Re: Define hosts lookup for pf.conf

2007-09-18 Thread pichi
>Pedro, You probably won't get too much more hand-holding
>here.  You really should have a good look at the tools
>available to you before you post to this list.

>"man" is your friend, google is your library index.

Gentelmen,

Sorry if I ran into the Big Boys forum crying. I will be more cautious about
what I ask next time. Is there a forum for people who are starting out with
OpenBSD? The thing is I am new to it and I am in a situation where reading
pages and pages of Google is taking a lot of time away from making it work.
But just working a few days with this OS I can see that its very solid and
worth the many hours of searching for documentation. 

>I'm a bit worried about this term "publicly accessible firewall",
>it's a contradiction in terms.  Firewalls should be nearly invisible,
>certainly not public ally accessible.

I meant that one of the interfaces was routable on the Internet, not sitting
at a table in Starbucks. And your right I try and keep it as invisable as
possible.

>Perl and the enormous number of modules available for Perl are
>tools that can be used on firewalls for administration and although
>"bare bones" is a good way to build a firewall (from general
>principles), you do need certain tools to manage it.  Perl is
>one tool that I would miss greatly if it were removed.

I cant wait to get perl working for me. It sounds wonderful. Timetime.

>Having said that, it's good that you are cautious :-)

Thanks Dave. My boss alway say "Be paraniod"

Hasta luego,

P.




-- 
View this message in context: 
http://www.nabble.com/Define-hosts-lookup-for-pf.conf-tf4469900.html#a12771675
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Jake Conk
Why would you get burned for that? That was an excellent answer! I
guess its not the OpenBSD way but that's ok, your system is your
system and it should be able to work for you, not you work for it ;)

So what drawbacks have you had with this?

Thanks,
- Jake


On 9/18/07, Edwards, David  (JTS) <[EMAIL PROTECTED]> wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > On Behalf Of Jake Conk
> > Sent: Tuesday, 18 September 2007 6:36 PM
> > To: misc@openbsd.org
> > Subject: Simple startup daemon's on boot question?
> >
> > Hello,
> >
> > Simple noob question... I've installed a few packages (ie nrpe2 and
> > openvpn) that on other systems like Linux and even BSD based systems
> > such as FreeBSD provide means of a rc script which can start and stop
> > the service and you can configure this script to be executed on boot.
> >
> > After installing these packages on OpenBSD I've listed the package
> > contents and don't notice any equivalent files that would do this. Are
> > we supposed to write our own startup scripts and place them in
> > /etc/rc.local to be executed when the system boots? Does OpenBSD not
> > use rc scripts that start/stop/restart/ and status applications?
>
> I'm probably going to get burnt for this but :-)
>
> Put this in /etc/rc.conf.local:
> ---
> local_startup_dir=/etc/rc.d
> ---
>
> Put this in /etc/rc.local
> --
> . /etc/rc.conf.local
> for f in ${local_startup_dir}/*.sh ; do
>   if [ -x $f ]; then
> logger -p daemon.notice -t rc.local "Starting $f"
> $f start
> sleep 1
>   fi
> done
> ---
>
> Create the /etc/rc.d directory and plonk start/stop
> executable scripts in there (should all end in .sh).
>
> To turn a script off temporarily, make it non-executable
> or change .sh to .sh.off or something.
>
> Use numbers (01, 02 etc) in the front of the filename
> to determine which scripts run first..
>
> I use a template script like this:
> --
> #!/bin/sh
> #
> # To start the pf-syslog log catcher
> #
> what=syslog-ng
> where=/usr/local/sbin
> args=""
>
> KillProc()
> {
>   proc=$1
>   sig=$2
>
>   pid=`ps -xo pid,args | grep -v grep | grep "$proc" | awk '{print $1}'`
>
>   if [ "X$pid" != "X" ]; then
>  kill -$sig $pid
>  echo $pid
>
>   else
>  echo "Nothing to kill"
>   fi
> }
>
> case "$1" in
> "start")
> if [ -f $where/$what ]; then
> echo "Starting $what"
> /$where/$what $args
> fi
> ;;
> "stop")
> echo "Stopping $what"
> KillProc $what TERM
> exit 0
> ;;
> *)
> echo "$0: Usage $0 start||stop "
> ;;
> esac
>
> exit 0
> 
>
> I have found over the years that this approach has a
> lot of benefits and few drawbacks.
>
> Introducing fresh admin staff to BSD is a lot easier
> if they don't have to do the "grep for PID"
> "kill -TERM PID" thing to stop a running "service".
> And of course "look in /etc/rc.local",
> work out how to start it then start it..
>
> Believe it or not, I've had people reboot servers in
> order to stop and start a service ..
>
> ciao
> dave
> ---
> Dave Edwards



Re: Wasting our Freedom

2007-09-18 Thread Alan Cox
> sorry, but calling attribution claims of any sort "petty" is nothing
> short of dangerous ignorance.

Says a man who has a .sig of "SDF Public Access UNIX System -
http://sdf.lonestar.org";

Well sdf.lonestar.org claims to be NetBSD so might I suggest your
dangerous ignorance starts at the Unix trademark.


And please take this where it belongs which is the relevant wireless
list. Better yet leave the dispute to those it actually involves, which
is not most of the OpenBSD community, nor the Linux kernel team, but a
small group of developers in the OpenBSD wireless world and a few people
in the ath5k GPL project.



Re: Wasting our Freedom

2007-09-18 Thread Martin Schlemmer
On Tue, 2007-09-18 at 11:55 -0700, Can E. Acar wrote:
> Theodore Tso wrote:
> > On Mon, Sep 17, 2007 at 03:06:37PM -0700, Can E. Acar wrote:
> >> The only remaining issue is whether Nick & Jiri have enough
> >> original contributions to the code to be added to the Copyright.
> >>
> >> I believe this needs to be resolved between Reyk and Nick and Jiri.
> >>
> >> The main reason of Theo's message, linked earlier, was the
> >> lack of response on this issue. It seems that the SFLC is
> >> dismissing this issue,000d8b92-0010lling its resolution by the
> >> developers.
> > 
> > OK, so all of this flaming, and digging up of "licenses ripped off",
> > and chaff thrown up in the air, and moaning and bewailing about
> > "theft", is now down to these two lines regarding Nick and Jiri:
> 
> Yes, quite an improvement, considering how it all started, dont you think?
> Pity it took so much pushing and dragging to get people to do the right
> thing.
> There is just one little step to go. It is can not be that hard, can it?
> 

Apparently.


> >> * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]>
> >> * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> >> * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>
> >> [snip rest of BSD license]
> > 
> > It's under a BSD license; what material difference does those two
> > lines make, for goodness sake?  It's under a BSD license, so it's not
> > like anything won't be "given back".
> 
> As a programmer, you sure would know what difference any "two lines"
> would make on your program. When it comes to law, you seem to lose
> that intuition.
> 
> 
> > Whether or not they have made
> > enough for changes is really a question for the lawyers, and may
> > differ from one jurisdiction to another
> > --- but whether or not they have now, or maybe will not make until later ---
> 
> Well, they can add their names *anywhere* in the whole file, *except*
> these two lines. See, these lines have a whole different meaning
> when it comes to laws.  When they make sufficient contribution, they
> sure can add their names. What is so difficult to understand here?
> 

So, here is the actual commit of the code in Linville's wireless
networking development tree:

http://git.kernel.org/?p=linux/kernel/git/linville/wireless-dev.git;a=commitdiff;h=fb32e1730a91e39adcf06ed5254bfc5a65d17a9b

It I am not mistaken, it was Sunday afternoon, so probably 5/6 or more
of this thread consisting of more than 110 messages (according to my
inbox) to LKML was after this time.

As this already had the BSD license ...

Anyway, as for the changes, I am not going to check the original, but
from the first commit up to now is here:

http://git.kernel.org/?p=linux/kernel/git/linville/wireless-dev.git;a=blobdiff;f=drivers/net/wireless/ath5k_hw.c;h=e4cc307e9590a71bcc8542c45dbd2caf3f9e8fe5;hp=f273c42d4004b81597e7cfc5f7eec757a7c52910;hb=everything;hpb=fb32e1730a91e39adcf06ed5254bfc5a65d17a9b

Running a diffstat shows:

 ath5k_hw.c |  344 +
 1 file changed, 165 insertions(+), 179 deletions(-)

But not having the original version, and as the other two lines are
already present, I am not going to look closer at the changes.




However, the question I wanted to ask, was this:

Can all those that still feel that there is a problem, please go and
look at the original, compare it to the current, and then determine (ie,
go ask a lawyer or some other appropriate person if need be) if the
changes is enough of a contribution *BEFORE* posting again?

Pretty please with sugar on top?


Thanks,

M



Re: Define hosts lookup for pf.conf

2007-09-18 Thread Edwards, David (JTS)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of pichi
> Sent: Wednesday, 19 September 2007 12:52 AM
> To: misc@openbsd.org
> Subject: Re: Define hosts lookup for pf.conf
>
> The Socket module should also be there:
>
> $ perl -e 'use strict; use Socket; print("hello\n");'
> hello

Please try to keep track of who said what..  The above came
from a post by Richard Toohey [EMAIL PROTECTED]

> but it looks like I dont have the socket module becuase when I do:
>
> $perl -e
>
> I get:
>
> $No code specified for -e.

This is answered in another post..

Pedro, You probably won't get too much more hand-holding
here.  You really should have a good look at the tools
available to you before you post to this list.

"man" is your friend, google is your library index.

> How can I add that module, and again, is it safe for a publically
> accessable firewall?

I'm a bit worried about this term "publicly accessible firewall",
it's a contradiction in terms.  Firewalls should be nearly invisible,
certainly not public ally accessible.

Perl and the enormous number of modules available for Perl are
tools that can be used on firewalls for administration and although
"bare bones" is a good way to build a firewall (from general
principles), you do need certain tools to manage it.  Perl is
one tool that I would miss greatly if it were removed.

Perl does not listen on the network so it cannot be attacked
directly.  Any risk is related to the ability of an
attacker to use Perl to their advantage after they have
already compromised your firewall.  If they own your
firewall, all bets are off and the lack of Perl is
unlikely to even slow them down.

Again, IMHO, there is no risk to installing Perl and
any modules you require on a firewall.

Having said that, it's good that you are cautious :-)

ciao
dave
---
Dave Edwards



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Stuart Henderson
On 2007/09/19 07:11, Edwards, David  (JTS) wrote:
> Introducing fresh admin staff to BSD is a lot easier
> if they don't have to do the "grep for PID"
> "kill -TERM PID" thing to stop a running "service".

pkill is good for that. unlike some OS, you don't get trained
to use a command (killall) which could bite you on certain other
OS.

> Believe it or not, I've had people reboot servers in
> order to stop and start a service ..

this is not actually all that bad an idea in the
'start a service' case; it does ensure that it comes
up correctly at boot time.



Re: Define hosts lookup for pf.conf

2007-09-18 Thread Edwards, David (JTS)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of pichi
> Sent: Tuesday, 18 September 2007 4:05 PM
> To: misc@openbsd.org
> Subject: Re: Define hosts lookup for pf.conf
>
> Dave,
>
> Thanks so much for your help. I have never touched perl but I
> will give it a try. Still, I have other questiones:

You're welcome.

> 1. What software will I need to install on the firewalll in
> order for this script to work?

Perl is part of the default install.  If you save the script
somewhere in your path (/usr/local/bin/ works) and make it
executable (chmod 755 whatever_you_call_it.pl), then you will
be able to call it like:

# pfctl -s state | whatever_you_call_it.pl

> 2. Is there any danger in having this kind of software on a publically
> accessable firewall?

Perl is kick-ass magic that once you're half way up
the learning curve, you wonder how the hell you ever
lived without it..

