Newsletter della 50� settimana 2005
[IMAGE] [IMAGE] Borghi Toscani | E - mail | Registrati | Inserisci un locale | Meteo | News [IMAGE] NUOVI INSERIMENTI Newsletter della 50B0 settimana 2005 LINK CONSIGLIATI PLP guest house LAST MINUTE IN TOSCANA OFFERTE SOGGIORNI IN TOSCANA LAST MINUTE FIRENZE NEW WEB SITE ABETONE.COM LE NUOVE WEB CAM DI ABETONE Abetone.com Web cam Abetone Offerte Last minute Abetone Web Cam Abetone News, eventi e manifestazioni in Toscana questa settimana Data Evento Tipologia 14/12/2005 Torino 2006 La fiamma olimpica a Firenze (Concerti) 14/12/2005 Crinali: Teatro canzone PORRETTA TERME (Concerti) 14/12/2005 Idee, modelli, invezioni FIRENZE (Mostre) 15/12/2005 Impruneta Natale (Sagre e Fiere) 16/12/2005 Passaggio della Fiamma Olimpica ABETONE (Feste Paesane) 16/12/2005 Mercatino dell'avvento ABETONE (Mercatini) 16/12/2005 Misura per Misura PESCIA (Teatro) 17/12/2005 Auser filo d' Argento PESCIA (Feste Paesane) 17/12/2005 Bagni a natale BAGNI DI LUCCA (Mercatini) 17/12/2005 Silvana Lapi - Opere dal 1975 al 2005 PORRETTA TERME (Mostre) 18/12/2005 Artingegno COLLE VAL D'ELSA (Mercatini) 18/12/2005 Mercatini di Natale PALAZZUOLO SUL SENIO (Mercatini) 18/12/2005 Fiera promozionale portone dei borghi LUCCA (Sagre e Fiere) 18/12/2005 Fiera promozionale Festa di S. Lucia TAVARNELLE V.P. (Sagre e Fiere) 19/12/2005 Idee, modelli, invenzioni FIRENZE (Mostre) 20/12/2005 Mercatino medievale di Natale MONTERIGGIONI (Mercatini) 20/12/2005 Donna Donne FIRENZE (Mostre) 20/12/2005 Fiera SCANSANO (Sagre e Fiere) 21/12/2005 Natale a Monteriggioni (Mostre) 22/12/2005 LbAngelo di Gesso PESCIA (Teatro) 23/12/2005 Mercatino dell'avvento ABETONE (Mercatini) 23/12/2005 Cbera una volta il Cantaestate PESCIA (Teatro) escursioni toscana PITTI IMMAGINE UOMO N. 69 Settembre lucchese11 - 14 gennaio 2006 Firenze, Fortezza da Basso Organizzata da Pitti Immagine, promossa dal Centro di Firenze per la Moda Italiana. Pitti Immagine Uomo C( la manifestazione che come ogni anno Pitti immagine uomo n. 69 Raccolta delle informazioni e Registrazione ai servizi Piramedia srl, in qualitC di titolare del trattamento, Ti informa che i dati personali che ci avrai fornito, volontariamente o automaticamente attraverso i nostri portali, saranno trattati, con il tuo consenso allo scopo di trasmetterti i servizi da te richiesti. In particolare ti verranno inviate tramite posta elettronica o sms, informative o offerte a carattere commerciale o pubblicitario, inerenti al Turismo. Ti verranno inviate inoltre comunicazioni circa modifiche, miglioramenti, o cambiamenti dei servizi da noi proposti. In coda ad ognuno di questi messaggi sarC sempre presente il modo perchC) tu possa rimuovere i tuoi dati dal nostro archivio. Piramedia srl, non raccoglierC in nessun modo dati ritenuti sensibili e si impegna a non utilizzare i tuoi dati, o cederli a terzi, per finalitC che siano diverse da quelle qui sopra elencate. Formula di acquisizione del consenso dell'interessato. Il/la sottoscritto/a, acquisite le informazioni fornite dal titolare del trattamento ai sensi dell'articolo 13 del D.Lgs. 196/2003, l'interessato: - presta il suo consenso al trattamento dei dati personali per i fini indicati nella suddetta informativa. - presta il suo consenso per la comunicazione dei dati personali per le finalitC ed ai soggetti indicati nell'informativa. - presta il suo consenso per la diffusione dei dati personali per le finalitC e nell'ambito indicato nell'informativa. DISDETTA Se non vuoi piC9 ricevere l'edizione gratuita di "BorghiToscani.com" clicca su questo link: disdetta Vecoli Cottage Vecoli Tenuta il Cicalino Tenuta il Cicalino Centro Velico Naregno Centro Velico Naregno Tirrenia Ferries Tirrenia Ferries Hotel Le Acacie Hotel Le Acacie Hotel Tornese Hotel Tornese Rooms with a view Althea rooms Park Hotel Argentario Camping Il Gabbiano Le Cannelle Argentario Osa Talamone Camping Hotel Telamonio Hotel Capo Duomo Pian dei Pini La Valentina Cavalleggeri Hotel L'Etrusco Le Colombe Borgo Dolciano Locanda dei Guelfi Villino Il Magnifico Villa Elea Fontecastello Hotel Massimo Hotel Alex A casa di Dante B&B Gilda Podere Giarlinga Fonte del Cieco Ninna Nanna Campo di Carlo Hotel La Pergola Podere Saliciaia Hotel Galli Villa Conti Albergo La Scogliera Valle Santa Maria Hotel Fontalleccio Hotel Il Ponte Casa del Golfo Il Viottolo Hotel Riva del Sole Hotel Montecristo Villa Cristina Ideamare Agriturismo Rebua Enoteca Il Salotto Villa Volpi 1999 - 2005 - Copyright and Project by Piramedia srl - Tutti I Diritti Riservati -Privacy [IMAGE]
Re: Problems with 4 port ethernet cards
Jeff Simmons wrote: I'm having some interesting problems with a Pentium 4 server and 4 port ethernet cards. The server has 2 Intel Pro 1000 ethernets on board, and an Intel Pro 1000 4 port card installed. The problem is that it runs fine for from a day to a week or so, and then the ports on the 4 port card just stop working. Only thing I've found in the logs anywhere is a series of messages: Well, one thing that was talked about in the archive a lots is the high level of interrupts on these cards. I am not saying it's your problem, but all so far have express success by simply using the bsd.mp even on a single processor server. So, I would try that first and see the results. Just a thought. Daniel
Problems with 4 port ethernet cards
I'm having some interesting problems with a Pentium 4 server and 4 port ethernet cards. The server has 2 Intel Pro 1000 ethernets on board, and an Intel Pro 1000 4 port card installed. The problem is that it runs fine for from a day to a week or so, and then the ports on the 4 port card just stop working. Only thing I've found in the logs anywhere is a series of messages: Dec 6 21:33:04 fw2 /bsd: em2: watchdog timeout -- resetting when the ethernets die. I tried swapping the Pro 1000 4 port with an Adaptec Quartet64 ANA-62044 and had the same problem, but the Quartet died in hours instead of days. Any ideas, suggestions, known hardware problems, etc. would be appreciated. dmesg: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID real mem = 536387584 (523816K) avail mem = 482533376 (471224K) using 4278 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @ 0xf0010 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries) pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x25a1 pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02 ppb0 at pci0 dev 3 function 0 "Intel 82875P PCI-CSA" rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq 10, address: 00:c 0:9f:40:97:4d ppb1 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 "IBM PCIX-PCIX" rev 0x02 pci3 at ppb2 bus 3 em1 at pci3 dev 4 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address: 00 :04:23:b1:53:30 em2 at pci3 dev 4 function 1 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address: 00 :04:23:b1:53:31 em3 at pci3 dev 6 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address: 00 :04:23:b1:53:32 em4 at pci3 dev 6 function 1 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, address: 00 :04:23:b1:53:33 ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x0a pci4 at ppb3 bus 4 em5 at pci4 dev 2 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: irq 11, address: 00:c 0:9f:40:97:4e vga1 at pci4 dev 14 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 "Intel 6300ESB LPC" rev 0x02 