Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

[S. Scott Sima, CISA, CISM]

The anchors are in the running rule set, per the man and faq examples,
right in the nat/rdr top-of-the-rule-set section, just not shown in the
(snip) included in the post. If they weren't there the "user proxy"
version of snip wouldn't be working.

Thanks for the link, it *may* be relevant; however, the fact that [pass
quick] "user proxy" works and [pass quick] "tagged " does not -- in
an otherwise IDENTICAL rule set -- suggests that order (placement with
regard to anchors) is NOT a factor (in my case).

If the anchor's "quick" was in play, then -I would think that- the "user
proxy" version rule would never be a positive factor AND the [pass
quick] "tagged  version would NOT be failing on the final BLOCK ALL
rule. The anchor-quick would have already happened. 

Additionally, the "pfctl -vvvs rules" counters are ZERO for the "tagged
" version and otherwise correct and incrementing for "user proxy"
version.


-Original Message-
From: Camiel Dobbelaar <[EMAIL PROTECTED]>
To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]>
Cc: misc@openbsd.org
Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Date: Tue, 11 Dec 2007 07:31:01 +0100
Mailer: Thunderbird 2.0.0.9 (Windows/20071031)

I don't see the anchors, you need those with tagging too.  Other then
that, it may still not work as expected, see:
http://marc.info/?l=openbsd-misc&m=119729395125104&w=2



_
The information contained in this email and attachments, in whole or in part,
termed "COVERED INFORMATION," is for the exclusive use of the adB-dressee and 
contains confidential information requested and/or transmitted with an 
expectation of privacy and confidentiality. If the recipient of COVERED 
INFORMATION
is not the addressee, such recipient is strictly prohibited from any use in any 
way 
including but not limited to reading, copying, distribution or retention. 
Please notify
sender by reply of the error and destroy all instances of the COVERED 
INFORMATION
in your possession or control.

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

[scott]

The anchors are in the running rule set, per the man and faq examples,
right in the nat/rdr top-of-the-rule-set section, just not shown in the
(snip) included in the post. If they weren't there the "user proxy"
version of snip wouldn't be working.

Thanks for the link, it *may* be relevant; however, the fact that [pass
quick] "user proxy" works and [pass quick] "tagged " does not -- in
an otherwise IDENTICAL rule set -- suggests that order (placement with
regard to anchors) is NOT a factor (in my case).

If the anchor's "quick" was in play, then -I would think that- the "user
proxy" version rule would never be a positive factor AND the [pass
quick] "tagged  version would NOT be failing on the final BLOCK ALL
rule. The anchor-quick would have already happened. 

Additionally, the "pfctl -vvvs rules" counters are ZERO for the "tagged
" version and otherwise correct and incrementing for "user proxy"
version.


-Original Message-
From: Camiel Dobbelaar <[EMAIL PROTECTED]>
To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]>
Cc: misc@openbsd.org
Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Date: Tue, 11 Dec 2007 07:31:01 +0100
Mailer: Thunderbird 2.0.0.9 (Windows/20071031)

I don't see the anchors, you need those with tagging too.  Other then
that, it may still not work as expected, see:
http://marc.info/?l=openbsd-misc&m=119729395125104&w=2

Re: Real men don't attack straw men

[Ray Percival]

On Dec 10, 2007, at 12:26 PM, Martin Schrvder wrote:


2007/12/10, Richard Stallman <[EMAIL PROTECTED]>:

From what I have heard, OpenBSD does not contain non-free software
(though I am not sure whether it contains any non-free firmware
blobs).  However, its ports system does suggest non-free programs, or
at least so I was told when I looked for some BSD variant that I
could
recommend.


Richard, do you still remember the 2004 FSF awards?
http://www.fsf.org/news/fsaward2004.html
"Theo's leadership of OpenBSD, his selfless commitment to Free
Software ..."
Why don't you ask Theo, whom you once praised, about OpenBSD?


Simply put in the years since then he's become much more shrill and
intolerant. Perceived success is, IMO, going to the collective head
of the FSF.

Re: : rouge IPs / user

[Raimo Niskanen]

On Tue, Dec 11, 2007 at 01:15:11AM +1300, Joel Wiramu Pauling wrote:
> Tip.
> 
> Don't allow password challenge. Problem solved. Just use key'd ssh and this
> problem disappears.
> 

Bin there, done that.

You answered the wrong question.

I want to know if and what I can do (on the server side) about HTTP
clients that put sockets on my httpd server in state CLOSE_WAIT and
thereby chew up all sockets for the server causing a kind of
denial of service state.

And yes, I have googled for "HPPT server socket CLOSE_WAIT" and
did not get much wiser.



> 
> On 11/12/2007, Raimo Niskanen <[EMAIL PROTECTED]> wrote:
> >
> > I have a related problem, but I am not sure if the source
> > IPs are nasty computers or just...
> >
> > # lsof -ni:www
> > shows me lots of connections hanging in state CLOSE_WAIT
> > from some hosts (often in China). These used to eat all
> > sockets for httpd. Now I have a max-src-conn limit so
> > it is not a real problem any more.
> >
> > I now also log hosts that succedes in getting many
> > sockets in CLOSE_WAIT, and they are still there.
> >
> > What do the gurus say? What can I do about these hosts?
> >
> >
> >
> > On Fri, Dec 07, 2007 at 09:51:52AM -0800, badeguruji wrote:
> > > I am getting constant hacking attempt into my computer
> > > from following IPs. Although, I have configured my ssh
> > > config and tcp-wrappers to deny such attempts. But I
> > > wish some expert soul in this community 'fix' this
> > > rouge hacker for ever, for everyones good.
> > >
> > > This hacker could be spoofing the IPs, but i have only
> > > the IPs in my message logs(and a url)...
> > >
> > > 218.6.16.30
> > > 195.187.33.66
> > > 202.29.21.6
> > > 60.28.201.57
> > > 218.24.162.85
> > > wpc4643.amenworld.com
> > > 202.22.251.23
> > > 219.143.232.131
> > > 220.227.218.21
> > > 124.30.42.36
> > >
> > > -for community.
> > >
> > > -BG
> > >
> > > 
> > > ~~Kalyan-mastu~~
> >
> > --
> >
> > / Raimo Niskanen, Erlang/OTP, Ericsson AB

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Can I specify the bios time offset utc?

[Antoine Jacoutot]

On Tue, 11 Dec 2007, Dongsheng Song wrote:

OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the
bios time zone?


http://www.openbsd.org/faq/faq8.html#TimeZone

--
Antoine

Re: Default Route Issues

[Stuart Henderson]

On 2007/12/10 19:58, Bret wrote:
> The default route needs to be thru the wireless card and works fine untill I 
> add an IP for the wired lan vr() or I add it to the
> bridge: up ral0
>   up ral1 -- works great (and yes the up)
>
> but as soon as I add the vr0 the default route goes to the wired lan vr0.

It sounds like you're using the same subnet on two network interfaces.
That won't work. Either use different subnets, or use trunk.

If that's not what you're trying to do, post the output from
"netstat -rnfinet" and "ifconfig -A" so we can see how things are
configured.

Re: Real men don't attack straw men

[Marc Espie]

On Mon, Dec 10, 2007 at 11:27:08PM -0500, Jason Dixon wrote:

> Nobody is criticizing RMS over his opinion.  They are criticizing him  
> for ignorance and misrepresentation of the facts regarding OpenBSD.

Actually, no, I am criticizing RMS over his opinion.

He's supposed to have dedicated his life to such matters as free software.

His arguments towards not recommnending OpenBSD are just a front. They
sound logical, but he could interpret and present things differently.

The real reason he doesn't recommend OpenBSD is because OpenBSD represents
a viable alternative to his political views, and a very loud counter-voice
to the `GPL world'.

I've thought some more about it, and I cannot find any charitable 
interpretation of Stallman's words.

You've got a choice of:
1/ complete idiot
2/ senile old fool disconnected from reality
3/ dangerous political activist with a hidden agenda

HELP! boot hangs at "setting tty flags"

[Rob Lytle]

Here is the background:

(yesterday)
I decided to CVSUP this morning and compiled the kernel.  Unlike
yesterday, the boot hung right after the filesystem mounts/checks.  I
thought maybe I had better be in sync with Userland, but make build
did nothing to rectify the situation.
I was very careful in making new /dev's, and also merging /etc/   So I
am at a total loss.  The computer requires a hard
reboot so I can't generate any output to look at.
However,  I can boot into single user mode.

(yesterday)
A temporary hack:

I changed the following in /etc/rc:

echo 'setting tty flags'
#ttyflags -a

Previously it wasn't commented out.  Now who knows what can of worms
this hack will open up.

(today)
And it did.  KDE locks up so that a hard reboot is necessary.  So much for
fooling with rc scripts.

Thanks a lot.  I know there is not much to go on with the hard reboots being
necessary.

Sincerely,  Rob.

-- 
"Emancipate yourself from mental slavery, none but ourselves can free
our minds"  Bob Marley, Redemption Song

Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working

[scott]

Not sure what you're "answer" is.  Yes, tag/tagged is off-tilt and being
worked.  No, everything with ftp-proxy is fine, it's pilot error in the
rule set. Or little from "A" and little from "B."

Shouldn't ftp-proxy set both its control and data channel needs
correctly via its anchors. Else-wise if it needs me to do something for
it, then isn't tag/tagged the clean why to effect manual rule entries?
If so, then why no hits.  Which brings us back to doh.

/S

-Original Message-
From: Camiel Dobbelaar <[EMAIL PROTECTED]>
To: S. Scott Sima, CISA, CISM <[EMAIL PROTECTED]>
Subject: Re: openbsd 4.2 + ftp-proxy -T + pf +tag/tagged not working
Date: Tue, 11 Dec 2007 10:23:59 +0100
Mailer: Thunderbird 2.0.0.9 (Windows/20071031)

The "user proxy" rule should not be hit either, for FTP data connections...

Only the FTP control (port 21) connections will be "owned" by user proxy.

You always need a rule to allow the proxy to connect out on port 21.

GENERIC kernel compile fails at pcidevs_data.h

[Rob Lytle]

I cvsup'd this morning.  Now I can't compile any kernels.  They all
hang at or near pcidevs_data.h

Rob

-- 
"Emancipate yourself from mental slavery, none but ourselves can free
our minds"  Bob Marley, Redemption Song

Re: Real men don't attack straw men

[Edd Barrett]

On 11/12/2007, Marc Espie <[EMAIL PROTECTED]> wrote:
> You've got a choice of:
> 1/ complete idiot
> 2/ senile old fool disconnected from reality
> 3/ dangerous political activist with a hidden agenda
>


Also I like the way he posts and disappears.

Re: GENERIC kernel compile fails at pcidevs_data.h

[Andreas Kahari]

This was fixed a bit later. Just update from CVS again...

Regards,
Andreas

On 11/12/2007, Rob Lytle <[EMAIL PROTECTED]> wrote:
> I cvsup'd this morning.  Now I can't compile any kernels.  They all
> hang at or near pcidevs_data.h
>
> Rob
>
> --
> "Emancipate yourself from mental slavery, none but ourselves can free
> our minds"  Bob Marley, Redemption Song
>
>


-- 
Andreas Kahari
Somewhere in the general Cambridge area, UK

Re: Real men don't attack straw men

[Lars Noodén]

Marc Espie wrote:
> ...
> You've got a choice of:

Or

4) not up on the OpenBSD projects goals and current licensing requirements


Some of that is probably due to the low profile of OpenBSD (low-profile
is good, though) and the yammering of the FreeBSD crowd (which both
includes a lot of MSFTers, and takes it upon itself to represent all *BSD).

I realize it's good fun in Redmond to poke at RMS, however, that will
not inform the public about the advantages of OpenBSD.  The only purpose
there is to make everyone look bad.

Articles and other means of providing information about OpenBSD will
increase knowledge of OpenBSD.

Regards,
-Lars

Re: : rouge IPs / user

[knitti]

On 12/11/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote:
> I want to know if and what I can do (on the server side) about HTTP
> clients that put sockets on my httpd server in state CLOSE_WAIT and
> thereby chew up all sockets for the server causing a kind of
> denial of service state.
>
> And yes, I have googled for "HPPT server socket CLOSE_WAIT" and
> did not get much wiser.

If I understand correctly you could try synproxy states with pf and let these
states expire rapidly. If the states expire, I *think* pf should end the
connection completely, so your half-closed sockets don't get stale.
BUT perhaps I didn't get it at all and this makles no sense ;)

--knitti

Re: Real men don't attack straw men

[Martin Schröder]

2007/12/11, Lars Noodin <[EMAIL PROTECTED]>:
> 4) not up on the OpenBSD projects goals and current licensing requirements

You mean not interested. He got to meet Theo personally, so he could
easily stay informed -- if he wanted too.

Best
   Martin

Re: Azalia driver doen't playback 22050 rate

[Diego Fernando Nieto Moreno]

Thanks for All!

I'll be working in the source code of fxtv too. I'll wish that it record audio 
in (48000Khz)

> hmm, I will take a look at what's going on with fxtv.

> [EMAIL PROTECTED]
> SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Real men don't attack straw men

[Ray Percival]

On Dec 11, 2007, at 4:43 AM, Lars Noodin wrote:


Marc Espie wrote:

...
You've got a choice of:


Or

4) not up on the OpenBSD projects goals and current licensing
requirements


Some of that is probably due to the low profile of OpenBSD (low-
profile
is good, though) and the yammering of the FreeBSD crowd (which both
includes a lot of MSFTers, and takes it upon itself to represent
all *BSD).

I realize it's good fun in Redmond to poke at RMS, however, that will
not inform the public about the advantages of OpenBSD.  The only
purpose
there is to make everyone look bad.

Articles and other means of providing information about OpenBSD will
increase knowledge of OpenBSD.


So a high profile public figure talking out of his ass and
representing things he's not informed about as facts as opposed to
asking questions to get informed is better ... how? That's what we
would expect from a political activist not an engineer.

Re: Real men don't attack straw men

[Peter N. M. Hansteen]

Lars NoodC)n <[EMAIL PROTECTED]> writes:

> Articles and other means of providing information about OpenBSD will
> increase knowledge of OpenBSD.

Yes.  I was pretty determined to stay out of this thread entirely, but
I think you touch on an important point here.  Like most people who
have been in the field for a while I have a lot of respect for
Richard's efforts, but whether he recommends using OpenBSD or not or
whether he is acting on incorrect information about what ships with
the system is in fact not that interesting.  Richard is entitled to
his opinions, and if his opinion of what 'free' means is different
from a some other group's, that's something I for one can live with.

What /is/ interesting, in my view, is the fact that OpenBSD is where
some of the best technology available today, certainly when it comes
to networking, is developed.  And there's more to come.

Using OpenBSD we build the systems we need, and they work a helluva
lot better than most of the other stuff out there.  OpenBSD is free
and lets us create reliable, high performance, low maintenance
networks and services, Stuff That Just Works.  In fact it's so good it
makes you *want* to contribute back.  That's what I want to emphasize.

- P
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Real men don't attack straw men

[Jan Stary]

> In particular, see http://www.gnu.org/philosophy/freedom-or-power.html.

yeah, right.

> Since I consider non-free software to be unethical and antisocial,

LOL

> I think it would be wrong for me to recommend it to others.  Therefore,
> if a collection of software contains (or suggests installation of)
> some non-free program, I do not recommend it.  The systems I recommend
> are therefore those that do not contain (or suggest installation of)
> non-free software.

Therefore, you don't recommend linux. Oh wait ...

> From what I have heard,

(and carefully checked on the project's official
website to make sure I don't spread bullshit),

> OpenBSD does not contain non-free software (though I am not sure
> whether it contains any non-free firmware blobs).

Unlike linux, it does not.

> However, its ports
> system does suggest non-free programs,

No it doesn't "suggest" non-free programs in any way;
it just makes it possible and easy to install them.
As you well know.

> or > at least so I was told when I looked for some BSD variant that I could
> recommend.

Hm, you was told. Now one paragraph above you was told
the opposite. Does that confuse you?

> I therefore exercise my freedom of speech by not including
> OpenBSD in the list of systems that I recommend to the public.

Good for you! Your freedom of speech was once again in jeopardy,
perhaps forcing you to include OpenBSD in the list of "software
recommended by RMS." But it's over now, don't worry. Write a book
about it instead.

> The fact that OpenBSD is not a variant of GNU is not ethically
> important.  If OpenBSD did not suggest non-free programs, I would
> recommend it along with the free GNU/Linux distros.

As not being recommended byt RMS basically means an EOL
of any sytem, I will deinstall tonight to be on the safe side.

(I think I can guess a line or two of the 4.3 song)

Jan

BIND and the measure of system entropy (randomness?)

[mufurcz]

Greetings,

A disk in one of the old firewalls (not exactly critical) failed 
(running OpenBSD 2.9!), and I urgently
need a DNS server to work.  Replaced the disk and installed 4.2.  
Starting `named -g`  (listing below),

produces a few surprising messages, like:

a) line 3:  BIND trying to load the configuration from /etc an not from 
/var/named/etc (my understanding
was that the default -c option looks for the named.config in 
/var/named/etc an not in /etc);


b) lines 34 and 35:  `could not open entropy source /dev/arandom: file 
not found` and `using pre-chroot
entropy source /dev/arandom` complaining about a missing 
/var/named/dev/arandom device.


What BIND has to do with the laws of thermo-dynamics?  Can I safely 
ignore the above messages.

BTW, I am NOT a BIND expert!

Regards,

Ioan 
--

# named -g
Starting privilege seperation
12-Dec-2007 10:51:30.646 starting BIND 9.3.4 -g
12-Dec-2007 10:51:30.657 loading configuration from '/etc/named.conf'
12-Dec-2007 10:51:30.659 listening on IPv6 interfaces, port 53
Binding privsep
[priv]: msg PRIV_BIND received
Binding privsep
[priv]: msg PRIV_BIND received
12-Dec-2007 10:51:30.663 listening on IPv4 interface lo0, 127.0.0.1#53
Binding privsep
[priv]: msg PRIV_BIND received
Binding privsep
[priv]: msg PRIV_BIND received
12-Dec-2007 10:51:30.666 listening on IPv4 interface fxp0, 192.168.1.199#53
Binding privsep
[priv]: msg PRIV_BIND received
Binding privsep
[priv]: msg PRIV_BIND received
12-Dec-2007 10:51:30.668 listening on IPv4 interface xl0, 192.168.2.199#53
Binding privsep
[priv]: msg PRIV_BIND received
Binding privsep
[priv]: msg PRIV_BIND received
12-Dec-2007 10:51:30.670 listening on IPv4 interface xl1, 192.168.3.199#53
Binding privsep
[priv]: msg PRIV_BIND received
Binding privsep
[priv]: msg PRIV_BIND received
Binding locally
Binding locally
Binding privsep
[priv]: msg PRIV_BIND received
12-Dec-2007 10:51:30.682 command channel listening on 127.0.0.1#953
12-Dec-2007 10:51:30.683 could not open entropy source /dev/arandom: 
file not found

12-Dec-2007 10:51:30.683 using pre-chroot entropy source /dev/arandom
12-Dec-2007 10:51:30.683 ignoring config file logging statement due to 
-g option

12-Dec-2007 10:51:30.686 zone 0.in-addr.arpa/IN: loaded serial 2007121001
12-Dec-2007 10:51:30.690 zone 0.0.127.in-addr.arpa/IN: loaded serial 
2007121001

12-Dec-2007 10:51:30.693 zone 255.in-addr.arpa/IN: loaded serial 2007121001
12-Dec-2007 10:51:30.696 zone com.trans.in-addr.arpa/IN: loaded serial 
2007121001

12-Dec-2007 10:51:30.700 zone trans.com./IN: loaded serial 2007121001
12-Dec-2007 10:51:30.702 zone localhost/IN: loaded serial 2007121001
12-Dec-2007 10:51:30.704 running

Re: BIND and the measure of system entropy (randomness?)

[Alexander Hall]

Hi,

mufurcz wrote:

Greetings,

A disk in one of the old firewalls (not exactly critical) failed 
(running OpenBSD 2.9!), and I urgently
need a DNS server to work.  Replaced the disk and installed 4.2.  
Starting `named -g`  (listing below),

produces a few surprising messages, like:

a) line 3:  BIND trying to load the configuration from /etc an not from 
/var/named/etc (my understanding
was that the default -c option looks for the named.config in 
/var/named/etc an not in /etc);


This is because named is chrooted by default.

b) lines 34 and 35:  `could not open entropy source /dev/arandom: file 
not found` and `using pre-chroot
entropy source /dev/arandom` complaining about a missing 
/var/named/dev/arandom device.


I think this has to do with the chroot as well. I get this too, and no 
harm seems to be done.


/Alexander

Re: HELP! boot hangs at "setting tty flags"- solved

[Rob Lytle]

I found a reference to commenting out tty03 in /etc/ttys.   The
machine now boots.   Why?  I have no idea.

Rob.

-- 
"Emancipate yourself from mental slavery, none but ourselves can free
our minds"  Bob Marley, Redemption Song

no 4.2-stable package updates??

[Jonathan Thornburg]

As a matter of policy, are -stable packages updated for security fixes?

I know that used to be the case, but as of today (40 days after 4.2 was
released), there are *no* 4.2-stable package updates shown at
http://www.openbsd.org/pkg-stable.html.  In contrast, there are 183
4.1-stable updates shown (accumulated over the roughly 7 months from
4.1-release to now), and 249 4.0-stable updates shown (presumably
accumulated over the year from 4.0-release to the end of 4.0-stable
updates when 4.2 was released), and my memory of past releases (going
back some years) is of a similar steady trickle of -stable package
updates (often described as security fixes).

So, am I just "lucky" that no bugs-important-enough-for-stable-updates
have been found in any 4.2 packages yet?  Is there somewere other than
http://www.openbsd.org/pkg-stable.html that I should be watching if I
want to keep -stable packages up to date with security fixes?

ciao,

-- 
-- Jonathan Thornburg (remove -animal to reply) <[EMAIL PROTECTED]>
   School of Mathematics, U of Southampton, England
   "Washing one's hands of the conflict between the powerful and the
powerless means to side with the powerful, not to be neutral."
  -- quote by Freire / poster by Oxfam

Re: Default Route Issues

[Bret]

Greets

OK here is the update:

Internet
 I
OpenBSD 4.2 (1) --- wired LAN
  I
wireless card - 10.60.128.1
  I
  I
(the following is the problem box)
  I
wireless card ral0 - 10.60.128.2
  I
OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1
  I
wireless card ral1 - 10.60.129.1

I am pulling this info off another server/router that I have at home so 
the vr0 interface is replaced with the em0

First ifconfig -A,  netstat -rnfinet without the wired lan (em0) enabled.

*ifconfig -A*

lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536



*netstat -rnfinet*

Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  
Interface
default10.60.128.1UGS 3   89  -   ral0
10.60.128/18   link#1 UC  10  -   ral0
10.60.128.100:08:a1:ad:0a:46  UHLc18  -   ral0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

at this time I can ping the OpenBSD (1) server fine everything works,
I now enable em0 and reboot to get the following, ( I do not have 
routed_flags="-q" enabled but I get the same results if I do have it 
enabled.

*ifconfig -A

*lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8843 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536

*netstat -rnfinet

*Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  
Interface
default10.60.128.1UGS 00  -   ral0
10.60.128/18   link#4 UC  10  -   em0
10.60.128.1link#4 UHLc2   13  -   em0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

As you can see I now have a fubared routing table. I can no longer ping 
OpenBSD (1), I have tried to do a route flush and manual route add but 
it always comes back to this.




Stuart Henderson wrote:

>On 2007/12/10 19:58, Bret wrote:
>  
>
>>The default route needs to be thru the wireless card and works fine untill I 
>>add an IP for the wired lan vr() or I add it to the
>>bridge: up ral0
>>  up ral1 -- works great (and yes the up)
>>
>>but as soon as I add the vr0 the default route goes to the wired lan vr0.
>>
>>

Re: Default Route Issues

[Bret]

Greets

OK here is the update:

Internet
 I
OpenBSD 4.2 (1) --- wired LAN
  I
wireless card - 10.60.128.1
  I
  I
(the following is the problem box)
  I
wireless card ral0 - 10.60.128.2
  I
OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1
  I
wireless card ral1 - 10.60.129.1

I am pulling this info off another server/router that I have at home so 
the vr0 interface is replaced with the em0

First ifconfig -A,  netstat -rnfinet without the wired lan (em0) enabled.

*ifconfig -A*

lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536



*netstat -rnfinet*

Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  
Interface
default10.60.128.1UGS 3   89  -   ral0
10.60.128/18   link#1 UC  10  -   ral0
10.60.128.100:08:a1:ad:0a:46  UHLc18  -   ral0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

at this time I can ping the OpenBSD (1) server fine everything works,
I now enable em0 and reboot to get the following, ( I do not have 
routed_flags="-q" enabled but I get the same results if I do have it 
enabled.

*ifconfig -A

*lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8843 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536

*netstat -rnfinet

*Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu  
Interface
default10.60.128.1UGS 00  -   ral0
10.60.128/18   link#4 UC  10  -   em0
10.60.128.1link#4 UHLc2   13  -   em0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

As you can see I now have a fubared routing table. I can no longer ping 
OpenBSD (1), I have tried to do a route flush and manual route add but 
it always comes back to this.

Bret

Stuart Henderson wrote:

>On 2007/12/10 19:58, Bret wrote:
>  
>
>>The default route needs to be thru the wireless card and works fine untill I 
>>add an IP for the wired lan vr() or I add it to the
>>bridge: up ral0
>>  up ral1 -- works great (and yes the up)
>>
>>but as soon as I add the vr0 the default route goes to the wired lan vr0.
>>

Re: no 4.2-stable package updates??

[Antoine Jacoutot]

On Tue, 11 Dec 2007, Jonathan Thornburg wrote:

So, am I just "lucky" that no bugs-important-enough-for-stable-updates
have been found in any 4.2 packages yet?  Is there somewere other than
http://www.openbsd.org/pkg-stable.html that I should be watching if I
want to keep -stable packages up to date with security fixes?


There're no -stable packages anymore.
Lack of interest/man power.

--
Antoine

Re: BIND and the measure of system entropy (randomness?)

[Andreas Maus]

On Wed, Dec 12, 2007 at 01:08:42AM +1100, mufurcz wrote:
Hi.

>  Greetings,
> 
>  A disk in one of the old firewalls (not exactly critical) failed (running 
>  OpenBSD 2.9!), and I urgently
>  need a DNS server to work.  Replaced the disk and installed 4.2.  Starting 
>  `named -g`  (listing below),
>  produces a few surprising messages, like:
> 
>  a) line 3:  BIND trying to load the configuration from /etc an not from 
>  /var/named/etc (my understanding
>  was that the default -c option looks for the named.config in /var/named/etc 
>  an not in /etc);
AFAIK the originale,unmodified bind from OpenBSD runs in a chroot()ed 
environment
under /var/named. So its root is really at /. So if it says it reads from 
/etc/named.conf
it _REALLY_ reads from /var/named/etc/named.conf because of the chroot.

>  b) lines 34 and 35:  `could not open entropy source /dev/arandom: file not 
>  found` and `using pre-chroot
>  entropy source /dev/arandom` complaining about a missing 
>  /var/named/dev/arandom device.
Same as above. /dev/arandom is _REALLY_ /var/named/dev/arandom.
So just why not creating this device?
cd /var/named/dev
mknod arandom c 45 4

>  What BIND has to do with the laws of thermo-dynamics?  Can I safely ignore 
>  the above messages.
BIND needs /dev/arandom for some stuff like generating random IDs.

>  BTW, I am NOT a BIND expert!
Neither do I ;)

Oh and don't forget the chroot() thingy mentioned above.
If you write to logfiles etc. they will get written
to /var/named/var/log/... !

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

HUAWEI not recognized properly (3 modem)

[Markus Bergkvist]

I borrowed a HUAWEI modem just to see how it is recognized.
With umass enabled it is recognized as a CD. Disabling umass and it is 
found as ugen.
From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 
I figured it should have been recognized as ubsa. Any suggestions?


dmesg with umass disabled and output from 'usbdevs -v' below.

/Markus

OpenBSD 4.2-current (GENERIC) #571: Mon Nov 26 07:12:53 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) III Mobile CPU 1000MHz ("GenuineIntel" 
686-class) 1 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 267808768 (255MB)
avail mem = 251047936 (239MB)
User Kernel Config
UKC> disable umass
348 umass* disabled
UKC> quit
Continuing...
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/03, BIOS32 rev. 0 @ 0xf, 
SMBIOS rev. 2.3 @ 0xfc087 (37 entries)

bios0: vendor Compaq version "686DF v2.49" date 12/31/2003
bios0: Compaq Evo N600c
apm0 at bios0: Power Management spec V1.2 (BIOS managing devices)
apm0: battery life expectancy 0%
apm0: AC on, battery charge high
pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0a00/272 (15 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5280/272 (15 entries)
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801CAM LPC" rev 0x00)
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xf000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82830MP CPU-I/O-1" rev 0x04
agp0 at pchb0: can't find internal VGA device config space
ppb0 at pci0 dev 1 function 0 "Intel 82830MP CPU-AGP" rev 0x04
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M6 LY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801CA/CAM USB" rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801CA/CAM USB" rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801CA/CAM USB" rev 0x02: irq 11
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x42
pci2 at ppb1 bus 2
cbb0 at pci2 dev 3 function 0 "TI PCI1420 CardBus" rev 0x00: irq 11
cbb1 at pci2 dev 3 function 1 "TI PCI1420 CardBus" rev 0x00: irq 11
"AT&T/Lucent LTMODEM" rev 0x02 at pci2 dev 4 function 0 not configured
fxp0 at pci2 dev 8 function 0 "Intel PRO/100 VM" rev 0x42, i82562: irq 
11, address 00:02:a5:b8:71:b5

inphy0 at fxp0 phy 1: i82562EM 10/100 PHY, rev. 0
esa0 at pci2 dev 9 function 0 "ESS ES1989" rev 0x12: irq 11
ac97: codec id 0x45838308 (ESS Technology ES1921)
ac97: codec features 20 bit DAC, 20 bit ADC, ESS Technology
audio0 at esa0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 4 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801CAM LPC" rev 0x02: 24-bit 
timer at 3579545Hz: SpeedStep
pciide0 at pci0 dev 31 function 1 "Intel 82801CAM IDE" rev 0x02: DMA, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 
5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci2: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ef4d netmask ef4d ttymask ffcf
mtrr: Pentium Pro MTRR support
ugen0 at uhub1 port 1 "HUAWEI Technologies HUAWEI Mobile" rev 1.10/0.00 
addr 2

softraid0 at root
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b


$ usbdevs -v
Controller /dev/usb0:
addr 1: full speed, self powered, config 1, UHCI root hub(0x), 
Intel(0x8086), rev 1.00
 port 1 addr 2: full speed, power 500 mA, config 1, HUAWEI 
Mobile(0x1003), HUAWEI Technologies(0x12d1), rev 0.00

 port 2 powe

Re: no 4.2-stable package updates??

