Re: OpenBGPd SNMP
On Mon, Oct 05, 2015 at 10:34:01AM +, Stuart Henderson wrote: > On 2015-10-04, Mike Hammettwrote: > > Are there any packages out there that expose OpenBGPd or other OpenBSD > > parameters via SNMP? Would like to check generic health of the system, > > number of routes, number of peers, number of routes per peer, etc. > > System sensors ("sysctl hw.sensors") are exported by snmpd(8) as > OPENBSD-SENSORS-MIB, this is non-standard but if you spend a little > time with the standard ENTITY-SENSOR-MIB and its dependency ENTITY-MIB > you'll soon understand why. (lm_sensor on linux also uses its own MIB > for this). > > There's nothing currently public for bgpd. Bret has a WIP diff though. > I'd contacted the author of the original email off-list, but after much ill-mannered name calling from sthen have mailed the diff to tech, for those interested in guineaing in the pig fashion.
Re: SNMP on 5.7/5.8
On Sat, Aug 08, 2015 at 08:47:21PM +0300, Kapetanakis Giannis wrote: sorry for top post. I believe I had the problem with both base and netsnmpd versions. Believe and have verified that are two functionally different statements. I've only seen evidence that netsnmp, not snmpd from OpenBSD base, has this issue. Those who have reported the issue with netsnmp are encouraged to report that to the netsnmp project in order to hopefully receive a timely response. If someone can replicate the issue with software included in the base OpenBSD distribution, please do so. On 06/08/15 00:33, Steven Surdock wrote: Thanks Stuart. It is also my understanding that the base snmpd suffers the same issue. http://marc.info/?l=openbsd-miscm=143143933919367w=2 I will try the debug shortly. -Steve S. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Wednesday, August 5, 2015 5:58 AM To: misc@openbsd.org Subject: Re: SNMP on 5.7/5.8 On 2015-08-04, Steven Surdock ssurd...@engineered-net.com wrote: The broken SNMP on i386/5.7 is preventing me from upgrading. I tried i386/5.8 but I'm still seeing net-snmpd crash with the following error. NET-SNMP version 5.7.3 Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4 Error expanding HCInDelivers to 64bits in ipSystemStatsTable.ipv4 Error expanding HCOutRequests to 64bits in ipSystemStatsTable.ipv4 Oh, I wasn't aware of this, if a port is broken on some arch please let the maintainer know rather than hope they notice a report on misc@... Can you get output with debugging enabled for c64? Should be something like snmpd -Dc64 -f -Le Do you particularly need something from Net-SNMP or could you use snmpd from base instead? If it does what you need, the latter is always preferable. Is amd64 the new i386? yes. Would my energy be best spent migrating my default install to amd64? Thanks. that's up to you to decide :)
Re: httpd
On Tue, Nov 18, 2014 at 02:20:40PM +0200, Gregory Edigarov wrote: Hi, While downloading a big file from httpd it eats somewhere from 77 to 100% or even 150% cpu. Is it normal? I've never seen such numbers with nginx. There was a known issue with that that has been fixed in -current; if you aren't running -current, you should update and see if the issue persists. -- With best regards, Gregory Edigarov
Re: Shadow TCP stacks
On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote: 2014-10-16 13:16 GMT+02:00 Kevin Chadwick ma1l1i...@yahoo.co.uk: I still don't see the benefit though but do see added complexity or more code to audit. Reducing DDOS against a visible SSH service maybe? Reduce password attempts on your logs allowing them to go after targets that might actually use passwords (port change also works there, I find)? The impossibility to scan for services - which the NSA/GHCQ/... do. It's a good thing that traffic analysis isn't a thing, then. Otherwise they'd be able to check if traffic purporting to go to port 80/443 doesn't look like HTTP traffic, or something.
Re: Shadow TCP stacks
On Fri, Oct 17, 2014 at 12:56:48PM +0200, Martin Schr??der wrote: 2014-10-17 10:24 GMT+02:00 Bret Lambert bret.lamb...@gmail.com: On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote: The impossibility to scan for services - which the NSA/GHCQ/... do. It's a good thing that traffic analysis isn't a thing, then. Otherwise they'd be able to check if traffic purporting to go to port 80/443 doesn't look like HTTP traffic, or something. That's not the scenario here. The scenario is defense against port scans. You look like a fool who hasn't read the original paper. Quoting the OP a few emails back: The idea is that the existence of this entire 'ultranet' is undetectable by even someone snooping all national traffic. So a TCP port 80 connection looks to the snooper _exactly_ like an HTTP connection handshake. Only the ISN and the source address mark the connection as 'ultra' and take it into a back room where it connects to the real network. Just sayin'.
Re: Shadow TCP stacks
On Fri, Oct 17, 2014 at 12:13:55PM -0400, Ian Grant wrote: On Fri, Oct 17, 2014 at 4:24 AM, Bret Lambert bret.lamb...@gmail.com wrote: On Thu, Oct 16, 2014 at 02:48:22PM +0200, Martin Schr??der wrote: 2014-10-16 13:16 GMT+02:00 Kevin Chadwick ma1l1i...@yahoo.co.uk: The impossibility to scan for services - which the NSA/GHCQ/... do. It's a good thing that traffic analysis isn't a thing, then. Otherwise they'd be able to check if traffic purporting to go to port 80/443 doesn't look like HTTP traffic, or something. They don't have any clue which traffic to analyze though, so this traffic is a needle in a haystack. Well, if, as Herr Schroeder seems to be implying, this is used to avoid port scans, I'd look for traffic to/from address:port which don't show up on scans. Also, the VPN could be tunneled over HTTP if necessary. I know of at least one company which sells a product which doesn't just read headers, but classifies traffic based upon behavior, e.g., small request receives large response - bulk transfer, or series of tiny packets which receive a single, larger response - interactive session. I assume nation-states have developed similar capabilities. The ability to use statistical methods to eavesdrop on encrypted SIP sessions comes to mind as an example of traffic analysis as a tool to defeat adversaries who are attempting to secure their communications.
Re: Shadow TCP stacks
On Fri, Oct 17, 2014 at 02:59:26PM -0400, Ian Grant wrote: On Fri, Oct 17, 2014 at 2:49 PM, Bret Lambert bret.lamb...@gmail.com wrote: Well, if, as Herr Schroeder seems to be implying, this is used to avoid port scans, I'd look for traffic to/from address:port which don't show up on scans. That's why I want to hide it behind an ordinary service. The point being, Herr Schroeder appears to be a man who would become one of your users, and has apparently missed that step. A manual that includes an advisory to do so would likely be a good idea. Also, the VPN could be tunneled over HTTP if necessary. I know of at least one company which sells a product which doesn't just read headers, but classifies traffic based upon behavior, e.g., small request receives large response - bulk transfer, or series of tiny packets which receive a single, larger response - interactive session. I assume nation-states have developed similar capabilities. That's fine. But they have to analyze all the traffic. This is a needle in a haystack. It's a good thing we don't know any nation-states that analyze all the traffic, then. That would probably be bad. The ability to use statistical methods to eavesdrop on encrypted SIP sessions comes to mind as an example of traffic analysis as a tool to defeat adversaries who are attempting to secure their communications. Again, a needle in a haystack. Assuming that your adversary is going into this blind, and hasn't been given a list of interesting targets that includes your systems. States also have access to human intelligence as well. Please read the OP before refuting stuff on the list. If you want to argue, and you aren't sure of your argument, e-mail me off the list. Otherwise it just adds to the general level of confusion, which is already higher than I'd expected on this list. Quoting the original email you sent: If anyone here has a better idea, or any other useful advice (even if it's this has already been done! or It won't work, but please explain exactly why.) or pointers I'm not attempting to refute the validity of what you're attempting, I'm pointing out things that probably should be taken into consideration during implementation/deployment, which I think falls under the heading of useful advice. Whether or not it's useful is a judgement left to the reader.
