Newsletter della 50� settimana 2005

[Borghi Toscani News]

[IMAGE]

[IMAGE]

Borghi Toscani | E - mail | Registrati | Inserisci un locale | Meteo |
News

[IMAGE]

NUOVI
INSERIMENTI

Newsletter della 50B0 settimana 2005

LINK
CONSIGLIATI

PLP guest house

LAST MINUTE IN TOSCANA

OFFERTE SOGGIORNI IN TOSCANA

LAST MINUTE FIRENZE

NEW WEB SITE ABETONE.COM

LE NUOVE WEB CAM DI ABETONE

Abetone.com

Web cam Abetone

Offerte Last minute Abetone

Web Cam Abetone

News, eventi e manifestazioni in Toscana questa settimana

Data

Evento

Tipologia

14/12/2005

Torino 2006 La fiamma olimpica a Firenze

(Concerti)

14/12/2005

Crinali: Teatro canzone PORRETTA TERME

(Concerti)

14/12/2005

Idee, modelli, invezioni FIRENZE

(Mostre)

15/12/2005

Impruneta Natale

(Sagre e Fiere)

16/12/2005

Passaggio della Fiamma Olimpica ABETONE

(Feste Paesane)

16/12/2005

Mercatino dell'avvento ABETONE

(Mercatini)

16/12/2005

Misura per Misura PESCIA

(Teatro)

17/12/2005

Auser filo d' Argento PESCIA

(Feste Paesane)

17/12/2005

Bagni a natale BAGNI DI LUCCA

(Mercatini)

17/12/2005

Silvana Lapi - Opere dal 1975 al 2005 PORRETTA TERME

(Mostre)

18/12/2005

Artingegno COLLE VAL D'ELSA

(Mercatini)

18/12/2005

Mercatini di Natale PALAZZUOLO SUL SENIO

(Mercatini)

18/12/2005

Fiera promozionale portone dei borghi LUCCA

(Sagre e Fiere)

18/12/2005

Fiera promozionale Festa di S. Lucia TAVARNELLE V.P.

(Sagre e Fiere)

19/12/2005

Idee, modelli, invenzioni FIRENZE

(Mostre)

20/12/2005

Mercatino medievale di Natale MONTERIGGIONI

(Mercatini)

20/12/2005

Donna Donne FIRENZE

(Mostre)

20/12/2005

Fiera SCANSANO

(Sagre e Fiere)

21/12/2005

Natale a Monteriggioni

(Mostre)

22/12/2005

LbAngelo di Gesso PESCIA

(Teatro)

23/12/2005

Mercatino dell'avvento ABETONE

(Mercatini)

23/12/2005

Cbera una volta il Cantaestate PESCIA

(Teatro)

escursioni toscana

PITTI IMMAGINE UOMO N. 69

Settembre lucchese11 - 14 gennaio 2006
Firenze, Fortezza da Basso
Organizzata da Pitti Immagine, promossa dal Centro di Firenze per la Moda
Italiana.

Pitti Immagine Uomo C( la manifestazione che come ogni anno

Pitti immagine uomo n. 69

Raccolta delle informazioni e Registrazione ai servizi
Piramedia srl, in qualitC  di titolare del trattamento, Ti informa che i
dati personali che ci avrai fornito, volontariamente o automaticamente
attraverso i nostri portali, saranno trattati, con il tuo consenso allo
scopo di trasmetterti i servizi da te richiesti. In particolare ti
verranno inviate tramite posta elettronica o sms, informative o offerte a
carattere commerciale o pubblicitario, inerenti al Turismo. Ti verranno
inviate inoltre comunicazioni circa modifiche, miglioramenti, o
cambiamenti dei servizi da noi proposti. In coda ad ognuno di questi
messaggi sarC  sempre presente il modo perchC) tu possa rimuovere i tuoi
dati dal nostro archivio.
Piramedia srl, non raccoglierC  in nessun modo dati ritenuti sensibili e
si impegna a non utilizzare i tuoi dati, o cederli a terzi, per finalitC 
che siano diverse da quelle qui sopra elencate.
Formula di acquisizione del consenso dell'interessato.
Il/la sottoscritto/a, acquisite le informazioni fornite dal titolare del
trattamento ai sensi dell'articolo 13 del D.Lgs. 196/2003, l'interessato:
- presta il suo consenso al trattamento dei dati personali per i fini
indicati nella suddetta informativa.
- presta il suo consenso per la comunicazione dei dati personali per le
finalitC  ed ai soggetti indicati nell'informativa.
- presta il suo consenso per la diffusione dei dati personali per le
finalitC  e nell'ambito indicato nell'informativa.

DISDETTA
Se non vuoi piC9 ricevere l'edizione gratuita di "BorghiToscani.com"
clicca su questo link: disdetta

Vecoli

Cottage Vecoli

Tenuta il Cicalino

Tenuta il Cicalino

Centro Velico Naregno

Centro Velico Naregno

Tirrenia Ferries

Tirrenia
Ferries

Hotel Le Acacie

Hotel Le Acacie

Hotel Tornese

Hotel
Tornese

Rooms with a view

Althea rooms

Park Hotel

Argentario Camping

Il Gabbiano

Le Cannelle

Argentario Osa

Talamone Camping

Hotel Telamonio

Hotel Capo Duomo

Pian dei Pini

La Valentina

Cavalleggeri

Hotel L'Etrusco

Le Colombe

Borgo Dolciano

Locanda dei Guelfi

Villino Il Magnifico

Villa Elea

Fontecastello

Hotel Massimo

Hotel Alex

A casa di Dante

B&B Gilda

Podere Giarlinga

Fonte del Cieco

Ninna Nanna

Campo di Carlo

Hotel La Pergola

Podere Saliciaia

Hotel Galli

Villa Conti

Albergo La Scogliera

Valle Santa Maria

Hotel Fontalleccio

Hotel Il Ponte

Casa del Golfo

Il Viottolo

Hotel Riva del Sole

Hotel Montecristo

Villa Cristina

Ideamare

Agriturismo Rebua

Enoteca Il Salotto

Villa Volpi

1999 - 2005 - Copyright and Project by Piramedia srl - Tutti I Diritti
Riservati -Privacy

[IMAGE]

Re: Problems with 4 port ethernet cards

[Daniel Ouellet]

Jeff Simmons wrote:
I'm having some interesting problems with a Pentium 4 server and 4 port 
ethernet cards. The server has 2 Intel Pro 1000 ethernets on board, and an 
Intel Pro 1000 4 port card installed. The problem is that it runs fine for 
from a day to a week or so, and then the ports on the 4 port card just stop 
working. Only thing I've found in the logs anywhere is a series of messages:


Well, one thing that was talked about in the archive a lots is the high 
level of interrupts on these cards. I am not saying it's your problem, 
but all so far have express success by simply using the bsd.mp even on a 
single processor server.


So, I would try that first and see the results.

Just a thought.

Daniel

Problems with 4 port ethernet cards

[Jeff Simmons]

I'm having some interesting problems with a Pentium 4 server and 4 port 
ethernet cards. The server has 2 Intel Pro 1000 ethernets on board, and an 
Intel Pro 1000 4 port card installed. The problem is that it runs fine for 
from a day to a week or so, and then the ports on the 4 port card just stop 
working. Only thing I've found in the logs anywhere is a series of messages:

Dec  6 21:33:04 fw2 /bsd: em2: watchdog timeout -- resetting

when the ethernets die.

I tried swapping the Pro 1000 4 port with an Adaptec Quartet64 ANA-62044 and 
had the same problem, but the Quartet died in hours instead of days.

