Re: slapd hangs, was: Re: OpenLDAP and Berkeley DB 4.6

[my mail]

--- On Tue, 8/5/08, Marc Balmer [EMAIL PROTECTED] wrote:

 From: Marc Balmer [EMAIL PROTECTED]
 Subject: Re: slapd hangs, was: Re: OpenLDAP and Berkeley DB 4.6
 To: Toni Mueller [EMAIL PROTECTED]
 Cc: misc@openbsd.org

 ports@, and CC the maintainer (in this case, me).
 
  
  
  TIA!
  


openldap + dbd is broken isn't right?
i have read in this article [1], he said the bdb flavor, providing support for 
the bdb and hdb backends, is marked as broken on OpenBSD 4.3




[1]http://www.kernel-panic.it/openbsd/pdc/pdc2.html#pdc-2.2

Own keyboard encoding cz (cs)

[Tomas Bodzar]

Hi all,



I'm reading throw man pages kbd,wsconcs,wsconscfg,looking on Google and so on,

but can't find some useful kick-of.Do you know about some paper about it?

I found something from http://www.netbsd.org/docs/guide/en/chap-cons.html .

I looked in wsksymdef.h ,there is a support for ISO-8859-2 (not for UTF-8),

but how can I type our national characters if I can use only us or others?

Can I use codes for these characters?



Thanks a lot for your help



PS: I don't want do this and this,read this and this is enough for me

Re: syslogd -a question

[Alexander Hall]

Stuart VanZee wrote:

Hello OpenBSD Misc,

I have been doing some work with chrooting user accounts for
a project, and now I am looking to get syslogd working. I
found out that I need a log socket in the chroot environ
for this to work and the -a option does this fine and works
great!  BUT... now that I have one working, I need to be
able to chroot a whole bunch of these and looking in the
syslogd man page I see:

-a path
Specify a location where syslogd should place an additional log
socket.  Up to about 20 additional logging sockets can be speci-
fied.  The primary use for this is to place additional log sock-
ets in /dev/log of various chroot filespaces.

The part that worries me is the Up to about 20 part.  Is
this a hard limit?  Is there a way to extend this?  I am
looking at setting up around 100 user accounts like this but
most of them will only be used a few times a month so I'm
not really worried about resources too awful much.

Currently I am using OpenBSD 4.3


From looking at the source, I'd guess that tweaking 
/usr/src/usr.sbin/syslogd/syslogd.h and set MAXFUNIX to a larger number 
than 21 should be pretty straightforward. I'm not in the position to say 
whether large numbers would be appropriate though, for example by some 
limitation of poll(2).


/Alexander

Re: acer aspire one dmesg?

[Freddy DISSAUX]

Hi,

OpenBSD 4.4-beta (GENERIC.MP) #835: Mon Aug  4 12:50:17 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR
real mem  = 524206080 (499MB)
avail mem = 498372608 (475MB)
RTC BIOS diagnostic error 80clock_battery
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/09/08, SMBIOS rev. 2.4 @ 0xe8d90 (31 
entries)
bios0: vendor INSYDE version v0.3109 date 05/09/2008
bios0: Acer AOA110
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP SSDT HPET APIC MCFG ASF! SLIC BOOT
acpi0: wakeup devices P32_(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) ECHI(S3) 
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) AZAL(S0) MODM(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (P32_)
acpiprt2 at acpi0: bus 1 (EXP1)
acpiprt3 at acpi0: bus 2 (EXP2)
acpiprt4 at acpi0: bus 3 (EXP3)
acpiprt5 at acpi0: bus 4 (EXP4)
acpiec0 at acpi0
acpicpu0 at acpi0
acpicpu1 at acpi0
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit offline
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xec00! 0xcf000/0x1000
cpu0: unknown Enhanced SpeedStep CPU, msr 0x060f0c2406000c24
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1600 MHz (1276 mV): speeds: 1600, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0x2000, size 0x1000
drm at vga1 unsupported
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 4 int 
16 (irq 11)
azalia0: codec[s]: Realtek/0x0268
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 4 int 16 
(irq 255)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 4 int 17 
(irq 255)
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102EL (0x2480), apic 
4 int 17 (irq 11), address 00:00:00:00:00:00
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 4 int 18 
(irq 255)
pci3 at ppb2 bus 3
ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 4 int 18 (irq 11)
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR5_ETSIC, address 00:22:68:ab:5c:1a
ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 4 int 19 
(irq 255)
pci4 at ppb3 bus 4
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 4 int 16 
(irq 11)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 4 int 17 
(irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 4 int 18 
(irq 11)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 4 int 19 
(irq 11)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 4 int 16 
(irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci5 at ppb4 bus 5
ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 1 drive 0: P-SSD1800
wd0: 1-sector PIO, LBA, 7695MB, 15761088 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 4
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x02: apic 4 int 17 
(irq 11)
iic0 at ichiic0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: 

ospf6d does not exist in 4.4-beta

[Marco Fretz]

Hi everyone,

Any idea, why there is no information about ospf6d and no binary but a 
/etc/ospf6d.conf? I want to run ospfd (the OpenBSD ospfd, not the zebra 
one) for IPv6.


Thanks for any feedback.

Best regards
 Marco

tab gets lost on display

[Markus Lude]

Hello,
while using grep on tab separated data I spotted some strange thing
today. Somehow the last tab isn't displayed:

$ echo 1   
1234567 123
1   
1234567123

To see the tabs more easier:

$ echo 1   
1234567 123 | cat -evt
1^I^I^I^I^I^I^I^I^I1234567^I123$

I used an xterm with width 80. Any ideas where the problem may be? Or is
this for some strange reason considered normal?

I'm running the latest snapshot on sparc64 here.

Regards,
Markus

Re: Own keyboard encoding cz (cs)

[Tomas Bodzar]

I read wsfontload(8),but there is only ISO-8859-1,IBM and pcvt.

In cs is only about 15 special characters (don't know exactly right now)

like  ' DE!D
EEC=C!C-C)C:E/ '.I thought,that there is way like for de,sv and others.



