Re: Cannot get httpd block directives to work
Heya A quick read of the man page shows that the rule is first match for location stanzas. So if you want the sub-dirs to not be read, place them above the root location in the conf file. Tested on 6.8: I get 403's for block stanza placed above root location stanza. I get files served when block stanza placed below root location stanza. Shane On Sat, Mar 13, 2021 at 12:49 AM T K wrote: > > Hi there, > > I am trying to block direct access to given subfolder of > simple php website hosted on OpenBSD 6.8 amd64. > Inside webroot folder there are some subfolders > containing html files I'd like to restrict for direct requests, > as they are intended for including to php scripts, not > direct viewing. > > What I want to achieve is to get 403 error while > requesting "http://10.0.1.222/FOLDER/file.html";. > This is say "development" server, accessible > through local lan, listening on IP given below. > > My very simple config looks like this: > > server "10.0.1.222" { > listen on 10.0.1.222 port 80 > log style combined > > location "/*php*"{ > root "/FOLDER" > fastcgi socket "/run/php-fpm.sock" > } > > directory { > index "index.php" > } > > location "/*" { > root "/FOLDER" > } > > location "/SUBFOLDER/*" {block} > } > > Above does not work as I'd expect. > Requesting "/SUBFOLDER" itself returns > 403 code but hitting proper html filename > gets suceeded with 200 code. > I tried many versions of shell globes > for "/SUBFOLDER/file" path but nothing changes > described behaviour. I do not know if tere is > problem in globe itself or in server config. > No idea what to do, so any help appreciated. > > Tomasz(equi)Krol >
Re: On blindly running code
Heya My own experience agrees with you with regards to any system in production. However, it is also my experience that nothing demonstrates the difference between what should happen and what actually occurs better than running the code and seeing the aftermath. Thankfully, virtualisation makes things much simpler these days, and running through everything on a clone prior to even considering steps on the production system is consequently highly recommended. Shane On Fri, Oct 18, 2019 at 11:19 PM wrote: > > With regards to recent discussion, here is a little anecdote that came out of > the 6.5 to 6.6 upgrade. > > On one machine I run bitlbee, an IRC:IM gateway. After upgrading all the > ports it left suggestions in the form of copy pasta commands to run to > complete the upgrade process, as it does. One of these was rm -rf > /var/bitlbee/*. > > Had I been so stupid as to just run the command, or if the hyper-complicated > upgrade script required to support every possibility included a single > mistake, all of the settings to connect to my IM accounts (currently > constituting the only place some ancient passwords are guaranteed to be > saved) would have been lost, where in fact what I had to do about those files > was absolutely nothing. > > There is no fault here. The wording is something like 'you should also run', > clearly not 'this is absolutely essential' (because if it was, why wasn't it > done already or documented better?), which couldn't make it any clearer that > you need to think first why you might want to run that command. > > There are good reasons not to delete user accounts when removing the software > that uses them, for example, which is why pkg_delete doesn't but suggests > that you might want to (with copy pasta for your convenience). > > It's my responsibility to understand the software I'm running, how it works > and what effect the things I do will have on it. Nobody would have cried for > me if I'd pasted first and only then realised that I'd lost everything. > > Take responsibility for your own computers or stop using them and buy one of > those Fisher Price remote controlled radio-tracker remote execution vector > iToys that all the kids are playing with these days. > > Matthew > > ps. I do have backups of course. >
Re: auto_upgrade.conf et al man pages or documentation?
Hi Jacob Thanks for that. Shane On Fri, Oct 18, 2019 at 4:28 PM Jacob Adams wrote: > > On 10/17/19 9:49 PM, Theo de Raadt wrote: > > Shane Lazarus wrote: > > > >> I was interested in what it would do by default, and in how I could alter > >> those defaults if I did not like them. > >> > >> The sysupgrade man page informed me of a configuration file. > > > > Your complaint directly referenced the configuration filename > > /auto_upgrade.conf > > > > That filename is not mentioned in the sysupgrade man page, as you just > > claimed. > > > > In fact, it is mentioned nowhere. Your following complaints are that > > it is mentioned nowhere. > > Quoting directly from https://man.openbsd.org/sysupgrade : > "FILES > > /auto_upgrade.conf > Response file for the ramdisk kernel." > > Shane, you appear to be on the right track. From what I can tell it seems to > be > the same thing as install.conf in autoinstall. > > According to autoinstall(8): > > "The response file is a line-oriented ASCII text file. The format of each > line is: > > question = answer > > question is an installer question (not including the question mark) or a > non-ambiguous part of it, consisting of whitespace separated words. answer is > the answer to the question. Passwords may be in plaintext, encrypted with > encrypt(1), or set to ‘*’ (13 '*'s) to disable password logins, > only > permitting alternative access methods (for example, ssh(1) keys)." > > Therefore it seems that to ensure that the sets you do not want installed are > not installed you can use the "Set name(s)" question. > > For example to just install the base system and no other sets, hypothetically > you would put: > "Set name(s) = -all base66.tgz bsd.mp bsd" in /auto_upgrade.conf > > However, looking at the source code this file is created by sysupgrade: > > "cat <<__EOT >/auto_upgrade.conf > Location of sets = disk > Pathname to the sets = /home/_sysupgrade/ > Set name(s) = done > Directory does not contain SHA256.sig. Continue without verification = yes > __EOT" > > Thus you can't really change this unless you want to edit the script directly. > > The easiest method to install a limited number of sets would be to use > sysupgrade -n and then remove the sets you do not want from /home/_sysupgrade > before rebooting. > > Hope this helps, > Jacob >
Re: auto_upgrade.conf et al man pages or documentation?
Heya On Fri, Oct 18, 2019 at 11:25 AM Theo de Raadt wrote: > Shane Lazarus wrote: > > > Hi Folks > > > > With 6.6 being released, I figured to try out sysupgrade. > > > > Checking the man page, I note it uses the file /auto_upgrade.conf > > You checked the manual page for that filename? Why that filename? > How did you decide you need to look up that file? > > I went looking for documentation on how to use the sysupgrade utility. I was interested in what it would do by default, and in how I could alter those defaults if I did not like them. The sysupgrade man page informed me of a configuration file. As other configuration files are documented, I went looking for the documentation for the configuration file. > So, I just ran sysupgrade with no options to see what would happen. > > Very adventurous of you. > > A step I felt was required in order to determine the defaults used. > > Unsurprisingly, it proceeded to install ALL of the sets, without > bothering > > to prompt me, or apparently taking note of what was previously selected > > during the initial install of 6.5. > > Yes that is what it does. > > Was your disk too small, and things didn't fit? > > You haven't explained what problem you ran into. > > My problem is simply a lack of understanding of the utility, and my subsequent inability to find documentation about configuration files. That is my problem, and is the reason I asked for pointers on how to overcome the issue. > > This is an undesirable trait, with neither apparent documentation or > what I > > would consider to be sane defaults. > > In your opinion. > > Yep, in my own opinion, something that states it upgrades should not install sets that were not previously installed. > > If someone would be so kind as to point me in the right direction for how > > to prevent sysupgrade from being unsane, it would be much appreciated. > > Oh, that's easy. If you don't like what it does, don't use it. > Sure. Happy to completely ignore this utility, given I haven't needed it before. > > Very happy I've been able to point you in the right direction! > > Have a nice life. > > Have Fun Shane
auto_upgrade.conf et al man pages or documentation?
Hi Folks With 6.6 being released, I figured to try out sysupgrade. Checking the man page, I note it uses the file /auto_upgrade.conf Sadly, there seems to be no man page or alias for that Checking through the associated autoinstall(8) man page, there is reference to the file /upgrade.conf Which also has no link or alias in the man pages. Then I tried looking for man pages associated with /install.conf but again without success. Lastly, I browsed through the FAQ, without success either, but if someone knows what I missed there, please let me know. So, I just ran sysupgrade with no options to see what would happen. Unsurprisingly, it proceeded to install ALL of the sets, without bothering to prompt me, or apparently taking note of what was previously selected during the initial install of 6.5. This is an undesirable trait, with neither apparent documentation or what I would consider to be sane defaults. If someone would be so kind as to point me in the right direction for how to prevent sysupgrade from being unsane, it would be much appreciated. Thanks Shane
Re: Adding an additional IP on a NIC getting DHCP address
Hi Folks Oddly enough I couldn't figure out a way to do that :) So I just did the following instead with hostname.de1: dhcp inet6 autoconf !ifconfig de1 inet alias 192.168.2.28 255.255.255.0 !route add 128.0.0.0/1 192.168.2.254 up Have Fun Shane On Sat, Mar 23, 2019 at 12:51 PM Stuart Henderson wrote: > On 2019-03-22, Shane Lazarus wrote: > > Hi Folks > > > > Any reason you are not using the append / supercede options in the built > in > > dhclient.conf? > > https://man.openbsd.org/dhclient.conf > > > > Totally curious, as that is what I am using to override / append > > information... > > If you have a working setup with adding an alias IP address to the > interface as well as the address coming from DHCP, please do send it. > > >
Re: Adding an additional IP on a NIC getting DHCP address
Hi Folks Any reason you are not using the append / supercede options in the built in dhclient.conf? https://man.openbsd.org/dhclient.conf Totally curious, as that is what I am using to override / append information... Thanks Shane On Sat, Mar 23, 2019 at 3:55 AM Stuart Henderson wrote: > On 2019-03-22, Theodore Wynnychenko wrote: > > This is the first time I am responding to a post that is not my mine. > > I hope it is not too uninformed. > > > > Anyway, back in about October, 2016, I noticed that the included dhcp > > client would no longer assign an alias address alongside the address > > from the dhcp lease. Before about this time, I seem to recall, it would. > > > > My solution was to use the isc-dhcp-client from ports. But, that also > > had some issues. > > > > My solution (and if it is a poor solution, sorry) is on the mailing list > at: > > > > https://marc.info/?l=openbsd-misc&m=147638874608453&w=2 > > > > It is working as expected through my last update of current, which was > about 2 months ago. > > That sounds reasonable. > > > >> -Original Message- > >> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf > Of Lars Bonnesen > ... > >> and if so, how do I make sure that mygate does not get overwritten from > >> dhcp? > > So this is a bit different to Theodore's setup as you want a static > gatewy. The simplest method is probably to allow dhclient to set the > 0.0.0.0/0 default route itself, and add lines like these to hostname.if > > !route add 0.0.0.0/1 $gw_address > !route add 128.0.0.0/1 $gw_address > > That way dhclient can add and remove addresses as it wants and it > won't interfere with your real gateway. (Some of the tun-based VPN > clients use the same trick). > > >
Problem booting OpenBSD/amd64 with LSI MegaRAID card
Hello, I'm running into a problem when I try to boot the OpenBSD install disc with an LSI Logic MegaRAID SAS 9240-8i (mfi driver) card installed in the machine. I take the card out and it boots just fine from the disc, but I get the following panic with the RAID card in: --- boot> cannot open cd0a:/etc/random.see: No such file or directory booting cd0a:/6.2/amd64/bsd.rd: 3371132+1459200+3873512+0+598016 [373741+82+427200+282103]=0x9e99c0 entry point at 0x1000158 panic: init_x86_64: can't find end of memory The operating system has halted. Please press any key to reboot. --- The card is in an Intel Core 2 Quad system with 8GB of RAM. It has two logical drives, one in RAID5 and another in RAID1. Any help getting past this would be much appreciated. If more information is needed, please let me know. Thanks, Shane
Re: vmd: alpine-virt guest, clock synchronization issue
On 10/14/2017 13:01, x9p wrote: Hi, While running Alpine-virt 3.6.2 VM guest under OpenBSD 6.1 host, i noticed the clock frequency is 2x slower on the guest machine. This can be a problem for applications that relies on accurate time. Even after sync clock with ntpd inside alpine-virt guest, it gets out-of-sync a few seconds later. I get on the guest about half the clock frequency of the host. Anyone having similar problems? cheers. x9p I've noticed the same thing on my laptop running an amd64 6.2 install. It was really very slow to install and slow via console and ssh now that I've got it running. I just thought it was something I had done/was doing. Even with ntpd running, it's now way behind. Regards, Shane
Using OpenBSD for Malware Analysis
Hi everyone, Has anyone used OpenBSD to perform malware analysis? I know radare2 is in ports so was just wondering if anyone had any experience. I know most analysis is done using Linux distros but I'd prefer to use OpenBSD if feasible. Thanks, Shane
Re: file system and memory limitation
On 16/03/2014 4:24 AM, Friedrich Locke wrote: > Hi folks, > > i wonder what are the limitations on main memory and file system sizes ! > > Thanks a lot. > > gustavo. > How long is a piece of string?
