dd image file to compact flash takes very long

[Didier Wiroth]

Hello,

I've build an image file with opensoekris for 256 mb sandisk compactflash.
The writing of the image file takes very long (102188 bytes/sec), see the 
output below (I interupted it after 20 minutes).

How long should it normally take to write a 256mb to  a compactflash card?
For me it takes about 42 minutes, is that normal?

Thanks for helping!
Didier

dd if=38c.2005-11-07-16.22.bin of=/dev/rsd1c bs=512  
238985+0 records in
238984+0 records out
122359808 bytes transferred in 1197.395 secs (102188 bytes/sec)
 1197.55 real 0.27 user 4.53 sys


fdisk: sysctl(machdep.bios.diskinfo): Device not configured
Disk: sd1   geometry: 245/64/32 [501760 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

 0: 000   0  0 -0   0  0 [   0:   0 ] unused  
 1: 000   0  0 -0   0  0 [   0:   0 ] unused  
 2: 000   0  0 -0   0  0 [   0:   0 ] unused  
*3: A60   1  1 -  244  63 32 [  32:  501728 ] OpenBSD  

Here is disklabel output:
# Inside MBR partition 3: type A6 start 32 size 501728
# /dev/rsd1c:
type: SCSI
disk: vnd device
label: fictitious
flags:
bytes/sector: 512
sectors/track: 32
tracks/cylinder: 64
sectors/cylinder: 2048
cylinders: 245
total sectors: 501760
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0 

16 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  c:501760 0  unused  0 0  # Cyl 0 -   244

LSI MegaRAID 320-1

[Per-Olov Sjöholm]

Is "LSI LOGIC MegaRAID SCSI 320-1" one of the supported MegaRAID cards on OBSD 
3.8?


Tnx
Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: Dual proc doesn't work on Compaq ProLiant DL360

[Uwe Dippel]

On Sat, 05 Nov 2005 15:24:00 +0100, Beck Zoltan Gyula wrote:

>   I have installed OpenBSD 3.8 on a Compaq ProLiant DL360 server, but I
> can't make the SMP work.

You did enable it in the BIOS, didn't you !?

Run a newer Knoppix on the box and count the number of penguins in the
upper left corner at boot. If it's two, the problem might be of OpenBSD.

HTH,

Uwe

Re: OT: 10 things i hate most on unix

[Hannah Schroeter]

Hello!

On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo Rios wrote:
>Hey folks,

>sorry, but i found this on the web. May someone tell if it is serious,
>i myself could not believe it.

>http://www.informit.com/articles/article.asp?p=424451&seqNum=1

I don't agree with most things, but a few comments:

"One-Way System Calls". There are solutions for that that work quite
well. Witness systrace, for example. Or Arla. Or the way kernel messages
get logged to files.

The critique on C is quite on point in my eyes. How many stack or heap
overflows we wouldn't incur if we used something having decent string
support and bounds checking, be it at compile-time or at run-time?

However, having C as the main low level system language is okay for me,
i.e. having the kernel and the basic userland libraries, startup, etc.
done in C just works fine. However for more high-level application code
I'd prefer working in a higher level language, binding needed
functionality in from C/C++ using the foreign function interface of the
higher level language. Alas, I'm forced to do most of my paid work in
C++ - but then, for me, C++ is mostly an improvement over C already, and
the integration of C code proper is easy, of course.

Kind regards,

Hannah.

Re: Setting up printer with cups Epson Stylus Photo 820

[Jacob Meuser]

On Sun, Nov 06, 2005 at 10:12:01PM +0100, Jasper Lievisse Adriaanse wrote:
> On Sun, 6 Nov 2005 14:08:04 -0600
> Jeff Roach <[EMAIL PROTECTED]> wrote:
> 
> > Not really. I want to use cups for network printing and it requires esp
> > ghostscript for which there is no port.
> I'm sort of working on that with a very low priority. I'll have a look at that
> again this week.

why?  do you really think everyone using the CUPS port is installing
their own ESP ghostscript?

> I'll try to fix an outdated gimp-print port too.

if you think the gimp-print port I posted to ports@ just a few days
ago is broken or outdated, then why did you not contact me?

-- 
<[EMAIL PROTECTED]>

OpenBGPD and eBGP nexthop

[per engelbrecht]

Hi All

[20051019 snap i386]

Last night I switched from our old BGP setup (fbsd/zebra) to our new 
obsd/openbgpd.

All but a single eBGP session to one of our peers was established.
The eBGP peer switched between 'active' and 'connected' and I could ping 
both nexthop IP and peer IP but still no candy. (bgpctl == great)

Getting 'established' to this peer normally takes from 4-6 min.
Finally rolled back to our old setup.

The [EMAIL PROTECTED] verified the IP part of my setup i.e. correct (new) 
nexthop IP etc.
Below I've listed first the Zebra part on the neighbor and further down 
the OpenBGPD part. If someone can spot a misconfiguration (I can't) then 
please speak up. I'm in a tight spot / at a dead-end.


  Fictive info:
  9 is our AS
  yyy.yyy.yyy.0 is the network that I announce
  yyy.yyy.yyy.1 is our router id

  6 is the remote-as
  aaa.aaa.aaa.163 is the local IP [on em0] facing the neithbor/peer
  aaa.aaa.aaa.161 is the new nexthop IP to the neithbor/peer
  xxx.xxx.xxx.99 is the neithbor/peer IP



...
router bgp 9
no synchronization
bgp log-neighbor-changes
network yyy.yyy.yyy.0 mask 255.255.192.0
redistribute static
neighbor xxx.xxx.xxx.99 remote-as 6
neighbor xxx.xxx.xxx.99 description eBGP
neighbor xxx.xxx.xxx.99 ebgp-multihop 10
neighbor xxx.xxx.xxx.99 send-community both
neighbor xxx.xxx.xxx.99 route-map BGPIN in
neighbor xxx.xxx.xxx.99 route-map BGPOUT out
(route-maps etc. left out)
...






...
#macros
peer0="xxx.xxx.xxx.99"

#global conf
AS 9
router-id yyy.yyy.yyy.1
listen on aaa.aaa.aaa.163
fib-update yes
log updates
network yyy.yyy.yyy.0/18 set localpref 200

#neighbors and peers
neighbor $peer0 {
   remote-as 6
   descr eBGP
   local-address aaa.aaa.aaa.163
   set nexthop aaa.aaa.aaa.161
   multihop 10
   set localpref 100
   set weight 45
   announce self
}

#filter
(Other that adding a few BOGON net from 
http://www.cymru.com/BGP/robbgp-bogon.html [double checked with IANA] 
then the original filter section is untouched)



Any help is highly appreciated.

/per
[EMAIL PROTECTED]

Symbios Logic 53C1030 error

[Per-Olov Sjöholm]

Hi misc


I have a server with a on board Symbios Logic 53C1030. I have set up mirroring 
and tried OpenBSD 3.8. When I start the installer and say I want the whole 
disk for OpenBSD I can see:

"Putting all of sd0 into an active OpenBSD MBR partition (type 
'A6')...fdisk:DIOCGDINFO: Input/output error"

dmesg output goes here:
(sorry for just attaching a part of it. I wrote it down by hand. I can if more 
is needed fix this.)
mpt0 at pci2 dev8 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11
mpt0: IM support: 6
scsibus0 at mpt0: 16 targets
sd0(mpt0:0:0): mpt0: timeout on request index=0xfe, seq=0x008a
mpt0: status 0x, Mask 0x0001, Doorbell 0x2400
mpt0: request state: On chip
sd0: drive offline



However... I can still partion and install the OS (even though it says drive 
offline). But the last partion in the table "e" which is /home (rest of the 
disk) failed. When I skipped that I could install the OS. When the OS was up 
I logged in to try to partition the rest of the disk as /home. When I did a 
newfs on it it yelled about write error on block x. If I took a smaller 
piece for /home it went ok. So far I thougt that there actually was some real 
error on the disk. So I removed one disk at the time and reinstalled the OS 
on a single disk. But it seems to yell for write errors on different places 
(often near the last block). But the OS seems to work OK if only the 
partitioning for the core OS partitions are OK.

When an error comes during a newfs it says:
sd0(mpt0:0:0): Check Condition (error 0x70) on opcode 0x2a
SENSE KEY: Illegal REquest
ASC/ASCQ: ASC 0x21 ASCQ 0x00
And then is also yell about the write error on block 



What is happening here?


Thanks in advance
Per-Olov Sjvholm
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Mail System Error - Returned Mail

[msmecca]

ALERT!

This e-mail, in its original form, contained one or more attached files that 
were infected with a virus, worm, or other type of security threat. This e-mail 
was sent from a Road Runner IP address. As part of our continuing initiative to 
stop the spread of malicious viruses, Road Runner scans all outbound e-mail 
attachments. If a virus, worm, or other security threat is found, Road Runner 
cleans or deletes the infected attachments as necessary, but continues to send 
the original message content to the recipient. Further information on this 
initiative can be found at http://help.rr.com/faqs/e_mgsp.html.
Please be advised that Road Runner does not contact the original sender of the 
e-mail as part of the scanning process. Road Runner recommends that if the 
sender is known to you, you contact them directly and advise them of their 
issue. If you do not know the sender, we advise you to forward this message in 
its entirety (including full headers) to the Road Runner Abuse Department, at 
[EMAIL PROTECTED]

This message was undeliverable due to the following reason(s):

Your message was not delivered because the destination computer was
unreachable within the allowed queue period. The amount of time
a message is queued before it is returned depends on local configura-
tion parameters.

Most likely there is a network problem that prevented delivery, but
it is also possible that the computer is turned off, or does not
have a mail system running right now.

Your message could not be delivered within 8 days:
Host 182.186.221.215 is not responding.

The following recipients could not receive this message:


Please reply to [EMAIL PROTECTED]
if you feel this message to be in error.
file attachment: message.zip



This e-mail in its original form contained one or more attached files that were 
infected with the [EMAIL PROTECTED] virus or worm. They have been removed.

For more information on Road Runner's virus filtering initiative, visit our 
Help & Member Services pages at http://help.rr.com, or the virus filtering 
information page directly at http://help.rr.com/faqs/e_mgsp.html. 

ALTQ-Bandwidth management is not working as expected

[scatman . b]

Hi everyone,

Problem:
Bandwidth management is not working as expected; instead of streaming data
inbound with 237 Kb/sec without bandwidth management, it drops to 29 Kb/sec
(tendency falling) with enabled bandwidth management

Test environment:
OpenBSD 3.7 or 3.8 (both tested); Pentium 3 or
Athlon XP (both tested), PF, ALTQ, PPPOE-Interface,
DSL 2000

Guessed fault:
ALTQ wasn't understood by me?!?

