npppd advice

[Scott McEachern]

:19:5b:68:91:20
eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5
xl0 at pci1 dev 10 function 0 3Com 3c900 10Base-T rev 0x00: apic 1 int 
22, address 00:10:4b:d5:1a:fe

ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: ST330630A
wd0: 16-sector PIO, LBA, 29188MB, 59777640 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 ignored (disabled)
ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: 
apic 1 int 17

iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC2700CL2.5
spdmem1 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
sd0 at scsibus1 targ 1 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed
sd0: 29180MB, 512 bytes/sector, 59761208 sectors
root on sd0a (2463a9a61e811c48.a) swap on sd0b dump on sd0b
-

I hope I'm not forgetting anything...  TIA!

--
Scott McEachern

http://www.blackstaff.ca

The reasonable man adapts himself to the world: the unreasonable one persists in 
trying to adapt the world to himself. Therefore all progress depends on the unreasonable 
man. -- George Bernard Shaw

Re: npppd advice

[Scott McEachern]

On 08/03/14 14:42, Stuart Henderson wrote:

On 2014-08-03, Scott McEachern sc...@blackstaff.ca wrote:

I'd really like to upgrade to 5.6/-current, but for my connection to
work, I either have to abandon some features (MLPPP) with kernel-mode
pppoe, or go with something completely new, like npppd.

Not currently possible, npppd is server-side only and doesn't do
MLPPP (or IPV6CP).



That's what I was afraid of.

Theo, is there any chance of putting userland ppp back in?  I'm sure I'm 
not the only person out there that needs that specific functionality to 
stay online.


I know you've said before that the code is horrible, there are too many 
pppoe options, but there are some people -- like me -- that are stuck 
without it.  We just don't have a viable option.


Please consider putting it back in.  People like me still use and need 
it, and it's no hardship on your end.


Please?

--
Scott McEachern

http://www.blackstaff.ca

The reasonable man adapts himself to the world: the unreasonable one persists in 
trying to adapt the world to himself. Therefore all progress depends on the unreasonable 
man. -- George Bernard Shaw

segfault in netstat

[Scott McEachern]

Using the latest i386 snapshot (Nov8), running netstat as root causes a 
segfault.  Earlier snaps may be affected, I'm just noticing this now.  
Running as a non-root user seems to be fine.


# netstat -an
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
tcp  0  0  192.168.1.5.22 192.168.1.4.41282 ESTABLISHED
tcp  0216  192.168.1.5.22 192.168.1.4.18447 ESTABLISHED
tcp  0  0  192.168.1.5.22 192.168.1.4.21025 ESTABLISHED
tcp  0  0  *.6000 *.* LISTEN
tcp  0  0  127.0.0.1.587  *.* LISTEN
tcp  0  0  127.0.0.1.25   *.* LISTEN
tcp  0  0  *.22   *.* LISTEN
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
udp  0  0  *.514  *.*
Active Internet connections (including servers)
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
tcp6 0  0  *.6000 *.* LISTEN
tcp6 0  0  ::1.587*.* LISTEN
tcp6 0  0  ::1.25 *.* LISTEN
tcp6 0  0  *.22   *.* LISTEN
Active UNIX domain sockets
AddressType   Recv-Q Send-Q  Inode   Conn   Refs Nextref 
Addr

Segmentation fault

# netstat
Active Internet connections
Proto   Recv-Q Send-Q  Local Address  Foreign Address (state)
tcp  0  0  blackstaff.ssh 192.168.1.4.41282 ESTABLISHED
tcp  0  0  blackstaff.ssh 192.168.1.4.18447 ESTABLISHED
tcp  0  0  blackstaff.ssh 192.168.1.4.21025 ESTABLISHED
Active UNIX domain sockets
AddressType   Recv-Q Send-Q  Inode   Conn   Refs Nextref 
Addr

Segmentation fault

No core file seems to be left behind.  Anyone else seeing this?

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: segfault in netstat

[Scott McEachern]

On 11/09/13 12:55, Jérémie Courrèges-Anglas wrote:

Scott McEachern sc...@blackstaff.ca writes:


Anyone else seeing this?

Yup (fresh i386).


Just to be clear, I was also using a clean install.  Judging by the way 
it craps out at the unix domain sockets display, I'm guessing this 
commit is the culprit:


*List:openbsd-cvs  http://marc.info/?l=openbsd-cvsr=1w=2
Subject:CVS: cvs.openbsd.org: src  http://marc.info/?t=9022420702r=1w=2
From:Philip Guenther guenther () cvs ! openbsd ! org  
http://marc.info/?a=12152454264r=1w=2
Date:2013-10-22 16:40:29  http://marc.info/?l=openbsd-cvsr=1w=2b=201310
Message-ID:201310221640.r9MGeTH7025102 () cvs ! openbsd ! org  
http://marc.info/?i=201310221640.r9MGeTH7025102%20%28%29%20cvs%20%21%20openbsd%20%21%20org
[Download message RAW  
http://marc.info/?l=openbsd-cvsm=138246004827722q=raw]*

CVSROOT:/cvs
Module name:src
Changes by: guent...@cvs.openbsd.org2013/10/22 10:40:29

Modified files:
include: kvm.h
sys/sys: sysctl.h
sys/kern   : kern_sysctl.c
lib/libkvm : Makefile kvm_cd9660.c kvm_file2.c
 kvm_getfiles.3 kvm_ntfs.c kvm_private.h
 kvm_udf.c shlib_version
usr.sbin/pstat : pstat.c
usr.bin/fstat  : fstat.c fstat.h fuser.c
usr.bin/netstat: main.c netstat.h unix.c
sbin/sysctl: sysctl.c
lib/libc/gen   : sysctl.3
Removed files:
lib/libkvm : kvm_file.c

Log message:
- add UNIX-domain socket info to struct kinfo_file2
- convert netstat from kvm_getfiles() to kvm_getfile2() using that
- delete kvm_getfiles() and KERN_FILE as no longer used (bump libkvm's major)
- rename kvm_getfile2() to kvm_getfiles(), kinfo_file2 to kinfo_file
and KERN_FILE2 to KERN_FILE.

ok deraadt@, millert@
ports scan sthen@


I'd imagine it's being looked into. :)

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: segfault in netstat

[Scott McEachern]

On 11/09/13 15:05, Philip Guenther wrote:

On Sat, Nov 9, 2013 at 10:24 AM, Scott McEachern sc...@blackstaff.ca wrote:

I'd imagine it's being looked into. :)

Yep.  Just committed the fix.  Thanks for the report!


Philip Guenther



Thanks very much for such a quick fix!

I'll test it out when it hits the mirror I use.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Errors building system on i386-current

[Scott McEachern]

Using a clean install from the Nov. 8th i386 snapshot, I upgraded all 
sources and ran into this while building the system:


Your select() operates on 32 bits at a time.
Generating a list of signal names and numbers...
Checking the size of size_t...
Checking to see if you have socklen_t...
socks.h NOT found.
I'll be using ssize_t for functions returning a byte count.
Checking the size of st_ino...
Checking the sign of st_ino...
Your stdio uses signed chars.
Checking the size of uid_t...
Checking the sign of uid_t...
Checking the format string to be used for uids...
Determining whether we can use sysctl with KERN_PROC_PATHNAME to find 
executing program...

try.c: In function 'main':
try.c:23: error: 'KERN_PROC_PATHNAME' undeclared (first use in this 
function)

try.c:23: error: (Each undeclared identifier is reported only once
try.c:23: error: for each function it appears in.)
I'm unable to compile the test program.
I'll assume no sysctl with KERN_PROC_PATHNAME here.
Determining whether we can use _NSGetExecutablePath to find executing 
program...

try.c:4:25: error: mach-o/dyld.h: No such file or directory
I'm unable to compile the test program.
I'll assume no _NSGetExecutablePath here.
It appears we'll be able to prototype varargs functions.
Which compiler compiler (yacc) shall I use? [yacc]
assert.h found.
fp.h NOT found.
fp_class.h NOT found.
gdbm.h NOT found.
ieeefp.h found.
libutil.h NOT found.
mntent.h NOT found.
net/errno.h NOT found.
netinet/tcp.h found.
poll.h found.
prot.h NOT found.
Guessing which symbols your C compiler and preprocessor define...
tcsetattr() found.
You have POSIX termios.h... good!
stdbool.h found.
stddef.h found.
sys/access.h NOT found.
sys/filio.h found.
sys/ioctl.h found.
You have socket ioctls defined in sys/sockio.h.
syslog.h found.
sys/mode.h NOT found.
sys/poll.h found.
sys/resource.h found.
sys/security.h NOT found.
sys/statvfs.h found.
sys/un.h found.
sys/utsname.h found.
sys/wait.h found.
ustat.h NOT found.
utime.h found.
vfork.h NOT found.
Looking for extensions...

Duplicate directories detected for extension B-Lint
Configure cannot correctly recover from this - shall I abort?
/usr/src/gnu/usr.bin/perl/Configure: .: ../UU/myread: not found
*** Error 1 in gnu/usr.bin/perl (Makefile.bsd-wrapper:76 'config.sh')
*** Error 2 in gnu/usr.bin (bsd.subdir.mk:48 'depend')
*** Error 2 in gnu (bsd.subdir.mk:48 'depend')
*** Error 2 in . (bsd.subdir.mk:48 'depend')
*** Error 2 in /usr/src (Makefile:89 'build')

Just thought I'd let you know.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

make release problem with -current

[Scott McEachern]

Anyone else running into this when running make release with -current?

cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-main 
-Wno-uninitialized -Wno-format  -Wstack-larger-than-2047 
-fno-builtin-printf -fno-builtin-snprintf  -fno-builtin-vsnprintf 
-fno-builtin-log  -fno-builtin-log2 -fno-builtin-malloc 
-fno-stack-protector -Os -mtune=i486 -pipe -nostdinc -I../../../.. -I. 
-I../../../../arch -DSCSITERSE -DSMALL_KERNEL -DNO_PROPOLICE 
-DTIMEZONE=0 -DDST=0 -DFFS -DFFS2 -DEXT2FS -DNFSCLIENT -DCD9660 
-DUDF -DMSDOSFS -DINET -DINET6 -DBOOT_CONFIG -DCRYPTO -DRAMDISK_HOOKS 
-DMINIROOTSIZE=0xf20 -DPCIVERBOSE -DMAXUSERS=4 -D_KERNEL -MD -MP  -c 
vers.c
ld -Ttext 0xD0200120 -e start -N --warn-common -nopie -S -x -o bsd 
${SYSTEM_HEAD} vers.o ${OBJS}

textdatabss dec hex
3982420 2045352 434916  6462688 629ce0
cp 
/usr/src/distrib/i386/ramdisk_cd/../../../sys/arch/i386/compile/RAMDISK_CD/bsd 
bsd
cc  -o rdsetroot 
/usr/src/distrib/i386/ramdisk_cd/../../common/elfrdsetroot.c 
/usr/src/distrib/i386/ramdisk_cd/../../common/elf32.c 
/usr/src/distrib/i386/ramdisk_cd/../../common/elf64.c

cp bsd bsd.rd
/usr/src/distrib/i386/ramdisk_cd/obj/rdsetroot bsd.rd mr.fs
cp bsd.rd bsd.strip
strip bsd.strip
strip -R .comment bsd.strip
gzip -c9n bsd.strip  bsd.gz
dd if=/dev/zero of=/var/tmp/image.11200 bs=512 count=5760
5760+0 records in
5760+0 records out
2949120 bytes transferred in 0.013 secs (226855385 bytes/sec)
vnconfig -v -c vnd0 /var/tmp/image.11200
vnconfig: VNDIOCSET: Device busy
*** Error 1 in /usr/src/distrib/i386/ramdisk_cd 
(../common/Makefile.inc:31 'cdrom54.fs')

*** Error 1 in /usr/src/distrib/i386 (bsd.subdir.mk:48 'all')
*** Error 1 in /usr/src/distrib (bsd.subdir.mk:48 'all')
*** Error 1 in /usr/src/etc (Makefile:322 'distrib')


snipped dmesg:

OpenBSD 5.4-current (GENERIC.MP) #0: Tue Nov  5 21:05:57 EST 2013
r...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: AMD Phenom(tm) II X6 1100T Processor (AuthenticAMD 686-class, 
512KB L2 cache) 3.32 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,SSE3,MWAIT,CX16,POPCNT,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,WDT,ITSC

real mem  = 3487690752 (3326MB)
avail mem = 3418877952 (3260MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/23/10, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.5 @ 0x9f400 (68 entries)

bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: make release problem with -current

[Scott McEachern]

On 11/05/13 22:29, Ted Unangst wrote:

On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote:

Anyone else running into this when running make release with -current?
vnconfig -v -c vnd0 /var/tmp/image.11200
vnconfig: VNDIOCSET: Device busy

Are you already using vnd0?



No, not intentionally at least.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: make release problem with -current

[Scott McEachern]

On 11/05/13 23:02, Philip Guenther wrote:

On Tue, Nov 5, 2013 at 7:33 PM, Scott McEachern sc...@blackstaff.ca wrote:

On 11/05/13 22:29, Ted Unangst wrote:

On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote:

Anyone else running into this when running make release with -current?
vnconfig -v -c vnd0 /var/tmp/image.11200
vnconfig: VNDIOCSET: Device busy

Are you already using vnd0?

No, not intentionally at least.

So you've used vnconfig -l to see what it's currently bound to and...



# vnconfig -l
vnd0: covering /var/tmp/image.28401 on sd0e, inode 12
vnd1: not in use
vnd2: not in use
vnd3: not in use

I'm not sure if that's from something earlier in the build process, or 
possibly from a failed build the other night.


Either way, I'm going to just nuke it all, install from scratch, and see 
how that goes.  I'll bet it will work just fine..


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Experiences with OpenBSD RAID5

[Scott McEachern]

On 10/18/13 07:31, Stuart Henderson wrote:

On 2013-10-18, Scott McEachern sc...@blackstaff.ca wrote:

Circumstances change, and I might be able to redeploy those HDDs as a
RAID5 array.  This, at least in theory, would allow the 18TB total to be
realized as 15TB as RAID5, gaining me 6TB.

even if softraid would rebuild raid5, I'd worry about additional
disk failures before/during rebuild for a volume of this sort of size..
(especially given that rebuilding is not automatic with softraid).



Follow-up:

Thanks to all that replied publicly and privately, the information was 
most helpful.


RAID5 can't rebuild, so that's a show stopper right there.

However, now I understand why something I thought (at first) would be 
important has been left unwritten:  RAID5 has its own lengthy set of 
problems.  Like Stuart and others said, the potential for a secondary 
HDD failure causing a catastrophic failure to the entire volume is far 
greater than most people think.  This link was given to me off-list, and 
it's worth the 60 seconds it takes to read: (It's short and to the point.)


http://www.miracleas.com/BAARF/Why_RAID5_is_bad_news.pdf

My primary goal with RAID is data integrity, with total capacity taking 
a back seat.  As much as, in my case, 6TB seems like a rather large 
loss, the potential for RAID5 failure to gain that 6TB isn't worth it.  
Simply put, RAID1 (or even better, RAID10), is a superior course of 
action for data integrity.


Assuming the numbers provided by CERN in that PDF are anywhere near 
accurate, it seems to me that using RAID5 is not only counter to the 
reason for RAID in the first place, but even reckless.


Thanks again folks for the advice.  I'm sticking to RAID1.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Experiences with OpenBSD RAID5

[Scott McEachern]

  Status   Size Device
softraid0 4 Online  1603138224128 sd13RAID0
  0 Online  3000592408576 4:0.0   noencl sd9a
  1 Online  3000592408576 4:1.0   noencl sd11a


This should be a 3TB RAID1 (sd9) + a 3TB RAID1 (sd11) = 6TB RAID0 
(sd13), but I'm only getting 1.5TB, one quarter of what I should have.  
Yes, I used b to start at zero and * to use the whole disk.


# newfs sd13a
[snip]

# mount -o rw,noatime,softdep /dev/sd13a /storage/raid10

# df -h
Filesystem SizeUsed   Avail Capacity  Mounted on
[snip]
/dev/sd13a 1.4T8.0K1.4T 0%/storage/raid10

And that's how it stands.  I guess RAID10, or stacking, or whatever you 
wish to call it, doesn't quite work just yet...


Fun experiment, too bad it didn't work out.

I'm all ears if anyone has a suggestion that can turn that 1.4T into a 
5.6T.  :D


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Experiences with OpenBSD RAID5

[Scott McEachern]

It wasn't planned this way, it just happened over time, but I ended up 
with a couple of machines with a few 3TB RAID1 volumes.  As a result, 
around 18TB total (all HDDs are 3TB) is actually 9TB once RAID1'd.


