INSCRIPCIONES ABIERTAS: CONGRESO NACIONAL PARA SERVIDORES PÚBLICOS

[Gabriela Ruiz]

PMS DE MC   XICO PRESENTA: 

Congreso Nacional para Servidores PC:blicos 

29-30 De Julio 2010/ MC)xico D.F.

PMS CapacitaciC3n Efectiva de MC)xico B. tiene el placer de invitarle a
participar en este magno evento . Nuestro congreso cuenta con un
exclusivo programa que le brindara herramientas y soluciones efectivas
para desarrollar una exitosa carrera en la AdministraciC3n PC:blica. 

Nuestros reconocidos expositores encabezados por el Dr. Daniel Ramos
Torres le presentaran una serie de temC!ticas de suma trascendencia en la
administraciC3n pC:blica, ademC!s de proporcionarle valiosos conceptos
para que su gestiC3n sea exitosa.

Entre los temas a tratar :

-CaracterCsticas de los organismos pC:blicos descentralizados. 

-Disposiciones constitucionales en materia de planeaciC3n, programaciC3n
presupuestaciC3n. 

-Sujetos de la Ley Federal de Transparencia y Acceso a la InformaciC3n
PC:blica Gubernamental. 

-Las Obligaciones Administrativas de los Servidores PC:blicos.

Ventajas de asistir a nuestro congreso:

Es la forma mC!s efectiva para mantenerse a la vanguardia, le brindara
estrategias aplicables en su organizaciC3n, y una excelente
retroalimentaciC3n con los asistentes de diferentes empresas.

B!Promociones Especiales para Grupos! 

B!Reserve ya!, este mes de Junio precio especial en sus reservaciones.

Mayores informes responda este correo electrC3nico con los siguientes
datos.

Empresa:

Nombre:

TelC)fono:

Email:

NC:mero de Interesados:

Y en breve le haremos llegar la informaciC3n completa del evento.

O bien comunCquense a nuestros telC)fonos un ejecutivo con gusto le
atenderC!

Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS CapacitaciC3n Efectiva de MC)xico S.C. Derechos
Reservados. PMS de MC)xico, El logo de PMS de MC)xico son marcas
registradas.

ADVERTENCIA PMS de MC)xico no cuenta con alianzas estratC)gicas de
ningC:n tipo dentro de la Republica Mexicana. NO SE DEJE ENGACAR - DIGA
NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imC!genes
son propiedad de sus respectivas corporaciones y se utilizan con fines
informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
MC)xico o bien un usuario le refiriC3 para recibir este boletCn.

Como usuario de Pms de MC)xico, en este acto autoriza de manera expresa
que Pms de MC)xico le puede contactar vCa correo electrC3nico u otros
medios.

Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJACONGRESO

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJACONGRESO Tenga en cuenta que la gestiC3n de nuestras
bases de datos es de suma importancia y no es intenciC3n de la empresa la
inconformidad del receptor.

Re: OT: Australia may allow punitive damages for security vulns

[Martin Schröder]

2010/6/22 mark hellewell mark.hellew...@gmail.com:
 Companies who release IT products with security vulnerabilities
 should be open to claims for compensation by consumers, apparently.

shrug/Doesn't seem like Apple cares.

Best
   Martin

Re: OT: Australia may allow punitive damages for security vulns

[Manuel Ravasio]

 Nobody at OpenBSD would claim that they could guarantee
 that there is no exploit waiting to be found in the OS. 

 They just make better efforts than anybody else to reduce
 the chances.

 The errata page  shows that they are forever responding to
 possible problems publically rather than sneakily (or not at
 all) like some bigger outfits we could name.

Yep.
Unfortunately intellectual honesty is not the way things go in the
cold, real world out there :-(


Manuel

Re: OT: Australia may allow punitive damages for security vulns

[Jacob Yocom-Piatt]

mark hellewell wrote:

http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
on/story-e6frfro0-1225882656490

Companies who release IT products with security vulnerabilities
should be open to claims for compensation by consumers, apparently.

Illegal to run without antivirus ... disconnection of vulnerable
computers.  A much needed kick up the arse for software makers or just
bat-shit insane?  Coming soon...
  



is it really that unreasonable when you compare this treatment to any 
other physical product e.g. a car? it is only the lack of physicality 
that makes software differ from other products.


when ford sold the pinto with the 'exploding' gas tank, it just paid 
money out to settle claims after many people were burned to death. 
although i don't believe there is a precedent for it, possibly until 
now, many software companies have been doing the same thing: selling 
crap products that in essence 'explode' and hemorrhage valuable personal 
data to script kiddies, etc.


perhaps the threat of a lawsuit will encourage software development 
houses to turn out less shite products, in which case the consumer wins. 
one way to look at the explosion of software development in the past 
30-40 years is that it is an industry lacking sufficient regulation and 
thus a very lucrative area to do business. because there is no 
regulation you can get some random idiot in whatever country to write 
your code and there are no repercussions if the code blows up after you 
sell it someone else, you cannot be held liable for using second-rate 
labor to build your product.

Re: Intel PRO/1000 QP on Dell R610 and OpenBSD 4.7

[Frédéric URBAN]

Le 18/06/2010 16:43, w...@wootsie.com a icrit :

The same issue here - with different hardware - Supermicro X8DTU and
it's built-in dual Intel 82576 nics.

Running 4.7-patch.

Fails to initialize most of the time at boot (always em1), now and
then it works (initializes and gets link after boot).  em0 rarely
fails to initialize, but also rarely negotiates the link.

Sounds similar to this bug report?
http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yesnumbers=6301

   

First, Hello, I'm new here ;)

In this bug report, the card is detected as 82575 while it's a 82576 and 
the host is running OpenBSD 4.6 amd64


We've ordered some Dell R510 with plenty of card running with 82576 
chips (Some Intel ET DualPort Copper, ET QuadPort Copper and even a EF 
DualPort fiber). I'm pretty sure we'll have the same problem with thoses 
cards.
They are not delivered yet but the goal was to replace some old 
firewalls and with such a problem it's no gonna be funny ;( We are ready 
to help/test all patch you guys can deliver since we'll get almost the 
whole products using 82576 chips (Only the Quad Port Fiber EF will be 
missing)


Somebody knows if this problem only happends on Intel X58/5500/5600 
chipsets ? Did somebody tried the i386 version of OpenBSD 4.7 ?


Another question, I browsed source code of the freebsd project and it 
looks like they use a dedicated drivers for the 82575 and 82576 cards 
aka igb(4). Excuse my newbiness ;) but why is the driver for thoses card 
integrated inside em(4) in openbsd ?


Fred

Re: OT: Australia may allow punitive damages for security vulns

[Adam M. Dutko]

 when ford sold the pinto with the 'exploding' gas tank, it just paid money
 out to settle claims after many people were burned to death. although i
 don't believe there is a precedent for it, possibly until now, many software
 companies have been doing the same thing: selling crap products that in
 essence 'explode' and hemorrhage valuable personal data to script kiddies,
 etc.


If we are to compare the nature of software to a physical product, we need
to remember a few things...

