Re: Kernel doesn't reclaim unused interface indexes?

[Claudio Jeker]

On Wed, Mar 19, 2008 at 04:59:40PM -0700, Matthew Dempsky wrote:
 OpenBSD's currently limited to using interfaces with an index  32 for
 multicast, and on one of my machines I created and destroyed enough
 virtual interfaces during experimentation that some of the interfaces
 currently in use and that I would like to route multicast traffic to
 have indexes = 32.
 

That's a bug in the multicast code that needs fixing.

 The simple solution is to reboot since I have fewer than 32 interfaces
 total, they'll renumber and everything will be fine.  However, I saw
 if_attachsetup (in net/if.c) there's some code for looping through
 ifindex2ifnet twice to try to find an unused interface index, so I
 figured I could avoid rebooting by creating and destroying ~65000
 virtual devices to wrap the counter, and then recreating the necessary
 interfaces so I could use them in multicast.
 
 Fortunately, I tested this idea first, because it actually leads to a
 kernel panic. :-)
 

I somewhat expected that. Nobody ever expected the ifindex to wrap.

 A second somewhat closer look at the kernel's interface handling code
 gives me the impression that the ifnet structures are never freed, the
 ifindex2ifnet table is never zero'd out, and so that loop always
 results in a panic.
 
 Looking at the history on net/if.c, I see a commit comment from itojun
 that ifindex2ifnet could become NULL when interface gets destroyed,
 when we introduce dynamically-created interfaces, but this was four
 years ago and if_vlan has existed for 7 (though seemingly in a
 different form then).  What does dynamically-created mean if not
 something like vlan/gif/carp/trunk?
 
 Is there anything major preventing ifindex2ifnet being cleared?  (If
 it's just developer interest, it *looks* like it should be a
 straight-forward-enough fix that I'd be interested in trying to write
 a patch.)
 

See attached diff which should help finding free slots (at least it helped
in my case). It will only reuse the last if_index and not previous free
slots. See if.c:if_attachsetup() use of the static if_index.
The main issue with this diff is that ifindexes are reused and some
userland apps (mainly SNMP) require that the ifindex is unique and not
reused. I don't care about SNMP but I wanted to warn you about that.

-- 
:wq Claudio

Index: if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.168
diff -u -p -r1.168 if.c
--- if.c5 Jan 2008 19:08:19 -   1.168
+++ if.c18 Jan 2008 22:08:33 -
@@ -601,6 +601,7 @@ do { \
/* Announce that the interface is gone. */
rt_ifannouncemsg(ifp, IFAN_DEPARTURE);
 
+   ifindex2ifnet[ifp-if_index] = NULL;
splx(s);
 }

Re: Kernel doesn't reclaim unused interface indexes?

[Matthew Dempsky]

On 3/20/08, Claudio Jeker [EMAIL PROTECTED] wrote:
 On Wed, Mar 19, 2008 at 04:59:40PM -0700, Matthew Dempsky wrote:
   OpenBSD's currently limited to using interfaces with an index  32 for
   multicast, and on one of my machines I created and destroyed enough
   virtual interfaces during experimentation that some of the interfaces
   currently in use and that I would like to route multicast traffic to
   have indexes = 32.

 That's a bug in the multicast code that needs fixing.

Yeah, but in the mean-time I need a workaround. :-)

   Fortunately, I tested this idea first, because it actually leads to a
   kernel panic. :-)

 I somewhat expected that. Nobody ever expected the ifindex to wrap.

Looks like at least markus@ did. ;-)

 See attached diff which should help finding free slots (at least it helped
  in my case). It will only reuse the last if_index and not previous free
  slots. See if.c:if_attachsetup() use of the static if_index.

Cool.

  The main issue with this diff is that ifindexes are reused and some
  userland apps (mainly SNMP) require that the ifindex is unique and not
  reused. I don't care about SNMP but I wanted to warn you about that.

I prefer SNMP giving bad results in extreme cases to a kernel panic. :-)

Also, I suspect this might be necessary for correctness when IPv6 is
used.  Since ifindex2ifnet is used in the IPv6 code for choosing which
interface a link-scoped address points to, and the ifnet struct is
free()'d when the interface detaches, it looks like running (e.g.)
'ping6 fe80:100::1' after interface 256 has been destroyed would lead
to undefined memory accesses.

(Though I'm still learning how the networking stack works; maybe
somewhere higher is able to identify that if_index is invalid even
when ifindex2ifnet[if_index] != NULL.)

Re: BDB simple program compile problem

[Michael Spratt]

I used the line you gave and got the following error Actually I used gcc
-I/usr/local/include/db -o t2 t2.c -l/usr/local/lib -ldb Got
/usr/bin/ld: cannot find -l/usr/local/lib
collect2: ld returned 1 exit status

I'm running as root because the machine is not on the net and I'm just
trying to get the code set up so I can move on with the program . I'm under
a lot of preasure so I posted to the list I appologize if its of topic. But
wanted to get your oppinion because a lot of people have trouble with it. I
received the same error as below on a slackware system. I just though you
might be able to respond to me and help me out this one time. I really need
to get moving on this. I don't enjoy a nice life where I'm left alone to
learn and study at my leasure :| I appologize for not knowing. 

LD keeps saying it can not find the path... I tried a number of combinatons
but couldn't get it. 

You have always responded in the past and I was glad to see that you
responded. I'v been searching the net and IRC for a long time trying to get
going on this. Any help would be appreciate. I appologize for being off
topic and under-learned. 

 COMPILE OUTPUT-
 # cc t2.c

Why, are you running this as root?..

 /tmp//ccdm8869.o(.text+0x1c): In function `main':
 : undefined reference to `db_create'

Isn't this message rather obvious? can you not read or something?

 /tmp//ccdm8869.o(.text+0x32): In function `main':
 : undefined reference to `db_strerror'
 collect2: ld returned 1 exit status

You're not linking with the shared db library... 

$ gcc -I/usr/local/include/db4 -o t2 t2.cc -l/usr/local/lib -ldb

Last time I checked, This mailing list isn't for people learning C..

Go buy yourself a book kid..



-Nix Fan.

Re: BDB simple program compile problem

[Unix Fan]

 ../usr/bin/ld: cannot find -l/usr/local/lib



Consider that a test.. or an example of my drunken state, regardless of that..



It's obvious that you have no experience with the options of the compiler..



You failed the test. ;)



Change it to -L/usr/local/lib



Read manual pages: gcc(1) and ld(1) for starters.



Buy something from or something:

http://www.amazon.com/







-Nix Fan.

Build openjdk7-b24 failed: Invalid maximum heap size: -Xmx-33m

[Dongsheng Song]

It's a memory compute bug for small memory computers, e.g. 256MB.

