popular mail squid virus scanning technique for openbsd
Hi, One of my openBSD server is the Gateway/Firewall to internet. Our mal server(s) is on the Internet. What would be the best method to scan all mail traffic through the firewall? Currenly I am using plain NAT. It would be great if people can recommend which is the best software from packages/ports if I have to install any. Also I am using Squid for http/https proxy. Waht do you guys do to scan traffic through squid o your OpenBSd systems? Thankyou so much :-) Kind Regards Siju
Re: OpenBGPd and show advertised-routes / show received-routes
Le 3 juin 06 ` 20:05, Falk Brockerhoff a icrit : Hello, is there an equivalent for cisco's sh ip bgp neighbors neighbor advertised-routes and sh ip bgp neighbors neighbor received-routes Regards, Should be really usefull to debug some filters and see if they are really applied... /Xavier
Re: popular mail squid virus scanning technique for openbsd
Siju George wrote: Hi, One of my openBSD server is the Gateway/Firewall to internet. Our mal server(s) is on the Internet. What would be the best method to scan all mail traffic through the firewall? Currenly I am using plain NAT. It would be great if people can recommend which is the best software from packages/ports if I have to install any. Also I am using Squid for http/https proxy. Waht do you guys do to scan traffic through squid o your OpenBSd systems? Thankyou so much :-) Kind Regards Siju I would use mailscanner/clamav/spamd on the internet-server, or setup another mailserver on the firewall with this software, but this seems a bit overkill. No ideas about squid, but snort could do traffic-scanning on firewall. Greets, Chris
Re: OT: quiet fans and heatsinks
On Sun, 4 Jun 2006 21:43:25 -0500, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: i've got a few machines that have heatsinks and fans which are effective but very loud. i would like to get some heatsinks and fans that are quiet, reliable and reasonably priced. this has become a priority now that i've moved one of these machines to my home and keep it in my bedroom. these machines need Socket A and Socket 370 heatsinks. it's a plus if they're low profile for 1U and 2U rackmount units. all suggestions appreciated. cheers, jake Hi Jake, Most people just don't get it. The equation is simple: HEAT * TIME Thermal breakdown occurs over time. The longer you have the heat, the sooner things will fail. Loud, constantly running fans are a very very Good Thing (TM), since even if there is little heat for them to dissipate you are still helping to reduce the effect of the HEAT * TIME equation. It might sound strange, but the above is also very important for hard drives. If you keep them cool, they will run for far longer than if you let stay at a constant warm temp. EMC, NetApp and others which deal with very large concentrations of hard drives have all done (unreleased, internal) testing which proves for each degree above some minimum value, the MTBF of a hard drive is decreased by 50%. The annoyance of a constantly running fan is far less than the annoyance of constantly replacing failed hardware. JCR -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org
Re: OT: quiet fans and heatsinks
On Mon, 05 Jun 2006 02:25:21 -0700, J.C. Roberts wrote: On Sun, 4 Jun 2006 21:43:25 -0500, Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: i've got a few machines that have heatsinks and fans which are effective but very loud. i would like to get some heatsinks and fans that are quiet, reliable and reasonably priced. this has become a priority now that i've moved one of these machines to my home and keep it in my bedroom. these machines need Socket A and Socket 370 heatsinks. it's a plus if they're low profile for 1U and 2U rackmount units. all suggestions appreciated. cheers, jake Hi Jake, Most people just don't get it. The equation is simple: HEAT * TIME Thermal breakdown occurs over time. The longer you have the heat, the sooner things will fail. Loud, constantly running fans are a very very Good Thing (TM), since even if there is little heat for them to dissipate you are still helping to reduce the effect of the HEAT * TIME equation. It might sound strange, but the above is also very important for hard drives. If you keep them cool, they will run for far longer than if you let stay at a constant warm temp. EMC, NetApp and others which deal with very large concentrations of hard drives have all done (unreleased, internal) testing which proves for each degree above some minimum value, the MTBF of a hard drive is decreased by 50%. The annoyance of a constantly running fan is far less than the annoyance of constantly replacing failed hardware. JCR -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org Ah yes. I agree BUT hopefully the OP is looking for a fan that does as well as a noisy one whilst being much quieter. There are some very noisy after-market units which a local magazine tested on Intel mobos and they were found to be less capable than the relatively quiet Intel fan that came with the CPU at no extra cost... To overclockers the roaring sound is their version of the roar of a primate declaring his dominance. I've always aimed at having a car with a quiet exhaust and really good tyres that let me get across an intersection whilst the other guy is still noisily saluting the green light. The two quietest computers here are a DX4-100 and a P75. They run at their max speed. Neither has a fan but I did give both good heat sinks. Nearly 10 years of 24*7 ain't too bad? From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
Re: DS21140(Tulip) Quad port nic and PF
I have seen this with pc's which had problems supporting the pci bridge on the network cards, usually older/cheaper pc's. I don't remember the name of the Adaptec card I dug out of the rubbish bin, but it looks like this in my old home firewalls. ppb1 at pci1 dev 0 function 0 DEC 21154 PCI-PCI rev 0x02 pci2 at ppb1 bus 2 sf0 at pci2 dev 4 function 0 Adaptec AIC-6915 rev 0x03: irq 11 address 00:00:d1:ee:0d:35 sqphy0 at sf0 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf1 at pci2 dev 5 function 0 Adaptec AIC-6915 rev 0x03: irq 10 address 00:00:d1:ee:0d:36 sqphy1 at sf1 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf2 at pci2 dev 6 function 0 Adaptec AIC-6915 rev 0x03: irq 9 address 00:00:d1:ee:0d:37 sqphy2 at sf2 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf3 at pci2 dev 7 function 0 Adaptec AIC-6915 rev 0x03: irq 9 address 00:00:d1:ee:0d:38 sqphy3 at sf3 phy 1: Seeq 80220 10/100 PHY, rev. 1 ppb2 at pci1 dev 1 function 0 DEC 21154 PCI-PCI rev 0x02 pci3 at ppb2 bus 3 sf4 at pci3 dev 4 function 0 Adaptec AIC-6915 rev 0x03: irq 9 address 00:00:d1:ee:11:2d sqphy4 at sf4 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf5 at pci3 dev 5 function 0 Adaptec AIC-6915 rev 0x03: irq 11 address 00:00:d1:ee:11:2e sqphy5 at sf5 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf6 at pci3 dev 6 function 0 Adaptec AIC-6915 rev 0x03: irq 10 address 00:00:d1:ee:11:2f sqphy6 at sf6 phy 1: Seeq 80220 10/100 PHY, rev. 1 sf7 at pci3 dev 7 function 0 Adaptec AIC-6915 rev 0x03: irq 9 address 00:00:d1:ee:11:30 sqphy7 at sf7 phy 1: Seeq 80220 10/100 PHY, rev. 1 /Tony
Re: OT: quiet fans and heatsinks
Thus spake J.C. Roberts ([EMAIL PROTECTED]) [05/06/06 05:20]: : Most people just don't get it. The equation is simple: : : HEAT * TIME And, as someone else has more elegantly pointed out: COOL != LOUD A well-designed cooling system can keep your system running cooler than with stock hardware, all while generating much less noise.