Circumstances change, and I might be able to redeploy those HDDs as a 
RAID5 array.  This, at least in theory, would allow the 18TB total to be 
realized as 15TB as RAID5, gaining me 6TB.  For now, I'm able to back 
up my RAID1 arrays to non-RAID HDDs.  While this makes me nervous, I 
want to at least try creating a RAID5 setup to experiment on, with an 
eye to fully replacing RAID1 with RAID5.  (6TB of lost capacity is 
nothing to sneeze at!)


I realize the bioctl(8) man page says Use of the CRYPTO  RAID 4/5 
disciplines are currently considered experimental.


However, I've been using RAID1 and CRYTPO in bootable and non-bootable 
configurations, including full disk encryption, quite happily for a 
while now.  I've tested by removing drives, booting, rebuilding, etc., 
and I've never had a problem.  So while the page may say experimental, 
I've found CRYPTO to be rock-solid thus far.


I've never tried softraid's RAID5, so I have no idea if it truly is 
experimental, or solid like CRYPTO, or somewhere in between.


So I ask my fellow list'ers for their experiences with OpenBSD's RAID5 
implementation.  (Yes, I'm running -current.)  Does it work for you?  
Have you had any good experiences?  Any bad experiences? Have you had to 
actually rebuild a RAID5 array?  Can you add another drive to the array 
at a later time, or does the array need to be destroyed and rebuilt from 
scratch?  Any questions I'm forgetting? I need to know about these 
things, from real-world use, before using RAID5 in the long-term.


Also, in theory, with RAID5 you only lose one drive for the parity, 
hence my 18TB non-RAID = 15TB RAID5 math.  Is this correct in 
practise with softraid?


All stories are welcome, including private emails.

Thanks,

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Experiences with OpenBSD RAID5

[Scott McEachern]

On 10/17/13 20:57, Nick Holland wrote:
with the exception of the fact there's no code to rebuild a failed 
disk, works great. that's a pretty big exception for most people. :) 


Hmm.  That would present a problem.

Let me make sure I'm absolutely clear here:

A RAID5 array with four disks.  I notice via bioctl(8) that one has 
failed.  I pull the failed disk and replace it with my cold spare. I 
cannot use bioctl -R to incorporate the new disk into the array. 
Correct?  (BTW, I know for a fact it works properly with RAID1.)


So basically, if a drive fails, the RAID5 array is permanently borked 
until completely recreated with a new array, meanwhile I'll be trying to 
back up my data somewhere else.


you should be trying this stuff yourself. Doesn't matter if *I* can 
rebuild your array, it matters if YOU can. You don't have to practice 
on 3TB disks, you can practice on 10GB disks...though understanding 
the time required for 3TB disks would be wise. 


As you've often advised in the past, test it yourself.  I plan on it, 
just to see what happens.  BTW, I tried it once with a 3TB RAID1, and I 
believe it took two days, but I could be wrong and is 
hardware-dependent.  Either way, it takes a /long/-ass time.


other than a 3TB disk is closer to 2.75TB than 3TB, yeah the math 
works the same with softraid as it does with hw raid. Nick. 


Yes, sorry for not making clear I realize that.  I didn't want to do the 
usable space, GB/GiB, TB/TiB dance.  You know what I mean.., hopefully.


Either way, while I have the opportunity, I'm going to create some RAID5 
arrays of varying sizes, pull (fail) disks, etc., and just see what 
happens for myself.  Experimenting is fun!


Unfortunately, if RAID5 cannot rebuild anything, it's about as useful as 
a leaky screwdriver and RAID1 remains the only viable option on 
OpenBSD.  Damn.


Thanks Nick, as always you're a gem of a resource.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/09/13 05:08, Zé Loff wrote:


(Quite) a few years ago, the Dutch government wanted to make sure everyone had a proper burial, 
according to each one's beliefs and rituals. So they asked people to state their religious 
beliefs. This is a good idea right? Everyone's wishes get respected even if you had no family 
or if your whole family died in an accident or fire or whatever. Besides, I've got 
nothing to hide, being insert your religion here is nothing to be ashamed of and I'm 
proud of my heritage. So the government made a nice list. And then a few years later 
Germany invaded the Netherlands.

Point being, it's not naiveté. It's this whole I've got nothing to hide anyway, let them 
look / I am not that important mentality. People fail to realise that this is not 
about you having something to hide or not. It's about your right to hide something /if and when you 
want to/.


Both of your last two posts, well said.

Thanks for pointing out that it was the Netherlands that kept that data, 
and why.  When I mentioned it earlier, I wasn't sure earlier if it was 
the Belgians or the Dutch, or why.  Good to know, and remember.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

 stopping kiddie porn, read my 
sig.  I think he said that in 2006.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

 be true, but keep in mind you are two degrees away 
from someone with (at least) secret clearance in SIGINT in the 
military, with the connection (me) being someone who /might/ have been 
looked into, or is actively watched.  Also remember, the NSA /really/ 
loves to draw pretty pictures showing relationships/associations between 
people and organizations.


Food for thought for everyone, but like I said, he doesn't care and 
won't think about it.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 16:36, Martin Schröder wrote:

YYCIX is subject to canadian laws.
It likely must have a lawful interception interface for the canadian
police/whatever.


Americans are subject to the highest law of the land:  The US 
Constitution.  You know, that document the President and damned near 
every government employee has sworn an oath to obey and protect.


The NSA has broken that oath.  Not long after the Snowden leaks started, 
the Director of National Intelligence, James Clapper, spoke before 
congress and explained what the NSA is up to, in an attempt to play 
down Snowden's revelations.  Then more Snowden documents came out, 
proving that the DNI just /lied/ to congress.  Curiously, he's not in 
jail, and is still in office.  Lying to congress is an indictable 
offense, er, a felony offence in US legal-speak.


Now here's another fun bit of trivia for you:  The constitution outranks 
*all* other laws, like state, regional, municipal, etc. All except one:  
Foreign treaties.  They hold equal rank to the constitution.  Think 
about that, vis a vis foreign treaties with other intelligence 
agencies.  The same applies in Canada with our Constitution and Bill of 
Rights.


Lawful interception, you say?  Subject to Canadian laws?  Privacy laws?  
There are no privacy laws in either the US or Canadian constitutions; 
look it up.  But we /do/ have treaties.



Canada is a member of Five Eyes.


Thank-you for proving my point.  Nice treaties with the other members 
since 1948.  Treaties that have equivalent legal weight to the 
constitutions of the respective countries.


If you think our (Canadian) morally superior privacy laws, and our 
national/provincial privacy commissioners have any say in the matter, 
you're fooling yourself.


A couple of weeks ago, John Tory, a very well-respected radio 
commentator (and former lawyer, former CEO of Rogers, former politician, 
etc.) on a respected AM talk radio station, interviewed a fellow who 
works deep inside the telecom industry.  Sorry, I can't remember the 
chap's name.  Tory asked the guy, So what ISPs are giving customer data 
to the government?  The guy deadpanned, All of them.  All of them are 
doing it.


Of course, there's no actual proof of this at the moment, but given what 
Snowden has released so far, and what those documents indicate (eg. 
PRISM) I think this theory has moved from pure speculation to most 
likely status.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 16:41, Kevin Chadwick wrote:


As I say I am far more concerned about 'modern' incompetent ISP's.
Uncaring ISPs or ISP's that can only care about profit (and so
advertising) or they are out of business and tasking them (perhaps to
their delight) with layer 7 filtering which requires great care and
expertise and arguably only securable passively which I am sure they
will not be doing.

This should certainly be stopped as it may give people with mostly evil
intentions similar access as the NSA or just reduce reliability perhaps
at a time when the net is needed most. Sounds like it was quite a bit
of work though or was that mostly the resistance?

Global government surveilance is not going to be stopped or the
backbone avoided and atleast likely comes from mostly good intentions
even if it is bound to be abused or infiltrated at times.


History has demonstrated time and time over that it is the nature of 
government to keep and expand power at all costs.  Surveillance states 
don't go away until a major upheaval takes place.  Look at East 
Germany's Stasi, or the former USSR's KGB.  Oh wait, that came back 
again with a new name, the GRU I believe.


As I said in a previous post, it's most likely that the NSA is vacuuming 
up /all/ Internet data.  Even if they aren't grabbing 100% of it, 
they're definitely getting the interesting bits.  And that data is 
going to be stored forever.


Even if your data is safely encrypted today, that data will be stored 
somewhere for pretty much eternity.  In 20 years when supercomputers, or 
quantum computers, can make mincemeat of today's strong crypto, that 
data will be analyzed to predict the future by learning from the past.


Even if you can pretend the US government of today, or any other 
government for that matter, is truly innocuous with the best intentions 
(ha!), that doesn't take into account the nature of future governments.


Back in the pre-WW2 days, Belgium (or was it the Netherlands?  I 
forget.) kept detailed census and medical data on their citizens, 
including their religious affiliation.  It was useful data for a 
friendly government, never to be abused.


Then WW2 happened, and Hitler's Nazis invaded.  They found that data, 
especially the religion part, quite useful, and we all know how that 
turned out.


The NSA has been playing this game not for years, but *decades*. The 
breadth of PRISM and other programs with names always written in caps is 
astounding.  They, and other intelligence agencies, are /everywhere/.  
Routers and switches with backdoors from the US (like Cisco), China 
(Huawei), Russia and others.  Splitters on backbone fiber, like Room 
641A.  Superfast computers that intercept HTTPS/SSL data using acquired 
private keys from friendly or coerced companies.  Moxie Marlinspike 
demonstrated these techniques at a black hat conference in 2009, google 
for it.


Sounds far fetched?  Look at the revelation that LavaBit did indeed shut 
down because the FBI insisted on having their private keys, and 
installing a device on their network to intercept and decrypt the 
data.  They originally were (allegedly) targeting just Snowden's 
account, but when the head of LavaBit declined, the FBI wanted the data 
for /all/ users.  So he shut it down.  Then Silent Circle shut down, and 
the list continues to grow.


More food for thought?  Go read Naomi Wolf's book The End of America.  
(https://en.wikipedia.org/wiki/Naomi_Wolf for a quick outline.)  Don't 
have time to read it?  Watch her youtube video (~48mins) of a speech 
given at the U of Washington in 2007. 
(https://www.youtube.com/watch?v=y8u-5gsZdgc, amongst others) Hopefully, 
it will make you think about the direction the US is heading.


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

 nonsense; 
house and be resonsible for your own data and security.  Why on earth 
anyone or any company would trust a third party with their data is 
beyond me.  Utter lunacy, to save a buck. And if you really /must/ use 
some cloud storage service, encrypt your data using a FOSS OS, again, 
preferably OpenBSD, before putting it out there.


You don't know me, you shouldn't trust me (of course), so I suggest you 
do your own reading and homework.  Bruce Schneier (google him) is a 
seriously respected cryptoanalyst in the industry, so start by reading 
his papers, articles and comments.


Sometimes our Theo lets fly with a few interesting comments.  Pay 
attention.  He's a good man and fine leader; listen to him.  I'd love to 
buy him some pizza and beer, and pick his brain for what he thinks is 
coming down the road.  Unfortunately, Calgary is a three-day drive away 
for me, and I'm not silly enough to discuss such things via email. :)


Remember, your security is *your* responsibility.  It's now established 
that you cannot trust the government or any major US firms.  Make that, 
any US firms, period.  Schneier has written many papers on how poorly 
people evaluate risk, and risk assessment.  Read up on those old papers 
through the lens of the Snowden revelations, and make your own decisions.


I don't know what the future holds.  My crystal ball is broken.  I have 
my suspicions, and I'll bet more than a few of them will be borne out by 
future Snowden revelations.


As long as known insecure OSes like Windows, (who cooperate with the 
NSA), run horribly insecure software, like anything from Adobe (Flash, 
Reader, Acrobat, Shockwave), Oracle (Java), or Apple (iTunes, 
QuickTime), continue to dominate the market, we're screwed.  It just 
takes one 0wned end point, which the NSA is very specifically attacking, 
and the best encryption in the world falls down due to vulnerable end 
points.


You sent emails with the tagline Sent from my BlackBerry 10 smartphone 
on the Verizon Wireless 4G LTE network.  BlackBerry/RIM, a Canadian 
firm located just a few hours west of me, bent over and grabbed their 
ankles for the Indian government, so that government had a back door 
into the secure BB devices.  (Hey, wasn't proper security a big 
selling/marketing point for them?  Oh yes, it was.) I wonder who else 
they've grabbed their ankles for?  And Verizon? Ah yes, it's now been 
documented that they cooperate with the NSA too.  So, like I said to my 
friend with his Galaxy smartphone: Enjoy!  I'm sure you're not that 
interesting.


Think.  Read.  Listen.  Even to those you don't typically agree with.  
Listening to contrary views will help give you a balanced opinion and 
thought process.  Look at the writing on the wall, that is, patterns.  
The patterns of history, wrt current patterns.  Try.


PS:  I'm sure this is much to your consternation, but Ze was correct:  
Your post did validate my current sig.  Which is sad, really.  But 
you're off to a good /start/, you're using OpenBSD on at least some 
devices.  (You are, right?)


Thanks for listening, everyone.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/06/13 20:48, dera...@cvs.openbsd.org wrote:

Now, why do I mention this in relation to OpenBSD?  Well, at the end
of 2007 someone decided to open an impersonation account on twitter in
my name, and start sending a mix of things I have said (see wikiquote
for instance), with things that I would never say.  That account is
http://twitter.com/theoderaadt

A few notes:  The account has now changed to declare that it is a
parody account and renamed to Not Theo de Raadt, as of a few days
ago.  If you read back into the past, you will see true character of
the account and the individual.

People in the local community were directed to the account, to give a
negative, if not slanderous, view of my character.  The ones directing
them have high-profile roles in the community, so people would take
what they say as true.  Since I am the network manager for the
exchange equipment, this by extension was meant to hurt YYCIX.

Why would stewards of important infrastructure projects deliberately
spread such false stories?


[...]



Layers of hurt being thrown around.  Why?


I don't know, but I can guess.  Probably the same reason that a year or 
two ago some crap came out trying to discredit OpenBSD's IPSec 
implementation: To discredit you, and OpenBSD as a whole.


Like I said, I have absolutely no doubt the NSA has been keeping tabs on 
OpenBSD as a whole.  Anything more than that is pure speculation on my part.


You, and the project, are financially reliant on donations, so if you 
are discredited, those donations lessen, and the project falters.  I'd 
bet money that the NSA would love to see OpenBSD go away.


What other real options would someone, like the NSA but not necessarily 
them, or just them, have?


Hack the OpenBSD servers?  Good luck with that.  OpenBSD is the gold 
standard in the hacker underground.  I've heard hackers say that when 
they are looking for targets, they skip the OpenBSD boxes they find; a 
waste of time.  (I don't know how true that is, so take it with a grain 
of salt.)


Inject code?  (Like was alleged in the IPSec situation.)  Good luck.  
Commits are public, reviewed, audited, etc.


Corrupt the project leaders, usually financially.  Theo is an idealist.  
(I mean that in a good way, don't get me wrong.)  If he wanted to make 
serious money, he could easily do so with his reputation, experience, 
and skill set.  I wish anyone luck with corrupting Theo, or those he 
trusts, with money.  I deeply believe that unlike psychopathic 
CxO-types, he's not in it for the money, or power.


Blackmail the leaders into doing your bidding.  Last I checked, Theo 
isn't married, so he doesn't have to worry about a leak of him with his 
mistress.  I suspect that Theo wouldn't cave if someone were to reveal 
he used the services of ladies of the night.  (For the record, I'm just 
making up scenarios here, I have no idea what he does in his private 
time, other than cycling.)


The other thing to consider is that I don't think many people in the 
OpenBSD community would give a shit if Theo did questionable things in 
his private life.  I'm not interested, and I doubt any serious person 
would be.  I simply look at the work he does.  The dedication and quality.


*Everyone* has secrets, period.  Nobody wants cameras in their bedrooms 
or bathrooms.  (Canada had a Prime Minister in the 70s by the name of 
Pierre Trudeau, that said quite clearly that the state has no business 
in the bedrooms of the nation.  He made plenty of mistakes, but he got 
that one dead right.)  What would Theo's (fictional!) indiscretions, or 
any other dev's indiscretions, have to do with OpenBSD development?  
Nothing.


However, not everyone thinks that way, so I think one of the simpler 
ways to attack OpenBSD is to discredit the project (IPSec), and 
discredit the project leader (fake twitter bullshit).  This demoralizes 
the funding base.  It scares people away, whether they are existing 
users or potential users.  Some say there's no such thing as bad 
publicity.  I beg to differ.