===  Building for jdk-1.7.0.00
bsd i586 1.7.0-internal build started: 08-03-20 19:05
mkdir -p ./build/bsd-i586/j2sdk-image
mkdir -p /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/j2sdk-image
mkdir -p ./build/bsd-i586-fastdebug/j2sdk-image
mkdir -p 
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586-fastdebug/j2sdk-image
/bin/sh: /NOT-SET/devtools/share/findbugs/latest/bin/findbugs: not found
gmake[1]: Entering directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make'
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/common/shared/Sanity-Settings.gmk:117:
WARNING: FINDBUGS_VER should not be empty [Sanity-Settings.gmk]
gmake[2]: Entering directory
`/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/tools/freetypecheck'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory
`/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make/tools/freetypecheck'
gmake[1]: Leaving directory `/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/jdk/make'

Build Machine Information:
   build machine = dev.g11n.org

Build Directory Structure:
   CWD = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24
   TOPDIR = .
   CONTROL_TOPDIR = .
   LANGTOOLS_TOPDIR = ./langtools
   JAXP_TOPDIR = ./jaxp
   JAXWS_TOPDIR = ./jaxws
   CORBA_TOPDIR = ./corba
   HOTSPOT_TOPDIR = ./hotspot
   JDK_TOPDIR = ./jdk

Build Directives:
   BUILD_LANGTOOLS = true
   BUILD_JAXP = true
   BUILD_JAXWS = true
   BUILD_CORBA = true
   BUILD_HOTSPOT = true
   BUILD_JDK= true

Hotspot Settings:
  HOTSPOT_BUILD_JOBS  = 1
  HOTSPOT_OUTPUTDIR   =
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/hotspot/outputdir
  HOTSPOT_EXPORT_PATH =
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/hotspot/import




Bootstrap Settings:
  BOOTDIR = /usr/local/jdk-1.6.0
ALT_BOOTDIR = /usr/local/jdk-1.6.0
  BOOT_VER = 1.6 [requires at least 1.5]
  OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586
ALT_OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586
  ABS_OUTPUTDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586

Build Tool Settings:
  SLASH_JAVA = /NOT-SET
ALT_SLASH_JAVA =
  VARIANT = OPT
  JDK_DEVTOOLS_DIR = /NOT-SET/devtools
ALT_JDK_DEVTOOLS_DIR =
  ANT_HOME = /usr/local
  FINDBUGS_HOME = /NOT-SET/devtools/share/findbugs/latest
  UNIXCOMMAND_PATH = /bin/
ALT_UNIXCOMMAND_PATH =
  COMPILER_PATH = /usr/bin/
ALT_COMPILER_PATH =
  DEVTOOLS_PATH = /usr/bin/
ALT_DEVTOOLS_PATH =
  COMPILER_NAME = GCC
  COMPILER_VERSION =
  CC_VER = 3.3 [requires at least 3.2]
  ZIP_VER = 2.32 [requires at least 2.2]
  UNZIP_VER = 5.52 [requires at least 5.12]
  ANT_VER = 1.7 [requires at least 1.6.3]
  TEMPDIR = /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/tmp

Build Directives:
  OPENJDK = true
  USE_HOTSPOT_INTERPRETER_MODE =
  PEDANTIC =
  DEV_ONLY =
  NO_DOCS = true
  NO_IMAGES =
  TOOLS_ONLY =
  INSANE =
  COMPILE_APPROACH = parallel
  PARALLEL_COMPILE_JOBS = 2
ALT_PARALLEL_COMPILE_JOBS =
  FASTDEBUG =
  COMPILER_WARNINGS_FATAL = false
  COMPILER_WARNING_LEVEL =
  INCREMENTAL_BUILD = false
  CC_HIGHEST_OPT = -O3
  CC_HIGHER_OPT = -O3
  CC_LOWER_OPT = -O2
  CXXFLAGS =  -O2  -fPIC -DCC_NOEX -W -Wall  -Wno-unused
-Wno-parentheses -fno-omit-frame-pointer -D_LITTLE_ENDIAN
  CFLAGS =  -O2-fno-strict-aliasing -fPIC -W -Wall  -Wno-unused
-Wno-parentheses -fno-omit-frame-pointer -D_LITTLE_ENDIAN
  BOOT_JAVA_CMD = /usr/local/jdk-1.6.0/bin/java  -client -Xmx-33m
-Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m
  BOOT_JAVAC_CMD = /usr/local/jdk-1.6.0/bin/javac
-J-XX:ThreadStackSize=768 -J-client -J-Xmx-33m -J-Xms-41m
-J-XX:PermSize=32m -J-XX:MaxPermSize=96m -encoding ascii
  BOOT_JAR_CMD = /usr/local/jdk-1.6.0/bin/jar
  BOOT_JARSIGNER_CMD = /usr/local/jdk-1.6.0/bin/jarsigner
  JAVAC_CMD = /usr/local/jdk-1.6.0/bin/java  -client -Xmx-33m -Xms-41m
-XX:PermSize=32m -XX:MaxPermSize=96m
-Xbootclasspath/p:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar
-jar 
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar
 -source 1.5 -target 5 -encoding ascii
-Xbootclasspath:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/classes
  JAVAH_CMD = /usr/local/jdk-1.6.0/bin/java  -client -Xmx-33m -Xms-41m
-XX:PermSize=32m -XX:MaxPermSize=96m
-Xbootclasspath/p:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javah.jar:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javadoc.jar:/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javac.jar
-jar 
/var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/langtools/dist/bootstrap/lib/javah.jar
-bootclasspath /var/ports/obj/jdk-1.7.0.00/openjdk7-b24/build/bsd-i586/classes
  JAVADOC_CMD = /usr/local/jdk-1.6.0/bin/java  -client -Xmx-33m
-Xms-41m -XX:PermSize=32m -XX:MaxPermSize=96m

Re: using openbsd to make presentations

[Henning Brauer]

* Pau Amaro-Seoane [EMAIL PROTECTED] [2008-03-19 09:48]:
 Nice to see that such a thing exists... I was thinking of doing
 something similar by myself... nevertheless the installer of mathml
 seems to be a bit lame and I am a bit worried about the portability of
 the final file. Sometimes, as you know, you are asked to not plug in
 your laptop, so that speakers do not waste time trying to configure X
 and in those cases they ask you for a pdf (or even ppt, buerk!) file
 which they will copy over to the conference laptop...

and then you refuse nad plug your own laptop.
done that numerous times.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: IPv6 LAN - IPv4 Internet

[Henning Brauer]

* Jonathan Schleifer [EMAIL PROTECTED] [2008-03-19 15:29]:
 Barry Commander [EMAIL PROTECTED] wrote:
 
  I basically want the IPv6 clients on my LAN to be able to access IPv4
  servers on the
  internet transparantly - the router doing the IPv6-IPv4/IPv4-IPv6
  conversion.
 
 You'd have to use IPv4 inside then LAN and NAT at the router as well for
 that to properly work. There was some way to map IPv4 adresses inside
 the IPv6 space, but IIRC, there were some issues with it.

yes, but that is totally unrelated.

faithd is made for that purpose.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

NXP ISP1362 USB Controller

[Vonarburg, David]

Is there any support for the NXP (formerly Philips) ISP1362 or similar USB
controller in OpenBsd?
Did not found anything so long even in NetSDB and FreeBSD.

Thanks in advance
David

Re: BDB simple program compile problem

[Michael Spratt]

I read the part on -l -L wow it finally made more sense,  and compiled a bit
before your response, thanks for your response.  