TB



-Original Message-

From: Miod Vallat [mailto:[EMAIL PROTECTED]

Sent: Wednesday, August 06, 2008 1:49 PM

To: Tomas Bodzar

Cc: misc@openbsd.org

Subject: Re: Own keyboard encoding cz (cs)



 I'm reading throw man pages kbd,wsconcs,wsconscfg,looking on Google

 and so on, but can't find some useful kick-of.Do you know about some

 paper about it?

 I found something from http://www.netbsd.org/docs/guide/en/chap-cons.html .

 I looked in wsksymdef.h ,there is a support for ISO-8859-2 (not for

 UTF-8), but how can I type our national characters if I can use only us or 
 others?

 Can I use codes for these characters?



On vga-compatible displays, you could load a font with the proper

ISO-8859-2 characters with wsfontload(8). On frame buffer displays there is 
currently no way to extend the built-in ISO-8859-1 font at the moment.



All of this is being worked on (there is uncommited code to have wscons support 
UTF-8, but a few things need to be sorted out before it goes in).



Miod

Re: Package (goffice) missing on ftp.eu.openbsd.org

[Antti Harri]

On Tue, 5 Aug 2008, Stuart Henderson wrote:


On 2008-08-05, Antti Harri [EMAIL PROTECTED] wrote:

Hi,

I was wondering why hasn't there been a package of
goffice at ftp.eu.openbsd.org [1] for some time now? I
can see it on ftp.openbsd.org which seems to be
its source.

ftp.html didn't have info about the server admins
so I thought I'd ask here.


Where available, it's in www/build/mirrors.dat.


Ah thanks. I included Janne's address in this thread.


[1] ftp://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/i386/


Looking at file dates, this is halfway through sync'ing,
try again in a while.

...
-r--r--r--  1 742  0 113979 Jul 28 23:50 guilib-1.1.1p5.tgz
-r--r--r--  1 742  0  81445 Jul 28 23:50 gutenpy-0.3.0p2.tgz
-r--r--r--  1 742  0 231501 Jul 28 23:50 gv-3.5.8p4.tgz
-r--r--r--  1 742  0 935090 Jul 28 23:50 gwenview-1.4.2p4.tgz
-r--r--r--  1 742  01540911 Jul 28 23:50 gwenview-i18n-1.4.2.tgz
-r--r--r--  1 742  01843254 Aug  1 00:58 gxemul-0.4.6.5.tgz
-r--r--r--  1 742  0  15709 Aug  1 00:58 gxmessage-2.6.2p2.tgz
-r--r--r--  1 742  0  25589 Aug  1 00:58 ha-0.999b.tgz
-r--r--r--  1 742  0  60835 Aug  1 00:58 hackdata-3.4.3.tgz
-r--r--r--  1 742  01739530 Aug  1 00:58 haddock-0.8.tgz
...


I haven't been keeping count but that was at least second if not the
third time already. That's why I thought I'd report about it.

Shouldn't the mirror have the old version of goffice there, just like it
has the rest of the old snapshot?

Also the interval seems to be rather long if it's still not synced
with packages from 1st of August..

Thanks for the server though, it has been working otherwise okay.

--
Antti Harri

PF and DHCP hakz

[Duncan Patton a Campbell]

Howdy List?

As some of you may have gathered from previous posts, I have been
working on a pf configuration that will allow a gateway firewall 
machine to talk to two or more ISP services and allow for the
differential routing of data connections from client's services 
both behind the firewall and on it (e.g. a TOR, HTTP server or other proxy).

An additional complexity is introduced in that most prospective
users of such a configuration are small to medium businessess that
engage only DHCP services from ISPs.  This means the IP address,
default route and name servers associated with a particular service
provider can (and do) change over the period the firewall gate 
is up for, moreover the lease times granted can change from time
to time.  Also, nameservers for most ISP are configured to only
answer queries from the ISP's subnet(s) and the standard dhclient-
script does not accomodate this.

In order to make such a configuration work, I introduce some hacks
into the dhclient-script such that when the dhclient processess
associated with a particular interface are triggered to renew 
a lease, a piece of prolog code is called that touches the following
configs:

filedata mod

/etc/pf.confgatewayIP
/etc/resolv.confnameservers (for default route)
/etc/dhclient.conf  nameservers (for dhclient routes)
[routetable]default route for firewall

To do this, I create a directory, /etc/pf, containing the following files:

filepurpose

dhclient-script dhclient-script modified to call replall from
add_new_routes() subroutine, and stub 
add_new_resolv_conf() as resolv.conf must 
only reference nameservers for the default 
route;
slink'd to /sbin/dhclient-script.
dhcpd.cnf.[interface]   one for each internal interface 
to provision dhcpd services
droute.IF   define the firewall's default route interface
pf.cnf  template pf ruleset into which the specific
interface gateways are inserted (replall looks
for lines begining with ext_gw_{IFN} ).
replall slink to compiled gprolog code hooked from 
dhclient-script that does the various 
manipulations.
gplg/Makefile   make for gprolog code
gplg/dlib.plprolog support code -- dlib==duncan's lib;)
gplg/replallgprolog executable
gplg/replall.pl gprolog source


A completed working instance of this scheme can be found at:

http://neotext.ca/RefR/pf.dhcp/

It has been tested on a machine with 1 static and 1 DHCP gateway as
well as on a machine with 2 DHCP gateways.

And yes, I know that most of you will think I'm daft to use prolog for 
a task that could be done in sh/perl/python.  It's really just a matter
of what you are most comfortable with... if a good reason comes up I might
recode it in C.

Dhu

Re: acer aspire one dmesg?

[Jonathan Gray]

On Wed, Aug 06, 2008 at 09:23:49AM +0200, Freddy DISSAUX wrote:
 
 Be careful whith re0, no mac address detected:
 re0 [ snip ] address 00:00:00:00:00:00

The mac address should display correctly with a newer snapshot,
reading out via the EEPROM is now bypassed on these newer PCIE
re variants.

