Re: [side thread] security implcations of multiple kernel threads?
Douglas A. Tutty wrote: Why is this? Is there a security reason why the kernel is single-thread; is it OBSD resource limitations (no developer time, no hardware, etc); is it not enough interest yet? With interface speeds and bus bandwidth going up, how many interfaces is it possible to handle at full interface bandwidth on the fastest UP CPU and how much memory does that take? Even more offtopic - on Linux I saw there's a kernel thread for each interface. Interestingly, while routing 1 Gbps of traffic through the system (just a single download of a huge file over HTTP), on Linux kernel 2.6.18 both kernel threads are at 35% CPU usage, while on OpenBSD 4.1 the single kernel thread is at 70...80%. Maybe a coincidence, maybe the numbers don't usually translate linearly like that, I don't know. I like pf, it's a really clever firewall, that's why I'll keep testing with 4.2 -- Florin Andrei http://florin.myip.org/
Call for Papers AsiaBSDCon 2008
Hi, http://2008.asiabsdcon.org/ Could somebody publish this in Undeadly too please? Thank you so much Kind Regards Siju
Re: Call for Papers AsiaBSDCon 2008
On Wed, Oct 10, 2007 at 12:04:05PM +0530, Siju George wrote: http://2008.asiabsdcon.org/ Could somebody publish this in Undeadly too please? Siju: http://undeadly.org/cgi?action=submit -ME
Re: Call for Papers AsiaBSDCon 2008
On 10/10/07, Mike Erdely [EMAIL PROTECTED] wrote: On Wed, Oct 10, 2007 at 12:04:05PM +0530, Siju George wrote: http://2008.asiabsdcon.org/ Could somebody publish this in Undeadly too please? Siju: http://undeadly.org/cgi?action=submit Thanks Mike Done :-) --Siju
Re: How can I install 4 OS'es on one disk?
Dag Richards wrote: Blasphemy Seems to me that the simplest and most flexible way to do this is to install Linux or Windows as your host OS and use VMware. I do that on my MacBook Pro running OS X, and run OBSD, Linux, and Solaris as guest OSes. Works great, and I can have all of them up at the same time, and network between them. \Blasphemy Depends on why you want multiple OS's. I write and maintain drivers. VMware or any other virtualization is not an option. -- Dave Lynch DLA Systems Software Development:Embedded Linux 717.627.3770 [EMAIL PROTECTED] http://www.dlasys.net fax: 1.253.369.9244Cell: 1.717.587.7774 Over 25 years' experience in platforms, languages, and technologies too numerous to list. Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction. Albert Einstein
Re: firewall is very slow, something's wrong
* Florin Andrei [EMAIL PROTECTED] [2007-10-09 22:54]: Henning Brauer wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. Then I will do some tests with 4.2 on gigabit-capable hardware. If anything noteworthy comes out, I'll post the results. Don't expect something too fancy, but I guess anything is better than nothing. How much RAM can the i386 kernel use on an amd64 machine? 4GB minus pci space Hmmm. Please correct me if I'm wrong: Let's say a firewall is connected to a pretty fast Internet pipe (in the gigabit range). Let's say there's a DDoS against this environment. In theory, the firewall would need lots of RAM so that it can deal with the incoming nasty packets, create an entry for each packet in the state table (don't know the correct name for it in OpenBSD, sorry), then expire it after a while. In theory, the firewall could be tweaked to expire unused states quickly, but still, more RAM is better when dealing with a DDoS. nope. the kernel will not ever use more than 1 GB (or were it 768MB? memory fuzzy). more than 1 GB of memory on a firewall even hurts.ok, not much. but a bit. What's still not clear to me is how much RAM I should provision per 1Gb of bandwidth on OpenBSD, assuming there's an incoming worst-case-scenario DDoS, that consumes RAM (and other resources) on the firewall yet leaves some bandwidth open for legitimate traffic (so the firewall must be able to continue to let the good traffic pass through). Also assuming some tweaking has been done on the firewall to expire the bad stuff quickly without affecting legitimate traffic. RAM is not your concern on a firewall. If the SMP kernel does not actually hurt performance, I might have to use it. it does. seriously. locking is not free. Aw, damn. I was hoping that's not quite the case. Well, then hopefully the dynamic routing daemons won't get too greedy and DoS the firewall from within. :-) no, they won't. they only get the cpu cycles not required for packet forwarding (well, interrupts + softint handling really) anyway. Or I may have to re-think the whole environment and forget the idea of doing any kind of dynamic routing on the firewall - from a security perspective, dynamic routing on the firewall sucks anyway. no, not really, not if done right. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: The Name: UNIX
On Tue, 2007-10-09 at 16:29 -0700, Ted Unangst wrote: On 10/9/07, Sean Darby [EMAIL PROTECTED] wrote: Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? does it matter? It does! UNIX *is* case sensitive! ;) ciao Luca
Re: Thank you developers... 4.2 arrived in the mail today
On 09/10/2007, Pierre Riteau [EMAIL PROTECTED] wrote: Aren't all European orders sent by UPS? Apparently so. CD set arrived yesterday! A pleasant surprise. Thanks to all involved. Another superb quality release of OpenBSD. -- Best Regards Edd --- http://students.dec.bournemouth.ac.uk/ebarrett
OpenBSD XSS ;)
It's a kind of useless and funny XSS... in OpenBSD ;) http://www.toxahost.ru/images/funny/obsd_xss.JPG
Multi booting OpenBSD and OpenBSD and
I have seen plenty of QA about multibooting OpenBSD and Windows/Linux/whatever and although I did a lot of that stuff way back, I generally don't need it in the days of almost zero cost PC that are plenty good enough to run OpenBSD. So why this question? Well I was blessed by a client who had some troubles with a fairly recent grunty Intel mobo and donated it with its RAM to me for past favours. I figured it would make a pretty nice build machine, tossed a 160G SATA in and voila! Then (the devil made me do it!) I thought: Why not four OpenBSDs as in Release, Release minus one, current and some experimental stuff. Just multiboot to whichever and away. Pretty soon the Release would be stable for latest and one back etc. I know that something like GAG would handle the boots but how would I slice and dice the drive? I managed to play with fdisk and set up partition 3 with about 40G at the end of the disk and use the b command in disklabel to describe the disk and whacked in a bunch of filesystems. Pretty standard install - booted and ran just file. Then I fdisked again to do partition 0, easy. Even remembered the 63 offset. BUT (and I can see Nick Holland smiling here) when I get to the disklabel phase and use b to describe the disk, I still end up with all those other partitions visible. I don't want to cream the first install unnecessarily so I'm here to be told. Is it at all possible? If so what is the trick? I did flag the new MBR entry as active and I can't see anything in the docs that contemplates this kind of set-up. If there is an answer at Mother Google's I cannot construct a smart enough query to not be drowned in all the OpenBSD and some other OS questions. Anybody successful at this task? Thanx, Rod/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: The Name: UNIX
On 10/9/07, Sean Darby [EMAIL PROTECTED] wrote: Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? my mother recently called it that Unisex thing you like, though am not sure of the capitalization :) mike
Re: Multi booting OpenBSD and OpenBSD and
On Wed, Oct 10, 2007 at 09:37:55PM +1000, RW wrote: | Is it at all possible? If so what is the trick? I did flag the new | MBR entry as active and I can't see anything in the docs that | contemplates this kind of set-up. | | If there is an answer at Mother Google's I cannot construct a smart | enough query to not be drowned in all the OpenBSD and some other OS | questions. | | Anybody successful at this task? I did something somewhat similar but I cheated from your point of view. Using two disks this is trivial. I installed wd0 (now sd0, thanks to dlg/ahci ;) with an amd64 snapshot and partitioned the second drive in preparation for an i386 snapshot. Now on the bootprompt, I can simply choose to boot hd0a:/bsd.mp or hd1a:/bsd.mp. By fidgetting with boot.conf(8), you can make either boot by default, or not boot anything by default (always wait for the user to type something at the prompt). Since the i386 and amd64 bootloaders support loading eachothers kernel these days, this works great ! So, my suggestion for your case would be to simple add a (small/cheap) drive per install. As long as the BIOS knows about the drive, you can boot OpenBSD from it. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: firewall is very slow, something's wrong
On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. I thought by running an amd64 kernel will get me twice the speed than an i386 on an amd64 machine since one is 64 bit processing and the other is just 32 bit :-( How about on sparc64 systems? do you get thwice the speed compared to its 32 bit counterpart? Thank you so much Kind Regards Siju
Re: firewall is very slow, something's wrong
* Siju George [EMAIL PROTECTED] [2007-10-10 15:10]: On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. I thought by running an amd64 kernel will get me twice the speed than an i386 on an amd64 machine since one is 64 bit processing and the other is just 32 bit :-( so you think a 20 ton truck is twice as fast as a 10 ton truck? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Multi booting OpenBSD and OpenBSD and
Hey Rod, Anybody successful at this task? Somewhat OT, but I used a different approach, as I had enough IDE disks lying around. I got myself an external USB enclosure with swappable HDD brackets. Then, of course, the POS device broke, but that's not the point I am trying to get across... :-) HTH... Nico
OpenBSD is loosing cd and tshirt sales
The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. Please i need someone at the Cshop reply to my emails ASAP. I am trying to buy the OpenBSD CD for over six months now. Noone answered my emails when 4.1 was released, and now i do not want to miss 4.2 . I also want to buy some tshirts. Please someone at the Cshop reply please. Openbsd Project is loosing money by not selling CDs that could and should be sold to people who are willing to buy them. I am copying to misc@ also in order to get a faster response, maybe someone can assist the people at the Cshop so they can sell properly. Or maybe someone else should be in charge of selling internationally. Thanks Marcos - Original Message - From: Marcos Laufer [EMAIL PROTECTED] To: OpenBSD Orders [EMAIL PROTECTED] Sent: Wednesday, September 26, 2007 11:32 PM Subject: Fw: openbsd order Josiah, I never got a response, but yes please i want to place an order, i thought that you weren't responding because you were unable to send to Argentina, but if you can , i want to preorder 4.2 cd and the Number 23 t-shirt (wire frame puffy) , and the The Sushi Fugu Shirt , both on medium size, how much would it be? I want to pay with paypal. Thanks ! Marcos Laufer - Original Message - From: OpenBSD Orders [EMAIL PROTECTED] To: Marcos Laufer [EMAIL PROTECTED] Sent: Thursday, September 13, 2007 7:37 PM Subject: Re: openbsd order Hello Marcos, We are going through some old emails and I found your message below. Did you ever get a response? If you are still interested in the items, please email: [EMAIL PROTECTED] Thanks! Josiah J. OpenBSD Shipping Department On Tue, 13 Mar 2007, Marcos Laufer wrote: Hi there, I'd like to buy the pre-order of OpenBSD 4.1 and the Number 23 T-Shirt. Please inform me of the full cost with shipment to Argentina . I also would like to pay with PayPal Regards, Marcos Laufer Marcos Laufer - IPversion4.com * [EMAIL PROTECTED] http://www.ipversion4.com ( 0800-444-HOSTING Rodriguez Peqa 468 1 C
Re: firewall is very slow, something's wrong
Henning Brauer [EMAIL PROTECTED] writes: so you think a 20 ton truck is twice as fast as a 10 ton truck? horizontal or vertical motion? assuming a perfectly spherical truck? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD is loosing cd and tshirt sales
On Wed, 10 Oct 2007, Marcos Laufer wrote: The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. If you had placed an order instead of complaining about it, you would have your gear already, like the rest of us. Our 4.2 was actually received the same day as the order confirmation - talk about efficiency! Lee
Transparent Firewall with NAT
Hello everybody, I work on BSD 4.1, with i386 hardware. I'm searching a way to enable a transparent firewall (without ip adress), probably in bridge mode.., with a capability of NAT. I know the interest is not evident to nat some computers on the same IP lan, but it's for a client, so! It seems that PF doesn't have this capability. Perhaps, it could be possible with an another package ? Thank's for your comments... Cidric.
