Re: Routing 10-40 Mpps on OpenBSD
> I think Intel and Myricom are going to be the best-supported 10GbE on > OpenBSD at the moment. I thought Intel, but I speak out of impressions, not backed by any facts. > The best performance today will be with a processor that packs a lot > of punch into a smaller number of cores. I'm using Xeon E5-1630 v3 > right now. The E5-2xxx series tend to have more cores at lower clock > speeds. They make more sense on a regular server. Also came to this conclusion when I picked E5-2697v2. > There is a lot of ongoing work in this area, OpenBSD doesn't claim to > be the performance leader today. What is the take of OpenBSD developers on this? Are they any plans? Many options seems available, but I have no idea how they could be integrated in OpenBSD. I now clearly nothing of proper software development. - DPDK (now BSD licensed) - NETMAP/FW > Chris Thank you for your insights.
Routing 10-40 Mpps on OpenBSD
// Previous email bounced, so I resend it. Sorry for duplicate //
All,
This message is a call for people who are interested to benchmark commodity
hardware with the goal of pushing as much PPS as possible through OpenBSD.
The initial target is to reach 10 Mpps at 64 bytes (or more precisely 84
bytes with interpacket gap) and if the experiment proves to be successful,
we would then aim at 40+ Mpps.
The ultimate goal of this experiment is to build and share with the
community a recognized hardware configuration that provides a good ground
for real-world traffic at a typical small ISP.
We couldn't find such information online. In our case, the final setup
would be two routers, each with two 10 Gbps uplink to upstreams Internet
providers and an OSPF and iBGP connection between them. The software
stack would be based on OpenBSD, OpenBGPD and OpenOSPFD. There is no
commercial idea around the finding of this experiment.
While our budget is not unlimited and privately funded (by individuals),
we are open to hear what hardware specifications people on this list
would be interested to see. At the moment, we aim for this:
CPUs: Intel Xeon CPU E5-2697v2, E5-2667v2, E5-2680v3, E5-2640v3
Intel NICs: Intel 82599ES, X520, X540-{T1/T2/AT2}, 85595, 82598,
AF/82598, AT/82598, EB/82599, EB/82599 EN
Chelsio NIcs: Chelsio T540-CR (although not sure there is an OpenBSD driver)
If you consider other hardware options, please feel free to reply and let us
know.
We surely will not be testing all these configurations, we will most likely
pick on
CPU from the list and 2-3 NICs from the list as well. This experiment might be
also
taken to FreeBSD for comparison. If necessary, we consider sending this
configuration in a test center with Spirent hardware to validate this.
Feedbacks, questions, remarks, doubts, irony, are all welcome :-)
Cheers.
Re: way to help: laptops and weekly
Perhaps this is an application for /usr/bin/batch? @reboot batch -f /etc/fortnightly now + 1 hour Could it be beneficial to break up /etc/weekly into separate tasks, where the parent script can tell when each task last completed, and only re-run a task if it's been 6+ days since that task last ran through to the end? I've used $RANDOM in similar cases to what Lars Nooden discusses, and also like his suggestion to check 'apm' and not launch housekeeping tasks when solely on battery power. Kevin
Re: Installing OpenBSD on SSD drives
2009/11/4 Jean-Frangois SIMON jfsimon1...@gmail.com: Hello, Is there any particular problem with installing OpenBSD on a SSD HD ? I once could on one machine but on my actual machine it simply does'nt work. After a while, the SSD disk becomes like overloaded and unavailable to continue the installing process of 4.6. Regards Sounds like an issue with your SSD? Can you supply a dmesg, and details on the SSD, make/model/supplier, as well as the motherboard and how the drive appears to the BIOS? On Wed, Nov 4, 2009 at 4:12 PM, Ted Unangst ted.unan...@gmail.com wrote: 2009/11/4 Roger Schreiter ro...@planinternet.de: it is like for any OS on SSD HD. Make sure, you are using no swap partition! This is ridiculous advice. This *was* reasonable advice for the older generations of CompactFlash, but may no longer be a consideration with newer flash/SSD drives. I have run many embedded servers (mostly OpenBSD on Soekris) without swap, never had any problems traceable to the lack of swap space. And if you are using an application, which is writing a lot of things into files, put the respective dirs into ramdisks! Combined with this is even dumber. If you can't swap, you're already in trouble if you run into memory pressure. So then you go and put the filesystem in RAM to make sure there's lots of extra memory pressure? Actually, the above is standard advice for running any Unix on flash, as people have been doing with Soekris and CF since at least 2001. The idea isn't to put the filesystem into RAM, but rather to reduce the write operations by mounting filesystems used for frequently written smal files (e.g. /var/tmp) as ramdisks. Kevin
Re: Payment Card Industry (PCI) Data Security Standard HELP!