Re: tab gets lost on display

[Alexander Hall]

Markus Lude wrote:

Hello,
while using grep on tab separated data I spotted some strange thing
today. Somehow the last tab isn't displayed:

$ echo 1  1234567 
123
1   
1234567123

To see the tabs more easier:

$ echo 1  1234567 
123 | cat -evt
1^I^I^I^I^I^I^I^I^I1234567^I123$

I used an xterm with width 80. Any ideas where the problem may be? Or is
this for some strange reason considered normal?

I'm running the latest snapshot on sparc64 here.


I'd guess the proper way to see it is that last tab is performed, 
rather than displayed. Fiddling with the terminal width makes me think 
that the missing tab moves the cursor to the end of the window but no 
further (and in this case it is already there). This is probably 
expected and proper behaviour, considering how regular typewriters works 
(or used to work). :)


/Alexander

Re: MPLS On OpenBGP

[demuel]

Will it be likely possible and feasible to add MPLS feature on OpenBGPd?

Re: ospf6d does not exist in 4.4-beta

[Claudio Jeker]

On Wed, Aug 06, 2008 at 11:16:19AM +0200, Marco Fretz wrote:
 Hi everyone,

 Any idea, why there is no information about ospf6d and no binary but a 
 /etc/ospf6d.conf? I want to run ospfd (the OpenBSD ospfd, not the zebra 
 one) for IPv6.


It is not yet in usable state so it is not enabled.

-- 
:wq Claudio

Re: acer aspire one dmesg?

[Stuart Henderson]

On 2008-08-06, Freddy DISSAUX [EMAIL PROTECTED] wrote:
 OpenBSD 4.4-beta (GENERIC.MP) #835: Mon Aug  4 12:50:17 MDT 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP

 Be careful whith re0, no mac address detected:
 re0 [ snip ] address 00:00:00:00:00:00

Your snapshot is too old. :-)

Re: Own keyboard encoding cz (cs)

[Miod Vallat]

I read wsfontload(8),but there is only ISO-8859-1,IBM and pcvt.


Oops, you're right. This should be fixed as well eventually (-:

Miod

Re: tab gets lost on display

[Stuart Henderson]

On 2008-08-06, Markus Lude [EMAIL PROTECTED] wrote:
 while using grep on tab separated data I spotted some strange thing
 today. Somehow the last tab isn't displayed:

 $ echo 1 1234567 
 123
 1 
 1234567123

 To see the tabs more easier:

 $ echo 1 
 1234567 123 | cat -evt
 1^I^I^I^I^I^I^I^I^I1234567^I123$

 I used an xterm with width 80. Any ideas where the problem may be? Or is
 this for some strange reason considered normal?

Looks like an xterm bug. This works ok in a normal console,
and works ok in screen in a normal console, but fails in an
xterm or screen in an xterm.

Let's make it easier for people to test;

$ printf 1\t\t\t\t\t\t\t\t\t1234567\t123

Re: acer aspire one dmesg?

[Freddy DISSAUX]

Le Wed, Aug 06, 2008 at 11:29:36PM +1000, Jonathan Gray icrivait:
 On Wed, Aug 06, 2008 at 09:23:49AM +0200, Freddy DISSAUX wrote:
  
  Be careful whith re0, no mac address detected:
  re0 [ snip ] address 00:00:00:00:00:00
 
 The mac address should display correctly with a newer snapshot,
 reading out via the EEPROM is now bypassed on these newer PCIE
 re variants.
 

Ok, i'll try newer snapshots and post the dmesg.

Re: Own keyboard encoding cz (cs)

[Tomas Bodzar]

Heh,it's ok.No one is perfect :-)



I found this table http://nl.ijs.si/gnusl/cee/charset.html

Maybe if I put these codes in wsksymdef.h as it's for de encoding,

make some other important changes and rebuild kernel.maybe cs is here :-)





-Original Message-

From: Miod Vallat [mailto:[EMAIL PROTECTED]

Sent: Wednesday, August 06, 2008 1:58 PM

To: Tomas Bodzar

Cc: misc@openbsd.org

Subject: RE: Own keyboard encoding cz (cs)



 I read wsfontload(8),but there is only ISO-8859-1,IBM and pcvt.



Oops, you're right. This should be fixed as well eventually (-:



Miod

Re: ospf6d does not exist in 4.4-beta

[Ted Unangst]

On 8/6/08, Marco Fretz [EMAIL PROTECTED] wrote:
  Any idea, why there is no information about ospf6d and no binary but a
 /etc/ospf6d.conf? I want to run ospfd (the OpenBSD ospfd, not the zebra one)
 for IPv6.

You have to build it yourself.  Which probably is a good sign it's not
ready for use yet.

Re: Own keyboard encoding cz (cs)

[Duncan Patton a Campbell]

On Wed, 6 Aug 2008 08:23:59 +0100
Tomas Bodzar [EMAIL PROTECTED] wrote:

 Hi all,
 
 I'm reading throw man pages kbd,wsconcs,wsconscfg,looking on Google and so on,
 but can't find some useful kick-of.Do you know about some paper about it?
 I found something from http://www.netbsd.org/docs/guide/en/chap-cons.html .
 I looked in wsksymdef.h ,there is a support for ISO-8859-2 (not for UTF-8),
 but how can I type our national characters if I can use only us or others?
 Can I use codes for these characters?
 
 Thanks a lot for your help
 
 PS: I don't want do this and this,read this and this is enough for me
 
 

See man luit and xorgconfig.

Dhu

Re: Own keyboard encoding cz (cs)

[Miod Vallat]

I'm reading throw man pages kbd,wsconcs,wsconscfg,looking on Google   
and so on,

but can't find some useful kick-of.Do you know about some paper about it?
I found something from http://www.netbsd.org/docs/guide/en/chap-cons.html .
I looked in wsksymdef.h ,there is a support for ISO-8859-2 (not for UTF-8),
but how can I type our national characters if I can use only us or others?
Can I use codes for these characters?


On vga-compatible displays, you could load a font with the proper
ISO-8859-2 characters with wsfontload(8). On frame buffer displays
there is currently no way to extend the built-in ISO-8859-1 font
at the moment.