1) Proving software to be 100% correct is nearly impossible and in some
cases completely impossible.  (think halting problem and state space
explosion)
2) Physical products often have a calculable degradation curve whereas given
consistent conditions, software does not deteriorate in a way that is
easily quantifiable.  It does degrade under different conditions but see
point #1 for another problem.
3) Even the best tested and mathematically proven software (think IBM space
shuttle code) has bugs.  I forget the exact cost because I don't have the
paper nearby but the per line cost of the shuttle code was astronomical!  If
all software cost as much per line, no one would own a computer, except
maybe governments and multi-billionaires.

There are other points but I'm sure you get the gist...  I'm glad I have a
job, even if it means being a high-priced janitor.

Re: OT: Australia may allow punitive damages for security vulns

[Jan Stary]

 one way to look at the explosion of software development in the past  
 30-40 years is that it is an industry lacking sufficient regulation and  
 thus a very lucrative area to do business. because there is no  
 regulation you can get some random idiot in whatever country to write  
 your code and there are no repercussions if the code blows up after you  
 sell it someone else, you cannot be held liable for using second-rate  
 labor to build your product.

 3) Even the best tested and mathematically proven software (think IBM space
 shuttle code) has bugs.  I forget the exact cost because I don't have the
 paper nearby but the per line cost of the shuttle code was astronomical!  If
 all software cost as much per line, no one would own a computer, except
 maybe governments and multi-billionaires.

http://www.jstor.org/pss/1879431

Re: OT: Australia may allow punitive damages for security vulns

[Chris Bennett]

Adam M. Dutko wrote:

when ford sold the pinto with the 'exploding' gas tank, it just paid money
out to settle claims after many people were burned to death. although i
don't believe there is a precedent for it, possibly until now, many software
companies have been doing the same thing: selling crap products that in
essence 'explode' and hemorrhage valuable personal data to script kiddies,
etc.




If we are to compare the nature of software to a physical product, we need
to remember a few things...

1) Proving software to be 100% correct is nearly impossible and in some
cases completely impossible.  (think halting problem and state space
explosion)
  

I disagree with this. How many times a year are motor vehicles recalled?
They don't replace the car, they fix it.
Why can't defective software get a recall or a hefty fine if they refuse 
to fix it? This is a major reason I walked away from the paid software 
world, impossible to pay for quality.

2) Physical products often have a calculable degradation curve whereas given
consistent conditions, software does not deteriorate in a way that is
easily quantifiable.  It does degrade under different conditions but see
point #1 for another problem.
3) Even the best tested and mathematically proven software (think IBM space
shuttle code) has bugs.  I forget the exact cost because I don't have the
paper nearby but the per line cost of the shuttle code was astronomical!  If
all software cost as much per line, no one would own a computer, except
maybe governments and multi-billionaires.
  
Almost all physical devices come in models, which the next one usually 
fixes the defects. Software is very easy to fix the same model. So I see 
software as much simpler to improve on.

There are other points but I'm sure you get the gist...  I'm glad I have a
job, even if it means being a high-priced janitor.

Re: Any ideas on this crash?

[Tobias Ulmer]

On Mon, Jun 21, 2010 at 03:41:21PM -0400, STeve Andre' wrote:
My package builder died this weekend when I couldn't get to it.
 I may have hardware problems--I'm not sure.  Below is the relevent
 data typed in.  Any ideas?  This is an i386-current system compiled
 on June 15th.
 
 Thanks, STeve Andre'
 
 - ps  trace data 
 First bad
 /: bad dir ino 14 at offset 69632: mangled entry
 panic: bad dir

Says it right there, disk structure corrupted. A fsck run will fix it.

Re: OT: Australia may allow punitive damages for security vulns

[Stefan Wollny]

 one way to look at the explosion of software development in the past  
 30-40 years is that it is an industry lacking sufficient regulation and  
 thus a very lucrative area to do business. because there is no  
 regulation you can get some random idiot in whatever country to write  
 your code and there are no repercussions if the code blows up after you  
 sell it someone else, you cannot be held liable for using second-rate  
 labor to build your product.

 3) Even the best tested and mathematically proven software (think IBM space
 shuttle code) has bugs.  I forget the exact cost because I don't have the
 paper nearby but the per line cost of the shuttle code was astronomical!  If
 all software cost as much per line, no one would own a computer, except
 maybe governments and multi-billionaires.

http://www.jstor.org/pss/1879431

http://en.wikipedia.org/wiki/The_Market_for_Lemons

Re: OT: Australia may allow punitive damages for security vulns

[Adam M. Dutko]

 I disagree with this. How many times a year are motor vehicles recalled?

 They don't replace the car, they fix it.
 Why can't defective software get a recall or a hefty fine if they refuse to
 fix it? This is a major reason I walked away from the paid software world,
 impossible to pay for quality.


Hrm...seems you disagree with your own point.  It is nearly impossible to
pay for true 100% quality.


 Almost all physical devices come in models, which the next one usually
 fixes the defects. Software is very easy to fix the same model. So I see
 software as much simpler to improve on.


That's why there are patches.  But, just like physical products, patches can
introduce new bugs because they too introduce new execution paths/change
behavior.  I believe one good approach to improving quality (whether it be
real or not) is to reduce functionality.  Such a move should reduce code
complexity and execution paths.  But, afaik code quality and code size are
not strongly associated.

I'm not making excuses for software.  Software is hard which imho is what
makes it appealing.

I do love the paper Jan mentioned because it highlights the importance of
standards bodies.  It also highlights the potential use of government
organizations to regulate markets, which is what the original article
mentions.  I won't say which I prefer because you can probably determine
that on your own.  Good discussion.

Re: OT: Australia may allow punitive damages for security vulns

[Marco Peereboom]

On Tue, Jun 22, 2010 at 08:44:45AM -0400, Adam M. Dutko wrote:
  when ford sold the pinto with the 'exploding' gas tank, it just paid money
  out to settle claims after many people were burned to death. although i
  don't believe there is a precedent for it, possibly until now, many software
  companies have been doing the same thing: selling crap products that in
  essence 'explode' and hemorrhage valuable personal data to script kiddies,
  etc.
 
 
 If we are to compare the nature of software to a physical product, we need
 to remember a few things...
 
 1) Proving software to be 100% correct is nearly impossible and in some
 cases completely impossible.  (think halting problem and state space
 explosion)

This is obviously not the intent.  The intent is to have software that
is reasonably crafted by software engineers.  Not some slapped together
turd with peanuts from different development teams.

 2) Physical products often have a calculable degradation curve whereas given
 consistent conditions, software does not deteriorate in a way that is
 easily quantifiable.  It does degrade under different conditions but see
 point #1 for another problem.

Not interesting and not even true.  Anyone who coded in the old world
with lets say threads, knew that going to a newer better faster machine
would always result in nice new racing bugs.  I won't get into why this
happened though.

 3) Even the best tested and mathematically proven software (think IBM space
 shuttle code) has bugs.  I forget the exact cost because I don't have the
 paper nearby but the per line cost of the shuttle code was astronomical!  If
 all software cost as much per line, no one would own a computer, except
 maybe governments and multi-billionaires.

