Re: www/56.html: fix version numbers of less and perl

On Thu, 7 Aug 2014 00:31:14 +0200, Theo Buehler t...@math.ethz.ch wrote: The version numbers of less and perl in 56.html are incorrect. While there, nsd's version is wrong too: http://marc.info/?l=openbsd-cvsm=139481293201958w=2 Index: 56.html

Re: Changing naming order of HDD SD drives on boot by kernel

On Fri, 15 Aug 2014 11:37:56 +0400, Denis Lapshin den...@mindall.org wrote: Is it possible to change or set fixed device names for drives like SD0, SD1, SD2, SD3 and so on. http://www.openbsd.org/faq/faq14.html#DUID Cheers, -- Vigdis

[patch] errata 55/09, 55/10, 54/13 and 54/14 not linked in security.html

Hi, Index: security.html === RCS file: /cvs/www/security.html,v retrieving revision 1.417 diff -u -p -r1.417 security.html --- security.html 28 Jul 2014 16:48:23 - 1.417 +++ security.html 19 Aug 2014 13:42:42

Re: etc56.tgz missing in SHA256[.sig]

On Wed, 27 Aug 2014 19:47:33 +0200, Martijn Rijkeboer mart...@bunix.org wrote: Hi, The files http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/SHA256[.sig] don't have a hash for etc56.tgz and the etc56.tgz file is also older that the other base files. Is this an error or did I miss

Re: errors trying to build userland from source

On Sun, 7 Sep 2014 19:56:19 +0900, Joel Rees joel.r...@gmail.com wrote: and I get the following output: if [ ! -d //. ]; then install -d -o root -g wheel -m 755 /; fi mtree -qdef mtree/4.4BSD.dist -p // -U mtree: unknown group _unbound mtree: failed at line 840 of the

httpd(8) questions

Hi, I begin to play with httpd, but I found three annoying things: I use it on my laptop for two things, have a local mirror of OpenBSD website and provide some files to other computers in the network. I set up a server: server default { listen on egress port 80 directory auto

document apmd -C replacement : perfpolicy

Hi, I wanted to use the new performance throttling system but I had to look for what to change so if I can prevent others from doing it. Feel free to modify the wording :) Cheers, Daniel Index: sysctl.8 === RCS file:

Re: Local changes to /etc/services?

On Fri, 7 Nov 2014 08:46:52 + (UTC), Stuart Henderson s...@spacehopper.org wrote: On 2014-11-07, David Higgs hig...@gmail.com wrote: I defined the 'svn' port in /etc/services but as of 5.6 this file now appears to be unconditionally overwritten during upgrades (previously it was

[patches for the website] last release for platforms is 5.6

Hi, In each platforms pages, at the end there is a paragraph about the last supported release, which is not anymore 5.5 (unless for armv7 because there isn't any 5.6). As there are 17 patches, I don't inline them but here's an archive : http://iota.chown.me/plat.diff.tar.gz Cheers, Daniel

Re: default ospfd.conf missing in 5.6

On Wed, 12 Nov 2014 11:11:24 +0100, Marko Cupać marko.cu...@mimar.rs wrote: Hi, I am setting new firewall on OpenBSD 5.6 amd64. I have noticed that default ospfd.conf is missing from /etc. Was it left out on purpose? If I am not mistaken, all services in base system should have default

patch for FAQ14

Hi, I wanted to add some content to FAQ14 but I saw some errors there, so first I corrected them. The problems are - No 14.13 - No 20.2 - 14.5.*, 14.17.* and 14.20.* are not linked in the Table of Contents Also what's the policy about giving numbers (like 14.5.1)? Because they are assigned to

Re: patch for FAQ14

On Sun, 16 Nov 2014 21:09:52 + (UTC), Stuart Henderson s...@spacehopper.org wrote: - 14.5.*, 14.17.* and 14.20.* are not linked in the Table of Contents It's probably worth splitting that out to a separate diff, I'm not sure what Nick@ will think but that seems reasonable to me.