Re: Does OpenBSD's wpa_supplicant support PSK?
On Mon, Feb 10, 2014 at 10:20:44PM +0100, Zbigniew wrote: 2014-02-10 22:00 GMT+01:00, Jeff Goettsch j...@primal.ucdavis.edu: I don't know anything about wpa_supplicant, but does # ifconfig rum0 nwid nwid wpakey wpakey work? No, it says it wants passphrase length in range from 8 to 63 characters, while the PSK-passphrase has 64 characters, unfortunately. Did you notice the following portion of the ifconfig man page: wpakey passphrase | hexkey Set the WPA key and enable WPA. The key can be given using either a passphrase or a full length hex key, starting with 0x. ? -- regards, Z.
Re: Documentation on rc.conf.local lacks important warning
On Sun, Feb 09, 2014 at 08:28:43PM +0200, VaZub wrote: Hi all, There is a small nuisance I've stumbled upon during my first experiments with OpenBSD. Both the man page for rc.conf(8) as well as the official OpenBSD FAQ (10.3) suggest to avoid editing /etc/rc.conf directly and instead copy it to /etc/rc.conf.local and edit afterwards. Yet it seems both fail to mention, that in order to prevent your system from going ballistic after doing this, you should also comment out or delete a particular line of code in /etc/rc.conf.local, namely this one: [ -f /etc/rc.conf.local ] . /etc/rc.conf.local. Not good, especially for those who do follow official instructions and still suddenly find themselves with a broken system on their hands for no apparent reason. This might seem like a trivial issue for old-timers, and one is sure to find the appropriate solution with a little bit of deeper googling, but having short relevant notices in the aforementioned manuals could save newcomers some introductory frustration. What do you think? Is there anyone among those looking after the official documentation up to consider such a suggestion? You've probably confused rc.conf.local for rc.local, but it's impossible to tell, given that you've delivered a polemic, and not a description of what you tried to do, and how it didn't end up as you expected. Regards, Vasyl Zubko
Re: More detailed information about last commands executed than lastcomm
On Mon, Sep 16, 2013 at 07:28:21AM -0400, Jiri B wrote: On Mon, Sep 16, 2013 at 11:38:18AM +0200, Wies??aw Kielas wrote: Dear misc@, Is there any way to get information about last commands executed on a OpenBSD machine? I'm interested in getting the command name along with arguments passed to it. From what I gathered so far, lastcomm can't show command arguments - is there any way/other tool which can do that? Usual unix process accounting does not take care about commands' args. Anyway, you probably won't care about what normal users execute, you probably want that only for admins/root. Then I would propose to build a server with conserve (console server) which would be used as source host to ssh/console to destination servers for admins/root. conserve can save sessions in text form, you could have a filter and send it via syslog/whatever to central logging server. j. Why make shit more difficult than it need be? From the sudo man page: sudo also supports logging a command's input and output streams.
Re: More detailed information about last commands executed than lastcomm
On Mon, Sep 16, 2013 at 01:31:58PM +0200, Bret Lambert wrote: On Mon, Sep 16, 2013 at 07:28:21AM -0400, Jiri B wrote: On Mon, Sep 16, 2013 at 11:38:18AM +0200, Wies??aw Kielas wrote: Dear misc@, Is there any way to get information about last commands executed on a OpenBSD machine? I'm interested in getting the command name along with arguments passed to it. From what I gathered so far, lastcomm can't show command arguments - is there any way/other tool which can do that? Usual unix process accounting does not take care about commands' args. Anyway, you probably won't care about what normal users execute, you probably want that only for admins/root. Then I would propose to build a server with conserve (console server) which would be used as source host to ssh/console to destination servers for admins/root. conserve can save sessions in text form, you could have a filter and send it via syslog/whatever to central logging server. j. Why make shit more difficult than it need be? From the sudo man page: sudo also supports logging a command's input and output streams. Er, I meant to copy sudo can log both successful and unsuccessful attempts I blame the lack of something in my something system.
Re: More detailed information about last commands executed than lastcomm
On Mon, Sep 16, 2013 at 07:48:14AM -0400, Jiri B wrote: On Mon, Sep 16, 2013 at 01:33:33PM +0200, Bret Lambert wrote: On Mon, Sep 16, 2013 at 01:31:58PM +0200, Bret Lambert wrote: On Mon, Sep 16, 2013 at 07:28:21AM -0400, Jiri B wrote: Usual unix process accounting does not take care about commands' args. Anyway, you probably won't care about what normal users execute, you probably want that only for admins/root. Then I would propose to build a server with conserve (console server) which would be used as source host to ssh/console to destination servers for admins/root. conserve can save sessions in text form, you could have a filter and send it via syslog/whatever to central logging server. Why make shit more difficult than it need be? From the sudo man page: sudo also supports logging a command's input and output streams. Er, I meant to copy sudo can log both successful and unsuccessful attempts I blame the lack of something in my something system. Yes it would be better to use sudo but some env are setup to allow direct login to root :/ And the fact that they can do this via sudo should serve as an impetus for those admins to stop Doing it Wrong(tm). I understand that there are exceptions to the best practices dictate root-level access through sudo, but the original email that started this thread seems to indicate that there's a need to keep tabs on some henchmen/underlings/poorly-trained monkies. That screams don't give them direct root logins, to me.
Re: bioctl replacing a failed mirror
On Mon, Sep 02, 2013 at 02:30:23PM +0200, Stefan Sperling wrote: On Mon, Sep 02, 2013 at 08:17:27AM -0400, John Hynes wrote: On Mon, Sep 2, 2013 at 8:10 AM, Stefan Sperling s...@openbsd.org wrote: What commands did you run to copy the disklabel? Oh - I did a disklabel sd0 disklabel.sd2; disklabel -R sd2 disklabel.sd2 Did that change the duid of sd2? If it didn't, it's a bug; from revision 1.163 of disklabel.c: When restoring a disklabel do not restore the uid. Let the kernel allocate a new uid instead.
