Re: syslog-ng+ELK

[Stuart Henderson]

On 2016-05-07, Predrag Punosevac  wrote:
> 3. I noticed that syslog daemons do not work very well as SQL databases
> as a storage backends. For example LibreNMS has the interface for
> displaying and searching (manually which makes it useless) syslog files.
> But MariaDB has to be restarted quite frequently and on the top of it.

Sorry to only pick one point from your mail, but why would MariaDB need
to be restarted frequently? That isn't meant to happen.

Re: dhclient.conf and hostname.if

[Stuart Henderson]

On 2016-05-06, Mark Carroll  wrote:
> On 06 May 2016, Duncan Patton a. Campbell wrote:
>
>> Is there any similar tag to access the addess assigned by dhcp?
>> What other mechanisms exist to update dynamic dns assignments?
>
> Could ifstated(8) help here? I've separately wondered if I ought to be
> using it to kick pf because it otherwise doesn't realize that 'self'
> includes the address eventually assigned by PPP.

Use "(self)" not "self".

Re: dhclient.conf and hostname.if

[Mark Carroll]

On 07 May 2016, Stuart Henderson wrote:

> On 2016-05-06, Mark Carroll  wrote:
(snip)
>> pf ... because it otherwise doesn't realize that 'self'
>> includes the address eventually assigned by PPP.
>
> Use "(self)" not "self".

Interesting! Thank you: I'd previously missed this part of the
pf.conf(5) manpage which explains:

] When the interface name is surrounded by parentheses, the rule is
] automatically updated whenever the interface changes its address. The
] ruleset does not need to be reloaded. This is especially useful with
] NAT.

I'll have to give it a try.

-- Mark

Re: Dell XPS13 9333 Touchpad doesn't work

[Mark Kettenis]

Please send bug reports to b...@openbsd.org.

> dwiic0 at acpi0: I2C1 addr 0xfe105000/0x1000 irq 7
> iic0 at dwiic0
> ihidev0 at iic0 addr 0x2c irq 39dwiic0: timed out reading remaining 29, 
> failed fetching initial HID descriptor
> "DLL060A" at acpi0 not configured

Can you try what happens if you disable dwiic in UKC?  See
boot_config(8) for information on how to do that.

Re: non-wintel hardware choices

[Karel Gardas]

On Fri, May 6, 2016 at 6:15 AM, Tinker  wrote:
> There's the Fujitsu Sparc M10 line,
> http://www.fujitsu.com/global/products/computing/servers/unix/sparc/ , and
> Oracle Sparc T7 , https://www.oracle.com/servers/sparc/t7-1/index.html .
>
> This was what you meant right?

The prices on those boxes are unfortunately from completely different
space so I'm afraid nobody from OpenBSD devs/users ever seen such
machine nor was able to even boot OpenBSD on it. Pity, as SPARC64 was
really nice.

The crush of SPARC64 is written on wall, see a load of really cheap
M4000 boxes on Ebay. I've even started to see very cheap M3000 which
was not usual at all during few last years as they were the only
possible engineering "workstation" for last years. Sigh.

Anyway, as others pointed out, ARM is the way to go for non-Intel/AMD
hardware and in the future perhaps ARM64...

Re: syslog-ng+ELK

[trondd]

