Re: hier command not found: ksh: hier: not found
> How to use hier? > > i have run this command > > # hier > ksh: hier: not found > > i try to > > # man hier > > i got the manual > > but when i try to run hier, always say hier not found. > > Something missing with my installation on OpenBSD 4.4 Yeah, it happens to me too: # strcpy ksh: strcpy: not found Very strange...
hier command not found: ksh: hier: not found
How to use hier? i have run this command # hier ksh: hier: not found i try to # man hier i got the manual but when i try to run hier, always say hier not found. Something missing with my installation on OpenBSD 4.4 thx
Re: graphic card support
On Tue, Mar 24, 2009 at 02:29:20AM +, Owain Ainsworth wrote: > my PCI-E x800 works perfectly. So probably. I thought that x800 series were based on R4xx chipsets. And based on Mattheu's response, only r200/r300 supported DRI/DRM. Could you please comment on that? Thanks
Re: Browsers was: Re: firefox starts two times
On Mon, Mar 23, 2009 at 05:22:34PM -0700, patrick keshishian wrote: > On Mon, Mar 23, 2009 at 4:56 PM, Jacob Meuser > wrote: > > On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: > >> On Mon, Mar 23, 2009 at 1:35 PM, Nick Guenther wrote: > >> > Also, youtube matters. This is going to get me flamed but a lot of > >> > worthwhile content is in form of video now and not making that work > >> > disenfranchises yourself. > >> > >> There are methods of fetching just the video off youtube if that's all > >> you want. I think I've even seen at least two scripts in ports that > >> just do that (www/youtube-dl is one and the other I can't recall its > >> names off top of my head). I don't know how well they work; never used > >> them myself. > > > > isn't that sorta like using ftp(1) to get JPEGs from sites you're > > browsing with lynx(1)? > > Similar to how you might use `tar -zxvf some-port.tar.gz' after saving > said attachment sent to po...@. not really. graphics and flash animations are intended to be seen in the browser. otherwise there would just be a link or an option to download. > Options to do things in different ways > are always good. sure. > >> I agree with you on valuable/informative/entertaining content on youtube. > >> > >> Flash is open now, their specification docs were released. If it is > >> important for folks, a truly open, reliable and secure versions > >> should/could be implemented. > > > > I only got feedback from one person about swfdec update/sndio backend > > addition. > > do you read that as no interest in said port? somewhat. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Network problems moving to new ISP (while keeping old ISP active)
I have a network problem moving from our old ISP (ISPo) to the new ISP (ISPn). Both ISPn and ISPo are active while we transition to ISPn. Current config: -- --- | hisoka [em0] o-o ISPo | | (firewall) | --- |[em1] o-+ | | | | | +--o SWITCH o--+ |[em4] o--+ | | (69.67.212.126) | | | | (69.67.212.120/32) | | - | | | +o ISPn| | |[em5] o--+ - | | (vlandev interface) | | | | | | | |[vlan200] o--+ +--+ | | (10.123.40.6) | | | | -- +--+ | | | | | -o---o- | | SWITCH|| -o- | | | | - | -- +--+ | hammer | | | killua | | | (firewall) [fxp4] o-+ | [bge0] o--+ | (69.67.212.94) | | (10.123.40.2) || (69.67.212.74/32) | -- - hisoka:/# ifconfig em0 em0: flags=8943 mtu 1500 lladdr 00:15:17:a6:32:5d priority: 0 media: Ethernet autoselect (10baseT half-duplex) status: active inet6 fe80::215:17ff:fea6:325d%em0 prefixlen 64 scopeid 0x2 hisoka:/# ifconfig em1 em1: flags=8943 mtu 1500 lladdr 00:15:17:a6:32:5c priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::215:17ff:fea6:325c%em1 prefixlen 64 scopeid 0x3 hisoka:/# ifconfig em4 em4: flags=8943 mtu 1500 lladdr 00:14:4f:7c:fd:82 priority: 0 groups: egress media: Ethernet autoselect (100baseTX half-duplex) status: active inet 69.67.212.126 netmask 0xffe0 broadcast 69.67.212.127 inet6 fe80::214:4fff:fe7c:fd82%em4 prefixlen 64 scopeid 0x7 inet 69.67.212.120 netmask 0x broadcast 69.67.212.120 hisoka:/# ifconfig vlan200 vlan200: flags=8843 mtu 1500 lladdr 00:14:4f:7c:fd:83 priority: 0 vlan: 200 priority: 0 parent interface: em5 groups: vlan inet6 fe80::214:4fff:fe7c:fd83%vlan200 prefixlen 64 scopeid 0xb inet 10.123.40.6 netmask 0xfff8 broadcast 10.123.40.7 hisoka:/# cat /etc/bridgename.bridge0 add em4 add em0 add em1 up hisoka:/# brconfig bridge0: flags=41 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp em1 flags=3 port 3 ifpriority 0 ifcost 0 em0 flags=3 port 2 ifpriority 0 ifcost 0 em4 flags=3 port 7 ifpriority 0 ifcost 0 hisoka:/# netstat -rn -f inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default69.67.212.97 UGS999113 - 8 em4 10.123.40.0/29 link#11UC 20 - 4 vlan200 10.123.40.200:e0:81:2a:b5:1a UHLc 2 3166 - 4 vlan200 10.123.40.400:1f:9e:7d:93:39 UHLc 113239 - 4 vlan200 69.67.212.96/27link#7 UC 20 - 4 em4 69.67.212.97 00:08:e3:b4:b8:e0 UHLc 12 - 4 em4 69.67.212.120 127.0.0.1 UGHS 01 33160 8 lo0 69.67.212.120/32 link#7 UC 00 - 4 em4 69.67.212.126 00:14:4f:7c:fd:82 UHLc 04 - 4 lo0 127/8 127.0.0.1 UGRS 00 33160 8 lo0 127.0.0.1 127.0.0.1 UH 2 405 33160 4 lo0 147.243.6.29 10.123.40.4UGHS 0 17 - 8 vlan200 224/4 127.0.0.1 URS00 33160 8 lo0 hammer:/# ifconfig fxp4 fxp4: flags=8843 mtu 1500 lladdr 00:07:e9:5d:62:f8 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 69.67.212.94 netmask 0xffe0 broadcast 69.67.212.95 inet6 fe
Re: graphic card support
On Mon, Mar 23, 2009 at 12:37:23PM -0700, Aaron Stellman wrote: > On Sun, Mar 22, 2009 at 08:52:43AM +0100, Matthieu Herrb wrote: > > DRI/DRM on OpenBSD works on recent intel chips (i855 and up) and on > > older ATI chips (r200/r300). > > > Hello, > I'm looking to get a X600 PCI-E card, which seems to be based on RV380 > chipset, which is supposedly almost identical to other R3xx series, but > use PCI-e instead. Do you have any idea whether DRI/DRM works on these? my PCI-E x800 works perfectly. So probably. -0- -- I used to work in a fire hydrant factory. You couldn't park anywhere near the place. -- Steven Wright
Re: Browsers was: Re: firefox starts two times
I've been using this for a month or two: http://userscripts.org/scripts/show/34765 Works for more than just youtube also. Maybe I'm lazy but it's much easier than going to a shell and using yt or youtube-dl. Matthias Kilian wrote: > On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: > >> There are methods of fetching just the video off youtube if that's all >> you want. I think I've even seen at least two scripts in ports that >> just do that (www/youtube-dl is one and the other I can't recall its >> names off top of my head). >> > > net/yt
Re: Browsers was: Re: firefox starts two times
Thank you! And there's way more video sites than just youtube, and not all of them are as rip-happy as it. But flash support is only a small part of browsers and not really the point. -Nick On 23/03/2009, Jacob Meuser wrote: > On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: >> On Mon, Mar 23, 2009 at 1:35 PM, Nick Guenther wrote: >> > Also, youtube matters. This is going to get me flamed but a lot of >> > worthwhile content is in form of video now and not making that work >> > disenfranchises yourself. >> >> There are methods of fetching just the video off youtube if that's all >> you want. I think I've even seen at least two scripts in ports that >> just do that (www/youtube-dl is one and the other I can't recall its >> names off top of my head). I don't know how well they work; never used >> them myself. > > isn't that sorta like using ftp(1) to get JPEGs from sites you're > browsing with lynx(1)? > >> I agree with you on valuable/informative/entertaining content on youtube. >> >> Flash is open now, their specification docs were released. If it is >> important for folks, a truly open, reliable and secure versions >> should/could be implemented. > > I only got feedback from one person about swfdec update/sndio backend > addition. > > -- > jake...@sdf.lonestar.org > SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Browsers was: Re: firefox starts two times
