Re: djbdns DNS server? Status, Pros and Cons?

[Stephan Wehner]

The OP was unsure about the quality of djbdns. By just I meant that
if the license allowed,  it would be included, at least in ports.
That's my guess.

Stephan

On 5/24/05, Theo de Raadt [EMAIL PROTECTED] wrote:
  Is it not just a license problem that keeps djbdns out of the BSD's ?
 
just
 
 That word really does not belong there.  That's a phrase used in english
 often used to express how small a problem is.
 
 It is not a small problem.  It is fatal.

Re: djbdns DNS server? Status, Pros and Cons?

[Karl-Heinz Wild]

On 25.05.2005, at 07:20, Theo de Raadt wrote:


Is it not just a license problem that keeps djbdns out of the BSD's ?


   just

That word really does not belong there.  That's a phrase used in 
english

often used to express how small a problem is.

It is not a small problem.  It is fatal.


Maybe a stupid question, but is an OpenDNS out there?
I laught as I thought about, as I read the explaination
to the word just.

Kind regards
Karl-Heinz 

Re: Certified Hardware

[eric]

On Tue, 2005-05-24 at 15:03:34 -0700, Aaron Glenn proclaimed...

 who will execute a maintenance contract on just the hardware?
 certainly not Nokia...

Do it yourself; it's just a PC; and junk at that.

BTW - the quad cards do work too and show up as dc(4) devices.

Re: Desktop chrooted

[Mike]

Stephan Wehner wrote:
 Mainly I'm worried about running a lot of user applications which
 connect to the Internet. But I can't estimate the overhead.
 

choose wisely your applications and systrace(1) would most likely give
you some extra security.

how to ifconfig another ip address in a network device

[wang fei]

i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but 
it doesn't work.

Re: how to ifconfig another ip address in a network device

[Rod.. Whitworth]

On Wed, 25 May 2005 15:09:35 -0700, wang fei wrote:

i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but 
it doesn't work.



I guess that man ifconfig doesn't work on Linux or you would have known
to use it.

Or maybe you just are not used to having on-line documents for nearly
everything.

That's all the help you need.

From the land down under: Australia.
Do we look umop apisdn from up over?

Do NOT CC me - I am subscribed to the list.
Replies to the sender address will fail except from the list-server.

Re: Linuxwochen Vienna 2005, May 24 - 27, 2005, Vienna, Austria.

[Per Engelbrecht]

Wim Vandeputte wrote:

Hey,

I'm on my way to Vienna now for the Linuxwochen, May 24 - 27, 2005

Reinhard and me will be in the MuseumsQuartier from Wednesday 25 
to answer your questions or just meet people for a chat and drinks


Wim.




Hi Wim

A little off topic and for whatever it's worth;
- I find all the work that you do (OpenBSD advocacy, support et al) and 
all the traveling (saw you last time in Copenhagen at LF05) very 
admirable. I do my part as well (another order of magnitude downscale) 
but you manage to be everywhere. Thumbs up Wim.


respectfully
/per
[EMAIL PROTECTED]

Re: how to ifconfig another ip address in a network device

[Nico Meijer]

Hi,

 i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux,
 but it doesn't work.

`man ifconfig` and `man hostname.if` will tell you everything you need
to know.

Good luck... Nico

P.S. OpenBSD is not Linux.

Re: OBSD 3.7 ports -- mysql

[Per Engelbrecht]

Daniel Ouellet wrote:

Just FYI.

I am finishing up a port that hopefully will be put in for MySQL 4.1.12, 
their latest recommended stable version.


Hi Daniel

That's brilliant!



So far all works well and pass all the tests suites stuff, with the 
exception that I have to create three hard link to make it work still, 
but I am working on correcting that.


Would be nice to get some testing as well. I use it without problem so far.


I'm about to launche a [3.7  AMD64  GENERIC.MP] mysql server (mysql 
backend for a lot of servers / production environment) and would like to 
test and use the new MySQL 4.1.12




I have the packages for i386 and amd64 ready for all clients, servers, 
and test, or the files if you want to make your own compile from source.


pkg would be nice.



I haven't send it in yet to port@ as I am almost all there, not to my 
liking yet, but it does work and is all complete for the clients and 
servers part. I am still struggling with the tests part a bit.


I have amd64 done on stable 3.7 and i386 done on stable 3.6.

Testing if you want, may be good to do!


Gimmi, gimmi, gimmi.



I can make the packages available if you like, or my files for making 
your own from source. Works for me...


Keep up the good work.

respectfully
/per
[EMAIL PROTECTED]




Daniel

Re: how to ifconfig another ip address in a network device

[Sean Knox]

wang fei wrote:
i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but 
it doesn't work.


As you're no doubt discovering, OpenBSD is not linux. man ifconfig and 
read about IP aliases.


hint: ifconfig fxp0 alias x.x.x.x

cheers,
Sean

Re: OBSD 3.7 ports -- mysql

[Daniel Ouellet]

Per Engelbrecht wrote:


I'm about to launche a [3.7  AMD64  GENERIC.MP] mysql server (mysql 
backend for a lot of servers / production environment) and would like to 
test and use the new MySQL 4.1.12




I have the packages for i386 and amd64 ready for all clients, servers, 
and test, or the files if you want to make your own compile from source.



pkg would be nice.



You can get it from here for now for your amd64:

http://openbsdsupport.org/packages/amd64/

You will need to install the package p5-DBD-mysql-2.9004.tgz, but that's 
already available on the main site. So, get it from there. Then install 
the client and server. I didn't release the test suite as it doesn't go 
in the right place yet and I haven't finish the testing on it.


You can use these, but it will be better in a few days. May be two or 
so. I don't expect any changes in these two, but you never know.


Feedback would be welcome, but heavy testing would be best before using 
in production obviously!


Have fun!

Daniel

PS: I will let you know when the final package are done if there is any 
changes on it.

Re: OBSD 3.7 ports -- mysql [offtopic!]

[sebastian . rother]

 Daniel Ouellet wrote:
 Just FYI.

 I am finishing up a port that hopefully will be put in for MySQL 4.1.12,
 their latest recommended stable version.

 Hi Daniel

 That's brilliant!

[installed pSQL from ports so: aggro offtopic]

That's nice for MySQL..

I'm still waiting until dataloss will be accapted as DoS-Case so that
the PostgreSQL would be updated up to 7.4.8 (but a update to 8.0.3 would
be better anyway)

It's realy disappointing to see updates for PHP and other software because
of some DoS-things (anyway thanks to robert and brad) and e.g.
PostgreSQL isn't even at the latest 7.4.x-Version. :-(

I think sometimes about asking every portmaintainer Define me
importent to write down a manpage to explain the meaning of an
importent update if it deals with PHP compared e.g. to PostgreSQL or
others.
If data-loss isn't a reason for an update of a database-package

It's not the first time that I request a PostgreSQL update and it seams
the current maintainer isn't able to change a version-number so that the
update would be avaiable for all users.

But Bred and Robert are like a light in the darkness. ;)

Btw for the pSQL maintainer:

--
Migration to version 7.4.6

   A dump/restore is not required for those running 7.4.X.
 __

Changes

 * Repair possible failure to update hint bits on disk
   Under rare circumstances this oversight could lead to could not
   access transaction status failures, which qualifies it as a
   potential-data-loss bug.
--

But I guess there wont be an update to 8.0.3 nor any fast update to
7.4.8 even the maintainer got 5 mails in the last 3 months.
[/aggro offtopic]

Kind regards and have a nice day,
Sebastian

Atheros - DWL G520 (Rev 2) and a problem...

[sebastian . rother]

Maybe it's a case for bugs@ but I wanna know if I did something wrong.

I've a DWL G520 (Rev 2, Atheros) and my ASUS K7V880 wont work with it.
Or at least OpenBSD dosn't work with the card at this board.

I assembled that card also at my ASUS K8V880 but because the Atheros
driver isn't ported to AMD64 yet it wont work (I just took a look if the
card is working and oBSD 3.7 AMD64 detects it).

$ dmesg | grep ath
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3
ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for
regdomain NONE(32976)
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3
ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for
regdomain NONE(32976)
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3
ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for
regdomain NONE(32976)
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3
ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for
regdomain NONE(32976)



full-dmesg:
--
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Duron(tm)  (AuthenticAMD 686-class) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 267231232 (260968K)
avail mem = 236953600 (231400K)
using 3287 buffers containing 13463552 bytes (13148K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80
pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00
pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00
pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00
pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00
pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3
ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for
regdomain NONE(32976)
xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 5,
address -censored-
exphy0 at xl0 phy 24: 3Com internal media interface
pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide1 channel 0 drive 0: WDC WD1200JB-75CRA0
wd0: 16-sector PIO, LBA, 114440MB, 234375000 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide1 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: MITSUMI, CD-ROM FX320M !B, m01 SCSI0
5/cdrom removable
cd0(pciide1:1:0): using PIO mode 4, DMA mode 2
pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00
xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10,
address -censored-
exphy1 at xl1 phy 24: 3Com internal media interface
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffdd netmask fffd ttymask 
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
--

The card was detected by OpenBSD 3.7 (AMD64) on my ASUS K8V800
but it seams OpenBSD 3.7 (i386) on the ASUS K7V880 has a problem.
It's no IRQ-related bug because I removed all other cards to see if the
card needs a IRQ wich was already in use by another card.

It would be nice if somebody could tell me if I did something wrong.
I also loosed the e-Mail of the developer otherwise I would prefere to
talk with him.

I need the Wlan-Card because I've to set up an AP because the NIC of my
Notebook is fucked up (so WLAN+IPSec). I would like to switch the

Re: OBSD 3.7 ports -- mysql [offtopic!]

[Wijnand Wiersma]

2005/5/25, [EMAIL PROTECTED] [EMAIL PROTECTED]:
 [installed pSQL from ports so: aggro offtopic]
 
 That's nice for MySQL..
 
 I'm still waiting until dataloss will be accapted as DoS-Case so that
 the PostgreSQL would be updated up to 7.4.8 (but a update to 8.0.3 would
 be better anyway)

http://www.openbsd.org/cgi-bin/cvsweb/ports/databases/postgresql/

Re: OBSD 3.7 ports -- mysql

[Per Engelbrecht]

Daniel Ouellet wrote:

Per Engelbrecht wrote:



I'm about to launche a [3.7  AMD64  GENERIC.MP] mysql server (mysql 
backend for a lot of servers / production environment) and would like 
to test and use the new MySQL 4.1.12




I have the packages for i386 and amd64 ready for all clients, 
servers, and test, or the files if you want to make your own compile 
from source.




pkg would be nice.



