Re: [Newbie] OpenBSD HTTP proxy

[Peter N. M. Hansteen]

Tony Bruguier [EMAIL PROTECTED] writes:

 First, thanks for all the help so far. It seems that I have downloaded and
 installed the 4.2 version even though it is not supposed to be available
 yet. Here's the link:
 ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/cd42.iso

that is a -current snapshot, some increments after 4.2-release.

 I tried to install the squid for the 4.1 version but it does not work. 

If you run snapshots, you need to install the snapshot packages,
available from very close to where you found the files for the main
install.  Library mismatches and the like are expected when you mix
versions.

 Please note that the same problem occurs with other packages.

That's to be expected.  

 1) Have I downloaded the right version? 

Until November 1st or thereabouts, the latest stable version is 4.1.
The only way to get 4.2 at the moment is via CD preorder (I got my
first 4.2 set on Saturday)[1].  So if you want to get started right
away with a stable, supported version, 4.1 is the one you want.
Upgrading to the next release is usually a matter of about 20 minutes
plus installing packages (anything from zero minutes to well, a lot),
could be quicker if you know what you're doing.

[1] http://www.flickr.com/photos/[EMAIL PROTECTED]/sets/72157602288617389/

 2) If it is the right version, can I expect the squid (and other) packages
 to be updated by 11/1/07? I can afford to wait a few weeks, but if it's
 more, I'd rather switch to 4.1.

when 4.2 becomes available, it will come with updated packages.  

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Encrypting home partition

[Alexey Vatchenko]

On 2007-10-08, Nick Guenther [EMAIL PROTECTED] wrote:
 So you mean you have a /home partition, which contains an encrypted
 image, and then you mount the encrypted image over top of your /home?
 Because that's what I was thinking / what I think is being asked about.

I have /home partition. I have user.
In /home/user i have image file. When user logs in he (me) does the
following:
$ sudo mnt.sh
$ exec ksh -l

After ``mnt.sh'' content of user's homedir is substituted because
encrypted image is mounted over it.

$ df | grep home
/dev/sd0g 41280412   8194480  3102191221%/home
/dev/svnd0c8057980   6231232   142385281%/home/user

Mnt.sh script does the following:
 - vnconfig
 - fsck
 - mount

-- 
Alexey Vatchenko
http://www.bsdua.org
E-mail: [EMAIL PROTECTED]
JID: [EMAIL PROTECTED]

Re: [Newbie] OpenBSD HTTP proxy

[Craig Skinner]

Siju George wrote:

On 10/9/07, Lars Noodin [EMAIL PROTECTED] wrote:

Tony Bruguier wrote:
...

I would like to install an HTTP proxy.

...

Squid is recommended.  Read the directions carefully and you will have
to make one or two changes to the configuration.


Absolutely. Some folk use apache to proxy, it is in base.



Have squid listen localhost and then tunnel to get to it.



Rubbish. What a piece of nonsense. Ridiculous. Why secure plain http 
traffic?


Have squid listen on on the public interface on the usual port of 3128 
and either:


*) use authpf to grant access to the port

OR

*) set up authentication in squid, so your oriental luser has to login 
to squid. Search for auth_param in /etc/squid/squid.conf and take it 
from there. Kinda like htaccess for apache.



If you are worried about squid, run it chroot. Easy to do, if anyone 
wants to know, I'll post back about this.




I make squid listen on 127.0.0.1 port 8080 in the squid configuration
file by editing

==
http_port 127.0.0.1:8080
===

the in pf.conf I use this redirection rule

=
rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080
=

Now people on the network will have to configure in their browser the
$int_if IP address and port 8080 for proxy settings.



Rubbish. This is pathetic and displays total ignorance of fundamental 
networking protocols, esp WPAD: web proxy auto discovery


Have squid listen on the internal interface at the *standard* port of 3128.

Block (return) *all* access from the LAN to the Internet, disable NAT. 
If you use NAT, what on earth is the point of using an application layer 
proxy? Permit the LAN to access ports 3128, www, domain, submission,  
bootps on your dhcp, squid  mail gateway host, but do not redirect or 
forward.


If you are going to use an app, be man enough to have it listen on the 
correct interface. You gain nothing by running it on the loopback and 
then using a packet filter to redirect packets to it. What a waste of time.




Set up /etc/dhcpd.conf like something like this:

option  domain-name example.org;
option  domain-name-servers 192.168.1.1;

# http://www.wlug.org.nz/WPAD
option option-252   http://wpad/wpad.dat\n;;

#http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server

option  ip-forwarding off;
option  ntp-servers 192.168.1.1;
option  smtp-server 192.168.1.1;
option  www-server 192.168.1.1;

max-lease-time 14400;
default-lease-time 7200;

shared-network LOCAL-NET {

subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
range 192.168.1.50 192.168.1.250;
}
}




Set up /var/named/master/example.org like this:

$TTL 2D ; client caching [RFC 1035]

@   SOA (
ns  ; master name server
hostmaster  ; zone maintainer's email [RFC 2142]
2007100100  ; serial, todays date + todays serial #
1D  ; refresh
2H  ; retry
5W  ; expire
2D ); client negative caching [RFC 2308]

NS  ns
MX  10  smtp

puffy   A   192.168.1.1
ns  A   192.168.1.1
smtpA   192.168.1.1
wpadCNAME   puffy
ntp CNAME   puffy
imapCNAME   puffy
wikiCNAME   puffy
squid   CNAME   puffy
localhost   A   127.0.0.1
$GENERATE 50-200192-168-1-$.dhcp  A   192.168.1.$



Distribute a wpad file to the LAN from apache:


