Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
The anchors are in the running rule set, per the man and faq examples, right in the nat/rdr top-of-the-rule-set section, just not shown in the (snip) included in the post. If they weren't there the "user proxy" version of snip wouldn't be working. Thanks for the link, it *may* be relevant; however, the fact that [pass quick] "user proxy" works and [pass quick] "tagged " does not -- in an otherwise IDENTICAL rule set -- suggests that order (placement with regard to anchors) is NOT a factor (in my case). If the anchor's "quick" was in play, then -I would think that- the "user proxy" version rule would never be a positive factor AND the [pass quick] "tagged version would NOT be failing on the final BLOCK ALL rule. The anchor-quick would have already happened. Additionally, the "pfctl -vvvs rules" counters are ZERO for the "tagged " version and otherwise correct and incrementing for "user proxy" version. -Original Message- From: Camiel Dobbelaar <[EMAIL PROTECTED]> To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]> Cc: misc@openbsd.org Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working Date: Tue, 11 Dec 2007 07:31:01 +0100 Mailer: Thunderbird 2.0.0.9 (Windows/20071031) I don't see the anchors, you need those with tagging too. Other then that, it may still not work as expected, see: http://marc.info/?l=openbsd-misc&m=119729395125104&w=2 _ The information contained in this email and attachments, in whole or in part, termed "COVERED INFORMATION," is for the exclusive use of the adB-dressee and contains confidential information requested and/or transmitted with an expectation of privacy and confidentiality. If the recipient of COVERED INFORMATION is not the addressee, such recipient is strictly prohibited from any use in any way including but not limited to reading, copying, distribution or retention. Please notify sender by reply of the error and destroy all instances of the COVERED INFORMATION in your possession or control.
Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
The anchors are in the running rule set, per the man and faq examples, right in the nat/rdr top-of-the-rule-set section, just not shown in the (snip) included in the post. If they weren't there the "user proxy" version of snip wouldn't be working. Thanks for the link, it *may* be relevant; however, the fact that [pass quick] "user proxy" works and [pass quick] "tagged " does not -- in an otherwise IDENTICAL rule set -- suggests that order (placement with regard to anchors) is NOT a factor (in my case). If the anchor's "quick" was in play, then -I would think that- the "user proxy" version rule would never be a positive factor AND the [pass quick] "tagged version would NOT be failing on the final BLOCK ALL rule. The anchor-quick would have already happened. Additionally, the "pfctl -vvvs rules" counters are ZERO for the "tagged " version and otherwise correct and incrementing for "user proxy" version. -Original Message- From: Camiel Dobbelaar <[EMAIL PROTECTED]> To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]> Cc: misc@openbsd.org Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working Date: Tue, 11 Dec 2007 07:31:01 +0100 Mailer: Thunderbird 2.0.0.9 (Windows/20071031) I don't see the anchors, you need those with tagging too. Other then that, it may still not work as expected, see: http://marc.info/?l=openbsd-misc&m=119729395125104&w=2
Re: Real men don't attack straw men
On Dec 10, 2007, at 12:26 PM, Martin Schrvder wrote: 2007/12/10, Richard Stallman <[EMAIL PROTECTED]>: From what I have heard, OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. Richard, do you still remember the 2004 FSF awards? http://www.fsf.org/news/fsaward2004.html "Theo's leadership of OpenBSD, his selfless commitment to Free Software ..." Why don't you ask Theo, whom you once praised, about OpenBSD? Simply put in the years since then he's become much more shrill and intolerant. Perceived success is, IMO, going to the collective head of the FSF.
Re: : rouge IPs / user
On Tue, Dec 11, 2007 at 01:15:11AM +1300, Joel Wiramu Pauling wrote: > Tip. > > Don't allow password challenge. Problem solved. Just use key'd ssh and this > problem disappears. > Bin there, done that. You answered the wrong question. I want to know if and what I can do (on the server side) about HTTP clients that put sockets on my httpd server in state CLOSE_WAIT and thereby chew up all sockets for the server causing a kind of denial of service state. And yes, I have googled for "HPPT server socket CLOSE_WAIT" and did not get much wiser. > > On 11/12/2007, Raimo Niskanen <[EMAIL PROTECTED]> wrote: > > > > I have a related problem, but I am not sure if the source > > IPs are nasty computers or just... > > > > # lsof -ni:www > > shows me lots of connections hanging in state CLOSE_WAIT > > from some hosts (often in China). These used to eat all > > sockets for httpd. Now I have a max-src-conn limit so > > it is not a real problem any more. > > > > I now also log hosts that succedes in getting many > > sockets in CLOSE_WAIT, and they are still there. > > > > What do the gurus say? What can I do about these hosts? > > > > > > > > On Fri, Dec 07, 2007 at 09:51:52AM -0800, badeguruji wrote: > > > I am getting constant hacking attempt into my computer > > > from following IPs. Although, I have configured my ssh > > > config and tcp-wrappers to deny such attempts. But I > > > wish some expert soul in this community 'fix' this > > > rouge hacker for ever, for everyones good. > > > > > > This hacker could be spoofing the IPs, but i have only > > > the IPs in my message logs(and a url)... > > > > > > 218.6.16.30 > > > 195.187.33.66 > > > 202.29.21.6 > > > 60.28.201.57 > > > 218.24.162.85 > > > wpc4643.amenworld.com > > > 202.22.251.23 > > > 219.143.232.131 > > > 220.227.218.21 > > > 124.30.42.36 > > > > > > -for community. > > > > > > -BG > > > > > > > > > ~~Kalyan-mastu~~ > > > > -- > > > > / Raimo Niskanen, Erlang/OTP, Ericsson AB -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Can I specify the bios time offset utc?
On Tue, 11 Dec 2007, Dongsheng Song wrote: OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the bios time zone? http://www.openbsd.org/faq/faq8.html#TimeZone -- Antoine
Re: Default Route Issues
On 2007/12/10 19:58, Bret wrote: > The default route needs to be thru the wireless card and works fine untill I > add an IP for the wired lan vr() or I add it to the > bridge: up ral0 > up ral1 -- works great (and yes the up) > > but as soon as I add the vr0 the default route goes to the wired lan vr0. It sounds like you're using the same subnet on two network interfaces. That won't work. Either use different subnets, or use trunk. If that's not what you're trying to do, post the output from "netstat -rnfinet" and "ifconfig -A" so we can see how things are configured.
Re: Real men don't attack straw men
On Mon, Dec 10, 2007 at 11:27:08PM -0500, Jason Dixon wrote: > Nobody is criticizing RMS over his opinion. They are criticizing him > for ignorance and misrepresentation of the facts regarding OpenBSD. Actually, no, I am criticizing RMS over his opinion. He's supposed to have dedicated his life to such matters as free software. His arguments towards not recommnending OpenBSD are just a front. They sound logical, but he could interpret and present things differently. The real reason he doesn't recommend OpenBSD is because OpenBSD represents a viable alternative to his political views, and a very loud counter-voice to the `GPL world'. I've thought some more about it, and I cannot find any charitable interpretation of Stallman's words. You've got a choice of: 1/ complete idiot 2/ senile old fool disconnected from reality 3/ dangerous political activist with a hidden agenda
HELP! boot hangs at "setting tty flags"
Here is the background: (yesterday) I decided to CVSUP this morning and compiled the kernel. Unlike yesterday, the boot hung right after the filesystem mounts/checks. I thought maybe I had better be in sync with Userland, but make build did nothing to rectify the situation. I was very careful in making new /dev's, and also merging /etc/ So I am at a total loss. The computer requires a hard reboot so I can't generate any output to look at. However, I can boot into single user mode. (yesterday) A temporary hack: I changed the following in /etc/rc: echo 'setting tty flags' #ttyflags -a Previously it wasn't commented out. Now who knows what can of worms this hack will open up. (today) And it did. KDE locks up so that a hard reboot is necessary. So much for fooling with rc scripts. Thanks a lot. I know there is not much to go on with the hard reboots being necessary. Sincerely, Rob. -- "Emancipate yourself from mental slavery, none but ourselves can free our minds" Bob Marley, Redemption Song
Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Not sure what you're "answer" is. Yes, tag/tagged is off-tilt and being worked. No, everything with ftp-proxy is fine, it's pilot error in the rule set. Or little from "A" and little from "B." Shouldn't ftp-proxy set both its control and data channel needs correctly via its anchors. Else-wise if it needs me to do something for it, then isn't tag/tagged the clean why to effect manual rule entries? If so, then why no hits. Which brings us back to doh. /S -Original Message- From: Camiel Dobbelaar <[EMAIL PROTECTED]> To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]> Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working Date: Tue, 11 Dec 2007 10:23:59 +0100 Mailer: Thunderbird 2.0.0.9 (Windows/20071031) The "user proxy" rule should not be hit either, for FTP data connections... Only the FTP control (port 21) connections will be "owned" by user proxy. You always need a rule to allow the proxy to connect out on port 21.
GENERIC kernel compile fails at pcidevs_data.h
I cvsup'd this morning. Now I can't compile any kernels. They all hang at or near pcidevs_data.h Rob -- "Emancipate yourself from mental slavery, none but ourselves can free our minds" Bob Marley, Redemption Song
Re: Real men don't attack straw men
On 11/12/2007, Marc Espie <[EMAIL PROTECTED]> wrote: > You've got a choice of: > 1/ complete idiot > 2/ senile old fool disconnected from reality > 3/ dangerous political activist with a hidden agenda > Also I like the way he posts and disappears.
Re: GENERIC kernel compile fails at pcidevs_data.h
This was fixed a bit later. Just update from CVS again... Regards, Andreas On 11/12/2007, Rob Lytle <[EMAIL PROTECTED]> wrote: > I cvsup'd this morning. Now I can't compile any kernels. They all > hang at or near pcidevs_data.h > > Rob > > -- > "Emancipate yourself from mental slavery, none but ourselves can free > our minds" Bob Marley, Redemption Song > > -- Andreas Kahari Somewhere in the general Cambridge area, UK
Re: Real men don't attack straw men
Marc Espie wrote: > ... > You've got a choice of: Or 4) not up on the OpenBSD projects goals and current licensing requirements Some of that is probably due to the low profile of OpenBSD (low-profile is good, though) and the yammering of the FreeBSD crowd (which both includes a lot of MSFTers, and takes it upon itself to represent all *BSD). I realize it's good fun in Redmond to poke at RMS, however, that will not inform the public about the advantages of OpenBSD. The only purpose there is to make everyone look bad. Articles and other means of providing information about OpenBSD will increase knowledge of OpenBSD. Regards, -Lars
Re: : rouge IPs / user
On 12/11/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote: > I want to know if and what I can do (on the server side) about HTTP > clients that put sockets on my httpd server in state CLOSE_WAIT and > thereby chew up all sockets for the server causing a kind of > denial of service state. > > And yes, I have googled for "HPPT server socket CLOSE_WAIT" and > did not get much wiser. If I understand correctly you could try synproxy states with pf and let these states expire rapidly. If the states expire, I *think* pf should end the connection completely, so your half-closed sockets don't get stale. BUT perhaps I didn't get it at all and this makles no sense ;) --knitti
Re: Real men don't attack straw men
2007/12/11, Lars Noodin <[EMAIL PROTECTED]>: > 4) not up on the OpenBSD projects goals and current licensing requirements You mean not interested. He got to meet Theo personally, so he could easily stay informed -- if he wanted too. Best Martin
Re: Azalia driver doen't playback 22050 rate
Thanks for All! I'll be working in the source code of fxtv too. I'll wish that it record audio in (48000Khz) > hmm, I will take a look at what's going on with fxtv. > [EMAIL PROTECTED] > SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Real men don't attack straw men
On Dec 11, 2007, at 4:43 AM, Lars Noodin wrote: Marc Espie wrote: ... You've got a choice of: Or 4) not up on the OpenBSD projects goals and current licensing requirements Some of that is probably due to the low profile of OpenBSD (low- profile is good, though) and the yammering of the FreeBSD crowd (which both includes a lot of MSFTers, and takes it upon itself to represent all *BSD). I realize it's good fun in Redmond to poke at RMS, however, that will not inform the public about the advantages of OpenBSD. The only purpose there is to make everyone look bad. Articles and other means of providing information about OpenBSD will increase knowledge of OpenBSD. So a high profile public figure talking out of his ass and representing things he's not informed about as facts as opposed to asking questions to get informed is better ... how? That's what we would expect from a political activist not an engineer.
