Re: Can OpenBSD run in 24 MB of RAM?

[Tomas Bodzar]

It's running fine in console or X (just a longer start).Ofcourse,that you can't 
use Firefox or similiar SW :-)



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]

Sent: Thursday, September 04, 2008 5:00 AM

To: misc@openbsd.org

Subject: Can OpenBSD run in 24 MB of RAM?



I've searched the FAQ and the Web for any guidance on what the minimum RAM is 
for OpenBSD, with and without X.



I just acquired a Compaq Armada 1125 laptop that maxes out at 24 MB of RAM, and 
I'm wondering whether or not it's feasible to run OpenBSD on it.

Re: Disappointment: New browser - *sigh*

[Tomas Bodzar]

Eh?



What about New browser are you talking? ;-)

I don't know,that lynx(1) which is in base (! ;-)) has option about:plugins .

All others are not in base,just option and every user of OpenBSD know,that 
he/she must be careful about installing SW,which is not in base.



http://www.openbsd.org/faq/faq15.html



especially this part is maybe too hard for someone to understand :



The packages and ports collection does NOT go through the same thorough 
security audit that is performed on the OpenBSD base system. Although we strive 
to keep the quality of the packages collection high, we just do not have enough 
human resources to ensure the same level of robustness and security. Of course 
security updates for various applications are committed to the ports tree as 
soon as possible, and corresponding package security updates are made available 
as snapshots for -current.



But maybe not every user as I read your mail.



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of bofh

Sent: Thursday, September 04, 2008 2:40 AM

To: OpenBSD general usage list

Subject: OT: Disappointment: New browser - *sigh*



So, by now everyone should have heard about the new browser.  I just test drove 
it a little, and it works great on the sites I go to normally.



So, why am I disappointed?



For a group of people, who took the time to draw a bunch of cartoons to explain 
that they view security as something very very important, to fumble so badly, 
is really... sad.



No, I'm not talking about the eula, or the old webkit that has a security 
problem.  I'm talking about:



about:plugins

ActiveX Plug-in

File name: activex-shimActiveX Plug-in provides a shim to support ActiveX

controls*sigh*



Good intentions and all that, I guess.





--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

This officer's men seem to follow him merely out of idle curiosity. -- 
Sandhurst officer cadet evaluation.

Securing an environment of Windows platforms from abuse - external or internal 
- is akin to trying to install sprinklers in a fireworks factory where smoking 
on the job is permitted. -- Gene Spafford learn french: 
http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: Pre-Order 4.4

[Christophe Rioux]

Hi,

How can I test it ? In the snapshots/i386 I have all I need for the
installation, but I don't find the sys.tar.gz (needed to recompile the
kernel with the raid features).

As next I have actuelly 2 possibilities
* go in production with the 4.3 version, without raid (may be with a rsync
scheduled)
* go in production with the 4.4 Beta, and doing the beta tester: how can I
switch by the come out of the 4.4 to the official release ? Will I get some
patches ?

Regards

 -Message d'origine-
 De : K WESTERBACK [mailto:[EMAIL PROTECTED]
 Envoyi : mercredi 3 septembre 2008 19:05
 @ : Ted Unangst; [EMAIL PROTECTED]
 Cc : misc@openbsd.org
 Objet : Re: Pre-Order 4.4

 Just to be clear - this is/should be fixed in 4.4.

  Ken



 - Original Message 
 From: Ted Unangst [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Cc: misc@openbsd.org
 Sent: Wednesday, September 3, 2008 11:31:15 AM
 Subject: Re: Pre-Order 4.4

 On 9/3/08, Christophe Rioux [EMAIL PROTECTED] wrote:
   Do you know if the raid logic has being corrected in this
 new release. By
   corrected, I means following answer:
 
   http://marc.info/?l=openbsd-miscm=120855938821758w=2
 
   This is currently broken (deliberately) as changes are made to the
   logic concerning mounting the root disk. There are some
 more changes
   that need to be made before a fix to raidframe can be committed.

 http://marc.info/?l=openbsd-cvsm=121150396015435w=2

IPsec flow portrange problem

[Michael]

Hi,

I am trying to setup IPsec and also exclude some parts from getting 
processed by IPsec.


In IPSEC.CONF(5) the description says

[...]
from src [port sport] to dst [port dport]
[...]
The optional port modifiers restrict the flows to the specified ports
[...]

It is possible to supply multiple src and dst adresses if inside {}.

However, I also would like to add a portrange instead of having to 
manually write one entry for every flow, but it seems that it is only 
possible to add one single port.


Is that right? Did someone manage to add a portrange?

I would need something like:
flow esp proto udp from X.X.X.X to Y.Y.Y.Y port 5000:5050 type bypass


Thanks in advance,
Michael

awk doesn't recognize all of EREs

[Vadim Zhukov]

Our awk do not recognize range regex operator ({n,m} syntax). But man 
page says:

awk supports extended regular expressions (EREs). See re_format(7) for 
more information on regular expressions.

This behavior is same as in FreeBSD. gawk recognize range operator in 
POSIX mode (--posix).

As far as I understand, either our awk should recognize range operator 
(better) or this non-POSIX behavior should be mentioned in awk(1). 
Sample diff for man page provided; I didn't dig deeply in code to fix it 
enough yet.

-- 
  Best wishes,
Vadim Zhukov


--- awk.1.orig  Fri Jul 25 22:34:22 2008
+++ awk.1   Thu Sep  4 12:24:29 2008
@@ -316,7 +316,9 @@
 relational expressions.
 .Nm
 supports extended regular expressions
-.Pq EREs .
+.Pq EREs
+except range operator
+.Dq { n , m } .
 See
 .Xr re_format 7
 for more information on regular expressions.
@@ -764,7 +766,7 @@
 .Nm
 utility is compliant with the
 .St -p1003.1-2004
-specification.
+specification, except support of regular expression range operator.
 .Pp
 The flags
 .Op Fl \dV

Le Guide mondial des salons de 300 pages OFFERT

[Editions Expo News]

Offre spiciale 10hme anniversaire :
Abonnez-vous un an pour 89 € HT au Magazine
et ` la News-letter hebdo Evinements d'entreprise
et recevez en cadeau le Guide des salons de 300 pages

Abonnez-vous pour un an
au Magazine bimestriel et
` la news-letter ilectronique hebdomadaire Evinements d'entreprise,
spicialisis dans l'actualiti des salons, congrhs et du tourisme
d'affaires,
au tarif de 89 € TTC
et recevez en cadeau
votre exemplaire du
Guide des salons 2008-2009
de 300 pages (vendu seul au tarif de 90 € TTC) et votre logging pour vous
connecter ` nos bases de donnies en ligne pendant un an.

Le Magazine bimestriel (5 numiros par an) - 64 pages : dossiers de fond,
enqujtes, reportages, interviews, portraits de dicideurs
Plus d'information

La news-letter ilectronique hebdomadaire (42 numiros par an) : 30 pages
d'actualiti : nominations, criations de salons, risultats
Plus d'information



Le Guide des salons en France et ` l'international :
Sur 300 pages, toutes les informations nicessaires pour priparer sa
participation ` des salons :
a) Des conseils techniques :
 Pourquoi exposer dans un salon ?
 Comment choisir le salon oy exposer ?
 Comment priparer et riussir une participation ?
b) L'agenda des salons : Du 1er octobre 2008 au 31 dicembre 2009 (1 500
dates en France et plus de 4 000 ` l'international), en fiches techniques
(nom du salon, dates, lieu, nombre d'exposants et de visiteurs, surface
brute, date de criation, piriodiciti, coordonnies de l'organisateur).
 c) Les annuaires des professionnels de la filihre :
 Les organisateurs de salons
 Les parcs d'expositions
 Les concepteurs de stands et professions associies
 Les installateurs giniraux de salons et professions associies.
Plus d'information

Pour commander :

 Paiement par chhque ou par virement bancaire :
Cliquez sur ce lien pour tilicharger le bon de commande.

 Paiement en ligne (CB) :
Cliquez sur ce lien

Tous nos tarifs sont TTC pour la France, et sans taxe pour l'itranger
(les frais d'envois sont compris dans le tarif.)

A riception de votre rhglement :

 Vous serez immidiatement abonni ` la news-letter que vous recevrez
pendant un an chaque semaine ` l'adresse e-mail que vous nous aurez
communiqui.

 Vous recevrez le Magazine pendant un an (5 numiros).

 Vous recevez le Guide annuel des salons en France et ` l'international
dhs sa sortie (dernihre semaine de septembre).

 Nous vous ferons parvenir par e-mail votre code d'acchs pour consulter
en ligne nos bases de donnies sur les salons et les congrhs, par
l'Extranet riservi ` nos abonnis sur www.expo-news.fr



Editeur du Magazine, de la news-letter et du Guide Evinements
d'entreprise :
Editions Expo News
61-63 rue Albert Dhalenne - 93400 Saint Ouen
Til : 00 33 (0)1 75 43 45 83
Mail : [EMAIL PROTECTED]

Pour ne plus recevoir de messages, cliquez sur ce lien

Re: Disappointment: New browser - *sigh*

[Tomas Bodzar]

Ok.I promise,that I will be more quiet.I'm known,that sometimes i talk too much 
:-D (it started when I was small).



I know,that Google has new browser,but where is word Google or Chrome in his 
email,that it's about this browser?

OT = off topic



-Original Message-

From: Mark Smith [mailto:[EMAIL PROTECTED]

Sent: Thursday, September 04, 2008 10:54 AM

To: misc@openbsd.org

Cc: Tomas Bodzar

Subject: Re: Disappointment: New browser - *sigh*



Tomas Bodzar wrote:

 Eh?



 What about New browser are you talking? ;-) I don't know,that lynx(1)

 which is in base (! ;-)) has option about:plugins .

 All others are not in base,just option and every user of OpenBSD know,that 
 he/she must be careful about installing SW,which is not in base.



 http://www.openbsd.org/faq/faq15.html



 especially this part is maybe too hard for someone to understand :



 The packages and ports collection does NOT go through the same thorough 
 security audit that is performed on the OpenBSD base system. Although we 
 strive to keep the quality of the packages collection high, we just do not 
 have enough human resources to ensure the same level of robustness and 
 security. Of course security updates for various applications are committed 
 to the ports tree as soon as possible, and corresponding package security 
 updates are made available as snapshots for -current.



 But maybe not every user as I read your mail.





Wtf is wrong with you ? The more I read your mails on this list the more you 
look like a lost soul to me. As you're a noob to OpenBSD you might consider 
keeping advices to yourself for a little while.



He's talking about G**gle Chr*me which is not in ports. BTW do you know what OT 
means ?