Theo needs to continuously refute the bullshit with truth and honesty, 
standing on his body of years of dedication and work. Given his status, 
I'm sure that would be a full-time task in itself.  Perhaps a PR firm 
using OpenBSD could donate some work in that area, to give back.  (I 
realize that's wishful thinking, but you never know..)


I'm sure Sun Tzu could read more into this, but he's dead.  One of his 
principal tenets was know your enemy, and thanks to Snowden et al., we 
have seen the enemy, they are legion, and include the NSA. Now we know 
much more about them, their tactics and methods.  Again, he is a hero.


I'd laugh if his future leaks were titled To: NSA; Subject: From Russia 
with Love. :)


--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 20:42, thornton.rich...@gmail.com wrote:

I love OpenBSD, seriously, and developers of it are clearly geniuses. And
any chance I get I promote it.


Excellent, and I applaud you for that.

You should take a look at the papers/presentations the devs have given.  
The stuff Theo wrote on W^X was mind boggling.  Over my head, but I got 
the gist.  I'm not going to find the ones I'm thinking of (it's been a 
while since I read them), I'll leave that as an exercise for the 
reader.  You'll find plenty of mind-blowing stuff.


(Ok, I can't resist.  I'll link to one particular page that's really 
easy to understand: 
http://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp3.html. 
Maybe another, this is from 2005, and I nearly lost my mind: 
http://www.openbsd.org/papers/ven05-deraadt/index.html)


I don't mean to single out Theo, but he started this thread, so he 
remains the focus.  You should read the stuff the other devs have 
written, it's all excellent stuff.  The genius shines through.



Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE
network.


All I can say is, I hope you don't do anything private with your 
device.  You have two /proven/ weak points in your hand.  Anything 
HTTPS/TLS/SSL on your handheld is probably moot, but I'd still use 
crypto anyway. :)  Convenience comes with a price.


And Richard, thanks for sharing your thoughts.  It adds to the balance.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 22:35, Indunil Jayasooriya wrote:

My favourite O/S is also OpenBSD. Theo and his guys protect the world. so
they are naturally protected.


Almost, but not quite.

Theo actually has a devoted core of followers around the globe, highly 
trained in gung-fu, krav maga, and ninjitsu.  They fight to kill.


Meetings take place on a secret, members-only OpenBSD-powered web 
server.  One word, and a problem can be solved, anywhere, any time.  
Or so I hear...


So yes, he and his fellow devs are protected, while they protect the world.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/08/13 22:44, Benjamin Heath wrote:

Adding to your previous thoughts, it became clear to me some years ago that
the best way to gather information on someone is to find information which
they've volunteered.


The US Army, namely D/arpa and the Navy, invented the Internet and onion 
routing.


I can't believe they didn't invent such a clever way to extract 
information before MySpace/Facebook did.



Facebook and other social networks have a space to select your religion,
sexual identity, location, school, work, and contact information. Much of
this information can be selected from existing lists. Supplying this
information hands it into the realm of Facebook apps with permission to
access that information, too.

But, people have given up this information. They weren't even paid or
coerced. Why so naive?


I think P.T. Barnum said something about that.

People like free stuff. They think they are using a product for free. 
They don't realize *they* are the product.


I don't have a Facebook account. I have a G+ account (by way of having a 
gmail account for mailing lists) with a picture of my cat, and no 
information about myself except links to my website.



But that's just it, isn't it? People are naive. They go to public schools
where they are taught to accept what is popular and reject all else, and
that's where much of it starts. Computers must run Windows. If you want to
be different, buy a Mac. Programs must be big and graphical with plenty of
room for error. Why have it any other way?


So far as I understand it, kids often aren't being taught the course 
material. They're being taught the test. That is, the standardized 
evaluation tests for each subject. It inflates test scores to 
acceptable limits.


The ability to think, critically, isn't being taught at all. You have 
kids walking out of school thinking crap like Intelligent Design is 
plausible, and that the earth really is only 6000 years old. Darwin's 
ideas are just theories, but fail to realize gravity is just a 
theory too. Stand on a 10th floor balcony, and test out that just a 
theory.


Why would kids do such silly things as read books, when they have 
summarized versions online that they can skim over while they're waiting 
for their tweet/facebook update to be replied to. After all, it is the 
most profound 130 character message ever written.



I have also noticed that the news is saying what is and isn't common sense
now. They use this term as a backhanded directive, as if to say, Of course
it is so, this is common sense. In fact, common sense is a little more
inquisitive than that, and common sense would actually have it that you
don't trust everything you hear.


I read it on the Internet, therefore it must be true.

99% of the news people digest daily is spoon fed to them by five 
megacorps that are more than happy to frame the narrative for you. 
People worship celebrities that are only famous because of their 
surnames or relatives, and spend their leisure time on the couch 
watching (un)reality TV shows.


TV crime shows, like CSI, get DNA results in minutes. They can pinpoint 
the bad guy, right down to the floor he's on, within seconds just from 
his IP address. Strong encryption is broken within seconds on a laptop 
computer. Firewalls are routinely hacked within minutes. Cases are 
always solved with conclusive proof.


Ask any prosecutor how her life in the courtroom has changed since 
CSI-type shows hit the air. Everyone on the jury is an armchair expert 
criminalist, and they get confused when cases aren't cut and dried, 
black and white.


The founding fathers of the US understood that an educated public, 
active in the political process, is a good thing.


Modern politicians understand that an uneducated, apathetic public is a 
better thing.



On topic and as a response to Theo, Twitter is a vehicle of passive
aggression and ad hominem attacks among other things. I blame Twitter for
the direction much of the Internet has taken. It is quick, it is short, and
that's how people are with other people. They are quick, and they are
short. And it seems a pretty weak attempt at disparaging your character.


I suppose twitter has its good uses, like during the Arab Spring, but by 
and large it's a time sink to read fluff. I wrote to someone earlier 
sharing my one and only tweet from three years ago. (I plagiarized Marco 
Peereboom.)


crap
*Scott McEachern* ‏@*scott_mceachern* 
https://twitter.com/scott_mceachern 24 Nov 10 
https://twitter.com/scott_mceachern/status/7477254057631744


Twitter is the stupidest fucking thing to happen on the Internet.
/crap

Like I said, you read it on the Internet, so it must be true.

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: Sorry OpenBSD people, been a bit busy

[Scott McEachern]

On 10/07/13 21:57, noah pugsley wrote:

Slander aside, pretty cool news. I do have one stupid question though,
what does the 'yy' in yycix stand for?


YYC is the International Air Transport Association airport code for the 
Calgary International Airport.  Eg. YYZ is Toronto's Pearson airport, 
London's Heathrow is LHR, etc.


I'd imagine they chose YYC to clearly indicate the IX location.

https://en.wikipedia.org/wiki/International_Air_Transport_Association_airport_code

--
Scott McEachern

https://www.blackstaff.ca

Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, 
kidnappers, and child pornographers. Seems like you can scare any public into allowing 
the government to do anything with those four.  -- Bruce Schneier

Re: php sending mail via sendmail

[Scott McEachern]

On 09/02/13 14:46, Stefan Sperling wrote:

On Mon, Sep 02, 2013 at 08:38:37PM +0200, Tony Berth wrote:

Dear group,

when trying different php based open source packages on a chrooted 5.2 box,
I was faced with the problem not being able to send email from their php
script. All the times I get following entry in the maillog:

  w...@example.com [x.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during
connection to MTA

Any help is much appreciated.

Try the femail-chroot package.



The problem there is that femail-chroot requires putting a shell into 
that chroot, which is something I personally avoid.  (Or am I being too 
paranoid?)


Tony, you might want to try using the pear-Mail package.  It makes 
things more complicated, but it doesn't require a shell in the chroot.


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Two questions.

[Scott McEachern]

Is it just me, or are the trolls around here getting more and more lame.

On 08/09/13 00:00, voic...@openmailbox.org wrote:

I got couple of questions for whom I can't find an answers,


You've obviously thought long and very hard.

I do not wish anything bad for Theo, I just need to be sure that there 
are others who could keep project going.


After running the OpenBSD project for over 20 years, I'm sure Theo never 
thought of that.  We all thank you for bringing it to his attention.


that OS they developing is powering most illegal things which you 
probably can't dream on?


I'm sure OpenBSD devs are ashamed that I use it to power my 
kitten-stomping, baby-mulching machines.  I'm also sure the people that 
make hammers and knives feel really, really bad too.



OpenBSD people could silently include trojan


I could win the lotto; gamma rays could destroy the planet; I could get 
hit by a bus.  That's why the source and commit logs are *not* available 
to the public, and the whole damn thing is proprietary. There is no 
possible way anyone could know what the devs are doing.



Thanks for reading.


No, thank-YOU for pointing out such things for the very first time.


To all that are reading, please let my lame attempt at humour be the 
first and only response. :)


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Two questions.

[Scott McEachern]

On 08/09/13 20:45, Theo de Raadt wrote:


What a bunch of worrying balony.

I have asexually reproduced a few times, and put the other copies of
myself in stasis.

In the event that I fall off a mountain or get attacked by group of
dogs in central Turkey, a copy is automatically brought out of statis
to continue to effort.

The process is so transparent, that you won't even know if it has
happened before...



Sarcastic imposters like you really get on my nerves.

--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

More /dev/sd* devices in default install.

[Scott McEachern]

Between various HDDs, RAID 1 arrays, RAID C arrays within, iDevices, USB 
sticks and any other stuff you can think of, I've found that the 
standard install of /dev/sd[0-9] doesn't have enough.  (I primarily use 
amd64.)


I don't mind creating the additional devices, which I often forget; 
that's not a big deal.


But I can't help wondering:

1)  In this day and age of increasing numbers of devices kicking around, 
how often do others run into this ceiling?  I'm currently using sd[0-12].


2)  What harm would it be to create sd[0-15] (or more) as pre-existing 
devices?


Just curious if it would be trivial and/or useful.

--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: OT: the term ``hackathon'' - even the U.N. does it

[Scott McEachern]

On 07/24/13 08:32, MERIGHI Marcus wrote:

cyber-attack

cyber espionage

cyber attack

cyber war games

cyber warriors
Cyber 9/12
Cyber Storm

cyber preparedness

cyber scenario
Cyber Storm

cyber threat
cyber attacks



Right now, there are a lot of drunk college students out there.

--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Compiler error building 5.3

[Scott McEachern]

On 06/05/13 05:01, John Tate wrote:

I am having trouble building 5.3, I ran cvs a second time just be to be
sure everything was right.


You are referring to -current, right?

Amd64 works fine, I don't know about i386.

OpenBSD 5.3-current (GENERIC.MP) #0: Wed Jun  5 04:14:56 EDT 2013
r...@elminster.blackstaff.ca:/usr/src/sys/arch/amd64/compile/GENERIC.MP


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Hackathon

[Scott McEachern]

As a person who was born and raised in Toronto, and currently lives a 
bit outside of the city, I wanted to extend a warm welcome to our 
OpenBSD hackathon guests!


I hope the major storm that happened last night, which caused some 
flooding complicating commutes, didn't inconvenience you too badly.


Please enjoy the city, and if you happen to read any local media, have a 
laugh.  We currently have a handful of local and provincial scandals 
unfolding, which if it weren't for the costs involved, would be almost 
as entertaining as the most recent troll on @misc. (Please don't feed 
the trolls.)


Have fun, and thanks for the work you're putting in.  Just out of 
curiosity, what is the focus of this hackathon?  I don't know what 
t2k13 means.


Cheers to all involved,

--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Hackathon

[Scott McEachern]

On 05/29/13 20:22, Kenneth R Westerback wrote:

On Wed, May 29, 2013 at 07:54:39PM -0400, Scott McEachern wrote:

Have fun, and thanks for the work you're putting in.  Just out of
curiosity, what is the focus of this hackathon?  I don't know what
t2k13 means.

t == toronto

2k == 2000

13 == 13



Sorry for not being clear.  I understood the 2k13 part, it was the t 
I was wondering about.  I feel a little dense for not putting the t 
with Toronto, which was also pointed out to me privately. Suddenly I 
feel like Homer Simpson. :)


So I guess it's a general hackathon then?  Please, no cute retorts or 
else I'll have to drive down there and buy a round.  And I *really* 
dislike driving back to the city.


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Order request unfulfilled

[Scott McEachern]

On 05/17/13 13:42, Salim Shaw wrote:

Perhaps someone could direct me to the appropriate person to answer
questions regarding my unfulfilled order request. In an effort to
promote and support the OpenBSD project, I order a T-Shirt almost a
month ago and have not received the order. I have sent two separate
emails to /aus...@openbsd.org/ and have not received a response as to
what has happen. I'm looking for a little help in trying to get some
answers for my order. If anyone of you guys has a different contact,
please provide so that I may have the issue resolved. Thanks for any
assistance.

Thanks again,



Assuming you ordered through the Computer Store of Calgary, (that is, an 
official site), be patient.  You'll get your stuff, just give it some 
time.  You didn't say where you're located or where you ordered from, so 
I can't really say much more.


Oh, except one thing.  They did screw up my order *once*, in the 
dozen-plus times I've ordered disksets + other stuff.  If you want a 
laugh, you can read about it in the archives here: 
http://marc.info/?l=openbsd-miscm=135292690910516w=2 and yes, I did 
eventually get my disksets, plus some bonus stuff for my trouble.  (To 
be honest, the only trouble, really, was my impatience.)


Who knows, Austin might be on vacation or something, but there are 
others that will take care of business.  Don't worry, you'll be fine. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: who is using obsd

[Scott McEachern]

On 05/13/13 17:28, Salim Shaw wrote:
OpenBSD is a server/router/network service OS, it's not designed for 
desktops. OpenBSD is the pre-eminent platform for Firewalling, IPsec, 
IPv6.
Trying to shove OpenBSD onto the desktop is the ultimate case of 
square peg/round hole.




You're quite a comedian.

However, don't give up your day job.

--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: Is fdisk, disklabel and newfs enough to reset an SSD

[Scott McEachern]

On 05/14/13 00:04, Clint Pachl wrote:
I would like to reinstall a fresh system on an SSD that contains an 
existing installation. From my limited knowledge of SSDs, I wonder if 
the drive controller may retain data from the old filesystem, 
unaware that there is a new filesystem put in place.


Is this a concern? If so, how does one reset a used SSD for optimal 
operation with a fresh install?




I've done a fresh install of OpenBSD over top of OpenBSD (and other 
OSes) many times across many SSDs and I've never had a problem.


But I'm not entirely sure what you mean...

1)  Do you mean your new installation will see files left over from a 
previous install?  No, it won't.


2)  Do you mean there could still be data residing on unused parts of 
the SSD?  Yes, it can happen.


SSDs have their own way of wear-leveling.  What the filesystem considers 
to be cylinder X, head Y and sector Z will probably not be the same 
*physical* cells on the SSD twice in a row.  That's not a function of 
the OS, but the SSD itself.


Do a little googling and you'll see what I mean:  There's no guaranteed 
way to erase an SSD.  I've read stories of people that have had SSDs 
crap out on them and instead of sending them back to the manufacturer 
for warranty repair/replacement, they just chuck them out and buy new 
ones.  Why?  Because there's no way to guarantee your private data has 
actually been erased.


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: xenocara build failure

[Scott McEachern]

On 05/14/13 00:15, Marco S Hyman wrote:

This is probably something stupid I'm doing, but I can't see it right this 
second.
Trying to build xenocara from sources pulled from 
anon...@anoncvs3.usa.openbsd.org:/cvs
as of about 60 minutes before sending this email message gives me

cc -O2 -pipe -I/usr/xenocara/lib/freetype/include 
-I/usr/xenocara/lib/freetype/builds/unix -I/usr/xenocara/lib/freetype/src/lzw 
-DFT2_BUILD_LIBRARY -c /usr/xenocara/lib/freetype/src/type1/type1.c -o type1.o
In file included from /usr/xenocara/lib/freetype/src/type1/type1.c:23:
/usr/xenocara/lib/freetype/src/type1/t1load.c: In function 'parse_private':
/usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
/usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: 'T1_PRIVATE' 
undeclared (first use in this function)
/usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: (Each undeclared 
identifier is reported only once
/usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: for each function it 
appears in.)
In file included from /usr/xenocara/lib/freetype/src/type1/type1.c:23:
/usr/xenocara/lib/freetype/src/type1/t1load.c: In function 'parse_dict':
/usr/xenocara/lib/freetype/src/type1/t1load.c:1871: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
/usr/xenocara/lib/freetype/src/type1/t1load.c:1871: error: 'T1_PRIVATE' 
undeclared (first use in this function)
/usr/xenocara/lib/freetype/src/type1/t1load.c:1872: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
/usr/xenocara/lib/freetype/src/type1/t1load.c:1873: error: 
'T1_FONTDIR_AFTER_PRIVATE' undeclared (first use in this function)
/usr/xenocara/lib/freetype/src/type1/t1load.c:1978: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
/usr/xenocara/lib/freetype/src/type1/t1load.c:1990: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
/usr/xenocara/lib/freetype/src/type1/t1load.c: In function 't1_init_loader':
/usr/xenocara/lib/freetype/src/type1/t1load.c:2047: error: 'struct T1_Loader_' 
has no member named 'keywords_encountered'
*** Error 1 in lib/freetype (bsd.lib.mk:37 'type1.o': @cc -O2 -pipe 
-I/usr/xenocara/lib/freetype/include -I/usr/xenocara/lib/freetype/...)
*** Error 1 in lib/freetype (Makefile:36 'build')
*** Error 1 in lib (bsd.subdir.mk:48 'build')
*** Error 1 in . (bsd.subdir.mk:48 'realbuild')
*** Error 1 in /usr/xenocara (Makefile:35 'build')

Any hints as to what I'm doing wrong?



