Re: [Newbie] OpenBSD HTTP proxy
Tony Bruguier [EMAIL PROTECTED] writes: First, thanks for all the help so far. It seems that I have downloaded and installed the 4.2 version even though it is not supposed to be available yet. Here's the link: ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/cd42.iso that is a -current snapshot, some increments after 4.2-release. I tried to install the squid for the 4.1 version but it does not work. If you run snapshots, you need to install the snapshot packages, available from very close to where you found the files for the main install. Library mismatches and the like are expected when you mix versions. Please note that the same problem occurs with other packages. That's to be expected. 1) Have I downloaded the right version? Until November 1st or thereabouts, the latest stable version is 4.1. The only way to get 4.2 at the moment is via CD preorder (I got my first 4.2 set on Saturday)[1]. So if you want to get started right away with a stable, supported version, 4.1 is the one you want. Upgrading to the next release is usually a matter of about 20 minutes plus installing packages (anything from zero minutes to well, a lot), could be quicker if you know what you're doing. [1] http://www.flickr.com/photos/[EMAIL PROTECTED]/sets/72157602288617389/ 2) If it is the right version, can I expect the squid (and other) packages to be updated by 11/1/07? I can afford to wait a few weeks, but if it's more, I'd rather switch to 4.1. when 4.2 becomes available, it will come with updated packages. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Encrypting home partition
On 2007-10-08, Nick Guenther [EMAIL PROTECTED] wrote: So you mean you have a /home partition, which contains an encrypted image, and then you mount the encrypted image over top of your /home? Because that's what I was thinking / what I think is being asked about. I have /home partition. I have user. In /home/user i have image file. When user logs in he (me) does the following: $ sudo mnt.sh $ exec ksh -l After ``mnt.sh'' content of user's homedir is substituted because encrypted image is mounted over it. $ df | grep home /dev/sd0g 41280412 8194480 3102191221%/home /dev/svnd0c8057980 6231232 142385281%/home/user Mnt.sh script does the following: - vnconfig - fsck - mount -- Alexey Vatchenko http://www.bsdua.org E-mail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
Re: [Newbie] OpenBSD HTTP proxy
Siju George wrote: On 10/9/07, Lars Noodin [EMAIL PROTECTED] wrote: Tony Bruguier wrote: ... I would like to install an HTTP proxy. ... Squid is recommended. Read the directions carefully and you will have to make one or two changes to the configuration. Absolutely. Some folk use apache to proxy, it is in base. Have squid listen localhost and then tunnel to get to it. Rubbish. What a piece of nonsense. Ridiculous. Why secure plain http traffic? Have squid listen on on the public interface on the usual port of 3128 and either: *) use authpf to grant access to the port OR *) set up authentication in squid, so your oriental luser has to login to squid. Search for auth_param in /etc/squid/squid.conf and take it from there. Kinda like htaccess for apache. If you are worried about squid, run it chroot. Easy to do, if anyone wants to know, I'll post back about this. I make squid listen on 127.0.0.1 port 8080 in the squid configuration file by editing == http_port 127.0.0.1:8080 === the in pf.conf I use this redirection rule = rdr on $int_if proto tcp from any to any port 8080 - 127.0.0.1 port 8080 = Now people on the network will have to configure in their browser the $int_if IP address and port 8080 for proxy settings. Rubbish. This is pathetic and displays total ignorance of fundamental networking protocols, esp WPAD: web proxy auto discovery Have squid listen on the internal interface at the *standard* port of 3128. Block (return) *all* access from the LAN to the Internet, disable NAT. If you use NAT, what on earth is the point of using an application layer proxy? Permit the LAN to access ports 3128, www, domain, submission, bootps on your dhcp, squid mail gateway host, but do not redirect or forward. If you are going to use an app, be man enough to have it listen on the correct interface. You gain nothing by running it on the loopback and then using a packet filter to redirect packets to it. What a waste of time. Set up /etc/dhcpd.conf like something like this: option domain-name example.org; option domain-name-servers 192.168.1.1; # http://www.wlug.org.nz/WPAD option option-252 http://wpad/wpad.dat\n;; #http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch08_:_Configuring_the_DHCP_Server option ip-forwarding off; option ntp-servers 192.168.1.1; option smtp-server 192.168.1.1; option www-server 192.168.1.1; max-lease-time 14400; default-lease-time 7200; shared-network LOCAL-NET { subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; range 192.168.1.50 192.168.1.250; } } Set up /var/named/master/example.org like this: $TTL 2D ; client caching [RFC 1035] @ SOA ( ns ; master name server hostmaster ; zone maintainer's email [RFC 2142] 2007100100 ; serial, todays date + todays serial # 1D ; refresh 2H ; retry 5W ; expire 2D ); client negative caching [RFC 2308] NS ns MX 10 smtp puffy A 192.168.1.1 ns A 192.168.1.1 smtpA 192.168.1.1 wpadCNAME puffy ntp CNAME puffy imapCNAME puffy wikiCNAME puffy squid CNAME puffy localhost A 127.0.0.1 $GENERATE 50-200192-168-1-$.dhcp A 192.168.1.$ Distribute a wpad file to the LAN from apache: $ ls -l /var/www/users/wpad/{proxy.pac,wpad.dat} -r--r--r-- 1 wpad wpad .. /var/www/users/wpad/proxy.pac lrwxr-xr-x 1 wpad wpad .. /var/www/users/wpad/wpad.dat@ - proxy.pac $ cat /var/www/users/wpad/wpad.dat // http://www.wlug.org.nz/WPAD //http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html#dnsDomainIs // http://www.deckle.co.za/squid-users-guide/Browser_Configuration //http://homepages.tesco.net/J.deBoynePollard/FGA/web-browser-auto-proxy-configuration.html // http://nscsysop.hypermart.net/setproxy.html // http://www.squid-cache.org/Doc/FAQ/FAQ-5.html function FindProxyForURL(url,host) { if (isInNet(host, 192.168.1.0, 255.255.255.0)) { return DIRECT; } return PROXY squid:3128; } $ cat /var/www/users/wpad/index.html html body p Set your browser to Auto detect proxy settings for this network /p /body /html In /var/www/conf/httpd.conf: VirtualHost * RewriteEngine On RewriteCond %{HTTP_HOST} !^puffy.example.org$ [NC] RewriteCond
