INSCRIPCIONES ABIERTAS: CONGRESO NACIONAL PARA SERVIDORES PÚBLICOS
PMS DE MC XICO PRESENTA: Congreso Nacional para Servidores PC:blicos 29-30 De Julio 2010/ MC)xico D.F. PMS CapacitaciC3n Efectiva de MC)xico B. tiene el placer de invitarle a participar en este magno evento . Nuestro congreso cuenta con un exclusivo programa que le brindara herramientas y soluciones efectivas para desarrollar una exitosa carrera en la AdministraciC3n PC:blica. Nuestros reconocidos expositores encabezados por el Dr. Daniel Ramos Torres le presentaran una serie de temC!ticas de suma trascendencia en la administraciC3n pC:blica, ademC!s de proporcionarle valiosos conceptos para que su gestiC3n sea exitosa. Entre los temas a tratar : -CaracterCsticas de los organismos pC:blicos descentralizados. -Disposiciones constitucionales en materia de planeaciC3n, programaciC3n presupuestaciC3n. -Sujetos de la Ley Federal de Transparencia y Acceso a la InformaciC3n PC:blica Gubernamental. -Las Obligaciones Administrativas de los Servidores PC:blicos. Ventajas de asistir a nuestro congreso: Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara estrategias aplicables en su organizaciC3n, y una excelente retroalimentaciC3n con los asistentes de diferentes empresas. B!Promociones Especiales para Grupos! B!Reserve ya!, este mes de Junio precio especial en sus reservaciones. Mayores informes responda este correo electrC3nico con los siguientes datos. Empresa: Nombre: TelC)fono: Email: NC:mero de Interesados: Y en breve le haremos llegar la informaciC3n completa del evento. O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le atenderC! Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS CapacitaciC3n Efectiva de MC)xico S.C. Derechos Reservados. PMS de MC)xico, El logo de PMS de MC)xico son marcas registradas. ADVERTENCIA PMS de MC)xico no cuenta con alianzas estratC)gicas de ningC:n tipo dentro de la Republica Mexicana. NO SE DEJE ENGACAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imC!genes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de MC)xico o bien un usuario le refiriC3 para recibir este boletCn. Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJACONGRESO Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJACONGRESO Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: OT: Australia may allow punitive damages for security vulns
2010/6/22 mark hellewell mark.hellew...@gmail.com: Companies who release IT products with security vulnerabilities should be open to claims for compensation by consumers, apparently. shrug/Doesn't seem like Apple cares. Best Martin
Re: OT: Australia may allow punitive damages for security vulns
Nobody at OpenBSD would claim that they could guarantee that there is no exploit waiting to be found in the OS. They just make better efforts than anybody else to reduce the chances. The errata page shows that they are forever responding to possible problems publically rather than sneakily (or not at all) like some bigger outfits we could name. Yep. Unfortunately intellectual honesty is not the way things go in the cold, real world out there :-( Manuel
Re: OT: Australia may allow punitive damages for security vulns
mark hellewell wrote: http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti on/story-e6frfro0-1225882656490 Companies who release IT products with security vulnerabilities should be open to claims for compensation by consumers, apparently. Illegal to run without antivirus ... disconnection of vulnerable computers. A much needed kick up the arse for software makers or just bat-shit insane? Coming soon... is it really that unreasonable when you compare this treatment to any other physical product e.g. a car? it is only the lack of physicality that makes software differ from other products. when ford sold the pinto with the 'exploding' gas tank, it just paid money out to settle claims after many people were burned to death. although i don't believe there is a precedent for it, possibly until now, many software companies have been doing the same thing: selling crap products that in essence 'explode' and hemorrhage valuable personal data to script kiddies, etc. perhaps the threat of a lawsuit will encourage software development houses to turn out less shite products, in which case the consumer wins. one way to look at the explosion of software development in the past 30-40 years is that it is an industry lacking sufficient regulation and thus a very lucrative area to do business. because there is no regulation you can get some random idiot in whatever country to write your code and there are no repercussions if the code blows up after you sell it someone else, you cannot be held liable for using second-rate labor to build your product.
Re: Intel PRO/1000 QP on Dell R610 and OpenBSD 4.7
Le 18/06/2010 16:43, w...@wootsie.com a icrit : The same issue here - with different hardware - Supermicro X8DTU and it's built-in dual Intel 82576 nics. Running 4.7-patch. Fails to initialize most of the time at boot (always em1), now and then it works (initializes and gets link after boot). em0 rarely fails to initialize, but also rarely negotiates the link. Sounds similar to this bug report? http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6301 First, Hello, I'm new here ;) In this bug report, the card is detected as 82575 while it's a 82576 and the host is running OpenBSD 4.6 amd64 We've ordered some Dell R510 with plenty of card running with 82576 chips (Some Intel ET DualPort Copper, ET QuadPort Copper and even a EF DualPort fiber). I'm pretty sure we'll have the same problem with thoses cards. They are not delivered yet but the goal was to replace some old firewalls and with such a problem it's no gonna be funny ;( We are ready to help/test all patch you guys can deliver since we'll get almost the whole products using 82576 chips (Only the Quad Port Fiber EF will be missing) Somebody knows if this problem only happends on Intel X58/5500/5600 chipsets ? Did somebody tried the i386 version of OpenBSD 4.7 ? Another question, I browsed source code of the freebsd project and it looks like they use a dedicated drivers for the 82575 and 82576 cards aka igb(4). Excuse my newbiness ;) but why is the driver for thoses card integrated inside em(4) in openbsd ? Fred
Re: OT: Australia may allow punitive damages for security vulns
when ford sold the pinto with the 'exploding' gas tank, it just paid money out to settle claims after many people were burned to death. although i don't believe there is a precedent for it, possibly until now, many software companies have been doing the same thing: selling crap products that in essence 'explode' and hemorrhage valuable personal data to script kiddies, etc. If we are to compare the nature of software to a physical product, we need to remember a few things... 1) Proving software to be 100% correct is nearly impossible and in some cases completely impossible. (think halting problem and state space explosion) 2) Physical products often have a calculable degradation curve whereas given consistent conditions, software does not deteriorate in a way that is easily quantifiable. It does degrade under different conditions but see point #1 for another problem. 3) Even the best tested and mathematically proven software (think IBM space shuttle code) has bugs. I forget the exact cost because I don't have the paper nearby but the per line cost of the shuttle code was astronomical! If all software cost as much per line, no one would own a computer, except maybe governments and multi-billionaires. There are other points but I'm sure you get the gist... I'm glad I have a job, even if it means being a high-priced janitor.
