npppd advice
:19:5b:68:91:20 eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5 xl0 at pci1 dev 10 function 0 3Com 3c900 10Base-T rev 0x00: apic 1 int 22, address 00:10:4b:d5:1a:fe ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST330630A wd0: 16-sector PIO, LBA, 29188MB, 59777640 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 ignored (disabled) ichiic0 at pci0 dev 31 function 3 Intel 82801EB/ER SMBus rev 0x02: apic 1 int 17 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets sd0 at scsibus1 targ 1 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd0: 29180MB, 512 bytes/sector, 59761208 sectors root on sd0a (2463a9a61e811c48.a) swap on sd0b dump on sd0b - I hope I'm not forgetting anything... TIA! -- Scott McEachern http://www.blackstaff.ca The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
Re: npppd advice
On 08/03/14 14:42, Stuart Henderson wrote: On 2014-08-03, Scott McEachern sc...@blackstaff.ca wrote: I'd really like to upgrade to 5.6/-current, but for my connection to work, I either have to abandon some features (MLPPP) with kernel-mode pppoe, or go with something completely new, like npppd. Not currently possible, npppd is server-side only and doesn't do MLPPP (or IPV6CP). That's what I was afraid of. Theo, is there any chance of putting userland ppp back in? I'm sure I'm not the only person out there that needs that specific functionality to stay online. I know you've said before that the code is horrible, there are too many pppoe options, but there are some people -- like me -- that are stuck without it. We just don't have a viable option. Please consider putting it back in. People like me still use and need it, and it's no hardship on your end. Please? -- Scott McEachern http://www.blackstaff.ca The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. -- George Bernard Shaw
segfault in netstat
Using the latest i386 snapshot (Nov8), running netstat as root causes a segfault. Earlier snaps may be affected, I'm just noticing this now. Running as a non-root user seems to be fine. # netstat -an Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 192.168.1.5.22 192.168.1.4.41282 ESTABLISHED tcp 0216 192.168.1.5.22 192.168.1.4.18447 ESTABLISHED tcp 0 0 192.168.1.5.22 192.168.1.4.21025 ESTABLISHED tcp 0 0 *.6000 *.* LISTEN tcp 0 0 127.0.0.1.587 *.* LISTEN tcp 0 0 127.0.0.1.25 *.* LISTEN tcp 0 0 *.22 *.* LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp 0 0 *.514 *.* Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp6 0 0 *.6000 *.* LISTEN tcp6 0 0 ::1.587*.* LISTEN tcp6 0 0 ::1.25 *.* LISTEN tcp6 0 0 *.22 *.* LISTEN Active UNIX domain sockets AddressType Recv-Q Send-Q Inode Conn Refs Nextref Addr Segmentation fault # netstat Active Internet connections Proto Recv-Q Send-Q Local Address Foreign Address (state) tcp 0 0 blackstaff.ssh 192.168.1.4.41282 ESTABLISHED tcp 0 0 blackstaff.ssh 192.168.1.4.18447 ESTABLISHED tcp 0 0 blackstaff.ssh 192.168.1.4.21025 ESTABLISHED Active UNIX domain sockets AddressType Recv-Q Send-Q Inode Conn Refs Nextref Addr Segmentation fault No core file seems to be left behind. Anyone else seeing this? -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: segfault in netstat
On 11/09/13 12:55, Jérémie Courrèges-Anglas wrote: Scott McEachern sc...@blackstaff.ca writes: Anyone else seeing this? Yup (fresh i386). Just to be clear, I was also using a clean install. Judging by the way it craps out at the unix domain sockets display, I'm guessing this commit is the culprit: *List:openbsd-cvs http://marc.info/?l=openbsd-cvsr=1w=2 Subject:CVS: cvs.openbsd.org: src http://marc.info/?t=9022420702r=1w=2 From:Philip Guenther guenther () cvs ! openbsd ! org http://marc.info/?a=12152454264r=1w=2 Date:2013-10-22 16:40:29 http://marc.info/?l=openbsd-cvsr=1w=2b=201310 Message-ID:201310221640.r9MGeTH7025102 () cvs ! openbsd ! org http://marc.info/?i=201310221640.r9MGeTH7025102%20%28%29%20cvs%20%21%20openbsd%20%21%20org [Download message RAW http://marc.info/?l=openbsd-cvsm=138246004827722q=raw]* CVSROOT:/cvs Module name:src Changes by: guent...@cvs.openbsd.org2013/10/22 10:40:29 Modified files: include: kvm.h sys/sys: sysctl.h sys/kern : kern_sysctl.c lib/libkvm : Makefile kvm_cd9660.c kvm_file2.c kvm_getfiles.3 kvm_ntfs.c kvm_private.h kvm_udf.c shlib_version usr.sbin/pstat : pstat.c usr.bin/fstat : fstat.c fstat.h fuser.c usr.bin/netstat: main.c netstat.h unix.c sbin/sysctl: sysctl.c lib/libc/gen : sysctl.3 Removed files: lib/libkvm : kvm_file.c Log message: - add UNIX-domain socket info to struct kinfo_file2 - convert netstat from kvm_getfiles() to kvm_getfile2() using that - delete kvm_getfiles() and KERN_FILE as no longer used (bump libkvm's major) - rename kvm_getfile2() to kvm_getfiles(), kinfo_file2 to kinfo_file and KERN_FILE2 to KERN_FILE. ok deraadt@, millert@ ports scan sthen@ I'd imagine it's being looked into. :) -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: segfault in netstat
On 11/09/13 15:05, Philip Guenther wrote: On Sat, Nov 9, 2013 at 10:24 AM, Scott McEachern sc...@blackstaff.ca wrote: I'd imagine it's being looked into. :) Yep. Just committed the fix. Thanks for the report! Philip Guenther Thanks very much for such a quick fix! I'll test it out when it hits the mirror I use. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Errors building system on i386-current
Using a clean install from the Nov. 8th i386 snapshot, I upgraded all sources and ran into this while building the system: Your select() operates on 32 bits at a time. Generating a list of signal names and numbers... Checking the size of size_t... Checking to see if you have socklen_t... socks.h NOT found. I'll be using ssize_t for functions returning a byte count. Checking the size of st_ino... Checking the sign of st_ino... Your stdio uses signed chars. Checking the size of uid_t... Checking the sign of uid_t... Checking the format string to be used for uids... Determining whether we can use sysctl with KERN_PROC_PATHNAME to find executing program... try.c: In function 'main': try.c:23: error: 'KERN_PROC_PATHNAME' undeclared (first use in this function) try.c:23: error: (Each undeclared identifier is reported only once try.c:23: error: for each function it appears in.) I'm unable to compile the test program. I'll assume no sysctl with KERN_PROC_PATHNAME here. Determining whether we can use _NSGetExecutablePath to find executing program... try.c:4:25: error: mach-o/dyld.h: No such file or directory I'm unable to compile the test program. I'll assume no _NSGetExecutablePath here. It appears we'll be able to prototype varargs functions. Which compiler compiler (yacc) shall I use? [yacc] assert.h found. fp.h NOT found. fp_class.h NOT found. gdbm.h NOT found. ieeefp.h found. libutil.h NOT found. mntent.h NOT found. net/errno.h NOT found. netinet/tcp.h found. poll.h found. prot.h NOT found. Guessing which symbols your C compiler and preprocessor define... tcsetattr() found. You have POSIX termios.h... good! stdbool.h found. stddef.h found. sys/access.h NOT found. sys/filio.h found. sys/ioctl.h found. You have socket ioctls defined in sys/sockio.h. syslog.h found. sys/mode.h NOT found. sys/poll.h found. sys/resource.h found. sys/security.h NOT found. sys/statvfs.h found. sys/un.h found. sys/utsname.h found. sys/wait.h found. ustat.h NOT found. utime.h found. vfork.h NOT found. Looking for extensions... Duplicate directories detected for extension B-Lint Configure cannot correctly recover from this - shall I abort? /usr/src/gnu/usr.bin/perl/Configure: .: ../UU/myread: not found *** Error 1 in gnu/usr.bin/perl (Makefile.bsd-wrapper:76 'config.sh') *** Error 2 in gnu/usr.bin (bsd.subdir.mk:48 'depend') *** Error 2 in gnu (bsd.subdir.mk:48 'depend') *** Error 2 in . (bsd.subdir.mk:48 'depend') *** Error 2 in /usr/src (Makefile:89 'build') Just thought I'd let you know. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
make release problem with -current
Anyone else running into this when running make release with -current? cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-main -Wno-uninitialized -Wno-format -Wstack-larger-than-2047 -fno-builtin-printf -fno-builtin-snprintf -fno-builtin-vsnprintf -fno-builtin-log -fno-builtin-log2 -fno-builtin-malloc -fno-stack-protector -Os -mtune=i486 -pipe -nostdinc -I../../../.. -I. -I../../../../arch -DSCSITERSE -DSMALL_KERNEL -DNO_PROPOLICE -DTIMEZONE=0 -DDST=0 -DFFS -DFFS2 -DEXT2FS -DNFSCLIENT -DCD9660 -DUDF -DMSDOSFS -DINET -DINET6 -DBOOT_CONFIG -DCRYPTO -DRAMDISK_HOOKS -DMINIROOTSIZE=0xf20 -DPCIVERBOSE -DMAXUSERS=4 -D_KERNEL -MD -MP -c vers.c ld -Ttext 0xD0200120 -e start -N --warn-common -nopie -S -x -o bsd ${SYSTEM_HEAD} vers.o ${OBJS} textdatabss dec hex 3982420 2045352 434916 6462688 629ce0 cp /usr/src/distrib/i386/ramdisk_cd/../../../sys/arch/i386/compile/RAMDISK_CD/bsd bsd cc -o rdsetroot /usr/src/distrib/i386/ramdisk_cd/../../common/elfrdsetroot.c /usr/src/distrib/i386/ramdisk_cd/../../common/elf32.c /usr/src/distrib/i386/ramdisk_cd/../../common/elf64.c cp bsd bsd.rd /usr/src/distrib/i386/ramdisk_cd/obj/rdsetroot bsd.rd mr.fs cp bsd.rd bsd.strip strip bsd.strip strip -R .comment bsd.strip gzip -c9n bsd.strip bsd.gz dd if=/dev/zero of=/var/tmp/image.11200 bs=512 count=5760 5760+0 records in 5760+0 records out 2949120 bytes transferred in 0.013 secs (226855385 bytes/sec) vnconfig -v -c vnd0 /var/tmp/image.11200 vnconfig: VNDIOCSET: Device busy *** Error 1 in /usr/src/distrib/i386/ramdisk_cd (../common/Makefile.inc:31 'cdrom54.fs') *** Error 1 in /usr/src/distrib/i386 (bsd.subdir.mk:48 'all') *** Error 1 in /usr/src/distrib (bsd.subdir.mk:48 'all') *** Error 1 in /usr/src/etc (Makefile:322 'distrib') snipped dmesg: OpenBSD 5.4-current (GENERIC.MP) #0: Tue Nov 5 21:05:57 EST 2013 r...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: AMD Phenom(tm) II X6 1100T Processor (AuthenticAMD 686-class, 512KB L2 cache) 3.32 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,SSE3,MWAIT,CX16,POPCNT,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,WDT,ITSC real mem = 3487690752 (3326MB) avail mem = 3418877952 (3260MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/23/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0x9f400 (68 entries) bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: make release problem with -current
On 11/05/13 22:29, Ted Unangst wrote: On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote: Anyone else running into this when running make release with -current? vnconfig -v -c vnd0 /var/tmp/image.11200 vnconfig: VNDIOCSET: Device busy Are you already using vnd0? No, not intentionally at least. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: make release problem with -current
On 11/05/13 23:02, Philip Guenther wrote: On Tue, Nov 5, 2013 at 7:33 PM, Scott McEachern sc...@blackstaff.ca wrote: On 11/05/13 22:29, Ted Unangst wrote: On Tue, Nov 05, 2013 at 22:18, Scott McEachern wrote: Anyone else running into this when running make release with -current? vnconfig -v -c vnd0 /var/tmp/image.11200 vnconfig: VNDIOCSET: Device busy Are you already using vnd0? No, not intentionally at least. So you've used vnconfig -l to see what it's currently bound to and... # vnconfig -l vnd0: covering /var/tmp/image.28401 on sd0e, inode 12 vnd1: not in use vnd2: not in use vnd3: not in use I'm not sure if that's from something earlier in the build process, or possibly from a failed build the other night. Either way, I'm going to just nuke it all, install from scratch, and see how that goes. I'll bet it will work just fine.. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Experiences with OpenBSD RAID5
On 10/18/13 07:31, Stuart Henderson wrote: On 2013-10-18, Scott McEachern sc...@blackstaff.ca wrote: Circumstances change, and I might be able to redeploy those HDDs as a RAID5 array. This, at least in theory, would allow the 18TB total to be realized as 15TB as RAID5, gaining me 6TB. even if softraid would rebuild raid5, I'd worry about additional disk failures before/during rebuild for a volume of this sort of size.. (especially given that rebuilding is not automatic with softraid). Follow-up: Thanks to all that replied publicly and privately, the information was most helpful. RAID5 can't rebuild, so that's a show stopper right there. However, now I understand why something I thought (at first) would be important has been left unwritten: RAID5 has its own lengthy set of problems. Like Stuart and others said, the potential for a secondary HDD failure causing a catastrophic failure to the entire volume is far greater than most people think. This link was given to me off-list, and it's worth the 60 seconds it takes to read: (It's short and to the point.) http://www.miracleas.com/BAARF/Why_RAID5_is_bad_news.pdf My primary goal with RAID is data integrity, with total capacity taking a back seat. As much as, in my case, 6TB seems like a rather large loss, the potential for RAID5 failure to gain that 6TB isn't worth it. Simply put, RAID1 (or even better, RAID10), is a superior course of action for data integrity. Assuming the numbers provided by CERN in that PDF are anywhere near accurate, it seems to me that using RAID5 is not only counter to the reason for RAID in the first place, but even reckless. Thanks again folks for the advice. I'm sticking to RAID1. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Experiences with OpenBSD RAID5
Status Size Device softraid0 4 Online 1603138224128 sd13RAID0 0 Online 3000592408576 4:0.0 noencl sd9a 1 Online 3000592408576 4:1.0 noencl sd11a This should be a 3TB RAID1 (sd9) + a 3TB RAID1 (sd11) = 6TB RAID0 (sd13), but I'm only getting 1.5TB, one quarter of what I should have. Yes, I used b to start at zero and * to use the whole disk. # newfs sd13a [snip] # mount -o rw,noatime,softdep /dev/sd13a /storage/raid10 # df -h Filesystem SizeUsed Avail Capacity Mounted on [snip] /dev/sd13a 1.4T8.0K1.4T 0%/storage/raid10 And that's how it stands. I guess RAID10, or stacking, or whatever you wish to call it, doesn't quite work just yet... Fun experiment, too bad it didn't work out. I'm all ears if anyone has a suggestion that can turn that 1.4T into a 5.6T. :D -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Experiences with OpenBSD RAID5
It wasn't planned this way, it just happened over time, but I ended up with a couple of machines with a few 3TB RAID1 volumes. As a result, around 18TB total (all HDDs are 3TB) is actually 9TB once RAID1'd. Circumstances change, and I might be able to redeploy those HDDs as a RAID5 array. This, at least in theory, would allow the 18TB total to be realized as 15TB as RAID5, gaining me 6TB. For now, I'm able to back up my RAID1 arrays to non-RAID HDDs. While this makes me nervous, I want to at least try creating a RAID5 setup to experiment on, with an eye to fully replacing RAID1 with RAID5. (6TB of lost capacity is nothing to sneeze at!) I realize the bioctl(8) man page says Use of the CRYPTO RAID 4/5 disciplines are currently considered experimental. However, I've been using RAID1 and CRYTPO in bootable and non-bootable configurations, including full disk encryption, quite happily for a while now. I've tested by removing drives, booting, rebuilding, etc., and I've never had a problem. So while the page may say experimental, I've found CRYPTO to be rock-solid thus far. I've never tried softraid's RAID5, so I have no idea if it truly is experimental, or solid like CRYPTO, or somewhere in between. So I ask my fellow list'ers for their experiences with OpenBSD's RAID5 implementation. (Yes, I'm running -current.) Does it work for you? Have you had any good experiences? Any bad experiences? Have you had to actually rebuild a RAID5 array? Can you add another drive to the array at a later time, or does the array need to be destroyed and rebuilt from scratch? Any questions I'm forgetting? I need to know about these things, from real-world use, before using RAID5 in the long-term. Also, in theory, with RAID5 you only lose one drive for the parity, hence my 18TB non-RAID = 15TB RAID5 math. Is this correct in practise with softraid? All stories are welcome, including private emails. Thanks, -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Experiences with OpenBSD RAID5
On 10/17/13 20:57, Nick Holland wrote: with the exception of the fact there's no code to rebuild a failed disk, works great. that's a pretty big exception for most people. :) Hmm. That would present a problem. Let me make sure I'm absolutely clear here: A RAID5 array with four disks. I notice via bioctl(8) that one has failed. I pull the failed disk and replace it with my cold spare. I cannot use bioctl -R to incorporate the new disk into the array. Correct? (BTW, I know for a fact it works properly with RAID1.) So basically, if a drive fails, the RAID5 array is permanently borked until completely recreated with a new array, meanwhile I'll be trying to back up my data somewhere else. you should be trying this stuff yourself. Doesn't matter if *I* can rebuild your array, it matters if YOU can. You don't have to practice on 3TB disks, you can practice on 10GB disks...though understanding the time required for 3TB disks would be wise. As you've often advised in the past, test it yourself. I plan on it, just to see what happens. BTW, I tried it once with a 3TB RAID1, and I believe it took two days, but I could be wrong and is hardware-dependent. Either way, it takes a /long/-ass time. other than a 3TB disk is closer to 2.75TB than 3TB, yeah the math works the same with softraid as it does with hw raid. Nick. Yes, sorry for not making clear I realize that. I didn't want to do the usable space, GB/GiB, TB/TiB dance. You know what I mean.., hopefully. Either way, while I have the opportunity, I'm going to create some RAID5 arrays of varying sizes, pull (fail) disks, etc., and just see what happens for myself. Experimenting is fun! Unfortunately, if RAID5 cannot rebuild anything, it's about as useful as a leaky screwdriver and RAID1 remains the only viable option on OpenBSD. Damn. Thanks Nick, as always you're a gem of a resource. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/09/13 05:08, Zé Loff wrote: (Quite) a few years ago, the Dutch government wanted to make sure everyone had a proper burial, according to each one's beliefs and rituals. So they asked people to state their religious beliefs. This is a good idea right? Everyone's wishes get respected even if you had no family or if your whole family died in an accident or fire or whatever. Besides, I've got nothing to hide, being insert your religion here is nothing to be ashamed of and I'm proud of my heritage. So the government made a nice list. And then a few years later Germany invaded the Netherlands. Point being, it's not naiveté. It's this whole I've got nothing to hide anyway, let them look / I am not that important mentality. People fail to realise that this is not about you having something to hide or not. It's about your right to hide something /if and when you want to/. Both of your last two posts, well said. Thanks for pointing out that it was the Netherlands that kept that data, and why. When I mentioned it earlier, I wasn't sure earlier if it was the Belgians or the Dutch, or why. Good to know, and remember. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
stopping kiddie porn, read my sig. I think he said that in 2006. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