If you don't understand a discussion then don't spam.



VADE RETRO TOMAS

Re: Disappointment: New browser - *sigh*

[Mark Smith]

Tomas Bodzar wrote:
 Eh?
 
 What about New browser are you talking? ;-)
 I don't know,that lynx(1) which is in base (! ;-)) has option about:plugins .
 All others are not in base,just option and every user of OpenBSD know,that 
 he/she must be careful about installing SW,which is not in base.
 
 http://www.openbsd.org/faq/faq15.html
 
 especially this part is maybe too hard for someone to understand :
 
 The packages and ports collection does NOT go through the same thorough 
 security audit that is performed on the OpenBSD base system. Although we 
 strive to keep the quality of the packages collection high, we just do not 
 have enough human resources to ensure the same level of robustness and 
 security. Of course security updates for various applications are committed 
 to the ports tree as soon as possible, and corresponding package security 
 updates are made available as snapshots for -current.
 
 But maybe not every user as I read your mail.
 

Wtf is wrong with you ? The more I read your mails on this list the more
you look like a lost soul to me. As you're a noob to OpenBSD you might
consider keeping advices to yourself for a little while.

He's talking about G**gle Chr*me which is not in ports. BTW do you know
what OT means ?

If you don't understand a discussion then don't spam.

VADE RETRO TOMAS

acx on sun

[Huy Nguyen]

Hi misc@,

this is my first post so please bare with me.
I'm trying to get a wg311v2 to work in a Sun Ultra 60 workstation under 
-current (snapshot from aug. 27th). Firmware is installed. Everything seems ok 
however although it seems to connect to the AP, dhclient won't get an IP 
address from it. If I set the address manually, I can ping myself but noone 
else and noone can ping me. The following message is displayed in both cases 
and when I issue ifconfig -M acx0 (returns none):
acx0: TX failed -- DMA error
My understanding of the message is that the card is not able to send packets 
because it can't access memory, now I don't have the background to understand 
why.
Thanks for your help
Huy

Here's my /etc/hostname.acx0:
up chan 11 nwid myap nwkey 0x1deadbeef1 mode 11g 

ifconfig acx0
acx0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:0f:b5:47:ef:e3
groups: wlan
media: IEEE802.11 autoselect (autoselect ibss)
status: active
ieee80211: nwid myap chan 11 bssid 02:0f:b5:47:ef:e3 nwkey 0x1deadbeef1
inet6 fe80::20f:b5ff:fe47:efe3%acx0 prefixlen 64 scopeid 0x3

dmesg
console is /[EMAIL PROTECTED],4000/[EMAIL PROTECTED]/[EMAIL PROTECTED],40:a
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2008 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 4.4-current (GENERIC.MP) #410: Wed Aug 27 16:07:02 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
real mem = 536870912 (512MB)
avail mem = 507854848 (484MB)
mainbus0 at root: Sun Ultra 60 UPA/PCI (2 X UltraSPARC-II 450MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-II (rev 1.0) @ 450.025 MHz
cpu0: physical 16K instruction (32 b/l), 16K data (32 b/l), 4096K external (64 
b/l)
cpu1 at mainbus0: SUNW,UltraSPARC-II (rev 1.0) @ 450.025 MHz
cpu1: physical 16K instruction (32 b/l), 16K data (32 b/l), 4096K external (64 
b/l)
psycho0 at mainbus0 addr 0xfffb4000: SUNW,psycho, impl 0, version 4, ign 7c0
psycho0: bus range 0-0, PCI bus 0
psycho0: dvma map fe00-, , STC0 enabled
pci0 at psycho0
ebus0 at pci0 dev 1 function 0 Sun PCIO EBus2 rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 
72c000-72c003, 72f000-72f003
power0 at ebus0 addr 724000-724003
SUNW,pll at ebus0 addr 504000-504002 not configured
uperf0 at ebus0 addr 50-57: model SUNW,sc-qp (0/1) ports 9
sab0 at ebus0 addr 40-40007f ivec 0x2b: rev 3.2
sabtty0 at sab0 port 0: console
sabtty1 at sab0 port 1
comkbd0 at ebus0 addr 3083f8-3083ff ivec 0x29: no keyboard
com0 at ebus0 addr 3062f8-3062ff ivec 0x2a: mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 300398-300399, 70-7f ivec 0x22: polled
fdthree at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ivec 0x27 
not configured
clock1 at ebus0 addr 0-1fff: mk48t59
flashprom at ebus0 addr 0-f not configured
audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 
722000-722003 ivec 0x23 ivec 0x24: nvaddrs 0
audio0 at audioce0
Sun PCIO EBus2 rev 0x01 at pci0 dev 1 function 0 not configured
hme0 at pci0 dev 1 function 1 Sun HME rev 0x01: ivec 0x7e1, address 
08:00:20:8a:9a:61
luphy0 at hme0 phy 1: LU6612 10/100 PHY, rev. 1
siop0 at pci0 dev 3 function 0 Symbios Logic 53c875 rev 0x14: ivec 0x7e0, 
using 4K of on-board RAM
scsibus0 at siop0: 16 targets, initiator 7
sd0 at scsibus0 targ 0 lun 0: SEAGATE, ST336605LSUN36G, 0638 SCSI3 0/direct 
fixed
sd0: 34732MB, 512 bytes/sec, 71132959 sec total
sd1 at scsibus0 targ 1 lun 0: SEAGATE, ST336605LSUN36G, 0238 SCSI3 0/direct 
fixed
sd1: 34732MB, 512 bytes/sec, 71132959 sec total
cd0 at scsibus0 targ 6 lun 0: TOSHIBA, DVD-ROM SD-M1401, 1009 SCSI2 5/cdrom 
removable
siop1 at pci0 dev 3 function 1 Symbios Logic 53c875 rev 0x14: ivec 0x7e6, 
using 4K of on-board RAM
scsibus1 at siop1: 16 targets, initiator 7
hme1 at pci0 dev 2 function 1 Sun HME rev 0x01: ivec 0x7d1, address 
00:03:ba:03:56:41
luphy1 at hme1 phy 1: LU6612 10/100 PHY, rev. 1
psycho1 at mainbus0 addr 0xfffc6000: SUNW,psycho, impl 0, version 4, ign 7c0
psycho1: bus range 128-128, PCI bus 128
psycho1: dvma map fe00-, iotdb a0bc8000-a0bd, STC0 enabled, 
STC1 enabled
pci1 at psycho1
acx0 at pci1 dev 1 function 0 TI ACX111 rev 0x00: ivec 0x7c0
acx0: ACX111, radio Radia (0x16), EEPROM ver 5, address 00:0f:b5:47:ef:e3
counter-timer at mainbus0 addr 0xfff9fc00 not configured
creator0 at mainbus0 addr 0xfeb8: Creator3D, model SUNW,501-4788, dac 10
wsdisplay0 at creator0
wsdisplay0: screen 0 added (std, sun emulation)
softraid0 at root
siop0: target 0 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers
siop0: target 1 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers
bootpath: /[EMAIL PROTECTED],4000/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0
root on sd0a swap on sd0b dump on sd0b

Thanks for any hint
Huy

Re: Disappointment: New browser - *sigh*

[Tomas Bodzar]

Maybe this part of email leads to my reaction :



For a group of people, who took the time to draw a bunch of cartoons to explain 
that they view security as something very very important, to fumble so badly, 
is really... sad.



OpenBSD is drawing bunch of cartoons too,not mainly about security,but security 
is number one for OpenBSD.If this part is about Google,than I made mistake and 
I'm sorry for my reaction.Everyone can make mistake.Now I must learn from it.





-Original Message-

From: Mark Smith [mailto:[EMAIL PROTECTED]

Sent: Thursday, September 04, 2008 10:54 AM

To: misc@openbsd.org

Cc: Tomas Bodzar

Subject: Re: Disappointment: New browser - *sigh*



Tomas Bodzar wrote:

 Eh?



 What about New browser are you talking? ;-) I don't know,that lynx(1)

 which is in base (! ;-)) has option about:plugins .

 All others are not in base,just option and every user of OpenBSD know,that 
 he/she must be careful about installing SW,which is not in base.



 http://www.openbsd.org/faq/faq15.html



 especially this part is maybe too hard for someone to understand :



 The packages and ports collection does NOT go through the same thorough 
 security audit that is performed on the OpenBSD base system. Although we 
 strive to keep the quality of the packages collection high, we just do not 
 have enough human resources to ensure the same level of robustness and 
 security. Of course security updates for various applications are committed 
 to the ports tree as soon as possible, and corresponding package security 
 updates are made available as snapshots for -current.



 But maybe not every user as I read your mail.





Wtf is wrong with you ? The more I read your mails on this list the more you 
look like a lost soul to me. As you're a noob to OpenBSD you might consider 
keeping advices to yourself for a little while.



He's talking about G**gle Chr*me which is not in ports. BTW do you know what OT 
means ?



If you don't understand a discussion then don't spam.



VADE RETRO TOMAS

Re: Pre-Order 4.4

[Stuart Henderson]

On 2008-09-04, Christophe Rioux [EMAIL PROTECTED] wrote:
 How can I test it ? In the snapshots/i386 I have all I need for the
 installation,

too late, this is now past 4.4.

Re: Info about DRI support and setup

[Stuart Henderson]

On 2008-09-04, Tomas Bodzar [EMAIL PROTECTED] wrote:
 Super,but why isn't this important info on some known place?

When the releveant developers think it's ready to put in a
public place, they'll put it there.

I didn't want to undermine that so I sent my message to you
off-list. Please check the To/CC headers of messages and don't
redirect an off-list message back to the list. Thanks.

Re: Spamd - whitelisting round robin mail servers?

[Stuart Henderson]

On 2008-09-04, Jeff Simmons [EMAIL PROTECTED] wrote:
 Yeah, that covers Google, all right. And then somebody called 
 Websitewelcome.com gives me major grief. Is the only way to do this to wait 
 for someone to complain that mail isn't going through?

No, you can also tell from spamdb output.

Re: Info about DRI support and setup

[Tomas Bodzar]

:-/ Upss.Sorry



Thanks for help.



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Henderson

Sent: Thursday, September 04, 2008 11:35 AM

To: misc@openbsd.org

Subject: Re: Info about DRI support and setup



On 2008-09-04, Tomas Bodzar [EMAIL PROTECTED] wrote:

 Super,but why isn't this important info on some known place?



When the releveant developers think it's ready to put in a public place, 
they'll put it there.



I didn't want to undermine that so I sent my message to you off-list. Please 
check the To/CC headers of messages and don't redirect an off-list message back 
to the list. Thanks.

Re: Can OpenBSD run in 24 MB of RAM?

