Re: Apache Firefox and Ogg Theora (Byte-range requests)
On Wed, Feb 17, 2010 at 02:04:03AM +, Stuart Henderson wrote: On 2010-02-16, trustlevel-...@yahoo.co.uk trustlevel-...@yahoo.co.uk wrote: I've seen examples of earlier versions than Apache 1.3.29 said to be working with byte-range requests, has anyone got the byte range requests to work with openbsd without using php code or know how this can be done or if it works by default. sorry, it's broken, maybe someone who uses base httpd and has some spare time might like to look into fixing it... http://permalink.gmane.org/gmane.os.openbsd.misc/169541 This appears to be due to the format of the string being passed to strtonum(). ap_strtol() was tolerant of it. It's being passed the string from the Range: header. For example, the following valid request (taken directly from sniffing a wget session). GET /testfile HTTP/1.0 Range: bytes=300417024- This ends up following the code path of the first strtonum() call around line 159 in http_protocol.c in the parse_byterange() function. The string passed to strtonum to convert (r-range) not only contains the number from the header, but the trailing dash (300417024-), which strtonum does not like. As strtonum fails, the start offset is set to 0. This bug should be present on a 64-bit arch as well.
Re: OpenBGP filter question
On 12.2.2010 P3. 11:10, Stuart Henderson wrote: On 2010-02-11, Ivo Chutkinopen...@bgone.net wrote: match to $my_upstream_1 source-as {some_as} set prepend-self 4 I would like to prepend my as to make as path longer for some_as trough my_upstream_1 and make it to prefer path trough my_upstream_2. It does not produce error with bgpd-n but there is no effect as well. Are you certain it has no effect (and how?) - you can't rely on AS path prepending to change how traffic flows, if someone gives you a higher localpref they'll use that path irrespective of the path length. Hi Stuart, I am certain as I don't see my prepend on some_as looking glass. The actual filter looks like this without the comment: match to $spnet_bg #(AS8717) sourse_as 9070 set prepend-seff 4 and this is what I see on 9070 looking glass: This filter affects prefixes you send to the peer, and only those with source_as 9070. Unless you are providing transit for 9070 you won't be sending anything to 34224 that matches this (and if you are, it wouldn't be a useful thing to do, as 9070 won't accept routes with their own AS in the path). If I understand correctly, you'd like 9070 to see a longer path to you via 34224, but not affect things for other AS that see you via 34224. I think there are just two ways you can do this via prepending 1. ask 34224 to prepend their announcements to 9070. Some providers let you set communities on your prefixes to do this, see e.g. whois -r as3356|more +/ties.acc but many do not. 2. ask 9070 to prepend the paths they receive from 34224. Hi Stuart, hi list, Sorry for being away for so long. You get me correct, that is what I wanted to achieve. The as 9070 is just an example. Obviously it is not the correct way to do it. Thank you for clarifying it for me. Regards, Ivo
Re: PF log parser and dynamic PF rules...
On Wed, Feb 17, 2010 at 07:51:03AM +0100, Per-Olov Sj?holm wrote: On 17 feb 2010, at 02.07, Randal L. Schwartz wrote: Paul == Paul de Weerd we...@weirdnet.nl writes: Paul Jeez... As an asker, you don't really get to decide how or what other Paul people answer, or if they even answer at all. As I snipped off a Usenet group once: Get real! This is a discussion group, not a helpdesk. You post something -- we discuss its implications. If the discussion happens to answer a question you've asked, that's incidental. If you post a question that implies that you've got a problem finding answers to trivial questions in the manual, then it is perfectly reasonable for us to discuss how to do that. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion I have been on this list for many years. Sometimes asking and sometimes helping others. you are wrong http://www.openbsd.org/mail.html --snip-- User questions and answers, general questions --snip-- Answer correctly or don't answer at all. A winning concept in real life as well. ^d Regards /Per-Olov -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x766ED29D5231C0C4 I have been on this list for many years ... and Answer correctly or don't answer at all.. You've been on misc@ for many years and expect correct answers or respectful silence? My goodness, your optimism seems impervious to experience. You've been on misc@ for many years, yell at several developers giving you correct answers and expect to get better support? Interesting approach. Looks like my first post to misc@ was only in 1998 so perhaps I have insufficient experience to opine. Ken
Re: PF log parser and dynamic PF rules...
On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote: :Answer correctly or don't answer at all. It seems to me that people *did* answer correctly. But, their answer was not what you wanted to hear. The answer: don't use port knocking, use a randomized url. https://example.com/64482a3717737695e4dd254a4d57da4f6c0795f3e811e8b12347625fb285.rss Google, Apple, etc use this scheme for webcal access. I strongly doubt your rss feed requires more privacy than people's private calendars. -- Beware of altruism. It is based on self-deception, the root of all evil.