Story:
I'm trying to get bandwidth management to work with openbsd
for 6 weeks now. I read several posts, howtos and manuals.
I tried all supported schedulers. To isolate the problem I reduced
my original complexity to priq as scheduler. (Afterwards this
should change.) The Isolation brought the assumption the problem could
be me and my understanding about altq. So I'm asking you now.

pf.conf:
---pf.conf---
### MACROS & TABLES ###
#
#Define all interfaces
#
ext_if="pppoe0"
int_if="pcn0"

#
#Define privileged network address sets
#
nets_priv = "{ 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 }"

### OPTIONS ###
#
#Default behavior
#
##Define default response for block filters
set block-policy drop
##Define statistics logging on
set loginterface $ext_if

### TRAFFIC NORMALIZATION ###
#
#Filter traffic for unusual packets 
#
scrub in all

### QUEUEING ###
#
#Bandwidth management
#
##Define upstream parent queue (24Kb * 0,95 Overhead)
altq on $ext_if priq bandwidth 22Kb queue { up_default up_web up_quick }
##Define downstream parent queue (256Kb * 0,95 Overhead)
altq on $int_if priq bandwidth 243Kb queue { dn_default dn_quick }

##Define upstream child queues
queue up_default priq(default)
queue up_quick priority 7 priq

##Define downstream child queues
queue dn_default priq(default)
queue dn_quick priority 7 priq

### TRANSLATION ###
#
#NAT for the external traffic
#
nat on $ext_if from $int_if:network to any -> ($ext_if)

#
#Redirections
#
##Redirect FTP clients to FTP proxy WITHOUT FIREWALL
rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021

### PACKET FILTERING ###
#
#Default filter
#
block log all

#
#Loopback interface traffic
#
pass quick on lo0 all

#
#Filter and queue external interface traffic
#
##Deny incoming or outgoing priviliged network address sets
block in quick on $ext_if from $nets_priv to any
block out quick on $ext_if from any to $nets_priv 
##Allow incoming traffic to ftp proxy; keep the state
pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
##Allow incoming ping request to router; keep the state
pass in on $ext_if inet proto icmp from any to $ext_if icmp-type 8 code 0
keep state
##Assign upstream traffic to queues; keep the state
pass out on $ext_if keep state queue(up_default up_quick)

#
#Filter and queue internal interface traffic
#
##Allow incoming traffic from internal network; do not keep the state
pass in on $int_if from $int_if:network to any
##Assign outgoing traffic from other interfaces to queues for downstream; do
not keep the state
pass out on $int_if from any to $int_if:network queue(dn_default dn_quick)

#
#Deny spoofing
#
antispoof for $ext_if
antispoof for $int_if
---pf.conf---

Thank you for your assistance,
Benjamin

-- 
10 GB Mailbox, 100 FreeSMS/Monat http://www.gmx.net/de/go/topmail
+++ GMX - die erste Adresse f|r Mail, Message, More +++

OpenBSD 2.5 T-shirt

[Jeff Roach]

Hello,

Is it possible to get one of these t-shirts in the U.S. and without having
to pay an $80 insurance fee?

Thanks.

Jeff

Re: OT: 10 things i hate most on unix

[Shane J Pearson]

On 07/11/2005, at 1:17 PM, [EMAIL PROTECTED] wrote:


"Everything is a stream of bytes."


Reminds me of that saying which goes something like...

"How do you eat an elephant? One mouthful at a time."


Microsoft tries to put the whole elephant in its mouth all at once, then
dies choking on it. Then the elephant it blamed.


Shane J Pearson

Re: LSI MegaRAID 320-1

[Aaron Glenn]

On 11/7/05, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> Is "LSI LOGIC MegaRAID SCSI 320-1" one of the supported MegaRAID cards on OBSD
> 3.8?

http://www.openbsd.org/cgi-bin/man.cgi?query=ami&arch=i386&sektion=4

is it really that hard?

Re: Setting up printer with cups Epson Stylus Photo 820

[Jacob Meuser]

On Sun, Nov 06, 2005 at 02:08:04PM -0600, Jeff Roach wrote:
> Not really. I want to use cups for network printing and it requires esp
> ghostscript for which there is no port. Also, gutenprint provides newer
> drivers than gimp-print.

CUPS does _not_ require ESP ghostscript!

yes, the few PPD files that come with CUPS reference pstoraster
from ESP ghostscript ... but you don't need to use them.

do you really think I would make those ports and say they work
with CUPS if they didn't?

-- 
<[EMAIL PROTECTED]>

Re: pptp-linux to access Microsoft VPN servers

[Vjacheslav V. Borisov]

Has anyone working pptp-linux client to access MS VPN servers?
Could someone share config?


sysctl.conf

net.inet.gre.allow=1

ppp.conf

vpn:
 set device "!/usr/local/sbin/pptp  --nolaunchpppd"
 set authname 
 set authkey 
 add default HISADDR
 enable dns
 nat enable yes

Re: Setting up printer with cups Epson Stylus Photo 820

[Jasper Lievisse Adriaanse]

On Mon, 7 Nov 2005 01:00:00 -0800
Jacob Meuser <[EMAIL PROTECTED]> wrote:

> On Sun, Nov 06, 2005 at 10:12:01PM +0100, Jasper Lievisse Adriaanse wrote:
> > On Sun, 6 Nov 2005 14:08:04 -0600
> > Jeff Roach <[EMAIL PROTECTED]> wrote:
> > 
> > > Not really. I want to use cups for network printing and it requires esp
> > > ghostscript for which there is no port.
> > I'm sort of working on that with a very low priority. I'll have a look at 
> > that
> > again this week.
> 
> why?  do you really think everyone using the CUPS port is installing
> their own ESP ghostscript?
> 
> > I'll try to fix an outdated gimp-print port too.
> 
> if you think the gimp-print port I posted to ports@ just a few days
> ago is broken or outdated, then why did you not contact me?
Sorry, I didn't saw your recent postI was still using this one:
http://www.monkey.org/openbsd/archive/ports/0406/msg00303.html

I'll test your new ports this week.

Cheers,
Jasper
>   
> -- 
> <[EMAIL PROTECTED]>
> 


-- 
"Security is decided by quality" -- Theo de Raadt

Re: dd image file to compact flash takes very long

[Stuart Henderson]

--On 07 November 2005 17:14 +0100, Didier Wiroth wrote:


I've build an image file with opensoekris for 256 mb sandisk
compactflash. The writing of the image file takes very long (102188
bytes/sec), see the output below (I interupted it after 20 minutes).


Give dd a larger blocksize.

CF works in blocks of usually 16KB(128Kbit) - I think you need the 
card's datasheet to tell what this is, unless you test it empirically 
(e.g. dd with different size blocks and see when it reaches it's best 
transfer rate).


If you only send the card 512 byte blocks at a time, afaik the card has 
to erase, copy previous contents and append 512 bytes, repeatedly until 
each 'card-block' is full. Doing this kills performance, and won't help 
the life of your card (though they last pretty well anyway).



How long should it normally take to write a 256mb to  a compactflash
card? For me it takes about 42 minutes, is that normal?


It depends on the particular CF card, and the speed between the adapter 
and PC (e.g. USB2 or not). But the erase-write-read cycle of a 
too-small block size will almost certainly hide this.

Re: dd image file to compact flash takes very long

[knitti]

On 11/7/05, Didier Wiroth <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I've build an image file with opensoekris for 256 mb sandisk compactflash.
> The writing of the image file takes very long (102188 bytes/sec), see the 
> output below (I interupted it after 20 minutes).
>
> How long should it normally take to write a 256mb to  a compactflash card?
> For me it takes about 42 minutes, is that normal?

the last time i wrote to cf (sandisk 256 mb) was when I installed 3.7 to a
soekris (didn't dd an image, did a direct install via PXE). It was
(subjectively) much quicker, the whole install (including typing) was 
about 20 mins. The whole install (base, etc, misc+ python) consumed
about 130 mb.
otoh, on a soekris the cf card is wd0, not sd*, so it may depend on
your hardware, driver, etc. If you feel like someone should tell you
more about this, give at least a dmesg, so people can see what you
talk about.


--knitti

Deploying firewalls with obsd

[[EMAIL PROTECTED]]

Hi all,

 I would like to use a central management server for a couple of obsd 
firewalls. At this point I need to resolve two important questions for me:


a) Rules repository: which can be the best form?

  - putting rules via ssh on obsd firewalls from management ( or 
viceversa).


  - use a cvs repository from management server. In this case, how 
can I put rules on obsd??


  - another option??


b) Firewall logs: I don not need a graphical frontend at this moment. 
With tcpdump is sufficient. But, how can I upload logs in secure 
manner to managemnet server and how can I administer this logs (i need 
to do some searchs, etc)?. Is syslog my unique option??


Any ideas?? Thank you very much and sorry for my bad english.


--
CL Martinez
carlopmart {at} gmail {d0t} com

Re : Re: dd image file to compact flash takes very long

[Didier Wiroth]

Sorry I forgot to post my dmesg ;-((, here it is.

For curiosity, which size do your compactflash card have that you use on your 
embedded devices?

regards
didier

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg.boot]

Re: gettytab tweak quick question

[Andrew Daugherity]

On 11/4/05, Mike Keller <[EMAIL PROTECTED]> wrote:
> I am trying to display a login banner prior to login.
> With freebsd, this can be done by adding
> :if=/pathtosomefile: to the default setting of
> gettytab.  I did a man on gettytab and saw that
> OpenBSD's implementation does not support "if".
> Anyone been successful in doing this?  I am trying to
> display /etc/issue in the console right above the
> login prompt.  I am already displaying it with ssh
> connections.
>
> Thanks!
>
>
Looks like you'll have to change the input message:
 imstr   NULL  Initial (banner) message.

The "default" entry in /etc/gettytab already sets this (displaying the
system, hostname, and tty name), so modify it to say whatever you
want.

As you have already discovered, sshd_config has its own banner option
which is independent of getty.

-Andrew

Trigger on user logout?

[Uosis L]

Hi,

I'm trying to make an encrypted home directory which is
mounted/unmounted on login/logout.
Mounting it on login was the easy part ( with a custom login style ),
but is there any way to unmount it on logout ( short from modifying
init ) ? I want to alter the system as little as possible, so I'm
kinda reluctant to modify such a key component as init. I hope I
missed something, but the only places I see where those 2 function
calls (unmount and ioctl) could be inserted are the shell ( ugly ugly
) or the init.

If anybody has any ideas, I would really appreciate advice.

Thanks.

Mplayer & DVD problem

[Nikolaus Hiebaum]

Hi,

I recently upgraded to OpenBSD 3.8 and have a little problem with playing DVDs.
The problem is that the application (mplayer) opens and then exits.

