Re: Files corrupted by one byte when downloading from my HTTPD server, any idea?

[Richard Toohey]

On 06/07/17 22:10, tec...@protonmail.com wrote:

Hello,

I am using 6.1 Release - all patched, including packages with mtier.

I'm running a PHP56 web server, I am initiating automatic downloads using 
headers but whenever I download an image it cant be opened because no matter 
what image type it is I get:

Error interpreting JPEG image file (Not a JPEG file: starts with 0x0a 0xff)

I have been trying to figure this out all morning, I found a blog post which a 
guy has the exact same problem. 
https://shareithq.wordpress.com/tag/php-nginx-or-php-seems-to-be-adding-1-byte-to-image-files/

But I tested his fix on the file, and it works..

tail -c +2 avatest_local.jpg > avatest_fixed.jpg

Is it possible some sort of automatic compression is in use on the system? or 
is that just ridiculous?

Has anyone experienced this before and worked out the issue? Thanks
0x0a is a line feed (LF), and 0xFF looks like it is the start of the JPG 
image.


Does your PHP source file have a blank line at the top?

e.g.
[blank line]


i.e. your PHP source file has the 0x0a in it?  If I'm right then that 
will be sent as part of the output (the first byte in fact - what you 
are seeing).


Just an idea!

Re: Enabling ngx_http_addition_module on OpenBSD?

[Richard Toohey]

On 06/28/18 19:43, Stuart Henderson wrote:

On 2018-06-28, Özgür Kazancci  wrote:

I need to use "add_before_body" and "add_after_body" directives for Nginx
for my personal webpage, by setting them in nginx.conf. However, it seems
that my Nginx installation (from OpenBSD packages) doesn't support these
directives:

a 'cat' to log file reports;

"2018/06/28 09:14:09 [emerg] 52287#0: unknown directive "add_before_body"
in /etc/nginx/nginx.conf:162"

These directives probably belong to the module: ngx_http_addition_module. So,
is there any way to dynamically activate that module without manually
fetching and compiling Nginx on the system?

I don't want to build Nginx from source. I cannot do that - it's a
production server.
Not sure how much work would be involved ... but I think that you could 
build and test on a machine set up as per your production machine?


Then copy across the binary file(s).

The module selection is part of the nginx build system - you can't do
this without building nginx.

Re: PF possibly causing weird SSL issues ?

[Richard Toohey]

On 09/19/18 09:02, Tim Jones wrote:

Hi,

I'm wracking my brains here.   I have just replaced  
with one based on OpenBSD 6.3 PF. Nothing else has changed on the network, just the 
firewall.

Lots of "stuff" that used to work (e.g. various nightly pushes of data to "the 
cloud") have suddenly stopped working after the new firewall was put in place.

It seems to be down to some sort of weird handling of SSL by PF ?  I can't see 
why it should be OpenBSD, and yet I also can't see why it cannot be OpenBSD, 
given nothing else has changed.

The reason I say this is because of what I see if I take troubleshooting down 
to its most basic level :

This:
wget -O bp_linux.tar.gz 
https://github.com/Azure/blobporter/releases/download/v0.6.15/bp_linux.tar.gz
Fails with:
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.

And yet this (ironically !) :
wget https://cdn.openbsd.org/pub/OpenBSD/6.3/amd64/install63.iso
Works fine.

Similarly, this :
openssl s_client -connect 
github-production-release-asset-2e65be.s3.amazonaws.com:443 -servername 
github-production-release-asset-2e65be.s3.amazonaws.
com
Returns:
no peer certificate available
No client certificate CA names sent

And yet this :
openssl s_client -connect google.com:443 -servername google.com
Shows SSL certs OK  !

My PF is simple as follows (there is no NAT here, its fully routable) :
match in all scrub (no-df random-id)
block drop
set block-policy drop
set syncookies always
pass from  to any flags S/SA modulate state (pflow)

DNS and everything else is working fine.

(Not an expert, just suggesting some things that might provoke 
inspiration.  Hopefully.  But probably stuff already tried/eliminated.)


Are you sure it's pf?  If you disable pf (if that's an option here) - 
any difference?


If you take the rules out and then introduce them one-by-one - is there 
one that seems to break things?


What do the pf logs show?

Are you trying the commands on the firewall or an (OpenBSD?) machine 
behind the firewall?


[OpenBSD machine]---[OpenBSD firewall]---[the internet]

(Anything to do with LibreSSL versus OpenSSL?)

If you try those commands on another OpenBSD machine at a different 
location, do they work?


They work here (on a snapshot), so that does suggest they should work in 
general so yes, maybe the ruleset or pf.


I've not got wget installed, but can achieve the same request with ftp e.g.

$ ftp 
https://github.com/Azure/blobporter/releases/download/v0.6.15/bp_linux.tar.gz

Trying 192.30.255.112...
Requesting 
https://github.com/Azure/blobporter/releases/download/v0.6.15/bp_linux.tar.gz
Redirected to 
https://github-production-release-asset-2e65be.s3.amazonaws.com/74929278/e5e4422c-58f2-11e8-9582-3447e8bc9081?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20180919%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20180919T043531Z&X-Amz-Expires=300&X-Amz-Signature=d99e4c16a020810445620a2dc532f53e192ea382bff9785059d2f886981defb7&X-Amz-SignedHeaders=host&actor_id=0&response-content-disposition=attachment%3B%20filename%3Dbp_linux.tar.gz&response-content-type=application%2Foctet-stream

Trying 54.231.81.40...
Requesting 
https://github-production-release-asset-2e65be.s3.amazonaws.com/74929278/e5e4422c-58f2-11e8-9582-3...


What do you get if you try ftp instead of wget?

$ openssl s_client -connect 
github-production-release-asset-2e65be.s3.amazonaws.com:443 -servername 
github-production-release-asset-2e65be.s3.amazonaws.com

CONNECTED(0003)
depth=2 C = IE, O = Baltimore, OU = CyberTrust, CN = Baltimore 
CyberTrust Root

...

Re: Monitoring system

[Richard Toohey]

On 10/06/18 07:16, Stuart Henderson wrote:

On 2018/10/05 17:35, flipchan wrote:

It's weird because I have no error files that it describes the error in, I am 
promted with
"Configuration file errror DB type MYSQL is not supported by current setup"
I don't think the issue here - but if you are using PHP 7 make sure 
mysqli is used.


http://php.net/manual/en/mysqlinfo.api.choosing.php

Oh, in that case (always include the actual error message!) I'm pretty sure
you didn't enable the relevant PHP database module. I don't know which one
zabbix-web needs but I'd try php-pdo_mysql first.


I have set all configs (/var/www/zabbix/conf/zabbix.conf.php and /etc/zabbix*) 
to use 127.0.0.1
3306 , but nono :/

On October 5, 2018 12:55:15 PM UTC, Stuart Henderson  
wrote:

 On 2018-10-05, flipchan  wrote:
  Hey how did everyone get zabbix running I tried the zabbix MySQL with 
the zabbix web on 6.2 but I get a database connection error in the php , I 
assume the php can't read the config

 This is usually mysql/mariadb's annoying feature of automatically trying
 to use a unix socket when you try to make a TCP connection to localhost.
 See pkg-readmes/mariadb-server (the "chrooted daemons and MariaDB
 socket" for a workaround.




--
Take Care Sincerely flipchan layerprox dev

Re: Monitoring system

[Richard Toohey]

On 10/07/18 09:05, flipchan wrote:

My phpinfo: dpaste.com/0VDR4TE

Have you looked in /usr/local/share/doc/pkg-readmes/ for anything useful.

I've moved off PHP 5.6 so not exactly sure what the file will be called.

The instructions for 7.0.31:

    /usr/local/share/doc/pkg-readmes/php-7.0.31

... include instructions about what to do for some extensions so you 
/may/ need to do something similar.



- some 'core' extensions with extra dependencies are packaged separately
(e.g. php-pdo_mysql, php-ldap, php-soap, and others) and can be installed
with pkg_add(1).
...
For all extensions packaged separately (and for opcache), you will find a
file named /etc/php-7.0.sample/(MODULE_NAME).ini. To enable it,
add a symlink into /etc/php-7.0 and restart:

    ln -sf ../php-7.0.sample/MODULE_NAME.ini /etc/php-7.0/


Obviously these instructions will not be directly applicable in your 
case, but do have a look in /usr/local/share/doc/pkg-readmes for 
anything php-related.


On October 6, 2018 4:42:16 PM UTC, Stuart Henderson  
wrote:

On 2018-10-06, Richard Toohey  wrote:

On 10/06/18 07:16, Stuart Henderson wrote:

On 2018/10/05 17:35, flipchan wrote:

It's weird because I have no error files that it describes the

error in, I am promted with

"Configuration file errror DB type MYSQL is not supported by

current setup"

I don't think the issue here - but if you are using PHP 7 make sure
mysqli is used.

http://php.net/manual/en/mysqlinfo.api.choosing.php

It all depends what zabbix-web wants. If it's written to use one
specific
api then you will need to use the module providing that. pdo_mysql is
probably the most common nowadays.

Re: Firefox and mail attachments

[Richard Toohey]

On Sat, 22 Aug 2020 at 4:45 AM, djraymondnm 
wrote:

> I notice that in firefox, when trying to add an attachment in gmail that
> the menu of available files to attach is basically empty. Is this a feature
> or a bug? I suspect it has to do with pledge/unvail. If so, how do you deal
> with attachments?


You can only use the user’s Downloads directory. Copy files in there first
and then you can attach them.

I couldn't find any documentation on this, though I vaguely remember a misc
> post on the subject.
>
>
>
> Dave Raymond
>
>
>
> Sent with [ProtonMail](https://protonmail.com) Secure Email.
>
>

Small typo in upgrade66.html

[Richard Toohey]

Hi,

Thanks for 6.6.  And sysupgrade.

Read the 6.6 upgrade notes at http://www.openbsd.org/faq/upgrade66.html 
and there's a small typo near the top.


"Before rebooting into the install kernel

    Check diskspace of /usr. Verify that the /usr partition has a size 
of at least 1.1G. With less space the upgrade may fail and you should 
consider to reinstall the system instead."


I think:

"may fail and you should consider to reinstall the system instead"

should probably be something like:

"may fail and you should consider reinstalling the system instead"

Thanks,
Richard.

Re: HP LaserJet Problem

[Richard Toohey]

On 12/05/15 07:33, bluesun08 wrote:

hmm, the "device busy" message is gone.
But now there is a new message:

# ./testfile > /dev/ulpt0
ksh: ./testfile: cannot execute - Permission denied

So what permissions fail?

You don't have execute permissions on testfile?

$ touch testfile
$ ./testfile
ksh: ./testfile: cannot execute - Permission denied






--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/HP-LaserJet-Problem-tp284216p284602.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Virtualbox vs latest snapshot

[Richard Toohey]

On 04/11/18 10:50, Stuart Henderson wrote:

On 2018-04-10, csszep  wrote:

Hi!

I installed the latest 04.10 snapshot, the install procedure went fine, but
after reboot the VM stucks at endless boot loop .

It prints only the "booting hda0:/bsd" line.. before reboot

The 04.03 snapshot works fine.

There is a similar experience for someone with Virtualbox 5.2.8?


There's a recent bootloader problem, possibly following the update
to clang 6, that affects some machines. I suspect this might be
involved here.
Ah, that might (?) explain what was happening to me with a Lenovo 
Thinkpad X1 Carbon?


Not a VM.

Stuck in an endless boot loop, with a flash of a "heap full" message 
before the next reboot.


Tried the same snapshot on an older Thinkpad and no issues.

Looked like it was a possible SSD problem (from what I could find in the 
archives), so I tried the 6.3 installer and that was fine.


Repeated the snapshot install and got back into the endless rebooting.


To confirm if this is the problem, can you install the older
snapshot as normal, then update kernel and file sets to the newer
one? (follow the "Upgrade without the install kernel" steps on
http://www.openbsd.org/faq/upgrade63.html, except skip the part
about running installboot do install a new bootloader).

Can you report back either way please (preferably to bugs@, with
dmesg and anything special about the VM config).. If it is the
same thing it would be useful for developers to have a way to
reproduce the problem that doesn't involve specific hardware..

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 10:15, Damon Getsman wrote:

  Hello all, and thank you for taking the time to take a look at
this issue that I am currently having.  I've been a strong advocate of
OpenBSD for some time, but have only recently taken steps to start
upgrading some of my machines instead of reinstalling.
My primary server was a 4.9 installation, and it was running
apache, with PHP and MySQL integrated for the purpose of serving a
mediawiki, a gallery2 installation, and a few other utilities that I
have had up for myself and some friends.  Unfortunately, ever since I've
made the leap from 4.9 to 5.0, I've been unable to get anything other
than plain HTML documents to display via apache.  The server tells me
that there are either '500' server errors or with a little more detail
MediaWiki tells me "(Can't contact the database server: MySQL functions
missing, have you compiled PHP with the --with-mysql option? )".
Now according to the pkg_info listing that I have, I _believe_
that I have all of the proper packages and libraries installed, but I
guess I am mistaken as I'm still not able to serve pages up with any
sort of MySQL back end handling.  Here is the output of 'pkg_info -a -m'
for anybody who cares to verify this:

BitTorrent-4.4.0p10 cooperative file distribution system implemented in
Python
ImageMagick-6.6.6.10p0 image processing tools
alacarte-0.12.4p7   easy GNOME menu editing tool
apache-httpd-2.2.15p0 apache HTTP server
apcupsd-3.14.8p2daemon for controlling APC UPSes
archie-1.4.1Prospero client for the archie service
bash-4.2.10 GNU Bourne Again Shell
beav-1.40.15binary editor and viewer
bzip2-1.0.6 block-sorting file compressor, unencumbered
calc-2.11.7 C-style arbitrary precision calculator
camlimages-3.0.2p0  image manipulation functions for Objective Caml
check_bioctl-1.9Nagios plugin to check RAID status with bioctl
check_email_delivery-0.7.0 Nagios plugin to check full email delivery loop
(SMTP
/IMAP)
check_hw_sensors-1.42 Nagios plugin to monitor sysctl hw.sensors
check_mssql_health-1.5.3 Nagios plugin to check Microsoft SQL Server
check_openbgpd-1.5  Nagios plugin to monitor OpenBGPd peers
cups-1.4.7p0Common Unix Printing System
cups-pdf-2.5.1  PDF backend for CUPS
curl-7.21.7 get files from FTP, Gopher, HTTP or HTTPS servers
dosbox-0.74p0   x86 with DOS emulator targeted at playing games
emacs-22.3p10   GNU editor: extensible, customizable, self-documenting
fedora_base-4.0p8   Linux compatibility package based on Fedora Core 4
firefox-5.0p3   Mozilla web browser
firefox35-3.5.19p2  Mozilla web browser
ghostview-1.5p3 X11 front-end for ghostscript
git-1.7.6p0 GIT - Tree History Storage Tool
git-svn-1.7.6p0 GIT - subversion interoperability tools
git-x11-1.7.6p0 GIT - graphical tools
gnome-common-2.34.0 common automake macros for GNOME
gnome-desktop-2.32.1p4 components for the GNOME desktop
gnome-mplayer-1.0.4p1 GTK+/GNOME frontend for MPlayer
gnome-panel-2.32.1p5 GNOME panel
gnome-screensaver-2.30.2p2 screen saver and locker for GNOME
gnome-system-monitor-2.28.2p6 sytem monitor for GNOME
gnome-system-tools-2.32.0p6 sytem configuration GUI for desktops
gnuchess-5.08   chess program
gpgme-1.1.5p1   GnuPG Made Easy
gstoraster-1.03p0   filter to convert PostScript or PDF to cups raster
format
ircII-20081115p0Internet Relay Chat client
ispell-3.2.06p6 interactive spelling checker
jove-4.16p1 Jonathan's Own Version of Emacs
kdebase-3.5.10p13   K Desktop Environment, basic applications
kermit-8.0.211  serial and network communications package
latex-mk-1.9.1p0set of Makefile fragments to manage LaTeX documents
libpurple-2.9.0 multi-protocol instant messaging library
libreoffice-3.4.1.3p1v0 multi-platform productivity suite
mediawiki-1.15.5p3  web-based collaborative editing environment
minicom-2.2p0   MS-DOS Telix-like serial communication program
mpg123-1.13.1   fast console MPEG audio player and decoder library
mrtg-2.17.1p1   multi-router traffic grapher
mutt-1.5.21v0-sasl  tty-based e-mail client, development version
mysql-server-5.1.54p9 multithreaded SQL database (server)
ncftp-3.2.3 ftp replacement with advanced user interface
nethack-3.4.3p4-qt  dungeon explorin', hackin', game.  Piece of cake
nmap-5.51p0 scan ports and fingerprint stack of network hosts
ntop-1.1network usage, interface similar to top(1)
ntp-4.2.6pl2p7  Network Time Protocol reference implementation
ocaml-3.12.0p0  ML language based on complete class-based objective
system
oinkmaster-2.0p0update your Snort rules
p7zip-9.20.1file archiver with high compression ratio
partial-wordpress-3.0.2 standard compliant weblog
pgp-2.6.3   Pretty Good Privacy 2.6.3ia
php-5.2.17p5server-side HTML-embedded scripting language
php-curl-5.2.17p3   curl URL library extensions for php5
php-gd-5.2.17p4 image manipulation extensions for p

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 11:44, Damon Getsman wrote:

Bryan, after doing that it appears that it's not even getting executed.
I put the script into a web accessible file called debug.php, loaded
it in my browser and saw a blank page.  Viewing the source is
showing the original , leading me to believe that it is
not even handing it off to the appropriate script engine...  Not sure if
I'm right but does that help at all?