Thanks though really your turse and rude messages prompted me to read more.
:) 

Cc -o t2 t2.c -L/usr/local/lib/db -ldb   did work 

Your right I do have no experience that's why I e-mailed for help you drunk
bastard :) 

It was quite amazing to wake up in the morning and read the man page... I
don't dispute your insults :) 

Thanks again really I appreciate it -Mike

-Original Message-
From: Unix Fan [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 20, 2008 1:57 PM
To: misc@openbsd.org
Cc: [EMAIL PROTECTED]
Subject: RE:BDB simple program compile problem

 ../usr/bin/ld: cannot find -l/usr/local/lib

Consider that a test.. or an example of my drunken state, regardless of
that..

It's obvious that you have no experience with the options of the compiler..

You failed the test. ;)

Change it to -L/usr/local/lib

Read manual pages: gcc(1) and ld(1) for starters.

Buy something from or something:
http://www.amazon.com/



-Nix Fan.

Re: NXP ISP1362 USB Controller

[Jonathan Gray]

On Thu, Mar 20, 2008 at 12:59:32PM +0100, Vonarburg, David wrote:
 Is there any support for the NXP (formerly Philips) ISP1362 or similar USB
 controller in OpenBsd?
 Did not found anything so long even in NetSDB and FreeBSD.
 
 Thanks in advance
 David

They should just work with the standard ohci/uhci/ehci etc interfaces,
like nearly all the other usb chips out there.

Re: Installing apsfilter package fails

[Ed Flecko]

Thank you Preston.

You said, If I remember correctly, you need to have the x-base
package installed
for the libiconv / gettext dependencies to be met.  It's an issue with
4.2.

How did you know that? Is there a source that I should reference
that I'm not aware of to keep up on the latest idiosyncrasies, bugs,
etc.???

Thanks,
Ed

Re: using openbsd to make presentations

[Edd]

Hi,

On Tue, Mar 18, 2008 at 05:45:26PM -0700, Predrag Punosevac wrote:
 As far as I know TeXLive will be regular package (you will not need to use 
 ports) starting OpenBSD 4.3. This is
 only second Unix like system after Debian to have fully functional TeXLive 
 thanks to Edd Baret porter of TeXLive
 for OpenBSD. On the last note I recommend that you install full TeXLive 
 which is about 1Gb but includes
 all TeX/Latex features coded at the moment. I am not sure if the TeXLive 
 base includes Powerdot. I would guess yes.

Also can I add that the ConTeXt typesetter is available in TeXLive,
which claims to do presentations too, although I have never tried it.

ConTeXt puts more emphasis on page layout than any previous TeX
compiler. To me it feels like arranging a HTML page using CSS.

Also I there will be binary packages for 4.3, maybe even on the cdrom, I
dont know. You can get binary packages for -current on the ftp servers,
and I have backported to 4.2 for people who wish to use TeXLive on 4.2
, although the packages were made before Predrag found the powerdot bug.
The fix is simple, see the patch on your ports tree:

/usr/ports/print/texlive/texmf-minimal/patches/patch-texmf_dvips_config_config_ps

(basically overwrite the old config.ps with the svn one)

4.2 packages for i386 and sparc64 here:
http://students.dec.bmth.ac.uk/ebarrett/texlive/3rd/4.2

A good starting point for links to docs and examples for ConTeXt is:
http://wiki.contextgarden.net

Also my battery has died on my laptop (Thinkpad R50e), which I used to
use for on the go TeXLive hackage. At the risk of sounding rude, can
anyone make a donation or tell me to shut up atleast as I am not a
developer with an @openbsd email address.

Thats right, Im playing the student trumph card :)

-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett

Re: Installing apsfilter package fails

[T. Ribbrock]

On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote:
[...]
 You said, If I remember correctly, you need to have the x-base
 package installed
 for the libiconv / gettext dependencies to be met.  It's an issue with
 4.2.

 How did you know that? Is there a source that I should reference
 that I'm not aware of to keep up on the latest idiosyncrasies, bugs,
 etc.???

This list for starters - that's where I learned about it...

Cheerio,

Thomas
-- 
 ** PLEASE: NO Cc's to me privately, I do read the list - thanks! **
-
  Thomas Ribbrockhttp://www.ribbrock.orgICQ#: 15839919
   You have to live on the edge of reality - to make your dreams come true!

Setting up an HP laserjet with apsfilter unknown printer error

[Ed Flecko]

Hi folks,
I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer.

I have an HP P2015DN and a 4240n, so printing to either one would be
fine with me.

After running apsfilter SETUP, here's my /etc/printcap file:

lp|PSgs;r=300x300;q=medium;c=mono;p=letter;m=auto:\
:lp=:\
:rm=192.168.1.15:\
:rp=raw:\
:if=/etc/apsfilter/basedir/bin/apsfilter:\
:sd=/var/spool/lpd/lp:\
:lf=/var/spool/lpd/lp/log:\
:af=/var/spool/lpd/lp/acct:\
:mx#0:\
:sh:

When I try and print a testpage, this is what I get:

Printing test page...
-rw-r--r--  1 root  wheel  924020 Mar 20 08:46 /tmp/apsfilter20397/test_page.aps
lpr: [EMAIL PROTECTED]: unknown printer
0m0.00s real 0m0.00s user 0m0.00s system
[ press RETURN to continue ]

Can someone give me some tips on setting up a network printer? I
thought setting up a network printer would be a snap with apsfilter,
but it's not as easy as I thought.

:-)

Thanks,
Ed

Re: Kernel doesn't reclaim unused interface indexes?

[Reyk Floeter]

On Thu, Mar 20, 2008 at 09:12:44AM +0100, Claudio Jeker wrote:
 reused. I don't care about SNMP but I wanted to warn you about that.
 

hey... :( but anyway, it shouldn't really matter when the if_index
stays consistent as long as the interface exists.  it is a dynamic
interface, so i could live with reusing old if_indexs here.  and the
physical interfaces will keep one index during runtime.

 -- 
 :wq Claudio
 
 Index: if.c
 ===
 RCS file: /cvs/src/sys/net/if.c,v
 retrieving revision 1.168
 diff -u -p -r1.168 if.c
 --- if.c  5 Jan 2008 19:08:19 -   1.168
 +++ if.c  18 Jan 2008 22:08:33 -
 @@ -601,6 +601,7 @@ do { \
   /* Announce that the interface is gone. */
   rt_ifannouncemsg(ifp, IFAN_DEPARTURE);
  
 + ifindex2ifnet[ifp-if_index] = NULL;
   splx(s);
  }

Re: Installing apsfilter package fails

[andrew fresh]

On Thu, Mar 20, 2008 at 07:43:10AM -0700, Ed Flecko wrote:
 Thank you Preston.
 
 You said, If I remember correctly, you need to have the x-base
 package installed
 for the libiconv / gettext dependencies to be met.  It's an issue with
 4.2.
 
 How did you know that? Is there a source that I should reference
 that I'm not aware of to keep up on the latest idiosyncrasies, bugs,
 etc.???

There actually is a source for this sort of thing.  I think Nick puts
a lot of time into it too.  

http://www.openbsd.org/faq/upgrade42.html

l8rZ,
-- 
andrew - ICQ# 253198 - Jabber: [EMAIL PROTECTED]

BOFH excuse of the day: The Token fell out of the ring. Call us when
you find it.

Intel 965GM just works (inspiron 1520)

[Bryan]

Greetings,

I've had this laptop for 6 months, and was unable to install -current
due to the integrated webcam causing bsd.rd to hang.  After sacking up
and taking the monitor apart to unhook the webcam, I was able to put a
recent snapshot (March 12), I found that running xorgconfig  did no
good.  I would setup xorgconfig and use the Intel i810 driver, but it
would fail to run X at all.

