Re: fetch package dependencies
On Mon, 2 Feb 2009, BadMagic wrote: On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B?ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Set the PKG_PATH env variable. Then, if a particular package can't be found, the directories in the PKG_PATH are searched. That way, you can stick the ftp server in there and if the package isn't installed already or in a local dir, it'll fetch it from the ftp site. You can stick it in your ~/.bashrc, ~/.cshrc whatever. It's colon delimited and each dir/path needs to be terminated with a '/' like: export PKG_PATH=./:/packages/:ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/ Hope this helps. No, this won't help. Dorian stated clearly that there is no network connection available on the host he will install the packages on. He could use the output of make print-run-depends for each port he would like to install and fetch those packages. But this would require another computer with -current and an installed ports tree. Not an option if I read the OP correctly. Kind regards, Markus
Article about network monitoring system developed on OpenBSD
Hi, Few months back (maybe years) there was article posted (I don't think that was on undeadly) about monitoring system in early stage of development which suppose to be fast, scalable, managed from web and cli, better than anything else. There was no release at the time I've read the article, only repository access to the sources. I'm trying to find this article again, but I'm failing. Maybe someone from the list have it in bookmarks or is involved/interested in the project and has link to the article or homepage. -- best regards q#
Re: Article about network monitoring system developed on OpenBSD
On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote: Hi, Few months back (maybe years) there was article posted (I don't think that was on undeadly) about monitoring system in early stage of development which suppose to be fast, scalable, managed from web and cli, better than anything else. There was no release at the time I've read the article, only repository access to the sources. I'm trying to find this article again, but I'm failing. Maybe someone from the list have it in bookmarks or is involved/interested in the project and has link to the article or homepage. would this be it: ? http://labs.omniti.com/trac/reconnoiter/ -- best regards q# cel -- Christopher Linn celinn at mtu.edu | By no means shall either the CEC System Administrator II | or MTU be held in any way liable Center for Experimental Computation | for any opinions or conjecture I Michigan Technological University | hold to or imply to hold herein.
Re: Article about network monitoring system developed on OpenBSD
On Mon, Feb 02, 2009 at 10:53:45AM -0500, Christopher Linn wrote: On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote: Hi, Few months back (maybe years) there was article posted (I don't think that was on undeadly) about monitoring system in early stage of development which suppose to be fast, scalable, managed from web and cli, better than anything else. There was no release at the time I've read the article, only repository access to the sources. I'm trying to find this article again, but I'm failing. Maybe someone from the list have it in bookmarks or is involved/interested in the project and has link to the article or homepage. would this be it: ? http://labs.omniti.com/trac/reconnoiter/ Perfect, that's the app. Here is the article which I was refering to: http://lethargy.org/~jesus/archives/121-Reconnoiter-and-another-platform.html Thanks! -- best regards q#
Re: spamd uatraps blacklist size
Jose Fragoso inet_use...@samerica.com writes: This list has gone quite small in size recently. The size changed from above 10 IP addresses to only 1 now. Could it be because University of Alberta is not being targeted so often anymore? Or is it because they have become more selective in trapping addresses? I actually think that you are seeing a decrease in the number of active spam senders. Other greytrappers (like my robot helpers) have seen a decrease in trapped hosts too. This could the effect of events like the McColo takedown last November, and possibly other less publicized events could have helped too. There is even a tiny possibility that some former spam senders have come under a more sensible sysadmin regime, and we can even hope that our greytrapping and 'name and shame' efforts are having some effect. We can dream, can't we? - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: VT: black text on black background
Thanks for the cvs commit info, Stuart! As for the clock, I've fixed it. ;)
Re: VT: black text on black background
On 2009-01-31, Matt Lukowicz mlukowic...@gmail.com wrote: Hello, whenever I kill the X server (Ctrl-Alt-Backspace), I get black text on a black background. I know that this bug has been re-fixed in OpenBSD 3.5, but I amstill getting it! I am running OpenBSD 4.4-release with the default X.org versions, and I have an ATI Rage 128 VR (PCI) on the i386 architecture. Any help is greatly appreciated. it's likely that a recent commit has worked around both this problem and the console gets dim after leaving X problem that some people have seen with Radeon. CVSROOT:/cvs Module name:src Changes by: m...@cvs.openbsd.org2009/02/01 07:37:22 Modified files: sys/dev/ic : vga.c vgareg.h vgavar.h Log message: Save the text mode color palette upon startup, and restore it when switching consoles or when X11 exits. Almost all other operating systems do this, and thus do not suffer from palette bugs in some X11 drivers. From FreeBSD.
