Re: Using OpenBSD as a router
If in doubt, beat the Cisco admin about Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Thu, Dec 2, 2010 at 2:19 AM, Geoff Sweet geoff.sw...@wemadeusa.comwrote: Oh for the love of god... ok I am good. OpenBSD works pretty much as it should. Someone loaded damn switch ACL's onto this switch. Off to choke a junior admin to death. -Geoff -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Geoff Sweet Sent: Wednesday, December 01, 2010 3:48 PM To: misc@openbsd.org Subject: Re: Using OpenBSD as a router Oops, sorry I did mean to copy and paste that information in here as well, Bge0 is using a private static IP during testing of this of 192.168.16.223 Subnet1 : 66.150.173.0/26 Subnet2 : 66.150.7.0/25 Subnet3 : 72.2.215.0/24 The interfaces on the OpenBSD box are assigned static IP's at the top of each subnet, so 66.150.173.62, etc. Each host in the subnets are configured to use the OpenBSD interface as it's default gateway. From the 192.168.16 side I can ping a host 66.150.173.20 with no problems. But when I ping a host that is 66.150.7.25, via tcpdump I can see that the ICMP packet hits the 192.168.16 interface, and comes out the 66.150.7 interface, but any packet going back into the 66.150.7 interface just gets lost except for packets destined explicitly for the interface ip 66.150.173.126. In fact tcpdump shows nothing hitting the 66.150.7.126 interface at all if I am pinging a remote host. Output of ifconfig: # ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:d6:9c:04 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet 192.168.16.223 netmask 0xff00 broadcast 192.168.16.255 inet6 fe80::222:19ff:fed6:9c04%bge0 prefixlen 64 scopeid 0x1 bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:d6:9c:05 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::222:19ff:fed6:9c05%bge1 prefixlen 64 scopeid 0x2 enc0: flags=0 priority: 0 groups: enc status: active vlan4091: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:d6:9c:05 priority: 0 vlan: 4091 priority: 0 parent interface: bge1 groups: vlan status: active inet6 fe80::222:19ff:fed6:9c05%vlan4091 prefixlen 64 scopeid 0x5 inet 66.150.7.126 netmask 0xff80 broadcast 66.150.7.127 vlan4092: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:d6:9c:05 priority: 0 vlan: 4092 priority: 0 parent interface: bge1 groups: vlan status: active inet6 fe80::222:19ff:fed6:9c05%vlan4092 prefixlen 64 scopeid 0x6 inet 72.5.215.254 netmask 0xff00 broadcast 72.5.215.255 vlan4093: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:d6:9c:05 priority: 0 vlan: 4093 priority: 0 parent interface: bge1 groups: vlan status: active inet6 fe80::222:19ff:fed6:9c05%vlan4093 prefixlen 64 scopeid 0x7 inet 66.150.173.62 netmask 0xffc0 broadcast 66.150.173.63 -Original Message- From: Ted Unangst [mailto:ted.unan...@gmail.com] Sent: Wednesday, December 01, 2010 2:52 PM To: Geoff Sweet Cc: misc@openbsd.org Subject: Re: Using OpenBSD as a router On Wed, Dec 1, 2010 at 5:41 PM, Geoff Sweet geoff.sw...@wemadeusa.com wrote: I have been googling this issue today and I am finding that I don't quite know enough about what I am doing, and that the terms I am searching for are not returning the results I want. I have need of using OpenBSD as a router temporarily. I have four interfaces. bge0 - my primary interface that will be facing my ISP's border router bge1: +vlan1 - Segment for my subnet1 +vlan2 - Segment for my subnet2 +vlan3 - Segment for my subnet3 So I really only want routing functionality so I thought it was safe to do the following: - Set net.inet.ip.fordwarding=1 - Disabled PF This leaves me in a state where I can ping hosts in vlan1 from the network on bge0. But that's about it. I kinda don't know the right questions to ask here. Googling for routing leads to mostly sites dealing with adding static routes in OpenBSD. So from some of the reading on Faq6, I assumed that enabling forwarding would
Re: Linux or OpenBSD
That I will not argue. BUT that is the risk you take (in my wee opinion) when you run any enterprise aka stable but old and tested from here to next week for backwards compatability OS like RHEL/SUSE Ent./Oracle Ent./AIX/Solaris/yadda yadda yadda The local root exploit in question does not work on my (extremely trimmed down) Linux distro as I make a point of keeping up to date with patches and dont run old or back ported code wherever I can get away with it. I also run signed and encrypted binaries, so that even IF you get root you're rootkit wont work. No shells, not PHP/Perl/Python, binary-BSD-like-init, custom package management system, extremely cut down Glibc (only whats needed - I use readelf a lot lately lol), chroot jails wherever a daemon is NEEDED but as a firewall all I have on there is BIND, DHCPD and SQUID (statically compiled), XML based configuration (for the OS propper, the daemons retain their upstream configuration methodology) that is remotely dropped as an encrypted tarball via SFTP, hardware and software encrypted solid state welded to the board storage, and a bare minimum of drivers compiled into the kernel and modularity expressly forbidden at compile time. And yes I'm paranoid... must be the Pretoria water lol Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Mon, Sep 27, 2010 at 12:10 AM, Brad Tilley b...@16systems.com wrote: On 09/26/2010 04:54 PM, Kevin Chadwick wrote: It's occured to me that I think what Theo suggested was actually about using more than one architecture, which may be a better method over Linux. How many privilege escalation attacks (normal user getting a root shell) has OpenBSD had during the last five years? There have been several of these in the Linux kernel (one just this month). We tested the latest one and it worked against a fully-patched RHEL box that had the SELinux restrictive policy in place. I don't mean this as bashing Linux, just pointing out facts. I think history shows that OpenBSD has a better track record here (if that means anything to anyone). Brad
Re: Linux or OpenBSD
Depends what you want to do exactly I suppose... Personally I use Linux based firewalls for many of my sites purely because the clients in question want deep packet inspection (aka OSI layer 7 filtering) done on the network traffic. But that said they are always the second skin firewalls, sitting behind PF firewalls, filtering outbound traffic while the OpenBSD/FreeBSD boxen filter inbound traffic. Thats just my 5c worth and I've always been of the opinion that at least two different skins of firewalls should be deployed, build ontop of different technologies. Makes life a lot harder for whomever you want to keep out. Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Wed, Sep 22, 2010 at 9:29 PM, Rikky Taylor rikkytay...@hotmail.co.ukwrote: I was after some general advice. I need to setup a routing firewall with 3 interfaces, moderate traffic and a fair amount of NAT'ing in the rules. Given identical modern server hardware would I expect a performance difference between an OpenBSD/PF setup and a Linux/IPTables one? Rikky
Re: Linux or OpenBSD