be true, but keep in mind you are two degrees away from someone with (at least) secret clearance in SIGINT in the military, with the connection (me) being someone who /might/ have been looked into, or is actively watched. Also remember, the NSA /really/ loves to draw pretty pictures showing relationships/associations between people and organizations. Food for thought for everyone, but like I said, he doesn't care and won't think about it. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 16:36, Martin Schröder wrote: YYCIX is subject to canadian laws. It likely must have a lawful interception interface for the canadian police/whatever. Americans are subject to the highest law of the land: The US Constitution. You know, that document the President and damned near every government employee has sworn an oath to obey and protect. The NSA has broken that oath. Not long after the Snowden leaks started, the Director of National Intelligence, James Clapper, spoke before congress and explained what the NSA is up to, in an attempt to play down Snowden's revelations. Then more Snowden documents came out, proving that the DNI just /lied/ to congress. Curiously, he's not in jail, and is still in office. Lying to congress is an indictable offense, er, a felony offence in US legal-speak. Now here's another fun bit of trivia for you: The constitution outranks *all* other laws, like state, regional, municipal, etc. All except one: Foreign treaties. They hold equal rank to the constitution. Think about that, vis a vis foreign treaties with other intelligence agencies. The same applies in Canada with our Constitution and Bill of Rights. Lawful interception, you say? Subject to Canadian laws? Privacy laws? There are no privacy laws in either the US or Canadian constitutions; look it up. But we /do/ have treaties. Canada is a member of Five Eyes. Thank-you for proving my point. Nice treaties with the other members since 1948. Treaties that have equivalent legal weight to the constitutions of the respective countries. If you think our (Canadian) morally superior privacy laws, and our national/provincial privacy commissioners have any say in the matter, you're fooling yourself. A couple of weeks ago, John Tory, a very well-respected radio commentator (and former lawyer, former CEO of Rogers, former politician, etc.) on a respected AM talk radio station, interviewed a fellow who works deep inside the telecom industry. Sorry, I can't remember the chap's name. Tory asked the guy, So what ISPs are giving customer data to the government? The guy deadpanned, All of them. All of them are doing it. Of course, there's no actual proof of this at the moment, but given what Snowden has released so far, and what those documents indicate (eg. PRISM) I think this theory has moved from pure speculation to most likely status. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 16:41, Kevin Chadwick wrote: As I say I am far more concerned about 'modern' incompetent ISP's. Uncaring ISPs or ISP's that can only care about profit (and so advertising) or they are out of business and tasking them (perhaps to their delight) with layer 7 filtering which requires great care and expertise and arguably only securable passively which I am sure they will not be doing. This should certainly be stopped as it may give people with mostly evil intentions similar access as the NSA or just reduce reliability perhaps at a time when the net is needed most. Sounds like it was quite a bit of work though or was that mostly the resistance? Global government surveilance is not going to be stopped or the backbone avoided and atleast likely comes from mostly good intentions even if it is bound to be abused or infiltrated at times. History has demonstrated time and time over that it is the nature of government to keep and expand power at all costs. Surveillance states don't go away until a major upheaval takes place. Look at East Germany's Stasi, or the former USSR's KGB. Oh wait, that came back again with a new name, the GRU I believe. As I said in a previous post, it's most likely that the NSA is vacuuming up /all/ Internet data. Even if they aren't grabbing 100% of it, they're definitely getting the interesting bits. And that data is going to be stored forever. Even if your data is safely encrypted today, that data will be stored somewhere for pretty much eternity. In 20 years when supercomputers, or quantum computers, can make mincemeat of today's strong crypto, that data will be analyzed to predict the future by learning from the past. Even if you can pretend the US government of today, or any other government for that matter, is truly innocuous with the best intentions (ha!), that doesn't take into account the nature of future governments. Back in the pre-WW2 days, Belgium (or was it the Netherlands? I forget.) kept detailed census and medical data on their citizens, including their religious affiliation. It was useful data for a friendly government, never to be abused. Then WW2 happened, and Hitler's Nazis invaded. They found that data, especially the religion part, quite useful, and we all know how that turned out. The NSA has been playing this game not for years, but *decades*. The breadth of PRISM and other programs with names always written in caps is astounding. They, and other intelligence agencies, are /everywhere/. Routers and switches with backdoors from the US (like Cisco), China (Huawei), Russia and others. Splitters on backbone fiber, like Room 641A. Superfast computers that intercept HTTPS/SSL data using acquired private keys from friendly or coerced companies. Moxie Marlinspike demonstrated these techniques at a black hat conference in 2009, google for it. Sounds far fetched? Look at the revelation that LavaBit did indeed shut down because the FBI insisted on having their private keys, and installing a device on their network to intercept and decrypt the data. They originally were (allegedly) targeting just Snowden's account, but when the head of LavaBit declined, the FBI wanted the data for /all/ users. So he shut it down. Then Silent Circle shut down, and the list continues to grow. More food for thought? Go read Naomi Wolf's book The End of America. (https://en.wikipedia.org/wiki/Naomi_Wolf for a quick outline.) Don't have time to read it? Watch her youtube video (~48mins) of a speech given at the U of Washington in 2007. (https://www.youtube.com/watch?v=y8u-5gsZdgc, amongst others) Hopefully, it will make you think about the direction the US is heading. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
nonsense; house and be resonsible for your own data and security. Why on earth anyone or any company would trust a third party with their data is beyond me. Utter lunacy, to save a buck. And if you really /must/ use some cloud storage service, encrypt your data using a FOSS OS, again, preferably OpenBSD, before putting it out there. You don't know me, you shouldn't trust me (of course), so I suggest you do your own reading and homework. Bruce Schneier (google him) is a seriously respected cryptoanalyst in the industry, so start by reading his papers, articles and comments. Sometimes our Theo lets fly with a few interesting comments. Pay attention. He's a good man and fine leader; listen to him. I'd love to buy him some pizza and beer, and pick his brain for what he thinks is coming down the road. Unfortunately, Calgary is a three-day drive away for me, and I'm not silly enough to discuss such things via email. :) Remember, your security is *your* responsibility. It's now established that you cannot trust the government or any major US firms. Make that, any US firms, period. Schneier has written many papers on how poorly people evaluate risk, and risk assessment. Read up on those old papers through the lens of the Snowden revelations, and make your own decisions. I don't know what the future holds. My crystal ball is broken. I have my suspicions, and I'll bet more than a few of them will be borne out by future Snowden revelations. As long as known insecure OSes like Windows, (who cooperate with the NSA), run horribly insecure software, like anything from Adobe (Flash, Reader, Acrobat, Shockwave), Oracle (Java), or Apple (iTunes, QuickTime), continue to dominate the market, we're screwed. It just takes one 0wned end point, which the NSA is very specifically attacking, and the best encryption in the world falls down due to vulnerable end points. You sent emails with the tagline Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. BlackBerry/RIM, a Canadian firm located just a few hours west of me, bent over and grabbed their ankles for the Indian government, so that government had a back door into the secure BB devices. (Hey, wasn't proper security a big selling/marketing point for them? Oh yes, it was.) I wonder who else they've grabbed their ankles for? And Verizon? Ah yes, it's now been documented that they cooperate with the NSA too. So, like I said to my friend with his Galaxy smartphone: Enjoy! I'm sure you're not that interesting. Think. Read. Listen. Even to those you don't typically agree with. Listening to contrary views will help give you a balanced opinion and thought process. Look at the writing on the wall, that is, patterns. The patterns of history, wrt current patterns. Try. PS: I'm sure this is much to your consternation, but Ze was correct: Your post did validate my current sig. Which is sad, really. But you're off to a good /start/, you're using OpenBSD on at least some devices. (You are, right?) Thanks for listening, everyone. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/06/13 20:48, dera...@cvs.openbsd.org wrote: Now, why do I mention this in relation to OpenBSD? Well, at the end of 2007 someone decided to open an impersonation account on twitter in my name, and start sending a mix of things I have said (see wikiquote for instance), with things that I would never say. That account is http://twitter.com/theoderaadt A few notes: The account has now changed to declare that it is a parody account and renamed to Not Theo de Raadt, as of a few days ago. If you read back into the past, you will see true character of the account and the individual. People in the local community were directed to the account, to give a negative, if not slanderous, view of my character. The ones directing them have high-profile roles in the community, so people would take what they say as true. Since I am the network manager for the exchange equipment, this by extension was meant to hurt YYCIX. Why would stewards of important infrastructure projects deliberately spread such false stories? [...] Layers of hurt being thrown around. Why? I don't know, but I can guess. Probably the same reason that a year or two ago some crap came out trying to discredit OpenBSD's IPSec implementation: To discredit you, and OpenBSD as a whole. Like I said, I have absolutely no doubt the NSA has been keeping tabs on OpenBSD as a whole. Anything more than that is pure speculation on my part. You, and the project, are financially reliant on donations, so if you are discredited, those donations lessen, and the project falters. I'd bet money that the NSA would love to see OpenBSD go away. What other real options would someone, like the NSA but not necessarily them, or just them, have? Hack the OpenBSD servers? Good luck with that. OpenBSD is the gold standard in the hacker underground. I've heard hackers say that when they are looking for targets, they skip the OpenBSD boxes they find; a waste of time. (I don't know how true that is, so take it with a grain of salt.) Inject code? (Like was alleged in the IPSec situation.) Good luck. Commits are public, reviewed, audited, etc. Corrupt the project leaders, usually financially. Theo is an idealist. (I mean that in a good way, don't get me wrong.) If he wanted to make serious money, he could easily do so with his reputation, experience, and skill set. I wish anyone luck with corrupting Theo, or those he trusts, with money. I deeply believe that unlike psychopathic CxO-types, he's not in it for the money, or power. Blackmail the leaders into doing your bidding. Last I checked, Theo isn't married, so he doesn't have to worry about a leak of him with his mistress. I suspect that Theo wouldn't cave if someone were to reveal he used the services of ladies of the night. (For the record, I'm just making up scenarios here, I have no idea what he does in his private time, other than cycling.) The other thing to consider is that I don't think many people in the OpenBSD community would give a shit if Theo did questionable things in his private life. I'm not interested, and I doubt any serious person would be. I simply look at the work he does. The dedication and quality. *Everyone* has secrets, period. Nobody wants cameras in their bedrooms or bathrooms. (Canada had a Prime Minister in the 70s by the name of Pierre Trudeau, that said quite clearly that the state has no business in the bedrooms of the nation. He made plenty of mistakes, but he got that one dead right.) What would Theo's (fictional!) indiscretions, or any other dev's indiscretions, have to do with OpenBSD development? Nothing. However, not everyone thinks that way, so I think one of the simpler ways to attack OpenBSD is to discredit the project (IPSec), and discredit the project leader (fake twitter bullshit). This demoralizes the funding base. It scares people away, whether they are existing users or potential users. Some say there's no such thing as bad publicity. I beg to differ. Theo needs to continuously refute the bullshit with truth and honesty, standing on his body of years of dedication and work. Given his status, I'm sure that would be a full-time task in itself. Perhaps a PR firm using OpenBSD could donate some work in that area, to give back. (I realize that's wishful thinking, but you never know..) I'm sure Sun Tzu could read more into this, but he's dead. One of his principal tenets was know your enemy, and thanks to Snowden et al., we have seen the enemy, they are legion, and include the NSA. Now we know much more about them, their tactics and methods. Again, he is a hero. I'd laugh if his future leaks were titled To: NSA; Subject: From Russia with Love. :) -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 20:42, thornton.rich...@gmail.com wrote: I love OpenBSD, seriously, and developers of it are clearly geniuses. And any chance I get I promote it. Excellent, and I applaud you for that. You should take a look at the papers/presentations the devs have given. The stuff Theo wrote on W^X was mind boggling. Over my head, but I got the gist. I'm not going to find the ones I'm thinking of (it's been a while since I read them), I'll leave that as an exercise for the reader. You'll find plenty of mind-blowing stuff. (Ok, I can't resist. I'll link to one particular page that's really easy to understand: http://www.openbsd.org/papers/eurobsdcon_2013_time_t/mgp3.html. Maybe another, this is from 2005, and I nearly lost my mind: http://www.openbsd.org/papers/ven05-deraadt/index.html) I don't mean to single out Theo, but he started this thread, so he remains the focus. You should read the stuff the other devs have written, it's all excellent stuff. The genius shines through. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. All I can say is, I hope you don't do anything private with your device. You have two /proven/ weak points in your hand. Anything HTTPS/TLS/SSL on your handheld is probably moot, but I'd still use crypto anyway. :) Convenience comes with a price. And Richard, thanks for sharing your thoughts. It adds to the balance. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 22:35, Indunil Jayasooriya wrote: My favourite O/S is also OpenBSD. Theo and his guys protect the world. so they are naturally protected. Almost, but not quite. Theo actually has a devoted core of followers around the globe, highly trained in gung-fu, krav maga, and ninjitsu. They fight to kill. Meetings take place on a secret, members-only OpenBSD-powered web server. One word, and a problem can be solved, anywhere, any time. Or so I hear... So yes, he and his fellow devs are protected, while they protect the world. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/08/13 22:44, Benjamin Heath wrote: Adding to your previous thoughts, it became clear to me some years ago that the best way to gather information on someone is to find information which they've volunteered. The US Army, namely D/arpa and the Navy, invented the Internet and onion routing. I can't believe they didn't invent such a clever way to extract information before MySpace/Facebook did. Facebook and other social networks have a space to select your religion, sexual identity, location, school, work, and contact information. Much of this information can be selected from existing lists. Supplying this information hands it into the realm of Facebook apps with permission to access that information, too. But, people have given up this information. They weren't even paid or coerced. Why so naive? I think P.T. Barnum said something about that. People like free stuff. They think they are using a product for free. They don't realize *they* are the product. I don't have a Facebook account. I have a G+ account (by way of having a gmail account for mailing lists) with a picture of my cat, and no information about myself except links to my website. But that's just it, isn't it? People are naive. They go to public schools where they are taught to accept what is popular and reject all else, and that's where much of it starts. Computers must run Windows. If you want to be different, buy a Mac. Programs must be big and graphical with plenty of room for error. Why have it any other way? So far as I understand it, kids often aren't being taught the course material. They're being taught the test. That is, the standardized evaluation tests for each subject. It inflates test scores to acceptable limits. The ability to think, critically, isn't being taught at all. You have kids walking out of school thinking crap like Intelligent Design is plausible, and that the earth really is only 6000 years old. Darwin's ideas are just theories, but fail to realize gravity is just a theory too. Stand on a 10th floor balcony, and test out that just a theory. Why would kids do such silly things as read books, when they have summarized versions online that they can skim over while they're waiting for their tweet/facebook update to be replied to. After all, it is the most profound 130 character message ever written. I have also noticed that the news is saying what is and isn't common sense now. They use this term as a backhanded directive, as if to say, Of course it is so, this is common sense. In fact, common sense is a little more inquisitive than that, and common sense would actually have it that you don't trust everything you hear. I read it on the Internet, therefore it must be true. 99% of the news people digest daily is spoon fed to them by five megacorps that are more than happy to frame the narrative for you. People worship celebrities that are only famous because of their surnames or relatives, and spend their leisure time on the couch watching (un)reality TV shows. TV crime shows, like CSI, get DNA results in minutes. They can pinpoint the bad guy, right down to the floor he's on, within seconds just from his IP address. Strong encryption is broken within seconds on a laptop computer. Firewalls are routinely hacked within minutes. Cases are always solved with conclusive proof. Ask any prosecutor how her life in the courtroom has changed since CSI-type shows hit the air. Everyone on the jury is an armchair expert criminalist, and they get confused when cases aren't cut and dried, black and white. The founding fathers of the US understood that an educated public, active in the political process, is a good thing. Modern politicians understand that an uneducated, apathetic public is a better thing. On topic and as a response to Theo, Twitter is a vehicle of passive aggression and ad hominem attacks among other things. I blame Twitter for the direction much of the Internet has taken. It is quick, it is short, and that's how people are with other people. They are quick, and they are short. And it seems a pretty weak attempt at disparaging your character. I suppose twitter has its good uses, like during the Arab Spring, but by and large it's a time sink to read fluff. I wrote to someone earlier sharing my one and only tweet from three years ago. (I plagiarized Marco Peereboom.) crap *Scott McEachern* @*scott_mceachern* https://twitter.com/scott_mceachern 24 Nov 10 https://twitter.com/scott_mceachern/status/7477254057631744 Twitter is the stupidest fucking thing to happen on the Internet. /crap Like I said, you read it on the Internet, so it must be true. -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: Sorry OpenBSD people, been a bit busy
On 10/07/13 21:57, noah pugsley wrote: Slander aside, pretty cool news. I do have one stupid question though, what does the 'yy' in yycix stand for? YYC is the International Air Transport Association airport code for the Calgary International Airport. Eg. YYZ is Toronto's Pearson airport, London's Heathrow is LHR, etc. I'd imagine they chose YYC to clearly indicate the IX location. https://en.wikipedia.org/wiki/International_Air_Transport_Association_airport_code -- Scott McEachern https://www.blackstaff.ca Beware the Four Horsemen of the Information Apocalypse: terrorists, drug dealers, kidnappers, and child pornographers. Seems like you can scare any public into allowing the government to do anything with those four. -- Bruce Schneier
Re: php sending mail via sendmail
On 09/02/13 14:46, Stefan Sperling wrote: On Mon, Sep 02, 2013 at 08:38:37PM +0200, Tony Berth wrote: Dear group, when trying different php based open source packages on a chrooted 5.2 box, I was faced with the problem not being able to send email from their php script. All the times I get following entry in the maillog: w...@example.com [x.x.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Any help is much appreciated. Try the femail-chroot package. The problem there is that femail-chroot requires putting a shell into that chroot, which is something I personally avoid. (Or am I being too paranoid?) Tony, you might want to try using the pear-Mail package. It makes things more complicated, but it doesn't require a shell in the chroot. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Two questions.
