On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if prot
any port 1024:65535 to $ext_if
port $server_open tag n_traffic
#block all to start
block all
pass quick tagged RDR
pass quick tagged n_traffic
pass out on $ext_if
On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only
hitting
ru
of a guess.
Sometimes you guess wrong. So keep your design flexible and be
willing and able to say, "Well, this isn't working, let's rebuild
it with the knowledge we now have". This idea that you have to have
the perfect build the first time out is ... well, just wrong.
Nick.
handy to NOT
be obsessed with https (i.e., clock is hosed on your computer).
So ... unless some developer I really respect (which is just about
all of them1) tells me to change this, I'm not planning on
changing the behavior of the machines.
Nick.
uot;,
that makes the bad idea of an upgrade look good (it isn't).
Reinstall from scratch. Good time to look at how you used disk and
partition better this time.
Nick.
usion is writing clearly, even if that involves a
few more words (oh the horror).
Nick.
rong thing. By "improving" your system
as you propose, you will almost certainly create far more downtime and
work on your part.
Nick.
cratch."
If OCD is causing you to twitch at seeing the old files, reinstall...or
use this as a therapy.
Nick.
g to dig through an entire core
dump. This is always what they ask for FIRST.
Nick.
On 10/20/15 07:09, Abel Abraham Camarillo Ojeda wrote:
> Hi
>
> On Mon, Oct 19, 2015 at 10:11 PM, Nick Holland
> wrote:
>> [...]
>> and thus, I'll suggest you just don't worry about it. IF you manage to
>> find a way to panic your machine, drop the memo
And then stick to
the documented process anyway. :)
When you start inventing your own process, there's an almost infinite
number of ways to go wrong.
Nick.
cy, which will be your next opportunity to test. Really, if
you have good backups and good notes (or good understanding of the
products you are using), this should not be difficult at all. If it is
difficult, you have problems far bigger than -current. This is a
wonderful time to fix those problems.
Nick.
s 10% faster than before, that's on a
processor that's twice as fast. That's a cynical exaggeration, but not
as big an exaggeration as I wish it was.
I'm really stunned at how much processor memory the modern browser
leaks, considering we once used browsers on 486s with 16M RAM.
Nick.
I can't connect my Thinkpad x220 to my phone's hotspot (WPA2-PSK). I'm using
OpenBSD 5.8/amd64.
Before everything, i did a fw_update.
Then i created a hostname.iwn0 file:
nwid myid
wpakey mykey
dhcp
and then
# ifconfig iwn0 up
# ifconfig
...
iwn0: flags=8843 mtu 1500
lladdr 00:20:17:
> > # ifconfig
> > ...
> > iwn0: flags=8843 mtu 1500
> > lladdr 00:20:17:76:98:54
> > priority: 4
> > groups: wlan
> > media: IEEE802.11 autoselect (DS1 mode 11g)
> > status: active
> > ieee80211: nwid "SOME OTHER NEARBY WIFI" chan 11 bssid
> > 14:76
ur backups
(RIGHT??) of all your config files and data files...just reinstall the
old version that worked and all associated packages (list is at
/var/db/pkg on your backup).
Nick.
k about it. "Why do I keep
ending up on the My Little Pony website??"). Again, just because you
CAN do something doesn't make it a good idea.
Nick.
an easy solution
would be to have your pf.conf file a "stub" with enough to let the
system come up, then a post boot and periodic (re)load of the "real"
rules in a separate file.
Nick.
en than
the obvious things people like to fret about. If the fear of an SSD
failing causes you to manage your systems better, it's all good. If
failures aren't part of your system design, try again.
Nothing different here.
Nick.
On 11/13/15 18:05, Devin Reade wrote:
> --On Thursday, November 12, 2015 10:13:34 PM -0500 Nick Holland
> wrote:
>
>> And if you deploy a lot of SSDs, [...] Some models are good,
>> some are crap, you can't say which is which until after they are out of
>> prod
rivial)
I've got a wild dream of reworking it to presentable standards and maybe
even getting it added to base OpenBSD (though, since the OpenBSD dhcp
server is probably irreconcilably different from the ISC server it was
once based on, maybe it should just be hacked to produce the body of a
zone file directly?).