Re: how can I get a dmesg (without a floppy or serial console port)?
Heya Any network connectivity at all? Otherwise, mount a USB stick and dmesg > file... On Mon, May 27, 2013 at 4:52 PM, Heptas Torres wrote: > Is there any way (physical settings / cables) to get a dmesg from a > laptop that has neither a floppy nor a serial console port (no ssh > either)? > 10x > -h
Re: OpenBSD as IPv4+6 gateway
Heya On Fri, Jun 22, 2012 at 2:00 PM, Hugo Osvaldo Barrera < h...@osvaldobarrera.com.ar> wrote: > On 2012-06-21 17:22, Simon Perreault wrote: > > On 2012-06-21 15:50, Hugo Osvaldo Barrera wrote: > >> I have read a great deal regarding IPv6 and IIRC, if I subnet my > >> network block, my ISP would have to know it has to route traffic to that > >> subnet through the WAN IP address of my router. > > > > Yes. If they don't allow that, then they don't know what they are doing. > > You're not supposed to assign a /48 to a single link. A single link gets > > a /64. > > But how would they know though which single IP to route the rest of the > subnets? > > I mean, if I assign: > 2800:40:402:::1/64 to my router's WAN interface > (2800:40:402::: is it's default gateway) > 2800:40:402::1/64 to it's LAN interface > 2800:40:402::2/64 to one of my clients > > Doesn't my ISP need to know that traffic to 2800:40:402::1 should be > routed through 2800:40:402:::1? > > What you have outlined there is that the ISP has configured their upstream device such that it is directly connected to your entire IPv6 allocation. If that is how they want to do things, then your best hope is to define the /64 between their space and yours as being 2800:40:402:::/64, and asking them to configure their upstream device to deliver 2800:40:402::/48 to 2800:40:402:::1 Alternatively, ask them for a linking allocation to remove the block allocated to you from being directly attached to one of their devices. Shane
Re: No way natting-to carp interface
Heya On Wed, Mar 14, 2012 at 5:15 AM, Paquitiu wrote: > Hi. ... > hostname.carp12 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 120:0,121:100 pass PaSSWord12 > > hostname.carp13 > inet 81.92.37.12 255.255.255.248 81.92.37.15 balancing ip carpnodes > 130:100,131:0 pass PaSSWord13 ... Any reason those two interfaces have the same IP Address? Shane
Re: mixerctl.conf(5), mixerctl(1)
On 10/29/2011 01:56 PM, sc...@web.de wrote: > Shane Harbour wrote: > >> Normally, what I do, is "mixerctl > /etc/mixerctl.conf" and then just >> edit from there as needed. > > OK, thanks. I suppose, mixerctl.conf is placed in /etc and consist > of name/value pairs as in output of the comand mixerctl, I suppose > you edit only the values changing them. I supose that I must supose > because these man pages are not precise enought. > > Rod. > Pretty much. All the different settings (name/value) are outputted to the config file in /etc. Just edit it and mixerctl will use that file for it's config.
Re: mixerctl.conf(5), mixerctl(1)
On 10/29/2011 10:58 AM, sc...@web.de wrote: > In no of the above man pages stay (1) the format of mixerctl.conf > or (2) where it must be placed. From the end of the page mixerctl.conf(5) > I can infer "/etc/mixerctl.conf" is the place. Waht is the format? > Name=value pairs separated by new lines? > > Rod. > Normally, what I do, is "mixerctl > /etc/mixerctl.conf" and then just edit from there as needed. Shane
Re: Apache problems
On 9/18/2011 10:37 PM, Rod Whitworth wrote: > What a pity that people don't do any searching b4 asking > > STFA for this list and (IIRC) find links to the PoC tool amongst other > info. > > > > On Mon, 19 Sep 2011 04:24:19 -0600, Shane Harbour wrote: > >> On 9/18/2011 9:42 PM, L. V. Lammert wrote: >>> On Sun, 18 Sep 2011, Amit Kulkarni wrote: >>> >>>> Recently there was a security issue with Apache. It was based on a >>>> perl script, search google. Maybe you are experiencing traffic and the >>>> realted problems because of that. >>>> >>> Is there any way to find out if the version in 4.3 was susceptable to the >>> attack? >>> >>> Lee >>> >> >> I believe the Apache Foundation released that Apache 1.3 is susceptable >> to this attack. However, with changes made by the devs, it's possible >> the version in OpenBSD may not be. >> >> If you have a spare box, you could always load it up and test it. I >> believe there is an Apache killer perl script floating on the 'net that >> you could use to test with. >> >> Shane >> > > *** NOTE *** Please DO NOT CC me. I subscribed to the list. > Mail to the sender address that does not originate at the list server is > tarpitted. The reply-to: address is provided for those who feel compelled to > reply off list. Thankyou. > > Rod/ > --- > This life is not the real thing. > It is not even in Beta. > If it was, then OpenBSD would already have a man page for it. > My apologies for generating noise and not remembering this had been previously discussed/answered. Next time I'll pay more attention and STFA :) Shane
Re: Apache problems
On 9/18/2011 9:42 PM, L. V. Lammert wrote: > On Sun, 18 Sep 2011, Amit Kulkarni wrote: > >> Recently there was a security issue with Apache. It was based on a >> perl script, search google. Maybe you are experiencing traffic and the >> realted problems because of that. >> > Is there any way to find out if the version in 4.3 was susceptable to the > attack? > > Lee > I believe the Apache Foundation released that Apache 1.3 is susceptable to this attack. However, with changes made by the devs, it's possible the version in OpenBSD may not be. If you have a spare box, you could always load it up and test it. I believe there is an Apache killer perl script floating on the 'net that you could use to test with. Shane
Re: Can one interface have an IP address and bridge as well?
Heya On Wed, Jun 22, 2011 at 12:13 PM, Paul Suh wrote: > Folks, > > Is this possible and/or a good idea? I have a router with three interfaces: > > sis0: external interface, IPv4 address 1.2.3.4/24 > sis1: internal interface, IPv4 address 192.168.1.1/24 > sis2 <http://192.168.1.1/24sis2>: DMZ interface, IPv4 address > 192.168.2.1/24 > > NAT rules pass all traffic from the internal and DMZ zones through the > external IP address. I have a couple of servers with IPv4 addresses > 192.168.2.2 and 192.168.2.3 in the DMZ, with rdr-to rules that send traffic > in > to them from 1.2.3.4. > > I need to place a server at 1.2.3.5, and the software I have to run needs > the > server itself to have the IPv4 address 1.2.3.5 -- I can't NAT it and give > the > server the address 192.168.2.4 in the DMZ. (Don't ask. *shudder*) Can I set > up > a bridge between sis0 and sis2 so that traffic for 1.2.3.5 gets passed > through > to the server via sis2 as well as having the IPv4 address 1.2.3.4 on sis0? > Or > is there a better way to do this? > > > --Paul > > [demime 1.01d removed an attachment of type application/pkcs7-signature > which had a name of smime.p7s] > > I personally would check to see if you could get a /30 routed to 1.2.3.4. 5.6.7.8 - 5.6.7.11 Append one of the /30 to the sis2 interface, and the other to your new server. If 1.2.3.4 & 1.2.3.5 are part of a bigger block that you own, see if you can't allocate a /30 from that larger pool. ( 1.2.3.8 - 1.2.3.11 ?? ) Shane
Re: Is VPN initiation by traffic possible?
Heya On Fri, Apr 15, 2011 at 10:37 PM, Reyk Floeter wrote: > Hi Nemir! > > Short answer: Yes, it works. > > ... > Regards, > reyk > The question remains, how does the connection get torn down? Or, in another fashion, how does the OpenBSD IPSEC implementation tell the remote IPSEC implementation that the VPN is not currently required and to de-register the Active SA? Shane
Re: Is VPN initiation by traffic possible?
Heya On Thu, Apr 14, 2011 at 8:05 AM, Matt S wrote: > > You might consider a creative solution with Dead Peer Detection. Per > ipsec.conf(4), you enable Dead Peer Detection by using an ike dynamic > statement. > > > One thing that came to mind for manual configuration is an authpf shell or equivalent... On connection by that shell account, manually bring up the IPSEC connection, on disconnect bring it down. That way you have the internal server wanting to communicate have some control over when the VPN is active. But yes, the focus does seem to be on how you can automate an otherwise currently manual function. Shane
Re: Is VPN initiation by traffic possible?
Heya On Thu, Apr 14, 2011 at 3:09 AM, Scott McEachern wrote: > On 04/13/11 09:38, Randal L. Schwartz wrote: > >> "Scott" == Scott McEachern writes: >>>>>>> >>>>>> Scott> It's called "port knocking". Google is your friend here. >> >> And if you recommend or use port knocking, you're an amateur at crypto. >> If adding 8 sniffable bits to your effective key length makes you >> significantly more secure, you've lost the game already. >> >> > I'm not advocating it, but it is what he's asking about. > > I should have added "This is not a good idea", but I was hoping he'd figure > that out by reading about it. > > Nemir, you might want to go back and find out exactly what problem the bank > is trying to solve with their idea. > > Actually from what I read in his email, it isn't Port knocking he is after. What the Bank likely wants is to not have any n+ client(s) out of however many maintaining a permanent VPN through their infrastructure, thereby leading to a potential DoS for their other clients. ( based on several appliances having hardware / licensing limitations on how many concurrently active VPNs are running at once ) Thus what the Bank would like is for the VPN connection to be torn down after the relevant data is transmitted. And no, I don't see a "disconnect" option after a brief read of the IPSEC man pages either. Shane
Re: 4.8 arrival!
On 29 October 2010 12:58, wrote: > Hello, > > Would you please consider uploading an iso image of your OpenBSD > 4.8 to some public tracker such as thepiratebay.org? > > If you are unfamiliar with the process of making an iso-image out > of a CD, or if you need help with the generation and upload of the > torrent file, I may be of some help. Just ask. > > Thanks alot, this will be of great use for poor folks like me who > cannot afford the expensive license fees. Yes, I said it, 50CDN$ is > very expensive. Maybe the OpenBSD Company could setup something > like MSDNAA, for stuents to get access to the software for free? > > Anyway, I'm getting off topic. > > PS: please people, stop bottom-posting. It forces me to scroll down > to read the latest message, and I don't like that. Show some common > sense! No. Buy the CD or wait for it's release. The irony of someone sending me this request, given what I do for a living, is too much to take. Again, no. Last I heard, the CD layout is copyright. Shane
Re: Low power OpenBSD machine
2009/4/17 Marco Peereboom > I work with people that run io tools against flash parts. I still have > to see it fail too. Your puny little firewall will never write more to > it than a month long stress test. This write fatigue argument is very > silly. Hey! My firewall may be puny in stature (Net5501), but he is Puffy hearted and on the Internet he is ten feet tall!
Make release choking at ramdiskC, again
It seems that a "make release" against -current barfs at the ramdiskC build, again. This is for i386. I took a stab at removing a driver and it now seems to work: --- RAMDISKC.0 Sun Jun 8 18:36:09 2008 +++ RAMDISKCSun Aug 17 16:30:17 2008 @@ -256,8 +256,8 @@ fxp* at cardbus? # Intel PRO/100 ethernet #ep0 at pci? # 3C59x ethernet #ep* at pci? # 3C59x ethernet -ne*at pci? # NE2000-compat ethernet -ne*at pcmcia? # PCMCIA based NE2000 +#ne* at pci? # NE2000-compat ethernet +#ne* at pcmcia? # PCMCIA based NE2000 #ep* at pcmcia? # PCMCIA based 3C5xx #sm* at pcmcia? # PCMCIA based sm #xe* at pcmcia? # Xircom ethernet Does anybody ever actually use these specialized floppies? I know I never have. -- Shane
Re: PF and application level firewall
Rami Sik wrote: > Hi All, > > > > I currently have PF in place with CARP, and quite happy with them. I > need to implement application level firewalling in front of my apache > servers as PCI requirement by the end of June this year. So, my > question is, do we have any application level firewalling support on > openBSD? Or, which third part tool/application would you suggest for > that purpose? > > > > Thanks, > > > > > > Rami > > Take a look at mod_security (http://www.modsecurity.org). There is a port of it. Regards, Shane
Re: running mail server at home
I beg to differ. It really depends on your ISP and how far you really want to go. I've run everything (DNS, mail, etc) out of my basement for 3 years now. Granted I had to switch ISPs in order to do so and upgrade to a "server class" DSL line. They even delegated control of my reverse DNS to me. It's all part of a standard package they provide. Again, it just comes down to your ISP and how far you really want to go. I'm sure there are quite a few on the list that do this. Regards, Shane L. V. Lammert wrote: > On Thu, 7 Feb 2008, Douglas A. Tutty wrote: > >> On Thu, Feb 07, 2008 at 02:51:31AM -0800, Chris wrote: >>> I have a P3 box with 120GB HDD that's doing web, ssh and samba at the >>> moment. I >>> am planning setup sendmail, spamd, mimedefang, clamd and spam-assassin >>> on this box along with web, ssh and samba. >>> >>> I was wondering if anyone has any experience with running a mail >>> server at home. >>> > In reality, you cannot run your own mail server at home. This would > require: > > 1) DNS resolution for your domain name > 2) Appropriate MX records > 3) Valid REVERSE DNS for your IP > > #3 is usually the big factor for most ISPS, without it, you will not be > able to send email to any 'sane' mail server. > > Lee > > > Leland V. Lammert[EMAIL PROTECTED] > Chief Scientist Omnitec Corporation > Network/Internet Consultants www.omnitec.net >
Re: running mail server at home
I run all my stuff at home and even do virtual hosting for web and mail for one of my wife's websites. I have a separate box for mail running postfix, dovecot, postgresql, clamd, and spamd. It's not a beefy box but still works well. Haven't really seen my electrical bill go up. I did have to get a "server class" DSL line so I could have static IPs. It was slightly higher but not by much. I also pay a small fee for my IP addresses. Regards, Shane Chris wrote: > I have a P3 box with 120GB HDD that's doing web, ssh and samba at the moment. > I > am planning setup sendmail, spamd, mimedefang, clamd and spam-assassin > on this box along with web, ssh and samba. > > I was wondering if anyone has any experience with running a mail server at > home. > I want to know if I should use only one box or buy another box? Also, > what sort of electricity bills > will I run into? And also if is there anything else I would need to know. > > Thanks for any help.
