Re: Autopartitioning with PXE and autoinstall

[Heine Lysemose]

Ahh, I didn't see the snapshot before now.
I thought that I needed to re-compile the whole thing to get me on -current.

I will try the snapshot and report back!

Thanks,
Lysemose

On Thu, Aug 6, 2015 at 2:40 AM,  wrote:

> > Thanks, that's it!!
> > I'm not running current-release... I'll guess I have to wait for 5.8
> then...
>
> You could as well give it a try with a recent snapshot, it does not bite
> and you get quite close to -current and all packages well.. current.
>
> http://www.openbsd.org/faq/faq5.html#Flavors

Re: cwm menu parsing

[Mihai Popescu]

We have to live with it for a while. I am not able to rewrite this.

http://marc.info/?l=openbsd-tech&m=141867225703413&w=2

Re: Autopartitioning with PXE and autoinstall

[Jiri B]

> Ahh, I didn't see the snapshot before now.
> I thought that I needed to re-compile the whole thing to get me on -current.
> 
> I will try the snapshot and report back!

Well, if you do not have your own testing and build process,
you do not need stable ABI/API for your production apps,
then just use snapshots. This way you will follow development
and your use would help to discover issues, regression etc...

This is not a Linux distro, snapshots are generally stable.

j.

Re: Autopartitioning with PXE and autoinstall

[Heine Lysemose]

Thanks, Jiri
I wasn't worried about the stability at this very moment. More about the
way to get me to from release to stable/current.

Regards,
Lysemose

On Thu, Aug 6, 2015 at 10:24 AM, Jiri B  wrote:

> > Ahh, I didn't see the snapshot before now.
> > I thought that I needed to re-compile the whole thing to get me on
> -current.
> >
> > I will try the snapshot and report back!
>
> Well, if you do not have your own testing and build process,
> you do not need stable ABI/API for your production apps,
> then just use snapshots. This way you will follow development
> and your use would help to discover issues, regression etc...
>
> This is not a Linux distro, snapshots are generally stable.
>
> j.

Which tools to monitor traffic and alert ?

[Joel Carnat]

Hi,

I run several standard services (Web, Mail, DNS, …) and have configured Munin 
to graph traffic and see what happened.

I was wondering what was the usual OpenBSD way for proactive/real-time traffic 
monitoring and alerting.
That is, which software to use that would, for example, read HTTPD logs and 
alert if req/sec from same IP is over 50 ?

Looking at the ports, I saw « snort » but I was wondering if there were lighter 
tools for such tasks.

Thanks,
Jo

Re: mediatomb , limits folda to be seen

[Johan Mellberg]

I used to use mediatomb but I no longer do so don't remember the details,
but I remember that that is an issue of the web management UI, it exposes
the whole file system so that you can decide what to share, theoretically
no limitations (although the mediatomb user may not have read access to
everything). IIRC however the database view is what will be shown to UPNP
endpoints, you should just have to configure that. Check the mediatomb web
site as the documentation is fairly complete: http://mediatomb.cc.

2015-08-06 3:09 GMT+02:00 Tuyosi Takesima :

> Hi all .
> i installed mediatomb and sqlite with pkg_add .
> it works well .
>
> but all folds is seen by filesystem of mediatomb.
>
> i want than  /MOVIES only is seen by filesystem  of mediatomb .
> what should i do ?
>
> ---
> tuyosi

Re: Which tools to monitor traffic and alert ?

[Josh Grosse]

On Thu, Aug 06, 2015 at 10:44:01AM +0200, Joel Carnat wrote:
> Hi,
> 
> I run several standard services (Web, Mail, DNS, b
> 
> I was wondering what was the usual OpenBSD way for proactive/real-time 
> traffic monitoring and alerting.
> That is, which software to use that would, for example, read HTTPD logs and 
> alert if req/sec from same IP is over 50 ?
> 
> Looking at the ports, I saw B+ snort B; but I was wondering if there were 
> lighter tools for such tasks.

I use net/nfsen.  This is a graphical front-end to net/nfdump, which
which uses netflow statistics from pflow(4).  I Duse alerts via Email,

I use the front-end for two reasons:  

1.  I can reach out to it if neeeded from behind the Great Corporate
Firewall (TM) at $DAYJOB.  (Access is protected by client
certificate installed in the browser.) 

2.  Graphic reports often help me understand traffic patterns over
time more clearly.  I can dig deeper, either through nfsen's 
analysis tools or via nfdump commands directly.

I don't know if this is The OpenBSD Way, but it does use pflow(4) 
statistics to captures traffic statistics across multiple 
systems.