In my view, there is no risk in having it installed on a
firewall and there are many benefits.  Frankly I'd be
amazed if it isn't already there :-)

ciao
dave
---
Dave Edwards



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Edwards, David (JTS)
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Jake Conk
> Sent: Tuesday, 18 September 2007 6:36 PM
> To: misc@openbsd.org
> Subject: Simple startup daemon's on boot question?
>
> Hello,
>
> Simple noob question... I've installed a few packages (ie nrpe2 and
> openvpn) that on other systems like Linux and even BSD based systems
> such as FreeBSD provide means of a rc script which can start and stop
> the service and you can configure this script to be executed on boot.
>
> After installing these packages on OpenBSD I've listed the package
> contents and don't notice any equivalent files that would do this. Are
> we supposed to write our own startup scripts and place them in
> /etc/rc.local to be executed when the system boots? Does OpenBSD not
> use rc scripts that start/stop/restart/ and status applications?

I'm probably going to get burnt for this but :-)

Put this in /etc/rc.conf.local:
---
local_startup_dir=/etc/rc.d
---

Put this in /etc/rc.local
--
. /etc/rc.conf.local
for f in ${local_startup_dir}/*.sh ; do
  if [ -x $f ]; then
logger -p daemon.notice -t rc.local "Starting $f"
$f start
sleep 1
  fi
done
---

Create the /etc/rc.d directory and plonk start/stop
executable scripts in there (should all end in .sh).

To turn a script off temporarily, make it non-executable
or change .sh to .sh.off or something.

Use numbers (01, 02 etc) in the front of the filename
to determine which scripts run first..

I use a template script like this:
--
#!/bin/sh
#
# To start the pf-syslog log catcher
#
what=syslog-ng
where=/usr/local/sbin
args=""

KillProc()
{
  proc=$1
  sig=$2

  pid=`ps -xo pid,args | grep -v grep | grep "$proc" | awk '{print $1}'`

  if [ "X$pid" != "X" ]; then
 kill -$sig $pid
 echo $pid

  else
 echo "Nothing to kill"
  fi
}

case "$1" in
"start")
if [ -f $where/$what ]; then
echo "Starting $what"
/$where/$what $args
fi
;;
"stop")
echo "Stopping $what"
KillProc $what TERM
exit 0
;;
*)
echo "$0: Usage $0 start||stop "
;;
esac

exit 0


I have found over the years that this approach has a
lot of benefits and few drawbacks.

Introducing fresh admin staff to BSD is a lot easier
if they don't have to do the "grep for PID"
"kill -TERM PID" thing to stop a running "service".
And of course "look in /etc/rc.local",
work out how to start it then start it..

Believe it or not, I've had people reboot servers in
order to stop and start a service ..

ciao
dave
---
Dave Edwards



Re: Wasting our Freedom

2007-09-18 Thread Jacob Meuser
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote:

> all of the megabytes and megabhytes of flamewar is over these two
> lines:
> 
> > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>
> 
> Petty, isn't it?  Let's just say it's b.s. like this which is why, 16
> years ago, I decided to work with Linux instead of BSD.

copyright assertion == claim of ownership, or posession.

posession is 9/10 of the law.

was it petty of UCB to claim copyrights over code USL claimed ownersip
of?

was it also petty of Novell to claim that they, and not SCO, owned
the copyright to UNIX?

sorry, but calling attribution claims of any sort "petty" is nothing
short of dangerous ignorance.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org



Re: OpenBSD Install Goal

2007-09-18 Thread Stuart Henderson
On 2007/09/18 18:44, Douglas A. Tutty wrote:
> To my mind, even a curses interface to cfdisk and disklabel is not
> necessary, but a little more help, e.g. a mini-menu along the bottom,
> would go a long way.  Of course, the best thing is to have a copy of
> Absolute OpenBSD and the FAQ open infront of you when you do the
> install.

The booklet that comes with the CD set is good enough for
most purposes (if you're stuck with a small HD, maybe add a
pencil and a calculator if you think it'll help)...



Re: OpenBSD Install Goal

2007-09-18 Thread Darren Spruell
On 9/18/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > You are given a brand new machine; you bring your install CD; and after
> > four minutes of using the standard tools (disklabel, fdisk, ifconfig,
> > ...) you are already very familiar with, you have a fully working box,
> > modulo afterboot.
>
> The only issue I've seen is that if you are new to OBSD, even if used to
> the command line in Linux (not clicky-pointy-lindows) fdisk and
> disklabel are new.  On linux, the standard non-GUI partitioner is cfdisk
> (curses fdisk) while there is not such thing as disklabel).

fdisk isn't new; any operating system that has had to partition an
i386 system carries along with it the same fdisk-ish pardigm. whether
you call it fdisk, or cfdisk, or anaconda disk partitioning, or
windows setup, people have been doing the same damn thing for years
and shouldn't find differences in implementation intimidating.

disklabels aren't a strictly unique thing either; several systems have
them. even Linux has to deal with disklabels on non-x86 platforms
(e.g. Sun boxen) e.g.
http://www.gentoo.org/doc/en/handbook/handbook-sparc.xml?part=1&chap=4.

> To my mind, even a curses interface to cfdisk and disklabel is not
> necessary, but a little more help, e.g. a mini-menu along the bottom,
> would go a long way.

Blech.

http://www.openbsd.org/faq/faq4.html
http://www.openbsd.org/faq/faq14.html
ftp://ftp.openbsd.org/pub/OpenBSD/4.1/i386/INSTALL.i386

There are resources a-plenty; anyone who finds it confusing is either
trying to install without having read docs, or is not familiar with
computers in the first place (and thus needs to read the docs.)
Computer users need to get smarter, instead of technology getting
dumber for them.

DS



Re: OpenBSD Install Goal

2007-09-18 Thread David Given
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Douglas A. Tutty wrote:
[...]
> The only issue I've seen is that if you are new to OBSD, even if used to
> the command line in Linux (not clicky-pointy-lindows) fdisk and
> disklabel are new.  On linux, the standard non-GUI partitioner is cfdisk
> (curses fdisk) while there is not such thing as disklabel).

I think cfdisk is pretty nasty. Standard Linux fdisk, with its highly minimal
command-line interface, is far easier to use IMO (but much harder to learn).
At least cfdisk is better than the incredibly slow and cumbersome
dialog-driven partitioner that Debian has --- I really cannot imagine what
they were thinking with that one.

Actually, OpenBSD does fall down a bit when it comes to partitioning; it's
not
just that there are two tools for doing what's pretty much the same job
(partitioning chunks of disk), it's that they have such radically different
user interfaces. You end up having to learn *two* UIs. I realise that there
are implementation reasons why it's necessary to have two apps, but that
doesn't help the usability.

People might be interested in having a look at Minix's partitioner, part.
Minix uses a slice-based system like the BSDs, although with slightly
different semantics, and part is a curses-based app that's actually
surprisingly easy to use *and* learn, even when doing complicated things.

http://minix1.woodhull.com/current/2.0.4/wwwman/man8/part.8.html

It's particularly interesting because it has a rather good algorithm for
guessing magical values --- point the cursor at a field, and pressing m
cycles
through all the significant values for that field. It's very rare that I
actually have to type a value in; which for something as critical to
miscalculation as a partition table is a good design feature.

- --
bbb o=o=o< o=o=o=o=o=o=o=o<o=o=o=
 bbb
http://www.cowlark.com
bbbbbbbbbbbbbbbbbbb
b
b "There does not now, nor will there ever, exist a programming language in
b which it is the least bit hard to write bad programs." --- Flon's Axiom
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8Fxrf9E0noFvlzgRAtHFAJ9xuoi5AVycWnED4XLguav1EIdjPgCg0pOh
ZvwLAZFMIAF2wdQh8tI1bww=
=uhyz
-END PGP SIGNATURE-



Re: OpenBSD Install Goal

2007-09-18 Thread Douglas A. Tutty
On Tue, Sep 18, 2007 at 07:00:01PM +0200, Jan Stary wrote:
> > >>I hope one day soon OpenBSD will adopt a nice ncurses setup similar
> > >>to something like FreeBSD with ease to it.
> 
> There is no _need_ for a "nice curses setup" - the current installer
> already "has ease to it"w, to put it mildly. In fact, OpenBSD's
> installer is the best I have met during my years-long career of
> a sysadmin.
> 
> You are given a brand new machine; you bring your install CD; and after
> four minutes of using the standard tools (disklabel, fdisk, ifconfig,
> ...) you are already very familiar with, you have a fully working box,
> modulo afterboot.

The only issue I've seen is that if you are new to OBSD, even if used to
the command line in Linux (not clicky-pointy-lindows) fdisk and
disklabel are new.  On linux, the standard non-GUI partitioner is cfdisk
(curses fdisk) while there is not such thing as disklabel).

To my mind, even a curses interface to cfdisk and disklabel is not
necessary, but a little more help, e.g. a mini-menu along the bottom,
would go a long way.  Of course, the best thing is to have a copy of
Absolute OpenBSD and the FAQ open infront of you when you do the
install.

Doug.



Re: embedded device

2007-09-18 Thread Douglas A. Tutty
On Tue, Sep 18, 2007 at 11:36:54AM -0400, Jason Dixon wrote:
> On Sep 18, 2007, at 11:03 AM, "Tang Tse" <[EMAIL PROTECTED]> wrote:
> 
> >I had a soekis 4801 and pf performs only about 28Mb/s I think.
> >
> >I trying to set up a router for about 50-100 users and only with  
> >28Mb/s i hadn't enought there's a big bottle neck.
> >I general, i read that soekris devices are optimized for power  
> >consume/heat disipation not for performance.
> 
> No reason not to keep this on-list.
> 
> You should upgrade to 4.2.  There were pf improvements at c2k7 that  
> doubled performance on Soekris (~58Mbps).

My understanding of the reason for embedded is for low power consumption
and heat disipation.  If you're more interested in performance, why are
you specifying embedded?  Why not specify the throughput and determine
the horsepower from that?

Doug.



Re: 1440x900 resolution problem

2007-09-18 Thread Sean Darby
I'm no pro, and anyone please correct me if I'm wrong, but
this might work...

in xorg.conf under section "monitor"...
paste this before "endsection":

Modeline"1440x900" 134.52 1440 1536 1688 1936 900 901 904 939
Modeline"1440x900" 132.71 1440 1536 1688 1936 900 901 904 939
Modeline"1440x900" 130.75 1440 1536 1688 1936 900 901 904 938

up above it where you have horiz & vert, you might try:

HorizSync31-81
VertRefresh  56-76

...or maybe...

HorizSync   30-92 (I might be off on that)
VertRefresh 60-170 (I might be off on that too)

And in section "screen" under subsection "display" you might
want to update to something like...

SubSection "Display"
   Depth  16
   Modes  "1440x900" "1280x960" "1366x768" "1280x800" "1152x864"
"1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480"
 EndSubSection
 SubSection "Display"
   Depth  24
   Modes  "1440x900" "1280x960" "1366x768" "1280x800" "1152x864"
"1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480"
 EndSubSection
 SubSection "Display"
   Depth  8
   Modes  "1440x900" "1280x960" "1366x768" "1280x800" "1152x864"
"1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480"
 EndSubSection

Again, apologies in advance if my inexperience has provided
incorrect information. I've adjusted my 1680x1050 resolution
settings similarly to that above and it worked. Though it
might be different for you depending on what all you are
using, I'm not sure.