Indeed, I never said that you CANT do it on OpenBSD,... I just mentioned how I do it... That said though the snort+PF combo though is two tools to do the job where I only need on in the wee Linux distro that I (roll myself) use for firewalls. Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Fri, Sep 24, 2010 at 9:51 PM, R0me0 *** knight@gmail.com wrote: You can to filter layer 7 with snort By example, detect bittorrent and p2p traffic with snort and drop it 2010/9/24 Ross Cameron ross.came...@unix.net Depends what you want to do exactly I suppose... Personally I use Linux based firewalls for many of my sites purely because the clients in question want deep packet inspection (aka OSI layer 7 filtering) done on the network traffic. But that said they are always the second skin firewalls, sitting behind PF firewalls, filtering outbound traffic while the OpenBSD/FreeBSD boxen filter inbound traffic. Thats just my 5c worth and I've always been of the opinion that at least two different skins of firewalls should be deployed, build ontop of different technologies. Makes life a lot harder for whomever you want to keep out. Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures. On Wed, Sep 22, 2010 at 9:29 PM, Rikky Taylor rikkytay...@hotmail.co.uk wrote: I was after some general advice. I need to setup a routing firewall with 3 interfaces, moderate traffic and a fair amount of NAT'ing in the rules. Given identical modern server hardware would I expect a performance difference between an OpenBSD/PF setup and a Linux/IPTables one? Rikky
Re: recent hardware with older OpenBSD versions
On Sun, Mar 21, 2010 at 12:36 PM, T. Valent tmp...@4ss.de wrote: Folks, yes, I appreciate your attempt to help a lot. And I really am on your side if we're talking about normal machines. However, obviously nobody believes me when I say For us there is no reason to update to newer versions of OpenBSD yet. On the contrary, maintenance is a lot easier for us if we try to keep all systems on the same versions for as long as possible. I admit I could have been more precise, but in the end that just doesn't have to do anything with the question, it just explains what reasons I have to not update. So don't let me waffle about why this is so. Just trust me, it is so. When it comes to normal servers, where I still have access via SSH or console, I'm on your side like I said. The machines I'm talking about are not within reach, neither physically, nor is there anything like SHH or any other console to update the kernel and libraries. And they are in larger numbers. Changing the kernel on all these machines gives us no benefit at all on the technical side (because it's already perfect the way it is with 4.3), while it would be a vast amount of work to contact all customers, send them new versions on some HD and make them install that. And off course I'd like to keep as many machines I roll out at the same version, because diversification complicated future maintenance. Don't be afraid of change. :-) I'm not. And you, don't be afraid of believing people who say they have their reasons for doing things differently. However, I perfectly understand why updating is usually a good idea whenever possible. In the end it seems like I have to give up the idea of keeping all installations on the same level, it seems like I have create a complete new platform (new motherboard type and new OpenBSD version) for all new customers, just because I cannot find any compatible motherboard anymore. Thanks anyway! T. Instead of wanting to run older OSs (for whatever reason on newer hardware) why not make sure that you only buy hardware that is a part of a long term stable system image project from XYZ vendor? Now whilst I think running older code is a bad idea in general, it thats what you need to do for whatever reason then stable hardware platforms are what you're looking for. All the systems I deploy are based on the AMD business class system image project and I recently replaced a whole system (bar HDD) with a completely brand new mobo/cpu etc. and NOTHING changed from the OS's perspective. Everything was EXACTLY as it was before, bar a 30%-ish performance increase. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Hardening OpenBSD : Just delete!
Well that depends really. If you dont need something why have it on you're machine? Even if it's not a networked application it may make life easier one someone does crack their way into you're machine. Personally I like to lock things down as much as possible, just because I find that in the long run it makes my life easier. You're mileage may vary, however. On Sun, Mar 14, 2010 at 5:43 PM, Ozgur Kazancci ozgur.kazan...@info.uvt.ro wrote: Hello. Is this a joke? (Removing OpenBSD unnecessary and/or dangerous files) http://geodsoft.com/howto/harden/OpenBSD/remove.txt ( http://geodsoft.com/howto/harden/OpenBSD/remove_files.htm ) -- Ozgur -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Opteron 250 Overheating
On Sun, Mar 14, 2010 at 12:27 AM, Jeff Ross jr...@openvistas.net wrote: Jeff Ross wrote: Henning Brauer wrote: * Jeff Ross jr...@openvistas.net [2010-03-02 16:59]: I bought a replacement supermicro motherboard off fleabay that has dual Opteron 250 @2.4GHz. B The cpus have passive heatsinks, it is in a supermicro 2U chassis with 4 front fans. do you have the air shroud? this plastic thing that forms a tunnel over the heatsinks? it is required. No, the motherboard didn't come with that. B If I can find one will that mean I don't need the active heatsinks? Thanks! As a followup, here's what I have done to try to alleviate this: I bought and installed the plastic air shroud using the passive heatsinks that came with the motherboard. B System still overheats and shuts down within a couple of B minutes. I bought 2 AMD brand active heatsinks, specific to this processor, and installed them. B That meant I had to ditch the plastic air shroud, but the motherboard manual says that active heatsinks are suggested for 2U chassis and the air shroud was only $10. B I also used new heat sink compound when I put everything together. System seems to run okay at idle. but make it work a little--like compiling a kernel or tar-ing up a big file and the temp indicator comes on and sysctl reports temps (on both the kate and lm sensors) finally exceeding 100 degrees C on one processor, with the other is not that far behind at over 80 deg C. At that point the system shuts down. I'm at a loss as what to try next. B If I've read the AMD specs correctly these processors should not exceed 71 deg C but I see temps near that at inear dle. Did I just get a lemon motherboard/CPU combo? B I still have a couple of days on my 30 day exchange if this is the case. I'd get it all swopped out, something's very suspect there. I've got 8 Opteron 250 servers at the office that I regularly pound the heck out of (dist-cc cluster for bulk and repetitive building of software) and the hottest we've ever seen the CPUs go was 42deg. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: 802.11QinQ support
Hi there all Does anyone know off hand if OpenBSD 4.6 or -CURRENT supports 802.1QinQ aka netsted VLans? If so, how do I configure it as I've tried the usual ifconfig vlan? create and tried stipulating that the secondary VLan's parent interface it the primary VLan interface. But this doesn't seem to work :( Regards,... Ross Cameron
Re: 802.11QinQ support
On Wed, Mar 3, 2010 at 7:57 PM, Andrew Fresh and...@afresh1.com wrote: On Wed, Mar 03, 2010 at 06:36:05PM +0200, Ross Cameron wrote: Does anyone know off hand if OpenBSD 4.6 or -CURRENT supports 802.1QinQ aka netsted VLans? If so, how do I configure it as I've tried the usual ifconfig vlan? create and tried stipulating that the secondary VLan's parent interface it the primary VLan interface. But this doesn't seem to work :( I have been able to QinQ. # ifconfig vlan101 vlandev bce0 # ifconfig vlan201 vlandev vlan101 vlan101: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 B B B B vlan: 101 priority: 0 parent interface: bce0 vlan201: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496 B B B B vlan: 201 priority: 0 parent interface: vlan101 A tcpdump when I actually tried it showed the nested vlans although I seem to have lost them. Sweet its working,... Didn't know I could just do a ifconfig vlan name ... Thx for the help!