Re: cwm menu parsing

[Erling Westenvik]

On Thu, Aug 06, 2015 at 11:24:02AM +0300, Mihai Popescu wrote:
> We have to live with it for a while. I am not able to rewrite this.
> 
> http://marc.info/?l=openbsd-tech&m=141867225703413&w=2

Have faith and try this:

Index: conf.c
===
RCS file: /cvs/xenocara/app/cwm/conf.c,v
retrieving revision 1.191
diff -u -p -r1.191 conf.c
--- conf.c  12 Jul 2015 14:31:47 -  1.191
+++ conf.c  6 Aug 2015 10:28:28 -
@@ -56,11 +56,13 @@ conf_cmd_add(struct conf *c, const char 
TAILQ_INSERT_TAIL(&c->cmdq, cmd, entry);
 
/* keep queue sorted by name */
+   /*
while ((prev = TAILQ_PREV(cmd, cmd_q, entry)) &&
(strcmp(prev->name, cmd->name) > 0)) {
TAILQ_REMOVE(&c->cmdq, cmd, entry);
TAILQ_INSERT_BEFORE(prev, cmd, entry);
}
+   */
 
return(1);
 }

Re: Maintaining CAs not in cert.pem

[lists]

> Is there a place to put them that is automatically read in addition to
> cert.pem?

There is also the question of removing some of them and keeping these
removed between updates, e.g. a domain plundering hosting company that
is not trust worthy. One thing that comes to mind is the recent sed -i
addition.

Re: cwm menu parsing

[lists]

> I've noticed this too for the last snapshots I've been trying, and was
> planning to check out the sources to see what changes has been commited
> causing what to me seems to be that the menu now gets alfabetically
> sorted.

While the mouse buttons bindings altogether are rarely used here except
for occasional launch of a specific selection from the menu with (M3)
where one would expect this to not be changed from the configuration
crafted commands, a suggestion one may appreciate is the list of hidden
windows was sorted instead (M1) which seems the more logical place for
this. Or a switch in .cwmrc to toggle this sorting may be useful (but
please evaluate this for possible featuritis).

Tip: sometimes when mouse is not working e.g. when the batteries are
recharging (and you're not lucky enough to have a 3 button pointing
device included for the time being, or at a presentation), an
alternative could be setting this option in setxkbmap(1)

setxkbmap -option "keypad:pointerkeys"

https://en.wikipedia.org/wiki/Mouse_keys

/usr/X11R6/share/X11/xkb/rules/base.lst:850:
keypad:pointerkeys   Shift + NumLock toggles PointerKeys

ceill(0.9) returns 0 instead of 1 ?

[Assaf Gordon]

Hello,

On OpenBSD-5.7/amd64 (under qemu/kvm), I'm getting incorrect results
when using ceill(3). For values between 0 and 1, the returned value
is 0, while I'd expected it to be 1. Using ceil(3) does return 1 as
expected. Is this my incorrect usage or a bug?
any advice/comment will be appreciated.

To reproduce:

   $ cat 1.c
   #include 
   #include 
   int main()
   {
   long double d;
   printf("dceill(d) ceil(d)\n");
   for (d = 0.3; d <= 3.8; d+=0.5)
   printf("%-4Lg %-8Lg %-5g\n",
   d, ceill(d), ceil((double)d));
   return 0;
   }

   $ gcc -g -O0 -Wall -Wextra -o 1 1.c -lm
   $ ./1
   dceill(d) ceil(d)
   0.3  01<
   0.8  01<
   1.3  22
   1.8  22
   2.3  33
   2.8  33
   3.3  44

Thanks,
 - assaf

Re: Patch for CVE-2015-5477 available?

[Stuart Henderson]

On 2015-08-05, Dennis Kramer (DT)  wrote:
> Hi folks!
>
> Does anyone know if there's a patch available for CVE-2015-5477 
> (https://kb.isc.org/article/AA-01272) for OpenBSD 5.6 (BIND 9.4.2-P2) ?
>
> Thanks in advance.
>
> Grt,
>
>

Besides CVE-2015-5477 there are a bunch of other DoS affecting the
version of BIND that was in base. I would recommend switching to
something else, your easiest options will be either the newer version of
BIND that's in ports, or NSD (in base).

Repartitioning

[Quartz]

We have an older system running 4.9 that acts as a sort of 
dev/test/scratch machine for messing around. When it was set up it we 
threw a 10gb drive in there and did a generic install with all the 
defaults. Over time, as we've used this for various stuff, we've 
realized that that partitioning scheme turned out to be decidedly non 
optimal. /usr/obj and /usr/src are eating up a gig each but only have 
2kb of data on them (this machine has never compiled anything). /home 
and /usr/local are using less than 45mb combined. Meanwhile /var was 
only set up at a few hundred megs and is bursting at the seams. Over 
half the drive's capacity is being wasted.


