Re: pf doesn't work after changing isp
SOLVED I apologize for all the noise. $ grep 'domain-name-servers' /etc/dhcpd.conf option domain-name-servers 192.168.0.1; It didn't occur to me to ping an ip address until Bryan suggested I run tcpdump (thanks Bryan). Seeing all those IPs scroll along the console gave me the idea of pinging an IP, which then made me realize pf wasn't failing to pass/blocking packets after all. I had a Cradlepoint converting my Sprint broadband signal to ethernet, thus the 192.168.0.1 nameserver. That was an additional link in the chain I hadn't accounted for, so when I switched to a cable modem I didn't change things accordingly. This error is painfully obvious to most of you, so again, sorry for the noise of this thread, and thanks for not dropping me in an acid bath. -Scott
Re: pgt firmware ...
On 2012-02-27, David Walker davidianwal...@gmail.com wrote: Unfortunately it seems there's bigger issue anyway. When I plug the card in there's either no action (no ifconfig, no LEDs, no console message) or I get a panic. It happens invariably (I think) if the card's in at boot, here's one (hand typed) ... from pgt(4), The pgt driver provides support for Conexant/Intersil GT-series devices which can support the Full-Mac firmwares, using the ISL3877, ISL3880, and ISL3890 chips. The pgt driver will not (yet) work on similar devices using the ISL3886 or similar chips which use the Soft-Mac firmwares. do you know which device you have? I've done 'ps' and 'trace' but they're a bit long to transcribe right now. I did 'boot dump' and can see the dump in /var/crash - when I get sometime I'll try and read some more man pages and see if I can extract anything useful. In theory dmesg should be able to pick up the message buffer from that dump, see the options in dmesg(8).
Re: random nat, ftp clients and 425: Securiy: Bad IP connecting
On 2012-02-28, Camiel Dobbelaar c...@sentia.nl wrote: On 27-2-2012 22:22, Hrvoje Popovski wrote: i'm having problem with ftp communication. when ftp client behind openbsd 5.0 firewall connects to ftp server or servers they see 425: Securiy: Bad IP connecting. openbsd has random nat with pool of /27 public addresess and inside hosts connect through that pool. when ftp-proxy is enabled or nat is configured without random nat option, everything is working like charm. problem is that i need that crazy random stuff :) is there any option to rotate ip adrese per ftp session? There is no such option in ftp-proxy. What _might_ work is to run one ftp-proxy per IP (30 in your case) and use random on the divert-to. 5 minutes later I just tried it, and it does not work... divert-to does not support random like rdr-to does. -- Cam *not* tested but you could probably run a couple of ftp-proxy instances on different ports and use 'probability' rules to hit the right one. btw: that random stuff, at least without source-tracking, is likely to break bank websites etc.
Re: Router project on OpenBSD questions
I also would like to know if anyone knows of any ADSL2+ Annex M standard
PCI (/x/) based modem card that I can use to connect to my ISP with
instead of using an external device?
So far in my search I came across this:
http://linitx.com/viewcategory.php?catid=47
This is basically an ADSL router on a PCI card presenting as an ethernet
interface. iirc, you configure it with telnet/http. In a normal config then
this card will be actively routing packets.
Personally I prefer to have a separate router/modem that can be swapped
out without powering down the machine, and usually connected by a better
quality network interface than an rl(4) Main advantage I see
with these particular carsd is that if you have a dual-PSU machine
you can get some power protection.
If you want to terminate ppp in OpenBSD then you can do that just
as well with an external box as you can with one of these (configure
in bridge mode, run pppoe(4) in OpenBSD).
Are these going to be OpenBSD compatible or are there others???
Yes should be compatible, it just looks like a nic.
Does anyone know of a VDSL2 solution like this also?
Don't know of one. My same comments would apply about preferring a
separate box.
For software I plan to use Quagga/Zebra which should be in the ports or
compatible easily coupled with NAT, ACL's, Firewall using PF or so
In OpenBSD there are actually usable routing daemons, OpenBGPD,
OpenRIPD and OpenOSPFD.
Ugh quagga. Maybe when someone pulls together all the various
internally-maintained forks of it it'll be a bit more usable..
The OpenBSD routing daemons are pretty good. Other than that for
open-source routing there are some circumstances where BIRD running on
Linux might be useful (personally I can't stand the config but I'd
rather run this than Quagga..).
Is OpenBSD compatible with Cisco VTP and STP to trunk VLANs to Cisco
switches?
