Re: Web2py running on openbsd 5.7 with new httpd server

[Alvaro Mantilla Gimenez]

On Wed, Jun 10, 2015 at 1:35 AM, Florian Obser flor...@openbsd.org wrote:

 You are not giving us much to go with, but this sticks out.  Check if
 that unix domain socket is there and keep in mind that httpd(8)
 chroot(2)s to /var/www, so outside the chroot that should be
 /var/www/tmp/fcgi.sock. Also it needs to be readable and writeable by
 user or group www - the user httpd(8) drops to.


You are right. I totally forgot about the chroot jail. Working now!

Thanks!

Alvaro

Web2py running on openbsd 5.7 with new httpd server

[Alvaro Mantilla Gimenez]

Hi,

I would like to know if anyone have web2py running on OpenBSD 5.7 using
new httpd server. I've started web2py with fcgihandler and tried a simple
configuration with no luck (probably wrong, that's why I am asking here):

   # cat /etc/httpd.conf



# $OpenBSD: httpd.conf,v 1.14 2015/02/04 08:39:35 florian Exp $


#

# Macros

#

ext_addr=XX.XX.XX.XX


#

# Global Options

#

prefork 2


#

# Servers

#


# A minimal default server

server default {

listen on $ext_addr port 80


location /* {

fastcgi socket \

/tmp/fcgi.sock

}


root /var/www/htdocs


}


# Include MIME types instead of the built-in ones

types {

include /usr/share/misc/mime.types

}



Any help would be very appreciated. Thanks!!


  Regards,



  Alvaro

spdy support on base nginx

[Alvaro Mantilla Gimenez]

Hi,

   Do nginx from base installation (5.3) support SPDY? I didn't found any
reference in man pages and/or ports.

   Thanks!!

   Alvaro

Re: poptop on OpenBSD 5.3

[Alvaro Mantilla Gimenez]

Hi Wesley, Loïc,

   Thanks for the advice. I didn't know about npppd. It seems an
interesting option.
   I am going to try that.

   Cheers,

   Alvaro

2013/8/4 Loïc BLOT loic.b...@unix-experience.fr

 I approve Wesley,
 if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
 have nearly the same functionalities

 --
 Best regards,
 Loïc BLOT,
 UNIX systems, security and network expert
 http://www.unix-experience.fr


 Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a écrit :
  Hi,
 
  Why not use the embedded package in OpenBSD 5.3 : npppd ??
  conf files : /etc/npppd/npppd.conf and npppd-users
 
  Below a link that will help you on :
  http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd
 
 
  Cheers,
 
  Wesley
 
  Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit :
   Hi,
  
 I am trying to configure poptop on OpenBSD 5.3 without success.
   I've
   installed the package and configured the files as
   the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't
   work so
   I started to change things here and there without success. These are
   the
   facts:
  
 /etc/pptpd.conf:
  
  stimeout 10
  noipparam
  logwtmp
  localip 5.5.5.1
  remoteip 5.5.5.2-102
  
  
 /etc/ppp/options:
  
  lock
  auth
  usehostname
  proxyarp
  +MSChap-V2 mppe-128 mppe-stateless
  
  
 /etc/ppp/ppp.conf:
  
  default:
set log Phase Chat LCP IPCP CCP tun command
set speed 115200
  
  pptp:
set log phase tun
enable proxy
set dns 8.8.8.8 8.8.4.4
set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
set timeout 0
enable chap
enable MSChapV2
  
  
   And here the error:
  
  pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
  ppp[14716]: Phase: Using interface: tun0
  ppp[14716]: Phase: deflink: Created in closed state
  ppp[14716]: tun0: Command: default: set speed 115200
  ppp[14716]: tun0: Command: pptp: set log phase tun
  ppp[14716]: tun0: Phase: PPP Started (direct mode).
  ppp[14716]: tun0: Phase: bundle: Establish
  ppp[14716]: tun0: Phase: deflink: closed - opening
  ppp[14716]: tun0: Phase: deflink: Connected!
  ppp[14716]: tun0: Phase: deflink: opening - carrier
  ppp[14716]: tun0: Phase: deflink: carrier - lcp
  ppp[14716]: tun0: Phase: bundle: Authenticate
  ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
  ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
  ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from
   testuser)
  ppp[14716]: tun0: Phase: Chap Output: SUCCESS
  ppp[14716]: tun0: Phase: deflink: lcp - open
  ppp[14716]: tun0: Phase: bundle: Network
  ppp[14716]: tun0: Phase: deflink: open - lcp
  ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
   Network
   is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
   Network
   is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
   Network
   is unreachable
  ppp[14716]: tun0: Phase: bundle: Terminate
  pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
  pptpd[25764]: CTRL: couldn't read packet header (exit)
  pptpd[25764]: CTRL: CTRL read failed
  ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
  ppp[14716]: tun0: Phase: deflink: Disconnected!
  ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets
   in,
   364 octets out
  ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
  ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on
   Sun
   Aug  4 18:23:07 2013
  ppp[14716]: tun0: Phase: deflink: lcp - closed
  ppp[14716]: tun0: Phase: bundle: Dead
  ppp[14716]: tun0: Phase: PPP Terminated (normal).
  pptpd[25764]: CTRL: Client truncated_ip control connection
   finished
  
  
   So far I think is not an authentication problem (the authentication
   process
   seems to be success) and it is a network related issue. However, I
   do not
   how to fix it according to the three lines on the output:
  
 ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno:
   Network
   is unreachable
 ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
   Network
   is unreachable
 ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno:
   Network
   is unreachable
  
I enabled and applied on sysctl.conf:
  
 net.inet.gre.allow=1
 net.inet.gre.wccp=1
  
   Also, I added the pf.conf lines needed to allow traffic from 1723 and
   GRE
   connections and, to be sure, let all traffic from 5.5.5.0 network
   pass
   through the firewall on tun0.
  
Any help? What I am missing?
  
Thanks in advance,
  
Alvaro

 [demime 1.01d removed an attachment of type application/pgp-signature
 which had a name of signature.asc]

poptop on OpenBSD 5.3

[Alvaro Mantilla Gimenez]

Hi,

  I am trying to configure poptop on OpenBSD 5.3 without success. I've
installed the package and configured the files as
the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't work so
I started to change things here and there without success. These are the
facts:

  /etc/pptpd.conf:

   stimeout 10
   noipparam
   logwtmp
   localip 5.5.5.1
   remoteip 5.5.5.2-102


  /etc/ppp/options:

   lock
   auth
   usehostname
   proxyarp
   +MSChap-V2 mppe-128 mppe-stateless


  /etc/ppp/ppp.conf:

   default:
 set log Phase Chat LCP IPCP CCP tun command
 set speed 115200

   pptp:
 set log phase tun
 enable proxy
 set dns 8.8.8.8 8.8.4.4
 set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
 set timeout 0
 enable chap
 enable MSChapV2


And here the error:

   pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
   ppp[14716]: Phase: Using interface: tun0
   ppp[14716]: Phase: deflink: Created in closed state
   ppp[14716]: tun0: Command: default: set speed 115200
   ppp[14716]: tun0: Command: pptp: set log phase tun
   ppp[14716]: tun0: Phase: PPP Started (direct mode).
   ppp[14716]: tun0: Phase: bundle: Establish
   ppp[14716]: tun0: Phase: deflink: closed - opening
   ppp[14716]: tun0: Phase: deflink: Connected!
   ppp[14716]: tun0: Phase: deflink: opening - carrier
   ppp[14716]: tun0: Phase: deflink: carrier - lcp
   ppp[14716]: tun0: Phase: bundle: Authenticate
   ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
   ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
   ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from testuser)
   ppp[14716]: tun0: Phase: Chap Output: SUCCESS
   ppp[14716]: tun0: Phase: deflink: lcp - open
   ppp[14716]: tun0: Phase: bundle: Network
   ppp[14716]: tun0: Phase: deflink: open - lcp
   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
   ppp[14716]: tun0: Phase: bundle: Terminate
   pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
   pptpd[25764]: CTRL: couldn't read packet header (exit)
   pptpd[25764]: CTRL: CTRL read failed
   ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
   ppp[14716]: tun0: Phase: deflink: Disconnected!
   ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets in,
364 octets out
   ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
   ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on Sun
Aug  4 18:23:07 2013
   ppp[14716]: tun0: Phase: deflink: lcp - closed
   ppp[14716]: tun0: Phase: bundle: Dead
   ppp[14716]: tun0: Phase: PPP Terminated (normal).
   pptpd[25764]: CTRL: Client truncated_ip control connection finished


So far I think is not an authentication problem (the authentication process
seems to be success) and it is a network related issue. However, I do not
how to fix it according to the three lines on the output:

  ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: Network
is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: Network
is unreachable

 I enabled and applied on sysctl.conf:

  net.inet.gre.allow=1
  net.inet.gre.wccp=1

Also, I added the pf.conf lines needed to allow traffic from 1723 and GRE
connections and, to be sure, let all traffic from 5.5.5.0 network pass
through the firewall on tun0.

 Any help? What I am missing?

 Thanks in advance,

 Alvaro

Re: who is using obsd

[Alvaro Mantilla Gimenez]

2013/5/13 Chris Cappuccio ch...@nmedia.net

 Salim Shaw [salims...@vfemail.net] wrote:
  OpenBSD is a server/router/network service OS, it's not designed for
  desktops. OpenBSD is the pre-eminent platform for Firewalling,
  IPsec, IPv6.
  Trying to shove OpenBSD onto the desktop is the ultimate case of
  square peg/round hole.
 

 Salim, that's quite strange. OpenBSD has worked on my Sun 4/110 desktop
 since 1995. And more recently, I've been using it on i386 and later even
 amd64 machines, as a desktop environment! It could just be some kind
 of hallucination. You know, I had this one dream of being tied up and
 injected with sodium pentothal...

 +1

MacBook Pro

[Alvaro Mantilla Gimenez]

Hi,

   I would like to know if anyone is using OpenBSD on MacBook pro (intel
based) and how well the system works on it. Is there any hardware issue?
Performance?

   Regards,

   Alvaro

Re: openbsd clusters

[Alvaro Mantilla Gimenez]

Hi,

  I am following this thread and I should say I consider myself a
totally beginner on this kind of subjects. Whit that being said I need to
ask this (probably I am wrong and I hope I am wrong because it gives me the
possibility to learn from your answers): is there a way that OpenAFS fits
in this design? I am thinking on a group of servers with some local
partition schemes like Nick's thread but those servers belong to an OpenAFS
cell/s for linear access from clients and all the replication that OpenAFS
seems to provide?

  Regards,

  Alvaro

2012/12/26 Johan Beisser j...@caustic.org

 On Sat, Dec 22, 2012 at 7:43 PM, Nick Holland
 n...@holland-consulting.net wrote:
  On 12/22/12 07:54, Friedrich Locke wrote:
  ...
  But for other services i don't have now what i could use. A example: i
 need
  a file system that must expand by adding more machine in the network in
 a
  simple way.
 
  in plain English: I'm not thinking out the design carefully, so I'm
  going to rely on fancy shit to haul my ass out of the fire when the
  predictable (and not so predictable) happens.

 Yes and no. Yes, the design is important. No, I actually do have a
 need for linear storage that can be easily expanded upon. I could use
 a NetApp or similar setup, but then I can't throw more CPU at the
 other side of the problem: using the stored data.

 So the bigger problem isn't storage space (disk is cheap, after all),
 rather than being able to slice and dice the data that's stored on the
 system. Processing huge files is much easier when when you have a
 dozen nodes to do it on.

 I fully agree that being able to later extract and migrate away from
 any storage solution is important. Along with that comes migration
 paths to new hardware, software, and simple failure recovery (bad
 disks, broken node, etc).

 Big data takes quite a bit of planning, but it's gotten much easier.
 Good thing I don't need to do this quickly...

Re: openbsd clusters

[Alvaro Mantilla Gimenez]

Is not this what you are trying to accomplish?

http://docs.openafs.org/AdminGuide/index.html#HDRWQ57.html#HDRWQ59

and then, adding space:

http://docs.openafs.org/AdminGuide/index.html#HDRWQ130.html

and if you need to move the volume to another partition/bigger disk:

http://docs.openafs.org/AdminGuide/index.html#HDRWQ177.html#HDRWQ179

Volumes are easy to move between partitions, on the same or different
machines, because they are by definition smaller than a partition. Perhaps
the most common reasons to move volumes are to balance the load among file
server machines or to take advantage of greater disk capacity on certain
machines. You can move volumes as often as necessary without disrupting
user access to their contents, because the move procedure makes the
contents unavailable for only a few seconds. The automatic tracking of
volume locations in the Volume Location Database (VLDB) assures that access
remains transparent.

Regards,

Alvaro

2012/12/27 Jiri B ji...@devio.us

 On Wed, Dec 26, 2012 at 03:26:43PM -0500, Nick Holland wrote:
  Probably thinking of this thread:
  http://marc.info/?t=117689108200011r=1w=2
  and my two contributions to it.  A number of other people provided some
  good (and some bad) comments, too...read through 'em all.  You get to
  decide which are useful and which are not, and what is right and what is
  wrong.
 
  Keep in mind that thread is almost six years old...500GB was a big disk
  back then.  However, I'm still quite proud of that system.
  (and in case you were wondering, my employment ended with that employer
  about four months later.  That also makes a great story, but quite
  off-topic.  They did replace my system with a proprietary system that
  cost many times as much).

 Only setup I can imagine which cannot fit into this setup of small
 partitions combined with filesystem structure and symlinks is this one

'unrestricted space offered directly to a user via ftp/sftp/ssh'

 As we cannot predict how fast and when he/she would fit the storage,
 moving later user's whole data to bigger one is slow and still not
 a solution.

 It seems to me that giving a user direct access to his data root dir
 while telling him about no space restriction is not possible.

 On the other hand, if the user would not require one big directory for
 his data, then filesystem layout could be hidden to the user and mentioned
 setup would fit - although instead of direct ftp/sftp the user would use
 some specialized client to get his files, the setup would use some UUID and
 keep track of UUID and his owner (or something similar).

 Any comments? Do exists some proxies which would mirror files immediately
 when a user is uploading them via some common protocol? And when the user
 deletes some of his files the proxy would delete the copy? (rsyncing
 later regularly could be quite problematic if you would have many users
 uploading for example a couple of GB files...).

 jirib

Weird sudo behavior?

[Alvaro Mantilla Gimenez]

Hi,

  Today I found something weird on sudo behavior (at least I wasn't aware
of this). I logged in my server using ssh public key. Once I was in, I
executed 'sudo -i' to become root. My user has full sudo access using
password. Everything normal so far. Then I need it to open a new terminal
(on my local computer) and opened a new ssh connection to the server again.
This second time, using a different tty, I executed 'sudo -i' again and the
server let me become root without ask for my password. Is this normal? I
can imagine a scenario where an attacker got the public and private key of
some user (but not the password) and just connect to the server and execute
sudo in a time frame near to the user and get root access. Should sudo
check, also, the tty of the user when is asking for the password? I am
running OpenBSD 5.0 without any possibility to test that on 5.1 or current.
Could somebody test it? Is that the normal behavior of sudo?

   Thanks so much in advance and kind regards,

 Alvaro

Re: Weird sudo behavior?

[Alvaro Mantilla Gimenez]

?? What are you trying to point me send me to the man page? The Once a
user has been authenticated, a timestamp is updated and the user may then
use sudo without a password for a short period of time (5 minutes unless
overridden in sudoers). part? I was aware of this. This is the normal sudo
behavior. My point is if it is fine that sudo assumes that one user
connected on two different ttys should share the timestamp and execute sudo
commands without ask for a password because then my paranoid scenario is
possible.