Reasonable quality control is something people shouldn't hope for it
should be something people demand.  The reason why we have windows the
way it is today is that in the early days people didn't put their foot
down and said ENOUGH.  The rest is history.

The reason why Apple is making such big strides with OSX is because they
are capitalizing on this general feeling.  OSX unlike windows isn't
naturally chaotic and Apple does a fine job pretending they are secure.
All in all a pretty smart marketing campaign that seems to be paying the
bills just fine.

Your car runs hundreds of thousands (if not millions) of lines of code.
Does it crash all the time?  Microsoft spends more money on RD than
NASA has to develop a rocket.  Are you sure that they should not have
been capable of any standard of quality?

 There are other points but I'm sure you get the gist...  I'm glad I have a
 job, even if it means being a high-priced janitor.

Re: OT: Australia may allow punitive damages for security vulns

[Adam M. Dutko]

 This is obviously not the intent.  The intent is to have software that
 is reasonably crafted by software engineers.  Not some slapped together
 turd with peanuts from different development teams.


I agree it shouldn't be slapped together but you strike upon an interesting
debate...  Should developers have to be software engineers and be certified?
 Or are we OK with the hacker model?  I hope you realize I'm not
insinuating hacker means crap coder!  I tend to think it's a superior
model but it's also an evolutionary one, something most people don't have
time for.


 Not interesting and not even true.  Anyone who coded in the old world
 with lets say threads, knew that going to a newer better faster machine
 would always result in nice new racing bugs.  I won't get into why this
 happened though.


Sure, doing things faster doesn't mean it'll be better.  Often it just means
you'll hit a lock problem quicker than if you went slower.  Can you
elaborate on what you mean though...what's the equivalent to code rust?  API
breakage? Windows seems to have maintained crazy backwards compatibility.
 Not that I'm applauding it because it also means malicious can still run
unless other means are leveraged to block it.


 Reasonable quality control is something people shouldn't hope for it
 should be something people demand.  The reason why we have windows the
 way it is today is that in the early days people didn't put their foot
 down and said ENOUGH.  The rest is history.


I agree that's part of the reason.


 The reason why Apple is making such big strides with OSX is because they
 are capitalizing on this general feeling.  OSX unlike windows isn't
 naturally chaotic and Apple does a fine job pretending they are secure.
 All in all a pretty smart marketing campaign that seems to be paying the
 bills just fine.


Yes, until the other shoe drops.


 Your car runs hundreds of thousands (if not millions) of lines of code.
 Does it crash all the time?  Microsoft spends more money on RD than
 NASA has to develop a rocket.  Are you sure that they should not have
 been capable of any standard of quality?


Not all the time, but there are many documented cases, not the least of
which being the current popular hybrid car maker debacle.

I've looked up a couple of reports on money spent specifically to improve
quality for Microsoft and for NASA.  NASA gives us a number at
http://www.nasa.gov/pdf/420990main_FY_201_%20Budget_Overview_1_Feb_2010.pdfbut
the number I found was specific to a group within NASA not as a whole.
 If you also count the Air Force space program which is much bigger but is
also involved with NASA, the number becomes much larger:
http://www.saffm.hq.af.mil/shared/media/document/AFD-100201-050.pdf.  Most
of the information I found in Microsoft's filing and various news media
articles doesn't talk about specific research for quality improvements.
 They talk about vague concepts.

I do believe they're all capable of better quality software, it's just hard
and expensive.  Each are avoided like the plague in most corporate
environments.

Re: Unable to ping routes learnt via BGP (OpenBSD 4.7)

[Frans Haarman]

On 22 June 2010 18:55,  rh...@hushmail.com wrote:
 Hello List,

 I'm sure I'm missing something fairly obvious but don't know where
 to start.


 First, forgive my ASCII art :

 [BSD A] -- [PEER A]
 ^
 |
 v
 [BSD B] -- [PEER B]


 The following works OK :
 - eBGP
 - iBGP
 - Routing to and from machines behind the BSD boxes
 - Pinging internet routes learnt from either peer from BSD A
 console

 The following does not work :

 - Pinging internet routes learnt from Peer B on BSD B.

 However it is possible to ping routes learnt from Peer A on BSD
 B.

 It is also possible to ping routes learnt from Peer B on BSD B
 if I use ping with the -I flag and pick a LAN-side interface to
 ping from.

 What have I missed ?   bgpctl sh nex reports fine, and there are no
 default routes hiding in output from route -n show.



maybe pf related ? did you try to disable it ?

You did not provide too much detail so its hard to guess. Did you find
any clues in bgpctl show rib/fib ?

openBSD hangs on install

[Jason Wagstaff]

I have a sparc64 t2000+ box and during installation of release 4.7  it
hangs while installing the sets.  When it hangs it is at a random spot
each time.   I have tried to install from cd, ftp, http and a local
http mirror.   All of them fail at some point during the installation
of the sets.   Any ideas how I can get it to do a full install?

-- 
Jason Wagstaff
~When practicing unconditional acceptance start with your self

Re: openBSD hangs on install

[Tomas Bodzar]

Did you try latest snapshot? Just to be sure that there is not some
repair available or that problem is still same.

On Tue, Jun 22, 2010 at 7:43 PM, Jason Wagstaff wagsta...@gmail.com wrote:
 I have a sparc64 t2000+ box and during installation of release 4.7 B it
 hangs while installing the sets. B When it hangs it is at a random spot
 each time. B  I have tried to install from cd, ftp, http and a local
 http mirror. B  All of them fail at some point during the installation
 of the sets. B  Any ideas how I can get it to do a full install?

 --
 Jason Wagstaff
 ~When practicing unconditional acceptance start with your self

Re: openBSD hangs on install

[Neal Hogan]

On Tue, Jun 22, 2010 at 12:43 PM, Jason Wagstaff wagsta...@gmail.com wrote:
 I have a sparc64 t2000+ box and during installation of release 4.7  it
 hangs while installing the sets.  When it hangs it is at a random spot
 each time.   I have tried to install from cd, ftp, http and a local
 http mirror.   All of them fail at some point during the installation
 of the sets.   Any ideas how I can get it to do a full install?


D'load the install47.iso and burn a bootable disc.

From installation guide:

install47.iso is an ISO9660 image, containing all the standard
install files. This file can be used to create a CD that can do a
stand-alone OpenBSD install.


 --
 Jason Wagstaff
 ~When practicing unconditional acceptance start with your self

Re: OT: Australia may allow punitive damages for security vulns

[VICTOR TARABOLA CORTIANO]

 http://www.news.com.au/technology/no-anti-virus-software-no-internet-connecti
 on/story-e6frfro0-1225882656490

 Companies who release IT products with security vulnerabilities
 should be open to claims for compensation by consumers, apparently.

 Illegal to run without antivirus ... disconnection of vulnerable
 computers.  A much needed kick up the arse for software makers or just
 bat-shit insane?  Coming soon...


australian laws = censorship

Imagine if those crazy anti-freedom lawmakers force OpenBSD users to
install antiviruses...