Re: firewall is very slow, something's wrong
Siju George wrote: I thought by running an amd64 kernel will get me twice the speed than an i386 on an amd64 machine since one is 64 bit processing and the other is just 32 bit :-( 64 bit processors (combined with 64 bit capable operating systems) have the ability to address more RAM than 32 bit processors because 64^2 is a much larger number than 32^2... lots more RAM addresses). This does not speed things up, though, until you run out of RAM, and start having to access the swapfile. The processor's speed... MHz, GHz, etc., will determine how fast the processor itself can process instructions. -- -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ .
Re: firewall is very slow, something's wrong
On Wed, Oct 10, 2007 at 09:24:25AM -0500, Robert C Wittig wrote: | Siju George wrote: | | I thought by running an amd64 kernel will get me twice the speed than | an i386 on an amd64 machine since one is 64 bit processing and the | other is just 32 bit :-( | | | 64 bit processors (combined with 64 bit capable operating systems) have | the ability to address more RAM than 32 bit processors because 64^2 is a | much larger number than 32^2... lots more RAM addresses). | | This does not speed things up, though, until you run out of RAM, and | start having to access the swapfile. | | The processor's speed... MHz, GHz, etc., will determine how fast the | processor itself can process instructions. Depending on your software, 64 bit processors can be quite a bit faster. If you're dealing with 64bit integers, using 64bit registers, etc., a lower clocked 64bit CPU might be faster than a 32bit CPU clocking at a higher rate. In short: There is no short answer. It depends on what you're doing. From what Henning tells us (and what sounds logical to me), grabbing a ethernet frame from a NIC and putting it on another NIC doesn't really change much from 32bit to 64bit. Your compiler also comes into play. If that is more tuned towards a certain 32bit architecture (such as i386) than a certain 64bit arch (because it's less populair, such as sparc64 or hppa64 or mips64), this will impact your performance quite a bit. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: firewall is very slow, something's wrong
Robert C Wittig wrote: 64 bit processors (combined with 64 bit capable operating systems) have the ability to address more RAM than 32 bit processors because 64^2 is a much larger number than 32^2... lots more RAM addresses). The increase from 2^32 to 2^64 is even more impressive. ;-) --Jon Radel [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: Transparent Firewall with NAT
On Wed, 10 Oct 2007, Cidric THIBAULT wrote: I'm searching a way to enable a transparent firewall (without ip adress), probably in bridge mode.., with a capability of NAT. I know the interest is Hum... bridge and NAT aren't working at the same level. I think you'd need to set an @ip address and enable forwarding for this to work. But then of course, it won't be a transparent bridge anymore. Or you could use 2 different boxen, one for bridge, and one for nat. Or maybe I'm just talking bull... I'm no bridge guru. -- Antoine
Re: OpenBSD is loosing cd and tshirt sales
I want to place an order but i need to pay with paypal. In order to pay with paypal i need to get in touch with someone at the Cshop . This are sales OpenBSD is missing, i know a few other people who also would buy cd's and t-shirts if they could pay with their paypal accounts - Original Message - From: L. V. Lammert [EMAIL PROTECTED] To: Marcos Laufer [EMAIL PROTECTED] Cc: OpenBSD Orders [EMAIL PROTECTED]; [EMAIL PROTECTED]; misc@openbsd.org Sent: Wednesday, October 10, 2007 11:37 AM Subject: Re: OpenBSD is loosing cd and tshirt sales On Wed, 10 Oct 2007, Marcos Laufer wrote: The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. If you had placed an order instead of complaining about it, you would have your gear already, like the rest of us. Our 4.2 was actually received the same day as the order confirmation - talk about efficiency! Lee
Re: firewall is very slow, something's wrong
Robert C Wittig wrote: Siju George wrote: I thought by running an amd64 kernel will get me twice the speed than an i386 on an amd64 machine since one is 64 bit processing and the other is just 32 bit :-( 64 bit processors (combined with 64 bit capable operating systems) have the ability to address more RAM than 32 bit processors because 64^2 is a much larger number than 32^2... lots more RAM addresses). Actually 2^64 vs 2^32 (64^2 is 2^7, 64 is 2^6, 32 is 2^5) Other things equal, 64-bit should take twice as long because it takes 64 bits to do anything instead of 32 bits. Not really that simple, because accessing 32 bits can involve 1) accessing the 64 bits that the 32 bits are in. 2) selecting the appropriate 32 bits of the 64 bits. This does not speed things up, though, until you run out of RAM, and start having to access the swapfile. The 64-bits does affect how big the swap file can be without resorting to Rube Goldberg contraptions to identify what is what. The processor's speed... MHz, GHz, etc., will determine how fast the processor itself can process instructions. -- -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ .
Re: firewall is very slow, something's wrong
On 10/10/07, Henning Brauer [EMAIL PROTECTED] wrote: * Siju George [EMAIL PROTECTED] [2007-10-10 15:10]: On 10/9/07, Henning Brauer [EMAIL PROTECTED] wrote: * Florin Andrei [EMAIL PROTECTED] [2007-10-09 19:34]: then, an i386 kernel should perform considerably better than amd64 for firewalling/routing/... That is surprising. What is the reason? we dunno really. it hasn't been benched in sometimesoit might not even be true nay more, but last time the difference was dramatic. I thought by running an amd64 kernel will get me twice the speed than an i386 on an amd64 machine since one is 64 bit processing and the other is just 32 bit :-( so you think a 20 ton truck is twice as fast as a 10 ton truck? O.K I get it :-) So when does changing from 32 bit to a 64-bit processor actually help? Kind Regards Siju
Re: OpenBSD is loosing cd and tshirt sales
Not entirely true. I've been checking the USPS Track Confirm website each day since October 2 when I got my tracking confirmation via email. Until today the USPS had no record of my shipment. Finally I have a response: Your item was accepted at 4:31 PM on October 9, 2007 in SWEET GRASS, MT 59484. Information, if available, is updated every evening. Please check again later. So, even though locales as far away as New Zealand (probably farther than Argentina from Calgary) are already applying their new stickers to their servers I'm still waiting here in Kentucky, USA (1660 miles from Calgary). I pre-ordered on 09/11/2007. :-) On 10/10/07, L. V. Lammert [EMAIL PROTECTED] wrote: On Wed, 10 Oct 2007, Marcos Laufer wrote: The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. If you had placed an order instead of complaining about it, you would have your gear already, like the rest of us. Our 4.2 was actually received the same day as the order confirmation - talk about efficiency! Lee
Re: Transparent Firewall with NAT
From: Cedric THIBAULT Hello everybody, I work on BSD 4.1, with i386 hardware. I'm searching a way to enable a transparent firewall (without ip adress), probably in bridge mode.., with a capability of NAT. I know the interest is not evident to nat some computers on the same IP lan, but it's for a client, so! It seems that PF doesn't have this capability. Perhaps, it could be possible with an another package ? Thank's for your comments... Cidric. I am not sure you understand what NAT is. When you use NAT to allow a system on one network to access another network, the traffic is NATted to the IP of the box doing the NAT. In the case of a firewall like device, the traffic would be given the IP address of the outer interface of the firewall. inside box (1) firewall/bridge doing nat (2)- Internet etc. (1) network traffic leaves the inside box, it has the source IP of the inside box. (2) The network traffic is NATted by the firewall, when it leaves the outer interface of the firewall it now has the source IP address of the outer interface of the firewall. Any return traffic would simply take the same steps in reverse. If the firewall/bridge does not have any IP addresses, there is no way that NAT can occur, It has no IP address to change the source IP to. If I have this wrong somehow, please let me know. s
Re: firewall is very slow, something's wrong
And is it in a vacuum? Peter N. M. Hansteen wrote: Henning Brauer [EMAIL PROTECTED] writes: so you think a 20 ton truck is twice as fast as a 10 ton truck? horizontal or vertical motion? assuming a perfectly spherical truck?
