Re: djbdns DNS server? Status, Pros and Cons?
The OP was unsure about the quality of djbdns. By just I meant that if the license allowed, it would be included, at least in ports. That's my guess. Stephan On 5/24/05, Theo de Raadt [EMAIL PROTECTED] wrote: Is it not just a license problem that keeps djbdns out of the BSD's ? just That word really does not belong there. That's a phrase used in english often used to express how small a problem is. It is not a small problem. It is fatal.
Re: djbdns DNS server? Status, Pros and Cons?
On 25.05.2005, at 07:20, Theo de Raadt wrote: Is it not just a license problem that keeps djbdns out of the BSD's ? just That word really does not belong there. That's a phrase used in english often used to express how small a problem is. It is not a small problem. It is fatal. Maybe a stupid question, but is an OpenDNS out there? I laught as I thought about, as I read the explaination to the word just. Kind regards Karl-Heinz
Re: Certified Hardware
On Tue, 2005-05-24 at 15:03:34 -0700, Aaron Glenn proclaimed... who will execute a maintenance contract on just the hardware? certainly not Nokia... Do it yourself; it's just a PC; and junk at that. BTW - the quad cards do work too and show up as dc(4) devices.
Re: Desktop chrooted
Stephan Wehner wrote: Mainly I'm worried about running a lot of user applications which connect to the Internet. But I can't estimate the overhead. choose wisely your applications and systrace(1) would most likely give you some extra security.
how to ifconfig another ip address in a network device
i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work.
Re: how to ifconfig another ip address in a network device
On Wed, 25 May 2005 15:09:35 -0700, wang fei wrote: i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work. I guess that man ifconfig doesn't work on Linux or you would have known to use it. Or maybe you just are not used to having on-line documents for nearly everything. That's all the help you need. From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: Linuxwochen Vienna 2005, May 24 - 27, 2005, Vienna, Austria.
Wim Vandeputte wrote: Hey, I'm on my way to Vienna now for the Linuxwochen, May 24 - 27, 2005 Reinhard and me will be in the MuseumsQuartier from Wednesday 25 to answer your questions or just meet people for a chat and drinks Wim. Hi Wim A little off topic and for whatever it's worth; - I find all the work that you do (OpenBSD advocacy, support et al) and all the traveling (saw you last time in Copenhagen at LF05) very admirable. I do my part as well (another order of magnitude downscale) but you manage to be everywhere. Thumbs up Wim. respectfully /per [EMAIL PROTECTED]
Re: how to ifconfig another ip address in a network device
Hi, i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work. `man ifconfig` and `man hostname.if` will tell you everything you need to know. Good luck... Nico P.S. OpenBSD is not Linux.
Re: OBSD 3.7 ports -- mysql
Daniel Ouellet wrote: Just FYI. I am finishing up a port that hopefully will be put in for MySQL 4.1.12, their latest recommended stable version. Hi Daniel That's brilliant! So far all works well and pass all the tests suites stuff, with the exception that I have to create three hard link to make it work still, but I am working on correcting that. Would be nice to get some testing as well. I use it without problem so far. I'm about to launche a [3.7 AMD64 GENERIC.MP] mysql server (mysql backend for a lot of servers / production environment) and would like to test and use the new MySQL 4.1.12 I have the packages for i386 and amd64 ready for all clients, servers, and test, or the files if you want to make your own compile from source. pkg would be nice. I haven't send it in yet to port@ as I am almost all there, not to my liking yet, but it does work and is all complete for the clients and servers part. I am still struggling with the tests part a bit. I have amd64 done on stable 3.7 and i386 done on stable 3.6. Testing if you want, may be good to do! Gimmi, gimmi, gimmi. I can make the packages available if you like, or my files for making your own from source. Works for me... Keep up the good work. respectfully /per [EMAIL PROTECTED] Daniel
Re: how to ifconfig another ip address in a network device
wang fei wrote: i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work. As you're no doubt discovering, OpenBSD is not linux. man ifconfig and read about IP aliases. hint: ifconfig fxp0 alias x.x.x.x cheers, Sean
Re: OBSD 3.7 ports -- mysql
Per Engelbrecht wrote: I'm about to launche a [3.7 AMD64 GENERIC.MP] mysql server (mysql backend for a lot of servers / production environment) and would like to test and use the new MySQL 4.1.12 I have the packages for i386 and amd64 ready for all clients, servers, and test, or the files if you want to make your own compile from source. pkg would be nice. You can get it from here for now for your amd64: http://openbsdsupport.org/packages/amd64/ You will need to install the package p5-DBD-mysql-2.9004.tgz, but that's already available on the main site. So, get it from there. Then install the client and server. I didn't release the test suite as it doesn't go in the right place yet and I haven't finish the testing on it. You can use these, but it will be better in a few days. May be two or so. I don't expect any changes in these two, but you never know. Feedback would be welcome, but heavy testing would be best before using in production obviously! Have fun! Daniel PS: I will let you know when the final package are done if there is any changes on it.
Re: OBSD 3.7 ports -- mysql [offtopic!]
Daniel Ouellet wrote: Just FYI. I am finishing up a port that hopefully will be put in for MySQL 4.1.12, their latest recommended stable version. Hi Daniel That's brilliant! [installed pSQL from ports so: aggro offtopic] That's nice for MySQL.. I'm still waiting until dataloss will be accapted as DoS-Case so that the PostgreSQL would be updated up to 7.4.8 (but a update to 8.0.3 would be better anyway) It's realy disappointing to see updates for PHP and other software because of some DoS-things (anyway thanks to robert and brad) and e.g. PostgreSQL isn't even at the latest 7.4.x-Version. :-( I think sometimes about asking every portmaintainer Define me importent to write down a manpage to explain the meaning of an importent update if it deals with PHP compared e.g. to PostgreSQL or others. If data-loss isn't a reason for an update of a database-package It's not the first time that I request a PostgreSQL update and it seams the current maintainer isn't able to change a version-number so that the update would be avaiable for all users. But Bred and Robert are like a light in the darkness. ;) Btw for the pSQL maintainer: -- Migration to version 7.4.6 A dump/restore is not required for those running 7.4.X. __ Changes * Repair possible failure to update hint bits on disk Under rare circumstances this oversight could lead to could not access transaction status failures, which qualifies it as a potential-data-loss bug. -- But I guess there wont be an update to 8.0.3 nor any fast update to 7.4.8 even the maintainer got 5 mails in the last 3 months. [/aggro offtopic] Kind regards and have a nice day, Sebastian
Atheros - DWL G520 (Rev 2) and a problem...
Maybe it's a case for bugs@ but I wanna know if I did something wrong. I've a DWL G520 (Rev 2, Atheros) and my ASUS K7V880 wont work with it. Or at least OpenBSD dosn't work with the card at this board. I assembled that card also at my ASUS K8V880 but because the Atheros driver isn't ported to AMD64 yet it wont work (I just took a look if the card is working and oBSD 3.7 AMD64 detects it). $ dmesg | grep ath ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for regdomain NONE(32976) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for regdomain NONE(32976) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for regdomain NONE(32976) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for regdomain NONE(32976) full-dmesg: -- OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Duron(tm) (AuthenticAMD 686-class) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267231232 (260968K) avail mem = 236953600 (231400K) using 3287 buffers containing 13463552 bytes (13148K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 09/24/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4740/224 (12 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x1106 product 0x3227 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor VIA, unknown product 0x0269 rev 0x80 pchb1 at pci0 dev 0 function 1 vendor VIA, unknown product 0x1269 rev 0x00 pchb2 at pci0 dev 0 function 2 vendor VIA, unknown product 0x2269 rev 0x00 pchb3 at pci0 dev 0 function 3 vendor VIA, unknown product 0x3269 rev 0x00 pchb4 at pci0 dev 0 function 4 vendor VIA, unknown product 0x4269 rev 0x00 pchb5 at pci0 dev 0 function 7 vendor VIA, unknown product 0x7269 rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 Matrox MGA Millenium 2064W (Storm) rev 0x01 wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ath0 at pci0 dev 13 function 0 Atheros AR5212 rev 0x01: irq 3 ath0: mac 80.9 phy 4.3 radio 4.6, 802.11a/b/gath0: no valid channels for regdomain NONE(32976) xl0 at pci0 dev 14 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 5, address -censored- exphy0 at xl0 phy 24: 3Com internal media interface pciide0 at pci0 dev 15 function 0 VIA VT8237 SATA rev 0x80: DMA pciide0: using irq 10 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: WDC WD1200JB-75CRA0 wd0: 16-sector PIO, LBA, 114440MB, 234375000 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MITSUMI, CD-ROM FX320M !B, m01 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, DMA mode 2 pcib0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 xl1 at pci0 dev 19 function 0 3Com 3c905B 100Base-TX rev 0x24: irq 10, address -censored- exphy1 at xl1 phy 24: 3Com internal media interface isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffdd netmask fffd ttymask pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matched BIOS disk 80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- The card was detected by OpenBSD 3.7 (AMD64) on my ASUS K8V800 but it seams OpenBSD 3.7 (i386) on the ASUS K7V880 has a problem. It's no IRQ-related bug because I removed all other cards to see if the card needs a IRQ wich was already in use by another card. It would be nice if somebody could tell me if I did something wrong. I also loosed the e-Mail of the developer otherwise I would prefere to talk with him. I need the Wlan-Card because I've to set up an AP because the NIC of my Notebook is fucked up (so WLAN+IPSec). I would like to switch the
Re: OBSD 3.7 ports -- mysql [offtopic!]