Re: Error updating 4.2 - permission denied
On 22/12/2007, at 12:47 AM, kim wrote: Could anyone offer some help with an upgrading problem with 4.2 - stable? The source tree and ports were installed from the official CD, and upgraded with: Update source tree: cd /usr/src cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_4_2 -Pd Update ports tree: cd /usr/ports cvs -d [EMAIL PROTECTED]:/cvs -q up -rOPENBSD_4_2 -Pd Rebuild the kernel: cd /usr/src/sys/arch/i386/conf /usr/sbin/config GENERIC cd /usr/src/sys/arch/i386/compile/GENERIC make clean && make depend && make Reboot the kernel: cd /usr/src/sys/arch/i386/compile/GENERIC cp /bsd /bsd.old cp bsd /bsd reboot Rebuild system binaries: rm -rf /usr/obj/* cd /usr/src make obj cd /usr/src/etc && env DESTDIR=/ make distrib-dirs cd /usr/src make build = When rebuilding system binaries, I get this: /usr/src/gnu/usr.bin/binutils/gdb/observer.sh h /usr/src/gnu/usr.bin/binutils/gdb/doc/observer.texi observer.h /usr/src/gnu/usr.bin/binutils/gdb/observer.sh: Permission denied *** Error code 1 Stop in /usr/src/gnu/usr.bin/binutils/obj/gdb (line 1333 of Makefile). *** Error code 1 Stop in /usr/src/gnu/usr.bin/binutils/obj (line 21479 of Makefile). *** Error code 1 Stop in /usr/src/gnu/usr.bin/binutils (line 81 of /usr/src/gnu/usr.bin/binutils/Makefile.bsd-wrapper). *** Error code 1 Stop in /usr/src/gnu/usr.bin. *** Error code 1 Stop in /usr/src/gnu. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src (line 73 of Makefile). === I have cleared the /usr/src directory and reloaded the tree from the CD, and gone through the whole process again, but get the same error. Is this possibly an error from the CD or the CVS site? Thank you I am also seeing this problem. I am happy to change the perms to fix, however is this something that needs to be fixed at a root server? I installed on various i386 systems, at work and home, from an official OpenBSD 4.2 CD. I have tried various mirrors, with the same errors as above. Shane J Pearson
Re: Real men don't attack straw men
On 06/01/2008, at 9:47 PM, Richard Stallman wrote: Would you be so kind as to tell me the precise URLs where you found those quotes? If not, I will look for someone else who will do that for me. You know that saying, "if you want something done right, you do it yourself"? I'd be adhering to that, especially in cases where I put forth such controversial opinion in such a public display. Such an outspoken person should be well informed, lest he keeps choking on his own toe jam. Are you too good for Google? http://www.google.com.au/search?q=%22Run+GNOME+in+a+VMWare+Player+in+a+Linux+virtual+machine.+site%3Atorrent.gnome.org If you'd even bothered to go to the front page already quoted to you, you'd notice that that is where it is.
Re: Real men don't attack straw men
On 06/01/2008, at 3:28 AM, Karthik Kumar wrote: On another hand we are not GNU/GPL and we don't mind our users installing non free software if it is what they want. The FAQ is where this needs to be documented for users to get their job done faster. If you don't mind users using non-free software, you shouldn't be putting the 'Free. ' in 'Free. Functional. Secure.' Huh? OpenBSD is built from free software and allows users the freedom to do what they please, even if that means running non-free software. You have a strange idea of "free". An OpenBSD user exercising freedom of choice, by choosing to use some non-free software, does not make OpenBSD non or less free. Shane
Re: OT YAG Re: delete deleted data
On 06/01/2008, at 1:57 AM, Diana Eichert wrote: Any EE worth their weight in salt understands signal processing. I do believe a lot of younger engineers have grown up in the 1 & 0 digital world and forget about analog. I think the first computers I witnessed in a work place, were actually analog computers (Navy). Where a mix of humans, transistors, valves, gears and three-phase motors/sensors, got the job done.;-) Shane
Re: delete deleted data
On 04/01/2008, at 12:21 PM, Harpalus a Como wrote: Myth? Why are you so upset about this? It's not myth. The techniques involved in recovering data in the manner Marco and the NSA, DoD, and many others describe isn't a matter of running a simple software tool. It's a long, slow, annoying process that is also costly. But it is possible. Not every company or person in the forensics industry is a master at their job. If they say it's not possible, perhaps it's just "not something their software package does for them?" (I'm not trying to be derogatory, but I do know a guy who does computer forensics work, and the software/hardware he uses is about all he knows. He just goes through the motions. Doesn't know all that much about filesystems or disks.) I agree. Most computer forensics people I have worked with, tended to stick to what they considered to be "standard procedures" with "standard forensics software". They were mostly ex-police with computing training. I personally managed to get results which other forensics teams could not (or would not), which I believe was because I was willing to use some creative techniques that they wouldn't dare come to court with. As far as the data recovery industry goes, I think there are more frauds than experts advertising such services. Shane
Re: delete deleted data
On 04/01/2008, at 8:19 AM, Brad Tilley wrote: One pass from /dev/zero is more than enough for all cases. I agree that after a single pass of zeroes, getting anything but zeroes from a fully working, unaltered drive is not going to happen. But if you remove the digital logic which masks residual signals via thresholds used to determine at what point a 1 is considered a 1 and a 0 a 0, then perhaps 1's and 0's could be restored from some drives. Through the use of a replacement device that samples each bit with a bit depth greater than 1, allowing analysis to interpret what I would have thought would not be constant uniform samples. I think more importantly, if it is comparatively very cheap to erase a drive in a paranoid manner and the leaking of that data could cost a fortune, then the comparatively small cost of paranoid erasure could be a risk worth taking. Shane
CARP Advertisement Issue
Heya In the network: OpenBSD Firewall (x2) <--> Metropolitan Layer 2 Network <--> ISP(s) CARP advertisements are forming some 7% of the 'noise' traffic across the Metro L2 resulting in complaints from other clients of the Metro L2 provider. All production and testing done with: OpenBSD 4.0 release + errata OpenBSD 4.1 release + errata I have read through the 4.1 to 4.2 changes documentation (http://www.openbsd.org/plus42.html). I can see nothing there that would alter the below results. Thanks in advance for all suggestions and/or recommendations. I have some Feature Requests as a result of this testing, but will hold off on those until feedback is received. :) Upon receiving a request from the L2 provider, we thought of or tried the following: * Unicast CARP advertisements; Unlike pfsync, CARP does not currently have support for Unicast communications. * lladdr filtering by the L2 provider; All of the CARP advertisements are coming from the shared lladdr of the carp interface, not from the lladdr of the carpdev's. (True also on the other carp interfaces.) * netstart + pf + ifstated; Start the external facing carpdev's configured and down and the internal facing carpdev's configured and up on boot. Use pf to explicitly allow CARP advertisements on the internal facing carpdev's and block all others (including the external facing carpdev's). Use ifstated to monitor the state changes on the internal facing carp devices. Run 'ifconfig $carp [up|down]' on the external facing carp devices depending upon the state of the internal facing carp devices. /etc/netstart currently does not deal with configuring and then setting an interface to down upon boot. example /etc/hostname.if: inet 192.168.0.1 255.255.255.0 NONE down CARP seems inconsistent in its handling of the carpdev status. Discovered that upon booting with all physical cables unplugged that carp interfaces enter master state despite carpdev's (em - Intel PRO/1000 10/100/Gigabit Ethernet devices) not having physical network connectivity. In general, this setup is not considered an optimal solution anyway. Thanks Again Shane Lazarus Infrastructure Engineer DataTorque +64 21 529278 [EMAIL PROTECTED]
Re: How can I install 4 OS'es on one disk?
Quoting Steve Shockley <[EMAIL PROTECTED]>: stan wrote: Is it possible to do this on the one disk. I do have enough space, my concern is about portions. If it is possible can anyone give me an idea how best to approach this? Or a pointer to some docs? I've done what you mention using Acronis Disk Director or Partition Magic, but they're not Free in any sense. Resizing partitions is handy when multibooting, but I'm not familiar with a partition resizer that works with OpenBSD partitions. If you have a laptop, it may be easier to just swap disks. You could also check this link http://readlist.com/lists/openbsd.org/misc/2/11903.html it has worked for me in the past.