Re: The Name: UNIX
Is OpenBSD UNIX, Unix, unix, unix-like, or ham sandwich on rye? ECHO Echo echo (echo-like)... In response to that, one person answered the question with a question. Does it matter? If answering a question with a question, it'd help to provide a thought-provoking (worthwhile) question in response. One could say, yes, of course it matters; or, it doesn't matter at all. To each there's a solid argument or counter, but does it matter? is a bit dry if you're going to just leave it at that. Reflect on it, please, else don't bother responding. I'm surprised that someone else found my question on UNIX and unix-like/etc. terminology disambiguation to be the first they've heard of it. The only distinction I refer to is that of UNIX and everything else (which includes, but is not limited to, terms like unix-like). Jon R.'s reply, including the tess2.uspto.gov link, was very helpful. I wasn't aware of U.S. Trademark law details and that was basically what my curiosity all narrowed down to. I suppose there is a truth in any potential confusion between Unix (etc.) and UNIX not being a concern of one random person (me) on this planet but others as well. In truth, it doesn't matter. In truth, it does matter. It's how each person chooses to see it. Right? Hmm... Well, the however bit is: it's also how the creators of one particular OS see it, and in this case - my question regards OpenBSD creator's thoughts. I would appreciate hearing from Theo de Raadt (albeit this is a trivial topic) his take on this subject. UNIX or unix-like or simply Unix (etc., it goes on), or just, I don't give a shit, just call it what you want, as long as you call it OpenBSD... That's my take on it, personally - so long as we give the respect of BSD and of course *Open*BSD. All of this play on names can be exhausting but we have to remember that there is a lot of meaning behind a name and potentially a lot of power in something so simple as just a name. I found Doug T.'s reply most helpful (thank you Doug)... Jon R.'s reply was very helpful too, I appreciate it. My intent was to seek enlightenment on proper UNIX association. Taking something like the name of a system like this and trying to narrow down an explanation, put in significant rhyme and reason behind it, and compress it down to a brief or concise message is, perhaps, nigh impossible. The explanation provided was quite helpful - notably the reference to RadioShack. The best answer I've seen, yet, was in Doug's mention of OpenBSD and UNIX: a direct descendant but it can't legally call itself UNIX; and calling itself UNIX would be seen (IMHO) as a branding issue infringing on Trade Mark. So are all the users going to call it this or that? Who cares right? Well, somebody cares. ;) Me? I don't lol... I'm simply curious as to some disambiguation between the two (UNIX and unix-like/etc.). I suppose the people that might really care would be those who have directly and personally experienced the side-effects of the lawsuit(s). I don't know (I don't care, simply because any such lawsuit has not directly altered my perspective), I'm just curious to know and to learn about these things. ;) Regarding the comment on chest-thumping over the best OS... I completely agree. If not for the ugly competition amongst the different systems, perhaps the leaders of the systems would have the capacity (or heart) to work together, even to a minimal degree, with a collaborative effort towards producing a non-prejudiced presentation looking at each system/service and how an end-user might put use to it. We know there's a blatant counter-argument, though despite it not being worth their time it would certainly be worth the time of the end-user to see the results of such a presentation. Take 4.2's cover art - the race of OSs - OpenBSD appears to be the tortoise/turtle rather than the hare/rabbit. Slow but steady wins the race. It seems to me like OpenBSD isn't even in the race but, rather, is taking Frost's road less traveled while the other systems get all finangled in a rat race. That's where you begin to see qualitative difference between what might be UNIX and unix-like - in one perspective - if bothering with looking at it in some way beyond just a name. It's clearly not just a name, and yet a distinction can be made by just that... the name. Use a Kleenex or a tissue, as long as it gets the job done, right? :) Or as long as you're happy with it. I use OpenBSD. I say it's Unix. I'm happy with it. Though that's not all that matters... being informed of disambiguations in something so supposedly trivial as proper titles is enlightening even if only to a small extent. Thank you for enlightening me :-p (to those who kindly provide it). The rude prigs, well, they can go on with their antics, in the mean time others will be considering how even the simple things in life can be fulfilling. -Sean -- Public Key: http://mpec.net/gsd.asc
Re: The Name: UNIX
Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? my mother recently called it that Unisex thing you like, though am not sure of the capitalization :) mike I like that explanation best. :) -- Public Key: http://mpec.net/gsd.asc
Re: Transparent Firewall with NAT
2007/10/10, stuart van Zee [EMAIL PROTECTED]:
From:
Hello everybody,
I work on BSD 4.1, with i386 hardware.
I'm searching a way to enable a transparent firewall (without ip
adress),
probably in bridge mode.., with a capability of NAT. I know the
interest is
not evident to nat some computers on the same IP lan, but it's
for a client,
so!
It seems that PF doesn't have this capability. Perhaps, it could
be possible
with an another package ?
Thank's for your comments...
Cidric.
I am not sure you understand what NAT is. When you use NAT to allow a
system on one network to access another network, the traffic is NATted
to the IP of the box doing the NAT. In the case of a firewall like
device, the traffic would be given the IP address of the outer interface
of the firewall.
inside box (1) firewall/bridge doing nat (2)- Internet etc.
(1) network traffic leaves the inside box, it has the source IP of the
inside box.
(2) The network traffic is NATted by the firewall, when it leaves the
outer interface of the firewall it now has the source IP address of the
outer interface of the firewall.
Any return traffic would simply take the same steps in reverse.
If the firewall/bridge does not have any IP addresses, there is no way
that NAT can occur, It has no IP address to change the source IP to.
If I have this wrong somehow, please let me know.
s
Thank's for your comment. Unfortunately, i well understand the Nat
process.
I's right it's not seems to be interesting to nat some machine in the same
IP lan, but that is what i want.
The problem, you said it very well, it's the firewall can't assign it's own
IP adress because is in bridge mode.
So, the idea is to set a particular IP on all trafic outgoing from the
firewall.
The rule could be this one :
nat pass on bridge0 inet tagged LAN1 - 192.168.2.3 (it's an example of an
ip pick in the LAN...)
pass in inet proto {tcp,udp, icmp} on $lan1_if http://10.0.0.0/24 tag LAN1
I don't know if this syntax is ok, because i never tested it.
Someone knows ?
Re: firewall is very slow, something's wrong
Siju George wrote: snip so you think a 20 ton truck is twice as fast as a 10 ton truck? O.K I get it :-) So when does changing from 32 bit to a 64-bit processor actually help? Quoting Paul de Weerd, In short: There is no short answer. It depends on what you're doing. ( Not to mention how you do it ;-) Short answer: When you *might* need more than a GB or so of RAM/swap. Most anything is faster than stuck. Easy: 2:1 ratio *either direction* which is faster. Hard: 10:1 ratio (again either direction). (figure in loading/unloading times on the truck analogy)
Re: OpenBSD XSS ;)
Nice to hide your local network IP ;) Do not show it anyone! On 10/10/07, Anton Karpov [EMAIL PROTECTED] wrote: It's a kind of useless and funny XSS... in OpenBSD ;) http://www.toxahost.ru/images/funny/obsd_xss.JPG
Re: The Name: UNIX
michael hamerski wrote: On 10/9/07, Sean Darby [EMAIL PROTECTED] wrote: Does OpenBSD = UNIX? Or, does OpenBSD = Unix? (or unix or unix-like or etc.)? my mother recently called it that Unisex thing you like, though am not sure of the capitalization :) From _Wizard's Bane_, Rick Cook, a very silly book: You mean you really do not have magic where you come from? The closest I ever came to magic was working with Unix wizards, said Wiz. Eunuchs wizards? Did they do that to themselves to gain power? -- David Given [EMAIL PROTECTED]
Re: Transparent Firewall with NAT
You _may_ be able to apply the following setup (borrowing from someone else's design :-) : inside box (1) firewall/bridge doing nat (2)- default gateway internet if1 if2 Let's just suppose that if2 has the ip address IP2 configured. 1 - set interface if1 to brigde interface if2. 2 - your fw/bridge computer has a default route to a gateway that can forward packets to the net 3 - do not assign an IP address to if1 4 - do your pf home lesson to NAT computers from the inside network, using external IP2 address 5 - somehow, the computers from your inside network should be set to use IP2 as default gateway. 5 a) This implies that IP2 lies in the same net address you're using on your inside network. 5 b) Or you have a static route pointing to IP2 on each inside network computer. This implies that each computer on this net segment can talk directly to your default gateway that handles internet connections. To limit this communication and enforce all clients to set your bridge/fw host as default gateway, you should create a working filter ruleset. 6 - optionally, you may want the bridge to replicate only the IP protocol
Re: OpenBSD XSS ;)
On 2007/10/10 20:43, [EMAIL PROTECTED] wrote: Nice to hide your local network IP ;) Do not show it anyone! On 10/10/07, Anton Karpov [EMAIL PROTECTED] wrote: It's a kind of useless and funny XSS... in OpenBSD ;) Well, it's fixed in -current. There are better ways to report a bug than misc@, though.
Re: The Name: UNIX
On Oct 10, 2007, at 10:48 AM, David Given wrote: michael hamerski wrote: The closest I ever came to magic was working with Unix wizards, said Wiz. Eunuchs wizards? Did they do that to themselves to gain power? PHB - My boss says we need some eunuch programmers. Dilbert - I think he means UNIX and I already know UNIX. PHB - Well, if the company nurse comes by, tell her I said never mind. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Multi booting OpenBSD and OpenBSD and
On Wed, Oct 10, 2007 at 03:35:30PM +0200, Nico Meijer wrote: Somewhat OT, but I used a different approach, as I had enough IDE disks lying around. I got myself an external USB enclosure with swappable HDD brackets. Then, of course, the POS device broke, but that's not the point I am trying to get across... :-) If you don't mind going outside of OpenBSD, you can use the Grub bootloader which, it seems, can boot just about anything. I still like putting at least the root partition on its own hard drive and using the BIOSs boot device selector (if any) to choose what to boot. Doug.
Re: OpenBSD XSS ;)
2007/10/10, Stuart Henderson [EMAIL PROTECTED]: On 2007/10/10 20:43, [EMAIL PROTECTED] wrote: Nice to hide your local network IP ;) Do not show it anyone! On 10/10/07, Anton Karpov [EMAIL PROTECTED] wrote: It's a kind of useless and funny XSS... in OpenBSD ;) Well, it's fixed in -current. There are better ways to report a bug than misc@, though. I posted it here because I don't seriously think it's a [useful] bug
Re: firewall is very slow, something's wrong
On 2007/10/10 11:20, Tony Abernethy wrote: Siju George wrote: snip so you think a 20 ton truck is twice as fast as a 10 ton truck? O.K I get it :-) So when does changing from 32 bit to a 64-bit processor actually help? Quoting Paul de Weerd, In short: There is no short answer. It depends on what you're doing. ( Not to mention how you do it ;-) There are other changes between i386/amd64 than the number of bits (e.g. amd64 has more registers, which allows some other changes that can improve performance for some things), so it depends a lot on the code being run. You can't even always say, software X is faster on arch Y, since the way you use that software can give different results. If you're looking for fastest, just benchmark as close to real-life use on both, it's the easiest way. You also often need to test whether what you're trying to run does work correctly on !i386 arch (it's not uncommon for code to make assumptions which don't hold true on !i386). Of course, there are reasons other than fastest you might choose a particular arch. Short answer: When you *might* need more than a GB or so of RAM/swap. Most anything is faster than stuck. Easy: 2:1 ratio *either direction* which is faster. Hard: 10:1 ratio (again either direction). I'm not too sure I understand what you're saying here.