On Mon, Mar 23, 2009 at 4:56 PM, Jacob Meuser wrote: > On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: >> On Mon, Mar 23, 2009 at 1:35 PM, Nick Guenther wrote: >> > Also, youtube matters. This is going to get me flamed but a lot of >> > worthwhile content is in form of video now and not making that work >> > disenfranchises yourself. >> >> There are methods of fetching just the video off youtube if that's all >> you want. I think I've even seen at least two scripts in ports that >> just do that (www/youtube-dl is one and the other I can't recall its >> names off top of my head). I don't know how well they work; never used >> them myself. > > isn't that sorta like using ftp(1) to get JPEGs from sites you're > browsing with lynx(1)? Similar to how you might use `tar -zxvf some-port.tar.gz' after saving said attachment sent to po...@. Options to do things in different ways are always good. >> I agree with you on valuable/informative/entertaining content on youtube. >> >> Flash is open now, their specification docs were released. If it is >> important for folks, a truly open, reliable and secure versions >> should/could be implemented. > > I only got feedback from one person about swfdec update/sndio backend > addition. do you read that as no interest in said port? --patrick
Re: Browsers was: Re: firefox starts two times
On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: > On Mon, Mar 23, 2009 at 1:35 PM, Nick Guenther wrote: > > Also, youtube matters. This is going to get me flamed but a lot of > > worthwhile content is in form of video now and not making that work > > disenfranchises yourself. > > There are methods of fetching just the video off youtube if that's all > you want. I think I've even seen at least two scripts in ports that > just do that (www/youtube-dl is one and the other I can't recall its > names off top of my head). I don't know how well they work; never used > them myself. isn't that sorta like using ftp(1) to get JPEGs from sites you're browsing with lynx(1)? > I agree with you on valuable/informative/entertaining content on youtube. > > Flash is open now, their specification docs were released. If it is > important for folks, a truly open, reliable and secure versions > should/could be implemented. I only got feedback from one person about swfdec update/sndio backend addition. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Install freezes on macppc
Paul M wrote: I was bitten by a similar issue on i386 hardware - freezes during install, or shortly thereafter. After too many hours bashing on it, I reinstalled the original windows disk, and it worked perfectly. I stress tested it for several days without a single (aparent) problem, but swapping out the disk and attempting a reinstall of 4.3, it would freeze again every time. Turned out to be bad RAM. OK, I finally sat down today and fiddled with this some more. First, I pulled all of the RAM, plugged in 1 x 256 MB SIMM, cleared the PRAM for good measure, and then ran the installer again. It froze as before. Next, I pulled the upgraded processor, dropped in a stock 350 MHz Apple processor, cleared the PRAM again, and then ran the installer again. This time, the installer ran all the way through, the machine booted without any issues, and seemed to run fine through all the normal tasks I gave it to do (network transfers, disk formatting, installing a package, etc). Then I shut the machine down and put the original 2GB memory back in, cleared PRAM, and started up again. No issues. Then I shut down and put the upgraded processor back in, cleared PRAM, and booted again. Within a couple minutes, the machine froze again. I was able to reproduce this several times. So it looks like the processor is the culprit (bummer). Interestingly, though, the line from the dmesg that Nick pointed out, "mem at mainbus0 not configured", did not appear in the installed copy of OpenBSD regardless of which processor or how much memory was in the machine. That only showed up when I booted from the CD. Also, as a side note-- this machine does not have a serial port. At least, none that I am aware of. There's nothing remotely serial-like (not counting USB, that is) on the back panel. Just USB, IEEE1394a, RJ-45, RJ-11, and audio. Maybe there's some kind of header on the motherboard, but I think I'm done messing around with this machine for today. Dan
[off-topic] Attacks on Intel's System Management Mode
Joanna Rutkowska and Loic Duflot have simultaneously disclosed details of vulnerabilities in Intel's caching mechanisms, which permit the injection of code into the System Management Mode and ultimately the placing of a virtually invisible rootkit. "System Management Mode (SMM) is a relatively obscure mode on Intel processors used for low-level hardware control", explain Embleton, Sparks and Zou in a paper on SMM rootkits that's well worth reading. "It has its own private memory space [SMRAM], and execution environment which is generally invisible to code running outside [it.]" By poisoning the cache of the CPU, Rutkowska can successfully inject her own code, which then runs with maximum privileges, while remaining invisible to the operating system and applications. She provides a harmless "proof of concept" exploit that she claims works on Intel's DQ35 board, among others. Embleton, Sparks and Zou demonstrate what a genuine SMM rootkit could look like. Not much more is known about Duflot's presentation at CansecWest, other than the title, "Getting into the SMRAM: SMM Reloaded". Despite the far-reaching consequences of such SMM rootkits, there's no need to panic. Fortunately, only theoretical concepts and a few conceptual studies for laboratory environments have so far been heard of. Nothing of the kind has yet been observed in the wild as a part of malicious software. Source: http://www.h-online.com/security/Attacks-on-Intel-s-System-Management-Mode--/news/112903
Re: Browsers was: Re: firefox starts two times
On Mon, Mar 23, 2009 at 03:39:41PM -0700, patrick keshishian wrote: > There are methods of fetching just the video off youtube if that's all > you want. I think I've even seen at least two scripts in ports that > just do that (www/youtube-dl is one and the other I can't recall its > names off top of my head). net/yt
Re: Browsers was: Re: firefox starts two times