You can't use shorttags* ...

You need to use ...



* Well, you can if you tweak settings.

Re: Problems w/apache+php+mysqld since 4.9-5.0 OpenBSD Upgrade

[Richard Toohey]

On 05/23/13 12:08, Damon Getsman wrote:

Okay, now I've got the phpinfo output.  Nothing is jumpin' out at me,
if y'all care to take a look at it I've got it available at
bismaninfo.hopto.org/debug.php for a limited time here.



No mysql in the output.

What does php -m give you, etc.

It's like the message you are getting - something is up with the mysql 
extension in your install.


Check the ini files, etc.

You are using the base Apache and PHP is working - you need to look at 
the mysql extension and find out why it is not enabled or not loading.

Re: Seeking GUI refuge

[Richard Toohey]

On 05/25/13 10:48, Patrick Mc(avery wrote:

Hi Everyone
[chop]
While about 7 out of the 9 years with Linux have been good, the 
graphical experience on Linux has plummeted for me. I don't really 
want to send prospective customers to Linux any more. I am fearing 
that Windows may end up being my only option.

Which Windows GUI is that?

Last version I liked was Windows 2000; XP was OK, 7 a disaster, and 
sounds like Microsoft are backpedaling on Windows 8 and the tile-based 
approach.


Not sure there is any perfect GUI - if you are looking for something 
exactly like Windows, then you are going to have Windows (but as I say, 
"Windows" is a moving target - you talking about XP, 7 or 8, or "Blue"?)


KDE 4 and Gnome 3 have been big jumps from their previous versions.

I've been through KDE 3.5.10 to Gnome 3 to cwm, currently on XFCE which 
suits me personally.


If you get put off by a few links to non-installed applications, then 
don't think much is going to help you.


OS X looks nice, but there are a few frustrations in there, too. And if 
your customers prefer the Windows experience, then it's no help - it's 
not Windows, it is different.


Anyway, everything is meant to be on the cloud, Web 2.0 (or is it 3.0), 
iOS, Android, etc. so no-one cares about the desktop anymore. Yeah, right!


Good luck!

Re: Feedback about Desktop Environments

[Richard Toohey]

On 09/16/13 22:18, James Griffin wrote:

I need to install a Dektop Environment for my partner.

I thought about KDE or xfce, i've tried neither on OpenBSD before. Which of the 
3 main main DE's (gnome, KDE, XFCE) do you feel work best on OpenBSD.

I'm currently on XFCE and it works for me.

Used both Gnome and KDE and found good things and bad things - from *my* 
point-of-view.


I was happy with KDE 3.5.10 - but was missing the eye candy of newer 
things, so tried Gnome 3.


Was really enjoying Gnome 3 but it got a bit sluggish on the hardware I 
was using at the time, so headed for something more light-weight.


I've tried the more bare-bones ones like fvwm and cwm - bit too minimal 
for my liking, but worth trying cwm (in base so nothing to install.)


So moved to XFCE and been happy there for a while.  Alt-Tab works, 
performance is good, enough eye-candy for me.  Parole (the multi-media 
app) times out on some of my DVDs, so I use mplayer for those.  Picture 
viewer, GIMP for graphics, thunar file manager, Firefox & Chromium, 
Thunderbird, nice console, Libreoffice, etc., etc. Does everything I 
need and looks pretty enough.


It is really going to be down to personal preference and your 
requirements - no real short-cut to trying all three out for a few days 
and see which one works for you.


I would need things like removable media mounting from within the graphical 
environment, good sound support and multimedia applications.

Any advice would be helpful from those using any of these Desktop's. I thought 
i'd ask on this list before installing loads of packages.

Cheers, Jamie.

Re: update my box and Cinnamon avaible

[Richard Toohey]

On 09/23/13 22:54, Marc Espie wrote:

On Mon, Sep 23, 2013 at 11:25:57AM +0100, James Griffin wrote:

* Marc Espie  [2013-09-23 12:22:47 +0200]:


On Mon, Sep 23, 2013 at 10:32:20AM +0100, James Griffin wrote:

To update packages: pkg_add -iu (-i is for interaction to selection flavors of 
pkg's and -u is for update). Must be run with privileges, i.e. sudo or root 
user.

You don't need -i in most cases these days, pkg_tools default to interactive
if run on a terminal now.

(-I can be used to revert to non-interactive mode)


Cheers Marc, I wasn't aware of that. Just a habit I got into ages ago.

Yeah, it's something I look at in usage patterns.

Lots of people don't follow the tools development too closely,
and so they keep using options which are no longer needed.

I use pkg_add -ui because that's what is in the upgrade instructions e.g.

http://www.openbsd.org/faq/upgrade53.html#Pkgup

Is that a special case?

Thanks.


Then they teach those to other people, thus ensuring that
people keep thinking things are more complicated than
they are...

I'd really like a solution that didn't involve me having
to rectify things again and again, but it's better than nothing :)

Re: GNOME on OpenBSD 5.3 amd64

[Richard Toohey]

On 10/10/13 18:13, obsd, cgi wrote:

Hi!

"External tutorial for 4.8 vs. official documentation for 5.3.
This leads to the nonsense you've done to your 5.3 system below."

-->>

I went to openbsd.org, typed GNOME in the search form:
- the first hit was a PDF from 2007
- all the remaining were regarding packages

What now? Can you please point out where is the "official GNOME install
documentation for 5.3"? or no one uses GNOME with 5.3 on the misc list?

ps.: I found that other people have problems with GNOME on 5.3, maybe it's
a bug? (
http://community.spiceworks.com/topic/349701-gnome-on-openbsd-5-3-amd64 )

Thanks

UPDATE: oh, ok I just read the bottom part: "don't use virtualbox." - so
the bug comes out when using virtualbox?, ok, Thanks! I will try it with
other VM's or directly!


2013/10/9 Jérémie Courrèges-Anglas 


"obsd, cgi"  writes:


I tried to install GNOME on OpenBSD 5.3 amd64 for Desktop use (on
VirtualBox), see the howto below.

But after the howto, reboot, startx with a normal user:
https://i.imgur.com/MaT8lcW.png

Xorg.0.log
https://pastee.org/p8ppa

# original:


http://www.gabsoftware.com/tips/tutorial-install-gnome-desktop-and-gnome-disp
lay-manager-on-openbsd-4-8/

External tutorial for 4.8 vs. official documentation for 5.3.
This leads to the nonsense you've done to your 5.3 system below.


---

when installing:
-g*

---

echo 'export PKG_PATH=

ftp://ftp.openbsd.org/pub/OpenBSD/5.3/packages/amd64/'

~/.profile; . ~/.profile

pkg_add -i -vv gnome-session gdm
# if there was "Can't install foo" message, try the pkg_add line again

---

vi /etc/rc.local

Append/modify the following lines in /etc/rc.local:

if [ -x /usr/local/sbin/gdm ]; then
echo -n ' gdm'; (sleep 5; /usr/local/sbin/gdm) &
fi

---

echo 'exec gnome-session' > /root/.xinitrc; chmod +x /root/.xinitrc
exit
echo 'exec gnome-session' > .xinitrc; chmod +x .xinitrc

---

pkg_add -i -vv metacity
pkg_add -i -vv gnome-panel
pkg_add -i -vv nautilus

---

vi /etc/rc.conf.local

Append/modify the following lines :

xdm_flags=NO
gnome_enable=YES
gdm_enable=YES

---

pkg_add -i -vv gnome-terminal gnome-control-center gnome-menus
gnome-settings-daemon gnome-themes-standard
# for some reason, these aren't found: gnome-themes-extras gnome-utils
gnome-applets2 gnome-system-monitor gnome-nettool

---

So the question is anybody has a working howto for installing GNOME on
OpenBSD?

Just so that Antoine doesn't feel forced to send another mail about this
recurring subject: pkg_add gnome, *read* the various readmes, don't use
virtualbox.

Did you look in the archives - e.g. marc.info is a good place to search?

e.g.

http://marc.info/?l=openbsd-misc&m=135275664028541&w=2

Don't use Gnome on OpenBSD these days, but used to without problems.


--
jca | PGP: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90  8961 6191 8FBF 06A1 1494

Re: Dell servers

[Richard Toohey]

On 10/11/13 16:42, Friedrich Locke wrote:

Is anyone running OBSD 5.3 on Dell R*** series servers ?
What about 10G etherner devices ? And Storage ?
Is there any concern when buying these machines ?

Thanks in advance.



I had trouble with a Dell R620 with the iDRAC and FreeBSD / OpenBSD.

There's some issue to do with the iDRAC being Broadcom and also the 
other NICs.


FreeBSD 9.2 RC1 had the fix, so that was good enough for me for this 
machine:  http://forums.freebsd.org/archive/index.php/t-31769.html


I didn't keep very good notes (sorry!), but with OpenBSD 5.3 (and the 
latest snap at the time) I was getting "bge0: watchdog timeout --- 
resetting"


I did try turning the iDRAC NIC off, changing settings, etc., but had no 
joy until I used 9.2.


Obviously YMMV, I might have missed something, the FBSD changes might 
give you a clue what to do, etc. but it did give me a bit of grief at 
the time.


No other obvious issues with OpenBSD(/FreeBSD) on the machine - 
installed and found drives, RAM, etc. - just this NIC issue.


HTH,
Richard.

Re: Thunderbird 24.0 and Firefox 24.0 spell checking broken?

[Richard Toohey]

On 10/14/13 23:41, Fred wrote:

Hi misc@

I recently upgraded thunderbird and firefox to 24 and since then spell 
checking has stopped working - in both applications - all words get 
underlined in with a red squiggle - I've added the en-GB language packs:


port:fred ~> pkg_info|grep fire
firefox-24.0p0  Mozilla web browser
firefox-i18n-en-GB-24.0 en-GB language pack for Firefox
port:fred ~> pkg_info|grep thun
thunderbird-24.0p0  Mozilla e-mail, rss and usenet client
thunderbird-i18n-en-GB-24.0 en-GB language pack for Thunderbird

general.useragent.locale is set to en-GB

I have the same problem if I set the language to en-US.

Am I missing something obvious?

I am about to delete both firefox and thunderbird profiles to see if 
that resolves the issue...


Hi, Fred,

It's been there a while - I haven't found a solution yet (also using amd64):

http://marc.info/?l=openbsd-ports&m=137950359628970&w=2

I tried the spellchecker.dictionary_path but no difference.

You get to the stage where it looks like everything should work - but it 
just doesn't.




Cheers

Fred


[cut]

5.4 CDs in New Zealand

[Richard Toohey]

Hi, all.

CD sets arrived today in Tauranga, New Zealand.

Thanks to Theo and all the developers and other people behind OpenBSD - 
your work is much appreciated.

Re: Autoinstall

[Richard Toohey]

On 11/05/13 11:14, Predrag Punosevac wrote:

I was driving last night so I have not had much sleep. I just want to
make sure that I am not hallucinating. Then minutes ago when I installed
the latest snapshot I was presented with an additional installation option

Autoinstall [A]

I picked out of curiosity but since I have "not provided configuration
file" I was dropped to the shell.

I think I can see where is this going and I would like to thank you
everyone involved.

I assume it's this?

http://undeadly.org/cgi?action=article&sid=20131029073058&mode=expanded


Cheers,
Predrag

Re: PHP5 And Apache on 4.4

[Richard Toohey]

On 11/12/2008, at 5:10 PM, Bret wrote:


Greets:

   I recently did a clean install of OpenBSD 4.4 on a system that  
had been running 4.0. I have tried getting Php5 to run but I have  
not had any luck. Apache works fine. I installed from packages and  
followed the Instructions to do:


ln -s /var/www/conf/modules.sample/php5.conf   /var/www/conf/modules

and

mkdir /var/www/tmp

I also enabled the: AddType application/x-httpd-php .php

I have yet to find any idea other than the straight forward  
descrpition you get on the install.
I am out of ideas after making the dirs and moving libphp6.so and  
also a copy of php from /usr/local/bin
I have also did another clean install when my first tries did not  
work and then used ports to see if that would work instead.



Bret



Clean install = scrubbed the 4.0 install completely?   Or did you try  
and upgrade?


How do you know that it is not working?  What symptoms?  Any error  
messages?


i386?

Does the command line version work e.g. php -i ?

Restarted Apache / machine?

Re: PHP5 And Apache on 4.4

[Richard Toohey]

[cut]


Yes a clean install, Apache works fine,, index,html servers up  
across my network... php -i from the command line works,,, a page  
called qw.php with only   displays nothing but from  
firefox a show page source shows the  as being  
there. also did multiple reboots to make sure.


Bret


PHP 5, mate, you have got to use long tags

Re: PHP5 And Apache on 4.4

[Richard Toohey]

On 12/12/2008, at 4:51 PM, Marcos Laufer - Ipv4networks.com wrote:


Or you could just enable short tags in php.ini:

short_open_tag = On


[cut]

Yes, that's what I used to do.  And then I used someone else's server.

Or a fresh install of PHP 5.  Or something.  And I/you forget about  
short tags.


And then you wonder why PHP is "broken" on this other/new server.  And
waste several hours re-installing, testing, etc., etc., etc.

Best to break the old habit and use long tags ... obviously if you've  
got a
legacy app with short tags, the short tags directive is attractive.   
But you

are going to have to take the pain one day (probably when you least
want to/expect it.)



PHP 5, mate, you have got to use long tags







Well just everybody PLEASE Laugh at me... No I mean Laugh with me...
Thats what I get for using an old learn Apache, MySQL and PHP  
book


Thanks and Yes I was LMAO ;-D

Bret

Re: usr.sbin/wake removal

[Richard Toohey]

On 9/02/2009, at 6:31 PM, Thomas Pfaff wrote:


I think this could use some explaining for those of us that are not
intimately involved in development or have been around here for that
long.  Keeping it small and simple by saying no to adding one file
at 7.2K?  I'd really like to know the rationale on this one.

Thanks.


My guess would be that I want this 10K util, you want that 7.2K util,
Fred wants that 20K util, and every Tom, Dick, and Harry wants
their n K ... who gets to make the rules, who gets to administer it,  
etc.?

(Who gets to listen to everyone arguing why this or that should go in?)

And guess there may be ramifications for install media?

Re: Windows .zip files

[Richard Toohey]

On 21/02/2009, at 8:12 AM, Nick Guenther wrote:


On Fri, Feb 20, 2009 at 2:06 PM, Peter Fraser  wrote:

I need to examine the contents of a Windows .zip file.

I was slightly surprised that compress could not read them.

I do find about 7 packages that might possible read them
Any ideas which is the best package to pick?




pkg_add unzip?


unzip is good for files from Windows, but if the file is bigger
than a certain size (4Gb, I think) then p7zip (7-zip) will cope.

Re: Security issue, damn I've been hacked

[Richard Toohey]

On 21/02/2009, at 12:46 PM, Jean-Francois wrote:


Hi All,

It looks like my server running since few days has already been  
hacked.

It looks like a new user called 'daemon' ID 1 and a new group daemon.
User's full name 'The devil itself'  First time I find out  
evidence

of hack on my server, however it's only one month running !!

It looks like ntpd was the entry daemon connected to other than ntp  
site

but I'm not sure.
I am not sure at all about this, maybe one has changed the daemon.
After I checked the adresses that this daemon connected to, they were
very strange as webservers content (blogs, default page 'It works' and
so one ... I guess ntp servers shall not act like this).

Please find enclosed the ntpd server md5 print, one could check
if /usr/sbin/ntpd (OpenBSD 4.4) has the same print ?
md5 print of ntpd daemon (/usr/sbin) on my OpenBSD 4.4 :
a0c8961d5818b438ecbfd6c40be47a5f

Thanks for your kind help.


Ummm, not April 1st, so I'll bite.

$ md5 /usr/sbin/ntpd
MD5 (/usr/sbin/ntpd) = a0c8961d5818b438ecbfd6c40be47a5f

$ cat /etc/passwd
root:*:0:0:Charlie &:/root:/bin/ksh
daemon:*:1:1:The devil himself:/root:/sbin/nologin
operator:*:2:5:System &:/operator:/sbin/nologin

Re: OpenSSH release CDS

[Richard Toohey]

On 12/03/2009, at 5:43 PM, David Schulz wrote:

Well i think it is not a bad Idea; purchasing a superb remote  
administration

software on a CD for 25USD or whatever


[cut]

For $50CDN that's exactly what you get - and you even
get a free operating system thrown in!

Re: slave data HDD drives waking up without access

[Richard Toohey]

On 31/03/2009, at 6:49 AM, Jean-Frangois SIMON wrote:


Hi,
First of all I would prefer to awayke disks weekly instead of daily
for just
the df purpose.
I would try to do this, your advises are also welcome if any.

[cut]

The best is in my case to switch the df to weekly and put the time
of that
op during day.