Here is the error (I can send a dmesg if needed):

---BOF---
MPlayer 1.0pre7-3.3.5 (C) 2000-2005 MPlayer Team
CPU: Intel Pentium 4/Xeon/Celeron Foster (Family: 8, Stepping: 9)
Detected cache-line size is 64 bytes
CPUflags:  MMX: 1 MMX2: 1 3DNow: 0 3DNow2: 0 SSE: 1 SSE2: 1
Compiled with runtime CPU detection - WARNING - this is not optimal!
To get best performance, recompile MPlayer with --disable-runtime-cpudetection.

Playing dvd://.
Reading disc structure, please wait...
There are 10 titles on this DVD.
There are 1 chapters in this DVD title.
There are 1 angles in this DVD title.
DVD successfully opened.
MPEG-PS file format detected.
VIDEO:  MPEG2  720x576  (aspect 2)  25.000 fps  9780.0 kbps (1222.5 kbyte/s)
==
Opening audio decoder: [liba52] AC3 decoding with liba52
Using SSE optimized IMDCT transform
AC3: 2.0 (stereo)  48000 Hz  384.0 kbit/s
Using MMX optimized resampler
AUDIO: 48000 Hz, 2 ch, s16le, 384.0 kbit/25.00% (ratio: 48000->192000)
Selected audio codec: [a52] afm:liba52 (AC3-liba52)
==
vo: X11 running at 1024x768 with depth 24 and 32 bpp (":0.0" => local display)
==
Opening video decoder: [mpegpes] MPEG 1/2 Video passthrough
VDec: vo config request - 720 x 576 (preferred csp: Mpeg PES)
Could not find matching colorspace - retrying with -vf scale...
Opening video filter: [scale]
The selected video_out device is incompatible with this codec.
VDecoder init failed :(
Opening video decoder: [libmpeg2] MPEG 1/2 Video decoder libmpeg2-v0.4.0b
Selected video codec: [mpeg12] vfm:libmpeg2 (MPEG-1 or 2 (libmpeg2))
==
Checking audio filter chain for 48000Hz/2ch/s16le -> 48000Hz/2ch/s16le...
AF_pre: 48000Hz/2ch/s16le
ao2: 48000 Hz  2 chans  s16le [0x9]
AO: [sun] 48000Hz 2ch s16le (2 bps)
Building audio filter chain for 48000Hz/2ch/s16le -> 48000Hz/2ch/s16le...
Starting playback...
VDec: vo config request - 720 x 576 (preferred csp: Planar YV12)
VDec: using Planar YV12 as output csp (no 0)
Movie-Aspect is 1.33:1 - prescaling to correct movie aspect.
VO: [xv] 720x576 => 768x576 Planar YV12
A:   0.5 V:   0.5 A-V:  0.020 ct:  0.024   7/  7 ??% ??% ??,?% 0 0


Exiting... (End of file)
--EOF---

Can anybody tell me what's wrong here and how it can be fixed?

Thanks,
Nick

Re: Setting up printer with cups Epson Stylus Photo 820

[Peter Hessler]

On Mon, Nov 07, 2005 at 12:38:09AM -0800, Jacob Meuser wrote:
:On Sun, Nov 06, 2005 at 02:08:04PM -0600, Jeff Roach wrote:
:> Not really. I want to use cups for network printing and it requires esp
:> ghostscript for which there is no port. Also, gutenprint provides newer
:> drivers than gimp-print.
:
:CUPS does _not_ require ESP ghostscript!
:
:yes, the few PPD files that come with CUPS reference pstoraster
:from ESP ghostscript ... but you don't need to use them.
:
:do you really think I would make those ports and say they work
:with CUPS if they didn't?
:
:-- 
:<[EMAIL PROTECTED]>
:

Then how would you use CUPS w/o ESP ghostscipt?  I'm quite new to CUPS 
and when I follow the documentation (`lpadmin -p LaserJet -E -v 
socket://printer:9100 -m laserjet.ppd`.  the web interface requires 
passwords, and doesn't accept my login information.)  any attempt to 
print is canceled for my convienence.


-- 
Alexander Graham Bell is alive and well in New York, and still waiting
for a dial tone.

Re: Dual Head Graphic Card

[Arnaud Bergeron]

On 11/6/05, Gustavo Rios <[EMAIL PROTECTED]> wrote:
> I was thinking about something like that:
>
> http://disjunkt.com/dualhead/
> http://cambuca.ldhs.cetuc.puc-rio.br/multiuser/
> http://www.ltn.lv/~aivils/
> http://www.itsopen.net/projects/x-hack/
> http://www.google.com/search?hl=en&lr=&safe=off&q=Linux+multi+local+X...
>

These are about running two instances of X on two monitors which
should be already possible (I have not tried!) with base system + base
X.  What you are asking is to run ttys on both monitors which is not
possible (for the moment at least).

> What i need is not to proliferate desktop around.
>
> 2005/11/6, Nick Holland <[EMAIL PROTECTED]>:
> > Gustavo Rios wrote:
> > > Dear friends,
> > >
> > > mo desktop box's graphic card has support for two monitor. I have two
> > > sets containing each: 1 monitor, 1 mouse and 1 keyboard. The mouse and
> > > keyboard are connected to the monitor via USB. I wonder if i could
> > > have a configuration like that:
> > >
> > > I would like to have the first 5 ttys connected to the one set of
> > > devices, and the second set holding the seconds 5 ttys.
> > >
> > > The ideia is to be able to have two users connected independently to a
> > > single desktop.
> > >
> > > Could i made my self clear about my goal? Is that possible to achieve?
> > >
> > > Thanks in advance for your time and cooperation.
> > >
> > > Best regards.
> >
> > Of course it is possible.  Just write enough code.
> >
> > Don't waste your time.
> >
> > Add an old, second computer pulled out of the trash to the puzzle, run X
> > on it, and use it as an X terminal for the first.  You have accomplished
> > your stated goal using tools the way they were intended to be used,
> > rather than twisting them in ways they were not intended.  Plus, you
> > have much greater scalablity -- what do you do for the THIRD, fourth, or
> > twentieth user on your system?  With my recommendation, just add more
> > "junk" computers.  Your idea?  Not going to happen.
> >
> > Nick.
>
>


--
"They allowed us to set up a separate division almost, that is physically,
geographically, psychologically and spiritually different from what Bill
himself calls the Borg"
 - Peter Moore, V.P. in charge of Xbox 360 marketing at Microsoft.

Re: LSI MegaRAID 320-1

[Stuart Henderson]

--On 07 November 2005 09:56 -0800, Aaron Glenn wrote:


On 11/7/05, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:

Is "LSI LOGIC MegaRAID SCSI 320-1" one of the supported MegaRAID
cards on OBSD 3.8?


http://www.openbsd.org/cgi-bin/man.cgi?query=ami&arch=i386&sektion=4
is it really that hard?


Yes - 320 and 320-2e are listed and 320-1 isn't. It's probably wise to 
be cautious before spending several hundred (pounds|dollars|euros|...) 
on a card. Compare with wireless and ethernet nics. You have to 
double-check the exact hardware revision and still you can't always 
tell. And that's for something costing much less than a raid controller.


Googling suggests 320-1 is the same as PERC4/SC which is listed. I 
haven't personally seen one, but I really doubt there'd be a problem 
(and if there is I expect Marco would like to hear about it).


fwiw, CERC-ATA (aka MegaRAID i4) works for sure but isn't listed.

If anyone has any other ami(4) that's not listed, email me the 
manufacturer/model name offlist and I'll collate them into diffs for 
ami.4 and the supported-hardware lists.

Re: dd image file to compact flash takes very long

[Chris Kuethe]

Last time I did this, I used the block device, rather than the
character device. Also, I think I used 2KB blocks, instead of 512B.

And then I found it was much faster to build a proper filesystem on
the CF, mount it, populate it with tar/cpio/restore and then do the
installboot.

CF isn't noted for it's blazing speeds, but have a look at your dmesg
to see what it says about the CF card. PIO ___,  ___ sector transfers.
Some of my faster CF cards can do 2 or 4 sector transfers.

CK

On 07/11/05, Didier Wiroth <[EMAIL PROTECTED]> wrote:
> Hello,
>
> I've build an image file with opensoekris for 256 mb sandisk compactflash.
> The writing of the image file takes very long (102188 bytes/sec), see the 
> output below (I interupted it after 20 minutes).
>
> How long should it normally take to write a 256mb to  a compactflash card?
> For me it takes about 42 minutes, is that normal?
>
> Thanks for helping!
> Didier
>
> dd if=38c.2005-11-07-16.22.bin of=/dev/rsd1c bs=512
> 238985+0 records in
> 238984+0 records out
> 122359808 bytes transferred in 1197.395 secs (102188 bytes/sec)
>  1197.55 real 0.27 user 4.53 sys
>
>
> fdisk: sysctl(machdep.bios.diskinfo): Device not configured
> Disk: sd1   geometry: 245/64/32 [501760 Sectors]
> Offset: 0   Signature: 0xAA55
>  Starting   Ending   LBA Info:
>  #: idC   H  S -C   H  S [   start:  size   ]
> 
>  0: 000   0  0 -0   0  0 [   0:   0 ] unused
>  1: 000   0  0 -0   0  0 [   0:   0 ] unused
>  2: 000   0  0 -0   0  0 [   0:   0 ] unused
> *3: A60   1  1 -  244  63 32 [  32:  501728 ] OpenBSD
>
> Here is disklabel output:
> # Inside MBR partition 3: type A6 start 32 size 501728
> # /dev/rsd1c:
> type: SCSI
> disk: vnd device
> label: fictitious
> flags:
> bytes/sector: 512
> sectors/track: 32
> tracks/cylinder: 64
> sectors/cylinder: 2048
> cylinders: 245
> total sectors: 501760
> rpm: 3600
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> # sizeoffset  fstype [fsize bsize  cpg]
>   c:501760 0  unused  0 0  # Cyl 0 -   244
>
>


--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re : Re: Re : Re: dd image file to compact flash takes very long

[Didier Wiroth]

hi,
With a blocksize of 2048, 
it took 10 minutes now, far better ... :-)) 


- Message d'origine -
De: knitti <[EMAIL PROTECTED]>
Date: Lundi, Novembre 7, 2005 8:07 pm
Objet: Re: Re : Re: dd image file to compact flash takes very long

> On 11/7/05, Didier Wiroth <[EMAIL PROTECTED]> wrote:
> > For curiosity, which size do your compactflash card have that you 
> use on your embedded devices?
> 
> 256mb is very practical: a standard install is around half of it, 
> so I've
> got plenty of space left for whatever. but i also won't get any 
> smallersizes for a reasonable price.
> 
> > [demime 1.01d removed an attachment of type application/octet-
> stream which had a name of dmesg.boot]
> bad luck. try posting your dmesg inline ;)
> 
> 
> --knitti

Re: Deploying firewalls with obsd

[Stuart Henderson]

b) Firewall logs: I don not need a graphical frontend at this moment.
With tcpdump is sufficient. But, how can I upload logs in secure
manner to managemnet server and how can I administer this logs (i
need to do some searchs, etc)?. Is syslog my unique option??