2005/5/25, [EMAIL PROTECTED] [EMAIL PROTECTED]: [installed pSQL from ports so: aggro offtopic] That's nice for MySQL.. I'm still waiting until dataloss will be accapted as DoS-Case so that the PostgreSQL would be updated up to 7.4.8 (but a update to 8.0.3 would be better anyway) http://www.openbsd.org/cgi-bin/cvsweb/ports/databases/postgresql/
Re: OBSD 3.7 ports -- mysql
Daniel Ouellet wrote: Per Engelbrecht wrote: I'm about to launche a [3.7 AMD64 GENERIC.MP] mysql server (mysql backend for a lot of servers / production environment) and would like to test and use the new MySQL 4.1.12 I have the packages for i386 and amd64 ready for all clients, servers, and test, or the files if you want to make your own compile from source. pkg would be nice. You can get it from here for now for your amd64: http://openbsdsupport.org/packages/amd64/ Check and done. You will need to install the package p5-DBD-mysql-2.9004.tgz, but that's already available on the main site. So, get it from there. Then install the client and server. I didn't release the test suite as it doesn't go in the right place yet and I haven't finish the testing on it. Fine by me Daniel. You can use these, but it will be better in a few days. May be two or so. I don't expect any changes in these two, but you never know. The server should be running a.s.a.p (as usual) and I'll start working on the sql part now and do some testing. If you come up with radical changes within the next couple of days or so, I'll take it from there. Feedback would be welcome, but heavy testing would be best before using in production obviously! I'll give you feedback and yes, testing in a production is always a risky business. The other servers using the sql-server will be assigned one by one i.e. I have time to fix things with your help (*) before any major disaster strikes. (* = with your updates that is) Have fun! Thank you. Daniel PS: I will let you know when the final package are done if there is any changes on it. I would appreciate that very much. respectfully /per [EMAIL PROTECTED]
error building userland - inconsistent operand constraints in an `asm'
dear all, after trying to get along on my own for a while, i finally go so disapointed and unsatisfied and decided that i need help. i always ran into the same problem, so there must be something wrong about my procedure how i build kernel AND userland. i got the final release of openbsd 3.7 on may 21 by ftp. burned it on a cd and made a fresh installation. after the system was up an running, i got ports and sources via cvs by doing the follwing : # cd /usr # cvs -q get -rOPENBSD_3_7 -P src and # cd /usr # cvs -q get -rOPENBSD_3_7 -P ports then i made a custom kernel by copying the GENERIC conf file to a file named myGENERIC and did a bit customizing. to build the kernel i followed the steps described on the official openbsd.org site (http://www.openbsd.org/faq/faq5.html) # cd /usr/src/sys/arch/i386/conf # config myGENERIC # cd ../compile/myGENERIC # make clean make depend make instead of make install i first made a backup of the existing kernel (# cp /bsd /bsd.old) and then copied the new one over the existing (# cp bsd /bsd) after a reboot, i checked dmesg and everything seemd to work perfectly. then, i went through the steps of building the userland. # rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc env DESTDIR=/ make distrib-dirs # cd /usr/src # make build and that's the point where it ALWAYS stops with exactly the same error message!! i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always run into the same error :-( OUTPUT cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wsign-compare -I/usr/src/lib/libpthread/uthread -I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include -D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386 -c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function `_atomic_lock': /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand constraints in an `asm' *** Error code 1 Stop in /usr/src/lib/libpthread. *** Error code 1 Stop in /usr/src/lib. *** Error code 1 Stop in /usr/src (line 72 of Makefile). [EMAIL PROTECTED]:/usr/src]$ /OUTPUT can someone please tell me what i'm doing wrong? is there a way to get the sytem back into a clean state without doing a fresh install? greetingz thomas
Re: My NIC go to sleep?
Hello, I'm a newwbie on OpenBSD and I've installed it on a IBM P100 Computer. I have a Intel 82557 NIC inside. This NIC can be seen as fxp0. My problem is: When I don't use the comuputer during about 5 minutes, my NIC go to sleep and don't want to receive or send any frames. But if I press a key on the keyboard or if I connect by SSH through another NIC,fxp0 works again during about 5 minutes. It is a strange behaviour. I don't know if it is a bug or a feature, but I didn't see anything about that in the FAQ or in the the manual. I've verified with tcpdump, when my NIC is sleeping, it don't view anything. Thanks for your help... Excuse me for my bad english PS: My NIC works well with Linux. Pascal S. *cut* I had something similiar with an PC too (but I can't remember if it was also IBM or DELL or whatever). Maybe it sounds crazy but deactivate everything related with power-saving (if your BIOS provides that). The PC I remeber had some problems because of the fucked up BIOS (like my notebook with PCMICA...). Maybe a BIOS-Update could solve that problem (I would update it anyway..). It's just a little hint and maybe no solution but try and error..or? ;) Btw: Any output at the console? The only Chipset I remember wich was realy fucked up was a SiS. I had to do always a sh /etc/netsart to restart the network. Btw: LINUX is supported by some fatcats... So you could say But with Windows it works well... yeah maybe. But I'm sure you wont compare that NDA-shit with such beautifull OS like oBSD. ;)) Kind regards, Sebastian
Re: error building userland - inconsistent operand constraints in an `asm'
I think the first thing you did wrong was to post that you'd done some customizing on this list. Now i'm sure you have good reasons, but honestly the usual reaction to that kind of thing is don't talk to us until you've stopped customizing and tried it with GENERIC. Just a warning that you're likely to get quite badly shouted at, have been lurking here for a little while and honestly it happens WAY too often, and the reaction is always the same. Have you tried it with GENERIC to see if the problem is still the same, or is there some massive problem which means you can't use GENERIC? Might be worth a try, although am sure someone who actually knows these things will spot what's wrong and tell you so. Dan On 5/25/05, fehler404 [EMAIL PROTECTED] wrote: dear all, after trying to get along on my own for a while, i finally go so disapointed and unsatisfied and decided that i need help. i always ran into the same problem, so there must be something wrong about my procedure how i build kernel AND userland. i got the final release of openbsd 3.7 on may 21 by ftp. burned it on a cd and made a fresh installation. after the system was up an running, i got ports and sources via cvs by doing the follwing : # cd /usr # cvs -q get -rOPENBSD_3_7 -P src and # cd /usr # cvs -q get -rOPENBSD_3_7 -P ports then i made a custom kernel by copying the GENERIC conf file to a file named myGENERIC and did a bit customizing. to build the kernel i followed the steps described on the official openbsd.org site (http://www.openbsd.org/faq/faq5.html) # cd /usr/src/sys/arch/i386/conf # config myGENERIC # cd ../compile/myGENERIC # make clean make depend make instead of make install i first made a backup of the existing kernel (# cp /bsd /bsd.old) and then copied the new one over the existing (# cp bsd /bsd) after a reboot, i checked dmesg and everything seemd to work perfectly. then, i went through the steps of building the userland. # rm -rf /usr/obj/* # cd /usr/src # make obj # cd /usr/src/etc env DESTDIR=/ make distrib-dirs # cd /usr/src # make build and that's the point where it ALWAYS stops with exactly the same error message!! i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always run into the same error :-( OUTPUT cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wsign-compare -I/usr/src/lib/libpthread/uthread -I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include -D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386 -c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function `_atomic_lock': /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand constraints in an `asm' *** Error code 1 Stop in /usr/src/lib/libpthread. *** Error code 1 Stop in /usr/src/lib. *** Error code 1 Stop in /usr/src (line 72 of Makefile). [EMAIL PROTECTED]:/usr/src]$ /OUTPUT can someone please tell me what i'm doing wrong? is there a way to get the sytem back into a clean state without doing a fresh install? greetingz thomas
Re: risky alias..
Adam Gleave wrote: I don't understand your point --- START: Shell output --- puffy:nard {109} alias foo 'echo bar' puffy:nard {110} foo bar puffy:nard {111} su - Password: Terminal type? [screen] puffy# foo foo: Command not found. --- END: Shell output --- the thing i meant was something more like this: puffy:nard {109} alias su 'echo bar' puffy:nard {110} su bar --- END: Shell output --- would be easily to get password or something else.
Re: risky alias..
I don't understand your point --- START: Shell output --- puffy:nard {109} alias foo 'echo bar' puffy:nard {110} foo bar puffy:nard {111} su - Password: Terminal type? [screen] puffy# foo foo: Command not found. --- END: Shell output --- If a person gets access to manipulate shell startup scripts then your likely messed up anyway. On 25/05/05, Mike [EMAIL PROTECTED] wrote: just a question that has been in my mind for several years, as for aliases isn't that a bit risky to allow to do something like: alias /usr/bin/su='echo damn.' as PATH and other enviroment values are strictly parsed and stuff shouldn't there be something for this too or do i miss something important or is this too paranoid.. -- Adam Gleave [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]
Re: NIC bonding/trunking/802.3ad
Niall O'Higgins wrote: On Tue, May 24, 2005 at 02:01:23PM +0100, Hyb wrote: It seems that the topic of 802.3ad support (link aggregation|bonding|trunking|whatever you want to call it) seems to come every so often, but is often disregarded on the basis that gigE is now cheap. I see the redudancy as a much more valuable asset though. speak of the devil! reyk@ got there already ... http://marc.theaimsgroup.com/?l=openbsd-cvsm=111690466011478w=2 How does this compare to NetBSD agr(4)? Is this also IEEE 802.3AD? Cheers, Dries
Re: Xorg problem with Intel 82852GM on OpenBSD 3.7
Yes, i found these reports too, but without a solution. Adam, to be not alone with this problem not doing me happier :) The strange thing is that with Linux, FeeBSD, FreeSBIE, NetBSD Live all works. I tried also to use xorg.conf files of these last, but i recived the same problem... I think the problem is at the kernel level, i hope not, but i think so. Thank you. On 5/25/05, Adam Gleave [EMAIL PROTECTED] wrote: Read through it again... and this is some interesting results: http://www.google.co.uk/search?hl=enq=%28WW%29+I810%280%29%3A+Detected+stolen+memory+%288000+kB%29+doesn%27t+match+what+the%0D%0ABIOS+reports+%28262080+kB%29btnG=Searchmeta= Seems you are not alone, and they're both HP as well... hmm.