$ ls -l /var/www/users/wpad/{proxy.pac,wpad.dat}
-r--r--r--  1 wpad  wpad  .. /var/www/users/wpad/proxy.pac
lrwxr-xr-x  1 wpad  wpad  .. /var/www/users/wpad/wpad.dat@ - proxy.pac

$ cat /var/www/users/wpad/wpad.dat
// http://www.wlug.org.nz/WPAD
//http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html#dnsDomainIs
// http://www.deckle.co.za/squid-users-guide/Browser_Configuration
//http://homepages.tesco.net/J.deBoynePollard/FGA/web-browser-auto-proxy-configuration.html
// http://nscsysop.hypermart.net/setproxy.html
// http://www.squid-cache.org/Doc/FAQ/FAQ-5.html
function FindProxyForURL(url,host)
{
  if (isInNet(host, 192.168.1.0, 255.255.255.0))
  {
return DIRECT;
  }

  return PROXY squid:3128;
}


$ cat /var/www/users/wpad/index.html
html
  body
p
  Set your browser to Auto detect proxy settings for this network
/p
  /body
/html


In /var/www/conf/httpd.conf:

VirtualHost *
RewriteEngine   On
RewriteCond %{HTTP_HOST}  !^puffy.example.org$ [NC]
RewriteCond 

OpenBSD 4.2 CDs arrive safely in India

[Siju George]

Hi,

I was a bit anxious about it but the 4.2 CDs arrived just now.
In tact :-)

Thank you so much

Kind Regards

Siju

Re: [Newbie] OpenBSD HTTP proxy

[Lars Noodén]

Craig Skinner wrote:
...
 Rubbish. What a piece of nonsense. Ridiculous. Why secure plain http
 traffic?

Refer to the original question.  The implication was evading the Great
Firewall of China.  For that, a tunnel is probably advisable.

There is of course no technical requirement that there be a tunnel.

-Lars

Re: How can I install 4 OS'es on one disk?

[demuel]

I taught this thread has alread been finished because it is just so simple and 
no
brainer. Anyways, please follow this procedure:

1. Use a freeware disk partitioning software like GParted LiveCD to 
re-organize your
hard disk to accomodate new arrangements. Usually, you want this software 
without
recurring any re-installing of your default windows because it will just 
re-allocate in
the new settings.

2. Then follow this hard disk lay-out. It work for me in the past several years 
without
hassles. If possible, use fdisk to get the partition in its correct label.

/dev/hda1 - windows (ntfs) -- no changes.
/dev/hda2 - freebsd (a5)
/dev/hda3 - linux (81)
/dev/hda4 - openbsd (A6)

3. Use a boot manager. I highly recommend LILO as it is much easier to use.


You will be fine if you follow that procedure. Ok?


Best Regards,
Demuel

 Siju George [EMAIL PROTECTED] writes:

 1) it is easier to get Windows installed on the beginning so you have
 less hassle.

 I'd amplify that even further.  Of the systems mentioned, only Windows
 appears to work from the assumption that it will always be the only
 operating system on your machine.  Install that first, just give it
 whatever space you think is appropriate, then proceed with the others
 and do whatever you can to hide the fact that it's not alone from
 Windows.

 The other systems are saner than Windows with respect to multiboot
 configurations, but in my experience life's generally less stressful
 if you can have one operating system per machine or enough resources
 to do good virtualisation.

 --
 Peter N. M. Hansteen, member of the first RFC 1149 implementation team
 http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
 Remember to set the evil bit on all malicious network traffic
 delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: [Newbie] OpenBSD HTTP proxy

[Craig Skinner]

Lars NoodC)n wrote:

Refer to the original question.  The implication was evading the Great
Firewall of China.  For that, a tunnel is probably advisable.


Yes, I saw that, but as far as I am aware, that cowardly evil oriental
government only blocks access to certain sites for its serfs, and not
the net as a whole.

As per:

http://en.wikipedia.org/wiki/Internet_censorship_in_the_People's_Republic_of_
China

The banning appears to be mostly uncoordinated and ad-hoc

http://en.wikibooks.org/wiki/Transwiki:Bypassing_the_Great_Firewall_of_China
http://www.dmoz.org/Computers/Internet/Proxying_and_Filtering/Hosted_Proxy_Se
rvices/
http://www.scroogle.org/


And if that filthy government were actually concerned with Chinese
Internet users observing proper online conduct, they would stop spaming,
but no, they encourage it as a means of attack on the superior west.
Refer to Jingjing

Re: [Newbie] OpenBSD HTTP proxy

[Siju George]

On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote:

 Rubbish. This is pathetic and displays total ignorance of fundamental
 networking protocols, esp WPAD: web proxy auto discovery


not really. listen now :-)

 Have squid listen on the internal interface at the *standard* port of 3128.


no probs here :-)
the reasons for making it listen on 8080 are stupid :-)

 Block (return) *all* access from the LAN to the Internet, disable NAT.
 If you use NAT, what on earth is the point of using an application layer
 proxy?


First of all proxy is used to control web access ( like URL filter )
for a certain group of people. There are others who connect through
NAT and who can get better perfomance. Yes Squid degrades performances
at some cases.
Then there are websites that don't work well with squid.

So in my case I have to work up a solution which is a mixture :-)


 If you are going to use an app, be man enough to have it listen on the
 correct interface. You gain nothing by running it on the loopback and
 then using a packet filter to redirect packets to it. What a waste of time.


Not at all!
I hear that most security conscious people do it that way.
To my knowledge that is the recommended way.
To make services listen on the loopback and use PF to redirect
appropriate traffic to it.

Not sure what you mean by being man enough :-)



 Set up /etc/dhcpd.conf like something like this:



 Set up /var/named/master/example.org like this:



 Distribute a wpad file to the LAN from apache:



 In /var/www/conf/httpd.conf:


Too many configuration files for a new guy?
Or May be not! :-)

Anyway thanks a million It was a good learning session :-)))

Thank you so much

Kind Regards

Siju

Re: [Newbie] OpenBSD HTTP proxy

[Craig Skinner]

Siju George wrote:


First of all proxy is used to control web access ( like URL filter )
for a certain group of people. There are others who connect through
NAT and who can get better perfomance. Yes Squid degrades performances
at some cases.
Then there are websites that don't work well with squid.

So in my case I have to work up a solution which is a mixture


You need to learn more about squid, in particular the ACLs for different 
groups logged in users (try LDAP).





If you are going to use an app, be man enough to have it listen on the
correct interface. You gain nothing by running it on the loopback and
then using a packet filter to redirect packets to it. What a waste of time.



Not at all!
I hear that most security conscious people do it that way.
To my knowledge that is the recommended way.
To make services listen on the loopback and use PF to redirect
appropriate traffic to it.



How on earth does that make an app more secure. You are listening to 
urban rumours, like vista being the most secure os...




Not sure what you mean by being man enough :-)



Cowards hide behind their mother's skirt. You are trying to hide squid 
on the loopback, which is as flimsy a protection device as a skirt.

attention

[Alex Dede]

Ho cambiato indirizzo!Puoi ora scrivermi a questo indirizzo: [EMAIL PROTECTED]

Am a Togolaise banker.Can you recieve funds of a late client that bears your 
last name.Reply

- Alex Dede

Re: spdmem: what does PC25100 mean?

[Alexey Suslikov]

Looks like PC- and PC2- will be a better form to display
to prevent a confusion.

- Alexey.

On 10/9/07, Jonathan Gray [EMAIL PROTECTED] wrote:
 On Tue, Oct 09, 2007 at 12:26:28AM +0300, Alexey Suslikov wrote:
  Hello [EMAIL PROTECTED]
 
  spdmem0 at iic0 addr 0x52 DDR2 SDRAM non-parity PC25100CL5
 
  CL5 is CAS latency I think, but what does PC25100 mean here? :)
 
  Thanks.

 It seems the code was incorrectly using PC2 as a prefix
 in the DDR2 case, I'll fix that later today.

Re: firewall is very slow, something's wrong

[Henning Brauer]

* Florin Andrei [EMAIL PROTECTED] [2007-10-05 03:55]:
 The hardware is AMD64, Tyan Transport, 2 CPUs 2 cores each. I am using the 
 SMP kernel. The network card is Intel Pro/1000 PCI Express 4x dual gigabit 
 port, it carries both em0 and em1.

First, you want to run 4.2 or -current, that shoudl about double your 
throughput.
then, an i386 kernel should perform considerably better than amd64 for 
firewalling/routing/...
next, you don't want SMP for such tasks. take out the second CPU and 
give it to somebody who can use it, and run the uniprocessor kernel.
last, increase net.inet.ip.ifq.maxlen until you see the congestion 
counter not increasing much any more under load. should not exceed 2500 
by too much. as a rule of thumb, 256 per gigE interface aren't too far 
off.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: [Newbie] OpenBSD HTTP proxy

[Siju George]

On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote:
 Siju George wrote:
 
  First of all proxy is used to control web access ( like URL filter )
  for a certain group of people. There are others who connect through
  NAT and who can get better perfomance. Yes Squid degrades performances
  at some cases.
  Then there are websites that don't work well with squid.
 
  So in my case I have to work up a solution which is a mixture

 You need to learn more about squid, in particular the ACLs for different
 groups logged in users (try LDAP).


I use ACLs thats why I am able to block portions of the web for certain users.
ACLs don't improve perfomance in some cases simple NAT is much faster
than taking it through squid.

Yes I am on my way to LDAP integration.
It was a tough road trying to learn and implement it :-)



 How on earth does that make an app more secure. You are listening to
 urban rumours, like vista being the most secure os...

 
  Not sure what you mean by being man enough :-)
 

 Cowards hide behind their mother's skirt. You are trying to hide squid
 on the loopback, which is as flimsy a protection device as a skirt.



If you are running a firewall on OpenBSD with FTP proxy then it
listens behind the mothers skirt :-)

proxyftp-proxy   96953* internet stream tcp 0xd6b4a644 127.0.0.1:8021

and the man page says you should have the rule.

 rdr pass on $int_if proto tcp from $lan to any port 21 - \
   127.0.0.1 port 8021

pfSense developers changed listening squid to localhost and
redirecting from the internal interface allowed traffic.

Let us wait and see if somebody who is more knowledgeable than both of
us is able to give a clear explanation :-)

I think there is more to it than Urban Rumors :-)

Kind Regards

Siju

Re: [Newbie] OpenBSD HTTP proxy

[Craig Skinner]

Siju George wrote:

If you are running a firewall on OpenBSD with FTP proxy then it
listens behind the mothers skirt


You haven't thought about what is going on here and that it is quite a 
different situation.


Do you also run apache, named, dhcpd, sendmail, dovecot/courier, etc, 
etc only on the loopback? No? Why not? Because they use standard 
ports as listed in /etc/services




proxyftp-proxy   96953* internet stream tcp 0xd6b4a644 127.0.0.1:8021

and the man page says you should have the rule.

 rdr pass on $int_if proto tcp from $lan to any port 21 - \
   127.0.0.1 port 8021


This redirects from a standard port to an unprivileged NON-STANDARD 
port, which many ftp clients would never use as a proxy. It makes it 
transparent to the client that they are using a proxy. As it is a 
non-standard port and clients will never connect to, it is run on the 
loopback. Does not make the daemon any more secure from buffer 
overflows, etc, etc as the same packets come into it.


