Re: Define hosts lookup for pf.conf
>Pedro, You probably won't get too much more hand-holding >here. You really should have a good look at the tools >available to you before you post to this list. >"man" is your friend, google is your library index. Gentelmen, Sorry if I ran into the Big Boys forum crying. I will be more cautious about what I ask next time. Is there a forum for people who are starting out with OpenBSD? The thing is I am new to it and I am in a situation where reading pages and pages of Google is taking a lot of time away from making it work. But just working a few days with this OS I can see that its very solid and worth the many hours of searching for documentation. >I'm a bit worried about this term "publicly accessible firewall", >it's a contradiction in terms. Firewalls should be nearly invisible, >certainly not public ally accessible. I meant that one of the interfaces was routable on the Internet, not sitting at a table in Starbucks. And your right I try and keep it as invisable as possible. >Perl and the enormous number of modules available for Perl are >tools that can be used on firewalls for administration and although >"bare bones" is a good way to build a firewall (from general >principles), you do need certain tools to manage it. Perl is >one tool that I would miss greatly if it were removed. I cant wait to get perl working for me. It sounds wonderful. Timetime. >Having said that, it's good that you are cautious :-) Thanks Dave. My boss alway say "Be paraniod" Hasta luego, P. -- View this message in context: http://www.nabble.com/Define-hosts-lookup-for-pf.conf-tf4469900.html#a12771675 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Simple startup daemon's on boot question?
Why would you get burned for that? That was an excellent answer! I guess its not the OpenBSD way but that's ok, your system is your system and it should be able to work for you, not you work for it ;) So what drawbacks have you had with this? Thanks, - Jake On 9/18/07, Edwards, David (JTS) <[EMAIL PROTECTED]> wrote: > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of Jake Conk > > Sent: Tuesday, 18 September 2007 6:36 PM > > To: misc@openbsd.org > > Subject: Simple startup daemon's on boot question? > > > > Hello, > > > > Simple noob question... I've installed a few packages (ie nrpe2 and > > openvpn) that on other systems like Linux and even BSD based systems > > such as FreeBSD provide means of a rc script which can start and stop > > the service and you can configure this script to be executed on boot. > > > > After installing these packages on OpenBSD I've listed the package > > contents and don't notice any equivalent files that would do this. Are > > we supposed to write our own startup scripts and place them in > > /etc/rc.local to be executed when the system boots? Does OpenBSD not > > use rc scripts that start/stop/restart/ and status applications? > > I'm probably going to get burnt for this but :-) > > Put this in /etc/rc.conf.local: > --- > local_startup_dir=/etc/rc.d > --- > > Put this in /etc/rc.local > -- > . /etc/rc.conf.local > for f in ${local_startup_dir}/*.sh ; do > if [ -x $f ]; then > logger -p daemon.notice -t rc.local "Starting $f" > $f start > sleep 1 > fi > done > --- > > Create the /etc/rc.d directory and plonk start/stop > executable scripts in there (should all end in .sh). > > To turn a script off temporarily, make it non-executable > or change .sh to .sh.off or something. > > Use numbers (01, 02 etc) in the front of the filename > to determine which scripts run first.. > > I use a template script like this: > -- > #!/bin/sh > # > # To start the pf-syslog log catcher > # > what=syslog-ng > where=/usr/local/sbin > args="" > > KillProc() > { > proc=$1 > sig=$2 > > pid=`ps -xo pid,args | grep -v grep | grep "$proc" | awk '{print $1}'` > > if [ "X$pid" != "X" ]; then > kill -$sig $pid > echo $pid > > else > echo "Nothing to kill" > fi > } > > case "$1" in > "start") > if [ -f $where/$what ]; then > echo "Starting $what" > /$where/$what $args > fi > ;; > "stop") > echo "Stopping $what" > KillProc $what TERM > exit 0 > ;; > *) > echo "$0: Usage $0 start||stop " > ;; > esac > > exit 0 > > > I have found over the years that this approach has a > lot of benefits and few drawbacks. > > Introducing fresh admin staff to BSD is a lot easier > if they don't have to do the "grep for PID" > "kill -TERM PID" thing to stop a running "service". > And of course "look in /etc/rc.local", > work out how to start it then start it.. > > Believe it or not, I've had people reboot servers in > order to stop and start a service .. > > ciao > dave > --- > Dave Edwards
Re: Wasting our Freedom
> sorry, but calling attribution claims of any sort "petty" is nothing > short of dangerous ignorance. Says a man who has a .sig of "SDF Public Access UNIX System - http://sdf.lonestar.org"; Well sdf.lonestar.org claims to be NetBSD so might I suggest your dangerous ignorance starts at the Unix trademark. And please take this where it belongs which is the relevant wireless list. Better yet leave the dispute to those it actually involves, which is not most of the OpenBSD community, nor the Linux kernel team, but a small group of developers in the OpenBSD wireless world and a few people in the ath5k GPL project.
Re: Wasting our Freedom
On Tue, 2007-09-18 at 11:55 -0700, Can E. Acar wrote: > Theodore Tso wrote: > > On Mon, Sep 17, 2007 at 03:06:37PM -0700, Can E. Acar wrote: > >> The only remaining issue is whether Nick & Jiri have enough > >> original contributions to the code to be added to the Copyright. > >> > >> I believe this needs to be resolved between Reyk and Nick and Jiri. > >> > >> The main reason of Theo's message, linked earlier, was the > >> lack of response on this issue. It seems that the SFLC is > >> dismissing this issue,000d8b92-0010lling its resolution by the > >> developers. > > > > OK, so all of this flaming, and digging up of "licenses ripped off", > > and chaff thrown up in the air, and moaning and bewailing about > > "theft", is now down to these two lines regarding Nick and Jiri: > > Yes, quite an improvement, considering how it all started, dont you think? > Pity it took so much pushing and dragging to get people to do the right > thing. > There is just one little step to go. It is can not be that hard, can it? > Apparently. > >> * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]> > >> * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > >> * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> > >> [snip rest of BSD license] > > > > It's under a BSD license; what material difference does those two > > lines make, for goodness sake? It's under a BSD license, so it's not > > like anything won't be "given back". > > As a programmer, you sure would know what difference any "two lines" > would make on your program. When it comes to law, you seem to lose > that intuition. > > > > Whether or not they have made > > enough for changes is really a question for the lawyers, and may > > differ from one jurisdiction to another > > --- but whether or not they have now, or maybe will not make until later --- > > Well, they can add their names *anywhere* in the whole file, *except* > these two lines. See, these lines have a whole different meaning > when it comes to laws. When they make sufficient contribution, they > sure can add their names. What is so difficult to understand here? > So, here is the actual commit of the code in Linville's wireless networking development tree: http://git.kernel.org/?p=linux/kernel/git/linville/wireless-dev.git;a=commitdiff;h=fb32e1730a91e39adcf06ed5254bfc5a65d17a9b It I am not mistaken, it was Sunday afternoon, so probably 5/6 or more of this thread consisting of more than 110 messages (according to my inbox) to LKML was after this time. As this already had the BSD license ... Anyway, as for the changes, I am not going to check the original, but from the first commit up to now is here: http://git.kernel.org/?p=linux/kernel/git/linville/wireless-dev.git;a=blobdiff;f=drivers/net/wireless/ath5k_hw.c;h=e4cc307e9590a71bcc8542c45dbd2caf3f9e8fe5;hp=f273c42d4004b81597e7cfc5f7eec757a7c52910;hb=everything;hpb=fb32e1730a91e39adcf06ed5254bfc5a65d17a9b Running a diffstat shows: ath5k_hw.c | 344 + 1 file changed, 165 insertions(+), 179 deletions(-) But not having the original version, and as the other two lines are already present, I am not going to look closer at the changes. However, the question I wanted to ask, was this: Can all those that still feel that there is a problem, please go and look at the original, compare it to the current, and then determine (ie, go ask a lawyer or some other appropriate person if need be) if the changes is enough of a contribution *BEFORE* posting again? Pretty please with sugar on top? Thanks, M
Re: Define hosts lookup for pf.conf
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of pichi > Sent: Wednesday, 19 September 2007 12:52 AM > To: misc@openbsd.org > Subject: Re: Define hosts lookup for pf.conf > > The Socket module should also be there: > > $ perl -e 'use strict; use Socket; print("hello\n");' > hello Please try to keep track of who said what.. The above came from a post by Richard Toohey [EMAIL PROTECTED] > but it looks like I dont have the socket module becuase when I do: > > $perl -e > > I get: > > $No code specified for -e. This is answered in another post.. Pedro, You probably won't get too much more hand-holding here. You really should have a good look at the tools available to you before you post to this list. "man" is your friend, google is your library index. > How can I add that module, and again, is it safe for a publically > accessable firewall? I'm a bit worried about this term "publicly accessible firewall", it's a contradiction in terms. Firewalls should be nearly invisible, certainly not public ally accessible. Perl and the enormous number of modules available for Perl are tools that can be used on firewalls for administration and although "bare bones" is a good way to build a firewall (from general principles), you do need certain tools to manage it. Perl is one tool that I would miss greatly if it were removed. Perl does not listen on the network so it cannot be attacked directly. Any risk is related to the ability of an attacker to use Perl to their advantage after they have already compromised your firewall. If they own your firewall, all bets are off and the lack of Perl is unlikely to even slow them down. Again, IMHO, there is no risk to installing Perl and any modules you require on a firewall. Having said that, it's good that you are cautious :-) ciao dave --- Dave Edwards
Re: Simple startup daemon's on boot question?
On 2007/09/19 07:11, Edwards, David (JTS) wrote: > Introducing fresh admin staff to BSD is a lot easier > if they don't have to do the "grep for PID" > "kill -TERM PID" thing to stop a running "service". pkill is good for that. unlike some OS, you don't get trained to use a command (killall) which could bite you on certain other OS. > Believe it or not, I've had people reboot servers in > order to stop and start a service .. this is not actually all that bad an idea in the 'start a service' case; it does ensure that it comes up correctly at boot time.