Re: error building userland - inconsistent operand constraints in an `asm'
fehler404 wrote: dear all, after trying to get along on my own for a while, i finally go so disapointed and unsatisfied and decided that i need help. i always ran into the same problem, so there must be something wrong about my procedure how i build kernel AND userland. # cd /usr/src # make build and that's the point where it ALWAYS stops with exactly the same error message!! i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always run into the same error :-( This part makes no sense to me. I have seen loads and loads of weird compile errors, and other faults while trying to do stuff from release-current, or stable-current or current-flagday and so on, but I hardly believe that doing 3.5-install and your update-to-stable-stuff, 3.6-install and your update-stuff and finally 3.7-install and your update-stuff would give the same error. I might be wrong but it seems to be an infinitesimally small chance of getting the same error (which noone else have seen) on three releases in a row. /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function `_atomic_lock': /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand constraints in an `asm' *** Error code 1 -- Janne Johansson Sektionen fvr IT Media, Stockholms Universitet Frescati Hagvdg 10 106 91 STOCKHOLM http://www.it.su.se
Re: risky alias..
Jason Opperisano wrote: On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: would be easily to get password or something else. if $bad_person has the ability to modify your user's or the system-wide shell initialization files, why exactly would they need to steal your password at that point? -j -- Brian: Congratulations, Peter. You're the Spalding Gray of crap. --Family Guy i was just thinking that maybe my friend is a bad person or double agent or maybe the janitor is clever and attacks silently in that time when im going to bathroom and in a one time i forget to lock my desktop, then all is lost and disaster is there.
Re: risky alias..
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Sent: Wednesday, May 25, 2005 11:14 AM To: misc@openbsd.org Subject: Re: risky alias.. Jason Opperisano wrote: On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: would be easily to get password or something else. if $bad_person has the ability to modify your user's or the system-wide shell initialization files, why exactly would they need to steal your password at that point? -j -- Brian: Congratulations, Peter. You're the Spalding Gray of crap. --Family Guy i was just thinking that maybe my friend is a bad person or double agent or maybe the janitor is clever and attacks silently in that time when im going to bathroom and in a one time i forget to lock my desktop, then all is lost and disaster is there. Set the immutable flag on all of your files and then change the kernel security level so that they cannot be changed even by root. All kinds of things will break, but then you can leave your system logged on while you walk away.
Re: quick malloc guard patch
Jonathan Thornburg wrote: when malloc gets a request with a size equal to the size of a pointer, we can allocate a whole page, and return a pointer 4 bytes from the end. the four bytes allocated are useable, but don't touch the fifth or any later ones. (8 bytes on 64bit archs). Is the plan to make this the default behavior, or just to add it as another option selectable by /etc/malloc.conf? This would make all 4/8-byte mallocs take up one page(4k) each if I understand this correctly. That's fine for debugging, but probably too expensive for normal usage. -- Janne Johansson Sektionen fvr IT Media, Stockholms Universitet Frescati Hagvdg 10 106 91 STOCKHOLM http://www.it.su.se
Re: 80-page Pharma complimentary report-Emerging Business models in Pharma
Hello! This is just a quick note to inform you about an 80-page report on the Pharmaceutical Industry that we're able to provide you - at no cost. Compiled by some of the best analysts in the industry, the report provides an insight into the latest trends and strategies in the Pharmaceutical Industry. Over 50 pharma and biotech companies have been interviewed and benchmarked, and the resulting analysis will give you a comprehensive look at the future of the Industry. Maybe you haven't heard this yet - but Pharma companies are going through some huge changes in response to activities such as parallel trade, generic vs. patent fight, mergers and acquisitions, in-licensing and out-licensing, and the choice between semi block buster and block buster model. The report not only analyses the large structural changes and dynamic shifts in the Industry, it also takes an in-depth look at new revenue models. Another area of analysis is the shift from chemical-based small molecules to biology-based large molecules like antibodies and protein, and what new opportunities this has created in the Industry. To download the full report and view the table of contents click here. http://www.jsbintelligence.com/template.asp?docId=22docName=Pharma-Report-Form Should you be the wrong person to contact for this type of report, we would greatly appreciate if you would forward this email to the appropriate person in your company. Please do not hesitate to contact us shall you have any questions. Regards, The JSB Intelligence Team www.jsbintelligence.com http://www.benchmarkemail.com/link/unsubscribe.asp?g=0c=44577l=37709331[EMAIL PROTECTED] Click here to unsubscribe from our mailing list. Or reply to this message with the word unsubscribe or remove in the subject line. Address : Kildare House, 102-104 Sheen Road City: London St: Outside US Zip: TW9 1UF Powered by Benchmarkemail http://www.benchmarkemail.com REPORT ABUSE http://www.benchmarkemail.com/link/report_abuse.asp?g=0c=44577l=37709331[EMAIL PROTECTED]
Re: NIC bonding/trunking/802.3ad
- Original Message - From: Jim Razmus [EMAIL PROTECTED] To: misc@openbsd.org Sent: Tuesday, May 24, 2005 7:12 PM Subject: Re: NIC bonding/trunking/802.3ad But this requires cooperation on the part of the switch. The original poster mentioned connecting to two distinct switches to remove the switch as a SPOF. Correct me if I'm wrong, .3ad does not address this. Unfortunately no, .3ad doesn't address failover or aggregation over multple switches. As I understand 'trunkproto roundrobin' will do though in a master/slave fashion. Which is good.. now to test it. Regards,
Re: error building userland - inconsistent operand constraints in an `asm'
fehler404 wrote: dear all, after trying to get along on my own for a while, i finally go so disapointed and unsatisfied and decided that i need help. i always ran into the same problem, so there must be something wrong about my procedure how i build kernel AND userland. # cd /usr/src # make build and that's the point where it ALWAYS stops with exactly the same error message!! i tried it with openbsd version 3.5, version 3.6 and version 3.7. i always run into the same error :-( This part makes no sense to me. I have seen loads and loads of weird compile errors, and other faults while trying to do stuff from release-current, or stable-current or current-flagday and so on, but I hardly believe that doing 3.5-install and your update-to-stable-stuff, 3.6-install and your update-stuff and finally 3.7-install and your update-stuff would give the same error. I might be wrong but it seems to be an infinitesimally small chance of getting the same error (which noone else have seen) on three releases in a row. i'm sorry, but this is the truth! as long as i'm been fighting with openbsd i did ran into this problem from release to release... so normally i only did a relase installation and led the rest untouched, because of the fact that building userland leads into the same error... believe me it is always the SAME probleme and error message during the build of userland!! /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function `_atomic_lock': /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand constraints in an `asm' *** Error code 1
Re: quick malloc guard patch
Hello! On Wed, May 25, 2005 at 03:17:59PM +0200, Janne Johansson wrote: [...] This would make all 4/8-byte mallocs take up one page(4k) each if I understand this correctly. That's fine for debugging, but probably too expensive for normal usage. I tend to agree. While most applications will allocate 4/8 byte values either as local variables or as part of something bigger, you can't exclude cases where generic code could hit that case in masses. Take for example a list of variable-length lists of integers: int **list; int *sizes; sizes = (int *) malloc(lines * sizeof(int)); list = (int **) malloc(lines * sizeof(int*)); /* error checking, of course */ for (i = 0; i lines; ++ i) { sizes[i] = choose_size(i); list[i] = (int *) malloc(sizes[i] * sizeof(int)); choose_values(list[i], sizes[i]); } Now if the sizes returned by choose_size are in a distribution with an average of a few (say 4), but with a big variation, a size of 1 might occur often enough, i.e. you might waste *much* memory and time (mmap of single pages might well hit the kernel much). That's why I tend to agree, very cool idea for debugging (like it seems to be now, with the flag G), but not a low enough overhead for full production use (*un*like things like propolice etc.). Kind regards, Hannah.
Re: how to ifconfig another ip address in a network device
You can try man ifconfig and look for alias section. OpenBSD is not Linux for such commands. Le 26 mai 05 ` 00:09, wang fei a icrit : i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work.
Re: how to ifconfig another ip address in a network device
Wang, Unlike many linux distros, OBSD has excellent manpages that will help you with this. On 5/25/05, wang fei [EMAIL PROTECTED] wrote: i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but it doesn't work.
Re: risky alias..
or clean out $IFS and then call /usr/bin/su or other sensitive app... search paths are a convenience, if you're worried about trojans in ~/bin and ., then the least you could do is use the full path to a program. On 5/25/05, Ray [EMAIL PROTECTED] wrote: On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: the thing i meant was something more like this: puffy:nard {109} alias su 'echo bar' puffy:nard {110} su bar [EMAIL PROTECTED] alias su='echo bar' [EMAIL PROTECTED] su bar [EMAIL PROTECTED] \su Password: -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: djbdns DNS server? Status, Pros and Cons?