Re: Firewall 4.3 is limiting bandwidth
Here are my sysctl net settings: net.inet.ip.forwarding=1 net.inet.ip.redirect=1 net.inet.ip.ttl=64 net.inet.ip.sourceroute=0 net.inet.ip.directed-broadcast=0 net.inet.ip.portfirst=1024 net.inet.ip.portlast=49151 net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 net.inet.ip.maxqueue=300 net.inet.ip.encdebug=0 net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=8 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 net.inet.ip.mtudisc=1 net.inet.ip.mtudisctimeout=600 net.inet.ip.ipsec-comp-alg=deflate net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 net.inet.ip.mforwarding=0 net.inet.ip.multipath=0 net.inet.ip.mrtproto=19 net.inet.icmp.maskrepl=0 net.inet.icmp.bmcastecho=0 net.inet.icmp.errppslimit=100 net.inet.icmp.rediraccept=1 net.inet.icmp.redirtimeout=600 net.inet.icmp.tstamprepl=1 net.inet.ipip.allow=0 net.inet.tcp.rfc1323=1 net.inet.tcp.keepinittime=150 net.inet.tcp.keepidle=14400 net.inet.tcp.keepintvl=150 net.inet.tcp.slowhz=2 net.inet.tcp.baddynamic=587,749,750,751,871 net.inet.tcp.recvspace=16384 net.inet.tcp.sendspace=16384 net.inet.tcp.sack=1 net.inet.tcp.mssdflt=512 net.inet.tcp.rstppslimit=100 net.inet.tcp.ackonpush=0 net.inet.tcp.ecn=0 net.inet.tcp.syncachelimit=10255 net.inet.tcp.synbucketlimit=105 net.inet.tcp.rfc3390=1 net.inet.tcp.reasslimit=3072 net.inet.tcp.sackholelimit=32768 net.inet.udp.checksum=1 net.inet.udp.baddynamic=623,664,749,750,751 net.inet.udp.recvspace=41600 net.inet.udp.sendspace=9216 net.inet.gre.allow=1 net.inet.gre.wccp=0 net.inet.esp.enable=1 net.inet.esp.udpencap=1 net.inet.esp.udpencap_port=4500 net.inet.ah.enable=1 net.inet.mobileip.allow=0 net.inet.etherip.allow=0 net.inet.ipcomp.enable=0 net.inet.carp.allow=1 net.inet.carp.preempt=0 net.inet.carp.log=0 -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21795381.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
relayd not relaying - I think. Maybe it is. I don't know
How do you like that for a descriptive subject line? Sorry, but I really don't know what is going wrong so I don't know how to write a better one. I have an OpenBSD host running 4.4 stable. I have configured relayd to accept connections on port 443 and forward them on to one of two hosts using loadbalancing. I am able to connect to the OpenBSD host on port 443, but the nothing happens. According to relayctl show sessions there is a connection being relayed: # relayctl show sessions session 0:1 134.29.3.217:50025 - 134.29.52.142:443RUNNING age 00:00:09, idle 00:00:09, relay 1 According to relayctl show hosts both of my destinations are up: # relayctl show hosts Id TypeNameAvlbltyStatus 1 table cas_server:443 active (2 hosts up) 1 host134.29.52.141 100.00%up total: 9/9 checks 2 host134.29.52.142 100.00%up total: 9/9 checks My relayd.conf file is pretty simple since I'm just trying to work up a proof of concept right now: table cas_server { 134.29.52.141, 134.29.52.142 } cas_port=443 bge0_ip=134.29.32.88 relayd_port=443 interval 10 timeout 200 prefork 5 log updates http protocol httpfilter { # TCP Performance options tcp { nodelay, sack, socket buffer 65536, backlog 100 } # Return HTTP/HTML error pages return error # allow logging of remote client ips to internal web servers header append $REMOTE_ADDR to X-Forwarded-For # Set keep alive timeout to global timeout header change Keep-Alive to $TIMEOUT # Close connection upon receipt header change