On Mon, Mar 23, 2009 at 1:35 PM, Nick Guenther wrote: > Also, youtube matters. This is going to get me flamed but a lot of > worthwhile content is in form of video now and not making that work > disenfranchises yourself. There are methods of fetching just the video off youtube if that's all you want. I think I've even seen at least two scripts in ports that just do that (www/youtube-dl is one and the other I can't recall its names off top of my head). I don't know how well they work; never used them myself. I agree with you on valuable/informative/entertaining content on youtube. Flash is open now, their specification docs were released. If it is important for folks, a truly open, reliable and secure versions should/could be implemented. --patrick > > -Nick > > On 23/03/2009, Ingo Schwarze wrote: >> Hi Chris, >> >> very probably, you are not describing a bug, but the following feature. >> >> Chris wrote on Mon, Mar 23, 2009 at 02:15:10PM +1100: >> >>> When I start firefox (3.0.6) from the xterm shell, I get two firefox >>> starting at the same time. >> >> Very probably, you are not getting two firefox processes, >> but one firefox process managing two windows. >> To check this, run >> >> B $ ps ax | grep firefox-bin >> >>> If I close one of them (by doing File - Exit), >> >> By chance, i still have the somewhat oldish firefox 3.0.6 installed >> on a 4.5-current i386 box. B Here, the file menu doesn't contain >> an "Exit" menu entry. >> >>> it closes both of them. >> >> When i do "File - Quit", i get a popup window >> >> B "Do you want Firefox to save your tabs and windows >> B for the next time it starts? >> >> B [Checkbox] Do not ask next time >> >> B Button: Quit >> B Button: Cancel >> B Button: Save and Quit" >> >> Maybe you checked the checkbox and clicked "Save and Quit"? >> When doing that, i can reproduce the behaviour you describe. >> >>> I have the same behavior from two >>> different window managers: awesome and scrotwm. >> >> Probably, what you describe has nothing to do with the >> operating system or the window manger, but with firefox itself. >> >> You can go to "Edit - Preferences - Main - Startup" >> and select "When Firefox starts, Show my home page". >> Actually, you wouldn't believe it from what the dialogue >> texts in the browser say: But that will revert *exactly* >> the effect of checking the box "Do not ask next time". >> I checked this by diffing the prefs.js file before and after. >> >> If you want to keep the behaviour of restoring tabs and windows >> on startup but just want to use only one window in the future, >> just click "File - Close" in one of your two windows. >> >> >> Now don't get me started on firefox. B It has turned so damn >> MS-Windows-ish: B Creeping featurism wherever you look, features >> hidden so well and in so much layers that you simply do not find >> most of them even when you actively search for them, almost >> nothing documented, incomprehensible names of features, >> unintellegible correspondance between UI texts and configuration >> option names, unsecure to insane defaults and bloat, bloat, bloat... >> >> All the same, things you really need are not available, or you >> need obscure plugins to achieve them. >> >> >> So if anybody is going to write a browser that i would like, >> i would probably contribute funding to allow several months of full >> time work. B Yes, i know that a few months will hardly suffice. >> >> I would like the following: >> B * Monolithic, fast, small and readable code; no plugins. >> B * Secure, good privacy, high speed by default, and >> B B no way to move the global default settings away from that. >> B * No useless knobs. B No drop-down menus. B No icon toolbars. >> B * Do not bother about non-POSIX operating systems, i.e. assume that >> B B POSIX external utilities and C library calls are available. >> B * Strict principle of not more than one HTTP request per click or ENTER. >> B * No data ever sent across the wire without an explicit left click or >> ENTER. >> B * Never reuse a tab for a different URL unless explicitely requested. >> B B Always use a new tab for each new URL. >> B * Two URL bars, the upper showing the URL displayed in the current tab, >> B B the lower showing the URL the mouse is currently pointing at, including >> B B the TARGET tag, if any. B Prominently mark POST to distinguish it from >> GET. >> B B The lower URL bar can also be used for keyboard input. >> B * A delete command (d) to close the current tab. >> B * A goto command (g) to open a new tab and set the cursor to the URL line, >> B B such that "ghttp://www.openbsd.org/" gets you there. >> B * An alias command (a) to define a bookmark to the current URL, >> B B for example "aobsd" to make "gobsd" work. >> B * Show meta-information about embedded content, not the content itself, >> B B i.e. content type (e.g. IMG), file name or URL, ALT text, size if it >> B B is large. >> B * Per-site and per-URL configuration database,
Re: SOEKRIS - How to install MTR to a Flashdist image
> Now, if you run ldd on the pkg_add binary you would get: > > ldd: /usr/sbin/pkg_add: not an ELF executable > > and I am not really sure why is that. Experts comments welcome here! That's because /usr/sbin/pkg_add is not an ELF executable. $ file /usr/sbin/pkg_add /usr/sbin/pkg_add: perl script text executable You need to install Perl to be able to use the pkg_add script. -- Floor Terra www: http://brobding.mine.nu/
Re: SOEKRIS - How to install MTR to a Flashdist image
Luis F Urrea wrote: > > By default if I am not mistaken, flashdist does not include the "pkg_add" > binary and therefore for the chroot suggestion you would at least need to > get the "pkg_add" binary into the flash image. > You are correcet Luis F Urrea wrote: > > The technique used in the flashdist script for getting things installed > uses > `ldd` on a binary to find it's library dependencies and have them copied > to > the image. This is more likely to work at least for dinamically linked > binaries which are fairly straightforward and in which you often do not > need > anymore files than the binary and shared libraries. > > You could use ldd as follows for wget as example: > > ldd /usr/local/bin/wget 2>/dev/null | egrep 'rlib|rtld' | awk '{print > $7}' > \ > |sort -u | xargs tar -cvf - | tar -C /mnt/flashdist-image -xpf - > > Where flashdist-image is the directory in which you have mounted the > flashdist image > > > Now, if you run ldd on the pkg_add binary you would get: > > ldd: /usr/sbin/pkg_add: not an ELF executable > > and I am not really sure why is that. Experts comments welcome here! > First attampt didn't work, but I'll work with it some more. Luis F Urrea wrote: > > Another option may be to use the -B option from pkg_add to define the > chrooted environment as the destination dir, but I can't confirm that it > would work as expected. > Tryed the -B option but I couldn't get that to work either Luis F Urrea wrote: > > For packages in which the structure of required files is more complex, > daemons such as samba an the like, using ldd may not suffice and such > programs may fail to execute mysteriously. In such cases, the ktrace(1) > and > kdump(1) may come in handy. > > ktrace followed by the filename will produce an output file named > ktrace.out > in the directory in which you run it. Then you need to use kdump command > to > inspect the previously generated ktrace.out, look for files that the > program > is attempting to open, particularly for the NAMI (name-to-inode) > translation > in order to get a clue of what files may be missing. > > A third option involves creating a chroot sandbox environment and use two > cookies to track file changes in the filesystem as described here: > > http://labs.calyptix.com/openbsd-binary-patches-chroot.php > > Readers familiar with OpenBSD ports will notice that this cookie technique > is borrowed from the make system in the OpenBSD ports tree. > > Hope this helps > I'll read up on this. Thanks Luis, the help is very appreciated. Cheers Brad -- View this message in context: http://www.nabble.com/SOEKRIS---How-to-install-MTR-to-a-Flashdist-image-tp22636740p22668748.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Browsers was: Re: firefox starts two times
