We are looking for a SCSI RAID enclosure + at least a few disks, for
testing/development purposes, in Toronto. This is to make the raid
management stuff work better. A few of us are working on the code,
but we would like the main scsi guys in Toronto to play along too.
The stuff is making
Is this for mainly testing or is actually planed for real usage?
It is for testing and development.
I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic
rackmount enclosures... -By todays' standards 8x9GB is not a lot of
room, and ultra2 is not exactly fast but it *might*
Look Roger, you have a SERIOUS READING PROBLEM.
Hello Mark and List, thank you for the reply and assistance.
I have tried Booting from CD-ROM installation media with cd38.iso but the
02 does not recognize the media.
When I go into the maintenance menu and boot -f dksc(0,4,8)boot, it
I recently acquired a Broadcom 5805 for use with my OpenBSD box.
Googling for the past hour has not quite yielded the info I need,
though I may not be hitting the right keywords, so I'm turning here
for a bit of help. Will I need to recompile any of my applications
i.e. OpenSSL, OpenSSH,
We are heading towards making the real 3.8 release soonish. I would
like to ask the community to do lots of testing over the next week if
they can.
This release will bring a lot of new ideas from us. One of them in
particular is somewhat risky. I think it is time to talk about that
one, and
We ask our users to help us uncover and fix more of these bugs in
applications. Some will even be exploitable. Instead of
saying that
OpenBSD is busted in this regard, please realize that the
software
which is crashing is showing how shoddily it was written.
Then help
us fix it. For
We are heading towards making the real 3.8 release soonish. I would
like to ask the community to do lots of testing over the next week if
they can.
What is the best way to test? Should we be downloading snapshots daily?
Install snapshots. Install snapshot packages. Try using it as if it
Your mail has nothing to do with the 3.8 release, nor with testing our
code, nor with the malloc stuff I posted. You are hijacking yet
another thread with your broken code, and it is quite frankly getting
boring.
I am not sure if this is related. But when I code assembly to pass
a double
We are heading towards making the real 3.8 release soonish.
I was wondering, when can we start pre-ordering our cd-sets?
We normally setup pre-orders 1 month before. We might do it a bit
earlier... dunno.
But it is hard to do when artwork is not final yet :)
On 8/23/05, Theo de Raadt [EMAIL PROTECTED] wrote:
This release will bring a lot of new ideas from us. One of them in
particular is somewhat risky.
First off: I like the idea. The technical merit is obvious. I have a
question regarding the timing, though.
Is there a particular reason
My OpenBSD 3.7 running on a Soekris net4511 reboots with no obvious
reason. I've started monitoring the memory usage, load average and pf
states, but these do not seem to be related to the problem.
I'm also using the hardware watchdog which I will disable to see if it
is involved in the
#
Is this the way it is supposed to be?
cheers,
Masoud Sharbiani
On Mon, Aug 22, 2005 at 05:33:40PM -0600, Theo de Raadt wrote:
We are heading towards making the real 3.8 release soonish. I would
like to ask the community to do lots of testing over the next week if
they can
Secondly, it seems pretty pointless to setup pf on a single host.
That is the most ridiculous thing I've heard all day. Lots of people
run servers and must block them, on the same machine. Probably every
single one of us.
That is the most ridiculous thing I've heard all day. Lots of people
run servers and must block them, on the same machine. Probably every
single one of us.
I'm not sure I understand what you mean. If you're going to run a
server, what's the point of blocking it? Might as well turn it
I never said that. PF isn't the only way to block packets, like TCP
wrappers or ACL's within the server itself.
That is horse shit, and shows that you don't know how actual code works.
I prefer to filter problems BEFORE THE ACTUAL CODE RUNS. Perhaps you
don't know what a pre-authentication bug
Your statements are beyond ridiculous. You are saying If you need
to filter it, you should not be running it.
X doesn't have to listen on TCP 6000, you can setup a unix socket, and
it's no longer reachable from the network, and you still have full
functionality (I know, I do just that).
A few things that get bitten are some packages doing their own and very
different memory management, but can't avoid malloc altogether.