Re: OT: quiet fans and heatsinks
Jacob Yocom-Piatt wrote: i've got a few machines that have heatsinks and fans which are effective but very loud. i would like to get some heatsinks and fans that are quiet, reliable and reasonably priced. this has become a priority now that i've moved one of these machines to my home and keep it in my bedroom. these machines need Socket A and Socket 370 heatsinks. it's a plus if they're low profile for 1U and 2U rackmount units. all suggestions appreciated. cheers, jake http://www.zalmanusa.com/
Re: ultra-slow filesystem on mp - solved
Christian Pedaschus wrote: i was a bit too fast with replying. deleting is very fast now, but copying still takes forever, 11minutes for 150mb... any more thoughts? I did a fresh install and now it works with ~2mb/sec (with softdep). Seems i borked something last time... Greets, Chris
Re: OT: quiet fans and heatsinks
On Mon, 5 Jun 2006 06:25:09 -0400, Damian Gerow [EMAIL PROTECTED] wrote: Thus spake J.C. Roberts ([EMAIL PROTECTED]) [05/06/06 05:20]: : Most people just don't get it. The equation is simple: : : HEAT * TIME And, as someone else has more elegantly pointed out: COOL != LOUD A well-designed cooling system can keep your system running cooler than with stock hardware, all while generating much less noise. You're right that well designed cooling systems can make things run cooler and with less noise but more importantly, there's only one way to determine if various cooling systems are actually well designed; namely, you have to go buy a stack of them and then test all of them in your particular application... -and how do you find out if they are reliable? In other words, you are only right when you have plenty of time and money to waste... A set of cheap, loud, easily replaced, high volume fans generally solves the problem in a more reliable fashion and with far less time and expense. When you start dealing with tons of systems (the OP, Jake, likes to work with clusters), buying tons of those custom coolers can get way too expensive. If it's just a home PeeCee just turn the darn thing off at night. On the other hand, if you chose to sleep with high end servers running at full bore, then you should expect to hear some degree of droning noise and learn to ignore it... -kinda seems way too close to getting married. (; jcr -- Free, Open Source CAD, CAM and EDA Tools http://www.DesignTools.org
Max 2 ISP bandwith with OpenBSD 3.9
Dear all I have 2 connection ISP ( let's say ISP-A and ISP-B ). My Question : How to Max Bandwith for Both isp , may be : - Redudant ( for proxy server ) - Fail over ( for GateWay and MX server ) - Load Balancing ( For Web Server and Mail server ) Of course all using OpenBSD 3.9 and i don't have ASN number n BGP only IP . -sonjaya-
WHM ( Web Hosting Management) in OpenBSD
Dear all Any body here have install GPL WHM ( Web Hosting Management ) in OpenBSD such as ISP config , i have plant to use OpenBSD for WebHosting . Mya be can be give some success story instal WHM ( IN GPL ) OpenBSD. -sonjaya-
Re: OT: quiet fans and heatsinks
Thus spake J.C.Roberts ([EMAIL PROTECTED]) [05/06/06 08:35]: : You're right that well designed cooling systems can make things run : cooler and with less noise but more importantly, there's only one way to : determine if various cooling systems are actually well designed; namely, : you have to go buy a stack of them and then test all of them in your : particular application... -and how do you find out if they are reliable? Funny. I did a bunch of research for other's opinions on the Web, and the first set of heatsink/fans I purchased turned out to be quiet, cool, and reliable -- three years later, I'm still using the original fan I purchased. All subsequent purchases from the same company (Zalman) have proven to be pretty much exactly the same: quiet, cool, and reliable. (This is my last contribution to this thread. It's pretty off-topic, and the original poster already has a few good leads on good cooling solutions.) - Damian
Re: Does Lenovo suck ?
On 6/4/2006 at 8:43 PM Rott_En wrote: |I have a Lenovo R51e and I can tell you that the hardware is 100% |compatible with almost all live CD *nix distributions, no problem at all. | |I am very satisfied of this product because it is robust and fair, battery |life is good and hardware seems to be largely supported. = The question, as I see it, is: do you want to support a vendor who actively avoids supporting, and appears openly antagonistic towards, open source?
Re: Crypto Partition Problem
Hello Is it a risk to attempt using your recommedation ? Am I risking the integrity of my cryptofile container ? It is 90GB big and I dont have any auxiliary backup medium so big, taking a backup of it is almost out of hope. I can't loose the data from this cryptofile, so please tell me if I risk using your method of repair. Thank you in advance. Juha Erkkila [EMAIL PROTECTED] wrote: On Sun, Jun 04, 2006 at 02:07:22AM -0700, Rott_En wrote: # Important Note: Under OpenBSD's current encrypted vnd filesystem # implementation, when a system with a mounted, encrypted vnd filesystem # is shutdown uncleanly, the encrypted vnd filesystem's structures get # damaged and, since OpenBSD's fsck will not acknowledge vnd filesystems, # these damaged structures can not reasonably be repaired. i don't think this is true. just use vnconfig to attach a file to svnd0, and then do fsck /dev/rsvnd0c (maybe take a backup first?) OTOH, whether that works may depend on the disklabel on /dev/rsvnd0c, but at least i do this routinely in a similar script as yours, before mounting /dev/svnd0c, and it appears to work fine for me Juha Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Crypto Partition Problem
Original message Date: Mon, 5 Jun 2006 04:47:28 -0700 (PDT) From: Rott_En [EMAIL PROTECTED] Subject: Re: Crypto Partition Problem To: misc@openbsd.org Hello Is it a risk to attempt using your recommedation ? Am I risking the integrity of my cryptofile container ? It is 90GB big and I dont have any auxiliary backup medium so big, taking a backup of it is almost out of hope. i have a few encrypted disk images on my machines and i only keep shady, non-vital stuff in them right now. any time you're serious about your data, you should be backing it up on a regular basis. is the whole 90GB full? do read http://openbsdsupport.org/BackupScriptExample.html to see a good script for keeping backups. this leads me to ask a related question (if anyone feels this is hijacking, respond in a new thread): if you have a large encrypted disk image that you usually mount with vnconfig, will backing up the partition on which the encrypted image resides be sufficient to get a good backup? what if the encrypted image is written to on a regular basis and cannot be relied upon to be unmodified during the time it takes to dump it to a backup server? will the backed up image be corrupted? i could try this myself, but am hella busy this week and someone here likely knows the answer. I can't loose the data from this cryptofile, so please tell me if I risk using your method of repair. Thank you in advance. Juha Erkkila [EMAIL PROTECTED] wrote: On Sun, Jun 04, 2006 at 02:07:22AM -0700, Rott_En wrote: # Important Note: Under OpenBSD's current encrypted vnd filesystem # implementation, when a system with a mounted, encrypted vnd filesystem # is shutdown uncleanly, the encrypted vnd filesystem's structures get # damaged and, since OpenBSD's fsck will not acknowledge vnd filesystems, # these damaged structures can not reasonably be repaired. i don't think this is true. just use vnconfig to attach a file to svnd0, and then do fsck /dev/rsvnd0c (maybe take a backup first?) OTOH, whether that works may depend on the disklabel on /dev/rsvnd0c, but at least i do this routinely in a similar script as yours, before mounting /dev/svnd0c, and it appears to work fine for me Juha