Nick.
n the system BIOS until the
kernel is loaded. So, if there is no attempt to boot, you have a BIOS
issue. I've certainly seen this. The answer is a BIOS upgrade that
probably doesn't exist, because many manufacturers barely test this
feature. Nothing OpenBSD can do to fix it if the HW won't grab and run
the boot code.
Nick.
fsck just
mysteriously not happen kinda creeps me out. I'm not a FS guy, but it
seems to me that skipping the occasional write, or even just the first
write, isn't going to improve data integrity. :)
Nick.
16 11:00p EST to Thursday December 17, 7:00am EST
The mirror will be unavailable during these periods.
Thanks!
Nick.
, in spite of my yelling "STOP! STOP! DON'T DO IT!". He
looked at me puzzled. I tap the URL on his screen. I tap the lock
graphic. His look goes from "What silly crap has Nick got for me this
time?" to pure panic.
"oh. my. God. We are going to have to do a password ro
s just plain wrong: not only
are you running out of date software, but your most recent changes may
not be taking effect as you think they will on next boot.
Nick.
.
In fact, I'm hoping this whole concept is a bad dream I'm having due to
eating raw cookie dough, a contaminated a gyro and overly potent onions.
Nick.
n fact, the response is about as far
from that as you can imagine.
Doesn't matter what OS you are running, just doesn't pass the "let's
think about this a moment" test.
Nick.
to a CDR and put it in a plain ol' CD player, it will
play. In stereo. Sounds kinda like Justin Bieber(*).
Nick.
* Replace with whomever's music/existence you dislike this week
he PARTITION Boot Record (first 512 bytes of the
OpenBSD partition).
The AA55 signature is on the MBR.
See the "How OpenBSD Boots" section of FAQ 14.
Nick.
status: no network
ieee80211: nwid test
And dmesg output is:
ath0: unable to reset hardware; hal status 3223349734
No wireless network with ssid "test" could be found by my other devices.
I hope this helps! :)
- Nick
OpenBSD 5.8 (GENERIC.MP) #1098: Sun Aug 16 02:38:27 MDT 2015
I didn't because I thought ath and athn are different drivers?
Now I did "fw_update -a" and rebooted but that didn't seem to change
anything at all.
On Sat, Jan 09, 2016 at 03:36:31PM +, Maurice McCarthy wrote:
> You have installed
> http://firmware.openbsd.org/firmware/5.8/athn-firmware-1.1p
obsdacvs as a motivator to move. :)
Install files *will not* be changing URLs, just anoncvs and cvsync.
Nick.
you aren't doing it to WORK,
you are doing it to see a modernish OS on your old relic. Great, enjoy!
Don't slow down OpenBSD's security work on relevant platforms for relics.
Meanwhile, there ARE platforms that are still borderline useful.
MacPPC, Sparc64 need people to RUN them for real life work, and improve
them for relevancy, as naddy@ said.
Nick.
On 01/26/16 05:36, Karel Gardas wrote:
> On Tue, Jan 26, 2016 at 2:59 AM, Nick Holland
> wrote:
>> Meanwhile, there ARE platforms that are still borderline useful.
>> MacPPC, Sparc64 need people to RUN them for real life work, and improve
>> them for relevancy, as n
. You found one.
Even the disabling the root password, something I've been doing for well
over ten years on OpenBSD turned out to have some risks when doas
replaced sudo, as the upgrade would break sudo, but doas wasn't
configured yet.
Nick.
hey may just see your credit
limit hasn't been reached).
However, having done this for a looong time, and seen the problems from
both rapid-failure and "try and try" disks, I'll take the "try and try"
problem any day. Happens a lot less often, and tends to be less
catastrophic when it happens (hint: you WILL be quickly fixing a disk
system which gets to be 100x slower than normal. You may not notice the
first disk that fails and causes an array to be non-redundant until the
disk fails that takes the array down completely).