I'm not familiar with VTP, the rest will be fine.
Standard 802.1q works fine - vlan(4) and we also do QinQ
(ethertype 0x88a8 only) with svlan(4).
We don't do VTP (or GVRP), you need to configure vlans separately.
Personally I don't see that as a disadvantage :)
STP is for bridging not for vlan support, we do support STP/RSTP but
not MSTP though switches should fallback to RSTP in that case. (I try
and leave bridging to switches though).
I did discover this already:
http://fengnet.com/book/icuna/ch05lev1sec5.html
so it would seem so, however I do not know if link-aggregation would
work?? As in Cisco Etherchannel to multiple ports on the router.
Yep, trunk will work fine with a cisco.
trunk(4) supports LACP and static configs ('trunkproto loadbalance'
should be compatible with the statically-configured Cisco FEC, though
LACP is preferred if you have the option).
There are many more questions I have but will refrain from asking at
this phase as most of them can be got round by researching; like Cisco
IPSEC/GRE VPN compatibility et el.
IPsec is mostly compatible but there's a bit of breakage if the ipsec
gateways are behind NAT (because Cisco still follows a very old nat-t draft
rather than the standard).
gre(4) should work fine.
Re: Router project on OpenBSD questions
On 02/28/2012 01:57 PM, Stuart Henderson wrote: I also would like to know if anyone knows of any ADSL2+ Annex M standard PCI (/x/) based modem card that I can use to connect to my ISP with instead of using an external device? So far in my search I came across this: http://linitx.com/viewcategory.php?catid=47 This is basically an ADSL router on a PCI card presenting as an ethernet interface. iirc, you configure it with telnet/http. In a normal config then this card will be actively routing packets. Personally I prefer to have a separate router/modem that can be swapped out without powering down the machine, and usually connected by a better quality network interface than an rl(4) Main advantage I see with these particular carsd is that if you have a dual-PSU machine you can get some power protection. If you want to terminate ppp in OpenBSD then you can do that just as well with an external box as you can with one of these (configure in bridge mode, run pppoe(4) in OpenBSD). Thanks a lot Stuart for the response!! I think that particular interface isn't around any more as the company that builds them have gone here: http://www.rocksolidelectronics.com/pages/products/v1.php This makes more sense to me personally as I've had Cisco router experience as discussed; unfortunately while 'maxing' out connections Cisco's tend to blow up!!! They crash, get slow and start acting funny What I'm trying to do is replace my Cisco 857, 877, and 1801 as the performance is **not** there for me :-( CPU driven into 100% on all boxes and memory used up also. I was planning on getting a 2901 with VDSL2/ADSL2/2+ Annex M card and 8 port Gb switch card. But after careful consideration I decided against it as it would issue the same problems for me and be more expensive then going down the OpenBSD route as discussed previously. Also 75Mbps is mentioned by Cisco for the 2900 series: http://www.cisco.com/en/US/prod/collateral/routers/ps10537/data_sheet_c78_553896.html which is pathetic as in the UK fiber networks are slowly becoming more available to the masses - in terms of offerings of up to 1Gbps are available for round #50/month ($75/month (US)). Even a VDSL2 solution offers up to 100Mbps - depending on distance between local loop and CPE but I'm sure that the 2900 series or 800 series VDSL provisioned ISR would struggle to meet those speeds. Couple that with 1000+ TCP/IP flows through UDP or TCP packet transactions and any **standard** branch based ISR wouldn't be able to cope :-( Are these going to be OpenBSD compatible or are there others??? Yes should be compatible, it just looks like a nic. On the site even mentions xBSD compatibility as post read now :-) Does anyone know of a VDSL2 solution like this also? Don't know of one. My same comments would apply about preferring a separate box. See my comments above - otherwise wouldn't spend hassle on this design and would have gone directly to a 2901 with VDSL2 card. Other option is this: http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-613481.html and link to OpenBSD based router design... but if telco chipset (modem) of router gets maxed then the whole box will become saturated :-( For software I plan to use Quagga/Zebra which should be in the ports or compatible easily coupled with NAT, ACL's, Firewall using PF or so In OpenBSD there are actually usable routing daemons, OpenBGPD, OpenRIPD and OpenOSPFD. Ugh quagga. Maybe when someone pulls together all the various internally-maintained forks of it it'll be a bit more usable.. The OpenBSD routing daemons are pretty good. Other than that for open-source routing there are some circumstances where BIRD running on Linux might be useful (personally I can't stand the config but I'd rather run this than Quagga..). Coming from FreeBSD background I didn't know of the OpenBSD integration with routing etc... so thanks for the 'wake up call' :-) Is OpenBSD compatible with Cisco VTP and STP to trunk VLANs to Cisco switches? I'm not familiar with VTP, the rest will be fine. Standard 802.1q works fine - vlan(4) and we also do QinQ (ethertype 0x88a8 only) with svlan(4). We don't do VTP (or GVRP), you need to configure vlans separately. Personally I don't see that as a disadvantage :) STP is for bridging not for vlan support, we do support STP/RSTP but not MSTP though switches should fallback to RSTP in that case. (I try and leave bridging to switches though). I see where you're headed with this! Leave spanning-tree to the switches to block redundant ports and prevent loops but trunk everything to OpenBSD and inter-Vlan route/switch from there. Rather then link aggregation using Etherchannel et el Get a multi port NIC on the OpenBSD box then according to b/w requirements can trunk on different port if needed. I did discover this already: http://fengnet.com/book/icuna/ch05lev1sec5.html so it would seem so,
Re: pgt firmware ...