On Wed, Oct 21, 2009 at 8:16 AM, Stuart VanZee stua...@datalinesys.com wrote: The company I work for is having their yearly Payment Card Industry (PCI) assessment and while I believe that OpenBSD is the most secure OS going, I am having some problems proving it. Here are some of the issues I need to figure out. Most of these requirements can be met by eliminating local user passwords entirely. That is, disable passwd login type in login.conf and use an external authentication mechanism (e.g login_radius). Then all of these enforcement behaviors are a problem for the RADIUS server, not each individual machine (aside from for root logins on the actual console). If no central RADIUS is available, or if a local fallback is needed, a second option might be to convert to S/Key locally on each machine. As an OTP, this may be exempt from the lockout/retry/reuse requirements of PCI? This one requires that a user must re-enter the password if their terminal is idle for more than 15 minutes. Any ideas how to do this with OpenBSD? I use 'idled' to log out idle SSH/console sessions. I am sure that there are others out there that use OpenBSD in an environment that requires PCI compliance. How do you meet these requirements?
Re: Wireless help, please
On Tue, Jun 2, 2009 at 7:32 AM, Ben Goren b...@trumpetpower.com wrote: Anybody else have any suggestions? Nick? I have similar problems with a 'rum' USB stick in AP mode using WPA. See the man page for specific know issues with using this chipset in Host AP mode. Can anybody suggest a readily available USB2 Wireless-G adapter which works well as an AP?
Re: European orders
On Fri, Mar 27, 2009 at 1:48 PM, dt...@drizzle.com wrote: Assuming that a flat envelope will cost far less to ship to Brazil than will a CD, why not offer to send just the booklet and/or stickers in response to some appropriate minimum donation? Throw in *two* sets of stickers and LightScribe labels to make my own CDs, and I'll go for it, but then I've donated hardware and cash into four figures to the project, over and above the purchase price of CDs. My former employer liked to have some sort of physical media to help prove we are properly licensed for the operating systems we run for production servers. But then, they went bankrupt last year... Kevin
Re: European orders
I know both Floor and Wim personally, and have done thousands of dollars of business with KD85. I trust both men, and have never known either to act rashly. Until Mr. Vandeputte responds, I suggest refraining from speculation. On 3/25/09, frantisek holop min...@obiit.org wrote: hmm, on Wed, Mar 25, 2009 at 10:40:13AM -0500, Marco Peereboom said that Don't you think theo has the best interest of the project as his first priority? best interest: yes. best attitude and people skills: i am not so sure... all i am saying is that the other side still hasn't spoken up. i am sure it's more than easy to go through the papers and show where my money went and see who is right. that is all i am asking. more transparency in this open project. -f -- artificial intelligence: the other guy's opinion. -- Sent from my mobile device
Re: Size of SD devices supported?
My understanding is that when a device appears as 'umass', support for large cards and/or SDHC is entirely at the mercy of the reader chipset 'behind' the USB interface that hides it from the host. For the Thinkpad, it looks like the card reader is detected as an actual SDHC device (sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC), so support for larger cards might require specific support in the OpenBSD driver? My new work laptop has a similar Ricoh reader, so I am interested in the outcome of this question. Kevin
Hack In The Box Security Conference 2008 - Malaysia?
Any plan for an official or unofficial OpenBSD presence at the HITB conference? (I don't see it listed on http://openbsd.org/events.html) Any opportunity to purchase CDs or T-shirts at this event? On a related note, anybody who might be in Kuala Lumpur through the weekend of November 1st, any interest in meeting up, grabbing a beer to celebrate 4.4 release day? I helped organize an Amsterdam 4.2 release party last October, a fun event for all. Kevin
Re: LDAP and OpenBSD
On 10/10/08, raven [EMAIL PROTECTED] wrote: I'm thinking how my users into an ldap db can login into my openbsd machine as users. I try to use google but no clue at all. Thanks guys :) Easiest solution would be to use RADIUS via login_radius. Perhaps your LDAP is hooked into a RADIUS server (e.g. Microsoft Active Directory with IAS)? If not, you can find open source RADIUS servers for free in ports. Kevin
Cold boot failures on Net5501?
