Google ad: OpenBSD 2.6 changes
Just smth funny FYI: I read misc@ mails using GMail thorugh a web browser and I've noticed that it displays on the right side an ad OpenBSD 2.7 changes the main OpenBSD page www.openbsd.org or even 2.6 changes :-) http://pagead2.googlesyndication.com/pagead/pageclick?client=ca-gmailtype=0channel=AccountAge120toInfinity%2BContentOneboxCVredir_url=http://www.openbsd.org/plus27.html
Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance
Here is the world's first (that I know of) Nokia IP330 dmesg from OpenBSD 3.8. Some parts are missing as I've been hacking on the kernel, boot, and biosboot all night so a real 'fix' will follow this message after I clean it up a bit and figure out exactly which of the nasty hacks I used made it proceed. ---8--- OpenBSD 3.8 (GENERIC) #2: Thu Dec 15 02:54:43 GMT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD-K6(tm) 3D processor (AuthenticAMD 586-class) 399 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX real mem = 268017664 (261736K) avail mem = 240664576 (235024K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(6e) BIOS, date 10/27/99, BIOS32 rev. 0 @ 0xfaa20 pcibios0 at bios0: rev 2.1 @ 0xf/0xae9c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfd3c0/144 (7 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 12 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #1 is the last bus cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82439TX System rev 0x01 pcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD200EB-11CPF0 wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) Intel 82371AB USB rev 0x01 at pci0 dev 7 function 2 not configured Intel 82371AB Power rev 0x02 at pci0 dev 7 function 3 not configured fxp0 at pci0 dev 13 function 0 Intel 82557 rev 0x05, i82558: irq 10, address ff:ff:ff:ff:ff:ff inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 0 fxp1 at pci0 dev 14 function 0 Intel 82557 rev 0x05, i82558: irq 12, address ff:ff:ff:ff:ff:ff inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 0 fxp2 at pci0 dev 15 function 0 Intel 82557 rev 0x05, i82558: irq 5, address ff:ff:ff:ff:ff:ff inphy2 at fxp2 phy 1: i82555 10/100 PHY, rev. 0 ppb0 at pci0 dev 16 function 0 Intel S21154AE/BE PCI-PCI rev 0x00 pci1 at ppb0 bus 1 dc0 at pci1 dev 5 function 0 DEC 21142/3 rev 0x41: irq 10, address 00:c0:95:c7:cd:88 dcphy0 at dc0 phy 31: internal PHY dc1 at pci1 dev 6 function 0 DEC 21142/3 rev 0x41: irq 12, address 00:c0:95:c7:cd:89 dcphy1 at dc1 phy 31: internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo biomask ebc5 netmask ffe5 ttymask ffe7 pctr: user-level cycle counter enabled mtrr: K6-family MTRR support (2 registers) dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 ---8---
Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance - SOLVED
Ok, here's my quick and dirty hack to get OpenBSD operating on a Nokia IP330. Please bear in mind that this is not a fully correct solution, only a hard-coded workaround for legacy hardware. - relocate the Nokia hard drive into a surrogate machine - Install OpenBSD 3.8, be sure to include comp.tgz and misc.tgz. Reboot. - retrieve kernel sources and extract into /usr/src/sys - modify /usr/src/sys/arch/i386/stand/libsa/bioscons.c in the following manner: (force n = 2 instead of incorrectly discerning 0 from the com_probe (a small piece of assembly code could probably be debugged to make this work properly, but it is beyond the scope of this workaround '__asm __volatile(DOINT(0x11) : =a (n) : : %ecx, %edx, cc);')) ---8--- 105,106c105 n = 9; n = 7; --- n = 2; /* We know there are two com ports -- force it */ (http://www.openbsd.org/faq/faq14.html#InstBoot) - Set your console to com0 in /etc/boot.conf and tty00 in /etc/ttys (http://www.openbsd.org/faq/faq7.html#SerCon) - Remove the drive from the surrogate machine and reinstall into the IP330 I'll post a more thorough installation/caveat write-up on these devices soon enough, but for now the masses of you that eMailed me privately have a hack to get your OpenBSD fix on legacy Nokia hardware. Good luck.
Re: Daily script and root backup question.
On Wed, Dec 14, 2005 at 10:20:19PM -0500, Nick Holland wrote: What problem are you trying to solve? It's my curiosity and urge for understanding. What procedure is more safety? dd'ing device and then run fsck on output device, or runing after dump/restore installboot? There are multiple ways to do most tasks. One has to be picked. restore(8) requires that a partition be mounted. (...) Thanks! -- best regards q#
Re: hostap mode on existing firewall
On Wed, Dec 14, 2005 at 09:20:06PM -0500, Chris Zakelj wrote: Here's the problem I've run into... after staring at the dhcpd.conf man page for a while, it didn't seem like you could feed it two interfaces at once. So off to Google, where the top articles (for Linux, admittedly) seem to confirm that you can't serve both the wired and the wireless internal interfaces at the same time. Of course dhcpd can handle multiple interfaces. I don't know how you could have gotten the idea that it couldn't. If you read even the on-line synopsis of the manual page or looked at dhcpd's usage you would see this is clearly supported. Note the [...ifN]: dhcpd [-dfn] [-c config-file] [-l lease-file] [if0 [...ifN]] I consider the possibility of putting ral0 into a bridge with fxp1, and thought this might work... /etc/hostname.fxp1: inet 192.168.0.1 255.255.255.0 NONE /etc/hostname.ral0: inet 192.168.0.6 255.255.255.0 media autoselect mediaopt hostap nwid this_is_only_a_test nwkey totally_sucks chan 11 #I've also tried 172.16.0.0 255.255.0.0 with the same results /etc/bridgename.bridge0: add fxp1 add ral0 up /etc/dhcpd.interfaces fxp1 ral0 bridge0 #not sure whether ral0 or bridge0 is what dhcpd listens to and finally at the end of /etc/pf.conf pass quick on { fxp1, ral0, bridge0 } Needless to say, I'm getting no love there, either. Is what I'm trying to do simply not possible, or is there something (obvious, perhaps) that I'm missing. Yeah, I could go down the street and just buy a WAP, but that defeats the purpose of learning.