Re: OT: Australia may allow punitive damages for security vulns
one way to look at the explosion of software development in the past 30-40 years is that it is an industry lacking sufficient regulation and thus a very lucrative area to do business. because there is no regulation you can get some random idiot in whatever country to write your code and there are no repercussions if the code blows up after you sell it someone else, you cannot be held liable for using second-rate labor to build your product. 3) Even the best tested and mathematically proven software (think IBM space shuttle code) has bugs. I forget the exact cost because I don't have the paper nearby but the per line cost of the shuttle code was astronomical! If all software cost as much per line, no one would own a computer, except maybe governments and multi-billionaires. http://www.jstor.org/pss/1879431
Re: OT: Australia may allow punitive damages for security vulns
Adam M. Dutko wrote: when ford sold the pinto with the 'exploding' gas tank, it just paid money out to settle claims after many people were burned to death. although i don't believe there is a precedent for it, possibly until now, many software companies have been doing the same thing: selling crap products that in essence 'explode' and hemorrhage valuable personal data to script kiddies, etc. If we are to compare the nature of software to a physical product, we need to remember a few things... 1) Proving software to be 100% correct is nearly impossible and in some cases completely impossible. (think halting problem and state space explosion) I disagree with this. How many times a year are motor vehicles recalled? They don't replace the car, they fix it. Why can't defective software get a recall or a hefty fine if they refuse to fix it? This is a major reason I walked away from the paid software world, impossible to pay for quality. 2) Physical products often have a calculable degradation curve whereas given consistent conditions, software does not deteriorate in a way that is easily quantifiable. It does degrade under different conditions but see point #1 for another problem. 3) Even the best tested and mathematically proven software (think IBM space shuttle code) has bugs. I forget the exact cost because I don't have the paper nearby but the per line cost of the shuttle code was astronomical! If all software cost as much per line, no one would own a computer, except maybe governments and multi-billionaires. Almost all physical devices come in models, which the next one usually fixes the defects. Software is very easy to fix the same model. So I see software as much simpler to improve on. There are other points but I'm sure you get the gist... I'm glad I have a job, even if it means being a high-priced janitor.
Re: Any ideas on this crash?
On Mon, Jun 21, 2010 at 03:41:21PM -0400, STeve Andre' wrote: My package builder died this weekend when I couldn't get to it. I may have hardware problems--I'm not sure. Below is the relevent data typed in. Any ideas? This is an i386-current system compiled on June 15th. Thanks, STeve Andre' - ps trace data First bad /: bad dir ino 14 at offset 69632: mangled entry panic: bad dir Says it right there, disk structure corrupted. A fsck run will fix it.
Re: OT: Australia may allow punitive damages for security vulns
one way to look at the explosion of software development in the past 30-40 years is that it is an industry lacking sufficient regulation and thus a very lucrative area to do business. because there is no regulation you can get some random idiot in whatever country to write your code and there are no repercussions if the code blows up after you sell it someone else, you cannot be held liable for using second-rate labor to build your product. 3) Even the best tested and mathematically proven software (think IBM space shuttle code) has bugs. I forget the exact cost because I don't have the paper nearby but the per line cost of the shuttle code was astronomical! If all software cost as much per line, no one would own a computer, except maybe governments and multi-billionaires. http://www.jstor.org/pss/1879431 http://en.wikipedia.org/wiki/The_Market_for_Lemons
Re: OT: Australia may allow punitive damages for security vulns
I disagree with this. How many times a year are motor vehicles recalled? They don't replace the car, they fix it. Why can't defective software get a recall or a hefty fine if they refuse to fix it? This is a major reason I walked away from the paid software world, impossible to pay for quality. Hrm...seems you disagree with your own point. It is nearly impossible to pay for true 100% quality. Almost all physical devices come in models, which the next one usually fixes the defects. Software is very easy to fix the same model. So I see software as much simpler to improve on. That's why there are patches. But, just like physical products, patches can introduce new bugs because they too introduce new execution paths/change behavior. I believe one good approach to improving quality (whether it be real or not) is to reduce functionality. Such a move should reduce code complexity and execution paths. But, afaik code quality and code size are not strongly associated. I'm not making excuses for software. Software is hard which imho is what makes it appealing. I do love the paper Jan mentioned because it highlights the importance of standards bodies. It also highlights the potential use of government organizations to regulate markets, which is what the original article mentions. I won't say which I prefer because you can probably determine that on your own. Good discussion.
Re: OT: Australia may allow punitive damages for security vulns
On Tue, Jun 22, 2010 at 08:44:45AM -0400, Adam M. Dutko wrote: when ford sold the pinto with the 'exploding' gas tank, it just paid money out to settle claims after many people were burned to death. although i don't believe there is a precedent for it, possibly until now, many software companies have been doing the same thing: selling crap products that in essence 'explode' and hemorrhage valuable personal data to script kiddies, etc. If we are to compare the nature of software to a physical product, we need to remember a few things... 1) Proving software to be 100% correct is nearly impossible and in some cases completely impossible. (think halting problem and state space explosion) This is obviously not the intent. The intent is to have software that is reasonably crafted by software engineers. Not some slapped together turd with peanuts from different development teams. 2) Physical products often have a calculable degradation curve whereas given consistent conditions, software does not deteriorate in a way that is easily quantifiable. It does degrade under different conditions but see point #1 for another problem. Not interesting and not even true. Anyone who coded in the old world with lets say threads, knew that going to a newer better faster machine would always result in nice new racing bugs. I won't get into why this happened though. 3) Even the best tested and mathematically proven software (think IBM space shuttle code) has bugs. I forget the exact cost because I don't have the paper nearby but the per line cost of the shuttle code was astronomical! If all software cost as much per line, no one would own a computer, except maybe governments and multi-billionaires. Reasonable quality control is something people shouldn't hope for it should be something people demand. The reason why we have windows the way it is today is that in the early days people didn't put their foot down and said ENOUGH. The rest is history. The reason why Apple is making such big strides with OSX is because they are capitalizing on this general feeling. OSX unlike windows isn't naturally chaotic and Apple does a fine job pretending they are secure. All in all a pretty smart marketing campaign that seems to be paying the bills just fine. Your car runs hundreds of thousands (if not millions) of lines of code. Does it crash all the time? Microsoft spends more money on RD than NASA has to develop a rocket. Are you sure that they should not have been capable of any standard of quality? There are other points but I'm sure you get the gist... I'm glad I have a job, even if it means being a high-priced janitor.