   Regards,

   Alvaro

2012/10/8 patrick keshishian pkesh...@gmail.com

 $ man sudo

 On Mon, Oct 8, 2012 at 4:19 PM, Alvaro Mantilla Gimenez
 alv...@alvaromantilla.com wrote:
  Hi,
 
Today I found something weird on sudo behavior (at least I wasn't aware
  of this). I logged in my server using ssh public key. Once I was in, I
  executed 'sudo -i' to become root. My user has full sudo access using
  password. Everything normal so far. Then I need it to open a new terminal
  (on my local computer) and opened a new ssh connection to the server
 again.
  This second time, using a different tty, I executed 'sudo -i' again and
 the
  server let me become root without ask for my password. Is this normal? I
  can imagine a scenario where an attacker got the public and private key
 of
  some user (but not the password) and just connect to the server and
 execute
  sudo in a time frame near to the user and get root access. Should sudo
  check, also, the tty of the user when is asking for the password? I am
  running OpenBSD 5.0 without any possibility to test that on 5.1 or
 current.
  Could somebody test it? Is that the normal behavior of sudo?
 
 Thanks so much in advance and kind regards,
 
   Alvaro

Re: Weird sudo behavior?

[Alvaro Mantilla Gimenez]

Thanks Todd!!

2012/10/8 Todd C. Miller todd.mil...@courtesan.com

 This is normal behavior for the version of sudo that ships with
 OpenBSD.  You can enable per-tty timestamps by enabling the tty_tickets
 option.  E.g., in sudoers add a line like:

 Defaults tty_tickets

  - todd

Re: sshguard

[Alvaro Mantilla Gimenez]

Is it a better solution than pf rules based on max-src-conn and/or
max-src-conn-rate?

According to the documentation sshguard add ip address to sshguard
tablesowhat about if I want to selectively block ip address to some
services and let other services open? (i.e.: one ip offending ssh access but
still I want to have smtp open for that ip). I can accomplish that with
different tables/rules on pf...is there any way to differentiate IPs blocked
by sshguard based on the offended service? (ssh, smtp,..).

Regards,

 Alvaro

El 25/07/2012, a las 09:50, Chris Lobkowicz escribió:


 Works very, very well I might add.

 Good luck!

 Cheers
 Chris

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD's webpage desing

[Alvaro Mantilla Gimenez]

Really? Can we do that? Seems, by this thread and previous about this subject,
that nobody is waiting for any diffs regarding this

 - Alvaro

El 27/06/2012, a las 02:12, Eric Furman escribió:

 We are all anxiously awaiting your diffs...

 On Tue, Jun 26, 2012, at 07:52 PM, Alvaro Mantilla Gimenez wrote:
 Why is not possible to apply a new css style to the current site? That
 has
 nothing to do with joomla (and similar) and would keep the site fast and
 compatible with, let's saylynx or whatever browser do you want to try
 with
 the site.

 I mean, for me the site is ok but a new css style could be a great thing
 too.
 Same speed, same compatibility, new design.

- Alvaro


 El 26/06/2012, a las 16:25, STeve Andre' escribió:

 On 06/26/12 17:57, Pablo Velasco Fernández wrote:
 I mean.. A modern style.
 El 26/06/2012 23:55, Miod Vallat m...@online.fr escribió:

 Hi. I was loolong the FreeBSD web page. And its a cool page with a
 cool
 desing. Maybe OpenBSD should change their own page to a most visual
 web
 page. ( Its only my opinion ) What do you think?
 Last time I checked, you could use eyes to browse the OpenBSD website.
 Why do you consider it non-visual?

 Miod


 OK, a modern style.

 But why?  Why is it that a web site that does what web sites should
 do--convey information--have to be redesigned in order to keep up
 with other sites?  I see this all the time, at work where people seem
 to think that things like Joomlacough are a good thing.  I shouldn't
 say just work, as I see it everywhere.

 The OpenBSD site is simple and fast.  I keep it in /usr/www which
 consumes 291M as of today.

 It's a great web site as it is.

 --STeve Andre'

 [demime 1.01d removed an attachment of type application/pgp-signature
 which had a name of signature.asc]

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD's webpage desing

[Alvaro Mantilla Gimenez]

That is a joke...right? Nothing is better than Django

El 27/06/2012, a las 11:48, Bret Lambert escribió:

 PHP is like s early 2000s.  When's Python gonna go into base?

 You're behind the times; python's been replaced by ruby running on top
 of mongodb

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD's webpage desing

[Alvaro Mantilla Gimenez]

Why is not possible to apply a new css style to the current site? That has
nothing to do with joomla (and similar) and would keep the site fast and
compatible with, let's saylynx or whatever browser do you want to try with
the site.

I mean, for me the site is ok but a new css style could be a great thing too.
Same speed, same compatibility, new design.

- Alvaro


El 26/06/2012, a las 16:25, STeve Andre' escribió:

 On 06/26/12 17:57, Pablo Velasco Fernández wrote:
 I mean.. A modern style.
 El 26/06/2012 23:55, Miod Vallat m...@online.fr escribió:

 Hi. I was loolong the FreeBSD web page. And its a cool page with a cool
 desing. Maybe OpenBSD should change their own page to a most visual
web
 page. ( Its only my opinion ) What do you think?
 Last time I checked, you could use eyes to browse the OpenBSD website.
 Why do you consider it non-visual?

 Miod


 OK, a modern style.

 But why?  Why is it that a web site that does what web sites should
 do--convey information--have to be redesigned in order to keep up
 with other sites?  I see this all the time, at work where people seem
 to think that things like Joomlacough are a good thing.  I shouldn't
 say just work, as I see it everywhere.

 The OpenBSD site is simple and fast.  I keep it in /usr/www which
 consumes 291M as of today.

 It's a great web site as it is.

 --STeve Andre'

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD is just an OS, not a firewall...

[Alvaro Mantilla Gimenez]

Uuuseems the guy (Keith whatever) has some issues in his brain
right now. Hahahahahahaha!!

 I challenge you to go onto forums.pfsense.org and tell them that. There are
plenty of security professionals there who are clearly more experienced than
you who will put you straight!

Can´t wait to read the answer to this...

Cheers,

 Alvaro

El 08/06/2012, a las 13:07, Brian Hechinger escribió:

 On 6/8/2012 1:55 PM, Chris Smith wrote:
 ... if you really want a firewall you need pfSense.

 Also if you  walk into any security experts convention and claim that
 raw OpenBSD is a firewall, you will get laughed out of the room for
 lack of clue.

 Guess I've been wrong all these years: see the comments to
 https://plus.google.com/u/0/104027218792812194992/posts/K3NsGE2UrCe


 I cannot press the +1 button on your response hard enough.  And there is no
+5 button.

 If I could be bothered to setup a G+ account I would be right there with
him.

 -brian

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

OT: SSH not secure?

[Alvaro Mantilla Gimenez]

According these guys connect trough SSH to a remote server is not secure...

http://www.wziss.com/

Look in Case Studies

Cheers,

Alvaro

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OT: SSH not secure?

[Alvaro Mantilla Gimenez]

Exactly! LOL

El 09/05/2012, a las 09:53, S. Scott escribis:

 On May 9, 2012, at 11:25, Alvaro Mantilla Gimenez
 alv...@alvaromantilla.com wrote:

 According these guys connect trough SSH to a remote server is not
secure...

 http://www.wziss.com/

 Look in Case Studies

 Cheers,

   Alvaro

 [demime 1.01d removed an attachment of type application/pgp-signature which
had a name of signature.asc]


 Lets break this down.  You have a case where a malicious administrator
 -- whom you granted elevated trust and permissions -- with physical
 access and the technical 'clearance' to install and run all the
 mentioned hack tools and, by extrapolation, any/all the other
 unmentioned hack tools as well that would yield User's password and
 you're concerned about ssh.

 Good luck with your malicious administrator and the other 999,999
 things you really need to be concerned about.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OT: SSH not secure?

[Alvaro Mantilla Gimenez]

Thanks for pointing that article out. I read that paper sometime ago.

My intention with this thread was exactly this: get a lot of comments and put
some smiles in people4s faces.

I received this trough linkedin from some experts group or something like that
(yeap...no comments).

Is interesting how many people believe on information that they just received
on a social (professional???) network...

Cheers,

Alvaro

El 09/05/2012, a las 12:39, bofh escribis:

 I think Alvaro should read the classic paper: Reflections on Trusting
Trust.

 Alvaro,
 Written by one of the guys who wrote UNIX and the original C compiler,
 which is what almost every UNIX based system is derived from...

 http://cm.bell-labs.com/who/ken/trust.html

 --
 http://www.glumbert.com/media/shift
 http://www.youtube.com/watch?v=tGvHNNOLnCk
 This officer's men seem to follow him merely out of idle curiosity.
 -- Sandhurst officer cadet evaluation.
 Securing an environment of Windows platforms from abuse - external or
 internal - is akin to trying to install sprinklers in a fireworks
 factory where smoking on the job is permitted.  -- Gene Spafford
 learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Intel i7 -- OpenBSD amd64

[Alvaro Mantilla Gimenez]

Hi,

  I just want to confirm if intel i7 975 processor are capable to run
OpenBSD amd64 version.

  Thanks for your replys in advance.

  Kind Regards,

 Alvaro

Re: Intel i7 -- OpenBSD amd64

[Alvaro Mantilla Gimenez]

Thanks so much for the info!

Alvaro

El 01/03/12 08:47, Vijay Sankar escribis:
 OpenBSD runs very well on the following box that has an i7 processor
 -- I am not sure what the 975 refers to.

 $ sysctl hw
 hw.machine=amd64
 hw.model=Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
 hw.ncpu=8
 hw.byteorder=1234
 hw.pagesize=4096
 hw.disknames=sd0:33c4756503ecdda1,sd1:,sd2:67fc90b2b8ff86cc
 hw.diskcount=3
 hw.sensors.cpu0.temp0=44.00 degC
 hw.sensors.cpu1.temp0=44.00 degC
 hw.sensors.cpu2.temp0=44.00 degC
 hw.sensors.cpu3.temp0=44.00 degC
 hw.sensors.cpu4.temp0=44.00 degC
 hw.sensors.cpu5.temp0=44.00 degC
 hw.sensors.cpu6.temp0=44.00 degC
 hw.sensors.cpu7.temp0=44.00 degC
 hw.cpuspeed=3411
 hw.setperf=100
 hw.vendor=ASUSTeK Computer INC.
 hw.product=P8H67-M EVO


 Vijay Sankar, M.Eng., P.Eng.
 ForeTell Technologies Limited
 vsan...@foretell.ca

 -
 This message was sent using ForeTell-POST 4.9

[SOLVED] NDOutils 1.5 on OpenBSD 5.0

[Alvaro Mantilla Gimenez]

El 09/02/12 08:42, Nigel Taylor escribis:
 env CFLAGS=-g -O2 -I/usr/local/include -fPIC ./configure --disable-pgsql 
 --enable-mysql
That worked great!!!

Thanks so much!!

Alvaro

NDOutils 1.5 on OpenBSD 5.0

[Alvaro Mantilla Gimenez]

Hi,

  I am trying to install NDOutils 1.5 on OpenBSD 5.0 amd64. I am having
a weird error during compilation. I would like to know if somebody on
this list has NDOutils 1.5 running with Nagios (from ports). Also, I
created a pastebin file just in case somebody is interested on this (
http://pastebin.com/NpW4h9Lf ).

  Thanks!

 Alvaro Mantilla

Re: NDOutils 1.5 on OpenBSD 5.0

[Alvaro Mantilla Gimenez]

Hi Stuart,

El 08/02/12 20:09, Stuart Henderson escribis:
 On 2012-02-08, Alvaro Mantilla Gimenez alv...@alvaromantilla.com wrote:
 Hi,

   I am trying to install NDOutils 1.5 on OpenBSD 5.0 amd64. I am having
 a weird error during compilation.
 Not really weird, your include search path is wrong. Look at where
 gcc is searching and compare to where the files are.
Are we talking about this error?

/usr/bin/ld: /tmp//ccdrJBOI.o: relocation R_X86_64_32 can not be used
when making a shared object; recompile with -fPIC
/tmp//ccdrJBOI.o: could not read symbols: Bad value
collect2: ld returned 1 exit status

I am not sure if this is something autogenerated by configure command
or it is something I should change...somewhere...or just a GCC issue
related with the platform (amd64).

Also, I research about this and it seems it is related with amd64
only...other 64 bits platforms seems not have any issues like this.

   I would like to know if somebody on
 this list has NDOutils 1.5 running with Nagios (from ports).
 No but icinga + idoutils is in ports/packages and should work ok.
 (the core program and classic aka nagios-style-but-nicer cgi web
 interface work well; idoutils has seen a bit less testing but should
 also work, the icinga-web port isn't quite finished yet but my
 uncommitted diffs are not far off).
Thanks for the tip about icinga + idoutils. I will test those too.

  Regards,

 Alvaro

RT 4 on OpenBSD 5.0

[Alvaro Mantilla Gimenez]

Hi,

  I would like to know if somebody is running RT 4 on OpenBSD. It seems
the port documentation is not clear enough about how to configure RT on
chrooted apache or not chrooted at all. Also, if someone is running RT
with mod_fastcgi I am interested too.

  Regards,

  Alvaro

Diaspora pod on OpenBSD

[Alvaro Mantilla Gimenez]

Hi,

   Is anyone running a diaspora pod on OpenBSD? I am having a personal 
fight today with ruby/gems/bundler/ffi but I was thinking if anyone is 
running diaspora already...


   Cheers,

Alvaro

Network controller: Intel Corporation Centrino Wireless-N + WiMAX 6150

[Alvaro Mantilla Gimenez]

Hi,

  Anybody knows if Network controller: Intel Corporation Centrino  
Wireless-N + WiMAX 6150 works on OpenBSD. It seems to fit on iwn but  
not sure. I really appreciate if somebody can canfirm if this wireless  
nic works or not.


  Regards,

 Alvaro




This message was sent using IMP, the Internet Messaging Program.

Re: Network controller: Intel Corporation Centrino Wireless-N + WiMAX 6150

[Alvaro Mantilla Gimenez]

Thanks so much Dave!!



I've no information as to whether or not it actually works (I was
test-booting a store demo system), but the 17 August 5.0 snapshot
recognized and configured it.

Dave

--
Dave Anderson
d...@daveanderson.com







This message was sent using IMP, the Internet Messaging Program.

KDE 4 on OpenBSD

[Alvaro Mantilla Gimenez]

Hi,

  Is anybody using KDE 4 on OpenBSD? This port has been marked as  
broken for a while. Which is the real status of this port?


  Thanks!

 Alvaro






This message was sent using IMP, the Internet Messaging Program.

Re: KDE sftp: URLs in OpenBSD 4.9

[Alvaro Mantilla Gimenez]

Hi,

   Same error here...

 Alvaro

On Sat July 9 2011 10:39:13 Federico Giannici wrote:
 Anybody can confirm that KDE sftp: URLs still work correctly under
 OpenBSD 4.9 (amd64)?

 Since I upgraded from 4.8 to 4.9 all the sftp://; URLs of KDE no longer
 work for me. I always get the error Error encountered while talking to
 ssh.

 I'd like to know if it's a common problem of 4.9 or is only in my
 installation...

 Thanks.