Re: OT: quiet fans and heatsinks
thanks a bunch for all the suggestions guys. i'll certainly try some of these heatsinks out since the 7000 RPM low profile screamers in the machine in my bedroom gave me a shitty night's sleep last night. too much like being married ;)
Re: tracking website visitors
On 2006-06-02 20:10:22 -0500, Jacob Yocom-Piatt wrote: i've got a website where i'd like to be able to make a map and/or list of the various IPs and/or domains that visit it. i've got a large access.log file for the site, could this be used to generate a map of the geographic locations of the IPs that have visited it? alternately, it could make a listing of the domain names for the visiting IPs. any suggestions on a good way to do this would be appreciated. Google Analytics is good and does what you want, but there's probably a huge waitinglist to get on: http://www.google.com/analytics/. There's not an invitation scheme like GMail, so I can't help you there. Also, it only works if the clients run a small piece of Javascript. Have a nice day Morten -- http://m.mongers.org/weblog/ -- http://flickr.com/photos/morten_liebach/
Re: popular mail squid virus scanning technique for openbsd
On Mon, 5 Jun 2006 12:33:23 +0530 Siju George [EMAIL PROTECTED] spake: Hi, One of my openBSD server is the Gateway/Firewall to internet. Our mal server(s) is on the Internet. What would be the best method to scan all mail traffic through the firewall? Currenly I am using plain NAT. It would be great if people can recommend which is the best software from packages/ports if I have to install any. Also I am using Squid for http/https proxy. Waht do you guys do to scan traffic through squid o your OpenBSd systems? Thankyou so much :-) We have had good luck with running postfix / clamav on a mail firewall which just receives, does a bunch of postfix checks, runs clamav, spamassassin and such, then forwards it internally if its okay. Works well and eliminates direct contact with a closed source email system.
Re: Crypto Partition Problem
On Mon, Jun 05, 2006 at 04:47:28AM -0700, Rott_En wrote: Is it a risk to attempt using your recommedation ? Am I risking the integrity of my cryptofile container ? It is 90GB big and I dont have any auxiliary backup medium so big, taking a backup of it is almost out of hope. I can't loose the data from this cryptofile, so please tell me if I risk using your method of repair. of course there is a risk, as doing a fsck will modify the vnd-disk contents. try first with ``fsck -n'', see fsck(8). but as it appears to me, your problem is that as the system was not shut down cleanly, the crypto disk is in a dirty state, and thus a fsck is required for its proper operation. alternatively, you might consider trying a mount with -f and -r, see mount(8), and see if you can read its contents. make sure to use ``vnconfig -k'' first, and see that you have the right key, otherwise neither will work (but should still be safe) Juha
PF, DNS, and internal network -- solved
Greetings and thank you all for your replies. Thanks to all your suggestions I finally got it going with a caching DNS server. I understand this particular approach and am grateful to have it working. Being somehwat of a geek I am not content with merely getting it working, though! :^) Now I need to understand why a DNS caching server was necessary. If anyone can shed some practical/theoretical knowledge as to why pinging www.google.com with this setup couldn't reach the internal network: Set /etc/sysctl.conf: net.inet.ip.forwarding=1 Set /etc/rc.conf: pf=YES Set /etc/pf.conf: # Translation nat on $ext_if from !($ext_if) to any - ($ext_if:0) # Unfiltered pass in log all keep state pass out log all keep state I'd be much obliged! Oh! And all the internal clients point their gateway and dns to the internal interface side of the firewall. Thanks and take care, Allen Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: WHM ( Web Hosting Management) in OpenBSD
sonjaya wrote: Dear all Any body here have install GPL WHM ( Web Hosting Management ) in OpenBSD such as ISP config , i have plant to use OpenBSD for WebHosting . Mya be can be give some success story instal WHM ( IN GPL ) OpenBSD. -sonjaya- openisp?? www.openisp.org -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read
Re: tracking website visitors
On Mon, Jun 05, 2006 at 09:15:20AM -0500, Jacob Yocom-Piatt wrote: to get the geographic part working, edit your webalizer.conf file to enable DNS lookups. that got it going for me. Cool, it's working now. I just needed a little push. Thanks -- Terry http://tyson.homeunix.org
Synchronize PDA with Windows Mobile 5.0
Hi Is there any way to synchronize PDA with Windows Mobile 5.0 under OpenBSD? Any software is available? SynCE doesn't support WM 5.0. TIA Piotr Jedryczek
using hw.sensors in own software
Hi all,
for a monitoring system I am reading the hw.sensors sysctls using
sysctl(3). To know what that sensor is trying to say to me I check
sensor.desc to see what that sensor is measuring.
lm0 tells me:
hw.sensors.8=lm0, Temp1, temp, 33.00 degC / 91.40 degF
hw.sensors.9=lm0, Temp2, temp, 53.50 degC / 128.30 degF
Admtemp (Japsers machine):
jasper hw.sensors.0=admtemp0, External Temp, 63.00 degC
jasper hw.sensors.1=admtemp0, Internal Temp, 34.00 degC
The description is different, Temp1 vs Internal Temp. Now I am not
quite sure how I should map the sysctls to the values I hope to get,
trying to fill following struct:
typedef struct {
float temp1;
float temp2;
float temp3;
float vc0;
float vc1;
float v33;
float v50p;
float v12p;
float v12n;
float v50n;
int rot1;
int rot2;
int rot3;
} hwstats_t;
Is reading the sensor.desc the right way to do this, and if so, is the
information in sensor.desc consistent across all drivers?
Wijnand
Re: using hw.sensors in own software
Is reading the sensor.desc the right way to do this, and if so, is the information in sensor.desc consistent across all drivers? When it comes to i2c devices, we have no idea what is a particular pin on the measuring chip is wired to. There is just no information at all. Only the vendor knows. Sorry.
