpi enabled. So, copying what Linux and FreeBSD does naively fixes things. I'll leave the rest up to the experts. However, then I ran into another panic related to lapic. During the FreeBSD-current back-and-forth, I ended up disabling half the serial ports on this motherboard via the BIOS. It looks like the three back panel serial ports are acceptable, but the three on-board serial ports cause a panic. FreeBSD hangs when enumerating those, and OpenBSD panics. I'll raise this as a seperate issue, but for now I've disabled them. Admittedly, this is a weird board, so those ports are both highly configurable and probably presented to (what looks like) the ISA bus in an odd manner. Perhaps an email of such a tremendous size is unlikely to get to the list. I'll try attaching the acpidump output. [demime 1.01d removed an attachment of type application/x-gunzip]
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Tue, May 20, 2014 at 12:26:04PM -0400, John D. Verne wrote: On Tue, May 20, 2014 at 09:51:50AM -0400, John D. Verne wrote: On Mon, May 19, 2014 at 11:19:23AM -0700, Mike Larkin wrote: On Mon, May 19, 2014 at 01:42:49PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. NetBSD 6.1.4 manages to enumerate all the ACPI stuff when I use their boot image. So there's that. As an aside, I was surprised at how different the src/sys tree is from OpenBSD. But I'm going to try and see how they handle the Intel ACPICA 20110623 device, which seems to be the thing that is not working right. Get a dump of the AML using FreeBSD then. Can't really help otherwise. Ok, thanks for the tip. I managed to get FreeBSD 11-current to boot, and I've run acpidump -td to get the attached output. I hope this is what you wanted. If not, I have the FreeBSD liveCD running on the OpenBSD snapshot install on this hardware. I am at your disposal. I've also booted the OpenBSD snapshot from May 19 by disabling the acpi0 device via UKC, and then tweaked the kernel in the same manner FreeBSD does, which allows the boot process to not panic with acpi enabled. So, copying what Linux and FreeBSD does naively fixes things. I'll leave the rest up to the experts. However, then I ran into another panic related to lapic. During the FreeBSD-current back-and-forth, I ended up disabling half the serial ports on this motherboard via the BIOS. It looks like the three back panel serial ports are acceptable, but the three on-board serial ports cause a panic. FreeBSD hangs when enumerating those, and OpenBSD panics. I'll raise this as a seperate issue, but for now I've disabled them. Admittedly, this is a weird board, so those ports are both highly configurable and probably presented to (what looks like) the ISA bus in an odd manner. Perhaps an email of such a tremendous size is unlikely to get to the list. I'll try attaching the acpidump output. Perhaps MIME attachments are rejected. Here's a URL: http://www.clevermonkey.org/OpenBSD/ACPI_ASRock_IMB-150.txt.gz Sorry for the noise. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. NetBSD 6.1.4 manages to enumerate all the ACPI stuff when I use their boot image. So there's that. As an aside, I was surprised at how different the src/sys tree is from OpenBSD. But I'm going to try and see how they handle the Intel ACPICA 20110623 device, which seems to be the thing that is not working right. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Mon, May 19, 2014 at 11:19:23AM -0700, Mike Larkin wrote: On Mon, May 19, 2014 at 01:42:49PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. NetBSD 6.1.4 manages to enumerate all the ACPI stuff when I use their boot image. So there's that. As an aside, I was surprised at how different the src/sys tree is from OpenBSD. But I'm going to try and see how they handle the Intel ACPICA 20110623 device, which seems to be the thing that is not working right. Get a dump of the AML using FreeBSD then. Can't really help otherwise. Well, the FreeBSD boot panics in a similar sort of way. Bogus interrupt trigger mode. This is from memory -- I didn't get a full copy of the boot messages, though it did have acpi and madt in backtrace. I can get it if this is important, though this is starting to look like a Windows-only box. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Mon, May 19, 2014 at 03:56:05PM -0400, John D. Verne wrote: On Mon, May 19, 2014 at 11:19:23AM -0700, Mike Larkin wrote: On Mon, May 19, 2014 at 01:42:49PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. NetBSD 6.1.4 manages to enumerate all the ACPI stuff when I use their boot image. So there's that. As an aside, I was surprised at how different the src/sys tree is from OpenBSD. But I'm going to try and see how they handle the Intel ACPICA 20110623 device, which seems to be the thing that is not working right. Get a dump of the AML using FreeBSD then. Can't really help otherwise. Well, the FreeBSD boot panics in a similar sort of way. Bogus interrupt trigger mode. This is from memory -- I didn't get a full copy of the boot messages, though it did have acpi and madt in backtrace. I can get it if this is important, though this is starting to look like a Windows-only box. However, the FreeBSD message allowed my Google-fu to work. This looks apropos: http://forums.freenas.org/index.php?threads/kernel-panic-bogus-interrupt-trigger-mode-on-intel-j1900.20851/ And http://www.freebsd.org/cgi/query-pr.cgi?pr=187966 Nearly the exact hardware I have. Which also appears to have a buggy BIOS. -- John D. Verne j...@clevermonkey.org
Boot panic on MP amd64 with 5.5, snapshot kernels