Weird crash on OpenBSD 4.8

[Alvaro Mantilla Gimenez]

 141 140 139 138 137 136 135 134 
133 132 131 130 129 128 127 126 125 124 123 122 121 120 119 118
117 116 115 114 113 112 111 110 109 108 107 106 105 104 103 102 101 100 99 
98 97 96 95 94 93 92 91 90 89 88 87 86 85 84 83 82 81 80 79 78 77 76 75 74 
73 72 71 70 69 68 67 66 65 64 63 62 61 60 59 58 57 56 55 54
 53 52 51 50 49 48 47 46 45 44 43 42 41 40 39 38 37 36 35 34 33 32 31 30 
29 28 27 26 25 24 23 22 21 20 19 18 17 16 15 14sdisplay0: screen 1-5


  /var/spool was missing (sendmail didn't start up because of that) and 
not sure if another directories are missing too (everything seems to work 
fine now).


  /var/crash has the two expected files in cases like this one: bsd.0 
and bsd.0.core (also bounds and minfree) (All these files I can send if 
necessary).


  There is another file: /httpd.core

  Should I feel worried about this? Any clue what should be the cause of 
this crash?


  Kind Regards,


--
 Alvaro Mantilla Gimenez
http://alvaromantilla.com/
  email: alv...@alvaromantilla.com
--

Configure Mason to run under OpenBSD Apache 1.3

[Alvaro Mantilla Gimenez]

Hi,

  Is there anyone with an example how to set the Apache directives in 
OpenBSD's Apache (running under chroot) in httpd.conf? I think I missing 
something because I received the error message on logs saying there is not 
possible to create dir /var/www/mason/obj but the directory is there with 
permissions set to Apache's user and group (www).


  Regards,

   Alvaro


--
 Alvaro Mantilla Gimenez
http://alvaromantilla.com/
  email: alv...@alvaromantilla.com
--

Re: Configure Mason to run under OpenBSD Apache 1.3

[Alvaro Mantilla Gimenez]

Thanks Devin! You are right! I just added:

  PerlSetVar MasonDataDir /mason

and everything works now.

Thanks so much.

 Alvaro


On Sun, 2 Jan 2011, Devin Ceartas wrote:


Date: Sun, 2 Jan 2011 13:20:17
From: Devin Ceartas nacred...@gmail.com
To: Alvaro Mantilla Gimenez u...@alvaromantilla.com
Cc: misc@openbsd.org
Subject: Re: Configure Mason to run under OpenBSD Apache 1.3

On Jan 2, 2011, at 12:52 PM, Alvaro Mantilla Gimenez wrote:


Hi,

Is there anyone with an example how to set the Apache directives in 
OpenBSD's Apache (running under chroot) in httpd.conf? I think I missing 
something because I received the error message on logs saying there is not 
possible to create dir /var/www/mason/obj but the directory is there with 
permissions set to Apache's user and group (www).


Regards,

 Alvaro


I've run Mason under OpenBSD thought it's been a while. You probably want to 
change the directives so that it's looking for /mason/obj (since it's in 
chroot).


-- devin



--
 Alvaro Mantilla Gimenez
http://alvaromantilla.com/
  email: alv...@alvaromantilla.com
--

cdce0: too many errors, disabling

[Alvaro Mantilla Gimenez]

Hi,

 I have a laptop connected to the Internet trough a cable modem plugged
in to a usb port (cdce). For some unknown reason I receive in the logs
this message:

   cdce0: usb error on rx: IOERROR
   cdce0: usb error on tx: IOERROR
   cdce0: too many errors, disabling

 After that the internet connection goes down and the only way to go
back to normal is rebooting the laptop (not the cable modem).

 I tried to down the device with ifconfig and then go back to up. Does
not work.

 Is there any way to enable the cdce device again from ksh? Why is this
happening?

 Regards,

 Alvaro

Re: cdce0: too many errors, disabling

[Alvaro Mantilla Gimenez]

Also, I forgot to tell:

 The laptop is running OpenBSD 4.7

 Regards,

  Alvaro

Alvaro Mantilla Gimenez wrote:
 Hi,
 
  I have a laptop connected to the Internet trough a cable modem plugged
 in to a usb port (cdce). For some unknown reason I receive in the logs
 this message:
 
cdce0: usb error on rx: IOERROR
cdce0: usb error on tx: IOERROR
cdce0: too many errors, disabling
 
  After that the internet connection goes down and the only way to go
 back to normal is rebooting the laptop (not the cable modem).
 
  I tried to down the device with ifconfig and then go back to up. Does
 not work.
 
  Is there any way to enable the cdce device again from ksh? Why is this
 happening?
 
  Regards,
 
  Alvaro

opensmtpd

[Alvaro Mantilla Gimenez]

Hello,

Is anyone using OpenSMTPD in production already? If the answer is
yes..which numbers are handling by OPenSMTPD? (email average by day,
etc...)

Regards,

Alvaro

-- 
Alvaro Mantilla Gimenez alv...@alvaromantilla.com

Re: State of multiprocessing and multithreading in OpenBSD

[Alvaro Mantilla Gimenez]

On Thu, 2010-05-06 at 14:29 +1200, richardtoo...@paradise.net.nz wrote:
 Quoting Juan Miscaro jmisc...@gmail.com:
cut
 Someone told me my Atari ST was garbage and their Amiga was better.

Of course Amiga was better!!! :-P

  --
cut
  /jm


-- 
Alvaro Mantilla Gimenez alv...@alvaromantilla.com

CVS problems OpenBSD 4.5

[Alvaro Mantilla Gimenez]

Hi,

 Today I was trying to update my /usr/src files (as usual) and I got
this errors:

 1) with cvsroot=anon...@anga.funkfeuer.at:/cvs

 # cvs -d$CVSROOT up -rOPENBSD_4_5 -Pd
ssh_exchange_identification: Connection closed by remote host
cvs [update aborted]: end of file from server (consult above messages if
any)

 2) with cvsroot=anon...@anoncvs.de.openbsd.org:/cvs

 The authenticity of host 'anoncvs.de.openbsd.org (131.188.40.91)' can't
be established.
RSA key fingerprint is bc:8e:dd:84:2d:6a:ed:6d:33:e7:46:d9:83:00:1b:ff.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'anoncvs.de.openbsd.org,131.188.40.91' (RSA)
to the list of known hosts.
anon...@anoncvs.de.openbsd.org's password:


 Anybody else noticed this?


 Regards,

  Alvaro

Re: softraid crypto performance

[Alvaro Mantilla Gimenez]

On Tue, 2009-11-10 at 21:31 +0100, Michael wrote:
 Hi,
 
 when using softraid crypto with OpenBSD 4.6-current I never get more
 than ~10-11 MB/s disk writing speed even though the disk (WD Raptor 73
 GB) itself, without crypto, can do way more.

Uh...that sounds wear to me. I just copy 70 Gb from a USB SATA HD to
the local partitions under a softraid crypto device and I get 14-16 Mb/s
all the time. Of course I don't expect more from a USB
device...so...there is something more in your set up that it is
affecting the speed.

Re: Encrypting /home on OpenBSD Laptops

[Alvaro Mantilla Gimenez]

On Sat, 2009-10-31 at 09:00 -0500, Jacob Yocom-Piatt wrote:

 - when you reboot, the boot process will 'fail' and dump you to shell 
 since sd1 is not unlocked as part of the boot process
 - at a shell do the following to get your disk rollin: bioctl -c C -l 
 /dev/sd0b softraid0, enter passphrase, issue 'fsck -fp  exit' if you 
 had a dirty shutdown otherwise just type exit
 - normal boot resumes and you've got your machine running with 
 everything but root encrypted

I just configure an old laptop with three partitions in it:

wd0a for /
wd0b for swap
wd0d for RAID

I created the partitions for the rest of the system into the softraid
device during the install process and everything was fine. I really
don't notice any performance problem using the laptop as usually do
(check email, surf the net, etc...) but it is a pain in the ass the boot
process going to the shell every time and need to type: bioctl -c C
-l /dev/wd0d

Is it possible to add the bioctl line in some file with the objective to
not write that line all the times? (rc file??) The idea is just to get
the passphrase question before continue the normal boot. If it is
possible...where? I mean, the rc file is very important and I don't want
to fuck the boot process putting the line in the wrong place...

Regards,

  Alvaro

Re: Encrypting /home on OpenBSD Laptops

[Alvaro Mantilla Gimenez]

On Sun, 2009-11-08 at 00:41 +, Matthew Szudzik wrote:
 On Sat, Nov 07, 2009 at 05:39:47PM -0600, Alvaro Mantilla Gimenez wrote:
  (check email, surf the net, etc...) but it is a pain in the ass the boot
  process going to the shell every time and need to type: bioctl -c C
  -l /dev/wd0d
 
  http://marc.info/?l=openbsd-miscm=124187397614485

Thanks so much !! Works fine !!

 Alvaro

SSL decryption failed or bad record mac

[Alvaro Mantilla Gimenez]

Hi,

  I noticed these lines in my system log files and I am curious. What
does it means exactly?

--
Oct 16 11:38:36 mail sm-mta[19345]: STARTTLS=server, error: accept
failed=-1, SSL_error=1, errno=0, retry=-1

Oct 16 11:38:36 mail sm-mta[19345]: STARTTLS=server:
19345:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or
bad record mac:/usr/src/lib/libssl/src/ssl/s3_pkt.c:424:
--

   Regards,

   Alvaro

Re: SSL decryption failed or bad record mac

[Alvaro Mantilla Gimenez]

Philip Guenther escribis:
 On Friday, October 16, 2009, Alvaro Mantilla Gimenez  wrote:
   I noticed these lines in my system log files and I am curious. What
 does it means exactly?

 It means the client, the server, or both have broken cipher
 implementations. What platform and SSL implementation is the client?
 Historically, there have been broken versions of OpenSSL and certain
 compilers have generated broken cipher code (SunStudio 10...).

 Philip Guenther

From my side is an OpenBSD 4.4 mail server. I don't know the other side.
It seems there is a problem with the TLS negotiation.

I assume the other side has a problem because this server works OK with
TLS/SSL for the rest of the users/mails.

Alvaro

Re: SSL decryption failed or bad record mac

[Alvaro Mantilla Gimenez]

Alvaro Mantilla Gimenez escribis:
 Philip Guenther escribis:
 On Friday, October 16, 2009, Alvaro Mantilla Gimenez  wrote:
   I noticed these lines in my system log files and I am curious. What
 does it means exactly?
 It means the client, the server, or both have broken cipher
 implementations. What platform and SSL implementation is the client?
 Historically, there have been broken versions of OpenSSL and certain
 compilers have generated broken cipher code (SunStudio 10...).

 Philip Guenther

From my side is an OpenBSD 4.4 mail server. I don't know the other side.
 It seems there is a problem with the TLS negotiation.

 I assume the other side has a problem because this server works OK with
 TLS/SSL for the rest of the users/mails.

 Alvaro

Question: It could be an attack to figure out the cipher?

Alvaro

Re2: OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

patrick keshishian escribis:
 On Fri, Oct 2, 2009 at 8:21 PM, Alvaro Mantilla Gimenez
 alv...@dydnetworks.com wrote:
 Hi,

  I found a wear behavior of pfctl.

  I have this pf.conf (I am going to show only the lines that matters):

  -
  external = cdce0

  internal = re0

  set loginterface $external

  set loginterface $internal
  -

  According to this both interfaces are collecting statistics...but if I
 run the command pfctl -s info then shows:

 I don't think that is true. I believe you can only 'set loginterface'
 for only one interface or interface-group:

 $ man pf.conf
 /loginterface
  set loginterface
  Enable collection of packet and byte count statistics for the
  given interface or interface group.


from the man page too:

# pfctl -s info

In this example pf(4) collects statistics on the interface named dc0:

  set loginterface dc0

I am not a native english speaker but...maybe the man page is ambiguous?

Re: OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

patrick keshishian escribis:
 On Fri, Oct 2, 2009 at 8:21 PM, Alvaro Mantilla Gimenez
 alv...@dydnetworks.com wrote:
 Hi,

  I found a wear behavior of pfctl.

  I have this pf.conf (I am going to show only the lines that matters):

  -
  external = cdce0

  internal = re0

  set loginterface $external

  set loginterface $internal
  -

  According to this both interfaces are collecting statistics...but if I
 run the command pfctl -s info then shows:

 I don't think that is true. I believe you can only 'set loginterface'
 for only one interface or interface-group:

 $ man pf.conf
 /loginterface
  set loginterface
  Enable collection of packet and byte count statistics for the
  given interface or interface group.

 $ man ifconfig
 /group
  group group-name
  Assign the interface to a ``group''.  Any interface
can
  be in multiple groups.

 might be what you are looking for.


Are the interfaces re0 and cdce0 in the same group??
There is no groups on re0 definition...

$ ifconfig -a


lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:a0:d1:5e:a0:63
description: RED_INTERNA
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 7.7.7.1 netmask 0xff80 broadcast 7.7.7.127
inet6 fe80::2a0:d1ff:fe5e:a063%re0 prefixlen 64 scopeid 0x1
wpi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:18:de:a6:e7:64
priority: 0
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid 
enc0: flags=0 mtu 1536
priority: 0
cdce0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 2a:cb:02:bf:5d:00
description: CABLE_MODEM
priority: 0
groups: egress
inet6 fe80::28cb:2ff:febf:5d00%cdce0 prefixlen 64 scopeid 0x5
inet 190.XXX.XX.XXX netmask 0xff00 broadcast 255.255.255.255
pflog0: flags=141UP,RUNNING,PROMISC mtu 33204
priority: 0
groups: pflog


  After that I commented the line #set loginterface $internal and then
 the output was this:

 Reverse the order of 'set loginterface ...' in your pf.conf and try
 `pfctl -si'. Does that reverse your findings?

 --patrick

set loginterface $internal

set loginterface $external

# pfctl -si


Status: Enabled for 0 days 02:07:42   Debug: Urgent

Interface Stats for cdce0 IPv4 IPv6
  Bytes In228341460
  Bytes Out1370195   64
  Packets In
Passed   192760
Blocked4120
  Packets Out
Passed   145121
Blocked1610

State Table  Total Rate
  current entries   31
  searches   734869.6/s
  inserts 22230.3/s
  removals21920.3/s
Counters
  match   24360.3/s
  bad-offset 00.0/s
  fragment   00.0/s
  short  00.0/s
  normalize  00.0/s
  memory 00.0/s
  bad-timestamp  00.0/s
  congestion 00.0/s
  ip-option  00.0/s
  proto-cksum00.0/s
  state-mismatch 00.0/s
  state-insert   00.0/s
  state-limit00.0/s
  src-limit  20.0/s
  synproxy 4740.1/s

Same thing

  Alvaro

Re: OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

patrick keshishian escribis:

 Not the same thing. The reverse; which indicates that only the last
 `set loginterface $if' is used; that is, you may not specify multiple
 `set loginterface $if' options.

 Try, adding your re0 and cdce0 to a single user defined group and use
 that group in your pf.conf for `set loginterface $thegroup'. But I
 suspect, this may not be what you are looking for.

 $ sudo ifconfig re0 group alvaro
 $ sudo ifconfig cdce0 group alvaro
 $ ifconfig

 to verify group names, then change your /etc/pf.conf to include:

 set loginterface alvaro

 reload rules:

 $ sudo pfctl -f /etc/pf.conf
 $ sudo pfctl -si

 That should give you stats for all interfaces belonging to the group
 alvaro. But, once again, this may not be what you want.

That will give me the total amount of statistics for the group, right?
That's not I want. I want to have separate statistics for the external
interface and for the internal network. The firewall itself generates
traffic that it is not related with the internal network.