Re: OT: Australia may allow punitive damages for security vulns
This is obviously not the intent. The intent is to have software that is reasonably crafted by software engineers. Not some slapped together turd with peanuts from different development teams. I agree it shouldn't be slapped together but you strike upon an interesting debate... Should developers have to be software engineers and be certified? Or are we OK with the hacker model? I hope you realize I'm not insinuating hacker means crap coder! I tend to think it's a superior model but it's also an evolutionary one, something most people don't have time for. Not interesting and not even true. Anyone who coded in the old world with lets say threads, knew that going to a newer better faster machine would always result in nice new racing bugs. I won't get into why this happened though. Sure, doing things faster doesn't mean it'll be better. Often it just means you'll hit a lock problem quicker than if you went slower. Can you elaborate on what you mean though...what's the equivalent to code rust? API breakage? Windows seems to have maintained crazy backwards compatibility. Not that I'm applauding it because it also means malicious can still run unless other means are leveraged to block it. Reasonable quality control is something people shouldn't hope for it should be something people demand. The reason why we have windows the way it is today is that in the early days people didn't put their foot down and said ENOUGH. The rest is history. I agree that's part of the reason. The reason why Apple is making such big strides with OSX is because they are capitalizing on this general feeling. OSX unlike windows isn't naturally chaotic and Apple does a fine job pretending they are secure. All in all a pretty smart marketing campaign that seems to be paying the bills just fine. Yes, until the other shoe drops. Your car runs hundreds of thousands (if not millions) of lines of code. Does it crash all the time? Microsoft spends more money on RD than NASA has to develop a rocket. Are you sure that they should not have been capable of any standard of quality? Not all the time, but there are many documented cases, not the least of which being the current popular hybrid car maker debacle. I've looked up a couple of reports on money spent specifically to improve quality for Microsoft and for NASA. NASA gives us a number at http://www.nasa.gov/pdf/420990main_FY_201_%20Budget_Overview_1_Feb_2010.pdfbut the number I found was specific to a group within NASA not as a whole. If you also count the Air Force space program which is much bigger but is also involved with NASA, the number becomes much larger: http://www.saffm.hq.af.mil/shared/media/document/AFD-100201-050.pdf. Most of the information I found in Microsoft's filing and various news media articles doesn't talk about specific research for quality improvements. They talk about vague concepts. I do believe they're all capable of better quality software, it's just hard and expensive. Each are avoided like the plague in most corporate environments.
Re: Unable to ping routes learnt via BGP (OpenBSD 4.7)
On 22 June 2010 18:55, rh...@hushmail.com wrote: Hello List, I'm sure I'm missing something fairly obvious but don't know where to start. First, forgive my ASCII art : [BSD A] -- [PEER A] ^ | v [BSD B] -- [PEER B] The following works OK : - eBGP - iBGP - Routing to and from machines behind the BSD boxes - Pinging internet routes learnt from either peer from BSD A console The following does not work : - Pinging internet routes learnt from Peer B on BSD B. However it is possible to ping routes learnt from Peer A on BSD B. It is also possible to ping routes learnt from Peer B on BSD B if I use ping with the -I flag and pick a LAN-side interface to ping from. What have I missed ? bgpctl sh nex reports fine, and there are no default routes hiding in output from route -n show. maybe pf related ? did you try to disable it ? You did not provide too much detail so its hard to guess. Did you find any clues in bgpctl show rib/fib ?
openBSD hangs on install
I have a sparc64 t2000+ box and during installation of release 4.7 it hangs while installing the sets. When it hangs it is at a random spot each time. I have tried to install from cd, ftp, http and a local http mirror. All of them fail at some point during the installation of the sets. Any ideas how I can get it to do a full install? -- Jason Wagstaff ~When practicing unconditional acceptance start with your self
Re: openBSD hangs on install
Did you try latest snapshot? Just to be sure that there is not some repair available or that problem is still same. On Tue, Jun 22, 2010 at 7:43 PM, Jason Wagstaff wagsta...@gmail.com wrote: I have a sparc64 t2000+ box and during installation of release 4.7 B it hangs while installing the sets. B When it hangs it is at a random spot each time. B I have tried to install from cd, ftp, http and a local http mirror. B All of them fail at some point during the installation of the sets. B Any ideas how I can get it to do a full install? -- Jason Wagstaff ~When practicing unconditional acceptance start with your self
Re: openBSD hangs on install
On Tue, Jun 22, 2010 at 12:43 PM, Jason Wagstaff wagsta...@gmail.com wrote: I have a sparc64 t2000+ box and during installation of release 4.7 it hangs while installing the sets. When it hangs it is at a random spot each time. I have tried to install from cd, ftp, http and a local http mirror. All of them fail at some point during the installation of the sets. Any ideas how I can get it to do a full install? D'load the install47.iso and burn a bootable disc. From installation guide: install47.iso is an ISO9660 image, containing all the standard install files. This file can be used to create a CD that can do a stand-alone OpenBSD install. -- Jason Wagstaff ~When practicing unconditional acceptance start with your self
Re: OT: Australia may allow punitive damages for security vulns
http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti on/story-e6frfro0-1225882656490 Companies who release IT products with security vulnerabilities should be open to claims for compensation by consumers, apparently. Illegal to run without antivirus ... disconnection of vulnerable computers. A much needed kick up the arse for software makers or just bat-shit insane? Coming soon... australian laws = censorship Imagine if those crazy anti-freedom lawmakers force OpenBSD users to install antiviruses...