You can get it from here for now for your amd64:

http://openbsdsupport.org/packages/amd64/


Check and done.



You will need to install the package p5-DBD-mysql-2.9004.tgz, but that's 
already available on the main site. So, get it from there. Then install 
the client and server. I didn't release the test suite as it doesn't go 
in the right place yet and I haven't finish the testing on it.


Fine by me Daniel.



You can use these, but it will be better in a few days. May be two or 
so. I don't expect any changes in these two, but you never know.


The server should be running a.s.a.p (as usual) and I'll start working 
on the sql part now and do some testing. If you come up with radical 
changes within the next couple of days or so, I'll take it from there.




Feedback would be welcome, but heavy testing would be best before using 
in production obviously!


I'll give you feedback and yes, testing in a production is always a 
risky business. The other servers using the sql-server will be assigned 
one by one i.e. I have time to fix things with your help (*) before any 
major disaster strikes.

(* = with your updates that is)



Have fun!


Thank you.



Daniel

PS: I will let you know when the final package are done if there is any 
changes on it.


I would appreciate that very much.




respectfully
/per
[EMAIL PROTECTED]

error building userland - inconsistent operand constraints in an `asm'

[fehler404]

dear all,

after trying to get along on my own for a while, i finally go so disapointed
and unsatisfied and decided that i need help. i always ran into the same
problem, so there must be something wrong about my procedure how i build
kernel AND userland.

i got the final release of openbsd 3.7 on may 21 by ftp. burned it on a cd
and made a fresh installation.
after the system was up an running, i got ports and sources via cvs by doing
the follwing :

# cd /usr
# cvs -q get -rOPENBSD_3_7 -P src

and

# cd /usr
# cvs -q get -rOPENBSD_3_7 -P ports

then i made a custom kernel by copying the GENERIC conf file to a file named
myGENERIC and did a bit customizing. to build the kernel i followed the
steps described on the official openbsd.org site
(http://www.openbsd.org/faq/faq5.html)

# cd /usr/src/sys/arch/i386/conf
# config myGENERIC
# cd ../compile/myGENERIC
# make clean  make depend  make

instead of make install i first made a backup of the existing kernel (# cp
/bsd /bsd.old) and then copied the new one over the existing (# cp bsd /bsd)

after a reboot, i checked dmesg and everything seemd to work perfectly.

then, i went through the steps of building the userland.

# rm -rf /usr/obj/*
# cd /usr/src
# make obj
# cd /usr/src/etc  env DESTDIR=/ make distrib-dirs
# cd /usr/src
# make build

and that's the point where it ALWAYS stops with exactly the same error
message!!
i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always
run into the same error :-(

OUTPUT
cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall
-Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes
-Wsign-compare -I/usr/src/lib/libpthread/uthread
-I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include
-D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386
-c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o
/usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function
`_atomic_lock':
/usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand
constraints in an `asm'
*** Error code 1

Stop in /usr/src/lib/libpthread.
*** Error code 1

Stop in /usr/src/lib.
*** Error code 1

Stop in /usr/src (line 72 of Makefile).
[EMAIL PROTECTED]:/usr/src]$
/OUTPUT

can someone please tell me what i'm doing wrong?
is there a way to get the sytem back into a clean state without doing a
fresh install?

greetingz 
thomas

Re: My NIC go to sleep?

[sebastian . rother]

 Hello,

 I'm a newwbie on OpenBSD and I've installed it on a IBM P100 Computer.
 I have a Intel 82557 NIC inside. This NIC can be seen as fxp0.
 My problem is:
 When I don't use the comuputer during about 5 minutes, my NIC go to
 sleep and don't want to receive or send any frames.
 But if I press a key on the keyboard or if I connect by SSH through
 another NIC,fxp0 works again during about 5 minutes. It is a strange
 behaviour.
 I don't know if it is a bug or a feature, but I didn't see anything
 about that in the FAQ or in the the manual. I've verified with tcpdump,
 when my NIC is sleeping, it don't view anything.

 Thanks for your help...

 Excuse me for my bad english

 PS: My NIC works well with Linux.

 Pascal S.

*cut*

I had something similiar with an PC too (but I can't remember if it was
also IBM or DELL or whatever). Maybe it sounds crazy but deactivate
everything related with power-saving (if your BIOS provides that). The PC
I remeber had some problems because of the fucked up BIOS (like my
notebook with PCMICA...).
Maybe a BIOS-Update could solve that problem (I would update it anyway..).

It's just a little hint and maybe no solution but try and error..or? ;)
Btw: Any output at the console?

The only Chipset I remember wich was realy fucked up was a SiS.
I had to do always a sh /etc/netsart to restart the network.

Btw: LINUX is supported by some fatcats...
So you could say But with Windows it works well... yeah maybe.
But I'm sure you wont compare that NDA-shit with such beautifull OS like
oBSD. ;))

Kind regards,
Sebastian

Re: error building userland - inconsistent operand constraints in an `asm'

[Dan Bond]

I think the first thing you did wrong was to post that you'd done some
customizing on this list. Now i'm sure you have good reasons, but
honestly the usual reaction to that kind of thing is don't talk to us
until you've stopped customizing and tried it with GENERIC. Just a
warning that you're likely to get quite badly shouted at, have been
lurking here for a little while and honestly it happens WAY too often,
and the reaction is always the same.

Have you tried it with GENERIC to see if the problem is still the
same, or is there some massive problem which means you can't use
GENERIC? Might be worth a try, although am sure someone who actually
knows these things will spot what's wrong and tell you so.

Dan

On 5/25/05, fehler404 [EMAIL PROTECTED] wrote:
 dear all,
 
 after trying to get along on my own for a while, i finally go so disapointed
 and unsatisfied and decided that i need help. i always ran into the same
 problem, so there must be something wrong about my procedure how i build
 kernel AND userland.
 
 i got the final release of openbsd 3.7 on may 21 by ftp. burned it on a cd
 and made a fresh installation.
 after the system was up an running, i got ports and sources via cvs by doing
 the follwing :
 
 # cd /usr
 # cvs -q get -rOPENBSD_3_7 -P src
 
 and
 
 # cd /usr
 # cvs -q get -rOPENBSD_3_7 -P ports
 
 then i made a custom kernel by copying the GENERIC conf file to a file named
 myGENERIC and did a bit customizing. to build the kernel i followed the
 steps described on the official openbsd.org site
 (http://www.openbsd.org/faq/faq5.html)
 
 # cd /usr/src/sys/arch/i386/conf
 # config myGENERIC
 # cd ../compile/myGENERIC
 # make clean  make depend  make
 
 instead of make install i first made a backup of the existing kernel (# cp
 /bsd /bsd.old) and then copied the new one over the existing (# cp bsd /bsd)
 
 after a reboot, i checked dmesg and everything seemd to work perfectly.
 
 then, i went through the steps of building the userland.
 
 # rm -rf /usr/obj/*
 # cd /usr/src
 # make obj
 # cd /usr/src/etc  env DESTDIR=/ make distrib-dirs
 # cd /usr/src
 # make build
 
 and that's the point where it ALWAYS stops with exactly the same error
 message!!
 i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always
 run into the same error :-(
 
 OUTPUT
 cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall
 -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes
 -Wsign-compare -I/usr/src/lib/libpthread/uthread
 -I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include
 -D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386
 -c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function
 `_atomic_lock':
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand
 constraints in an `asm'
 *** Error code 1
 
 Stop in /usr/src/lib/libpthread.
 *** Error code 1
 
 Stop in /usr/src/lib.
 *** Error code 1
 
 Stop in /usr/src (line 72 of Makefile).
 [EMAIL PROTECTED]:/usr/src]$
 /OUTPUT
 
 can someone please tell me what i'm doing wrong?
 is there a way to get the sytem back into a clean state without doing a
 fresh install?
 
 greetingz
 thomas

Re: risky alias..

[Mike]

Adam Gleave wrote:
 I don't understand your point
 
 --- START: Shell output ---
 
 puffy:nard {109} alias foo 'echo bar'
 puffy:nard {110} foo
 bar
 puffy:nard {111} su -
 Password:
 Terminal type? [screen]
 puffy# foo
 foo: Command not found.
 
 --- END: Shell output ---
 

the thing i meant was something more like this:

puffy:nard {109} alias su 'echo bar'
puffy:nard {110} su
bar

 --- END: Shell output ---


would be easily to get password or something else.

Re: risky alias..

[Adam Gleave]

I don't understand your point

--- START: Shell output ---

puffy:nard {109} alias foo 'echo bar'
puffy:nard {110} foo
bar
puffy:nard {111} su -
Password:
Terminal type? [screen]
puffy# foo
foo: Command not found.

--- END: Shell output ---

If a person gets access to manipulate shell startup scripts then your
likely messed up anyway.

On 25/05/05, Mike [EMAIL PROTECTED] wrote:
 just a question that has been in my mind for several years, as for
 aliases isn't that a bit risky to allow to do something like:
  alias /usr/bin/su='echo damn.'
 
 as PATH and other enviroment values are strictly parsed and stuff
 shouldn't there be something for this too or do i miss something
 important or is this too paranoid..
 
 


-- 
Adam Gleave
[ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]

Re: NIC bonding/trunking/802.3ad

[Dries Schellekens]

Niall O'Higgins wrote:

On Tue, May 24, 2005 at 02:01:23PM +0100, Hyb wrote:


It seems that the topic of 802.3ad support (link
aggregation|bonding|trunking|whatever you want to call it) seems to come
every so often, but is often disregarded on the basis that gigE is now
cheap. I see the redudancy as a much more valuable asset though.


speak of the devil! reyk@ got there already ...

http://marc.theaimsgroup.com/?l=openbsd-cvsm=111690466011478w=2


How does this compare to NetBSD agr(4)? Is this also IEEE 802.3AD?


Cheers,

Dries

Re: Xorg problem with Intel 82852GM on OpenBSD 3.7

[Murat Mamitov]

Yes, i found these reports too, but without a solution. Adam, to be
not alone with this problem not doing me happier :)
The strange thing is that with Linux, FeeBSD, FreeSBIE, NetBSD Live
all works. I tried also to use xorg.conf files of these last, but i
recived the same problem... I think the problem is at the kernel
level, i hope not, but i think so.

Thank you. 

On 5/25/05, Adam Gleave [EMAIL PROTECTED] wrote:
 Read through it again... and this is some interesting results:
 
 http://www.google.co.uk/search?hl=enq=%28WW%29+I810%280%29%3A+Detected+stolen+memory+%288000+kB%29+doesn%27t+match+what+the%0D%0ABIOS+reports+%28262080+kB%29btnG=Searchmeta=
 
 Seems you are not alone, and they're both HP as well... hmm.