This morning, I decided to start at square one.  No xorgconfig, just
run startx at the prompt, and to hell with it.  Well, it Just Works.
 I even took 915resolution out of /etc/rc.securelevel, and it still
runs at maximum resolution (1680x1050, 24bit color).  No more
configuring. No more trying to configure h/v refresh rates.

I just wanted to thank all involved.  I've included the dmesg below
and the Xorg.0.log with no configuration.  915resolution is installed,
but is not being ran by /etc/rc.securelevel.

I have been a loyal member since 3.4, and buying since 3.6.  I can't
wait for the next release...
Cheers,
Bryan Brake

dmesg.boot:
---
OpenBSD 4.3 (GENERIC.MP) #587: Wed Mar 12 11:21:57 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz (GenuineIntel
686-class) 1.50 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem  = 1063272448 (1014MB)
avail mem = 1020006400 (972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/03/08, BIOS32 rev. 0 @
0xffa10, SMBIOS rev. 2.4 @ 0xf7180 (45 entries)
bios0: vendor Dell Inc. version A07 date 02/03/2008
bios0: Dell Inc. Inspiron 1520
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP HPET APIC MCFG SLIC BOOT SSDT
acpi0: wakeup devices PCI0(S3) PCIE(S4) USB1(S3) USB2(S3) USB3(S3)
USB4(S3) USB5(S3) EHC2(S3) EHCI(S3) AZAL(S3) RP01(S3) RP02(S3)
RP03(S3) RP04(S3) RP05(S3) RP06(S3) LID_(S3) PBTN(S4) MBTN(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz (GenuineIntel
686-class) 1.50 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 3 (PCIE)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 11 (RP01)
acpiprt3 at acpi0: bus 12 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 13 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3
acpicpu1 at acpi0: C3
acpitz0 at acpi0: critical temperature 87 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model DELL UW2807 serial 235 type LION oem Sanyo
bios0: ROM list: 0xc/0xf000! 0xcf000/0x1000
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0613092b0600092b
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1500 MHz (1388 mV): speeds: 1500, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
agp0 at pchb0: aperture at 0xe000, size 0x800
vga1 at pci0 dev 2 function 0 Intel GM965 Video rev 0x0c
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel GM965 Video rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x02: apic 2
int 20 (irq 10)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x02: apic 2
int 21 (irq 9)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x02: apic 2
int 22 (irq 7)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x02:
apic 2 int 21 (irq 9)
azalia0: codec[s]: Sigmatel/0x76a0, Conexant/0x2c06, using Sigmatel/0x76a0
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x02: apic 2
int 16 (irq 0)
pci1 at ppb0 bus 11
ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x02: apic 2
int 17 (irq 0)
pci2 at ppb1 bus 12
bwi0 at pci2 dev 0 function 0 Broadcom BCM4311 rev 0x01: apic 2 int
17 (irq 10), address 00:1d:60:40:27:a0
ppb2 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x02: apic 2
int 19 (irq 0)
pci3 at ppb2 bus 13
uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x02: apic 2
int 20 (irq 10)
uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x02: apic 2
int 21 (irq 9)
uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x02: apic 2
int 22 (irq 7)
ehci1 at pci0 

Re: Setting up an HP laserjet with apsfilter unknown printer error

[Predrag Punosevac]

Ed Flecko wrote:
To me your printcap file looks OK. Apsfilter has the option of 
installing network printer
but there are other files besides printcap that need to be edited on the 
server and the client side. I also

do not know your networks settings, the firewall settings and permissions.

Instead of me talking too much this is the link to FreeBSD Handbook 
printing section which is
also relevant for OpenBSD users. In particularly look at the section 
9.4.3 of the chapter

Advanced Printer Setup where client and server sides are treated in detail.

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing.html

Cheers,
Predrag

Hi folks,
I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer.

I have an HP P2015DN and a 4240n, so printing to either one would be
fine with me.

After running apsfilter SETUP, here's my /etc/printcap file:

lp|PSgs;r=300x300;q=medium;c=mono;p=letter;m=auto:\
:lp=:\
:rm=192.168.1.15:\
:rp=raw:\
:if=/etc/apsfilter/basedir/bin/apsfilter:\
:sd=/var/spool/lpd/lp:\
:lf=/var/spool/lpd/lp/log:\
:af=/var/spool/lpd/lp/acct:\
:mx#0:\
:sh:

When I try and print a testpage, this is what I get:

Printing test page...
-rw-r--r--  1 root  wheel  924020 Mar 20 08:46 /tmp/apsfilter20397/test_page.aps
lpr: [EMAIL PROTECTED]: unknown printer
0m0.00s real 0m0.00s user 0m0.00s system
[ press RETURN to continue ]

Can someone give me some tips on setting up a network printer? I
thought setting up a network printer would be a snap with apsfilter,
but it's not as easy as I thought.

:-)

Thanks,
Ed

loadbalancing on OpeBsd

[Fratiman Vladut]

I try to implement loadbalacing using two ISP's, with explanation from
http://www.openbsd.org/faq/pf/pools.html
Everything work well (except ftp), but i see with tcpdump, packets that
outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are
icmp request's.
I don't understand why this happening because have last two rules (from
web explanation), that prevent this situation.
Even if i try to log packets for this rules, i don't see any packet.
To be more clear, rules that prevent packet to outgoing on wrong
interface are:

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

Still with this rules, i see with tcpdump packets that outgoing on wrong
interface.
Where is the problem?

Re: Setting up an HP laserjet with apsfilter unknown printer error

[Edd Barrett]

Hi,

On Thu, Mar 20, 2008 at 4:05 PM, Ed Flecko [EMAIL PROTECTED] wrote:
 Hi folks,
  I'm using apsfilter on OBSD 4.2, and trying to set up an HP LaserJet printer.

  I have an HP P2015DN and a 4240n, so printing to either one would be
  fine with me.

You did start lpd?

I made this mistake with apsfilter once.

-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: loadbalancing on OpeBsd

[Daniel Anderson]

I found myself in a similar situtation and just set all icmp to go out a 
single interface:

pass in on $int_if route-to { ($dsl_2_if $dsl_2_gw) } proto { icmp } from any  
to any keep state



And for incoming connections for ssh that go to a given interface I added 
these:

pass in quick on $dsl_1_if reply-to ($dsl_1_if $dsl_1_gw) proto tcp


Of course, my setup is different because I have certain protocol/host groups 
mapped to given interfaces..but hope this can help a little.


On Thursday 20 March 2008 12:44:24 pm you wrote:
 I try to implement loadbalacing using two ISP's, with explanation from
 http://www.openbsd.org/faq/pf/pools.html
 Everything work well (except ftp), but i see with tcpdump, packets that
 outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are
 icmp request's.
 I don't understand why this happening because have last two rules (from
 web explanation), that prevent this situation.
 Even if i try to log packets for this rules, i don't see any packet.
 To be more clear, rules that prevent packet to outgoing on wrong
 interface are:

 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
 pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

 Still with this rules, i see with tcpdump packets that outgoing on wrong
 interface.
 Where is the problem?

openbsd game server

[arthur]

Hi All,

I am thinking about running a game server for my daughter and her friends. Any
suggestion for a multi-user (with a gui user end). Thanks.