Re: Latest snapshot doesn't work in Qemu under Fedora 12
On Fri, Feb 12, 2010 at 9:24 PM, Tobias Ulmer tobi...@tmux.org wrote: Uhm, looks seriously off-topic on any mailinglist that ends in @openbsd.org. I hope you reported this to Fedora. On Fri, Feb 12, 2010 at 01:25:11PM +0100, Tomas Bodzar wrote: [ backtrace of crash in hand-rolled Drepper assembly ] Actually less to do with Fedora and more a query for the QEMU project and you're processor manufacturer I think. Seems to be an issue within KVM and and how its trying to use hardware to emulate a machine. A while back I ran OpenBSD without any issues under QEMU and VirtualBox on various recent Linux distros. Only thing is I had countless issues on Intel CPUs and none at all on the AMD CPUs,... seems the Intel virtualization enhancements are a bit behind. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Hard disk errors - OpenBSD reports errors, SMART says all is well.
On Sat, Dec 26, 2009 at 4:31 PM, John O'Connor j...@jpoc.org wrote: Hi, I am getting some strange errors from an openBSD system that I am using as a backup server. I transfer some files onto the system via ftp. (1260 files with a total size of 60G.) The transfer works OK and then I try to check the newly arrived files. The last file in the set is an md5 file of the whole set. I now try: sum -c abc.md5 result.txt I get an error. First, I see a number of IO errors and then finally a message that the file system is full. (It is not.) sum: abc.md5: read error: Input/output error /home2: write failed, file system is full So, I power the system down and then try to reboot. I get the same error and eventually, the system refuses to reboot claiming that one block on the disk cannot be read. I then moved the disk to a Win2K machine and ran a SMART monitor on the drive. The monitor reported that the drive was perfect - no bad sectors and no read errors. What can be going on here? It does not look like a disk error - surely SMART would notice it if it was? It does not look like a hardware error elsewhere in the system - I plugged in another drive and the checksums on that drive all turned out OK. I`m a bit stuck here. Any suggestions welcome. The system is based on a Gigabyte EP35 board and the drive is an almost new Samsung 1.5TB model. It is split into two partitions, first - where I see the error - is 820G and the second is the rest. I have tried ffs and ffs2 with the same result. jpoc Have you considered the upload mode of FTP as a potential cause of errors? Rather tarball.fav compression type the data and up load that, extract and checksum? I've seen similar issues when a mixture of binary and text files were being up loaded to a server in text only mode and the binary files committed suicide most (but not all) of the time. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
On Wed, Dec 9, 2009 at 7:07 PM, Jason Dixon ja...@dixongroup.net wrote: I'm not taking sides, but how exactly are you trying to help? B The few times I've seen you post to misc@ have been to promote your own fork of OpenBSD, or to ask for help in getting your own stuff running. B How exactly does this help the _OpenBSD_project_? COMIXWALL isn't a fork, its just a preinstalled configuration panel for OpenBSD and a collection of nice utilities. And considering (and no offence here) the COMIXWALL developers are enthusiasts not paid professional developers. So where's the harm asking some advice? After all lets face is some of the brightest minds in computer security lurk on this list and code for OpenBSD/OpenSSL. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
This is a VERY sad day :( Personally I managed to convert quite a few people to using OpenBSD by coaxing an interest via COMIXWALL. A grand pity and unfortunately if I were you I'd probably have done the same :( OpenBSD is possibly the cleanest most delightful OS to work on and most definitely the most secure I have worked on but the attitudes of /some/ the core developers leave much to be desired. That said, will I stop using OpenBSD on my edge devices... HELL NO! There just isn't an alternative :( On Wed, Dec 9, 2009 at 6:31 PM, Soner Tari so...@comixwall.org wrote: Due to unexpected reaction from the leader of the OpenBSD project (please read below), I am terminating the ComixWall project. I will keep the project server running until the end of this month. I might resurrect the project in the future with another host OS perhaps. I am going to unsubscribe from this list after posting this last message. He apparently prefers reading messages from 'pricks' (to use his terms) rather than release announcements from people trying to help. Good luck, and goodbye... On Wed, 2009-12-09 at 09:04 -0700, Theo de Raadt wrote: On Wed, 2009-12-09 at 14:03 +0200, Soner Tari wrote: On Wed, 2009-12-09 at 10:29 +0200, Soner Tari wrote: On Tue, 2009-12-08 at 23:46 -0700, Theo de Raadt wrote: Don't you dare post that that to our lists again. I don't understand, what's the problem? If you think that I am making money out of ComixWall, you are completely wrong. I have not made a penny out of it, ever (this is just a homemade project by an OpenBSD enthusiast). In fact, I was doing this to help uninitiated people use OpenBSD, instead of something else. Is it so hard to believe? I can't believe what you just said... If you don't tell me that you were just joking, I have decided to terminate the ComixWall project. Given that my sole purpose was to help promote the use of OpenBSD, I will feel stupid continuing with this project while I am not even allowed to post its release announcements to the OpenBSD mailing lists. Take your advertisements OFF OUR LISTS -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: http://www.theregister.co.uk/2009/11/03/linux_kernel_vulnerability
On Wed, Nov 4, 2009 at 5:54 PM, Theo de Raadt dera...@cvs.openbsd.org wrote: For the record, this particular problem was resolved in OpenBSD a while back, in 2008. Nice, but: Since 2.6.23, it has been possible to prevent applications from mapping low pages (to prevent null pointer dereferencing in the kernel) via the /proc/sys/vm/mmap_min_addr sysctl, which sets the minimum address allowed for such mappings. 2.6.23 released: B Tue, 9 Oct 2007 Ref: http://lkml.org/lkml/2007/10/9/241 http://james-morris.livejournal.com/26303.html And that knob was turned off. Actually no it was turned on. Fedora 8 was released in Nov 2007 and to run certain Wine applications as non-root you had to disable the vm.mmap_min_addr sysctl. By default it was set to a value of 65536 and you had to change this to 0. This is well documented all over the Wine forums. I know because this drove me up the bend when they introduced this patch. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: What VM does OpenBSD run well under