Is it just me, or are the trolls around here getting more and more lame. On 08/09/13 00:00, voic...@openmailbox.org wrote: I got couple of questions for whom I can't find an answers, You've obviously thought long and very hard. I do not wish anything bad for Theo, I just need to be sure that there are others who could keep project going. After running the OpenBSD project for over 20 years, I'm sure Theo never thought of that. We all thank you for bringing it to his attention. that OS they developing is powering most illegal things which you probably can't dream on? I'm sure OpenBSD devs are ashamed that I use it to power my kitten-stomping, baby-mulching machines. I'm also sure the people that make hammers and knives feel really, really bad too. OpenBSD people could silently include trojan I could win the lotto; gamma rays could destroy the planet; I could get hit by a bus. That's why the source and commit logs are *not* available to the public, and the whole damn thing is proprietary. There is no possible way anyone could know what the devs are doing. Thanks for reading. No, thank-YOU for pointing out such things for the very first time. To all that are reading, please let my lame attempt at humour be the first and only response. :) -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Two questions.
On 08/09/13 20:45, Theo de Raadt wrote: What a bunch of worrying balony. I have asexually reproduced a few times, and put the other copies of myself in stasis. In the event that I fall off a mountain or get attacked by group of dogs in central Turkey, a copy is automatically brought out of statis to continue to effort. The process is so transparent, that you won't even know if it has happened before... Sarcastic imposters like you really get on my nerves. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
More /dev/sd* devices in default install.
Between various HDDs, RAID 1 arrays, RAID C arrays within, iDevices, USB sticks and any other stuff you can think of, I've found that the standard install of /dev/sd[0-9] doesn't have enough. (I primarily use amd64.) I don't mind creating the additional devices, which I often forget; that's not a big deal. But I can't help wondering: 1) In this day and age of increasing numbers of devices kicking around, how often do others run into this ceiling? I'm currently using sd[0-12]. 2) What harm would it be to create sd[0-15] (or more) as pre-existing devices? Just curious if it would be trivial and/or useful. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: OT: the term ``hackathon'' - even the U.N. does it
On 07/24/13 08:32, MERIGHI Marcus wrote: cyber-attack cyber espionage cyber attack cyber war games cyber warriors Cyber 9/12 Cyber Storm cyber preparedness cyber scenario Cyber Storm cyber threat cyber attacks Right now, there are a lot of drunk college students out there. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Compiler error building 5.3
On 06/05/13 05:01, John Tate wrote: I am having trouble building 5.3, I ran cvs a second time just be to be sure everything was right. You are referring to -current, right? Amd64 works fine, I don't know about i386. OpenBSD 5.3-current (GENERIC.MP) #0: Wed Jun 5 04:14:56 EDT 2013 r...@elminster.blackstaff.ca:/usr/src/sys/arch/amd64/compile/GENERIC.MP -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Hackathon
As a person who was born and raised in Toronto, and currently lives a bit outside of the city, I wanted to extend a warm welcome to our OpenBSD hackathon guests! I hope the major storm that happened last night, which caused some flooding complicating commutes, didn't inconvenience you too badly. Please enjoy the city, and if you happen to read any local media, have a laugh. We currently have a handful of local and provincial scandals unfolding, which if it weren't for the costs involved, would be almost as entertaining as the most recent troll on @misc. (Please don't feed the trolls.) Have fun, and thanks for the work you're putting in. Just out of curiosity, what is the focus of this hackathon? I don't know what t2k13 means. Cheers to all involved, -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Hackathon
On 05/29/13 20:22, Kenneth R Westerback wrote: On Wed, May 29, 2013 at 07:54:39PM -0400, Scott McEachern wrote: Have fun, and thanks for the work you're putting in. Just out of curiosity, what is the focus of this hackathon? I don't know what t2k13 means. t == toronto 2k == 2000 13 == 13 Sorry for not being clear. I understood the 2k13 part, it was the t I was wondering about. I feel a little dense for not putting the t with Toronto, which was also pointed out to me privately. Suddenly I feel like Homer Simpson. :) So I guess it's a general hackathon then? Please, no cute retorts or else I'll have to drive down there and buy a round. And I *really* dislike driving back to the city. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Order request unfulfilled
On 05/17/13 13:42, Salim Shaw wrote: Perhaps someone could direct me to the appropriate person to answer questions regarding my unfulfilled order request. In an effort to promote and support the OpenBSD project, I order a T-Shirt almost a month ago and have not received the order. I have sent two separate emails to /aus...@openbsd.org/ and have not received a response as to what has happen. I'm looking for a little help in trying to get some answers for my order. If anyone of you guys has a different contact, please provide so that I may have the issue resolved. Thanks for any assistance. Thanks again, Assuming you ordered through the Computer Store of Calgary, (that is, an official site), be patient. You'll get your stuff, just give it some time. You didn't say where you're located or where you ordered from, so I can't really say much more. Oh, except one thing. They did screw up my order *once*, in the dozen-plus times I've ordered disksets + other stuff. If you want a laugh, you can read about it in the archives here: http://marc.info/?l=openbsd-miscm=135292690910516w=2 and yes, I did eventually get my disksets, plus some bonus stuff for my trouble. (To be honest, the only trouble, really, was my impatience.) Who knows, Austin might be on vacation or something, but there are others that will take care of business. Don't worry, you'll be fine. :) -- Scott McEachern https://www.blackstaff.ca
Re: who is using obsd
On 05/13/13 17:28, Salim Shaw wrote: OpenBSD is a server/router/network service OS, it's not designed for desktops. OpenBSD is the pre-eminent platform for Firewalling, IPsec, IPv6. Trying to shove OpenBSD onto the desktop is the ultimate case of square peg/round hole. You're quite a comedian. However, don't give up your day job. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: Is fdisk, disklabel and newfs enough to reset an SSD
On 05/14/13 00:04, Clint Pachl wrote: I would like to reinstall a fresh system on an SSD that contains an existing installation. From my limited knowledge of SSDs, I wonder if the drive controller may retain data from the old filesystem, unaware that there is a new filesystem put in place. Is this a concern? If so, how does one reset a used SSD for optimal operation with a fresh install? I've done a fresh install of OpenBSD over top of OpenBSD (and other OSes) many times across many SSDs and I've never had a problem. But I'm not entirely sure what you mean... 1) Do you mean your new installation will see files left over from a previous install? No, it won't. 2) Do you mean there could still be data residing on unused parts of the SSD? Yes, it can happen. SSDs have their own way of wear-leveling. What the filesystem considers to be cylinder X, head Y and sector Z will probably not be the same *physical* cells on the SSD twice in a row. That's not a function of the OS, but the SSD itself. Do a little googling and you'll see what I mean: There's no guaranteed way to erase an SSD. I've read stories of people that have had SSDs crap out on them and instead of sending them back to the manufacturer for warranty repair/replacement, they just chuck them out and buy new ones. Why? Because there's no way to guarantee your private data has actually been erased. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: xenocara build failure
On 05/14/13 00:15, Marco S Hyman wrote: This is probably something stupid I'm doing, but I can't see it right this second. Trying to build xenocara from sources pulled from anon...@anoncvs3.usa.openbsd.org:/cvs as of about 60 minutes before sending this email message gives me cc -O2 -pipe -I/usr/xenocara/lib/freetype/include -I/usr/xenocara/lib/freetype/builds/unix -I/usr/xenocara/lib/freetype/src/lzw -DFT2_BUILD_LIBRARY -c /usr/xenocara/lib/freetype/src/type1/type1.c -o type1.o In file included from /usr/xenocara/lib/freetype/src/type1/type1.c:23: /usr/xenocara/lib/freetype/src/type1/t1load.c: In function 'parse_private': /usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: 'struct T1_Loader_' has no member named 'keywords_encountered' /usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: 'T1_PRIVATE' undeclared (first use in this function) /usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: (Each undeclared identifier is reported only once /usr/xenocara/lib/freetype/src/type1/t1load.c:1037: error: for each function it appears in.) In file included from /usr/xenocara/lib/freetype/src/type1/type1.c:23: /usr/xenocara/lib/freetype/src/type1/t1load.c: In function 'parse_dict': /usr/xenocara/lib/freetype/src/type1/t1load.c:1871: error: 'struct T1_Loader_' has no member named 'keywords_encountered' /usr/xenocara/lib/freetype/src/type1/t1load.c:1871: error: 'T1_PRIVATE' undeclared (first use in this function) /usr/xenocara/lib/freetype/src/type1/t1load.c:1872: error: 'struct T1_Loader_' has no member named 'keywords_encountered' /usr/xenocara/lib/freetype/src/type1/t1load.c:1873: error: 'T1_FONTDIR_AFTER_PRIVATE' undeclared (first use in this function) /usr/xenocara/lib/freetype/src/type1/t1load.c:1978: error: 'struct T1_Loader_' has no member named 'keywords_encountered' /usr/xenocara/lib/freetype/src/type1/t1load.c:1990: error: 'struct T1_Loader_' has no member named 'keywords_encountered' /usr/xenocara/lib/freetype/src/type1/t1load.c: In function 't1_init_loader': /usr/xenocara/lib/freetype/src/type1/t1load.c:2047: error: 'struct T1_Loader_' has no member named 'keywords_encountered' *** Error 1 in lib/freetype (bsd.lib.mk:37 'type1.o': @cc -O2 -pipe -I/usr/xenocara/lib/freetype/include -I/usr/xenocara/lib/freetype/...) *** Error 1 in lib/freetype (Makefile:36 'build') *** Error 1 in lib (bsd.subdir.mk:48 'build') *** Error 1 in . (bsd.subdir.mk:48 'realbuild') *** Error 1 in /usr/xenocara (Makefile:35 'build') Any hints as to what I'm doing wrong? I've seen this before. After you rebuild your system, reboot. (Yes, in addition to after rebooting into the new kernel.) Bet your problem will be solved. -- Scott McEachern https://www.blackstaff.ca Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin
Re: X (vesa) doesn't work with recent snapshot
On 04/16/13 10:07, Zoran Kolic wrote: inteldrm(4) after KMS changes hangs my computer early at boot, so I have it turned \ off always. I've upgraded to snapshot of Apr. 8, and noticed that run in somewhat I \ would call a semi-hangup mode. No, it doesn't freeze a system or something like, \ instead it shows nothing but black screen. I can switch to console, can even type my \ login/password blindly in xdm, then I can do ps on another vty, and see that it \ started a wm, but switching back to X again shows nothing but black screen. attached \ is Xorg.0.log I stopped upgrading to newer snapshots, due to this post. In my case, it is g550 with 2000 graphics. Similar to original poster. What is status on this right now? On modern intel chips it is known on freebsd not to go back to console after startx, since it gives black screen. It is pos- sible to type blind into the shell, but I avoid this. I su to root and isue shutdown from that. Best regards Zoran Can you install a new snapshot to a USB stick, boot the stick and test it from there? -- Scott McEachern https://www.blackstaff.ca
Re: smtpd relay
On 02/26/13 11:52, Gilles Chehade wrote: Here's a schema I did of the layout a while ago: Your diagram, with Charles, reminds me of a question I've always wondered: What's with the name Charlie in a default install? Just curious.. -- Scott McEachern https://www.blackstaff.ca
Re: Security and ignorance from the major ISPs
On 02/14/13 18:20, Daniel Bertrand wrote: I was wondering what your stance is about the constant hack attempts on machines on our ISP networks.. I see CONSTANT scanning for ports from all over the world, mostly from Italy, Russia, and China. Everyone does. You can find lists of IP ranges on a per-country basis on the 'net and block specific countries if you wish. However, unless you're running services open to the public (eg. web servers) there isn't much point. (Even if you are, some would argue blocking by country is useless anyway.) Every firewall/router product that I have purchased has been compromised so far. Yes, pf on OpenBSD kicks ass. pf ported to other OSes is always behind the times, sometimes way behind. Is there really a secure, trustworthy adaptive filtering firewall configuration for each OS configuration out there? When you're connected to the Internet, it's all about TCP/IP, which is OS agnostic. What matters are the services you want to be accessible. Most people who are on the net are completely oblivious and helpless when it comes to this constant trolling for access, they have no idea what to do to secure their machines. Most (but not all) home routers (DSL modems) filter automatically which protects to some degree. From there, your mileage will vary. But you are right that most people don't realize they are under constant attack. (Try block log all to get the full picture.) Shaw has neglected me and left me for dead when I ask for better control and protection from malicious attackers. Like Ryan Freeman said on tech, you want the isp selectively blocking traffic for you? i don't., you don't want your ISP filtering for you because then what you receive is at _their_ discretion, not yours. Since you referred to Shaw, I take it you're in Canada? I haven't dealt with Shaw, but I once tried Bell for a month or two a few years back and they most certainly do port filtering. For example, I was unable to run my own mail server because they blocked port 25/smtp. Your idea of left for dead is actually desirable if you want to control your own connection. I left Bell and switched to Teksavvy because of it. I didn't need Bell looking out for my best interests, thank-you very much. If you want to discuss this further about your specific setup, please contact me privately. What do I do to make sure I don't spend money on new hardware but get a PF configuration that I can trust besides block in all? Are there published rulesets for Mac/Windows etc. that we can just drop into our pf.conf and /etc/pf.anchors/ directory? A firewall ruleset is unique to each site. You're going to have to build your own by looking at the pf FAQ (http://www.openbsd.org/faq/pf/index.html) and looking at examples. There is no one size fits all. Your question is like asking I need a vehicle. What should I buy? However, like beck@ said on tech, block all is a good place to start. After that it depends entirely on your _specific_ needs. -- Scott McEachern https://www.blackstaff.ca
Re: bootable OpenBSD USB stick from windows?