Squid listens on a high numbered unprivileged port by default, and runs 
as an unprivileged user. It is also easy to run chroot as well.


3128 is a commonly used web proxy port.



pfSense developers changed listening squid to localhost and
redirecting from the internal interface allowed traffic.


Bully for them.

Use WPAD as it is designed to auto config browsers, or inform your users 
how to manually use the proxy.


What is the point of hiding a web proxy by transparency from users in a 
work environment? It is not their equipment, their time, and nor is it 
their place to complain about how you run the network.

Re: qlogic QLA4050C or QLA4052C

[Marco Peereboom]

davec@ and I are working on this HBA.  The driver is called qli.

We could use a one board in Australia and a dual port board in the USA.

On Wed, Feb 07, 2007 at 01:24:33PM +0100, Stephan A. Rickauer wrote:
 is there a developer who's interested in writing a driver for that
 product? It's an iSCSI Host Bus Adapter:
 
   http://www.qlogic.com/products/iscsi_products_hba.asp
 
 Our Institute would donate the required hardware and I will try to get
 Free Programming Documentation (though I am not too optimistic with qlogic).
 
 Please let me know off list.
 
 -- 
 
  Stephan A. Rickauer
 
  ---
  Institute of Neuroinformatics Tel  +41 44 635 30 50
  University / ETH Zurich   Sec  +41 44 635 30 52
  Winterthurerstrasse 190   Fax  +41 44 635 30 53
  CH-8057 ZurichWeb  www.ini.unizh.ch
 
  RSA public key:  https://www.ini.uzh.ch/~stephan/pubkey.asc
  ---

Re: Thank you developers... 4.2 arrived in the mail today

[Sunnz]

Just arrived to Canberra Australia today!!

I am kind of excited and made a little video showing its content:
http://www.youtube.com/watch?v=B3NHTxq077Q

2007/10/8, Graeme Neilson [EMAIL PROTECTED]:
 I pre-ordered using the web form for international orders
 http://www.openbsd.org/orders.html with my new fangled credit card...;)

 On 10/8/07, Josh [EMAIL PROTECTED] wrote:
 
  How did you order yours?
 
  I am in NZ too... Is there a way to just transfer money via internet
  banking or something?
 
  Graeme Neilson wrote:
 
Pre-order has made it all the way to New Zealand already - thanks to
  all.
 
On 10/7/07, Peter N. M. Hansteen   [EMAIL PROTECTED]   wrote:
 
  One other data point - My preordered 4.2 set arrived here in Bergen,
  Norway today. Excellent artwork as usual, and great song :)
 
  Cheers,
  --
  Peter N. M. Hansteen, member of the first RFC 1149 implementation
  teamhttp://bsdly.blogspot.com/ http://www.datadok.no/
  http://www.nuug.no/Remember to set the evil bit on all malicious
  network traffic
  delilah spamd[29949]: 85.152.224.147: disconnected after 42673
  seconds.




-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: Cisco 3002 VPN client to OpenBSD?

[Brian A. Seklecki]

On Fri, 2007-10-05 at 18:50 -0400, Rod Dorman wrote:
 On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote:
  On Friday 05 October 2007 01:17, Claer wrote:
  The Cisco client license forbids explicitely to connect to anything but
  Cisco Hardware.

You could rip the ISA controller out of a Pix 525 and out a CF adapter
in it.  Genuine intel P3 w/ quad fxp(4).  ~BAS




IMPORTANT: This message contains confidential information and is intended only 
for the individual named. If the reader of this message is not an intended 
recipient (or the individual responsible for the delivery of this message to an 
intended recipient), please be advised that any re-use, dissemination, 
distribution or copying of this message is prohibited.  Please notify the 
sender immediately by e-mail if you have received this e-mail by mistake and 
delete this e-mail from your system.

Re: Web configure Firewall

[Soner Tari]

On Tue, 2007-10-09 at 10:51 +0530, Siju George wrote:
 Anyone knows if there is a mailinglist for comixwall?
 I am facing a few issues with it :-(

Anyone is welcome to e-mail me about issues: soner at comixwall.org

However, the IP address of the project is from dynamic pool. Gmail and
some other e-mail giants consider e-mails from such IPs as spam.
Otherwise, I had promptly replied your previous web enquiry and many
others' too.

Please see the project web site for a news article about user questions.
Maillist is mentioned in the same article too.

(If you are experiencing failed login issues on the web interface,
please see the same article.)

Re: [Newbie] OpenBSD HTTP proxy

[Siju George]

On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote:
 You haven't thought about what is going on here and that it is quite a
 different situation.

 Do you also run apache, named, dhcpd, sendmail, dovecot/courier, etc,
 etc only on the loopback? No? Why not? Because they use standard
 ports as listed in /etc/services


O.K I get it :-)


  pfSense developers changed listening squid to localhost and
  redirecting from the internal interface allowed traffic.

 Bully for them.


hey love me tender, baby don't be cruel  ;-) [ Dire Straits - Calling Elvis ]

 Use WPAD as it is designed to auto config browsers, or inform your users
 how to manually use the proxy.


yes your mais was a good learning session for me.
I never tried this will see now

Thanks a lot once again :-)

kind Regards

Siju

Re: Thank you developers... 4.2 arrived in the mail today

[Edd Barrett]

On 05/10/2007, Chad M Stewart [EMAIL PROTECTED] wrote:
 My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
 and this has to be the earliest I've ever gotten mine.  I hope that
 is more of an indication of my getting my order in early, than the
 number of CD orders being that low.

Here in the UK we have postal strikes grinding the whole mail system
to a halt (-p?).

No chance of getting anything in the UK anytime soon. :(


-- 
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

looking some package

[sonjaya]

Dear all
 i looking this package :
- clamav-0.9.1.1.tgz
- smtp-gated-1.4.15.1.tgz
- dansguardians-2.9.8.5.clamd.tgz
-imspector-0.3.tgz
-pmacct-0.11.4.tgz

This package need for comixwall , i try  using comix in i386 because
the source is amd64

-- 
sonjaya
http://sicute.blogspot.com

Re: Thank you developers... 4.2 arrived in the mail today

[Pierre Riteau]

Le 9 oct. 07 ` 17:02, Edd Barrett a icrit :


On 05/10/2007, Chad M Stewart [EMAIL PROTECTED] wrote:

My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY)
and this has to be the earliest I've ever gotten mine.  I hope that
is more of an indication of my getting my order in early, than the
number of CD orders being that low.


Here in the UK we have postal strikes grinding the whole mail system
to a halt (-p?).

No chance of getting anything in the UK anytime soon. :(


Aren't  all European orders sent by UPS?




--
Best Regards

Edd

---
http://students.dec.bournemouth.ac.uk/ebarrett

Re: firewall is very slow, something's wrong

[Florin Andrei]

Henning Brauer wrote:

* Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
then, an i386 kernel should perform considerably better than amd64 for 
firewalling/routing/...

That is surprising. What is the reason?


we dunno really. it hasn't been benched in sometimesoit might not even 
be true nay more, but last time the difference was dramatic.


Then I will do some tests with 4.2 on gigabit-capable hardware. If 
anything noteworthy comes out, I'll post the results.
Don't expect something too fancy, but I guess anything is better than 
nothing.



How much RAM can the i386 kernel use on an amd64 machine?


4GB minus pci space


Hmmm.

Please correct me if I'm wrong:
Let's say a firewall is connected to a pretty fast Internet pipe (in the 
gigabit range). Let's say there's a DDoS against this environment. In 
theory, the firewall would need lots of RAM so that it can deal with the 
incoming nasty packets, create an entry for each packet in the state 
table (don't know the correct name for it in OpenBSD, sorry), then 
expire it after a while.
In theory, the firewall could be tweaked to expire unused states 
quickly, but still, more RAM is better when dealing with a DDoS.


What's still not clear to me is how much RAM I should provision per 1Gb 
of bandwidth on OpenBSD, assuming there's an incoming 
worst-case-scenario DDoS, that consumes RAM (and other resources) on the 
firewall yet leaves some bandwidth open for legitimate traffic (so the 
firewall must be able to continue to let the good traffic pass through). 
Also assuming some tweaking has been done on the firewall to expire the 
bad stuff quickly without affecting legitimate traffic.


But all that depends on the actual legitimate traffic and on the 
firewall rules.

I guess that's another way of saying more tests are needed. :-/

If the SMP kernel does not actually hurt performance, I might have to use 
it.


it does. seriously. locking is not free.


Aw, damn. I was hoping that's not quite the case.

Well, then hopefully the dynamic routing daemons won't get too greedy 
and DoS the firewall from within. :-) Or I may have to re-think the 
whole environment and forget the idea of doing any kind of dynamic 
routing on the firewall - from a security perspective, dynamic routing 
on the firewall sucks anyway.


Looks like my performance test matrix just got bigger by a factor of 2x. 
:-/ But the bad combinations should get pruned pretty quickly, I guess.


+-+---+---+
|  \  | i386  | amd64 |
+-+---+---+
| SMP |   |   |
+-+---+---+
| UP  |   |   |
+-+---+---+

--
Florin Andrei

http://florin.myip.org/

Re: Thank you developers... 4.2 arrived in the mail today

[Sevan / Venture37]

CD's turned up via UPS today here in the UK.
Thanks Win! :)


Sevan / Venture37

_
Celeb spotting  Play CelebMashup and win cool prizes
https://www.celebmashup.com

Re: Thank you developers... 4.2 arrived in the mail today

[Luca Corti]

On Tue, 2007-10-09 at 22:04 +0100, Sevan / Venture37 wrote:
 CD's turned up via UPS today here in the UK.

Is there a tracking number? I have not received the CDs yet (Italy).

ciao

Luca

Re: OpenBSD 4.2-current | ASUS P5VD2-X and E2140 problems

[Pierre Riteau]

Le 8 oct. 07 ` 17:44, [EMAIL PROTECTED] a icrit :


Hi guys,

I ask at misc because I#m unsure if these problems are known.

During reading the CHangelog I noticed the ALC883 Chip was added to
Azalia.
Well this Chip is at this Motherboard but I can't get it working.
The BIOS supports to either set it into the HDA Mode or into the AC97
mode. neither works (wont even get displayed in the dmesg).
A 3rd mode for Vista compatibility wa salso checked with no success.

Except this OpenBSD 4.2-current (and so 4.2) does boot fine.
I noticed just 2 further issues.

1. The Intel E2140 supports SpeedStep but it isn't ntoiced (even after
activation in the BIOS).
2. SMP doesn#t work
 - I tried also twith ACPI-ENABLE

I just wanna know: Is there a solution known for the last 2 things?
Does somebody own the same Board (or familiar with VIA 890!).
Single-Core works fine.

I may would have the possibility to change the Board (to a MSI MSI
P4M890M
Rev 1.2).

I need to replace a Desktop Board so the MSI would even provide
integrated
Grafic (wich is ok for this case).
So are these things Board related (well the Crash in SMP mode propably
isn't but the issue with the Soundchip may is) or maybe OpenBSD
related?


I have an Asrock motherboard with a VIA chipset (but not the same).
If I want my azalia device to be detected, I need to go in the BIOS
and change
it's PCI bus from 0x80 to 0x2 (there is an option for this).

Maybe your card has a similar setting?



Here's a dmesg with a generic Kernel from install42.iso

--
OpenBSD 4.2-current (GENERIC) #410: Fri Oct  5 22:31:12 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Genuine Intel(R) CPU 2140 @ 1.60GHz (GenuineIntel 686-
class) 1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-
CPL,EST,TM2,CX16,xTPR
real mem  = 535261184 (510MB)
avail mem = 509779968 (486MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/29/07, BIOS32 rev. 0 @
0xf1d70,
SMBIOS rev. 2.4 @ 0xf (52 entries)
bios0: vendor Phoenix Technologies, LTD version ASUS P5VD2-X ACPI
BIOS
Revision 0501 date 06/29/2007
bios0: ASUSTeK Computer INC. P5VD2-X
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xdc94
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdad0/400 (23 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev
0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xd000 0xd/0x3000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA P4M890 Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA P4M890 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA P4M890 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA P4M890 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA P4M890 Host rev 0x00
VIA P4M890 IOAPIC rev 0x00 at pci0 dev 0 function 5 not configured
pchb5 at pci0 dev 0 function 6 VIA P4M890 Security rev 0x00
pchb6 at pci0 dev 0 function 7 VIA P4M890 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 2 function 0 VIA P4M890 PCI-PCI rev 0x00
pci2 at ppb1 bus 2
vga1 at pci2 dev 0 function 0 ATI Radeon X300 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ATI Radeon X300 Sec rev 0x00 at pci2 dev 0 function 1 not configured
ppb2 at pci0 dev 3 function 0 VIA P4M890 PCI-PCI rev 0x00
pci3 at ppb2 bus 3
jmb0 at pci3 dev 0 function 0 JMicron JMB363 IDE/SATA rev 0x02
ahci0 at jmb0: irq 11, AHCI 1.0
scsibus0 at ahci0: 32 targets
pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1
wired to
native-PCI
pciide0: using irq 11 for native-PCI interrupt
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 15 function 0 VIA VT8237A SATA rev 0x80: DMA
pciide1: using irq 11 for native-PCI interrupt
pciide2 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide2 channel 0 drive 0: Maxtor 6Y120L0
wd0: 16-sector PIO, LBA, 117246MB, 240121728 sectors
wd0(pciide2:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide2 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: TSSTcorp, CD/DVDW SH-S162L, TS06 SCSI0
5/cdrom removable
cd0(pciide2:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0xa0: irq 5
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0xa0: irq 5
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0xa0: irq 5
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0xa0: irq 5
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1
viapm0 

Re: Thank you developers... 4.2 arrived in the mail today

[L. V. Lammert]

Check this out - go the shipping notice **AND** the package today! Just in
time to update a new server before going online.

Lee


  Leland V. Lammert[EMAIL PROTECTED]
Chief Scientist Omnitec Corporation
 Network/Internet Consultants   www.omnitec.net

Re: Thank you developers... 4.2 arrived in the mail today

[Sevan / Venture37]

 Is there a tracking number? I have not received the CDs yet (Italy).
 ciao
 Luca

When your item is shipped you will receive a tracking number

_
100s of Music vouchers to be won with MSN Music
https://www.musicmashup.co.uk

requesting help in building xenocara

[Juan Miscaro]

Hi.  I am running CURRENT on a development server and I have some
questions about building the X portion of a release.  First, normally I
don't need Xorg but I regularly use a package that needs the xbase
install set.  So before I used to build X using the XF4 sources.  I
then heard that xenocara is replacing XF4 so I am trying to build, and
eventually make the sets (which ones will come out I do not know), but
my system is bombing out.  I am following the release man page.  My
xenocara sources ended up in /usr/xenocara after a cvsup operation (how
do I get them in /usr/src/xenocara while also updating other sources
and ports?).  Anyway, according to that man page all I need to do is
have XSRCDIR set to /usr/xenocara inside /etc/mk.conf.  So I'm not sure
if I'm on the right track in building xenocara and also why I cannot
build it:


make: don't know how to make obj.  Stop in
/usr/xenocara/proto/bigreqsproto.
make: no target to make.


Thank you in advance,

// juan


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

The Name: UNIX

[Sean Darby]

Hi all...

In response to the recent easter egg in 4.2's song, I asked about some 
possible meaning behind the 11 1010101 bit and only ended up more 
confused as a result of what one individual provided in their replies.

Could anybody enlighten me on proper UNIX association... here are the 
messages...

In response to theraven's speculation over the song at:
http://slashdot.org/~TheRaven64/journal/184027

me:
Perhaps: Regarding ...these are ! and U... As in not equal to proprietary 
(UNIX vs unix/unix-like) Or in other words, free

theraven:
Could be, but considering the fact that GNU's Not UNIX, and the song is fairly 
anti-GNU in places, I'd guess not. Especially since OpenBSD is UNIX, it just 
isn't UNIX(TM).

me:
Okay... I didn't know OpenBSD was UNIX. I thought OpenBSD was Unix; and that 
UNIX was a registered trademark of The Open Group, with systems like UNIX 98 
and UNIX 03. My bad. The GNU's Not Unix GNU bit makes sense, though I was 
simply referring to the difference between $ and free. I was under the 
impression that UNIX regarded $ and Unix = free. Oh well, no biggy. :-p

theraven:
UNIX was an operating system released by ATT in the late '70s. Some guys at 
Berkeley added a load of stuff to it, and called their version the Berkeley 
Software Distribution (BSD). Since it was based on the ATT code, you needed a 
license from ATT to use it. They gradually replaced the ATT code with their 
own, and in 4.2BSD-lite, there was no ATT code, allowing the whole system to 
be distributed for free (and Free). OpenBSD is based on 4.2BSD-lite, and so 
contains no original UNIX code, but can trace its evolution back to the 
original UNIX.

