ntpdate program not working with openntpd

[Bo Granlund]

Hi,

I have a problem with ntpd. I have a number of openbsd machines
here and one of them is connected to a gps receiver which now
(after a dirty hack) sets the time very precisely. I would love to
sync all my other machines against the gps powered ntpd.

Now the problem is that ntpdate (in linux) or ntpd's in other
openbsd boxes don't simply work. ntpdate says this:
sunrise:~# ntpdate fury
15 Jul 08:54:34 ntpdate[18841]: no server suitable for synchronization found

Another openbsd machine (volatile) is configured to use fury (the machine
with the gps receiver) as the server to poll for the time. This is what
ntpd has to say about that:
ntp engine ready
reply from 10.0.5.30: not synced, next query 3151s
no reply received in time, skipping initial time setting

The problems range over openbsd and linux so I don't know what's broken.
I'd say that ntpd has some issues with it. My  config on the gps 
machine is
# Addresses to listen on (ntpd does not listen by default)
listen on *

# sync to a single server
#server ntp.example.org

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
#servers pool.ntp.org

sensor nmea0

and nmea0 is working ok, so no problem there. You just can't query
the time from an openntpd instance. Am I doing something wrong? Would
it help if I send dmesg's etc.? Is there some trick to just make ntpd
work properly with external queriers? I've tried to figure this one
out but am out of ideas now.

best regards,
Bo Granlund

Re: ntpdate program not working with openntpd

[Andreas Kahari]

Is there a firewall blocking the requests in either direction?  Does
networki routing etc. work apart from this?

Andreas

On 15/07/06, Bo Granlund [EMAIL PROTECTED] wrote:

Hi,

I have a problem with ntpd. I have a number of openbsd machines
here and one of them is connected to a gps receiver which now
(after a dirty hack) sets the time very precisely. I would love to
sync all my other machines against the gps powered ntpd.

Now the problem is that ntpdate (in linux) or ntpd's in other
openbsd boxes don't simply work. ntpdate says this:
sunrise:~# ntpdate fury
15 Jul 08:54:34 ntpdate[18841]: no server suitable for synchronization found

Another openbsd machine (volatile) is configured to use fury (the machine
with the gps receiver) as the server to poll for the time. This is what
ntpd has to say about that:
ntp engine ready
reply from 10.0.5.30: not synced, next query 3151s
no reply received in time, skipping initial time setting

The problems range over openbsd and linux so I don't know what's broken.
I'd say that ntpd has some issues with it. My  config on the gps
machine is
# Addresses to listen on (ntpd does not listen by default)
listen on *

# sync to a single server
#server ntp.example.org

# use a random selection of 8 public stratum 2 servers
# see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers
#servers pool.ntp.org

sensor nmea0

and nmea0 is working ok, so no problem there. You just can't query
the time from an openntpd instance. Am I doing something wrong? Would
it help if I send dmesg's etc.? Is there some trick to just make ntpd
work properly with external queriers? I've tried to figure this one
out but am out of ideas now.

best regards,
Bo Granlund





--
Andreas Kahari
Somewhere in the general Cambridge area, UK

help adsl n openbsd

[sonjaya]

dear all
basic question :
i here current my network :

internet--adsl--lan01

i want change like this :

internet--adsl+router--lan01-lan2

lan01( openbsd , squid )
lan02(internet cafe)

so i want share my internet access to lan2.
sory my question very basic

ps: my modem adsl no support bridge configuration.

-sonjaya-

Re: Encrypting e-mails

[Karel Kulhavy]

On Mon, Jul 10, 2006 at 08:37:58AM -0500, Jacob Yocom-Piatt wrote:
  Original message 
 Date: Mon, 10 Jul 2006 15:07:40 +0200
 From: Rico Secada [EMAIL PROTECTED]  
 Subject: Encrypting e-mails  
 To: misc@openbsd.org
 
 Hi
 
 I have been looking into encrypting my e-mails and was thinking about GPG
 together with Sylpheed, since I am using Sylpheed.
 
 But I am wondering is there another and stronger or better way than GPG.
 
 Any recommendations?
 
 
 mutt has less calories and will make girls want to have sex with you. maybe 
 the
 second part is just advertising hype...

Actually I came to conclusion that having reinstalled Linux to OpenBSD will
probably increase my penis length.

I had less stress with the OpenBSD so far than with Linux, presumably because
of the developers attitude towards correctness. Research shows that stress
increases amount of fat on abdomen.  Penis length is dependent on amount of
fat on abdomen.

So OpenBSD - less stress - less fat on abdomen - longer penis.

CL
 
 it also has s/mime and gpg capabilities, is text based and does your laundry.
 
 Best and kind regards,
 Rico

Re: Voice-Chat Software (maybe even a Client wich works on openBSD? ;) ) ?

[Karel Kulhavy]

On Thu, Jul 13, 2006 at 09:11:12AM -0500, Jacob Yocom-Piatt wrote:
 Why would you need voice chat in the base install? There isn't even IM
 in the base install.
 
 
 good point about the IM. i see voice as pretty important since the gross
 majority of ppl have a phone (whether VOIP or otherwise) in their home. on the
 other hand, not everyone uses text chat programs.
 
 OpenSIP would be helpful to a lot of people, I'm sure, but I doubt the
 developers have time for it.
 
 
 i recognize the devs are busy folks and don't have time to code out features
 that people wish for on [EMAIL PROTECTED]
 
 note that my previous message did not suggest someone else should do this, 
 it
 only asked if such a thing were done, could it get in tree. i surmise the 
 answer
 is no, likely for the reason you cite above. i wanted to check because i've
 thought about working on such a thing myself for  a year now.

Does anyone succeed with any SIP phone actually on OpenBSD, behind a NAT?
I tried various clients on Linux (ekiga, kphone, minisip, lilnphone, twinkle)
and there was always some little bit that was missing to functionality.

CL

Re: GDBM_File (GDBM::File)

[Karel Kulhavy]

On Thu, Jul 13, 2006 at 07:03:11PM +0200, Joachim Schipper wrote:
 On Thu, Jul 13, 2006 at 12:12:58PM +0200, Karel Kulhavy wrote:
  ello
  
  How can I install GDBM::File into the stock Perl in OpenBSD? I don't
  understand why it's not there when it comes automatically with Perl.
  Was it stripped out from the Perl due to license reason? I tried to
  download it and installed but it complained about unresolved library
  something in some *.so file.
 
 What does the 'G' stand for? What is the OpenBSD policy on 'G' programs?

Probably GNU. I don't know what is OpenBSD policy toward 'G' programs.

But gdbm is in ports. I don't understand why the binding was taken out of
Perl.

 
 This particular Perl module is not in ports; you must likely can use
 cpan to add it after installing dependencies, notably gdbm.

I tried but it seems to use gdbm library linked into the perl and because
on OpenBSD the perl binary is not linked and it complains about unresolved
dependence.

CL

 
   Joachim

Re: ntpdate program not working with openntpd

[Bo Granlund]

Andreas Kahari [EMAIL PROTECTED] wrote:
 Is there a firewall blocking the requests in either direction?  Does
 networki routing etc. work apart from this?

Yes, networking works as it should. The problem was that ntpd did not
get synced because I had hacked it to settimeofday() every time the sensor
reports a new offset. This put the internal magical calculators out of
sync and ntpd put the alert flag up in responses which were then rejected
by other ntpd's and ntpdate.