Re: Calling functions between .so modules crashes in 3.9 (worked in 3.8)
On 6/3/06, Federico Giannici [EMAIL PROTECTED] wrote: What is the problem? Why the same binary worked perfectly with 3.8? What I can do to solve the problem? Maybe the problem is related to the following note I found in the changes from 3.8 to 3.9. Unfortunately I cannot understand what it implies... yes, you probably need to add RTLD_GLOBAL to the appropriate calls to dlopen. In ld.so(1), rework symbol lookup to more closely match sun's documentation and treat dlopens as load groups. Also cleanly handle the case where a dynamic object is opened, but one of it's dependent libraries is missing. Do not promote DT_NEEDED libs to RTLD_GLOBAL when being dlopen'ed. A few other simplifications and behaviour improvements and regression tests to match. -- ___ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___
Re: Max 2 ISP bandwith with OpenBSD 3.9
What do you mean... 'How to Max Bandwidth for Both isp' ? Dan Farrell Applied Innovations [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sonjaya Sent: Monday, June 05, 2006 8:07 AM To: misc@openbsd.org Subject: Max 2 ISP bandwith with OpenBSD 3.9 Dear all I have 2 connection ISP ( let's say ISP-A and ISP-B ). My Question : How to Max Bandwith for Both isp , may be : - Redudant ( for proxy server ) - Fail over ( for GateWay and MX server ) - Load Balancing ( For Web Server and Mail server ) Of course all using OpenBSD 3.9 and i don't have ASN number n BGP only IP . -sonjaya-
qemu and -net tap, how can I enable network?
Hello, I'm running current on thinkxpad x60s. I've installed qemu and I'm running windows xp in qemu. Unfortunately ethernet does not work. No network interface is detected in windows xp. Currently I start the virtual machine like this: qemu -net tap xp.hd -m 768 -localtime While starting qemu I get an error: Initializing tun0.. brconfig: bridge0: trunk0: No such file or directory Do I have to setup a trunk device for this to work? My ethernet card is em0. How do I have to customize the qemu-ifup script to be able to use the -net tap option. Here is the default: /etc/qemu-ifup ---start qemu-ifup #! /bin/sh ETHER=trunk0 BRIDGE=bridge0 if test `id -u` -ne 0; then SUDO=sudo fi echo Initializing $1.. # Set the tun device into layer2 mode $SUDO ifconfig $1 link0 up # Set up our bridge $SUDO ifconfig $BRIDGE create $SUDO brconfig $BRIDGE add $ETHER up $SUDO brconfig $BRIDGE add $1 up ---stop qemu-ifup Thank you very much for helping! Didier
how to make a bootable floppy image?
hello, does anyone know how these *.fs files for bootable floppies in the distribution are made? i need to make a custom one with /etc/boot.config in it, but i do not want to use a physical floppy for that. thanks konstantin
Re: how to make a bootable floppy image?
On Mon, Jun 05, 2006 at 11:42:59AM -0700, akonsu wrote: | does anyone know how these *.fs files for bootable floppies in the | distribution are made? i need to make a custom one with /etc/boot.config in | it, but i do not want to use a physical floppy for that. I did this for serial support and put the procedure online at : http://www.weirdnet.nl/openbsd/serial/ Hope that's of some use to you. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
FIXED!!! :Re: qemu and -net tap, how can I enable network?
Ok, SORRY fixed now! Didier
Re: openbsd on virtual machine
akonsu wrote: thanks. how did you achieve this? i downloaded an evaluation copy of vmware workstation, created a machine with a raw disk pointing to my openbsd partition but it won't boot. it says that there were no bootable drives found. konstantin booting openbsd on a real partition both from bios and from vmware worked without flaw in my tests. why shouldn't it? it's a dual-boot situation, but you just have to make sure, the bootloader hits the right pbr. no magic. --knitti You must use your entire disk instead of only the partition were openbsd is installed. Unless you install the boot manager in the first sector of the partition. I had this problem several times. Just take care not to boot the same os that you are already booted (catastrophic). -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: using hw.sensors in own software
Is reading the sensor.desc the right way to do this, and if so, is the information in sensor.desc consistent across all drivers? When it comes to i2c devices, we have no idea what is a particular pin on the measuring chip is wired to. There is just no information at all. Only the vendor knows. Sorry. Ok, thank you. I was just wondering about the strings placed in sensors.desc. If they are consistent among all drivers I can use that reliably. We are trying to be somewhat consistant. But don't rely on that. You can't. And you will see what we mean the first time you see an ipmi(4) esm(4), or other such sensor coming from a non-i2c device, where the machine gives us the name. Those are more inconsistant than what we have. If you think you can just do it from the name, then don't -- do it from the sensor type.
Re: using hw.sensors in own software
2006/6/5, Theo de Raadt [EMAIL PROTECTED]: Is reading the sensor.desc the right way to do this, and if so, is the information in sensor.desc consistent across all drivers? When it comes to i2c devices, we have no idea what is a particular pin on the measuring chip is wired to. There is just no information at all. Only the vendor knows. Sorry. Ok, thank you. I was just wondering about the strings placed in sensors.desc. If they are consistent among all drivers I can use that reliably. Wijnand
Re: using hw.sensors in own software
2006/6/5, Theo de Raadt [EMAIL PROTECTED]: Ok, thank you. I was just wondering about the strings placed in sensors.desc. If they are consistent among all drivers I can use that reliably. We are trying to be somewhat consistant. But don't rely on that. You can't. And you will see what we mean the first time you see an ipmi(4) esm(4), or other such sensor coming from a non-i2c device, where the machine gives us the name. Those are more inconsistant than what we have. If you think you can just do it from the name, then don't -- do it from the sensor type. Ok, best way is trial and error. :-) Thank you for your responses, and the nice sensors framework. Wijnand
AuthDBM catch 22?