OpenBSD 4.6 i386 seems quite happy in VirtualBox 3.0.10 r54097 (Fedora 11 i686 as a host). No funnies at all, just boot the cd46.iso image and ftp install and no issues whatsoever (SMP and non-SMP VMs). 2009/11/1 TomC!E! BodEC!r tomas.bod...@gmail.com: After reading this http://www.openbsd.org/cgi-bin/man.cgi?query=mpbiosapropos=0sektion=0manpa th=OpenBSD+Currentarch=i386format=html I must say that for me it means that if you have crappy HW (in this case KVM) then you can encounter problems. On Sun, Nov 1, 2009 at 4:29 AM, Chris Dukes pak...@pr.neotoma.org wrote: On Sat, Oct 31, 2009 at 05:50:57PM -0600, Theo de Raadt wrote: OpenBSD 4.5+ works if mpbios is disabled, more info here: http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04 OpenBSD 4.5 works on 99.9% of PCs out there with mpbios enabled, so KVM must have a really stupid bug. Something about the mpbios implementation on OpenBSD does not seem right as disabling with 'bsd -c' does not have the same result as building a kernel with mpbios0 disabled in the config. B That and your 99.9% comment lead me to believe there is a bug in OpenBSD. Given 1) Per mpbios.c ACPI and a useable MPBIOS appear to be mutually exclusive 2) New PCs are shipping with ACPI instead of APM 3) GENERIC with mpbios enabled breaks on 0.1% of PCs. I'm at a bit of a loss as to why mpbios is still enabled in GENERIC. My memory of the brief discussion on the KVM mailing list was that KVM/QEMU emulation of one of the instructions executed by going through the mpbios code was mishandled. B If you'd like me to find the relevant thread and forward it on to the mpbios maintainer, I'll gladly do so. Now to pragmatic considerations. I understand and appreciate your mistrust of running OpenBSD under a virtual machine emulator. But there are folks like me that find it useful to be able to hold a dog and pony show for a network and cluster design on a laptop rather than an anvil case of laptops, switches, and routers. -- Chris Dukes -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Questions for OpenBGPd Developers
On Tue, Oct 13, 2009 at 3:13 PM, Marc Espie es...@nerim.net wrote: On Mon, Oct 12, 2009 at 05:50:58PM -0700, Barry Friedman wrote: Hi, thanks everyone for the information, this helps give me an idea of the scope and effort involved in getting OpenBGPd onto Linux. I'll look at the OpenSSH project to see how the portability is added without cluttering up the OpenBSD code. Also I am sorry, I did not mean to imply that OpenBGPd is not in a source control system or released frequently. I was referring to the quick and dirty Linux port I mentioned which is just in tarball form. Kudos to those who did that porting work because it allows Linux users to at least play around with OpenBGPd a bit but I was just trying to see if there was a more organized and source-controlled effort yet to work on OpenBGPd porting to non-BSD systems. I don't see the point in porting this to linux. Why settle for second-best ? Uhm perhaps to provide a better OSPF and BGP implementation to the for an OS that is the OS of choice of millions of users and thousands of corporations? -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Questions for OpenBGPd Developers
On Tue, Oct 13, 2009 at 4:41 PM, Igor Sobrado igor.sobr...@gmail.comwrote: On Tue, Oct 13, 2009 at 4:12 PM, Ross Cameron abal...@gmail.com wrote: Uhm perhaps to provide a better OSPF and BGP implementation to the for an OS that is the OS of choice of millions of users and thousands of corporations? users and corporations should learn how to choose the operating systems that best fit their needs instead of choosing the coolest operating system of the day and adapt it to match their real needs. requirements come first, then you can choose the best tools to get that work done, not the reverse. why is it so difficult to understand? More often than not there are more reasons than the purely technical motivations for different tools/technologies being used. Either way this is becoming an off topic OS flame war, personally I see a portability layer for OpenBGP (as with the portability layer for OpenSSH) as being a good thing. It doesn't taint the OpenBSD sources and those that have a need to use it on X platform can. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: VirtualBox2.2+OpenBSD4.4 (fail)
On Wed, Oct 7, 2009 at 4:57 PM, L. V. Lammert l...@omnitec.net wrote: At 03:27 PM 10/7/2009 +0100, Peter Kay - Syllopsium wrote: From: L. V. Lammert l...@omnitec.net On Wed, 7 Oct 2009, Peter Kay - Syllopsium wrote: It's VirtualBox - looks like it's still crap. VMWare works fine, so does qemu. As does VirtualBox with proper hardware support (AMD64 Socket AM2), .. though we do not use X on VMx. Are you seriously saying VirtualBox is a viable option by specifying one hardware platform? I don't see why AMD64 really helps, or AM2 for that matter - some AMD platforms have iommu but that shouldn't be relevant either. No, I am reinforcing two complementary points: 1) Hardware support is required to run OBSD on VirtualBox, and it runs on AMD64AM2; 2) Virtualbox can be used as a host for OBSD with AMD64AM2. Sorry, thought that would have been obvious. Nothing more, nothing less. Lee I am using VirtualBox 3.0.8 on OS X and the following OSs run better than they do in VMware Server on an identical laptop running RHEL. FreeBSD 6.2-7.2 OpenBSD 4.3-4.5 RHEL 4-5.4 Windows 2003 and XP -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: Defending OpenBSD Performance
On 15/09/2009, Henning Brauer lists-open...@bsws.de wrote: i have a bgp machine forwarding 800MBit/s of real world generic internet traffic. can handle at least twice that. enough of a benchmark? Any chance you could post the spec. of said machine? I'd especially be interested in CPU/Chipset/NICs/RAM,... Many thanks,... -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
OpenBSD ppp and NAS-Port attribute
Hi there all I'm expecting this to be in a manpage somewhere but I cant find it (Google-foo not being good it seems today) so please bear with be if I'm being a bit daft here. What I've setup is a PPPoE concentrator (OpenBSD/i386 4.5-GENERIC as a host OS) with a FreeRADIUS+MySQL backend and for some reason ppp isnt passing the NAS-Port parameter to FreeRADIUS in the Access-Request packet. I am however happily receiving the NAS-IP-Address, NAS-Identifier, NAS-Port-Type parameters. As a result of this radwho and radlast aren't working :( Anyone know where I've gone wrong? What config files would be useful to anyone wishing to help me in this case? Many thanks,... Ross Cameron
Re: systrace
On Wed, Jul 15, 2009 at 9:21 AM, Anton Karpovtoxah...@gmail.com wrote: According to Provos's blog, http://www.provos.org/index.php?/archives/34-Evading-System-Sandbox-Containme nt.html The initial prototype of Systrace as described in the paper avoided this problem by using a look-aside buffer in the kernel. This imposes a slight performance penalty but I hope that this obvious solution is going to be included in the OpenBSD and NetBSD kernel soon. But we have no idea about was this solution included into OpenBSD sources tree or not... Anyone got any thoughts on how hard implimenting said look aside buffer would be? Id love to do it myself but Ive not spent much time poking around in oBSD kernel land. They were not identified there. B They were documented in the manual page right from the start. Forgot to check there sorry, had a lazy moment. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: systrace
I've just been pondering,... were the systrace issues identified with in: http://it.slashdot.org/it/07/08/09/138224.shtml ever delt with and corrected? If so where can I find some more info on the fixes made? Many thanks...