[Martin Schröder]

2007/12/11, Antoine Jacoutot <[EMAIL PROTECTED]>:
> There're no -stable packages anymore.

Get -stable ports fixed?

Best
   Martin

Re: Azalia driver locks up computer Sony SZ460N

[Rob Lytle]

Gqmeg works so its either XMMS or the way XMMS controls the driver.  I
will recompile XMMS.

-- 
"Emancipate yourself from mental slavery, none but ourselves can free
our minds"  Bob Marley, Redemption Song

Re: HUAWEI not recognized properly (3 modem)

[[EMAIL PROTECTED]@mgedv.net]

- Original Message - 
From: "Markus Bergkvist" <[EMAIL PROTECTED]>




I borrowed a HUAWEI modem just to see how it is recognized.
With umass enabled it is recognized as a CD. Disabling umass and it is 
found as ugen.
From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 
I figured it should have been recognized as ubsa. Any suggestions?


the modem you have (vendor id 0x1003) should be an E220 HSDPA modem.
exactly the same device i tried to "run" last week on freebsd, where
i got the same trouble as you.

the problem is, that the device when plugged in, initially reports
itself as a mass-storage device which will cause a cd-rom to be
found.

as far as i could figure out in tests (and some others pointed me in
the right direction of course), the device needs some proper "message"
to be transferred to switch from mass-storage mode into the modem mode.

currently, there is a thread on the freebsd lists with the subject
"huawei e220 hsdpa on freebsd 6.3-BETA2" regarding this.
have a look on it, it'll help you out maybe...

i'm currently testing the c-code which is provided there (i'm not
a guru) but the first one does not look that bad (there are some
errors and problems which i do not really have the time right now
to look into).

sorry, can't tell anything better right now on this,
cheers ;)

Azalia driver locks up computer Sony SZ460N

[Rob Lytle]

Here is the dmesg.  Note that I have #define AZALIA_DEBUG but there
are no debug messages.

OpenBSD 4.2-current (ROBKERN3) #0: Mon Dec 10 21:56:24 PST 2007
root@:/usr/src/sys/arch/i386/compile/ROBKERN3
cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz ("GenuineIntel" 686-class) 2.01 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 2145415168 (2046MB)
avail mem = 2067009536 (1971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/12/07, BIOS32 rev. 0 @
0xfdbd0, SMBIOS rev. 2.4 @ 0xdc010 (19 entries)
bios0: vendor Phoenix Technologies LTD version "R0112N0" date 04/12/2007
bios0: Sony Corporation VGN-SZ460N
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC HPET MCFG TCPA SLIC APIC BOOT SSDT SSDT
SSDT SSDT SSDT
acpi0: wakeup devices PWRB(S4) S1F0(S4) S1F1(S4) S1F2(S4) S1F3(S4)
S1F4(S4) S1F5(S4) S1F6(S4) S1F7(S4) TLAN(S3) DLAN(S3) USB1(S3)
USB2(S3) USB3(S3) USB4(S3) USB7(S3) SLT0(S4) EC0_(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEGP)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 6 (RP02)
acpiprt4 at acpi0: bus 7 (RP03)
acpiprt5 at acpi0: bus 8 (RP04)
acpiprt6 at acpi0: bus 9 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C2
acpitz0 at acpi0: critical temperature 99 degC
acpitz1 at acpi0: critical temperature 100 degC
acpitz2 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibat0 at acpi0: BAT1 type LION oem "Sony Corp."
acpiac0 at acpi0: AC unit online
acpidock at acpi0 not configured
bios0: ROM list: 0xc/0xf000 0xdc000/0x4000! 0xe/0x1c00!
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x060b0c2206000c22
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 2000 MHz (1244 mV): speeds: 2000, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
agp0 at pchb0: no integrated graphics
ppb0 at pci0 dev 1 function 0 "Intel 82945GM PCIE" rev 0x03: irq 5
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "NVIDIA", unknown product 0x01d8 rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 10
azalia0: codec[s]: Sigmatel 83847661, Conexant/0x2bfa, using Sigmatel 83847661
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: irq 5
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: irq 10
pci3 at ppb2 bus 6
wpi0 at pci3 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02:
irq 10, MoW1, address 00:19:d2:31:93:15
ppb3 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: irq 10
pci4 at ppb3 bus 7
mskc0 at pci4 dev 0 function 0 "Marvell Yukon 88E8036" rev 0x16,
Yukon-2 FE (0x1): irq 10
msk0 at mskc0 port A: address 00:13:a9:90:7c:69
eephy0 at msk0 phy 0: Marvell 88E3082 10/100 PHY, rev. 3
ppb4 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: irq 10
pci5 at ppb4 bus 8
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 10
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 10
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 10
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 10
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci6 at ppb5 bus 9
cbb0 at pci6 dev 4 function 0 "TI PCIXX12 CardBus" rev 0x00 (chipflags
2): intrpin A, intrtag 255
: couldn't map interrupt
"TI PCIXX12 FireWire" rev 0x00 at pci6 dev 4 function 1 not configured
"TI PCIXX12 Multimedia Card Reader" rev 0x00 at pci6 dev 4 function 2
not configured
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: polling
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity P

Re: Default Route Issues

[Stuart Henderson]

On 2007/12/11 08:40, Bret wrote:
> OK here is the update:

> ral0: flags=8843 mtu 1500
> ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid 
> inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
> ral1: flags=8843 mtu 1500
> ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid 
> inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
> em0: flags=8843 mtu 1500
> media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
> inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255

As I suspected, these are all in the same network.

$ ipcalc 10.60.130.1/0xc000
address   : 10.60.130.1 
netmask   : 255.255.192.0   (0xc000)
network   : 10.60.128.0 /18
broadcast : 10.60.191.255   
host min  : 10.60.128.1 
host max  : 10.60.191.254   
hosts/net : 16382

Your chosen netmask makes the first 18 bits of the IP address be
the network address, so 10.60.128 [...] 10.60.191 are all in the
same network. This part of the address should be different between
interfaces.

Re: no 4.2-stable package updates??

[Antoine Jacoutot]

On Tue, 11 Dec 2007, Martin Schrvder wrote:
> Get -stable ports fixed?

Lack of interest/man power.

-- 
Antoine

Re: Default Route Issues

[Insan Praja SW]

On Tue, 11 Dec 2007 22:40:06 +0700, Bret <[EMAIL PROTECTED]> wrote:


Greets

OK here is the update:

Internet
 I
OpenBSD 4.2 (1) --- wired LAN
  I
wireless card - 10.60.128.1
  I
  I
(the following is the problem box)
  I
wireless card ral0 - 10.60.128.2
  I
OpenBSD 4.2 (2) wired LAN em0 - 10.60.130.1
  I
wireless card ral1 - 10.60.129.1

I am pulling this info off another server/router that I have at home so
the vr0 interface is replaced with the em0

First ifconfig -A,  netstat -rnfinet without the wired lan (em0) enabled.

*ifconfig -A*

lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (DS1 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536



*netstat -rnfinet*

Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu
Interface
default10.60.128.1UGS 3   89  -
ral0
10.60.128/18   link#1 UC  10  -
ral0
10.60.128.100:08:a1:ad:0a:46  UHLc18  -
ral0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

at this time I can ping the OpenBSD (1) server fine everything works,
I now enable em0 and reboot to get the following, ( I do not have
routed_flags="-q" enabled but I get the same results if I do have it
enabled.

*ifconfig -A

*lo0: flags=8049 mtu 33224
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
ral0: flags=8843 mtu 1500
lladdr 00:08:a1:ad:0a:32
groups: wlan egress
media: IEEE802.11 OFDM54 mode 11g (OFDM36 mode 11g)
status: active
ieee80211: nwid tri-statebroadband.com_2 chan 3 bssid
00:08:a1:ad:0a:46 50dB 100dBm
inet 10.60.128.2 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:fead:a32%ral0 prefixlen 64 scopeid 0x1
ral1: flags=8843 mtu 1500
lladdr 00:08:a1:b5:64:e2
groups: wlan
media: IEEE802.11 OFDM54 mode 11g hostap (autoselect mode 11g hostap)
status: active
ieee80211: nwid tri-statebroadband.com_2_1 chan 1 bssid
00:08:a1:b5:64:e2 100dBm
inet 10.60.129.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::208:a1ff:feb5:64e2%ral1 prefixlen 64 scopeid 0x2
fxp0: flags=8802 mtu 1500
lladdr 00:e0:81:65:f2:4d
media: Ethernet autoselect (none)
status: no carrier
em0: flags=8843 mtu 1500
lladdr 00:e0:81:65:f2:4c
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 10.60.130.1 netmask 0xc000 broadcast 10.60.191.255
inet6 fe80::2e0:81ff:fe65:f24c%em0 prefixlen 64 scopeid 0x4
pflog0: flags=0<> mtu 33224
enc0: flags=0<> mtu 1536

*netstat -rnfinet

*Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu
Interface
default10.60.128.1UGS 00  -
ral0
10.60.128/18   link#4 UC  10  -   em0
10.60.128.1link#4 UHLc2   13  -   em0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  10  33224   lo0
224/4  127.0.0.1  URS 00  33224   lo0

As you can see I now have a fubared routing table. I can no longer ping
OpenBSD (1), I have tried to do a route flush and manual route add but
it always comes back to this.

Bret

Stuart Henderson wrote:


On 2007/12/10 19:58, Bret wrote:



The default route needs to be thru the wireless card and works fine
untill I
add an IP for the wired lan vr() or I add it to the
bridge: up ral0
 up ral1 -- works great (and yes the up)

but as soon as I add the vr0 the default route g

Re: HUAWEI not recognized properly (3 modem)

[Stuart Henderson]

Re: Can I specify the bios time offset utc?

[Nick Guenther]

On Dec 11, 2007 12:58 AM, Dongsheng Song <[EMAIL PROTECTED]> wrote:
>
> 2007/12/11, Darren Spruell <[EMAIL PROTECTED]>:
>
> > On Dec 10, 2007 9:58 PM, Dongsheng Song <[EMAIL PROTECTED]> wrote:
> > > OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the
> > > bios time zone?
> >
> > http://marc.info/?l=openbsd-misc&m=111956694726618&w=2
> >

> Thanks, but I can NOT open the page, could you excerpt for me ?

Really? What's wrong? Are you in China?

-Nick

Re: Can I specify the bios time offset utc?

[Nick Guenther]

On Dec 11, 2007 11:26 AM, Nick Guenther <[EMAIL PROTECTED]> wrote:
> On Dec 11, 2007 12:58 AM, Dongsheng Song <[EMAIL PROTECTED]> wrote:
> >
> > 2007/12/11, Darren Spruell <[EMAIL PROTECTED]>:
> >
> > > On Dec 10, 2007 9:58 PM, Dongsheng Song <[EMAIL PROTECTED]> wrote:
> > > > OpenBSD assume bios time is utc, but it's PRC, can I tell OpenBSD the
> > > > bios time zone?
> > >
> > > http://marc.info/?l=openbsd-misc&m=111956694726618&w=2
> > >
>
> > Thanks, but I can NOT open the page, could you excerpt for me ?
>
> Really? What's wrong? Are you in China?

"it's PRC" so yes.
My real question, though, is: do you mean that the great firewall of
china is blocking marc.info? Does it give any message when it does, or
can you just not talk to it? Can you DNS it (`nslookup marc.info`)?

-Nick

Re: About non-free software in OpenBSD

[Sebastian Raible]

Hi,


On Mon, Dec 10, 2007 at 11:43:35AM -0500, Nick Guenther wrote:
> << their software application must ship the sources or a written notice
> on where to get sources. Since web applications are applications, all
> web applications and html pages that are powered by GNU scripts must
> ship the sources (or a written notice) each time someone requests the
> web page inside their web browser. Web developers are not doing this.
> No one has noticed.>>
> In fairness, these charges seem overzealous; deliberately
> misinterpretting the spirit of the GPL. I don't know, though, so I'd
> like it to be cleared up; as I understand it, a web app doesn't count
> as "publishing"; people just using code like that are under no
> obligation to publish it, and it's just the author/vendor who is
> obligated to provide source.
> Though, I suppose RMS (a hypothetical, consistent RMS) mght argue that
> if you are providing a "web app" piece of software, then if your users
> cannot edit your site on you ("modify software they use") then you are
> violating the Four Freedoms and the GPL.
> Is any of that anywhere near reality?

there was an article in the current issue of the german Linux Magazin,
it covers the use of GPLv2'ed web applications regarding "Software as a
Service, Application Service Providing and Free Software".

According to this article, the GPL(v2) does not consider this kind of
use of Free Software as distribution. Because of that, the FSF designed
the "Affero General Public License" (AGPL) [1].
Additionally, the article says that in GPLv3, they make use of the term
"convey" which also didn't consider the kind of distribution that
happens with a web application as a distribution of software, therefore
they started a "AGPLv3" [2].


hth
Sebastian

[1] http://linux-magazin.de/heft_abo/ausgaben/2008/01/freier_zugriff?category=0
[2] http://www.affero.org/oagpl.html
[3] http://gplv3.fsf.org/agplv3-dd2-guide.html

[demime 1.01d removed an attachment of type application/pgp-signature]

aggregate-address in openbgpd

[bitbucket]

How I can aggregate small prefixes, received from internal peers into big one 
in openbgpd ? Like cisco's 'aggregate-address' feature.

I've search in documentation and source code, but found nothing about prefix 
aggregation. 

Re: : rouge IPs / user

[Marti Martinez]

Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try
enabling syn cookies.

On Dec 11, 2007 5:43 AM, knitti <[EMAIL PROTECTED]> wrote:
> On 12/11/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote:
> > I want to know if and what I can do (on the server side) about HTTP
> > clients that put sockets on my httpd server in state CLOSE_WAIT and
> > thereby chew up all sockets for the server causing a kind of
> > denial of service state.
> >
> > And yes, I have googled for "HPPT server socket CLOSE_WAIT" and
> > did not get much wiser.
>
> If I understand correctly you could try synproxy states with pf and let these
> states expire rapidly. If the states expire, I *think* pf should end the
> connection completely, so your half-closed sockets don't get stale.
> BUT perhaps I didn't get it at all and this makles no sense ;)
>
> --knitti
>
>



-- 
Systems Programmer, Principal
Electrical & Computer Engineering
The University of Arizona
[EMAIL PROTECTED]

HP LaserJet P2015 on OpenBSD -- BEWARE

[Matthew Szudzik]

I recently purchased an HP LaserJet P2015 printer, and I wanted to warn
other users not to make the same mistake.  The printer crashes
intermittently while trying to print PostScript files with lpd.

A little googling revealed that other users have also had problems with
this model

 http://www.macintouch.com/readerreports/printing/topic2869.html#27aug2007

Re: : rouge IPs / user

[Daniel Ouellet]

Raimo Niskanen wrote:

On Tue, Dec 11, 2007 at 01:15:11AM +1300, Joel Wiramu Pauling wrote:

Tip.

Don't allow password challenge. Problem solved. Just use key'd ssh and this
problem disappears.



Bin there, done that.

You answered the wrong question.


I think you got the right answer many times so far, but you just refuse 
to take the advise. People have told you many times to just use pf and 
be done with it.


You just reply and dismiss them like one here:

"I was adviced for pf, but right now a simple ssh-config and 
hosts.allow/deny is serving me fine. I will learn and use pf in due course."



I want to know if and what I can do (on the server side) about HTTP
clients that put sockets on my httpd server in state CLOSE_WAIT and
thereby chew up all sockets for the server causing a kind of
denial of service state.


People have giving you the answer over and over, but it is up to you to 
listen tot he advise.



And yes, I have googled for "HPPT server socket CLOSE_WAIT" and
did not get much wiser.


I am not sure you actually did, but I will give you the benefit here.

Again, the same answer and same advise. Get with it and use pf.

If you google it, you would have seen exactly the answer and example to 
your question here yet again using pf:


http://openbsd.org/faq/pf/filter.html#synproxy

It one thing to ask for help and advise, users here have given you 
plenty of really good one, it's an other to refuse it, dismiss it and 
come back saving no one tell you the answer, or provide you answer to 
the wrong question.


The answer to your problem is just to use PF, or may be the real problem 
is between the monitor and the chair.


Please, just read on it and do it right and stop telling people are not 
helping you. They are and they give you the right answer, but you refuse 
them.
 Your computer(s), your choice, that I get it, but then don't say you 
don't get help.


Great FAQ on PF and it's easy to read:

Spend the same amount of time reading it as you write emails and you 
will know it much better then I looks like.


http://openbsd.org/faq/pf/

If you want more then read great docs on it here:

http://www.bsdly.net/~peter/pf.html

and if that still not answering your questions, then get the book:

http://nostarch.com/frameset.php?startat=pf

So far ALL the answers to your various questions on the subject and the 
variation of it is to use PF, so just do it.


Hope this help you some.

Best,

Daniel

Re: About non-free software in OpenBSD

[Marco Peereboom]

wow how completely uninteresting.  How about kicking the lawyers out and
writing some code instead?  I know its a weird concept.

On Tue, Dec 11, 2007 at 05:24:24PM +0100, Sebastian Raible wrote:
> Hi,
> 
> 
> On Mon, Dec 10, 2007 at 11:43:35AM -0500, Nick Guenther wrote:
> > << > their software application must ship the sources or a written notice
> > on where to get sources. Since web applications are applications, all
> > web applications and html pages that are powered by GNU scripts must
> > ship the sources (or a written notice) each time someone requests the
> > web page inside their web browser. Web developers are not doing this.
> > No one has noticed.>>
> > In fairness, these charges seem overzealous; deliberately
> > misinterpretting the spirit of the GPL. I don't know, though, so I'd
> > like it to be cleared up; as I understand it, a web app doesn't count
> > as "publishing"; people just using code like that are under no
> > obligation to publish it, and it's just the author/vendor who is
> > obligated to provide source.
> > Though, I suppose RMS (a hypothetical, consistent RMS) mght argue that
> > if you are providing a "web app" piece of software, then if your users
> > cannot edit your site on you ("modify software they use") then you are
> > violating the Four Freedoms and the GPL.
> > Is any of that anywhere near reality?
> 
> there was an article in the current issue of the german Linux Magazin,
> it covers the use of GPLv2'ed web applications regarding "Software as a
> Service, Application Service Providing and Free Software".
> 
> According to this article, the GPL(v2) does not consider this kind of
> use of Free Software as distribution. Because of that, the FSF designed
> the "Affero General Public License" (AGPL) [1].
> Additionally, the article says that in GPLv3, they make use of the term
> "convey" which also didn't consider the kind of distribution that
> happens with a web application as a distribution of software, therefore
> they started a "AGPLv3" [2].
> 
> 
> hth
> Sebastian
> 
> [1] 
> http://linux-magazin.de/heft_abo/ausgaben/2008/01/freier_zugriff?category=0
> [2] http://www.affero.org/oagpl.html
> [3] http://gplv3.fsf.org/agplv3-dd2-guide.html
> 
> [demime 1.01d removed an attachment of type application/pgp-signature]

halt -p/reboot -> ddb (was Re: halt -p: Stopped at gettick+0xec: inb $0x40,%al)

[Stuart Henderson]

On 2007/12/10 17:32, Stuart Henderson wrote:
> On 2007/12/10 17:06, Stuart Henderson wrote:
> > I've got a ServerWorks-based Fujitsu-Siemens Xeon box. At 'halt -p'
> > (with or without acpi) the following happens (no panic).
> 
> Ugh. 'reboot', too.

More info: with bsd.mp, reboot drops to ddb too, but differently.
(GENERIC.MP dmesg is added right at the bottom). halt -p works.

At this point 'c' allows the reboot/halt to proceed, so at least
I no longer need a power-cycle.

This works ok in 4.0, not in 4.1/newer.

sycing disks... done
Stopped at  __mp_lock+0x3e: movl0x4(%edx),%eax
ddb{1}> tr
__mp_lock(d07cc144,d048767a,dac34f1c,dac34f1c) at __mp_lock+0x3e
i386_softintlock(0,d0350058,d6b50010,10,dac30010) at i386_softintlock+0x10
Xintrltimer() at Xintrltimer+0x47
--- interrupt ---
cpu_idle_cycle(d1270800) at cpu_idle_cycle+0xf
Bad frame pointer: 0xd0911e78
ddb{1}> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
  6898  1   6898  0  7   0x2004002reboot
15  0  0  0  30x100200  bored crypto
14  0  0  0  3   0x2100200  aiodoned  aiodoned
13  0  0  0  2   0x2100200update
12  0  0  0  3   0x2100200  cleaner   cleaner
11  0  0  0  30x100200  reaperreaper
10  0  0  0  3   0x2100200  pgdaemon  pagedaemon
 9  0  0  0  2   0x2100600pfpurge
 8  0  0  0  3   0x2100200  usbtskusbtask
 7  0  0  0  3   0x2100200  usbevtusb0
 6  0  0  0  3   0x2100200  acpi_idle acpi0
*5  0  0  0  70x100200idle1
 4  0  0  0  30x100200  bored syswq
 3  0  0  0  30x100200idle0
 2  0  0  0  3   0x2100200  kmalloc   kmthread
 1  0  1  0  3   0x2004080  wait  init
 0 -1  0  0  3   0x2080200  scheduler swapper

Another time,

syncing disks... done
Stopped at  lapic_delay+0x3a:   cmpl%esi,%edi
ddb{0}> tr
lapic_delay(3e8,0,4,febf) at lapic_delay+0x3a
ahd_reset(d1278000,0,804010,dac4aeb0,d02032c9) at ahd_reset+0xae
ahd_shutdown(d1278000,1fca5097,2,145886) at ahd_shutdown+0x2e
dohooks(d078bf00,1,dac4af00,d047c915) at dohooks+0x6b
boot(0,0,dac4af40,0,d078af34) at boot+0x63
sys_reboot(d6a47568,dac4af68,dac4af58,,2a) at sys_reboot+0x26
syscall() at syscall+0x27e
--- syscall (number 55) ---
0x1c0009c1:
ddb{0}> ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
*10478  1  10478  0  7   0x2805002reboot
15  0  0  0  30x100200  bored crypto
14  0  0  0  3   0x2100200  aiodoned  aiodoned
13  0  0  0  2   0x2100200update
12  0  0  0  3   0x2100200  cleaner   cleaner
11  0  0  0  30x100200  reaperreaper
10  0  0  0  3   0x2100200  pgdaemon  pagedaemon
 9  0  0  0  2   0x2100600pfpurge
 8  0  0  0  3   0x2100200  usbtskusbtask
 7  0  0  0  3   0x2100200  usbevtusb0
 6  0  0  0  3   0x2100200  acpi_idle acpi0
 5  0  0  0  70x100200idle1
 4  0  0  0  30x100200  bored syswq
 3  0  0  0  30x100200idle0
 2  0  0  0  3   0x2100200  kmalloc   kmthread
 1  0  1  0  3   0x2004080  wait  init
 0 -1  0  0  2   0x2080200swapper

On 2007/12/10 17:32, Stuart Henderson wrote:
> On 2007/12/10 17:06, Stuart Henderson wrote:
> > I've got a ServerWorks-based Fujitsu-Siemens Xeon box. At 'halt -p'
> > (with or without acpi) the following happens (no panic).
> 
> Ugh. 'reboot', too.
> 
> > Any suggestions?
> > 
> > # halt -p
> > /etc/rc.shutdown in progress...
> > /etc/rc.shutdown complete.
> > sycing disks... done
> > Stopped at  gettick+0xec:   inb $0x40,%al
> > ddb> tr
> > gettick(d116d000,4,186a0,3e8,d116d000) at gettick+0xec
> > i8254_delay(3e8,0,4,febf) at i8254_delay+0x11
> > ahd_reset(d116d000,0,804010,dab27eb0,d0202251) at ahd_reset+0xae
> > ahd_shutdown(d116d000,2e9b,dab27ee0,d05caedd) at ahd_shutdown+0x2e
> > dohooks(d0782000,1,dab27f00,d047a654) at dohooks+0x6b
> > boot(1008,0,dab27f40,0,d0781034) at boot+0x63
> > sys_reboot(d693dc20,dab27f68,dab27f58,,30) at sys_reboot+0x26
> > syscall() at syscall+0x24e
> > --- syscall (number 55) ---
> > 0x1c0009c1:
> > ddb> ps
> >PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
> > *21404  1  21404  0  7  0x4002halt
> > 14  0  0  0  30x100200  bored crypto
> > 13  0  0  0  30x100200  

Re: Real men don't attack straw men

[Daniel Ouellet]

Peter N. M. Hansteen wrote:

Using OpenBSD we build the systems we need, and they work a helluva
lot better than most of the other stuff out there.  OpenBSD is free
and lets us create reliable, high performance, low maintenance
networks and services, Stuff That Just Works.  In fact it's so good it
makes you *want* to contribute back.  That's what I want to emphasize.


Amen, There is nothing more to say. There is the one still looking for 
an OS that might work for some of their needs, and there is OpenBSD for 
a lots of them. And yes, it just work!

Re: no 4.2-stable package updates??

[Marcos Laufer]

My opinion is that more money should be raised in order to
keep -stable up to date.
I think it's important to mantain a stable distribution, it's one
of the things that give openbsd it's fame of being solid rock

Marcos

- Original Message - 
From: "Antoine Jacoutot" <[EMAIL PROTECTED]>
To: "Martin Schrvder" <[EMAIL PROTECTED]>
Cc: "Misc-Openbsd Listserv" 
Sent: Tuesday, December 11, 2007 1:09 PM
Subject: Re: no 4.2-stable package updates??


On Tue, 11 Dec 2007, Martin Schrvder wrote:
> Get -stable ports fixed?

Lack of interest/man power.

-- 
Antoine

Re: aggregate-address in openbgpd

[Claudio Jeker]

On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote:
> How I can aggregate small prefixes, received from internal peers into
> big one in openbgpd ? Like cisco's 'aggregate-address' feature.
> I've search in documentation and source code, but found nothing about
> prefix aggregation. 
> 

bgpd does not support aggregation of addresses. After 4 years of bgpd your
the first to request this so don't expect that it changes soon.

-- 
:wq Claudio

Re: : rouge IPs / user

[Stuart Henderson]

On 2007/12/11 09:40, Marti Martinez wrote:
> Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try
> enabling syn cookies.

synproxy works at the start of the connection, not the end.

CLOSE_WAIT is the state where the network stack waits for
the application (httpd) to close the connection after receiving
the client's FIN.

Re: Azalia driver locks up computer Sony SZ460N

[Deanna Phillips]

Rob Lytle writes:

> Here is the dmesg.  Note that I have #define AZALIA_DEBUG but there
> are no debug messages.
>
> OpenBSD 4.2-current (ROBKERN3) #0: Mon Dec 10 21:56:24 PST 2007
> root@:/usr/src/sys/arch/i386/compile/ROBKERN3


Can you reproduce this (whatever it is) while running a snapshot
kernel?  It sounds like your source tree and build environment
are broken.

Re: Real men don't attack straw men

[ropers]

> > You've got a choice of:
(...)
> > 3/ dangerous political activist with a hidden agenda

> Or
>
> 4) not up on the OpenBSD projects goals and current licensing requirements

To quote Robert Steele (from memory):

"Given a choice between incompetence and conspiracy, always go for
incompetence, because incompetence is vastly more likely."

( cf. http://en.wikipedia.org/wiki/Robert_David_Steele )

Re: BIND and the measure of system entropy (randomness?)

[knitti]

On 12/11/07, Andreas Maus <[EMAIL PROTECTED]> wrote:
> On Wed, Dec 12, 2007 at 01:08:42AM +1100, mufurcz wrote:
> >  b) lines 34 and 35:  `could not open entropy source /dev/arandom: file not
> >  found` and `using pre-chroot
> >  entropy source /dev/arandom` complaining about a missing
> >  /var/named/dev/arandom device.
> Same as above. /dev/arandom is _REALLY_ /var/named/dev/arandom.
> So just why not creating this device?
> cd /var/named/dev
> mknod arandom c 45 4
>
> >  What BIND has to do with the laws of thermo-dynamics?  Can I safely ignore
> >  the above messages.
> BIND needs /dev/arandom for some stuff like generating random IDs.

on OpenBSD it doesn't. There was a mail from Theo regarding exactly this
error message, stating that on OpenBSD BIND doesn't use (or need) this.
You could search the archives...

--knitti

Re: : rouge IPs / user

[knitti]

On 12/11/07, Stuart Henderson <[EMAIL PROTECTED]> wrote:
> On 2007/12/11 09:40, Marti Martinez wrote:
> > Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try
> > enabling syn cookies.
>
> synproxy works at the start of the connection, not the end.
>
> CLOSE_WAIT is the state where the network stack waits for
> the application (httpd) to close the connection after receiving
> the client's FIN.

oh sorry, then I was wrong. So when client's FIN is already in, then
(depending on how long it takes), is it normal behaviour of httpd
or could it be considered a bug?


--knitti

Re: Real men don't attack straw men

[Ken Ismert]

From my perspective as someone outside the BSD and GPL cultures,
both camps seem to have many more similarities than differences.
I see both Theo and Richard as principled iconoclasts, stubbornly
creating and promoting software that meets their individual high
standards, meeting and overcoming difficult opposition.

It seems likely that no one license can preserve all possible
freedoms. In my view, both licenses have advantages the other
cannot possess. So I don't think reconciliation is required, or
even desirable (and, from a purely selfish standpoint, I find
following these threads to be far more entertaining than sports).
Despite your differences, you probably remain the other's
closest ally.

There is ample room for GPL and BSD. We need eternally free
software, if only as a counterbalance and last resort to
encroaching commercialism. But there are also essential
functions in a networked world that are best served by
software that can be used for any purpose. I value the
liberty of deciding what freedoms are most important to
a project and its goals, and picking the license that
best suits it.

-Ken

Re: Real men don't attack straw men

[Darrin Chandler]

On Tue, Dec 11, 2007 at 12:28:29PM -0600, Ken Ismert wrote:
> It seems likely that no one license can preserve all possible
> freedoms. In my view, both licenses have advantages the other
> cannot possess. So I don't think reconciliation is required, or
> even desirable (and, from a purely selfish standpoint, I find
> following these threads to be far more entertaining than sports).
> Despite your differences, you probably remain the other's
> closest ally.
> 
> There is ample room for GPL and BSD. We need eternally free
> software, if only as a counterbalance and last resort to
> encroaching commercialism. But there are also essential
> functions in a networked world that are best served by
> software that can be used for any purpose. I value the
> liberty of deciding what freedoms are most important to
> a project and its goals, and picking the license that
> best suits it.

There seems to be a subtext in your message that one license is more
free than the other, and that the more free license is the GPL. This is
not true.

Offering something to someone as "free" with one hand, while taking back
rights with the other is not free. BSD/MIT/ISC licenses retain a very
minimal set of rights to the original author(s), and give away
everything else. Whatever the merits of ISC v. GPL, there's really no
debate on which is more free.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Real men don't attack straw men

[Richard Stallman]

Why don't you ask Theo, whom you once praised, about OpenBSD?

Because he tends to be unfriendly.

Re: Real men don't attack straw men

[Richard Stallman]

Um, OpenBSD is the only common OS that is actively against blobs. See
http://www.openbsd.org/lyrics.html#39
We're on the same side here.

That is good.  (gNewSense and Ututo are also against blobs.)

Sir, it was brought up that the [GNU/]linux distributions you do suggest do
often include in their ports systems non-free software. See e.g.
http://marc.info/?l=openbsd-misc&m=119726055819074&w=2
What do you say to that? Was that a lie or a mistake?

What they have told me is that they do not.

I will send mail to try to fetch the page at that URL and see what you
are talking about.

Re: Real men don't attack straw men

[Richard Stallman]

OpenBSD is by far the most free OS in the landscape.  Everything that
ships with it is free or else it won't be distributed with it.

Yes, that's what I was told.  I was also told that OpenBSD's ports
system includes non-free programs.  Is that accurate too?

  There is
not a single open source OS out there that is more careful than OpenBSD
on licensing, copyrights and frivolous patents.

Maybe that is true, but it's not the issue I'm talking about.  I'm not
a supporter of open source anyway; I fight for free software.

Ututo and gNewSense have the policy not to include non-free programs,
not even in a ports system.  Thus, they don't do anything that
contradicts the philosophy of free software.  That's why I can
recommend them.

Unlinke linux OpenBSD does not contain proprietary firmware blobs in the
distribution.

Torvalds' version of Linux is not free software, for this reason.
Ututo and gNewSense include a version of Linux which remove the
firmware blobs, in order to make it free software.

Re: Real men don't attack straw men

[Richard Stallman]

Is the list at:
http://www.gnu.org/links/links.html#FreeGNULinuxDistributions
the list of operating systems that meet your criteria?  It appears that 
gNewSense includes LAME in binary format, and BLAG "recommends" it at 
https://wiki.blagblagblag.org/Lame in much the same way OpenBSD does.

ISTR LAME is free software, but I will double-check.

In fact, BLAG suggests other unfree programs, such as unrar 
(https://wiki.blagblagblag.org/Unrar), even noting that the software is 
non-free.

What is the license of Unrar?  I will try to access that page, but I
cannot access an https page except by asking someone to get it for me.
I will see if it works with plain http:.

I don't think anyone is particularly upset that OpenBSD isn't among the 
software you recommend, but to claim that OpenBSD includes "non-free" 
software in its ports collection (using your definition of "free") while 
claiming that gNewSense meets your criteria is disingenuous at best.

At best, it's an accurate statement.  At worst, the gNewSense
developers made a mistake, and will correct it.

My main basis for judging any distro is the policies it has adopted.

Everyone makes mistakes, and well-intentioned people fix their
mistakes.  So if someone finds a non-free program in gNewSense, or in
OpenBSD, in violation of the distro's policies, that's no disaster.  I
trust the developers will remove it once they find out.

On the other hand, if a distro's policies say something is allowed,
then it isn't a mistake, and I can't expect it to be fixed.  That's
what gives me stronger concern.  The presence of non-free programs
in the OpenBSD ports system is not a mistake, it's intentional.

Re: : rouge IPs / user

[Daniel Ouellet]

knitti wrote:

On 12/11/07, Stuart Henderson <[EMAIL PROTECTED]> wrote:

On 2007/12/11 09:40, Marti Martinez wrote:

Yep, synproxy in your answer for OpenBSD. For linux or freebsd, try
enabling syn cookies.

synproxy works at the start of the connection, not the end.

CLOSE_WAIT is the state where the network stack waits for
the application (httpd) to close the connection after receiving
the client's FIN.


oh sorry, then I was wrong. So when client's FIN is already in, then
(depending on how long it takes), is it normal behaviour of httpd
or could it be considered a bug?


It's not a bug, but a feature I guess. It's useful for keep alive setup 
and can be adjusted in httpd as well, or being turn off is that really 
annoyed you. I am not recommending it however.


PF can help in making sure the connections you pass to your httpd server 
are legitimate one (three way handshake) and then you can adjust the 
keep alive on the httpd to reduce it if you want, or turn it off may be 
in very bad cases.


Even in very worst cases, you could adjust some of pf net.inet.tcp.xxx 
value to help, but I am not going there as in most cases, users will 
make it way worst then better. You have to have a very busy server(s) to 
start playing with these values for both/either pf and httpd keep alive.


If it is just that it annoy you to see the CLOSE_WAIT in pf as an 
example, but that the httpd server is operating normally, then just let 
it be.


There is also possibility to adjust PF to start limiting the states in 
it's table as you start running under very heavy load, but again, that's 
not for everyone. You can setup PF to expired states sooner then they 
would if you reach high limits, etc.


But again, all this is for very heavy setup and servers. I could be 
wrong, but I don't think that's the issue in this case.


In any case, in the interest to answer your question, you can always 
read on this a bit. Adaptive options and various timeout in PF combine 
with some changes in httpd.conf for keep alive will carry you a long way:


http://www.openbsd.org/cgi-bin/man.cgi?query=pf.conf&sektion=5&manpath=OpenBSD+4.2

So, if you configure PF to use some of that, then change the httpd 
default for keep alive and reduce it if need be as well as making sysctl 
changes, you can make a system support a hell of a lots more traffic, 
but at the same time, you can shoot you in the foot pretty bad and 
making it way worst as well. So, unless you really have to and oyu truly 
understand each aspect of it, leaving it alone is best and simple PF 
configuration alone will carry you a very long way.


There is a lots that can be done, however, when you reach this level, an 
answer doesn't fit all and is really dependent on your setup.


Hope this help answering your question.

Daniel

setxkbmap kills X

[Pau Amaro-Seoane]

Hi,

as you can read in the subject, running e.g. setxkbmap us will kill X totally.

I don't see any core dumped or similar.

What can be the problem?

Here you are my dmesg (an "zzz" froze the laptop and I had to power it
off) and xorg.conf

But X crashed also when not using an xorg.conf (i.e., running it "on the fly)

-

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1700MHz ("GenuineIntel"
686-class) 1.70 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2
real mem  = 2146398208 (2046MB)
avail mem = 2067853312 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/20/05, BIOS32 rev. 0 @
0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries)
bios0: vendor IBM version "1RETDIWW (3.14 )" date 01/20/2005
bios0: IBM 23739FU
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xdc000/0x4000! 0xe/0x1
cpu0 at mainbus0
cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200,
1000, 800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82855PE Hub" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82855PE AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M9 Lf" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci2 at ppb1 bus 2
cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11
cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11
em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03:
irq 11, address 00:0d:60:89:7a:4d
ath0 at pci2 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11
ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR1W, address 00:05:4e:42:ea:6b
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01:
24-bit timer at 3579545Hz
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq
11, ICH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
"Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt2 at isa0 port 0x3bc/4: polled
aps0 at isa0 port 0x1600/31
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask effd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on wd0b
WARNING: / was not properly unmounted
auich0: measured ac97 link rate at 4

Re: Real men don't attack straw men

[Tom Van Looy]

Hi

About the ports tree, maybe you are right and OpenBSD should go kick out 
the possibly 50 ports that you have a problem with.


Now, about BSD/GPL that's an other story. But that doesn't mean we can't 
learn from each other and help each other.


I hope it has to do Richards efforts on the GNU/Linux side of the 
open-source world that even Ubuntu works on a completely free edition 
(Gobuntu) nowadays.


OpenBSD "refuses to accept it's users being forced into depending on 
vendor binaries" and pushes people to "send a message that open support 
for hardware matters". Unix is becoming mainstream again. You should all 
work together at educating new people.


Kind regards,

Tom



Richard Stallman wrote:

It looks like some people are having a discussion in which they
construct views they would find outrageous, attribute them to me, and
then try to blame me for them.

For such purposes, knowledge of my actual views might be superfluous,
even inconvenient.  However, if anyone wants to know what I do think,
I've stated it in various articles in http://www.gnu.org/philosophy/.
In particular, see http://www.gnu.org/philosophy/freedom-or-power.html.

One question particularly relevant for this list is why I don't
recommend OpenBSD.  It is not about what the system allows.  (Any
general purpose system allows doing anything at all.)  It is about
what the system suggests to the user.

Since I consider non-free software to be unethical and antisocial, I
think it would be wrong for me to recommend it to others.  Therefore,
if a collection of software contains (or suggests installation of)
some non-free program, I do not recommend it.  The systems I recommend
are therefore those that do not contain (or suggest installation of)
non-free software.


From what I have heard, OpenBSD does not contain non-free software

(though I am not sure whether it contains any non-free firmware
blobs).  However, its ports system does suggest non-free programs, or
at least so I was told when I looked for some BSD variant that I could
recommend.  I therefore exercise my freedom of speech by not including
OpenBSD in the list of systems that I recommend to the public.

I could recommend OpenBSD privately with a clear conscience to someone
I know will not install those non-free programs, but it is rare that I
am asked for such recommendations, and I know of no practical reason
to prefer OpenBSD to gNewSense.

The fact that OpenBSD is not a variant of GNU is not ethically
important.  If OpenBSD did not suggest non-free programs, I would
recommend it along with the free GNU/Linux distros.

Re: Real men don't attack straw men

[Marcus Andree]

Sir, please check my inline comments.

On 12/11/07, Richard Stallman <[EMAIL PROTECTED]> wrote:
>Is the list at:
>http://www.gnu.org/links/links.html#FreeGNULinuxDistributions
>the list of operating systems that meet your criteria?  It appears that
>gNewSense includes LAME in binary format, and BLAG "recommends" it at
>https://wiki.blagblagblag.org/Lame in much the same way OpenBSD does.
>
> ISTR LAME is free software, but I will double-check.
>
>In fact, BLAG suggests other unfree programs, such as unrar
>(https://wiki.blagblagblag.org/Unrar), even noting that the software is
>non-free.
>
> What is the license of Unrar?  I will try to access that page, but I
> cannot access an https page except by asking someone to get it for me.
> I will see if it works with plain http:.
>
>I don't think anyone is particularly upset that OpenBSD isn't among the
>software you recommend, but to claim that OpenBSD includes "non-free"
>software in its ports collection (using your definition of "free") while
>claiming that gNewSense meets your criteria is disingenuous at best.
>
> At best, it's an accurate statement.  At worst, the gNewSense
> developers made a mistake, and will correct it.
>
> My main basis for judging any distro is the policies it has adopted.

I just can't follow this. Let's see what's written in the OpenBSD ports
page (http://www.openbsd.org/ports.html):

"Motivation
OpenBSD is a fairly complete system of its own, but still there is a
lot of software that one might want to see added. However, there is
the problem of where to draw the line as to what to include, as well
as the occasional licensing and export restriction problems. As
OpenBSD is supposed to be a small stand-alone UNIX-like operating
system, some things just can't be shipped with the system."

So, an operating system can born "free" (free as in speech, in the GNU sense)
and then, become "non-free" just because some users decided to create a way
to ease installations of software that "just can't be shipped with the system"?

Despite some OpenBSD kernel developers are also port mantainers, I'd
believe that the vast majority of the latter don't do kernel programming, so
IMO, they could be labeled as "users" (since they're working in user space).

>
> Everyone makes mistakes, and well-intentioned people fix their
> mistakes.  So if someone finds a non-free program in gNewSense, or in
> OpenBSD, in violation of the distro's policies, that's no disaster.  I
> trust the developers will remove it once they find out.
>

Well, it seems that we have the following pattern:

 - gNewSense, if someone finds a non-free program in it, that's no disaster
 - anything else, if someone finds a non free program in it, that's
surely a disaster

Please, sir, clarify

> On the other hand, if a distro's policies say something is allowed,
> then it isn't a mistake, and I can't expect it to be fixed.  That's
> what gives me stronger concern.  The presence of non-free programs
> in the OpenBSD ports system is not a mistake, it's intentional.
>

As a last question. Will gNewSense become "non-free" if I start a "ports-like"
software install package project for it?

Thanks in advance.

Re: Real men don't attack straw men

[Lars Noodén]

Richard Stallman wrote:
>...
> On the other hand, if a distro's policies say something is allowed,
> then it isn't a mistake, and I can't expect it to be fixed.  That's
> what gives me stronger concern.  The presence of non-free programs
> in the OpenBSD ports system is not a mistake, it's intentional.

Partitioning the non-free material from the free material in the ports
would be a first step.  There are many who might choose to put their
efforts into a free tool (or start one if it is missing) if the
licensing categories were more apparent.

-Lars

Re: no 4.2-stable package updates??

[Jason LaRiviere]

Marcos Laufer wrote:
> My opinion is that more money should be raised in order to
> keep -stable up to date.
> I think it's important to mantain a stable distribution, it's one
> of the things that give openbsd it's fame of being solid rock
> 
> Marcos

Seriously? More money? Like enough to woo someone from their job
and keep stable packages up to date for you?

I'm not sure you understand how this whole thing works. Also, may your
payment be the first of the windfall, and your -stable package patches
the catalyst for la revolucion.
-- 
Jason

Re: Real men don't attack straw men

[Josh Grosse]

I have been reading this debate with interest, and am confused on one key 
point.  

RMS wrote:

> Ututo and gNewSense have the policy not to include non-free programs,
> not even in a ports system.  

According to http://www.gnewsense.org/Main/Features, "Universe enabled
by default"

Does selecting Ubuntu "Universe" category for packages include Main and
Restricted?  If so, Restricted is non-free software, per 

http://www.ubuntu.com/community/ubuntustory/components

Re: Real men don't attack straw men

[Iñigo Tejedor Arrondo]

El mar, 11-12-2007 a las 14:00 -0500, Richard Stallman escribiC3:

> My main basis for judging any distro is the policies it has adopted.

So a distro that comes (de-binaryzed) from ubuntu, that comes from
debian that any of them allow you to install a (nvidia) blob or any of
the non-free ports of openbsd, is more convenient that a system that
fight over all, about the freedom of the users, developers and of the
code.

Please, dear rms, you can use any thing like opera on ututo or
gnewsense, also you can taint the kernel, or browse in emacs for a flash
web (the last is a fake, i think ;).

> Everyone makes mistakes, and well-intentioned people fix their
> mistakes.  So if someone finds a non-free program in gNewSense, or in
> OpenBSD, in violation of the distro's policies, that's no disaster.  I
> trust the developers will remove it once they find out.

Pretty, even if they could develop something on the O.S. to avoid the
use of blobs, firmwares, and non gpl'ed software by the users, it could
be a killer Linux distribution.

> On the other hand, if a distro's policies say something is allowed,
> then it isn't a mistake, and I can't expect it to be fixed.  That's
> what gives me stronger concern.  The presence of non-free programs
> in the OpenBSD ports system is not a mistake, it's intentional.

Yes, like all the really free developed drivers, like the fight for
documentation of hardware, excellent code and better license, like the
really hard decisions that OpenBSD has chose about software and licenses
on his time line. It is intentional and appreciated :)

But say that OpenBSD is not a "recomendable" distribution for people
that wants freedom, is like say that it is insecure by default, and is
better a popolulufufulunix that comes whit a firewall activated by
default.

Greetings, and have a nice day.
IC1igo

Re: Real men don't attack straw men

[Daniel Ouellet]

Richard Stallman wrote:

OpenBSD is by far the most free OS in the landscape.  Everything that
ships with it is free or else it won't be distributed with it.

Yes, that's what I was told.  I was also told that OpenBSD's ports
system includes non-free programs.  Is that accurate too?

  There is
not a single open source OS out there that is more careful than OpenBSD
on licensing, copyrights and frivolous patents.

Maybe that is true, but it's not the issue I'm talking about.  I'm not
a supporter of open source anyway; I fight for free software.


In that case, if you are really fighting for free software Richard, and 
I very much respect that, regardless of licenses, or ideology, or what 
not. I have only one request/question for you and I hope you will 
consider it fair and in the interest of "Free Software" for all as you 
clearly put it.


Why not advocate and request also from the FSF and from the GPL 
developers as you are the main person in the GPL license to extend the 
same hand and "Free Software" as you fight for and when a BSD write a 
great piece of software and that anyone in GNU, FSF or using the GPL 
find it worth to use and import, why not request to keep it under the 
same license as it's origin instead of locking it in the GPL at import 
time and then lock out the original developers of the BSD side.


All fight aside, I really do not think it is asking to much is it?

This way, what was given as "Free Software" will stay as free software 
of all and not exclude a big part of them.


If you just sit back and think about this and about your goal in life of 
"Free Software" I would think you would fine it fare would you?


You don't bite the hand that feed you and as such, I would think working 
together in the interest of "Free Software" would benefit all and having 
you also request the same would just be fair and fantastic in the 
interest of "Free Software".


Let a software be under it's license of choice by the author from it's 
birth to it's death.


If a great GPL software is written and xBSD would love to use it, an in 
case of OpenBSD for example will have to re-write it under a BSD license 
if they want to have it in base and they will do so if worth the effort. 
However the GPL can just import it as is and as such the burning of the 
license choice is on the BSD side, not the GPL side.


So, why not respect it and keep it as such and contribute back under the 
BSD, when the original BSD license software was taken. It's only fair 
and it is fully in the interest of "Free Software".


It sure in that case anyway allow for more users to fully use that "Free 
Software" and if your goal as clearly stated here is that "Free 
Software" then doing so, would actually spread that "Free Software" even 
more.


Just something to think about in this holiday season. It sure would make 
a wonderful gift of "Free Software" to all if you would see it as such 
and not deviate from your goal, but fighting for it even more and 
respecting other introductions of "Free Software"


Please, think about it before you reply if you do. It's important and is 
fully in line with your life time fight and goal of "Free Software"


Best regards,

Daniel

Re: Real men don't attack straw men

[mcb, inc.]

Watching the latest flame war, I can't help thinking that as
founders of their respective projects Theo and RMS are trapped
in a jail of rigid consistency and absolutism demanded by
children and utopians.  Only at home, with the door locked,
are they free to boot their home's sole computer, a Windows
box, watch some Real Media streams and play a few Valve-
controlled games.  And late at night, when the ice weasels
come, a hypnogogic fog provides cover for a last conscious
thought:  "I wish, I wish, I wish... *I* had written OS X."

--
Monty Brandenberg

Re: aggregate-address in openbgpd

[bitbucket]

11.12.07, 20:43, Claudio Jeker ([EMAIL PROTECTED]):



> On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote:

> > How I can aggregate small prefixes, received from internal peers into

> > big one in openbgpd ? Like cisco's 'aggregate-address' feature.

> > I've search in documentation and source code, but found nothing about

> > prefix aggregation. 

> > 

> bgpd does not support aggregation of addresses. After 4 years of bgpd your

> the first to request this so don't expect that it changes soon.

I don't think that I'm first person, who request such feature.



http://archive.openbsd.nu/?ml=openbsd-misc&a=2006-03&m=1883090



"* Falk Brockerhoff  [2006-03-29 12:38]:

> I take a look on the documentation, searched the source-code for  

> anything spelled like aggregate or something like this, but I wasn't  

> lucky. The network-Statement isn't doing aggregating, is it?



njet. we don't have any aggregate code, and you're the first one ever 

to ask :)"

Re: Real men don't attack straw men

[Karsten McMinn]

On Dec 11, 2007 11:00 AM, Richard Stallman <[EMAIL PROTECTED]> wrote:
>
> My main basis for judging any distro is the policies it has adopted.
>
> Everyone makes mistakes, and well-intentioned people fix their
> mistakes.  So if someone finds a non-free program in gNewSense, or in
> OpenBSD, in violation of the distro's policies, that's no disaster.  I
> trust the developers will remove it once they find out.

just a layman here trying to make sense of it all. According to you,
gNewSense, an ubuntu (debian) derivitave -- is free software. I use
ubuntu on a laptop. According to gNewSense their policy supports use of
the universe and main package repositories from ubuntu with the
few mentioned changes. Apples to apples comparisons I say. I adjust
my repositories in a repository browser and poke away. I find java, I
find tools to work with many non-free pieces of software as well.

So OpenBSD becomes non-free because we don't have a database column
that labels stuff non-free, or a special folder for non-free packages?

Re: Real men don't attack straw men

[Johan SANCHEZ]

Hi all,

> OpenBSD "refuses to accept it's users being forced into depending on 
> vendor binaries" and pushes people to "send a message that open support 
> for hardware matters". Unix is becoming mainstream again. You should all 
> work together at educating new people.

http://www.fsf.org/news/freebios.html

And especially :
--
The FSF uses laptops donated by IBM over the past few years. This
was one among several ways IBM cooperated with the GNU Project.
But the cooperation is incomplete: when I asked for the
specifications necessary to make LinuxBIOS run on these laptops,
IBM refusedbciting, as the reason, the enforcement of "trusted
computing"  http://www.gnu.org/philosophy/can-you-trust.html
Treacherous computing is, itself, an attack on our freedom; it is
also, it seems, a motivation to obstruct our freedom in other ways.

--
You can also help our campaign by writing to manufacturers such as
Intel, saying they ought to cooperate with a fully free BIOS. Calm
but strong disapproval, coupled with stating an intention to take
action accordingly, is more effective than venting rage. Please
send a copy of your message to [EMAIL PROTECTED], so we can monitor the
support for this campaign. The more mail they get, the more
effect, so please do add your voice to ours.

--

For me BIOS, is mostly software embedded so i have to live with
that 'closed source bios' (at least on peecee's )  i think i don't
have to accept closed binary blobs at higher level ...

Now, please, can we together stop feeding that awful troll ?

Re: Real men don't attack straw men

[Jack J. Woehr]

mcb, inc. wrote:

Watching the latest flame war, I can't help thinking that as
founders of their respective projects Theo and RMS are trapped
in a jail of rigid consistency and absolutism demanded by
children and utopians.

Well, yes and no.

Theo's absolutism has kept OpenBSD pretty much the last
blob-free OS in the Free Software world.

RMS's absolutism has kept alive an ideal that launched
the mainstream open source movement.

So it's not non-functional. It's emotionally hard on the
individuals concerned, and often emotionally hard on
us who bask in the reflected glow of these geniuses :-).
But it  all seems to work out in practice. Has for a cuple
of decades now, give or take a few years.

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: aggregate-address in openbgpd

[Claudio Jeker]

On Tue, Dec 11, 2007 at 10:44:38PM +0300, bitbucket wrote:
> 11.12.07, 20:43, Claudio Jeker ([EMAIL PROTECTED]):
> 
> > On Tue, Dec 11, 2007 at 06:41:30PM +0300, bitbucket wrote:
> > > How I can aggregate small prefixes, received from internal peers into
> > > big one in openbgpd ? Like cisco's 'aggregate-address' feature.
> > > I've search in documentation and source code, but found nothing about
> > > prefix aggregation. 
> > > 
> > bgpd does not support aggregation of addresses. After 4 years of bgpd your
> > the first to request this so don't expect that it changes soon.
> I don't think that I'm first person, who request such feature.
> 
> http://archive.openbsd.nu/?ml=openbsd-misc&a=2006-03&m=1883090
> 
> "* Falk Brockerhoff  [2006-03-29 12:38]:
> > I take a look on the documentation, searched the source-code for  
> > anything spelled like aggregate or something like this, but I wasn't  
> > lucky. The network-Statement isn't doing aggregating, is it?
> 
> njet. we don't have any aggregate code, and you're the first one ever 
> to ask :)"
> 

I'm sorry, you're the 2nd person to ask for aggregation in bgpd.
I still think that more important things need to be done first especially
since aggregation is considered evil.
E.g. being able to anounce prefixes depening on some state would be more
useful.

-- 
:wq Claudio

Re: Real men don't attack straw men

[Ken Ismert]

Darrin Chandler wrote:
> There seems to be a subtext in your message that one license is more
> free than the other, and that the more free license is the GPL. This is
> not true.

I like both licenses and use software under both licenses. For software I
write, I can easily see scenarios where I would use BSD, and others GPL.

> Offering something to someone as "free" with one hand, while taking back
> rights with the other is not free. BSD/MIT/ISC licenses retain a very
> minimal set of rights to the original author(s), and give away
> everything else. Whatever the merits of ISC v. GPL, there's really no
> debate on which is more free.

Debate is inevitable: freedom is difficult to define. An individual's
concept of freedom depends on their priorities and ideals. There just
isn't one license that can meet everyone's requirements, or agree with
everyone's ideology.

The real value in these discussions for me lies in exploring what freedoms
each license protects, and how they enhance the public good. Even stepping
on each other's toes is good in a way: it means free speech is happening.

In the end, I see licenses as tools, not dogma. As such, I refuse to
be converted to either side. I can't be more even-handed than that.

-Ken

Re: Real men don't attack straw men

[Nick Guenther]

On Dec 11, 2007 2:55 PM, Josh Grosse <[EMAIL PROTECTED]> wrote:
> I have been reading this debate with interest, and am confused on one key
> point.
>
> RMS wrote:
>
> > Ututo and gNewSense have the policy not to include non-free programs,
> > not even in a ports system.
>
> According to http://www.gnewsense.org/Main/Features, "Universe enabled
> by default"
>
> Does selecting Ubuntu "Universe" category for packages include Main and
> Restricted?  If so, Restricted is non-free software, per
>
> http://www.ubuntu.com/community/ubuntustory/components

Um, that first link says "Restricted removed". So presumably they mean
gNewSense = Ubuntu.Universe - Ubuntu.Restricted

-Nick

Re: Real men don't attack straw men

[Darrin Chandler]

On Tue, Dec 11, 2007 at 02:41:27PM -0600, Ken Ismert wrote:
> Darrin Chandler wrote:
> 
> > Offering something to someone as "free" with one hand, while taking back
> > rights with the other is not free. BSD/MIT/ISC licenses retain a very
> > minimal set of rights to the original author(s), and give away
> > everything else. Whatever the merits of ISC v. GPL, there's really no
> > debate on which is more free.
> 
> Debate is inevitable: freedom is difficult to define. An individual's
> concept of freedom depends on their priorities and ideals. There just
> isn't one license that can meet everyone's requirements, or agree with
> everyone's ideology.

No, I'm not talking about "what Freedom means to me." Freedom isn't
difficult to define. Just look it up in a dictionary. BSD/MIT/ISC
licenses are more Free than GPL. There's nothing to debate about that.
It's just the way things are.

> The real value in these discussions for me lies in exploring what freedoms
> each license protects, and how they enhance the public good. Even stepping
> on each other's toes is good in a way: it means free speech is happening.

If you stop saying "free" and "freedoms" and find a more accurate word I
think your meaning will come through better.

> In the end, I see licenses as tools, not dogma. As such, I refuse to
> be converted to either side. I can't be more even-handed than that.

You are correct. They are tools, and should be used as such. After
having discussions with some people I have seen them *correctly* pick
GPL, since it has the effects they desire. And, I've also seen people
pick a BSD license even though they are GNU/Linux users. Good, in both
cases, since the license represented their views.

-- 
Darrin Chandler|  Phoenix BSD User Group  |  MetaBUG
[EMAIL PROTECTED]   |  http://phxbug.org/  |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

Re: Real men don't attack straw men

[William Boshuck]

On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote:
> OpenBSD is by far the most free OS in the landscape.  Everything that
> ships with it is free or else it won't be distributed with it.
> 
> Yes, that's what I was told.  I was also told that OpenBSD's ports
> system includes non-free programs.  Is that accurate too?

Strictly speaking, no.  If you unpack ports.tar.gz
you will find a bunch of makefiles, packing lists,
& c., all of which are free.  OpenBSD's ports system
depends on programs in the base system which are free.
On a modern UNIX-like operating system it possible,
even easy, to use free tools like awk, make, perl,
sh, and so on, directly or indirectly, to facilitate
the installation and maintenance of (free and non-free)
software.  Your asking the question indicates that you
might have done better to exclude OpenBSD from the
scope of your remarks.  When one does not know, the
most appropriate statement is 'I don't know.'

Loosely speaking, you can get away with saying
pretty much anything that suits you at the time.

Loosely speaking is the problem.

Re: Real men don't attack straw men

[Nick Guenther]

On Dec 11, 2007 3:21 PM, Karsten McMinn <[EMAIL PROTECTED]> wrote:
> On Dec 11, 2007 11:00 AM, Richard Stallman <[EMAIL PROTECTED]> wrote:
> >
> > My main basis for judging any distro is the policies it has adopted.
> >
> > Everyone makes mistakes, and well-intentioned people fix their
> > mistakes.  So if someone finds a non-free program in gNewSense, or in
> > OpenBSD, in violation of the distro's policies, that's no disaster.  I
> > trust the developers will remove it once they find out.
>
> So OpenBSD becomes non-free because we don't have a database column
> that labels stuff non-free, or a special folder for non-free packages?

It may be relevant to point out:
http://marc.info/?l=openbsd-misc&m=119731456628749&w=2
> > Having a way to sift out the non-free stuff during a search of the ports
> > tree would be useful.
>
> PERMIT_*=(not Yes)

The infrastructure is all there, it's just not emphasized.

-Nick

Re: Real men don't attack straw men

[RedShift]

Richard Stallman wrote:

It looks like some people are having a discussion in which they
construct views they would find outrageous, attribute them to me, and
then try to blame me for them.

For such purposes, knowledge of my actual views might be superfluous,
even inconvenient.  However, if anyone wants to know what I do think,
I've stated it in various articles in http://www.gnu.org/philosophy/.
In particular, see http://www.gnu.org/philosophy/freedom-or-power.html.

One question particularly relevant for this list is why I don't
recommend OpenBSD.  It is not about what the system allows.  (Any
general purpose system allows doing anything at all.)  It is about
what the system suggests to the user.

Since I consider non-free software to be unethical and antisocial, I
think it would be wrong for me to recommend it to others.  Therefore,
if a collection of software contains (or suggests installation of)
some non-free program, I do not recommend it.  The systems I recommend
are therefore those that do not contain (or suggest installation of)
non-free software.


From what I have heard, OpenBSD does not contain non-free software

(though I am not sure whether it contains any non-free firmware
blobs).  However, its ports system does suggest non-free programs, or
at least so I was told when I looked for some BSD variant that I could
recommend.  I therefore exercise my freedom of speech by not including
OpenBSD in the list of systems that I recommend to the public.

I could recommend OpenBSD privately with a clear conscience to someone
I know will not install those non-free programs, but it is rare that I
am asked for such recommendations, and I know of no practical reason
to prefer OpenBSD to gNewSense.

The fact that OpenBSD is not a variant of GNU is not ethically
important.  If OpenBSD did not suggest non-free programs, I would
recommend it along with the free GNU/Linux distros.





You've got too much time on your hands.

Re: Real men don't attack straw men

[Jason Beaudoin]

On Dec 11, 2007 2:00 PM, Richard Stallman <[EMAIL PROTECTED]> wrote:
> OpenBSD is by far the most free OS in the landscape.  Everything that
> ships with it is free or else it won't be distributed with it.
>
> Yes, that's what I was told.  I was also told that OpenBSD's ports
> system includes non-free programs.  Is that accurate too?
>
>   There is
> not a single open source OS out there that is more careful than OpenBSD
> on licensing, copyrights and frivolous patents.
>
> Maybe that is true, but it's not the issue I'm talking about.  I'm not
> a supporter of open source anyway; I fight for free software.
>
> Ututo and gNewSense have the policy not to include non-free programs,
> not even in a ports system.  Thus, they don't do anything that
> contradicts the philosophy of free software.  That's why I can
> recommend them.
>

While I completely understand this point of view - and (more
importantly) the motivation behind such decisions - what I am hearing
from you is that an individual's (or project's) actions in fighting
*against* proprietary and the closed-source mentality (whether it's a
blob, no documentation, not considering NDA's etc..) is *less*
important than whether or not users are allowed the *freedom* to add
in software, that might possibly not follow these other goals..

This I simply don't understand.

We are fighting for the same thing.

And you cast the OpenBSD project out because there are users that
invest the effort to provide other users ports that may or may not
follow the *projects* goals and work?

Mr. Stallman, it is with great respect that I say these things, as I
believe your noble efforts in these areas are commendable and have had
a great influence on our communities, but I do not understand the
discrepancies here.

> Unlinke linux OpenBSD does not contain proprietary firmware blobs in the
> distribution.
>
> Torvalds' version of Linux is not free software, for this reason.
> Ututo and gNewSense include a version of Linux which remove the
> firmware blobs, in order to make it free software.
>
>

that's awesome, can users add these back in if they choose? is your
project worthless because of these users 'actions?


kind regards,
Jason

Re: Real men don't attack straw men

[STeve Andre']

On Tuesday 11 December 2007 14:00:43 Richard Stallman wrote:
> Why don't you ask Theo, whom you once praised, about OpenBSD?
>
> Because he tends to be unfriendly.

Now *that* I find humorous.

I find it Kafka-esque, your inability to reccomend OpenBSD because
of some "unfree" items in the ports tree.  Effectively you are taking
away the right of people to choose the software they wish to use.

Your definition of free is replete with chains; you would deny the
freedom of choice in the name of freedom.

That is bizarre.

--STeve Andre'

Re: Real men don't attack straw men

[Theo de Raadt]

> On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote:
> > OpenBSD is by far the most free OS in the landscape.  Everything that
> > ships with it is free or else it won't be distributed with it.
> > 
> > Yes, that's what I was told.  I was also told that OpenBSD's ports
> > system includes non-free programs.  Is that accurate too?
> 
> Strictly speaking, no.  If you unpack ports.tar.gz
> you will find a bunch of makefiles, packing lists,
> & c., all of which are free.  OpenBSD's ports system
> depends on programs in the base system which are free.
> On a modern UNIX-like operating system it possible,
> even easy, to use free tools like awk, make, perl,
> sh, and so on, directly or indirectly, to facilitate
> the installation and maintenance of (free and non-free)
> software.  Your asking the question indicates that you
> might have done better to exclude OpenBSD from the
> scope of your remarks.  When one does not know, the
> most appropriate statement is 'I don't know.'
> 
> Loosely speaking, you can get away with saying
> pretty much anything that suits you at the time.
> 
> Loosely speaking is the problem.

William is right.

The OpenBSD ports tree is just a scaffold, and that scaffold is 100%
free.  It contains no non-free parts.

It contains URL's to non-free software, and free Makefiles that
knows how to build that non-free software.   But the entire ports
tree has no non-free software in it at all.

Does that make it non-free?

Are all operating systems non-free then, because they can be used
to write free Makefiles which compile non-free software?

Richard -- you spoke out of line.  You are wrong.

Re: Real men don't attack straw men

[Ryan Corder]

I'm a very happy user of both OpenBSD and GNU/Linux systems, but what
I don't get is,  how is limiting a users choice in what he/she runs on
his/her system more free than one that doesn't?

Absolute freedom is to be able to do whatever the hell you want to
with no limitations placed on you whatsoever.  By this definition,
public domain is the only truly free "license".

I understand and appreciate the "freedom" that is defined by both the
BSD and GPL licenses; that of ensuring the authors continual right of
ownership.  However, in terms of true freedom, both have limitations in
place.

Not that I disagree with the limitations they have, in fact I support
them both as the current systems in place require the need to protect
your original copyright.  It's Utopian for me to think this, but in an
ideal setting, there would be no need for any licesnes and everything
would be available in the public domain.  But since we are arguing about
which license ensures more freedom, I think they both fall short of
what it actually means to be free.

Re: Real men don't attack straw men

[Ken Ismert]

Darrin Chandler wrote:
> ... BSD/MIT/ISC licenses are more Free than GPL. There's nothing
> to debate about that. It's just the way things are ...

I don't doubt your claims one iota. But in saying that, don't
believe you have convinced me that the other side somehow has
less valid claims.

And yes, that's inconsistent. Maybe it's because of growing older,
world-weariness, or just plain mental inferiority, but I have
come to a place where I realize I hold some inconsistent and
contradictory views, and I've found that I'm OK with that.

In this case, it's just pragmatic: I want both licenses, and
argument seems pointless.

-Ken

Re: Real men don't attack straw men

[RedShift]

Richard Stallman wrote:

OpenBSD is by far the most free OS in the landscape.  Everything that
ships with it is free or else it won't be distributed with it.

Yes, that's what I was told.  I was also told that OpenBSD's ports
system includes non-free programs.  Is that accurate too?

  There is
not a single open source OS out there that is more careful than OpenBSD
on licensing, copyrights and frivolous patents.

Maybe that is true, but it's not the issue I'm talking about.  I'm not
a supporter of open source anyway; I fight for free software.

Ututo and gNewSense have the policy not to include non-free programs,
not even in a ports system.  Thus, they don't do anything that
contradicts the philosophy of free software.  That's why I can
recommend them.

Unlinke linux OpenBSD does not contain proprietary firmware blobs in the
distribution.

Torvalds' version of Linux is not free software, for this reason.
Ututo and gNewSense include a version of Linux which remove the
firmware blobs, in order to make it free software.





Where's the freedom in not being able to use (under your definition of 
non-free software) non-free or otherwise "restricted" software?


Freedom is about being free to make your own choice, no matter what the 
content of that choice is. Even if that choice inhibits freedom.


Glenn

Re: Real men don't attack straw men

[Steve Shockley]

Richard Stallman wrote:

ISTR LAME is free software, but I will double-check.


The source code of LAME is licensed under the LGPL; however, the mp3 
format itself is patented and restricted.  Further reading:


http://www.mp3-tech.org/patents.html
http://www.mp3licensing.com/help/developers.html

In short, the patents don't affect what you can do with the source code, 
they affect what you can do with the program after you compile it.  So, 
you can modify, compile and distribute the program all you want, but if 
you actually execute the program you need a patent license.  I suppose 
that could be considered Free Software, with a very narrow definition of 
Free.



What is the license of Unrar?  I will try to access that page, but I
cannot access an https page except by asking someone to get it for me.
I will see if it works with plain http:.


Unfortuately, several of the sites linked from the FSF page require 
viewing using their self-signed SSL cert for some reason.


From license.txt in the unrar source archive:
-
The UnRAR sources may be used in any software to handle RAR archives 
without limitations free of charge, but cannot be used to re-create the 
RAR compression algorithm, which is proprietary.

-

That seems to run completely counter to the ideals of the GPL, but I 
suppose you're the expert.



On the other hand, if a distro's policies say something is allowed,
then it isn't a mistake, and I can't expect it to be fixed.  That's
what gives me stronger concern.  The presence of non-free programs
in the OpenBSD ports system is not a mistake, it's intentional.


I'm not sure I see how this is an issue.  With gNewSense, I can point to 
the Debian/Ubuntu repositories and install unfree software binaries. 
With OpenBSD, to run unfree software I need to check out the Ports tree, 
find the package I want to run, compile it, and install it.  (Note the 
distinction between Ports, which contains all the third-party software, 
and Packages, which contains only Free software.)


So, it would seem that (barring human error) the primary philosophical 
difference between the packaging systems of OpenBSD and gNewSense is 
that gNewSense tries to prevent you from seeing any packages they 
consider non-Free, while OpenBSD directly provides only Free software 
(Packages) but gives the user a choice of installing any software 
(Ports).  So, from my point of view, OpenBSD provides the user with more 
freedom by not imposing artificial restrictions.  After all, this 
removes "the overhead of considering who owns the system software and 
what one is or is not entitled to do with it"[1].  Do you disagree?



[1] http://www.gnu.org/gnu/manifesto.html, "Why All Computer Users Will 
Benefit"

Re: Real men don't attack straw men

[Steve Shockley]

Richard Stallman wrote:

Why don't you ask Theo, whom you once praised, about OpenBSD?

Because he tends to be unfriendly.


Interestingly enough, if you specified that as the reason you recommend 
against using OpenBSD, this thread would have been a lot shorter. 
Somehow I think Theo is more interested in writing code and changing the 
world than making friends.  Personally, I think he's made the right choice.

Re: HUAWEI not recognized properly (3 modem)

[ttw+bsd]

On 11.12-16:11, Stuart Henderson wrote:
> On 2007/12/11 16:13, Markus Bergkvist wrote:
> > I borrowed a HUAWEI modem just to see how it is recognized.
> > With umass enabled it is recognized as a CD. Disabling umass and it is 
> > found as ugen.
> > From this thread http://marc.info/?l=openbsd-misc&m=118468178731619&w=2 I 
> > figured it should have been recognized as ubsa. Any suggestions?
> 
> I was wrong with ubsa, it looks like it should actually be umsm,
> but the device needs poking with a USB command before it switches
> off the umass-based Windows driver CD, and turns on the other
> interfaces (the AT-compatible modem-like interface, and the
> control interface).
> 
> I'm not aware of it being supported yet.

with my version of this device it *appears* to timeout to the modem
interface if it is inserted during boot.  i won't go into the reasons
as to why i believe that, suffice to say they're thin in evidence
but it'd suggest you try forcing a rescan of the device after a
couple of minutes (assuming the umass interface hasn't been tickled,
activating it).

Re: : rouge IPs / user

[knitti]

On 12/11/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
[... snipped away a lot ...]
> There is a lots that can be done, however, when you reach this level, an
> answer doesn't fit all and is really dependent on your setup.
>
> Hope this help answering your question.

It's not me having the problem, but I desire to understand it. AFAIK
HTTP keep alives have nothing to do with it. If the socket is in
CLOSE_WAIT, the TCP connection can't be reused, the server
has sent its FIN and the client its FIN/ACK, but the server doesn't
have yet sent its final ACK.
I can imagine some possibilites why this happens (some might
not be valid due to my lack of knowledge):
- the server didn't clean up its socket, so it stays there until the
process dies eventually
- the server does this to keep its socket (that I don't know: can
a socket be reused on any state?)


btw: I might be going off topic here, but I think it applies to
OpenBSDs httpd. I won't sent any further mail to this thread
you tell me to shut up.

--knitti

Re: setxkbmap kills X

[Louis V. Lambrecht]

Try this

ln -s /etc/X11/xkb /usr/X11R6/lib/X11/xkb

Pau Amaro-Seoane wrote:

Hi,

as you can read in the subject, running e.g. setxkbmap us will kill X totally.

I don't see any core dumped or similar.

What can be the problem?

Here you are my dmesg (an "zzz" froze the laptop and I had to power it
off) and xorg.conf

But X crashed also when not using an xorg.conf (i.e., running it "on the fly)

-

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1700MHz ("GenuineIntel"
686-class) 1.70 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2
real mem  = 2146398208 (2046MB)
avail mem = 2067853312 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/20/05, BIOS32 rev. 0 @
0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries)
bios0: vendor IBM version "1RETDIWW (3.14 )" date 01/20/2005
bios0: IBM 23739FU
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #6 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000
0xdc000/0x4000! 0xe/0x1
cpu0 at mainbus0
cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200,
1000, 800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82855PE Hub" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82855PE AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility M9 Lf" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 "Intel 82801DB USB" rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801DB USB" rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801DB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801DB USB" rev 0x01: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0x81
pci2 at ppb1 bus 2
cbb0 at pci2 dev 0 function 0 "TI PCI4520 CardBus" rev 0x01: irq 11
cbb1 at pci2 dev 0 function 1 "TI PCI4520 CardBus" rev 0x01: irq 11
em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82540EP)" rev 0x03:
irq 11, address 00:0d:60:89:7a:4d
ath0 at pci2 dev 2 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 11
ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR1W, address 00:05:4e:42:ea:6b
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0
pcmcia1 at cardslot1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801DBM LPC" rev 0x01:
24-bit timer at 3579545Hz
pciide0 at pci0 dev 31 function 1 "Intel 82801DBM IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801DB SMBus" rev 0x01: irq 11
iic0 at ichiic0
auich0 at pci0 dev 31 function 5 "Intel 82801DB AC97" rev 0x01: irq
11, ICH4 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
"Intel 82801DB Modem" rev 0x01 at pci0 dev 31 function 6 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt2 at isa0 port 0x3bc/4: polled
aps0 at isa0 port 0x1600/31
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask effd netmask effd ttymask 
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a swap on wd0b dump on 

Re: : rouge IPs / user

[Daniel Ouellet]

knitti wrote:

On 12/11/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
[... snipped away a lot ...]

There is a lots that can be done, however, when you reach this level, an
answer doesn't fit all and is really dependent on your setup.

Hope this help answering your question.


It's not me having the problem, but I desire to understand it. AFAIK


I understand that, but you did asked a valid question on the state of 
the socket connection and I tried to answer that. If wasn't directed to 
the previous guy that can't search on Google and asked advise but refuse 
very valid answer. Sorry if you fell I confuse the two, but I didn't. 
May not have been obvious in my writing however.



HTTP keep alives have nothing to do with it. If the socket is in
CLOSE_WAIT, the TCP connection can't be reused, the server
has sent its FIN and the client its FIN/ACK, but the server doesn't
have yet sent its final ACK.


Well actually it does under normal operation. See, if you get a 
connection from a user and have keep alive setup. The socket will stay 
open to speed up the next request from the same users without having to 
establish a new connection, reusing the same socket for speed, but at 
the same time keeping that socket open and not ready to close yet for 
the next users. So, you see, if you have longer keep alive setup in 
httpd, you will reach the CLOSE_WAIT later on instead of sooner if you 
have shorter keep alive setup. See what I explain, may be not as well as 
I would like is the impact of PF and httpd together as well as the 
net.inet.tcp.xxx in sysctl setup. They all interact together in some 
ways and as such I also said it wasn't something to take isolated of one 
an other.


Just as an example. If you put keep alive to 2 minutes instead of 15 
seconds default as an example, you will use much more sockets and you 
will end up running out of socket possibly, all depend on traffic obviously.


Now if keep alive from httpd is the only responsible party for having 
socket in CLOSE_WAIT, no it is not. But it does play a role in there as 
well into making more or less of them available.


What's important here is that the maximum number of TCP/IP sockets in 
the CLOSE_WAIT state can not exceed the maximum number allowed TCP/IP 
sockets from the Web server or in here the httpd.


netstat -an can show you the state of the various sockets, or more 
limited display


netstat -an | grep WAIT


I can imagine some possibilites why this happens (some might
not be valid due to my lack of knowledge):
- the server didn't clean up its socket, so it stays there until the
process dies eventually


It will clean it up eventually, or may be force with some directive in 
httpd about the usage, I can't recall right this instant and I would 
need to look. I may confuse two things as well here, but it might be 
possible to do it. Not sure. I wonder if the net.inet.tcp.keepidle, or 
something similar wouldn't actually affect it here. I would think so, 
but I could be wrong.


I think the CLOSE_WAIT state and time is a function of the OS stack, not 
the application itself, in this case httpd. I could be wrong here and I 
would love for someone to correct that for me if I do not understand 
that properly. But my understanding is this is control by the OS, not 
the application itself, other then the keep alive obviously in this case.



- the server does this to keep its socket (that I don't know: can
a socket be reused on any state?)


No, it can't. See above. You are limited by the MaxSpareServers 
directive in httpd anyway as far as the www is concern here. You sure 
can increase that from the maximum default of 256 if you recompile it 
and changed it in the include file, but again, should only be done on 
very busy servers.



btw: I might be going off topic here, but I think it applies to
OpenBSDs httpd. I won't sent any further mail to this thread
you tell me to shut up.


I didn't do such thing. The original poster however should/may take the 
advice, or drop it. (;>


I actually find it interesting, not the original subject, but where it 
was/is going.


Daniel

Re: Real men don't attack straw men

[Jacob Meuser]

On Tue, Dec 11, 2007 at 01:49:19PM -0700, Jack J. Woehr wrote:
> mcb, inc. wrote:
> >Watching the latest flame war, I can't help thinking that as
> >founders of their respective projects Theo and RMS are trapped
> >in a jail of rigid consistency and absolutism demanded by
> >children and utopians.
> Well, yes and no.
> 
> Theo's absolutism has kept OpenBSD pretty much the last
> blob-free OS in the Free Software world.
> 
> RMS's absolutism has kept alive an ideal that launched
> the mainstream open source movement.

his absolutism also causes people to see BSD as a "problem", a
"social failure".

> So it's not non-functional. It's emotionally hard on the
> individuals concerned, and often emotionally hard on
> us who bask in the reflected glow of these geniuses :-).
> But it  all seems to work out in practice. Has for a cuple
> of decades now, give or take a few years.

recently we saw theft of BSD to GPL, and a large part of the
GPL community thinks there's no problem with that, that the
BSD community is being "petty" to make an issue out of it.

and all stallman says about it is basically, "I am not familiar
with the situation, leave me alone."

I would like to see more cooperation between the free software
developers.

but IMO, stallman is the one being far more unfriendly and
uncooperative.  of course stallman is not directly responsible
for the actions of the GPL community.  but his opinions do wield
power.  didn't this whole thread start because of his opinions
and recommendations?

now stallman won't talk to theo, because theo is unabashed in
stating his opinions?  just look at the thread.  between theo
and stallman, who posted the most words, and who gave less
misinformation/slant?

in much fewer words:  the gutless politician attempted to use his
influence to snub and smear his opponent.  when fallacies in his
campaign were brought to light, he accused his opponent of being
unfriendly.

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Real men don't attack straw men

[Richard Stallman]

> I think it would be wrong for me to recommend it to others.  Therefore,
> if a collection of software contains (or suggests installation of)
> some non-free program, I do not recommend it.  The systems I recommend
> are therefore those that do not contain (or suggest installation of)
> non-free software.

Therefore, you don't recommend linux. Oh wait ...

I don't recommend Torvalds' version of Linux.  The versions of Linux
in Ututo and gNewSense, which I recommend, do not have the blobs.

> However, its ports
> system does suggest non-free programs,

No it doesn't "suggest" non-free programs in any way;
it just makes it possible and easy to install them.

Including a program by name in the ports system does suggest using
that program.  It grants the program a sort of legitimacy, and that
is what I am opposed to.

You may have a different interpretation of these facts.
That's my interpretation of them.

Re: Real men don't attack straw men

[Rui Miguel Silva Seabra]

On Tue, Dec 11, 2007 at 04:49:34PM -0500, STeve Andre' wrote:
> On Tuesday 11 December 2007 14:00:43 Richard Stallman wrote:
> > Why don't you ask Theo, whom you once praised, about OpenBSD?
> >
> > Because he tends to be unfriendly.
> 
> Now *that* I find humorous.
> 
> I find it Kafka-esque, your inability to reccomend OpenBSD because
> of some "unfree" items in the ports tree.  Effectively you are taking
> away the right of people to choose the software they wish to use.

It is me, who finds it humurous that you consider a recommendation as
taking away the right of people choosing the software they wish to use.

If I recommend you not to jump into a well, am I taking your liberty to
jump into it? It would be quite funny to see how bits & bytes, my only
interaction with you, could ever prevent you from a refreshing bath :)

> Your definition of free is replete with chains; you would deny the
> freedom of choice in the name of freedom.

That is bizarre...

Rui

-- 
All Hail Discordia!
Today is Setting Orange, the 53rd day of The Aftermath in the YOLD 3173
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Re: Real men don't attack straw men

[Jack J. Woehr]

Jacob Meuser wrote:

his absolutism also causes people to see BSD as a "problem", a
"social failure".
  

In everything, there is light and dark, interwoven :-)

recently we saw theft of BSD to GPL, and a large part of the
GPL community thinks there's no problem with that, that the
BSD community is being "petty" to make an issue out of it.
  

Well, sue 'em, if it's so. But no point in sulking. Like the ENTIRE
PROGRAMMING COMMUNITY, we're a bunch of cantankerous,
contentious, contumacious perfectionists.

Stallman and Theo especially. And you, too. And me.

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Real men don't attack straw men

[ropers]

> > On Tue, Dec 11, 2007 at 02:00:14PM -0500, Richard Stallman wrote:
> > > OpenBSD is by far the most free OS in the landscape.  Everything that
> > > ships with it is free or else it won't be distributed with it.
> > >
> > > Yes, that's what I was told.  I was also told that OpenBSD's ports
> > > system includes non-free programs.  Is that accurate too?

> William Boshuck wrote:
> > Strictly speaking, no.  If you unpack ports.tar.gz
> > you will find a bunch of makefiles, packing lists,
> > & c., all of which are free.  OpenBSD's ports system
> > depends on programs in the base system which are free.
> > On a modern UNIX-like operating system it possible,
> > even easy, to use free tools like awk, make, perl,
> > sh, and so on, directly or indirectly, to facilitate
> > the installation and maintenance of (free and non-free)
> > software.

On 11/12/2007, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> William is right.
>
> The OpenBSD ports tree is just a scaffold, and that scaffold is 100%
> free.  It contains no non-free parts.
>
> It contains URL's to non-free software, and free Makefiles that
> knows how to build that non-free software.   But the entire ports
> tree has no non-free software in it at all.
>
> Does that make it non-free?

I would like to ask Richard a question. It may seem off-topic, but it isn't:

Do you believe that The Pirate Bay is guilty of copyright infringement?

In case you're not familiar, The Pirate Bay ( http://thepiratebay.org/
, http://en.wikipedia.org/wiki/The_Pirate_Bay ) is a Swedish website
that offers users the opportunity to upload metadata files that
contain information about where and how data files can be downloaded.
It also allows users to download the metadata files that users have
uploaded. Some users (possibly even a large number) use this service
to upload metadata files that contain info that can be used to obtain
copyrighted material, possibly without the copyright holder's
permission.

This is IMHO very similar to the way the OpenBSD ports system is
related to unfree software:
- The unfree software is not hosted by OpenBSD. The ports tree
effectively only contains metadata.
- The individual ports in the ports system are maintained by
(advanced) OpenBSD users. The inclusion of a port that users chose to
submit and maintain does not imply an endorsement of the (possibly
unfree) software that can be installed using the port metadata.
- The use of the ports system is officially *discouraged* for average
users. Average  Joes are encouraged to *not* use ports but use OpenBSD
_packages_ instead, which are precompiled binaries which are hosted by
OpenBSD. ( See "IMPORTANT NOTE" here:
http://www.openbsd.org/faq/faq15.html#Ports ) There are no unfree
packages. See for yourself: (caution: very long page and long load)
http://www.openbsd.org/4.2_packages/i386.html
- Unlike the Pirate Bay, the OpenBSD ports system does itself
distinguish between free and unfree content. See this comment by Nick
Guenther:
> It may be relevant to point out:
> http://marc.info/?l=openbsd-misc&m=119731456628749&w=2
> > Having a way to sift out the non-free stuff during a search of the ports
> > tree would be useful.
>
> PERMIT_*=(not Yes)

In addition, it is *considerably harder* to install unfree software on
OpenBSD than on gNewSense. This eg. is what installing Skype entails:
http://permalink.gmane.org/gmane.os.bsd.india/352
On gNewSense, it is *much* easier to install Skype. Just add an unfree
repository to /etc/apt/sources.list and type a one-line command to
install. I don't know for sure, but I suspect that gNewSense will not
warn a user who does that that they are installing unfree software, so
why expect more from OpenBSD?

Richard, I you wrote:
> If OpenBSD did not suggest non-free programs, I would
> recommend it along with the free GNU/Linux distros.

I suspect that your skepticism of OpenBSD stems from yourself being
unfamiliar with the OpenBSD packages and ports system and not aware
that the OpenBSD project does not in fact host unfree packages (and
that ports for unfree programs such as users have submitted only
contain metadata).

In summary, I strongly feel that OpenBSD in fact does *not* suggest
non-free programs. Despite the heated and sometimes personal nature of
this thread, I think the honorable thing to do would be to be the
bigger man and acknowledge the misunderstandings and make good on your
offer to recommend OpenBSD.

Thanks and regards,
--ropers

Re: Real men don't attack straw men

[Jason Dixon]

On Dec 11, 2007, at 6:56 PM, Richard Stallman wrote:


Including a program by name in the ports system does suggest using
that program.  It grants the program a sort of legitimacy, and that
is what I am opposed to.



Where is your line in the sand?  When does an operating system become  
free by your interpretation?  When non-free ports frameworks are  
hosted outside the official OpenBSD cvs repository?  On a server not  
owned by the OpenBSD project?  What if I want to host it on my own  
server, but I also happen to be an OpenBSD developer?  When does the  
disassociation satisfy your unpublished requirements?


Your interpretation is vague and self-serving.

---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: : rouge IPs / user

[knitti]

On 12/12/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
> knitti wrote:
> > HTTP keep alives have nothing to do with it. If the socket is in
> > CLOSE_WAIT, the TCP connection can't be reused, the server
> > has sent its FIN and the client its FIN/ACK, but the server doesn't
> > have yet sent its final ACK.
>
> Well actually it does under normal operation. See, if you get a
> connection from a user and have keep alive setup. The socket will stay
> open to speed up the next request from the same users without having to
> establish a new connection, reusing the same socket for speed, but at
> the same time keeping that socket open and not ready to close yet for
> the next users. So, you see, if you have longer keep alive setup in
> httpd, you will reach the CLOSE_WAIT later on instead of sooner if you
> have shorter keep alive setup. See what I explain, may be not as well as
> I would like is the impact of PF and httpd together as well as the
> net.inet.tcp.xxx in sysctl setup. They all interact together in some
> ways and as such I also said it wasn't something to take isolated of one
> an other.
[...]
> I think the CLOSE_WAIT state and time is a function of the OS stack, not
> the application itself, in this case httpd. I could be wrong here and I
> would love for someone to correct that for me if I do not understand
> that properly. But my understanding is this is control by the OS, not
> the application itself, other then the keep alive obviously in this case.
>

you tell me that there is some correlation between HTTP keep alives and
a socket ending up in CLOSE_WAIT for some time. That is the practical
observation. But I'm interested in whether this is by design or not.
RFC 2616 doesn't mention implementation details, and I can't see why
the socket implementation (OS) would want to keep a socket in
CLOSE_WAIT for some time (not sending a final ACK).

> > btw: I might be going off topic here, but I think it applies to
> > OpenBSDs httpd. I won't sent any further mail to this thread
> > you tell me to shut up.
>
> I didn't do such thing. The original poster however should/may take the
> advice, or drop it. (;>

sorry for the confusion, I forgot to write an "if" after "thread"

--knitti

Re: : rouge IPs / user

[Daniel Ouellet]

knitti wrote:

you tell me that there is some correlation between HTTP keep alives and
a socket ending up in CLOSE_WAIT for some time. That is the practical
observation. But I'm interested in whether this is by design or not.
RFC 2616 doesn't mention implementation details, and I can't see why
the socket implementation (OS) would want to keep a socket in
CLOSE_WAIT for some time (not sending a final ACK).


No. I am saying that there is a direct relation between the socket not 
being available to reach that state and the value assigned to keep alive 
making it take more time to reach the CLOSE_WAIT state and as such 
reducing the number of sockets you can use and as a side effect of this, 
limiting the number of users httpd can handle.


As to the second part of that question, meaning "after it reach the 
CLOSE_WAIT", how long it stay in it? I think, and that's where my 
knowledge and understanding is lacking some, that it is at that point an 
OS part and as such may be able to be adjusted by some OS variable, not 
applications one at that time.


See, the difference is creation, usage and destruction of sockets are an 
application function, but all the signaling of it and handling of it is 
an OS function. At a minimum, that's how I understand it and as such 
when you reach the CLOSE_WAIT state, that's not under the application 
layer control anymore, but the OS and as such can be helped by OS changes.


I may be wrong here and if so, I would love for someone to correct that 
for me, but that's how I understand it.


The creation, usage and closing of the socket itself is application 
related, but the signaling, etc is a function of the TCP/IP stack under 
the OS control, and this 'CLOSE_WAIT' state is in the TCP/IP stack 
control and as such not an application issue, but an OS control factor 
that may be helped some and only if needed under heavy traffic as other 
wise the default as good as is.


I hope this makes it more clear, for my own understanding, or lack there 
of, of it anyway.


May be I make a foul of myself here (wouldn't be the first time and I 
only learn by extending myself out and learn from my mistakes), but that 
what I understand is, thinking about it now.


So, that's why I pointed the three parts that would/could help in this case.

Best,

Daniel