Re: Backup disk over USB good idea??
On Fri, Dec 18, 2009 at 12:31 AM, Mauro Rezzonico wrote: > Joakim Aronius wrote: >> >> I have an old home server which ran out of disk space > >> I added a big disk over USB which I use for >> backup (mounted on /backup). > > Well don't do that! > > Mount under /usr/backup, or /var/backup, or /tmp/backup or whatever! > can you please enlighten me on why that's a bad thing? -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
[Programme TV] Vendredi 18 Décembre 2009
Si ce message ne s'affiche pas correctement, voir ici Ajoutez tele-lois...@ml.tv-news.fr ` votre carnet d'adresses pour recevoir vos programmes plus facilement Programme-TV.net - TC)lC) Loisirs Votre programme TV Vend redi 18 DC)cembre 2009 DC)couvrez immC)diatement si vous avez gagnC) ICI! [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] [IMAGE] *Consulter le rC(glement Jeu gratuit sans obligation d'achat. Photos non contractuelles. ConformC)ment C la loi B+ informatique et libertC)s B; du 6 janvier 1978, vous pouvez C tout moment demander C accC)der, faire rectifier ou supprimer les informations personnelles vous concernant ou vous opposer C leur traitement par Sofinco. Les logos ou les marques reprC)sentC)s sont la propriC)tC) de leurs titulaires respectifs. Tout droit rC)servC). [IMAGE] A la une Pernaut attaqui par des boules de neige ! (VIDEO) Pernaut attaqui par des boules de neige ! (VIDEO) Azap (W9) : Des imissions spiciales ! Azap (W9) : Des imissions spiciales ! Susan Boyle : M6 vous a trompis ! (Incroyable Talent) Susan Boyle : M6 vous a trompis ! (Incroyable Talent) Les Guignols : Guerre Le Figaro-Canal + Les Guignols : Guerre Le Figaro-Canal + plus de news... Vidio du jour Smaon (Incroyable Talent) Interview de Smaon, juri de l'imission La France a un incroyable talent (M6). Vos programmes TF1 Le grand duel des ginirations 20h45 Le grand duel des... divertissement Sans aucun doute 23h15 Sans aucun doute culture-infos France 2 Juste un peu d'@mour 20h35 Juste un peu d'@mour divertissement Central nuit 22h10 Central nuit series-tv France 3 Thalassa 20h35 Thalassa culture-infos Vie privie, vie publique, l'hebdo 23h00 Vie privie, vie... culture-infos Canal+ Ratatouille 20h50 Ratatouille jeunesse Spicial investigation 22h40 Spicial investigation culture-infos Arte Le retour de Jack l'iventreur 20h45 Le retour de Jack... series-tv Tracks 23h05 Tracks divertissement M6 NCIS : enqujtes spiciales 20h40 NCIS : enqujtes... series-tv Sons of Anarchy 23h05 Sons of Anarchy series-tv Vos programmes TNT France 4 La route du rire 20h35 La route du rire divertissement FBI : portis disparus 22h40 FBI : portis disparus series-tv France 5 Empreintes 20h35 Empreintes culture-infos Cafi Picouly 21h35 Cafi Picouly divertissement Direct 8 L'icole des stars 20h40 L'icole des stars divertissement Les perles du net 22h45 Les perles du net divertissement W9 Enqujte d'action 20h35 Enqujte d'action culture-infos Enqujte d'action 23h15 Enqujte d'action culture-infos TMC Une femme d'honneur 20h40 Une femme d'honneur divertissement Une femme d'honneur 22h15 Une femme d'honneur divertissement NT1 Mission sauvage 20h35 Mission sauvage culture-infos Catch Attack 22h35 Catch Attack sport NRJ 12 Voyage au centre de la terre 20h35 Voyage au centre de la terre divertissement La nuit nous appartient 23h45 La nuit nous appartient divertissement La Channe Parlementaire / Public Sinat Entre les lignes 19h30 Entre les lignes culture-infos Un monde de bulles 23h00 Un monde de bulles divertissement Virgin 17 L'nle de la tentation US (Saison 3) 20h35 L'nle de la... divertissement Touche pas ` mon fils ! (Saison 1) 23h05 Touche pas ` mon... divertissement Gulli Les petits ginies des affaires 20h35 Les petits ginies... jeunesse Gulli Mag 22h30 Gulli Mag culture-infos France T Zandoli pa tini pat 20h35 Zandoli pa tini pat divertissement 9 semaines et 1 jour 22h00 9 semaines et 1 jour divertissement Faites des ECONOMIES en 2009 [IMAGE] BlC)dina vous couvre de cadeaux ! ici [IMAGE] DC)couvrez immC)diatement si vous avez gagnC) 1000 b, ! ici [IMAGE] Gagnez une semaine de vacances au ski A VIE ici [IMAGE] Vous avez C)tC) sC)lectionnC)(e) pour gagner 3 bagues diamants ici [IMAGE] Offrez C bC)bC), son 1er shopping d'une valeur de 1000 euros ici [IMAGE] "Devenez propriC)taire de votre vignoble" : vos bouteilles C votre nom ! ici [IMAGE] Etes-vous le gagnant des 2 000 euros offert par Cdiscount ? ici [IMAGE] Remportez 10 000 euros grC"ce C la Redoute ici [IMAGE] Remportez des sC)jours dC)tente 4* en Espagne et bien d'autres cadeaux ici [IMAGE] Faites le plein de cadeaux pour vos vacances d'hiver ! ici [IMAGE] OpC)ration 100 % remboursC) ! ici [IMAGE] DC)couvrez immC)diatement si vous avez gagnC) les 5 000 euros CASH ! ici [IMAGE] DC)fiez vos amis au Trivial Pursuit ! Serez vous le meilleur ? ici [IMAGE] BOSCH vous offre l'appareil C)lectromC)nager de votre choix ! ici [IMAGE] Gagnez un voyage aux Seychelles ! ici [IMAGE] TC)lC)chargez GRATUITEMENT et LEGALEMENT vos chansons prC)fC)rC)es ici [IMAGE] Gagnez 1 an de Dentastix pour votre chien ici Besoin de vacances ? Ne les payez pas ! Gagnez les ! ici [IMAGE] Repartez avec UN AN DE SALAIRE en poche ! ici [IMAGE] Venez remporter votre voyage en RC)p Dom ! ici [IMAGE] Remport
Root file system is growing strangely
Hello list. I`ve set up a little bash script to tell me when some file system is over 95% full and after a month I got a mail about my root file system ( / ) after log in I sow that the root file system is over 100%. That is fine I tried to do a search for big and nasty files and so on but after a hour magically the file system was at 20%. That got me very worried about any security issue, but nothing was missing and so on. The issue is that the file system continues to grow about a 2 presents a day, which is strange. Here is some output: Filesystem SizeUsed Avail Capacity Mounted on /dev/wd0a 1005M251M704M26%/ /dev/wd0k 46.7G 26.0K 44.4G 0%/home /dev/wd0d 3.9G8.0K3.7G 0%/tmp /dev/wd0f 2.0G615M1.3G32%/usr /dev/wd0g 1005M145M809M15%/usr/X11R6 /dev/wd0h 5.4G206M5.0G 4%/usr/local /dev/wd0i 2.0G619M1.3G32%/usr/src /dev/wd0e 8.9G585M7.8G 7%/var /dev/wd0j 2.0G961M951M50%/usr/obj /dev/wd1a 295G562M280G 0%/storage/storages /dev/wd1b 110G 20.7G 83.7G20%/storage/windows r...@sgate:/root# find / -xdev -size +1000 -type f | xargs ls -laSh -rwxr-xr-x 1 root wheel 6.9M Nov 25 16:39 /bsd -rw-r--r-- 1 root wheel 6.9M Nov 25 14:16 /obsd -rw-r--r-- 1 root wheel 5.8M Nov 25 14:16 /bsd.rd -r-xr-xr-x 1 root bin 1.2M Dec 7 15:05 /sbin/isakmpd -r--r--r-- 1 root bin 526K Dec 7 15:06 /etc/magic r...@sgate:/root# find / -xdev -mtime -1 -type f | xargs ls -laSh -rw--- 1 root wheel 2.0K Dec 18 03:09 /etc/pf.conf -rw-r--r-- 1 root wheel 507B Dec 18 03:08 /etc/hosts -rw-r--r-- 1 root wheel 0B Dec 18 02:49 /etc/resolv.conf The other strange thing is that I`ve set up the /etc/daily root backup and here is the compare between two discs: /dev/wd1d 1005M 42.2M912M 4%/altroot /dev/wd0a 1005M251M704M26%/ since /altroot is exact dd copy of / isn`t they at the same size? Thank you for your time Best regards.
Re: vi in /bin
On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne wrote: > On 18/12/2009, at 1:26 PM, Raymond Lillard wrote: >> >> Real men use cat. :-) > > real men use COPY CON PROGRAM.EXE real men use EDIT/TECO.