I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. I haven't tried i386 yet. I messed around with boot -c and verbose mode, and captured the entire dmseg from ddb from 5.5 /bsd. I've placed the lame camera phone pics here: http://www.clevermonkey.org/OpenBSD/amd64_55_info/ I couldn't figure out how to save the actual text. Sorry. Also, if it matters, this is all done via PXE boot, as this box has no CDROM or floppy, and I didn't have the facility to make an amd64 USB stick (this is my only amd64 box.) Also, if it matters, I opted to not get the Atom version of this board because I wanted some of the more interesting chipset support. It is a Celeron J1000. I also wanted the better supported Intel graphics stuff (even though I suspect this box will run in text-only mode most of its life.) I'm staring at the ACPI code trying to figure out the various defines used, and 2 seems to be there. I welcome conversations about what this code is doing and what it wants out of total curiousity. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: Also, if it matters, I opted to not get the Atom version of this board because I wanted some of the more interesting chipset support. It is a Celeron J1000. I also wanted the better supported Intel graphics stuff (even though I suspect this box will run in text-only mode most of its life.) Uh, sorry. J1900, the embedded version. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I'm staring at the ACPI code trying to figure out the various defines Uh, I actually meant APIC. I need more sleep. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 03:49:53PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I'm staring at the ACPI code trying to figure out the various defines Uh, I actually meant APIC. I need more sleep. Except I didn't. I did meant ACPI. Cripes, I should go take a nap. I suspect this is one of those cases where I can disable some parts of the ACPI via the BIOS or UKC... -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 01:05:52PM -0700, Mike Larkin wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. Is this 5.5-current? We made some changes in the MADT code recently. I tried the 18-May-2014 amd64 snapshot. That's about as current as I can get right now. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 07:28:04PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 01:05:52PM -0700, Mike Larkin wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. Is this 5.5-current? We made some changes in the MADT code recently. I tried the 18-May-2014 amd64 snapshot. That's about as current as I can get right now. I see there is very recent change from about 3hrs ago, which I bet is what you are talking about. I'll wait for the next snapshot I guess. -- John D. Verne j...@clevermonkey.org
Re: Boot panic on MP amd64 with 5.5, snapshot kernels
On Sun, May 18, 2014 at 07:55:44PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 07:28:04PM -0400, John D. Verne wrote: On Sun, May 18, 2014 at 01:05:52PM -0700, Mike Larkin wrote: On Sun, May 18, 2014 at 03:04:30PM -0400, John D. Verne wrote: I just got a new amd64 box to run OpenBSD on, but it is panicking on boot when I try to run the 5.5 kernel on it. The panic is unknown MPS interrupt trigger 2 somewhere in the acpi code. bsd.rd, bsd and bsd.mp all panic in the same places, as does bsd.rd from the latest amd64 snapshot. Is this 5.5-current? We made some changes in the MADT code recently. I tried the 18-May-2014 amd64 snapshot. That's about as current as I can get right now. I see there is very recent change from about 3hrs ago, which I bet is what you are talking about. I'll wait for the next snapshot I guess. Though, when I look at this change, I don't see how it could help. Given the panic stacktrace we are getting beyond this changed line anyway to acpimadt_cfg_intr() where the panic is thrown. -- John D. Verne j...@clevermonkey.org
Re: how to forward port 2222 of pf box to port 22 of internel webserver
On Fri, May 02, 2014 at 12:53:05PM +0530, Indunil Jayasooriya wrote: Thanks for the support. I changed the port from to 2224. Now it works. This PF box is behind a ADSL router. I assume this ADSL router has reserved port . I have no access to this ADSL router. is used by a few LAN client services, and is often a backdoor for trojans. So it is either blocked, or reserved for some Rockwell services. -- John D. Verne j...@clevermonkey.org
Re: Resolving the Lan users hostnames
On Wed, Apr 30, 2014 at 10:28:24AM -0400, sven falempin wrote: On Tue, Apr 29, 2014 at 11:43 PM, Stuart Henderson s...@spacehopper.org wrote: On 2014-04-28, sven falempin sven.falem...@gmail.com wrote: Reading unbound doc i saw i can insert name to be resolved but i have to reload each time configure things for unbound-control, then you can do unbond-control local_data somehost.exaple.com A 192.0.2.1. would it be interesting to patch dhcpd (like Ted did) but directly call the unbound-control work (both are in base) ? using a suffix for the hostname given the default domain configured. Someone hacked together a related solution with DNSMasq, described here: http://www.22decembre.eu/2014/04/14/local-dns-setup-with-dnsmasq-nsd-and-unbound/ -- John D. Verne j...@clevermonkey.org
Re: Secure C references and tools
On Fri, Apr 18, 2014 at 01:18:02AM +0100, Kevin Chadwick wrote: There are tools such as static analysers and Todd and Theo's talk on strl*, porting security guidelines etc. and many books (that may or may not recommend c++ ;-)) and even Ada to C conversion but with added worries about compilers and obfuscation or the Go language where applicable but is there a particular reference many recommend or use to brush up for secure C coding in a fashion akin to KR's C bible being recommended by past threads for learning C and referencing? I can recommend Secure Coding in C and C++ by Seacord. It's sort of a handbook style, with some intro and discussion in the early chapters and then a sort of cookbook style later on. -- John D. Verne j...@clevermonkey.org
Re: wanna help with filters ?