Re: OpenBSD ESXi VMware image on Soekris Net5501
When you've got something to start with job it up on Sourceforge and pop us a message on this list. Maybe some of us have a use for the same application and will want to help. On Fri, May 22, 2009 at 8:05 PM, Obiozor Okeke obiozorok...@yahoo.comwrote: Thanks Ross/Ed, yes we're going to dump the custom Windows app and use an open source solution using Samba's file share capability (with Samba running on OBSD of course :). --- On Fri, 5/22/09, Ross Cameron abal...@gmail.com wrote: From: Ross Cameron abal...@gmail.com Subject: Re: OpenBSD ESXi VMware image on Soekris Net5501 To: Ed Ahlsen-Girard eagir...@cox.net Cc: misc@openbsd.org Date: Friday, May 22, 2009, 9:05 AM On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard eagir...@cox.net wrote: On 2009-05-22 Ross Cameron wrote: Certainly the hardware chosen isnt anywhere NEAR potent enough,... and u're leaving ure whole configuration open for attack via the ESXi sub layer. Why not just port the custom app to OpenBSD and run the configuration natively on the hardware? There are apps on Windows for which porting to OpenBSD would be roughly equivalent to porting to NetWare Virtual Loadable Module. Maybe he doesn't mind doing it all over from scratch, but that's about what it might turn out to be. True but then again I generally find that rewriting and targeting the code for portability and re-use is worth the efforts in the long run. Painting you're self into a corner with regards to coding standards/languages/host OS are generally just a headache waiting to happen in the years to come. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: OpenBSD ESXi VMware image on Soekris Net5501
On Thu, May 21, 2009 at 6:53 PM, obiozorok...@yahoo.com wrote: Well I'm certainly no expert in all this and I'm happy to be corrected before I make any more mistakes with my configuration. Man am I glad I put this post out because I'm getting such great feedback! I'll have to re-think this but I honestly thought (I guess I'm wrong) that if I my first OpenBSD VM image running on ESXi as my strong firewall I would be ok. Basically its just a virtualization of my physical environment but all on one box with 3 VM images. So my idea was to have second OpenBSD image (not the firewall OpenBSD image) running with Samba as my Domain Controller and File server, and Email server and then the third Windows VM running just the custom app. I figured that as long as all the 'Net traffic hit my first OpenBSD VM and was properly filtered and controlled by pf, spam greylisting, brute force checked, etc I would be ok? No? Certainly the hardware chosen isnt anywhere NEAR potent enough,... and u're leaving ure whole configuration open for attack via the ESXi sub layer. Why not just port the custom app to OpenBSD and run the configuration natively on the hardware?
Re: OpenBSD ESXi VMware image on Soekris Net5501
On Fri, May 22, 2009 at 5:56 PM, Ed Ahlsen-Girard eagir...@cox.net wrote: On 2009-05-22 Ross Cameron wrote: Certainly the hardware chosen isnt anywhere NEAR potent enough,... and u're leaving ure whole configuration open for attack via the ESXi sub layer. Why not just port the custom app to OpenBSD and run the configuration natively on the hardware? There are apps on Windows for which porting to OpenBSD would be roughly equivalent to porting to NetWare Virtual Loadable Module. Maybe he doesn't mind doing it all over from scratch, but that's about what it might turn out to be. True but then again I generally find that rewriting and targeting the code for portability and re-use is worth the efforts in the long run. Painting you're self into a corner with regards to coding standards/languages/host OS are generally just a headache waiting to happen in the years to come.
Re: OpenVPN destroys tun
On Wed, May 6, 2009 at 10:38 PM, Giancarlo Razzolini linux-...@onda.com.brwrote: Well, i wasn't OT with my reply. And i use openvpn from the beginning of the project, even made a plugin for it. So i know i little of it. My suggestion was to avoid what you might be already suspecting. You will have to mess with openvpn code and recompile it to do what you want. The solution i suggested is a viable one, even if already have queueing policies on that interface. It'll only require a little adaptation on your altq rules. I guess you won't get far with an attitude like that, being rude with people that are trying to help you. That said, you might want to take a look at openvpn source code, mainly tun.c and tun.h files. I'm with Giancarlo here,... I use OpenVPN extensively (not on OpenBSD admittedly - my own embedded BSD variant). And the man knows what he's talking about when it comes to OpenVPN. Really man IF you want help don't douche on the guys trying to help you. An attitude like that deserves a response akin to Use the source Luke and no more. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: European orders
On Tue, Mar 31, 2009 at 5:18 PM, Daniel Seuffert i...@praxis123.de wrote: I don't care what you do for a living. If it's not enough get a job and work like anybody else. Not wanting to fan the flames anymore than has been done,... but uhm OpenBSD is Theo's job! Ok maybe (nor sure) not directly,... but its what he gets money for. And its for him to decide whether he goes job hunting,... not us. -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: European orders
+1 On Tue, Mar 31, 2009 at 6:17 PM, David Schulz mailingli...@pg-sec.comwrote: best statement so far.. On Wed, Apr 01, 2009 at 01:08:14AM +1000, michael enoma aghayere wrote: There is a saying where i am from: When two elephants fight, it is the grass that suffers. People, let us allow Theo and kd85.com settle their differences without us fanning the flames. With time, even this will pass. -- ~michael www.BSDqed.com -- -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: European orders
On Tue, Mar 31, 2009 at 1:37 AM, Richard Ben Aleya richard.benal...@gmail.com wrote: We do not want to purchase CDs to pay the salary of an American guy who does not respect European citizens. Now we know the man you are. I think officially he's Canadian now,... origionally South African. And his nationality really has nothing to do with it mate. On another note,... Theo if you're ever in Pretoria again I'd love to buy you a beer! (Seeing as that came up earlier lol) -- Opportunity is most often missed by people because it is dressed in overalls and looks like work. Thomas Alva Edison Inventor of 1093 patents, including: The light bulb, phonogram and motion pictures.
Re: European orders
On Wed, Mar 25, 2009 at 4:51 PM, frantisek holop min...@obiit.org wrote: Theo has made some serious allegations and i hope he has evidence to back it up. Theo may be many things,... but a liar I have never found him to be.
Re: Research for a Software Security paper
On Thu, Nov 20, 2008 at 11:44 AM, Janne Johansson [EMAIL PROTECTED] wrote: You said twice above that you read all materials and couldn't figure out if the code is always available or have periodic releases? Booo. ) ( (( ( ) () @@ ) (( ( ( ( )( @@ ( )) ) ( (( ( ()( /---\ (()( ( ___) ) )(@ !O O! )@@ ( ) ) ) ) ) ( ( )( ()@ \ o / (@ ( ()( ) /--| |( o| ( ) ) ((@@(@@ !o! (@)() ( | \___| ) ( @)@@)@ /---\-/---\ )@()( ) | /-+()@@@( // /-\ \\ @@@)@( . | |\ =__/|@(@@@ // @ /---\ @ \\ @(@@@(@@@ . . | \ \\=--\|@ O @@@ /-\ @@@ O @@(@@)@@ @ . | \ \+--\-))) @@ !! % !! @@)@@@ .. . | |\__|_)))/ .@@ !! @@ /---\ @@ !! @@(@@@ @ . . \__== *.@@ /MM /\O O/\ MM\ @@@. . | |-\ \ ( . @ !!! !! \-/ !! !!! @ . | | \ \ ) . . !! !! .(. @. .. . | | \ \(/ .( . \)). ( |O )( O! . ) . | | / / ) ( )). (( .) !! ((( !! @@ (. ((. . . | | / / () )) )) .( ( ( ) ). ( !! )( !! ) (( )) .. | |_ / ( ) ( ( ) ) (( ) )).) ((/ | ( | \( )) ((. ). _\\__\__(___)_))_((_())__(_(___.oooO_Oooo.(_(_)_)((_
Re: OpenBSD 4.4 installation error: write failed; file system full
On Tue, Nov 4, 2008 at 12:32 PM, Chris [EMAIL PROTECTED] wrote: I've download and burned the 4.4 ISO from a local mirror and trying to upgrade from 4.3 to 4.4 on i386. After the installer does the fsck -fp, I get the following error: uid 0 on /: file system full /: write failed; file system full cp: /tmp/hosts: No space left on device I've also tried the 4.3 base CD and I get the same error. This has never happened before. Is there something I'm doing wrong? Yes! Here's my df -h output: /dev/rd0a 1.7M 1.7M 38.5k 98% / Here's you're problem,... you're trying to install a whole OS onto a 1,7MB partition.
Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?
On Tue, Oct 28, 2008 at 9:33 AM, Neko [EMAIL PROTECTED] wrote: WO obviously you read what you want to read, i have being using openbsd since 2.6 and contributing, so please read before posting. What did you contribute? Code and commentary (wish lists) are NOT the same thing. ihave being wanted this request since 3.7. Have you tried to hack in FreeBSD's FUSE and NTFS-3G yourself? If you have what errors are you having? People are more likely to help if you're showing some efforts yourself. /* As a matter of curiosity why in the name of all that is good in the universe are you interested in using NTFS anyways? It is by NO means a common denominator when it comest to the varied scope of OSs available on the planet. */ nothing has being done, allthou a project like backtrack, released it in their first month of deployment. Uhm Backtrack is a GNU/Linux system, implementing FUSE/NTFS-3G on it is a doddle 'cause uhm oh yes the code was originally written on that tool chain. a computer is a lock , code is the key, and for some reason your saying some keys shouldnt be used but are used. Some projects take licensing very seriously for a good reason, they have a moral/philosophical reason for not including GPL code in OpenBSD-base. One of the reason's that for some of my projects I choose OpenBSD is this moral stand point. Other's are less strict about this, I stand corrected but I think that FreeBSD is more lax about this (only until a suitable replacement code piece is found). you getting digital dusted here, im suggesting and your flaming back to either get the f out or got to microsoft You are guilty of the flaming sin yourself, heal thy self physician. YOU HAVE SERIOUS TROLLING ISSUES See above comment. thanks for everything leaveing you for tech for good Changing mailing lists without changing attitude will land you up with the same problems. I'm under correction but I think a LOT of the people on the MISC list are probably also on TECH. I KNEW BUT NOW I KNOW WHY THEO NEVER READS MISC Hey actually does read this list, and answers too sometimes (mostly brief BUT hey it is him at least).
Re: Modern operating systems are flawed by design, including OpenBSD.
On Thu, Oct 23, 2008 at 12:54 PM, mak maxie [EMAIL PROTECTED] wrote: http://www.computerworld.com.au/index.php?id=264209080rid=-219 Microsoft Windows is the only operating that supports signed binaries. Uhm WRONG, my embedded Linux distro's that I build for my clients only run signed binaries. There is NO SUPPORT in them for unsigned binaries of any kind.
Re: Porting driver from Linux
Im afraid that you're going to have to re-write the driver from scratch (without being inspired by the GPLed one) the OpenBSD kernel developers wont include GPLed code into the core of the OS. Are you 100% sure that the driver doesn't already exist in -current? What piece of hardware is this? On Sun, Oct 19, 2008 at 11:19 AM, Maciej Piechotka [EMAIL PROTECTED] wrote: I'd like to port a driver from Linux and/or write it from scratch. 1. How hard is it? It would be my first touch with kernel programming (well - may be except Hello World modules). 2. Is it anything I have to know (except C, APIs and GPL-license)? Best regards -- I've probably left my head... somewhere. Please wait untill I find it. Homepage (pl_PL): http://uzytkownik.jogger.pl/ (GNU/)Linux User: #425935 (see http://counter.li.org/)
Re: recommendation for router (COMMELL)
On Wed, Sep 17, 2008 at 3:33 AM, Juan Miscaro [EMAIL PROTECTED] wrote: Has anyone any experience running OpenBSD on this puppy: http://www.commell-sys.com/Product/IPC/EMB-564.htm Personally I've found that 2,5 disks last longer in the iBase FWA-7304 http://www.ibasetechnology.net/fwa7304.html Something about how they're uses the case to dissipate the heat generated by the CPU seems kinder on the HDD.
Re: stupid suggestion
On Fri, Sep 12, 2008 at 10:15 PM, Joseph A Borg [EMAIL PROTECTED] wrote: can you people start treating mass storage like network security? I think it's becoming the next weak spot with the current changes in hard-disk densities, cheap, easily accessible solutions and hot-swap sata drives Dude if you're expecting stuff for free ask more politely! If you want to have a bad attitude write the code your self, submit a patch to earn the right to be a pompous prick.
Re: Patching a SSH 'Weakness'
On Thu, Sep 11, 2008 at 10:42 AM, Andreas Kahari [EMAIL PROTECTED]wrote: I'd like to see what I'm typing, as I'm typing it, in my interactive SSH session. Use local echo instead of remote echo then? Reduces chattiness on the link too.
Re: Little update to authpf
On Thu, Sep 11, 2008 at 2:09 PM, Rafal Bisingier [EMAIL PROTECTED]wrote: Below is a patch which change current behavior, so that the message is searched first in the /etc/authpf/USER dir, and if it's not found Would/etc/authpf/authpf.USER.messagenot be better? Sample change if (asprintf(fn, %s/authpf.%s.message, PATH_USER_DIR, luser) == -1) print_message(PATH_MESSAGE); else print_message(fn); Sample change Please bear in mind that I can at best read C so the above is probably wrong.
Re: 3G Mini PCI Express recommendations
On Fri, Jul 18, 2008 at 3:26 PM, Maxim Belooussov [EMAIL PROTECTED] wrote: Hi, I'll want to build a small device with 3G + wlan. The ALIX 6b2 seems to be a good candidate for it. It has 1 mini pci express and 1 mini pci interfaces. I sought the archives and already found OpenBSD compatible mini pci Wireless devices but I didn't found references for mini-pcie 3G cards. Does someone here already play with such devices ? Lenovo Thinkpad X300 has been reported to support mini-pcie sierra hsdpa cards: umsm0 at uhub5 port 1 configuration 1 interface 0 Sierra Wireless, I have one as well, but haven't tried yet under OpenBSD. Maxim Belooussov On a slight aside,... anyone come across a mini-PCI xDSL card? I really really could do with finding a supplier of those puppies! -- Fran Lebowitz - Food is an important part of a balanced diet.
Re: 3g Modem
2008/6/30 sonjaya [EMAIL PROTECTED]: Dear all I'm looking modem 3G ( hsdpa,usb ) compatible for openbsd 4.3 ? thank's Here here I'm looking for the same thing but in PCMCIA format if possible. -- Ronald Reagan - Recession is when a neighbour loses his job. Depression is when you lose yours.