I'm trying to make a web page to maintain my Apache authorization file with instead of dbmmanage. Since I have to have php loaded for other reasons I started there. Problem seems to be that with either the package or port system that only gdbm is supported in php-4 and gdbm is not supported by Apache 1.3. Is this correct or am I more likely malforming the gdbm database? Context is: OpenBSD 3.9 db-4.2.52p8 gdbm-1.8.3p0 php4-core-4.4.1p0 php4-dba-4.4.1p0 Ruby 1.8 supports DB files but I don't really want to move all the Ruby stuff to /var/www/ Any suggestions? Thanks, -- Doug Carter
OpenCON 2006 - Call for Relators
OpenCON 2006 OpenCON is the first european conference entirely dedicated to OpenBSD. The manifestation will take place in Mestre/Venice, Italy, on December. Some OpenBSD developers, have already confirmed their presence. It will be possible to follow many speeches, use the conference LAN, speak with other OpenBSD-enthusiasts and, of course, share any kind of knowledge. For more information visit the conference website: http://www.opencon.org or write us at: [EMAIL PROTECTED] The Call The OpenCON program committee is inviting relators to submit innovative original and interesting speeches on the applications, architecture, implementation, performance and security of OpenBSD operating system. The speeches and slides must be in english. Topics of interest for the OpenCON Conference 2006 include, but are not limited to: * kernel hacking * embedded application development and deployment * device drivers * security and safe coding practices * system administration: techniques and tools of the trade * operational and economic aspects The extended abstract should explain clearly what are the topics and the aims of the speech. Submissions accompanied by a non-disclosure agreement will be rejected. Authors of accepted submissions have to provide a full paper for publication in the conference proceedings and allow the organizers to publish the results in the printed proceedings and on the conference web site. Instructions to authors will be available on the conference web site. To submit your proposal fill in the dedicated form: http://www.opencon.org/cfp-proposal.php
AP Encryption
Hi, What are my options for encrypting wireless traffic between client and access point, where the access point is an OpenBSD box with a supported wireless card? Does it just depend on what encryption methods the card supports? I'm not that bothered about people getting onto the network, as I'm giving the password away to all and sundry. I'm more concerned with stopping people sniffing other wireless traffic. I guess IPSec would be a good step forward but I want to make it as simple as possible for clients to connect: Wireless Client --- (Insert encryption here) --- OpenBSD/AP/pf --- ADSL --- Internet WEP is pretty much out, WPA isn't supported, IPSec is probably too complicated for the general public to get going, and that's about it. If I can't do it in OpenBSD, I may have to use a separate access point, but I'd rather keep it all in one box. Any suggestions here? Many thanks, Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: Crypto Partition Problem
I used fsck -n and then tried to mount the /crypto/home/cryptofile partition container with no luck, same results stating: # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c Encryption key: vnconfig: VNDIOCSET: Device busy mount_ffs: /dev/svnd0c on /home: specified device does not match mounted device # mount -f /home mount: can't find fstab entry for /home. # mount -f /crypto/home/ mount_ffs: /dev/wd0g on /crypto/home: Device busy # mount -r /crypto/home/ mount_ffs: /dev/wd0g on /crypto/home: Device busy # In a previous mail you said : just use vnconfig to attach a file to svnd0, and then do fsck /dev/rsvnd0c (maybe take a backup first?) OTOH, whether that works may depend on the disklabel on /dev/rsvnd0c, but at least i do this routinely in a similar script as yours, before mounting /dev/svnd0c, and it appears to work fine for me I cant take a backup, and I cant risk loosing the data.. (if not already lost because of the damage from the improper shutdown cause by the power break). Is this method previously mentioned by you still advisable ? Thank you for your time! Juha Erkkila [EMAIL PROTECTED] wrote: On Mon, Jun 05, 2006 at 04:47:28AM -0700, Rott_En wrote: Is it a risk to attempt using your recommedation ? Am I risking the integrity of my cryptofile container ? It is 90GB big and I dont have any auxiliary backup medium so big, taking a backup of it is almost out of hope. I can't loose the data from this cryptofile, so please tell me if I risk using your method of repair. of course there is a risk, as doing a fsck will modify the vnd-disk contents. try first with ``fsck -n'', see fsck(8). but as it appears to me, your problem is that as the system was not shut down cleanly, the crypto disk is in a dirty state, and thus a fsck is required for its proper operation. alternatively, you might consider trying a mount with -f and -r, see mount(8), and see if you can read its contents. make sure to use ``vnconfig -k'' first, and see that you have the right key, otherwise neither will work (but should still be safe) Juha Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: AP Encryption
From: [EMAIL PROTECTED] WEP is pretty much out, WPA isn't supported, IPSec is probably too complicated for the general public to get going, and that's about it. If I can't do it in OpenBSD, I may have to use a separate access point, but I'd rather keep it all in one box. Any suggestions here? OpenVPN is a fairly good choice for this. Strong crypto options, very minimalistic configurations can be used on both the client and server side of things, support for address pools, X.509 certificate authentication or static keys, works with NAT, and clients avaiable for popular platforms. HTH, DS
Re: PF, DNS, and internal network -- solved -- nevermind
In case anyone was going to answer this. :^) Forget this followup. In my rush to get an answer I didn't actually think about what I was asking at the end (thanks to Jeff Quast for pointing this out). Take care, Allen Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: openbsd on virtual machine
On 6/5/06, knitti [EMAIL PROTECTED] wrote: - 2nd partition ffs sorry, thats slightly wrong, this partition held openbsd, which had a single disk slice with a ffs. But I didn't see any limitation that there could be more than one. knitti
Re: openbsd on virtual machine
hi, I moved your reply under my statement for readability I wrote: booting openbsd on a real partition both from bios and from vmware worked without flaw in my tests. why shouldn't it? it's a dual-boot situation, but you just have to make sure, the bootloader hits the right pbr. no magic. On 6/5/06, akonsu [EMAIL PROTECTED] wrote: thanks. how did you achieve this? i downloaded an evaluation copy of vmware workstation, created a machine with a raw disk pointing to my openbsd partition but it won't boot. it says that there were no bootable drives found. Ok, I didn't test with vmware player, but with vmware 4. Setup was like: - dual-boot situation with win2k, 1harddisk - 1st and 3rd partition NTFS - 2nd partition ffs - the mbr had the nt boot loader, copy the pbr of the openbsd partition to a file on the windows system partition, point an entry in boot.ini to it (google will help you) - while making your openbsd disk slices, you have to make sure to stay away from the areas of the other partition - when both systems boot fine, just use the openbsd partition as raw disk (disable any options and helpers) I understand that vmware player is not as configurable through the gui, but the configuration is a text file, so it should be possible to achieve this (as in vmware created volumes are compatible with vmware player) hth, knitti
Re: AP Encryption
On Mon, Jun 05, 2006 at 01:14:15PM -0700, Spruell, Darren-Perot wrote: From: [EMAIL PROTECTED] WEP is pretty much out, WPA isn't supported, IPSec is probably too complicated for the general public to get going, and that's about it. If I can't do it in OpenBSD, I may have to use a separate access point, but I'd rather keep it all in one box. Any suggestions here? OpenVPN is a fairly good choice for this. Strong crypto options, very minimalistic configurations can be used on both the client and server side of things, support for address pools, X.509 certificate authentication or static keys, works with NAT, and clients avaiable for popular platforms. Just another vote for OpenVPN, i use it here at home, and it works fine (well, except for the occasional iwi fatal firmware errors). It's pretty easy to set up, there are a few articles to be found in google on setting it up especially for this case (with and without authpf). Another option would be the newly added VPN features of OpenSSH. Of course that would require a version of OpenSSH with VPN support on your clients as well as your gateway. Regards, Jochem Kossen
Re: Crypto Partition Problem
On Mon, Jun 05, 2006 at 01:01:34PM -0700, Rott_En wrote: I used fsck -n and then tried to mount the /crypto/home/cryptofile partition container with no luck, same results stating: # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c Encryption key: vnconfig: VNDIOCSET: Device busy 1) Errormessages are there to say you something. In this case, it says that there is already a device. read the vnconfig manpage. I'm sure you can figure out how to remove it or use a free vnd device... 2) vnconfig will make any file, no matter what crap it contains, available as a device. it doesn't care about how it looks. This implies that as long as there is a valid filesystem and your container is not damaged too much, fsck can correct errors like it does on a real hdd. I haven't looked at the code, but i'm 99% sure it doesn't even know the difference. Of course, the more layers something has, the more errors can appear in the various subsystems involved. Anyway, my mail is getting far to long..., Just fsck and be done with it, I do it every day on my notebook... [tons off innocent bytes killed] Tobias
Re: Does Lenovo suck ?