Re: patch for FAQ14

On Sun, 16 Nov 2014 20:09:35 +0100, Daniel Jakots vigdis+o...@chown.me wrote: I wanted to add some content to FAQ14 Here it is. This can be useful for people who want to encrypt only their /home or people who want to automatically mount another disk encrypted at boot (me). Cheers, Daniel

Re: patch for FAQ14

On Thu, 20 Nov 2014 16:57:08 +0100, Janne Johansson icepic...@gmail.com wrote: Please don't mix you and we in the text on who is doing what. Indeed, thanks. A new version with the wording more consistent with the general tone (I hope). Index: faq14.html

Re: xfce4-power-manager not updating battery status

On Tue, 16 Dec 2014 22:29:29 +0100, Marko Cupać marko.cu...@mimar.rs wrote: Hi, not being satisfied with various Linux flavours on my ThinkPad T440, I have reverted back to OpenBSD. With the exception of non-supported internal wifi card (realtek usb dongle works more or less fine with

Re: httpd puzzlement

On Sat, 27 Dec 2014 10:10:27 -0600, Ed Ahlsen-Girard eagir...@cox.net wrote: I am missing something really obvious. httpd exits logging thusly: Dec 27 10:05:07 $hostname httpd[28709]: fatal: send server: Can't assign requested address rc.conf.local and httpd.conf files are below.

Re: Why regen for host ssh key if fail first time?

On Sat, 17 Jan 2015 21:36:09 +, Oriol Demaria open...@correo.blue wrote: I reproduced the error, it happens the same to me, but it actually generates the keys, but you get that error. I did a trace. I'm rather new in OpenBSD, looks like it could be related with mprotect(2), but not sure.

Re: Why regen for host ssh key if fail first time?

On Sat, 17 Jan 2015 18:49:55 -0700, Theo de Raadt dera...@cvs.openbsd.org wrote: I reproduced the error, it happens the same to me, but it actually generates the keys, but you get that error. I did a trace. I'm rather new in OpenBSD, looks like it could be related with mprotect(2),

Re: Upgrade 5.6->5.7->5.8 broke claws-mail's GPG agent tie in

On Wed, 2 Dec 2015 07:58:26 -0800, Damon Getsman wrote: > I realized > that claws-mail was no longer able to access the GPG key agent (I > think that's what it uses, my apologies if I'm using the wrong > terminology) and had switched to using some console based passphrase >

Re: ASUS H97M-PLUS compat. question

On Mon, 11 Jan 2016 15:42:04 +, Tiemen Werkman wrote: > > Van: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Namens > > Özgür Kazanççi > > Verzonden: maandag 11 januari 2016 13:37 > > Aan: misc@openbsd.org > > Onderwerp: ASUS H97M-PLUS compat. question > > >

Re: pkg_add broken (current/amd64)

On Sat, 26 Mar 2016 13:33:46 +0100, Heiko wrote: > When I remark the "fatal" in line 592, I can update. But how can I fix > it correctly? It looks like you didn't run sysmerge(8). Did you? Cheers, Daniel

patch for faq14 : newfs and raw/block device

Hi, >From newfs(8): The special file should be a raw device, for example /dev/rsd0a; if a relative path like sd0a is specified, the corresponding raw device is used. Right now: # newfs /dev/sd5m newfs: /dev/sd5m: block device # newfs /dev/rsd5m /dev/rsd5m: blah blah works as expected So I guess

Re: softraid0: sdx has unsupported sector size (4096)

On Sun, 15 May 2016 12:17:40 +0200, Leo Unglaub wrote: > Now i wannted to use bioctl -cC -lsd8a softraid0 but i get the > following error message: > > > softraid0: sd8a has unsupported sector size (4096) > > softraid0: invalid metadata format > > I looked around and

Re: apache-httpd-openbsd?

On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross wrote: > Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2

Re: Firefox Crashes; slow xfce

On Fri, 15 Apr 2016 13:11:39 -0500, Daniel Boyd wrote: > I have noticed a pattern lately. When I open LibreOffice or Evince, > Firefox crashes -- like pretty regularly. FWIW, more than 90% of times I launch smplayer to play a movie, firefox dies and it really looks it's

Re: How to assemble softraid volume manually?