Is anybody else seeing cold boot failures on Soekris Net5501-70 with comBIOS v1.33b and OpenBSD 4.3? I asked earlier on the soekris-tech list, received no replies. The console shows the following, and then hangs for about five seconds: 1 Seconds to automatic boot. Press Ctrl-P for entering Monitor. Using drive 0, partition 3. Loading... probing: pc0 com0 com1 pci mem[639K 511M a20=on] disk: hd0+ The cursor sits at the '+' for several seconds, then a '*' is printed, then error messages: disk: hd0+* OpenBSD/i386 BOOT 3.01 open(hd0a:/etc/boot.conf): Unknown error: code 102 boot booting hd0a:/bsd: open hd0a:/bsd: Unknown error: code 102 failed(102). will try /bsd boot booting hd0a:/bsd: open hd0a:/bsd: Invalid argument failed(22). will try /bsd Turning timeout off. boot If I now type 'machine diskinfo' at the prompt, I see the following: boot machine diskinfo DiskBIOS# TypeCylsHeads SecsFlags Checksum hd0 0x80label 971 64 63 0x1 0x0 boot If I type 'reboot' at the prompt, then on the second try, the disk line reads disk: hd0+ (no *, no delay), and in diskinfo the Flags' entry is different, a checksum is shown, and booting is ultimately successful! Using drive 0, partition 3. Loading... probing: pc0 com0 com1 pci mem[639K 511M a20=on] disk: hd0+ OpenBSD/i386 BOOT 3.01 boot machine diskinfo DiskBIOS# TypeCylsHeads SecsFlags Checksum hd0 0x80label 971 64 63 0x2 0xc7f794bc boot Looking through the source code for 'boot', I think the '*' indicates getdisklabel() failed? I am not sure what the cause or fix would be. Without upgrading comBIOS (to ver. 1.33b 20080501), the compactflash card (Kingston 2GB) isn't detected at all. Any ideas? Thanks, Kevin
glxsb?
On Tue, May 20, 2008 at 4:34 PM, Paul de Weerd [EMAIL PROTECTED] wrote: glxsb (4/i386) - Geode LX Security Block crypto accelerator In other words, there's onboard crypto support in these machines that is supported in OpenBSD. You may not need a separate accelerator. Thanks for the reminder, I forgot the (slightly more expensive) Net5501 had this chip :) Does this just automagically accelerate anything using entropy or AES? Is there any way to temporarily disable acceleration to run benchmarks? Thanks, Kevin
Re: 1U IBM or Dell server for firewall
On Mon, May 5, 2008 at 8:09 AM, LEVAI Daniel [EMAIL PROTECTED] wrote: I'm in need of a 1U IBM (or Dell as a last resort) server for a firewall in our office. ... working perfectly with OpenBSD 4.3. We started out pricing Dell and IBM, but ran into the same issue -- it can be tricky to price out a specification that works perfectly, and even with a corporate discount, these can be expensive vendors. In the end we went with KD85 for rackmount PF firewalls, and IronSystems for servers with fast CPU and big disks. Came in under budget, supported OpenBSD friendly vendors, and both classes of machine came with OpenBSD pre-installed. Kevin
Re: Poor OpenBGPD performances on soekris net5501 ?
You might want to post your dmesg (e.g. /var/run/dmesg.boot) OpenBSD 4.3, released today, has many enhancements directly applicable to the Net5501. We have 4.3 running on a rackmount model from KD85, and subjectively it feels much faster than my personal Net5501, not yet upgraded. Kevin
Re: Internship (Summer,Chicago,Paid)
We have two summer internships, one of which is specifically available
even if you do not have the specific Data Security skills called for,
just a willingness to learn and the ability to commute to downtown Chicago.
Kevin
(P.S. Details below.)