So I approached the problem from another angle and thought about
adjtime()'ing the offsets. It produced this very simple patch:
Index: ntp.c
===
RCS file: /storage/1/mirror/openbsd/src/usr.sbin/ntpd/ntp.c,v
retrieving revision 1.91
diff -u -r1.91 ntp.c
--- ntp.c   1 Jul 2006 18:52:46 -   1.91
+++ ntp.c   15 Jul 2006 07:50:05 -
@@ -1,4 +1,4 @@
-/* $OpenBSD: ntp.c,v 1.91 2006-07-01 18:52:46 otto Exp $ */
+/* $OpenBSD: ntp.c,v 1.91 2006/07/01 18:52:46 otto Exp $ */

 /*
  * Copyright (c) 2003, 2004 Henning Brauer [EMAIL PROTECTED]
@@ -315,8 +315,10 @@
for (s = TAILQ_FIRST(conf-ntp_sensors); s != NULL;
s = next_s) {
next_s = TAILQ_NEXT(s, entry);
-   if (s-next = time(NULL))
+   if (s-next = time(NULL)) {
sensor_query(s);
+   priv_adjtime();
+   }
}
}


Now priv_adjtime() takes into account the offset set by a nmea
sensor and adjusts the time correctly, and voila, ntpd's internal magic
calculators also agreed and started working as they should. So now
I have a working (sync'ed) ntpd that uses a usb gps receiver as its
time source.

Without that priv_adjtime() the offset reported by the sensor never
got updated, I don't know why yet.

best regards,
Bo Granlund

Re: GDBM_File (GDBM::File)

[Lars Hansson]

On Saturday 15 July 2006 18:02, Karel Kulhavy wrote:
 But gdbm is in ports. I don't understand why the binding was taken out of
 Perl.

And how would the base system build the gdbm module if gdbm itself is in 
ports?
You could always try creating a port of it though.

---
Lars Hansson

Recompiling Perl 5.8.6

[Karel Kulhavy]

Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9)
then compile it using supplied hints/openbsd.sh and install over the
existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6.

- will the perl still work (at least pkg_add and pkg_delete)?
- will GDBM_File start working?

I tried installing GDBM_File by going into
perl-5.8.6/ext/GDBM_File:
[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ perl Makefile.PL 
Note (probably harmless): No library found for -lgdbm
Note (probably harmless): No library found for -ldbm
Writing Makefile for GDBM_File
[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ make
Can't locate ExtUtils/Command.pm in @INC (@INC contains:
/usr/lib/perl5/5.8.6/OpenBSD.i386-openbsd /usr/lib/perl5/5.8.6
/usr/local/lib/perl5/site_perl/5.8.6/OpenBSD.i386-openbsd
/usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .).
BEGIN failed--compilation aborted.
*** Error code 2

But when I do perl -V:
[...]
  Built under openbsd
  @INC:
/usr/libdata/perl5/i386-openbsd/5.8.6
/usr/local/libdata/perl5/i386-openbsd/5.8.6
/usr/libdata/perl5
/usr/local/libdata/perl5
/usr/local/libdata/perl5/site_perl/i386-openbsd
/usr/libdata/perl5/site_perl/i386-openbsd
/usr/local/libdata/perl5/site_perl
/usr/libdata/perl5/site_perl
/usr/local/lib/perl5/site_perl

[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ locate Command.pm
/usr/libdata/perl5/ExtUtils/Command.pm

So it doesn't work and I don't know why. I tried to figure out something
about the mysterious @INC thing. Man perl says only this:
FILES
@INC locations of perl libraries
but it's a blind alley:
[EMAIL PROTECTED]:~$ man INC  
man: no entry for INC in the manual.
[EMAIL PROTECTED]:~$ man '@INC'
man: no entry for @INC in the manual.
[EMAIL PROTECTED]:~$ locate 'INC'
[EMAIL PROTECTED]:~$ locate '@INC'

man perl says there's a file called @INC, but it's not true.

Inc in google yields just a heap of irrelevant links. Wikipedia doesn't have
a relevant article on INC or @INC either.

CL

Re: Recompiling Perl 5.8.6

[Andreas Kahari]

What is wrong with having two separate Perl installations, the base
one (untouched), and your own one (in e.g. /opt or /usr/opt or
wherever you'd like)?

Andreas

On 15/07/06, Karel Kulhavy [EMAIL PROTECTED] wrote:

Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9)
then compile it using supplied hints/openbsd.sh and install over the
existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6.

- will the perl still work (at least pkg_add and pkg_delete)?
- will GDBM_File start working?

I tried installing GDBM_File by going into
perl-5.8.6/ext/GDBM_File:
[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ perl Makefile.PL
Note (probably harmless): No library found for -lgdbm
Note (probably harmless): No library found for -ldbm
Writing Makefile for GDBM_File
[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ make
Can't locate ExtUtils/Command.pm in @INC (@INC contains:
/usr/lib/perl5/5.8.6/OpenBSD.i386-openbsd /usr/lib/perl5/5.8.6
/usr/local/lib/perl5/site_perl/5.8.6/OpenBSD.i386-openbsd
/usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .).
BEGIN failed--compilation aborted.
*** Error code 2

But when I do perl -V:
[...]
  Built under openbsd
  @INC:
/usr/libdata/perl5/i386-openbsd/5.8.6
/usr/local/libdata/perl5/i386-openbsd/5.8.6
/usr/libdata/perl5
/usr/local/libdata/perl5
/usr/local/libdata/perl5/site_perl/i386-openbsd
/usr/libdata/perl5/site_perl/i386-openbsd
/usr/local/libdata/perl5/site_perl
/usr/libdata/perl5/site_perl
/usr/local/lib/perl5/site_perl

[EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ locate Command.pm
/usr/libdata/perl5/ExtUtils/Command.pm

So it doesn't work and I don't know why. I tried to figure out something
about the mysterious @INC thing. Man perl says only this:
FILES
@INC locations of perl libraries
but it's a blind alley:
[EMAIL PROTECTED]:~$ man INC
man: no entry for INC in the manual.
[EMAIL PROTECTED]:~$ man '@INC'
man: no entry for @INC in the manual.
[EMAIL PROTECTED]:~$ locate 'INC'
[EMAIL PROTECTED]:~$ locate '@INC'

man perl says there's a file called @INC, but it's not true.

Inc in google yields just a heap of irrelevant links. Wikipedia doesn't have
a relevant article on INC or @INC either.

CL





--
Andreas Kahari
Somewhere in the general Cambridge area, UK

ntp on openbsd rulez

[Karel Kulhavy]

I just turned it on and date shows the same as on my radio clock!

How different from Linux where I didn't know which ntp implementation to use,
so I tried installing various ones and it didn't work so I tweaked
the configuration somehow according to the (usually ambiguous) documentation
and it didn't work either so the result was that the clock was off by
hours and I had to manually reset it time to time.

CL

Re: auto-update named via dhcpd?

[Rogier Krieger]

On 7/14/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:

Does the dhcpd that is shipped with OpenBSD 3.7 support the ability
to update bind?


No, it does not.



Does the dhcpd that is shipped with OpenBSD 3.9 support this?


IIRC, it does not support it either.



If not, is the recommended approach to install ISC DHCP 3.x,


It worked for me. See threads on MARC for a little more information.
http://marc.theaimsgroup.com/?l=openbsd-miscm=110353569711035w=2

After installing ISC dhcpd, just follow the documentation to get DDNS
updates working. E.g. by using the various README files included in
the port.

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

Re: ntp on openbsd rulez

[Andreas Kahari]

On 15/07/06, Karel Kulhavy [EMAIL PROTECTED] wrote:

I just turned it on and date shows the same as on my radio clock!

How different from Linux where I didn't know which ntp implementation to use,
so I tried installing various ones and it didn't work so I tweaked
the configuration somehow according to the (usually ambiguous) documentation
and it didn't work either so the result was that the clock was off by
hours and I had to manually reset it time to time.