Connection to close # Anonymize webservers name/type response header change Server to DeezNuts # SSL options ssl { sslv3, tlsv1, ciphers HIGH:!ADH, no sslv2 } } relay cas_proxy { listen on $bge0_ip port $relayd_port ssl protocol httpfilter forward to cas_server port $cas_port mode loadbalance check https / code 200 } And my pf.conf file is pretty much the stock example file, with my interface put in ext_if and uncommenting the lines needed for relayd: # $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if=bge0 #int_if=int0 #table spamd-white persist #set skip on lo #scrub in #nat-anchor ftp-proxy/* #rdr-anchor ftp-proxy/* rdr-anchor relayd/* #nat on $ext_if from !($ext_if) - ($ext_if:0) #rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021 #no rdr on $ext_if proto tcp from spamd-white to any port smtp #rdr pass on $ext_if proto tcp from any to any port smtp \ # - 127.0.0.1 port spamd #anchor ftp-proxy/* anchor relayd/* #block in #pass out #pass quick on $int_if no state #antispoof quick for { lo $int_if } #pass in on $ext_if proto icmp to ($ext_if) #pass in on $ext_if proto tcp to ($ext_if) port ssh pass in on $ext_if proto tcp to ($ext_if) port 443 #pass in log on $ext_if proto tcp to ($ext_if) port smtp #pass out log on $ext_if proto tcp from ($ext_if) to port smtp When I try to connect to this machine, I see that a session is being set up, and pf also knows that something is going on: # pfctl -ss all tcp 134.29.32.88:443 - 134.29.3.217:50090 FIN_WAIT_2:FIN_WAIT_2 What I don't see is any session going to the two servers that I am supposed to be load balancing for. Also, pf knows that it is supposed to be reading anchors for relayd but those files dont seem to be showing up anywhere. # pfctl -sn rdr-anchor relayd/* all # pfctl -sr anchor relayd/* all pass in on bge0 proto tcp from any to (bge0) port = https flags S/SA keep state Shouldn't there be a folder called /etc/relayd that would have some files in it? I don't have that. Does anyone have any thoughts on what I'm missing here? Kevin Thompson
Re: fetch package dependencies
On Mon, Feb 02, 2009 at 02:02:59PM +0100, Hannah Schroeter wrote: Hi! On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and then pkg_add -n package_you_want. The required packages should end up in the PKG_CACHE directory. From there you should be able to transfer them over to the eeepc. If the soekris isn't current, you could try this in a chroot environment or a virtual machine (e.g. qemu) setup. Yep, that's the intent. PKG_CACHE + pkg_add -n will do it. As far as shared libs go, there's nothing wrong with adding the new shared libs in your soekris /usr/lib: grab base*.tgz xbase*tgz, untar just the *.so.* thingies, and put them in /usr/lib...
Re: fetch package dependencies
On Mon, Feb 02, 2009 at 02:28:57PM -0500, Ted Unangst wrote: On Mon, Feb 2, 2009 at 2:00 PM, Marc Espie es...@nerim.net wrote: As far as shared libs go, there's nothing wrong with adding the new shared libs in your soekris /usr/lib: grab base*.tgz xbase*tgz, untar just the *.so.* thingies, and put them in /usr/lib... I'd be very cautious doing this, as it makes it easier to install or upgrade a package from the wrong version, which may not work due to a kernel mismatch. True... Well, that's one current limitation of pkg_add I should be able to tweak (have a flag to say it to not care when it doesn't find system libraries, especially for this purpose).