--
M3W5R($1A=[EMAIL PROTECTED])I='[EMAIL
PROTECTED]5A;2!H87,@='=O('!OVET:6]NR!L:7-T
M960@;[EMAIL PROTECTED];1EBYC;VTL2`@G-E87)C:!F;W(@3W!E;D)3
M1`O($-H:6-A9V\N(!9;W4@;6%Y(%PQY(]N('1H92!W96)S:71E+!O
MB`@(`)(`*9F]R('!R:6]R:71Y(-O;G-I95R871I;VXL('1HF]U9V@@
M=AE(%L=5R;F%T92!E;6%I;!S=%T960@:5R92X@(`)(`@B`@(`@
M2`)(`@(`D@(`@(`)(`)(`)(`@2`@(`D)(`I;W(@8F]T:!P;W-I
M=EO;G,L('=E(%R92!W:6QL:6YG('1O()E(9L97AI8FQE(]N('1H92!S
M=%R=!D871E+`D@(`ID=7)A=EO;BP@;V9F:6-E(AO=7)S+!A;[EMAIL PROTECTED]
M=6YT(]F('-T=7!I9!S='5F9B!W92!AVL@6]U('1O(1O+B`)(`H@(`)
M(`)(`@(`)(`@2`@(`@(`D@(`@(`)(`@(`)(`)(`@2`@(`I+
M979I;B!+861O=R`@(`@2`)(`@(`)(`@(`D)2`@(`@(`)(`*(`@
M(`D@(`@(`D@(`@(`@2`@(`)0D@(`)(`@(`)(`@(`)(`@(`*
M(`@(`@2`@(`@(`D)(`)(`@2`@2`@(`)(`@(`)(`@(`@(`D@
M(`@(`*(`@(`)(`@2`@2`@(`@2`@(`@2`@2`@(`D@(`@2`@
M(`@CT]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T)(`@B,Q.B!)1,@,3,V
M.#=4B!P87D@V-A;4@W1AG1S(%T(0Q,]H;W5R+B`@(`@(`)(`@
M(`)(`@2`@(`*5AIR!);G1EFYS:EP(ES([EMAIL PROTECTED][EMAIL
PROTECTED]2H@
M8V]L;5G92!S='5D96YT(EN([EMAIL PROTECTED]5GF5E(`@(`D@G!R;V=R86T@V]M
M97=H870@F5L871E9!T;[EMAIL PROTECTED]('=I;[EMAIL PROTECTED]@:[EMAIL
PROTECTED];R!T
M:ES('-U;6UEBP@(`D@(`@(`*86YD('=I;QI;F@=\@;5A[EMAIL PROTECTED]@
M9]I;FL()O=@@F5A;!W;W)K(%N9!G96YEF%L(]F9FEC92!T87-K
MRX)(`@(`*0D@(`@(`)(`@(`D@(`)(`@2`@(`D@(`@(`D@2`@
M(`*66]U('-H;W5L9!A'!L2!F;W(@=AIR!P;W-I=EO;B!E=F5N('1H
M;W5G:!Y;[EMAIL PROTECTED]\@;F]T([EMAIL
PROTECTED](`@(`@G-P96-I9FEC(5X5R
M:65N8V4@;6%T8VAI;F@=AE(IO8B!P;W-T:6YG+!J=7-T('1O(=O(]N
M(QU;F-H(`)(`*G5NR!T;R!GF5E:R!D:6YEG,@F5C;VUM96YD960@
[EMAIL PROTECTED]F%N='IE;B!A;F0@5R:%PR!M;W)E(`@2`@(`II;7!O
MG1A;G1L2P@(AA=F4@V]M971H:6YG(EM')E[EMAIL PROTECTED]\@'5T(]N
M('EO=7(@[EMAIL PROTECTED]@(`@(`D@(`*(`@(`@0D@(`)(`@2`@(`@
M(`)(`@(`)(`@(`)(`@(`)(`@(`H)2`@(`@(`)(`@(`@2`@
M(`@2`@(`@2`@(`)(`@(`@2`@(`@CT]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]/3T]
M/3T]/3T]/3T)(`@B,R.B!)1`Q,S8X.$)2('!A2!S8V%L92!S=%R=',@
M870@)#$U+VAO=7(N(`D)(`D)(`@(`@E1H:7,@]S:71I;VX@:7,@W!E
M8VEF:6-A;QY(EN=5N95D(9OB!A(=R861U871E('-T=61E;G0@2`@
M(`D@(`@(`@G=I=@@F5L979A;[EMAIL PROTECTED])I96YC92!A;F0O;W(@')O
M9W)A;6UI;F@VMI;[EMAIL PROTECTED]'5R871I;[EMAIL
PROTECTED](`)(`@(`*%Y(')A
M=[EMAIL PROTECTED];!D97!E;F0@;VX@6]UB!A8FEL:71Y('1O($%1$DN(`D@(`D@
M(`@(`)(`)(`H@(`)(`)(`@(`)(`D@(`@(`)(`@(`@2`@(`@
M0D@(`I;W(@=AIR!P;W-I=EO;B!W92!S965K(%N($E3(=R861U871E
M('-T=61E;[EMAIL PROTECTED][EMAIL
PROTECTED]:R!O;B!A('9AFEE='D)F]F(-H86QL96YG:6YG
M('!R;VIE8W1S+B!!F5AR!O9B!I;G1EF5S=!I;F-L=61E('-E8W5R:71Y
M(5V96YT2`*=FES=6%L:7IA=EO;BP@;]G(%N86QYVES+!UV5R+6-E
M;G1R:6,@:61E;G1I='DL(AO;F5Y;F5T+V1AFMN970L(`@(`@(`IA;F0@
M=')A9F9I8R!A;F]M86QY(1E=5C=EO;B`M+2!S5C:69I8R!PF]J96-T
MR!W:6QL(1E5N9!I;B!P87)T(`@(`@F]N('[EMAIL PROTECTED]@87)E
M(EN=5R97-T960@:[EMAIL PROTECTED]AA=!M:6=H=!H879E('9A;'5E('1O(IURHN
M(`D@(`)(`@B`@(`@(`)(`@(`D@(`@(`D@(`@(`@2`@(`@(`D@
M(`@(`D@(`)(`)(`@(`@2`*(`D)(`@(`@2`@(`@0D@(`)(`@
M(`@(`D@2`*7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?
