bridging and routing on the same box

[Shawn K. Quinn]

This is primarily an informative post for those who will search the
archives later with a similar problem. Constructive comments are
appreciated, however.

My main firewall has three network cards in it, back when I was
anticipating the future need for another network segment (for reasons I
won't go into). I converted the one extra box I did have, into another
OpenBSD box and put two network cards in it, with the idea of bridging
between two of the three cards in the firewall and getting rid of the
current binat rule completely in the long term (a side effect is I get
to use the old 10MBps cards I have for something useful; I know ne cards
are synonymous with cow turds to a lot of people, but the amount of
data I'm moving through them is low enough to mitigate the glaring
flaws).

Until some point in the future, however, I still have one box behind
binat. When first testing this setup, binat to that box didn't work. In
order to get the binat working again, I had to explicitly pass the
external address on the original external interface in pf.conf in order
for it to work properly. Whether this is a quirk, a bug, or a feature of
the bridging code, I'm not sure. (IMO: probably just a quirk, probably
not a bug, possibly a feature.)

And remember, if in doubt about what exactly is going wrong in a pf
ruleset, enable logging on all block rules, and use the information thus
obtained to track down the problem.

-- 
Shawn K. Quinn [EMAIL PROTECTED]

Re: Negotiating a license for Sun Java on OpenBSD?

[Artur Grabowski]

Anon Y. Mous [EMAIL PROTECTED] writes:

 Hi:
 
 
   Has anyone involved with OpenBSD development
 attempted to negotiate a license with Sun for a Java
 binaries usage agreement, (e.g., FreeBSD/Sun
 agreement)?
 
 URL: http://www.freebsd.org/java/

 The FreeBSD Foundation has negotiated a license with
 Sun Microsystems to distribute FreeBSD binaries for
 the Java Runtime Environment (JRE) and Java
 Development Kit (JDK).

Where on http://www.openbsd.org/goals.html did you see Encourage and
promote closed 'standards', insecure, crappy binaries and software
monopolies.?

//art

bgpd and two CARPed routers

[Alexey E. Suslikov]

Hello misc@openbsd.org,

 setup is trivial: two uplinks, two CARPed boxes (three
 interfaces each: 2 x uplinks, 1 x core servers' segment),
 full-feed.

 i know about bgpd's depend-on but this one means hard
 resync due to full-feed.

 is there any correct way to keep two CARPed routers with
 bgpd in sync (means to keep rib/fib tables coherrent)?

 searching archives gives some cloudy hints to setup like

  | peer1  peer2 |
  |  |
  |  |
+-+  +-+
| router1 |--| router2 |
+-+  +-+
  |  |
  |   core segment   |

 looks like router1 feeds peer1 and router2 feeds peer2
 (router1 has higher advskew for peer2 and vice versa).
 core segment is handled in ordinary master/backup way.

 the only question is: how to do routers' interconnection
 to see peer1's feeds on router2 and vice versa?

 if the above is possible, example configs (or clear how-
 to) would be nice. i am in doubt, but i think i need
 iBGP for routers' interconnection

Thanks.

Re: bgpd and two CARPed routers

[Claudio Jeker]

On Mon, Aug 08, 2005 at 12:40:16PM +0300, Alexey E. Suslikov wrote:
 Hello misc@openbsd.org,
 
  setup is trivial: two uplinks, two CARPed boxes (three
  interfaces each: 2 x uplinks, 1 x core servers' segment),
  full-feed.
 
  i know about bgpd's depend-on but this one means hard
  resync due to full-feed.
 
  is there any correct way to keep two CARPed routers with
  bgpd in sync (means to keep rib/fib tables coherrent)?
 

There is now way to transparently switch over bgp sessions form one box to
another without resetting the connection. To keep bgp routers in sync run
a IBGP session between them.

  searching archives gives some cloudy hints to setup like
 
   | peer1  peer2 |
   |  |
   |  |
 +-+  +-+
 | router1 |--| router2 |
 +-+  +-+
   |  |
   |   core segment   |
 
  looks like router1 feeds peer1 and router2 feeds peer2
  (router1 has higher advskew for peer2 and vice versa).
  core segment is handled in ordinary master/backup way.
 
  the only question is: how to do routers' interconnection
  to see peer1's feeds on router2 and vice versa?
 
  if the above is possible, example configs (or clear how-
  to) would be nice. i am in doubt, but i think i need
  iBGP for routers' interconnection
 

If you have two upstreams, configure upstream on on router1 and upstream
to on router2 and run an ibgp session between the two routers.
With this setup one router may die and you still have net (but only via
one upstream provider).
If you have nice upstreams it may be possible to have redundant sessions
(both routers have a feed form both upstreams).
In case of providers that do not give you additional sessions and the need
for better fail over you need to create on carp interface per neighbor.
In your case one for provider1 (carp1) and one for provider2 (carp2).
carp1 defaults to router1 and carp2 defaults to router2.
Now use bgpd depend on so that if one router dies the killed session is
switched over to the backup router.
It is important that both router have a full feed to one upstream
because in case of a failover the other connection gets reset and so all
routes from that session will get lost until the session comes back up on
the other router.

-- 
:wq Claudio

Re: problem with apache

[diego]

yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin


- Original Message - 
From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]

To: diego [EMAIL PROTECTED]
Cc: misc@openbsd.org
Sent: Saturday, August 06, 2005 1:30 PM
Subject: Re: problem with apache



On 8/5/05, diego [EMAIL PROTECTED] wrote:

Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram
and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only
apache for a intranet with 1k users.
I have error

[Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many 
open
files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to 
check

htaccess file, ensure it is readable

I add kern.maxfiles=5 to sysctl.conf and

# Setting used by httpd daemon
www:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=40960:\
:openfiles-max=40960:\
:openfiles=40960:\
:stacksize-cur=500M:\
:localcipher=blowfish,8:\
:tc=default:

to login.conf

but I got the same error.

thanks in advance.


diego.




The only thing I can think of is: are you sure the 'www' user is using
your 'www' class?

--
Gerardo Santana Gsmez Garrido
http://www.openbsd.org.mx/santana/
Entre los individuos, como entre las naciones, el respeto al derecho
ajeno es la paz -Don Benito Juarez

The SLIST_REMOVE_NEXT macro

[Alexander Farber]

- why does it need its first argument (the head), is it just for some
historical reasons?

The only file which seems to use it seems to be /sys/kern/sysv_sem.c

Also I wonder about the grudgingly ok here, why grudgingly?
http://archives.neohapsis.com/archives/openbsd/cvs/2003-12/0398.html

Just curious...
Alex

Re: generel software RAID-Question (IBMx330, raid failed, where to look for errors? )

[Johan P . Lindström]

That's nice to hear, got three of them with adaptec without an excuse
for existence in my hall, I think, perhaps it's time to investigate
that, there might be a use for them after all...

On 8/5/05, Richard Welty [EMAIL PROTECTED] wrote:
 On Fri, 5 Aug 2005 12:43:10 +0200 Johan P. Lindstrvm [EMAIL PROTECTED] 
 wrote:
 
  The IBM e-server x330 usually sports a branded Adaptec SCSI RAID card
  (IBM ServeRAID) and... well google the archives if you haven't been
  following thie list.
 
 um, the onboard controller is an adaptec, but the rebranded scsi raid
 card is generally a mylex in these beasts, not an adaptec.
 
 richard
 --
 Richard Welty [EMAIL PROTECTED]
 Averill Park Networking
Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
  Well, if you're not going to expect unexpected flames,
 what's the point of going anywhere? -- Truckle the Uncivil

Re: problem with apache

[Henning Brauer]

you are mistaken. apache starts as root and drops privileges to 
www:www, that does not mean it inherits the ressource limits from that 
login class.

* diego [EMAIL PROTECTED] [2005-08-08 13:29]:
 yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin
 
 
 - Original Message - 
 From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]
 To: diego [EMAIL PROTECTED]
 Cc: misc@openbsd.org
 Sent: Saturday, August 06, 2005 1:30 PM
 Subject: Re: problem with apache
 
 
 On 8/5/05, diego [EMAIL PROTECTED] wrote:
 Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of ram
 and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only
 apache for a intranet with 1k users.
 I have error
 
 [Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many 
 open
 files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to 
 check
 htaccess file, ensure it is readable
 
 I add kern.maxfiles=5 to sysctl.conf and
 
 # Setting used by httpd daemon
 www:\
 :datasize=infinity:\
 :maxproc=infinity:\
 :openfiles-cur=40960:\
 :openfiles-max=40960:\
 :openfiles=40960:\
 :stacksize-cur=500M:\
 :localcipher=blowfish,8:\
 :tc=default:
 
 to login.conf
 
 but I got the same error.
 
 thanks in advance.
 
 
 diego.
 
 
 
 The only thing I can think of is: are you sure the 'www' user is using
 your 'www' class?
 