On 02/13/13 13:14, Hugo Osvaldo Barrera wrote: On 2013-02-12 10:17, Scott McEachern wrote: Oh for pete's sake, it's 2013. Go to your local computer store and spend (at most) $20 dollars on an optical drive. Install the damn thing on your Winbox, follow the many directions already posted here, and be done with it. It's not rocket surgery and optical drives really do come in handy. And they're dirt cheap. Or, save the $20 and install VirtualBox like people have suggested. Just end this stupid thread because you're talking in circles. $20 may sound cheap to you, but that's not cheap in every part of the world, especially for a device you'll use only ONCE to install the OS. It's 2013, and buying floppies/optical drives isn't the best of advices. Right. And an optical drive on a Windows box will *never* be used again. And it could never be repurposed on another machine. What a complete waste of money. Silly me; bad advice. Fine, $20 is the difference between him paying the rent or eating. I get it. But like I reminded him, there are free options already suggested by the list and he's done what with that advice? What's wrong PXE? Nothing. I had to use it earlier today myself on a machine with no CDROM that couldn't boot from USB. (Sound familiar?) But that's also assuming that his machine is capable of PXE, and the OP hasn't said anything about it. (My bad, maybe he did and it's one of the messages in this thread I skipped.) My point still stands: He's been given advice six ways through Sunday on how to accomplish this task, both free and non-free, he's also been pointed to the archives and yet this thread lives on. Like I said, talking in circles now. -- Scott McEachern https://www.blackstaff.ca
Re: bootable OpenBSD USB stick from windows?
On 02/12/13 08:10, Heptas Torres wrote: On 2/12/13, Jan Stary h...@stare.cz wrote: On Feb 11 23:48:09, hepta...@gmail.com wrote: On 2/11/13, christopher sasarak chris.sasa...@gmail.com wrote: I had a similar situation with my laptop and found a solution in the FAQ: http://www.openbsd.org/faq/faq14.html#flashmemLive Essentially what I had to do was boot from CD on the desktop system (using an ISO for the desktop system's architecture) That assumes that my windows machine can boot from a CD which is not the case (I have no CD-ROM neither on my windows machine nor on the machine where I want to install OpenBSD). I only have access to a windows machine to burn an iso image, do you How do you do it then, exactly? In case of Linux images with one of the tools I mentioned in one of my previous messages. -h Oh for pete's sake, it's 2013. Go to your local computer store and spend (at most) $20 dollars on an optical drive. Install the damn thing on your Winbox, follow the many directions already posted here, and be done with it. It's not rocket surgery and optical drives really do come in handy. And they're dirt cheap. Or, save the $20 and install VirtualBox like people have suggested. Just end this stupid thread because you're talking in circles. -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW
On 02/10/13 14:17, Alexander Hall wrote: On 02/10/13 08:13, Scott McEachern wrote: I could have sworn the man page for fsck(8) said something about rule #1 being don't panic, but I couldn't find it in there. Must be somewhere else. So I didn't panic, watched a bit of TV and thought about it... I'm pretty sure you're thinking about scan_ffs(8), which however suggests the following: 1. Panic. You usually do so anyways, so you might as well get it over with. Just don't do anything stupid. Panic away from your machine. Then relax, and see if the steps below won't help you out. 2. ... :-) /Alexander Ah yes, thanks for the reminder. -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/09/13 03:09, Andy Bradford wrote: Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100: umount via DUID does not work currently - this will be fixed shortly after the next release freeze has ended. Will that also include shutdown of softraid via DUID? e.g., bioctl -d DUID Or is this not even possible? Thanks, Andy Oddly enough, no. The reason I find it odd is that in my script to ask for my password in rc.securelevel, the bioctl command uses DUIDs. My rc.shutdown: snip umount -f /st7 umount -f /home bioctl -d sd10 #bioctl -d 485a9f963f9cf9ea #bioctl -d 485a9f963f9cf9ea.a bioctl -d sd11 #bioctl -d 36d18f2cde909b01 #bioctl -d 36d18f2cde909b01.a /snip The commented lines are what I tried and found not to work. Which kinda blows because if I change anything in the BIOS, the drives get renumbered so I pretty much *have* to use DUIDs. (I have other OpenBSD installations and other OSes on other drives.) This can get quite messy and I end up with roaming drive warnings: # dmesg |grep sd[0-9] sd0 at scsibus0 targ 0 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c500525bf426 sd0: 2861588MB, 512 bytes/sector, 5860533168 sectors sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c5005265ff15 sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c5004a5baa2e sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors sd3 at scsibus0 targ 3 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c5004a6e56f1 sd3: 2861588MB, 512 bytes/sector, 5860533168 sectors sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct fixed naa.5e83a97ba7b2fd30 sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct fixed naa.500a0751032e95ec sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct fixed naa.5000c50019d9277e sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 0/direct fixed naa.5000 sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd10: 666MB, 512 bytes/sector, 1365008 sectors sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd11: 858476MB, 512 bytes/sector, 1758159312 sectors -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/09/13 15:06, Stefan Sperling wrote: On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote: On 02/09/13 03:09, Andy Bradford wrote: Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100: umount via DUID does not work currently - this will be fixed shortly after the next release freeze has ended. Will that also include shutdown of softraid via DUID? e.g., bioctl -d DUID Or is this not even possible? Thanks, Andy Oddly enough, no. See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch. It hasn't been committed yet because jsing didn't ok it. Perhaps he will change his mind if we ask again nicely :) Will do, but since I've only been running snapshots for ages, I'm going to have to get the -current sources against what's on the 5.2 CDs. This is gonna take a while, but I'll test it out. And thank-you, that patch will be quite useful for me. :) -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/09/13 15:06, Stefan Sperling wrote: On Sat, Feb 09, 2013 at 03:52:12AM -0500, Scott McEachern wrote: On 02/09/13 03:09, Andy Bradford wrote: Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100: umount via DUID does not work currently - this will be fixed shortly after the next release freeze has ended. Will that also include shutdown of softraid via DUID? e.g., bioctl -d DUID Or is this not even possible? Thanks, Andy Oddly enough, no. See http://marc.info/?l=openbsd-techm=133513662106783w=2 for a patch. It hasn't been committed yet because jsing didn't ok it. Perhaps he will change his mind if we ask again nicely :) The patch applied cleanly, I rebuilt the system and rebooted. All looked good. Then I adjusted my /etc/rc.shutdown to this: umount -f /st7 umount -f /home #bioctl -d sd10 -- this was used before bioctl -d 485a9f963f9cf9ea #bioctl -d 485a9f963f9cf9ea.a #bioctl -d sd11 -- this was used before bioctl -d 36d18f2cde909b01 #bioctl -d 36d18f2cde909b01.a and executed a reboot. The bad news? I got the same error as before: syncing disks... done sd3 detached softraid0: I/O error 5 on dev 0x433 at block 16 softraid0: could not write metadata to sd3d sd4 detached rebooting... at least I think that's what it said, it went by rather quickly. I definitely saw the could not write metadata part. At this point I figured no harm, no foul. Was I ever wrong. Upon reboot the system shit all over the place and dropped me to single user mode. The offending partitions were /dev/sd8a and /dev/sd9a. In my fstab, I have the following: 6be798121798a5a7.b none swap sw 6be798121798a5a7.a / ffs rw,softdep 1 1 6be798121798a5a7.d /tmp ffs rw,nodev,nosuid,softdep 1 2 6be798121798a5a7.f /usr ffs rw,nodev,softdep 1 2 6be798121798a5a7.g /usr/X11R6 ffs rw,nodev,softdep 1 2 6be798121798a5a7.i /usr/local ffs rw,nodev,softdep 1 2 6be798121798a5a7.h /usr/obj ffs rw,nodev,nosuid,softdep 1 2 6be798121798a5a7.e /var ffs rw,nodev,nosuid,softdep 1 2 e1d635ac777ed919.a /st5 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2 3131dc858bdefd32.a /st6 ffs rw,nodev,nosuid,noexec,noatime,softdep 1 2 darkon:/st1/ /st1 nfs rw,nodev,soft,intr 0 0 See the /st5 (e1d..919.a, aka sd8a) and /st6 (313..f32.a, aka sd9a) mount points? Those are my two 3TB RAID1 volumes. Or should I say, *were*. You can see where this is going, right? I used ed(1) to comment those lines out, rebooted. Things seemed to come up normally and I figured I might have to fsck the big drives when oh *fuck*. sd8 and sd9 no longer exist. The tail end of my dmesg normally looks like this (before I added the crypto volumes): softraid0 at root scsibus4 at softraid0: 256 targets sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b Now it looks like this: softraid0 at root scsibus4 at softraid0: 256 targets root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b I didn't know what to wipe first, the sweat off my forehead or ... well, you get the idea. I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the volumes (just like how I created them the first time around), and *hope like hell* I can get my shit back, but before I do that, I wanted to get your advice to ensure that's my best possible move. Hey, you know, maybe it would be best if I reinstalled my previous snapshot (Feb7 I think) and use _that_ version of bioctl, no? -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata -- WHEW
On 02/09/13 22:16, Scott McEachern wrote: I didn't know what to wipe first, the sweat off my forehead or ... well, you get the idea. I'm tempted to try to use bioctl -c 1 -l /dev/sd0,/dev/sd1 softraid0 and bioctl -c 1 -l /dev/sd2,/dev/sd3 softraid0 to recreate the volumes (just like how I created them the first time around), and *hope like hell* I can get my shit back, but before I do that, I wanted to get your advice to ensure that's my best possible move. Hey, you know, maybe it would be best if I reinstalled my previous snapshot (Feb7 I think) and use _that_ version of bioctl, no? I could have sworn the man page for fsck(8) said something about rule #1 being don't panic, but I couldn't find it in there. Must be somewhere else. So I didn't panic, watched a bit of TV and thought about it... If bioctl -d destroys my crypto partitions but yet they can be found upon reboot (with the appropriate bioctl command), wouldn't the same thing apply if bioctl somehow destroyed my RAID1 volumes? I went back to the previous snapshot and with very sweaty hands I gave it a try, and yes, it does work. Rerunning the RAID1 creation commands happily brought back both volumes. I then brought back my crypto volumes and voila: softraid0 at root scsibus4 at softraid0: 256 targets sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b sd10 at scsibus4 targ 3 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd10: 666MB, 512 bytes/sector, 1365008 sectors softraid0: volume sd10 is roaming, it used to be sd11, updating metadata sd11 at scsibus4 targ 4 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd11: 858476MB, 512 bytes/sector, 1758159312 sectors softraid0: volume sd11 is roaming, it used to be sd10, updating metadata All is well. :) I feel like I just got off a really wild rollercoaster and want to go back for more abuse. With that said... I'm going to try that patch again, only this time I'm going to try it out a little differently (more slowly, ahem) and see what's happening. I'm filled with self-doubt that *I* did something wrong, somewhere. Besides, my nerves are shot, so I couldn't sleep now if I tried. I really want that patch to work, dammit. -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/08/13 11:26, Joel Sing wrote: On Sat, 9 Feb 2013, Jiri B wrote: On Sat, Feb 09, 2013 at 02:56:47AM +1100, Joel Sing wrote: While stacked softraid volumes generally work, they are not officially supported (for a variety of reasons). The problem that you mention above is due to the way that softraid volumes are shutdown - the shutdown order is approximately the same as the order they are created. In your case this means that sd3 gets shutdown before sd4, hence sd4 is unable to write metadata to sd3. For the time being, in order to avoid the issue you should disassemble the CRYPTO volume (sd4) before the RAID 1 volume (sd3). Shit, I forgot to mention that I already gave that a whirl by putting: umount -f /st3 -- the mount point of the crypto volume in /etc/rc.shutdown. It makes no difference; I still get that warning/error. I also tried: umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume and, curiously, it says that it's not currently mounted. (Yet that's exactly how I mount it with bioctl in rc.securelevel, where it prompts me for the password.) I've also tried doing it by hand (vs. rc.shutdown) and it still doesn't matter. Any other suggestions? Also, as I said I haven't lost any data thus far and other than seeing that message it works just fine. Am I 1) just lucky so far (and will eventually not be so lucky), 2) is it just cleaning up after itself on reboot (my rc.securelevel script runs an fsck -p on the volume before mounting it), or 3) is it actually working but just not very pretty? Would stackable softraid volumes work in near future or is it big problem as how softraid was designed? Generally speaking they already work - there are just some caveats, primarily relating to assembly and shutdown. Most of the issues are fairly easily fixed or are at least solvable (the shutdown ordering should be simple - I just need to move it up the priority list). That said, longer term I would rather have disciplines such as RAID1C and RAID10 that handle the stacking internally and allow for better operation and management. With that approach (RAID1C) would that also work when the entire volume isn't encrypted, like in my case where only one partition of the HDD is crypto? Either way, it sounds fantastic and having smooth RAID (esp. crypto) operations, l think, would be a huge feather in OpenBSD's cap. I haven't tried full disk encryption yet, maybe on a test box one day, because I just don't need that overhead for every disk access. -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/08/13 13:00, Stefan Sperling wrote: On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote: Shit, I forgot to mention that I already gave that a whirl by putting: umount -f /st3 -- the mount point of the crypto volume in /etc/rc.shutdown. It makes no difference; I still get that warning/error. I also tried: umount -f 6c6e53ab843ef6c8.a -- the DUID of the crypto volume and, curiously, it says that it's not currently mounted. (Yet that's exactly how I mount it with bioctl in rc.securelevel, where it prompts me for the password.) I've also tried doing it by hand (vs. rc.shutdown) and it still doesn't matter. Any other suggestions? You have to destroy the softraid volume, too, in addition to unmounting the filesystem. Running 'bioctl -d sd4' should do the trick. You want to see 'sd4 detached' in dmesg before 'sd3 detached'. Aha! I gave that a shot and everything works *perfectly*. No more ugly messages and I feel much better about the integrity of my data. Thanks very much Joel and Stefan, your work and help has been invaluable! Now, the fun begins: I have two 3TB RAID1 volumes, with no encryption, on another machine (acting like an OpenBSD NAS box, really) at 65% and 40% capacity (do the math..) Because I was unsure of the crypto volume's integrity on this machine, stuff is rsynced to that machine. Now that I know to destroy the crypto volumes I get to do some juggling in order to create crypto partitions on those volumes. This is gonna take a while. *laughs* -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/08/13 13:32, Paul de Weerd wrote: On Fri, Feb 08, 2013 at 12:52:00PM -0500, Scott McEachern wrote: | Either way, it sounds fantastic and having smooth RAID (esp. | crypto) operations, l think, would be a huge feather in OpenBSD's | cap. I haven't tried full disk encryption yet, maybe on a test box | one day, because I just don't need that overhead for every disk | access. Full disk encryption works fine for me on the two systems where I run it on. I found that most disk IO is to the FS I want crypted anyway, so I thought let's not optimize the infrequent path and just went FDE. The only real downside is that it's currently lacking installer integration, but doing those few steps by hand isn't exactly rocket science anyway, so FDE is definitely my preferred aproach for my (future) installs. Paul 'WEiRD' de Weerd What kind of hardware do you have powering those machines? Besides, I don't use the crypto partition too often and I really should make it smaller (it's only at 17% capacity out of 1.4TB). I should also run some simple benchmarks here to get a vague idea of what kind of overhead is actually involved on my own hardware. -- Scott McEachern https://www.blackstaff.ca