Re: Define hosts lookup for pf.conf
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of pichi > Sent: Tuesday, 18 September 2007 4:05 PM > To: misc@openbsd.org > Subject: Re: Define hosts lookup for pf.conf > > Dave, > > Thanks so much for your help. I have never touched perl but I > will give it a try. Still, I have other questiones: You're welcome. > 1. What software will I need to install on the firewalll in > order for this script to work? Perl is part of the default install. If you save the script somewhere in your path (/usr/local/bin/ works) and make it executable (chmod 755 whatever_you_call_it.pl), then you will be able to call it like: # pfctl -s state | whatever_you_call_it.pl > 2. Is there any danger in having this kind of software on a publically > accessable firewall? Perl is kick-ass magic that once you're half way up the learning curve, you wonder how the hell you ever lived without it.. In my view, there is no risk in having it installed on a firewall and there are many benefits. Frankly I'd be amazed if it isn't already there :-) ciao dave --- Dave Edwards
Re: Simple startup daemon's on boot question?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Jake Conk > Sent: Tuesday, 18 September 2007 6:36 PM > To: misc@openbsd.org > Subject: Simple startup daemon's on boot question? > > Hello, > > Simple noob question... I've installed a few packages (ie nrpe2 and > openvpn) that on other systems like Linux and even BSD based systems > such as FreeBSD provide means of a rc script which can start and stop > the service and you can configure this script to be executed on boot. > > After installing these packages on OpenBSD I've listed the package > contents and don't notice any equivalent files that would do this. Are > we supposed to write our own startup scripts and place them in > /etc/rc.local to be executed when the system boots? Does OpenBSD not > use rc scripts that start/stop/restart/ and status applications? I'm probably going to get burnt for this but :-) Put this in /etc/rc.conf.local: --- local_startup_dir=/etc/rc.d --- Put this in /etc/rc.local -- . /etc/rc.conf.local for f in ${local_startup_dir}/*.sh ; do if [ -x $f ]; then logger -p daemon.notice -t rc.local "Starting $f" $f start sleep 1 fi done --- Create the /etc/rc.d directory and plonk start/stop executable scripts in there (should all end in .sh). To turn a script off temporarily, make it non-executable or change .sh to .sh.off or something. Use numbers (01, 02 etc) in the front of the filename to determine which scripts run first.. I use a template script like this: -- #!/bin/sh # # To start the pf-syslog log catcher # what=syslog-ng where=/usr/local/sbin args="" KillProc() { proc=$1 sig=$2 pid=`ps -xo pid,args | grep -v grep | grep "$proc" | awk '{print $1}'` if [ "X$pid" != "X" ]; then kill -$sig $pid echo $pid else echo "Nothing to kill" fi } case "$1" in "start") if [ -f $where/$what ]; then echo "Starting $what" /$where/$what $args fi ;; "stop") echo "Stopping $what" KillProc $what TERM exit 0 ;; *) echo "$0: Usage $0 start||stop " ;; esac exit 0 I have found over the years that this approach has a lot of benefits and few drawbacks. Introducing fresh admin staff to BSD is a lot easier if they don't have to do the "grep for PID" "kill -TERM PID" thing to stop a running "service". And of course "look in /etc/rc.local", work out how to start it then start it.. Believe it or not, I've had people reboot servers in order to stop and start a service .. ciao dave --- Dave Edwards
Re: Wasting our Freedom
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote: > all of the megabytes and megabhytes of flamewar is over these two > lines: > > > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> > > Petty, isn't it? Let's just say it's b.s. like this which is why, 16 > years ago, I decided to work with Linux instead of BSD. copyright assertion == claim of ownership, or posession. posession is 9/10 of the law. was it petty of UCB to claim copyrights over code USL claimed ownersip of? was it also petty of Novell to claim that they, and not SCO, owned the copyright to UNIX? sorry, but calling attribution claims of any sort "petty" is nothing short of dangerous ignorance. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: OpenBSD Install Goal
On 2007/09/18 18:44, Douglas A. Tutty wrote: > To my mind, even a curses interface to cfdisk and disklabel is not > necessary, but a little more help, e.g. a mini-menu along the bottom, > would go a long way. Of course, the best thing is to have a copy of > Absolute OpenBSD and the FAQ open infront of you when you do the > install. The booklet that comes with the CD set is good enough for most purposes (if you're stuck with a small HD, maybe add a pencil and a calculator if you think it'll help)...
Re: OpenBSD Install Goal
On 9/18/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote: > > You are given a brand new machine; you bring your install CD; and after > > four minutes of using the standard tools (disklabel, fdisk, ifconfig, > > ...) you are already very familiar with, you have a fully working box, > > modulo afterboot. > > The only issue I've seen is that if you are new to OBSD, even if used to > the command line in Linux (not clicky-pointy-lindows) fdisk and > disklabel are new. On linux, the standard non-GUI partitioner is cfdisk > (curses fdisk) while there is not such thing as disklabel). fdisk isn't new; any operating system that has had to partition an i386 system carries along with it the same fdisk-ish pardigm. whether you call it fdisk, or cfdisk, or anaconda disk partitioning, or windows setup, people have been doing the same damn thing for years and shouldn't find differences in implementation intimidating. disklabels aren't a strictly unique thing either; several systems have them. even Linux has to deal with disklabels on non-x86 platforms (e.g. Sun boxen) e.g. http://www.gentoo.org/doc/en/handbook/handbook-sparc.xml?part=1&chap=4. > To my mind, even a curses interface to cfdisk and disklabel is not > necessary, but a little more help, e.g. a mini-menu along the bottom, > would go a long way. Blech. http://www.openbsd.org/faq/faq4.html http://www.openbsd.org/faq/faq14.html ftp://ftp.openbsd.org/pub/OpenBSD/4.1/i386/INSTALL.i386 There are resources a-plenty; anyone who finds it confusing is either trying to install without having read docs, or is not familiar with computers in the first place (and thus needs to read the docs.) Computer users need to get smarter, instead of technology getting dumber for them. DS
Re: OpenBSD Install Goal
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Douglas A. Tutty wrote: [...] > The only issue I've seen is that if you are new to OBSD, even if used to > the command line in Linux (not clicky-pointy-lindows) fdisk and > disklabel are new. On linux, the standard non-GUI partitioner is cfdisk > (curses fdisk) while there is not such thing as disklabel). I think cfdisk is pretty nasty. Standard Linux fdisk, with its highly minimal command-line interface, is far easier to use IMO (but much harder to learn). At least cfdisk is better than the incredibly slow and cumbersome dialog-driven partitioner that Debian has --- I really cannot imagine what they were thinking with that one. Actually, OpenBSD does fall down a bit when it comes to partitioning; it's not just that there are two tools for doing what's pretty much the same job (partitioning chunks of disk), it's that they have such radically different user interfaces. You end up having to learn *two* UIs. I realise that there are implementation reasons why it's necessary to have two apps, but that doesn't help the usability. People might be interested in having a look at Minix's partitioner, part. Minix uses a slice-based system like the BSDs, although with slightly different semantics, and part is a curses-based app that's actually surprisingly easy to use *and* learn, even when doing complicated things. http://minix1.woodhull.com/current/2.0.4/wwwman/man8/part.8.html It's particularly interesting because it has a rather good algorithm for guessing magical values --- point the cursor at a field, and pressing m cycles through all the significant values for that field. It's very rare that I actually have to type a value in; which for something as critical to miscalculation as a partition table is a good design feature. - -- bbb o=o=o< o=o=o=o=o=o=o=o<o=o=o= bbb http://www.cowlark.com bbbbbbbbbbbbbbbbbbb b b "There does not now, nor will there ever, exist a programming language in b which it is the least bit hard to write bad programs." --- Flon's Axiom Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8Fxrf9E0noFvlzgRAtHFAJ9xuoi5AVycWnED4XLguav1EIdjPgCg0pOh ZvwLAZFMIAF2wdQh8tI1bww= =uhyz -END PGP SIGNATURE-
Re: OpenBSD Install Goal
On Tue, Sep 18, 2007 at 07:00:01PM +0200, Jan Stary wrote: > > >>I hope one day soon OpenBSD will adopt a nice ncurses setup similar > > >>to something like FreeBSD with ease to it. > > There is no _need_ for a "nice curses setup" - the current installer > already "has ease to it"w, to put it mildly. In fact, OpenBSD's > installer is the best I have met during my years-long career of > a sysadmin. > > You are given a brand new machine; you bring your install CD; and after > four minutes of using the standard tools (disklabel, fdisk, ifconfig, > ...) you are already very familiar with, you have a fully working box, > modulo afterboot. The only issue I've seen is that if you are new to OBSD, even if used to the command line in Linux (not clicky-pointy-lindows) fdisk and disklabel are new. On linux, the standard non-GUI partitioner is cfdisk (curses fdisk) while there is not such thing as disklabel). To my mind, even a curses interface to cfdisk and disklabel is not necessary, but a little more help, e.g. a mini-menu along the bottom, would go a long way. Of course, the best thing is to have a copy of Absolute OpenBSD and the FAQ open infront of you when you do the install. Doug.
Re: embedded device
On Tue, Sep 18, 2007 at 11:36:54AM -0400, Jason Dixon wrote: > On Sep 18, 2007, at 11:03 AM, "Tang Tse" <[EMAIL PROTECTED]> wrote: > > >I had a soekis 4801 and pf performs only about 28Mb/s I think. > > > >I trying to set up a router for about 50-100 users and only with > >28Mb/s i hadn't enought there's a big bottle neck. > >I general, i read that soekris devices are optimized for power > >consume/heat disipation not for performance. > > No reason not to keep this on-list. > > You should upgrade to 4.2. There were pf improvements at c2k7 that > doubled performance on Soekris (~58Mbps). My understanding of the reason for embedded is for low power consumption and heat disipation. If you're more interested in performance, why are you specifying embedded? Why not specify the throughput and determine the horsepower from that? Doug.