Re: nfe0 problem (obsd 4.1)
I have one of the older Sun Ultra 20 systems that also has an nfe(4) in it. It does the same thing everytime I try to cvs or put a load on the interface. Only way around it was to install a second NIC. Like someone else mentioned before, until more documentation is available, probably won't get any better. Until then it won't bother me to run a second NIC. Regards, Shane patrick keshishian wrote: Hi, I've been noticing some strange problems with the built-in nfe0 interface on my desktop. Actually I've seen it on two such computers, but the description below is for my current desktop PC. The PC is running `cvs up -dP -rOPENBSD_4_1' built. I'm including netstat, ifconfig output[1] and dmesg below[2]. I've noticed that once in a while the nfe0 interface will stop sending and receiving data. At this point I can not make it work again. The only solution I have is to reboot the box. I have installed a dc0 card in the box since. The problem seemed intermittent and not reliably reproducible. But I think I found a way to reproduce this problem on demand (at least for the time being). I have an ssh session to another box, on which I run '/usr/bin/nm somelib.so'. After a page or two of output the terminal "hangs". At this point nfe0 becomes unresponsive. I switch to the dc0 interface and the terminal finishes the output. Running the nm command while using the dc0 interface doesn't cause any problems. Interestingly enough, if I redirect the output of nm to a file and subsequently cat the file the nfe0 interface doesn't seem to exhibit the same problem. I am not sure how to diagnose this problem further. I've enabled debug on the nfe0 interface (/sbin/ifconfig nfe0 debug), but don't see any output. Any and all suggestions are welcome. --patrick [1] netstat and ifconfig outputs: $ /usr/bin/netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 332241 0 1 0 0 lo0 33224 127/8 127.0.0.11 0 1 0 0 lo0 33224 ::1/128 ::1 1 0 1 0 0 lo0 33224 fe80::%lo0/ fe80::1%lo0 1 0 1 0 0 dc0 150000:02:e3:07:cc:df 1713 0 424 7 0 dc0 1500 fe80::%dc0/ fe80::202:e3ff:fe 1713 0 424 7 0 nfe0150000:16:e6:82:17:da 1520 613 878 0 0 nfe01500 fe80::%nfe0 fe80::216:e6ff:fe 1520 613 878 0 0 nfe01500 xx.yy.ww.zz xx.yy.ww.zz2 1520 613 878 0 0 pflog0 332240 0 0 0 0 enc0* 1536 0 0 0 0 0 $ /usr/bin/netstat -rnfinet Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface defaultxx.yy.ww.zz9 UGS 00 - nfe0 xx.yy.ww.zz8/28link#2 UC 40 - nfe0 xx.yy.ww.zz9 00:20:6f:03:a2:e5 UHLc10 - nfe0 xx.yy.ww.zz1 link#2 UHLc02 - nfe0 xx.yy.ww.zz3 00:01:02:c2:a1:b9 UHLc1 159 - nfe0 xx.yy.ww.zz0 00:20:e0:68:5d:c8 UHLc1 11 - L nfe0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 $ /sbin/ifconfig lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 dc0: flags=8843 mtu 1500 lladdr 00:02:e3:07:cc:df media: Ethernet autoselect (none) status: no carrier inet6 fe80::202:e3ff:fe07:ccdf%dc0 prefixlen 64 scopeid 0x1 nfe0: flags=8847 mtu 1500 lladdr 00:16:e6:82:17:da groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::216:e6ff:fe82:17da%nfe0 prefixlen 64 scopeid 0x2 inet xx.yy.ww.zz2 netmask 0xfff0 broadcast xx.yy.ww.zz3 pflog0: flags=141 mtu 33224 enc0: flags=0<> mtu 1536 [2] dmesg OpenBSD 4.1-stable (GENERIC) #0: Mon May 28 18:06:28 PDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 Processor 3200+ ("AuthenticAMD" 686-class, 512KB L2 cach e) 2.02 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD erratum 89 present, BIOS upgrade may be required real mem = 536375296 (523804K) avail mem = 481710080 (470420K) using 4278 buffers containing 26943488 bytes (26312K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ B
Re: Hardware Compatibility: Sun Ultra 20 or better suggestion
Edd Barrett wrote: On 5/3/07, Edd Barrett <[EMAIL PROTECTED]> wrote: Hi Shane, Superb! I dont mind putting another NIC in, but I would hope that this is resolved in newer models. Oh, the other thing was, these usually ship with ATI/Nvidea graphics cards. I couldnt care less for 3d accelleration, as long as I can run X reasonably well. Are you running X? Yes I am. I did have it setup with the on-board graphics and it worked great even with 8MB of video RAM. However, I did put an NVIDIA PCI Express card in later since it was free :)
Re: Hardware Compatibility: Sun Ultra 20 or better suggestion
I'm running -current on one of the older Ultra 20's and it works well for me. It's been a while since I've actually sat down and played with it, but most stuff is supported out of the box. I did have to put a different NIC in mine though. The built in nfe kept locking up during long transfers (like cvs updates) and I haven't had time to track down the issue. Here's the dmesg from my machine: OpenBSD 4.1-current (GENERIC) #3: Thu Apr 26 19:42:58 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1072136192 (1047008K) avail mem = 906833920 (885580K) using 22937 buffers containing 107421696 bytes (104904K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (41 entries) bios0: Sun Microsystems Sun Ultra 20 Workstation acpi at mainbus0 not configured ipmi0 at mainbus0: reserve send fails cpu0 at mainbus0: (uniprocessor) cpu0: AMD Opteron(tm) Processor 144, 1809.48 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: Cool'n'Quiet K8 1809 MHz: speeds: 1800 1000 MHz cpu0: AMD erratum 89 present, BIOS upgrade may be required pci0 at mainbus0 bus 0: configuration mode 1 "NVIDIA nForce4 DDR" rev 0xa3 at pci0 dev 0 function 0 not configured pcib0 at pci0 dev 1 function 0 "NVIDIA nForce4 ISA" rev 0xa3 nviic0 at pci0 dev 1 function 1 "NVIDIA nForce4 SMBus" rev 0xa2 iic0 at nviic0 adt0 at iic0 addr 0x2e: sch5017 rev 0x89 iic1 at nviic0 adt1 at iic1 addr 0x2e: sch5017 rev 0x89 ohci0 at pci0 dev 2 function 0 "NVIDIA nForce4 USB" rev 0xa2: irq 7, version 1.0, legacy support ehci0 at pci0 dev 2 function 1 "NVIDIA nForce4 USB" rev 0xa3: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 uhub0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 uhub0: 8 ports with 8 removable, self powered auich0 at pci0 dev 4 function 0 "NVIDIA nForce4 AC97" rev 0xa2: irq 11, nForce4 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 pciide0 at pci0 dev 6 function 0 "NVIDIA nForce4 IDE" rev 0xf2: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 7 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 8 function 0 "NVIDIA nForce4 SATA" rev 0xf3: DMA pciide2: using irq 10 for native-PCI interrupt ppb0 at pci0 dev 9 function 0 "NVIDIA nForce4 PCI-PCI" rev 0xa2 pci1 at ppb0 bus 1 "VIA VT6306 FireWire" rev 0x80 at pci1 dev 6 function 0 not configured dc0 at pci1 dev 10 function 0 "ADMtek AN983" rev 0x11: irq 5, address 00:0c:41:1c:7f:7b ukphy0 at dc0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000749, model 0x0001 nfe0 at pci0 dev 10 function 0 "NVIDIA CK804 LAN" rev 0xa3: irq 10, address 00:e0:81:5a:c7:8c eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2 ppb1 at pci0 dev 11 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci2 at ppb1 bus 2 ppb2 at pci0 dev 12 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci3 at ppb2 bus 3 ppb3 at pci0 dev 13 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci4 at ppb3 bus 4 ppb4 at pci0 dev 14 function 0 "NVIDIA nForce4 PCIE" rev 0xa3 pci5 at ppb4 bus 5 vga1 at pci5 dev 0 function 0 vendor "NVIDIA", unknown product 0x0160 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 "AMD AMD64 HyperTransport" rev 0x00 pchb1 at pci0 dev 24 function 1 "AMD AMD64 Address Map" rev 0x00 pchb2 at pci0 dev 24 function 2 "AMD AMD64 DRAM Cfg" rev 0x00 pchb3 at pci0 dev 24 function 3 "AMD AMD64 Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 uhub1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 8 ports with 8 removable, self powered uhidev0 at uhub1 port 5 configuration 1 interface 0 uhidev0: Sun Microsystems Type 6 Keyboard, rev 1.10/2.00, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes, layout 33 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub1 port 6 configuration 1 interface 0 uhidev1: Raptor Gaming PS/2+USB Mouse, rev 1.10/51.15, addr
Re: U320 Drive on U160 controller?
Hi, On 21/04/07, Richard P. Welty <[EMAIL PROTECTED]> wrote: > i have U320 drives working fine with U160 controllers. > i have also held in my hand new ibm/hitachi U320 SCA > drives clearly labeled "not for use with U160 controllers". > i did not attempt to use them, instead i returned them for > credit and got other drives. I have a 68pin U320 drive plugged into one of the old LSI SCSI controllers commonly found in Sun Ultra 5's. Poor drive wants to go at 98Mbyte/s but the SCSI bus is holding it to 40. Works fine though. I'll have to get a better controller for it to use its potential. -- Shane J Pearson
Re: xenocara in /usr/src can cause problems ?
Something went wrong when you pulled the tree down. Last I checked xenocara should be under /usr like XF4 is and not under your src directory. /usr/src should only contain the kernel and userland for the base system. Someone correct me if I'm wrong. Shane Cedric Brisseau wrote: Hi all, I follow current and it seems to me strange that xenocara is under /usr/src. I have my src tree in /usr/src and xenocara in /usr/src/xenocara. So when I update my src tree with cvs it seems that I have problems : on one computer (src tree originally from CD) cvs never finish and on an other (src tree from a cvs mirror) the command : # cd /usr/src # cvs -d $CVSROOT -q up -Pd Cvs update xenocara tree : P share/man/man4/Makefile U share/man/man4/nx.4 P share/man/man4/tht.4 P sys/dev/pci/files.pci U sys/dev/pci/if_nx.c U sys/dev/pci/if_nxreg.h P sys/dev/pci/if_tht.c P xenocara/app/fvwm/extras/FvwmScript/FvwmScript.1 P xenocara/app/fvwm/modules/FvwmSaveDesk/FvwmSaveDesk.1 I wonder if it's intended. Kind regards, Cedric
Re: Mail Server (seeking recommendations)
I'm running Postfix/Dovecot with PostgreSQL (for authorization and mail routing) all from the ports. I've got it setup so that in the near future I can do virtual hosting of my wife's domains. It's pretty simple to setup and there is a examples at postfix.org and dovecot.org. It would be easy enough to right a script (pick your language) or setup a GUI application/web page to administer user accounts. Shane Stuart Henderson wrote: On 2007/04/15 14:06, Bryan Vyhmeister wrote: This is exactly why I have hesitated to move to a system based on postfix and dovecot for my main ISP mail server. This pair are pretty easy. Postfix (also more recent Exim versions) can look at Dovecot for smtp-auth; Dovecot's auth setup is quite simple and flexible. My staff needs to be able to add accounts easily and unfortunately, the command line is not that easy for them. BSD auth, ldap, sql, text files - take your pick... There's also dovecot-sieve if you need server-side filtering. One thing to note if you use milters, Postfix milter support is not based on libmilter; building milter apps on a box with Sendmail 8.14 installed will result in breakage when run against Postfix until Postfix milter support is updated unless you take extra care.