[cut]

$ man daily
DAILY(8)OpenBSD System Manager's Manual
DAILY(8)

NAME
 daily, weekly, monthly - periodic system maintenance
...
DESCRIPTION
 The three files /etc/daily, /etc/weekly, and /etc/monthly are
shell
 scripts run on a periodic basis by the clock daemon, cron(8).
They take
 care of some basic administrative tasks.  The results are
mailed to root.
...
 These scripts should not be altered.
...

So change /etc/daily and /etc/weekly ...

/etc/daily ...
115
116 echo ""
117 echo "Checking subsystem status:"
118 echo ""
119 echo "disks:"
120 df -kl
121 echo ""
122 dump W
123 echo ""
124

Guess taking out lines around 120 and/or moving them to
/etc/weekly might achieve what you are after.

But do read that line about "these scripts should not be altered" -
you're on your own.

And do be careful when you upgrade ...

http://www.openbsd.org/faq/upgrade45.html#upgrade

(But I believe that the upgrade does not touch /etc unless
you do it, cannot find a definite link to prove that.)

HTH.

Re: Raspberry Pi 3 booting from USB

[Richard Toohey]

On Sat, Mar 04, 2017 at 06:40:57PM -0500, Joe Gidi wrote:


Hope this information is helpful
to someone...

--
  Joe Gidi
  j...@entropicblur.com

  "You cannot buy skill."
-- Ross Seyfried

Thanks for the info, and (a bit off-topic) great to see OpenBSD coming 
to the Pi.


So thanks to everyone making that happen, it is much appreciated.

Music On Console (MOC)

[Richard Toohey]

Hi, guys.

This might be more a question for ports@ but it is also a general "do 
you use it" question.


I've been trying to help the MOC maintainer with testing changes on OpenBSD.

He wants to use some newer POSIX features but it seems that if he does 
so, he'll have to leave OpenBSD behind.  I say "it seems" because I 
might have led him in the wrong direction.


I'm definitely not the best person to advise him, so asking the general 
OpenBSD crowd if:


(1) they use MOC or
(2) have any interest in support for it on OpenBSD or
(3) can help with the POSIX questions.

The maintainer has asked the same question on a MOC forum:

http://moc.daper.net/node/1369

Thanks,
Richard.

Re: Music On Console (MOC)

[Richard Toohey]

On 12/12/14 19:48, Ted Unangst wrote:

On Fri, Dec 12, 2014 at 15:00, Richard Toohey wrote:


(3) can help with the POSIX questions.

The maintainer has asked the same question on a MOC forum:

http://moc.daper.net/node/1369

I have no idea what posix features they want, so it's a tough question.

Thanks for all the replies - very much appreciated.

I think I should try a different tack - I'm not a MOC user nor a 
developer and I don't understand the POSIX issues.


If anyone using OpenBSD and MOC wants to ensure that future versions 
work on OpenBSD, then now is a good time to help out.  And best to 
contact the MOC developers directly: http://moc.daper.net/node/269.


Thanks,
Richard.

Re: sysmerge on 5.2?

[Richard Toohey]

On 10/29/12 20:12, bofh wrote:

Hi,
Can someone help me understand how sysmerge works?  I made all the
config changes and then followed the instructions at
http://openbsd.org/faq/upgrade52.html and did this:

# sysmerge -s $RELEASEPATH/etc52.tgz -x $RELEASEPATH/xetc52.tgz

but don't know where the files are stored?  My preference has always
to do a full/new reinstall - how does sysmerge merge it back into the
system?

I feel rather dumb, but read the upgrade and the man page quite a few
times, and don't really get it :(

This undeadly article might help with the history ...

http://undeadly.org/cgi?action=article&sid=20080424172821

I use something like ...

sysmerge -s http:///pub/OpenBSD/snapshots/i386/etc52.tgz -x 
http:///pub/OpenBSD/snapshots/i386/xetc52.tgz




Thanks!

Re: got my 5.2 cd's today

[Richard Toohey]

Arrived in Tauranga, New Zealand.

Thanks to all involved.

On 10/27/12 05:17, goodb0fh wrote:

Got mine yesterday, thanks!!!

Sent from my iPhone 7

On Oct 26, 2012, at 11:57 AM, Dan Farrell  wrote:


Just wanted to say thank-you, and the artwork is awesome.


danno

Re: enabling sendmail

[Richard Toohey]

On 02/24/13 12:54, Luis Coronado wrote:

Yes and you don't have to do anything, unless you need to enable a
different set of sendmail rules but that will depend on what you want to
accomplish.

-luis



On Wed, Feb 20, 2013 at 6:29 PM,  wrote:


Is sendmail enabled by default?  If not, how do I do that?

Have a look in man afterboot, it has a section on sendmail

Re: PHP & mini_sendmail problems

[Richard Toohey]

On 03/15/13 08:41, Alexey Suslikov wrote:

On Thu, Mar 14, 2013 at 9:35 PM, John Tate  wrote:

 From the end of error_log:
femail: no recipients

femail commandline switches aren't 100% sendmail-
compatible.

check php.ini on how you pass recipients to femail.



Also check out /usr/local/share/doc/pkg-readmes/femail-chroot-0.98p2

Re: Can't get vsftpd to run

[Richard Toohey]

On 04/02/13 18:13, John Tate wrote:

I can't find that config option.

I think Stuart is talking about the background option from here:

https://security.appspot.com/vsftpd/vsftpd_conf.html

Also look at listen, etc.

For logging - log_ftp_protocol & syslog_enable & xferlog_enable & 
vsftpd_log_file & xferlog_file options.



On Tue, Apr 2, 2013 at 9:52 AM, Stuart Henderson wrote:


On 2013-04-01, John Tate  wrote:

I've not used it in a while and I can't get it to run. I can't find any
logging options or anything.

# vsftpd

...
(It just sits there doing nothing)

How do I get it to work?

I'm using the default config with only my own banner.


It is waiting for a connection (there is a config option to run
it in the background).

We should probably add an rc.d script to the port to make it easier.

Re: faxing

[Richard Toohey]

On 04/23/13 05:30, Peter Fraser wrote:

[cut]

  The charity operates in a Windows environment. To the problem is: how does a 
person (probably a volunteer)
  on a Windows machine put a TIFF file into a directory on an OpenBSD, and in 
addition send the information
as to where send the fax and get back a status on success or failure of sending 
a fax.

[cut]
Sounds like a job for Samba - at least the putting a TIFF file from 
Windows onto an OpenBSD directory.

Re: snapshots/amd64/SHA256 x*.tgz checksums missing

[Richard Toohey]

On 05/06/13 22:04, MERIGHI Marcus wrote:

acam...@verlet.org (Abel Abraham Camarillo Ojeda), 2013.05.06 (Mon) 11:27 
(CEST):

search archives

That's what I call minimalism ;-)

I did what you told me to in advance and there's only one hit close
enough to care:

Alexander Polakov
snapshots SHA256 mismatch
2013-05-04 22:00:35
http://marc.info/?l=openbsd-misc&m=136770496915566

All other hit's for
``http://marc.info/?l=openbsd-misc&w=2&r=1&s=snapshot&q=b'' or
``http://marc.info/?l=openbsd-misc&w=2&r=1&s=sha256&q=b'' or
``http://marc.info/?l=openbsd-tech&w=2&r=1&s=snapshot&q=b'' or
``http://marc.info/?l=openbsd-tech&w=2&r=1&s=sha256&q=b'' are to old
to care. Latest snapshot used by me with alle the checksums in SHA256
was downloaded 2013-04-28:
OpenBSD 5.3-current (GENERIC.MP) #106: Thu Apr 25 16:37:24 MDT 2013
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Alexander's report talks of wrong checksums, /me of missing checksums.
Therefore:

A) Maybe you can give me a >2 words pointer?
B) Read my original message?


Did you mean "could not find a checksum" or that it complained about a 
SHA256 mismatch?


If the mismatch, then Google found me this ... search term "openbsd 
snapshot sha256 mismatch"


http://openbsd.7691.n7.nabble.com/i386-and-amd64-snapshots-kernel-SHA256-mismatch-td97960.html

... basically the SHA256 is for release, so during snapshot upgrades you 
will get warnings.


It is explained in the link above.

HTH.


Bye, Marcus
  

On Mon, May 6, 2013 at 4:19 AM, MERIGHI Marcus  wrote:

my snapshot upgrade procedure just puked at me because it could not find
a checksum for xbase53.tgz. This is on amd64, dmesg at the end.
Below is the result of me going through all the archs and looking for
x*.tgz checksums in the SHA256 files. I do know that this does not make
sense for some archs because some do not even have x*.tgz file sets.

alpha yes
amd64 no
armish yes
hp300 no
hppa no
i386 no
landisk yes
loongson no
luna88k no
macppc no
mvme68k no
mvme88k no
octeon yes
sgi no
socppc no
sparc yes
sparc64 no
vax yes
zaurus yes

Of course I would like to know whether this is by mistake or an intended
change (current.html does not tell anything about it).

Bye, Marcus

OpenBSD 5.3-current (GENERIC.MP) #106: Thu Apr 25 16:37:24 MDT 2013
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3194331136 (3046MB)
avail mem = 3101650944 (2957MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf68e0 (62 entries)
bios0: vendor Dell Inc. version "A18" date 12/06/2011
bios0: Dell Inc. Latitude D630
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET APIC ASF! MCFG TCPA SLIC SSDT
acpi0: wakeup devices PCI0(S5) PCIE(S4) USB1(S0) USB2(S0) USB3(S0) USB4(S0) 
USB5(S0) EHC2(S0) EHCI(S0) AZAL(S3) RP01(S3) RP02(S4) RP03(S3) RP04(S3) 
RP05(S3) RP06(S5) LID_(S3) PBTN(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.34 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz, 1995.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 3 (PCIE)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 11 (RP01)
acpiprt3 at acpi0: bus 12 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus -1 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus 9 (RP06)
acpiprt8 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpitz0 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "DELL KP4331" serial 278 type LION oem "SMP"
acpibat1 at acpi0: BAT1 not present
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID_
acpivideo2 at acpi0: VID2
cpu0: Enhanced SpeedStep 1995 MHz: speeds: 2001, 2000, 1600, 1200, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel GM965 Host" rev 0x0c
vga1 at pci0 dev 2 function 0 "Intel GM965 Video" rev 0x0c
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
intel_overlay_map_regs partial

Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )

[Richard Toohey]

On 05/08/13 16:01, TRUNASUCI TRUNASUCI wrote:

Hi all;

I just wanna ask if there is a project for this official refernce book for all 
users ( if any please inform ). Since i cant find any kind of like this on 
openbsd web. Just my reference is on FAQ and some other doc.

I love to have or if any handbook like this in PDF, so i can download it, and 
use/read it anywhere.

Not "official", but these are good ...

http://www.nostarch.com/obenbsd2e
http://www.nostarch.com/pf2.htm

Both of them (and more) mentioned here:

http://www.openbsd.org/books.html

HTH


So do we have it? if not, is there any plan to do it?

Thank you

TRUNASUCI Arafat
http://trunasuci.pbworks.com

Re: Firefox Pkg Spellchecker

[Richard Toohey]

On 07/03/14 11:24, Adam Suhl wrote:

I've googled around looking for why Firefox 26, installed from the Openbsd
package underlines
every word as misspelled.

I have this issue as well on 5.5-stable on amd64.
--Adam



http://marc.info/?l=openbsd-ports&m=140341756711398&w=2

Not sure how to fix in 5.5, but it's been working for a while in current.

Re: low power device

[Richard Toohey]

On 09/19/14 14:26, Steve Litt wrote:

On Thu, 18 Sep 2014 19:22:32 -0500
Chuck Burns  wrote:


On Thursday, September 18, 2014 7:52:38 PM Steve Litt wrote:

I just remembered a third question: I can plug in a USB keyboard,
but how do I view the computer's output while installing OpenBSD or
troubleshooting? Ssh is good when it's running smoothly, but not for
preboot stuff.

Thanks,

Usually, it's a serial console


Thanks Chuck,

I didn't see a serial port listed as an IO device. Ugh, none of my
laptops have a serial port either, so I'd need to use an old desktop
running minicom to act as a serial port. Unless I get a serial terminal
from a junkyard.

Use USB and a USB-to-serial cable ... something like this:

http://www.dicksmith.co.nz/tv-video-cables/dse-serial-usb-adaptor-dsnz-xh8290


Thanks,

SteveT

Steve Litt*  http://www.troubleshooters.com/
Troubleshooting Training  *  Human Performance

Re: Changing MTU size

[Richard Toohey]

On 10/03/14 16:27, Daniel Ouellet wrote:

Unless I do not read the man page properly the information is available
there.


NAME
ifconfig — configure network interface parameters
SYNOPSIS
ifconfig[-AaC] [interface] [address_family] [address [dest_address]]
[parameters]

...
and lower you have:
...
  The following parameters may be set with ifconfig:
...
  mtu value
 Set the MTU for this device to the given value. Cloned routes
inherit this value as a default. For Ethernet devices which support
setting the MTU, a value greater than 1500 enables jumbo frames. The
hardmtu output from hwfeatures shows the maximum supported MTU.
...

So if you read the man page you should have the information you need.

Hope this help

Daniel


The OP has managed to use ifconfig, he was asking how to preserve the 
chosen settings over a reboot.


I think man hostname.if does the trick, though - there is a DHCP section 
there that says:


 A DHCP-configured network interface setup consists of

   dhcp options

 The above format has the following field values:

   dhcpThe literal string ``dhcp'' if the interface is to be
   configured using DHCP.  See dhclient(8) and
   dhclient.conf(5) for more details.

   options
   Miscellaneous options to set on the interface, e.g.,
   ``media 100baseTX mediaopt full-duplex''.  Valid options
   for a particular interface type can be found in
   ifconfig(8).

Re: 5.6 arrived

[Richard Toohey]

On 10/28/14 20:52, Harald Dunkel wrote:



I would suggest to increase the version information in the
snapshot file names as soon as the release tag is attached and
the -stable branch is created. This could help to avoid a lot
of confusion.


You get your asbestos pants on, and I'll get myself some popcorn.

Re: 5.6 arrived

[Richard Toohey]

On 10/30/14 07:26, Zé Loff wrote:

Sighted on my mailbox today, in Lisbon, Portugal.

Arrived today in Tauranga, New Zealand.

Re: Is Soekris OpenBSD friendly?

[Richard Toohey]

On 11/16/13 13:03, SmithS wrote:

Greetings misc@.  After coming across a link[1] to make an OpenBSD
router using a "Soekris" device, I think I will make one.  Does anyone
else have this hardware and can verify all the components work?
I think Intel NICs are good, but everything else?  I have never heard
of this brand before so I want to be safe before buying.  The model
number[2] is "6501-30"

[1] http://www.bsdnow.tv/tutorials/openbsd-router
[2] https://soekris.com/products/net6501/net6501-30-board-case.html

greetz,
SmithS



I've got a rack-mounted net6501-50 working well at the moment,
but I've only been using it for a few weeks so far.

Not sure "all" the components work, but it was easy to install
OpenBSD 5.3 to a USB stick, boot off that, then install to an SSD.

You have to connect with a serial cable, I've found a cheap USB->serial 
adapter

connected to a null modem cable to work well.