OpenBSD 4.2 CDs arrive safely in India
Hi, I was a bit anxious about it but the 4.2 CDs arrived just now. In tact :-) Thank you so much Kind Regards Siju
Re: [Newbie] OpenBSD HTTP proxy
Craig Skinner wrote: ... Rubbish. What a piece of nonsense. Ridiculous. Why secure plain http traffic? Refer to the original question. The implication was evading the Great Firewall of China. For that, a tunnel is probably advisable. There is of course no technical requirement that there be a tunnel. -Lars
Re: How can I install 4 OS'es on one disk?
I taught this thread has alread been finished because it is just so simple and no brainer. Anyways, please follow this procedure: 1. Use a freeware disk partitioning software like GParted LiveCD to re-organize your hard disk to accomodate new arrangements. Usually, you want this software without recurring any re-installing of your default windows because it will just re-allocate in the new settings. 2. Then follow this hard disk lay-out. It work for me in the past several years without hassles. If possible, use fdisk to get the partition in its correct label. /dev/hda1 - windows (ntfs) -- no changes. /dev/hda2 - freebsd (a5) /dev/hda3 - linux (81) /dev/hda4 - openbsd (A6) 3. Use a boot manager. I highly recommend LILO as it is much easier to use. You will be fine if you follow that procedure. Ok? Best Regards, Demuel Siju George [EMAIL PROTECTED] writes: 1) it is easier to get Windows installed on the beginning so you have less hassle. I'd amplify that even further. Of the systems mentioned, only Windows appears to work from the assumption that it will always be the only operating system on your machine. Install that first, just give it whatever space you think is appropriate, then proceed with the others and do whatever you can to hide the fact that it's not alone from Windows. The other systems are saner than Windows with respect to multiboot configurations, but in my experience life's generally less stressful if you can have one operating system per machine or enough resources to do good virtualisation. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: [Newbie] OpenBSD HTTP proxy
Lars NoodC)n wrote: Refer to the original question. The implication was evading the Great Firewall of China. For that, a tunnel is probably advisable. Yes, I saw that, but as far as I am aware, that cowardly evil oriental government only blocks access to certain sites for its serfs, and not the net as a whole. As per: http://en.wikipedia.org/wiki/Internet_censorship_in_the_People's_Republic_of_ China The banning appears to be mostly uncoordinated and ad-hoc http://en.wikibooks.org/wiki/Transwiki:Bypassing_the_Great_Firewall_of_China http://www.dmoz.org/Computers/Internet/Proxying_and_Filtering/Hosted_Proxy_Se rvices/ http://www.scroogle.org/ And if that filthy government were actually concerned with Chinese Internet users observing proper online conduct, they would stop spaming, but no, they encourage it as a means of attack on the superior west. Refer to Jingjing
Re: [Newbie] OpenBSD HTTP proxy
On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote: Rubbish. This is pathetic and displays total ignorance of fundamental networking protocols, esp WPAD: web proxy auto discovery not really. listen now :-) Have squid listen on the internal interface at the *standard* port of 3128. no probs here :-) the reasons for making it listen on 8080 are stupid :-) Block (return) *all* access from the LAN to the Internet, disable NAT. If you use NAT, what on earth is the point of using an application layer proxy? First of all proxy is used to control web access ( like URL filter ) for a certain group of people. There are others who connect through NAT and who can get better perfomance. Yes Squid degrades performances at some cases. Then there are websites that don't work well with squid. So in my case I have to work up a solution which is a mixture :-) If you are going to use an app, be man enough to have it listen on the correct interface. You gain nothing by running it on the loopback and then using a packet filter to redirect packets to it. What a waste of time. Not at all! I hear that most security conscious people do it that way. To my knowledge that is the recommended way. To make services listen on the loopback and use PF to redirect appropriate traffic to it. Not sure what you mean by being man enough :-) Set up /etc/dhcpd.conf like something like this: Set up /var/named/master/example.org like this: Distribute a wpad file to the LAN from apache: In /var/www/conf/httpd.conf: Too many configuration files for a new guy? Or May be not! :-) Anyway thanks a million It was a good learning session :-))) Thank you so much Kind Regards Siju
Re: [Newbie] OpenBSD HTTP proxy
Siju George wrote: First of all proxy is used to control web access ( like URL filter ) for a certain group of people. There are others who connect through NAT and who can get better perfomance. Yes Squid degrades performances at some cases. Then there are websites that don't work well with squid. So in my case I have to work up a solution which is a mixture You need to learn more about squid, in particular the ACLs for different groups logged in users (try LDAP). If you are going to use an app, be man enough to have it listen on the correct interface. You gain nothing by running it on the loopback and then using a packet filter to redirect packets to it. What a waste of time. Not at all! I hear that most security conscious people do it that way. To my knowledge that is the recommended way. To make services listen on the loopback and use PF to redirect appropriate traffic to it. How on earth does that make an app more secure. You are listening to urban rumours, like vista being the most secure os... Not sure what you mean by being man enough :-) Cowards hide behind their mother's skirt. You are trying to hide squid on the loopback, which is as flimsy a protection device as a skirt.