Re: VPN
On 26/03/2007, at 6:22 PM, Siju George wrote: Most probably you are sufferring from the PPTP problem with OpenBSD and PF. This is an excerpt from his website The last time i talked with him he said he is writing a PPTP proxy for OpenBSD and PF just like the FTP-Proxy. So it should be available soon :-) Frickin works for me on OpenBSD 4.0... http://frickin.sourceforge.net/ Shane J Pearson shanejp netspace net au
Re: OpenNTPD reliability
My apologies...you are right. Wasn't paying attention. I use "-s" on all of my servers to keep them updated. I hate having them off by a lot and am too impatient to wait for them to slowly sync themselves. Regards, Shane Luca Corti wrote: On Fri, 2007-03-23 at 15:14 -0600, Shane Harbour wrote: Look at the "-S" option and see if that's what you want. I think you mean "-s". Yes I use it but still the clients report they won't sync because of the server not being synced. ciao Luca
Re: OpenNTPD reliability
man ntpd Look at the "-S" option and see if that's what you want. Luca Corti wrote: Hello, I've set up OpenNTPD 3.9p1 on Linux with a couple of servers to sync to and listen on to sync my machines to OpenNTPD. Clients (some openntpds, some ntpds, some Cisco routers) refuse to sync to my server. OpenNTPD on a client reports my OpenNTPD server is not synced. This is not documented in the manuals, but googling a bit I found out that OpenNTPD takes quite a lot of time to sync its clock to the servers. Is there a way to obtain a reliable and fast syncing? I heard about timedelta sensors. Are these devices supported by openntpd when running on linux? thanks Luca
Re: Microsoft gets the Most Secure Operating Systems award
On 23/03/2007, at 3:19 AM, Lars D. Noodin wrote: Symantic makes its living selling paper bailing cups in a leaky boat. ;-) The media actively participates in obfuscating the issues, the causes and the solutions by publicizing such crap from Symantic and MS. Yes. Symantec make their money from a long-term open wound. Symantec then provides creative "research" that makes that open wound look best. Talk about a conflict of interest. Symantec have been trying to demonise OS X for a long while. Shane J Pearson shanejp netspace net au
Re: Important OpenBSD errata
On 18/03/2007, at 4:25 PM, Shawn K. Quinn wrote: On Sat, 2007-03-17 at 19:08 +0100, Karel Kulhavy wrote: I also suggest that the list include the cumulative amount for each donor, sorted so that the biggest donors are at the top. To me, this makes about as much sense as publishing a similar list for penis size (and whatever its female equivalent would be). Money is not the only way to contribute to a project. I agree. The value of a dollar differs a great deal between different people. Shane J Pearson shanejp netspace net au
Re: OpenBSD-Entwickler wollten kritische Lu:cke kleinreden
On 16/03/2007, at 8:56 PM, Lars Hansson wrote: On Fri, 16 Mar 2007 10:08:02 +0100 Karel Kulhavy <[EMAIL PROTECTED]> wrote: http://www.heise.de/security/news/meldung/86730 And for the majority of the worlds population that doesn't speak German this says exactly what? There is an English version linked from the bottom of that page: http://www.heise-security.co.uk/news/86757 Although this "news" item looks like the typical over-hyped hysterics I have come to expect from journalists. Shane J Pearson shanejp netspace net au
Re: ifconfig output for 802.11
On 12/03/07, Reyk Floeter <[EMAIL PROTECTED]> wrote: > > On Mon, Mar 12, 2007 at 12:05:20PM +0800, Lars Hansson wrote: > > I'm trying to understand the output of ifconfig for 802.11 interfaces > > and while most of it is obvious one part isn't (at least not to me). > > In the below output, what exactly does the "20dB" stand for and how do I > > interpret it? Looking at the ifconfig source it would also appear that > > it (whatever it is) could also be expressed as a percentage? > > > > $ ifconfig ural0 > > .. > > ieee80211: nwid unet chan 6 bssid 00:0f:3d:0d:eb:ac 20dB nwkey > > 0x8353c823e7 100dBm > > > > it is the received single strength indicator. I thought it was the transmit power. -- Shane J Pearson
Re: trouble making an X release
From the looks of it, you didn't install the XF4 source package or get them from CVS. Peter wrote: I am following FAQ 5.5 on building an X release (for my 4.0 system). I have successfully made the base system release but when following the below steps I get the error: lndir: ../XF4: No such file or directory make: don't know how to make build. Stop in /usr/Xbld. make: don't know how to make release. Stop in /usr/Xbld. I manually created the XF4 directory but it still didn't work: make: don't know how to make build. Stop in /usr/Xbld. make: don't know how to make release. Stop in /usr/Xbld. What am I missing? # rm -rf /usr/Xbld # mkdir -p /usr/Xbld # cd /usr/Xbld # lndir ../XF4 # make build # export DESTDIR=/usr/Xbld/dest # export RELEASEDIR=/usr/Xbld/rel # cd /usr/Xbld # rm -rf dest # mkdir dest rel # make release
Re: [Bulk] arpresolve: can't allocate llinfo
Hello Cory, Thursday, February 15, 2007, 2:40:51 AM, you wrote: > Hello all, > My OpenBSD firewall is still randomly stopping routing packets and I > still can't figure out why. :-( > I made the suggested patch to if_ether.c, ut now I just get the > following line in /var log messages: > Feb 14 18:08:41 bytor /bsd: arpresolve: can't allocate llinfo for > 192.168.1.1:no link address > Symptoms: Firewall can ping the wifi router (to which ADSL modem is > attached), but pinging anything beyond it fails. If I try to traceroute > to some place beyond the router, it doesn't show the router as the first > hop. (If it can ping the router, shouldn't it show up a the first hop on > a traceroute?). Even though the firewall can ping the router, it cannot > ping my laptop, even though the route to both goes out ral0. The laptop > cannot ping the firewall either. I know the router is still working > because my laptop can still access the internet through it once I reset > the default gateway to the router instead of the firewall. IPv6 ssh > connections form the laptop to the firewall stay active. > Things is, "arp -a" and "route -n show -inet" show extactly the same > thing whether the problem is currently in progress or everything is > working perfectly. No NICs accidentally have addresses on the wrong segment. > I had routed running, but stopping it has made no difference. > Anybody have any ideas? > [EMAIL PROTECTED] 1:03:58 [9]/etc> arp -a > bytor (192.168.0.1) at 00:0e:0c:bc:38:9d on em1 static > xanadu (192.168.0.2) at 00:0e:0c:b9:4d:ed on em1 > heechee.wireless (192.168.1.1) at 00:13:10:0e:0b:08 on ral0 > snowdog.wireless (192.168.1.3) at 00:12:17:60:fe:40 on ral0 > redbarchetta.wireless.fenris.cjb.net (192.168.1.191) at > 00:18:de:20:4f:2e on ral0 > bytor (192.168.16.1) at 00:0e:0c:b9:50:74 on em0 static > snowdog (192.168.16.2) at 00:15:f2:e8:7f:51 on em0 > [EMAIL PROTECTED] 1:04:03 [10]/etc> route -n show -inet > Routing tables > Internet: > Destination GatewayFlagsRefs UseMtu Interface > default 192.168.1.1UGS16 188916 - ral0 > 127.0.0.1 127.0.0.1 UH 2 6049 33224 lo0 > 192.168.0/24 link#3 UC 20 - em1 > 192.168.0.1 00:0e:0c:bc:38:9d UHLc9 996889 - lo0 > 192.168.0.2 00:0e:0c:b9:4d:ed UHLc156064 - em1 > 192.168.1/24 link#4 UC 30 - ral0 > 192.168.1.1 00:13:10:0e:0b:08 UHLc2 3272 - ral0 > 192.168.1.3 00:12:17:60:fe:40 UHLc0 483 - ral0 > 192.168.1.191 00:18:de:20:4f:2e UHLc0 4587 - ral0 > 192.168.2/24 link#1 UC 00 - fxp0 > 192.168.16/24 link#2 UC 20 - em0 > 192.168.16.1 00:0e:0c:b9:50:74 UHLc0 50 - lo0 > 192.168.16.2 00:15:f2:e8:7f:51 UHLc5 392664 - em0 > [EMAIL PROTECTED] 1:04:13 [11]/etc> cat hostname.ral0 > inet 192.168.1.2 255.255.255.0 192.168.1.255 nwid fenris nwkey > 0x0A18135EB54723927B64AB65BC > inet6 alias 2001:05c0:92cf:1::c0a8:0102 64 > [EMAIL PROTECTED] 1:06:08 [12]/etc> cat hostname.em0 > inet 192.168.16.1 255.255.255.0 192.168.16.255 > inet6 alias 2001:05c0:92cf:10::c0a8:1001 64 > [EMAIL PROTECTED] 1:06:18 [13]/etc> cat hostname.em1 > inet 192.168.0.1 255.255.255.0 192.168.0.255 > inet6 alias 2001:05c0:92cf:0::c0a8:0001 64 > [EMAIL PROTECTED] 1:06:33 [14]/etc> cat hostname.fxp0 > inet 192.168.2.1 255.255.255.0 192.168.2.255 > inet6 alias 2001:5c0:92cf:2::c0a8:0201 64 I had this issue before and it turned out to be a bad NIC. -- Best regards, Shane homepage: http://craz1.homelinux.com
Re: dmesg and fdisk do not match about usb external disk
On 13/02/2007, at 10:07 PM, frantisek holop wrote: hmm, on Tue, Feb 13, 2007 at 08:56:24PM +1100, Shane J Pearson said that On 13/02/2007, at 8:18 PM, frantisek holop wrote: how am i (and fdisk) supposed to make partitions on CHS boundaries if instead of 19457/255/63 fdisk sees the disk as 152627/64/32? What is the point in trying to align to such boundaries, when the physical HDD does not have 255 or 64 heads and those numbers are faked due to working around legacy limitations? fdisk(8): CAVEATS Hand crafted disk layouts are highly error prone. MBR partitions should start on a cylinder boundary (head 0, sector 1), except when starting on track 0, (these should begin at head 1, sector 1). MBR partitions should also end at cylinder boundaries. as far as i know most of the other OSs also align to boundaries. Thanks Frantisek, I must have spent too much time away from arches which use MBR. I wondered for a second why my sparc64 firewall was returning "no entry" for man fdisk. :-) Shane J Pearson shanejp netspace net au
Re: dmesg and fdisk do not match about usb external disk
On 13/02/2007, at 8:18 PM, frantisek holop wrote: how am i (and fdisk) supposed to make partitions on CHS boundaries if instead of 19457/255/63 fdisk sees the disk as 152627/64/32? What is the point in trying to align to such boundaries, when the physical HDD does not have 255 or 64 heads and those numbers are faked due to working around legacy limitations? Shane J Pearson shanejp netspace net au
Re: Groklaw artical about the BSD license
Vim, On 17/01/2007, at 7:57 AM, Vim Visual wrote: loosen up, I was just asking... You asked in a BSD mailing list, what people would think about having OpenBSD licensed under the GPL3. What were you expecting? Hugs? Shane J Pearson shanejp netspace net au
Re: seeking hardware for hackathon
On 16/01/2007, at 5:07 PM, Nikolay Sturm wrote: the next OpenBSD Mini Hackathon will be the Filesystem Hackathon - hardware to build a raid with 2 or more TB Wow, this sounds really exciting. Shane J Pearson shanejp netspace net au
Re: Misreporting secondary SATA2 320gb hd size.
Hi, On 26/12/2006, at 4:11 PM, Merp.com Volunteer wrote: Strange problem here, seems only to show up under OpenBSD 4.0 so far (verified not a noticeable problem under Gentoo Linux 2006.1 or Suse Linux 10.1): 2 brand new SATA2 Seagate 320 GB hard drives, completely wiped/ unpartitioned. wd0 reports correctly as: total sectors = 625142448 total free sectors = 625142448 BUT wd1 reports incorrectly as: total free sectors = 16514001 That is a fraction of the drive. I tried re-wiping, partitioning, etc. to no avail. I sometimes see this sort of behaviour on freshly zeroed drives on my systems. Within disklabel, I use "D" to set default values and then "b" to set the OpenBSD disk boundaries. Since I dedicate drives for OpenBSD, that's from the beginning, to the end "*". This has always fixed that problem for me. Shane J Pearson shanejp netspace net au
Re: Commands don't work after rm -rf /*
On 06/12/2006, at 12:14 PM, Bryan Irvine wrote: It's the anti-unix newbie avoidance system. I propose a source change to rm that *after* it has completed removing / it then displays a dialog that "the system would prefer it if you ran windows millennium". ;) Oh man, that's low. I can understand being sentenced to Windows, but ME? That's harsh.
Re: network with pabx
On 30/11/2006, at 10:20 PM, [EMAIL PROTECTED] wrote: guys i want to hear some comments / suggestions from you. we are planning to network a company. using a cat5e, the 2 pairs(4 wires) will be using for LAN and the remaining 2 pairs(4 wires) will be use for pabx. 1000BASE-T requires all 4 pairs. Will this thread be involving OpenBSD? Shane
Re: Which tools the OpenBSD developers are using?
On 29/11/2006, at 2:05 PM, Darrin Chandler wrote: C'mon! Stick to the real topic! I love tail, personally. When that doesn't do it, then head usually works. Careful doing that in a public forum. If you get caught, your GF/wife might use split on you. Shane J Pearson shanejp netspace net au
Re: Which tools the OpenBSD developers are using?
On 29/11/2006, at 11:43 AM, Zoong PHAM wrote: On Tuesday, 28 November 2006 at 18:12:48 -0500, Jim Razmus wrote: * Diana Eichert <[EMAIL PROTECTED]> [061128 18:09]: I use a soldering iron, dremel tool, sheet metal/plastic nibbler and solder wick. I am low budget developer so I use chopsticks, sushi and tap water. I hope you don't eat fugu! That would be blasphemy! Shane J Pearson shanejp netspace net au
Re: Small patch for faq4.html
On 22/11/2006, at 10:27 PM, Karel Kulhavy wrote: I have ordered, because perceived OpenBSD as cool at that time. Now I don't see OpenBSD as cool anymore. The motivation for buying more is away. I am considering switching back to Gentoo on next major problem because the illusion of friendliness holding me to OpenBSD is away. Cya.