Re: openBSD hangs on install
On Tue, Jun 22, 2010 at 12:53 PM, Neal Hogan nealho...@gmail.com wrote: On Tue, Jun 22, 2010 at 12:43 PM, Jason Wagstaff wagsta...@gmail.com wrote: I have a sparc64 t2000+ box and during installation of release 4.7 it hangs while installing the sets. When it hangs it is at a random spot each time. I have tried to install from cd, ftp, http and a local http mirror. All of them fail at some point during the installation of the sets. Any ideas how I can get it to do a full install? D'load the install47.iso and burn a bootable disc. From installation guide: install47.iso is an ISO9660 image, containing all the standard install files. This file can be used to create a CD that can do a stand-alone OpenBSD install. Sorry read/replied too fast. I see that you tried the cd method. -- Jason Wagstaff ~When practicing unconditional acceptance start with your self
Re: OT: Australia may allow punitive damages for security vulns
On Tue, Jun 22, 2010 at 01:23:14PM -0400, Adam M. Dutko wrote: This is obviously not the intent. The intent is to have software that is reasonably crafted by software engineers. Not some slapped together turd with peanuts from different development teams. I agree it shouldn't be slapped together but you strike upon an interesting debate... Should developers have to be software engineers and be certified? Or are we OK with the hacker model? I hope you realize I'm not insinuating hacker means crap coder! I tend to think it's a superior model but it's also an evolutionary one, something most people don't have time for. I don't really believe in tying people down to a certain methodology or process. I am a huge fan of doing things the right way. This obviously means different things for different organizations. There really is no silver bullet for this. That said there are a couple of issues in any development organization that need to be dealt with. What it ultimately comes down to is how well respected quality control is. Quality control is not just verification; it is code style, best practices, unit test etc etc. If it is an afterthought and not taken seriously then your code will suck. You can add process, ISO certification and other BS all day which usually results in disaster because staff doesn't buy into it. And I'll tell you the true success to software development. Good engineers that know their stuff and are willing to work within a framework. This means hiring people and paying them what they are worth. Getting a bunch of kids from college with some degree or another or outsourcing code is a recipe for disaster. If the developers have no vested interest in the success of the code a project will nearly always fail. I have seen some colossal failures over time and they usually start when people become resources. Anyway I can ramble about this for days. Not interesting and not even true. Anyone who coded in the old world with lets say threads, knew that going to a newer better faster machine would always result in nice new racing bugs. I won't get into why this happened though. Sure, doing things faster doesn't mean it'll be better. Often it just means you'll hit a lock problem quicker than if you went slower. Can you elaborate on what you mean though...what's the equivalent to code rust? API breakage? Windows seems to have maintained crazy backwards compatibility. Not that I'm applauding it because it also means malicious can still run unless other means are leveraged to block it. You misunderstood me. I meant in the old days running old code on new machines nearly always meant breakage because it was poorly written at most levels (OS, API, Apps etc) Reasonable quality control is something people shouldn't hope for it should be something people demand. The reason why we have windows the way it is today is that in the early days people didn't put their foot down and said ENOUGH. The rest is history. I agree that's part of the reason. The reason why Apple is making such big strides with OSX is because they are capitalizing on this general feeling. OSX unlike windows isn't naturally chaotic and Apple does a fine job pretending they are secure. All in all a pretty smart marketing campaign that seems to be paying the bills just fine. Yes, until the other shoe drops. Your car runs hundreds of thousands (if not millions) of lines of code. Does it crash all the time? Microsoft spends more money on RD than NASA has to develop a rocket. Are you sure that they should not have been capable of any standard of quality? Not all the time, but there are many documented cases, not the least of which being the current popular hybrid car maker debacle. I've looked up a couple of reports on money spent specifically to improve quality for Microsoft and for NASA. NASA gives us a number at http://www.nasa.gov/pdf/420990main_FY_201_%20Budget_Overview_1_Feb_2010.pdfbut the number I found was specific to a group within NASA not as a whole. If you also count the Air Force space program which is much bigger but is also involved with NASA, the number becomes much larger: http://www.saffm.hq.af.mil/shared/media/document/AFD-100201-050.pdf. Most of the information I found in Microsoft's filing and various news media articles doesn't talk about specific research for quality improvements. They talk about vague concepts. I do believe they're all capable of better quality software, it's just hard and expensive. Each are avoided like the plague in most corporate environments. Microsoft spends $10B on RD. That is nearly the ENTIRE budget of NASA. They are the classic example of organizations that are completely out of control and rely entirely on some process that is good enough. Anyone who has written code that directly interacts with their APIs knows how completely disjoint their
Re: Processeur Atom ?
* E.T ad...@wordpress-fr.fr [2010-06-12 10:56]: why pay 100dollars/month, 1200dollars/yaer for a server ???. because you get what you pay for. maintaining a sane secure reliable data center isn't exactly cheap. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: Processeur Atom ?
* Tomas Bodzar tomas.bod...@gmail.com [2010-06-12 11:55]: See tables with consumption http://www.thinkwiki.org/wiki/Intel_Mobile_Pentium_III-M (especially ultra-low-voltage models). And it's far more powerful then Atom. looking at my PIII-based (yes, kinda the last ones, onethousandtwohundredsomething mhz) storage machines and my atom systems, the more powerful is obvious bullshit. atom performs quite well. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: OT: Australia may allow punitive damages for security vulns
Marco Peereboom wrote: Microsoft spends $10B on RD. That is nearly the ENTIRE budget of NASA. They are the classic example of organizations that are completely out of control and rely entirely on some process that is good enough. Anyone who has written code that directly interacts with their APIs knows how completely disjoint their development teams are. They don't even adhere to the same damn style for functions calls. If you really want to have some fun with that number go figure out where they make their money. Then figure out how much each line of code cost. Pretty baffling stuff. Hmm, a $10B RD donation for OpenBSD. I wonder what could be accomplished with what was left over after the beer was accounted for? :)
Re: Processeur Atom ?