On Tue, May 24, 2005 at 06:50:46PM -0500, Emilio Perea wrote: | I use djbdns on OpenBSD, and don't know anything that needs patching for | my uses. However, I don't do ipv6. There is a patch to do that, but if | I needed ipv6 support I'd probably stick with OpenBSD's version of BIND. | (At least until djb gets around to supporting ipv6.) The IPv6-patch for djbdns isn't really very good. I'd recommend against using it. I'm not a big BIND fan when it comes to large-scale caching nameservers either though (although BIND does do IPv6 better .. and its license is a big plus over djbdns). For large caches I'm not sure what to recommend ;P DJB should get around to adding decent IPv6, but only after he gets around to adding a decent license. Then again, that's just my opinion. Of course DJB has every right to use whatever license he sees fit for his software and you have every right to use whatever you like, licenses not withstanding. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: risky alias..
If a person gains access to your account, it's already too late to stop anything. They can change your shell to a trojaned one, install a keylogger, remove something from path variable to manipulate it, etc. This is what I would do: Scenario #1: Console login Vulnerability: A person could gain access to the current user you have logged in/su'ed in. They also gain possible sudo privilleges. Solution: Login. Type exec screen -S vtn, when temporarily finished with a session detatch said screen session using Ctrl+a+d. Your screen session can be resumed by logging back in and doing exec screen -S vtn -r. Note that the -S paramater is optional and specifies session name. If you didn't know, exec should tell the shell to not fork and exec but just exec, thus overwriting itself and therefore when the program ends ending your session. Scenario #2: X session Vulnerability: A person could gain access to the current user you have logged in as, and any terminals you have open. Solution: Login. Type exec startx. When temporarily finished lock session with xlock (or some similair solution). See above for exec definition. And don't forgot to look it is the rule. For me, it's a habbit for if I so much as turn my back to the computer to type Ctrl+x (a keybind I have to lock session) :) Oh, and have at least three users: root admin account (can su to root, some other privilleges. group staff) user account (can't su to root, maybye not to anyone else. group users) Login to admin account only if you need it, and from that login to root only if you need it. Then, at least you don't have whole system compromise. On 25/05/05, Mike [EMAIL PROTECTED] wrote: Jason Opperisano wrote: On Wed, May 25, 2005 at 04:09:20PM +0300, Mike wrote: would be easily to get password or something else. if $bad_person has the ability to modify your user's or the system-wide shell initialization files, why exactly would they need to steal your password at that point? -j -- Brian: Congratulations, Peter. You're the Spalding Gray of crap. --Family Guy i was just thinking that maybe my friend is a bad person or double agent or maybe the janitor is clever and attacks silently in that time when im going to bathroom and in a one time i forget to lock my desktop, then all is lost and disaster is there. -- Adam Gleave [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ] -- Adam Gleave [ OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 ]
Re: ALTQ: amount of queue rules
Greets maximum number of queues are in include files.For CBQ limit is 256, HFSC 64 per interface. Also you can use QoS only on outgoing interface. I am about to test something that I read very recently, written by D. Hartmeier?? (could be mistaken) When doing QOS on inbound, i.e. and inound ssh connection keep state you are then controlling outbound traffic based on an inbound connection. A search or the archives will reveal if it was Daniel or not. -- Sincerely Bob DeBolt
Re: use ifstated to modify pf/rdr
On May 25, 2005, at 11:51 AM, Joel CARNAT wrote: I would like to use ifstated (OpenBSD 3.7/i386) in the http://www.openbsd.org/faq/pf/pools.html#incoming case (except I'll use SMTP server, not HTTP) to modify the $web_servers macros when one of the server if detected to be down (no SMTP response, or no ping, whatever is best). I found no such example on google and don't know where to start... Has anyone already done such a thing ? Anyone can provide me with the pf.conf part and ifstated.conf ? I've already use ftpsesame and play with the pf tags but I don't get how to produce them with ifstated... If you want to monitor servers and remove them from availability, use PF tables to store address lists. Then use your script (shell, perl, etc) to monitor them and delete them from the table if they become unavailable. When they come back to life, just add them to the table. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: use ifstated to modify pf/rdr
On Wed, May 25 2005 - 12:58, Jason Dixon wrote: On May 25, 2005, at 11:51 AM, Joel CARNAT wrote: I would like to use ifstated (OpenBSD 3.7/i386) in the http://www.openbsd.org/faq/pf/pools.html#incoming case (except I'll use SMTP server, not HTTP) to modify the $web_servers macros when one of the server if detected to be down (no SMTP response, or no ping, whatever is best). I found no such example on google and don't know where to start... Has anyone already done such a thing ? Anyone can provide me with the pf.conf part and ifstated.conf ? I've already use ftpsesame and play with the pf tags but I don't get how to produce them with ifstated... If you want to monitor servers and remove them from availability, use PF tables to store address lists. Then use your script (shell, perl, etc) to monitor them and delete them from the table if they become unavailable. When they come back to life, just add them to the table. well... I thought ifstated would do that automagically (and was meant to do such things). did I misunderstood it's use ? [demime 1.01d removed an attachment of type application/pgp-signature]
Re: use ifstated to modify pf/rdr
On May 25, 2005, at 1:54 PM, Joel CARNAT wrote: On Wed, May 25 2005 - 12:58, Jason Dixon wrote: If you want to monitor servers and remove them from availability, use PF tables to store address lists. Then use your script (shell, perl, etc) to monitor them and delete them from the table if they become unavailable. When they come back to life, just add them to the table. well... I thought ifstated would do that automagically (and was meant to do such things). did I misunderstood it's use ? Yes. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: How to debug something like this?
It seems that increasing openfiles-cur to infinity works the best in this situation, so I guess this is solved. Gerardo, I will try your updated port soon. Regards, Wijnand
Re: Email Server
[EMAIL PROTECTED] wrote: On Tue, May 24, 2005 at 09:18:58AM -0700, Bruno Delbono wrote: [EMAIL PROTECTED] wrote: Ports aren't generally checked for much other than Does it build? and Does it work?. So, secure by default means that you should only run OpenBSD as it comes and do not touch anything on it. Or else, it won't be secure by default; your warranty is voided and Theo will spank you. in the base install is a very important phrase. Ports don't get audited much, if at all. This isn't any sort of slap to the porters; it's just there's a *lot* of code in the port and examing that code for correctness isn't their intent. Ports are a convenience, not a promise. Postfix and cyrus aren't base install, and therefore aren't covered. Ain't life terrible? Thanks for the info. My concern is that OpenBSD is secure by default when you do a base install but when you start adding things like Postfix etc... are you still secure? I know you can configure the system so that most files are read only. I also know that you can run Postfix in a sandbox ( jail ). It all depends on how much work I want to put into securing the system. If the answer to the above question is no!, then I'll have to lock down Postfix etc... If the answer to the above question is Yes! then I can leave things the way they are and just install Postfix. There are trade offs between security and management over head. Putting Postfix in a sandbox is a nice idea but my understanding is that you have to take Postfix off-line to add any users and then putt it back in the sandbox and then bring it back on-line. Leaving Postfix outside of a sandbox means you just add users when you need to. I did this once on a FreeBSD email server a few years back. I decided that a sandbox was to much work. I'm still a long ways away from designing a system. I haven't even decided which OS I want to use. If enough people on the list can convince me that OpenBSD is the way to go I'll install it on a system, ship it down to Seattle and collect my mail. This will be on a test domain of course.
SuperMicro
An associated mentioned that they were having decent OS compatility (Linux) with SuperMicro machines. Has anyone tried them? They seem to be pretty cost effective for the h/w capability. Lee
Re: Email Server
At 11:31 AM 5/25/2005 -0800, Damien Hull wrote: [EMAIL PROTECTED] wrote: o, secure by default means that you should only run OpenBSD as it comes and do not touch anything on it. Or else, it won't be secure by default; your warranty is voided and Theo will spank you. in the base install is a very important phrase. Ports don't get audited much, if at all. Thanks for the info. My concern is that OpenBSD is secure by default when you do a base install but when you start adding things like Postfix etc... are you still secure? Seems like you answered your own question - if you WANT 'secure by default', you will use base install - what's there (Sendmail, BIND, etc.) has a pretty great track record. If you want more, you're relying on the additional 'risks' imposed by the ports and/or packages. Our policy here is base only, if at all possible, and it has served us and our clients well. Lee
AMD Releases Specifications of Virtualization Technology.