active-active firewall setup
I've setup successfully a pair of 4.7-current obsd load balanced firewall/routers I'd like some clarification on the manual page of carp(4). from carp(4): If IP balancing is being used on a firewall, it is recommended to config- ure the carpnodes in a symmetrical manner. This is achieved by simply using the same carpnodes list on all sides of the firewall. Does the manual mean (A) (fw1-carp0) 1:0,2:100 - 1:100,2:0 (fw2-carp0) (fw1-carp1) 3:0,4:100 - 3:100,4:0 (fw2-carp1) or (B) (fw1-carp0) 1:0,2:100 - 1:0,2:100 (fw2-carp0) (fw1-carp1) 3:0,4:100 - 3:0,4:100 (fw2-carp1) It seems to me that the manual is referring to the (B) pattern. However for me only the (A) pattern works. Just to be sure that I'm not doing something wrong here which works by accident. I'm using ip-stealth. There is a window of time, when one of the firewalls boots, where the Virtual MAC address appears on the switch. When it timeouts (I've set 60 seconds on the switch) it does not appear again and everything works. Is there a way I can prevent this or does it have to do with the switch? It's an HP 2810-48G. There might also be a chance of ip-unicast to work but my inner test client/router has problem with that. The outer interfaces works fine. This way I see 4 VMACs on the switch which stay there (2 of them are mystery cause they do not appear in any of the firewalls). Which setup (unicast vs stealth) do you use for Cisco's and HP switches? And last, how do your firewalls themselves access the internet (cvs updates) or have internal DNS. It seems only one of the two (at the same time) can access the internet (direct) which seems logical. Do you create some sort of access VLAN for DNS? I could do the DNS (internal) that way, but if the obsd take my outer IP then how could both of them access internet? regards, Giannis
Re: network performance problems
On 17. feb. 2010, at 08.47, Claudio Jeker wrote: On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote: On 17/02/10 03:16, FRLinux wrote: Mmmh, you picked my interest here. You mentioned your cisco 6500 but I guess you are going to use only gigabit NICs, so you have no need on the 10gb range? Just asking, not trying to start a war :) Cheers, Steph ps. the cisco crawled when I enabled IOS firewall features (statefull). Firewall interface == $35K come one now... Too much money! The 6500 and 7600 cisco systems are not able to do stateful firewalling in HW and have also issues with stuff like netflow exports. Unless you buy the super expensive line cards. Even the big SUP boards come with a tiny CPU running at the speed of a loongson -- those can be killed with a few Mbps of multicast traffic. -- :wq Claudio Just to balance the anti-cisco viewpoint: If you want to do deep packet stuff in HW, then Cisco offer the FWSM ACE NAM modules for 6500/7600. The SUPs (meant for switching/routing, not FWing) support CoPP (control-plane policing) in HW, which should be configured to prevent abusive traffic hitting the CPU, this (amongst a large list of others) includes high PPS multicast. For example see: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_p aper0900aecd802ca5d6.html /Pete
Re: network performance problems
I'm not an expert in this area, but it looks like OpenBSD can do some parts too and for much more lower price. DHCP snooping From info on Cisco page it looks like simple combination of lists/macros for blocking/allowing certain ports. Tables are possible with OpenBSD too and you can limit flow rate of packets too Dynamic ARP Inspection If I'm not wrong then pf(4) don't operate on this layer, but then good, secure and simple design come to game IP Source Guard sounds like antispoof quick for Unicast Reverse Path Forwarding (URPF) sounds like block in quick from urpf-failed to any # use with care Access Control Lists something like SELinux and similar? It's first thing which every good sysadmin turn off because of unneeded complexity and often bugs too. If I read this : More generally, security ACLs can be used to protect against source address spoofing or to restrict network access to only legitimate sources, networks, and applications. For example, ACLs should be used to deny private address space at the ingress of the Internet and perform some filtering in the campus such that packets can only originate from customer-assigned addresses. ACLs should also be used to deny unused multicast addresses, to prevent multicast DoS attacks. Another interesting example is that of MAC ACLs which could be used to deny packets with invalid IP versions. then I can say that all of this is possible with pf(4) without need for ACL Quality of Service don't know much about this in OpenBSD, but sounds like at least something similar is possible with this http://www.openbsd.org/faq/pf/queueing.html Port security buy HW which is capable to avoid CAM overflow CONTROL PLANE AND MANAGEMENT PLANE PROTECTION some parts looks like possible with pf(4) some not, but as I said this must be confirmed by someone who knows much more Built-In Special-Case CPU Rate Limiters read users' stories and try pf(4) you will see that it can handle DoS very well It's quite long reading, but for me it looks like it's not needed to spend so much money in most cases. On Wed, Feb 17, 2010 at 2:21 PM, Pete Vickers p...@systemnet.no wrote: On 17. feb. 2010, at 08.47, Claudio Jeker wrote: On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote: On 17/02/10 03:16, FRLinux wrote: Mmmh, you picked my interest here. You mentioned your cisco 6500 but I guess you are going to use only gigabit NICs, so you have no need on the 10gb range? Just asking, not trying to start a war :) Cheers, Steph ps. the cisco crawled when I enabled IOS firewall features (statefull). Firewall interface == $35K come one now... Too much money! The 6500 and 7600 cisco systems are not able to do stateful firewalling in HW and have also issues with stuff like netflow exports. Unless you buy the super expensive line cards. Even the big SUP boards come with a tiny CPU running at the speed of a loongson -- those can be killed with a few Mbps of multicast traffic. -- :wq Claudio Just to balance the anti-cisco viewpoint: If you want to do deep packet stuff in HW, then Cisco offer the FWSM ACE NAM modules for 6500/7600. The SUPs (meant for switching/routing, not FWing) support CoPP (control-plane policing) in HW, which should be configured to prevent abusive traffic hitting the CPU, this (amongst a large list of others) includes high PPS multicast. For example see: http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps708/prod_white_p aper0900aecd802ca5d6.html /Pete
Security feed
Hello All, I am a little bit out of subject but please allow me to ask you about feeds of security issues. Thank you
Re: Security feed
On Wed, 17 Feb 2010 20:05:47 +0100 Jean-Francois jfsimon1...@gmail.com wrote: Hello All, I am a little bit out of subject but please allow me to ask you about feeds of security issues. http://www.undeadly.org has it and the errata pages are of course updated. I just have a cron that diffs a local copy of the last errata page with the one on the OpenBSD site and mail myself if it has changed (and then replace the local copy with the new one).