Yes Small webiste personal = server at home big project = datacenter We agree why pay 100dollars/month, 1200dollars/yaer for a server ???. because you get what you pay for. maintaining a sane secure reliable data center isn't exactly cheap. -- @plus
Re: OT: Australia may allow punitive damages for security vulns
One hangover :) On Tue, 22 Jun 2010 13:24:43 -0500, Chris Bennett ch...@bennettconstruction.biz wrote: Marco Peereboom wrote: Microsoft spends $10B on RD. That is nearly the ENTIRE budget of NASA. They are the classic example of organizations that are completely out of control and rely entirely on some process that is good enough. Anyone who has written code that directly interacts with their APIs knows how completely disjoint their development teams are. They don't even adhere to the same damn style for functions calls. If you really want to have some fun with that number go figure out where they make their money. Then figure out how much each line of code cost. Pretty baffling stuff. Hmm, a $10B RD donation for OpenBSD. I wonder what could be accomplished with what was left over after the beer was accounted for? :) -- @plus
Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]
Hello misc, I was wondering if these accusations against OpenBSD were true, I doubt he is lying, maybe he is just not telling the whole truth. http://www.uaoug.org.ua/archive/msg01088.html The first part is irrelevant, Linux may have implemented the sysctl switch before OpenBSD. However, their min_map_addr was set to 0 by default for a long time. Which did lead to vulnerabilities in Linux. hey keep coming up with the same exact innovations others came up with years before them. Their official explanation for where they got the W^X/ASLR ideas was a drunk guy came into their tent at one of their hack-a-thons and started talking about the idea. They had never heard of PaX when we asked them in 2003. I do not wish to begin a troll-like thread, I just want the truth. Regards. Michel Antoine User
Re: Processeur Atom ?
* Nick n...@holland-consulting.net [2010-06-13 18:43]: that might be (I am not convinced tho) with the electricity price in the US, but certainly isn't universal. The calculations are. $/kWh isn't... Cost of money (i.e., interest rate), watts saved (if any), cost of a kWh, initial costs, etc. Plug in your numbers, find out what the ROI is. Add in what your AC costs are (watts in have to be removed, and that's more watts to pump them out). Evaluate results. Going simpler, ignoring cost of money, IF your Atom machine draws 50% of the power of my PIII, my quickie calc indicates you will save 105kWh. If you also have to pay for AC, maybe double that number. should be less than 50% actually, at much better performance. the atoms are surprisingly fast. Granted, ROI (Return on Investment) isn't everything. i would not even remotely consider putting a PIII-era machine into service now. the cost of the hardware (in the case of smallish systems) is irrelevant in the big picture. PIII: old, rusty, reliability questionable, draws more power, adding up - might have to invest in bigger A/C sooner atom: new, reliability way less questionable, has modern interfaces, saves power, is so cool that it'll survive forever even with all fans dead, way faster. heck, the supermicro atoms i buy aren't even cheap. not at all. but with server-class management, very low power consumption etc, they pay out quickly. they even would if they cost twice as much, easily. admittedly, the math is different for home hobby use. Low power rack mount equipment is hard to find now huh? it is easier than ever. analog clamp-on ammeter at the time, but they appeared to draw under 60W. pretty sure my average for new smallish (you know, 1U, reaosnable amount of ram, 1 disk, that style) machines is below that. not idle, but with typical workload. If you want to talk about power savings, get a wattmeter and quit reading glossy sheets of one tiny part of the entire computer system. err, besides a stupid useless wattmeter I have dozens, if not hundreds, of points in my power distribution infratructure where power draw is measured. live, not artificial test runs. The numbers will surprise you. (Fans ALONE on one Dell 1U system draw over 50W at full speed. Hopefully, they aren't at full speed very often. either your measurement is screwed or dell screwed up big time. My PIII system will pump a LOT of data. and still lose compared to a reasonable atom. and for giggles, the dmesg. i forgot the exact power draw of that system, it was very very low. OpenBSD 4.7 (GENERIC.MP) #0: Mon Apr 5 08:50:54 CEST 2010 henn...@terak.bsws.de:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR real mem = 2145595392 (2046MB) avail mem = 2070142976 (1974MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/05/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfd160 (27 entries) bios0: vendor American Megatrends Inc. version 1.0 date 05/05/2009 bios0: Supermicro X7SLA acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC MCFG OEMB HPET acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) EUSB(S4) MC97(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) LAN0(S1) P0P9(S4) LAN1(S1) USB0(S4) USB1(S4) USB2(S4) USB3(S4) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 1, remapped to apid 4 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P2) acpiprt2 at acpi0: bus 4 (P0P1) acpiprt3 at acpi0: bus 1 (P0P4) acpiprt4 at acpi0: bus -1 (P0P5) acpiprt5 at acpi0: bus -1 (P0P6) acpiprt6 at acpi0: bus -1 (P0P7) acpiprt7 at acpi0: bus 2 (P0P8) acpiprt8 at acpi0: bus 3 (P0P9) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at
Re: Processeur Atom ?
* Stuart Henderson s...@spacehopper.org [2010-06-12 23:59]: On 2010-06-12, Henning Brauer lists-open...@bsws.de wrote: * Nick n...@holland-consulting.net [2010-06-11 12:55]: If you want low power consumption and low cost, I'd suggest a small PIII or Celeron based system, hard to beat for the price (usually, free!). IF the new, cool stuff has any real power savings, you are unlikely to ever recoup the initial cost over recycled hardware. that might be (I am not convinced tho) with the electricity price in the US, but certainly isn't universal. Especially the price of electricity in externally owned datacentres (*) - and restrictions on current drawn; there are still places which allow just 4A (@240V) per rack footprint (and 8A/footprint is fairly common). I know of one DC that limits you to 8A per rack (@230V) because the floor would collapse if people filled up their racks... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]
On Tue, Jun 22, 2010 at 7:26 PM, pourl...@hushmail.com wrote: I do not wish to begin a troll-like thread, I just want the truth. yes you do; no you don't. no one cares; please go away.
Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]
Quote from theo : - our kernels have no bugs On Tue, 22 Jun 2010 21:26:18 +0200, pourl...@hushmail.com wrote: Hello misc, I was wondering if these accusations against OpenBSD were true, I doubt he is lying, maybe he is just not telling the whole truth. http://www.uaoug.org.ua/archive/msg01088.html The first part is irrelevant, Linux may have implemented the sysctl switch before OpenBSD. However, their min_map_addr was set to 0 by default for a long time. Which did lead to vulnerabilities in Linux. hey keep coming up with the same exact innovations others came up with years before them. Their official explanation for where they got the W^X/ASLR ideas was a drunk guy came into their tent at one of their hack-a-thons and started talking about the idea. They had never heard of PaX when we asked them in 2003. I do not wish to begin a troll-like thread, I just want the truth. Regards. Michel Antoine User -- @plus
Re: OT: Australia may allow punitive damages for security vulns
On Tue, 22 Jun 2010 12:55:10 -0500 Marco Peereboom sl...@peereboom.us wrote: Getting a bunch of kids from college with some degree or another or outsourcing code is a recipe for disaster. If the developers have no vested interest in the success of the code a project will nearly always fail. And ironically some uk government investment projects are only attainable if you work with these experts and expensive resource hogging managers a.k.a. leaches. Of course, some of them are experts but they're not usually the ones they want you to work with. How come the university acting as proxy, got so much of OpenBSDs DARPA grant? What was the justification?