A link to a pdf file with complete Pacifica cpu virtualization details (except for what sockets are supported) is http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/33047.pdf Dave Feustel
Re: Email Server
Damien Hull wrote: I'm still a long ways away from designing a system. I haven't even decided which OS I want to use. If enough people on the list can convince me that OpenBSD is the way to go I'll install it on a system, ship it down to Seattle and collect my mail. This will be on a test domain of course. I don't think anyone will try to convince you to use OpenBSD, really! It's great and does a wonderful job and it is secure. But in the end, everyone will tell you, use what fit the job! Meaning, if you want to use FreeBSD as you express you did before, then go ahead with it. If you want something very secure that was design from the ground up with that #1 priority in mind, then use OpenBSD. But don't expect anyone to try to convince you to use OpenBSD. If you are not convince by yourself by reading the archive, or looking at the goal of the site and if security is not your top priority, then may be OpenBSD is not for you. Me, I use it for security reason #1 and for years. I stick with that. If it is harder to install some applications, or can't even use some that I may want to, then that's that! I am simply not treading security for features, or even applications. Everyone will tell you, use what fit the needs to have, regardless if that's OpenBSD, or anything else. May be this can also answer your question: http://openbsd.org/faq/faq1.html#WhyUse Hope this help a bit. Daniel
Re: Email Server
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damien Hull Sent: Wednesday, May 25, 2005 3:31 PM To: [EMAIL PROTECTED] Cc: misc Subject: Re: Email Server [EMAIL PROTECTED] wrote: On Tue, May 24, 2005 at 09:18:58AM -0700, Bruno Delbono wrote: [EMAIL PROTECTED] wrote: Ports aren't generally checked for much other than Does it build? and Does it work?. So, secure by default means that you should only run OpenBSD as it comes and do not touch anything on it. Or else, it won't be secure by default; your warranty is voided and Theo will spank you. in the base install is a very important phrase. Ports don't get audited much, if at all. This isn't any sort of slap to the porters; it's just there's a *lot* of code in the port and examing that code for correctness isn't their intent. Ports are a convenience, not a promise. Postfix and cyrus aren't base install, and therefore aren't covered. Ain't life terrible? Thanks for the info. My concern is that OpenBSD is secure by default when you do a base install but when you start adding things like Postfix etc... are you still secure? I know you can configure the system so that most files are read only. I also know that you can run Postfix in a sandbox ( jail ). It all depends on how much work I want to put into securing the system. If the answer to the above question is no!, then I'll have to lock down Postfix etc... If the answer to the above question is Yes! then I can leave things the way they are and just install Postfix. There are trade offs between security and management over head. Putting Postfix in a sandbox is a nice idea but my understanding is that you have to take Postfix off-line to add any users and then putt it back in the sandbox and then bring it back on-line. Leaving Postfix outside of a sandbox means you just add users when you need to. I did this once on a FreeBSD email server a few years back. I decided that a sandbox was to much work. I'm still a long ways away from designing a system. I haven't even decided which OS I want to use. If enough people on the list can convince me that OpenBSD is the way to go I'll install it on a system, ship it down to Seattle and collect my mail. This will be on a test domain of course. Any operating system will end up using third party applications, and any operating system can be secure by default if it ships with no services running. When evaluating a third party application like postfix, you have two security realms. The actual application, and the operating systems that supports it. With OpenBSD, you have a very nice foundation that can help enhance the security of the third party service. For example, OpenBSD randomizes PID number creation, which made some exploits against insecure temp file creation that much more difficult. OpenBSD includes a lot of other protection mechanism that help applications without any real effort by you. OpenBSD also includes some nice tools like systrace that you can use to actively harden a service. While other operating systems may include similar protections, OpenBSD provides simple and effective mechanisms. Simplicity is very important. Compare OpenBSD/NetBSD systrace to the SELinux mechanism for an example. If I had to run an insecure service on any platform, it would be OpenBSD. It is better to assume that everything is insecure, and design to reduce the effectiveness of those failures. I think this is why the OpenBSD folks are moving as much as possible towards privilege separation. It is better to assume that your application is insecure.
Re: Email Server
On May 25, 2005, at 3:31 PM, Damien Hull wrote: Thanks for the info. My concern is that OpenBSD is secure by default when you do a base install but when you start adding things like Postfix etc... are you still secure? How is something that is not default, still default? If we want to start jerking off to Zen koans, I'll go get some sake. I know you can configure the system so that most files are read only. I also know that you can run Postfix in a sandbox ( jail ). It all depends on how much work I want to put into securing the system. If the answer to the above question is no!, then I'll have to lock down Postfix etc... If the answer to the above question is Yes! then I can leave things the way they are and just install Postfix. Postfix is pretty secure in and of itself. It's a well-designed application: small helper apps operating under least privilege. The number of security problems has been low over the years, and it's easy to configure and maintain. Replacing sendmail with postfix is trivial and headache free if you either know what you're doing or can, y'know, read and follow instructions somewhat well. There are trade offs between security and management over head. Putting Postfix in a sandbox is a nice idea but my understanding is that you have to take Postfix off-line to add any users and then putt it back in the sandbox and then bring it back on-line. Leaving Postfix outside of a sandbox means you just add users when you need to. I did this once on a FreeBSD email server a few years back. I decided that a sandbox was to much work. chroot, or root jail, and Postfix chroots itself by default. The only things that you need to concern with, generally, are: 1) Keeping things in /var/spool/postfix/etc in sycn with the rest of the system. If you change DNS servers in /etc/resolv.conf, you will need to copy the updated file to the spool dir. Write a script to do it if it's likely you will forget. 2) Remembering that sockets will need to be in the chroot, or you will need another method of IPC. e.g, if you are using SASL, you will tell saslauthd to use /var/spool/postfix/var/sasl2 or whatever to dump its socket. If you are using MySQL, you will either need to drop the socket in a similar location under the chroot, or use TCP/IP to talk to MySQL. I'm still a long ways away from designing a system. I haven't even decided which OS I want to use. If enough people on the list can convince me that OpenBSD is the way to go I'll install it on a system, ship it down to Seattle and collect my mail. This will be on a test domain of course. Maybe you should consider doing some test installs and playing around with the system before finding inconsequential (and inaccurate) things like Postfix chroots are hard to deal with to make you not want to use it. (For the record, most Linux distros I've admin'd also leave postfix chroot'd; FreeBSD seems to do so as well -- which Postfix is by default; the Linux distros just have startup scripts to maintain state between the system and the chroot for you. This is trivial.) (If you want to talk about chroots being annoying, let's talk about Apache, Perl, and suexec. :-) There is system administration, and then there is application/service administration. Modern package management tends to make the latter trivial with regards to security updates. Configuration with regards to either of these domains is where issues tend to occur. Configuring OpenBSD is easy for all the reasons people have either already mentioned, or will: Sane system layout, good docs, etc, etc. Configuring your services is pretty much left up to you. Postfix configuration is so easy as to be almost entirely unnecessary for a lot of things. It's one of those few nice apps with sane defaults. I run five well-used OpenBSD mailservers at the moment, all with: Postfix+TLS+SASL Amavis+SpamAssassin+ClamAV Dovecot (IMAP-SSL) I have zero complaints. OpenBSD is a sanely laid-out system, easy to maintain, has well-written documentation, and very rarely gives me any sort of headache. (Is there an echo in here?) It's unlikely many people on this list will tell you much differently. But then, ask the same question on any other list dedicated to answering questions about something that *everyone on the list already uses* and what kind of answers are you expecting? :-) If you want something to convince you, maybe you should let ftp:// ftp.openbsd.org/pub/OpenBSD/3.7/ do the talking. -- bda cyberpunk is dead. long live cyberpunk.
Re: SuperMicro
I've bought several over the years and like them all. On Wednesday 25 May 2005 01:51 pm, L. V. Lammert wrote: An associated mentioned that they were having decent OS compatility (Linux) with SuperMicro machines. Has anyone tried them? They seem to be pretty cost effective for the h/w capability. Lee -- John R. Shannon [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Email Server
--On 25 May 2005 16:11 -0400, Will H. Backman wrote: Any operating system will end up using third party applications Not necessarily, it is perfectly possible to run e.g. routers, VPN gateways, NFS servers, wireless access-points, ftp and web servers, mail servers, [...] with just the audited software provided in base OpenBSD. But I know what you're saying. When evaluating a third party application like postfix, you have two security realms. The actual application, and the operating systems that supports it. With OpenBSD, you have a very nice foundation that can help enhance the security of the third party service. Yes, when you have no alternative but to run software which might be poorly-written, the OS can provide some protection against some types of problem. Though, when concerned about security of a particular piece of software, it's worth questioning what other areas might have not had enough attention and maybe look at the options carefully. I think that being around the general attitude of things being done 'the right way', well-documented, with a clean approach and attention to detail, helps the user to follow suit. OpenBSD certainly helps there.
Re: Xorg problem with Intel 82852GM on OpenBSD 3.7
On Wed, 2005-05-25 at 21:38:03 +0200, Murat Mamitov proclaimed... I'm planning to use my laptop like a desktop OS, i know, OpenBSD is less desktop between BSDs, Bullshit. you obviously know nothing. I've had it on my desktop since 2.8 Please go get a clue and stop spreading your bullshit. Please.
Re: subversion port 3.7 problem
use the package, I was able to successfully install it on my openbsd workstation. On 5/25/05, Price, Joe [EMAIL PROTECTED] wrote: Hi, when I try to build subversion on 3.7 i386 I get: [] main.o -c /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion- 1.1.3/subversion/svnadmin/main.c cd subversion/svnadmin /bin/sh /usr/ports/devel/subversion/w- subversion-1.1.3p0/build-i386/libtool --silent --mode=link cc -O2 -pipe -DNEON_ZLIB -DNEON_SSL -L/usr/local/lib/db4 -L/usr/local/lib -rpath /usr/local/lib -o svnadmin main.o../../subversion/libsvn_repos/libsvn_repos- 1.la http://1.la ../../subversion/libsvn_fs/libsvn_fs-1.la http://1.la../../subversion/libsvn_delta/libsvn_delta- 1.la http://1.la ../../subversion/libsvn_subr/libsvn_subr-1.lahttp://1.la/usr/local/lib/liba prutil- 1.la http://1.la -ldb -lexpat -liconv /usr/local/lib/libapr-1.lahttp://1.la-lintl -liconv -lz /usr/local/lib/libsvn_subr-1.so.0.0: warning: sprintf() is often misused, please use snprintf() main.o(.text+0x90b): In function `subcommand_recover': : undefined reference to `svn_repos_recover2' main.o(.text+0x9c1): In function `subcommand_recover': : undefined reference to `svn_repos_recover2' main.o(.text+0xe27): In function `subcommand_setlog': : undefined reference to `svn_repos_fs_change_rev_prop2' collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386 (line 355 of /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3 /build-outputs.mk http://outputs.mk). *** Error code 1 Stop in /usr/ports/devel/subversion (line 1769 of /usr/ports/infrastructure/mk/bsd.port.mk). I have YET to build subversion for OpenBSD, I thought I'd let the port do it for me =( Any ideas? Thanks! -- Abe Al-Saleh And then came the Apocolypse. It actually wasn't that bad, everyone got the day off and there were barbeques all around.
Re: SuperMicro
L. V. Lammert wrote: An associated mentioned that they were having decent OS compatility (Linux) with SuperMicro machines. Has anyone tried them? They seem to be pretty cost effective for the h/w capability. I like SuperMicro boxes. We have about a hundred as webservers, mail servers, proxies, etc. We run OpenBSD on their 2u 6023-P8s. Runs well. sk
Re: Network performance
* Antonios Anastasiadis [EMAIL PROTECTED] [2005-05-21 11:27]: Are all the xl-based cards crap without exceptions? yes. While I don't doubt Henning knows much much more than I do about such things, this answer doesn't exactly satisfy me. Poor performance on xl nics has been discussed many times on misc, but I have never seen much beyond 'they suck, use xyz'. From my experience, xl performance on FreeBSD, NetBSD, Loonix, and Windows* isn't all that terrible and I've been at a loss to explain why it is so disproportionately bad on OpenBSD. If someone told me that 3com wanted an NDA before giving the inside scoop on their chipsets and that is why the OpenBSD driver is so poor I could understand, but I've never seen anything like that. Running a diff of FreeBSD's xl driver to OpenBSD shows that they diverged long ago and have quite a few differences. ie: FreeBSD uses polling so I wasn't even going to attempt to analyze the other differences between driver sets. (I didn't compare NetBSD's xl driver which would have been a better comparison, but you get the idea) After all that, I'd love to hear more on exactly WHY xl nics suck. Another similar performance issue that I saw here a while back was poor performance of OpenBSD-OpenBSD network transfers (the thread was about NFS write performance I think). When you mix up transfers between other OS's (ie free-open, open-free, linux-open, free-linux, etc ) you don't see that performance loss. I don't remember how that thread ended, but I think it was mostly tips on how to increase NFS write performance and no mention of the network drivers/stack or why OpenBSD-OpenBSD sometimes is a little slow. I have quite a few older Dell GXwhatevers in my lab that come with integrated xl nics and I hate to have to replace the nics in them. but that's just my ranting... Matt
Re: subversion port 3.7 problem
Thank You! I had a version I tried to build from source before upgrading to 3.7 Got it installed now. From: steven mestdagh [mailto:[EMAIL PROTECTED] Sent: Wed 5/25/2005 6:01 PM To: Price, Joe Cc: misc@openbsd.org Subject: Re: subversion port 3.7 problem On Wed, May 25, 2005 at 05:22:54PM -0400, Price, Joe wrote: Hi, when I try to build subversion on 3.7 i386 I get: [] main.o -c /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3/subversion/svnadmin/main.c cd subversion/svnadmin /bin/sh /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386/libtool --silent --mode=link cc -O2 -pipe-DNEON_ZLIB -DNEON_SSL -L/usr/local/lib/db4 -L/usr/local/lib -rpath /usr/local/lib -o svnadmin main.o ../../subversion/libsvn_repos/libsvn_repos-1.la ../../subversion/libsvn_fs/libsvn_fs-1.la ../../subversion/libsvn_delta/libsvn_delta-1.la ../../subversion/libsvn_subr/libsvn_subr-1.la /usr/local/lib/libaprutil-1.la -ldb -lexpat -liconv /usr/local/lib/libapr-1.la -lintl -liconv -lz /usr/local/lib/libsvn_subr-1.so.0.0: warning: sprintf() is often misused, please use snprintf() main.o(.text+0x90b): In function `subcommand_recover': : undefined reference to `svn_repos_recover2' main.o(.text+0x9c1): In function `subcommand_recover': : undefined reference to `svn_repos_recover2' main.o(.text+0xe27): In function `subcommand_setlog': : undefined reference to `svn_repos_fs_change_rev_prop2' collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/ports/devel/subversion/w-subversion-1.1.3p0/build-i386 (line 355 of /usr/ports/devel/subversion/w-subversion-1.1.3p0/subversion-1.1.3/build-outputs.mk). *** Error code 1 Stop in /usr/ports/devel/subversion (line 1769 of /usr/ports/infrastructure/mk/bsd.port.mk). I have YET to build subversion for OpenBSD, I thought I'd let the port do it for me =( Any ideas? works fine here. maybe it's linking in older libraries again (this should not happen) from /usr/local/lib. so, are you sure you don't have any older subversion libraries installed in /usr/local/lib, before starting the build? steven
Re: SuperMicro
I ran 3.5 on a couple 5013G-Ms. Never had any problems. On Wed, 25 May 2005, L. V. Lammert wrote: An associated mentioned that they were having decent OS compatility (Linux) with SuperMicro machines. Has anyone tried them? They seem to be pretty cost effective for the h/w capability. Lee
Re: Rant: how stupid does java look
Hi Adam, Apologies for the delay in response; I've been busy. On 9 May 2005, at 11:52, Adam wrote: On Mon, 9 May 2005 07:40:10 +0100 Joseph Kiniry [EMAIL PROTECTED] wrote: While I guess I should have been a little more specific to only include languages that have enough libraries to be useful, and obviously purely functional languages aren't comparable, you ignoring the requirements I listed doesn't help things either. I mean seriously, on what planet exactly does python or java have performance close to C#? Whoops, there you go not following my advice. No, there you go living in a little fantasy world where you can say things and they are magically true. Python and java are both significantly slower than C#, especially python, its not even close. I have numbers to support my claim that they are close. Perhaps we have a different definition of close in this world of gigahertz and gigabytes. E.g., the highly optimized computer language shootout competition still has Python and Java running within 25% of C# on nearly all problem sets. This is also confirmed in my (extensive) personal experience with all mentioned languages sans C#. My experience with C# is gained through folks I work with, rather than my direct experience. You have contrary data? And the functional languages aren't comparable because they are functional languages. Ah, I see. I never saw functional language do not count prerequisite. My oversight I guess. Like I said, I should have been more specific, but haskell isn't just very different in how the language works, but also how a programmer thinks and uses it. I agree with you, unless you are one of those wacky procedural or OO programmers that likes recursion over iteration. :) I am not saying functional languages are better or worse than imperative languages, just that I should have included imperative on the list of requirements, my bad. Got'cha, no problem. I don't know why you so desperately want to hate C#, but perhaps you should try it sometime before claiming its so worthless. I do not hate it at all---I just cannot tolerate folks badmouthing languages or platforms with which they do not have extensive experience. I had presumed, given the tone of some of the responses to my post, that this was one of those situations. I could be wrong. Guess what, EVERYTHING is patented. Start digging through US patents and you'll find out that your options are to not use computers in any fashion, or infringe on bogus patents. I encourage you to search the US patent database for patents issued to Bell Labs for C++-related technologies. See http://www.uspto.gov/ patft/. Here is an advanced search query to get you started: APD/ 1/1/1980-12/25/1985 and Stroustrup. It is just an example, of course. If you have to ignore what I say just so you can argue with me, then lets take it off list. You can't honestly think a patent covering some aspect of C++ only matters if its Bell that holds it? Please pick three primary features of C++ then and I'll perform a patent search on them. That will not invalidate my claim, but will certainly invalidate yours. Joe --- Joseph Kiniry Department of Computer Science University College Dublin http://secure.ucd.ie/
Re: OpenBSD cd37.iso question
Setup a dhcp/bootp server along with tftpd on an exiting openbsd / linux box, put bsd.rd on there and boot of that over the network using boop()/bsd (as suggested in the INSTALL.sgi document). This worked fine for me. p.s. you'll need a serial console of sorts as that's the only way sgi/obsd will run at the moment. On Wed, May 25, 2005 at 01:51:24PM -0400, Phil Lawrence wrote: I was hoping to boot from the ISO included in the SGI snapshot, but I don't know how to burn it (it's not ISO9660). $ file OpenBSD/3.7/sgi/cd37.iso OpenBSD/3.7/sgi/cd37.iso: SGI disk label (volume header) How do I burn it? If I do burn it, will my O2 workstation boot from it so I can FTP install? Thanks, Phil
stdio Buffered functions
Sorry if it sounds to stupid. What happens to an application that was forked with stdout/stdin or even stderr opened for non-blocking I/O and it tries to read/write from/to any of those FD and no process is attained to the other end? PS: i known i could look into the source, but at the present momment: 0) have no OBSD installed, 1) Network problems: google IP address is the only outside access i have rright now.
Re: stdio Buffered functions
Would it be irrational to have it block ? Thanks a lot. On 5/25/05, Ted Unangst [EMAIL PROTECTED] wrote: On Wed, 25 May 2005, Gustavo Rios wrote: What happens to an application that was forked with stdout/stdin or even stderr opened for non-blocking I/O and it tries to read/write from/to any of those FD and no process is attained to the other end? it gets an error or SIGPIPE. -- desire is not an occupation
Hang using generic.mp with ami0
I've just set up a Compaq Proliant 6500 with OpenBSD 3.7-release. It works fine with the uniprocessor kernel, but when I boot from bsd.mp, it sits at mtrr: Pentium Pro MTRR support, then after a minute or two it reports ami0: timeout ccb 1 and hangs. I found http://marc.theaimsgroup.com/?m=109355301607068, which suggested upgrading the firmware on the card. I upgraded to the most current firmeware from AMI, no change. It's an HP NetRAID 2M and/or Megaraid Elite 1600. Dmesg from /bsd: OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2 cache) 500 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 3220791296 (3145304K) avail mem = 2931523584 (2862816K) using 4278 buffers containing 161140736 bytes (157364K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1400 0xe8000/0x6000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) fxp0 at pci0 dev 1 function 0 Intel 82557 rev 0x0d, i82550: irq 11, address 00:02:b3:8f:1a:3f inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 Compaq PCI Hotplug rev 0x04 at pci0 dev 11 function 0 not configured Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not configured siop0 at pci0 dev 13 function 0 Symbios Logic 53c875 rev 0x14: irq 10, using 4K of on-board RAM scsibus0 at siop0: 16 targets siop1 at pci0 dev 13 function 1 Symbios Logic 53c875 rev 0x14: irq 5, using 4K of on-board RAM scsibus1 at siop1: 16 targets vga1 at pci0 dev 14 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 15 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 15 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: COMPAQ, CDR-8435, 0013 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 15 function 2 Intel 82371AB USB rev 0x01pci_intr_map: no mapping for pin D : couldn't map interrupt Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 15 function 3 not configured pchb0 at pci0 dev 16 function 0 Intel 82451NX Mem IO rev 0x03 pchb1 at pci0 dev 18 function 0 Intel 82454NX PXB rev 0x04 pchb2 at pci0 dev 20 function 0 Intel 82454NX PXB rev 0x04 pci1 at pchb2 bus 4 ppb0 at pci1 dev 3 function 0 DEC 21154 PCI-PCI rev 0x05 pci2 at ppb0 bus 5 ppb1 at pci2 dev 0 function 0 DEC 21154 PCI-PCI rev 0x05 pci3 at ppb1 bus 6 ami0 at pci3 dev 0 function 0 AMI MegaRAID rev 0x02: irq 5 AMI 493/64b/lhc ami0: FW 111U, BIOS vF320, 128MB RAM ami0: 2 channels, 0 FC loops, 1 logical drives scsibus3 at ami0: 40 targets sd0 at scsibus3 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/direct fixed sd0: 8677MB, 1106 cyl, 255 head, 63 sec, 512 bytes/sec, 17770496 sec total QLogic ISP12160 rev 0x06 at pci2 dev 1 function 0 not configured Compaq PCI Hotplug rev 0x04 at pci1 dev 11 function 0 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e765 netmask ef65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matched BIOS disk 80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
Re: NIC bonding/trunking/802.3ad
Dries Schellekens wrote: http://marc.theaimsgroup.com/?l=openbsd-cvsm=111690466011478w=2 How does this compare to NetBSD agr(4)? Is this also IEEE 802.3AD? It does some things that agr does not, but doesn't do 802.3ad yet. Probably soon though. -d
Re: Hang using generic.mp with ami0
hmmm very odd. Let me try to reproduce. On May 25, 2005, at 6:59 PM, Steve Shockley wrote: I've just set up a Compaq Proliant 6500 with OpenBSD 3.7-release. It works fine with the uniprocessor kernel, but when I boot from bsd.mp, it sits at mtrr: Pentium Pro MTRR support, then after a minute or two it reports ami0: timeout ccb 1 and hangs. I found http://marc.theaimsgroup.com/?m=109355301607068, which suggested upgrading the firmware on the card. I upgraded to the most current firmeware from AMI, no change. It's an HP NetRAID 2M and/or Megaraid Elite 1600. Dmesg from /bsd: OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III Xeon (GenuineIntel 686-class, 2048KB L2 cache) 500 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3 6,MMX,FXSR,SSE real mem = 3220791296 (3145304K) avail mem = 2931523584 (2862816K) using 4278 buffers containing 161140736 bytes (157364K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:15:0 (Intel 82371AB PIIX4 ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1400 0xe8000/0x6000 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) fxp0 at pci0 dev 1 function 0 Intel 82557 rev 0x0d, i82550: irq 11, address 00:02:b3:8f:1a:3f inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 Compaq PCI Hotplug rev 0x04 at pci0 dev 11 function 0 not configured Compaq Netelligent ASMC rev 0x00 at pci0 dev 12 function 0 not configured siop0 at pci0 dev 13 function 0 Symbios Logic 53c875 rev 0x14: irq 10, using 4K of on-board RAM scsibus0 at siop0: 16 targets siop1 at pci0 dev 13 function 1 Symbios Logic 53c875 rev 0x14: irq 5, using 4K of on-board RAM scsibus1 at siop1: 16 targets vga1 at pci0 dev 14 function 0 ATI Mach64 GV rev 0x7a wsdisplay0 at vga1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 15 function 0 Intel 82371AB PIIX4 ISA rev 0x02 pciide0 at pci0 dev 15 function 1 Intel 82371AB IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: COMPAQ, CDR-8435, 0013 SCSI0 5/ cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 ignored (disabled) uhci0 at pci0 dev 15 function 2 Intel 82371AB USB rev 0x01pci_intr_map: no mapping for pin D : couldn't map interrupt Intel 82371AB Power Mgmt rev 0x02 at pci0 dev 15 function 3 not configured pchb0 at pci0 dev 16 function 0 Intel 82451NX Mem IO rev 0x03 pchb1 at pci0 dev 18 function 0 Intel 82454NX PXB rev 0x04 pchb2 at pci0 dev 20 function 0 Intel 82454NX PXB rev 0x04 pci1 at pchb2 bus 4 ppb0 at pci1 dev 3 function 0 DEC 21154 PCI-PCI rev 0x05 pci2 at ppb0 bus 5 ppb1 at pci2 dev 0 function 0 DEC 21154 PCI-PCI rev 0x05 pci3 at ppb1 bus 6 ami0 at pci3 dev 0 function 0 AMI MegaRAID rev 0x02: irq 5 AMI 493/64b/lhc ami0: FW 111U, BIOS vF320, 128MB RAM ami0: 2 channels, 0 FC loops, 1 logical drives scsibus3 at ami0: 40 targets sd0 at scsibus3 targ 0 lun 0: AMI, Host drive #00, SCSI2 0/ direct fixed sd0: 8677MB, 1106 cyl, 255 head, 63 sec, 512 bytes/sec, 17770496 sec total QLogic ISP12160 rev 0x06 at pci2 dev 1 function 0 not configured Compaq PCI Hotplug rev 0x04 at pci1 dev 11 function 0 not configured isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e765 netmask ef65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: sd0 matched BIOS disk 80 root on sd0a rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
Re: error building userland - inconsistent operand constraints in an `asm'
fehler404 [EMAIL PROTECTED] writes: OUTPUT cc -fstack-protector -DPTHREAD_KERNEL -D_POSIX_THREADS -D_THREAD_SAFE -Wall -Wpointer-arith -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wsign-compare -I/usr/src/lib/libpthread/uthread -I/usr/src/lib/libpthread/include -I/usr/src/lib/libpthread/../libc/include -D_LOCK_DEBUG -D_PTHREADS_INVARIANTS -I/usr/src/lib/libpthread/arch/i386 -c /usr/src/lib/libpthread/arch/i386/_atomic_lock.c -o _atomic_lock.o /usr/src/lib/libpthread/arch/i386/_atomic_lock.c: In function `_atomic_lock': /usr/src/lib/libpthread/arch/i386/_atomic_lock.c:22: inconsistent operand constraints in an `asm' This is not an OpenBSD compilation. Ask the person who changed your operating system. There is no help for you here. //art
Re: My NIC go to sleep?
[EMAIL PROTECTED] wrote: Hello, I'm a newwbie on OpenBSD and I've installed it on a IBM P100 Computer. I have a Intel 82557 NIC inside. This NIC can be seen as fxp0. My problem is: When I don't use the comuputer during about 5 minutes, my NIC go to sleep and don't want to receive or send any frames. But if I press a key on the keyboard or if I connect by SSH through another NIC,fxp0 works again during about 5 minutes. It is a strange behaviour. ... *cut* I had something similiar with an PC too (but I can't remember if it was also IBM or DELL or whatever). Maybe it sounds crazy but deactivate everything related with power-saving (if your BIOS provides that). The PC I remeber had some problems because of the fucked up BIOS (like my notebook with PCMICA...). Agreed. Some IBM systems of that vintage had power saving modes which went quite beyond the call of duty, turning way too much off way too hard. Your description sounds very much like this. Nick.
Re: Email Server
Damien Hull wrote: ... Thanks for the info. My concern is that OpenBSD is secure by default when you do a base install but when you start adding things like Postfix etc... are you still secure? How can that be answered? The weakest link determins system security. It doesn't matter how secure your door is if your Windows(tm) are unlocked. If you run an insecure app on a secure OS, you end up with an insecure system. It isn't hard to understand. OpenBSD has some leading-edge tricks to _help_ protect you against application errors, but nothing is going to help you against every poorly written -- or misused -- application. I know you can configure the system so that most files are read only. I also know that you can run Postfix in a sandbox ( jail ). It all depends on how much work I want to put into securing the system. If the answer to the above question is no!, then I'll have to lock down Postfix etc... If the answer to the above question is Yes! then I can leave things the way they are and just install Postfix. *sigh* maybe it is hard to understand... There are trade offs between security and management over head. correct. Everyone wants ultimate security. Assuming it doesn't inconvinience them. At all. (i.e., they don't give a rat's butt about security, but they can talk a good story). (sorry, that was a totally off-topic rant, not aimed at you at all...just at the world in general) Putting Postfix in a sandbox is a nice idea but my understanding is that you have to take Postfix off-line to add any users and then putt it back in the sandbox and then bring it back on-line. Leaving Postfix outside of a sandbox means you just add users when you need to. I did this once on a FreeBSD email server a few years back. I decided that a sandbox was to much work. you also have to decide what the sandbox really does. Sometimes...people make things really difficult to maintain but don't really improve the real security. Understand the why and how... I'm still a long ways away from designing a system. I haven't even decided which OS I want to use. If enough people on the list can convince me that OpenBSD is the way to go I'll install it on a system, ship it down to Seattle and collect my mail. This will be on a test domain of course. If you expect magic to happen if you run a bad app on a good OS, please go run something else. Here's what it boils down to: Run your mail server on OpenBSD, you will have to worry about the mail server and the OS. But you will have to worry about the OS less. The OS may save your butt from a security problem in your app, but if it does, you probably should have updated your app (or the developer should have been on the problem long before), which means you have other problems, problems that OpenBSD shouldn't be relied upon to solve (even if it might) If you don't trust your app, reconsider the choice, or contain the problem as best you can, so it can not spread to more critical systems. Nick.