I am in the position to help testing 3.9 on a Lenovo r51e, but I can't install it because it is a job -related Windows machine (sad but true) If anyone knows a live cd distro for 3.9, please point it out and I could help maiby proof certain aspects for and against this vendor. Thank you for your time. MikeM [EMAIL PROTECTED] wrote: On 6/4/2006 at 8:43 PM Rott_En wrote: |I have a Lenovo R51e and I can tell you that the hardware is 100% |compatible with almost all live CD *nix distributions, no problem at all. | |I am very satisfied of this product because it is robust and fair, battery |life is good and hardware seems to be largely supported. = The question, as I see it, is: do you want to support a vendor who actively avoids supporting, and appears openly antagonistic towards, open source? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: AP Encryption
On 5 Jun 2006, at 21:14, Spruell, Darren-Perot wrote: From: [EMAIL PROTECTED] WEP is pretty much out, WPA isn't supported, IPSec is probably too complicated for the general public to get going, and that's about it. If I can't do it in OpenBSD, I may have to use a separate access point, but I'd rather keep it all in one box. OpenVPN is a fairly good choice for this. Strong crypto options, very minimalistic configurations can be used on both the client and server side of things, support for address pools, X.509 certificate authentication or static keys, works with NAT, and clients avaiable for popular platforms. Although a VPN is a possibility, I'm thinking more along the lines of a wireless hotspot than an extended network. I want to make it as plain and simple as possible for punters to walk in off the street and get internet access. No client downloads, no convoluted key setup process, just walk in, put the password in and go. I kind of want an excuse for this: http://www.flickr.com/photos/[EMAIL PROTECTED]/146733948/in/ set-72057594135255982/ I may have to settle for some token protection method, such as WPA, purely for the purposes of simplicity. Alternatively use a separate AP that supports WPA2 and a bunch of other protocols, and not bother trying to do it all in OpenBSD. Terms and conditions apply, your data is never totally secure, etc, etc. Shame really, one box would be better than two. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: Does Lenovo suck ?
Lenovo In other news Lenovo pretend that they never used the words We will not have models available for Linux, and we do not have custom order, either: http://news.com.com/Lenovo+denies+ditching+Linux/2100-1003_3-6080115.html
Re: FIXED!!! :Re: qemu and -net tap, how can I enable network?
Didier Wiroth wrote: Ok, SORRY fixed now! What did you do to fix it? I'm asking because I tried this morning to use the new qemu v0.8 package, but it no longer works with my previous config and scripts. It looks like they changed the interface in the latest version and removed the -tun-fd option. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: Crypto Partition Problem
On Mon, Jun 05, 2006 at 01:01:34PM -0700, Rott_En wrote: I used fsck -n and then tried to mount the /crypto/home/cryptofile partition container with no luck, same results stating: # sh cryptfs -m -p /home -f /crypto/home/cryptofile -d /dev/svnd0c Encryption key: vnconfig: VNDIOCSET: Device busy mount_ffs: /dev/svnd0c on /home: specified device does not match mounted device # mount -f /home mount: can't find fstab entry for /home. # mount -f /crypto/home/ mount_ffs: /dev/wd0g on /crypto/home: Device busy # mount -r /crypto/home/ mount_ffs: /dev/wd0g on /crypto/home: Device busy # 1. please don't top post, trim your lines under 80 2. RTFM. in this case those are: vnconfig(8), fsck(8), mount(8) 3. AFTER figuring out what these will do, try these: $ vnconfig -k svnd0 /crypto/home/cryptfile (type the correct key) $ fsck /dev/rsvnd0c $ mount /dev/svnd0c /home don't blame me if it breaks. 4. consider not using a single, huge, encrypted vnd, for data that matters 5. toss away the cryptfs-script: it doesn't do fsck, if doesn't back out from errors, it forces mounts even when it should not Juha
Re: AP Encryption
From: [EMAIL PROTECTED] Although a VPN is a possibility, I'm thinking more along the lines of a wireless hotspot than an extended network. I want to make it as plain and simple as possible for punters to walk in off the street and get internet access. No client downloads, no convoluted key setup process, just walk in, put the password in and go. I kind of want an excuse for this: http://www.flickr.com/photos/[EMAIL PROTECTED]/146733948/in/ set-72057594135255982/ I may have to settle for some token protection method, such as WPA, purely for the purposes of simplicity. Alternatively use a separate AP that supports WPA2 and a bunch of other protocols, and not bother trying to do it all in OpenBSD. Terms and conditions apply, your data is never totally secure, etc, etc. Shame really, one box would be better than two. Most hotspots don't provide any sort of confidentiality (in my experience), so you could go for a traditional hotspot using a captive portal gateway to just authenticate access. But you said you want confidentiality, right? So you are going to have to look at WEP (weak but easy), WPA (strong and equally as easy with PSK), openvpn or ipsec (requires a client but strong), or similar. Recent FreeBSD has WPA(2?) support or you could pick up a $50 WAP to provide it too. Don't know if there's anything with good security and good ease-of-client-setup outside of that... DS
Re: AP Encryption
On 2006/06/05 22:06, Gaby vanhegan wrote: Although a VPN is a possibility, I'm thinking more along the lines of a wireless hotspot than an extended network. Turn off encryption unless you want to give a false impression of security. WPA is still subject to ARP poisoning attacks from users on the network. And, uh, The Michael algorithm was the strongest that WPA designers could come up with that would still work with most older network cards; however it is subject to a packet forgery attack. To limit this risk, WPA networks shut down for 60 seconds whenever an attempted attack is detected. [http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access] can you say DoS? I want to make it as plain and simple as possible for punters to walk in off the street and get internet access. No client downloads, no convoluted key setup process, just walk in, put the password in and go. Walk around the average town for half an hour with a z/laptop running kismet and see just how many people worked out how to set up encryption on their own networks...