On Mon, 16 Jan 2017 22:57:31 +0100, Christian Weisgerber wrote: > How do you assemble a softraid volume manually? > > You can detach it with bioctl -d. But how do you get it back? > Or in case it wasn't auto-assembled on boot. > With the same command you used to create

Re: Problem upgrading from old 5.8 snapshot

On Sat, 4 Mar 2017 19:40:59 -0400, Rick Ballard wrote: > I have an old soekris running 5.8 -current. When I try to boot from > the latest snapshot bsd.rd, I cannot get a list of packages from any > mirror I tried: > Unable to get a verified list of distribution sets > > I >

Re: Qubes-OS is "fake" security

On Fri, 12 May 2017 03:41:05 +0200, Kim Blackwood wrote: > Hi, From: Martin Hanson To: misc Subject: Why would I need a container like Docker?! Date: Wed, 10 May 2017 05:53:07 +0200 X-Mailer: Yamail [ http://yandex.ru ]

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

On Sun, 28 May 2017 19:57:41 -0400, tec...@protonmail.com wrote: > Hi there, > > I have been using httpd for quite a while now, but after a new > project/website having to have read/write/execute permissions > (unsafe, I do realise..) I decided to: > > 1. add root to the www group, > 2. chown

Re: X on thinkpad x270 - "Inappropriate ioctl for device"

On Tue, 13 Jun 2017 08:12:00 +0200, Pau wrote: > em0 shows the error about "Unable to initialize the hardware". I guess > this will be fixed in upcoming snapshots (and again, thanks for the > hard work). This is probably because you're multibooting. You can see my bug report

Re: dokuwiki - /dev/urandom issue

On Sun, 11 Jun 2017 21:24:23 +0300, Asbel Kiprop wrote: > Created /dev/urandom in chroot. btw > root :: /var/www : ls -la /var/www/dev/ > > > > total 16 > drwxr-xr-x 2 root wheel512 Jun 11 21:01 ./ > drwxr-xr-x 16 root daemon 512 Jun 11 21:01 ../ >

Re: Packages security updates in -stable

On Sat, 9 Sep 2017 21:16:36 +0200, Lukasz Jendrysik wrote: > Similar situation with Chromium etc. All of those packages exists in > newer versions in -current, but it's not an option in my case. > > I understand that -stable is not place for the latest packages > available

Re: regarding the default path for pkg_add in -current

On Wed, 27 Sep 2017 20:57:10 -0600, and...@quickstick.net wrote: > Also, after login, pkg_add is very determined to use to the same > ../6.2/.. directory path. For the benefit of others who might find > themselves in the same spot, the workaround is to use the full path > while using pkg_add.

Re: Running OpenVPN as a client breaks SSH access into same box? Is it a problem with default route being changed?

On Tue, 24 Oct 2017 16:25:08 -0400, "tec...@protonmail.com" wrote: > It's currently a bit tricky for me getting into the box physically. > If only I had SSH access ha! > > I'm almost 100% certain that returning packets are being routed over > the tun0 (new default route)

Re: 5-button wheeled mouse and X

On Sun, 29 Oct 2017 11:37:45 -0400, gwes wrote: > On 10/25/17 07:20, Cág wrote: > > Natasha Kerensikova wrote: > > > >> it started as a bug report: it have a 5-button mouse with a wheel, > >> even though I don't use much the buttons 4 and 5 (I think only for > >> previous and

Re: /etc/services for MQTT protocol

On Sun, 17 Jun 2018 17:59:56 +0200, gro...@grompf.net wrote: > Hello, > > Here's a tiny diff i used during my MQTT exploration while coupling > some Dyson(tm) stuff with my openbsd homeserver. > > a203 1 > mqtt1883/tcp# MQTT protocol > a285 1 > secure-mqtt

Re: OpenBSD logo on my private hompage. It is allowed?