Re: vi in /bin
I just compiled mg statically and put it in /bin, which is rather simple: Add 'LDFLAGS+=-static' somewhere in the makefile with your favourite editor. And then run: $ make $ strip mg $ ldd mg $ ls -l mg $ sudo install mg /bin/mg 400kb! that barely larger than a dynamic vi :-) # Han
Re: vi in /bin
On 18/12/2009, at 7:09 PM, Chris Bennett wrote: Brad Tilley wrote: On Thu, 17 Dec 2009 17:12 -0800, "Randal L. Schwartz" wrote: Just out of curiosity, my "emergencies" usually involve having to edit /etc/fstab that has entries that no longer apply after moving disks around. I just export TERM=xterm, fsck /usr and / mount both rw and vi away In the past, I've kept a basic fstab so that when my disks dont mount as they should for any reason, I can move /etc/fstab out the way, replace it with my simple one, and bingo - no editing required. paulm
Re: vi in /bin
On Fri, 18 Dec 2009 10:28:25 +0100 Igor Sobrado wrote: > On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne > wrote: > > On 18/12/2009, at 1:26 PM, Raymond Lillard wrote: > >> > >> Real men use cat. :-) > > > > real men use COPY CON PROGRAM.EXE > > real men use EDIT/TECO. > real men use XEDIT. -- With best regards, Gregory Edigarov
Re: BSD and Active Directory?
Okay, I have understood that there is some difference between a solution and another. But what I need to do is to pull a user with the unix attributes in a 2k3 ad server to a bsd machine. It is already working seamless in a centos enviroment. But there is the nsswitch and pam. My problem is that I have to use the smallest amount possible of space and packages for this to work. For the record I already have the UNIX SFU installed (thought I did mention that). I had the impression that ypldap.conf is equal to the ldap.conf I use in the centos env. Is that not the case? Is ypldap not used to bind against an ad with a user and pull info that then are used to auth against? == I don't know if I need to clarify what I want to do but I will anyway: The existing Active Directory (with SFU) are going to host two types of users one USER with one password and another USER.root with a different password. Then when I ssh against one server I want to use my USER and when inside I use kinit USER.root to gain a "root" ticket (afterwards I use ksu to elevate the USER to the local root account). In Centos I've managed to make this work through editing of /etc/krb5.conf, /etc/openldap/ldap.conf, /etc/ldap.conf, /etc/nsswitch.conf and /etc/pam.d/system-auth. The same applies to all the debian based systems. What I am aiming for is to have the possiblity in BSD just to ssh with my USER and then use su(?) to change to my USER.root. The trouble I'm having is that ypldap.conf does not give the functionality I want and login_ldap seems to do nothing. I know the error is with me so what have I done wrong. The kerberos is working against the AD and I can get tickets but to be able to have all users in one place I need the AD to LDAP connection and this is where I fail. Here is a getent passwd from a centos host (it is still in testing :P) unixUser:*:10001:7:TEST:/home/bananas:/bin/bash UnixUser.root:*:10005:7:TEST:/home/bananas:/bin/false test:*:10006:7:test:/home/bananas:/bin/bash root:x:0:0:root:/root:/bin/bash I want the same to be the case on the bsd but I'm stuck at the error: "yp_first: clnt_call: RPC : Timed out". My first thought was that there was something in the DNS/name space that where giving me trouble but even when I change to the IP of the AD it wont work. I've checked and the kerberos connection never fails. // Regards Spixx
Re: Root file system is growing strangely
On Fri, Dec 18, 2009 at 10:36:46AM +0200, Daniel Zhelev wrote: > Hello list. > I`ve set up a little bash script to tell me when some file system is > over 95% full and after a month I got a mail about my root file system > ( / ) after log in I sow that the root file system is over 100%. That > is fine I tried to do a search for big and nasty files and so on but > after a hour magically the file system was at 20%. That got me very > worried about any security issue, but nothing was missing and so on. > The issue is that the file system continues to grow about a 2 presents > a day, which is strange. > Here is some output: > > Filesystem SizeUsed Avail Capacity Mounted on > /dev/wd0a 1005M251M704M26%/ > /dev/wd0k 46.7G 26.0K 44.4G 0%/home > /dev/wd0d 3.9G8.0K3.7G 0%/tmp > /dev/wd0f 2.0G615M1.3G32%/usr > /dev/wd0g 1005M145M809M15%/usr/X11R6 > /dev/wd0h 5.4G206M5.0G 4%/usr/local > /dev/wd0i 2.0G619M1.3G32%/usr/src > /dev/wd0e 8.9G585M7.8G 7%/var > /dev/wd0j 2.0G961M951M50%/usr/obj > /dev/wd1a 295G562M280G 0%/storage/storages > /dev/wd1b 110G 20.7G 83.7G20%/storage/windows > > r...@sgate:/root# find / -xdev -size +1000 -type f | xargs ls -laSh > -rwxr-xr-x 1 root wheel 6.9M Nov 25 16:39 /bsd > -rw-r--r-- 1 root wheel 6.9M Nov 25 14:16 /obsd > -rw-r--r-- 1 root wheel 5.8M Nov 25 14:16 /bsd.rd > -r-xr-xr-x 1 root bin 1.2M Dec 7 15:05 /sbin/isakmpd > -r--r--r-- 1 root bin 526K Dec 7 15:06 /etc/magic > > r...@sgate:/root# find / -xdev -mtime -1 -type f | xargs ls -laSh > -rw--- 1 root wheel 2.0K Dec 18 03:09 /etc/pf.conf > -rw-r--r-- 1 root wheel 507B Dec 18 03:08 /etc/hosts > -rw-r--r-- 1 root wheel 0B Dec 18 02:49 /etc/resolv.conf > The other strange thing is that I`ve set up the /etc/daily root backup > and here is the compare between two discs: > > /dev/wd1d 1005M 42.2M912M 4%/altroot > /dev/wd0a 1005M251M704M26%/ > > since /altroot is exact dd copy of / isn`t they at the same size? It's quite possible that some process is holding open a file descriptor to a file which has no links from the filesystem. To see this, run 'vi bigfile', suspend, and run 'rm bigfile'. The space is still used. Then quit vi, and optionally run 'sync', and you'll see the space has been reclaimed. To see which process is the culprit, try fstat. (Note that this is only one possibility!) Joachim
Re: Backup disk over USB good idea??
On Fri, Dec 18, 2009 at 02:51:34PM +0700, Edho P Arief wrote: > can you please enlighten me on why that's a bad thing? Filling up / can be more annoying than filling up /usr. It's better to make sure your mounts work and not try to work around broken systems, though.
Re: No RTF_UP after route change to an interface that is up
On Thu, Dec 17, 2009 at 09:17:12PM +, Stuart Henderson wrote: > On 2009-12-15, Doran Mori wrote: > > It looks like the last road block in my router project is going to be > > similar to Vladimir Kirillov's problem. In my case I'm having a > > downed link layer host route take precedence over an up ospf /32 route > > So it seems that any host routes, even RTP_DOWN, take priority over > higher priority net routes for the same address. > Host routes are allways more specific then network routes (even /32 ones). So they will used in that case. Currently the lookup will not try less specific routes in case their RTP_DOWN (or actually not RTF_UP). This could be regarded as bug -- the code is just too insane to fix it easily. > This explains a little trouble I've been having when I restart ospfd > (which I do a bit more often than is good for me, but haven't been able > to put my finger on exactly why I have to...) > Hmm. If you know what goes wrong I will try to fix it :) > My bgp routers run sessions between loopbacks on lo1 which are advertised > into ospf. My defaults are localhost -reject routes. A pretty typical setup > for a network with multiple links between routers. > > If I stop and restart ospfd on router X, typically the bgp sessions > go down, and if I go to the other routers I see dynamic host routes > directing X's traffic towards 127.0.0.1; > > Y# route -n get X >route to: aa.bb.cc.9 > destination: aa.bb.cc.9 > gateway: 127.0.0.1 > interface: lo0 > if address: 127.0.0.1 >priority: 56 (default) > flags: > use mtuexpire >41060 33160L 522 > > Y# netstat -rnfinet | grep aa.bb.cc.9 > aa.bb.cc.9 127.0.0.1 UGHD 241188 33160 L 56 lo0 > aa.bb.cc.9/32aa.bb.cc.244 UGP00 -32 vlan2244 > aa.bb.cc.9/32aa.bb.cc.243 UGP00 -32 vlan2244 > > and I have to route delete aa.bb.cc.9 to get things flowing again. > I'm not quite sure why it's RTF_DYNAMIC, ICMP redirects are off and > I haven't spotted where other than ICMP redirects that sets this, > so I'm not entirely sure where this entry has come from. > This is PMTU fucking around because TCP is no longer getting ACKs back and so it goes and tries to disable PMTU by creating a dynamic route cloned from the parent route. In your case that's the default reject route. Now that's totaly stupid I know and especially the created route is wrong in so far that the reject bit is dropped. It is also questionable why we should create a dynamic route cloned from a reject or blackhole route. > All pretty recent code, Y is running Nov 11th, X running Dec 14th, > this isn't new though, I have just managed to get past enough other > problems that I can see it a bit more clearly..;-) > As a workaround I would try to use blackhole routes instead of reject ones and see if this will make the event of TCPs PMTU magic kicking in less probable. -- :wq Claudio
Leiloes completamente incriveis - IPHONE por 30,97!!!
Caso nco visualize correctamente este e-mail, por favor clique AQUI. NOTA INFORMATIVA: O presente email destina-se znica e exclusivamente a informar potenciais utilizadores e nco pode ser considerado SPAM. De acordo com a legislagco internacional que regulamenta o correio electrsnico, "o email nco pode sera ser considerado SPAM quando incluir uma forma do receptor ser removido da lista do emissor". Se pretender nco receber mais estes emails clique AQUI.
Unofficial OpenBSD 4.6 USB installer on LiveUSB-OpenBSD page!
Dear all, My friend wanted it. I wanted it too just for fun. So I did it. Please remember, it is 100% unofficial. This project is not officially or unofficially endorsed by OpenBSD in any way. So use it at your own risk! That said, I am quite certain that many of you will benefit in a big way from a USB installer for OpenBSD 4.6 instead of a DVD/CD install method. http://liveusb-openbsd.sf.net and direct download link here: https://sf.net/projects/liveusb-openbsd/files/usb-inst46.bin/download It is a lot of fun I tell you. I recently tested it and it worked like a charm. I have tried to make the installer as "official" as I can. I played no tricks, it is just the CD/DVD installer in the USB stick. ;) As to how I did this, that is an altogether different matter. -Girish -- Gayatri Hitech web: http://gayatri-hitech.com SpamCheetah Spam filter: http://spam-cheetah.com
Re: No RTF_UP after route change to an interface that is up
On 2009/12/18 12:31, Claudio Jeker wrote: > > So it seems that any host routes, even RTP_DOWN, take priority over > > higher priority net routes for the same address. > > Host routes are allways more specific then network routes (even /32 ones). > So they will used in that case. Currently the lookup will not try less > specific routes in case their RTP_DOWN (or actually not RTF_UP). This > could be regarded as bug -- the code is just too insane to fix it easily. Hmmm... given this, would it make any kind of sense to have the routing daemons install /32 as host rather than network routes? > > This explains a little trouble I've been having when I restart ospfd > > (which I do a bit more often than is good for me, but haven't been able > > to put my finger on exactly why I have to...) > > Hmm. If you know what goes wrong I will try to fix it :) The relevant machines were running old code, but this week I've finally got them over the nat-to bump, so I'll be able to do some meaningful testing with -current soon (I hate reporting problems unless I know I've collected enough information to at least point someone in approximately the right direction ;) > This is PMTU fucking around because TCP is no longer getting ACKs back and > so it goes and tries to disable PMTU by creating a dynamic route cloned > from the parent route. In your case that's the default reject route. > Now that's totaly stupid I know and especially the created route is > wrong in so far that the reject bit is dropped. It is also questionable > why we should create a dynamic route cloned from a reject or blackhole > route. aha...yes this does indeed seem to be the explanation, and certainly for disabling PMTU, cloning a reject or blackhole route makes no sense. > As a workaround I would try to use blackhole routes instead of reject ones > and see if this will make the event of TCPs PMTU magic kicking in less > probable. This doesn't noticably help. But now I remember that since I started sending full BGP tables everywhere I don't actually need a default route to redist into OSPF any more...and after removing the route completely, this does work as expected, fixing my immediate problem.
Re: vi in /bin
2009/12/18 Gregory Edigarov : > On Fri, 18 Dec 2009 10:28:25 +0100 > Igor Sobrado wrote: > >> On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne >> wrote: >> > On 18/12/2009, at 1:26 PM, Raymond Lillard wrote: >> >> >> >> Real men use cat. :-) >> > >> > real men use COPY CON PROGRAM.EXE >> >> real men use EDIT/TECO. >> > real men use XEDIT. > REAL men use butterflies // http://xkcd.com/378/ -- The best the little guy can do is what the little guy does right
Re: vi in /bin
On Fri, Dec 18, 2009 at 12:09:41AM -0600, Chris Bennett wrote: > Brad Tilley wrote: > >On Thu, 17 Dec 2009 17:12 -0800, "Randal L. Schwartz" > > wrote: > > > >>>"Brad" == Brad Tilley writes: > >>> > >>Brad> I use ed in emergencies when /usr is inaccessible, but I'm a lot > >>more > >>Brad> comfortable with vi. Will a static vi ever live in /bin? Helping > >>someone > >>Brad> use ed remotely, who has never used ed, when I myself don't use it > >>Brad> regularly is always an adventure. > >> > >>Solution: learn "ed" a bit more. > >> > >>It's really *not* that hard. :) > >> > > > >Good advice. Guess I'm looking for the easy way out. I'll make myself > >edit in ed every Friday or something. > > > >Brad > > > > > > > Just out of curiosity, my "emergencies" usually involve having to edit > /etc/fstab that has entries that no longer apply after moving disks around. > I just export TERM=xterm, fsck /usr and / mount both rw and vi away > > Is there a common emergency that comes up where /usr is not available? > When working on changed to the dynamic linker, vi was always the first test program (sanity testing). And yes, it broke quite a number of times. Dale Rahn dr...@dalerahn.com
Re: vi in /bin
On Fri, Dec 18, 2009 at 7:33 AM, Eugene Yunak wrote: > 2009/12/18 Gregory Edigarov : >> On Fri, 18 Dec 2009 10:28:25 +0100 >> Igor Sobrado wrote: >> >>> On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne >>> wrote: >>> > On 18/12/2009, at 1:26 PM, Raymond Lillard wrote: >>> >> >>> >> Real men use cat. :-) >>> > >>> > real men use COPY CON PROGRAM.EXE >>> >>> real men use EDIT/TECO. >>> >> real men use XEDIT. >> > > REAL men use butterflies > > // http://xkcd.com/378/ Real men use punch cards. Paper tape is acceptable for backups...
Re: vi in /bin
On Thu, Dec 17, 2009 at 07:47:18PM -0500, Brad Tilley wrote: > I use ed in emergencies when /usr is inaccessible, but I'm a lot more > comfortable with vi. Will a static vi ever live in /bin? Helping someone > use ed remotely, who has never used ed, when I myself don't use it > regularly is always an adventure. If using ed is an "adventure", then you don't really know how to use vi. ed, sed, and vi are three of the most important Unix utilities, and there's no excuse for not learning all three. That's because they all use the same commands and syntax. If you know how to use one of them, then you know how to use the other two. Each is useful in a slightly different situation. vi is for interactive editing. ed and sed are most useful for writing editing scripts. ed reads a file into a buffer for editing and can write those edits back to the file. sed works as a filter, reading a stream from standard input line-by-line and editing each line before writing it to standard output. Short, one-line sed scripts are useful in command line pipes for translating the output of one program into the input of another program. Although most of the basic commands are the same in ed, sed, and vi, there are subtle differences. After you have spent some time using ed and sed, I suggest that you ask yourself the follow questions to test your understanding of those differences: "When is the global command (that is, g) useful in ed and vi? Why is the global command missing from sed?"
Re: vi in /bin
> On Fri, Dec 18, 2009 at 7:33 AM, Eugene Yunak wrote: > > Real men use punch cards. Paper tape is acceptable for backups... You mean real *Internet* men. In person, these men (for lack of a better word) are easily de-assified and can be made to cry. However, they are fearless keyboard warriors while alone, in the dark, dusty corner of their mother's basement at night. I made one of these Internet Men cry once by scattering his nicely organized punch card program all over the floor. Your pal, IR _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
Re: vi in /bin
Matthew Szudzik wrote: On Thu, Dec 17, 2009 at 07:47:18PM -0500, Brad Tilley wrote: I use ed in emergencies when /usr is inaccessible, but I'm a lot more comfortable with vi. Will a static vi ever live in /bin? Helping someone use ed remotely, who has never used ed, when I myself don't use it regularly is always an adventure. If using ed is an "adventure", then you don't really know how to use vi. ed, sed, and vi are three of the most important Unix utilities, and there's no excuse for not learning all three. That's because they all use the same commands and syntax. If you know how to use one of them, then you know how to use the other two. Each is useful in a slightly different situation. vi is for interactive editing. ed and sed are most useful for writing editing scripts. ed reads a file into a buffer for editing and can write those edits back to the file. sed works as a filter, reading a stream from standard input line-by-line and editing each line before writing it to standard output. Short, one-line sed scripts are useful in command line pipes for translating the output of one program into the input of another program. Although most of the basic commands are the same in ed, sed, and vi, there are subtle differences. After you have spent some time using ed and sed, I suggest that you ask yourself the follow questions to test your understanding of those differences: "When is the global command (that is, g) useful in ed and vi? Why is the global command missing from sed?" I would like to learn to use sed, however, I did not find that the man page was sufficient as a tutorial. I was not able to find any sed tutorials that were consistent with OpenBSD's variation. Does anyone know of any sed tutorials that work with OpenBSD's version? -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: vi in /bin
On Fri, Dec 18, 2009 at 10:10 AM, Internet Retard wrote: >> On Fri, Dec 18, 2009 at 7:33 AM, Eugene Yunak wrote: >> >> Real men use punch cards. Paper tape is acceptable for backups... > > You mean real *Internet* men. In person, these men (for lack of a better word) > are easily de-assified and can be made to cry. However, they are fearless > keyboard warriors while alone, in the dark, dusty corner of their mother's > basement at night. I made one of these Internet Men cry once by scattering his > nicely organized punch card program all over the floor. > Fail. Real men put sequence numbers in the comment columns so the card sorter can put them back in order. -N
Handling HTTP virtual hosts with relayd
Hello everyone, I'm presently using Apache to reverse-proxy HTTP connections through to our Microsoft IIS servers so that we don't have to expose IIS directly to Internet hosts. Recently, I've been testing relayd in this role. Apache can reverse-proxy requests for several internal HTTP servers through a single internet-routable IP address by using virtual hosts. I've not yet discovered a way of getting relayd to forward the request to a different host depending on the content of the 'Host:' header. Does relayd have this capability? If so how do I do it? Regards, James.
Re: vi in /bin
> Matthew Szudzik wrote: > I would like to learn to use sed, however, I did not find that the man page > was sufficient as a tutorial. I was not able to find any sed tutorials that > were consistent with OpenBSD's variation. 2009/12/18 Chris Bennett : > Does anyone know of any sed tutorials that work with OpenBSD's version? I've personally thus far never bumped into any particular behaviours that would differentiate OpenBSD's sed(1) command syntax from that of other implementations. (That could be because of my relative inexperience, or because there are no substantial differences.) With that said, this page --which was not authored specifically for OpenBSD sed(1)-- may be of use: http://www.grymoire.com/Unix/Sed.html#uh-0 --regards, ropers
Re: vi in /bin
On Fri, Dec 18, 2009 at 11:30:13AM -0600, Chris Bennett wrote: > I would like to learn to use sed, however, I did not find that the > man page was sufficient as a tutorial. I was not able to find any I learned sed from the book Sed & Awk by Dougherty and Robbins. http://amazon.com/dp/1565922255 I highly recommend it. Of the three utilities ed, sed, and vi, sed is probably the most challenging because it doesn't have an interactive mode. With ed or vi you can always do something interactively if you don't know the relevant command, but sed forces you to understand the commands if you want to get anything done. Learning sed will make you a better user of ed and vi.
Re: vi in /bin
ropers wrote: Matthew Szudzik wrote: I would like to learn to use sed, however, I did not find that the man page was sufficient as a tutorial. I was not able to find any sed tutorials that were consistent with OpenBSD's variation. 2009/12/18 Chris Bennett : Does anyone know of any sed tutorials that work with OpenBSD's version? I've personally thus far never bumped into any particular behaviours that would differentiate OpenBSD's sed(1) command syntax from that of other implementations. (That could be because of my relative inexperience, or because there are no substantial differences.) With that said, this page --which was not authored specifically for OpenBSD sed(1)-- may be of use: http://www.grymoire.com/Unix/Sed.html#uh-0 --regards, ropers Nope, I ran into many pages like these. OpenBSD doesn't support sed -i -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: OpenBSD 4.6-stable on IBM x3550 freezes on boot until key is pressed
Tried to boot i386, same result. Rouslan - Original Message - From: "Mauro Rezzonico" To: "misc" Sent: P'P5QP2P5QP3, 17 PP5P:P0P1QQ 2009 P3 19:06:40 (GMT+0200) Auto-Detected Subject: Re: OpenBSD 4.6-stable on IBM x3550 freezes on boot until key is pressed Rouslan Iskhakov wrote: > Tried both options (with redirection and without). > Same behavior with default kernel (without aac driver). I think the problem lies in BOOT/amd64, Have you tried with i386 arch? You don't have to install anything, just try to bootstrap from a i386 Install disk/cdrom... -- Mauro Rezzonico , Como, Italia "Maybe this world is another planet's hell" - H.Huxley
Re: OpenBSD 4.6-stable on IBM x3550 freezes on boot until key is pressed
Hi, Disabled Proc Performance States, nothing changed... Regards, Rouslan - Original Message - From: "Imre Oolberg" To: "Rouslan Iskhakov" Sent: P'P5QP2P5QP3, 17 PP5P:P0P1QQ 2009 P3 19:16:43 (GMT+0200) Auto-Detected Subject: Re: OpenBSD 4.6-stable on IBM x3550 freezes on boot until key is pressed Hi! I think i run 4.6 on the same computer but i have different harddisk adapter, try to set Processors -> Processor Performance -> Proc Performance States: http://kuutorvaja.eenet.ee/wiki/IBM_System_x3550_M2 And also i use single cpu kernel, i hope i may help though i am by no means expert on those ibm machines or openbsd kernel. Imre Rouslan Iskhakov wrote: > Tried both options (with redirection and without). > Same behavior with default kernel (without aac driver). > > Regards, > Rouslan > > > - Original Message - > From: "Mauro Rezzonico" > To: misc@openbsd.org > Sent: P'P5QP2P5QP3, 17 PP5P:P0P1QQ 2009 P3 16:51:28 (GMT+0200) > Auto-Detected > Subject: Re: OpenBSD 4.6-stable on IBM x3550 freezes on boot until key is > pressed > > Rouslan Iskhakov wrote: >> OpenBSD 4.6-stable freezes on boot until any key pressed. >> ... >> Using drive 0, partition 3. >> Loading... >> probing: pc0 com0 mem[619K 2814M 1280M a20=on] >> disk: hd0+ OpenBSD/amd64 BOOT 3.01 >> boot> >> ... > > Something in the BIOS, perhaps? Like console redirection etc.? > > -- > Mauro Rezzonico , Como, Italia > "Maybe this world is another planet's hell" - H.Huxley
Web Browsers
Hi. People on this list are security-conscious. I wonder what browsers they use? What browsers do you consider more secure than others? Granted, they're all full of all kinds of holes, but what do you do to tighten their security? Thanks.
Re: vi in /bin
On Fri, Dec 18, 2009 at 1:35 PM, Chris Bennett wrote: > ropers wrote: >> I've personally thus far never bumped into any particular behaviours >> that would differentiate OpenBSD's sed(1) command syntax from that of >> other implementations. (That could be because of my relative >> inexperience, or because there are no substantial differences.) >> >> With that said, this page --which was not authored specifically for >> OpenBSD sed(1)-- may be of use: >> >> http://www.grymoire.com/Unix/Sed.html#uh-0 >> > Nope, I ran into many pages like these. OpenBSD doesn't support sed -i GNU sed's file-in-place editing is a convenience, but not having it won't hamper your ability to learn to use sed. This is particularly true here, as that tutorial makes no mention of 'sed -i' Cheers, Anders.
Re: Web Browsers
On Fri, 18 Dec 2009 19:25 +, "nixlists" wrote: > Hi. People on this list are security-conscious. I wonder what browsers > they use? > What browsers do you consider more secure than others? > Granted, they're all full of all kinds of holes, but what do you do to > tighten their security? I like Firefox with noscript and adblock to stop the javascript.
Re: Unofficial OpenBSD 4.6 USB installer on LiveUSB-OpenBSD page!
Girish Venkatachalam wrote: ... http://liveusb-openbsd.sf.net and direct download link here: https://sf.net/projects/liveusb-openbsd/files/usb-inst46.bin/download ... As to how I did this, that is an altogether different matter. http://www.openbsd.org/faq/faq14.html#flashmemLive Nick.
Re: Web Browsers
El 18/12/2009 20:50, Brad Tilley escribis: On Fri, 18 Dec 2009 19:25 +, "nixlists" wrote: Hi. People on this list are security-conscious. I wonder what browsers they use? What browsers do you consider more secure than others? Granted, they're all full of all kinds of holes, but what do you do to tighten their security? I like Firefox with noscript and adblock to stop the javascript. +1 Firefox it's a good browser.
Re: Web Browsers
2009/12/18 Brad Tilley : > On Fri, 18 Dec 2009 19:25 +, "nixlists" wrote: >> Hi. People on this list are security-conscious. I wonder what browsers >> they use? >> What browsers do you consider more secure than others? >> Granted, they're all full of all kinds of holes, but what do you do to >> tighten their security? > > I like Firefox with noscript and adblock to stop the javascript. Some people wouldn't consider these strictly *security* features, but if you're using Firefox it helps to be aware of firefox -ProfileManager and use that to keep stuff separate. Additionally, you can also use -no-remote and -P to concurrently run two or more firefox instances with different profiles. Cf.: http://kb.mozillazine.org/Command_line_arguments Also be aware that even after you've deleted all traditional cookies, so-called "Flash cookies" (LSOs) may still persist, and sneaky sites do use those to track you as well. One add-on that you can use to kill those is this; http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm (And even after deleting all cookies and LSOs, sites can still tell what other places on the web you've been to, due to CSS leaking that info, which may be unfixable, cf. e.g. http://www.amirharel.com/2009/09/20/css-privacy/ ) Finally, if you use Adblock Plus, you owe it to yourself to also use Element Hiding Helper. This will not necessarily make Firefox "more secure than others", and there are lots of things about Firefox that suck ass, but the above will, "tighten [its] security", at least for some value of security. --regards, ropers
Re: Web Browsers
PS: I don't actually know to what extent the LSO issues apply to OpenBSD, as there is only limited Flash compatibility, but anyway. 2009/12/18 ropers : > 2009/12/18 Brad Tilley : >> On Fri, 18 Dec 2009 19:25 +, "nixlists" wrote: >>> Hi. People on this list are security-conscious. I wonder what browsers >>> they use? >>> What browsers do you consider more secure than others? >>> Granted, they're all full of all kinds of holes, but what do you do to >>> tighten their security? >> >> I like Firefox with noscript and adblock to stop the javascript. > > Some people wouldn't consider these strictly *security* features, but > if you're using Firefox it helps to be aware of > firefox -ProfileManager > and use that to keep stuff separate. Additionally, you can also use > -no-remote and -P to concurrently run two or more > firefox instances with different profiles. Cf.: > http://kb.mozillazine.org/Command_line_arguments > > Also be aware that even after you've deleted all traditional cookies, > so-called "Flash cookies" (LSOs) may still persist, and sneaky sites > do use those to track you as well. > One add-on that you can use to kill those is this; > http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm > (And even after deleting all cookies and LSOs, sites can still tell > what other places on the web you've been to, due to CSS leaking that > info, which may be unfixable, cf. e.g. > http://www.amirharel.com/2009/09/20/css-privacy/ ) > > Finally, if you use Adblock Plus, you owe it to yourself to also use > Element Hiding Helper. > > This will not necessarily make Firefox "more secure than others", and > there are lots of things about Firefox that suck ass, but the above > will, "tighten [its] security", at least for some value of security. > > --regards, > ropers
Re: Web Browsers
firefox + adsuck On Fri, Dec 18, 2009 at 07:25:13PM +, nixlists wrote: > Hi. People on this list are security-conscious. I wonder what browsers they > use? > What browsers do you consider more secure than others? > Granted, they're all full of all kinds of holes, but what do you do to > tighten their security? > > Thanks.
Encrypt entire filesystem with AES 256bit. Softraid tutorial?
Hello, Iam looking for ways to encrypt my entire filesystem, but it must be with AES 256bits... Ive bene searching and I deduce that the only option I have is using softraid, however iam unable to find any tutorial or guide. Anybody know if this is possible, if I have any other option (with 256 AES cipher) and if there is a guide? Thank you. Andres
Re: Web Browsers
On Fri, Dec 18, 2009 at 11:25 AM, nixlists wrote: > Hi. People on this list are security-conscious. I wonder what browsers they > use? > What browsers do you consider more secure than others? > Granted, they're all full of all kinds of holes, but what do you do to > tighten their security? I use netcat.
Re: OT: Have you hugged your local OpenBSD dev lately?
Ted Unangst wrote: > On Sat, Dec 12, 2009 at 4:47 PM, Lars Nooden wrote: >> So everything under X should be considered available to everything else >> under X. >> >> I presume new models for displays, or new ways to get some kind of privilege >> separation for X, have been discussed to death already. Is there any key >> discussion or publication? > > I'm not sure what you're after, but two conceivable starting points > would be the man pages for xauth and XSelectInput. Those help. I'm trying to get an idea, even an abstract one, of how individual windows could be kept from poaching i/o from each other. /Lars
Re: Encrypt entire filesystem with AES 256bit. Softraid tutorial?
On Fri, 18 Dec 2009 15:18 -0600, "Andres Salazar" wrote: > Hello, > Iam looking for ways to encrypt my entire filesystem, but it must be > with AES 256bits... Ive bene searching and I deduce that the only > option I have is using softraid, however iam unable to find any > tutorial or guide. Anybody know if this is possible, if I have any > other option (with 256 AES cipher) and if there is a guide? > > Thank you. > > Andres Here are some softraid crypto notes I wrote that might help: http://16systems.com/OpenBSD/softraid.txt Softraid crypto does use AES, not sure it's 256-bit. Also understand that several key mount points cannot be encrypted... so when you say "entire filesystem" understand what is and is not encrypted. softraid crypto is experimental too, but in my experience works well enough for day to day use. Brad
Re: ipsec / trunk / failover
i tried this, and while routing does in fact work and failover if i manually drop a route, i cannot get automatic failover to happen. with ike in active mode i don't have problems with ipsec, but when putting ike into dynamic (in order to enable DPD) i can't seem to get ipsec up. is there another way to enable DPD? going with gre/ospf, one link works just fine but never fails over to the internet-based link - even though both links (gre0/gre1) show up in the routing table. so i reconfigured ospf to only use gre1 (internet) and it doesn't work even when by itself - even though the routes get propagated. if i disable ospf and manually add the routes, the link works. i'm losing hair here. any help would be GREATLY appreciated. configs follow: "R" box: hostname.gre0: 10.200.244.233 10.200.244.234 netmask 0x link0 up tunnel 10.200.244.246 10.200.48.254 hostname.gre1: 10.200.244.225 10.200.244.226 netmask 0x link0 up tunnel r.pub.ip w.pub.ip ospf.conf: redistribute 192.168.5.0/24 redistribute static redistribute connected password="pttpthhh" auth-md 1 $password auth-type crypt auth-md-keyid 1 area 0.0.0.0 { interface gre0 interface gre1 interface vr0 { passive } interface vr1 { passive } interface vr2 { passive } } ipsec.conf: ike esp transport from r.pub.ip to w.pub.ip ike esp transport from 10.200.244.246 to 10.200.48.254 sysctl.conf: ... net.inet.ip.forwarding=1 net.inet.gre.allow=1 net.inet.esp.enable=1 net.inet.ip.multipath=1 "W" box: - hostname.gre0: 10.200.244.234 10.200.244.233 netmask 0x link0 up tunnel 10.200.48.254 10.200.244.246 hostname.gre1: 10.200.244.226 10.200.244.225 netmask 0x link0 up tunnel w.pub.ip r.pub.ip ospf.conf: redistribute 10.200.0.0/16 redistribute 172.16.0.0/16 redistribute connected redistribute static password="pttpthhh" auth-md 1 $password auth-type crypt auth-md-keyid 1 area 0.0.0.0 { interface gre0 interface gre1 interface bnx0 { passive } interface bnx1 { passive } interface bnx3 { passive } } sysctl.conf: ... net.inet.ip.forwarding=1 net.inet.gre.allow=1 net.inet.esp.enable=1 net.inet.ip.multipath=1 here's a horrible but fairly accurate map of the networks and their connections (fixed width font helps here): {internet}--- || r.pub.ip w.pub.ip (R)10.200.244.246 -- 10.200.244.241 (router) ... (router) 192.168.5.110.200.48.250 | 10.200.48.245 (W) 10.200.244.249 | 10.200.244.254 (router) 10.200.0.0/16 + 172.16.0.0/16 2009/12/11 Mitja Mu>enih : > A simple trick to fail over two vpn connections (scenario #1) is if you use > two slightly differently sized subnets as the remote end of the tunnel. > > Say your peer LAN is 192.168.1.0/24. > > Create a tunnel from $local_LAN to 192.168.1.0/24 over the preferred > connection (MPLS in your case), and a second tunnel from $local_LAN to > 192.168.0.0/16 over the backup connection. As long as the primary tunnel is > up, the tighter network destination wins and the traffic to 192.168.1.0/24 > will flow over the primary tunnel. If that goes down, 192.168.0.0/16 will > match too and the traffic will enter the backup connection. Use DPD to > ensure prompt tunnel failure detection and you are golden. > > Last time I did this was with 3.9, but I don't see a reason why it wouldn't > still work. I managed to failover in <5 seconds back then. > > Naturally feel free to do your testing before deploying. if this doesn't > work, then you have to use gif(4) tunnel endpoints and a routing daemon such > as ospfd. > > As far as 2# is concerned, you _might_ get away with two gif(4) encapsulated > and encrypted tunnels, then trunk(4)ing the gif(4) interface pairs. I never > tried that nor heard of anybody doing that. > > Mitja > >> -Original Message- >> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of >> Dewey Hylton >> Sent: Friday, December 11, 2009 10:40 PM >> To: misc@openbsd.org >> Subject: ipsec / trunk / failover >> >> hi all. i have two sites connected by a slow mpls connection, each >> having faster connections to the internet. both are viewed as >> untrusted, so site-to-site traffic flowing over either mpls or >> internet needs to be encrypted. >> >> 1) my minimum requirement at this point is for an encrypted connection >> over mpls, with an encrypted connection over internet as failover. i >> know it seems backwards, but since the mpls connection is "guaranteed >> bandwidth" managemen
Re: OT: Have you hugged your local OpenBSD dev lately?
On Fri, Dec 18, 2009 at 4:31 PM, Lars Nooden wrote: > Ted Unangst wrote: >> I'm not sure what you're after, but two conceivable starting points >> would be the man pages for xauth and XSelectInput. > > Those help. I'm trying to get an idea, even an abstract one, of how > individual windows could be kept from poaching i/o from each other. XGrabKeyboard. There's also a whole section on security in man xterm, sorry, forgot about it before. But it's no magic bullet. Suddenly, your window manager hotkeys stop working, so you can't really have a default current window grabs keyboard policy. Your screensaver also needs to grab the keyboard. So if your browser only grabs the keyboard while entering a password field, that essentially means the screen locker will never activate in that state. Rare, but totally confusing to users.
Re: Encrypt entire filesystem with AES 256bit. Softraid tutorial?
On Fri, Dec 18, 2009 at 4:18 PM, Andres Salazar wrote: > Iam looking for ways to encrypt my entire filesystem, but it must be > with AES 256bits... Ive bene searching and I deduce that the only > option I have is using softraid, however iam unable to find any > tutorial or guide. Anybody know if this is possible, if I have any > other option (with 256 AES cipher) and if there is a guide? softraid uses 256 bit AES, but whatever your requirements are, if they specify a key size but not a mode, I'd say they are underspecified.
Re: vi in /bin
On Fri, 18 Dec 2009, Anders Langworthy wrote: > > Nope, I ran into many pages like these. OpenBSD doesn't support sed -i > > GNU sed's file-in-place editing is a convenience, but not having it > won't hamper your ability to learn to use sed. This is particularly > true here, as that tutorial makes no mention of 'sed -i' $ echo foo > blah $ cat blah foo $ sed -a 's/foo/bar/wblah' blah bar $ cat blah bar -- Antoine
Re: Web Browsers
On Fri, 18 Dec 2009, nixlists wrote: > Hi. People on this list are security-conscious. I wonder what browsers they > use? > What browsers do you consider more secure than others? > Granted, they're all full of all kinds of holes, but what do you do to > tighten their security? "I send mail to a demon which runs wget and mails the page back to me." -- Antoine
Re: BSD and Active Directory?
I use password authentication to login with an AD account into a windows terminal services platform. All windows platforms are 2003 R2, then ssh using gssapi to get to OpenBSD - no password required, or the same to Solaris 10, Red Hat v4 platforms. I use a modified version of putty from Quest that supports gssapi on Windows, sshd_config has gssapi enabled. I can login using cygwin ssh or locally with the AD account/password to OpenBSD. The real aim in this case is to use a single sign-on. I can also use smart card authentication to the terminal server, and the single sign-on to any Linux/Unix platform and OpenBSD. I am using OpenBSD v4.6 stable, running samba v3.4.3 ads favour see mail lists, ldap-client, ldap-server, p5-ldap from ports, portmap, ypldap, ypbind, plus other ports. Note I use a modified ypldap - that allows empty groups, this is for another system using smbldap-tools the aim to automatically add samba users in ldap. ypldap uses an extra login class kauth defined in login.conf with auth=krb5. An entry in ypldap.conf fixed attribute class "kauth" is used. Red Hat and Solaris are using Quest's Vintela, this extends the AD schema in a manner ypldap does not support (or I haven't found a way to make this work so far, I need to do some sub queries for memberships), instead I extract using a perl script creating a ldif file which creates the entries in local ldap server for users/groups using the nis schema. I have around 140 users and 30 groups from AD in the local ldap, the perl script also filters out any users that haven't been assigned a uid, or groups with no gid and users with a uid's below a value, and disabled accounts. the perl script uses Net::LDAP from the p5-ldap port. This also works with samba, the terminal server can get to samba shares on the OpenBSD, using the group/users setup in ldap and authenticating with AD. To get multiple groups for users besides a +, as the last line the group file, the group file must contain an exclusion see getgrouplist man page, or you need to create /etc/netid for the user to group mappings. ypldap doesn't support netid.byname currently, sudo doesn't work because of this. The only difference is the ypldap.conf refers to the local ldap in my case populated with the AD accounts/groups, rather than using ypldap directly against the active directory ldap. getent passwd or group will return both local and those accounts/groups in ldap. The yp_first is reported by ypbind, your initial e-mail suggests ypldap hasn't completed the first stages, you should see something like this # ypldap -dv startup [debug mode] configuration starting applying configuration connecting to directories starting directory update updates are over, cleaning up trees now flattening trees pushing line: aalle01:*:5020671:5046:kauth:0:0::/home/adusers/aalle01 :/bin/bash pushing line: aarno01:*:5972151:5002:kauth:0:0::/home/adusers/aarno 01:/bin/sh pushing line: acham01:*:5617157:5002:kauth:0:0::/home/adusers/acham 03:/bin/sh pushing line: acham02:*:5020098:5046:kauth:0:0::/home/adusers/ach am02:/bin/bash pushing line: achil01:*:50042186:5001:kauth:0:0::/home/adusers/achil01 :/bin/sh . pushing line: ncwadmins:*:5024:dmell01,npres01 pushing line: ncwops:*:5043:dmell01,npres01 pushing line: nfmadmins:*:5032:dmell01,npres01 pushing line: nfmops:*:5031:dmell01,npres01 pushing line: nmnadmins:*:5028:dmell01,npres01 . I think until ypldap reaches this point it's not listening, and ypbind can't connect. You could try ypldap.conf with a filter for a small set of users / groups. This will tell you if you exceeded a limit or there something wrong in the ypldap.conf. Regards Nigel Taylor Joakim Dellrud wrote: > Okay, I have understood that there is some difference between a solution and > another. But what I need to do is to pull a user with the unix attributes in > a 2k3 ad server to a bsd machine. It is already working seamless in a centos > enviroment. But there is the nsswitch and pam. My problem is that I have to > use the smallest amount possible of space and packages for this to work. For > the record I already have the UNIX SFU installed (thought I did mention > that). > > I had the impression that ypldap.conf is equal to the ldap.conf I use in the > centos env. Is that not the case? Is ypldap not used to bind against an ad > with a user and pull info that then are used to auth against? > > == > > I don't know if I need to clarify what I want to do but I will anyway: > The existing Active Directory (with SFU) are going to host two types of > users one USER with one password and another USER.root with a different > password. Then when I ssh against one server I want to use my USER and when > inside I use kinit USER.root to gain a "root" ticket (afterwards I use ksu > to elevate the USER to the local root account). In Centos I've managed to > make this work through editing of /etc/krb5.conf, /etc/openldap/ldap.conf,
Re: Web Browsers
On Fri, Dec 18, 2009 at 9:07 PM, Marco Peereboom wrote: > firefox + adsuck What is your opnion on Chrome, OpenBSD gurus? Okay we all know about it's privacy and identity leakage concerns. It's designed by Google with this built-in - they want to know everything about you and don't care about your privacy, yada yada. But what about its supposedly more secure multi-process design. Is it really better than Firefox and others in this regard?
Re: vi in /bin
On Fri, Dec 18, 2009 at 11:30:13AM -0600, Chris Bennett wrote: > I would like to learn to use sed, however, I did not find that the man > page was sufficient as a tutorial. I was not able to find any sed > tutorials that were consistent with OpenBSD's variation. > > Does anyone know of any sed tutorials that work with OpenBSD's version? > the man page is not a tutorial, but it does document everything. you can use google and SEE ALSO for other stuff. actually the man page is surprisingly complete, though i wouldn;t blame you for googling. everyone else has joked about it, but ed(1) is a braw wee editor... real mem tire of comparisons. jmc
Re: Web Browsers
On Fri, Dec 18, 2009 at 3:01 PM, Antoine Jacoutot wrote: > On Fri, 18 Dec 2009, nixlists wrote: > >> Hi. People on this list are security-conscious. I wonder what browsers they >> use? >> What browsers do you consider more secure than others? >> Granted, they're all full of all kinds of holes, but what do you do to >> tighten their security? > > "I send mail to a demon which runs wget and mails the page back to me." Richard is that you?
Re: vi in /bin
> "Matthew" == Matthew Szudzik writes: Matthew> ed, sed, and vi are three of the most important Unix utilities, and Matthew> there's no excuse for not learning all three. That's because they all Matthew> use the same commands and syntax. If you know how to use one of them, Matthew> then you know how to use the other two. Everything I used to know about sed, I've forgotten once learning Perl. There's really no excuse for not knowing Perl and Python these days. And if you need to learn Perl, I can recommend a good book (or two :). -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
Re: Web Browsers
All your ads are belong to us. Max Headroom might have an opinion too. On Fri, Dec 18, 2009 at 11:12:14PM +, nixlists wrote: > On Fri, Dec 18, 2009 at 9:07 PM, Marco Peereboom wrote: > > firefox + adsuck > > What is your opnion on Chrome, OpenBSD gurus? Okay we all know about > it's privacy and identity leakage concerns. It's designed by Google > with this built-in - they want to know everything about you and don't > care about your privacy, yada yada. But what about its supposedly more > secure multi-process design. Is it really better than Firefox and > others in this regard?
Re: Web Browsers
Antoine Jacoutot wrote: On Fri, 18 Dec 2009, nixlists wrote: Hi. People on this list are security-conscious. I wonder what browsers they use? What browsers do you consider more secure than others? Granted, they're all full of all kinds of holes, but what do you do to tighten their security? "I send mail to a demon which runs wget and mails the page back to me." Well you really shouldn't use DEMONS to do your computer work. They should never be trusted. But a daemon is OK :) -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -- Robert Heinlein
Re: Web Browsers
> Date: Fri, 18 Dec 2009 15:24:25 -0800 > Subject: Re: Web Browsers > From: sparcta...@gmail.com > To: ajacou...@bsdfrog.org > CC: misc@openbsd.org > > On Fri, Dec 18, 2009 at 3:01 PM, Antoine Jacoutot wrote: > > On Fri, 18 Dec 2009, nixlists wrote: > > > >> Hi. People on this list are security-conscious. I wonder what browsers they use? > >> What browsers do you consider more secure than others? > >> Granted, they're all full of all kinds of holes, but what do you do to > >> tighten their security? > > > > "I send mail to a demon which runs wget and mails the page back to me." > > Richard is that you? Only his mom calls him Richard. To us, he is RMS. Your Friend, IR _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/soci al-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
Re: Handling HTTP virtual hosts with relayd
This is what squid is for. On Dec 18, 2009, at 10:01 AM, James Stocks wrote: > Hello everyone, > > I'm presently using Apache to reverse-proxy HTTP connections through to our > Microsoft IIS servers so that we don't have to expose IIS directly to Internet > hosts. Recently, I've been testing relayd in this role. > > Apache can reverse-proxy requests for several internal HTTP servers through a > single internet-routable IP address by using virtual hosts. I've not yet > discovered a way of getting relayd to forward the request to a different host > depending on the content of the 'Host:' header. Does relayd have this > capability? If so how do I do it? > > Regards, > James.
Re: vi in /bin
Randal L. Schwartz wrote on Fri, Dec 18, 2009 at 03:27:07PM -0800: > Everything I used to know about sed, I've forgotten once learning Perl. That's bad: sed is still needed, see /usr/src/distrib/miniroot/list for a striking example. That said, liking and using Perl a lot, the same happens to me, but i see that as deficiency, not a virtue.
Re: Web Browsers
2009/12/18 nixlists : > On Fri, Dec 18, 2009 at 9:07 PM, Marco Peereboom wrote: >> firefox + adsuck > > What is your opnion on Chrome, OpenBSD gurus? Okay we all know about > it's privacy and identity leakage concerns. It's designed by Google > with this built-in - they want to know everything about you and don't > care about your privacy, yada yada. But what about its supposedly more > secure multi-process design. Is it really better than Firefox and > others in this regard? > > Well, in theory, if they can stick to it, a privsep design is more secure from the point of view of the application. When done right. Now, is it a small and secure program? I dunno: You decide: # uname -a OpenBSD cthulhu.cns.ualberta.ca 4.6 GENERIC.MP#27 amd64 # pwd /usr/local/chrome # ldd chrome chrome: StartEnd Type Open Ref GrpRef Name 0040 02c9f000 exe 10 0 chrome 000209b99000 00020a0cc000 rlib 014 0 /usr/X11R6/lib/libX11.so.12.0 000210dbf000 0002111c8000 rlib 07 0 /usr/X11R6/lib/libXrender.so.5.0 0002069ca000 000206ddb000 rlib 07 0 /usr/X11R6/lib/libXext.so.10.0 000212468000 000212877000 rlib 01 0 /usr/local/lib/libexecinfo.so.0.0 00021037f000 000210bab000 rlib 01 0 /usr/local/lib/libgtk-x11-2.0.so.1402.0 0002111f4000 0002116aa000 rlib 02 0 /usr/local/lib/libgdk-x11-2.0.so.1402.0 000214671000 000214a8c000 rlib 03 0 /usr/local/lib/libgdk_pixbuf-2.0.so.1402.0 00020449 00020489d000 rlib 03 0 /usr/local/lib/libpangocairo-1.0.so.1801.0 00020a66 00020aa62000 rlib 03 0 /usr/X11R6/lib/libXinerama.so.5.0 00020ff75000 00021037f000 rlib 03 0 /usr/X11R6/lib/libXi.so.10.1 0002058fc000 000205d04000 rlib 03 0 /usr/X11R6/lib/libXrandr.so.6.1 00020db06000 00020df1 rlib 03 0 /usr/X11R6/lib/libXcursor.so.4.0 0002029e5000 000202de8000 rlib 03 0 /usr/X11R6/lib/libXcomposite.so.3.0 000202e4d000 00020325 rlib 03 0 /usr/X11R6/lib/libXdamage.so.3.1 0002065c 0002069c5000 rlib 06 0 /usr/X11R6/lib/libXfixes.so.5.0 000211fc2000 0002123e rlib 02 0 /usr/local/lib/libatk-1.0.so.2800.0 00020ce25000 00020d2b rlib 04 0 /usr/local/lib/libcairo.so.9.2 000213dfc000 000214236000 rlib 05 0 /usr/X11R6/lib/libpixman-1.so.15.8 00020976e000 000209b99000 rlib 05 0 /usr/local/lib/libglitz.so.2.0 00020df1 00020e338000 rlib 01 0 /usr/local/lib/libpng.so.9.0 00020efb6000 00020f3d2000 rlib 015 0 /usr/X11R6/lib/libxcb.so.2.0 000205d04000 000206105000 rlib 016 0 /usr/X11R6/lib/libpthread-stubs.so.0.0 00020d532000 00020d935000 rlib 016 0 /usr/X11R6/lib/libXau.so.9.0 0002130c2000 0002134c7000 rlib 016 0 /usr/X11R6/lib/libXdmcp.so.10.0 000207434000 0002078e1000 rlib 04 0 /usr/local/lib/libgio-2.0.so.1802.0 0002156c4000 000215af4000 rlib 04 0 /usr/local/lib/libpangoft2-1.0.so.1801.0 000204a99000 000204ee3000 rlib 05 0 /usr/local/lib/libpango-1.0.so.1801.0 00020610a000 00020654a000 rlib 012 0 /usr/local/lib/libgobject-2.0.so.1802.0 00020c7da000 00020cbdd000 rlib 010 0 /usr/local/lib/libgmodule-2.0.so.1802.0 00020eb7a000 00020efb1000 rlib 06 0 /usr/X11R6/lib/libfontconfig.so.6.0 000204ee3000 000205307000 rlib 07 0 /usr/lib/libexpat.so.9.0 000209038000 0002094ba000 rlib 07 0 /usr/X11R6/lib/libfreetype.so.17.0 000214a8c000 000214ea rlib 08 0 /usr/lib/libz.so.4.1 0002079f7000 000207dfb000 rlib 03 0 /usr/local/lib/libgthread-2.0.so.1802.0 00020fa0e000 00020fed7000 rlib 015 0 /usr/local/lib/libglib-2.0.so.1802.0 000203e02000 00020420d000 rlib 016 0 /usr/local/lib/libintl.so.4.0 00020326b000 000203764000 rlib 017 0 /usr/local/lib/libiconv.so.6.0 00020b96a000 00020bea5000 rlib 03 0 /usr/local/lib/libnss3.so.24.0 000212c95000 0002130c2000 rlib 01 0 /usr/local/lib/libsmime3.so.24.0 0002116aa000 000211af rlib 01 0 /usr/local/lib/libsoftokn3.so.24.0 00020e73c000 00020eb75000 rlib 01 0 /usr/local/lib/libssl3.so.24.0 0002152c1000 0002156c4000 rlib 06 0 /usr/local/lib/libplds4.so.21.0 00020e338000 00020e73c000 rlib 06 0 /usr/local/lib/libplc4.so.21.0 000206de 000207219000 rlib 08 0 /usr/local/lib/libnspr4.so.21.0 0
Spooky spamd happening
I have a bunch of client machines that do their daily/weekly/monthly reports to a dedicated mailbox here. I notice things like a missing host or a low uptime figure etc and can talk to their owners about what problems may be. Works fine and did today but there is something spooky happening: The 0130 daily messages came through on time. The 0330 weekly messages were all there. My next task= inspect the spamdb and /var/log/spamd to find if false positives or other anomalies happening. This is where I spotted the following entries. At 015528 spamd said " queueing deletion of a.b.c.d " and that is weird because that IP was happily delivering mail to us at 0130 without going through greylisting. So at 033030 spamd showed a.b.c.d attempting to deliver and greylisted it. At 035606 a.b.c.d called again and just afterwards spamd showed it being whitelisted. The mail arrived in the inbound mailbox at 0425 so that looks pretty normal. But at 073041 spamd shows "queueing deletion of a.b.c.d ." and yet here I am at 1220 and in spamdb output I see that a.b.c.d is whitelisted. "WHITE|a.b.c.d|||1261153830|1261155366|1264265792|2|0 So, whitelisted at Sat Dec 19 03:56:06 EST 2009 agrees with log above. and expires Sun Jan 24 03:56:32 EST 2010. So no other host suffered this treatment and this one got through at 0130 so the expiry should have been updated so it didn't get greylisted later. Add that the deletion obviously has not happened in the last 4 hours as would be expected from the log note. The box has been running 4.5 release faultlessly since Mar 4. Update due in new year quiet time. Any clues? *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: Unofficial OpenBSD 4.6 USB installer on LiveUSB-OpenBSD page!
No you got it wrong. You are supposed to say "install from disk" (instead of install from cd0) "Already mounted? [no]" (Press enter) And the sets will all show up. Try again. All sets are there in the USB stick but you have to follow a slightly different procedure. -Girish On Fri, Dec 18, 2009 at 8:10 PM, Brad Tilley wrote: > On Fri, 18 Dec 2009 19:34 +0530, "Girish Venkatachalam" > wrote: > >> I played no tricks, it is just the CD/DVD installer in the USB stick. ;) > > I normally just install -current or -release to a USB stick and then use > that (booting from bsd.rd on the USB stick). Granted, the sets have to > install over the network, but it works well. > > Brad > -- Gayatri Hitech web: http://gayatri-hitech.com SpamCheetah Spam filter: http://spam-cheetah.com
Re: Web Browsers
On Fri, Dec 18, 2009 at 07:25:13PM +, nixlists wrote: > Hi. People on this list are security-conscious. I wonder what browsers they > use? > What browsers do you consider more secure than others? > Granted, they're all full of all kinds of holes, but what do you do to > tighten their security? I'm not telling. cel
OpenBSD book
Does anyone have any info on this book? http://www.amazon.com/OpenBSD-Frederic-P-Miller/dp/6130089511/ref=sr_1_6?ie=UTF8&s=books&qid=1261193825&sr=1-6 The title is simply "OpenBSD". I ask because it seems to be pretty new, Published in October of 2009, and most of the other OBSD books I've seen are fairly old. Amazon gives remarkably little info on it.
Re: smtpd(8) local delivery failure - help needed with diagnosis
In article <20091217185401.ga13...@bramka.kerhand.co.uk>, j...@kerhand.co.uk says... > On Thu, Dec 17, 2009 at 02:45:25AM -0600, Adam Thompson wrote: > > r...@server:~# cat /etc/mailer.conf | grep -v '^#' > > sendmail/usr/sbin/smtpd > > send-mail /usr/sbin/smtpctl > > mailq /usr/sbin/smtpctl > > makemap /usr/libexec/smtpd/makemap > > newaliases /usr/libexec/smtpd/makemap > > Not sure if this is right or not, it doesn't seem to be documented > > anywhere yet. > it is documented in mailer.conf(5) and smtpd(8) itself. they are fairly > recent additions (not sure if they are included in the last release or > not), so you may find it easier to check the web man pages. Bang on. The manpages in -current have the writeup. I tend to refer only to manpages that match the release I'm using, as I've been bitten a few times by new functionality documented in the man page that doesn't actually exist on my -stable system. So it looks like I had it almost right, anyway. Thanks, though for pointing out that it *is* in the man pages, after all. -Adam
Re: OpenBSD book
It does give very little. However it does give the ISBN number which I googled and at least found the cover: http://www.wikio.com/books/openbsd-6130089511-9575144,b.html Seems like maybe an interesting geek coffee table book. Except it pretty much seems impossible to find. On Fri, Dec 18, 2009 at 7:52 PM, Eric Furman wrote: > Does anyone have any info on this book? > http://www.amazon.com/OpenBSD-Frederic-P-Miller/dp/6130089511/ref=sr_1_6?ie=UTF8&s=books&qid=1261193825&sr=1-6 > > The title is simply "OpenBSD". > I ask because it seems to be pretty new, > Published in October of 2009, and most of the > other OBSD books I've seen are fairly old. > Amazon gives remarkably little info on it.
Re: OpenBSD book
2009/12/19 Eric Furman : > Does anyone have any info on this book? > http://www.amazon.com/OpenBSD-Frederic-P-Miller/dp/6130089511/ref=sr_1_6?ie=UTF8&s=books&qid=1261193825&sr=1-6 > > The title is simply "OpenBSD". > I ask because it seems to be pretty new, > Published in October of 2009, and most of the > other OBSD books I've seen are fairly old. > Amazon gives remarkably little info on it. Does this answer your question? http://i.imgur.com/ggkB5.png regards, --ropers
Re: vi in /bin
On 19/12/2009, at 12:27 PM, Randal L. Schwartz wrote: Everything I used to know about sed, I've forgotten once learning Perl. There's really no excuse for not knowing Perl and Python these days. And if you need to learn Perl, I can recommend a good book (or two :). You can do anything in Perl. Tho' it's never the right tool for the job. pailm
[Programme TV] Samedi 19 Décembre 2009
Si ce message ne s'affiche pas correctement, voir ici Ajoutez tele-lois...@ml.tv-news.fr ` votre carnet d'adresses pour recevoir vos programmes plus facilement Programme-TV.net - TC)lC) Loisirs Votre programme TV Same di 19 DC)cembre 2009 Gagnez une semaine au ski en famille Remportez une semaine au ski Remportez une semaine au ski Je participe Remportez une semaine au ski Remportez une semaine au ski Remportez une semaine au ski Remportez une semaine au ski Remportez une semaine au ski Remportez une semaine au ski Partez pour une semaine entiC(re dC)valer les pistes des Alpes C 4 pour des vacances inoubliables. Neige, fondue et chocolat chaud, de quoi rC*ver en famille. Remportez une semaine au ski Remportez une semaine au ski Je participe Remportez une semaine au ski Remportez une semaine au ski Le gagnant de chaque loterie sera sC)lectionnC) au hasard par un ordinateur. Il nby a pas de nombre minimum ou maximum de participants. Les chances pour chaque participant de gagner une loterie dC)pendent du nombre total de participants C cette loterie. Les gagnants pourront C*tre notifiC)s par tC)lC)phone, e-mail ou courrier postal. Clash-Media pourra disqualifier un gagnant si elle nba pas rC)ussi C entrer en contact avec ledit gagnant dans les sept jours suivant la premiC(re tentative de le joindre. DC(s lors, Clash pourra choisir un autre gagnant. Le tirage aura lieu le 30 avril 2010. A la une Miss France : "Genevihve est jeune dans sa tjte !" Miss France : "Genevihve est jeune dans sa tjte !" Handball : la finale sur France Tilivisions Handball : la finale sur France Tilivisions CanalSat : les channes TNT changent de numiros CanalSat : les channes TNT changent de numiros Grey's Anatomy : Les premihres minutes de la saison 6 ! Grey's Anatomy : Les premihres minutes de la saison 6 ! plus de news... Vidio du jour Smaon (Incroyable Talent) Interview de Smaon, juri de l'imission La France a un incroyable talent (M6). Vos programmes TF1 La bataille des chorales 20h45 La bataille des chorales divertissement New York Uniti Spiciale 23h10 New York Uniti... series-tv France 2 L'aventure inattendue 20h35 L'aventure inattendue divertissement On n'est pas couchi 22h55 On n'est pas... divertissement France 3 Le bourgeois gentilhomme 20h35 Le bourgeois gentilhomme divertissement Va, vis et deviens 22h45 Va, vis et deviens cinema Canal+ Les enfants de Timpelbach 20h50 Les enfants de Timpelbach cinema Jour de foot 23h00 Jour de foot sport Arte La dernihre citi des Etrusques 20h45 La dernihre... culture-infos Les soldats du rock 23h15 Les soldats du rock culture-infos M6 XIII 20h40 XIII divertissement XIII 22h30 XIII divertissement Vos programmes TNT France 4 Safari prihistorique 20h35 Safari prihistorique culture-infos Demaison s'envole 22h00 Demaison s'envole divertissement France 5 Echappies belles 20h35 Echappies belles culture-infos La Thaolande, fleur de l'Asie 21h30 La Thaolande, fleur... culture-infos Direct 8 Le comte de Monte-Cristo 20h40 Le comte de Monte-Cristo divertissement Enqujte inidite 22h40 Enqujte inidite culture-infos W9 Les Simpson 20h35 Les Simpson jeunesse Menu W9 23h30 Menu W9 divertissement TMC Les nouveaux secrets de la magie 20h40 Les nouveaux secrets de la... divertissement NT1 Catch Attack 20h35 Catch Attack sport Estate of Panic, le manoir de la peur 22h25 Estate of Panic, le manoir... divertissement NRJ 12 Le fanttme du cinima 20h35 Le fanttme du... jeunesse Cliopbtre 22h10 Cliopbtre divertissement La Channe Parlementaire / Public Sinat Bibliothhque Midicis 21h00 Bibliothhque... culture-infos Profession humanitaire 22h00 Profession humanitaire culture-infos Virgin 17 L'affaire Ranucci : Le combat d'une mhre 20h35 L'affaire Ranucci :... divertissement Chante si tu peux ! (Saison 1) 22h25 Chante si tu peux ! (Saison 1) divertissement Gulli L'ecole des fans 20h35 L'ecole des fans divertissement Ils sont fous ces humains 21h25 Ils sont fous ces humains divertissement France T Concert anniversaire de Nelson Mandela 20h35 Concert anniversaire de... divertissement Soweto 22h05 Soweto divertissement Faites des ECONOMIES en 2009 [IMAGE] Avez vous gagnC) 1 sC)jour au soleil, un stage de pilotage, 500 euros... ici [IMAGE] BlC)dina vous couvre de cadeaux ! ici [IMAGE] Pour gagner votre voyage aux Maldives, il suffit de participer ! ici [IMAGE] DC)couvrez immC)diatement si vous avez gagnC) 1000 b, ! ici [IMAGE] Gagnez une semaine de vacances au ski A VIE ici [IMAGE] Vous avez C)tC) sC)lectionnC)(e) pour gagner 3 bagues diamants ici [IMAGE] Offrez C bC)bC), son 1er shopping d'une valeur de 1000 euros ici [IMAGE] "Devenez propriC)taire de votre vignoble" : vos bouteilles C votre nom ! ici [IMAGE] Etes-vous le gagnant des 2 000 euros offert par Cdiscount ? ici [IMAGE] Remportez 10 000 euros grC"ce C la Redoute ici [IMAGE] Remportez des sC)jours dC)tente 4