Any issues I've had - Google has given the answers.  8-)

Also got a 5501 in use and that's been working well, too.

dmesg from the 6501:

$ dmesg
OpenBSD 5.3 (GENERIC) #0: Wed Aug 28 19:46:41 NZST 2013
r...@abc.def.co.nz:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Genuine Intel(R) CPU @ 1.00GHz ("GenuineIntel" 686-class) 1.01 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,LAHF,PERF

real mem  = 1073131520 (1023MB)
avail mem = 1044611072 (996MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/21/15, BIOS32 rev. 0 @ 0xfac40
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 100MHz
cpu at mainbus0: not configured
mpbios0: bus 0 is type PCI
mpbios0: bus 64 is type ISA
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
pcibios0 at bios0: rev 2.0 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf3880/96 (4 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x8186
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #13 is the last bus
bios0: ROM list: 0xc8000/0x2400 0xca800/0x4c00 0xcf800/0xee00
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06090a0a06000a0d
cpu0: using only highest, current and lowest power states
cpu0: Enhanced SpeedStep 1001 MHz: speeds: 1000, 1000, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel E600 Host" rev 0x05
pchb1 at pci0 dev 1 function 0 "Intel E600 Config" rev 0x00
ppb0 at pci0 dev 23 function 0 "Intel E600 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel EG20T PCIE" rev 0x01
pci2 at ppb1 bus 2
"Intel EG20T Packet Hub" rev 0x01 at pci2 dev 0 function 0 not configured
"Intel EG20T Ethernet" rev 0x02 at pci2 dev 0 function 1 not configured
"Intel EG20T GPIO" rev 0x01 at pci2 dev 0 function 2 not configured
ohci0 at pci2 dev 2 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 
19, version 1.0
ohci1 at pci2 dev 2 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 
19, version 1.0
ohci2 at pci2 dev 2 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 
19, version 1.0

ehci0 at pci2 dev 2 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 19
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel EG20T USB Client" rev 0x02 at pci2 dev 2 function 4 not configured
sdhc0 at pci2 dev 4 function 0 "Intel EG20T SDIO" rev 0x01: apic 0 int 18
sdmmc0 at sdhc0
sdhc1 at pci2 dev 4 function 1 "Intel EG20T SDIO" rev 0x01: apic 0 int 18
sdmmc1 at sdhc1
ahci0 at pci2 dev 6 function 0 "Intel EG20T AHCI" rev 0x02: msi, AHCI 1.1
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 1 lun 0:  SCSI3 
0/direct fixed naa.5001517803d66c24

sd0: 19087MB, 512 bytes/sector, 39091248 sectors, thin
ohci3 at pci2 dev 8 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 
16, version 1.0
ohci4 at pci2 dev 8 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 
16, version 1.0
ohci5 at pci2 dev 8 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 
16, version 1.0

ehci1 at pci2 dev 8 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 16
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
"Intel EG20T DMA" rev 0x00 at pci2 dev 10 function 0 not configured
puc0 at pci2 dev 10 function 1 "Intel EG20T Serial" rev 0x01: ports: 1 com
com3 at puc0 port 0 apic 0 int 19: ti16750, 64 byte fifo
puc1 at pci2 dev 10 function 2 "Intel EG20T Serial" rev 0x00: ports: 1 com
com4 at puc1 port 0 apic 0 int 19: ti16750, 64 byte fifo
puc2 at pci2 dev 10 function 3 "Intel EG20T Serial" rev 0x00: ports: 1 com
com5 at puc2 port 0 apic 0 int 19: ti16750, 64 byte fifo
puc3 at pci2 dev 10 function 4 "Intel EG20T Serial" rev 0x00: ports: 1 com
com6 at puc3 port 0 apic 0 int 19: ti16750, 64 byte fifo
"Intel EG20T DMA" rev 0x00 at pci2 dev 12 function 0 not configured
"Intel EG20T SPI" rev 0x00 at pci2 dev 12 function 1 not conf

Re: Nonexistant domains resolve to my local domain

[Richard Toohey]

On 04/10/14 21:24, Zé Loff wrote:

On 10-04-2014 05:51, Hugo Osvaldo Barrera wrote:

On 2014-04-10 01:16, Giancarlo Razzolini wrote:

Em 10-04-2014 00:43, Hugo Osvaldo Barrera escreveu:

Hi,

I've having this extremely wierd issue.
My hostname is elysion.barrera.io. When I try to ping, curl, or 
something

alike aDomainIReallySureDoeNotExist.com, it pings/curls/whatever
my local domain. Maybe an example can me clearer:

   # ping adsfsdgasdadsfasfsdfasdf.net
   PING elysion.barrera.io (174.136.104.18): 56 data bytes
   64 bytes from 174.136.104.18: icmp_seq=0 ttl=255 time=0.032 ms
   64 bytes from 174.136.104.18: icmp_seq=1 ttl=255 time=0.081 ms


Any DNS traffic on port 53 when you ping a new nonexistant domain (i.e.
how is ping resolving / who is it getting the IP from)?

Would ASR_DEBUG help in this case?

http://marc.info/?l=openbsd-misc&m=137908307611495&w=2

$ ASR_DEBUG=1 ping nosuchdomainexistsok.com

Re: ssh connections dropped after creating a keypair on the server

[Richard Toohey]

On 04/17/14 07:07, Ryan Freeman wrote:

On Wed, Apr 16, 2014 at 06:12:41AM -0500, Ed Ahlsen-Girard wrote:

I added a second -current box to the house. Since the first (named
FIRST below) had never had anywhere to ssh to, I created its first
keypair.

Now the Win7 laptop (LAPPER) running Putty has its connections to the
first -current box dropped before authentication. The key from the
laptop is still in authorized_keys. /etc/ssh/sshd_config has not
changed. security, authorization and message log files have nothing
to say about this. Dmesg and `tcpdump -o` output from the timeframe of a
connect attempt are below.

Hi,

Is there a chance you haven't updated that version of PuTTY recently?
OpenSSH takes a hard line on insecure HMACs and I recently had to
update PuTTY on a work machine as it wouldn't connect to a new OpenBSD
snapshot installation from a couple weeks ago.

Just hit exactly this with WinSCP - upgrade to latest version - all good.

Thanks.


Force people to update software following insecure semantics rather than
make it easy to be lazy is the song and dance here.

Cheers,

-ryan


--

Edward Ahlsen-Girard
Ft Walton Beach, FL

Re: Openbsd 6.9 TCL ISSUE

[Richard Toohey]

On Wed, 25 Aug 2021 at 9:28 PM, Stuart Henderson 
wrote:

> On 2021-08-24, Error@Oddprotocol  wrote:
> > hi all
> > i have been trying to use some tcl script for an eggdrop on openbsd 6.9
> > and im getting the following error
> >
> > Error: error reading "sock7": Unknown error: 50327587
> >
> >
> > i have tested the same script on other linux distro and they/it works
> fine.
> >
> > i think there is a some dependency or lib missing, as a learner its
> really
> > tough for me to figure it out. can any one help?
>
> That isn't how a missing dependency or library would normally show itself.
> There aren't mamy Tcl people here, you could try
> asking the Tcl port maintainer but you're probably better off
> asking on Tcl mailing lists.
>
>
> I saw you asked this question in a few places and someone suggested a
newer version of tcltls.

I’ve had a quick go at using the newer version (1.7.22) on OpenBSD 6.9 and
it seems to improve things. It certainly went from throwing an error to
being able to retrieve an https page.

I didn’t use the sample code just a simple http request so not saying the
egg drop code is guaranteed to work but might get you further along.

Download and extract the source code, configure, make and use. It seems to
just work.

Do you want to give that a go - I can give more details if you need.

Thanks,
Richard

Re: Cannot load Zend/IonCube "File not an ELF object"

[Richard Toohey]

On 27/04/2009, at 11:22 AM, unix3 wrote:

HI, I tried installing seperately Zend Optimizer, or IonCube ...  
but the error that I get is


Failed loading /var/www/usr/lib/php/ZendExtensionManager.so:  File  
not an ELF object
Failed loading /var/www/usr/lib/php/ZendOptimizer.so:  File not an  
ELF object


The error is the same for IonCube just that the path changes  
obviously.


PLease note iam running inside the chroot. Iam running on an amd64  
GENERIC kernel.


Could it be because iam using amd64  (4.4) instead of the i386?


Thanks.


So, where did you get the files from?  What URL?

http://marc.info/?l=openbsd-misc&m=119790234006529&w=2
(different problem, but same sort of question.)

Thanks.

4.4->4.5, then patches, ifconfig gives SIOCGIFNETMASK: Device not configured (Was Re: help with getting kernel/userland back in sync)

[Richard Toohey]

On 7/05/2009, at 4:02 AM, Robert Urban wrote:

> I'll answer my own question.
>
> It seems it's not a problem of the kernel and userland being out of  
> sync, but
> rather /sbin/sysctl was hosed too.  rebuilt and problem  
> disappeared.  I'm
> guessing that either I had some junk in /usr/obj/sbin or the patch  
> instructions
> for libssl need to mention doing a "make clean" after "cd ../../sbin".
>
> Rob Urban
>
Hi, Rob.

Thanks for posting what you found back to the list - helped me when
I hit something similar today, so I'm posting for the archives and it
might help someone else.

Upgraded i386 4.4 to 4.5 via release CD; all went well.

Applied first five patches, rebooted, could not connect over ssh.

Went to machine, typed ifconfig, and got a number of messages
along the lines of:

SIOCGIFNETMASK: Device not configured

(reboot gave the same messages.)

Google told me my kernel and userland out of sync, and eventually
looked like it was the libssl patch; when rebuilding sbin (noticeable  
in my
case when using ifconfig.)

Did as you suggested - a make clean - and back in business.

Thanks again,
Richard.
> Robert Urban wrote:
>> Hi Folks,
>>
>> I recently upgraded a 4.4 system to 4.5. I followed the Upgrade  
>> Guide, not using
>> sysmerge.  The upgrade went more-or-less ok.  After that, I wanted  
>> to install
>> the five patches on the 4.5 errata page.
>>
>> I copied src.tar.gz and sys.tar.gz (for v4.5) from a mirror,  
>> unpacked them in
>> /usr/src, applied the first patch (libssl) and my make failed at  
>> some point with
>> errors.  I removed the /usr/src tree, and created it again from  
>> scratch.
>>
>> I tried the make again (without applying patch) and it failed  
>> again, so I
>> concluded I need to sync with CVS.  This seems weird.  I would  
>> have thought the
>> src/sys tars would be clean...
>>
>> I updated the tree from CVS using:
>>
>>  cd /usr/src && cvs up -r OPENBSD_4_5_BASE -Pd
>>
>> as documented in release(8).
>>
>> I repeated my attempt to make libssl, which was successful.  I  
>> applied the rest
>> of the patches, (aucat and 3 kernel patches), built a new kernel  
>> (GENERIC.MP),
>> installed it, and rebooted.
>>
>> First I had to figure out that /sbin/ifconfig was hosed and  
>> rebuilt it. (it got
>> hosed/installed when I did the "make install" for /usr/src/sbin  
>> after building
>> libssl. I'm not sure why.)
>>
>> Now I get the following messages at boot (10 repetitions):
>>
>>  sysctl: fourth level name dad_pending in  
>> net.inet6.ip6.dad_pending is invalid
>>
>> which is in the v4.5 /etc/netstart script.  According to a mail  
>> from Stuard
>> Henderson, this means my kernel and userland are out of sync.   
>> It's not clear to
>> me how this could be, as /etc/netstart is v4.5 and the src/sys  
>> sources I used also.
>>
>> Can someone shed some light on this problem?
>>
>> thanks,
>>
>> Rob Urban

Re: PF performance problem

[Richard Toohey]

On 3/06/2009, at 10:02 PM, BARDOU Pierre wrote:


Hello,

I have performance issues on a OpenBSD 4.4 firewall.
CPU load is OK (always below 50%), but system load is always  
between 1 and

1.5, it may go up to 2 sometimes.


[cut]

And what is the actual *problem*?

What is pf failing to do?

Or are you just worried about the numbers?  Search the archives for  
"high load" ...


http://marc.info/?l=openbsd-misc&m=122607853731136&w=3

HTH.

Re: List of old forked or frozen code like apache that needs cleanup?

[Richard Toohey]

On 4/06/2009, at 9:56 AM, Chris Bennett wrote:
[chop]
I'm very motivated to help out. I'm very eager to do something  
useful when I have free time, which comes in big bunches together.  
I don't need something glamorous or sexy.
I know very well that I am like the little kid among the grown-ups,  
as it were!
So it would be very helpful for people like me who aren't  
programming gods to have someone take us by the hand and tell us  
what we should do to help!


I see lots of stuff digging around that I don't understand and I  
don't even know if it's good stuff or just leftover legacy stuff  
that I should ignore.


Chris Bennett

[chop]

The last time this was discussed ... kernel janitors.

http://marc.info/?l=openbsd-misc&m=119377638131216&w=2

Lots of stuff in that thread; including many of the developers.

Re: List of old forked or frozen code like apache that needs cleanup?

[Richard Toohey]

On 4/06/2009, at 8:13 PM, Chris Bennett wrote:


Richard Toohey wrote:

[chop]

The last time this was discussed ... kernel janitors.

http://marc.info/?l=openbsd-misc&m=119377638131216&w=2

Lots of stuff in that thread; including many of the developers.




That's a good (and long :) ) thread to read.


[chop]
But I also saw the suggestion to read books, well there are  
mountains of books and some of them are very good, but many of them  
are absolute crap.
I sure can't afford to buy five garbage books on code that cost  
$49.95.


My library system doesn't have much even with interlibrary loans.

The developers all already know how to code well, us newbies who  
are self-taught could use something that you might find difficult  
to provide since you don't really need it anymore: Which books have  
appropriate information for OpenBSD? How about opening a few new or  
old books and listing a few good ones.


I'd like to know a few good ones on C and the make process.


[chop]

You're going to get flamed for not searching the archives ...

http://marc.info/?l=openbsd-misc&m=114616081523335&w=2

http://marc.info/?l=openbsd-misc&m=115151960721770&w=2

http://marc.info/?l=openbsd-misc&m=114440292916005&w=2

... or the OpenBSD site ...

http://www.openbsd.org/books.html

Good luck ... my main problem is TIME - there's always a million  
other things to do!
(So I appreciate the developers even more for giving their time and  
efforts.)

Re: Slow response...

[Richard Toohey]

On 9/06/2009, at 12:24 PM, Nebojsa Gavrilov wrote:


Hello,

I recently bought new computer (Phenon II X3 720, GA-MA790FXT-UD5P,  
4GB

RAM  400GB SATA) and I was decided to install 64 bit (amd64) OpenBSD
4.5 on it. Installation went well and I was setup OpenBSD to use  
bsd.mp

kernel.

However OpenBSD recognize just 3.3 GB of 4GB RAM and overall system
response seems very slow (compiling, untar, gunzip...).

I try to speed up OpenBSD with Soft Updates and now it is a little bit
faster then before but again it is very slow for my hardware capacity.

How can I speed up OpenBSD? Can anybody give me some hint what to  
do or

give me a keywords for further research?


[cut]

Re. the RAM - someone asked the same question on 29th May - search
for "amd64" at http://marc.info/?l=openbsd-misc&r=1&w=3

"Seems very slow" - is rather vague.  What's the machine doing?

Are you running X?

What does top say?  systat?  Lots of interrupts or CPU or IO bound?

Have you tried disabling acpi to see if that makes a difference?

If you try installing FreeBSD/Linux, does it seem any faster?
Is it measurably faster?  Horses for courses, each OS has
strengths and weaknesses.

You will need some benchmarks as well, to see if your changes
make any difference.

Think carefully before sending the results - these are just things  
for you
to investigate to narrow down the issue(s).  If you can actually say  
that

turning "foo" off makes your "bar" go 1000% faster, then someone might
be able to help - your question is too vague.

HTH.

Re: Apache php weird problem

[Richard Toohey]

On 16/06/2009, at 7:08 PM, Richard Toohey wrote:


On 16/06/2009, at 3:22 PM, MANI wrote:

# cd /var/www/conf
# vi index.php

  1
  2  PHP Test Page!
  3  
  4 Hello PHP!
  5  
  6 


[cut]
browsing to http://127.0.0.1/index.html shows *It Worked!* default  
page.


browsing to http://127.0.0.1/index.php will shows a blank page,  
when I view

source in firefox there in no html in source with following log:

[Tue Jun 16 07:45:41 2009] [notice] child pid 12856 exit signal  
Segmentation

fault (11)

[cut]

Just a few (probably dumb) questions ...

[1] the index.php is really in /var/www/conf?
[2] you meant the index.php not to be valid PHP?  No > on purpose?

[3] the segfault is what the issue is?  Or the blank page?

Thanks.

Hmm, number 3 was a dumb question, but I was thinking
down the lines of number 1 and number 2 - what are you
actually trying to do?

Having the html page go through the PHP engine does this
on stock i386 4.5 (so no segfault or blank page):

 PHP Test Page! Hello PHP!

[4] What happens if you try

php index.php

(i.e. from the command line.  Can you get anything to do with
PHP working - outside Apache first)

[5] What happens if you disable the mysql extension - just get php
core working first?

[6] Anything from php -v or php -m that gives any clues?

[7] Did you really mean to install php5-mysql and mysql-SERVER?
You might have meant mysql-CLIENT - makes more sense.

Hopefully a few clues from that.

Re: Apache php weird problem

[Richard Toohey]

On 16/06/2009, at 3:22 PM, MANI wrote:

# cd /var/www/conf
# vi index.php

  1
  2  PHP Test Page!
  3  
  4 Hello PHP!
  5  
  6 


[cut]
browsing to http://127.0.0.1/index.html shows *It Worked!* default  
page.


browsing to http://127.0.0.1/index.php will shows a blank page,  
when I view

source in firefox there in no html in source with following log:

[Tue Jun 16 07:45:41 2009] [notice] child pid 12856 exit signal  
Segmentation

fault (11)

[cut]

Just a few (probably dumb) questions ...

[1] the index.php is really in /var/www/conf?
[2] you meant the index.php not to be valid PHP?  No   
on purpose?

[3] the segfault is what the issue is?  Or the blank page?

Thanks.

Re: Apache php weird problem

[Richard Toohey]

On 16/06/2009, at 7:44 PM, Richard Toohey wrote:

[7] Did you really mean to install php5-mysql and mysql-SERVER?
You might have meant mysql-CLIENT - makes more sense.

D'oh!   More sending without thinking first - installing php5-mysql
should have pulled in mysql-CLIENT automatically.

That's enough from me.

Re: apache DOS tool

[Richard Toohey]

On 20/06/2009, at 8:24 AM, Peter van Oord van der Vlies wrote:


Hi,

Today i some pages are publishing news about a apache DOS tool for  
example (http://isc.sans.org/diary.html?storyid=6601) and http:// 
ha.ckers.org/blog/20090617/slowloris-http-dos/


Does this applies to the openbsd apache to ?

Peter



Looks like it is old ...

http://marc.info/?l=apache-httpd-bugs&m=124533720717343&w=2

And advice here ...

http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

(Yes, I appreciate that it doesn't directly answer your question,
but might help someone ...)

Re: apache DOS tool

[Richard Toohey]

On 22/06/2009, at 9:25 PM, Aiko Barz wrote:


On Mon, Jun 22, 2009 at 08:31:01PM +1200, Richard Toohey wrote:

On 20/06/2009, at 8:24 AM, Peter van Oord van der Vlies wrote:


Hi,

Today i some pages are publishing news about a apache DOS tool for
example (http://isc.sans.org/diary.html?storyid=6601) and http://
ha.ckers.org/blog/20090617/slowloris-http-dos/

Does this applies to the openbsd apache to ?