Re: softraid RAID1 + CRYPTO error writing metadata
On 02/08/13 15:19, Paul de Weerd wrote: Admittedly, these are pretty powerful machines. And Antoine was right, it's amd64 (I don't have i386 in real day-to-day use anymore). I have a couple of P4s (no HT) running i386 (firewall, and my web/db server), but otherwise everything is amd64. But here are the dmesgs for my office workstation and my laptop: --- office workstation --- OpenBSD 5.3-beta (GENERIC.MP) #27: Sun Feb 3 18:03:44 MST 2013 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8541622272 (8145MB) avail mem = 8291753984 (7907MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec1b0 (83 entries) bios0: vendor Dell Inc. version A08 date 09/19/2012 bios0: Dell Inc. OptiPlex 9010 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT DMAR ASF! SLIC acpi0: wakeup devices PS2K(S3) PS2M(S3) UAR1(S3) P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S0) EHC2(S0) XHC_(S0) HDEF(S4) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, 3392.85 MHz Geez, that looks familiar... :) My workhorse (not workstation since X doesn't work): OpenBSD 5.3-beta (GENERIC.MP) #29: Thu Feb 7 19:31:06 MST 2013 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16851365888 (16070MB) avail mem = 16380297216 (15621MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb410 (112 entries) bios0: vendor American Megatrends Inc. version 0408 date 06/05/2012 bios0: ASUSTeK COMPUTER INC. P8Z77-V PREMIUM acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT MSDM BGRT acpi0: wakeup devices PS2K(S4) PS2M(S4) P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) RP07(S4) GLAN(S4) EHC1(S4) EHC2(S4) XHC_(S4) HDEF(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz, 3606.12 MHz So if your 3770 can handle it fine, mine probably can too. :) I should also mention that I have three boot SSDs (various OSes, runs OpenBSD 90% of the time) plus the two big RAID volumes for data, so going FDE isn't entirely useful. My workstation isn't too shabby either: OpenBSD 5.2-current (GENERIC.MP) #20: Mon Jan 21 17:23:23 MST 2013 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 12613910528 (12029MB) avail mem = 12255641600 (11687MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f400 (68 entries) bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) UHC7(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.25 MHz but again, the big volumes are just for storage and the OS/boot is also from an SSD. I have a 3.2GHz P4 (with HT, so it's amd64) as a general server and it has a crypto volume. I don't think FDE would fly quite so well on it... I'd love for the web/database server to be FDE, but a 2.8GHz i386 P4 would probably cry in pain. The bottom line is that for the machines that are capable of FDE, I run an SSD/HDD split for the OS/data. Not a lot of point in encrypting the OS for the sake of it, at least in my case. -- Scott McEachern https://www.blackstaff.ca
softraid RAID1 + CRYPTO error writing metadata
16, version 1.0, legacy support ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 6 int 16, version 1.0, legacy support ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 17 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1 ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 6 int 18, version 1.0, legacy support ohci3 at pci0 dev 19 function 1 ATI SB700 USB rev 0x00: apic 6 int 18, version 1.0, legacy support ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 6 int 19 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3c: SMI iic0 at piixpm0 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 0a=10 0b=10 0c=10 0d=10 0e=22 0f=92 10=3d 11=00 12=00 13=00 14=0a 15=0a 16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 06= 07= spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 spdmem2 at iic0 addr 0x52: 2GB DDR3 SDRAM PC3-10600 spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600 pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4 azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 int 16 azalia1: codecs: VIA/0x0397 audio0 at azalia1 pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00 ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00 pci3 at ppb2 bus 3 re1 at pci3 dev 5 function 0 D-Link DGE-530T C1 rev 0x10: RTL8169/8110SB (0x1000), apic 6 int 20, address 5c:d9:98:ae:3c:7b rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, version 1.0, legacy support pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00 km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00 pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290 usb6 at ohci4: USB revision 1.0 uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support uhub7 at uhub0 port 4 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2 ugen0 at uhub2 port 3 APC Back-UPS ES 550G FW:843.K4 .D USB FW:K4 rev 1.10/1.06 addr 2 uhidev0 at uhub4 port 3 configuration 1 interface 0 Logitech USB Optical Mouse rev 2.00/43.01 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd3: 2861588MB, 512 bytes/sector, 5860532576 sectors root on sd2a (27a551cc8502d62c.a) swap on sd2b dump on sd2b softraid0: sd4 was not shutdown properly softraid0: sd4 was not shutdown properly sd4 at scsibus3 targ 2 lun 0: OPENBSD, SR CRYPTO, 005 SCSI2 0/direct fixed sd4: 1430793MB, 512 bytes/sector, 2930265808 sectors -- Scott McEachern https://www.blackstaff.ca
Re: pf blocking active connections
On 02/07/13 15:13, Martijn van Duren wrote: Hello misc, Today I watch the current connections on my small home server and I noticed an unfamiliar ftp-connection. Upon inspecting the connection I noticed it was a brute force attack, so I fired up my pfctl-utility and tried to block the attack by adding the ip to my quick drop table. After adding the ip to the table I noticed that the connection was still happily active and even reloading my entire ruleset with pfctl -f /etc/pf.conf didn't help, so I resorted to tcpdrop. My question is, is it possible to destroy an active connection by something like adding an ip to a drop quick table (did I miss a certain flag?) or do I, in an event that something like this happens again, always have to perform a two stage drop? Sincerely, Martijn I've seen this before. The attack continued because you have an existing state entry on the firewall that is allowing packets to continue. Use 'pfctl -k (host)' to kill off existing states. -- Scott McEachern https://www.blackstaff.ca
Re: pf blocking active connections
On 02/07/13 15:31, Martijn van Duren wrote: Thanks for all the quick responses, but if I understand you all correctly there is no way to cut off an established connection by adding an ip address to a blocked table, so I'm still left with my two stage drop off the connection (both adding the the ip to the table and killing the connection manually). Martijn Yes. But it's not like it's hard to type pfctl -ef /etc/pf.conf pfctl -k 192.168.1.1 either. :) -- Scott McEachern https://www.blackstaff.ca
Re: vi vs ed in bsd.rd - proposal
On 01/11/13 16:38, Paolo Aglialoro wrote: sparc64 machine, a neglected typo in fstab while changing a disk mountpoint and boom! - no boot :( ed(1) isn't hard to use, but if you haven't used it in a while, as espie@ said, having another machine handy to hit the man page is useful. Go play with ed(1) now when you aren't in panic mode to get a feel for it. However, if you really feel the need to use vi, then do something like this: 1) use disklabel(8) to see what partition on your HDD contains the /usr partition. vi(1) lives in /usr/bin, so I'm assuming you don't have /usr/bin/ mounted somewhere other than /usr. Pretend it's on partition 'f' of sd0. Let's also pretend your root partition is on 'a'. 2) #mount /dev/sd0a / #mount /dev/sd0f /usr If you run vi now, it'll bitch about your terminal type not being set, so: 3) #export TERM=vt220 (or whatever is applicable to you) 4) #vi /etc/fstab (fix your mistake(s)) 5) #reboot and you should be good. Keep in mind, my workaround above won't always be there for you, so I'll say it again: Go play with ed(1) now on a dummy file when you aren't in panic mode to get a feel for it. -- Scott McEachern https://www.blackstaff.ca
Re: vi vs ed in bsd.rd - proposal
On 01/12/13 07:25, Marc Espie wrote: On Sat, Jan 12, 2013 at 07:17:25AM -0500, Scott McEachern wrote: On 01/11/13 16:38, Paolo Aglialoro wrote: sparc64 machine, a neglected typo in fstab while changing a disk mountpoint and boom! - no boot :( ed(1) isn't hard to use, but if you haven't used it in a while, as espie@ said, having another machine handy to hit the man page is useful. Go play with ed(1) now when you aren't in panic mode to get a feel for it. However, if you really feel the need to use vi, then do something like this: 1) use disklabel(8) to see what partition on your HDD contains the /usr partition. vi(1) lives in /usr/bin, so I'm assuming you don't have /usr/bin/ mounted somewhere other than /usr. Pretend it's on partition 'f' of sd0. Let's also pretend your root partition is on 'a'. 2) #mount /dev/sd0a / #mount /dev/sd0f /usr If you run vi now, it'll bitch about your terminal type not being set, so: 3) #export TERM=vt220 (or whatever is applicable to you) 4) #vi /etc/fstab (fix your mistake(s)) 5) #reboot Did you actually test that ? vi wants /var/tmp rw as well... Nah, just going from memory. It's been a while. However, the same logic applies: Look at what partition /var is on and mount it too. But thanks for illustrating my point: It's just easier to learn a little ed(1) when not panicking in single-user mode. I'm also assuming that his _only_ problem is a typo (or whatever) in fstab, otherwise things get more complicated. :) -- Scott McEachern https://www.blackstaff.ca
Re: vi vs ed in bsd.rd - proposal
On 01/12/13 08:24, Paolo Aglialoro wrote: Thank you Scott! Your tutorial is really nice :) I'll star it in my gmail. Uhm, you're welcome. Just FYI, it's bad form to reply to a private email onto a public mailing list. I'm no ed(1) expert. Since it's now on the list, maybe more experienced ed users can suggest more efficient ways to do things. And like espie@ noted in a previous email, no I didn't test it out. Practise it for yourself to ensure there aren't any gotchas.. Like how I forgot that you will also want to mount /var/ since vi stores its recovery files in /var/tmp/. Oops. :) -- Scott McEachern https://www.blackstaff.ca
Re: vi vs ed in bsd.rd - proposal
On 01/12/13 09:19, Paolo Aglialoro wrote: Sorry for fwd ur mail in list Scott, didn't notice it was in pvt. As for the tyre comparison, I agree with you Nick. Better getting your hands dirty than being laughed at. Which is btw what I did in that nasty event. But I also remember the cold sweat out of it. I don't think anyone ever forgets their first time being dropped into single-user mode. While it's a bit of a shocker, what really makes the blood run cold is when you realize there's no vi(1) to fix a borked config. I think it was after the second time I screwed up my fstab that I broke down and learned the basics of ed. The timing of you bringing this up is funny to me. I have a build box that I've been screwing around with lately and sometimes I'll copy a handful of backup files from my old /etc/ directory onto the new install. And of course I always forget to tweak the fstab. In the last week alone I've found myself in single-user mode at least three times, only instead of fear/sweating, I'm kicking myself (while using ed(1) to fix my fstab) for forgetting again. I mean, plus instead of versus, when space is enough, considering that nowadays vi is a widespread standard too (can't think of a modern unix distro without it), shouldn't be asking for the impossible :) (basically not opening a race for I want this tool too, but reasoning about an update of survival tools) FWIW, I couldn't care less if vi(1) is added. In fact, if it _does_ get added, I'll probably forget it's there and continue using ed(1) like normal anyway. PS: Good analogy Nick. -- Scott McEachern https://www.blackstaff.ca
Re: integrated graphics
0xba: msi pci13 at ppb12 bus 58 ppb13 at pci8 dev 9 function 0 vendor PLX, unknown product 0x8608 rev 0xba: msi pci14 at ppb13 bus 59 em1 at pci14 dev 0 function 0 Intel PRO/1000 (82583V) rev 0x00: msi, address c8:60:00:cc:4b:65 ehci1 at pci0 dev 29 function 0 Intel 7 Series USB rev 0x04: apic 2 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 pcib0 at pci0 dev 31 function 0 Intel Z77 LPC rev 0x04 ahci2 at pci0 dev 31 function 2 Intel 7 Series AHCI rev 0x04: msi, AHCI 1.3 scsibus2 at ahci2: 32 targets sd4 at scsibus2 targ 0 lun 0: ATA, OCZ-VERTEX4, 1.4 SCSI3 0/direct fixed naa.5e83a97ba7b2fd30 sd4: 122104MB, 512 bytes/sector, 250069680 sectors, thin sd5 at scsibus2 targ 1 lun 0: ATA, M4-CT064M4SSD1, 0309 SCSI3 0/direct fixed naa.500a0751032e95ec sd5: 61057MB, 512 bytes/sector, 125045424 sectors, thin sd6 at scsibus2 targ 2 lun 0: ATA, ST31500341AS, CC1H SCSI3 0/direct fixed naa.5000c50019d9277e sd6: 1430799MB, 512 bytes/sector, 2930277168 sectors cd0 at scsibus2 targ 4 lun 0: ASUS, DRW-24B1ST c, 1.05 ATAPI 5/cdrom removable sd7 at scsibus2 targ 5 lun 0: ATA, LITEONIT LMT-32L, LWS2 SCSI3 0/direct fixed naa.5000 sd7: 30533MB, 512 bytes/sector, 62533296 sectors, thin ichiic0 at pci0 dev 31 function 3 Intel 7 Series SMBus rev 0x04: apic 2 int 18 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-10600 spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-10600 spdmem2 at iic0 addr 0x52: 4GB DDR3 SDRAM PC3-10600 spdmem3 at iic0 addr 0x53: 4GB DDR3 SDRAM PC3-10600 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 mtrr: Pentium Pro MTRR support uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 ugen0 at uhub2 port 1 Broadcom Corp BCM20702A0 rev 2.00/1.12 addr 3 uhub3 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 uhidev0 at uhub3 port 1 configuration 1 interface 0 Logitech USB Receiver rev 2.00/12.01 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub3 port 1 configuration 1 interface 1 Logitech USB Receiver rev 2.00/12.01 addr 3 uhidev1: iclass 3/1, 8 report ids ums0 at uhidev1 reportid 2: 16 buttons, Z dir wsmouse0 at ums0 mux 0 uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0 uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0 uhidev2 at uhub3 port 1 configuration 1 interface 2 Logitech USB Receiver rev 2.00/12.01 addr 3 uhidev2: iclass 3/0, 33 report ids uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0 uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0 uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0 uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets sd8 at scsibus4 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd8: 2861588MB, 512 bytes/sector, 5860532576 sectors sd9 at scsibus4 targ 2 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd9: 2861588MB, 512 bytes/sector, 5860532576 sectors root on sd5a (6be798121798a5a7.a) swap on sd5b dump on sd5b -- Scott McEachern https://www.blackstaff.ca
Re: integrated graphics