Re: OpenBSD's webpage desing
Talk ajax to me, baby. On Thu, Jun 28, 2012 at 10:31 AM, Marc Espie es...@nerim.net wrote: On Wed, Jun 27, 2012 at 03:46:12PM -0700, Chris Cappuccio wrote: IIRC, Theo did the current design himself after everyone else failed to come up with something good. Well, Theo had some rather fun constraints, like making a web site that works with antiquated browsers, like no css. If that constraint gets lifted (Theo ? is your browser still stuck in 1990 ?), then it would probably be possible to have something that looks the same / looks better and less painful to change...
Re: OpenBSD's webpage desing
PHP is like s early 2000s. When's Python gonna go into base? You're behind the times; python's been replaced by ruby running on top of mongodb
Re: Can someone describe these possible long term effects and provide an explicit description of these kernel parameters?
On Thu, Jun 14, 2012 at 8:54 PM, Tristin Davis tristin.co...@gmail.com wrote: Upgrading is simply not an option. It all comes down to having the engineering staff, money, and downtime available. Unfortunatly, we have none of the above right now. I realize we *need* to upgrade, but right now, tuning the kernel is the only option. So...you're running something so mission-critical that it can't afford to be down, but haven't made it redundant, which would allow you to weather both upgrades and acts of god?
Re: spamd-setup fails from cron
Please avoid 15 minutes past the hour ;-) sleep $(($RANDOM % 2048)) /usr/libexec/spamd-setup -d
Re: undeadly
well, I've been gathering responses off-list, and have been putting together at least two articles. Sorry if the speed is not to your satisfaction, but major version release time at work is eating me right now. /snark On Tue, Apr 24, 2012 at 10:32 AM, Marc Espie es...@nerim.net wrote: Come on guys, the rthreads hackathon in Paris, not newsworthy ? Or sqlite in base ? Dudes, if you're just sitting on things because of the pending announcement of official 5.1, that's stupid. Undeadly isn't exactly thriving, more frequent news would be good.
Re: No schizophrenia
On Wed, Jan 11, 2012 at 12:19 AM, John Tate j...@johntate.org wrote: Just an idiot, Jan Stary, who turned the sentence 7 years of FreeBSD/OpenBSD experience into OpenBSD Guru. I wish I had more time and less faith in minds like hers. What an embarrassment... oh dear. She should learn to read. I'm back, healthy as can be. I had a nice holiday. I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU I NEVER SAID THE WORD GURU The intertruck begs to differ: I was a Linux hacker since I was 13. I am a bit of a guru[1] [1] http://marc.info/?l=openbsd-miscm=132275346807070w=2
Re: pfsync and ifstated
On Mon, Mar 21, 2011 at 10:27 PM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: Hi, I'm testing a new setup of a pair of firewalls (master/backup) using carp, pfsync etc. Can I use ifstated to monitor virtual interfaces like pfsync0 and enc0? I want the master after it reboots (if backup is up) to wait for pfsync0 interface to come up, get the missing states from backup firewall and only then advskew carp. This is because pfsync runs on ipsec, which sometimes takes about 2 minutes to become operational (at least on some of my tests). Are you running sasyncd as well? thanx Giannis
Re: Removing secondary groups with usermod -G
On Mon, Mar 21, 2011 at 9:45 PM, William Boshuck bos...@math.mcgill.ca wrote: On Mon, Mar 21, 2011 at 01:18:41PM -0500, Chris Bennett wrote: OpenBSD's form of sed requires you to output to a new file and mv that back to original. .. or one could use ed, or perl, to change a file in place. What happens if ed, or perl, corrupts a system file in place? -wb
Re: Firewall rules to block unwanted protocolls on given ports
On Sat, Mar 19, 2011 at 2:05 PM, johhny_at_poland77 johhny_at_polan...@zoho.com wrote: Does somebody has an idea, that what kind of iptables/pf rule must i use to achieve this?: i only want to allow these connections [on the output chain]: on port 53 output only allow udp - dns on port 80 output only allow tcp - http on port 443 output only allow tcp - https on port 993 output only allow tcp - imaps on port 465 output only allow tcp - smtps on port 22 output only allow tcp - ssh on port 20-21 output only allow cp - ftp on port 989-990 output only allow tcp - ftps on port 1194 output only allow udp - OpenVPN So that e.g.: OpenVPN on port 443 would be blocked, because only HTTPS is allowed on port 443 outbound. Any ideas? :\ Yes, write some sort of traffic-classification daemon that uses divert sockets to pass/deny traffic based on what that traffic is. I will personally check it in to the ports system once you are done and it has undergone a complete audit.
Re: Choosing a window manager...
On Tue, Mar 15, 2011 at 8:03 PM, Kevin Smith openbsd...@gmail.com wrote: I'm deciding between kde, xfce, gnome, and fluxbox (in order of preference). Any experiences? Any relevant security issues on any of them? What you're asking is akin to: Hey everyone, I'm trying to decide between: Catholicism, Judaism, Buddhism, and Hinduism. What's the best? Obviously, the answer is Zoroastrianism. Ahura Mazda bless you all.
Re: kernel leaks (was: Re: network bandwith with em(4))
On Fri, Mar 11, 2011 at 12:22 AM, Leen Besselink open...@consolejunkie.net Hi folks, Sorry for hijacking this thread. I also have a Dell machine with em(4)'s. When I upgraded a machine from 4.3 or 4.4 to 4.7 the kernel is leaking memory I've been looking at it ever since. This was just before 4.8 came out so it didn't get 4.8. There have been a number of mbuf leak fixes between 4.8 and 4.9. Reinstall with 4.9/current and repeat your tests.
Re: is SHA256 file used or not ?
Maybe some of user will eventually get a clue glueing all the answer scattered on this list and FAQ. http://www.openbsd.org/faq/faq4.html#shamismatch That entry contains all the relevant details end users should need, which is we're aware that checksum mismatches happen on snapshots; it's not dangerous; you need to learn to live with it
Re: nat static-port option
On Fri, Feb 4, 2011 at 2:45 PM, Martin Schrvder mar...@oneiros.de wrote: 2011/2/4 Pete Vickers p...@systemnet.no: He don't appear to 'have' IPv6... DTAG will offer v6 to all it's customers later this year. It's only the largest telco in Germany. :-) The US has been offering freedom to the world for a while now. It's only the largest republic in the world :-)
Re: nat static-port option
On Wed, Feb 2, 2011 at 11:57 PM, Martin Schrvder mar...@oneiros.de wrote: 2011/2/2 Bret S. Lambert bret.lamb...@gmail.com: On Wed, Feb 02, 2011 at 10:23:43PM +0100, Martin Schr?der wrote: Yeah. And there'll never be more than 2^32 IP devices in the world. Inorite? I mean, if I can't get an IP for my toaster, I'm just gonna *die*! Currently there are about 2^32.7 living humans; I expect to live long enough to see 2^33.3 Imagine everyone having at least two devices. How many do you have? Counting my toaster?