You probably did something wrong.  The NTP implementation that most
Linux distributions are using actually works quite well (also on
OpenBSD), but it's too big and in many ways made too complicated.
OpenNTPd (which, of course, also runs on Linux) effectively reduces
the problem of synching the clock, as you did notice.

--
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: GDBM_File (GDBM::File)

[Karel Kulhavy]

On Sat, Jul 15, 2006 at 06:16:42PM +0800, Lars Hansson wrote:
 On Saturday 15 July 2006 18:02, Karel Kulhavy wrote:
  But gdbm is in ports. I don't understand why the binding was taken out of
  Perl.
 
 And how would the base system build the gdbm module if gdbm itself is in 
 ports?

Is there a way how to install GDBM_File on OpenBSD 3.9?

CL
 You could always try creating a port of it though.
 
 ---
 Lars Hansson

time-based pf rules in crontab do not survive a reboot (naturally)?

[Soner Tari]

Hi All,

I have time-based pf rules using cron and anchors (such as to restrict
HTTP access after hours). But as you can guess, they do not survive a
reboot. Is there any solution?

Thanks,

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Darrin Chandler]

On Sat, Jul 15, 2006 at 05:48:06PM +0300, Soner Tari wrote:
 
 I have time-based pf rules using cron and anchors (such as to restrict
 HTTP access after hours). But as you can guess, they do not survive a
 reboot. Is there any solution?

There are probably a lot of solutions...

Have your cron job copy the current anchor rules to pf-current.conf,
then add pfctl -f pf-current.conf to rc.local.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

General question about intl and iconv

[Weldon Goree]

(This might belong on ports, but it's not specific really)

There are quite a few software packages not in the ports tree that I've
managed to wrestle into running on my system, and I keep noticing the
same thing: they all have trouble with libintl and libiconv. But it's
always different things: some are missing certain symbols, some just
can't seem to find the version, some (even with the include and link
paths double-checked) can't find iconv.h or libintl.h, or libiconv and
libintl, without editing the source file to look for the absolute path.

What's going on here? Are OpenBSD's i18n libraries that radically
different? I could understand if it was just the missing symbols (ie,
obsd didn't implement all the functions) or just the version problems
(ie, obsd used a different versioning scheme), but I can't fathom why
applications can't find those headers, of all the rest that they use,
and why all three happen, and have kept happening for me across 3.7,
3.8, and 3.9.

Is there a system configuration I've missed somewhere, like
sysctl usr.i18n.play_well_with_others 1
or something? And then it strikes me that my joke is even dumber than it
sounds, since intl and iconv (via gettext) are ports. It's curious to me
that gettext isn't included with the rest of the GNU toolchain in the
system, but then I guess it's not necessary for all users.

Anyways, if somebody knows a magic bullet to make iconv and intl play
well with others, or can just enlighten me on what's so different with
OpenBSD's versions as opposed to everyone else's, I'd really appreciate
it. Thanks!

Weldon Goree

Re: Boot panic with bsd.mp on a Compaq ProLiant 2500

[François Chambaud]

Steve Shockley [EMAIL PROTECTED] writes:

 Nick Shank wrote:
  And, while I know it's a very different animal, it's still a Compaq
  server... I get the same error on a Proliant ML370 when using
  bsd.mp.
 
 I've got 3.9 running on a DL380 without trouble (GENERIC.MP), and that
 should be the same mainboard as an ML370.  Make sure you've got all
 current firmware on the box, and try various OS settings until one
 works properly (including Other).  Incorrect settings will probably
 result in a crash on boot, or only one CPU.
 
 snip

Today, I've try different OS settings in the BIOS like UnixWare,
Solaris, Windows (2000) and they all do a kernel panic with bsd.mp. I
have the trace, ps and show registers for them if somebody want to
see the details.

Unix with large disk geometry and Other OS types only detect one
processor with the Inspect Compaq tool.

Other OS type does not panic the kernel with bsd.mp, but only one
processor is detected:

OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar  2 02:37:06 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV
real mem  = 268017664 (261736K)
avail mem = 237518848 (231952K)
using 3297 buffers containing 13504512 bytes (13188K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/01/99, BIOS32 rev. 0 @ 0xf
pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI BIOS has 8 Interrupt Routing table entries
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xe8000/0x6000 0xee000/0x2000!
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 199 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02
ppb0 at pci0 dev 13 function 0 IBM 82351 PCI-PCI rev 0x01
[...]

I've googling for some time now, but I can't find a definitive answer
to that panic: can't deal with not-all-lapics interrupt yet! problem.

Thank you Steve and Nick for your feedback.

Thanks again for your time and this great OS !

Francois
-- 
http://www.chambaud.org

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Gaby Vanhegan]

On 15 Jul 2006, at 15:48, Soner Tari wrote:

 I have time-based pf rules using cron and anchors (such as to restrict
 HTTP access after hours). But as you can guess, they do not survive a
 reboot. Is there any solution?

Create a script that works out what the rules should be at any given  
time, add it to /etc/rc.local so it's run at boot.

Gaby

--
Junkets for bunterish lickspittles since 1998!
http://www.playr.co.uk/sudoku/
http://weblog.vanhegan.net/

New personal spamd record

[Jim Razmus]

I found this too funny not to share.  A little Perl script processing of
my spamd log revealed a spammer from China had made 138 attempts to
deliver spam with a cumulative time of ~15 hours.  15 hours!  You can't
make this stuff up!

I like to think those 15 hours of tar pit torment just made the Internet
a slightly nicer place.  :-)

Jim

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Soner Tari]

 Have your cron job copy the current anchor rules to pf-current.conf,
 then add pfctl -f pf-current.conf to rc.local.

Thank you for the reply (and Gaby too). But I am not sure if this would
be an elegant workaround. Because by chance there may be cron jobs
scheduled to run exactly during downtime, and I would miss them. This is
still true no matter how small the chances are.

Re: GDBM_File (GDBM::File)

[Nick Guenther]

On 7/15/06, Karel Kulhavy [EMAIL PROTECTED] wrote:

On Sat, Jul 15, 2006 at 06:16:42PM +0800, Lars Hansson wrote:
 On Saturday 15 July 2006 18:02, Karel Kulhavy wrote:
  But gdbm is in ports. I don't understand why the binding was taken out of
  Perl.

 And how would the base system build the gdbm module if gdbm itself is in
 ports?

Is there a way how to install GDBM_File on OpenBSD 3.9?



Use CPAN maybe? Or port whatever application you're trying to run to a
different DPM implementation. Or use a [different one|Python's
multitude of DBMs] if you are writing your application from scratch.

-Nick

X Windows freeze on reboot

[Karel Kulhavy]

Hello

OpenBSD 3.9. I took my xterm, did su - and then typed reboot. The xterm
window disappeared, but the machine froze. You could still see the X Window
System background and the mouse was not moving. ctrl-alt-del didn't work. I had
to turn the machine off.

The X Window is installed from OpenBSD 3.9, I didn't tamper with it (just
changed the config file).

Is this possible to happen within intended behaviour of the system?

CL

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Darrin Chandler]

On Sat, Jul 15, 2006 at 08:27:32PM +0300, Soner Tari wrote:
  Have your cron job copy the current anchor rules to pf-current.conf,
  then add pfctl -f pf-current.conf to rc.local.
 
 Thank you for the reply (and Gaby too). But I am not sure if this would
 be an elegant workaround. Because by chance there may be cron jobs
 scheduled to run exactly during downtime, and I would miss them. This is
 still true no matter how small the chances are.

I believe Gaby's solution would handle this. If you have *one* script
that decides which rules to load based on system time, then it would
load the correct rules when run from both rc.local and cron.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Do mp3 concatenation programs exist?

[Peter Philipp]

Hi misc@,

I have a an original setup at home.  I crontab logging on and off the Internet
on a minutely basis, so that I aquire a new IP every minute.  I do this for
personal reasons and I like it this way.  At the same time I also stream
mp3's from a radio station in Toronto.  Since my IP changes every minute
I have about a minute of streaming before I tcpdrop(8) and cycle pppoe(4).
At the end of a day I concatenate the snippets into one large mp3 but at
times the concatenation isn't perfect and there is a repeat, or a chop off
or a squeak.  Because the mp3 snippets have a time-delay buffer and overlap 
nothing is really lost but I'm looking for better software to concatenate these.

Take 4 mp3 files representing 4 minutes as an example:

ckln.1152650587
ckln.1152650647
ckln.1152650707
ckln.1152650767

(If you're interested in making this work I can give you the URLs to download
these for testing).

Here is the script that I now concatenate these with:

--- 
#!/bin/sh

#
# To do an entire day this script will run 3 hours 
# 

FILE=ckln-radio-stream`date +%Y%m%d`.mp3

sleep 61

rm -f /export/ckln/$FILE

for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do
dd if=$i of=/export/ckln/$FILE bs=128 count=1
break;
done

for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do
SIZE=`ls -l $i | awk '{printf(%s\n, int($5 / 614400)); }'`
VARIABLE=`mplayer -ao null -nosound -speed 100 -v -v $i | grep  len= 
| awk '{ split($6, a, =); total += a[2]; if (total  15000) { if (! 
startmessage) { printf(start: %s , total + 128);  startmessage++; start = 
total; }; counton += a[2]; framecount++;}  if (counton = multiplier  1) ? 
1 : multiplier) * 614400) - 15000 )) { printf(%s bytes %s frames\n, counton - 
128, framecount); exit 0; }}' multiplier=$SIZE`

SKIP=`echo $VARIABLE | awk '{print $2}'`
COUNT=`echo $VARIABLE | awk '{print $3}'`

echo $VARIABLE

dd if=$i of=$HOME/tmp.$$ skip=$SKIP count=$COUNT bs=1
cat $HOME/tmp.$$  /export/ckln/$FILE
rm -f $HOME/tmp.$$
done
---

As you can see I run mplayer at speed 100 with full verbose messages so
that I can see how large the individual frames are (with padding), with
that count I can then dd the stuff out.  Obviously it's not perfect.

What I'm looking for at best is something that checksums or hashes every
mp3 frame (I think they are around 360 bytes each or so) and finds the 
exact overlap on the next mp3 file.  ( I can't imagine the streaming server 
making a new mp3 for every connection there is, but rather doing it once
for all connections so the frames should all be the same value around the
overlap and hence checksumming should work to make the exact splice, right?)

I've thought about disecting the de-multiplex functions in mplayer to 
a customized program to do this but before I do, I want to ask if there 
is something like this out there already saving me time?

regards,

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[z0mbix]

On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote:

Hi misc@,

I have a an original setup at home.  I crontab logging on and off the Internet
on a minutely basis, so that I aquire a new IP every minute.  I do this for
personal reasons and I like it this way.


This is just the most idiotic thing I've ever heard. You are creating
a whole bunch of unneccessary problems for yourself.


At the same time I also stream
mp3's from a radio station in Toronto.  Since my IP changes every minute
I have about a minute of streaming before I tcpdrop(8) and cycle pppoe(4).
At the end of a day I concatenate the snippets into one large mp3 but at
times the concatenation isn't perfect and there is a repeat, or a chop off
or a squeak.  Because the mp3 snippets have a time-delay buffer and overlap
nothing is really lost but I'm looking for better software to concatenate these.

Take 4 mp3 files representing 4 minutes as an example:

ckln.1152650587
ckln.1152650647
ckln.1152650707
ckln.1152650767

(If you're interested in making this work I can give you the URLs to download
these for testing).

Here is the script that I now concatenate these with:

---
#!/bin/sh

#
# To do an entire day this script will run 3 hours
#

FILE=ckln-radio-stream`date +%Y%m%d`.mp3

sleep 61

rm -f /export/ckln/$FILE

for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do
dd if=$i of=/export/ckln/$FILE bs=128 count=1
break;
done

for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do
SIZE=`ls -l $i | awk '{printf(%s\n, int($5 / 614400)); }'`
VARIABLE=`mplayer -ao null -nosound -speed 100 -v -v $i | grep  len= | awk '{ split($6, a, =); 
total += a[2]; if (total  15000) { if (! startmessage) { printf(start: %s , total + 128);  startmessage++; start 
= total; }; counton += a[2]; framecount++;}  if (counton = multiplier  1) ? 1 : multiplier) * 614400) - 15000 )) { 
printf(%s bytes %s frames\n, counton - 128, framecount); exit 0; }}' multiplier=$SIZE`

SKIP=`echo $VARIABLE | awk '{print $2}'`
COUNT=`echo $VARIABLE | awk '{print $3}'`

echo $VARIABLE

dd if=$i of=$HOME/tmp.$$ skip=$SKIP count=$COUNT bs=1
cat $HOME/tmp.$$  /export/ckln/$FILE
rm -f $HOME/tmp.$$
done
---

As you can see I run mplayer at speed 100 with full verbose messages so
that I can see how large the individual frames are (with padding), with
that count I can then dd the stuff out.  Obviously it's not perfect.

What I'm looking for at best is something that checksums or hashes every
mp3 frame (I think they are around 360 bytes each or so) and finds the
exact overlap on the next mp3 file.  ( I can't imagine the streaming server
making a new mp3 for every connection there is, but rather doing it once
for all connections so the frames should all be the same value around the
overlap and hence checksumming should work to make the exact splice, right?)

I've thought about disecting the de-multiplex functions in mplayer to
a customized program to do this but before I do, I want to ask if there
is something like this out there already saving me time?

regards,

-peter

--
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 08:24:04PM +0100, z0mbix wrote:
 This is just the most idiotic thing I've ever heard. You are creating
 a whole bunch of unneccessary problems for yourself.

I don't operate in a box that's made for me.  I go further.  Stop the 
namecalling and reconsider if you don't have a useful answer. 

-p

--
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Tobias Weisserth]

Hi,

On Saturday, 15. July 2006 21:24, z0mbix wrote:
 On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote:
  Hi misc@,
 
  I have a an original setup at home.  I crontab logging on and off the
  Internet on a minutely basis, so that I aquire a new IP every minute.  I
  do this for personal reasons and I like it this way.

 This is just the most idiotic thing I've ever heard. You are creating
 a whole bunch of unneccessary problems for yourself.

It's pretty obvious he's trying to hide his true identity because of these mp3 
activities on the Internet. If he's that paranoid about his probably illegal 
activities I don't understand why he talks about them in detail on a public 
mailing list... :-)

  At the same time I also stream
  mp3's from a radio station in Toronto.  Since my IP changes every minute

cheers,
Tobias

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote:
  This is just the most idiotic thing I've ever heard. You are creating
  a whole bunch of unneccessary problems for yourself.
 
 It's pretty obvious he's trying to hide his true identity because of these 
 mp3 
 activities on the Internet. If he's that paranoid about his probably illegal 
 activities I don't understand why he talks about them in detail on a public 
 mailing list... :-)

Illegal activities?  Naw man!  I just like moving like a Mack truck.  See, 
I'm already gone!  Once I was upset that they didn't give everyone static 
IP's, and then I thought about the words Vint Cerf said, and I got 
enlightened.  Anonymity rocks when you're taking charge of it.  If you 
linger around for 20 hours a day someone can track you and the dynamic IP 
is useless.  So I'm turning it around, into the intended direction.  And I 
know I'm on the right path.