Re: 1440x900 resolution problem
I'm no pro, and anyone please correct me if I'm wrong, but this might work... in xorg.conf under section "monitor"... paste this before "endsection": Modeline"1440x900" 134.52 1440 1536 1688 1936 900 901 904 939 Modeline"1440x900" 132.71 1440 1536 1688 1936 900 901 904 939 Modeline"1440x900" 130.75 1440 1536 1688 1936 900 901 904 938 up above it where you have horiz & vert, you might try: HorizSync31-81 VertRefresh 56-76 ...or maybe... HorizSync 30-92 (I might be off on that) VertRefresh 60-170 (I might be off on that too) And in section "screen" under subsection "display" you might want to update to something like... SubSection "Display" Depth 16 Modes "1440x900" "1280x960" "1366x768" "1280x800" "1152x864" "1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480" EndSubSection SubSection "Display" Depth 24 Modes "1440x900" "1280x960" "1366x768" "1280x800" "1152x864" "1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480" EndSubSection SubSection "Display" Depth 8 Modes "1440x900" "1280x960" "1366x768" "1280x800" "1152x864" "1280x768" "1024x768" "1280x600" "1024x600" "800x600" "768x576" "640x480" EndSubSection Again, apologies in advance if my inexperience has provided incorrect information. I've adjusted my 1680x1050 resolution settings similarly to that above and it worked. Though it might be different for you depending on what all you are using, I'm not sure. -Sean On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote: > Hi misc, > > I can't get the 1440x900 resolution on my Samsung 940BW flat panel > screen to work. > I searched the lists but found nothing that could help me. > Xorg.0.log says something like this : > > (II) ATI(0): Not using mode "1440x900" (no mode of this name) > > Using gtf (gtf 1440 900 60) I have added : > Modeline "1440x900_60.00" 106.47 1440 1520 1672 1904 900 901 904 > 932 -HSync +Vsync > to the "Monitor" section on xorg.conf. > > Any ideas ? > > /var/log/Xorg.0.log > = > > (--) checkDevMem: using aperture driver /dev/xf86 > (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) > (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device not configured) > (WW) GARTInit: AGPIOC_INFO failed (Device not configured) > > X Window System Version 6.9.0 (for OpenBSD) > Release Date: 21 December 2005 > X Protocol Version 11, Revision 0, Release 6.9 > Build Operating System: OpenBSD 4.1 i386 [ELF] > Current Operating System: OpenBSD localhost 4.1 GENERIC#1450 i386 > Build Date: 07 March 2007 > Before reporting problems, check http://wiki.X.Org > to make sure that you have the latest version. > Module Loader present > Markers: (--) probed, (**) from config file, (==) default setting, > (++) from command line, (!!) notice, (II) informational, > (WW) warning, (EE) error, (NI) not implemented, (??) unknown. > (==) Log file: "/var/log/Xorg.0.log", Time: Tue Sep 18 21:14:49 2007 > (==) Using config file: "/etc/X11/xorg.conf" > (==) ServerLayout "X.org Configured" > (**) |-->Screen "Screen0" (0) > (**) | |-->Monitor "Monitor0" > (**) | |-->Device "Card0" > (**) |-->Input Device "Mouse0" > (**) |-->Input Device "Keyboard0" > (**) FontPath set to > "/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/ X11/fonts/Type1/,/usr/X11R6/lib/X11 > /fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/" > (**) RgbPath set to "/usr/X11R6/lib/X11/rgb" > (**) ModulePath set to "/usr/X11R6/lib/modules" > (II) Module ABI versions: > X.Org ANSI C Emulation: 0.2 > X.Org Video Driver: 0.8 > X.Org XInput driver : 0.5 > X.Org Server Extension : 0.2 > X.Org Font Renderer : 0.4 > (II) Loader running on openbsd > (II) LoadModule: "bitmap" > (II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so > (II) Module bitmap: vendor="X.Org Foundation" > compiled for 6.9.0, module version = 1.0.0 > Module class: X.Org Font Renderer > ABI class: X.Org Font Renderer, version 0.4 > (II) Loading font Bitmap > (II) LoadModule: "pcidata" > (II) Loading /usr/X11R6/lib/modules/libpcidata.so > (II) Module pcidata: vendor="X.Org Foundation" > compiled for 6.9.0, module version = 1.0.0 > ABI class: X.Org Video Driver, version 0.8 > (II) PCI: PCI scan (all values are in hex) > (II) PCI: 00:00:0: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80 > (II) PCI: 00:00:1: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80 > (II) PCI: 00:02:0: chip 8086,1229 card 1028,009b rev 08 class 02,00,00 hdr 00 > (II) PCI: 00:06:0: chip 125d,1969 card 125d, rev 01 class 04,01,00 hdr 00 > (II) PCI: 00:0e:0: chip 1002,4752 card 1028,00ce rev 27 class 03,00,00 hdr 00 > (II) PCI: 00:0f:0: chip 1166,0200 card 1166,0200 rev 50 class 06,01,00 hdr 80 > (II) PCI: 00:0f:1: chip 1166,0211 card , re
Re: problems with ral0 and OBSD 4.0
Le 18 sept. 07 ` 18:41, Alessandro Roncari a icrit : Hello I have the following issue with ralink wireless card, acting in hostap mode hardware: ral-rt2561s board acting as access point on a Soekris Net4501, running OpenBSD 4.0. can't seem to make it work like it should, even with a 9dBi antenna the signal is very weak and much weaker than my old netgear AP. weak and unstable everything is set up correctly # dmesg | grep ral0 ral0 at pci0 dev 16 function 0 "Ralink RT2561S" rev 0x00: irq 10, address 00:12:0e:61:80:98 ral0: MAC/BBP RT2561C, RF RT5225 ral0: flags=8843 mtu 1500 lladdr 00:12:0e:61:80:98 media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap) status: active ieee80211: nwid xxx chan 11 bssid 00:12:0e:61:80:98 nwkey 100dBm inet 192.168.x.x netmask 0xff00 broadcast 192.168.x.xxx inet6 fe80::212:eff:fe61:8098%ral0 prefixlen 64 scopeid 0x1 but it seems it's all working at very small % of its power. question is: is this a known bug in the driver?? or is there anything I could do to improve the situation? Update to OpenBSD 4.1 or -current, there were some changes in ral(4) code. e.g. replace rssadapt(9) with amrr for automatic rate control. as a side-effect, this should fix all the "bogus xmit rate" panics users have been complaining about for some time when operating in HostAP mode. Thanks, Alessandro Soekris docs & rulesets http://sekureshell.altervista.org
Re: question on spamd blacklisted hosts
--- Darrin Chandler <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 09:09:24PM +0100, Stuart Henderson wrote: > > On 2007/09/18 13:48, Juan Miscaro wrote: > > > I _am_ using blacklists with spamd-setup and I _did_ check the > > > blacklisted hosts immediately after seeing the message. Perhaps > my > > > command is messed up: > > > > > > sudo pfctl -t spamd -T show | grep 65.216.123.37 > > > > yes, most blacklists use cidr prefixes. > > Yes :) > > Use "test" instead of "show" should help there: > > $ sudo pfctl -t spamd -T test 65.216.123.37 Bingo. Thanks Stuart and Darrin. // juan Get news delivered with the All new Yahoo! Mail. Enjoy RSS feeds right on your Mail page. Start today at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: question on spamd blacklisted hosts
On 2007/09/18 13:48, Juan Miscaro wrote: > I _am_ using blacklists with spamd-setup and I _did_ check the > blacklisted hosts immediately after seeing the message. Perhaps my > command is messed up: > > sudo pfctl -t spamd -T show | grep 65.216.123.37 yes, most blacklists use cidr prefixes.
Re: question on spamd blacklisted hosts
On Tue, Sep 18, 2007 at 09:09:24PM +0100, Stuart Henderson wrote: > On 2007/09/18 13:48, Juan Miscaro wrote: > > I _am_ using blacklists with spamd-setup and I _did_ check the > > blacklisted hosts immediately after seeing the message. Perhaps my > > command is messed up: > > > > sudo pfctl -t spamd -T show | grep 65.216.123.37 > > yes, most blacklists use cidr prefixes. Yes :) Use "test" instead of "show" should help there: $ sudo pfctl -t spamd -T test 65.216.123.37 -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: 1440x900 resolution problem
On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote: > (II) ATI(0): Not using mode "1440x900" (no mode of this name) > > Using gtf (gtf 1440 900 60) I have added : > Modeline "1440x900_60.00" 106.47 1440 1520 1672 1904 900 901 904 > 932 -HSync +Vsync > to the "Monitor" section on xorg.conf. Try matching the name in the Modeline and the one you use in Modes. IOW, use "1440x900_60.00" in both places. Or use "1400x900" in both places. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Status of uvm_fault in 4.2
Hi Back in OpenBSD 4.0 I got the error below regarding a uvm_fualt. According to the cvs logs in pmap.c the bug was not occuring in OpenBSD 4.1 due to some code being reverted, so we switched to that. It seemed to corret the problem until just the other day. I had a computer constantly rebooting all night, and on one of the shutdowns I got the error. I noticed that there is a lot of changes going on in pmap.c since 4.1 and I was wondering on the status of this error? Has it actually been fixed yet? If it has not, is there anything I can do to help? I have a few dual and quad core machines I could use to test any changes. Thanks Jonathan Steel uvm_fault(0x..., 0x..., 0, 1) -> e kernel: page fault trap, code = 0 stopped at pmap_page_remove_86+0x114: 0(%eax, %edx, 4), %eax The trace output is: pmap_page_remove_86(d0d31420,c0,e9b57e2c,d04adeb9,e99f) at pmap_page_remove_86+0x114 uvm_vnp_terminate(d8034e04,0,0,0,0,14,0,d7e95004) at uvm_vnpterminate+0x31f uvm_attach(d8034e04,0,2,0,d7f38378) at uvn_attach+0x2b5 uvm_unmap_detach(d7e959a4,0,d7f3841c,1) at uvm_unmap_detach+-x62 uvmspace_free(d7f38378,6,d08120e0) at uvmspace_free+0xfd uvm_exit(d7fbb868,14,8,286) at uvm_exit+0x19 reaper(d80df430) at reaper+0x90 Bad frame pointer: 0xd0913eb8
Re: 1440x900 resolution problem
Thanks Darrin, I have modified xorg.conf for 1400x900_75 and works great. Now for the list (maybe someone will have the same or related problem): # gtf 1440 900 75 Modeline "1440x900_75.00" 136.49 1440 1536 1688 1936 900 901 904 940 -HSync +Vsync Added the above line to "Monitor" section. On the screen section : SubSection "Display" Viewport 0 0 Depth 24 Modes "1440x900_75.00" EndSubSection Thanks again, Marius On 9/18/07, Darrin Chandler <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 09:44:14PM +0300, Marius ROMAN wrote: > > (II) ATI(0): Not using mode "1440x900" (no mode of this name) > > > > Using gtf (gtf 1440 900 60) I have added : > > Modeline "1440x900_60.00" 106.47 1440 1520 1672 1904 900 901 904 > > 932 -HSync +Vsync > > to the "Monitor" section on xorg.conf. > > Try matching the name in the Modeline and the one you use in Modes. IOW, > use "1440x900_60.00" in both places. Or use "1400x900" in both places. > > -- > Darrin Chandler| Phoenix BSD User Group | MetaBUG > [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ > http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Wasting our Freedom
Lennart Sorensen wrote: > On Tue, Sep 18, 2007 at 11:55:29AM -0700, Can E. Acar wrote: >> Well, they can add their names *anywhere* in the whole file, *except* >> these two lines. See, these lines have a whole different meaning >> when it comes to laws. When they make sufficient contribution, they >> sure can add their names. What is so difficult to understand here? > > Please define "Sufficient contribution". And in what juristiction that > definition applies. Please note that I am not a lawyer. It would be best if you do your own research, and consult a lawyer. Please look up the definition of derivative work. Even Wikipedia would do for some basic definitions. The copyright laws in most countries adhere to the "Berne Convention", yet another phrase to look up. >From my own research, one guideline I would consider is: "The new material must be original and copyrightable in itself." But, again, if it comes to that, the lawyers will decide and we can have no more say on the subject. Let me, instead tell you how we handle this when working on BSD code: We communicate. If we feel we did some extensive changes to a file, we ask. Get OKs from other senior developers, preferably the authors and then add our name. During our license audits of the OpenBSD tree, a couple of years ago, our developers went into great pains to locate the authors and clarify the questionable licenses that were our tree. We are actively working on replacing the remaining non-BSD licensed code in our tree. Not by slapping on our own licenses, but by asking the authors nicely to relicense, finding replacements with an acceptable license, or by rewriting them. Can -- In theory, there is no difference between theory and practice. But, in practice, there is.