Re: fetch package dependencies
Hi! On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and then pkg_add -n package_you_want. The required packages should end up in the PKG_CACHE directory. From there you should be able to transfer them over to the eeepc. If the soekris isn't current, you could try this in a chroot environment or a virtual machine (e.g. qemu) setup. Thanks, Dorian Kind regards, Hannah.
Re: fetch package dependencies
Hi Dorian, Dorian Buettner wrote on Sun, Feb 01, 2009 at 02:01:03PM +0100: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? Commands like schwa...@gini $ uname -a OpenBSD gini.usta.de 4.4 GENERIC#107 i386 schwa...@gini $ pkg_info -S ftp://ftp.fu-berlin.de/unix/ \ OpenBSD/4.2/packages/alpha/mozilla-firefox-2.0.0.6.tgz [...] Signature: mozilla-firefox-2.0.0.6,X11.10.0,Xau.9.0,Xcursor.4.0, Xdmcp.9.0,Xext.10.0,Xfixes.5.0,Xft.7.0,Xi.10.0,Xinerama.5.0, Xrandr.6.0,Xrender.5.0,Xt.10.0,atk-1.0.1809.1,c.41.0,cairo.7.0, esound-0.2.34p0v0,expat.8.0,fontconfig.5.1,freetype.14.0, gdk-x11-2.0.1000.13,gdk_pixbuf-2.0.1000.13,gettext-0.14.6p0, glib-2.0.1200.12,glitz.2.0,gmodule-2.0.1200.12,gobject-2.0.1200.12, gtk+2-2.10.13,gtk-x11-2.0.1000.13,iconv.4.0,intl.3.0,jpeg.62.0, libiconv-1.9.2p3,m.2.3,nspr-4.6.7,nspr4.19.0,nss-3.11.7,nss3.20.0, pango-1.0.1300.1,pangocairo-1.0.1300.1,pangoft2-1.0.1300.1, pangox-1.0.1300.1,plc4.19.0,plds4.19.0,png.5.2,pthread.8.0, smime3.20.0,softokn3.20.0,ssl3.20.0,stdc++.42.0,z.4.1 often happen to work cross-platform and cross-release. From the signature, you can extract the dependencies in order to fetch them via ftp. This is easily scriptable; when parsing the signature, split at commas and discard everything not containing a dash. That way, - The machine having net access need not be the same arch as the target. - The machine having net access need not be the same release as the target. - You need not install any ports tree anywhere. - You get all (recursive) deps with one command. - For finding the dependencies, pkg_info does not even need to download full packages, but just the beginning of the package. Of course, caching with pkg_add -n would be even more convenient. In fact, i'm currently running a patched version of pkg_add allowing pkg_add -nn with roughly the following semantics: - like pkg_add -n, don't change the system - do resolve dependencies, download and cache all required packages - but do not attempt even a fake extract and install stage This sounds easier to implement than it is, being somewhat at odds with the general logic of Marc's pkg tools. Consequently, my patches are very ugly and definitely need a lot of cleaning up before showing them to anybody. Besides, i didn't look at cross-arch download yet. Yours, Ingo P.S. What the heck are you going to do with firefox on a box lacking network access?
Re: fetch package dependencies
On Monday 02 February 2009 13:02:59 Hannah Schroeter wrote: Hi! On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and then pkg_add -n package_you_want. The required packages should end up in the PKG_CACHE directory. From there you should be able to transfer them over to the eeepc. If the soekris isn't current, you could try this in a chroot environment or a virtual machine (e.g. qemu) setup. Thanks, Dorian Kind regards, Hannah. Thanks, I'll look out for something to usb-connect to the network then. Regards, Dorian
Re: fetch package dependencies
On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote: P.S. What the heck are you going to do with firefox on a box lacking network access? off the top of my head: operative phrase possibly being right now, it can be a real annoyance to have to wait until net access is available and then install all of firefox before using it. or to read documentation or other reports generated locally. or because not all nets are the internet. there's no counting the number of times i've used a computer without a decent browser and wished it had one, but i've never used a computer that had firefox installed where i regretted that fact and wished it hadn't. putting it on a machine even if you can't anticipate a need for it is a good idea.