Re: AP Encryption
On 5 Jun 2006, at 23:05, Spruell, Darren-Perot wrote: Recent FreeBSD has WPA(2?) support or you could pick up a $50 WAP to provide it too. Don't know if there's anything with good security and good ease-of-client-setup outside of that... It's always the trade-off between ease of use and security. More of one usually means less of another, and vice versa. It looks like FreeBSD sort of do WPA with wpa_supplicant, and combine that with hostap, it could do. One way or another, the system requires some wireless kit, so it's a case of spend ages hunting for a PCI card that works with OpenBSD or FreeBSD, or just spend #10 more and get an AP that does it all anyway. On 5 Jun 2006, at 23:40, Stuart Henderson wrote: Although a VPN is a possibility, I'm thinking more along the lines of a wireless hotspot than an extended network. Turn off encryption unless you want to give a false impression of security. WPA is still subject to ARP poisoning attacks from users on the network. If somebody is determined to get in, they will. If they want to cock about with the network too, there's little I can actually do to stop that. I just want to make some sort of effort. I think the way forward is to go with the strongest encryption that just a password can give, and tell users to make use of some stronger means of security, along with some basic information. Not too much though, don't want to scare them off... Walk around the average town for half an hour with a z/laptop running kismet and see just how many people worked out how to set up encryption on their own networks... Surely this works in my favour? Because there's such a plethora of easy targets, any target putting up a better than average defence (but by no means uncrackable), they'll go for the softer target. I would. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
Re: AP Encryption
On 2006/06/05 23:58, Gaby vanhegan wrote: Turn off encryption unless you want to give a false impression of security. WPA is still subject to ARP poisoning attacks from users on the network. If somebody is determined to get in, they will. You said, I'm more concerned with stopping people sniffing other wireless traffic. Unless you use something that avoids running ARP-based protocols directly on 802.11 (pppoe?), WPA does not stop users of your network from watching other users traffic using the usual switch-sniffers (dsniff, ettercap, ..)
Re: AP Encryption
From: [EMAIL PROTECTED] If somebody is determined to get in, they will. You said, I'm more concerned with stopping people sniffing other wireless traffic. Unless you use something that avoids running ARP-based protocols directly on 802.11 (pppoe?), WPA does not stop users of your network from watching other users traffic using the usual switch-sniffers (dsniff, ettercap, ..) How do you circumvent the encryption in order to do so? DS
Re: Does Lenovo suck ?
mal content [EMAIL PROTECTED] 06/06 7:30 am Lenovo In other news Lenovo pretend that they never used the words We will not have models available for Linux, and we do not have custom order, either: http://news.com.com/Lenovo+denies+ditching+Linux/2100-1003_3-6080115.html Oh YES, Lenovo sucks, as HP sucks (after seeing the biggest shitbox of my life, the HP nc8230 - and I am not new in this industry, with 20+ years), and any other hardware manufacturer implementing the `great new world` of Palladium! The above article is a PR exercise, just testing the waters! Don't read anything into, has no significance! Big companies playing this game all the time, i.e, cheap advertizing through newsgroups! It isn't spam, it's legal to do this way! Ioan
Re: AP Encryption
On 2006/06/05 16:36, Spruell, Darren-Perot wrote: From: [EMAIL PROTECTED] If somebody is determined to get in, they will. You said, I'm more concerned with stopping people sniffing other wireless traffic. Unless you use something that avoids running ARP-based protocols directly on 802.11 (pppoe?), WPA does not stop users of your network from watching other users traffic using the usual switch-sniffers (dsniff, ettercap, ..) How do you circumvent the encryption in order to do so? If it's some hotspot-like setup, you don't need to circumvent anything since you already have access to the network.
need ciss(4) hardware for bio/RAID development
Hi guys, There's been a lot of progress recently in relation to SCSI, RAID, and bio support for several controllers. However, all of them have been made by LSI Logic. We'd like to balance this out a bit by working on another popular RAID controller, specifically the Smart ARRAY controllers by HP/Compaq which are supported by the ciss(4) driver. If anyone is able to get a ciss controller to me it would help us move forward and hopefully keep the momentum up. Contact me ([EMAIL PROTECTED]) or Theo ([EMAIL PROTECTED]) off list if you're able to help. Thanks, dlg
Re: AP Encryption
Tor is a good option for encrypting web FTP traffic, though it can be a little slow. tor.eff.org -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read
Re: AP Encryption
On Tue, Jun 06, 2006 at 01:31:38AM +0100, Stuart Henderson wrote: If it's some hotspot-like setup, you don't need to circumvent anything since you already have access to the network. You'd be sniffing encrypted traffic at that point, right? -- Darrin Chandler| Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
Re: popular mail squid virus scanning technique for openbsd
I once posted that all the anti-virus checking should be done on the Windows boxes only. Let the mail server deliver mail, let the firewall block bad packets, and let Windows find the viruses. Why? Re-read what Chad stated in the last sentence below. Some people replied that that was ridiculous because the viruses should be blocked from the mail server with clamd. One person said that clamd can't be exploited remotely. Since then many vulnerabilities have been found in clamd and some of them remotely. Pity. My advice: Use OpenBSD's pf for a firewall. Use OpenBSD's spamd for spam blocking. Use a good anti-virus software like Norton for all your Windows workstations. You install Norton on a server and have all your Windows boxes receive updates from it. You install a SUS or WSUS server so that all your Windows workstations have the latest Windows updates. Chad M Stewart wrote: My firewall is a firewall, provides packet level blocking/allow, ftpproxy, and nothing else. Adding other services can make it more vulnerable, either by software problems or configuration problems.
Re: Max 2 ISP bandwith with OpenBSD 3.9
use all connection because now only 1 isp to main connection and the isp-b is sleep.. On 6/6/06, Dan Farrell [EMAIL PROTECTED] wrote: What do you mean... 'How to Max Bandwidth for Both isp' ?
Re: WHM ( Web Hosting Management) in OpenBSD
i have already open that link but nothing haven't openisp?? www.openisp.org -- The truth, the half-truth, and nothing like the truth. - Mark Brandon Read -- -sonjaya-
Re: Does Lenovo suck ?