Re: Wasting our Freedom
Can E. Acar wrote: As long as it is not a derived work, Reyk gets to decide who is in the copyright. Even if it is a derived work, it is polite to ask. Additional work went in, thus additional copyrights were added. I am really disappointed by all this. I would have expected that once such a patch is suggested (let alone being committed to some public place) In a purely open development environment, even personal developer trees are made public. That's the way we _want_ development to occur. Out in public, with a full audit trail. Your implied ideal scenario is tantamount to guaranteeing that mistakes are never committed to a public repository anywhere. Mistakes will happen. Even legal mistakes. In public. some senior/respected/responsible Linux person would tell them what they are doing is wrong. Right from the start. What you are seeing is an example of mistakes that were caught in review, and corrected. That's how any scalable review process works... the developer reviews his own work. the team reviews the developer's work. the maintainer reviews the team's work. the next maintainer reviews. and so on, to the top. Jeff
Re: embedded device
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Trash Compactor schreef: > Alberich de megres wrote: >> Hi, >> >> Can anyone pointme to a embedded device like soekris?, but i want >> one that >> performs fine using pf. Better if it have gigabits NICs but if not >> there's >> no problem. >> >> thanks! >> >> > There are several by commell (commell.com.tw) > The LE-564 and LE-565 have nice spec sheets. Cases for these are a > little more problematic since I have not seen anyone selling these > boards with a case. > I would love to see a 1U case that fits two of these boards and two > power supplies, for use with CARP and pfsync. > > /Jason > Try PC-engines boards.pcengines.ch. my graduation project runs OpenBSD on these boards :) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG8Bxcswhu1gS6+qoRAlKtAKCaJYBebwy+za3MoL9HNfHO/qq64ACgrywt 3OAgVPgvs7ZrKhYeV7QqC9M= =iy15 -END PGP SIGNATURE-
Re: Wasting our Freedom
On Tue, Sep 18, 2007 at 11:55:29AM -0700, Can E. Acar wrote: > Well, they can add their names *anywhere* in the whole file, *except* > these two lines. See, these lines have a whole different meaning > when it comes to laws. When they make sufficient contribution, they > sure can add their names. What is so difficult to understand here? Please define "Sufficient contribution". And in what juristiction that definition applies. -- Len Sorensen
1440x900 resolution problem
Hi misc, I can't get the 1440x900 resolution on my Samsung 940BW flat panel screen to work. I searched the lists but found nothing that could help me. Xorg.0.log says something like this : (II) ATI(0): Not using mode "1440x900" (no mode of this name) Using gtf (gtf 1440 900 60) I have added : Modeline "1440x900_60.00" 106.47 1440 1520 1672 1904 900 901 904 932 -HSync +Vsync to the "Monitor" section on xorg.conf. Any ideas ? /var/log/Xorg.0.log = (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) (WW) xf86AcquireGART: AGPIOC_ACQUIRE failed (Device not configured) (WW) GARTInit: AGPIOC_INFO failed (Device not configured) X Window System Version 6.9.0 (for OpenBSD) Release Date: 21 December 2005 X Protocol Version 11, Revision 0, Release 6.9 Build Operating System: OpenBSD 4.1 i386 [ELF] Current Operating System: OpenBSD localhost 4.1 GENERIC#1450 i386 Build Date: 07 March 2007 Before reporting problems, check http://wiki.X.Org to make sure that you have the latest version. Module Loader present Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/Xorg.0.log", Time: Tue Sep 18 21:14:49 2007 (==) Using config file: "/etc/X11/xorg.conf" (==) ServerLayout "X.org Configured" (**) |-->Screen "Screen0" (0) (**) | |-->Monitor "Monitor0" (**) | |-->Device "Card0" (**) |-->Input Device "Mouse0" (**) |-->Input Device "Keyboard0" (**) FontPath set to "/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11 /fonts/CID/,/usr/X11R6/lib/X11/fonts/75dpi/,/usr/X11R6/lib/X11/fonts/100dpi/" (**) RgbPath set to "/usr/X11R6/lib/X11/rgb" (**) ModulePath set to "/usr/X11R6/lib/modules" (II) Module ABI versions: X.Org ANSI C Emulation: 0.2 X.Org Video Driver: 0.8 X.Org XInput driver : 0.5 X.Org Server Extension : 0.2 X.Org Font Renderer : 0.4 (II) Loader running on openbsd (II) LoadModule: "bitmap" (II) Loading /usr/X11R6/lib/modules/fonts/libbitmap.so (II) Module bitmap: vendor="X.Org Foundation" compiled for 6.9.0, module version = 1.0.0 Module class: X.Org Font Renderer ABI class: X.Org Font Renderer, version 0.4 (II) Loading font Bitmap (II) LoadModule: "pcidata" (II) Loading /usr/X11R6/lib/modules/libpcidata.so (II) Module pcidata: vendor="X.Org Foundation" compiled for 6.9.0, module version = 1.0.0 ABI class: X.Org Video Driver, version 0.8 (II) PCI: PCI scan (all values are in hex) (II) PCI: 00:00:0: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80 (II) PCI: 00:00:1: chip 1166,0009 card , rev 06 class 06,00,00 hdr 80 (II) PCI: 00:02:0: chip 8086,1229 card 1028,009b rev 08 class 02,00,00 hdr 00 (II) PCI: 00:06:0: chip 125d,1969 card 125d, rev 01 class 04,01,00 hdr 00 (II) PCI: 00:0e:0: chip 1002,4752 card 1028,00ce rev 27 class 03,00,00 hdr 00 (II) PCI: 00:0f:0: chip 1166,0200 card 1166,0200 rev 50 class 06,01,00 hdr 80 (II) PCI: 00:0f:1: chip 1166,0211 card , rev 00 class 01,01,8a hdr 80 (II) PCI: 00:0f:2: chip 1166,0220 card 1166,0220 rev 04 class 0c,03,10 hdr 80 (II) PCI: 01:02:0: chip 9005,00cf card 1028,00ce rev 01 class 01,00,00 hdr 80 (II) PCI: 01:02:1: chip 9005,00cf card 1028,00ce rev 01 class 01,00,00 hdr 80 (II) PCI: End of PCI scan (II) Host-to-PCI bridge: (II) Bus 0: bridge is at (0:0:0), (0,0,1), BCTRL: 0x0008 (VGA_EN is set) (II) Bus 0 I/O range: [0] -1 0 0x - 0x (0x1) IX[B] (II) Bus 0 non-prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) Bus 0 prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) PCI-to-ISA bridge: (II) Bus -1: bridge is at (0:15:0), (0,-1,-1), BCTRL: 0x0008 (VGA_EN is set) (II) Host-to-PCI bridge: (II) Bus 1: bridge is at (0:0:0), (1,1,0), BCTRL: 0x0008 (VGA_EN is set) (II) Bus 1 I/O range: [0] -1 0 0x - 0x (0x1) IX[B] (II) Bus 1 non-prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (II) Bus 1 prefetchable memory range: [0] -1 0 0x - 0x (0x0) MX[B] (--) PCI:*(0:14:0) ATI Technologies Inc Rage XL rev 39, Mem @ 0xfc00/24, 0xfe101000/12, I/O @ 0xe800/8 (II) Addressable bus resource ranges are [0] -1 0 0x - 0x (0x0) MX[B] [1] -1 0 0x - 0x (0x1) IX[B] (II) OS-reported resource ranges: [0] -1 0 0x0010 - 0x3fff (0x3ff0) MX[B]E(B) [1] -1 0 0x000f - 0x000f (0x1) MX[B] [2] -1 0 0x000c - 0x000e (0x3) MX[B] [3] -1 0 0x - 0x0009 (0xa) MX[B]
Re: Wasting our Freedom
Theodore Tso wrote: > On Mon, Sep 17, 2007 at 03:06:37PM -0700, Can E. Acar wrote: >> The only remaining issue is whether Nick & Jiri have enough >> original contributions to the code to be added to the Copyright. >> >> I believe this needs to be resolved between Reyk and Nick and Jiri. >> >> The main reason of Theo's message, linked earlier, was the >> lack of response on this issue. It seems that the SFLC is >> dismissing this issue, and thus stalling its resolution by the >> developers. > > OK, so all of this flaming, and digging up of "licenses ripped off", > and chaff thrown up in the air, and moaning and bewailing about > "theft", is now down to these two lines regarding Nick and Jiri: Yes, quite an improvement, considering how it all started, dont you think? Pity it took so much pushing and dragging to get people to do the right thing. There is just one little step to go. It is can not be that hard, can it? >> * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]> >> * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> >> * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> >> [snip rest of BSD license] > > It's under a BSD license; what material difference does those two > lines make, for goodness sake? It's under a BSD license, so it's not > like anything won't be "given back". As a programmer, you sure would know what difference any "two lines" would make on your program. When it comes to law, you seem to lose that intuition. > Whether or not they have made > enough for changes is really a question for the lawyers, and may > differ from one jurisdiction to another > --- but whether or not they have now, or maybe will not make until later --- Well, they can add their names *anywhere* in the whole file, *except* these two lines. See, these lines have a whole different meaning when it comes to laws. When they make sufficient contribution, they sure can add their names. What is so difficult to understand here? I have seen some academic papers, where the first author did all the work, the second author is the professor who funded the work, and the remaining five "authors" are just coming along for a ride. You know what the difference is? The original author *allows* them to put their names as authors. Here, you are adding names, and say "why not". It is both unethical and illegal. > does it really make a > difference? Who gets hurt if someone gets they get a bit more credit > than they deserve? Certainly the most important thing is that Reyk is > given proper credit, right? As long as it is not a derived work, Reyk gets to decide who is in the copyright. Even if it is a derived work, it is polite to ask. If, at the beginning, Nick and Jiri, and others asked Reyk to be included in the Copyright for the adaptation work they did on the HAL. I do not believe he would have refused. I can not talk for him, but things would be have been resolved in a much nicer and positive way. Instead they chose to push Reyk for months to dual license his code, then attempted to change the whole license. Even now, when there is just a small issue left, people are still dragging and resisting. I am really disappointed by all this. I would have expected that once such a patch is suggested (let alone being committed to some public place) some senior/respected/responsible Linux person would tell them what they are doing is wrong. Right from the start. I now see this is not how things work around here. Senior developers are either too busy or reluctant to get their hands dirty. In OpenBSD, (which, I accept is a much smaller community) when one developer does something wrong, the clue stick is there to be used by one of the more experienced developers. Which means, issues are resolved quickly and with much less pain. Can -- In theory, there is no difference between theory and practice. But, in practice, there is.