Nick.
On 02/15/16 16:02, Karel Gardas wrote:
>> ..And therefore you need enterprise disks because they behave "cleanly", as
>> when using those only, essentially full softraid QoS is maintained at all
>> times.
>
> Interesting! I've understand Nick excellent
n A06 partition? If so (and I don't fdisk should
let you do that, but I've never tried) what you describe is what should
happen.
it's "a6", not "a06".
Nick.
S
on it is going to be difficult.
Be very aware that, while I won't say your task is impossible, it may
not be something anyone has done before, and code may need to be written.
Nick.
I'm not going to cry "bug", since there are two nearly identical
systems working just fine. But I can't think of what I did wrong
or what to do to fix it.
Suggestions?
Nick.
$ dmesg
OpenBSD 6.2-current (GENERIC.MP) #203: Sat Nov 11 19:01:19 MST 2017
dera...@amd6
On 11/12/17 14:13, Otto Moerbeek wrote:
> On Sun, Nov 12, 2017 at 01:28:39PM -0500, Nick Holland wrote:
>
>> Help.
>>
>> I was upgrading a few very similar machines to -current today.
>> ONE of the three decided to be unpleasant. The thing has a
>> serial con
o a dd read over the first few GB (entire 'a' partition,
partition table, mbr, etc.) of the disk to see if there were any read
errors -- none. Whatever that's worth.
If all else fails, I'll be moving the function to spare hw and totally
rebuild this machine and see if it fixes it.
Nick.
for the first errata. This is what I
>> get for doing things from memory instead of reading the FAQ.
>>
>> Right. Let’s pretend that this didn’t happen, shall we?
>>
>> Sent from my iPhone
good news: that means your recovery is probably pretty easy -- just boot
f
bsd /nbsd && mv /nbsd /bsd && sha256 -h
> /var/db/kernel.SHA256 /bsd
>
> Kernel has been relinked and is active on next reboot.
>
> SHA256 (/bsd) =
> 9426f77b6d313f8f5e07ab1d1fc9bde9ef3975ac5b64ed9540cbd3fda9091884
> ---
Looks like you showed us the relink.log file from the successful times,
as that's pretty much saying, "it worked, it's installed", etc.
Can you show us the relink.log when it fails?
Nick.
omputer or the unplugging and
replugging of the USB port to reset them, so only use them on dedicated
terminal servers. I have a couple that cost around the $100 point, as I
recall, far less trouble than the NetMos chip cards gave me.
Nick.
>
> $ dmesg
> OpenBSD 6.1 (GENERIC.MP) #24: We
your favorite way to see "server timeout",
this is your tool.
Idiots who shouldn't be coding, coding.
"safe" languages being trusted to be safe when in the hands of idiots.
Like you said.
The more I see of "safe" languages, the more I love assembly. Most
people who call themselves programmers...shouldn't.
Nick.
So ... rather than zeroing the drive (rsdXc), I'd recommend zeroing the
RAID PARTITION(s) after laying them out in disklabel, before trying to
use bioctl to assemble them. So ... if sd0m is your softraid partition,
zero out the first MB (plus or minus a lot) of /dev/rsd0m. IF you are
using the entire disk for your softraid partitions, then Stuart's c
partition clear is functionally the same, but if you are using just part
of the disk, really...zero that partition.
Nick.
I'd suggest
getting a dmesg, saving it to disk, reloading 6.1, getting that dmesg
and showing them both to us and see what can be done.
Nick.
t's still
handy to move files around...double duty! You will probably have to
partition it on OpenBSD, last I looked, Windows doesn't believe there is
any reason to partition removable media (heh), but it will use just FAT
partitions if they exist "somehow". (fdisk, newfs_msdos)
* If you really use this a lot, maybe invest in a USB SSD rather than
USB Flash drive.