I am no fan of firefox at all. I wish day and night it would work without sucking so hard all the time. But tweak headers? Random metacruft? That's feature creep too, just from a programmer's perspective -- which is even worse if you want people to take it up and use it and thus work out the bugs you missed. What don't you like about lynx, w3m, links, links+, dillo, konqueror, galeon, midori, or epiphany? If you're no fan on javascript then the incompleteness of most of these browsers shouldn't bother you. Personally I think that webkit is promising, even if epiphany+webkit did segfault on me and doesn't have an OpenBSD package. With webkit it *should* be possible to rapidly design any UI you want. Also, youtube matters. This is going to get me flamed but a lot of worthwhile content is in form of video now and not making that work disenfranchises yourself. -Nick On 23/03/2009, Ingo Schwarze wrote: > Hi Chris, > > very probably, you are not describing a bug, but the following feature. > > Chris wrote on Mon, Mar 23, 2009 at 02:15:10PM +1100: > >> When I start firefox (3.0.6) from the xterm shell, I get two firefox >> starting at the same time. > > Very probably, you are not getting two firefox processes, > but one firefox process managing two windows. > To check this, run > > $ ps ax | grep firefox-bin > >> If I close one of them (by doing File - Exit), > > By chance, i still have the somewhat oldish firefox 3.0.6 installed > on a 4.5-current i386 box. Here, the file menu doesn't contain > an "Exit" menu entry. > >> it closes both of them. > > When i do "File - Quit", i get a popup window > > "Do you want Firefox to save your tabs and windows > for the next time it starts? > > [Checkbox] Do not ask next time > > Button: Quit > Button: Cancel > Button: Save and Quit" > > Maybe you checked the checkbox and clicked "Save and Quit"? > When doing that, i can reproduce the behaviour you describe. > >> I have the same behavior from two >> different window managers: awesome and scrotwm. > > Probably, what you describe has nothing to do with the > operating system or the window manger, but with firefox itself. > > You can go to "Edit - Preferences - Main - Startup" > and select "When Firefox starts, Show my home page". > Actually, you wouldn't believe it from what the dialogue > texts in the browser say: But that will revert *exactly* > the effect of checking the box "Do not ask next time". > I checked this by diffing the prefs.js file before and after. > > If you want to keep the behaviour of restoring tabs and windows > on startup but just want to use only one window in the future, > just click "File - Close" in one of your two windows. > > > Now don't get me started on firefox. It has turned so damn > MS-Windows-ish: Creeping featurism wherever you look, features > hidden so well and in so much layers that you simply do not find > most of them even when you actively search for them, almost > nothing documented, incomprehensible names of features, > unintellegible correspondance between UI texts and configuration > option names, unsecure to insane defaults and bloat, bloat, bloat... > > All the same, things you really need are not available, or you > need obscure plugins to achieve them. > > > So if anybody is going to write a browser that i would like, > i would probably contribute funding to allow several months of full > time work. Yes, i know that a few months will hardly suffice. > > I would like the following: > * Monolithic, fast, small and readable code; no plugins. > * Secure, good privacy, high speed by default, and >no way to move the global default settings away from that. > * No useless knobs. No drop-down menus. No icon toolbars. > * Do not bother about non-POSIX operating systems, i.e. assume that >POSIX external utilities and C library calls are available. > * Strict principle of not more than one HTTP request per click or ENTER. > * No data ever sent across the wire without an explicit left click or > ENTER. > * Never reuse a tab for a different URL unless explicitely requested. >Always use a new tab for each new URL. > * Two URL bars, the upper showing the URL displayed in the current tab, >the lower showing the URL the mouse is currently pointing at, including >the TARGET tag, if any. Prominently mark POST to distinguish it from > GET. >The lower URL bar can also be used for keyboard input. > * A delete command (d) to close the current tab. > * A goto command (g) to open a new tab and set the cursor to the URL line, >such that "ghttp://www.openbsd.org/" gets you there. > * An alias command (a) to define a bookmark to the current URL, >for example "aobsd" to make "gobsd" work. > * Show meta-information about embedded content, not the content itself, >i.e. content type (e.g. IMG), file name or URL, ALT text, size if it >is large. > * Per-site and per-URL configuration database, allowing things like > - embedded image
Re: dhcpd and mitel options
On 2009-03-23, Lars Hansson wrote: > Hey, > I have some problems with using OpenBSD 4.4's dhcpd together with > Mitel VoIP phones that I'd hope someone could shed some light on. > Mitel VoIP phones requires custom options to load firmware, set VLAN > etc and i cant quite get it to work with OpenBSD's dhcpd. it works > fine one a Linux box running isc-dhcp 3.0.6 although curiously not > enough on isc-dhcp on OpenBSd 4.4. > > ISC-DHCP: > # MITEL specific options > option space mitel; > option mitel.tftp code 128 = ip-address; > option mitel.icp code 129 = ip-address; > option mitel.id code 130 = text; > option mitel.vlan code 132 = signed integer 32; > option mitel.l2p code 133 = signed integer 32; > option mitel.dscp code 134 = unsigned integer 8; > > option mitel.tftp 172.30.179.7; > option mitel.icp10.107.10.17; > option mitel.id "MITEL IP PHONE"; > option mitel.vlan 11; > option mitel.l2p6; > option mitel.dscp 46; > > I know OpenBSd's dhcp does not support options the same way but I > thought the below would work: > > option option-128 "172.30.179.7"; > option option-129 "10.107.10.17"; .. > option mitel.vlan 02; > option mitel.l2p06; > option mitel.dscp 46; you are giving these as text strings, but the phone actually requires IP addresses or numbers. you can patch like this, Index: tables.c === RCS file: /cvs/src/usr.sbin/dhcpd/tables.c,v retrieving revision 1.8 diff -N -u -p tables.c --- tables.c13 Jan 2009 21:11:57 - 1.8 +++ tables.c23 Mar 2009 19:53:22 - @@ -190,13 +190,13 @@ struct option dhcp_options[256] = { { "option-125", "X",&dhcp_universe, 125 }, { "option-126", "X",&dhcp_universe, 126 }, { "option-127", "X",&dhcp_universe, 127 }, - { "option-128", "X",&dhcp_universe, 128 }, - { "option-129", "X",&dhcp_universe, 129 }, - { "option-130", "X",&dhcp_universe, 130 }, + { "mitel-tftp", "I",&dhcp_universe, 128 }, + { "mitel-icp", "I", &dhcp_universe, 129 }, + { "mitel-id", "X", &dhcp_universe, 130 }, { "option-131", "X",&dhcp_universe, 131 }, - { "option-132", "X",&dhcp_universe, 132 }, - { "option-133", "X",&dhcp_universe, 133 }, - { "option-134", "X",&dhcp_universe, 134 }, + { "mitel-vlan", "l",&dhcp_universe, 132 }, + { "mitel-l2p", "l", &dhcp_universe, 133 }, + { "mitel-dscp", "B",&dhcp_universe, 134 }, { "option-135", "X",&dhcp_universe, 135 }, { "option-136", "X",&dhcp_universe, 136 }, { "option-137", "X",&dhcp_universe, 137 }, these ones have a whole bunch of clashes with other vendor options (see http://www.iana.org/assignments/bootp-dhcp-parameters/) and they aren't assigned or tentatively assigned, so I don't think they can be hard- coded into our dhcpd by default.