attention
Ho cambiato indirizzo!Puoi ora scrivermi a questo indirizzo: [EMAIL PROTECTED] Am a Togolaise banker.Can you recieve funds of a late client that bears your last name.Reply - Alex Dede
Re: spdmem: what does PC25100 mean?
Looks like PC- and PC2- will be a better form to display to prevent a confusion. - Alexey. On 10/9/07, Jonathan Gray [EMAIL PROTECTED] wrote: On Tue, Oct 09, 2007 at 12:26:28AM +0300, Alexey Suslikov wrote: Hello [EMAIL PROTECTED] spdmem0 at iic0 addr 0x52 DDR2 SDRAM non-parity PC25100CL5 CL5 is CAS latency I think, but what does PC25100 mean here? :) Thanks. It seems the code was incorrectly using PC2 as a prefix in the DDR2 case, I'll fix that later today.
Re: firewall is very slow, something's wrong
* Florin Andrei [EMAIL PROTECTED] [2007-10-05 03:55]: The hardware is AMD64, Tyan Transport, 2 CPUs 2 cores each. I am using the SMP kernel. The network card is Intel Pro/1000 PCI Express 4x dual gigabit port, it carries both em0 and em1. First, you want to run 4.2 or -current, that shoudl about double your throughput. then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... next, you don't want SMP for such tasks. take out the second CPU and give it to somebody who can use it, and run the uniprocessor kernel. last, increase net.inet.ip.ifq.maxlen until you see the congestion counter not increasing much any more under load. should not exceed 2500 by too much. as a rule of thumb, 256 per gigE interface aren't too far off. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: [Newbie] OpenBSD HTTP proxy
On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote: Siju George wrote: First of all proxy is used to control web access ( like URL filter ) for a certain group of people. There are others who connect through NAT and who can get better perfomance. Yes Squid degrades performances at some cases. Then there are websites that don't work well with squid. So in my case I have to work up a solution which is a mixture You need to learn more about squid, in particular the ACLs for different groups logged in users (try LDAP). I use ACLs thats why I am able to block portions of the web for certain users. ACLs don't improve perfomance in some cases simple NAT is much faster than taking it through squid. Yes I am on my way to LDAP integration. It was a tough road trying to learn and implement it :-) How on earth does that make an app more secure. You are listening to urban rumours, like vista being the most secure os... Not sure what you mean by being man enough :-) Cowards hide behind their mother's skirt. You are trying to hide squid on the loopback, which is as flimsy a protection device as a skirt. If you are running a firewall on OpenBSD with FTP proxy then it listens behind the mothers skirt :-) proxyftp-proxy 96953* internet stream tcp 0xd6b4a644 127.0.0.1:8021 and the man page says you should have the rule. rdr pass on $int_if proto tcp from $lan to any port 21 - \ 127.0.0.1 port 8021 pfSense developers changed listening squid to localhost and redirecting from the internal interface allowed traffic. Let us wait and see if somebody who is more knowledgeable than both of us is able to give a clear explanation :-) I think there is more to it than Urban Rumors :-) Kind Regards Siju
Re: [Newbie] OpenBSD HTTP proxy
Siju George wrote: If you are running a firewall on OpenBSD with FTP proxy then it listens behind the mothers skirt You haven't thought about what is going on here and that it is quite a different situation. Do you also run apache, named, dhcpd, sendmail, dovecot/courier, etc, etc only on the loopback? No? Why not? Because they use standard ports as listed in /etc/services proxyftp-proxy 96953* internet stream tcp 0xd6b4a644 127.0.0.1:8021 and the man page says you should have the rule. rdr pass on $int_if proto tcp from $lan to any port 21 - \ 127.0.0.1 port 8021 This redirects from a standard port to an unprivileged NON-STANDARD port, which many ftp clients would never use as a proxy. It makes it transparent to the client that they are using a proxy. As it is a non-standard port and clients will never connect to, it is run on the loopback. Does not make the daemon any more secure from buffer overflows, etc, etc as the same packets come into it. Squid listens on a high numbered unprivileged port by default, and runs as an unprivileged user. It is also easy to run chroot as well. 3128 is a commonly used web proxy port. pfSense developers changed listening squid to localhost and redirecting from the internal interface allowed traffic. Bully for them. Use WPAD as it is designed to auto config browsers, or inform your users how to manually use the proxy. What is the point of hiding a web proxy by transparency from users in a work environment? It is not their equipment, their time, and nor is it their place to complain about how you run the network.