Nick.
ication manually rather than through
zone transfers -- and handling it manually is much better than the
idiotic DNS master/slave concept. Win all around).
Nick.
Hiya.
Due to facilities maintenance, the following resources will be
unavailable from somewhere around Jan 3 8:30pm EST until Jan 7 8:30am EST:
* openbsd.cs.toronto,edu
* obsdacvs.cs.toronto.edu
* man.openbsd.org
* cvsweb.openbsd.org
Thanks for your patience!
Nick.
file" crap. Now, if I'm on the administration team, do you 1) think
I'm an idiot and storm off? 2) make the changes I suggest and decide
this isn't fun and then wander off? 3) decide I'm brilliant and start
writing the "Nick Way"? (hint: it won't be #3. In this case,
hopefully, it would be #4: kick me off the administration team, since
it's YOUR server, not mine! :) )
Bonus points for actually doing it, though.
Nick.
On 01/11/18 09:45, Andreas Thulin wrote:
> Hi!
>
> Again, an ignorant question (as usual):
>
> How might I do something similar to
>
> # dd if=/dev/one of=/dev/sd0 bs=1M
>
> as a complement to the usual and well-described
>
> # dd if=/dev/zero of=/dev/sd0 bs=1M
>
> followed by
>
> # dd if=/d
the phone,
configuring the thing and all. Really, I've done it several times with
people, it is so stupidly easy to do in person, you can easily guide
someone through it over the phone, just having them read to you what is
on the screen, and tell them the appropriate response. They will be
wowed beyond belief, I suspect.
Nick.
e ... well, I slipped notes to myself
into the FAQ. And now that I'm not maintaining it, some of my crib
notes have been deleted! :)
Hopefully, I'm the only user of THAT type...
Nick.
ht be a good starting point, but notice that
it is NOT part of the base system ... for a reason! (that's a custom
compiled kernel I showed a snippet of the dmesg of)
Nick.
issue than an OS or
application issue.
Step 3: contact the port maintainer. Maybe they are aware of something.
Do not do this before steps 1 and 2 are complete, however.
After that, file a proper bug report.
Nick.
has been already said. Otherwise, just edit
doas.conf, test, and have a great day!
Nick.
er down is when the keyboard and
monitor aren't attached or hard to get attached. Realistically, it's
just that when you have keyboard and monitor attached, the fix is just a
few minutes away, rather than hours or days, and you can walk just about
anyone through it over the phone, and thus becomes a "non-event".
Nick.
be, then dd them over from the
source to the dest, then growfs each of them to fluff them out to the
size you got.
Not saying it's the best way to do things, but it's educational. :)
Nick.
nly the VGA was
attached to the computer, caused annoying flicker on the monitor that
mostly went away when I happened to need that HDMI cable elsewhere.
Nick.
btw.
I think less than a tenth of a second is quite good. Superfast, even.
The message you got clearly indicates that an fsck was needed.
I use this technique myself on some systems. Just run fsck, it won't
slow you down unless needed.
Nick.
On 04/03/18 02:54, Mik J wrote:
> Thank you Nick, I understand
>
> I mount my partition like that
> /sbin/bioctl -s -c C -l /dev/sd0h softraid0
> /sbin/mount -o rw,nodev,nosuid,softdep /dev/sd1c encrypted
>
> And it appears this partition always have 0,1% of fragmentation
I would like to install OpenBSD wirelessly, but my card requires additional
firmware (iwn) that is not included in the installer. Is there a way to
overcome this obstacle?
e) the
"not for unrestricted free use" parts, their lawyers will contact you
and send you a bill...and they really don't care about "for work" or
"not for work related" uses.
I'd really recommend removing this product from your computers.
Nick.
On 04/12/18 09:47, Consus wrote:
> On 08:28 Thu 12 Apr, Nick Holland wrote:
>> Another "failure mode" of VirtualBox people should be aware of:
>> I understand through good sources, Oracle monitors the IP addresses that
>> it's downloaded from, and if they
see if they
are recognized as I expect and see if I'm about to clobber
something I might consider important.