 -- 
 Gerardo Santana Gsmez Garrido
 http://www.openbsd.org.mx/santana/
 Entre los individuos, como entre las naciones, el respeto al derecho
 ajeno es la paz -Don Benito Juarez
 

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: login_ldap

[Alexander Farber]

One more problem I have with login_ldap is that after I lock KDE with the blue 
lock-applet (kdesktop_lock), then I can't login anymore. The /var/log/authlog:

Aug  8 13:52:43 blowfish kcheckpass[7059]: Authentication failure for 
afarber (invoked by uid 25323)

I've searched around and one workaround mentioned is to make kcheckpass setuid.
But this is actually the case with the stock 3.7 KDE-package, so this
doesn't help

24 -rwsr-xr-x  1 root  bin  11108 Mar 18 10:55 /usr/local/bin/kcheckpass

Regards
Alex

2005/8/4, Alexander Farber [EMAIL PROTECTED]:
 blowfish# tail /etc/login.conf
 ldap:\
 :auth=-ldap:\
 :x-ldap-server=172.25.93.242:\
 :x-ldap-basedn=o=bonmp.XXX.com:\
 :x-ldap-uscope=subtree:\
 :x-ldap-filter=(uid=%u):
 
 blowfish# /usr/local/libexec/auth/login_-ldap -d afarber ldap
 Password:
 uri = ldap://172.25.93.242:389/
 filter = (uid=afarber)
 search result 0x0
 authorize
 
 Now my problem is, that for every user there needs to be an entry
 in /etc/passwd (is it needed for setting the login class to ldap?).
 And we have 200-300 users at our site (and much more globally).
 
 I wonder, how do the others handle this case of many users?

Re: Negotiating a license for Sun Java on OpenBSD?

[Edd Barrett]

On 08 Aug 2005 10:51:14 +0200, Artur Grabowski [EMAIL PROTECTED] wrote:
 Anon Y. Mous [EMAIL PROTECTED] writes:
 
  Hi:
 
 
Has anyone involved with OpenBSD development
  attempted to negotiate a license with Sun for a Java
  binaries usage agreement, (e.g., FreeBSD/Sun
  agreement)?
 
  URL: http://www.freebsd.org/java/
 
  The FreeBSD Foundation has negotiated a license with
  Sun Microsystems to distribute FreeBSD binaries for
  the Java Runtime Environment (JRE) and Java
  Development Kit (JDK).
 
 Where on http://www.openbsd.org/goals.html did you see Encourage and
 promote closed 'standards', insecure, crappy binaries and software
 monopolies.?
 
 //art
 
 

Hi,

I think it would be a good idea. Even if you had to download an
openbsd package from sun's site.

Best regards

Re: Negotiating a license for Sun Java on OpenBSD?

[Michael W. Lucas]

On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote:
 The FreeBSD guys sold their soul to Sun in a license agreement of
 some sort in order to use Sun's code as a base for their native
 implementation. 

Sorry, not quite.

The FreeBSD-native Java implementation did not require changing any
licenses in the base OS.  Mind you, those poor bastards who donated
their work and code to get Java running natively on FreeBSD may have
sold their souls (or, at least, got badly taken), but that's a
separate issue.

The last time I tried it, the FreeBSD native Java ran fine on OpenBSD
under emulation.  At least it's a step closer than the Linux version.
And, if you feel like donating your limited free time to Sun, the
FreeBSD version is a better starting point than the Linux version.

==ml

-- 
Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.BlackHelicopters.org/~mwlucas/

The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur

Re: Negotiating a license for Sun Java on OpenBSD?

[Alexander Farber]

That is what you do for /ports/devel/jdk/ . So what is your problem? ;-)

2005/8/8, Edd Barrett [EMAIL PROTECTED]:
 I think it would be a good idea. Even if you had to download an
 openbsd package from sun's site.

Re: problem with apache

[diego]

ok, with sysctl -w kern.maxfiles=5 should work?
I tried ulimit -n 512, but give the same error.

thanks.

- Original Message - 
From: Henning Brauer [EMAIL PROTECTED]

To: diego [EMAIL PROTECTED]
Cc: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]; 
misc@openbsd.org

Sent: Monday, August 08, 2005 8:48 AM
Subject: Re: problem with apache



you are mistaken. apache starts as root and drops privileges to
www:www, that does not mean it inherits the ressource limits from that
login class.

* diego [EMAIL PROTECTED] [2005-08-08 13:29]:

yes, www:*:67:67:www:0:0:HTTP Server,,,:/var/www:/sbin/nologin


- Original Message - 
From: Gerardo Santana Gsmez Garrido [EMAIL PROTECTED]

To: diego [EMAIL PROTECTED]
Cc: misc@openbsd.org
Sent: Saturday, August 06, 2005 1:30 PM
Subject: Re: problem with apache


On 8/5/05, diego [EMAIL PROTECTED] wrote:
Hi all, I have a problem with apache, I have a ibm x225 with 2,5gb of 
ram

and xeon 2,67ghz running 3.7-stable with GENERIC kernel, it's run only
apache for a intranet with 1k users.
I have error

[Fri Aug  5 13:21:30 2005] [crit] [client 172.26.219.191] (24)Too many
open
files: /intranet.jgm.gov.ar/htdocs/.htaccess pcfg_openfile: unable to
check
htaccess file, ensure it is readable

I add kern.maxfiles=5 to sysctl.conf and

# Setting used by httpd daemon
www:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=40960:\
:openfiles-max=40960:\
:openfiles=40960:\
:stacksize-cur=500M:\
:localcipher=blowfish,8:\
:tc=default:

to login.conf

but I got the same error.

thanks in advance.


diego.



The only thing I can think of is: are you sure the 'www' user is using
your 'www' class?

-- 
Gerardo Santana Gsmez Garrido

http://www.openbsd.org.mx/santana/
Entre los individuos, como entre las naciones, el respeto al derecho
ajeno es la paz -Don Benito Juarez



--
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: Negotiating a license for Sun Java on OpenBSD?

[Artur Grabowski]

Let's read what I wrote and your response, shall we?

Edd Barrett [EMAIL PROTECTED] writes:

  Encourage and
  promote closed 'standards', insecure, crappy binaries and software
  monopolies.?
 
 I think it would be a good idea.

Maybe you do. Fortunately most of us don't.

//art

Re: ARP Poisoning

[per engelbrecht]

Artur Grabowski wrote:

Miroslav Kubik [EMAIL PROTECTED] writes:



Hello

In our intranet is an attacker who flooding OpenBSD router by ARP requests. 
Due to this we have trouble with internet connection. Is there a way how to 
protect server against ARP poisoning attack?



Excuse me? You have an attacker inside your intranet?

The best way to protect against that kind of attack is a baseball bat.
Or security guards who show the person where the door is and a lawyer
who hands over the lawsuit.

This is a social problem, don't solve it with a technical solution.

//art



messages in /var/log/messages

Aug  6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.249 by 
00:e0:98:be:d3:cd on rl0
Aug  6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.246 by 
00:e0:98:c5:8b:b9 on rl0
Aug  6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.245 by 
00:e0:98:c5:9b:c5 on rl0
Aug  6 23:33:53 host22 /bsd: arp info overwritten for 192.168.1.242 by 
00:e0:98:c5:8b:b9 on rl0

and still continue



S pozdravem / Best Regards
Miroslav Kubik
IT Specialist
Enterprise Server Farms






Have not read all mails in this thread (sorry) but an easy solution to 
this problem is to run 'static-mac' on all int on your switches a.k.a. 
mac-lockdown (require that you can manage your sw and the sw have this 
option). If you can't do that, you're in for a rough ride. If you can or 
can get help to do so, read on.


For mac-lockdown to have max effect, you'll have to have a list of the 
original MAC connected to each int on each sw = you can't trust the 
current arp entries on the sw(s).
The alternative is to extract the arp entries from the sw and use it to 
do the lockdown. If you allready have the fake MAC, then use the same 
table to find the int where the box is connected to. Downside to this 
approach is that you might lock a fake MAC to the int it is connected 
to, but don't worry, you can correct this later.
Most (but not all) arp-cache-poisoning is done with a home-made script 
or tool e.g. 'angst' and is trickered as a cronjob and then followed by 
whatever the attacker will run with his/her new temporary 'identity'. 
This automation can be to your advantage. This first time a MAC is 
changed on a end-node after your've made the lockdown, the box will be 
blocked from the network. This is irreverseable and will be written to 
the security-log on the sw with date, int, MAC and so on and if the box 
is accessed remotely then the hunting is over. If the attacker is 
sitting in front of the box the MAC can be reversed, but it will not 
help the poor suckers kneecaps when you kick down the door with a 
slegdehammer in your hands. Happy hunting.


P.S. arp entries don't live forever in the arp-table. When you hunt 
attackeres like this, move fast.


/per
[EMAIL PROTECTED]

Re: Negotiating a license for Sun Java on OpenBSD?

[Kurt Miller]

From: Michael W. Lucas [EMAIL PROTECTED]

On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote:

The FreeBSD guys sold their soul to Sun in a license agreement of
some sort in order to use Sun's code as a base for their native
implementation. 


Sorry, not quite.

The FreeBSD-native Java implementation did not require changing any
licenses in the base OS.  Mind you, those poor bastards who donated
their work and code to get Java running natively on FreeBSD may have
sold their souls (or, at least, got badly taken), but that's a
separate issue.


I have spent considerable time getting Java working on OpenBSD. How I
choose to spend my time is my choice. I've nethier sold my soul or have
been badly taken. Piss off!


The last time I tried it, the FreeBSD native Java ran fine on OpenBSD
under emulation.  At least it's a step closer than the Linux version.
And, if you feel like donating your limited free time to Sun, the
FreeBSD version is a better starting point than the Linux version.


Stop spreading FUD. At least take a sec and look in 
/usr/ports/devel/jdk before posting this crap. 