Re: graphic card support
On Sun, Mar 22, 2009 at 08:52:43AM +0100, Matthieu Herrb wrote: > DRI/DRM on OpenBSD works on recent intel chips (i855 and up) and on > older ATI chips (r200/r300). > Hello, I'm looking to get a X600 PCI-E card, which seems to be based on RV380 chipset, which is supposedly almost identical to other R3xx series, but use PCI-e instead. Do you have any idea whether DRI/DRM works on these? Thanks
Re: SOEKRIS - How to install MTR to a Flashdist image
There may be use cases for using flashdist, such as not having "pkg_add" package installed for security reasons and tailoring highly customized images ready to be flashed for FWs, NAS, VoIP GWs and so on. So, in that sense I am sure that the size of the flash is not the only motivation now a days. By default if I am not mistaken, flashdist does not include the "pkg_add" binary and therefore for the chroot suggestion you would at least need to get the "pkg_add" binary into the flash image. The technique used in the flashdist script for getting things installed uses `ldd` on a binary to find it's library dependencies and have them copied to the image. This is more likely to work at least for dinamically linked binaries which are fairly straightforward and in which you often do not need anymore files than the binary and shared libraries. You could use ldd as follows for wget as example: ldd /usr/local/bin/wget 2>/dev/null | egrep 'rlib|rtld' | awk '{print $7}' \ |sort -u | xargs tar -cvf - | tar -C /mnt/flashdist-image -xpf - Where flashdist-image is the directory in which you have mounted the flashdist image Now, if you run ldd on the pkg_add binary you would get: ldd: /usr/sbin/pkg_add: not an ELF executable and I am not really sure why is that. Experts comments welcome here! Another option may be to use the -B option from pkg_add to define the chrooted environment as the destination dir, but I can't confirm that it would work as expected. For packages in which the structure of required files is more complex, daemons such as samba an the like, using ldd may not suffice and such programs may fail to execute mysteriously. In such cases, the ktrace(1) and kdump(1) may come in handy. ktrace followed by the filename will produce an output file named ktrace.out in the directory in which you run it. Then you need to use kdump command to inspect the previously generated ktrace.out, look for files that the program is attempting to open, particularly for the NAMI (name-to-inode) translation in order to get a clue of what files may be missing. A third option involves creating a chroot sandbox environment and use two cookies to track file changes in the filesystem as described here: http://labs.calyptix.com/openbsd-binary-patches-chroot.php Readers familiar with OpenBSD ports will notice that this cookie technique is borrowed from the make system in the OpenBSD ports tree. Hope this helps
Re: Tape Drive,
Hey Milan, I admit I haven't used a tape drive in some time, but could that be indicative of a blank tape? Make sure the tape really is rewound: $ sudo mt rewind -Brynet
Re: firefox starts two times
Hi Chris, very probably, you are not describing a bug, but the following feature. Chris wrote on Mon, Mar 23, 2009 at 02:15:10PM +1100: > When I start firefox (3.0.6) from the xterm shell, I get two firefox > starting at the same time. Very probably, you are not getting two firefox processes, but one firefox process managing two windows. To check this, run $ ps ax | grep firefox-bin > If I close one of them (by doing File - Exit), By chance, i still have the somewhat oldish firefox 3.0.6 installed on a 4.5-current i386 box. Here, the file menu doesn't contain an "Exit" menu entry. > it closes both of them. When i do "File - Quit", i get a popup window "Do you want Firefox to save your tabs and windows for the next time it starts? [Checkbox] Do not ask next time Button: Quit Button: Cancel Button: Save and Quit" Maybe you checked the checkbox and clicked "Save and Quit"? When doing that, i can reproduce the behaviour you describe. > I have the same behavior from two > different window managers: awesome and scrotwm. Probably, what you describe has nothing to do with the operating system or the window manger, but with firefox itself. You can go to "Edit - Preferences - Main - Startup" and select "When Firefox starts, Show my home page". Actually, you wouldn't believe it from what the dialogue texts in the browser say: But that will revert *exactly* the effect of checking the box "Do not ask next time". I checked this by diffing the prefs.js file before and after. If you want to keep the behaviour of restoring tabs and windows on startup but just want to use only one window in the future, just click "File - Close" in one of your two windows. Now don't get me started on firefox. It has turned so damn MS-Windows-ish: Creeping featurism wherever you look, features hidden so well and in so much layers that you simply do not find most of them even when you actively search for them, almost nothing documented, incomprehensible names of features, unintellegible correspondance between UI texts and configuration option names, unsecure to insane defaults and bloat, bloat, bloat... All the same, things you really need are not available, or you need obscure plugins to achieve them. So if anybody is going to write a browser that i would like, i would probably contribute funding to allow several months of full time work. Yes, i know that a few months will hardly suffice. I would like the following: * Monolithic, fast, small and readable code; no plugins. * Secure, good privacy, high speed by default, and no way to move the global default settings away from that. * No useless knobs. No drop-down menus. No icon toolbars. * Do not bother about non-POSIX operating systems, i.e. assume that POSIX external utilities and C library calls are available. * Strict principle of not more than one HTTP request per click or ENTER. * No data ever sent across the wire without an explicit left click or ENTER. * Never reuse a tab for a different URL unless explicitely requested. Always use a new tab for each new URL. * Two URL bars, the upper showing the URL displayed in the current tab, the lower showing the URL the mouse is currently pointing at, including the TARGET tag, if any. Prominently mark POST to distinguish it from GET. The lower URL bar can also be used for keyboard input. * A delete command (d) to close the current tab. * A goto command (g) to open a new tab and set the cursor to the URL line, such that "ghttp://www.openbsd.org/" gets you there. * An alias command (a) to define a bookmark to the current URL, for example "aobsd" to make "gobsd" work. * Show meta-information about embedded content, not the content itself, i.e. content type (e.g. IMG), file name or URL, ALT text, size if it is large. * Per-site and per-URL configuration database, allowing things like - embedded image download (off by default) - CSS download (off by default) - frame content download (off by default) - accepting cookies (off by default) - JavaScript execution (off by default) Store this DB in plain text, easy to browse with cd, ls and vi. * Do not use any files in the user's home directory except this DB and the cache explained below. In particular, no .mozilla-like configuration directories. * When showing frames, always prominently mark the frame borders, and in the top line of each frame, always show the frame name and the current URL. * When asking about cookies, always show the full cookie content. * Always ask about HTTPS certificates, even when signed by commercial root CAs, always show the full certificate content at once, and one line stating the supporting chain of trust, if any. Require exactly one click: "Use once" or "Save". Cancel is useless as you can just close the tab. Do not try to explain what this is all about. * When interpreting JavaScript, state what the code is trying to do, i.e. display
Re: dhcpd and mitel options
> The Mitel phones complain that option 128 is missing (I take this to > mean that it have the wrong format or type since it's obviously there) > and goes no further. Have you tried taking a packet capture of the DHCP dialog when using Linux and when using OpenBSD, and then comparing the DHCP Offer from both using Wireshark or some other packet dissector? That way you could compare if option 128 is present in the offer from OpenBSD, and if so, what the difference is between it and the Linux offer. That might steer you in the right direction. Just a thought, -Martin -- "We look forward to the time when the power to love will replace the love of power. Then will our world know the blessings of peace." --William Ewart Gladstone
Hardware request.
Hi guys, I've heard of a few nasty bugs in dual-head support on radeon graphics hardware, but I've only got one monitor and can't fix them. It would be great if someone would be willing to donate a pair of monitors capable of 1600x1200. Specifically, it would be best if the monitor's status menu had data on the incoming clock rates (sync frequencies, etc). It would be preferable if they had both vga and dvi inputs. If anyone can help out with this, please contact me off-list. I'm based in London, UK. Cheers, -0- -- A person is just about as big as the things that make him angry.
