Re: Relayd and SSL - signed certificate problems
Thank you for your input, it is working now. I forgot that I had also recieved the BundledRootCA.crt file. The following did the job: cat yourcert.crt combinedcert.crt cat BundledRootCA.crt combinedcert.crt mv combinedcert.crt /etc/ssl/xxx.xxx.xxx.xxx.crt regards, Claus On Thu, Feb 12, 2009 at 3:39 PM, Johan Strvm jo...@stromnet.se wrote: On Feb 12, 2009, at 15:29 , Claus Larsen wrote: I am having some problems with a SSL proxy like the one described on https://calomel.org/relayd.html No problems getting it up and running, but the browser cannot verify the signed certificates. Internet Explorer says: The security certificate presented by this website was not issued by a trusted certificate authority. Safari says: www.x.com Issued by: Comodo Class 3 Security Services CA Expires: . This certificate was signed by an unknown authority My certificates works fine when running on apache. Research tells me that I need a chain/intermediate certificate to get things working. But I have not been able to find any info about this with relayd. I have recieved the following files with my certifcate: AddTrustExternalCARoot.crt UTNAddTrustServerCA.crt cat yourcert.crt combinedcert.crt cat UTNAddTrustServerCA.crt combinedcert.crt cat AddTrustExternalCARoot.crt combinedcert.crt not sure about the order though.. But I'm quite sure your own cert goes first, and then the others should go with the master last. I think. :) Make sure there are a newline at the end of each file first, or at least that the resulting file have a newline between each cert (not a blank line, but just so they dont get mixed up on the same lines) When all are added, use combinedcert.crt in /etc/ssl for your IP. Good luck :)
Re: dmesg reporting wrong CPU
Daniel Bolgheroni schreef: Hi, my dmesg is reporting a wrong CPU. OpenBSD 4.5-beta (GENERIC) #1676: Tue Feb 10 07:49:40 MST 2009 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 128KB L2 cache) 769 MHz (...) Actually it's a Celeron. Is this expected? Actually, a Celeron is a Pentium on wich the cache didn't work all that well after baking the chip. Intel then shut down most of the cache and packaged it as a Celeron. So maybe its in the chip, not the driver? Can't imagine it would give you any problems. Jasper
Re: Nvidia bug
nVidia hardware goes to /dev/null, i.e. recycle bin! I am closely watching all our suppliers for ANY new hardware with built in nVidia components (including Sun hardware with built in nVidia NICs). They will not pass the tendering stage. User base around 1500 heads. Number of servers around 50 (including DR), half Micro$haft half *NIX. We soon will be nVidia free! Ioan Christiano Farina Haesbaert christiano...@gmail.com 13/02/2009 01:16 Can anyone tell me if that bug in the nv driver is applicable to every nvidia card ? I had a FX7500LE on my desktop and openbsd was quite slow, I remembered I have an old geforce 32mb, would it work ? or I would probably have the same results. Best regards. -- Christiano Farina Haesbaert This e-mail is intended for the addressee(s) named and may contain confidential and/or privileged information. If you are not the intended recipient, please delete it immediately and notify the sender. Any views expressed in this email are those of the individual sender except where the sender expressly and with authority states them to be the views of Fairfield City Council.
Re: OT: Free, online backup service provider compatible with BSD
--- Dieter [Thu, Feb 12, 2009 at 02:43:24PM +]: --- :Amen to backups, but why trust some company far away to handle things? :How do you know your data is in good hands, and that they won't slip up :let others see it? I won't mention the concept of the place going under, :financially. : at one job we rented a PO Box, and drove the tapes there on our way home from work. Since stealing from the Post Office was a Federal Offense, it was somewhat safe. Interesting use for a PO box. You can also rent a safety deposit box, and there are companies that store media for off site backups. These are off site, but not very far off site. Think Katrina scale disaster. Several hundred miles away would be better. Which involves either shipping media or having a T1 line. And you'd want this to have serious encryption in any case. i also think it's a good idea to make sure the truck/van they use to come fetch your offsites shouldn't advertise (for stealing) who they are or what they do. i'm thinking of the big trucks i've seen that have to do with a big mountain and a ferromagnetic element. i just recently hired one of these companies for $work, and wasn't too comfortable with the mobile advertisements.
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: hoststated status ?
Hello :) Just to say thank you about all replys I got :p Relayd is marvelous :) /Xavier Le 9 fivr. 09 ` 00:26, Xavier Beaudouin a icrit : Hello, Just a quick question, what is the status of hoststated ? I ran into http://www.openbsd.org/papers/eurobsdcon07/pyr-loadbalancing/ and I found that a quite exiting projet. Unfortunalty it doesn't seems to be into 4.4 or even on snapshots... Is there any replacements ? drawbacks or anything that explain it is not yet supported by stable releases? Thanks; /Xavier
Re: SOCKS proxy
Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's ~/.ssh/config would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Pošalji najoriginalnije čestitke za Dan zaljubljenih
Top Shop NajluDe D estitke Napravi sebi nj... luDu, otkaD eniju, duhovitiju, originalniju e-D estitku iz ljubavi ili iz D iste zabave Klikni ovde i pokuE!aj! NajotkaD enije Dragi D itaoD e e-novosti, Na www.ecestitke.tv sada moEeE! napraviti ubedljivo najposebniju D estitku za Dan zaljubljenih ove godine. PoE!alji je svom partneru za praznik ljubavi ili napravi jednu posebno otkaD enu D estitku za sve svoje prijatelje. PokaEi im svoju kreativnost jednog Pikasa, pa neka se, kada je vide valjaju po podu od smeha.Poseti www.ecestitke.tv i super se zabavi. Sve ovo za Tebe je potpuno BESPLATNO! Klikni ovde i poEeli svima neE!to sasvim posebno. A E!ta sa poklonom? Mislili smo i na to! Uz svaku porudEbinu iznad 5.000 RSD, do 28. februara - dobijaE! knjigu B.T.Griva Jednostavna istina o ljubavi. Proveri ponudu za Dan zaljubljenih klikom ovde. Ako si saD ekao/saD ekala poslednji momenat za poklone - imamo reE!enje i za to: Ili, ako Ti ponos dozvoljava da zakasniE!, neka poklon stigne u toku februara... Neki od specijalno odabranih proizvoda De sigurno obradovati partnera dovoljno da se ne naljuti zbog malog zakaE!njenja. Sa samo par klikova moEeE! poruD iti bilo koji - baE! tvom partneru ili partnerki. Za siguran pogodak - idi na sigurno i opredeli se za neki od najpopularnijih proizvoda. MoEda Orbitrek Platinum za savrE!eno telo ili Celluless za lep izgled. Tu su i ostali hit proizvodi za lepotu, dobru formu, jednostavniji Eivot ... E=elimo Ti lep i zabavan Dan zaljubljenih - u dvoje ili u dobrom provodu sa prijateljima. Ova e-poruka je poslata na adresu: m...@openbsd.org. Dobili ste ga jer ste uD estvovali u nagradnoj igri Moj Favorit, poklon igrama Poklon za znanje..., ili u drugim kvizovima ili poklon igrama na www.e-topshop.tv. Ukoliko viE!e ne Eelite da primate e-mailove od nas, kliknite ovde. U formular na stranici upiE!ite svoju taD nu e-mail adresu (onu/one koje ste registrovali na naE!im sajtovima) i odjavu potvrdite. Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Srbija, tel: +381 21 489 2900, fax: +381 21 489 2908 [IMAGE]If you would no longer like to receive our emails please unsubscribe by clicking here.
Re: SSH cipher preference change (was: Re: CVS: cvs.openbsd.org: src)
Damien Miller d...@cvs.openbsd.org wrote: Modified files: usr.bin/ssh: myproposal.h Log message: prefer CTR modes and revised arcfour (i.e w/ discard) modes to CBC modes; ok markus@ This means that ssh's default cipher will no longer profit from hifn(4) or glxsb(4) acceleration. Or via C3 crypto. Their chip has a broken CTR mode. I think it actually now means that no hardware will be used for ssh. But oh well, that's life.
Re: SOCKS proxy
On Fri, 13 Feb 2009, Tony Berth wrote: if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony Sorry, my bad, meant to type ~C , not -C , quite a bit of difference when you're trying to setup theuse of a local command. diana
Re: SOCKS proxy
On 2009-02-13, Pete Vickers p...@systemnet.no wrote: If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) Related; people behind MS proxies that need auth might want to look at ports/www/ntlmaps. but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. Unless the SSH server is running on an acceptable port, of course...
scp bandwidth DEFAULT limit
Hi all, I was wondering if there is a default limit value for the scp file transfer. I am doing some speed test over the internet so I was wondering if the limit is the bandwidth or there is default value. Thank you in advance. -- Ciao Ciao _ -B- All Recycled Bytes Message ... ~
Re: wpa2 and osx
damien.bergam...@free.fr schrieb: | hi list, | i have a problem with wpa2 and osx. i could connect to the ap | if i force it to use wpa1 only. all other wpaprotos gives a : | WPA2(PSK,unknown/TKIP,AES/TKIP) | while scanning with airport and the association failed. the test | cases and dmesg could be found here: | http://sumi.thepixelz.com/obsd/wpa-openbsd.txt The unknown comes from the PSK-SHA-256 authentication protocol supported by OpenBSD (this is a protocol defined in Draft 802.11w that has a stronger key derivation function than the legacy PSK-SHA1). Unfortunately, some broken (non standard compliant) supplicants are confused by unknown authentication protocols and try to associate using 802.1X in this case. I've seen this with Intel PRO/Set on XP too. thx, this explains the behaviour I'm not quite sure what to do since it's not OpenBSD fault at all. The current approach is that if a user specifies psk with the wpaakms ifconfig command, both PSK-SHA1 and PSK-SHA-256 are advertised by the AP. Maybe I should add psk-sha256 to the list of supported values for wpaakms so that people who have interoperability problems can disable PSK-SHA-256 with wpaakms psk. The default setting would be psk,psk-sha256. that would be great but i should hammer on apple to get psk-sha-256 working ;) Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) as for 4.5, imho just leave it as is. no one has cared so far. maybe some sort of documentation/caveat in man ifconfig would help other users. Damien thx again tim -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: wpa2 and osx
On Fri, Feb 13, 2009 at 05:12:06PM +0100, Tim Saueressig, thepixelz.com wrote: damien.bergam...@free.fr schrieb: Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) as for 4.5, imho just leave it as is. no one has cared so far. maybe some sort of documentation/caveat in man ifconfig would help other users. I had to 'ifconfig ral0 wpaakms psk' to remove 802.1x from the akm list, so a MacBook could manage to associate with my network. The MacBook would always try to use WPA Enterprise no matter what. There was no apparent way (at least in the GUI) to convince the thing to just do WPA PSK instead. Once I had made the change on my router, it automatically went for WPA PSK and things just worked. We might also want to document that somewhere? I don't know where an appropriate place would be though. Man page? FAQ? Just leave it here in the list archive? Or maybe make even default to 'wpaakms psk' if PSK is configured, until OpenBSD supports 802.1x properly? Stefan
Re: boot halts halfway after fresh install, bsd.rd boots fine...
On Thu, Feb 12, 2009 at 08:56:15PM +0100, Jasper Bal wrote: As I was able to pull the dmesg with a serial console and found a floppy after turning upside down the entire office, I now give you, as promised, the dmesg in question. First one is regular boot. It halts at agp0 at vga1:. I found an old 4x/2x AGP videocard and switched it with the one present. Same difference. I also immediately installed a second copy of 4.4 on the second disk. Again, same difference. bsd.rd boots fine. dmesg included. Any ideas? Don't know where to start. boot -c disable agp Alternatively, could you try and boot -current on that machine? Quite some things have changed in that area. Cheers, -0- -- Since we have to speak well of the dead, let's knock them while they're alive. -- John Sloan
Re: wpa2 and osx
Stefan Sperling schrieb: On Fri, Feb 13, 2009 at 05:12:06PM +0100, Tim Saueressig, thepixelz.com wrote: damien.bergam...@free.fr schrieb: Because we are approaching release, I will probably stop advertising PSK-SHA-256 by default for 4.5 (AFAIK, only OpenBSD clients are currently capable of selecting this authentication protocol, although some very recent versions of wpa_supplicant may support it too.) as for 4.5, imho just leave it as is. no one has cared so far. maybe some sort of documentation/caveat in man ifconfig would help other users. I had to 'ifconfig ral0 wpaakms psk' to remove 802.1x from the akm list, so a MacBook could manage to associate with my network. this did not the trick for me, even if i force it with the airport util[1]. i have a black macbook3,1 with broadcom airport-xtream, and a newer macpook pro. both behave in the same way... The MacBook would always try to use WPA Enterprise no matter what. There was no apparent way (at least in the GUI) to convince the thing to just do WPA PSK instead. ot: there is a way, go to the top airport icon, at the pulldown select join othe network even when your network shows up in the list, type your nwid and select your wpa or wpa2 personal from the security dropdown. regards tim [1] http://osxdaily.com/2007/01/18/airport-the-little-known-command-line-wireless-utility/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: kernel freeze randomly
On Wed, Feb 11, 2009 at 08:09:16PM +0100, Markus Bergkvist wrote: I get kernel freeze randomly on Compaq 6710b with -CURRENT synced today. It is best reproduced by keeping the system busy, such as building userland, but there are no guarantees. I've been running memtester and also memory and hd test in bios, no errors were found. I get no ddb or any other output on terminal, it just freezes up. What can I do to retrieve information so I can file a proper bug report? There is no DE-9 contact but the serial port is enabled in BIOS and I do have a uftdi-device, if that might be useful. Any help is appreciated. I'm seeing the same issue on any amd64 machine I've tried. The i386 snapshot from the same date works fine on the same machines. I'm not even able to invoke ddb from the console. I've been able to trigger it with a lot of disk activity (dd, scp or rsync of large files, etc). Sometimes they lock up immediately, sometimes it takes a fews minutes, but that always seems to trigger it for me.
Re: wpa2 and osx
On Fri, Feb 13, 2009 at 05:39:24PM +0100, Tim Saueressig, thepixelz.com wrote: Stefan Sperling schrieb: The MacBook would always try to use WPA Enterprise no matter what. There was no apparent way (at least in the GUI) to convince the thing to just do WPA PSK instead. ot: there is a way, go to the top airport icon, at the pulldown select join othe network even when your network shows up in the list, type your nwid and select your wpa or wpa2 personal from the security dropdown. Right. We never tried to join an other network because we wanted to join the network it was already showing us. Not a very intuitive UI. Anyway, Damien just committed a change to CVS so that just 'psk' will be the wpaakms default in 4.5. Since we don't yet support anything else anyway that makes sense. Stefan
Re: kernel freeze randomly
I think we have narrowed this down to acpicpu + apmd. Do you run both as well? On Fri, Feb 13, 2009 at 11:42:34AM -0500, Dan Harnett wrote: On Wed, Feb 11, 2009 at 08:09:16PM +0100, Markus Bergkvist wrote: I get kernel freeze randomly on Compaq 6710b with -CURRENT synced today. It is best reproduced by keeping the system busy, such as building userland, but there are no guarantees. I've been running memtester and also memory and hd test in bios, no errors were found. I get no ddb or any other output on terminal, it just freezes up. What can I do to retrieve information so I can file a proper bug report? There is no DE-9 contact but the serial port is enabled in BIOS and I do have a uftdi-device, if that might be useful. Any help is appreciated. I'm seeing the same issue on any amd64 machine I've tried. The i386 snapshot from the same date works fine on the same machines. I'm not even able to invoke ddb from the console. I've been able to trigger it with a lot of disk activity (dd, scp or rsync of large files, etc). Sometimes they lock up immediately, sometimes it takes a fews minutes, but that always seems to trigger it for me.
Re: kernel freeze randomly
On Fri, Feb 13, 2009 at 11:46:37AM -0600, Marco Peereboom wrote: I think we have narrowed this down to acpicpu + apmd. Do you run both as well? Yes, I do. On Fri, Feb 13, 2009 at 11:42:34AM -0500, Dan Harnett wrote: On Wed, Feb 11, 2009 at 08:09:16PM +0100, Markus Bergkvist wrote: I get kernel freeze randomly on Compaq 6710b with -CURRENT synced today. It is best reproduced by keeping the system busy, such as building userland, but there are no guarantees. I've been running memtester and also memory and hd test in bios, no errors were found. I get no ddb or any other output on terminal, it just freezes up. What can I do to retrieve information so I can file a proper bug report? There is no DE-9 contact but the serial port is enabled in BIOS and I do have a uftdi-device, if that might be useful. Any help is appreciated. I'm seeing the same issue on any amd64 machine I've tried. The i386 snapshot from the same date works fine on the same machines. I'm not even able to invoke ddb from the console. I've been able to trigger it with a lot of disk activity (dd, scp or rsync of large files, etc). Sometimes they lock up immediately, sometimes it takes a fews minutes, but that always seems to trigger it for me.
NFS or SAMBA ?
Hi All, I am mounting network drives. Would you recommand the use of NFS or SAMBA for home use ? For both performance and security, please advise your recommandations. Thank you. Regards, J-F
Re: OT: NFS or SAMBA ?
On Feb 13, 2009, at 11:41 AM, Jean-Frangois wrote: I am mounting network drives. Would you recommand the use of NFS or SAMBA for home use ? What would you be serving to? PC Boxen? MacOS X? Linux? Another OpenBSD box? Both protocols are appropriate for similar - but not entirely the same - setups. For both performance and security, please advise your recommandations. NFS is horribly insecure. By default it's just bad with little to no authentication for the user outside of standard UNIX permissions. It's fairly fast though, limited more by the capability of your network than by the protocol itself. Samba, while somewhat more secure than NFS, is very slow. While I don't like it, I do use it very heavily since it's supported by all OSs and all systems I have to interact with on the IT side of things.
Re: NFS or SAMBA ?
if you have a shared network between WINDOWS and OpenBSD i recommend Samba if not, NFS NFS = Insecure SAMBA = Have a problems, but, it's more secure. 2009/2/13, Jean-Frangois jfsimon1...@gmail.com: Hi All, I am mounting network drives. Would you recommand the use of NFS or SAMBA for home use ? For both performance and security, please advise your recommandations. Thank you. Regards, J-F
Expresscard re(4) cards
It would be nice if either Mark Kettenis or I could get an Expresscard re(4) card (for testing). Thanks.
Re: NFS or SAMBA ?
Hi, It's for sharing btw Linux / OpenBSD. Last one is server. Probably other than Linux client one day. However for Windowd there are ways to install NFS client. I'm not speaking about network bandwith limitations but about the efficiency of the protocol which sometimes might be preventing from going fast on fast networks. About security this is an internal network for the moment but it might also be accessible from the net later on. Thanks for your advises ... J-F Le vendredi 13 fC)vrier 2009 C 11:59 -0800, johan beisser a C)crit : On Feb 13, 2009, at 11:41 AM, Jean-FranC'ois wrote: I am mounting network drives. Would you recommand the use of NFS or SAMBA for home use ? What would you be serving to? PC Boxen? MacOS X? Linux? Another OpenBSD box? Both protocols are appropriate for similar - but not entirely the same - setups. For both performance and security, please advise your recommandations. NFS is horribly insecure. By default it's just bad with little to no authentication for the user outside of standard UNIX permissions. It's fairly fast though, limited more by the capability of your network than by the protocol itself. Samba, while somewhat more secure than NFS, is very slow. While I don't like it, I do use it very heavily since it's supported by all OSs and all systems I have to interact with on the IT side of things.
dmesglog
I want to remind everyone of two things First, it is nice if you mail a dmesglog entry once in a while. (dmesg | sysctl hw.sensors) | mail -s type of machine dm...@openbsd.org Secondly, if you send the message as a MIME attachment, sorry, but it gets deleted. We do not read the MIME attachment messages. We despam, and then developers (and developers only) get to read it in a flat file. Thanks.
umsm: Option GlobeTrotter HSDPA ICON225 not working (was: usb hsdpa modem not working)
Same situation here. This seems not to work, at least not with this version of the modem (see below, I tried it on several 4.4 release boxes). Exactly the same behaviour as described by the OP. The third serial port is just missing so I could not set up ppp (see man 4 umsm for details on 3rd serial port). BTW, the name of the supported device given in man 4 umsm (Device: Option GlobeTrotter HSDPA ICON225 Bus: USB) might be wrong. I could not verify that Option use names like GlobeTrotter or GlobeSurfer for this item themselves. Option seem to call this device just iCON 225. GlobeTrotter and GlobeSurfer might be names of different products (while used for iCON 225 by some resellers). In Germany, this item seems to be available branded as web'n'walk Stick from T-Mobile. I think this is the same as the iCON 225 (see text taken from bottom label below - and it looks the same). You might want to make sure it actually works with your setup before purchasing it. Text from bottom sticker: FCC ID NCMOGI0225 Model GI0225 QUALCOMM 3G CDMA Designed in E. U. by Option A few tags for those trying to find information on this item: openbsd misc umsm Qualcomm MSM modem device umsm0 umsm1 umsm2 ucom ucom0 ucom1 ucom2 /dev/cuaU0 /dev/cuaU1 /dev/cuaU2 GI0225-11095 (found on the net, manufacturer ref. according to AMZN or AMZN reseller) USB UMTS EDGE GPRS HSDPA wireless ppp pppd /etc/ppp/ppp.conf Hi! I'm having the same problem, no reply from the ucom0 or ucom 1. Did you have any luck getting it to work? (same HW btw) Regs, Daniel. -Original Message- From: bdz [mailto:b...@fokazsir.hu] Sent: Thursday, November 13, 2008 12:44 PM To: misc@openbsd.org Subject: usb hsdpa modem not working hi list, i have a t-mobile usb web'n'walk stuff for testing. i attached it to a 4.4 GENERIC and realized that first it attaches umsm0 and then immediately deattaches it. then umsm0 and umsm1 attached along with ucom0 and ucom1. i can open the /dev/ttyU[01] but they don't respond to any AT commands. from umsm(4) man page: The Option GlobeTrotter HSDPA modem has three serial ports, but only the last port can be used to make PPP connections. i guess i am missing the third serial port (maybe related to the first attach/deattach?) to be able to open the ppp connection. any idea? bdz usbdevs -v: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 powered port 2 powered port 3 powered port 4 powered port 5 powered port 6 powered Controller /dev/usb2: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 powered port 2 addr 2: full speed, power 100 mA, config 1, Fingerprint Sensor(0x2016), TouchStrip(0x147e), rev 0.01 Controller /dev/usb3: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 addr 2: low speed, power 100 mA, config 1, Optical USB Mouse(0xc016), Logitech(0x046d), rev 3.40 port 2 powered Controller /dev/usb4: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 addr 2: low speed, power 100 mA, config 1, Type 6 Keyboard(0x0005), Sun Microsystems(0x0430), rev 1.02 port 2 addr 3: full speed, power 500 mA, config 1, Globetrotter HSDPA Modem(0x6971), Option N.V.(0x0af0), rev 0.00, iSerialNumber Serial Number Controller /dev/usb5: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 powered port 2 powered dmesg: real mem = 2145669120 (2046MB) avail mem = 2066345984 (1970MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/22/07, BIOS32 rev. 0 @ 0xfdc70, SMBIOS rev. 2.4 @ 0xe0010 (71 entries) bios0: vendor LENOVO version 7KET71WW (1.21 ) date 08/22/2007 bios0: LENOVO 8918B8G acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EHC0(S3) EHC1(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 42T4513 serial 5561 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock at acpi0 not configured
Re: dmesglog
Hi! On Sat, Feb 14, 2009 at 09:47:38AM +0900, Jordi Beltran Creix wrote: [...] Hello, Forgive me, but wouldn't (echo Subject: type of machine ; dmesg ; sysctl hw.sensors) | sendmail -f$YOUR_EMAIL dm...@openbsd.org be better? Else, if the hostname is not a valid domain, the mail does not get through. Your gripe is valid a bit. Your command doesn't work either, though. 1. it misses a blank line after the subject header. 2. it doesn't set the envelope from if your user isn't in the trusted users list. Better once and for all setup your mail system to send out mail with a valid email address and host name (or use a smarthost to circumvent the latter). See masquerading for sendmail. Kind regards, Hannah.
Re: dmesglog
On Feb 13, 2009, at 4:47 PM, Jordi Beltran Creix wrote: Hello, Forgive me, but wouldn't (echo Subject: type of machine ; dmesg ; sysctl hw.sensors) | sendmail -f$YOUR_EMAIL dm...@openbsd.org be better? Else, if the hostname is not a valid domain, the mail does not get through. Regards, I did get a bounce because my internal hostnames are not in external DNS. I guess I have to cut and paste :( -- bk
Getting dmesg out [was: dmesglog]
For those of you who: * have a machine not set up for mail * have ssh to a machine that CAN send mail Here's an easy way to get your dmesg without copying files around or whatever... $ dmesg | ssh myhost.com mail -s type of machine dm...@openbsd.org -- Darrin Chandler| Phoenix BSD User Group | MetaBUG dwchand...@stilyagin.com | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OT: Free, online backup service provider compatible with BSD
* jmc j...@cosmicnetworks.net [2009-02-13 06:08:41]: --- Dieter [Thu, Feb 12, 2009 at 02:43:24PM +]: --- :Amen to backups, but why trust some company far away to handle things? :How do you know your data is in good hands, and that they won't slip up :let others see it? I won't mention the concept of the place going under, :financially. : at one job we rented a PO Box, and drove the tapes there on our way home from work. Since stealing from the Post Office was a Federal Offense, it was somewhat safe. Interesting use for a PO box. You can also rent a safety deposit box, and there are companies that store media for off site backups. These are off site, but not very far off site. Think Katrina scale disaster. Several hundred miles away would be better. Which involves either shipping media or having a T1 line. And you'd want this to have serious encryption in any case. i also think it's a good idea to make sure the truck/van they use to come fetch your offsites shouldn't advertise (for stealing) who they are or what they do. i'm thinking of the big trucks i've seen that have to do with a big mountain and a ferromagnetic element. i just recently hired one of these companies for $work, and wasn't too comfortable with the mobile advertisements. Use some simple crypto on your backups? -- Travers Buda
Re: Nvidia bug
* Marco Peereboom sl...@peereboom.us [2009-02-12 20:39:37]: Trash it and buy something that doesn't suck. On Fri, Feb 13, 2009 at 12:16:50AM -0200, Christiano Farina Haesbaert wrote: Can anyone tell me if that bug in the nv driver is applicable to every nvidia card ? I had a FX7500LE on my desktop and openbsd was quite slow, I remembered I have an old geforce 32mb, would it work ? or I would probably have the same results. Best regards. -- Christiano Farina Haesbaert I've got several matrox G450's that broke with libpciaccess in X. I could (if the antispam were not so aggressive) send in a bug report or I could just get some new hardware. What's the consensus here? -- Travers Buda