-Sean

On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote:
> Hi misc,
>
> I can't get the 1440x900 resolution on my Samsung 940BW flat panel
> screen to work.
> I searched the lists but found nothing that could help me.
> Xorg.0.log says something like this :
>
> (II) ATI(0): Not using mode "1440x900" (no mode of this name)
>
> Using gtf (gtf 1440 900 60) I have added :
> Modeline "1440x900_60.00"  106.47  1440 1520 1672 1904  900 901 904
> 932  -HSync +Vsync
> to the "Monitor" section on xorg.conf.
>
> Any ideas ?
>
> /var/log/Xorg.0.log
> =
>
> (--) checkDevMem: using aperture driver /dev/xf86
> (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version
3.32)
> (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device not configured)
> (WW) GARTInit: AGPIOC_INFO failed (Device not configured)
>
> X Window System Version 6.9.0 (for OpenBSD)
> Release Date: 21 December 2005
> X Protocol Version 11, Revision 0, Release 6.9
> Build Operating System: OpenBSD 4.1 i386 [ELF]
> Current Operating System: OpenBSD localhost 4.1 GENERIC#1450 i386
> Build Date: 07 March 2007
> Before reporting problems, check http://wiki.X.Org
> to make sure that you have the latest version.
> Module Loader present
> Markers: (--) probed, (**) from config file, (==) default setting,
> (++) from command line, (!!) notice, (II) informational,
> (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
> (==) Log file: "/var/log/Xorg.0.log", Time: Tue Sep 18 21:14:49 2007
> (==) Using config file: "/etc/X11/xorg.conf"
> (==) ServerLayout "X.org Configured"
> (**) |-->Screen "Screen0" (0)
> (**) |   |-->Monitor "Monitor0"
> (**) |   |-->Device "Card0"
> (**) |-->Input Device "Mouse0"
> (**) |-->Input Device "Keyboard0"
> (**) FontPath set to
>
"/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/
X11/fonts/Type1/,/usr/X11R6/lib/X11
>
/fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/"
> (**) RgbPath set to "/usr/X11R6/lib/X11/rgb"
> (**) ModulePath set to "/usr/X11R6/lib/modules"
> (II) Module ABI versions:
> X.Org ANSI C Emulation: 0.2
> X.Org Video Driver: 0.8
> X.Org XInput driver : 0.5
> X.Org Server Extension : 0.2
> X.Org Font Renderer : 0.4
> (II) Loader running on openbsd
> (II) LoadModule: "bitmap"
> (II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so
> (II) Module bitmap: vendor="X.Org Foundation"
> compiled for 6.9.0, module version = 1.0.0
> Module class: X.Org Font Renderer
> ABI class: X.Org Font Renderer, version 0.4
> (II) Loading font Bitmap
> (II) LoadModule: "pcidata"
> (II) Loading /usr/X11R6/lib/modules/libpcidata.so
> (II) Module pcidata: vendor="X.Org Foundation"
> compiled for 6.9.0, module version = 1.0.0
> ABI class: X.Org Video Driver, version 0.8
> (II) PCI: PCI scan (all values are in hex)
> (II) PCI: 00:00:0: chip 1166,0009 card , rev 06 class 06,00,00 hdr
80
> (II) PCI: 00:00:1: chip 1166,0009 card , rev 06 class 06,00,00 hdr
80
> (II) PCI: 00:02:0: chip 8086,1229 card 1028,009b rev 08 class 02,00,00 hdr
00
> (II) PCI: 00:06:0: chip 125d,1969 card 125d, rev 01 class 04,01,00 hdr
00
> (II) PCI: 00:0e:0: chip 1002,4752 card 1028,00ce rev 27 class 03,00,00 hdr
00
> (II) PCI: 00:0f:0: chip 1166,0200 card 1166,0200 rev 50 class 06,01,00 hdr
80
> (II) PCI: 00:0f:1: chip 1166,0211 card , re

Re: problems with ral0 and OBSD 4.0

2007-09-18 Thread Pierre Riteau

Le 18 sept. 07 ` 18:41, Alessandro Roncari a icrit :


Hello

I have the following issue with ralink wireless card, acting in hostap
mode


hardware: ral-rt2561s board acting as access point on a Soekris
Net4501, running OpenBSD 4.0.



can't seem to make it work like it should, even with a 9dBi antenna
the
signal is very weak and much weaker than my old netgear AP. weak and
unstable

everything is set up correctly

# dmesg | grep ral0
ral0 at pci0 dev 16 function 0 "Ralink RT2561S" rev 0x00: irq 10,
address 00:12:0e:61:80:98
ral0: MAC/BBP RT2561C, RF RT5225


ral0: flags=8843 mtu 1500
 lladdr 00:12:0e:61:80:98
 media: IEEE802.11 autoselect hostap (autoselect mode 11a
hostap)
 status: active
 ieee80211: nwid xxx chan 11 bssid 00:12:0e:61:80:98 nwkey

100dBm
 inet 192.168.x.x netmask 0xff00 broadcast 192.168.x.xxx
 inet6 fe80::212:eff:fe61:8098%ral0 prefixlen 64 scopeid 0x1

but it seems it's all working at very small % of its power.
question is: is this a known bug in the driver?? or is there
anything I
could do to improve the situation?


Update to OpenBSD 4.1 or -current, there were some changes in ral(4)
code.

e.g.
replace rssadapt(9) with amrr for automatic rate control.
as a side-effect, this should fix all the "bogus xmit rate" panics
users have been complaining about for some time when operating in
HostAP mode.



Thanks,

Alessandro
Soekris docs & rulesets http://sekureshell.altervista.org




Re: question on spamd blacklisted hosts

2007-09-18 Thread Juan Miscaro
--- Darrin Chandler <[EMAIL PROTECTED]> wrote:

> On Tue, Sep 18, 2007 at 09:09:24PM +0100, Stuart Henderson wrote:
> > On 2007/09/18 13:48, Juan Miscaro wrote:
> > > I _am_ using blacklists with spamd-setup and I _did_ check the
> > > blacklisted hosts immediately after seeing the message.  Perhaps
> my
> > > command is messed up:
> > > 
> > > sudo pfctl -t spamd -T show | grep 65.216.123.37
> > 
> > yes, most blacklists use cidr prefixes.
> 
> Yes :)
> 
> Use "test" instead of "show" should help there:
> 
> $ sudo pfctl -t spamd -T test 65.216.123.37


Bingo.

Thanks Stuart and Darrin.

// juan


  Get news delivered with the All new Yahoo! Mail.  Enjoy RSS feeds right 
on your Mail page. Start today at http://mrd.mail.yahoo.com/try_beta?.intl=ca



Re: question on spamd blacklisted hosts

2007-09-18 Thread Stuart Henderson
On 2007/09/18 13:48, Juan Miscaro wrote:
> I _am_ using blacklists with spamd-setup and I _did_ check the
> blacklisted hosts immediately after seeing the message.  Perhaps my
> command is messed up:
> 
> sudo pfctl -t spamd -T show | grep 65.216.123.37

yes, most blacklists use cidr prefixes.



Re: question on spamd blacklisted hosts

2007-09-18 Thread Darrin Chandler
On Tue, Sep 18, 2007 at 09:09:24PM +0100, Stuart Henderson wrote:
> On 2007/09/18 13:48, Juan Miscaro wrote:
> > I _am_ using blacklists with spamd-setup and I _did_ check the
> > blacklisted hosts immediately after seeing the message.  Perhaps my
> > command is messed up:
> > 
> > sudo pfctl -t spamd -T show | grep 65.216.123.37
> 
> yes, most blacklists use cidr prefixes.

Yes :)

Use "test" instead of "show" should help there:

$ sudo pfctl -t spamd -T test 65.216.123.37

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



Re: 1440x900 resolution problem

2007-09-18 Thread Darrin Chandler
On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote:
> (II) ATI(0): Not using mode "1440x900" (no mode of this name)
> 
> Using gtf (gtf 1440 900 60) I have added :
> Modeline "1440x900_60.00"  106.47  1440 1520 1672 1904  900 901 904
> 932  -HSync +Vsync
> to the "Monitor" section on xorg.conf.

Try matching the name in the Modeline and the one you use in Modes. IOW,
use "1440x900_60.00" in both places. Or use "1400x900" in both places.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



Status of uvm_fault in 4.2

2007-09-18 Thread Jon Steel
Hi

Back in OpenBSD 4.0 I got the error below regarding a uvm_fualt.
According to the cvs logs in pmap.c the bug was not occuring in OpenBSD
4.1 due to some code being reverted, so we switched to that. It seemed
to corret the problem until just the other day. I had a computer
constantly rebooting all night, and on one of the shutdowns I got the error.

I noticed that there is a lot of changes going on in pmap.c since 4.1
and I was wondering on the status of this error? Has it actually been
fixed yet? If it has not, is there anything I can do to help? I have a
few dual and quad core machines I could use to test any changes.

Thanks

Jonathan Steel

uvm_fault(0x..., 0x..., 0, 1) -> e
kernel: page fault trap, code = 0
stopped at pmap_page_remove_86+0x114:
0(%eax, %edx, 4), %eax

The trace output is:

pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at 
pmap_page_remove_86+0x114
uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f
uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5
uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62
uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd
uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19
reaper(d80df430) at reaper+0x90
Bad frame pointer: 0xd0913eb8



Re: 1440x900 resolution problem

2007-09-18 Thread Marius ROMAN
Thanks Darrin, I have modified xorg.conf for 1400x900_75 and works great.

Now for the list (maybe someone will have the same or related problem):

# gtf 1440 900 75
Modeline "1440x900_75.00"  136.49  1440 1536 1688 1936  900 901 904
940  -HSync +Vsync

Added the above line to "Monitor" section.

On the screen section :

SubSection "Display"
Viewport   0 0
Depth 24
Modes   "1440x900_75.00"
EndSubSection

Thanks again,
Marius

On 9/18/07, Darrin Chandler <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote:
> > (II) ATI(0): Not using mode "1440x900" (no mode of this name)
> >
> > Using gtf (gtf 1440 900 60) I have added :
> > Modeline "1440x900_60.00"  106.47  1440 1520 1672 1904  900 901 904
> > 932  -HSync +Vsync
> > to the "Monitor" section on xorg.conf.
>
> Try matching the name in the Modeline and the one you use in Modes. IOW,
> use "1440x900_60.00" in both places. Or use "1400x900" in both places.
>
> --
> Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
> [EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
> http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



Re: Wasting our Freedom

2007-09-18 Thread Can E. Acar
Lennart Sorensen wrote:
> On Tue, Sep 18, 2007 at 11:55:29AM -0700, Can E. Acar wrote:
>> Well, they can add their names *anywhere* in the whole file, *except*
>> these two lines. See, these lines have a whole different meaning
>> when it comes to laws.  When they make sufficient contribution, they
>> sure can add their names. What is so difficult to understand here?
> 
> Please define "Sufficient contribution".  And in what juristiction that
> definition applies.

Please note that I am not a lawyer. It would be best if you do
your own research, and consult a lawyer.

Please look up the definition of derivative work. Even Wikipedia would
do for
some basic definitions. The copyright laws in most countries adhere to the
"Berne Convention", yet another phrase to look up.

>From my own research, one guideline I would consider is:
"The new material must be original and copyrightable in itself."

But, again, if it comes to that, the lawyers will decide and we can have
no more say on the subject.

Let me, instead tell you how we handle this when working on BSD code:
We communicate. If we feel we did some extensive changes to a file, we ask.
Get OKs from other senior developers, preferably the authors and then add
our name.

During our license audits of the OpenBSD tree, a couple of years ago, our
developers went into great pains to locate the authors and clarify
the questionable licenses that were our tree.  We are actively working
on replacing the remaining non-BSD licensed code in our tree. Not by
slapping
on our own licenses, but by asking the authors nicely to relicense, finding
replacements with an acceptable license, or by rewriting them.


Can

-- 
In theory, there is no difference between theory and practice.
But, in practice, there is.



Re: Wasting our Freedom

2007-09-18 Thread Jeff Garzik

Can E. Acar wrote:

As long as it is not a derived work, Reyk gets to decide who is in the
copyright. Even if it is a derived work, it is polite to ask.


Additional work went in, thus additional copyrights were added.



I am really disappointed by all this.  I would have expected that once
such a patch is suggested (let alone being committed to some public place)


In a purely open development environment, even personal developer trees 
are made public.  That's the way we _want_ development to occur.  Out in 
public, with a full audit trail.


Your implied ideal scenario is tantamount to guaranteeing that mistakes 
are never committed to a public repository anywhere.  Mistakes will 
happen.  Even legal mistakes.  In public.




some senior/respected/responsible Linux person would tell them what they
are doing is wrong.  Right from the start.


What you are seeing is an example of mistakes that were caught in 
review, and corrected.


That's how any scalable review process works...  the developer reviews 
his own work.  the team reviews the developer's work.  the maintainer 
reviews the team's work.  the next maintainer reviews.  and so on, to 
the top.