Re: SuperMicro
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Me too. Nice machines, low cost and high performance. []'s Nadal John R. Shannon escreveu: I've bought several over the years and like them all. On Wednesday 25 May 2005 01:51 pm, L. V. Lammert wrote: An associated mentioned that they were having decent OS compatility (Linux) with SuperMicro machines. Has anyone tried them? They seem to be pretty cost effective for the h/w capability. Lee -- John R. Shannon [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFClR/yLQAusHT90XQRAtdKAKCK0pV+ZsHQx1c+aUPNZT9mLgIlSwCgizI9 yRLsqsNWXUsWVTzG72ZO8nw= =n5EF -END PGP SIGNATURE-
Re: Network performance
Matt Van Mater wrote: * Antonios Anastasiadis [EMAIL PROTECTED] [2005-05-21 11:27]: Are all the xl-based cards crap without exceptions? yes. While I don't doubt Henning knows much much more than I do about such things, this answer doesn't exactly satisfy me. Poor performance on xl nics has been discussed many times on misc, but I have never seen much beyond 'they suck, use xyz'. Short version: 3Com has a reputation for quality in some people's mind which is basically undeserved. Here's a list of most of the 3Com cards I've worked with over the years: 3c501: technically, probably worst ethernet card ever made, though as an early player, probably forgivable. I think the $500 price tag fell off one of the ones I have here a few years back...but that's what we used to sell 'em for. 3c503: Weird. Freaking. Card. (actually, works ok, but strangest config of any NIC I've used. Jumpers set IO port and shared RAM, driver sets IRQ. Really.) 3c505: early attempt at a server grade NIC -- on board 80186 processor, lots of RAM, DMA. Worked ok, as long as your machine had no more than 16M of RAM, otherwise things got...exciting. Never saw a performance difference, in spite of all the technology and price tag. 3c507: Oh, gawd. Just plug it in, watch it work! I'm sure it did for someone, sure didn't for our customers who were buying it. What IRQ is it at? Dunno What IO port? Dunno. Sheesh. 3c509: Worked. Easy software config. 3c509B: Worked Really Well, at least if you turn of PnP mode. OpenBSD has more trouble than Windows with the PnP mode, but it certainly wasn't trouble free on Windows. 3c515: 100Mbps ISA NIC, capable of...10Mbps performance. But it does make the 100Mbps light light up on your switch. Now, I'd not expect it to saturate the pipe...but it is a serious under-performer. 3c590: Look, ma! 100Mbps PCI! (see the link light?) 3c905: Ok, the 590 was a piece of junk, let's try again. We'll make it really hard to tell the difference between the 3c590 and the 3c905, too -- the poor saps will have to dig around with a magnifying glass to see which card this is. 3c905b: If at first you don't succeed... 3c905c: ...try, try again. BTW: the revisions of the 3c905 are .. annoying. 3c920, 3c555, 3c{lots}: ok, people are tired of us slapping letters on the end of a mid-grade card, let's make more confusing numbers. Oh, each requires an updated driver for Windows. Some are ok, some are abominations that were put in laptops and delivered performance that would make a decent ISA card hide in shame...but they DO light up that 100mbps link light, and we know that's all that matters, the users will never notice the 100kbps performance, or blame it on the laptop. Not included on this list: 3Com EISA cards who's numbers I've forgotten and don't care enough to go look up (worked. One appeared to have the 3c509's chip (not the B version). 100Mbps card didn't blow me over with its performance), and the laptop PCMCIA cards (worked). I'm one of the people that used to sing 3Com's praise, until one day I was reading through the FAQ, saw a cheap shot at 3Com, and started thinking about my experience and realized my praise was completely unwarranted. At a certain point, one starts to realize that all the bizzare, abnormal cases were not that bizzare or abnormal, as they keep happening. The only best in class NIC I can think of that they ever made was the 3c509B, and as the 'B' shows..took 'em a couple tries. From my experience, xl performance on FreeBSD, NetBSD, Loonix, and Windows* isn't all that terrible and I've been at a loss to explain why it is so disproportionately bad on OpenBSD. well, our experience differs. My experience with the 3c905 is that it usually works ok, but if things are wonky on my network, they get changed, and problems go away. That's on a lot of OSs, mostly Netware and Windows. The MAJORITY of time, yes sure, they work fine. When they go wonky, they irritate the heck out of you. If someone told me that 3com wanted an NDA before giving the inside scoop on their chipsets and that is why the OpenBSD driver is so poor I could understand, but I've never seen anything like that. well, we have no docs. The OpenBSD driver probably DOES have problems above and beyond those of the cards, but you can clean the pig up a lot...but it's still a pig (no offense intended to pigs). 3Com wrote the Netware and Windows drivers...and they didn't get it perfect, either. In fact, the 3Com Windows drivers win a non-unique prize for being annoying (Hi, we'll load this stupid diagnostic that kicks you off the network, crashing windows, if you try to run it. So don't run it. Just kiss a chunk of RAM bye-bye!) ... I have quite a few older Dell GXwhatevers in my lab that come with integrated xl nics and I hate to have to replace the nics in them. but that's just my ranting... As do I...GX100, GX1, etc. Hey, use 'em. If they do the job for you, great.
Re: Xorg problem with Intel 82852GM on OpenBSD 3.7
Thank you for your help Eric, you are a genius ;) On 5/25/05, eric [EMAIL PROTECTED] wrote: On Wed, 2005-05-25 at 21:38:03 +0200, Murat Mamitov proclaimed... I'm planning to use my laptop like a desktop OS, i know, OpenBSD is less desktop between BSDs, Bullshit. you obviously know nothing. I've had it on my desktop since 2.8 Please go get a clue and stop spreading your bullshit. Please.
Re: Rant: how stupid does java look
On Mon, May 09, 2005 at 01:52:34PM -0400, Adam wrote: No, there you go living in a little fantasy world where you can say things and they are magically true. Python and java are both significantly slower than C#, especially python, its not even close. I wonder what you mean by C# here; you of course need to refer to the underlying implementation (Mono, using the Boehm GC we love to hate, is a very different beast from the MS implementation). But lets not get bogged down in specifics eh? And the functional languages aren't comparable because they are functional languages. Why? OCaml isnt a functional language, its a language which supports higher-order functions. And its native-code performance beats the living daylights out of any C# implementation I've seen. But really, who cares? They both work on OpenBSD, pick one :) -- Anil Madhavapeddy http://anil.recoil.org University of Cambridge http://www.cl.cam.ac.uk
Re: Network performance
On Wed, 2005-05-25 at 23:26 -0400, Nick Holland wrote: 3c509: Worked. Easy software config. 3c509B: Worked Really Well, at least if you turn of PnP mode. OpenBSD has more trouble than Windows with the PnP mode, but it certainly wasn't trouble free on Windows. I think they made a 3c509C as well, but I could be quite wrong on this. And I second these as working very well; this message will travel across two of them. The 3c589 (I think) has worked well enough; my mom is still using one on her (Windows 2000 Professional) laptop. I used to have a 3c900 (I think, I remember the Linux kernel identifying it as a Vortex/Boomerang chipset or some such) in my other computer, and it worked well enough for what I used it for (it was a 10MBps PCI card on what was originally primarily a Windows gaming box that got repurposed into a GNU/Linux workstation) but I'm not exactly singing its praises. -- Shawn K. Quinn [EMAIL PROTECTED]
notice: layered mounts are gone
null and union mounts have been deleted. if you are using them and tracking current, you will have pain when you reboot. -- quit whining you haven't done anything wrong because frankly you haven't done much of anything
Re: Network performance
* Nick [EMAIL PROTECTED] [2005-05-26 05:46]: 3c920, 3c555, 3c{lots}: ok, people are tired of us slapping letters on the end of a mid-grade card, let's make more confusing numbers. Oh, 3c940: after dozens of years of trying they gave up and shipped a SysKonnect design
Re: stdio Buffered functions
Sorry folks! I think my question was explicited completely wrong. Suppose a process tries to printf a log message and at the time the process attained to the other end is not ready to read (the processes are connect by mean of a pipe, ex: $ a | b Question: process a's attempt to write will return EAGAIN/EWOULDBLOCK or it would block? I mean, is stdio ready to handle that cases when the standar fd (0,1,2) was opened O_NONBLOCK? Thanks. On 5/25/05, Ted Unangst [EMAIL PROTECTED] wrote: On Wed, 25 May 2005, Gustavo Rios wrote: Would it be irrational to have it block ? yes. -- someone's writing down your mistakes someone's documenting your downfall