Re: OpenBSD is loosing cd and tshirt sales
San Diego, CA here... I just got mine yesterday, at the same time I received my ship notice. Be patient Kentucky, you'll get it... don't worry... And Argentina, surely your bank has a debit card or credit card you can get. Hell, charge up an AMEX gift card and buy it that way. Those are great. Like a secure credit card. I think you can re-charge them too... What I'm saying is that there are alternatives... Bryan On 10/10/07, Gerald Thornberry [EMAIL PROTECTED] wrote: Not entirely true. I've been checking the USPS Track Confirm website each day since October 2 when I got my tracking confirmation via email. Until today the USPS had no record of my shipment. Finally I have a response: Your item was accepted at 4:31 PM on October 9, 2007 in SWEET GRASS, MT 59484. Information, if available, is updated every evening. Please check again later. So, even though locales as far away as New Zealand (probably farther than Argentina from Calgary) are already applying their new stickers to their servers I'm still waiting here in Kentucky, USA (1660 miles from Calgary). I pre-ordered on 09/11/2007. :-) On 10/10/07, L. V. Lammert [EMAIL PROTECTED] wrote: On Wed, 10 Oct 2007, Marcos Laufer wrote: The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. If you had placed an order instead of complaining about it, you would have your gear already, like the rest of us. Our 4.2 was actually received the same day as the order confirmation - talk about efficiency! Lee
Re: OpenBSD is loosing cd and tshirt sales
On Wed Oct 10 12:51 , Bryan [EMAIL PROTECTED] sent: San Diego, CA here... I just got mine yesterday, at the same time I received my ship notice. Be patient Kentucky, you'll get it... don't worry... And Argentina, surely your bank has a debit card or credit card you can get. Hell, charge up an AMEX gift card and buy it that way. Those are great. Like a secure credit card. I think you can re-charge them too... What I'm saying is that there are alternatives... Bryan You can't recharge the AMEX AFAIK, that would be the Green Dot MasterCard and Visa cards. Still, your suggestion is a good one. --James
Re: [side thread] security implcations of multiple kernel threads?
On 10/9/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Tue, Oct 09, 2007 at 08:03:18PM +0200, Henning Brauer wrote: So, assuming the box is a pure firewall / static router (so just pf and static routes), even with multiple interfaces, all those tasks run in a single kernel thread? yup actually, i think henning wanted to say that the network stack runs in no threads. :) Why is this? Is there a security reason why the kernel is single-thread; is it OBSD resource limitations (no developer time, no hardware, etc); is it not enough interest yet? the stack runs entirely as interrupts. if there were a thread, we could add another, but going from 0 to 1 is more work than 1 to 2. networking workloads do not always divide up among CPUs nicely. assuming the code is written, just turning 2 or more CPUs loose on a stream of packets is likely to result in reordering, which is bad. to avoid reordering, you need lots of queueing, which hurts performance and drives up latency. the problem is unfortunately not as simple as add a lock here, a thread there, and presto.
Re: firewall is very slow, something's wrong
Paul de Weerd wrote: wittig wrote: | 64 bit processors (combined with 64 bit capable operating systems) have | the ability to address more RAM than 32 bit processors because 64^2 is a | much larger number than 32^2... lots more RAM addresses). Oops! that should have read: 2^64 and 2^32 Depending on your software, 64 bit processors can be quite a bit faster. If you're dealing with 64bit integers, using 64bit registers, etc., a lower clocked 64bit CPU might be faster than a 32bit CPU clocking at a higher rate. In short: There is no short answer. It depends on what you're doing. Point taken, particularly where big integers are concerned. From what Henning tells us (and what sounds logical to me), grabbing a ethernet frame from a NIC and putting it on another NIC doesn't really change much from 32bit to 64bit. Your compiler also comes into play. If that is more tuned towards a certain 32bit architecture (such as i386) than a certain 64bit arch (because it's less populair, such as sparc64 or hppa64 or mips64), this will impact your performance quite a bit. If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig RAM and a 64 bit CPU, which would be a better choice, in general? -- -wittig http://www.robertwittig.com/ http://robertwittig.net/ http://robertwittig.org/ .
Re: OpenBSD is loosing cd and tshirt sales
Not worried. Actually I was just responding to post that declared instead of complaining about it, you would have your gear already, like the rest of us. All pre-orders are not created equal. Now that the USPS actually has them in hand, I anticipate my discs tomorrow or Saturday. Gerald On 10/10/07, James R.Campbell [EMAIL PROTECTED] wrote: On Wed Oct 10 12:51 , Bryan [EMAIL PROTECTED] sent: San Diego, CA here... I just got mine yesterday, at the same time I received my ship notice. Be patient Kentucky, you'll get it... don't worry... And Argentina, surely your bank has a debit card or credit card you can get. Hell, charge up an AMEX gift card and buy it that way. Those are great. Like a secure credit card. I think you can re-charge them too... What I'm saying is that there are alternatives... Bryan You can't recharge the AMEX AFAIK, that would be the Green Dot MasterCard and Visa cards. Still, your suggestion is a good one. --James
Re: firewall is very slow, something's wrong
On Wed, Oct 10, 2007 at 12:34:48PM -0500, Robert C Wittig wrote: | If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig | RAM and a 64 bit CPU, which would be a better choice, in general? There is no such generalization. The amount of RAM you need depends on the task. For firewalling, you don't need lots. For a high-traffic, caching webserver you do need much. If, in general, you are firewalling .. you won't need much RAM. If, in general, you are doing something else, you might need it. Like I said in my previous mail, there is no short answer. No quick solution. Everything has advantages and disadvantages. In some cases you may not even want to run OpenBSD (*shock* !). In general, you should look at the specific problem at hand and solve it with the means available. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: firewall is very slow, something's wrong
On 10/10/07, Robert C Wittig [EMAIL PROTECTED] wrote: If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig RAM and a 64 bit CPU, which would be a better choice, in general? 64-bit and 1 GB. it's much easier to add another GB RAM later than to add 32-bits.
Re: OpenBSD XSS ;)
2007/10/10, Can Erkin Acar [EMAIL PROTECTED]: Anton Karpov [EMAIL PROTECTED] wrote: In this case, if you have some web application on the same *domain name* then the XSS can be used to take control of the user session on the application. Especially fun for isp/hosting kind of settings where you have customer management and troubleshooting (looking glass etc.) services side by side. Can Yes, I', aware of it, I just forgot about situation when you can really give access to bgplg to [stupid] clients/users, which are not too smart to look into the url, use firefox/noscript, etc ;) To make things clear (as I see cvs commit logs), originally this bug was found by my colleague Alexander Polyakov, and I just mention it on misc@
Re: OpenBSD XSS ;)
Anton Karpov [EMAIL PROTECTED] wrote: 2007/10/10, Stuart Henderson [EMAIL PROTECTED]: On 2007/10/10 20:43, [EMAIL PROTECTED] wrote: Nice to hide your local network IP ;) Do not show it anyone! On 10/10/07, Anton Karpov [EMAIL PROTECTED] wrote: It's a kind of useless and funny XSS... in OpenBSD ;) Well, it's fixed in -current. There are better ways to report a bug than misc@, though. I posted it here because I don't seriously think it's a [useful] bug All bugs are useful :) In this case, if you have some web application on the same *domain name* then the XSS can be used to take control of the user session on the application. Especially fun for isp/hosting kind of settings where you have customer management and troubleshooting (looking glass etc.) services side by side. Can
Re: non-PHP webmail solutions
Robert Urban wrote: Does anyone know of any others that don't use PHP? I don't use it myself, but sqwebmail may do what you want. http://www.courier-mta.org/sqwebmail/
Re: How can I install 4 OS'es on one disk?
stan wrote: Is it possible to do this on the one disk. I do have enough space, my concern is about portions. If it is possible can anyone give me an idea how best to approach this? Or a pointer to some docs? I've done what you mention using Acronis Disk Director or Partition Magic, but they're not Free in any sense. Resizing partitions is handy when multibooting, but I'm not familiar with a partition resizer that works with OpenBSD partitions. If you have a laptop, it may be easier to just swap disks.
How can i boot a bsd.rd from windows 2000 ?
Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( Thanks for the attention Christopher Bianchi
Driver for Winbond W83793G
I have created some code to handle the winbond W83793G. The design of this
chip is different from other winbond chips, so the normal detection method
did not work, as different registers needed to be queried.
I left out the sensor information for the fans because I could not get
them working. If I try and configure them, sysctl does not print out
anything to do with them. I have the same error for the w83792d. I also
left out the chassis intrusion detection because I could not get it
working.
It would be nice if this was committed. I can help on any testing that
needs to be done.
I have only run the diff against 4.1 because that is what I developed it
on.
I just noticed that I forgot to replace 0x0d and 0x0e with constants. They
could be set as follows
#define WB_W83793G_BANK0_VENDID 0x0d
#define WB_W83793G_BANK0_CHIPID 0x0e
Thanks
Jonathan Steel
::
i2c_scan.c.diff
::
--- i2c_scan.c 2007-10-10 19:23:44.0 +
+++ ../../i2c/i2c_scan.c2007-10-10 19:34:17.0 +
@@ -764,7 +764,16 @@
} else if (name == NULL
(addr 0x78) == 0x48) {/* addr 0b1001xxx */
name = lm75probe();
+ } else if (iicprobe(0x0b) 0x50) {
+ if ((iicprobe(0x0d) == 0x5c (iicprobe(0x00) 0x80)) ||
+ (iicprobe(0x0d) == 0xa3 !(iicprobe(0x00) 0x80))) {
+ if ( iicprobe(0x0e) == 0x7b ) {
+ name = w83793g;
+ }
+ }
}
+}
+
#if 0
/*
* XXX This probe needs to be improved; the driver does some
::
lm78.c.diff
::
--- lm78.c 2007-10-10 19:23:29.0 +
+++ ../../ic/lm78.c 2007-10-10 19:30:49.0 +
@@ -299,6 +299,25 @@
{ NULL }
};
+struct lm_sensor w83793g_sensors[] = {
+ /* Voltage */
+ { VCore A, SENSOR_VOLTS_DC, 0, 0x10, lm_refresh_volt, RFACT_NONE
},
+ { VCore B, SENSOR_VOLTS_DC, 0, 0x11, lm_refresh_volt, RFACT_NONE
},
+ { -12V, SENSOR_VOLTS_DC, 0, 0x14, wb_refresh_nvolt, RFACT(232,
56) },
+ { DIMM, SENSOR_VOLTS_DC, 0, 0x15, wb_refresh_nvolt, RFACT(232,
56) },
+ { +3.3V, SENSOR_VOLTS_DC, 0, 0x16, lm_refresh_volt, RFACT_NONE },
+ { +12V, SENSOR_VOLTS_DC, 0, 0x17, lm_refresh_volt, RFACT(28, 10)
},
+ { -5V, SENSOR_VOLTS_DC, 0, 0x18, wb_refresh_nvolt, RFACT(120,
56) },
+ { 5VSB, SENSOR_VOLTS_DC, 0, 0x19, lm_refresh_volt, RFACT(17, 33)
},
+ { VBAT, SENSOR_VOLTS_DC, 0, 0x1a, lm_refresh_volt, RFACT_NONE },
+
+ /* Temperature */
+ { , SENSOR_TEMP, 0, 0x1c, lm_refresh_temp },
+ { , SENSOR_TEMP, 0, 0x20, lm_refresh_temp },
+
+ { NULL }
+};
+
struct lm_sensor as99127f_sensors[] = {
/* Voltage */
{ VCore A, SENSOR_VOLTS_DC, 0, 0x20, lm_refresh_volt, RFACT_NONE
},
@@ -411,6 +430,42 @@
{
int banksel, vendid, devid;
+ /* Read vendor ID for W83793G */
+ banksel = sc-lm_readreg(sc, 0x00);
+ banksel = banksel | 0x80;
+ sc-lm_writereg(sc, 0x00, banksel);
+ vendid = sc-lm_readreg(sc, 0x0d) 8;
+ banksel = banksel ~0x80;
+ sc-lm_writereg(sc, 0x00, banksel);
+ vendid |= sc-lm_readreg(sc, 0x0d);
+ DPRINTF(( winbond vend id 0x%x\n, vendid));
+
+ if (vendid == WB_VENDID_WINBOND) {
+ /* Read device/chip ID */
+ sc-chipid = sc-lm_readreg(sc, 0x0e);
+ DPRINTF(( winbond chip id 0x%x\n, sc-chipid));
+ devid = sc-lm_readreg(sc, 0x0f);
+
+ if (sc-chipid == WB_CHIPID_W83793G) {
+ lm_setup_sensors(sc, w83793g_sensors);
+ if (devid == 0x11)
+ printf(: W83793G rev B\n);
+ else if (devid == 0x12)
+ printf(: W83793G rev C\n);
+ else
+ printf(: W83793G rev 0x%x\n, devid);
+ goto found;
+ }
+ else {
+ printf(: unknown Winbond chip (ID 0x%x)\n,
sc-chipid)
;
+ /* Handle as a standard LM78. */
+ lm_setup_sensors(sc, lm78_sensors);
+ sc-refresh_sensor_data = lm_refresh_sensor_data;
+
+ return 1;
+ }
+ }
+
/* Read vendor ID */
banksel = sc-lm_readreg(sc, WB_BANKSEL);
sc-lm_writereg(sc, WB_BANKSEL, WB_BANKSEL_HBAC);
@@ -489,6 +544,7 @@
return 1;
}
+found:
sc-refresh_sensor_data = wb_refresh_sensor_data;
return 1;
}
::
lm78_i2c.c.diff
::
--- lm78_i2c.c 2007-10-10 19:23:44.0 +
+++ ../../i2c/lm78_i2c.c2007-10-10 19:34:17.0 +
@@ -54,7 +54,8 @@
strcmp(ia-ia_name, w83782d) == 0 ||
strcmp(ia-ia_name, w83783s) == 0 ||
strcmp(ia-ia_name, w83791d)
Re: Transparent Firewall with NAT
Cidric THIBAULT wrote: I'm searching a way to enable a transparent firewall (without ip adress), probably in bridge mode.., with a capability of NAT. I know the interest is not evident to nat some computers on the same IP lan, but it's for a client, so! You want to have a bridge that does NAT without an IP adderss... so what address would the packets from behind the bridge be NATed to? I've set up machines as transparent spamd firewalls to put in front of Exchange servers. Maybe that's what you want to do, but that doesn't involve NAT.