Re: Realtek 8185 wireless
I'd get a replacement and if you can afford it,... submit a hardware sample fo one of the dev's that like playing with wireless drivers. Personally I'm lucky all my hardware works (spend a fair bit of time making sure of that though) so I haven't come across something I need to submit hardware for a driver for. On Fri, Jun 13, 2008 at 4:55 PM, Antti Harri [EMAIL PROTECTED] wrote: Hi, I just bought Realtek 8185 which won't work. I found some mailinglist threads about it not being supported [1]. My question is: will they ever be or shall I just get a replacement? [1] http://marc.info/?l=openbsd-miscm=121167375211277w=2 -- Antti Harri
Re: OpenBSD 4.2 guest on Linux Host, run problem
This appears to be a qemu error and is probably best posted on the qemu-users mailing list. On Mon, Jun 9, 2008 at 2:13 PM, Boril Boyanov [EMAIL PROTECTED] wrote: Hi there, I found out that you have tested successfully OpenBSD 4.2 guest on qemu Linux, I have problems running OpenBSD 4.2 on Linux qemu and i have attached the result in this letter. Can you help me? Thank you in advance for your time. [EMAIL PROTECTED] virt]# ./run.sh Could not open '/dev/kqemu' - QEMU acceleration layer not activated: No such file or directory qemu: fatal: triple fault EAX=d083d000 EBX=0083f000 ECX= EDX=d08ff000 ESI=0083d000 EDI=008ff000 EBP= ESP= EIP=d0338bee EFL=0002 [---] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0010 00cf9300 CS =0008 00cf9f00 SS =0010 00cf9300 DS =0010 00cf9300 FS = GS = LDT= 8000 TR = 8000 GDT= 000439f8 0027 IDT= 00043760 027f CR0=e03f CR2=000437a0 CR3=0083f000 CR4= CCS=0030 CCD=d083ef64 CCO=SUBL FCW=037f FSW= [ST=0] FTW=00 MXCSR=1f80 FPR0= FPR1= FPR2= FPR3= FPR4= FPR5= FPR6= FPR7= XMM00= XMM01= XMM02= XMM03= XMM04= XMM05= XMM06= XMM07= ./run.sh: line 3: 4776 Aborted qemu -m 256 ./openbsd42.img -net nic,vlan=0 -net user,vlan=0,hostname=foo
Debian libssl security (Cause???)
Anyone got any thoughts on what the Debian project has been doing to OpenSSL to have caused this in the first place?
Re: Debian libssl security (Cause???)
Mmm this isn't the first time I've heard of bogus reports from Valgrind. How does one politely inform the Debian project to not trust it explicitly and to human audit anything it flags? On Fri, May 16, 2008 at 1:41 PM, Otto Moerbeek [EMAIL PROTECTED] wrote: On Fri, May 16, 2008 at 01:31:54PM +0200, Ross Cameron wrote: Anyone got any thoughts on what the Debian project has been doing to OpenSSL to have caused this in the first place? yes, read the stuff posted earlier, it contains all relevant links. To summarize, to silence a bogus valgrind warning, almost all seeding of the PRNG used by openssl was removed. -Otto
Re: How to HIDE OpenBSD as user-agent?
Sorry about the previous cross post,... sorry been working 37hours straight and forgot to check.
Re: How to HIDE OpenBSD as user-agent?
This is an obscurity hack and an all round bad idea. If you REALLY must do this (dunno why) enjoy hacking the code of anything you find on you're box that can be used as a network client. Have fun :D On Tue, Apr 29, 2008 at 2:18 PM, macintoshzoom [EMAIL PROTECTED] wrote: How to HIDE OpenBSD as user-agent? For security reasons it is sometimes interesting to hide GLOBALLLY th O.S. you are running on AGAINST GIVING ANY CLUE TO HACKERS ABOUT HOW TO ATTACK YOU. Not only browsing but globally. Thanks for any tip about this. -- I have heard there are troubles of more than one kind. Some come from ahead and some from behind. But I've bought a big bat. I'm all ready you see. Now my troubles are going to have toubles with me! -- Dr. Seuss
Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)
On Sat, Mar 29, 2008 at 9:21 PM, Jacob Meuser [EMAIL PROTECTED] wrote: On Sat, Mar 29, 2008 at 12:58:40PM -0400, Douglas A. Tutty wrote: On Sat, Mar 29, 2008 at 11:00:01AM +0200, Lars Nood??n wrote: ... using the GENERIC kernel ... 2) One thing that may not be visible enough is that config(8) can be used to modify kernel parameters without needing to recompile. That gives you a fair amount of customization without deviating from the GENERIC configuration. It is possible to make modifications to the currently running kernel as well as to save these changes in the form of a new kernel binary so that the changes stay even after system restarts. One thing I'm not clear on: if the only issue is kernel size based on having an old box with low memory, where every MB counts, does deactivating unnecessary drivers with config actually result in a smaller kernel or just a kernel with deactivated drivers? Shrinking the kernel would be the only reason I would have of touching the kernel as I'm not into trying out experimental features. It would be too bad if config doesn't do this. if your machine is low enough on ram that you would even consider recompiling a kernel, just to save ram, it's time to retire the machine. I'd disagree VERY strongly there,... there are LOTS of low spec (yet industrial tolerance) hardware appliances out there (and I spend almost my entire live working on this kind of hardware. The malleability and source availability of the free UNIX-like systems is what allows one to use these platforms in the first place. Imagine trying to get Microsoft or Sun to produce an OS for you that runs on a 486dx100?
Re: configuring the GENERIC kernel (was Re: Issue compiling a program on OpenBSD)
On Sun, Mar 30, 2008 at 9:26 PM, Jacob Meuser [EMAIL PROTECTED] wrote: you say, config makes me boot faster. so then people go and config their kernel, and then we get problem reports about broken kernels. that's fine if you want to go break your machines. don't try telling others to do the same. I disagree,... this form of knowledge sharing amongst more advanced users of any OS should be encouraged. Perhaps there is merit in it in a wider context,... we wont know unless such things are discussed and debated. Simply poh pohing it out of hand without wider discussion throughout the user base is foolish at best.