Any ideas, suggestions, known hardware problems, etc. would be appreciated.

dmesg:

OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,CNXT-ID
real mem  = 536387584 (523816K)
avail mem = 482533376 (471224K)
using 4278 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @ 0xf0010
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries)
pcibios0: no compatible PCI ICU found: ICU vendor 0x8086 product 0x25a1
pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
ppb0 at pci0 dev 3 function 0 "Intel 82875P PCI-CSA" rev 0x02
pci1 at ppb0 bus 1
em0 at pci1 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00: irq 10, 
address: 00:c
0:9f:40:97:4d
ppb1 at pci0 dev 28 function 0 "Intel 6300ESB PCIX" rev 0x02
pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 "IBM PCIX-PCIX" rev 0x02
pci3 at ppb2 bus 3
em1 at pci3 dev 4 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, 
address: 00
:04:23:b1:53:30
em2 at pci3 dev 4 function 1 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, 
address: 00
:04:23:b1:53:31
em3 at pci3 dev 6 function 0 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, 
address: 00
:04:23:b1:53:32
em4 at pci3 dev 6 function 1 "Intel PRO/1000MT QP (82546EB)" rev 0x01: irq 9, 
address: 00
:04:23:b1:53:33
ppb3 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0x0a
pci4 at ppb3 bus 4
em5 at pci4 dev 2 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00: irq 11, 
address: 00:c
0:9f:40:97:4e
vga1 at pci4 dev 14 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 6300ESB LPC" rev 0x02
pciide0 at pci0 dev 31 function 2 "Intel 6300ESB SATA" rev 0x02: DMA, channel 
0 configure
d to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd1 at pciide0 channel 1 drive 1: 
wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 5
"Intel 6300ESB SMBus" rev 0x02 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
sysbeep0 at pcppi0
npx0 at isa0 port 0xf0/16: using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask e1fd netmask effd ttymask 
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
wd1: no disk label
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

-- 
Jeff Simmons   [EMAIL PROTECTED]
Simmons Consulting - Network Engineering, Administration, Security

"(Discussing our first contact with aliens) is a bit like iguanas on the
Galapagos Islands sitting around trying to figure out how to treat the
first human visitors.  Should we offer them dead flies, or live flies?
Shall we line up the flies in a row?  How shall we defend ourselves?
All of that is irrelevant."
-- Seth Shostak, astronomer with the SETI project

Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance

[NetNeanderthal]

On 12/16/05, Joe S <[EMAIL PROTECTED]> wrote:
> I've had the same problem for years. :)
> Finally tossed the box. I'm going to regret that move if a solution is
> found. :(
Yes, the solution (read: hack) works and I've verified it with with a
few other people and several units of my own.  Throughput using
OpenBSD is surprisingly good, I was able to achieve ~48mbit/s of
packet-passing throughput (@1500byte packets) from one fxp interface
to another with PF/NAT.  I was able to scp ~18-20mbit/s to the unit as
well, openssl speed tests weren't wonderful but weren't shabby for the
hardware it resides on:

# openssl speed -evp aes-128-cbc
Doing aes-128-cbc for 3s on 16 size blocks: 1142781 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 64 size blocks: 390725 aes-128-cbc's in 3.01s
Doing aes-128-cbc for 3s on 256 size blocks: 101947 aes-128-cbc's in 3.00s
Doing aes-128-cbc for 3s on 1024 size blocks: 25829 aes-128-cbc's in 2.99s
Doing aes-128-cbc for 3s on 8192 size blocks: 3135 aes-128-cbc's in 3.00s
OpenSSL 0.9.7g 11 Apr 2005
options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long)
aes(partial) blowfish(idx)
available timing options: USE_TOD HZ=100 [sysconf value]
timing function used: getrusage
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes256 bytes   1024 bytes   8192 bytes
aes-128-cbc   6079.00k 8313.82k 8699.48k 8839.32k 8560.64k

> BTW, FreeBSD or Linux(yuck) worked ok, as in, it booted fine.
They all boot and run fine.  I independently confirmed NetBSD 3.0RC6
and FreeBSD 6.0 as well.

Re: finding duplicate files

[Tobias Weingartner]

On Friday, December 16, Smith wrote:
> 
> Is there any unix utility or script or OpenBSD port that will find 
> duplicate binary files within a directory?

md5(1) and sort(1) should largely do what you want.

--Toby.

finding duplicate files

[Smith]

Is there any unix utility or script or OpenBSD port that will find 
duplicate binary files within a directory?

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Nick Holland]

Randal L. Schwartz wrote:
>> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:
> 
>>> I'm upgrading a remote box, so a "standard upgrade" is not an option,
>>> nor is a reinstall.  There was no warning in the FAQ that the
>>> information was definitely broken.  It must have worked for *someone*
>>> or it wouldn't have been put in the FAQ, I presume.
> 
> Theo> Oh, but you don't understand.
> 
> Actually, I do. 

No, you do not.

You worked hard to ignore the instructions on how to do EXACTLY THIS.
It tells you EXACTLY how to do a remote upgrade.

http://www.openbsd.org/faq/upgrade38.html


NEVER try to upgrade entire versions from source.

You got to upgrade-old.html by ignorning the line that says:
"If you wish to update to 3.8-release or 3.8-stable from previous
versions, see the upgrade guide."

You ignored the line that says:
"This is provided as a historical record -- it should NOT be used as a
upgrade procedure guide."

You ignored the line that says:
"You should ALWAYS use a snapshot as the starting point for running
-current. Upgrading by compiling your own source code is not supported."

You ignored the line that says:
"The first step in building from source is to make sure you have the
closest available binary installed."
and many other warnings in faq5.html about not trying to do what you are
doing.


And now you want to tell us how to do it. heh.
We have no reason to help people who want to do things the hard way.  We
provide a much easier way to do it.

Nick.

Re: Alpha Disklabel Question

[Nick Holland]

Jason McIntyre wrote:
> On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote:
>> 
>> (2) When doing the installation disklabel, the "suggested" starting
>> offset for the 'a' partition is 0? I know using an offset of 0 is
>> discouraged on i386 and other systems (default is 63), so I figured I'd
>> ask if using a 0 offset is the "best/correct" way for alpha?
>> 
> 
> i'm going to let nick answer this (you're reading, right nick? ;)
> *i* don't know, but i'd like to know the answer.

what made you guess? :)

> faq 14.10 says, at one point: "Notice that the offset starts at 63. This
> is what you want."

*CHOKE*
don't say things to me like that when I'm eating!

> i'm trying to find where we document *why* 63 is "what you want" and if
> it's MI.

oh.
my.
gawd.

That is so wrong.

Disklabel offsets are very much machine dependent.

On i386, that statement is STILL wrong, though you will be digging up
either some unusual historic hardware or some really unusual devices for
there to be an issue.  Still, that's just wrong.

On i386, it is NOT "63 sectors", it is "one (logical) track".  On modern
(>500M) hard disks, one logical track is 63 sectors, but that was not
always the case, and I don't think it has to be the case now for "small"
storage devices.

The i386 systems have a "master boot record" (MBR) which occupies the
very first sector on the disk.  Custom is to have OSs starting on track
boundaries, so you leave a one track offset.  On i386, you can't have a
zero sector offset, at least if you want to stay sane in the long run.

Other platforms are different.  Many need no offset, they don't use the
"two layer" partitioning system that IBM AT descended machines use.

This is a section I've been avoiding looking at, because I know it needs
to be improved.  Obviously, I underestimated HOW much it needs to be
improved.

Well, I guess I know how I'll be spending my Friday night...
(once I get the lasagna out of the keyboard)

Nick.

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Bryan Allen]

On Dec 16, 2005, at 6:00 PM, Jason Crawford wrote:

First off, I fail to see how extracting the install sets via ssh can't
be done, as that's mentioned in the FAQ as one upgrade method.


Upgrading via the install sets remotely works absolutely fine. I do  
it every six months on a couple dozen boxes scattered all over the  
place. It takes *maybe* ten minutes, and perhaps another ten to get  
the box's services back up.


If Randall is having issues reading the (very clear) upgrade FAQ, my  
services are available for a nominal fee. ;-)

--
Bryan Allen
[EMAIL PROTECTED]
http://bda.mirrorshades.net
Cyberpunk is dead. Long live cyberpunk.

Re: Alpha Disklabel Question

[Tamas TEVESZ]

On Fri, 16 Dec 2005, J.C. Roberts wrote:

 > Eventually, the boot_osflags in the SRM needs to be set to "a" but the
 > default is "A" -The case would make no difference for some OS's but
 > OpenBSD probably won't like it. ;-)

fwiw i've been doing fine with `A' for ages.