I've seen this before.  After you rebuild your system, reboot. (Yes, in 
addition to after rebooting into the new kernel.)  Bet your problem will 
be solved.


--
Scott McEachern

https://www.blackstaff.ca

Those who would give up essential liberty to purchase a little temporary safety 
deserve neither liberty nor safety. -- Benjamin Franklin

Re: X (vesa) doesn't work with recent snapshot

[Scott McEachern]

On 04/16/13 10:07, Zoran Kolic wrote:

inteldrm(4) after KMS changes hangs my computer early at boot, so I have it 
turned \
off always. I've upgraded to snapshot of Apr. 8, and noticed that run in 
somewhat I \
would call a semi-hangup mode. No, it doesn't freeze a system or something 
like,  \
instead it shows nothing but black screen. I can switch to console, can even 
type my \
login/password blindly in xdm, then I can do ps on another vty, and see that it 
\
started a wm, but switching back to X again shows nothing but black screen. 
attached \
is Xorg.0.log

I stopped upgrading to newer snapshots, due to this post.
In my case, it is g550 with 2000 graphics. Similar to original
poster. What is status on this right now?
On modern intel chips it is known on freebsd not to go back to
console after startx, since it gives black screen. It is pos-
sible to type blind into the shell, but I avoid this. I su to
root and isue shutdown from that.
Best regards

Zoran



Can you install a new snapshot to a USB stick, boot the stick and test 
it from there?


--
Scott McEachern

https://www.blackstaff.ca

Re: smtpd relay

[Scott McEachern]

On 02/26/13 11:52, Gilles Chehade wrote:

Here's a schema I did of the layout a while ago:


Your diagram, with Charles, reminds me of a question I've always wondered:

What's with the name Charlie in a default install?  Just curious..

--
Scott McEachern

https://www.blackstaff.ca

Re: Security and ignorance from the major ISPs

[Scott McEachern]

On 02/14/13 18:20, Daniel Bertrand wrote:

I was wondering what your stance is about the constant hack attempts on 
machines on our ISP networks.. I see CONSTANT scanning for ports from all over 
the world, mostly from Italy, Russia, and China.


Everyone does.  You can find lists of IP ranges on a per-country basis 
on the 'net and block specific countries if you wish. However, unless 
you're running services open to the public (eg. web servers) there isn't 
much point.  (Even if you are, some would argue blocking by country is 
useless anyway.)



Every firewall/router product that I have purchased has been compromised so far.


Yes, pf on OpenBSD kicks ass.  pf ported to other OSes is always behind 
the times, sometimes way behind.



Is there really a secure, trustworthy adaptive filtering firewall configuration 
for each OS configuration out there?


When you're connected to the Internet, it's all about TCP/IP, which is 
OS agnostic.  What matters are the services you want to be accessible.



Most people who are on the net are completely oblivious and helpless when it 
comes to this constant trolling for access, they have no idea what to do to 
secure their machines.


Most (but not all) home routers (DSL modems) filter automatically which 
protects to some degree.  From there, your mileage will vary. But you 
are right that most people don't realize they are under constant 
attack.  (Try block log all to get the full picture.)



Shaw has neglected me and left me for dead when I ask for better control and 
protection from malicious attackers.


Like Ryan Freeman said on tech, you want the isp selectively blocking 
traffic for you?  i don't., you don't want your ISP filtering for you 
because then what you receive is at _their_ discretion, not yours.


Since you referred to Shaw, I take it you're in Canada?  I haven't dealt 
with Shaw, but I once tried Bell for a month or two a few years back and 
they most certainly do port filtering.  For example, I was unable to run 
my own mail server because they blocked port 25/smtp.


Your idea of left for dead is actually desirable if you want to 
control your own connection.  I left Bell and switched to Teksavvy 
because of it.  I didn't need Bell looking out for my best interests, 
thank-you very much.


If you want to discuss this further about your specific setup, please 
contact me privately.



What do I do to make sure I don't spend money on new hardware but get a PF configuration 
that I can trust besides block in all?

Are there published rulesets for Mac/Windows etc. that we can just drop into 
our pf.conf and /etc/pf.anchors/ directory?


A firewall ruleset is unique to each site.  You're going to have to 
build your own by looking at the pf FAQ 
(http://www.openbsd.org/faq/pf/index.html) and looking at examples. 
There is no one size fits all.  Your question is like asking I need a 
vehicle.  What should I buy?  However, like beck@ said on tech, block 
all is a good place to start.  After that it depends entirely on your 
_specific_ needs.


--
Scott McEachern

https://www.blackstaff.ca

Re: bootable OpenBSD USB stick from windows?

[Scott McEachern]

On 02/13/13 13:14, Hugo Osvaldo Barrera wrote:

On 2013-02-12 10:17, Scott McEachern wrote:
Oh for pete's sake, it's 2013. Go to your local computer store and 
spend (at most) $20 dollars on an optical drive. Install the damn 
thing on your Winbox, follow the many directions already posted here, 
and be done with it. It's not rocket surgery and optical drives 
really do come in handy. And they're dirt cheap. Or, save the $20 and 
install VirtualBox like people have suggested. Just end this stupid 
thread because you're talking in circles. 

$20 may sound cheap to you, but that's not cheap in every part of the
world, especially for a device you'll use only ONCE to install the OS.
It's 2013, and buying floppies/optical drives isn't the best of advices.


Right.  And an optical drive on a Windows box will *never* be used 
again.  And it could never be repurposed on another machine.  What a 
complete waste of money.  Silly me; bad advice.


Fine, $20 is the difference between him paying the rent or eating. I get 
it.  But like I reminded him, there are free options already suggested 
by the list and he's done what with that advice?




What's wrong PXE?



Nothing.  I had to use it earlier today myself on a machine with no 
CDROM that couldn't boot from USB.  (Sound familiar?)  But that's also 
assuming that his machine is capable of PXE, and the OP hasn't said 
anything about it.  (My bad, maybe he did and it's one of the messages 
in this thread I skipped.)


My point still stands:  He's been given advice six ways through Sunday 
on how to accomplish this task, both free and non-free, he's also been 
pointed to the archives and yet this thread lives on. Like I said, 
talking in circles now.


--
Scott McEachern

https://www.blackstaff.ca

Re: bootable OpenBSD USB stick from windows?

[Scott McEachern]

On 02/12/13 08:10, Heptas Torres wrote:

On 2/12/13, Jan Stary h...@stare.cz wrote:

On Feb 11 23:48:09, hepta...@gmail.com wrote:

On 2/11/13, christopher sasarak chris.sasa...@gmail.com wrote:

I had a similar situation with my laptop and found a solution in the
FAQ:
http://www.openbsd.org/faq/faq14.html#flashmemLive

Essentially what I had to do was boot from CD on the desktop system
(using
an ISO for the desktop system's architecture)

That assumes that my windows machine can boot from a CD which is not
the case (I have no CD-ROM neither on my windows machine nor on the
machine where I want to install OpenBSD).

I only have access to a windows machine to burn an iso image, do you

How do you do it then, exactly?


In case of Linux images with one of the tools I mentioned in one of my
previous messages.
-h



Oh for pete's sake, it's 2013.  Go to your local computer store and 
spend (at most) $20 dollars on an optical drive.  Install the damn thing 
on your Winbox, follow the many directions already posted here, and be 
done with it.


It's not rocket surgery and optical drives really do come in handy. And 
they're dirt cheap.


Or, save the $20 and install VirtualBox like people have suggested.

Just end this stupid thread because you're talking in circles.

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW

[Scott McEachern]

On 02/10/13 14:17, Alexander Hall wrote:

On 02/10/13 08:13, Scott McEachern wrote:


I could have sworn the man page for fsck(8) said something about rule #1
being don't panic, but I couldn't find it in there.  Must be somewhere
else.  So I didn't panic, watched a bit of TV and thought about it...


I'm pretty sure you're thinking about scan_ffs(8), which however 
suggests the following:


 1. Panic.  You usually do so anyways, so you might as well get it over
with.  Just don't do anything stupid.  Panic away from your
machine.  Then relax, and see if the steps below won't help you
out.
 2. ...

:-)

/Alexander



Ah yes, thanks for the reminder.

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy


Oddly enough, no.  The reason I find it odd is that in my script to ask 
for my password in rc.securelevel, the bioctl command uses DUIDs.  My 
rc.shutdown:


snip
umount -f /st7
umount -f /home

bioctl -d sd10
#bioctl -d 485a9f963f9cf9ea
#bioctl -d 485a9f963f9cf9ea.a

bioctl -d sd11
#bioctl -d 36d18f2cde909b01
#bioctl -d 36d18f2cde909b01.a
/snip

The commented lines are what I tried and found not to work.  Which kinda 
blows because if I change anything in the BIOS, the drives get 
renumbered so I pretty much *have* to use DUIDs.  (I have other OpenBSD 
installations and other OSes on other drives.)


This can get quite messy and I end up with roaming drive warnings:

# dmesg |grep sd[0-9]
sd0 at scsibus0 targ 0 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c500525bf426

sd0: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5005265ff15

sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5004a5baa2e

sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd3 at scsibus0 targ 3 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 
0/direct fixed naa.5000c5004a6e56f1

sd3: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct 
fixed naa.5e83a97ba7b2fd30

sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin
sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct 
fixed naa.500a0751032e95ec

sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin
sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct 
fixed naa.5000c50019d9277e

sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors
sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 
0/direct fixed naa.5000

sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b
sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd10: 666MB, 512 bytes/sector, 1365008 sectors
sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd11: 858476MB, 512 bytes/sector, 1758159312 sectors


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 15:06, Stefan Sperling wrote:

On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote:

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy

Oddly enough, no.

See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch.
It hasn't been committed yet because jsing didn't ok it. Perhaps he
will change his mind if we ask again nicely :)



Will do, but since I've only been running snapshots for ages, I'm going 
to have to get the -current sources against what's on the 5.2 CDs.  This 
is gonna take a while, but I'll test it out.


And thank-you, that patch will be quite useful for me. :)

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/09/13 15:06, Stefan Sperling wrote:

On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote:

On 02/09/13 03:09, Andy Bradford wrote:

Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100:


umount via DUID  does not work currently - this  will be fixed shortly
after the next release freeze has ended.

Will that  also include shutdown  of softraid  via DUID? e.g.,

bioctl -d DUID

Or is this not even possible?

Thanks,

Andy

Oddly enough, no.

See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch.
It hasn't been committed yet because jsing didn't ok it. Perhaps he
will change his mind if we ask again nicely :)



The patch applied cleanly, I rebuilt the system and rebooted.  All 
looked good.


Then I adjusted my /etc/rc.shutdown to this:

umount -f /st7
umount -f /home

#bioctl -d sd10  -- this was used before
bioctl -d 485a9f963f9cf9ea
#bioctl -d 485a9f963f9cf9ea.a

#bioctl -d sd11  -- this was used before
bioctl -d 36d18f2cde909b01
#bioctl -d 36d18f2cde909b01.a

and executed a reboot.

The bad news?  I got the same error as before:

syncing disks... done
sd3 detached
softraid0: I/O error 5 on dev 0x433 at block 16
softraid0: could not write metadata to sd3d
sd4 detached
rebooting...

at least I think that's what it said, it went by rather quickly.  I 
definitely saw the could not write metadata part.


At this point I figured no harm, no foul.  Was I ever wrong.

Upon reboot the system shit all over the place and dropped me to single 
user mode.  The offending partitions were /dev/sd8a and /dev/sd9a.  In 
my fstab, I have the following:


6be798121798a5a7.b none swap sw
6be798121798a5a7.a / ffs rw,softdep 1 1
6be798121798a5a7.d /tmp ffs rw,nodev,nosuid,softdep 1 2
6be798121798a5a7.f /usr ffs rw,nodev,softdep 1 2
6be798121798a5a7.g /usr/X11R6 ffs rw,nodev,softdep 1 2
6be798121798a5a7.i /usr/local ffs rw,nodev,softdep 1 2
6be798121798a5a7.h /usr/obj ffs rw,nodev,nosuid,softdep 1 2
6be798121798a5a7.e /var ffs rw,nodev,nosuid,softdep 1 2
e1d635ac777ed919.a /st5 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2
3131dc858bdefd32.a /st6 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2
darkon:/st1/ /st1 nfs rw,nodev,soft,intr 0 0

See the /st5 (e1d..919.a, aka sd8a) and /st6 (313..f32.a, aka sd9a) 
mount points?  Those are my two 3TB RAID1 volumes.  Or should I say, 
*were*.  You can see where this is going, right?


I used ed(1) to comment those lines out, rebooted.  Things seemed to 
come up normally and I figured I might have to fsck the big drives 
when oh *fuck*.  sd8 and sd9 no longer exist.


The tail end of my dmesg normally looks like this (before I added the 
crypto volumes):


softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b

Now it looks like this:

softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b

I didn't know what to wipe first, the sweat off my forehead or ... well, 
you get the idea.


I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 
and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the volumes 
(just like how I created them the first time around), and *hope like 
hell* I can get my shit back, but before I do that, I wanted to get your 
advice to ensure that's my best possible move.


Hey, you know, maybe it would be best if I reinstalled my previous 
snapshot (Feb7 I think) and use _that_ version of bioctl, no?


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW

[Scott McEachern]

On 02/09/13 22:16, Scott McEachern wrote:
I didn't know what to wipe first, the sweat off my forehead or ... 
well, you get the idea.


I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 
and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the 
volumes (just like how I created them the first time around), and 
*hope like hell* I can get my shit back, but before I do that, I 
wanted to get your advice to ensure that's my best possible move.


Hey, you know, maybe it would be best if I reinstalled my previous 
snapshot (Feb7 I think) and use _that_ version of bioctl, no?




I could have sworn the man page for fsck(8) said something about rule #1 
being don't panic, but I couldn't find it in there.  Must be somewhere 
else.  So I didn't panic, watched a bit of TV and thought about it...


If bioctl -d destroys my crypto partitions but yet they can be found 
upon reboot (with the appropriate bioctl command), wouldn't the same 
thing apply if bioctl somehow destroyed my RAID1 volumes?


I went back to the previous snapshot and with very sweaty hands I gave 
it a try, and yes, it does work.  Rerunning the RAID1 creation commands 
happily brought back both volumes.  I then brought back my crypto 
volumes and voila:


softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b
sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd10: 666MB, 512 bytes/sector, 1365008 sectors
softraid0: volume sd10 is roaming, it used to be sd11, updating metadata
sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct 
fixed

sd11: 858476MB, 512 bytes/sector, 1758159312 sectors
softraid0: volume sd11 is roaming, it used to be sd10, updating metadata

All is well. :)  I feel like I just got off a really wild rollercoaster 
and want to go back for more abuse.  With that said...


I'm going to try that patch again, only this time I'm going to try it 
out a little differently (more slowly, ahem) and see what's happening.  
I'm filled with self-doubt that *I* did something wrong, somewhere.  
Besides, my nerves are shot, so I couldn't sleep now if I tried.


I really want that patch to work, dammit.

--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 11:26, Joel Sing wrote:

On Sat, 9 Feb 2013, Jiri B wrote:

On Sat, Feb 09, 2013 at 02:56:47AM +1100, Joel Sing wrote:

While stacked softraid volumes generally work, they are not officially
supported (for a variety of reasons). The problem that you mention above
is due to the way that softraid volumes are shutdown - the shutdown order
is approximately the same as the order they are created. In your case
this means that sd3 gets shutdown before sd4, hence sd4 is unable to
write metadata to sd3. For the time being, in order to avoid the issue
you should disassemble the CRYPTO volume (sd4) before the RAID 1 volume
(sd3).