Re: qlogic QLA4050C or QLA4052C
davec@ and I are working on this HBA. The driver is called qli. We could use a one board in Australia and a dual port board in the USA. On Wed, Feb 07, 2007 at 01:24:33PM +0100, Stephan A. Rickauer wrote: is there a developer who's interested in writing a driver for that product? It's an iSCSI Host Bus Adapter: http://www.qlogic.com/products/iscsi_products_hba.asp Our Institute would donate the required hardware and I will try to get Free Programming Documentation (though I am not too optimistic with qlogic). Please let me know off list. -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWeb www.ini.unizh.ch RSA public key: https://www.ini.uzh.ch/~stephan/pubkey.asc ---
Re: Thank you developers... 4.2 arrived in the mail today
Just arrived to Canberra Australia today!! I am kind of excited and made a little video showing its content: http://www.youtube.com/watch?v=B3NHTxq077Q 2007/10/8, Graeme Neilson [EMAIL PROTECTED]: I pre-ordered using the web form for international orders http://www.openbsd.org/orders.html with my new fangled credit card...;) On 10/8/07, Josh [EMAIL PROTECTED] wrote: How did you order yours? I am in NZ too... Is there a way to just transfer money via internet banking or something? Graeme Neilson wrote: Pre-order has made it all the way to New Zealand already - thanks to all. On 10/7/07, Peter N. M. Hansteen [EMAIL PROTECTED] wrote: One other data point - My preordered 4.2 set arrived here in Bergen, Norway today. Excellent artwork as usual, and great song :) Cheers, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation teamhttp://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: Cisco 3002 VPN client to OpenBSD?
On Fri, 2007-10-05 at 18:50 -0400, Rod Dorman wrote: On Friday, October 5, 2007, 15:14:41, Jeff Simmons wrote: On Friday 05 October 2007 01:17, Claer wrote: The Cisco client license forbids explicitely to connect to anything but Cisco Hardware. You could rip the ISA controller out of a Pix 525 and out a CF adapter in it. Genuine intel P3 w/ quad fxp(4). ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Web configure Firewall
On Tue, 2007-10-09 at 10:51 +0530, Siju George wrote: Anyone knows if there is a mailinglist for comixwall? I am facing a few issues with it :-( Anyone is welcome to e-mail me about issues: soner at comixwall.org However, the IP address of the project is from dynamic pool. Gmail and some other e-mail giants consider e-mails from such IPs as spam. Otherwise, I had promptly replied your previous web enquiry and many others' too. Please see the project web site for a news article about user questions. Maillist is mentioned in the same article too. (If you are experiencing failed login issues on the web interface, please see the same article.)