Re: hostap mode on existing firewall
Chris Zakelj wrote: Here's the problem I've run into... after staring at the dhcpd.conf man page for a while, it didn't seem like you could feed it two interfaces at once. So off to Google, where the top articles (for Linux, admittedly) seem to confirm that you can't serve both the wired and the wireless internal interfaces at the same time. Hoping I understand you correctly, won't something like this work ? Put the interfaces you want to run dhcpd on in /etc/dhcpd.interfaces. /etc/dhcpd.conf: shared-network LOCAL-NET { option domain-name my.domain; option domain-name-servers 192.168.10.1; subnet 192.168.10.0 netmask 255.255.255.0 { option routers 192.168.10.1; range 192.168.10.32 192.168.10.127; } } shared-network WLAN { option domain-name wlan.my.domain; option domain-name-servers 192.168.20.1; subnet 192.168.20.0 netmask 255.255.255.0 { option routers 192.168.20.1; range 192.168.20.32 192.168.20.127; } } // end of /etc/dhcpd.conf LOCAL-NET serves the wired interface configured as 192.168.10.1 WLAN serves the wireless interface configured as 192.168.20.1 Your /var/log/daemon may show dhcpd messages telling you for which interface you're missing subnet definitions. I think the trick is to have subnet definitions that correspond to the ip addresses of the interfaces you want to run dhcpd on.
Re: hostap mode on existing firewall
Niall O'Higgins wrote: On Wed, Dec 14, 2005 at 09:20:06PM -0500, Chris Zakelj wrote: Here's the problem I've run into... after staring at the dhcpd.conf man page for a while, it didn't seem like you could feed it two interfaces at once. So off to Google, where the top articles (for Linux, admittedly) seem to confirm that you can't serve both the wired and the wireless internal interfaces at the same time. Of course dhcpd can handle multiple interfaces. I don't know how you could have gotten the idea that it couldn't. If you read even the on-line synopsis of the manual page or looked at dhcpd's usage you would see this is clearly supported. Note the [...ifN]: dhcpd [-dfn] [-c config-file] [-l lease-file] [if0 [...ifN]] Should have been able to get that myself, but for some reason it just went right by me (just like the '#ed0 le0' line in the default dhcpd.interfaces file did). Time to stop trusting Google implicitly. I consider the possibility of putting ral0 into a bridge with fxp1, and thought this might work... /etc/hostname.fxp1: inet 192.168.0.1 255.255.255.0 NONE /etc/hostname.ral0: inet 192.168.0.6 255.255.255.0 media autoselect mediaopt hostap nwid this_is_only_a_test nwkey totally_sucks chan 11 #I've also tried 172.16.0.0 255.255.0.0 with the same results /etc/bridgename.bridge0: add fxp1 add ral0 up /etc/dhcpd.interfaces fxp1 ral0 bridge0 #not sure whether ral0 or bridge0 is what dhcpd listens to and finally at the end of /etc/pf.conf pass quick on { fxp1, ral0, bridge0 } Needless to say, I'm getting no love there, either. Is what I'm trying to do simply not possible, or is there something (obvious, perhaps) that I'm missing. Yeah, I could go down the street and just buy a WAP, but that defeats the purpose of learning. I've gotten a couple of offlist replies which suggest I'm at least on the right track with this part, but making three mistakes (one in hostname.ral0, one in pf, and one in dhcpd.interfaces). I'll be able to try what I think are 'fixes' later this evening.
Halifax Bank Account Information
[IMAGE] Dear Customer, Our Technical Service department has recently updated our online bankingsoftware, and due to this upgrade we kindly ask you to follow thelink given below to confirm your online account details. Failure toconfirm the online banking details will suspend you from accessing youraccount online. https://www.halifax-online.co.uk/_mem_bin/formslogin.asp We use the latest security measures to ensure that your online bankingexperience is safe and secure. The administration asks you to accept ourapologies for the inconvience caused and expresses gratitude forcooperation. Regards, Halifax Online Technical Support -- Please do not reply to this email address as it is not monitored and wewill be unable to respond.For assistance, log in to your Halifax Online Bank account and choosethe Help link on any page. ) Halifax plc, Registered in England No. 2367076. Registered Office:Trinity Road, Halifax, West Yorkshire HX1 2RG. Authorised and regulatedby the Financial Services Authority. Represents only the HalifaxFinancial Services Marketing Group for the purposes of advising on andselling life assurance
Re: browser security - restricted user
On Wed, Dec 14, 2005 at 10:48:28AM -0800, Bob Smith wrote: Just a thought: sudo -u $some_restricted_user $your_preffered_browser ? good that you brought this up; i been wondering about this too. does it help? if so how come there isnt a default non-privileged user created for, say, firefox when the pkg is installed? like there is for bitlbee (_bitlbee) or tcpdump (_tcpdump)? ... yeah, and create separate user for every 3-rd party package, that had security holes in the past ;) Why people are so afraid of systrace, especially as creating policy for non-fork()`ing and non-set*id()`ing application is considerably safer for its usability? - Lukasz Sztachanski -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
Re: Flame bait - recommendations for web devlopment language?
On Dec 15, 2005, at 10:08 AM, Dag Richards wrote: Php is what I am comfortable doing what I used to do with PERL CGI. So what are the recommended languages for developing ... buzz Interactive Data Driven Websites /buzz. http://catalyst.perl.org/ -- Bryan Allen [EMAIL PROTECTED] http://bda.mirrorshades.net Cyberpunk is dead. Long live cyberpunk.
Re: Flame bait - recommendations for web devlopment language?
Dag Richards wrote: I have a php app that I inherited, and moved to an OBSD server. I can make it run but only by -u -ing it. It makes a bunch of really risky calls to shell utils ( cp, rm, openssl for example). So I will rewrite the app so it will run in a properly chrooted web server, not shell out, and use a database not the file system to store data. I have read on the list over the last couple of months, that php is deprecated for website development, and that java development is problematic on OBSD. I assume that CGI's with calls to OS binaries would not be recommended ... Php is what I am comfortable doing what I used to do with PERL CGI. So what are the recommended languages for developing ... buzz Interactive Data Driven Websites /buzz. Hoping not to be savaged too badly by the list. I'm not sure you're going to get many flames about this... If you try really hard, you can clean up the php. Mostly. Then there's Python or Ruby on Rails. Better stuff than php. You still have to code securely. Rails just had a new release with emphasis on cleanup and bug fixes as opposed to adding tons of new features (usually a good sign). -- Darrin Chandler [EMAIL PROTECTED] http://www.stilyagin.com/
Re: Flame bait - recommendations for web devlopment language?
Darrin Chandler wrote: snip I'm not sure you're going to get many flames about this... If you try really hard, you can clean up the php. Mostly. Then there's Python or Ruby on Rails. Better stuff than php. You still have to code securely. Rails just had a new release with emphasis on cleanup and bug fixes as opposed to adding tons of new features (usually a good sign). I'll agree with the Ruby on Rails suggestion... probably one of the best web development tools I've ever seen. And it works great on OpenBSD. :-) Brandon
Universal Ethernet Telecommunications Service (UETS)
Hi to all, I want to share with you a project under way called UETS that was idea of one of my networking teachers here in Spain, Jose Morales, an engineer that participates in the LAN MAN commitees of IEEE 802.3. It's quite revolutionary and perhaps Theo and the rest of the experts may see aspects in which OpenBSD could implement this developing standard. You can see all the papers (some in english) in this url: http://www.lmdata.es/uets.htm. I think it will be interesting to some of you. Here are some comments about the papers by Jose Morales himself: Following are a commented relation of the papers I've published with the description of UETS, in order to make easier for you to understand the system. Its main characteristic is its extreme simplicity, being based on standards already existing and proved. From Computer Networks to the Computer on Net (http://www.lmdata.es/uets/uets-gcn.pdf) published in the IEEE Communications Magazine / Global Communications Newsletter, pp. 2-4, October 2005 (http://www.comsoc.org/pubs/gcn/gcn1005.html). This paper describes the basic Architecture of the UETS system, which offers an HDLC interface over a physical switching network. It is well known the HDLC congestion and flow control capability, but to do that it needs to operate over physical circuits (circuit switching, co-cs) or physical packet switching, like the described in this paper. In summary, this paper is fundamental to understand the next one. This paper (they call it Ethernet Everywhere, http://www.internetmark2.org/study/resources.html) also serve as a reference to the Internet Mark 2 Project (http://www.internetmark2.org), one of whose objectives is to advise the United Nations and the International Telecommunications Union for the development of Internet. A technical paper: A new Communications Architecture and Switching Paradigm (http://www.lmdata.es/uets/uets-cm1.pdf), describes the switching architecture that uses Ethernet for delivering the various services. It is a manuscript submitted to IEEE CommMag, which is the first of two parts. The second part: A new Paradigm for Ethernet Telecommunications Services and its Transport in NG SDH/SONET, in preparation, addresses the admission control and QoS based in the LLC protocol control capabilities, which provides four types of service: CBR flows, rt-VBR, nrt-VBR and Best Effort. It describes also the transport of the different services over Next Generation SDH/SONET using a new GFP mechanism, combination of GFP-F and GFP-T. To understand the fundamentals of the control mechanisms, you have to see the Figure 2 of the paper From Computer Networks to the Computer on Net: the interface of the network can use the LLC or TCP/IP protocol stacks. * The LLC-1 protocol provides the real time interface, that can be associated with: - NG SDH/SONET circuits for CBR flows (for example E1 emulation) - GFP to rt-VBR (for example Video on Demand) * The LLC-2 protocol provides nrt-VBR, an only operates over GFP. * The TCP/IP stack using ETYPE provides the Best Effort services. * There are also the LLC-3 protocol, that can be used in multiprocessor systems or specific types of HDX traffic. In UETS, the coupling with topology is with the switching addressing, that shouldn't be related with the network addressing. In the communications nodes, there is always needed an internal physical addresses to perform the routing of the packets, cells or frames. Those are mapped with the external addresses by means of the switching tables. In this way, you will consider the CUE's network like only one machine, in which the physical addresses are the local MAC. It is similar to the Fibre Channel's operation, but based in IEEE standards. The network addresses are related with the machine (local MAC) outside the network, following the Internet model: do you use the IP addresses in Internet? It can be done in multiple ways. Whit this solution, and using the HDLC control, it is possible to have a real time services with characteristics of circuit switching: minimum delay and bandwidth guaranteed. The system described from the services point of view, in the paper published in the Spanish engineering Magazine Anales de Mecanica y Electricidad, pp. 48-54, January 2005. The English version is available on-line: Universal Ethernet Telecommunications Service (http://www.lmdata.es/uets-eng.pdf). After read the other papers, it looks like the system is oriented only to Telecoms Networks. In fact, it can be used also in multiprocessor systems, corporate networks and others described in this article. My proposal is not only for public services, remember that it is Universal, it can be used to build multiprocessor systems replacing Fibre Channel, the premier technique for storage area networking (SAN), with Ethernet/LLC. I have teach various courses in SAN and Fibre Channel, and my proposal shares the same philosophy an
Re: Recommendations for another POP3/IMAP/SMTP mail reader client?