Shit, I forgot to mention that I already gave that a whirl by putting:

umount -f /st3 -- the mount point of the crypto volume

in /etc/rc.shutdown.  It makes no difference; I still get that 
warning/error.


I also tried:

umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume

and, curiously, it says that it's not currently mounted.  (Yet that's 
exactly how I mount it with bioctl in rc.securelevel, where it prompts 
me for the password.)  I've also tried doing it by hand (vs. 
rc.shutdown) and it still doesn't matter.


Any other suggestions?

Also, as I said I haven't lost any data thus far and other than seeing 
that message it works just fine.  Am I 1) just lucky so far (and will 
eventually not be so lucky), 2) is it just cleaning up after itself on 
reboot (my rc.securelevel script runs an fsck -p on the volume before 
mounting it), or 3) is it actually working but just not very pretty?



Would stackable softraid volumes work in near future or is it big
problem as how softraid was designed?

Generally speaking they already work - there are just some caveats,
primarily relating to assembly and shutdown. Most of the issues are fairly
easily fixed or are at least solvable (the shutdown ordering should be
simple - I just need to move it up the priority list). That said, longer term
I would rather have disciplines such as RAID1C and RAID10 that handle the
stacking internally and allow for better operation and management.


With that approach (RAID1C) would that also work when the entire volume 
isn't encrypted, like in my case where only one partition of the HDD is 
crypto?


Either way, it sounds fantastic and having smooth RAID (esp. crypto) 
operations, l think, would be a huge feather in OpenBSD's cap.  I 
haven't tried full disk encryption yet, maybe on a test box one day, 
because I just don't need that overhead for every disk access.


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 13:00, Stefan Sperling wrote:

On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote:

Shit, I forgot to mention that I already gave that a whirl by putting:

umount -f /st3 -- the mount point of the crypto volume

in /etc/rc.shutdown.  It makes no difference; I still get that
warning/error.

I also tried:

umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume

and, curiously, it says that it's not currently mounted.  (Yet
that's exactly how I mount it with bioctl in rc.securelevel, where
it prompts me for the password.)  I've also tried doing it by hand
(vs. rc.shutdown) and it still doesn't matter.

Any other suggestions?

You have to destroy the softraid volume, too, in addition to unmounting
the filesystem. Running 'bioctl -d sd4' should do the trick.
You want to see 'sd4 detached' in dmesg before 'sd3 detached'.



Aha!  I gave that a shot and everything works *perfectly*.  No more 
ugly messages and I feel much better about the integrity of my data.


Thanks very much Joel and Stefan, your work and help has been invaluable!


Now, the fun begins:  I have two 3TB RAID1 volumes, with no encryption, 
on another machine (acting like an OpenBSD NAS box, really) at 65% and 
40% capacity (do the math..)  Because I was unsure of the crypto 
volume's integrity on this machine, stuff is rsynced to that machine.  
Now that I know to destroy the crypto volumes I get to do some juggling 
in order to create crypto partitions on those volumes.  This is gonna 
take a while. *laughs*


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 13:32, Paul de Weerd wrote:

On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote:
| Either way, it sounds fantastic and having smooth RAID (esp.
| crypto) operations, l think, would be a huge feather in OpenBSD's
| cap.  I haven't tried full disk encryption yet, maybe on a test box
| one day, because I just don't need that overhead for every disk
| access.

Full disk encryption works fine for me on the two systems where I run
it on. I found that most disk IO is to the FS I want crypted anyway,
so I thought let's not optimize the infrequent path and just went
FDE.  The only real downside is that it's currently lacking installer
integration, but doing those few steps by hand isn't exactly rocket
science anyway, so FDE is definitely my preferred aproach for my
(future) installs.

Paul 'WEiRD' de Weerd



What kind of hardware do you have powering those machines?  Besides, I 
don't use the crypto partition too often and I really should make it 
smaller (it's only at 17% capacity out of 1.4TB).


I should also run some simple benchmarks here to get a vague idea of 
what kind of overhead is actually involved on my own hardware.


--
Scott McEachern

https://www.blackstaff.ca

Re: softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

On 02/08/13 15:19, Paul de Weerd wrote:

Admittedly, these are pretty powerful machines.  And Antoine was
right, it's amd64 (I don't have i386 in real day-to-day use anymore).


I have a couple of P4s (no HT) running i386 (firewall, and my web/db 
server), but otherwise everything is amd64.



But here are the dmesgs for my office workstation and my laptop:

--- office workstation ---
OpenBSD 5.3-beta (GENERIC.MP) #27: Sun Feb  3 18:03:44 MST 2013
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8541622272 (8145MB)
avail mem = 8291753984 (7907MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec1b0 (83 entries)
bios0: vendor Dell Inc. version A08 date 09/19/2012
bios0: Dell Inc. OptiPlex 9010
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT DMAR ASF! SLIC
acpi0: wakeup devices PS2K(S3) PS2M(S3) UAR1(S3) P0P1(S4) USB1(S3) USB2(S3) 
USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) 
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) 
RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) 
PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S0) EHC2(S0) XHC_(S0) HDEF(S4) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, 3392.85 MHz


Geez, that looks familiar... :)  My workhorse (not workstation since X 
doesn't work):


OpenBSD 5.3-beta (GENERIC.MP) #29: Thu Feb  7 19:31:06 MST 2013
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16851365888 (16070MB)
avail mem = 16380297216 (15621MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb410 (112 entries)
bios0: vendor American Megatrends Inc. version 0408 date 06/05/2012
bios0: ASUSTeK COMPUTER INC. P8Z77-V PREMIUM
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT MSDM BGRT
acpi0: wakeup devices PS2K(S4) PS2M(S4) P0P1(S4) PXSX(S4) RP01(S4) 
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) 
PXSX(S4) RP06(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) 
PEG3(S4) RP07(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) PWRB(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, 3606.12 MHz


So if your 3770 can handle it fine, mine probably can too. :)  I should 
also mention that I have three boot SSDs (various OSes, runs OpenBSD 90% 
of the time) plus the two big RAID volumes for data, so going FDE isn't 
entirely useful.


My workstation isn't too shabby either:

OpenBSD 5.2-current (GENERIC.MP) #20: Mon Jan 21 17:23:23 MST 2013
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12613910528 (12029MB)
avail mem = 12255641600 (11687MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f400 (68 entries)
bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) 
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) 
UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) 
UHC7(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.25 MHz

but again, the big volumes are just for storage and the OS/boot is also 
from an SSD.


I have a 3.2GHz P4 (with HT, so it's amd64) as a general server and it 
has a crypto volume.  I don't think FDE would fly quite so well on 
it...  I'd love for the web/database server to be FDE, but a 2.8GHz i386 
P4 would probably cry in pain.


The bottom line is that for the machines that are capable of FDE, I run 
an SSD/HDD split for the OS/data.  Not a lot of point in encrypting the 
OS for the sake of it, at least in my case.


--
Scott McEachern

https://www.blackstaff.ca

softraid RAID1 + CRYPTO error writing metadata

[Scott McEachern]

 16, 
version 1.0, legacy support
ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 6 int 16, 
version 1.0, legacy support

ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support
ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3c: SMI
iic0 at piixpm0
iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=22 0f=92 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600
spdmem2 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 
int 16

azalia1: codecs: VIA/0x0397
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci3 at ppb2 bus 3
re1 at pci3 dev 5 function 0 D-Link DGE-530T C1 rev 0x10: 
RTL8169/8110SB (0x1000), apic 6 int 20, address 5c:d9:98:ae:3c:7b

rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3
VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured
ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00
km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00
pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1
usb4 at ohci2: USB revision 1.0
uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1
usb5 at ohci3: USB revision 1.0
uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290
usb6 at ohci4: USB revision 1.0
uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhub7 at uhub0 port 4 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2
ugen0 at uhub2 port 3 APC Back-UPS ES 550G FW:843.K4 .D USB FW:K4 rev 
1.10/1.06 addr 2
uhidev0 at uhub4 port 3 configuration 1 interface 0 Logitech USB 
Optical Mouse rev 2.00/43.01 addr 2

uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd3: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd2a (27a551cc8502d62c.a) swap on sd2b dump on sd2b
softraid0: sd4 was not shutdown properly
softraid0: sd4 was not shutdown properly
sd4 at scsibus3 targ 2 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed
sd4: 1430793MB, 512 bytes/sector, 2930265808 sectors

--
Scott McEachern

https://www.blackstaff.ca

Re: pf blocking active connections

[Scott McEachern]

On 02/07/13 15:13, Martijn van Duren wrote:

Hello misc,

Today I watch the current connections on my small home server and I
noticed an unfamiliar ftp-connection. Upon inspecting the connection I
noticed it was a brute force attack, so I fired up my pfctl-utility and
tried to block the attack by adding the ip to my quick drop table.
After adding the ip to the table I noticed that the connection was still
happily active and even reloading my entire ruleset with pfctl
-f /etc/pf.conf didn't help, so I resorted to tcpdrop.

My question is, is it possible to destroy an active connection by
something like adding an ip to a drop quick table (did I miss a certain
flag?) or do I, in an event that something like this happens again,
always have to perform a two stage drop?

Sincerely,

Martijn



I've seen this before.  The attack continued because you have an 
existing state entry on the firewall that is allowing packets to continue.


Use 'pfctl -k (host)' to kill off existing states.

--
Scott McEachern

https://www.blackstaff.ca

Re: pf blocking active connections

[Scott McEachern]

On 02/07/13 15:31, Martijn van Duren wrote:

Thanks for all the quick responses, but if I understand you all
correctly there is no way to cut off an established connection by adding
an ip address to a blocked table, so I'm still left with my two stage
drop off the connection (both adding the the ip to the table and killing
the connection manually).

Martijn




Yes.  But it's not like it's hard to type pfctl -ef /etc/pf.conf  
pfctl -k 192.168.1.1 either. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/11/13 16:38, Paolo Aglialoro wrote:

sparc64 machine, a neglected typo in fstab while changing a disk mountpoint
and boom! - no boot :(




ed(1) isn't hard to use, but if you haven't used it in a while, as 
espie@ said, having another machine handy to hit the man page is 
useful.  Go play with ed(1) now when you aren't in panic mode to get a 
feel for it.


However, if you really feel the need to use vi, then do something like this:

1) use disklabel(8) to see what partition on your HDD contains the /usr 
partition.  vi(1) lives in /usr/bin, so I'm assuming you don't have 
/usr/bin/ mounted somewhere other than /usr.


Pretend it's on partition 'f' of sd0.  Let's also pretend your root 
partition is on 'a'.


2) #mount /dev/sd0a /
#mount /dev/sd0f /usr

If you run vi now, it'll bitch about your terminal type not being set, so:

3) #export TERM=vt220 (or whatever is applicable to you)

4) #vi /etc/fstab (fix your mistake(s))

5) #reboot

and you should be good.

Keep in mind, my workaround above won't always be there for you, so 
I'll say it again:  Go play with ed(1) now on a dummy file when you 
aren't in panic mode to get a feel for it.


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 07:25, Marc Espie wrote:

On Sat, Jan 12, 2013 at 07:17:25AM -0500, Scott McEachern wrote:

On 01/11/13 16:38, Paolo Aglialoro wrote:

sparc64 machine, a neglected typo in fstab while changing a disk mountpoint
and boom! - no boot :(



ed(1) isn't hard to use, but if you haven't used it in a while, as
espie@ said, having another machine handy to hit the man page is
useful.  Go play with ed(1) now when you aren't in panic mode to
get a feel for it.

However, if you really feel the need to use vi, then do something like this:

1) use disklabel(8) to see what partition on your HDD contains the
/usr partition.  vi(1) lives in /usr/bin, so I'm assuming you don't
have /usr/bin/ mounted somewhere other than /usr.

Pretend it's on partition 'f' of sd0.  Let's also pretend your root
partition is on 'a'.

2) #mount /dev/sd0a /
#mount /dev/sd0f /usr

If you run vi now, it'll bitch about your terminal type not being set, so:

3) #export TERM=vt220 (or whatever is applicable to you)

4) #vi /etc/fstab (fix your mistake(s))

5) #reboot

Did you actually test that ? vi wants /var/tmp rw as well...



Nah, just going from memory.  It's been a while.  However, the same 
logic applies:  Look at what partition /var is on and mount it too.


But thanks for illustrating my point:  It's just easier to learn a 
little ed(1) when not panicking in single-user mode.  I'm also assuming 
that his _only_ problem is a typo (or whatever) in fstab, otherwise 
things get more complicated. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 08:24, Paolo Aglialoro wrote:

Thank you Scott!

Your tutorial is really nice :)
I'll star it in my gmail.




Uhm, you're welcome.  Just FYI, it's bad form to reply to a private 
email onto a public mailing list.


I'm no ed(1) expert.  Since it's now on the list, maybe more experienced 
ed users can suggest more efficient ways to do things.


And like espie@ noted in a previous email, no I didn't test it out. 
Practise it for yourself to ensure there aren't any gotchas.. Like how I 
forgot that you will also want to mount /var/ since vi stores its 
recovery files in /var/tmp/.  Oops. :)


--
Scott McEachern

https://www.blackstaff.ca

Re: vi vs ed in bsd.rd - proposal

[Scott McEachern]

On 01/12/13 09:19, Paolo Aglialoro wrote:

Sorry for fwd ur mail in list Scott, didn't notice it was in pvt.

As for the tyre comparison, I agree with you Nick. Better getting your
hands dirty than being laughed at. Which is btw what I did in that nasty
event. But I also remember the cold sweat out of it.


I don't think anyone ever forgets their first time being dropped into 
single-user mode.  While it's a bit of a shocker, what really makes the 
blood run cold is when you realize there's no vi(1) to fix a borked 
config.  I think it was after the second time I screwed up my fstab that 
I broke down and learned the basics of ed.


The timing of you bringing this up is funny to me.  I have a build box 
that I've been screwing around with lately and sometimes I'll copy a 
handful of backup files from my old /etc/ directory onto the new 
install.  And of course I always forget to tweak the fstab.


In the last week alone I've found myself in single-user mode at least 
three times, only instead of fear/sweating, I'm kicking myself (while 
using ed(1) to fix my fstab) for forgetting again.



I mean, plus instead of versus, when space is enough, considering that
nowadays vi is a widespread standard too (can't think of a modern unix
distro without it), shouldn't be asking for the impossible :)
(basically not opening a race for I want this tool too, but reasoning
about an update of survival tools)



FWIW, I couldn't care less if vi(1) is added.  In fact, if it _does_ get 
added, I'll probably forget it's there and continue using ed(1) like 
normal anyway.


PS:  Good analogy Nick.

--
Scott McEachern

https://www.blackstaff.ca

Re: integrated graphics

[Scott McEachern]

 
0xba: msi

pci13 at ppb12 bus 58
ppb13 at pci8 dev 9 function 0 vendor PLX, unknown product 0x8608 rev 
0xba: msi

pci14 at ppb13 bus 59
em1 at pci14 dev 0 function 0 Intel PRO/1000 (82583V) rev 0x00: msi, 
address c8:60:00:cc:4b:65

ehci1 at pci0 dev 29 function 0 Intel 7 Series USB rev 0x04: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 Intel Z77 LPC rev 0x04
ahci2 at pci0 dev 31 function 2 Intel 7 Series AHCI rev 0x04: msi, 
AHCI 1.3

scsibus2 at ahci2: 32 targets
sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct 
fixed naa.5e83a97ba7b2fd30

sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin
sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct 
fixed naa.500a0751032e95ec

sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin
sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct 
fixed naa.5000c50019d9277e

sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors
cd0 at scsibus2 targ 4 lun 0: ASUS, DRW-24B1ST c, 1.05 ATAPI 5/cdrom 
removable
sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 
0/direct fixed naa.5000

sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin
ichiic0 at pci0 dev 31 function 3 Intel 7 Series SMBus rev 0x04: apic 
2 int 18

iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600
spdmem2 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 4GB DDR3 SDRAM PC3-10600
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
mtrr: Pentium Pro MTRR support
uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
ugen0 at uhub2 port 1 Broadcom Corp BCM20702A0 rev 2.00/1.12 addr 3
uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
uhidev0 at uhub3 port 1 configuration 1 interface 0 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev1: iclass 3/1, 8 report ids
ums0 at uhidev1 reportid 2: 16 buttons, Z dir
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0
uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0
uhidev2 at uhub3 port 1 configuration 1 interface 2 Logitech USB 
Receiver rev 2.00/12.01 addr 3

uhidev2: iclass 3/0, 33 report ids
uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0
uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0
uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0
uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors
sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors
root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b


--
Scott McEachern

https://www.blackstaff.ca

Re: integrated graphics

[Scott McEachern]

On 01/12/13 11:12, Peter Hessler wrote:

On 2013 Jan 12 (Sat) at 10:57:56 -0500 (-0500), Scott McEachern wrote:
:
:I also have an onboard Intel 4000:
:
:vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09
:

Just works.  I have no xorg.conf or any special configuration.


vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09





Hmm, exact same line in both our dmesg's.