Re: error building userland - inconsistent operand constraints in an `asm'

[Janne Johansson]

fehler404 wrote:
 dear all,
 
 after trying to get along on my own for a while, i finally go so disapointed
 and unsatisfied and decided that i need help. i always ran into the same
 problem, so there must be something wrong about my procedure how i build
 kernel AND userland.

 # cd /usr/src
 # make build
 
 and that's the point where it ALWAYS stops with exactly the same error
 message!!
 i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always
 run into the same error :-(

This part makes no sense to me. I have seen loads and loads of weird
compile errors, and other faults while trying to do stuff from
release-current, or stable-current or current-flagday and so on, but

I hardly believe that doing 3.5-install and your update-to-stable-stuff,
3.6-install and your update-stuff and finally 3.7-install and your
update-stuff would give the same error. I might be wrong but it seems
to be an infinitesimally small chance of getting the same error (which
noone else have seen) on three releases in a row.

 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function
 `_atomic_lock':
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand
 constraints in an `asm'
 *** Error code 1
 


-- 
Janne Johansson
Sektionen fvr IT  Media, Stockholms Universitet
Frescati Hagvdg 10
106 91 STOCKHOLM
http://www.it.su.se

Re: risky alias..

[Mike]

Jason Opperisano wrote:
 On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote:
 
would be easily to get password or something else.
 
 
 if $bad_person has the ability to modify your user's or the system-wide
 shell initialization files, why exactly would they need to steal your
 password at that point?
 
 -j
 
 --
 Brian: Congratulations, Peter. You're the Spalding Gray of crap.
 --Family Guy
 
 

i was just thinking that maybe my friend is a bad person or double agent
or maybe the janitor is clever and attacks silently in that time when im
going to bathroom and in a one time i forget to lock my desktop, then
all is lost and disaster is there.

Re: risky alias..

[Will H. Backman]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Mike
 Sent: Wednesday, May 25, 2005 11:14 AM
 To: misc@openbsd.org
 Subject: Re: risky alias..
 
 Jason Opperisano wrote:
  On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote:
 
 would be easily to get password or something else.
 
 
  if $bad_person has the ability to modify your user's or the
system-wide
  shell initialization files, why exactly would they need to steal
your
  password at that point?
 
  -j
 
  --
  Brian: Congratulations, Peter. You're the Spalding Gray of crap.
  --Family Guy
 
 
 
 i was just thinking that maybe my friend is a bad person or double
agent
 or maybe the janitor is clever and attacks silently in that time when
im
 going to bathroom and in a one time i forget to lock my desktop, then
 all is lost and disaster is there.

Set the immutable flag on all of your files and then change the kernel
security level so that they cannot be changed even by root.  All kinds
of things will break, but then you can leave your system logged on while
you walk away.

Re: quick malloc guard patch

[Janne Johansson]

Jonathan Thornburg wrote:
 when malloc gets a request with a size equal to the size of a pointer, we
 can allocate a whole page, and return a pointer 4 bytes from the end. 
 the
 four bytes allocated are useable, but don't touch the fifth or any later
 ones.  (8 bytes on 64bit archs).
 
 Is the plan to make this the default behavior, or just to add it as
 another option selectable by /etc/malloc.conf?

This would make all 4/8-byte mallocs take up one page(4k) each if I
understand this correctly.

That's fine for debugging, but probably too expensive for normal usage.

-- 
Janne Johansson
Sektionen fvr IT  Media, Stockholms Universitet
Frescati Hagvdg 10
106 91 STOCKHOLM
http://www.it.su.se

Re: 80-page Pharma complimentary report-Emerging Business models in Pharma

[JSB Intelligence]

Hello! 

This is just a quick note to inform you about an 80-page report on the 
Pharmaceutical Industry that we're able to provide you - at no cost. 

Compiled by some of the best analysts in the industry, the report provides an 
insight into the latest trends and strategies in the Pharmaceutical Industry. 
Over 50 pharma and biotech companies have been interviewed and benchmarked, and 
the resulting analysis will give you a comprehensive look at the future of the 
Industry. 

Maybe you haven't heard this yet - but Pharma companies are going through some 
huge changes in response to activities such as parallel trade, generic vs. 
patent fight, mergers and acquisitions, in-licensing and out-licensing, and the 
choice between semi block buster and block buster model. The report not only 
analyses the large structural changes and dynamic shifts in the Industry, it 
also takes an in-depth look at new revenue models. Another area of analysis is 
the shift from chemical-based small molecules to biology-based large molecules 
like antibodies and protein, and what new opportunities this has created in the 
Industry. 

To download the full report and view the table of contents click here. 
http://www.jsbintelligence.com/template.asp?docId=22docName=Pharma-Report-Form

Should you be the wrong person to contact for this type of report, we would 
greatly appreciate if you would forward this email to the appropriate person in 
your company. 
Please do not hesitate to contact us shall you have any questions. 

Regards,
The JSB Intelligence Team 
www.jsbintelligence.com



http://www.benchmarkemail.com/link/unsubscribe.asp?g=0c=44577l=37709331[EMAIL
 PROTECTED] Click here  to unsubscribe from our mailing list. Or  reply to this 
message with the word unsubscribe or remove in the subject line.   

Address : Kildare House, 102-104 Sheen Road City: London  St: Outside US  Zip: 
TW9 1UF

Powered by Benchmarkemail
http://www.benchmarkemail.com 

REPORT ABUSE
http://www.benchmarkemail.com/link/report_abuse.asp?g=0c=44577l=37709331[EMAIL
 PROTECTED]

Re: NIC bonding/trunking/802.3ad

[Hyb]

- Original Message - 
From: Jim Razmus [EMAIL PROTECTED]
To: misc@openbsd.org
Sent: Tuesday, May 24, 2005 7:12 PM
Subject: Re: NIC bonding/trunking/802.3ad


 But this requires cooperation on the part of the switch.  The original
 poster mentioned connecting to two distinct switches to remove the
 switch as a SPOF.  Correct me if I'm wrong, .3ad does not address this.

Unfortunately no, .3ad doesn't address failover or aggregation over multple
switches.
As I understand 'trunkproto roundrobin' will do though in a master/slave
fashion.
Which is good.. now to test it.

Regards,

Re: error building userland - inconsistent operand constraints in an `asm'

[fehler404]

fehler404 wrote:
 dear all,
 
 after trying to get along on my own for a while, i finally go so 
 disapointed and unsatisfied and decided that i need help. i always ran 
 into the same problem, so there must be something wrong about my 
 procedure how i build kernel AND userland.

 # cd /usr/src
 # make build
 
 and that's the point where it ALWAYS stops with exactly the same error 
 message!!
 i tried it with openbsd version 3.5, version 3.6 and version 3.7. i 
 always run into the same error :-(

This part makes no sense to me. I have seen loads and loads of weird
compile errors, and other faults while trying to do stuff from
release-current, or stable-current or current-flagday and so on, but

I hardly believe that doing 3.5-install and your update-to-stable-stuff,
3.6-install and your update-stuff and finally 3.7-install and your
update-stuff would give the same error. I might be wrong but it seems to
be an infinitesimally small chance of getting the same error (which noone
else have seen) on three releases in a row.



i'm sorry, but this is the truth! as long as i'm been fighting with
openbsd i did ran into this problem from release to release... so normally i
only did a relase installation and led the rest untouched, because of the
fact that building userland leads into the same error...

believe me it is always the SAME probleme and error message during the build
of userland!!



 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function
 `_atomic_lock':
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent 
 operand constraints in an `asm'
 *** Error code 1

Re: quick malloc guard patch

[Hannah Schroeter]

Hello!

On Wed, May 25, 2005 at 03:17:59PM +0200, Janne Johansson wrote:
[...]

This would make all 4/8-byte mallocs take up one page(4k) each if I
understand this correctly.

That's fine for debugging, but probably too expensive for normal usage.

I tend to agree. While most applications will allocate 4/8 byte values
either as local variables or as part of something bigger, you can't
exclude cases where generic code could hit that case in masses.

Take for example a list of variable-length lists of integers:

int **list;
int *sizes;

sizes = (int *) malloc(lines * sizeof(int));
list = (int **) malloc(lines * sizeof(int*));

/* error checking, of course */

for (i = 0; i  lines; ++ i) {
sizes[i] = choose_size(i);
list[i] = (int *) malloc(sizes[i] * sizeof(int));
choose_values(list[i], sizes[i]);
}

Now if the sizes returned by choose_size are in a distribution with
an average of a few (say 4), but with a big variation, a size of 1 might
occur often enough, i.e. you might waste *much* memory and time (mmap of
single pages might well hit the kernel much).

That's why I tend to agree, very cool idea for debugging (like it seems
to be now, with the flag G), but not a low enough overhead for full
production use (*un*like things like propolice etc.).

Kind regards,

Hannah.

Re: how to ifconfig another ip address in a network device

[Xavier Beaudouin]

You can try man ifconfig and look for alias section.

OpenBSD is not Linux for such commands.

Le 26 mai 05 ` 00:09, wang fei a icrit :

i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux,  
but it doesn't work.

Re: how to ifconfig another ip address in a network device

[C. Jackson]

Wang,

Unlike many linux distros, OBSD has excellent manpages that will help
you with this.

On 5/25/05, wang fei [EMAIL PROTECTED] wrote:
 i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but
 it doesn't work.

Re: risky alias..

[Chris Kuethe]

or clean out $IFS and then call /usr/bin/su or other sensitive app...

search paths are a convenience, if you're worried about trojans in
~/bin and ., then the least you could do is use the full path to a
program.

On 5/25/05, Ray [EMAIL PROTECTED] wrote:
 On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote:
  the thing i meant was something more like this:
 
  puffy:nard {109} alias su 'echo bar'
  puffy:nard {110} su
  bar
 
 [EMAIL PROTECTED] alias su='echo bar'
 [EMAIL PROTECTED] su
 bar
 [EMAIL PROTECTED] \su
 Password:
 
 


-- 
GDB has a 'break' feature; why doesn't it have 'fix' too?

Re: djbdns DNS server? Status, Pros and Cons?

[Paul de Weerd]

On Tue, May 24, 2005 at 06:50:46PM -0500, Emilio Perea wrote:
| I use djbdns on OpenBSD, and don't know anything that needs patching for
| my uses.  However, I don't do ipv6.  There is a patch to do that, but if
| I needed ipv6 support I'd probably stick with OpenBSD's version of BIND.
| (At least until djb gets around to supporting ipv6.)