Re: Security feed
On Wed, 17 Feb 2010 20:05 +0100, Jean-Francois jfsimon1...@gmail.com wrote: Hello All, I am a little bit out of subject but please allow me to ask you about feeds of security issues. Thank you I read this page and the links off of it: http://www.openbsd.org/errata.html
How to change pciide to ahci if there is no option for this in BIOS
Hi all, my friend started using of OpenBSD on his server, but he has quite bad perfomance with his disk. Actually it's running under native mode : pciide1 at pci0 dev 31 function 2 Intel 82801EB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 2 int 18 (irq 9) for native-PCI interrupt and there is no chance to switch it to AHCI. So he will install newer BIOS (there is no info about possible new option for it in release notes). So before additional tests it will be ok if it will be possible to switch to AHCI directly. Is there this option? From man page for pciide I can see that it's possible to set some options for some controllers over config so is it possible for AHCI too? Soft updates aren't enabled and I know that it will have impact on performance so he will enable it. Then it's only on AHCI/native, namei cache and combination of all HW involved. ttycd0 wd0 cpu tin tout KB/t t/s MB/s KB/t t/s MB/s us ni sy in id 0 18 0.00 0 0.00 26.55 49 1.27 3 0 3 3 92 0 89 0.00 0 0.00 14.93 214 3.12 13 0 21 14 53 00 0.00 0 0.00 15.54 171 2.60 13 0 11 10 65 00 0.00 0 0.00 15.91 161 2.51 16 0 12 10 62 00 0.00 0 0.00 15.83 168 2.60 17 0 12 8 62 00 0.00 0 0.00 15.87 165 2.56 14 0 14 8 64 0 176 0.00 0 0.00 16.00 199 3.10 14 0 11 11 63 00 0.00 0 0.00 15.84 179 2.77 11 0 14 14 60 00 0.00 0 0.00 15.49 150 2.26 14 0 14 9 62 00 0.00 0 0.00 14.24 130 1.81 13 0 12 5 69 procsmemory pagediskstraps cpu r b wavm fre flt re pi po fr sr cd0 wd0 int sys cs us sy id 0 5 0 19584 414996 508 0 0 0 0 0 0 54 1006 5732 1859 3 5 92 0 5 0 19592 414988 25 0 0 0 0 0 0 116 8059 43686 14876 17 30 53 1 5 0 19592 4149887 0 0 0 0 0 0 0 4384 26122 9199 15 27 57 0 5 0 19592 414956 11 0 0 0 0 0 0 0 4486 26236 9287 17 23 60 1 5 0 19592 414972 34 0 0 0 0 0 0 0 4005 24506 8873 14 16 70 0 5 0 19592 4149887 0 0 0 0 0 0 0 4594 26552 9348 15 21 63 0 5 0 19592 4149487 0 0 0 0 0 0 0 4493 26480 9379 17 23 59 0 5 0 19592 4149487 0 0 0 0 0 0 2 4086 24244 8709 17 19 64 1 5 0 19592 414964 11 0 0 0 0 0 0 0 4096 24023 8595 14 18 67 0 5 0 19592 415012 34 0 0 0 0 0 0 0 4582 26632 9397 19 21 59 OpenBSD 4.7-beta (GENERIC.MP) #409: Sun Feb 7 17:09:00 MST 2010 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error 18memory_size,fixed_disk cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 534806528 (510MB) avail mem = 509517824 (485MB) RTC BIOS diagnostic error 18memory_size,fixed_disk mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/29/04, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf0450 (69 entries) bios0: vendor Dell Computer Corporation version A06 date 09/29/2004 bios0: Dell Computer Corporation OptiPlex GX270 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! acpi0: wakeup devices VBTN(S4) PCI0(S3) USB0(S3) USB1(S3) USB2(S3) USB3(S3) PCI1(S5) MOU_(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) 4 CPU 2.40GHz (GenuineIntel 686-class) 2.40 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PCI1) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: VBTN bios0: ROM list: 0xc/0xa800 0xca800/0x1800! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82865G Host rev 0x02 vga1 at pci0 dev 2 function 0 Intel 82865G Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xe800, size 0x800 inteldrm0 at vga1: apic 2 int 16 (irq 11) drm0 at inteldrm0 uhci0 at pci0 dev 29 function 0 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 Intel 82801EB/ER USB rev 0x02: apic 2 int 19 (irq 10) uhci2 at pci0 dev 29 function 2 Intel 82801EB/ER USB rev 0x02: apic 2 int 18 (irq 9) uhci3 at pci0 dev 29 function 3 Intel 82801EB/ER USB rev 0x02: apic 2 int 16 (irq 11) ehci0 at pci0 dev 29 function 7
OSPFd on Feb 17th 2010 -current Incompatibilities
Hi Misc@, Recently I updated one of my routers into current. We runs OSPFd as an IGP for our network. The update went success, but OSPFd wont get synchronized. On the kernel-updated routers ospfctl sh neig shows: $ ospfctl sh neig ID Pri StateDeadTime Address Iface Uptime on dec 20 kernel routers shows: $ ospfctl sh nei ID Pri StateDeadTime Address Iface Uptime 2ab.cde.fgh.229 1 FULL/DR 00:00:31 2ab.cde.fgh.6vlan6 01w2d21h 2ab.cde.fgh.226 1 DOWN/OTHER 00:36:21 2ab.cde.fgh.3vlan6 - 2ab.cde.fgh.227 1 FULL/BCKUP 00:00:31 2ab.cde.fgh.4vlan6 01w2d21h 2ab.cde.fgh.228 1 2-WAY/OTHER 00:00:31 2ab.cde.fgh.5vlan6 - The router-ids are their loopback interfaces. Below are their configs. --- DEC 20 KERNEL --- $ sudo ospfd -vnf /etc/ospfd.conf Password: password = XX router-id 2ab.cde.fgh.225 fib-update yes rfc1583compat no no redistribute 10.10.10.0/24 no redistribute default redistribute connected spf-delay 1 spf-holdtime 5 area 0.0.0.0 { interface vlan6:2ab.cde.fgh.2 { hello-interval 10 metric 10 retransmit-interval 5 router-dead-time 40 router-priority 1 transmit-delay 1 auth-type crypt auth-md-keyid 1 auth-md 1 XX } } $ ospfctl sh Router ID: 2ab.cde.fgh.225 Uptime: 01w2d22h RFC1583 compatibility flag is disabled SPF delay is 1 sec(s), hold time between two SPFs is 5 sec(s) Number of external LSA(s) 28 Number of areas attached to this router: 1 Area ID: 0.0.0.0 Number of interfaces in this area: 1 Number of fully adjacent neighbors in this area: 1 SPF algorithm executed 293 time(s) Number LSA(s) 18 --- 17 FEB KERNEL --- $ sudo ospfd -vnf /etc/ospfd.conf Password: password = XX router-id 2ab.cde.fgh.226 fib-update yes rfc1583compat no no redistribute 10.10.10.0/24 no redistribute default redistribute connected spf-delay msec 1000 spf-holdtime msec 5000 area 0.0.0.0 { interface vlan6:2ab.cde.fgh.3 { metric 10 retransmit-interval 5 router-dead-time 40 hello-interval 10 router-priority 1 transmit-delay 1 auth-type crypt auth-md-keyid 1 auth-md 1 XX } } $ ospfctl sh Router ID: 2ab.cde.fgh.226 Uptime: 00:40:28 RFC1583 compatibility flag is disabled SPF delay is 1000 msec(s), hold time between two SPFs is 5000 msec(s) Number of external LSA(s) 7 Number of areas attached to this router: 1 Area ID: 0.0.0.0 Number of interfaces in this area: 1 Number of fully adjacent neighbors in this area: 0 SPF algorithm executed 3 time(s) Number LSA(s) 1 Thanks, Insan Praja SW -- insandotpraja(at)gmaildotcom
Re: Security feed
If you're set on a rss feed: http://page2rss.com/rss/ba0de3240eb2c00c09f20d963c4a9067 On Wed, Feb 17, 2010 at 02:57:38PM -0500, Brad Tilley wrote: On Wed, 17 Feb 2010 20:05 +0100, Jean-Francois jfsimon1...@gmail.com wrote: Hello All, I am a little bit out of subject but please allow me to ask you about feeds of security issues. Thank you I read this page and the links off of it: http://www.openbsd.org/errata.html -- Jim
Re: PF log parser and dynamic PF rules...