On Mon, Feb 27, 2012 at 7:52 AM, Janne Johansson icepic...@gmail.com wrote: 2012/2/27 David Walker davidianwal...@gmail.com: Thank you Peter. I still get the same error message (error line wrapped): pkg_add ./pgt-firmware-1.2p2.tgz Bad pkg_db: No such file or directory at [...] Somethings wrong with my environment but what ... Yes, the thing that makes it impossible for you to run exactly what we tell you to, and instead you add ./name-of-package when pkg_add takes URLs directly. but that couldn't possibly make a difference so why do you keep repeating Now exactly what in your environment is doing that, I can't really tell. -- B To our sweethearts and wives. B May they never meet. -- 19th century toast
Servizio Prevenzione insoluti
Offriamo questo nuovo servizio ad alto valore aggiunto realizzato per coloro che utilizzano l'informazione commerciale come strumento di supporto alle decisioni nell'ambito del credito, e in particolare del credito commerciale. Clicca qui per informazioni Se non vuoi ricevere piz le nostre news clicca qui Continui a ricevere mail anche dopo la richiesta di cancellazione? Segnala l'abuso a: abusepriv...@tiscali.it
ALTO Fraudes! PrevenciĆ³n la SoluciĆ³n, Coaching de Control Interno
[IMAGE] Pms de Mixico prestigiada firma de Capacitacisn presenta: Mitodos de Control para la Prevencisn de Fraudes y perdidas en la empresa 22 de Marzo en la ciudad de Mixico. Capacitacisn personalizada por el experto en la materia. Este entrenamiento tiene valor curricular y garantma de satisfaccisn. Obtenga las herramientas necesarias para alcanzar un sptimo desempeqo en su funcisn. !Reciba la informacisn completa y Revise la agenda! Por favor responda este e-mail con los datos siguientes Empresa Nombre Telifono Email Nzmero de Interesados En breve recibira temario, reseqa de expositor y tarifas. Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la STPS Trabajamos con expertos en la materia para poder brindar herramientas tacticas, vanguardistas y de facil aplicacisn. Si lo prefiere comunmquese a los telifonos donde con gusto uno de nuestros ejecutivos le atendera. Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas. Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. ALTO, si en esta ocasisn la informacisn recibida no fue de su interis pero desea recibir informacisn personalizada en relacisn a otros temas favor de indicarlo. Si usted ha recibido este mensaje por error, haga caso omiso de el y de antemano una sincera disculpa por la molestia, reporte su cuenta respondiendo este correo con el subject BAJAFRAUDE Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJAFRAUDE Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia para nosotros y no es intencisn de la empresa la inconformidad del receptor, nuestra intencisn es promover herramientas de utilidad para el [demime 1.01d removed an attachment of type image/jpeg which had a name of image002.jpg]
Relayd -- Logging Weirdness
We're seeing some strange behavior with relayd not logging messages. When started with the -d flag, relayd spits out the desired relay log messages: startup ... adding 3 hosts from table web_hosts:443 relay www.*.com, session 1 (1 active), 0, ***.***.***.*** - 192.168.1.101:443, last write (done) But when started via the rc script, or even directly (no matter how many -v flags I throw at it), syslog never receives the relay log messages, even though it gets and logs others: logmsg: pri 036, flags 0x0, from fw02, msg Feb 28 15:50:18 relayd[18044]: adding 3 hosts from table web_hosts:443 Logging to FILE /var/log/daemon Can anyone shed some light on this? I'm baffled as to why this is happening. We're running 5.0-RELEASE. Dmesg follows: OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE real mem = 2145374208 (2045MB) avail mem = 2100199424 (2002MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/03/09, BIOS32 rev. 0 @ 0xfdb70, SMBIOS rev. 2.5 @ 0x7fedf000 (39 entries) bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009 bios0: Supermicro X7SBi acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-16 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz (GenuineIntel 686-class) 2.94 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 3 pa 0xfecc, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PXHA) acpiprt2 at acpi0: bus 3 (PEX_) acpiprt3 at acpi0: bus 5 (EXP1) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 15 (EXP6) acpiprt6 at acpi0: bus 17 (PCIB) acpicpu0 at acpi0: C3, PSS acpicpu1 at acpi0: C3, PSS acpibtn0 at acpi0: PWRB acpivideo0 at acpi0: IGD0 bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x1000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2934 MHz: speeds: 2933, 2667, 2400, 2133, 1867, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 3200/3210 Host rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 3200/3210 PCIE rev 0x01: apic 2 int 16 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 Intel 6702PXH PCIE-PCIX rev 0x09 pci2 at ppb1 bus 2 Intel IOxAPIC rev 0x09 at pci1 dev 0 function 1 not configured ppb2 at pci0 dev 6 function 0 Intel 3210 PCIE rev 0x01: apic 2 int 16 pci3 at ppb2 bus 3 em0 at pci3 dev 0 function 0 Intel PRO/1000 PT (82575EB) rev 0x02: msi, address 00:25:90:05:0f:24 em1 at pci3 dev 0 function 1 Intel PRO/1000 PT (82575EB) rev 0x02: msi, address 00:25:90:05:0f:25 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 16 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 17 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 18 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 16 pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: apic 2 int 16 pci5 at ppb4 bus 13 em2 at pci5 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: msi, address 00:30:48:fa:ec:22 ppb5 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 2 int 17 pci6 at ppb5 bus 15 em3 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, address 00:30:48:fa:ec:23 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 2 int 23 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 2 int 22 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: apic 2 int 18 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: apic 2 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci7 at ppb6 bus 17 vga1 at pci7
Trusting the Installation
Hello, I've recently installed 5.0 and based upon my experience I expected a checksum to be posted for the ISO. Also I've noticed that HTTPS isn't implemented on openbsd.org. I was also expecting the checksum to be served over HTTPS. I'm sure theres a good reason why this isn't necessary? I want to check the files I've downloaded against something? Obviously I can check a few random mirrors to ensure that files are identical. What are others doing? Thanks, Nathan
Re: Trusting the Installation
On 02/28/12 21:43, Nathan Stiles wrote: Hello, I've recently installed 5.0 and based upon my experience I expected a checksum to be posted for the ISO. And it is. Imagine that. Also I've noticed that HTTPS isn't implemented on openbsd.org. I was also expecting the checksum to be served over HTTPS. I'm sure theres a good reason why this isn't necessary? I want to check the files I've downloaded against something? Obviously I can check a few random mirrors to ensure that files are identical. What are others doing? buy a CD. Really. The chains of rust you were putting your trust in has flaws. Nick.
Re: Trusting the Installation
On Tue, Feb 28, 2012 at 9:44 PM, Nathan Stiles stiles.nat...@gmail.comwrote: Hello, I've recently installed 5.0 and based upon my experience I expected a checksum to be posted for the ISO. Also I've noticed that HTTPS isn't implemented on openbsd.org. I was also expecting the checksum to be served over HTTPS. I'm sure theres a good reason why this isn't necessary? I want to check the files I've downloaded against something? Obviously I can check a few random mirrors to ensure that files are identical. What are others doing? Thanks, Nathan There is a SHA256 file published in the same directory, which lists checksums of the ISO's and other files. This just came up in the Scientific Linux mailing list. While checksums are useful, they're not helpful if both the checksum and the file itself are corrupted. Someone (namely me!) also pointed out the possibility of manipulating the FTP or HTTP transmission en route, and I pointed out the risk of a Trojan infested mirror, Bittorrent, or other popular network access source. It's why I'm happy to use Bittorrent to get ISO's in a speedy fashion, but *ALWAYS* check the checksums against the original source when download is complete. Even a shipped CD has some subtle, secondary risks: if I put that copy in my software box and put the ISO image online locally for building virtual hosts (which I've done ion the last year), what prevents some weasel at work from replacing my ISO? Yes, I trust the people I work with, but assuring the provenance of an ISO image can be a useful bit of extra certainty. This is especially the case when your local mirror is *not* as secure as you might like.
Nuestros Eventos Marzo 2012 Plataforma del SAT: Pagos Referenciados y Solucion Integral
Politicas de Privacidad Si no puede ver esta informacisn haga click aqum [IMAGE] [IMAGE] [IMAGE] [IMAGE] Marzo 2012 [IMAGE] [IMAGE] [IMAGE] Viernes 02 Mzo.2012 [IMAGE] RESOLUCISN MISCELANEA 2012 [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 09 Hrs | Duracisn: 06 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Sabado 03 Mzo.2012 [IMAGE] INDUSTRIA DE LA CONSTRUCCISN: TALLER PRACTICO DE LLENADO DE SATICS [IMAGE] [IMAGE] [IMAGE] C.P. y E.F. Emilio Ordoqez Lspez Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Viernes y Sabado 02y03 Mzo.2012 [IMAGE] NOMINA INTEGRAL BASICA (ISR, IMSS, SAR E INFONAVIT) [IMAGE] [IMAGE] [IMAGE] C.P.C. Miguel Angel Dmaz Pirez Inicio: 09 y 09 Hrs | Duracisn: 13 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Miircoles 07 Mzo.2012 [IMAGE] PLATAFORMA DEL SAT: PAGOS REFERENCIADOS Y SOLUCISN INTEGRAL (OBLIGATORIO PARA TODAS LAS PERSONAS MORALES) [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] 08, 16 y 23 Marzo 2012 [IMAGE] DECLARACISN ANUAL PERSONAS MORALES 2011 CON DEM [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 09, 09 y 15 Hrs | Duracisn: 06 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Jueves 08 Mzo.2012 [IMAGE] RIGIMEN FISCAL DE AUTOTRANSPORTE (INCLUYE RESOLUCISN DE FACILIDADES 2012) [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Viernes y Sabado 09y10 Mzo.2012 [IMAGE] AUTOMATIZACISN DE LA NSMINA Y SUS OBLIGACIONES [IMAGE] [IMAGE] [IMAGE] C.P y E.F. Israel Minero Atrian Inicio: 15 y 09 Hrs | Duracisn: 10 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Sabado 10 Mzo.2012 [IMAGE] NUEVO REGLAMENTO DE INFONAVIT CON PAGOS MENSUALES (OBLIGACIONES IMSS E INFONAVIT) [IMAGE] [IMAGE] [IMAGE] C.P.C. Arturo Hernandez Lspez Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Miircoles 14 Mzo.2012 [IMAGE] LIQUIDACISN DE SOCIEDADES [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] 16 y 23 Marzo 2012 [IMAGE] DECLARACISN ANUAL PERSONAS MORALES 2011 CON DEM [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 09 y 15 Hrs | Duracisn: 06 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Viernes 16 Mzo.2012 [IMAGE] TRATAMIENTO FISCAL DE FUSISN, ESCISISN Y TRANSFORMACISN DE SOCIEDADES [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Miircoles 21 Mzo.2012 [IMAGE] DECLARACISN ANUAL PERSONAS MORALES 2011 CON DEM [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 09 Hrs | Duracisn: 06 hrs. | Sede: Tlalnepantla [IMAGE][IMAGE] [IMAGE] Jueves 22 Mzo.2012 [IMAGE] COMPROBANTES FISCALES DIGITALES FACTURACISN ELECTRSNICA (CON NUEVAS DISPOSICIONES) [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Jueves 22 Mzo.2012 [IMAGE] EFECTOS FISCALES DE LOS CONTRATOS EN EL CIERRE 2011 [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Gadiel Aragsn Peralta Inicio: 15 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Viernes 23 2012 [IMAGE] DECLARACISN ANUAL PERSONAS MORALES 2011 CON DEM [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 15 Hrs | Duracisn: 06 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Viernes 23 Mzo.2012 [IMAGE] TALLER: HABILIDADES PARA VENTAS EFECTIVAS [IMAGE] [IMAGE] [IMAGE] Ing. Martin Atocha Ortiz Mitre Inicio: 09 Hrs | Duracisn: 08 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Miircoles 28 Mzo.2012 [IMAGE] NIF4S CON INICIO DE VIGENCIA 2012 [IMAGE] [IMAGE] [IMAGE] L.C.P. y M.I. Jorge Zzqiga Carrasco Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Miircoles 28 Mzo.2012 [IMAGE] SIPRED / SIPIAD 2011 [IMAGE] [IMAGE] [IMAGE] C.P.C. Roberto Gsmez Ledezma Inicio: 09 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Jueves 29 Mzo.2012 [IMAGE] RESOLUCISN MISCELANEA 2012 [IMAGE] [IMAGE] [IMAGE] C.P.C. y E.F. Luis Guillermo Delgado Pedroza Inicio: 09 Hrs | Duracisn: 06 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] Jueves 29 Mzo.2012 [IMAGE] DEFENSA ANTE FACULTADES DE COMPROBACISN EN MATERIA ADUANERA CON INFASIS EN CERTIFICADOS DE ORIGEN [IMAGE] [IMAGE] [IMAGE] Lic. Rafael Rivera Prado Inicio: 15 Hrs | Duracisn: 05 hrs. | Sede: Col. Roma [IMAGE][IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] POLMTICAS DE CANCELACISN Corporativo Fiscal Dicada, S.C. posee una rmgida polmtica contra
Google SoC 2012 is accepting open source organisations
I came across this: http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29 The deadline is the 29th. I'd be interested in accelerating the port of capsicum :-) //Logan C-x-C-c -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light !
Re: Trusting the Installation
On Tue, Feb 28, 2012 at 09:44:15PM -0500, Nathan Stiles wrote: Obviously I can check a few random mirrors to ensure that files are identical. What are others doing? Buying CDs. It's not just a donation as some characterize it. You get multiple architectures, initial source and ports trees, and loads of packages. Having the official CDs not only funds the project but also saves you a bunch of time on installs and upgrades. Nicolai
Re: Trusting the Installation
On Wed, Feb 29, 2012 at 3:44 AM, Nathan Stiles stiles.nat...@gmail.com wrote: Hello, I've recently installed 5.0 and based upon my experience I expected a checksum to be posted for the ISO. They are Also I've noticed that HTTPS isn't implemented on openbsd.org. $ host openbsd.org openbsd.org has address 199.185.137.3 openbsd.org mail is handled by 10 cvs.openbsd.org. openbsd.org mail is handled by 6 shear.ucar.edu. $ host www.openbsd.org www.openbsd.org has address 142.244.12.42 use www.openbsd.org , reasons why are in archives (hint - it's not security/privacy related) I was also expecting the checksum to be served over HTTPS. Some exact reason for that? Especially regarding a lot of issues and flaws discovered during last months/years in various implementations of SSL/certificates/CAs? BTW it's open source project and there's eg. CVS web where anyone can see code. If you are really interesting target for someone then checksums served over HTTPS can slow him down only by seconds. I'm sure theres a good reason why this isn't necessary? I want to check the files I've downloaded against something? Obviously I can check a few random mirrors to ensure that files are identical. B What are others doing? Eg. with snapshots there are times when checksums are not correct on mirrors and still snasphots are correct (details in FAQ). Thanks, Nathan
Re: Trusting the Installation
On Tue, Feb 28, 2012 at 09:44:15PM -0500, Nathan Stiles wrote: Hello, I've recently installed 5.0 and based upon my experience I expected a checksum to be posted for the ISO. Also I've noticed that HTTPS isn't implemented on openbsd.org. I was also expecting the checksum to be served over HTTPS. I'm sure theres a good reason why this isn't necessary? I want to check the files I've downloaded against something? Obviously I can check a few random mirrors to ensure that files are identical. What are others doing? man release jirib
A neat twist on nginx + php-fpm = no input file selected
If anyone has played with nginx + php-fpm, they may have run into the
No input file specified problem. Google will show dozens of pages
explaining what the problem is and how to fix it. Been there, spent
last weekend doing it.
After too much frustration, I tried the exact same nginx config with
php-fastcgi-5.3, and it worked like a charm. Maybe one day I'll go back
to figure out what I was doing wrong with php-fpm, but for now, the
'regular' fastcgi will do.
Until it silently died. To keep this story short, I'll leave it at:
yes, it likes to silently die on its own once or twice a day for no
apparent reason. I figured I'd go back to trying php-fpm.
I'll post copies of my nginx.conf, fastcgi_params, php-fpm.conf and
dmesg below, but the more interesting part is the kdump I got from
ktrace'ing php-fpm. The server is OpenBSD 5.1/i386 built from sources
obtained a few days before the shift to 5.1-current.
I'll post the full output below, but here's the relevant couple of bits
to my simple eyes. Here's where it gets the fastcgi params, and they
look sane to me:
23595 php-fpm-5.3 GIO fd 5 read 888 bytes
\f\0QUERY_STRING\^N\^CREQUEST_METHODGET\f\0CONTENT_TYPE\^N\0CONTENT_LENGTH\v\^RSCRIPT_NAME/who_is_online.php\v\
\^RREQUEST_URI/who_is_online.php\f\^RDOCUMENT_URI/who_is_online.php\r\^ODOCUMENT_ROOT/var/nginx/html\^O\bSERVE\
R_PROTOCOLHTTP/1.1\^Q\aGATEWAY_INTERFACECGI/1.1\^O\fSERVER_SOFTWAREnginx/1.0.11\v\vREMOTE_ADDR192.168.1.5\v\^E\
REMOTE_PORT39331\v\vSERVER_ADDR172.16.1.10\v\^CSERVER_PORT443\v\^QSERVER_NAMEwww.blackstaff.ca\^O\^CREDIRECT_S\
TATUS200\^O!SCRIPT_FILENAME/var/nginx/html/who_is_online.php
\^QHTTP_HOSTwww.blackstaff.ca\^OGHTTP_USER_AGE\
NTMozilla/5.0 (X11; OpenBSD amd64; rv:9.0.1) Gecko/20100101
Firefox/9.0.1\v?HTTP_ACCEPTtext/html,application/x\
html+xml,application/xml;q=0.9,*/*;q=0.8\^T\^NHTTP_ACCEPT_LANGUAGEen-us,en;q=0.5\^T\rHTTP_ACCEPT_ENCODINGgzip,\
deflate\^S\^^HTTP_ACCEPT_CHARSETISO-8859-1,utf-8;q=0.7,*;q=0.7\b\^AHTTP_DNT1\^O
HTTP_CONNECTIONkeep-alive\f*HTTP_REFERERhttps://www.blackstaff.ca/admin_reauth.php\^R
HTTP_CACHE_CONTROLmax-\
age=0\0\0
And here's where it can't find the file:
23595 php-fpm-5.3 GIO fd 2 wrote 100 bytes
ERROR: Unable to open primary script:
/var/nginx/html/who_is_online.php (No such file or directory)
23595 php-fpm-5.3 RET write 100/0x64
(it doesn't matter whether the file is who_is_online.php, index.php or
any other file.)
Really, the file exists, and the directory/file permissions are fine.
It worked just a moment before with php-fastcgi, just not with php-fpm.
Normally, they look like this:
# ls -l /var/nginx/html/who_is_online.php
-rw-r- 1 scott _nginx 149 Feb 27 18:44
/var/nginx/html/who_is_online.php
The php-fpm process was running as _nginx, which I confirmed with ps -aux.
Just on the off chance it _is_ file perms, I set everything from
/var/nginx to who_is_online.php owned _nginx:_nginx and chmod 777.
Anyone could read or even modify the file.
Still no dice, and I tried the same with index.php, and on my dev site
at /var/nginx.dev, all with the same results.
This problem is a real mystery to me, and I'm hoping I didn't miss
something crazy-simple. Can anyone explain it?
nginx was built from ports:
nginx version: nginx/1.0.11
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx
--conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx
--pid-path=/var/run/nginx.pid --lock-path=/var/nginx/tmp/nginx.lock
--http-client-body-temp-path=/var/nginx/tmp/client_body_temp
--http-proxy-temp-path=/var/nginx/tmp/proxy_temp
--http-fastcgi-temp-path=/var/nginx/tmp/fastcgi_temp
--http-scgi-temp-path=/var/nginx/tmp/scgi_temp
--http-uwsgi-temp-path=/var/nginx/tmp/uwsgi_temp
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --user=_nginx --group=_nginx
--with-http_gzip_static_module --with-http_ssl_module
--with-http_stub_status_module --with-http_mp4_module --with-mail
--with-mail_ssl_module --with-ipv6
php is 5.3.10:
# pkg_info -q |grep php
php-5.3.10
php-bz2-5.3.10
php-curl-5.3.10
php-fastcgi-5.3.10
php-fpm-5.3.10
php-gmp-5.3.10
php-mcrypt-5.3.10
php-pgsql-5.3.10
Here's the kdump of a ktrace -d from watching one of the worker
processes. It was idle until I refreshed the browser page, and this is
what it said:
snip
23595 php-fpm-5.3 RET poll 1
23595 php-fpm-5.3 CALL gettimeofday(715710552,0)
23595 php-fpm-5.3 RET gettimeofday 0
23595 php-fpm-5.3 CALL accept(0,-809783136,-809783140)
23595 php-fpm-5.3 STRU struct sockaddr { AF_INET, 127.0.0.1:28040 }
23595 php-fpm-5.3 RET accept 5
23595 php-fpm-5.3 CALL fcntl(5,F_GETFL,0)
23595 php-fpm-5.3 RET fcntl 6
23595 php-fpm-5.3 CALL gettimeofday(-809783288,0)
23595 php-fpm-5.3 RET gettimeofday 0
23595 php-fpm-5.3 CALL gettimeofday(-809783368,0)
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 6:34 AM, Loganaden Velvindron logana...@gmail.com wrote: I came across this: http://google-opensource.blogspot.com/2012/02/mentoring-organization-applications-now.html?utm_source=feedburnerutm_medium=feedutm_campaign=Feed%3A+GoogleOpenSourceBlog+%28Google+Open+Source+Blog%29 The deadline is the 29th. I'd be interested in accelerating the port of capsicum :-) Check archives like http://marc.info/?l=openbsd-miscw=2r=1s=Google+Summer+of+codeq=b , OpenBSD tried to apply at least two times or so, but was not chosen. The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. Examples of outputs related to BSD are eg. here: http://blog.netbsd.org/tnf/entry/posix_spawn_syscall_added http://www.shiningsilence.com/dbsdlog/2011/09/15/8368.html but when testing those you can see that they are mostly not so stable as OpenBSD wants. Here something gets implemented when it's really ready and stable as much as possible. This doesn't seems to be same for GSoC results. Style is something like https://en.wikipedia.org/wiki/Release_early,_release_often //Logan C-x-C-c -- Brightest day, Blackest night, No bug shall escape my sight, And those who worship evil's mind, be wary of my powers, puffy lantern's light !
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 08:35:03AM +0100, Tomas Bodzar wrote: The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. If anybody knows coding and has freetime, then ipv6 for portmapper and thus later nfs :) As OpenBSD does have NAT64 and other nice ipv6 features by default, it would be nice to have network filesystem :) jirib
Re: Trusting the Installation
2012/2/29 Tomas Bodzar tomas.bod...@gmail.com: On Wed, Feb 29, 2012 at 3:44 AM, Nathan Stiles stiles.nat...@gmail.com I was also expecting the checksum to be served over HTTPS. Some exact reason for that? Especially regarding a lot of issues and flaws discovered during last months/years in various implementations of SSL/certificates/CAs? [...] What are others doing? Other, like the rest of the internet are using those certificate authorities (all 600+ of them?) as if they work, and make users believe that since my browser says Chunghwa Telecom or NetLock Halozatbiztonsagi Kft.is to be trusted, mylocalbank.com showing one of their certs must be fine and dandy Doing what others do isn't always adding to real security. As everyone says, buying the CD is a solution for the really paranoid. Going to a BSD conference where obsd devs and affiliates sell such CDs even mitigate the evil post office CD-swapper issue. If you aren't ready to shell out the bucks for one CD set, then it can't really be important. -- To our sweethearts and wives. May they never meet. -- 19th century toast
Re: Google SoC 2012 is accepting open source organisations
On Wed, Feb 29, 2012 at 8:47 AM, Jiri B ji...@devio.us wrote: On Wed, Feb 29, 2012 at 08:35:03AM +0100, Tomas Bodzar wrote: The question is if there's real potential in that for some really new stuff. Personally I think that developers which hacks in their free time work on needed features anyway even without GSoC and probably don't have free summer because of that and regular job (but probably money from GSoC may be of some use for them as for anyone). Then there's quality - OpenBSD model proved during years that really only skilled people (or those which want to be skilled) are getting inside dev team and we can use high quality results of that. Seems like OpenBSD has much more higher standards for quality of code, documentation and skills of programmers then GSoC can offer most of the times. If anybody knows coding and has freetime, then ipv6 for portmapper and thus later nfs :) As OpenBSD does have NAT64 and other nice ipv6 features by default, it would be nice to have network filesystem :) You know that feature is filesystem in cloud where you can access your data via social interface :P :D jirib