Re: OpenBSD is loosing cd and tshirt sales
On 10/10/07, Gerald Thornberry [EMAIL PROTECTED] wrote: Not entirely true. I've been checking the USPS Track Confirm website each day since October 2 when I got my tracking confirmation via email. Until today the USPS had no record of my shipment. Finally I have a response: Your item was accepted at 4:31 PM on October 9, 2007 in SWEET GRASS, MT 59484. Information, if available, is updated every evening. Please check again later. same story over here in northern California.
Re: firewall is very slow, something's wrong
* Robert C Wittig [EMAIL PROTECTED] [2007-10-10 20:45]: If you had to choose between, say, 2 gig RAM and a 32 bit CPU, or 1 gig RAM and a 64 bit CPU, which would be a better choice, in general? for a packet filter/router/...? 32bit 2Gig and take a gig out. for a databse server? 64bit and add ram when required. there is no in general. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: How can i boot a bsd.rd from windows 2000 ?
On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( Thanks for the attention Can your BIOS boot from the network (PXE)? If you can set up a PXE server with pxeboot as the boot image then you can boot that way. Alternatively you can pull out the hard drive, plug it into a different computer or a USB-to-IDE converter, install there, and then put it back. -Nick
Re: How can I install 4 OS'es on one disk?
I was very impressed about BootIt NG. Only a few MB in size, bootable from CD. Resized my Windows partition in less than two minutes. I don't know if it's still freeware though... HTH, Stijn Steve Shockley wrote: stan wrote: Is it possible to do this on the one disk. I do have enough space, my concern is about portions. If it is possible can anyone give me an idea how best to approach this? Or a pointer to some docs? I've done what you mention using Acronis Disk Director or Partition Magic, but they're not Free in any sense. Resizing partitions is handy when multibooting, but I'm not familiar with a partition resizer that works with OpenBSD partitions. If you have a laptop, it may be easier to just swap disks.
Re: How can i boot a bsd.rd from windows 2000 ?
Nick Guenther ha scritto: On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( Thanks for the attention Can your BIOS boot from the network (PXE)? If you can set up a PXE server with pxeboot as the boot image then you can boot that way. Alternatively you can pull out the hard drive, plug it into a different computer or a USB-to-IDE converter, install there, and then put it back. -Nick Thanks for the attention Nick, but 1) i can't boot from pxe ( damn Sharp ) and 2) i wish an elegance solution without pull out the hard disk. Thanks Chris
Re: requesting help in building xenocara
On 10/10/07, Juan Miscaro [EMAIL PROTECTED] wrote: Hi. I am running CURRENT on a development server and I have some questions about building the X portion of a release. First, normally I don't need Xorg but I regularly use a package that needs the xbase install set. So before I used to build X using the XF4 sources. I then heard that xenocara is replacing XF4 so I am trying to build, and eventually make the sets (which ones will come out I do not know), but my system is bombing out. I am following the release man page. My xenocara sources ended up in /usr/xenocara after a cvsup operation (how do I get them in /usr/src/xenocara while also updating other sources and ports?). Anyway, according to that man page all I need to do is have XSRCDIR set to /usr/xenocara inside /etc/mk.conf. So I'm not sure if I'm on the right track in building xenocara and also why I cannot build it: make: don't know how to make obj. Stop in /usr/xenocara/proto/bigreqsproto. make: no target to make. Read /usr/xenocara/README 1st. Then if you don't find a solution to your problem, please post the full of the commands you run and their result. ihmo you didn't install X on your machine first, or you didn't run 'make bootstrap'. Thank you in advance, // juan Be smarter than spam. See how smart SpamGuard is at giving junk email the boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca
Re: Multi booting OpenBSD and OpenBSD and
On 10/10/07 21:37 RW wrote: Then (the devil made me do it!) I thought: Why not four OpenBSDs as in Release, Release minus one, current and some experimental stuff. Just multiboot to whichever and away. Is it at all possible? If so what is the trick? I did flag the new MBR entry as active and I can't see anything in the docs that contemplates this kind of set-up. It's actually not very difficult but ... If you have to ask, you shouldn't be doing it Start your first install. Make one fdisk partition (OpenbSD type). disklabel as many slices as you want OpenbSD releases (plus swap, plus c). Install one on slice a. When done, start the next install. Before doing the actual install, jump into shell, hack the install-script's ROOT_DEVICE (or something like it) to a different slice (say d). Exit shell, proceed with install. This installation will end up on that very slice. And so on. Now every time you want to a boot any installation other then the one on a-slice you use the boot loaders set device .. to select the kernel you want. *AND* you have to tell that kernel which root partition to use (-a flag in boot). That's it. If there is an answer at Mother Google's I cannot construct a smart enough query to not be drowned in all the OpenBSD and some other OS questions. I don't think there is one and there is reason for it too. This is unsupported. This is weird. This is outright dangerous. The potential for holes in your feet is really high. Sooner or later you will end up running current binaries on a release kernel or vice versa. You will probably get your packages mixed up. There have been changes in the disklabel which are compatible one way only. There is probably a lot more. The failuremodes of all this are subtle and mean. You will spend more time scratching your head and thinking WTF? then it would cost you to re-install from scratch everytime you like to run a different release. (Well, maybe I'm exaggerating but in hindsight it really feels like this) Anybody successful at this task? I ran this for same time on my laptop. I wanted to run current on it, but also have fallback release installation. In the end it turned out I never used the release. So after spending some serious time and learning a lot more then I ever hoped for (but nothing of this is lost) I scrapped it. If you really must do this (I recognize there is must and *must* ;) I reckon you go for seperate media. Seperate disk drives, or even better removable media (USB sticks, clearly labeled; maybe live-CDs). I just got a brand new office PC, 64bit CPU. But I'm stuck with some Apps in i386 compatibility. So I installed i386 for work. Next week I'm going to get an USB stick and put an amd64 install on it, for play :) regards tilo Thanx, Rod/ From the land down under: Australia. Do we look umop apisdn from up over?
Re: OpenBSD is loosing cd and tshirt sales
I'm right with you with that. I just saw that the USPS site light up with my order too. India, Oz, NZ, England, all before us. Puffy, you're such a tease... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gerald Thornberry Sent: Wednesday, October 10, 2007 10:29 AM To: L. V. Lammert Cc: Marcos Laufer; OpenBSD Orders; [EMAIL PROTECTED]; misc@openbsd.org Subject: Re: OpenBSD is loosing cd and tshirt sales Not entirely true. I've been checking the USPS Track Confirm website each day since October 2 when I got my tracking confirmation via email. Until today the USPS had no record of my shipment. Finally I have a response: Your item was accepted at 4:31 PM on October 9, 2007 in SWEET GRASS, MT 59484. Information, if available, is updated every evening. Please check again later. So, even though locales as far away as New Zealand (probably farther than Argentina from Calgary) are already applying their new stickers to their servers I'm still waiting here in Kentucky, USA (1660 miles from Calgary). I pre-ordered on 09/11/2007. :-) On 10/10/07, L. V. Lammert [EMAIL PROTECTED] wrote: On Wed, 10 Oct 2007, Marcos Laufer wrote: The OpenBSD project is loosing sales. I am trying to buy some tshirts and the 4.2 prerelease but nobody answers my emails at the Calgary shop. If you had placed an order instead of complaining about it, you would have your gear already, like the rest of us. Our 4.2 was actually received the same day as the order confirmation - talk about efficiency! Lee
fsck.ext2 segfault
OBSD 4.0, the disk is an IDE disk taken from a long-ago Linux computer put into a IDE-to-USB disk enclosure. [EMAIL PROTECTED]:~$ fsck.ext2 /dev/sd0j [...] /dev/sd0j: 503728/7208960 files (3.3% non-contiguous), 9188731/14390223 blocks umass0: Invalid CSW: tag 904086 should be 904087 sd0: WARNING: cache synchronization failed Segmentation fault (core dumped) gdb `which fsck.ext2` fsck.ext2.core (gdb) bt full #0 0x1c00173f in ??() No symbol table info available. #1 0x in ??() No symbol table info available. CL
Re: How can I install 4 OS'es on one disk?
