John, others,
Upon closer look, it only shows roughly 3.5GB of RAM, see below:
+ paste +
OpenBSD 4.0 (GENERIC.MP) #967: Sat Sep 16 20:38:15 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3757342720 (3669280K)
avail mem = 3223769088 (3148212K)
that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong, the whole
effectiveness of the solution depends on the spammers not realizing
the difference between a normal MTA and one that greylists.
Brian Keefer
a little
more efficient.
The history of fighting spam has tended to show that if any form of
combating spam becomes too effective (and wide-spread), spammers will
invest effort figuring out how to defeat it.
Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication
On Feb 20, 2007, at 12:36 PM, Darren Spruell wrote:
On 2/20/07, Brian Keefer [EMAIL PROTECTED] wrote:
In the case of a greylisting type of solution, it seems that
identification would be especially devastating since the work-around
is so trivial. Unless my understanding is very wrong
On Feb 20, 2007, at 1:51 PM, [EMAIL PROTECTED] wrote:
On Tue, 20 Feb 2007 12:57:54 -0800, Brian Keefer [EMAIL PROTECTED]
said:
Now they've evolved to using botnets and the vast majority of spam
comes from such systems, so the bandwidth costs are gone and the
hosting costs are pretty much
really appreciate it. I've posted this
problem on two different forums and still haven't been able to solve it.
Thanks!
-Brian
Figured I'd attach my dmesg for good measure...
OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
) attempt reduces build sizes:
# du -hs /usr/obj/ /usr/destdir /usr/releasedir/
475M/usr/obj/
243M/usr/destdir
104M/usr/releasedir/
(Down from the usual 850m+ obj/, etc.)
~BAS
-- Forwarded message --
Date: Mon, 5 Feb 2007 01:06:07 -0500 (EST)
From: Brian A. Seklecki [EMAIL
with are the device of
the external usb box that runs ok) is Device not configured.
A lot of thanks
--
Angel Sancho Alvarez
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
...from back in the heady days when helpdesk meant nothing
On Mon, 5 Feb 2007, Luca wrote:
Hi all,
I installed for the first time the Speedtouch 330, compiled the source
code (http://speedtouch.sourceforge.net/index.php?/index.en.html),
installed the firmware...launched the script...it takes about 10
minutes to bring up the tun0 interface and get a
*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
I tried the above (see link) but still it won't work...
Does the privsep sshd(8) process spawn on the server? Does that spawn a
login shell of the associated user? pstree(8) will show. Also, fire up
debugging levels?
#LogLevel INFO
- DEBUG, DEBUG1, DEBUG3 etc.
~BAS
help !
Hello Brian,
Not quite sure what you mean with pstree...don't know the
command and no 'man pstree' on my 3.8 system..?
It's in the psmisc/ package
Note that I no problems logging into the system while on the local network
(doing this
via a PC that I remotely manage). When I do a SSH session
On Tue, 6 Feb 2007, forums wrote:
Hello,
That was my first guess as well...For that reason I set the option UseDNS NO
Yea. When DNS times occur, the login process never completes. In fact,
before the prompt appears the timeour occurs.
AS
Is anyone maintaining a ${SKIPDIR} manifest? A master list of source
directories, organized logically by subsystem? Something to match the
variety of make.conf(5)/mk.conf(5) knobs in other systems?
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http
move all those reports to its
www-chroot.
If I need to I'll create one myself, but after fiddeling around with it
for a couple of hours I thought about the reinvention of the wheel and
its waste of time.
Regards,
ahb
--
PONEDELXNIK, 5 FEWRALQ 2007 G. 10:45:05 (MSK)
l8*
-lava (Brian
of activity at layer 7, which many
companies require for compliance reasons anyway.
Regards,
Brian.
soap box now.
Regards,
Brian.
it out, and certainly no commercial
reason to switch off the existing IPv4 Internet. Arguments here:
http://pobox.com/~b.candler/doc/misc/ipv6.txt
Regards,
Brian.
six-disk array as
three separate mirrored pairs, or as a single RAID-01 (strip/mirror) and see
what you get. Of course your available storage size will be reduced to
3/5ths of what it was.
Regards,
Brian.
gets written to one disk while
half gets written to the other, so that would be expected to have better
performance than a single disk.
Regards,
Brian.
:-)
The assumption here of course is that the only services worth attacking are
on ports 1024 or 2049. This still doesn't prevent your box being used as a
DoS repeater, but that's a pretty fundamental limitation of simple UDP
request-response exchanges.