So, according to thisthere is no possible to get separate statistics
for more than one interface or one groupright?


 --patrick

Alvaro

Re: Re2: OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

Henning Brauer escribis:
 sigh. a long thread with the blind helping the blind and nobody
 bothering to read the manpage.

 br...@cr21.ham  $ sudo pfctl -vvsI -i vlan2
 vlan2
 Cleared: Thu Mar 12 15:07:47 2009
 References:  [ States:  0  Rules: 778 ]
 In4/Pass:[ Packets: 10049782204Bytes: 4289025400994
]
 In4/Block:   [ Packets: 1148385Bytes: 143079702 ]
 Out4/Pass:   [ Packets: 10158717276Bytes: 5573115663328
]
 Out4/Block:  [ Packets: 38705353   Bytes: 2696216698 ]
 In6/Pass:[ Packets: 0  Bytes: 0 ]
 In6/Block:   [ Packets: 46 Bytes: 3312 ]
 Out6/Pass:   [ Packets: 2  Bytes: 136 ]
 Out6/Block:  [ Packets: 0  Bytes: 0 ]



Correct !! That give me the statistics of the interface that I want but
the problem here was originated because pfstats didn't show anything
with the two set loginterface $... defined...and I assumed (probably
wrong) that it was for the behavior of pfctl -s info.

Alvaro

Re: OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

Peter N. M. Hansteen escribis:
 Alvaro Mantilla Gimenez alv...@dydnetworks.com writes:

 That will give me the total amount of statistics for the group, right?
 That's not I want. I want to have separate statistics for the external
 interface and for the internal network. The firewall itself generates
 traffic that it is not related with the internal network.

 Well, in addition to the stuff henning mentioned, you could do things
 like use labels in your rules to collect statistics, or for that
 matter collect netflow data via pflow(4) and do all the data massaging
 you could possibly want based on the data you collect.

 Just my NOK 0.02.



Uhyeap. I remembered to read about netflow in your book (very
good by the way).

I am already using labels on my rules. The point was to use pfstat to
create the graphics (which is the way that I usually do) for each
interface separately.

Use netflow and the tools appropriated drive me in other direction to
get the graphics.

Thanks so much for your responses.

  Alvaro

OpenBSD 4.5: pfctl -s info fails to give me the right interface statistics

[Alvaro Mantilla Gimenez]

Hi,

  I found a wear behavior of pfctl.

  I have this pf.conf (I am going to show only the lines that matters):

  -
  external = cdce0

  internal = re0

  set loginterface $external

  set loginterface $internal
  -

  According to this both interfaces are collecting statistics...but if I
run the command pfctl -s info then shows:

  Status: Enabled for 2 days 05:32:27   Debug: Urgent

Interface Stats for re0   IPv4 IPv6
  Bytes In70220217  256
  Bytes Out 1143449060   64
  Packets In
Passed  7294630
Blocked   13054
  Packets Out
Passed 10305551
Blocked  00

State Table  Total Rate
  current entries   31
  searches 3537290   18.4/s
  inserts555610.3/s
  removals   555300.3/s
Source Tracking Table
  current entries0
  searches  520.0/s
  inserts   450.0/s
  removals  450.0/s
Counters
  match  578780.3/s
  bad-offset 00.0/s
  fragment   00.0/s
  short  00.0/s
  normalize  00.0/s
  memory 00.0/s
  bad-timestamp  00.0/s
  congestion 00.0/s
  ip-option  00.0/s
  proto-cksum00.0/s
  state-mismatch 30.0/s
  state-insert   00.0/s
  state-limit00.0/s
  src-limit  60.0/s
  synproxy38950.0/s

 These are the statistics from the re0. Where are the statistics for
cdce0?? At the beginning I thought that I must specify the interface
too, so I run pfctl -s info -i cdce0 and this is what I get:

Status: Enabled for 2 days 05:36:14   Debug: Urgent

Interface Stats for re0   IPv4 IPv6
  Bytes In70246068  256
  Bytes Out 1143604443   64
  Packets In
Passed  7298020
Blocked   13054
  Packets Out
Passed 10310601
Blocked  00

State Table  Total Rate
  current entries   18
  searches 3538763   18.3/s
  inserts555700.3/s
  removals   20.3/s
Counters
  match  578870.3/s
  bad-offset 00.0/s
  fragment   00.0/s
  short  00.0/s
  normalize  00.0/s
  memory 00.0/s
  bad-timestamp  00.0/s
  congestion 00.0/s
  ip-option  00.0/s
  proto-cksum00.0/s
  state-mismatch 30.0/s
  state-insert   00.0/s
  state-limit00.0/s
  src-limit  60.0/s
  synproxy39030.0/s

 Uhmmmre0 again.

 After that I commented the line #set loginterface $internal and then
the output was this:

 pfctl -s info

 Status: Enabled for 2 days 05:45:35   Debug: Urgent

Interface Stats for cdce0 IPv4 IPv6
  Bytes In  11416929580
  Bytes Out   69905474   64
  Packets In
Passed 10257710
Blocked   36130
  Packets Out
Passed  7324701
Blocked   13170

State Table  Total Rate
  current entries   17
  

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

David Vasek escribis:

 Hi,

 OSX has a system_profiler(8) command, which gives you a lot of
 information about the hardware:

 # system_profiler -detailLevel full

 It might help. But don't post the -detailLevel full output to misc@ as
 it is really huge, I think -detailLevel basic would be enough.

 As for the dmesg, isn't it written out somewhere by syslogd?

Uhmmmit seems there is no system_profiler command. Is there any
other command to get that information?

After the upgrade to 3.0 I losted a lot of unix commands (top, for
example) which it seems to work only on 2.X firmwares.

Anybody can run dmesg on iPhone/iPod Touch running 2.X?

Regards,

   Alvaro

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

I just found somebody port the netbsd man pages to the iphone (which is
nothing to me).

Brian W. escribis:
 Alvaro Mantilla Gimenez wrote:
 Totally offtopic:

 Reading the article posted on undeadly.org:
 http://www.informit.com/articles/article.aspx?p=1393496

 I was thinking it would be cool to have an Iphone running OpenBSD...

 Imagine that: the most secure phone in the planet :-P

 Regards,

   Alvaro

 The netbsd guys try to run in just about anything with a chip in it,
 have they done it yet?

 Brian

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

I just found this page:

http://linuxoniphone.blogspot.com/2008/06/why-iphone-linux.html

I don't have any idea about how/where to start. Maybe Theo can put some
light here...I think my developer skills are far to be good enough but,
hey...I would like to try !!

Regards,

Alvaro

beowuff escribis:
 Reading the article posted on undeadly.org:
 http://www.informit.com/articles/article.aspx?p=1393496

 I was thinking it would be cool to have an Iphone running OpenBSD...

 Imagine that: the most secure phone in the planet :-P


 Man, I have an old 1st gen iPhone just sitting there... I would so put
 OpenBSD on it. Unfortunately, I wouldn't know where to begin :(

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Joachim Schipper escribis:


 Actually, I think that's a rather low estimate. A lot of what people
 seem to like about the iPhone is the software: the hardware is neat and
 all, but not *that* different from other smartphones. Apple has spent a
 lot of money producing a really polished UI; duplicating that on OpenBSD
 would be an unpleasantly large amount of work.

That is a very good point.


 Of course, if you're happy with a basic (X) terminal, that's a lot
 easier: but I don't really see the advantage of the iPhone over other
 smartphones there.

As a small server maybe it could have a little fluxbox screen just to
see the status of network, cpu load, etc...


 Or am I missing something? I must admit to not being sufficiently
 interested in this stuff to follow all the minutiae...

   Joachim

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Jan Stary escribis:

  We will be trying to develop an entire suite of device
  drivers for undocumented hardware and then attempt to run
  a full-fledged operating system on it.

 Just hack away! After reading
 http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
 of course.


Compare the two phones is not the point here...this guy does not have
any clue about what the iPhone is and probably he is using his Nokia to
give pleasure himself through his ass.

The site describes a normal iPhone. A Jailbroken iPhone with cydia and
all the packages and cool stuff is a different beast. You can run perl,
php, python, ruby, apache, svn, cvs, etc...you can manage your servers
(the example that the guy is using against the iPhone) trough the
Terminal application and connect with openssh, rdp or vnc...whatever you
want.

The keyboard comment...it is just valid for an English speaker...if you
are from other language with more complex characters then you do less
work because is more easy to select that characters and guest what? you
do less taps and the end of the day.

You can actually said: Hey, here is your small server for your small
office...right here in my pocket !! You can use it as media server,
web server, backup server Take a look to cydia and the repositories.

It has support for MMS and Video recording (yes..cycorder), IM (too many
clients...you already have problems to choose one because of that), vlc,
mplayer, mxtube (In fact...I downloaded the slackathon conferences with
that), SIP, VoIP and a lot of other cool stuff. You can, from long time
ago, personalize your ringtones without iTunes...so...that site is just
the opinion from one guy that does not know wtf he is talking about.

The actual point of the post was to have an iPhone/iPod Touch running as
small SECURE server.

It is running a BSD OS already...but not secure. That's the point of all
this post.

Regards,


 Alvaro

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Jacob Yocom-Piatt escribis:


 getting openbsd working on an iphone would be a pretty serious
 undertaking and would require a lot of man hours that aren't currently
 available. you have to remember that the project is mostly driven by
 donated developer time.

Yes, I know. The developers are doing an amazing work. I am very
grateful for this awesome OS.


 there is no doubt this would be sweet but you have to be realistic when
 considering the amount of work it would take to make this happen. there
 are 10 mln iphones in circulation so there is no shortage of machines

There is nothing it could be used from the ARM OpenBSD release? Maybe is
a start...

The iPhone is already using a BSD OS..so..is it possible that some of
the drivers required are already functional?

Check this:

$ ssh r...@iphone | tee iphone.txt
r...@iphone's password:

root# df -h
FilesystemSize  Used Avail Use% Mounted on
/dev/disk0s1  500M  420M   76M  85% /
devfs  25K   25K 0 100% /dev
/dev/disk0s2  7.1G  1.9G  5.3G  27% /private/var

KKroto:~ root# sysctl -a
kern.ostype = Darwin
kern.osrelease = 10.0.0d3
kern.osrevision = 199506
kern.version = Darwin Kernel Version 10.0.0d3: Wed May 13 22:11:58 PDT
2009; root:xnu-1357.2.89~4/RELEASE_ARM_S5L8900X
kern.maxvnodes = 800
kern.maxproc = 52
kern.maxfiles = 12288
kern.argmax = 262144
kern.securelevel = 0
kern.hostname = KKroto
kern.hostid = 0
kern.clockrate: hz = 100, tick = 1, profhz = 100, stathz = 100
kern.posix1version = 200112
kern.ngroups = 16
kern.job_control = 1
kern.saved_ids = 1
kern.boottime = Fri Sep 18 09:32:58 2009
kern.nisdomainname =
kern.maxfilesperproc = 10240
kern.maxprocperuid = 26
kern.dummy = 0
kern.dummy = 0
kern.usrstack = 805306368
kern.dummy = 0
kern.dummy = 0
kern.dummy = 0
kern.exec: unknown type returned
kern.aiomax = 10
kern.aioprocmax = 4
kern.aiothreads = 2
kern.corefile = /cores/core.%P
kern.delayterm = 0
kern.shreg_private = 0
kern.usrstack64 = 8247063986311266304
kern.procname =
kern.speculative_reads_disabled = 0
kern.osversion = 7A341
kern.safeboot = 0
kern.rage_vnode = 0
vfs.hfs has 2 mounted instances
hw.machine = iPhone1,1
hw.model = M68AP
hw.ncpu = 1
hw.byteorder = 1234
hw.physmem = 121634816
hw.usermem = 93564928
hw.pagesize = 4096
hw.epoch = 1
hw.vectorunit = 0
hw.busfrequency = 10300
hw.cpufrequency = 41200
hw.cachelinesize = 32
hw.l1icachesize = 16384
hw.l1dcachesize = 16384
hw.l2settings = 0
hw.l2cachesize = 0
hw.tbfrequency = 600
hw.memsize = 121634816
hw.availcpu = 1
user.cs_path = /usr/bin:/bin:/usr/sbin:/sbin
user.bc_base_max = 99
user.bc_dim_max = 2048
user.bc_scale_max = 99
user.bc_string_max = 1000
user.coll_weights_max = 2
user.expr_nest_max = 32
user.line_max = 2048
user.re_dup_max = 255
user.posix2_version = 200112
user.posix2_c_bind = 0
user.posix2_c_dev = 0
user.posix2_char_term = 0
user.posix2_fort_dev = 0
user.posix2_fort_run = 0
user.posix2_localedef = 0
user.posix2_sw_dev = 0
user.posix2_upe = 0
user.stream_max = 20
user.tzname_max = 255
kern.ostype: Darwin
kern.osrelease: 10.0.0d3
kern.osrevision: 199506
kern.version: Darwin Kernel Version 10.0.0d3: Wed May 13 22:11:58 PDT
2009; root:xnu-1357.2.89~4/RELEASE_ARM_S5L8900X
kern.maxvnodes: 800
kern.maxproc: 52
kern.maxfiles: 12288
kern.argmax: 262144
kern.securelevel: 0
kern.hostname: KKroto
kern.hostid: 0
kern.clockrate: { hz = 100, tick = 1, tickadj = -1072182583, profhz
= 100, stathz = 100 }
kern.posix1version: 200112
kern.ngroups: 16
kern.job_control: 1
kern.saved_ids: 1
kern.boottime: { sec = 1253287978, usec = 0 } Fri Sep 18 09:32:58 2009
kern.nisdomainname:
kern.maxfilesperproc: 10240
kern.maxprocperuid: 26
kern.ipc.maxsockbuf: 8388608
kern.ipc.sockbuf_waste_factor: 8
kern.ipc.somaxconn: 128
kern.ipc.nmbclusters: 3455
kern.ipc.soqlimitcompat: 1
kern.ipc.mb_normalized: 0
kern.ipc.sosendminchain: 16384
kern.ipc.sorecvmincopy: 16384
kern.ipc.sosendjcl: 1
kern.ipc.sosendjcl_ignore_capab: 0
kern.ipc.maxsockets: 128
kern.ipc.sbspace_factor: 8
kern.ipc.njcl: 0
kern.ipc.njclbytes: 0
kern.ipc.soqlencomp: 0
kern.dummy: 0
kern.usrstack: 805306368
kern.aiomax: 10
kern.aioprocmax: 4
kern.aiothreads: 2
kern.corefile: /cores/core.%P
kern.delayterm: 0
kern.shreg_private: 0
kern.posix.sem.max: 1
kern.usrstack64:
kern.tfp.policy: 2kern.procname:
kern.speculative_reads_disabled: 0
kern.osversion: 7A341
kern.safeboot: 0
kern.lctx.last: 1
kern.lctx.count: 0
kern.lctx.max: 8192
kern.rage_vnode: 0
kern.tty.ptmx_max: 127
kern.sleeptime: { sec = 0, usec = 0 } Wed Dec 31 18:00:00 1969
kern.waketime: { sec = 0, usec = 0 } Wed Dec 31 18:00:00 1969
kern.willshutdown: 0
kern.hibernatefile:
kern.bootsignature:
kern.hibernatemode: 0
kern.monotonicclock: 1253319276
kern.nbuf: 552
kern.maxnbuf: 552
kern.flush_cache_on_write: 0
kern.sugid_scripts: 0
kern.bootargs:
kern.num_files: 203
kern.num_vnodes: 800
kern.num_tasks: 512
kern.num_threads: 1024
kern.num_taskthreads: 1024
kern.preheat_pages_max: 256
kern.preheat_pages_min: 8

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Michal escribis:
 ...you just kill-joyed that whole page. It's a stupid rant that's quite
funny
 if you like that humour and he is going on the first version of the iphone,
 non-jailbreak, (you cant bring that into it by the way as he is taking both
 phones as-is) So please donbt suck the humour out of everything


HaHaHa...sorry...I wake up this morning without sense of humor



 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Alvaro Mantilla Gimenez
 Sent: 18 September 2009 17:04
 To: misc@openbsd.org
 Subject: Re: OT: Iphone with OpenBSD

 Jan Stary escribis:
  We will be trying to develop an entire suite of device
  drivers for undocumented hardware and then attempt to run
  a full-fledged operating system on it.

 Just hack away! After reading
 http://www.thebestpageintheuniverse.net/c.cgi?u=iphone
 of course.


 Compare the two phones is not the point here...this guy does not have
 any clue about what the iPhone is and probably he is using his Nokia to
 give pleasure himself through his ass.

 The site describes a normal iPhone. A Jailbroken iPhone with cydia and
 all the packages and cool stuff is a different beast. You can run perl,
 php, python, ruby, apache, svn, cvs, etc...you can manage your servers
 (the example that the guy is using against the iPhone) trough the
 Terminal application and connect with openssh, rdp or vnc...whatever you
 want.

 The keyboard comment...it is just valid for an English speaker...if you
 are from other language with more complex characters then you do less
 work because is more easy to select that characters and guest what? you
 do less taps and the end of the day.

 You can actually said: Hey, here is your small server for your small
 office...right here in my pocket !! You can use it as media server,
 web server, backup server Take a look to cydia and the repositories.

 It has support for MMS and Video recording (yes..cycorder), IM (too many
 clients...you already have problems to choose one because of that), vlc,
 mplayer, mxtube (In fact...I downloaded the slackathon conferences with
 that), SIP, VoIP and a lot of other cool stuff. You can, from long time
 ago, personalize your ringtones without iTunes...so...that site is just
 the opinion from one guy that does not know wtf he is talking about.

 The actual point of the post was to have an iPhone/iPod Touch running as
 small SECURE server.

 It is running a BSD OS already...but not secure. That's the point of all
 this post.

 Regards,


  Alvaro

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Lars Nooden escribis:
 Alvaro Mantilla Gimenez wrote:
 Joachim Schipper escribis:

 Actually, I think that's a rather low estimate. A lot of what people
 seem to like about the iPhone is the software: the hardware is neat and
 all, but not *that* different from other smartphones. Apple has spent a
 lot of money producing a really polished UI; duplicating that on OpenBSD
 would be an unpleasantly large amount of work.
 That is a very good point.

 Yet look at the FVWM-crystal theme to see how much *could* be done to
 customize even a simple window manager.  FVWM-crystal is for the desktop
 with more or less average screens.

 Regards
 -Lars

Very Nice: http://manualinux.my-place.us/imagenes/fvwm-crystal2.jpg

Re: OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Miod Vallat escribis:
 The iPhone is already using a BSD OS..so..is it possible that some of
 the drivers required are already functional?

 Check this:

 $ ssh r...@iphone | tee iphone.txt
 r...@iphone's password:
 [...]

 What, no dmesg?

 Miod

After I upgraded the Iphone to 3.01 I lost some of the Unix tools I had
installed.

dmesg just give me some partial information. Nothing valuable. I will
look for the unix tool missing and give you the dmesg output...

= CIPHER_PMK, flags = 0x2
AppleMRVL868x Joined AP:@ 0xc3374800, BSSID = 00:90:XX:XX:XX:XX,
rssi = -63, rate = 54 (100%), channel = 11, encryption = 0x8, ap = 1,
hidden = 0, directed = 0, failures =   0, age = 11, ssid[ 9] = 
AirPort: Link Up on en0
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 0, flags = 0x4
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 1, flags = 0x0
launchd[69] Builtin profile: apsd (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/America/Costa_Rica 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/icu/icudt40l.dat 13 (seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/America/Costa_Rica 13 (seatbelt)
apsd 69 FS_READ_DATA SBF /private/var/stash/share.APlLQm/zoneinfo/UTC 13
(seatbelt)
apsd 69 FS_READ_DATA SBF
/private/var/stash/share.APlLQm/zoneinfo/posixrules 13 (seatbelt)
launchd[103] Builtin profile: MobileSafari (seatbelt)
AppleMRVL868x::setCIPHER_KEY() [kernel_task]: type = CIPHER_AES_CCM,
index = 2, flags = 0x0

Re: OT: Old School Unix vs. Modern Day Support Professionals - was (Defending OpenBSD Performance)

[Alvaro Mantilla Gimenez]

+1+1+1+1+1+1+1+1

:-)

Brian Shackelford escribis:
 Correction, a professional OS that requires its users to be

 professionals.  Not a bunch of whining windows update people that

 have to call IT to launch excel.  In case you hadn't noticed we

 are old school UNIX users that don't mind fixing whatever problem is
 at hand.

 Including writing code or fixing a bug.  This is why in the olden

 days your IT department was worth something and wasn't a bunch of

 monkeys reading a script.


 It is exactly your attitude that has ruined the computer industry.




 You have an odd definition of professional, and the kind of attitude

 that sounds like you haven't actually worked in the computer industry
 in a while.

 Generally, the computer industry is about providing services to end

 users. And things like easy updates, specialisation of labour and all

 of that kind of stuff have made us an awful lot better at taht than
 'old school UNIX' ever was.



 You know it is interesting - having been in this industry for over 16
 years - to see the attitudes of so many professionals in the IT
 industry.  I make my living by fixing all the problems many of these
 so-called professionals cause when the work on things.  It is so very
 troubling to get phone calls from people that have been laid off from
 their IT job in some of the large corporations where they commanded
 huge salaries and now they have opened their own business and are
 calling us for support because they don't have a clue about what it
 takes to actually do the work.



 I almost believe that the perception in this industry is if you can
 pronounce server, workstation, network, switch, hard drive,
 and a few other highly technical (btw - the  should be read with
 sarcasm for you Microsoft folks out there) terms, that it is acceptable
 to call yourself an IT professional.  Fact of the matter is that I have
 become convinced that those that know how to actually TROUBLESHOOT
 problems are in the very small minority in this industry.



 Don't get me wrong - I am by no means complaining - for it is how I get
 paid.  I am just sick of so-called professionals with Master's Degrees
 in IT telling me that they are right and I am wrong because they think
 pushing a few buttons and having a degree makes them smarter than some
 of us that earned our experience.



 Old School Unix = People that KNOW what they are doing.  I work with
 Macs, PC's, Windows, Novell, Mac OS, Linux, Unix, Windows, DOS (Yes some
 customers still use this), THEOS (anyone else heard of that one???).   I
 have the certifications to prove my knowledge - but none of that means
 bupkiss if I can't fix a problem I have never seen before.  The strength
 of Old-School Unix folks is their resourcefulness in fixing the problems
 they are faced with - whether they have seen that specific problem or
 not - without having to whine to everyone that it just doesn't work.  If
 there is a problem -they fix it - sometimes that means writing code or
 hacking together a solution.  I can't begin to tell you how many times a
 client has a call into Microsoft and we fix the problem hours (if not
 days) before Microsoft calls back simply by actually troubleshooting and
 researching the problem.  Sometimes this means we actually (gasp) edit
 the registry.



 Now to bring this to the place of why this relates to OpenBSD.  I love
 OpenBSD, we have some installs that have been in place for several years
 and I never even think about them.  I lose sleep every night I go home
 when I think about all the Windows systems we manage, but I never even
 think about the OpenBSD boxes we have put in place.  Performance - well
 three years running with no patches and never a problem and never been
 compromised.  Let me see ANY other OS make that claim.  Microsoft Server
 - connect to internet - compromised within minutes (actually happened to
 a customer of ours...)



 Sorry for the long-winded post.  I am simply tired of reading whiny
 people complain about stuff they know nothing about.  If you don't like
 it, don't use it.  If you don't understand it, then don't use it - OR -
 (this might be earth shattering) take the time to LEARN to use it.
 There are lots of people here that will help when asked questions that
 show you have done your LEARNING BEFORE you ask.  And how much did it
 cost you..?



 That is my $1.87 worth - flame me - stone me - whatever if you must -
 but again it is just one man's opinion.



 Placing my Order today for the new set - that should take the US to at
 least 11 copies..:)

OT: Iphone with OpenBSD

[Alvaro Mantilla Gimenez]

Totally offtopic:

Reading the article posted on undeadly.org:
http://www.informit.com/articles/article.aspx?p=1393496

I was thinking it would be cool to have an Iphone running OpenBSD...

Imagine that: the most secure phone in the planet :-P

Regards,

  Alvaro

Re: Defending OpenBSD Performance

[Alvaro Mantilla Gimenez]

Marco Peereboom escribis:
 On Wed, Sep 16, 2009 at 05:47:08PM +0100, - Tethys wrote:
 On Wed, Sep 16, 2009 at 5:37 PM, Henning Brauer lists-open...@bsws.de
 wrote:

 Sounds like building from source is necessary to me.
 boo hoo. run one machine somewhere and make release. done.
 And that attitude is why OpenBSD will never be more than a hobby OS. Sigh.

 Correction, a professional OS that requires its users to be
 professionals.  Not a bunch of whining windows update people that have
 to call IT to launch excel.  In case you hadn't noticed we are old
 school UNIX users that don't mind fixing whatever problem is at hand.
 Including writing code or fixing a bug.  This is why in the olden days
 your IT department was worth something and wasn't a bunch of monkeys
 reading a script.

 It is exactly your attitude that has ruined the computer industry.

+1

Re: Kernel msg creating a ISO file from CD-ROM

[Alvaro Mantilla Gimenez]

I saw your post on the spanish list about this. There are some
information missing on this post for people here. The image that you
want to create is from a Wii dvd disk...right?.

If you are trying to create a copy of a Wii disc then you need to create
the .wod/.wii image (which is the raw image of the original disk and
probably you need to pass some special options to dd like notrunc...for
example) and then use an unscrambler program to decrypt that image and
get the iso file from there. Once you have that you can burn the iso
file as normal.

At this moment I don't know about an unscrambler program for OpenBSD.
Maybe somebody here can help with that, or maybe the people of the
wiiscene have any program/procedure already. You should ask them too
and, of course, share the answer with me after that ;-P

Cheers,

  Alvaro


Jesus Sanchez escribis:
 Robert escribis:
 On Mon, 07 Sep 2009 04:07:35 +0200
 Jesus Sanchez zexe...@gmail.com wrote:


 Josh Grosse escribis:

 On Mon, Sep 07, 2009 at 02:45:33AM +0200, Jesus Sanchez wrote:

 on 4.5 stable.

 I'm using a CD drive with no problem until I need to create an ISO
 file from a data CD-ROM for what I use this:

 # dd if=/dev/rcd0c bs=32k  image.iso

 A CD or DVD block is 2k, not 32k.

 You may find the readcd(1) tool included with cdrtools more helpful
 than dd(1) for reading optical discs.



 yep, tried with bs=2k and bs=4k and get same problem.


 and that is the intended behaviour of 'dd'. read the manpage.
 if the input ends unexpectedly (as it does in your case) you get info
 directed at std err - an error.


 yeah, I was going to post that the dd tries to overstep beyond the
 CD-ROM size
 and then reports error, but cdio cdrip also have problems with the end
 and
 report problems with the last track. Maybe it's a burning issue, i'm
 ussing exactly

 # cdrecord -v dev=/dev/rcd0c fs=32m file.iso

 this is also with DVDs? I'm trying also with DVDs and found that
 disklabel shows
 a 4.3 GB size of the DVD and dd stops before end ( about at 2.2-2.4 GB).

 I will try on another PC but I only have problems doing ISOs, so I
 discarded the
 hardware issue, maybe I was wrong.

Thinkpad SL500

[Alvaro Mantilla Gimenez]

Hi,

  Somebody is offering me a Lenovo Thinkpad SL500 (model: 1733385,
2746MJU). It would be nice to know about other users experience with
this model on OpenBSD.

Regards,


Alvaro

Re: OpenBSD 4.4: dnsbl just for port 25 (not msa 587)

[Alvaro Mantilla Gimenez]

Hi,

  I added the FEATURE(`delay_checks') in the .mc file, keep it the line
DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA
M=Ea')dnl and it seems everything is so far so good. I take note about the
file on /usr/share/doc/smm/08.sendmailop too.

  Thanks so much both of you.  

  Alvaro


On Tue, 23 Jun 2009 07:33:15 -0700, Philip Guenther guent...@gmail.com
wrote:
 On Mon, Jun 22, 2009 at 9:59 PM, Dan Harnettdan...@harnett.name wrote:
 On Mon, Jun 22, 2009 at 07:19:09PM -0600, Alvaro Mantilla Gimenez wrote:

According to the /usr/share/sendmail/README file, it is necessary to
 add the a modifier to the line that define the MSA: Additionally, by
 using the M=a modifier you can require authentication before messages
 are accepted by the MSA

 Actually, 'a' will only advertise that SMTP AUTH is available, it does
 not require it.  You want to use 'l' to enforce it.

  DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA,
 M=El')dnl

 This won't even allow mail to local recipients without authentication
 first.
 
 Hmm, this seems to not match the documentation in
 /usr/share/doc/smm/08.sendmailop: the meaning you give for the 'a' and
 'l' flags are correct for the srv_features ruleset, but not for the
 DaemonPortOptions option.
 
 
 ...
 Authenticated users will skip the DNSBL checks if you use
 FEATURE(`delay_checks') in your .mc file.
 
 This is the easiest way to accomplish the original poster's goal, yes.
 
 
 Philip Guenther

OpenBSD 4.4: dnsbl just for port 25 (not msa 587)

[Alvaro Mantilla Gimenez]

Hello,

   Is there any way to apply dnsbl feature just on port 25 on the
default openbsd sendmail configuration and do not apply that on port 587
(just auth smtp)?

   I googled it looking for answers but it seems people disabled dnsbl
feature on sendmail and used it with spamassasin (which is not an option
for me).

   Any advice?


   Thanks,


  Alvaro

Re: OpenBSD 4.4: dnsbl just for port 25 (not msa 587)

[Alvaro Mantilla Gimenez]

Hi,

  The openbsd-proto.mc file has these lines:

  FEATURE(`no_default_msa')dnl
  DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Name=MTA')dnl
  DAEMON_OPTIONS(`Family=inet6, Address=::, Name=MTA6, M=O')dnl
  DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl
   DAEMON_OPTIONS(`Family=inet6, Address=::, Port=587, Name=MSA6, M=O,
M=E')dnl

   According to the /usr/share/sendmail/README file, it is necessary to
add the a modifier to the line that define the MSA: Additionally, by
using the M=a modifier you can require authentication before messages
are accepted by the MSA

   If I understood well the line:

DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=E')dnl

   would be:

DAEMON_OPTIONS(`Family=inet, Address=0.0.0.0, Port=587, Name=MSA, M=Ea')dnl

   and then the smtp auth must work on port 587.

  Why the original line (without the a modifier) port 587 requires
authentication as well?. Is it implicit in other place? I already
checked several times the send process with/without the a modifier and
 I needed the authentication in both cases all the times to be able to
send an email trough the 587 port.

  My question is because, as I said in my previous email, I want to
separate the dnsbl verification just for port 25 and let the clients to
authenticate and send the email on port 587 without pass trough the
dnsbl lists verifications (as is defined by the line FEATURE(`dnsbl',
`zen.spamhaus.org' that I added to openbsd-proto.mc).

  I just add the a modifier and I noticed a little delay when the
client software (thunderbird on this case) do the authentication process
for send the email. My problem is that I have users that connect to the
server with dynamic IP addresses and they are rejected after the
authentication process because the IP is on the PBL list with this message:

  This IP range has been identified by Spamhaus as not meeting our
policy for IPs which should deliver 'direct-to-mx' mail to PBL users. 

 Spamhouse said that the only thing I need to avoid that error is to
have SMTP AUTH enable on the server on port 587 (which I already have as
my previous question about the lines on openbsd-proto.mc).

  Can I assume that the MSA configuration (with the a modifier) will
authenticate the user and let him send the email without pass trough the
PBL verification, just doing the authentication process? In case my
assumption  is not correct...is there any way to separate that without
to run another sendmail process (with a separate configuration) on port
587? Sadly I can test it myself because my IP does not appear on PBL
lists and my users will connect during my sleep time (I am 8 hours behind).

  Some light here will be appreciate.

  Regards

  Alvaro

Alvaro Mantilla Gimenez wrote:
 Hello,
 
Is there any way to apply dnsbl feature just on port 25 on the
 default openbsd sendmail configuration and do not apply that on port 587
 (just auth smtp)?
 
I googled it looking for answers but it seems people disabled dnsbl
 feature on sendmail and used it with spamassasin (which is not an option
 for me).
 
Any advice?
 
 
Thanks,
 
 
   Alvaro

Acer Aspire One freeze with Atheros AR5424 on OpenBSD 4.5

[Alvaro Mantilla Gimenez]

Hello,

  I send this messages to b...@openbsd.org a few days ago. I don't know if
this is the all the information the developers need. Anyway I would like to
create this thread just for search purposes...may be there is more people
with the same problem. I found a previous thread about this but it seems
nobody talk about the channel problem.

Regards,

 Original Message 
Subject: Acer Aspire One freeze with Atheros AR5424 on OpenBSD 4.5
Date: Thu, 12 Mar 2009 14:48:59 -0600
From: Alvaro Mantilla Gimenez alv...@dydneworks.com
To: b...@openbsd.org

Hello,

  1) Steps to recreate the issue:

 /sbin/ifconfig ath0 scan


  2) Dmesg of the computer:

   OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80clock_battery
cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 
1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR
real mem  = 1060163584 (1011MB)
avail mem = 1016815616 (969MB)
RTC BIOS diagnostic error 80clock_battery
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/06/08, SMBIOS rev. 2.4 @ 
0xe9180 (32 entries)
bios0: vendor Acer version v0.3308 date 10/06/2008
bios0: Acer AOA150
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT HPET APIC MCFG ASF! SLIC BOOT
acpi0: wakeup devices P32_(S4) UHC1(S3) UHC2(S3) UHC3(S3) UHC4(S3) 
ECHI(S3) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) AZAL(S0) MODM(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (P32_)
acpiprt2 at acpi0: bus 1 (EXP1)
acpiprt3 at acpi0: bus 2 (EXP2)
acpiprt4 at acpi0: bus 3 (EXP3)
acpiprt5 at acpi0: bus 4 (EXP4)
acpiec0 at acpi0
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xec00!
cpu0: unknown Enhanced SpeedStep CPU, msr 0x060f0c2006000c20
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1600 MHz (1212 mV): speeds: 1600, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0x4000, size 0x1000
inteldrm0 at vga1: apic 4 int 16 (irq 11)
drm0 at inteldrm0
Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: 
apic 4 int 16 (irq 11)
azalia0: codecs: Realtek ALC268
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 4 int 
16 (irq 255)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 4 int 
17 (irq 255)
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102EL 
(0x2480), apic 4 int 17 (irq 11), address 00:23:8b:50:c0:3e
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb2 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 4 int 
18 (irq 255)
pci3 at ppb2 bus 3
ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 4 int 18 
(irq 11)
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR5_ETSIC, address 00:24:2b:02:32:05
ppb3 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 4 int 
19 (irq 255)
pci4 at ppb3 bus 4
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 4 int 
16 (irq 11)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 4 int 
17 (irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 4 int 
18 (irq 11)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 4 int 
19 (irq 11)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 4 int 
16 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci5 at ppb4 bus 5
ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM 
disabled
pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: ST9160310AS
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x02: apic 4 
int 17 (irq 11)
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 512MB DDR2

Re: OpenBSD hosting

[Alvaro Mantilla Gimenez]

Hi,

  Hetzner.de is pretty good too. They let you install OpenBSD in a
dedicated server trough LARA console. Their support is really good and they
have the better prices I found for a dedicated servers.

  Check it:
http://www.hetzner.de/hosting/produktmatrix/en-rootserver-produktmatrix/

  Regards,

Alvaro


On Mon, 23 Feb 2009 02:08:13 +0100, Michiel van Baak mich...@vanbaak.info
wrote:
 On 19:59, Sun 22 Feb 09, jmc wrote:
 --- Friedrich Locke [Sun, Feb 22, 2009 at 06:54:34PM -0300]: --- 
  Dear gentleman,
  
  i am searching for web hosting service that :
  
  supports java,
  support MySQL
  allow me shell account access for software development with access to
 MySQL.
  allow ssh/sftp access.
  and runs OpenBSD at least for the shell services.
  allow me to host dns for my domain.
  
  Is anybody aware of a such hosting services...
 
 check out m5hosting.com. i think there are shared hosting options, but
 for a reasonable amount of money, you can have your own dedicated host
 to run OpenBSD and do as you see fit, within reason.
 
 can't say enough good things about the folks at m5hosting. i'm a
 satisified customer only; i have no interest in the company.
 
 easyspeedy.com is also pretty ok.
 I dont know how their routes to the USA are but within europe they
 perform really good and their prices are nice as well.
 
 The only thing you cannot do there is host an irc server, but besides
 that, as long as it's legal, you can do whatever you want.
 They offer a nice set of operating systems.
 
 Like jmc I'm just a customer, no interest in the company or any of it's
 partners/suppliers.
 We have a couple of ES3010 boxen and are really happy with them.

IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

[Alvaro Mantilla Gimenez]

Hi,

  I have installed one OpenBSD 4.4 server with 258 IPs in hostname.em0 file
but it seems not all the IPs are working.
  The server is running the GENERIC kernel.

  The content of the hostname.em0 is as follow (I am going to omit the real
IPs intentionally):

 inet IP MASK NONE
 inet alias IP MASK

  If I run ifconfig command I can see the all IPs are assigned to the
interface as expected:

 # ifconfig em0 | grep inet | wc 
  2591554   16203

  It shows 258 inet addresses + 1 inet6 address (which is not in use).

  The main idea of this server is to run a DNS service and Apache virtual
host for each IP for a total of 233 virtual hosts.
  At this moment I have 21 sites down because, for some reason, some of the
IP defined are not responding.
  At the beginning I though it was an Apache issue but I realized that the
DNS isn't working on that IPs either.
  If I run ping command from inside the server then some IPs answer and
some others not.
  Is there any place into the source code where I can set the max IP
address for the system? In that case: which is the maximum limit to reach?
why?

  BTW...the server is showing the uvm_mapent_alloc: out of static map
entries message too.

  Any help will be appreciated.

  Regards,


  Alvaro

Re: IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

[Alvaro Mantilla Gimenez]

Hi Jason,

 There is no way for us to possibly troubleshoot your issue with the
 information you've provided.  Show us the output of:
 
 # head /etc/hostname.em0
 # ifconfig em0 | tail
 

As I said in my previous email, I am going to change some octets of the
output in order to maintain the privacy of the company which use the
server: 

# head /etc/hostname.em0
inet 69.31.124.136 255.255.255.248 NONE 
inet alias 69.31.124.137 255.255.255.248
inet alias 69.31.127.40 255.255.255.255
inet alias 69.31.127.41 255.255.255.255
inet alias 69.31.127.42 255.255.255.255
inet alias 69.31.127.43 255.255.255.255
inet alias 88.93.120.92 255.255.255.255
inet alias 88.93.120.93 255.255.255.255
inet alias 88.93.120.94 255.255.255.255
inet alias 88.93.120.95 255.255.255.255


# ifconfig em0 | tail
inet 69.31.186.182 netmask 0x broadcast 69.31.186.182
inet 69.31.186.183 netmask 0x broadcast 69.31.186.183
inet 69.31.187.156 netmask 0x broadcast 69.31.187.156
inet 69.31.187.157 netmask 0x broadcast 69.31.187.157
inet 69.31.187.158 netmask 0x broadcast 69.31.187.158
inet 69.31.187.159 netmask 0x broadcast 69.31.187.159
inet 69.31.187.180 netmask 0x broadcast 69.31.187.180
inet 69.31.187.181 netmask 0x broadcast 69.31.187.181
inet 69.31.187.182 netmask 0x broadcast 69.31.187.182
inet 69.31.187.183 netmask 0x broadcast 69.31.187.183

Regards,

 Alvaro

Re: IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

[Alvaro Mantilla Gimenez]

Hi Jason,

 
 Your netmasks look wrong.  The 2nd line should be a /32 since you've
 already defined the network on there.  The others I can see are all /32
 when at least one of them should be (and might be, but truncated from my
 view) larger to suggest a gateway of some sort.  I don't know how your
 routing is done, so it's possible I'm not seeing the whole picture.
 
 In short, I suspect your netmasks are wrong.  But since you can't give
 us all the information I can only give you my best guess.
 


That data was configured on that server by the DC. It seems they are
mapping all the addresses in the router to the main IP.

Maybe you are right and it is a route problem. I am going to call the DC
asking for their configuration.

Anyways, the question is still valid: how many IP aliases we can reach in
an OpenBSD system? which is the limit?

Regards,


   Alvaro

Re: IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

[Alvaro Mantilla Gimenez]

Hi,

  I just answered Jason in the meantime this email arrive to my inbox. The
data of the mask was entered by the DC. I was wear for me too when I saw
the /32 but..as you point in your message...the man (5) of hostname.if
saids:

   A typical file contains only one line, but more extensive files are
pos-
 sible, for example:

  inet 10.0.1.12 255.255.255.0 10.0.1.255 media 100baseTX description
Uplink
  inet alias 10.0.1.13 255.255.255.255 10.0.1.13
  inet alias 10.0.1.14 255.255.255.255 NONE
  inet alias 10.0.1.15 255.255.255.255
  inet alias 10.0.1.16 0x 

  Which looks to me like the configuration on the server.

 Regards,

Alvaro

On Wed, 18 Feb 2009 20:30:53 -0500, Daniel Ouellet dan...@presscom.net
wrote:
 Alvaro Mantilla Gimenez wrote:
 # head /etc/hostname.em0
 inet 69.31.124.136 255.255.255.248 NONE 
 inet alias 69.31.124.137 255.255.255.248
 
 For a start, shouldn't this one be
 
   inet alias 69.31.124.137 255.255.255.255
 ^^^
 As explain in the man 5 hostname.if
 
 Daniel

Re: php+apache+mysql on 4.4

[Alvaro Mantilla Gimenez]

Hi, maybe you can consider another approach:

1) Edit the Makefile on /usr/ports/databases/mysql
$ cat Makefile | grep SOCKET_DIR
SOCKET_DIR= /var/www/mysql

2) Reinstall mysql and run.

3) $ ps aux | grep mysql
_mysql   12420  0.0  3.5 294488 71576 ??  S  5:00PM0:00.72
/usr/local/libexec/mysqld --basedir=/usr/local --datadir=/var/mysql
--user=_mysql --pid-file=/var/mysql/namor.nodomain.nowhere.pid --port=3306
--socket=/var/www/mysql/mysql.sock

It should work as usual...

Regards,

  Alvaro

2008/11/27 Gustavo Polillo [EMAIL PROTECTED]

 my system is ok but in every reboot I need to reconfigure the mysql socket:

 ln -f /var/run/mysql/mysql.sock  /var/www/var/run/mysql/

 any tip?

 thanks,  Gustavo Polillo.

Re: php+apache+mysql on 4.4

[Alvaro Mantilla Gimenez]

Hi Stuart,

Two reasons:

 1) You are right. I can edit that directly on /etc/my.cnf but (if I
remember well) I need to edit two lines on that file. One for the server and
another one for the client. My step do both directly during the installation
process.

 2) Porno geek. I like to see the cool compilation lines on the screen.
It is my personal choice. Don't we have the ports collection for that too?
:-P Seriously, I use packages very few timesand for a good reason (i.e.
not enough time to install the computer/server) and I prefer to compile the
ports.

Anyways, I think most people do that change to have the opportunity to
access MySQL socket from the standard Apache chrooted
directorysojust a proposal: maybe it would be good to have a flavor
for the default MySQL  server installation...something like:  env
FLAVOR=apache_chroot.

Don't you think?

  Regards,

   Alvaro

2008/11/27 Stuart Henderson [EMAIL PROTECTED]

 On 2008-11-27, Alvaro Mantilla Gimenez [EMAIL PROTECTED]
 wrote:
  Hi, maybe you can consider another approach:
 
  1) Edit the Makefile on /usr/ports/databases/mysql
  $ cat Makefile | grep SOCKET_DIR
  SOCKET_DIR= /var/www/mysql

 Why would you not want to use packages?
 Especially when you can do this by editing my.cnf.

  ln -f /var/run/mysql/mysql.sock  /var/www/var/run/mysql/

 /var/run is cleaned at boot.

Re: atheros 5424 wireless chipset

[Alvaro Mantilla Gimenez]

2008/11/20 Aaron W. Hsu [EMAIL PROTECTED]

 On Thu, 20 Nov 2008 20:14:32 -0500
 Aaron W. Hsu [EMAIL PROTECTED] wrote:

  On Thu, 20 Nov 2008 13:46:08 -0800 (PST)
  jimerickso [EMAIL PROTECTED] wrote:
 
   does openbsd current have support for the atheros 5424 wireless
 chipset?
 
  I currently have a Macbook Pro with an Atheros AR5424 chip, and it
  works pretty well.
 
  ath0 at pci3 dev 0 function 0 Atheros AR5424 rev 0x01: apic 1 int 17
 (irq 11)
  ath0: AR5424 10.3 phy 6.1 rf 10.2, WOR5_ETSIC, address 00:17:f2:50:dd:64

 I should have mentioned that I am running -Current, but I thought that
 this was already in 4.4.

 --
 Aaron W. Hsu [EMAIL PROTECTED] | http://www.sacrideo.us
 Government is the great fiction, through which everybody endeavors to
 live at the expense of everybody else. -- Frederic Bastiat
 +++ ((lambda (x) (x x)) (lambda (x) (x x))) ++




Uh, curious. I have the same chipset and I am running 4.4-stable. Every
time I configure the device with an IP the computer hangs.

$ cat /var/log/messages | grep ath
Nov 20 17:00:50 kaiser /bsd: ath0 at pci4 dev 0 function 0 Atheros AR5424
rev 0x01: apic 2 int 18 (irq 11)
Nov 20 17:00:50 kaiser /bsd: ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR5_ETSIC,
address 00:22:69:04:28:6c

Why is it working for you?

Regards,

  Alvaro

Re: Multiple ssl servers on one external IP by using internal addresses?

[Alvaro Mantilla Gimenez]

El 08/11/2008, a las 10:10 a.m., Chris Miller
[EMAIL PROTECTED] escribiC3:


 I don't think Apache has support for virtual hosts under SSL.
Everything I have seen assumes there is one IP address per SSL host.




Yes. It has. One SSL certificate per port.


Regards,

Alvaro

acpitz0: _AL1[0] not a object ref

[Alvaro Mantilla Gimenez]

Hi,

   I just installed the 4.4-release on my Laptop and I am receiving this
error message. The message does not stop.

   I  am looking on the net and I've found this thread about this problem:
https://kerneltrap.org/mailarchive/openbsd-misc/2008/9/22/3371364/thread

   I know the 4.4 it is not officially release yet but I just want to know
if this problem will be corrected on 4.4-stable or I have to install
-current on my laptop.

   Regards,


Alvaro

OpenBSD 4.3 arrives to Costa Rica !!

[Alvaro Mantilla Gimenez]

Hi folks,


 My copy of OpenBSD arrived this morning to my hands. Very nice !! I
had a lot of fun reading the story.

 Good Work guys !!


 Warm Regards,


Alvaro

OpenBSD 4.2 on imac

[Alvaro Mantilla Gimenez]

Hi folks,


   I have installed the OpenBSD 4.2 on imac but i can't configure X.
Everytime i try to run X the monitor goes to black and i can't see the
console either. The system respond commands from ssh and local keyboard
(i can reboot the system with reboot command even if i don't see what
i am typing). I check the X configuration and it seems to be fine. I
attached the dmesg, xorg.conf and Xorg.0.log output below:


OpenBSD 4.2 (GENERIC) #1517: Tue Aug 28 10:42:20 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/macppc/compile/GENERIC
real mem = 134217728 (128MB)
avail mem = 117678080 (112MB)
mainbus0 at root: model PowerMac2,2
cpu0 at mainbus0: 750 (Revision 0x3202): 350 MHz: 512KB backside cache
memc0 at mainbus0: uni-n
kiic0 at memc0 offset 0xf8001000
iic0 at kiic0
mpcpcibr0 at mainbus0 pci: uni-north, Revision 0xff
pci0 at mpcpcibr0 bus 0
pchb0 at pci0 dev 11 function 0 Apple Uni-N AGP rev 0x00
vgafb0 at pci0 dev 16 function 0 ATI Rage 128 PK rev 0x00, mmio
wsdisplay0 at vgafb0 mux 1: console (std, vt100 emulation)
mpcpcibr1 at mainbus0 pci: uni-north, Revision 0x0
pci1 at mpcpcibr1 bus 0
pchb1 at pci1 dev 11 function 0 Apple Uni-N rev 0x00
macobio0 at pci1 dev 23 function 0 Apple Keylargo rev 0x03
openpic0 at macobio0 offset 0x4: version 0x4614 little endian
macgpio0 at macobio0 offset 0x50
macgpio1 at macgpio0 irq 47
programmer-switch at macgpio0 not configured
escc-legacy at macobio0 offset 0x12000 not configured
zsc0 at macobio0 offset 0x13000: irq 22,50
zstty0 at zsc0 channel 0
zstty1 at zsc0 channel 1
awacs0 at macobio0 offset 0x14000: irq 24,9,10 speaker
audio0 at awacs0
timer at macobio0 offset 0x15000 not configured
adb0 at macobio0 offset 0x16000 irq 25: via-pmu, 0 targets
apm0 at adb0: battery flags 0x1, 0% charged
kiic1 at macobio0 offset 0x18000
iic1 at kiic1
wdc0 at macobio0 offset 0x1f000 irq 19: DMA
wd0 at wdc0 channel 0 drive 0: QUANTUM FIREBALLlct15 07
wd0: 16-sector PIO, LBA, 7162MB, 14668290 sectors
atapiscsi0 at wdc0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: LG, CD-ROM CRN-8242B, LASC SCSI0 5/cdrom
removable
wd0(wdc0:0:0): using PIO mode 4, DMA mode 2
cd0(wdc0:0:1): using PIO mode 4, DMA mode 2
wdc1 at macobio0 offset 0x2 irq 20: DMA
wdc2 at macobio0 offset 0x21000 irq 21: DMA
ohci0 at pci1 dev 24 function 0 Apple USB rev 0x00: irq 27, version 1.0
ohci1 at pci1 dev 25 function 0 Apple USB rev 0x00: irq 28, version 1.0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0: Apple OHCI root hub, rev 1.00/1.00, addr 1
usb1 at ohci1: USB revision 1.0
uhub1 at usb1: Apple OHCI root hub, rev 1.00/1.00, addr 1
mpcpcibr2 at mainbus0 pci: uni-north, Revision 0x16
pci2 at mpcpcibr2 bus 0
pchb2 at pci2 dev 11 function 0 Apple Uni-N Eth rev 0x00
gem0 at pci2 dev 15 function 0 Apple Uni-N GMAC rev 0x01: irq 41,
address 00:30:65:ec:07:2a
bmtphy0 at gem0 phy 0: BCM5201 10/100 PHY, rev. 2
uhub2 at uhub0 port 1: Mitsumi Electric Hub in Apple Extended USB
Keyboard, rev 1.10/1.22, addr 2
uhidev0 at uhub2 port 1 configuration 1 interface 0
uhidev0: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/1.22,
addr 3, iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes, country code 13
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub2 port 1 configuration 1 interface 1
uhidev1: Mitsumi Electric Apple Extended USB Keyboard, rev 1.10/1.22,
addr 3, iclass 3/0
uhidev1: 3 report ids
uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 3: input=3, output=0, feature=0
bootpath: /[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL PROTECTED]/[EMAIL 
PROTECTED]:/bsd
root on wd0a swap on wd0b dump on wd0b

- end dmesg --


$  cat
/etc/X11/xorg.conf  
 

# File generated by xorgconfig.

#
# Copyright 2004 The X.Org Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the Software),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL
# The X.Org Foundation BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF
# OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# Except as contained in this notice, the name of The X.Org Foundation shall
# not be used in 

crypto.html

[Alvaro Mantilla Gimenez]

Hi folks,


I would like to know if the www.openbsd.org/crypto.html is
currently update with the last crypto capabilities of 4.2 release.


 Best Regards,


   Alvaro

Re: BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

Hi,

  You are right...there is two unofficial projects for OpenBSD but none
of both seems to work, and there is a little information about how to do
it work.

Thanks for your response. I appreciate that.

Best Regards,


 Alvaro

Tasmanian Devil wrote:
 Hello!
 
   I just want to know if somebody has running any Boinc client on
 OpenBSD.
 
 Looks like there are also a few unofficial, working ports for OpenBSD:
 http://boinc.berkeley.edu/trac/wiki/DownloadOther
 
 Maybe I'll try it myself if this project is useful, I'll read their
 webpage later. So far I run the distributed.net client on OpenBSD
 boxes, which works similar, though not because the distributed.net
 project is so useful in my opinion, but just to generate 100% CPU load
 (which prevents a possible attack on another software I run). Boinc
 could do the same for me.
 
 Tas.

Re: BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

Hi,

   They (Boinc) have a source code of the client if you want to make
your own Unix client but...for some reason it does not compile. Before
do a simple configure, it is necessary to run an _autosetup program that
insist to not recognize the tools that are in the system. I am not a
developer and, honestly, i was stuck yesterday on that part. Like i
said, maybe the bad news confuse my head a lot

Thanks for your response, i appreciate it.


Best Regards,

 Alvaro

Pierre Riteau wrote:
 On Dec 18, 2007 8:17 AM, Tasmanian Devil [EMAIL PROTECTED] wrote:
 Hello!

   I just want to know if somebody has running any Boinc client on
 OpenBSD.
 
 But that's only the client, then each project provides binaries, and
 often no binaries for OpenBSD.
From a quick google search, I find only Seti and SIMAP providing
 OpenBSD binaries.
 
 You can probably use Linux emulation to get it running. But maybe you
 will have to make it believe it is a Linux system to get it to
 download the Linux binaries.

Re: BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

Thanks, i'll check it. Yesterday i was reading something about this
project too but it seems the studies they are doing are about proteins
for other diseases. Probably with the bad news on my head i didn't read
enough.

I'll try it and i let you know.

Thanks so much,


  Alvaro

M. Niebergall wrote:
 Alvaro Mantilla Gimenez wrote:
   I just want to know if somebody has running any Boinc client on
 OpenBSD. I have special interest on this because i have a person near to
 me (my mother) that has Alzheimer in a very early state. There is a
 project ([EMAIL PROTECTED] ) which is using this client to analyze proteins
 to find a cure to this disease.
 
 I'm running [EMAIL PROTECTED] for quite a while and setting it up was quite
 easy.  They don't use BOINC but have their own client software.  From
 the websites it seams to me that they are doing about the same thing as
 the [EMAIL PROTECTED] project.
 
 The linux client works well with emulation and there even is an OpenBSD
 entry in their FAQ [1] (but it seams a bit outdated).  They're talking
 about a -freeBSD command line switch to brand the binaries, but the
 latest client also has -openBSD so I think you don't need that
 brandelf script anymore.
 
 There's an OpenBSD team if you want to join -- the team number is 12301.
 
 [1] http://folding.stanford.edu/English/FAQ#ntoc40
 
 -- 
 Martin

Re: BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

Tasmanian Devil wrote:
 
 And back on topic: I just tried the [EMAIL PROTECTED] client version
 5.04beta on -current, works fine here with redhat_base installed and
 started with the -openBSD option.
 
 Tas.

Thanks so much for the info...right now i am doing fresh installations
on my 4 computers to run [EMAIL PROTECTED] with OpenBSD.

Maybe it is a silly question but: Is it possible to configure the 4
computers like a cluster and then have one process of [EMAIL PROTECTED]
running on the cluster??

And there is some hope on that project:

October 2005: [EMAIL PROTECTED] researchers Vishal Vaidyanathan and Nick
Kelley win the best talk award at BCATS 2005 for Alzheimer's Disease
work. BCATS is Stanford's symposium on Biomedical simulation. Vishal and
Nick presented their work on simulations of Alzhemier's Disease (AD).
These results will soon be submitted for peer reviewed publication and
represent a significant advance in the simulation of protein aggregation
at the heart of AD. This is the third best talk award at BCATS for
[EMAIL PROTECTED] Another member of the team, Chris Snow, won an award at
BCATS for his poster on the ribosome as well.

Thanks so much,


   Alvaro

Re: BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

M. Niebergall wrote:
 I'm running [EMAIL PROTECTED] for quite a while and setting it up was quite
 easy.  They don't use BOINC but have their own client software.  From
 the websites it seams to me that they are doing about the same thing as
 the [EMAIL PROTECTED] project.
  
 There's an OpenBSD team if you want to join -- the team number is 12301.
 
 [1] http://folding.stanford.edu/English/FAQ#ntoc40
 
 -- 
 Martin

Thanks so much. I have this project running right now.

Thanks to allreally, i appreciate that so much.

Warm Regards,


   Alvaro

BOINC software on OpenBSD

[Alvaro Mantilla Gimenez]

Hi,

  I just want to know if somebody has running any Boinc client on
OpenBSD. I have special interest on this because i have a person near to
me (my mother) that has Alzheimer in a very early state. There is a
project ([EMAIL PROTECTED] ) which is using this client to analyze proteins
to find a cure to this disease. I have 4 computers doing nothing in my
home and i want to use them on this 24x7. So please, if somebody can
help me with this i would appreciate so much.

Best Regards to all,


   Alvaro

Re: Best way to automate administration of multiple servers

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Douglas A. Tutty wrote:
 On 14/11/2007, Mikel Lindsaar [EMAIL PROTECTED] wrote:
 Hello all,
 I want to automate handling them as much as possible and would like
 some list suggestions on reading materials, software, or web howtos.
 
 Just my idea (never had more than 3 boxes at once):
 
 On my main box, I'd have a separate copy of /etc and other files for
 each class of box, where a class is a group of boxes with the same
 configs.  Perhaps each of your boxes are different so the class concept
 is irrelevant.  To change a box's config, I'd change these files in the
 normal way, then use rsync (via ssh) to update the altered boxes.
 
 To run a command-line command on a group of boxes, I'd likely write a
 script that took the command line and a class of machines on which to
 run it.  The script would send back any error messages recevied and from
 which box it was received.  This script would be useful for making
 changes other than to individual files, e.g. deleting files (more
 direct than relying on rsync --delete), or chmod/chown.
 
 Unless all the boxes are using the same OS, I'd probably write a script
 for handling adding and removing users and groups (since each OS does it
 slightly differently).
 
 Then again, this is probably reinventing the wheel.
 
 Doug.

Too much work. Use cfengine. It is on ports.

Regards,


Alvaro
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHTNbxh0VmNM2kfikRAsugAJ9hsbhF+aanFn2bJ6sKop/oHr8X2wCePR1z
NtJq74d4/a0cP7IvwhR5nbA=
=aDn5
-END PGP SIGNATURE-

Re: Mysterious transfer speed differences

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Stuart Henderson wrote:
 On 2007/11/07 23:00, Martin Toft wrote:
 I used the default window size of 16k, but in the future I'll certainly
 choose something greater:
 
 people accessing systems with 'pass from any os OpenBSD to port ssh'
 might like to note that this changes your OS fingerprint.

Probably is a silly question but...why the default window size is 16k?

Regards,


   Alvaro
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMjwYaLlBJyo5Ih8RAua5AJ4g6oFXNgxXocqkf7Yq+1eUsEOdFgCfXbOK
Agh4Q6JL+hCohF5AenLCpfk=
=QmMl
-END PGP SIGNATURE-

Re: Regenerating damaged /etc

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Bryan Irvine wrote:
 On 11/6/07, Karel Kulhavy [EMAIL PROTECTED] wrote:
 During upgrading between 4.1 and 4.2 I accidentally typed rm -rf /etc instead
 of rm -rf etc in the /tmp directory.

 After fixing couple of vital things I continued normally with the upgrade,
 unpacking the etc42.tgz and xetc42.tgz and reinstalling couple of programs
 so that their /etc/ files are regenerated. I also did the post-installation
 stuff from the Installing 4.2 chapters.

 I got an idea that I could run the install process and somehow skip the 
 initial
 part but it always told me it's going to destroy all data on the disk and 
 then
 I said no and it returned into the shell.

 Is there some way how I can re-generate the missing /etc files? I guess the
 permissions matter for security and some files are probably machine 
 generated.
 