Re: OT: Australia may allow punitive damages for security vulns
How come the university acting as proxy, got so much of OpenBSDs DARPA grant? What was the justification? Graft, influence trading, and patronage are institutionalized in the relationship between universities, research grants, and the government in the US to roughly the same level as anywhere else in the world. The finances just aren't talked about as much in the US because the people who benefit from it know to keep their mouths shut. Upon the remainder of the population, the other the coin is a very fast growing but hidden inflation. But your media is playing the same game with your government. The word propoganda has fallen out of vogue. Anyways, in that instance the a few University people got around 50% because of their connections, and did nothing except a few bits of paperwork -- except for one grad student (who worked very hard, but was already doing so beforehands). Oh, but the university staff sure worked hard in the last few days trying to steal payments back from openbsd people who were on contract, when the Department of Defence got upset.
Re: Processeur Atom ?
Quoting Henning Brauer lists-open...@bsws.de: * Nick n...@holland-consulting.net [2010-06-13 18:43]: that might be (I am not convinced tho) with the electricity price in the US, but certainly isn't universal. The calculations are. $/kWh isn't... Cost of money (i.e., interest rate), watts saved (if any), cost of a kWh, initial costs, etc. Plug in your numbers, find out what the ROI is. Add in what your AC costs are (watts in have to be removed, and that's more watts to pump them out). Evaluate results. Going simpler, ignoring cost of money, IF your Atom machine draws 50% of the power of my PIII, my quickie calc indicates you will save 105kWh. If you also have to pay for AC, maybe double that number. should be less than 50% actually, at much better performance. the atoms are surprisingly fast. Granted, ROI (Return on Investment) isn't everything. i would not even remotely consider putting a PIII-era machine into service now. the cost of the hardware (in the case of smallish systems) is irrelevant in the big picture. PIII: old, rusty, reliability questionable, draws more power, adding up - might have to invest in bigger A/C sooner atom: new, reliability way less questionable, has modern interfaces, saves power, is so cool that it'll survive forever even with all fans dead, way faster. heck, the supermicro atoms i buy aren't even cheap. not at all. but with server-class management, very low power consumption etc, they pay out quickly. they even would if they cost twice as much, easily. admittedly, the math is different for home hobby use. Low power rack mount equipment is hard to find now huh? it is easier than ever. analog clamp-on ammeter at the time, but they appeared to draw under 60W. pretty sure my average for new smallish (you know, 1U, reaosnable amount of ram, 1 disk, that style) machines is below that. not idle, but with typical workload. If you want to talk about power savings, get a wattmeter and quit reading glossy sheets of one tiny part of the entire computer system. err, besides a stupid useless wattmeter I have dozens, if not hundreds, of points in my power distribution infratructure where power draw is measured. live, not artificial test runs. The numbers will surprise you. (Fans ALONE on one Dell 1U system draw over 50W at full speed. Hopefully, they aren't at full speed very often. either your measurement is screwed or dell screwed up big time. My PIII system will pump a LOT of data. and still lose compared to a reasonable atom. and for giggles, the dmesg. i forgot the exact power draw of that system, it was very very low. OpenBSD 4.7 (GENERIC.MP) #0: Mon Apr 5 08:50:54 CEST 2010 henn...@terak.bsws.de:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: Just one comment on all this. It is very rare for me to have a difference of opinion with you Henning, but I have to comment on P3 equipment. Dell made some incredible Optiplex models that were white, using P3's from 450MHz to about 1.2Ghz. I have several at work in production service, and some of them are 10 years old. The disks aren't, but the machine proper is. They draw more power than an Atom, thats for certain, but they are rock solid, and built FAR better than most things today. Me, I'm the IT department where I work. The calculus of spending more on electricty for systems so stable that they are more likely to die when the power dies is pretty obvious to me. ;-) I've watched everything get bigger, faster and cheaper, but usually at the cost of quality. This includes my ThinkPads, sigh. I've had several conversations where it was admitted that fewer smoothig capicators were used because a bean-counter saw they could save money by using fewer. Boards aren't cleaned any more--I have some great fingerprint samples of several techs from China. For applications were speed really matters my little Dell's lose. But in many respects they are the best servers I've ever had. --STeve Andre'
Re: pfctl: Cannot allocate memory and spamd-setup -bd
On 2010-06-21, Ruy Bento r...@madeira.dyndns.org wrote: spamd_black=YES # set to YES to run spamd without greylisting you don't want blacklist-only mode if you have limited RAM.
Re: Processeur Atom ?