The IPv6-patch for djbdns isn't really very good. I'd recommend
against using it. I'm not a big BIND fan when it comes to large-scale
caching nameservers either though (although BIND does do IPv6
better .. and its license is a big plus over djbdns). For large caches
I'm not sure what to recommend ;P

DJB should get around to adding decent IPv6, but only after he gets
around to adding a decent license. Then again, that's just my opinion.
Of course DJB has every right to use whatever license he sees fit for
his software and you have every right to use whatever you like,
licenses not withstanding.

Cheers,

Paul 'WEiRD' de Weerd

-- 
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
 http://www.weirdnet.nl/ 

Re: risky alias..

[Adam Gleave]

If a person gains access to your account, it's already too late to
stop anything. They can change your shell to a trojaned one, install a
keylogger, remove something from path variable to manipulate it, etc.
This is what I would do:

Scenario #1: Console login

Vulnerability: A person could gain access to the current user you have
logged in/su'ed in. They also gain possible sudo privilleges.
Solution: Login. Type exec screen -S vtn, when temporarily
finished with a session detatch said screen session using Ctrl+a+d.
Your screen session can be resumed by logging back in and doing exec
screen -S vtn -r. Note that the -S paramater is optional and
specifies session name. If you didn't know, exec should tell the shell
to not fork and exec but just exec, thus overwriting itself and
therefore when the program ends ending your session.

Scenario #2: X session

Vulnerability: A person could gain access to the current user you have
logged in as, and any terminals you have open.
Solution: Login. Type exec startx. When temporarily finished lock
session with xlock (or some similair solution). See above for exec
definition.

And don't forgot to look it is the rule. For me, it's a habbit for if
I so much as turn my back to the computer to type Ctrl+x (a keybind I
have to lock session) :)

Oh, and have at least three users:

root
admin account (can su to root, some other privilleges. group staff)
user account (can't su to root, maybye not to anyone else. group users)

Login to admin account only if you need it, and from that login to
root only if you need it. Then, at least you don't have whole system
compromise.

On 25/05/05, Mike [EMAIL PROTECTED] wrote:
 Jason Opperisano wrote:
  On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote:
 
 would be easily to get password or something else.
 
 
  if $bad_person has the ability to modify your user's or the system-wide
  shell initialization files, why exactly would they need to steal your
  password at that point?
 
  -j
 
  --
  Brian: Congratulations, Peter. You're the Spalding Gray of crap.
  --Family Guy
 
 

 i was just thinking that maybe my friend is a bad person or double agent
 or maybe the janitor is clever and attacks silently in that time when im
 going to bathroom and in a one time i forget to lock my desktop, then
 all is lost and disaster is there.



--
Adam Gleave
[ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]


-- 
Adam Gleave
[ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]

Re: ALTQ: amount of queue rules

[Bob DeBolt]

Greets

 maximum number of queues are in include files.For CBQ
 limit is 256, HFSC 64 per interface.
 Also you can use QoS only on outgoing interface.

I am about to test something that I read very recently, written by 
D. Hartmeier?? (could be mistaken) When doing QOS on inbound, i.e.
and inound ssh connection keep state you are then controlling outbound
traffic based on an inbound connection. A search or the archives will 
reveal if it was Daniel or not.


-- 
Sincerely

Bob DeBolt

Re: use ifstated to modify pf/rdr

[Jason Dixon]

On May 25, 2005, at 11:51 AM, Joel CARNAT wrote:


I would like to use ifstated (OpenBSD 3.7/i386) in the
http://www.openbsd.org/faq/pf/pools.html#incoming case (except I'll use
SMTP server, not HTTP) to modify the $web_servers macros when one of 
the
server if detected to be down (no SMTP response, or no ping, whatever 
is

best).

I found no such example on google and don't know where to start...

Has anyone already done such a thing ?
Anyone can provide me with the pf.conf part and ifstated.conf ?

I've already use ftpsesame and play with the pf tags but I don't get
how to produce them with ifstated...


If you want to monitor servers and remove them from availability, use 
PF tables to store address lists.  Then use your script (shell, perl, 
etc) to monitor them and delete them from the table if they become 
unavailable.  When they come back to life, just add them to the table.


--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: use ifstated to modify pf/rdr

[Joel CARNAT]

On Wed, May 25 2005 - 12:58, Jason Dixon wrote:
 On May 25, 2005, at 11:51 AM, Joel CARNAT wrote:

 I would like to use ifstated (OpenBSD 3.7/i386) in the
 http://www.openbsd.org/faq/pf/pools.html#incoming case (except I'll use
 SMTP server, not HTTP) to modify the $web_servers macros when one of
 the
 server if detected to be down (no SMTP response, or no ping, whatever
 is
 best).
 
 I found no such example on google and don't know where to start...
 
 Has anyone already done such a thing ?
 Anyone can provide me with the pf.conf part and ifstated.conf ?
 
 I've already use ftpsesame and play with the pf tags but I don't get
 how to produce them with ifstated...

 If you want to monitor servers and remove them from availability, use
 PF tables to store address lists.  Then use your script (shell, perl,
 etc) to monitor them and delete them from the table if they become
 unavailable.  When they come back to life, just add them to the table.


 well... I thought ifstated would do that automagically (and was meant to
 do such things). did I misunderstood it's use ?

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: use ifstated to modify pf/rdr

[Jason Dixon]

On May 25, 2005, at 1:54 PM, Joel CARNAT wrote:


On Wed, May 25 2005 - 12:58, Jason Dixon wrote:


If you want to monitor servers and remove them from availability, use
PF tables to store address lists.  Then use your script (shell, perl,
etc) to monitor them and delete them from the table if they become
unavailable.  When they come back to life, just add them to the table.


 well... I thought ifstated would do that automagically (and was meant 
to

 do such things). did I misunderstood it's use ?


Yes.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: How to debug something like this?

[Wijnand Wiersma]

It seems that increasing openfiles-cur to infinity works the best in
this situation, so I guess this is solved.

Gerardo, I will try your updated port soon.

Regards,
Wijnand

Re: Email Server

[Damien Hull]

[EMAIL PROTECTED] wrote:


On Tue, May 24, 2005 at 09:18:58AM -0700, Bruno Delbono wrote:
 


[EMAIL PROTECTED] wrote:

   


Ports aren't generally checked for much other than Does it build? and
Does it work?. 
 

So, secure by default means that you should only run OpenBSD as it comes 
and do not touch anything on it. Or else, it won't be secure by default; 
your warranty is voided and Theo will spank you.
   



in the base install is a very important phrase. Ports don't get
audited much, if at all. This isn't any sort of slap to the porters;
it's just there's a *lot* of code in the port and examing that code
for correctness isn't their intent.  Ports are a convenience, not a
promise. Postfix and cyrus aren't base install, and therefore aren't
covered. Ain't life terrible?

 

Thanks for the info. My concern is that OpenBSD is secure by default 
when you do a base install but when you start adding things like Postfix 
etc... are you still secure?


I know you can configure the system so that most files are read only. I 
also know that you can run Postfix in a sandbox ( jail ). It all depends 
on how much work I want to put into securing the system. If the answer 
to the above question is no!, then I'll have to lock down Postfix 
etc... If the answer to the above question is Yes! then I can leave 
things the way they are and just install Postfix.


There are trade offs between security and management over head. Putting 
Postfix in a sandbox is a nice idea but my understanding is that you 
have to take Postfix off-line to add any users and then putt it back in 
the sandbox and then bring it back on-line. Leaving Postfix outside of a 
sandbox means you just add users when you need to. I did this once on a 
FreeBSD email server a few years back. I decided that a sandbox was to 
much work.


I'm still a long ways away from designing a system. I haven't even 
decided which OS I want to use. If enough people on the list can 
convince me that OpenBSD is the way to go I'll install it on a system, 
ship it down to Seattle and collect my mail. This will be on a test 
domain of course.

SuperMicro

[L. V. Lammert]

An associated mentioned that they were having decent OS compatility (Linux) 
with SuperMicro machines. Has anyone tried them? They seem to be pretty 
cost effective for the h/w capability.


Lee

Re: Email Server

[L. V. Lammert]

At 11:31 AM 5/25/2005 -0800, Damien Hull wrote:

[EMAIL PROTECTED] wrote:


o, secure by default means that you should only run OpenBSD as it comes 
and do not touch anything on it. Or else, it won't be secure by default; 
your warranty is voided and Theo will spank you.


in the base install is a very important phrase. Ports don't get
audited much, if at all.
Thanks for the info. My concern is that OpenBSD is secure by default 
when you do a base install but when you start adding things like Postfix 
etc... are you still secure?


Seems like you answered your own question - if you WANT 'secure by 
default', you will use base install - what's there (Sendmail, BIND, etc.) 
has a pretty great track record. If you want more, you're relying on the 
additional 'risks' imposed by the ports and/or packages.


Our policy here is base only, if at all possible, and it has served us and 
our clients well.


Lee

AMD Releases Specifications of Virtualization Technology.

[Dave Feustel]

A  link to a pdf file with complete Pacifica cpu virtualization 
details (except for what sockets are supported) is 
http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/33047.pdf

Dave Feustel

Re: Email Server

[Daniel Ouellet]

Damien Hull wrote:
I'm still a long ways away from designing a system. I haven't even 
decided which OS I want to use. If enough people on the list can 
convince me that OpenBSD is the way to go I'll install it on a system, 
ship it down to Seattle and collect my mail. This will be on a test 
domain of course.




I don't think anyone will try to convince you to use OpenBSD, really! 
It's great and does  a wonderful job and it is secure. But in the end, 
everyone will tell you, use what fit the job! Meaning, if you want to 
use FreeBSD as you express you did before, then go ahead with it. If you 
want something very secure that was design from the ground up with that 
#1 priority in mind, then use OpenBSD. But don't expect anyone to try to 
convince you to use OpenBSD. If you are not convince by yourself by 
reading the archive, or looking at the goal of the site and if security 
is not your top priority, then may be OpenBSD is not for you.


Me, I use it for security reason #1 and for years. I stick with that. If 
it is harder to install some applications, or can't even use some that I 
may want to, then that's that! I am simply not treading security for 
features, or even applications.


Everyone will tell you, use what fit the needs to have, regardless if 
that's OpenBSD, or anything else.


May be this can also answer your question:

http://openbsd.org/faq/faq1.html#WhyUse

Hope this help a bit.