There are good articles at  which deal 
with this.

Re: Trigger on user logout?

[ober]

Put a umount command in the ~/.logout?
Should work for csh atleast.

-Ober

On Mon, 7 Nov 2005, Uosis L wrote:


Hi,

I'm trying to make an encrypted home directory which is
mounted/unmounted on login/logout.
Mounting it on login was the easy part ( with a custom login style ),
but is there any way to unmount it on logout ( short from modifying
init ) ? I want to alter the system as little as possible, so I'm
kinda reluctant to modify such a key component as init. I hope I
missed something, but the only places I see where those 2 function
calls (unmount and ioctl) could be inserted are the shell ( ugly ugly
) or the init.

If anybody has any ideas, I would really appreciate advice.

Thanks.

Re: PHP-MySQL-Apache madness!

[Pedro Timoteo]

PHP and MySQL compile and install fine, but Apache exits with no error
codes in this configuration. I have put Apache in debug mode and it
still exits with no error codes! When I remove the PHP module, Apache
starts fine. PHP works fine on the command line. MySQL fine works on
the command line.
  


I had exactly this problem in OpenBSD 3.7, when using PHP (both 4.4 and 
5.0.x) and MySQL 4.1.x. Apache simply didn't start, but gave no error 
message at all. If I disabled PHP, it did start. I thought it was PHP, 
so fiddled around with options, versions and so on, and nothing helped.


Downgrading to MySQL 4.0.x (the version in the ports, in fact) and 
recompiling PHP (any version) solved the problem.

Bridge with three IFs

[Badbanchi Hossein]

Hi list!
I sent the following email on Saturday. 
Just thought maybe it was because of weekend that I got no feedback!
Will try my luck one last time, and already apologize for this.

Hi,
I want to implement an OpenBSD based bridge with three interfaces (and a fourth 
one only for management access).

The bridge should dispatch the incoming traffic on eth0 to either eth1 or eth2 
based on the MAC Address of the ingress packet. If the sender's MAC address is 
**known** (already entered in a certain table) then it should be sent out via 
eth1 to its real destination, and otherwise it should go out through eth2 to 
its real destination OR to a predefined/fixed destination based on 
protocol/port!

I have searched Internet, but there you find mostly tiresome discussions about 
MAC Filtering not being enough, rather than how to implement this "not enough" 
technique!

Can anyone provide me with a working configuration which could help in defining 
appropriate rules for the above scenario.

I don't know if everything can be done in pf.conf alone, or there should be 
some additional rules (with brconfig) tagging packets to be later appropriately 
handled by pf?

Thanks already for any help.

Regards,
H. Badbanchi

Re: Trigger on user logout?

[Richard P. Koett]

Uosis L wrote:
> Hi,
> 
> I'm trying to make an encrypted home directory which is
> mounted/unmounted on login/logout.
> Mounting it on login was the easy part ( with a custom login style ),
> but is there any way to unmount it on logout ( short from modifying
> init ) ? I want to alter the system as little as possible, so I'm
> kinda reluctant to modify such a key component as init. I hope I
> missed something, but the only places I see where those 2 function
> calls (unmount and ioctl) could be inserted are the shell ( ugly ugly
> ) or the init.
> 
> If anybody has any ideas, I would really appreciate advice.
> 
> Thanks.

I'm not sure why you say using the shell is ugly. With /bin/sh
you could add something like this to your .profile:

trap "/sbin/umount $HOME" EXIT

Re: Re : Re: dd image file to compact flash takes very long

[Chris Kuethe]

On 07/11/05, Didier Wiroth <[EMAIL PROTECTED]> wrote:
> For curiosity, which size do your compactflash card have that you use on your 
> embedded devices?

256M. You can fit bsd+base+etc+man into 128M if you delete some stuff,
but as it's getting difficult and expensive to find things smaller
than 256M, you may as well go with the the quarter gig. Also, you have
room for logs that way.

On the subject of logging to CF, I'm now running my CF cards rw, and
using them like a normal disk. I've been doing this for at least 6
months now, and I'll post something when I start seeing failures.

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: Trigger on user logout?

[Ted Unangst]

On 11/7/05, Uosis L <[EMAIL PROTECTED]> wrote:
> I'm trying to make an encrypted home directory which is
> mounted/unmounted on login/logout.
> Mounting it on login was the easy part ( with a custom login style ),
> but is there any way to unmount it on logout ( short from modifying
> init ) ? I want to alter the system as little as possible, so I'm
> kinda reluctant to modify such a key component as init. I hope I
> missed something, but the only places I see where those 2 function
> calls (unmount and ioctl) could be inserted are the shell ( ugly ugly
> ) or the init.

you could have a cronjob run every 5 minutes, and if no process owned
by that user is running, unmount the file system.

Re: Trigger on user logout?

[Uosis L]

Thanks for advices.

All these methods would definitely work, but the problem with shell
logout file is that vnconfig/umount both need to be executed as root.
Of course, its possible to make it work that way ( with sudo, suid
bit, etc ), but that would be kinda complicated ( there would have to
be an extra suid program which does the real work ). Cron job is an
interesting idea, but the problem with that is the time delay before
filesystem becomes inaccessible. What I'm trying to do is to make all
this mechanism transparent to the shell ( something similar to the
login styles ), but I get the feeling that I'll have to go with the
logout file approach...


On 11/7/05, Richard P. Koett <[EMAIL PROTECTED]> wrote:
> Uosis L wrote:
> > Hi,
> >
> > I'm trying to make an encrypted home directory which is
> > mounted/unmounted on login/logout.
> > Mounting it on login was the easy part ( with a custom login style ),
> > but is there any way to unmount it on logout ( short from modifying
> > init ) ? I want to alter the system as little as possible, so I'm
> > kinda reluctant to modify such a key component as init. I hope I
> > missed something, but the only places I see where those 2 function
> > calls (unmount and ioctl) could be inserted are the shell ( ugly ugly
> > ) or the init.
> >
> > If anybody has any ideas, I would really appreciate advice.
> >
> > Thanks.
>
> I'm not sure why you say using the shell is ugly. With /bin/sh
> you could add something like this to your .profile:
>
> trap "/sbin/umount $HOME" EXIT

Re: Dual proc doesn't work on Compaq ProLiant DL360

[Beck Zoltan Gyula]

I tried and worked with linux :(

On Mon, 7 Nov 2005, Uwe Dippel wrote:

> On Sat, 05 Nov 2005 15:24:00 +0100, Beck Zoltan Gyula wrote:
>
> >   I have installed OpenBSD 3.8 on a Compaq ProLiant DL360 server, but I
> > can't make the SMP work.
>
> You did enable it in the BIOS, didn't you !?
>
> Run a newer Knoppix on the box and count the number of penguins in the
> upper left corner at boot. If it's two, the problem might be of OpenBSD.
>
> HTH,
>
> Uwe

Re: Trigger on user logout?

[Will H. Backman]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Uosis L
> Sent: Monday, November 07, 2005 3:29 PM
> To: Richard P. Koett
> Cc: misc@openbsd.org
> Subject: Re: Trigger on user logout?
> 
> Thanks for advices.
> 
> All these methods would definitely work, but the problem with shell
> logout file is that vnconfig/umount both need to be executed as root.
> Of course, its possible to make it work that way ( with sudo, suid
> bit, etc ), but that would be kinda complicated ( there would have to
> be an extra suid program which does the real work ). Cron job is an
> interesting idea, but the problem with that is the time delay before
> filesystem becomes inaccessible. What I'm trying to do is to make all
> this mechanism transparent to the shell ( something similar to the
> login styles ), but I get the feeling that I'll have to go with the
> logout file approach...

I guess this means that the home directory is encrypted in a way that
the user's login password ends up protecting the directory.  In your
setup, would someone with access to the physical disk be able to change
the user's password and then login as that user?

Re: Trigger on user logout?

[Richard P. Koett]

Uosis L wrote:
> Thanks for advices.
> 
> All these methods would definitely work, but the problem with shell
> logout file is that vnconfig/umount both need to be executed as root.

I think you can work around that requirement with kern.usermount and
file permissions. Have a look at:

http://www.monkey.org/openbsd/archive/misc/0309/msg01664.html

Re: Bridge with three IFs

[Bret Lambert]

http://www.openbsd.org/faq/pf/tagging.html

At the end of that, there's a section titled
"Tagging Ethernet Frames" which tells you how
to do what you want.

- Bert

Re: LSI MegaRAID 320-1

[Per-Olov Sjöholm]

On Monday 07 November 2005 18.56, Aaron Glenn wrote:
> On 11/7/05, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> > Is "LSI LOGIC MegaRAID SCSI 320-1" one of the supported MegaRAID cards on
> > OBSD 3.8?
>
> http://www.openbsd.org/cgi-bin/man.cgi?query=ami&arch=i386&sektion=4
>
> is it really that hard?

Yes it is that hard!

First... I can read the man pages and i DO read it (before postings).

If you think this is easy... Maybe you can tell why the man page have two 
"MEGARAID 320" statements. One with "MEGARAID 320" and one "MEGARAID 320-2E"?
Why would I know that "MEGARAID 320-1" is a "MEGARAID 320" when  "MEGARAID 
320-2E" is not? Please tell me. I bet other ordinary users are wondering as 
well...


I was 99% sure it was supported after reading the man page. But after Mr Alex 
Lee replied and told me he used these MEGARAID 320-1 in both 3.7 and 3.8 I am 
now 100% sure (Thank you Alex Lee).

The compat list is not always that clear. How many people know that the LSI 
Logic 150-4 and 150-6 MegaRAID cards are actually known as the compatible 
card "LSI/Symbios 523 SATA"?. I did not until Marc Peereboom told me. I read 
the bios update readme for the 150-4 that on a row mentioned "LSI 523". So I 
thought it worked before Marco told me. But I was only 99% sure... 

Why don't put in 320-1, 150-4, 150-6 cards and the others that are known to 
work on the man page to make it easier for people...