* and...@msu.edu and...@msu.edu [2010-06-23 01:34]: Dell made some incredible Optiplex models that were white, using P3's from 450MHz to about 1.2Ghz. I have several at work in production service, and some of them are 10 years old. heck, I have systems that old in production. the point is - new setups using these just doesn't make sense. heck, at the very same second where I had to change ANYTHING hardware-wise on them, they get replaced. if they don't get replaced anyway. The disks aren't, but the machine proper is. They draw more power than an Atom, thats for certain, but they are rock solid, and built FAR better than most things today. Me, I'm the IT department where I work. The calculus of spending more on electricty for systems so stable that they are more likely to die when the power dies is pretty obvious to me. ;-) as rock solid as they might be, at this age, the likeliness of them dieing anytime soon is growing. fast. I've watched everything get bigger, faster and cheaper, but usually at the cost of quality. This includes my ThinkPads, sigh. I've had several conversations where it was admitted that fewer smoothig capicators were used because a bean-counter saw they could save money by using fewer. Boards aren't cleaned any more--I have some great fingerprint samples of several techs from China. quality is an issue. i can only say that i am very happy with pretty much anything i ever got from supermicro. but then i don't buy the newest and shiniest, ever. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Mailing list headers
Why do the OpenBSD lists have no List-ID header? With the existing set of headers, it's impossible to filter the mail in gmail and other lame mail clients that don't allow arbitrary headers to be entered. I know, the world doesn't revolve around GMail, much as Google might like that to be the case. But in the interest of those of us who use it, could they please be added? Cheers, -- Casey Allen Shobe ca...@shobe.info
Re: openBSD hangs on install
On Tue, Jun 22, 2010 at 12:41 PM, Jason Wagstaff wagsta...@gmail.com wrote: Tomas, Yes it does work with the latest snapshot and the last snapshot before the 4.7 release. It just doesn't work with the released version of 4.7. Sounds similar to what was discussed here: http://www.mail-archive.com/misc@openbsd.org/msg88586.html --patrick It hangs most often during bas47.tgz and comp47.tgz. From the local mirror using http it gets to base47.tgz and never starts the download. bsd 100% |*| 7062 KB00:01 bsd.rd 100% |*| 2385 KB00:00 bsd.mp 100% |*| 7074 KB00:01 base47.tgz 0% | | 0 --:-- ETA -- Jason Wagstaff ~When practicing unconditional acceptance start with your self On Tue, Jun 22, 2010 at 12:52 PM, Tomas Bodzar tomas.bod...@gmail.com wrote: Did you try latest snapshot? Just to be sure that there is not some repair available or that problem is still same. On Tue, Jun 22, 2010 at 7:43 PM, Jason Wagstaff wagsta...@gmail.com wrote: I have a sparc64 t2000+ box and during installation of release 4.7 it hangs while installing the sets. When it hangs it is at a random spot each time. I have tried to install from cd, ftp, http and a local http mirror. All of them fail at some point during the installation of the sets. Any ideas how I can get it to do a full install? -- Jason Wagstaff ~When practicing unconditional acceptance start with your self
Best Practices for tun(4) and gif(4)
I apologize in advance if this subject has been addressed but I was unable to turn up anything from a Google search and the manual pages did not quite yield enough information. IPv6 needs aside, what is the primary difference between tun(4) and gif(4)? When is it preferrable to use gif(4) over tun(4)? Is there any reason why I could not, say, perform IPSEC encryption over a tun(4) tunnel? Thank you in advance, Matt
Re: Mailing list headers
On Tue, Jun 22, 2010 at 5:24 PM, Casey Allen Shobe ca...@shobe.info wrote: Why do the OpenBSD lists have no List-ID header? With the existing set of headers, it's impossible to filter the mail in gmail and other lame mail clients that don't allow arbitrary headers to be entered. I use gmail and I filter on: Matches: to:(misc@openbsd.org) same for ports@, x11@, tech@, etc. It work just fine. --patrick I know, the world doesn't revolve around GMail, much as Google might like that to be the case. But in the interest of those of us who use it, could they please be added? Cheers, -- Casey Allen Shobe ca...@shobe.info
Re: Best Practices for tun(4) and gif(4)
On Tue, Jun 22, 2010 at 08:05:31PM -0700, Matt S wrote: I apologize in advance if this subject has been addressed but I was unable to turn up anything from a Google search and the manual pages did not quite yield enough information. IPv6 needs aside, what is the primary difference between tun(4) and gif(4)? When is it preferrable to use gif(4) over tun(4)? Is there any reason why I could not, say, perform IPSEC encryption over a tun(4) tunnel? Huh? From the man pages: The tun driver provides a network interface pseudo-device. Packets sent to this interface can be read by a userland process and processed as desired. Packets written by the userland process are injected back into the kernel networking subsystem. The gif interface is a generic tunnelling pseudo-device for IPv4 and IPv6. It can tunnel IPv[46] over IPv[46] with behavior mainly based on RFC 1933 IPv6-over-IPv4, for a total of four possible combinations... So tun(4) is a way to get packets to userland while gif is a real tunnel device encapsulating the packets and sending it to a remote tunnel endpoint. The two things are totaly different and yes you could make IPsec in userland over tun(4) but nobody is enough of a masochist to do that. -- :wq Claudio
Re: Mailing list headers
On Tue, Jun 22, 2010 at 10:11 PM, patrick keshishian pkesh...@gmail.com wrote: I use gmail and I filter on: B B B B Matches: to:(misc@openbsd.org) same for ports@, x11@, tech@, etc. It work just fine. --patrick Same here. Works great.
Re: OpenBSD sends RSTs for gratuitous traffic
* LeviaComm Networks NOC n...@leviacomm.net [2010-06-15 08:07]: On 6/13/2010 9:50 PM, Patrick Coleman wrote: For some reason however, on one particular VLAN the switch is erroneously forwarding traffic from a particular host (203.135.184.10) to the OpenBSD box. The traffic is forwarded even when the destination MAC address is not that of the OpenBSD box. So there's something broken on my switch, I need to fix it, fair enough. It would be best if you had a working switch to test with *sigh* sometimes it really is better to just not reply when you don't have any insight to add. his switch being broken or not, we have a bug here. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: pf.conf: match seems to clean up previous log statements.
* william dunand william.dun...@gmail.com [2010-06-14 11:03]: Dear list, I just noticed something strange with pf (4.7) and I wondered if someone could help me to understand it. Let's consider the following simple rule-set: pf.conf set skip on lo0 pass all block out log on bge0 inet proto tcp from any to x.x.x.x port 80 match out on bge0 inet proto tcp from any to x.x.x.x port 80 \pf.conf Then if I just try a simple hping on x.x.x.x on port 80, I expect to see the packet blocked, and logged on pflog0, but I don't see it. If I just add a log to the match rule, then my hping packet will be logged twice on pflog0 (for the block and the match). I observe analog behavior if I replace the block rule by a similar pass rule. So it seems impossible to log specific traffic if this traffic is matched somewhere by a simple match rule, one would need to add the log directive to the latter, which might of course not be desirable. Is this the expected behavior, or is there something I am overlooking? that would be a bug, by yours truly. i think i already saw you sendbug'ing it, if it is not yet sendbug'd please do, i plan to go over the pf related PR entries soonish. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: pf.conf: match seems to clean up previous log statements.