The Open Group owns the UNIX trademark (although they are very careful not to 
test it in court, where it would probably be determined to be a generic term 
and not subject to trademarks). They can say that something is UNIX(tm) or not; 
all you have to do is pass a conformance test and pay them a large heap of 
money. OpenBSD is derived from the original UNIX sources, but has not passed 
this conformance testing and paid TOG a heap of money, so it is not UNIX(tm).

The alternate capitalisation, Unix, is not very common. A few proprietary 
UNIXes used it, but none of the well-known ones. For a bit more history, take a 
look at the UNIX timeline [levenez.com].

That's it... now at this point I just give up (when someone refers me to that 
UNIX timeline, which I've seen and read before and honestly that page doesn't 
answer my question, so their responses really didn't help any at all.)

I'm positive my original guess is wrong (how !U is not propietary) but that's 
not the point anymore... it's this:

Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)?

I didn't need theraven giving me some preschool explanation UNIX was an 
operating system released by ATT in the late '70s..eventually BSD-lite 
(etc.), I was looking for a simple and direct response - hopeful for 
explanation *directly related* to that direct response - not a history lesson. 
I've studied the history of UNIX and unix-like branches, at least on a basic 
level, this is simply a question of one specific system (OpenBSD) and proper 
use of terminology (aka UNIX the trademark, all caps, title), not a question 
of generic history of the system concept in such an over-generalized and poorly 
explained fashion as what theraven provided.

Thank you for you help in clearing me of my confuzzlement!

Sean 

P.S.- Someone please tell me theraven's, The alternate capitalisation, Unix, 
is not very common. is incorrect! I see Unix EVERY day, regardless of if 
propietary or free. Their statement, or claim, in that quote is starting to get 
into ridiculous speculations as pertaining to general usage of terms in 
everyday English language and falling off topic of what it is *specifically* in 
reference to.

If I'm wrong in the Unix bit, oh well - no biggy - but still am confused 
about OpenBSD = UNIX or Unix or Unix-like or unix-like or unix or ham sandwich 
on rye.

Thanks!

-- 
Public Key:
http://mpec.net/gsd.asc

Re: The Name: UNIX

[Ted Unangst]

On 10/9/07, Sean Darby [EMAIL PROTECTED] wrote:
 Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)?

does it matter?

Re: The Name: UNIX

[Marco S Hyman]

  Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)

You are the first person I've seen to makes a distinction between unix,
Unix, and UNIX and imply that the distinction has any meaning.

// marc

Re: The Name: UNIX

[Jon Radel]

Sean Darby wrote:

 me:
 Okay... I didn't know OpenBSD was UNIX. I thought OpenBSD was Unix; and that 
 UNIX was a registered trademark of The Open Group, with systems like UNIX 
 98 and UNIX 03. My bad. The GNU's Not Unix GNU bit makes sense, though I 
 was simply referring to the difference between $ and free. I was under the 
 impression that UNIX regarded $ and Unix = free. Oh well, no biggy. :-p

I don't believe U.S. trademark law cares much about capitalization of
word marks.  Unix, UNIX, unix -- all covered by the same registration.
(This is distinct from registering logos which happen to incorporate
your word mark, where case, font, and color tend to matter.)

After all, the whole point to registering a trademark is to put the
world on notice that you don't want other parties using marks that might
be confused with yours in commerce.  You've just proven that Unix gets
confused with UNIX.  ;-)

See http://tess2.uspto.gov/bin/gate.exe?f=tessstate=95mrtn.1.1 to look
 UNIX up for yourself.

YMMV in other countries and I not be a lawyer.

--Jon Radel

[demime 1.01d removed an attachment of type application/x-pkcs7-signature which 
had a name of smime.p7s]

[side thread] security implcations of multiple kernel threads?

[Douglas A. Tutty]

On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote:
 * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
  then, an i386 kernel should perform considerably better than amd64 for 
  firewalling/routing/...
 
  That is surprising. What is the reason?
 
 we dunno really. it hasn't been benched in sometimesoit might not even 
 be true nay more, but last time the difference was dramatic.
 
  How much RAM can the i386 kernel use on an amd64 machine?
 
 4GB minus pci space
 
  next, you don't want SMP for such tasks. take out the second CPU and give 
  it to somebody who can use it, and run the uniprocessor kernel.
  So, assuming the box is a pure firewall / static router (so just pf and 
  static routes), even with multiple interfaces, all those tasks run in a 
  single kernel thread?
 
 yup
 

Why is this?  Is there a security reason why the kernel is
single-thread; is it OBSD resource limitations (no developer time, no
hardware, etc); is it not enough interest yet?

With interface speeds and bus bandwidth going up, how many interfaces is
it possible to handle at full interface bandwidth on the fastest UP CPU
and how much memory does that take?

If you need more performance, do you build multiple boxes and CARP them?
Virtualization to run multiple OBSDs, each on its own core (ignoring
security issues of virtualization; crack one client is no worse than
having a single OBSD running all interfaces getting cracked).  Or do you
start assembling a big box with muliple MBs each with a UP hooked up to
a pair of drives, all co-located in one box with dual/triple/quad
redudant PSUs?

Not that I'm personally in need of the technology; I'm the one trying to
keep a 486 patched on dialup.  

I'm just interested.

Doug.

Re: The Name: UNIX

[Douglas A. Tutty]

On Tue, Oct 09, 2007 at 04:50:10PM -0500, Sean Darby wrote:
 
 In response to the recent easter egg in 4.2's song, I asked about
 some possible meaning behind the 11 1010101 bit and only ended
 up more confused as a result of what one individual provided in their
 replies.
 