Peter



Looks like it is old ...

http://marc.info/?l=apache-httpd-bugs&m=124533720717343&w=2

And advice here ...

http://httpd.apache.org/docs/trunk/misc/security_tips.html#dos

(Yes, I appreciate that it doesn't directly answer your question,
but might help someone ...)


Nope, this does not help at all. Reducing the Timeout helps for a
second. But reducing the timeout in slowloris.pl too, makes the apache
unreachable within seconds again.

Havent't testet OpenBSD's Apache-1.3 so far. But the only thing, that
helps currently IMHO, is to limit the number of established
connections
per IP. So, one client is not able to block all the available apache
processes (threads) anymore.

So long,
Aiko
--
:wq b  


By "help" I also meant "explain" - not "here's a fix" ... the top
link I posted said this:

Every network application is affected by such attacks, this is
a protocol
level issue.  It occurs at the network layer, not the application layer,
as demonstrated by the fact that AcceptFilter in httpd has no impact on
the attack.

The solution, like the problem, lies in the network layer.  See iptables
and similar network stack filters to provide protection against this
vector.

Seems like they (and you) are saying are Apache is not the place for
the fix?

Enough from me ...

Re: Install difficulties

[Richard Toohey]

On 9/07/2009, at 7:41 PM, Eric Furman wrote:


This is the best advice you will get.
Don't try duel booting until you know what you are doing.
And I'm not trying to be a smartass.


duel[sic] booting - someone will end up getting shot!  8-)

Re: Climbing the learning curve, in baby steps.

[Richard Toohey]

On 15/07/2009, at 5:10 PM, Wayne M. Scace wrote:


Hello fellow BSDians,
	I know it's baby steps, but I am, I thnk, off to a good start in  
climbing the learning curve of using OpenBSD.
I set myself the dual goals of getting the src tree and the ports  
tree onto the box.  Well, early in my Tuesday (14 July, 2009) I  
accomplished those goals.  I feel pretty darn good about it!!
	My next goal is to get pf setup and get this box operational as a  
Firewall/NAT box.  Which was the original intent of putting OpenBSD  
onto it in the first place.


Have a great week everyone!!

Sincerely and 
Respectfully Yours,

  Wayne M. Scace



While I'm sure everyone is very happy for you, can I respectfully ask
that your postings are a bit more technical in nature?

http://www.openbsd.org/mail.html


Stay on topic
Please keep the subject of the post relevant to users of OpenBSD.


We're all busy here.

Regarding PF - get the book - worth the money.

http://nostarch.com/pf.htm

Thanks.

Re: Easy way to follow -current, a write-up

[Richard Toohey]

On 4/12/2011, at 8:36 AM, Marc Espie wrote:

> On Sat, Dec 03, 2011 at 08:01:43PM +0100, Sime Ramov wrote:
>> I just wrote this document outlining the steps I do to keep up
>> with -current:
>>
>> 
>>
>> Hope someone finds it useful.
>
> Bad advice. As discussed with Antoine, sysmerge should be run *after* the
> update, not before, even though you may have to reboot an extra time.
>

But an interesting thread - I've been burning CDs for each snapshot I've
tried, thinking all the while "there must be a better way" ... not been a big
enough itch for me to scratch, but now I've learnt something ... so thanks for
that, guys.

Re: roundcubemail packet

[Richard Toohey]

On 5/12/2011, at 9:03 PM, Wesley M. wrote:

> Hi,
> 
> I have the following error : 
> 
> Check DB config
> DSN (write):  NOT OK(MDB2 Error: connect failed)
> Make sure that the configured database exists and that the user has write
> privileges
> DSN: mysql://roundcube:pass@localhost/roundcubemail
> 

Try 127.0.0.1

http://www.openbsd.org/faq/faq10.html#httpdchroot

> Using http://mailserver_ip/roundcubemail/installer/
> I have a user roundcube in mysql, with a "roundcubemail" database.
> I don't understand why it stops here... If someone can help me?
> 
> What is installed on this machine (OpenBSD 5.0) :
> aspell-0.60.6p4; bzip2-1.0.6; curl-7.21.7; cvsps-2.1
> dovecot-2.0.13p5; femail-0.97p1; femail-chroot-0.97p3;
> gettext-0.18.1p0; git-1.7.6p0; libiconv-1.13p2; libidn-1.22
> libltdl-1.5.26p0; libmagic-5.00; libmcrypt-2.5.8p1; libxml-2.7.8p2
> mysql-client-5.1.54p0; mysql-server-5.1.54p9; p5-Clone-0.31p1;
> p5-DBD-mysql-4.019
> p5-DBI-1.616; p5-Error-0.17016p0; p5-FreezeThaw-0.43p2; p5-MLDBM-2.04
> p5-Net-Daemon-0.43p0; p5-Params-Util-1.00p2; p5-PlRPC-0.2018p1;
> p5-SQL-Statement-1.33
> pecl-fileinfo-1.0.4p0; php-5.2.17p5; php-mcrypt-5.2.17p3;
> php-mysql-5.2.17p3
> php-pspell-5.2.17p3; roundcubemail-0.5.3p1; rsync-3.0.8p0
> 
> Also, i want to buil a mailserver (multi-domains) using sendmail(with
> virtusertable)
> and dovecot. But i want to use pop3/pop3s does this working with
> roundcubemail-0.5.3p1 ?
> 
> Thank you very much for your help.
> 
> Cheers,
> 
> Wesley.

Re: Failed to setup fvwm for antialiased Xft fonts

[Richard Toohey]

On 9/12/2011, at 7:27 PM, Tekk wrote:

> iirc the binary packages are audited, ports are not
>

Guys, they put so much effort into the docs & FAQ - read them.  The
recommendation is to use the binary packages unless you know you are doing.

http://www.openbsd.org/faq/faq15.html#Intro

The packages and ports collection does NOT go through the same thorough
security audit that is performed on the OpenBSD base system. Although we
strive to keep the quality of the packages collection high, we just do not
have enough human resources to ensure the same level of robustness and
security.

> On Thu, 8 Dec 2011, Neoklis Kyriazis wrote:
>
>> - Original Message -
>> From: Thomas Adam 
>> To: Neoklis
>> Kyriazis 
>> Cc: OpenBSD 
>> Sent: Thursday,
>> December 8, 2011 6:41 PM
>> Subject: Re: Failed to setup fvwm for antialiased Xft
>> fonts
>>
>>> No -- OpenBSD's version of FVWM as included in base is ancient.  Get
>>> the one from ports which will have XFT support.
>>
>>
>> Hi,
>>
>> Thanks for the tip. I
>> have tried to install fvwm2 from the ports tree,
>> but I saw a lot of gcc
>> warnings during compilation, some of them
>> possibly serious.
>>
>>
>> This leads me to
>> a more general question about using third party
>> software. Is the source code
>> of the binary application packages in
>> the mirrors scrutinized, to fix the
>> source of such warnings?And I
>> suppose applications installed from the ports
>> system are "as is",
>> since the source is downloaded from upstream?
>>
>> My thanks
>> in advance.
>>
>>
>>
>> Regards
>>
>> Neoklis - Ham Radio Call 5B4AZ
>> QTH Locator KM64KR
>> Website: http://www.qsl.net/5b4az/

Re: Failed to setup fvwm for antialiased Xft fonts

[Richard Toohey]

On 10/12/2011, at 5:18 AM, Neoklis Kyriazis wrote:

> - Original Message -
> From: Richard Toohey
> 
> To: Tekk 
> Cc: Neoklis
> Kyriazis ; OpenBSD 
> Sent: Friday, December
> 9, 2011 9:03 AM
> Subject: Re: Failed to setup fvwm for antialiased Xft fonts
> On 9/12/2011, at 7:27 PM, Tekk wrote:
>
>> iirc the binary packages are audited,
> ports are not
>>
>
>> Guys, they put so much effort into the docs & FAQ - read
> them.  The
>> recommendation is to use the binary packages unless you know you
> are doing.
>
>
> OK, sorry about that, but I am a complete beginner in OpenBSD and
> there is so much to read that I have not been able to cover all the
>
> ground.

Welcome to OpenBSD.

> And it was the first attempte at ports also.
>
> I guess I should spend less time
> in trying to set up the installation
>
> and more on reading
>

The installation?  Boot off the CD and follow the instructions and OpenBSD
will be installed 5 minutes later.

Install an application - pkg_add

Then go and do the reading.

Expect to still be reading and learning many years later - I am.  Between the
man pages, the FAQs, the source, and your favourite search engine - it's
(usually!) all there.

Just remember - it's not Linux, it hasn't got the deep pockets (filled with
$$$s) of Ubuntu.

It's not dumbed down - it expects the end-user to do a bit of thinking - how
can it guess/assume what is required on your machine or how it should be
configured?

It's better at some things, worse at others, ahead in some ways, behind in
others.  It won't cure cancer, but no kittens or babies are harmed.  Only you
can decide if it works for work in the way you need it to.  Different jobs
need different tools. YMMV.

Good luck.
>
> Regards
> Neoklis - Ham Radio Call 5B4AZ
> QTH Locator KM64KR
> Website:
> http://www.qsl.net/5b4az/

Re: What generates the OpenBSD page?

[Richard Toohey]

On 10/12/2011, at 3:02 PM, John Tate wrote:

> I am wondering what software if any generates the OpenBSD and similar
> websites. It appears to be a static page generated by some software, that
> software doesn't seem to be mentioned. What is it? Or is it just hand made?
> 

You might find some answers here

http://www.openbsd.org/cgi-bin/cvsweb/www/

> John Tate
> 
> -- 
> www.johntate.org

Re: error report when installing gnome on openbsd 5.0

[Richard Toohey]

On 19/01/2012, at 8:15 PM, lbvvbooo lbvvbooo wrote:

> After a 2nd thought, I don't think it's caused by packages of different
versions in one folder, because the error are all tracked and rooted to one
error: can't install gnugetopt: library c.51.0 not found; library intl.4.0 not
found. It seems a mismatch between openbsd and package gnugetopt.
>
> Any help is appreciated.
>

What *exact* version of OpenBSD 5.0?  Release?  CD?  Stable? Something else?
Generic?  i386?  amd64?  What?

Fresh install?  Upgrade?  Clean disc install from CD?  What?

What *exact* commands are you typing and what output do you get?

Have you set PKG_PATH to anything?

You are not providing enough information for anyone to help you.

Every release there are questions like this, and it usually ends up someone
trying to mix versions of OpenBSD with the wrong version of ports/packages.

And in the process of trying to explain EXACTLY what they have tried to do,
the lightbulb goes off.
>
> Thanks.
> Any help is appreciated.
>
> Thanks
>
> 
> Thanks for reply.
>
> I myself is a programmer, from my point of view, it's a version mismatch
here. Because I think gnome is quite common used package, I want to know if
there's a quick fix for this, so, if somebody else has met the same problem
with me, or have solution for this, or have suggestion on this, pls reply on
this.
>
> For the bsd and packages, I'm using the latest release version. I get bsd
5.0, download the package on internet. So I don't know where the mismatch
happens.
>
> Any help is appreciated.
>
>> Thanks.
>>
>>
>>
>>> Subject: Re: error report when installing gnome on openbsd 5.0
>>> From: j...@jggimi.homeip.net
>>> Date: Wed, 18 Jan 2012 23:58:07 -0500
>>> To: lbvvb...@live.com; misc@openbsd.org
>>>
>>> lbvvbooo lbvvbooo  wrote:
>>>
>> Hi,
>>
>> I used to use an older version of bsd, and the gnome works quit well on
that version.
>>
>> Now,
>> I'm trying to install gnome on openbsd 5.0, but it report error when I
>> try to install gnome-desktop, gnome-session, and gdm. They report
>> similar error basically:
>>
>> can't install gnugetopt: library c.51.0 not found; library intl.4.0 not
found
>>
>>
>> Here's the detail information:
>>
>> When adding gdm-2.20.11p22.tgz
>>
>> | /usr/lib/libc.so.60.1 (system): bad major
>> | /usr/local/lib/libintl.so.5.0 (gettext-0.18.1p0): bad major
>> Direct dependencies for gnugetopt-1.1.4p2 resolve to gettext-0.18.1p0
libiconv-1.13p2
>> Full dependency tree is gettext-0.18.1p0 libiconv-1.13p2
>>
>> When adding gnome-desktop-2.32.1p4.tgz:
>>
>> | /usr/lib/libc.so.60.1 (system): bad major
>> | /usr/local/lib/libintl.so.5.0 (gettext-0.18.1p0): bad major
>> Direct dependencies for gnugetopt-1.1.4p2 resolve to gettext-0.18.1p0
libiconv-1.13p2
>> Full dependency tree is gettext-0.18.1p0 libiconv-1.13p2
>>
>>
>> When adding gnome-session-2.32.1p18.tgz:
>>
>> | /usr/lib/libc.so.60.1 (system): bad major
>> | /usr/local/lib/libintl.so.5.0 (gettext-0.18.1p0): bad major
>> Direct dependencies for gnugetopt-1.1.4p2 resolve to gettext-0.18.1p0
libiconv-1.13p2
>> Full dependency tree is gettext-0.18.1p0 libiconv-1.13p2
>>
>> When adding gnugetopt-1.1.4p2.tgz
>>
>> | /usr/lib/libc.so.60.1 (system): bad major
>> | /usr/local/lib/libintl.so.5.0 (gettext-0.18.1p0): bad major
>> Direct dependencies for gnugetopt-1.1.4p2 resolve to gettext-0.18.1p0
libiconv-1.13p2
>> Full dependency tree is gettext-0.18.1p0 libiconv-1.13p2
>>>

 Any help is appreciated.

 Thanks.
>>>
>>>
>>> Please read FAQ 15.4.1.
>>> --
>>> Sent from my phone.  Please excuse any idiotic automated word choices.
It
>>> wasn't me.  Honest.

Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Richard Toohey]

On 2/02/2012, at 12:30 PM, Paul Dejean wrote:

> Even though it's bad practice, a lot of commonly programs will request
> passwords or similar sensitive information as command line arguments.
> For instance, curl, svn, useradd... There will usually be a way to
> work around doing things this way (curl can read from a config file
> for instance), but doing so is a hassle (have to write a new config
> file for each request).
>
> I would really like some way to turn the access unprivileged users
> have to this information on and off. Ideally I'd like it off by
> default in OpenBSD (secure by default).
>
> Also I would like to add, that even if you folks shoot down this FR as
> being an awful idea. It's good that there's an operating system
> community where I feel comfortable bringing up this request, where I
> wouldn't hear things like:
> "You have untrusted users on your system? What a n00b"
> "All security features are off by default, why should it be our
> responsibility to protects admins from their stupid mistakes?"
> "omg why should you care. hunting for sensitive information? it's not
> like anyone actually does that"
>
I've got no comment on the idea itself ...

In this "community", the reply is likely to be "great idea, where is your
sample implementation?"

There are not a lot of developers - I'm not one - so generally ideas need to
be accompanied by code.

It's a bit like the school P.T.A. that I help out with - there are lots of
ideas, but very few helpers - ideas welcome, but they need to be attached to
someone willing to actually do the work.

HTH.

Re: What's the location trash after "move to trash"

[Richard Toohey]

On 2/02/2012, at 6:05 PM, lbvvbooo lbvvbooo wrote:

> I checked folder ~/.local/share/Trash/files/, and test it again, still can't
find the deleted files. The trash icon does NOT show them either.
>
> Anybody help?
>

If you know one of the file names or part of one of the filenames - use find.

> Thanks.
>
>
>> Date: Wed, 1 Feb 2012 08:44:20 +0100
>> From: ajacou...@bsdfrog.org
>> To: lbvvb...@live.com
>> CC: misc@openbsd.org
>> Subject: Re: What's the location trash after "move to trash"
>>
>> On Wed, Feb 01, 2012 at 07:31:23AM +, lbvvbooo lbvvbooo wrote:
>>> Hi,
>>>
>>> I'm using openbsd 5.0 with gnome-session. When I delete items under gnome,
first I choose items and click the right button of the mouse, then choose
"move to trash". Question is I can't find the deleted items in the Trash icon
of the desktop. So, where the deleted items? How do I delete them completely,
like empty trash in windows?
>>>
>>> Here's the gnome suits I used, but the version number is incorrect.
>>>
>>> pkg_add -i -vv gnome-session-2.30.2p3.tgz
>>> pkg_add -i -vv gdm-2.20.11p1.tgz
>>> pkg_add -i -vv metacity-2.30.1p1.tgz
>>> # pkg_add -i -vv gnome-panel-2.30.2p2.tgz
>>> # pkg_add -i -vv nautilus-2.30.1p2.tgz
>>> pkg_add -i -vv gnome-terminal-2.30.2p0.tgz
>>> # pkg_add -i -vv gnome-control-center-2.30.1p0.tgz
>>> # pkg_add -i -vv gnome-menus-2.30.2p0.tgz
>>> # pkg_add -i -vv gnome-settings-daemon-2.30.2p1.tgz
>>> # pkg_add -i -vv gnome-themes-2.30.2.tgz
>>> # pkg_add -i -vv gnome-themes-extras-2.22.0p8.tgz
>>> # pkg_add -i -vv gnome-utils-2.30.0p0.tgz
>>> # pkg_add -i -vv gnome-applets2-2.30.0p2.tgz
>>> # pkg_add -i -vv gnome-system-monitor-2.28.1p3.tgz
>>> # pkg_add -i -vv gnome-nettool-2.30.0p0.tgz
>>
>> Deleted files are under: ~/.local/share/Trash/files/
>>
>> If the trash icon does show them, then you probably have an issue with the
gamin file monitor (which will be replaced in the next release anyway).
>>
>> --
>> Antoine

Re: CVS checkout for OPENBSD_5_0 : aborted

[Richard Toohey]

On 14/02/2012, at 5:01 PM, Giridhari wrote:

> HELO
>
> have tried a cvs checkout of OPENBSD_5_0 several times in the last week or
two
> and have seen cvs abort:
>
>
>
> cvs checkout: Updating src/games/snake
> cvs [chckout aborted]: could not chdir to src/games/snake/snake : Not a
> directory
>
> Could someone have a look at this please.
>
Have you tried Google yet?