On 01/12/13 11:12, Peter Hessler wrote: On 2013 Jan 12 (Sat) at 10:57:56 -0500 (-0500), Scott McEachern wrote: : :I also have an onboard Intel 4000: : :vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09 : Just works. I have no xorg.conf or any special configuration. vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09 Hmm, exact same line in both our dmesg's. Unfortunately, when I run #xdm, my screen goes blank and locks up. My ssh connections are gone, the keyboard and mouse are dead so I can't get back to the console and I have to hard reset. When I reboot, I find nothing in /root/.xsession-errors. Running #X -configure causes a segfault, or so it says at the bottom of my Xorg.0.log (below). It's too bad really, because this is a pretty sweet machine and I'd really like to use it as my primary work*station* instead of a work*horse*. Although I haven't tried it lately (as in, the last few months), I have tried fooling around with a custom Xorg.conf with no success. Methinks I'm just going to have to wait until either it starts to just work (I really don't care about acceleration) or KMS arrives. [ 803.243] X.Org X Server 1.12.3 Release Date: 2012-07-09 [ 803.243] X Protocol Version 11, Revision 0 [ 803.243] Build Operating System: OpenBSD 5.2 amd64 [ 803.243] Current Operating System: OpenBSD elminster.blackstaff.ca 5.2 GENERIC.MP#13 amd64 [ 803.244] Build Date: 07 January 2013 09:18:33AM [ 803.244] [ 803.244] Current version of pixman: 0.28.0 [ 803.244]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [ 803.244] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [ 803.244] (==) Log file: /var/log/Xorg.0.log, Time: Sat Jan 12 11:23:17 2013 [ 803.244] (II) Loader magic: 0x10d932b53e0 [ 803.244] (II) Module ABI versions: [ 803.244]X.Org ANSI C Emulation: 0.4 [ 803.244]X.Org Video Driver: 12.0 [ 803.244]X.Org XInput driver : 16.0 [ 803.244]X.Org Server Extension : 6.0 [ 804.095] (--) checkDevMem: using aperture driver /dev/xf86 [ 804.095] (--) PCI:*(0:0:2:0) 8086:0162:1043:84ca rev 9, Mem @ 0xf380/4194304, 0xd000/268435456, I/O @ 0xf000/64 [ 804.096] List of video drivers: [ 804.096]apm [ 804.096]ark [ 804.096]ati [ 804.096]chips [ 804.096]cirrus [ 804.096]dummy [ 804.096]glint [ 804.096]i128 [ 804.096]intel [ 804.096]mach64 [ 804.096]mga [ 804.096]neomagic [ 804.096]nv [ 804.096]openchrome [ 804.096]r128 [ 804.096]radeon [ 804.096]rendition [ 804.096]s3 [ 804.096]s3virge [ 804.096]savage [ 804.096]siliconmotion [ 804.096]sis [ 804.096]tdfx [ 804.096]trident [ 804.096]tseng [ 804.096]wsudl [ 804.096]wsudl [ 804.096]vmware [ 804.096]vesa [ 804.096] (II) LoadModule: apm [ 804.097] (II) Loading /usr/X11R6/lib/modules/drivers/apm_drv.so [ 804.097] (II) Module apm: vendor=X.Org Foundation [ 804.097]compiled for 1.12.3, module version = 1.2.5 [ 804.097]Module class: X.Org Video Driver [ 804.097]ABI class: X.Org Video Driver, version 12.0 [ 804.097] (II) LoadModule: ark [ 804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ark_drv.so [ 804.097] (II) Module ark: vendor=X.Org Foundation [ 804.097]compiled for 1.12.3, module version = 0.7.5 [ 804.097]Module class: X.Org Video Driver [ 804.097]ABI class: X.Org Video Driver, version 12.0 [ 804.097] (II) LoadModule: ati [ 804.097] (II) Loading /usr/X11R6/lib/modules/drivers/ati_drv.so [ 804.098] (II) Module ati: vendor=X.Org Foundation [ 804.098]compiled for 1.12.3, module version = 6.14.6 [ 804.098]Module class: X.Org Video Driver [ 804.098]ABI class: X.Org Video Driver, version 12.0 [ 804.098] (II) LoadModule: chips [ 804.098] (II) Loading /usr/X11R6/lib/modules/drivers/chips_drv.so [ 804.098] (II) Module chips: vendor=X.Org Foundation [ 804.098]compiled for 1.12.3, module version = 1.2.5 [ 804.098]Module class: X.Org Video Driver [ 804.098]ABI class: X.Org Video Driver, version 12.0 [ 804.098] (II) LoadModule: cirrus [ 804.098] (II) Loading /usr/X11R6/lib/modules/drivers/cirrus_drv.so [ 804.098] (II) Module cirrus: vendor=X.Org Foundation [ 804.098]compiled for 1.12.3, module version = 1.5.1 [ 804.098]Module class: X.Org Video Driver [ 804.098]ABI class: X.Org Video Driver, version 12.0 [ 804.098] (II) LoadModule: dummy [ 804.098] (II) Loading /usr/X11R6/lib/modules/drivers/dummy_drv.so [ 804.099] (II) Module dummy: vendor=X.Org Foundation [ 804.099]compiled for 1.12.3, module version = 0.3.6 [ 804.099]Module class: X.Org Video
Diskset arrival today -- sort of (funny)
I pre-ordered the 5.2 disksets and four t-shirts on September 8th. I'm located just outside of Toronto, so there shouldn't be a problem with international shipping. November 1st came and went, with no disksets or t-shirts in sight. Since the days of 2.8, I've always received the disksets before the release date. I'm a patient guy, so it's no big deal. (I've already downloaded the amd64 and i386 sets for my servers, and I run -current on my workstations, but geez, I'd really like to get my hands on those shirts... and the stickers!) Today the OpenBSD package arrives. Four new t-shirts, but no disksets (and no stickers, dammit!) The packing list has five checkmarks made in pencil beside each item, so somebody made an oops. Shit happens.. The funny part? They mailed me the freaking pencil! I never thought I'd buy a $50 pencil, but I guess I was wrong. I laughed my ass off. Wondering where my package was, I exchanged emails with Pam at the computershop.ca on Nov. 6th. They were having some shipping issues, but she was *really* nice about it. No joke, she was a real sweetie. I've since emailed her again, and I'm certain this will eventually get sorted out, but until then I just had to share this story. A pencil? Seriously? Hilarious! I'm still laughing! -- Scott McEachern https://www.blackstaff.ca
Re: Calomel.org
On 07/26/12 03:53, Peter Laufenberg wrote: Apparently calomel is full of bad and/or outdated advice for openbsd, especially the sysctl tuning stuff. Your best advice is to follow the official FAQ's on openbsd.org, and read openbsd man pages to learn your techniques. Maybe there needs to be a calomel faq on openbsd.org. a rule that whoever gets a question answered on misc has to add an entry with the cleaned reply. It'd do wonders for misc's signal/noise because lazy fucks, retards and trolls would think twice before posting That'll happen right after I'm done cleaning up the unicorn shit from my back yard. You're not the first person to mention a wiki for OpenBSD, and look how well that turned out. -- Scott McEachern https://www.blackstaff.ca
Nitpick: typo in mv(1) man page
$ diff mv.1.new mv.1 79c79 when the respective destination path is a non-empty directory, --- when the respective destination path is a non-empy directory, -- Scott McEachern https://www.blackstaff.ca
Re: Nitpick: typo in mv(1) man page
On 06/18/12 14:44, Scott McEachern wrote: $ diff mv.1.new mv.1 79c79 when the respective destination path is a non-empty directory, --- when the respective destination path is a non-empy directory, Erm, sorry 'about that... $ diff -u mv.1 mv.1.new --- mv.1Wed Jun 6 14:22:11 2012 +++ mv.1.newMon Jun 18 15:11:35 2012 @@ -76,7 +76,7 @@ In both forms, a .Ar source operand is skipped with an error message -when the respective destination path is a non-empy directory, +when the respective destination path is a non-empty directory, or when the source is a non-directory file but the destination path is a directory, or vice versa. .Pp -- Scott McEachern https://www.blackstaff.ca
Large (3TB) HDD support
SDRAM PC3-10600 spdmem3 at iic0 addr 0x53: 2GB DDR3 SDRAM PC3-10600 pciide0 at pci0 dev 20 function 1 ATI SB700 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-4163B, AX13 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 4 azalia1 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 6 int 16 azalia1: codecs: VIA/0x0397 audio0 at azalia1 pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00 ppb2 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00 pci3 at ppb2 bus 3 D-Link DGE-530T C1 rev 0x10 at pci3 dev 5 function 0 not configured VIA VT6306 FireWire rev 0xc0 at pci3 dev 8 function 0 not configured ohci4 at pci0 dev 20 function 5 ATI SB700 USB rev 0x00: apic 6 int 18, version 1.0, legacy support pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00 km0 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00 pchb4 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 ATI OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 ATI OHCI root hub rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 ATI OHCI root hub rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 ATI OHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x2e/2: IT8712F rev 8, EC port 0x290 usb6 at ohci4: USB revision 1.0 uhub6 at usb6 ATI OHCI root hub rev 1.00/1.00 addr 1 mtrr: Pentium Pro MTRR support uhub7 at uhub0 port 3 HP\M^? f2105 2PORT USB 2.0 HUB rev 2.00/7.02 addr 2 uhidev0 at uhub5 port 1 configuration 1 interface 0 Logitech USB Receiver rev 2.00/12.01 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub5 port 1 configuration 1 interface 1 Logitech USB Receiver rev 2.00/12.01 addr 2 uhidev1: iclass 3/1, 8 report ids ums0 at uhidev1 reportid 2: 16 buttons, Z dir wsmouse0 at ums0 mux 0 uhid0 at uhidev1 reportid 3: input=4, output=0, feature=0 uhid1 at uhidev1 reportid 4: input=1, output=0, feature=0 uhid2 at uhidev1 reportid 8: input=1, output=0, feature=0 uhidev2 at uhub5 port 1 configuration 1 interface 2 Logitech USB Receiver rev 2.00/12.01 addr 2 uhidev2: iclass 3/0, 33 report ids uhid3 at uhidev2 reportid 16: input=6, output=6, feature=0 uhid4 at uhidev2 reportid 17: input=19, output=19, feature=0 uhid5 at uhidev2 reportid 32: input=14, output=14, feature=0 uhid6 at uhidev2 reportid 33: input=31, output=31, feature=0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (6992ea307afaad04.a) swap on sd0b dump on sd0b -- Scott McEachern https://www.blackstaff.ca
Re: Large (3TB) HDD support
On 06/01/12 15:13, Otto Moerbeek wrote: Do a 'b *' command here, see the man page. That will make the whole disk available and the a command will do what you expect. -Otto Thank-you Otto and others for your assistance, that did the trick! I got both drives online, and set them up as a RAID 1 volume. A little geek porn if I may (I've never seen anything quite like that before. Ha! Until sthen@ posted his message): # df -h /st4 Filesystem SizeUsed Avail Capacity Mounted on /dev/sd3a 2.7T8.0K 2.6T 0%/st4 Some snipped dmesg: sd3 at scsibus3 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd3: 2861588MB, 512 bytes/sector, 5860532640 sectors Now I can lighten the load on some of my other drives. :) On 06/01/12 15:27, Nick Holland wrote: 0/direct fixed naa.50014ee001cbd923 sd0: 476940MB, 512 bytes/sector, 976773168 sectors sd1 at scsibus0 targ 1 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c5004a6e56f1 sd1: 2861588MB, 512 bytes/sector, 5860533168 sectors sd2 at scsibus0 targ 2 lun 0: ATA, ST3000DM001-9YN1, CC4B SCSI3 0/direct fixed naa.5000c5004a5baa2e sd2: 2861588MB, 512 bytes/sector, 5860533168 sectors Life is good. Oh, indeed! However, it'll take me at least a week to xfer my DVD stuff onto it... A few words of warning... * This really messes up your ability to multiboot, as non-OpenBSD OSs will think anything beyond the fdisk/MBR partition might be available. But then, most other OSs choke pretty badly at this point anyway. may not be that big a problem. I won't be multibooting this box any more. (It was once a triple boot WinXP/Win7/OpenBSD machine.) These days, I just buy really cheap used PCs for my occasional Windows needs. Life is easier with cheap hardware than bothering with multiple OSes on one box. * Lots of BIOSes that see 128G disks still won't let you boot from partitions higher than 128G. * I haven't actually TRIED this. I was planning on buying a 3TB disk to experiment on and update FAQ14...but just before I did, there was this little flood issue, and being a cheapskate, I didn't want to sink a lot of money into a drive I didn't really need quite yet (or more accurately, I need TWO of...) I was in the exact same boat; I'm a cheapskate too. I watched the same model drive double in price (about $180 CDN to about $400) overnight, and eventually they went down to $170. I kept scratching my chin on the idea, and the last straw was when (yet again) if I wanted a file (typically a movie), I'd have to dig up the DVD. I literally have hundreds of DVDs. It's seriously inconvenient to buy blanks, burn the data, hope it hasn't degraded when you need it, load it back... I figured Screw it, take the plunge. I think you know what I'd recommend... :) * Rebuilding the mirror will be a beast. * you don't want to fsck a 3TB file system, 'specially if it is rebuilding the mirror at the same time, though with 12G RAM, you might be able to do it. Nick. I'm hoping luck will stay on my side and I don't have to rebuild any time soon. And if things go sideways, which I always assume, I have other workstations I can use (that one just happens to be the 'best'). Good eye on noticing the 12GB of RAM; I'm sure that will come in handy when things go wrong. I'll be ordering a third 3TB drive as a spare, but in a while. I don't want them all to be from the same batch. I have a web server (Pentium 4) with two 40GB drives in RAID 1 as well, plus a spare in storage. (Not a typo, 40GB.) As you've written before, don't trust it, test it, so I pulled a drive, threw in my spare and let it rebuild. I believe that took half a day. I'm sure 3TB will be very, very ugly even on a machine considerably faster than a P4. BTW, I'm nicely UPSed and have pretty reliable hydro where I live, but stuff happens. That Pentium 4 with the 1.5TB drive only has 1GB of RAM, but I've been pleasantly surprised on the couple of times it's had to fsck the drive. I believe it only took about 10 minutes for it to sort things out the last time, but it's pretty much read-only. So thanks again folks for the advice! -- Scott McEachern https://www.blackstaff.ca
Re: Large (3TB) HDD support
On 06/01/12 20:54, Christian Weisgerber wrote: David Digglesda...@elven.com.au wrote: I fsck'd two 3TB filesystems yesterday with 512MB ram, on 5.1... it took a while, but worked. I just fsck'ed a 2.7TB filesystem in 1 minute, 43 seconds. 61% full, 447166 files. What CPU and how much RAM? SATA2 or 3? -- Scott McEachern https://www.blackstaff.ca
Re: Large (3TB) HDD support
On 06/01/12 19:18, Eric Furman wrote: Looks like Nick and OBSD could use a Donation. Anyone here in the community willing to step up and donate a couple 3TB drives? I would if I could so I understand if some people can't, but I'm sure there are a few people out there. I'm willing to step up. Hopefully, between your post and mine, we can get people to look under their cushions for spare change. :) I buy the CD sets and accessories like the rest of you, but honestly, it's been too long since I donated. Time to fix that situation. I could swing another 3TB drive, which is about $200 CDN, but not a pair. It was going to be my spare for the RAID array, but hey, it's time to give something back. My only question is whether the $200 for a 3TB drive is the best use of my donation. Is a big HDD actually useful to anyone? Would the money be better applied to something else that OpenBSD can use? It strikes me as rather pointless to order another drive, pay for shipping (even though it's only about $8), have it arrive and then ship it to someone else. (I'm sure my credit card company would be curious about why I'm buying something and having the goods shipped to a different address, possibly half-way around the world.) Enough of my yapping. I'm not interested in debating what's the best idea. I'm sure Theo can figure that out. Time to put up, and shut up, so I'm outta here. Order number 2012/6/1-19:42:43-30258: Your order currently is: - CDN $200.00 [DON] DONATION to the OpenBSD Project - Total: CDN $200.00 + Shipping. Danke, -- Scott McEachern https://www.blackstaff.ca
Re: A neat twist on nginx + php-fpm = no input file selected
On 02/29/12 03:52, Remco wrote: I'm not familiar with nginx but in general, the crazy-simple explanation I can think of is that you're running from a chroot. So the daemon will look for files relative to its chroot. That's *hilarious*. And of course, you're quite right. It works perfectly fine. Now, I can only hope it stays alive, unlike php-fastcgi... Thanks Remco! -- Scott McEachern
Re: A neat twist on nginx + php-fpm = no input file selected
On 02/29/12 03:52, Remco wrote: If the file on your file system is /var/nginx/html/who_is_online.php, a daemon chrooted to /var/nginx will see it as /html/who_is_online.php. If the daemon chrooted to /var/nginx should really see /var/nginx/html/who_is_online.php, the file should live in /var/nginx/var/nginx/html/who_is_online.php on your file system. Hope this helps. Oh, I just wanted to mention one more thing for the archives/google: php-fpm takes on the chroot of the web server. Ignore the php-fpm.conf documentation where it says Default value: not set and When this value is not set, chroot is not used. Bah. :/ -- Scott McEachern
A neat twist on nginx + php-fpm = no input file selected
sd0 at scsibus2 targ 1 lun 0: OPENBSD, SR RAID 1, 005 SCSI2 0/direct fixed sd0: 36985MB, 512 bytes/sector, 75745947 sectors root on wd0a (383cb6009c765d64.a) swap on wd0b dump on wd0b --- Scott McEachern
Radeon 4200 and azalia audio problems
I recently upgraded to the most recent (Jan. 26) snapshot from a system built from source on Jan. 24th, with mixed results: (dmesg follows) - Jan. 24th: using the xf86-video-ati-6.14.3.tar.gz driver from x.org, mplayer video output was jittery, like the driver couldn't keep up, but audio was fine[*1]. I got the your computer is too slow! message from mplayer (no, it isn't). - Jan. 26th: Not using the 6.14.3 driver, mplayer output was the same as above. With the x.org driver, mplayer video output is now fine, but there is a noticeable crackling/distortion during playback of some (not all) movie/TV files. It sounds like the audio levels of the media files is too high, but audio was fine on these same files the other day. [*1] - I'm not sure exactly when this popped up, only in the last week maybe, but now I can hear interference on the computer speakers during some (usually intense) HDD activity. The connections are solid (no recent changes/moves), but now when there is no background noise in the room, the HDD squealing sounds are quite noticeable. I just thought I'd let people know. Any suggestions would be appreciated, and I'll keep trying new snaps as they are released. - Scott dmesg: OpenBSD 5.1-beta (GENERIC.MP) #188: Thu Jan 26 15:00:02 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4023975936 (3837MB) avail mem = 3902701568 (3721MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB SRAT HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2M(S4) PS2K(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) UHC7(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.23 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu4 at mainbus0: apid 4 (application processor) cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu4: DTLB 48 4KB entries fully
Re: Narcicism?