Unfortunately, when I run #xdm, my screen goes blank and locks up.  My 
ssh connections are gone, the keyboard and mouse are dead so I can't get 
back to the console and I have to hard reset.  When I reboot, I find 
nothing in /root/.xsession-errors.


Running #X -configure causes a segfault, or so it says at the bottom 
of my Xorg.0.log (below).


It's too bad really, because this is a pretty sweet machine and I'd 
really like to use it as my primary work*station* instead of a 
work*horse*.  Although I haven't tried it lately (as in, the last few 
months), I have tried fooling around with a custom Xorg.conf with no 
success.


Methinks I'm just going to have to wait until either it starts to just 
work (I really don't care about acceleration) or KMS arrives.



[   803.243]
X.Org X Server 1.12.3
Release Date: 2012-07-09
[   803.243] X Protocol Version 11, Revision 0
[   803.243] Build Operating System: OpenBSD 5.2 amd64
[   803.243] Current Operating System: OpenBSD elminster.blackstaff.ca 
5.2 GENERIC.MP#13 amd64

[   803.244] Build Date: 07 January 2013  09:18:33AM
[   803.244]
[   803.244] Current version of pixman: 0.28.0
[   803.244]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[   803.244] Markers: (--) probed, (**) from config file, (==) default 
setting,

(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[   803.244] (==) Log file: /var/log/Xorg.0.log, Time: Sat Jan 12 
11:23:17 2013

[   803.244] (II) Loader magic: 0x10d932b53e0
[   803.244] (II) Module ABI versions:
[   803.244]X.Org ANSI C Emulation: 0.4
[   803.244]X.Org Video Driver: 12.0
[   803.244]X.Org XInput driver : 16.0
[   803.244]X.Org Server Extension : 6.0
[   804.095] (--) checkDevMem: using aperture driver /dev/xf86
[   804.095] (--) PCI:*(0:0:2:0) 8086:0162:1043:84ca rev 9, Mem @ 
0xf380/4194304, 0xd000/268435456, I/O @ 0xf000/64

[   804.096] List of video drivers:
[   804.096]apm
[   804.096]ark
[   804.096]ati
[   804.096]chips
[   804.096]cirrus
[   804.096]dummy
[   804.096]glint
[   804.096]i128
[   804.096]intel
[   804.096]mach64
[   804.096]mga
[   804.096]neomagic
[   804.096]nv
[   804.096]openchrome
[   804.096]r128
[   804.096]radeon
[   804.096]rendition
[   804.096]s3
[   804.096]s3virge
[   804.096]savage
[   804.096]siliconmotion
[   804.096]sis
[   804.096]tdfx
[   804.096]trident
[   804.096]tseng
[   804.096]wsudl
[   804.096]wsudl
[   804.096]vmware
[   804.096]vesa
[   804.096] (II) LoadModule: apm
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/apm_drv.so
[   804.097] (II) Module apm: vendor=X.Org Foundation
[   804.097]compiled for 1.12.3, module version = 1.2.5
[   804.097]Module class: X.Org Video Driver
[   804.097]ABI class: X.Org Video Driver, version 12.0
[   804.097] (II) LoadModule: ark
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ark_drv.so
[   804.097] (II) Module ark: vendor=X.Org Foundation
[   804.097]compiled for 1.12.3, module version = 0.7.5
[   804.097]Module class: X.Org Video Driver
[   804.097]ABI class: X.Org Video Driver, version 12.0
[   804.097] (II) LoadModule: ati
[   804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ati_drv.so
[   804.098] (II) Module ati: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 6.14.6
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: chips
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/chips_drv.so
[   804.098] (II) Module chips: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 1.2.5
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: cirrus
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/cirrus_drv.so
[   804.098] (II) Module cirrus: vendor=X.Org Foundation
[   804.098]compiled for 1.12.3, module version = 1.5.1
[   804.098]Module class: X.Org Video Driver
[   804.098]ABI class: X.Org Video Driver, version 12.0
[   804.098] (II) LoadModule: dummy
[   804.098] (II) Loading /usr/X11R6/lib/modules/drivers/dummy_drv.so
[   804.099] (II) Module dummy: vendor=X.Org Foundation
[   804.099]compiled for 1.12.3, module version = 0.3.6
[   804.099]Module class: X.Org Video

Diskset arrival today -- sort of (funny)

[Scott McEachern]

I pre-ordered the 5.2 disksets and four t-shirts on September 8th. I'm 
located just outside of Toronto, so there shouldn't be a problem with 
international shipping.


November 1st came and went, with no disksets or t-shirts in sight. Since 
the days of 2.8, I've always received the disksets before the release 
date.  I'm a patient guy, so it's no big deal.  (I've already downloaded 
the amd64 and i386 sets for my servers, and I run -current on my 
workstations, but geez, I'd really like to get my hands on those 
shirts... and the stickers!)


Today the OpenBSD package arrives.  Four new t-shirts, but no disksets 
(and no stickers, dammit!)


The packing list has five checkmarks made in pencil beside each item, so 
somebody made an oops.  Shit happens..


The funny part?  They mailed me the freaking pencil!  I never thought 
I'd buy a $50 pencil, but I guess I was wrong.  I laughed my ass off.


Wondering where my package was, I exchanged emails with Pam at the 
computershop.ca on Nov. 6th.  They were having some shipping issues, but 
she was *really* nice about it.  No joke, she was a real sweetie.


I've since emailed her again, and I'm certain this will eventually get 
sorted out, but until then I just had to share this story.


A pencil?  Seriously?  Hilarious!  I'm still laughing!

--
Scott McEachern

https://www.blackstaff.ca

Re: Calomel.org

[Scott McEachern]

On 07/26/12 03:53, Peter Laufenberg wrote:

Apparently calomel is full of bad and/or outdated advice for openbsd,
especially the sysctl tuning stuff.

Your best advice is to follow the official FAQ's on openbsd.org, and
read openbsd man pages to learn your techniques.

Maybe there needs to be a calomel faq on openbsd.org.

a rule that whoever gets a question answered on misc has to add an entry with 
the cleaned reply. It'd do wonders for misc's signal/noise because lazy fucks, 
retards and trolls would think twice before posting


That'll happen right after I'm done cleaning up the unicorn shit from my 
back yard.


You're not the first person to mention a wiki for OpenBSD, and look how 
well that turned out.


--
Scott McEachern

https://www.blackstaff.ca

Nitpick: typo in mv(1) man page

[Scott McEachern]

$ diff mv.1.new mv.1
79c79
 when the respective destination path is a non-empty directory,
---
 when the respective destination path is a non-empy directory,


--
Scott McEachern

https://www.blackstaff.ca

Re: Nitpick: typo in mv(1) man page

[Scott McEachern]

On 06/18/12 14:44, Scott McEachern wrote:

$ diff mv.1.new mv.1
79c79
 when the respective destination path is a non-empty directory,
---
 when the respective destination path is a non-empy directory,




Erm, sorry 'about that...

$ diff -u mv.1 mv.1.new
--- mv.1Wed Jun  6 14:22:11 2012
+++ mv.1.newMon Jun 18 15:11:35 2012
@@ -76,7 +76,7 @@
 In both forms, a
 .Ar source
 operand is skipped with an error message
-when the respective destination path is a non-empy directory,
+when the respective destination path is a non-empty directory,
 or when the source is a non-directory file but the destination path
 is a directory, or vice versa.
 .Pp


--
Scott McEachern

https://www.blackstaff.ca

Large (3TB) HDD support

[Scott McEachern]

 SDRAM PC3-10600
spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600
pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4
azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 
int 16

azalia1: codecs: VIA/0x0397
audio0 at azalia1
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci3 at ppb2 bus 3
D-Link DGE-530T C1 rev 0x10 at pci3 dev 5 function 0 not configured
VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured
ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, 
version 1.0, legacy support

pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00
km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00
pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00
usb2 at ohci0: USB revision 1.0
uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1
usb3 at ohci1: USB revision 1.0
uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1
usb4 at ohci2: USB revision 1.0
uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1
usb5 at ohci3: USB revision 1.0
uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290
usb6 at ohci4: USB revision 1.0
uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhub7 at uhub0 port 3 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2
uhidev0 at uhub5 port 1 configuration 1 interface 0 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub5 port 1 configuration 1 interface 1 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev1: iclass 3/1, 8 report ids
ums0 at uhidev1 reportid 2: 16 buttons, Z dir
wsmouse0 at ums0 mux 0
uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0
uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0
uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0
uhidev2 at uhub5 port 1 configuration 1 interface 2 Logitech USB 
Receiver rev 2.00/12.01 addr 2

uhidev2: iclass 3/0, 33 report ids
uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0
uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0
uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0
uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (6992ea307afaad04.a) swap on sd0b dump on sd0b


--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 15:13, Otto Moerbeek wrote:
Do a 'b *' command here, see the man page. That will make the whole 
disk available and the a command will do what you expect. -Otto


Thank-you Otto and others for your assistance, that did the trick!

I got both drives online, and set them up as a RAID 1 volume.  A little 
geek porn if I may (I've never seen anything quite like that before.  
Ha!  Until sthen@ posted his message):


# df -h /st4
Filesystem  SizeUsed   
Avail Capacity  Mounted on
/dev/sd3a   2.7T8.0K
2.6T 0%/st4


Some snipped dmesg:

sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd3: 2861588MB, 512 bytes/sector, 5860532640 sectors

Now I can lighten the load on some of my other drives. :)

On 06/01/12 15:27, Nick Holland wrote:

0/direct fixed naa.50014ee001cbd923
sd0: 476940MB, 512 bytes/sector, 976773168 sectors
sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3
0/direct fixed naa.5000c5004a6e56f1
sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors
sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3
0/direct fixed naa.5000c5004a5baa2e
sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors



Life is good.



Oh, indeed!  However, it'll take me at least a week to xfer my DVD stuff 
onto it...




A few words of warning...

* This really messes up your ability to multiboot, as non-OpenBSD OSs 
will think anything beyond the fdisk/MBR partition might be available. 
But then, most other OSs choke pretty badly at this point anyway.  may 
not be that big a problem.


I won't be multibooting this box any more.  (It was once a triple boot 
WinXP/Win7/OpenBSD machine.)  These days, I just buy really cheap used 
PCs for my occasional Windows needs.  Life is easier with cheap hardware 
than bothering with multiple OSes on one box.



* Lots of BIOSes that see 128G disks still won't let you boot from 
partitions higher than 128G.
* I haven't actually TRIED this.  I was planning on buying a 3TB disk 
to experiment on and update FAQ14...but just before I did, there was 
this little flood issue, and being a cheapskate, I didn't want to sink 
a lot of money into a drive I didn't really need quite yet (or more 
accurately, I need TWO of...)


I was in the exact same boat; I'm a cheapskate too.  I watched the same 
model drive double in price (about $180 CDN to about $400) overnight, 
and eventually they went down to $170.  I kept scratching my chin on the 
idea, and the last straw was when (yet again) if I wanted a file 
(typically a movie), I'd have to dig up the DVD.  I literally have 
hundreds of DVDs.  It's seriously inconvenient to buy blanks, burn the 
data, hope it hasn't degraded when you need it, load it back...  I 
figured Screw it, take the plunge.  I think you know what I'd 
recommend... :)



* Rebuilding the mirror will be a beast.
* you don't want to fsck a 3TB file system, 'specially if it is 
rebuilding the mirror at the same time, though with 12G RAM, you might 
be able to do it.


Nick.



I'm hoping luck will stay on my side and I don't have to rebuild any 
time soon.  And if things go sideways, which I always assume, I have 
other workstations I can use (that one just happens to be the 'best').  
Good eye on noticing the 12GB of RAM; I'm sure that will come in handy 
when things go wrong.  I'll be ordering a third 3TB drive as a spare, 
but in a while.  I don't want them all to be from the same batch.


I have a web server (Pentium 4) with two 40GB drives in RAID 1 as well, 
plus a spare in storage.  (Not a typo, 40GB.)  As you've written before, 
don't trust it, test it, so I pulled a drive, threw in my spare and let 
it rebuild.  I believe that took half a day.  I'm sure 3TB will be very, 
very ugly even on a machine considerably faster than a P4.


BTW, I'm nicely UPSed and have pretty reliable hydro where I live, but 
stuff happens.  That Pentium 4 with the 1.5TB drive only has 1GB of RAM, 
but I've been pleasantly surprised on the couple of times it's had to 
fsck the drive.  I believe it only took about 10 minutes for it to sort 
things out the last time, but it's pretty much read-only.



So thanks again folks for the advice!

--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 20:54, Christian Weisgerber wrote:

David Digglesda...@elven.com.au  wrote:


I fsck'd two 3TB filesystems yesterday with 512MB ram, on 5.1...
it took a while, but worked.

I just fsck'ed a 2.7TB filesystem in 1 minute, 43 seconds.
61% full, 447166 files.



What CPU and how much RAM?  SATA2 or 3?

--
Scott McEachern

https://www.blackstaff.ca

Re: Large (3TB) HDD support

[Scott McEachern]

On 06/01/12 19:18, Eric Furman wrote:

Looks like Nick and OBSD could use a Donation.
Anyone here in the community willing to step up
and donate a couple 3TB drives?
I would if I could so I understand if some people can't,
but I'm sure there are a few people out there.



I'm willing to step up.

Hopefully, between your post and mine, we can get people to look under 
their cushions for spare change. :)


I buy the CD sets and accessories like the rest of you, but honestly, 
it's been too long since I donated.  Time to fix that situation.


I could swing another 3TB drive, which is about $200 CDN, but not a 
pair.  It was going to be my spare for the RAID array, but hey, it's 
time to give something back.


My only question is whether the $200 for a 3TB drive is the best use of 
my donation.  Is a big HDD actually useful to anyone?  Would the money 
be better applied to something else that OpenBSD can use?  It strikes me 
as rather pointless to order another drive, pay for shipping (even 
though it's only about $8), have it arrive and then ship it to someone 
else.  (I'm sure my credit card company would be curious about why I'm 
buying something and having the goods shipped to a different address, 
possibly half-way around the world.)


Enough of my yapping.  I'm not interested in debating what's the best 
idea.  I'm sure Theo can figure that out.  Time to put up, and shut up, 
so I'm outta here.


Order number 2012/6/1-19:42:43-30258:
Your order currently is:
-  CDN $200.00 [DON] DONATION to the OpenBSD Project
-  Total: CDN $200.00 + Shipping.


Danke,

--
Scott McEachern

https://www.blackstaff.ca

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
I'm not familiar with nginx but in general, the crazy-simple 
explanation I can think of is that you're running from a chroot. So 
the daemon will look for files relative to its chroot. 


That's *hilarious*.

And of course, you're quite right.  It works perfectly fine.  Now, I can 
only hope it stays alive, unlike php-fastcgi...


Thanks Remco!

--
Scott McEachern

Re: A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

On 02/29/12 03:52, Remco wrote:
If the file on your file system is /var/nginx/html/who_is_online.php, 
a daemon chrooted to /var/nginx will see it as 
/html/who_is_online.php. If the daemon chrooted to /var/nginx should 
really see /var/nginx/html/who_is_online.php, the file should live in 
/var/nginx/var/nginx/html/who_is_online.php on your file system. Hope 
this helps. 


Oh, I just wanted to mention one more thing for the archives/google:

php-fpm takes on the chroot of the web server.

Ignore the php-fpm.conf documentation where it says Default value: not 
set and When this value is not set, chroot is not used.  Bah.  :/


--
Scott McEachern

A neat twist on nginx + php-fpm = no input file selected

[Scott McEachern]

sd0 at scsibus2 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed
sd0: 36985MB, 512 bytes/sector, 75745947 sectors
root on wd0a (383cb6009c765d64.a) swap on wd0b dump on wd0b


---
 Scott McEachern

Radeon 4200 and azalia audio problems

[Scott McEachern]

I recently upgraded to the most recent (Jan. 26) snapshot from a system 
built from source on Jan. 24th, with mixed results: (dmesg follows)


- Jan. 24th: using the xf86-video-ati-6.14.3.tar.gz driver from x.org, 
mplayer video output was jittery, like the driver couldn't keep up, but 
audio was fine[*1].  I got the your computer is too slow! message from 
mplayer (no, it isn't).