M7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7U]?7PD@(`@(`*06QL
M(]F('1H92!A8F]V92!IR!E;G1IF5L2!M2!I;G1E')E=%T:6]N+!F
M;W)M86P@:F]B(1EV-R:7!T:6]NPD@(`IA;F0@;W1H97(@W5C:!D971A
M:6QS(-A;B!B92!F;W5N9!O;B!C87)E97)B=6EL95R+B`@(`@(`)2`@
M(`*(`@0D@(`@(`)(`@(`@0D@(`@(`@2`)(`D@(`@(`D@(`*
`
end
Internship (Summer,Chicago,Paid)
I have arranged with my employer to offer a paid internship this summer, with a focus on OpenBSD, and approval to release developed code as open source (as we did with ISIC). If you live (or attend college) in or near Chicago, are in a full-time undergraduate or graduate CS/IS program, and are interested in a 6+ week Information Security internship this summer in downtown Chicago, please contact me with qualifications and availability. Specifically seeking programmers with documented contributions to OpenBSD, Argus, Cacti, Graphviz/LGL, OpenNTPD, Snort, Squid or Mozilla, or a skilled perl scripter with an interest in logfile analysis. Kevin
Re: rtorrent + OpenBSD = freeze
I've left rTorrent running on 4.1 for weeks on end, (on both i386 and Sparc64), never had the OS freeze. I will try it again with 4.2, see if the results are different. Recently I've seen several unexplained freezes on very simple 4.2 servers (e.g running nothing but BIND and arpwatch), similar to the symptoms reported earlier in this thread with rTorrent. On Feb 19, 2008 10:46 AM, bofh [EMAIL PROTECTED] wrote: You've been using windows too much. If an application freezes the OS, it's an OS issue (it still may be an application issue, but no amount of application tickling of the OS should freeze the OS). Agreed. I'd bet the issue boils down to networking and/or disk I/O. The rTorrent application exercises so many facets of the OS, myriad places where it could trigger a kernel/disk/routing/pf/etc bug, one which lesser applications wouldn't trip. If there's interest in putting up a tracker for a bunch of OpenBSD ports/packages/distfiles torrents, I'll gladly assist in exercising/exorcising this problem by running a seedbox. Kevin
Re: delete deleted data
If you never write cleartext, there is nothing to recover. http://dlock.com.tw/ Kevin (P.S. I might be a satisfied dLock customer, if only they'd make it easier to buy their product!)
Re: Embedding OpenBSD
Getting an off-the-shelf MP3 player to play one sound file is not too difficult. Ah, heck, a tape loop would work fine, too. There are commercial MP3 modules which are designed to do exactly what you are looking for, one example: http://www.hobbyengineering.com/H2168.html By itself, the uMP3 Playback Module has 8 inputs, pulling any of the 8 inputs low plays back the associated MP3 file from a FAT filesystem on an SD card. Replace the card to replace the files. Getting it to play one of a pile of different sound files, not trivial. With some help from a PIC (e.g. Basic STAMP), this could be made to play random sounds for each coin. While the uMP3 hardware has changed slightly over the past couple of years, the electrical and logical interface has remained stable, as has the price, at around US$100/ea, with substantial discounts for larger quantities. Kevin
Re: seeking hardware token recommendations
One thing I didn't see mentioned is public key certificates. Jacob's need to control access in a granular fashion might be solvable through the use of client certificates and SSL, rather than one-time passwords? Overall Vin makes good points, and includes useful links, so I won't re-write my screed's from other sites and mailing lists. There is one warning I must repeat -- You might be tempted to use X9.9 (The 'x99token' application in OpenBSD). Please do not use this algorithm for security, there were fatal flaws in the X9.9 authentication standard, ANSI X9.9-1994 MAC was withdrawn in 1999 (http://www.x9.org/standards/free/). On Dec 6, 2007 11:02 PM, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: i am aware that the securID uses a closed-source algorithm to generate its codes and is thus, IMO, not a desirable solution. SecurID, like other modern hardware tokens, uses both well-vetted crypto (AES) and also a 'secret sauce' to generate one time passcodes (OTP). This generally means that their centralized server and software tokens are inherently only available as binaries for a very limited number of platforms, usually PC Windows, Sparc Solaris, and perhaps one Linux platform. There might be one vendor with FreeBSD support somewhere out there... Simple hardware tokens, while requiring one additional (non-OpenBSD) authentication server in your data center, do provide the best balance of security and usability. They're also expensive, though many vendors (including Safeword and SecurID) are offering lower-priced appliance models for sites with just a few