All of this is being worked on (there is uncommited code to have wscons
support UTF-8, but a few things need to be sorted out before it goes in).

Miod

PF and DHCP hakz

[Duncan Patton a Campbell]

Oddly this does not appear to have made it thru...

Howdy List?

As some of you may have gathered from previous posts, I have been
working on a pf configuration that will allow a gateway firewall 
machine to talk to two or more ISP services and allow for the
differential routing of data connections from client's services 
both behind the firewall and on it (e.g. a TOR, HTTP server or other proxy).

An additional complexity is introduced in that most prospective
users of such a configuration are small to medium businessess that
engage only DHCP services from ISPs.  This means the IP address,
default route and name servers associated with a particular service
provider can (and do) change over the period the firewall gate 
is up for, moreover the lease times granted can change from time
to time.  Also, nameservers for most ISP are configured to only
answer queries from the ISP's subnet(s) and the standard dhclient-
script does not accomodate this.

In order to make such a configuration work, I introduce some hacks
into the dhclient-script such that when the dhclient processess
associated with a particular interface are triggered to renew 
a lease, a piece of prolog code is called that touches the following
configs:

filedata mod

/etc/pf.confgatewayIP
/etc/resolv.confnameservers (for default route)
/etc/dhclient.conf  nameservers (for dhclient routes)
[routetable]default route for firewall

To do this, I create a directory, /etc/pf, containing the following files:

filepurpose

dhclient-script dhclient-script modified to call replall from
add_new_routes() subroutine, and stub 
add_new_resolv_conf() as resolv.conf must 
only reference nameservers for the default 
route;
slink'd to /sbin/dhclient-script.
dhcpd.cnf.[interface]   one for each internal interface 
to provision dhcpd services
droute.IF   define the firewall's default route interface
pf.cnf  template pf ruleset into which the specific
interface gateways are inserted (replall looks
for lines begining with ext_gw_{IFN} ).
replall slink to compiled gprolog code hooked from 
dhclient-script that does the various 
manipulations.
gplg/Makefile   make for gprolog code
gplg/dlib.plprolog support code -- dlib==duncan's lib;)
gplg/replallgprolog executable
gplg/replall.pl gprolog source


A completed working instance of this scheme can be found at:

http://neotext.ca/RefR/pf.dhcp/

It has been tested on a machine with 1 static and 1 DHCP gateway as
well as on a machine with 2 DHCP gateways.

And yes, I know that most of you will think I'm daft to use prolog for 
a task that could be done in sh/perl/python.  It's really just a matter
of what you are most comfortable with... if a good reason comes up I might
recode it in C.

Dhu

Re: acer aspire one dmesg?

[Pau]

If I understand it correctly after seeing dmesg (thanks!), the acer
aspire one is more compatible with openbsd (-current) than the asus
eeepc...

I am looking forward to having one of these light-weight laptops with
solid state hard drive (in contrast to the vaporous state disks) and
this one seems to be quite fine; ethernet, wireless and sound are
working fine. Speedstep is working only on max and min, but I can live
with that

Has anybody tried a recent snapshot on the asus eeepc?

Anyway, thanks for everything

Pau

2008/8/6 Jonathan Gray [EMAIL PROTECTED]:
 On Wed, Aug 06, 2008 at 09:23:49AM +0200, Freddy DISSAUX wrote:

 Be careful whith re0, no mac address detected:
 re0 [ snip ] address 00:00:00:00:00:00

 The mac address should display correctly with a newer snapshot,
 reading out via the EEPROM is now bypassed on these newer PCIE
 re variants.

Re: MPLS On OpenBGP

[Claudio Jeker]

On Wed, Aug 06, 2008 at 03:17:41PM +0100, [EMAIL PROTECTED] wrote:
 Will it be likely possible and feasible to add MPLS feature on OpenBGPd?
 

Yes.  It is neither impossible nor unfeasible.
But don't ask when it will happen unless you like to do the work.

-- 
:wq Claudio

Re: syslogd -a question

[Dave Wilson]

Stuart VanZee wrote:

Hello OpenBSD Misc,

I have been doing some work with chrooting user accounts for
a project, and now I am looking to get syslogd working. I
found out that I need a log socket in the chroot environ
for this to work and the -a option does this fine and works
great!  BUT... now that I have one working, I need to be
able to chroot a whole bunch of these and looking in the
syslogd man page I see:

-a path
Specify a location where syslogd should place an additional log
socket.  Up to about 20 additional logging sockets can be speci-
fied.  The primary use for this is to place additional log sock-
ets in /dev/log of various chroot filespaces.

The part that worries me is the Up to about 20 part.  Is
this a hard limit?  Is there a way to extend this?  I am
looking at setting up around 100 user accounts like this but
most of them will only be used a few times a month so I'm
not really worried about resources too awful much.

Currently I am using OpenBSD 4.3

s



Don't by any means take me as knowledgeable, I'm just a lurker, but I've 
seen a few places where it has been suggested that NFS can be used in a 
chroot environment to make things tidier and to provide a way for things 
in a chroot to get to non-chroot things. EG if you were to export an NFS 
share which contained the necessary socket (and perhaps anything else 
you fancied not having multiple copies of) and then mount it over 
localhost within the chroot, might that solve your problem? That way, 
syslog only has to pay attention to one extra socket, but many chroots 
can write to it.


This might use more resources than other solutions, but at least it 
doesn't require a recompile like Alexander Hall's MAXFUNIX tweak.


I'm assuming that sockets work over NFS of course. Anyone care to 
correct me?


Dave W

Re: MPLS On OpenBGP

[demuel]

I'll be looking for that day wherein those Cisco guys can boost no more
that they are the only ones in the planet that has the MPLS skills. Whew,
maybe somebody knows where to start on how to add this MPLS feature so as
to answer the question like where do I begin?

 On Wed, Aug 06, 2008 at 03:17:41PM +0100, [EMAIL PROTECTED] wrote:
 Will it be likely possible and feasible to add MPLS feature on OpenBGPd?