On 17 feb 2010, at 12.38, Peter Hessler wrote: On 2010 Feb 17 (Wed) at 07:51:03 +0100 (+0100), Per-Olov Sjvholm wrote: :Answer correctly or don't answer at all. It seems to me that people *did* answer correctly. But, their answer was not what you wanted to hear. The answer: don't use port knocking, use a randomized url. https://example.com/64482a3717737695e4dd254a4d57da4f6c0795f3e811e8b12347625fb 285.rss Google, Apple, etc use this scheme for webcal access. I strongly doubt your rss feed requires more privacy than people's private calendars. -- Beware of altruism. It is based on self-deception, the root of all evil. I know what I am doing and it's a simple test. A production environment will for sure be more secured. As said. I _very_ much appreciate if people give their opinion _and_ an answer to the actual question if the person know how to do what I ask for. But what I don't like about it is that some just reply to tell it's done wrong, even though they don not know the context and the tradeoffs that have been made and why. Professional people could nicely tell their opinion and a hint to my question IF they have any clue. If they think I should have provided more info, they could say so I am a member of a few helicopter forums, some Dreambox HTPC forums (TuxBOX), a bunch of Linux forums (i.e many different kind of forums). Nowehere they hack at each other like they do at the OpenBSD lists. This is the only sad thing about OpenBSD, the mailinglist. Therefor I don't use it as much as before. A few of my developer friends share this sadness with me. You are right, Peter. My rss feed does not require more privacy (at this stage) than private google calendars. However there are a few problems with randomized urls that I simply want to spend time on later. This as I at this stage just want to sell in the idea with a test containing less important data and therefor use less work. A prod environment will be more secured to fulfill the security policies etc. Tnx to the people who contributed with something. This thread is closed for me now /Per-Olov -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4 GPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x766ED29D5231C0C4
Cursos intensivos
IAPSA Instituto Argentino de Psicologma Aplicada Si no se muestra correctamente el contenido del mensaje (por ejemplo, si los acentos estan sustituidos por otros smmbolos) puede ver la informacisn aqum: www.iapsa.org Modificacisn de la conducta: qui es y csmo aplicarla. Msdulo I Dictado por: Lic. Eduardo Iyaca (psicslogo) Sabado 13 de marzo, de 9 a 18 horas Jornada de 8 horas, dividida en dos bloques, con una hora de receso. Lugar: Ciudad de Buenos Aires Costo del msdulo: $230 (por inscripcisn conjunta de dos o mas personas el costo baja a $200 por persona) Informes e inscripcisn: ia...@iapsa.org o TE 4863-3853 Este curso esta dirigido a psicslogos, psicopedagogos, terapistas ocupacionales, maestros integradores, acompaqantes terapiuticos, midicos. La modificacisn de conducta es un enfoque que se ha mostrado ztil en los ambitos mas diversos. El objetivo de este curso es enseqar los principios y procedimientos de la modificacisn de conducta, ilustrados con ejemplos y aplicaciones. Se enseqaran los conceptos tesricos y las ticnicas correspondientes para observar y registrar situaciones, y para diseqar, implementar y evaluar programas comportamentales. Se proponen ejercicios de aplicacisn para el analisis de situaciones, y para el diseqo y puesta en practica de programas de modificacisn de conducta, con el fin de que los profesionales interesados desarrollen habilidades ztiles para mejorar deficiencias y excesos comportamentales en una gran variedad de poblaciones y ambientes Ver mas informacisn Se entregaran certificados de asistencia Informes e inscripcisn: ia...@iapsa.org o TE 4863 3853 Intoduccisn al tratamiento cognitivo conductual de la obesidad Dirigido a: psicslgos, nutricionistas, midicos. Dictado por: Lic. Mariana Elmasian (psicsloga) Sabado 20 de marzo, de 9 a 13 horas Lugar: Ciudad de Buenos Aires Costo: $130 (por inscripcisn conjunta de dos o mas personas el costo baja a $110 por persona) Informes e inscripcisn: ia...@iapsa.org o TE 4863-3853 La obesidad constituye un fensmeno complejo que afecta a gran parte de la poblacisn y cuya prevalencia va en aumento. Sus causas incluyen variables biolsgicas, psicolsgicas y sociales que se articulan de diversas formas en cada sujeto, por lo que para su abordaje sptimo es necesario el trabajo interdisciplinario. En esta jornada abordaremos de modo introductorio la perspectiva psicolsgica y presentaremos ticnicas de intervencisn cognitivo conductual. Se entregaran certificados de asistencia Ver mas informacisn - IAPSA - Instituto Argentino de Psicologma Aplicada www.iapsa.org | ia...@iapsa.org Si no desea seguir recibiendo este boletmn puede desuscribirse automaticamente enviando un mensaje con la palabra desuscribir en el asunto a desuscri...@iapsa.org
Re: OSPFd on Feb 17th 2010 -current Incompatibilities
On 2010-02-17, Insan Praja SW insan.pr...@gmail.com wrote: On the kernel-updated routers ospfctl sh neig shows: kernel-updated routers - you did update kernel and binaries in-sync, right??
Re: OSPFd on Feb 17th 2010 -current Incompatibilities
On Thu, Feb 18, 2010 at 03:03:34AM +0700, Insan Praja SW wrote: Hi Misc@, Recently I updated one of my routers into current. We runs OSPFd as an IGP for our network. The update went success, but OSPFd wont get synchronized. On the kernel-updated routers ospfctl sh neig shows: $ ospfctl sh neig ID Pri StateDeadTime Address Iface Uptime on dec 20 kernel routers shows: $ ospfctl sh nei ID Pri StateDeadTime Address Iface Uptime 2ab.cde.fgh.229 1 FULL/DR 00:00:31 2ab.cde.fgh.6vlan6 01w2d21h 2ab.cde.fgh.226 1 DOWN/OTHER 00:36:21 2ab.cde.fgh.3vlan6 - 2ab.cde.fgh.227 1 FULL/BCKUP 00:00:31 2ab.cde.fgh.4vlan6 01w2d21h 2ab.cde.fgh.228 1 2-WAY/OTHER 00:00:31 2ab.cde.fgh.5vlan6 - The router-ids are their loopback interfaces. Below are their configs. Did you run ospfd -dvv on the box that is not working? Is there any info in the log? My ospfd's are quite happy at the moment. Few old ones, for non openbsd ones and a few -current ones. -- :wq Claudio
xterm + tmux 256 colors
hi there, i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color $ tput colors 256 but it is not clear to me how can i do step 1. what is the proper way to: 1) Set TERM=screen-256color inside so that applications INSIDE tmux know that it supports 256 colours, you can do this however you like but default-terminal is usually easiest. actually the man page states, somewhat misleadingly, that: The TERM environment variable must be set to ``screen'' for all programs running inside tmux. New windows will automatically have ``TERM=screen'' added to their environment, but care must be taken not to reset this in shell start-up files. what i have done in the end is to put TERM=screen-256color in my .kshrc that is referenced also by .profile's ENV but it doesn't feel 100% right. -f -- there are 10 types of people: those that do binary, and those that don't.
