Re: Netgear WG111.
On Thu, Sep 08, 2011 at 01:23:22PM +0930, David Walker wrote: Hi Thomas. Sorry for the delay. On 21/08/2011, Tomas Bodzar tomas.bod...@gmail.com wrote: Hi, post output of 'usbdevs -v' command. Controller /dev/usb0: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 addr 2: full speed, power 500 mA, config 1, NETGEAR WG111(0x4240), GlobespanVirata(0x0846), rev 10.20, iSerialNumber 3887- This is not a urtw device (which is 0x6a00) but rather an old style fullmac prism device which we don't support. We support the newer softmac usb prism (upgt) and the older 802.11 prism (wi@usb) but not that particular device.
Re: DNS lookups for hostnames in PF tables
On Wednesday, September 07, 2011 11:13 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: How does PF update a table with hostnames resolved by round-robin DNS? Is it just the first DNS response that is added to the table, or multiple DNS responses? pf doesn't do this, since it is in the kernel. pf only knows about addresses. It does not know about hostnames. pfctl is what is doing this; so this DNS translation happens when you run pfctl. So it depends on whether your pf.conf is dynamically adding it each time you run it. And if you only run pfctl once... For example, is it possible to block a well-known social networking site which resolves to multiple IP addresses, using a PF table socialnet with just the hostname of the website? No. What you want is to expand to all of the addresses. Since address keep being added for such hostnames on the fly, it won't work. Thank you Theo.
Re: Why aren't you running -current?
On Thu, Sep 08, 2011 at 06:49:16AM +0200, Tomas Bodzar wrote: On Thu, Sep 8, 2011 at 6:41 AM, Wesley M. open...@e-solutions.re wrote: Hi, Need to cvs update and rebuild, so take time. And configuration file can change No compilation at all. With snapshots: binary upgrade sysmerge(8) for config files pkg_add -ui for packages Takes cca 15minutes on modern HW. During that time you can drink eg. coffe and occasionally hit Enter on your keyboard :-) So you will have at least 15 minutes of downtime on your production server, but if you run into problems e.g because of a non-trivial configuration file change, kernel bug that makes your network card unusable, and such that has happened in the past your are looking at a worst case downtime of several days waiting for a better snapshot. Depending on the demands on the server that is maybe not worth the risk. You could have an identical dummy server and do a test upgrade to be sure to avoid that. To avoid wasting time and resources sometimes running stable with patches is the better option. Cheers, Wesley. i'm sorry :( don't be sorry, just tell me why, i am just curious. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: pre-orders for 5.0
* Theo de Raadt on Wed, Sep 07, 2011 at 06:35:05AM -0600: I have activated pre-orders for the 5.0 release -- it is scheduled for official release on Nov 1 on the FTP sites. As usual, we try to get CDs in people's hands slightly a few days before that. http://www.openbsd.org/orders.html I think the link to OpenCompany (Italy) should be dropped. They list OpenBSD 4.5 as the current version and mention being out of stock until that one arrives. The last update to the front page was somewhere in 2008 -- it looks rather abandoned... s//un
Re: Why aren't you running -current?
We're using official releases in production because: It's tested. It's supported. It's coherent in means of packages and base system. No headaches during upgrades (at least none as of now, since 4.3) You can buy it (CDs, stickers!)
Re: Why aren't you running -current?
On Thu, Sep 8, 2011 at 9:40 AM, Raimo Niskanen raimo+open...@erix.ericsson.se wrote: On Thu, Sep 08, 2011 at 06:49:16AM +0200, Tomas Bodzar wrote: On Thu, Sep 8, 2011 at 6:41 AM, Wesley M. open...@e-solutions.re wrote: Hi, Need to cvs update and rebuild, so take time. And configuration file can change No compilation at all. With snapshots: binary upgrade sysmerge(8) for config files pkg_add -ui for packages Takes cca 15minutes on modern HW. During that time you can drink eg. coffe and occasionally hit Enter on your keyboard :-) So you will have at least 15 minutes of downtime on your production server, but if you run into problems e.g because of a non-trivial configuration file change, kernel bug that makes your network card unusable, and such that has happened in the past your are looking at a worst case downtime of several days waiting for a better snapshot. Depending on the demands on the server that is maybe not worth the risk. For that purpose there are HA setups, site scripts and other stuff to do update quickly without break in production. Or very short breaks in production which are regularly planned. You could have an identical dummy server and do a test upgrade to be sure to avoid that. To avoid wasting time and resources sometimes running stable with patches is the better option. He did not ask most important question. If he is interested in workstation/laptop/desktop/home use of current or big production. Still for stable with patches you need either separate machine which will create release or do that on production machine. Any of that needs some break in production when you apply that. Cheers, Wesley. i'm sorry :( don't be sorry, just tell me why, i am just curious. -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Why aren't you running -current?
On Thu, 08 Sep 2011 10:01:06 +0200 (CEST) HSL GmbH - wrote: New bugs are caught by snapshots and if you need the latest package then current is good once you know your way around. It's supported. I believe that's the main reason given in the faq for running stable for servers in that there are lots of people running exactly the same code and so they can troubleshoot or make others aware of any issues. Of course the best troubleshooters are running and care more about current, so it's a mixed bag. This may be a moot point in reality but the code is also more verifiable with cds and checksums.
Re: cwm autogroup confusion
On Tue 2011.09.06 at 18:46 -0600, Daniel Melameth wrote: I'm trying to put one xterm in a different autogroup. This xterm's relevant properties (via xprop) are: WM_CLASS(STRING) = xterm, XTerm WM_NAME(STRING) = largexterm The relevant portion of my .cwmrc is: autogroup 1 xterm,XTerm autogroup 3 largexterm,XTerm With this, largexterm is always put in autogroup 1. What am I missing? Hi, cwm uses application name and class, (xterm, XTerm) respectively. WM_NAME can change at any point, for example the title of a web page can change WN_NAME on a browser window, and a shell can change WM_NAME while doing something, and so forth; really it's the title. This is not a value on which we base grouping. It might be confusing that the atom is named WM_NAME while WM_CLASS includes app name and class, which are different properties. Hope that's more clear. Cheers, Okan
Re: cwm autogroup confusion
On 8 September 2011 10:39, Okan Demirmen o...@demirmen.com wrote: confusing that the atom is named WM_NAME while WM_CLASS includes app name and class, which are different properties. No, WM_CLASS includes the *resource* name, and the class, which has nothing to do with WM_NAME. Yes, WM_CLASS should be used, because this property cannot change once the window has left the WithDrawn state when it's mapped. Please do not confuse the resource property of WM_CLASS with the window's WM_NAME. -- Thomas Adam
Re: Most secure Operating-System?
On Wed, Sep 7, 2011 at 8:44 PM, Clint Pachl pa...@ecentryx.com wrote: Alec Taylor wrote: What's the most secure operating system? /me is thinking OpenBSD SELinux by far. I just listened to an interview with one of the devs on the project (http://twit.tv/show/floss-weekly/156). Wow! With SELinux, you basically just flip a switch and boom, you're secure. No process can talk to any other processes without your permission. No process can access the Internet if you don't want it to. Say goodbye to buffer overflows! It's implemented by the USA's NSA so you know it's the most secure OS in the Universe. It's truly amazing security. Set it and forget it! Alec, I think you really need to refocus on SELinux. I'm afraid to say that at most sites, they turn off SELinux by default. Developers are too unwilling to learn the File System Hierarchy to actually follow it, and developers of tools like OpenSSH have few ways to predict its consequences and code in concert with it. See https://bugzilla.redhat.com/show_bug.cgi?id=524276 for a typical example of SELinux breaking the ssh-copy-id tool.
Re: cwm autogroup confusion
On Thu 2011.09.08 at 11:37 +0100, Thomas Adam wrote: On 8 September 2011 10:39, Okan Demirmen o...@demirmen.com wrote: confusing that the atom is named WM_NAME while WM_CLASS includes app name and class, which are different properties. No, WM_CLASS includes the *resource* name, and the class, which has nothing to do with WM_NAME. Yes, WM_CLASS should be used, because this property cannot change once the window has left the WithDrawn state when it's mapped. Please do not confuse the resource property of WM_CLASS with the window's WM_NAME. Right, I am saying they are different. The names are the confusing part.
Re: Netgear WG111.
On 08/09/2011, Jonathan Gray j...@goblin.cx wrote: This is not a urtw device (which is 0x6a00) but rather an old style fullmac prism device which we don't support. We support the newer softmac usb prism (upgt) and the older 802.11 prism (wi@usb) but not that particular device. Thank you Jonathon. Best wishes.
Re: Why aren't you running -current?
On 09/08/11 06:18, Kevin Chadwick wrote: On Thu, 08 Sep 2011 10:01:06 +0200 (CEST) HSL GmbH - wrote: New bugs are caught by snapshots and if you need the latest package then current is good once you know your way around. It's supported. I believe that's the main reason given in the faq for running stable for servers in that there are lots of people running exactly the same code and so they can troubleshoot or make others aware of any issues. Of course the best troubleshooters are running and care more about current, so it's a mixed bag. Actually, No. -stable has nothing to do about debugging or troubleshooting. When it comes to support, nothing is better supported than -current. If you tell the developers that something that was working is now broke on -current, they'll be all over it like a *** on . If something is broke on -release or -stable, the first question will be, does it work on -current? If something isn't supported on -release or -stable, that will never change. New features, new hardware support ONLY happens on -current. If something is broke on -release, it will be first fixed on -current, then pushed back to -stable if it is significant enough. The biggest reason to run -stable or -release is a nice neat resting point in the endless upgrade race. If you install -current today and three weeks from now wish to add a new application package, you will most likely need to start by upgrading to the new -current first. If you install -release or -stable, you can install -release packages at any time you wish. If you have a bunch of machines, you may find it easier to keep them all at the same level, both for maintenance and for consistent upgrades. -release/-stable is a logical place to sit. A perfect release is the goal of OpenBSD. We don't always hit it, but that's the goal. (we also strive for today's -current to be better than yesterday's -current, and either to be better than the last -release. These aren't mutually exclusive goals). This may be a moot point in reality but the code is also more verifiable with cds and checksums. There's a valid point. Buy a CD, get the most official release, keep OpenBSD happening. Nick.
Re: DNS lookups for hostnames in PF tables
On Thu, Sep 8, 2011 at 01:13, Theo de Raadt dera...@cvs.openbsd.org wrote: For example, is it possible to block a well-known social networking site which resolves to multiple IP addresses, using a PF table socialnet with just the hostname of the website? No. B What you want is to expand to all of the addresses. B Since address keep being added for such hostnames on the fly, it won't work. Blocking those hosts by IP is highly impractical given the reasons you noted, and I'll add that it's usually a *really* bad idea to block the CDNs by IP unless Gerard also wants to block his users from Microsoft's update service, support.dell.com and a few other big names. Been there, done that, suffered the resulting black eye. Gerard - if this is to meet some policy that you can't influence then use Squid with wildcards on the domains, play tricks in DNS if you need to, then hope your users aren't proxying connections via outside connections - all they need is one arbitrary port open to one arbitrary host and you can be completely blind to what they're doing. If you *can* influence the policy, consider a default deny with whitelisting for necessary destinations/ports. kmw
Re: Why aren't you running -current?
I want an OS that works right out of the box. I am not a kernel hacker, nor am I wanting to do nightlys or even weekly system upgrades. I want to grab the release and have a compter that lets ne actually use the damn thing like I wasn't an idiot. I've been meaning to compile -current, but rarely get the time I need. I run OpenBSD because it's the only system I can find that just works. --Sean
Re: DNS lookups for hostnames in PF tables
On 2011-09-08, Gerard Lally ger...@netmail.ie wrote: Hi. First post. Beginner- to intermediate user. How does PF update a table with hostnames resolved by round-robin DNS? Is it just the first DNS response that is added to the table, or multiple DNS responses? $ echo 'match to facebook.com' | pfctl -nvf - match inet from any to 69.63.189.11 match inet from any to 69.63.181.12 match inet from any to 69.63.189.16 it takes all records from the response, but doesn't track updates. For example, is it possible to block a well-known social networking site which resolves to multiple IP addresses, using a PF table socialnet with just the hostname of the website? Yes, I do know this should be done with Squid, and I am using Squid for this purpose, but I am inquiring just out of curiosity. simpler to poison the DNS with your own local records for somedomain.com; preferably at the resolver, if not there then dnsspoof (in dsniff) might be workable.
Re: pf shape download
Hi,
I already write that I wanted to do dynamic shaping.
Here my test rule output from pftop, system is 4.9 :
0 Pass In Q lo0 K00
0 inet6 from any to ::1/128 flags S/SA
1 Pass In Q lo0 K00
0 inet6 from any to fe80::1/128 flags S/SA
2 Pass Out Q lo0 K00
0 inet6 from any to ::1/128 flags S/SA
3 Pass Out Q lo0 K00
0 inet6 from any to fe80::1/128 flags S/SA
4 Pass In Q lo0 K00
0 inet from any to 127.0.0.1/32 flags S/SA
5 Pass Out Q lo0 K00
0 inet from any to 127.0.0.1/32 flags S/SA
6 Pass Out Q K00
0 from admin to any flags S/SA
7 Pass Out Q K00
0 inet from 192.168.3.0/24 to any flags S/SA
8 Pass In Q K3 234
3 from admin to any flags S/SA
9 Pass In Q K 9311132
49 inet from 192.168.3.0/24 to any flags S/SA
10 Pass In Q ext_if udp K00
0 inet from 10.5.16.255/32 port = 698 to any
11 Pass In K 3114 287664
35 all flags S/SA
12 Pass OutK 2790 234360
9 all flags S/SA
13 Pass Out em0 K 13539103
21 from second to any flags S/SA queue second
Now, will downloading, if I add a address to second
with pfctl, it won't shape it until I stop de download and
restart it. After adding the address to the table, I clear
state for this address
pfctl -t second -T add 10.254.200.2
pfctl -k 10.254.200.2
Even try
pfctl -F all -f /etc/pf.conf
without result, it will stay on default
Once I stop and restart my download, it will pass
trough second but that not what I need, I wanted to
shape automaticly those who take too much
bandwith.
When restarted my download and I pass trough second,
if I delete the address from the tab and clear the state
again, it will change to the default queue.
pfctl -t second -T del 10.254.200.2
pfctl -k 10.254.200.2
But if I try to shape 10.254.200.2 again by adding it to
second tab, I must restart my download again.
Is it normal or a behaviure ?
Le 2011-09-07 17:25, Michel Blais a icrit :
Hi all,
thanks for your help and tips.
I have do some testing when I add some free time.
I finally got it working by creating the queue on my internal
if (now em1 instead of re1)
altq on $int_if hfsc bandwidth 97Mb qlimit 500 queue { main, second }
queue main on $int_if bandwidth 1Mb qlimit 250 priority 4
hfsc(upperlimit 97Mb default)
queue second on $int_if bandwidth 1Mb qlimit 250 priority 0
hfsc(upperlimit 1Mb)
and using the following rules
pass out on $ext_if from $my_ip queue depri
2 things I don't understand :
1 - pass out on external if = traffic going out on WAN
this should be upload then
download should be pass in on external if or
out on internal if, right ?
Why must I use a rule on upload to shape download ?
Also, on the bob exemple of queue faq :
http://openbsd.org/faq/pf/queueing.html
Queue is on external if (just like me) but rules
pass out on dc0 to $bob queue bob_in
is also out on internal if.
Why must I do my out rules on external if ?
Is the FAQ wrong ?
2 - I can't use match to transfert traffic in a queue ?
If I use
match out on $ext_if from $my_ip queue depri
instead of
pass out on $ext_if from $my_ip queue depri
then it doesn't work anymore
From what I understand from match rule, it should always
be apply like a quick rule without altering pass or block rule.
Am I wrong ? That would be perfect for my queue rules
because queue will change dynamically. I know I could do
my shaping rules without match but I will have more
exception to take care of.
Also, I can see on a mail from william.dun...@gmail.com
subject : Re: match queue ignored
After further experimentation, I found out the following:
match queue overrides:
- a previous match queue assignment
- the default queue
Was it add on 5.0 ?
I'm using 4.9
My rule set that work fine from pftop output
after a speed test :
RULE ACTION DIR LOG Q IF PRK PKTSBYTES
STATES MAX INFO
0 Pass In Q lo0 K00
0 inet6 from any to ::1/128 flags S/SA
1 Pass In Q lo0 K00
0 inet6 from any to fe80::1/128 flags S/SA
2 Pass Out Q lo0 K00
0 inet6 from any to ::1/128 flags S/SA
3 Pass Out Q lo0 K00
0 inet6 from any to fe80::1/128
Re: DNS lookups for hostnames in PF tables
$ echo 'match to facebook.com' | pfctl -nvf - match inet from any to 69.63.189.11 match inet from any to 69.63.181.12 match inet from any to 69.63.189.16 it takes all records from the response, but doesn't track updates. If we blocked Facebook at work in Sweden, all employees would leave in a couple of minutes. Seriously. ;) /Johan
Re: Why aren't you running -current?
roberth rob...@openbsd.pap.st writes: Seriously, why? I was current for the first time in years just before the 5.0 tag to try out Dale Rahn's powerpc interrupt changes since I was seeing errors in my log that seemed to fit the description in the email in tech asking for testers. Usually, I don't run current because I'm not sure I know what I should be looking for or trying out to provide helpful tests. The fact that I'm not at the level of understanding to know what a kernel developer might find useful to have checked suggests to me I'm not doing anything very useful by running current usually. So that would leave only my own purposes. I'm really fond of the six month rhythm, but there are some things I like about being close to the latest too, mostly to do with not having to backport the ports that I somehow get into my head I want a later version of. I'm not sure if this will be a good enough reason yet. Soon I should try an upgrade to a snapshot now that these interrupt changes are committed. Maybe I will stick somewhere near current or a snapshot from now on, at least on my main machine. I don't know. A question I wonder about though, if I'm not running current in a way that helps the project, am I just wasting system and network resources keeping up with it? - Mike
BSD Day 2011
Are some of the devs attending or no one invited? http://www.bsdday.eu/2011
Re: cwm autogroup confusion
On Thu, Sep 8, 2011 at 3:39 AM, Okan Demirmen o...@demirmen.com wrote: On Tue 2011.09.06 at 18:46 -0600, Daniel Melameth wrote: I'm trying to put one xterm in a different autogroup. This xterm's relevant properties (via xprop) are: WM_CLASS(STRING) = xterm, XTerm WM_NAME(STRING) = largexterm The relevant portion of my .cwmrc is: autogroup 1 xterm,XTerm autogroup 3 largexterm,XTerm With this, largexterm is always put in autogroup 1. What am I missing? cwm uses application name and class, (xterm, XTerm) respectively. WM_NAME can change at any point, for example the title of a web page can change WN_NAME on a browser window, and a shell can change WM_NAME while doing something, and so forth; really it's the title. This is not a value on which we base grouping. It might be confusing that the atom is named WM_NAME while WM_CLASS includes app name and class, which are different properties. Hope that's more clear. Crystal. Thanks for the explanation Okan--I can now achieve what I want.
dump -L
Hello all # uname -a OpenBSD odin.thorshammare.org 4.9 GENERIC#671 i386 I intend to use dump for backups, but got a bit confused about the lack of the -L switch I would usually issue a command like /sbin/dump -0Lauf to make a snapshot of a living file system to back up. Can't find much info of about this googling or anything about 'backing up live file systems' in the man pages. TIA /hasse
Re: dump -L
On 8 September 2011 17:59, Admin ValhallaProjectet ad...@thorshammare.org wrote: I intend to use dump for backups, but got a bit confused about the lack of the -L switch I would usually issue a command like /sbin/dump -0Lauf to make a snapshot of a living file system to back up. I'm not sure why you want to use the -L, given that your above command line doesn't include a label (and that's what the -L is for, cf. http://linux.die.net/man/8/dump). Uncritical copypasta? The -L parameter is something available in this version of dump: http://dump.sf.net/ Note that it says there (emphasis added): This is the home page of the **Linux** Ext2 filesystem dump/restore utilities. Philosophy-wise, the thousands of different parts that Linux OSes consist of tend to be developed in a thousand different places -- and then pulled from those places by Linux distro makers who assemble their particular brand of Linux from those many pieces (or from others who make a similar flavour and have already done some pulling and assembling). These Linux dump/restore utils are one such piece. *BSDs don't tend to do that. *BSDs tend to be monolithic. The parts that *BSDs consist of are generally not sold separately, and are all in the (main code-) base tree and maintained there. As is the dump that comes with OpenBSD. Even where (as here) the license is the same on the *BSD and Linux side, *BSD commands are not always or not typically the same as their Linux counterparts. An important philosophical difference is that on the Linux side, commands and utilities (particularly GNU ones) tend to have more knobs and buttons than on the *BSD side. And that is the case here. The -L doesn't exist in OpenBSD's dump(8) http://www.openbsd.org/cgi-bin/man.cgi?query=dump. The rationale for the fewer knobs is that less is more -- and often more POSIX-conform (though dump/restore aren't in the POSIX spec anyway, so whatever http://pubs.opengroup.org/onlinepubs/9699919799/utilities/contents.html). Seeing that both the Linux dump and OpenBSD's dump are BSD licensed, it *might* be possible to write a diff and add that feature to OpenBSD's dump -- however, you'd probably have to have a pretty good reason for adding another knob to OpenBSD's dump, and I reckon getting a diff that does do that accepted into base might be an uphill battle, as it might be seen to run counter to *BSD philosophy. But hey, I don't make the rules, I don't even write ANY of the code, so don't let my outside-looking-in observations put you off. regards, --ropers PS: AHA! http://www.freebsd.org/cgi/man.cgi?query=dump You little rogue and rascally scoundrel! ;-P Gotcha! ;-D 'Figured it out about your use of -L! Now, repeat after me: I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD.
Re: Why aren't you running -current?
On Thu, 08 Sep 2011 10:57:57 -0400 Mike Small wrote: A question I wonder about though, if I'm not running current in a way that helps the project, am I just wasting system and network resources keeping up with it? There are many mirrors, just choose a close one, I'm sure everyone would rather you report bugs on current especially testing ports even if you can't troubleshoot.
Re: Why aren't you running -current?
On Thu, 8 Sep 2011 08:31:27 -0400 Sean Howard wrote: I've been meaning to compile -current, but rarely get the time I need. You can just use the snapshots and snapshot packages the same as release just a different folder on the server. You don't even need to compile ports if you don't want to.
Re: Why aren't you running -current?
On Thu, 08 Sep 2011 07:16:13 -0400 Nick Holland wrote: Actually, No. -stable has nothing to do about debugging or troubleshooting. Points taken but I'm pretty sure there will be more servers running stable than current so hard to find bugs are more likely to be reported on by those masses allowing you to take preventative measures like installing current ;-) (I think the faq mentions this), stable also received the stop and test phase before more development that Theo talks about in his development cycle, of course that's part of what makes current so stable too. I don't have this problem but I wouldn't want to explain a beta message to my boss during boot up if a servers broke due to a bug in current. Though you should have redundancy in place anyway.
Re: dump -L
On 8 September 2011 21:40, Hasse Hansson o...@thorshammare.org wrote: O... So sorry... I forgot I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. :-) Hasse Heh. :) Thanks for your gracious response. And by the way, this, in summary, is yet another reason why you don't want to add too many knobs to your de facto/semi-standard ulittleties ;-P -- particularly not without looking left and right at what your other unix brethren are doing: http://linux.die.net/man/8/dump and http://netbsd.gw.com/cgi-bin/man-cgi?dump -L label The user-supplied text string label is placed into the dump header, where tools like restore(8) and file(1) can access it. Note that this label is limited to be at most LBLSIZE (currently 16) characters, which must include the terminating `\0'. http://www.freebsd.org/cgi/man.cgi?query=dump -L This option is to notify dump that it is dumping a live file sys- tem. To obtain a consistent dump image, dump takes a snapshot of the file system in the .snap directory in the root of the file system being dumped and then does a dump of the snapshot. The snapshot is unlinked as soon as the dump starts, and is thus removed when the dump is complete. This option is ignored for unmounted or read-only file systems. If the .snap directory does not exist in the root of the file system being dumped, a warning will be issued and the dump will revert to the standard behavior. This problem can be corrected by creating a .snap directory in the root of the file system to be dumped; its owner should be ``root'', its group should be ``operator'', and its mode should be ``0770''. http://www.openbsd.org/cgi-bin/man.cgi?query=dump *crickets*
Re: dump -L
O... So sorry... I forgot I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. :-) Hasse -Oprindelig meddelelse- Fra: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Pe vegne af ropers Sendt: den 8 september 2011 21:06 Til: Admin ValhallaProjectet Cc: misc@openbsd.org Emne: Re: dump -L On 8 September 2011 17:59, Admin ValhallaProjectet ad...@thorshammare.org wrote: I intend to use dump for backups, but got a bit confused about the lack of the -L switch I would usually issue a command like /sbin/dump -0Lauf to make a snapshot of a living file system to back up. I'm not sure why you want to use the -L, given that your above command line doesn't include a label (and that's what the -L is for, cf. http://linux.die.net/man/8/dump). Uncritical copypasta? The -L parameter is something available in this version of dump: http://dump.sf.net/ Note that it says there (emphasis added): This is the home page of the **Linux** Ext2 filesystem dump/restore utilities. Philosophy-wise, the thousands of different parts that Linux OSes consist of tend to be developed in a thousand different places -- and then pulled from those places by Linux distro makers who assemble their particular brand of Linux from those many pieces (or from others who make a similar flavour and have already done some pulling and assembling). These Linux dump/restore utils are one such piece. *BSDs don't tend to do that. *BSDs tend to be monolithic. The parts that *BSDs consist of are generally not sold separately, and are all in the (main code-) base tree and maintained there. As is the dump that comes with OpenBSD. Even where (as here) the license is the same on the *BSD and Linux side, *BSD commands are not always or not typically the same as their Linux counterparts. An important philosophical difference is that on the Linux side, commands and utilities (particularly GNU ones) tend to have more knobs and buttons than on the *BSD side. And that is the case here. The -L doesn't exist in OpenBSD's dump(8) http://www.openbsd.org/cgi-bin/man.cgi?query=dump. The rationale for the fewer knobs is that less is more -- and often more POSIX-conform (though dump/restore aren't in the POSIX spec anyway, so whatever http://pubs.opengroup.org/onlinepubs/9699919799/utilities/contents.html). Seeing that both the Linux dump and OpenBSD's dump are BSD licensed, it *might* be possible to write a diff and add that feature to OpenBSD's dump -- however, you'd probably have to have a pretty good reason for adding another knob to OpenBSD's dump, and I reckon getting a diff that does do that accepted into base might be an uphill battle, as it might be seen to run counter to *BSD philosophy. But hey, I don't make the rules, I don't even write ANY of the code, so don't let my outside-looking-in observations put you off. regards, --ropers PS: AHA! http://www.freebsd.org/cgi/man.cgi?query=dump You little rogue and rascally scoundrel! ;-P Gotcha! ;-D 'Figured it out about your use of -L! Now, repeat after me: I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD.
Re: Why aren't you running -current?
On Thu, Sep 08, 2011 at 01:56:55AM +0200, roberth wrote: Seriously, why? Funnily enough, a lot of people interpreted that as why aren't you running -current on all your machines ? which is obviously a different question, with a legitimate different answer. Most specifically, development happens in -current. If things stop working, and you only run releases, you will only notice when you update to the next release... So, having at least some system where you run -current, preferably in conditions similar to production machines, is a good idea to make sure you don't run into nasty surprises. It also helps us *a lot* as developers to find out about problems very soon after we introduce them...
Re: dump -L
LOL ! Yup, you realy got me. I'm coming from FreeBSD. And, yes, I'am little bit confused, and some time totally out in the wild :-) That's why it's so nice to have someone to lean on. Thanks for your answer. /Hasse. -Oprindelig meddelelse- Fra: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Pe vegne af ropers Sendt: den 8 september 2011 21:06 Til: Admin ValhallaProjectet Cc: misc@openbsd.org Emne: Re: dump -L On 8 September 2011 17:59, Admin ValhallaProjectet ad...@thorshammare.org wrote: I intend to use dump for backups, but got a bit confused about the lack of the -L switch I would usually issue a command like /sbin/dump -0Lauf to make a snapshot of a living file system to back up. I'm not sure why you want to use the -L, given that your above command line doesn't include a label (and that's what the -L is for, cf. http://linux.die.net/man/8/dump). Uncritical copypasta? The -L parameter is something available in this version of dump: http://dump.sf.net/ Note that it says there (emphasis added): This is the home page of the **Linux** Ext2 filesystem dump/restore utilities. Philosophy-wise, the thousands of different parts that Linux OSes consist of tend to be developed in a thousand different places -- and then pulled from those places by Linux distro makers who assemble their particular brand of Linux from those many pieces (or from others who make a similar flavour and have already done some pulling and assembling). These Linux dump/restore utils are one such piece. *BSDs don't tend to do that. *BSDs tend to be monolithic. The parts that *BSDs consist of are generally not sold separately, and are all in the (main code-) base tree and maintained there. As is the dump that comes with OpenBSD. Even where (as here) the license is the same on the *BSD and Linux side, *BSD commands are not always or not typically the same as their Linux counterparts. An important philosophical difference is that on the Linux side, commands and utilities (particularly GNU ones) tend to have more knobs and buttons than on the *BSD side. And that is the case here. The -L doesn't exist in OpenBSD's dump(8) http://www.openbsd.org/cgi-bin/man.cgi?query=dump. The rationale for the fewer knobs is that less is more -- and often more POSIX-conform (though dump/restore aren't in the POSIX spec anyway, so whatever http://pubs.opengroup.org/onlinepubs/9699919799/utilities/contents.html). Seeing that both the Linux dump and OpenBSD's dump are BSD licensed, it *might* be possible to write a diff and add that feature to OpenBSD's dump -- however, you'd probably have to have a pretty good reason for adding another knob to OpenBSD's dump, and I reckon getting a diff that does do that accepted into base might be an uphill battle, as it might be seen to run counter to *BSD philosophy. But hey, I don't make the rules, I don't even write ANY of the code, so don't let my outside-looking-in observations put you off. regards, --ropers PS: AHA! http://www.freebsd.org/cgi/man.cgi?query=dump You little rogue and rascally scoundrel! ;-P Gotcha! ;-D 'Figured it out about your use of -L! Now, repeat after me: I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD. I will not use FreeBSD documentation for OpenBSD.
Re: Why aren't you running -current?
So, having at least some system where you run -current, preferably in conditions similar to production machines, is a good idea to make sure you don't run into nasty surprises. It also helps us *a lot* as developers to find out about problems very soon after we introduce them... good point. i'm kindly new to openbsd, and using the -stable ; will setup a VM to test the updates done in -current, and with luck contribute back with code to the community of this great os. - Bcz sex is like hacking.. you get in, you get out, and you hope you didn't leave something behind that can be traced back to you.. - http://insanenetworks.blogspot.com - On 8 September 2011 18:01, Marc Espie es...@nerim.net wrote: On Thu, Sep 08, 2011 at 01:56:55AM +0200, roberth wrote: Seriously, why? Funnily enough, a lot of people interpreted that as why aren't you running -current on all your machines ? which is obviously a different question, with a legitimate different answer. Most specifically, development happens in -current. If things stop working, and you only run releases, you will only notice when you update to the next release... So, having at least some system where you run -current, preferably in conditions similar to production machines, is a good idea to make sure you don't run into nasty surprises. It also helps us *a lot* as developers to find out about problems very soon after we introduce them...
Loongson -- is it actually encumbered now?
I have for some time quite covetously looked at hardware for this: http://www.openbsd.org/loongson.html (and at the Lemote Yeeloong netbook in particular). But I could never really afford new kit, so I still haven't bought any loongson hardware. But I'm still thinking about it. The big draw for me was the reported complete open-source-ness and unencumbered-ness of the whole hardware platform. Now I'm reading at Wikipedia that the Chinese have supposedly caved and coughed up some protection money to one or the other US Intellectual Property (haha) shakedown scheme or entity: http://en.wikipedia.org/wiki/Loongson#MIPS_patent_issues So does this mean that this platform is now to be regarded as patent-encumbered and no longer completely free (libre)? (That would kind of ruin the big appeal for me.) Thoughts? regards, --ropers
Trying to use AR5413 (ath(4)) based wireless card on the Soekris net5501 in OpenBSD/i386 4.9-GENERIC
Hello. I bought a 'Z-COM AG-623C 100mW 802.11a/b/g High Power Wireless Mini-PCI Card' from DealeXtreme ( http://www.dealextreme.com/p/z-com-ag-623c-100mw-802-11a-b-g-high-power-wireless-mini-pci-card-33934) not long ago. I installed it in my Soekris net5501 yesterday. Here is the uname -a: OpenBSD mithrandir.my.domain 4.9 GENERIC#671 i386 The card shows up as a AR5413 chip in dmesg and not a AR5414 chip as announced on DX. Here are the entries from dmesg: ath0 at pci0 dev 17 function 0 Atheros AR5413 rev 0x01: irq 15 ath0: AR5413 10.5 phy 6.1 rf 6.3, FCC2A*, address 00:60:b3:26:b9:01 I bought this card in the hope that it would work, because Soekris.EU does sell the real AR5414 based card, and I believe that is some sort of quality assurance. The problem is that the card I have does not work, e.g. when I try to do a scan: # ifconfig ath0 up # ifconfig ath0 scan ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:60:b3:26:b9:01 priority: 4 groups: wlan media: IEEE802.11 autoselect (OFDM6 mode 11a) status: no network ieee80211: nwid none Previously, I used an ipw(4) based card from Intel that required an extra package ipw-firmware. That card was so weak it only found two wlans. At least, it did work, this does not. I bought this card since the ath(4) had hostap support, and in the OpenBSD songs there is a lot of good words about Atheros.The chip is very old, so I would believe that it was supported by now. I have read in WIkipedia [1] that the card is supported by Linux since kernel version 2.6.25, plus it is supported in FreeBSD and NetBSD as well. But, I want to use it in OpenBSD :) Regards, Rasmus -- References [1] http://en.wikipedia.org/wiki/Comparison_of_open_source_wireless_drivers
Re: Loongson -- is it actually encumbered now?
On Fri, Sep 09, 2011 at 12:32:25AM +0200, ropers wrote: I have for some time quite covetously looked at hardware for this: http://www.openbsd.org/loongson.html (and at the Lemote Yeeloong netbook in particular). But I could never really afford new kit, so I still haven't bought any loongson hardware. But I'm still thinking about it. The big draw for me was the reported complete open-source-ness and unencumbered-ness of the whole hardware platform. Now I'm reading at Wikipedia that the Chinese have supposedly caved and coughed up some protection money to one or the other US Intellectual Property (haha) shakedown scheme or entity: http://en.wikipedia.org/wiki/Loongson#MIPS_patent_issues So does this mean that this platform is now to be regarded as patent-encumbered and no longer completely free (libre)? (That would kind of ruin the big appeal for me.) Thoughts? regards, --ropers Yeah, it's non-free and you don't even get all the VHDL files for the chips. Now please go and continue your whining on the FSF or gNewSense mailinglists, it has absolutly no place here.
Anyterm or ??
Like to setup an ssh client behind an SSL connection, .. is there anything like anyterm available? Lee
Conundrum with aucat and rc_scripts
Hi, I've configured the ices package to stream whatever happens to be flowing into my sound card line input using this roundabout method (seems to work the best given that ices will read from a FIFO but not stdin): 1. aucat writes line in to FIFO at /dev/aucat/.raw; 2. lame reads from above and writes to FIFO /dev/lame/.mp3; 3. ices reads from above and sends to my icecast server. The following commands in a sh script run from root's shell form the meat of the above chain of events: /usr/local/bin/lame --quiet -r -a -b 56 /dev/aucat/.raw /dev/lame/.mp3 /usr/bin/aucat -o - /dev/aucat/.raw /etc/rc.d/ices start However, if I try to adjust /etc/rc.local to include the first two lines (which need to be running before ices gets called by rc_scripts in rc.conf.local), aucat refuses to start. I've also taken the above commands and created a slightly more robust watchdog script that is run as a cronjob. crontab entry: * * * * * /root/bin/wd_ices.sh /root/bin/wd_ices.sh: #!/bin/sh AUCAT_PID=`/bin/ps ax|grep -v grep|grep 'aucat -o -'|sed -e 's/^ *//' -e 's/ .* //'` LAME_PID=`/bin/ps ax|grep -v grep|grep 'lame '|sed -e 's/^ *//' -e 's/ .*//'` ICES_PID=`/bin/ps ax|grep -v grep|grep 'ices '|sed -e 's/^ *//' -e 's/ .*//'` if [ $AUCAT_PID -eq -o $LAME_PID -eq -o $ICES_PID -eq ]; then echo ices and/or its streams were not running and were restarted on `date`. /etc/rc.d/ices stop kill $LAME_PID /dev/null 21 kill $AUCAT_PID /dev/null 21 sleep 5 /usr/local/bin/lame --quiet -r -a -b 56 /dev/aucat/.raw /dev/lame/.mp3 /usr/bin/aucat -o - /dev/aucat/.raw /etc/rc.d/ices start fi exit Unfortunately, this doesn't work exactly as expected either. While aucat actually starts up, cron doesn't seem to like something about it and gets stuck trying to send a message to root. `ps ax` shows the problem, which just stalls there and won't go away: -PID- ?? I 0:00.04 /usr/sbin/sendmail -FCronDaemon -odi -oem -oi -t If I kill lame (which brings down aucat and ices), sendmail will then get the message through and exit. Can anyone tell me how to get lame and aucat running properly at startup before /etc/rc.d/ices gets called by rc.local? Can anyone tell me how to get the same working with cron without those sendmail problems? Thanks. Breeno