-- 
[-]

mkdir /nonexistent

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Jason Crawford]

On 16 Dec 2005 14:41:38 -0800, Randal L. Schwartz  wrote:
> > "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:
>
> Theo> If you get stuck doing an upgrade build, please do a standard upgrade
> Theo> or reinstall.
>
> Theo> We have never promised that such builds will work perfectly, nor can we
> Theo> dedicate 3-4 developers full-time to making sure they do.  Which is
> Theo> pretty much what it would take.
>
> I understand that.  However, I'm hoping that someone else reading this
> mailing list will have tried the paragraph given in the FAQ, and either
> succeeded with a workaround, or discovered the futility as well.
>
> I'm upgrading a remote box, so a "standard upgrade" is not an option,
> nor is a reinstall.  There was no warning in the FAQ that the
> information was definitely broken.  It must have worked for *someone*
> or it wouldn't have been put in the FAQ, I presume.
>

First off, I fail to see how extracting the install sets via ssh can't
be done, as that's mentioned in the FAQ as one upgrade method. Second,
the source upgrade stuff has worked for people in the past, but they
usually know enough about the system to actually fix something if it
breaks. A source upgrade probably has less of a chance of working as
extracting the install sets via ssh as mentioned in the FAQ, so you're
running a risk either way. My suggestion, get the box shipped back to
you or ship out a new hard drive with the new install on it, and all
the other data copied over. Since OpenBSD is compiled to work on all
i386 boxes, it shouldn't really matter which box you install it on, as
long as you properly set the network config how it should be on the
remote box.

Jason

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Randal L. Schwartz]

> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:

>> As it is, I worked out the problems.  For the record, the workaround is:
>> 
>> 1) remove the obj directory

Theo> Look, if you did not do this, you are an idiot.

However, what I meant was that this was in addition to the "don't do
the make obj step" (which I didn't make clear by its absence), because
that breaks the paths more than they should.  So, the "binaries" need
to end up in the original paths, not the obj paths.

This is contrary to the FAQ, which says to do the "make obj" step.
So, I added a step which cleans up from the "normal" build process.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
 http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior

[tony sarendal]

On 16/12/05, Chris Cappuccio <[EMAIL PROTECTED]> wrote:
>
> tony sarendal [EMAIL PROTECTED] wrote:
> >
> > Most nice switches can tag all vlans on a trunk. OpenBSD is doing the
> right
> > thing.
> >
>
> Sure, once you set the "native vlan" to something other than vlan 1.  Most
> switches have a "native vlan" concept which really just means untagged.
>

Example of config in nice switch:

set dot1q-all-tagged enable

Done, no such rubbish as "native vlan" on my trunks.

/Tony

--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
   -= The scorpion replied,
   "I couldn't help it, it's my nature" =-

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Randal L. Schwartz]

> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:

>> I'm upgrading a remote box, so a "standard upgrade" is not an option,
>> nor is a reinstall.  There was no warning in the FAQ that the
>> information was definitely broken.  It must have worked for *someone*
>> or it wouldn't have been put in the FAQ, I presume.

Theo> Oh, but you don't understand.

Actually, I do.  I've been around the block on open source projects.
I'm surprised you don't recognize that. :)

I was hoping to get *lucky* that someone had this problem already.

As it is, I worked out the problems.  For the record, the workaround is:

1) remove the obj directory
2) issue "cleandir" and the default build, which will fail
3) Edit /usr/src/gnu/lib/libstdc++/include/Makefile to read

GCC_SRCDIR=/usr/src/gnu/usr.bin/gcc/gcc

   instead of the broken relative path it generates

3) reissue the default build, and install

I'm restarting the /usr/src "make build", so I've also edited the
parent Makefile so that it won't try to redescend into libstc++. I hope
that works. :)

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
 http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Theo de Raadt]

Oh give it up.  You are clearly not skilled enough to even compile
code, let alone provide consulting services.

> > "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:
> 
> >> As it is, I worked out the problems.  For the record, the workaround is:
> >> 
> >> 1) remove the obj directory
> 
> Theo> Look, if you did not do this, you are an idiot.
> 
> However, what I meant was that this was in addition to the "don't do
> the make obj step" (which I didn't make clear by its absence), because
> that breaks the paths more than they should.  So, the "binaries" need
> to end up in the original paths, not the obj paths.
> 
> This is contrary to the FAQ, which says to do the "make obj" step.
> So, I added a step which cleans up from the "normal" build process.
> 
> -- 
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
>  http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Theo de Raadt]

> >> I'm upgrading a remote box, so a "standard upgrade" is not an option,
> >> nor is a reinstall.  There was no warning in the FAQ that the
> >> information was definitely broken.  It must have worked for *someone*
> >> or it wouldn't have been put in the FAQ, I presume.
> 
> Theo> Oh, but you don't understand.
> 
> Actually, I do.  I've been around the block on open source projects.
> I'm surprised you don't recognize that. :)

I don't think you understand.  Or you would have fixed your problems
instead of whining.

> As it is, I worked out the problems.  For the record, the workaround is:
> 
> 1) remove the obj directory

Look, if you did not do this, you are an idiot.

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Ted Unangst]

On 16 Dec 2005 14:41:38 -0800, Randal L. Schwartz  wrote:
>
> I'm upgrading a remote box, so a "standard upgrade" is not an option,
> nor is a reinstall.  There was no warning in the FAQ that the
> information was definitely broken.  It must have worked for *someone*
> or it wouldn't have been put in the FAQ, I presume.

what is wrong with tar -C / -zxvpf base38.tgz ?

Re: Alpha Disklabel Question

[J.C. Roberts]

On Fri, 16 Dec 2005 23:36:34 +0100 (CET), Tamas TEVESZ <[EMAIL PROTECTED]>
wrote:

>On Fri, 16 Dec 2005, J.C. Roberts wrote:
>
> > (1) When booting  the cd38.iso with either bsd or bsd.rd you go into UKC
> > rather than directly into the installation. I'm guessing this is normal
> > since I'm sure there might be some things that need doing for some of
> > the more esoteric alpha hardware but it's worth asking to make sure.
>
>you probably have a rogue `-s' in boot_osflags (try `show boot_osflags'
>or even `show boot*' in srm).

Without an OS installed and booting from CD through the SRM the
INSTALL.alpha file suggests/requires overriding the both the SRM boot
file (-fi switch) and the SRM boot flags (-fl switch):

 >>>boot -fi bsd -fl ac dka0

Frightening... I added the "c" to the boot flags as instructed and
didn't even notice it.

Eventually, the boot_osflags in the SRM needs to be set to "a" but the
default is "A" -The case would make no difference for some OS's but
OpenBSD probably won't like it. ;-)

JCR

Re: Alpha Disklabel Question

[J.C. Roberts]

On Fri, 16 Dec 2005 22:14:34 +, Jason McIntyre <[EMAIL PROTECTED]>
wrote:

>On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote:
>> 
>> (2) When doing the installation disklabel, the "suggested" starting
>> offset for the 'a' partition is 0? I know using an offset of 0 is
>> discouraged on i386 and other systems (default is 63), so I figured I'd
>> ask if using a 0 offset is the "best/correct" way for alpha?
>> 
>
>i'm going to let nick answer this (you're reading, right nick? ;)
>*i* don't know, but i'd like to know the answer.
>
>faq 14.10 says, at one point: "Notice that the offset starts at 63. This
>is what you want."
>
>i'm trying to find where we document *why* 63 is "what you want" and if
>it's MI.
>
>jmc

Hi-ya jmc,

It is documented in http://www.openbsd.org/faq/faq4.html

[QUOTE]
It is important that the first partition skips the first track of the
disk, in this case, starting on sector 63. This will vary from machine
to machine and disk system to disk system. If an OpenBSD partition is
created starting at offset 0, this partition table will end up being
overwritten by the OpenBSD partition's Partition Boot Record. The system
may still be bootable, but it will be very difficult to maintain, and
this configuration is not recommended or supported.
[/QUOTE]

The trouble is faq4 is very x86-centric. Though the disks (seagate) and
controllers (qlogic) on *this* particular alpha are also usable on x86,
we're still talking about a vastly different architecture.

On an alpha there may not be a need for a "Partition Boot Record" per se
because it's all handled by the system firmware (the SRM Console). As
long as the disk holds a file system known by the SRM (i.e. CD9660, FAT
or FFS), booting a kernel from a chunk of media is very straight
forward.

JCR

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Theo de Raadt]

> I'm upgrading a remote box, so a "standard upgrade" is not an option,
> nor is a reinstall.  There was no warning in the FAQ that the
> information was definitely broken.  It must have worked for *someone*
> or it wouldn't have been put in the FAQ, I presume.

Oh, but you don't understand.

Yes, it worked for someone at that time.

But how is a person writing this FAQ supposed to write a document that
says how to go from any random point in time, to any random point
further on in the future?

And then test that?

What do you suggest?  Because the only other alternative is to DELETE
the upgrade faq.  Do you understand where we am coming from?

If you expect a perfect document, with such a tight constraint, it is
really totally impossible for anyone to write.

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Randal L. Schwartz]

> "Theo" == Theo de Raadt <[EMAIL PROTECTED]> writes:

Theo> If you get stuck doing an upgrade build, please do a standard upgrade
Theo> or reinstall.

Theo> We have never promised that such builds will work perfectly, nor can we
Theo> dedicate 3-4 developers full-time to making sure they do.  Which is
Theo> pretty much what it would take.

I understand that.  However, I'm hoping that someone else reading this
mailing list will have tried the paragraph given in the FAQ, and either
succeeded with a workaround, or discovered the futility as well.

I'm upgrading a remote box, so a "standard upgrade" is not an option,
nor is a reinstall.  There was no warning in the FAQ that the
information was definitely broken.  It must have worked for *someone*
or it wouldn't have been put in the FAQ, I presume.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
 http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Theo de Raadt]

If you get stuck doing an upgrade build, please do a standard upgrade
or reinstall.

We have never promised that such builds will work perfectly, nor can we
dedicate 3-4 developers full-time to making sure they do.  Which is
pretty much what it would take.

> >From http://openbsd.org/faq/upgrade-old.html
> I see that I need to issue the following:
> 
>  # cd /usr/src/gnu/lib/libstdc++
>  # make -f Makefile.bsd-wrapper cleandir
>  # make -f Makefile.bsd-wrapper obj
>  # make -f Makefile.bsd-wrapper
>  # make -f Makefile.bsd-wrapper install
> 
> I have updated my gcc (3 times now :).  When I get to the next-to-last
> step (before install), my build aborts with:
> 
> c++ -I/usr/src/gnu/lib/libstdc++/../../usr.bin/gcc/gcc 
> -I/usr/src/gnu/lib/libstdc++/../libiberty/include 
> -I/usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8 
> -I/usr/src/gnu/lib/libstdc++/obj/include 
> -I/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++ -O2 -pipe 
> -fno-implicit-templates -Wall -Wno-format -W -Wwrite-strings 
> -fdiagnostics-show-location=once -ffunction-sections -fdata-sections -c 
> /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc  -fPIC -DPIC -o 
> eh_alloc.o
> In file included from /usr/src/gnu/lib/libstdc++/obj/include/cstdlib:49,
>  from 
> /usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc:33:
> 
> /usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8/bits/c++config.h:35:29:
>  bits/os_defines.h: No such file or directory
> *** Error code 1
> 
> Stop in /usr/src/gnu/lib/libstdc++/obj/libsupc++.
> *** Error code 1
> 
> Stop in /usr/src/gnu/lib/libstdc++/obj (line 304 of Makefile).
> *** Error code 1
> 
> Stop in /usr/src/gnu/lib/libstdc++/obj (line 419 of Makefile).
> *** Error code 1
> 
> Stop in /usr/src/gnu/lib/libstdc++ (line 22 of 
> /usr/src/gnu/lib/libstdc++/Makefile.bsd-wrapper).
> 
> Help!  What am I doing wrong?  It's holding up a "cd /usr/src && make build"
> as well.  Do I dare issue "make -k" to get past that?
> 
> -- 
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
>  http://www.stonehenge.com/merlyn/>
> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
> See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: Alpha Disklabel Question

[Tamas TEVESZ]

On Fri, 16 Dec 2005, J.C. Roberts wrote:

 > (1) When booting  the cd38.iso with either bsd or bsd.rd you go into UKC
 > rather than directly into the installation. I'm guessing this is normal
 > since I'm sure there might be some things that need doing for some of
 > the more esoteric alpha hardware but it's worth asking to make sure.

you probably have a rogue `-s' in boot_osflags (try `show boot_osflags'
or even `show boot*' in srm).

-- 
[-]

mkdir /nonexistent

stuck on "upgrading from 3.7 to 3.8 - Exception handling flag day"

[Randal L. Schwartz]

>From http://openbsd.org/faq/upgrade-old.html
I see that I need to issue the following:

 # cd /usr/src/gnu/lib/libstdc++
 # make -f Makefile.bsd-wrapper cleandir
 # make -f Makefile.bsd-wrapper obj
 # make -f Makefile.bsd-wrapper
 # make -f Makefile.bsd-wrapper install

I have updated my gcc (3 times now :).  When I get to the next-to-last
step (before install), my build aborts with:

c++ -I/usr/src/gnu/lib/libstdc++/../../usr.bin/gcc/gcc 
-I/usr/src/gnu/lib/libstdc++/../libiberty/include 
-I/usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8 
-I/usr/src/gnu/lib/libstdc++/obj/include 
-I/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++ -O2 -pipe 
-fno-implicit-templates -Wall -Wno-format -W -Wwrite-strings 
-fdiagnostics-show-location=once -ffunction-sections -fdata-sections -c 
/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc  -fPIC -DPIC -o 
eh_alloc.o
In file included from /usr/src/gnu/lib/libstdc++/obj/include/cstdlib:49,
 from 
/usr/src/gnu/lib/libstdc++/libstdc++/libsupc++/eh_alloc.cc:33:

/usr/src/gnu/lib/libstdc++/obj/include/i386-unknown-openbsd3.8/bits/c++config.h:35:29:
 bits/os_defines.h: No such file or directory
*** Error code 1

Stop in /usr/src/gnu/lib/libstdc++/obj/libsupc++.
*** Error code 1

Stop in /usr/src/gnu/lib/libstdc++/obj (line 304 of Makefile).
*** Error code 1

Stop in /usr/src/gnu/lib/libstdc++/obj (line 419 of Makefile).
*** Error code 1

Stop in /usr/src/gnu/lib/libstdc++ (line 22 of 
/usr/src/gnu/lib/libstdc++/Makefile.bsd-wrapper).

Help!  What am I doing wrong?  It's holding up a "cd /usr/src && make build"
as well.  Do I dare issue "make -k" to get past that?

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
 http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: Alpha Disklabel Question

[Jason McIntyre]

On Fri, Dec 16, 2005 at 01:50:48PM -0800, J.C. Roberts wrote:
> 
> (2) When doing the installation disklabel, the "suggested" starting
> offset for the 'a' partition is 0? I know using an offset of 0 is
> discouraged on i386 and other systems (default is 63), so I figured I'd
> ask if using a 0 offset is the "best/correct" way for alpha?
> 

i'm going to let nick answer this (you're reading, right nick? ;)
*i* don't know, but i'd like to know the answer.

faq 14.10 says, at one point: "Notice that the offset starts at 63. This
is what you want."

i'm trying to find where we document *why* 63 is "what you want" and if
it's MI.

jmc

Alpha Disklabel Question

[J.C. Roberts]

When doing an install of 3.8-RELEASE on an Alpha PSW-433 I noticed two
odd thing:

(1) When booting  the cd38.iso with either bsd or bsd.rd you go into UKC
rather than directly into the installation. I'm guessing this is normal
since I'm sure there might be some things that need doing for some of
the more esoteric alpha hardware but it's worth asking to make sure.

(2) When doing the installation disklabel, the "suggested" starting
offset for the 'a' partition is 0? I know using an offset of 0 is
discouraged on i386 and other systems (default is 63), so I figured I'd
ask if using a 0 offset is the "best/correct" way for alpha?

Thanks,
JCR

Re: Nokia IP330 OpenBSD 3.8 Information and Installation Assistance

[Joe S]

NetNeanderthal wrote:

Hi misc@,

Background
I am yet another Nokia IP330 owner seeking help to put a real
OS/Firewall onto one of these devices.  I have a handful of these at
my disposal, all with AMD K6-2 400MHz CPUs, 1 SDRAM bank with 256MB of
CAS2 PC100 ECC SDRAM (the other is empty), 2xdc NICs, 3xfxp NICs,
Primary IDE, 20GB ATA33 IDE drive, and 2x16550 serial ports.  The 2xdc
NICs are on an independent cPCI card, but the rest is integrated. 
There is also a covered RJ11 port to the right of the third onboard

NIC that seems to be used for modem connectivity, but I question its
functionality on a lower-level.  There is an empty header spot on the
mainboard for floppy controller, which is detected, but no pins
connected to the solder joints (Adding a floppy header looks like a
trivial task for someone with any skill in microelectronics).  USB
(uhci) is detected by FreeBSD, but there are no visually identifiable
headers.  It uses an Award Modular BIOS, v4.51PG whose console is
interfaced via the first serial port using a null-modem cable. (For
archival information, a pure null-modem cable is required to see the
BIOS -- those with incorrect CTS/RTS alignment won't show the BIOS,
but will show an AT and then no output until the OS loads using the
serial port.  As well, a real serial program (!Hyperterminal) that
doesn't send random garbage on device initialization is necessary.)

The Problem
When I load the generic OpenBSD 3.8 (i386) onto the factory 20GB drive
from another i386 machine, specifying the com port as its default
console, the other i386 machine boots perfectly with the correct
output.  When I relocate the drive to the IP330, it cannot detect the
serial port on boot.  As well, when it gets to the boot> prompt and
begins the boot process, it gets to the point where it says 'entry
point at 0x100120' and then halts indefinitely, never loading the
kernel.

Here is the attempt from latest 3.8 Snapshot, The 3.8 from the release
CD produces the same output, regardless of CD or HD boot source.
---8<---
Verifying DMI Pool Data 
Boot from ATAPI CD-ROM :
CD-ROM: 9F
Loading /3.8/I386/CDBOOT
probing: pc0 mem[639K 255M a20=on]
disk: cd0


OpenBSD/i386 CDBOOT 1.04


boot> set tty com0
switching console to com0
com0 console not present
boot> set tty com1
switching console to com1
com1 console not present
boot> machine memory
Region 0: type 1 at 0x0 for 639KB
Region 1: type 1 at 0x9fc00 for 1KB
Region 2: type 2 at 0xf for 64KB
Region 3: type 2 at 0x for 64KB
Region 4: type 1 at 0x10 for 261120KB
Low ram: 639KB  High ram: 261120KB
Total free memory: 261760KB
boot> machine diskinfo
DiskBIOS#   TypeCylsHeads   SecsFlags   Checksum
hd0 0x80*none*  1024255 63  0x4 0x86b8cab0
cd0 0x9flabel   0   0   0   0xa 0x0
boot> boot -c
booting cd0a:/3.8/i386/bsd.rd: 4420484+740300 [52+154608+141206]=0x534480
entry point at 0x100120
---8<---

The 'machine diskinfo' command produces an output that is inconsistent
with BIOS settings for the hard drive, is this normal?  I would think
this not to matter since I can't boot from the CDROM either.

Attempted Resolutions
I have tested the OpenBSD install on the other x86 to ensure that it
detects and uses the serial console as well as proper booting. 
Everything works very well, and as documented.

I have tried to edit the kernel configuration for the serial ports to
match that of the bios, but had the same results.
I have also tried to edit them (address, irq, flags) to match them to
what FreeBSD 6 shows in its dmesg.
I have also tried to set them in the BIOS to match what OpenBSD wants.
I have tested different RAM.
I have tested another drive.
I have tried disabling DMA and forcing PIO modes in the BIOS.
I have tried forcing hard drive C/H/S parameters and auto detection.
I have tried setting the 'PCI IDE IRQ Map to : PCI (AUTO)' in the
PNP/PCI Configuration menu.
I have tested without the cPCI dual-NIC.
I have tried to boot using the drive as a slave instead of master on
the primary (single) IDE channel (and modifying /etc/fstab at the same
time).
I have configured and unconfigured several BIOS options (text screens
provided below)
I have tried using the second serial port for the console.
I have tried booting using 'boot -c' (this yields no additional output).
I have tried compiling a custom kernel with more debugging.
I have tried booting from CD using bsd.rd.
I have tried NOT using the serial port for a console.
I have tried reinstalling the boot blocks on the alternate x86
machine. (on that note, I would like to try booting from floppy to
reinstall the boot blocks,

but this operation is currently impossible).

I have installed FreeBSD using the same procedure and it works fine,
detecting both serial ports, using the first as its console. (dmesg
provided below)

serial clip from dmesg, note the flags 0x10 (also attempted in kernel
config in openbsd with no results)
---8<---
sio0 at port 0x3f8

Re: ettercap

[Ricardo Lucas]

Oh man, you did just what I did? And it's work fine?

2005/12/16, Mikolaj Kucharski <[EMAIL PROTECTED]>:
>
> On Wed, Dec 14, 2005 at 06:05:09PM -0200, Ricardo Lucas wrote:
> > That's what I did: (...)
>
> I think that you do something wrong. I have OpenBSD 3.8-stable, and
> recompiled ettercap with -r1.14 patch-configure a minute ago and
> ettercap doesn't crash at startup.
>
> --
> best regards
> q#
>



--
Abragos
Ricardo Lucas

We have to stop been egoist and think more on ourselves.

Re: possible rtl8185 in the wild?

[Jamie Gavahan]

On 12/15/05, Han Boetes <[EMAIL PROTECTED]> wrote:
> Benjamin A. Collins wrote:
> > I just found this:
> >
> > http://linux-networking.news-view.co.uk/topic-24897.html
> >
> > Can anyone confirm whether the CompUSA cards have the chipset in
> > them?
>
> NIC manifacturers have found a new interesting game: Producing
> cards with the same name or serialnumber with varying chipsets.
> can think of only one company benefitting from this...
>
> Anyway, the only way to be sure about the chipset on a NIC is to
> look at the card itself or to see the dmesg.
>
>
>
> # Han
>
>

I can confirm that both the Pc Card and the PCI wireless cards from
CompUSA use the rtl8158 chipset

Barclays Bank Account Information

[Barclays Bank]

[IMAGE]

Important Notice: December 16, 2005

Dear Sir/Madam,

Barclays Bank PLC. always looks forward for the high security of our
clients. Some customers have been receiving an email claiming to be from
Barclays advising them to follow a link to what appear to be a Barclays
web site, where they are prompted to enter their personal Online Banking
details. Barclays is in no way involved with this email and the web site
does not belong to us.

Barclays is proud to announce about their new updated secure system. We
updated our new SSL servers to give our customers a better, fast and
secure online banking service.

Due to the recent update of the servers, you are requested to please
update your account info at the following link.

http://www.barclays.co.uk/cgi-bin/accountupdate/1,00,102.html

J. S. Smith
Security Advisor
Barclays Bank PLC.



Please do not reply to this e-mail. Mail sent to this address cannot be
answered.
For assistance, log in to your Barclays Online Bank account and choose
the "Help" link on any page.

Barclays Email ID # 1009

Re: dd performance: "solved"

[chefren]

Hannah, Jason and others,

Thanks for the replies. The answer was quite different and nobody came 
with the interesting solution the tester found here:


On 12/16/05 00:13, Hannah Schroeter wrote:

On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote:


I think the very first thing you should change is use the raw device
in OpenBSD (/dev/rsd0c) and that should speed things up a bit.


You're right. And high enough block size (though 1024k should be okay).
I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k

chefren, how's the measurement on OpenBSD 3.8 with this change?


About the same! Please read this small report with the "solution":

= =
Dell 1650, RAM size 256MB.

The controller is Adaptec AIC-7899 U160  (driver ahc)
The disk is Seagate ST336607LC

Test times of a few minutes to minimize effects of caching.

OpenBSD:
dd if=/dev/zero of=/dev/sd0c bs=1024k
   6 MB/sec

dd if=/dev/zero of=/dev/rsd0c bs=1024k
   15 MB/sec

mount /dev/sd0a /mnt
dd if=/dev/zero of=/mnt/foo bs=1024k
   54 MB/sec

So, via a normally mounted filesystem, OpenBSD has the same 
performance as Linux 'dd /dev/sda'.


= =

I'm pretty impressed the tester found this workaround, the user-mode 
kernel boundary seems the culprit here. Linux doesn't need this "hack" 
I don't know if this is fixable for OpenBSD. (Mickey?)


But it's quite sure for now, if you want use dd directly to a disk 
with OpenBSD and need serious performance: don't forget to mount it!


+++chefren

Re: BGPD Boot-Time Startup Problem

[Claudio Jeker]

On Thu, Dec 15, 2005 at 07:19:20PM -0500, [EMAIL PROTECTED] wrote:
> The ipv6 newtwork is setup in rc.local:
> 
> #Setup ipv6 routing:
> echo -n 'Setting Up IPv6 to OCCAID Network'
> ifconfig gif0 giftunnel 68.21.68.114 69.72.192.238
> ifconfig gif0 inet6 2001:4830:e2:25::2
> route add -inet6 2001:4830:e2:25::1 -prefixlen 64 2001:4830:e2:25::2
> route add -inet6 default 2001:4830:e2:25::1
> 
>  It could well be that on boot-up this is address is not avaiable yet..and
> I might need to put in a delay (say startup with cron perhaps)...
> 

Why not setting up the gif tunnel with /etc/hostname.gif0 ?
The network setup is done before bgpd starts and so your problem is
solved.

> > On Thu, Dec 15, 2005 at 06:34:04PM -0500, [EMAIL PROTECTED] wrote:
> >> When I try and startup OpenBGP at boot time I get the following error
> >> message:
> >>
> >> Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071):
> >> session_connect bind: Can't assign requested address
> >>
> >
> > You force a local address bgpd has to bind to via the local-address config
> > option. It seems that on bootup the requested address is not yet
> > available. It looks like your IPv6 settup is done after bgpd is started.
> >
> > How do you configure the IPv6 network?
> >
> >> Is there some type of a problem in synchroniziation at boot time wih
> >> remote AS's? Maybe sometime of a delay is needed under certain
> >> circunstances...
> >>
> >
> > It mostly depends on when your local address gets available.
> >
> > --
> > :wq Claudio
> 

-- 
:wq Claudio

Re: Odd routing problem ?

[Joachim Schipper]

(reply inline, sorry)

On Fri, Dec 16, 2005 at 01:34:38PM -0300, Fernando Braga wrote:
> I'm facing an unusual problem with routing. I can access an internal
> server (with real IP) thru an OpenBSD gateway (gwA). Everything works
> when connection is initiated from the Internet. But gwB can't make its
> way back to the Internet.
> 
> Every attempt to access any host on the Internet gets to gwA
> int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA
> external address 1.2.3.2.

I assume gwA and gwB can ping each other on the internal interface, at
least.

> gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless).
> gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal).
> 
> +---+  +-+
> |  gwB  |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >>
> +---+  +-+
> 
> gwB's
> -
> gwB:24$ cat /etc/hostname.sis0
>inet 10.10.10.250
> 255.255.255.0 NONE
> inet alias 1.2.3.65 255.255.255.192 NONE
> gwB:25$

Okay, should work. I assume you've set gwA as default gateway?

> gwA's
> -
> gwA:511$ cat /etc/hostname.xl0
> inet 10.10.10.254 255.255.255.0 NONE
> !/sbin/route add -net 1.2.3.64/26 10.10.10.250

Okay, should work, too. Wireless is a bitch, but I suppose everything
works, where the hardware is concerned.

> gwA:512$ cat /etc/hostname.sis0
> inet 1.2.3.2 255.255.255.192 NONE
> gwA:513$

Are you certain that gwA->sis0 should have that netmask? If it is indeed
internet-connected, it probably shouldn't.

> gwA:514$ sysctl -a net.inet.ip.forwarding
> net.inet.ip.forwarding=1
> 
> Has anyone a clue ?

Nothing definitive, but (unless the above solves it) I'd like to see the
routing tables. I'm not entirely certain where the default route goes,
in particular.

Joachim

Re: Flame bait - recommendations for web devlopment language?

[Joachim Schipper]

[fixed quoting]
At 02:42 PM 12/16/2005 +0100, Joachim wrote:
> > However, in my particular case, it's not like I am the only one who does
> > some work on the website, and I'll not be around forever either (it's
> > volunteer work, basically). Using straight PHP is technically inferior,
> > but is much more likely to actually be used by the next guy. Not to
> > mention that just spitting out a page is a lot easier than dealing with
> > caching stuff and the like.
> 
> PMFJI, but PHP runs just fine chroot'd (at least the apps we use and have 
> done). Granted, there are some specific issues with some versions, but 
> aren't most of the issues linked to NOT running chroot'd?

Yes, PHP works just fine chrooted. But I dislike having to upgrade it
every week, and FastCGI is pretty funny. Especially since it allows me
to interface with all sorts of nice, other stuff. (There's even a C
library, so the speed is hard to beat.)

Joachim

Re: Odd routing problem ?

[Bryan Irvine]

traceroute is your friend.  I'm sure you've tried it, just didn't post
the results?



On 12/16/05, Fernando Braga <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm facing an unusual problem with routing. I can access an internal
> server (with real IP) thru an OpenBSD gateway (gwA). Everything works
> when connection is initiated from the Internet. But gwB can't make its
> way back to the Internet.
>
> Every attempt to access any host on the Internet gets to gwA
> int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA
> external address 1.2.3.2.
>
> It makes no difference whether pf is enabled or not and, yes,
> net.inet.ip.forward is enabled.
>
> They're connected thru wireless bridges. I'll try to represent the
> network below:
>
> gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless).
> gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal).
>
> +---+  +-+
> |  gwB  |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >>
> +---+  +-+
>
> gwB's
> -
> gwB:24$ cat /etc/hostname.sis0
>inet 10.10.10.250
> 255.255.255.0 NONE
> inet alias 1.2.3.65 255.255.255.192 NONE
> gwB:25$
>
> gwA's
> -
> gwA:511$ cat /etc/hostname.xl0
> inet 10.10.10.254 255.255.255.0 NONE
> !/sbin/route add -net 1.2.3.64/26 10.10.10.250
> gwA:512$ cat /etc/hostname.sis0
> inet 1.2.3.2 255.255.255.192 NONE
> gwA:513$
>
> gwA:514$ sysctl -a net.inet.ip.forwarding
> net.inet.ip.forwarding=1
>
> Has anyone a clue ?
>
> TIA,
>
> --
> Fernando M. Braga

Re: Flame bait - recommendations for web devlopment language?

[Joachim Schipper]

On Fri, Dec 16, 2005 at 02:42:47PM +0100, Pierre-Yves Ritschard wrote:
> > Yes, FastCGI looks really cool.
> >
> > However, in my particular case, it's not like I am the only one who does
> > some work on the website, and I'll not be around forever either (it's
> > volunteer work, basically). Using straight PHP is technically inferior,
> > but is much more likely to actually be used by the next guy. Not to
> > mention that just spitting out a page is a lot easier than dealing with
> > caching stuff and the like.
> 
> Well php can be used as a fastcgi server actually.

Yes, but - and I must admit to being a little out of my depth, or better
my research, here - I was under the impression that running them on a
'normal' server required tweaking the source code quite a bit. (Or vice
versa, of course).

> > Is there a specific language, though, that you could recommend, because
> > that's what we started out talking about?
> 
> I think depending on your knowledge and needs perl, python and ruby may
> be eligible do to the job.
> 
> If you plan on spitting out html directly from your code, I'd say use
> whichever you're most familiar with.
> If you need something more complex, then have a look at the maypole,
> catalyst, cherrypy and ruby on rails projects.

Damn you! I was busy enough without that lot of leads to investigate!

Oh well, one step at a time I guess.

> The key element while trying to decide on a web technology is not to
> choose the hype technology of the day but evaluate each solution.

If it were up to me, most of the website would be based on Makefiles.
There is *some* stuff that should give immediate response, like a forum,
but we could drop pretty much all dynamic content scripts in favour of
Makefiles. Or something fancy, like wml (www.thewml.org).

Not gonna happen, though... I don't think people will be too happy with
a web development framework that does not run on Windows.

Joachim

Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior

[Chris Cappuccio]

tony sarendal [EMAIL PROTECTED] wrote:
> 
> Most nice switches can tag all vlans on a trunk. OpenBSD is doing the right
> thing.
> 

Sure, once you set the "native vlan" to something other than vlan 1.  Most
switches have a "native vlan" concept which really just means untagged.

Odd routing problem ?

[Fernando Braga]

Hi,

I'm facing an unusual problem with routing. I can access an internal
server (with real IP) thru an OpenBSD gateway (gwA). Everything works
when connection is initiated from the Internet. But gwB can't make its
way back to the Internet.

Every attempt to access any host on the Internet gets to gwA
int_wireless, but doesn't goes out on ext_if. gwB can't even ping gwA
external address 1.2.3.2.

It makes no difference whether pf is enabled or not and, yes,
net.inet.ip.forward is enabled.

They're connected thru wireless bridges. I'll try to represent the
network below:

gwA has 3 interfaces: sis0 (external), vr0 (internal), and xl0 (int_wireless).
gwB has 2 interfaces: sis0 (ext_wireless), and rl0 (internal).

+---+  +-+
|  gwB  |sis0<< RADIO BRIDGES >>xl0| gwA |sis0-<< INTERNET >>
+---+  +-+

gwB's
-
gwB:24$ cat /etc/hostname.sis0
   inet 10.10.10.250
255.255.255.0 NONE
inet alias 1.2.3.65 255.255.255.192 NONE
gwB:25$

gwA's
-
gwA:511$ cat /etc/hostname.xl0
inet 10.10.10.254 255.255.255.0 NONE
!/sbin/route add -net 1.2.3.64/26 10.10.10.250
gwA:512$ cat /etc/hostname.sis0
inet 1.2.3.2 255.255.255.192 NONE
gwA:513$

gwA:514$ sysctl -a net.inet.ip.forwarding
net.inet.ip.forwarding=1

Has anyone a clue ?

TIA,

--
Fernando M. Braga

Re: Flame bait - recommendations for web devlopment language?

[L. V. Lammert]

At 02:42 PM 12/16/2005 +0100, you wrote:

> However, in my particular case, it's not like I am the only one who does
> some work on the website, and I'll not be around forever either (it's
> volunteer work, basically). Using straight PHP is technically inferior,
> but is much more likely to actually be used by the next guy. Not to
> mention that just spitting out a page is a lot easier than dealing with
> caching stuff and the like.


PMFJI, but PHP runs just fine chroot'd (at least the apps we use and have 
done). Granted, there are some specific issues with some versions, but 
aren't most of the issues linked to NOT running chroot'd?


Lee

Re: Flame bait - recommendations for web devlopment language?

[Pierre-Yves Ritschard]

> Yes, FastCGI looks really cool.
>
> However, in my particular case, it's not like I am the only one who does
> some work on the website, and I'll not be around forever either (it's
> volunteer work, basically). Using straight PHP is technically inferior,
> but is much more likely to actually be used by the next guy. Not to
> mention that just spitting out a page is a lot easier than dealing with
> caching stuff and the like.

Well php can be used as a fastcgi server actually.

> Is there a specific language, though, that you could recommend, because
> that's what we started out talking about?

I think depending on your knowledge and needs perl, python and ruby may
be eligible do to the job.

If you plan on spitting out html directly from your code, I'd say use
whichever you're most familiar with.
If you need something more complex, then have a look at the maypole,
catalyst, cherrypy and ruby on rails projects.

The key element while trying to decide on a web technology is not to
choose the hype technology of the day but evaluate each solution.

Re: dd performance

[mickey]

On Fri, Dec 16, 2005 at 12:13:00AM +0100, Hannah Schroeter wrote:
> Hello!
> 
> On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote:
> >I think the very first thing you should change is use the raw device
> >in OpenBSD (/dev/rsd0c) and that should speed things up a bit.
> 
> You're right. And high enough block size (though 1024k should be okay).
> I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k

well. blocks above 64k barely make any difference
on relatively fast modern machines.

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

Re: vlan(4), native vlan/vlan1, OpenBSD v.s. NetBSD behavior

[tony sarendal]

> Vlan 1 is meaningless.  Most vendors use vlan 1 to refer to _untagged_
> traffic.  However, when you create a vlan interface with OpenBSD, it is
> always tagged, even if the id happens to be 1.  Your switches will never
> generate traffic with a tag of 1.



Most nice switches can tag all vlans on a trunk. OpenBSD is doing the right
thing.

/Tony

disklabel and ext3 partitions on amd64

[Simon Morgan]

I'm currently running OpenBSD/i386 3.8 on an AMD64 machine and just went to
install the latest AMD64 snapshot. The hard drive I'm installing to has a
number of ext3 partitions contained in an extended partition.

When I installed OpenBSD/i386 3.8 on this machine I issued the D command
during the disklabel stage to start with a clean label and although all the
BSD partitions were removed, all the ext3 partitions remained. When I tried
the same with the amd64 snapshot, the ext3 partitions were not kept and the
only thing remaining was the c partition. Obviously I didn't want to go
ahead with the installation for fear of data loss so I would just like to
know if this is normal, whether it's a change in behaviour between 3.8 and
the snapshot or if it's an i386/amd64 thing. If it makes any difference, the
label I reset when installing 3.8 was left over from a FreeBSD install.

I've had a look through the latest disklabel man page and it says:

  Note that when a disk has no real BSD disklabel, the kernel creates a de-
  fault label so that the disk can be used.  This default label will in-
  clude other partitions found on the disk if they are supported on your
  architecture.  For example, on systems that support fdisk(8) partitions
  the default label will also include DOS and Linux partitions.

I'm assuming this behaviour also applies to the D command, in which case
does this mean that ext2/3 isn't supported on AMD64 machines? If I proceed
with the install, will the ext3 partitions still be there afterwards (even
if OpenBSD can't see them)?

Thanks.

Simon

Re: x509 keys & isakmpd in OBSD 3.8

[Gordon Ross]

>>> On 16 December 2005 at 10:55:53, in message
<[EMAIL PROTECTED]>, Hans-Joerg Hoexer
<[EMAIL PROTECTED]> wrote:
> Hi,
> 
> On Fri, Dec 16, 2005 at 09:48:06AM +, Gordon Ross wrote:
>> I'm trying to setup an isakmpd VPN using x509 keys between two
OpenBSD
>> 3.8 boxes.
>> 
>> To start with, I followed the instructions at
>> http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial
VPN
>> using pre-shared secrets. This works fine.
> 
> well, I'd say vpn(8) is a good starting point...

I discovered that later on. I'm not used to man pages containing
HOWTOs..

>> Then I create CSR/KEYs for the peers & get the CSR signed by the CA
to
>> give me a cert. This, in theory, I understand. However:
>> 
>> 1) The man page for isakmpd says "The CSRs are signed with a
>> pre-generated private key.  By default, the system startup script
rc(8)
>> generates a key-pair when starting..." Why ? Why are the peer CSRs
>> signed with the pre-generated private key ? I would have thought
that
>> getting the CA to sign them would be OK. After all, if all the
peers
>> trust the CA, then any certificate signed by the CA should be
trusted.
>> What's wrong with my logic ?
> 
> mh, "signed" might a bit unclear.  The pre-generated private key
> is "bound" to the CSR, ie. this is the private key to be used with
> the resulting x509 certificate.

I think penny is starting to drop. Few more coffees and it might make
some sense..

GTG

Re: Flame bait - recommendations for web devlopment language?

[Joachim Schipper]

On Fri, Dec 16, 2005 at 09:36:31AM +0100, [EMAIL PROTECTED] wrote:
> > (It also looks like there's no mod_python in the source tree; I don't
> > know why, but I never really used python so that's not surprising, but
> > it might be an argument against python. There is a mod_perl, mod_ruby,
> > and it might be supported via another port - but I don't see it in
> > python. And the mod_*s are quite a bit faster than CGIs.)
> >
> > As an off-the-wall remark, FastCGI looks really nice, too. I'll try it
> > sometime soon.
> 
> Having no mod_python is really no problem, see
> http://www.openbsd.org/cgi-bin/cvsweb/ports/www/py-jonpy/ for an
> alternative, basically everything you do with mod_* can (and often should)
> be done with fastcgi.
> 
> The main advantage is security, because with fastcgi you can:
> 
> Run apache or another fastcgi compliant (i'm thinking lighttpd here)
> webserver chrooted.
> 
> Run your 'dynamic/data-driven/mvc/whatever' web application chrooted
> elsewhere and as a different user.
> 
> Only share a socket either AF_UNIX or AF_INET between the two servers.
> 
> A break in the www servers is still totally unlikely, If the web
> application is exploitable it will yield access to an unprivileged user in
> the web application's chroot.
> 
> Another advantage with this approach is that some webservers (still
> thinking lighttpd) support fastcgi load-balancing, so you can run your web
> app on many machines.

Yes, FastCGI looks really cool.

However, in my particular case, it's not like I am the only one who does
some work on the website, and I'll not be around forever either (it's
volunteer work, basically). Using straight PHP is technically inferior,
but is much more likely to actually be used by the next guy. Not to
mention that just spitting out a page is a lot easier than dealing with
caching stuff and the like.

Hmm, once all the servers are up and running I'll have to do some
mucking around. And try to convince everyone to use FastCGI - or just
start doing it, I'm pretty much the only one doing scripting anyway.

Is there a specific language, though, that you could recommend, because
that's what we started out talking about?

Joachim

Re: x509 keys & isakmpd in OBSD 3.8

[Hans-Joerg Hoexer]

Hi,

On Fri, Dec 16, 2005 at 09:48:06AM +, Gordon Ross wrote:
> I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD
> 3.8 boxes.
> 
> To start with, I followed the instructions at
> http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN
> using pre-shared secrets. This works fine.

well, I'd say vpn(8) is a good starting point...

> Then I create CSR/KEYs for the peers & get the CSR signed by the CA to
> give me a cert. This, in theory, I understand. However:
> 
> 1) The man page for isakmpd says "The CSRs are signed with a
> pre-generated private key.  By default, the system startup script rc(8)
> generates a key-pair when starting..." Why ? Why are the peer CSRs
> signed with the pre-generated private key ? I would have thought that
> getting the CA to sign them would be OK. After all, if all the peers
> trust the CA, then any certificate signed by the CA should be trusted.
> What's wrong with my logic ?

mh, "signed" might a bit unclear.  The pre-generated private key
is "bound" to the CSR, ie. this is the private key to be used with
the resulting x509 certificate.

> 2) Just to confirm... (Assume I have peer1 & peer2) I create a cert for
> peer1 and put it in /etc/isakmpd/certs/ on peer1. There is no need to
> copy it to peer2 (because the cert is signed by the CA, and the CA is
> trusted by both peers) Correct ?

yes.

Re: Trying to understand iostat output

[Joachim Schipper]

On Wed, Dec 14, 2005 at 06:33:00PM +0100, Markus Wernig wrote:
> Joachim Schipper wrote:
> 
> > There was a lengthy thread about ccd mirroring here. Search the
> > archives, and check whether it's worth the risk of ccd 'eating your
> > data' first. (If not, go with RAID-1.)
> 
> Hi
> 
> Yes, I followed the thread, but to my understanding it was not
> conclusive that ccd would be such a great risk - there were at least two
> diverging opinions.
> 
> I tried mounting the device with softdep, which yielded 7 MB/s write
> throughput - better, but not overwhelming.
> 
> That said, I then tried to simulate a crash (hit power putton on idle
> box, no obvious write activity going on on the device) - and the
> filesystem came back with unrecoverable errors. I will try to
> investigate this further and determine if it was just bad fs luck or the
> underlying ccd device.
> 
> Anyway, I wanted to avoid building a custom kernel, so I might just
> rsync the two disks from cron.

I agree that the ccd mirroring debate ended with at least one
participant on each side retaining his first opinion. However,
considering one was pretty much a newbie and the other the RAIDFrame
maintainer, I know who *I* believe.

Never mind that I'd pretty much figured out that ccd mirroring has the
problems he mentioned on my own, some time earlier when setting up RAID,
and decided not to get burnt.

FWIW, RAIDFrame and ccd mirroring are not very good if you want maximal
speed, especially write speed. They are also complex. Ccd mirroring
is very vulnerable to crashes, and while RAID will deal with them more
elegantly, it *will* require quite a bit of time to rewrite parity.

For reference, here's what I do...

Important documents are in a subversion repository on a RAID-1
/var and /var/mail are on a RAID-1
/, /usr and /home are copied nightly (via the altroot mechanism,
expanded to altroot/-usr/-home via /etc/daily.local - see afterboot(8),
/etc/daily)

Additionally, all of the system but /tmp is backed up nightly, to tape.

Joachim

x509 keys & isakmpd in OBSD 3.8

[Gordon Ross]

Hi,

I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD
3.8 boxes.

To start with, I followed the instructions at
http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN
using pre-shared secrets. This works fine.

Now, I want to switch over to x509 keys.

Googling for this next step points me in various directions, which
ultimately lead me back to
http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd&sektion=8 ;-)

I create my CA, which gives me a .crt and a .key. The .key I keep very
safe, and the .crt I put in /etc/isakmpd/ca/ on all the peers.

So far, so good.

Then I create CSR/KEYs for the peers & get the CSR signed by the CA to
give me a cert. This, in theory, I understand. However:

1) The man page for isakmpd says "The CSRs are signed with a
pre-generated private key.  By default, the system startup script rc(8)
generates a key-pair when starting..." Why ? Why are the peer CSRs
signed with the pre-generated private key ? I would have thought that
getting the CA to sign them would be OK. After all, if all the peers
trust the CA, then any certificate signed by the CA should be trusted.
What's wrong with my logic ?

2) Just to confirm... (Assume I have peer1 & peer2) I create a cert for
peer1 and put it in /etc/isakmpd/certs/ on peer1. There is no need to
copy it to peer2 (because the cert is signed by the CA, and the CA is
trusted by both peers) Correct ?

Thanks,

GTG

PS I didn't post a dmesg as I didn't think it was necessary..

Re: Flame bait - recommendations for web devlopment language?

[pierre-yves]

> (It also looks like there's no mod_python in the source tree; I don't
> know why, but I never really used python so that's not surprising, but
> it might be an argument against python. There is a mod_perl, mod_ruby,
> and it might be supported via another port - but I don't see it in
> python. And the mod_*s are quite a bit faster than CGIs.)
>
> As an off-the-wall remark, FastCGI looks really nice, too. I'll try it
> sometime soon.

Having no mod_python is really no problem, see
http://www.openbsd.org/cgi-bin/cvsweb/ports/www/py-jonpy/ for an
alternative, basically everything you do with mod_* can (and often should)
be done with fastcgi.

The main advantage is security, because with fastcgi you can:

Run apache or another fastcgi compliant (i'm thinking lighttpd here)
webserver chrooted.

Run your 'dynamic/data-driven/mvc/whatever' web application chrooted
elsewhere and as a different user.

Only share a socket either AF_UNIX or AF_INET between the two servers.

A break in the www servers is still totally unlikely, If the web
application is exploitable it will yield access to an unprivileged user in
the web application's chroot.

Another advantage with this approach is that some webservers (still
thinking lighttpd) support fastcgi load-balancing, so you can run your web
app on many machines.

Re: login.conf - chpass - _mysql

[Otto Moerbeek]

On Fri, 16 Dec 2005, Uwe Dippel wrote:

> On Thu, 15 Dec 2005 18:07:52 +0100, Otto Moerbeek wrote:
> 
> > Please report exact command lines and error messages.
> 
> chpass _mysql
> [change daemon into mysql or _mysql]; :wq
> chpass: illegal character in the "class" field
> re-edit the password file? [y]:

I cannot reproduce this here. _mysql is accepted and processed correctly.

> 
> > Use su(1) to start the command with a given login class.
> 
> like
> # su -c _mysql _mysql -c date
> This account is currently not available.
> ?
> 
> Hey, I don't want to offend anyone in here !
> I only found some 20 occurrences of that additional login class and the
> same number of this suggestion. While typing, I asked myself, how the
> environment will be picked up, ever. And started to think ... and started
> to have doubts.

You'll have to give it the right args:

# su -m -c staff bin -c "ulimit -a"
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 159744
stack(kbytes)4096
lockedmem(kbytes)157262
memory(kbytes)   471136
nofiles(descriptors) 64
processes128
# su -m -c daemon bin -c "ulimit -a"
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 524288
stack(kbytes)8192
lockedmem(kbytes)157262
memory(kbytes)   471136
nofiles(descriptors) 128
processes532
# 

> I bet 90% of those people who report success with mysql with this class do
> not have it due to this login class, but due to the values of the daemon
> class. With which their mysql runs, incidentially.
> 
> # sudo -c _mysql -u _mysql date
> Fri Dec 16 09:51:03 SGT 2005
> 
> This is what I was hinting at in my post, btw. This is the only thing I
> got working for a user with nologin.

-Otto

Re: OpenNTPD problem

[Jakob Fix]

Jakob Fix wrote:
> Hello, I'm running the latest portable OpenNTPD on a Debian box, but it's just
> not keeping time.  When I first start it, just executing ntpd, it sets the 
> time
> correctly, but then starts diverging, after a couple of weeks, like this (this
> machine is currently one hour and a half ahead):
[snip]

Thanks for all the off-list replies.  I've found this Debian bug report

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330587

which seems to confirm that it may actually be a problem with Debian (or
the kernel).

Sorry for the only very peripheral OpenBSD post.

-- 
cheers,
Jakob.