Regards
Per-Olov
-- 
GPG keyID: 4DB2 83CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: Dual proc doesn't work on Compaq ProLiant DL360

[Byron Morton]

+++ Beck Zoltan Gyula [Sat, Nov 05, 2005 at 03:24:00PM +0100]:
> Hi!
> 
>   I have installed OpenBSD 3.8 on a Compaq ProLiant DL360 server, but I
> can't make the SMP work. Here is my dmesg:
> 
>   Best Regards
> Zoltan Beck
> 
> OpenBSD 3.8 (GENERIC.MP) #298: Sat Sep 10 15:51:54 MDT 2005
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
> cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 
> 1.27 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
> real mem  = 2147049472 (2096728K)
> avail mem = 1953083392 (1907308K)
> using 4278 buffers containing 107454464 bytes (104936K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf
> pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
> pcibios0: PCI BIOS has 6 Interrupt Routing table entries
> pcibios0: PCI Interrupt Router at 000:15:0 ("ServerWorks ROSB4 SouthBridge" 
> rev 0x00)
> pcibios0: PCI bus #1 is the last bus
> bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xe8000/0x6000 0xee000/0x2000!
> cpu0 at mainbus0: (uniprocessor)
> cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 
> 1.27 GHz
> cpu0: 
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06
> pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06
> pci1 at pchb1 bus 3
> fxp0 at pci1 dev 4 function 0 "Intel 82557" rev 0x08, i82559: irq 7, address 
> 00:02:a5:8c:9d:76
> inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
> fxp1 at pci1 dev 5 function 0 "Intel 82557" rev 0x08, i82559: irq 10, address 
> 00:02:a5:8c:9d:77
> inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
> cac0 at pci0 dev 1 function 0 "Symbios Logic 53c1510" rev 0x02: irq 3 Compaq 
> Integrated Array
> scsibus0 at cac0: 1 targets
> sd0 at scsibus0 targ 0 lun 0:  SCSI2 0/direct fixed
> sd0: 17359MB, 4357 cyl, 255 head, 32 sec, 512 bytes/sec, 35553120 sec total
> vga1 at pci0 dev 3 function 0 "ATI Mach64 GV" rev 0x7a
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> "Compaq Netelligent ASMC" rev 0x00 at pci0 dev 4 function 0 not configured
> ppb0 at pci0 dev 5 function 0 "Intel i960 RP PCI-PCI" rev 0x05
> pci2 at ppb0 bus 1
> "ATI Mach64 GV" rev 0x7a at pci2 dev 0 function 0 not configured
> "Intel 80960RP ATU" rev 0x05 at pci0 dev 5 function 1 not configured
> pcib0 at pci0 dev 15 function 0 "ServerWorks ROSB4 SouthBridge" rev 0x51
> pciide0 at pci0 dev 15 function 1 "ServerWorks OSB4 IDE" rev 0x00: DMA
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0:  SCSI0 5/cdrom 
> removable
> cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pmsi0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pmsi0 mux 0
> pcppi0 at isa0 port 0x61
> midi0 at pcppi0: 
> spkr0 at pcppi0
> sysbeep0 at pcppi0
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> biomask eb6d netmask efed ttymask ffef
> pctr: 686-class user-level performance counters enabled
> mtrr: Pentium Pro MTRR support
> dkcsum: sd0 matches BIOS drive 0x80
> root on sd0a
> rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

I had the same problem on a similar system. Ths works on my 1850R:
(note: requires you install the compaq utils on-disk to get to the 
settings). Perhaps it will work for you too...

http://marc.theaimsgroup.com/?l=openbsd-smp&m=109945626408248&w=2

HTH

-- 
byr0n

OT: Compact Flash Longevity; was Re: dd image file to compact flash takes very long

[Matt Garman]

On Mon, Nov 07, 2005 at 01:00:18PM -0700, Chris Kuethe wrote:
> On the subject of logging to CF, I'm now running my CF cards rw,
> and using them like a normal disk. I've been doing this for at
> least 6 months now, and I'll post something when I start seeing
> failures.

Are you using "regular" CF cards?  What is the role of the system
for which you did this (i.e. does a lot of writing occur)?

FYI, you can buy "industrial" compact flash cards which are supposed
to have a much longer read-write lifetime, for example:

http://www.logicsupply.com/product_info.php/cPath/44/products_id/334

Of course, I don't know if that's a legitimately more durable CF
card, or just marketing.

Has anyone else out there been brave enough to go rw on their CF
cards?  Results?

CF cards are so small and cheap (not to mention using very little
power and produce very little heat), it would be cool if you could
just plug two or three in there, only actually using one at a time.
If one started having problems, just go to the next (automatic
failover).  Hardware that did that automatically would be REALLY
nice, but I'm sure it wouldn't be too hard to do in software.

Matt

-- 
Matt Garman
email at: http://raw-sewage.net/index.php?file=email

Re: OT: Compact Flash Longevity; was Re: dd image file to compact flash takes very long

[C. Bensend]

> Of course, I don't know if that's a legitimately more durable CF
> card, or just marketing.
>
> Has anyone else out there been brave enough to go rw on their CF
> cards?  Results?

Henning has covered the lifespan of these things several times on
[EMAIL PROTECTED]

Benny


-- 
"Young lady, I yelled at you because that paperwork looked like it
had been done by a drunk four-year-old." -- Dr. Bob Kelso, "Scrubs"

Re: Trigger on user logout?

[Ted Unangst]

On 11/7/05, ober <[EMAIL PROTECTED]> wrote:
> Put a umount command in the ~/.logout?
> Should work for csh atleast.

until you login twice and logout once.

Re: OT: Compact Flash Longevity; was Re: dd image file to compact flash takes very long

[Chris Kuethe]

On 07/11/05, Matt Garman <[EMAIL PROTECTED]> wrote:
> Are you using "regular" CF cards?  What is the role of the system
> for which you did this (i.e. does a lot of writing occur)?

Yup, regular cards from one of the big-box retailers. I'm writing them
as /var/log

> FYI, you can buy "industrial" compact flash cards which are supposed
> to have a much longer read-write lifetime, for example:

> Has anyone else out there been brave enough to go rw on their CF
> cards?  Results?

Yes, Henning has covered this before, and I figured I'd just run the
card RW and see. Again, no problems. I have a big stack of CF cards so
when one dies I'm not totally up the creek...

CK

--
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: OpenBSD 2.5 T-shirt

[Jeff Roach]

The problem I was having was when clicking on the shirt to order it,
or going to the page you mentioned, it was not listed.  It also had
Euro listed below it instead of both Intl and Euro which made me
wonder if it was only available to Euro customers.

Problem solved though.  I called the shop and talked with Austin who
said they have a few left and will send one.

Thanks.

Jeff

On 11/7/05, L. V. Lammert <[EMAIL PROTECTED]> wrote:
> At 01:27 AM 11/7/2005 -0600, you wrote:
> >Hello,
> >
> >Is it possible to get one of these t-shirts in the U.S. and without having
> >to pay an $80 insurance fee?
>
> Yes and Yes.
>
> https://https.openbsd.org/cgi-bin/order
>
>  Lee

Re: LSI MegaRAID 320-1

[Rogier Krieger]

On 11/7/05, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:
> The compat list is not always that clear. How many people know that the LSI
> Logic 150-4 and 150-6 MegaRAID cards are actually known as the compatible
> card "LSI/Symbios 523 SATA"?

Probably, those that read the misc@ archives or those who posted to
that thread (such as yourself :)


> Why don't put in 320-1, 150-4, 150-6 cards and the others that are known to
> work on the man page to make it easier for people...

Still, I'd recommend finding a supplier that allows for returns should
the card turn out to be unsupported after all. Even after doing
thorough research (misc@, the CVS changes, Google, etc.), things can
still go wrong.

Given the stories of changes occurring in wireless chipsets without a
change in type number, not all manufacturers are entirely responsible.
I'd recommend to hedge your bets.

Cheers,

Rogier

--
If you don't know where you're going, any road will get you there.

Re: Trigger on user logout?

[Uosis L]

They definitely could change the password( just as in a regular
non-encrypted setup ). I simply modified login_passwd style a little
bit so that when user logins and authenticates via the regular method,
the same password is used to attach a vnd device, which is then
mounted. So yes, you could change the user( or even root) password
without even needing a physical access - root account would suffice
(but if you have root account you might just as well read the real
password from the memory ). But they would not be able to mount the
home directory. As far as I know the only way to avoid this is to
encrypt the entire root partition ( or at least /etc ).

On 11/7/05, Will H. Backman <[EMAIL PROTECTED]> wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of
> > Uosis L
> > Sent: Monday, November 07, 2005 3:29 PM
> > To: Richard P. Koett
> > Cc: misc@openbsd.org
> > Subject: Re: Trigger on user logout?
> >
> > Thanks for advices.
> >
> > All these methods would definitely work, but the problem with shell
> > logout file is that vnconfig/umount both need to be executed as root.
> > Of course, its possible to make it work that way ( with sudo, suid
> > bit, etc ), but that would be kinda complicated ( there would have to
> > be an extra suid program which does the real work ). Cron job is an
> > interesting idea, but the problem with that is the time delay before
> > filesystem becomes inaccessible. What I'm trying to do is to make all
> > this mechanism transparent to the shell ( something similar to the
> > login styles ), but I get the feeling that I'll have to go with the
> > logout file approach...
>
> I guess this means that the home directory is encrypted in a way that
> the user's login password ends up protecting the directory.  In your
> setup, would someone with access to the physical disk be able to change
> the user's password and then login as that user?

Re: Trigger on user logout?

[Uosis L]

That's a very good point. I guess the logout script would have to
check if there are any other processes from that user before
unmounting the filesystem. It would work the same way you suggested
with cron, except only called on logout, so it would have an immediate
effect.

On 11/7/05, Ted Unangst <[EMAIL PROTECTED]> wrote:
> On 11/7/05, ober <[EMAIL PROTECTED]> wrote:
> > Put a umount command in the ~/.logout?
> > Should work for csh atleast.
>
> until you login twice and logout once.

Re: Deploying firewalls with obsd

[James Mackinnon]

I have tried the syslog option, because it is udp it just sends off the
data and doesn't care if it makes it..
that sucks if you really want to make sure you have everything.