Arthur

Profitez des conditions privilégiées.

[Comit� d'Entreprise]

Liens utiles pour acchs direct aux sites didiis :

Recevoir un spicimen et une plaquette par LA POSTE

Commander ses places en payant par carte bancaire directement sur le site
sicurisi

Tilicharger la version PDF du tarif pour commander par tilicopie ou par
courrier postal (chhque, CB, virement)

Dipenser vos chhques cadeaux et bons d'achat multi enseigne pour recevoir
des places de cinima en ichange

NOUVEAU, PASS Foire du Trone 2008 jusque 50 % de riductions, une tombola
...

[IMAGE]
est une marque de
[IMAGE]
S.A.R.L. au capital de 32600€ - R.C. Evry B 485070635

Til : 01 75 43 42 50 - Fax : 01 75 43 88 70

Pour ne plus recevoir d'information de notre part, cliquez ici

Re: loadbalancing on OpeBsd

[Steven Surdock]

Fratiman Vladut wrote:
 Everything work well (except ftp), but i see with tcpdump,
 packets that
 outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are
 icmp request's. I don't understand why this happening because have
 last two
 rules (from
 web explanation), that prevent this situation.
 Even if i try to log packets for this rules, i don't see any packet.
 To be more clear, rules that prevent packet to outgoing on wrong
 interface are:

 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any
 pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any

...

'route-to' needs to be used before the packet is routed, like on the
'pass in' rule.  I have not noticed any problems load balancing ICMP.

As for ftp-proxy, the _only_ way I can think of to LB proxied services
(squid, ftp-proxy...) is to:
   A) Use -mpath (see man route)
   B) Run two proxies.  Bind each to the different external IPs and
different internal ports.  Load balance incoming connections to the two
different proxies.

-Steve S.

Problems with socket created before fork() in multi-threaded application

[Török Edwin]

Hi,

ClamAV has changed to call fork() after creating its local socket.
This causes weird behaviours when communicating on the socket [1]

If fork() is called before creating the socket() it works.

Is it safe to create a socket, fork(), and then call pthread_create()
and read from the socket?
It seems not to work, the thread gets stuck in pthread_mutex_lock(), and
it  is not woken up even after the mutex is free. Moving fork() before
the socket avoids this.
Is this intended behaviour or a bug?

I found that calling non-async-signal-safe functions after fork() can
cause problems on FreeBSD [2], is the situation the same on OpenBSD?

I am using OpenBSD 4.2 GENERIC#375 i386.

Thanks,
--Edwin

[1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=885
[2]
http://lists.freebsd.org/pipermail/freebsd-hackers/2005-August/013310.html

Re: openbsd game server

[Leonardo Rodrigues]

Err, could you be a bit more specific?
I have managed to build some openbsd-based game servers in the past,
like QuakeWorld, Quake3, Counter-Strike, and the likes. Keep in mind
that some game server binaries are only available for Linux, so you
will have to turn on linux emulation.

On Thu, Mar 20, 2008 at 5:32 PM, arthur [EMAIL PROTECTED] wrote:
 Hi All,

  I am thinking about running a game server for my daughter and her friends. 
 Any
  suggestion for a multi-user (with a gui user end). Thanks.

  Arthur





-- 
An OpenBSD user... and that's all you need to know =)

Please, send private emails to [EMAIL PROTECTED]

Re: using openbsd to make presentations

[Pau Amaro-Seoane]

ConTeXt is looking *very* nice. Nevertheless I do not find the sources
for the many pdf examples of pragma... in the wiki you point at,
there's written:

---
If you're interested in presentations, your first stop should be the
pragma website. You can download pdfs with the documented source-code
of 18 presentation modules at
http://www.pragma-ade.com/dir/general/sources/
---

still, I do not find any tex file there... are they hidden or am I blind?

documented source-code is what I would like to see...


2008/3/20, Edd [EMAIL PROTECTED]:
 Hi,


  On Tue, Mar 18, 2008 at 05:45:26PM -0700, Predrag Punosevac wrote:
   As far as I know TeXLive will be regular package (you will not need to use
   ports) starting OpenBSD 4.3. This is
   only second Unix like system after Debian to have fully functional TeXLive
   thanks to Edd Baret porter of TeXLive
   for OpenBSD. On the last note I recommend that you install full TeXLive
   which is about 1Gb but includes
   all TeX/Latex features coded at the moment. I am not sure if the TeXLive
   base includes Powerdot. I would guess yes.


 Also can I add that the ConTeXt typesetter is available in TeXLive,
  which claims to do presentations too, although I have never tried it.

  ConTeXt puts more emphasis on page layout than any previous TeX
  compiler. To me it feels like arranging a HTML page using CSS.

  Also I there will be binary packages for 4.3, maybe even on the cdrom, I
  dont know. You can get binary packages for -current on the ftp servers,
  and I have backported to 4.2 for people who wish to use TeXLive on 4.2
  , although the packages were made before Predrag found the powerdot bug.
  The fix is simple, see the patch on your ports tree:

  
 /usr/ports/print/texlive/texmf-minimal/patches/patch-texmf_dvips_config_config_ps

  (basically overwrite the old config.ps with the svn one)

  4.2 packages for i386 and sparc64 here:
  http://students.dec.bmth.ac.uk/ebarrett/texlive/3rd/4.2

  A good starting point for links to docs and examples for ConTeXt is:
  http://wiki.contextgarden.net

  Also my battery has died on my laptop (Thinkpad R50e), which I used to
  use for on the go TeXLive hackage. At the risk of sounding rude, can
  anyone make a donation or tell me to shut up atleast as I am not a
  developer with an @openbsd email address.

  Thats right, Im playing the student trumph card :)


  --

  Best Regards
  Edd

  http://students.dec.bmth.ac.uk/ebarrett

[OT] Pursuing Management to adopt OpenBSD

[Chris]

I been trying (rather unsuccessfully) to convince various clients and
employers to adopt OpenBSD. Most people, I find, are resistent to
change and would not use anything they are not familiar with. Others
would say that if I leave the job, it would be hard to find people who
can use (or even heard of) OpenBSD and in some places Management never
heard of OpenBSD and have very little clue as to how good or bad it is
compared to Linux/ Solaris and Windows thus they will just knock off
the proposal in 2 seconds.

Is there any way I could convince these people to make the move to
OpenBSD? Suggestions, tips and tricks along with real life examples
would be much appreciated. Thanks.

Re: [OT] Pursuing Management to adopt OpenBSD

[bofh]

If they resist change, you have no hope.  When I have implemented OpenBSD,
it is because I needed to do something quickly, and am supporting it
myself.  I have set up DNS, reverse proxies, web servers, jabber,
application (tomcat) servers, ntp, and others this way.

War stories will never convince them.  If you persist on going down this
route, make sure you have a quote in hand for 24x7 support of OpenBSD as
well.

Also make sure you train the rest of the team.  If they already know unix,
it's easier, but you still need to train them.

