https://cvsweb.openbsd.org/src/sys/d...c2/dwc2.c#diff

In a few days. Hopefully just a few more days...

Fast forward uhh, 13 years? We've moved away, unable to sell this house, so we rented it out for a few years while my career took me through San Antonio, Seattle, etc... and now I'm 100% full remote work, aaaaaaaand...back in this house. My 5 year old is almost an adult, and my son (whose arrival prompted the loss of my office) is now 12. Ironically, I'm *back* in my original office as I type this. I did end up having to get rid of the server cabs, but they went to a former co-worker who put them to good use. =)

Life...it's strange.

Just pushed an arm64v8 docker image for this project. I guess at some point I'll have to figure out how to build multi-arch docker images, but for now I have separate repos for them.

Ok, a bit of fudging stuff around and I think I have this figured out. The Raspberry Pi 3 B+ has the magic boot bits set to boot from usb0, however, I haven't been able to get the OpenBSD bootloader to load a kernel from an FFS filesystem at the boot> prompt if I boot from usb0 (mmc0 loads just fine, however).

So I dd'd the latest miniroot63.fs to an sd card, then disklabel'd the sd card and deleted the 'a' partition. I edited the sd card with fdisk and grew out the OpenBSD partition to the full remainder of the sd card after the msdos partition. Once that was done, I disklabel -dE'd the sd card and created an 'a' partition that took up the entire OpenBSD area. Once that was done, I dd'd the first 4 MB of the miniroot back to the sd card, ftp'd the bsd* files for arm64 to the sd0a partition, and booted the pi up with my franken-sd.

Now at the boot> prompt I can select any of the bsd* files I copied to the sd0a partition, so I obviously select the bsd.rd file, install to my external SATA drive. I reboot, catch the ddb error about the duid it can't find (and copy that to a safe location), then boot back up to bsd.rd, disklabel -E sd0 and update the duid ('i'), edit /etc/fstab to use the new duid, and...

Then I cross my fingers and reboot!

Success!

NOTE: this approach basically disables any advantage you would get from kernel re-linking! And updating this franken-sd isn't going to be fun =\

Yeah, once I figured that part out it was pretty clear why certain outlets failed when what seemed like an unrelated room had a power issue.

Bit the bullet and picked up one of these:

https://www.amazon.com/AmazonBasics-...70_&dpSrc=srch

Shows up as:

axen0 at uhub1 port 2 configuration 1 interface 0 "ASIX Elec. Corp. AX88179" rev 2.10/1.00 addr 4
axen0: AX88179, address xx:xx:xx:xx:xx:xx
rgephy0 at axen0 phy 3: RTL8169S/8110S/8211 PHY, rev. 5

I don't know *precisely* what happened, but there are a few changes on that machine that might account for it. This machine was installed via pxe/preseed initially to be an Openstack compute node. At some point down the road, I'd dropped it out of the Openstack cluster and installed Minecraft on it. It served as a Minecraft server for some time, and it always bugged me that it had an Openstack name instead of a minecraft-related hostname. So I switched the hostname on it.

This is speculation, unfortunately, as the machine has been repurposed again (it's way too powerful to run Minecraft and the 2-3 other services I have on it, so it is now an infra node in the Openstack cluster and one of the other infra nodes was repurposed for Minecraft (fully re-installed with appropriate hostname/disk layout/services this time haha)), but I think the hostname change and systemd didn't agree, or perhaps an Openstack service I *thought* was disabled was causing issues? IIRC I rebooted a few times prior to the above error messages after those changes, though, so I can't say for certain what caused the issue.

Yeah systemd was jacked. Not sure what caused it. Hard reboot "fixed" it.

I could, yes, but my current focus is getting up and running with veggies to go along with the herbs. It's not a matter of it being impossible, but rather the non-edibles being quite low on the priorities list.

It would appear that, while completely feasible, this idea is not very safe. Plant roots (at least some) take up Salmonella readily, so the turtle tank would have to be non-edibles only.

Bummer. Maybe I'll build it on top of the African Cichlid tank instead (though the Fluval 406 on that tank needs no help whatsoever).

Here's my network layout:

Internet <- Cable Modem <- OpenBSD Firewall <- Cisco 3560 <- Daughter's Machine

Each of the windows machines on my network is split (via vlans on the 3560 and firewall) into its own /29 (i.e. each one only has access to the IP space of the firewall (which has several IPs across several vlans) and the IP space of my Cisco 2801 (used just for IPSec and BGP). In short, internet access is via the OpenBSD firewall, and the vlans are denied access to each other, and then the 2801 allows access to private VPCs at Amazon. The Windows machines are not allowed to access anything else on the network (oh, we do have a network attached printer...that traffic is allowed).

Ok, the relayd instance runs on the OpenBSD firewall, so each Windows vlan has port 80 and port 443 traffic re-routed to relayd, which checks URLs against a whitelist and sends back an http 403 (access denied) for anything not on the whitelist. It goes without saying that my daughter does not have access to the firewall configuration =)

I originally had each Windows machine on its own /30 (i.e. 4 addresses: network, gateway, host, and broadcast), but then I wanted to add the 2801 without tons of traffic logic on the firewall, so I remapped that portion of the network to be /29's (8 addresses: network, gateway, 2801, host, 3x unused, and broadcast), which gives me room for expansion later, should I choose to do so.

Really, all relayd does here is TLS validation and checking URLs against a whitelist, which is something I've been meaning to add for a while now.