dozen users. the goal is to allow only users with (1) a hardware token and (2) the correct passwords to access services (IMAPS, etc) on openbsd machines. I am not aware of any hardware tokens where the authentication server is supported on OpenBSD, much less any open source OTP vendor offering hardware tokens. But all the current players support RADIUS protocol, and the various vendors are working together on a new open authentication network protocol, OATH (http://www.openauthentication.org/). It'd be cool to have a small calculator to generate RMD-160 OPIE responses, but I don't know of anything approaching the price point of SecurID, Safeword, Vasco, CRYPTOCard , etc. a list of OTPs would be sufficient if i didn't think i'd end up regularly issuing new lists to users. if there is any good solution of the sort i describe above, i would appreciate pointers from more knowledgeable folks. The built-in S/Key (OPIE?) implementation in OpenBSD is good. You will need to either give users access to and training on using 'skeyinit', or you will need to regularly issue new response 'cheat sheets' to users. Kevin
Re: Putting partition in RAM
On Dec 7, 2007 5:06 PM, Jake Conk [EMAIL PROTECTED] wrote: How do I have it so that anyone can write to the directory when the computer starts up? The answer to your question is in man mount_mfs: If the -P file option is not used, the owner and mode of the created mfs file system will be the same as the owner and mode of the mount point. In other words, there is an entry for /tmp on the / filesystem, and when the new swap filesystem is mounted, it inherits the permissions of the original base /tmp entry. So you need to chmod the underlying /tmp entry in the root filesystem, then the change will stick. Simplest way to do this is boot single user, do the chmod, and then reboot. Kevin
Re: OpenBSD 4.2 (AMSTERDAM) #1: Fri Nov 02 20:00:00 CEST 2007
On 10/13/07, Floor Terra [EMAIL PROTECTED] wrote: a small OpenBSD social event in Amsterdam (The Netherlands). It's nothing official, just a few OpenBSD users getting together. The date is Friday November 2nd, a perfect date to celebrate the 4.2 release. Cafi De Deugniet is the location, it's a 5 minute walk from Amsterdam central station. The beer is good and there are plenty of restaurants within walking distance. We start at 8:00 PM. Update: Thanks to Wim, OpenBSD merchandise, including 4.2 CDs, will be available. On a related note, while I encourage everybody within a reasonable distance to join us on Nov. 2nd, there is a second chance to meet up (and buy a CD). Many OpenBSD folk will be attending NLUUG25 (also in Amsterdam) on Wednesday Nov 7. There will be an OpenBSD and OpenSSH booth with CDs and Wim and Otto. Plans are in the works to meet after the conference, around 8PM. Both events are listed at http://www.openbsd.org/events.html Looking forward to seeing everybody in exactly two weeks, Kevin Kadow
Re: OpenBSD Install Goal
On 9/14/07, Pau Amaro-Seoane [EMAIL PROTECTED] wrote: Please don't touch the installer. It's just perfect. Ditto. Talking to new users, the feedback I get is that they tend to screw up partitioning, but other than that, no substantial complaints about the install process. Sure, it's not pretty, but I don't want a pretty installer! If I want pretty I'll buy more posters, or campaign for another run of puffy plush. Kevin
Options for 1U server with watchdog?
I am looking for recommendations for a new rackmount server with a watchdog(4) device fully supported under OpenBSD 4.2. Currently I have a pair of Sun Fire v100 servers providing recursive DNS services; each of these handles a peak of perhaps 50 requests/second. One of the two servers will crash hard about once every two months. When this happens, the server just stops, no debugger, no console output. We've gone so far as to replace the entire server with an identical v100 built from scratch with a standard OpenBSD/sparc64 install from CD, and yet the problem still happens on the same approximate schedule. I suspect a power glitch. Since power quality is out of our control, I've been asked by management to make this problem go away, or at least to hide the symptoms. Since I haven't been able to diagnose much less resolve the problem, I figure the next best thing is to make sure that when the server does freeze, it self-reboots instead of waiting for a human to respond and manually power-cycle the machine. I see support for the pmc(4) watchdog on UltraSparc-III (my V100s are IIe, no watchdog) systems, can I safely assume all new IIIi servers from Sun (e.g. V125) include the PMC watchdog? Are there less expensive AMD64 rackmount 1U systems with hardware watchdogs which I should also consider? Thanks, Kevin
Re: Options for 1U server with watchdog?