Re: nat static-port option
On Thu, Feb 3, 2011 at 2:17 PM, Martin Schrvder mar...@oneiros.de wrote: 2011/2/3 Bret Lambert bret.lamb...@gmail.com: Counting my toaster? Your toaster has an IP? yes, and can be viewed at http://www.goldentoasting.com/
Re: Let's talk about HTTPS Everywhere
I think you mispelled gene...@mozilla.org On Wed, Jan 19, 2011 at 12:29 PM, S Mathias smathias1...@yahoo.com wrote: Ok. It's a Firefox Add-on: https://www.eff.org/https-everywhere Questions: 1) But: Why can't i find it on the offical Firefox Add-ons site?: https://addons.mozilla.org/en-US/firefox/ 2) Did anyone audited the HTTPS Everywhere code? 3) Can someone trust this Add-on? Is it safe to install/use? 4) If it's so great why isn't it more prevalent? What's youre opinion? Or answer? :\ Thanks!
Re: Final Penultimate last Call for Papers for CanSecWest 2011 (deadline Jan. 17th, conf March 9-11)
On Thu, Jan 13, 2011 at 5:02 PM, Randal L. Schwartz mer...@stonehenge.com wrote: Dragos == Dragos Ruiu d...@kyx.net writes: Dragos It's been up on the site for a while with a Dec 29 deadline, Dragos but this is the real last call for submissions. Really? Then why did you use Penultimate (which means next to last) instead of Ultimate in the subject line? http://en.wikipedia.org/wiki/Humor Yours for a more literate education, -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.posterous.com/ for Smalltalk discussion
Re: remove users from group
On Fri, Dec 24, 2010 at 1:56 PM, Henning Brauer lists-open...@bsws.de wrote: * Bret Lambert bret.lamb...@gmail.com [2010-12-13 10:32]: You're all wrong. We obviously need XML user databases. go play with phk, only JSON is web scale. Talk YAML to me, baby. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: remove users from group
On Mon, Dec 13, 2010 at 10:14 AM, MERIGHI Marcus mcmer-open...@tor.at wrote: h...@stare.cz (Jan Stary), 2010.12.13 (Mon) 09:15 (CET): On Dec 13 12:01:58, OpenBSD Geek wrote: I have 100 users in groups : clients, and ftp_group How can i remove these 100 users from ftp_group ? I have already try usermod, but it only add users to group, not remove. Is there a way to achieve my task ? Sadly, no. These users will be members of these groups forever. There's nothing you can do about it. You can only reinstall. And do not forget to wipe your hard disk to make sure you have a clean re-install! Jan, you just brightened my monday morning, thanks! On the more serious side and for the OP: how about the unix way of combining simple tools to accomplish more complex tasks: 1) use id(1) to get the groups 2a) use sed(1) to get rid of the unwanted ones 2b) use tr(1) to get a newline seperated list and grep(1) to get rid of the unwanted groups. 3) use tr(1) again to transform the new list to a format suitable for usermod(8). 4) feed ``usermod -G'' the new list. OR just ``vi /etc/groups''. You're all wrong. We obviously need XML user databases.
Re: OpenBSD in Rock Band 3
My guess would be strlcpy() and/or friends, but IIRC that's millert@'s copyright. Time to get a lawyer, Todd! On Tue, Dec 7, 2010 at 11:55 PM, Ted Unangst ted.unan...@gmail.com wrote: That's a little strange, because I don't think there is any code anywhere copyrighted by OpenBSD. All the code is copyright by the individual contributors. On Tue, Dec 7, 2010 at 5:47 PM, Doug Clements dcleme...@gmail.com wrote: On Tue, Dec 7, 2010 at 12:09 AM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: :) well, possible to sit through those again? This time, prepare your camera. :) Here's the best I got: http://www.freeimagehosting.net/image.php?5bec65cccf.jpg - SGI http://www.freeimagehosting.net/image.php?29f575c27e.jpg - Rgindael/AES http://www.freeimagehosting.net/image.php?80e8f1270b.jpg - Mark Borgerding http://www.freeimagehosting.net/image.php?7b8ba7a5c6.jpg - Simon Brown http://www.freeimagehosting.net/image.php?3bd1000b8f.jpg - RSA/MD5 http://www.freeimagehosting.net/image.php?be87682cdd.jpg - OpenBSD http://www.freeimagehosting.net/image.php?2b516d12eb.jpg - Nvidia Not much info there, so it's hard for me to speculate. --Doug
Re: nis/ldap/login class
login_ldap (not in base) or ypldap (in base) On Wed, Dec 8, 2010 at 11:49 AM, Friedrich Locke friedrich.lo...@gmail.com wrote: Dear friends, i am running my OBSD server using NIS and i would like to change this for LDAP. My doubt is: how is the login class field handle in a scenario defined by OpenLDAP? Thanks in advance
Re: Advice on learning C as first language
On Wed, Nov 24, 2010 at 3:55 PM, James Hozier guitars...@yahoo.com wrote: My first programming language ever was Visual Basic, but I was 11 years old at the time and it was just a mandatory elective class I had to take to get credits in order to graduate school, and I didn't even know what a programming language was back then. I thought I was just writing words on the screen to make the program do things (we made stuff like tic-tac-toe, shooting a basketball into a hoop by inputting correct coordinates/arch, etc.) I forgot everything I learned since then, so I have absolutely no recollection at all of VB except rem which I recall as being equivalent to a comment in any other language. Later when I began to edit code to make programs do exactly what I wanted, I basically guessed what all the functions did and how the programs worked to modify them, and as long as they worked, I really wasn't concerned at all about how crappy the quality of the code was. So I decided to actually learn a language and I had heard Python was easy so I started learning Python first. But before finishing the first chapter I was told by several people that Perl was much better. Considering their opinion was probably better than mine, I switched to Perl and picked up a book for Perl beginners but again before I even learned the print function, I read online that the first programming language one learns could be crucial to the person's future programming skills and habits that become ported to other programming languages they learn later on, and I don't want to develop any bad habits and practices. I've decided to choose C as my first language, for various personal reasons (mostly to audit code for security). So, as a newbie with no knowledge in programming at all whatsoever and wanting to learn C, I bought KR's The C Programming Language (2nd edition) as per the suggestion on the OpenBSD website. I read the disclaimers in the intro of the book, and read on anyway. But the book seems to move very fast and does not elaborate too much on the features of the language, I guess due to the book not being total-noob-friendly. I can barely follow along and get what's going on, but have no idea what the terminologies and phrases being used in the book mean since the book assumes the reader knows basic programming such as arrays and stuff like that. Are there any books that are more noob-friendly that want to learn C as their first language and explain basic programming terms along the way? The classic The C Programming Language is good. After that, learn from good sources; for raw C manipulation, OpenBSD libc is full of neat tricks.