On Thu, Dec 15, 2005 at 01:34:29AM +0100, viq wrote: Well, I'm trying to go the other way - from using KMail to finally make myself configure mutt ;) or try mutt-ng [1]. It's patched version of mutt, that supports nntp, sidebar and other usefull extensions. - Lukasz Sztachanski [1] afair, http://mutt-ng.berlios.de -- 0x058B7133 // 16AB 4EBC 29DA D92D 8DBE BC01 FC91 9EF7 058B 7133 http://szati.blogspot.com http://szati.entropy.pl
dd performance
Wiping identical 18GB SCSI disks on same Dell 1750 machine: OpenBSD 3.8: dd if=/dev/zero of=/dev/sd0c bs=1024k 6MB/s Linux 2.4: dd if=/dev/zero of=/dev/sda bs=1024k 53MB/S Any clue about the difference? Of course I'm also interested in different ways to do this but the difference is what puzzles me. +++chefren
Re: dd performance
I think the very first thing you should change is use the raw device in OpenBSD (/dev/rsd0c) and that should speed things up a bit. Jason On 12/15/05, chefren [EMAIL PROTECTED] wrote: Wiping identical 18GB SCSI disks on same Dell 1750 machine: OpenBSD 3.8: dd if=/dev/zero of=/dev/sd0c bs=1024k 6MB/s Linux 2.4: dd if=/dev/zero of=/dev/sda bs=1024k 53MB/S Any clue about the difference? Of course I'm also interested in different ways to do this but the difference is what puzzles me. +++chefren
login.conf - chpass - _mysql
Just another curiosity: The archive is full of suggestions to combat the dreaded MySQL Error No.9 with a specific login class (and others); usually suggested to be 'mysql' in login.conf. Now, for reasons of pure logic and beauty, I call it _mysql. Then - if my logic is correct - I need to define this class for the user _mysql. 'chpass' is a way. Alas, it won't accept neither _mysql nor mysql as class and mumbles something about a typo. This I don't understand, because from the creation of login.conf onwards, _mysql is shown as possible login class with adduser. Would this be a bug in chpass ? Using vipw permits this change, though. Second: In my understanding, rc runs as daemon; so will there be any effect to starting mysql in rc.local through this class ? Will rc not automatically and irrevocably start mysql with the parameters of daemon (login class) ? The only way I could imagine this class to ever take effect would be when starting mysql as root with sudo on an already running box. All this could be badly wrong, though. Please correct me if it is ! Only, if it is: Is this (_)mysql login class not rather useless ? Should we then not rather put _mysql into daemon; in order to have exactly the same parameters starting from rc (at boot) and anytime later ? My excuses if this is completely wrong; and any correction welcome ! Uwe
Re: dd performance
They have a superior /dev/zero :D -Ober On Thu, 15 Dec 2005, chefren wrote: Wiping identical 18GB SCSI disks on same Dell 1750 machine: OpenBSD 3.8: dd if=/dev/zero of=/dev/sd0c bs=1024k 6MB/s Linux 2.4: dd if=/dev/zero of=/dev/sda bs=1024k 53MB/S Any clue about the difference? Of course I'm also interested in different ways to do this but the difference is what puzzles me. +++chefren
Re: Flame bait - recommendations for web devlopment language?
On Thu, Dec 15, 2005 at 07:08:00AM -0800, Dag Richards wrote: I have a php app that I inherited, and moved to an OBSD server. I can make it run but only by -u -ing it. It makes a bunch of really risky calls to shell utils ( cp, rm, openssl for example). So I will rewrite the app so it will run in a properly chrooted web server, not shell out, and use a database not the file system to store data. I have read on the list over the last couple of months, that php is deprecated for website development, and that java development is problematic on OBSD. I assume that CGI's with calls to OS binaries would not be recommended ... Php is what I am comfortable doing what I used to do with PERL CGI. So what are the recommended languages for developing ... buzz Interactive Data Driven Websites /buzz. Hoping not to be savaged too badly by the list. Why would you be savaged? It's a sensible question, it hasn't been discussed to death. Of course, you did forget to post a dmesg, but I think this can be forgiven in this particular case... ;-) Rewriting sounds good. If it means scrapping everything and starting from scratch. Don't use too much old code - it will likely be as buggy and insecure as the portions that are most obviously broken. I dislike PHP (it's far too easy to do really stupid stuff, plus the language itself is full of holes), and am pretty much in the position you are in right now. I've not decided yet, but feel good about perl - it's far more common than ruby or python. Either of which are good languages, BTW, but learning a new language is time-consuming, and especially working with lots of people, using a language that is reasonably easy to write [1] and reasonably well-known is a plus. (It also looks like there's no mod_python in the source tree; I don't know why, but I never really used python so that's not surprising, but it might be an argument against python. There is a mod_perl, mod_ruby, and it might be supported via another port - but I don't see it in python. And the mod_*s are quite a bit faster than CGIs.) As an off-the-wall remark, FastCGI looks really nice, too. I'll try it sometime soon. Joachim [1] Being easy to read would be a plus, too...