Re: xterm + tmux 256 colors
Here is how I handle this, *make sure you have vim and colorls packages installed, then for your .vimrc do something like this:* syntax on set nocompatible set autoindent set smartindent set tabstop=4 set shiftwidth=4 set showmatch set vb t_vb= set ruler set incsearch set number *put this in your .profile:* # $OpenBSD: dot.profile,v 1.4 2005/02/16 06:56:57 jrecords Exp $ # # sh/ksh initialization alias ls='colorls -G' alias vi=vim PATH=$HOME/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:. export PATH HOME TERM=xterm-256color tmux attach || tmux new #if you don't use vim , this might not really apply but you'll get colors when you type ls, which is probably what you want. Jim On Wed, Feb 17, 2010 at 2:38 PM, frantisek holop min...@obiit.org wrote: hi there, i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color $ tput colors 256 but it is not clear to me how can i do step 1. what is the proper way to: 1) Set TERM=screen-256color inside so that applications INSIDE tmux know that it supports 256 colours, you can do this however you like but default-terminal is usually easiest. actually the man page states, somewhat misleadingly, that: The TERM environment variable must be set to ``screen'' for all programs running inside tmux. New windows will automatically have ``TERM=screen'' added to their environment, but care must be taken not to reset this in shell start-up files. what i have done in the end is to put TERM=screen-256color in my .kshrc that is referenced also by .profile's ENV but it doesn't feel 100% right. -f -- there are 10 types of people: those that do binary, and those that don't.
Re: xterm + tmux 256 colors
On Wed, Feb 17, 2010 at 5:38 PM, frantisek holop min...@obiit.org wrote: i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color It's probably worth noting at this point that the xterm shipped with OpenBSD doesn't support 256 colors.
Re: OSPFd on Feb 17th 2010 -current Incompatibilities
On 2010-02-17, Stuart Henderson s...@spacehopper.org wrote: On 2010-02-17, Insan Praja SW insan.pr...@gmail.com wrote: On the kernel-updated routers ospfctl sh neig shows: kernel-updated routers - you did update kernel and binaries in-sync, right?? spf-delay msec 1000 spf-holdtime msec 5000 ...hmm, yes you did. Anything useful in logs (maybe with verbose)?
Re: xterm + tmux 256 colors
The two common ways are to set default-terminal and not touch TERM elsewhere, or to do something like [ -n $TMUX ] export TERM=screen-256color. in .profile or whatnot. You can do it whichever way you like. On Wed, Feb 17, 2010 at 11:38:22PM +0100, frantisek holop wrote: hi there, i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color $ tput colors 256 but it is not clear to me how can i do step 1. what is the proper way to: 1) Set TERM=screen-256color inside so that applications INSIDE tmux know that it supports 256 colours, you can do this however you like but default-terminal is usually easiest. actually the man page states, somewhat misleadingly, that: The TERM environment variable must be set to ``screen'' for all programs running inside tmux. New windows will automatically have ``TERM=screen'' added to their environment, but care must be taken not to reset this in shell start-up files. what i have done in the end is to put TERM=screen-256color in my .kshrc that is referenced also by .profile's ENV but it doesn't feel 100% right. -f -- there are 10 types of people: those that do binary, and those that don't.
Re: xterm + tmux 256 colors
It's probably worth noting at this point that the xterm shipped with OpenBSD doesn't support 256 colors. it is supported in snapshots after january 13th; it was enabled following nicm's ncurses update: http://www.openbsd.org/cgi-bin/cvsweb/xenocara/app/xterm/xtermcfg.h
Re: xterm + tmux 256 colors
hmm, on Wed, Feb 17, 2010 at 05:58:12PM -0500, Ted Unangst said that On Wed, Feb 17, 2010 at 5:38 PM, frantisek holop min...@obiit.org wrote: i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color It's probably worth noting at this point that the xterm shipped with OpenBSD doesn't support 256 colors. maybe technically it's not all of the 256, but i get the same pallette image that is here: http://frexx.de/xterm-256-notes/ $ perl 256colors2.pl -f -- bungee diving - living it up when you're going down!
Re: xterm + tmux 256 colors
On Wed, Feb 17, 2010 at 5:58 PM, Ted Unangst ted.unan...@gmail.com wrote: It's probably worth noting at this point that the xterm shipped with OpenBSD doesn't support 256 colors. Oh never mind, I missed a commit. If you're running current, you do get 256 colors.
Re: xterm + tmux 256 colors
On Wed, Feb 17, 2010 at 5:58 PM, Ted Unangst ted.unan...@gmail.com wrote: On Wed, Feb 17, 2010 at 5:38 PM, frantisek holop min...@obiit.org wrote: i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color It's probably worth noting at this point that the xterm shipped with OpenBSD doesn't support 256 colors. Really? I was hoping in light of the following, OpenBSD now supported it: http://marc.info/?l=openbsd-cvsm=126339496810703w=2 After seeing that I was hoping to play around with this eventually. -Ryan
Re: xterm + tmux 256 colors
On Wed, Feb 17, 2010 at 6:17 PM, Ted Unangst ted.unan...@gmail.com wrote: Nice catch, I missed that. I know getting 256 color support working requires touching a few things. I don't know if that commit says it now works or simply it's one step closer So ya, I was really asking. :)
Re: xterm + tmux 256 colors
On Wed, 17 Feb 2010 23:38:22 +0100 frantisek holop min...@obiit.org wrote: i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color $ tput colors 256 xenocara does *NOT* compile xterm with 256 color support. Well, at least it had to be recompiled manually in 4.5 when I last tested it. -jcr
Installer caching selections across different installations... how?