-Kurt.  

Re: Negotiating a license for Sun Java on OpenBSD?

[Kurt Miller]

From: Anon Y. Mous [EMAIL PROTECTED]

Hi:


 Has anyone involved with OpenBSD development
attempted to negotiate a license with Sun for a Java
binaries usage agreement, (e.g., FreeBSD/Sun
agreement)?


As stated several times in this thread, the type of license
that FreeBSD has with Sun goes against the projects goals.
We will not be distributing jdk binary packages without a
policy change from Sun. We do however have ports of Sun's
jdk's that work and people can build their own packages
rather easily. look in /usr/ports/devel/jdk.


URL: http://www.freebsd.org/java/

The FreeBSD Foundation has negotiated a license with
Sun Microsystems to distribute FreeBSD binaries for
the Java Runtime Environment (JRE) and Java
Development Kit (JDK).

-minsai
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Re: Negotiating a license for Sun Java on OpenBSD?

[Michael W. Lucas]

On Mon, Aug 08, 2005 at 10:05:38AM -0400, Kurt Miller wrote:
 From: Michael W. Lucas [EMAIL PROTECTED]
 On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote:
 The FreeBSD guys sold their soul to Sun in a license agreement of
 some sort in order to use Sun's code as a base for their native
 implementation. 
 
 Sorry, not quite.
 
 The FreeBSD-native Java implementation did not require changing any
 licenses in the base OS.  Mind you, those poor bastards who donated
 their work and code to get Java running natively on FreeBSD may have
 sold their souls (or, at least, got badly taken), but that's a
 separate issue.
 
 I have spent considerable time getting Java working on OpenBSD. How I
 choose to spend my time is my choice. I've nethier sold my soul or have
 been badly taken. Piss off!
 
 The last time I tried it, the FreeBSD native Java ran fine on OpenBSD
 under emulation.  At least it's a step closer than the Linux version.
 And, if you feel like donating your limited free time to Sun, the
 FreeBSD version is a better starting point than the Linux version.
 
 Stop spreading FUD. At least take a sec and look in 
 /usr/ports/devel/jdk before posting this crap. 

Kurt,

Really, no disparagement was meant of your efforts.  My apologies for
any offense.

I can't see spending my time working on Sun's code, but that's your
choice, and if it works for you more power to you.

==ml

-- 
Michael W. Lucas[EMAIL PROTECTED], [EMAIL PROTECTED]
http://www.BlackHelicopters.org/~mwlucas/

The cloak of anonymity protects me from the nuisance of caring. -Non Sequitur

http manual pages ...

[Wild Karl-Heinz]

From time to time, I'm running
cvsup, I can see that apache manual pages
will be deleted. Does this mean that
the functionality of apache under openbsd
changes also?

regards
Karl-Heinz

clamav problem

[Cristian Del Carlo]

Hi list,
i am running obsd 3.7 ( with generic kernel and the security patch)  and clamav 
0.86.2 that i have installed from ports.
If i have a mail with a file zip  clamv crash.
If I  use clamav without the scanarchive option  enable it works correctly.
Do you know where is the problem?
 

Cristian Del Carlo

Re: Negotiating a license for Sun Java on OpenBSD?

[Kurt Miller]

From: Michael W. Lucas [EMAIL PROTECTED]

On Mon, Aug 08, 2005 at 10:05:38AM -0400, Kurt Miller wrote:

From: Michael W. Lucas [EMAIL PROTECTED]
On Sat, Aug 06, 2005 at 01:12:24PM -0700, J.C. Roberts wrote:
The FreeBSD guys sold their soul to Sun in a license agreement of
some sort in order to use Sun's code as a base for their native
implementation. 


Sorry, not quite.

The FreeBSD-native Java implementation did not require changing any
licenses in the base OS.  Mind you, those poor bastards who donated
their work and code to get Java running natively on FreeBSD may have
sold their souls (or, at least, got badly taken), but that's a
separate issue.

I have spent considerable time getting Java working on OpenBSD. How I
choose to spend my time is my choice. I've nethier sold my soul or have
been badly taken. Piss off!

The last time I tried it, the FreeBSD native Java ran fine on OpenBSD
under emulation.  At least it's a step closer than the Linux version.
And, if you feel like donating your limited free time to Sun, the
FreeBSD version is a better starting point than the Linux version.

Stop spreading FUD. At least take a sec and look in 
/usr/ports/devel/jdk before posting this crap. 


Kurt,

Really, no disparagement was meant of your efforts.  My apologies for
any offense.

I can't see spending my time working on Sun's code, but that's your
choice, and if it works for you more power to you.


Thanks for the apology. Your post struck a nerve and my frustration
with the amount of misinformation in this thread came out. Few people
really understand the Java - *BSD licensing issues. For what seems
like ideological licensing preferences, people like to make noise and
otherwise spout off.

I choose to work on Java on OpenBSD because it was challenging and
it represented the convergence of two of my interests. Do I like the licensing
situation? No, but that didn't stop me from having fun, learning a lot and
getting it work.

So let us all move on and let this thread die already. :-)

-Kurt

Re: Negotiating a license for Sun Java on OpenBSD?

[Shawn K. Quinn]

On Mon, 2005-08-08 at 10:23 -0400, Michael W. Lucas wrote:
 I can't see spending my time working on Sun's code, but that's your
 choice, and if it works for you more power to you.

You know, for every Kurt, there have to be several hundred people
(OpenBSD users or otherwise) who say if I wanted to deal with Sun every
day, I'd run Solaris instead and frankly, I don't blame them. Every
attempt to use Java here has caused more problems than it has solved;
it's simply a resource pig. I'm sure it runs great on the fully loaded
sparc64 boxen that Sun salesweasels are pimping for
$UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money.

I can't wait until Kaffe is usable as a JVM, as I suspect it won't have
the same problems that Sun has put into its reference Java
implementation. Until then, I've decided simply to avoid using Java
applications as much as possible.

-- 
Shawn K. Quinn [EMAIL PROTECTED]

Re: Negotiating a license for Sun Java on OpenBSD?

[Brandon Mercer]

Shawn K. Quinn wrote:

On Mon, 2005-08-08 at 10:23 -0400, Michael W. Lucas wrote:
  

I can't see spending my time working on Sun's code, but that's your
choice, and if it works for you more power to you.



You know, for every Kurt, there have to be several hundred people
(OpenBSD users or otherwise) who say if I wanted to deal with Sun every
day, I'd run Solaris instead and frankly, I don't blame them. Every
  

That sounds completely stupid to me.  Solaris is a horrible operating
system with too many holes and problems to mention.  There are other
options that I would choose first. 

attempt to use Java here has caused more problems than it has solved;
it's simply a resource pig. I'm sure it runs great on the fully loaded
sparc64 boxen that Sun salesweasels are pimping for
$UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money.
  

Sun hardware is not that expensive anymore.  You need to price some
equipment comperable to what is out there now in the 64bit hardware
range.  Please don't spout off without having a solid understanding of
what you're talking about. 

I can't wait until Kaffe is usable as a JVM, as I suspect it won't have
the same problems that Sun has put into its reference Java
implementation. Until then, I've decided simply to avoid using Java
applications as much as possible.
  

You'll be waiting a considerable amount of time.  Avoiding using java is
like trying to ignore the pink elephant in the room until you have a gun
big enough to shoot it.  :-)  If you have java applications that you
need to run, run them. 
Brandon

Re: Negotiating a license for Sun Java on OpenBSD?

[Henning Brauer]

* Shawn K. Quinn [EMAIL PROTECTED] [2005-08-08 17:18]:
 You know, for every Kurt, there have to be several hundred people
 (OpenBSD users or otherwise) who say if I wanted to deal with Sun every
 day, I'd run Solaris instead and frankly, I don't blame them. Every
 attempt to use Java here has caused more problems than it has solved;
 it's simply a resource pig. I'm sure it runs great on the fully loaded
 sparc64 boxen that Sun salesweasels are pimping for
 $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money.

and, guess what, we run pretty big application servers for our 
customers on OpenBSD on commodity i386 hardware these days, at price 
tags for the whole installation where you don't even get a spare CPU
from sun. the biggest single reason for why this works out today is 
kurt's work.

the linux boxes we tried before crashed badly under that load.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: http manual pages ...

[Henning Brauer]

* Wild Karl-Heinz [EMAIL PROTECTED] [2005-08-08 17:11]:
 From time to time, I'm running
 cvsup, I can see that apache manual pages
 will be deleted. Does this mean that
 the functionality of apache under openbsd
 changes also?

no, the apache docs are currently cleaned up, including deletion of 
unrelated crap and the (out of date anyway) translations.

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

Re: Install Woes (3.7/sparc) - Spontaneous crashes

[John Broome]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

J.C. Roberts wrote:
 On Sun, 7 Aug 2005 15:18:40 -0400, Jim Fron
 [EMAIL PROTECTED] wrote:
 
 
On Aug 7, 2005, at 2:46 PM, J.C. Roberts wrote:


Floppy drives and diskettes are notorious for failing in very strange
and unusual ways. Check out the mild but insightful message from Art
on tech@ if you want to know the general consensus on floppies.

That's good to know.  Unfortunately, most of my machines (mac) don't  
have serial ports.  
 
 
 At times I wonder if Apple not supporting serial is smart or dumb but
 I never seem to come to a conclusion...
 
 A USB to serial device may do the trick but personally, I've never
 tried it.

I've used the iogear usb  serial adapter with my powerbook, a
sparcstation 5, minicom from darwinports and a null modem cable and it
worked fine.
iD8DBQFC94IglH10NsAbJ7ERAtT6AJ9ybLXdLe9ee6xFqBE6m6bFngsazgCdG04B
3bY14tyU2IbM29IbMWS0Nt4=
=/HXo
-END PGP SIGNATURE-

Re: Negotiating a license for Sun Java on OpenBSD?

[J.C. Roberts]

On Mon, 08 Aug 2005 11:02:47 -0400, Kurt Miller [EMAIL PROTECTED]
wrote:

 Kurt,
 
 Really, no disparagement was meant of your efforts.  My apologies for
 any offense.
 
 I can't see spending my time working on Sun's code, but that's your
 choice, and if it works for you more power to you.

Thanks for the apology. Your post struck a nerve and my frustration
with the amount of misinformation in this thread came out. Few people
really understand the Java - *BSD licensing issues. For what seems
like ideological licensing preferences, people like to make noise and
otherwise spout off.

Kurt,

If your statement was directed, in part, to my posts in the thread,
please realize I was just trying the accurately answer the questions
put to the list. If I got things wrong, made noise and posted
misinformation, I would really like to know *what* I got wrong?

With all your work on the java ports, you're one of the few people in
a position to know all the torrid details of java-*bsd licensing, so
please kick the knowledge downstairs to the unwashed. ;-)

JCR

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Negotiating a license for Sun Java on OpenBSD?

[Edd Barrett]

 You know, for every Kurt, there have to be several hundred people
 (OpenBSD users or otherwise) who say if I wanted to deal with Sun every
 day, I'd run Solaris instead and frankly, I don't blame them. Every
 attempt to use Java here has caused more problems than it has solved;
 it's simply a resource pig. I'm sure it runs great on the fully loaded
 sparc64 boxen that Sun salesweasels are pimping for
 $UNGODLY_AMOUNT_OF_CASH; sorry, but I don't have that kind of money.

Suns newest ultra 20 x64 workstation retails at under #1000.

Not as expensive as they once were.

Regards

Re: login_ldap

[Antoine Jacoutot]

Alexander Farber wrote:
One more problem I have with login_ldap is that after I lock KDE with the blue 
lock-applet (kdesktop_lock), then I can't login anymore. The /var/log/authlog:


Aug  8 13:52:43 blowfish kcheckpass[7059]: Authentication failure for 
afarber (invoked by uid 25323)


My users under kerberos have the same problem. The thing is that KDE 
does not support bsd_auth.


Antoine

hardware issues on sparc64

[Bob Ababurko]

hello-

I am trying to load 3.5 sparc64 on an Ultra2.  After booting from the CD 
I get an error message that says( i think) it cannot find the cd-drive 
or file on the CD.  That makes little sense since I see it start to boot 
the CD.  Is this a bad burn?  I know the disc worksused it many 
times.  Degraded?


Any ideas on the error?


ok boot cdrom
Boot device: /sbus/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f  File and args: 
kernel/sparcv9/un

ix
OpenBSD IEEE 1275 Bootblock 1.1
.. OpenBSD 3.5 (obj) #0: Mon Mar 29 12:00:16 MST 2004
[EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj
open /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f/kernel/sparcv9/unix: No such 
file or

 directory

thanks,
Bob

authpf doesn't seem to be creating user_ip

[Ray Percival]

I have the following pf.conf and authpf.rules. When I try to load the rules 
into the anchor I get 

authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules
/etc/authpf/authpf.rules:3: macro 'user_ip' not defined
/etc/authpf/authpf.rules:3: syntax error
pfctl: Syntax error in config file: pf rules not loaded

From reading the man page and the FAQ I think I have everything right. But 
clearly I need to do somehting else to get user_ip to work. Wasn't able to 
find anything in the archives. Any ideas, please?


authpfbob# cat /etc/pf.conf
#   $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.

ext_if=xl1
int_if=xl0

#table spamd persist
#table spamd-white persist
table authpf_users persist

scrub in

#nat on $ext_if from !($ext_if) - ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp - 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from spamd to port smtp \
#   - 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
#   - 127.0.0.1 port spamd

block in all
#pass out keep state

#pass quick on { lo $int_if }
#antispoof quick for { lo $int_if }

pass in on $int_if proto tcp to ($int_if) port ssh keep state
#pass in on $ext_if proto tcp to ($ext_if) port  49151 user proxy keep state
#pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state
#pass out log on $ext_if proto tcp from ($ext_if) to port smtp keep state

anchor authpf/*
load anchor authpf from /etc/authpf/authpf.rules
authpfbob# cat /etc/authpf/authpf.rules
int_if = xl0

pass in quick on $int_if proto tcp from $user_ip to any keep state
-- 
BOFH excuse #50:

Change in Earth's rotational speed

Re: Install Woes (3.7/sparc) - Spontaneous crashes

[Kevin]

John Broome writes:
 I've used the iogear usb  serial adapter with my powerbook,
 a sparcstation 5, minicom from darwinports and a null modem
 cable and it worked fine.

One drawback to the IOGEAR is that (at least with the OSX driver),
the serial dongle cannot transmit a break (STOP+A).

I like to keep a couple of Sun Type 5 keyboards around, if only to
be able to send a STOP+N when the PROM gets into a FUBAR state.


Jim Fron writes:
Probably.  Well, one crap keyspan USB/serial device and one,
 possibly now two crap SS20's has taught me a lesson:
 for the money, it may be better to go out and but a cheap sh*t
 Wal-Mart PC instead of buying good hardware off eBay.

A valuable (if expensive) lesson.  Personally, I'd take a *good* SS20
over a consumer grade desktop PC, but would strongly recommend
a more modern server grade Sparc over either of the cheap options,
something like a Netra T1/105 (from eBay) or even a V100 ($1K new).


Kevin Kadow

OpenBGPd crash on various filter rules...

[David Ulevitch]

Misc,

I am running OpenBGPd on a couple routers.  On my production systems  
I am using the most basic bgpd.conf with all the default RFC1918  
deny's and nothing more complex than that.  Testing some more complex  
filters on another router causes openbgpd to crash on reload.


All rules pass: /usr/sbin/bgpd -n

Here is one such rule:
# prepend TWTC AS4323 twice to all incoming UPDATEs from peer.
match from group TWTC set prepend-neighbor 2

I've only tested attribute setting using MATCH filters however I've  
caused crashes with more than just prepend-neighbor.  Also prepend- 
self and weight.


rtr1:~bgpctl reload
Aug  8 15:12:36 rtr1 bgpd[14014]: Lost child: route decision engine  
terminated; signal 11
Aug  8 15:12:36 rtr1 bgpd[14014]: Lost child: route decision engine  
terminated; signal 11
Aug  8 15:12:36 rtr1 bgpd[23683]: fatal in SE: session_dispatch_imsg:  
pipe closed: Operation now in progress
Aug  8 15:12:36 rtr1 bgpd[23683]: fatal in SE: session_dispatch_imsg:  
pipe closed: Operation now in progress

rtr1:~bgpctl s s
bgpctl: connect: /var/run/bgpd.sock: No such file or directory
rtr1:~uname -a
OpenBSD rtr1 3.7 GENERIC#50 i386
rtr1:~rdate time.nist.gov  date
Mon Aug  8 15:18:37 EDT 2005
Mon Aug  8 15:18:37 EDT 2005

What information can I provide to help debug this?

Thanks,
David

You've received a greeting from a family member!

[postcards1001]

You have just received a virtual greeting from a family member!

 

You can pick up your postcard at the following web address:

http://www.postcards1001.com/?a91-valets-cloud-187

 

If you can't click on the web address above, you can also
visit E-Greetings at http://www.postcards1001.com/
and enter your pickup code, which is: a91-valets-cloud-187

 

(Your postcard will be available for 60 days.)

 

Oh -- and if you'd like to reply with a postcard,
you can do so by visiting this web address:
http://www.postcards1001.com/
(Or you can simply click the reply to this postcard
button beneath your postcard!)

 

We hope you enjoy your postcard, and if you do,
please take a moment to send a few yourself!

 

Regards,
1001 Greetings and Postcards
http://www.postcards1001.com/

A problem internal to GDB has been detected

[Reitenbach Sebastian]

Hi,

I am trying to debug an objc binary with gdb but unfortunately it
ends up with the following error:
$ gdb ogo-webui-1.1 
GNU gdb 6.3 
Copyright 2004 Free Software Foundation, Inc. 
GDB is free software, covered by the GNU General Public License, and you are 
welcome to change it and/or distribute copies of it under certain conditions. 
Type show copying to see the conditions. 
There is absolutely no warranty for GDB.  Type show warranty for details. 
This GDB was configured as i386-unknown-openbsd3.7... 
(gdb) run -WOUseWatchDog NO 
Starting program: /usr/local/sbin/ogo-webui-1.1 -WOUseWatchDog NO 
/usr/src/gnu/usr.bin/binutils/gdb/utils.c:1007: internal-error: virtual memory 
exhausted: can't allocate 1073960 bytes. 
A problem internal to GDB has been detected, 
further debugging may prove unreliable. 
Quit this debugging session? (y or n) y 
 
/usr/src/gnu/usr.bin/binutils/gdb/utils.c:1007: internal-error: virtual memory 
exhausted: can't allocate 1073960 bytes. 
A problem internal to GDB has been detected, 
further debugging may prove unreliable. 
Create a core file of GDB? (y or n) y 
Abort trap (core dumped) 

in the GNUstep HOWTO it states that I need at least gdb 6 to debug 
objc binaries.

anybody knows my problem?

kind regards
sebastian

gcc 2.95.3 to 3.3.5: compile errors

[dick]

greetz,

me and a C++ programmer i know have a C++ program that would
compile cleanly and run when using gcc 2.95.3 (from openbsd
3.6-release), but now that i've upgraded to 3.7-release, which
uses gcc 3.3.5, he gets errors on compilation. since neither
of us are very familiar with the details of upgrades in gcc
(he codes on M$ visual studio at work), i would appreciate
either direct suggestions on the errors i list below or a more
general plan for what to do to quickly resolve syntax errors
upon upgrade of gcc.

here are the errors:

$ g++ -c agent.cpp
In file included from array.h:10,
 from inputdata.h:13,
 from agent.h:10,
 from agent.cpp:9:
In file included from inputdata.h:13,
 from agent.h:10,
 from agent.cpp:9:
array.h: At global scope:
array.h:32: error: invalid data member initialization
array.h:32: error: (use `=' to initialize static data members)
array.h:32: error: variable or field `out' declared void
array.h:152: error: variable or field `out' declared void
array.h:152: error: `ArrayT::out' declared as an `inline'
variable
array.h:152: error: `int ArrayT::out' is not a static member
of `class
   ArrayT'
array.h:152: error: template definition of non-template `int
ArrayT::out'
array.h:152: error: syntax error before `{' token
In file included from inputdata.h:13,
 from agent.h:10,
 from agent.cpp:9:
array.h:7:1: unterminated #ifndef
In file included from agent.h:10,
 from agent.cpp:9:
inputdata.h:7:1: unterminated #ifndef
In file included from agent.cpp:9:
agent.h:7:1: unterminated #ifndef
*** Error code 1

and here are the lines of code where the errors occur (lines
32 and 152 from array.h):

32:  void   out  (ostream os) const;
152: inline void Array T::out (ostream os) const

if what i'm asking for is easily found in docs, i would
greatly appreciate a redirect modulo excessive flame. the
redirect need not be unique, as excessive flame is certainly
not prime.

cheers,
jake

Re: OpenBGPd crash on various filter rules...

[Claudio Jeker]

On Mon, Aug 08, 2005 at 12:20:43PM -0700, David Ulevitch wrote:
 Misc,
 
 I am running OpenBGPd on a couple routers.  On my production systems  
 I am using the most basic bgpd.conf with all the default RFC1918  
 deny's and nothing more complex than that.  Testing some more complex  
 filters on another router causes openbgpd to crash on reload.
 
 All rules pass: /usr/sbin/bgpd -n
 
 Here is one such rule:
 # prepend TWTC AS4323 twice to all incoming UPDATEs from peer.
 match from group TWTC set prepend-neighbor 2
 
 I've only tested attribute setting using MATCH filters however I've  
 caused crashes with more than just prepend-neighbor.  Also prepend- 
 self and weight.
 

Please send me a pre and post config that results in the crash.

-- 
:wq Claudio

Re: authpf doesn't seem to be creating user_ip

[Ray Percival]

On Mon, Aug 08, 2005 at 01:14:52PM -0600, Bob Beck wrote:
 * Ray Percival [EMAIL PROTECTED] [2005-08-08 12:17]:
  I have the following pf.conf and authpf.rules. When I try to load the
rules into the anchor I get
 
  authpfbob# pfctl -a authpf -f /etc/authpf/authpf.rules
  /etc/authpf/authpf.rules:3: macro 'user_ip' not defined
  /etc/authpf/authpf.rules:3: syntax error
  pfctl: Syntax error in config file: pf rules not loaded
 

   I wouldn't expect loading that ruleset with pfctl to work that way.
 authpf adds the macro definition when it loads it. you can't expect to
 just run pfctl on that file and have it load correctly, unless you
 add a user_ip definition at the top of it (which should *NOT* be there
 when using authpf.)
That was it. I got a bit confused between having a state problem that got
sorted and reading trhe authpf and the more general anchor doc. Thanks for the
pointer.

   Your pf.conf you attached looks, well, strange, you shouldn't
 be loading anchor authpf from anywhere. authpf does that.

   Try the examples as in the man page and verify you can
 make those work as expected first.

   -Bob


--
BOFH excuse #340:

Well fix that in the next (upgrade, update, patch release, service pack).

[demime 1.01d removed an attachment of type application/pgp-signature]

TCP ECN Query

[Rebx_99]

Hi,

I just noticed that ECN (net.inet.tcp.ecn) and RFC 3390
(net.inet.tcp.rfc3390) are disabled by default. Any special reason for this?


Peace,

rebx_99

SCSI enclosure + disks wanted

[Theo de Raadt]

We are looking for a SCSI RAID enclosure + at least a few disks, for
testing/development purposes, in Toronto.  This is to make the raid
management stuff work better.  A few of us are working on the code,
but we would like the main scsi guys in Toronto to play along too.

The stuff is making process; here is a demo of a small part part of
it:

# bioctl -h ami0 
Volume  Status Size   Device  
 ami0 0 Online   341G sd0  RAID5
  0 Online  68.4G 0:0.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  1 Online  68.4G 0:2.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  2 Online  68.4G 0:4.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  3 Online  68.4G 0:8.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  4 Online  68.4G 1:10.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  5 Online  68.4G 1:12.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
 ami0 1 Online   341G sd1  RAID5
  0 Online  68.4G 0:1.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  1 Online  68.4G 0:3.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  2 Online  68.4G 0:5.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  3 Online  68.4G 1:9.0   ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  4 Online  68.4G 1:11.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  5 Online  68.4G 1:13.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6

This shows that userland knows which controllers are tied to which
system disks, which drives are backing it, and which ses/safte devices
are managing the those drive in the enclosure.

So, if someone has one to give or loan on a semi-permanent basis,
please let me know.

Thanks.

Re: SCSI enclosure + disks wanted

[J.C. Roberts]

On Mon, 08 Aug 2005 14:30:57 -0600, Theo de Raadt
[EMAIL PROTECTED] wrote:

We are looking for a SCSI RAID enclosure + at least a few disks, for
testing/development purposes, in Toronto.  This is to make the raid
management stuff work better.  A few of us are working on the code,
but we would like the main scsi guys in Toronto to play along too.

The stuff is making process; here is a demo of a small part part of
it:

# bioctl -h ami0 
Volume  Status Size   Device  
 ami0 0 Online   341G sd0  RAID5
  0 Online  68.4G 0:0.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  1 Online  68.4G 0:2.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  2 Online  68.4G 0:4.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  3 Online  68.4G 0:8.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  4 Online  68.4G 1:10.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  5 Online  68.4G 1:12.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
 ami0 1 Online   341G sd1  RAID5
  0 Online  68.4G 0:1.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  1 Online  68.4G 0:3.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  2 Online  68.4G 0:5.0   ses0   MAXTOR  ATLAS15K2_73SCA JNZ6
  3 Online  68.4G 1:9.0   ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  4 Online  68.4G 1:11.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6
  5 Online  68.4G 1:13.0  ses1   MAXTOR  ATLAS15K2_73SCA JNZ6

This shows that userland knows which controllers are tied to which
system disks, which drives are backing it, and which ses/safte devices
are managing the those drive in the enclosure.

So, if someone has one to give or loan on a semi-permanent basis,
please let me know.

Thanks.

Is this for mainly testing or is actually planed for real usage?

I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic
rackmount enclosures... -By todays' standards 8x9GB is not a lot of
room, and ultra2 is not exactly fast but it *might* be useful for
testing code?

JCR

--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: SCSI enclosure + disks wanted

[Theo de Raadt]

 Is this for mainly testing or is actually planed for real usage?

It is for testing and development.

 I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic
 rackmount enclosures... -By todays' standards 8x9GB is not a lot of
 room, and ultra2 is not exactly fast but it *might* be useful for
 testing code?

It would be fine.  If you are willing to ship, contact [EMAIL PROTECTED]
about it.

ccd troubles

[James Boothe]

I'm having a bit of trouble with ccd. I have a box with 2 80G IDE
drives and 1 200G IDE drive. I'm going by the FAQ step for step
here but after the ccd is configured and I get ready to run
disklabel -E ccd0 it only sees the first frive. I've redone it 6 or
7 times, and switched the drive order in ccd.conf. I've tried
taking each drive out one at a time and doing it with the other two
drives but it always ends up the same. I'm hoping somebody can
help me out here. Hre's what I have in ccd.conf

ccd016  none/dev/wd2a /dev/wd1a /dev/wd0h

wd2a is the 200G drive with one big empty partition
wd1a is one of the 80G drives with one big empty partition
wd0h is 78G, the other 2 went to the OS

Any help or ideas would be appreciated. If there is any relevent
information I left out let me know.

LSI Logic 53C1030 on DL145-G2 not working

[bofh]

Hi,

I have a HP DL145-G2. The SCSI card that comes with is supposed to be
supported by the mpt driver - the LSI Logic 53c1030 Fusion. It's not.

I also bought a MegaRAID 320-2X which I thought was supposed to be supported
by the ami driver, it's not. The MegaRaid has the latest bios, H429 build
Feb04, 2005.

Tested under both i386 and amd64 (both 3.7 and -current on Aug 2, 2005).

Anything that can be jiggled or twigged to make them work? Thanx in advance
for your kind help.

Btw, what's a hardware RAID card (PCI-X) that is currently on the market
that is supported? I've already gotten two strikes even going with what's
supported by /amd64.html and /i386.html, so, if anyone has any
recommendation, I'd really appreciate it.

-Tai

lspci -v and dmesg from the install disk follows:

-8
82:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 02)
Subsystem: LSI Logic / Symbios Logic MegaRAID 532 SCSI 320-2X RAID
Controller
Flags: bus master, stepping, 66Mhz, medium devsel, latency 64, IRQ 225
Memory at d860 (32-bit, prefetchable) [size=64K]
Memory at d810 (32-bit, non-prefetchable) [size=512K]
Capabilities: [c0] Power Management version 2
Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable-
Capabilities: [e0] PCI-X non-bridge device.

87:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X
Fusion-MPT Dual Ultra320 SCSI (rev 07)
Subsystem: Compaq Computer Corporation: Unknown device 00f4
Flags: bus master, 66Mhz, medium devsel, latency 128, IRQ 233
I/O ports at 2000 [size=256]
Memory at d822 (64-bit, non-prefetchable) [size=128K]
Memory at d820 (64-bit, non-prefetchable) [size=128K]
Capabilities: [50] Power Management version 2
Capabilities: [58] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable-
Capabilities: [68] PCI-X non-bridge device.

8---
 OpenBSD/i386 BOOT 2.06
boot
booting fd0a:/bsd: 4302596+825452=0x4e40b8
entry point at 0x100120*

WARNING: CAN'T ALLOCATE RAM (5000-c000) FROM IOMEM EXTENT MAP!
uvm_page_physload: unable to load physical memory segment
4 segments allocated, ignoring 0x1000 - 0xbfffc
increase VM_PHYSSEG_MAX
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org

OpenBSD 3.7 (RAMDISK_CD) #573: Sun Mar 20 00:27:05 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: AMD Opteron(tm) Processor 252 (AuthenticAMD 686-class) 2.62 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,MMX,FXSR,SSE,SSE2,PNI
real mem = 2146107392 (2095808K)
avail mem = 2772189184 (2707216K)
using 4278 buffers containing 280363008 bytes (273792K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(fc) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd5f0
pcibios0 at bios0: rev 2.1 @ 0xfd5f0/0xa10
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/288 (16 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0051
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0xd400 0xcd800/0x1000 0xce800/0x1600 0xd/0x1600
0xd
1800/0x2200 0xd4000/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
vendor Nvidia, unknown product 0x005e (class memory subclass
miscellaneous, re
v 0xa3) at pci0 dev 0 function 0 not configured
pcib0 at pci0 dev 1 function 0 vendor Nvidia, unknown product 0x0051 rev
0xa3
vendor Nvidia, unknown product 0x0052 (class serial bus subclass SMBus,
rev 0x
a2) at pci0 dev 1 function 1 not configured
ohci0 at pci0 dev 2 function 0 vendor Nvidia, unknown product 0x005a rev
0xa2:
irq 10, version 1.0, legacy support
ohci0: SMM does not respond, resetting
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 2 function 1 vendor Nvidia, unknown product 0x005b rev
0xa3:
irq 11
ehci0: timed out waiting for BIOS
ehci0: EHCI version 1.0
ehci0: companion controller, 4 ports each: ohci0
usb1 at ehci0: USB revision 2.0
uhub1 at usb1
uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub1: single transaction translator
uhub1: 4 ports with 4 removable, self powered
pciide0 at pci0 dev 6 function 0 vendor Nvidia, unknown product 0x0053 rev
0xa
2: DMA (unsupported), channel 0 configured to compatibility, channel 1
configure
d to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 9.9A SCSI0 5/cdrom removable
pciide0: channel 1 ignored (not responding; disabled or no drives?)
pciide1 at pci0 dev 8 function 0 vendor Nvidia, unknown product 0x0055 rev
0xa
3: DMA (unsupported), channel 0 wired to native-PCI, channel 1 wired to
native-P
CI
pciide1: using irq 10 for native-PCI interrupt
pciide1: channel 0 ignored (not 

php-xslt-4.3.11 symbols

[James Reynolds]

Hi

I'm trying to run a fairly simple php xslt script. When i try to run from a 
browser or the command line i get the following :

PHP Fatal error:  Call to undefined function:  xslt_set_encoding() 
in /var/www/htdocs/recipes.php on line 5

running nm -g /var/www/lib/php/modules/xslt.so i don't find 
xslt_set_encoding() ? Any directions on what to do what be fine and 
appreciated.


nm -g /var/www/lib/php/modules/xslt.so 

 ? SablotAddArgBuffer
 ? SablotAddParam
 ? SablotCreateProcessorForSituation
 ? SablotCreateSituation
 ? SablotDestroyProcessor
 ? SablotDestroySituation
 ? SablotFree
 ? SablotGetResultArg
 ? SablotRegHandler
 ? SablotRunProcessorGen
 ? SablotSetBase
 ? SablotSetBaseForScheme
 ? SablotSetOptions
 ? SablotUnregHandler
200018c8 A _DYNAMIC
20002990 A _GLOBAL_OFFSET_TABLE_
20003abc A __bss_start
 U __errno
20002abc D __got_end
20002990 D __got_start
 U __guard
 U __stack_smash_handler
5334 T __udivdi3
5454 T __umoddi3
 U _array_init
 U _convert_to_string
 U _ecalloc
20003abc A _edata
 U _efree
 U _emalloc
20003ac0 A _end
 U _estrdup
 U _estrndup
5610 T _fini
17b0 T _init
 U _zend_list_addref
 U _zend_list_delete
 U _zval_copy_ctor
 U _zval_ptr_dtor
 U add_assoc_string_ex
 U add_assoc_stringl_ex
 U call_user_function_ex
 U close
 U convert_to_long
 U executor_globals
2214 T get_module
 F libgcc2.c
 F libgcc2.c
 U open
 U php_error_docref0
 U php_info_print_table_end
 U php_info_print_table_row
 U php_info_print_table_start
 U php_sprintf
 F sablot.c
 U spprintf
 U strcasecmp
 U strchr
 U strcmp
 U strerror
 U strlcpy
 U strncasecmp
 U write
 F xslt.c
2144 T xslt_call_function
1cc8 T xslt_debug
20dc T xslt_free_arguments
1f84 T xslt_free_array
20001760 D xslt_functions
1d3c T xslt_make_array
20001820 D xslt_module_entry
1fd0 T xslt_parse_arguments
 U zend_error
 U zend_fetch_resource
 U zend_get_executed_filename
 U zend_get_parameters_ex
 U zend_hash_get_current_data_ex
 U zend_hash_get_current_key_ex
 U zend_hash_index_find
 U zend_hash_internal_pointer_reset_ex
 U zend_hash_move_forward_ex
 U zend_hash_num_elements
 U zend_parse_parameters
 U zend_register_list_destructors_ex
 U zend_register_long_constant
 U zend_register_resource
 U zend_wrong_param_count
363c T zif_xslt_backend_info
35f4 T zif_xslt_backend_name
35ac T zif_xslt_backend_version
2368 T zif_xslt_create
3230 T zif_xslt_errno
32ac T zif_xslt_error
3354 T zif_xslt_free
2db0 T zif_xslt_process
2b28 T zif_xslt_set_base
2c40 T zif_xslt_set_encoding
2aa4 T zif_xslt_set_error_handler
2c48 T zif_xslt_set_log
33cc T zif_xslt_set_object
2450 T zif_xslt_set_sax_handlers
2890 T zif_xslt_set_scheme_handlers
3444 T zif_xslt_setopt
22e8 T zm_info_xslt
222c T zm_startup_xslt
 U zval_add_ref

-- 
james reynolds, bsc

Re: LSI Logic 53C1030 on DL145-G2 not working

[Marco Peereboom]

The BIOS on your box is lying.  Update it to something newer and it might
magically work.

Also update to -current.

On Mon, Aug 08, 2005 at 06:07:47PM -0500, bofh wrote:
 Hi,
 
 I have a HP DL145-G2. The SCSI card that comes with is supposed to be
 supported by the mpt driver - the LSI Logic 53c1030 Fusion. It's not.
 
 I also bought a MegaRAID 320-2X which I thought was supposed to be supported
 by the ami driver, it's not. The MegaRaid has the latest bios, H429 build
 Feb04, 2005.
 
 Tested under both i386 and amd64 (both 3.7 and -current on Aug 2, 2005).
 
 Anything that can be jiggled or twigged to make them work? Thanx in advance
 for your kind help.
 
 Btw, what's a hardware RAID card (PCI-X) that is currently on the market
 that is supported? I've already gotten two strikes even going with what's
 supported by /amd64.html and /i386.html, so, if anyone has any
 recommendation, I'd really appreciate it.
 
 -Tai
 
 lspci -v and dmesg from the install disk follows:
 
 -8
 82:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 02)
 Subsystem: LSI Logic / Symbios Logic MegaRAID 532 SCSI 320-2X RAID
 Controller
 Flags: bus master, stepping, 66Mhz, medium devsel, latency 64, IRQ 225
 Memory at d860 (32-bit, prefetchable) [size=64K]
 Memory at d810 (32-bit, non-prefetchable) [size=512K]
 Capabilities: [c0] Power Management version 2
 Capabilities: [d0] Message Signalled Interrupts: 64bit+ Queue=0/1 Enable-
 Capabilities: [e0] PCI-X non-bridge device.
 
 87:01.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X
 Fusion-MPT Dual Ultra320 SCSI (rev 07)
 Subsystem: Compaq Computer Corporation: Unknown device 00f4
 Flags: bus master, 66Mhz, medium devsel, latency 128, IRQ 233
 I/O ports at 2000 [size=256]
 Memory at d822 (64-bit, non-prefetchable) [size=128K]
 Memory at d820 (64-bit, non-prefetchable) [size=128K]
 Capabilities: [50] Power Management version 2
 Capabilities: [58] Message Signalled Interrupts: 64bit+ Queue=0/0 Enable-
 Capabilities: [68] PCI-X non-bridge device.
 
 8---
  OpenBSD/i386 BOOT 2.06
 boot
 booting fd0a:/bsd: 4302596+825452=0x4e40b8
 entry point at 0x100120*
 
 WARNING: CAN'T ALLOCATE RAM (5000-c000) FROM IOMEM EXTENT MAP!
 uvm_page_physload: unable to load physical memory segment
 4 segments allocated, ignoring 0x1000 - 0xbfffc
 increase VM_PHYSSEG_MAX
 Copyright (c) 1982, 1986, 1989, 1991, 1993
 The Regents of the University of California. All rights reserved.
 Copyright (c) 1995-2005 OpenBSD. All rights reserved. http://www.OpenBSD.org
 
 OpenBSD 3.7 (RAMDISK_CD) #573: Sun Mar 20 00:27:05 MST 2005
 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
 cpu0: AMD Opteron(tm) Processor 252 (AuthenticAMD 686-class) 2.62 GHz
 cpu0:
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
 LUSH,MMX,FXSR,SSE,SSE2,PNI
 real mem = 2146107392 (2095808K)
 avail mem = 2772189184 (2707216K)
 using 4278 buffers containing 280363008 bytes (273792K) of memory
 mainbus0 (root)
 bios0 at mainbus0: AT/286+(fc) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfd5f0
 pcibios0 at bios0: rev 2.1 @ 0xfd5f0/0xa10
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/288 (16 entries)
 pcibios0: no compatible PCI ICU found: ICU vendor 0x10de product 0x0051
 pcibios0: Warning, unable to fix up PCI interrupt routing
 pcibios0: PCI bus #4 is the last bus
 bios0: ROM list: 0xc/0xd400 0xcd800/0x1000 0xce800/0x1600 0xd/0x1600
 0xd
 1800/0x2200 0xd4000/0x800
 cpu0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
 vendor Nvidia, unknown product 0x005e (class memory subclass
 miscellaneous, re
 v 0xa3) at pci0 dev 0 function 0 not configured
 pcib0 at pci0 dev 1 function 0 vendor Nvidia, unknown product 0x0051 rev
 0xa3
 vendor Nvidia, unknown product 0x0052 (class serial bus subclass SMBus,
 rev 0x
 a2) at pci0 dev 1 function 1 not configured
 ohci0 at pci0 dev 2 function 0 vendor Nvidia, unknown product 0x005a rev
 0xa2:
 irq 10, version 1.0, legacy support
 ohci0: SMM does not respond, resetting
 usb0 at ohci0: USB revision 1.0
 uhub0 at usb0
 uhub0: Nvidia OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
 uhub0: 4 ports with 4 removable, self powered
 ehci0 at pci0 dev 2 function 1 vendor Nvidia, unknown product 0x005b rev
 0xa3:
 irq 11
 ehci0: timed out waiting for BIOS
 ehci0: EHCI version 1.0
 ehci0: companion controller, 4 ports each: ohci0
 usb1 at ehci0: USB revision 2.0
 uhub1 at usb1
 uhub1: Nvidia EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
 uhub1: single transaction translator
 uhub1: 4 ports with 4 removable, self powered
 pciide0 at pci0 dev 6 function 0 vendor Nvidia, unknown product 0x0053 rev
 0xa
 2: DMA (unsupported), channel 0 configured to compatibility, channel 1
 configure
 d to compatibility
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0: TEAC, CD-224E, 9.9A SCSI0 5/cdrom removable
 pciide0: channel 1 ignored (not 

Re: LSI Logic 53C1030 on DL145-G2 not working

[bofh]

On 8/8/05, Marco Peereboom [EMAIL PROTECTED] wrote:

 The BIOS on your box is lying. Update it to something newer and it might
 magically work.


Oh gods. I just went to HP's site, and saw that there's bios updates
available. This is a HP DL145-G2, which has 2 hard drives, and no floppy.
Even the CDRom drive is optional.

Guess what their updates run on? The fscking SP31039 bios update for the
DL145-G2 extracts to a physical floppy disk. GAH Morons at work.

*sigh* Will have to do this in the morning.

-Tai

Re: ccd troubles

[Nick Holland]

James Boothe wrote:
 I'm having a bit of trouble with ccd. I have a box with 2 80G IDE
 drives and 1 200G IDE drive. I'm going by the FAQ step for step
 here but after the ccd is configured and I get ready to run
 disklabel -E ccd0 it only sees the first frive. I've redone it 6 or
 7 times, and switched the drive order in ccd.conf. I've tried
 taking each drive out one at a time and doing it with the other two
 drives but it always ends up the same. I'm hoping somebody can
 help me out here. Hre's what I have in ccd.conf
 
 ccd016  none/dev/wd2a /dev/wd1a /dev/wd0h
 
 wd2a is the 200G drive with one big empty partition
 wd1a is one of the 80G drives with one big empty partition
 wd0h is 78G, the other 2 went to the OS
 
 Any help or ideas would be appreciated. If there is any relevent
 information I left out let me know.

Show us what you are seeing and tell us what you are expecting to see.
Yes, disklabel -E ccd0 should only show you one drive, so I have no
idea what you are not seeing that you are expecting.

(trivial little things like dmesg, disklabel and fdisk outputs might
be useful, too).

Nick.

Re: hardware issues on sparc64

[Nick Holland]

Bob Ababurko wrote:
 hello-
 
 I am trying to load 3.5 sparc64 on an Ultra2.  After booting from the CD 
 I get an error message that says( i think) it cannot find the cd-drive 

No...that's not what it says.

 or file on the CD.  

yes, that IS what it says.

 That makes little sense since I see it start to boot
 the CD.  Is this a bad burn?  I know the disc worksused it many 
 times.  Degraded?
 
 Any ideas on the error?

yep.  Error is pretty clear, I think...

 
 ok boot cdrom
 Boot device: /sbus/SUNW,[EMAIL PROTECTED],880/[EMAIL PROTECTED],0:f  File 
 and args: 
 kernel/sparcv9/un
 ix

'kernel/sparcv9/unix'.  That's a funny way to spell 'bsd'!

(hint: /bsd is the standard name and location for the OpenBSD kernel.)

 OpenBSD IEEE 1275 Bootblock 1.1
 .. OpenBSD 3.5 (obj) #0: Mon Mar 29 12:00:16 MST 2004
  [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/stand/ofwboot/obj
 open /[EMAIL PROTECTED],0/SUNW,[EMAIL PROTECTED],880/[EMAIL 
 PROTECTED],0:f/kernel/sparcv9/unix: No such 
 file or
   directory

You know, if you look for a file kernel/sparcv9/unix, I'll bet you find
it isn't on the CDROM you are using.  Might have something to do with
it, I bet. :)

Your Sun's firmware is trying to pull the wrong file off the CD.  Set
the firmware options properly, it will probably take off and run fine.

See INSTALL.sparc64 for more details...

Nick.

Matrikon's Pacesetter - August 2005

[Matrikon News]

Please forward this to all interested parties.
Please add [EMAIL PROTECTED] to your Allowed Senders list to 
avoid spam filters.

~
PACESETTER: INTELLEGENT TECHNOLOGY FOR PROCESS CONTROL - MATRIKON

Contents - Vol 1. Issue III

- Power Optimization
- Webcast: AM Blueprint
- OPC Conference 2005
- Statoil Press Release
- Alarm Management Workshops
- OPC Corner
- Plant Performance Test
- MatrikonOPC Conference 
=

INCREASING POWER GENERATION WITH ADVANCED TECHNOLOGY

Advanced Condition Monitoring

The three key areas seeing critical success in generation 
optimization programs worldwide are Abnormal Condition Monitoring, 
Condition-Based Maintenance strategies, and Information 
Visualization Solutions.

Get this paper and find out how pacesetter power plants are 
generating more for less. 

GET THE FULL STORY:
http://www.matrikon.com/whitepapers/AdvancedConditionMonitoring_power.pdf

=

WEBCAST
Tuesday
September 1, 2005
1:30 PM EDT

ALARM MANAGEMENT BLUEPRINT: 
Achieving Pacesetter Status For Your Plant

REGISTRATION AND DETAILS:
http://www.matrikon.com/news/webcast_signup.asp?WID=010905

Topics include:
 - Developing and adopting an alarm philosophy 
 - Understanding of industry standards and corporate governance 
   requirements 
 - Incorporating an alarms and events database 
 - Defining primary alarm management work processes 
 - Leveraging technology in all business areas 
 - Defining metrics for tracking 
 - Visibility and accountability 
 - Proven execution methodology 
 - Continuous improvement model 
 
Presented by:
Mike Brown, M.A.Sc., P.Eng.
Vice President of Technology
Matrikon

=

TRANSFORMING INDUSTRIAL CONNECTIVITY

MatrikonOPC Conference 2005

MatrikonOPC Conference 2005 is the standards-based OPC technology 
conference of the year. This three-day event focuses on system 
interoperability, reliability, security, and simplicity. This is 
a must-attend conference for anyone interested in industrial 
connectivity, including system architects, integrators, managers, 
and end-users across all industries.

 - Leverage OPC standards-based connectivity 
 - Learn industry best practice 
 - Get tips, tricks, and troubleshooting secrets 
 - Take part in hands-on workshops 
 - Hear what's new for 2006 

CONFERENCE DETAILS:
http://www.opcug.org/

=

STATOIL: DECISION SUPPORT WITH REAL-TIME WELL MONITORING

Matrikon(tm) technology to improve Statoil's monitoring of 
offshore assets 

Matrikon's technology complements the best-practice, integrated 
operations processes that Statoil is developing, said Terje 
Schmidt, Chief Engineer for Production Technology at Statoil. 
We are demonstrating that technology can be used to leverage 
the information of our existing infrastructure, and to distribute 
the information to multiple stakeholders along with the added 
context they require to perform their jobs. 

READ THIS PRESS RELEASE:
http://www.matrikon.com/news/showarticle.asp?ID=663

=

INSTITUTIONALIZING ALARM MANAGEMENT 
Alarm Management 
Hands-on Workshops - 2005

 - Prepare your plant for new regulations. 
 - Successfully eliminate up to 75% of your alarms. 
 - Improve safety standards while reducing downtime. 
 - Learn strategies to prioritize and configure alarm settings. 
 - Reduce alarm management implementation time by 30%. 
 - Examine successful, working solutions. 

August 9 - 10, Chicago, Illinois
http://www.matrikon.com/services/training2/workshop_details.asp?ID=258

August 22 - 23, Perth, Australia
http://www.matrikon.com/services/training2/workshop_details.asp?ID=301

September 5 - 6, Melbourne, Australia 
http://www.matrikon.com/services/training2/workshop_details.asp?ID=300

September 13 - 14, Los Angeles, California 
http://www.matrikon.com/services/training2/workshop_details.asp?ID=260

September 14 - 15, St. Louis, Missouri
http://www.matrikon.com/services/training2/workshop_details.asp?ID=272

2005 Global Schedule
http://www.matrikon.com/services/training2/schedule.asp

The information presented in this course will prove invaluable 
in helping us develop and implement an alarm management program 
for our plant. 

John Nye
Sunoco Chemicals

=

OPC CORNER

Complimentary Downloads
http://www.matrikonopc.com/products/opc-downloads

White Paper - CMMS: Integrating Real-Time Information for Condition-Based 
Maintenance
http://www.matrikon.com/download/CMMS_Integrating_RealTime_Information_for_CBM.pdf

OPC Multimedia Tutorial
http://www.matrikonopc.com/training/opc-multimedia-tutorial/opcda_pop.html

Re: ccd troubles

[James Boothe]

On Mon, Aug 08, 2005 at 10:05:50PM -0400, Nick Holland wrote:
 James Boothe wrote:
  I'm having a bit of trouble with ccd. I have a box with 2 80G IDE
  drives and 1 200G IDE drive. I'm going by the FAQ step for step
  here but after the ccd is configured and I get ready to run
  disklabel -E ccd0 it only sees the first frive. I've redone it 6 or
  7 times, and switched the drive order in ccd.conf. I've tried
  taking each drive out one at a time and doing it with the other two
  drives but it always ends up the same. I'm hoping somebody can
  help me out here. Hre's what I have in ccd.conf
  
  ccd016  none/dev/wd2a /dev/wd1a /dev/wd0h
  
  wd2a is the 200G drive with one big empty partition
  wd1a is one of the 80G drives with one big empty partition
  wd0h is 78G, the other 2 went to the OS
  
  Any help or ideas would be appreciated. If there is any relevent
  information I left out let me know.
 
 Show us what you are seeing and tell us what you are expecting to see.
 Yes, disklabel -E ccd0 should only show you one drive, so I have no
 idea what you are not seeing that you are expecting.
 
 (trivial little things like dmesg, disklabel and fdisk outputs might
 be useful, too).
 
 Nick.

Thanks for the reply. I got it working finally though. Yes I realize
it will show up as one disk in disklabel, that's pretty much the point
of ccd. The problem was it was only showing the first disk as in 80G,
not 200+80+80GB. I'm still not sure what the exact problem was but
about 8 tries and several reboots and obscenities later it magically
started working.

Re: SCSI enclosure + disks wanted

[Michael C. Ibarra]

Theo;

I have some enclosures that are leftover from a custom job we did for a 
customer.  These were basically our 1U (3x hot-swap scsi) and 2U (6X 
hot-swap scsi) chassis's but without mobo, just power supply and 
special cabling to allow HDD's to attach to power supply.  I am not 
sure if the cases in question have the necessary cabling, but I will 
check, if so, they are yours. I do have quite a few 1U and 2U cases 
with power supplies, in case you wish to rack mount any gear.  We are 
no longer having these cases made for us, too costly, and have a boat 
load that we are looking to sell cheap, as well as donate to obsd.


Lemme know,

-mike

Quoting Theo de Raadt [EMAIL PROTECTED]:


We are looking for a SCSI RAID enclosure + at least a few disks, for
testing/development purposes, in Toronto.  This is to make the raid
management stuff work better.  A few of us are working on the code,
but we would like the main scsi guys in Toronto to play along too.

The stuff is making process; here is a demo of a small part part of
it:

# bioctl -h ami0
Volume  Status Size   Device
ami0 0 Online   341G sd0  RAID5
 0 Online  68.4G 0:0.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 1 Online  68.4G 0:2.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 2 Online  68.4G 0:4.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 3 Online  68.4G 0:8.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 4 Online  68.4G 1:10.0  ses1   MAXTOR  
ATLAS15K2_73SCA JNZ6
 5 Online  68.4G 1:12.0  ses1   MAXTOR  
ATLAS15K2_73SCA JNZ6

ami0 1 Online   341G sd1  RAID5
 0 Online  68.4G 0:1.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 1 Online  68.4G 0:3.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 2 Online  68.4G 0:5.0   ses0   MAXTOR  
ATLAS15K2_73SCA JNZ6
 3 Online  68.4G 1:9.0   ses1   MAXTOR  
ATLAS15K2_73SCA JNZ6
 4 Online  68.4G 1:11.0  ses1   MAXTOR  
ATLAS15K2_73SCA JNZ6
 5 Online  68.4G 1:13.0  ses1   MAXTOR  
ATLAS15K2_73SCA JNZ6


This shows that userland knows which controllers are tied to which
system disks, which drives are backing it, and which ses/safte devices
are managing the those drive in the enclosure.

So, if someone has one to give or loan on a semi-permanent basis,
please let me know.

Thanks.

Conditional passive FTP rules on firewall

[Jason Haag]

Hi,

I am trying to setup an (mostly) isolated network to clean infected PCs.
Based on my personal judgment of security vs. convenience I would like
to allow the clients to use certain web and ftp sites.

Web site access is controlled via squid (transparent).
Ftp access works in active mode via ftp-proxy.
Passive mode does *not* work since I block client traffic not going to
the proxies via pf.

Problem is that most web browsers I deal with these days use passive
mode. I would prefer not to change these browser settings (if they can
be changed).

So and now finally to the question:
Is it possible to create conditional pf rules to pass certain traffic to
a host *after* a connection to a specific port on the same host has been
made?
So, a client is connecting to ftp.host.net on default port 21. Hence, pf
allows the same client to connect to other ports on that host.

I've read man pf.conf and thought that tables or tags *might* work for
this.
Tables: How do I *automatically* add hosts to tables?
Tags: How can I use a tag on different packets?
For both: How do I set an inactivity timeout to undo those changes
automatically?

Have I missed something? Any other ideas? This isn't really critical of
course, but I thought I'd ask the list before I give up on this thought.

The OpenBSD gateway is running 3.7-stable/sparc64.

Thanks!
-Jason

Re: ccd troubles

[David Ulevitch]

On Aug 8, 2005, at 8:10 PM, James Boothe wrote:


On Mon, Aug 08, 2005 at 10:05:50PM -0400, Nick Holland wrote:

(trivial little things like dmesg, disklabel and fdisk outputs  
might

be useful, too).


Thanks for the reply. I got it working finally though. Yes I realize
it will show up as one disk in disklabel, that's pretty much the point
of ccd. The problem was it was only showing the first disk as in 80G,
not 200+80+80GB. I'm still not sure what the exact problem was but
about 8 tries and several reboots and obscenities later it magically
started working.


You should do as Nick says. I suggest you now try to recreate your  
problem and understand it.  Either discover that your hardware is  
going bad or educate yourself in the use of CCD so you don't fsck  
something up later.


At least, that's what I'd recommend, if you care about your data.

-david