Re: Real men don't attack straw men
Lars NoodC)n <[EMAIL PROTECTED]> writes: > Articles and other means of providing information about OpenBSD will > increase knowledge of OpenBSD. Yes. I was pretty determined to stay out of this thread entirely, but I think you touch on an important point here. Like most people who have been in the field for a while I have a lot of respect for Richard's efforts, but whether he recommends using OpenBSD or not or whether he is acting on incorrect information about what ships with the system is in fact not that interesting. Richard is entitled to his opinions, and if his opinion of what 'free' means is different from a some other group's, that's something I for one can live with. What /is/ interesting, in my view, is the fact that OpenBSD is where some of the best technology available today, certainly when it comes to networking, is developed. And there's more to come. Using OpenBSD we build the systems we need, and they work a helluva lot better than most of the other stuff out there. OpenBSD is free and lets us create reliable, high performance, low maintenance networks and services, Stuff That Just Works. In fact it's so good it makes you *want* to contribute back. That's what I want to emphasize. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Real men don't attack straw men
> In particular, see http://www.gnu.org/philosophy/freedom-or-power.html. yeah, right. > Since I consider non-free software to be unethical and antisocial, LOL > I think it would be wrong for me to recommend it to others. Therefore, > if a collection of software contains (or suggests installation of) > some non-free program, I do not recommend it. The systems I recommend > are therefore those that do not contain (or suggest installation of) > non-free software. Therefore, you don't recommend linux. Oh wait ... > From what I have heard, (and carefully checked on the project's official website to make sure I don't spread bullshit), > OpenBSD does not contain non-free software (though I am not sure > whether it contains any non-free firmware blobs). Unlike linux, it does not. > However, its ports > system does suggest non-free programs, No it doesn't "suggest" non-free programs in any way; it just makes it possible and easy to install them. As you well know. > or > at least so I was told when I looked for some BSD variant that I could > recommend. Hm, you was told. Now one paragraph above you was told the opposite. Does that confuse you? > I therefore exercise my freedom of speech by not including > OpenBSD in the list of systems that I recommend to the public. Good for you! Your freedom of speech was once again in jeopardy, perhaps forcing you to include OpenBSD in the list of "software recommended by RMS." But it's over now, don't worry. Write a book about it instead. > The fact that OpenBSD is not a variant of GNU is not ethically > important. If OpenBSD did not suggest non-free programs, I would > recommend it along with the free GNU/Linux distros. As not being recommended byt RMS basically means an EOL of any sytem, I will deinstall tonight to be on the safe side. (I think I can guess a line or two of the 4.3 song) Jan
BIND and the measure of system entropy (randomness?)
Greetings, A disk in one of the old firewalls (not exactly critical) failed (running OpenBSD 2.9!), and I urgently need a DNS server to work. Replaced the disk and installed 4.2. Starting `named -g` (listing below), produces a few surprising messages, like: a) line 3: BIND trying to load the configuration from /etc an not from /var/named/etc (my understanding was that the default -c option looks for the named.config in /var/named/etc an not in /etc); b) lines 34 and 35: `could not open entropy source /dev/arandom: file not found` and `using pre-chroot entropy source /dev/arandom` complaining about a missing /var/named/dev/arandom device. What BIND has to do with the laws of thermo-dynamics? Can I safely ignore the above messages. BTW, I am NOT a BIND expert! Regards, Ioan -- # named -g Starting privilege seperation 12-Dec-2007 10:51:30.646 starting BIND 9.3.4 -g 12-Dec-2007 10:51:30.657 loading configuration from '/etc/named.conf' 12-Dec-2007 10:51:30.659 listening on IPv6 interfaces, port 53 Binding privsep [priv]: msg PRIV_BIND received Binding privsep [priv]: msg PRIV_BIND received 12-Dec-2007 10:51:30.663 listening on IPv4 interface lo0, 127.0.0.1#53 Binding privsep [priv]: msg PRIV_BIND received Binding privsep [priv]: msg PRIV_BIND received 12-Dec-2007 10:51:30.666 listening on IPv4 interface fxp0, 192.168.1.199#53 Binding privsep [priv]: msg PRIV_BIND received Binding privsep [priv]: msg PRIV_BIND received 12-Dec-2007 10:51:30.668 listening on IPv4 interface xl0, 192.168.2.199#53 Binding privsep [priv]: msg PRIV_BIND received Binding privsep [priv]: msg PRIV_BIND received 12-Dec-2007 10:51:30.670 listening on IPv4 interface xl1, 192.168.3.199#53 Binding privsep [priv]: msg PRIV_BIND received Binding privsep [priv]: msg PRIV_BIND received Binding locally Binding locally Binding privsep [priv]: msg PRIV_BIND received 12-Dec-2007 10:51:30.682 command channel listening on 127.0.0.1#953 12-Dec-2007 10:51:30.683 could not open entropy source /dev/arandom: file not found 12-Dec-2007 10:51:30.683 using pre-chroot entropy source /dev/arandom 12-Dec-2007 10:51:30.683 ignoring config file logging statement due to -g option 12-Dec-2007 10:51:30.686 zone 0.in-addr.arpa/IN: loaded serial 2007121001 12-Dec-2007 10:51:30.690 zone 0.0.127.in-addr.arpa/IN: loaded serial 2007121001 12-Dec-2007 10:51:30.693 zone 255.in-addr.arpa/IN: loaded serial 2007121001 12-Dec-2007 10:51:30.696 zone com.trans.in-addr.arpa/IN: loaded serial 2007121001 12-Dec-2007 10:51:30.700 zone trans.com./IN: loaded serial 2007121001 12-Dec-2007 10:51:30.702 zone localhost/IN: loaded serial 2007121001 12-Dec-2007 10:51:30.704 running
Re: BIND and the measure of system entropy (randomness?)
Hi, mufurcz wrote: Greetings, A disk in one of the old firewalls (not exactly critical) failed (running OpenBSD 2.9!), and I urgently need a DNS server to work. Replaced the disk and installed 4.2. Starting `named -g` (listing below), produces a few surprising messages, like: a) line 3: BIND trying to load the configuration from /etc an not from /var/named/etc (my understanding was that the default -c option looks for the named.config in /var/named/etc an not in /etc); This is because named is chrooted by default. b) lines 34 and 35: `could not open entropy source /dev/arandom: file not found` and `using pre-chroot entropy source /dev/arandom` complaining about a missing /var/named/dev/arandom device. I think this has to do with the chroot as well. I get this too, and no harm seems to be done. /Alexander
Re: HELP! boot hangs at "setting tty flags"- solved
I found a reference to commenting out tty03 in /etc/ttys. The machine now boots. Why? I have no idea. Rob. -- "Emancipate yourself from mental slavery, none but ourselves can free our minds" Bob Marley, Redemption Song
no 4.2-stable package updates??
As a matter of policy, are -stable packages updated for security fixes? I know that used to be the case, but as of today (40 days after 4.2 was released), there are *no* 4.2-stable package updates shown at http://www.openbsd.org/pkg-stable.html. In contrast, there are 183 4.1-stable updates shown (accumulated over the roughly 7 months from 4.1-release to now), and 249 4.0-stable updates shown (presumably accumulated over the year from 4.0-release to the end of 4.0-stable updates when 4.2 was released), and my memory of past releases (going back some years) is of a similar steady trickle of -stable package updates (often described as security fixes). So, am I just "lucky" that no bugs-important-enough-for-stable-updates have been found in any 4.2 packages yet? Is there somewere other than http://www.openbsd.org/pkg-stable.html that I should be watching if I want to keep -stable packages up to date with security fixes? ciao, -- -- Jonathan Thornburg (remove -animal to reply) <[EMAIL PROTECTED]> School of Mathematics, U of Southampton, England "Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral." -- quote by Freire / poster by Oxfam
Re: Default Route Issues
Greets OK here is the update: Internet I OpenBSD 4.2 (1) --- wired LAN I wireless card - 10.60.128.1 I I (the following is the problem box) I wireless card ral0 - 10.60.128.2 I OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1 I wireless card ral1 - 10.60.129.1 I am pulling this info off another server/router that I have at home so the vr0 interface is replaced with the em0 First ifconfig -A, netstat -rnfinet without the wired lan (em0) enabled. *ifconfig -A* lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet* Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 3 89 - ral0 10.60.128/18 link#1 UC 10 - ral0 10.60.128.100:08:a1:ad:0a:46 UHLc18 - ral0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 at this time I can ping the OpenBSD (1) server fine everything works, I now enable em0 and reboot to get the following, ( I do not have routed_flags="-q" enabled but I get the same results if I do have it enabled. *ifconfig -A *lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8843 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4 pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet *Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 00 - ral0 10.60.128/18 link#4 UC 10 - em0 10.60.128.1link#4 UHLc2 13 - em0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 As you can see I now have a fubared routing table. I can no longer ping OpenBSD (1), I have tried to do a route flush and manual route add but it always comes back to this. Stuart Henderson wrote: >On 2007/12/10 19:58, Bret wrote: > > >>The default route needs to be thru the wireless card and works fine untill I >>add an IP for the wired lan vr() or I add it to the >>bridge: up ral0 >> up ral1 -- works great (and yes the up) >> >>but as soon as I add the vr0 the default route goes to the wired lan vr0. >> >>
Re: Default Route Issues
Greets OK here is the update: Internet I OpenBSD 4.2 (1) --- wired LAN I wireless card - 10.60.128.1 I I (the following is the problem box) I wireless card ral0 - 10.60.128.2 I OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1 I wireless card ral1 - 10.60.129.1 I am pulling this info off another server/router that I have at home so the vr0 interface is replaced with the em0 First ifconfig -A, netstat -rnfinet without the wired lan (em0) enabled. *ifconfig -A* lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet* Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 3 89 - ral0 10.60.128/18 link#1 UC 10 - ral0 10.60.128.100:08:a1:ad:0a:46 UHLc18 - ral0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 at this time I can ping the OpenBSD (1) server fine everything works, I now enable em0 and reboot to get the following, ( I do not have routed_flags="-q" enabled but I get the same results if I do have it enabled. *ifconfig -A *lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8843 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4 pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet *Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 00 - ral0 10.60.128/18 link#4 UC 10 - em0 10.60.128.1link#4 UHLc2 13 - em0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 As you can see I now have a fubared routing table. I can no longer ping OpenBSD (1), I have tried to do a route flush and manual route add but it always comes back to this. Bret Stuart Henderson wrote: >On 2007/12/10 19:58, Bret wrote: > > >>The default route needs to be thru the wireless card and works fine untill I >>add an IP for the wired lan vr() or I add it to the >>bridge: up ral0 >> up ral1 -- works great (and yes the up) >> >>but as soon as I add the vr0 the default route goes to the wired lan vr0. >>
Re: no 4.2-stable package updates??
On Tue, 11 Dec 2007, Jonathan Thornburg wrote: So, am I just "lucky" that no bugs-important-enough-for-stable-updates have been found in any 4.2 packages yet? Is there somewere other than http://www.openbsd.org/pkg-stable.html that I should be watching if I want to keep -stable packages up to date with security fixes? There're no -stable packages anymore. Lack of interest/man power. -- Antoine
Re: BIND and the measure of system entropy (randomness?)
On Wed, Dec 12, 2007 at 01:08:42AM +1100, mufurcz wrote: Hi. > Greetings, > > A disk in one of the old firewalls (not exactly critical) failed (running > OpenBSD 2.9!), and I urgently > need a DNS server to work. Replaced the disk and installed 4.2. Starting > `named -g` (listing below), > produces a few surprising messages, like: > > a) line 3: BIND trying to load the configuration from /etc an not from > /var/named/etc (my understanding > was that the default -c option looks for the named.config in /var/named/etc > an not in /etc); AFAIK the originale,unmodified bind from OpenBSD runs in a chroot()ed environment under /var/named. So its root is really at /. So if it says it reads from /etc/named.conf it _REALLY_ reads from /var/named/etc/named.conf because of the chroot. > b) lines 34 and 35: `could not open entropy source /dev/arandom: file not > found` and `using pre-chroot > entropy source /dev/arandom` complaining about a missing > /var/named/dev/arandom device. Same as above. /dev/arandom is _REALLY_ /var/named/dev/arandom. So just why not creating this device? cd /var/named/dev mknod arandom c 45 4 > What BIND has to do with the laws of thermo-dynamics? Can I safely ignore > the above messages. BIND needs /dev/arandom for some stuff like generating random IDs. > BTW, I am NOT a BIND expert! Neither do I ;) Oh and don't forget the chroot() thingy mentioned above. If you write to logfiles etc. they will get written to /var/named/var/log/... ! HTH, Andreas. -- Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of an 8-bit operating system written for a 4-bit processor by a 2-bit company who cannot stand 1 bit of competition.
HUAWEI not recognized properly (3 modem)
I borrowed a HUAWEI modem just to see how it is recognized. With umass enabled it is recognized as a CD. Disabling umass and it is found as ugen. From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 I figured it should have been recognized as ubsa. Any suggestions? dmesg with umass disabled and output from 'usbdevs -v' below. /Markus OpenBSD 4.2-current (GENERIC) #571: Mon Nov 26 07:12:53 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III Mobile CPU 1000MHz ("GenuineIntel" 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267808768 (255MB) avail mem = 251047936 (239MB) User Kernel Config UKC> disable umass 348 umass* disabled UKC> quit Continuing... mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/03, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xfc087 (37 entries) bios0: vendor Compaq version "686DF v2.49" date 12/31/2003 bios0: Compaq Evo N600c apm0 at bios0: Power Management spec V1.2 (BIOS managing devices) apm0: battery life expectancy 0% apm0: AC on, battery charge high pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0a00/272 (15 entries) pcibios0: bad IRQ table checksum pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5280/272 (15 entries) pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801CAM LPC" rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xf000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82830MP CPU-I/O-1" rev 0x04 agp0 at pchb0: can't find internal VGA device config space ppb0 at pci0 dev 1 function 0 "Intel 82830MP CPU-AGP" rev 0x04 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M6 LY" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801CA/CAM USB" rev 0x02: irq 11 uhci2 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq 11 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42 pci2 at ppb1 bus 2 cbb0 at pci2 dev 3 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11 cbb1 at pci2 dev 3 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11 "AT&T/Lucent LTMODEM" rev 0x02 at pci2 dev 4 function 0 not configured fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VM" rev 0x42, i82562: irq 11, address 00:02:a5:b8:71:b5 inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0 esa0 at pci2 dev 9 function 0 "ESS ES1989" rev 0x12: irq 11 ac97: codec id 0x45838308 (ESS Technology ES1921) ac97: codec features 20 bit DAC, 20 bit ADC, ESS Technology audio0 at esa0 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02: 24-bit timer at 3579545Hz: SpeedStep pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ef4d netmask ef4d ttymask ffcf mtrr: Pentium Pro MTRR support ugen0 at uhub1 port 1 "HUAWEI Technologies HUAWEI Mobile" rev 1.10/0.00 addr 2 softraid0 at root dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b $ usbdevs -v Controller /dev/usb0: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 port 1 addr 2: full speed, power 500 mA, config 1, HUAWEI Mobile(0x1003), HUAWEI Technologies(0x12d1), rev 0.00 port 2 powe
Re: no 4.2-stable package updates??
2007/12/11, Antoine Jacoutot <[EMAIL PROTECTED]>: > There're no -stable packages anymore. Get -stable ports fixed? Best Martin
Re: Azalia driver locks up computer Sony SZ460N
Gqmeg works so its either XMMS or the way XMMS controls the driver. I will recompile XMMS. -- "Emancipate yourself from mental slavery, none but ourselves can free our minds" Bob Marley, Redemption Song
Re: HUAWEI not recognized properly (3 modem)
- Original Message - From: "Markus Bergkvist" <[EMAIL PROTECTED]> I borrowed a HUAWEI modem just to see how it is recognized. With umass enabled it is recognized as a CD. Disabling umass and it is found as ugen. From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 I figured it should have been recognized as ubsa. Any suggestions? the modem you have (vendor id 0x1003) should be an E220 HSDPA modem. exactly the same device i tried to "run" last week on freebsd, where i got the same trouble as you. the problem is, that the device when plugged in, initially reports itself as a mass-storage device which will cause a cd-rom to be found. as far as i could figure out in tests (and some others pointed me in the right direction of course), the device needs some proper "message" to be transferred to switch from mass-storage mode into the modem mode. currently, there is a thread on the freebsd lists with the subject "huawei e220 hsdpa on freebsd 6.3-BETA2" regarding this. have a look on it, it'll help you out maybe... i'm currently testing the c-code which is provided there (i'm not a guru) but the first one does not look that bad (there are some errors and problems which i do not really have the time right now to look into). sorry, can't tell anything better right now on this, cheers ;)
Azalia driver locks up computer Sony SZ460N
Here is the dmesg. Note that I have #define AZALIA_DEBUG but there are no debug messages. OpenBSD 4.2-current (ROBKERN3) #0: Mon Dec 10 21:56:24 PST 2007 root@:/usr/src/sys/arch/i386/compile/ROBKERN3 cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz ("GenuineIntel" 686-class) 2.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR real mem = 2145415168 (2046MB) avail mem = 2067009536 (1971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 04/12/07, BIOS32 rev. 0 @ 0xfdbd0, SMBIOS rev. 2.4 @ 0xdc010 (19 entries) bios0: vendor Phoenix Technologies LTD version "R0112N0" date 04/12/2007 bios0: Sony Corporation VGN-SZ460N acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC HPET MCFG TCPA SLIC APIC BOOT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PWRB(S4) S1F0(S4) S1F1(S4) S1F2(S4) S1F3(S4) S1F4(S4) S1F5(S4) S1F6(S4) S1F7(S4) TLAN(S3) DLAN(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) SLT0(S4) EC0_(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEGP) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus 6 (RP02) acpiprt4 at acpi0: bus 7 (RP03) acpiprt5 at acpi0: bus 8 (RP04) acpiprt6 at acpi0: bus 9 (PCIB) acpiec0 at acpi0 acpicpu0 at acpi0: C2 acpitz0 at acpi0: critical temperature 99 degC acpitz1 at acpi0: critical temperature 100 degC acpitz2 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibat0 at acpi0: BAT1 type LION oem "Sony Corp." acpiac0 at acpi0: AC unit online acpidock at acpi0 not configured bios0: ROM list: 0xc/0xf000 0xdc000/0x4000! 0xe/0x1c00! cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x060b0c2206000c22 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 2000 MHz (1244 mV): speeds: 2000, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03 agp0 at pchb0: no integrated graphics ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: irq 5 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor "NVIDIA", unknown product 0x01d8 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 10 azalia0: codec[s]: Sigmatel 83847661, Conexant/0x2bfa, using Sigmatel 83847661 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: irq 5 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: irq 10 pci3 at ppb2 bus 6 wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: irq 10, MoW1, address 00:19:d2:31:93:15 ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: irq 10 pci4 at ppb3 bus 7 mskc0 at pci4 dev 0 function 0 "Marvell Yukon 88E8036" rev 0x16, Yukon-2 FE (0x1): irq 10 msk0 at mskc0 port A: address 00:13:a9:90:7c:69 eephy0 at msk0 phy 0: Marvell 88E3082 10/100 PHY, rev. 3 ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: irq 10 pci5 at ppb4 bus 8 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 10 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 10 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 10 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 10 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 pci6 at ppb5 bus 9 cbb0 at pci6 dev 4 function 0 "TI PCIXX12 CardBus" rev 0x00 (chipflags 2): intrpin A, intrtag 255 : couldn't map interrupt "TI PCIXX12 FireWire" rev 0x00 at pci6 dev 4 function 1 not configured "TI PCIXX12 Multimedia Card Reader" rev 0x00 at pci6 dev 4 function 2 not configured ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: polling iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity P
Re: Default Route Issues
On 2007/12/11 08:40, Bret wrote: > OK here is the update: > ral0: flags=8843 mtu 1500 > ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid > inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 > ral1: flags=8843 mtu 1500 > ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid > inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 > em0: flags=8843 mtu 1500 > media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) > inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255 As I suspected, these are all in the same network. $ ipcalc 10.60.130.1/0xc000 address : 10.60.130.1 netmask : 255.255.192.0 (0xc000) network : 10.60.128.0 /18 broadcast : 10.60.191.255 host min : 10.60.128.1 host max : 10.60.191.254 hosts/net : 16382 Your chosen netmask makes the first 18 bits of the IP address be the network address, so 10.60.128 [...] 10.60.191 are all in the same network. This part of the address should be different between interfaces.
Re: no 4.2-stable package updates??
On Tue, 11 Dec 2007, Martin Schrvder wrote: > Get -stable ports fixed? Lack of interest/man power. -- Antoine
Re: Default Route Issues
On Tue, 11 Dec 2007 22:40:06 +0700, Bret <[EMAIL PROTECTED]> wrote: Greets OK here is the update: Internet I OpenBSD 4.2 (1) --- wired LAN I wireless card - 10.60.128.1 I I (the following is the problem box) I wireless card ral0 - 10.60.128.2 I OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1 I wireless card ral1 - 10.60.129.1 I am pulling this info off another server/router that I have at home so the vr0 interface is replaced with the em0 First ifconfig -A, netstat -rnfinet without the wired lan (em0) enabled. *ifconfig -A* lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet* Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 3 89 - ral0 10.60.128/18 link#1 UC 10 - ral0 10.60.128.100:08:a1:ad:0a:46 UHLc18 - ral0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 at this time I can ping the OpenBSD (1) server fine everything works, I now enable em0 and reboot to get the following, ( I do not have routed_flags="-q" enabled but I get the same results if I do have it enabled. *ifconfig -A *lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7 ral0: flags=8843 mtu 1500 lladdr 00:08:a1:ad:0a:32 groups: wlan egress media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g) status: active ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 00:08:a1:ad:0a:46 50dB 100dBm inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1 ral1: flags=8843 mtu 1500 lladdr 00:08:a1:b5:64:e2 groups: wlan media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap) status: active ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 00:08:a1:b5:64:e2 100dBm inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2 fxp0: flags=8802 mtu 1500 lladdr 00:e0:81:65:f2:4d media: Ethernet autoselect (none) status: no carrier em0: flags=8843 mtu 1500 lladdr 00:e0:81:65:f2:4c media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255 inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4 pflog0: flags=0<> mtu 33224 enc0: flags=0<> mtu 1536 *netstat -rnfinet *Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default10.60.128.1UGS 00 - ral0 10.60.128/18 link#4 UC 10 - em0 10.60.128.1link#4 UHLc2 13 - em0 127/8 127.0.0.1 UGRS00 33224 lo0 127.0.0.1 127.0.0.1 UH 10 33224 lo0 224/4 127.0.0.1 URS 00 33224 lo0 As you can see I now have a fubared routing table. I can no longer ping OpenBSD (1), I have tried to do a route flush and manual route add but it always comes back to this. Bret Stuart Henderson wrote: On 2007/12/10 19:58, Bret wrote: The default route needs to be thru the wireless card and works fine untill I add an IP for the wired lan vr() or I add it to the bridge: up ral0 up ral1 -- works great (and yes the up) but as soon as I add the vr0 the default route g
Re: HUAWEI not recognized properly (3 modem)
Re: Can I specify the bios time offset utc?
On Dec 11, 2007 12:58 AM, Dongsheng Song <[EMAIL PROTECTED]> wrote: > > 2007/12/11, Darren Spruell <[EMAIL PROTECTED]>: > > > On Dec 10, 2007 9:58 PM, Dongsheng Song <[EMAIL PROTECTED]> wrote: > > > OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the > > > bios time zone? > > > > http://marc.info/?l=openbsd-misc&m=111956694726618&w=2 > > > Thanks, but I can NOT open the page, could you excerpt for me ? Really? What's wrong? Are you in China? -Nick
Re: Can I specify the bios time offset utc?
On Dec 11, 2007 11:26 AM, Nick Guenther <[EMAIL PROTECTED]> wrote: > On Dec 11, 2007 12:58 AM, Dongsheng Song <[EMAIL PROTECTED]> wrote: > > > > 2007/12/11, Darren Spruell <[EMAIL PROTECTED]>: > > > > > On Dec 10, 2007 9:58 PM, Dongsheng Song <[EMAIL PROTECTED]> wrote: > > > > OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the > > > > bios time zone? > > > > > > http://marc.info/?l=openbsd-misc&m=111956694726618&w=2 > > > > > > Thanks, but I can NOT open the page, could you excerpt for me ? > > Really? What's wrong? Are you in China? "it's PRC" so yes. My real question, though, is: do you mean that the great firewall of china is blocking marc.info? Does it give any message when it does, or can you just not talk to it? Can you DNS it (`nslookup marc.info`)? -Nick
Re: About non-free software in OpenBSD
Hi, On Mon, Dec 10, 2007 at 11:43:35AM -0500, Nick Guenther wrote: > << their software application must ship the sources or a written notice > on where to get sources. Since web applications are applications, all > web applications and html pages that are powered by GNU scripts must > ship the sources (or a written notice) each time someone requests the > web page inside their web browser. Web developers are not doing this. > No one has noticed.>> > In fairness, these charges seem overzealous; deliberately > misinterpretting the spirit of the GPL. I don't know, though, so I'd > like it to be cleared up; as I understand it, a web app doesn't count > as "publishing"; people just using code like that are under no > obligation to publish it, and it's just the author/vendor who is > obligated to provide source. > Though, I suppose RMS (a hypothetical, consistent RMS) mght argue that > if you are providing a "web app" piece of software, then if your users > cannot edit your site on you ("modify software they use") then you are > violating the Four Freedoms and the GPL. > Is any of that anywhere near reality? there was an article in the current issue of the german Linux Magazin, it covers the use of GPLv2'ed web applications regarding "Software as a Service, Application Service Providing and Free Software". According to this article, the GPL(v2) does not consider this kind of use of Free Software as distribution. Because of that, the FSF designed the "Affero General Public License" (AGPL) [1]. Additionally, the article says that in GPLv3, they make use of the term "convey" which also didn't consider the kind of distribution that happens with a web application as a distribution of software, therefore they started a "AGPLv3" [2]. hth Sebastian [1] http://linux-magazin.de/heft_abo/ausgaben/2008/01/freier_zugriff?category=0 [2] http://www.affero.org/oagpl.html [3] http://gplv3.fsf.org/agplv3-dd2-guide.html [demime 1.01d removed an attachment of type application/pgp-signature]
aggregate-address in openbgpd
How I can aggregate small prefixes, received from internal peers into big one in openbgpd ? Like cisco's 'aggregate-address' feature. I've search in documentation and source code, but found nothing about prefix aggregation.