Re: CVS checkout for OPENBSD_5_0 : aborted

[Richard Toohey]

On 14/02/2012, at 8:41 PM, Giridhari wrote:

> I'm not sure what you mean. Are you suggesting I should read up on how to
> operate cvs, or is there something specific about CVS and OPenBSD I should
> be aware of? I'm following the faq. I have updated several times in the
past
> with CVS with no trouble at all.

Google's first result (for me, hard to tell these days what other people will
get - with the Google filter bubble):

http://www.openbsd.org/faq/faq5.html#snake

It's hard to tell from your email what step(s) you've followed, so it's hard
to help you.

>
> -Original Message- From: Richard Toohey
> Sent: Tuesday, February 14, 2012 5:15 PM
> To: Giridhari
> Cc: misc@openbsd.org
> Subject: Re: CVS checkout for OPENBSD_5_0 : aborted
>
> On 14/02/2012, at 5:01 PM, Giridhari wrote:
>
>> HELO
>>
>> have tried a cvs checkout of OPENBSD_5_0 several times in the last week or
> two
>> and have seen cvs abort:
>>
>>
>>
>> cvs checkout: Updating src/games/snake
>> cvs [chckout aborted]: could not chdir to src/games/snake/snake : Not a
>> directory
>>
>> Could someone have a look at this please.
>>
> Have you tried Google yet?

Re: ping from chrooted httpd fails

[Richard Toohey]

On 3/03/2012, at 9:38 PM, fRANz wrote:

> Hi,
> I tried to make ping working inside httpd chroot from php script.
> Without chroot, ping works fine.
> I don't know what I miss in this configuration:
>
> # uname -a
> OpenBSD d7 5.0 GENERIC#59 i386
>
> # cat /etc/rc.conf | grep httpd
> # use -u to disable chroot, see httpd(8)
> httpd_flags="-DSSL" # for normal use: "" (or "-DSSL" after reading
ssl(8))
>
> # ps ax | grep httpd
> 28641 ??  Ss  0:00.29 httpd: parent [chroot /var/www] (httpd)
> 2400 ??  I   0:00.14 httpd: child (httpd)
> 28041 ??  I   0:00.14 httpd: child (httpd)
> 13701 ??  I   0:00.12 httpd: child (httpd)
> 32659 ??  I   0:00.13 httpd: child (httpd)
> 15200 ??  I   0:00.12 httpd: child (httpd)
> 20758 ??  I   0:00.08 httpd: child (httpd)
> 11871 ??  I   0:00.03 httpd: child (httpd)
> 7365 ??  I   0:00.04 httpd: child (httpd)
> 12284 ??  I   0:00.06 httpd: child (httpd)
>
> # ls -ls
> total 2744
> 512 --  1 root  bin  243784 Sep 22 16:06 bgpctl
> 512 -r-sr-xr-x  1 root  bin  235984 Aug 15  2011 femail
> 480 -r-sr-xr-x  1 root  bin  214748 Sep 22 16:06 ping
>
> (chmod u+s set a sticky bit on root account)
>
> # chroot -u www /var/www/ /bin/ping
> usage: ping [-DdEefLnqRrv] [-c count] [-I ifaddr] [-i wait]
>[-l preload] [-p pattern] [-s packetsize] [-T toskeyword]
>[-t ttl] [-V rtable] [-w maxwait] host
>
> From this test, ping into chroot to 127.0.0.1 seems works fine for me.
>
> But if I launch ping from php script (I tried exec and shell_exec
> functions) no output is reported, also apache logs don't report
> nothing useful.
>

Have you got /bin/sh (off the top of my head) in the chroot bin directory?

I think PHP's exec tries to find that.

What is the return code/output from exec/shell_exec?  If 127, then that's a
clue.

See here for example -

http://stackoverflow.com/questions/438618/illegal-command-error-code-127-in-p
hp-exec-function

The bit about error 127 and /bin/sh, not the guy who says just skip chroot!

HTH.


Thanks.

> PHP version is 5.3.6, installed from packages.
> PHP's safe_mode is turned off (I'm using standard /etc/php-5.3.ini file)
>
> /var wasn't mounted with noexec or something else:
>
> # mount
> /dev/sd0a on / type ffs (local)
>
> What's wrong in this scenario?
> Let me know if futher information are required.
> BR,
> -f

Re: PHP/HTTP config

[Richard Toohey]

On 20/03/2012, at 5:20 PM, Duncan Patton a Campbell wrote:

> Howdy?
>
> I've recently lost my cache of misc mail

Why not look in the archives, then?

http://marc.info/?l=openbsd-misc&r=1&w=2

Not saying you'll find an answer to your questions in misc@, but it's there
(and elsewhere on the net)

This might also help with your specific issue:

http://www.openbsd.org/faq/upgrade50.html#Pkgup

HTH.

> and I was wondering
> if anyone can point me to a explanation of the rationale for
> moving the php config into /etc.  I've moved from 4.9 to 5/snap
> and am having some trouble getting apache to work with php
> so I'm hoping that an explanation for this will give me some
> idea how to get it to work, with or without chroot.
>
> Dhu
>
> --
> Ne obliviscaris, vix ea nostro voco.

Re: Does your USB keyboard Dot key on keypad fail? Was "Re: Shuttle XS35 v2 - One key going loco"

[Richard Toohey]

On 3/04/2012, at 3:35 PM, Opera wrote:

> Hlo,
> The reason for putting this on top is that I have data that are showing that
I can not blame the Shuttle.
>
> Here is the brief infos-
>
> When using a USB keyboard [native USB or with an adaptor for ps2] the keypad
Del key works perfectly but when NumLock is on that key
> does not change its output to Dot when working with any version
> of OpenBSD that I have tried. Turning NumLock off and using the shift key
does not work either.
>
> There are no other keys affected.
>
> The problem exists on every computer that I try.
>
> Windows 7 or XP and NetBSD both work perfectly.
>
> There is now some tension in the evidence.
>
> (I) It would seem that there is a little bug in OpenBSD that will affect any
box running with USB keyboard.
>
> (II) I can't believe that this can not have been noticed before if clause
(I) is true.
>

IIRC then yes, I have noticed this (or something very similar.)  Trying to run
an emulator program on OpenBSD.

Worked fine on my laptop, but using a USB keyboard failed - it was returning a
different value for the "same" key.

This was a couple of months ago, so my memory might be playing tricks on me.

> Well maybe that no OBSD person uses USB keyboard? Or doesn't use that Dot
key on the keypad?
>
>
>
>
> On 31/03/2012 04:07, Steffen Daode Nurpmeso wrote:
>> Opera wrote [2012-03-30 12:58+0200]:
>>> Using the same keyboard where I first saw the bug but connected to a
>>> plain old PC.
>>>
>>> I use hexdump like this:
>>> # hexdump -C
>>> tap the problem key, then hit return and then Cntrol-D
>>>
>>> With numlock off I see:
>>> ^[[3~
>>>   1b 5b 33 7e 0a
>>> 0005
>>> With numlock on:
>>> .
>>>   2e 0a
>>> 0002
>>>
>>> Using the same keyboard with a ps2-USB adaptor I see the same
>>> result as the numlock off test above whether numlock is on or off.
>>>
>>> This is what I see on the Shuttle also but it has no ps2 sockets
>>> so on it I'm stuck with no working dot key on the numpad and
>>> of course old habits die hard so I mess up lots of  ip addresses.
>>>
>>> Is there something in wsconsctl or such that would let me patch
>>> it? I've been hunting through various related man pages but I
>>> have not hit on a hint so far.
>>
>> Hey, b-by!
>>
>> Just recently i've posted a patch to tech@ that let's you examine
>> the scancode of a key via wsconsctl!!!
>> Then you can use basic wsconsctl features to set the key to
>> whatever you want, now that you can identify it!!
>>
>> By the way - Marco Peereboom has posted a great ksh(1) to tech@ on
>> 2011-09-06 that let you do graceful multi-character-sequence key
>> binding, which may also be of interest to you.
>> Was for me.
>>
>> And YOU ARE THE FIRST Windows NT user i know of who cares about
>> keyboard scancodes!
>> This is just a FANTASTIC EXPERIENCE for me.
>> THANK YOU
>>
>> (P.S.: there is a X program which gives you even more info, so
>> that you can adjust your .xmodmaprc or so.)
>>
>> --steffen
>> Forza Figa!

Re: Problems starting mysql-server-5.1.62

[Richard Toohey]

On 12/04/2012, at 7:12 PM, Hasse Hansson wrote:

> "Googling" the problem and the error messages didn't get me much further.
>
> I have to admit, this is a bit over my head. aka "I don't have a clue what
> I'm doing"

Why don't you go back a bit ... how did you install MySQL 5.1.62?

How are you starting MySQL?  (Should be in /etc/rc.conf.local, mysqld in
pkg_scripts line.)

Looks like two errors there - one about threading, and one about the MySQL
user account.

But let's not run before we walk!

Working for me:

$ uname -a
OpenBSD xxx.yyy.co.nz 5.1 GENERIC#198 i386
$ pkg_info | grep mysql
mysql-client-5.1.62 multithreaded SQL database (client)
mysql-server-5.1.62 multithreaded SQL database (server)
...
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 36
Server version: 5.1.62-log OpenBSD port: mysql-server-5.1.62
...
>
>
>
> # uname -a
>
> OpenBSD odin.thorshammare.org 5.1 GENERIC#160 i386
>
>
>
> When I run : /usr/local/bin/mysql_install_db
>
> I get the following errormessage :
>
> Installing MySQL system tables...
>
> 120412  8:04:10 [Warning] '--skip-locking' is deprecated and will be
removed
> in a future release. Please use '--skip-external-locking' instead.
>
> 120412  8:04:10 [ERROR] Can't create interrupt-thread (error 91, errno: 91)
>
>
>
> When I try to follow some recommendations from
>
http://dev.mysql.com/doc/mysql-linuxunix-excerpt/5.5/en/mysql-install-db-pro
> blems.html
>
> # /usr/local/bin/mysqld_safe --user=_mysql --skip-grant-tables &
>
> [1] 3016
>
> # 120412 08:48:38 mysqld_safe Logging to
> '/var/mysql/odin.thorshammare.org.err'.
>
> 120412 08:48:38 mysqld_safe Starting mysqld daemon with databases from
> /var/mysql
>
> 120412 08:48:38 mysqld_safe mysqld from pid file
> /var/mysql/odin.thorshammare.org.pid ended
>
>
>
> [1] + Done /usr/local/bin/mysqld_safe --user=_mysql --skip
>
>
>
> And the logfile says :
>
> 120412 08:47:40 mysqld_safe Starting mysqld daemon with databases from
> /var/mysql
>
> 120412  8:47:41 [Warning] '--skip-locking' is deprecated and will be
removed
> in a future release. Please use '--skip-external-locking' instead.
>
> 120412  8:47:41 [ERROR] Fatal error: Can't change to run as user 'mysql' ;
> Please check that the user exists!
>
>
>
> 120412  8:47:41 [ERROR] Aborting
>
>
>
> 120412  8:47:41 [Note] /usr/local/libexec/mysqld: Shutdown complete
>
>
>
> 120412 08:47:41 mysqld_safe mysqld from pid file
> /var/mysql/odin.thorshammare.org.pid ended
>
> 120412 08:48:38 mysqld_safe Starting mysqld daemon with databases from
> /var/mysql
>
> 120412  8:48:38 [Warning] '--skip-locking' is deprecated and will be
removed
> in a future release. Please use '--skip-external-locking' instead.
>
> 120412  8:48:38 [Note] Plugin 'FEDERATED' is disabled.
>
> 120412  8:48:38  InnoDB: Initializing buffer pool, size = 8.0M
>
> 120412  8:48:38  InnoDB: Completed initialization of buffer pool
>
> InnoDB: Error: pthread_create returned 91
>
> 120412 08:48:38 mysqld_safe mysqld from pid file
> /var/mysql/odin.thorshammare.org.pid ended
>
>
>
> Regards
>
> Hasse

Re: About Xen: maybe a reiterative question but ..

[Richard Toohey]

My analogies usually go to custard, but I'll try this one.

You are in charge of getting four ambassadors to a meeting.  As well
as making sure they are happy and fed, you are in charge of their
security.

All four are hated in their home countries and you know their are
people wanting to kill them.

Some of your choices:

1. One car per ambassador.  If one gets taken out, at least three are
still OK (guess you would still be out of a job, though - so not a
perfect analogy.)  Obviously means four cars, four drivers, so more
expensive.  And more things to juggle.  And if you are very unlucky,
all four could still get taken out (but obviously means a lot of bad
guys being lucky.)  It takes four attacks to wipe you out.

2. All four in one car.  If any assassin tries to take out an
ambassador, chances are the rest are toast as well.  But only one
car / one driver - so less expensive.  It takes one attack to wipe
you out.

3. All four in one car - but you start to worry about the risk, so
you start adding stuff to the car.  Bigger engine, stronger body, try
and partition off the passengers, give them body armour, have a spare
driver, get the driver to drive randomly - lot more complexity and
things to juggle.  Unless you and the car builder are very good (did
you think of EVERYTHING?  What exactly did the car builder DO under
the bonnet - do you know?) - one attack will still wipe you out.

Which of these options is "most secure"?  (Sending them with Arnie in
his Hummer isn't an option.)

Now I'll send this and then think of how the analogy falls apart ... 8-)

On 25/10/2007, at 7:14 PM, Lars Noodin wrote:


Kevin Stam wrote:

... failed to satisfactorily explain why running a specific
application
in a VM is more secure then running it in a standard OS. It's
nonsense that
you think it's more secure that way. It saves a lot of money, yes
-- you
don't necessarily want a separate box just to run an application -
but
that's not the debate here. The debate is about security, and I'm
amazed
that you think a virtual environment is somehow more secure then a
dedicated
non-virtual environment...


Like I mentioned earlier, security has several contexts.  He could
well
be talking about job security, if he's the only one who knows how
it is
set up.

While probably the least, or at least one of the least, technically
skilled people here, I did spend a lot of time this spring reading
up on
virtualization and paravirtualization.

*My* conclusion was that the main, and maybe only, place that
virtualization can help is in restoration after a compromise, assuming
one makes snapshots, etc.  That and maybe load balancing / resource
usage to help uptime.  Keeping people out, or data in?  Nah.  Probably
no more than spreading out over different architectures.

However, adding an extra layer otherwise made little sense and is
probably not more effective than sysjail or something like that.
Paravirtualization, *might* help in some cases, since the guest os
must
be ported, but again the host is native and once you reach the host...

-Lars

Re: About Xen: maybe a reiterative question but ..

[Richard Toohey]

On 25/10/2007, at 8:28 PM, Richard Toohey wrote:


My analogies usually go to custard, but I'll try this one.

You are in charge of getting four ambassadors to a meeting.  As  
well as making sure they are happy and fed, you are in charge of  
their security.


All four are hated in their home countries and you know their are  
people wanting to kill them.


Some of your choices:

1. One car per ambassador.  If one gets taken out, at least three  
are still OK (guess you would still be out of a job, though - so  
not a perfect analogy.)  Obviously means four cars, four drivers,  
so more expensive.  And more things to juggle.  And if you are very  
unlucky, all four could still get taken out (but obviously means a  
lot of bad guys being lucky.)  It takes four attacks to wipe you out.


2. All four in one car.  If any assassin tries to take out an  
ambassador, chances are the rest are toast as well.  But only one  
car / one driver - so less expensive.  It takes one attack to wipe  
you out.


3. All four in one car - but you start to worry about the risk, so  
you start adding stuff to the car.  Bigger engine, stronger body,  
try and partition off the passengers, give them body armour, have a  
spare driver, get the driver to drive randomly - lot more  
complexity and things to juggle.  Unless you and the car builder  
are very good (did you think of EVERYTHING?  What exactly did the  
car builder DO under the bonnet - do you know?) - one attack will  
still wipe you out.


Which of these options is "most secure"?  (Sending them with Arnie  
in his Hummer isn't an option.)


Now I'll send this and then think of how the analogy falls  
apart ... 8-)




(Oops, sorry about not removing the irrelevant stuff from that post.)