So...I think what you are trying to accomplish can be done as
things are without adding to the wonderfully simple OpenBSD
installer.
Nick.
over a year out
of sync on a machine I only use occasionally, due to unsupervised upgrades
and not looking at the results. I had not properly removed the /var/tmp
directory however long ago that was, and base unpacks a symlink
in /var/tmp to /tmp, that failed, tar bailed and much of baseXX.tgz was
never unpacked. I'm really surprised this machine was as functional as it
was.)
Nick.
areful human monitoring is just for show (and it's a
potential security risk of its own), and more likely to be the
cause of a problem than a solution. Careful monitoring takes
time and resources.
One nifty thing I have found in "rolling my own" is that I found
a lot of little oddities, no security problems, but things that
needed fixing. I'd call that a win.
Nick.
k properly, and if it finds a bad spot, it will lock it out and
put the failed write on a good spot (after you fill the disk,
delete the "filler" file, of course). But be aware, your disk may
not not healthy -- yes, bad spots and reallocated space is a normal
thing for disks, but new bad spots, not so much.
Nick.
write, but I don't think you even
want that on a Unix-like OS (even if it was possible on many Unix-
like OSs).
Nick.
hing ain't right. If
someone wants to add a ZFS-like "scrubbing" feature to ffs, I'd be all
for it. But not for the penalties that come with ZFS.
Nick.
RAID array into sub partitions.
(i.e., other software RAID systems are different -- for example, Solaris
would mirror individual partitions, rather than entire disks).
Keeping your arrays simple means your data is more likely to be there
when things go wrong (and they always do).
> (Before anyone mentions it - Yes, I have a proper backup system. I do
> not rely on the redundancy provided by RAID arrays in lieu of a real
> backup. I have both a local backup and offsite backup.)
Good. :)
Nick.
t speed, but then starts going
faster and faster, ftp updates its progress about once per second,
the first few updates are less than 1MB/s, but by the end, it's
doing 20MB/s. I've attached a typescript of two pulls from
ftp.openbsd.org to openbsd.cs.toronto.edu.
Nick.
typescript
Description: Binary data
well, someday I'll learn to send to the right target. :-/
Nick.
On 2020-12-16 08:35, Nick Holland wrote:
> On 2020-12-15 15:45, Theo de Raadt wrote:
>> I've been told something was just fixed.
>>
>> Now is a good time to retry.
>>
>> Reply just to
ormance
and unreliable USB. And you don't have much memory in the thing.
I'm a tad bit curious about your implying the X performance got bad
after 6.6...did this thing really not suck in 6.6 and before? Maybe
there was regression in old nvidia hw with newer nvidia support?
Nick.
dm
for much. Make it as big as you can, and
you are fine.
disklabel, by default, only uses the OpenBSD fdisk partition, but you
can blow through that barrier with the 'b' command, as Allan indicated.
If you are using softraid, you will have to repeat the disklabel 'b'
thing for the softraid disks, too. I usually forget that part.
Nick.
On 2020-12-23 11:29, James Cook wrote:
> On Wed, Dec 23, 2020 at 10:21:08AM -0500, Nick Holland wrote:
>> On 2020-12-22 23:58, Allan Streib wrote:
>> > Duncan Patton a Campbell writes:
>> >
>> >> fdisk seems unwilling to allow more than 2T in the partitio
encl
softraid0 1 Rebuild 2000396018176 sd6 RAID1 72% done
0 Rebuild 2000396018176 1:0.0 noencl
1 Online 2000396018176 1:1.0 noencl
Thanks,
Dhu (dmesg attached, oh and Happy New Years to you;)
/home/nick $ doas bioctl softraid0
Volume Status
ot is needed, but that doesn't appear to be your
situation.
Nick.
Greetings
I can't use my webcam while hosting a webex session from Chrome. Specifically,
when i start my session the webcam turns on for an instant and then shuts down.