Re: question on spamd blacklisted hosts
--- Darrin Chandler <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 10:30:45AM -0400, Juan Miscaro wrote: > > { This is a resend. No replies after 24 hours } > > > > Running OBSD 4.0 here. > > > > I was under the impression that spamd only did greylisting and > dynamic > > whitelisting. Static blacklisting available via spamd-setup (and > > pseudo-whitelisting; of some of those blacklisted hosts). > > > > But not dynamic blacklisting. > > It can also blacklist for 24 hours for spamtrap addresses. I'm not using the spamtrap feature. > > I occasionally get log messages like: > > > > spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> > > <[EMAIL PROTECTED]> > > > > I searched my spamdb table (static blacklist) and the IP address > above > > is not in there. > > > > What am I missing? > > You are missing a lot of detective work on your end, for starters. > > That IP address certainly isn't Microsoft. It's probably sent spam > under > different domains as well. It could have been in a blacklist via > spamd-setup, or one of your own spamtraps (if you're using them), or I know it's not Microsoft related. Yes, I'm trying to ascertain why it was seen as a blacklisted host when I cannot find this IP address in my pf spamd table. > > Search your spamd logs for that IP and you should see the > connect/disconnect lines that may show "lists: xxx" where "xxx" will > be > the list that it's on. If you are keeping logs long enough, or if you > catch this quick enough, you can also see the initial interaction. It's all there. I'm now trying to figure out why. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: question on spamd blacklisted hosts
--- Jacob Yocom-Piatt <[EMAIL PROTECTED]> wrote: > Juan Miscaro wrote: > > { This is a resend. No replies after 24 hours } > > > > Running OBSD 4.0 here. > > > > I was under the impression that spamd only did greylisting and > dynamic > > whitelisting. Static blacklisting available via spamd-setup (and > > pseudo-whitelisting; of some of those blacklisted hosts). > > > > But not dynamic blacklisting. > > > > I occasionally get log messages like: > > > > spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> > > <[EMAIL PROTECTED]> > > > > I searched my spamdb table (static blacklist) and the IP address > above > > is not in there. > > > > What am I missing? > > > > > > man spamd-setup > > search for spamd-setup in the spamd manpage Did that already. See my other replies to this thread. Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Define hosts lookup for pf.conf
It's telling you exactly what's wrong - you have not specified any code for the -e option. man perl: SYNOPSIS perl [ -sTuU ] [ -hv ] [ -V[:configvar] ] [ -cw ] [ -d[:debugger] ] [ -D[number/list] ] [ -pna ] [ -Fpattern ] [ -l[octal] ] [ -0[octal] ] [ -Idir ] [ -m[-]module ] [ -M[-]'module...' ] [ -P ] [ -S ] [ -x[dir] ] [ -i[extension] ] [ -e 'command' ] [ -- ] [ programfile ] [ argu- ment ]... In the code snippet I sent I specified some code that tried to pull in the Socket module (I just copied the first two perl lines of David's script): $ perl -e 'use strict; use Socket; print("hello\n");' perl -e on its own will raise the error you have seen. If a module is missing you will get something along the lines of: perl -e 'use no-such-module;' Can't locate no.pm in @INC (@INC contains: [cut blah-blah-blah]) at - e line 1. BEGIN failed--compilation aborted at -e line 1. But we are wandering well outside the realms of OpenBSD and into perl. Try http://www.perlmonks.org/ or http://www.perl.com/ as starting points. On 19/09/2007, at 3:21 AM, pichi wrote: The Socket module should also be there: $ perl -e 'use strict; use Socket; print("hello\n");' hello Thanks, I have perl installed: $perl -v $This is perl, v5.8.8 built for i386-openbsd but it looks like I dont have the socket module becuase when I do: $perl -e I get: $No code specified for -e. How can I add that module, and again, is is it safe for a publically accessable firewall? Many thanks from the newby, Pedro -- View this message in context: http://www.nabble.com/Define-hosts- lookup-for-pf.conf-tf4469900.html#a12759409 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBGPd Regular Expression
On Tue, Sep 18, 2007 at 12:25:02PM -0500, [EMAIL PROTECTED] wrote: > I saw from a thread a while back that putting as-path regular > expression support into OpenBGPd was being considered. I'm testing > out a 4.2 snapshot, and so far it doesn't seem to be there just yet. > > For various reasons, I'd like to be able to tweak prefixes based on > some specific as-path values a la Juniper. This kind of stuff: > > Criteria: Path whose second AS number must be 56 or 78. > Regular Expression: (. 56) | (. 78) or . (56|78) > Example Matches: 1234 56 and/or 34 78 > > http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html > > Anyone know if this is in the works? > Adding a better AS filter list is on my todo list since a long time. We will not implement a full regex -- cisco demonstrated once again why regex is a bad idea. Just a few thoughts. I do not like the | (or) operator. This can be written with two rules without any issues. I guess we will support +, ., - , ^ and $. -- :wq Claudio
Re: question on spamd blacklisted hosts
--- "Peter N. M. Hansteen" <[EMAIL PROTECTED]> wrote: > Juan Miscaro <[EMAIL PROTECTED]> writes: > > > { This is a resend. No replies after 24 hours } > > That could have been due to too little information. > > > Running OBSD 4.0 here. > > > > I was under the impression that spamd only did greylisting and > dynamic > > whitelisting. Static blacklisting available via spamd-setup (and > > pseudo-whitelisting; of some of those blacklisted hosts). > > I had to go back and check, but 4.0 has greytrapping. Are you > perhaps > using that in your setup? > > > I occasionally get log messages like: > > > > spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> > > <[EMAIL PROTECTED]> > > Well, one obvious deficiency here is that you cut out the timestamp. > If you're using either greytrapping or one of the more frequently > updated downloadable blaclists (such as Beck's from UoA), it's quite > possible that the address was in the blacklist at the time but its > entry expired. I _am_ using blacklists with spamd-setup and I _did_ check the blacklisted hosts immediately after seeing the message. Perhaps my command is messed up: sudo pfctl -t spamd -T show | grep 65.216.123.37 Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Wasting our Freedom
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote: > > [...] > > Petty, isn't it? Let's just say it's b.s. like this which is why, 16 > years ago, I decided to work with Linux instead of BSD. > Fortunately, no one seems to miss you so much in the BSD camp ;-) Gilles
Re: Wasting our Freedom
On Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso wrote: > On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote: > > Now if they'd fix the copyright message to only mention Reyk all would > > be good. > > It *does* mention Reyk, if you would bother to look. The thing which > Theo is kvetching about, and which apparently is enough to cause the > *BSD zombies to start attacking without actually _checking_ _for_ > _themselves_ is whether or not Jiri and Nick did enough to work so > they should have their names listed in the headers. In other words, > all of the megabytes and megabhytes of flamewar is over these two > lines: > > > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> Its simple; this is illegal. Those two fruitcakes didn't do jack and can therefore not claim copyright. Would be the same as me taking the linux kernel and adding myself to each file. I am pretty sure some people would be up in arms about that. > > Petty, isn't it? Let's just say it's b.s. like this which is why, 16 > years ago, I decided to work with Linux instead of BSD. I don't make the laws and I did not break any so you call it whatever you like. > > - Ted > > P.S. And yes, before those two lines is: > > > * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]> So what? you don't get a cookie for abiding the law. > > and after those two lines is the BSD permission notice. Where it belongs. Again you don't get a cookie for doing what you are supposed to do. Just like you don't get a cookie for taking care of your kids; you're supposed to do that.
OpenBGPd Regular Expression
I saw from a thread a while back that putting as-path regular expression support into OpenBGPd was being considered. I'm testing out a 4.2 snapshot, and so far it doesn't seem to be there just yet. For various reasons, I'd like to be able to tweak prefixes based on some specific as-path values a la Juniper. This kind of stuff: Criteria: Path whose second AS number must be 56 or 78. Regular Expression: (. 56) | (. 78) or . (56|78) Example Matches: 1234 56 and/or 34 78 http://www.juniper.net/techpubs/software/junos/junos74/swconfig74-policy/html/policy-extend-match-config3.html Anyone know if this is in the works?
Re: embedded device
Alberich de megres wrote: Hi, Can anyone pointme to a embedded device like soekris?, but i want one that performs fine using pf. Better if it have gigabits NICs but if not there's no problem. thanks! There are several by commell (commell.com.tw) The LE-564 and LE-565 have nice spec sheets. Cases for these are a little more problematic since I have not seen anyone selling these boards with a case. I would love to see a 1U case that fits two of these boards and two power supplies, for use with CARP and pfsync. /Jason
Re: OpenBSD Install Goal
> >>I hope one day soon OpenBSD will adopt a nice ncurses setup similar > >>to something like FreeBSD with ease to it. There is no _need_ for a "nice curses setup" - the current installer already "has ease to it"w, to put it mildly. In fact, OpenBSD's installer is the best I have met during my years-long career of a sysadmin. You are given a brand new machine; you bring your install CD; and after four minutes of using the standard tools (disklabel, fdisk, ifconfig, ...) you are already very familiar with, you have a fully working box, modulo afterboot. Jan
problems with ral0 and OBSD 4.0
Hello I have the following issue with ralink wireless card, acting in hostap mode > hardware: ral-rt2561s board acting as access point on a Soekris > Net4501, running OpenBSD 4.0. can't seem to make it work like it should, even with a 9dBi antenna the signal is very weak and much weaker than my old netgear AP. weak and unstable everything is set up correctly # dmesg | grep ral0 ral0 at pci0 dev 16 function 0 "Ralink RT2561S" rev 0x00: irq 10, address 00:12:0e:61:80:98 ral0: MAC/BBP RT2561C, RF RT5225 ral0: flags=8843 mtu 1500 lladdr 00:12:0e:61:80:98 media: IEEE802.11 autoselect hostap (autoselect mode 11a hostap) status: active ieee80211: nwid xxx chan 11 bssid 00:12:0e:61:80:98 nwkey 100dBm inet 192.168.x.x netmask 0xff00 broadcast 192.168.x.xxx inet6 fe80::212:eff:fe61:8098%ral0 prefixlen 64 scopeid 0x1 but it seems it's all working at very small % of its power. question is: is this a known bug in the driver?? or is there anything I could do to improve the situation? Thanks, Alessandro Soekris docs & rulesets http://sekureshell.altervista.org
Re: Wasting our Freedom
hmm, on Tue, Sep 18, 2007 at 08:56:47AM -0400, Theodore Tso said that > On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote: > > Now if they'd fix the copyright message to only mention Reyk all would > > be good. > > It *does* mention Reyk, if you would bother to look. The thing which the keyword is `only'. only = him and noone else (at the moment) > Theo is kvetching about, and which apparently is enough to cause the > *BSD zombies to start attacking without actually _checking_ _for_ > _themselves_ is whether or not Jiri and Nick did enough to work so > they should have their names listed in the headers. In other words, are you publicly stating that you have checked, and found the amount of work done justifying a (c) addition of not even one but 2 persons? > all of the megabytes and megabhytes of flamewar is over these two > lines: > > > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> > > Petty, isn't it? Let's just say it's b.s. like this which is why, 16 > years ago, I decided to work with Linux instead of BSD. so you don't mind if a couple of us go around adding say 10 lines of code to files you authored, and then put our copyrights under your name? good! i am glad to hear that. a bit of additional "undeserved credit" is always welcome anyway. would look good in my cv. it is not just a bit of undeserved credit. the (c) owners will be asked in the future regarding any legal aspects of the files they hold copyrights to. i don't think those 2 gentlemen have earned that yet. -f -- dum spiro spero -- as long as i breathe i hope
Re: Wasting our Freedom
On 9/18/07, Theodore Tso <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote: > > Now if they'd fix the copyright message to only mention Reyk all would > > be good. > > It *does* mention Reyk, if you would bother to look. The thing which > Theo is kvetching about, and which apparently is enough to cause the > *BSD zombies to start attacking without actually _checking_ _for_ > _themselves_ is whether or not Jiri and Nick did enough to work so > they should have their names listed in the headers. and did they really do enough? if those names shouldn't be there, why play childish games and insist on putting them in? > In other words, > all of the megabytes and megabhytes of flamewar is over these two > lines: > > > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> > > Petty, isn't it? and what so petty is there? who can show what those two added to the original work so that according to the law they are allowed to put their names in there? > Let's just say it's b.s. like this which is why, 16 > years ago, I decided to work with Linux instead of BSD. and who really cares about why you did this or did that? this OT sentence sounded like real childish BC. if you want to have fun while coding and share it with others - do it, if you want also to play contract games - do it; choose BSD or GPL and go with it. however, whatever you do you must respect laws. if the law says you can put your name in only if much of work is done, so it must be. there are no other variants. and everything will come back to you no matter whether it is good or bad. if you ignore laws using somebody's work, the same will be done to you one day. > - Ted > P.S. And yes, before those two lines is: > > > * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]> > > and after those two lines is the BSD permission notice. P.S. Let's just say that BC like that is why I decided to work with BSD instead of Linux 11 years ago.