That is ports/lang/clisp, that seems to be also gprolog
Can you describe how these programs manage to seg fault doing their
memory management? How do
I can return the card easily enough, but there has been some
discussion previously of removing non-working cards from the ath(4)
man page. Has anyone gotten this card to work properly? Should it
also be removed from http://www.openbsd.org/i386.html ?
No, no, no.
Newer versions of chipsets
Just curious, what does the dev team think about Vinum?
I want a raid model that acts as if it is a regular scsi drive, ie.
sdN. Like our hardware raid controllers work. Right now what we
have in the tree is poo, and vinum is just as much poo too.
I do not envision enabling this stuff in
I want to chroot an application I'm developing, but I still want
coredumps...
_dump.c_
#include stdlib.h
int main() {
abort();
}
# gcc dump.c -o dump
# ./dump
Abort trap (core dumped)
# chroot ./ ./dump
Abort trap
I thought it would make sence for most secure OS.
One port less listening the World.
That's not security.
If this is the stock BIND that ships with OpenBSD, shouldn't it just work
without any permissions/ownership changes?
OpenBSD does not ship with a stock BIND. It has privilege seperation
added, which has already saved us from problems a few times.
Yes, that means there might be some new small
The reason why I bother this list is that I am impressed of OpenBSD from
the technical point of view. I like its consistency and purity. But in
business environments or comparable organizations where money is an
issue, one needs to think about system management very carefully, since
it
From time to time we get people offering us machines like ss10's
and such. Well we don't need those anymore (we have a few test
ones running in the project, and then quite a few more ss20's
spread around, and enough spares here and there -- even in the server
room here the sparc packages are
Hello everybody,
I found an entry on the Website wich confused me:
New functionality:
.
.
.
wd http://www.openbsd.org/cgi-bin/man.cgi?query=wdsektion=4 disks
have the security feature frozen before being attached to prevent
malicious users setting a password that would prevent the
Yes you're right Theo but isn't that a Problem an OS shouldn't deal with?
Are you even trying to make sense?
I mean that is no software related Problem. It's part of the physical
security
maybe or it's maybe part of your own net of trust.
Theere some PRO and CONTRA but it deals mostly
Since a November release seems to be shaping up, any idea when we can
begin pre-ordering? :-)
I've like the idea of getting it without remembering to order at
release time.
In just a few days. We are still working on tshirt artwork.
In contrast, Otto zeroed in on the problem in minutes.
And I had a patch 5 minutes later, and we are considering it.
I'm receiving the following messages from portmap when starting Legato
Networker's nsrexecd. The nsrexecd I'm running is the Linux version under
emulation:
portmap[16083]: non-local unset attempt (might be from 127.0.0.1)
portmap[16083]: non-local set attempt (might be from 127.0.0.1)
People keep yammering this bullshit about Security is a process.
Bullshit! Lies! It's about paying attention to the frigging details
when they are right in front of your face. And it is very clear other
vendors do not pay attention to the details, considering the work I
did here was
Which is why I now know MORE about air-conditioners than most of the
technicians who come here.
The phrase, and everything you said, is all excuses for the vendors.
I bet that the air-conditoner technicians believe that
Air-conditioner maintainance is a process.
Which is why they can never
i noticed in the assembly generated from openbsd's gcc that when allocating
the initial
buffer , it subtracts more bytes than it normaly should.
meaning:
function(int , int , int){ char b0[10],b1[5],int* } should need 0x20 bytes
instead openbsd's gcc subtracts 0x63 .
is it cause of
Don't the OpenBSD developers already work hard enough, that now we
are supposed to do even more boring business oriented things for you
all?
Every release, more people download OpenBSD and fewer people buy OpenBSD.
But the solution is not to make OpenBSD developers web businessmen.
That is a road
Intel amd64-compatible machines today do not fully conform to the
specifications that the amd64 codebase uses to find handle
processors and interrupt routing and such.
Intel still wants people to use the old old 32-bit only ways, or
stupid ACPI.
I don't know of anyone looking into this at the
Don't the OpenBSD developers already work hard enough, that now we
are supposed to do even more boring business oriented things for you
all?
Every release, more people download OpenBSD and fewer people buy OpenBSD.
But the solution is not to make OpenBSD developers web businessmen.
Someone is telling you to use a non-standard FreeBSD extension. That's
hogwash. I suggest you advice them that their FAQ has an error. That
is not standard to any other system.
And even then, it is even more wrong.
I've since found a link under the Gimp-Print FAQ that talks about the
The OpenBSD 3.8 song is now available, at
http://www.openbsd.org/lyrics.html#38
Many wonderful new things have made it into OpenBSD 3.8, but we wanted
to focus on one particular thing -- our support for native
free-software RAID management on at least one brand of RAID card,
those made
I have an OpenBSD 3.7 i386 installation on an external usb-enclosure.
I have some space left, and I would like to create an msdos partition
(to transfer files between windows and OpenBSD).
I have tried to create one using OpenBSD's fdisk; then I have
formatted the new partition in windows
If you don't trust the endpoint, no amount of one time passwords, or
ssh will save you. You will get keylogged, or followed in, and owned.
it's that simple. Why mess around with gymnastics like s/key from an
untrusted host instead of solving the real threat to your security?
I was in a
If I use an OTP to log into a remote system via an untrusted host,
and I don't type any further passwords in, what exposure am I
presenting?
What exactly do you think untrusted means in the phrase untrusted
host?
Come on, THINK...
What exactly do you think untrusted means in the phrase untrusted
host?
That anything and everything will be captured and logged in plain
text. That's what _I_ consider untrusted. Everything including
the login credentials, but they're a one-time thing. Right? Is
that not the case?
What's the easiest way for me to build a bsd.rd disk that will allow me to
upgrade my crappy Adaptec-powered machine from 3.6 to 3.7 or -current?
Does bsd.rd have all the install/upgrade/shell stuff embedded in it, or is
there some magic that is done by the ramdisks that are on the ftp
I have a few questions regarding TAGs, especially for a new ones.
When a X_Y_BASE TAG is issued for example OPENBSD_3_8_BASE, does that
mean
the sources are not changing anymore or are there still changes?
How do you know when the code is fixed and will be the same as on the
cd. When the
If anyone has any USB serial devices based on the Cypress CY7C637xx
and CY7C640/1xx chips, and is willing to give us one or two, we'd like
that.
(They are not currently supported, since they use hid instead of bulk)
Mail me. Thanks.
a cisco router cu -s 9600 -l tty00 now that's what I
would normally do to get access, any hints to where I
am going wrong here would be great.
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
try using cua00 instead of tty00
The difference between these device nodes documented in
so which part of the referenced mail you don't understand?
(http://marc.theaimsgroup.com/?l=openbsd-miscm=110488032901414w=2)
let me see:
openbsd version: check
kernel dated: check
environment: check
instructions to repeat (even though somewhat vague,
what can you do, it's the nature of
If anyone has any spare GDT raid cards they are not using, please
let me know.
I suspect that it is the next target for the raid management stuff.
(We now know how some pieces of the stuff work).
Thanks.
When using ATA drives, I have to make a choice between write caching or soft
updates, since write caching with soft updates creates an unsafe situation.
I assume by 'write caching' you mean async.
No. You have that wrong.
async is always unsafe.
Everything else you say says that you
On Fri, Sep 30, 2005 at 09:39:42PM +0200, Matthias Kilian wrote:
I assume by 'write caching' you mean async.
No. I think he meant caching by the disk device (see the note about
atactl writecachedisable).
I forgot:
And thus may be as (or even more) worse as async.
But then
We would love it if someone is able to supply one or our developers in
the Netherlands with a dual-cpu Mac. It does not matter if it is G4
or G5, either will do. If anyone can, please drop me a note. Thanks.
Well, since Miod has kind of let the cat out of the bag regarding the
G5 work, I might as well show the results, since I have the machine
that is currently running it best, a dual G5 Xserve.
About 3 weeks ago Mark Kettenis started the Apple G5 support effort.
A little bit later Dale joined in to
We would love it if someone is able to supply one or our developers in
the Netherlands with a dual-cpu Mac. It does not matter if it is G4
or G5, either will do. If anyone can, please drop me a note. Thanks.
So SMP is next on the list of Mark Kettenis after G5 support? Splendid!
No
I've just upgraded my Powerbook G4 to the latest macppc snapshot and now I
have
a problem booting.
Under openfirwware, I type the following :
boot hd:,ofwboot /bsd
It starts fine (as it always did for the last 10 months), the kernel gets
loaded
_but_ it looks like it does not find the
If the Soekris did not come with ethernet chipsets which are just
slightly over the bar of rl(4), the wimpy processor in the machine
might be able to cope.
If the Soekris did not come with ethernet chipsets which are just
slightly over the bar of rl(4), the wimpy processor in the machine
might be able to cope.
Throughput is only marginally better using an em in the pci slot of a
4801. I think there's some other problem.
Yeah -- the super
so try to help each other and don't be a smartass...
OK, I'm getting tired of this.
You think someone is going to help you now?
No. We're going to delete your mail. We are going to utterly
ignore you from now on.
I do it all the time.
It is much easier to delete mail from people like you.
Even though the card is detected, I'm not seeing any boost in
IPsec performance.
Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :)
The cpu is unable to feed the crypto card fast enough.
You would think that doing crypto operations, especially 3DES
is a lot of work. And it is. But
Oct 14 OpenBSD born, Saturday 16:36 MST, 1995
Sorry, but so many of you are uninformed.
RCS file: /cvs/src/Makefile,v
revision 1.1
date: 1995/10/18 08:37:01; author: deraadt; state: Exp;
branches: 1.1.1;
Initial revision
That is when the repository was created. That is the official
Mickey's calendar is not telling the truth.
There problem is there are a few things which happened in the days
beforehands (13th, 14th, 17th) as the decision to setup a repository
started being taken. It took a few days to get things imported just
right. Machines were slow back in those days,
You tried to go back... (3.8-current - OPENBSD_3_8_BASE which
corresponds to 3.8-release). If you want 3.8-release, the easiest thing to
do will be to wait for the actual release, and then install from scratch.
Are you saying that the snapshot of 10/14 is 3.8-current? If so, my bad. Let
On Mon, Oct 17, 2005 at 03:27:12PM +0200, PrzemysE?aw Nowaczyk wrote:
Jason McIntyre wrote:
i don't know much about the issues involved (i don't know anything about
them actually) but basically apm is not supported on this machine.
i have an r40e with the same issue, and it is a
Now it is really OpenBSD's 10th birthday ;)
On Tue, 18 Oct 2005 09:22:26 -0600 Wolfpaw - Dale Corse admin-
[EMAIL PROTECTED] wrote:
It dropped to DDB (because I forgot to disable it :( and I did
The following:
First thing you should probably do is actually read what is
on the screen and actually send the output of ps,
On 10/18/05, Chris Kuethe [EMAIL PROTECTED] wrote:
On 18/10/05, Ray Lai [EMAIL PROTECTED] wrote:
On Sun, Oct 16, 2005 at 09:00:16PM +0300, Antti Harri wrote:
I have two USB printers, is there a way to assign
a fixed device name instead of device name being
assigned dynamically?
People -- just ignore him.
He may use OpenBSD, but if he can't stop himself from being a beligerant
fool, not submitting the right reports, why bother wasting eveveryone's
time by chit-chatting and arguing with him? Do what the developers do --
delete his mail and don't respond.
Someone with one of these problematic cards should put it in the
mail to Brad in Toronto. That is your best bet.
Please note that at this time,
sasyncd can fail IPSEC associations to a 2nd machine
But not yet fail them back, when the master recovers
The developer of this stuff hasn't finished it yet.
Please take this off our lists. I am sure noone cares.
Why block access to your website in an attempt to block spam? Spam
harvesters? If so it's pointless, these lists are archived all over the
net, your address is already out there.
No, I just block netblocks because I don't care
Public Domain is a legal term, meaning that all the potential rights
handed by copyright have been surrendered. Since we retain one of the
basic rights of Copyright law (to be known as the author) it is
important that noone incorrectly state the legal position of the
source code. Under Copyright
If I remember correctly, bridging only works in hostap mode.
Bingo, someone remembered -- and that is correct.
In the other modes, MAC addresses of course do not get exposed
correctly, and your access point cannot impersonate the other
hosts it is required to.
It is fairly obvious if you think
The chipset is LSI SAS 1068, and according to LSI,
supported with the mpt driver. Here is the link to
LSI's information:
http://www.lsilogic.com/products/sas_ics/lsisas1068.html
Unlike what Olivier had to pipe up with (why are so many of our
users sending useless mails these days?)...
First of all, it's been a while since I've written c, so I'm curious if
this is a bulk change I can do.
I'm changing code that another programmer did, but we got rid of him for
doing stupid things. So I'm auditing his source code on a few of our
customer's sites and I came across a
In the source to to spamd, specifically spamd.c , I see that the
maximum value of the -s option is 10 (seconds).
What is the reason for this please? Anyone know or hazard a guess?
Many spammers automatically disconnect when this is done.
I'd love to see a bootable OpenBSD desktop CD with all applications
tightly wrapped by systrace, so I don't need to recreate and redistribute
the boot disk after each new Firefox, GAIM, etc exploit.
It is really unfortunate that I have never seen a perfect systrace
policy. Not once.
Not even
ports.tar.gz src.tar.gz sys.tar.gz
OpenBSD 3.8 includes artwork and CD artistic layout by Ty Semaka,
who also arranged an audio track on the OpenBSD 3.8 CD set. Ports
tree and package building by Peter Valchev, Nikolay Sturm and
Christian Weisgerber. System builds by Theo de Raadt and Kenji
Ah, an American speaks.
Sounds like a bold and daring idea, but one should be aware that
they might find themselves unemployed if they practice such a
philosophy at most companies.
PG
quote:
My experience is that if something has to be done, just do it - don't
ask! They
After a search of the lists, it seems that the amd64 port will work on
Intel EM64T hardware. Does the OpenBSD AMD64 port avoid the
prefetch/prefetchx that Intel is supposed to have screwed up with
their AMD64 clone?
I don't think we use that functionality. There are other slight
differences
I'm setting up an OpenBSD 3.7 box as a VPN/SSH server. It will have a
Broadcom 5805 installed to help offload some of the crypto processing. Our
employees have laptops with XP loaded and Intel Pro 100/S cards installed.
Will the crypto functionality on these cards work in conjunction with the
On 11/2/05, Theo de Raadt [EMAIL PROTECTED] wrote:
I'm setting up an OpenBSD 3.7 box as a VPN/SSH server. It will have a
Broadcom 5805 installed to help offload some of the crypto processing. Our
employees have laptops with XP loaded and Intel Pro 100/S cards installed
It in not the question of sshd works or, not! In large environments,
where you have a large number of legacy hardware (like Apollo 700,
HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
box is other than to run a firewall, a webserver, mail-server, or
MySQL,
plus you
Having Read about computer security, one of the parts that mostly
called up my atention were the access control mechanisms. I've found
out that the mechanism used by mostly of the Unix-like systems is DAC
(Discretionary Access Control) and as I could see OpenBSD fits in that
mechanism as
On Sat, Jun 30, 2007 at 10:46:55AM +0200, Leon Komlo?i wrote:
I'm trying to connect various IC's to IIC port on WRAP.1E board.
Without any success. IC's are Dallas DS1621,DS1631,DS1624.
Here is dmesg line:
DS1621:
iic1: addr 0x48 22=0a 40=0a 41=0f 42=0a 43=0a 44=0a 45=0a 46=0a
Using a July 3 checkout, make release fails with file system full -- is it
just me?
Kind of.
Things like this will happen, and then they will be fixed. Then they
will happen again. That's just the process. Noone really needs to
alert us, since we have to cope with this on our own already.
Somebody wrote on undeadly that they had arranged for Theo to get one
so this shouldn't be any problem.
Theo anything you can confirm so people doesn't send you several of
these which money could go to other better stuff.
I can confirm there's a card on the way. Thanks guys.
There have been a few questions as to whether I endorse the OpenBSD
Foundation.