On 10/7/07, stan [EMAIL PROTECTED] wrote: I have a new laptop that I would like to set up to have 4 different OS's on. The OS's I would like to install are: I used to favour the ranish partition manager for creating my primary partitions and assigning ids. the installers should pick up on the id automatically afterwards. it also has a basic bootloader. it's a floppy image but can be found as a boot option on a lot of recovery cds. mike
Re: Multi booting OpenBSD and OpenBSD and
On Wed, 10 Oct 2007 22:51:26 +0200, Tilo Stritzky wrote: On 10/10/07 21:37 RW wrote: Then (the devil made me do it!) I thought: Why not four OpenBSDs as in Release, Release minus one, current and some experimental stuff. Just multiboot to whichever and away. Is it at all possible? If so what is the trick? I did flag the new MBR entry as active and I can't see anything in the docs that contemplates this kind of set-up. It's actually not very difficult but ... If you have to ask, you shouldn't be doing it Pushing boundaries on a machine without internet connection and (unless it works) not a part of critical infrastructure is just fun for learning. If it blows up an OpenBSD flush and install another way is not exactly the punishment that Linux or Windows would inflict. ;-) Start your first install. Make one fdisk partition (OpenbSD type). disklabel as many slices as you want OpenbSD releases (plus swap, plus c). Install one on slice a. Hmmm. Right there is the showstopper. I did say it was so I could build stable for at least a couple of releases. I have 9 slices on my present builder and could probably lose a couple. but only one to build and clean on? Not for me. I have listened to the experienced crew about having filesystems you can just flush rather than rm -rf * on. Looks like a lost cause. I did really want to get out of all the drive swapping with wear on the connectors (the old IDE trays at least had rugged sockets like the old centronix ones, the SATA trays have an edgecon and I don't rate edgecons as suitable for lots of insert/remove cycles with a heavy mechanical load) but if it don't fly, c'est la vie. Thanx, Rod When done, start the next install. Before doing the actual install, jump into shell, hack the install-script's ROOT_DEVICE (or something like it) to a different slice (say d). Exit shell, proceed with install. This installation will end up on that very slice. And so on. Now every time you want to a boot any installation other then the one on a-slice you use the boot loaders set device .. to select the kernel you want. *AND* you have to tell that kernel which root partition to use (-a flag in boot). That's it. If there is an answer at Mother Google's I cannot construct a smart enough query to not be drowned in all the OpenBSD and some other OS questions. I don't think there is one and there is reason for it too. This is unsupported. This is weird. This is outright dangerous. The potential for holes in your feet is really high. Sooner or later you will end up running current binaries on a release kernel or vice versa. You will probably get your packages mixed up. There have been changes in the disklabel which are compatible one way only. There is probably a lot more. The failuremodes of all this are subtle and mean. You will spend more time scratching your head and thinking WTF? then it would cost you to re-install from scratch everytime you like to run a different release. (Well, maybe I'm exaggerating but in hindsight it really feels like this) Anybody successful at this task? I ran this for same time on my laptop. I wanted to run current on it, but also have fallback release installation. In the end it turned out I never used the release. So after spending some serious time and learning a lot more then I ever hoped for (but nothing of this is lost) I scrapped it. If you really must do this (I recognize there is must and *must* ;) I reckon you go for seperate media. Seperate disk drives, or even better removable media (USB sticks, clearly labeled; maybe live-CDs). I just got a brand new office PC, 64bit CPU. But I'm stuck with some Apps in i386 compatibility. So I installed i386 for work. Next week I'm going to get an USB stick and put an amd64 install on it, for play :) regards tilo Thanx, Rod/ From the land down under: Australia. Do we look umop apisdn from up over? From the land down under: Australia. Do we look umop apisdn from up over?
Re: Multi booting OpenBSD and OpenBSD and
On Wed, Oct 10, 2007 at 10:51:26PM +0200, Tilo Stritzky wrote: I just got a brand new office PC, 64bit CPU. But I'm stuck with some Apps in i386 compatibility. So I installed i386 for work. Next week I'm going to get an USB stick and put an amd64 install on it, for play :) In Debian amd64 Etch (stable), there is no way to use flashplayer (a 32-bit binary plugin that requires a 32-bit browser. To use it, you have to set up a 32-bit chroot. It never has to boot, just be a complete chroot in which to run the 32-bit browser and its plug-ins. The 64-bit kernel can run 32-bit apps if they have 32-bit libraries (which they do in the 32-bit chroot). Is there no way to do this in OpenBSD for your i386 apps or will the amd64 kernel not run 32-bit apps? Note that Debian Lenny (testing) and Sid (unstable) have a plugin-wrapper that translates 32-bit calls so that 32-bit plugins can run with a 64-bit browser, removing the need for a chroot for this use. Doug.
Re: [side thread] security implcations of multiple kernel threads?
On Wed, Oct 10, 2007 at 11:44:05AM -0700, Ted Unangst wrote: On 10/9/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: Why is this? Is there a security reason why the kernel is single-thread; is it OBSD resource limitations (no developer time, no hardware, etc); is it not enough interest yet? the stack runs entirely as interrupts. if there were a thread, we could add another, but going from 0 to 1 is more work than 1 to 2. networking workloads do not always divide up among CPUs nicely. assuming the code is written, just turning 2 or more CPUs loose on a stream of packets is likely to result in reordering, which is bad. to avoid reordering, you need lots of queueing, which hurts performance and drives up latency. the problem is unfortunately not as simple as add a lock here, a thread there, and presto. Right, I see that multiple threads dealing with one interface would be a problem, but if you had a box with several interfaces, couldn't a mult-threaded stack work? Yes, I agree that 1 to 2 threads is totally different than 2 to n. I'm just concerned with what I perceive as two converging trends: 1) the trend for hardware per-interface bandwidth to increase; 2) the slowing of advances in single-processor speed. We're getting multiple cores on a chip and multiple chips on a board, and multiple interfaces on a box. What is the answer when the primary to-the-world interface is faster than the OBSD firewall can handle on a single CPU? Doug.
Re: How can i boot a bsd.rd from windows 2000 ?
On Wed, Oct 10, 2007 at 09:49:24PM +0200, Christopher Bianchi wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( I think that you can get grub separatly to install under windows. Grub will allow you to boot windows and any BSD (and of course any Linux). Perhaps that will help. Of course, have complete backups since if you mess up your bootloader, you won't be able to boot a rescue CD/USB. Basically, your problem is that you need a smarter bootloader. Doug.
File permissions question
Hi Everybody, I am total a noob in OpenBSD so forgive me for my silly question. In real life I have a homemade Intel based Workstation/Server and an old IBM Think Pad laptop both powered by FreeBSD 6.2 stable. I got an old Pentium III made by Del last weekend originally intended for FreeBSD testing purposes (mostly some packages which are not in FreeBSD official port three so I am kind a scared to brake my systems trying to install them). I recently had some very unpleasant discussion with the sys admin at the University of Arizona (I am a mathematician by profession) about computer security after couple servers running Ubuntu got rooted. These were not our math servers (which run Debian) but never the less I was affected by the event and not very happy about it. Motivated by the whole situation I decided to install OpenBSD (instead of playing with couple FreeBSD applications) which is indisputably the most secure OS on the world and learn little bit more about security issues. I did quick 10 min ftp installation last Sunday. I was in total shock how easy was to install the system (have to admit that is even easier than FreeBSD). It took me about 4-5 hours to get full working customized, workstations with all gadgets (CD/DVD, printers, MP3 palyers, digital camera, VoIP (fedora package)) plus all my work stuff TeX and related as well as VNC and VPN. The system is one of the most logical and simple things I have ever touched in my life (simple is GOOD). Two thumps up for the developers and grand master Theo. Documentation is in par with the famous FreeBSD Handbook. Now it comes my idiotic question. During the printer installation I had to change the permission on /dev/lpt0 for CUPS daemon to gain the access. Normally in FreeBSD I would do that either by chmod for /dev/lpt0 device node or by editing /etc/devfs.conf with the line perm /dev/lpt0 0666. In OpenBSD I did it with a chmod command but I have not noticed that there is anything equivalent to /etc/devfs.conf file in FreeBSD. Is there are equivalent an equivalent file or the things are just different? I noticed that the syntax for starting daemons and rc class of files are little bit different than in FreeBSD but very logical and well documented. I was shocked that Ogle was able to play DVD out of box despited the fact that HAL doesn't exist (thanks God I wish there was no HAL in FreeBSD as well). I thought that I would have to mount first as udf file system. I do run dbus daemon of course but I thought that would not be enough. Anyhow, OpenBSD is on my DeLL to stay forever as it is just too good to be removed (I am going to get another $20 box to play with FreeBSD packages) Lastly, I just out of curiosity has anybody tried to port HPLIP to OpenBSD. I googled and found a few OpenBSD discussions about it but nothing in substance. Also I noticed that TeXLive is listed (there is an unofficial port list) but not in packages? Could somebody tell me if it is going to be included in 4.2. I am in particular interested in powerdot class of Latex presentation which I had to install manually on FreeBSD (not an easy thing as it requires some extra fonts nor present in current version of TeTeX ported for FreeBSD) (and yes I do know about beamer and ppower4 and they are ported for OpenBSD but I do not give a shit for those two classes). Sincerely, Predrag Punosevac
4.2 on H8SSL-I2: acpi at mainbus0 not configured