Re: question on spamd blacklisted hosts
Juan Miscaro <[EMAIL PROTECTED]> writes: > { This is a resend. No replies after 24 hours } That could have been due to too little information. > Running OBSD 4.0 here. > > I was under the impression that spamd only did greylisting and dynamic > whitelisting. Static blacklisting available via spamd-setup (and > pseudo-whitelisting; of some of those blacklisted hosts). I had to go back and check, but 4.0 has greytrapping. Are you perhaps using that in your setup? > I occasionally get log messages like: > > spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> > <[EMAIL PROTECTED]> Well, one obvious deficiency here is that you cut out the timestamp. If you're using either greytrapping or one of the more frequently updated downloadable blaclists (such as Beck's from UoA), it's quite possible that the address was in the blacklist at the time but its entry expired. Also, at least if you're running with spamd -v, you should be able to find out which blacklist it mathched by grepping your spamd log for the IP address. For example, a moment's tail -f /var/log/spamd at one of my gateways turned up Sep 18 17:43:36 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL PROTECTED]> Then grep 212.8.32.8 /var/log/spamd yields several screenfuls, with one useful excerpt Sep 18 15:06:52 skapet spamd[20795]: 212.8.32.8: connected (8/8), lists: spamd-greytrap Sep 18 15:10:37 skapet spamd[20795]: (BLACK) 212.8.32.8: <> -> <[EMAIL PROTECTED]> Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: From: Mail Delivery Subsystem <[EMAIL PROTECTED]> Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: To: <[EMAIL PROTECTED]> Sep 18 15:12:20 skapet spamd[20795]: 212.8.32.8: Subject: Returned mail: User unknown Sep 18 15:13:21 skapet spamd[20795]: 212.8.32.8: disconnected after 389 seconds. lists: spamd-greytrap which shows in both connection and disconnection that it's one of the poor sods caught in my local greytrapping. And it's trying to deliver something or other to a largish subset of the addresses on my spamtrap list. Cheers, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Define hosts lookup for pf.conf
The Socket module should also be there: $ perl -e 'use strict; use Socket; print("hello\n");' hello Thanks, I have perl installed: $perl -v $This is perl, v5.8.8 built for i386-openbsd but it looks like I dont have the socket module becuase when I do: $perl -e I get: $No code specified for -e. How can I add that module, and again, is is it safe for a publically accessable firewall? Many thanks from the newby, Pedro -- View this message in context: http://www.nabble.com/Define-hosts-lookup-for-pf.conf-tf4469900.html#a12759409 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: question on spamd blacklisted hosts
On Tue, Sep 18, 2007 at 10:30:45AM -0400, Juan Miscaro wrote: > { This is a resend. No replies after 24 hours } > > Running OBSD 4.0 here. > > I was under the impression that spamd only did greylisting and dynamic > whitelisting. Static blacklisting available via spamd-setup (and > pseudo-whitelisting; of some of those blacklisted hosts). > > But not dynamic blacklisting. It can also blacklist for 24 hours for spamtrap addresses. > I occasionally get log messages like: > > spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> > <[EMAIL PROTECTED]> > > I searched my spamdb table (static blacklist) and the IP address above > is not in there. > > What am I missing? You are missing a lot of detective work on your end, for starters. That IP address certainly isn't Microsoft. It's probably sent spam under different domains as well. It could have been in a blacklist via spamd-setup, or one of your own spamtraps (if you're using them), or ... Search your spamd logs for that IP and you should see the connect/disconnect lines that may show "lists: xxx" where "xxx" will be the list that it's on. If you are keeping logs long enough, or if you catch this quick enough, you can also see the initial interaction. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: embedded device
On Sep 18, 2007, at 11:03 AM, "Tang Tse" <[EMAIL PROTECTED]> wrote: I had a soekis 4801 and pf performs only about 28Mb/s I think. I trying to set up a router for about 50-100 users and only with 28Mb/s i hadn't enought there's a big bottle neck. I general, i read that soekris devices are optimized for power consume/heat disipation not for performance. No reason not to keep this on-list. You should upgrade to 4.2. There were pf improvements at c2k7 that doubled performance on Soekris (~58Mbps). --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: question on spamd blacklisted hosts
Juan Miscaro wrote: { This is a resend. No replies after 24 hours } Running OBSD 4.0 here. I was under the impression that spamd only did greylisting and dynamic whitelisting. Static blacklisting available via spamd-setup (and pseudo-whitelisting; of some of those blacklisted hosts). But not dynamic blacklisting. I occasionally get log messages like: spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> I searched my spamdb table (static blacklist) and the IP address above is not in there. What am I missing? man spamd-setup search for spamd-setup in the spamd manpage cheers, jake -- Juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
font problems with vlc, only rectangles are shown
Hello, I'm a non-developer and amateur openbsd user. I'm running current on a test machine, it is my own build (release and xenocara) from \ 16.09.2007. I've installed vlc from ports. When I run the vlc application, I can't read the font. \ The vlc gui is displayed correctly but the font is replaced with a lot of rectangles \ as a result menus are unusable. Running vlc (0.8.6c) from the command line shows a lot of Pango-WARNING **: vlc:/usr/local/lib/vlc/codec/libquicktime_plugin.so: undefined symbol 'NewHandle Clear' (.:2694): Pango-WARNING **: File not found (.:2694): Pango-WARNING **: Failed to load Pango module '/usr/local/lib/pango/1. 5.0/modules/pango-basic-fc.so' for id 'BasicScriptEngineFc' (.:2694): Pango-WARNING **: File not found (.:2694): Pango-WARNING **: File not found (.:2694): Pango-WARNING **: pango_shape called with bad font, expect ugly output (.:2694): Pango-WARNING **: pango_font_get_glyph_extents called with null font a rgument, expect ugly output (.:2694): Pango-WARNING **: pango_font_get_metrics called with null font argumen t, expect ugly output (.:2694): Pango-WARNING **: _pango_cairo_font_install called with bad font, expe ct ugly output I never had problems with that before, could someone tell me what is wrong please? Did I do some error at some installation point? "pkg_info pango-1.16.5" shows that mozilla-firefox-2.0.0.6 and seamonkey uses it too, \ but they work just fine?! Thank you very much for helping! Kind regards Didier
question on spamd blacklisted hosts
{ This is a resend. No replies after 24 hours } Running OBSD 4.0 here. I was under the impression that spamd only did greylisting and dynamic whitelisting. Static blacklisting available via spamd-setup (and pseudo-whitelisting; of some of those blacklisted hosts). But not dynamic blacklisting. I occasionally get log messages like: spamd[12128]: (BLACK) 65.216.123.37: <[EMAIL PROTECTED]> -> <[EMAIL PROTECTED]> I searched my spamdb table (static blacklist) and the IP address above is not in there. What am I missing? -- Juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Problem with Intel 4-port NIC
On 2007/09/18 16:00, Michel Le Cocq wrote: > I don't understand what you have done to make it working. Forced the pci-x slot to 66MHz.
New port wanted : Debian/Ubuntu's apt-cacher
I'm helping to set up a couple labs where there are (apparently intentional) networking problems. However, locally the connectivity is fine. Since a fair number workstation activities will be centered around Debian and Ubuntu and in order to get usable speeds, packages have to be cached with apt-cacher: http://packages.debian.org/stable/net/apt-cacher However, for what I hope are obvious reasons, I would prefer to run this on OpenBSD. Has any one already ported this, started to port this, or have recommendations about how to start? To further complicate it, I prioritize Apache2 over 1.3x Regards,
Re: Wasting our Freedom
hmm, on Mon, Sep 17, 2007 at 05:08:46AM -0700, David Schwartz said that > > As said above, the accusations, if you read them correctly, were not > > wrong, but spot on right. Unless someone proves that dual-licensing as > > in "you may follow terms A or terms B at your choice" implicitly implies > > being allowed to remove A altogether should you choose B. > > You are confusing licenses with license notices. The GPL says you must keep > GPL license notices intact. Otherwise, it gives you complete freedom to > modify. This means that if you choose the GPL, you gain (from the GPL) the > right to remove the BSD license *NOTICE*. > > This has no effect on anyone's substantive rights though. Removing license > notices has no effect on actual licenses. but how do i know i have a bsd licensed file if the license notice has been removed from it? i know copyright applies to a file which has no (c) line in it, because it's implicit. but licenses are not implicit, are they? -f -- treat each day as your last, one day you will be right.
Re: Problem with Intel 4-port NIC
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I don't understand what you have done to make it working. Michel Stuart Henderson a icrit : > On 2007/09/17 13:43, slug bait wrote: >> Bingo! I figured out that it was a problem with the checksum >> offloading shortly after my original email but I had NO clue how >> to fix it. > > it's not actually caused by offloading, but offloading means that > transfers from the nic to the motherboard aren't protected by the > standard network checksums, so they pass through to userland with > bad data (rather than getting rejected in the network stack). > >> Everything is working now and I hope I NEVER have to open these >> 1U cases again. Jamming the SATA connectors back in after >> they're covered by the NIC makes me cry. ;) > > (-: Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG79oOtdSucJnea0gRAsaMAKCdvKulvxo4JPndp4V5cZjJQ1MLWACfW3rq EBcu4J1GKfqdO2Ht2ZDDI8M= =IevH -END PGP SIGNATURE-
Re: creating a vpn tunnel to all
Chris Bullock wrote: > Background: > We are using Metro Ethernet to connect several sites to our main office. In > order to save money the telco has a couple of sites riding the same vlan > coming into us. One of these sites is one of our remote offices and the > other is a competing office. > > Problem: > Since we are on the vlan there is no way I can route without the possibility > of someone running a sniffer and sniffing my packets, so my goal is I want > all my traffic from my remote office to come through my main office even > Internet. To map this tunnel using isakmpd would I just create a tunnel to > 0.0.0.0? > Regards, > Chris > Setup VPN between the remote offices and your main site. Aggregate all the traffic to your main site where you have internet connectivity using an IGP or static routes. Should solve your ethernet snooping-problem. /Jonas
Re: Simple startup daemon's on boot question?