Re: openBSD hangs on install

[Neal Hogan]

On Tue, Jun 22, 2010 at 12:53 PM, Neal Hogan nealho...@gmail.com wrote:
 On Tue, Jun 22, 2010 at 12:43 PM, Jason Wagstaff wagsta...@gmail.com
wrote:
 I have a sparc64 t2000+ box and during installation of release 4.7  it
 hangs while installing the sets.  When it hangs it is at a random spot
 each time.   I have tried to install from cd, ftp, http and a local
 http mirror.   All of them fail at some point during the installation
 of the sets.   Any ideas how I can get it to do a full install?


 D'load the install47.iso and burn a bootable disc.

 From installation guide:

 install47.iso is an ISO9660 image, containing all the standard
 install files. This file can be used to create a CD that can do a
 stand-alone OpenBSD install.


Sorry read/replied too fast. I see that you tried the cd method.


 --
 Jason Wagstaff
 ~When practicing unconditional acceptance start with your self

Re: OT: Australia may allow punitive damages for security vulns

[Marco Peereboom]

On Tue, Jun 22, 2010 at 01:23:14PM -0400, Adam M. Dutko wrote:
  This is obviously not the intent.  The intent is to have software that
  is reasonably crafted by software engineers.  Not some slapped together
  turd with peanuts from different development teams.
 
 
 I agree it shouldn't be slapped together but you strike upon an interesting
 debate...  Should developers have to be software engineers and be certified?
  Or are we OK with the hacker model?  I hope you realize I'm not
 insinuating hacker means crap coder!  I tend to think it's a superior
 model but it's also an evolutionary one, something most people don't have
 time for.

I don't really believe in tying people down to a certain methodology or
process.  I am a huge fan of doing things the right way.  This
obviously means different things for different organizations.  There
really is no silver bullet for this.

That said there are a couple of issues in any development organization
that need to be dealt with.  What it ultimately comes down to is how
well respected quality control is.  Quality control is not just
verification; it is code style, best practices, unit test etc etc.
If it is an afterthought and not taken seriously then your code will
suck.

You can add process, ISO certification and other BS all day which
usually results in disaster because staff doesn't buy into it.

And I'll tell you the true success to software development.  Good
engineers that know their stuff and are willing to work within a
framework.  This means hiring people and paying them what they are
worth.  Getting a bunch of kids from college with some degree or another
or outsourcing code is a recipe for disaster.  If the developers have no
vested interest in the success of the code a project will nearly always
fail.  I have seen some colossal failures over time and they usually
start when people become resources.

Anyway I can ramble about this for days.

 
 
  Not interesting and not even true.  Anyone who coded in the old world
  with lets say threads, knew that going to a newer better faster machine
  would always result in nice new racing bugs.  I won't get into why this
  happened though.
 
 
 Sure, doing things faster doesn't mean it'll be better.  Often it just means
 you'll hit a lock problem quicker than if you went slower.  Can you
 elaborate on what you mean though...what's the equivalent to code rust?  API
 breakage? Windows seems to have maintained crazy backwards compatibility.
  Not that I'm applauding it because it also means malicious can still run
 unless other means are leveraged to block it.

You misunderstood me.  I meant in the old days running old code on new
machines nearly always meant breakage because it was poorly written at
most levels (OS, API, Apps etc)

 
 
  Reasonable quality control is something people shouldn't hope for it
  should be something people demand.  The reason why we have windows the
  way it is today is that in the early days people didn't put their foot
  down and said ENOUGH.  The rest is history.
 
 
 I agree that's part of the reason.
 
 
  The reason why Apple is making such big strides with OSX is because they
  are capitalizing on this general feeling.  OSX unlike windows isn't
  naturally chaotic and Apple does a fine job pretending they are secure.
  All in all a pretty smart marketing campaign that seems to be paying the
  bills just fine.
 
 
 Yes, until the other shoe drops.
 
 
  Your car runs hundreds of thousands (if not millions) of lines of code.
  Does it crash all the time?  Microsoft spends more money on RD than
  NASA has to develop a rocket.  Are you sure that they should not have
  been capable of any standard of quality?
 
 
 Not all the time, but there are many documented cases, not the least of
 which being the current popular hybrid car maker debacle.
 
 I've looked up a couple of reports on money spent specifically to improve
 quality for Microsoft and for NASA.  NASA gives us a number at
 http://www.nasa.gov/pdf/420990main_FY_201_%20Budget_Overview_1_Feb_2010.pdfbut
 the number I found was specific to a group within NASA not as a whole.
  If you also count the Air Force space program which is much bigger but is
 also involved with NASA, the number becomes much larger:
 http://www.saffm.hq.af.mil/shared/media/document/AFD-100201-050.pdf.  Most
 of the information I found in Microsoft's filing and various news media
 articles doesn't talk about specific research for quality improvements.
  They talk about vague concepts.
 
 I do believe they're all capable of better quality software, it's just hard
 and expensive.  Each are avoided like the plague in most corporate
 environments.

Microsoft spends $10B on RD.  That is nearly the ENTIRE budget of NASA.
They are the classic example of organizations that are completely out of
control and rely entirely on some process that is good enough.  Anyone
who has written code that directly interacts with their APIs knows how
completely disjoint their 

Re: Processeur Atom ?

[Henning Brauer]

* E.T ad...@wordpress-fr.fr [2010-06-12 10:56]:
 why pay 100dollars/month, 1200dollars/yaer for a server ???.

because you get what you pay for.

maintaining a sane  secure  reliable data center isn't exactly
cheap. 

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Processeur Atom ?

[Henning Brauer]

* Tomas Bodzar tomas.bod...@gmail.com [2010-06-12 11:55]:
 See tables with consumption
 http://www.thinkwiki.org/wiki/Intel_Mobile_Pentium_III-M (especially
 ultra-low-voltage models). And it's far more powerful then Atom.

looking at my PIII-based (yes, kinda the last ones,
onethousandtwohundredsomething mhz) storage machines and my atom
systems, the more powerful is obvious bullshit. atom performs quite
well.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: OT: Australia may allow punitive damages for security vulns

[Chris Bennett]

Marco Peereboom wrote:



Microsoft spends $10B on RD.  That is nearly the ENTIRE budget of NASA.
They are the classic example of organizations that are completely out of
control and rely entirely on some process that is good enough.  Anyone
who has written code that directly interacts with their APIs knows how
completely disjoint their development teams are. They don't even adhere
to the same damn style for functions calls.

If you really want to have some fun with that number go figure out where
they make their money.  Then figure out how much each line of code cost.
Pretty baffling stuff.


  


Hmm, a $10B RD donation for OpenBSD.

I wonder what could be accomplished with what was left over after the 
beer was accounted for? :)

Re: Processeur Atom ?

[E.T]

Yes

Small webiste personal = server at home

big project = datacenter

We agree


 why pay 100dollars/month, 1200dollars/yaer for a server ???.
 
 because you get what you pay for.
 
 maintaining a sane  secure  reliable data center isn't exactly
 cheap.