On Tuesday 06 June 2006 08:13, Ioan Nemes wrote: The above article is a PR exercise, just testing the waters! No, it's not just a PR exercise. The reason for the sudden retreat is that they still want to be able to sell to the Taiwanese government. --- Lars Hansson
Re: Problems with dvd+rw-tools and UDF
Ok, I've just upgraded to OpenBSD 3.9, but I'm still having the same issues. Martmn Coco escribis: Thanks for your reply. Yes, I have checked this. I didn't associate it with my problem as I am not getting blue kernel messages, the disc IS mounted ok, and I'm also not seeing negative numbers when listing the directory for example. Now, previous to using OpenBSD 3.8, I was using 3.7, and I WAS getting negative numbers when listing the directory. That, and seeing that OpenBSD 3.8 had support for UDF, convinced me to migrate to that version. However, when browsing the source via web, I can see changes in the tree for udf (at least I can see newer versions), specially for HEAD and OpenBSD 3.9. Maybe it also got fixed in the STABLE branch of OpenBSD 3.8, although I'm not seeing any differences between OPENBSD_3_8 and OPENBSD_3_8_BASE. Do you think I could solve this by migrating from 3.8 to 3.9? Uwe Dippel wrote: On Mon, 05 Jun 2006 01:04:31 -0300, Martmn Coco wrote: Hi misc, I have, apparently, some sort of problem when burning DVDs with dvd+rw-tools-5.21.4.10.8 using UDF on OpenBSD 3.8. Have you checked the archive; e.g. the thread of 30-12-2005 ? UDF - where are we ? Uwe
OpenBSD 3.9 on a Sun Fire x4100
Hi all, I have been looking high and low for instructions on how to get 3.9 running on an x4100. Not finding any, I decided to play w/ it myself. I was able to make it work. While I have included the entire dmesg, here is the interesting (for the SAS controller, anyway) bit: mpi0 at pci2 dev 3 function 0 Symbios Logic SAS1064 rev 0x02: apic 6 int 0 (irq 11) scsibus0 at mpi0: 63 targets sd0 at scsibus0 targ 2 lun 0: LSILOGIC, Logical Volume, 3000 SCSI2 0/direct fixed sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664 sec total The kernel is the bsd.mp from the amd64 snapshots section, and the rest of the system is amd64 3.9 Here are the things I don't understand, and would like some insight into: 1. I'm getting all kinds of fan failure warnings, system and cpu overheat warnings, etc. This only happens under OpenBSD. The machine is cold to the touch. 2. I can't seem to get sensorsd working. I get an error about allocating memory. Thoughts? 3. I get the following when connecting to the remote console via the iLOM: uhidev0: bad input length 8 != 0 I get it once per keystroke, and have no idea how to fix it... Thanks, Nick OpenBSD 3.9-current (GENERIC.MP) #851: Sat Jun 3 13:22:38 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4160282624 (4062776K) avail mem = 3573776384 (3490016K) using 22937 buffers containing 416235520 bytes (406480K) of memory mainbus0 (root) bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf8fb0 (65 entries) bios0: Sun Microsystems Sun Fire X4100 Server ipmi at mainbus0 not configured mainbus0: Intel MP Specification (Version 1.4) (SUN X4200 ) cpu0 at mainbus0: apid 0 (boot processor) cpu0: Dual Core AMD Opteron(tm) Processor 280, 2393.50 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Dual Core AMD Opteron(tm) Processor 280, 2393.18 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2 at mainbus0: apid 2 (application processor) cpu2: Dual Core AMD Opteron(tm) Processor 280, 2393.18 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu3 at mainbus0: apid 3 (application processor) cpu3: Dual Core AMD Opteron(tm) Processor 280, 2393.18 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 16-way L2 cache cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu3: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mpbios: bus 0 is type PCI mpbios: bus 1 is type PCI mpbios: bus 2 is type PCI mpbios: bus 3 is type PCI mpbios: bus 4 is type PCI mpbios: bus 5 is type PCI mpbios: bus 6 is type PCI mpbios: bus 7 is type ISA ioapic0 at mainbus0 apid 4 pa 0xfec0, version 11, 24 pins ioapic1 at mainbus0 apid 5 pa 0xfe6ff000, version 11, 4 pins ioapic2 at mainbus0 apid 6 pa 0xfe6fe000, version 11, 4 pins ioapic3 at mainbus0 apid 7 pa 0xfeaff000, version 11, 4 pins ioapic4 at mainbus0 apid 8 pa 0xfeafe000, version 11, 4 pins pci0 at mainbus0 bus 0: configuration mode 1 ppb0 at pci0 dev 1 function 0 AMD 8131 PCIX rev 0x13 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000MT (82546EB) rev 0x03: apic 5 int 2 (irq 10), address 00:14:4f:20:bf:64 em1 at pci1 dev 1 function 1 Intel PRO/1000MT (82546EB) rev 0x03: apic 5 int 3 (irq 11), address 00:14:4f:20:bf:65 em2 at pci1 dev 2 function 0 Intel PRO/1000MT (82546EB) rev 0x03: apic 5 int 0 (irq 11), address 00:14:4f:20:bf:66 em3 at pci1 dev 2 function 1 Intel PRO/1000MT (82546EB) rev 0x03: apic 5 int 1 (irq 9), address 00:14:4f:20:bf:67 aapic0 at pci0 dev 1 function 1 AMD 8131 PCIX IOAPIC rev 0x01 ppb1 at pci0 dev 2 function 0 AMD 8131 PCIX rev 0x13 pci2 at ppb1 bus 2 mpi0 at pci2 dev 3 function 0 Symbios Logic SAS1064 rev 0x02: apic 6 int 0 (irq 11) scsibus0
Re: OpenBSD 3.9 on a Sun Fire x4100
Hi Nick, On Mon, Jun 05, 2006 at 09:51:13PM -0700, [EMAIL PROTECTED] wrote: | I have been looking high and low for instructions on how to get 3.9 | running on an x4100. Not finding any, I decided to play w/ it myself. I | was able to make it work. While I have included the entire dmesg, here is | the interesting (for the SAS controller, anyway) bit: | | mpi0 at pci2 dev 3 function 0 Symbios Logic SAS1064 rev 0x02: apic 6 int | 0 (irq 11) | scsibus0 at mpi0: 63 targets | sd0 at scsibus0 targ 2 lun 0: LSILOGIC, Logical Volume, 3000 SCSI2 | 0/direct fixed | sd0: 69618MB, 69618 cyl, 16 head, 128 sec, 512 bytes/sec, 142577664 sec total Good to see your mpi-controller is working as it should ;) | The kernel is the bsd.mp from the amd64 snapshots section, and the rest of | the system is amd64 3.9 That's not good. You're mixing -current kernel with -stable userland. Don't do that. You'll get all sorts of strange things, the longer after -stable became stable you take -current, the more weird things will happen until at some point your system may not make it past loading the kernel anymore. It's OK to play around with stuff like this (to see if your SAS controller is supported by a newer kernel), but don't run anything important in such a configuration. See that the new kernel supports your hardware and then *UPGRADE*. Not just the kernel, your entire system. If running -current is not for you then you have a limited set of options : o Wait for 4.0 which should be released in November (only 5 months from now ;) o Backport the mpi(4) driver to 3.9 (good luck, you're on your own) o Bite the bullet, run -current. If any of the issues you mention below reappear with a complete snapshot or a complete -RELEASE system, feel free to try again ;) Cheers, Paul 'WEiRD' de Weerd PS: Thanks for including a dmesg. -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
tampering with my car
As we all now know, some US inteligence agencies use various forms of torture. One of which is called stressfull positions. My drivers side seat has been tampered with so that is causes severe back pain when driving. I have a long commute and it is a problem. Also done to my car; wheel weights are removed, alignment modified, brakes tampered with, etc... Since email is legally binding this is to inform the person/persons involved in tampering with my car that if it causes an accident you will be held liable. If people are injured or killed you will be charged with homicide. I have witnesses to you entering my car and tampering with various parts. Get on board. You're invited to try the new Yahoo! Mail Beta.