Re: Best nic/driver combination
Hi Pedro, On 16/11/2006, at 11:48 AM, pedro la peu wrote: I can easily get some Realtek 8169 based (not 8139!) re cards, some Intel gbit em (they seem less stable than fxp ?), and probably some sk (SMC 9452TX). I have been using sk(4) as my Gigabit card of choice with great success for some time now. In fact, I don't bother looking for anything else. I pump lots of Gigs through them daily with never a hitch, on old PIII junkware PC's. There are probably alternatives with better maximum performance, I've never needed to find out. The fact that they cost new about the same as two packs of cigarettes (in the UK) is a pretty convincing bonus. Yes, sometimes I feel like I should buy them in bulk. I am afraid that one day the chip-set will disappear for another cheap yet inferior one. And the vendors won't mention anything on the box. I can't get D-Link DGE-530T Rev B1 cards to work in Sun U5's and U10's, yet the Rev A1 cards work fine. I think the move to Rev B1 has caused the cards to only work in PCI 2.2 slots and not older PCI 2.1. Even though the printing on the box of Rev B1 cards still claims that it will work in PCI 2.1 slots. All I seem to be able to source now are the Rev B1 cards (which incidentally work fine in a Blade 150). Since they're so cheap, how long until a vendor like D-Link changes the chipset and then just ship a different Windows driver CD? If I had the money at the moment, I'd buy them in bulk so I have some for myself and my customers. I realise there are other sk options, but since they can be so cheap, I fear they will change. Can anyone recommend a cheap sk which is still capable of working in a PCI 2.1 slot? I was hoping to switch from fxp to sk in my 5 interface Sun U10 firewall at home, but I only have 2 sk's (out of a desired 4) which work in it. Shane J Pearson (hoping to see some affordable 4 interface sk NIC's) shanejp netspace net au
Re: video hardware determination
Hi Michael, On 09/11/2006, at 2:08 PM, Michael Hernandez wrote: Is that expected behavior? Of course not... and for the record, no it doesn't work with the same automagic goodness on the evo at work (I think it's the card in the evo, the monitor is exactly the same as the one I have at home) but if you haven't tried to just run X without any config file... give it a go! You might get a pleasant surprise! For a long time now (many releases ago) I have noticed that often after a fresh install of OpenBSD, I can type "startx" as the first thing after logging in for the first time... and X just comes up. Shane J Pearson shanejp netspace net au
Re: error in if_em.c building -stable kernel on sparc64
Hello, On 08/11/2006, at 11:01 AM, Jason LaRiviere wrote: Shane J Pearson wrote: Hello, I am getting an error in if_em.c when trying to build a -stable kernel on sparc64. It stops with this error: /usr/src/sys/dev/pci/if_em.c: In function `em_rxeof': /usr/src/sys/dev/pci/if_em.c:2446: error: structure has no member named `align_buf_len' The correct header file seems to have been committed. You should cvs up and try again. I have updated and the new -stable GENERIC compiles and boots fine. Thanks Theo, Brad and the others who gave me the heads up. Shane J Pearson shanejp netspace net au
error in if_em.c building -stable kernel on sparc64
s0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34: polled "fdthree" at ebus0 addr 3023f0-3023f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59 "flashprom" at ebus0 addr 0-f not configured audioce0 at ebus0 addr 20-2000ff, 702000-70200f, 704000-70400f, 722000-722003 ipl 35 ipl 36: nvaddrs 0 audio0 at audioce0 hme0 at pci1 dev 1 function 1 "Sun HME" rev 0x01: ivec 0x7e1, address 08:00:20:ff:b5:f1 nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1 vgafb0 at pci1 dev 2 function 0 "ATI Mach64 GP" rev 0x5c wsdisplay0 at vgafb0: console (std, sun emulation), using wskbd0 pciide0 at pci1 dev 3 function 0 "CMD Technology PCI0646" rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0x7e0 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/ cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) ppb1 at pci0 dev 1 function 0 "Sun Simba PCI-PCI" rev 0x13 pci2 at ppb1 bus 2 siop0 at pci2 dev 1 function 0 "Symbios Logic 53c875" rev 0x14: ivec 0x7d0, using 4K of on-board RAM scsibus1 at siop0: 16 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/ direct fixed sd0: 35068MB, 49158 cyl, 2 head, 730 sec, 512 bytes/sec, 71819496 sec total siop1 at pci2 dev 1 function 1 "Symbios Logic 53c875" rev 0x14: ivec 0x7d1, using 4K of on-board RAM scsibus2 at siop1: 16 targets pcons at mainbus0 not configured No counter-timer -- using %tick at 440MHz as system clock. root on sd0a siop0: target 0 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 Any pointers to where I am going wrong, or how I can fix this, would be very appreciated. Shane J Pearson shanejp netspace net au
Re: How to take two screenshots?
Hi Girish, On 05/11/2006, at 6:39 PM, Girish Venkatachalam wrote: I have setup a multiboot machine with 4 OSes, gentoo,NetBSD,OpenBSD(but of course :-) and FreeBSD on a single hard disk. Now I want to do two things. a) Take a screenshot of the grub splash screen at bootup b) Take a screenshot of the wdm screen Can you guys help out? You could run a setup like this within VMware Workstation and then take screenshots of the VMware window. You can point VMware at a real raw disk (the one you have already installed to), instead of a disk image. If that does not work for you, you might have better luck starting from a clean VMware disk image and re-installing those OS' within it. Since the VMware machine will likely have different hardware. Shane J Pearson shanejp netspace net au
Re: OpenBSD Web Mail Security
If you don't want to run PHP, you could run OpenWebMail. It's written in Perl or you could roll your own. Courier also has it's own web-based software. Personally, I run Dovecot, Postfix, SquirrelMail and use PostgreSQL for virtual mailboxes. I was running Cyrus and liked it, but found it was too heavy for my needs (may not be for your's). Dovecot works out better for me and I've found my current setup to be somewhat faster than the old setup. It all depends on your needs and there are ways of mitigating (however not eliminating) PHP's security issues. Shane Sam Fourman Jr. wrote: Hello all, I was thinking of using OpenBSD for a Groupware Mail server, I see horde has a OpenBSD port however it is written in PHP, I am aware of the security concerns that PHP in general presents wile not having delt with Horde or any of it's applications in the past, is it safe to assume that the normal php security flaws are present in Horde? if so I would like to gather general opinions on alternatives for Microsoft Exchange(YUCK!!) like Groupware. Opinions are always helpful Sam Fourman Jr.
Re: m-o-o-t - some decisions
On 21/10/2006, at 1:38 PM, Peter Fairbrother wrote: [5] stored data.Later I'm too drunk now:) Can't wait. Somehow I think this thing they call a "moment of clarity" is highly over rated. Shane J Pearson shanejp netspace net au
Re: pppoe slow on openbsd
On 20/10/2006, at 12:59 PM, Chris wrote: So just I am Asking kindly again after 5 years. No you aren't. Regardless of where the pppoe implementation is broken, have you considered DSL MODEM/routers with half-bridge mode? You can get them to take care of the PPPoE/A and then they just pass the IP traffic through to your OpenBSD firewall/router. The MODEMs you have now might already be capable of doing that for you. BTW, the MODEM does not perform NAT, so your firewall will still face the bare Internet. PS, you are really rude. Shane J Pearson shanejp netspace net au
Re: update to -stable
Hi Shohrukh, On 19/10/2006, at 1:11 PM, Shohrukh Shoyokubov wrote: I updated to -stable as described in FAQ and everything worked from the first run. I can't believe everything works. Usually this kind of updates make a lot of problems, but not with OBSD. Well done OBSD team! That's what happens when you use a system which is developed well and as a whole. You can get used to that with OpenBSD. Enjoy! Shane J Pearson shanejp netspace net au
Re: bsdstats.org WOW
On 19/10/2006, at 11:28 AM, Constantine A. Murenin wrote: OpenBSD seems to lead in most sampled countries, though... Although it is a bit strange that the UK, Russia and Japan are missing from Top 10... Yes, I thought Russia would be up there. http://www.google.com/trends?q=OpenBSD Shane J Pearson shanejp netspace net au
Re: pfctl
Alexander, On 13/10/2006, at 9:12 PM, Alexander Belikov wrote: I want to fix a problem on one of my servers. The problem is 2 admins 1 server :( Both of us have a root access to it. It was a will of our Top Managment.. This is not an OpenBSD issue. Management needs to appoint one of you to be senior over the other. This way both of you could even still have root access if need be, but one of you calls the shots as far as policy goes at that level. If management won't do that, you'll need to deal with the problem until you can find a job elsewhere where management have a clue. If you need to spend a lot of time managing management and the problems they create, then it might be better for your career and sanity to move on. Shane J Pearson shanejp netspace net au
Re: RMS vs TdR (WAS: Re: OLPC)
Breen, On 13/10/2006, at 1:20 AM, Breen Ouellette wrote: Hmm. Let's see. Jack's original post is listed in its entirety below. I do not see any quotes around the word interesting. If you read it then you may agree that his meaning is obvious, you may not. I replied to this... http://marc.theaimsgroup.com/?l=openbsd-misc&m=116050963816462&w=2 So yes, I posted an abrasive message to the list in an attempt to curb such discussion from taking place again. You posted an abrasive message to prevent a flame war? Nice work. Where your particular misunderstanding seems to come into play is where you see Jack reference his earlier message, the one posted below, by quoting the word interesting. He was not implying anything. He can speak for himself, which is why I asked him. He said 'interesting' a few times, so I was intrigued by that. Even Bob Beck asked 'How so?...'. You either missed part of the thread or were fishing for an argument. Actually, you missed part of the thread. The part I was actually replying to. PS - I would avoid bringing up donations as a way of indicating that you are supporting the project. If you dig back in the lists you will find a post I made to another list, ports@ maybe, asking a question with the request that replies be sent to my email as well as the list, as I was not subscribed to that list. I got slammed for not supporting the project by participating in the list. I replied that I participate in misc@ instead because I can actually be useful there (sometimes) and that I donate to the project. I was then accused by several parties of attempting to "buy" help by bringing up my donations, when I was merely trying to indicate that I *DO* support the project in the ways available to me, as you did above. Two different situations. I am obviously not trying to buy support. I was merely trying to make my honest intentions known. When I make a donation, it is for real. I don't want or expect anything in return for it. That's why it is a donation. Mentioning that I have donated was just to show that I do actually care about OpenBSD and am most likely therefore not trolling for flames. In fact, for the cost of a $300 (.au) SCSI card, I don't feel that would be payment enough for even a single day for a single developer, for what they do with their skills. I wouldn't dare expect anything in return. I am merely grateful for what I get. I hope this is the end of this ridiculous waste of time. A single, pro-OpenBSD, throw away comment should not have come to this. Shane J Pearson shanejp netspace net au
Re: RMS vs TdR (WAS: Re: OLPC)
Breen, I am replying to this in full because I want my intentions known. I'll leave it at this. On 12/10/2006, at 2:58 AM, Breen Ouellette wrote: Jack J. Woehr wrote: On Oct 10, 2006, at 5:38 PM, Shane J Pearson wrote: By "interesting", you mean one is well meaning, but a little kooky and not always in touch with reality and the other is focused and committed to maintaining some sanity in the world of computing? No, I didn't mean that. I meant that both gentlemen are personal friends of mine and that the contrast between these two giants of free and open source software could hardly be more striking. Obviously there are elements trying to start an RMS/GNU versus TdR/ BSD holy war. If you are referring to me, you are right off the mark. I never mentioned GNU or BSD and had no intention of starting anything. It was just a throw-away comment in support of the OpenBSD leadership. If you don't find it interesting that two men could take a stand for free and open ideals, and yet interpret those ideals so differently, then fine, it isn't interesting to you. I never said it was not interesting. If you don't like RMS (or TdR for that matter) or his version of free and open ideals, then fine, you have the right to feel that way in most locales. I'm not particularly fond of RMS' views and ideas myself. I very much respect both, but lean towards Theo's ideals and line of practical thinking, which is always very thought provoking for me. But that is just me. I wouldn't waste time trying to start a flame war, because this is just my opinion and I don't want to waste misc@ users time. I do now see that I probably just should have kept my opinion to myself, because it could be misinterpreted and was probably not worth mentioning. But when you reply to the original poster's message feigning that you don't understand his point, well, then you come across as stupid. An inquisitive child could understand the difference between these two mens' views, and understand that some people might find it interesting. Who are you referring to with this? Am I the stupid person for finding a vague comment to be vague? If I don't ask, then I can only make assumptions with something like: '...um... "interesting"' And my comment was mostly meant in jest. Really, truly stupid. And willing to share it with the rest of the world on a public mailing list, no less! Brilliant! I, when confronted with a vague comment, ask a question for clarification. Which admittedly was meant more