-- 
@plus

Re: OT: Australia may allow punitive damages for security vulns

[E.T]

One hangover :)


On Tue, 22 Jun 2010 13:24:43 -0500, Chris Bennett
ch...@bennettconstruction.biz wrote:
 Marco Peereboom wrote:


 Microsoft spends $10B on RD.  That is nearly the ENTIRE budget of
NASA.
 They are the classic example of organizations that are completely out
of
 control and rely entirely on some process that is good enough. 
Anyone
 who has written code that directly interacts with their APIs knows how
 completely disjoint their development teams are. They don't even adhere
 to the same damn style for functions calls.

 If you really want to have some fun with that number go figure out
where
 they make their money.  Then figure out how much each line of code
cost.
 Pretty baffling stuff.


   
 
 Hmm, a $10B RD donation for OpenBSD.
 
 I wonder what could be accomplished with what was left over after the 
 beer was accounted for? :)

-- 
@plus

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

[pourlori]

Hello misc,

I was wondering if these accusations against OpenBSD were true, 
I doubt he is lying, maybe he is just not telling the whole truth.

http://www.uaoug.org.ua/archive/msg01088.html

The first part is irrelevant, Linux may have implemented the sysctl 
switch before OpenBSD. 
However, their min_map_addr was set to 0 by default for a long 
time. Which did lead to vulnerabilities in Linux.

hey keep coming up with the same exact innovations others came up
with years before them.  Their official explanation for where they
got the W^X/ASLR ideas was a drunk guy came into their tent at one 
of
their hack-a-thons and started talking about the idea.  They had
never heard of PaX when we asked them in 2003.

I do not wish to begin a troll-like thread, I just want the truth.

Regards.

Michel Antoine
User

Re: Processeur Atom ?

[Henning Brauer]

* Nick n...@holland-consulting.net [2010-06-13 18:43]:
  that might be (I am not convinced tho) with the electricity price in
  the US, but certainly isn't universal.
 
 The calculations are.

$/kWh isn't...

 Cost of money (i.e., interest rate), watts saved (if any), cost of a
 kWh, initial costs, etc.  Plug in your numbers, find out what the ROI
 is.  Add in what your AC costs are (watts in have to be removed, and
 that's more watts to pump them out).  Evaluate results.
 
 Going simpler, ignoring cost of money, IF your Atom machine draws 50%
 of the power of my PIII, my quickie calc indicates you will save
 105kWh.  If you also have to pay for AC, maybe double that number.

should be less than 50% actually, at much better performance. the
atoms are surprisingly fast.

 Granted, ROI (Return on Investment) isn't everything.

i would not even remotely consider putting a PIII-era machine into
service now. the cost of the hardware (in the case of smallish
systems) is irrelevant in the big picture.
PIII: old, rusty, reliability questionable, draws more power, adding up
- might have to invest in bigger A/C sooner
atom: new, reliability way less questionable, has modern interfaces,
saves power, is so cool that it'll survive forever even with all fans
dead, way faster.
heck, the supermicro atoms i buy aren't even cheap. not at all. but
with server-class management, very low power consumption etc, they pay
out quickly. they even would if they cost twice as much, easily.

admittedly, the math is different for home hobby use.

 Low power rack mount equipment is hard to find now

huh? it is easier than ever.

 analog clamp-on ammeter at the time, but they appeared to draw under 60W.

pretty sure my average for new smallish (you know, 1U, reaosnable
amount of ram, 1 disk, that style) machines is below that. not idle,
but with typical workload.

 If you want to talk about power savings, get a wattmeter and quit
 reading glossy sheets of one tiny part of the entire computer system.

err, besides a stupid useless wattmeter I have dozens, if not hundreds,
of points in my power distribution infratructure where power draw is
measured. live, not artificial test runs.


 The numbers will surprise you.  (Fans ALONE on one Dell 1U system
 draw over 50W at full speed.  Hopefully, they aren't at full speed
 very often.

either your measurement is screwed or dell screwed up big time.

 My PIII system will pump a LOT of data. 

and still lose compared to a reasonable atom.

and for giggles, the dmesg. i forgot the exact power draw of that
system, it was very very low.

OpenBSD 4.7 (GENERIC.MP) #0: Mon Apr  5 08:50:54 CEST 2010
henn...@terak.bsws.de:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
real mem  = 2145595392 (2046MB)
avail mem = 2070142976 (1974MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 05/05/09, BIOS32 rev. 0 @ 0xf0010, SMBIOS 
rev. 2.5 @ 0xfd160 (27 entries)
bios0: vendor American Megatrends Inc. version 1.0 date 05/05/2009
bios0: Supermicro X7SLA
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG OEMB HPET
acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) EUSB(S4) MC97(S4) 
P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4) P0P8(S4) LAN0(S1) P0P9(S4) LAN1(S1) 
USB0(S4) USB1(S4) USB2(S4) USB3(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 4
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 4 (P0P1)
acpiprt3 at acpi0: bus 1 (P0P4)
acpiprt4 at acpi0: bus -1 (P0P5)
acpiprt5 at acpi0: bus -1 (P0P6)
acpiprt6 at acpi0: bus -1 (P0P7)
acpiprt7 at acpi0: bus 2 (P0P8)
acpiprt8 at acpi0: bus 3 (P0P9)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at 

Re: Processeur Atom ?

[Henning Brauer]

* Stuart Henderson s...@spacehopper.org [2010-06-12 23:59]:
 On 2010-06-12, Henning Brauer lists-open...@bsws.de wrote:
  * Nick n...@holland-consulting.net [2010-06-11 12:55]:
  If you want low power consumption and low cost, I'd suggest a small
  PIII or Celeron based system, hard to beat for the price (usually,
  free!).  IF the new, cool stuff has any real power savings, you are
  unlikely to ever recoup the initial cost over recycled hardware.
 
  that might be (I am not convinced tho) with the electricity price in
  the US, but certainly isn't universal.
 
 
 Especially the price of electricity in externally owned datacentres (*)
 - and restrictions on current drawn; there are still places which allow
 just 4A (@240V) per rack footprint (and 8A/footprint is fairly common).

I know of one DC that limits you to 8A per rack (@230V) because the
floor would collapse if people filled up their racks...

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

[Aaron Glenn]

On Tue, Jun 22, 2010 at 7:26 PM,  pourl...@hushmail.com wrote:

 I do not wish to begin a troll-like thread, I just want the truth.

yes you do; no you don't.
no one cares; please go away.

Re: [openbsd] fwd: [dera...@cvs.openbsd.org: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability/]

[E.T]

Quote from theo :

-  our kernels have no bugs 


On Tue, 22 Jun 2010 21:26:18 +0200, pourl...@hushmail.com wrote:
 Hello misc,
 
 I was wondering if these accusations against OpenBSD were true, 
 I doubt he is lying, maybe he is just not telling the whole truth.
 
 http://www.uaoug.org.ua/archive/msg01088.html
 
 The first part is irrelevant, Linux may have implemented the sysctl 
 switch before OpenBSD. 
 However, their min_map_addr was set to 0 by default for a long 
 time. Which did lead to vulnerabilities in Linux.
 
 hey keep coming up with the same exact innovations others came up
 with years before them.  Their official explanation for where they
 got the W^X/ASLR ideas was a drunk guy came into their tent at one 
 of
 their hack-a-thons and started talking about the idea.  They had
 never heard of PaX when we asked them in 2003.
 