On Mon, Apr 14, 2014 at 04:20:27PM +0200, Gilles Chehade wrote: In June, we will be having a private hackathon with Charles and Eric, to work on the filter API and infrastructure. This will happen at my place, it's kind of unofficial and it's unrelated to OpenBSD's hackathons. [...] Let us know by replying to this mail if you intend to participate, so we have an idea how many people would be joining us ;-) I can help. I know C and Lua pretty well. My availablility is dependent on too many things for me to be able to commit to a specific time, but I can certainly check IRC those days to make dubious statements and ask silly questions. -- jdv
Re: wanna help with filters ?
Sorry for the noise cross-post. I messed up my reply. On Mon, Apr 14, 2014 at 10:42:39AM -0400, John D. Verne wrote: On Mon, Apr 14, 2014 at 04:20:27PM +0200, Gilles Chehade wrote: In June, we will be having a private hackathon with Charles and Eric, to work on the filter API and infrastructure. This will happen at my place, it's kind of unofficial and it's unrelated to OpenBSD's hackathons. [...] Let us know by replying to this mail if you intend to participate, so we have an idea how many people would be joining us ;-) I can help. I know C and Lua pretty well. My availablility is dependent on too many things for me to be able to commit to a specific time, but I can certainly check IRC those days to make dubious statements and ask silly questions. -- jdv
Re: OpenSSL heartbleed ?
On Tue, Apr 08, 2014 at 03:53:06PM -0700, consultor wrote: On 04/08/2014 10:31 AM, Ted Unangst wrote: On Tue, Apr 08, 2014 at 11:19, Jack Woehr wrote: http://www.itnews.com.au/News/382068,serious-openssl-bug-renders-websites-wide-open.aspx accurate w/r/t 5.3? 5.3, 5.4, and 5.5 are all affected. only 5.2 and earlier are not. Hello Ted, are you saying that 5.5 is going to go out affected on May? http://www.openbsd.org/errata55.html shows a 5.5 patch.
Re: Only two holes in a heck of a long time, but why?
On Apr 4, 2014, at 18:06, Martin Braun yellowgoldm...@gmail.com wrote: I used OpenBSD back in the 3.x days, The last 3.x release was 8 years ago. Are you fucking serious? Yup. but eventually began using Debian because it was much easier to maintain Can you please give an example of a maintenance task that is easier then the comparable/analogous task in OpenBSD? Because I remember Debian kinda sucked when I used it in 1998. apt-get update; apt-get dist-upgrade between versions are pretty awesome. Seriously though, the reason for me (and many people apparently) to use OpenBSD is the _extreme_simplicity_ of just about anything. OpenBSD is great to use, but BSD's in general are not simplistic when it comes to package management, hence the reason why FreeBSD is developing the new pkg tool.. whch is pretty much a clone of what apt does on Debian. For me I remember when time was spend updating from one OpenBSD version to the next. So many hours. Debian was a fantastic relief back then and still is. However, this is without comparing security issues, but only talking about simplicity. Modern releases of OpenBSD are pretty easy and fast to update, especially with sysmerge. I used to have a pretty custom setup, and upgrade time wasn't my favourite (and so I skipped many releases...) But it is a lot easier these days. You don't get precompiled patched kernels, though. This is the part that takes the longest for me (assuming there are patches that require kernel compiles) because my edge box isn't particularly fast. The package updating wasn't much different than running apt-get. It seems to me that the difference between Debian and OpenBSD (and I've used both just as recently) is that one you update to reboot, and the other you reboot to upgrade. time and effort seems about the same, these days. -- jdv
Re: termios VMIN VTIME
On Apr 3, 2014, at 3:40, trifle menot trifleme...@gmail.com wrote: On 4/2/14, Mihai Popescu mih...@gmail.com wrote: Dude, what the hell are you trying to do? Just explain in plain words here. I am interested in working with rs232 and i wasted my time reading and wainting for your damn problem. [...] Now suppose VTIME was an overall timer, not an interbyte timer. In 0.1 seconds at 115200, you can transfer about 1100 bytes. At that speed, VMIN will kick in before the timer expires, and read() will return with approx. 250 bytes. If you get a block 250 bytes, you will never wait more than 0.1 seconds for it, even in the worst case, a steady 11 cps. The POSIX writers erred by making VTIME an interbyte timer. The meaning of VMIN, VTIME change depending on if they are non-zero or not. VTIME is not always an inter-character timer, but they way you are using it, it is. There is a nice overview here: http://unixwiz.net/techtips/termios-vmin-vtime.html -- jdv