Put in mind, what I explain here is not real time, I pull mine down every
hour from the 34 server(s)

What I did was this

#DO ON ALL FIREWALLS
create an account on all firewalls, for this sake, lets call this account
centrallogs (MAKE PASSWORD VERY STRONG)

#Do On Central (Log) system
1. log in as the centrallogs user and create your private/public keys and
put your authorized_keys file (public key) in the .ssh directory of all
your remote firewalls of the centrallogs home directory
2. Create a folder in /var called pflogs and set rights to 770. Set owner
to be centrallog user
3. Next go into /home/centrallogs and make a new file called getlogs and
set the mode to 770
put this in this file

#Log files from remote firewalls
#firewall A
ssh [EMAIL PROTECTED] /usr/local/bin/./logroller
scp [EMAIL PROTECTED]:/var/log/pflog-* /var/pflogs/
ssh [EMAIL PROTECTED] rm /var/log/pflog-*

Firewall B
ssh [EMAIL PROTECTED] /usr/local/bin/./logroller
scp [EMAIL PROTECTED]:/var/log/pflog-* /var/pflogs/
ssh [EMAIL PROTECTED] rm /var/log/pflog-*

3. Create a crontab on the log server for the logrunner user
#Rotate PFLOgs and bring to central server
10  *   *   *   *   /home/centrallog/./getlogs


#Do on all remote firewalls
1. on your remote firewalls add this into /etc/sudoers
(What I have done here could be reduced alot as you only need to be able
to HUP pflogd. I wasn't sure what needed to be done here so I did it
this way at the moment ((Recommendations?)) )
centrallogs ALL=(ALL) NOPASSWD: ALL
2. go to /var and change the logs folder to 775
3. go into /usr/local/bin and create a file called rotatelogs and set
rights to 770
In this file put this

#!/bin/sh
# this file is used to roll over the PFLog file to a new file so that
# it can be transfered to the Corporate log server every 2 hours
DATE=$(date +%d%m%y%H)
HOSTNM=$(hostname -s)
sudo mv /var/log/pflog /var/log/pflog-$DATE$HOSTNM
chmod 660 /var/log/pflog-$DATE$HOSTNM
touch /var/log/pflog
sudo kill -HUP `cat /var/run/pflogd.pid`

3. comment out "#" the pflog entry in the newsyslog.conf file located
in /etc because we will handle that here with these processes



I believe that is all that is needed.
The first time this runs, it will give some errors regarding operation
not permitted and access denied, run it twice manually to start and it
should be good after that. it will give the same errors for every new
firewall added for the first run. I would suggest testing that the key
worked before leaving it as is

Login to the central log server as the centrallogs user and type ssh
[EMAIL PROTECTED] ls -l and see if it works without prompting for
a password. it should just return the file list in the centrallogs home
folder on the remote firewall.


This is a use at your own risk as I'm fairly new to this and I needed to
hack something up that would help me manage all my firewalls by keeping
my logs centrally but I am tossing this out to get feedback and maybe
helping you figure out what might work best for you.


I am interested in what you all think of the above, please note, I might
have missed a setup step or 2, but should you have any problems, feel
free to contact me outside of the list (don't want to annoy everyone)
and I will work on getting you the exact processes I did to build this,
including the process on building the keys (no passwords used when
making them btw)

Please put in mind that I have my firewalls only allowing SSH between
them and my accounts passwords are very secure.

I don't know what is a better option for this as I have tried a few but
this has worked 100% for me for the past 3 weeks.

I am doing this for 34 firewalls right now and as of today, I added some
extra steps to this to actually get all the data into hatchet on my
central server, but since my logs in 3 weeks are 4gig, I don't know if
hatchet will favor that so I have modified hatchet.cgi to handle
query's based on a specific querystring to output only what I need to
see.

Works very good to date and I'm happy with it, only thing I need now is
to know what I can use to join all my pflog files together for
each firewall as right now, I have a different one every hour for each
firewall.

Just wanted to toss a thanks out to Jason Dixon on Hatchet, works
great


James Mackinnon




On 11/7/2005, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote:

>Hi all,
>
>  I would like to use a central management server for a couple of obsd
>firewalls. At this point I need to resolve two important questions for me:
>
>a) Rules repository: which can be the best form?
>
>   - putting rules via ssh on obsd firewalls from management ( or
>viceversa).
>
>   - use a cvs repository from management server. In this case, how
>can I put rules on obsd??
>
>   - another option??
>
>
>b) Firewall logs: I don not need a graph

Telnet daemon retired in 3.8 ?

[Matthew S Elmore]

I cannot appear to locate a telnet daemon in 3.8 installs now. It 
appears to have silently disappeared between 3.7 and 3.8.


I see no mention of this in the release notes or after a cursory search 
of the mailing lists. It's possible it is mentioned somewhere and I am 
missing it.


I understand the advantages of ssh over telnet, but telnet is still 
heavily used in many environments.


Is it merely hiding somewhere or can someone recommend an alternative 
for me?


Regards,
Matt

Re: Telnet daemon retired in 3.8 ?

[J.D. Bronson]

At 05:28 PM 11/7/2005, Matthew S Elmore wrote:
I cannot appear to locate a telnet daemon in 3.8 installs now. It 
appears to have silently disappeared between 3.7 and 3.8.


I see no mention of this in the release notes or after a cursory 
search of the mailing lists. It's possible it is mentioned somewhere 
and I am missing it.


I understand the advantages of ssh over telnet, but telnet is still 
heavily used in many environments.


Is it merely hiding somewhere or can someone recommend an alternative for me?

Regards,
Matt



I noticed the same thing.I used to use telnet via the LAN and ssh 
via the WAN...and now run ssh on both. Thanks to a tip from this 
list, I used different configs..on the LAN, I use passwords, so ssh 
works very much like telnetd and on the WAN, I only permit publickeys 
for security.


HTH.

-JD

Re: Telnet daemon retired in 3.8 ?

[Jason Crawford]

telnetd was completely removed from the source tree around the end of may,
soon after 3.7 was released. As far as an alternative, why does sshd not
work? There are ssh daemons for almost all other operating systems, unless
maybe you're using OpenVMS or Plan9 (although I think there is at least one
for those as well, just not OpenSSH).

On 11/7/05, Matthew S Elmore <[EMAIL PROTECTED]> wrote:
>
> I cannot appear to locate a telnet daemon in 3.8 installs now. It
> appears to have silently disappeared between 3.7 and 3.8.
>
> I see no mention of this in the release notes or after a cursory search
> of the mailing lists. It's possible it is mentioned somewhere and I am
> missing it.
>
> I understand the advantages of ssh over telnet, but telnet is still
> heavily used in many environments.
>
> Is it merely hiding somewhere or can someone recommend an alternative
> for me?
>
> Regards,
> Matt

Re: Telnet daemon retired in 3.8 ?

[Ioan Nemes]

It in not the question of sshd works or, not!  In large environments,
where you have a large number of legacy hardware (like Apollo 700,
HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
box is other than to run a firewall, a webserver, mail-server, or
MySQL,
plus you have thousand + users, and clients (internal/external on
different
client platforms), yes it is bad not have telnetd running.  Matthew is
quite
right, telnet is live and will be for very long time.  It was a bad
choice
to be removed from the source tree.  You reduce your options.

Above, I am not arguing pro/contra telnetd, or sshd!

Ioan


>>> Jason Crawford <[EMAIL PROTECTED]> 08/11/2005 11:55:55 am
>>>
telnetd was completely removed from the source tree around the end of
may,
soon after 3.7 was released. As far as an alternative, why does sshd
not
work? There are ssh daemons for almost all other operating systems,
unless
maybe you're using OpenVMS or Plan9 (although I think there is at least
one
for those as well, just not OpenSSH).

On 11/7/05, Matthew S Elmore <[EMAIL PROTECTED]> wrote:
>
> I cannot appear to locate a telnet daemon in 3.8 installs now. It
> appears to have silently disappeared between 3.7 and 3.8.
>
> I see no mention of this in the release notes or after a cursory
search
> of the mailing lists. It's possible it is mentioned somewhere and I
am
> missing it.
>
> I understand the advantages of ssh over telnet, but telnet is still
> heavily used in many environments.
>
> Is it merely hiding somewhere or can someone recommend an
alternative
> for me?
>
> Regards,
> Matt
http://www.netcleanse.com

Re: Telnet daemon retired in 3.8 ?

[Carson Harding]

On Tue, Nov 08, 2005 at 12:47:18PM +1100, Ioan Nemes wrote:
> It in not the question of sshd works or, not!  In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running.  Matthew is
> quite
> right, telnet is live and will be for very long time.  It was a bad
> choice
> to be removed from the source tree.  You reduce your options.

[snip]

telnetd (note the 'd') was removed. telnet is still there. you can
telnet to your old systems. just use ssh to get to your openbsd
systems. or am I misunderstanding the problem?

-- Carson Harding - harding (at) motd (dot) ca

Re: Telnet daemon retired in 3.8 ?

[STeve Andre']

On Monday 07 November 2005 20:47, Ioan Nemes wrote:
> It in not the question of sshd works or, not!  In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running.  Matthew is
> quite
> right, telnet is live and will be for very long time.  It was a bad
> choice
> to be removed from the source tree.  You reduce your options.
>
> Above, I am not arguing pro/contra telnetd, or sshd!
>
> Ioan
[snip]

If you *really* need telnetd, you could always go to the attic and
pull it out.  Or get it from your 3.7 CD and figure out how to build
it.

I fail to see why you need it, however.  You can still telnet from
OpenBSD to your legacy systems, so that isn't dead.  What *is*
dead is the idea of encouraging client systems to telnet to a
modern host.  I applaud this, as I did when rlogind went away.

Telnet needs to die.  If no one will take the stance of geting
rid of it, how will it ever end?

--STeve Andre'

pf.conf to only allow port 22, 25 and 80 to my server.

[Larry Llong]

I just want to allow port 22, 25 and 80 to my server.

I know I can activate and deactive pf with -e and -d, but that doesn't seem 
to reload the configuration. Does it?


would this do the trick? is there a better way?

# pf.conf
block in  all
block out all

pass in quick on sis0 proto tcp from any to any port {ssh, smtp, www}

_
Dont just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/

Re: Telnet daemon retired in 3.8 ?

[Lars Hansson]

On Tue, 08 Nov 2005 12:47:18 +1100
"Ioan Nemes" <[EMAIL PROTECTED]> wrote:

> Above, I am not arguing pro/contra telnetd, or sshd!

I dont see the problem. The "telnet" command is still there, it's only
telnetd that's gone.

---
Lars Hansson

mainting a mirror

[Martin Ekendahl]

What do you guys use to update your mirrors? I have a colo server that 
I'm not doing much with and I thought about setting up a mirror and just 
running `cvs up -Pd` twice a day or something to update it. Am I on the 
right track or is there a "better" or more official way of doing it?


-Martin

Re: pf.conf to only allow port 22, 25 and 80 to my server.

[Daniel Ouellet]

Larry Llong wrote:

I just want to allow port 22, 25 and 80 to my server.

I know I can activate and deactive pf with -e and -d, but that doesn't 
seem to reload the configuration. Does it?


Read the informations available here:

http://openbsd.org/faq/pf/index.html

Or even a very good step by step with a lots of explications here:

http://www.bgnett.no/~peter/pf/en/pf-firewall.pdf in PDF or
http://www.bgnett.no/~peter/pf/en/ in html.