of a humorous, rhetorical question. Whereas you, confronted with something also vague (to a lesser extent), choose to read a LOT into it and then go on the attack, publicly with a tirade against a bunch of incorrect assumptions. So which is more stupid? If you want to start a holy war about the merits of these two positions then start a thread, preferably somewhere else, and howl into the wind. Nobody cares. We've all made up our minds about which side of the fence we are on. You aren't going to change my mind, or anyone else's. You are only making yourselves out to be a bunch of idiots. I think you have rather made quite the arse of yourself, Breen. I can now see the danger of a holy war erupting from my oversight, but mostly due to presumptuous people like you, who shoot first then ask questions later. This sure doesn't help the image of the OpenBSD user base at all. When we aren't taken seriously it is, in part, because of childish melodrama like this thread. Frankly, I don't much worry about the perception of the OpenBSD user base, because I think any negative perceptions towards it as a whole would be unfounded. There are idiots in every user camp. However this user camp makes up for them and then some, with some really helpful decent people on the list. I just temporarily put them on my twit list. But in the past 7 years or so, I've only put ONE person from misc@ in my twit list and I've since taken them off, now that they've become more reasonable. PS - Jack, some friendly advice, you are only encouraging them each time you reply. They obviously don't care about why you find interest in this subject. They only want to find a way to link you to RMS and then trash you. You find a lot of things "obvious" for a guy who is so presumptuous. For the record, I respect the intentions of RMS and I highly respect the intentions and practical thinking of Theo, the OpenBSD project, the developers and much of the user base. I've been enjoying OpenBSD since 2.5 and I try to buy OpenBSD items and donate whenever I am financially able. I tried to donate brand new SCSI disks when Theo asked for them for the older machines and I purchased a brand
Re: OLPC
Hello Jack, On 11/10/2006, at 5:35 AM, Jack J. Woehr wrote: Because they're both very strong personalities, both of whom I've met personally and whom I've interviewed for Dr. Dobb's Journal, and I find the contrast between them ... um ... "interesting". By "interesting", you mean one is well meaning, but a little kooky and not always in touch with reality and the other is focused and committed to maintaining some sanity in the world of computing? Shane J Pearson shanejp netspace net au
Re: Launching the Internet
James, On 16/09/2006, at 8:32 AM, dilbert wrote: My question is simple- I'm a relative newbie at BSD so please bear with me. I'm trying to launch the internet; so I open a terminal and go "percent sign 'Internet'" at the prompt ie: >%internet and it doesn't work. What gives??!! It appears from my end that you are trying to use the internets in "big truck" mode. Please remember, the internets "big truck" mode has been deprecated. You should now be using the internets in "series of tubes" mode. Your leaf node is currently blocking the internets. As a result, my internets are currently blocked also. Did you remember to prime the percent commands with the appropriate tilde-hash-bang flush commands first? To force the blockage out? /usr/bin/plunger and /dev/caustic- soda might be able to help you also. Please ">%man afterboot" before doing anything else. You are probably also blocking the OpenBSD developers internets, in which case they will not be able to perform CVS commits. Please hurry, as this may push back the release date of OpenBSD 4.0! I hope this DoS vulnerability will be addressed in OpenBSD 4.0. We users are counting on you James. You are our only hope. Shane J Pearson
Re: preferred hardware platform
Hi Joachim, On 09/09/2006, at 10:02 AM, Joachim Schipper wrote: And seriously, how does one manage to fill a TB of data? video, lossless-compressed music, backups from a bunch of machines, none of our business really (-: I'll grant you the latter, but still... well, let's just say that that 40 GB tapedrive I mentioned is plenty for backing up everything I admin. Just imaging my girlfriends Thinkpad comes out to greater than 40GB (compressed image size). Then there are all my machines and files. I like to have both recent user file backups and also relatively recent (monthly) whole disk image backups to quickly recover from a failed disk. Re-installing Windows anything or even Mac OSX to a much lesser extent, is a pain in the bum. Shane J Pearson shanejp netspace net au
Re: Serial Console and /etc/ttys
On 08/09/2006, at 5:21 AM, Woodchuck wrote: I used to do this with an Ohmmeter with a paperclip soldered to each lead. Sometimes I'd bribe a hardware guy with doughnuts to use his oscilloscope. Some people might find that when soldering a wire to a paperclip, that they get a bead of solder *around* the paperclip, with the bead of solder having wet the wire nicely, but then get no connection at all between the wire and paperclip. Between the solder and paperclip, you might just get an insulating tube of cooled, hardened flux, preventing the connection. I'd rather use solid core wire which is thick enough to poke into the holes. Shane J Pearson shanejp netspace net au
Re: ambiguities around burning CD
Hi Karel, On 06/09/2006, at 6:13 AM, Karel Kulhavy wrote: So the possible values for dev= according to this "documentation" are so far dev=0,0,0 dev=/dev/cd0a:0,0,0 dev=/dev/cd0c:0,0,0 dev=/dev/rcd0a:0,0,0 I use: cdrecord dev=/dev/rcd0c ^ ^ Which works fine for me. Shane
Re: DVD to distribute OpenBSD Packages (Re: about signing OpenBSD packages)
Hi Joachim, On 01/09/2006, at 11:11 PM, Joachim Schipper wrote: Now *that* would suck. Most of my i386 boxes won't read a DVD, and I'm fairly certain that getting a sparc to read a DVD isn't as easy as making a i386 do the same. I have a Lite-On DVD-ROM drive temporarily hanging off a Sun Ultra 5 which is running 3.9-stable as of ~ 25th Aug (while I tinker with making bootable sparc64 CDR's). Intrigued by your comment, I popped a Solaris 9 DVD into the drive and mounted it as -t cd9660. It mounted and I can see files. Same deal for a DVD movie (UDF?). Shane
Re: Smallest OpenBSD box
Hi Joe, On 2006.08.10, at 3:12 PM, Joe wrote: I recommend one of the new VIA EPIA CN-series boards. They are based on the new C7 chips which have AES engine on board...big plus for VPNs. I just bought a EPIA-CN13000. Is the hardware RNG quick with that CPU? Are you able to tell the speed of numbers coming from /dev/srandom under OpenBSD? Thanks, Shane
The Role of Binary Drivers in a Free OS
Howdy folks, Another article about blobs, with a positive mention to OpenBSD's stance on them: http://www.informit.com/articles/printerfriendly.asp?p=598023&rl=1 Shane
Re: WPA support / creating a cf image
On 2006.08.03, at 10:41 PM, Ryan Corder wrote: First, get past the notion of "secure" wireless...it doesn't exist. The best solution for a "more secure" wireless network is for you to implement a WEP-encrypted environment and establish a VPN over it. What about an open wireless network, which does not allow anything to be routed out of the OpenBSD WAP unless it is authpf authorised. Then only VPN traffic. This couldn't be considered secure enough? Shane
Re: Using dd(1) to duplicate a hard drive
Hi Chris, On 2006.08.01, at 2:00 PM, Chris Zakelj wrote: Went back about two years in the MARC archives with the terms 'copy drive' (oddly enough, 'dd' itself wouldn't work), and got plenty of linux examples on Google (that pretty much say what I propose anyway) but no luck... I'm hoping to find a faster way to create an image of one drive (a Samsung MP0402H, 40G notebook, to be specific) onto an identical drive than using: # dd if=/dev/rwd0c of=/dev/rwd1c bs=1m Hardware to be used in the copy is an i586/166, Intel 430VX chipset. I vaguely recall hearing that placing the drives on separate IDE channels would help, but any and all other pointers, cluesticks, and proddings are welcome. Do you have lots of drives to clone like this? This thread could take longer than the copying of a drive. I occasionally dd copy my 100GB laptop drive to an external firewire drive, using a FreeBSD install CD [1]. Only takes about 1 hour including compressing with gzip. Backup: dd bs=64k if=/dev/{raw_drive} | gzip | split -b 50m - backup.dd.gz. I split the files into 50m chunks because they fit well on CD's and DVD's and I don't have problems trying to burn or copy the files to something which has file size limits. Restore: gzcat backup.dd.gz.* | dd bs=64k of=/dev/{raw_drive} If you want, you can always substitute the raw_drive for a slice and just backup slices. Shane [1] Only using FreeBSD for this because it supported the new ATA and firewire chipsets on my VAIO. ; )
Re: hard drive problem
Travers, On 2006.08.01, at 11:23 AM, Travers Buda wrote: On Mon, 31 Jul 2006 20:10:23 -0400 Chris <[EMAIL PROTECTED]> wrote: If all is lost, you can wipe the disk with BCWipe (www.jetico.com) then test again with Spinrite. This has recovered several disks for me. Wipe it with dd if=/dev/zero of=/dev/rwd0c count=10 You suggest only wiping the first 5k bytes of a drive?
Re: looking for clue
Why people give life to a thread which starts like this is beyond me... > Hi I'm looking for clue. Does anyone have any? Please stop. The most effective response at the beginning would have been silence.
Re: USB keyboards / encryption
Hi Tony, On 2006.07.10, at 12:17 PM, Tony Abernethy wrote: "Security is a process" Slogan for snake-oil? I would prefer, "Security is an ongoing process". Something which you can't just buy and be done with and something which does not end. Shane
SMP and ichiic Error
Hello all, I'm having the following error on my SMP system: ichiic0: timeout, status 0x0 ichiic0: transaction abort failed, status 0x40 (ichiic0 = Intel 82801CA/SMBus) Everything I have found in the archives points to a hyperthreading issue. When the issue first appeared, HT was turned off. I've also tried changing the MP Spec in the BIOS. I've tried the following 4 combos: MP Spec: 1.1/HT: Off MP Spec: 1.1/HT: On MP Spec: 1.4/HT: Off MP Spec: 1.4/HT: On No matter the combo, I still get the same error. I would prefer not to disable ichiic* in the kernel config, but will do so if necessary. Below is a dmesg from the system (MP Spec: 1.4/HT: Off) with MPVERBOSE set in the kernel config. I'm hoping I just missed something and that it is easily corrected. Thanks for your help, Shane OpenBSD 3.9-stable (GENERIC.MP) #2: Sat Jul 8 17:54:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) XEON(TM) CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM real mem = 1073258496 (1048104K) avail mem = 972566528 (949772K) using 4278 buffers containing 53764096 bytes (52504K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(8a) BIOS, date 10/02/02, BIOS32 rev. 0 @ 0xfb1b0 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdf84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde70/272 (15 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 12 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371SB ISA" rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xa800 0xcc000/0x1800 0xce000/0x6600 mainbus0: scanning 0x9f800 to 0x9fbf0 for MP signature mainbus0: scanning 0xf to 0x0 for MP signature mainbus0: MP floating pointer found in bios at 0xf4f00 mainbus0: MP config table at 0xf1400, 332 bytes long mainbus0: Intel MP Specification (Version 1.4) (OEM0 PROD) cpu0 at mainbus0: apid 0 (boot processor) cpu0: calibrating local timer cpu0: apic clock running at 99 MHz cpu0: kstack at 0xe9059000 for 8192 bytes cpu0: idle pcb at 0xe9059000, idle sp at 0xe905af98 cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) XEON(TM) CPU 1.80GHz ("GenuineIntel" 686-class) 1.80 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV cpu1: kstack at 0xe905b000 for 8192 bytes cpu1: idle pcb at 0xe905b000, idle sp at 0xe905cf98 mainbus0: bus 0 is type PCI mainbus0: bus 1 is type PCI mainbus0: bus 2 is type PCI mainbus0: bus 3 is type PCI mainbus0: bus 4 is type PCI mainbus0: bus 5 is type ISA ioapic0 at mainbus0: apid 4 pa 0xfec0, virtual wire mode, version 20, 24 pins ioapic1 at mainbus0: apid 5 pa 0xfec8, virtual wire mode, version 20, 24 pins ioapic2 at mainbus0: apid 6 pa 0xfec80400, virtual wire mode, version 20, 24 pins ioapic0: int17 attached to pci0 device 31 INT_B (type 0x0 flags 0xf) ioapic0: int19 attached to pci0 device 29 INT_B (type 0x0 flags 0xf) ioapic0: int16 attached to pci0 device 29 INT_A (type 0x0 flags 0xf) ioapic0: int19 attached to pci4 device 5 INT_A (type 0x0 flags 0xf) ioapic2: int0 attached to pci2 device 9 INT_A (type 0x0 flags 0xf) ioapic0: int18 attached to pci4 device 4 INT_A (type 0x0 flags 0xf) ioapic0: int16 attached to pci4 device 6 INT_A (type 0x0 flags 0xf) ioapic0: int16 attached to pci0 device 31 INT_A (type 0x0 flags 0xf) ioapic0: int0 attached to ExtINT (type 0x3 flags 0x0) ioapic0: int1 attached to isa0 irq 1 (type 0x0 flags 0x0) ioapic0: int2 attached to isa0 irq 0 (type 0x0 flags 0x0) ioapic0: int3 attached to isa0 irq 3 (type 0x0 flags 0x0) ioapic0: int4 attached to isa0 irq 4 (type 0x0 flags 0x0) ioapic0: int6 attached to isa0 irq 6 (type 0x0 flags 0x0) ioapic0: int7 attached to isa0 irq 7 (type 0x0 flags 0x0) ioapic0: int8 attached to isa0 irq 8 (type 0x0 flags 0x5) ioapic0: int9 attached to isa0 irq 9 (type 0x0 flags 0x0) ioapic0: int13 attached to isa0 irq 13 (type 0x0 flags 0x0) ioapic0: int14 attached to isa0 irq 14 (type 0x0 flags 0x0) ioapic0: int15 attached to isa0 irq 15 (type 0x0 flags 0x0) local apic: int0 attached to ExtINT (type 0x3 flags 0x0) local apic: int1 attached to NMI (type 0x1 flags 0x0) pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel E7500 MCH Host" rev 0x03 ppb0 at pci0 dev 2 function 0 "Intel E7500 MCH" rev 0x03 pci1 at ppb0 bus 1 "Intel 82870P2 IOxAPIC" rev 0x04 at pci1 dev 28 function 0 not configured ppb1 at pci1 dev 29 function 0 "Intel 82870P2 PCI-PCI" rev 0x04 pci2 at ppb1 bus 2 em0 at pci2 dev 9 function 0 "Intel PRO/1000XT (82544GC)" rev 0x02: apic 6 int 0 (irq 12), address 00:10:dc:f4:d5:a8 "Intel 82870P2 IOxAPIC" rev 0x04 at pci1
Re: hints for scanning msdosfs patters?