- Jan. 26th: Not using the 6.14.3 driver, mplayer output was the same as 
above.  With the x.org driver, mplayer video output is now fine, but 
there is a noticeable crackling/distortion during playback of some (not 
all) movie/TV files.  It sounds like the audio levels of the media files 
is too high, but audio was fine on these same files the other day.


[*1] - I'm not sure exactly when this popped up, only in the last week 
maybe, but now I can hear interference on the computer speakers during 
some (usually intense) HDD activity.  The connections are solid (no 
recent changes/moves), but now when there is no background noise in the 
room, the HDD squealing sounds are quite noticeable.


I just thought I'd let people know.  Any suggestions would be 
appreciated, and I'll keep trying new snaps as they are released.


- Scott

dmesg:

OpenBSD 5.1-beta (GENERIC.MP) #188: Thu Jan 26 15:00:02 MST 2012
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4023975936 (3837MB)
avail mem = 3902701568 (3721MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) 
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) 
UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) 
UHC7(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.23 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu4: DTLB 48 4KB entries fully 

Re: Narcicism?

[Scott McEachern]

On 12/01/11 02:28, John Tate wrote:

I think I've found a bug in the OpenBSD crowd. They bug the hell out of me
and my little mistakes.

I am not talking about people who actually have a solution, but I can't
seem to ask anything on this list without parrots coming along picking on
me. I think some people just hang out here because it's the most anal bunch
of hackers ever, in recorded history. What are your experiences?

Is it true that occasionally we attract people who either love bullying or
are just lazy and pretending to be one of the clever?

It just figures some of these people sit on the list, and email you poorly
researched crap with no answers contain.

If you hate a question, it truly doesn't belong, bug me.

But if you just can't answer a question, ignore it.

John Tate.

Note: Yes, it's not my list.



John, if you don't mind, I'll give you some advice:  Do your homework 
before posting to the list.  Your basic instinct is to click Send 
instead of thinking first.  I've lost count of how many of your posts 
were retracted by yourself, with a big oops, my bad or were replied to 
with RTFM-type responses.  I got a kick out of one retraction where you 
said something like Sorry, I was drunk.


You're obviously new here.  Sure, it's a tough crowd at times, but that 
only happens when people don't bother reading the FAQ, or the man pages, 
or trying things out for themselves.  A lot of people have asked 
stupid questions or said something dumb -- myself included -- and 
got painful responses.  I've had my share of facepalm experiences and 
had my ass handed to me plenty of times, but I deserved it.


But you know what?  I try to not make a regular occasion of it.  It 
seems you do.


I help a lot of people off-list, and I know for a fact many others do 
the same.  I've found through years of experience there are two kinds of 
people on this list: those that need a little help and pointed in the 
right direction, and those that need their hands held for every step.  
Guess which category I put you in?  And that's exactly why I've helped 
you a grand total of zero times.


Now you have the gall to come on this list and insult the people that 
are trying to help you.  I don't think there's anyone on this list that 
sits idly, waiting for an opportunity to pick on or bully someone.  
Get a grip, get some thicker skin, and most of all, RTFM first.


I guarantee that if you take my advice, you'll find this list to be a 
very, very valuable resource.  Remember, there is a difference between 
*reading* and *comprehension*.  Work a little harder on the latter and I 
think you'll find you won't be picked on.


Stop playing the victim.  You're not the first and it's old.

--
Scott McEachern

https://www.blackstaff.ca

Re: Narcicism?

[Scott McEachern]

On 12/01/11 10:25, John Tate wrote:

I'm 24 years old. I was a Linux hacker since I was 13. I am a bit of a guru
and do my own Kerberos and such on an all BSD/Linux network. OpenBSD and
Debian Linux. I love OpenBSD, I'm a bit weird because I use bash. I can put
up with being made fun of. At 13 I didn't just start learning Linux I
started learning C++ as well. I failed to apprehend it properly at that
age, but at an older age I relearned it well. I am the guru sort of guy, I
know a hell of a lot but I'm still connecting it and in that sense still
learning.



John, sorry to burst your bubble, but in your case it really must be done.

You are not a hacker.  Really.

You are not a guru.  Really.

You are a kid who is having a great deal of difficulty learning the 
basics.  You say you're 24, but I seriously doubt that, considering you 
cannot spell narcissism and cannot distinguish between apprehend and 
comprehend.  I think you are in dire need of a dictionary (I recommend 
Oxford).


John, you are a legend, but only in your own mind.  Your gun has no 
bullets; your pencil has no lead; your tree has no wood.


You have some miles to go beyond setting up basic NFS before you can be 
called a hacker.


This is a good start to your journey:

$ man man

Thanks for the laughs.  No reply is necessary.  Really.


--
Scott McEachern

https://www.blackstaff.ca

Re: Multi Link PPP support in Kernel

[Scott McEachern]

On 11/17/11 19:43, Stuart Henderson wrote:
wow, people really still use multilink? i remember it being a fair 
hassle on the lns side back when we did it with dialup... over here 
(UK) the few people doing this sort of thing use per-packet IP 
load-balancing these days. 


Over here (Canada; Ontario specifically), where Russell and I are both 
located, the copper is owned by Bell Canada, a private company.  They 
resell their bandwidth to independent ISPs, but *everyone* is stuck with 
the throttling that Bell applies during certain hours of the day.


You mentioned dialup.  Bell's throttle drops P2P traffic to the speed of 
a 56k modem, and to 28.8k during the most restrictive hours.


I can't speak to Russell's reasons for using MLPPP, but myself and many 
others that use independent ISPs use MLPPP to evade the throttle.  I 
don't know the technical details behind how it works, but it's currently 
the only way to get around Bell's throttle.  Most people use the 
Tomato firmware on their modems, but OpenBSD does it perfectly for me. :)


- Scott

Re: USB mouse

[Scott McEachern]

On 10/26/11 18:52, Zantgo wrote:

How I can run USB mouse?

Zantgo



Did you try formatting it first?

Re: USB mouse

[Scott McEachern]

On 10/26/11 20:05, Christiano F. Haesbaert wrote:

On 26 October 2011 20:52, Zantgozan...@gmail.com  wrote:

How I can run USB mouse?

Zantgo



It should work just by plugging it, have you tried ?



Oh that's just pie-in-the-sky craziness.

The next thing you'll be saying is that USB keyboards should just work.

Re: I can use snapshots packages in a release?

[Scott McEachern]

On 10/24/11 17:29, Zantgo wrote:

What happens is that usually we talk about unified and synchronized to the
manual, but I have not seen anything about the packages, then my question is,
I can use packet-release snapshots?, ie have my
PKG_PATH =.../snapshots/packages.

Zantgo



If you're asking if you can use -release packages with -current, then in 
a word, no.


If you are running -stable (which is -release + patches), you can use 
the precompiled packages or build them yourself.  (Note: packages for 
5.0 won't be available until after Nov. 1st, so if you get your CD set 
early, you either have to wait or compile them yourself.)  This info can 
be found in the FAQ.


If you are running -current from source, update the ports tree source at 
the same time and compile them yourself.  If you are running a snapshot, 
download the ports tree for that day and compile them yourself.  This 
info can be found in the FAQ.


Go read the freaking FAQ -- it's there for a reason -- instead of 
sending these silly emails.  Or better yet, do as others have suggested: 
install OpenBSD on a spare machine and play around.  Read the FAQ again 
and again before spamming the list (even) more, wasting everyone's 
time.  You are either dense or just not listening.

xf86 driver won't compile

[Scott McEachern]

I think I'm missing something obvious here, so a clue-stick beating 
would be appreciated.


In order to get applications like mplayer to work properly, I need to 
compile an ATI Radeon 4200 driver from x.org.  (Thanks to brynet for 
that tip.)  That used to work fine, but around mid-May it stopped 
compiling (details below).  The configure script output has this slight 
difference:


$ diff configure.ok configure.failure
88c88
 checking for LIBDRM_RADEON... no
---
 checking for LIBDRM_RADEON... yes
132c132
 Kernel modesetting:  no
---
 Kernel modesetting:  yes

so I think I'm missing something simple, but with my limited knowledge, 
I'm just not understanding it.  The driver compiles just fine when 
LIBDRM_RADEON is _not_ found, but craps out when it is found.  I don't 
get it.


Any help would be appreciated.


Make spits out this:

$ sudo make
make  all-recursive
Making all in src
  CC ati.lo
  CC atimodule.lo
  CCLD   ati_drv.la
  CC radeon_accel.lo
radeon_accel.c: In function 'RADEONHostDataBlit':
radeon_accel.c:866: warning: '__expected' may be used uninitialized in 
this function

  CC radeon_cursor.lo
  CC radeon_legacy_memory.lo
  CC radeon_driver.lo
In file included from radeon_atombios.h:151,
 from radeon_driver.c:77:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_video.lo
  CC radeon_bios.lo
In file included from radeon_atombios.h:151,
 from radeon_bios.c:42:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_mm_i2c.lo
  CC radeon_vip.lo
  CC radeon_misc.lo
  CC radeon_probe.lo
  CC legacy_crtc.lo
In file included from radeon_atombios.h:151,
 from legacy_crtc.c:48:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC legacy_output.lo
In file included from radeon_atombios.h:151,
 from legacy_output.c:49:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_textured_video.lo
  CC radeon_pm.lo
In file included from radeon_atombios.h:151,
 from radeon_pm.c:39:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_crtc.lo
In file included from radeon_atombios.h:151,
 from radeon_crtc.c:703:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_output.lo
In file included from radeon_atombios.h:151,
 from radeon_output.c:50:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_modes.lo
In file included from radeon_atombios.h:151,
 from radeon_modes.c:51:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_tv.lo
In file included from radeon_atombios.h:151,
 from radeon_tv.c:26:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC CD_Operations.lo
In file included from ./AtomBios/includes/Decoder.h:52,
 from AtomBios/CD_Operations.c:47:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC Decoder.lo
In file included from ./AtomBios/includes/Decoder.h:52,
 from AtomBios/Decoder.c:45:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_atombios.lo
In file included from radeon_atombios.h:151,
 from radeon_atombios.c:34:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

radeon_atombios.c: In function 'rhdAtomParseI2CRecord':
radeon_atombios.c:1608: warning: initialization from incompatible 
pointer type

  CC radeon_atomwrapper.lo
In file included from radeon_atomwrapper.c:33:
./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning
./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma 
warning

  CC radeon_dri.lo
  CC radeon_exa.lo
  CC 

Re: xf86 driver won't compile

[Scott McEachern]

On 07/20/11 11:06, David Coppa wrote:

I think you need to pass --disable-kms to ./configure



Thank-you David and Nigel!

That works perfectly, and I'm now (very happily) back to running 
-current.  (I'm currently compiling a bunch of ports, and waited until 
thunderbird finished before replying.)


I _knew_ I was overlooking something simple...  When it came to the 
configure script diff, I was paying attention to LIBDRM_RADEON and 
trying to include this and that, while kernel modesetting was the 
problem.  And to think, I _almost_ didn't paste those lines from the 
diff thinking they were irrelevant.


Thanks again guys,

- Scott

Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

I originally sent this message to misc@ on April 17/2011, but I never 
got a response and I can't find it in the archives.  (I found this copy 
in my sent mail).


I guess it never went through.  Since I never heard anything back, I 
figured I'd wait a while and see if the problem got corrected after the 
kernel hackathon finished.  (It didn't.)


I gave the most recent snapshot (June 29) a try, and the problem 
remains, so I'll try sending this again.  I haven't seen anything 
about this on the list since; surely I can't be the only person who has 
run into this.


My original message:


After some experimenting, I've discovered that userland ppp stopped 
working normally at some point between the March 24th and April 8th 
snapshots.


I've been using the same ppp.{conf,linkup,linkdown} files for 6 months 
now with 4.8-stable without any problems.  This weekend I decided to 
change firewall hardware and use -current, and the same configuration fails.


It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work 
just fine.  The next snap I have in my collection is Apr. 8th, and 
everything since then including Apr. 17th, fails.


Replication is simple:

- clean install, not an upgrade.  No customizing/tweaking anything.
- copy my known-good ppp.* files over
- up the interface my DSL modem is on
- adjust syslog.conf to allow ppp logging to /var/log/ppp.log
# ppp -ddial mlppp (config file below; normally this done from rc.local)

- with anything = Mar 24th, the connection works straight away
- with anything = Apr. 8th, the ppp process loops continuously trying 
to establish the connection


Looking at the log, the old version shows LCP: 2: RecvConfigReq, after 
which my MRU drops from 1500 to 1492, and the connection ultimately 
succeeds.  The new version only shows LCP: 2: SendConfigReq and the 
redial process loops until manually stopped.


Does anyone have any idea if my config needs adjusting, or have I found 
a bug?  The only variable is the version of -current I use, and the 
ppp(8) man page is the same.  Nothing to indicate that my config needs 
adjusting.


I'm not sure if the following log snippets show the proper information, 
so I'll wait for requests for full logs instead of spamming the list 
with a hugely long post.


Thanks,

- Scott


Log snippet from successful connection:
Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected!
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- 
Closed
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1500
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x48a3693d
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- 
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- 
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = 
Ack-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = 
Ack-Sent


Log snippet from unsuccessful connection:
Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier
Apr 17 

Re: Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

On 07/04/11 10:56, Stuart Henderson wrote:

On 2011-07-04, Scott McEachernsc...@blackstaff.ca  wrote:

I gave the most recent snapshot (June 29) a try, and the problem
remains, so I'll try sending this again.  I haven't seen anything
about this on the list since; surely I can't be the only person who has
run into this.

does this help?




It is now working perfectly, thank-you very much Stuart!  (Truth be 
told, I saw your commit on src, so I just did a cvs update vs. applying 
the patches by hand.)


They were applied against the known bad Apr 8th snapshot, but I'll 
confirm with -current when a new snap is released.


- Scott

Userland ppp stopped working between Mar24 and Apr8

[Scott McEachern]

After some experimenting, I've discovered that userland ppp stopped 
working normally at some point between the March 24th and April 8th 
snapshots.


I've been using the same ppp.{conf,linkup,linkdown} files for 6 months 
now with 4.8-stable without any problems.  This weekend I decided to 
change firewall hardware and use -current, and the same configuration fails.


It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work 
just fine.  The next snap I have in my collection is Apr. 8th, and 
everything since then including Apr. 17th, fails.


Replication is simple:

- clean install, not an upgrade.  No customizing/tweaking anything.
- copy my known-good ppp.* files over
- up the interface my DSL modem is on
- adjust syslog.conf to allow ppp logging to /var/log/ppp.log
# ppp -ddial mlppp (config file below; normally this done from rc.local)

- with anything = Mar 24th, the connection works straight away
- with anything = Apr. 8th, the ppp process loops continuously trying 
to establish the connection


Looking at the log, the old version shows LCP: 2: RecvConfigReq, after 
which my MRU drops from 1500 to 1492, and the connection ultimately 
succeeds.  The new version only shows LCP: 2: SendConfigReq and the 
redial process loops until manually stopped.


Does anyone have any idea if my config needs adjusting, or have I found 
a bug?  The only variable is the version of -current I use, and the 
ppp(8) man page is the same.  Nothing to indicate that my config needs 
adjusting.


I'm not sure if the following log snippets show the proper information, 
so I'll wait for requests for full logs instead of spamming the list 
with a hugely long post.


Thanks,

- Scott


Log snippet from successful connection:
Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected!
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login
Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- 
Closed
Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = 
Stopped

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1500
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x48a3693d
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- 
Req-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = 
Req-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRU[4] 1492
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  AUTHPROTO[4] 0xc023 (PAP)
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MAGICNUM[6] 0x4a64ebd8
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- 
Ack-Sent
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = 
Ack-Sent

Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  MRRU[4] 1485
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP:  SHORTSEQ[2]
Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = 
Ack-Sent


Log snippet from unsuccessful connection:
Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired.
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: carrier - login
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: login - lcp
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: FSM: Using 1 as a 
transport
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Initial 
-- Closed
Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Closed 
-- Stopped

Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: Connected!
Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: opening - dial
Apr 17 21:07:32 

Re: Is VPN initiation by traffic possible?

[Scott McEachern]

On 04/13/11 05:19, nemir nemirius wrote:

Hi,

One of my clients is a major bank.   We need to exchange data a few
times a day at different intervals,  and they're insisting that we
initiate the VPN on demand with relevent traffic.

It works from their end.  Tunnel is down, they send a ping,  first
packet is dropped as the tunnel is brought up,  subsequent traffic
reaches its destination.



It's called port knocking.  Google is your friend here.