-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity. --
Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted. -- Gene Spafford
learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: [OT] Pursuing Management to adopt OpenBSD

[Gerardo Santana Gómez Garrido]

On 3/20/08, Chris [EMAIL PROTECTED] wrote:
 I been trying (rather unsuccessfully) to convince various clients and
  employers to adopt OpenBSD. Most people, I find, are resistent to
  change and would not use anything they are not familiar with. Others
  would say that if I leave the job, it would be hard to find people who
  can use (or even heard of) OpenBSD and in some places Management never
  heard of OpenBSD and have very little clue as to how good or bad it is
  compared to Linux/ Solaris and Windows thus they will just knock off
  the proposal in 2 seconds.

  Is there any way I could convince these people to make the move to
  OpenBSD? Suggestions, tips and tricks along with real life examples
  would be much appreciated. Thanks.

Managers are all alike. Their priority is to save their asses, to have
someone to blame in case of problems. That's why they spend a lot of
money in big contracts with Big Companies and don't like to take any
risk with software that doesn't have commercial support.

I've been lucky, because wherever I have gone, the network is a mess.
That gives me the justification to fix the problem with that
wonderful, security-oriented and free tool called OpenBSD.

After that, I've documented every maintenance task. That way your
manager can be confident that, when a truck hits you, anyone can get
the documentation and keep maintaining the thing.

-- 
Gerardo Santana

trouble configuring snmpd

[Fratiman Vladut]

I try to configure snmpd in oreder to monitor traffic on openbsd.
I use snmpconf, and configure only community name. The generated 
snmpd.conf look like this:

###
#
# snmpd.conf
#
#   - created by the snmpconf configuration program
#
###
# SECTION: Access Control Setup
#
#   This section defines who is allowed to talk to your running
#   snmp agent.

# rocommunity: a SNMPv1/SNMPv2c read-only access community name
#   arguments:  community [default|hostname|network/bits] [oid]

rocommunity  someone

When i run snmpd in debug mode, i receive an error that say about syntax 
error into snmpd.conf at line where is defined community name.

What is wrong?

Re: [OT] Pursuing Management to adopt OpenBSD

[Gerardo Santana Gómez Garrido]

On 3/20/08, Gerardo Santana Gsmez Garrido [EMAIL PROTECTED] wrote:
  After that, I've documented every maintenance task. That way your
  manager can be confident that, when a truck hits you, anyone can get
  the documentation and keep maintaining the thing.

Anyone with a Unix/Unix-like background, of course. The documentation
should be dumbed down enough to find it easy to follow for these guys,
which is not very difficult, given OpenBSD ease of use.


--
Gerardo Santana

Re: [OT] Pursuing Management to adopt OpenBSD

[bofh]

Oh yeah, I almost implemented nedi at the last place too.  That would
have been sweet.





On 3/20/08, bofh [EMAIL PROTECTED] wrote:
 If they resist change, you have no hope.  When I have implemented OpenBSD,
 it is because I needed to do something quickly, and am supporting it
 myself.  I have set up DNS, reverse proxies, web servers, jabber,
 application (tomcat) servers, ntp, and others this way.

 War stories will never convince them.  If you persist on going down this
 route, make sure you have a quote in hand for 24x7 support of OpenBSD as
 well.

 Also make sure you train the rest of the team.  If they already know unix,
 it's easier, but you still need to train them.

 --
 http://www.glumbert.com/media/shift
 http://www.youtube.com/watch?v=tGvHNNOLnCk
 This officer's men seem to follow him merely out of idle curiosity. --
 Sandhurst officer cadet evaluation.
 Securing an environment of Windows platforms from abuse - external or
 internal - is akin to trying to install sprinklers in a fireworks factory
 where smoking on the job is permitted. -- Gene Spafford
 learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related


-- 
Sent from Gmail for mobile | mobile.google.com

http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

another spamd log question

[Jose Fragoso]

Hi,

Let us say I run a script which analyses the spamd log file saved
more than 4 hours ago. Can I assume that the messages of the type:

...: ipaddress1: disconnected after X seconds.

that do not specify a list and for which ipaddress1 is not
whitelisted at the momentare spams caught by the greylist process?
or are there some exceptions?

Thanks for your comments.

Regards,

Jose.


--
Want an e-mail address like mine?
Get a free e-mail account today at www.mail.com!

Re: [OT] Pursuing Management to adopt OpenBSD

[Richard Daemon]

On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote:
 I been trying (rather unsuccessfully) to convince various clients and
  employers to adopt OpenBSD. Most people, I find, are resistent to
  change and would not use anything they are not familiar with. Others
  would say that if I leave the job, it would be hard to find people who
  can use (or even heard of) OpenBSD and in some places Management never
  heard of OpenBSD and have very little clue as to how good or bad it is
  compared to Linux/ Solaris and Windows thus they will just knock off
  the proposal in 2 seconds.

  Is there any way I could convince these people to make the move to
  OpenBSD? Suggestions, tips and tricks along with real life examples
  would be much appreciated. Thanks.


I'm in the same boat... Wondering the same things and looking for ways
as well, especially with the clueless IT manager types that have only
heard of Linux or Solaris at most.

Now if only someone could write a book on how to sell free, OSS
solutions like this (with a lot of focus on OpenBSD) I would be one of
the first to pre-order it!

Re: [OT] Pursuing Management to adopt OpenBSD

[System Administrator]

On 20 Mar 2008 at 20:33, Richard Daemon wrote:

 On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote:
  I been trying (rather unsuccessfully) to convince various clients
 and
   employers to adopt OpenBSD. Most people, I find, are resistent to
   change and would not use anything they are not familiar with.
 Others
   would say that if I leave the job, it would be hard to find people
 who
   can use (or even heard of) OpenBSD and in some places Management
 never
   heard of OpenBSD and have very little clue as to how good or bad it
 is
   compared to Linux/ Solaris and Windows thus they will just knock
 off
   the proposal in 2 seconds.
 
   Is there any way I could convince these people to make the move
 to
   OpenBSD? Suggestions, tips and tricks along with real life
 examples
   would be much appreciated. Thanks.
 
 
 I'm in the same boat... Wondering the same things and looking for
 ways
 as well, especially with the clueless IT manager types that have
 only
 heard of Linux or Solaris at most.
 
 Now if only someone could write a book on how to sell free, OSS
 solutions like this (with a lot of focus on OpenBSD) I would be one
 of
 the first to pre-order it!
 
 

There is no magic to selling OSS or for that matter, any kind of 
solution. Only two things ever sell. The first, easiest, default sale 
is brand name -- can anyone provide a _technical_ reason for any 
company to buy the over-priced AND under-powered CISCO iron? (and the 
older folks will remember the saying no-one ever got fired for buying 
IBM which finally died in the eighties.) There is a silver lining here 
for the successful consultant (whether outside or in-house expert) -- 
you make the sale by BECOMING the brand name, i.e. once you are 
accepted as THE expert, ANY solution you propose will sail.

The second sale is that of opportunity and was described earlier on 
this thread by Gerardo Santana -- in certain engagements there is a 
genuine interest in solving a genuine problem, and you are given the 
freedom to choose your own tools (or rope to hang yourself if you over-
reach). If you are successful at picking and solving these engagements, 
you eventually become a recognized expert -- see previous paragraph.