On 9/7/07, Lawrence Horvath [EMAIL PROTECTED] wrote: If power is a suspect why not get a UPS, it sounds like even a small one would do, and it would probly work out better than buying a new server? Like many larger corporate and colocation data centers, there is an explicit policy forbidding the installation of a UPS in any rack -- the DC itself has multiple large-scale UPS systems and a gigantic diesel standby generator. While this does provide cleaner power than the municipal feed, glitches still happen. Most of the other machines in the same cabinet as the haunted nameserver have dual supplies. I've been told that part of the justification for the no UPSes rule is so that when the big red button is pushed first responders can have faith that all circuits are dark. Policy, fire code, and corporate politics get in the way of perfect uptime records, but if this rule saves my peers from electrocution, I'm not going to argue against it. Kevin
Re: OT: serial console through S-Video 7-pin locking dub connector?
On 7/20/07, Rob Schmersel [EMAIL PROTECTED] wrote: That looks like an old Mac modem cable (RS-422 RS-232), different beast. S-video does not even have the correct signals. The Macintosh (and some old Sun hardware) serial port uses a 8-pin Mini-DIN, a different pinout than other more common Mini-DIN connectors (S-Video, PS/2 keyboard, etc). More information and better pictures of Mac/Sun serial cables: http://www.cablestogo.com/product.asp?cat%5fid=206sku=02996 http://www.sunhelp.org/unix-serial-port-resources/serial-pinouts/ If you're digging through old Sun get and want to get an IPX or CP1500 working, you'll need one of these. Kevin
Re: Remote Syslogd
On 5/18/07, djgoku [EMAIL PROTECTED] wrote: I am trying to filter remote syslog information that is coming from Motherboard Monitor on Windows. If all I do is change syslogd startup options in /etc/rc.conf from syslogd=-u all information is logged to /var/log/daemon. But I would really like the information be routed to something like /var/log/hostname. The stock syslogd doesn't directly support this type of handling. Logging by originating host, and much more, is available in syslog-ng, available from the ports tree (/usr/ports/sysutils/syslog-ng). It can be a little tricky to get syslog-ng to co-exist with the stock syslogd, or to entirely replace it with syslog-ng. Kevin
Re: Monitoring with labels
On 5/16/07, Frans Haarman [EMAIL PROTECTED] wrote: Hello, I was wondering about using pf to monitor what is happening on our network. The idea is to connect a pf machine to the management port on the switch. You might be better served using a tool designed for this purpose, such as Argus: http://www.qosient.com/argus/ The Argus toolkit is designed to run on a Unix host, monitor an interface, and get protocol statistics per connected ip going towards our servers, among many other things. With some limitations, the collection and reporting tools work on OpenBSD (I've been testing the release candidates for Argus 3.0 and have one open bug with 'ratop'). Long ago geek00L mentioned working on a port, once Argus is released as 3.0 I'd be willing to assist in making a port. Kevin
Re: Dual-port Gigabit SX NICs?
Am I the only one having a difficult time keeping track of which cards on the Supported hardware list are merely tolerated, and which vendors/chipsets are truly supported and cooperative? On 5/5/07, Henning Brauer [EMAIL PROTECTED] wrote: On 5/4/07, K K [EMAIL PROTECTED] wrote: This would be our first foray into Fiber NICs on OpenBSD, looking for recommendations for on affordable, reliable dual 1000baseSX NICs with good OpenBSD support. . . . the intels are not a bad choice; also there are bges I think. you can find hp branded dual-port em well as bge, and intel-branded em, on ebay at reasonable rates. Thanks -- We'll probably end up paying street price for new Intel SX fiber gigabit NICs. Is there a reason I should avoid the very cheap SK-9844 refurbs I see at various sites, these are a fraction of the eBay price for the dual port Intel (PWLA8492MF)?. Kevin
Dual-port Gigabit SX NICs?