Re: OT: Disadvantages of using virtual firewalls like OpenBSd
On Tue, Nov 23, 2010 at 1:38 PM, carlopmart carlopm...@gmail.com wrote: Hi all, First of all, I don't want to start a flame. I will to know your opinion about using virtual firewalls in virtual infraestructures like vmware, kvm ,xen, etc ... like OpenBSD. Advantages are very clear for me: provisioning, administration tasks, etc ... But I will to know disadvantages. What is your opinion from the point of view of security? Because you're still relying on your host's network stack, you aren't actually firewalling it. Thanks. -- CL Martinez carlopmart {at} gmail {d0t} com
Re: Problems with 4.6
On Wed, Apr 7, 2010 at 6:37 PM, Mark Leisher b: mleis...@math.nmsu.edu wrote: On 04/07/2010 09:43 AM, Otto Moerbeek wrote: On Wed, Apr 07, 2010 at 09:13:57AM -0600, Mark Leisher ??? wrote: I didn't see anything obvious in the archives, so apologies if I missed them. OpenBSD 4.6, Dell PowerEdge 2600 Problem 1: Despite the existence of /etc/defaultdomain, the domain name is not being set at boot time. The domainname `cat /etc/defaultdomain` command is executed, but when the console becomes available, the domain name is no longer set. I had to do everything in rc.local to get NIS working. Strange, I have never have to do that. But you are giving no details, so it is not possible to see what you did or did not to make it not work. This was on a clean install. The only changes I made when I noticed this problem was a new root password, a different port number for sshd, and of course the creation of /etc/defaultdomain. And to answer Bret's private email, the exit code from the domainname call in /etc/rc is still 0. It isn't a permissions issue. what does running domainname `stripcom /etc/defaultdomain` from the command line tell you? Problem 2: Using the secure httpd (1.3.something), I am unable to make it see the user public_html directories. On an OpenBSD 4.0 system I have, it works fine, and the 2.2.11 web server package for 4.6 works fine. I suppose the use dirs are outside the chroot. The httpd in base does chroot by default. I feel dumb! :-) I got so wrapped up in it I missed the obvious. Thanks. -- Mark Leisher
Re: routing and pf at 10Gbps
On Fri, Feb 12, 2010 at 2:52 PM, Diana Eichert deich...@wrench.com wrote: On Thu, 11 Feb 2010, Claudio Jeker wrote: Henning, I told you, we should not talk about unfinsihed projects. We planned to announce this in exactly 7 weeks. Anyway, to late, the cat is out of the bag. So Henning and Oga are working at offloading pf into the graphic card cores by using the DRI interface. The shader will evaluate the ruleset and packets in parallel and use the graphic memory for the state table. Additionally if the speed of one card is not enough you can use SLI or crossfire to use multiple cards in parallel. -- :wq Claudio okay, now you have piqued my interest I will sit back and wait for mor info I, too, hope to get news of this shortly after March is over. thanks diana
Re: GNOBSD-Project introduction
On Mon, Jan 25, 2010 at 2:04 PM, Chris Dukes pak...@pr.neotoma.org wrote: On Tue, Jan 19, 2010 at 07:34:24PM +0100, Stefan Rinkes wrote: [SNEEP] Generally the best day to post these announcements is the first day of the fourth month of the year. But the day these ideas are traditionally developed is on the twentieth day of the fourth month of the year. And if you're into product life cycle management, it's a wonderful day for a product to be out of service... -- Chris Dukes
Re: obsd as domU?
On Tue, Jan 12, 2010 at 8:59 AM, Vadkan Jozsef jozsi.avad...@gmail.com wrote: Can I run obsd as a xen guest? http://lmgtfy.com/?q=Can+I+run+obsd+as+a+xen+guest The internet: you're doing it wrong.
Re: obsd as domU?
On Tue, Jan 12, 2010 at 9:41 AM, Ciprian Dorin, Craciun ciprian.crac...@gmail.com wrote: [snipz0rz] So I bet that the initial poster expected an (authoritative) answer that should have came in the form of an advice based on experience or at least something useful... (Not lmgtfy, which I'm sure he already did, but did not found a good enough answer (as in authoritative)...) When both of his questions were, verbatim: OpenBSD as Dom0: Is it possible? and Can I run obsd as a xen guest? it's unclear to me, since he's unwilling to document what he's found in order to help others to help him, whether or not he's willing to do the work required in finding those answers to begin with.
Re: Looking for Secure Architectures with OpenBSD pdf.
Awesome; another aggravating, whiny, entitled jackass. You'll fit right in on the internet; the kool-aid's to the left. On Thu, Dec 10, 2009 at 2:47 PM, jackwssp q jackw...@gmail.com wrote: 2 Tomas Bodzar: Why you so ugly? I don't looking for pf manual. As you can see above, i'm not alone. When i got it, will share it for all on misc@, and you may furiously try to stop me.
Re: Why is getaddrinfo breaking POSIX?
On Wed, Dec 9, 2009 at 10:55 AM, Jonathan Schleifer js-openbsd-m...@webkeks.org wrote: Am 08.12.2009 um 15:52 schrieb Bret Lambert: The existing resolver code is compleat balls, as oga@ would spell it. Frankly, it needs to be dragged behind the chemical sheds and quietly suffocated. Wouldn't it be possible to at least put a lock around it, so that at least Yes. You're free to do so. Have fun. it does not produce bogus lookups, but is does sequentiel but correct lookups instead? This would at least not break POSIX and would be compatible to thread-safe implementations, though slower than thread-safe implementations. It would already be a big relieve for programmers if they can just use getaddrinfo and know that they at least get a correct result on any OS. ATM, I have to do a whitelist of operating systems that are known to have thread-safe implementations and do a lock for the others. -- Jonathan
Re: Why is getaddrinfo breaking POSIX?
On Wed, Dec 9, 2009 at 10:56 AM, Jonathan Schleifer js-openbsd-m...@webkeks.org wrote: Am 08.12.2009 um 15:41 schrieb Otto Moerbeek: Nobody did the work yet. If it's very important to you, consider spending effort making it thread safe. I believe netbsd and freebsd have thread safe implementations. But actullay verifying that is pretty hard. Yes, the NetBSD implementation is thread-safe since 4.0. For FreeBSD, I don't know since which version it is thread-safe, but it's thread-safe in recent versions. For the verifying part: If the implementation has no side-effects (like modifying some global variable that is not per-thread), the implementation is thread-safe. I still don't see a diff attached. -- Jonathan
Re: Why is getaddrinfo breaking POSIX?