On Sat, May 7, 2016 12:29 am, Predrag Punosevac wrote:
> Michael Shirk wrote:
>
>> On May 23, 2015 10:42, "Predrag Punosevac" 
>> wrote:
>> >
>> > 5. Finally I am open for simpler ideas. Any opinions on
>> sysutils/logfmon
>> > Is it possible to visualize on the web output from logfmon?
>> >
>> > Best,
>> > Predrag Punosevac
>> >
>>
>> There is another aspect to log analysis tools that bothers me the most,
>> why
>> must we risk system security to review log files?
>>
>> Any of the tools that "work well" open you up to web vulnerabilities, or
>> cost money in the case of Splunk. I have not had time to work on it, but
>> I
>> would like to create a tool that avoids all of the issues of running a
>> web
>> service or requiring java.
>>
>> My interest is in UNIX system logs and IDS/IPS events, with full packet
>> captures. The simplest form I have used is with automated processing of
>> IDS
>> events, firewall logs, and full pcap data as static files shared on a
>> webserver. I would be interested in a CLI log viewer with ncurses, or
>> scripted output (maybe using pipecut to process data as you search for
>> what
>> you want in the simplest UNIX way).
>>
>> --
>> Michael Shirk
>> Daemon Security, Inc.
>> http://www.daemon-security.com
>
>
> I am resurrecting this old thread I started almost a year ago in an
> attempt to learn how other OpenBSD users are managing their centralized
> logging servers. I also wanted to revisit the issues raised by
> Mr. Shirk.
>
> Namely the problem I am trying to solve seems very common. I am running
> centralized logging server (syslog-ng) an OpenBSD host. This server
> receives log files from my heterogeneous network consisting of OpenBSD
> machines (running syslogd) Red Hat machines (rsyslog), and FreeBSD
> machines running FreeBSD version of syslogd. I noticed that sending log
> files generates lots of traffic on my monitoring server in part due to
> the fact that I am recording lots of noise like
>
> last message repeated 10 times
>
> Next problem is properly rotating, archiving, and deleting monthly
> directories containing log files of all my servers. For example
> directory
>
> /var/log/syslog-ng/HOSTS/2016-05
>
> contains log files of all my servers for this month. That is not too
> useful. Storing them per day would be probably better but having fewer
> log files just for important things would be even better.
>
> Log files are useless unless some kind analytics is run on them.
> I would like to be able to do real time monitoring for anomalies using a
> daemon for. The following seems obvious anomalies:
>
> 1 . SMART errors (I am big data/machine learning guy so I want to
> replace failed HDD in timely fashion) even though SMART deamon is
> sending separate e-mail
>
> 2. failing hardware (sensors, IPMI, mcelog)
>
> 3. firewall logs
>
> 4. IDS/IPS events
>
>
>
> A daemon should be able to send me an e-mail every couple of hours
> containing as little noise as possible.
>
> So far I have found in ports the following daemons:
>
> 1. security/logsurfer (package exists only for i386 and I use amd64)
>
> 2. sysutils/logfmon (From looking at /etc/logfmon.conf it looks like it
> is written to monitor log files on the single OpenBSD machine running
> syslogd. I don't see how I could monitor entire syslog-ng directories)
>
> 3. I noticed that syslog daemons do not work very well as SQL databases
> as a storage backends. For example LibreNMS has the interface for
> displaying and searching (manually which makes it useless) syslog files.
> But MariaDB has to be restarted quite frequently and on the top of it.
>
> 4. I am not sure what to think of ELK anymore. The more I learn the less
> i like it.
>
> 5. Finally I stumbled upon echofish
>
> https://echothrust.github.io/echofish/
>
> which seems to be repeating old pattern. Using SQL database as a backend
> and providing UI for searching messages (I can do that using grep) but
> no e-mail notification when troubles are found.
>
>
> What am I missing here? How do people monitor their log files in the
> real time. That would seems such an obvious topic for people who care
> about security.
>
> Predrag
>

Note: I don't centralize my logs, and don't do realtime monitoring.  I
don't have a NOC, and I'm not on call 24x7.  So most of the time, there is
no one to respond anyway.  I run a couple dozen servers hosting a handful
of internal tools.  Maybe there is something you can learn from my
experiance anyway.

I looked into ELK and found you had to teach it how to parse the logs to
extract useful information.  A coworker set it up for another serice and
did none of that so it was no different than just 'cat'ing everything into
one big log file.  I also tried fluentd and it was the same.  I figured if
I have to teach the tool how to read a log, I could just write my own
thing to read the logs.  So I rolled my own.  I use a perl script to mask
out the stuff I don't care about, keeping track of how many times they
were seen.  I get a rpeort

ntpd commandline expansion

[Luke Small]

I often use virtualbox to run openbsd-amd64 and lately I haven't been able
to "ntpd -s" and make it update the clock, which may have been after
several days. It often adversely affects my use of google products, as they
update their keys often and if the clock is wrong, it says there is a
security issue with the secure connection.