Re: Is VPN initiation by traffic possible?

[Scott McEachern]

On 04/13/11 09:38, Randal L. Schwartz wrote:

Scott == Scott McEachernsc...@blackstaff.ca  writes:

Scott  It's called port knocking.  Google is your friend here.

And if you recommend or use port knocking, you're an amateur at crypto.
If adding 8 sniffable bits to your effective key length makes you
significantly more secure, you've lost the game already.



I'm not advocating it, but it is what he's asking about.

I should have added This is not a good idea, but I was hoping he'd 
figure that out by reading about it.


Nemir, you might want to go back and find out exactly what problem the 
bank is trying to solve with their idea.

Re: MAXDSIZ

[Scott McEachern]

On 03/30/11 19:18, Henning Brauer wrote:

* Amit Kulkarniamitk...@gmail.com  [2011-03-31 01:09]:

On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauerlists-open...@bsws.de  wrote:

* Amit Kulkarniamitk...@gmail.com  [2011-03-31 00:45]:

Nothing directly, just observing a comparison of default choice.
OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts
for another (bufcache close to 100%).

you are wrong.

where? please educate me.

your guess on the reasoning for the default is oh so wrong.

nuff said. have a beer or 13, relax and wait.
(and your 13 gonna be cheaper than one bjor here)



Gonna chime in that I'm quite curious as well.  Anyone else care to 
explain why?  My assumptions for why OpenBSD's bufcache percent being 
low are probably quite wrong.


And what are we readers to wait for, anyway?

Re: kernel panic after install reboot

[Scott McEachern]

On 03/27/11 19:21, Sha'ul wrote:


At the boot prompt I put bsd.rd and it probes and gives me the 
install options (I)nstall (U)pgrade (S)hell, I went to shell and dmesg 
worked, but how can I supply a copy of it here without net connection 
and without OS login capabilities?




FYI, trying to help you off-list results in this:

sh...@lavabit.com: host lavabit.com[72.249.41.52] said: 451 This user account
has been configured not to accept more than 10 messages per twenty-four
hour period. Please try again later. (in reply to RCPT TO command)


You may want to fix that.

Re: mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

On 03/26/11 12:11, Brynet wrote:

Hi Scott,

I have a Mobility Radeon HD 4200, indeed, xf86-video-ati in base lacks 2D/3D
XVideo acceleration.

Compiling a newer version of the radeon DDX driver works for me, trying the
obsolete radeonhd driver is also an option (..I found it unstable).

So far, 6.14.0 works.. 6.14.1 does not (X server segfaults).



Hi Bryan,

I tried the new driver you suggested and with light testing it works 
quite well.


For standard apps (firefox, thunderbird, amarok), and mplayer with 
regular def and HD it's just fine.  mplayer with 1080p is slow, but 
since I only have a handful of vids at that resolution, I'm not too 
concerned.


In other words, it's good enough and I'm far better off than I was 
yesterday, so thank-you very much for your suggestion! :D  Later, I 
might give 6.14.1 a shot just for giggles.

mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

 Hi,

I'm having an issue where video playback in mplayer is sluggish in 
full-screen mode with Radeon HD 4200 onboard video.  This applies only 
to -current, with either i386 or amd64.  In 4.8-stable (amd64 or i386), 
Mplayer is perfectly fine in either normal or full-screen mode on the 
same hardware.  x.org.conf, dmesg, xdpyinfo and xvinfo files are below.


Mplayer is the same version between 4.8 and -current, but the X.Org 
version goes from 1.8.2 to 1.9.3.  Googling for mplayer + x.org 1.9.3 + 
radeon hd 4200 doesn't yield anything useful, and the archives only 
offer tedu@'s post about using gl instead of x11 for Intel chipsets.


I've tried all vo= modes available, including x11, xv, gl and 
gl2.  x11 works best, but video playback appears to be somewhat less 
than 1.00 speed.  All frames appear correctly without any distortion, 
just slower than normal, as if the frame rate was lowered.  Audio is 
fine but out of sync, of course.


Has anyone else experienced similar problems / found solutions?  I can't 
find any setting in the man page that corrects this behaviour, but it's 
worth noting that for full-screen to work, the zoom=1 setting has to 
be enabled, even for -stable.


I'm out of gas on this.

- Scott


xvinfo for both -current and 4.8-stable only gives:

$ cat xvinfo.output
X-Video Extension version 2.2
screen #0
 no adaptors present


xorg.conf:

Section ServerLayout
Identifier X.org Configured
Screen  0  Screen0 0 0
InputDeviceMouse0 CorePointer
InputDeviceKeyboard0 CoreKeyboard
EndSection

Section Files
ModulePath   /usr/X11R6/lib/modules
FontPath /usr/X11R6/lib/X11/fonts/misc/
FontPath /usr/X11R6/lib/X11/fonts/TTF/
FontPath /usr/X11R6/lib/X11/fonts/OTF/
FontPath /usr/X11R6/lib/X11/fonts/Type1/
FontPath /usr/X11R6/lib/X11/fonts/100dpi/
FontPath /usr/X11R6/lib/X11/fonts/75dpi/
EndSection

Section Module
Load  dbe
Load  dri
Load  dri2
Load  extmod
Load  glx
Load  record
EndSection

Section InputDevice
Identifier  Keyboard0
Driver  kbd
EndSection

Section InputDevice
Identifier  Mouse0
Driver  mouse
Option  Protocol wsmouse
Option  Device /dev/wsmouse
Option  ZAxisMapping 4 5 6 7
EndSection

Section Monitor
#DisplaySize  450   280 # mm
Identifier   Monitor0
VendorName   HWP
ModelNameHP f2105
HorizSync30.0 - 94.0
VertRefresh  48.0 - 85.0
Option  DPMS
EndSection

Section Device
### Available Driver options are:-
### Values: i: integer, f: float, bool: True/False,
### string: String, freq: f Hz/kHz/MHz,
### percent: f%
### [arg]: arg optional
#Option NoAccel   # [bool]
#Option SWcursor  # [bool]
#Option Dac6Bit   # [bool]
#Option Dac8Bit   # [bool]
#Option BusType   # [str]
#Option CPPIOMode # [bool]
#Option CPusecTimeout # i
#Option AGPMode   # i
#Option AGPFastWrite  # [bool]
#Option AGPSize   # i
#Option GARTSize  # i
#Option RingSize  # i
#Option BufferSize# i
#Option EnableDepthMoves  # [bool]
#Option EnablePageFlip# [bool]
#Option NoBackBuffer  # [bool]
#Option DMAForXv  # [bool]
#Option FBTexPercent  # i
#Option DepthBits # i
#Option PCIAPERSize   # i
#Option AccelDFS  # [bool]
#Option IgnoreEDID# [bool]
#Option DisplayPriority   # [str]
#Option PanelSize # [str]
#Option ForceMinDotClock  # freq
#Option ColorTiling   # [bool]
#Option VideoKey  # i
#Option RageTheatreCrystal# i
#Option RageTheatreTunerPort  # i
#Option RageTheatreCompositePort  # i
#Option RageTheatreSVideoPort # i
#Option TunerType # i
#Option RageTheatreMicrocPath # str
#Option RageTheatreMicrocType # str
#Option ScalerWidth   # i
#Option RenderAccel   # [bool]
#Option SubPixelOrder # [str]
#Option ShowCache # [bool]
#Option DynamicClocks # [bool]
#Option VGAAccess # [bool]
#Option 

Re: mplayer video sluggish with Radeon HD 4200

[Scott McEachern]

On 03/25/11 19:47, Scott McEachern wrote:


dmesg:

OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011

sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP


Sorry, I posted the dmesg for a system with POOL_DEBUG disabled.  There 
is no dmesg difference between it and GENERIC.MP, but the diff is below 
anyway.  The problem remains the same.  This is using -current from 
anoncvs as of about two hours ago.


I also forgot to mention I've tried playback with -framedrop and yes, 
the video is in sync with the audio, but looks like crap with a bunch of 
frames missing.  Go figure. :)


- Scott


dmesg diff from previous message:  (the iic0 values change on every boot 
anyway)


 OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011
 
sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP

---
 OpenBSD 4.9-current (GENERIC.MP) #0: Fri Mar 25 20:56:58 EDT 2011
 
sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP

89c89
 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

---
 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 
0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 
16=2b 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 
23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 
06= 07=

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/14/11 21:06, Scott McEachern wrote:
The problem is that the kernel freezes when booting any of: bsd.rd, 
for either amd64 or i386, -current or 4.8-stable; any GENERIC kernel 
for amd64/i386 -current or 4.8-stable on an installed system. (partial 
dmesgs below).




My apologies for the delay:

A big thank-you to Jordan Hargrave (jordan@) for working with myself and 
Tero Koskinen and having a fully working patch within a day.  Impressive!


ACPI works perfectly in my testing with 4.9-current (amd64 and i386) on 
Pentium 4 and Asus/Phenom hardware.  As a bonus, it also works for the 
above hardware with i386/4.8-stable and amd64/4.8-release.


So thanks again Jordan!

- Scott

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/16/11 10:54, Tero Koskinen wrote:

I have exactly same motherboard with Phenom II X4. For me, it helps
when I disable acpi. (boot -c  disable acpi during the boot)



You know, I'd absolutely *swear* I tried that to no avail, but trying it 
again, I can get it to boot.


I have a funny feeling I went too quickly before and typed disable 
ahci by accident.


With acpi disabled for the test install of both 4.8-release and -current 
it didn't see all six cores and installed bsd.sp as bsd.  After fixing 
that manually it sees all cores.


Now I'll try a full install on the desired HDD, build the system from 
scratch and see how that goes.  If it works, I'll post a dmesg in a 
bit.  So far, it looks like everything will be fine but it does indicate 
there are still issues in the ACPI code.  But hey, at least it seems to 
work and is a lot better than a kernel hang and not having OpenBSD at 
all! :)


- Scott

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/17/11 18:22, Stuart Henderson wrote:


Modern machines *expect* to have the acpi code running, acpi controls
many aspects of the system including some methods to maintain correct
system temperature.



Absolutely.  Which is why this box, (once it has completed some build 
tasks for other machines), will be running -current in the hope that 
acpi works some day soon.  Either that, or I have to use FreeBSD until 
5.0 (and hope acpi works then), and I'm not too keen on that idea. ;)

Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 On 03/17/11 19:31, Jordan Hargrave wrote:

It looks like there is a bug in the AML on that particular system (the code is
being called in from the atk0110 driver).
bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO

Eventually the AML code tries to execute the following:
 Store (SMBU, Local5)
 While (Not (LEqual (And (Local5, 0x02), Zero)))
 {
 Sleep (0x64)
 Store (SMBU, Local5)
 }

It should be:
 While (LNot (LEqual (And (Local5, 0x02), Zero)))


The first code, the while loop is always true since they are using a bitwise
Not not a Logical Not.

So the issue is with that specific system/BIOS/AML.



If anyone has any patches they want tested, I'm more than happy to do so 
for both i386 and amd64. :)

amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo

[Scott McEachern]

 I bought some new hardware the other day, including an Asus M4A785TD-V 
EVO motherboard and an AMD Phenom II X6 1100T CPU.


The problem is that the kernel freezes when booting any of: bsd.rd, for 
either amd64 or i386, -current or 4.8-stable; any GENERIC kernel for 
amd64/i386 -current or 4.8-stable on an installed system. (partial 
dmesgs below).


I have a spare P4 and can easily swap the HDD between it and the new 
box, so I can install i386 or amd64 on it, and drop the drive into the 
new box to test.


Although I haven't a clue what most of the BIOS knobs actually do, I've 
tried fiddling with every setting I can, and I always get the same 
freeze.  The knobs I've played with include:


- ACPI SRAT table enabled/disabled
- Plug and Play OS No/Yes
- Suspend mode Auto/S1 (POS) only/S3 only
- ACPI 2.0 support enabled/disabled

If anyone has any suggestions, I'd love to hear them.  I'm dying to get 
my OS of choice working on this machine!


Since I have a spare box and can swap HDDs easily, I'm more than willing 
to work with anyone to test code in amd64 or i386-land in 4.9-current.  
I'm ready to freak out that my brand-new workstation won't run OpenBSD. :(


Below are (probably too many) hand-typed dmesgs in the hope that 
together they might help someone deduce what the problem is.


FWIW, I've just tried today's amd64-current snapshot (March 14) and I 
get the same results as with the March 2 snap shown below.



OpenBSD amd64/4.9-current installed on a P4, HDD moved to AMD box:

(off screen)
cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD
cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu4: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu4: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu5 at mainbus0: apid 5 (application processor)
cpu5: AMD
cpu5: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz
cpu5: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu5: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu5: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu5: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
(frozen)


bsd.rd for amd64/4.9-current (booted from a USB stick):

(off screen)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus 0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.17 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully 
associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully 
associative

cpu0: apic clock running at 200MHz
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins
(frozen)


bsd.rd for i386/4.9-current (Feb 16th):

(off screen)
t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: AMD Phenom(tm) II X6 1100T Processor (AuthenticAMD 686-class, 
512KB L2 cache) 3.32 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT

real mem  = 3219283968 (3070MB)
avail mem = 3159662592 (3013MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/18/10, BIOS32 rev. 0 @ 0xf0010, 
SMBIOS rev. 2.5 @ 0x9f000 (68 entries)

bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010
bios0: ASUSTeK Computer INC. M4A785TD-V EVO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus 0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X6 1100T 

Re: OT - gmail alternatives

[Scott McEachern]

 On 12/09/10 10:01, lh wrote:

Hi,

what are the good available alternatives (security/privacy) for gmail
you're using?

Cheers!



As many others suggested, using your own mail server that you control is 
the *best* way, but that doesn't answer your question.


I know people that use Lavabit.com for free email and they swear by it. 
(I use my own mail server, thank-you.)


The lavabit page boasts of privacy (a system so secure 
http://lavabit.com/secure.html that even our administrators cant read 
your e-mail) but you can never really know unless you're an admin 
there. They offer encrypted connections/ports to send/receive on top of 
port 25.


HTH,

- Scott

OT - secondary DNS recommendations

[Scott McEachern]

 It seems my free-as-in-beer secondary DNS service, EveryDNS.net, has 
abandoned WikiLeaks, so I'd like to return the favour.


Given the (general) support of WikiLeaks here, I was wondering if anyone 
could recommend a free alternative to replace EveryDNS.net?


I know how to use Google to find free alternatives, I'm looking for 
*recommendations* for a simple two-domain home network.


Thanks in advance,

- Scott

Re: OT - secondary DNS recommendations

[Scott McEachern]

 To the folks that replied on- and off-list with their 
_recommendations_ from personal experience, thank-you very much!  That's 
exactly what I was looking for.  I'm doing my due diligence and will 
investigate them all.


For the folks that replied with alternatives but no actual 
recommendation, thanks anyway. :)  At least you tried.


Regards,

- Scott

Re: help

[Scott McEachern]

On 11/08/10 06:40, Gaby Vanhegan wrote:

On 8 Nov 2010, at 11:33, Joe Warren-Meeks wrote:


On 8 November 2010 10:46, stevest...@crs.com  wrote:

help

I need somebody.

help...



Not just anybody.

Re: i386 and amd64 snapshots - kernel SHA256 mismatch

[Scott McEachern]

 On 10/15/10 20:29, Theo de Raadt wrote:


Another alternative is that I only do snapshot builds about every
2 weeks.  How's that idea?




A little off-topic, but now's as good a time as any to ask:

I sometimes see the snaps (or X) haven't been built for a few or more 
days, and I was just wondering why that is?


Is the build automated, or manually run?  I see the times are usually 
~2pm and ~10pm, Mountain time.


If I see a snap hasn't been built for a while, I'll usually hold off on 
updating the source because something major might be only part way 
complete.  I'll wait until a new snap, install (or update) it, then 
update the source and build.  Is this silly?


Don't get me wrong, I'm not complaining, I'm just wondering.

Re: FreeBSD isn't Free

[Scott McEachern]

 On 10/06/10 12:50, Theo de Raadt wrote:


Then you may be detained next time you attempt to travel
internationally.

You are free to stay at home, though.



I'm not trying to be a wise-acre here, I agree with Theo 100%.  I doubt 
anyone wants to be screwed by customs (anywhere) due to licencing 
issues.  I also don't doubt that customs would dig deep to find dirt 
if they really wanted to.


My question is: Has it ever happened to anyone?

Has anyone actually had a customs agent say Wait a minute, you're using 
/foo/ OS.  You can't be crossing our border.


No flames please; I'm just curious.  I realize the distinction here is 
between it not being possible (OpenBSD) and theoretically possible 
(FreeBSD).