On 12/01/11 02:28, John Tate wrote: I think I've found a bug in the OpenBSD crowd. They bug the hell out of me and my little mistakes. I am not talking about people who actually have a solution, but I can't seem to ask anything on this list without parrots coming along picking on me. I think some people just hang out here because it's the most anal bunch of hackers ever, in recorded history. What are your experiences? Is it true that occasionally we attract people who either love bullying or are just lazy and pretending to be one of the clever? It just figures some of these people sit on the list, and email you poorly researched crap with no answers contain. If you hate a question, it truly doesn't belong, bug me. But if you just can't answer a question, ignore it. John Tate. Note: Yes, it's not my list. John, if you don't mind, I'll give you some advice: Do your homework before posting to the list. Your basic instinct is to click Send instead of thinking first. I've lost count of how many of your posts were retracted by yourself, with a big oops, my bad or were replied to with RTFM-type responses. I got a kick out of one retraction where you said something like Sorry, I was drunk. You're obviously new here. Sure, it's a tough crowd at times, but that only happens when people don't bother reading the FAQ, or the man pages, or trying things out for themselves. A lot of people have asked stupid questions or said something dumb -- myself included -- and got painful responses. I've had my share of facepalm experiences and had my ass handed to me plenty of times, but I deserved it. But you know what? I try to not make a regular occasion of it. It seems you do. I help a lot of people off-list, and I know for a fact many others do the same. I've found through years of experience there are two kinds of people on this list: those that need a little help and pointed in the right direction, and those that need their hands held for every step. Guess which category I put you in? And that's exactly why I've helped you a grand total of zero times. Now you have the gall to come on this list and insult the people that are trying to help you. I don't think there's anyone on this list that sits idly, waiting for an opportunity to pick on or bully someone. Get a grip, get some thicker skin, and most of all, RTFM first. I guarantee that if you take my advice, you'll find this list to be a very, very valuable resource. Remember, there is a difference between *reading* and *comprehension*. Work a little harder on the latter and I think you'll find you won't be picked on. Stop playing the victim. You're not the first and it's old. -- Scott McEachern https://www.blackstaff.ca
Re: Narcicism?
On 12/01/11 10:25, John Tate wrote: I'm 24 years old. I was a Linux hacker since I was 13. I am a bit of a guru and do my own Kerberos and such on an all BSD/Linux network. OpenBSD and Debian Linux. I love OpenBSD, I'm a bit weird because I use bash. I can put up with being made fun of. At 13 I didn't just start learning Linux I started learning C++ as well. I failed to apprehend it properly at that age, but at an older age I relearned it well. I am the guru sort of guy, I know a hell of a lot but I'm still connecting it and in that sense still learning. John, sorry to burst your bubble, but in your case it really must be done. You are not a hacker. Really. You are not a guru. Really. You are a kid who is having a great deal of difficulty learning the basics. You say you're 24, but I seriously doubt that, considering you cannot spell narcissism and cannot distinguish between apprehend and comprehend. I think you are in dire need of a dictionary (I recommend Oxford). John, you are a legend, but only in your own mind. Your gun has no bullets; your pencil has no lead; your tree has no wood. You have some miles to go beyond setting up basic NFS before you can be called a hacker. This is a good start to your journey: $ man man Thanks for the laughs. No reply is necessary. Really. -- Scott McEachern https://www.blackstaff.ca
Re: Multi Link PPP support in Kernel
On 11/17/11 19:43, Stuart Henderson wrote: wow, people really still use multilink? i remember it being a fair hassle on the lns side back when we did it with dialup... over here (UK) the few people doing this sort of thing use per-packet IP load-balancing these days. Over here (Canada; Ontario specifically), where Russell and I are both located, the copper is owned by Bell Canada, a private company. They resell their bandwidth to independent ISPs, but *everyone* is stuck with the throttling that Bell applies during certain hours of the day. You mentioned dialup. Bell's throttle drops P2P traffic to the speed of a 56k modem, and to 28.8k during the most restrictive hours. I can't speak to Russell's reasons for using MLPPP, but myself and many others that use independent ISPs use MLPPP to evade the throttle. I don't know the technical details behind how it works, but it's currently the only way to get around Bell's throttle. Most people use the Tomato firmware on their modems, but OpenBSD does it perfectly for me. :) - Scott
Re: USB mouse
On 10/26/11 18:52, Zantgo wrote: How I can run USB mouse? Zantgo Did you try formatting it first?
Re: USB mouse
On 10/26/11 20:05, Christiano F. Haesbaert wrote: On 26 October 2011 20:52, Zantgozan...@gmail.com wrote: How I can run USB mouse? Zantgo It should work just by plugging it, have you tried ? Oh that's just pie-in-the-sky craziness. The next thing you'll be saying is that USB keyboards should just work.
Re: I can use snapshots packages in a release?
On 10/24/11 17:29, Zantgo wrote: What happens is that usually we talk about unified and synchronized to the manual, but I have not seen anything about the packages, then my question is, I can use packet-release snapshots?, ie have my PKG_PATH =.../snapshots/packages. Zantgo If you're asking if you can use -release packages with -current, then in a word, no. If you are running -stable (which is -release + patches), you can use the precompiled packages or build them yourself. (Note: packages for 5.0 won't be available until after Nov. 1st, so if you get your CD set early, you either have to wait or compile them yourself.) This info can be found in the FAQ. If you are running -current from source, update the ports tree source at the same time and compile them yourself. If you are running a snapshot, download the ports tree for that day and compile them yourself. This info can be found in the FAQ. Go read the freaking FAQ -- it's there for a reason -- instead of sending these silly emails. Or better yet, do as others have suggested: install OpenBSD on a spare machine and play around. Read the FAQ again and again before spamming the list (even) more, wasting everyone's time. You are either dense or just not listening.
xf86 driver won't compile
I think I'm missing something obvious here, so a clue-stick beating would be appreciated. In order to get applications like mplayer to work properly, I need to compile an ATI Radeon 4200 driver from x.org. (Thanks to brynet for that tip.) That used to work fine, but around mid-May it stopped compiling (details below). The configure script output has this slight difference: $ diff configure.ok configure.failure 88c88 checking for LIBDRM_RADEON... no --- checking for LIBDRM_RADEON... yes 132c132 Kernel modesetting: no --- Kernel modesetting: yes so I think I'm missing something simple, but with my limited knowledge, I'm just not understanding it. The driver compiles just fine when LIBDRM_RADEON is _not_ found, but craps out when it is found. I don't get it. Any help would be appreciated. Make spits out this: $ sudo make make all-recursive Making all in src CC ati.lo CC atimodule.lo CCLD ati_drv.la CC radeon_accel.lo radeon_accel.c: In function 'RADEONHostDataBlit': radeon_accel.c:866: warning: '__expected' may be used uninitialized in this function CC radeon_cursor.lo CC radeon_legacy_memory.lo CC radeon_driver.lo In file included from radeon_atombios.h:151, from radeon_driver.c:77: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_video.lo CC radeon_bios.lo In file included from radeon_atombios.h:151, from radeon_bios.c:42: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_mm_i2c.lo CC radeon_vip.lo CC radeon_misc.lo CC radeon_probe.lo CC legacy_crtc.lo In file included from radeon_atombios.h:151, from legacy_crtc.c:48: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC legacy_output.lo In file included from radeon_atombios.h:151, from legacy_output.c:49: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_textured_video.lo CC radeon_pm.lo In file included from radeon_atombios.h:151, from radeon_pm.c:39: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_crtc.lo In file included from radeon_atombios.h:151, from radeon_crtc.c:703: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_output.lo In file included from radeon_atombios.h:151, from radeon_output.c:50: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_modes.lo In file included from radeon_atombios.h:151, from radeon_modes.c:51: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_tv.lo In file included from radeon_atombios.h:151, from radeon_tv.c:26: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC CD_Operations.lo In file included from ./AtomBios/includes/Decoder.h:52, from AtomBios/CD_Operations.c:47: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC Decoder.lo In file included from ./AtomBios/includes/Decoder.h:52, from AtomBios/Decoder.c:45: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_atombios.lo In file included from radeon_atombios.h:151, from radeon_atombios.c:34: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning radeon_atombios.c: In function 'rhdAtomParseI2CRecord': radeon_atombios.c:1608: warning: initialization from incompatible pointer type CC radeon_atomwrapper.lo In file included from radeon_atomwrapper.c:33: ./AtomBios/includes/CD_Common_Types.h:82: warning: ignoring #pragma warning ./AtomBios/includes/CD_Common_Types.h:156: warning: ignoring #pragma warning CC radeon_dri.lo CC radeon_exa.lo CC
Re: xf86 driver won't compile
On 07/20/11 11:06, David Coppa wrote: I think you need to pass --disable-kms to ./configure Thank-you David and Nigel! That works perfectly, and I'm now (very happily) back to running -current. (I'm currently compiling a bunch of ports, and waited until thunderbird finished before replying.) I _knew_ I was overlooking something simple... When it came to the configure script diff, I was paying attention to LIBDRM_RADEON and trying to include this and that, while kernel modesetting was the problem. And to think, I _almost_ didn't paste those lines from the diff thinking they were irrelevant. Thanks again guys, - Scott
Userland ppp stopped working between Mar24 and Apr8
I originally sent this message to misc@ on April 17/2011, but I never got a response and I can't find it in the archives. (I found this copy in my sent mail). I guess it never went through. Since I never heard anything back, I figured I'd wait a while and see if the problem got corrected after the kernel hackathon finished. (It didn't.) I gave the most recent snapshot (June 29) a try, and the problem remains, so I'll try sending this again. I haven't seen anything about this on the list since; surely I can't be the only person who has run into this. My original message: After some experimenting, I've discovered that userland ppp stopped working normally at some point between the March 24th and April 8th snapshots. I've been using the same ppp.{conf,linkup,linkdown} files for 6 months now with 4.8-stable without any problems. This weekend I decided to change firewall hardware and use -current, and the same configuration fails. It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work just fine. The next snap I have in my collection is Apr. 8th, and everything since then including Apr. 17th, fails. Replication is simple: - clean install, not an upgrade. No customizing/tweaking anything. - copy my known-good ppp.* files over - up the interface my DSL modem is on - adjust syslog.conf to allow ppp logging to /var/log/ppp.log # ppp -ddial mlppp (config file below; normally this done from rc.local) - with anything = Mar 24th, the connection works straight away - with anything = Apr. 8th, the ppp process loops continuously trying to establish the connection Looking at the log, the old version shows LCP: 2: RecvConfigReq, after which my MRU drops from 1500 to 1492, and the connection ultimately succeeds. The new version only shows LCP: 2: SendConfigReq and the redial process loops until manually stopped. Does anyone have any idea if my config needs adjusting, or have I found a bug? The only variable is the version of -current I use, and the ppp(8) man page is the same. Nothing to indicate that my config needs adjusting. I'm not sure if the following log snippets show the proper information, so I'll wait for requests for full logs instead of spamming the list with a hugely long post. Thanks, - Scott Log snippet from successful connection: Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3 Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired. Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected! Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- Closed Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- Stopped Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = Stopped Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1500 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x48a3693d Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2] Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- Ack-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = Ack-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2] Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = Ack-Sent Log snippet from unsuccessful connection: Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3 Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired. Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired. Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected! Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier Apr 17
Re: Userland ppp stopped working between Mar24 and Apr8
On 07/04/11 10:56, Stuart Henderson wrote: On 2011-07-04, Scott McEachernsc...@blackstaff.ca wrote: I gave the most recent snapshot (June 29) a try, and the problem remains, so I'll try sending this again. I haven't seen anything about this on the list since; surely I can't be the only person who has run into this. does this help? It is now working perfectly, thank-you very much Stuart! (Truth be told, I saw your commit on src, so I just did a cvs update vs. applying the patches by hand.) They were applied against the known bad Apr 8th snapshot, but I'll confirm with -current when a new snap is released. - Scott
Userland ppp stopped working between Mar24 and Apr8
After some experimenting, I've discovered that userland ppp stopped working normally at some point between the March 24th and April 8th snapshots. I've been using the same ppp.{conf,linkup,linkdown} files for 6 months now with 4.8-stable without any problems. This weekend I decided to change firewall hardware and use -current, and the same configuration fails. It's not the hardware: 4.8-stable and snapshots up to Mar. 24th work just fine. The next snap I have in my collection is Apr. 8th, and everything since then including Apr. 17th, fails. Replication is simple: - clean install, not an upgrade. No customizing/tweaking anything. - copy my known-good ppp.* files over - up the interface my DSL modem is on - adjust syslog.conf to allow ppp logging to /var/log/ppp.log # ppp -ddial mlppp (config file below; normally this done from rc.local) - with anything = Mar 24th, the connection works straight away - with anything = Apr. 8th, the ppp process loops continuously trying to establish the connection Looking at the log, the old version shows LCP: 2: RecvConfigReq, after which my MRU drops from 1500 to 1492, and the connection ultimately succeeds. The new version only shows LCP: 2: SendConfigReq and the redial process loops until manually stopped. Does anyone have any idea if my config needs adjusting, or have I found a bug? The only variable is the version of -current I use, and the ppp(8) man page is the same. Nothing to indicate that my config needs adjusting. I'm not sure if the following log snippets show the proper information, so I'll wait for requests for full logs instead of spamming the list with a hugely long post. Thanks, - Scott Log snippet from successful connection: Apr 17 21:09:22 fw0 ppp[30518]: tun0: Chat: 2: Reconnect try 2 of 3 Apr 17 21:09:25 fw0 ppp[30518]: tun0: Chat: 2: Redial timer expired. Apr 17 21:09:25 fw0 ppp[30518]: tun0: Warning: Carrier settings ignored Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: Connected! Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: opening - dial Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: dial - carrier Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: carrier - login Apr 17 21:09:25 fw0 ppp[30518]: tun0: Phase: 2: login - lcp Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: FSM: Using 2 as a transport Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Initial -- Closed Apr 17 21:09:25 fw0 ppp[30518]: tun0: LCP: 2: State change Closed -- Stopped Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: LayerStart Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(6) state = Stopped Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1500 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x48a3693d Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2] Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Stopped -- Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigReq(138) state = Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigAck(138) state = Req-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRU[4] 1492 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: AUTHPROTO[4] 0xc023 (PAP) Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MAGICNUM[6] 0x4a64ebd8 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: State change Req-Sent -- Ack-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: RecvConfigRej(6) state = Ack-Sent Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: MRRU[4] 1485 Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: SHORTSEQ[2] Apr 17 21:09:26 fw0 ppp[30518]: tun0: LCP: 2: SendConfigReq(7) state = Ack-Sent Log snippet from unsuccessful connection: Apr 17 21:07:29 hellgate ppp[30239]: tun0: Chat: 2: Reconnect try 2 of 3 Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 1: Redial timer expired. Apr 17 21:07:32 hellgate ppp[30239]: tun0: Chat: 2: Redial timer expired. Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: Connected! Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: opening - dial Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: dial - carrier Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: carrier - login Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 1: login - lcp Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: FSM: Using 1 as a transport Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Initial -- Closed Apr 17 21:07:32 hellgate ppp[30239]: tun0: LCP: 1: State change Closed -- Stopped Apr 17 21:07:32 hellgate ppp[30239]: tun0: Warning: Carrier settings ignored Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: Connected! Apr 17 21:07:32 hellgate ppp[30239]: tun0: Phase: 2: opening - dial Apr 17 21:07:32
Re: Is VPN initiation by traffic possible?