And - just to extend the analogy further - the risks may not be  
malicious.  So if any of the above scenarios the risks would also be  
accidental - car crashes, driver has heart attack, plane falls from  
sky, etc.  Something outside your control.  Obviously for number 1 -  
one accident does not wipe you out.


And one other extension - number 3 - the beefed up car - perhaps one  
of the modifications goes wrong (so again, not a malicious attack) -  
the engine overheats because of the extra weight, catches fire, and  
your other mods mean that they're all locked in.  The glue from the  
partitions is toxic and they are overcome by fumes.  Whatever.  One  
accident wipes you out completely.


Enough!

Re: About Xen: maybe a reiterative question but ..

[Richard Toohey]

On 25/10/2007, at 9:00 PM, Lars Noodin wrote:


Richard Toohey wrote:

My analogies usually go to custard, but I'll try this one.
..
1. One car per ambassador. ...


With all four cars loaded onto a single car-carrier truck.

-Lars


Exactly!

Have you made each of the ambassadors "more secure" by placing them
in separate cars?

Yes ... BUT NOT if you then put all those cars in the carrier truck -
one attack or accident will most likely wipe them all out.

(Does this mean one of my analogies is going to work?  That will be a
first!)

Re: new dell install completed, but...

[Richard Toohey]

On 25/10/2007, at 4:35 PM, [EMAIL PROTECTED] wrote:


thanks for the response.  I'll give that a read, and a try.

where are you getting 4.2?  the web site only shows 4.1 as being  
released.


metajunkie



4.2 - order it online (they've been REALLY good this year - took less  
than 2 weeks from order to delivery to NZ.)


http://www.openbsd.org/orders.html

On 10/24/07, Nick Holland <[EMAIL PROTECTED]> wrote:



First, make sure you are trying a snapshot, not 4.1 or older.  If
you are using 4.2, still try a snapshot, a lot has happened since
4.2 already.  If that fixes your problem, you are done.  (the onboard
NIC problem is hinting to me that you are using an older version).


Snapshots - I have not done this myself, so you'll have to RTFM  
(meant politely - like I said I have not done this myself):


http://www.openbsd.org/faq/faq5.html#BldBinary

Re: Problems booting 4.2 CD on two older machines.

[Richard Toohey]

On 29/10/2007, at 5:24 PM, Craig Findlay wrote:



As other have already said, it seems to only be a problem with  
quite old PC's. At least mine is. (see dmesg below)


Cheers,
Craig

OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 234 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX


4.2 official CD works for me on Dell Optiplex ~500Mhz - I'll get  
exact details and dmesg tomorrow if of interest to anyone.  Also  
installed on newer Compaq Celeron laptop - again, no CD /  
installation issues.


With the 4.1 release, the CD set I bought personally was fine, but  
the CD set for work failed to read CD 1 (so I just used the personal  
set to install at work.)  I did not investigate further - just  
assumed dud CD.

Re: Installation troubles

[Richard Toohey]

Asking the obvious questions to eliminate them first ...

1. Official CDs?

2. Can you read/copy the CD on *any* machines / *any* OS?

3. Specifically - if you FTP install OpenBSD , can you then mount /  
copy / do anything with the CD?


4. dmesg(s)

Personal experience ...

I have installed 3.8 to 4.2 from CDs on machines from P3 500 to  
Pentium D 2.something via Celeron 900Mhz (Dells, HPs, Compaqs,  
desktops and laptops) - only real issue was a bogus 4.1 CD than no  
machine would touch.


I had a CD error with 4.2 today (same CD that I have done 3 installs  
with already!) when extracting Xenocara - so I umounted, ejected,  
took CD out, waggled it around while saying magic incantation,  
remounted, and tried again and it worked (well, no errors reported.)


HTH, YMMV, IANAD, etc.

On 1/11/2007, at 4:55 PM, Chris Zakelj wrote:

Evening... I'm trying install my fresh 4.2 CDs on a system that is  
destined to become a samba server and build machine for CF-based  
firewalls.  Only I'm having a problem (obviously).  This is the  
third release where I'm having this issue, but previously I just  
chalked it up to old, cranky CDROM drives, and went with FTP.  But  
given this is all new hardware, time to figure out what's really  
happening.


This system is fresh-built amd64 (but will be running/compiling all  
i386 binaries to avoid having to cross-compile Soekris builds), IDE  
DVD-ROM drive, SATA hard drive.  Boots from CD, then gets through  
partitioning, labelling, and formatting the drive just fine.   
Network config sails through, until I finally hit "Let's install  
the sets!".  I hit enter for the defaults 'cd' and 'cd0', at which  
point I get the following:


cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x28
   SENSE KEY: Media Error
ASC/ASCQ: ASC 0x11 ASCQ 0x06

This message repeats three times, at which point the installer  
gives up, reports 'No filesystems found on cd0', and asks again  
where to find the sets.  For what it's worth, this happens on four  
different i386 machines of various vintage (from a 16 year old 486  
up through tonight's Sempron build), with official CD releases from  
4.0 onwards.  I'm guessing I'm missing something obvious, but  
Google and MARC didn't turn up anything, so cluesticks are welcome.

Re: Installation troubles

[Richard Toohey]

On 3/11/2007, at 9:59 AM, Chris Zakelj wrote:


Kenneth R Westerback wrote:

ASC/ASCQ 0x11/0x06 would appear to mean "CIRC Unrecovered Error".
These values are listed in /usr/src/sys/scsi_base.c, line 1207 and
following. The error text is left out of install kernels to save
space.




Kenneth obviously followed my thought processes and posted more or  
less exactly what I found ...


That explains the *what* (sort of), but not the why.  Given that  
this occurs on four different systems, with four different drives,  
with upwards of eight different IDE cables (both 40- and 80- 
conductor), and that it's across multiple releases and multiple  
CD's, there has to be something I'm doing wrong.  I'm just at a  
loss as to what.


... but it doesn't really give you any pointers.

I  cannot see what what you are doing wrong that would affect the  
installation - have you tried following the instructions TO THE  
LETTER?  From your previous post, it would seem not ... (not saying  
that you are doing anything wrong, just something different.)


FROM PREVIOUS POST:

Initial label editor (enter '?' for help at any prompt)
> n a
mount point: [none] /
> p
device: /dev/rwd0c
type: ESDI
disk: ESDI/IDE disk
label: WDC WD800JD-00LS
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 9729
total sectors: 156301488
free sectors: 151027065
rpm: 3600

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
 a:  4208967   63  4.2BSD   2048 163841 # /
 b:  1060290  4209030swap
 c:1563014880  unused  0 0

END

If you follow the instructions to the letter (obviously you'll end up  
with a rather large home partition ...) do you get the same  
behaviour?   I cannot see how HD partitioning would affect CD  
reading; but assume nothing until proven.


Do you know what these messages below (from your dmesg) actually mean  
- would they have any impact (unlikely, I know, but worth checking?)   
Anything similar in the other machines that fail?  What brands /  
BIOSes / CDs / DVDs on the other machines - anything in common there?


FROM PREVIOUS POST:

pciide0: channel 1 disabled (no drives)

pciide1 at pci0 dev 8 function 0 vendor "SiS", unknown product 0x0183  
rev 0x01: DMA (unsupported), channel 0 wired to native

-PCI, channel 1 wired to native-PCI

END

Sorry if this is not particularly useful - but I'm trying to figure  
out what is is that you do differently to me - I have have installed  
3.8 onwards on i386 from 475 Mhz to 2.x Ghz via CD successfully most  
of the time (one bogus CD and one burner - see below - that didn't  
like OpenBSD.)


Seems unlikely that you'd be unlucky enough to have 5 bogus CDs or  
BIOSes, or CD/DVD drives (I did have one DVD burner that OpenBSD did  
not like - sporadic errors *like* yours but too long ago for me to  
say for certain - but Windows seems happy enough with the drive.)  Or  
maybe you have really upset someone somewhere?  8-)


Can you borrow a CD / DVD burner from someone else?

I'll leave it at that - I would try following the instructions to the  
letter just to eliminate that; then you'll have to try other CD/DVD  
drives.


The more I think about it, the more my brain is telling me that the  
issue I had with the DVD burner gave me the same behaviour as you are  
reporting - boots OK, initial installation OK, fails on installation  
of sets.  But might be a false memory from thinking about it too  
long!  I bought a Pioneer DVD (more expensive that the Dick Smith's  
one) and it did not work with OpenBSD - but it was OK with Windows.   
Got the cheaper drive, and all was well.  But can you really be that  
unlucky to get *FIVE* CD/DVD drives that don't work?

Re: OpenBSD 4.2 hardware recommendation

[Richard Toohey]

So don't buy an over-the-top firewall ... and donate the difference  
to OpenBSD?  8-)


On 3/11/2007, at 9:25 PM, VP wrote:


If you can live w/o RAID, i recommend advantech.com or nexcom.com
Network Security Appliance product lines.


Appliance is not very good solution for us. We want buy one good  
server.

Also I find no sense of CARP, because we will have old server as
standby. IDS database will be placed on another server.

Re: library resolution in 4.1

[Richard Toohey]

On 30/10/2007, at 1:16 PM, David wrote:


Hi all

Set up fresh copy of 4.1 on my laptop, installed all the base tgz
modules (including all X server stuff), set PKG_PATH to my local ftp
mirror, and to get xfce, used the command:
pkg_add -nv xfwm4


Even by looking in the dependency tree:

Can't install glitz-0.5.6: lib not found X11.9.0



Last time you (it was you?) asked this ...

http://marc.info/?l=openbsd-misc&m=119058244123786&w=2

This should work and does work for me - so what are you doing  
differently?


What exactly *is* your local FTP mirror?

Re: Trouble ftp'ing out of network, already running ftpproxy for internal ftp server, need to ftp out

[Richard Toohey]

I've been having great fun with FTP - active and passive - and  
assumed it was the wrong port here or there or something strange in  
pf - my fault every time so far.


Running with pf + ftp-proxy box, and proftpd or vsftpd on boxes  
behind that on two different networks, and then NAT clients on  
another network (behind another pf box.)


It has been unrouteable (if that is the correct term?) addresses.   
And because the traffic never hits pf, you don't see anything in the  
logs (apart from the control channel traffic) and really wonder what  
is going on (I am logging in the right place?  Maybe my ftp-proxy  
settings?   Did I reload the rules?  Maybe it's the router, etc., etc.)


Apologies if this is all old hat to you (but might help others  
following the thread one day.)


The symptoms are exactly what you describe - the control channel  
(port 21) allows you to connect (even create files, but they will be  
0 bytes) but as soon as you touch the data channel ... nothing.


Active FTP, the client is behind NAT, and tells the server that it  
(the client) is listening at 192.168.30.30 (or whatever) port xyz for  
data - obviously the server is never going to find 192.168.30.30  
across the internet (or if it does find one, it is not the FTP  
client.)  Haven't found a solution for this yet, but not bugging me  
enough! (I can test from other machines)


Passive FTP, the server has an internal IP (e.g. 172.16.0.01), and  
tells the client that it (the server) is listening on that address,  
port xyz for data - same situation, the client will never find the  
server over the internet.


http://en.wikipedia.org/wiki/Ftp shed light on this for me.

It *seems* that some routers will see the IPs in the FTP traffic and  
sort things out automatically - not sure if this is the case - maybe  
someone will correct me?  I can't explain everything that I've seen  
while getting this going.


Different FTP clients behave differently!  So choose your test  
environment.  Some clients seem to ignore what the server says and  
try and connect to the original IP, so it all works.  Others are very  
picky.  You want one that displays as much info as possible as what  
it is trying to do (personally I use Tcl and the Tcllib FTP client  
with all debugging and callbacks enabled - but I'll probably be alone  
in that!)


One solution for passive issues seems to be to masquerade the IP  
(vsftp or proftpd) e.g.


http://vsftpd.beasts.org/vsftpd_conf.html


pasv_address
Use this option to override the IP address that vsftpd will  
advertise in response to the PASV command. Provide a numeric IP address.


Default: (none - the address is taken from the incoming  
connected socket)



HTH.

On 8/11/2007, at 9:19 PM, knitti wrote:


On 11/8/07, Jake Conk <[EMAIL PROTECTED]> wrote:

Hello,

I have a computer running OpenBSD 4.2 which is acting as my router.
Behind it I have a a ftp-server which is working fine thanks to
ftp-proxy but one of the problems I am having is ftp'ing out of my
network. I am able to connect and establish connections to outside
servers but I am not able to run normal commands on them like ls, cd,
get, etc. Any command I try running after I connect just hangs and
fails.


of course, since your are using NAT. starting a second instance of
ftp-proxy on a different port should work, just look at the manpages

pf.conf(5)
ftp-proxy(8)

--knitti

Re: identifying sparse files and get ride of them trick available?

[Richard Toohey]

On 10/11/2007, at 10:05 AM, Daniel Ouellet wrote:


Otto Moerbeek wrote:
stat -s gives the raw info in one go. Some shell script hacking  
should

make it easy to detect sparse files.


Thanks Otto for the suggestion. That might help until it can be  
address for good. It would help speed up some of it. (;>




This looked interesting (curiosity killed the cat?), so I started  
looking at sparse files (not heard of them before.)


Is this a sparse file?

# dd if=/dev/zero of=sparsefile bs=1024 seek=10240 count=0
0+0 records in
0+0 records out
0 bytes transferred in 0.000 secs (0 bytes/sec)
# ls -lh
[--cut--]
-rw-r--r--  1 root  wheel  10.0M Nov 11 08:43 sparsefile
# du -hsc sparsefile
32.0K   sparsefile
32.0K   total
# du sparsefile
64  sparsefile
# stat -s sparsefile
st_dev=7 st_ino=51969 st_mode=0100644 st_nlink=1 st_uid=0 st_gid=0  
st_rdev=0 st_size=10485760 st_atime=1194723829 st_mtime=1194723829  
st_ctime=1194723829 st_blksize=16384 st_blocks=64 st_flags=0


So because blocks allocated = 64, and block size is (usually) 512  
bytes => file is 32K (but ls and others will report 10Mb size.)


So if you scanned whatever director(y|ies) you are interested in,

If st_size > (st_blocks * 512) Then
*** this may be a sparse file?

(BUT - blocksize of 16384 is reported so I must be missing something?)

A stab at it in Perl (lifted from Perl Cookbook):

use strict;
use warnings;
use File::Find;
sub process_file {
my $f=$File::Find::name;
(my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,my  
$rdev,my $size,my $atime,my $mtime,my $ctime,my $blksize,my $blocks) 
=sat($f);

if ($blocks * 512 < $size) {
print "\t$f => SZ: $size BLSZ: $blksize BLKS: $blocks 
\n";

print "\t" . -s $f;
print "\n";
}
}
find(\&process_file,("/home/sparse-files"));

The output is:

# perl check.pl
/home/sparse-files/sparsefile => SZ: 10485760 BLSZ: 16384  
BLKS: 64

10485760

Thanks.

Re: identifying sparse files and get ride of them trick available?

[Richard Toohey]

On 10/11/2007, at 9:11 PM, Richard Toohey wrote:

(my $dev,my $ino,my $mode,my $nlink,my $uid,my $gid,my  
$rdev,my $size,my $atime,my $mtime,my $ctime,my $blksize,my $blocks) 
=sat($f);


Oops - should end with:

=stat($f);

not

=sat($f);

Re: identifying sparse files and get ride of them trick available?

[Richard Toohey]

On 10/11/2007, at 9:32 PM, Otto Moerbeek wrote:


yeah, look at stat(2):

 int64_tst_blocks;  /* blocks allocated for file */
 u_int32_t  st_blksize; /* optimal file sys I/O ops blocksize */

actually st_blocks's unit is disk sectors, to be precise.

I don't read perl, so I cannot comment on the script below.

-Otto


Thanks for the feedback.

I tried in C, but could not get past getting 0 for st_blocks every  
time (will be my C, but I can't see (C?) what it is yet ...)


# man -s 2 stat:
[cut]
 struct timespec st_ctimespec;  /* time of last file status  
change */

 off_t  st_size;   /* file size, in bytes */
 int64_tst_blocks; /* blocks allocated for file */
[cut]

check.c
---

#include 

int main(void) {
struct stat stat_stuff;
int result;
result=stat("/home/sparse-files/sparsefile",&stat_stuff);
printf("%d %d\n",stat_stuff.st_size,stat_stuff.st_blocks);
}

# cc check.c -o check
# ./check
10485760 0

Re: Please send email directly to misc@openBSD.org (no cc please)

[Richard Toohey]

 On 16/11/2007, at 7:20 PM, Weldon Goree wrote:


If only there were mail clients that allowed one to filter on To: or
Cc:...


And automatically added  dripping  tags?

Re: restore hanging on an "unusual" file name

[Richard Toohey]

On 21/11/2007, at 12:08 PM, Jeff Ross wrote:


Jeff Ross wrote:

Hi,

   "
 11609 restore  RET   write 27/0x1b
 11609 restore  CALL  write(0x2,0x80147000,0x34)
 11609 restore  GIO   fd 2 wrote 52 bytes
   "1834488 Document Scrap '\M-o\M^C\M^X Journal Entrie...'.shs
   "
On a console (not xterm) the file name appears to be
Document Scrap 'C/ Journal Entrie...'.shs
(that's a lower case "i" with two dots over it.)


My original e-mail did get mangled a little.