I'm not super familiar with how OpenBSD does disks and all of the 
caveats. How easy would it be to nuke some of these partitions and 
recombine the space? Is it something that could be done with a couple 
fdisk commands or would it involve a lot of screwing around? I've looked 
though the manual regarding fdisk and disklabel but I'm still not sure I 
really understand how everything works together.

Re: ceill(0.9) returns 0 instead of 1 ?

[Matthew Martin]

Same with 5.7 under virtualbox.

On 8/6/15, Assaf Gordon  wrote:
> Hello,
>
> On OpenBSD-5.7/amd64 (under qemu/kvm), I'm getting incorrect results
> when using ceill(3). For values between 0 and 1, the returned value
> is 0, while I'd expected it to be 1. Using ceil(3) does return 1 as
> expected. Is this my incorrect usage or a bug?
> any advice/comment will be appreciated.
>
> To reproduce:
>
> $ cat 1.c
> #include 
> #include 
> int main()
> {
> long double d;
> printf("dceill(d) ceil(d)\n");
> for (d = 0.3; d <= 3.8; d+=0.5)
> printf("%-4Lg %-8Lg %-5g\n",
> d, ceill(d), ceil((double)d));
> return 0;
> }
>
> $ gcc -g -O0 -Wall -Wextra -o 1 1.c -lm
> $ ./1
> dceill(d) ceil(d)
> 0.3  01<
> 0.8  01<
> 1.3  22
> 1.8  22
> 2.3  33
> 2.8  33
> 3.3  44
>
> Thanks,
>   - assaf

Re: Which tools to monitor traffic and alert ?

[lists]

> I run several standard services (Web, Mail, DNS, …) and have configured Munin 
> to graph traffic and see what happened.

Good for you. I don't know if Munin is the go to tool for this in
OpenBSD, so seconding your query for comparative or "works-for-me" type
of (fresh) info, or search the mail archives.

Probably Munin's trips and basic alert capabilities can help you sort
your email feedback purposes, or you could further use a Nagios /
Icinga monitoring and alert generating tool.

One comment, the trouble with these type of tools (Munin like) are the
lack of filters / plugins / lenses for the specific service (or
operating system) you (want to) use, and out of date such integration.
Yet it provides graphs which may be a powerful analytic tool.

> I was wondering what was the usual OpenBSD way for proactive/real-time 
> traffic monitoring and alerting.

Same thoughts here, there are some ports related to rrd, snmp, service
specific live stat (top like) / graphing tools in the likes of: symon,
pfstat, collectd, mrtg, nfsen, etc etc

Most probably you want to pick your specific solution based on your
needs from the options available as ports.

> That is, which software to use that would, for example, read HTTPD logs and 
> alert if req/sec from same IP is over 50 ?

Log processing at run time probably is not the best solution to
reaction on live events, unless it's a tool specifically designed to do
that. Apache has a scoreboard which I am not entirely sure is a good
idea either and not many tools process that, despite being a valid
approach in my practice this has been mostly difficult to tie to
something useful apart from self hacked scripts.

Thus said you can get the details from the network stack (pf and
related), a relaying front end service, the actual service's live
status output (if it provides state details), logging of the service
details (verbosity), log processing of its output (virtual host logs),
higher level self awareness if the service runs scripts or procedures
in the respective application etc.

Relayd(8) has relayctl(8), many other services too have the respective
"apropos ctl" tool. It may be worth checking this option first as a
front end stats between the network and the web service.

This may be extremely premature, out of scope or unworthy of
expectation and/or implementation, but a third party tool (e.g. your
choice so far being Munin) monitoring the output of the respective so
far hypothetical httpctl may be a solution too. I would not count on
this though as the httpd in base has been conservative in features so
far.

Re: ceill(0.9) returns 0 instead of 1 ?

[Chris Cappuccio]

Graham Stephens [gra...@thestephensdomain.com] wrote:
> Your code runs fine under the gcc version in OpenBSD 5.3.
> 

So you get 1 and not 0 from the top two lines of ceill output?

Nothing has changed in /usr/src/lib/libm/src/ld80/s_ceill.c since
5.3 and the supporting headers have not changed in a way that should
affect ceill.

I get '0' with both current system GCC and ports clang. This requires
stepping through each line of ceill to see where things go haywire.

I gotta say, the asm implemetnation of ceil seems much easier to follow
than the C implementation of ceill.