Re: [Newbie] OpenBSD HTTP proxy
On 10/9/07, Craig Skinner [EMAIL PROTECTED] wrote: You haven't thought about what is going on here and that it is quite a different situation. Do you also run apache, named, dhcpd, sendmail, dovecot/courier, etc, etc only on the loopback? No? Why not? Because they use standard ports as listed in /etc/services O.K I get it :-) pfSense developers changed listening squid to localhost and redirecting from the internal interface allowed traffic. Bully for them. hey love me tender, baby don't be cruel ;-) [ Dire Straits - Calling Elvis ] Use WPAD as it is designed to auto config browsers, or inform your users how to manually use the proxy. yes your mais was a good learning session for me. I never tried this will see now Thanks a lot once again :-) kind Regards Siju
Re: Thank you developers... 4.2 arrived in the mail today
On 05/10/2007, Chad M Stewart [EMAIL PROTECTED] wrote: My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY) and this has to be the earliest I've ever gotten mine. I hope that is more of an indication of my getting my order in early, than the number of CD orders being that low. Here in the UK we have postal strikes grinding the whole mail system to a halt (-p?). No chance of getting anything in the UK anytime soon. :( -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
looking some package
Dear all i looking this package : - clamav-0.9.1.1.tgz - smtp-gated-1.4.15.1.tgz - dansguardians-2.9.8.5.clamd.tgz -imspector-0.3.tgz -pmacct-0.11.4.tgz This package need for comixwall , i try using comix in i386 because the source is amd64 -- sonjaya http://sicute.blogspot.com
Re: Thank you developers... 4.2 arrived in the mail today
Le 9 oct. 07 ` 17:02, Edd Barrett a icrit : On 05/10/2007, Chad M Stewart [EMAIL PROTECTED] wrote: My 4.2 CDs and t-shirt arrived in the mail today (near Buffalo, NY) and this has to be the earliest I've ever gotten mine. I hope that is more of an indication of my getting my order in early, than the number of CD orders being that low. Here in the UK we have postal strikes grinding the whole mail system to a halt (-p?). No chance of getting anything in the UK anytime soon. :( Aren't all European orders sent by UPS? -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
Re: firewall is very slow, something's wrong
Henning Brauer wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. Then I will do some tests with 4.2 on gigabit-capable hardware. If anything noteworthy comes out, I'll post the results. Don't expect something too fancy, but I guess anything is better than nothing. How much RAM can the i386 kernel use on an amd64 machine? 4GB minus pci space Hmmm. Please correct me if I'm wrong: Let's say a firewall is connected to a pretty fast Internet pipe (in the gigabit range). Let's say there's a DDoS against this environment. In theory, the firewall would need lots of RAM so that it can deal with the incoming nasty packets, create an entry for each packet in the state table (don't know the correct name for it in OpenBSD, sorry), then expire it after a while. In theory, the firewall could be tweaked to expire unused states quickly, but still, more RAM is better when dealing with a DDoS. What's still not clear to me is how much RAM I should provision per 1Gb of bandwidth on OpenBSD, assuming there's an incoming worst-case-scenario DDoS, that consumes RAM (and other resources) on the firewall yet leaves some bandwidth open for legitimate traffic (so the firewall must be able to continue to let the good traffic pass through). Also assuming some tweaking has been done on the firewall to expire the bad stuff quickly without affecting legitimate traffic. But all that depends on the actual legitimate traffic and on the firewall rules. I guess that's another way of saying more tests are needed. :-/ If the SMP kernel does not actually hurt performance, I might have to use it. it does. seriously. locking is not free. Aw, damn. I was hoping that's not quite the case. Well, then hopefully the dynamic routing daemons won't get too greedy and DoS the firewall from within. :-) Or I may have to re-think the whole environment and forget the idea of doing any kind of dynamic routing on the firewall - from a security perspective, dynamic routing on the firewall sucks anyway. Looks like my performance test matrix just got bigger by a factor of 2x. :-/ But the bad combinations should get pruned pretty quickly, I guess. +-+---+---+ | \ | i386 | amd64 | +-+---+---+ | SMP | | | +-+---+---+ | UP | | | +-+---+---+ -- Florin Andrei http://florin.myip.org/
Re: Thank you developers... 4.2 arrived in the mail today
CD's turned up via UPS today here in the UK. Thanks Win! :) Sevan / Venture37 _ Celeb spotting Play CelebMashup and win cool prizes https://www.celebmashup.com
Re: Thank you developers... 4.2 arrived in the mail today
On Tue, 2007-10-09 at 22:04 +0100, Sevan / Venture37 wrote: CD's turned up via UPS today here in the UK. Is there a tracking number? I have not received the CDs yet (Italy). ciao Luca
Re: OpenBSD 4.2-current | ASUS P5VD2-X and E2140 problems