Much better to understand what you are doing instead of using the cut 
and paste configuration of someone else.


Peter document will sure get you started and provide you valuable 
information in a step by step if you need that.

Re: Telnet daemon retired in 3.8 ?

[Daniel Ouellet]

Matthew S Elmore wrote:
I cannot appear to locate a telnet daemon in 3.8 installs now. It 
appears to have silently disappeared between 3.7 and 3.8.


Not really silently, but not with huge party either.

http://marc.theaimsgroup.com/?l=openbsd-cvs&m=111700017509177&w=2

I know it was announce as well, can't put my finger right away on the 
article, but definitely it was talked about and said to be gone.


I good thing really!

Re: Telnet daemon retired in 3.8 ?

[Jason Crawford]

Well, the parent poster asked for an alternative, so I said sshd. If he
wanted telnetd, then he wouldn't ask for an alternative, very simple. And
you act as if I had anything to do with telnetd being removed. I have
nothing to do about anything OpenBSD does, short of maybe helping to fix a
bug or two I might happen to find. You don't like telnetd being gone, use
another OS or just use an alternative, like the parent poster asked about in
his first email (sshd).

On 11/7/05, Ioan Nemes <[EMAIL PROTECTED]> wrote:
>
> It in not the question of sshd works or, not! In large environments,
> where you have a large number of legacy hardware (like Apollo 700,
> HP 3000, HP 7000, Solaris 2.5.1 etc., etc.), and the purpose of a UNIX
> box is other than to run a firewall, a webserver, mail-server, or
> MySQL,
> plus you have thousand + users, and clients (internal/external on
> different
> client platforms), yes it is bad not have telnetd running. Matthew is
> quite
> right, telnet is live and will be for very long time. It was a bad
> choice
> to be removed from the source tree. You reduce your options.
>
> Above, I am not arguing pro/contra telnetd, or sshd!
>
> Ioan
>
>
> >>> Jason Crawford <[EMAIL PROTECTED]> 08/11/2005 11:55:55 am
> >>>
> telnetd was completely removed from the source tree around the end of
> may,
> soon after 3.7 was released. As far as an alternative, why does sshd
> not
> work? There are ssh daemons for almost all other operating systems,
> unless
> maybe you're using OpenVMS or Plan9 (although I think there is at least
> one
> for those as well, just not OpenSSH).
>
> On 11/7/05, Matthew S Elmore <[EMAIL PROTECTED]> wrote:
> >
> > I cannot appear to locate a telnet daemon in 3.8 installs now. It
> > appears to have silently disappeared between 3.7 and 3.8.
> >
> > I see no mention of this in the release notes or after a cursory
> search
> > of the mailing lists. It's possible it is mentioned somewhere and I
> am
> > missing it.
> >
> > I understand the advantages of ssh over telnet, but telnet is still
> > heavily used in many environments.
> >
> > Is it merely hiding somewhere or can someone recommend an
> alternative
> > for me?
> >
> > Regards,
> > Matt
>
>
>
> ---
> Scanned by Fairfield City Council - NetCleanse for all known viruses.
> http://www.netcleanse.com

Re: Telnet daemon retired in 3.8 ?

[Damien Miller]

On Tue, 8 Nov 2005, Ioan Nemes wrote:


It in not the question of sshd works or, not!  In large environments,
where you have a large number of legacy hardware (like Apollo 700,
HP 3000, HP 7000, Solaris 2.5.1 etc., etc.),


You can compile portable OpenSSH (or another ssh client) on most of these.

It was a bad choice to be removed from the source tree.  You reduce your 
options.


You reduce your options by not granting superuser privileges to regular 
users too. Reducing options is a good thing when the options you reduce 
are DUMB.


-d

Re: mainting a mirror

[Tubnor, Jason B]

See extract from http://openbsd.org/anoncvs.html :

Setting up an anoncvs mirror

If you wish to setup a new anoncvs mirror site and make it available to
the general public, please contact the anoncvs ([EMAIL PROTECTED])
maintainer. Anoncvs mirrors require about 2.2GB of disk, and use up to
32MB of swap per anoncvs user (assuming the user does a large operation;
while smaller operations use fewer resources, anoncvs still makes much
more of an impact than ftp or sup). Such anoncvs machines should have
excellent network connectivity for the area they are expected to serve.
A document (http://openbsd.org/anoncvs.shar ) which describes the setup
of anoncvs servers is available.




Jase.


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, 8 November 2005 2:17 PM
To: misc@openbsd.org
Subject: mainting a mirror

What do you guys use to update your mirrors? I have a colo server that 
I'm not doing much with and I thought about setting up a mirror and just

running `cvs up -Pd` twice a day or something to update it. Am I on the 
right track or is there a "better" or more official way of doing it?

-Martin

Re: Symbios Logic 53C1030 error

[Marco Peereboom]

You are using unsupported stuff.  OpenBSD will not support IM until someone
unslacks and adds it to the driver.

On Mon, Nov 07, 2005 at 02:55:09PM +0100, Per-Olov Sjvholm wrote:
> Hi misc
> 
> 
> I have a server with a on board Symbios Logic 53C1030. I have set up 
> mirroring 
> and tried OpenBSD 3.8. When I start the installer and say I want the whole 
> disk for OpenBSD I can see:
> 
> "Putting all of sd0 into an active OpenBSD MBR partition (type 
> 'A6')...fdisk:DIOCGDINFO: Input/output error"
> 
> dmesg output goes here:
> (sorry for just attaching a part of it. I wrote it down by hand. I can if 
> more 
> is needed fix this.)
> mpt0 at pci2 dev8 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11
> mpt0: IM support: 6
> scsibus0 at mpt0: 16 targets
> sd0(mpt0:0:0): mpt0: timeout on request index=0xfe, seq=0x008a
> mpt0: status 0x, Mask 0x0001, Doorbell 0x2400
> mpt0: request state: On chip
> sd0: drive offline
> 
> 
> 
> However... I can still partion and install the OS (even though it says drive 
> offline). But the last partion in the table "e" which is /home (rest of the 
> disk) failed. When I skipped that I could install the OS. When the OS was up 
> I logged in to try to partition the rest of the disk as /home. When I did a 
> newfs on it it yelled about write error on block x. If I took a smaller 
> piece for /home it went ok. So far I thougt that there actually was some real 
> error on the disk. So I removed one disk at the time and reinstalled the OS 
> on a single disk. But it seems to yell for write errors on different places 
> (often near the last block). But the OS seems to work OK if only the 
> partitioning for the core OS partitions are OK.
> 
> When an error comes during a newfs it says:
> sd0(mpt0:0:0): Check Condition (error 0x70) on opcode 0x2a
> SENSE KEY: Illegal REquest
> ASC/ASCQ: ASC 0x21 ASCQ 0x00
> And then is also yell about the write error on block 
> 
> 
> 
> What is happening here?
> 
> 
> Thanks in advance
> Per-Olov Sjvholm
> -- 
> GPG keyID: 4DB283CE
> GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: OpenBSD official media

[Andrew Daugherity]

On 11/5/05, Marco Peereboom <[EMAIL PROTECTED]> wrote:
> You mean because hppa, mac68k, m88k and sparc, just to name a few, have
> outstanding DVD devices available.
>
> Come on now, THINK before typing.

Of those, only sparc is currently shipping on CD.  If you can find a
SCSI DVD-ROM drive (they do exist), you should* be able to boot from
it.  Sun does ship Solaris on DVD since Solaris 8, after all.

* Of course, vendor brain-damage could always interfere with your
plans, so I guarantee nothing.

-A

Re: pf.conf to only allow port 22, 25 and 80 to my server.

[Uwe Dippel]

On Tue, 08 Nov 2005 00:44:34 +, Larry Llong wrote:

> I just want to allow port 22, 25 and 80 to my server.
> 
> I know I can activate and deactive pf with -e and -d, but that doesn't seem 
> to reload the configuration. Does it?

How about -f, or man pfctl (which is faster than typing, I guess)

Here I use something like the following. Permits to change NICs and edit
the services. Chances are you want to log less. No warranty && YMMV:


# Define useful variables - Macros
Ext_IF = "ne1"  # External Interface

TCP_Services = "{ ssh, smtp, www }"
ICMP_Types = "echoreq"

# Options
set block-policy return
set loginterface $Ext_IF

# Clean up fragmented and abnormal packets
scrub in all

# Filter rules
block all

pass quick on lo0 all

# allow the services as defined above
pass in log on $Ext_IF inet proto tcp from any to $Ext_IF \
   port $TCP_Services flags S/SA keep state

pass in log on $Ext_IF inet proto { tcp, udp } from any to $Ext_IF \
   port domain keep state

pass in log inet proto icmp all icmp-type $ICMP_Types keep state

pass out log on $Ext_IF proto tcp all modulate state flags S/SA
pass out log on $Ext_IF proto { udp, icmp } all keep state

Uwe

euro currency

[Christian Rother]

I on obsd 3.8 wanna use euro symbol and currency but I
cannot find any font which includes it. Where can I
find it and what do I have to load with wsfontload?

Thank you very much indeed.






___ 
Gesendet von Yahoo! Mail - Jetzt mit 1GB Speicher kostenlos - Hier anmelden: 
http://mail.yahoo.de

Re: Setting up printer with cups Epson Stylus Photo 820

[Jacob Meuser]

On Mon, Nov 07, 2005 at 10:51:43AM -0800, Peter Hessler wrote:
> On Mon, Nov 07, 2005 at 12:38:09AM -0800, Jacob Meuser wrote:
> :On Sun, Nov 06, 2005 at 02:08:04PM -0600, Jeff Roach wrote:
> :> Not really. I want to use cups for network printing and it requires esp
> :> ghostscript for which there is no port. Also, gutenprint provides newer
> :> drivers than gimp-print.
> :
> :CUPS does _not_ require ESP ghostscript!
> :
> :yes, the few PPD files that come with CUPS reference pstoraster
> :from ESP ghostscript ... but you don't need to use them.
> :
> :do you really think I would make those ports and say they work
> :with CUPS if they didn't?
> :
> :-- 
> :<[EMAIL PROTECTED]>
> :
> 
> Then how would you use CUPS w/o ESP ghostscipt?  I'm quite new to CUPS 
> and when I follow the documentation (`lpadmin -p LaserJet -E -v 
> socket://printer:9100 -m laserjet.ppd`.  the web interface requires 
> passwords, and doesn't accept my login information.)

by default, you have to login as a member of the root group from
localhost.  if you want to change this, see the
 section of ${SYSCONDFIR}/cups/cupsd.conf.

>  any attempt to 
> print is canceled for my convienence.

the PPD files that come with CUPS do require ESP ghostscript
but you don't need to use them.  these are generic PPD files
anyway.  a printer-specific PPD file will probably give you
better printing results.  you can get a PPD file from
linuxprinting.org or install the foomatic database and engine
and generate a PPD file locally.  ports for the foomatic database
and engine can be found here:
http://www.jakemsr.com/openbsd/foomatic-ports.html
instructions for generating a printer-specific PPD file with these
ports can be found here: http://www.jakemsr.com/openbsd/foomatic.html
(just ignore the directions on that page for lpd for the time being.
you use the same PPD file for CUPS or lpd.  I'll try to add some
directions for CUPS in the near future.)

copy the PPD file to ${PREFIX}/share/cups/model/.

start (or restart) cupsd.

reconfigure ("Manage Printers" -> "Modify Printer" through the web
interface) the printer to use the new PPD.

that's it.

-- 
<[EMAIL PROTECTED]>

Re: Mplayer & DVD problem

[Jacob Meuser]

On Mon, Nov 07, 2005 at 05:11:12PM +0100, Nikolaus Hiebaum wrote:
> Hi,
> 
> I recently upgraded to OpenBSD 3.8 and have a little problem with playing 
> DVDs.
> The problem is that the application (mplayer) opens and then exits.

> Playing dvd://.
> Reading disc structure, please wait...
> There are 10 titles on this DVD.
> There are 1 chapters in this DVD title.

a DVD title with only 1 chapter probably isn't the main title
and could be just very short.  I don't remember if mplayer tries
to figure out which title is the main title or if it just uses
title 1 unless you use something like dvd://2.  what does lsdvd
say the main title of this DVD is?

also, IMO, ogle is a much nicer DVD player and is available as
an OpenBSD package.

-- 
<[EMAIL PROTECTED]>

Re: OpenBSD official media

[JR Dalrymple]

Andrew Daugherity wrote:


On 11/5/05, Marco Peereboom <[EMAIL PROTECTED]> wrote:
 


You mean because hppa, mac68k, m88k and sparc, just to name a few, have
outstanding DVD devices available.

Come on now, THINK before typing.
   



Of those, only sparc is currently shipping on CD.  If you can find a
SCSI DVD-ROM drive (they do exist), you should* be able to boot from
it.  Sun does ship Solaris on DVD since Solaris 8, after all.

* Of course, vendor brain-damage could always interfere with your
plans, so I guarantee nothing.

-A

 


Track 2 on the 2nd CD is an audio track.

Also, as someone so cleverly put before me, Marco missed Vax, which is 
on the CD media.


Beyond all that, I honestly don't have any problem whatsoever with 
multiple disks. If *you* need a single disk layout, make your own by 
copying what you need off the 3 disks. That's not difficult.

Head command

[Marcos Marconcini]

Hi,

 

 I am trying to extract a portion of a large file, to do a sha1 check, it's
greater than 2.7Gb. I was reading help for head command, but it's only
permit me put number of lines to extract, and I need to extract the portion
of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ?
I am using openbsd 3.6. Any help are welcome!!!

 

Thanks in Advance.

 

 

Marcos

Re: Symbios Logic 53C1030 error

[Per-Olov Sjöholm]

OK.

Thanks for the reply

B t w... What is "IM"?


Regards
Per-Olov

On Tuesday 08 November 2005 05.23, Marco Peereboom wrote:
> You are using unsupported stuff.  OpenBSD will not support IM until someone
> unslacks and adds it to the driver.
>
> On Mon, Nov 07, 2005 at 02:55:09PM +0100, Per-Olov Sjvholm wrote:
> > Hi misc
> >
> >
> > I have a server with a on board Symbios Logic 53C1030. I have set up
> > mirroring and tried OpenBSD 3.8. When I start the installer and say I
> > want the whole disk for OpenBSD I can see:
> >
> > "Putting all of sd0 into an active OpenBSD MBR partition (type
> > 'A6')...fdisk:DIOCGDINFO: Input/output error"
> >
> > dmesg output goes here:
> > (sorry for just attaching a part of it. I wrote it down by hand. I can if
> > more is needed fix this.)
> > mpt0 at pci2 dev8 function 0 "Symbios Logic 53c1030" rev 0x08: irq 11
> > mpt0: IM support: 6
> > scsibus0 at mpt0: 16 targets
> > sd0(mpt0:0:0): mpt0: timeout on request index=0xfe, seq=0x008a
> > mpt0: status 0x, Mask 0x0001, Doorbell 0x2400
> > mpt0: request state: On chip
> > sd0: drive offline
> >
> >
> >
> > However... I can still partion and install the OS (even though it says
> > drive offline). But the last partion in the table "e" which is /home
> > (rest of the disk) failed. When I skipped that I could install the OS.
> > When the OS was up I logged in to try to partition the rest of the disk
> > as /home. When I did a newfs on it it yelled about write error on block
> > x. If I took a smaller piece for /home it went ok. So far I thougt
> > that there actually was some real error on the disk. So I removed one
> > disk at the time and reinstalled the OS on a single disk. But it seems to
> > yell for write errors on different places (often near the last block).
> > But the OS seems to work OK if only the partitioning for the core OS
> > partitions are OK.
> >
> > When an error comes during a newfs it says:
> > sd0(mpt0:0:0): Check Condition (error 0x70) on opcode 0x2a
> > SENSE KEY: Illegal REquest
> > ASC/ASCQ: ASC 0x21 ASCQ 0x00
> > And then is also yell about the write error on block 
> >
> >
> >
> > What is happening here?
> >
> >
> > Thanks in advance
> > Per-Olov Sjvholm
> > --
> > GPG keyID: 4DB283CE
> > GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: Head command

[Damien Miller]

man dd

On Tue, 8 Nov 2005, Marcos Marconcini wrote:


Hi,



I am trying to extract a portion of a large file, to do a sha1 check, it's
greater than 2.7Gb. I was reading help for head command, but it's only
permit me put number of lines to extract, and I need to extract the portion
of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ?
I am using openbsd 3.6. Any help are welcome!!!



Thanks in Advance.





Marcos

Re: Head command

[Rod.. Whitworth]

On Tue, 8 Nov 2005 03:11:43 -0300, Marcos Marconcini wrote:

>Hi,
>
> 
>
> I am trying to extract a portion of a large file, to do a sha1 check, it's
>greater than 2.7Gb. I was reading help for head command, but it's only
>permit me put number of lines to extract, and I need to extract the portion
>of 1.5Gb in bytes, and generate a new file. Is this posible? How can I do ?
>I am using openbsd 3.6. Any help are welcome!!!
>

man split ?

> 
>
>Thanks in Advance.
>
> 
>
> 
>
>Marcos
>
>

>From the land "down under": Australia.
Do we look  from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Can't set environment variable on OpenBSD 3.8

[Tomas]

Hello,



I cant set environment variable on OpenBSD 3.8. I issue command env
testvar=var and I get printout with all the environment variables:

PS1=#

PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin

SHELL=/bin/ksh

USER=root

LESS=-NWi

MAIL=/var/mail/tomas

HOME=/root

SSH_CLIENT=10.30.1.15 3578 22

LESSOPEN=|~/lesspipe.sh %s

SUDO_USER=tomas

SUDO_GID=1000

TERM=xterm

SUDO_COMMAND=/usr/bin/su

SUDO_UID=1000

SSH_TTY=/dev/ttyp0

PAGER=less

LOGNAME=root

testvar=var



And after that I issue command env and I get printout without my testvar:

PS1=#

PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin

SHELL=/bin/ksh

USER=root

LESS=-NWi

MAIL=/var/mail/tomas

HOME=/root

SSH_CLIENT=10.30.1.15 3578 22

LESSOPEN=|~/lesspipe.sh %s

SUDO_USER=tomas

SUDO_GID=1000

TERM=xterm

SUDO_COMMAND=/usr/bin/su

SUDO_UID=1000

SSH_TTY=/dev/ttyp0

PAGER=less

LOGNAME=root

What could I be doing wrong?

Re: Mplayer & DVD problem

[Edd Barrett]

On 07/11/05, Nikolaus Hiebaum <[EMAIL PROTECTED]> wrote:

> The selected video_out device is incompatible with this codec.

Have you tried both -vo x11 and -vo xv? Just a stab in the dark.

Best Regards

Edd

Re: Telnet daemon retired in 3.8 ?

[Shawn K. Quinn]

On Mon, 2005-11-07 at 17:28 -0600, Matthew S Elmore wrote:
> I understand the advantages of ssh over telnet, but telnet is still 
> heavily used in many environments.

Telnet is a horribly insecure protocol subject to at least two attacks
by third parties with access to any part of the network between the two
hosts. Thus, telnetd is gone for a damn good reason, that being that
it's a turd that has no place in a "secure by default" OS.

If you absolutely must have telnetd, I guess you can compile it from the
source in 3.7, but please, you should be fully aware that this opens up
security holes big enough that a tank can be driven through without the
appropriate countermeasures; at a minimum, you should use one-time
passwords (S/Key) to make password sniffing useless, and only allow
telnet connections from networks where you know for sure nobody with
root access will try to hijack or eavesdrop on connections (such as a
LAN where either you are the sole admin or you know and trust the other
admins).

-- 
Shawn K. Quinn <[EMAIL PROTECTED]>

IPsec performance

[Vincent Bernat]

Hi !

I  have several  questions about  IPsec performance  in OpenBSD.  I am
using IPsec to maintain more than 60 tunnels and it performs well when
those tunnels are idle. Tunnels are  either using 3DES or AES. 3DES is
due  to the  fact that  clients  are using  Windows where  AES is  not
available.

OpenBSD is running on a Celeron 2.4 GHz and openssl speed aes gives 70
MB/s and des-ede3 gives 15 MB/s. With 40 Mb/s (megabits/s) of traffic,
the processor is used at 100%.  Why such a difference with the results
of openssl speed.

I have  added an  Hifn 7955  crypto card. However,  after one  hour of
managing the  60 tunnels,  it becomes impossible  to do  any symmetric
crypto. There is nothing in the dmesg about that. The only solution is
to reboot. With the card disabled,  there is no such problem. Any idea
of why I have this problem ?

What kind of hardware will perform 3DES and AES encryption well ? A C3
processor has AES encryption built-in  but I must keep 3DES encryption
as   well   and   those   processors   are  very   slow   on   general
operations. Would  an Opteron  2.2 Ghz performs  better than  an Intel
EM64T Xeon 3 GHz ?

If  I choose  a multiprocessor  system, will  OpenBSD be  able  to use
efficienly the two processors for doing IPsec stuff ?
-- 
Write clearly - don't be too clever.
- The Elements of Programming Style (Kernighan & Plauger)