Humppa Validation

[J.C. Roberts]

Humppa Validation

While testing out the ami.c patch for dlg@, I once again needed validate
files are being written correctly. Keeping with the OpenBSD theme, I
used the MP3 files created from my Elakelaiset Werbung Baby CD for
testing out the 480GB RAID5 volume.

Once you've got your humppa on a BSD box cksum(1) and friends can take
care of creating message digests (cksum, sum, sysvsum, md4, md5, rmd160,
sha1, sha256, sha384. sha512), storing them into a text file and then
validating the original files were written correctly.

$ md5 *.mp3 bsdmd5.md5

You end up with a file in the standard format we all know and love:

MD5 (01-Hump.mp3) = 1ecc9c0165043bda9ac07ae35a627cc4
MD5 (02-Humppakonehumppa.mp3) = 0c1cb2e6347b541830125dfcc41a6f00
MD5 (03-Humppamedia.mp3) = d0ee034280d835894e859258a5df4d8f
MD5 (04-Punakka_Humppa.mp3) = b768d3491261f1b256ba2d0d70167b3d
MD5 (05-Peljatty_Humppa.mp3) = a789d1f7ad6b979f9dd6d4d07e5f6849

Of course the above command is the same thing as:
$ cksum -a MD5 *.mp3 cksum.md5

The problems start if you're dumb enough to keep the original copy of
your humppa on something other than a BSD system...

Since you can install OpenSSL on a number of different types of systems,
my first thought was to use OpenSSL to generate the checksum files.

$ find . -type f -name '*.mp3' -print0 | xargs -0 openssl md5 -out
ossl.md5

That get's you fairly close but the resulting format is wrong.

MD5(./01-Hump.mp3)= 1ecc9c0165043bda9ac07ae35a627cc4
MD5(./02-Humppakonehumppa.mp3)= 0c1cb2e6347b541830125dfcc41a6f00
MD5(./03-Humppamedia.mp3)= d0ee034280d835894e859258a5df4d8f
MD5(./04-Punakka_Humppa.mp3)= b768d3491261f1b256ba2d0d70167b3d
MD5(./05-Peljatty_Humppa.mp3)= a789d1f7ad6b979f9dd6d4d07e5f6849

Notice we're missing two of the required spaces as per cksum(1)

Sure, you can edit the above rather easily to produce the correct format
for BSD md5/cksum but why should we be doing that all of the time.

The GNU has their own incomplete and incompatible file format for MD5
checksums which is used with their ``md5sum'' tool.

$ md5sum *.mp3 md5sum.md5

Which results in:
1ecc9c0165043bda9ac07ae35a627cc4 *01-Hump.mp3
0c1cb2e6347b541830125dfcc41a6f00 *02-Humppakonehumppa.mp3
d0ee034280d835894e859258a5df4d8f *03-Humppamedia.mp3
b768d3491261f1b256ba2d0d70167b3d *04-Punakka_Humppa.mp3
a789d1f7ad6b979f9dd6d4d07e5f6849 *05-Peljatty_Humppa.mp3

The gnu md5sum tool lacks designation of the message digest used.

Would it be worthwhile to add a format switch (maybe -f) to cksum so
we can handle different file formats?

$ cksum -f openssl -c ossl.md5
$ cksum -f md5sum -c md5sum.md5

Is there some unstated reasoning why we don't support the other formats?

Since the format we use in OpenBSD quite nice:
  Would it be better to fix/augment the output of OpenSSL?
  Would it be better to fix/augment the output of md5sum?

Is there a better way to handle cross-os file validation?

And lastly NO, I don't actually believe my liver would survive listening
to 480GB of Humppa MP3's but the experiment might be, well,
intoxicating. (;

Thanks,
JCR


--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: ssh attacks

[Joakim Aronius]

Why?

You say that you block SSH on 1,2,3 and then that you want to do something MORE 
on 4? You probably already have 'block all' and then allow ssh on one of your 
boxes, thats it.

Maybe you want an IDS system or a SSH tarpit, but this is not the job for pf. 
Tobias Ulmer made some good points in his mail, including 'this is stupid'.

Cheers,
/jkm

* Peter Fraser ([EMAIL PROTECTED]) wrote:
 Expect I was not clear.
 
 Someone is attacking address 1, address 2, address 3, those
 address are all blocked with respect to ssh. , but because he
 is attacking those addresses, I want to stop an expected attack
 on address 4. I never want to pass ssh on address 1, address 2
 or address 3 ever, I want to use the information that someone
 was trying to ssh to those address to identify person as
 an attacker.
 
 
 -Original Message-
 From: Matthias Kilian [mailto:[EMAIL PROTECTED] 
 Sent: Wednesday, May 31, 2006 3:02 PM
 To: Peter Fraser
 Cc: misc@openbsd.org
 Subject: Re: ssh attacks
 
 On Wed, May 31, 2006 at 02:54:16PM -0400, Peter Fraser wrote:
  block in on Outsize proto tcp port ssh flags S/SA 
   state (max-src-conn-rate 100/10, overload bad_hosts flush global)
  
  This does not work. One gets a message that keeping state on
  a blocked run makes no sense.
 
 See the example on overload at
 http://www.openbsd.org/faq/pf/filter.html#stateopts
 
 Basically, you pass and just block verything from bad_hosts in a
 separate rule.
 
 Ciao,
   Kili

Re: ssh attacks

[Jason Stubbs]

Matthias Kilian wrote:

On Wed, May 31, 2006 at 03:15:34PM -0400, Peter Fraser wrote:

Expect I was not clear.

Someone is attacking address 1, address 2, address 3, those
address are all blocked with respect to ssh. , but because he
is attacking those addresses, I want to stop an expected attack
on address 4. I never want to pass ssh on address 1, address 2
or address 3 ever, I want to use the information that someone
was trying to ssh to those address to identify person as
an attacker.


Oh, sorry for not reading exactly.

So your problem is that you want to get state for ssh connection
attempts to addresses 1, 2 and 3 but at the same time want to block
those connections. This isn't possible (no connection - no state).

(QUICK HACK ALERT)

But it may be possible to redirect those connections to some unused
port on localhost (i.e. the firewall) let something listen on this
port, accept everything but immediately closing the connection.
Then use a simple pass rule with overload and max-src-conn options
to add offending addresses to your table.

Ciao,
Kili

ps: I didn't test the above, so if it's complete nonsense, feel
free to flame me.


I've done this and it works quite well. Source is as follows. My first 
attempt at POSIX network programming so feel free to correct/shoot me.


--

#include string.h
#include stdlib.h
#include unistd.h
#include sys/types.h
#include sys/socket.h
#include netinet/in.h

int main() {
int s;
struct sockaddr_in sa;

s = socket(AF_INET, SOCK_STREAM, 0);
bzero(sa, sizeof(struct sockaddr_in));
sa.sin_family = AF_INET;
sa.sin_port = htons(2048);

if (bind(s, (struct sockaddr*)sa, sizeof(struct sockaddr)) != 
0 || listen(s, 64) != 0 || daemon(0, 0) != 0) {

exit(1);
}

int c;
struct sockaddr_in ca;
int csize;

while (1) {
bzero(ca, sizeof(struct sockaddr_in));
csize = sizeof(struct sockaddr_in);
c = accept(s, (struct sockaddr*)ca, csize);
if (c = 0) {
sleep(1);
} else {
close(c);
}
}

return 0;
}

--
Jason Stubbs

Re: Libpcap library version

[Joachim Schipper]

On Wed, May 31, 2006 at 06:29:13PM -0400, Bryan Chapman wrote:
 I was trying working with ettercap today, and found out the only version 
 0.6.bp3
 is in the ports tree.  This version is described as deprecated on the ettercap
 webpage.  I downloaded the most recent version (0.7.3) and tried to install 
 it.
  When I run the configure script included in I get the following output:
 
 $ ./configure --with-libpcap=/usr/src/lib/libpcap
 ...
 checking for libpcap... /usr/src/lib/libpcap
 checking for pcap_datalink_val_to_description in -lpcap... no
 configure: error: Incorrect libpcap version. libpcap = 0.8.1 required
 
 I was told on the #openbsd irc channel that openbsd maintains its own versions
 of the libraries.  Is this just due to an old library version, or am I missing
 something else?

libpcap has been updated quite a bit, but this happened post-3.9 IIRC.

Joachim

Re: ssh attacks

[Alexander Hall]

Tobias Ulmer wrote:


This topic comes up in regular intervals of 6 month on every *nix
mailinglist i'm on.



It's stupid (sorry, but it is):



Gained security = 0%

Leave it just as it is. You don't have anything to fear anything if
you use decent passwords. Otherwise don't offer a ssh service!


I keep the following setup in my pf.conf for bandwidth/cpu, not 
security, reasons:


-
[...]
table ssh-white persist { 127.0.0.1, ... }
[...]
# Hosts in whitelist are always allowed to connect unlimited
# Non-whitelisted Linux hosts are blocked
# Allow other ssh connections with limited connection rate
pass in quick on $ext_if proto tcp from ssh-white to ($ext_if:0) \
port ssh keep state label ssh-white
block in quick on $ext_if proto tcp from any os Linux to ($ext_if:0) \
port ssh label ssh-linux
pass in quick on $ext_if proto tcp from any to ($ext_if) \
port ssh flags S/SA keep state (max-src-conn-rate 1/30) \
label ssh-other
[...]
-


/Alexander

long - pf trunk vlan questions

[Peter Huncar]

Hello list

I have the following configuration

   +--- vlan0|
--- em0 ---+   +--- vlan1|
   +--- trunk0 +--- vlan2|  OpenBSD 3.8
--- em1 ---+   +--- vlan3|
   +--- vlan4|


And I have the following question.