Le 8 oct. 07 ` 17:44, [EMAIL PROTECTED] a icrit : Hi guys, I ask at misc because I#m unsure if these problems are known. During reading the CHangelog I noticed the ALC883 Chip was added to Azalia. Well this Chip is at this Motherboard but I can't get it working. The BIOS supports to either set it into the HDA Mode or into the AC97 mode. neither works (wont even get displayed in the dmesg). A 3rd mode for Vista compatibility wa salso checked with no success. Except this OpenBSD 4.2-current (and so 4.2) does boot fine. I noticed just 2 further issues. 1. The Intel E2140 supports SpeedStep but it isn't ntoiced (even after activation in the BIOS). 2. SMP doesn#t work - I tried also twith ACPI-ENABLE I just wanna know: Is there a solution known for the last 2 things? Does somebody own the same Board (or familiar with VIA 890!). Single-Core works fine. I may would have the possibility to change the Board (to a MSI MSI P4M890M Rev 1.2). I need to replace a Desktop Board so the MSI would even provide integrated Grafic (wich is ok for this case). So are these things Board related (well the Crash in SMP mode propably isn't but the issue with the Soundchip may is) or maybe OpenBSD related? I have an Asrock motherboard with a VIA chipset (but not the same). If I want my azalia device to be detected, I need to go in the BIOS and change it's PCI bus from 0x80 to 0x2 (there is an option for this). Maybe your card has a similar setting? Here's a dmesg with a generic Kernel from install42.iso -- OpenBSD 4.2-current (GENERIC) #410: Fri Oct 5 22:31:12 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Genuine Intel(R) CPU 2140 @ 1.60GHz (GenuineIntel 686- class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- CPL,EST,TM2,CX16,xTPR real mem = 535261184 (510MB) avail mem = 509779968 (486MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/29/07, BIOS32 rev. 0 @ 0xf1d70, SMBIOS rev. 2.4 @ 0xf (52 entries) bios0: vendor Phoenix Technologies, LTD version ASUS P5VD2-X ACPI BIOS Revision 0501 date 06/29/2007 bios0: ASUSTeK Computer INC. P5VD2-X apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xdc94 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdad0/400 (23 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xd000 0xd/0x3000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA P4M890 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA P4M890 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA P4M890 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA P4M890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA P4M890 Host rev 0x00 VIA P4M890 IOAPIC rev 0x00 at pci0 dev 0 function 5 not configured pchb5 at pci0 dev 0 function 6 VIA P4M890 Security rev 0x00 pchb6 at pci0 dev 0 function 7 VIA P4M890 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 2 function 0 VIA P4M890 PCI-PCI rev 0x00 pci2 at ppb1 bus 2 vga1 at pci2 dev 0 function 0 ATI Radeon X300 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon X300 Sec rev 0x00 at pci2 dev 0 function 1 not configured ppb2 at pci0 dev 3 function 0 VIA P4M890 PCI-PCI rev 0x00 pci3 at ppb2 bus 3 jmb0 at pci3 dev 0 function 0 JMicron JMB363 IDE/SATA rev 0x02 ahci0 at jmb0: irq 11, AHCI 1.0 scsibus0 at ahci0: 32 targets pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 11 for native-PCI interrupt pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 15 function 0 VIA VT8237A SATA rev 0x80: DMA pciide1: using irq 11 for native-PCI interrupt pciide2 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x07: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide2 channel 0 drive 0: Maxtor 6Y120L0 wd0: 16-sector PIO, LBA, 117246MB, 240121728 sectors wd0(pciide2:0:0): using PIO mode 4, DMA mode 2 atapiscsi0 at pciide2 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: TSSTcorp, CD/DVDW SH-S162L, TS06 SCSI0 5/cdrom removable cd0(pciide2:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0xa0: irq 5 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0xa0: irq 5 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0xa0: irq 5 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0xa0: irq 5 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: VIA EHCI root hub, rev 2.00/1.00, addr 1 viapm0
Re: Thank you developers... 4.2 arrived in the mail today
Check this out - go the shipping notice **AND** the package today! Just in time to update a new server before going online. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net
Re: Thank you developers... 4.2 arrived in the mail today
Is there a tracking number? I have not received the CDs yet (Italy). ciao Luca When your item is shipped you will receive a tracking number _ 100s of Music vouchers to be won with MSN Music https://www.musicmashup.co.uk
requesting help in building xenocara
Hi. I am running CURRENT on a development server and I have some questions about building the X portion of a release. First, normally I don't need Xorg but I regularly use a package that needs the xbase install set. So before I used to build X using the XF4 sources. I then heard that xenocara is replacing XF4 so I am trying to build, and eventually make the sets (which ones will come out I do not know), but my system is bombing out. I am following the release man page. My xenocara sources ended up in /usr/xenocara after a cvsup operation (how do I get them in /usr/src/xenocara while also updating other sources and ports?). Anyway, according to that man page all I need to do is have XSRCDIR set to /usr/xenocara inside /etc/mk.conf. So I'm not sure if I'm on the right track in building xenocara and also why I cannot build it: make: don't know how to make obj. Stop in /usr/xenocara/proto/bigreqsproto. make: no target to make. Thank you in advance, // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
The Name: UNIX
Hi all... In response to the recent easter egg in 4.2's song, I asked about some possible meaning behind the 11 1010101 bit and only ended up more confused as a result of what one individual provided in their replies. Could anybody enlighten me on proper UNIX association... here are the messages... In response to theraven's speculation over the song at: http://slashdot.org/~TheRaven64/journal/184027 me: Perhaps: Regarding ...these are ! and U... As in not equal to proprietary (UNIX vs unix/unix-like) Or in other words, free theraven: Could be, but considering the fact that GNU's Not UNIX, and the song is fairly anti-GNU in places, I'd guess not. Especially since OpenBSD is UNIX, it just isn't UNIX(TM). me: Okay... I didn't know OpenBSD was UNIX. I thought OpenBSD was Unix; and that UNIX was a registered trademark of The Open Group, with systems like UNIX 98 and UNIX 03. My bad. The GNU's Not Unix GNU bit makes sense, though I was simply referring to the difference between $ and free. I was under the impression that UNIX regarded $ and Unix = free. Oh well, no biggy. :-p theraven: UNIX was an operating system released by ATT in the late '70s. Some guys at Berkeley added a load of stuff to it, and called their version the Berkeley Software Distribution (BSD). Since it was based on the ATT code, you needed a license from ATT to use it. They gradually replaced the ATT code with their own, and in 4.2BSD-lite, there was no ATT code, allowing the whole system to be distributed for free (and Free). OpenBSD is based on 4.2BSD-lite, and so contains no original UNIX code, but can trace its evolution back to the original UNIX. The Open Group owns the UNIX trademark (although they are very careful not to test it in court, where it would probably be determined to be a generic term and not subject to trademarks). They can say that something is UNIX(tm) or not; all you have to do is pass a conformance test and pay them a large heap of money. OpenBSD is derived from the original UNIX sources, but has not passed this conformance testing and paid TOG a heap of money, so it is not UNIX(tm). The alternate capitalisation, Unix, is not very common. A few proprietary UNIXes used it, but none of the well-known ones. For a bit more history, take a look at the UNIX timeline [levenez.com]. That's it... now at this point I just give up (when someone refers me to that UNIX timeline, which I've seen and read before and honestly that page doesn't answer my question, so their responses really didn't help any at all.) I'm positive my original guess is wrong (how !U is not propietary) but that's not the point anymore... it's this: Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? I didn't need theraven giving me some preschool explanation UNIX was an operating system released by ATT in the late '70s..eventually BSD-lite (etc.), I was looking for a simple and direct response - hopeful for explanation *directly related* to that direct response - not a history lesson. I've studied the history of UNIX and unix-like branches, at least on a basic level, this is simply a question of one specific system (OpenBSD) and proper use of terminology (aka UNIX the trademark, all caps, title), not a question of generic history of the system concept in such an over-generalized and poorly explained fashion as what theraven provided. Thank you for you help in clearing me of my confuzzlement! Sean P.S.- Someone please tell me theraven's, The alternate capitalisation, Unix, is not very common. is incorrect! I see Unix EVERY day, regardless of if propietary or free. Their statement, or claim, in that quote is starting to get into ridiculous speculations as pertaining to general usage of terms in everyday English language and falling off topic of what it is *specifically* in reference to. If I'm wrong in the Unix bit, oh well - no biggy - but still am confused about OpenBSD = UNIX or Unix or Unix-like or unix-like or unix or ham sandwich on rye. Thanks! -- Public Key: http://mpec.net/gsd.asc
Re: The Name: UNIX
On 10/9/07, Sean Darby [EMAIL PROTECTED] wrote: Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? does it matter?
Re: The Name: UNIX
Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.) You are the first person I've seen to makes a distinction between unix, Unix, and UNIX and imply that the distinction has any meaning. // marc
Re: The Name: UNIX
Sean Darby wrote: me: Okay... I didn't know OpenBSD was UNIX. I thought OpenBSD was Unix; and that UNIX was a registered trademark of The Open Group, with systems like UNIX 98 and UNIX 03. My bad. The GNU's Not Unix GNU bit makes sense, though I was simply referring to the difference between $ and free. I was under the impression that UNIX regarded $ and Unix = free. Oh well, no biggy. :-p I don't believe U.S. trademark law cares much about capitalization of word marks. Unix, UNIX, unix -- all covered by the same registration. (This is distinct from registering logos which happen to incorporate your word mark, where case, font, and color tend to matter.) After all, the whole point to registering a trademark is to put the world on notice that you don't want other parties using marks that might be confused with yours in commerce. You've just proven that Unix gets confused with UNIX. ;-) See http://tess2.uspto.gov/bin/gate.exe?f=tessstate=95mrtn.1.1 to look UNIX up for yourself. YMMV in other countries and I not be a lawyer. --Jon Radel [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
[side thread] security implcations of multiple kernel threads?
On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. How much RAM can the i386 kernel use on an amd64 machine? 4GB minus pci space next, you don't want SMP for such tasks. take out the second CPU and give it to somebody who can use it, and run the uniprocessor kernel. So, assuming the box is a pure firewall / static router (so just pf and static routes), even with multiple interfaces, all those tasks run in a single kernel thread? yup Why is this? Is there a security reason why the kernel is single-thread; is it OBSD resource limitations (no developer time, no hardware, etc); is it not enough interest yet? With interface speeds and bus bandwidth going up, how many interfaces is it possible to handle at full interface bandwidth on the fastest UP CPU and how much memory does that take? If you need more performance, do you build multiple boxes and CARP them? Virtualization to run multiple OBSDs, each on its own core (ignoring security issues of virtualization; crack one client is no worse than having a single OBSD running all interfaces getting cracked). Or do you start assembling a big box with muliple MBs each with a UP hooked up to a pair of drives, all co-located in one box with dual/triple/quad redudant PSUs? Not that I'm personally in need of the technology; I'm the one trying to keep a 486 patched on dialup. I'm just interested. Doug.