Re: : rouge IPs / user
Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try enabling syn cookies. On Dec 11, 2007 5:43 AM, knitti <[EMAIL PROTECTED]> wrote: > On 12/11/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote: > > I want to know if and what I can do (on the server side) about HTTP > > clients that put sockets on my httpd server in state CLOSE_WAIT and > > thereby chew up all sockets for the server causing a kind of > > denial of service state. > > > > And yes, I have googled for "HPPT server socket CLOSE_WAIT" and > > did not get much wiser. > > If I understand correctly you could try synproxy states with pf and let these > states expire rapidly. If the states expire, I *think* pf should end the > connection completely, so your half-closed sockets don't get stale. > BUT perhaps I didn't get it at all and this makles no sense ;) > > --knitti > > -- Systems Programmer, Principal Electrical & Computer Engineering The University of Arizona [EMAIL PROTECTED]
HP LaserJet P2015 on OpenBSD -- BEWARE
I recently purchased an HP LaserJet P2015 printer, and I wanted to warn other users not to make the same mistake. The printer crashes intermittently while trying to print PostScript files with lpd. A little googling revealed that other users have also had problems with this model http://www.macintouch.com/readerreports/printing/topic2869.html#27aug2007
Re: : rouge IPs / user
Raimo Niskanen wrote: On Tue, Dec 11, 2007 at 01:15:11AM +1300, Joel Wiramu Pauling wrote: Tip. Don't allow password challenge. Problem solved. Just use key'd ssh and this problem disappears. Bin there, done that. You answered the wrong question. I think you got the right answer many times so far, but you just refuse to take the advise. People have told you many times to just use pf and be done with it. You just reply and dismiss them like one here: "I was adviced for pf, but right now a simple ssh-config and hosts.allow/deny is serving me fine. I will learn and use pf in due course." I want to know if and what I can do (on the server side) about HTTP clients that put sockets on my httpd server in state CLOSE_WAIT and thereby chew up all sockets for the server causing a kind of denial of service state. People have giving you the answer over and over, but it is up to you to listen tot he advise. And yes, I have googled for "HPPT server socket CLOSE_WAIT" and did not get much wiser. I am not sure you actually did, but I will give you the benefit here. Again, the same answer and same advise. Get with it and use pf. If you google it, you would have seen exactly the answer and example to your question here yet again using pf: http://openbsd.org/faq/pf/filter.html#synproxy It one thing to ask for help and advise, users here have given you plenty of really good one, it's an other to refuse it, dismiss it and come back saving no one tell you the answer, or provide you answer to the wrong question. The answer to your problem is just to use PF, or may be the real problem is between the monitor and the chair. Please, just read on it and do it right and stop telling people are not helping you. They are and they give you the right answer, but you refuse them. Your computer(s), your choice, that I get it, but then don't say you don't get help. Great FAQ on PF and it's easy to read: Spend the same amount of time reading it as you write emails and you will know it much better then I looks like. http://openbsd.org/faq/pf/ If you want more then read great docs on it here: http://www.bsdly.net/~peter/pf.html and if that still not answering your questions, then get the book: http://nostarch.com/frameset.php?startat=pf So far ALL the answers to your various questions on the subject and the variation of it is to use PF, so just do it. Hope this help you some. Best, Daniel
Re: About non-free software in OpenBSD
wow how completely uninteresting. How about kicking the lawyers out and writing some code instead? I know its a weird concept. On Tue, Dec 11, 2007 at 05:24:24PM +0100, Sebastian Raible wrote: > Hi, > > > On Mon, Dec 10, 2007 at 11:43:35AM -0500, Nick Guenther wrote: > > << > their software application must ship the sources or a written notice > > on where to get sources. Since web applications are applications, all > > web applications and html pages that are powered by GNU scripts must > > ship the sources (or a written notice) each time someone requests the > > web page inside their web browser. Web developers are not doing this. > > No one has noticed.>> > > In fairness, these charges seem overzealous; deliberately > > misinterpretting the spirit of the GPL. I don't know, though, so I'd > > like it to be cleared up; as I understand it, a web app doesn't count > > as "publishing"; people just using code like that are under no > > obligation to publish it, and it's just the author/vendor who is > > obligated to provide source. > > Though, I suppose RMS (a hypothetical, consistent RMS) mght argue that > > if you are providing a "web app" piece of software, then if your users > > cannot edit your site on you ("modify software they use") then you are > > violating the Four Freedoms and the GPL. > > Is any of that anywhere near reality? > > there was an article in the current issue of the german Linux Magazin, > it covers the use of GPLv2'ed web applications regarding "Software as a > Service, Application Service Providing and Free Software". > > According to this article, the GPL(v2) does not consider this kind of > use of Free Software as distribution. Because of that, the FSF designed > the "Affero General Public License" (AGPL) [1]. > Additionally, the article says that in GPLv3, they make use of the term > "convey" which also didn't consider the kind of distribution that > happens with a web application as a distribution of software, therefore > they started a "AGPLv3" [2]. > > > hth > Sebastian > > [1] > http://linux-magazin.de/heft_abo/ausgaben/2008/01/freier_zugriff?category=0 > [2] http://www.affero.org/oagpl.html > [3] http://gplv3.fsf.org/agplv3-dd2-guide.html > > [demime 1.01d removed an attachment of type application/pgp-signature]
halt -p/reboot -> ddb (was Re: halt -p: Stopped at gettick+0xec: inb $0x40,%al)
On 2007/12/10 17:32, Stuart Henderson wrote: > On 2007/12/10 17:06, Stuart Henderson wrote: > > I've got a ServerWorks-based Fujitsu-Siemens Xeon box. At 'halt -p' > > (with or without acpi) the following happens (no panic). > > Ugh. 'reboot', too. More info: with bsd.mp, reboot drops to ddb too, but differently. (GENERIC.MP dmesg is added right at the bottom). halt -p works. At this point 'c' allows the reboot/halt to proceed, so at least I no longer need a power-cycle. This works ok in 4.0, not in 4.1/newer. sycing disks... done Stopped at __mp_lock+0x3e: movl0x4(%edx),%eax ddb{1}> tr __mp_lock(d07cc144,d048767a,dac34f1c,dac34f1c) at __mp_lock+0x3e i386_softintlock(0,d0350058,d6b50010,10,dac30010) at i386_softintlock+0x10 Xintrltimer() at Xintrltimer+0x47 --- interrupt --- cpu_idle_cycle(d1270800) at cpu_idle_cycle+0xf Bad frame pointer: 0xd0911e78 ddb{1}> ps PID PPID PGRPUID S FLAGS WAIT COMMAND 6898 1 6898 0 7 0x2004002reboot 15 0 0 0 30x100200 bored crypto 14 0 0 0 3 0x2100200 aiodoned aiodoned 13 0 0 0 2 0x2100200update 12 0 0 0 3 0x2100200 cleaner cleaner 11 0 0 0 30x100200 reaperreaper 10 0 0 0 3 0x2100200 pgdaemon pagedaemon 9 0 0 0 2 0x2100600pfpurge 8 0 0 0 3 0x2100200 usbtskusbtask 7 0 0 0 3 0x2100200 usbevtusb0 6 0 0 0 3 0x2100200 acpi_idle acpi0 *5 0 0 0 70x100200idle1 4 0 0 0 30x100200 bored syswq 3 0 0 0 30x100200idle0 2 0 0 0 3 0x2100200 kmalloc kmthread 1 0 1 0 3 0x2004080 wait init 0 -1 0 0 3 0x2080200 scheduler swapper Another time, syncing disks... done Stopped at lapic_delay+0x3a: cmpl%esi,%edi ddb{0}> tr lapic_delay(3e8,0,4,febf) at lapic_delay+0x3a ahd_reset(d1278000,0,804010,dac4aeb0,d02032c9) at ahd_reset+0xae ahd_shutdown(d1278000,1fca5097,2,145886) at ahd_shutdown+0x2e dohooks(d078bf00,1,dac4af00,d047c915) at dohooks+0x6b boot(0,0,dac4af40,0,d078af34) at boot+0x63 sys_reboot(d6a47568,dac4af68,dac4af58,,2a) at sys_reboot+0x26 syscall() at syscall+0x27e --- syscall (number 55) --- 0x1c0009c1: ddb{0}> ps PID PPID PGRPUID S FLAGS WAIT COMMAND *10478 1 10478 0 7 0x2805002reboot 15 0 0 0 30x100200 bored crypto 14 0 0 0 3 0x2100200 aiodoned aiodoned 13 0 0 0 2 0x2100200update 12 0 0 0 3 0x2100200 cleaner cleaner 11 0 0 0 30x100200 reaperreaper 10 0 0 0 3 0x2100200 pgdaemon pagedaemon 9 0 0 0 2 0x2100600pfpurge 8 0 0 0 3 0x2100200 usbtskusbtask 7 0 0 0 3 0x2100200 usbevtusb0 6 0 0 0 3 0x2100200 acpi_idle acpi0 5 0 0 0 70x100200idle1 4 0 0 0 30x100200 bored syswq 3 0 0 0 30x100200idle0 2 0 0 0 3 0x2100200 kmalloc kmthread 1 0 1 0 3 0x2004080 wait init 0 -1 0 0 2 0x2080200swapper On 2007/12/10 17:32, Stuart Henderson wrote: > On 2007/12/10 17:06, Stuart Henderson wrote: > > I've got a ServerWorks-based Fujitsu-Siemens Xeon box. At 'halt -p' > > (with or without acpi) the following happens (no panic). > > Ugh. 'reboot', too. > > > Any suggestions? > > > > # halt -p > > /etc/rc.shutdown in progress... > > /etc/rc.shutdown complete. > > sycing disks... done > > Stopped at gettick+0xec: inb $0x40,%al > > ddb> tr > > gettick(d116d000,4,186a0,3e8,d116d000) at gettick+0xec > > i8254_delay(3e8,0,4,febf) at i8254_delay+0x11 > > ahd_reset(d116d000,0,804010,dab27eb0,d0202251) at ahd_reset+0xae > > ahd_shutdown(d116d000,2e9b,dab27ee0,d05caedd) at ahd_shutdown+0x2e > > dohooks(d0782000,1,dab27f00,d047a654) at dohooks+0x6b > > boot(1008,0,dab27f40,0,d0781034) at boot+0x63 > > sys_reboot(d693dc20,dab27f68,dab27f58,,30) at sys_reboot+0x26 > > syscall() at syscall+0x24e > > --- syscall (number 55) --- > > 0x1c0009c1: > > ddb> ps > >PID PPID PGRPUID S FLAGS WAIT COMMAND > > *21404 1 21404 0 7 0x4002halt > > 14 0 0 0 30x100200 bored crypto > > 13 0 0 0 30x100200
Re: Real men don't attack straw men
Peter N. M. Hansteen wrote: Using OpenBSD we build the systems we need, and they work a helluva lot better than most of the other stuff out there. OpenBSD is free and lets us create reliable, high performance, low maintenance networks and services, Stuff That Just Works. In fact it's so good it makes you *want* to contribute back. That's what I want to emphasize. Amen, There is nothing more to say. There is the one still looking for an OS that might work for some of their needs, and there is OpenBSD for a lots of them. And yes, it just work!
Re: no 4.2-stable package updates??
My opinion is that more money should be raised in order to keep -stable up to date. I think it's important to mantain a stable distribution, it's one of the things that give openbsd it's fame of being solid rock Marcos - Original Message - From: "Antoine Jacoutot" <[EMAIL PROTECTED]> To: "Martin Schrvder" <[EMAIL PROTECTED]> Cc: "Misc-Openbsd Listserv" Sent: Tuesday, December 11, 2007 1:09 PM Subject: Re: no 4.2-stable package updates?? On Tue, 11 Dec 2007, Martin Schrvder wrote: > Get -stable ports fixed? Lack of interest/man power. -- Antoine
Re: aggregate-address in openbgpd
On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote: > How I can aggregate small prefixes, received from internal peers into > big one in openbgpd ? Like cisco's 'aggregate-address' feature. > I've search in documentation and source code, but found nothing about > prefix aggregation. > bgpd does not support aggregation of addresses. After 4 years of bgpd your the first to request this so don't expect that it changes soon. -- :wq Claudio
Re: : rouge IPs / user
On 2007/12/11 09:40, Marti Martinez wrote: > Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try > enabling syn cookies. synproxy works at the start of the connection, not the end. CLOSE_WAIT is the state where the network stack waits for the application (httpd) to close the connection after receiving the client's FIN.
Re: Azalia driver locks up computer Sony SZ460N
Rob Lytle writes: > Here is the dmesg. Note that I have #define AZALIA_DEBUG but there > are no debug messages. > > OpenBSD 4.2-current (ROBKERN3) #0: Mon Dec 10 21:56:24 PST 2007 > root@:/usr/src/sys/arch/i386/compile/ROBKERN3 Can you reproduce this (whatever it is) while running a snapshot kernel? It sounds like your source tree and build environment are broken.
Re: Real men don't attack straw men
> > You've got a choice of: (...) > > 3/ dangerous political activist with a hidden agenda > Or > > 4) not up on the OpenBSD projects goals and current licensing requirements To quote Robert Steele (from memory): "Given a choice between incompetence and conspiracy, always go for incompetence, because incompetence is vastly more likely." ( cf. http://en.wikipedia.org/wiki/Robert_David_Steele )
Re: BIND and the measure of system entropy (randomness?)
On 12/11/07, Andreas Maus <[EMAIL PROTECTED]> wrote: > On Wed, Dec 12, 2007 at 01:08:42AM +1100, mufurcz wrote: > > b) lines 34 and 35: `could not open entropy source /dev/arandom: file not > > found` and `using pre-chroot > > entropy source /dev/arandom` complaining about a missing > > /var/named/dev/arandom device. > Same as above. /dev/arandom is _REALLY_ /var/named/dev/arandom. > So just why not creating this device? > cd /var/named/dev > mknod arandom c 45 4 > > > What BIND has to do with the laws of thermo-dynamics? Can I safely ignore > > the above messages. > BIND needs /dev/arandom for some stuff like generating random IDs. on OpenBSD it doesn't. There was a mail from Theo regarding exactly this error message, stating that on OpenBSD BIND doesn't use (or need) this. You could search the archives... --knitti
Re: : rouge IPs / user
On 12/11/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2007/12/11 09:40, Marti Martinez wrote: > > Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try > > enabling syn cookies. > > synproxy works at the start of the connection, not the end. > > CLOSE_WAIT is the state where the network stack waits for > the application (httpd) to close the connection after receiving > the client's FIN. oh sorry, then I was wrong. So when client's FIN is already in, then (depending on how long it takes), is it normal behaviour of httpd or could it be considered a bug? --knitti
Re: Real men don't attack straw men
From my perspective as someone outside the BSD and GPL cultures, both camps seem to have many more similarities than differences. I see both Theo and Richard as principled iconoclasts, stubbornly creating and promoting software that meets their individual high standards, meeting and overcoming difficult opposition. It seems likely that no one license can preserve all possible freedoms. In my view, both licenses have advantages the other cannot possess. So I don't think reconciliation is required, or even desirable (and, from a purely selfish standpoint, I find following these threads to be far more entertaining than sports). Despite your differences, you probably remain the other's closest ally. There is ample room for GPL and BSD. We need eternally free software, if only as a counterbalance and last resort to encroaching commercialism. But there are also essential functions in a networked world that are best served by software that can be used for any purpose. I value the liberty of deciding what freedoms are most important to a project and its goals, and picking the license that best suits it. -Ken
Re: Real men don't attack straw men
On Tue, Dec 11, 2007 at 12:28:29PM -0600, Ken Ismert wrote: > It seems likely that no one license can preserve all possible > freedoms. In my view, both licenses have advantages the other > cannot possess. So I don't think reconciliation is required, or > even desirable (and, from a purely selfish standpoint, I find > following these threads to be far more entertaining than sports). > Despite your differences, you probably remain the other's > closest ally. > > There is ample room for GPL and BSD. We need eternally free > software, if only as a counterbalance and last resort to > encroaching commercialism. But there are also essential > functions in a networked world that are best served by > software that can be used for any purpose. I value the > liberty of deciding what freedoms are most important to > a project and its goals, and picking the license that > best suits it. There seems to be a subtext in your message that one license is more free than the other, and that the more free license is the GPL. This is not true. Offering something to someone as "free" with one hand, while taking back rights with the other is not free. BSD/MIT/ISC licenses retain a very minimal set of rights to the original author(s), and give away everything else. Whatever the merits of ISC v. GPL, there's really no debate on which is more free. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Real men don't attack straw men
Why don't you ask Theo, whom you once praised, about OpenBSD? Because he tends to be unfriendly.
Re: Real men don't attack straw men
Um, OpenBSD is the only common OS that is actively against blobs. See http://www.openbsd.org/lyrics.html#39 We're on the same side here. That is good. (gNewSense and Ututo are also against blobs.) Sir, it was brought up that the [GNU/]linux distributions you do suggest do often include in their ports systems non-free software. See e.g. http://marc.info/?l=openbsd-misc&m=119726055819074&w=2 What do you say to that? Was that a lie or a mistake? What they have told me is that they do not. I will send mail to try to fetch the page at that URL and see what you are talking about.
Re: Real men don't attack straw men
OpenBSD is by far the most free OS in the landscape. Everything that ships with it is free or else it won't be distributed with it. Yes, that's what I was told. I was also told that OpenBSD's ports system includes non-free programs. Is that accurate too? There is not a single open source OS out there that is more careful than OpenBSD on licensing, copyrights and frivolous patents. Maybe that is true, but it's not the issue I'm talking about. I'm not a supporter of open source anyway; I fight for free software. Ututo and gNewSense have the policy not to include non-free programs, not even in a ports system. Thus, they don't do anything that contradicts the philosophy of free software. That's why I can recommend them. Unlinke linux OpenBSD does not contain proprietary firmware blobs in the distribution. Torvalds' version of Linux is not free software, for this reason. Ututo and gNewSense include a version of Linux which remove the firmware blobs, in order to make it free software.
Re: Real men don't attack straw men
Is the list at: http://www.gnu.org/links/links.html#FreeGNULinuxDistributions the list of operating systems that meet your criteria? It appears that gNewSense includes LAME in binary format, and BLAG "recommends" it at https://wiki.blagblagblag.org/Lame in much the same way OpenBSD does. ISTR LAME is free software, but I will double-check. In fact, BLAG suggests other unfree programs, such as unrar (https://wiki.blagblagblag.org/Unrar), even noting that the software is non-free. What is the license of Unrar? I will try to access that page, but I cannot access an https page except by asking someone to get it for me. I will see if it works with plain http:. I don't think anyone is particularly upset that OpenBSD isn't among the software you recommend, but to claim that OpenBSD includes "non-free" software in its ports collection (using your definition of "free") while claiming that gNewSense meets your criteria is disingenuous at best. At best, it's an accurate statement. At worst, the gNewSense developers made a mistake, and will correct it. My main basis for judging any distro is the policies it has adopted. Everyone makes mistakes, and well-intentioned people fix their mistakes. So if someone finds a non-free program in gNewSense, or in OpenBSD, in violation of the distro's policies, that's no disaster. I trust the developers will remove it once they find out. On the other hand, if a distro's policies say something is allowed, then it isn't a mistake, and I can't expect it to be fixed. That's what gives me stronger concern. The presence of non-free programs in the OpenBSD ports system is not a mistake, it's intentional.
Re: : rouge IPs / user
knitti wrote: On 12/11/07, Stuart Henderson <[EMAIL PROTECTED]> wrote: On 2007/12/11 09:40, Marti Martinez wrote: Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try enabling syn cookies. synproxy works at the start of the connection, not the end. CLOSE_WAIT is the state where the network stack waits for the application (httpd) to close the connection after receiving the client's FIN. oh sorry, then I was wrong. So when client's FIN is already in, then (depending on how long it takes), is it normal behaviour of httpd or could it be considered a bug? It's not a bug, but a feature I guess. It's useful for keep alive setup and can be adjusted in httpd as well, or being turn off is that really annoyed you. I am not recommending it however. PF can help in making sure the connections you pass to your httpd server are legitimate one (three way handshake) and then you can adjust the keep alive on the httpd to reduce it if you want, or turn it off may be in very bad cases. Even in very worst cases, you could adjust some of pf net.inet.tcp.xxx value to help, but I am not going there as in most cases, users will make it way worst then better. You have to have a very busy server(s) to start playing with these values for both/either pf and httpd keep alive. If it is just that it annoy you to see the CLOSE_WAIT in pf as an example, but that the httpd server is operating normally, then just let it be. There is also possibility to adjust PF to start limiting the states in it's table as you start running under very heavy load, but again, that's not for everyone. You can setup PF to expired states sooner then they would if you reach high limits, etc. But again, all this is for very heavy setup and servers. I could be wrong, but I don't think that's the issue in this case. In any case, in the interest to answer your question, you can always read on this a bit. Adaptive options and various timeout in PF combine with some changes in httpd.conf for keep alive will carry you a long way: http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+4.2 So, if you configure PF to use some of that, then change the httpd default for keep alive and reduce it if need be as well as making sysctl changes, you can make a system support a hell of a lots more traffic, but at the same time, you can shoot you in the foot pretty bad and making it way worst as well. So, unless you really have to and oyu truly understand each aspect of it, leaving it alone is best and simple PF configuration alone will carry you a very long way. There is a lots that can be done, however, when you reach this level, an answer doesn't fit all and is really dependent on your setup. Hope this help answering your question. Daniel
setxkbmap kills X
Hi, as you can read in the subject, running e.g. setxkbmap us will kill X totally. I don't see any core dumped or similar. What can be the problem? Here you are my dmesg (an "zzz" froze the laptop and I had to power it off) and xorg.conf But X crashed also when not using an xorg.conf (i.e., running it "on the fly) - OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1700MHz ("GenuineIntel" 686-class) 1.70 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 2146398208 (2046MB) avail mem = 2067853312 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/20/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version "1RETDIWW (3.14 )" date 01/20/2005 bios0: IBM 23739FU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82855PE Hub" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82855PE AGP" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M9 Lf" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11 cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11 em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03: irq 11, address 00:0d:60:89:7a:4d ath0 at pci2 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11 ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR1W, address 00:05:4e:42:ea:6b cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 "Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask effd netmask effd ttymask pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted auich0: measured ac97 link rate at 4
Re: Real men don't attack straw men
Hi About the ports tree, maybe you are right and OpenBSD should go kick out the possibly 50 ports that you have a problem with. Now, about BSD/GPL that's an other story. But that doesn't mean we can't learn from each other and help each other. I hope it has to do Richards efforts on the GNU/Linux side of the open-source world that even Ubuntu works on a completely free edition (Gobuntu) nowadays. OpenBSD "refuses to accept it's users being forced into depending on vendor binaries" and pushes people to "send a message that open support for hardware matters". Unix is becoming mainstream again. You should all work together at educating new people. Kind regards, Tom Richard Stallman wrote: It looks like some people are having a discussion in which they construct views they would find outrageous, attribute them to me, and then try to blame me for them. For such purposes, knowledge of my actual views might be superfluous, even inconvenient. However, if anyone wants to know what I do think, I've stated it in various articles in http://www.gnu.org/philosophy/. In particular, see http://www.gnu.org/philosophy/freedom-or-power.html. One question particularly relevant for this list is why I don't recommend OpenBSD. It is not about what the system allows. (Any general purpose system allows doing anything at all.) It is about what the system suggests to the user. Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others. Therefore, if a collection of software contains (or suggests installation of) some non-free program, I do not recommend it. The systems I recommend are therefore those that do not contain (or suggest installation of) non-free software. From what I have heard, OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public. I could recommend OpenBSD privately with a clear conscience to someone I know will not install those non-free programs, but it is rare that I am asked for such recommendations, and I know of no practical reason to prefer OpenBSD to gNewSense. The fact that OpenBSD is not a variant of GNU is not ethically important. If OpenBSD did not suggest non-free programs, I would recommend it along with the free GNU/Linux distros.
Re: Real men don't attack straw men
Sir, please check my inline comments. On 12/11/07, Richard Stallman <[EMAIL PROTECTED]> wrote: >Is the list at: >http://www.gnu.org/links/links.html#FreeGNULinuxDistributions >the list of operating systems that meet your criteria? It appears that >gNewSense includes LAME in binary format, and BLAG "recommends" it at >https://wiki.blagblagblag.org/Lame in much the same way OpenBSD does. > > ISTR LAME is free software, but I will double-check. > >In fact, BLAG suggests other unfree programs, such as unrar >(https://wiki.blagblagblag.org/Unrar), even noting that the software is >non-free. > > What is the license of Unrar? I will try to access that page, but I > cannot access an https page except by asking someone to get it for me. > I will see if it works with plain http:. > >I don't think anyone is particularly upset that OpenBSD isn't among the >software you recommend, but to claim that OpenBSD includes "non-free" >software in its ports collection (using your definition of "free") while >claiming that gNewSense meets your criteria is disingenuous at best. > > At best, it's an accurate statement. At worst, the gNewSense > developers made a mistake, and will correct it. > > My main basis for judging any distro is the policies it has adopted. I just can't follow this. Let's see what's written in the OpenBSD ports page (http://www.openbsd.org/ports.html): "Motivation OpenBSD is a fairly complete system of its own, but still there is a lot of software that one might want to see added. However, there is the problem of where to draw the line as to what to include, as well as the occasional licensing and export restriction problems. As OpenBSD is supposed to be a small stand-alone UNIX-like operating system, some things just can't be shipped with the system." So, an operating system can born "free" (free as in speech, in the GNU sense) and then, become "non-free" just because some users decided to create a way to ease installations of software that "just can't be shipped with the system"? Despite some OpenBSD kernel developers are also port mantainers, I'd believe that the vast majority of the latter don't do kernel programming, so IMO, they could be labeled as "users" (since they're working in user space). > > Everyone makes mistakes, and well-intentioned people fix their > mistakes. So if someone finds a non-free program in gNewSense, or in > OpenBSD, in violation of the distro's policies, that's no disaster. I > trust the developers will remove it once they find out. > Well, it seems that we have the following pattern: - gNewSense, if someone finds a non-free program in it, that's no disaster - anything else, if someone finds a non free program in it, that's surely a disaster Please, sir, clarify > On the other hand, if a distro's policies say something is allowed, > then it isn't a mistake, and I can't expect it to be fixed. That's > what gives me stronger concern. The presence of non-free programs > in the OpenBSD ports system is not a mistake, it's intentional. > As a last question. Will gNewSense become "non-free" if I start a "ports-like" software install package project for it? Thanks in advance.
Re: Real men don't attack straw men
Richard Stallman wrote: >... > On the other hand, if a distro's policies say something is allowed, > then it isn't a mistake, and I can't expect it to be fixed. That's > what gives me stronger concern. The presence of non-free programs > in the OpenBSD ports system is not a mistake, it's intentional. Partitioning the non-free material from the free material in the ports would be a first step. There are many who might choose to put their efforts into a free tool (or start one if it is missing) if the licensing categories were more apparent. -Lars
Re: no 4.2-stable package updates??
Marcos Laufer wrote: > My opinion is that more money should be raised in order to > keep -stable up to date. > I think it's important to mantain a stable distribution, it's one > of the things that give openbsd it's fame of being solid rock > > Marcos Seriously? More money? Like enough to woo someone from their job and keep stable packages up to date for you? I'm not sure you understand how this whole thing works. Also, may your payment be the first of the windfall, and your -stable package patches the catalyst for la revolucion. -- Jason
Re: Real men don't attack straw men
I have been reading this debate with interest, and am confused on one key point. RMS wrote: > Ututo and gNewSense have the policy not to include non-free programs, > not even in a ports system. According to http://www.gnewsense.org/Main/Features, "Universe enabled by default" Does selecting Ubuntu "Universe" category for packages include Main and Restricted? If so, Restricted is non-free software, per http://www.ubuntu.com/community/ubuntustory/components
Re: Real men don't attack straw men
El mar, 11-12-2007 a las 14:00 -0500, Richard Stallman escribiC3: > My main basis for judging any distro is the policies it has adopted. So a distro that comes (de-binaryzed) from ubuntu, that comes from debian that any of them allow you to install a (nvidia) blob or any of the non-free ports of openbsd, is more convenient that a system that fight over all, about the freedom of the users, developers and of the code. Please, dear rms, you can use any thing like opera on ututo or gnewsense, also you can taint the kernel, or browse in emacs for a flash web (the last is a fake, i think ;). > Everyone makes mistakes, and well-intentioned people fix their > mistakes. So if someone finds a non-free program in gNewSense, or in > OpenBSD, in violation of the distro's policies, that's no disaster. I > trust the developers will remove it once they find out. Pretty, even if they could develop something on the O.S. to avoid the use of blobs, firmwares, and non gpl'ed software by the users, it could be a killer Linux distribution. > On the other hand, if a distro's policies say something is allowed, > then it isn't a mistake, and I can't expect it to be fixed. That's > what gives me stronger concern. The presence of non-free programs > in the OpenBSD ports system is not a mistake, it's intentional. Yes, like all the really free developed drivers, like the fight for documentation of hardware, excellent code and better license, like the really hard decisions that OpenBSD has chose about software and licenses on his time line. It is intentional and appreciated :) But say that OpenBSD is not a "recomendable" distribution for people that wants freedom, is like say that it is insecure by default, and is better a popolulufufulunix that comes whit a firewall activated by default. Greetings, and have a nice day. IC1igo
Re: Real men don't attack straw men
Richard Stallman wrote: OpenBSD is by far the most free OS in the landscape. Everything that ships with it is free or else it won't be distributed with it. Yes, that's what I was told. I was also told that OpenBSD's ports system includes non-free programs. Is that accurate too? There is not a single open source OS out there that is more careful than OpenBSD on licensing, copyrights and frivolous patents. Maybe that is true, but it's not the issue I'm talking about. I'm not a supporter of open source anyway; I fight for free software. In that case, if you are really fighting for free software Richard, and I very much respect that, regardless of licenses, or ideology, or what not. I have only one request/question for you and I hope you will consider it fair and in the interest of "Free Software" for all as you clearly put it. Why not advocate and request also from the FSF and from the GPL developers as you are the main person in the GPL license to extend the same hand and "Free Software" as you fight for and when a BSD write a great piece of software and that anyone in GNU, FSF or using the GPL find it worth to use and import, why not request to keep it under the same license as it's origin instead of locking it in the GPL at import time and then lock out the original developers of the BSD side. All fight aside, I really do not think it is asking to much is it? This way, what was given as "Free Software" will stay as free software of all and not exclude a big part of them. If you just sit back and think about this and about your goal in life of "Free Software" I would think you would fine it fare would you? You don't bite the hand that feed you and as such, I would think working together in the interest of "Free Software" would benefit all and having you also request the same would just be fair and fantastic in the interest of "Free Software". Let a software be under it's license of choice by the author from it's birth to it's death. If a great GPL software is written and xBSD would love to use it, an in case of OpenBSD for example will have to re-write it under a BSD license if they want to have it in base and they will do so if worth the effort. However the GPL can just import it as is and as such the burning of the license choice is on the BSD side, not the GPL side. So, why not respect it and keep it as such and contribute back under the BSD, when the original BSD license software was taken. It's only fair and it is fully in the interest of "Free Software". It sure in that case anyway allow for more users to fully use that "Free Software" and if your goal as clearly stated here is that "Free Software" then doing so, would actually spread that "Free Software" even more. Just something to think about in this holiday season. It sure would make a wonderful gift of "Free Software" to all if you would see it as such and not deviate from your goal, but fighting for it even more and respecting other introductions of "Free Software" Please, think about it before you reply if you do. It's important and is fully in line with your life time fight and goal of "Free Software" Best regards, Daniel
Re: Real men don't attack straw men
Watching the latest flame war, I can't help thinking that as founders of their respective projects Theo and RMS are trapped in a jail of rigid consistency and absolutism demanded by children and utopians. Only at home, with the door locked, are they free to boot their home's sole computer, a Windows box, watch some Real Media streams and play a few Valve- controlled games. And late at night, when the ice weasels come, a hypnogogic fog provides cover for a last conscious thought: "I wish, I wish, I wish... *I* had written OS X." -- Monty Brandenberg
Re: aggregate-address in openbgpd
11.12.07, 20:43, Claudio Jeker ([EMAIL PROTECTED]): > On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote: > > How I can aggregate small prefixes, received from internal peers into > > big one in openbgpd ? Like cisco's 'aggregate-address' feature. > > I've search in documentation and source code, but found nothing about > > prefix aggregation. > > > bgpd does not support aggregation of addresses. After 4 years of bgpd your > the first to request this so don't expect that it changes soon. I don't think that I'm first person, who request such feature. http://archive.openbsd.nu/?ml=openbsd-misc&a=2006-03&m=1883090 "* Falk Brockerhoff [2006-03-29 12:38]: > I take a look on the documentation, searched the source-code for > anything spelled like aggregate or something like this, but I wasn't > lucky. The network-Statement isn't doing aggregating, is it? njet. we don't have any aggregate code, and you're the first one ever to ask :)"
Re: Real men don't attack straw men
On Dec 11, 2007 11:00 AM, Richard Stallman <[EMAIL PROTECTED]> wrote: > > My main basis for judging any distro is the policies it has adopted. > > Everyone makes mistakes, and well-intentioned people fix their > mistakes. So if someone finds a non-free program in gNewSense, or in > OpenBSD, in violation of the distro's policies, that's no disaster. I > trust the developers will remove it once they find out. just a layman here trying to make sense of it all. According to you, gNewSense, an ubuntu (debian) derivitave -- is free software. I use ubuntu on a laptop. According to gNewSense their policy supports use of the universe and main package repositories from ubuntu with the few mentioned changes. Apples to apples comparisons I say. I adjust my repositories in a repository browser and poke away. I find java, I find tools to work with many non-free pieces of software as well. So OpenBSD becomes non-free because we don't have a database column that labels stuff non-free, or a special folder for non-free packages?
Re: Real men don't attack straw men
Hi all, > OpenBSD "refuses to accept it's users being forced into depending on > vendor binaries" and pushes people to "send a message that open support > for hardware matters". Unix is becoming mainstream again. You should all > work together at educating new people. http://www.fsf.org/news/freebios.html And especially : -- The FSF uses laptops donated by IBM over the past few years. This was one among several ways IBM cooperated with the GNU Project. But the cooperation is incomplete: when I asked for the specifications necessary to make LinuxBIOS run on these laptops, IBM refusedbciting, as the reason, the enforcement of "trusted computing" http://www.gnu.org/philosophy/can-you-trust.html Treacherous computing is, itself, an attack on our freedom; it is also, it seems, a motivation to obstruct our freedom in other ways. -- You can also help our campaign by writing to manufacturers such as Intel, saying they ought to cooperate with a fully free BIOS. Calm but strong disapproval, coupled with stating an intention to take action accordingly, is more effective than venting rage. Please send a copy of your message to [EMAIL PROTECTED], so we can monitor the support for this campaign. The more mail they get, the more effect, so please do add your voice to ours. -- For me BIOS, is mostly software embedded so i have to live with that 'closed source bios' (at least on peecee's ) i think i don't have to accept closed binary blobs at higher level ... Now, please, can we together stop feeding that awful troll ?
Re: Real men don't attack straw men
mcb, inc. wrote: Watching the latest flame war, I can't help thinking that as founders of their respective projects Theo and RMS are trapped in a jail of rigid consistency and absolutism demanded by children and utopians. Well, yes and no. Theo's absolutism has kept OpenBSD pretty much the last blob-free OS in the Free Software world. RMS's absolutism has kept alive an ideal that launched the mainstream open source movement. So it's not non-functional. It's emotionally hard on the individuals concerned, and often emotionally hard on us who bask in the reflected glow of these geniuses :-). But it all seems to work out in practice. Has for a cuple of decades now, give or take a few years. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: aggregate-address in openbgpd
On Tue, Dec 11, 2007 at 10:44:38PM +0300, bitbucket wrote: > 11.12.07, 20:43, Claudio Jeker ([EMAIL PROTECTED]): > > > On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote: > > > How I can aggregate small prefixes, received from internal peers into > > > big one in openbgpd ? Like cisco's 'aggregate-address' feature. > > > I've search in documentation and source code, but found nothing about > > > prefix aggregation. > > > > > bgpd does not support aggregation of addresses. After 4 years of bgpd your > > the first to request this so don't expect that it changes soon. > I don't think that I'm first person, who request such feature. > > http://archive.openbsd.nu/?ml=openbsd-misc&a=2006-03&m=1883090 > > "* Falk Brockerhoff [2006-03-29 12:38]: > > I take a look on the documentation, searched the source-code for > > anything spelled like aggregate or something like this, but I wasn't > > lucky. The network-Statement isn't doing aggregating, is it? > > njet. we don't have any aggregate code, and you're the first one ever > to ask :)" > I'm sorry, you're the 2nd person to ask for aggregation in bgpd. I still think that more important things need to be done first especially since aggregation is considered evil. E.g. being able to anounce prefixes depening on some state would be more useful. -- :wq Claudio
Re: Real men don't attack straw men
Darrin Chandler wrote: > There seems to be a subtext in your message that one license is more > free than the other, and that the more free license is the GPL. This is > not true. I like both licenses and use software under both licenses. For software I write, I can easily see scenarios where I would use BSD, and others GPL. > Offering something to someone as "free" with one hand, while taking back > rights with the other is not free. BSD/MIT/ISC licenses retain a very > minimal set of rights to the original author(s), and give away > everything else. Whatever the merits of ISC v. GPL, there's really no > debate on which is more free. Debate is inevitable: freedom is difficult to define. An individual's concept of freedom depends on their priorities and ideals. There just isn't one license that can meet everyone's requirements, or agree with everyone's ideology. The real value in these discussions for me lies in exploring what freedoms each license protects, and how they enhance the public good. Even stepping on each other's toes is good in a way: it means free speech is happening. In the end, I see licenses as tools, not dogma. As such, I refuse to be converted to either side. I can't be more even-handed than that. -Ken
Re: Real men don't attack straw men
On Dec 11, 2007 2:55 PM, Josh Grosse <[EMAIL PROTECTED]> wrote: > I have been reading this debate with interest, and am confused on one key > point. > > RMS wrote: > > > Ututo and gNewSense have the policy not to include non-free programs, > > not even in a ports system. > > According to http://www.gnewsense.org/Main/Features, "Universe enabled > by default" > > Does selecting Ubuntu "Universe" category for packages include Main and > Restricted? If so, Restricted is non-free software, per > > http://www.ubuntu.com/community/ubuntustory/components Um, that first link says "Restricted removed". So presumably they mean gNewSense = Ubuntu.Universe - Ubuntu.Restricted -Nick
Re: Real men don't attack straw men
On Tue, Dec 11, 2007 at 02:41:27PM -0600, Ken Ismert wrote: > Darrin Chandler wrote: > > > Offering something to someone as "free" with one hand, while taking back > > rights with the other is not free. BSD/MIT/ISC licenses retain a very > > minimal set of rights to the original author(s), and give away > > everything else. Whatever the merits of ISC v. GPL, there's really no > > debate on which is more free. > > Debate is inevitable: freedom is difficult to define. An individual's > concept of freedom depends on their priorities and ideals. There just > isn't one license that can meet everyone's requirements, or agree with > everyone's ideology. No, I'm not talking about "what Freedom means to me." Freedom isn't difficult to define. Just look it up in a dictionary. BSD/MIT/ISC licenses are more Free than GPL. There's nothing to debate about that. It's just the way things are. > The real value in these discussions for me lies in exploring what freedoms > each license protects, and how they enhance the public good. Even stepping > on each other's toes is good in a way: it means free speech is happening. If you stop saying "free" and "freedoms" and find a more accurate word I think your meaning will come through better. > In the end, I see licenses as tools, not dogma. As such, I refuse to > be converted to either side. I can't be more even-handed than that. You are correct. They are tools, and should be used as such. After having discussions with some people I have seen them *correctly* pick GPL, since it has the effects they desire. And, I've also seen people pick a BSD license even though they are GNU/Linux users. Good, in both cases, since the license represented their views. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Real men don't attack straw men
On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote: > OpenBSD is by far the most free OS in the landscape. Everything that > ships with it is free or else it won't be distributed with it. > > Yes, that's what I was told. I was also told that OpenBSD's ports > system includes non-free programs. Is that accurate too? Strictly speaking, no. If you unpack ports.tar.gz you will find a bunch of makefiles, packing lists, & c., all of which are free. OpenBSD's ports system depends on programs in the base system which are free. On a modern UNIX-like operating system it possible, even easy, to use free tools like awk, make, perl, sh, and so on, directly or indirectly, to facilitate the installation and maintenance of (free and non-free) software. Your asking the question indicates that you might have done better to exclude OpenBSD from the scope of your remarks. When one does not know, the most appropriate statement is 'I don't know.' Loosely speaking, you can get away with saying pretty much anything that suits you at the time. Loosely speaking is the problem.
Re: Real men don't attack straw men
On Dec 11, 2007 3:21 PM, Karsten McMinn <[EMAIL PROTECTED]> wrote: > On Dec 11, 2007 11:00 AM, Richard Stallman <[EMAIL PROTECTED]> wrote: > > > > My main basis for judging any distro is the policies it has adopted. > > > > Everyone makes mistakes, and well-intentioned people fix their > > mistakes. So if someone finds a non-free program in gNewSense, or in > > OpenBSD, in violation of the distro's policies, that's no disaster. I > > trust the developers will remove it once they find out. > > So OpenBSD becomes non-free because we don't have a database column > that labels stuff non-free, or a special folder for non-free packages? It may be relevant to point out: http://marc.info/?l=openbsd-misc&m=119731456628749&w=2 > > Having a way to sift out the non-free stuff during a search of the ports > > tree would be useful. > > PERMIT_*=(not Yes) The infrastructure is all there, it's just not emphasized. -Nick
Re: Real men don't attack straw men
Richard Stallman wrote: It looks like some people are having a discussion in which they construct views they would find outrageous, attribute them to me, and then try to blame me for them. For such purposes, knowledge of my actual views might be superfluous, even inconvenient. However, if anyone wants to know what I do think, I've stated it in various articles in http://www.gnu.org/philosophy/. In particular, see http://www.gnu.org/philosophy/freedom-or-power.html. One question particularly relevant for this list is why I don't recommend OpenBSD. It is not about what the system allows. (Any general purpose system allows doing anything at all.) It is about what the system suggests to the user. Since I consider non-free software to be unethical and antisocial, I think it would be wrong for me to recommend it to others. Therefore, if a collection of software contains (or suggests installation of) some non-free program, I do not recommend it. The systems I recommend are therefore those that do not contain (or suggest installation of) non-free software. From what I have heard, OpenBSD does not contain non-free software (though I am not sure whether it contains any non-free firmware blobs). However, its ports system does suggest non-free programs, or at least so I was told when I looked for some BSD variant that I could recommend. I therefore exercise my freedom of speech by not including OpenBSD in the list of systems that I recommend to the public. I could recommend OpenBSD privately with a clear conscience to someone I know will not install those non-free programs, but it is rare that I am asked for such recommendations, and I know of no practical reason to prefer OpenBSD to gNewSense. The fact that OpenBSD is not a variant of GNU is not ethically important. If OpenBSD did not suggest non-free programs, I would recommend it along with the free GNU/Linux distros. You've got too much time on your hands.
Re: Real men don't attack straw men
On Dec 11, 2007 2:00 PM, Richard Stallman <[EMAIL PROTECTED]> wrote: > OpenBSD is by far the most free OS in the landscape. Everything that > ships with it is free or else it won't be distributed with it. > > Yes, that's what I was told. I was also told that OpenBSD's ports > system includes non-free programs. Is that accurate too? > > There is > not a single open source OS out there that is more careful than OpenBSD > on licensing, copyrights and frivolous patents. > > Maybe that is true, but it's not the issue I'm talking about. I'm not > a supporter of open source anyway; I fight for free software. > > Ututo and gNewSense have the policy not to include non-free programs, > not even in a ports system. Thus, they don't do anything that > contradicts the philosophy of free software. That's why I can > recommend them. > While I completely understand this point of view - and (more importantly) the motivation behind such decisions - what I am hearing from you is that an individual's (or project's) actions in fighting *against* proprietary and the closed-source mentality (whether it's a blob, no documentation, not considering NDA's etc..) is *less* important than whether or not users are allowed the *freedom* to add in software, that might possibly not follow these other goals.. This I simply don't understand. We are fighting for the same thing. And you cast the OpenBSD project out because there are users that invest the effort to provide other users ports that may or may not follow the *projects* goals and work? Mr. Stallman, it is with great respect that I say these things, as I believe your noble efforts in these areas are commendable and have had a great influence on our communities, but I do not understand the discrepancies here. > Unlinke linux OpenBSD does not contain proprietary firmware blobs in the > distribution. > > Torvalds' version of Linux is not free software, for this reason. > Ututo and gNewSense include a version of Linux which remove the > firmware blobs, in order to make it free software. > > that's awesome, can users add these back in if they choose? is your project worthless because of these users 'actions? kind regards, Jason
Re: Real men don't attack straw men
On Tuesday 11 December 2007 14:00:43 Richard Stallman wrote: > Why don't you ask Theo, whom you once praised, about OpenBSD? > > Because he tends to be unfriendly. Now *that* I find humorous. I find it Kafka-esque, your inability to reccomend OpenBSD because of some "unfree" items in the ports tree. Effectively you are taking away the right of people to choose the software they wish to use. Your definition of free is replete with chains; you would deny the freedom of choice in the name of freedom. That is bizarre. --STeve Andre'
Re: Real men don't attack straw men
> On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote: > > OpenBSD is by far the most free OS in the landscape. Everything that > > ships with it is free or else it won't be distributed with it. > > > > Yes, that's what I was told. I was also told that OpenBSD's ports > > system includes non-free programs. Is that accurate too? > > Strictly speaking, no. If you unpack ports.tar.gz > you will find a bunch of makefiles, packing lists, > & c., all of which are free. OpenBSD's ports system > depends on programs in the base system which are free. > On a modern UNIX-like operating system it possible, > even easy, to use free tools like awk, make, perl, > sh, and so on, directly or indirectly, to facilitate > the installation and maintenance of (free and non-free) > software. Your asking the question indicates that you > might have done better to exclude OpenBSD from the > scope of your remarks. When one does not know, the > most appropriate statement is 'I don't know.' > > Loosely speaking, you can get away with saying > pretty much anything that suits you at the time. > > Loosely speaking is the problem. William is right. The OpenBSD ports tree is just a scaffold, and that scaffold is 100% free. It contains no non-free parts. It contains URL's to non-free software, and free Makefiles that knows how to build that non-free software. But the entire ports tree has no non-free software in it at all. Does that make it non-free? Are all operating systems non-free then, because they can be used to write free Makefiles which compile non-free software? Richard -- you spoke out of line. You are wrong.
Re: Real men don't attack straw men
I'm a very happy user of both OpenBSD and GNU/Linux systems, but what I don't get is, how is limiting a users choice in what he/she runs on his/her system more free than one that doesn't? Absolute freedom is to be able to do whatever the hell you want to with no limitations placed on you whatsoever. By this definition, public domain is the only truly free "license". I understand and appreciate the "freedom" that is defined by both the BSD and GPL licenses; that of ensuring the authors continual right of ownership. However, in terms of true freedom, both have limitations in place. Not that I disagree with the limitations they have, in fact I support them both as the current systems in place require the need to protect your original copyright. It's Utopian for me to think this, but in an ideal setting, there would be no need for any licesnes and everything would be available in the public domain. But since we are arguing about which license ensures more freedom, I think they both fall short of what it actually means to be free.
Re: Real men don't attack straw men
Darrin Chandler wrote: > ... BSD/MIT/ISC licenses are more Free than GPL. There's nothing > to debate about that. It's just the way things are ... I don't doubt your claims one iota. But in saying that, don't believe you have convinced me that the other side somehow has less valid claims. And yes, that's inconsistent. Maybe it's because of growing older, world-weariness, or just plain mental inferiority, but I have come to a place where I realize I hold some inconsistent and contradictory views, and I've found that I'm OK with that. In this case, it's just pragmatic: I want both licenses, and argument seems pointless. -Ken
Re: Real men don't attack straw men
Richard Stallman wrote: OpenBSD is by far the most free OS in the landscape. Everything that ships with it is free or else it won't be distributed with it. Yes, that's what I was told. I was also told that OpenBSD's ports system includes non-free programs. Is that accurate too? There is not a single open source OS out there that is more careful than OpenBSD on licensing, copyrights and frivolous patents. Maybe that is true, but it's not the issue I'm talking about. I'm not a supporter of open source anyway; I fight for free software. Ututo and gNewSense have the policy not to include non-free programs, not even in a ports system. Thus, they don't do anything that contradicts the philosophy of free software. That's why I can recommend them. Unlinke linux OpenBSD does not contain proprietary firmware blobs in the distribution. Torvalds' version of Linux is not free software, for this reason. Ututo and gNewSense include a version of Linux which remove the firmware blobs, in order to make it free software. Where's the freedom in not being able to use (under your definition of non-free software) non-free or otherwise "restricted" software? Freedom is about being free to make your own choice, no matter what the content of that choice is. Even if that choice inhibits freedom. Glenn
Re: Real men don't attack straw men
Richard Stallman wrote: ISTR LAME is free software, but I will double-check. The source code of LAME is licensed under the LGPL; however, the mp3 format itself is patented and restricted. Further reading: http://www.mp3-tech.org/patents.html http://www.mp3licensing.com/help/developers.html In short, the patents don't affect what you can do with the source code, they affect what you can do with the program after you compile it. So, you can modify, compile and distribute the program all you want, but if you actually execute the program you need a patent license. I suppose that could be considered Free Software, with a very narrow definition of Free. What is the license of Unrar? I will try to access that page, but I cannot access an https page except by asking someone to get it for me. I will see if it works with plain http:. Unfortuately, several of the sites linked from the FSF page require viewing using their self-signed SSL cert for some reason. From license.txt in the unrar source archive: - The UnRAR sources may be used in any software to handle RAR archives without limitations free of charge, but cannot be used to re-create the RAR compression algorithm, which is proprietary. - That seems to run completely counter to the ideals of the GPL, but I suppose you're the expert. On the other hand, if a distro's policies say something is allowed, then it isn't a mistake, and I can't expect it to be fixed. That's what gives me stronger concern. The presence of non-free programs in the OpenBSD ports system is not a mistake, it's intentional. I'm not sure I see how this is an issue. With gNewSense, I can point to the Debian/Ubuntu repositories and install unfree software binaries. With OpenBSD, to run unfree software I need to check out the Ports tree, find the package I want to run, compile it, and install it. (Note the distinction between Ports, which contains all the third-party software, and Packages, which contains only Free software.) So, it would seem that (barring human error) the primary philosophical difference between the packaging systems of OpenBSD and gNewSense is that gNewSense tries to prevent you from seeing any packages they consider non-Free, while OpenBSD directly provides only Free software (Packages) but gives the user a choice of installing any software (Ports). So, from my point of view, OpenBSD provides the user with more freedom by not imposing artificial restrictions. After all, this removes "the overhead of considering who owns the system software and what one is or is not entitled to do with it"[1]. Do you disagree? [1] http://www.gnu.org/gnu/manifesto.html, "Why All Computer Users Will Benefit"
Re: Real men don't attack straw men
Richard Stallman wrote: Why don't you ask Theo, whom you once praised, about OpenBSD? Because he tends to be unfriendly. Interestingly enough, if you specified that as the reason you recommend against using OpenBSD, this thread would have been a lot shorter. Somehow I think Theo is more interested in writing code and changing the world than making friends. Personally, I think he's made the right choice.
Re: HUAWEI not recognized properly (3 modem)
On 11.12-16:11, Stuart Henderson wrote: > On 2007/12/11 16:13, Markus Bergkvist wrote: > > I borrowed a HUAWEI modem just to see how it is recognized. > > With umass enabled it is recognized as a CD. Disabling umass and it is > > found as ugen. > > From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 I > > figured it should have been recognized as ubsa. Any suggestions? > > I was wrong with ubsa, it looks like it should actually be umsm, > but the device needs poking with a USB command before it switches > off the umass-based Windows driver CD, and turns on the other > interfaces (the AT-compatible modem-like interface, and the > control interface). > > I'm not aware of it being supported yet. with my version of this device it *appears* to timeout to the modem interface if it is inserted during boot. i won't go into the reasons as to why i believe that, suffice to say they're thin in evidence but it'd suggest you try forcing a rescan of the device after a couple of minutes (assuming the umass interface hasn't been tickled, activating it).
Re: : rouge IPs / user
On 12/11/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: [... snipped away a lot ...] > There is a lots that can be done, however, when you reach this level, an > answer doesn't fit all and is really dependent on your setup. > > Hope this help answering your question. It's not me having the problem, but I desire to understand it. AFAIK HTTP keep alives have nothing to do with it. If the socket is in CLOSE_WAIT, the TCP connection can't be reused, the server has sent its FIN and the client its FIN/ACK, but the server doesn't have yet sent its final ACK. I can imagine some possibilites why this happens (some might not be valid due to my lack of knowledge): - the server didn't clean up its socket, so it stays there until the process dies eventually - the server does this to keep its socket (that I don't know: can a socket be reused on any state?) btw: I might be going off topic here, but I think it applies to OpenBSDs httpd. I won't sent any further mail to this thread you tell me to shut up. --knitti
Re: setxkbmap kills X
Try this ln -s /etc/X11/xkb /usr/X11R6/lib/X11/xkb Pau Amaro-Seoane wrote: Hi, as you can read in the subject, running e.g. setxkbmap us will kill X totally. I don't see any core dumped or similar. What can be the problem? Here you are my dmesg (an "zzz" froze the laptop and I had to power it off) and xorg.conf But X crashed also when not using an xorg.conf (i.e., running it "on the fly) - OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1700MHz ("GenuineIntel" 686-class) 1.70 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 2146398208 (2046MB) avail mem = 2067853312 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/20/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version "1RETDIWW (3.14 )" date 01/20/2005 bios0: IBM 23739FU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82855PE Hub" rev 0x03 ppb0 at pci0 dev 1 function 0 "Intel 82855PE AGP" rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M9 Lf" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11 cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11 em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03: irq 11, address 00:0d:60:89:7a:4d ath0 at pci2 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11 ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR1W, address 00:05:4e:42:ea:6b cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 "Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt2 at isa0 port 0x3bc/4: polled aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask effd netmask effd ttymask pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a swap on wd0b dump on
Re: : rouge IPs / user
knitti wrote: On 12/11/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: [... snipped away a lot ...] There is a lots that can be done, however, when you reach this level, an answer doesn't fit all and is really dependent on your setup. Hope this help answering your question. It's not me having the problem, but I desire to understand it. AFAIK I understand that, but you did asked a valid question on the state of the socket connection and I tried to answer that. If wasn't directed to the previous guy that can't search on Google and asked advise but refuse very valid answer. Sorry if you fell I confuse the two, but I didn't. May not have been obvious in my writing however. HTTP keep alives have nothing to do with it. If the socket is in CLOSE_WAIT, the TCP connection can't be reused, the server has sent its FIN and the client its FIN/ACK, but the server doesn't have yet sent its final ACK. Well actually it does under normal operation. See, if you get a connection from a user and have keep alive setup. The socket will stay open to speed up the next request from the same users without having to establish a new connection, reusing the same socket for speed, but at the same time keeping that socket open and not ready to close yet for the next users. So, you see, if you have longer keep alive setup in httpd, you will reach the CLOSE_WAIT later on instead of sooner if you have shorter keep alive setup. See what I explain, may be not as well as I would like is the impact of PF and httpd together as well as the net.inet.tcp.xxx in sysctl setup. They all interact together in some ways and as such I also said it wasn't something to take isolated of one an other. Just as an example. If you put keep alive to 2 minutes instead of 15 seconds default as an example, you will use much more sockets and you will end up running out of socket possibly, all depend on traffic obviously. Now if keep alive from httpd is the only responsible party for having socket in CLOSE_WAIT, no it is not. But it does play a role in there as well into making more or less of them available. What's important here is that the maximum number of TCP/IP sockets in the CLOSE_WAIT state can not exceed the maximum number allowed TCP/IP sockets from the Web server or in here the httpd. netstat -an can show you the state of the various sockets, or more limited display netstat -an | grep WAIT I can imagine some possibilites why this happens (some might not be valid due to my lack of knowledge): - the server didn't clean up its socket, so it stays there until the process dies eventually It will clean it up eventually, or may be force with some directive in httpd about the usage, I can't recall right this instant and I would need to look. I may confuse two things as well here, but it might be possible to do it. Not sure. I wonder if the net.inet.tcp.keepidle, or something similar wouldn't actually affect it here. I would think so, but I could be wrong. I think the CLOSE_WAIT state and time is a function of the OS stack, not the application itself, in this case httpd. I could be wrong here and I would love for someone to correct that for me if I do not understand that properly. But my understanding is this is control by the OS, not the application itself, other then the keep alive obviously in this case. - the server does this to keep its socket (that I don't know: can a socket be reused on any state?) No, it can't. See above. You are limited by the MaxSpareServers directive in httpd anyway as far as the www is concern here. You sure can increase that from the maximum default of 256 if you recompile it and changed it in the include file, but again, should only be done on very busy servers. btw: I might be going off topic here, but I think it applies to OpenBSDs httpd. I won't sent any further mail to this thread you tell me to shut up. I didn't do such thing. The original poster however should/may take the advice, or drop it. (;> I actually find it interesting, not the original subject, but where it was/is going. Daniel
Re: Real men don't attack straw men
On Tue, Dec 11, 2007 at 01:49:19PM -0700, Jack J. Woehr wrote: > mcb, inc. wrote: > >Watching the latest flame war, I can't help thinking that as > >founders of their respective projects Theo and RMS are trapped > >in a jail of rigid consistency and absolutism demanded by > >children and utopians. > Well, yes and no. > > Theo's absolutism has kept OpenBSD pretty much the last > blob-free OS in the Free Software world. > > RMS's absolutism has kept alive an ideal that launched > the mainstream open source movement. his absolutism also causes people to see BSD as a "problem", a "social failure". > So it's not non-functional. It's emotionally hard on the > individuals concerned, and often emotionally hard on > us who bask in the reflected glow of these geniuses :-). > But it all seems to work out in practice. Has for a cuple > of decades now, give or take a few years. recently we saw theft of BSD to GPL, and a large part of the GPL community thinks there's no problem with that, that the BSD community is being "petty" to make an issue out of it. and all stallman says about it is basically, "I am not familiar with the situation, leave me alone." I would like to see more cooperation between the free software developers. but IMO, stallman is the one being far more unfriendly and uncooperative. of course stallman is not directly responsible for the actions of the GPL community. but his opinions do wield power. didn't this whole thread start because of his opinions and recommendations? now stallman won't talk to theo, because theo is unabashed in stating his opinions? just look at the thread. between theo and stallman, who posted the most words, and who gave less misinformation/slant? in much fewer words: the gutless politician attempted to use his influence to snub and smear his opponent. when fallacies in his campaign were brought to light, he accused his opponent of being unfriendly. -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Real men don't attack straw men
> I think it would be wrong for me to recommend it to others. Therefore, > if a collection of software contains (or suggests installation of) > some non-free program, I do not recommend it. The systems I recommend > are therefore those that do not contain (or suggest installation of) > non-free software. Therefore, you don't recommend linux. Oh wait ... I don't recommend Torvalds' version of Linux. The versions of Linux in Ututo and gNewSense, which I recommend, do not have the blobs. > However, its ports > system does suggest non-free programs, No it doesn't "suggest" non-free programs in any way; it just makes it possible and easy to install them. Including a program by name in the ports system does suggest using that program. It grants the program a sort of legitimacy, and that is what I am opposed to. You may have a different interpretation of these facts. That's my interpretation of them.
Re: Real men don't attack straw men
On Tue, Dec 11, 2007 at 04:49:34PM -0500, STeve Andre' wrote: > On Tuesday 11 December 2007 14:00:43 Richard Stallman wrote: > > Why don't you ask Theo, whom you once praised, about OpenBSD? > > > > Because he tends to be unfriendly. > > Now *that* I find humorous. > > I find it Kafka-esque, your inability to reccomend OpenBSD because > of some "unfree" items in the ports tree. Effectively you are taking > away the right of people to choose the software they wish to use. It is me, who finds it humurous that you consider a recommendation as taking away the right of people choosing the software they wish to use. If I recommend you not to jump into a well, am I taking your liberty to jump into it? It would be quite funny to see how bits & bytes, my only interaction with you, could ever prevent you from a refreshing bath :) > Your definition of free is replete with chains; you would deny the > freedom of choice in the name of freedom. That is bizarre... Rui -- All Hail Discordia! Today is Setting Orange, the 53rd day of The Aftermath in the YOLD 3173 + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Gandhi + So let's do it...?
Re: Real men don't attack straw men
Jacob Meuser wrote: his absolutism also causes people to see BSD as a "problem", a "social failure". In everything, there is light and dark, interwoven :-) recently we saw theft of BSD to GPL, and a large part of the GPL community thinks there's no problem with that, that the BSD community is being "petty" to make an issue out of it. Well, sue 'em, if it's so. But no point in sulking. Like the ENTIRE PROGRAMMING COMMUNITY, we're a bunch of cantankerous, contentious, contumacious perfectionists. Stallman and Theo especially. And you, too. And me. -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Real men don't attack straw men
> > On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote: > > > OpenBSD is by far the most free OS in the landscape. Everything that > > > ships with it is free or else it won't be distributed with it. > > > > > > Yes, that's what I was told. I was also told that OpenBSD's ports > > > system includes non-free programs. Is that accurate too? > William Boshuck wrote: > > Strictly speaking, no. If you unpack ports.tar.gz > > you will find a bunch of makefiles, packing lists, > > & c., all of which are free. OpenBSD's ports system > > depends on programs in the base system which are free. > > On a modern UNIX-like operating system it possible, > > even easy, to use free tools like awk, make, perl, > > sh, and so on, directly or indirectly, to facilitate > > the installation and maintenance of (free and non-free) > > software. On 11/12/2007, Theo de Raadt <[EMAIL PROTECTED]> wrote: > William is right. > > The OpenBSD ports tree is just a scaffold, and that scaffold is 100% > free. It contains no non-free parts. > > It contains URL's to non-free software, and free Makefiles that > knows how to build that non-free software. But the entire ports > tree has no non-free software in it at all. > > Does that make it non-free? I would like to ask Richard a question. It may seem off-topic, but it isn't: Do you believe that The Pirate Bay is guilty of copyright infringement? In case you're not familiar, The Pirate Bay ( http://thepiratebay.org/ , http://en.wikipedia.org/wiki/The_Pirate_Bay ) is a Swedish website that offers users the opportunity to upload metadata files that contain information about where and how data files can be downloaded. It also allows users to download the metadata files that users have uploaded. Some users (possibly even a large number) use this service to upload metadata files that contain info that can be used to obtain copyrighted material, possibly without the copyright holder's permission. This is IMHO very similar to the way the OpenBSD ports system is related to unfree software: - The unfree software is not hosted by OpenBSD. The ports tree effectively only contains metadata. - The individual ports in the ports system are maintained by (advanced) OpenBSD users. The inclusion of a port that users chose to submit and maintain does not imply an endorsement of the (possibly unfree) software that can be installed using the port metadata. - The use of the ports system is officially *discouraged* for average users. Average Joes are encouraged to *not* use ports but use OpenBSD _packages_ instead, which are precompiled binaries which are hosted by OpenBSD. ( See "IMPORTANT NOTE" here: http://www.openbsd.org/faq/faq15.html#Ports ) There are no unfree packages. See for yourself: (caution: very long page and long load) http://www.openbsd.org/4.2_packages/i386.html - Unlike the Pirate Bay, the OpenBSD ports system does itself distinguish between free and unfree content. See this comment by Nick Guenther: > It may be relevant to point out: > http://marc.info/?l=openbsd-misc&m=119731456628749&w=2 > > Having a way to sift out the non-free stuff during a search of the ports > > tree would be useful. > > PERMIT_*=(not Yes) In addition, it is *considerably harder* to install unfree software on OpenBSD than on gNewSense. This eg. is what installing Skype entails: http://permalink.gmane.org/gmane.os.bsd.india/352 On gNewSense, it is *much* easier to install Skype. Just add an unfree repository to /etc/apt/sources.list and type a one-line command to install. I don't know for sure, but I suspect that gNewSense will not warn a user who does that that they are installing unfree software, so why expect more from OpenBSD? Richard, I you wrote: > If OpenBSD did not suggest non-free programs, I would > recommend it along with the free GNU/Linux distros. I suspect that your skepticism of OpenBSD stems from yourself being unfamiliar with the OpenBSD packages and ports system and not aware that the OpenBSD project does not in fact host unfree packages (and that ports for unfree programs such as users have submitted only contain metadata). In summary, I strongly feel that OpenBSD in fact does *not* suggest non-free programs. Despite the heated and sometimes personal nature of this thread, I think the honorable thing to do would be to be the bigger man and acknowledge the misunderstandings and make good on your offer to recommend OpenBSD. Thanks and regards, --ropers
Re: Real men don't attack straw men
On Dec 11, 2007, at 6:56 PM, Richard Stallman wrote: Including a program by name in the ports system does suggest using that program. It grants the program a sort of legitimacy, and that is what I am opposed to. Where is your line in the sand? When does an operating system become free by your interpretation? When non-free ports frameworks are hosted outside the official OpenBSD cvs repository? On a server not owned by the OpenBSD project? What if I want to host it on my own server, but I also happen to be an OpenBSD developer? When does the disassociation satisfy your unpublished requirements? Your interpretation is vague and self-serving. --- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: : rouge IPs / user
On 12/12/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote: > knitti wrote: > > HTTP keep alives have nothing to do with it. If the socket is in > > CLOSE_WAIT, the TCP connection can't be reused, the server > > has sent its FIN and the client its FIN/ACK, but the server doesn't > > have yet sent its final ACK. > > Well actually it does under normal operation. See, if you get a > connection from a user and have keep alive setup. The socket will stay > open to speed up the next request from the same users without having to > establish a new connection, reusing the same socket for speed, but at > the same time keeping that socket open and not ready to close yet for > the next users. So, you see, if you have longer keep alive setup in > httpd, you will reach the CLOSE_WAIT later on instead of sooner if you > have shorter keep alive setup. See what I explain, may be not as well as > I would like is the impact of PF and httpd together as well as the > net.inet.tcp.xxx in sysctl setup. They all interact together in some > ways and as such I also said it wasn't something to take isolated of one > an other. [...] > I think the CLOSE_WAIT state and time is a function of the OS stack, not > the application itself, in this case httpd. I could be wrong here and I > would love for someone to correct that for me if I do not understand > that properly. But my understanding is this is control by the OS, not > the application itself, other then the keep alive obviously in this case. > you tell me that there is some correlation between HTTP keep alives and a socket ending up in CLOSE_WAIT for some time. That is the practical observation. But I'm interested in whether this is by design or not. RFC 2616 doesn't mention implementation details, and I can't see why the socket implementation (OS) would want to keep a socket in CLOSE_WAIT for some time (not sending a final ACK). > > btw: I might be going off topic here, but I think it applies to > > OpenBSDs httpd. I won't sent any further mail to this thread > > you tell me to shut up. > > I didn't do such thing. The original poster however should/may take the > advice, or drop it. (;> sorry for the confusion, I forgot to write an "if" after "thread" --knitti
Re: : rouge IPs / user
knitti wrote: you tell me that there is some correlation between HTTP keep alives and a socket ending up in CLOSE_WAIT for some time. That is the practical observation. But I'm interested in whether this is by design or not. RFC 2616 doesn't mention implementation details, and I can't see why the socket implementation (OS) would want to keep a socket in CLOSE_WAIT for some time (not sending a final ACK). No. I am saying that there is a direct relation between the socket not being available to reach that state and the value assigned to keep alive making it take more time to reach the CLOSE_WAIT state and as such reducing the number of sockets you can use and as a side effect of this, limiting the number of users httpd can handle. As to the second part of that question, meaning "after it reach the CLOSE_WAIT", how long it stay in it? I think, and that's where my knowledge and understanding is lacking some, that it is at that point an OS part and as such may be able to be adjusted by some OS variable, not applications one at that time. See, the difference is creation, usage and destruction of sockets are an application function, but all the signaling of it and handling of it is an OS function. At a minimum, that's how I understand it and as such when you reach the CLOSE_WAIT state, that's not under the application layer control anymore, but the OS and as such can be helped by OS changes. I may be wrong here and if so, I would love for someone to correct that for me, but that's how I understand it. The creation, usage and closing of the socket itself is application related, but the signaling, etc is a function of the TCP/IP stack under the OS control, and this 'CLOSE_WAIT' state is in the TCP/IP stack control and as such not an application issue, but an OS control factor that may be helped some and only if needed under heavy traffic as other wise the default as good as is. I hope this makes it more clear, for my own understanding, or lack there of, of it anyway. May be I make a foul of myself here (wouldn't be the first time and I only learn by extending myself out and learn from my mistakes), but that what I understand is, thinking about it now. So, that's why I pointed the three parts that would/could help in this case. Best, Daniel