Re: spamd handling multiple sending servers
--- Stuart Henderson [Mon, Mar 23, 2009 at 01:54:44PM +]: --- > On 2009-03-23, jmc wrote: > >> In getting our low traffic email server running, the first thing I > >> noticed while following the logs that sites like gmail et al will > >> retry a message from a different host. Sometimes gmail will send > >> once, try again very soon again from the same host and then queue it, > >> but the queued email might be sent by a different server. > > > > check greylisting.org. > > it's useless. it doesn't list common pool senders from a block of /24 > or less (i.e. most of them) and it's not updated regularly. dnswl.org is > better but it's a damn big list and if you load it into a PF table, even > if you aggregate the addresses, it uses a huge chunk of kernel memory. thanks for the tip on that, Stuart. i had the feeling the info there was a bit long in the tooth as well. dealing with the round-robin/common pool smtp hosts is something i've not been completely happy with in my setup, so maybe i'll revisit how i handle things here.
dhcpd and mitel options
Hey, I have some problems with using OpenBSD 4.4's dhcpd together with Mitel VoIP phones that I'd hope someone could shed some light on. Mitel VoIP phones requires custom options to load firmware, set VLAN etc and i cant quite get it to work with OpenBSD's dhcpd. it works fine one a Linux box running isc-dhcp 3.0.6 although curiously not enough on isc-dhcp on OpenBSd 4.4. ISC-DHCP: # MITEL specific options option space mitel; option mitel.tftp code 128 = ip-address; option mitel.icp code 129 = ip-address; option mitel.id code 130 = text; option mitel.vlan code 132 = signed integer 32; option mitel.l2p code 133 = signed integer 32; option mitel.dscp code 134 = unsigned integer 8; option mitel.tftp 172.30.179.7; option mitel.icp10.107.10.17; option mitel.id "MITEL IP PHONE"; option mitel.vlan 11; option mitel.l2p6; option mitel.dscp 46; I know OpenBSd's dhcp does not support options the same way but I thought the below would work: option option-128 "172.30.179.7"; option option-129 "10.107.10.17"; option option-130 "MITEL IP PHONE"; option mitel.vlan 02; option mitel.l2p06; option mitel.dscp 46; The Mitel phones complain that option 128 is missing (I take this to mean that it have the wrong format or type since it's obviously there) and goes no further. I'm hoping it's just a matter of figuring out how to use the options and format them correctly. Cheers, Lars Hansson
Re: prioritizing carp interfaces
Toni Mueller schrieb: > Hi, > > On Fri, 20.03.2009 at 14:28:46 +0100, Joerg Streckfuss > wrote: >> How does CARP behaves when on the master node two "unimportantly" interfaces >> fail and on the backup node only the uplink interface fails? Does CARP >> failover >> to the backup node and as consequence the whole network will be disconnected >> from the internet? > > my reading of carp(4) is that the behaviour depends on the setting of > > net.inet.carp.preempt > > If set to 1, then firewalls only fail over as a whole, while if set to > 0, interfaces fail over individually. With interfaces failing over > individually, and with appropriate routing between your firewalls, > traffic should flow through the remaining interfaces. > > Please note that having interfaces fail over individually makes playing > with pfsync and sasync *quite* interesting. > Please also note that you could have more than two firewalls running > CARP, so maybe the third (fourth, ...) firewall will keep you online. > > I guess that the real solution is to have a known-good hardware that > you can bring up in minutes sitting on the shelf, and yes, to live with > some downtime. > > > Kind regards, > --Toni++ > Okey, sorry I forget to mention that on both hosts preemting is enabled. So what happens when first on the master host two interfaces fail and an the backup only one interface fails. In my opinion preemption on both nodes effects that advskew is set to 240 on all interfaces and as a consequence there is no host which could advertise faster then the other host in the carp group. Am I right in thinking that no failover should happen regardless of the number of failed carp interfaces? Kind regards, Joerg [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: PF and CLamAV "Integration" - how to do it?
Hi. Thanks by the way for all this great feedback about ClamAV and PF integration. Am learning a lot here. :-) Just curious though about typical use-cases for smtp-vilter I can see the PF integration being a great way to isolate virus-infected hosts on a LAN by putting their IP addresses into a quarantine table on the border firewall. Once the virus has been cleaned the host is removed from the table (by the administrator) so that it can access the Internet again. Just curious, what response-policies do folks use (with smtp-vilter) when hosts on the Internet send infected emails? Do you block those hosts outright? Or do you remove any attachments/pictures first and then forward just the message body to the intended recipient? I think smtp-vilter has just the right feature set. :-) Sarah Marc Balmer wrote: Well, I am biased (I wrote smtp-vilter). I wrote it quite some time ago because clamav-milter's quality was really bad. And I needed LDAP and PF integration. smtp-vilter was written with OpenBSD in mind.
Re: PKG_CACHE
export thanks, Paul. On Mon, 2009-03-23 at 16:49 +0100, Stephan A. Rickauer wrote: > What magic do I miss to cache packages in PKG_CACHE? Must be really > obvious, but I can't spot it. > > # PKG_CACHE=/tmp > # echo $PKG_CACHE > /tmp > # pkg_add -x nano > Adding nano-2.0.7 > # ls -l /tmp/ > > (empty) > > Thanks. > -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWebwww.ini.uzh.ch
Re: PKG_CACHE
On Mon, Mar 23, 2009 at 04:49:58PM +0100, Stephan A. Rickauer wrote: | What magic do I miss to cache packages in PKG_CACHE? Must be really | obvious, but I can't spot it. | | # PKG_CACHE=/tmp | # echo $PKG_CACHE | /tmp | # pkg_add -x nano | Adding nano-2.0.7 | # ls -l /tmp/ | | (empty) exporting the variable : [p...@office414] $ export PKG_CACHE=/tmp/pkgs [p...@office414] $ mkdir /tmp/pkgs [p...@office414] $ sudo pkg_add -x nano Adding nano-2.0.9 [p...@office414] $ ls -l /tmp/pkgs total 800 -rw-r--r-- 1 root wheel 386855 Mar 23 16:57 nano-2.0.9.tgz Cheers, Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: spamd handling multiple sending servers
> I sometimes find this a problem when running spamd at low-to-medium volume > sites. (I use postgrey instead for those, which only looks at the first 24 > bits of the sender's IP address by default). Sounds like an interesing option for spamd, too, doesn't it? Could be called 'sloppy' mode ;) -- Stephan A. Rickauer --- Institute of Neuroinformatics Tel +41 44 635 30 50 University / ETH Zurich Sec +41 44 635 30 52 Winterthurerstrasse 190 Fax +41 44 635 30 53 CH-8057 ZurichWebwww.ini.uzh.ch
Re: PKG_CACHE
On Mon, Mar 23, 2009 at 04:49:58PM +0100, Stephan A. Rickauer wrote: > What magic do I miss to cache packages in PKG_CACHE? Must be really > obvious, but I can't spot it. > > # PKG_CACHE=/tmp ^^ export > # echo $PKG_CACHE > /tmp > # pkg_add -x nano > Adding nano-2.0.7 > # ls -l /tmp/ > > (empty) > > Thanks.
PKG_CACHE
What magic do I miss to cache packages in PKG_CACHE? Must be really obvious, but I can't spot it. # PKG_CACHE=/tmp # echo $PKG_CACHE /tmp # pkg_add -x nano Adding nano-2.0.7 # ls -l /tmp/ (empty) Thanks.
Re: Debugging "no route to host" problem?
