Important Notice
[IMAGE] Dear Lloyds TSB Customer: We've noticed that you experienced trouble logging into Lloyds TSB Online Banking. After three unsuccessful attempts to access your account, your Lloyds TSB Online Profile has been locked. This has been done to secure your accounts and to protect your private information. Lloyds TSB is committed to making sure that your online transactions are secure. Please update your online banking information by clicking here: https://online.lloydstsb.co.uk/customer/Login.ibc You will see a verification page please complete information that you will see and submit the form . You will be redirected to Lloyds TSB home page after verification . Please note that if u don't verify your ownership of account in 24 hours we will block it to protect your money. Thank you. ) Lloyds TSB Customer Service
Re: Slogan for OpenBSD goodies
Hi, Bruno I think that depends on your definiton for the word free. Best rgds, Jason On 10/6/06, Bruno Carnazzi [EMAIL PROTECTED] wrote: Hi misc, I was thinking to a slogan that could be printed on some openbsd goodies : Free software can't exist without Free hardware. I think this is really the core of the current free software problem. Best regards, Bruno.
squid ldap auth on OpenBSD
Hello, I try to configure squid with a ldap authentification on a OpenBSD 3.9. I wanted to use squid_ldap_auth but I can not find on my server. Nothing is availabIe on the system about squid and ldap configuration. I red lot of FAQ (squid and *BSD) but I found noting to solve my problem. Can someone help me ?? Al.
Re: squid ldap auth on OpenBSD
Hello Alexandre! This is how I did it the last time. Hello, I try to configure squid with a ldap authentification on a OpenBSD 3.9. I wanted to use squid_ldap_auth but I can not find on my server. Nothing is availabIe on the system about squid and ldap configuration. cd /usr/ports/www/squid edit the Makefile and change the line -enable-basic-auth-helpers to --enable-basic-auth-helpers=b NCSA YP LDAPb write and quit. make The process will die with an error. Change dir to ./w-squid-2.5.STABLE12/build-i386/helpers/basic_auth/LDAP Edit the Makefile there and add the following to the Line DEFAULT_INCLUDE: -I/usr/local/include and add the following to LDADD /usr/local/lib/libldap-2.2.so.7.20 -L/usr/local/lib Now go back to /usr/ports/www/squid and run once again make. At last run make install. The last thing you have to do is to copy the file squid_ldap_auth from /usr/ports/squid/w-squid-2.5.STABLE12/build-i386/helpers/basic_auth/LDAP to /usr/local/libexec Then configure your squid config. This way is not optimal, I know. But for me it was the only way to get it up and running. I am authenticating versus an Windows 2000 Active Directory. Yo need the ldap client package, I think. Some time ago. :) -- Andre Naehring
Re: mount_null replacement?
On 10/4/06, G 0kita [EMAIL PROTECTED] wrote: I notice mount_null was dropped as of OpenBSD 3.8, can someone tell me first of all why this was done [...] Various comments to the likes of 'turd polishing' can be found in the misc@ archives. IIRC, the developers gave up on this piece of functionality as it just wouldn't work reliably. See the archives and commit logs for a more detailed description. Specifically I'm looking to have a writable directory mounted read-only in another location. As another poster suggested, you can probably get away with local NFS mounts. Those have worked for me since 3.8, although I never put them to antthing resembling a stress test. YMMV. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
make multiple adsl lines reachable
Hi all, I am currently setting up a firewall with multiple adsl lines. I have 2 interfaces configured now and the box can reach the internet. When I ping the second adsl line (without the default route) the packets go back via the first line. I thought I could solve this with: pass in quick on $CAMBRIUMIF tag CAMBRIUM_IN keep state pass out quick route-to $CAMBRIUMGW tagged CAMBRIUM_IN in my pf.conf, but it does not work. So can anyone help me with the right way to do this? Thanks, Wijnand
Re: squid ldap auth on OpenBSD