Daniel

Re: Email Server

[Will H. Backman]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Damien Hull
 Sent: Wednesday, May 25, 2005 3:31 PM
 To: [EMAIL PROTECTED]
 Cc: misc
 Subject: Re: Email Server
 
 [EMAIL PROTECTED] wrote:
 
 On Tue, May 24, 2005 at 09:18:58AM -0700, Bruno Delbono wrote:
 
 
 [EMAIL PROTECTED] wrote:
 
 
 
 Ports aren't generally checked for much other than Does it build?
and
 Does it work?.
 
 
 So, secure by default means that you should only run OpenBSD as it
comes
 and do not touch anything on it. Or else, it won't be secure by
default;
 your warranty is voided and Theo will spank you.
 
 
 
 in the base install is a very important phrase. Ports don't get
 audited much, if at all. This isn't any sort of slap to the porters;
 it's just there's a *lot* of code in the port and examing that code
 for correctness isn't their intent.  Ports are a convenience, not a
 promise. Postfix and cyrus aren't base install, and therefore aren't
 covered. Ain't life terrible?
 
 
 
 Thanks for the info. My concern is that OpenBSD is secure by default
 when you do a base install but when you start adding things like
Postfix
 etc... are you still secure?
 
 I know you can configure the system so that most files are read only.
I
 also know that you can run Postfix in a sandbox ( jail ). It all
depends
 on how much work I want to put into securing the system. If the answer
 to the above question is no!, then I'll have to lock down Postfix
 etc... If the answer to the above question is Yes! then I can leave
 things the way they are and just install Postfix.
 
 There are trade offs between security and management over head.
Putting
 Postfix in a sandbox is a nice idea but my understanding is that you
 have to take Postfix off-line to add any users and then putt it back
in
 the sandbox and then bring it back on-line. Leaving Postfix outside of
a
 sandbox means you just add users when you need to. I did this once on
a
 FreeBSD email server a few years back. I decided that a sandbox was to
 much work.
 
 I'm still a long ways away from designing a system. I haven't even
 decided which OS I want to use. If enough people on the list can
 convince me that OpenBSD is the way to go I'll install it on a system,
 ship it down to Seattle and collect my mail. This will be on a test
 domain of course.

Any operating system will end up using third party applications, and any
operating system can be secure by default if it ships with no services
running.  When evaluating a third party application like postfix, you
have two security realms.  The actual application, and the operating
systems that supports it.  With OpenBSD, you have a very nice foundation
that can help enhance the security of the third party service.  For
example, OpenBSD randomizes PID number creation, which made some
exploits against insecure temp file creation that much more difficult.
OpenBSD includes a lot of other protection mechanism that help
applications without any real effort by you.  OpenBSD also includes some
nice tools like systrace that you can use to actively harden a service.
While other operating systems may include similar protections, OpenBSD
provides simple and effective mechanisms.  Simplicity is very important.
Compare OpenBSD/NetBSD systrace to the SELinux mechanism for an example.

If I had to run an insecure service on any platform, it would be
OpenBSD.  It is better to assume that everything is insecure, and design
to reduce the effectiveness of those failures.  I think this is why the
OpenBSD folks are moving as much as possible towards privilege
separation.  It is better to assume that your application is insecure.

Re: Email Server

[Bryan Allen]

On May 25, 2005, at 3:31 PM, Damien Hull wrote:
Thanks for the info. My concern is that OpenBSD is secure by  
default when you do a base install but when you start adding  
things like Postfix etc... are you still secure?


How is something that is not default, still default?

If we want to start jerking off to Zen koans, I'll go get some sake.

I know you can configure the system so that most files are read  
only. I also know that you can run Postfix in a sandbox ( jail ).  
It all depends on how much work I want to put into securing the  
system. If the answer to the above question is no!, then I'll  
have to lock down Postfix etc... If the answer to the above  
question is Yes! then I can leave things the way they are and  
just install Postfix.


Postfix is pretty secure in and of itself. It's a well-designed  
application: small helper apps operating under least privilege. The  
number of security problems has been low over the years, and it's  
easy to configure and maintain. Replacing sendmail with postfix is  
trivial and headache free if you either know what you're doing or  
can, y'know, read and follow instructions somewhat well.


There are trade offs between security and management over head.  
Putting Postfix in a sandbox is a nice idea but my understanding is  
that you have to take Postfix off-line to add any users and then  
putt it back in the sandbox and then bring it back on-line. Leaving  
Postfix outside of a sandbox means you just add users when you need  
to. I did this once on a FreeBSD email server a few years back. I  
decided that a sandbox was to much work.


chroot, or root jail, and Postfix chroots itself by default. The  
only things that you need to concern with, generally, are:


1) Keeping things in /var/spool/postfix/etc in sycn with the rest of  
the system. If you change DNS servers in /etc/resolv.conf, you will  
need to copy the updated file to the spool dir. Write a script to do  
it if it's likely you will forget.
2) Remembering that sockets will need to be in the chroot, or you  
will need another method of IPC. e.g, if you are using SASL, you will  
tell saslauthd to use /var/spool/postfix/var/sasl2 or whatever to  
dump its socket. If you are using MySQL, you will either need to drop  
the socket in a similar location under the chroot, or use TCP/IP to  
talk to MySQL.


I'm still a long ways away from designing a system. I haven't even  
decided which OS I want to use. If enough people on the list can  
convince me that OpenBSD is the way to go I'll install it on a  
system, ship it down to Seattle and collect my mail. This will be  
on a test domain of course.


Maybe you should consider doing some test installs and playing around  
with the system before finding inconsequential (and inaccurate)  
things like Postfix chroots are hard to deal with to make you not  
want to use it. (For the record, most Linux distros I've admin'd also  
leave postfix chroot'd; FreeBSD seems to do so as well -- which  
Postfix is by default; the Linux distros just have startup scripts to  
maintain state between the system and the chroot for you. This is  
trivial.)


(If you want to talk about chroots being annoying, let's talk about  
Apache, Perl, and suexec. :-)


There is system administration, and then there is application/service  
administration. Modern package management tends to make the latter  
trivial with regards to security updates. Configuration with regards  
to either of these domains is where issues tend to occur. Configuring  
OpenBSD is easy for all the reasons people have either already  
mentioned, or will: Sane system layout, good docs, etc, etc.  
Configuring your services is pretty much left up to you. Postfix  
configuration is so easy as to be almost entirely unnecessary for a  
lot of things. It's one of those few nice apps with sane defaults.


I run five well-used OpenBSD mailservers at the moment, all with:

Postfix+TLS+SASL
Amavis+SpamAssassin+ClamAV
Dovecot (IMAP-SSL)

I have zero complaints. OpenBSD is a sanely laid-out system, easy to  
maintain, has well-written documentation, and very rarely gives me  
any sort of headache. (Is there an echo in here?)


It's unlikely many people on this list will tell you much  
differently. But then, ask the same question on any other list  
dedicated to answering questions about something that *everyone on  
the list already uses* and what kind of answers are you expecting? :-)


If you want something to convince you, maybe you should let ftp:// 
ftp.openbsd.org/pub/OpenBSD/3.7/ do the talking.

--
bda
cyberpunk is dead. long live cyberpunk.

Re: SuperMicro

[John R. Shannon]

I've bought several over the years and like them all.

On Wednesday 25 May 2005 01:51 pm, L. V. Lammert wrote:
 An associated mentioned that they were having decent OS compatility (Linux)
 with SuperMicro machines. Has anyone tried them? They seem to be pretty
 cost effective for the h/w capability.

   Lee

--
John R. Shannon
[EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Email Server

[Stuart Henderson]

--On 25 May 2005 16:11 -0400, Will H. Backman wrote:


Any operating system will end up using third party applications


Not necessarily, it is perfectly possible to run e.g. routers, VPN 
gateways, NFS servers, wireless access-points, ftp and web servers, 
mail servers, [...] with just the audited software provided in base 
OpenBSD.  But I know what you're saying.



When evaluating a third party application like postfix, you
have two security realms.  The actual application, and the operating
systems that supports it.  With OpenBSD, you have a very nice
foundation that can help enhance the security of the third party
service.


Yes, when you have no alternative but to run software which might be 
poorly-written, the OS can provide some protection against some types 
of problem. Though, when concerned about security of a particular piece 
of software, it's worth questioning what other areas might have not had 
enough attention and maybe look at the options carefully.


I think that being around the general attitude of things being done 
'the right way', well-documented, with a clean approach and attention 
to detail, helps the user to follow suit. OpenBSD certainly helps there.

Re: Xorg problem with Intel 82852GM on OpenBSD 3.7

[eric]

On Wed, 2005-05-25 at 21:38:03 +0200, Murat Mamitov proclaimed...

 I'm planning to use my laptop like a desktop OS, i know, OpenBSD is
 less desktop between BSDs, 

Bullshit. you obviously know nothing. I've had it on my desktop since 2.8

Please go get a clue and stop spreading your bullshit. Please.

Re: subversion port 3.7 problem

[Abraham Al-Saleh]

use the package, I was able to successfully install it on my openbsd
workstation.

On 5/25/05, Price, Joe [EMAIL PROTECTED] wrote:

 Hi, when I try to build subversion on 3.7 i386 I get:


 []

 main.o -c /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-
 1.1.3/subversion/svnadmin/main.c
 cd subversion/svnadmin  /bin/sh /usr/ports/devel/subversion/w-
 subversion-1.1.3p0/build-i386/libtool --silent --mode=link cc -O2 -pipe
 -DNEON_ZLIB -DNEON_SSL -L/usr/local/lib/db4 -L/usr/local/lib -rpath
 /usr/local/lib -o svnadmin
main.o../../subversion/libsvn_repos/libsvn_repos-
 1.la http://1.la ../../subversion/libsvn_fs/libsvn_fs-1.la
http://1.la../../subversion/libsvn_delta/libsvn_delta-
 1.la http://1.la
../../subversion/libsvn_subr/libsvn_subr-1.lahttp://1.la/usr/local/lib/liba
prutil-
 1.la http://1.la -ldb -lexpat -liconv
/usr/local/lib/libapr-1.lahttp://1.la-lintl -liconv -lz
 /usr/local/lib/libsvn_subr-1.so.0.0: warning: sprintf() is often misused,
 please use snprintf()
 main.o(.text+0x90b): In function `subcommand_recover':
 : undefined reference to `svn_repos_recover2'
 main.o(.text+0x9c1): In function `subcommand_recover':
 : undefined reference to `svn_repos_recover2'
 main.o(.text+0xe27): In function `subcommand_setlog':
 : undefined reference to `svn_repos_fs_change_rev_prop2'
 collect2: ld returned 1 exit status
 *** Error code 1

 Stop in /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386 (line
 355 of /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3
 /build-outputs.mk http://outputs.mk).
 *** Error code 1

 Stop in /usr/ports/devel/subversion (line 1769 of
 /usr/ports/infrastructure/mk/bsd.port.mk).