I have a need to set up a sniffer based off NetOptics Fiber tap, collecting data from two different segments (so four interfaces total), with a total of around 800Mbps receive traffic, zero transmit. This would be our first foray into Fiber NICs on OpenBSD, looking for recommendations for on affordable, reliable dual 1000baseSX NICs with good OpenBSD support. Reading Mark Kettenis's O'Reilly interview for 4.0, I see that Marvell/SysKonnect is uncooperative and buggy. We mostly use Intel's Pro/1000 Quad cards for copper GigE, so I could go with the very expensive Intel PWLA8492MF, but at $750/each, the Intel card doesn't meet the affordable part of my criteria. Thanks, Kevin
Re: No Blob without Puffy
It'd be great if Theo could make a clear statement on Puffy, the same as Marshall Kirk McKusick has for the daemon. I had cause to use a variant of Marshall's beastie for a project which was marginally within his published guidelines, and had no problem getting permission. On 3/16/07, Karel Kulhavy [EMAIL PROTECTED] wrote: Is it true that Puffy is not here because of Theo's concerns about his copyrighted Puffy logo? http://misc.allbsd.de/Kampagnen/NoBlob/NoBlob-en-Poster.jpg Not only is puffy not there, the word OpenBSD is also absent, and Theo has explained exactly what happened. It's not about the blowfish at all. I also couldn't use Puffy logo on Ronja because then I wouldn't be able to talk about OpenBSD negatively if it came out there is some serious problem with Ronja and OpenBSD together. I think Theo should stop being paranoid about his Puffy. Puffy is not something you steal from a bowl and it disappears. I also have a Ronja logo which is under GFDL and noone is stealing it and damaging me. The same for the Linux Tux I have the feeling. Not quite how trademark law works, see http://preview.tinyurl.com/2crjgc Specifically, it appears you could legally use Puffy on a Ronja logo to indicate compatibility, and you could still feel free to talk about OpenBSD negatively, even under Canadian trademark law. In the No blob case, the issue would be that using *any* OpenBSD mark would suggest sponsorship or endorsement, puffy or no puffy. And Theo has made it clear how he feels about endorsing that specific campaign. Jack J. Woehr writes: Handling the deadly pufferfish is very dangerous, and best left to experts! The only legal imports to the US are pre-processed and flash frozen, with all tetrodotoxin safely removed. Fugu is good food. IANAL, YMMV
Re: OT: Google-mini equivalent on OpenBSD suggestions needed
On 3/8/07, Daniel Ouellet [EMAIL PROTECTED] wrote: But, I am at a lost as to find something that would run very nicely on OpenBSD that would be similar to a google mini search engine. If you are interested in indexing both web sites remotely and local files (e.g. the contents of /var/www/htdocs), check out Swish-e, which can (with help from some additional ports) index the contents of PDFs, etc. It does take a little work to configure. Swish-e, while not available as an OpenBSD port, is actively developed and community supported, see http://swish-e.org/index.html
Re: 4.0 on Dell 2650
On 2/9/07, Beavis [EMAIL PROTECTED] wrote: I have a PERC 3/Di on an old Dell 2650, dmesg doesn't show that much info it's just that there's no disk and PERC 3/Di is not-configured seems like dell still hasn't budge .. seems like it's an old issue old donkey-dell.. Yank out the RAID KEY and the PERC 3/Di will magically vanish and the raw drives will be accessible via the normal on-board controller. You lose hardware RAID, but you can the ability to boot OpenBSD 4.0 GENERIC kernel. Kevin
Re: 4.0 frozen
On 12/16/06, Stephen Schaff [EMAIL PROTECTED] wrote: Yesterday it inexplicably went dark. I went down to check it out, and hooked up the monitor and keyboard. I could see the welcoming login prompt, but it wouldn't accept any input. It wasn't accepting any pings from a remote system on the network either. The only word I have for that is frozen - if there's better terminology out there - please let me know. Anyway, after hard booting the machine, and rebuilding the raid - I checked all the log files I could think of and can't find a thing. Nada. Then - it went down again today! I'm not sure what to do now. Sounds like a physical problem. I've seen this type of hard freeze with bad power, RAM, motherboard, or CPU,. The problem is often related to heat. If you can take it out of production for half a day or so, I would try UBCD, starting with the memory tests. http://www.ultimatebootcd.com/ Kevin
Re: rapidly rewriting a file causes filesystem to become full
On 12/5/06, Joe Advisor [EMAIL PROTECTED] wrote: If this is the case, does this mean that I am in an either / or situation... as in, it is not possible to have rapid rewrites and rapid reboot simultaneously. Or is sync in cron a reasonable approach? The best option would be to redesign the code so it doesn't require rapid recreation of a file on disk. For example, modification in-place (perhaps hold the file open and use seek() and fsync()?), named pipes, or even shared memory might be a better approach. If changing the code is not an option, but the file to be rewritten is small and does not need to survive a reboot, you can put it on it's own RAMdisk partition using mount_mfs. If it's large or does need to survive a reboot, you can still put it on a separate partition, and not set softdep on that one partition. Kevin