On 03:25 Tue 18 Sep , Jake Conk wrote: > What do you mean that you put OpenVPN into your hostname.if? Can your > hostname.if file contain sh script code? If so is that true also with > something like hostname.fxp0? My hostname.ral0: inet 10.10.1.1 255.255.255.0 NONE media autoselect mediaopt hostap mode 11g nwid my_net chan 5 !/usr/local/sbin/openvpn --cd /etc/openvpn --daemon --config server.conf > Also, what do you mean by use ps? Well, you can see if it's running and which pid it has... not very verbose, but it depends on what information you want to get. Bye, Julian
Re: Wasting our Freedom
On Tue, Sep 18, 2007 at 06:29:48AM -0500, Marco Peereboom wrote: > Now if they'd fix the copyright message to only mention Reyk all would > be good. It *does* mention Reyk, if you would bother to look. The thing which Theo is kvetching about, and which apparently is enough to cause the *BSD zombies to start attacking without actually _checking_ _for_ _themselves_ is whether or not Jiri and Nick did enough to work so they should have their names listed in the headers. In other words, all of the megabytes and megabhytes of flamewar is over these two lines: > * Copyright (c) 2006-2007 Nick Kossifidis <[EMAIL PROTECTED]> > * Copyright (c) 2007 Jiri Slaby <[EMAIL PROTECTED]> Petty, isn't it? Let's just say it's b.s. like this which is why, 16 years ago, I decided to work with Linux instead of BSD. - Ted P.S. And yes, before those two lines is: > * Copyright (c) 2004-2007 Reyk Floeter <[EMAIL PROTECTED]> and after those two lines is the BSD permission notice.
TCP Bandwidth Delay Product
Hello, I was wondering if OpenBSD had this feature which FreeBSD and NetBSD both have which improve my tcp throughput. I was able to configure it using sysctl net.tcp.inflight.* Here is a piece from the FreeBSD website: "The TCP Bandwidth Delay Product Limiting is similar to TCP/Vegas in NetBSD. It can be enabled by setting net.inet.tcp.inflight.enable sysctl variable to 1. The system will attempt to calculate the bandwidth delay product for each connection and limit the amount of data queued to the network to just the amount required to maintain optimum throughput." Thanks, - Jake
Re: Wasting our Bandwidth
That's it; that easy. On Tue, Sep 18, 2007 at 02:04:46PM +0200, Xavier Bestel wrote: > Le mardi 18 septembre 2007 ` 06:29 -0500, Marco Peereboom a icrit : > > Now if they'd fix the copyright message to only mention Reyk all would > > be good. > > All this mess so easily solved ? Too good to be true. > > Xav
Re: Wasting our Freedom
On Tue, 18 Sep 2007, Bodo Eggert wrote: > Paul de Weerd <[EMAIL PROTECTED]> wrote: >> On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote: > >> | It's not about lazyness of BSD developers, many people who consider the >> | BSD licence more free than the GPL argue that the advantage of the BSD >> | licence is that it does not require you to give back. >> | >> | Something is wrong if your licence text clearly states that you do not >> | require getting anything back but you then argue on moral grounds that >> | something has to be given back. >> >> Something is wrong if your licence text clearly states that you MUST >> give back, but then you don't return the favour on grounds that "hey, >> they don't require it, so we don't have to". > > If you may demand me to give back, why should I(*) not demand the same thing > for my contributions? > > You're not only asking to contribute to your project, but you're asking me > to throw my code to the feet of Apple amd Microsoft, who will user it, make > big bucks and lock out alternatives as far as possible, especially free ones. > This happens to not be my idea of sharing code. > > You may say it's morally correct for them because they never claimed they'd > not suck your blood, but did the GPL people claim not to demand others to > give back? Au contrair, and if it's OK for companies to do what they say > they would, it will be OK for them and for me, too. > > > *) I did not yet work on a BSD licensed project, but let's asume I did > >> It may be perfectly legal, but it's "interesting" to say the least. >> No, you do not have to give back. But weren't you open source / free >> software developers ? Why did you pick the GPL ? Because you didn't >> want someone to run of with your code ? You wanted code to be given >> back ? Why not do it yourself ? > >> By not giving back you're giving a strange signal. > > Gee, since you're demanding back anyway, you can use the GPL for your > project and use my contribution. Problem solved. > > Oh, you want people to be free not to share? Freedom includes having the > moral right to do something. Am I free not to share? Or is this "freedom" > just an empty shell? > > -- > Funny quotes: > 36. You never really learn to swear until you learn to drive. > > Fri_, Spammer: [EMAIL PROTECTED] [EMAIL PROTECTED] > - How about [EMAIL PROTECTED] Cheers, Dick Johnson Penguin : Linux version 2.6.22.1 on an i686 machine (5588.30 BogoMips). My book : http://www.AbominableFirebug.com/ _ The information transmitted in this message is confidential and may be privileged. Any review, retransmission, dissemination, or other use of this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient, please notify Analogic Corporation immediately - by replying to this message or by sending an email to [EMAIL PROTECTED] - and destroy all copies of this information, including any attachments, without reading or disclosing them. Thank you.
Re: Wasting our Bandwidth
Le mardi 18 septembre 2007 ` 06:29 -0500, Marco Peereboom a icrit : > Now if they'd fix the copyright message to only mention Reyk all would > be good. All this mess so easily solved ? Too good to be true. Xav
Re: Wasting our Freedom
On Sep 18, 2007, at 7:16 AM, Bodo Eggert wrote: Paul de Weerd <[EMAIL PROTECTED]> wrote: On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote: | It's not about lazyness of BSD developers, many people who consider the | BSD licence more free than the GPL argue that the advantage of the BSD | licence is that it does not require you to give back. | | Something is wrong if your licence text clearly states that you do not | require getting anything back but you then argue on moral grounds that | something has to be given back. Something is wrong if your licence text clearly states that you MUST give back, but then you don't return the favour on grounds that "hey, they don't require it, so we don't have to". If you may demand me to give back, why should I(*) not demand the same thing for my contributions? You're not only asking to contribute to your project, but you're asking me to throw my code to the feet of Apple amd Microsoft, who will user it, make big bucks and lock out alternatives as far as possible, especially free ones. This happens to not be my idea of sharing code. Here we go again with the "Evil Corporation". What exactly have they "lock[ed] out"? How have they magically stopped you from distributing your "free" code? Are you somehow able to make "big bucks" on your own with the GPL that you wouldn't have otherwise been able to under the BSD? If so, please let me know. I want big bucks too! --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: embedded device
On Sep 18, 2007, at 7:09 AM, Alberich de megres wrote: Hi, Can anyone pointme to a embedded device like soekris?, but i want one that performs fine using pf. Better if it have gigabits NICs but if not there's no problem. We can't make a recommendation if you don't tell us what your performance requirements are. The Soekris are fine for general pf use. The newer 5501's are presumably faster, although I haven't seen any benchmarks to date. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: Wasting our Freedom
Now if they'd fix the copyright message to only mention Reyk all would be good. On Tue, Sep 18, 2007 at 11:00:13AM +0200, Henning Brauer wrote: > * Theodore Tso <[EMAIL PROTECTED]> [2007-09-17 23:04]: > > Number 2, if you take a look at their latest set of changes (which > > have still not been accepted), the HAL code is under a pure BSD > > license (ath5k_hw.c). Other portions are dual licensed, but not the > > HAL > > if that is true and stays that way - excellenty! > > -- > Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] > BS Web Services, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Wasting our Freedom
Jacob Meuser wrote: On Mon, Sep 17, 2007 at 09:47:43AM +0200, Helge Hafting wrote: Your problem seems to be with the BSD licence, and the power to alter that licence lies in the BSD community. I hope you can understand that this mentality is _exactly_ what has some in the BSD community so upset. First, note that I am not really a linux developer as my only contributions to linux are testing. But it really looks like bsd people are more unhappy with their licence than linux people. You can ask linux developers to keep the bsd licence - and the request is not unreasonable. Nobody is forced to give back, so some people choose not to. Some of these have a "GPL" agenda, some have a commercial agenda. I am sure some developers are willing to "give back" bsd code, but you can't do anything about those who don't. You don't want to have code "locked up" with GPL, these developers don't want their code improvements "locked up" in proprietary products. So - either you will have to accept the current situation, or adjust the BSD licence to cope with this. when I see the linux community start to take credit for works they did not create and I see the linux community respond to warnings Taking credit for the works of others is wrong of course, no matter what licence is involved. that people in the community are going overboard and jeopardizing the linux community, which we do all benefit from, with a more or less "whatever" attitude, it makes me sad. it would be like losing a friend. I don't like losing friends, so I get vocal. I don't understand why the linux community can't seem to say, "We can accept BSD licensed code. There's no need to add the GPL to it." and maybe even, "Although we strongly prefer the GPL, respect for other licenses is every bit as important as respect for the GPL." Good points. But note that the linux community is divided on this, as on many other issues. And there is nothing to do about those who disagree. I could be wrong, but I strongly believe that if the above was truly accepted and believed by the community, the actions that started and spread this whole debacle^Wdebate would not have happened in the first place. My impression is that the actions that started the debate was an unauthorized (possibly illegal) change that the linux community also rejected. With that problem solved, the debate turned to gpl/bsd licencing issues. look, the GPL legally forces others to keep the same license. the BSD community is asking the linux community do the same. and when the linux community refuses, what do you expect the recourse to be? Clearly, there is the risk of less cooperation. Or some kind of licencing scheme that makes sure that code with bsd origin always can go back into bsd as long as it stays open. That would solve the problem - if such a scheme is possible. Helge Hafting
Re: Wasting our Freedom
Paul de Weerd <[EMAIL PROTECTED]> wrote: > On Mon, Sep 17, 2007 at 03:38:45PM +0200, Adrian Bunk wrote: > | It's not about lazyness of BSD developers, many people who consider the > | BSD licence more free than the GPL argue that the advantage of the BSD > | licence is that it does not require you to give back. > | > | Something is wrong if your licence text clearly states that you do not > | require getting anything back but you then argue on moral grounds that > | something has to be given back. > > Something is wrong if your licence text clearly states that you MUST > give back, but then you don't return the favour on grounds that "hey, > they don't require it, so we don't have to". If you may demand me to give back, why should I(*) not demand the same thing for my contributions? You're not only asking to contribute to your project, but you're asking me to throw my code to the feet of Apple amd Microsoft, who will user it, make big bucks and lock out alternatives as far as possible, especially free ones. This happens to not be my idea of sharing code. You may say it's morally correct for them because they never claimed they'd not suck your blood, but did the GPL people claim not to demand others to give back? Au contrair, and if it's OK for companies to do what they say they would, it will be OK for them and for me, too. *) I did not yet work on a BSD licensed project, but let's asume I did > It may be perfectly legal, but it's "interesting" to say the least. > No, you do not have to give back. But weren't you open source / free > software developers ? Why did you pick the GPL ? Because you didn't > want someone to run of with your code ? You wanted code to be given > back ? Why not do it yourself ? > By not giving back you're giving a strange signal. Gee, since you're demanding back anyway, you can use the GPL for your project and use my contribution. Problem solved. Oh, you want people to be free not to share? Freedom includes having the moral right to do something. Am I free not to share? Or is this "freedom" just an empty shell? -- Funny quotes: 36. You never really learn to swear until you learn to drive. Fri_, Spammer: [EMAIL PROTECTED] [EMAIL PROTECTED]
embedded device
Hi, Can anyone pointme to a embedded device like soekris?, but i want one that performs fine using pf. Better if it have gigabits NICs but if not there's no problem. thanks!
creating a vpn tunnel to all
Background: We are using Metro Ethernet to connect several sites to our main office. In order to save money the telco has a couple of sites riding the same vlan coming into us. One of these sites is one of our remote offices and the other is a competing office. Problem: Since we are on the vlan there is no way I can route without the possibility of someone running a sniffer and sniffing my packets, so my goal is I want all my traffic from my remote office to come through my main office even Internet. To map this tunnel using isakmpd would I just create a tunnel to 0.0.0.0? Regards, Chris
Re: Simple startup daemon's on boot question?