I realize there is an interest to assure that the clock remains accurate
and I saw in a video where Theo was receiving ntp signals that attempted to
radically change his computer's time.

Is there a way that ntpd can have an extra argument that could allow for a
large time shift? Maybe where it asks you to confirm the time and date when
the time shift if the received date would otherwise be ignored?


-Luke

recovery deleted directory

[Max Power]

Hi guys!
Is there a way to recover a deleted directory on ffs
file system in OpenBSD 5.9/amd64...?

Thanks for reply.

Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

[David Lou]

I wasn't able to find such a thing but perhaps I just missed it. I
am wondering if anyone in the community knows whether such manuals
exist for OpenBSD. Manpages are nice but they're not what I'm looking
for. Trying to learn OpenBSD by looking up individual manpages is like
trying to learn C programming by looking up individual functions. Sure
you get a description of the functions but you will NOT get all the
background information like C syntax, semantics, memory model,
pointers, the whole shebang that every beginner *should* know, but
don't have the background knowledge to know that they should be
looking these up in manpages or elsewhere.

I'd like to acquire confident working knowledge in OpenBSD. If no
such manuals exist, then I'm wondering how did you or other expert
users learn how to use and administrate the system, what the best
programming practices are, etc. and have confidence that what they're
doing is what they think they're doing? Surely it's not just by
trial and error and seeing what appears to work because their
ignorance will be a frustrating source of bugs and security flaws?

Re: recovery deleted directory

[Nigel Taylor]

On 05/07/16 17:30, Max Power wrote:
> Hi guys!
> Is there a way to recover a deleted directory on ffs
> file system in OpenBSD 5.9/amd64...?
> 
> Thanks for reply.
> 
> 
Sometimes it is possible.

sleuthkit, testdisk in ports.

Re: Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

[Kamil Cholewiński]

On Sat, 07 May 2016, David Lou  wrote:
> I wasn't able to find such a thing but perhaps I just missed it. I
> am wondering if anyone in the community knows whether such manuals
> exist for OpenBSD. Manpages are nice but they're not what I'm looking
> for. Trying to learn OpenBSD by looking up individual manpages is like
> trying to learn C programming by looking up individual functions. Sure
> you get a description of the functions but you will NOT get all the
> background information like C syntax, semantics, memory model,
> pointers, the whole shebang that every beginner *should* know, but
> don't have the background knowledge to know that they should be
> looking these up in manpages or elsewhere.
>
> I'd like to acquire confident working knowledge in OpenBSD. If no
> such manuals exist, then I'm wondering how did you or other expert
> users learn how to use and administrate the system, what the best
> programming practices are, etc. and have confidence that what they're
> doing is what they think they're doing? Surely it's not just by
> trial and error and seeing what appears to work because their
> ignorance will be a frustrating source of bugs and security flaws?

Start with the FAQ. As a *BSD beginner with only Linux knowledge, I
found it quite good at explaining all the basics, and the manuals (and
reading misc@, including the archives!) helped to fill in the gaps.

Set up a playground in Qemu or similar, or best - on some real hardware
that you can spare. Try things. Do things. Break things. Fix things.
Make it do something useful, like a file or game server, or use it as
your desktop. Have fun!

K.

Re: Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

[Denis Fondras]

> I'd like to acquire confident working knowledge in OpenBSD. If no
> such manuals exist, then I'm wondering how did you or other expert
> users learn how to use and administrate the system, what the best
> programming practices are, etc. and have confidence that what they're
> doing is what they think they're doing? Surely it's not just by
> trial and error and seeing what appears to work because their
> ignorance will be a frustrating source of bugs and security flaws?
> 

For a user, Absolute OpenBSD 2nd Ed. is probably a bit old but still relevant in
many areas :
https://www.michaelwlucas.com/nonfiction/absolute-openbsd-2nd-edition

And the OpenBSD site is of course full of useful resources.

Re: Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

[Alex Poslavsky]

On 05/07, David Lou wrote:

I wasn't able to find such a thing but perhaps I just missed it. I
am wondering if anyone in the community knows whether such manuals
exist for OpenBSD. Manpages are nice but they're not what I'm looking
for. Trying to learn OpenBSD by looking up individual manpages is like
trying to learn C programming by looking up individual functions. Sure
you get a description of the functions but you will NOT get all the
background information like C syntax, semantics, memory model,
pointers, the whole shebang that every beginner *should* know, but
don't have the background knowledge to know that they should be
looking these up in manpages or elsewhere.

I'd like to acquire confident working knowledge in OpenBSD. If no
such manuals exist, then I'm wondering how did you or other expert
users learn how to use and administrate the system, what the best
programming practices are, etc. and have confidence that what they're
doing is what they think they're doing? Surely it's not just by
trial and error and seeing what appears to work because their
ignorance will be a frustrating source of bugs and security flaws?



Besides the FAQ, the Absolute OpenBSD book is good as well:
https://www.michaelwlucas.com/nonfiction/absolute-openbsd-2nd-edition

But you sell the OpenBSD manpages short. As a beginner
myself, I noticed that virtually every question I have can be answered
with either the FAQ, or the man-pages.

The man-pages in OpenBSD are much more comprehensive *and* cohesive
then on Linux. Start with help(1) and afterboot(8), then  intro(1..9).

From there follow all the links it gives you, and you'll have a very good

overview of your system. The man-pages not just explain command-line
switches, they also explain the how, with working examples, and why of
commands, system calls, the c-library etc.

Have fun, Alex

Re: ntpd commandline expansion

[Philip Guenther]

On Sat, May 7, 2016 at 9:06 AM, Luke Small  wrote:
> I often use virtualbox to run openbsd-amd64 and lately I haven't been able
> to "ntpd -s" and make it update the clock, which may have been after
> several days.

Uh, how about we start by figuring out why "ntpd -s" is misbehaving
before we launch into adding new "NO, I REALLY MEAN IT" options?
What's the verbose output?  dmesg?


Philip Guenther

xfce4-mixer: volume level is incoherent after modifications through media keys

[Alessandro DE LAURENZIS]

Dear misc@ readers,

OpenBSD 5.9-current (GENERIC.MP) #2005: Thu May  5 18:04:12 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

┌──[just22@poseidon]-[0]-[✓]-[~]
└─› pkg_info -Q xfce4-mixer
xfce4-mixer-4.11.0p1 (installed)

I noticed that, when I modify the volume level using the multimedia
keys, value in the panel plugin isn't updated (this machine is a Lenovo
R61, in case that matters).


Is it just me or is this a known bug/limitation?

Thanks for any feedback.

-- 
Alessandro DE LAURENZIS
[mailto:just22@gmail.com]
LinkedIn: http://it.linkedin.com/in/delaurenzis

Re: watchdog suport for new hardware

[Артур Истомин]

On Tue, Apr 26, 2016 at 06:44:34AM -0600, Theo de Raadt wrote:
> obviously you show the code, and then when the complexity/simplicity of it
> is seen, some people can jump in and help.
> 
> that is the traditional way: show it
> 
> > 
> > -- 
> > A: Because it messes up the order in which people normally read text.
> > Q: Why is top-posting such a bad thing?
> > A: Top-posting.
> > Q: What is the most annoying thing in e-mail?

watchdog issues ?

[Sjöholm Per-Olov]

Hi

I have skipped all major releases of OpenBSD after 5.4 for one firewall due to
watchdog timeout resets on the em driver. Earlier today I fired up a 5.9
release and patched it up to 5.9 stable and let it take over from the old one.
It seems to go very well. But I do have one question.


The system seems to work as it should.

But what does this mean?
 Is it bad?


root@xanadu:~#grep -i watchdog /var/log/messages
May  8 00:12:15 xanadu /bsd: em1: watchdog: head 118 tail 182 TDH 118 TDT 118
May  8 00:25:33 xanadu /bsd: em1: watchdog: head 181 tail 246 TDH 181 TDT 181
May  8 00:26:35 xanadu /bsd: em1: watchdog: head 137 tail 202 TDH 137 TDT 137
root@xanadu:~#




Thanks in advance

Regards
Peo
--
GPG keyID: 9429C093
GPG fingerprint: 5F37 4298 A07F C614 647B 458C A756 5C4E 9429 C093

Re: Can't change rtadvd route preference for the default route

[Evgeniy Sudyr]

Jeremie, thank for paying attention to my post and explanation.

Finally I found that 0x58 (0x18 + 0x64) or :raflags#88: did what I
wanted - Other flag set and Default Router Preference set to Low (3).

Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x06ee [correct]
Cur hop limit: 64
Flags: 0x58
0...  = Managed address configuration: Not set
.1..  = Other configuration: Set
..0.  = Home Agent: Not set
...1 1... = Prf (Default Router Preference): Low (3)
 .0.. = Proxy: Not set
 ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0

As I see you also committed some changes to rtadvd.conf today, thank you again.

--
Evgeniy

On Wed, May 4, 2016 at 9:36 PM, Jeremie Courreges-Anglas  
wrote:
> Evgeniy Sudyr  writes:
>
>> Hi,
>>
>> I want to change route preference for the default route in RA messages
>> which are sent to clients.
>>
>> On 5.9 GENERIC.MP#1888 amd64 I do have rtadvd and changing rtflags in
>> rtadvd.conf doesn't changes
>>
>> Default router Preference (it sends default value, where I define "l" = Low).
>>
>> In config I have just two items set:
>>
>> vlan6:\
>>:raflags#64:\
>>:rtflags="l":
>>
>> raflags#64 (Other stateful configuration flag bit)
>> rtflags="l" (Low route preference for the route)
>
> I don't understand what "l" means here, rtadvd.conf(5) doesn't seem to
> mention this as a valid setting.
>
>> I'm always getting pref=medium for default router preference.
>>
>> $ ndp -rn
>> fe80:::::5e0c%vlan0 if=vlan0, flags=O, pref=medium, expire=29m52s
>>
>> However It works perfect for non-default route preference for the
>> route, but not default e.g.:
>>
>> vlan6:\
>>:raflags#64:rtflags="l":rtprefix="2001:1:1:1::":rtplen#64:
>>
>> It will be great if someone can share working config options which
>> allows to change DRFAULT router preference RA message value.
>
> As the rtflags description says, bits 4 and 3 are used to encode the
> preference.  "low" is 0x18 / 24.  :raflags#24: seems to do the trick
> here.
>
> Your mail points out three problems imo:
> - tcpdump doesn't show the preference
> - the documentation of raflags is lacking
> - it's a shame that raflags was used instead of a nicer config
>   abstraction.  I think :pref="low":managed#1: would be a bit easier
>   than playing with... bits.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE



-- 
--
With regards,
Eugene Sudyr

Re: ntpd commandline expansion

[Luke Small]

It is because I am saving the state in virtualbox, which is like putting it
in hibernate, except instead of refreshing the time, the time remains the
same as when it last ran, which can be some time ago.

-Luke

On Sat, May 7, 2016 at 3:13 PM, Philip Guenther  wrote:

> On Sat, May 7, 2016 at 9:06 AM, Luke Small  wrote:
> > I often use virtualbox to run openbsd-amd64 and lately I haven't been
> able
> > to "ntpd -s" and make it update the clock, which may have been after
> > several days.
>
> Uh, how about we start by figuring out why "ntpd -s" is misbehaving
> before we launch into adding new "NO, I REALLY MEAN IT" options?
> What's the verbose output?  dmesg?
>
>
> Philip Guenther

Re: ntpd commandline expansion

[Lyndon Nerenberg]

On 2016-05-07 3:56 PM, Luke Small wrote:

It is because I am saving the state in virtualbox, which is like putting it
in hibernate, except instead of refreshing the time, the time remains the
same as when it last ran, which can be some time ago.


Why are you running ntpd in a VM?  Just have the VM pay attention to the 
hardware clock, and let ntpd on the host take care of things.

Re: ntpd commandline expansion

[Philip Guenther]

On Sat, May 7, 2016 at 4:27 PM, Luke Small  wrote:
> I am running on an ASUS laptop, which OpenBSD may have disabled APM support
> to remain compatible. Anyway, I can't run ZZZ even as root (unless there is
> a setting that demands to be flipped somewhere).

So here's the *real* problem, but I see no bug report for it, not even
a dmesg from you to dm...@openbsd.org.  Plonk.


> It takes a few seconds to
> save the state and return using the virtualbox utility and it is as if
> nothing happened to stop it. What happens on another machine in which the
> battery goes out on the motherboard that powers the clock. if you hibernate
> while you are running a preferable uninterruptible process, you are screwed
> if your work demands an accurate clock.

Lyndon** is correct: if you want the clock in your virtualbox to jump,
virtualbox is the one that should jump it.  Changing ntpd to some how
magically detect that the VM was paused and resumed is a workaround on
a kludge.

The output of "fortune -m tailor" seems relevant: stop walking stooped
over with your elbows bent and get a correctly fitting suit.


Philip Guenther

** Hi Lyndon!  Long time since friends-of-imap dinners...

Re: ntpd commandline expansion

[Luke Small]

I am running on an ASUS laptop, which OpenBSD may have disabled APM support
to remain compatible. Anyway, I can't run ZZZ even as root (unless there is
a setting that demands to be flipped somewhere). It takes a few seconds to
save the state and return using the virtualbox utility and it is as if
nothing happened to stop it. What happens on another machine in which the
battery goes out on the motherboard that powers the clock. if you hibernate
while you are running a preferable uninterruptible process, you are screwed
if your work demands an accurate clock.

-Luke

On Sat, May 7, 2016 at 5:56 PM, Luke Small  wrote:

> It is because I am saving the state in virtualbox, which is like putting
> it in hibernate, except instead of refreshing the time, the time remains
> the same as when it last ran, which can be some time ago.
>
> -Luke
>
> On Sat, May 7, 2016 at 3:13 PM, Philip Guenther 
> wrote:
>
>> On Sat, May 7, 2016 at 9:06 AM, Luke Small  wrote:
>> > I often use virtualbox to run openbsd-amd64 and lately I haven't been
>> able
>> > to "ntpd -s" and make it update the clock, which may have been after
>> > several days.
>>
>> Uh, how about we start by figuring out why "ntpd -s" is misbehaving
>> before we launch into adding new "NO, I REALLY MEAN IT" options?
>> What's the verbose output?  dmesg?
>>
>>
>> Philip Guenther

Re: ntpd commandline expansion

[Luke Small]

I used to be able to run ntpd -s in 5.8

Now I can't. Apparently sometimes security causes incompatibilities.

I ran sendbug with my complaint.

-Luke

On Sat, May 7, 2016 at 7:06 PM, Philip Guenther  wrote:

> On Sat, May 7, 2016 at 4:27 PM, Luke Small  wrote:
> > I am running on an ASUS laptop, which OpenBSD may have disabled APM
> support
> > to remain compatible. Anyway, I can't run ZZZ even as root (unless there
> is
> > a setting that demands to be flipped somewhere).
>
> So here's the *real* problem, but I see no bug report for it, not even
> a dmesg from you to dm...@openbsd.org.  Plonk.
>
>
> > It takes a few seconds to
> > save the state and return using the virtualbox utility and it is as if
> > nothing happened to stop it. What happens on another machine in which the
> > battery goes out on the motherboard that powers the clock. if you
> hibernate
> > while you are running a preferable uninterruptible process, you are
> screwed
> > if your work demands an accurate clock.
>
> Lyndon** is correct: if you want the clock in your virtualbox to jump,
> virtualbox is the one that should jump it.  Changing ntpd to some how
> magically detect that the VM was paused and resumed is a workaround on
> a kludge.
>
> The output of "fortune -m tailor" seems relevant: stop walking stooped
> over with your elbows bent and get a correctly fitting suit.
>
>
> Philip Guenther
>
> ** Hi Lyndon!  Long time since friends-of-imap dinners...