 Could anybody enlighten me on proper UNIX association... here are the
 messages...
 I was looking for a simple and direct response -
 hopeful for explanation *directly related* to that direct response -
 not a history lesson. I've studied the history of UNIX and unix-like
 branches, at least on a basic level, this is simply a question of one
 specific system (OpenBSD) and proper use of terminology (aka UNIX
 the trademark, all caps, title), not a question of generic history of
 the system concept in such an over-generalized and poorly explained
 fashion as what theraven provided.
 
 
 If I'm wrong in the Unix bit, oh well - no biggy - but still am
 confused about OpenBSD = UNIX or Unix or Unix-like or unix-like or
 unix or ham sandwich on rye.

You've got all the information you need to determine how _you_ will
refer to OpenBSD.  The commercial UNIX(tm) offerings incorporate(d) a
heck of a lot of BSD code in order to do any networking.  That's OK, the
licence allows that (they may have since redone all the code, making
UNIX(tm) a BSD-Like OS).  

I don't see any historical reference to the origional BSD people calling
their release BSD UNIX but just the BSD.  IIRC, they were contracted by
DARPA to take UNIX and add networking, which they did and called it BSD.
Since the lawsuite, people have taken to calling BSD UNIX.  

During that lawsuit, when the future of BSD was up-in-the air, Linus
needed a UNIX-like OS to run on his 386.  He couldn't run the BSD kernel
legally and so he wrote a kernel from scratch that mimicked the
functionality of UNIX/BSD but without using any contested code.  If it
wasn't for that lawsuit, there probably wouldn't be a Linux but he
probably would have used one of the BSDs.

I'll give you an analogy that isn't automobiles but isn't UNIX either.
Radio Shack in Canada.  Tandy is a US company that, among other things,
runs consumer electronics (and gadget parts) stores in the US and
licenced the name to Radio Shack Canada.  They later pulled their
license on some of the store-brand products, so that Realistic radios
had to be named something else ASAP (they chose GeneXa or something
targeted to Generation Xers).  A few years later, they pulled the
licence to the Radio Shack name itself, so now we have The Source, by
Circuit City.  Circuit city being another comsumer electronics chain
with no store-brand or CIP (Crap in Plastic; Computerized Inventory
Program).  But everyone calls the store Radio Shack.

So is The Source = Radioshack?  It is a direct decendant but it can't
legally call itself Radioshack.  

So is OpenBSD = UNIX?  It is a direct decendant but it can't legally
call itself UNIX; and calling itself UNIX would be seen (IMHO) as a
branding issue infringing on Trade Mark.

I don't know why people care (other than residual hurt over the
lawsuit).  OpenBSD has a fine reputation and good name for itself on its
own right.

I just with that there was a lot less chest-thumping about which was the
best OS.  Each of the BSDs, each of the UNIXs, each of the Linux
distributions has its strengths and weaknesses, its target market and
the range of things that it can do better than the others (depending on
how you define better).  It would greatly help everyone if the leaders
of the three BSDs, the many UNIXes, Linus, and the leaders of the major
linux distros could  work collaboratively on a Wikipedia page dedicated
to helping people make an informed decision.  However, competition
(economic, resouce, prestigue, whatever) rears its ugly head.

Sorry for the long reply, but your question is not simple to answer.  I
also don't think, despite the long reply, that it needs a definitive
answer.  

How I answer it is this.  When someone asks me about windows who I know
knows nothing about computers, I say I don't know because I run Unix
(there I go with the lower case).  UNIX has been around forever and many
non-computer people have heard of it.  If the conversation continues
then I clarify as to what UNIX-like OSs I use (OpenBSD and Debian
GNU/Linux).  

If I'm asked on what I blow my nose, I'll say Kleenex.  If the
conversation continues (why would it), I'll ask what brand of Kleenex
they use.

Doug.

Re: [side thread] security implcations of multiple kernel threads?

[Dave Anderson]

On Tue, 9 Oct 2007, Douglas A. Tutty wrote:

On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote:
 * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]:
  next, you don't want SMP for such tasks. take out the second CPU and give
  it to somebody who can use it, and run the uniprocessor kernel.
  So, assuming the box is a pure firewall / static router (so just pf and
  static routes), even with multiple interfaces, all those tasks run in a
  single kernel thread?

 yup

Why is this?  Is there a security reason why the kernel is
single-thread; is it OBSD resource limitations (no developer time, no
hardware, etc); is it not enough interest yet?

I'm not an OpenBSD developer, but I'd bet that the reason is that BSD
was originally written single-threaded (both because that's much easier
than multi-threaded and because multi-cpy systems were rare back then)
and has not [yet] been changed because changing to a multi-threaded
kernel requires a lot of very finicky work (with innumerable
opportunities to introduce very subtle bugs).

Dave

-- 
Dave Anderson
[EMAIL PROTECTED]

Just Received my Package

[Aaron Hsu]

Wow, I am impressed this time around. Even though there seems to be less 
breadth in this particular case, I really like the quality. The whole package 
feels really solid, and the stickers seem nicer than previously. Additionally, 
I like the new printing on the booklet compared to what was in the older 
stuff. :-)

Great Job, guys. I ordered two, btw, one to give away to people who are too 
lazy to download it to try it out. Maybe I can spread some of the OpenBSD 
cheer this Christmas!

-- 
((name Aaron Hsu)
 (email/xmpp [EMAIL PROTECTED])
 (phone 703-597-7656)
 (site http://www.aaronhsu.com;))

[demime 1.01d removed an attachment of type application/pgp-signature]