Regards,
Brian.
On Jan 19, 2007, at 10:58 AM, Tonnerre LOMBARD wrote:
We chose Gandi for controversial web sites (like ffii.org) because
they tend not to shut down the delegation whenever they receive a
preliminary injunction.
For any kind of Open Source movement, this might become crucial
in the future...
On Wed, Jan 24, 2007 at 02:39:42PM -0600, Travers Buda wrote:
Last time I checked though, clients only talk with the web server on
port 80. So, the only reason you would want to keep state would be if
you have a ruleset like block out all (which is generally only usefull
if you don't trust the
the point though...
Regards,
Brian.
on a battery-backed RAM disk is best of all.
At very least, separating things out this way will make it clear in the tps
figures how much is due to the MTA spooling and how much due to operations
in the users' mailstores.
HTH,
Brian.
the profile of commands issued by a client, you can try issuing
them manually to a server to see how it handles them in terms of file I/O
operations, e.g. with strace. If it is poor, then try a different server.
Regards,
Brian.
register their hostname in this way, so that when you do a lookup
on another machine for //foo/subdir then 'foo' can be resolved via DNS.
I don't know how this gives you the 'Network neighborhood' browsing
capability.
Regards,
Brian.
Windows NETBIOS naming broadcasts being forwarded down your VPN tunnel for a
start.
Regards,
Brian.
implementation, but I found it to be unreliable.
Maybe it has improved. But anyway, its control daemon is very noddy and uses
a local XML file for authentication, not RADIUS)
HTH,
Brian.
On Jan 21, 2007, at 6:36 AM, Mark Kettenis wrote:
Getting quite decent performance on my Mac mini G4:
gem0 at pci2 dev 15 function 0 Apple Uni-N2 GMAC rev 0x80: irq
41, address 00:0d:93:60:dd:1a
bmtphy0 at gem0 phy 0: BCM5221 100baseTX PHY, rev. 4
With an msk(4) at the other end and a
in other areas is something else to
consider--would a commercial product block more malware, have less
false-positives, be able to comply with government regulations, etc?
Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication
code, sadly
Linux is currently a better choice. I personally cannot stand Linux,
but even I consider Linux a safer choice for an embedded OS right now
(safer as in: you won't have to struggle for weeks to get your
software to even run on it).
Brian Keefer
www.Tumbleweed.com
The Experts
On Jan 21, 2007, at 4:34 PM, bofh wrote:
On 1/21/07, Brian Keefer [EMAIL PROTECTED] wrote:
Because driver support for Linux is a lot better than for OpenBSD,
I'm not sure if I believe this to be as strong an argument since, as
the blackbox maker, you have your choice of hardware. This means
On Jan 21, 2007, at 8:00 PM, L. V. Lammert wrote:
On Sun, 21 Jan 2007, Brian Keefer wrote:
The company I worked for considered switching our appliance OS to a
*BSD from Linux, but in the end we decided that commercial support
was too important to ignore.
There ARE a number of vendors
subnets to the ACL, for instance 192.168.0.0/16; (or whatever your
internal network is).
Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication
, people might have some more suggestions.
HTH,
Brian.
On Wed, Jan 17, 2007 at 02:29:13PM +0100, Samuel Mo?ux wrote:
every state is a [src, dst, direction] tuple
which lets pass [src - dst, direction ] and [dst - src,
not(direction)], but not [ src- dst, not(direction) ] packets.
Very clear - I think that description should go into pf.conf(5)
) is unclear on this point, especially
where it it says
By default, packets coming in and out of any interface can match a state
then I would not disagree with you :-)
HTH,
Brian.
(sorry for the repost, I guess there aren't many eyes on ppc@)
Has anyone else noticed extremely poor performance with gem(4)
devices, particularly on the Mac Mini G4?
dmesg is below, but the summary is that I have a gem(4), and after
finally being fed up with the poor performance I
, but that functionality was stripped out)
Regards,
Brian.
be
transparent to applications, which continue to open(), read() and write()
files as usual(*). And personally I'd find it useful to hear about what
options are available in OpenBSD for this.
Regards,
Brian.
(*) If an application wants to get hold of an older version of a file, it
can find
which is huge and featureful (as it is going to supercede every
other database out there)
There is only one good reason I can think of for integrating the database
into the O/S, which is that Microsoft eventually decided it was a bad idea
to do so:-)
Regards,
Brian.
. If you
run out of snapshot space, then you just get a normal 'disk full' error, and
you can delete old or unwanted snapshots to free up space, or else alter the
snapshot percentage.
Or did you mean something else entirely?
That's what I'm wondering.
Regards,
Brian.
a filesystem expert. However I
have implemented some systems which use databases.
Brian.
ttymask 0
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
apm0: disconnected
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
cpu1: unknown Core FSB_FREQ value 0 (0x0)
Brian Keefer
www.Tumbleweed.com
The Experts in Secure
On Dec 22, 2006, at 3:09 AM, Reyk Floeter wrote:
On Fri, Dec 22, 2006 at 02:35:00AM -0800, Brian Keefer wrote:
Not sure if anyone else has noticed, but VMware finally released
Fusion for public beta. It's the port to Macintel.
Only caveat so far is that Fusion wouldn't mount the OpenBSD CDs
-get-partextra=200612/299
Regards,
Brian.
On Dec 22, 2006, at 5:15 AM, Reyk Floeter wrote:
On Fri, Dec 22, 2006 at 03:59:10AM -0800, Brian Keefer wrote:
Here're the dmesg's from RAMDISK_CD and GENERIC.MP on a MBP 15
CoreDuo 2.16GHz:
can you try 4.0-current (or a recent snapshot)? it should use the
new
vic(4) driver instead
On Dec 22, 2006, at 10:26 AM, Jason Dixon wrote:
On Dec 22, 2006, at 12:31 PM, Brian Keefer wrote:
Jason, what does your .vmx look like?
Oddly, I also found a statement: deploymentPlatform = windows,
which I found rather odd since I choose other/other for the OS and
type. I comment
On Wed, Dec 20, 2006 at 08:53:41AM -0600, Will Maier wrote:
On Wed, Dec 20, 2006 at 02:31:09PM +, Brian Candler wrote:
That makes a lot of sense. But enforcing that policy might be
difficult. This is important if you're relying on your gold server
for disaster recovery purposes
a record of changes which were made. Again, you can get
into problems with procedures not being followed and the repository coming
out of sync with reality.
Regards,
Brian.
on that machine, and point the resolver at
127.0.0.1. But you still have not changed the architecture: the resolver is
still using a cache, which just happens to be on the same machine.
Brian.
(*) Except for the special case where the cache is also authoritative for
some zone, and the query happens
be to bridge rl0 and ath0, and run your
home LAN as a single subnet. See man brconfig and bridgename.if
HTH,
Brian.
On Dec 12, 2006, at 11:46 PM, Brian Keefer wrote:
OK, so just to be clear I'm not a terribly clever person. I have
no idea what I should be looking for to diagnose this issue. It's
entirely possible that I have something configured stupidly/wrong,
etc or that the answer is right in front
SHA1: b7e33764ab96e1a2db0d125d07e9628367680858
Size: 175331328
--
Brian A. Seklecki [EMAIL PROTECTED]
Collaborative Fusion, Inc.
Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame)
From: Brian A. Seklecki [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Organization: Collaborative Fusion, Inc
On Wed, 13 Dec 2006, Brian A. Seklecki wrote:
All:
BTW, it is far from optimal, but the following BRE works:
DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p})
...because saying:
may contain one \(rai\)* or more, but not either, and (or?)...
may contain one of either
vlan10 it works again.
the core dump is here
http://www.tbits.org/snmpd.core.gz
Have everyone an idea ?
Thx
Thomas
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
...from back in the heady days when helpdesk meant nothing, diskquota
OK, so just to be clear I'm not a terribly clever person. I have no
idea what I should be looking for to diagnose this issue. It's
entirely possible that I have something configured stupidly/wrong,
etc or that the answer is right in front of me, but I wouldn't know.
I've done a little
sufficient.
Thanks again,
Brian.
$(cat /etc/hostname.vlan1)
# ifconfig vlan2 $(cat /etc/hostname.vlan2)
# sed 's/^/ifconfig vlan3 /' /etc/hostname.vlan3 | sh
which works fine.
So I was just wondering, is there something I've missed which is needed to
get them to self-configure at startup?
Thanks,
Brian.
.
Regards,
Brian.
an SAD. You put your policy into
ipsecctl, which passes it onto isakmpd, and isakmpd negotiates keys and
sticks them in the SAD.
For a typical VPN setup which says everything which comes in via IPSEC is
trusted then the pf policy is very simple.
Regards,
Brian.
(*) There are a few errors
who know is intimate with the
internals of pty(4) and ppp(4), knows enough about rp-l2tp to set up a test
rig, and would like to see the OpenBSD port working, I'd be very grateful
for your assistance.
Many thanks,
Brian Candler.
On Wed, Dec 06, 2006 at 11:35:00AM +, Brian Candler wrote:
Anyway, if there's anyone on this list who know is intimate with the
internals of pty(4) and ppp(4), knows enough about rp-l2tp to set up a test
rig, and would like to see the OpenBSD port working, I'd be very grateful
for your
0:00.01 ppp
So, something's not right here. Have I just made a simple error, or is there
something other than inetd required to accept incoming PPP-over-UDP
connections?
Regards,
Brian.
of devices by students, so a
manual procedure would be needed.
Are there ways for me to influence the behaviour of uchi (sysctls etc)
or delay detection to later in the boot process?
Thanks for any help,
Brian Scott
**
This message
, or you may experience
data loss or filesystem corruption.
That's an oops.
That's a big oops.
That gives me something to do this evening...
Nick.
Thanks for picking this up.
Regards,
Brian.
. Of
course you can only upgrade if you install a minimal OS X... :-/
I don't have a mini (or any reasonably current Apple hardware) but the
issue you mentioned reminded me of this post by Brian Keefer:
http://marc.theaimsgroup.com/?l=openbsd-sparcm=116483175532387w=2
It may be possible to do
./test1:./test2.so: undefined symbol 'bar'
Cannot load specified object
#
Under Linux it seems that '-rdynamic' is the magic incantation, because
without this it also fails. However I don't know what the OpenBSD equivalent
is.
Could someone provide me with the necessary clue please?
Thanks,
Brian.
that would involve rather more radical surgery on
rp-l2tp than I was hoping to make.
Dale Rahn's option of -Wl,-E does the trick though - thank you Dale.
Now I just need to work out if and how OpenBSD's PPPDISC differs from
Linux's N_HDLC :-)
Regards,
Brian.
and/or second stage)
to boot OpenBSD? And if so, has anyone got a recipe for this that they would
care to share?
Thanks,
Brian.
collisions, 0 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Regards,
Brian.
the same.
Looking at this, it seems that the last entry in /etc/ipsec.conf has taken
precedence over the others.
Is there a way to achieve what I'm trying to do, either using ipsecctl, or
manually configuring isakmpd?
Thanks,
Brian Candler.
P.S. I can paste the IOS config if you like, but I'm
On Fri, Nov 24, 2006 at 09:45:45AM +, Brian Candler wrote:
Looking at this, it seems that the last entry in /etc/ipsec.conf has taken
precedence over the others.
Is there a way to achieve what I'm trying to do, either using ipsecctl, or
manually configuring isakmpd?
To answer my own
On Fri, Nov 24, 2006 at 10:22:26AM +, Brian Candler wrote:
To answer my own question: inspired by the output of ipsecctl, I wrote a
perl program (attached) to generate a suitable isakmpd.conf (also attached),
and this appears to work just fine.
And now I seem to have hit some sort
-10.1.1.1-17] or
[IPsec-10.1.1.6:0-10.1.1.1:0-17]
# protocol specified but ports not specified
[IPsec-10.1.1.6-10.1.1.1] or
[IPsec-10.1.1.6:0-10.1.1.1:0-0]
# no protocol specified
Regards,
Brian.
I'm getting the following when posting to 'misc'. Is this known and/or
intentional?
I'm not bcc'ing to 'ports' - honest!
Regards,
Brian.
Return-path: [EMAIL PROTECTED]
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Fri, 24 Nov 2006 14:50:00 +
Received: from [127.0.0.1] (helo
On Fri, Nov 24, 2006 at 08:20:02AM -0700, Darrin Chandler wrote:
On Fri, Nov 24, 2006 at 02:52:23PM +, Brian Candler wrote:
I'm getting the following when posting to 'misc'. Is this known and/or
intentional?
I'm not bcc'ing to 'ports' - honest!
Something weird is going
Has anyone seen
http://uncyclopedia.org/wiki/OpenBSDhttp://uncyclopedia.org/wiki/OpenBSD ?
Quite informative.
_
The new Windows Live Toolbar helps you guard against viruses
http://toolbar.live.com/?mkt=en-gb
]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No
client certificate requested)
by rune.sasl.smtp.pobox.com (Postfix) with ESMTP id 5007A95325
for misc@openbsd.org; Fri, 24 Nov 2006 07:42:33 -0500 (EST)
Received: from brian
by mappit.linnet.org with local (Exim 4.60
that,
watching with 'top' I don't see the interrupt load go above 10%.
I'm not sure how to probe deeper to get a handle on what's actually
happening though. Perhaps isakmpd -L logging might shed some light, although
I don't fancy decoding QM exchanges by hand :-(
Regards,
Brian.
On Nov 15, 2006, at 9:25 AM, Kian Mohageri wrote:
On 11/14/06, Brian Keefer [EMAIL PROTECTED] wrote:
FWIW I was having very similar problems with em(4) in OpenBSD 4.0-
release under VMware (amd64 SMP). It would cease to recognize ARP
replies and just flood the network with ARP requests
hasn't resurfaced yet...
Brian Keefer
www.Tumbleweed.com
The Experts in Secure Internet Communication
of max
states (set limit states 20, etc.)
~BAS
On Wed, 11 Oct 2006, Ryan McBride wrote:
On Tue, Oct 10, 2006 at 05:50:50PM -0400, Brian A. Seklecki wrote:
Certainly a way to log events (interfaces, etc.) and the resulting actions
taken by the code would be useful in mission critical
and so the screen just keeps right on trucking and you don't have time
to read it. Is there some command or somewhere you can go to see what
the message was?
--Bryan
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
...from back
/backup election process.
Certainly a way to log events (interfaces, etc.) and the resulting actions
taken by the code would be useful in mission critical environments.
Anything beats tcpdump 'proto carp' and making guesses from there.
TIA,
-lava (Brian A. Seklecki - Pittsburgh, PA
it not working
well over a year ago.
Thanks,
Brian
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
extra on an open
source friendly company than a non-open source company.
Cheers,
Brian
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
am puzzled. I am not an engineer,
so is there something that I am overlooking?
Cheers,
Brian
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
everything behind a pretty GUI and do
the same things through a custom written app.
Please feel free to tear my every simple plan to shredsI can take
it.
Thanks,
Brian Shackelford
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Lars Hansson
Sent
} clean ${MAKE} depend exec ${MAKE}
notes:
--
On Fri, 8 Sep 2006, Brian A. Seklecki wrote:
One of the big problems with RAIDFrame support absence in GENERIC is that
it's also lacking in RAMDISK and RAMDISK_CD. This prevents RAIDFrame users
from doing binary updates off boot media.
This can
RAIDFrame enabled
OpenBSD systems, or use your .ISO with your DRAC card via remote media.
l8*
-lava (Brian A. Seklecki - Pittsburgh, PA, USA)
http://www.spiritual-machines.org/
...from back in the heady days when helpdesk meant nothing, diskquota
meant everything, and lives could
I thought the issue with the watchdog timing out was fixed. I was seeding a
torrent file this morning, so when I came home and turned it off, I received
these errors:
sk0: watchdog timeout
sk0: cannot stop transfer of Tx descriptors
I am running a kernel compiled as of last Saturday.
Here's my
? Is this
something a developer should look into fixing (i.e. I'm a developer, I might
want to fix it for the experience)?
Brian
and test much of this.
Good Luck and hope this helps -
Brian Shackelford
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
Raja Subramanian
Sent: Tuesday, May 16, 2006 5:15 AM
To: misc@openbsd.org
Subject: vlan router problems
Hi,
I'm trying
will provide me with a pointer to the removed
element, that all I need to do is free it.
Also, is the above the most efficient way to find and remove an element from a
red black tree?
Cheers,
Brian
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
that I need to clean up. And I
need to clean up the code I did write. And I need to verify that the current
pipe stuff can be removed as well since the code looks to only use the
socketpairs. Finally, I need to test it.
Thanks,
brian
Tired of spam? Yahoo! Mail has the best spam protection around
you can't ever unount the first / mount after init starts, because
that would mean revoking init's vnode.
Yes after disabling the kernel checks I've tried to do this and it seems
to cause a complete halt of the system.
If only I could bypass the check that disallows a device from becoming
On Mon, 24 Apr 2006, Toni Mueller wrote:
Hello,
I have a box that once had two IP addresses on one interface. I
deconfigured one of them using ifconfig -alias.
I'd rather not reboot only to make a change in IP numbers effective...
Check netstat -rn and arp -an for hangers-on lingering
On Fri, 21 Apr 2006, Mitja Mu?eni? wrote:
I'm debbuging something weird here. Before I put together a full and
sanitized error report, just a quick question: is anybody else seeing DPD to
just stop working after a couple of hours, or is it just me my setup?
I have some pre-3.9 -current (mid
601 - 700 of 784 matches
Mail list logo