I have been installing OpenBSD 4.6 inside a VMWare ESXi 4.0 virtual machine and ran into a strange behavior I can't explain... it seems to cache my installation options between totally unrelated virtual machines. The process goes like this: I create a new 'Typical' virtual machine, select 'Other' as the guest OS and choose 'Other (32-bit)' in the Version pulldown menu. I accept all default settings (256MB ram, 1 vCPU, 8GB disk, etc) and check the Thin Provisioning disk allocation checkbox. I then associate the cd46.iso file (stored on a datastore) with the virtual cdrom drive and boot off of it to begin the installation process, where I specify a local LAN ftp server to fetch the install media from. The install process goes as expected and the virtual machine is running happily along... The thing is, when I create a second brand new virtual machine using the process described above and get to the 'select install media' step, it already has my local ftp server's name populated! As far as I can tell, the only thing in common between the two installation processes is the cd46.iso file. This isn't necessarily bad, I just can't explain why its happening. Two questions: 1) Is anyone else observing this behavior? 2) Can anyone explain why it is occurring?
Re: Installer caching selections across different installations... how?
The install process goes as expected and the virtual machine is running happily along... The thing is, when I create a second brand new virtual machine using the process described above and get to the 'select install media' step, it already has my local ftp server's name populated! As far as I can tell, the only thing in common between the two installation processes is the cd46.iso file. This isn't necessarily bad, I just can't explain why its happening. Two questions: 1) Is anyone else observing this behavior? 2) Can anyone explain why it is occurring? the installer pulls the list of installation mirrors from ftp.openbsd.org and defaults to one that is assumed to be closest to you based on your ip address (using geolocation). at the end of the installation, the mirror you chose (in your case, your local ftp server) is sent back to ftp.openbsd.org so that it will be given to you again the next time, assuming your ip is the same. from distrib/miniroot/install.sh: # If we managed to talk to the ftplist server before, tell it what # location we used... so it can perform magic next time if [[ -s $SERVERLISTALL ]]; then _i= [[ -n $installedfrom ]] _i=install=$installedfrom [[ -n $TZ ]] _i=$_iTZ=$TZ [[ -n $method ]] _i=$_imethod=$method [[ -n $_i ]] ftp $FTPOPTS -a -o - \ http://129.128.5.191/cgi-bin/ftpinstall.cgi?$_i; /dev/null 21 fi because your vmware installations are presumably all coming from the same ip address, you keep receiving your local ftp server as a default.
Re: Installer caching selections across different installations... how?
On Wed, Feb 17, 2010 at 7:45 PM, joshua stein j...@openbsd.org wrote: at the end of the installation, the mirror you chose (in your case, your local ftp server) is sent back to ftp.openbsd.org so that it will be given to you again the next time, assuming your ip is the same. ... because your vmware installations are presumably all coming from the same ip address, you keep receiving your local ftp server as a default. Ah, this definitely makes sense. It is a handy little feature but I am a little surprised the privacy advocates out there in OpenBSD-land didn't cry foul about reporting information back to the mothership like that. (I couldn't find any inside MARC anyway when searching for installer-related posts). Thanks for taking the time, I appreciate the effort. Matt
Re: Jacek Books
On 16 February 2010 12:26, SJP Lists sjp.li...@flashbsd.net wrote: In fact, I have worked in landmark copyright cases for one of the Worlds most successful IP lawyers (and continue to do so). IP lawyers, eh? Exactly what is this IP you speak of? (SCNR.) regards, --ropers
Re: xterm + tmux 256 colors
On Wed, 17 Feb 2010 15:48:42 -0800 J.C. Roberts list-...@designtools.org wrote: On Wed, 17 Feb 2010 23:38:22 +0100 frantisek holop min...@obiit.org wrote: i am trying to make tmux use 256 colors. i have found this: http://www.mail-archive.com/debian-bugs-d...@lists.debian.org/msg707066.html i have done step 2: $ xterm $ echo TERM $ TERM=xterm-256color $ tput colors 256 xenocara does *NOT* compile xterm with 256 color support. Well, at least it had to be recompiled manually in 4.5 when I last tested it. ugh! It seems I missed a commit in January. If you're running -current it's a different story now.
OT: opinions on IDS / IPS solutions
Hi There, As I often have greater respect for a much larger portion of this list than the rest of the internet, I am curious what is thought about current IDS/IPS hardware from vendors like Trustwave, Checkpoint, Alert Logic, mod_security, even snort.. etc, and in particular, the sensibility and effectiveness of using them in high-security environments. From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. Thoughts, suggestions, flames, are all welcome. Thanks. ~Jason
Re: network performance problems
a lot of the features you list below are only useful or usable at the switching layer, and therefore not really fair when compared to what openbsd can do. eg, the dhcp snooping is done on the switches at the client access layer to prevent rouge dhcp servers on an l2 network. unless you put openbsd bridges between each of your client machines and the switch then you cant do that on openbsd. the feature you do list that is worth comparing is the acl stuff. it is true that on cisco gear you can filter packets (emphasis on packets) in hardware, which is extremely fast, however, you can only filter on attributes of each individual packet. if you want to do stateful filtering though (ie, filter streams/flows of packets), then its a completely different story. personally the decision between openbsd and cisco for stateful filtering comes down to three factors: speed, cost, and the quality/usability of the implementation. i find it far easier to manage openbsd boxes, and i really love the features available to me in pf. i guess im biased since i have some code in there now. i havent had the opportunity to do a speed test between a cisco and my current openbsd firewalls, but i would be extremely surprised if the performance of the cisco scaled at the same rate as the price when compared to the openbsd boxes. so to me openbsd wins based on cost vs performance, and on usability and features. i can do 200 or 300k pps on openbsd systems we bought 2 or 3 years ago for about 5 grand. im not sure cisco sell a stateful firewall module for 5 grand. dlg On 18/02/2010, at 12:05 AM, Tomas Bodzar wrote: I'm not an expert in this area, but it looks like OpenBSD can do some parts too and for much more lower price. DHCP snooping From info on Cisco page it looks like simple combination of lists/macros for blocking/allowing certain ports. Tables are possible with OpenBSD too and you can limit flow rate of packets too Dynamic ARP Inspection If I'm not wrong then pf(4) don't operate on this layer, but then good, secure and simple design come to game IP Source Guard sounds like antispoof quick for Unicast Reverse Path Forwarding (URPF) sounds like block in quick from urpf-failed to any# use with care Access Control Lists something like SELinux and similar? It's first thing which every good sysadmin turn off because