On Tue, Dec 8, 2009 at 3:41 PM, Otto Moerbeek o...@drijf.net wrote: On Tue, Dec 08, 2009 at 02:44:27PM +0100, Jonathan Schleifer wrote: Just wondering: Why is getaddrinfo breaking POSIX by not being thread-safe and what is the thread-safe alternative to it? (Please don't tell me to use locks, as that would kill the possibility to lookup multiple hosts at once). I consider it very strange that an OS still has a thread-unsafe getaddrinfo in the year 2009, even though POSIX and RFC 2553 both require it to be thread-safe. And it makes it especially hard to write portable applications, as there is no way to check if getaddrinfo is thread-safe in a configure script. Nobody did the work yet. If it's very important to you, consider spending effort making it thread safe. I believe netbsd and freebsd have thread safe implementations. But actullay verifying that is pretty hard. The existing resolver code is compleat balls, as oga@ would spell it. Frankly, it needs to be dragged behind the chemical sheds and quietly suffocated. -Otto
Re: Variable ping time
I start rain(6) on the server, via ssh, and the ping times immediatly increases to an average of +/- 25ms : spltty splnet; man spl for further information
Re: Why I Love Open Source - NSA helped with Windows 7 development
On Fri, Nov 20, 2009 at 9:19 AM, patrick keshishian pkesh...@gmail.com wrote: Same reason there exist unconstitutional congressional acts/bills that allow for secret torture prisons, detention of persons without due process, complete bypassing of fouth and sixth amendments, voiding of the Posse Comitatus Act, etc. etc. ... naive voters like you are the reason we are in this shithole right now. You stay classy, misc@
Re: openbsd programming resources?
On Fri, Nov 13, 2009 at 3:35 PM, elias r. obs...@crudp.ath.cx wrote: Hey out there! I started thinking about improving my C-programming knowledge, especially towards OpenBSD (and unix in general) -programming as well as secure programming. Does anyone have a hint which resources are worth reading (e.g. which books about the unix api?) Read src/lib/libc/ Hope this isn't worst question ever (yeah, i know internet searches)... I'd simply like some advice where to start .. greetings, elias
Re: openbsd programming resources?
On Fri, Nov 13, 2009 at 4:28 PM, David Gwynne l...@animata.net wrote: On 14/11/2009, at 12:56 AM, Bret Lambert wrote: On Fri, Nov 13, 2009 at 3:35 PM, elias r. obs...@crudp.ath.cx wrote: Hey out there! I started thinking about improving my C-programming knowledge, especially towards OpenBSD (and unix in general) -programming as well as secure programming. Does anyone have a hint which resources are worth reading (e.g. which books about the unix api?) Read src/lib/libc/ sif, src/sys/ He said Unix API, not implementation ;) Hope this isn't worst question ever (yeah, i know internet searches)... I'd simply like some advice where to start .. greetings, elias
Re: Header re-writing and smtpd(8)
the modules API that isn't written yet ;-) ponies?
Re: Header re-writing and smtpd(8)
On Fri, Oct 30, 2009 at 10:39 AM, Gilles Chehade gil...@openbsd.org wrote: On Fri, Oct 30, 2009 at 10:28:27AM +0100, Bret Lambert wrote: the modules API that isn't written yet ;-) ponies? ponies! 8===D~~ -- Gilles Chehade freelance developer/sysadmin/consultant http://www.poolp.org
Re: mailq: unsupported mode with smtpd
and by maulq i mean mailq ;-) but maulq is much more full of awesome and win
Re: Reading kernel limit usage at runtime
On Thu, Oct 22, 2009 at 3:24 PM, stan st...@panix.com wrote: I have a nachine that has run out of process table entries. One of my co-workers asked how one could check for this, and I am afraid that I did not know the answwer. So, how can one read the usage of kernel limits at rutime? sysctl kern.maxproc is probably what you're after
Re: how to trace a hardcore-bug in OpenBSD-4.5
More of that string leadership we've been warned about... On Wed, Sep 16, 2009 at 11:40 AM, paranoid.gand...@googlemail.com wrote: On Wed, 16 Sep 2009 02:08:03 -0500 Marco Peereboom sl...@peereboom.us wrote: For everyone's reading pleasure: *cut* If violence makes you happy you might get statisfied some day. And you wonder why the Project gets less and less financial support? People like you make people like me not buying CD sets. Your code is flawed and your attitude just sucks. And you're the best poster child for what OpenBSD and the people behind it might became. If people like you go on like this the project will be dead soon. And now please try to fix your code except of trying to be somebody you can't be. Or focus on the bug report? THAT would be real awesome. Kind regards, Gandalf
Re: 4.6 will be released on October 1st?
On Tue, Aug 18, 2009 at 8:11 AM, Nice Daemonnicedae...@googlemail.com wrote: I don't mind. There's a plethora of free email accounts out there. And I'm sure you'll touch yourself inappropriately when hitting send from those too.
Re: How to write drivers?
On Thu, 2008-05-01 at 20:15 +0300, Sviatoslav Chagaev wrote: Hello! I need to write a driver for a primitive device which connects to the LPT port, so I was wondering, are there any manuals/tutorials/HOWTOs/... on this subject? I could probably just read the source code of OpenBSD and learn from there, but I'm a beginner programmer, so this probably will take much more time and there are no guarantees that I won't miss anything... http://www.openbsd.org/papers/opencon06-drivers/index.html is a pretty thorough runthrough
Re: OpenBSD kernel janitors
On Wed, 2007-10-31 at 13:41 -0200, Marcus Andree wrote: snip If we had such documentation, even if it isn't kept up-to-date, it would be a start point. As I stated in an earlier message, OpenBSD code is very, very Design and Implementation of the 4.4. BSD Operating System
Re: E-mail/calendar suite on OpenBSD (Kerio on OpenBSD)?
On Fri, 2007-08-24 at 15:14 +0200, Nikolaus Hiebaum wrote: Hi, I am currently searching for an e-mail/calendar application which is capable of the following: - support clients running on Windows machines (Outlook) - support clients running on Linux/OpenBSD machines (Evolution) - provide Webmail incl. the calendar One software, which looks like it can do all of that, I found is Kerio Mail Server (http://www.kerio.com/kms_home.html). It appears to be capable of synchronizing between the various sessions. My question is whether anyone of you has successfully installed this on OpenBSD. It seems to be supported by Linux (Redhat and Suse) and MacOS. My other question is whether you know of alternatives. Evolution looks very nice, but it doesn't have the webmail feature *with* the calendar. I am really open to suggestions. My personal suggestion? Ask your users why, other than the fact that Outlook does it, do you need one application to handle both calendaring and email? If you can get your users to break out of that (rather idiotic, IMO) paradigm, an entire world of easier-to-support possibilities opens up for you. Just so you don't think I'm being a cocky ass, I asked that question, and was rewarded with because I'm the president and I say so. I'm now in the process of rolling out Scalix. - Bert Thanks, Nick
Re: port knocking?
On Mon, 2007-06-25 at 10:48 -0700, John N. Brahy wrote: Hi Misc@, I was wondering what the general census on port knocking in the OpenBSD community is. I like the idea of hiding services but I don't like the idea of relying on a piece of code that's not part of the OpenBSD core. I know when it comes down to it, it's only hiding ports and not actually securing anything. I am assuming that it's not practiced in the OpenBSD world because there are no port knocking ports. Anyone not agree with that summation? I can't speak for others, but I don't practice it because there are better (and developer-supported) ways to keep people out. If you're paranoid about hiding services, authpf is, in my opinion, superior to any other solution that I've seen.