On 04/13/11 05:19, nemir nemirius wrote: Hi, One of my clients is a major bank. We need to exchange data a few times a day at different intervals, and they're insisting that we initiate the VPN on demand with relevent traffic. It works from their end. Tunnel is down, they send a ping, first packet is dropped as the tunnel is brought up, subsequent traffic reaches its destination. It's called port knocking. Google is your friend here.
Re: Is VPN initiation by traffic possible?
On 04/13/11 09:38, Randal L. Schwartz wrote: Scott == Scott McEachernsc...@blackstaff.ca writes: Scott It's called port knocking. Google is your friend here. And if you recommend or use port knocking, you're an amateur at crypto. If adding 8 sniffable bits to your effective key length makes you significantly more secure, you've lost the game already. I'm not advocating it, but it is what he's asking about. I should have added This is not a good idea, but I was hoping he'd figure that out by reading about it. Nemir, you might want to go back and find out exactly what problem the bank is trying to solve with their idea.
Re: MAXDSIZ
On 03/30/11 19:18, Henning Brauer wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 01:09]: On Wed, Mar 30, 2011 at 5:47 PM, Henning Brauerlists-open...@bsws.de wrote: * Amit Kulkarniamitk...@gmail.com [2011-03-31 00:45]: Nothing directly, just observing a comparison of default choice. OpenBSD opts for one strategy (bufcache = 10%) and Opensolaris opts for another (bufcache close to 100%). you are wrong. where? please educate me. your guess on the reasoning for the default is oh so wrong. nuff said. have a beer or 13, relax and wait. (and your 13 gonna be cheaper than one bjor here) Gonna chime in that I'm quite curious as well. Anyone else care to explain why? My assumptions for why OpenBSD's bufcache percent being low are probably quite wrong. And what are we readers to wait for, anyway?
Re: kernel panic after install reboot
On 03/27/11 19:21, Sha'ul wrote: At the boot prompt I put bsd.rd and it probes and gives me the install options (I)nstall (U)pgrade (S)hell, I went to shell and dmesg worked, but how can I supply a copy of it here without net connection and without OS login capabilities? FYI, trying to help you off-list results in this: sh...@lavabit.com: host lavabit.com[72.249.41.52] said: 451 This user account has been configured not to accept more than 10 messages per twenty-four hour period. Please try again later. (in reply to RCPT TO command) You may want to fix that.
Re: mplayer video sluggish with Radeon HD 4200
On 03/26/11 12:11, Brynet wrote: Hi Scott, I have a Mobility Radeon HD 4200, indeed, xf86-video-ati in base lacks 2D/3D XVideo acceleration. Compiling a newer version of the radeon DDX driver works for me, trying the obsolete radeonhd driver is also an option (..I found it unstable). So far, 6.14.0 works.. 6.14.1 does not (X server segfaults). Hi Bryan, I tried the new driver you suggested and with light testing it works quite well. For standard apps (firefox, thunderbird, amarok), and mplayer with regular def and HD it's just fine. mplayer with 1080p is slow, but since I only have a handful of vids at that resolution, I'm not too concerned. In other words, it's good enough and I'm far better off than I was yesterday, so thank-you very much for your suggestion! :D Later, I might give 6.14.1 a shot just for giggles.
mplayer video sluggish with Radeon HD 4200
Hi, I'm having an issue where video playback in mplayer is sluggish in full-screen mode with Radeon HD 4200 onboard video. This applies only to -current, with either i386 or amd64. In 4.8-stable (amd64 or i386), Mplayer is perfectly fine in either normal or full-screen mode on the same hardware. x.org.conf, dmesg, xdpyinfo and xvinfo files are below. Mplayer is the same version between 4.8 and -current, but the X.Org version goes from 1.8.2 to 1.9.3. Googling for mplayer + x.org 1.9.3 + radeon hd 4200 doesn't yield anything useful, and the archives only offer tedu@'s post about using gl instead of x11 for Intel chipsets. I've tried all vo= modes available, including x11, xv, gl and gl2. x11 works best, but video playback appears to be somewhat less than 1.00 speed. All frames appear correctly without any distortion, just slower than normal, as if the frame rate was lowered. Audio is fine but out of sync, of course. Has anyone else experienced similar problems / found solutions? I can't find any setting in the man page that corrects this behaviour, but it's worth noting that for full-screen to work, the zoom=1 setting has to be enabled, even for -stable. I'm out of gas on this. - Scott xvinfo for both -current and 4.8-stable only gives: $ cat xvinfo.output X-Video Extension version 2.2 screen #0 no adaptors present xorg.conf: Section ServerLayout Identifier X.org Configured Screen 0 Screen0 0 0 InputDeviceMouse0 CorePointer InputDeviceKeyboard0 CoreKeyboard EndSection Section Files ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/OTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ EndSection Section Module Load dbe Load dri Load dri2 Load extmod Load glx Load record EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier Mouse0 Driver mouse Option Protocol wsmouse Option Device /dev/wsmouse Option ZAxisMapping 4 5 6 7 EndSection Section Monitor #DisplaySize 450 280 # mm Identifier Monitor0 VendorName HWP ModelNameHP f2105 HorizSync30.0 - 94.0 VertRefresh 48.0 - 85.0 Option DPMS EndSection Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz, ### percent: f% ### [arg]: arg optional #Option NoAccel # [bool] #Option SWcursor # [bool] #Option Dac6Bit # [bool] #Option Dac8Bit # [bool] #Option BusType # [str] #Option CPPIOMode # [bool] #Option CPusecTimeout # i #Option AGPMode # i #Option AGPFastWrite # [bool] #Option AGPSize # i #Option GARTSize # i #Option RingSize # i #Option BufferSize# i #Option EnableDepthMoves # [bool] #Option EnablePageFlip# [bool] #Option NoBackBuffer # [bool] #Option DMAForXv # [bool] #Option FBTexPercent # i #Option DepthBits # i #Option PCIAPERSize # i #Option AccelDFS # [bool] #Option IgnoreEDID# [bool] #Option DisplayPriority # [str] #Option PanelSize # [str] #Option ForceMinDotClock # freq #Option ColorTiling # [bool] #Option VideoKey # i #Option RageTheatreCrystal# i #Option RageTheatreTunerPort # i #Option RageTheatreCompositePort # i #Option RageTheatreSVideoPort # i #Option TunerType # i #Option RageTheatreMicrocPath # str #Option RageTheatreMicrocType # str #Option ScalerWidth # i #Option RenderAccel # [bool] #Option SubPixelOrder # [str] #Option ShowCache # [bool] #Option DynamicClocks # [bool] #Option VGAAccess # [bool] #Option
Re: mplayer video sluggish with Radeon HD 4200
On 03/25/11 19:47, Scott McEachern wrote: dmesg: OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011 sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP Sorry, I posted the dmesg for a system with POOL_DEBUG disabled. There is no dmesg difference between it and GENERIC.MP, but the diff is below anyway. The problem remains the same. This is using -current from anoncvs as of about two hours ago. I also forgot to mention I've tried playback with -framedrop and yes, the video is in sync with the audio, but looks like crap with a bunch of frames missing. Go figure. :) - Scott dmesg diff from previous message: (the iic0 values change on every boot anyway) OpenBSD 4.9-current (BLACKSTAFF.MP) #1: Wed Mar 23 23:22:50 EDT 2011 sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/BLACKSTAFF.MP --- OpenBSD 4.9-current (GENERIC.MP) #0: Fri Mar 25 20:56:58 EDT 2011 sc...@blackstaff.blackstaff.ca:/usr/src/sys/arch/i386/compile/GENERIC.MP 89c89 iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 16=2c 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 06= 07= --- iic0: addr 0x20 01=19 02=24 03=2e 04=00 05=00 06=00 07=00 08=00 09=00 0a=10 0b=10 0c=10 0d=10 0e=16 0f=88 10=3d 11=00 12=00 13=00 14=0a 15=0a 16=2b 17=a0 18=e0 1a=ae 1b=a4 1c=b3 1d=00 1e=0c 1f=01 20=09 21=09 22=09 23=09 24=bb 3e=03 words 00=ff19 01=1924 02=242e 03=2e00 04= 05= 06= 07=
Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo
On 03/14/11 21:06, Scott McEachern wrote: The problem is that the kernel freezes when booting any of: bsd.rd, for either amd64 or i386, -current or 4.8-stable; any GENERIC kernel for amd64/i386 -current or 4.8-stable on an installed system. (partial dmesgs below). My apologies for the delay: A big thank-you to Jordan Hargrave (jordan@) for working with myself and Tero Koskinen and having a fully working patch within a day. Impressive! ACPI works perfectly in my testing with 4.9-current (amd64 and i386) on Pentium 4 and Asus/Phenom hardware. As a bonus, it also works for the above hardware with i386/4.8-stable and amd64/4.8-release. So thanks again Jordan! - Scott
Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo
On 03/16/11 10:54, Tero Koskinen wrote: I have exactly same motherboard with Phenom II X4. For me, it helps when I disable acpi. (boot -c disable acpi during the boot) You know, I'd absolutely *swear* I tried that to no avail, but trying it again, I can get it to boot. I have a funny feeling I went too quickly before and typed disable ahci by accident. With acpi disabled for the test install of both 4.8-release and -current it didn't see all six cores and installed bsd.sp as bsd. After fixing that manually it sees all cores. Now I'll try a full install on the desired HDD, build the system from scratch and see how that goes. If it works, I'll post a dmesg in a bit. So far, it looks like everything will be fine but it does indicate there are still issues in the ACPI code. But hey, at least it seems to work and is a lot better than a kernel hang and not having OpenBSD at all! :) - Scott
Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo
On 03/17/11 18:22, Stuart Henderson wrote: Modern machines *expect* to have the acpi code running, acpi controls many aspects of the system including some methods to maintain correct system temperature. Absolutely. Which is why this box, (once it has completed some build tasks for other machines), will be running -current in the hope that acpi works some day soon. Either that, or I have to use FreeBSD until 5.0 (and hope acpi works then), and I'm not too keen on that idea. ;)
Re: amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo
On 03/17/11 19:31, Jordan Hargrave wrote: It looks like there is a bug in the AML on that particular system (the code is being called in from the atk0110 driver). bios0: vendor American Megatrends Inc. version 2105 date 07/23/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO Eventually the AML code tries to execute the following: Store (SMBU, Local5) While (Not (LEqual (And (Local5, 0x02), Zero))) { Sleep (0x64) Store (SMBU, Local5) } It should be: While (LNot (LEqual (And (Local5, 0x02), Zero))) The first code, the while loop is always true since they are using a bitwise Not not a Logical Not. So the issue is with that specific system/BIOS/AML. If anyone has any patches they want tested, I'm more than happy to do so for both i386 and amd64. :)
amd64/i386 kernel freezes on Asus M4A785TD-V EVO mobo
I bought some new hardware the other day, including an Asus M4A785TD-V EVO motherboard and an AMD Phenom II X6 1100T CPU. The problem is that the kernel freezes when booting any of: bsd.rd, for either amd64 or i386, -current or 4.8-stable; any GENERIC kernel for amd64/i386 -current or 4.8-stable on an installed system. (partial dmesgs below). I have a spare P4 and can easily swap the HDD between it and the new box, so I can install i386 or amd64 on it, and drop the drive into the new box to test. Although I haven't a clue what most of the BIOS knobs actually do, I've tried fiddling with every setting I can, and I always get the same freeze. The knobs I've played with include: - ACPI SRAT table enabled/disabled - Plug and Play OS No/Yes - Suspend mode Auto/S1 (POS) only/S3 only - ACPI 2.0 support enabled/disabled If anyone has any suggestions, I'd love to hear them. I'm dying to get my OS of choice working on this machine! Since I have a spare box and can swap HDDs easily, I'm more than willing to work with anyone to test code in amd64 or i386-land in 4.9-current. I'm ready to freak out that my brand-new workstation won't run OpenBSD. :( Below are (probably too many) hand-typed dmesgs in the hope that together they might help someone deduce what the problem is. FWIW, I've just tried today's amd64-current snapshot (March 14) and I get the same results as with the March 2 snap shown below. OpenBSD amd64/4.9-current installed on a P4, HDD moved to AMD box: (off screen) cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu4 at mainbus0: apid 4 (application processor) cpu4: AMD cpu4: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu4: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu4: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu4: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu5 at mainbus0: apid 5 (application processor) cpu5: AMD cpu5: AMD Phenom(tm) II X6 1100T Processor, 3314.79 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu5: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu5: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu5: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz (frozen) bsd.rd for amd64/4.9-current (booted from a USB stick): (off screen) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus 0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X6 1100T Processor, 3315.17 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: apic clock running at 200MHz cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 6 pa 0xfec0, version 21, 24 pins (frozen) bsd.rd for i386/4.9-current (Feb 16th): (off screen) t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: AMD Phenom(tm) II X6 1100T Processor (AuthenticAMD 686-class, 512KB L2 cache) 3.32 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT real mem = 3219283968 (3070MB) avail mem = 3159662592 (3013MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/18/10, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version 2103 date 06/18/2010 bios0: ASUSTeK Computer INC. M4A785TD-V EVO acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG OEMB SRAT HPET SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus 0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X6 1100T
Re: OT - gmail alternatives
On 12/09/10 10:01, lh wrote: Hi, what are the good available alternatives (security/privacy) for gmail you're using? Cheers! As many others suggested, using your own mail server that you control is the *best* way, but that doesn't answer your question. I know people that use Lavabit.com for free email and they swear by it. (I use my own mail server, thank-you.) The lavabit page boasts of privacy (a system so secure http://lavabit.com/secure.html that even our administrators cant read your e-mail) but you can never really know unless you're an admin there. They offer encrypted connections/ports to send/receive on top of port 25. HTH, - Scott
OT - secondary DNS recommendations
It seems my free-as-in-beer secondary DNS service, EveryDNS.net, has abandoned WikiLeaks, so I'd like to return the favour. Given the (general) support of WikiLeaks here, I was wondering if anyone could recommend a free alternative to replace EveryDNS.net? I know how to use Google to find free alternatives, I'm looking for *recommendations* for a simple two-domain home network. Thanks in advance, - Scott
Re: OT - secondary DNS recommendations
To the folks that replied on- and off-list with their _recommendations_ from personal experience, thank-you very much! That's exactly what I was looking for. I'm doing my due diligence and will investigate them all. For the folks that replied with alternatives but no actual recommendation, thanks anyway. :) At least you tried. Regards, - Scott
Re: help
On 11/08/10 06:40, Gaby Vanhegan wrote: On 8 Nov 2010, at 11:33, Joe Warren-Meeks wrote: On 8 November 2010 10:46, stevest...@crs.com wrote: help I need somebody. help... Not just anybody.
Re: i386 and amd64 snapshots - kernel SHA256 mismatch
On 10/15/10 20:29, Theo de Raadt wrote: Another alternative is that I only do snapshot builds about every 2 weeks. How's that idea? A little off-topic, but now's as good a time as any to ask: I sometimes see the snaps (or X) haven't been built for a few or more days, and I was just wondering why that is? Is the build automated, or manually run? I see the times are usually ~2pm and ~10pm, Mountain time. If I see a snap hasn't been built for a while, I'll usually hold off on updating the source because something major might be only part way complete. I'll wait until a new snap, install (or update) it, then update the source and build. Is this silly? Don't get me wrong, I'm not complaining, I'm just wondering.
Re: FreeBSD isn't Free
On 10/06/10 12:50, Theo de Raadt wrote: Then you may be detained next time you attempt to travel internationally. You are free to stay at home, though. I'm not trying to be a wise-acre here, I agree with Theo 100%. I doubt anyone wants to be screwed by customs (anywhere) due to licencing issues. I also don't doubt that customs would dig deep to find dirt if they really wanted to. My question is: Has it ever happened to anyone? Has anyone actually had a customs agent say Wait a minute, you're using /foo/ OS. You can't be crossing our border. No flames please; I'm just curious. I realize the distinction here is between it not being possible (OpenBSD) and theoretically possible (FreeBSD).