Re: Issue compiling a program on OpenBSD
I asked a perfectly valid question about whether or not that error I'm getting is due to that function call being GNU only and therefor being missing from the OpenBSD libc, now can someone answer that? I do NOT want to to tarnish all OpenBSD users with this brush I used below with my response to Girish, I've included it for interests sake in case anyone wants to read it. I do NOT want to start a flame war I just want a question answered and to be really honest I would still like to use OpenBGP. = Pointless flame to an idiot, please ignore unless you want a laugh = On Fri, Mar 28, 2008 at 12:20 AM, Girish Venkatachalam [EMAIL PROTECTED] wrote: Please don't insult OpenBSD by comparing with linux. ;) It's a UNIX-like system is it not? Therefor comparisons are valid, much like Linux vs. Solaris comparisons are valid. Have you ever seen the source code of OpenBSD kernel? Yes, I have worked extensively with various BSD Net/2 derived kernels. As I mentioned earlier the embedded UNIX industry has been my employer for 10years already. Have you considered how the kernel build system is organized? Yes I have and I have a good reason for finding the system inappropriate for my intended deployment platform. Have you seen the linux kernel source? Yes and I've had issues with it and spent a lot of time rewriting memory management routines to better suit my uses. BUT I've received neigh endless support and advice from Linux and his team. And oh by the way OpenBSD is not a kernel, it is an operating system and many people still dunno the difference between the two. I'm quite well aware of that,... however its mainly only the kernel I'm interested in,... I'm quite willing to build and support my own user land. Another thing you could do is take a look at crunchgen(1). # cd /usr/src/distrib/crunch # make # make install I have used crunchgen before with my tiny NetBSD systems. However there is only so much that crunchgen can do if the source system is bloated up with binaries that I will never be using. It is only because linux kernel is so modular (laugh) that people want to build their own kernel. And to tell you honestly I still dunno how to compile and install a linux kernel. And it varies between distros to make things worse. Just blindly using the GENERIC kernel on you're OpenBSD install CD (you did buy one right) is daft. My home firewall has a very cut down kernel on it that only includes what I want in it. Why bloat it with drivers/etc I don't need? Yes my home firewall is an OpenBSD-current box,... I think thats going to go back to being NetBSD-current at this rate :( And it is easier to compile an OpenBSD kernel than to compile a linux userland app. ./configure make make install Unfamiliar to you then? Same process as crunchgen if I recall. Please don't retrofit OpenBSD to fit into the linux mould. It is unfortunate that such garbage like linux is so popular. M funny haven't seen any *BSD phones yet, or Oracle/Sybase IQ for BSD yet. It's popular because of two things,... people are willing to work together (unlike the OpenBSD people it seems) and its malleable to an incredible extent. I guess people do not read the kernel source. Oh I do and its precisely because I liked it that I'm considering using OpenBSD for this project. But the world always had more fools than smart people... Arrogance like this is PRECISELY why I'm going to go back to the NetBSD/Linux camps. I was hoping that the stories about OpenBSD users (such as yourself) being arrogant pompous pricks were wrong! Quess what,... they are NOT. Oh and for the record I'm neither a Linux nor OpenBSD fanboy. Actually some of my clients have me working on and maintaining systems based on OpenSolaris,... so my preference as to which groups I work with is based on the people involved in the project and the ethics of the group. I am really a fan of the public image of OpenBSD's adherence to BSD license values, proactive security practices etc. But you know what,... thats all PR! Cause after my first email to an OpenBSD list I want to erase the thought of ever working with the system again.
Issue compiling a program on OpenBSD
Hi there all,... I used to maintain a small semi-embedded GNU/Linux system at my previous employer and I really enjoyed that. But now I'd like to try my had at building a dedicated OSPF/BGP route/firewall appliance based on OpenBSD. I have a particular liking for the pkgutils package manager written by Per Linden and would like to build my own OpenBSD using this package manager (yeah I'm bored). 'Cept I'm having an issue compiling it,... I've installed OpenBSD 4.2-release with no updates as yet (I'm behind an ISA proxy :( and they block just about the whole planet lol) On top of that I've installed: gmake-3.80p1.tgz libiconv-1.9.2p3.tgz gettext-0.14.6p0.tgz And installed libarchive-2.4.14 from source (couldn't find a binary package) When I try compile the package (pkgutils-5.32.0) I get the following output: # gmake g++ -DNDEBUG -O2 -Wall -pedantic -D_GNU_SOURCE -DVERSION=\5.32.0\ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -MM main.cc pkgutil.cc pkgadd.cc pkgrm.cc pkginfo.cc .depend g++ -DNDEBUG -O2 -Wall -pedantic -D_GNU_SOURCE -DVERSION=\5.32.0\ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -c -o main.o main.cc g++ -DNDEBUG -O2 -Wall -pedantic -D_GNU_SOURCE -DVERSION=\5.32.0\ -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -c -o pkgutil.o pkgutil.cc pkgutil.cc: In member function `void pkgutil::db_open(const std::string)': pkgutil.cc:75: error: no matching function for call to ` __gnu_cxx::stdio_filebufchar, std::char_traitschar ::stdio_filebuf(int, const std::_Ios_Openmode, int)' /usr/include/g++/ext/stdio_filebuf.h:53: error: candidates are: __gnu_cxx::stdio_filebufchar, std::char_traitschar ::stdio_filebuf(const __gnu_cxx::stdio_filebufchar, std::char_traitschar ) /usr/include/g++/ext/stdio_filebuf.h:147: error: __gnu_cxx::stdio_filebuf_CharT, _Traits::stdio_filebuf(std::__c_file*, std::_Ios_Openmode, long unsigned int) [with _CharT = char, _Traits = std::char_traitschar] near match /usr/include/g++/ext/stdio_filebuf.h:122: error: __gnu_cxx::stdio_filebuf_CharT, _Traits::stdio_filebuf(int, std::_Ios_Openmode, bool, long unsigned int) [with _CharT = char, _Traits = std::char_traitschar] pkgutil.cc: In member function `void pkgutil::db_commit()': pkgutil.cc:119: error: no matching function for call to ` __gnu_cxx::stdio_filebufchar, std::char_traitschar ::stdio_filebuf(int, const std::_Ios_Openmode, int)' /usr/include/g++/ext/stdio_filebuf.h:53: error: candidates are: __gnu_cxx::stdio_filebufchar, std::char_traitschar ::stdio_filebuf(const __gnu_cxx::stdio_filebufchar, std::char_traitschar ) /usr/include/g++/ext/stdio_filebuf.h:147: error: __gnu_cxx::stdio_filebuf_CharT, _Traits::stdio_filebuf(std::__c_file*, std::_Ios_Openmode, long unsigned int) [with _CharT = char, _Traits = std::char_traitschar] near match /usr/include/g++/ext/stdio_filebuf.h:122: error: __gnu_cxx::stdio_filebuf_CharT, _Traits::stdio_filebuf(int, std::_Ios_Openmode, bool, long unsigned int) [with _CharT = char, _Traits = std::char_traitschar] gmake: *** [pkgutil.o] Error 1 # -- I have heard there are troubles of more than one kind. Some come from ahead and some from behind. But I've bought a big bat. I'm all ready you see. Now my troubles are going to have toubles with me! -- Dr. Seuss
Re: Issue compiling a program on OpenBSD
Basically I want to strip the system down as much as possible, practically nothing would be good. My GNU/Linux appliances ran on a 4MB system image. On Thu, Mar 27, 2008 at 4:16 PM, Stephano Zanzin [EMAIL PROTECTED] wrote: Hi Ross, Well, OpenBSD don't need to be recompiled, because the generic kernel is very small and have a great performance. Now if you gonna to add new features to kernel, I support your decision. Other thing that I recommends kernel recompilation, It's to aprove performance on old 386 systems. Stephano Zanzin
Issue compiling a program on OpenBSD
I'm quite well aware of that,... I've been building embedded UNIX-like systems for 10years now. The main reason I want to use the OpenBSD kernel is I'm interested in using OpenBGP/OpenOSPF and really don't fancy porting both to GNU/Linux and also brokering a truce between Theo and Linus, so that I can do this port without license conflicts. (M wonder what the chances are that I could get that right in the first place???) It appears that the error I was experiencing earlier is due to GNU extensions to libc being called that are not present in the OpenBSD libc. Can someone confirm this? On Thu, Mar 27, 2008 at 5:04 PM, Stephano Zanzin [EMAIL PROTECTED] wrote: OpenBSD kernel is not Linux. -rw-r--r-- 1 root wheel 5.9M Feb 22 10:56 bsd You only have to remove the tools that you don't need. Stephano Zanzin -- I have heard there are troubles of more than one kind. Some come from ahead and some from behind. But I've bought a big bat. I'm all ready you see. Now my troubles are going to have toubles with me! -- Dr. Seuss