of unneeded complexity and often bugs too. If I read this : More generally, security ACLs can be used to protect against source address spoofing or to restrict network access to only legitimate sources, networks, and applications. For example, ACLs should be used to deny private address space at the ingress of the Internet and perform some filtering in the campus such that packets can only originate from customer-assigned addresses. ACLs should also be used to deny unused multicast addresses, to prevent multicast DoS attacks. Another interesting example is that of MAC ACLs which could be used to deny packets with invalid IP versions. then I can say that all of this is possible with pf(4) without need for ACL Quality of Service don't know much about this in OpenBSD, but sounds like at least something similar is possible with this http://www.openbsd.org/faq/pf/queueing.html Port security buy HW which is capable to avoid CAM overflow CONTROL PLANE AND MANAGEMENT PLANE PROTECTION some parts looks like possible with pf(4) some not, but as I said this must be confirmed by someone who knows much more Built-In Special-Case CPU Rate Limiters read users' stories and try pf(4) you will see that it can handle DoS very well It's quite long reading, but for me it looks like it's not needed to spend so much money in most cases. On Wed, Feb 17, 2010 at 2:21 PM, Pete Vickers p...@systemnet.no wrote: On 17. feb. 2010, at 08.47, Claudio Jeker wrote: On Wed, Feb 17, 2010 at 03:35:24AM +0200, Kapetanakis Giannis wrote: On 17/02/10 03:16, FRLinux wrote: Mmmh, you picked my interest here. You mentioned your cisco 6500 but I guess you are going to use only gigabit NICs, so you have no need on the 10gb range? Just asking, not trying to start a war :) Cheers, Steph ps. the cisco crawled when I enabled IOS firewall features (statefull). Firewall interface == $35K come one now... Too much money! The 6500 and 7600 cisco systems are not able to do stateful firewalling in HW and have also issues with stuff like netflow exports. Unless you buy the super expensive line cards. Even the big SUP boards come with a tiny CPU running at the speed of a loongson -- those can be killed with a few Mbps of multicast traffic. -- :wq Claudio Just to balance the anti-cisco viewpoint: If you want to do deep packet stuff in HW, then Cisco offer the FWSM ACE NAM modules for 6500/7600. The SUPs (meant for switching/routing, not FWing) support CoPP (control-plane policing) in HW, which should be configured to prevent abusive traffic hitting the CPU, this
Re: OT: opinions on IDS / IPS solutions
On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin jasonbeaud...@gmail.com wrote: From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. I agree with you. High rates of false positives, but fairly low rates of false negatives. Once the care and feeding is taken care of (turning off everything and gradually fine tuning to your current traffic helps), they're useful for alerting against unusual traffic leaving your network; not so much against automated attacks coming in the network. My own deployments are specifically to monitor for odd outbound traffic from my office. It's a rapid way to find out about the latest trojan, worm, or other infection my users have brought in on their laptops. That said, the usefulness of an IDP is specifically preventing most automated and known attacks from passing in to your network. By using one of the commercial systems, you gain support, tuning, and the fact that you don't have to spend as much time with the care and feeding or writing/testing new rulesets against your current version. As a compliance feature, I've found most administrators put them in place and promptly turn the reporting off due to the high rate of false positives reducing the signal from the noise. jb
Re: OT: opinions on IDS / IPS solutions
Don't bypass Snort because PFSense package makes it so easy to install and configure. A a one-click install of Snort and the only thing left to do was register and select what you want it to do. Mehma === On Wed, Feb 17, 2010 at 8:28 PM, Johan Beisser j...@caustic.org wrote: On Wed, Feb 17, 2010 at 7:59 PM, Jason Beaudoin jasonbeaud...@gmail.com wrote: From a compliance perspective, I don't have much choice. From the costs, infrastructure, and administrative perspectives, I am currently evaluating whether or not I should be leaning towards and IDS or IPS solution, and of course which system/vendor. My understanding is that something like snort requires a fair bit of maintenance and IT-attention, the trade-off being cost, so I am leaning away from this. Between detection and prevention, preventing break-ins seems a bit sillier than trying to actively monitor what's going on and to then look for threats, so this pushes me more towards IDS over IPS. I agree with you. High rates of false positives, but fairly low rates of false negatives. Once the care and feeding is taken care of (turning off everything and gradually fine tuning to your current traffic helps), they're useful for alerting against unusual traffic leaving your network; not so much against automated attacks coming in the network. My own deployments are specifically to monitor for odd outbound traffic from my office. It's a rapid way to find out about the latest trojan, worm, or other infection my users have brought in on their laptops. That said, the usefulness of an IDP is specifically preventing most automated and known attacks from passing in to your network. By using one of the commercial systems, you gain support, tuning, and the fact that you don't have to spend as much time with the care and feeding or writing/testing new rulesets against your current version. As a compliance feature, I've found most administrators put them in place and promptly turn the reporting off due to the high rate of false positives reducing the signal from the noise. jb
Re: Jacek Books
By posting regarding this situation, possibly it will help others from being swindled. I paid for the Firewall Book, and as stated, did receive a few PDF's, but that's it, no paper copy. Going through PayPal is is waste of time, as their time limits have been exceeded many times over (my purchase was Feb 13, 2009) for filing a complaint, unless I'm mistaken. When someone is ripping others off left and right, who gives a hang about copyrights ? Were I not honest, I surely wouldn't; I'd get what I paid for any way I could. Alas, I guess I just lost out, as it's evident from the site that business is in full swing and payment is being accepted by 2 methods. I guess I should have also noted that Artymiak was a Non-verified US vendor on PayPal. Live and learn I guess, at times the very hard way. I really expected much more from Artymiak. On 2/15/2010 2:31 PM, Corey wrote: On 02/15/2010 01:33 PM, open...@e-solutions.re wrote: Im agree with you Aaron, but i bought his books on 14 september 2009, and an other book on 14 october 2009. If you want i can send you my Paypal receipts to prove it. I never received the books. It is a swindle ! nothing else ... And why sell books when nobody to occupies his website? Even if he is ill, it is not a reason (he has to stop selling ebooks) Thank's Report him to PayPal. Depending on the terms of his copyrights, it may not be legal for someone else to send you a copy of his works. And if he is not responding to your personal emails, it is unlikely that posting on this list is going to help any further.