Jeff



Re: embedded device

2007-09-18 Thread Boudewijn Ector
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Trash Compactor schreef:
> Alberich de megres wrote:
>> Hi,
>>
>> Can anyone pointme to a embedded device like soekris?, but i want
>> one that
>> performs fine using pf. Better if it have gigabits NICs but if not
>> there's
>> no problem.
>>
>> thanks!
>>
>>  
> There are several by commell (commell.com.tw)
> The LE-564 and LE-565 have nice spec sheets.  Cases for these are a
> little more problematic since I have not seen anyone selling these
> boards with a case.
> I would love to see a 1U case that fits two of these boards and two
> power supplies, for use with CARP and pfsync.
>
> /Jason
>
Try PC-engines boards.pcengines.ch.
my graduation project runs OpenBSD on these boards :)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG8Bxcswhu1gS6+qoRAlKtAKCaJYBebwy+za3MoL9HNfHO/qq64ACgrywt
3OAgVPgvs7ZrKhYeV7QqC9M=
=iy15
-END PGP SIGNATURE-



Re: Wasting our Freedom

2007-09-18 Thread Lennart Sorensen
On Tue, Sep 18, 2007 at 11:55:29AM -0700, Can E. Acar wrote:
> Well, they can add their names *anywhere* in the whole file, *except*
> these two lines. See, these lines have a whole different meaning
> when it comes to laws.  When they make sufficient contribution, they
> sure can add their names. What is so difficult to understand here?

Please define "Sufficient contribution".  And in what juristiction that
definition applies.

--
Len Sorensen



1440x900 resolution problem

2007-09-18 Thread Marius ROMAN
Hi misc,

I can't get the 1440x900 resolution on my Samsung 940BW flat panel
screen to work.
I searched the lists but found nothing that could help me.
Xorg.0.log says something like this :

(II) ATI(0): Not using mode "1440x900" (no mode of this name)

Using gtf (gtf 1440 900 60) I have added :
Modeline "1440x900_60.00"  106.47  1440 1520 1672 1904  900 901 904
932  -HSync +Vsync
to the "Monitor" section on xorg.conf.

Any ideas ?

/var/log/Xorg.0.log
=

(--) checkDevMem: using aperture driver /dev/xf86
(--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32)
(WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device not configured)
(WW) GARTInit: AGPIOC_INFO failed (Device not configured)

X Window System Version 6.9.0 (for OpenBSD)
Release Date: 21 December 2005
X Protocol Version 11, Revision 0, Release 6.9
Build Operating System: OpenBSD 4.1 i386 [ELF]
Current Operating System: OpenBSD localhost 4.1 GENERIC#1450 i386
Build Date: 07 March 2007
Before reporting problems, check http://wiki.X.Org
to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Tue Sep 18 21:14:49 2007
(==) Using config file: "/etc/X11/xorg.conf"
(==) ServerLayout "X.org Configured"
(**) |-->Screen "Screen0" (0)
(**) |   |-->Monitor "Monitor0"
(**) |   |-->Device "Card0"
(**) |-->Input Device "Mouse0"
(**) |-->Input Device "Keyboard0"
(**) FontPath set to
"/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11
/fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/"
(**) RgbPath set to "/usr/X11R6/lib/X11/rgb"
(**) ModulePath set to "/usr/X11R6/lib/modules"
(II) Module ABI versions:
X.Org ANSI C Emulation: 0.2
X.Org Video Driver: 0.8
X.Org XInput driver : 0.5
X.Org Server Extension : 0.2
X.Org Font Renderer : 0.4
(II) Loader running on openbsd
(II) LoadModule: "bitmap"
(II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so
(II) Module bitmap: vendor="X.Org Foundation"
compiled for 6.9.0, module version = 1.0.0
Module class: X.Org Font Renderer
ABI class: X.Org Font Renderer, version 0.4
(II) Loading font Bitmap
(II) LoadModule: "pcidata"
(II) Loading /usr/X11R6/lib/modules/libpcidata.so
(II) Module pcidata: vendor="X.Org Foundation"
compiled for 6.9.0, module version = 1.0.0
ABI class: X.Org Video Driver, version 0.8
(II) PCI: PCI scan (all values are in hex)
(II) PCI: 00:00:0: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80
(II) PCI: 00:00:1: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80
(II) PCI: 00:02:0: chip 8086,1229 card 1028,009b rev 08 class 02,00,00 hdr 00
(II) PCI: 00:06:0: chip 125d,1969 card 125d, rev 01 class 04,01,00 hdr 00
(II) PCI: 00:0e:0: chip 1002,4752 card 1028,00ce rev 27 class 03,00,00 hdr 00
(II) PCI: 00:0f:0: chip 1166,0200 card 1166,0200 rev 50 class 06,01,00 hdr 80
(II) PCI: 00:0f:1: chip 1166,0211 card , rev 00 class 01,01,8a hdr 80
(II) PCI: 00:0f:2: chip 1166,0220 card 1166,0220 rev 04 class 0c,03,10 hdr 80
(II) PCI: 01:02:0: chip 9005,00cf card 1028,00ce rev 01 class 01,00,00 hdr 80
(II) PCI: 01:02:1: chip 9005,00cf card 1028,00ce rev 01 class 01,00,00 hdr 80
(II) PCI: End of PCI scan
(II) Host-to-PCI bridge:
(II) Bus 0: bridge is at (0:0:0), (0,0,1), BCTRL: 0x0008 (VGA_EN is set)
(II) Bus 0 I/O range:
[0] -1  0   0x - 0x (0x1) IX[B]
(II) Bus 0 non-prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(II) Bus 0 prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(II) PCI-to-ISA bridge:
(II) Bus -1: bridge is at (0:15:0), (0,-1,-1), BCTRL: 0x0008 (VGA_EN is set)
(II) Host-to-PCI bridge:
(II) Bus 1: bridge is at (0:0:0), (1,1,0), BCTRL: 0x0008 (VGA_EN is set)
(II) Bus 1 I/O range:
[0] -1  0   0x - 0x (0x1) IX[B]
(II) Bus 1 non-prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(II) Bus 1 prefetchable memory range:
[0] -1  0   0x - 0x (0x0) MX[B]
(--) PCI:*(0:14:0) ATI Technologies Inc Rage XL rev 39, Mem @
0xfc00/24, 0xfe101000/12, I/O @ 0xe800/8
(II) Addressable bus resource ranges are
[0] -1  0   0x - 0x (0x0) MX[B]
[1] -1  0   0x - 0x (0x1) IX[B]
(II) OS-reported resource ranges:
[0] -1  0   0x0010 - 0x3fff (0x3ff0) MX[B]E(B)
[1] -1  0   0x000f - 0x000f (0x1) MX[B]
[2] -1  0   0x000c - 0x000e (0x3) MX[B]
[3] -1  0   0x - 0x0009 (0xa) MX[B]
   

Re: Wasting our Freedom

2007-09-18 Thread Can E. Acar
Theodore Tso wrote:
> On Mon, Sep 17, 2007 at 03:06:37PM -0700, Can E. Acar wrote:
>> The only remaining issue is whether Nick & Jiri have enough
>> original contributions to the code to be added to the Copyright.
>>
>> I believe this needs to be resolved between Reyk and Nick and Jiri.
>>
>> The main reason of Theo's message, linked earlier, was the
>> lack of response on this issue. It seems that the SFLC is
>> dismissing this issue, and thus stalling its resolution by the
>> developers.
> 
> OK, so all of this flaming, and digging up of "licenses ripped off",
> and chaff thrown up in the air, and moaning and bewailing about
> "theft", is now down to these two lines regarding Nick and Jiri:

Yes, quite an improvement, considering how it all started, dont you think?
Pity it took so much pushing and dragging to get people to do the right
thing.
There is just one little step to go. It is can not be that hard, can it?


>> * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]>
>> * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
>> * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>
>> [snip rest of BSD license]
> 
> It's under a BSD license; what material difference does those two
> lines make, for goodness sake?  It's under a BSD license, so it's not
> like anything won't be "given back".

As a programmer, you sure would know what difference any "two lines"
would make on your program. When it comes to law, you seem to lose
that intuition.


> Whether or not they have made
> enough for changes is really a question for the lawyers, and may
> differ from one jurisdiction to another
> --- but whether or not they have now, or maybe will not make until later ---

Well, they can add their names *anywhere* in the whole file, *except*
these two lines. See, these lines have a whole different meaning
when it comes to laws.  When they make sufficient contribution, they
sure can add their names. What is so difficult to understand here?

I have seen some academic papers, where the first author did all the work,
the second author is the professor who funded the work, and the remaining
five "authors" are just coming along for a ride.  You know what the
difference is? The original author *allows* them to put their names as
authors.

Here, you are adding names, and say "why not". It is both unethical and
illegal.

> does it really make a
> difference?  Who gets hurt if someone gets they get a bit more credit
> than they deserve?  Certainly the most important thing is that Reyk is
> given proper credit, right?

As long as it is not a derived work, Reyk gets to decide who is in the
copyright. Even if it is a derived work, it is polite to ask.

If, at the beginning, Nick and Jiri, and others asked Reyk to be included
in the Copyright for the adaptation work they did on the HAL. I do not
believe he would have refused. I can not talk for him, but things would
be have been resolved in a much nicer and positive way.

Instead they chose to push Reyk for months to dual license his code,
then attempted to change the whole license. Even now, when there is
just a small issue left, people are still dragging and resisting.

I am really disappointed by all this.  I would have expected that once
such a patch is suggested (let alone being committed to some public place)
some senior/respected/responsible Linux person would tell them what they
are doing is wrong.  Right from the start.  I now see this is not how
things work around here.  Senior developers are either too busy or
reluctant to get their hands dirty. In OpenBSD, (which, I accept is a
much smaller community) when one developer does something wrong,
the clue stick is there to be used by one of the more experienced
developers.
Which means, issues are resolved quickly and with much less pain.


Can

-- 
In theory, there is no difference between theory and practice.
But, in practice, there is.



Re: question on spamd blacklisted hosts

2007-09-18 Thread Juan Miscaro
--- Darrin Chandler <[EMAIL PROTECTED]> wrote:

> On Tue, Sep 18, 2007 at 10:30:45AM -0400, Juan Miscaro wrote:
> > { This is a resend.  No replies after 24 hours }
> > 
> > Running OBSD 4.0 here.
> > 
> > I was under the impression that spamd only did greylisting and
> dynamic
> > whitelisting.  Static blacklisting available via spamd-setup (and
> > pseudo-whitelisting; of some of those blacklisted hosts).
> > 
> > But not dynamic blacklisting.
> 
> It can also blacklist for 24 hours for spamtrap addresses.


I'm not using the spamtrap feature.


> > I occasionally get log messages like:
> > 
> >  spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> > <[EMAIL PROTECTED]>
> > 
> > I searched my spamdb table (static blacklist) and the IP address
> above
> > is not in there.
> > 
> > What am I missing?
> 
> You are missing a lot of detective work on your end, for starters.
> 
> That IP address certainly isn't Microsoft. It's probably sent spam
> under
> different domains as well. It could have been in a blacklist via
> spamd-setup, or one of your own spamtraps (if you're using them), or


I know it's not Microsoft related.

Yes, I'm trying to ascertain why it was seen as a blacklisted host when
I cannot find this IP address in my pf spamd table.


> 
> Search your spamd logs for that IP and you should see the
> connect/disconnect lines that may show "lists: xxx" where "xxx" will
> be
> the list that it's on. If you are keeping logs long enough, or if you
> catch this quick enough, you can also see the initial interaction.


It's all there.  I'm now trying to figure out why.


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca



Re: question on spamd blacklisted hosts

2007-09-18 Thread Juan Miscaro
--- Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote:

> Juan Miscaro wrote:
> > { This is a resend.  No replies after 24 hours }
> >
> > Running OBSD 4.0 here.
> >
> > I was under the impression that spamd only did greylisting and
> dynamic
> > whitelisting.  Static blacklisting available via spamd-setup (and
> > pseudo-whitelisting; of some of those blacklisted hosts).
> >
> > But not dynamic blacklisting.
> >
> > I occasionally get log messages like:
> >
> >  spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> > <[EMAIL PROTECTED]>
> >
> > I searched my spamdb table (static blacklist) and the IP address
> above
> > is not in there.
> >
> > What am I missing?
> >
> >   
> 
> man spamd-setup
> 
> search for spamd-setup in the spamd manpage


Did that already.  See my other replies to this thread.



  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca



Re: Define hosts lookup for pf.conf

2007-09-18 Thread Richard Toohey
It's telling you exactly what's wrong - you have not specified any  
code for the -e option.


man perl:

SYNOPSIS
   perl [ -sTuU ] [ -hv ] [ -V[:configvar] ]
   [ -cw ] [ -d[:debugger] ] [ -D[number/list] ]
   [ -pna ] [ -Fpattern ] [ -l[octal] ] [ -0[octal] ]
   [ -Idir ] [ -m[-]module ] [ -M[-]'module...' ]
   [ -P ] [ -S ] [ -x[dir] ]
   [ -i[extension] ] [ -e 'command' ] [ -- ] [ programfile ]  
[ argu-

   ment ]...

In the code snippet I sent I specified some code that tried to pull  
in the Socket module (I just copied the first two perl lines of  
David's script):


$ perl -e 'use strict; use Socket; print("hello\n");'

perl -e on its own will raise the error you have seen.

If a module is missing you will get something along the lines of:

perl -e 'use no-such-module;'
Can't locate no.pm in @INC (@INC contains: [cut blah-blah-blah]) at - 
e line 1.

BEGIN failed--compilation aborted at -e line 1.

But we are wandering well outside the realms of OpenBSD and into  
perl.  Try http://www.perlmonks.org/ or http://www.perl.com/ as  
starting points.


On 19/09/2007, at 3:21 AM, pichi wrote:


The Socket module should also be there:

$ perl -e 'use strict; use Socket; print("hello\n");'
hello


Thanks,

I have perl installed:

$perl -v

$This is perl, v5.8.8 built for i386-openbsd

but it looks like I dont have the socket module becuase when I do:

$perl -e

I get:

$No code specified for -e.

How can I add that module, and again, is is it safe for a publically
accessable firewall?

Many thanks from the newby,

Pedro


--
View this message in context: http://www.nabble.com/Define-hosts- 
lookup-for-pf.conf-tf4469900.html#a12759409

Sent from the openbsd user - misc mailing list archive at Nabble.com.




Re: OpenBGPd Regular Expression

2007-09-18 Thread Claudio Jeker
On Tue, Sep 18, 2007 at 12:25:02PM -0500, [EMAIL PROTECTED] wrote:
> I saw from a thread a while back that putting as-path regular
> expression support into OpenBGPd was being considered.  I'm testing
> out a 4.2 snapshot, and so far it doesn't seem to be there just yet.
> 
> For various reasons, I'd like to be able to tweak prefixes based on
> some specific as-path values a la Juniper.  This kind of stuff:
> 
> Criteria: Path whose second AS number must be 56 or 78.
> Regular Expression: (. 56) | (. 78) or . (56|78)
> Example Matches:  1234 56 and/or 34 78
> 
> http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html
> 
> Anyone know if this is in the works?
> 

Adding a better AS filter list is on my todo list since a long time. We
will not implement a full regex -- cisco demonstrated once again why regex
is a bad idea.

Just a few thoughts. I do not like the | (or) operator. This can be
written with two rules without any issues. I guess we will support +, ., -
, ^ and $.

-- 
:wq Claudio



Re: question on spamd blacklisted hosts

2007-09-18 Thread Juan Miscaro
--- "Peter N. M. Hansteen" <[EMAIL PROTECTED]> wrote:

> Juan Miscaro <[EMAIL PROTECTED]> writes:
> 
> > { This is a resend.  No replies after 24 hours }
> 
> That could have been due to too little information.
> 
> > Running OBSD 4.0 here.
> >
> > I was under the impression that spamd only did greylisting and
> dynamic
> > whitelisting.  Static blacklisting available via spamd-setup (and
> > pseudo-whitelisting; of some of those blacklisted hosts).
> 
> I had to go back and check, but 4.0 has greytrapping.  Are you
> perhaps
> using that in your setup? 
> 
> > I occasionally get log messages like:
> >
> >  spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> > <[EMAIL PROTECTED]>
> 
> Well, one obvious deficiency here is that you cut out the timestamp.
> If you're using either greytrapping or one of the more frequently
> updated downloadable blaclists (such as Beck's from UoA), it's quite
> possible that the address was in the blacklist at the time but its
> entry expired.

I _am_ using blacklists with spamd-setup and I _did_ check the
blacklisted hosts immediately after seeing the message.  Perhaps my
command is messed up:

sudo pfctl -t spamd -T show | grep 65.216.123.37


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca



Re: Wasting our Freedom

2007-09-18 Thread Gilles Chehade
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote:
>
> [...]
>
> Petty, isn't it?  Let's just say it's b.s. like this which is why, 16
> years ago, I decided to work with Linux instead of BSD.
> 

Fortunately, no one seems to miss you so much in the BSD camp ;-)

Gilles



Re: Wasting our Freedom

2007-09-18 Thread Marco Peereboom
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote:
> On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote:
> > Now if they'd fix the copyright message to only mention Reyk all would
> > be good.
> 
> It *does* mention Reyk, if you would bother to look.  The thing which
> Theo is kvetching about, and which apparently is enough to cause the
> *BSD zombies to start attacking without actually _checking_ _for_
> _themselves_ is whether or not Jiri and Nick did enough to work so
> they should have their names listed in the headers.  In other words,
> all of the megabytes and megabhytes of flamewar is over these two
> lines:
> 
> > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>

Its simple; this is illegal.  Those two fruitcakes didn't do jack and
can therefore not claim copyright.  Would be the same as me taking the
linux kernel and adding myself to each file.  I am pretty sure some
people would be up in arms about that.

> 
> Petty, isn't it?  Let's just say it's b.s. like this which is why, 16
> years ago, I decided to work with Linux instead of BSD.

I don't make the laws and I did not break any so you call it whatever
you like.

> 
>   - Ted
> 
> P.S.  And yes, before those two lines is:
> 
> > * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]>

So what?  you don't get a cookie for abiding the law.

> 
> and after those two lines is the BSD permission notice.

Where it belongs.  Again you don't get a cookie for doing what you are
supposed to do.

Just like you don't get a cookie for taking care of your kids; you're
supposed to do that.



OpenBGPd Regular Expression

2007-09-18 Thread nachocheeze
I saw from a thread a while back that putting as-path regular
expression support into OpenBGPd was being considered.  I'm testing
out a 4.2 snapshot, and so far it doesn't seem to be there just yet.

For various reasons, I'd like to be able to tweak prefixes based on
some specific as-path values a la Juniper.  This kind of stuff:

Criteria: Path whose second AS number must be 56 or 78.
Regular Expression: (. 56) | (. 78) or . (56|78)
Example Matches:  1234 56 and/or 34 78

http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html

Anyone know if this is in the works?



Re: embedded device

2007-09-18 Thread Trash Compactor

Alberich de megres wrote:

Hi,

Can anyone pointme to a embedded device like soekris?, but i want one that
performs fine using pf. Better if it have gigabits NICs but if not there's
no problem.

thanks!

  

There are several by commell (commell.com.tw)
The LE-564 and LE-565 have nice spec sheets.  Cases for these are a 
little more problematic since I have not seen anyone selling these 
boards with a case.
I would love to see a 1U case that fits two of these boards and two 
power supplies, for use with CARP and pfsync.


/Jason



Re: OpenBSD Install Goal

2007-09-18 Thread Jan Stary
> >>I hope one day soon OpenBSD will adopt a nice ncurses setup similar
> >>to something like FreeBSD with ease to it.

There is no _need_ for a "nice curses setup" - the current installer
already "has ease to it"w, to put it mildly. In fact, OpenBSD's
installer is the best I have met during my years-long career of
a sysadmin.

You are given a brand new machine; you bring your install CD; and after
four minutes of using the standard tools (disklabel, fdisk, ifconfig,
...) you are already very familiar with, you have a fully working box,
modulo afterboot.

Jan



problems with ral0 and OBSD 4.0

2007-09-18 Thread Alessandro Roncari
Hello

I have the following issue with ralink wireless card, acting in hostap 
mode

> hardware: ral-rt2561s board acting as access point on a Soekris 
> Net4501, running OpenBSD 4.0.


can't seem to make it work like it should, even with a 9dBi antenna the 
signal is very weak and much weaker than my old netgear AP. weak and 
unstable

everything is set up correctly

# dmesg | grep ral0
ral0 at pci0 dev 16 function 0 "Ralink RT2561S" rev 0x00: irq 10, 
address 00:12:0e:61:80:98
ral0: MAC/BBP RT2561C, RF RT5225


ral0: flags=8843 mtu 1500
 lladdr 00:12:0e:61:80:98
 media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap)
 status: active
 ieee80211: nwid xxx chan 11 bssid 00:12:0e:61:80:98 nwkey  
100dBm
 inet 192.168.x.x netmask 0xff00 broadcast 192.168.x.xxx
 inet6 fe80::212:eff:fe61:8098%ral0 prefixlen 64 scopeid 0x1

but it seems it's all working at very small % of its power.
question is: is this a known bug in the driver?? or is there anything I 
could do to improve the situation?

Thanks,

Alessandro
Soekris docs & rulesets http://sekureshell.altervista.org



Re: Wasting our Freedom

2007-09-18 Thread frantisek holop
hmm, on Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso said that
> On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote:
> > Now if they'd fix the copyright message to only mention Reyk all would
> > be good.
> 
> It *does* mention Reyk, if you would bother to look.  The thing which

the keyword is `only'.  only = him and noone else (at the moment)

> Theo is kvetching about, and which apparently is enough to cause the
> *BSD zombies to start attacking without actually _checking_ _for_
> _themselves_ is whether or not Jiri and Nick did enough to work so
> they should have their names listed in the headers.  In other words,

are you publicly stating that you have checked, and found the amount
of work done justifying a (c) addition of not even one but 2 persons?

> all of the megabytes and megabhytes of flamewar is over these two
> lines:
> 
> > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>
> 
> Petty, isn't it?  Let's just say it's b.s. like this which is why, 16
> years ago, I decided to work with Linux instead of BSD.

so you don't mind if a couple of us go around adding say 10 lines
of code to files you authored, and then put our copyrights under
your name?  good!  i am glad to hear that.  a bit of additional
"undeserved credit" is always welcome anyway.
would look good in my cv.


it is not just a bit of undeserved credit.  the (c) owners will
be asked in the future regarding any legal aspects of the files
they hold copyrights to.  i don't think those 2 gentlemen have
earned that yet.

-f
-- 
dum spiro spero --  as long as i breathe i hope



Re: Wasting our Freedom

2007-09-18 Thread Denis Doroshenko
On 9/18/07, Theodore Tso <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote:
> > Now if they'd fix the copyright message to only mention Reyk all would
> > be good.
>
> It *does* mention Reyk, if you would bother to look.  The thing which
> Theo is kvetching about, and which apparently is enough to cause the
> *BSD zombies to start attacking without actually _checking_ _for_
> _themselves_ is whether or not Jiri and Nick did enough to work so
> they should have their names listed in the headers.

and did they really do enough? if those names shouldn't be there, why
play childish games and insist on putting them in?

>  In other words,
> all of the megabytes and megabhytes of flamewar is over these two
> lines:
>
> > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>
>
> Petty, isn't it?

and what so petty is there? who can show what those two added to the
original work so that according to the law they are allowed to put
their names in there?

>  Let's just say it's b.s. like this which is why, 16
> years ago, I decided to work with Linux instead of BSD.

and who really cares about why you did this or did that? this OT
sentence sounded like real childish BC. if you want to have fun while
coding and share it with others - do it, if you want also to play
contract games - do it; choose BSD or GPL and go with it. however,
whatever you do you must respect laws. if the law says you can put
your name in only if much of work is done, so it must be. there are no
other variants. and everything will come back to you no matter whether
it is good or bad. if you ignore laws using somebody's work, the same
will be done to you one day.

> - Ted


> P.S.  And yes, before those two lines is:
>
> > * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]>
>
> and after those two lines is the BSD permission notice.

P.S. Let's just say that BC like that is why I decided to work with
BSD instead of Linux 11 years ago.



Re: question on spamd blacklisted hosts

2007-09-18 Thread Peter N. M. Hansteen
Juan Miscaro <[EMAIL PROTECTED]> writes:

> { This is a resend.  No replies after 24 hours }

That could have been due to too little information.

> Running OBSD 4.0 here.
>
> I was under the impression that spamd only did greylisting and dynamic
> whitelisting.  Static blacklisting available via spamd-setup (and
> pseudo-whitelisting; of some of those blacklisted hosts).

I had to go back and check, but 4.0 has greytrapping.  Are you perhaps
using that in your setup? 

> I occasionally get log messages like:
>
>  spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>

Well, one obvious deficiency here is that you cut out the timestamp.
If you're using either greytrapping or one of the more frequently
updated downloadable blaclists (such as Beck's from UoA), it's quite
possible that the address was in the blacklist at the time but its
entry expired.

Also, at least if you're running with spamd -v, you should be able to
find out which blacklist it mathched by grepping your spamd log for
the IP address.  For example, a moment's tail -f /var/log/spamd at one
of my gateways turned up

Sep 18 17:43:36 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL 
PROTECTED]>

Then grep 212.8.32.8 /var/log/spamd yields several screenfuls, with
one useful excerpt

Sep 18 15:06:52 skapet spamd[20795]: 212.8.32.8: connected (8/8), lists: 
spamd-greytrap
Sep 18 15:10:37 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL 
PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: From: Mail Delivery Subsystem 
<[EMAIL PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: To: <[EMAIL PROTECTED]>
Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: Subject: Returned mail: User 
unknown
Sep 18 15:13:21 skapet spamd[20795]: 212.8.32.8: disconnected after 389 
seconds. lists: spamd-greytrap

which shows in both connection and disconnection that it's one of the
poor sods caught in my local greytrapping.  And it's trying to deliver
something or other to a largish subset of the addresses on my spamtrap
list.

Cheers,
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



Re: Define hosts lookup for pf.conf

2007-09-18 Thread pichi
The Socket module should also be there:

$ perl -e 'use strict; use Socket; print("hello\n");'
hello


Thanks,

I have perl installed:

$perl -v

$This is perl, v5.8.8 built for i386-openbsd

but it looks like I dont have the socket module becuase when I do:

$perl -e

I get:

$No code specified for -e.

How can I add that module, and again, is is it safe for a publically
accessable firewall?

Many thanks from the newby,

Pedro


-- 
View this message in context: 
http://www.nabble.com/Define-hosts-lookup-for-pf.conf-tf4469900.html#a12759409
Sent from the openbsd user - misc mailing list archive at Nabble.com.



Re: question on spamd blacklisted hosts

2007-09-18 Thread Darrin Chandler
On Tue, Sep 18, 2007 at 10:30:45AM -0400, Juan Miscaro wrote:
> { This is a resend.  No replies after 24 hours }
> 
> Running OBSD 4.0 here.
> 
> I was under the impression that spamd only did greylisting and dynamic
> whitelisting.  Static blacklisting available via spamd-setup (and
> pseudo-whitelisting; of some of those blacklisted hosts).
> 
> But not dynamic blacklisting.

It can also blacklist for 24 hours for spamtrap addresses.

> I occasionally get log messages like:
> 
>  spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
> <[EMAIL PROTECTED]>
> 
> I searched my spamdb table (static blacklist) and the IP address above
> is not in there.
> 
> What am I missing?

You are missing a lot of detective work on your end, for starters.

That IP address certainly isn't Microsoft. It's probably sent spam under
different domains as well. It could have been in a blacklist via
spamd-setup, or one of your own spamtraps (if you're using them), or ...

Search your spamd logs for that IP and you should see the
connect/disconnect lines that may show "lists: xxx" where "xxx" will be
the list that it's on. If you are keeping logs long enough, or if you
catch this quick enough, you can also see the initial interaction.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation



Re: embedded device

2007-09-18 Thread Jason Dixon

On Sep 18, 2007, at 11:03 AM, "Tang Tse" <[EMAIL PROTECTED]> wrote:


I had a soekis 4801 and pf performs only about 28Mb/s I think.

I trying to set up a router for about 50-100 users and only with  
28Mb/s i hadn't enought there's a big bottle neck.
I general, i read that soekris devices are optimized for power  
consume/heat disipation not for performance.


No reason not to keep this on-list.

You should upgrade to 4.2.  There were pf improvements at c2k7 that  
doubled performance on Soekris (~58Mbps).


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



Re: question on spamd blacklisted hosts

2007-09-18 Thread Jacob Yocom-Piatt

Juan Miscaro wrote:

{ This is a resend.  No replies after 24 hours }

Running OBSD 4.0 here.

I was under the impression that spamd only did greylisting and dynamic
whitelisting.  Static blacklisting available via spamd-setup (and
pseudo-whitelisting; of some of those blacklisted hosts).

But not dynamic blacklisting.

I occasionally get log messages like:

 spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>

I searched my spamdb table (static blacklist) and the IP address above
is not in there.

What am I missing?

  


man spamd-setup

search for spamd-setup in the spamd manpage

cheers,
jake


--
Juan


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca




font problems with vlc, only rectangles are shown

2007-09-18 Thread Didier Wiroth
Hello,
I'm a non-developer and amateur openbsd user.
I'm running current on a test machine, it is my own build (release and 
xenocara) from \
16.09.2007.

I've installed vlc from ports. When I run the vlc application, I can't read the 
font. \
The vlc gui is displayed correctly but the font is replaced with a lot of 
rectangles \
 as a result menus are unusable.

Running vlc (0.8.6c) from the command line shows a lot of Pango-WARNING **:
vlc:/usr/local/lib/vlc/codec/libquicktime_plugin.so: undefined symbol 'NewHandle
Clear'
(.:2694): Pango-WARNING **: File not found
(.:2694): Pango-WARNING **: Failed to load Pango module '/usr/local/lib/pango/1.
5.0/modules/pango-basic-fc.so' for id 'BasicScriptEngineFc'
(.:2694): Pango-WARNING **: File not found
(.:2694): Pango-WARNING **: File not found
(.:2694): Pango-WARNING **: pango_shape called with bad font, expect ugly output
(.:2694): Pango-WARNING **: pango_font_get_glyph_extents called with null font a
rgument, expect ugly output
(.:2694): Pango-WARNING **: pango_font_get_metrics called with null font argumen
t, expect ugly output
(.:2694): Pango-WARNING **: _pango_cairo_font_install called with bad font, expe
ct ugly output

I never had problems with that before, could someone tell me what is wrong 
please?
Did I do some error at some installation point?

"pkg_info pango-1.16.5" shows that mozilla-firefox-2.0.0.6 and seamonkey uses 
it too, \
but they work just fine?!

Thank you very much for helping!
Kind regards 
Didier



question on spamd blacklisted hosts

2007-09-18 Thread Juan Miscaro
{ This is a resend.  No replies after 24 hours }

Running OBSD 4.0 here.

I was under the impression that spamd only did greylisting and dynamic
whitelisting.  Static blacklisting available via spamd-setup (and
pseudo-whitelisting; of some of those blacklisted hosts).

But not dynamic blacklisting.

I occasionally get log messages like:

 spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> ->
<[EMAIL PROTECTED]>

I searched my spamdb table (static blacklist) and the IP address above
is not in there.

What am I missing?

--
Juan


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca



Re: Problem with Intel 4-port NIC

2007-09-18 Thread Stuart Henderson
On 2007/09/18 16:00, Michel Le Cocq wrote:
> I don't understand what you have done to make it working.

Forced the pci-x slot to 66MHz.



New port wanted : Debian/Ubuntu's apt-cacher

2007-09-18 Thread Lars Noodén
I'm helping to set up a couple labs where there are (apparently
intentional) networking problems.  However, locally the connectivity is
fine.  Since a fair number workstation activities will be centered
around Debian and Ubuntu and in order to get usable speeds, packages
have to be cached with apt-cacher:

http://packages.debian.org/stable/net/apt-cacher

However, for what I hope are obvious reasons, I would prefer to run this
on OpenBSD.  Has any one already ported this, started to port this, or
have recommendations about how to start?

To further complicate it, I prioritize Apache2 over 1.3x

Regards,



Re: Wasting our Freedom

2007-09-18 Thread frantisek holop
hmm, on Mon, Sep 17, 2007 at 05:08:46AM -0700, David Schwartz said that
> > As said above, the accusations, if you read them correctly, were not
> > wrong, but spot on right. Unless someone proves that dual-licensing as
> > in "you may follow terms A or terms B at your choice" implicitly implies
> > being allowed to remove A altogether should you choose B.
> 
> You are confusing licenses with license notices. The GPL says you must keep
> GPL license notices intact. Otherwise, it gives you complete freedom to
> modify. This means that if you choose the GPL, you gain (from the GPL) the
> right to remove the BSD license *NOTICE*.
> 
> This has no effect on anyone's substantive rights though. Removing license
> notices has no effect on actual licenses.

but how do i know i have a bsd licensed file
if the license notice has been removed from it?

i know copyright applies to a file which has no (c) line in it,
because it's implicit.  but licenses are not implicit, are they?

-f
-- 
treat each day as your last, one day you will be right.



Re: Problem with Intel 4-port NIC

2007-09-18 Thread Michel Le Cocq
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I don't understand what you have done to make it working.

Michel

Stuart Henderson a icrit :
> On 2007/09/17 13:43, slug bait wrote:
>> Bingo!  I figured out that it was a problem with the checksum
>> offloading shortly after my original email but I had NO clue how
>> to fix it.
>
> it's not actually caused by offloading, but offloading means that
> transfers from the nic to the motherboard aren't protected by the
> standard network checksums, so they pass through to userland with
> bad data (rather than getting rejected in the network stack).
>
>> Everything is working now and I hope I NEVER have to open these
>> 1U cases again.  Jamming the SATA connectors back in after
>> they're covered by the NIC makes me cry.  ;)
>
> (-:
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG79oOtdSucJnea0gRAsaMAKCdvKulvxo4JPndp4V5cZjJQ1MLWACfW3rq
EBcu4J1GKfqdO2Ht2ZDDI8M=
=IevH
-END PGP SIGNATURE-



Re: creating a vpn tunnel to all

2007-09-18 Thread Jonas Thambert
Chris Bullock wrote:
> Background:
> We are using Metro Ethernet to connect several sites to our main office.  In
> order to save money the telco has a couple of sites riding the same vlan
> coming into us. One of these sites is one of our remote offices and the
> other is a competing office.
> 
> Problem:
> Since we are on the vlan there is no way I can route without the possibility
> of someone running a sniffer and sniffing my packets, so my goal is I want
> all my traffic from my remote office to come through my main office even
> Internet.  To map this tunnel using isakmpd would I just create a tunnel to
> 0.0.0.0?
> Regards,
> Chris
> 

Setup VPN between the remote offices and your main site. Aggregate
all the traffic to your main site where you have internet
connectivity using an IGP or static routes.

Should solve your ethernet snooping-problem.


/Jonas



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Julian Leyh
On 03:25 Tue 18 Sep , Jake Conk wrote:
> What do you mean that you put OpenVPN into your hostname.if? Can your
> hostname.if file contain  sh script code? If so is that true also with
> something like hostname.fxp0?

My hostname.ral0:
inet 10.10.1.1 255.255.255.0 NONE media autoselect mediaopt hostap mode 11g 
nwid my_net chan 5
!/usr/local/sbin/openvpn --cd /etc/openvpn --daemon --config server.conf

> Also, what do you mean by use ps?

Well, you can see if it's running and which pid it has... not very
verbose, but it depends on what information you want to get.

Bye,
Julian



Re: Wasting our Freedom

2007-09-18 Thread Theodore Tso
On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote:
> Now if they'd fix the copyright message to only mention Reyk all would
> be good.

It *does* mention Reyk, if you would bother to look.  The thing which
Theo is kvetching about, and which apparently is enough to cause the
*BSD zombies to start attacking without actually _checking_ _for_
_themselves_ is whether or not Jiri and Nick did enough to work so
they should have their names listed in the headers.  In other words,
all of the megabytes and megabhytes of flamewar is over these two
lines:

> * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]>
> * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]>

Petty, isn't it?  Let's just say it's b.s. like this which is why, 16
years ago, I decided to work with Linux instead of BSD.

- Ted

P.S.  And yes, before those two lines is:

> * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]>

and after those two lines is the BSD permission notice.



TCP Bandwidth Delay Product

2007-09-18 Thread Jake Conk
Hello,

I was wondering if OpenBSD had this feature which FreeBSD and NetBSD
both have which improve my tcp throughput. I was able to configure it
using sysctl net.tcp.inflight.*

Here is a piece from the FreeBSD website: "The TCP Bandwidth Delay
Product Limiting is similar to TCP/Vegas in NetBSD. It can be enabled
by setting net.inet.tcp.inflight.enable sysctl variable to 1. The
system will attempt to calculate the bandwidth delay product for each
connection and limit the amount of data queued to the network to just
the amount required to maintain optimum throughput."

Thanks,
- Jake



Re: Wasting our Bandwidth

2007-09-18 Thread Marco Peereboom
That's it; that easy.

On Tue, Sep 18, 2007 at 02:04:46PM +0200, Xavier Bestel wrote:
> Le mardi 18 septembre 2007 ` 06:29 -0500, Marco Peereboom a icrit :
> > Now if they'd fix the copyright message to only mention Reyk all would
> > be good.
> 
> All this mess so easily solved ? Too good to be true.
> 
>   Xav



Re: Wasting our Freedom

2007-09-18 Thread linux-os (Dick Johnson)
On Tue, 18 Sep 2007, Bodo Eggert wrote:

> Paul de Weerd <[EMAIL PROTECTED]> wrote:
>> On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote:
>
>> | It's not about lazyness of BSD developers, many people who consider the
>> | BSD licence more free than the GPL argue that the advantage of the BSD
>> | licence is that it does not require you to give back.
>> |
>> | Something is wrong if your licence text clearly states that you do not
>> | require getting anything back but you then argue on moral grounds that
>> | something has to be given back.
>>
>> Something is wrong if your licence text clearly states that you MUST
>> give back, but then you don't return the favour on grounds that "hey,
>> they don't require it, so we don't have to".
>
> If you may demand me to give back, why should I(*) not demand the same
thing
> for my contributions?
>
> You're not only asking to contribute to your project, but you're asking me
> to throw my code to the feet of Apple amd Microsoft, who will user it, make
> big bucks and lock out alternatives as far as possible, especially free
ones.
> This happens to not be my idea of sharing code.
>
> You may say it's morally correct for them because they never claimed they'd
> not suck your blood, but did the GPL people claim not to demand others to
> give back? Au contrair, and if it's OK for companies to do what they say
> they would, it will be OK for them and for me, too.
>
>
> *) I did not yet work on a BSD licensed project, but let's asume I did
>
>> It may be perfectly legal, but it's "interesting" to say the least.
>> No, you do not have to give back. But weren't you open source / free
>> software developers ? Why did you pick the GPL ? Because you didn't
>> want someone to run of with your code ? You wanted code to be given
>> back ? Why not do it yourself ?
>
>> By not giving back you're giving a strange signal.
>
> Gee, since you're demanding back anyway, you can use the GPL for your
> project and use my contribution. Problem solved.
>
> Oh, you want people to be free not to share? Freedom includes having the
> moral right to do something. Am I free not to share? Or is this "freedom"
> just an empty shell?
>
> --
> Funny quotes:
> 36. You never really learn to swear until you learn to drive.
>
> Fri_, Spammer: [EMAIL PROTECTED] [EMAIL PROTECTED]
> -

How about [EMAIL PROTECTED]

Cheers,
Dick Johnson
Penguin : Linux version 2.6.22.1 on an i686 machine (5588.30 BogoMips).
My book : http://www.AbominableFirebug.com/
_


The information transmitted in this message is confidential and may be
privileged.  Any review, retransmission, dissemination, or other use of this
information by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient, please notify Analogic
Corporation immediately - by replying to this message or by sending an email
to [EMAIL PROTECTED] - and destroy all copies of this information,
including any attachments, without reading or disclosing them.

Thank you.



Re: Wasting our Bandwidth

2007-09-18 Thread Xavier Bestel
Le mardi 18 septembre 2007 ` 06:29 -0500, Marco Peereboom a icrit :
> Now if they'd fix the copyright message to only mention Reyk all would
> be good.

All this mess so easily solved ? Too good to be true.

Xav



Re: Wasting our Freedom

2007-09-18 Thread Jason Dixon

On Sep 18, 2007, at 7:16 AM, Bodo Eggert wrote:


Paul de Weerd <[EMAIL PROTECTED]> wrote:

On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote:


| It's not about lazyness of BSD developers, many people who  
consider the
| BSD licence more free than the GPL argue that the advantage of  
the BSD

| licence is that it does not require you to give back.
|
| Something is wrong if your licence text clearly states that you  
do not
| require getting anything back but you then argue on moral  
grounds that

| something has to be given back.

Something is wrong if your licence text clearly states that you MUST
give back, but then you don't return the favour on grounds that "hey,
they don't require it, so we don't have to".


If you may demand me to give back, why should I(*) not demand the  
same thing

for my contributions?

You're not only asking to contribute to your project, but you're  
asking me
to throw my code to the feet of Apple amd Microsoft, who will user  
it, make
big bucks and lock out alternatives as far as possible, especially  
free ones.

This happens to not be my idea of sharing code.


Here we go again with the "Evil Corporation".  What exactly have they  
"lock[ed] out"?  How have they magically stopped you from  
distributing your "free" code?


Are you somehow able to make "big bucks" on your own with the GPL  
that you wouldn't have otherwise been able to under the BSD?  If so,  
please let me know.  I want big bucks too!



---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



Re: embedded device

2007-09-18 Thread Jason Dixon

On Sep 18, 2007, at 7:09 AM, Alberich de megres wrote:


Hi,

Can anyone pointme to a embedded device like soekris?, but i want  
one that
performs fine using pf. Better if it have gigabits NICs but if not  
there's

no problem.


We can't make a recommendation if you don't tell us what your  
performance requirements are.  The Soekris are fine for general pf  
use.  The newer 5501's are presumably faster, although I haven't seen  
any benchmarks to date.


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net



Re: Wasting our Freedom

2007-09-18 Thread Marco Peereboom
Now if they'd fix the copyright message to only mention Reyk all would
be good.

On Tue, Sep 18, 2007 at 11:00:13AM +0200, Henning Brauer wrote:
> * Theodore Tso <[EMAIL PROTECTED]> [2007-09-17 23:04]:
> > Number 2, if you take a look at their latest set of changes (which
> > have still not been accepted), the HAL code is under a pure BSD
> > license (ath5k_hw.c).  Other portions are dual licensed, but not the
> > HAL
> 
> if that is true and stays that way - excellenty!
> 
> -- 
> Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
> BS Web Services, http://bsws.de
> Full-Service ISP - Secure Hosting, Mail and DNS Services
> Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: Wasting our Freedom

2007-09-18 Thread Helge Hafting

Jacob Meuser wrote:

On Mon, Sep 17, 2007 at 09:47:43AM +0200, Helge Hafting wrote:

  

Your problem seems to be with the BSD licence,
and the power to alter that licence lies in the BSD community.



I hope you can understand that this mentality is _exactly_ what has
some in the BSD community so upset.
  

First, note that I am not really a linux developer as my only
contributions to linux are testing.

But it really looks like bsd people are more unhappy with their
licence than linux people.  You can ask linux developers to
keep the bsd licence - and the request is not unreasonable.
Nobody is forced to give back, so some people choose not
to.  Some of these have a "GPL" agenda, some have
a commercial agenda. 


I am sure some developers are willing to "give back" bsd code,
but you can't do anything about those who don't. You don't
want to have code "locked up" with GPL, these developers
don't want their code improvements "locked up" in proprietary products.

So - either you will have to accept the current situation, or
adjust the BSD licence to cope with this.


when I see the linux community start to take credit for works they
did not create and I see the linux community respond to warnings
  

Taking credit for the works of others is wrong of course,
no matter what licence is involved.

that people in the community are going overboard and jeopardizing
the linux community, which we do all benefit from, with a more or
less "whatever" attitude, it makes me sad.  it would be like losing
a friend.  I don't like losing friends, so I get vocal.

I don't understand why the linux community can't seem to say, "We
can accept BSD licensed code.  There's no need to add the GPL to
it."  and maybe even, "Although we strongly prefer the GPL,
respect for other licenses is every bit as important as respect
for the GPL."
  

Good points.  But note that the linux community is divided on this,
as on many other issues.  And there is nothing to do about
those who disagree.

I could be wrong, but I strongly believe that if the above was
truly accepted and believed by the community, the actions that
started and spread this whole debacle^Wdebate would not have
happened in the first place.
  

My impression is that the actions that started the
debate was an unauthorized (possibly illegal)
change that the linux community also rejected. 
With that problem solved, the debate turned to

gpl/bsd licencing issues.

look, the GPL legally forces others to keep the same license.
the BSD community is asking the linux community do the same.
and when the linux community refuses, what do you expect the
recourse to be?
  

Clearly, there is the risk of less cooperation.  Or some
kind of licencing scheme that makes sure that code with bsd
origin always can go back into bsd as long as it stays open.

That would solve the problem - if such a scheme is possible.


Helge Hafting



Re: Wasting our Freedom

2007-09-18 Thread Bodo Eggert
Paul de Weerd <[EMAIL PROTECTED]> wrote:
> On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote:

> | It's not about lazyness of BSD developers, many people who consider the
> | BSD licence more free than the GPL argue that the advantage of the BSD
> | licence is that it does not require you to give back.
> | 
> | Something is wrong if your licence text clearly states that you do not
> | require getting anything back but you then argue on moral grounds that
> | something has to be given back.
> 
> Something is wrong if your licence text clearly states that you MUST
> give back, but then you don't return the favour on grounds that "hey,
> they don't require it, so we don't have to".

If you may demand me to give back, why should I(*) not demand the same thing
for my contributions?

You're not only asking to contribute to your project, but you're asking me
to throw my code to the feet of Apple amd Microsoft, who will user it, make
big bucks and lock out alternatives as far as possible, especially free ones.
This happens to not be my idea of sharing code.

You may say it's morally correct for them because they never claimed they'd
not suck your blood, but did the GPL people claim not to demand others to
give back? Au contrair, and if it's OK for companies to do what they say
they would, it will be OK for them and for me, too.


*) I did not yet work on a BSD licensed project, but let's asume I did

> It may be perfectly legal, but it's "interesting" to say the least.
> No, you do not have to give back. But weren't you open source / free
> software developers ? Why did you pick the GPL ? Because you didn't
> want someone to run of with your code ? You wanted code to be given
> back ? Why not do it yourself ?

> By not giving back you're giving a strange signal.

Gee, since you're demanding back anyway, you can use the GPL for your
project and use my contribution. Problem solved.

Oh, you want people to be free not to share? Freedom includes having the
moral right to do something. Am I free not to share? Or is this "freedom"
just an empty shell?

-- 
Funny quotes:
36. You never really learn to swear until you learn to drive.

Fri_, Spammer: [EMAIL PROTECTED] [EMAIL PROTECTED]



embedded device

2007-09-18 Thread Alberich de megres
Hi,

Can anyone pointme to a embedded device like soekris?, but i want one that
performs fine using pf. Better if it have gigabits NICs but if not there's
no problem.

thanks!



creating a vpn tunnel to all

2007-09-18 Thread Chris Bullock
Background:
We are using Metro Ethernet to connect several sites to our main office.  In
order to save money the telco has a couple of sites riding the same vlan
coming into us. One of these sites is one of our remote offices and the
other is a competing office.