-
System Administrator[EMAIL PROTECTED]
Bitwise Internet Technologies, Inc.
22 Drydock Avenue tel: (617) 737-1837
Boston, MA 02210  fax: (617) 439-4941

Re: [OT] Pursuing Management to adopt OpenBSD

[Giancarlo Razzolini]

Chris escreveu:
 I been trying (rather unsuccessfully) to convince various clients and
 employers to adopt OpenBSD. Most people, I find, are resistent to
 change and would not use anything they are not familiar with. Others
 would say that if I leave the job, it would be hard to find people who
 can use (or even heard of) OpenBSD and in some places Management never
 heard of OpenBSD and have very little clue as to how good or bad it is
 compared to Linux/ Solaris and Windows thus they will just knock off
 the proposal in 2 seconds.

 Is there any way I could convince these people to make the move to
 OpenBSD? Suggestions, tips and tricks along with real life examples
 would be much appreciated. Thanks.


The enterprise i work on always made their firewall/proxy solutions
using linux. The responsible was having trouble using the iproute2
voodoo to make 2 isp links to work. I then suggested using openbsd. I
didn't had at the time knowledge to do that, but suggested it anyway,
cause pf looked to me much simpler than iptables. When i learned that a
single route-to statement would throw all the ip route + MARK shit on
linux, i convinced the manager to use it on our clients. Nowadays we
have lots of carp firewalls, and some clients with 2 or 3 isp's. Working
with ifstated and a bunch of scripts to check link availability. This
kind of thing is one way to convince. The other would be the EXPERT
thing mentioned before. Today, i convince much more being an EXPERT than
 telling all the great things open is capable of.

My regards,

--
Giancarlo Razzolini
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Ubuntu 7.04 Feisty Fawn
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: [OT] Pursuing Management to adopt OpenBSD

[Gary Thornock]

On Thu, Mar 20, 2008 at 5:50 PM, Chris [EMAIL PROTECTED] wrote:
 I been trying (rather unsuccessfully) to convince various clients
 and employers to adopt OpenBSD. Most people, I find, are resistent
 to change and would not use anything they are not familiar with.
 Others would say that if I leave the job, it would be hard to find
 people who can use (or even heard of) OpenBSD and in some places
 Management never heard of OpenBSD and have very little clue as to
 how good or bad it is compared to Linux/ Solaris and Windows thus
 they will just knock off the proposal in 2 seconds.

 Is there any way I could convince these people to make the move to
 OpenBSD? Suggestions, tips and tricks along with real life examples
 would be much appreciated. Thanks.

Introducing a new operating system into an already working
environment
can be a tricky proposition -- politically even more than
technically.
If you want to bring in OpenBSD, look for specific needs that aren't
being met by any existing systems, and show how OpenBSD can meet
those
needs.

It probably won't be the main company server, at least at first.  As
it becomes more familiar, and the benefits become clear, management
will be more open to expanding its role in the company.

A few good resources:
http://www.onlamp.com/pub/a/bsd/2001/10/18/Big_Scary_Daemons.html
http://advocacy.daemonnews.org/
http://www.oreillynet.com/sysadmin/blog/2004/11/bsd_success_stories.html

In the PDF linked from that last article, I'd look particularly at
the
success story that Michael Lehey describes with OpenBSD (starting on
page 8), but also to the advocacy advice offered by Joe Warner (page
16):

  When I first started using FreeBSD, I was so amazed and taken
  with it that I could be heard preaching the BSD gospel almost
  every day. Keep in mind that most people will continue to use
  whichever operating system or application they are comfortable
  with. Don't be such an advocate that people become afraid to even
  mention the words 'FreeBSD','NetBSD', 'OpenBSD' or 'BSD' around
  you. Remember, the louder you are, the harder it can be to hear
  you. The phrase, 'Action speaks louder than words', certainly
  applies here. Quietly learn about the BSDs, how to use them, and
  offer the amazing demonstration when the opportunity presents
  itself.

Re: Problems with socket created before fork() in multi-threaded application

[Philip Guenther]

On Thu, Mar 20, 2008 at 3:01 PM, Tvrvk Edwin [EMAIL PROTECTED] wrote:
  ClamAV has changed to call fork() after creating its local socket.
  This causes weird behaviours when communicating on the socket [1]

  If fork() is called before creating the socket() it works.

  Is it safe to create a socket, fork(), and then call pthread_create()
  and read from the socket?

The relevant passages from the Single Unix Specification were cited in
the thread on the FreeBSD list.  The rule is that if the process had
more than one thread when fork() was called, then the child can only
call async-signal safe functions until it calls execle(), execve(),
_exit(), or _Exit().  pthread_create() is not async-signal safe, so to
answer your question to you have to look at the state of the process
before the call to fork().

The underlying problem is that after the fork(), the child's state may
include such things as mutexes which are locked by threads that no
longer exist and mutexes that have non-existent threads in their
'waiting' queue.  pthread_create() probably needs to allocate memory
for the thread's handle and stack; if some other thread was in
malloc() at the time of the fork(), then the heap is probably both
locked and inconsistent in the child.


  It seems not to work, the thread gets stuck in pthread_mutex_lock(), and
  it  is not woken up even after the mutex is free. Moving fork() before
  the socket avoids this.
  Is this intended behaviour or a bug?

If there was more than one thread in the process when fork() was
called, then it's a bug in clamav.  Period.

(If there were any threads before the fork() that may have been
blocked on the mutex, then the behavior is completely predictable, as
the mutex's wait queue has an entry for a thread that no longer
exists.)


  I found that calling non-async-signal-safe functions after fork() can
  cause problems on FreeBSD [2], is the situation the same on OpenBSD?

Yes.  The program is non-conformant.


Philip Guenther

Re: [OT] Pursuing Management to adopt OpenBSD

[Nick Holland]

Chris wrote:
 I been trying (rather unsuccessfully) to convince various clients and
 employers to adopt OpenBSD. Most people, I find, are resistent to
 change and would not use anything they are not familiar with. Others
 would say that if I leave the job, it would be hard to find people who
 can use (or even heard of) OpenBSD and in some places Management never
 heard of OpenBSD and have very little clue as to how good or bad it is
 compared to Linux/ Solaris and Windows thus they will just knock off
 the proposal in 2 seconds.
 
 Is there any way I could convince these people to make the move to
 OpenBSD? Suggestions, tips and tricks along with real life examples
 would be much appreciated. Thanks.

*) Respect the work that has come before you.  No one likes someone
who walks in and says, Let's change everything, because this is what
I know!.  Wait until you know the real problems...then deliver
solutions based on the problem, not based on your desires.

*) Prove to them that you know what you are doing on OTHER things.
Solve real problems, make things work better, document existing
systems.  Give them reason to trust your judgment and quality of
work.

*) Prove to them that you can (and do) document the systems you are
responsible for.

*) Point out the relative unknownness of various products already
in your environment.  I.e., if you have a SAN that only one person
in the office knows how to configure, you have just won the not
familiar argument.  Even if it is the Indu$try $andard $olution,
the How you configured it in your environment is critical.

*) Point out that people who know OpenBSD may not be falling out of
trees, people who REALLY know Linux, Solaris, Cisco, Juniper, EMC,
Xiotech, Windows, etc. WELL (i.e., not just a hack with a sheet of
paper that would be more useful in the bathroom than on the wall)
are not common, either...and if they are really good at what they
do, they already have jobs, and you will pay THROUGH THE NOSE and
every other orifice you have to get them to come work for you.  The
ones sitting around waiting for the phone to ring aren't that good.
I recently heard a guy enjoying the idea of a $150k/yr job he had
heard about to maintain an industry standard firewall.  Why so
much?  Because there weren't very many good people available to
maintain this standard device.  AND, the ability to grow-your-own
expert was about zero, because you could not grab an old junk
machine and build a demo or test machine, you had to shell out big
money for their box and their training.  And, if you don't pay
them a lot, your expert will go elsewhere once you make them an
expert.