On Thu, 07 Jun 2018 15:51:24 -0800, justina colmena wrote: > The no-profit clause is new. That's not true. It was added with revision 1.8 date: 2005/03/24 01:31:13; author: deraadt; state: Exp; lines: +4 -3; note do not sell (on github:

Re: Cannot make update on updated ports on a fresh install

On Thu, 16 Aug 2018 23:41:52 +0200 (CEST), wrote: Probably not helping much but > lea@openbsd:/usr/ports/net/curl $ doas make update You shouldn't run this as root if you don't have PORTS_PRIVSEP > On my /etc/mk.conf i have: > SUDO=/usr/bin/doas > WRKOBJDIR=/usr/ports/build/wrkobjdir >

Re: xconsole keeps dieing

On Tue, 17 Jul 2018 17:53:14 -0500, Edgar Pettijohn III wrote: > For some reason xconsole has decided to start seg faulting regularly. > I can't remember how to build X with debugging symbols. Could anyone > give me a quick rundown so I can provide more information. /usr/xenocara/README should

Re: Employers, Jobs and OpenBSD

On Fri, 13 Jul 2018 23:05:09 -0300, Man Hobby wrote: > Hi, > > What is the opinion of employers about OpenBSD? Best Operating System. > There is reason for to learn use OpenBSD to find job? > > If not, why? Learning OpenBSD will make you learn many many many things about Unix systems. > If

Re: CVE-2018-15473 ssh user enumeration vulnerability in OpenBSD 6.3

On Tue, 4 Sep 2018 12:05:01 -0500, "Karl O. Pinc" wrote: > Ssh in OpenBSD 6.3 (stable), and I presume 6.2, is vulnerable > to username existance checking by remote systems. It was already discussed on the list: https://marc.info/?l=openbsd-misc=153512055014488=2 Cheers, Daniel

Re: py3-qt5

On Thu, 1 Mar 2018 21:40:57 -0500, Z Ero wrote: > Not showing in pip3 --list after installed with pkg_add. Not available > module. Why? > pip and pkg_add are two different package manager. If you run pkg_info, you should see the package list which would mean it's

Re: Rate limiting on UDP with PF

On Wed, 17 Oct 2018 17:59:08 +0200, cont...@jdubois.me wrote: > I am trying to rate limit UDP with Packet Filter. I know there are > rules to rate limit on TCP such as "max number" or "max-src-conn-rate > number / interval" but I did not find anything for UDP. > > I still tried the options with

Re: cloudflare.cdn.openbsd.org Certificate expired.

If you're not able to refrain from giving your judgment on a situation you don't know the details, please go open a blog or something. misc@ is not the place for it. Thanks, Daniel On Sat, 20 Oct 2018 12:56:21 -0600, "Constantine A. Murenin" wrote: > This is pretty hilarious! > > Apparently,

Re: Cloud-Storage & OpenBSD

On Sun, 02 Sep 2018 15:38:40 -0400, Predrag Punosevac wrote: > Dain Bentley wrote: > > > Rclone and a storage provider of choice > > I don't see it in ports. > > https://rclone.org/downloads/ > > seems to be the link to binary blob. Could you give me the link to > source code? It's

Re: network connectivity problem (ifconfig, arp, ...)

On Mon, 03 Sep 2018 22:58:49 +0200, Vincent wrote: > I've found an article It's always better to rely on the FAQ rather than on a third party article who may have not kept the information up to date. It's not always possible because not everything is in the FAQ but in this case, it is:

Re: does this affect acme-client?

On Mon, 21 Jan 2019 15:18:04 +0100, "Peter J. Philipp" wrote: > Does this affect the acme-client? > > https://community.letsencrypt.org/t/february-13-2019-end-of-life-for-all-tls-sni-01-validation-support/74209 > > Regards, > -peter > To quote the man page "acme-client only implements the

Re: install portslist?

On Fri, 14 Dec 2018 15:40:05 +0100, Rudolf Sykora wrote: > Is this expected? What am I doing wrong? You probably have a recent ports tree with old packages. Does `cd /usr/ports/databases/sqlports && make update` help? Cheers, Daniel

Re: Blocking "shodan.io" - What are my options?

On Tue, 8 Jan 2019 16:07:43 -0800, Misc User wrote: > Doing some work on it the other day, I noticed it opens a pretty big > command injection hole if pfctl doesn't kill the connection before > the connecting source gets a chance to send data. An attacker could > connect to the port and send

Re: authentication methods: how do they work?

