Re: Bootable installation partition on a hard drive?

2020-09-07 Thread tom ryan 


On 7/9/20 5:07 pm, Walt wrote:
> I have a new server on order that should arrive in a few days. It's intended 
> purpose is to replace my current firewall. It has no CD and so I'll make and 
> use a bootable flash drive as described in the Installation Guide section of 
> the FAQ.
> 
> The server will have a second ssd drive and so I got to wondering if it might 
> be useful to create a bootable partition on the drive and install the 
> installation on it.
> 
> I'm probably not going to do this but I am curious about whether it would 
> work very well. I'll probably install a second copy of the OS on the second 
> drive and mirror all configuration files to it so that if anything happens to 
> the main drive, I can turn around and boot from the second and be up and 
> running almost immediately.

Maybe you want to just run them in a softraid mirror...

https://www.openbsd.org/faq/faq14.html#softraidDI

> 
> Thanks,
> 
> Walt
> 
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>

Re: fw_update issue with colon in URL

2020-07-14 Thread tom ryan 
On 15/7/20 5:57 am, mabi wrote:
> http://firmware.openbsd.org/firmware/6.7/: no such dir
> Couldn't find updates for intel-firmware-20191115v0
> 
> It looks like I have a colon ":" at the end of the URL which of course makes 
> the URL invalid. Now how could this happen? and in which file do I fix that?

That's just a separator in the output, not in the URL.

  : 

hth

Re: More than 16 partitions

2020-04-23 Thread tom ryan 
On 2020-04-24 04:45, zeurk...@volny.cz wrote:

> Your point is well-taken (though this is just the way mespeaks); yet,
> Theo is a native speaker

No-one is a native speaker of this made up crap, mecraps

Re: Hosting a CDN question

2020-03-18 Thread tom ryan 
On 2020-03-18 19:42, Stuart Henderson wrote:
> On 2020-03-17, Flipchan  wrote:
>> Yeah the point with a cdn is to lower the latency of it so therefor you what 
>> is needed is just not only a fast http server but  a traffic redirector 
>> depending on the end users origin
> 
> Doing this via redirects does not lower latency, it increases it.
> 
> It may reduce overall time to fetch objects if they are large enough
> that faster transfers speed things up enough to offset the higher
> latency from connecting to one server, requesting, being redirected,
> connecting to the second server, requesting, receiving content.

This is equally true if there are many objects to fetch, especially if
they aren't all fetched at once - they don't need to be large for the
magic to help.

> To reduce latency you need another way to direct users to a nearby
> server without doing redirects. Usually either geolocation-aware DNS
> that hands out an IP address close to the user's DNS resolver (this
> can have problems if the user uses a non-local resolver as is the case
> with some DNS privacy services, but is not usually too bad - look at
> thd geoip flavour of the isc-bind port, or gdnsd)), or BGP anycast with
> connections to other networks around the world (as well as BGP skills,
> you need an AS number, at least a /24 of address space that you can use
> for this purpose, and hosting providers that will allow you to make BGP
> announcements).

I've never used this, but it definitely attempts to solve these issues:
https://trafficcontrol.apache.org/

IIRC it was developed at Comcast for VOD (ie many large objects), and is
built around Apache Traffic Server (ex Yahoo)

It uses DNS to get as close as it can, then 302s the first HTTP request
based on source IP

> Alternatively the pages pulling in the content can do a dynamic
> lookup and use a local-to-the-user hostname when referencing
> the objects

Re: Jitsi on OpenBSD

2020-03-16 Thread tom ryan 
On 2020-03-16 21:59, Edd Barrett wrote:
> Could be that the jitsi server is overloaded.

I doubt that - unless it's changed since I last looked, the Jitsi server
does very little actual "work" during a call... most of the work is done
in the browser (which is why Jitsi scales to "many calls" very well, and
"many participants" very poorly)

changed UpdateHostKeys behaviour in current?

2020-01-27 Thread tom ryan 
I've just updated to the latest snap, and now every SSH connection I
make is asking me to accept updated hostkeys.

$ ssh somehost
Learned new hostkey: RSA SHA256:
Learned new hostkey: ED25519 SHA256:
Accept updated hostkeys? (yes/no):

I see that some changes have been occurring around UpdateHostKeys -
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c

Eg
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.c?rev=1.415=text/x-cvsweb-markup

Is this expected behaviour? Kind of creepy to have every connection ask
to accept new host keys at the same time!

Thanks

Re: Disable ftp in pkg_add syspatch sysupgrade

2019-10-30 Thread tom ryan 
On 2019-10-29 20:19, PJ wrote:
> Am 28.10.19 um 23:52 schrieb Stuart Henderson:
>> On 2019-10-28, Andy Lemin  wrote:
>>> Hi guys,
>>>
>>> Does anyone know if it is possible to completely disable ftp in the package 
>>> management utilities; pkg_add, syspatch, sysupgrade etc?
>>>
>>> My PKG_PATH references http:// urls, as does /etc/install. But I cannot 
>>> stop these tools trying to use ftp which does not work! :(
>> Can you show some example URLs, for example from "pgrep -lf ftp" while
>> trying to use one of these utilities?
>>
>> The only place I would expect to see ftp:// URLs used
> 
> 
> grep ftp /usr/sbin/sysupgrade

$ grep -ne ftp -e URL -e MIRROR /usr/sbin/sysupgrade
102:0)  MIRROR=$(sed 's/#.*//;/^$/d' /etc/installurl) 2>/dev/null ||
103:MIRROR=https://cdn.openbsd.org/pub/OpenBSD
105:1)  MIRROR=$1
117:URL=${MIRROR}/snapshots/${ARCH}/
119:URL=${MIRROR}/${NEXT_VERSION}/${ARCH}/
136:unpriv -f SHA256.sig ftp -Vmo SHA256.sig ${URL}SHA256.sig
176:unpriv -f $f ftp -Vmo ${f} ${URL}${f}

Your point?


> 
>> is when fetching
>> certain distfiles while building some things from ports (and they would
>> usually fallback to http://ftp.openbsd.org/pub/OpenBSD/distfiles if
>> the ftp fetch failed)..
>>
>>
>>
>

Re: How to dock laptop more easily

2019-10-14 Thread tom ryan 
On 2019-10-14 19:33, Marcus MERIGHI wrote:
> j...@begriffs.com (Joe Nelson), 2019.10.14 (Mon) 04:32 (CEST):
>> I'd like to write a daemon to change machdep.lidaction and the xrandr output 
>> as
>> an external monitor or power is attached/detached from my laptop. Is there a
>> way to detect those events from a C program?
>  
> x-on-resize[1] might help with detecting plug/unplug events of external
> monitors.
> 
> [1]
> https://keithp.com/blogs/x-on-resize/
> git://people.freedesktop.org/~keithp/x-on-resize
> https://github.com/thedward/x-on-resize
> https://marc.info/?l=openbsd-misc=148839239518671

I was about to mention x-on-resize. I use it to invoke autorandr.

https://pypi.org/project/autorandr/

And for power there's already sensorsd

$ sysctl hw.sensors.acpibat0.raw0
hw.sensors.acpibat0.raw0=1 (battery discharging), OK

Not sure how you will transition from this state:

>> PowerMon  Open| SleepDisplay
>> --+--
>>  x| asleep

to this one:

>> xx| awakeexternal

I.e. wake up from standby when power is applied, without opening the
laptop - machdep.lidaction won't help with that.

t

> Marcus
> 
>> Here is how I want the sleep state and output display to change based on
>> whether power is connected, an external monitor is attached, and the laptop 
>> is
>> open:
>>
>> PowerMon  Open| SleepDisplay
>> --+--
>> xxx   | awakeboth
>> xx| awakeexternal
>> x x   | awakelaptop
>> x | asleep
>>  xx   | awakeboth
>>  x| asleep
>>   x   | awakelaptop
>>   | asleep
>>
>> -- 
>> Joe Nelson  https://begriffs.com
>>
>

Re: Ansible install Re: Reboot and re-link

2019-06-22 Thread tom ryan 
On 6/22/19 7:23 AM, Frank Beuth wrote:
> I wonder if there is a way to have Ansible build a custom
> autoinstall.conf (using templates) and insert it into bsd.rd immediately
> prior to uploading.

I use elfrdsetroot from upobsd to do something along these lines


$ pkg_info upobsd
Information for inst:upobsd-1.1

Comment:
download, verify and patch bsd.rd image

Description:
upobsd is a ksh(1) script designed to download, verify and optionally
patch bsd.rd image.

upobsd will download bsd.rd image using ftp(1) from mirror defined in
installurl(5), will verify the downloaded file using signify(1) and
local key inside /etc/signify to ensure integrity, and optionally patch
the image for adding auto_install.conf or auto_upgrade.conf file to add
support of offline autoinstall(8).

Maintainer: Sebastien Marie 

WWW: https://bitbucket.org/semarie/upobsd

ppp connect problem - Change route failed: errno: Network is unreachable

2005-10-11 Thread tom ryan 
Hi,

ppp does connect, over my bridging dsl router, but it drops the
connection after approx 20 seconds.  I think the important log entry
is this:

tun0: Warning: 0.0.0.0/0: Change route failed: errno: Network is unreachable

I tried with and without my regular ppp.linkup so I'm sure it's
nothing in there.

I'm working on this from about 10.5k miles remote so I've got to be a
bit careful, but I've bunged my public key in .ssh/authorized_keys and
added passwordless sudo for meself so I can do a fair bit with my
precious 20 seconds.

I've included the log between two redials below, followed closely by
my ppp.conf, ppp.linkup and finally a 'netstat -nrfinet'.  Please cc
me in replies as I'm not on list.

thanks a lot  rgds
Tom Ryan

Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: HUPing 25083
Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: hangup - opening
Oct 12 01:14:55 fairfield ppp[24551]: tun0: Phase: deflink: Enter
pause (15) for redialing.
Oct 12 01:14:55 fairfield ppp[24551]: tun0: Chat: deflink: Reconnect
try 328 of 1
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Chat: deflink: Redial timer expired.
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Warning: Carrier settings ignored
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: Connected!
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: opening - dial
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: dial - carrier
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: carrier - login
Oct 12 01:15:10 fairfield ppp[24551]: tun0: Phase: deflink: login - lcp
Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: FSM: Using deflink
as a transport
Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: deflink: State change
Initial -- Closed
Oct 12 01:15:10 fairfield ppp[24551]: tun0: LCP: deflink: State change
Closed -- Stopped
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: LayerStart
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
SendConfigReq(247) state = Stopped
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1500
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x12e40f3c
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  QUALPROTO[8] proto
c025, interval 5000ms
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change
Stopped -- Req-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
RecvConfigReq(117) state = Req-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1492
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  AUTHPROTO[5] 0xc223
(CHAP 0x05)
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x78576f89
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
SendConfigAck(117) state = Req-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1492
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  AUTHPROTO[5] 0xc223
(CHAP 0x05)
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x78576f89
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change
Req-Sent -- Ack-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
RecvConfigRej(247) state = Ack-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  QUALPROTO[8] proto
c025, interval 5000ms
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
SendConfigReq(248) state = Ack-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1500
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x12e40f3c
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
RecvConfigAck(248) state = Ack-Sent
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1500
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x12e40f3c
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: State change
Ack-Sent -- Opened
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink: LayerUp
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
SendEchoRequest(0) state = Opened
Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: bundle: Authenticate
Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: deflink: his = CHAP
0x05, mine = none
Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: Chap Input:
CHALLENGE (16 bytes from vez8-exhibition)
Oct 12 01:15:11 fairfield ppp[24551]: tun0: Phase: Chap Output:
RESPONSE (###)
Oct 12 01:15:11 fairfield ppp[24551]: tun0: LCP: deflink:
RecvEchoReply(0) state = Opened
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink:
RecvConfigReq(2) state = Opened
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink: LayerDown
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP:  AUTHPROTO[5] 0xc223
(CHAP 0x05)
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x78e2a657
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP: deflink:
SendConfigReq(249) state = Opened
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP:  MRU[4] 1500
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP:  MAGICNUM[6] 0x4273c88f
Oct 12 01:15:13 fairfield ppp[24551]: tun0: LCP:  QUALPROTO[8] proto