There is a lot of things you see when you push the technology to the limits,
like why does pppoe(4) take 6 seconds to authenticate you over Ethernet when
you cycle the pppoeX interface?  Obviously streamlining can be done to push 
this down below a second.  Somewhere there is a loop too many in the sppp or
pppoe code or a timeout too long.

Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you
know yours?

$ grep new ip for now /var/log/all | awk '{print $NF}' | sort -u | wc -l
   17991
$

There's your odds if you want to find me at any minute.  And if you scan
how do you know that I won't disconnect before the scan reaches me and re-
appear to an IP that the scan already passed?  Linear portscanning won't 
work.  You may as well send a random packet and hope it comes across my
ways.


 cheers,
 Tobias

So you can't help me with a useful answer either?  Sad.

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Timo Schoeler]

thus Peter Philipp spake:

On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote:

This is just the most idiotic thing I've ever heard. You are creating
a whole bunch of unneccessary problems for yourself.
It's pretty obvious he's trying to hide his true identity because of these mp3 
activities on the Internet. If he's that paranoid about his probably illegal 
activities I don't understand why he talks about them in detail on a public 
mailing list... :-)


Illegal activities?  Naw man!  I just like moving like a Mack truck.  See, 
I'm already gone!  Once I was upset that they didn't give everyone static 
IP's, and then I thought about the words Vint Cerf said, and I got 
enlightened.  Anonymity rocks when you're taking charge of it.  If you 
linger around for 20 hours a day someone can track you and the dynamic IP 
is useless.  So I'm turning it around, into the intended direction.  And I 
know I'm on the right path.


There is a lot of things you see when you push the technology to the limits,
like why does pppoe(4) take 6 seconds to authenticate you over Ethernet when
you cycle the pppoeX interface?  Obviously streamlining can be done to push 
this down below a second.  Somewhere there is a loop too many in the sppp or

pppoe code or a timeout too long.


if there were some more guys like you authenticating every minute, 
there'd be no chance to get authenticated in a decent amount of time. 
you'd be offline due do a self caused DDoS, rendering the RADIUS 
machines (or whatever they might use) into slaves doing dull work :D


--
Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED]
RISCworks -- Perfection is a powerful message
ISP | POWER  PowerPC afficinados | Networking, Security, BSD services
GPG Key fingerprint = B5F6 68A4 EC45 C309 6770  38C4 50E8 2740 9E0C F20A

There are 10 types of people in the world. Those who understand binary
and those who don't.

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote:
 if there were some more guys like you authenticating every minute, 
 there'd be no chance to get authenticated in a decent amount of time. 
 you'd be offline due do a self caused DDoS, rendering the RADIUS 
 machines (or whatever they might use) into slaves doing dull work :D

It's not a DDoS.  Computers are almighty today, if they can't be pushed to do
their freakin' work they may as well be sniffing your packets all day long
right?  If RADIUS is too slow, start caching, memory is cheap.  There is a
lot of solutions and technical solutions around this.  And it's this service
that people pay for anyhow.  You haven't heard of an mp3 concatenate utility 
either right?

greets,

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Timo Schoeler]

thus Peter Philipp spake:

On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote:
if there were some more guys like you authenticating every minute, 
there'd be no chance to get authenticated in a decent amount of time. 
you'd be offline due do a self caused DDoS, rendering the RADIUS 
machines (or whatever they might use) into slaves doing dull work :D


It's not a DDoS.


sure it is.


Computers are almighty today,


:D


if they can't be pushed to do
their freakin' work they may as well be sniffing your packets all day long
right?


if you feel that this is the case (which is almost for sure in 'western, 
democratic, free countries' due to their secret service operations 
spying their own people) and are frightened by this, you should really 
think about solving this problem by pulling the root of this evil out, 
not by cutting single leafs.


join the right party, mobilize people, go on the street, pick up some 
forks and torches and get rid of that dictatorship of capitalism 
treating mankind like shit -- even and especially in germany (wrt to the 
TLD of your email address).



If RADIUS is too slow, start caching, memory is cheap.  There is a
lot of solutions and technical solutions around this.  And it's this service
that people pay for anyhow.


you pay taxes. so you pay for the firefighters. do you call them every 
minute to ask what to do in case there'd be really fire?


this attitude really sucks.

you demand people/organizations to buy an IBM p595 just for running 
RADIUS, instead of letting their good ol' Ultra 2 running the next 
decade until it falls apart. you're wasting ressources and energy.


You haven't heard of an mp3 concatenate utility 
either right?


no, and i certainly never will :)


greets,

-peter


get a life, peter. please. there are *real* problems in the world outside...

Re: Do mp3 concatenation programs exist?

[RedShift]

Peter Philipp wrote:

On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote:
if there were some more guys like you authenticating every minute, 
there'd be no chance to get authenticated in a decent amount of time. 
you'd be offline due do a self caused DDoS, rendering the RADIUS 
machines (or whatever they might use) into slaves doing dull work :D


It's not a DDoS. Computers are almighty today, if they can't be pushed to do
their freakin' work they may as well be sniffing your packets all day long
right?  If RADIUS is too slow, start caching, memory is cheap.  There is a
lot of solutions and technical solutions around this.  And it's this service
that people pay for anyhow.  You haven't heard of an mp3 concatenate utility 
either right?




Computers aren't almighty. Why the hell am I even replying to you? If 
you don't want to authenticate, don't use PPPoE then. What you are 
trying to do is idiotic. This topic is by far the most ridiculous I have 
ever read. What's the point? What do you expect from us? And you ARE 
bothering your ISP's authentication servers. Just because they have 
enough of processing power to serve your requests, doesn't allow to 
abuse it. Get a life, you computer pervert!

Re: X Windows freeze on reboot

[Philip Guenther]

On 7/15/06, Karel Kulhavy [EMAIL PROTECTED] wrote:

OpenBSD 3.9. I took my xterm, did su - and then typed reboot. The xterm
window disappeared, but the machine froze. You could still see the X Window
System background and the mouse was not moving. ctrl-alt-del didn't work. I had
to turn the machine off.


First off, how did you expect to get assistance when you didn't post your dmesg?

Does the same problem exist when you try to reboot from outside of X?



The X Window is installed from OpenBSD 3.9, I didn't tamper with it (just
changed the config file).


That sentence is self contradictory.  Also, you didn't say what
changes you made to which config file.  (It _sounds_ like it was the
xorg.conf, but...)

Did the same problem exist before you changed the config file?


Philip Guenther

Re: Do mp3 concatenation programs exist?

[Eric Pancer]

On Sat, 2006-07-15 at 22:39:48 +0200, Peter Philipp wrote...

 Illegal activities?  Naw man!  I just like moving like a Mack truck.  See, 
 I'm already gone!  Once I was upset that they didn't give everyone static 
 IP's, and then I thought about the words Vint Cerf said, and I got 
 enlightened.  Anonymity rocks when you're taking charge of it.  If you 
 linger around for 20 hours a day someone can track you and the dynamic IP 
 is useless.  So I'm turning it around, into the intended direction.  And I 
 know I'm on the right path.
  
 Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you
 know yours?

Jesus you're a fucking idiot. I mean, seriously: this thread has got to be
one of the more idiotic things I've ever read here.

Anyway - the truly paranoid connect to different ISPs. Your provider has the
source port you're coming from, your MAC address, and prolly the MAC of your
DSL router in their CAM tables. You've achieved nothing, lackey.

Re: Do mp3 concatenation programs exist?

[Stuart Henderson]

On 2006/07/15 23:16, Peter Philipp wrote:
 And it's this service that people pay for anyhow.

So you want everyone else using your ISP to subsidise your
fairly extreme use of the auth/accounting infrastructure (radius,
ldap, db, whatever..)?

Ah well, you'll be worst-affected if it becomes heavily
loaded or fails sometime, whereas people holding onto
their sessions probably won't even notice.

 You haven't heard of an mp3 concatenate utility either right?

You have heard of google, right? Is it really so hard to
come up with `mp3 concatenate utility' as a search term?

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 11:34:33PM +0200, Timo Schoeler wrote:
 It's not a DDoS.
 
 sure it is.

Your own customers aren't DDoS'ing you when they try to authenticate.  A 
Distributed Denial of Service by definition is a computer crime with intent 
to disable your services with malice, which this isn't.

 Computers are almighty today,
 
 :D

Dude, back in '97 we ran an ISP on P120's and P166's.  Trust me.

cut

 If RADIUS is too slow, start caching, memory is cheap.  There is a
 lot of solutions and technical solutions around this.  And it's this 
 service
 that people pay for anyhow.
 
 you pay taxes. so you pay for the firefighters. do you call them every 
 minute to ask what to do in case there'd be really fire?

That isn't even comparable.  Comparable is going to the bathroom and it has 
16000 doors.  Instead of taking the same damn door you take another whichever
you feel at the time.  And yes someone does clean that bathroom, they also
can use any door if they feel up to it.

 this attitude really sucks.
 
 you demand people/organizations to buy an IBM p595 just for running 
 RADIUS, instead of letting their good ol' Ultra 2 running the next 
 decade until it falls apart. you're wasting ressources and energy.

No, you will see that I am right.

 You haven't heard of an mp3 concatenate utility 
 either right?
 
 no, and i certainly never will :)

Then perhaps I'll share when I get a hold of it.

 get a life, peter. please. there are *real* problems in the world outside...

? Just because my problem doesn't suit you ?  Sorry!  

-peter

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 11:49:34PM +0200, RedShift wrote:
 Computers aren't almighty. Why the hell am I even replying to you? If 
 you don't want to authenticate, don't use PPPoE then. What you are 
 trying to do is idiotic. This topic is by far the most ridiculous I have 
 ever read. What's the point? What do you expect from us? And you ARE 
 bothering your ISP's authentication servers. Just because they have 
 enough of processing power to serve your requests, doesn't allow to 
 abuse it. Get a life, you computer pervert!

I guess I should send them an apology note for hurting the authentication
servers feelings?   

You don't have a clue!

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 04:58:35PM -0500, Eric Pancer wrote:
 Jesus you're a fucking idiot. I mean, seriously: this thread has got to be
 one of the more idiotic things I've ever read here.

Ok I'm about to fucking blow a fuse!  What's your fucking problem!  
You're a shark!  Nasty, bloodthirsty beast!  Respect my needs without calling
me names or questioning my logic.  Here !
http://www.snickers.org/~pjp/find-blow-a-fuse.mp3.

 Anyway - the truly paranoid connect to different ISPs. Your provider has the
 source port you're coming from, your MAC address, and prolly the MAC of your
 DSL router in their CAM tables. You've achieved nothing, lackey.

Oh did I say I change my MAC?  Since it takes so long for the modem to learn
it, I only do this on a daily basis.  But I don't expect you to copy my 
behaviour or anything...

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[smith]

Peter if you want to be anonymous look up tor.

I'm not trying to call you names or anything and I'm no security expert either
but I'm sure this scenario is likely from the point of view of your ISP:

If I'm going to provide my customers internet access I better keep track of
the traffic that my customers' dsl modems generate.  This is to protect me
from lawsuits and abuse of the services I provide.  Hmmm.  Looking through the
logs I notice that all of a sudden my dhcp server is sending out IP leases
every minute, why?  Or when I look at my graphs, there is a spike in dhcp
leases and plateaus for the rest of the day.  Hmmm.  This one customer with a
dsl mac address such and such and/or phone number such and such is the one
making all the request for a new leases.  I wonder what he's up too?  Hmm.
Most of his traffic is mp3's.  Hmmm.

Just from the fact that you make all those request for new leases makes you
stand out. 

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote:
 If I'm going to provide my customers internet access I better keep track of
 the traffic that my customers' dsl modems generate.  This is to protect me
 from lawsuits and abuse of the services I provide.  Hmmm.  Looking through the

I guess it's illegal nowadays to symlink your logs to /dev/null.

 logs I notice that all of a sudden my dhcp server is sending out IP leases
 every minute, why?  Or when I look at my graphs, there is a spike in dhcp
 leases and plateaus for the rest of the day.  Hmmm.  This one customer with a
 dsl mac address such and such and/or phone number such and such is the one
 making all the request for a new leases.  I wonder what he's up too?  Hmm.
 Most of his traffic is mp3's.  Hmmm.

Funny scenario, does not apply to me. :)

 Just from the fact that you make all those request for new leases makes you
 stand out. 

And?  The ISP cannot do anything.  They can write a new clause to their EULA
that re-connecting within X amount of time is excessive and forbidden, and
notify the customer on that, so that they may adjust their settings.

And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the
occasional ftp to download open source ports.  I see no problem.

Thanks for the info though.

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!

Re: Do mp3 concatenation programs exist?

[Timo Schoeler]

thus Peter Philipp spake:

On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote:

If I'm going to provide my customers internet access I better keep track of
the traffic that my customers' dsl modems generate.  This is to protect me
from lawsuits and abuse of the services I provide.  Hmmm.  Looking through the


I guess it's illegal nowadays to symlink your logs to /dev/null.


logs I notice that all of a sudden my dhcp server is sending out IP leases
every minute, why?  Or when I look at my graphs, there is a spike in dhcp
leases and plateaus for the rest of the day.  Hmmm.  This one customer with a
dsl mac address such and such and/or phone number such and such is the one
making all the request for a new leases.  I wonder what he's up too?  Hmm.
Most of his traffic is mp3's.  Hmmm.


Funny scenario, does not apply to me. :)


what does not apply to you? that's the scenario you pointed out as 
context of your question.



Just from the fact that you make all those request for new leases makes you
stand out. 


And?  The ISP cannot do anything.


the ISP could (and should) disable your account.


They can write a new clause to their EULA
that re-connecting within X amount of time is excessive and forbidden, and
notify the customer on that, so that they may adjust their settings.


if you want to use the term EULA in this context, well... however, 
please take a look into the contract between you and the ISP and you 
*will* find a clause that excessive use (i.e. abuse) of *any* service is 
prohibited and abuse may lead to your line being shut down. period.



And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the
occasional ftp to download open source ports.  I see no problem.


bla.


Thanks for the info though.


de nada.

ps: i'd like to take this thread into the canditate list of the dumbest 
threads ever ;)


--
Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED]
RISCworks -- Perfection is a powerful message
ISP | POWER  PowerPC afficinados | Networking, Security, BSD services
GPG Key fingerprint = B5F6 68A4 EC45 C309 6770  38C4 50E8 2740 9E0C F20A

There are 10 types of people in the world. Those who understand binary
and those who don't.

Re: Do mp3 concatenation programs exist?

[Aaron Glenn]

On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote:


I guess I should send them an apology note for hurting the authentication
servers feelings?

You don't have a clue!


Look up MAC address and get yourself a clue. I've only been on this
list a couple of years, but you definitely win the most ridiculous
post ever prize in my mind...

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Soner Tari]

Thanks jared and others for your replies. I'll try all of your
suggestions.

However, if you agree with me, I get the feeling that all of these are
inelegant workarounds compared to the ideal solution: time support in pf
(similar to perhaps iptables). I've read the replies from developers to
a similar question a few months back, and they were not interested in
adding such support in pf. I am sure there are other priorities for
them, and it's totally OK with me.

But time rules are important for me, so ultimately I'd like to achieve
the correct solution, if I can (which is the OpenBSD way after all).
Therefore, I am even willing to play with the pf source code to add time
support just for packet filtering rules. I am sure, if it were so easy,
we would probably have it by now. So, before I attempt it myself, do you
guys think it is too difficult?

Or perhaps, the developers have changed their minds, and there is
already some development effort to add such support. May I ask if that's
the case, hopefully?

Thanks,

On Sat, 2006-07-15 at 15:36 -0400, jared r r spiegel wrote:
 On Sat, Jul 15, 2006 at 08:27:32PM +0300, Soner Tari wrote:
   Have your cron job copy the current anchor rules to pf-current.conf,
   then add pfctl -f pf-current.conf to rc.local.
  
  Thank you for the reply (and Gaby too). But I am not sure if this would
  be an elegant workaround. Because by chance there may be cron jobs
  scheduled to run exactly during downtime, and I would miss them. This is
  still true no matter how small the chances are.
 
   well, since rc.local is sourced right before the 'standard daemons:'
   echo in /etc/rc, which is itself above when cron is started, it may
   be entirely feasible to use rc.local for this.
 
   perhaps create a system by which you somehow drop a file into somewhere
   in var which describes what time-based anchor/ruleset you're using - you
   could populate that file either upon each instance of it changing via
   cron, or also in /etc/rc.shutdown (or both).
 
   then in rc.local, have it look for that file, if it finds it, it will
   load the appropriate pf ruleset pertaining to whatever time period the
   file indicates the host was in when it last updated that file.
 
   i don't know if this will inspire or help at all, but here is what i use
   to make some of my pf tables persist through reboots.  basically it
   tries to save/populate any table which i have named without an initial
   underscore -- if i have tables i don't want to persist through reboots, 
   my convention is to name them with an initial underscore:
 
 -[rc.shutdown]
 TABLE_STATE_DIR=/var/db/pftablestate
 if [ -w ${TABLE_STATE_DIR} ]  [ -d ${TABLE_STATE_DIR} ]; then
 echo writing contents of pf tables:
 for table in $(pfctl -sT); {
 # don't keep state for tables starting
 # with an underscore
 if [[ ${table} = _* ]]; then
 continue
 # only be concerned with nonempty tables
 elif [ $(pfctl -t ${table} -Ts | wc -l) -gt 0 ]; then
 echo -n \t${table} 
 pfctl -t ${table} -Ts  
 ${TABLE_STATE_DIR}/${table}
 fi
 };
 unset table
 echo done.
 fi
 unset TABLE_STATE_DIR
 --
 
 -[rc.local]---
 TABLE_STATE_DIR=/var/db/pftablestate
 if [ -w ${TABLE_STATE_DIR} ]  [ -d ${TABLE_STATE_DIR} ]; then
 echo restoring contents of pf tables:
 for table in $(pfctl -sT); {
 # don't keep state for tables starting
 # with an underscore
 if [[ ${table} = _* ]]; then
 continue
 # only be concerned with nonempty tables
 elif [ -r ${TABLE_STATE_DIR}/${table} ]  \
  [ $(wc -l  ${TABLE_STATE_DIR}/${table}) -gt 0 ]; then
 echo -n \t${table} 
 pfctl -t ${table} -Ta 
 $(${TABLE_STATE_DIR}/${table})  \
 rm -- ${TABLE_STATE_DIR}/${table}
 fi
 };
 unset table
 echo done.
 fi
 unset TABLE_STATE_DIR
 --

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Darrin Chandler]

On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote:
 However, if you agree with me, I get the feeling that all of these are
 inelegant workarounds compared to the ideal solution: time support in pf
 (similar to perhaps iptables). I've read the replies from developers to
 a similar question a few months back, and they were not interested in
 adding such support in pf. I am sure there are other priorities for
 them, and it's totally OK with me.
 
 But time rules are important for me, so ultimately I'd like to achieve
 the correct solution, if I can (which is the OpenBSD way after all).
 Therefore, I am even willing to play with the pf source code to add time
 support just for packet filtering rules. I am sure, if it were so easy,
 we would probably have it by now. So, before I attempt it myself, do you
 guys think it is too difficult?
 the case, hopefully?

Consider that pf does its job, and does it well. Other tools can be used
to manipulate the policy that pf enforces, changing over not only time
but any other criteria. Such criteria can't be foreseen and certainly
all of them can't (and shouldn't) be included in pf.

Small, focused tools are one example of the Unix way (not just OpenBSD).
You can build the behavior you're asking for with the tools you have
currently, and do it in a robust manner. Thinking through how that would
work, I don't find it inelegant. It would be clear and easy to manage.

-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: Do mp3 concatenation programs exist?

[Nick Guenther]

On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote:

On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote:
 If I'm going to provide my customers internet access I better keep track of
 the traffic that my customers' dsl modems generate.  This is to protect me
 from lawsuits and abuse of the services I provide.  Hmmm.  Looking through the

I guess it's illegal nowadays to symlink your logs to /dev/null.

 logs I notice that all of a sudden my dhcp server is sending out IP leases
 every minute, why?  Or when I look at my graphs, there is a spike in dhcp
 leases and plateaus for the rest of the day.  Hmmm.  This one customer with a
 dsl mac address such and such and/or phone number such and such is the one
 making all the request for a new leases.  I wonder what he's up too?  Hmm.
 Most of his traffic is mp3's.  Hmmm.

Funny scenario, does not apply to me. :)

 Just from the fact that you make all those request for new leases makes you
 stand out.

And?  The ISP cannot do anything.  They can write a new clause to their EULA
that re-connecting within X amount of time is excessive and forbidden, and
notify the customer on that, so that they may adjust their settings.

And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the
occasional ftp to download open source ports.  I see no problem.

Thanks for the info though.



Haha this thread is awesome. I saw the beginning of it a few hours ago
and was going to jump in but had to go somewhere. Now I come back and
see it's exploded, just like I knew it would as soon as I saw I do
this for personal reasons and I like it this way.

Philip, your system fails. Not that you shouldn't try to be anonymous,
but you clearly don't know enough about how the internet works to
accomplish that on your own. Look up tor. Look up freenet (.sf.net,
not .de). Those have been developed for years by some of the brightest
in the field and they *still* have big weaknesses.

Anyway, there is no such thing as an mp3 concatation program, at least
not like you're looking for, because the need for a program that can
detect duplicate blocks *does not exist*. You do not count as need,
especially since the easy solution is to go with a mopre stable IP.

Anonymity has is costs. The sad thing here is that you have only a
false sense of anonymity.

-Nick

Re: time-based pf rules in crontab do not survive a reboot (naturally)?

[Nick Guenther]

On 7/15/06, Darrin Chandler [EMAIL PROTECTED] wrote:

On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote:
 However, if you agree with me, I get the feeling that all of these are
 inelegant workarounds compared to the ideal solution: time support in pf
 (similar to perhaps iptables). I've read the replies from developers to
 a similar question a few months back, and they were not interested in
 adding such support in pf. I am sure there are other priorities for
 them, and it's totally OK with me.

 But time rules are important for me, so ultimately I'd like to achieve
 the correct solution, if I can (which is the OpenBSD way after all).
 Therefore, I am even willing to play with the pf source code to add time
 support just for packet filtering rules. I am sure, if it were so easy,
 we would probably have it by now. So, before I attempt it myself, do you
 guys think it is too difficult?
 the case, hopefully?

Consider that pf does its job, and does it well. Other tools can be used
to manipulate the policy that pf enforces, changing over not only time
but any other criteria. Such criteria can't be foreseen and certainly
all of them can't (and shouldn't) be included in pf.

Small, focused tools are one example of the Unix way (not just OpenBSD).
You can build the behavior you're asking for with the tools you have
currently, and do it in a robust manner. Thinking through how that would
work, I don't find it inelegant. It would be clear and easy to manage.


Perhaps put another way, putting all the functionality (time
management here) into one program duplicates code (from cron, in this
case) which is bad programming style.

-Nick

FreeBSD binary compat problem on 3.9

[Barkley Vowk]

Ok, so I'd like to run some freebsd binaries on open, since I can't get 
serveral packages to build openbsd native. However, anytime I run a 
freebsd binary I get:


/usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: mmap of entire address space 
failed: Invalid argument


I'm running 3.9-R w/ GENERIC on i386, w/ 4.11-R Free libs from 
/usr/ports/emulators/freebsd_lib. I've got kern.emul.freebsd=1


Any ideas?

KerberosV

[Gustavo Rios]

Hey folks,

i have jsut setted keberos for my openbsd 3.8 server. It is working
well, but during configuration i could see that some directives stated
in krb5.conf(5) was not valid. kdc insisted in complaining on them:
/appdefaults/x no valid.

For instance, kdc did not accept direcive encrypt in [appdefaults]
section, and the man page for krb5.conf(5) states it.

I am very confused about all that.

Of course, i am running the default installation.

Thanks in advance.

Kerberos

[Gustavo Rios]

Well, here i am again.

I was expecting that the granted ticket always hold the address to
which it is valid. After obtaining a ticket by means of kinit, i got
the following:

$ kinit
[EMAIL PROTECTED]'s Password:
$ klist -v
Credentials cache: FILE:/tmp/krb5cc_1000
   Principal: [EMAIL PROTECTED]
   Cache version: 4

Server: krbtgt/[EMAIL PROTECTED]
Ticket etype: des3-cbc-sha1, kvno 1
Auth time:  Jul 15 23:11:42 2006
End time:   Jul 16 03:11:42 2006
Renew till: Aug 14 23:11:42 2006
Ticket flags: renewable, initial
Addresses:

The address information line is empty. I don't understand why!

Here you have my krb5.conf:

[appdefaults]
   forwardable = no
   proxiable = no
#   no-addresses = no
   ticket_lifetime = 14400
   renew_lifetime = 3600
#   encrypt =
#   forward =

[libdefaults]
   default_realm = SSO.NET
   clockskew = 300
   kdc_timeout = 4
#   v4_name_convert
#   v4_instance_resolve
#   capath = { }
#   default_etypes = arcfour-hmac-md5
#   default_etypes_des = des-cbc-crc
   default_keytab_name = FILE:/etc/kerberosV/krb5.keytab
   dns_lookup_kdc = yes
   dns_lookup_realm = no
   kdc_timesync = yes
#   max_retries = 4
   ticket_lifetime = 14400
#   renew_lifetime = 3600
   forwardable = no
#   proxiable = yes
   verify_ap_req_nofail = yes
#   warn_pwexpire = 86400
#   http_proxy =
#   dns_proxy =
#   extra_addresses =
#   time_format =
#   date_format =
   log_utc = yes
   scan_interfaces = no
#   fcache_version =
#   krb4_get_tickets = no
#   fcc-mit-ticketflags = yes

[domain_realm]
   .my.domain = SSO.NET

[realms]
   SSO.NET = {
   kdc = etosha.my.domain
   admin_server = etosha.my.domain
   kpasswd_server = etosha.my.domain
#   krb524_server =
#   v4_instance_convert
#   v4_name_convert
#   default_domain
#   tgs_require_subkey
   }

#[capaths]
#   CLIENT-REALM = {
#   SERVER-REALM = hop-realm
#   }

[logging]
   kadmind = FILE:/var/heimdal/kadmind.log
   kdc = STDERR
   default = STDERR

[kdc]
   database = {
#   dbname =
   realm = SSO.NET
#   mkey_file =
#   acl_file =
#   log_file =
   }
   max-request = 1024
#   require-preauth = yes
#   ports =
   addresses = 10.0.0.2
   enable-kerberos4 = no
#   v4-realm = SSO.NET
   enable-524 = no
   enable-http = no
   enable-kaserver = no
#   check-ticket-addresses = yes
#   allow-null-ticket-addresses = no
   allow-anonymous = no
#   enable_as_rep_as_tgs_rep = no
   kdc_warn_pwexpire = 86400
#   logging =
#   use_2b =

[kadmin]
#   require-preauth = yes
   default_keys = v5
   use_v4_salt = no

Re: Do mp3 concatenation programs exist?

[Eric Furman]

On Sat, 15 Jul 2006 22:39:48 +0200, Peter Philipp
[EMAIL PROTECTED] said:
 On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote:
   This is just the most idiotic thing I've ever heard. You are creating
   a whole bunch of unneccessary problems for yourself.
  
  It's pretty obvious he's trying to hide his true identity because of these 
  mp3 
  activities on the Internet. If he's that paranoid about his probably 
  illegal 
  activities I don't understand why he talks about them in detail on a public 
  mailing list... :-)
 
 Illegal activities?  Naw man!  I just like moving like a Mack truck. 
 See, 
 I'm already gone!  Once I was upset that they didn't give everyone static 
 IP's, and then I thought about the words Vint Cerf said, and I got 
 enlightened.  Anonymity rocks when you're taking charge of it.  If you 
 linger around for 20 hours a day someone can track you and the dynamic IP 
 is useless.  So I'm turning it around, into the intended direction.  And
 I 
 know I'm on the right path.
 
 There is a lot of things you see when you push the technology to the
 limits,
 like why does pppoe(4) take 6 seconds to authenticate you over Ethernet
 when
 you cycle the pppoeX interface?  Obviously streamlining can be done to
 push 
 this down below a second.  Somewhere there is a loop too many in the sppp
 or
 pppoe code or a timeout too long.
 
 Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do
 you
 know yours?
 
 $ grep new ip for now /var/log/all | awk '{print $NF}' | sort -u | wc
 -l
17991
 $
 
 There's your odds if you want to find me at any minute.  And if you scan
 how do you know that I won't disconnect before the scan reaches me and
 re-
 appear to an IP that the scan already passed?  Linear portscanning won't 
 work.  You may as well send a random packet and hope it comes across my
 ways.
 
 
  cheers,
  Tobias
 
 So you can't help me with a useful answer either?  Sad.

There are no useful answers for idiots.
Remember this is the same idiot who started the USB keyboard
encryption BS thread. His tinfoil cap is on too tight.
-- 
  Eric Furman
  [EMAIL PROTECTED]

Re: Do mp3 concatenation programs exist?

[Peter Philipp]

On Sat, Jul 15, 2006 at 11:21:43PM -0400, Eric Furman wrote:
 There are no useful answers for idiots.
 Remember this is the same idiot who started the USB keyboard
 encryption BS thread. His tinfoil cap is on too tight.
 -- 
   Eric Furman
   [EMAIL PROTECTED]
 

Tinfoil is useless for any paranoid reasons.  Tinfoil caps only serve well for
decorational dress.  You too are just jealous.

-p

-- 
Here my ticker tape .signature  My name is Peter Philipp  lynx -dump 
http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 
131,136p  So long and thanks for all the fish!!!