 Yeah it's easy to fix.
 
 tar xvfz TheBackupYouMadeBeforeTheUpgrade.tgz -C /

What kind of answer is that? This guy is looking for help and you answer
 a total stupid sentence. Go and fuck yourself. Idiot !! Stupid !!!
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHMPvVaLlBJyo5Ih8RArIdAJ4kgdh+CilcbB6Gku/+VxmIkHwdsACgp/VI
DDjym5Wf/LM/d9EeKAB8aFQ=
=pSAl
-END PGP SIGNATURE-

Re: HD access problems and Audio sounds too fast: (was Re: Keyboard/Mouse problem OpenBSD 4.2)

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alexandre Ratchov wrote:
 On Thu, Oct 25, 2007 at 08:08:46AM -0600, Alvaro Mantilla Gimenez wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Hi,

   I have a HP Pavilion dv8000 too and, after install 4.2, i go back to
 4.1. The audio on vlc, xine, xmms sounds too fast and cut from time to
 time (5-6 sec intervals)even playing internet radioand the HD
 access sucks. For example: i spent more than 15 minutes doing tar xvzf
 ports.tar.gz. All this with the GENERIC kernel out of the box. Do you
 experiment the same problems? I tried enable acpi toosame result.
 On 4.1 everything works as expected (except xmms that sounds too fast too).

 
 could you post your 'dmesg' and the output of 
 'audioctl -f /dev/audio0 -a' (assuming audio0 is your audio device)
 
 -- Alexandre

With 4.1 right now.with 4.2 probably on the next 15 days (i need to
finish a work on my computer before and i can't reinstall everything
again...). Here it is:

# audioctl -f /dev/audio0 -a
name=
[EMAIL PROTECTED]
config=pCNP
encodings=ulinear:8*,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16*
properties=full_duplex,mmap,independent
full_duplex=0
fullduplex=0
blocksize=9600
hiwat=6
lowat=4
monitor_gain=0
mode=play
play.rate=48000
play.channels=1
play.precision=8
play.encoding=mulaw
play.gain=127
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=1
play.active=0
play.buffer_size=65536
record.rate=48000
record.channels=1
record.precision=8
record.encoding=mulaw
record.gain=191
record.balance=32
record.port=0x1
record.avail_ports=0x7
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=1
record.active=0
record.buffer_size=65536
record.errors=0

On this kerneli use GENERIC but i change only the name to have my
computer identify (name: LUNA):

# dmesg
OpenBSD 4.1-stable (LUNA) #0: Mon Oct 15 20:36:07 CST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/LUNA
cpu0: AMD Turion(tm) 64 Mobile Technology ML-32 (AuthenticAMD
686-class, 512KB L2 cache) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 534999040 (522460K)
avail mem = 480092160 (468840K)
using 4278 buffers containing 26873856 bytes (26244K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 11/07/05, BIOS32 rev. 0 @ 0xfd610,
SMBIOS rev. 2.31 @ 0xd7810 (34 entries)
bios0: Hewlett-Packard Pavilion dv8000 (EP404UA#ABA)
pcibios0 at bios0: rev 2.1 @ 0xfd610/0x9f0
pcibios0: PCI BIOS has 10 Interrupt Routing table entries
pcibios0: no compatible PCI ICU found
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x6000! 0xd7800/0x800!
0xd8000/0x1000
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: PowerNow! K8 1791 MHz: speeds: 1800 1600 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01
ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Radeon XPRESS 200M rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 4 function 0 ATI RS480 PCIE rev 0x00
pci2 at ppb1 bus 2
ohci0 at pci0 dev 19 function 0 ATI IXP400 USB rev 0x00: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci0 dev 19 function 1 ATI IXP400 USB rev 0x00: irq 11,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 19 function 2 ATI IXP400 USB2 rev 0x00: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 8 ports with 8 removable, self powered
piixpm0 at pci0 dev 20 function 0 ATI IXP400 SMBus rev 0x11: SMI
iic0 at piixpm0
pciide0 at pci0 dev 20 function 1 ATI IXP400 IDE rev 0x00: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: FUJITSU MHV2080AH
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CD/DVDW TS-L532R, HA05 SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
pcib0 at pci0 dev 20 function 3 ATI IXP400 ISA rev 0x00
ppb2 at pci0 dev 20 function 4 ATI IXP400 PCI rev 0x00
pci3 at ppb2 bus 6
Broadcom BCM4318 rev 0x02 at pci3 dev 2 function 0 not configured
cbb0 at pci3 dev 4 function 0 TI PCI7XX1 CardBus rev 0x00

HD access problems and Audio sounds too fast: (was Re: Keyboard/Mouse problem OpenBSD 4.2)

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

  I have a HP Pavilion dv8000 too and, after install 4.2, i go back to
4.1. The audio on vlc, xine, xmms sounds too fast and cut from time to
time (5-6 sec intervals)even playing internet radioand the HD
access sucks. For example: i spent more than 15 minutes doing tar xvzf
ports.tar.gz. All this with the GENERIC kernel out of the box. Do you
experiment the same problems? I tried enable acpi toosame result.
On 4.1 everything works as expected (except xmms that sounds too fast too).


Alvaro


David H. Lynch Jr. wrote:
 Peter Hessler wrote:
 try enabling acpi at the bootloader prompt..

 boot -c
 enable acpi
 exit
   
 Thanks !
 that did the trick.
 On 2007 Oct 24 (Wed) at 13:58:29 -0400 (-0400), David H. Lynch Jr. wrote:
 :I am trying to complete a new install of OpenBSD 4.2 on an HP
 :Pavillion dv8000.
 :
 :Inside X the glidepad is extremely eratic and virtually
 :uncontrolable - but an external USB mouse works fine.
 :Even without X running the Keyboard is prone to random fits of
 :repeating charaters. It does not do that all the time,
 : but the likelyhood of typing a complete command without atleast one
 :letter repeating anywhere from 3 to 15 times is slim.
 :Methodically hunt and pecking each individual key very slowly helps
 :but does nto cure the problem.
 :
 :I do not have this problem running Ubuntu Linux (or windows) on the
 :same machine - but I do get exactly the same behavior if I boot from a
 :iux system rescue disk.
 :
 :My guess is that both the glidepad and keyboard are on PS/2 hardware
 :internally and there is some PS/2 related configuration value that needs
 :tweaked. But I have no clue where to look.
 :
 :A clue would be greatly appreciated.
 :
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHIKNtaLlBJyo5Ih8RAuw0AJ9wcwcXjFM4zTMUjASO7AVwsIUkkACfaPUL
bVGX8pbQp2q19p2Q+s47SAk=
=yEMP
-END PGP SIGNATURE-

Re: HD access problems and Audio sounds too fast: (was Re: Keyboard/Mouse problem OpenBSD 4.2)

[Alvaro Mantilla Gimenez]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

   I check that option on audioctl and it was ok. And remember: on
OpenBSD 4.1 sounds good (only xmms is going faster...).

   The other problem (the bigger) it was the incredible low speed to
access the hard disk. Right now, like i said before, i am using 4.1 but
the output of the 4.2 it was the same:

# atactl wd0 identify
Model: FUJITSU MHV2080AH, Rev: 00830096, Serial #: NT28T5C2A9LW
Device type: ATA, fixed
Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 156301488
Device capabilities:
ATA standby timer values
IORDY operation
Device supports the following standards:
ATA-2 ATA-3 ATA-4 ATA-5 ATA-6
Master password revision code 0xfffe
Device supports the following command sets:
READ BUFFER command
WRITE BUFFER command
Read look-ahead
Write cache
Power Management feature set
Security Mode feature set
SMART feature set
Flush Cache command
Device Configuration Overlay feature set
Advanced Power Management feature set
DOWNLOAD MICROCODE command
IDLE IMMEDIATE with UNLOAD FEATURE
SMART self-test
SMART error logging
Device has enabled the following command sets/features:
READ BUFFER command
WRITE BUFFER command
Read look-ahead
Write cache
Power Management feature set
SMART feature set
Flush Cache command
Device Configuration Overlay feature set
Advanced Power Management feature set
DOWNLOAD MICROCODE command

So, why in 4.2 is more slow? In fact, only for testing, I did this:

 1) install 4.1 (no compile kernel, no nothing.only the install from
the CDs)

Result: The HD was ok and fast (How do i know? Because it was faster
 unpacking ports.tar.gz)

 2) Upgrade to 4.2 from the CDs:

Result: The HD i/o accesssucks; 15+ minutes to unpack ports.tar.gz.

(Pretty simple the upgrade process from CDs btw).


Regards,


   Alvaro


Edd Barrett wrote:
 Hi,
 
 On 25/10/2007, Alvaro Mantilla Gimenez [EMAIL PROTECTED] wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Hi,

   I have a HP Pavilion dv8000 too and, after install 4.2, i go back to
 4.1. The audio on vlc, xine, xmms sounds too fast and cut from time to
 time (5-6 sec intervals)even playing internet radioand the HD
 access sucks.
 
 Ok, I'm no expert, but heres my understanding of this:
 
 What is the native sample rate of the sound card? Most things are
 encoded for 44,100. A lot of cheap sound cards use 48,000, which
 results in the audio sounding too fast.
 
 ---8---
 audioctl -a | grep rate
 play.rate=44100
 ---8---
 
 You can try changing this variable, but a lot of soundcards don't let
 you. If this is the case, then you need to find a player, which can
 re-sample the audio to the rate of your sound card (mplayer will), but
 alas, you might end up with a less preffered player.
 
 The other thing that causes fast playback, is mono audio files. This
 effectively halves the sample rate of the file(?).
 
 Some operating systems re-sample this stuff in-kernel. OpenBSD does
 not. This is why I made sure I had a good quality sound card for use
 with OpenBSD.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHIVB6aLlBJyo5Ih8RAjhIAJ9dvdx9RI1UnVTSiq0btM39zEhzUwCfT5TG
m2u9h/o3N6o9xQwmDFgOq2I=
=n7AT
-END PGP SIGNATURE-

Upgrade process in 4.2

[Alvaro Mantilla Gimenez]

Hi,

  I just download the last snapshots available on ftp.openbsd.org. 
note Because my new and shiny CDs not arrive yet to Costa Rica and i 
can't wait to install 4.2 /note. I was reading the faq on the OpenBSD web:


-Current is where active development work is done, and eventually, it 
will turn into the next -release of OpenBSD. Every six months, when a 
new version of OpenBSD is released, -current is tagged, and becomes 
-release: a frozen point in the history of the source tree.


-Stable is based on -release . -stable is also known as the patch 
branch.


Upgrading is the process of installing a newer version of OpenBSD

So...i have a question here: is it possible install 4.2 from snapshots, 
then upgrade to release (a frozen point...) and then goes to stable???


Regards,


  Alvaro

Re: Upgrade process in 4.2

[Alvaro Mantilla Gimenez]

Stuart Henderson wrote:

On 2007/10/06 15:55, Alvaro Mantilla Gimenez wrote:
So...i have a question here: is it possible install 4.2 from snapshots, then 
upgrade to release (a frozen point...) and then goes to stable???


that would be downgrade, not upgrade. That's not supported.


Thanks. The answer that i was looking for came from Peter N. M. Hansteen.

Probably my poor english made my question not very well explained.
In my sentence i need to add: ..and then go to stable 4.2.

Anyways...like Peter said: it's a bit too late because the snapshots 
are moving to 4.3 direction. So...probably...in some point of time...my 
question was correct..right?


Regards,

 Alvaro

Re: OpenBSd or HP-UX?

[Alvaro Mantilla Gimenez]

Travers Buda wrote:


*snip*

Just tell him that OpenBSD in the stead of HP-UX will be cheaper, faster to 
setup, and easier to maintain (because of your experience with Open.) Both 
OpenBSD and HP-UX can do LDAP, yes, but it's yourself that makes the difference 
here.

Oh, and you have much more freedom in picking out your hardware (back to the 
cheap tangent.)

--
Travers Buda


It would be wonderful convince my boss with that argumentbut the 
next question he will ask is: What ifyou die tomorrow?? Who can 
maintain the system??...


Thanks anywayit is a good point to mention on the conversation with 
my boss.



 Alvaro

Re: OpenBSd or HP-UX?

[Alvaro Mantilla Gimenez]

Marc Balmer wrote:


We run an OpenLDAP installation on OpenBSD that is fully synchronized on 
two servers (one master, one slave) for the public schools here. ~15'000 
accounts and all important systems (email, fileserver, even the ~80 
firewalls, login, etc.) pull their data from it.


Can you send me a dmesg of this computers? I think it is a good start to 
know how big is the hardware that i need to support something like that 
with OpenBSD...




It is in operation for several years now, not a single problem with it.


Which version of OpenLDAP are you running in this moment??

I can say nothing about HP-UX, but OpenBSD surely is a stable foundation 
for an OpenLDAP server.


- Marc Balmer, micro systems


Thanks in advance,


alvaro

Re: OpenBSd or HP-UX?

[Alvaro Mantilla Gimenez]

Jacob Yocom-Piatt wrote:





tried to take a bit of a side adventure and get HP-UX going on a PA-RISC 
machine and it's no walk in the park. for cost, support, compatibility 
and simplicity reasons i've abandoned the project and decided to use 
other OSes instead.


How was your adventure?? Can you be more specific?? I know the cost 
part...obviously it is more cheaper run OpenBSD that HP-UX. But i need 
more...something really heavy like I tried to install an OpenLDAP with 
HP-UX and the system load with 2000 users rise to the sky...but the same 
 number of users with OpenBSD had an incredible performance and never 
pass from 10% of loador whatever...




you CANNOT discount the value of having essentially direct access to the 
devs on these lists. the karma and assistance you receive as a result of 
making even small donations is considerable and, in my experience, 
better than any phone or tech support i've received from companies that 
support enterprise software. for a fraction of the cost of a support 
contract you can get direct access to the programmers and cut out the 
nimwits on the phone you have to wade through.




I agree with you...

as jc said, the only situation i can imagine where you'd want to run 
something enterprise is in the case that you need a monolithic server. 
unless the hardware is wacky, i'd still be inclined to run an opensource 
OS on it for the support reasons cited above. not very familiar with 
LDAP configs here but i imagine there is a way to spread load between 
machines, making the monolithic solution pointless.


thanks for the reminder to investigate LDAP more closely... =)



Thanks to you...


   Alvaro

Re: OpenBSd or HP-UX?

[Alvaro Mantilla Gimenez]

J.C. Roberts wrote:



The reasoning for HP-UX is brand name recognition, vendor support, and
of course job security -when something goes wrong, your boss can blame
the brand name vendor in hopes of saving his own ass.


And this is, i think, the main point for my boss and his not 
understanding about the advantages of OpenBSD over HP-UX. But...i have 
hope yet...he does not close the door to the OpenBSD possibility. He 
wants probes...only i need to find a heavy argument. For example...the 
developers that port OpenBSD to HPPA and HP300 platformsmaybe they 
have benchmarks between this machines running HP-UX and/or OpenBSD. It 
works better??




LDPA has similarities to both database servers and file servers, so even
though it's not an exact match, performance metrics for database/flle
servers may be relevant to LDAP. As always, *YOUR* environment and
requirements must be tested to get any truly meaningful performance
metrics. If you have truly insane load and storage requirements, and an
unlimited budget, spending a quarter of a million dollars on a very
high end, 16+ CPU, Itanium box running HP-UX may be a better choice
than OpenBSD. Then again, if that's really the case, I would prefer to
go with big Sun hardware and Solaris under those circumstances.



This is a good point too. Is it the performance of OpenBSD running on 
Sun computers equal to Solaris?? Personally...i think Solaris...sucks !! 
But there is no a technical opinion here...it is only i like the OpenBSD 
way to do the things. For me, Solaris is a like a big dinosaur.




By comparison, the multiple processor support in OpenBSD is for i386 and
amd64, and how well it will scale in *YOUR* situation can only be found
through testing. Personally, I've never seen a 16+ CPU dmesg, but I'm
not a project developer, and someone may very well be using OpenBSD on
such hardware.


Anyone that wants share his experience with this type of hardware?


There are people from this list who deal with fairly large LDAP/SASL
installations on OpenBSD. Chris Paul (sentinare.com) and Jason Dixon
(dixongroup.net) come to mind but I'm sure there are others. 


Do you have their emails?? Please, give my email to them if they decide 
to share some information with me. (I look the emails too, maybe are 
public...i don't want to bother anyone with unwanted email).




The best business decision is the solution that gives you the greatest
reliability and security for your requirements with the least amount of
investment. OpenBSD has a very good chance of coming out on top in the
majority of fairly tested comparisons. The corner case of insane loads
and storage requirements is the one *possible* exception but even then,
it may be sufficient.


Do you have urls of this fairly tests?




jcr


Thank you so much


   Alvaro