On Tue, Sep 18, 2007 at 03:25:56AM -0700, Jake Conk wrote: > Julian, > > What do you mean that you put OpenVPN into your hostname.if? Can your > hostname.if file contain sh script code? If so is that true also with > something like hostname.fxp0? > This is from hostname.if(5) !command-line Arbitrary shell commands can be executed using this direc- tive. Useful for doing interface specific configuration such as setting up custom routes using route(8) or estab- lishing tunnels using ifconfig(8). It is worth noting that ``\$if'' in a command line will be replaced by the inter- face name. Gilles -- On 9/15/07, Richard Stallman <[EMAIL PROTECTED]> wrote: > Please omit me from the cc list on these messages.
Re: Simple startup daemon's on boot question?
Jake Conk wrote: Julian, What do you mean that you put OpenVPN into your hostname.if? Can your hostname.if file contain sh script code? $ man hostname.if See the section on !command-line Also, what do you mean by use ps? $ man ps
Re: Simple startup daemon's on boot question?
Julian, What do you mean that you put OpenVPN into your hostname.if? Can your hostname.if file contain sh script code? If so is that true also with something like hostname.fxp0? Also, what do you mean by use ps? Thanks, - Jake On 9/18/07, Julian Leyh <[EMAIL PROTECTED]> wrote: > On 02:05 Tue 18 Sep , Jake Conk wrote: > > Hello, > > > > Simple noob question... I've installed a few packages (ie nrpe2 and > > openvpn) that on other systems like Linux and even BSD based systems > > such as FreeBSD provide means of a rc script which can start and stop > > the service and you can configure this script to be executed on boot. > > > > After installing these packages on OpenBSD I've listed the package > > contents and don't notice any equivalent files that would do this. Are > > we supposed to write our own startup scripts and place them in > > /etc/rc.local to be executed when the system boots? > > Yes.. Some packages even give you an example how to put it in your > rc.local. > > As for OpenVPN, I put it into my hostname.if, to have it start whenever > the interface is started at boot time. > > > Does OpenBSD not > > use rc scripts that start/stop/restart/ and status applications? > > no, use rc.local and ps ;) > > > > > Thanks, > > - Jake > > > > You're welcome, > Julian
Re: bgpd usage
On 9/17/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > * Gregory Edigarov <[EMAIL PROTECTED]> [2007-09-17 17:12]: > > Just a pure interest: has somebody bgpd in production for, say, 2 or 3 > > fullview routing? I have 6 routers with bgpd but they are IBGP, and > > therefore does not do fullview routing. > > there are many way bigger installations than that. > > I have multiple full feeds myself as well. I run it in the lab to feed prefixes to our CRS-1/GSR/7600 boxes, lots of prefixes, with exception for some politician making decisions the thing is great. Had it up and running in a minute or two. And it is fast, even on not so fast hardware,
Re: Simple startup daemon's on boot question?
On 02:05 Tue 18 Sep , Jake Conk wrote: > Hello, > > Simple noob question... I've installed a few packages (ie nrpe2 and > openvpn) that on other systems like Linux and even BSD based systems > such as FreeBSD provide means of a rc script which can start and stop > the service and you can configure this script to be executed on boot. > > After installing these packages on OpenBSD I've listed the package > contents and don't notice any equivalent files that would do this. Are > we supposed to write our own startup scripts and place them in > /etc/rc.local to be executed when the system boots? Yes.. Some packages even give you an example how to put it in your rc.local. As for OpenVPN, I put it into my hostname.if, to have it start whenever the interface is started at boot time. > Does OpenBSD not > use rc scripts that start/stop/restart/ and status applications? no, use rc.local and ps ;) > > Thanks, > - Jake > You're welcome, Julian
Re: Mini PCI card for hostap mode
On 14:49 Mon 17 Sep , Karsten McMinn wrote: > On 9/17/07, Steve B <[EMAIL PROTECTED]> wrote: > > Can anyone recommend a vendor that carries mini PCI > > cards that support hostap mode under OpenBSD? > > man (4) ral is a good place to start. I bought a MSI MN54G > recently which worked. I prefer ral(4), too. In my laptop a MSI MP54G5, same in my soekris net5501, and in my net4801 the one I got with it from Wim, don't know which one exactly it is. regards, Julian
Re: Creating bridge problem
On 2007/09/18 11:33, Julian Leyh wrote: > On 03:38 Sat 15 Sep , Jake Conk wrote: > > ifconfig bridge0 add fxp1 > > it's brconfig, not ifconfig. well spotted. On 2007/09/17 19:03, Jake Conk wrote: > > > And it just hangs pretty much forever until i Ctrl-C it... If I put in > > > my /etc/hostname.bridge0 file... and that's bridgename.bridge0
Re: Simple startup daemon's on boot question?
On 2007/09/18 02:05, Jake Conk wrote: > After installing these packages on OpenBSD I've listed the package > contents and don't notice any equivalent files that would do this. Are > we supposed to write our own startup scripts and place them in > /etc/rc.local to be executed when the system boots? Does OpenBSD not > use rc scripts that start/stop/restart/ and status applications? correct; it is common for packages to display instructions about this when they're installed, especially if it's more complex than just "start the daemon if the file is executable". ports/packages include some software which some people use for this (e.g. monit, runit, maybe some others) but adding to rc.local is the standard way.
Re: Creating bridge problem
On 03:38 Sat 15 Sep , Jake Conk wrote: > ifconfig bridge0 add fxp1 it's brconfig, not ifconfig.
Re: Simple startup daemon's on boot question?
Jake Conk wrote: After installing these packages on OpenBSD I've listed the package contents and don't notice any equivalent files that would do this. Are we supposed to write our own startup scripts and place them in /etc/rc.local to be executed when the system boots? Does OpenBSD not use rc scripts that start/stop/restart/ and status applications? http://www.openbsd.org/faq/faq10.html#rc The package install scripts often advise boot up suggestions, (which you can script), or point to readme files. Then call them from /etc/rc.local and /etc/rc.shutdown, some are so simple that a script is not needed, e.g: echo -n ' squid' /usr/local/sbin/squid echo -n ' dovecot' /usr/local/sbin/dovecot echo -n ' mailman' nice -n 18 /usr/local/lib/mailman/bin/mailmanctl -s -q start What I do is create /usr/local/site and put my local site scripts somewhere in there. echo -n ' viagrad' su -m _viagrad /usr/local/site/libexec/viagrad/viagrad start echo -n ' mailgraph' /usr/local/site/sbin/mailgraphctl start > /dev/null
Re: Simple startup daemon's on boot question?
On 9/18/07, Jake Conk <[EMAIL PROTECTED]> wrote: > Are we supposed to write our own startup scripts and place them in > /etc/rc.local to be executed when the system boots? Yes. > Does OpenBSD not use rc scripts that start/stop/restart/ and > status applications? No but you can install something like freedt or runit from ports to get those features. --- Lars Hansson
Simple startup daemon's on boot question?
Hello, Simple noob question... I've installed a few packages (ie nrpe2 and openvpn) that on other systems like Linux and even BSD based systems such as FreeBSD provide means of a rc script which can start and stop the service and you can configure this script to be executed on boot. After installing these packages on OpenBSD I've listed the package contents and don't notice any equivalent files that would do this. Are we supposed to write our own startup scripts and place them in /etc/rc.local to be executed when the system boots? Does OpenBSD not use rc scripts that start/stop/restart/ and status applications? Thanks, - Jake
Re: Wasting our Freedom
* Theodore Tso <[EMAIL PROTECTED]> [2007-09-17 23:04]: > Number 2, if you take a look at their latest set of changes (which > have still not been accepted), the HAL code is under a pure BSD > license (ath5k_hw.c). Other portions are dual licensed, but not the > HAL if that is true and stays that way - excellenty! -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
Re: Define hosts lookup for pf.conf
For question 1: perl should be part of the base install. From a 4.1 box, base install, NO X, packages installed, etc. $ perl -v This is perl, v5.8.8 built for i386-openbsd [cut] The Socket module should also be there: $ perl -e 'use strict; use Socket; print("hello\n");' hello For question 2: You will need wiser heads than mine. But I'm pretty sure the answer will be along the lines of "it depends" - there's danger getting out of bed and crossing the road ... On 18/09/2007, at 6:35 PM, pichi wrote: Dave, Thanks so much for your help. I have never touched perl but I will give it a try. Still, I have other questiones: 1. What software will I need to install on the firewalll in order for this script to work? 2. Is there any danger in having this kind of software on a publically accessable firewall? Muchas Gracias, Pedro Granada Spain -- View this message in context: http://www.nabble.com/Define-hosts- lookup-for-pf.conf-tf4469900.html#a12750872 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: samba performance redux
On Mon, Sep 17, 2007 at 09:04:41PM -0500, Jacob Yocom-Piatt wrote: > am having trouble getting samba on my 4.1-release machine to deliver > more than 3-7 MBps transfer speed. this is horribly slow, even on 100 > Mbps, and i'm hoping there are folks out there who can assist me in > tuning this properly. > > the following is set in smb.conf > > read raw = yes > write raw = yes > oplocks = yes > max xmit = 65535 > dead time = 15 > getwd cache = yes > > ... > > socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=8192 SO_RCVBUF=8192 > > besides this it's entirely default. > TCP_NODELAY is a bad idea, it should only be used on interactive tcp sessions like ssh or telnet. SO_SNDBUF=8192 SO_RCVBUF=8192 if this is in bytes than you are halving the default buffer size. Depending on the bandwith delay product you may need more than 8k (even the OpenBSD 16k are to small in many cases). Not sure if this helps getting more performance out of your system but that's the most obvious things I have seen right now. -- :wq Claudio
Re: : sudo & wheel group
On Mon, Sep 17, 2007 at 10:49:04AM -0400, Woodchuck wrote: > On Mon, 17 Sep 2007, Chris wrote: > > > On 9/17/07, Darrin Chandler <[EMAIL PROTECTED]> wrote: > > > problem is. This is why people keep asking you to explain the problem > > > more. > > > > Sorry for being vague. Ok, I have these in /etc/sudoers for joeuser. > > joeuser is also in the wheel group. > > > > joeuser server = NOPASSWD: /sbin/mount, /usr/libexec/locate.updatedb > > mount can be leveraged to full root. > > > joeuser server = NOPASSWD: /usr/local/bin/vim /var/www/conf/httpd.conf > > joeuser server = NOPASSWD: /usr/local/bin/vim /etc/rc.local > > Both of these commands, if done with vi, probably allow joe to > launch a root shell, ex command :!sh I don't think vim has any > better protections. > I just want to remind about for editing files you can use 'sudoedit' entries. That way you can run any editor, and it runs on a temporary copy of the target file, and the result is copied to the target with the right permissions afterwords. Executing shells from e.g vim is no longer a security hole. It is all in the man pages sudo(8) and sudoers(5). -- / Raimo Niskanen, Erlang/OTP, Ericsson AB