Problem:
Since we are on the vlan there is no way I can route without the possibility
of someone running a sniffer and sniffing my packets, so my goal is I want
all my traffic from my remote office to come through my main office even
Internet.  To map this tunnel using isakmpd would I just create a tunnel to
0.0.0.0?
Regards,
Chris



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Gilles Chehade
On Tue, Sep 18, 2007 at 03:25:56AM -0700, Jake Conk wrote:
> Julian,
> 
> What do you mean that you put OpenVPN into your hostname.if? Can your
> hostname.if file contain  sh script code? If so is that true also with
> something like hostname.fxp0?
> 

This is from hostname.if(5)

!command-line
Arbitrary shell commands can be executed using this direc-
tive.  Useful for doing interface specific configuration
such as setting up custom routes using route(8) or estab-
lishing tunnels using ifconfig(8).  It is worth noting that
``\$if'' in a command line will be replaced by the inter-
face name.

Gilles

-- 
On 9/15/07, Richard Stallman <[EMAIL PROTECTED]> wrote:
> Please omit me from the cc list on these messages.



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Craig Skinner

Jake Conk wrote:

Julian,

What do you mean that you put OpenVPN into your hostname.if? Can your
hostname.if file contain  sh script code?


$ man hostname.if

See the section on !command-line


Also, what do you mean by use ps?



$ man ps



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Jake Conk
Julian,

What do you mean that you put OpenVPN into your hostname.if? Can your
hostname.if file contain  sh script code? If so is that true also with
something like hostname.fxp0?

Also, what do you mean by use ps?

Thanks,
- Jake

On 9/18/07, Julian Leyh <[EMAIL PROTECTED]> wrote:
> On 02:05 Tue 18 Sep , Jake Conk wrote:
> > Hello,
> >
> > Simple noob question... I've installed a few packages (ie nrpe2 and
> > openvpn) that on other systems like Linux and even BSD based systems
> > such as FreeBSD provide means of a rc script which can start and stop
> > the service and you can configure this script to be executed on boot.
> >
> > After installing these packages on OpenBSD I've listed the package
> > contents and don't notice any equivalent files that would do this. Are
> > we supposed to write our own startup scripts and place them in
> > /etc/rc.local to be executed when the system boots?
>
> Yes.. Some packages even give you an example how to put it in your
> rc.local.
>
> As for OpenVPN, I put it into my hostname.if, to have it start whenever
> the interface is started at boot time.
>
> > Does OpenBSD not
> > use rc scripts that start/stop/restart/ and status applications?
>
> no, use rc.local and ps ;)
>
> >
> > Thanks,
> > - Jake
> >
>
> You're welcome,
> Julian



Re: bgpd usage

2007-09-18 Thread Tony Sarendal
On 9/17/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Gregory Edigarov <[EMAIL PROTECTED]> [2007-09-17 17:12]:
> > Just a pure interest: has somebody bgpd in production for, say, 2 or 3
> > fullview routing?  I have 6 routers with bgpd but they are IBGP, and
> > therefore does not do fullview routing.
>
> there are many way bigger installations than that.
>
> I have multiple full feeds myself as well.


I run it in the lab to feed prefixes to our CRS-1/GSR/7600 boxes, lots of
prefixes,
with exception for some politician making decisions the thing is
great. Had it up and running in a minute or two.
And it is fast, even on not so fast hardware,



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Julian Leyh
On 02:05 Tue 18 Sep , Jake Conk wrote:
> Hello,
> 
> Simple noob question... I've installed a few packages (ie nrpe2 and
> openvpn) that on other systems like Linux and even BSD based systems
> such as FreeBSD provide means of a rc script which can start and stop
> the service and you can configure this script to be executed on boot.
> 
> After installing these packages on OpenBSD I've listed the package
> contents and don't notice any equivalent files that would do this. Are
> we supposed to write our own startup scripts and place them in
> /etc/rc.local to be executed when the system boots?

Yes.. Some packages even give you an example how to put it in your
rc.local.

As for OpenVPN, I put it into my hostname.if, to have it start whenever
the interface is started at boot time.

> Does OpenBSD not
> use rc scripts that start/stop/restart/ and status applications?

no, use rc.local and ps ;)

> 
> Thanks,
> - Jake
> 

You're welcome,
Julian



Re: Mini PCI card for hostap mode

2007-09-18 Thread Julian Leyh
On 14:49 Mon 17 Sep , Karsten McMinn wrote:
> On 9/17/07, Steve B <[EMAIL PROTECTED]> wrote:
> > Can anyone recommend a vendor that carries mini PCI
> > cards that support hostap mode under OpenBSD?
> 
> man (4) ral is a good place to start. I bought a MSI MN54G
> recently which worked.

I prefer ral(4), too. In my laptop a MSI MP54G5, same in my soekris
net5501, and in my net4801 the one I got with it from Wim, don't know
which one exactly it is.

regards,
Julian



Re: Creating bridge problem

2007-09-18 Thread Stuart Henderson
On 2007/09/18 11:33, Julian Leyh wrote:
> On 03:38 Sat 15 Sep , Jake Conk wrote:
> > ifconfig bridge0 add fxp1
> 
> it's brconfig, not ifconfig.

well spotted.


On 2007/09/17 19:03, Jake Conk wrote:
> > > And it just hangs pretty much forever until i Ctrl-C it... If I put in
> > > my /etc/hostname.bridge0 file...

and that's bridgename.bridge0



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Stuart Henderson
On 2007/09/18 02:05, Jake Conk wrote:
> After installing these packages on OpenBSD I've listed the package
> contents and don't notice any equivalent files that would do this. Are
> we supposed to write our own startup scripts and place them in
> /etc/rc.local to be executed when the system boots? Does OpenBSD not
> use rc scripts that start/stop/restart/ and status applications?

correct; it is common for packages to display instructions about
this when they're installed, especially if it's more complex than
just "start the daemon if the file is executable".

ports/packages include some software which some people use for
this (e.g. monit, runit, maybe some others) but adding to rc.local
is the standard way.



Re: Creating bridge problem

2007-09-18 Thread Julian Leyh
On 03:38 Sat 15 Sep , Jake Conk wrote:
> ifconfig bridge0 add fxp1

it's brconfig, not ifconfig.



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Craig Skinner

Jake Conk wrote:


After installing these packages on OpenBSD I've listed the package
contents and don't notice any equivalent files that would do this. Are
we supposed to write our own startup scripts and place them in
/etc/rc.local to be executed when the system boots? Does OpenBSD not
use rc scripts that start/stop/restart/ and status applications?


http://www.openbsd.org/faq/faq10.html#rc


The package install scripts often advise boot up suggestions, (which you 
can script), or point to readme files.


Then call them from /etc/rc.local and /etc/rc.shutdown, some are so 
simple that a script is not needed, e.g:


echo -n ' squid'
/usr/local/sbin/squid

echo -n ' dovecot'
/usr/local/sbin/dovecot

echo -n ' mailman'
nice -n 18 /usr/local/lib/mailman/bin/mailmanctl -s -q start



What I do is create /usr/local/site and put my local site scripts 
somewhere in there.


echo -n ' viagrad'
su -m _viagrad  /usr/local/site/libexec/viagrad/viagrad start

echo -n ' mailgraph'
/usr/local/site/sbin/mailgraphctl start > /dev/null



Re: Simple startup daemon's on boot question?

2007-09-18 Thread Lars Hansson
On 9/18/07, Jake Conk <[EMAIL PROTECTED]> wrote:
> Are we supposed to write our own startup scripts and place them in
> /etc/rc.local to be executed when the system boots?

Yes.

> Does OpenBSD not use rc scripts that start/stop/restart/ and
> status applications?

No but you can install something like freedt or runit from ports to
get those features.

---
Lars Hansson



Simple startup daemon's on boot question?

2007-09-18 Thread Jake Conk
Hello,

Simple noob question... I've installed a few packages (ie nrpe2 and
openvpn) that on other systems like Linux and even BSD based systems
such as FreeBSD provide means of a rc script which can start and stop
the service and you can configure this script to be executed on boot.

After installing these packages on OpenBSD I've listed the package
contents and don't notice any equivalent files that would do this. Are
we supposed to write our own startup scripts and place them in
/etc/rc.local to be executed when the system boots? Does OpenBSD not
use rc scripts that start/stop/restart/ and status applications?

Thanks,
- Jake



Re: Wasting our Freedom

2007-09-18 Thread Henning Brauer
* Theodore Tso <[EMAIL PROTECTED]> [2007-09-17 23:04]:
> Number 2, if you take a look at their latest set of changes (which
> have still not been accepted), the HAL code is under a pure BSD
> license (ath5k_hw.c).  Other portions are dual licensed, but not the
> HAL

if that is true and stays that way - excellenty!

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam



Re: Define hosts lookup for pf.conf

2007-09-18 Thread Richard Toohey

For question 1:

perl should be part of the base install.

From a 4.1 box, base install, NO X, packages installed, etc.

$ perl -v

This is perl, v5.8.8 built for i386-openbsd
[cut]

The Socket module should also be there:

$ perl -e 'use strict; use Socket; print("hello\n");'
hello

For question 2:

You will need wiser heads than mine.  But I'm pretty sure the answer  
will be along the lines of "it depends" - there's danger getting out  
of bed and crossing the road ...


On 18/09/2007, at 6:35 PM, pichi wrote:


Dave,

Thanks so much for your help. I have never touched perl but I will  
give it a

try. Still, I have other questiones:

1. What software will I need to install on the firewalll in order  
for this

script to work?
2. Is there any danger in having this kind of software on a publically
accessable firewall?


Muchas Gracias,

Pedro
Granada Spain


--
View this message in context: http://www.nabble.com/Define-hosts- 
lookup-for-pf.conf-tf4469900.html#a12750872

Sent from the openbsd user - misc mailing list archive at Nabble.com.




Re: samba performance redux

2007-09-18 Thread Claudio Jeker
On Mon, Sep 17, 2007 at 09:04:41PM -0500, Jacob Yocom-Piatt wrote:
> am having trouble getting samba on my 4.1-release machine to deliver 
> more than 3-7 MBps transfer speed. this is horribly slow, even on 100 
> Mbps, and i'm hoping there are folks out there who can assist me in 
> tuning this properly.
> 
> the following is set in smb.conf
> 
>   read raw = yes
>   write raw = yes
>   oplocks = yes
>   max xmit = 65535
>   dead time = 15
>   getwd cache = yes
> 
> ...
> 
>   socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192
> 
> besides this it's entirely default.
> 

TCP_NODELAY is a bad idea, it should only be used on interactive tcp
sessions like ssh or telnet. SO_SNDBUF=8192 SO_RCVBUF=8192 if this is in
bytes than you are halving the default buffer size. Depending on the
bandwith delay product you may need more than 8k (even the OpenBSD 16k are
to small in many cases).

Not sure if this helps getting more performance out of your system but
that's the most obvious things I have seen right now.
-- 
:wq Claudio



Re: : sudo & wheel group

2007-09-18 Thread Raimo Niskanen
On Mon, Sep 17, 2007 at 10:49:04AM -0400, Woodchuck wrote:
> On Mon, 17 Sep 2007, Chris wrote:
> 
> > On 9/17/07, Darrin Chandler <[EMAIL PROTECTED]> wrote:
> > > problem is. This is why people keep asking you to explain the problem
> > > more.
> > 
> > Sorry for being vague. Ok, I have these in /etc/sudoers for joeuser.
> > joeuser is also in the wheel group.
> > 
> > joeuser server = NOPASSWD: /sbin/mount, /usr/libexec/locate.updatedb
> 
> mount can be leveraged to full root.
> 
> > joeuser server = NOPASSWD: /usr/local/bin/vim /var/www/conf/httpd.conf
> > joeuser server = NOPASSWD: /usr/local/bin/vim /etc/rc.local
> 
> Both of these commands, if done with vi, probably allow joe to
> launch a root shell, ex command :!sh  I don't think vim has any
> better protections.
> 

I just want to remind about for editing files you can use 'sudoedit'
entries. That way you can run any editor, and it runs on a temporary
copy of the target file, and the result is copied to the target
with the right permissions afterwords. Executing shells from e.g vim
is no longer a security hole.

It is all in the man pages sudo(8) and sudoers(5).





-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB