Re: TTL for backup hosts (relayd)
Am 2012-08-01 14:07, schrieb Sebastian Benoit: Bernd(be...@kroenchenstadt.de) on 2012.08.01 12:07:10 +0200: Hi, I got some redirects configured in relayd(8) which use backup ('fallback') hosts for the case all hosts in the 'main' table are down, e.g. due to maintenance. So, in this case, backup hosts get enabled and show a page like "sorry, we're down for maintenance". This works fine; however, after the main table hosts (at least one) are back up and running (due to checks being successful again, or re-enabling them) sessions that went to the backup hosts don't go away. My primary thought was that sessions to fallback hosts would be flushed or time out as soon as the main table is active again, or at least after $timeout (default: 600s). Best, Bernd Hi Bernd, you might indeed have found a bug. I'll look into it. /Benno Hi, I found out that this problem does *not* persist when not using stickyness. I'll update the machines soon (not easy because under heavy load), and check if it still happens running 5.1. Thanks, Bernd
Re: Dilemma: between OpenBSD and NetBSD
On 08/12/2012 08:16 PM, Kevin Chadwick wrote: > It is faster with softdep and safer without. My mail client has similar > choices in it's options. Which do you think my mail client enables by > default... The safe option of course. So does OpenBSD which isn't like > Linux userspace. Is 'safer' really the right word here? As I understand it, with or without softdeps, the filesystem on disk will be consistent and recoverable (excepting, of course, that when a disk confirms a write is completed isn't necessarily when the write is completed). The difference is that with softdeps, you don't have the guarantee that metadata writes have been completed (insofar as the kernel can know) when the syscall to change it returns. On the other hand, because predicting the state of your filesytem after a crash is a bit harder with softdep enabled, leaving it turned off by default seems like a sensible choice. The really unsafe, choice, though, is mounting async, which can lead to unrecoverable filesystems in the event of a crash. -- Matthew Weigel hacker unique & idempot . ent
Re: Dilemma: between OpenBSD and NetBSD
> > Why softdep not enabled by default? > > > Because, unlike some OS's, OpenBSD doesn't want to think for you. > I've noticed that whenever an OS or an application tries to think > for me it is wrong 99% of the time. It is faster with softdep and safer without. My mail client has similar choices in it's options. Which do you think my mail client enables by default... The safe option of course. So does OpenBSD which isn't like Linux userspace. -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) ___
Re: Dilemma: between OpenBSD and NetBSD
> But in the past couple of years, I see hangers on trying to show off by bullying new comers, and that's really distasteful Possibly what you are experiencing in part is "bikeshedding" http://en.wiktionary.org/wiki/bikeshedding http://en.wikipedia.org/wiki/Parkinson%27s_Law_of_Triviality I was guilty myself when I popped off an answer mentioning the FAQ, and guessing it would generate a lot of trivial responses... On a question like the one that started this thread, most any OpenBSD user knew enough to quickly point to the FAQ answer... And for a bully, well it was an easy one to pounce on.
customer notice
- This mail is in HTML. Some elements may be ommited in plain text. - NAB Protection Alert An attempt to access NAB Internet Banking was denied 30mins ago: If you do not remember trying to access online banking, please select: That was NOT me National Australia Bank. All rights reserved ..
Re: azalia audio: Sound distorted
Hello, > Christian Weisgerber mips.inka.de> writes: > > > > > Mark Kettenis: > > > > > Does the diff below fix the problem? > > > > Yes, it does. The diff works for me too. Many thanks to you all for your help. Alexander
Re: DisplayLink CONV-USB2DVI : wsudl(0): We are not attached to the udl driver
On 11.08.2012 23:33, Alexis de BRUYN wrote: > # wsconsctl -f /dev/ttyC0 display.type > display.type=vga-pci > # wsconsctl -f /dev/ttyD0 display.type > display.type=displaylink > # wsconsctl -f /dev/ttyE0 display.type > display.type=displaylink I still have my previous issue, but I have another one : while the in-board display device is actived through my xorg.conf, the udl devices are not working too. # cat /etc/X11/xorg.conf Section "ServerLayout" Identifier "Server Layout" Screen 0 "Screen0" 0 0 Screen 1 "Screen1" LeftOf "Screen0" Screen 2 "Screen2" RightOf "Screen0" Option "Xinerama" "On" EndSection Section "Screen" Identifier "Screen0" Device "Card0" EndSection Section "Screen" Identifier "Screen1" Device "Card1" EndSection Section "Screen" Identifier "Screen2" Device "Card2" EndSection Section "Device" Identifier "Card0" Driver "intel" Option "Device" "/dev/ttyC0" EndSection Section "Device" Identifier "Card1" Driver "wsudl" Option "Device" "/dev/ttyD0" EndSection Section "Device" Identifier "Card2" Driver "wsudl" Option "Device" "/dev/ttyE0" EndSection Here is the Xorg.log file : # cat /var/log/Xorg.0.log [473998.075] (--) checkDevMem: using aperture driver /dev/xf86 [473998.089] (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) [473998.144] X.Org X Server 1.11.4 Release Date: 2012-01-27 [473998.144] X Protocol Version 11, Revision 0 [473998.144] Build Operating System: OpenBSD 5.1 amd64 [473998.144] Current Operating System: OpenBSD test.lan.mrs.de-bruyn.fr 5.1 GENERIC#0 amd64 [473998.144] Build Date: 11 February 2012 09:52:29PM [473998.144] [473998.144] Current version of pixman: 0.22.2 [473998.144]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [473998.144] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [473998.144] (==) Log file: "/var/log/Xorg.0.log", Time: Sun Aug 12 21:12:41 2012 [473998.197] (==) Using config file: "/etc/X11/xorg.conf" [473998.197] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d" [473998.239] (==) ServerLayout "Server Layout" [473998.239] (**) |-->Screen "Screen0" (0) [473998.239] (**) | |-->Monitor "" [473998.272] (**) | |-->Device "Card0" [473998.272] (==) No monitor specified for screen "Screen0". Using a default monitor configuration. [473998.272] (**) |-->Screen "Screen1" (1) [473998.272] (**) | |-->Monitor "" [473998.272] (**) | |-->Device "Card1" [473998.272] (==) No monitor specified for screen "Screen1". Using a default monitor configuration. [473998.272] (**) |-->Screen "Screen2" (2) [473998.272] (**) | |-->Monitor "" [473998.273] (**) | |-->Device "Card2" [473998.273] (==) No monitor specified for screen "Screen2". Using a default monitor configuration. [473998.273] (**) Option "Xinerama" "On" [473998.273] (==) Disabling SIGIO handlers for input devices [473998.273] (==) Automatically adding devices [473998.273] (==) Automatically enabling devices [473998.280] (**) Xinerama: enabled [473998.395] (==) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF/, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ [473998.395] (==) ModulePath set to "/usr/X11R6/lib/modules" [473998.395] (II) The server relies on wscons to provide the list of input devices. If no devices become available, reconfigure wscons or disable AutoAddDevices. [473998.405] (II) Loader magic: 0x79e220 [473998.405] (II) Module ABI versions: [473998.405]X.Org ANSI C Emulation: 0.4 [473998.405]X.Org Video Driver: 11.0 [473998.405]X.Org XInput driver : 13.0 [473998.406]X.Org Server Extension : 6.0 [473998.409] (--) PCI:*(0:0:2:0) 8086:0116:106b:00e7 rev 9, Mem @ 0xa000/4194304, 0x9000/268435456, I/O @ 0x2000/64 [473998.409] (II) LoadModule: "extmod" [473998.431] (II) Loading /usr/X11R6/lib/modules/extensions/libextmod.so [473998.439] (II) Module extmod: vendor="X.Org Foundation" [473998.439]compiled for 1.11.4, module version = 1.0.0 [473998.439]Module class: X.Org Server Extension [473998.439]ABI class: X.Org Server Extension, version 6.0 [473998.439] (II) Loading extension MIT-SCREEN-SAVER [473998.439] (II) Loading extension XFree86-VidModeExtension [473998.439] (II) Loading extension XFree86-DGA [473998.439] (II) Loading extension DPMS [473998.439] (II) Loading extension XVideo [473998.439] (II) Loading extension XVideo-MotionCompensation [473
Re: OpenSSL handling intermediate certificates
On Thu, Aug 9, 2012 at 3:22 PM, Justin N. Lindberg wrote: > On Thu, 09 Aug 2012 09:18:00 +0200 > Moritz Grimm wrote: > >> You always put trust into the whole chain (that's why you need >> intermediate certs in the first place), starting with your trusted >> root. If that trust turns out to be misplaced in any one of the >> components (root, intermediate, server), you lose. > > For a server certificate you can generally only lose inasmuch as that > server or domain name is concerned. But for misplaced trust in an > intermediate cert with certificate-signing capability, you lose > big-time, because that cert can be used to sign a server cert for any > domain whatsoever. Such certificates have already been stolen. They're dependent on the security of the intermediate key owners, and the are demonstrably unsecure: Check this URL for more details on the release of rogue SSL signing certificates through a Dutch firm: http://www.computerworld.com/s/article/9219606/Hackers_stole_Google_SSL_certificate_Dutch_firm_admits This is precisely why revocation of certificates is such a key aspect of SSL, and why the longstanding lack of such revocation or even revocation of SSH host or user keys remains a significant security concern. Very few infrastructures are really secure once someine is inside the network or has access to backps, and it's why the most secure OS in the world is, in many ways, an expensive waste of time if the basic security policies aren't in place.
Re: Dilemma: between OpenBSD and NetBSD
On 08/12/12 06:32, Ed Ahlsen-Girard wrote: > On 2012-08-11 18:43:56, Miod Vallat wrote: > >>> You will find idiots on @misc. It's one of the few things not in the >>> FAQ. > >>We'd rather not have idiots in the FAQ (-: > >>Miod > > Alfred E. Neumann was in FAQ until May; the precedent is set. > hardly -- the person who plays the fool is often not the idiot. (though, I've seen some pretty convincing performances) Nick.
pf / gif / ipv6
Hello, I am seeing a behavior in pf that I don't understand. # uname -mrvp 5.0 GENERIC#36 sparc64 SUNW,UltraSPARC-IIIi (rev 2.4) @ 1062 MHz When I have the following configured: (not complete configuration) ext_if = "hme0" int_if = "bge0" ipv6gws = "{ a.b.c.192 a.b.c.193 a.b.c.194 a.b.c.195 }" block log all # permit proto 41 to/from ipv6 gws #pass log quick on $ext_if inet proto 41 from any to any pass in log quick on $ext_if inet proto 41 from $ipv6gws to ($ext_if) pass out log quick on $ext_if inet proto 41 from ($ext_if) to $ipv6gws pfctl -s rules produces: pass in log quick on hme0 inet proto ipv6 from a.b.c..192 to (hme0) pass in log quick on hme0 inet proto ipv6 from a.b.c..193 to (hme0) pass in log quick on hme0 inet proto ipv6 from a.b.c..194 to (hme0) pass in log quick on hme0 inet proto ipv6 from a.b.c..195 to (hme0) pass out log quick on hme0 inet proto ipv6 from (hme0) to a.b.c..192 pass out log quick on hme0 inet proto ipv6 from (hme0) to a.b.c..193 pass out log quick on hme0 inet proto ipv6 from (hme0) to a.b.c..194 pass out log quick on hme0 inet proto ipv6 from (hme0) to a.b.c..195 gif interface: ifconfig gif5 create ifconfig gif5 tunnel a.b.c.195 x.y.z.38 ifconfig gif5 up route -n add -inet6 default ::1 -ifp gif5 but this traffic is blocked by pf ($ext_if - hme0 is x.y.z.38): 20:31:03.536279 rule 11/(match) [uid 0, pid 28111] block in on hme0: a.b.c.195 > x.y.z.38: a:b:c:d::e > a:c:f:13:111:512f:f07a:8193: [|tcp] (len 28, hlim 57) (ttl 251, id 37052, len 88) rule 11 is "block log all" from above but if I uncomment the rule: pass log quick on $ext_if inet proto 41 from any to any traffic passes. NOTE: I have also tried modifying the rules to have $ext_if instead of ($ext_if) with the same results. My question is, what is being blocked by the rule? Thanks, Mike
任务下达后完成得不好但因为是碰到困难又怎么处理?-廖亮光
vutrwmvs nod0p [demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a name of ÑÐa·¢¾tÀíµÄÁìeµ¼Á¦ÓëÖ´qÐÐÁ¦.15096DEFANGED-xls]
Re: Dilemma: between OpenBSD and NetBSD
On 2012-08-11 18:43:56, Miod Vallat wrote: >> You will find idiots on @misc. It's one of the few things not in the >> FAQ. >We'd rather not have idiots in the FAQ (-: >Miod Alfred E. Neumann was in FAQ until May; the precedent is set. -- Edward Ahlsen-Girard Ft Walton Beach, FL
ç¨å¡ä»£å¼;å¼ å ç13691895695
你好 2012-8-12 [demime 1.01d removed an attachment of type image/gif which had a name of dll.gif]