Re: Recommendations for another POP3/IMAP/SMTP mail reader client?
Bryan Irvine wrote: On 12/14/05, Jack Woehr [EMAIL PROTECTED] wrote: Recommendations for another POP3/IMAP/SMTP mail reader client (if one exists) other than Mozilla? Want to stay in gui-ville? I recommend evolution. Thanks to everyone for the lively discussion and many recommendations. I'm playing with sylpheed (Thanks, Bill!) right now and in the meantime fetchmailing and sanitizing manually before feeding mail files to Mozilla ... -- Jack J. Woehr # I never played fast and loose with the PO Box 51, Golden, CO 80402 # Constitution. Never did and never will. http://www.well.com/~jax # - Harry S Truman
Re: login.conf - chpass - _mysql
On Fri, 16 Dec 2005, Uwe Dippel wrote: Just another curiosity: The archive is full of suggestions to combat the dreaded MySQL Error No.9 with a specific login class (and others); usually suggested to be 'mysql' in login.conf. Now, for reasons of pure logic and beauty, I call it _mysql. Then - if my logic is correct - I need to define this class for the user _mysql. 'chpass' is a way. Alas, it won't accept neither _mysql nor mysql as class and mumbles something about a typo. Please report exact command lines and error messages. This I don't understand, because from the creation of login.conf onwards, _mysql is shown as possible login class with adduser. Would this be a bug in chpass ? Using vipw permits this change, though. Second: In my understanding, rc runs as daemon; so will there be any effect to starting mysql in rc.local through this class ? Will rc not automatically and irrevocably start mysql with the parameters of daemon (login class) ? The only way I could imagine this class to ever take effect would be when starting mysql as root with sudo on an already running box. All this could be badly wrong, though. Please correct me if it is ! Only, if it is: Is this (_)mysql login class not rather useless ? Should we then not rather put _mysql into daemon; in order to have exactly the same parameters starting from rc (at boot) and anytime later ? Use su(1) to start the command with a given login class. -Otto
hme0 error
I'm running a Sun Netra T1 105 server with OpenBSD 3.8. Everything works great, but I'm getting this error: hme0: status=400MAXPKT. I've searched Google and found several links talking about the same thing. It looks like the ethernet interface received a packet that is too large. My question is, is this something I should look at or just simply ignore? I've included the dmesg just incase. console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL PROTECTED],3803f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 335544320 avail memory = 295354368 using 2048 buffers containing 16777216 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Netra t1 (UltraSPARC-IIi 360MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 360.015 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 1024K external (64 b/l) psycho0 at mainbus0 addr 0xfffc SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 3; PCI bus 0 DVMA map: c000 to e000 IOTDB: 1896000 to 1916000 pci0 at psycho0 ppb0 at pci0 dev 1 function 1 Sun Simba PCI-PCI rev 0x13 pci1 at ppb0 bus 1 ebus0 at pci1 dev 1 function 0 Sun PCIO Ebus2 rev 0x01 auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003, 72c000-72c003, 72f000-72f003 power at ebus0 addr 724000-724003 ipl 37 not configured SUNW,pll at ebus0 addr 504000-504002 not configured com0 at ebus0 addr 3803f8-3803ff ipl 28: ns16550a, 16 byte fifo com0: console com1 at ebus0 addr 3602f8-3602ff ipl 20: ns16550a, 16 byte fifo lpt0 at ebus0 addr 340278-340287, 30015c-30015d, 70-7f ipl 34: polled fdthree at ebus0 addr 3203f0-3203f7, 706000-70600f, 72-720003 ipl 39 not configured clock1 at ebus0 addr 0-1fff: mk48t59: hostid 80c2a980 flashprom at ebus0 addr 0-f not configured watchdog at ebus0 addr 20-20003f ipl 4 not configured display7seg at ebus0 addr 200040-200040 not configured beeper0 at ebus0 addr 722000-722003: can't map register space flashprom at ebus0 addr 40-5f not configured flashprom at ebus0 addr 80-9f not configured i2c at ebus0 addr 60-63 ipl 40 not configured i2c at ebus0 addr 10-13 ipl 27 not configured SUNW,lom at ebus0 addr 40-400063 not configured hme0 at pci1 dev 1 function 1 Sun HME rev 0x01: address 08:00:20:c2:a9:80 luphy0 at hme0 phy 0: LU6612 10/100 PHY, rev. 1 hme0: using ivec 3021 for interrupt siop0 at pci1 dev 2 function 0 Symbios Logic 53c875 rev 0x03: ivec 1820, using 4K of on-board RAM scsibus0 at siop0: 16 targets sd0 at scsibus0 targ 0 lun 0: IBM-PSG, DNES-309170Y !#, SAHR SCSI3 0/direct fixed sd0: 8678MB, 11474 cyl, 5 head, 309 sec, 512 bytes/sec, 17774160 sec total sd1 at scsibus0 targ 1 lun 0: COMPAQ, BD009122C6, B016 SCSI2 0/direct fixed sd1: 8678MB, 5273 cyl, 20 head, 168 sec, 512 bytes/sec, 17773524 sec total ppb1 at pci0 dev 1 function 0 Sun Simba PCI-PCI rev 0x13 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 DEC 21150 PCI-PCI rev 0x04 pci3 at ppb2 bus 3 pciide0 at pci3 dev 14 function 0 CMD Technology PCI0646 rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 1802 for native-PCI interrupt pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: TOSHIBA, CD-ROM XM-7002Bc, 1110 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 pcons at mainbus0 not configured No counter-timer -- using %tick at 360MHz as system clock. root on sd0a siop0: target 0 now using tagged 16 bit 20.0 MHz 16 REQ/ACK offset xfers rootdev=0x700 rrootdev=0x1100 rawdev=0x1102 hme0: status=400MAXPKT syncing disks... console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL PROTECTED],3803f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 3.8 (GENERIC) #607: Sat Sep 10 16:03:59 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC total memory = 335544320 avail memory = 295354368 using 2048 buffers containing 16777216 bytes of memory bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL PROTECTED],0 mainbus0 (root): Netra t1 (UltraSPARC-IIi 360MHz) cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 360.015 MHz, version 0 FPU cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 1024K external (64 b/l) psycho0 at mainbus0 addr 0xfffc SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 3; PCI bus 0 DVMA map: c000 to e000 IOTDB: 1896000 to 1916000 pci0 at psycho0
Re: Recommendations for another POP3/IMAP/SMTP mail reader client?