write uhid0 error EIO
hi all, i'm new here :) i have a I/O card in the usb port, can read but can't write uhid0 uname -a: OpenBSD myhost.my.domain 4.6 GENERIC.MP#81 amd64 dmesg: uhidev0 at uhub5 port 2 configuration 1 interface 0 Anchor Chips product 0x7453 rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 uhid0 at uhidev0: input=31, output=21, feature=0 ls -l /dev/uhid0: crw-rw 1 root wheel 62, 0 Feb 12 02:00 /dev/uhid0 user groups: users wheel usbhidctl -vv -f uhid0: report ID=0 usbhidctl: USB_GET_REPORT (probably not supported by device): Input/output error usbhidctl -r -f uhid0: Report descriptor: Collection page=0xffa0 usage=0x00a5 Input size=8 count=1 page=0xffa0 usage=0x00a6, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Input size=8 count=1 page=0xffa0 usage=0x00a7, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 Output size=8 count=1 page=0xffa0 usage=0x00a9, logical range -128..127 End collection Total input size 31 bytes Total output size 21 bytes Total feature size 0 bytes uhid(4): Use read(2) to get data from the device. Data should be read in chunks of the size prescribed by the report descriptor. Use write(2) send data to the device. Data should be written in chunks of the size prescribed by the report descriptor. read uhid0 is OK read.c: #include unistd.h #include fcntl.h #include err.h #define USB_DEV /dev/uhid0 int main(void) { char buff[31]; int fd, ret; fd = open(USB_DEV, O_RDONLY); if (fd == -1) err(1, NULL); ret
Re: Jacek Books
The real point in all of this is that, right or wrong, it doesn't belong on this mailing list. On Wed, Feb 17, 2010 at 10:51:16PM -0600, Bill Dunshie wrote: By posting regarding this situation, possibly it will help others from being swindled. I paid for the Firewall Book, and as stated, did receive a few PDF's, but that's it, no paper copy. Going through PayPal is is waste of time, as their time limits have been exceeded many times over (my purchase was Feb 13, 2009) for filing a complaint, unless I'm mistaken. When someone is ripping others off left and right, who gives a hang about copyrights ? Were I not honest, I surely wouldn't; I'd get what I paid for any way I could. Alas, I guess I just lost out, as it's evident from the site that business is in full swing and payment is being accepted by 2 methods. I guess I should have also noted that Artymiak was a Non-verified US vendor on PayPal. Live and learn I guess, at times the very hard way. I really expected much more from Artymiak. On 2/15/2010 2:31 PM, Corey wrote: On 02/15/2010 01:33 PM, open...@e-solutions.re wrote: Im agree with you Aaron, but i bought his books on 14 september 2009, and an other book on 14 october 2009. If you want i can send you my Paypal receipts to prove it. I never received the books. It is a swindle ! nothing else ... And why sell books when nobody to occupies his website? Even if he is ill, it is not a reason (he has to stop selling ebooks) Thank's Report him to PayPal. Depending on the terms of his copyrights, it may not be legal for someone else to send you a copy of his works. And if he is not responding to your personal emails, it is unlikely that posting on this list is going to help any further.
Re: Apache Firefox and Ogg Theora (Byte-range requests)
This appears to be due to the format of the string being passed to strtonum(). ap_strtol() was tolerant of it. It's being passed the string from the Range: header. For example, the following valid request (taken directly from sniffing a wget session). GET /testfile HTTP/1.0 Range: bytes=300417024- This ends up following the code path of the first strtonum() call around line 159 in http_protocol.c in the parse_byterange() function. The string passed to strtonum to convert (r-range) not only contains the number from the header, but the trailing dash (300417024-), which strtonum does not like. As strtonum fails, the start offset is set to 0. This bug should be present on a 64-bit arch as well. Hi, I broke it when unbreaking support for large files in Content-Length (which would otherwise report 0). I'll have a diff ready soon which fixes that. - pyr.
Re: Strange problem | routing issue
It seems there is a bug in routing with current 4.7 amd64 (build 10 Feb.). I tried i386 and it worked with same configuration and without any issues. Just to make sure I even tried reinstalling the amd64 once again thinking I might have made some mistakes the first time but same results. Following are the dmsegs from both installations. amd64 # dmesg OpenBSD 4.7-beta (GENERIC.MP) #85: Sun Feb 7 17:06:57 MST 2010 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MPmailto: t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3210317824 (3061MB) avail mem = 3117477888 (2973MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xbf79c000 (62 entries) bios0: vendor Dell Inc. version 1.1.4 date 10/30/2009 bios0: Dell Inc. PowerEdge R210 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC SPCR HPET DM__ MCFG WD__ SLIC ERST HEST BERT EINJ TCPA SSDT acpi0: wakeup devices PCI0(S5) USBA(S0) USBB(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2660.41 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 132MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.99 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.98 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu3: 256KB 64b/line 8-way L2 cache cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.99 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu4: 256KB 64b/line 8-way L2 cache cpu5 at mainbus0: apid 3 (application processor) cpu5: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.98 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu5: 256KB 64b/line 8-way L2 cache cpu6 at mainbus0: apid 5 (application processor) cpu6: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.99 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu6: 256KB 64b/line 8-way L2 cache cpu7 at mainbus0: apid 7 (application processor) cpu7: Intel(R) Xeon(R) CPU X3450 @ 2.67GHz, 2659.99 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,C X16,xTPR,NXE,LONG cpu7: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (LYD0) acpiprt2 at acpi0: bus -1 (LYD2) acpiprt3 at acpi0: bus -1 (HVD0) acpiprt4 at acpi0: bus -1 (HVD2) acpiprt5 at acpi0: bus 5 (PEX0) acpiprt6 at acpi0: bus -1 (PEX4) acpiprt7 at acpi0: bus -1 (PEX5) acpiprt8 at acpi0: bus 6 (COMP) acpicpu0 at acpi0: C3, C2, C1 acpicpu1 at acpi0: C3, C2, C1 acpicpu2 at acpi0: C3, C2, C1 acpicpu3 at acpi0: C3, C2, C1 acpicpu4 at acpi0: C3, C2, C1 acpicpu5 at acpi0: C3, C2, C1 acpicpu6 at acpi0: C3, C2, C1 acpicpu7 at acpi0: C3, C2, C1 ipmi at mainbus0 not configured cpu0: unknown i686 model 0x1e, can't get bus clock cpu0: EST: PSS not yet available for this processor pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core DMI rev 0x11 ppb0 at pci0 dev 3 function 0 Intel Core PCIE rev 0x11: apic 0 int 16 (irq 0) pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 IDT 89HPES12N3A rev 0x0e pci2 at ppb1 bus 2 ppb2 at pci2 dev 2 function 0 IDT 89HPES12N3A rev 0x0e pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 QP (82576) rev 0x01: apic 0 int 18 (irq 15), address 00:1b:21:48:66:58 em1 at pci3 dev 0 function 1 Intel PRO/1000 QP (82576) rev 0x01: