ntpdate program not working with openntpd
Hi, I have a problem with ntpd. I have a number of openbsd machines here and one of them is connected to a gps receiver which now (after a dirty hack) sets the time very precisely. I would love to sync all my other machines against the gps powered ntpd. Now the problem is that ntpdate (in linux) or ntpd's in other openbsd boxes don't simply work. ntpdate says this: sunrise:~# ntpdate fury 15 Jul 08:54:34 ntpdate[18841]: no server suitable for synchronization found Another openbsd machine (volatile) is configured to use fury (the machine with the gps receiver) as the server to poll for the time. This is what ntpd has to say about that: ntp engine ready reply from 10.0.5.30: not synced, next query 3151s no reply received in time, skipping initial time setting The problems range over openbsd and linux so I don't know what's broken. I'd say that ntpd has some issues with it. My config on the gps machine is # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers #servers pool.ntp.org sensor nmea0 and nmea0 is working ok, so no problem there. You just can't query the time from an openntpd instance. Am I doing something wrong? Would it help if I send dmesg's etc.? Is there some trick to just make ntpd work properly with external queriers? I've tried to figure this one out but am out of ideas now. best regards, Bo Granlund
Re: ntpdate program not working with openntpd
Is there a firewall blocking the requests in either direction? Does networki routing etc. work apart from this? Andreas On 15/07/06, Bo Granlund [EMAIL PROTECTED] wrote: Hi, I have a problem with ntpd. I have a number of openbsd machines here and one of them is connected to a gps receiver which now (after a dirty hack) sets the time very precisely. I would love to sync all my other machines against the gps powered ntpd. Now the problem is that ntpdate (in linux) or ntpd's in other openbsd boxes don't simply work. ntpdate says this: sunrise:~# ntpdate fury 15 Jul 08:54:34 ntpdate[18841]: no server suitable for synchronization found Another openbsd machine (volatile) is configured to use fury (the machine with the gps receiver) as the server to poll for the time. This is what ntpd has to say about that: ntp engine ready reply from 10.0.5.30: not synced, next query 3151s no reply received in time, skipping initial time setting The problems range over openbsd and linux so I don't know what's broken. I'd say that ntpd has some issues with it. My config on the gps machine is # Addresses to listen on (ntpd does not listen by default) listen on * # sync to a single server #server ntp.example.org # use a random selection of 8 public stratum 2 servers # see http://twiki.ntp.org/bin/view/Servers/NTPPoolServers #servers pool.ntp.org sensor nmea0 and nmea0 is working ok, so no problem there. You just can't query the time from an openntpd instance. Am I doing something wrong? Would it help if I send dmesg's etc.? Is there some trick to just make ntpd work properly with external queriers? I've tried to figure this one out but am out of ideas now. best regards, Bo Granlund -- Andreas Kahari Somewhere in the general Cambridge area, UK
help adsl n openbsd
dear all basic question : i here current my network : internet--adsl--lan01 i want change like this : internet--adsl+router--lan01-lan2 lan01( openbsd , squid ) lan02(internet cafe) so i want share my internet access to lan2. sory my question very basic ps: my modem adsl no support bridge configuration. -sonjaya-
Re: Encrypting e-mails
On Mon, Jul 10, 2006 at 08:37:58AM -0500, Jacob Yocom-Piatt wrote: Original message Date: Mon, 10 Jul 2006 15:07:40 +0200 From: Rico Secada [EMAIL PROTECTED] Subject: Encrypting e-mails To: misc@openbsd.org Hi I have been looking into encrypting my e-mails and was thinking about GPG together with Sylpheed, since I am using Sylpheed. But I am wondering is there another and stronger or better way than GPG. Any recommendations? mutt has less calories and will make girls want to have sex with you. maybe the second part is just advertising hype... Actually I came to conclusion that having reinstalled Linux to OpenBSD will probably increase my penis length. I had less stress with the OpenBSD so far than with Linux, presumably because of the developers attitude towards correctness. Research shows that stress increases amount of fat on abdomen. Penis length is dependent on amount of fat on abdomen. So OpenBSD - less stress - less fat on abdomen - longer penis. CL it also has s/mime and gpg capabilities, is text based and does your laundry. Best and kind regards, Rico
Re: Voice-Chat Software (maybe even a Client wich works on openBSD? ;) ) ?
On Thu, Jul 13, 2006 at 09:11:12AM -0500, Jacob Yocom-Piatt wrote: Why would you need voice chat in the base install? There isn't even IM in the base install. good point about the IM. i see voice as pretty important since the gross majority of ppl have a phone (whether VOIP or otherwise) in their home. on the other hand, not everyone uses text chat programs. OpenSIP would be helpful to a lot of people, I'm sure, but I doubt the developers have time for it. i recognize the devs are busy folks and don't have time to code out features that people wish for on [EMAIL PROTECTED] note that my previous message did not suggest someone else should do this, it only asked if such a thing were done, could it get in tree. i surmise the answer is no, likely for the reason you cite above. i wanted to check because i've thought about working on such a thing myself for a year now. Does anyone succeed with any SIP phone actually on OpenBSD, behind a NAT? I tried various clients on Linux (ekiga, kphone, minisip, lilnphone, twinkle) and there was always some little bit that was missing to functionality. CL
Re: GDBM_File (GDBM::File)
On Thu, Jul 13, 2006 at 07:03:11PM +0200, Joachim Schipper wrote: On Thu, Jul 13, 2006 at 12:12:58PM +0200, Karel Kulhavy wrote: ello How can I install GDBM::File into the stock Perl in OpenBSD? I don't understand why it's not there when it comes automatically with Perl. Was it stripped out from the Perl due to license reason? I tried to download it and installed but it complained about unresolved library something in some *.so file. What does the 'G' stand for? What is the OpenBSD policy on 'G' programs? Probably GNU. I don't know what is OpenBSD policy toward 'G' programs. But gdbm is in ports. I don't understand why the binding was taken out of Perl. This particular Perl module is not in ports; you must likely can use cpan to add it after installing dependencies, notably gdbm. I tried but it seems to use gdbm library linked into the perl and because on OpenBSD the perl binary is not linked and it complains about unresolved dependence. CL Joachim
Re: ntpdate program not working with openntpd
Andreas Kahari [EMAIL PROTECTED] wrote: Is there a firewall blocking the requests in either direction? Does networki routing etc. work apart from this? Yes, networking works as it should. The problem was that ntpd did not get synced because I had hacked it to settimeofday() every time the sensor reports a new offset. This put the internal magical calculators out of sync and ntpd put the alert flag up in responses which were then rejected by other ntpd's and ntpdate. So I approached the problem from another angle and thought about adjtime()'ing the offsets. It produced this very simple patch: Index: ntp.c === RCS file: /storage/1/mirror/openbsd/src/usr.sbin/ntpd/ntp.c,v retrieving revision 1.91 diff -u -r1.91 ntp.c --- ntp.c 1 Jul 2006 18:52:46 - 1.91 +++ ntp.c 15 Jul 2006 07:50:05 - @@ -1,4 +1,4 @@ -/* $OpenBSD: ntp.c,v 1.91 2006-07-01 18:52:46 otto Exp $ */ +/* $OpenBSD: ntp.c,v 1.91 2006/07/01 18:52:46 otto Exp $ */ /* * Copyright (c) 2003, 2004 Henning Brauer [EMAIL PROTECTED] @@ -315,8 +315,10 @@ for (s = TAILQ_FIRST(conf-ntp_sensors); s != NULL; s = next_s) { next_s = TAILQ_NEXT(s, entry); - if (s-next = time(NULL)) + if (s-next = time(NULL)) { sensor_query(s); + priv_adjtime(); + } } } Now priv_adjtime() takes into account the offset set by a nmea sensor and adjusts the time correctly, and voila, ntpd's internal magic calculators also agreed and started working as they should. So now I have a working (sync'ed) ntpd that uses a usb gps receiver as its time source. Without that priv_adjtime() the offset reported by the sensor never got updated, I don't know why yet. best regards, Bo Granlund
Re: GDBM_File (GDBM::File)
On Saturday 15 July 2006 18:02, Karel Kulhavy wrote: But gdbm is in ports. I don't understand why the binding was taken out of Perl. And how would the base system build the gdbm module if gdbm itself is in ports? You could always try creating a port of it though. --- Lars Hansson
Recompiling Perl 5.8.6
Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9) then compile it using supplied hints/openbsd.sh and install over the existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6. - will the perl still work (at least pkg_add and pkg_delete)? - will GDBM_File start working? I tried installing GDBM_File by going into perl-5.8.6/ext/GDBM_File: [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ perl Makefile.PL Note (probably harmless): No library found for -lgdbm Note (probably harmless): No library found for -ldbm Writing Makefile for GDBM_File [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ make Can't locate ExtUtils/Command.pm in @INC (@INC contains: /usr/lib/perl5/5.8.6/OpenBSD.i386-openbsd /usr/lib/perl5/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/OpenBSD.i386-openbsd /usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .). BEGIN failed--compilation aborted. *** Error code 2 But when I do perl -V: [...] Built under openbsd @INC: /usr/libdata/perl5/i386-openbsd/5.8.6 /usr/local/libdata/perl5/i386-openbsd/5.8.6 /usr/libdata/perl5 /usr/local/libdata/perl5 /usr/local/libdata/perl5/site_perl/i386-openbsd /usr/libdata/perl5/site_perl/i386-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/site_perl /usr/local/lib/perl5/site_perl [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ locate Command.pm /usr/libdata/perl5/ExtUtils/Command.pm So it doesn't work and I don't know why. I tried to figure out something about the mysterious @INC thing. Man perl says only this: FILES @INC locations of perl libraries but it's a blind alley: [EMAIL PROTECTED]:~$ man INC man: no entry for INC in the manual. [EMAIL PROTECTED]:~$ man '@INC' man: no entry for @INC in the manual. [EMAIL PROTECTED]:~$ locate 'INC' [EMAIL PROTECTED]:~$ locate '@INC' man perl says there's a file called @INC, but it's not true. Inc in google yields just a heap of irrelevant links. Wikipedia doesn't have a relevant article on INC or @INC either. CL
Re: Recompiling Perl 5.8.6
What is wrong with having two separate Perl installations, the base one (untouched), and your own one (in e.g. /opt or /usr/opt or wherever you'd like)? Andreas On 15/07/06, Karel Kulhavy [EMAIL PROTECTED] wrote: Is it OK to download perl 5.8.6 (the same that is in OpenBSD 3.9) then compile it using supplied hints/openbsd.sh and install over the existing perl? I want GDBM_File and GDBM_File is in perl 5.8.6. - will the perl still work (at least pkg_add and pkg_delete)? - will GDBM_File start working? I tried installing GDBM_File by going into perl-5.8.6/ext/GDBM_File: [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ perl Makefile.PL Note (probably harmless): No library found for -lgdbm Note (probably harmless): No library found for -ldbm Writing Makefile for GDBM_File [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ make Can't locate ExtUtils/Command.pm in @INC (@INC contains: /usr/lib/perl5/5.8.6/OpenBSD.i386-openbsd /usr/lib/perl5/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/OpenBSD.i386-openbsd /usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .). BEGIN failed--compilation aborted. *** Error code 2 But when I do perl -V: [...] Built under openbsd @INC: /usr/libdata/perl5/i386-openbsd/5.8.6 /usr/local/libdata/perl5/i386-openbsd/5.8.6 /usr/libdata/perl5 /usr/local/libdata/perl5 /usr/local/libdata/perl5/site_perl/i386-openbsd /usr/libdata/perl5/site_perl/i386-openbsd /usr/local/libdata/perl5/site_perl /usr/libdata/perl5/site_perl /usr/local/lib/perl5/site_perl [EMAIL PROTECTED]:/home/clock/perl-5.8.6/ext/GDBM_File$ locate Command.pm /usr/libdata/perl5/ExtUtils/Command.pm So it doesn't work and I don't know why. I tried to figure out something about the mysterious @INC thing. Man perl says only this: FILES @INC locations of perl libraries but it's a blind alley: [EMAIL PROTECTED]:~$ man INC man: no entry for INC in the manual. [EMAIL PROTECTED]:~$ man '@INC' man: no entry for @INC in the manual. [EMAIL PROTECTED]:~$ locate 'INC' [EMAIL PROTECTED]:~$ locate '@INC' man perl says there's a file called @INC, but it's not true. Inc in google yields just a heap of irrelevant links. Wikipedia doesn't have a relevant article on INC or @INC either. CL -- Andreas Kahari Somewhere in the general Cambridge area, UK
ntp on openbsd rulez
I just turned it on and date shows the same as on my radio clock! How different from Linux where I didn't know which ntp implementation to use, so I tried installing various ones and it didn't work so I tweaked the configuration somehow according to the (usually ambiguous) documentation and it didn't work either so the result was that the clock was off by hours and I had to manually reset it time to time. CL
Re: auto-update named via dhcpd?
On 7/14/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Does the dhcpd that is shipped with OpenBSD 3.7 support the ability to update bind? No, it does not. Does the dhcpd that is shipped with OpenBSD 3.9 support this? IIRC, it does not support it either. If not, is the recommended approach to install ISC DHCP 3.x, It worked for me. See threads on MARC for a little more information. http://marc.theaimsgroup.com/?l=openbsd-miscm=110353569711035w=2 After installing ISC dhcpd, just follow the documentation to get DDNS updates working. E.g. by using the various README files included in the port. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: ntp on openbsd rulez
On 15/07/06, Karel Kulhavy [EMAIL PROTECTED] wrote: I just turned it on and date shows the same as on my radio clock! How different from Linux where I didn't know which ntp implementation to use, so I tried installing various ones and it didn't work so I tweaked the configuration somehow according to the (usually ambiguous) documentation and it didn't work either so the result was that the clock was off by hours and I had to manually reset it time to time. You probably did something wrong. The NTP implementation that most Linux distributions are using actually works quite well (also on OpenBSD), but it's too big and in many ways made too complicated. OpenNTPd (which, of course, also runs on Linux) effectively reduces the problem of synching the clock, as you did notice. -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: GDBM_File (GDBM::File)
On Sat, Jul 15, 2006 at 06:16:42PM +0800, Lars Hansson wrote: On Saturday 15 July 2006 18:02, Karel Kulhavy wrote: But gdbm is in ports. I don't understand why the binding was taken out of Perl. And how would the base system build the gdbm module if gdbm itself is in ports? Is there a way how to install GDBM_File on OpenBSD 3.9? CL You could always try creating a port of it though. --- Lars Hansson
time-based pf rules in crontab do not survive a reboot (naturally)?
Hi All, I have time-based pf rules using cron and anchors (such as to restrict HTTP access after hours). But as you can guess, they do not survive a reboot. Is there any solution? Thanks,
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On Sat, Jul 15, 2006 at 05:48:06PM +0300, Soner Tari wrote: I have time-based pf rules using cron and anchors (such as to restrict HTTP access after hours). But as you can guess, they do not survive a reboot. Is there any solution? There are probably a lot of solutions... Have your cron job copy the current anchor rules to pf-current.conf, then add pfctl -f pf-current.conf to rc.local. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
General question about intl and iconv
(This might belong on ports, but it's not specific really) There are quite a few software packages not in the ports tree that I've managed to wrestle into running on my system, and I keep noticing the same thing: they all have trouble with libintl and libiconv. But it's always different things: some are missing certain symbols, some just can't seem to find the version, some (even with the include and link paths double-checked) can't find iconv.h or libintl.h, or libiconv and libintl, without editing the source file to look for the absolute path. What's going on here? Are OpenBSD's i18n libraries that radically different? I could understand if it was just the missing symbols (ie, obsd didn't implement all the functions) or just the version problems (ie, obsd used a different versioning scheme), but I can't fathom why applications can't find those headers, of all the rest that they use, and why all three happen, and have kept happening for me across 3.7, 3.8, and 3.9. Is there a system configuration I've missed somewhere, like sysctl usr.i18n.play_well_with_others 1 or something? And then it strikes me that my joke is even dumber than it sounds, since intl and iconv (via gettext) are ports. It's curious to me that gettext isn't included with the rest of the GNU toolchain in the system, but then I guess it's not necessary for all users. Anyways, if somebody knows a magic bullet to make iconv and intl play well with others, or can just enlighten me on what's so different with OpenBSD's versions as opposed to everyone else's, I'd really appreciate it. Thanks! Weldon Goree
Re: Boot panic with bsd.mp on a Compaq ProLiant 2500
Steve Shockley [EMAIL PROTECTED] writes: Nick Shank wrote: And, while I know it's a very different animal, it's still a Compaq server... I get the same error on a Proliant ML370 when using bsd.mp. I've got 3.9 running on a DL380 without trouble (GENERIC.MP), and that should be the same mainboard as an ML370. Make sure you've got all current firmware on the box, and try various OS settings until one works properly (including Other). Incorrect settings will probably result in a crash on boot, or only one CPU. snip Today, I've try different OS settings in the BIOS like UnixWare, Solaris, Windows (2000) and they all do a kernel panic with bsd.mp. I have the trace, ps and show registers for them if somebody want to see the details. Unix with large disk geometry and Other OS types only detect one processor with the Inspect Compaq tool. Other OS type does not panic the kernel with bsd.mp, but only one processor is detected: OpenBSD 3.9 (GENERIC.MP) #598: Thu Mar 2 02:37:06 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 199 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV real mem = 268017664 (261736K) avail mem = 237518848 (231952K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/01/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 8 Interrupt Routing table entries pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000 0xe8000/0x6000 0xee000/0x2000! cpu0 at mainbus0: (uniprocessor) cpu0: Intel Pentium Pro (GenuineIntel 686-class, 256KB L2 cache) 199 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 ppb0 at pci0 dev 13 function 0 IBM 82351 PCI-PCI rev 0x01 [...] I've googling for some time now, but I can't find a definitive answer to that panic: can't deal with not-all-lapics interrupt yet! problem. Thank you Steve and Nick for your feedback. Thanks again for your time and this great OS ! Francois -- http://www.chambaud.org
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On 15 Jul 2006, at 15:48, Soner Tari wrote: I have time-based pf rules using cron and anchors (such as to restrict HTTP access after hours). But as you can guess, they do not survive a reboot. Is there any solution? Create a script that works out what the rules should be at any given time, add it to /etc/rc.local so it's run at boot. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
New personal spamd record
I found this too funny not to share. A little Perl script processing of my spamd log revealed a spammer from China had made 138 attempts to deliver spam with a cumulative time of ~15 hours. 15 hours! You can't make this stuff up! I like to think those 15 hours of tar pit torment just made the Internet a slightly nicer place. :-) Jim
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
Have your cron job copy the current anchor rules to pf-current.conf, then add pfctl -f pf-current.conf to rc.local. Thank you for the reply (and Gaby too). But I am not sure if this would be an elegant workaround. Because by chance there may be cron jobs scheduled to run exactly during downtime, and I would miss them. This is still true no matter how small the chances are.
Re: GDBM_File (GDBM::File)
On 7/15/06, Karel Kulhavy [EMAIL PROTECTED] wrote: On Sat, Jul 15, 2006 at 06:16:42PM +0800, Lars Hansson wrote: On Saturday 15 July 2006 18:02, Karel Kulhavy wrote: But gdbm is in ports. I don't understand why the binding was taken out of Perl. And how would the base system build the gdbm module if gdbm itself is in ports? Is there a way how to install GDBM_File on OpenBSD 3.9? Use CPAN maybe? Or port whatever application you're trying to run to a different DPM implementation. Or use a [different one|Python's multitude of DBMs] if you are writing your application from scratch. -Nick
X Windows freeze on reboot
Hello OpenBSD 3.9. I took my xterm, did su - and then typed reboot. The xterm window disappeared, but the machine froze. You could still see the X Window System background and the mouse was not moving. ctrl-alt-del didn't work. I had to turn the machine off. The X Window is installed from OpenBSD 3.9, I didn't tamper with it (just changed the config file). Is this possible to happen within intended behaviour of the system? CL
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On Sat, Jul 15, 2006 at 08:27:32PM +0300, Soner Tari wrote: Have your cron job copy the current anchor rules to pf-current.conf, then add pfctl -f pf-current.conf to rc.local. Thank you for the reply (and Gaby too). But I am not sure if this would be an elegant workaround. Because by chance there may be cron jobs scheduled to run exactly during downtime, and I would miss them. This is still true no matter how small the chances are. I believe Gaby's solution would handle this. If you have *one* script that decides which rules to load based on system time, then it would load the correct rules when run from both rc.local and cron. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Do mp3 concatenation programs exist?
Hi misc@, I have a an original setup at home. I crontab logging on and off the Internet on a minutely basis, so that I aquire a new IP every minute. I do this for personal reasons and I like it this way. At the same time I also stream mp3's from a radio station in Toronto. Since my IP changes every minute I have about a minute of streaming before I tcpdrop(8) and cycle pppoe(4). At the end of a day I concatenate the snippets into one large mp3 but at times the concatenation isn't perfect and there is a repeat, or a chop off or a squeak. Because the mp3 snippets have a time-delay buffer and overlap nothing is really lost but I'm looking for better software to concatenate these. Take 4 mp3 files representing 4 minutes as an example: ckln.1152650587 ckln.1152650647 ckln.1152650707 ckln.1152650767 (If you're interested in making this work I can give you the URLs to download these for testing). Here is the script that I now concatenate these with: --- #!/bin/sh # # To do an entire day this script will run 3 hours # FILE=ckln-radio-stream`date +%Y%m%d`.mp3 sleep 61 rm -f /export/ckln/$FILE for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do dd if=$i of=/export/ckln/$FILE bs=128 count=1 break; done for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do SIZE=`ls -l $i | awk '{printf(%s\n, int($5 / 614400)); }'` VARIABLE=`mplayer -ao null -nosound -speed 100 -v -v $i | grep len= | awk '{ split($6, a, =); total += a[2]; if (total 15000) { if (! startmessage) { printf(start: %s , total + 128); startmessage++; start = total; }; counton += a[2]; framecount++;} if (counton = multiplier 1) ? 1 : multiplier) * 614400) - 15000 )) { printf(%s bytes %s frames\n, counton - 128, framecount); exit 0; }}' multiplier=$SIZE` SKIP=`echo $VARIABLE | awk '{print $2}'` COUNT=`echo $VARIABLE | awk '{print $3}'` echo $VARIABLE dd if=$i of=$HOME/tmp.$$ skip=$SKIP count=$COUNT bs=1 cat $HOME/tmp.$$ /export/ckln/$FILE rm -f $HOME/tmp.$$ done --- As you can see I run mplayer at speed 100 with full verbose messages so that I can see how large the individual frames are (with padding), with that count I can then dd the stuff out. Obviously it's not perfect. What I'm looking for at best is something that checksums or hashes every mp3 frame (I think they are around 360 bytes each or so) and finds the exact overlap on the next mp3 file. ( I can't imagine the streaming server making a new mp3 for every connection there is, but rather doing it once for all connections so the frames should all be the same value around the overlap and hence checksumming should work to make the exact splice, right?) I've thought about disecting the de-multiplex functions in mplayer to a customized program to do this but before I do, I want to ask if there is something like this out there already saving me time? regards, -peter -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote: Hi misc@, I have a an original setup at home. I crontab logging on and off the Internet on a minutely basis, so that I aquire a new IP every minute. I do this for personal reasons and I like it this way. This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. At the same time I also stream mp3's from a radio station in Toronto. Since my IP changes every minute I have about a minute of streaming before I tcpdrop(8) and cycle pppoe(4). At the end of a day I concatenate the snippets into one large mp3 but at times the concatenation isn't perfect and there is a repeat, or a chop off or a squeak. Because the mp3 snippets have a time-delay buffer and overlap nothing is really lost but I'm looking for better software to concatenate these. Take 4 mp3 files representing 4 minutes as an example: ckln.1152650587 ckln.1152650647 ckln.1152650707 ckln.1152650767 (If you're interested in making this work I can give you the URLs to download these for testing). Here is the script that I now concatenate these with: --- #!/bin/sh # # To do an entire day this script will run 3 hours # FILE=ckln-radio-stream`date +%Y%m%d`.mp3 sleep 61 rm -f /export/ckln/$FILE for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do dd if=$i of=/export/ckln/$FILE bs=128 count=1 break; done for i in `find /export/ckln -name ckln.1* -ctime -1 -print`; do SIZE=`ls -l $i | awk '{printf(%s\n, int($5 / 614400)); }'` VARIABLE=`mplayer -ao null -nosound -speed 100 -v -v $i | grep len= | awk '{ split($6, a, =); total += a[2]; if (total 15000) { if (! startmessage) { printf(start: %s , total + 128); startmessage++; start = total; }; counton += a[2]; framecount++;} if (counton = multiplier 1) ? 1 : multiplier) * 614400) - 15000 )) { printf(%s bytes %s frames\n, counton - 128, framecount); exit 0; }}' multiplier=$SIZE` SKIP=`echo $VARIABLE | awk '{print $2}'` COUNT=`echo $VARIABLE | awk '{print $3}'` echo $VARIABLE dd if=$i of=$HOME/tmp.$$ skip=$SKIP count=$COUNT bs=1 cat $HOME/tmp.$$ /export/ckln/$FILE rm -f $HOME/tmp.$$ done --- As you can see I run mplayer at speed 100 with full verbose messages so that I can see how large the individual frames are (with padding), with that count I can then dd the stuff out. Obviously it's not perfect. What I'm looking for at best is something that checksums or hashes every mp3 frame (I think they are around 360 bytes each or so) and finds the exact overlap on the next mp3 file. ( I can't imagine the streaming server making a new mp3 for every connection there is, but rather doing it once for all connections so the frames should all be the same value around the overlap and hence checksumming should work to make the exact splice, right?) I've thought about disecting the de-multiplex functions in mplayer to a customized program to do this but before I do, I want to ask if there is something like this out there already saving me time? regards, -peter -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 08:24:04PM +0100, z0mbix wrote: This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. I don't operate in a box that's made for me. I go further. Stop the namecalling and reconsider if you don't have a useful answer. -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
Hi, On Saturday, 15. July 2006 21:24, z0mbix wrote: On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote: Hi misc@, I have a an original setup at home. I crontab logging on and off the Internet on a minutely basis, so that I aquire a new IP every minute. I do this for personal reasons and I like it this way. This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. It's pretty obvious he's trying to hide his true identity because of these mp3 activities on the Internet. If he's that paranoid about his probably illegal activities I don't understand why he talks about them in detail on a public mailing list... :-) At the same time I also stream mp3's from a radio station in Toronto. Since my IP changes every minute cheers, Tobias
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote: This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. It's pretty obvious he's trying to hide his true identity because of these mp3 activities on the Internet. If he's that paranoid about his probably illegal activities I don't understand why he talks about them in detail on a public mailing list... :-) Illegal activities? Naw man! I just like moving like a Mack truck. See, I'm already gone! Once I was upset that they didn't give everyone static IP's, and then I thought about the words Vint Cerf said, and I got enlightened. Anonymity rocks when you're taking charge of it. If you linger around for 20 hours a day someone can track you and the dynamic IP is useless. So I'm turning it around, into the intended direction. And I know I'm on the right path. There is a lot of things you see when you push the technology to the limits, like why does pppoe(4) take 6 seconds to authenticate you over Ethernet when you cycle the pppoeX interface? Obviously streamlining can be done to push this down below a second. Somewhere there is a loop too many in the sppp or pppoe code or a timeout too long. Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you know yours? $ grep new ip for now /var/log/all | awk '{print $NF}' | sort -u | wc -l 17991 $ There's your odds if you want to find me at any minute. And if you scan how do you know that I won't disconnect before the scan reaches me and re- appear to an IP that the scan already passed? Linear portscanning won't work. You may as well send a random packet and hope it comes across my ways. cheers, Tobias So you can't help me with a useful answer either? Sad. -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
thus Peter Philipp spake: On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote: This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. It's pretty obvious he's trying to hide his true identity because of these mp3 activities on the Internet. If he's that paranoid about his probably illegal activities I don't understand why he talks about them in detail on a public mailing list... :-) Illegal activities? Naw man! I just like moving like a Mack truck. See, I'm already gone! Once I was upset that they didn't give everyone static IP's, and then I thought about the words Vint Cerf said, and I got enlightened. Anonymity rocks when you're taking charge of it. If you linger around for 20 hours a day someone can track you and the dynamic IP is useless. So I'm turning it around, into the intended direction. And I know I'm on the right path. There is a lot of things you see when you push the technology to the limits, like why does pppoe(4) take 6 seconds to authenticate you over Ethernet when you cycle the pppoeX interface? Obviously streamlining can be done to push this down below a second. Somewhere there is a loop too many in the sppp or pppoe code or a timeout too long. if there were some more guys like you authenticating every minute, there'd be no chance to get authenticated in a decent amount of time. you'd be offline due do a self caused DDoS, rendering the RADIUS machines (or whatever they might use) into slaves doing dull work :D -- Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED] RISCworks -- Perfection is a powerful message ISP | POWER PowerPC afficinados | Networking, Security, BSD services GPG Key fingerprint = B5F6 68A4 EC45 C309 6770 38C4 50E8 2740 9E0C F20A There are 10 types of people in the world. Those who understand binary and those who don't.
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote: if there were some more guys like you authenticating every minute, there'd be no chance to get authenticated in a decent amount of time. you'd be offline due do a self caused DDoS, rendering the RADIUS machines (or whatever they might use) into slaves doing dull work :D It's not a DDoS. Computers are almighty today, if they can't be pushed to do their freakin' work they may as well be sniffing your packets all day long right? If RADIUS is too slow, start caching, memory is cheap. There is a lot of solutions and technical solutions around this. And it's this service that people pay for anyhow. You haven't heard of an mp3 concatenate utility either right? greets, -peter -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
thus Peter Philipp spake: On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote: if there were some more guys like you authenticating every minute, there'd be no chance to get authenticated in a decent amount of time. you'd be offline due do a self caused DDoS, rendering the RADIUS machines (or whatever they might use) into slaves doing dull work :D It's not a DDoS. sure it is. Computers are almighty today, :D if they can't be pushed to do their freakin' work they may as well be sniffing your packets all day long right? if you feel that this is the case (which is almost for sure in 'western, democratic, free countries' due to their secret service operations spying their own people) and are frightened by this, you should really think about solving this problem by pulling the root of this evil out, not by cutting single leafs. join the right party, mobilize people, go on the street, pick up some forks and torches and get rid of that dictatorship of capitalism treating mankind like shit -- even and especially in germany (wrt to the TLD of your email address). If RADIUS is too slow, start caching, memory is cheap. There is a lot of solutions and technical solutions around this. And it's this service that people pay for anyhow. you pay taxes. so you pay for the firefighters. do you call them every minute to ask what to do in case there'd be really fire? this attitude really sucks. you demand people/organizations to buy an IBM p595 just for running RADIUS, instead of letting their good ol' Ultra 2 running the next decade until it falls apart. you're wasting ressources and energy. You haven't heard of an mp3 concatenate utility either right? no, and i certainly never will :) greets, -peter get a life, peter. please. there are *real* problems in the world outside...
Re: Do mp3 concatenation programs exist?
Peter Philipp wrote: On Sat, Jul 15, 2006 at 11:09:13PM +0200, Timo Schoeler wrote: if there were some more guys like you authenticating every minute, there'd be no chance to get authenticated in a decent amount of time. you'd be offline due do a self caused DDoS, rendering the RADIUS machines (or whatever they might use) into slaves doing dull work :D It's not a DDoS. Computers are almighty today, if they can't be pushed to do their freakin' work they may as well be sniffing your packets all day long right? If RADIUS is too slow, start caching, memory is cheap. There is a lot of solutions and technical solutions around this. And it's this service that people pay for anyhow. You haven't heard of an mp3 concatenate utility either right? Computers aren't almighty. Why the hell am I even replying to you? If you don't want to authenticate, don't use PPPoE then. What you are trying to do is idiotic. This topic is by far the most ridiculous I have ever read. What's the point? What do you expect from us? And you ARE bothering your ISP's authentication servers. Just because they have enough of processing power to serve your requests, doesn't allow to abuse it. Get a life, you computer pervert!
Re: X Windows freeze on reboot
On 7/15/06, Karel Kulhavy [EMAIL PROTECTED] wrote: OpenBSD 3.9. I took my xterm, did su - and then typed reboot. The xterm window disappeared, but the machine froze. You could still see the X Window System background and the mouse was not moving. ctrl-alt-del didn't work. I had to turn the machine off. First off, how did you expect to get assistance when you didn't post your dmesg? Does the same problem exist when you try to reboot from outside of X? The X Window is installed from OpenBSD 3.9, I didn't tamper with it (just changed the config file). That sentence is self contradictory. Also, you didn't say what changes you made to which config file. (It _sounds_ like it was the xorg.conf, but...) Did the same problem exist before you changed the config file? Philip Guenther
Re: Do mp3 concatenation programs exist?
On Sat, 2006-07-15 at 22:39:48 +0200, Peter Philipp wrote... Illegal activities? Naw man! I just like moving like a Mack truck. See, I'm already gone! Once I was upset that they didn't give everyone static IP's, and then I thought about the words Vint Cerf said, and I got enlightened. Anonymity rocks when you're taking charge of it. If you linger around for 20 hours a day someone can track you and the dynamic IP is useless. So I'm turning it around, into the intended direction. And I know I'm on the right path. Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you know yours? Jesus you're a fucking idiot. I mean, seriously: this thread has got to be one of the more idiotic things I've ever read here. Anyway - the truly paranoid connect to different ISPs. Your provider has the source port you're coming from, your MAC address, and prolly the MAC of your DSL router in their CAM tables. You've achieved nothing, lackey.
Re: Do mp3 concatenation programs exist?
On 2006/07/15 23:16, Peter Philipp wrote: And it's this service that people pay for anyhow. So you want everyone else using your ISP to subsidise your fairly extreme use of the auth/accounting infrastructure (radius, ldap, db, whatever..)? Ah well, you'll be worst-affected if it becomes heavily loaded or fails sometime, whereas people holding onto their sessions probably won't even notice. You haven't heard of an mp3 concatenate utility either right? You have heard of google, right? Is it really so hard to come up with `mp3 concatenate utility' as a search term?
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 11:34:33PM +0200, Timo Schoeler wrote: It's not a DDoS. sure it is. Your own customers aren't DDoS'ing you when they try to authenticate. A Distributed Denial of Service by definition is a computer crime with intent to disable your services with malice, which this isn't. Computers are almighty today, :D Dude, back in '97 we ran an ISP on P120's and P166's. Trust me. cut If RADIUS is too slow, start caching, memory is cheap. There is a lot of solutions and technical solutions around this. And it's this service that people pay for anyhow. you pay taxes. so you pay for the firefighters. do you call them every minute to ask what to do in case there'd be really fire? That isn't even comparable. Comparable is going to the bathroom and it has 16000 doors. Instead of taking the same damn door you take another whichever you feel at the time. And yes someone does clean that bathroom, they also can use any door if they feel up to it. this attitude really sucks. you demand people/organizations to buy an IBM p595 just for running RADIUS, instead of letting their good ol' Ultra 2 running the next decade until it falls apart. you're wasting ressources and energy. No, you will see that I am right. You haven't heard of an mp3 concatenate utility either right? no, and i certainly never will :) Then perhaps I'll share when I get a hold of it. get a life, peter. please. there are *real* problems in the world outside... ? Just because my problem doesn't suit you ? Sorry! -peter -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 11:49:34PM +0200, RedShift wrote: Computers aren't almighty. Why the hell am I even replying to you? If you don't want to authenticate, don't use PPPoE then. What you are trying to do is idiotic. This topic is by far the most ridiculous I have ever read. What's the point? What do you expect from us? And you ARE bothering your ISP's authentication servers. Just because they have enough of processing power to serve your requests, doesn't allow to abuse it. Get a life, you computer pervert! I guess I should send them an apology note for hurting the authentication servers feelings? You don't have a clue! -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 04:58:35PM -0500, Eric Pancer wrote: Jesus you're a fucking idiot. I mean, seriously: this thread has got to be one of the more idiotic things I've ever read here. Ok I'm about to fucking blow a fuse! What's your fucking problem! You're a shark! Nasty, bloodthirsty beast! Respect my needs without calling me names or questioning my logic. Here ! http://www.snickers.org/~pjp/find-blow-a-fuse.mp3. Anyway - the truly paranoid connect to different ISPs. Your provider has the source port you're coming from, your MAC address, and prolly the MAC of your DSL router in their CAM tables. You've achieved nothing, lackey. Oh did I say I change my MAC? Since it takes so long for the modem to learn it, I only do this on a daily basis. But I don't expect you to copy my behaviour or anything... -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
Peter if you want to be anonymous look up tor. I'm not trying to call you names or anything and I'm no security expert either but I'm sure this scenario is likely from the point of view of your ISP: If I'm going to provide my customers internet access I better keep track of the traffic that my customers' dsl modems generate. This is to protect me from lawsuits and abuse of the services I provide. Hmmm. Looking through the logs I notice that all of a sudden my dhcp server is sending out IP leases every minute, why? Or when I look at my graphs, there is a spike in dhcp leases and plateaus for the rest of the day. Hmmm. This one customer with a dsl mac address such and such and/or phone number such and such is the one making all the request for a new leases. I wonder what he's up too? Hmm. Most of his traffic is mp3's. Hmmm. Just from the fact that you make all those request for new leases makes you stand out.
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote: If I'm going to provide my customers internet access I better keep track of the traffic that my customers' dsl modems generate. This is to protect me from lawsuits and abuse of the services I provide. Hmmm. Looking through the I guess it's illegal nowadays to symlink your logs to /dev/null. logs I notice that all of a sudden my dhcp server is sending out IP leases every minute, why? Or when I look at my graphs, there is a spike in dhcp leases and plateaus for the rest of the day. Hmmm. This one customer with a dsl mac address such and such and/or phone number such and such is the one making all the request for a new leases. I wonder what he's up too? Hmm. Most of his traffic is mp3's. Hmmm. Funny scenario, does not apply to me. :) Just from the fact that you make all those request for new leases makes you stand out. And? The ISP cannot do anything. They can write a new clause to their EULA that re-connecting within X amount of time is excessive and forbidden, and notify the customer on that, so that they may adjust their settings. And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the occasional ftp to download open source ports. I see no problem. Thanks for the info though. -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!
Re: Do mp3 concatenation programs exist?
thus Peter Philipp spake: On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote: If I'm going to provide my customers internet access I better keep track of the traffic that my customers' dsl modems generate. This is to protect me from lawsuits and abuse of the services I provide. Hmmm. Looking through the I guess it's illegal nowadays to symlink your logs to /dev/null. logs I notice that all of a sudden my dhcp server is sending out IP leases every minute, why? Or when I look at my graphs, there is a spike in dhcp leases and plateaus for the rest of the day. Hmmm. This one customer with a dsl mac address such and such and/or phone number such and such is the one making all the request for a new leases. I wonder what he's up too? Hmm. Most of his traffic is mp3's. Hmmm. Funny scenario, does not apply to me. :) what does not apply to you? that's the scenario you pointed out as context of your question. Just from the fact that you make all those request for new leases makes you stand out. And? The ISP cannot do anything. the ISP could (and should) disable your account. They can write a new clause to their EULA that re-connecting within X amount of time is excessive and forbidden, and notify the customer on that, so that they may adjust their settings. if you want to use the term EULA in this context, well... however, please take a look into the contract between you and the ISP and you *will* find a clause that excessive use (i.e. abuse) of *any* service is prohibited and abuse may lead to your line being shut down. period. And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the occasional ftp to download open source ports. I see no problem. bla. Thanks for the info though. de nada. ps: i'd like to take this thread into the canditate list of the dumbest threads ever ;) -- Timo Schoeler | http://riscworks.net/~tis | [EMAIL PROTECTED] RISCworks -- Perfection is a powerful message ISP | POWER PowerPC afficinados | Networking, Security, BSD services GPG Key fingerprint = B5F6 68A4 EC45 C309 6770 38C4 50E8 2740 9E0C F20A There are 10 types of people in the world. Those who understand binary and those who don't.
Re: Do mp3 concatenation programs exist?
On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote: I guess I should send them an apology note for hurting the authentication servers feelings? You don't have a clue! Look up MAC address and get yourself a clue. I've only been on this list a couple of years, but you definitely win the most ridiculous post ever prize in my mind...
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
Thanks jared and others for your replies. I'll try all of your suggestions. However, if you agree with me, I get the feeling that all of these are inelegant workarounds compared to the ideal solution: time support in pf (similar to perhaps iptables). I've read the replies from developers to a similar question a few months back, and they were not interested in adding such support in pf. I am sure there are other priorities for them, and it's totally OK with me. But time rules are important for me, so ultimately I'd like to achieve the correct solution, if I can (which is the OpenBSD way after all). Therefore, I am even willing to play with the pf source code to add time support just for packet filtering rules. I am sure, if it were so easy, we would probably have it by now. So, before I attempt it myself, do you guys think it is too difficult? Or perhaps, the developers have changed their minds, and there is already some development effort to add such support. May I ask if that's the case, hopefully? Thanks, On Sat, 2006-07-15 at 15:36 -0400, jared r r spiegel wrote: On Sat, Jul 15, 2006 at 08:27:32PM +0300, Soner Tari wrote: Have your cron job copy the current anchor rules to pf-current.conf, then add pfctl -f pf-current.conf to rc.local. Thank you for the reply (and Gaby too). But I am not sure if this would be an elegant workaround. Because by chance there may be cron jobs scheduled to run exactly during downtime, and I would miss them. This is still true no matter how small the chances are. well, since rc.local is sourced right before the 'standard daemons:' echo in /etc/rc, which is itself above when cron is started, it may be entirely feasible to use rc.local for this. perhaps create a system by which you somehow drop a file into somewhere in var which describes what time-based anchor/ruleset you're using - you could populate that file either upon each instance of it changing via cron, or also in /etc/rc.shutdown (or both). then in rc.local, have it look for that file, if it finds it, it will load the appropriate pf ruleset pertaining to whatever time period the file indicates the host was in when it last updated that file. i don't know if this will inspire or help at all, but here is what i use to make some of my pf tables persist through reboots. basically it tries to save/populate any table which i have named without an initial underscore -- if i have tables i don't want to persist through reboots, my convention is to name them with an initial underscore: -[rc.shutdown] TABLE_STATE_DIR=/var/db/pftablestate if [ -w ${TABLE_STATE_DIR} ] [ -d ${TABLE_STATE_DIR} ]; then echo writing contents of pf tables: for table in $(pfctl -sT); { # don't keep state for tables starting # with an underscore if [[ ${table} = _* ]]; then continue # only be concerned with nonempty tables elif [ $(pfctl -t ${table} -Ts | wc -l) -gt 0 ]; then echo -n \t${table} pfctl -t ${table} -Ts ${TABLE_STATE_DIR}/${table} fi }; unset table echo done. fi unset TABLE_STATE_DIR -- -[rc.local]--- TABLE_STATE_DIR=/var/db/pftablestate if [ -w ${TABLE_STATE_DIR} ] [ -d ${TABLE_STATE_DIR} ]; then echo restoring contents of pf tables: for table in $(pfctl -sT); { # don't keep state for tables starting # with an underscore if [[ ${table} = _* ]]; then continue # only be concerned with nonempty tables elif [ -r ${TABLE_STATE_DIR}/${table} ] \ [ $(wc -l ${TABLE_STATE_DIR}/${table}) -gt 0 ]; then echo -n \t${table} pfctl -t ${table} -Ta $(${TABLE_STATE_DIR}/${table}) \ rm -- ${TABLE_STATE_DIR}/${table} fi }; unset table echo done. fi unset TABLE_STATE_DIR --
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote: However, if you agree with me, I get the feeling that all of these are inelegant workarounds compared to the ideal solution: time support in pf (similar to perhaps iptables). I've read the replies from developers to a similar question a few months back, and they were not interested in adding such support in pf. I am sure there are other priorities for them, and it's totally OK with me. But time rules are important for me, so ultimately I'd like to achieve the correct solution, if I can (which is the OpenBSD way after all). Therefore, I am even willing to play with the pf source code to add time support just for packet filtering rules. I am sure, if it were so easy, we would probably have it by now. So, before I attempt it myself, do you guys think it is too difficult? the case, hopefully? Consider that pf does its job, and does it well. Other tools can be used to manipulate the policy that pf enforces, changing over not only time but any other criteria. Such criteria can't be foreseen and certainly all of them can't (and shouldn't) be included in pf. Small, focused tools are one example of the Unix way (not just OpenBSD). You can build the behavior you're asking for with the tools you have currently, and do it in a robust manner. Thinking through how that would work, I don't find it inelegant. It would be clear and easy to manage. -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: Do mp3 concatenation programs exist?
On 7/15/06, Peter Philipp [EMAIL PROTECTED] wrote: On Sat, Jul 15, 2006 at 04:03:52PM -0700, smith wrote: If I'm going to provide my customers internet access I better keep track of the traffic that my customers' dsl modems generate. This is to protect me from lawsuits and abuse of the services I provide. Hmmm. Looking through the I guess it's illegal nowadays to symlink your logs to /dev/null. logs I notice that all of a sudden my dhcp server is sending out IP leases every minute, why? Or when I look at my graphs, there is a spike in dhcp leases and plateaus for the rest of the day. Hmmm. This one customer with a dsl mac address such and such and/or phone number such and such is the one making all the request for a new leases. I wonder what he's up too? Hmm. Most of his traffic is mp3's. Hmmm. Funny scenario, does not apply to me. :) Just from the fact that you make all those request for new leases makes you stand out. And? The ISP cannot do anything. They can write a new clause to their EULA that re-connecting within X amount of time is excessive and forbidden, and notify the customer on that, so that they may adjust their settings. And I'm sure they'd be pretty bored with POP3 traffic and HTTP, and the occasional ftp to download open source ports. I see no problem. Thanks for the info though. Haha this thread is awesome. I saw the beginning of it a few hours ago and was going to jump in but had to go somewhere. Now I come back and see it's exploded, just like I knew it would as soon as I saw I do this for personal reasons and I like it this way. Philip, your system fails. Not that you shouldn't try to be anonymous, but you clearly don't know enough about how the internet works to accomplish that on your own. Look up tor. Look up freenet (.sf.net, not .de). Those have been developed for years by some of the brightest in the field and they *still* have big weaknesses. Anyway, there is no such thing as an mp3 concatation program, at least not like you're looking for, because the need for a program that can detect duplicate blocks *does not exist*. You do not count as need, especially since the easy solution is to go with a mopre stable IP. Anonymity has is costs. The sad thing here is that you have only a false sense of anonymity. -Nick
Re: time-based pf rules in crontab do not survive a reboot (naturally)?
On 7/15/06, Darrin Chandler [EMAIL PROTECTED] wrote: On Sun, Jul 16, 2006 at 02:40:04AM +0300, Soner Tari wrote: However, if you agree with me, I get the feeling that all of these are inelegant workarounds compared to the ideal solution: time support in pf (similar to perhaps iptables). I've read the replies from developers to a similar question a few months back, and they were not interested in adding such support in pf. I am sure there are other priorities for them, and it's totally OK with me. But time rules are important for me, so ultimately I'd like to achieve the correct solution, if I can (which is the OpenBSD way after all). Therefore, I am even willing to play with the pf source code to add time support just for packet filtering rules. I am sure, if it were so easy, we would probably have it by now. So, before I attempt it myself, do you guys think it is too difficult? the case, hopefully? Consider that pf does its job, and does it well. Other tools can be used to manipulate the policy that pf enforces, changing over not only time but any other criteria. Such criteria can't be foreseen and certainly all of them can't (and shouldn't) be included in pf. Small, focused tools are one example of the Unix way (not just OpenBSD). You can build the behavior you're asking for with the tools you have currently, and do it in a robust manner. Thinking through how that would work, I don't find it inelegant. It would be clear and easy to manage. Perhaps put another way, putting all the functionality (time management here) into one program duplicates code (from cron, in this case) which is bad programming style. -Nick
FreeBSD binary compat problem on 3.9
Ok, so I'd like to run some freebsd binaries on open, since I can't get serveral packages to build openbsd native. However, anytime I run a freebsd binary I get: /usr/libexec/ld-elf.so.1: /usr/lib/libm.so.2: mmap of entire address space failed: Invalid argument I'm running 3.9-R w/ GENERIC on i386, w/ 4.11-R Free libs from /usr/ports/emulators/freebsd_lib. I've got kern.emul.freebsd=1 Any ideas?
KerberosV
Hey folks, i have jsut setted keberos for my openbsd 3.8 server. It is working well, but during configuration i could see that some directives stated in krb5.conf(5) was not valid. kdc insisted in complaining on them: /appdefaults/x no valid. For instance, kdc did not accept direcive encrypt in [appdefaults] section, and the man page for krb5.conf(5) states it. I am very confused about all that. Of course, i am running the default installation. Thanks in advance.
Kerberos
Well, here i am again. I was expecting that the granted ticket always hold the address to which it is valid. After obtaining a ticket by means of kinit, i got the following: $ kinit [EMAIL PROTECTED]'s Password: $ klist -v Credentials cache: FILE:/tmp/krb5cc_1000 Principal: [EMAIL PROTECTED] Cache version: 4 Server: krbtgt/[EMAIL PROTECTED] Ticket etype: des3-cbc-sha1, kvno 1 Auth time: Jul 15 23:11:42 2006 End time: Jul 16 03:11:42 2006 Renew till: Aug 14 23:11:42 2006 Ticket flags: renewable, initial Addresses: The address information line is empty. I don't understand why! Here you have my krb5.conf: [appdefaults] forwardable = no proxiable = no # no-addresses = no ticket_lifetime = 14400 renew_lifetime = 3600 # encrypt = # forward = [libdefaults] default_realm = SSO.NET clockskew = 300 kdc_timeout = 4 # v4_name_convert # v4_instance_resolve # capath = { } # default_etypes = arcfour-hmac-md5 # default_etypes_des = des-cbc-crc default_keytab_name = FILE:/etc/kerberosV/krb5.keytab dns_lookup_kdc = yes dns_lookup_realm = no kdc_timesync = yes # max_retries = 4 ticket_lifetime = 14400 # renew_lifetime = 3600 forwardable = no # proxiable = yes verify_ap_req_nofail = yes # warn_pwexpire = 86400 # http_proxy = # dns_proxy = # extra_addresses = # time_format = # date_format = log_utc = yes scan_interfaces = no # fcache_version = # krb4_get_tickets = no # fcc-mit-ticketflags = yes [domain_realm] .my.domain = SSO.NET [realms] SSO.NET = { kdc = etosha.my.domain admin_server = etosha.my.domain kpasswd_server = etosha.my.domain # krb524_server = # v4_instance_convert # v4_name_convert # default_domain # tgs_require_subkey } #[capaths] # CLIENT-REALM = { # SERVER-REALM = hop-realm # } [logging] kadmind = FILE:/var/heimdal/kadmind.log kdc = STDERR default = STDERR [kdc] database = { # dbname = realm = SSO.NET # mkey_file = # acl_file = # log_file = } max-request = 1024 # require-preauth = yes # ports = addresses = 10.0.0.2 enable-kerberos4 = no # v4-realm = SSO.NET enable-524 = no enable-http = no enable-kaserver = no # check-ticket-addresses = yes # allow-null-ticket-addresses = no allow-anonymous = no # enable_as_rep_as_tgs_rep = no kdc_warn_pwexpire = 86400 # logging = # use_2b = [kadmin] # require-preauth = yes default_keys = v5 use_v4_salt = no
Re: Do mp3 concatenation programs exist?
On Sat, 15 Jul 2006 22:39:48 +0200, Peter Philipp [EMAIL PROTECTED] said: On Sat, Jul 15, 2006 at 10:15:06PM +0200, Tobias Weisserth wrote: This is just the most idiotic thing I've ever heard. You are creating a whole bunch of unneccessary problems for yourself. It's pretty obvious he's trying to hide his true identity because of these mp3 activities on the Internet. If he's that paranoid about his probably illegal activities I don't understand why he talks about them in detail on a public mailing list... :-) Illegal activities? Naw man! I just like moving like a Mack truck. See, I'm already gone! Once I was upset that they didn't give everyone static IP's, and then I thought about the words Vint Cerf said, and I got enlightened. Anonymity rocks when you're taking charge of it. If you linger around for 20 hours a day someone can track you and the dynamic IP is useless. So I'm turning it around, into the intended direction. And I know I'm on the right path. There is a lot of things you see when you push the technology to the limits, like why does pppoe(4) take 6 seconds to authenticate you over Ethernet when you cycle the pppoeX interface? Obviously streamlining can be done to push this down below a second. Somewhere there is a loop too many in the sppp or pppoe code or a timeout too long. Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you know yours? $ grep new ip for now /var/log/all | awk '{print $NF}' | sort -u | wc -l 17991 $ There's your odds if you want to find me at any minute. And if you scan how do you know that I won't disconnect before the scan reaches me and re- appear to an IP that the scan already passed? Linear portscanning won't work. You may as well send a random packet and hope it comes across my ways. cheers, Tobias So you can't help me with a useful answer either? Sad. There are no useful answers for idiots. Remember this is the same idiot who started the USB keyboard encryption BS thread. His tinfoil cap is on too tight. -- Eric Furman [EMAIL PROTECTED]
Re: Do mp3 concatenation programs exist?
On Sat, Jul 15, 2006 at 11:21:43PM -0400, Eric Furman wrote: There are no useful answers for idiots. Remember this is the same idiot who started the USB keyboard encryption BS thread. His tinfoil cap is on too tight. -- Eric Furman [EMAIL PROTECTED] Tinfoil is useless for any paranoid reasons. Tinfoil caps only serve well for decorational dress. You too are just jealous. -p -- Here my ticker tape .signature My name is Peter Philipp lynx -dump http://en.wikipedia.org/w/index.php?title=Pufferfisholdid=20768394; | sed -n 131,136p So long and thanks for all the fish!!!