When i try to start the video stream again the webcam flickers on and off a
couple of times and then i get a message from webe
the tools are
in base, which really makes it simple -- well, except the boca(4), as it
requires a custom kernel).
Nick.
use an ne(4) ISA card with OpenBSD,
a lot can be written about ep(4), ec(4), we(4), but they can all be
summed up as, "here's a nickel kid, get yourself a less old computer".
Nick.
are you sure?" on every step of everything that could cause
an "event".
And think how much you just learned about the value of good backups...
Nick.
ause I have it, I must allocate it, right?" WRONG.
Nick.
Hello
I have a separate disk that i was mounting as a nfs partition. That disk
crashed (it was very old). Now that OpenBSD 6.7/i386 release system cannot boot
because it can't mount the disk.
Is it possible to umount the partition or somehow skip mounting it at boot time
and continue booting fr
Thanks for the prompt reply. I will do what you suggested and report back.
> Sent: Tuesday, February 02, 2021 at 2:38 PM
> From: "Paul de Weerd"
> To: "misc nick"
> Cc: "misc"
> Subject: Re: umount at boot possible?
>
> On Tue, Feb 02, 2
It worked exactly as you explained it and i learned how to use ed on the way.
A million thanks Paul!
> Sent: Tuesday, February 02, 2021 at 2:38 PM
> From: "Paul de Weerd"
> To: "misc nick"
> Cc: "misc"
> Subject: Re: umount at boot possible?
>
openbsd/src/blob/cf8f31167b4af5c8ea769ff3d8a5974a24fec6bb/libexec/spamd/spamd.c#L1427
smtplisten = socket(AF_INET, SOCK_STREAM, 0);
So yeah, it looks like it's still inet-only, no inet6 here.
-Nick
February 22, 2021 1:22 PM, "Edgar Pettijohn" wrote:
> Have you tried starting spamd with '-l ::1' to alter its address to bind
> to?
I hadn't! But it's no help:
comms# /usr/libexec/spamd -l ::1 -d -v -G 15:4:864 -C
/etc/letsencrypt/live/comms.kousu.ca/fullchain.pem -K
/etc/letsencrypt/live/co
curiously, some big-name servers seem
to sometimes have a shorter life than some desktops, A ten year old
computer that does the job reliably is good, but not an expectation.
Nick.
scripts set to wipe all drives in the system, unprompted. Boot the
machine off the media, and let it run. Label them carefully and
destroy them when done to prevent very unhappy accidents later!
Nick.
Bjorn, have a look at this from the opensmtpd mailling list.
https://www.mail-archive.com/misc@opensmtpd.org/msg05278.html
The message from Eric has how to downgrade the smtpd listener to use all
TLS and compatible ciphers.
Regards.
On 13/05/2021 07:31, Bjorn Ketelaars wrote:
I have a smtp
"bigger" spreads).
I, too, have done "Bigger than proper" jumps, but I know how to
clean up the mess and my backups are pretty good in case I'm wrong
about knowing how to clean up the mess. ;)
Nick.
supports the video hw it has. OpenBSD still
does. Surprise.
Nick.
-bin/cvsweb/~checkout~/www/faq/faq1.html?rev=1.147&content-type=text/html#ReallyFree
I definitely say something similar regularly, but it looks like the
original text here was from Theo, himself. I've been similarly
inspired and found the example memorable. :)
Nick.
and nothing else. I'm taking
this as meaning you are intending to do things wrong by making a root-
only system. Please stop and reconsider your life choices here, this
one is probably not one of your better ones.
Nick.
alled. People often consider it
a way to "learn" a new OS, I disagree, it is a good way to get massively
frustrated and lose a lot of data.
Nick.
OpenBSD is designed to be able to install on wiped disks, new disks,
or co-exist with other systems. You seem to think that if you go
out a buy a new hard disk at the store, you couldn't possibly
install OpenBSD on it because there's no existing EFI partition.
A lot of people can assu
201 - 300 of 2677 matches
Mail list logo