Hi Nick, On 2006.07.07, at 2:51 PM, Nick Guenther wrote: I've used R-Studio and it works quite well (and quickly so long as you keep your computer out of screensavers and things). It's somewhat expensive at 100$. It works by just scanning the disk for signatures of files, and is usually able to recover a lot. http://www.r-studio.com/ $100 seems cheap to me for something which works, given the desperation when it's needed. Seems like a small tax on people who don't keep decent backups. Like me, once upon a time. ; ) I've been wanting to try R-Studio, since it has FFS support. I'll switch to it if it's as good as GDB. Shane
Re: hints for scanning msdosfs patters?
Hello Vladas, On 2006.07.06, at 9:56 PM, vladas wrote: I have fd up the first 10Mb of the 3Gb fat disk (not partition, the whole 3Gb disk) full of windoze shit. Then, due to time limits, made some of sort of backup of the mess with dd and put Puffy into that disk (dedicated install). The problem is that management needs some of that stuff back <..>. I would be grateful if anybody could give any hints on how to grep the 3Gb backup image for any msdosfs patterns so that I could get at least some of the individual files back. Sorry for asking it like that instead of just reading mount_msdos src silently - maybe someone had this before.. I am posting this to misc@ because Puffy is the only OS I run. Do you have access to a Windows machine? The best file recovery applications for FAT file systems I have found, are Windows apps, oddly enough. I have had great success with "Get Data Back". It is comparatively very cheap yet was the best I have tried even amongst file recovery apps costing thousands. They sell the FAT and NTFS versions separately. In fact it finds files from multiple old file-systems which even the "Forensic Tool Kit" does not find. I have used GDB ($ $) to compliment FTK () in the past. Last time I tried GDB, I believe it accepted images as one large image, or images broken up into portions, but with the limitation that the portions must be 688,128,000 bytes in size. If you need to run GDB on a system limited to 2GB files, then use split(1) to break the big dd image into the size GDB needs. The standard suffix split uses is fine for GDB. Run GDB against the files, answer a few simple questions and after a while you might find a file listing of the old files, ready to be copied off. BTW, GDB *can* get data back even if both FAT's are completely gone (it has for me). http://www.runtime.org/gdb.htm BTW, I have no affiliation with Runtime. It just saved my bacon once under a pretty bleak situation (girlfriends data! Yikes). I've since recommended it to others who also found it to get their data back. A friend of mine had a motherboard die, he was using the motherboards built in IDE "RAID" 0. I told him about GDB, I thought he tried it and it worked for him. But I've since noticed that Runtime now has recovery software specifically for disks used in a RAID, which might have been what he used. Regardless, Runtime even got his files back. Good luck, Shane
Re: Where to start studying OpenBSD networking code
Hi Joakinen, On 2006.06.28, at 11:24 PM, joakinen wrote: Is there any "diagram" of how every piece of code retales to the others? I don't know how relevant it is to OpenBSD, if at all, but I seem to remember getting a BSD TCP/IP network stack diagram poster with the boxed set of TCP/IP Illustrated (1-3). Shane
Re: lightweight openbsd
Eliah, On 2006.06.27, at 12:08 PM, Eliah Kagan wrote: On 6/26/06, Damien Miller wrote: just please don't bug people on OpenBSD lists about private hacks like this. I, for one, find discussion about private hacks like this to be valuable. And I think it falls under the heading of, "Miscellaneous discussion about OpenBSD", which happens to be the official description for this list. Except that a private hacking apart of OpenBSD leaves something which is no longer OpenBSD and thus not pertinent to this list. The resulting discussion is due to the breakage's, not OpenBSD and is just going to waste the time of people interested in the real thing. If there was enough interest in a whittled down OpenBSD, then they could make their own list. Shane
Re: Pulled out an old song..
Hi Jason, On 2006.06.16, at 6:05 PM, Jason Stubbs wrote: Very interesting article. However, I still don't see how ripped audio might change on each ripping. CD audio data was designed to be constantly streamed. Read into a FIFO buffer, which in turn is read from a DAC with quartz precision. The disc spinning speed does not need to be constantly accurate since the FIFO employs low and high watermarks. This causes the disc to be constantly sped up and slowed down with the result being a duty cycle of slower and faster spinning which averages out to the correct spin speed. This is to keep data in the FIFO, but never completely filled or allowed to empty. Without the FIFO, this would not be acceptable since the sound would speed up and slow down and pitch would suffer. As a result CD's would need to spin very accurately and this would be a lot harder and more expensive to do and not be able to match the accuracy allowed with a FIFO. These particular FIFO's can be written to, read from and provide watermark signals independently at differing speeds, without either blocking any other. This constant streaming design is perfect for what CD audio was designed for: to play audio CD's in audio CD players. ; ) CD audio data was not designed to allow stopping and starting with the expectation that the data will marry bit perfect without any redundancy or loss. When you press pause/play on a CD player, it is unlikely that you are going to notice a small portion of data loss or a small portion of music which already played, so the limited addressing (not block perfect) is acceptable in the intended application. However, if you could capture each portion and then play them one after the other without the pause, you are likely to notice a stutter (redundancy occurs) and/or a click/pop (redundancy or loss occurs). Since computers like to work in portions, ripping audio from a CD can cause the requests to start and stop, instead of constantly stream. But the format is not designed to gracefully handle that. This can cause errors (repeated data or lost data) which differ with each rip, due to conditions not necessarily being the same each time (and of course a single bit error will cause a different hash). This is why CD paranoia exists. CD paranoia reads back a little with each new portion of the stream read and then tries to find where the overlapping data at the end of the previous stream matches the beginning of the new stream. It then joins them so that there should hopefully be no repeated or lost data, discarding the redundant data in the process. The use of CD paranoia will increase the chances of getting the same hash from a rip, but it can only do the best with what it is given from the drive under variable conditions. Also, CD audio data has weaker error detection/correction than CDROM data, so marginal reads have a greater chance of giving differing results. Combine the random nature of noise with marginal data and weak error detection and that noise can colour the output in an unpredictable fashion which is not constantly repeatable. It would not surprise me if you could get exact same hashes on subsequent rips, but it also would not surprise me if you did not. Shane
Re: system lock-up - RTFM?
On 2006.06.07, at 2:42 PM, Breen Ouellette wrote: Did you actually read and then understand my original post? Yes. I replied because I just wanted to clarify that memtest86 can be used to identify bad memory down to a stick, through the use of it and a thorough testing process. Telling someone new to memtest86 that it detects bad memory sticks is misleading and could give them a nice headache if their problem is not the stick. If they read the "Troubleshooting Memory Errors" info for memtest86, linked to from the old site and the new site, they'll see that to isolate the defective stick, they can remove, rotate or replace modules to see what device the error follows. Like anything, memtest86 is a tool which can be used well or misused. It is up to the user to put the required effort into getting the most of it. Memtest86 can be used to detect bad memory sticks. It just does not isolate to a stick on it's own. It should be obvious to anyone, that some sort of elimination process will be required, once they have run it once. You seem to think that I disagree with you? I am merely clarifying my point of view which seems to be the same as yours. I can think of a situation which could be quite interesting to isolate a stick. Old BX motherboards with 4 SDRAM slots. Many could not power all 4 modules if they were particularly power hungry modules. Those motherboards typically supported memory modules without built in buffering (buffering in the electronic sense to keep digital states within required tolerances) and if the chipset was close to the maximum power it could deliver to the RAM, then errors would be all over the place and mostly non-repeatable. Rotating or replacing modules would thus be pointless. Worse still, removing modules might give the incorrect impression of finding a faulty module, when in fact it was a power delivery problem and removing *any* of the modules would have the same effect. Shane
Re: system lock-up - RTFM?
Hi Breen, On 2006.06.07, at 4:39 AM, Breen Ouellette wrote: Of course not. It doesn't even tell you if your memory is bad. It can if you use it to identify a potentially faulty module and then move that module to another slot or machine and the problem follows the module (as reported by memtest86), instead of following the machine or original "problem" slot. I have a faulty DDR2 SODIMM in my laptop which memtest86 shows to fail in the same place every single time. This machine has 2 SODIMMS. If I swap their positions in the memory slots in my laptop, memtest86 shows the errors follow the module to the other slot, while showing the original potentially faulty slot to be fine. Same deal if I swap the memory between my laptop and my girlfriends. Problem follows module. I take that as memtest86 being able to tell me that my memory is bad. It's the same as with many tools. As you already alluded to, you can get more accurate measurements with more thorough testing process. But as far as I am concerned, memtest86 can be used to identify bad memory. Shane
Re: one drive in a raid 0 failed, can I save any data?
Hi John, On 2006.06.02, at 1:57 AM, John Brahy wrote: For a couple weeks I was running without backups and one of the drives died. Is there a way to recover any of the data from the drives? How dead is the drive and how desperate are you? I have imaged a clients ide drive which was doing the "spin-up and keep spinning for a few minutes and then spin-down", thing. The slow disk death where you get excited about copying your data, then it dies mid-copy, you try lots of times to copy, it does the same thing each time and then the drive eventually never spins up again. What I did in that case, was image with Ghost and when the drive spins-down, pull the power plug on the drive alone, then plug it back in to get a few more minutes of copying. Keep doing that until the whole drive is imaged. Thankfully, this worked perfectly for me. I only mention Ghost because I have only tried this with Ghost and Ghost did actually tolerate this abuse and patiently waited for the drive to become responsive again and then continued. I don't know if this would work with other imaging type software. Seems scary, so I suppose if you want to try this you should do it on an expendable PC or perhaps an external enclosure. Ghost has a "forensic" option where it copies all data regardless of partition types and file-systems, which you'll need in this case since Ghost knows nothing about FFS and even if it did, it's striped. If you manage to get a full image, get an exact same drive and restore the image to it, then you might get lucky. Another thing I have seen successfully done when a drive would not spin-up at all, was a PCB swap from an exact same drive (model/ firmware). If you try this, image the drive and then restore to another disk. Since when I saw this done, the newly fixed drive with different PCB died only days later in the same way. As if something inside the drive killed something on the outer PCB. Good luck, I hope you have some option. Shane
Re: pf firewall question
On 2006.04.30, at 11:34 PM, S t i n g r a y wrote: enterprise firewall what is the diffrence between pf & MS ISA / cisco pix or checkpoint ? performance ? stability or features ? Marketing which is designed to put a fright into people who have responsibility for systems and data which are not theirs. That marketing then takes the frightened IT manager and gives them the warm fuzzies by talking about enterprise level support, SLA's, industry standards, well chosen (and seemingly bogus) TCO case studies and sometimes horror stories of people who did not choose to use them. It is all bullshit though. Because all that is designed to get your money and the enterprise systems cost in a big way... then they start talking about on-going support. I've worked in some places which had 5 figure (AU) support contracts for firewall, IDS, etc and the systems were flakey (reboot every few days to weeks!), the phone support was shit and the people that came out were clueless. The difference is marketing targeted to the people that matter to the vendor. The easily frightened managers and not the nerdy types who would rather put together a couple of decent quality machines with OpenBSD, pf and CARP, etc. Shane
Re: Linksys support... hmm
Hi Lasse, On 2006.04.30, at 8:38 PM, Lasse Bach wrote: "I also need to know if v5 of the WMP54G uses a Ralink Technology RT25x0 chip?" Are you unable to avoid it? Maybe someone on the mailing list can provide me with an answer to: 2. Why are such information not available to their customers? Because they suck (the company). I wonder if a PCI<->minipci card with a minipci RT25x0 based card might be good for you? From RAL(4): The following Mini PCI adapters should work: Amigo AWI-922W. Billionton MIWLGRL. Gigabyte GN-WIKG. MSI MP54G2. MSI MS-6833. Tonze PC-620C. Zinwell ZWX-G360. Shane
Re: OU812
On 2006.04.29, at 4:43 PM, Greg Thomas wrote: Wow, I guess we had to be there. Something like that. With only a few sleeps to go, some people are feeling silly for Puffy. It seems that a little silliness helps to fight against the sad seriousness of what OpenBSD is up against... http://www.openbsd.org/lyrics.html
Re: Port collection missing...
On 2006.04.29, at 2:04 AM, S t i n g r a y wrote: Well i just installed my First OpenBSD BOX :) feels good !!! but to install packages i cannot find ports collection in /usr how can i get them ? i am using 3.7 version. You have chosen to use 3.7 just days before it will be unsupported due to the 3.9 release date coming up (1st May). You might be better off re-installing 3.8 or waiting for 3.9.