Re: Is it possible to increase wscale multiplier?
On 2009-02-01, Dieter open...@sopwith.solgatos.com wrote: Black box sends data to BSD box using TCP. Data is generated in real time, the rate cannot be changed. Black box has a very small (way too small) send buffer. If the BSD box takes too long to ack, the black box's send buffer fills up and data is lost, and/or black box's buggy firmware screws up and data is lost. So I have to do everything I can to ensure that incoming packets do not get dropped, and that the acks get sent out as fast as possible. Making the TCP recv buffer very large allows the incoming packets to get stored and acked, even if the userland process reading the data doesn't get to run often enough. Even so, there is still the problem that other device drivers can and do lock out the Ethernet driver for too long. Still working on that problem. What we really need is true real time facilities. until you can fix your userland process to read faster, you may be able to band-aid using relay in relayd.
Re: Article about network monitoring system developed on OpenBSD
On Mon, Feb 02, 2009 at 10:53:45AM -0500, Christopher Linn wrote: On Mon, Feb 02, 2009 at 03:29:19PM +, Mikolaj Kucharski wrote: Hi, Few months back (maybe years) there was article posted (I don't think that was on undeadly) about monitoring system in early stage of development which suppose to be fast, scalable, managed from web and cli, better than anything else. There was no release at the time I've read the article, only repository access to the sources. I'm trying to find this article again, but I'm failing. Maybe someone from the list have it in bookmarks or is involved/interested in the project and has link to the article or homepage. would this be it: ? http://labs.omniti.com/trac/reconnoiter/ LOL. I read that email thinking hmm, that sounds nice without it ringing a bell. Never mind I work there and the creator sits about 15 feet from me. :) -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net/
Re: fetch package dependencies
On Mon, Feb 2, 2009 at 2:00 PM, Marc Espie es...@nerim.net wrote: As far as shared libs go, there's nothing wrong with adding the new shared libs in your soekris /usr/lib: grab base*.tgz xbase*tgz, untar just the *.so.* thingies, and put them in /usr/lib... I'd be very cautious doing this, as it makes it easier to install or upgrade a package from the wrong version, which may not work due to a kernel mismatch.
Re: fetch package dependencies
Ted Unangst schrieb am Mon, Feb 02, 2009 at 05:16:42PM -0500: On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote: P.S. What the heck are you going to do with firefox on a box lacking network access? off the top of my head: operative phrase possibly being right now, it can be a real annoyance to have to wait until net access is available and then install all of firefox before using it. or to read documentation or other reports generated locally. or because not all nets are the internet. there's no counting the number of times i've used a computer without a decent browser and wished it had one, but i've never used a computer that had firefox installed where i regretted that fact and wished it hadn't. putting it on a machine even if you can't anticipate a need for it is a good idea. You are probably right, there seem to be several good reasons. Either way, may P.S. wasn't meant to insult the OP, sorry if it felt like that; Dorian definitely asked an interesting question.
Re: Firewall 4.3 is limiting bandwidth
Looks like I spoke a little too soon. I am still having problems. When I thought it was fixed the first time turns out to be that I was watching the upside of a fluctuation. It appears the bandwidth goes from roughly 60% of its potential capacity to 5%. I took out queuing altogether but I still get the same results. I'm told a dmesg would be helpful, so I will include it in this post. I'm not sure what else I could contribute. http://www.nabble.com/file/p21793090/bsddmesg.txt bsddmesg.txt -- View this message in context: http://www.nabble.com/Firewall-4.3-is-limiting-bandwidth-tp21720950p21793090.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: KDE installation problem
As Hannah said you need to run X -configure before adjusting the resulting file (and before moving it to the location mentioned). You might want to run find / -name X -exec ls -l {} \; 2 /dev/null to find out which man page to look for (unfortunately, it is not just man X). X related man pages are somewhat overwhelming, though. If you want to save some time or prefer printed information then you might want to grab a copy of X POWER TOOLS. Original-Nachricht - xorg.conf is not created at that time, probably a bit later on in the graphical process. I used find command but it does'nt find anything. /etc/X11/xorg.conf. If it's not present, the X server autoconfigures, but sometimes the settings derived by autoconfiguration probably won't fit. You can generate a template xorg.conf by running X -configure (probably as root). That should terminate soon and leave a file (a message on the text console should tell you where the file is, usually in $HOME). Move that file to /etc/X11/xorg.conf and edit it to suit your needs. Test it using startx rather than xdm. -- Jetzt 1 Monat kostenlos! GMX FreeDSL - Telefonanschluss + DSL f|r nur 17,95 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a
spamd uatraps blacklist size
Hi, This list has gone quite small in size recently. The size changed from above 10 IP addresses to only 1 now. Could it be because University of Alberta is not being targeted so often anymore? Or is it because they have become more selective in trapping addresses? Thanks for any comments. Regards, Jose -- Be Yourself @ mail.com! Choose From 200+ Email Addresses Get a Free Account at www.mail.com
Re: Disk stop when unused
On 2009-02-02, Jean-Frangois jfsimon1...@gmail.com wrote: Dear All, Is there any way to autostop the HDDs after some time of idleness ? Under Linux it seems difficult since the hdd is needed to be ready/working all the time even when the system is idle. It seeC9s 2 other points make the use of thois function not really possible. Since I will use a SSD disk (no noise and fast) of 32 GB to install the main system, the rotating HDD will only be a data system (I'll mount home or even less if required ...). In that configuration under OpenBSD, can I make use of this function for my such config ? (Thanks regards) disown atactl(8) apmset.
Re: fetch package dependencies
Ingo Schwarze schrieb: Ted Unangst schrieb am Mon, Feb 02, 2009 at 05:16:42PM -0500: On Mon, Feb 2, 2009 at 4:44 PM, Ingo Schwarze schwa...@usta.de wrote: P.S. What the heck are you going to do with firefox on a box lacking network access? off the top of my head: operative phrase possibly being right now, it can be a real annoyance to have to wait until net access is available and then install all of firefox before using it. or to read documentation or other reports generated locally. or because not all nets are the internet. there's no counting the number of times i've used a computer without a decent browser and wished it had one, but i've never used a computer that had firefox installed where i regretted that fact and wished it hadn't. putting it on a machine even if you can't anticipate a need for it is a good idea. You are probably right, there seem to be several good reasons. Either way, may P.S. wasn't meant to insult the OP, sorry if it felt like that; Dorian definitely asked an interesting question. No prob, let's take taxipilot as an example :) I tried some of the suggested hints, but haven't found for example nspr end up in the package cache, some other deps might also be missing, desktop-file-utils didn't want to install at all, looks like something's broken in the snapshot... I'll give it another try tomorrow. However, during pkg_add -nv dbus- I felt like seeing some useradd/groupadd commands fly by, I'll drop an extra eye on that.
Re: fetch package dependencies
Dorian Buettner wrote on Tue, Feb 03, 2009 at 12:01:19AM +0100: I tried some of the suggested hints, but haven't found for example nspr end up in the package cache, some other deps might also be missing, Did you copy the new system libraries to /usr/lib? As far as i remember, when pkg_add -n notices that some system library dependency is unsatisfied, it won't even download all of the offending package, so it can't be cached. For example, as long as you don't have libc.so.50.1, pkg_add -n won't download -current nspr-4.7.3 to your $PKG_CACHE. By the way, that system library stunt looks scary to me, too, and i certainly wouldn't recommend it. Does the pkg_info -S trick work for you? desktop-file-utils didn't want to install at all, looks like something's broken in the snapshot... Uh, breakage on the servers is rare, usually it's just us users screwing up one way or the other. I'll give it another try tomorrow. However, during pkg_add -nv dbus- I felt like seeing some useradd/groupadd commands fly by, I'll drop an extra eye on that. You mean things like rmuser: _postgresql adding user _postgresql That's just pkg_add -n's way of saying: Look what i would do if you hadn't given me -n! See OpenBSD/Delete.pm subs delete and OpenBSD/Add.pm sub NewAuth::install for details. Yours, Ingo
Re: OSPFD carp interface flapping
Heres a dmesg and ifconfig from backup and master firewalls... *BACKUP FIREWALL * # ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0e:0c:69:8d:e5 media: Ethernet 1000baseT full-duplex (1000baseT full-duplex,rxpause,txpause) status: active inet y.y.y.141 netmask 0xfffc broadcast y.y.y.143 inet6 fe80::20e:cff:fe69:8de5%em0 prefixlen 64 scopeid 0x1 em1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:43:da:ba:d7 groups: egress media: Ethernet 1000baseT full-duplex status: active inet z.z.z.92 netmask 0xfff0 broadcast z.z.z.95 inet6 fe80::211:43ff:feda:bad7%em1 prefixlen 64 scopeid 0x2 em2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:43:da:ba:d8 media: Ethernet 1000baseT full-duplex status: active inet x.x.x.252 netmask 0xf800 broadcast x.x.x.255 inet6 fe80::211:43ff:feda:bad8%em2 prefixlen 64 scopeid 0x3 enc0: flags=0 mtu 1536 pfsync0: flags=41UP,RUNNING mtu 1460 pfsync: syncdev: em0 syncpeer: 224.0.0.240 maxupd: 128 groups: carp pfsync pflog0: flags=141UP,RUNNING,PROMISC mtu 33208 groups: pflog carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:64 carp: BACKUP carpdev em2 vhid 100 advbase 1 advskew 250 groups: carp inet x.x.x.254 netmask 0xf800 broadcast x.x.x.255 inet6 fe80::200:5eff:fe00:164%carp0 prefixlen 64 scopeid 0x6 carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:14 carp: BACKUP carpdev em1 vhid 20 advbase 1 advskew 250 groups: carp inet z.z.z.94 netmask 0xfff0 broadcast z.z.z.95 inet6 fe80::200:5eff:fe00:114%carp1 prefixlen 64 scopeid 0x7 # dmesg by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2 arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2 arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2 arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2 arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2 arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2 arp info overwritten for x.x.x.80 by 00:15:17:4b:a4:60 on em2 arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2 arp info overwritten for x.x.x.80 by 00:1c:23:bc:3e:c4 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.2 by 00:1c:23:c1:55:30 on em2 arp info overwritten for x.x.x.31 by 00:0e:0c:50:fc:2e on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.31 by 00:15:c5:f2:a9:38 on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.2 by 00:02:b3:ee:c6:f2 on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info overwritten for x.x.x.30 by 00:15:c5:f2:91:7c on em2 arp info overwritten for x.x.x.30 by 00:0e:0c:9c:ab:b2 on em2 arp info
Generate CA Certificates key
dear all how to generating certificates keys and CA in openbsd ? i will use certificates and keys for server also for the client . last time follow openvpn script not working. -- sonjaya http://idsale.blogspot.com http://videopingpong.blogspot.com
http version of spamd, anyone?
Is the project (or anybody) planning to work on something like spamd for http? Or does anybody know of any projects which do this already? I am looking for something to be (as per spamd) put in front of an actual server. A bunch of possible features i would be looking at: - blacklisting (should ideally allow for dynamic reloads without killing any existing valid connections) - tarpitting for open connections (no http request sent) beyond a certain timeout - tarpitting for invalid http requests - greytrapping (let's say u have only specific url patterns which are valid. Anything else, tarpit) thanks, -jf -- In the meantime, here is your PSA: It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
Re: Generate CA Certificates key
On Tue, 3 Feb 2009 11:45:06 +0700 sonjaya sonj...@gmail.com wrote: dear all how to generating certificates keys and CA in openbsd ? i will use certificates and keys for server also for the client . last time follow openvpn script not working. With openssl. # man openssl - Robert PS: Search on Google for: how to ask questions (or maybe: openbsd generate ssl cert)
Re: Generate CA Certificates key
Generating certificates and a CA (focused on web but the concept works for whatever SSL situation you are using): http://it.toolbox.com/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500 Once you get the concept of certificate generation then look into the OpenVPN and OpenSSL documentation. Assuming you've done that and can read a script then you should be able to make it work from there. On 2-Feb-09, at 10:45 PM, sonjaya wrote: how to generating certificates keys and CA in openbsd ? i will use certificates and keys for server also for the client . last time follow openvpn script not working. -- Sean
Problem with file command
Hi, I have seem some problem with file command. Whatever file I use for input, I get this: $ file test /etc/magic, 1247: Warning description `8-bit ISDN u-law compressed (CCITT G.721 ADPCM voice data encod' truncated /etc/magic, 1267: Warning description `8-bit ISDN u-law compressed (CCITT G.721 ADPCM voice data encod' truncated file: Printf format `?' is not valid for type `string' in description `face %' $ (sorry for the wrap) Any hints? Thank you very much. OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.13GHz (GenuineIntel 686-class) 2.14 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR real mem = 200830976 (191MB) avail mem = 185638912 (177MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @ 0xfaff0, SMBIOS rev. 2.3 @ 0xf0100 (33 entries) bios0: vendor Award Software International, Inc. version F5 date 03/14/2006 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xd264 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd1b0/176 (9 entries) pcibios0: PCI Exclusive IRQs: 5 7 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8400 0xcc000/0x8000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: v3, aperture at 0xd000, size 0x1000 drm at vga1 unsupported vr0 at pci0 dev 11 function 0 VIA VT6105 RhineIII rev 0x85: irq 5, address 00:40:f4:5f:04:da ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: SAMSUNG HD080HJ/P wd0: 16-sector PIO, LBA48, 76318MB, 156299375 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDDVDW SH-S203D, SB00 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 disabled (no drives) pciide1: channel 1 disabled (no drives) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 7 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 7 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x51: 256MB DDR SDRAM non-parity PC3200CL3.0 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 11 ac97: codec id 0x414c4761 (Avance Logic ALC655 rev 1) audio0 at auvia0 vr1 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: irq 10, address 00:0f:ea:24:2d:a1 rlphy0 at vr1 phy 1: RTL8201L 10/100 PHY, rev. 1 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 it0 at isa0 port 0x2e/2: IT8705F rev 0x03, EC port 0x290 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask efdd netmask effd ttymask mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b -- Daniel Bolgheroni
pkg_add adds an extra / to pkg_path
Hi, I have this in my PKG_PATH variable $ echo $PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/ $ When I try to update a package it shows an error $ sudo pkg_add -ui firefox3 Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: ftp: connect: Connection refused ftp: Can't connect or login to host `ftp.openbsd.org' No packages available in the PKG_PATH Looking for updates: complete Cannot find updates for esound-0.2.38v0 glitz-0.5.6p0 firefox3-3.0.1p3 nspr-4.7.1p0 desktop-file-utils-0.15 libaudiofile-0.2.6p0 nss-3.12 hicolor-icon-theme-0.10p1 png-1.2.28 sqlite3-3.5.9p0 jpeg-6bp3 glib2-2.16.4p1 tiff-3.8.2p0 atk-1.22.0 libiconv-1.12 pango-1.20.0p0 cairo-1.6.4 gettext-0.17 pcre-7.7p0 gtk+2-2.12.11 Proceed? [y/N] y $ I noticed in the line Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: there are two forward slashes after the ftp.openbsd.org part. Is that what is causing the trouble? How do I solve this? Thanks --Siju