 Yes.  It is neither impossible nor unfeasible.
 But don't ask when it will happen unless you like to do the work.

 --
 :wq Claudio

Re: acer aspire one dmesg?

[Joel Sing]

On Thursday 07 August 2008, Pau wrote:
 If I understand it correctly after seeing dmesg (thanks!), the acer
 aspire one is more compatible with openbsd (-current) than the asus
 eeepc...

 I am looking forward to having one of these light-weight laptops with
 solid state hard drive (in contrast to the vaporous state disks) and
 this one seems to be quite fine; ethernet, wireless and sound are
 working fine. Speedstep is working only on max and min, but I can live
 with that

 Has anybody tried a recent snapshot on the asus eeepc?

There isn't much that doesn't work on the ASUS eeePC 701 with the current 
snaps - the inbuilt wireless still doesn't work (reyk@ is about to work on 
this!) and the inbuilt camera. Don't think there's anything else...

There are some known issues with the eeePC 900 series machines, however I 
don't have access to one to confirm (apparently they can hang during boot, 
etc).

Also, I highly doubt that the wireless will work on the Acer Aspire One - the 
Atheros AR5424 14.2 appears to be the same wireless that's in the eeePC 701, 
which is currently unsupported.
-- 

 = Joel Sing | [EMAIL PROTECTED] | 0419 577 603 =


 Real stupidity beats artificial intelligence every time.
  - Terry Pratchett, Hogfather

Re: syslogd -a question

[nate]

Alexander Hall wrote:


  From looking at the source, I'd guess that tweaking
 /usr/src/usr.sbin/syslogd/syslogd.h and set MAXFUNIX to a larger number
 than 21 should be pretty straightforward. I'm not in the position to say
 whether large numbers would be appropriate though, for example by some
 limitation of poll(2).

How about one /dev/log and multiple hard links going to it?

Last time I worked with chroot environments was about 7 years ago but
I had a script that built the environments using hard links for the
users, and it seemed to work well. Of course I believe that the
hard link must be on the same file system as the target.

[EMAIL PROTECTED]:/tmp]# ln /dev/log .
[EMAIL PROTECTED]:/tmp]# ls -il /dev/log /tmp/log
89638 srw-rw-rw-  2 root  wheel  0 Aug  3 10:34 /dev/log
89638 srw-rw-rw-  2 root  wheel  0 Aug  3 10:34 /tmp/log
[EMAIL PROTECTED]:/tmp]#

nate

tablec - show all addresses in pf table

[John Brooks]

tablec allows me to add or remove pf table entries with
an unprivileged userland account. is there a method to
produce a listing of all addresses in a pf table with
an unprivileged userland account?

--
John Brooks
[EMAIL PROTECTED]

Re: syslogd -a question

[Ted Unangst]

On 8/6/08, Dave Wilson [EMAIL PROTECTED] wrote:
  I'm assuming that sockets work over NFS of course. Anyone care to correct
 me?

They don't work like that.

Re: tab gets lost on display

[Christian Weisgerber]

Stuart Henderson [EMAIL PROTECTED] wrote:

 Looks like an xterm bug. This works ok in a normal console,
 and works ok in screen in a normal console, but fails in an
 xterm or screen in an xterm.
 
 Let's make it easier for people to test;
 
 $ printf 1\t\t\t\t\t\t\t\t\t1234567\t123

I have taken my DEC VT220 from the shelf and xterm matches its
behavior.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: MPLS On OpenBGP

[Łukasz Bromirski]

[EMAIL PROTECTED] wrote:

I'll be looking for that day wherein those Cisco guys can boost no more
that they are the only ones in the planet that has the MPLS skills. Whew,
maybe somebody knows where to start on how to add this MPLS feature so as
to answer the question like where do I begin?


You're top-posting.

For the MPLS, you have basically two parts - data plane, which is
encapsulation of the frames or cells, and the control plane, which
is exchanging VPNv4/VPNv6 information between multiprotocol speaking
BGP routers (usually - PEs/LERs in MPLS nomenclature).

Quick look at google shows a lot of places where existing MPLS code
can be found[1]. But as usual - maybe it's not the best of breed, or
even not complete.

The MPLS as itself is not Cisco domain, but it was invented by Cisco
as tag switching[2] back in the days where nobody believed it will be
needed. It was back in 1997.

So, as Claudio said - go for it, if You think you can do better.

[1]. http://www.mplsrc.com/vendor.shtml being one of them, with
 old ayame project as well for NetBSD

[2]. http://tools.ietf.org/html/rfc2105

--
Don't expect me to cry for all the |   #ukasz Bromirski
 reasons you had to die -- Kurt Cobain |http://lukasz.bromirski.net

Re: tablec - show all addresses in pf table

[Joachim Schipper]

On Wed, Aug 06, 2008 at 11:32:53AM -0500, John Brooks wrote:
 tablec allows me to add or remove pf table entries with
 an unprivileged userland account. is there a method to
 produce a listing of all addresses in a pf table with
 an unprivileged userland account?

If this is for interactive use, why not just stick with sudo?

Otherwise, a trivial suided wrapper could work. If you have some coding
skills, extending tabled shouldn't be too hard, either - it appears to
be a pretty simple program.

Joachim

Re: PF and DHCP hakz

[Duncan Patton a Campbell]

On Tue, 5 Aug 2008 20:34:09 -0600
Duncan Patton a Campbell [EMAIL PROTECTED] wrote:

 Howdy List?
 
 As some of you may have gathered from previous posts, I have been
 working on a pf configuration that will allow a gateway firewall 
 machine to talk to two or more ISP services and allow for the
 differential routing of data connections from client's services 
 both behind the firewall and on it (e.g. a TOR, HTTP server or other proxy).
 
 An additional complexity is introduced in that most prospective
 users of such a configuration are small to medium businessess that
 engage only DHCP services from ISPs.  This means the IP address,
 default route and name servers associated with a particular service
 provider can (and do) change over the period the firewall gate 
 is up for, moreover the lease times granted can change from time
 to time.  Also, nameservers for most ISP are configured to only
 answer queries from the ISP's subnet(s) and the standard dhclient-
 script does not accomodate this.
 