 I do not wish to begin a troll-like thread, I just want the truth.
 
 Regards.
 
 Michel Antoine
 User

-- 
@plus

Re: OT: Australia may allow punitive damages for security vulns

[Kevin Chadwick]

On Tue, 22 Jun 2010 12:55:10 -0500
Marco Peereboom sl...@peereboom.us wrote:

 Getting a bunch of kids from college with some degree or another
 or outsourcing code is a recipe for disaster.  If the developers have no
 vested interest in the success of the code a project will nearly always
 fail. 

And ironically some uk government investment projects are only
attainable if you work with these experts and expensive resource
hogging managers a.k.a. leaches. Of course, some of them are experts
but they're not usually the ones they want you to work with.

How come the university acting as proxy, got so much of OpenBSDs DARPA
grant? What was the justification?

Re: OT: Australia may allow punitive damages for security vulns

[Theo de Raadt]

 How come the university acting as proxy, got so much of OpenBSDs DARPA
 grant? What was the justification?

Graft, influence trading, and patronage are institutionalized in the
relationship between universities, research grants, and the government
in the US to roughly the same level as anywhere else in the world.
The finances just aren't talked about as much in the US because the
people who benefit from it know to keep their mouths shut.  Upon the
remainder of the population, the other the coin is a very fast growing
but hidden inflation.  But your media is playing the same game with your
government.  The word propoganda has fallen out of vogue.

Anyways, in that instance the a few University people got around 50%
because of their connections, and did nothing except a few bits of
paperwork -- except for one grad student (who worked very hard, but
was already doing so beforehands).  Oh, but the university staff sure
worked hard in the last few days trying to steal payments back from
openbsd people who were on contract, when the Department of Defence
got upset.

Re: Processeur Atom ?

[andres]

Quoting Henning Brauer lists-open...@bsws.de:

 * Nick n...@holland-consulting.net [2010-06-13 18:43]:
  that might be (I am not convinced tho) with the electricity price in
  the US, but certainly isn't universal.

 The calculations are.

 $/kWh isn't...

 Cost of money (i.e., interest rate), watts saved (if any), cost of a
 kWh, initial costs, etc.  Plug in your numbers, find out what the ROI
 is.  Add in what your AC costs are (watts in have to be removed, and
 that's more watts to pump them out).  Evaluate results.

 Going simpler, ignoring cost of money, IF your Atom machine draws 50%
 of the power of my PIII, my quickie calc indicates you will save
 105kWh.  If you also have to pay for AC, maybe double that number.

 should be less than 50% actually, at much better performance. the
 atoms are surprisingly fast.

 Granted, ROI (Return on Investment) isn't everything.

 i would not even remotely consider putting a PIII-era machine into
 service now. the cost of the hardware (in the case of smallish
 systems) is irrelevant in the big picture.
 PIII: old, rusty, reliability questionable, draws more power, adding up
 - might have to invest in bigger A/C sooner
 atom: new, reliability way less questionable, has modern interfaces,
 saves power, is so cool that it'll survive forever even with all fans
 dead, way faster.
 heck, the supermicro atoms i buy aren't even cheap. not at all. but
 with server-class management, very low power consumption etc, they pay
 out quickly. they even would if they cost twice as much, easily.

 admittedly, the math is different for home hobby use.

 Low power rack mount equipment is hard to find now

 huh? it is easier than ever.

 analog clamp-on ammeter at the time, but they appeared to draw under 60W.

 pretty sure my average for new smallish (you know, 1U, reaosnable
 amount of ram, 1 disk, that style) machines is below that. not idle,
 but with typical workload.

 If you want to talk about power savings, get a wattmeter and quit
 reading glossy sheets of one tiny part of the entire computer system.

 err, besides a stupid useless wattmeter I have dozens, if not hundreds,
 of points in my power distribution infratructure where power draw is
 measured. live, not artificial test runs.


 The numbers will surprise you.  (Fans ALONE on one Dell 1U system
 draw over 50W at full speed.  Hopefully, they aren't at full speed
 very often.

 either your measurement is screwed or dell screwed up big time.

 My PIII system will pump a LOT of data.

 and still lose compared to a reasonable atom.

 and for giggles, the dmesg. i forgot the exact power draw of that
 system, it was very very low.

 OpenBSD 4.7 (GENERIC.MP) #0: Mon Apr  5 08:50:54 CEST 2010
 henn...@terak.bsws.de:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Intel(R) Atom(TM) CPU 330 @ 1.60GHz (GenuineIntel 686-class) 1.61
GHz
 cpu0:

Just one comment on all this.  It is very rare for me to have a difference
of opinion with you Henning, but I have to comment on P3 equipment.

Dell made some incredible Optiplex models that were white, using P3's
from 450MHz to about 1.2Ghz.  I have several at work in production
service, and some of them are 10 years old.  The disks aren't, but the
machine proper is.  They draw more power than an Atom, thats for
certain, but they are rock solid, and built FAR better than most things
today.  Me, I'm the IT department where I work.  The calculus of spending
more on electricty for systems so stable that they are more likely to
die when the power dies is pretty obvious to me. ;-)

I've watched everything get bigger, faster and cheaper, but usually at
the cost of quality.  This includes my ThinkPads, sigh.  I've had several
conversations where it was admitted that fewer smoothig capicators
were used because a bean-counter saw they could save money by
using fewer.  Boards aren't cleaned any more--I have some great
fingerprint samples of several techs from China.

For applications were speed really matters my little Dell's lose.  But
in many respects they are the best servers I've ever had.

--STeve Andre'

Re: pfctl: Cannot allocate memory and spamd-setup -bd

[Stuart Henderson]

On 2010-06-21, Ruy Bento r...@madeira.dyndns.org wrote:
 spamd_black=YES # set to YES to run spamd without greylisting

you don't want blacklist-only mode if you have limited RAM.

Re: Processeur Atom ?

[Henning Brauer]

* and...@msu.edu and...@msu.edu [2010-06-23 01:34]:
 Dell made some incredible Optiplex models that were white, using P3's
 from 450MHz to about 1.2Ghz.  I have several at work in production
 service, and some of them are 10 years old.

heck, I have systems that old in production.
the point is - new setups using these just doesn't make sense.
heck, at the very same second where I had to change ANYTHING
hardware-wise on them, they get replaced. if they don't get replaced
anyway. 

 The disks aren't, but the
 machine proper is.  They draw more power than an Atom, thats for
 certain, but they are rock solid, and built FAR better than most things
 today.  Me, I'm the IT department where I work.  The calculus of spending
 more on electricty for systems so stable that they are more likely to
 die when the power dies is pretty obvious to me. ;-)

as rock solid as they might be, at this age, the likeliness of them
dieing anytime soon is growing. fast.