Am 16.03.2009 um 14:58 schrieb Falk Brockerhoff - smartTERRA GmbH: I run OpenBSD 4.4 GENERIC#1021 i386 on a Dell Poweredeg 2650 System as a firewall. Lan side I configured multiple carp Interfaces - without any backup system at the moment (for testing purposes). Almost all is running fine, but sometimes I get a "no route to host" error - not for all routes/interfaces, but one or two... I figured it out. I started monitoring severial system, interface und pf information and graphed them using cacti. So I was able to see a dependence between the appearance of my problem and the amount of entries in pf's session state table. Increasing this value solves the problem. Maybe, is there any possibility to get pf logging this "max entries of state table exceeded" to syslog? Regards, Falk
Re: spamd handling multiple sending servers
On 2009-03-23, jmc wrote: >> In getting our low traffic email server running, the first thing I >> noticed while following the logs that sites like gmail et al will >> retry a message from a different host. Sometimes gmail will send >> once, try again very soon again from the same host and then queue it, >> but the queued email might be sent by a different server. > > check greylisting.org. it's useless. it doesn't list common pool senders from a block of /24 or less (i.e. most of them) and it's not updated regularly. dnswl.org is better but it's a damn big list and if you load it into a PF table, even if you aggregate the addresses, it uses a huge chunk of kernel memory.
Re: pf dynamic firewall for web portal ?
Hello, You can create table in your conf file. Give access to this table. Then, you will be abble to modify this table without change your text file or reloading it. You can do this using pfctl option (specifically -T option). Le 23 mars 09 ` 12:02, RJ45 a icrit : Hello, I implemented a OpenBSD solution for a soekris appliance. My problem is that I have a web portal there and I need a new pass rule for each client IP authenticating. Actually this was easy to do with linux iptables, but how to do it with PF ? Actually all the PF rules are into a file, and can be read from file. This is fare to be a dynamic system. Rules must first be deleted fomr file and then reloaded with pfctl. My problem is, how can I Remove a single PF rule without modifying a text file and realoading all the rules ? thanks Rick
Re: firefox starts two times
2009/3/23 Chris : > When I start firefox (3.0.6) from the xterm shell, I get two firefox > starting at the same time. If I close one of them (by doing File - > Exit), it closes both of them. I have the same behavior from two > different window managers: awesome and scrotwm. > > Has anyone else seen this behavior before? Three questions: (0) When you have Firefox open --two times, as you say-- and you do $ pgrep -l firefox or $ ps ax | grep firefox | grep -v grep at the command line, precisely what does it say? (1) What version of Firefox do you use? (2) Assuming a recent 3.x Firefox version, under Edit -- Preferences -- Main -- Startup, what does it say next to "When Firefox starts"? regards, --ropers
Re: intel 5400 chipset support, was: Re: raidframe and hotplugd on 4.4
Hi David, On Mon, 23.03.2009 at 09:48:36 +0100, David Vasek wrote: > On Sun, 22 Mar 2009, Toni Mueller wrote: >> isa0 at mainbus0 >> com0 at isa0 port 0x3f8/0 irq4: ns8240, .. fifo > > Not that I would be able to help with this, just note that these two > lines are very different from the dmesg you posted previously. My guess > is you should prepare yourself for retyping the full dmesg. yesterday, I typed from a blurry handset photo. Anyway, I re-did the experiment and managed to write down the exact error message. As far as I can see, booting proceeds as normal to this point: pciide0: channel 1 ignored (disabled) Then, AHCI is detected and immediately followed by a crash: ahci0 at pci0 dev 31 function 2 "Intel 6321ESD AHCI" rev 0x09: irq 11, AHCI 1.1 fatal protection fault in supervisor mode trap type 4 mode 18b rip 802ba2f8 cs8 rflags 10202 cr2 0 cpi e rsp 80b21b20 The operating system has halted. ... While poking around in the BIOS, I also saw an option which suggested that the machine can do something called "EFI OS booting" (or similar). Should I enable this? Kind regards, --Toni++
Re: pf dynamic firewall for web portal ?
Hi, I implemented a OpenBSD solution for a soekris appliance. My problem is that I have a web portal there and I need a new pass rule for each client IP authenticating. Actually this was easy to do with linux iptables, but how to do it with PF ? Actually all the PF rules are into a file, and can be read from file. This is fare to be a dynamic system. Rules must first be deleted fomr file and then reloaded with pfctl. My problem is, how can I Remove a single PF rule without modifying a text file and realoading all the rules ? Maybe you can use tables : http://www.openbsd.org/faq/pf/tables.html and use pfctl(8) to update such tables (options -t and -T)
Re: pf dynamic firewall for web portal ?
RJ45 slacknet.com> writes: > > Hello, > I implemented a OpenBSD solution for a soekris appliance. > My problem is that I have a web portal there and I need > a new pass rule for each client IP authenticating. > Actually this was easy to do with linux iptables, > but how to do it with PF ? Actually all the PF rules are > into a file, and can be read from file. This is fare > to be a dynamic system. Rules must first be deleted fomr file > and then reloaded with pfctl. > My problem is, how can I Remove a single PF rule without > modifying a text file and realoading all the rules ? > > thanks > > Rick > > This seems like a job for tables, just use a table as the match for your pass rule and add and remove addresses from it. look at sysutils/tabled in ports if you're manipulating this table from !root. If you really need individual pass rules, look at anchors, though adding and removing rules dynamically is a simple matter of programming (look at pf(4) for details). Failing that, you can also flush and reload your anchor ruleset (not your whole ruleset) with pfctl -a, though from your mail that doesn't seem to appeal. If the number of IPs you are passing on is large enough, a table is probably best.
relayd vs loopback interface
Hello, I'd like to create some setup with relayd to allow bounce-back access to VIP eg. allowing machines behind the load balancer to access other VIP. In order to do that I want to set the VIP into loopback and set /32 routes against public network to reach them. Now is there any problems against such setup and clues about that ? Thanks to your replies and any pointers. /xavier [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Tape Drive,
Hi, I've got an old IBM tape drive. When I connect it in my box, i get (in dmesg): ... Mar 23 10:12:25 yetti /bsd: scsibus0 at ahc0: 16 targets, initiator 7 Mar 23 10:12:25 yetti /bsd: st0 at scsibus0 targ 0 lun 0: 4200, I09X> SCSI2 1/sequential removable Mar 23 10:12:25 yetti /bsd: cd0 at scsibus0 targ 1 lun 0: CDRM00203 !K, RZ28> SCSI2 5/cdrom removable ... If I feed an tape inside, drive rewind it and after when i trying to access that drive (via mt(1) command or dump(8)) i get (in dmesg): ... st0(ahc0:0:0): Check Condition (error 0x70) on opcode 0x15 SENSE KEY: Illegal Request ASC/ASCQ: End-Of-Partition/Medium Detected st0: cannot set selected mode ... I've bad knowledge about scsi, maybe it's stupid Have You any idea ? Thanks Milan Prihoda
pf dynamic firewall for web portal ?
Hello, I implemented a OpenBSD solution for a soekris appliance. My problem is that I have a web portal there and I need a new pass rule for each client IP authenticating. Actually this was easy to do with linux iptables, but how to do it with PF ? Actually all the PF rules are into a file, and can be read from file. This is fare to be a dynamic system. Rules must first be deleted fomr file and then reloaded with pfctl. My problem is, how can I Remove a single PF rule without modifying a text file and realoading all the rules ? thanks Rick
Re: spamd handling multiple sending servers
--- Mikel Lindsaar [Mon, Mar 23, 2009 at 06:59:03PM +1100]: --- > Hi all, > > New user to spamd, love it. > > In getting our low traffic email server running, the first thing I > noticed while following the logs that sites like gmail et al will > retry a message from a different host. Sometimes gmail will send > once, try again very soon again from the same host and then queue it, > but the queued email might be sent by a different server. check greylisting.org. there's a list of ``misbehaving mailers'' you can consider starting with. you'll need to create whitelists for these addresses to shunt them around spamd. note that this list calls it's contents ``misbehaving mailers''. some of these addresses may be just that, while others may be ranges that use pools of ip addresses for sending mail. there was once a script that was posted here that basically takes the output of a site's SPF records and creates pf tables to be used as a whitelist: dig TXT _spf.google.com. +short for example. now anytime i see a domain i know i've heard from before, i suspect a round-robining smtp send pool and just query that SPF record to create a whitelist entry for it.
Re: spamd handling multiple sending servers
On 2009-03-23, Mikel Lindsaar wrote: > In getting our low traffic email server running, the first thing I > noticed while following the logs that sites like gmail et al will > retry a message from a different host. Sometimes gmail will send > once, try again very soon again from the same host and then queue it, > but the queued email might be sent by a different server. I sometimes find this a problem when running spamd at low-to-medium volume sites. (I use postgrey instead for those, which only looks at the first 24 bits of the sender's IP address by default). > Has anyone looked at using the message ID in deciding to whitelist a > host? ie, track the hosts by IP address, but if a previously > greylisted host has sent message id 1234 and another host tries to > redeliver 1234 within the passtime requirements, whitelist both? > > Obviously it would be an optional flag, but it seems the likely hood > of some spam bot being able to guess the message id and who has just > sent you a message to bypass this would be low. Far too easily defeated. People would just base the message-id on the HELO/from/to addresses...
Re: Parallel build in ports - make -j4
On 2009-03-23, Pedro de Oliveira wrote: > Thanks for that, it worked! > > I added the following to my root .profile: > export PARALLEL_BUILD=Yes > export MAKE_JOBS=4 N.B. this does not work with all ports. If you're building a number of ports at the same time and want to do these in parallel, look at /usr/ports/infrastructure/build/dpb, which normally runs one build job per cpu in the system (and takes care of dependencies etc).
Re: Parallel build in ports - make -j4
Thanks for that, it worked! I added the following to my root .profile: export PARALLEL_BUILD=Yes export MAKE_JOBS=4 Someone should add this to bsd.port.mk(5). Regards, Pedro de Oliveira On Sun, Mar 22, 2009 at 2:34 PM, Pedro de Oliveira wrote: > Hello, > > I was wondering if there's any way to use make -j4 when building ports from > source? Any obscure option on mk.conf? > > Currently if I run on a port, for example: make -j4 install it just uses one > thread on the makefile of the port. > > Is there any way to pass the "-j4" option to make command inside the port? > > My guess is you want to use the MAKE_JOBS environment variable. Take a look in bsd.port.mk -- Jason
Re: might be slightly OT: `probability in PF'
On Mon, Mar 23, 2009 at 4:27 PM, Stephan A. Rickauer wrote: > On Sat, 2009-03-21 at 12:14 +0100, Henning Brauer wrote: >> * jmc [2009-03-11 15:05]: >> > so anyway, how are _you_ using probability? >> >> it's high on my list of useless features in pf I'd rather remove. >> if anybody is actually using it, I'd like to hear about it. > > Once in a while a re-spot this 'feature' in the man pages and find it > very cool. But then I can't come up with any idea of how to use it > sanely. Could that be a case of 'uselessness'? ;) > > (never had to simulate bad lines so far, have enough of real ones) > Artur's use of throwing a spanner into the works of anybody who has been blacklisted seems like a very good use case. I would use it that way too. As opposed to outright blocking ("100%"), or outright dropping, it makes it harder for them to think that they have been found out. If you drop or block outright, that just means that they will simply jump onto another different ip. I imagine they would call up their own ISP, do network troubleshooting, blah blah, before they conclude that it is you that is really causing the problem. -jf -- In the meantime, here is your PSA: "It's so hard to write a graphics driver that open-sourcing it would not help." -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
Re: intel 5400 chipset support, was: Re: raidframe and hotplugd on 4.4
On Sun, 22 Mar 2009, Toni Mueller wrote: Hi, [ hijacking my own thread in order to avoid posting the dmesg twice... ] I tried to enable AHCI mode on this computer with the intel 5400 chipset on board. This resulted in the kernel not finding the disks, after they were registered fine with the BIOS. So I thought, I'd peek at the disks using the CD, but running bsd.rd caused a hard crash which required me to press the reset button. This is the error message that I got (typed from a blurred image): ... isa0 at mainbus0 com0 at isa0 port 0x3f8/0 irq4: ns8240, .. fifo Not that I would be able to help with this, just note that these two lines are very different from the dmesg you posted previously. My guess is you should prepare yourself for retyping the full dmesg. In addition to that, "ns8240" must be a typo. Regards, David
Re: might be slightly OT: `probability in PF'
On Sat, 2009-03-21 at 12:14 +0100, Henning Brauer wrote: > * jmc [2009-03-11 15:05]: > > so anyway, how are _you_ using probability? > > it's high on my list of useless features in pf I'd rather remove. > if anybody is actually using it, I'd like to hear about it. Once in a while a re-spot this 'feature' in the man pages and find it very cool. But then I can't come up with any idea of how to use it sanely. Could that be a case of 'uselessness'? ;) (never had to simulate bad lines so far, have enough of real ones)
Re: spamd handling multiple sending servers
Hi, On Mon, 2009-03-23 at 18:59 +1100, Mikel Lindsaar wrote: > I understand that spamd is tracking messages based on sender, receiver > and IP address, and then this can cause the problem. Spamd doesn't 'track messages'. All it does is to store a tupal of sender, recipient and IP address and quits the smtp dialog as soon as the sender enters the DATA phase. No time for reading anything like the message ID or other stuff of the email since the connection is aborted ways earlier. Cheers, Stephan -- --- StarTek - secure by design Tel ++41 44 500 111-0 Postfach 19 Fax ++41 44 500 111-2 CH-8118 Pfaffhausen/ZH Web http://startek.ch RSA public key for email: http://startek.ch/people/star/key ---
spamd handling multiple sending servers
Hi all, New user to spamd, love it. In getting our low traffic email server running, the first thing I noticed while following the logs that sites like gmail et al will retry a message from a different host. Sometimes gmail will send once, try again very soon again from the same host and then queue it, but the queued email might be sent by a different server. I understand that spamd is tracking messages based on sender, receiver and IP address, and then this can cause the problem. Has anyone looked at using the message ID in deciding to whitelist a host? ie, track the hosts by IP address, but if a previously greylisted host has sent message id 1234 and another host tries to redeliver 1234 within the passtime requirements, whitelist both? Obviously it would be an optional flag, but it seems the likely hood of some spam bot being able to guess the message id and who has just sent you a message to bypass this would be low. Open to ideas and if it is already on the cards great, if not, willing to look into the source myself. Mikel