 In order to make such a configuration work, I introduce some hacks
 into the dhclient-script such that when the dhclient processess
 associated with a particular interface are triggered to renew 
 a lease, a piece of prolog code is called that touches the following
 configs:
 
 file  data mod
 
 /etc/pf.conf  gatewayIP
 /etc/resolv.conf  nameservers (for default route)
 /etc/dhclient.confnameservers (for dhclient routes)

This should NOT state dhclient.conf.  It is, in fact dhcpd.conf that
is modified with the nameservers for dhclients on the internal net.

Dhu


 [routetable]  default route for firewall
 
 To do this, I create a directory, /etc/pf, containing the following files:
 
 file  purpose
 
 dhclient-script   dhclient-script modified to call 
 replall from
   add_new_routes() subroutine, and stub 
   add_new_resolv_conf() as resolv.conf must 
   only reference nameservers for the default 
 route;
   slink'd to /sbin/dhclient-script.
 dhcpd.cnf.[interface] one for each internal interface 
   to provision dhcpd services
 droute.IF define the firewall's default route interface
 pf.cnftemplate pf ruleset into which the 
 specific
   interface gateways are inserted (replall looks
   for lines begining with ext_gw_{IFN} ).
 replall   slink to compiled gprolog code hooked 
 from 
   dhclient-script that does the various 
 manipulations.
 gplg/Makefile make for gprolog code
 gplg/dlib.pl  prolog support code -- dlib==duncan's lib;)
 gplg/replall  gprolog executable
 gplg/replall.pl   gprolog source
 
 
 A completed working instance of this scheme can be found at:
 
 http://neotext.ca/RefR/pf.dhcp/
 
 It has been tested on a machine with 1 static and 1 DHCP gateway as
 well as on a machine with 2 DHCP gateways.
 
 And yes, I know that most of you will think I'm daft to use prolog for 
 a task that could be done in sh/perl/python.  It's really just a matter
 of what you are most comfortable with... if a good reason comes up I might
 recode it in C.
 
 Dhu

Re: contact info for PC Weasel?

[Chris Cappuccio]

spend your money on a motherboard with serial console.  like a supermicro
board or something.  you'll be happier.

James Hartley [EMAIL PROTECTED] wrote:
 Does anyone have any information on contacting/ordering a PC Weasel?
 Their Website:
 
 http://www.realweasel.com/
 
 ...is still up, but an inquiry sent to info@ last week is still
 unanswered.  According to a Calgary operator, the number listed on the
 Website is no longer in service,  searching through Google hasn't
 yielded anything relevant.
 
 Any information would be appreciated.
 
 Jim

-- 
If you don't turn on to politics, politics will turn on you
   - Ralph Nader

Re: contact info for PC Weasel?

[Brian A. Seklecki]

On Wed, 2008-08-06 at 13:58 -0700, Chris Cappuccio wrote:
 spend your money on a motherboard with serial console.  like a supermicro
 board or something.  you'll be happier.

No offense but: No.  No you wont.  Unless you have IPMI or something
like Dell's DRAC (4, not 5 -- 5 sux big time).

The AMI/Award BIOS serial console features on the market are _really_
bad.  No hot-key sequences, no watchdog timer, and they don't actually
simulate a VGA-Serial conversion (so the OS _still_ needs to know about
the serial console) -- redirection after boot almost never works for
kernels that draw the framebuffer instead of using BIOS calls to write
kernel messages.

Its bad out there.  PC Weasel needs to sell off/lease that technology to
MB vendors.

~BAS

Re: contact info for PC Weasel?

[Daniel A. Ramaley]

Given the $350 price tag of the PCI version, it might even be cheaper to 
get a different motherboard. The PC Weasel site looks unmaintained; the 
order page only lets you set a credit card expiration date from 2002 to 
2008.

On Wednesday August 6 2008 15:58, Chris Cappuccio wrote:
spend your money on a motherboard with serial console.  like a
 supermicro board or something.  you'll be happier.

James Hartley [EMAIL PROTECTED] wrote:
 Does anyone have any information on contacting/ordering a PC Weasel?
 Their Website:

 http://www.realweasel.com/


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: contact info for PC Weasel?

[nate]

Brian A. Seklecki wrote:
 On Wed, 2008-08-06 at 13:58 -0700, Chris Cappuccio wrote:
 spend your money on a motherboard with serial console.  like a supermicro
 board or something.  you'll be happier.

 No offense but: No.  No you wont.  Unless you have IPMI or something
 like Dell's DRAC (4, not 5 -- 5 sux big time).

Normal serial console works great for me. There are some quirks,
I've encountered a few on Dell systems, HP seems quite a bit
better. Most of my boxes are Linux, and the Dell bios with redirect
after POST conflicts with the serial console settings in the boot
loader, so as part of the automated system installation it detects
what model# the installer is running on, and if it's an affected
system the installer disables the serial console settings on the
boot loader to work around the BIOS bug(but keeps the serial
console enabled elsewhere like remote tty).

Haven't had a chance to mess with DRAC v4 yet, but DRAC v5 works
alright, though I have to reboot it more often than I had to
reboot the HP iLO (or HP iLO 2). The supermicro premium management
card is pretty nice too though last I checked you had to have
a browser to get to the console, no SSH access. Earlier versions
had an SSH daemon, but none of the commands worked once I got
logged in.

A few years ago when I had a lot more supermicro systems I got
them to fix some of their bios bugs that were the same as the
Dell - they conflicted with the boot loader. I'm told by my
co workers that Dell support is pretty worthless so I just
work around it on my end instead.

I also make sure to disable all frame buffers, which is pretty
easy.

I do like how the newer HP systems auto detect what console port
your on, even our latest Dell boxes we seem to have to go into
the bios and enable serial redirection before we can get remote
serial access via DRAC 5. I don't use the KVM stuff as it wants
java, and a web browser etc unless I absolutely have to. 99.9%
of the stuff I need the console for plain text serial is fine
(and faster/easier to get to over SSH).