 I've watched everything get bigger, faster and cheaper, but usually at
 the cost of quality.  This includes my ThinkPads, sigh.  I've had several
 conversations where it was admitted that fewer smoothig capicators
 were used because a bean-counter saw they could save money by
 using fewer.  Boards aren't cleaned any more--I have some great
 fingerprint samples of several techs from China.

quality is an issue. i can only say that i am very happy with pretty
much anything i ever got from supermicro. but then i don't buy the
newest and shiniest, ever.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Mailing list headers

[Casey Allen Shobe]

Why do the OpenBSD lists have no List-ID header?

With the existing set of headers, it's impossible to filter the mail in gmail 
and other lame mail clients that don't allow arbitrary headers to be entered.

I know, the world doesn't revolve around GMail, much as Google might like that 
to be the case.  But in the interest of those of us who use it, could they 
please be added?

Cheers,
-- 
Casey Allen Shobe
ca...@shobe.info

Re: openBSD hangs on install

[patrick keshishian]

On Tue, Jun 22, 2010 at 12:41 PM, Jason Wagstaff wagsta...@gmail.com wrote:
 Tomas,

 Yes it does work with the latest snapshot and the last snapshot before
 the 4.7 release.  It just doesn't work with the released version of
 4.7.

Sounds similar to what was discussed here:

http://www.mail-archive.com/misc@openbsd.org/msg88586.html

--patrick


 It hangs most often during bas47.tgz and comp47.tgz.

 From the local mirror using http it gets to base47.tgz and never
 starts the download.

 bsd  100% |*|  7062 KB00:01
 bsd.rd   100% |*|  2385 KB00:00
 bsd.mp   100% |*|  7074 KB00:01
 base47.tgz 0% | | 0   --:--
 ETA

 --
 Jason Wagstaff
 ~When practicing unconditional acceptance start with your self



 On Tue, Jun 22, 2010 at 12:52 PM, Tomas Bodzar tomas.bod...@gmail.com
 wrote:
 Did you try latest snapshot? Just to be sure that there is not some
 repair available or that problem is still same.

 On Tue, Jun 22, 2010 at 7:43 PM, Jason Wagstaff wagsta...@gmail.com
 wrote:
 I have a sparc64 t2000+ box and during installation of release 4.7  it
 hangs while installing the sets.  When it hangs it is at a random spot
 each time.   I have tried to install from cd, ftp, http and a local
 http mirror.   All of them fail at some point during the installation
 of the sets.   Any ideas how I can get it to do a full install?

 --
 Jason Wagstaff
 ~When practicing unconditional acceptance start with your self

Best Practices for tun(4) and gif(4)

[Matt S]

I apologize in advance if this subject has been addressed but I was unable
to turn up anything from a Google search and the manual pages did not quite
yield enough information.  IPv6 needs aside, what is the primary difference
between tun(4) and gif(4)?  When is it preferrable to use gif(4) over
tun(4)?  Is there any reason why I could not, say, perform IPSEC encryption
over a tun(4) tunnel?

Thank you in advance,
Matt

Re: Mailing list headers

[patrick keshishian]

On Tue, Jun 22, 2010 at 5:24 PM, Casey Allen Shobe ca...@shobe.info wrote:
 Why do the OpenBSD lists have no List-ID header?

 With the existing set of headers, it's impossible to filter the mail in
gmail
 and other lame mail clients that don't allow arbitrary headers to be
entered.


I use gmail and I filter on:

Matches: to:(misc@openbsd.org)

same for ports@, x11@, tech@, etc. It work just fine.

--patrick


 I know, the world doesn't revolve around GMail, much as Google might like
that
 to be the case.  But in the interest of those of us who use it, could they
 please be added?

 Cheers,
 --
 Casey Allen Shobe
 ca...@shobe.info

Re: Best Practices for tun(4) and gif(4)

[Claudio Jeker]

On Tue, Jun 22, 2010 at 08:05:31PM -0700, Matt S wrote:
 I apologize in advance if this subject has been addressed but I was unable
 to turn up anything from a Google search and the manual pages did not quite
 yield enough information.  IPv6 needs aside, what is the primary difference
 between tun(4) and gif(4)?  When is it preferrable to use gif(4) over
 tun(4)?  Is there any reason why I could not, say, perform IPSEC encryption
 over a tun(4) tunnel?
 

Huh? From the man pages:
 The tun driver provides a network interface pseudo-device.  Packets sent
 to this interface can be read by a userland process and processed as
 desired.  Packets written by the userland process are injected back into
 the kernel networking subsystem.

 The gif interface is a generic tunnelling pseudo-device for IPv4 and
 IPv6.  It can tunnel IPv[46] over IPv[46] with behavior mainly based on
 RFC 1933 IPv6-over-IPv4, for a total of four possible combinations...

So tun(4) is a way to get packets to userland while gif is a real tunnel
device encapsulating the packets and sending it to a remote tunnel
endpoint. The two things are totaly different and yes you could make IPsec
in userland over tun(4) but nobody is enough of a masochist to do that.

-- 
:wq Claudio

Re: Mailing list headers

[Todd Alan Smith]

On Tue, Jun 22, 2010 at 10:11 PM, patrick keshishian pkesh...@gmail.com
wrote:
 I use gmail and I filter on:

 B  B  B  B Matches: to:(misc@openbsd.org)

 same for ports@, x11@, tech@, etc. It work just fine.

 --patrick

Same here. Works great.

Re: OpenBSD sends RSTs for gratuitous traffic

[Henning Brauer]

* LeviaComm Networks NOC n...@leviacomm.net [2010-06-15 08:07]:
 On 6/13/2010 9:50 PM, Patrick Coleman wrote:
 For some reason however, on one particular VLAN the switch is
 erroneously forwarding traffic from a particular host (203.135.184.10)
 to the OpenBSD box. The traffic is forwarded even when the destination
 MAC address is not that of the OpenBSD box. So there's something
 broken on my switch, I need to fix it, fair enough.
 
 It would be best if you had a working switch to test with

*sigh*

sometimes it really is better to just not reply when you don't have
any insight to add.

his switch being broken or not, we have a bug here.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: pf.conf: match seems to clean up previous log statements.

[Henning Brauer]

* william dunand william.dun...@gmail.com [2010-06-14 11:03]:
 Dear list,
 
 I just noticed something strange with pf (4.7) and I wondered if
 someone could help me to understand it.
 
 Let's consider the following simple rule-set:
 
 pf.conf
 set skip on lo0
 pass all
 block out log on bge0 inet proto tcp from any to x.x.x.x port 80
 match out on bge0 inet proto tcp from any to x.x.x.x port 80
 \pf.conf
 
 Then if I just try a simple hping on x.x.x.x on port 80, I expect to
 see the packet blocked, and logged on pflog0, but I don't see it.
 If I just add a log to the match rule, then my hping packet will
 be logged twice on pflog0 (for the block and the match).
 I observe analog behavior if I replace the block rule by a similar pass rule.
 
 So it seems impossible to log specific traffic if this traffic is
 matched somewhere by a simple match rule, one would need to add the
 log directive to the latter, which might of course not be desirable.
 