That question comes up because the OpenBSD Foundation is not the same
as OpenBSD. The Foundation is a parallel entity which builds a new
way for funding the project; making it easier for companies and other
am working through a netboot install onto a sparc64 machine and noticed
that netboot != pxeboot and want to determine the minimum requirements
for netbooting.
so with netbooting it requires rarpd, tftp and NFS? not used to the NFS
requirement when pxebooting and usually just have dhcpd
OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD
By David Marcus, 2007-08-05 03:41:29
Section: Technology, Topic:
I formerly had a great deal of respect, bordering on admiration, for
Theo deRaadt's refusals to compromise his open source principles, even in
the face
And here we come full circle. Given the OpenBSD now IS a router --
whether it's a little two-interface pf box for home use or some big
studly hardware running OpenBGPD and OpenOSPFD box for ISPs, I would say
the addition of support for DSCP re-marking would be a very desirable
feature.
If anyone had any doubt that our insistance on freedom was important,
just read this.
http://mail-index.netbsd.org/source-changes/2007/08/24/0027.html
What is even more astounding is the incestious love-in these other
groups have, with their Sam-worship, that prevents them from doing the
obvious
rest of the kernel uses it to store the value of curlwp. Sam won't
recompile the HAL for us (fair enough), and we can't modify the HAL
to use another register because doing so could put us in breach of
the license (v. crappy). So, do a save/set/restore on %s7 in KernIntr()
How hard is
On Tue, Aug 28, 2007 at 04:08:02PM +0100, Edd Barrett wrote:
On 28/08/07, Craig Skinner - Sun Microsystems - Linlithgow - Scotland
Yay! Action at last.
Wow! This is great news.
Better late than never, but damn is it late.
Indeed, that is the correct sentiment regarding Sun's action
On 8/28/07, Darrin Chandler [EMAIL PROTECTED] wrote:
Normally I wouldn't repeat undeadly stuff here on misc@, but I'm sure
many of you will want to know.
http://undeadly.org/cgi?action=articlesid=20070829001634
And if you do this kind of thing, it's worth letting the rest of the
[bcc'd to Eben Moglen so that people don't flood him]
I stopped making public statements in the recent controversy because
Eben Moglen started working behind the scenes to 'improve' what Linux
people are doing wrong with licensing, and he asked me to give him
pause, so his team could work.
On Saturday 01 September 2007 05:40:52 Theo de Raadt wrote:
It is illegal to modify a license unless you are the owner/author,
because it is a legal document. If there are multiple owners/authors,
they must all agree. A person who receives the file under two
licenses can use the file
Theo de Raadt wrote:
For the record -- I was right and the Linux developers cannot change
the licenses in any of those ways proposed in those diffs, or that
conversation (http://lkml.org/lkml/2007/8/28/157).
It is illegal to modify a license unless you are the owner/author,
because
?
a.
Copyright 2006 Theo de Raadt.
b.
Copyright 2006 Theo de Raadt
You may use or distribute this file without
modifications.
The answer is b. The first licence grants NO RIGHTS AT ALL, and
retains them all for the author
If I understood clearly, following modifications of dual-licensed code
should also be dual-licensed, wouldn't they?
should, or must?
must.
Another argument has popped up elsewhere (by some poster, on
kerneltrap.org), pointing out that the GPL itself may also require
dual-licensed software to
In the case of the later 3 files, their copyright notice says:
at your choice you may distribute under the terms of the BSD
license or under the terms of the GNU GPL v2
So if they chose to distribute those 3 files under the terms of the GNU
GPL v2, it is correct to change the
Why ? The ISC seems to me to say you can do anything you wish -
except remove the copyright.
ISC has no say in the matter of interpreting the legal document.
Authors put them onto files hoping the license lays down the rights
they wish to retain, and grants they wish to give to the public.
On Sat, Sep 01, 2007 at 11:39:28AM -0600, Theo de Raadt wrote:
In the case of the later 3 files, their copyright notice says:
at your choice you may distribute under the terms of the BSD
license or under the terms of the GNU GPL v2
So if they chose to distribute those 3 files
1 - 100 of 2950 matches
Mail list logo