On Wed, 27 Mar 2019 05:34:49 -0400, Boris Epstein wrote: > It is interesting because some people mention combined methods - like > SSL hostkey + some second factor being used just in that fashion: > > https://chown.me/blog/2FA-with-ssh-on-OpenBSD.html > > But based on my experience thus far it

Re: authentication methods: how do they work?

On Wed, 27 Mar 2019 12:31:51 -0400, Boris Epstein wrote: > This is a nice piece of code indeed: > > https://github.com/WIZARDISHUNGRY/totp-util > > But I don't see the login_ code there - which would be > helpful if I were to write a login plugin. Do you know where that > code would be? Not

Re: authentication methods: how do they work?

On Tue, 26 Mar 2019 10:01:59 -0400, Boris Epstein wrote: > Hello listmates, > > Let's say I have the following configured in my /etc/login.conf > > auth-defaults:auth=password,skey,yubikey > > Would that mean either password, or skey, or Yubikey, or should they > all be satisifed? Either.

Re: influxdb goes "panic:runtime error: index out of range"

On Mon, 8 Apr 2019 13:58:27 +0200, Joel Carnat wrote: > On a fresh influxdb instance in an OpenBSD VM: same issue. On a > fresh influxdb instance in a Linux Ubuntu VM: the error disappears and > the query gets the correct answers. Did you install the exact same influxdb version on Linux? I

Re: Keepassx without gtk

On Mon, 4 Feb 2019 14:39:28 +0300, Isimsiz wrote: > Good day, sirs > Is it possible to install keepassx without gtk+? > For some reason keepassx depends on qt4 and gtk+3 > I use packages. Maybe i need to compile to exclude gtk support or its > impossible at all? I'm not sure what problem you're

Re: I am sorry

On Mon, 4 Feb 2019 12:52:48 -0800, Chris Cappuccio wrote: > Leonid Bobrov [mazoc...@disroot.org] wrote: > > Hi, dear OpenBSD community. > > > > Please forgive me for drama I made earlier at mailing list and > > IRC channel. I am not a troll, I promise, I want to contribute to > > OpenBSD in any

Re: Ansible install Re: Reboot and re-link

On Fri, 21 Jun 2019 20:02:48 +0200, Frank Beuth wrote: > On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote: > >Installing via NOT RECOMMENDED WAY(following upgrade65.html) - > >scripting on steroides (ansible). > > I don't want to re-open the hostilities, but installing

Re: When will be created a great desktop experience for OpenBSD?

On Thu, 23 May 2019 19:51:45 +, "Patrick Harper" wrote: > Our ideas of the setup process aren't equal so I disagree. Can you please stop answering to this useless thread?

Re: [www] faq/ports/testing.html - adding link for portslogger(1)'s man

On Mon, 29 Jul 2019 22:22:01 +0200, Alex Naumov wrote: > just a small update for the port testing guide ;-) Thanks committed! Daniel

Re: Host Header Redirection on openbsd.org

On Mon, 5 Aug 2019 05:38:46 -0700, Claus Assmann wrote: > On Mon, Aug 05, 2019, Marc Espie wrote: > > [[...]] the same useless mp4 video. > > Maybe it is/contains an (attempt of an) exploit? > Unlikely since their signature says "Certified Ethical Hacker"

Re: s.th. strange happening?

On Fri, 9 Aug 2019 17:01:13 +0200, Stefan Wollny wrote: > As I never did any changes to 'www/squid/Makefile' the following > irritates me: > > /usr/ports $ doas cvs -q up -Pd -A don't use doas > cvs server: conflict: INDEX is modified but no longer in the > repository > C INDEX rm INDEX >

sysmerge at scale

Hi, I run a bunch of -current VM and I manage them with ansible. When there's a file that gets updated in src/etc, I check if it matters for me and if it doesn't, I ignore it. Then, eventually I sync the file in my ansible repo with upstream's one. But even then sysmerge keeps nagging me with:

Re: error on xfce4 ports build

On Sun, 16 Feb 2020 15:55:51 -0800, Justin Muir wrote: > Any ideas for this error?? It looks like upstream deleted the project. You can still fetch the source code there: https://ftp.osuosl.org/pub/blfs/conglomeration/gtk-xfce-engine/gtk-xfce-engine-3.2.0.tar.bz2 if you put it in

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

On Thu, 2 Jan 2020 19:49:28 +0100, Marc Chantreux wrote: > some endless sterile debates Like this thread, or worse?