Re: The Name: UNIX
On Tue, Oct 09, 2007 at 04:50:10PM -0500, Sean Darby wrote: In response to the recent easter egg in 4.2's song, I asked about some possible meaning behind the 11 1010101 bit and only ended up more confused as a result of what one individual provided in their replies. Could anybody enlighten me on proper UNIX association... here are the messages... I was looking for a simple and direct response - hopeful for explanation *directly related* to that direct response - not a history lesson. I've studied the history of UNIX and unix-like branches, at least on a basic level, this is simply a question of one specific system (OpenBSD) and proper use of terminology (aka UNIX the trademark, all caps, title), not a question of generic history of the system concept in such an over-generalized and poorly explained fashion as what theraven provided. If I'm wrong in the Unix bit, oh well - no biggy - but still am confused about OpenBSD = UNIX or Unix or Unix-like or unix-like or unix or ham sandwich on rye. You've got all the information you need to determine how _you_ will refer to OpenBSD. The commercial UNIX(tm) offerings incorporate(d) a heck of a lot of BSD code in order to do any networking. That's OK, the licence allows that (they may have since redone all the code, making UNIX(tm) a BSD-Like OS). I don't see any historical reference to the origional BSD people calling their release BSD UNIX but just the BSD. IIRC, they were contracted by DARPA to take UNIX and add networking, which they did and called it BSD. Since the lawsuite, people have taken to calling BSD UNIX. During that lawsuit, when the future of BSD was up-in-the air, Linus needed a UNIX-like OS to run on his 386. He couldn't run the BSD kernel legally and so he wrote a kernel from scratch that mimicked the functionality of UNIX/BSD but without using any contested code. If it wasn't for that lawsuit, there probably wouldn't be a Linux but he probably would have used one of the BSDs. I'll give you an analogy that isn't automobiles but isn't UNIX either. Radio Shack in Canada. Tandy is a US company that, among other things, runs consumer electronics (and gadget parts) stores in the US and licenced the name to Radio Shack Canada. They later pulled their license on some of the store-brand products, so that Realistic radios had to be named something else ASAP (they chose GeneXa or something targeted to Generation Xers). A few years later, they pulled the licence to the Radio Shack name itself, so now we have The Source, by Circuit City. Circuit city being another comsumer electronics chain with no store-brand or CIP (Crap in Plastic; Computerized Inventory Program). But everyone calls the store Radio Shack. So is The Source = Radioshack? It is a direct decendant but it can't legally call itself Radioshack. So is OpenBSD = UNIX? It is a direct decendant but it can't legally call itself UNIX; and calling itself UNIX would be seen (IMHO) as a branding issue infringing on Trade Mark. I don't know why people care (other than residual hurt over the lawsuit). OpenBSD has a fine reputation and good name for itself on its own right. I just with that there was a lot less chest-thumping about which was the best OS. Each of the BSDs, each of the UNIXs, each of the Linux distributions has its strengths and weaknesses, its target market and the range of things that it can do better than the others (depending on how you define better). It would greatly help everyone if the leaders of the three BSDs, the many UNIXes, Linus, and the leaders of the major linux distros could work collaboratively on a Wikipedia page dedicated to helping people make an informed decision. However, competition (economic, resouce, prestigue, whatever) rears its ugly head. Sorry for the long reply, but your question is not simple to answer. I also don't think, despite the long reply, that it needs a definitive answer. How I answer it is this. When someone asks me about windows who I know knows nothing about computers, I say I don't know because I run Unix (there I go with the lower case). UNIX has been around forever and many non-computer people have heard of it. If the conversation continues then I clarify as to what UNIX-like OSs I use (OpenBSD and Debian GNU/Linux). If I'm asked on what I blow my nose, I'll say Kleenex. If the conversation continues (why would it), I'll ask what brand of Kleenex they use. Doug.
Re: [side thread] security implcations of multiple kernel threads?
On Tue, 9 Oct 2007, Douglas A. Tutty wrote: On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: next, you don't want SMP for such tasks. take out the second CPU and give it to somebody who can use it, and run the uniprocessor kernel. So, assuming the box is a pure firewall / static router (so just pf and static routes), even with multiple interfaces, all those tasks run in a single kernel thread? yup Why is this? Is there a security reason why the kernel is single-thread; is it OBSD resource limitations (no developer time, no hardware, etc); is it not enough interest yet? I'm not an OpenBSD developer, but I'd bet that the reason is that BSD was originally written single-threaded (both because that's much easier than multi-threaded and because multi-cpy systems were rare back then) and has not [yet] been changed because changing to a multi-threaded kernel requires a lot of very finicky work (with innumerable opportunities to introduce very subtle bugs). Dave -- Dave Anderson [EMAIL PROTECTED]
Just Received my Package
Wow, I am impressed this time around. Even though there seems to be less breadth in this particular case, I really like the quality. The whole package feels really solid, and the stickers seem nicer than previously. Additionally, I like the new printing on the booklet compared to what was in the older stuff. :-) Great Job, guys. I ordered two, btw, one to give away to people who are too lazy to download it to try it out. Maybe I can spread some of the OpenBSD cheer this Christmas! -- ((name Aaron Hsu) (email/xmpp [EMAIL PROTECTED]) (phone 703-597-7656) (site http://www.aaronhsu.com;)) [demime 1.01d removed an attachment of type application/pgp-signature]