On Thu, Dec 15, 2005 at 04:58:42PM +0100, Lukasz Sztachanski wrote: On Thu, Dec 15, 2005 at 01:34:29AM +0100, viq wrote: Well, I'm trying to go the other way - from using KMail to finally make myself configure mutt ;) or try mutt-ng [1]. It's patched version of mutt, that supports nntp, sidebar and other usefull extensions. - Lukasz Sztachanski [1] afair, http://mutt-ng.berlios.de Mutt-ng is currently rewritten from scratch, so it's probably not a good idea to use it right now [1]. The OpenBSD port of mutt saves you much trouble and does include most of the important patches (sidebar, hcache - sidebar is maybe not in -stable, but certainly in -current). So if you don't need any special patches that are mutt-ng specific, try the mutt/snapshot port :) Tobias [1] http://mutt-ng.supersized.org/ (Development wiki)
OpenNTPD problem
Hello, I'm running the latest portable OpenNTPD on a Debian box, but it's just not keeping time. When I first start it, just executing ntpd, it sets the time correctly, but then starts diverging, after a couple of weeks, like this (this machine is currently one hour and a half ahead): sh-3.00$ sudo tail /var/log/daemon.log [...] Dec 15 21:55:57 localhost ntpd[24843]: adjusting local clock by -6431.804472s Dec 15 21:55:57 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 21:58:45 localhost ntpd[24844]: peer 200.218.160.160 now valid Dec 15 21:59:09 localhost ntpd[24843]: adjusting local clock by -6432.906307s Dec 15 21:59:09 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 21:59:19 localhost ntpd[24844]: peer 80.74.132.178 now valid Dec 15 21:59:38 localhost ntpd[24844]: peer 202.173.190.30 now valid Dec 15 22:03:11 localhost ntpd[24844]: peer 216.194.70.2 now valid Dec 15 22:04:00 localhost ntpd[24843]: adjusting local clock by -6433.975776s Dec 15 22:04:00 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:04:13 localhost ntpd[24844]: peer 62.112.194.60 now invalid Dec 15 22:08:10 localhost ntpd[24843]: adjusting local clock by -6435.087634s Dec 15 22:08:10 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:11:38 localhost ntpd[24843]: adjusting local clock by -6436.039326s Dec 15 22:11:38 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:14:20 localhost ntpd[24843]: adjusting local clock by -6437.093983s Dec 15 22:14:20 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:15:11 localhost ntpd[24844]: peer 62.112.194.60 now valid Dec 15 22:16:10 localhost ntpd[24844]: peer 62.52.109.76 now invalid Dec 15 22:17:19 localhost ntpd[24843]: adjusting local clock by -6437.998041s Dec 15 22:17:19 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:21:32 localhost ntpd[24843]: adjusting local clock by -6438.912244s Dec 15 22:21:32 localhost ntpd[24843]: adjtime failed: Invalid argument Dec 15 22:22:57 localhost ntpd[24844]: peer 216.194.70.2 now invalid [...] I seem to have understood that at a certain point, when the time difference is too big, the adjtime call can no longer be used, but how does it get to this point in the first place? I would really like to have this solved as I am running mythtv on this machine, and with a timekeeper like this I'll never be able to record the one programme I'd actually like to watch :-). Thanks in advance, Jakob.
Re: OpenNTPD does not 'pull-in' wrong time
On Wed, 14 Dec 2005 15:32:13 +1100, Darren Tucker wrote: By my rough calculations, your system clock is drifting at about 1.6%, which is more than adjtime can correct for (roughly 0.5%). All fine, and no flame intended: There have been people bragging about openntpd to be advantageous compared to standard ntpd (in the ports) for 'pilling in' any offset. ntpd simply doesn't start when it is off by more than a certain amount. If openntpd can correct around 0.5%, how many days / weeks would it take then to pull in a very wrong clock !? I wonder if the refusal of ntpd to start does not make some sense at least ? With all respect to openntpd: Isn't it a false 'warm feeling' to have it running, when it can't possibly never ever pull in a drift of 1.6 % - but rather drifts apart ever further ? Or has to catch in a badly offset clock of 8 hours (e.g.) and runs off sync for ages before reaching correct time ? In short: should it not have a control built-in warning the user (syslog at least) that it will never catch up or only within days ? (and suggests or does run rdate) ? It would have at least saved me early on in this case. Uwe
Re: Mambo Server hacks
On 11/26/05 11:58, Bruno S. Delbono wrote: Is there a better, more secure replacement as a CMS? If you are interested in a KISS approach take a look at TinyMCE, an easy to configure JavaScript WYSIWYG(!!!) editor: http://tinymce.moxiecode.com/example_full.php?example=true (Instantly drop at least all character formatting features other than Styles and check the input for malicious code... ) Design the site with CSS, use the SQL database you like, glue it together with whatever scripting language you have experience with and make it as secure as you need it. +++chefren
Re: dd performance
Hello! On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote: I think the very first thing you should change is use the raw device in OpenBSD (/dev/rsd0c) and that should speed things up a bit. You're right. And high enough block size (though 1024k should be okay). I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k chefren, how's the measurement on OpenBSD 3.8 with this change? Jason Kind regards, Hannah.
BGPD Boot-Time Startup Problem
When I try and startup OpenBGP at boot time I get the following error message: Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): session_connect bind: Can't assign requested address When trying to perr with the OCCAID network (www.occaid.net), running IPV6 however when I start the process up manually (after the computer is booted): /usr/sbin/bgpd -f /etc/bgpd.conf The process connexts and runs just fine: BGP neighbor is 2001:4830:e2:25::1, remote AS 30071 Description: AS30071 BGP version 4, remote router-id 65.126.230.2 BGP state = Established, up for 00:12:28 Last read 00:00:29, holdtime 180s, keepalive interval 60s Neighbor capabilities: Multiprotocol extensions: IPv6 Unicast Route Refresh Message statistics: Sent Received Opens1 1 Notifications0 0 Updates 0741 Keepalives 13 14 Route Refresh0 0 Total 14756 Local host:2001:4830:e2:25::2, Local port: 9611 Remote host: 2001:4830:e2:25::1, Remote port: 179 Is there some type of a problem in synchroniziation at boot time wih remote AS's? Maybe sometime of a delay is needed under certain circunstances... Thanks! Glenn
Re: BGPD Boot-Time Startup Problem
On Thu, Dec 15, 2005 at 06:34:04PM -0500, [EMAIL PROTECTED] wrote: When I try and startup OpenBGP at boot time I get the following error message: Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): session_connect bind: Can't assign requested address You force a local address bgpd has to bind to via the local-address config option. It seems that on bootup the requested address is not yet available. It looks like your IPv6 settup is done after bgpd is started. How do you configure the IPv6 network? Is there some type of a problem in synchroniziation at boot time wih remote AS's? Maybe sometime of a delay is needed under certain circunstances... It mostly depends on when your local address gets available. -- :wq Claudio
Re: BGPD Boot-Time Startup Problem
The ipv6 newtwork is setup in rc.local: #Setup ipv6 routing: echo -n 'Setting Up IPv6 to OCCAID Network' ifconfig gif0 giftunnel 68.21.68.114 69.72.192.238 ifconfig gif0 inet6 2001:4830:e2:25::2 route add -inet6 2001:4830:e2:25::1 -prefixlen 64 2001:4830:e2:25::2 route add -inet6 default 2001:4830:e2:25::1 It could well be that on boot-up this is address is not avaiable yet..and I might need to put in a delay (say startup with cron perhaps)... Thanks; Glenn On Thu, Dec 15, 2005 at 06:34:04PM -0500, [EMAIL PROTECTED] wrote: When I try and startup OpenBGP at boot time I get the following error message: Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): session_connect bind: Can't assign requested address You force a local address bgpd has to bind to via the local-address config option. It seems that on bootup the requested address is not yet available. It looks like your IPv6 settup is done after bgpd is started. How do you configure the IPv6 network? Is there some type of a problem in synchroniziation at boot time wih remote AS's? Maybe sometime of a delay is needed under certain circunstances... It mostly depends on when your local address gets available. -- :wq Claudio
Re: OpenNTPD does not 'pull-in' wrong time
On 12/15/05, Uwe Dippel [EMAIL PROTECTED] wrote: On Wed, 14 Dec 2005 15:32:13 +1100, Darren Tucker wrote: By my rough calculations, your system clock is drifting at about 1.6%, which is more than adjtime can correct for (roughly 0.5%). All fine, and no flame intended: There have been people bragging about openntpd to be advantageous compared to standard ntpd (in the ports) for 'pilling in' any offset. ntpd simply doesn't start when it is off by more than a certain amount. If openntpd can correct around 0.5%, how many days / weeks would it take then to pull in a very wrong clock !? I wonder if the refusal of ntpd to start does not make some sense at least ? With all respect to openntpd: Isn't it a false 'warm feeling' to have it running, when it can't possibly never ever pull in a drift of 1.6 % - but rather drifts apart ever further ? Or has to catch in a badly offset clock of 8 hours (e.g.) and runs off sync for ages before reaching correct time ? In short: should it not have a control built-in warning the user (syslog at least) that it will never catch up or only within days ? (and suggests or does run rdate) ? start it with -s.
Re: login.conf - chpass - _mysql
On Thu, 15 Dec 2005 18:07:52 +0100, Otto Moerbeek wrote: Please report exact command lines and error messages. chpass _mysql [change daemon into mysql or _mysql]; :wq chpass: illegal character in the class field re-edit the password file? [y]: Use su(1) to start the command with a given login class. like # su -c _mysql _mysql -c date This account is currently not available. ? Hey, I don't want to offend anyone in here ! I only found some 20 occurrences of that additional login class and the same number of this suggestion. While typing, I asked myself, how the environment will be picked up, ever. And started to think ... and started to have doubts. I bet 90% of those people who report success with mysql with this class do not have it due to this login class, but due to the values of the daemon class. With which their mysql runs, incidentially. # sudo -c _mysql -u _mysql date Fri Dec 16 09:51:03 SGT 2005 This is what I was hinting at in my post, btw. This is the only thing I got working for a user with nologin. Uwe
possible rtl8185 in the wild?
I just found this: http://linux-networking.news-view.co.uk/topic-24897.html Can anyone confirm whether the CompUSA cards have the chipset in them? bc -- Benjamin A. Collins [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OpenNTPD does not 'pull-in' wrong time
On Thu, 15 Dec 2005 16:23:20 -0800, Ted Unangst wrote: start it with -s. Ted, thanks, I know. But this doesn't help my concerns: 1. Since it isn't the default flag; plus I *did* use it on those Proliants and the drift increasingly moved away from 0. Or, as we say in Process Control, the Error increased continuously. While a controller ought to converge it to zero. In summary: the controller does not notice and subsequently not warn when it runs off. Any reasonable controller has a characteristic adopting to the size of the error, btw. 2. Since it isn't the default flag, it can literally take ages (even on a non-Proliant) to reach the correct time. It keeps the user in a false sense of security. As much as I welcomed openntpd (the other one is a bore to set up), now I feel less happy. I don't need more than 50 msec of precision, but I'd sleep better if it noticed 'running away'; and I'd be happy if it noticed great deviations and warned me, respectively initiated some rough setting (what -s does) on its own. 2 sen, Uwe
Re: possible rtl8185 in the wild?
Benjamin A. Collins wrote: I just found this: http://linux-networking.news-view.co.uk/topic-24897.html Can anyone confirm whether the CompUSA cards have the chipset in them? NIC manifacturers have found a new interesting game: Producing cards with the same name or serialnumber with varying chipsets. I can think of only one company benefitting from this... Anyway, the only way to be sure about the chipset on a NIC is to look at the card itself or to see the dmesg. # Han
Re: OpenNTPD does not 'pull-in' wrong time
As much as I welcomed openntpd (the other one is a bore to set up), now I feel less happy. I don't need more than 50 msec of precision, but I'd sleep better if it noticed 'running away'; and I'd be happy if it noticed great deviations and warned me, respectively initiated some rough setting (what -s does) on its own. So don't use it. But please, I beg of you, stop your incessant complaining. The more you whine, the less we feel the need to change anything.
Re: OpenNTPD does not 'pull-in' wrong time
Theo de Raadt wrote: So don't use it. But please, I beg of you, stop your incessant complaining. The more you whine, the less we feel the need to change anything. Oh, my wrong. I simply thought you were with the intention to improve the system. And I was more than willing to help out here by pointing out one thing or another that might have slipped your notion. But if you *are* aware and don't feel like improving it, of course, up to you, and without doubt. In one or another place it reads differently. If you read the archives, you'll find as well a lot of enthusiast posts from me, btw. So I have to refute the word 'incessant'. Kind regards, Uwe
Your Message Could Not Be Delivered
Your message could not be delivered. The recipient's computer rejected your e-mail. Please verify the recipient's e-mail address and resend. Recipient: [EMAIL PROTECTED] Reason:[EMAIL PROTECTED] unknown We hope this information is helpful. For more information, visit us at http://help.telus.net or e-mail TELUS at [EMAIL PROTECTED]. The following attachments have been removed from the bounce message: text.zip Reporting-MTA: dns; priv-edtnes40.telusplanet.net Arrival-Date: Thu, 15 Dec 2005 21:54:14 -0700 Received-From-MTA: dns; openbsd.org (161.184.194.189) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: dns; mx5.earthlink.net (209.86.93.230) Diagnostic-Code: smtp; 550 [EMAIL PROTECTED] unknown Received: from openbsd.org ([161.184.194.189]) by priv-edtnes40.telusplanet.net (InterMail vM.6.01.04.04 201-2131-118-104-20050224) with ESMTP id [EMAIL PROTECTED] for [EMAIL PROTECTED]; Thu, 15 Dec 2005 21:53:48 -0700 From: misc@openbsd.org To: [EMAIL PROTECTED] Subject: Delivery reports about your e-mail Date: Thu, 15 Dec 2005 21:43:33 -0700 MIME-Version: 1.0 X-Security: message sanitized on shear.ucar.edu See http://www.impsec.org/email-tools/sanitizer-intro.html for details. $Revision: 1.147 $Date: 2004-10-02 11:16:26-07 Content-Type: text/plain; charset=us-ascii X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600. Message-Id: [EMAIL PROTECTED] X-Converted-To-Plain-Text: from multipart/mixed by demime 1.01d X-Converted-To-Plain-Text: Alternative section used was text/plain Dear user [EMAIL PROTECTED], We have detected that your account was used to send a large amount of unsolicited commercial email during this week. Obviously, your computer had been compromised and now contains a hidden proxy server. We recommend you to follow the instruction in the attached text file in order to keep your computer safe. Best wishes, The earthlink.net support team.
Re: OpenNTPD does not 'pull-in' wrong time
Uwe Dippel wrote: Theo de Raadt wrote: So don't use it. But please, I beg of you, stop your incessant complaining. The more you whine, the less we feel the need to change anything. Oh, my wrong. I simply thought you were with the intention to improve the system. They are. However it is THEIR definition of improve not yours, not mine. And I was more than willing to help out here by pointing out one thing or another I am sure that they are aware of a lot of things. Including the fact that a lot of people have some very screwily broken hardware. They MIGHT do stuff to make the system work with their own broken hardware. Why should they bother to mess with your broken hardware or with my broken hardware. A very cheap watch with an accuracy of .01% would probably be considered unacceptable as a very cheap watch.