Re: opensmtpd updates not in OPENBSD_6_6 branch?

On Wed, 08 Apr 2020 20:29:27 + (UTC), Chris Ross wrote: > I updated usr.sbin/smtpd to HEAD, and now get 6.6.4. You're lagging, it's been bumped to 6.7.0 13 hours ago :) https://github.com/openbsd/src/commit/3b6172845ca039729e3ac02040d787f83f9c7250 > If I diff that > dir against the same in

Re: openbsd.org down?

On Sun, 12 Apr 2020 11:28:21 +0200, Salvatore Cuzzilla wrote: > Can’t reach openbsd.org - planned maintenance? Until the problem is solved (which is known and being worked on), I just forked openbsd/www on github and enabled github pages. You can reach the website at

Re: GNU+Linux corporate takeover, was: Wine for OpenBSD?

On Tue, 14 Apr 2020 16:05:56 -0400, Raul Miller wrote: > Got any good docs on how to debug (or monitor) D-Bus issues? You're asking help to debug D-Bus on an OpenBSD mailing list? Why don't you bring this sooo interesting discussion off-list?

Re: opensmtpd updates not in OPENBSD_6_6 branch?

On Tue, 07 Apr 2020 19:05:31 + (UTC), Chris Ross wrote: > Hello all. I am running a OpenBSD 6.6 that I installed late last > year. I was recently trying to make sure I'd updated my smtpd to > 6.6.4, based on earlier security announcement. As I'm running on a > sparc64, syspatch doesn't

Re: Ports: how to install dependencies from binaries?

On Wed, 8 Apr 2020 13:12:54 +1000, Stuart Longland wrote: > Silly question… how do you install the dependencies of a port from > binaries automatically? https://man.openbsd.org/bsd.port.mk#FETCH_PACKAGES but it doesn't work very reliably, sadly. Cheers, Daniel

Re: Porting Jitsi to OpenBSD

On Fri, 24 Apr 2020 08:25:51 -0400, Aisha Tammy wrote: > Hey all, > I'm hoping to port jitsi and wanted to know if anyone else is already > working on a port so that I don't do work that might be unnecessary. This kind of email should go on ports@. Since misc@ has a very low SNR [1] don't

Re: pf rules vs late pppoe0 setup

On Sun, 26 Apr 2020 13:54:27 +0200, Jan Stary wrote: > Is there a recommended way to deal with this? If I correctly understood your problem, the solution: (from pf.conf(5)) > Host name resolution and interface to address translation are > done at ruleset load-time. When the address of an

Re: @OpenBSD_CVS Twitter 140char limit?

On Sat, 09 May 2020 19:17:29 +0200, Tommy Nevtelen wrote: > Hi there! > > Does anybody on this list manage @OpenBSD_CVS? Would be nice to lift > the message truncation from the old 140char limit to the new 280char > limit. Super annoying when I can't read an interesting commit message > that is

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

On Mon, 11 May 2020 17:27:24 +, slackwaree wrote: > I wish if the someone who took the time to make this page at least > would make an antisystemD page instead. I doubt anyone asked you how they should spend their time. > Let's face it how much time that old fart linus has, maybe > COVID

Re: gcc not on new OpenBSD 6.7 machine, clang problems

On Mon, 17 Aug 2020 12:05:05 -0700, "Whiskey T." wrote: > Incidentally, I need it to compile opendkim. I couldn't make clang > compile it: Why don't you use the port/package?