pciide0 at pci0 dev 31 function 2 "Intel 6300ESB SATA" rev 0x02: DMA, channel 0 configure d to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd0 at pciide0 channel 1 drive 0: wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd1 at pciide0 channel 1 drive 1: wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 wd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 5 "Intel 6300ESB SMBus" rev 0x02 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 sysbeep0 at pcppi0 npx0 at isa0 port 0xf0/16: using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask e1fd netmask effd ttymask pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 wd1: no disk label dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- Jeff Simmons [EMAIL PROTECTED] Simmons Consulting - Network Engineering, Administration, Security "(Discussing our first contact with aliens) is a bit like iguanas on the Galapagos Islands sitting around trying to figure out how to treat the first human visitors. Should we offer them dead flies, or live flies? Shall we line up the flies in a row? How shall we defend ourselves? All of that is irrelevant." -- Seth Shostak, astronomer with the SETI project
Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance
On 12/16/05, Joe S <[EMAIL PROTECTED]> wrote: > I've had the same problem for years. :) > Finally tossed the box. I'm going to regret that move if a solution is > found. :( Yes, the solution (read: hack) works and I've verified it with with a few other people and several units of my own. Throughput using OpenBSD is surprisingly good, I was able to achieve ~48mbit/s of packet-passing throughput (@1500byte packets) from one fxp interface to another with PF/NAT. I was able to scp ~18-20mbit/s to the unit as well, openssl speed tests weren't wonderful but weren't shabby for the hardware it resides on: # openssl speed -evp aes-128-cbc Doing aes-128-cbc for 3s on 16 size blocks: 1142781 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 64 size blocks: 390725 aes-128-cbc's in 3.01s Doing aes-128-cbc for 3s on 256 size blocks: 101947 aes-128-cbc's in 3.00s Doing aes-128-cbc for 3s on 1024 size blocks: 25829 aes-128-cbc's in 2.99s Doing aes-128-cbc for 3s on 8192 size blocks: 3135 aes-128-cbc's in 3.00s OpenSSL 0.9.7g 11 Apr 2005 options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) aes(partial) blowfish(idx) available timing options: USE_TOD HZ=100 [sysconf value] timing function used: getrusage The 'numbers' are in 1000s of bytes per second processed. type 16 bytes 64 bytes256 bytes 1024 bytes 8192 bytes aes-128-cbc 6079.00k 8313.82k 8699.48k 8839.32k 8560.64k > BTW, FreeBSD or Linux(yuck) worked ok, as in, it booted fine. They all boot and run fine. I independently confirmed NetBSD 3.0RC6 and FreeBSD 6.0 as well.
Re: finding duplicate files
On Friday, December 16, Smith wrote: > > Is there any unix utility or script or OpenBSD port that will find > duplicate binary files within a directory? md5(1) and sort(1) should largely do what you want. --Toby.
finding duplicate files
Is there any unix utility or script or OpenBSD port that will find duplicate binary files within a directory?
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
Randal L. Schwartz wrote: >> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: > >>> I'm upgrading a remote box, so a "standard upgrade" is not an option, >>> nor is a reinstall. There was no warning in the FAQ that the >>> information was definitely broken. It must have worked for *someone* >>> or it wouldn't have been put in the FAQ, I presume. > > Theo> Oh, but you don't understand. > > Actually, I do. No, you do not. You worked hard to ignore the instructions on how to do EXACTLY THIS. It tells you EXACTLY how to do a remote upgrade. http://www.openbsd.org/faq/upgrade38.html NEVER try to upgrade entire versions from source. You got to upgrade-old.html by ignorning the line that says: "If you wish to update to 3.8-release or 3.8-stable from previous versions, see the upgrade guide." You ignored the line that says: "This is provided as a historical record -- it should NOT be used as a upgrade procedure guide." You ignored the line that says: "You should ALWAYS use a snapshot as the starting point for running -current. Upgrading by compiling your own source code is not supported." You ignored the line that says: "The first step in building from source is to make sure you have the closest available binary installed." and many other warnings in faq5.html about not trying to do what you are doing. And now you want to tell us how to do it. heh. We have no reason to help people who want to do things the hard way. We provide a much easier way to do it. Nick.
Re: Alpha Disklabel Question
Jason McIntyre wrote: > On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote: >> >> (2) When doing the installation disklabel, the "suggested" starting >> offset for the 'a' partition is 0? I know using an offset of 0 is >> discouraged on i386 and other systems (default is 63), so I figured I'd >> ask if using a 0 offset is the "best/correct" way for alpha? >> > > i'm going to let nick answer this (you're reading, right nick? ;) > *i* don't know, but i'd like to know the answer. what made you guess? :) > faq 14.10 says, at one point: "Notice that the offset starts at 63. This > is what you want." *CHOKE* don't say things to me like that when I'm eating! > i'm trying to find where we document *why* 63 is "what you want" and if > it's MI. oh. my. gawd. That is so wrong. Disklabel offsets are very much machine dependent. On i386, that statement is STILL wrong, though you will be digging up either some unusual historic hardware or some really unusual devices for there to be an issue. Still, that's just wrong. On i386, it is NOT "63 sectors", it is "one (logical) track". On modern (>500M) hard disks, one logical track is 63 sectors, but that was not always the case, and I don't think it has to be the case now for "small" storage devices. The i386 systems have a "master boot record" (MBR) which occupies the very first sector on the disk. Custom is to have OSs starting on track boundaries, so you leave a one track offset. On i386, you can't have a zero sector offset, at least if you want to stay sane in the long run. Other platforms are different. Many need no offset, they don't use the "two layer" partitioning system that IBM AT descended machines use. This is a section I've been avoiding looking at, because I know it needs to be improved. Obviously, I underestimated HOW much it needs to be improved. Well, I guess I know how I'll be spending my Friday night... (once I get the lasagna out of the keyboard) Nick.
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
On Dec 16, 2005, at 6:00 PM, Jason Crawford wrote: First off, I fail to see how extracting the install sets via ssh can't be done, as that's mentioned in the FAQ as one upgrade method. Upgrading via the install sets remotely works absolutely fine. I do it every six months on a couple dozen boxes scattered all over the place. It takes *maybe* ten minutes, and perhaps another ten to get the box's services back up. If Randall is having issues reading the (very clear) upgrade FAQ, my services are available for a nominal fee. ;-) -- Bryan Allen [EMAIL PROTECTED] http://bda.mirrorshades.net Cyberpunk is dead. Long live cyberpunk.
Re: Alpha Disklabel Question
On Fri, 16 Dec 2005, J.C. Roberts wrote: > Eventually, the boot_osflags in the SRM needs to be set to "a" but the > default is "A" -The case would make no difference for some OS's but > OpenBSD probably won't like it. ;-) fwiw i've been doing fine with `A' for ages. -- [-] mkdir /nonexistent
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
On 16 Dec 2005 14:41:38 -0800, Randal L. Schwartz wrote: > > "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: > > Theo> If you get stuck doing an upgrade build, please do a standard upgrade > Theo> or reinstall. > > Theo> We have never promised that such builds will work perfectly, nor can we > Theo> dedicate 3-4 developers full-time to making sure they do. Which is > Theo> pretty much what it would take. > > I understand that. However, I'm hoping that someone else reading this > mailing list will have tried the paragraph given in the FAQ, and either > succeeded with a workaround, or discovered the futility as well. > > I'm upgrading a remote box, so a "standard upgrade" is not an option, > nor is a reinstall. There was no warning in the FAQ that the > information was definitely broken. It must have worked for *someone* > or it wouldn't have been put in the FAQ, I presume. > First off, I fail to see how extracting the install sets via ssh can't be done, as that's mentioned in the FAQ as one upgrade method. Second, the source upgrade stuff has worked for people in the past, but they usually know enough about the system to actually fix something if it breaks. A source upgrade probably has less of a chance of working as extracting the install sets via ssh as mentioned in the FAQ, so you're running a risk either way. My suggestion, get the box shipped back to you or ship out a new hard drive with the new install on it, and all the other data copied over. Since OpenBSD is compiled to work on all i386 boxes, it shouldn't really matter which box you install it on, as long as you properly set the network config how it should be on the remote box. Jason
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: >> As it is, I worked out the problems. For the record, the workaround is: >> >> 1) remove the obj directory Theo> Look, if you did not do this, you are an idiot. However, what I meant was that this was in addition to the "don't do the make obj step" (which I didn't make clear by its absence), because that breaks the paths more than they should. So, the "binaries" need to end up in the original paths, not the obj paths. This is contrary to the FAQ, which says to do the "make obj" step. So, I added a step which cleans up from the "normal" build process. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior
On 16/12/05, Chris Cappuccio <[EMAIL PROTECTED]> wrote: > > tony sarendal [EMAIL PROTECTED] wrote: > > > > Most nice switches can tag all vlans on a trunk. OpenBSD is doing the > right > > thing. > > > > Sure, once you set the "native vlan" to something other than vlan 1. Most > switches have a "native vlan" concept which really just means untagged. > Example of config in nice switch: set dot1q-all-tagged enable Done, no such rubbish as "native vlan" on my trunks. /Tony -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, "I couldn't help it, it's my nature" =-
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: >> I'm upgrading a remote box, so a "standard upgrade" is not an option, >> nor is a reinstall. There was no warning in the FAQ that the >> information was definitely broken. It must have worked for *someone* >> or it wouldn't have been put in the FAQ, I presume. Theo> Oh, but you don't understand. Actually, I do. I've been around the block on open source projects. I'm surprised you don't recognize that. :) I was hoping to get *lucky* that someone had this problem already. As it is, I worked out the problems. For the record, the workaround is: 1) remove the obj directory 2) issue "cleandir" and the default build, which will fail 3) Edit /usr/src/gnu/lib/libstdc++/include/Makefile to read GCC_SRCDIR=/usr/src/gnu/usr.bin/gcc/gcc instead of the broken relative path it generates 3) reissue the default build, and install I'm restarting the /usr/src "make build", so I've also edited the parent Makefile so that it won't try to redescend into libstc++. I hope that works. :) -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
Oh give it up. You are clearly not skilled enough to even compile code, let alone provide consulting services. > > "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: > > >> As it is, I worked out the problems. For the record, the workaround is: > >> > >> 1) remove the obj directory > > Theo> Look, if you did not do this, you are an idiot. > > However, what I meant was that this was in addition to the "don't do > the make obj step" (which I didn't make clear by its absence), because > that breaks the paths more than they should. So, the "binaries" need > to end up in the original paths, not the obj paths. > > This is contrary to the FAQ, which says to do the "make obj" step. > So, I added a step which cleans up from the "normal" build process. > > -- > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 > http://www.stonehenge.com/merlyn/> > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
> >> I'm upgrading a remote box, so a "standard upgrade" is not an option, > >> nor is a reinstall. There was no warning in the FAQ that the > >> information was definitely broken. It must have worked for *someone* > >> or it wouldn't have been put in the FAQ, I presume. > > Theo> Oh, but you don't understand. > > Actually, I do. I've been around the block on open source projects. > I'm surprised you don't recognize that. :) I don't think you understand. Or you would have fixed your problems instead of whining. > As it is, I worked out the problems. For the record, the workaround is: > > 1) remove the obj directory Look, if you did not do this, you are an idiot.
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
On 16 Dec 2005 14:41:38 -0800, Randal L. Schwartz wrote: > > I'm upgrading a remote box, so a "standard upgrade" is not an option, > nor is a reinstall. There was no warning in the FAQ that the > information was definitely broken. It must have worked for *someone* > or it wouldn't have been put in the FAQ, I presume. what is wrong with tar -C / -zxvpf base38.tgz ?
Re: Alpha Disklabel Question
On Fri, 16 Dec 2005 23:36:34 +0100 (CET), Tamas TEVESZ <[EMAIL PROTECTED]> wrote: >On Fri, 16 Dec 2005, J.C. Roberts wrote: > > > (1) When booting the cd38.iso with either bsd or bsd.rd you go into UKC > > rather than directly into the installation. I'm guessing this is normal > > since I'm sure there might be some things that need doing for some of > > the more esoteric alpha hardware but it's worth asking to make sure. > >you probably have a rogue `-s' in boot_osflags (try `show boot_osflags' >or even `show boot*' in srm). Without an OS installed and booting from CD through the SRM the INSTALL.alpha file suggests/requires overriding the both the SRM boot file (-fi switch) and the SRM boot flags (-fl switch): >>>boot -fi bsd -fl ac dka0 Frightening... I added the "c" to the boot flags as instructed and didn't even notice it. Eventually, the boot_osflags in the SRM needs to be set to "a" but the default is "A" -The case would make no difference for some OS's but OpenBSD probably won't like it. ;-) JCR
Re: Alpha Disklabel Question
On Fri, 16 Dec 2005 22:14:34 +, Jason McIntyre <[EMAIL PROTECTED]> wrote: >On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote: >> >> (2) When doing the installation disklabel, the "suggested" starting >> offset for the 'a' partition is 0? I know using an offset of 0 is >> discouraged on i386 and other systems (default is 63), so I figured I'd >> ask if using a 0 offset is the "best/correct" way for alpha? >> > >i'm going to let nick answer this (you're reading, right nick? ;) >*i* don't know, but i'd like to know the answer. > >faq 14.10 says, at one point: "Notice that the offset starts at 63. This >is what you want." > >i'm trying to find where we document *why* 63 is "what you want" and if >it's MI. > >jmc Hi-ya jmc, It is documented in http://www.openbsd.org/faq/faq4.html [QUOTE] It is important that the first partition skips the first track of the disk, in this case, starting on sector 63. This will vary from machine to machine and disk system to disk system. If an OpenBSD partition is created starting at offset 0, this partition table will end up being overwritten by the OpenBSD partition's Partition Boot Record. The system may still be bootable, but it will be very difficult to maintain, and this configuration is not recommended or supported. [/QUOTE] The trouble is faq4 is very x86-centric. Though the disks (seagate) and controllers (qlogic) on *this* particular alpha are also usable on x86, we're still talking about a vastly different architecture. On an alpha there may not be a need for a "Partition Boot Record" per se because it's all handled by the system firmware (the SRM Console). As long as the disk holds a file system known by the SRM (i.e. CD9660, FAT or FFS), booting a kernel from a chunk of media is very straight forward. JCR
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
> I'm upgrading a remote box, so a "standard upgrade" is not an option, > nor is a reinstall. There was no warning in the FAQ that the > information was definitely broken. It must have worked for *someone* > or it wouldn't have been put in the FAQ, I presume. Oh, but you don't understand. Yes, it worked for someone at that time. But how is a person writing this FAQ supposed to write a document that says how to go from any random point in time, to any random point further on in the future? And then test that? What do you suggest? Because the only other alternative is to DELETE the upgrade faq. Do you understand where we am coming from? If you expect a perfect document, with such a tight constraint, it is really totally impossible for anyone to write.
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes: Theo> If you get stuck doing an upgrade build, please do a standard upgrade Theo> or reinstall. Theo> We have never promised that such builds will work perfectly, nor can we Theo> dedicate 3-4 developers full-time to making sure they do. Which is Theo> pretty much what it would take. I understand that. However, I'm hoping that someone else reading this mailing list will have tried the paragraph given in the FAQ, and either succeeded with a workaround, or discovered the futility as well. I'm upgrading a remote box, so a "standard upgrade" is not an option, nor is a reinstall. There was no warning in the FAQ that the information was definitely broken. It must have worked for *someone* or it wouldn't have been put in the FAQ, I presume. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
If you get stuck doing an upgrade build, please do a standard upgrade or reinstall. We have never promised that such builds will work perfectly, nor can we dedicate 3-4 developers full-time to making sure they do. Which is pretty much what it would take. > >From http://openbsd.org/faq/upgrade-old.html > I see that I need to issue the following: > > # cd /usr/src/gnu/lib/libstdc++ > # make -f Makefile.bsd-wrapper cleandir > # make -f Makefile.bsd-wrapper obj > # make -f Makefile.bsd-wrapper > # make -f Makefile.bsd-wrapper install > > I have updated my gcc (3 times now :). When I get to the next-to-last > step (before install), my build aborts with: > > c++ -I/usr/src/gnu/lib/libstdc++/../../usr.bin/gcc/gcc > -I/usr/src/gnu/lib/libstdc++/../libiberty/include > -I/usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8 > -I/usr/src/gnu/lib/libstdc++/obj/include > -I/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++ -O2 -pipe > -fno-implicit-templates -Wall -Wno-format -W -Wwrite-strings > -fdiagnostics-show-location=once -ffunction-sections -fdata-sections -c > /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc -fPIC -DPIC -o > eh_alloc.o > In file included from /usr/src/gnu/lib/libstdc++/obj/include/cstdlib:49, > from > /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc:33: > > /usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8/bits/c++config.h:35:29: > bits/os_defines.h: No such file or directory > *** Error code 1 > > Stop in /usr/src/gnu/lib/libstdc++/obj/libsupc++. > *** Error code 1 > > Stop in /usr/src/gnu/lib/libstdc++/obj (line 304 of Makefile). > *** Error code 1 > > Stop in /usr/src/gnu/lib/libstdc++/obj (line 419 of Makefile). > *** Error code 1 > > Stop in /usr/src/gnu/lib/libstdc++ (line 22 of > /usr/src/gnu/lib/libstdc++/Makefile.bsd-wrapper). > > Help! What am I doing wrong? It's holding up a "cd /usr/src && make build" > as well. Do I dare issue "make -k" to get past that? > > -- > Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 > http://www.stonehenge.com/merlyn/> > Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. > See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: Alpha Disklabel Question
On Fri, 16 Dec 2005, J.C. Roberts wrote: > (1) When booting the cd38.iso with either bsd or bsd.rd you go into UKC > rather than directly into the installation. I'm guessing this is normal > since I'm sure there might be some things that need doing for some of > the more esoteric alpha hardware but it's worth asking to make sure. you probably have a rogue `-s' in boot_osflags (try `show boot_osflags' or even `show boot*' in srm). -- [-] mkdir /nonexistent
stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"
>From http://openbsd.org/faq/upgrade-old.html I see that I need to issue the following: # cd /usr/src/gnu/lib/libstdc++ # make -f Makefile.bsd-wrapper cleandir # make -f Makefile.bsd-wrapper obj # make -f Makefile.bsd-wrapper # make -f Makefile.bsd-wrapper install I have updated my gcc (3 times now :). When I get to the next-to-last step (before install), my build aborts with: c++ -I/usr/src/gnu/lib/libstdc++/../../usr.bin/gcc/gcc -I/usr/src/gnu/lib/libstdc++/../libiberty/include -I/usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8 -I/usr/src/gnu/lib/libstdc++/obj/include -I/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++ -O2 -pipe -fno-implicit-templates -Wall -Wno-format -W -Wwrite-strings -fdiagnostics-show-location=once -ffunction-sections -fdata-sections -c /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc -fPIC -DPIC -o eh_alloc.o In file included from /usr/src/gnu/lib/libstdc++/obj/include/cstdlib:49, from /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc:33: /usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8/bits/c++config.h:35:29: bits/os_defines.h: No such file or directory *** Error code 1 Stop in /usr/src/gnu/lib/libstdc++/obj/libsupc++. *** Error code 1 Stop in /usr/src/gnu/lib/libstdc++/obj (line 304 of Makefile). *** Error code 1 Stop in /usr/src/gnu/lib/libstdc++/obj (line 419 of Makefile). *** Error code 1 Stop in /usr/src/gnu/lib/libstdc++ (line 22 of /usr/src/gnu/lib/libstdc++/Makefile.bsd-wrapper). Help! What am I doing wrong? It's holding up a "cd /usr/src && make build" as well. Do I dare issue "make -k" to get past that? -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!
Re: Alpha Disklabel Question
On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote: > > (2) When doing the installation disklabel, the "suggested" starting > offset for the 'a' partition is 0? I know using an offset of 0 is > discouraged on i386 and other systems (default is 63), so I figured I'd > ask if using a 0 offset is the "best/correct" way for alpha? > i'm going to let nick answer this (you're reading, right nick? ;) *i* don't know, but i'd like to know the answer. faq 14.10 says, at one point: "Notice that the offset starts at 63. This is what you want." i'm trying to find where we document *why* 63 is "what you want" and if it's MI. jmc
Alpha Disklabel Question
When doing an install of 3.8-RELEASE on an Alpha PSW-433 I noticed two odd thing: (1) When booting the cd38.iso with either bsd or bsd.rd you go into UKC rather than directly into the installation. I'm guessing this is normal since I'm sure there might be some things that need doing for some of the more esoteric alpha hardware but it's worth asking to make sure. (2) When doing the installation disklabel, the "suggested" starting offset for the 'a' partition is 0? I know using an offset of 0 is discouraged on i386 and other systems (default is 63), so I figured I'd ask if using a 0 offset is the "best/correct" way for alpha? Thanks, JCR
Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance
NetNeanderthal wrote: Hi misc@, Background I am yet another Nokia IP330 owner seeking help to put a real OS/Firewall onto one of these devices. I have a handful of these at my disposal, all with AMD K6-2 400MHz CPUs, 1 SDRAM bank with 256MB of CAS2 PC100 ECC SDRAM (the other is empty), 2xdc NICs, 3xfxp NICs, Primary IDE, 20GB ATA33 IDE drive, and 2x16550 serial ports. The 2xdc NICs are on an independent cPCI card, but the rest is integrated. There is also a covered RJ11 port to the right of the third onboard NIC that seems to be used for modem connectivity, but I question its functionality on a lower-level. There is an empty header spot on the mainboard for floppy controller, which is detected, but no pins connected to the solder joints (Adding a floppy header looks like a trivial task for someone with any skill in microelectronics). USB (uhci) is detected by FreeBSD, but there are no visually identifiable headers. It uses an Award Modular BIOS, v4.51PG whose console is interfaced via the first serial port using a null-modem cable. (For archival information, a pure null-modem cable is required to see the BIOS -- those with incorrect CTS/RTS alignment won't show the BIOS, but will show an AT and then no output until the OS loads using the serial port. As well, a real serial program (!Hyperterminal) that doesn't send random garbage on device initialization is necessary.) The Problem When I load the generic OpenBSD 3.8 (i386) onto the factory 20GB drive from another i386 machine, specifying the com port as its default console, the other i386 machine boots perfectly with the correct output. When I relocate the drive to the IP330, it cannot detect the serial port on boot. As well, when it gets to the boot> prompt and begins the boot process, it gets to the point where it says 'entry point at 0x100120' and then halts indefinitely, never loading the kernel. Here is the attempt from latest 3.8 Snapshot, The 3.8 from the release CD produces the same output, regardless of CD or HD boot source. ---8<--- Verifying DMI Pool Data Boot from ATAPI CD-ROM : CD-ROM: 9F Loading /3.8/I386/CDBOOT probing: pc0 mem[639K 255M a20=on] disk: cd0 OpenBSD/i386 CDBOOT 1.04 boot> set tty com0 switching console to com0 com0 console not present boot> set tty com1 switching console to com1 com1 console not present boot> machine memory Region 0: type 1 at 0x0 for 639KB Region 1: type 1 at 0x9fc00 for 1KB Region 2: type 2 at 0xf for 64KB Region 3: type 2 at 0x for 64KB Region 4: type 1 at 0x10 for 261120KB Low ram: 639KB High ram: 261120KB Total free memory: 261760KB boot> machine diskinfo DiskBIOS# TypeCylsHeads SecsFlags Checksum hd0 0x80*none* 1024255 63 0x4 0x86b8cab0 cd0 0x9flabel 0 0 0 0xa 0x0 boot> boot -c booting cd0a:/3.8/i386/bsd.rd: 4420484+740300 [52+154608+141206]=0x534480 entry point at 0x100120 ---8<--- The 'machine diskinfo' command produces an output that is inconsistent with BIOS settings for the hard drive, is this normal? I would think this not to matter since I can't boot from the CDROM either. Attempted Resolutions I have tested the OpenBSD install on the other x86 to ensure that it detects and uses the serial console as well as proper booting. Everything works very well, and as documented. I have tried to edit the kernel configuration for the serial ports to match that of the bios, but had the same results. I have also tried to edit them (address, irq, flags) to match them to what FreeBSD 6 shows in its dmesg. I have also tried to set them in the BIOS to match what OpenBSD wants. I have tested different RAM. I have tested another drive. I have tried disabling DMA and forcing PIO modes in the BIOS. I have tried forcing hard drive C/H/S parameters and auto detection. I have tried setting the 'PCI IDE IRQ Map to : PCI (AUTO)' in the PNP/PCI Configuration menu. I have tested without the cPCI dual-NIC. I have tried to boot using the drive as a slave instead of master on the primary (single) IDE channel (and modifying /etc/fstab at the same time). I have configured and unconfigured several BIOS options (text screens provided below) I have tried using the second serial port for the console. I have tried booting using 'boot -c' (this yields no additional output). I have tried compiling a custom kernel with more debugging. I have tried booting from CD using bsd.rd. I have tried NOT using the serial port for a console. I have tried reinstalling the boot blocks on the alternate x86 machine. (on that note, I would like to try booting from floppy to reinstall the boot blocks, but this operation is currently impossible). I have installed FreeBSD using the same procedure and it works fine, detecting both serial ports, using the first as its console. (dmesg provided below) serial clip from dmesg, note the flags 0x10 (also attempted in kernel config in openbsd with no results) ---8<--- sio0 at port 0x3f8
Re: ettercap
Oh man, you did just what I did? And it's work fine? 2005/12/16, Mikolaj Kucharski <[EMAIL PROTECTED]>: > > On Wed, Dec 14, 2005 at 06:05:09PM -0200, Ricardo Lucas wrote: > > That's what I did: (...) > > I think that you do something wrong. I have OpenBSD 3.8-stable, and > recompiled ettercap with -r1.14 patch-configure a minute ago and > ettercap doesn't crash at startup. > > -- > best regards > q# > -- Abragos Ricardo Lucas We have to stop been egoist and think more on ourselves.
Re: possible rtl8185 in the wild?
On 12/15/05, Han Boetes <[EMAIL PROTECTED]> wrote: > Benjamin A. Collins wrote: > > I just found this: > > > > http://linux-networking.news-view.co.uk/topic-24897.html > > > > Can anyone confirm whether the CompUSA cards have the chipset in > > them? > > NIC manifacturers have found a new interesting game: Producing > cards with the same name or serialnumber with varying chipsets. > can think of only one company benefitting from this... > > Anyway, the only way to be sure about the chipset on a NIC is to > look at the card itself or to see the dmesg. > > > > # Han > > I can confirm that both the Pc Card and the PCI wireless cards from CompUSA use the rtl8158 chipset
Barclays Bank Account Information
[IMAGE] Important Notice: December 16, 2005 Dear Sir/Madam, Barclays Bank PLC. always looks forward for the high security of our clients. Some customers have been receiving an email claiming to be from Barclays advising them to follow a link to what appear to be a Barclays web site, where they are prompted to enter their personal Online Banking details. Barclays is in no way involved with this email and the web site does not belong to us. Barclays is proud to announce about their new updated secure system. We updated our new SSL servers to give our customers a better, fast and secure online banking service. Due to the recent update of the servers, you are requested to please update your account info at the following link. http://www.barclays.co.uk/cgi-bin/accountupdate/1,00,102.html J. S. Smith Security Advisor Barclays Bank PLC. Please do not reply to this e-mail. Mail sent to this address cannot be answered. For assistance, log in to your Barclays Online Bank account and choose the "Help" link on any page. Barclays Email ID # 1009
Re: dd performance: "solved"
Hannah, Jason and others, Thanks for the replies. The answer was quite different and nobody came with the interesting solution the tester found here: On 12/16/05 00:13, Hannah Schroeter wrote: On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote: I think the very first thing you should change is use the raw device in OpenBSD (/dev/rsd0c) and that should speed things up a bit. You're right. And high enough block size (though 1024k should be okay). I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k chefren, how's the measurement on OpenBSD 3.8 with this change? About the same! Please read this small report with the "solution": = = Dell 1650, RAM size 256MB. The controller is Adaptec AIC-7899 U160 (driver ahc) The disk is Seagate ST336607LC Test times of a few minutes to minimize effects of caching. OpenBSD: dd if=/dev/zero of=/dev/sd0c bs=1024k 6 MB/sec dd if=/dev/zero of=/dev/rsd0c bs=1024k 15 MB/sec mount /dev/sd0a /mnt dd if=/dev/zero of=/mnt/foo bs=1024k 54 MB/sec So, via a normally mounted filesystem, OpenBSD has the same performance as Linux 'dd /dev/sda'. = = I'm pretty impressed the tester found this workaround, the user-mode kernel boundary seems the culprit here. Linux doesn't need this "hack" I don't know if this is fixable for OpenBSD. (Mickey?) But it's quite sure for now, if you want use dd directly to a disk with OpenBSD and need serious performance: don't forget to mount it! +++chefren
Re: BGPD Boot-Time Startup Problem
On Thu, Dec 15, 2005 at 07:19:20PM -0500, [EMAIL PROTECTED] wrote: > The ipv6 newtwork is setup in rc.local: > > #Setup ipv6 routing: > echo -n 'Setting Up IPv6 to OCCAID Network' > ifconfig gif0 giftunnel 68.21.68.114 69.72.192.238 > ifconfig gif0 inet6 2001:4830:e2:25::2 > route add -inet6 2001:4830:e2:25::1 -prefixlen 64 2001:4830:e2:25::2 > route add -inet6 default 2001:4830:e2:25::1 > > It could well be that on boot-up this is address is not avaiable yet..and > I might need to put in a delay (say startup with cron perhaps)... > Why not setting up the gif tunnel with /etc/hostname.gif0 ? The network setup is done before bgpd starts and so your problem is solved. > > On Thu, Dec 15, 2005 at 06:34:04PM -0500, [EMAIL PROTECTED] wrote: > >> When I try and startup OpenBGP at boot time I get the following error > >> message: > >> > >> Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): > >> session_connect bind: Can't assign requested address > >> > > > > You force a local address bgpd has to bind to via the local-address config > > option. It seems that on bootup the requested address is not yet > > available. It looks like your IPv6 settup is done after bgpd is started. > > > > How do you configure the IPv6 network? > > > >> Is there some type of a problem in synchroniziation at boot time wih > >> remote AS's? Maybe sometime of a delay is needed under certain > >> circunstances... > >> > > > > It mostly depends on when your local address gets available. > > > > -- > > :wq Claudio > -- :wq Claudio
Re: Odd routing problem ?
(reply inline, sorry) On Fri, Dec 16, 2005 at 01:34:38PM -0300, Fernando Braga wrote: > I'm facing an unusual problem with routing. I can access an internal > server (with real IP) thru an OpenBSD gateway (gwA). Everything works > when connection is initiated from the Internet. But gwB can't make its > way back to the Internet. > > Every attempt to access any host on the Internet gets to gwA > int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA > external address 1.2.3.2. I assume gwA and gwB can ping each other on the internal interface, at least. > gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless). > gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal). > > +---+ +-+ > | gwB |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >> > +---+ +-+ > > gwB's > - > gwB:24$ cat /etc/hostname.sis0 >inet 10.10.10.250 > 255.255.255.0 NONE > inet alias 1.2.3.65 255.255.255.192 NONE > gwB:25$ Okay, should work. I assume you've set gwA as default gateway? > gwA's > - > gwA:511$ cat /etc/hostname.xl0 > inet 10.10.10.254 255.255.255.0 NONE > !/sbin/route add -net 1.2.3.64/26 10.10.10.250 Okay, should work, too. Wireless is a bitch, but I suppose everything works, where the hardware is concerned. > gwA:512$ cat /etc/hostname.sis0 > inet 1.2.3.2 255.255.255.192 NONE > gwA:513$ Are you certain that gwA->sis0 should have that netmask? If it is indeed internet-connected, it probably shouldn't. > gwA:514$ sysctl -a net.inet.ip.forwarding > net.inet.ip.forwarding=1 > > Has anyone a clue ? Nothing definitive, but (unless the above solves it) I'd like to see the routing tables. I'm not entirely certain where the default route goes, in particular. Joachim
Re: Flame bait - recommendations for web devlopment language?
[fixed quoting] At 02:42 PM 12/16/2005 +0100, Joachim wrote: > > However, in my particular case, it's not like I am the only one who does > > some work on the website, and I'll not be around forever either (it's > > volunteer work, basically). Using straight PHP is technically inferior, > > but is much more likely to actually be used by the next guy. Not to > > mention that just spitting out a page is a lot easier than dealing with > > caching stuff and the like. > > PMFJI, but PHP runs just fine chroot'd (at least the apps we use and have > done). Granted, there are some specific issues with some versions, but > aren't most of the issues linked to NOT running chroot'd? Yes, PHP works just fine chrooted. But I dislike having to upgrade it every week, and FastCGI is pretty funny. Especially since it allows me to interface with all sorts of nice, other stuff. (There's even a C library, so the speed is hard to beat.) Joachim
Re: Odd routing problem ?
traceroute is your friend. I'm sure you've tried it, just didn't post the results? On 12/16/05, Fernando Braga <[EMAIL PROTECTED]> wrote: > Hi, > > I'm facing an unusual problem with routing. I can access an internal > server (with real IP) thru an OpenBSD gateway (gwA). Everything works > when connection is initiated from the Internet. But gwB can't make its > way back to the Internet. > > Every attempt to access any host on the Internet gets to gwA > int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA > external address 1.2.3.2. > > It makes no difference whether pf is enabled or not and, yes, > net.inet.ip.forward is enabled. > > They're connected thru wireless bridges. I'll try to represent the > network below: > > gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless). > gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal). > > +---+ +-+ > | gwB |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >> > +---+ +-+ > > gwB's > - > gwB:24$ cat /etc/hostname.sis0 >inet 10.10.10.250 > 255.255.255.0 NONE > inet alias 1.2.3.65 255.255.255.192 NONE > gwB:25$ > > gwA's > - > gwA:511$ cat /etc/hostname.xl0 > inet 10.10.10.254 255.255.255.0 NONE > !/sbin/route add -net 1.2.3.64/26 10.10.10.250 > gwA:512$ cat /etc/hostname.sis0 > inet 1.2.3.2 255.255.255.192 NONE > gwA:513$ > > gwA:514$ sysctl -a net.inet.ip.forwarding > net.inet.ip.forwarding=1 > > Has anyone a clue ? > > TIA, > > -- > Fernando M. Braga
Re: Flame bait - recommendations for web devlopment language?
On Fri, Dec 16, 2005 at 02:42:47PM +0100, Pierre-Yves Ritschard wrote: > > Yes, FastCGI looks really cool. > > > > However, in my particular case, it's not like I am the only one who does > > some work on the website, and I'll not be around forever either (it's > > volunteer work, basically). Using straight PHP is technically inferior, > > but is much more likely to actually be used by the next guy. Not to > > mention that just spitting out a page is a lot easier than dealing with > > caching stuff and the like. > > Well php can be used as a fastcgi server actually. Yes, but - and I must admit to being a little out of my depth, or better my research, here - I was under the impression that running them on a 'normal' server required tweaking the source code quite a bit. (Or vice versa, of course). > > Is there a specific language, though, that you could recommend, because > > that's what we started out talking about? > > I think depending on your knowledge and needs perl, python and ruby may > be eligible do to the job. > > If you plan on spitting out html directly from your code, I'd say use > whichever you're most familiar with. > If you need something more complex, then have a look at the maypole, > catalyst, cherrypy and ruby on rails projects. Damn you! I was busy enough without that lot of leads to investigate! Oh well, one step at a time I guess. > The key element while trying to decide on a web technology is not to > choose the hype technology of the day but evaluate each solution. If it were up to me, most of the website would be based on Makefiles. There is *some* stuff that should give immediate response, like a forum, but we could drop pretty much all dynamic content scripts in favour of Makefiles. Or something fancy, like wml (www.thewml.org). Not gonna happen, though... I don't think people will be too happy with a web development framework that does not run on Windows. Joachim
Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior
tony sarendal [EMAIL PROTECTED] wrote: > > Most nice switches can tag all vlans on a trunk. OpenBSD is doing the right > thing. > Sure, once you set the "native vlan" to something other than vlan 1. Most switches have a "native vlan" concept which really just means untagged.
Odd routing problem ?
Hi, I'm facing an unusual problem with routing. I can access an internal server (with real IP) thru an OpenBSD gateway (gwA). Everything works when connection is initiated from the Internet. But gwB can't make its way back to the Internet. Every attempt to access any host on the Internet gets to gwA int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA external address 1.2.3.2. It makes no difference whether pf is enabled or not and, yes, net.inet.ip.forward is enabled. They're connected thru wireless bridges. I'll try to represent the network below: gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless). gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal). +---+ +-+ | gwB |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >> +---+ +-+ gwB's - gwB:24$ cat /etc/hostname.sis0 inet 10.10.10.250 255.255.255.0 NONE inet alias 1.2.3.65 255.255.255.192 NONE gwB:25$ gwA's - gwA:511$ cat /etc/hostname.xl0 inet 10.10.10.254 255.255.255.0 NONE !/sbin/route add -net 1.2.3.64/26 10.10.10.250 gwA:512$ cat /etc/hostname.sis0 inet 1.2.3.2 255.255.255.192 NONE gwA:513$ gwA:514$ sysctl -a net.inet.ip.forwarding net.inet.ip.forwarding=1 Has anyone a clue ? TIA, -- Fernando M. Braga
Re: Flame bait - recommendations for web devlopment language?
At 02:42 PM 12/16/2005 +0100, you wrote: > However, in my particular case, it's not like I am the only one who does > some work on the website, and I'll not be around forever either (it's > volunteer work, basically). Using straight PHP is technically inferior, > but is much more likely to actually be used by the next guy. Not to > mention that just spitting out a page is a lot easier than dealing with > caching stuff and the like. PMFJI, but PHP runs just fine chroot'd (at least the apps we use and have done). Granted, there are some specific issues with some versions, but aren't most of the issues linked to NOT running chroot'd? Lee
Re: Flame bait - recommendations for web devlopment language?
> Yes, FastCGI looks really cool. > > However, in my particular case, it's not like I am the only one who does > some work on the website, and I'll not be around forever either (it's > volunteer work, basically). Using straight PHP is technically inferior, > but is much more likely to actually be used by the next guy. Not to > mention that just spitting out a page is a lot easier than dealing with > caching stuff and the like. Well php can be used as a fastcgi server actually. > Is there a specific language, though, that you could recommend, because > that's what we started out talking about? I think depending on your knowledge and needs perl, python and ruby may be eligible do to the job. If you plan on spitting out html directly from your code, I'd say use whichever you're most familiar with. If you need something more complex, then have a look at the maypole, catalyst, cherrypy and ruby on rails projects. The key element while trying to decide on a web technology is not to choose the hype technology of the day but evaluate each solution.
Re: dd performance
On Fri, Dec 16, 2005 at 12:13:00AM +0100, Hannah Schroeter wrote: > Hello! > > On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote: > >I think the very first thing you should change is use the raw device > >in OpenBSD (/dev/rsd0c) and that should speed things up a bit. > > You're right. And high enough block size (though 1024k should be okay). > I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k well. blocks above 64k barely make any difference on relatively fast modern machines. cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior
> Vlan 1 is meaningless. Most vendors use vlan 1 to refer to _untagged_ > traffic. However, when you create a vlan interface with OpenBSD, it is > always tagged, even if the id happens to be 1. Your switches will never > generate traffic with a tag of 1. Most nice switches can tag all vlans on a trunk. OpenBSD is doing the right thing. /Tony
disklabel and ext3 partitions on amd64
I'm currently running OpenBSD/i386 3.8 on an AMD64 machine and just went to install the latest AMD64 snapshot. The hard drive I'm installing to has a number of ext3 partitions contained in an extended partition. When I installed OpenBSD/i386 3.8 on this machine I issued the D command during the disklabel stage to start with a clean label and although all the BSD partitions were removed, all the ext3 partitions remained. When I tried the same with the amd64 snapshot, the ext3 partitions were not kept and the only thing remaining was the c partition. Obviously I didn't want to go ahead with the installation for fear of data loss so I would just like to know if this is normal, whether it's a change in behaviour between 3.8 and the snapshot or if it's an i386/amd64 thing. If it makes any difference, the label I reset when installing 3.8 was left over from a FreeBSD install. I've had a look through the latest disklabel man page and it says: Note that when a disk has no real BSD disklabel, the kernel creates a de- fault label so that the disk can be used. This default label will in- clude other partitions found on the disk if they are supported on your architecture. For example, on systems that support fdisk(8) partitions the default label will also include DOS and Linux partitions. I'm assuming this behaviour also applies to the D command, in which case does this mean that ext2/3 isn't supported on AMD64 machines? If I proceed with the install, will the ext3 partitions still be there afterwards (even if OpenBSD can't see them)? Thanks. Simon
Re: x509 keys & isakmpd in OBSD 3.8
>>> On 16 December 2005 at 10:55:53, in message <[EMAIL PROTECTED]>, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote: > Hi, > > On Fri, Dec 16, 2005 at 09:48:06AM +, Gordon Ross wrote: >> I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD >> 3.8 boxes. >> >> To start with, I followed the instructions at >> http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN >> using pre-shared secrets. This works fine. > > well, I'd say vpn(8) is a good starting point... I discovered that later on. I'm not used to man pages containing HOWTOs.. >> Then I create CSR/KEYs for the peers & get the CSR signed by the CA to >> give me a cert. This, in theory, I understand. However: >> >> 1) The man page for isakmpd says "The CSRs are signed with a >> pre-generated private key. By default, the system startup script rc(8) >> generates a key-pair when starting..." Why ? Why are the peer CSRs >> signed with the pre-generated private key ? I would have thought that >> getting the CA to sign them would be OK. After all, if all the peers >> trust the CA, then any certificate signed by the CA should be trusted. >> What's wrong with my logic ? > > mh, "signed" might a bit unclear. The pre-generated private key > is "bound" to the CSR, ie. this is the private key to be used with > the resulting x509 certificate. I think penny is starting to drop. Few more coffees and it might make some sense.. GTG
Re: Flame bait - recommendations for web devlopment language?
On Fri, Dec 16, 2005 at 09:36:31AM +0100, [EMAIL PROTECTED] wrote: > > (It also looks like there's no mod_python in the source tree; I don't > > know why, but I never really used python so that's not surprising, but > > it might be an argument against python. There is a mod_perl, mod_ruby, > > and it might be supported via another port - but I don't see it in > > python. And the mod_*s are quite a bit faster than CGIs.) > > > > As an off-the-wall remark, FastCGI looks really nice, too. I'll try it > > sometime soon. > > Having no mod_python is really no problem, see > http://www.openbsd.org/cgi-bin/cvsweb/ports/www/py-jonpy/ for an > alternative, basically everything you do with mod_* can (and often should) > be done with fastcgi. > > The main advantage is security, because with fastcgi you can: > > Run apache or another fastcgi compliant (i'm thinking lighttpd here) > webserver chrooted. > > Run your 'dynamic/data-driven/mvc/whatever' web application chrooted > elsewhere and as a different user. > > Only share a socket either AF_UNIX or AF_INET between the two servers. > > A break in the www servers is still totally unlikely, If the web > application is exploitable it will yield access to an unprivileged user in > the web application's chroot. > > Another advantage with this approach is that some webservers (still > thinking lighttpd) support fastcgi load-balancing, so you can run your web > app on many machines. Yes, FastCGI looks really cool. However, in my particular case, it's not like I am the only one who does some work on the website, and I'll not be around forever either (it's volunteer work, basically). Using straight PHP is technically inferior, but is much more likely to actually be used by the next guy. Not to mention that just spitting out a page is a lot easier than dealing with caching stuff and the like. Hmm, once all the servers are up and running I'll have to do some mucking around. And try to convince everyone to use FastCGI - or just start doing it, I'm pretty much the only one doing scripting anyway. Is there a specific language, though, that you could recommend, because that's what we started out talking about? Joachim
Re: x509 keys & isakmpd in OBSD 3.8
Hi, On Fri, Dec 16, 2005 at 09:48:06AM +, Gordon Ross wrote: > I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD > 3.8 boxes. > > To start with, I followed the instructions at > http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN > using pre-shared secrets. This works fine. well, I'd say vpn(8) is a good starting point... > Then I create CSR/KEYs for the peers & get the CSR signed by the CA to > give me a cert. This, in theory, I understand. However: > > 1) The man page for isakmpd says "The CSRs are signed with a > pre-generated private key. By default, the system startup script rc(8) > generates a key-pair when starting..." Why ? Why are the peer CSRs > signed with the pre-generated private key ? I would have thought that > getting the CA to sign them would be OK. After all, if all the peers > trust the CA, then any certificate signed by the CA should be trusted. > What's wrong with my logic ? mh, "signed" might a bit unclear. The pre-generated private key is "bound" to the CSR, ie. this is the private key to be used with the resulting x509 certificate. > 2) Just to confirm... (Assume I have peer1 & peer2) I create a cert for > peer1 and put it in /etc/isakmpd/certs/ on peer1. There is no need to > copy it to peer2 (because the cert is signed by the CA, and the CA is > trusted by both peers) Correct ? yes.
Re: Trying to understand iostat output
On Wed, Dec 14, 2005 at 06:33:00PM +0100, Markus Wernig wrote: > Joachim Schipper wrote: > > > There was a lengthy thread about ccd mirroring here. Search the > > archives, and check whether it's worth the risk of ccd 'eating your > > data' first. (If not, go with RAID-1.) > > Hi > > Yes, I followed the thread, but to my understanding it was not > conclusive that ccd would be such a great risk - there were at least two > diverging opinions. > > I tried mounting the device with softdep, which yielded 7 MB/s write > throughput - better, but not overwhelming. > > That said, I then tried to simulate a crash (hit power putton on idle > box, no obvious write activity going on on the device) - and the > filesystem came back with unrecoverable errors. I will try to > investigate this further and determine if it was just bad fs luck or the > underlying ccd device. > > Anyway, I wanted to avoid building a custom kernel, so I might just > rsync the two disks from cron. I agree that the ccd mirroring debate ended with at least one participant on each side retaining his first opinion. However, considering one was pretty much a newbie and the other the RAIDFrame maintainer, I know who *I* believe. Never mind that I'd pretty much figured out that ccd mirroring has the problems he mentioned on my own, some time earlier when setting up RAID, and decided not to get burnt. FWIW, RAIDFrame and ccd mirroring are not very good if you want maximal speed, especially write speed. They are also complex. Ccd mirroring is very vulnerable to crashes, and while RAID will deal with them more elegantly, it *will* require quite a bit of time to rewrite parity. For reference, here's what I do... Important documents are in a subversion repository on a RAID-1 /var and /var/mail are on a RAID-1 /, /usr and /home are copied nightly (via the altroot mechanism, expanded to altroot/-usr/-home via /etc/daily.local - see afterboot(8), /etc/daily) Additionally, all of the system but /tmp is backed up nightly, to tape. Joachim
x509 keys & isakmpd in OBSD 3.8
Hi, I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD 3.8 boxes. To start with, I followed the instructions at http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN using pre-shared secrets. This works fine. Now, I want to switch over to x509 keys. Googling for this next step points me in various directions, which ultimately lead me back to http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8 ;-) I create my CA, which gives me a .crt and a .key. The .key I keep very safe, and the .crt I put in /etc/isakmpd/ca/ on all the peers. So far, so good. Then I create CSR/KEYs for the peers & get the CSR signed by the CA to give me a cert. This, in theory, I understand. However: 1) The man page for isakmpd says "The CSRs are signed with a pre-generated private key. By default, the system startup script rc(8) generates a key-pair when starting..." Why ? Why are the peer CSRs signed with the pre-generated private key ? I would have thought that getting the CA to sign them would be OK. After all, if all the peers trust the CA, then any certificate signed by the CA should be trusted. What's wrong with my logic ? 2) Just to confirm... (Assume I have peer1 & peer2) I create a cert for peer1 and put it in /etc/isakmpd/certs/ on peer1. There is no need to copy it to peer2 (because the cert is signed by the CA, and the CA is trusted by both peers) Correct ? Thanks, GTG PS I didn't post a dmesg as I didn't think it was necessary..
Re: Flame bait - recommendations for web devlopment language?
> (It also looks like there's no mod_python in the source tree; I don't > know why, but I never really used python so that's not surprising, but > it might be an argument against python. There is a mod_perl, mod_ruby, > and it might be supported via another port - but I don't see it in > python. And the mod_*s are quite a bit faster than CGIs.) > > As an off-the-wall remark, FastCGI looks really nice, too. I'll try it > sometime soon. Having no mod_python is really no problem, see http://www.openbsd.org/cgi-bin/cvsweb/ports/www/py-jonpy/ for an alternative, basically everything you do with mod_* can (and often should) be done with fastcgi. The main advantage is security, because with fastcgi you can: Run apache or another fastcgi compliant (i'm thinking lighttpd here) webserver chrooted. Run your 'dynamic/data-driven/mvc/whatever' web application chrooted elsewhere and as a different user. Only share a socket either AF_UNIX or AF_INET between the two servers. A break in the www servers is still totally unlikely, If the web application is exploitable it will yield access to an unprivileged user in the web application's chroot. Another advantage with this approach is that some webservers (still thinking lighttpd) support fastcgi load-balancing, so you can run your web app on many machines.
Re: login.conf - chpass - _mysql
On Fri, 16 Dec 2005, Uwe Dippel wrote: > On Thu, 15 Dec 2005 18:07:52 +0100, Otto Moerbeek wrote: > > > Please report exact command lines and error messages. > > chpass _mysql > [change daemon into mysql or _mysql]; :wq > chpass: illegal character in the "class" field > re-edit the password file? [y]: I cannot reproduce this here. _mysql is accepted and processed correctly. > > > Use su(1) to start the command with a given login class. > > like > # su -c _mysql _mysql -c date > This account is currently not available. > ? > > Hey, I don't want to offend anyone in here ! > I only found some 20 occurrences of that additional login class and the > same number of this suggestion. While typing, I asked myself, how the > environment will be picked up, ever. And started to think ... and started > to have doubts. You'll have to give it the right args: # su -m -c staff bin -c "ulimit -a" time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 159744 stack(kbytes)4096 lockedmem(kbytes)157262 memory(kbytes) 471136 nofiles(descriptors) 64 processes128 # su -m -c daemon bin -c "ulimit -a" time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) unlimited data(kbytes) 524288 stack(kbytes)8192 lockedmem(kbytes)157262 memory(kbytes) 471136 nofiles(descriptors) 128 processes532 # > I bet 90% of those people who report success with mysql with this class do > not have it due to this login class, but due to the values of the daemon > class. With which their mysql runs, incidentially. > > # sudo -c _mysql -u _mysql date > Fri Dec 16 09:51:03 SGT 2005 > > This is what I was hinting at in my post, btw. This is the only thing I > got working for a user with nologin. -Otto
Re: OpenNTPD problem
Jakob Fix wrote: > Hello, I'm running the latest portable OpenNTPD on a Debian box, but it's just > not keeping time. When I first start it, just executing ntpd, it sets the > time > correctly, but then starts diverging, after a couple of weeks, like this (this > machine is currently one hour and a half ahead): [snip] Thanks for all the off-list replies. I've found this Debian bug report http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330587 which seems to confirm that it may actually be a problem with Debian (or the kernel). Sorry for the only very peripheral OpenBSD post. -- cheers, Jakob.