Re: ntpd commandline expansion

[Patrick Dohman]

> Lyndon** is correct: if you want the clock in your virtualbox to jump,
> virtualbox is the one that should jump it.  Changing ntpd to some how
> magically detect that the VM was paused and resumed is a workaround on
> a kludge.


I agree numerous suspend resumes will result in drift however typing doas
rdate -nv pool.ntp.org  will resolve the issue.

I ran into this exact issue recently when issuing certs in conjunction with
Antoine Jacoutot new create-ami.sh script.

Re: ntpd commandline expansion

[Theo de Raadt]

> > Lyndon** is correct: if you want the clock in your virtualbox to jump,
> > virtualbox is the one that should jump it.  Changing ntpd to some how
> > magically detect that the VM was paused and resumed is a workaround on
> > a kludge.
> 
> 
> I agree numerous suspend resumes will result in drift however typing doas
> rdate -nv pool.ntp.org  will resolve the issue.

Resolves a specific issue, but creates a pile of others.  Good luck.

Re: Comprehensive user's/programmer's manual for OpenBSD: Do they exist?

[Teng Zhang]

Actually, there is indeed some knowledge that can't get from manual and
faq. I usually use wikipedia and openbsd src tree(especially, the include
files) as references(and the most interesting part i love is the comments
embeded in the source code).
2016年5月8日 上午2:53，"Alex Poslavsky"
写道：

> On 05/07, David Lou wrote:
>
>> I wasn't able to find such a thing but perhaps I just missed it. I
>> am wondering if anyone in the community knows whether such manuals
>> exist for OpenBSD. Manpages are nice but they're not what I'm looking
>> for. Trying to learn OpenBSD by looking up individual manpages is like
>> trying to learn C programming by looking up individual functions. Sure
>> you get a description of the functions but you will NOT get all the
>> background information like C syntax, semantics, memory model,
>> pointers, the whole shebang that every beginner *should* know, but
>> don't have the background knowledge to know that they should be
>> looking these up in manpages or elsewhere.
>>
>> I'd like to acquire confident working knowledge in OpenBSD. If no
>> such manuals exist, then I'm wondering how did you or other expert
>> users learn how to use and administrate the system, what the best
>> programming practices are, etc. and have confidence that what they're
>> doing is what they think they're doing? Surely it's not just by
>> trial and error and seeing what appears to work because their
>> ignorance will be a frustrating source of bugs and security flaws?
>>
>>
> Besides the FAQ, the Absolute OpenBSD book is good as well:
> https://www.michaelwlucas.com/nonfiction/absolute-openbsd-2nd-edition
>
> But you sell the OpenBSD manpages short. As a beginner
> myself, I noticed that virtually every question I have can be answered
> with either the FAQ, or the man-pages.
>
> The man-pages in OpenBSD are much more comprehensive *and* cohesive
> then on Linux. Start with help(1) and afterboot(8), then  intro(1..9).
> From there follow all the links it gives you, and you'll have a very good
> overview of your system. The man-pages not just explain command-line
> switches, they also explain the how, with working examples, and why of
> commands, system calls, the c-library etc.
>
> Have fun, Alex

creating a bootable flash drive

[DWL]

I'm attempting to follow the instructions on this page:

http://www.openbsd.org/faq/faq4.html#InstProb

where this section appears:

Bootable flash drive

Make a bootable flash drive. On that drive create an /etc/boot.conf file with 
the contents:

   boot hd0a:/bsd


How does one do this?

I have an installXX.fs image that loads into memory. I started a shell session 
by selecting the "S" option after the image loads, but I can't find 'vi' or 
another text editor, nor can i find 'echo'.

Thanks.