 Is this the expected behavior, or is there something I am overlooking?

that would be a bug, by yours truly.

i think i already saw you sendbug'ing it, if it is not yet sendbug'd
please do, i plan to go over the pf related PR entries soonish.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: pf.conf: match seems to clean up previous log statements.

[Henning Brauer]

* Stuart Henderson s...@spacehopper.org [2010-06-15 13:00]:
 That relates to logging only. 'match log' is special as it is
 handled immediately when the match rule is processed.

you wish. i wish. that is what it should be, but we didn't get this
changed to that yet. i know of at least two little bugs with logging
after match entered the game (since match changes some things
fundamentally)

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

Re: Best Practices for tun(4) and gif(4)

[Matt S]

Claudio, Thank you for clarifying that.  I somehow missed that tidbit.

On Tue, Jun 22, 2010 at 9:11 PM, Claudio Jeker cje...@diehard.n-r-g.comwrote:

  On Tue, Jun 22, 2010 at 08:05:31PM -0700, Matt S wrote:
  I apologize in advance if this subject has been addressed but I was
 unable
  to turn up anything from a Google search and the manual pages did not
 quite
  yield enough information.  IPv6 needs aside, what is the primary
 difference
  between tun(4) and gif(4)?  When is it preferrable to use gif(4) over
  tun(4)?  Is there any reason why I could not, say, perform IPSEC
 encryption
  over a tun(4) tunnel?
 

 Huh? From the man pages:
 The tun driver provides a network interface pseudo-device.  Packets
 sent
 to this interface can be read by a userland process and processed as
 desired.  Packets written by the userland process are injected back
 into
 the kernel networking subsystem.

 The gif interface is a generic tunnelling pseudo-device for IPv4 and
 IPv6.  It can tunnel IPv[46] over IPv[46] with behavior mainly based on
 RFC 1933 IPv6-over-IPv4, for a total of four possible combinations...

 So tun(4) is a way to get packets to userland while gif is a real tunnel
 device encapsulating the packets and sending it to a remote tunnel
 endpoint. The two things are totaly different and yes you could make IPsec
 in userland over tun(4) but nobody is enough of a masochist to do that.

 --
 :wq Claudio

Re: Any ideas on this crash?

[STeve Andre']

On Tuesday 22 June 2010 09:20:12 Tobias Ulmer wrote:
 On Mon, Jun 21, 2010 at 03:41:21PM -0400, STeve Andre' wrote:
 My package builder died this weekend when I couldn't get to it.
  I may have hardware problems--I'm not sure.  Below is the relevent
  data typed in.  Any ideas?  This is an i386-current system compiled
  on June 15th.
 
  Thanks, STeve Andre'
 
  - ps  trace data
   First bad
  /: bad dir ino 14 at offset 69632: mangled entry
  panic: bad dir

 Says it right there, disk structure corrupted. A fsck run will fix it.

Well, yes, I knew that and fixed it.  But in all the time I've used OpenBSD I
have never seen this error.  Being on -current I wondered if there was
something that changed, hence this posting.  I've since brought the system
up to the latest -current and will see what happens.

--STeve Andre'

Re: Mailing list headers

[Casey Allen Shobe]

On Tuesday 22 June 2010 11:11:59 pm you wrote:
 I use gmail and I filter on:

   Matches: to:(misc@openbsd.org)

A mail that is sent to misc@openbsd.org, and CC to my personal address, should 
have the mailing list copy filtered to my misc folder, and the personal copy 
deliverede to my inbox.  Filtering by To or CC breaks this, hence why proper 
mailing list filtering is never done using To, CC, or Subject.

Cheers,
-- 
Casey Allen Shobe
ca...@shobe.info

MIME support for mail

[Predrag Punosevac]

This question is inspired by the recent discussion on nail-devel mailing
list 

http://sourceforge.net/mailarchive/forum.php?forum_name=nail-devel

as well as a private discussion Martin, William, and me had, which you
can read below. 

The only reason I personally chose to use nail over mail from
the base of OpenBSD is MIME as well as IMAP/POP support. I suspect this
is the case with most nail users. IMAP/POP support is not really a big 
deal and should not be part of the base. It could be easily achieved by 
fdm for instance

http://fdm.sourceforge.net/

On another hand OpenBSD version of mail lacks MIME support which is
unfortunately must for me. Yes, I know that MIME functionality can be
achieved by MetaMail or Mpack. However it has been brought to my 
attention that NetBSD version of mail does have such a support. 
I compared the source files for NetBSD version of mail with OpenBSD
version of mail. It appears that MIME functionality has been added to
NetBSD mail about two years ago by adding 7 source and 7 header files. 
The other files look very similar at least in names. How difficult 
would be to port this functionality from NetBSD version of mail?

I guess that this is really the question for Theo and Damien who have
the most of recent CVS commits to mail. I apologize for this noise but 
I am really curios.

Best,
Predrag





 Original Message 
From: William Yodlowsky will...@openbsd.org
To: Predrag Punosevac punoseva...@gmail.com
Subject: Re: [nail-devel] Request II for 12.5 release
Date: Tue, 22 Jun 2010 22:15:15 -0400

On 22 June 2010 at 16:04, Predrag Punosevac punoseva...@gmail.com wrote:

 Martin Neitzel neit...@gaertner.de wrote:
 
  Hi Predrag!
 
  [This reply comes a lttle belated and refers actually to a previous
  email of yours.  This is just a small suggestion.]
 
  If you are doing the courtesy service of providing nail-tar-balls,
  I recommend to go the whole mile and provide the diffs between the
  versions, too.  (I.e., the output from cvs patch -u -r R12_3 -r R12_4 .
  etc.)
 
  This is something I greatly miss in the sendmail releases.  Not so much
  for bandwith reasons, but for a quick review what changed and swift
  security auditing.  Creating the diff locally is always possible but a
  nuisance, in particular if I have already local mods.
 
 Hi Martin,
 
 I am on the same page with you. The thing is that the official nail port
 maintainer is William Yodlowsky. Will is really cool guy but also very

Thanks.

 busy so I pushed him in the past buy sending diff for 12.4 release for
 example. I am going to proceed in the same fashion. I was planning to
 install current on one of the machines and do exactly what you suggested
 hopping that he will pick up peaces at po...@openbsd and commit the
 port.

No worries, I lurk on nail-devel.  I can look at adding patches to bring
the port up to nail's current code, but I was hoping (and waiting) for
Gunnar to release 12.5.

I wrote about keeping a tarball of nail when I responded in private 
mail to him, back when the thread started.  He didn't care to respond.

Admittedly, his lack of action on fixing bugs and nail's crashes on
well-formed attachments has led to nail not being my MUA of choice for 
some time now, so I didn't track changes very closely.  I also didn't
realize people were using it...

 There is also another issue. OpenBSD will soon be free of Sendmail.
 There are two options. One is to alter Makefile so that nail uses
 native OpenSMTPd. Another one is to introduce Sendmail-static dependency
 (Sendmail-static is a small statically linked Sendmail used in the
 chroot environment for instance to deliver massages from your web-server)

/usr/sbin/sendmail is ingrained in many places.  Even if Sendmail were
to be removed, I find it difficult to believe there would be no
Sendmail-like message submission.