* Stuart Henderson s...@spacehopper.org [2010-06-15 13:00]: That relates to logging only. 'match log' is special as it is handled immediately when the match rule is processed. you wish. i wish. that is what it should be, but we didn't get this changed to that yet. i know of at least two little bugs with logging after match entered the game (since match changes some things fundamentally) -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: Best Practices for tun(4) and gif(4)
Claudio, Thank you for clarifying that. I somehow missed that tidbit. On Tue, Jun 22, 2010 at 9:11 PM, Claudio Jeker cje...@diehard.n-r-g.comwrote: On Tue, Jun 22, 2010 at 08:05:31PM -0700, Matt S wrote: I apologize in advance if this subject has been addressed but I was unable to turn up anything from a Google search and the manual pages did not quite yield enough information. IPv6 needs aside, what is the primary difference between tun(4) and gif(4)? When is it preferrable to use gif(4) over tun(4)? Is there any reason why I could not, say, perform IPSEC encryption over a tun(4) tunnel? Huh? From the man pages: The tun driver provides a network interface pseudo-device. Packets sent to this interface can be read by a userland process and processed as desired. Packets written by the userland process are injected back into the kernel networking subsystem. The gif interface is a generic tunnelling pseudo-device for IPv4 and IPv6. It can tunnel IPv[46] over IPv[46] with behavior mainly based on RFC 1933 IPv6-over-IPv4, for a total of four possible combinations... So tun(4) is a way to get packets to userland while gif is a real tunnel device encapsulating the packets and sending it to a remote tunnel endpoint. The two things are totaly different and yes you could make IPsec in userland over tun(4) but nobody is enough of a masochist to do that. -- :wq Claudio
Re: Any ideas on this crash?
On Tuesday 22 June 2010 09:20:12 Tobias Ulmer wrote: On Mon, Jun 21, 2010 at 03:41:21PM -0400, STeve Andre' wrote: My package builder died this weekend when I couldn't get to it. I may have hardware problems--I'm not sure. Below is the relevent data typed in. Any ideas? This is an i386-current system compiled on June 15th. Thanks, STeve Andre' - ps trace data First bad /: bad dir ino 14 at offset 69632: mangled entry panic: bad dir Says it right there, disk structure corrupted. A fsck run will fix it. Well, yes, I knew that and fixed it. But in all the time I've used OpenBSD I have never seen this error. Being on -current I wondered if there was something that changed, hence this posting. I've since brought the system up to the latest -current and will see what happens. --STeve Andre'
Re: Mailing list headers
On Tuesday 22 June 2010 11:11:59 pm you wrote: I use gmail and I filter on: Matches: to:(misc@openbsd.org) A mail that is sent to misc@openbsd.org, and CC to my personal address, should have the mailing list copy filtered to my misc folder, and the personal copy deliverede to my inbox. Filtering by To or CC breaks this, hence why proper mailing list filtering is never done using To, CC, or Subject. Cheers, -- Casey Allen Shobe ca...@shobe.info
MIME support for mail
This question is inspired by the recent discussion on nail-devel mailing list http://sourceforge.net/mailarchive/forum.php?forum_name=nail-devel as well as a private discussion Martin, William, and me had, which you can read below. The only reason I personally chose to use nail over mail from the base of OpenBSD is MIME as well as IMAP/POP support. I suspect this is the case with most nail users. IMAP/POP support is not really a big deal and should not be part of the base. It could be easily achieved by fdm for instance http://fdm.sourceforge.net/ On another hand OpenBSD version of mail lacks MIME support which is unfortunately must for me. Yes, I know that MIME functionality can be achieved by MetaMail or Mpack. However it has been brought to my attention that NetBSD version of mail does have such a support. I compared the source files for NetBSD version of mail with OpenBSD version of mail. It appears that MIME functionality has been added to NetBSD mail about two years ago by adding 7 source and 7 header files. The other files look very similar at least in names. How difficult would be to port this functionality from NetBSD version of mail? I guess that this is really the question for Theo and Damien who have the most of recent CVS commits to mail. I apologize for this noise but I am really curios. Best, Predrag Original Message From: William Yodlowsky will...@openbsd.org To: Predrag Punosevac punoseva...@gmail.com Subject: Re: [nail-devel] Request II for 12.5 release Date: Tue, 22 Jun 2010 22:15:15 -0400 On 22 June 2010 at 16:04, Predrag Punosevac punoseva...@gmail.com wrote: Martin Neitzel neit...@gaertner.de wrote: Hi Predrag! [This reply comes a lttle belated and refers actually to a previous email of yours. This is just a small suggestion.] If you are doing the courtesy service of providing nail-tar-balls, I recommend to go the whole mile and provide the diffs between the versions, too. (I.e., the output from cvs patch -u -r R12_3 -r R12_4 . etc.) This is something I greatly miss in the sendmail releases. Not so much for bandwith reasons, but for a quick review what changed and swift security auditing. Creating the diff locally is always possible but a nuisance, in particular if I have already local mods. Hi Martin, I am on the same page with you. The thing is that the official nail port maintainer is William Yodlowsky. Will is really cool guy but also very Thanks. busy so I pushed him in the past buy sending diff for 12.4 release for example. I am going to proceed in the same fashion. I was planning to install current on one of the machines and do exactly what you suggested hopping that he will pick up peaces at po...@openbsd and commit the port. No worries, I lurk on nail-devel. I can look at adding patches to bring the port up to nail's current code, but I was hoping (and waiting) for Gunnar to release 12.5. I wrote about keeping a tarball of nail when I responded in private mail to him, back when the thread started. He didn't care to respond. Admittedly, his lack of action on fixing bugs and nail's crashes on well-formed attachments has led to nail not being my MUA of choice for some time now, so I didn't track changes very closely. I also didn't realize people were using it... There is also another issue. OpenBSD will soon be free of Sendmail. There are two options. One is to alter Makefile so that nail uses native OpenSMTPd. Another one is to introduce Sendmail-static dependency (Sendmail-static is a small statically linked Sendmail used in the chroot environment for instance to deliver massages from your web-server) /usr/sbin/sendmail is ingrained in many places. Even if Sendmail were to be removed, I find it difficult to believe there would be no Sendmail-like message submission.