 I have YET to build subversion for OpenBSD, I thought I'd let the port do
 it for me =(

 Any ideas?

 Thanks!




--
Abe Al-Saleh
And then came the Apocolypse. It actually wasn't that
bad, everyone got the day off and there were barbeques
all around.

Re: SuperMicro

[Sean Knox]

L. V. Lammert wrote:
An associated mentioned that they were having decent OS compatility 
(Linux) with SuperMicro machines. Has anyone tried them? They seem to be 
pretty cost effective for the h/w capability.


I like SuperMicro boxes. We have about a hundred as webservers, mail 
servers, proxies, etc. We run OpenBSD on their 2u 6023-P8s. Runs well.


sk

Re: Network performance

[Matt Van Mater]

* Antonios Anastasiadis [EMAIL PROTECTED] [2005-05-21 11:27]:
 Are all the xl-based cards crap without exceptions?

yes.

While I don't doubt Henning knows much much more than I do about such
things, this answer doesn't exactly satisfy me.  Poor performance on
xl nics has been discussed many times on misc, but I have never seen
much beyond 'they suck, use xyz'.  From my experience, xl performance
on FreeBSD, NetBSD, Loonix, and Windows* isn't all that terrible and
I've been at a loss to explain why it is so disproportionately bad on
OpenBSD.  If someone told me that 3com wanted an NDA before giving the
inside scoop on their chipsets and that is why the OpenBSD driver is
so poor I could understand, but I've never seen anything like that. 
Running a diff of FreeBSD's xl driver to OpenBSD shows that they
diverged long ago and have quite a few differences.  ie: FreeBSD uses
polling so I wasn't even going to attempt to analyze the other
differences between driver sets.  (I didn't compare NetBSD's xl driver
which would have been a better comparison, but you get the idea)

After all that, I'd love to hear more on exactly WHY xl nics suck.

Another similar performance issue that I saw here a while back was
poor performance of OpenBSD-OpenBSD network transfers (the thread was
about NFS write performance I think).  When you mix up transfers
between other OS's (ie free-open, open-free, linux-open,
free-linux, etc ) you don't see that performance loss.  I don't
remember how that thread ended, but I think it was mostly tips on how
to increase NFS write performance and no mention of the network
drivers/stack or why OpenBSD-OpenBSD sometimes is a little slow.

I have quite a few older Dell GXwhatevers in my lab that come with
integrated xl nics and I hate to have to replace the nics in them. 
but that's just my ranting...

Matt

Re: subversion port 3.7 problem

[Price, Joe]

Thank You! 
 
I had a version I tried to build from source before upgrading to 3.7
 
Got it installed now.



From: steven mestdagh [mailto:[EMAIL PROTECTED]
Sent: Wed 5/25/2005 6:01 PM
To: Price, Joe
Cc: misc@openbsd.org
Subject: Re: subversion port 3.7 problem



On Wed, May 25, 2005 at 05:22:54PM -0400, Price, Joe wrote:
 Hi, when I try to build subversion on 3.7 i386 I get:
 
 
 []
 
 main.o -c 
 /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3/subversion/svnadmin/main.c
 cd subversion/svnadmin  /bin/sh 
 /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386/libtool --silent 
 --mode=link cc  -O2 -pipe-DNEON_ZLIB -DNEON_SSL  -L/usr/local/lib/db4 
 -L/usr/local/lib  -rpath /usr/local/lib -o svnadmin  main.o 
 ../../subversion/libsvn_repos/libsvn_repos-1.la 
 ../../subversion/libsvn_fs/libsvn_fs-1.la 
 ../../subversion/libsvn_delta/libsvn_delta-1.la 
 ../../subversion/libsvn_subr/libsvn_subr-1.la /usr/local/lib/libaprutil-1.la 
 -ldb -lexpat -liconv /usr/local/lib/libapr-1.la -lintl -liconv  -lz
 /usr/local/lib/libsvn_subr-1.so.0.0: warning: sprintf() is often misused, 
 please use snprintf()
 main.o(.text+0x90b): In function `subcommand_recover':
 : undefined reference to `svn_repos_recover2'
 main.o(.text+0x9c1): In function `subcommand_recover':
 : undefined reference to `svn_repos_recover2'
 main.o(.text+0xe27): In function `subcommand_setlog':
 : undefined reference to `svn_repos_fs_change_rev_prop2'
 collect2: ld returned 1 exit status
 *** Error code 1
 
 Stop in /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386 (line 355 
 of 
 /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3/build-outputs.mk).
 *** Error code 1
 
 Stop in /usr/ports/devel/subversion (line 1769 of 
 /usr/ports/infrastructure/mk/bsd.port.mk).

 
 
 I have YET to build subversion for OpenBSD, I thought I'd let the port do it 
 for me =(
 
 Any ideas?

works fine here. maybe it's linking in older libraries again (this should
not happen) from /usr/local/lib. so, are you sure you don't have any
older subversion libraries installed in /usr/local/lib, before starting
the build?

steven

Re: SuperMicro

[Rick]

I ran 3.5 on a couple 5013G-Ms. Never had any problems.

On Wed, 25 May 2005, L. V. Lammert wrote:

 An associated mentioned that they were having decent OS compatility (Linux)
 with SuperMicro machines. Has anyone tried them? They seem to be pretty
 cost effective for the h/w capability.

   Lee

Re: Rant: how stupid does java look

[Joseph Kiniry]

Hi Adam,

Apologies for the delay in response; I've been busy.

On 9 May 2005, at 11:52, Adam wrote:


On Mon, 9 May 2005 07:40:10 +0100
Joseph Kiniry [EMAIL PROTECTED] wrote:



While I guess I should have been a little more specific to only
include
languages that have enough libraries to be useful, and obviously
purely functional languages aren't comparable, you ignoring the
requirements I listed doesn't help things either. I mean seriously,
on what planet exactly does python or java have performance close
to C#?


Whoops, there you go not following my advice.


No, there you go living in a little fantasy world where you can say
things and they are magically true.  Python and java are both
significantly slower than C#, especially python, its not even close.


I have numbers to support my claim that they are close.  Perhaps we  
have a different definition of close in this world of gigahertz and  
gigabytes.


E.g., the highly optimized computer language shootout competition  
still has Python and Java running within 25% of C# on nearly all  
problem sets.  This is also confirmed in my (extensive) personal  
experience with all mentioned languages sans C#.  My experience with  
C# is gained through folks I work with, rather than my direct  
experience.  You have contrary data?



And the functional languages aren't comparable because they are
functional languages.


Ah, I see.  I never saw functional language do not count  
prerequisite.  My oversight I guess.



Like I said, I should have been more specific,
but haskell isn't just very different in how the language works, but
also how a programmer thinks and uses it.


I agree with you, unless you are one of those wacky procedural or OO  
programmers that likes recursion over iteration. :)



I am not saying functional
languages are better or worse than imperative languages, just that I
should have included imperative on the list of requirements, my bad.


Got'cha, no problem.


I don't know why you so desperately want to hate C#, but perhaps you
should try it sometime before claiming its so worthless.


I do not hate it at all---I just cannot tolerate folks badmouthing  
languages or platforms with which they do not have extensive  
experience.  I had presumed, given the tone of some of the responses  
to my post, that this was one of those situations.  I could be wrong.



Guess what, EVERYTHING is patented.  Start digging through US
patents and you'll find out that your options are to not use
computers in any fashion, or infringe on bogus patents.


I encourage you to search the US patent database for patents issued
to Bell Labs for C++-related technologies.  See http://www.uspto.gov/
patft/.  Here is an advanced search query to get you started: APD/
1/1/1980-12/25/1985 and Stroustrup.  It is just an example, of
course.


If you have to ignore what I say just so you can argue with me, then
lets take it off list.  You can't honestly think a patent covering  
some

aspect of C++ only matters if its Bell that holds it?


Please pick three primary features of C++ then and I'll perform a  
patent search on them.  That will not invalidate my claim, but will  
certainly invalidate yours.


Joe
---
Joseph Kiniry
Department of Computer Science
University College Dublin
http://secure.ucd.ie/

Re: OpenBSD cd37.iso question

[Steven Manos]

Setup a dhcp/bootp server along with tftpd on an exiting openbsd / linux
box, put bsd.rd on there and boot of that over the network using
boop()/bsd (as suggested in the INSTALL.sgi document). This worked fine
for me.

p.s. you'll need a serial console of sorts as that's the only way
sgi/obsd will run at the moment.


On Wed, May 25, 2005 at 01:51:24PM -0400, Phil Lawrence wrote:
 I was hoping to boot from the ISO included in the SGI snapshot, but I 
 don't know how to burn it (it's not ISO9660).
 
 $ file OpenBSD/3.7/sgi/cd37.iso
 OpenBSD/3.7/sgi/cd37.iso: SGI disk label (volume header)
 
 How do I burn it?  If I do burn it, will my O2 workstation boot from it 
 so I can FTP install?
 
 Thanks,
 Phil

stdio Buffered functions

[Gustavo Rios]

Sorry if it sounds to stupid.

What happens to an application that was forked with stdout/stdin or
even stderr opened for non-blocking I/O and it tries to read/write
from/to any of those FD and no process is attained to the other end?


PS: i known i could look into the source, but at the present momment:

0) have no OBSD installed,
1) Network problems: google IP address is the only outside access i
have rright now.

Re: stdio Buffered functions

[Gustavo Rios]

Would it be irrational to have it block ?

Thanks a lot.

On 5/25/05, Ted Unangst [EMAIL PROTECTED] wrote:
 On Wed, 25 May 2005, Gustavo Rios wrote:
 
  What happens to an application that was forked with stdout/stdin or
  even stderr opened for non-blocking I/O and it tries to read/write
  from/to any of those FD and no process is attained to the other end?
 
 it gets an error or SIGPIPE.
 
 --
 desire is not an occupation

Hang using generic.mp with ami0

[Steve Shockley]

I've just set up a Compaq Proliant 6500 with OpenBSD 3.7-release.  It 
works fine with the uniprocessor kernel, but when I boot from bsd.mp, it 
sits at mtrr: Pentium Pro MTRR support, then after a minute or two it 
reports ami0: timeout ccb 1 and hangs.


I found http://marc.theaimsgroup.com/?m=109355301607068, which suggested 
upgrading the firmware on the card.  I upgraded to the most current 
firmeware from AMI, no change.  It's an HP NetRAID 2M and/or Megaraid 
Elite 1600.


Dmesg from /bsd:

OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2 cache) 
500 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 3220791296 (3145304K)
avail mem = 2931523584 (2862816K)
using 4278 buffers containing 161140736 bytes (157364K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf
pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI BIOS has 10 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:15:0 (Intel 82371AB PIIX4 ISA 
rev 0x00)

pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1400 0xe8000/0x6000 
0xee000/0x2000!

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
fxp0 at pci0 dev 1 function 0 Intel 82557 rev 0x0d, i82550: irq 11, 
address 00:02:b3:8f:1a:3f

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
Compaq PCI Hotplug rev 0x04 at pci0 dev 11 function 0 not configured
Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not configured
siop0 at pci0 dev 13 function 0 Symbios Logic 53c875 rev 0x14: irq 10, 
using 4K of on-board RAM

scsibus0 at siop0: 16 targets
siop1 at pci0 dev 13 function 1 Symbios Logic 53c875 rev 0x14: irq 5, 
using 4K of on-board RAM

scsibus1 at siop1: 16 targets
vga1 at pci0 dev 14 function 0 ATI Mach64 GV rev 0x7a
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 15 function 1 Intel 82371AB IDE rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: COMPAQ, CDR-8435, 0013 SCSI0 5/cdrom 
removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 15 function 2 Intel 82371AB USB rev 
0x01pci_intr_map: no mapping for pin D

: couldn't map interrupt
Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 15 function 3 not configured
pchb0 at pci0 dev 16 function 0 Intel 82451NX Mem  IO rev 0x03
pchb1 at pci0 dev 18 function 0 Intel 82454NX PXB rev 0x04
pchb2 at pci0 dev 20 function 0 Intel 82454NX PXB rev 0x04
pci1 at pchb2 bus 4
ppb0 at pci1 dev 3 function 0 DEC 21154 PCI-PCI rev 0x05
pci2 at ppb0 bus 5
ppb1 at pci2 dev 0 function 0 DEC 21154 PCI-PCI rev 0x05
pci3 at ppb1 bus 6
ami0 at pci3 dev 0 function 0 AMI MegaRAID rev 0x02: irq 5 AMI 493/64b/lhc
ami0: FW 111U, BIOS vF320, 128MB RAM
ami0: 2 channels, 0 FC loops, 1 logical drives
scsibus3 at ami0: 40 targets
sd0 at scsibus3 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/direct fixed
sd0: 8677MB, 1106 cyl, 255 head, 63 sec, 512 bytes/sec, 17770496 sec total
QLogic ISP12160 rev 0x06 at pci2 dev 1 function 0 not configured
Compaq PCI Hotplug rev 0x04 at pci1 dev 11 function 0 not configured

isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using 
wsdisplay0

pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask e765 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: sd0 matched BIOS disk 80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

Re: NIC bonding/trunking/802.3ad

[Damien Miller]

Dries Schellekens wrote:

http://marc.theaimsgroup.com/?l=openbsd-cvsm=111690466011478w=2


How does this compare to NetBSD agr(4)? Is this also IEEE 802.3AD?


It does some things that agr does not, but doesn't do 802.3ad yet.
Probably soon though.

-d

Re: Hang using generic.mp with ami0

[Marco Peereboom]

hmmm very odd.  Let me try to reproduce.

On May 25, 2005, at 6:59 PM, Steve Shockley wrote:

I've just set up a Compaq Proliant 6500 with OpenBSD 3.7-release.   
It works fine with the uniprocessor kernel, but when I boot from  
bsd.mp, it sits at mtrr: Pentium Pro MTRR support, then after a  
minute or two it reports ami0: timeout ccb 1 and hangs.


I found http://marc.theaimsgroup.com/?m=109355301607068, which  
suggested upgrading the firmware on the card.  I upgraded to the  
most current firmeware from AMI, no change.  It's an HP NetRAID 2M  
and/or Megaraid Elite 1600.


Dmesg from /bsd:

OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2  
cache) 500 MHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 
6,MMX,FXSR,SSE

real mem  = 3220791296 (3145304K)
avail mem = 2931523584 (2862816K)
using 4278 buffers containing 161140736 bytes (157364K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @  
0xf

pcibios0 at bios0: rev 2.1 @ 0xf/0x2000
pcibios0: PCI BIOS has 10 Interrupt Routing table entries
pcibios0: PCI Interrupt Router at 000:15:0 (Intel 82371AB PIIX4  
ISA rev 0x00)

pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1400 0xe8000/0x6000  
0xee000/0x2000!

cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
fxp0 at pci0 dev 1 function 0 Intel 82557 rev 0x0d, i82550: irq  
11, address 00:02:b3:8f:1a:3f

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
Compaq PCI Hotplug rev 0x04 at pci0 dev 11 function 0 not configured
Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not  
configured
siop0 at pci0 dev 13 function 0 Symbios Logic 53c875 rev 0x14:  
irq 10, using 4K of on-board RAM

scsibus0 at siop0: 16 targets
siop1 at pci0 dev 13 function 1 Symbios Logic 53c875 rev 0x14:  
irq 5, using 4K of on-board RAM

scsibus1 at siop1: 16 targets
vga1 at pci0 dev 14 function 0 ATI Mach64 GV rev 0x7a
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 15 function 0 Intel 82371AB PIIX4 ISA rev 0x02
pciide0 at pci0 dev 15 function 1 Intel 82371AB IDE rev 0x01:  
DMA, channel 0 wired to compatibility, channel 1 wired to  
compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: COMPAQ, CDR-8435, 0013 SCSI0 5/ 
cdrom removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 15 function 2 Intel 82371AB USB rev  
0x01pci_intr_map: no mapping for pin D

: couldn't map interrupt
Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 15 function 3 not  
configured

pchb0 at pci0 dev 16 function 0 Intel 82451NX Mem  IO rev 0x03
pchb1 at pci0 dev 18 function 0 Intel 82454NX PXB rev 0x04
pchb2 at pci0 dev 20 function 0 Intel 82454NX PXB rev 0x04
pci1 at pchb2 bus 4
ppb0 at pci1 dev 3 function 0 DEC 21154 PCI-PCI rev 0x05
pci2 at ppb0 bus 5
ppb1 at pci2 dev 0 function 0 DEC 21154 PCI-PCI rev 0x05
pci3 at ppb1 bus 6
ami0 at pci3 dev 0 function 0 AMI MegaRAID rev 0x02: irq 5 AMI  
493/64b/lhc

ami0: FW 111U, BIOS vF320, 128MB RAM
ami0: 2 channels, 0 FC loops, 1 logical drives
scsibus3 at ami0: 40 targets
sd0 at scsibus3 targ 0 lun 0: AMI, Host drive #00,  SCSI2 0/ 
direct fixed
sd0: 8677MB, 1106 cyl, 255 head, 63 sec, 512 bytes/sec, 17770496  
sec total

QLogic ISP12160 rev 0x06 at pci2 dev 1 function 0 not configured
Compaq PCI Hotplug rev 0x04 at pci1 dev 11 function 0 not configured

isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard,  
using wsdisplay0

pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask e765 netmask ef65 ttymask ffe7
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
dkcsum: sd0 matched BIOS disk 80
root on sd0a
rootdev=0x400 rrootdev=0xd00 rawdev=0xd02

Re: error building userland - inconsistent operand constraints in an `asm'

[Artur Grabowski]

fehler404 [EMAIL PROTECTED] writes:

 OUTPUT
 cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall
 -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes
 -Wsign-compare -I/usr/src/lib/libpthread/uthread
 -I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include
 -D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386
 -c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function
 `_atomic_lock':
 /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand
 constraints in an `asm'

This is not an OpenBSD compilation. Ask the person who changed your
operating system. There is no help for you here.

//art

Re: My NIC go to sleep?

[Nick Holland]

[EMAIL PROTECTED] wrote:
 Hello,

 I'm a newwbie on OpenBSD and I've installed it on a IBM P100 Computer.
 I have a Intel 82557 NIC inside. This NIC can be seen as fxp0.
 My problem is:
 When I don't use the comuputer during about 5 minutes, my NIC go to
 sleep and don't want to receive or send any frames.
 But if I press a key on the keyboard or if I connect by SSH through
 another NIC,fxp0 works again during about 5 minutes. It is a strange
 behaviour.
...
 *cut*
 
 I had something similiar with an PC too (but I can't remember if it was
 also IBM or DELL or whatever). Maybe it sounds crazy but deactivate
 everything related with power-saving (if your BIOS provides that). The PC
 I remeber had some problems because of the fucked up BIOS (like my
 notebook with PCMICA...).

Agreed.  Some IBM systems of that vintage had power saving modes which
went quite beyond the call of duty, turning way too much off way too
hard.  Your description sounds very much like this.

Nick.

Re: Email Server

[Nick Holland]

Damien Hull wrote:
...
 Thanks for the info. My concern is that OpenBSD is secure by default 
 when you do a base install but when you start adding things like Postfix 
 etc... are you still secure?

How can that be answered?

The weakest link determins system security.  It doesn't matter how
secure your door is if your Windows(tm) are unlocked.

If you run an insecure app on a secure OS, you end up with an insecure
system.  It isn't hard to understand.

OpenBSD has some leading-edge tricks to _help_ protect you against
application errors, but nothing is going to help you against every
poorly written -- or misused -- application.

 I know you can configure the system so that most files are read only. I 
 also know that you can run Postfix in a sandbox ( jail ). It all depends 
 on how much work I want to put into securing the system. If the answer 
 to the above question is no!, then I'll have to lock down Postfix 
 etc... If the answer to the above question is Yes! then I can leave 
 things the way they are and just install Postfix.

*sigh*
maybe it is hard to understand...

 There are trade offs between security and management over head.

correct.
Everyone wants ultimate security.  Assuming it doesn't inconvinience
them.  At all.  (i.e., they don't give a rat's butt about security, but
they can talk a good story).  (sorry, that was a totally off-topic rant,
not aimed at you at all...just at the world in general)

 Putting
 Postfix in a sandbox is a nice idea but my understanding is that you 
 have to take Postfix off-line to add any users and then putt it back in 
 the sandbox and then bring it back on-line. Leaving Postfix outside of a 
 sandbox means you just add users when you need to. I did this once on a 
 FreeBSD email server a few years back. I decided that a sandbox was to 
 much work.

you also have to decide what the sandbox really does.
Sometimes...people make things really difficult to maintain but don't
really improve the real security.  Understand the why and how...

 I'm still a long ways away from designing a system. I haven't even 
 decided which OS I want to use. If enough people on the list can 
 convince me that OpenBSD is the way to go I'll install it on a system, 
 ship it down to Seattle and collect my mail. This will be on a test 
 domain of course.

If you expect magic to happen if you run a bad app on a good OS, please
go run something else.

Here's what it boils down to:
Run your mail server on OpenBSD, you will have to worry about the mail
server and the OS.  But you will have to worry about the OS less.  The
OS may save your butt from a security problem in your app, but if it
does, you probably should have updated your app (or the developer should
have been on the problem long before), which means you have other
problems, problems that OpenBSD shouldn't be relied upon to solve (even
if it might)

If you don't trust your app, reconsider the choice, or contain the
problem as best you can, so it can not spread to more critical systems.

Nick.

Re: SuperMicro

[Anderson Nadal]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Me too.

Nice machines, low cost and high performance.

[]'s
Nadal


John R. Shannon escreveu:

 I've bought several over the years and like them all.

 On Wednesday 25 May 2005 01:51 pm, L. V. Lammert wrote:

 An associated mentioned that they were having decent OS
 compatility (Linux) with SuperMicro machines. Has anyone tried
 them? They seem to be pretty cost effective for the h/w
 capability.

 Lee


 -- John R. Shannon [EMAIL PROTECTED] [EMAIL PROTECTED]
 [EMAIL PROTECTED]

 [demime 1.01d removed an attachment of type
 application/pkcs7-signature which had a name of smime.p7s]
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFClR/yLQAusHT90XQRAtdKAKCK0pV+ZsHQx1c+aUPNZT9mLgIlSwCgizI9
yRLsqsNWXUsWVTzG72ZO8nw=
=n5EF
-END PGP SIGNATURE-

Re: Network performance

[Nick Holland]

Matt Van Mater wrote:
* Antonios Anastasiadis [EMAIL PROTECTED] [2005-05-21 11:27]:
 Are all the xl-based cards crap without exceptions?
 
yes.
 
 While I don't doubt Henning knows much much more than I do about such
 things, this answer doesn't exactly satisfy me.  Poor performance on
 xl nics has been discussed many times on misc, but I have never seen
 much beyond 'they suck, use xyz'.

Short version: 3Com has a reputation for quality in some people's mind
which is basically undeserved.  Here's a list of most of the 3Com cards
I've worked with over the years:

  3c501: technically, probably worst ethernet card ever made, though as
an early player, probably forgivable.  I think the $500 price tag fell
off one of the ones I have here a few years back...but that's what we
used to sell 'em for.
  3c503: Weird.  Freaking.  Card.  (actually, works ok, but strangest
config of any NIC I've used.  Jumpers set IO port and shared RAM, driver
sets IRQ.  Really.)
  3c505: early attempt at a server grade NIC -- on board 80186
processor, lots of RAM, DMA.  Worked ok, as long as your machine had no
more than 16M of RAM, otherwise things got...exciting.  Never saw a
performance difference, in spite of all the technology and price tag.
  3c507: Oh, gawd. Just plug it in, watch it work!  I'm sure it did
for someone, sure didn't for our customers who were buying it.  What
IRQ is it at? Dunno  What IO port?  Dunno. Sheesh.
  3c509: Worked.  Easy software config.
  3c509B: Worked Really Well, at least if you turn of PnP mode.  OpenBSD
has more trouble than Windows with the PnP mode, but it certainly wasn't
trouble free on Windows.
  3c515: 100Mbps ISA NIC, capable of...10Mbps performance.  But it does
make the 100Mbps light light up on your switch.  Now, I'd not expect it
to saturate the pipe...but it is a serious under-performer.
  3c590: Look, ma! 100Mbps PCI! (see the link light?)
  3c905: Ok, the 590 was a piece of junk, let's try again.  We'll make
it really hard to tell the difference between the 3c590 and the 3c905,
too -- the poor saps will have to dig around with a magnifying glass to
see which card this is.
  3c905b: If at first you don't succeed...
  3c905c: ...try, try again.  BTW: the revisions of the 3c905 are ..
annoying.
  3c920, 3c555, 3c{lots}: ok, people are tired of us slapping letters on
the end of a mid-grade card, let's make more confusing numbers.  Oh,
each requires an updated driver for Windows.  Some are ok, some are
abominations that were put in laptops and delivered performance that
would make a decent ISA card hide in shame...but they DO light up that
100mbps link light, and we know that's all that matters, the users will
never notice the 100kbps performance, or blame it on the laptop.

Not included on this list: 3Com EISA cards who's numbers I've forgotten
and don't care enough to go look up (worked.  One appeared to have the
3c509's chip (not the B version).  100Mbps card didn't blow me over with
its performance), and the laptop PCMCIA cards (worked).

I'm one of the people that used to sing 3Com's praise, until one day I
was reading through the FAQ, saw a cheap shot at 3Com, and started
thinking about my experience and realized my praise was completely
unwarranted.  At a certain point, one starts to realize that all the
bizzare, abnormal cases were not that bizzare or abnormal, as they
keep happening.  The only best in class NIC I can think of that they
ever made was the 3c509B, and as the 'B' shows..took 'em a couple tries.

 From my experience, xl performance
 on FreeBSD, NetBSD, Loonix, and Windows* isn't all that terrible and
 I've been at a loss to explain why it is so disproportionately bad on
 OpenBSD.

well, our experience differs.
My experience with the 3c905 is that it usually works ok, but if things
are wonky on my network, they get changed, and problems go away.  That's
on a lot of OSs, mostly Netware and Windows.

The MAJORITY of time, yes sure, they work fine.  When they go wonky,
they irritate the heck out of you.

 If someone told me that 3com wanted an NDA before giving the
 inside scoop on their chipsets and that is why the OpenBSD driver is
 so poor I could understand, but I've never seen anything like that. 

well, we have no docs.  The OpenBSD driver probably DOES have problems
above and beyond those of the cards, but you can clean the pig up a
lot...but it's still a pig (no offense intended to pigs).  3Com wrote
the Netware and Windows drivers...and they didn't get it perfect,
either.  In fact, the 3Com Windows drivers win a non-unique prize for
being annoying (Hi, we'll load this stupid diagnostic that kicks you
off the network, crashing windows, if you try to run it.  So don't run
it.  Just kiss a chunk of RAM bye-bye!)

...
 I have quite a few older Dell GXwhatevers in my lab that come with
 integrated xl nics and I hate to have to replace the nics in them. 
 but that's just my ranting...

As do I...GX100, GX1, etc.
Hey, use 'em.  If they do the job for you, great.  

Re: Xorg problem with Intel 82852GM on OpenBSD 3.7

[Murat Mamitov]

Thank you for your help Eric, you are a genius ;)

On 5/25/05, eric [EMAIL PROTECTED] wrote:
 On Wed, 2005-05-25 at 21:38:03 +0200, Murat Mamitov proclaimed...
 
  I'm planning to use my laptop like a desktop OS, i know, OpenBSD is
  less desktop between BSDs,
 
 Bullshit. you obviously know nothing. I've had it on my desktop since 2.8
 
 Please go get a clue and stop spreading your bullshit. Please.

Re: Rant: how stupid does java look

[Anil Madhavapeddy]

On Mon, May 09, 2005 at 01:52:34PM -0400, Adam wrote:
 
 No, there you go living in a little fantasy world where you can say
 things and they are magically true.  Python and java are both
 significantly slower than C#, especially python, its not even close.

I wonder what you mean by C# here; you of course need to refer to
the underlying implementation (Mono, using the Boehm GC we love to
hate, is a very different beast from the MS implementation).  But
lets not get bogged down in specifics eh?

 And the functional languages aren't comparable because they are
 functional languages.

Why?  OCaml isnt a functional language, its a language which supports
higher-order functions.  And its native-code performance beats the
living daylights out of any C# implementation I've seen.  But really,
who cares?  They both work on OpenBSD, pick one :)

-- 
Anil Madhavapeddy http://anil.recoil.org
University of Cambridge  http://www.cl.cam.ac.uk

Re: Network performance

[Shawn K. Quinn]

On Wed, 2005-05-25 at 23:26 -0400, Nick Holland wrote:
   3c509: Worked.  Easy software config.
   3c509B: Worked Really Well, at least if you turn of PnP mode.
 OpenBSD
 has more trouble than Windows with the PnP mode, but it certainly
 wasn't
 trouble free on Windows.

I think they made a 3c509C as well, but I could be quite wrong on this.
And I second these as working very well; this message will travel across
two of them. The 3c589 (I think) has worked well enough; my mom is still
using one on her (Windows 2000 Professional) laptop. I used to have a
3c900 (I think, I remember the Linux kernel identifying it as a
Vortex/Boomerang chipset or some such) in my other computer, and it
worked well enough for what I used it for (it was a 10MBps PCI card on
what was originally primarily a Windows gaming box that got repurposed
into a GNU/Linux workstation) but I'm not exactly singing its praises.

-- 
Shawn K. Quinn [EMAIL PROTECTED]

notice: layered mounts are gone

[Ted Unangst]

null and union mounts have been deleted.  if you are using them and 
tracking current, you will have pain when you reboot.

-- 
quit whining you haven't done anything wrong
because frankly you haven't done much of anything

Re: Network performance

[Henning Brauer]

* Nick [EMAIL PROTECTED] [2005-05-26 05:46]:
   3c920, 3c555, 3c{lots}: ok, people are tired of us slapping letters on
 the end of a mid-grade card, let's make more confusing numbers.  Oh,

3c940: after dozens of years of trying they gave up and shipped a 
SysKonnect design

Re: stdio Buffered functions

[Gustavo Rios]

Sorry folks!

I think my question was explicited completely wrong.

Suppose a process tries to printf a log message and at the time the
process attained to the other end is not ready to read (the processes
are connect by mean of a pipe, ex:

$ a | b 

Question: process a's attempt to write will return EAGAIN/EWOULDBLOCK
or it would block?

I mean, is stdio ready to handle that cases when the standar fd
(0,1,2) was opened O_NONBLOCK?

Thanks.

On 5/25/05, Ted Unangst [EMAIL PROTECTED] wrote:
 On Wed, 25 May 2005, Gustavo Rios wrote:
 
  Would it be irrational to have it block ?
 
 yes.
 
 --
 someone's writing down your mistakes
 someone's documenting your downfall