[Steve Shockley]

[EMAIL PROTECTED] wrote:

I've searched the FAQ and the Web for any guidance on what the minimum RAM
is for OpenBSD, with and without X.

I just acquired a Compaq Armada 1125 laptop that maxes out at 24 MB of
RAM, and I'm wondering whether or not it's feasible to run OpenBSD on it.


From ftp://ftp.openbsd.org/pub/OpenBSD/4.3/i386/INSTALL.i386:

The minimal configuration to install the system is 24MB or 32MB of RAM 
and perhaps 200MB of disk space.  To install the entire system requires 
much more disk space, and to run X or compile the system, more RAM is 
recommended.



So, OpenBSD will run.  It's going to be slow, it's only a Pentium 100. 
I ran OpenBSD on a P133 for a while, I had to run the older version of X 
because the video wasn't supported by the new version, not sure if 
that's still the case.


Patience will be important.

Re: Can OpenBSD run in 24 MB of RAM?

[Peter N. M. Hansteen]

Steve Shockley [EMAIL PROTECTED] writes:

 So, OpenBSD will run.  It's going to be slow, it's only a Pentium
 100. I ran OpenBSD on a P133 for a while, I had to run the older
 version of X because the video wasn't supported by the new version,
 not sure if that's still the case.

The archives will reveal that around 2.5-2.7 times (cant't remember
exactly), some of us have installed and (briefly) run OpenBSD on
i386/33 with all of 8MB of RAM, and I think even the trick for making
the installer complete under these conditions made it into the FAQ at
least for a while.  Not recommended, but apparently doable, FSVO.

 Patience will be important.

Oh yes, loads of it.  By the time you've actually gotten a system with
that spec to do something marginally useful, something much more
recent is bound to have fallen into your lap for free.

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
Remember to set the evil bit on all malicious network traffic
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

2200 MHz on a 2.00GHz

[Alexey Suslikov]

Markus Bergkvist wrote:

 2.00 GHz cpu with unknown speedstep is reported to have 2200 MHz as
 highest speed. Feature or defect? :-) Does this deserve a PR posting or
 is it ongoing work?

 $ apm -L  sysctl hw.cpuspeed
 hw.cpuspeed=1200
 $ apm -H  sysctl hw.cpuspeed
 hw.cpuspeed=2200

Have you tried this diff?

http://marc.info/?l=openbsd-techm=121493180205892w=2

I believe gwk@ (and maybe marco@ too) still needs feedback on this.

Alexey

Re: IPsec flow portrange problem

[Markus Friedl]

AFAIK it's not supported in IKE, so it's not supported in ipsec.conf

On Thu, Sep 04, 2008 at 10:37:25AM +0200, Michael wrote:
 Hi,
 
 I am trying to setup IPsec and also exclude some parts from getting 
 processed by IPsec.
 
 In IPSEC.CONF(5) the description says
 
 [...]
 from src [port sport] to dst [port dport]
 [...]
 The optional port modifiers restrict the flows to the specified ports
 [...]
 
 It is possible to supply multiple src and dst adresses if inside {}.
 
 However, I also would like to add a portrange instead of having to 
 manually write one entry for every flow, but it seems that it is only 
 possible to add one single port.
 
 Is that right? Did someone manage to add a portrange?
 
 I would need something like:
 flow esp proto udp from X.X.X.X to Y.Y.Y.Y port 5000:5050 type bypass
 
 
 Thanks in advance,
 Michael

Re: IPsec flow portrange problem

[Michael]

Hi,

thanks for your answer.

Markus Friedl schrieb:

AFAIK it's not supported in IKE, so it's not supported in ipsec.conf


Something like port { 1000 1001 ... } would be nice too, but also 
doesn't seem to work. It works for from/to { IP1 IP2 ... } though. At 
least I did not manage to set it up like that with port.


If that currently also isn't possible, it would be a nice to have 
feature for a cleaner ipsec.conf file. Automatic expansion of port 
ranges would be even better... :-)



Michael

Re: 2200 MHz on a 2.00GHz

[Markus Bergkvist]

That diff made speedstep work on my Dell D600, but the acpicpu_setpdc 
code was reverted

http://marc.info/?l=openbsd-cvsm=121801217417287w=2
and the patch does not apply any longer, thus the speedstep stopped 
working on the D600. gwk was notified of the downgrade.


Last time I looked at it was middle of august, don't know if there has 
been any changes since. Perhaps it is time to have another look at it.


/Markus

Alexey Suslikov wrote:

Markus Bergkvist wrote:


2.00 GHz cpu with unknown speedstep is reported to have 2200 MHz as
highest speed. Feature or defect? :-) Does this deserve a PR posting or
is it ongoing work?

$ apm -L  sysctl hw.cpuspeed
hw.cpuspeed=1200
$ apm -H  sysctl hw.cpuspeed
hw.cpuspeed=2200


Have you tried this diff?

http://marc.info/?l=openbsd-techm=121493180205892w=2

I believe gwk@ (and maybe marco@ too) still needs feedback on this.

Alexey

Shuttle K-4500-N Celeron

[new_guy]

I was considering buying one of these (cheap, small and quiet) to be used as
an OpenBSD firewall. It has one free slot for an additional NIC. Has anyone
ran OpenBSD on one of these before? I can't try before buying.

Here are the hardware details:
http://www.newegg.com/Product/Product.aspx?Item=N82E16883104035

Thanks,

Brad
-- 
View this message in context: 
http://www.nabble.com/Shuttle-K-4500-N-Celeron-tp19309013p19309013.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

[SUSPECTED SPAM] Su carta!

[[EMAIL PROTECTED]]

En breves palabras:
Si necesita 335 (euro) por semana de ganancia adicional, podemos darle un
trabajo a distancia
Su tarea sera contestar a las consultas de nuestros clientes por telifono o
Internet. 
El trabajo no es difmcil y la capacitacisn es gratuita. 
Si esta interesado o tiene alguna pregunta, psngase en contacto con nuestro
Director de R.R.H.H. 
Su correo electrsnico es: [EMAIL PROTECTED]
Envmenos su informacisn personal: nombre, edad y la cuidad de residencia.
Sin ningzn compromiso. Pruebe... Es posible que sea su opurtunidad.

Re: Info about DRI support and setup

[Ted Unangst]

On Thu, Sep 4, 2008 at 12:46 AM, Tomas Bodzar [EMAIL PROTECTED] wrote:
 Super,but why isn't this important info on some known place?

Because it's not important.  If you aren't following cvs, then there's
little reason to document fatures that only exist in cvs.

 If I use Google,than there is nothing on first 5 pages,similiar for OpenBSD
 webpage or Undeadly.
 I thought,that this is big change in OpenBSD dev and can be pointed
 somewhere,maybe in FAQ 11

The FAQ is for the released version of OpenBSD and covers supported
features.  Unsupported features in unreleased versions are not
documented.

Re: Can OpenBSD run in 24 MB of RAM?

[Giancarlo Razzolini]

Peter N. M. Hansteen escreveu:
 Steve Shockley [EMAIL PROTECTED] writes:

   
 So, OpenBSD will run.  It's going to be slow, it's only a Pentium
 100. I ran OpenBSD on a P133 for a while, I had to run the older
 version of X because the video wasn't supported by the new version,
 not sure if that's still the case.
 

 The archives will reveal that around 2.5-2.7 times (cant't remember
 exactly), some of us have installed and (briefly) run OpenBSD on
 i386/33 with all of 8MB of RAM, and I think even the trick for making
 the installer complete under these conditions made it into the FAQ at
 least for a while.  Not recommended, but apparently doable, FSVO.

   
 Patience will be important.
 

 Oh yes, loads of it.  By the time you've actually gotten a system with
 that spec to do something marginally useful, something much more
 recent is bound to have fallen into your lap for free.

   
Never ran with 24MB, but note mentioned that I've run an openbsd
firewall on a pentium 133, with 32MB of ram. It had everything a
firewall for home uses need, DNS, DHCP and the firewall rules. I've
upgraded to 64MB so i could run a squid proxy, apache server and openvpn
server. Ran it for more than a year. OpenBSD is a very small footprint
operational system. I believe it will run in 24MB with no problems.

My regards,

-- 
Giancarlo Razzolini
http://lock.razzolini.adm.br
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Verify:https://www.redhat.com/certification/rhce/current/
Moleque Sem Conteudo Numero #002
OpenBSD Stable
Ubuntu 8.04 Hardy Heron
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

Re: Vlan Tag on Vlan Tag (l2tunneling)

[Insan Praja SW]

On Fri, 22 Aug 2008 02:34:12 +0700, Reyk Floeter [EMAIL PROTECTED] wrote:


On Thu, Aug 21, 2008 at 04:05:50PM +0200, Claudio Jeker wrote:

 no point in just doing that.

 a button to change the ether type would make sense.




this is not trivial because it would require a change in the Rx path
where it is currently matching the ethertype in ether_input() before
calling vlan_input().  do you want to call vlan_input() for every
other packet or do a configured type lookup all the time?  and what if
the user specifies an ethernet type that is conflicting with something
else?  i think it should really only be 0x8100 or 0x88a8.


If we stack vlan interfaces I don't see a real need for such a button.
This could be figured out either at configuration time or on runtime.
E.g. just check if the ethertype is 0x8100 and add the next vlan tag as
0x88a8. This would also allow to use a bridge for qinq setups. Because  
of

this I think doing it on runtime is the best.



here is another approach defining QinQ-compliant interfaces as a new
cloner type; so you can stack 0x88a8 devices as you wish and it
doesn't need a new button in ifconfig.  it also uses a dedicated vlan
tag hash for Service VLANs to avoid tag/Id conflicts.

# ifconfig em0 up
# ifconfig svlan100 vlandev em0
# ifconfig vlan200 vlandev svlan100 192.168.2.100

reyk

Index: share/man/man4/vlan.4
===
RCS file: /cvs/src/share/man/man4/vlan.4,v
retrieving revision 1.31
diff -u -p -r1.31 vlan.4
--- share/man/man4/vlan.4   26 Jun 2008 05:42:07 -  1.31
+++ share/man/man4/vlan.4   21 Aug 2008 19:18:42 -
@@ -31,8 +31,9 @@
 .Dt VLAN 4
 .Os
 .Sh NAME
-.Nm vlan
-.Nd IEEE 802.1Q encapsulation/decapsulation pseudo-device
+.Nm vlan ,
+.Nm svlan
+.Nd IEEE 802.1Q/1AD encapsulation/decapsulation pseudo-devices
 .Sh SYNOPSIS
 .Cd pseudo-device vlan
 .Sh DESCRIPTION
@@ -40,6 +41,10 @@ The
 .Nm
 Ethernet interface allows construction of virtual LANs when used in
 conjunction with IEEE 802.1Q-compliant Ethernet devices.
+The
+.Ic svlan
+Ethernet interface allows contruction of IEEE 802.1AD-compliant
+provider bridges.
 .Pp
 A
 .Nm
@@ -83,6 +88,24 @@ option for more information.
 Following the vlan header is the actual ether type for the frame and  
length

 information.
 .Pp
+An
+.Ic svlan
+interface is normally used for QinQ in 802.1AD-compliant provider  
bridges to

+stack other
+.Nm
+interfaces on top of it.
+It can be created using the
+.Ic ifconfig svlan Ns Ar N Ic create
+command or by setting up a
+.Xr hostname.if 5
+configuration file for
+.Xr netstart 8 .
+The configuration is identical to the
+.Nm
+interface, the only differences are that it uses a different Ethernet
+type (0x88a8) and an independent VLAN Id space on the parent
+interface.
+.Pp
 .Nm
 interfaces support the following unique
 .Xr ioctl 2 Ns s :
@@ -104,7 +127,10 @@ interfaces use the following interface c
 The parent interface can handle full sized frames, plus the size
 of the vlan tag.
 .It IFCAP_VLAN_HWTAGGING
-The parent interface will participate in the tagging of frames.
+The parent interface will participate in the tagging of frames
+(This is not supported by
+.Ic svlan
+interfaces).
 .El
 .Sh DIAGNOSTICS
 .Bl -diag
@@ -150,6 +176,10 @@ and
 .Rs
 .%T IEEE 802.1Q standard
 .%O http://standards.ieee.org/getieee802/802.1.html
+.Re
+.Rs
+.%T IEEE 802.1AD standard
+.%O Provider Bridges, QinQ
 .Re
 .Sh AUTHORS
 Originally [EMAIL PROTECTED]
Index: sys/net/ethertypes.h
===
RCS file: /cvs/src/sys/net/ethertypes.h,v
retrieving revision 1.9
diff -u -p -r1.9 ethertypes.h
--- sys/net/ethertypes.h5 May 2008 13:40:17 -   1.9
+++ sys/net/ethertypes.h21 Aug 2008 19:18:42 -
@@ -300,6 +300,7 @@
 #defineETHERTYPE_LANPROBE  0x  /* HP LanProbe test? */
 #defineETHERTYPE_PAE   0x888E  /* 802.1X Port Access Entity */
 #defineETHERTYPE_AOE   0x88A2  /* ATA over Ethernet */
+#defineETHERTYPE_QINQ  0x88A8  /* 802.1ad VLAN stacking */
 #defineETHERTYPE_LLDP  0x88CC  /* Link Layer Discovery 
Protocol */
 #defineETHERTYPE_LOOPBACK  0x9000  /* Loopback */
 #defineETHERTYPE_LBACK ETHERTYPE_LOOPBACK  /* DEC MOP 
loopback */
Index: sys/net/if_bridge.c
===
RCS file: /cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.170
diff -u -p -r1.170 if_bridge.c
--- sys/net/if_bridge.c 14 Jun 2008 21:46:22 -  1.170
+++ sys/net/if_bridge.c 21 Aug 2008 19:18:42 -
@@ -2601,7 +2601,7 @@ bridge_fragment(struct bridge_softc *sc,
goto dropit;
 #else
etype = ntohs(eh-ether_type);
-   if (etype == ETHERTYPE_VLAN 
+   if ((etype == ETHERTYPE_VLAN || etype == ETHERTYPE_QINQ) 
(ifp-if_capabilities  IFCAP_VLAN_MTU) 
((m-m_pkthdr.len - 

Re: Can OpenBSD run in 24 MB of RAM?

[ropers]

2008/9/4 Peter N. M. Hansteen [EMAIL PROTECTED]:
 Steve Shockley [EMAIL PROTECTED] writes:

 So, OpenBSD will run.  It's going to be slow, it's only a Pentium
 100. I ran OpenBSD on a P133 for a while, I had to run the older
 version of X because the video wasn't supported by the new version,
 not sure if that's still the case.

 The archives will reveal that around 2.5-2.7 times (cant't remember
 exactly), some of us have installed and (briefly) run OpenBSD on
 i386/33 with all of 8MB of RAM, and I think even the trick for making
 the installer complete under these conditions made it into the FAQ at
 least for a while.  Not recommended, but apparently doable, FSVO.

 Patience will be important.

 Oh yes, loads of it.  By the time you've actually gotten a system with
 that spec to do something marginally useful, something much more
 recent is bound to have fallen into your lap for free.

I did for a time run a 133MHz Pentium 1 clone PF firewall with a 210MB
HDD and 48 MB RAM. I don't recommend using such a puny HDD. Even
promotional freebie USB sticks are probably 512MB these days, and you
really do want at least 512MB HDD space (of course bigger still is a
lot better), because otherwise there is so much stuff that you
probably would want and just cannot install. As for the RAM and the
speed, I found the above quite acceptable for my home network purposes
(no X11) once I gave it a bigger HDD. Of course OpenBSD will also put
a better CPU and more RAM to excellent use, but based on my personal
experience I would consider a Pentium 1 with 512MB HDD and 48 MB RAM
the minimum for very basic 10/100 Megabit home network PF stuff. It's
possible that even 24MB RAM will work ok for you, I just haven't tried
it. YMMV.

regards,
--ropers

Re: Can OpenBSD run in 24 MB of RAM?

[Paul de Weerd]

Oh come on .. there's no challenge in 16M. Less, that's where it gets
really interesting (if you're in to BSDM, of course ;)

OpenBSD 4.4-beta (GENERIC) #0: Thu Jul 10 11:55:18 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz (GenuineIntel 686-class) 
2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16
real mem  = 16281600 (15MB)
avail mem = 5730304 (5MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/10/07, BIOS32 rev. 0 @ 0xfd880, SMBIOS 
rev. 2.31 @ 0xe0010 (45 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 04/10/2007
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 99%
apm0: AC on, battery charge high
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000!
vmt0 at mainbus0
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive
wd0: 64-sector PIO, LBA, 1024MB, 2097152 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: NECVMWar, VMware IDE CDR10, 1.00 ATAPI 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 Intel 82371AB Power rev 0x08: SMBus disabled
vga1 at pci0 dev 15 function 0 VMware Virtual SVGA II rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
bha3 at pci0 dev 16 function 0 BusLogic MultiMaster rev 0x01: irq 11, 
BusLogic 9xxC SCSI
bha3: model BT-958, firmware 5.07B
bha3: sync, parity
scsibus1 at bha3: 8 targets, initiator 7
ppb1 at pci0 dev 17 function 0 VMware Virtual PCI-PCI rev 0x02
pci2 at ppb1 bus 2
vic0 at pci2 dev 0 function 0 AMD 79c970 PCnet-PCI rev 0x10: irq 9, address 
00:0c:29:ff:4d:0d
eap0 at pci2 dev 1 function 0 Ensoniq AudioPCI97 rev 0x02: irq 10
ac97: codec id 0x43525913 (Cirrus Logic CS4297A rev 3)
audio0 at eap0
midi0 at eap0: AudioPCI MIDI UART
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi1 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask e965 netmask eb65 ttymask fbff
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b


(i'll admit that this one was installed with 256M .. but it's a
GENERIC kernel and it boots with the default daemons and gettys etc,
including ntpd).

Cheers,

Paul 'WEiRD' de Weerd

PS: BSDM = BSD Masochism

On Thu, Sep 04, 2008 at 11:22:14AM -0300, Giancarlo Razzolini wrote:
| Peter N. M. Hansteen escreveu:
|  Steve Shockley [EMAIL PROTECTED] writes:
| 
|
|  So, OpenBSD will run.  It's going to be slow, it's only a Pentium
|  100. I ran OpenBSD on a P133 for a while, I had to run the older
|  version of X because the video wasn't supported by the new version,
|  not sure if that's still the case.
|  
| 
|  The archives will reveal that around 2.5-2.7 times (cant't remember
|  exactly), some of us have installed and (briefly) run OpenBSD on
|  i386/33 with all of 8MB of RAM, and I think even the trick for making
|  the installer complete under these conditions made it into the FAQ at
|  least for a while.  Not recommended, but apparently doable, FSVO.
| 
|
|  Patience will be important.
|  
| 
|  Oh yes, loads of it.  By the time you've actually gotten a system with
|  that spec to do something marginally useful, something much more
|  recent is bound to have fallen into your lap for free.
| 
|
| Never ran with 24MB, but note mentioned that I've run an openbsd
| firewall on a pentium 133, with 32MB of ram. It had everything a
| firewall for home uses need, DNS, DHCP and the firewall rules. I've
| upgraded to 64MB so i could 

Stop in line 888 of Makefile

[Doug Milam]

ln: /obsd: Operation not permitted
*** Error code 1

Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 888 of Makefile).

--running as root

Re: Stop in line 888 of Makefile

[Hannah Schroeter]

Hi!

On Thu, Sep 04, 2008 at 08:01:35AM -0700, Doug Milam wrote:
ln: /obsd: Operation not permitted
*** Error code 1

Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 888 of Makefile).

--running as root

Have you ever set an immutable flag? (ls -lo /bsd /nbsd /obsd)

Kind regards,

Hannah.

Re: awk doesn't recognize all of EREs

[Jason McIntyre]

On Thu, Sep 04, 2008 at 12:35:20PM +0400, Vadim Zhukov wrote:
 Our awk do not recognize range regex operator ({n,m} syntax). But man 
 page says:
 
 awk supports extended regular expressions (EREs). See re_format(7) for 
 more information on regular expressions.
 
 This behavior is same as in FreeBSD. gawk recognize range operator in 
 POSIX mode (--posix).
 
 As far as I understand, either our awk should recognize range operator 
 (better) or this non-POSIX behavior should be mentioned in awk(1). 
 Sample diff for man page provided; I didn't dig deeply in code to fix it 
 enough yet.
 

slightly different diff to yours committed. thanks for the mail,
jmc

Re: Can OpenBSD run in 24 MB of RAM?

[Stuart Henderson]

On 2008-09-04, Giancarlo Razzolini [EMAIL PROTECTED] wrote:
 Never ran with 24MB, but note mentioned that I've run an openbsd
 firewall on a pentium 133, with 32MB of ram. It had everything a
 firewall for home uses need, DNS, DHCP and the firewall rules. I've
 upgraded to 64MB so i could run a squid proxy, apache server and openvpn
 server. Ran it for more than a year. OpenBSD is a very small footprint
 operational system. I believe it will run in 24MB with no problems.

I had problems on a 32MB soekris 4526 just using it as an access point.
bridge + hostap + that's it. but with swap available you could do more.

I don't know how the installer will do with that little RAM; you may
have to install the OS onto the hard drive on a machine with more.

It's not going to make a normal workstation, that's for sure,
but there are things you can do with it.

X server, running apps remotely? perhaps, though I think you still
have to be careful what you run.

Basic router or nat gateway? maybe, but the network interfaces on
that sort of laptop are going to suck.

Cheap smallish device to leave at a colo site for when you need serial
console access to machines?

Got/can add USB? simple one-wire sensor controller with uow(4)?

The cheapest Eee is considerably better-spec, of course...

Re: Can OpenBSD run in 24 MB of RAM?

[Paul de Weerd]

On Thu, Sep 04, 2008 at 04:46:07PM +0200, Paul de Weerd wrote:
| Oh come on .. there's no challenge in 16M. Less, that's where it gets
| really interesting (if you're in to BSDM, of course ;)

OK, at 8MB it runs with a non-GENERIC kernel, still booting with all
the default services (including ntpd). Logging in over ssh is slow as
molasses, but it works (swap is not an option - it's mandatory now ;)
This kernel actually has useful options (ipv6, pf, vlan, briding, etc)
enabled. It weighs in at 1663498 bytes. You can probably get smaller
but not by much.

The first idiot to send me a dmesg of a working (real, no VMWare
trickery like I'm doing) machine with less memory can come by to pick
up a better machine (at least with more RAM) for free. (I may have
more machines I want to get rid of and am too lazy to take out to the
trash, first come first served)

That's it for today, I'm done with BSDM for now ;)

Cheers,

Paul 'WEiRD' de Weerd

OpenBSD 4.4-current (I_AM_IDIOT) #1: Thu Sep  4 18:04:18 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/I_AM_IDIOT
cpu0: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz (GenuineIntel 686-class) 
2.40 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL,CX16
real mem  = 7892992 (7MB)
avail mem = 3051520 (2MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/10/07, BIOS32 rev. 0 @ 0xfd880, SMBIOS 
rev. 2.31 @ 0xe0010 (45 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 04/10/2007
bios0: VMware, Inc. VMware Virtual Platform
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (vendor 0x8086 product 0x122e rev 
0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xdc000/0x4000! 0xe/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor 0x8086 product 0x7190 rev 0x01
ppb0 at pci0 dev 1 function 0 vendor 0x8086 product 0x7191 rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 vendor 0x8086 product 0x7110 rev 0x08
pciide0 at pci0 dev 7 function 1 vendor 0x8086 product 0x7111 rev 0x01: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: VMware Virtual IDE Hard Drive
wd0: 64-sector PIO, LBA, 1024MB, 2097152 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
drive at pciide0 channel 1 drive 0 not configured
pciide0: channel 1 disabled (no drives)
vendor 0x8086 product 0x7113 (class bridge subclass miscellaneous, rev 0x08) at 
pci0 dev 7 function 3 not configured
vga0 at pci0 dev 15 function 0 vendor 0x15ad product 0x0405 rev 0x00
wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vendor 0x104b product 0x1040 (class mass storage subclass SCSI, rev 0x01) at 
pci0 dev 16 function 0 not configured
ppb1 at pci0 dev 17 function 0 vendor 0x15ad product 0x0790 rev 0x02
pci2 at ppb1 bus 2
vic0 at pci2 dev 0 function 0 vendor 0x1022 product 0x2000 rev 0x10: irq 9, 
address 00:0c:29:ff:4d:0d
vendor 0x1274 product 0x1371 (class multimedia subclass audio, rev 0x02) at 
pci2 dev 1 function 0 not configured
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask fde5 netmask ffe5 ttymask 
mtrr: Pentium Pro MTRR support
root on wd0a swap on wd0b dump on wd0b

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: Can OpenBSD run in 24 MB of RAM?

[Hannah Schroeter]

Hi!

On Thu, Sep 04, 2008 at 06:19:30PM +0200, Paul de Weerd wrote:
On Thu, Sep 04, 2008 at 04:46:07PM +0200, Paul de Weerd wrote:
| Oh come on .. there's no challenge in 16M. Less, that's where it gets
| really interesting (if you're in to BSDM, of course ;)

OK, at 8MB it runs with a non-GENERIC kernel, still booting with all
the default services (including ntpd). Logging in over ssh is slow as
molasses, but it works (swap is not an option - it's mandatory now ;)

That were times when encrypted/kerberized telnet was really useful, back
then, when I really used small boxen as router. Even with more RAM, ssh
was *slow* (because of CPU) on some boxen, while e/k telnet was quite
fast still.

[...]

The first idiot to send me a dmesg of a working (real, no VMWare
trickery like I'm doing) machine with less memory can come by to pick
up a better machine (at least with more RAM) for free. (I may have
more machines I want to get rid of and am too lazy to take out to the
trash, first come first served)

About 10 years ago, I built a dedicated bridge-only system, using a 386
or 486 (don't remember any more, it was at times when obsd actually
*did* run, when GPL_MATH_EMU wasn't dropped from the kernel yet). It ran
on *4* MB of RAM, highly custom kernel, of course. Floppy only, no hard
disk. The only way to fix/customize the box was to generate a new floppy
image on my build host. The floppy was derived from the very old kernel
install stuff (crunchgen/crunchide based binary, initialization shell
script, but not ramdisk, but floppy as root filesystem!). IIRC the box
could be run without any fan, i.e. noiseless, and bridged 2 10-mbit coax
based ethernets quite fine (fine in relation to what was fine *then*!).

Kind regards,

Hannah.

Intel x86-64 using the amd64 platform

[Brian Drain]

Hello misc@

I've read through the FAQ and done some searching on the mailing lists +
google, but I cannot find a definitive answer to my question.  To keep
it simple, I'm looking at installing OpenBSD on a ThinkPad T61p w/Intel
Core 2 Duo.  I've been reading that the amd64 platform will work however
the NX bit isn't supported.  Intel has since come out with their own
version of the NX bit for whatever reason (shouldn't they have just
copied it like they did everything else?), the XD bit.  Has this been
implemented anywhere so that the amd64-bit platform, running under an
Intel proc, will support W^X?  If not it looks like I should stick with
32-bit... and if not, any plans in the future on implementing Intel's
specific XD bit?


Thanks,
Brian Drain

Re: Intel x86-64 using the amd64 platform

[Theo de Raadt]

 I've read through the FAQ and done some searching on the mailing lists +
 google, but I cannot find a definitive answer to my question.  To keep
 it simple, I'm looking at installing OpenBSD on a ThinkPad T61p w/Intel
 Core 2 Duo.  I've been reading that the amd64 platform will work however
 the NX bit isn't supported.

Not all Intel cpu's support it.

 Intel has since come out with their own
 version of the NX bit for whatever reason (shouldn't they have just
 copied it like they did everything else?), the XD bit.

It isn't their own XD bit.  They just couldn't help letting the lawyers
rename it and put a trademark on it.

It works exactly the same.  Except on some Intel machines where it does not
exist, or where it is broken.

 Has this been
 implemented anywhere so that the amd64-bit platform, running under an
 Intel proc, will support W^X?

Most Intel processors now do it correctly.

 If not it looks like I should stick with
 32-bit... and if not, any plans in the future on implementing Intel's
 specific XD bit?

There is no Intel specific XD bit.  It works 100% the same.  It is
identical.

Intel just felt that they needed to rename everything because it would
make things oh so much more clear.

Re: Can OpenBSD run in 24 MB of RAM?

[Wade, Daniel]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
 Behalf Of Stuart Henderson
 Sent: Thursday, September 04, 2008 12:11 PM
 To: misc@openbsd.org
 Subject: Re: Can OpenBSD run in 24 MB of RAM?

 On 2008-09-04, Giancarlo Razzolini [EMAIL PROTECTED] wrote:
  Never ran with 24MB, but note mentioned that I've run an openbsd
  firewall on a pentium 133, with 32MB of ram. It had everything a
  firewall for home uses need, DNS, DHCP and the firewall rules.
 I've
  upgraded to 64MB so i could run a squid proxy, apache server and
 openvpn
  server. Ran it for more than a year. OpenBSD is a very small
 footprint
  operational system. I believe it will run in 24MB with no
 problems.

 I had problems on a 32MB soekris 4526 just using it as an access
 point.
 bridge + hostap + that's it. but with swap available you could do
 more.


I run my home router with 32MB of RAM, it does require some swap though.
I'm running dhcpd, ntpd, pf, named, and two bitchx clients.
The heavy hitter on RAM being named, it's currently using around 17MB
I've been meaning to change over to djbdns, I just haven't yet.
Everything runs smoothly as is.

load averages:  0.09,  0.18,  0.14
28 processes:  27 idle, 1 on processor
CPU states:  0.5% user,  0.0% nice,  0.5% system,  0.2% interrupt, 98.9% idle
Memory: Real: 5884K/22M act/tot  Free: 2188K  Swap: 20M/65M used/tot

OpenBSD 4.4-beta (GENERIC) #1012: Sun Aug  3 09:57:38 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD-K6tm w/ multimedia extensions (AuthenticAMD 586-class) 200 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,MMX
real mem  = 33124352 (31MB)
avail mem = 22052864 (21MB)

Re: Intel x86-64 using the amd64 platform

[Brian Drain]

Thank you Theo for the quick reply.  I will give it a shot as it appears
from your answer the newer Intel processors should have this
functionality, albeit named very unconventionally.  Would there be
something in dmesg that would indicate proper W^X support once
installed?

Maybe one of these days closed hardware vendors like Intel, Creative,
etc., will open up a bit and provide the necessary support to people
trying to write software that will flawlessly work with various
hardware, much better than the original vendor could ever dream of
doing.

Best regards,
Brian Drain

-Original Message-
From: Theo de Raadt [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2008 12:13 PM
To: Brian Drain
Cc: misc@openbsd.org
Subject: Re: Intel x86-64 using the amd64 platform

 I've read through the FAQ and done some searching on the mailing lists

 + google, but I cannot find a definitive answer to my question.  To
 keep it simple, I'm looking at installing OpenBSD on a ThinkPad T61p
 w/Intel Core 2 Duo.  I've been reading that the amd64 platform will
 work however the NX bit isn't supported.

Not all Intel cpu's support it.

 Intel has since come out with their own version of the NX bit for
 whatever reason (shouldn't they have just copied it like they did
 everything else?), the XD bit.

It isn't their own XD bit.  They just couldn't help letting the lawyers
rename it and put a trademark on it.

It works exactly the same.  Except on some Intel machines where it does
not exist, or where it is broken.

 Has this been
 implemented anywhere so that the amd64-bit platform, running under an
 Intel proc, will support W^X?

Most Intel processors now do it correctly.

 If not it looks like I should stick with 32-bit... and if not, any
 plans in the future on implementing Intel's specific XD bit?

There is no Intel specific XD bit.  It works 100% the same.  It is
identical.

Intel just felt that they needed to rename everything because it would
make things oh so much more clear.

Re: Intel x86-64 using the amd64 platform

[patric conant]

This is OT, but I am curious as to the application that makes no-execute a
killer feature for you?

On Thu, Sep 4, 2008 at 12:05 PM, Brian Drain [EMAIL PROTECTED] wrote:

 Hello misc@

 I've read through the FAQ and done some searching on the mailing lists +
 google, but I cannot find a definitive answer to my question.  To keep
 it simple, I'm looking at installing OpenBSD on a ThinkPad T61p w/Intel
 Core 2 Duo.  I've been reading that the amd64 platform will work however
 the NX bit isn't supported.  Intel has since come out with their own
 version of the NX bit for whatever reason (shouldn't they have just
 copied it like they did everything else?), the XD bit.  Has this been
 implemented anywhere so that the amd64-bit platform, running under an
 Intel proc, will support W^X?  If not it looks like I should stick with
 32-bit... and if not, any plans in the future on implementing Intel's
 specific XD bit?


 Thanks,
 Brian Drain




-- 
Some software money can't buy. For everything else there's Micros~1.

Re: Intel x86-64 using the amd64 platform

[Theo de Raadt]

 Thank you Theo for the quick reply.  I will give it a shot as it appears
 from your answer the newer Intel processors should have this
 functionality, albeit named very unconventionally.  Would there be
 something in dmesg that would indicate proper W^X support once
 installed?

cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW

That little 'NXE' above indicates it has it.  Whether it works correct or
not is another matter.

 Maybe one of these days closed hardware vendors like Intel, Creative,
 etc., will open up a bit and provide the necessary support to people
 trying to write software that will flawlessly work with various
 hardware, much better than the original vendor could ever dream of
 doing.

Good lord; why would they do that.  Their investment overlords would
never permit a open and fair playing field or competitive market.
Monopolies like monopolies, and olygopolies are really just
monolopies.

Re: Intel x86-64 using the amd64 platform

[Brian Drain]

Hello Patric -

No particular application but as an available security feature, albeit
not the panacea the masses thought it would be when released, I was just
curious how it potentially worked (or didn't work) with the Intel
processors using amd64.  I can say in the environments I've been in, NX
never stopped anything, just slightly mitigated the damage done (and
even that was debatable).  I would have to assume that with the
stability and maturity I've come to find in OpenBSD W^X may never come
in to play or ever be needed.


Cheers,
Brian Drain



From: patric conant [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2008 12:22 PM
To: Brian Drain
Cc: misc@openbsd.org
Subject: Re: Intel x86-64 using the amd64 platform


This is OT, but I am curious as to the application that makes no-execute
a killer feature for you?


On Thu, Sep 4, 2008 at 12:05 PM, Brian Drain [EMAIL PROTECTED]
wrote:


Hello misc@

I've read through the FAQ and done some searching on the mailing
lists +
google, but I cannot find a definitive answer to my question.
To keep
it simple, I'm looking at installing OpenBSD on a ThinkPad T61p
w/Intel
Core 2 Duo.  I've been reading that the amd64 platform will work
however
the NX bit isn't supported.  Intel has since come out with their
own
version of the NX bit for whatever reason (shouldn't they have
just
copied it like they did everything else?), the XD bit.  Has this
been
implemented anywhere so that the amd64-bit platform, running
under an
Intel proc, will support W^X?  If not it looks like I should
stick with
32-bit... and if not, any plans in the future on implementing
Intel's
specific XD bit?


Thanks,
Brian Drain






--
Some software money can't buy. For everything else there's Micros~1.

Re: Can OpenBSD run in 24 MB of RAM?

[Tim Beikuefner]

[EMAIL PROTECTED] schrieb:

I've searched the FAQ and the Web for any guidance on what the minimum RAM
is for OpenBSD, with and without X.

I just acquired a Compaq Armada 1125 laptop that maxes out at 24 MB of
RAM, and I'm wondering whether or not it's feasible to run OpenBSD on it.

Re: Intel x86-64 using the amd64 platform

[Brian Drain]

No.

Just a general statement regarding some vendors being completely inept
at letting developers get access to what they think is IP and
preventing them from running hardware that they purchased on whatever
platform they want without the need to reverse engineer it.

-Original Message-
From: Ted Unangst [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 04, 2008 1:04 PM
To: Brian Drain
Cc: Theo de Raadt; misc@openbsd.org
Subject: Re: Intel x86-64 using the amd64 platform

On 9/4/08, Brian Drain [EMAIL PROTECTED] wrote:
  Maybe one of these days closed hardware vendors like Intel, Creative,

 etc., will open up a bit and provide the necessary support to people
 trying to write software that will flawlessly work with various
 hardware, much better than the original vendor could ever dream of
 doing.

Was this related to NX bit support?  Because NX is documented and does
work flawlessly.

Re: Intel x86-64 using the amd64 platform

[Ted Unangst]

On 9/4/08, Brian Drain [EMAIL PROTECTED] wrote:
  Maybe one of these days closed hardware vendors like Intel, Creative,
  etc., will open up a bit and provide the necessary support to people
  trying to write software that will flawlessly work with various
  hardware, much better than the original vendor could ever dream of
  doing.

Was this related to NX bit support?  Because NX is documented and does
work flawlessly.

Re: Can OpenBSD run in 24 MB of RAM?

[Nuno Magalhães]

I installed 4.3 onto a Compaq  Armada 1500 with 32RAM. I got nginx
working with PHP though fastcgi but before i could test it any further
i got it upgraded to 96MB. It was handling it well enough with 32, i
guess... you can't really tell just how much RAM is in deed being
used. I'm still keeping it low profile, with SQLite. It's basically my
test box for fiddling around with servers. FTP was a try but needs
work, i was trying vsftp i think.

Then i got very slow ssh responses but worked around it disabling DNS
in ssh.conf (or something like that). Quite a fun thread to read :D
Next step will be fiddling around with the printer. I was trying CUPS
but guess what, it depends on X - which i obviously don't have
installed. The best response i got here was man lpd... So we'll see.

The main purpose of using it, besides the fun, is to maybe upgrade it
to support a large hard-drive so it can be on 24/7 and act as my /home
throughout my home network. Using its USB 1.0 would be kinda slow but
finding a decent HD for this old box is not that easy (i.e. internal
or fiddle with the cables and adapt a normal external IDE)... Plus i
dunno if there are any size limits for booting and all that, maybe
that's solved with a small /boot partition at the begining of the
drive?

-- 
Nuno MagalhC#es

Re: Can OpenBSD run in 24 MB of RAM?

[Stuart Henderson]

On 2008-09-04, Wade, Daniel [EMAIL PROTECTED] wrote:
 I've been meaning to change over to djbdns, I just haven't yet.

take a look at Unbound (port/package in 4.4/-current), it's quite nice.

Re: Can OpenBSD run in 24 MB of RAM?

[Tim Beikuefner]

I used to run OpenBSD 4.2 on a sun SparcClassic with 24MB and it ran 
pretty cool, i used the box as web server and vpn gateway, 2 users had 
screen sessions with irssi and mcabber.

pf to block against DDoS?

[Redd Vinylene]

Hello hello!

I was quite shocked today when I heard I could use pf to block against DDoS
attacks, using Stateful Tracking Options,
http://www.openbsd.org/faq/pf/filter.html#stateopts.

But does anybody have any nice setups of this they'd want to share?

Much obliged, and thanks.

-- 
http://www.home.no/reddvinylene

Re: apache proxy balancer for 1.3?

[Francisco Valladolid Hdez.]

Hi.

--- L. V. Lammert [EMAIL PROTECTED] wrote:

 At 03:11 PM 9/3/2008 -0700, Aaron Glenn wrote:
 On Tue, Sep 2, 2008 at 3:50 PM, L. V. Lammert
 [EMAIL PROTECTED] wrote:
   Has anyone seen something like the 2.1
 proxy_balancer we could use with 
  1.3?

I know than mod_accel work as reverse proxy in Apache
1.x.

http://sysoev.ru/mod_accel/mod_accel-1.0.34.tar.gz

more info in:  

http://sysoev.ru/en/

I hope that you found some of your interest.

Regards
ficovh

  
  Lee
 
 skimming the proxy_balancer description, I would
 have to say relayd
 should fit the bill...?
 
 Interesting, .. looks like it might also handle the
 SSL connection - thanks!!
 
  Lee

OpenBSD 4.4 pre-orders

[Theo de Raadt]

Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

   http://www.openbsd.org/orders.html

As well, the new song for the release is also being made available at
the same time.  This can be found at

   http://www.openbsd.org/lyrics.html

Enjoy the song, and think about ordering some of our things, since
purchases help fund the project.  Thanks.

Re: Stop in line 888 of Makefile

[Tom Rosso]

Doug Milam wrote:
 Thanks; that was my best guess since these commands are part of a 
shell script. In any case, this script was run as root (not merely using 
sudo).



 --- On Sun, 8/24/08, Philip Guenther [EMAIL PROTECTED] wrote:

 From: Philip Guenther [EMAIL PROTECTED]
 Subject: Re: ln: /obsd: Operation not permitted
 To: [EMAIL PROTECTED]
 Cc: Misc OpenBSD misc@openbsd.org
 Date: Sunday, August 24, 2008, 10:36 PM
 On Sun, Aug 24, 2008 at 10:26 PM, Doug Milam
 [EMAIL PROTECTED] wrote:
 The following error occurs after the command

 cd /usr/src/sys/arch/i386/compile/GENERIC;
 make clean  make depend  make
 ln /bsd /obsd
 ln: /obsd: Operation not permitted
 *** Error code 1
 You *sure* that was the command you invoked?  That looks
 like the
 result of doing make install as non-root.


 Philip Guenther



Doug Milam wrote:

ln: /obsd: Operation not permitted
*** Error code 1

Stop in /usr/src/sys/arch/i386/compile/GENERIC (line 888 of Makefile).

--running as root



Does make install work when run outside of your script?

Tom

Re: apache proxy balancer for 1.3?

[Stuart Henderson]

On 2008-09-03, L. V. Lammert [EMAIL PROTECTED] wrote:
 At 03:11 PM 9/3/2008 -0700, Aaron Glenn wrote:
On Tue, Sep 2, 2008 at 3:50 PM, L. V. Lammert [EMAIL PROTECTED] wrote:
  Has anyone seen something like the 2.1 proxy_balancer we could use with 
 1.3?
 
 Lee

skimming the proxy_balancer description, I would have to say relayd
should fit the bill...?

 Interesting, .. looks like it might also handle the SSL connection - thanks!!

transparently, too. (i.e. the web server can see the original
source IP address).

Re: pf to block against DDoS?

[Oliver Peter]

On Thu, Sep 04, 2008 at 09:23:09PM +0200, Redd Vinylene wrote:
 Hello hello!
 
 I was quite shocked today when I heard I could use pf to block against DDoS
 attacks, using Stateful Tracking Options,
 http://www.openbsd.org/faq/pf/filter.html#stateopts.
 
 But does anybody have any nice setups of this they'd want to share?
 
 Much obliged, and thanks.

... nice cross-post.

I can recommend reading through this as well:
  http://www.bgnett.no/~peter/pf/en/bruteforce.html

-- 
Oliver PETER, email: [EMAIL PROTECTED], ICQ# 113969174
If it feels good, you're doing something wrong.
  -- Coach McTavish

Re: pf to block against DDoS?

[Subhro]

What exactly are you looking for? Are you looking for example rulesets?

Thanks
Subhro



On 9/5/08, Redd Vinylene [EMAIL PROTECTED] wrote:
 Hello hello!

 I was quite shocked today when I heard I could use pf to block against DDoS
 attacks, using Stateful Tracking Options,
 http://www.openbsd.org/faq/pf/filter.html#stateopts.

 But does anybody have any nice setups of this they'd want to share?

 Much obliged, and thanks.

 --
 http://www.home.no/reddvinylene
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]


-- 
Sent from Gmail for mobile | mobile.google.com

Subhro Kar
Software Engineer
Dynamic Digital Technologies Pvt. Ltd.
EPY-3, Sector: V
Salt Lake City
700091
India

Re: pf to block against DDoS?

[Lars Noodén]

Oliver Peter wrote:
 I can recommend reading through this as well:
   http://www.bgnett.no/~peter/pf/en/bruteforce.html

You can also use two tables so that the first overload gets shunted to a
slow queue and given a second chance before ending up in the second
table which gets blocked.

-Lars

Re: apache proxy balancer for 1.3?

[L. V. Lammert]

At 08:17 PM 9/4/2008 +, you wrote:

On 2008-09-03, L. V. Lammert [EMAIL PROTECTED] wrote:

 Interesting, .. looks like it might also handle the SSL connection - 
thanks!!


transparently, too. (i.e. the web server can see the original
source IP address).


Unfortunately, it doesn't look like this will install with the standard 1.3 
(make patches the Apache sources and the mod_proxy, mod_rewrite, 
mod_charset and mod_ssl modules), ..


Can't justify tearing up the server just for a module that may or may not 
work - the notes on load balancing  failover haven't been translated, .. 
and from some earlier clues, it appears that it can't handle different 
ports anyway.


Bummer, but thanks for the suggetion!

Lee

Re: OpenBSD 4.4 pre-orders

[Diana Eichert]

On Thu, 4 Sep 2008, Theo de Raadt wrote:


Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

   http://www.openbsd.org/orders.html

As well, the new song for the release is also being made available at
the same time.  This can be found at

   http://www.openbsd.org/lyrics.html

Enjoy the song, and think about ordering some of our things, since
purchases help fund the project.  Thanks.


Yea!

Thanks to all the developers for a job well done.

diana

Re: pf to block against DDoS?

[johan beisser]

On Sep 4, 2008, at 12:23 PM, Redd Vinylene wrote:
I was quite shocked today when I heard I could use pf to block  
against DDoS

attacks, using Stateful Tracking Options,
http://www.openbsd.org/faq/pf/filter.html#stateopts.

But does anybody have any nice setups of this they'd want to share?


I'd not describe that as an anti-DDoS capability. It's hard to simply  
write a direct pf.conf that'll handle most attacks like this.


On the other hand, bruteforce DDoS attacks are pretty easy to find and  
block, once you know what you're looking for. For example, too many  
requests to a specific port might be a bruteforce attack, so tagging  
that stream and assigning it to a specific low priority queue (or just  
outright blocking) may work well (basically via overload rulesets in  
pf.conf and altq).


But, most DDoS attacks aren't layer 7 (application), they're generally  
layer 3 (network), and use ICMP, UDP, or TCP, and due to how delivery  
of the packets will happen it can still saturate your line.


Of course, you can synproxy at the firewall for inbound TCP packets,  
and hopefully preserve performance for the application behind it, and  
simply permit the session to establish AFTER the handshake completed.


My likely assumption is that the same host hitting ports 80 and 443  
too rapidly with too many requests may be an attacker, but it might be  
a browser that's just configured to connect with multiple requests at  
the same time (custom network.http.pipelining.maxrequests in Firefox,  
for example). So outright blocking the IP could alienate some clients.  
It would be better to assign to a low BW or low priority queue via  
altq for a given table.


I've really put too much thought in to this.

-jb

Possibly OT... allowing daemon mpd to access samba shares

[Anathae Townsend]

I'm currently trying to set up and OpenBSD machine (4.4 beta 08/08/23) 

To run as a SaMBa server and a music server using the mpd package.

 

A global windows share known as //Rowena/music has been set up to

gather the songs and I attempted to configure mpd as using that as

the music directory.  When mpd is started, it complains that

/var/samba/music can not be opened because of permissions

 

/var/samba/music has group set to samba and user set to samba uid 561

gid 561.  Permissions are -rwxrwx---, user _mpd (mpd drops to this user

when started by root, is a member of _mpd and samba.

 

If I set permissions on the directory to 777, mpd runs fine.

 

Any pointers on where in the manual I should look? Or even suggestions

on how to fix the problem?

 

Anathae

Re: OpenBSD 4.4 pre-orders

[Paul de Weerd]

On Thu, Sep 04, 2008 at 01:59:04PM -0600, Theo de Raadt wrote:
| Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at
| 
|  http://www.openbsd.org/orders.html
| 
| As well, the new song for the release is also being made available at
| the same time.  This can be found at
| 
|  http://www.openbsd.org/lyrics.html
| 
| Enjoy the song, and think about ordering some of our things, since
| purchases help fund the project.  Thanks.

Cool song, great release ! I like the tribute to the guys that started
all of this. So for this release, thanks not only go to the OpenBSD
developers, but also to the guys who gave us BSD in the first place.

Undeadly article now also online :

http://undeadly.org/cgi?action=articlesid=20080904204021

All of you WPA people out there : go on, buy a copy (or a few more).
You have no reason not to with 4.4 ;)

Cheers,

Paul 'WEiRD' de Weerd


-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: Possibly OT... allowing daemon mpd to access samba shares

[Antoine Jacoutot]

On Thu, 4 Sep 2008, Anathae Townsend wrote:
 gid 561.  Permissions are -rwxrwx---, user _mpd (mpd drops to this user
 
 when started by root, is a member of _mpd and samba.
 
  
 
 If I set permissions on the directory to 777, mpd runs fine.

I always saw that behaviour with mpd. I'd be curious if anyone comes up 
with a solution.

-- 
Antoine

Re: OpenBSD 4.4 pre-orders

[new_guy]

Theo de Raadt wrote:
 
 Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at
 
  http://www.openbsd.org/orders.html
 
 

Do the first X number of pre-orders get autographed... or something :)

-- 
View this message in context: 
http://www.nabble.com/OpenBSD-4.4-pre-orders-tp19318881p19320510.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Can OpenBSD run in 24 MB of RAM?

[ropers]

2008/9/4  [EMAIL PROTECTED]:
 I've searched the FAQ and the Web for any guidance on what the minimum RAM
 is for OpenBSD, with and without X.

 I just acquired a Compaq Armada 1125 laptop that maxes out at 24 MB of
 RAM, and I'm wondering whether or not it's feasible to run OpenBSD on it.

I kept thinking that I had read an answer to that question in some
part of the documentation in the past, but like the OP, I couldn't
find it in the FAQ. Now I've found it: It's in INSTALL.386 --on the
web e.g. at http://anga.funkfeuer.at/ftp/pub/OpenBSD/4.3/i386/INSTALL.i386
(and other mirrors)-- where is says among other things:

 The minimal configuration to install the system is 24MB or 32MB of RAM and
perhaps 200MB of disk space.  To install the entire system requires much more
disk space, and to run X or compile the system, more RAM is recommended.

I'm not, btw. entirely sure why it says 24MB *or* 32MB, but anyway.

kind regards,
--ropers

Re: OpenBSD 4.4 pre-orders

[Jay Hart]

 Theo de Raadt wrote:

 Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

 http://www.openbsd.org/orders.html



 Do the first X number of pre-orders get autographed... or something :)


Direct ship your copy to me, I'll test it out for you, sign that its a good
copy, and send it to you.  Will that work?

J

 --
 View this message in context:
 http://www.nabble.com/OpenBSD-4.4-pre-orders-tp19318881p19320510.html
 Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Can OpenBSD run in 24 MB of RAM?

[Nick Holland]

ropers wrote:
 2008/9/4  [EMAIL PROTECTED]:
 I've searched the FAQ and the Web for any guidance on what the minimum RAM
 is for OpenBSD, with and without X.

 I just acquired a Compaq Armada 1125 laptop that maxes out at 24 MB of
 RAM, and I'm wondering whether or not it's feasible to run OpenBSD on it.
 
 I kept thinking that I had read an answer to that question in some
 part of the documentation in the past, but like the OP, I couldn't
 find it in the FAQ. Now I've found it: It's in INSTALL.386 --on the
 web e.g. at http://anga.funkfeuer.at/ftp/pub/OpenBSD/4.3/i386/INSTALL.i386
 (and other mirrors)-- where is says among other things:
 
 The minimal configuration to install the system is 24MB or 32MB of RAM and
 perhaps 200MB of disk space.  To install the entire system requires much more
 disk space, and to run X or compile the system, more RAM is recommended.
 
 I'm not, btw. entirely sure why it says 24MB *or* 32MB, but anyway.

Because it is hard to get a machine down to 24M RAM anymore. :)

I actually have some 16M DIMMs which allowed me to build a real 450MHz
PII machine with 16M RAM. :)

I have difficulty coming up with a practical app for such a machine,
however.  IF it doesn't already have 24M RAM in it, upgrading to that
would be unpleasant.

You won't want to compile anything.
You won't want to use X (don't know that you would want to do that
on that screen anyway).
You won't be using any big applications.
You won't be using any medium-sized applications.
You won't be running many small applications.

I guess if you need a portable serial console, it might be pretty
good, though the battery is probably dead.

100MHz P1 is enough for ssh, but it isn't really fun.

Finding a PCMCIA network adapter that works on a machine that old
might be lots of fun, too.

I think I started writing a FAQ article a few times on minimum
hardware a few times.  It kept turning into a sermon. :)

Short version: If you are new to OpenBSD, I'm going to say a P-II,
4G HD, 64M RAM would be the least I'd suggest.  A lot of things
a LOT less will work just fine for a LOT of applications, but
when you are learning, you want to have something you can
screw-up and reload many times without horrible delays.  You want
to be able to say, What happens when I do THIS? and even look
forward to it blowing up and requiring a complete reload.  Can you
do repeated reloads on a 486/25?  Of course.  However, if you got
that kinda time on your hands, you need a job.

Experienced users usually have no problem figuring out what they
need to run their applications.

Also keep in mind, the goal is most likely not running OpenBSD,
the goal is probably some task which runs on top OpenBSD.  24M is
plenty to sit at a shell prompt, but I doubt that's your goal.

Nick.

Re: OpenBSD 4.4 pre-orders

[Andres Genovez]

2008/9/4 Theo de Raadt [EMAIL PROTECTED]

 Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

   http://www.openbsd.org/orders.html

 As well, the new song for the release is also being made available at
 the same time.  This can be found at

   http://www.openbsd.org/lyrics.html

 Enjoy the song, and think about ordering some of our things, since
 purchases help fund the project.  Thanks.

 Hi I purchased 4.3 on April :).

I am going to show it on Software Freedom Day, does anybody knows somebody
who wants to help me in this event in September 19-20 in Universidad del
Azuay in my country-city, please contact me.

Sincerily

Andres

P.D. Look what I did to my Jacket :), http://www.crice.org/?q=node/130


--
Atentamente

Andris Genovez Tobar / Departamento Tecnico
COMERCIAL SALVADOR PACHECO MORA S.A. / DESDE 1945
SPM TECNOLOGIAS
Cuenca, Luis Cordero 9-70 y Gran Colombia
Av. 27 de Febrero y Jacinto Flores
Telifono. 593-7-2842388 ext 103
Fax. 593-7-2842388 ext 120
Celular 593-97670874
593-96816996 Alegro
Mail: [EMAIL PROTECTED]
Viaje: [EMAIL PROTECTED]
www.cspmsa.com
www.crice.org

Re: Can OpenBSD run in 24 MB of RAM?

[Rod Whitworth]

On Thu, 04 Sep 2008 19:33:11 -0400, Nick Holland wrote:

Experienced users usually have no problem figuring out what they
need to run their applications.

Also keep in mind, the goal is most likely not running OpenBSD,
the goal is probably some task which runs on top OpenBSD.  24M is
plenty to sit at a shell prompt, but I doubt that's your goal.

Hehe. I did a favour for a client and took his son's Thinkpad 240 (nice
and small, dead battery, PCMCIA CD drive etc) I forget how much RAM but
not very.

Can't install from a CD because of catch 22 - CD unbootable until an OS
is installed 8-)
OBSD boots nicely from external floppy, connnects via PCMCIA NIC to my
install server, installs happily.

All I want it for is to run cu to talk to Soekris boxes in the field so
I can even leave out the external FDD but it's then i find out that the
RS232 port is dead.

At that point I am glad that OBSD is so easy to install that the effort
was not great and sad that I didn't forsee that something that old and
so battered would likely have problems.

Ahhh well, another paperweight like most of the machines mentioned in
threads like this. It just makes me feel as old as these war stories...

~|^
 ==

R/
(Offlist replies to the supplied reply-to: or discover tarpitting ;-} )


Rod/
_
Depressed? Me?
Don't make me laugh!
:Spike Milligan:1918-2002:

Re: OpenBSD 4.4 pre-orders

[Frank Bax]

new_guy wrote:

Theo de Raadt wrote:

Pre-orders for OpenBSD 4.4 (CD, tshirt, poster) are up at

   http://www.openbsd.org/orders.html



Do the first X number of pre-orders get autographed... or something :)





The first X pre-orders get a LOT more than just autographs!!  Order now!

It seems X is always lower than where my order is on list; I think 
perhaps X=0.


I keep hoping for the release where Canada Post delivers my copy before 
release date.

Re: dvorak keyboard not working still!

[c666]

[demime could not interpret encoding  - treating as plain text]
I still have no success trying all the advice given to me.  Dvorak 
is still not functional.  Anything else I should look into?  Please 
note, I'm trying to get this to work on the console.  This being a 
server, I don't have X running.  Below is what I tried:

wsconsctl keyboard.encoding=us.dvorak
   keyboard.encoding - us.dvorak

the line above is how my OpenBSD 4.3 server responded but asdf jkl; 
still produces asdf jkl;

/etc/kbdtype
   us.dvorak

and I rebooted, still asdf jkl; produces asdf jkl;

I even tried this before I sent my original post:

wsconsctl.conf
  keyboard.encoding=us.dvorak

and I rebooted, but still asdf jkl; produces asdf jkl;

The one thing I did not try is selecting us.dvorak when installing 
OpenBSD but I don't want to recreate my server at this point in 
time for a dvorak layout.  But believe me, I'll definitely try it 
the next time I install OpenBSD.

Please, anything else I should look into?  For those who responded, 
I appreciate the help.  Don't be offended about my next question.  
For those who have dvorak running, is it on an OpenBSD 4.3 release--
not stable?  I generally try to keep my OpenBSD installations as 
default as possible--except dvorak if I can get it running.

Re: Can OpenBSD run in 24 MB of RAM?

[Steve Shockley]

ropers wrote:

I'm not, btw. entirely sure why it says 24MB *or* 32MB, but anyway.


Must be the video ram used by AGP...

Re: Using PF to NAT internal addresses over an IPSec link

[Toby Burress]

Well, I've got it.  It turns out it's kind of easy, although not
as pretty as it could be.

Basically, you use relayd.  The one caveat is that this means that
from the OpenBSD box, you need to be able to talk to the remote,
private IPs without binding to a particular address.

In relayd.conf, you enable relays on a port-by-port basis, so you
can't allow blanket access.

Re: bgpd extension handling capabilities

[Graeme Lee]

I have applied the patch supplied by Henning, and now get the following in 
my bgpctl show neighbor


 Neighbor capabilities:
   Multiprotocol extensions: IPv4 Unicast  (previously was unknown (128))



yes, with my patch, we simply ignore the annoucement and show the default.

  


Can this patch (along with IPv6) be considered for current?

Thanks,

g

Re: dvorak keyboard not working still!

[Timo Myyrä]

I'm using dvorak layout on console and on X.

On X I use custom xmodmap to get C$C6 -letters.

On console I have keyboard.encoding=us.dvorak on
/etc/wsconsctl.conf.

One downside is that it doesn't work straight with my
USB-keyboard and I need to manually load dvorak with
sudo kbd us.dvorak and it works just fine after that.

I'm using -current branch but it did work on 4.3-release
too. I didn't choose dvorak on installation but added it
later.

Are you directly connected to server with your keyboard
etc or do you take remote connection to it?

Timo


[EMAIL PROTECTED] wrote:

[demime could not interpret encoding  - treating as plain text]
I still have no success trying all the advice given to me.  Dvorak 
is still not functional.  Anything else I should look into?  Please 
note, I'm trying to get this to work on the console.  This being a 
server, I don't have X running.  Below is what I tried:


wsconsctl keyboard.encoding=us.dvorak
   keyboard.encoding - us.dvorak

the line above is how my OpenBSD 4.3 server responded but asdf jkl; 
still produces asdf jkl;


/etc/kbdtype
   us.dvorak

and I rebooted, still asdf jkl; produces asdf jkl;

I even tried this before I sent my original post:

wsconsctl.conf
  keyboard.encoding=us.dvorak

and I rebooted, but still asdf jkl; produces asdf jkl;

The one thing I did not try is selecting us.dvorak when installing 
OpenBSD but I don't want to recreate my server at this point in 
time for a dvorak layout.  But believe me, I'll definitely try it 
the next time I install OpenBSD.


Please, anything else I should look into?  For those who responded, 
I appreciate the help.  Don't be offended about my next question.  
For those who have dvorak running, is it on an OpenBSD 4.3 release--
not stable?  I generally try to keep my OpenBSD installations as 
default as possible--except dvorak if I can get it running.

Re: Stop in line 888 of Makefile

[Doug Milam]

I have not set an immutable flag, but the current flag is schg for /bsd

 On Thu, Sep 04, 2008 at 08:01:35AM -0700, Doug Milam wrote:
 ln: /obsd: Operation not permitted
 *** Error code 1
 
 Stop in /usr/src/sys/arch/i386/compile/GENERIC (line
 888 of Makefile).
 
 --running as root
 
 Have you ever set an immutable flag? (ls -lo /bsd /nbsd
 /obsd)
 
 Kind regards,
 
 Hannah.

Re: Stop in line 888 of Makefile

[Doug Milam]

It does not, no

 Doug Milam wrote:
  ln: /obsd: Operation not permitted
  *** Error code 1
  
  Stop in /usr/src/sys/arch/i386/compile/GENERIC (line
 888 of Makefile).
  
  --running as root
  
 
 Does make install work when run outside of your script?
 
 Tom

Re: Stop in line 888 of Makefile

[Ted Unangst]

On Thu, Sep 4, 2008 at 11:09 PM, Doug Milam [EMAIL PROTECTED] wrote:
 I have not set an immutable flag, but the current flag is schg for /bsd

Then you should talk to the person who did set the immutable flag.

Link exchange with my google PR 4 site

[[EMAIL PROTECTED]]

Hello,

My name is April and I work for a company called Theatons Toys, a specialist 
manufacturer of mental development toys. We found your website and are 
interested in a three-way link exchange. If you place our link on your site, I 
will reciprocate a link back to your site (may be a subpage or homepage) with 
whatever link text you desire on our Google PageRank 4 directory, 
http://www.nd-la-salette.com.

Link exchange is usually an arduous process, so we have made a system that is 
quick. If you are interested in exchanging a link follow these instructions:

1 - Go to this URL: 
http://www.nd-la-salette.com/confirm/+id=141634/+confirm=6920858733d35550b55ca6485fe3277609cad9df
2 - Place our link on your site as instructed on the above URL
3 - Once you have added the link fill in the form with your link details

Once these steps are completed your link will be live. There are no lengthy 
processes, just quick and easy links. You will be given 3 links in our 
directory: 1 on your own listing, 1 on your category listing and a temporary 
link on our PageRank 4 homepage.

If you have any issues, please email me at: [EMAIL PROTECTED]

Yours sincerely

April Duvalle
Theatons Toys