Hi, thanks a lot to Vim for sending me my new shiny CD set, and to the developers to making this possible. I just installed on a new server (Supermicro H8SSL-I2) and it seems not possible to get ACPI recognized (yes, I did enable it). Unpacking the source from the CD resulted in about 80-90% interrupt load, so I think it would be better for this server having acpi. Has anyone an idea what I could try? dmesg: OpenBSD 4.2 (GENERIC.MP) #1378: Tue Aug 28 10:48:58 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3220762624 (3071MB) avail mem = 3112398848 (2968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xfbcf0 (50 entries) bios0: vendor American Megatrends Inc. version 080011 date 03/01/2007 bios0: Supermicro H8SSL-I2 acpi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+, 2992.96 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 6000+, 2992.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type ISA ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 16 pins ioapic1 at mainbus0 apid 3 pa 0xfec01000, version 11, 16 pins ioapic2 at mainbus0 apid 4 pa 0xfec02000, version 11, 16 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 1 function 0 ServerWorks HT-1000 PCI rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xb2 pci2 at ppb1 bus 2 bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 8 (irq 9), address 00:30:48:5e:6d:f6 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): apic 3 int 9 (irq 5), address 00:30:48:5e:6d:f7 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 pciide0 at pci1 dev 14 function 0 ServerWorks HT-1000 SATA rev 0x00: DMA pciide0: using apic 2 int 11 (irq 11) for native-PCI interrupt pciide0: port 0: device present, speed: 1.5Gb/s wd0 at pciide0 channel 0 drive 0: ST3320620AS wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 1: device present, speed: 1.5Gb/s wd1 at pciide0 channel 1 drive 0: ST3320620AS wd1: 16-sector PIO, LBA48, 305245MB, 625142448 sectors wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: port 2: PHY offline pciide0: port 3: PHY offline pciide1 at pci1 dev 14 function 1 ServerWorks HT-1000 SATA rev 0x00 piixpm0 at pci0 dev 2 function 0 ServerWorks HT-1000 rev 0x00: polling iic0 at piixpm0 iic0: addr 0x2f 00=80 05=ae 06=ff 07=ae 08=ff 09=64 0a=64 0b=5e 0c=73 0d=5c 0e=7b 0f=12 10=b1 11=2e 13=ff 14=22 15=6f 16=d0 17=7b 18=d0 19=cf 1a=bf 1b=0b 1c=21 1d=9c 1e=80 1f=80 20=1c 21=51 22=01 23=0f 25=0f 27=0f 29=0f 2b=0f 3b=ff 3c=ff 3d=ff 3e=ff 3f=ff 40=09 44=40 46=f7 47=ff 48=ff 49=7f 4a=3f 4b=02 4d=7c 50=1e 51=02 52=01 58=80 59=01 5c=03 5e=55 5f=03 60=ca 61=87 62=ca 63=87 64=ff 66=ff 67=ff 68=3f 6a=2b 6b=18 6c=7c 6d=65 6e=e3 6f=b9 70=8a 71=70 72=e5 73=bb 74=e5 75=bb 76=e3 77=b9 78=48 79=43 7a=48 7b=43 7c=48 7d=5f 7e=55 7f=50 80=64 81=5f 82=55 83=50 84=64 85=5f 86=55 87=50 88=46 89=41 8a=55 8b=50 8c=64 8d=5f 8e=55 8f=50 90=07 91=68 92=07 93=68 94=07 95=68 96=07 97=68 98=07 99=68 9a=07 9b=68 9c=07 9d=68 9e=ff 9f=ff a0=ff a1=ff a2=ff a3=ff a4=ff a5=ff a6=ff a7=ff a8=f5 ae=ff af=ff b1=04 b2=30 b3=3f b4=3f b5=30 b6=3f b7=3f b8=3f b9=3f ba=3f bb=89 bc=89 bd=89 be=89 bf=89 c0=89 c1=89 c2=89 c3=01 c4=01 c5=7f c6=ff c9=ff ca=ff cb=ff cc=ff cd=ff ce=ff cf=ff d1=46 d2=46 d3=46 d4=46 d6=f0 d7=ff d8=80 d9=01 da=80 db=01 dc=80 dd=01 de=80 df=01 e0=bb e1=c0 e2=82 e3=ff e4=80 e5=06 e6=fe e7=12 e8=12 e9=12 ea=c8 eb=60 ec=ff ed=ff ee=ff ef=ff f6=60 f7=80 f8=1b fa=ff fd=10 piixpm0: exec: op 1, addr 0x4b, cmdlen 1, len 1, flags 0x08: timeout, status 0x9BUSY,BUSERR pciide2 at pci0 dev 2 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA atapiscsi0 at pciide2 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC,
Re: Multi booting OpenBSD and OpenBSD and
One of the sports in answering a question is to figure out what the asker's true motives are, and what the likely results are going to be if things go exactly as the asker wishes. Next you try to figure out what the results are likely to be, regardless of the asker's wishes. I've known R for a while, I know he understands a good educational opportunity when he sees it, and data loss is usually very educational. If not educational, funny. :) RW wrote: I have seen plenty of QA about multibooting OpenBSD and Windows/Linux/whatever and although I did a lot of that stuff way back, I generally don't need it in the days of almost zero cost PC that are plenty good enough to run OpenBSD. So why this question? Well I was blessed by a client who had some troubles with a fairly recent grunty Intel mobo and donated it with its RAM to me for past favours. isn't it wonderful when that happens? :) I figured it would make a pretty nice build machine, tossed a 160G SATA in and voila! Then (the devil made me do it!) I thought: Why not four OpenBSDs as in Release, Release minus one, current and some experimental stuff. Just multiboot to whichever and away. After you get this all done, it will be interesting to see which one(s) you actually use. :) Pretty soon the Release would be stable for latest and one back etc. I know that something like GAG would handle the boots but how would I slice and dice the drive? I managed to play with fdisk and set up partition 3 with about 40G at the end of the disk and use the b command in disklabel to describe the disk and whacked in a bunch of filesystems. Pretty standard install - booted and ran just file. Then I fdisked again to do partition 0, easy. Even remembered the 63 offset. BUT (and I can see Nick Holland smiling here) when I get to the disklabel phase and use b to describe the disk, I still end up with all those other partitions visible. :) I don't want to cream the first install unnecessarily so I'm here to be told. aw, where's the education (or humor) in that? :) Is it at all possible? If so what is the trick? I did flag the new MBR entry as active and I can't see anything in the docs that contemplates this kind of set-up. If there is an answer at Mother Google's I cannot construct a smart enough query to not be drowned in all the OpenBSD and some other OS questions. Anybody successful at this task? I've only done two complete systems on one machine (my one and only amd64 system, which I got and planned to never run a 32 bit OS or app on, and then promptly put to work testing *sigh* i386 code...). As you discovered, the disklabel goes in the /first/ A6 MBR partition, not the /active/ A6 partition. The trick is this: have only one A6 partition active at any one time. The rest are..well, anything other than A6. You might be able to make them FreeBSD or NetBSD partitions, and actually access them through a bit of disklabel magic..haven't tried that, but it might work. So..install one, reboot. During the install of the next, renumber the old A6 partition to something else, create a new A6, install, reboot, repeat. Here's the problem: I highly recommend NOT changing the fdisk partitions around while the system is running. It really didn't like that one bit (I seem to recall a complete reload :) Boot bsd.rd, change it there. That's the no-tools approach. Some of the various bloated boot managers will do that for you in other ways, calling it something like partition hiding, seems not just OpenBSD dislikes having multiple boot partitions on one disk. :) You *might* be able to save a copy of the MBR from each of your MBR images (dd the first sector of the disk to a file), then dd them back into place and reboot...that might keep the kernel from noticing the other disklabels...but practice where you don't need the data... something like these completely untested lines: dd if=/hole-in-foot/current.mbr of=/dev/rwd0c bs=1 count=1 reboot (this will either install and boot off the MBR of your -current partition, or reduce your file systems to something tantalizingly close to useful, but just random enough to drive you nuts. I'm not sure which. :). For extra credit (and lost data), manually disklabel your disk so that your /home, /swap and /tmp partitions are shared between the installs. Remember: extra credit is given in school, and screwing things up horribly is usually educational. :) Now, most people know I'm not much a fan of virtualization (It's great when done right! Exactly. Show me it done right), but this might be a great place for it. Even something slow like qemu might be perfect for your needs -- you want your speed (i.e., real system) to be -current, as you will be doing most of your I want it done NOW! compiles there. -stable/-rel and -prev-rel can be in the emulators, as you won't be doing development there (RIGHT??), just testing ideas and implementations, and if you need to build a
Re: Multi booting OpenBSD and OpenBSD and
Douglas A. Tutty wrote: On Wed, Oct 10, 2007 at 10:51:26PM +0200, Tilo Stritzky wrote: I just got a brand new office PC, 64bit CPU. But I'm stuck with some Apps in i386 compatibility. So I installed i386 for work. Next week I'm going to get an USB stick and put an amd64 install on it, for play :) In Debian amd64 Etch (stable), there is no way to use flashplayer (a 32-bit binary plugin that requires a 32-bit browser. To use it, you have to set up a 32-bit chroot. It never has to boot, just be a complete chroot in which to run the 32-bit browser and its plug-ins. The 64-bit kernel can run 32-bit apps if they have 32-bit libraries (which they do in the 32-bit chroot). Is there no way to do this in OpenBSD for your i386 apps or will the amd64 kernel not run 32-bit apps? Not natively, no. I've been told it is possible to implement, if you wish to write some code. Not a whole lot of interest among the developers, however. And no one else has stepped up to do it. OpenBSD is an OPEN SOURCE OS. Seems kinda pointless to run closed source drivers and apps and and and on an open source system, doesn't it? OpenBSD is security oriented, achieved through active auditing and verification. Strange place to stick a Mystery Binary, don'tcha think? Funny, the Linux people are content to use Mystery Binaries, might explain why they have so many of them they have to use. Nick.
Re: OpenBSD XSS ;)
On 10/10/2007, Anton Karpov [EMAIL PROTECTED] wrote: 2007/10/10, Can Erkin Acar [EMAIL PROTECTED]: Anton Karpov [EMAIL PROTECTED] wrote: In this case, if you have some web application on the same *domain name* then the XSS can be used to take control of the user session on the application. Especially fun for isp/hosting kind of settings where you have customer management and troubleshooting (looking glass etc.) services side by side. Can Yes, I', aware of it, I just forgot about situation when you can really give access to bgplg to [stupid] clients/users, which are not too smart to look into the url, use firefox/noscript, etc ;) To make things clear (as I see cvs commit logs), originally this bug was found by my colleague Alexander Polyakov, and I just mention it on misc@ You should never underestimate the predictability of stupidity. -- Bullet-Tooth Tony, Snatch (2000) :) C.
Re: How can I install 4 OS'es on one disk?
Quoting Steve Shockley [EMAIL PROTECTED]: stan wrote: Is it possible to do this on the one disk. I do have enough space, my concern is about portions. If it is possible can anyone give me an idea how best to approach this? Or a pointer to some docs? I've done what you mention using Acronis Disk Director or Partition Magic, but they're not Free in any sense. Resizing partitions is handy when multibooting, but I'm not familiar with a partition resizer that works with OpenBSD partitions. If you have a laptop, it may be easier to just swap disks. You could also check this link http://readlist.com/lists/openbsd.org/misc/2/11903.html it has worked for me in the past.
Re: How can i boot a bsd.rd from windows 2000 ?
On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Nick Guenther ha scritto: On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? Can your BIOS boot from the network (PXE)? If you can set up a PXE server with pxeboot as the boot image then you can boot that way. Alternatively you can pull out the hard drive, plug it into a different computer or a USB-to-IDE converter, install there, and then put it back. -Nick Thanks for the attention Nick, but 1) i can't boot from pxe ( damn Sharp ) and 2) i wish an elegance solution without pull out the hard disk. Thanks If your hardware doesn't have a CD-ROM drive you're already in the land of inelegance. Just deal with it. -Nick
Re: How can i boot a bsd.rd from windows 2000 ?