I can set higher MTU on em0, em1 an the vlans and it was ok before I 
configured the trunk. The vlans were assigned to physical interfaces 
separately before. Now I'm unable to set higher MTU on trunk0 and also I 
get:


vlan0: initialized with non-standard mtu 1496 (parent trunk0)
vlan1: initialized with non-standard mtu 1496 (parent trunk0)
vlan2: initialized with non-standard mtu 1496 (parent trunk0)
vlan3: initialized with non-standard mtu 1496 (parent trunk0)
vlan4: initialized with non-standard mtu 1496 (parent trunk0)

every time I initialize my network. However, it is still working.

Is there a problem of setting higher MTUs on trunk interfaces?

*

Another question. I was wondering how should I configure PF.
I am filtering traffic now on vlan interfaces and trunk0 interface, 
because if I don't pass packets on the trunk interface, all traffic will 
be blocked although I pass it on vlan ifs. I don't have any rule 
regarding the physical ifs (em0 em1) in pf.conf.


If I set skip on trunk0, is it still possible to filter on vlans?
Or do you have any other suggestion? I need to filter only on the vlan 
interfaces.



Thank you

Peter Huncar

Re: long - pf trunk vlan questions

[Peter Huncar]

Sorry for the picture ;o)

simpler one

gigabit switch with tagged vlans
|
trunk0
|
em0+em1
|
tagged vlans on OpenBSD 3.8

;o)

Peter Huncar  wrote / napmsal(a):

Hello list

I have the following configuration

   +--- vlan0|
--- em0 ---++--- vlan1|
 +--- trunk0 +--- vlan2|  OpenBSD 3.8
--- em1 ---+   +--- vlan3|
   +--- vlan4|


And I have the following question.

I can set higher MTU on em0, em1 an the vlans and it was ok before I 
configured the trunk. The vlans were assigned to physical interfaces 
separately before. Now I'm unable to set higher MTU on trunk0 and also I 
get:


vlan0: initialized with non-standard mtu 1496 (parent trunk0)
vlan1: initialized with non-standard mtu 1496 (parent trunk0)
vlan2: initialized with non-standard mtu 1496 (parent trunk0)
vlan3: initialized with non-standard mtu 1496 (parent trunk0)
vlan4: initialized with non-standard mtu 1496 (parent trunk0)

every time I initialize my network. However, it is still working.

Is there a problem of setting higher MTUs on trunk interfaces?

*

Another question. I was wondering how should I configure PF.
I am filtering traffic now on vlan interfaces and trunk0 interface, 
because if I don't pass packets on the trunk interface, all traffic will 
be blocked although I pass it on vlan ifs. I don't have any rule 
regarding the physical ifs (em0 em1) in pf.conf.


If I set skip on trunk0, is it still possible to filter on vlans?
Or do you have any other suggestion? I need to filter only on the vlan 
interfaces.



Thank you

Peter Huncar

A joke

[Rico]

High school/Junior high
---
10 PRINT HELLO WORLD
20 END

First year in college
-
program Hello(input, output);
begin
writeln ('Hello world');
end.

Senior year in college
--
(defun hello ()
(print (list 'HELLO 'WORLD)))

New professional

#include stdio.h
main (argc,argv)
int argc;
char **argv; {
printf (Hello World!\n);
}
216 C++

Seasoned pro

#include stream.h
const int MAXLEN = 80;
class outstring;
class outstring {
private:
int size;
char str[MAXLEN];
public:
outstring() { size=0; }
~outstring() {size=0;}
void print();
void assign(char *chrs);
};
void outstring::print() {
int i;
for (i=0 ; i size ; i++)
cout  str[i];
cout  \n;
}
void outstring::assign(char *chrs) {
int i;
for (i=0; chrs[i] != '\0';i++)
str[i] = chrs[i];
size=i;
}
main (int argc, char **argv) {
outstring string;
string.assign(Hello World!);
string.print();
}

Manager: George, I need a program to output the string Hello World!

Hilarious!

Best and kind regards,
Rico

Problems mounting a usb disk

[David Burau]

Hi,

i've installed OpenBSD 3.9 on a IBM T20 notebook.
Everything is working fine.
Bit I'm not able to mount a usb disk.
dmesg output ist:
-
sd0 at scsibus1 targ 1 lun 0...
sd0: 76319MN, 76319 cyl, ...
--
and that's my disk.

The Problem is, that there is no sd0 in /dev and when I try to mount 
 sd0a (mount /dev/sd0a /mnt/usb) I get a note, that the device is not 
configured.


Does anybody have a clue, what the Problem might be?

Thanks!

David Burau

Re: CARP

[Bachman Kharazmi]

After the change in pf.conf you suggested,
nat on hme0 from rl0:network to any - carp0
I must do ifconfig down on both carp0 and carp1 at MASTERhost to make
BACKUPhost taking control.
If I only do ifconfig carp1 down on the master the CARP1 iface on
BACKUPhost will become MASTER but the CARP0 will still be BACKUP. And
no traffic gets through.

When I have:
nat on hme0 from rl0:network to any - hme0
I can do ifconfig carp1 down on MASTERhost and the BACKUP will take control.

And I still have the problem that my IRC,aim-client and
radiostreaming disconnects with both tries.

I forgot to mention that the MASTERhost is on
OpenBSD sunshine-2 3.9 GENERIC#759 sparc64
and BACKUPhost
OpenBSD sunbird 3.8 GENERIC#607 sparc64

The problem with disconnections from various services (IRC,aim and
radio) still exist :/

/bkw


On 01/06/06, Dag Richards [EMAIL PROTECTED] wrote:

Bachman Kharazmi wrote:
 I finally got CARP _working_ :)

 I've a problem when I do ifconfig carp1 down on the MASTER host to
 test if BACKUP takes over the traffic..

 It does work so far. But the problem is that if I'm streaming Internet
 radio or are connected to IRC the radio will get stalled when I do
 ifconfig carp1 down on MASTER, and the IRC disconnects and then
 tries to reconnect which of course works.

 I think something is wrong, since it shouldn't affect the traffic flow
 at all when MASTER interrupt.

 I have three interfaces in each host. and my setup looks like
 (here is a diff link http://pastebin.com/pastebin.php?diff=749904)

 MASTER HOST:
 # ifconfig
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
 hme0:
 flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST

 mtu 1500
lladdr 08:00:20:9e:7c:60
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::a00:20ff:fe9e:7c60%hme0 prefixlen 64 scopeid 0x1
inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255
 rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:a1:8e:64:70
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.10.100 netmask 0xff00 broadcast 192.168.10.255
inet6 fe80::208:a1ff:fe8e:6470%rl0 prefixlen 64 scopeid 0x2
 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:0e:30:02
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.254.254 netmask 0xff00 broadcast 192.168.254.255
inet6 fe80::250:8bff:fe0e:3002%fxp0 prefixlen 64 scopeid 0x3
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
 pfsync0: flags=41UP,RUNNING mtu 1460
pfsync: syncdev: fxp0 maxupd: 128
 enc0: flags=0 mtu 1536
 carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev hme0 vhid 1 advbase 1 advskew 0
groups: carp
inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
 carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev rl0 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.10.50 netmask 0xff00 broadcast 192.168.10.255
 # cat /etc/hostname.*
 inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 1 pass foo
 inet 192.168.10.50 255.255.255.0 192.168.10.255 vhid 2 pass bar
 inet 192.168.254.254 255.255.255.0 NONE
 dhcp NONE NONE NONE
 up syncif fxp0
 inet 192.168.10.100 255.255.255.0 NONE

 BACKUP HOST:
 # ifconfig
 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
 hme0:
 flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST

 mtu 1500
lladdr 08:00:20:9c:5d:3a
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::a00:20ff:fe9c:5d3a%hme0 prefixlen 64 scopeid 0x1
inet 192.168.1.7 netmask 0xff00 broadcast 192.168.1.255
 rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:c0:26:6d:ff:6c
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.10.200 netmask 0xff00 broadcast 192.168.10.255
inet6 fe80::2c0:26ff:fe6d:ff6c%rl0 prefixlen 64 scopeid 0x2
 fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:0e:7d:7d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.254.253 netmask 0xff00 broadcast 192.168.254.255
inet6 fe80::250:8bff:fe0e:7d7d%fxp0 prefixlen 64 scopeid 0x3
 pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
 pfsync0: flags=41UP,RUNNING mtu 1348
pfsync: syncdev: fxp0 

Re: Humppa Validation

[Jason McIntyre]

On Wed, May 31, 2006 at 10:58:42PM -0700, J.C. Roberts wrote:
 
 The problems start if you're dumb enough to keep the original copy of
 your humppa on something other than a BSD system...
 
 Since you can install OpenSSL on a number of different types of systems,
 my first thought was to use OpenSSL to generate the checksum files.
 
 $ find . -type f -name '*.mp3' -print0 | xargs -0 openssl md5 -out
 ossl.md5
 
 That get's you fairly close but the resulting format is wrong.
 

why not use openssl on both platforms?
jmc

Des offres gratuites Championnes du Monde !

[Offres Gratuites]

Si vous ne lisez pas correctement cet email, cliquez ici

OFFRES GRATUITES Spiciales Coupe du Monde : Cliquez ici

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Cette offre n'est valide que jusqu'au 30 juin 2006. Prix affichis HT. Les
frais de port et de traitement, les options de produits et photo/logo
tilichargis ne sont pas compris ` moins de n'jtre explicitement inclus
dans l'offre. L'offre de cartes de visite gratuites n'a pas de date
d'expiration pour l'instant. Offre non valide sur des commandes dij`
passies. Pour plus de ditails, consultez notre site web.



VistaPrint offre le meilleur rapport qualiti prix pour l'impression en
couleur.
VistaPrint est utilisi par plus de 6 millions de clients dans le monde.

Les produits et services dicrits dans ce message sont fournis par
VistaPrint Limited,
le leader mondial pour le graphisme et l'impression en ligne.

Conformiment ` la loi informatique et liberti du 06/01/1978 (art.27),
vous disposez d'un droit d'acchs et de rectification des donnies vous
concernant. Si vous souhaitez modifier vos coordonnies ou si vous ne
disirez plus recevoir de messages ilectroniques de la part de cet
annonceur, cliquez ici[IMAGE]

Re: PF load balance problem

[Alexey E. Suslikov]

On Wednesday 31 May 2006 19:03, Diego Linke wrote:

 Alexey,

   A network prefix length of 0 can be used as a wildcard.  To
  kill all states with the target ``host2'':
 
   # pfctl -k 0.0.0.0/0 -k host2
 
  so why don't you kill all states to dead pool member right after removing
  it from the lb table?

 This is not work!
 The problem is that this command to erase the STATES, however the SOURCE
 keeps.

previously, you have referred to this quote from pfctl.conf(5))

 Additionally, the sticky-address option can be specified to help ensure
 that multiple connections from the same source are mapped to the same
 redirection address.  This option can be used with the random and round-
 robin pool options.  Note that by default these associations are de-
 stroyed as soon as there are no longer states which refer to them; in or-
 der to make the mappings last beyond the lifetime of the states, increase
 the global options with set timeout source-track See STATEFUL TRACKING
 OPTIONS for more ways to control the source tracking.

so I think you broke pfctl -k by explicitly specifying src.track. why do you
need src.track?

Re: Humppa Validation

[J.C. Roberts]

On Thu, 1 Jun 2006 10:11:07 +0100, Jason McIntyre [EMAIL PROTECTED]
wrote:

On Wed, May 31, 2006 at 10:58:42PM -0700, J.C. Roberts wrote:
 
 The problems start if you're dumb enough to keep the original copy of
 your humppa on something other than a BSD system...
 
 Since you can install OpenSSL on a number of different types of systems,
 my first thought was to use OpenSSL to generate the checksum files.
 
 $ find . -type f -name '*.mp3' -print0 | xargs -0 openssl md5 -out
 ossl.md5
 
 That get's you fairly close but the resulting format is wrong.
 

why not use openssl on both platforms?
jmc

I've read through the openssl man page more than a few times looking for
the required magic to input such a text file and get openssl to validate
the listed files but no such luck. As far as I know, openssl is only
able to produce the output file but is unable to accept said file as
input.

To make sure the files were transferred correctly to the openbsd box, I
resorted to editing the openssl output file so it could be used with
cksum/md5.

jcr


--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: Humppa Validation

[Tom Cosgrove]

 J.C. Roberts 1-Jun-06 06:58 
:
 Sure, you can edit the above rather easily to produce the correct format
 for BSD md5/cksum but why should we be doing that all of the time.

Don't edit it manually, use a one-line sed, awk or perl script.

 Would it be worthwhile to add a format switch (maybe -f) to cksum so
 we can handle different file formats?

 $ cksum -f openssl -c ossl.md5
 $ cksum -f md5sum -c md5sum.md5

 Is there some unstated reasoning why we don't support the other formats?

Yes.  Each tool should do one thing, and do it well.  cksum does.
Having multiple different formats in the program, particularly those
that can be generated from each other by simple sed scripts, is insane.

Sorry.

Tom

(If you really want this, you could write a shell script that does exactly
that - even taking your suggested -f option.)

Re: CARP | panic when I did tcpdump on MASTERhost

[Bachman Kharazmi]

oops, I guess something bad happend

# tcpdump -nvi hme0 -c3 proto 112
panic: psycho0: uncorrectable DMA error AFAR 1362448 (pa=0
tte=0/572012) AFSR 4b00ff002080
kdb breakpoint at 132d700
Stopped at  Debugger+0x4:   nop
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
psycho_ue(1fd3f24, 7, e0017348, e0017460, 12ff320, e0017310) at psycho_ue+0x7c
sparc_interrupt(186be00, 7461c10, 2000, 74f4150, 3f, 74fc3c0) at sparc_interrup
t+0x20c
m_freem(7461c10, 2000, 2046b80, 0, 5ea, 8) at m_freem+0xb0
rl_txeof(2071000, 1fcfd00, 2046b80, 0, 5ea, fff0) at rl_txeof+0xf4
rl_intr(2071000, 1, e0017770, dddcf460, 1053260, 1d) at rl_intr+0xe0
sparc_interrupt(2071098, 745e00e, , 53ecc58, 70, 745e008) at sp
arc_interrupt+0x20c
ether_output(0, 7420f40, 745e008, e0017978, a363, ) at ether_output+0x330
ip_output(7420f40, 745e010, 186dd60, 0, 14, 0) at ip_output+0x90c
ip_forward(7421340, 1, 0, 0, 0, 0) at ip_forward+0x1b8
ipv4_input(7420f40, 7415802, 0, 0, , 14) at ipv4_input+0x2dc
ipintr(1, 10101, 21ffbec732, 8000, 21ffbec732, 1800) at ipintr+0x70

softnet(4, 0, e0017ec8, 0, 131ede0, 0) at softnet+0xd0
sparc_interrupt(0, 0, 137fb78, 0, , d6d80) at sparc_interrupt+0
x20c
microuptime(743f310, 0, 0, 0, 0, 0) at microuptime+0x4
mi_switch(139bdf8, 1000, 0, 0, 0, 0) at mi_switch+0x1b4
ltsleep(1d6c8c0, 204, 0, 0, 72f4600, 0) at ltsleep+0x1c0
uvm_vnp_terminate(72f4600, 3a000, e11bbf8, e11bc04, 0, 1) at uvm_vnp_terminate+
0xc94
uvm_fault(244000, 3a000, , 1, 0, 1) at uvm_fault+0xeb4
data_access_fault(e11bed0, 30, 4ed1867c, 23a0a3, 23b5b8, 0) at data_access_faul
t+0xe0
trapbase(0, , 4c, 0, 0, 0) at trapbase+0x87ac
ddb ps
  PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
18874   3313   3313  0  3 0x6  uvn_gettcpdump
 3313  12225   3313  0  3  0x4006  biowaittcpdump
12225  1  12225  0  3  0x4086  pause  ksh
18751  1  18751  0  30x84  select cron
11109  1  11109  0  30x84  select sshd
 6608  1   6608  0  3 0x40184  select sendmail
12486  1  12486  0  3   0x184  select inetd
12916  27305  27305 74  3   0x184  bpfpflogd
27305  1  27305  0  30x84  netio  pflogd
16386  19125  19125 73  3   0x184  poll   syslogd
19125  1  19125  0  30x84  netio  syslogd
31118  1  31118 77  3   0x184  poll   dhclient
21085  1  11480  0  30x86  poll   dhclient
9  0  0  0  30x100204  crypto_wa  crypto
8  0  0  0  30x100204  aiodoned   aiodoned
7  0  0  0  30x100204  syncer update
6  0  0  0  30x100204  cleanercleaner
5  0  0  0  30x100204  reaper reaper
4  0  0  0  30x100204  pgdaemon   pagedaemon
3  0  0  0  30x100204  pftm   pfpurge
2  0  0  0  30x100204  kmallockmthread
1  0  1  0  3  0x4084  wait   init
0 -1  0  0  3 0x80204  scheduler  swapper
ddb

and dmesg of that box:
# dmesg
console is /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED]/[EMAIL 
PROTECTED],40:b
Copyright (c) 1982, 1986, 1989, 1991, 1993
   The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2006 OpenBSD. All rights reserved.  http://www.OpenBSD.org

OpenBSD 3.9 (GENERIC) #759: Wed Mar  1 01:32:54 MST 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/sparc64/compile/GENERIC
total memory = 268435456
avail memory = 234807296
using 1638 buffers containing 13418496 bytes of memory
bootpath: /[EMAIL PROTECTED],0/[EMAIL PROTECTED],1/[EMAIL PROTECTED],0/[EMAIL 
PROTECTED],0
mainbus0 (root): Sun Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz)
cpu0 at mainbus0: SUNW,UltraSPARC-IIi @ 299.790 MHz, version 0 FPU
cpu0: physical 32K instruction (32 b/l), 16K data (32 b/l), 512K
external (64 b/l)
psycho0 at mainbus0 addr 0xfffc4000
SUNW,sabre: impl 0, version 0: ign 7c0 bus range 0 to 2; PCI bus 0
DVMA map: c000 to e000
IOTDB: 1362000 to 13e2000
pci0 at psycho0
ppb0 at pci0 dev 1 function 1 Sun Simba PCI-PCI rev 0x11
pci1 at ppb0 bus 1
ebus0 at pci1 dev 1 function 0 Sun PCIO Ebus2 rev 0x01
auxio0 at ebus0 addr 726000-726003, 728000-728003, 72a000-72a003,
72c000-72c003, 72f000-72f003
power at ebus0 addr 724000-724003 ipl 37 not configured
SUNW,pll at ebus0 addr 504000-504002 not configured
sab0 at ebus0 addr 40-40007f ipl 43: rev 3.2
sabtty0 at sab0 port 0
sabtty1 at sab0 port 1: console i/o
comkbd0 at ebus0 addr 3083f8-3083ff ipl 41: no keyboard
com0 at ebus0 addr 3062f8-3062ff ipl 42: mouse: ns16550a, 16 byte fifo
lpt0 at ebus0 addr 3043bc-3043cb, 30015c-30015d, 70-7f ipl 34: polled
fdthree at ebus0 addr 

Re: Problems mounting a usb disk

[jjhartley]

Original message from David Burau [EMAIL PROTECTED]:

 Hi, 
 
 i've installed OpenBSD 3.9 on a IBM T20 notebook. 
 Everything is working fine. 
 Bit I'm not able to mount a usb disk. 
 dmesg output ist: 
 - 
 sd0 at scsibus1 targ 1 lun 0... 
 sd0: 76319MN, 76319 cyl, ... 
 -- 
 and that's my disk. 
 
 The Problem is, that there is no sd0 in /dev and when I try to mount 
 sd0a (mount /dev/sd0a /mnt/usb) I get a note, that the device is not 
 configured. 

You didn't mention which filesystem is on your USB drive;  I'll assume DOS.

If so, then look at the disk's disklabel to determine which slice is the DOS 
partition;  most likely, it is in sd0i or above.  That is the slice to be 
mounted, not sd0a.  Look at section 14.17 of the FAQ.

Jim

Re: Humppa Validation

[J.C. Roberts]

On Thu, 1 Jun 2006 10:59:56 +0100 (BST), Tom Cosgrove
[EMAIL PROTECTED] wrote:

 Sure, you can edit the above rather easily to produce the correct format
 for BSD md5/cksum but why should we be doing that all of the time.

Don't edit it manually, use a one-line sed, awk or perl script.

yep, exactly what I did.

 Would it be worthwhile to add a format switch (maybe -f) to cksum so
 we can handle different file formats?

 $ cksum -f openssl -c ossl.md5
 $ cksum -f md5sum -c md5sum.md5

 Is there some unstated reasoning why we don't support the other formats?

Yes.  Each tool should do one thing, and do it well.  cksum does.
Having multiple different formats in the program, particularly those
that can be generated from each other by simple sed scripts, is insane.

Sorry.

Tom

(If you really want this, you could write a shell script that does exactly
that - even taking your suggested -f option.)

I see you point. My suggestion kind of seems like feature creep.

jcr


--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: Humppa Validation

[J.C. Roberts]

On Thu, 1 Jun 2006 11:19:43 +0059, Jason McIntyre [EMAIL PROTECTED]
wrote:

On Thu, Jun 01, 2006 at 10:59:56AM +0100, Tom Cosgrove wrote:
 
  Is there some unstated reasoning why we don't support the other formats?
 
 Yes.  Each tool should do one thing, and do it well.  cksum does.
 Having multiple different formats in the program, particularly those
 that can be generated from each other by simple sed scripts, is insane.
 
 Sorry.
 

still, it's odd that openssl appears to have no way to do something
similar...(the checklist bit, i mean).

jmc

The interesting thought is since openssl is unable to accept as input
the checksum/digest output file it created, it almost makes some sense
to alter the format of openssl output (-out) file so it can be used with
cksum and friends.

The unanswerable question is how many things count on the current
openssl output format and would the addition of missing two spaces break
them?

jcr


--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: ??????????: other languages support?

[mickey]

On Wed, May 31, 2006 at 04:16:12PM -0700, Spruell, Darren-Perot wrote:
  huh? bedroom? is this a joke?
 
 KOMHATA.
 
 Not that I'd really consider this multi-language support... :)

actually that'd be CnA^bH9!

cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

Re: PF load balance problem

[Diego Linke]

Hi Alexey,

 
 so I think you broke pfctl -k by explicitly specifying src.track. why do you
 need src.track?
 

I have many customers who have applications that they do not share
session, and I need src.track to keep more time the same customer in the
same serving of what the time of expiration of state.
This is very common in load balances, of layer3.

Thanks!


-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: CARP

[Bachman Kharazmi]

the problem is solved with disconnection! :)

I'm sorry that I missed
pfsync(4) has changed format, so it can not keep state between a 3.8
and a 3.9 box. Mismatched systems will lose all connections when you
switch which box is master, as states will not be transfered between
systems. You can minimize the impact of this by upgrading your backup
boxes first, so there is only one loss of active states.

directly from http://www.openbsd.org/faq/upgrade39.html

thanks for all replies!
/bkw

On 31/05/06, Bachman Kharazmi [EMAIL PROTECTED] wrote:

I finally got CARP _working_ :)

I've a problem when I do ifconfig carp1 down on the MASTER host to
test if BACKUP takes over the traffic..

It does work so far. But the problem is that if I'm streaming Internet
radio or are connected to IRC the radio will get stalled when I do
ifconfig carp1 down on MASTER, and the IRC disconnects and then
tries to reconnect which of course works.

I think something is wrong, since it shouldn't affect the traffic flow
at all when MASTER interrupt.

I have three interfaces in each host. and my setup looks like
(here is a diff link http://pastebin.com/pastebin.php?diff=749904)

MASTER HOST:
# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
hme0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 08:00:20:9e:7c:60
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::a00:20ff:fe9e:7c60%hme0 prefixlen 64 scopeid 0x1
inet 192.168.1.10 netmask 0xff00 broadcast 192.168.1.255
rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:08:a1:8e:64:70
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.10.100 netmask 0xff00 broadcast 192.168.10.255
inet6 fe80::208:a1ff:fe8e:6470%rl0 prefixlen 64 scopeid 0x2
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:0e:30:02
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.254.254 netmask 0xff00 broadcast 192.168.254.255
inet6 fe80::250:8bff:fe0e:3002%fxp0 prefixlen 64 scopeid 0x3
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1460
pfsync: syncdev: fxp0 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev hme0 vhid 1 advbase 1 advskew 0
groups: carp
inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: MASTER carpdev rl0 vhid 2 advbase 1 advskew 0
groups: carp
inet 192.168.10.50 netmask 0xff00 broadcast 192.168.10.255
# cat /etc/hostname.*
inet 192.168.1.100 255.255.255.0 192.168.1.255 vhid 1 pass foo
inet 192.168.10.50 255.255.255.0 192.168.10.255 vhid 2 pass bar
inet 192.168.254.254 255.255.255.0 NONE
dhcp NONE NONE NONE
up syncif fxp0
inet 192.168.10.100 255.255.255.0 NONE

BACKUP HOST:
# ifconfig
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33192
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
hme0: 
flags=8b63UP,BROADCAST,NOTRAILERS,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST
mtu 1500
lladdr 08:00:20:9c:5d:3a
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::a00:20ff:fe9c:5d3a%hme0 prefixlen 64 scopeid 0x1
inet 192.168.1.7 netmask 0xff00 broadcast 192.168.1.255
rl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr 00:c0:26:6d:ff:6c
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.10.200 netmask 0xff00 broadcast 192.168.10.255
inet6 fe80::2c0:26ff:fe6d:ff6c%rl0 prefixlen 64 scopeid 0x2
fxp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:50:8b:0e:7d:7d
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.254.253 netmask 0xff00 broadcast 192.168.254.255
inet6 fe80::250:8bff:fe0e:7d7d%fxp0 prefixlen 64 scopeid 0x3
pflog0: flags=141UP,RUNNING,PROMISC mtu 33192
pfsync0: flags=41UP,RUNNING mtu 1348
pfsync: syncdev: fxp0 maxupd: 128
enc0: flags=0 mtu 1536
carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: BACKUP carpdev hme0 vhid 1 advbase 1 advskew 50
groups: carp
inet 192.168.1.100 netmask 0xff00 broadcast 192.168.1.255
carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
carp: BACKUP carpdev rl0 vhid 2 advbase 1 advskew 50

Re: long - pf trunk vlan questions

[Stuart Henderson]

On 2006/06/01 10:10, Peter Huncar wrote:
  +--- trunk0 +--- vlan2|  OpenBSD 3.8
 Is there a problem of setting higher MTUs on trunk interfaces?

It's time to upgrade, reyk added this last September: ...support
the smallest common interface capabilities. ie., this adds support
for VLAN MTUs if all attached ports have this capability...

 If I set skip on trunk0, is it still possible to filter on vlans?

Yes.

Solved Re: Problems mounting a usb disk

[David Burau]

Andreas Maus schrieb:

Hi.

Does it contain a (V)FAT file system?
Try mounting /dev/sd0i



That is the solution.

Thank you all!

David Burau

Re: PF load balance problem

[Alexey E. Suslikov]

On Thursday 01 June 2006 14:15, Diego Linke wrote:

 Hi Alexey,

  so I think you broke pfctl -k by explicitly specifying src.track. why do
  you need src.track?

 I have many customers who have applications that they do not share
 session, and I need src.track to keep more time the same customer in the
 same serving of what the time of expiration of state.
 This is very common in load balances, of layer3.

 Thanks!

have you tried source-hash option instead of source tracking?

Re: PF load balance problem

[Diego Linke]

Alexey,

 
 have you tried source-hash option instead of source tracking?
 

The option source-hash, would not function therefore goes to have
problem the same Source expirations.


-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: Libpcap library version

[Will Maier]

On Thu, Jun 01, 2006 at 09:10:41AM +0200, Joachim Schipper wrote:
 On Wed, May 31, 2006 at 06:29:13PM -0400, Bryan Chapman wrote:
  $ ./configure --with-libpcap=/usr/src/lib/libpcap
  ...
  checking for libpcap... /usr/src/lib/libpcap
  checking for pcap_datalink_val_to_description in -lpcap... no
  configure: error: Incorrect libpcap version. libpcap = 0.8.1 required
  
  I was told on the #openbsd irc channel that openbsd maintains
  its own versions of the libraries.  Is this just due to an old
  library version, or am I missing something else?
 
 libpcap has been updated quite a bit, but this happened post-3.9
 IIRC.

Trying to build ettercap 'NG' 0.7.3 on i386-current also fails (and
for the same reason), even though usr/lib/libpcap has (AFAICT) most
or all of the necessary stuff.

./configure fails while checking for
pcap_datalink_val_to_description. I didn't have more time to look at
it last night, but that appears to be the first stumbling block.

-- 

o--{ Will Maier }--o
| jabber:[EMAIL PROTECTED] | [EMAIL PROTECTED] |
| freenode:..lt_kije | freenode:#madlug,#wilug |
*--[ BSD Unix: Live Free or Die ]--*

Re: PF load balance problem

[Diego Linke]

Alexey,

 
 is here do not share session means originate each session from
 different IP address?

Not!  The problem is when I erase a server of mine load I balance and it
continues sending connection in this server.

-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: sound card woes

[Simon Morgan]

On Thu, Jun 01, 2006 at 03:23:59PM +0300, laurent FANIS wrote:
 Did you try http://www.openbsd.org/i386.html
 I have a cmpci cheap card (6/7 USD).Works fine.

Of course. But that only gives a list of chipsets and doesn't actually
tell you what cards use them which is the information I am looking for.
I understand that idiotic vendors have a habit of randomly changing
their chipsets so I don't expect this kind of information to be listed
there.

Only 1 other person has replied since I posted my request but luckily I
found:

http://www.arch.cam.ac.uk/~dir21/OpenBSD/sound.html

I've since bought that card and although it works the sound quality is
pretty poor, there is a lot of hissing which I don't get in Linux. On
top of that mplayer is still unusably slow for playing DVDs (Athlon XP
2000+), this was also the case when I installed OpenBSD 3.8 on an AMD64
3200 last year. I have to note that this was a completely different
system to the one I'm using now and yet it had the exact same problem,
does nobody watch DVDs using OpenBSD or something?

I will try again to find a solution to these problems on the mailing list
but I don't hold up much hope given my experiences and will probably
switch back.

Thanks anyway.

-- 
Conscience is the inner voice that warns us somebody is looking.
-- H. L. Mencken, A Mencken Chrestomathy

Problems trying to log on squirrelmail - part 2.

[João Salvatti]

Hi all,

Thank you very much for the tips you sent me. I could finally put
squirrelmail to work. Now everything is almost fine, but there is
still a little problem: I can send and receive e-mail through
squirrelmail, but when it comes to receive an e-mail, it arrives at my
mailbox (/var/spool/username) but it doesn't appear at my INBOX. But
when I send an e-mail it appears at my sent items folder. Does anyone
know what's happening?

Just to remember:

OpenBSD 3.9
postfix
procmail
cyrus-imapd

Squirrelmail folders are placed at

   /var/spool/imap/user/myusername/Sent, Drafts, Trash

Thanks.

--
Joco Salvatti
Undergraduating in Computer Science
Federal University of Para - UFPA
web: http://www.openbsd-pa.org
e-mail: [EMAIL PROTECTED]

Re: PF load balance problem

[Diego Linke]

Alexey,

 
 ok :)
 
 assume you have 5 session from given client which originated from one
 client's IP.
 
 assume you specified sticky-address so all 5 session gets redirected to
 one of lb.
 
 correct?

it's ok!!

 
 when this one of lb is dead, all sessions from given client are dead.
 so why do you need src.track longer than connections' states exist?
 

Then I need to guarantee that exactly a XXX time after finishes state to
exist it the same client continues being redirected for same serving.

This because the customer can effect login in the system, to be a time
without making nothing (time sucifiente for state to be extinguished)
and later reusing the system.
PS: This happens with some applications of my customers.

Thanks!

-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: Humppa Validation

[Stephen Takacs]

J.C. Roberts wrote:
 MD5 (01-Hump.mp3) = 1ecc9c0165043bda9ac07ae35a627cc4
 MD5 (02-Humppakonehumppa.mp3) = 0c1cb2e6347b541830125dfcc41a6f00
 MD5 (03-Humppamedia.mp3) = d0ee034280d835894e859258a5df4d8f
 MD5 (04-Punakka_Humppa.mp3) = b768d3491261f1b256ba2d0d70167b3d
 MD5 (05-Peljatty_Humppa.mp3) = a789d1f7ad6b979f9dd6d4d07e5f6849

[snip]
 
 The problems start if you're dumb enough to keep the original copy of
 your humppa on something other than a BSD system...
 
[snip]

 Is there a better way to handle cross-os file validation?

Check out Perl's Digest::MD5 module, specifically the addfile/hexdigest
methods and associated example code.  You could use that to generate or
validate bsd-style /bin/md5 output on other platforms, including Win32.

-- 
Stephen Takacs   [EMAIL PROTECTED]   http://perlguru.net/
4149 FD56 D078 C988 9027  1EB4 04CC F80F 72CB 09DA

Re: Problems trying to log on squirrelmail - part 2.

[Per-Olov Sjoholm]

On Thursday 01 June 2006 15:44, Joco Salvatti wrote:
 Hi all,

 Thank you very much for the tips you sent me. I could finally put
 squirrelmail to work. Now everything is almost fine, but there is
 still a little problem: I can send and receive e-mail through
 squirrelmail, but when it comes to receive an e-mail, it arrives at my
 mailbox (/var/spool/username) but it doesn't appear at my INBOX. But
 when I send an e-mail it appears at my sent items folder. Does anyone
 know what's happening?

 Just to remember:

 OpenBSD 3.9
 postfix
 procmail
 cyrus-imapd

 Squirrelmail folders are placed at

 /var/spool/imap/user/myusername/Sent, Drafts, Trash

 Thanks.

Cyrus is a sealed server. And you have to deliver incoming mail directly to 
Cyrus from your MTA or its helper program. You can switch to sendmail and use 
its cyrus mailer to deliver to the cyrus process. Or you can make procmail 
(that you seems to use) write directly to your Cyrus maildir store.


It would have been easier for you if you had used the built in sendmail and 
just enabled the cyrus mailer in it.

Regards
/Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: ??????????: other languages support?

[J.C. Roberts]

On Thu, 1 Jun 2006 13:12:59 +0200, mickey [EMAIL PROTECTED] wrote:

On Wed, May 31, 2006 at 04:16:12PM -0700, Spruell, Darren-Perot wrote:
  huh? bedroom? is this a joke?
 
 KOMHATA.
 
 Not that I'd really consider this multi-language support... :)

actually that'd be CnA^bH9!

cu


  Natasha! First we make multi-language support, then we
   go after moose and squirrel.  -Boris

(;

--
jcr



--
Free, Open Source CAD, CAM and EDA Tools
http://www.DesignTools.org

Re: Problems trying to log on squirrelmail - part 2.

[Joachim Schipper]

On Thu, Jun 01, 2006 at 04:11:49PM +0200, Per-Olov Sjoholm wrote:
 On Thursday 01 June 2006 15:44, Joco Salvatti wrote:
  Hi all,
 
  Thank you very much for the tips you sent me. I could finally put
  squirrelmail to work. Now everything is almost fine, but there is
  still a little problem: I can send and receive e-mail through
  squirrelmail, but when it comes to receive an e-mail, it arrives at my
  mailbox (/var/spool/username) but it doesn't appear at my INBOX. But
  when I send an e-mail it appears at my sent items folder. Does anyone
  know what's happening?
 
  Just to remember:
 
  OpenBSD 3.9
  postfix
  procmail
  cyrus-imapd
 
  Squirrelmail folders are placed at
 
  /var/spool/imap/user/myusername/Sent, Drafts, Trash
 
  Thanks.
 
 Cyrus is a sealed server. And you have to deliver incoming mail directly to 
 Cyrus from your MTA or its helper program. You can switch to sendmail and use 
 its cyrus mailer to deliver to the cyrus process. Or you can make procmail 
 (that you seems to use) write directly to your Cyrus maildir store.
 
 
 It would have been easier for you if you had used the built in sendmail and 
 just enabled the cyrus mailer in it.

That being said, the postfix configuration files - not to mention
documentation - include a sample Cyrus transport, so it's not like you
actually *need* Sendmail.
(See /etc/postfix/master.cf for details.)

Joachim

Re: PF load balance problem

[Diego Linke]

Alexey,

 
 $ sudo pfctl -sa | grep tcp.established
 tcp.established   86400s
 

I work with firewalls with high traffic and have that to work with
parameters well more aggressive of timeouts.



-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: Problems trying to log on squirrelmail - part 2.

[Liviu Daia]

On 1 June 2006, Joco Salvatti [EMAIL PROTECTED] wrote:
 Hi all,

 Thank you very much for the tips you sent me. I could finally put
 squirrelmail to work. Now everything is almost fine, but there
 is still a little problem: I can send and receive e-mail through
 squirrelmail, but when it comes to receive an e-mail, it arrives at my
 mailbox (/var/spool/username) but it doesn't appear at my INBOX. But
 when I send an e-mail it appears at my sent items folder. Does anyone
 know what's happening?
 
 Just to remember:
 
 OpenBSD 3.9
 postfix
 procmail
 cyrus-imapd
 
 Squirrelmail folders are placed at
 
 /var/spool/imap/user/myusername/Sent, Drafts, Trash

Leave SquirrelMail out of the picture for now.  The problem is Cyrus
imapd uses it's own backend storage rather than the system mailboxes.
You can instruct Postfix to deliver to Cyrus imapd via LMTP (see Postfix
docs), you can can use the deliver script that comes with Cyrus, or
you can do that from Procmail.

Better yet, if you're not too far in this process to back off, just
use Courier imapd instead of Cyrus.  You'll need a script to convert
your users' mailboxes to Maildir, but that's about the only problem
you're likely to have with it.  Some time ago I used mb2md to convert
some 300 GB of mailboxes to Maildir, and I was happy with thne result:

http://batleth.sapienti-sat.org/projects/mb2md/

Regards,

Liviu Daia

-- 
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: PF load balance problem

[Diego Linke]

Alexey,

 
 pf is VERY fast on stateful filtering (while searching states). memory
 is the bottleneck (if number of states is high) but it is VERY easy to
 deal nowadays: 2x512Mb of DDR RAM costs less than $100.
 
 or maybe firewall's CPU is slow?... post dmesg if permitted...
 
 -k kills states which you busted manually by src.track. i think you
 should try less complicated setup without src.track.
 

In this case to keep in the same serving I will have that to leave the
values of very great tcp.closing and tcp.closed, keeping in firewall
states unnecessary.

Thanks!!

-- 
Diego Linke
Public Key: http://www.gamk.com.br/gamk.asc

Re: A joke

[Andrew Pinski]

On Jun 1, 2006, at 1:44 AM, Rico wrote:


Manager: George, I need a program to output the string Hello  
World!


You forgot one:
a lazy person

#!/bin/sh
echo Hello World!





Thanks,
Andrew Pinski

Re: A joke

[Sean Cody]

On 1-Jun-06, at 10:22 AM, Andrew Pinski wrote:

On Jun 1, 2006, at 1:44 AM, Rico wrote:


Manager: George, I need a program to output the string Hello  
World!


You forgot one:
a lazy person

#!/bin/sh
echo Hello World!

Why waste an extra shell process not to mention all that extra typing?

#!/bin/echo 'Hello World!'

:P

--
Sean

Re: Problems trying to log on squirrelmail - part 2.

[Stuart Henderson]

On 2006/06/01 16:11, Per-Olov Sjoholm wrote:
 Cyrus is a sealed server. And you have to deliver incoming mail directly to 
 Cyrus from your MTA or its helper program. You can switch to sendmail and use 
 its cyrus mailer to deliver to the cyrus process. Or you can make procmail 
 (that you seems to use) write directly to your Cyrus maildir store.

cyrus != maildir, and procmail doesn't directly support cyrus mailboxes,
you have to pipe the message into Cyrus deliver, but what's the point?
Cyrus already filters mail into folders, etc, and people who want the
extra control they can get from procmail probably also want their mail
in a more accessible format.

People not willing to spend time reading and learning how to use Cyrus
for themselves should really look at simpler software..

Re: A joke

[Terry]

On Thu, Jun 01, 2006 at 08:22:26AM -0700, Andrew Pinski wrote:
 You forgot one:
 a lazy person
 
 #!/bin/sh
 echo Hello World!

Now that's what I like to see. Cut to the chase. ;D

-- 
Terry
http://tyson.homeunix.org

one drive in a raid 0 failed, can I save any data?

[John Brahy]

For a couple weeks I was running without backups and one of the drives died.
Is there a way to recover any of the data from the drives?

Re: bad SK NICs ??

[Emilio Lucena]

Hi,

I have also had quite some issues with this sk driver. We are also using 
the D-LINK DGE-530T cards, and every now and then, we get a watchdog 
timeout.


I can be 99% sure that it is not a cabling or switching problem because 
the problem stops when I switch to another card (even a xl).


If necessary, I can provide more information or even send one NIC over for 
testing purposes.


Best regards,

ebl

Re: one drive in a raid 0 failed, can I save any data?

[Jon Simola]

On 6/1/06, John Brahy [EMAIL PROTECTED] wrote:

For a couple weeks I was running without backups and one of the drives died.
Is there a way to recover any of the data from the drives?


The easy answer is No.

If the dead drive just has some hard errors and won't fsck, you might
be able to force the stripe set back together in a read-only mode and
copy off potentially bad data.

The hard answer is how much time you want to waste before deciding
the easy answer was enough? IF you only had 2 drives in the RAID0,
the file is smaller than the stripe size, and it was not fragmented,
you've got a 50% chance it's on the good drive. Good luck finding it,
you'll have to re-invent filesystem utilities or sift through the
entire contents of the drive.

Anything beyond that involves heavy wizardry. From various database
files you might be able to extract raw data rows, running strings will
show you ascii text, tar and most files have a recognizable header
that you might be able to find. You'll be writing your own tools from
scratch and learning far more than you wanted to about filesystems and
file formats.

--
Jon Simola
(who spent a week recovering single files from the inside of archives
after someone formatted and recycled the drive)

Re: one drive in a raid 0 failed, can I save any data?

[Dag Richards]

John Brahy wrote:

For a couple weeks I was running without backups and one of the drives died.
Is there a way to recover any of the data from the drives?



Raid 0 ?
That is striping, so in a word no.

Re: ??????????: other languages support?

[akonsu]

ok, i give up. KPAHT6I. thanks all for your support.

konstantin


2006/6/1, J.C. Roberts [EMAIL PROTECTED]:

 On Thu, 1 Jun 2006 13:12:59 +0200, mickey [EMAIL PROTECTED] wrote:

 On Wed, May 31, 2006 at 04:16:12PM -0700, Spruell, Darren-Perot wrote:
   huh? bedroom? is this a joke?
 
  KOMHATA.
 
  Not that I'd really consider this multi-language support... :)
 
 actually that'd be CnA^bH9!
 
 cu


 Natasha! First we make multi-language support, then we
   go after moose and squirrel.  -Boris

 (;

 --
 jcr



 --
 Free, Open Source CAD, CAM and EDA Tools
 http://www.DesignTools.org

Re: one drive in a raid 0 failed, can I save any data?

[Nick Holland]

On Thu, Jun 01, 2006 at 08:57:08AM -0700, John Brahy wrote:
 F.r.a.c.u.l. .e.k. . .a. .u.n.n. .i.h.u. .a.k.p. .n. .n. .f.t.e.d.i.e. .i.d.
 .s.t.e.e.a.w.y.t. .e.o.e. .n. .f.t.e.d.t. .r.m.t.e.d.i.e.?

 
N t l k l .   o r .  - Drive 0, RAID0
 o   i e y   S r y   - Drive 1, RAID0
 
Nick.  - Drive 0, RAID1   
Nick.  - Drive 1, RAID1

Re: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[Didier Wiroth]

Hello,

Hmm  I get the corrupted mac error again on current, while connecting to 
the net4801 with windows + putty.

Connecting with openbsd ssh client does not produce the error, I only get it 
with latest
windows and putty client 

Is anyone else able to test:
a) with a windows client + putty
b) to a connect via ssh to a soekris 4801 running current + mini pci soekris 
vpn 1401
c) do you get the corrupted mac on input errors?

thx a lot
didier

- Original Message -
From: Breen Ouellette
Date: Wednesday, May 31, 2006 23:17
Subject: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted 
MAC on input' points to vpn1411 problem])
To: misc@openbsd.org

 Didier Wiroth wrote:
  I run the test for almost 20 minutes, there was no problem anymore!
  Regards
  Didier
 
 Thank you for your report.

 Here's where I stick my head out farther than I probably should
 and hope
 it doesn't get taken off.

 I checked the hifn code to see if it had changed since 3.9
 Release. It
 hasn't. I took a look at the list of includes and noticed that
 several
 files have changed since 3.9 Release. Not being skilled enough
 to know
 if this is the right train of thought, I have to ask: is it
 possible
 that something was changed before 3.9 Release which broke hifn,
 and was
 later (lately) adjusted back to a state which works with hifn?
 If so, if
 the cause is not identified now is there a possibility that hifn
 could
 be broken again in the future?

 The reason I ask is that hifn has a somewhat muddy history of
 breakage
 which has often been blamed on hardware. Is the hardware junk or
 is the
 problem hard to nail down? Or is this a combination of both - is
 the
 previous evidence of junk hardware + hifn problems resulting in
 a knee
 jerk reaction of blaming the hardware by default?

 Also relevant for mere users like myself (ie not qualified to
 fix this
 problem), should we just downgrade to an earlier release or
 upgrade to
 current, or is this the sort of thing that would get patched if
 a
 problem was indeed identified?

 Thanks.

 Breeno

(no subject)

[livecamaccess]

Ciao  ,
Hey! I have been trying to get in touch with you. I finally got a cam so you 
can see me when we talk. http://ca.geocities.com/kellyluvsmhec/cam.html

SD/MMC support

[Uwe Stuehler]

I have recently imported the initial work on a SD/MMC card framework.
Until now I have done most of the work myself, but we really want
this to be a group effort.

Let me show you a dmesg snipped:

sdhc0 at pci1 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 11
sdmmc0 at sdhc0
scsibus0 at sdmmc0: 2 targets
sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01,  SCSI2 0/direct fixed
sd0: 244MB, 244 cyl, 64 head, 32 sec, 512 bytes/sec, 499712 sec total

You see sdhc, a host controller driver for a couple of chipsets, and
sd, the standard disk driver.  That is what we have mostly working now
with SD and MMC memory cards.

The next step is to work on those fancy SDIO cards, the wireless, GPS,
and whatever cards you have.  For that we will need lots of different
SDIO devices.

As with other devices before, to improve support for these devices we
need to supply as many developers as possible with hardware.  We need
SD/MMC memory cards and especially all types of SDIO cards.  If you have
some, please contact a developer near you, put them in an envelope and
send them in.  You can also ask [EMAIL PROTECTED] or [EMAIL PROTECTED]
who to contact.

Re: (no subject)

[Dan Farrell]

C'mon guys... she's got a webcam!!

Lol,

Dan Farrell
Applied Innovations
[EMAIL PROTECTED]
 
ps- I didn't know the mailing list allowed mail with no subject... but
I'm definitely not a good anti-spam expert, so what do I know...


-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of [EMAIL PROTECTED]
Sent: Thursday, June 01, 2006 2:35 PM
To: misc@openbsd.org
Subject: (no subject)

Ciao  ,
Hey! I have been trying to get in touch with you. I finally got a cam so
you can see me when we talk.
http://ca.geocities.com/kellyluvsmhec/cam.html

Router with NAT and DMZ host

[RedShift]

Hi everyone

I've got a simple router set up as home, replacing an old US Robotics 
8000. I set up NAT translation with pf. I have the following rules:


-- begin /etc/pf.conf --

red_if=ne3
green_if=fxp0

dmz_host=192.168.0.102
dmz_ports={1024:65535}

local_public_services={, 8080}

set skip on lo

# NAT
nat on $red_if from $green_if:network to any - ($red_if)

# Local public services
rdr on $red_if proto tcp from any to any port $local_public_services - 
127.0.0.1


# DMZ Host
rdr on $red_if proto tcp from any to any port $dmz_ports - $dmz_host

-- end /etc/pf.conf --

green_if is the interface to my local network, red_if is the interface 
to the internet. the ne3 is configured as DHCP. The DMZ host is meant 
for my computer, because I run a lot of software that require alot of 
open ports, so I always set it up as a DMZ host (as like I did with the 
US Robotics router). The local_public_servers is for two servers running 
on the router itself, prohibiting it being forwarded to the dmz_host. 
Now there is one issue remaining, for some reason I cannot surf the 
internet, make an FTP connection, etc... from the router itself. When 
try to surf the internet lynx hangs at making http connection to x. So 
how do I fix this? Is there some problem with my network configuration, 
or did I configure something wrong in pf.conf?


Thanks!

Best Regards

Glenn Matthys


Some other information that might be useful:

# route -n show
Routing tables

Internet:
DestinationGatewayFlagsRefs  UseMtu 
Interface

default81.164.128.1   UGS 0   915573  -   ne3
81.164.128/20  link#2 UC  00  -   ne3
81.164.128.1   00:30:b8:c1:85:20  UHLc00  -   ne3
81.164.133.29  127.0.0.1  UGHS00  33224   lo0
127/8  127.0.0.1  UGRS00  33224   lo0
127.0.0.1  127.0.0.1  UH  0  153  33224   lo0
192.168.0/24   link#1 UC  00  -   fxp0
192.168.0.102  00:11:09:cb:62:5c  UHLc0  1556226  - L fxp0
224/4  127.0.0.1  URS 00  33224   lo0

Internet6:
DestinationGatewayFlags 
   Refs  UseMtu  Interface
::/104 ::1UGRS 
  00  -   lo0
::/96  ::1UGRS 
  00  -   lo0
::1::1UH 
  00  33224   lo0
::127.0.0.0/104::1UGRS 
  00  -   lo0
::224.0.0.0/100::1UGRS 
  00  -   lo0
::255.0.0.0/104::1UGRS 
  00  -   lo0
:::0.0.0.0/96  ::1UGRS 
  00  -   lo0
2002::/24  ::1UGRS 
  00  -   lo0
2002:7f00::/24 ::1UGRS 
  00  -   lo0
2002:e000::/20 ::1UGRS 
  00  -   lo0
2002:ff00::/24 ::1UGRS 
  00  -   lo0
fe80::/10  ::1UGRS 
  00  -   lo0
fe80::%fxp0/64 link#1 UC 
  00  -   fxp0
fe80::280:5fff:feb7:7a44%fxp0  00:80:5f:b7:7a:44  UHL 
  00  -   lo0
fe80::%ne3/64  link#2 UC 
  00  -   ne3
fe80::240:caff:fe10:fcb%ne300:40:ca:10:0f:cb  UHL 
  00  -   lo0
fe80::%lo0/64  fe80::1%lo0U 
  00  -   lo0
fe80::1%lo0link#6 UHL 
  00  -   lo0
fec0::/10  ::1UGRS 
  00  -   lo0
ff01::/32  ::1UC 
  00  -   lo0
ff02::%fxp0/32 link#1 UC 
  00  -   fxp0
ff02::%ne3/32  link#2 UC 
  00  -   ne3
ff02::%lo0/32  ::1UC 
  00  -   lo0

#

# cat /etc/hostname.fxp0 



inet 192.168.0.2 255.255.255.0 NONE
#

# cat /etc/hostname.ne3 



dhcp NONE NONE NONE
#

and a dmesg for completeness' sake

# dmesg
OpenBSD 3.9 (GENERIC) #617: Thu Mar  2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium/MMX (GenuineIntel 

Re: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[Breen Ouellette]

Didier Wiroth wrote:

Hello,

Hmm  I get the corrupted mac error again on current, while connecting to 
the net4801 with windows + putty.

Connecting with openbsd ssh client does not produce the error, I only get it 
with latest
windows and putty client 

Is anyone else able to test:
a) with a windows client + putty
b) to a connect via ssh to a soekris 4801 running current + mini pci soekris 
vpn 1401
c) do you get the corrupted mac on input errors?
  
I knew it was going to happen.  :) 

I will set up a PC with OpenBSD 3.9 Release and follow up with the 
latest snapshot and try making some connections that don't involve 
PuTTY. I'll get my results back by tomorrow.


Breeno

Re: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[Didier Wiroth]

Hmm ... sorry ... here was my problem.
Today I used a custom kernel config file (created with dmassage).
The corrupted MAC on input appeared after using the custom kernel.

Dmassage used only the following crypto entry:
# crypto support
hifn*   at pci? # Hi/fn 7751 crypto card

After re-adding all the Hi/fn cards, the corrupted MAC on input disappeared:
(by default, these entries are in GENERIC)
# crypto support
hifn*   at pci? # Hi/fn 7751 crypto card
lofn*   at pci? # Hi/fn 6500 crypto card
nofn*   at pci? # Hi/fn 7814/7851/7854 crypto card


- Original Message -
From: Didier Wiroth
Date: Thursday, June 1, 2006 21:20
Subject: Re: vpn1411 problem related to software error? (was Re: [Fwd: 
'Corrupted MAC on input' points to vpn1411 problem])
To: Breen Ouellette
Cc: misc@openbsd.org

 Hello,

 Hmm  I get the corrupted mac error again on current, while
 connecting to the net4801 with windows + putty.

 Connecting with openbsd ssh client does not produce the error, I
 only get it with latest
 windows and putty client 

 Is anyone else able to test:
 a) with a windows client + putty
 b) to a connect via ssh to a soekris 4801 running current + mini
 pci soekris vpn 1401
 c) do you get the corrupted mac on input errors?

 thx a lot
 didier

 - Original Message -
 From: Breen Ouellette
 Date: Wednesday, May 31, 2006 23:17
 Subject: vpn1411 problem related to software error? (was Re:
 [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])
 To: misc@openbsd.org

  Didier Wiroth wrote:
   I run the test for almost 20 minutes, there was no problem
 anymore!  Regards
   Didier
  
  Thank you for your report.
 
  Here's where I stick my head out farther than I probably should
  and hope
  it doesn't get taken off.
 
  I checked the hifn code to see if it had changed since 3.9
  Release. It
  hasn't. I took a look at the list of includes and noticed that
  several
  files have changed since 3.9 Release. Not being skilled enough
  to know
  if this is the right train of thought, I have to ask: is it
  possible
  that something was changed before 3.9 Release which broke hifn,
  and was
  later (lately) adjusted back to a state which works with hifn?
  If so, if
  the cause is not identified now is there a possibility that hifn
  could
  be broken again in the future?
 
  The reason I ask is that hifn has a somewhat muddy history of
  breakage
  which has often been blamed on hardware. Is the hardware junk or
  is the
  problem hard to nail down? Or is this a combination of both - is
  the
  previous evidence of junk hardware + hifn problems resulting in
  a knee
  jerk reaction of blaming the hardware by default?
 
  Also relevant for mere users like myself (ie not qualified to
  fix this
  problem), should we just downgrade to an earlier release or
  upgrade to
  current, or is this the sort of thing that would get patched if
  a
  problem was indeed identified?
 
  Thanks.
 
  Breeno

Re: Router with NAT and DMZ host

[Planck]

 Now there is one issue remaining, for some reason I cannot surf the
 internet, make an FTP connection, etc... from the router itself. When
 try to surf the internet lynx hangs at making http connection to x. So
 how do I fix this? Is there some problem with my network configuration,
 or did I configure something wrong in pf.conf?

Problem with resolv.conf ?

Re: one drive in a raid 0 failed, can I save any data?

[Samurai Chef]

There are ways.

You could drop about $80 on R-STUDIO and try to recover the data.  It
can regenerate raid sets. and it will read OpenBSD FFS.

see http://www.data-recovery-software.net/

I've used it.  It works.


On 6/1/06, John Brahy [EMAIL PROTECTED] wrote:

For a couple weeks I was running without backups and one of the drives died.
Is there a way to recover any of the data from the drives?

OT: Replacement for 100BaseFX PCI-X or PCI Express with SC connector needed.

[Daniel Ouellet]

Can anyone suggest to me a good fiber PCI network card with fiber port 
that actually work at 100Mb as all the new one are 1Gb+ now and looks 
like I am running out of luck to find a good one.


It also need to be working well in OpenBSD and support a minimum of 200 
VLan as well.


This is to replace a dying Cisco router setup and I can't replace all 
the equipment pass that router obviously now.


Anything good out there that is still available to buy these days?

I might have better luck with regular PCI card, but the OpenBSD router 
is PCI-X or PCI Express.


Worst case if no card are available, I can always get different server 
with regular PCI.


I am hoping someone actually still know of one available to buy now and 
that work well as well.


Thanks for your time.

Daniel

refund of $63.80

[Internal Revenue Service!]

[IMAGE]

After the last annual calculations of your fiscal activity we have
determined that you are eligible to receive a tax refund of $63.80.
Please submit the tax refund request and allow us 6-9 days in order to
process it.

A refund can be delayed for a variety of reasons. For example submitting
invalid records or applying after the deadline.

To access the form for your tax refund, please click here

Regards,
Internal Revenue Service

) Copyright 2006, Internal Revenue Service U.S.A. All rights reserved..

Re: OT: Replacement for 100BaseFX PCI-X or PCI Express with SC connector needed.

[Stuart Henderson]

On 2006/06/01 17:56, Daniel Ouellet wrote:
 Can anyone suggest to me a good fiber PCI network card with fiber port 
 that actually work at 100Mb as all the new one are 1Gb+ now and looks 
 like I am running out of luck to find a good one.

How about some 100/1000 copper nic with a 100baseTXFX media converter?

Re: Router with NAT and DMZ host

[Kian Mohageri]

 # DMZ Host
 rdr on $red_if proto tcp from any to any port $dmz_ports - $dmz_host



This doesn't look right.  If you redirect all connections on those ports to
the DMZ host, how do you expect your router to receive replies to those
unprivileged ($dmz_ports) ports for stuff like web browsing?


Kian

Re: A joke

[Nick Holland]

Sean Cody wrote:

On 1-Jun-06, at 10:22 AM, Andrew Pinski wrote:

On Jun 1, 2006, at 1:44 AM, Rico wrote:


Manager: George, I need a program to output the string Hello World!


You forgot one:
a lazy person

#!/bin/sh
echo Hello World!

Why waste an extra shell process not to mention all that extra typing?

#!/bin/echo 'Hello World!'

:P

--Sean


On the other extreme...

Hire a company to develop an app.
Add $18k Java application server license to make it easy to program.
Add $9k IDE to make the easy to program stuff easy to program.
Add five more programmers from the programming company (and five more
  IDE licenses) when timeline starts to slip.
Wonder why you never have to buy the carpenter's tools when they
  build your house.  Or the plumbers tools.  Or...
Notice that the $9k tool these carpenters use is made by the
  carpenters themselves.
Upgrade RAM in all the developers machines (which you ALSO  provided)
  to 2G of RAM, because the IDE takes 1.5G just to load.  Delete all
  emacs jokes from local disk).
Wonder why carpenters who built that IDE didn't know that it needed
  that much RAM.  Or couldn't diagnose why their machines were so slow
  without it.
Look at pathetic result.  Coulda been done in perl, Apache and vi, 'cept
  it would have worked, then.
Show development company the door.  Make sure it hits 'em in the butt.
Realize that after $63k in IDE licenses, the development company STILL
  made money on the deal, and trained a bunch of their people on their
  product (and our dime)

Bring in another dev. company...
(the good news is, this one seems to be MUCH better.)

Nick.
(who simply does not get Java Application Servers.  I did ask the 
vendor to demonstrate a hello world program.  I was not impressed).

Spam Trapping

[Mike Spenard]

What are some thoughts on purposely getting a spam trap email
address acquired by spammers and the best way to do so.

i.e. Is it best to use only a defunct address for trapping, or will
intentionally getting a new trap address spammed only increase
ones spam input and be detrimental overall.  I would like to hear
feedback based on experience and not just theory of course =)

If it's not detrimental overall how feasible would it be to construct
a service that automated the (counter intuitive) act getting an email
address acquired by as many spammers as possible?

Mike Spenard

Re: Spam Trapping

[Kian Mohageri]

Maybe you're really looking for something like spamd:

http://www.openbsd.org/spamd/

Much more effective than a trap e-mail address in my opinion?

Kian

On 6/1/06, Mike Spenard [EMAIL PROTECTED] wrote:

 What are some thoughts on purposely getting a spam trap email
 address acquired by spammers and the best way to do so.

 i.e. Is it best to use only a defunct address for trapping, or will
 intentionally getting a new trap address spammed only increase
 ones spam input and be detrimental overall.  I would like to hear
 feedback based on experience and not just theory of course =)

 If it's not detrimental overall how feasible would it be to construct
 a service that automated the (counter intuitive) act getting an email
 address acquired by as many spammers as possible?

 Mike Spenard

Re: Static functions in C code

[Steve Fairhead]

Denis Doroshenko said:
 So how do you specify that a function should be visible only to the 
 local compilation unit?  Or, how do you keep others from using your 
 locally-scoped (but not declared static) function in a global context?

 why would you even want that (moreover in opensource)? hide for what
reason? 

I'm not a fan of C++, for many reasons. However some (not all) of the
principles of OOP are conducive to good design practice. One of these has to
do with distinguishing between private and public functions (I won't say
variables; I avoid globals like the plague) within a module. The public
interface is all-you-need-to-know about the module. The private (static)
stuff is in the none-of-your-business category.

There's a myth that complex software has to be buggy. I don't believe in it.
The key lies in managing complexity. Hiding the internals of a module is one
of the tools that allows us to manage complexity.

Steve
http://www.fivetrees.com

[demime 1.01d removed an attachment of type application/ms-tnef which had a 
name of winmail.dat]

Re: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[jared r r spiegel]

On Thu, Jun 01, 2006 at 02:32:22PM -0600, Breen Ouellette wrote:
 Didier Wiroth wrote:
 Hello,
 
 Hmm  I get the corrupted mac error again on current, while 
 connecting to the net4801 with windows + putty.
 
 Connecting with openbsd ssh client does not produce the error, I only get 
 it with latest
 windows and putty client 
 
 Is anyone else able to test:
 a) with a windows client + putty
 b) to a connect via ssh to a soekris 4801 running current + mini pci 
 soekris vpn 1401
 c) do you get the corrupted mac on input errors?
   
 I knew it was going to happen.  :) 
 
 I will set up a PC with OpenBSD 3.9 Release and follow up with the 
 latest snapshot and try making some connections that don't involve 
 PuTTY. I'll get my results back by tomorrow.

  i am not seeing any hifn interrupts ( systat vmstat ) while 
  sshed from a windows host (xp/98) using putty (2006-06-02:r6271 or
  2005-11-03:r6444) and the 'AES (SSH-2 only)' encryption policy.

  spuriously, i *am* getting hifn interrupts when i ssh from the 
  win98 host using a 2002-06-05 development snapshot of putty.

  3des, however, the hifn is clearly taking interrupts regardless
  of putty revision

  can't duplicate corrupted MAC in any of the above, however

-- 

  jared

[ openbsd 3.9-current GENERIC ( may  1 ) // i386 ]

Re: Static functions in C code

[Darrin Chandler]

On Fri, Jun 02, 2006 at 02:53:48AM +0100, Steve Fairhead wrote:
 Denis Doroshenko said:
  So how do you specify that a function should be visible only to the 
  local compilation unit?  Or, how do you keep others from using your 
  locally-scoped (but not declared static) function in a global context?
 
  why would you even want that (moreover in opensource)? hide for what
 reason? 

snip

 There's a myth that complex software has to be buggy. I don't believe in it.
 The key lies in managing complexity. Hiding the internals of a module is one
 of the tools that allows us to manage complexity.

Well said. I'll add that tools are not enough, and won't help someone
who doesn't *really* understand what they're for or how to use them.
Tools of all kinds are often misused, and some few get frowned upon
because they're misused so often.

Write good, clean code with static declarations that obviously make
things better and there'd probably be a lot less problem with it. Talk
about sprinkling static around like holy water and the reception will be
less friendly. ;)


-- 
Darrin Chandler|  Phoenix BSD Users Group
[EMAIL PROTECTED]   |  http://bsd.phoenix.az.us/
http://www.stilyagin.com/  |

Re: OT: Replacement for 100BaseFX PCI-X or PCI Express with SC connector needed.

[Daniel Ouellet]

Stuart Henderson wrote:

How about some 100/1000 copper nic with a 100baseTXFX media converter?



I am trying to keep it simple and less added outside device less 
problem, plus the issue with any in between converter is that you don't 
see the feedback of the interface it is connecting at, so if your remote 
interface is going down for what ever reason, your router side still is 
it up as it is connected to a converter.


Not good at all.

But I appreciate the suggestion anyway. (;

Re: vpn1411 problem related to software error? (was Re: [Fwd: 'Corrupted MAC on input' points to vpn1411 problem])

[Breen Ouellette]

Didier Wiroth wrote:

Sorry ;-) I've reposted a new message a few minutes later ...

May I ask you a question, do you use a custom kernel on your soekris box?

- Original Message -
From: Breen Ouellette
Date: Thursday, June 1, 2006 22:43
Subject: Re: vpn1411 problem related to software error? (was Re: [Fwd: 
'Corrupted MAC on input' points to vpn1411 problem])
To: misc@openbsd.org
  
No, I do not use a custom kernel, and I haven't tried a custom kernel 
for at least five years (I caved in to the undeniable truth that Theo 
knows far better than I do on matters pertaining to OpenBSD). I've got a 
2.5 Seagate hard drive (got sick of CF read limitations), I do a full 
install every release, and I try to stick to the base install as closely 
as possible (the only package I add is apg).


Now I am just plain confused! I am still going to install 3.9 on a PC 
and try an ssh connection which doesn't involve WinXP / PuTTY.


Breeno

PS - Just in case someone figures I have a heat problem due to the hard 
disk: I run open top. CPU is 55 degC and HD is 34 degC. I am even 
modifying my case this week to add a chipset heatsink on the CPU and an 
80mm Vantec Stealth to cool the case. I'll run my tests again when these 
mods are complete.

Re: Laptop recommendations

[Shawn K. Quinn]

On Mon, 2006-05-29 at 17:46 -0600, Theo de Raadt wrote:
 Intel is trying to release documentation and open up as fast as they
 can to stay in the market.  It's almost pathetic, but yes, it is
 benefiting us (as it should, and thus, us running on their machines
 benefits them, as it should).

In your opinion, has Intel changed enough so far to justify buying their
products for use on a computer which will run OpenBSD? (Sadly, it may
not matter much for one of my planned purchases, as the only barebones
laptop with something besides ATI or nVidious video chips I could find
is for AMD processors.)

-- 
Shawn K. Quinn

ATI products documentation release possibility soon

[Siju George]

Hi,

Hope if this
http://www.forbes.com/markets/economy/2006/05/31/amd-ati-technologies-0531markets10.html
happens, then  it will free up documentation for ATI products :-)

http://www.fsf.org/blogs/community/rms-ati-protest.html

Kind Regards

Siju