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 08:32:59 +0200, Sebastien Marie wrote: > On Thu, Aug 27, 2020 at 03:27:58PM -0400, Daniel Jakots wrote: > > Hi, > > > > I'm chasing a weird behavior with postgresql. Sometimes (it's very > > infrequent) a sql request fails with "could not sen

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 16:06:48 +0200, Sebastien Marie wrote: > - generate lot of postgresql access. from postgresql thread, the > statement seems to be a SELECT, so it would be fine to ran in loop > (hopping no cache and real traffic generated). > > - run pfctl -Treplace in a loop (with a set of

Re: pf, send(2) and EACCES

On Fri, 28 Aug 2020 22:33:30 +0200, Claudio Jeker wrote: > Have a look at the pf(4) stats. especially check if the congestion > counter increases when you see the error. If pf(4) detects a network > congestion then ruleset evaluation is skipped and only state matching > happens. In that case you

pf, send(2) and EACCES

Hi, I'm chasing a weird behavior with postgresql. Sometimes (it's very infrequent) a sql request fails with "could not send data to client: Permission denied". I reported the problem on pgsql-general@ [0] and if I understood correctly, this happens when pgsql uses send(2) and gets EACCES.

Re: pf, send(2) and EACCES

On Thu, 27 Aug 2020 16:16:17 -0400, "Sven F." wrote: > pflog0 will tell you what is block if you log it, and can tell you if > it is I would have been surprised otherwise (since normally packets pass) but I looked and there was no log about blocked packet at that time.

Re: ideas needed for password management

On Thu, 24 Sep 2020 08:56:01 -0400 (EDT), ben wrote: > The pass program for most UNIX based operating systems > should be available. I'm pretty sure on OpenBSD it's > under a different name, so query for package names > with 'pass' in them. Out of curiosity, how do you interface

Re: ideas needed for password management

On Thu, 24 Sep 2020 09:29:37 -0400 (EDT), ben wrote: > You don't. Pass is a password manager. It stores passwords for later > use. Indeed. So how is pass relevant to OP's problem?

Re: Filling a 4TB Disk with Random Data

On Mon, 1 Jun 2020 14:33:44 - (UTC), Christian Weisgerber wrote: > Take care to pick the proper device corresponding to the drive you > want to overwrite. Don't make people miss a good opportunity to test their backups!

Re: ssl/libssl certificate validation broken?

On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" wrote: > >Hi Bob, it was in the middle of the night and I got quite kinda > >stressed because all services depending on our ldap proxy stopped > >working after the upgrade and it took me a while to figure the > >problem out. > > Perhaps

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

On Tue, 21 Jul 2020 18:52:40 +0200, Peter Nicolai Mathias Hansteen wrote: > > 21. jul. 2020 kl. 17:42 skrev marfabastewart > > : > > > > pf.conf set state-defaults pflow seemingly not exporting traffic > > > > My money is on state-defaults working and I just am doing something > > wrong, but I

Re: pf.conf set state-defaults pflow seemingly not exporting traffic

On Tue, 21 Jul 2020 19:35:17 +0200, Peter Nicolai Mathias Hansteen wrote: > pfctl -vnf pf.conf oh indeed it says pass out log on vlan10 proto tcp all flags S/SA modulate state (if-bound) but I understood why my pflow setup still works: it takes the flow from the internal interfaces :)

Re: Relayd with TLS and non-TLS backends - bug

On Thu, 2 Jul 2020 14:00:48 -0400, Henry Bonath wrote: > Note the missing Client Hello on the 6.7 machine as it jumps to > Application Data straight away. > Configuration files for HAProxy are identical on both systems. > > I'm currently spinning up a machine on -CURRENT just to see if there >

Re: Relayd with TLS and non-TLS backends - bug

On Fri, 3 Jul 2020 19:14:17 -0400, Henry Bonath wrote: > Daniel, > > Thanks for taking the time to test this out. > I just reloaded a test machine from scratch with -current and > installed the HAProxy 2.0.15-4f39279 package. > I loaded a very basic config file, and am also seeing the same

Re: Relayd with TLS and non-TLS backends - bug

On Fri, 3 Jul 2020 20:25:12 -0400, Brian Brombacher wrote: > My subjective net gain is simplicity, security, performance, and > flexibility. I don't think adding ipsec (or a mesh vpn) into the mix achieve that but ymmv.