On 10/10/2007, Christopher Bianchi [EMAIL PROTECTED] wrote: Nick Guenther ha scritto: On 10/10/07, Christopher Bianchi [EMAIL PROTECTED] wrote: Hello everyone. My situation is this: i've a laptop, a Sharp pc-ax10 with Windows 2000 preinstalled , without cdrom, floppy. I wish install OpenBSD on it. Naturally bios can't boot from USB. So i've thinked to boot the bsd.rd , but how ? The faq explain the procedure from an older OpenBSD operating system... i've Windows 2000 on it. Is it possible ? and if is possible, in which way ? Where i must put the bsd.rd and in which way i can boot from him ? I've tried google, but nothing :-( Thanks for the attention Can your BIOS boot from the network (PXE)? If you can set up a PXE server with pxeboot as the boot image then you can boot that way. Alternatively you can pull out the hard drive, plug it into a different computer or a USB-to-IDE converter, install there, and then put it back. -Nick Thanks for the attention Nick, but 1) i can't boot from pxe ( damn Sharp ) and 2) i wish an elegance solution without pull out the hard disk. Thanks DISCLAIMER: I'm talking out my arse here, and I don't know if what you're hoping to do is even possible. That said, here are my thoughts on the matter: (1) The only way to hand off control from one operating system to another operating system is to make a program run exclusively (not preemptively multitasked ( http://en.wikipedia.org/wiki/Preemption_%28computing%29#Pre-emptive_multitasking )) and with full access to the entire computer, including all of the memory (ie. outside of memory protection ( http://en.wikipedia.org/wiki/Memory_protection )). (a) To use unix terminology, you would need to start the system in single user mode ( http://en.wikipedia.org/wiki/Single_user_mode ), and then you would need a program that can load the OpenBSD kernel and hand off control to it. In some very rare cases, programs like this do exist. I remember (unsuccessfully) trying to install NetBSD on an old Apple PowerBook 145B many moons ago. Because the firmware (ie. the BIOS) of this Motorola 68K based laptop did not support loading a non-Apple OS, the solution there was to load Mac OS 6 or 7.whatever, and then run a Mac OS program that would seize control of the entire machine and load NetBSD. (This would have worked, except that my machine had too little RAM and HDD space.) The old Mac OS was not a proper preemtive multitasking OS w/ memory-protection; and writing a program to load another OS from it was only possible because of these limitations. Windows 2000 however is built on NT (OS/2) technology and has memory protection and preemtive multitasking. No a program like that old NetBSD boot loader cannot exist for Windows. However, a kind of single user mode does exist for Windows 2000, it's called the recovery console ( http://support.microsoft.com/kb/229716 ). However, the recovery console is sadly not installed by default; you can either boot it from the Windows 2000 install CDs (which you say you can't boot), or it can be installed by running winnt32.exe /cmdcons. However, if the recovery console isn't already installed, then the Windows 2000 installation files probably aren't on your HDD either, and you'd then need to run winnt32.exe /cmdcons from the Windows 2000 install CD (which, again, you say you can't access). Even if you have the recovery console installed, I have no clue how to get custom programs installed into it. This might be extra hard to do, because, to quote Wikipedia: [The Recovery Console] is independent of the (...) operating system. And, to quote Annoyances.org: The Recovery Console looks like DOS, but it isn't DOS. I don't know if even a single non-MS program for the recovery console exists. That probably means that a BSD loader program that you could run from the recovery console is a (big fat opium-) pipe dream at best. (b) However, Windows OSes have a reputation of being not the most secure of operating systems. Hypothetically speaking, if you knew a kernel exploit and or virus/trojan that would allow you to insert arbitrary code for exclusive execution deep into the windows kernel, then you could theoretically use that type of vulnerability to write a BSD loader. Your best bet there may be to insert your boot loader early in the NT boot process by somehow patching either Ntdetect.com, NTLDR, or ntoskrnl.exe. (Cf. http://en.wikipedia.org/wiki/Ntoskrnl.exe , http://en.wikipedia.org/wiki/NTLDR , and http://en.wikipedia.org/wiki/Ntdetect.com .) This would of course quite possibly also wreck your Windows 2000 installation, except if the inserted code somehow presented the user a boot menu to select whether to load the BSD kernel or continue to load Windows. The way I've followed IT news for a while, I am fairly sure that no such program currently exists. I am unsure how involved it would be to write one, and I am not a programmer. (c) An almost certainly
ERR M on boot: how to fix?
had a problem with the / partition getting full (105%) on a fileserver here and then rebooted it. after rebooting the ERR M line came up immediately after the drive 0 partition 3 message that is normally followed by the boot prompt. this is an amd64 4.1-release machine and i can't account for this behavior aside from the overfull state of the / partition during shutdown. so i booted off a USB drive (i386), mounted / from the other disk and cleared off the stuff that had eaten all the space. rebooted and got the ERR M again, so apparently something became hosed from the first time it was shutdown with an overfull /. got an amd64 install onto the USB drive so i could attempt booting /bsd from the hosed drive. at the boot prompt did a boot hd1a:/bsd and the machine is running, albeit using a USB drive to boot the kernel from hd1. have gotten the ERR M message before and recognize it indicates a bad magic number but am clueless as to how to fix it. clues appreciated here. find a link to the dmesg below. cheers, jake dmesg - http://marc.info/?l=openbsd-miscm=118141026830100w=2 --
When loading a home-made module, linker says : undefined reference to `read'
Hi all, I wrote a kernel module for my 4.1 OpenBSD kernel. It compiles normally, but when I try to load it, the modload says: : undefined reference to `read' But the read syscall header is declared within my module. Has anyone ever faced this problem before? Could anyone provide me with some tip in order to tackle this issue? Thanks in advance for the time dedicated to this e-mail. -- Joco Salvatti Undergraduating in Computer Science Federal University of Para - UFPA web: http://www.openbsd-pa.org e-mail: [EMAIL PROTECTED]
Re: ERR M on boot: how to fix?
On Wed, 10 Oct 2007, Nick Guenther wrote: Running installboot(8) should fix it. That means something like: # cp /usr/mdec/boot /boot # /usr/mdec/installboot -n -v /boot /usr/mdec/biosboot wd0 Remember to remove the -n if you don't get any errors from the first run 8-) -nDo not actually write anything on the disk. -- Antti Harri
Re: ERR M on boot: how to fix?
On 10/10/07, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: had a problem with the / partition getting full (105%) on a fileserver here and then rebooted it. after rebooting the ERR M line came up immediately after the drive 0 partition 3 message that is normally followed by the boot prompt. this is an amd64 4.1-release machine and i can't account for this behavior aside from the overfull state of the / partition during shutdown. so i booted off a USB drive (i386), mounted / from the other disk and cleared off the stuff that had eaten all the space. rebooted and got the ERR M again, so apparently something became hosed from the first time it was shutdown with an overfull /. got an amd64 install onto the USB drive so i could attempt booting /bsd from the hosed drive. at the boot prompt did a boot hd1a:/bsd and the machine is running, albeit using a USB drive to boot the kernel from hd1. have gotten the ERR M message before and recognize it indicates a bad magic number but am clueless as to how to fix it. clues appreciated here. find a link to the dmesg below. cheers, jake dmesg - http://marc.info/?l=openbsd-miscm=118141026830100w=2 http://archives.neohapsis.com/archives/openbsd/2004-09/1593.html suggests that your boot(8) is corrupt. Running installboot(8) should fix it. That means something like: # cp /usr/mdec/boot /boot # /usr/mdec/installboot -n -v /boot /usr/mdec/biosboot wd0 -Nick
Re: Multi booting OpenBSD and OpenBSD and
On Wed, Oct 10, 2007 at 07:09:35PM -0400, Nick Holland wrote: Douglas A. Tutty wrote: In Debian amd64 Etch (stable), there is no way to use flashplayer (a 32-bit binary plugin that requires a 32-bit browser. To use it, you have to set up a 32-bit chroot. It never has to boot, just be a complete chroot in which to run the 32-bit browser and its plug-ins. The 64-bit kernel can run 32-bit apps if they have 32-bit libraries (which they do in the 32-bit chroot). Is there no way to do this in OpenBSD for your i386 apps or will the amd64 kernel not run 32-bit apps? Not natively, no. I've been told it is possible to implement, if you wish to write some code. Not a whole lot of interest among the developers, however. And no one else has stepped up to do it. OpenBSD is an OPEN SOURCE OS. Seems kinda pointless to run closed source drivers and apps and and and on an open source system, doesn't it? OpenBSD is security oriented, achieved through active auditing and verification. Strange place to stick a Mystery Binary, don'tcha think? Funny, the Linux people are content to use Mystery Binaries, might explain why they have so many of them they have to use. So, there are some web sites that I need to access that use flash. Mostly, online product catalogues. Does this mean that I have to use Debian on my main box to do this since OpenBSD doesn't? Is that more secure? If you take the requirement to view a few flash pages at face value, you're saying that that defeats the whole purpose of OpenBSD and I'm better off just sticking with Debian for the whole thing. Doug.
Re: Multi booting OpenBSD and OpenBSD and
On 10/10/07, Douglas A. Tutty [EMAIL PROTECTED] wrote: ... If you take the requirement to view a few flash pages at face value, you're saying that that defeats the whole purpose of OpenBSD and I'm better off just sticking with Debian for the whole thing. My mother is an accountant - OpenBSD is not right for her. My father does graphics - OpenBSD is not right for him. I'm a sysadmin - OpenBSD works well for me. And for the things I use OpenBSD for. OpenBSD is not for everyone or everything, and we won't be the least bit hurt if you decide OpenBSD is not for you. Apparently the set of people who use OpenBSD (or at least who write code that works on OpenBSD) and the set of people who care about flash are pretty much disjoint. If enough people want working flash on OpenBSD, it'll happen. I don't think that critical mass has been reached yet. Think for a moment about what flash is: a blob. It's a little program that you got from someone you don't know, that you can't look into, that you can't be sure what it does and that you want to run with access to the network. Somehow I doubt that is very attractive scenario to most openbsd users. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Multi booting OpenBSD and OpenBSD and
Douglas A. Tutty wrote: So, there are some web sites that I need to access that use flash. Mostly, online product catalogues. Does this mean that I have to use Debian on my main box to do this since OpenBSD doesn't? Is that more secure? At that point, why not just run Windows? The vendor is unlikely to support you using their Flash catalog under Linux anyway. Or, try to make Flirt or Gnash work for your catalogs. Or ask the vendor for a version that's not in Flash, or find a vendor that doesn't try to hide their catalog/pricing in a SWF file. The point you've missed is that the developers aren't interested in the effort to make a binary blob work. I guess someone did want to make some effort, that's why there's Opera and Opera-Flashplugin for i386, but It appears Opera doesn't make an amd64 Linux or FreeBSD version. Shame, if you had the source you could probably just compile the amd64 version yourself.