The C/ above is really the lowercase i with two dots over it.

Jeff


I had a look out of curiosity (again) ... no great words of wisdom  
but might help ...


Doesn't *just* seem to be because of the i-with-two-dots above it  
(0xEF?  I looked at http://unicode.org/charts/  and the Latin-1 page  
- you'll need a PDF viewer.  The character is a LATIN SMALL LETTER I  
WITH DIAERESIS to give it the proper moniker ...)


Create char_file.c (yes, no prizes for this code.)  You can achieve  
getting this filename without code, but might be easier to use the  
code than find the right character and paste it.


#include 

int main(void) {
FILE *f;
char fn[]="x.txt";
fn[2]=0xEF;
f=fopen(fn,"w");
fputs("Something here",f);
fclose(f);
return 0;
}

Compile with ...
# cc -Wall -o char_file char_file.c

Execute with ...
# ./char_file

You should end up with a new file in your current directory:

xx?xx.txt		(depending on your display, that question mark may appear  
as the i-with-two-dots.)


Do a dump:

# mkdir testd
# mv xx?xx.txt testd
# dump -0 -f testd.dmp testd/
  DUMP: Dumping sub files/directories from /home
  DUMP: Dumping file/directory testd/
  DUMP: Date of this level 0 dump: Thu Nov 22 10:59:25 2007
  DUMP: Date of last level 0 dump: the epoch
  DUMP: Dumping /dev/rwd0h (/home) to testd.dmp
  DUMP: mapping (Pass I) [regular files]
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 106 tape blocks on 0.00 tape(s).
  DUMP: Volume 1 started at: Thu Nov 22 10:59:25 2007
  DUMP: dumping (Pass III) [directories]
  DUMP: dumping (Pass IV) [regular files]
  DUMP: 74 tape blocks on 1 volume
  DUMP: Date of this level 0 dump: Thu Nov 22 10:59:25 2007
  DUMP: Volume 1 completed at: Thu Nov 22 10:59:25 2007
  DUMP: Date this dump completed:  Thu Nov 22 10:59:25 2007
  DUMP: Average transfer rate: 0 KB/s
  DUMP: Closing testd.dmp
  DUMP: DUMP IS DONE

Do a restore:

# restore -i -f testd.dmp
restore > cd testd
restore > verbose
verbose mode on
restore > ls
./testd:
25 ./  2 ../24 xx?xx.txt

restore > quit

The copy/paste was via a Mac console - on X running on OpenBSD 4.2/ 
i386 the i-with-two-dots appears correctly throughout.


I *know* your dump/restore process is a LOT more complicated than  
this - I'm trying to reproduce the error with the smallest amount of  
effort (don't fancy setting up a Windows box and compressing 12Gb,  
etc.!)


Guess the next thing might be getting a way smaller sample dump file  
that still shows the problem?  Doesn't *seem* to be just the i  
character - so is it the spaces?  The apostrophes?  Combination of  
all three?  The length of the filename? The Windows factor?   Samba?  
Translation by something?


The (interactive) restore source code is in /usr/src/sbin/restore/ 
interactive.c  - so you could try adding some debug messages in there  
on a test box and run the file through it ...


Are you running 4.2 i386 (apologies if covered or obvious in your  
posting?)


Thanks.

Re: restore hanging on an "unusual" file name

[Richard Toohey]

On 21/11/2007, at 10:48 PM, Otto Moerbeek wrote:


On Wed, Nov 21, 2007 at 10:20:39PM +1300, Richard Toohey wrote:


On 21/11/2007, at 12:08 PM, Jeff Ross wrote:


Jeff Ross wrote:

Hi,

   "
 11609 restore  RET   write 27/0x1b
 11609 restore  CALL  write(0x2,0x80147000,0x34)
 11609 restore  GIO   fd 2 wrote 52 bytes
   "1834488 Document Scrap '\M-o\M^C\M^X Journal Entrie...'.shs
   "
On a console (not xterm) the file name appears to be
Document Scrap 'C/ Journal Entrie...'.shs
(that's a lower case "i" with two dots over it.)


My original e-mail did get mangled a little.

The C/ above is really the lowercase i with two dots over it.

Jeff


The easiest way to reproduce I found so far is:


echo '\M-o\M^C\M^X' | unvis

It hangs my xterm. It does not hang a console.

I think dump should 'vis' the filenames it prints.

-Otto


Did a little more digging (interested to learn more about vis/unvis -  
thanks, Otto - lots of learning on this list!) and it seems to be the  
last byte of the three that actually causes the hang - the \M^X  
part.  If I have read vis(3) correctly, that is character 128 (M) +  
24 (^X) = 152 (230 octal.)


The i-with-two-dots (\M-o = 128 + 111 = 0xEF) seems to be a red  
herring - which is why I could not reproduce the issue focussing on  
that character.


echo '\230' | unvis

... gives the xterm hang.

char_file.c:

#include 

int main(void) {
FILE *f;
char fn[]="x.txt";
/*Red herring */
/* fn[2]=0xEF; */
fn[2]=152;
f=fopen(fn,"w");
fputs("Something here",f);
fclose(f);

return 0;
}

# cc char_file.c -Wall -o char_file
# ./char_file
# mkdir testd3
# mv xx^?xx.txt testd3
# dump -0 -f test3.dmp testd3/
  DUMP: Dumping sub files/directories from /home
  DUMP: Dumping file/directory testd3/
  DUMP: Date of this level 0 dump: Sat Nov 24 10:39:03 2007
  DUMP: Date of last level 0 dump: the epoch
  DUMP: Dumping /dev/rwd0h (/home) to test3.dmp
  DUMP: mapping (Pass I) [regular files]
  DUMP: mapping (Pass II) [directories]
  DUMP: estimated 106 tape blocks on 0.00 tape(s).
  DUMP: Volume 1 started at: Sat Nov 24 10:39:04 2007
  DUMP: dumping (Pass III) [directories]
  DUMP: dumping (Pass IV) [regular files]
  DUMP: 74 tape blocks on 1 volume
  DUMP: Date of this level 0 dump: Sat Nov 24 10:39:03 2007
  DUMP: Volume 1 completed at: Sat Nov 24 10:39:04 2007
  DUMP: Date this dump completed:  Sat Nov 24 10:39:04 2007
  DUMP: Average transfer rate: 0 KB/s
  DUMP: Closing test3.dmp
  DUMP: DUMP IS DONE
# restore -i -f test3.dmp
restore > verbose
verbose mode on
restore > cd testd3
restore > ls
./testd3:
31 ./  2 ../30 xx***hangs here in xterm, OK on  
console or in Mac Terminal over ssh***?xx.txt


restore > quit

I'll have a look at dump/restore and using vis programatically.  I  
haven't looked at the xterm angle (other codes e.g. octal 220 - also  
seem to cause the hang - so echo '\220' | unvis - has the same effect  
as 230.  Just mentioning because someone will say 'Ah!  That's  
because the fibble-bit is set!' and that will be the end of this  
thread.)


Thanks.

Re: restore hanging on an "unusual" file name

[Richard Toohey]

On 21/11/2007, at 10:48 PM, Otto Moerbeek wrote:

I think dump should 'vis' the filenames it prints.

-Otto





I've been looking at this and have a small patch to restore/ 
interactive.c in the formatf() function.


I have done what Otto said - vis()d the filenames (I have done so by  
lifting the strnvis() code from rwho.)


I am working on 4.2 RELEASE + errata patches code so I will be  
behind ...  I am quite sure there are better ways to do it - there  
are a lot of choices!


The hanging of xterm happens because - I think -  the character code  
is 0x98 - looks like "Start of String" (if I read /usr/xenocara/app/ 
xterm/ctlseqs.txt correctly) - so xterm hangs around waiting for the  
rest of the string - you can get out of it by pressing ESC and then  
ENTER (then you get "Unknown command ; type ? for help".)


Feedback, cluesticks, etc., appreciated.  Thanks.

(Just done some more testing before posting and realized that I have  
only looked at verbose mode ls, so still got more work to do - but it  
only seems to be verbose mode that causes the xterm hang, and I'd  
like feedback anyway.)


restore > ls
./testd3:
xx?xx.txt

restore > verbose
verbose mode on
restore > ls
./testd3:
31 ./ 2 ../   30 xx\M^Xxx.txt 			

Re: Resolving dependencies with pkg_add

[Richard Toohey]

On 29/11/2007, at 11:37 AM, Markus Lude wrote:


On Wed, Nov 28, 2007 at 10:32:32PM +0100, Jordi Espasa Clofent wrote:

Install xbase. Paste what you see if that's not it.


Ok Stuart. In fact I've not installed xbase because I've put the  
system

on a USB stick and I wanted a very minimal set.
?Can you explain (or point out me some resources) the reasons of that
behavior when xbase is out?


In 4.2 the expat from xenocara is used. The library is in the xbase  
set.

expat is needed by at least one of the ports you want to install.

In -current expat from base is used instead.

Regards,
Markus


It is in the 4.2 documentation ... and yes, it is a pain ... but only  
5 months to 4.3 ... 8-)


http://www.openbsd.org/faq/upgrade42.html#libexpat

"This will impact a large number of users! This was an unfortunate  
decision whose ramifications were not recognized earlier in the  
process. For 4.3, libexpat will be part of base43.tgz, solving this  
problem."

Re: restore hanging on an "unusual" file name

[Richard Toohey]

On 29/11/2007, at 9:21 PM, Richard Toohey wrote:


On 21/11/2007, at 10:48 PM, Otto Moerbeek wrote:

I think dump should 'vis' the filenames it prints.

-Otto






[cut]
(Just done some more testing before posting and realized that I  
have only looked at verbose mode ls, so still got more work to do -  
but it only seems to be verbose mode that causes the xterm hang,  
and I'd like feedback anyway.)



[cut]

So I look at interactive.c some more to see why non-verbose mode  
works, and I would very much appreciate some advice on this ...


/usr/src/sbin/restore/interactive.c

c. line 509 (4.2 RELEASE) is print_list() - invoked when an 'ls'  
command is used.
c. line 526 it calls mkentry() - c. line 592 mkentry() definition ...  
and it looks at filenames c. line 600:


600 for (cp = fp->fname; *cp; cp++)
601 if (!vflag && (*cp < ' ' || *cp >= 0177))
602 *cp = '?';
603 fp->len = cp - fp->fname;

Why does it only replace the characters (less than spc or >= del) in  
NON-verbose mode?  What would the reasoning behind that be?


A simpler (but less correct?) non-vis fix would be to drop the vflag  
test.  I tried that and it worked.


I could drop the test and change mkentry to store the vis()d  
filenames (but potentially 4x space required for each name - guess  
could vis and copy back again - more thinking required.)


Thanks.


The patch:

# diff -uw /usr/src/sbin/restore/interactive.c interactive.c



[cut]

And the patch is not a patch because of spaces replacing tabs (still  
working on how to fix that in my mail client) - thanks for the feedback.

Re: pflog filling up /var mount every 2-3 days!

[Richard Toohey]

On 1/12/2007, at 7:23 PM, Jake Conk wrote:


Thanks guys for your replies... I'll try to cut down on the all the
useless logging I'm doing but when I opened the log files up to see
what was inside them I only saw all this binary stuff. I assume thats
not what's supposed to be in the pflogs right? Any ideas why I'm
getting binary stuff in the logs?

Thanks,
- Jake


http://www.openbsd.org/faq/pf/index.html
http://www.openbsd.org/faq/pf/logging.html
http://www.openbsd.org/faq/pf/logging.html#logfile

See tcpdump.

Re: Compliments and Knob Question

[Richard Toohey]

On 5/12/2007, at 4:24 PM, L wrote:


Question about buttons and knobs..
What exactly is a knob?

[cut]

it simpler. For example the CP command is just a knob for copy..



My understanding of knob is an option or a switch.  I guess the  
meaning is like a music console - all those knobs you can turn to  
fiddle with sound.


So you start off with command X that moves bytes from A to B.

So the user does ...

X A B

... and his bytes are moved.

Then dev. "a" adds an option - a knob.

X [a] A B

Then dev. "b" add his option

X [a|b] A B

Then devs "c", "d", "e" etc.  And someone adds the -quiet knob, the - 
verbose knob.  And obviously if you run -quiet you would ignore - 
verbose?  Or the other way round?


X [a|b|c|d|e|f] A B

By now the code starts to have a lot of conditionals:

if a and b but not c
do this
otherwise if f
do that

Code gets messy - harder to follow - bugs creep in (potentially  
security related.)  When you want to add feature Z - which ones of  
all those knobs/options should it handle?  In what way?  Was it  
REALLY worth adding all those options for a couple of people here or  
there (who could have piped output / used a Perl script / whatever?)   
Usually not.


I guess it would be the same for an API - you start with a simple  
entry point and end up with a lot of entry points, or having a whole  
heap of options in every entry point.


My 2c ...

Re: Compliments and Knob Question

[Richard Toohey]

On 5/12/2007, at 7:09 PM, Richard Toohey wrote:


On 5/12/2007, at 4:24 PM, L wrote:


Question about buttons and knobs..
What exactly is a knob?

[cut]

it simpler. For example the CP command is just a knob for copy..



My understanding of knob is an option or a switch.  I guess the  
meaning is like a music console - all those knobs you can turn to  
fiddle with sound.





Like this stuff ...

http://digitalmedia.oreilly.com/2005/01/26/synthedit1_0105.html

Lots and lots and LOTS of knobs all to fiddle with sound.

Re: 4.2 i386 install fails on a HP Compaq dc7700

[Richard Toohey]

On 12/12/2007, at 8:38 PM, Ioan Nemes wrote:


Greetings,

Try to install OpenBSD 4.2 i386 on a new HP Compaq dc7700 Small  
Form Factor,
but when it comes to install the software sets from the CD, the  
install

fails:

[cut]

Which one contains the install media? (or `done`) [cd0]

-- 
---

--
it stops here, blanks out!
-- 
---

--

During boot the cd0 works OK (is seems), and it is recognized as:

cd0 at scsibus0 targ0 lun0: SCSI0 5/cdrom

removable
cd0(pciide0:1:0) using PIO mode 4, Ultra DMA mode 5



[cut]

Have you eliminated the obvious?  For example ...

Does the CD work on other machines - can you install OpenBSD off the  
same CD?

Does the machine work with other CDs (Linux, Windows, whatever?)
Can you get another OpenBSD CD to try?

There is the really-old-machine issue recently on misc@ - I've had  
something similar with a scratched CD (but get errors rather than  
blank output.)

Re: ioncube loader and OpenBSD 4.1

[Richard Toohey]

On 18/12/2007, at 3:29 AM, Sandu Ionut` wrote:


Hello!

Does anyone managed to get working Ioncube loader under 4.1?

I have PHP Version 5.1.6, Threaded PHP No and
ioncube-loader-helper.php says i need ioncube_loader_ope_5.1.so

This is what i get, even if the file is in place (tried to put it
php.ini as zend_extension also):

# php
Failed loading /var/www/lib/php/modules/ioncube_loader_ope_5.1.so:
File not found


Thanks for any advice
Ionut


Guessing that it may be something to do with chroot (I've used the  
IonCube loader on FreeBSD but not OpenBSD)


Does it have any dependancies (I think ldd/nm/etc. are the tools to  
use to find out?)


BUT before we go any further ...

Where did you download from?  I only found these:

http://downloads2.ioncube.com/loader_downloads/

Last one seems to be OpenBSD 3.9?  (Don't know if it makes a  
difference in this case but best to be looking at the same version as  
you.)


So I downloaded it ...

http://downloads2.ioncube.com/loader_downloads/ 
ioncube_loaders_ope_3.9_x86.tar.gz


Contents:

# ls
LICENSE.txt  ioncube_loader_ope_4.1.so 
ioncube_loader_ope_4.4.soioncube_loader_ope_5.1.so
README.txt   ioncube_loader_ope_4.2.so 
ioncube_loader_ope_4.4_ts.so ioncube_loader_ope_5.1_ts.so
ioncube-encoded-file.php ioncube_loader_ope_4.3.so 
ioncube_loader_ope_5.0.so
ioncube-loader-helper.phpioncube_loader_ope_4.3_ts.so  
ioncube_loader_ope_5.0_ts.so


And the next question - are you working on x86 32-bit?

Re: strange pfctl output

[Richard Toohey]

On 26/12/2007, at 7:54 AM, Daniel wrote:


Hi!

I'm having this problem:

# pfctl -sr |fgrep ftp
[...]
pass out on rl0 inet proto tcp from  to <__automatic_39c048b4_0>
port = ftp flags S/SA keep state

What is that automatic stuff? I wish to see the corresponding (below)
rules' entries in pfctl's output.

The corresponding rules in the pf.conf would be:
pass out on $ext_if inet proto tcp from $ip to anga.funkfeuer.at port
ftp pass out on [...] to ftp.openldap.org port ftp
pass out on [...] to ftp.postgresql.org port ftp
pass out on [...] to ftp.pureftpd.org port ftp
etc...


Daniel


I *think* this is because pf has made an automatic table of your  
inefficient (?) single line rules.


So it has grouped together your ftp.postgresql.org and  
ftp.pureftp.org lines into one rule with an automatic table.


Try making your own table and using that in a single line.

Just guessing on my part - seen the same behaviour - but hasn't given  
me a big enough itch to scratch so just carried on my merry way.