Re: Snapshots src/sys tarballs
On Wed, 2007-05-30 at 09:51 -0800, Jimmy Mitchener wrote: Is there a reason snapshots do not currently come with a src/sys.tar.gz as releases do? I would think this to be quite useful for people wishing/requiring building their own kernels, and using snapshots, as it would help to minimize damage from kernel/userland (and packages) coming out of sync. I'm sure there's a good reason for them not being included, but I'm just curious as to what it is, I was unable to find anything in the archives. This has been answered in the past; it comes down to too much work for too little gain. You want to live safely, run -stable. Jimmy.
Re: extenal storage and backup
On Wed, 2007-05-16 at 10:21 -0400, Jason Dixon wrote: On Wed, 16 May 2007 11:10:06 -0300, John Nietzsche [EMAIL PROTECTED] wrote: Dear gentleman, i am searching a dell 1u rack server for usage with openbsd 4.1 as a storage (nfs) device. I wonder which external backup option have you been using since? Talk about your generic questions. Do you want a direct-attached SCSI backup drive? A direct-attached SCSI library w/robot? A usb drive? A NetApp SAN with hot snapshots? Dump-over-ssh to a network server? What's your budget? What is your restore plan? I prefer base64 encoded printouts, to be rekeyed by interns should the system fail.
Re: Prevent circumventing dansguardian with pf
On Fri, 2007-05-04 at 07:26 -0600, Open Phugu wrote: if you deny icmp, you shall burn in hell You may burn in hell, but ICMP can be used to infiltrate and exfiltrate data: http://www.cs.uit.no/~daniels/PingTunnel/ This looks like it's pretty trivially defeated; bzero()'ing the data portion of the ICMP echo request/response removes the piggybacked data channel. For even more fun, you could overwrite the actual data in the covert channel with a fun message about the Care Bears. Or, for bonus points, some nice Harry Potter slashfic ;-) - Bert
Re: Loading a Second Kernel
On Tue, 2007-04-17 at 14:33 -0400, Jon Steel wrote: Hi Im trying to find a way to do a sort of very soft reboot. For example I want to boot up the computer into a kernel on one drive, and then after saying reboot, the computer loads up a kernel from a second drive. I have gotten this to work with the use of a file to pass information between boots, but that is not an ideal solution. What I really want is either a way to pass a parameter to the BIOS so that it can pass it to boot upon restarting, or a way to reload the boot loader into memory and then execute it. It would even be fine to use another operating system on the first boot. So it boots up into say Gentoo, and then when Im done with that, I want to load OpenBSD. Does anybody have an idea how I can approach this? You could install a bootloader that uses a conf file, and have a script that edits that and then reboots into your chosen OS. Of course, down that road may lie much frustration as a badly-written script can cause you to reboot with a ramdisk or some such and edit by hand. Thanks Jonathan Steel
Re: Routerboard 532 Bounty
On Wed, 2007-04-11 at 12:05 -0500, Sam Fourman Jr. wrote: Well, I would like to see the router board simply because, I would like to make a router / switch device to replace a Linksys 54G Router, maybe 3 or 4 lan ports and a 1 or 2 MPCI slots, 1 for hardware crypto and the other for a wireless device. if anyone has any ideas or links that would be great. The propietor of magicbox.pl, which offers powerpc-based boards, had offered to ship hardware to any and all interested OpenBSD devs; a few confused me as the contact point, so it looks like there was some developer interest in that hardware, but I haven't heard anything since. This was something like a month, month and a half ago; if any dev who contacted that vendor could give a quick it worked/he was jerking us around response, I'd love to get an update. Those boards are (unless I'm forgetting) based in the IBM405 chipset; I'd like to see router boards based on the IBM440EBx (again, I may be misremembering), which is supposed to have on-proc crypto support. The only board based on that that I've been able to find in an admittedly short and half-hearted googling was a 5-port w/linux on flash from AMCC. - Bert
Re: bcw(4) is gone
On Thu, 2007-04-05 at 13:16 -0600, Diana Eichert wrote: and info why here, http://thread.gmane.org/gmane.linux.kernel.wireless.general/1558/ With apologies to everyone for off-color language... What a bunch of douches.
Re: Saving memory on small machines
On Thu, 2007-03-22 at 11:11 +, David Given wrote: I have a machine with 48MB of RAM that I want to use as a server. The OpenBSD kernel is a bit over 5MB. I assume that gets loaded into memory and is not swappable, giving me 43MB left, which isn't a lot. Is it worth recompiling the kernel to remove support for features I'm not using --- IPv6, say, or the Microchannel bus --- on the principle that reducing the size of the kernel will give more memory for doing other things, and therefore generally speed the system up? Or will not using GENERIC cause more problems than it's worth? And if it is worth recompiling the kernel, can anyone recommend any particularly big features it would be worth taking out? well, you could always compile with the small kernel option (forget the actual #define that needs to be made, but grep is god's gift to everybody).
Re: ctrl+alt+del reboot
On Tue, 2007-03-06 at 23:02 +0800, [EMAIL PROTECTED] wrote: i know about that sysctl.conf i will just uncomment machdep.kbdreset=1 but it will halt the system or in rc.shutdown change powerdown to YES. but what i want is a reboot, not halt or powerdown. Code for allowing a shutdown on ctrl+alt+delete exists. Code for rebooting the system exists. Marrying the two is left as an exercise for the reader. [EMAIL PROTECTED] wrote: guys what file should i need to edit so that if i'm going to press ctrl alt del my box will just reboot? man sysctl man sysctl.conf --- Lars Hansson
OT: parallel programming book recs
Sorry for the OT post, but I wanted to pick the list's hive mind as to any recommendations for solid, in-depth references for parallel programming. College-level textbooks would be preferred. Thanks! - Bert
Re: fd.o HAL support / OpenBSD alternative for NetworkManager
On Fri, 2007-02-09 at 17:39 +0200, Stefan Parviainen wrote: Is there any work going on to get support for the freedesktop.org HAL specification (http://wiki.freedesktop.org/wiki/Software_2fhal)? It seems that there are quite a few programs that would benefit from this. Is there a technical reason why this hasn't been implemented yet, or is the reason simply lack of developers? I realize that the port would probably be fairly difficult to make. The reason I'm asking is that on linux I can use this really wonderful program called NetworkManager which manages network connection (Who would have guessed?). Unfortunately it requires fd.o HAL so using it under OpenBSD is currently impossible. Is there any alternative for OpenBSD which supports network roaming and such? Just a thought, but it may have something to do with this: HAL is licensed to you under your choice of the Academic Free License version 2.1, or the GNU General Public License version 2. Both licenses are included here. Some individual source code files and/or binaries may be under the GPL only or under the LGPG. from COPYING, found at http://gitweb.freedesktop.org/?p=hal.git;a=tree, with (my) emphasis strongly on that last sentence. - Bret -- Stefan Parviainen
Re: No buffer space available with a lot of queueing
On Wed, 2007-01-31 at 15:46 +0100, Federico Giannici wrote: We have a PC with OpenBSD 4.0-stable i386 that we use as a firewall/gateway. It has a lot of HFSC queues. Today we had a flood if traffic and the outgoing interface started to loss packets. If I tried to ping through the outgoing interface the No buffer space available error occurred. When the traffic decreased the error disappeared. What buffer space it is talking about? Is there some parameter (kernel, sysctl, ALTQ, etc...) I can increase to avoid this problem? Running and tuning OpenBSD network servers in a production environment: http://www.openbsd.org/papers/tuning-openbsd.ps may have the info you're looking for. - Bert Thanks.
semi-OT: trunk usage poll
Good morning- Some free time and inspiration last night got me to hack together a shell script for trunk(4) startup. This morning, I realized that I need to have a better understanding of how people use trunk to make it usable by and for the masses. So, if some of the good people of [EMAIL PROTECTED] would be kind enough to reply to me off-list with their trunk setup commands, I would be forever grateful. Thanks. - Bret
Re: carp for one server?
On Tue, 2007-01-09 at 10:12 -0800, John Brahy wrote: I know carp is the way to go to provide address redundancy but I was wondering if it's the best way to do it on one server? I've got two interfaces and I'd like to only use one public ip address. Is carp the way to go or is there a better way? Depending on your setup, trunk(4) in failover mode might be just as useful. -Bert thanks!
Prospective hardware angels
Good afternoon misc@ - A gentleman in the UK and I have decided to pool our resources, and start semi-regularly trolling want.html for items that we can get for the devs. I'm able to do something like $50 US each month (I have no idea how much he's in for; he keeps talking about quid, which, as far as I can tell, is some sort of telepathic space crab). If there are fellow-travelers who are interested in going in with us on this, please don't hesitate to let me know. Please reply only to my email, so that we don't clutter the list with chatter. - Bert
Re: Which tools the OpenBSD developers are using?
Johan P. Lindstrvm wrote: So far, only NetBSD runs on the AK* architecture. Yeah, but it only boots single-user, so it don't count. -- JPL On 11/29/06, Ioan Nemes [EMAIL PROTECTED] wrote: That's the problem, you should use an AK45! Much-much cheaper than the AR-15 (I've been offred one for $US15.00 in Sudan), and is widely available. Ioan Diana Eichert [EMAIL PROTECTED] 11/29 9:58 am I use a soldering iron, dremel tool, sheet metal/plastic nibbler and solder wick. diana PS Then I load my AR-15 to see if I can shoot any holes in my code.
Re: openbsd on cisco hardware?
Jeffrey C. Ollie wrote: On Sun, 2006-11-12 at 20:51 -0600, Jacob Yocom-Piatt wrote: i know this is likely not possible for a number of reasons but i figured i'd ask: are there or have there been any plans to port openbsd to run on cisco hardware? It would only be interesting if you were able to develop drivers for the various line cards. Without these it would be pointless. And I really doubt that Cisco would be nice enough to open up their developer docs so that drivers could be written. Which leads to the obvious question (and one that I've had for a while, but now seems an opportune time to ask) of whether or not there is hardware that is custom-made for, or is well-suited to, the taks of routing network traffic. I'm going to admit my near-total ignorance of the subject, and hope someone with the knowledge is interested enough to answer. - Bret Jeff
MosChip USB to Ethernet/Serial adapters
Any devs in the US/Canada who are going to the upcoming hardware hackathon, please contact me off-list so that I can mail these to you for carting to Europe.
Re: OpenBSD and high availability
knitti wrote: On 8/7/06, Jens Mayer [EMAIL PROTECTED] wrote: While the networking part can be handled by carp, I'm collecting ideas on how to keep the local file systems in synch - especially for ftp users and the mailinglist archives. The synchronization will be done via a dedicated cross coonect cable directly between the boxes. while I would do it with rsync (I know, depends on what you want to do), I don't see any reason why ccd'ing two large nfs-exposed files shouldn't work. But I think this would be more ugly and complicated than rsyncing every x minutes... --knitti der Mouse released something last year that sounds for all the world like it could be modified for use as a good filesystem failover mechanism (obviously, this doesn't help the OP /now/): overview: http://kerneltrap.org/node/5058 download: ftp://ftp.rodents.montreal.qc.ca/mouse/livebackup Although it's based on a client/server architecture, a bit of configuring could probably get it to work in a master/slave environment. - Bret
UltraSparc III possibility in DC
Greetings all - As I posted at undeadly.org, I'm in the DC area, and willing to pony up some of my own cash to get jason@ a Blade 1000 [a]. I've already gotten one solid response, for a grand total of $200 towards the $450 + $50 shipping. Should I get promises of the rest of the needed funds, I'll buy it up and deliver when I receive it. Please contact me at this email off-list, as this email address is not subscribed. Thank you. - Bret [a] http://tinyurl.com/gtymq
Re: OT: opinion on this opinion...
Ted Unangst wrote: On 5/2/06, poncenby [EMAIL PROTECTED] wrote: Taken from http://wiki.noreply.org/noreply/TheOnionRouter/ TorFAQ#ServerAnonymity FreeBSD 4.x, all versions of OpenBSD, and all versions of NetBSD have broken gethostbyname_r() implementations that cause Tor's threads to stomp on each other. So rather than threading on these platforms, we made Tor fork new processes. This means you need way more memory to run a Tor server, especially an exit server. If you want to run a Tor server, we recommend you upgrade to a better OS. i got a flat tire the other day, so now i have to buy a new car. if using fork() really makes it use that much more memory than threading, they've done something terribly weird. Well, they appear to be claiming Linux as a better OS, so god only knows what they've done to their server :)
Re: The Apache Question
Felipe Scarel wrote: Well then, I'll take a look at you suggestion, Joachim, seems reasonable. Too bad most developers actually *prefer* FTP over ssh, so it's going to be difficult to convince them. Well, looks like I'll just have to implement... they'll get used to it anyway =) Talking about the Apache2 port, as soon as I get the grasp of porting software to OpenBSD I'll try to do that, would be quite helpful. Erm... just a lazy question, but lighttpd has support for DAV? From http://www.lighttpd.net/documentation/webdav.html: The WebDAV module is a very minimalistic implementation of RFC 2518. Minimalistic means that not all operations are implemented yet. - Bret
Re: WebTools
Ricardo Lucas wrote: Hello everybody, that's my doubt, what program can I use to monitoring the traffic of my LAN, and display, in a web based, informations such like the most visited site and the PC tha most access the internet outside my intranet ofcourse, and things like these. Good morning - It seems like running a proxy and generating an HTML page from the logs is what you want to do; I haven't had a need to run web proxies, but Squid has a number of scripts that seem to do something similar to what you want: http://www.squid-cache.org/Scripts/ The webalizer, squidalizer, and squidsites scripts seem (without looking too deeply) to most closely match what you seem to want. HTH - Bret Lambert I had installed MRTG and symon, but it's do not feet my necessities. Thank's for your attention -- Ricardo Lucas
Re: Bridge with three IFs
http://www.openbsd.org/faq/pf/tagging.html At the end of that, there's a section titled Tagging Ethernet Frames which tells you how to do what you want. - Bert