My OpenBSD systems are installed by hand, fortunately the
installer is good about asking about serial consoles during
installation, makes it pretty easy too.

For what looks like about $300, this mini terminal server can
probably provide good remote access to a system with a serial
port(assuming you only need 1, if you need lots of ports get
a bigger model):

http://www.avocent.com/CycladesTS100.aspx

I haven't used that model myself, but have used tons of
ACS-32 and ACS-48s. (before Cyclades was bought by Avocent,
I hear since they have started to charge extra for a lot of
the things that were free before).

nate

Re: tab gets lost on display

[Ingo Schwarze]

Stuart Henderson wrote on Wed, Aug 06, 2008 at 03:00:43PM +:

 Let's make it easier for people to test;
 $ printf 1\t\t\t\t\t\t\t\t\t1234567\t123

Or even:

 $ printf \t\t\t\t\t\t\t\t\t\tX\n

These are ten tabs.  Each tab is supposed to be 8 characters wide.
Thus, the X is supposed to appear in column 81.  When the xterm is at
least 81 characters wide, the X does appear in column 81.  When the
width is 80 characters or less, the X appears in the last column.
In other words, a tab never makes xterm wrap to the next line.
A blank character does, as you can see from

 $ printf \t\t\t\t\t\t\t\t\t\t X\n

I quickly realized that reset(1) solves the issue and that
even `tset -I` is sufficient.  Actually, tset(1) uses
tcsetattr(3) OXTABS.  You can have the same effect manually
with `stty oxtabs` and the problem is gone; then `stty -oxtabs`
and the problem is back.  That oxtabs gets switched on by default
stems from the fact that /usr/src/share/termtypes/termtypes.master
has no OTpt for xterm-r6.

What i do not yet understand is why xterm has -oxtabs
by default but the terminfo(5) database has no OTpt for it.
Isn't that inconsistent?


Christian Weisgerber wrote on Wed, 6 Aug 2008 17:43:04 + (UTC):

 I have taken my DEC VT220 from the shelf and xterm matches
 its behavior.

In any case, the VT220 *has* hardware tabs.
That's also stated by :pt: in terminfo(5).

Now, *IF* xterm is supposed to emulate VT220 and thus xterm default
behaviour is considered correct, then the logical consequence would be
the following patch.  I'm not sure this is correct, quite possibly i'm
overlooking something, and even if it is correct, it's probably 
incomplete, but maybe somebody more knowledgeable regarding
termios(4) can judge this (after the release is done).


Index: share/termtypes/termtypes.master
===
RCS file: /cvs/src/share/termtypes/termtypes.master,v
retrieving revision 1.36
diff -u -r1.36 termtypes.master
--- share/termtypes/termtypes.master25 Jun 2007 15:57:28 -  1.36
+++ share/termtypes/termtypes.master6 Aug 2008 21:56:43 -
@@ -2538,7 +2538,7 @@
 # (khome/kend do not actually work in X11R5 or X11R6, but many people use this
 # for compatibility with other emulators).
 xterm-r6|xterm-old|xterm X11R6 version, 
-   OTbs, am, km, mir, msgr, xenl, 
+   OTbs, OTpt, am, km, mir, msgr, xenl, 
cols#80, it#8, lines#24, 
acsc=``aaffggiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~, 
bel=^G, bold=\E[1m, clear=\E[H\E[2J, cr=^M, 

Re: tab gets lost on display

[Ingo Schwarze]

Sorry for not noticing at once, but here we go:

Stuart Henderson wrote on Wed, Aug 06, 2008 at 03:00:43PM + concerning
$ printf 1\t\t\t\t\t\t\t\t\t1234567\t123

 Looks like an xterm bug. This works ok in a normal console,
 and works ok in screen in a normal console, but fails in an
 xterm or screen in an xterm.

In my last posting, i have shown that xterm has -oxterm by default,
emulating the strange original VT220 behaviour, but terminfo(5)
has no :pt: for xterm-r6, such that tset(1) switches to +oxterm.

For the i386 console, it's exactly the other way round: The consoles
have +oxterm by default, but terminfo(5) does have :pt: for vt220,
such that tset(1) switches to -oxterm.

Uh oh.
This is certainly not a big deal,
but indeed surprising either way...

OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Richard Daemon]

OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and
if so,  how?

Same problems as reported here: http://www.virtualbox.org/ticket/192

Regards,

Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Jonathan Gray]

On Wed, Aug 06, 2008 at 09:31:12PM -0400, Richard Daemon wrote:
 OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and
 if so,  how?
 
 Same problems as reported here: http://www.virtualbox.org/ticket/192
 
 Regards,

Look at http://www.virtualbox.org/changeset/846
Do you really want to run something that patches kernel memory
behind your back?

Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Tomas Bodzar]

VirtualBox sucks to version 1.6.2 .There is a 1.6.4 now,but I don't test it.

I use Qemu on BSD/Linux/Windows,it's better in my opinion.

(work with VirtualBox,Vmware Server 1.0.x,2.x,MS Virtual Server,MS Virtual PC)



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Daemon

Sent: Thursday, August 07, 2008 3:31 AM

To: misc

Subject: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?



OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and if so,  
how?



Same problems as reported here: http://www.virtualbox.org/ticket/192



Regards,

Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Jordi Beltran Creix]

I tried to run a recent i386 4.4 beta on a KVM/QEMU virtual machine
under Ubuntu and there are some problems with the emulated network.
The driver constantly reports timeouts.
 re0: watchdog timeout
As a side effect the connection is very slow. I assume that doesn't
happen on the actual hardware that QEMU is supposed to emulate, but
other OSes don't have the same problem.


2008/8/7 Tomas Bodzar [EMAIL PROTECTED]:
 VirtualBox sucks to version 1.6.2 .There is a 1.6.4 now,but I don't test it.
 I use Qemu on BSD/Linux/Windows,it's better in my opinion.
 (work with VirtualBox,Vmware Server 1.0.x,2.x,MS Virtual Server,MS Virtual PC)

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Daemon
 Sent: Thursday, August 07, 2008 3:31 AM
 To: misc
 Subject: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

 OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and if so, 
  how?