*) Show how easy it is to BUILD your own experts.  If you want to
learn Solaris, you will be looking at buying some newish computers
to run it on.  If you want to learn OpenBSD, you can do it on old
junk!  You can teach your co-workers, they can work with old
company equipment to learn more.  Try that with the big name
products.  (funny story: former employer, we built a very nice set
of OpenBSD firewalls.  Massive redundancy, DR, etc., ALL out of
spare parts.  An ex-boss got a bug up his butt about having Juniper
on his resume, so he brought in a pair of probably $40k Juniper
firewalls.  But...I don't speak Juniper.  Fine, we'll have E.
do it!.  E. wasn't quite up to the task, and he got fed up
with the BS and quit.  Now the boss had NO one who could bring up
his babies.  He was later fired, and the new resume-stuffing boss
didn't like Juniper, but liked Cisco, so in come a new pair of
$50k boxes. The never-used Junipers are currently sitting in a
warehouse somewhere, and a consultant made a LOT of money
replacing our OpenBSD firewalls with the Ciscos that accomplished
the EXACT SAME THING).

*) Point out that there are a lot of people LOOKING for
experts in these industry standard systems, and they are not
finding good ones.  Lots of people looking is BAD for your
company, not good!  That bids up the prices and that discourages
long-term employment.

*) Demonstrate, don't talk.  Don't say, it would be nice if you
handed me $4000 for this project, grab an old junk machine and
build a demonstrator.  Do it right -- include the disaster recovery,
the backup, the repair and the documentation in your demonstrator.
IF it proves that's all you need, you are done!

*) Hook your co-workers.  OpenBSD is fun, and it is very easy to
learn (not just load).  I managed to get a co-worker interested,
he's now got an OpenBSD machine at home, which has been doing real
work for him and solving problems (and the Windows box puked its
guts, but the data was stored on Samba on the OpenBSD box, and now
his wife is a fan, too! :)  Guess what?  We now have TWO OpenBSD
experts in the office. (which is probably more than we have of the
official company solution).

*) Solve real problems with OpenBSD.  On my second day on the job,
the guy I was replacing told me about one problem he had -- a mail
server would collect huge amounts of mailer 

CanSecWest 2008 PWN2OWN - Mar 26-28

[Dragos Ruiu]

Calendar Notes:
===

PacSec 2008 will be on November 12/13 in Tokyo at Aoyama Diamond Hall.

EUSecWest 2008 will be on May 21/22 at a fun new venue in central London.
(We cooked this schedule up so it will enable people to fly to Berlin on 
the 23rd and make FX's ph-neutral on Saturday the 24th - which also 
has a fun new venue. Island???!?)

The EUSecWest 2008 CFP opens tomorrow and closes _before_ April 1 :-).
EUSecWest registration is now open.


Announcing CanSecWest PWN2OWN 2008.
===

Three targets, all patched.  All in typical client configurations with
typical user configurations.  You hack it, you get to keep it.

Each has a file on them and it contains the instructions and how to 
claim the prize.

Targets (typical road-warrior clients):

VAIO VGN-TZ37CN running Ubuntu 7.10
Fujitsu U810 running Vista Ultimate SP1
MacBook Air running OSX 10.5.2

This year's contest will begin on March 26th, and go during the 
presentation hours and breaks of the conference until March 28th. 
The main purpose of this contest is to present new vulnerabilities in 
these systems so that the affected vendor(s) can address them.
Participation is open to any registered attendee of CanSecWest 2008.

Once you extract your claim ticket file from a laptop (note that doing 
so will involve executing code on the box, simple directory traversal 
style bugs are inadequate), you get to keep it. You also get to 
participate in 3com / Tipping Point's Zero Day Initiative, with the top 
award for remote, pre-auth, vulnerabilities being increased this year.
Fine print and details on the cash prizes are available from 
TippingPoint's DVLabs blog (http://dvlabs.tippingpoint.com/). 
More fine print and rules for the contest will be found at 
the http://cansecwest.com/ site.

Quick Overview:

-Limit one laptop per contestant.
-You can't use the same vulnerability to claim more than one box, if it 
 is a cross-platform issue.
-Thirty minute attack slots given to contestants at each box.
-Attack slots will be scheduled at the contest start by the methods 
 selected by the judges.
-Attacks are done via crossover cable. (attacker controls default route)
-RF attacks are done offsite by special arrangement...
-No physical access to the machines.
-Major web browsers (IE, Safari, Konqueror, Firefox), widely used and 
 deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, 
 Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, 
 kmail) are all in scope.




Fine Print:

These computers are REAL and FULLY patched. All third party software is 
widely used. There are no imitation vulnerabilities. Any exploit 
successfully used in this contest would also compromise a significant 
percentage of Internet connected hosts.  Instead, players choose to use 
their exploits here, at CanSecWest PWN2OWN 2008.  All successful exploits 
will be turned over to the appropriate vendor and patched before details 
are made public.


Rules

1. Attacks remain confidential until prize is claimed

Players will connect to the targets with a crossover cable and we will
not record the network traffic or log anything other than what is done
by default.

Successful exploits can be delivered directly to Tipping Point after the 
we verify that you control the target.

In the event that internet connectivity is required (eg. IM clients)
we will put the target online behind a firewall. We won't sniff at the
firewall, but we can make no guarentees for upstream networks. (so be
careful what you send over the Internet!)

2. No wireless attacks in the conference area

Players with intent to use wireless attacks must inform us in advance.
We will relocate to a secluded, undisclosed location where there won't
be dozens of people watching the traffic.

3. One attacker per target at a time

As is obvious from rule #1 and rule #2, one player gets exclusive access 
to any target at one time.

4. Players take turns, no hogging the targets

Players are limited to 30 minutes per attempt. We will mercilessly 
disconnect your cable at the end of each attack slot. Be fast!
We will reboot the targets before each session begins.

5. First come, first served access to targets.

Players get in line for their turns and may take an unlimited number
of turns. If a player runs out of time and no one else is waiting for
access to the target he may continue for another turn. Players may not
have more than 1 turn in any 30 minute period. (That means we won't
reboot a target any time you feel like it)

6. Remote, pre-authentication attacks are required to win

Players may not physically touch the targets or look at the target's 
display. Players are required to demonstrate to our satisfaction that 
arbitrary code runs on the target.

7. Attackers control the default route for the target.

Players may become the target's default gateway in order to perform man 
in the middle attacks. 

8. Contest officials 

Re: trouble configuring snmpd

[Reyk Floeter]

On Fri, Mar 21, 2008 at 12:23:45AM +0200, Fratiman Vladut wrote:
 rocommunity  someone
 
 When i run snmpd in debug mode, i receive an error that say about syntax 
 error into snmpd.conf at line where is defined community name.
 What is wrong?
 

are you trying to use openbsd's snmpd with a net-snmp configuration?
it is totally different.

reyk