thanx Andre ! I've done modifications. But when I launch make again, there is the following error message : warning: strcpy() is almost always misused, please use strlcpy() Do you know what means this message ? Andre Naehring a C)crit : Hello Alexandre! This is how I did it the last time. Hello, I try to configure squid with a ldap authentification on a OpenBSD 3.9. I wanted to use squid_ldap_auth but I can not find on my server. Nothing is availabIe on the system about squid and ldap configuration. cd /usr/ports/www/squid edit the Makefile and change the line -enable-basic-auth-helpers to --enable-basic-auth-helpers=b NCSA YP LDAPb write and quit. make The process will die with an error. Change dir to ./w-squid-2.5.STABLE12/build-i386/helpers/basic_auth/LDAP Edit the Makefile there and add the following to the Line DEFAULT_INCLUDE: -I/usr/local/include and add the following to LDADD /usr/local/lib/libldap-2.2.so.7.20 -L/usr/local/lib Now go back to /usr/ports/www/squid and run once again make. At last run make install. The last thing you have to do is to copy the file squid_ldap_auth from /usr/ports/squid/w-squid-2.5.STABLE12/build-i386/helpers/basic_auth/LDAP to /usr/local/libexec Then configure your squid config. This way is not optimal, I know. But for me it was the only way to get it up and running. I am authenticating versus an Windows 2000 Active Directory. Yo need the ldap client package, I think. Some time ago. :)
Re: make multiple adsl lines reachable
Sorry for the noise, it was: pass in quick on $CAMBRIUMIF reply-to ( $CAMBRIUMIF $CAMBRIUMGW ) keep state Wijnand
Re: squid ldap auth on OpenBSD
Hi Alexandre. On 10/6/06, Alexandre ADAM [EMAIL PROTECTED] wrote: But when I launch make again, there is the following error message : warning: strcpy() is almost always misused, please use strlcpy() Thats not an error. Its just a warning. Do you know what means this message ? It means that strcpy() is almos always misused and should be replaced by strlcpy() (or strncpy but OpenBSD prefers strlcpy). HTH, Andreas. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy?
Re: Letter to OLPC
Hi, I have decided to make public this letter which I sent to the OLPC (One Laptop Per Child group, which is strongly associated with Red Hat. Thank you, Theo, for doing what you do. There is indeed a big difference between kneeling down and bending over (FZ). Be well... Nico
Re: squid ldap auth on OpenBSD
Salute Alexandre, is this an error when you cannot run make successfully? Or only the warning? For me, it seems to be a compiler warning, nothing to care for you at the moment when make completes successfully. But I think this is a squid related warning. So, the squid authors should correct it. If you can compile the squid port without the modifications and without this warning, the warning is generated by your (my) modifications. If this is the case it's going to deep for me :) Am Freitag, den 06.10.2006, 11:49 +0200 schrieb Alexandre ADAM: thanx Andre ! I've done modifications. But when I launch make again, there is the following error message : warning: strcpy() is almost always misused, please use strlcpy() Do you know what means this message ? Greetings, Andre Naehring
Re: Letter to OLPC
On 10/6/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. If the real concern is for *disadvantaged children* in third world countries then giving them a laptop is the most ridiculous idea ever orginated! Some time back I saw a cartoon. One of the 3rd world countries blasted their nuclear bomb and was proud of it. Proud that they were in par with the others in the West. While their people were still begging and starving in the streets and villages. The cartoon showed a poor beggar sitting on the street with torn clothes with the beggars basin to reveive a missile sent to it. In the third world the basic necissities are food, water, clothing, shelter, medical care etc. Disadvantaged children could care less about a stupid laptop when they have had no meal for a week and are tired of the sun while watching their siblings dying of cholera. Getting a laptop to a child for low cost seems to be a noble idea on the outside. add a *3rd-world country* phase and you get a more polished *charity painted/noble* image. I don't think OLPC it that great!. It is another form of business. They have seen a market. They want to reach it. thats all! Mostly people who applaude such endeavours *do not have any idea* of the issues of the third world countries. I am not angry Jack. But When I find people *over nobleizing* at the expense of the 3rd world countries I think I need to say this. Kind Regards Siju
Faster SBC - New Testresults
i've now testet this device here: http://www.ipc2u.de/catalog/E/EL/33640.html my config: linuxbox1 - new box obsd 3.9 - pc obsd 3.9 - linuxbox1 between the new box and the pc with obsd 3.9 is a ethernet crosscable. on both boxes is running a ipsec tunnel with isakmp with aes encryption and rsa authentication with 4096 bit. throughput: i've transferred a 100M file with scp from linuxbox1 to linuxbox2: 5,4MB/s linuxbox2 to linuxbox1: 5,1MB/s CPU peak 80% average 60% This seems very good. i've now ordered a second box and will made a throughput test with the ralink cards. Thomas