 Same problems as reported here: http://www.virtualbox.org/ticket/192

 Regards,

DOJ Incompetence and corruption

[james dandey]

For those that do not know,  DOJ is department of justice.

Incompetence and corruption cost an innocent man, Irvins,  his life.

The FBI have been harassing me for 15 years.  I have posted many emails to
this
list with a variety of descriptions of what has happened to me. DOJ
investigators
purposely try to drive suspects to suicide in cases lacking substantial
evidence.

It not only occurs in  the FBI but across all agencies of the DOJ. Congress
urgently
needs to look into the problems at the DOJ.

A PhD Chemist employed at the FBI's criminal investigation lab claims out
right criminal
tampering of evidence.

I will testify under oath the things done to me over that past 15 years and
like Abu Graib  it is far worse than most realize.

Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Dimitri]

Yes OBSD 4.3 can, I running this in virtualbox on winXP and linux.
but in winXP no run X11.
At momen enter Xorg -configure I obtain this:

#Xorg -configure

Xorg -configure
Fatal Server error:

Caught signal 11. Server aborting

abort trap

But whitout X run fine.

Regards

Dimitri.-
http://dimitri.homeunix.com/~dimitri/
OpenBSD - Free, Functional  Secure


--- El mii, 6/8/08, Jonathan Gray [EMAIL PROTECTED] escribis:

 De: Jonathan Gray [EMAIL PROTECTED]
 Asunto: Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working
properly?
 Para: Richard Daemon [EMAIL PROTECTED]
 CC: misc misc@openbsd.org
 Fecha: miircoles, 6 agosto, 2008 11:06
 On Wed, Aug 06, 2008 at 09:31:12PM -0400, Richard Daemon
 wrote:
  OpenBSD 4.3 running in VirtualBox? Anyone have it
 working properly and
  if so,  how?
 
  Same problems as reported here:
 http://www.virtualbox.org/ticket/192
 
  Regards,

 Look at http://www.virtualbox.org/changeset/846
 Do you really want to run something that patches kernel
 memory
 behind your back?


  __
Enviado desde Correo Yahoo! La bandeja de entrada mas inteligente.

How can I hire a PF developer or guru?

[Steve B]

Who would I contact, or how would I go about hiring a PF developer or guru
to help me debug/improve my pf.conf rules?

Steve

postgresql

[bofh]

Hi all,
I'm looking at a project that I'm trying to run on openbsd.  All that
box will have is postgresql.  At this time, it's just 2 programmers
and 1 sysadmin type person that's involved, no DBAs, so apologies if
the questions are... too simplistic.

And I realize if I want to maximize performance, I need to examine
OSes as well.  But at this point, I want to explore what is the
biggest postgresql server I can run under openbsd.  If at all
possible, I want to run everything in memory.

What I'm looking for is what is the biggest database I can run on a 4
socket (4 core per socket) AMD motherboard with 64GB or 128GB of Ram
using a standard kernel?

For example, what should shmmax be set to?
http://developer.postgresql.org/pgdocs/postgres/kernel-resources.html
recommends several hundred megabytes.

I understand I may need to recompile the kernel.  Any recommendations
for something that can run on 64/128GB ram, 16 cpus, running only
postgresql?

Thanks in advance.  I'm exploring what is possible at this point.  I
realize I haven't given out more information, but I don't have that in
hand yet.  But I'm interested in finding out what my top end is.
Thanks!


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?

[Tomas Bodzar]

4.3 runs fine on many PCs in Qemu as I tested 
(Kubuntu,Mandriva,OpenSUSE,Windows).4.4 is Beta,so there may be problems.



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jordi Beltran 
Creix

Sent: Thursday, August 07, 2008 5:56 AM

To: misc@openbsd.org

Subject: Re: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?



I tried to run a recent i386 4.4 beta on a KVM/QEMU virtual machine under 
Ubuntu and there are some problems with the emulated network.

The driver constantly reports timeouts.

 re0: watchdog timeout

As a side effect the connection is very slow. I assume that doesn't happen on 
the actual hardware that QEMU is supposed to emulate, but other OSes don't have 
the same problem.





2008/8/7 Tomas Bodzar [EMAIL PROTECTED]:

 VirtualBox sucks to version 1.6.2 .There is a 1.6.4 now,but I don't test it.

 I use Qemu on BSD/Linux/Windows,it's better in my opinion.

 (work with VirtualBox,Vmware Server 1.0.x,2.x,MS Virtual Server,MS

 Virtual PC)



 -Original Message-

 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf

 Of Richard Daemon

 Sent: Thursday, August 07, 2008 3:31 AM

 To: misc

 Subject: OpenBSD 4.3 running in VirtualBox? Anyone have it working properly?



 OpenBSD 4.3 running in VirtualBox? Anyone have it working properly and if so, 
  how?



 Same problems as reported here: http://www.virtualbox.org/ticket/192



 Regards,

Re: DOJ Incompetence and corruption

[Jacob Yocom-Piatt]

james dandey wrote:

For those that do not know,  DOJ is department of justice.

Incompetence and corruption cost an innocent man, Irvins,  his life.

The FBI have been harassing me for 15 years.  I have posted many emails to
this
list with a variety of descriptions of what has happened to me. DOJ
investigators
purposely try to drive suspects to suicide in cases lacking substantial
evidence.

It not only occurs in  the FBI but across all agencies of the DOJ. Congress
urgently
needs to look into the problems at the DOJ.

A PhD Chemist employed at the FBI's criminal investigation lab claims out
right criminal
tampering of evidence.

I will testify under oath the things done to me over that past 15 years and
like Abu Graib  it is far worse than most realize.

  



mr. dandey:

the terms of your parole specifically forbade you from mislinewrapping 
in public. you have been issued an additional 50 demerits.


if you do not amend your actions i can neither confirm nor deny that the 
DOJ will extraordinarily render your balls inoperable.


from those that already knew