Re: Unbound Configuration

On Fri, 10 Jul 2020 21:21:00 +, wrote: > Can anybody help me out with the *simplest possible* unbound.conf > file, just to get it working??? The default config should be fine. Also posting to multiple mailing lists at the same time is considered a bad practice. Cheers, Daniel

Re: Hardware Random Number Generators (RNG)

On Thu, 09 Jul 2020 16:35:13 -0600, "Theo de Raadt" wrote: > > PS I think the USB devices are probably a pretty good source of > > true entropy. > > Why do I bother explaining? I'm the maintainer of the openbsd > kernel's randomness code. I say I don't see the point in 1 line of > code to

Re: SSL error wth dovecot + roundcube

On Wed, 8 Jul 2020 23:02:40 -0400, Aisha Tammy wrote: > I can send a diff later but hopefully the maintainer can just add a > small note? Then mailing the maintainer (with or without cc'ing ports@) will increase your chance (vs just mailing misc@) ;)

Re: New tool to (quickly) check for available package upgrades

On Tue, 16 Jun 2020 16:59:07 -0400, "Jeremy O'Brien" wrote: > I wrote a quick little tool here: > https://github.com/neutralinsomniac/obsdpkgup in Go to show available > package upgrades from your configured mirror. > > It takes no more than a few seconds (the time it takes to download >

Re: How do I get a list of the files of only installed packages?

On Sun, 7 Jun 2020 21:11:57 +0100, Ottavio Caruso wrote: > Hi, > > "pkg_info -L PACKAGE-NAME" > > will give me a list of all the files within each package, regardless > of whether the package is installed or not. > > How can I restrict the output to only installed packages, making it > fail

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 17:00:56 -0400, George wrote: > On 2020-06-12 3:57 p.m., Daniel Jakots wrote: > > > > I have only one file and it's 4.6M/111246 lines. It takes a while to > > It runs on a APU2C2 (iirc, but it has for sure 2G of ram). > > Wow that seems

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 15:24:46 -0400, George wrote: > Hi guys, > > I am trying to setup a Pi-Hole service, i.e. add blocking based on > empty DNS records zones files, for my local LAN and would like to ask > what people are using on OpenBSD in this role? I have a script that fetches the block

Re: OpenBSD alternatives to Pi-Hole

On Fri, 12 Jun 2020 21:51:50 +0200, fRANz wrote: > On Fri, Jun 12, 2020 at 9:35 PM Daniel Jakots wrote: > > > I have a script that fetches the block list and put it in a unbound > > format. It's in a special unbound config file that I include in my > > unbound.conf. Thi

Switching from trunk(4) to aggr(4)

Hi, I've been using a LACP trunk on my apu (with the three em(4)). On top of which I have some vlans. I've been doing that for years and it's working fine. I thought about using aggr(4) instead (for no real reason). But the aggr interface stays in "status: no carrier". What I did is, I replaced

Re: Switching from trunk(4) to aggr(4)

On Sun, 13 Dec 2020 11:00:32 +0100, livio wrote: > # cat /etc/hostname.aggr0 > trunkport em1 trunkport em2 trunkport em3 lacpmode active lacptimeout > slow description "i_data" > up I just tried adding "lacpmode active lacptimeout slow" in case ifconfig(8) was lying and they were not the

Re: Switching from trunk(4) to aggr(4)

On Mon, 14 Dec 2020 09:26:36 - (UTC), Stuart Henderson wrote: > >> What does the lacp status look like on the switch? (or does it just > >> say 'up' or something and not really have any status?) > > > > It doesn't say anything about the lacp, it just says the individual > > ports are going

Re: Switching from trunk(4) to aggr(4)

On Mon, 14 Dec 2020 08:23:15 +0100, Hrvoje Popovski wrote: > maybe to put debug in hostname.aggr0 then destroy it and then sh > netstart aggr0 ? Indeed, making hostname.aggr0: debug trunkport em0 trunkport em1 trunkport em2 up made the debug appear, thanks! Daniel

Re: Switching from trunk(4) to aggr(4)

On Tue, 15 Dec 2020 14:30:16 +1000, David Gwynne wrote: > Can you try tcpdump -p -veni em0 -D in and see if any LACP packets > appear to come in on the port? If not, can you remove the -p and see > if em0 starts to work? > > There are two main differences between how aggr(4) and trunk(4) >

  1   2   >