[Way OT] Re: Letter to OLPC
Hey Siju, If the real concern is for *disadvantaged children* in third world countries then giving them a laptop is the most ridiculous idea ever orginated! I guess nobody thought of the idea to ask the 'third world' what *they* would like to have. Indeed, what a silly notion! For the 'first world' to really put an end to hunger, war and deprivation of (proper) education, it simply has to make different choices. It is always all about choice. Giving the 'third world' more of what the 'first world' already has, will only serve to magnify the problems the 'first world' has created in the first place. At the expense of the 'third world', no less. Our global problems will not be solved by thinking in the same thought patterns over and over again. I sincerely hope Theo's well written letter will bring a solid, decent discussion and get rid of any big fat liars out there. Interesting times straight ahead! Be well... Nico
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
2006/10/6, Adam [EMAIL PROTECTED]: Its complete and utter nonsense actually. The linux kernel is used in closed source products all the time, it has no effect there just like it Please show us one example of a closed source Linux device. On the contrary closed source Linux systems have been forced (even in court) to deliver the sources. This is impossible with BSD. Best Martin
'flags S/SA keep state' now the default
I've just committed code based on a suggestion made by Daniel Hartmeier
to make flags S/SA keep state the default for rules.
NOTE: This does change is in -current only, and does not apply to the
4.0 release.
These changes makes pf rulesets significantly cleaner, improving
readability. More importantly, it makes the recommended behaviour the
default, something that OpenBSD tries to do wherever possible.
- Stateful filtering should be used on most rules for performance as
well as security reasons, and stateless filtering is by far the
exception.
- The flags S/SA change ensures that for TCP connections only initial
syn packets can match a rule and create a new state. While PF supports
creation of state on intermediate packets, it makes application of some
security mechanisms impossible, and it makes PF unable to correctly deal
with TCP window scaling on the connection. This has increasingly become
a problem as more OSs ship with window scaling and increased buffers
enabled by default.
Most users will not see any consequences of these changes, but there are
a few cases where this has impact:
* Users who are doing stateless filtering on purpose
* Users who expect to be able to flush their state table, fail
over without pfsync, or reboot their firewall and have the
states recreated from intermediate packets.
Users in either of these categories should use the 'no state' and/or
'flags any' options where appropriate to explicitly request the current
behaviour of their ruleset.
- Forwarded message from Ryan Thomas McBride [EMAIL PROTECTED] -
Date: Fri, 6 Oct 2006 04:45:44 -0600 (MDT)
From: Ryan Thomas McBride [EMAIL PROTECTED]
Subject: CVS: cvs.openbsd.org: src
To: [EMAIL PROTECTED]
X-Spam-Status: No, score=0.0 required=6.0 tests=none autolearn=ham
version=3.1.1
CVSROOT:/cvs
Module name:src
Changes by: [EMAIL PROTECTED] 2006/10/06 04:45:44
Modified files:
sbin/pfctl : parse.y
Log message:
Make 'flags S/SA keep state' the implicit for filter rules, based on
a suggestion from [EMAIL PROTECTED] Also add 'flags any' and 'no state' options
to disable flag matching and stateful filtering respectively.
IMPORTANT NOTE:
Current rulesets will continue to load, but the behaviour may be slightly
changed as these defaults are more restrictive. If you are purposefully
filtering statelessly ('no state') or have a requirement to create states
on intermediate packets ('flags any') you should update your ruleset to
make use of the new keywords to explicitly request the behaviour.
Note that creation of states from intermediate packets in a connection is
not recommended, and will increasingly cause problems as more OSs enable
window scaling and increase buffer sizes by default.
ok dhartmei@ deraadt@ henning@
- End forwarded message -
--
Re: Letter to OLPC
I could not agree more with Siju George, what good is a laptop when all it will do is make said kid a more likely target for crime. In cases of poverty parents often sell toys that 'belong' to their kids simply to put food on the table, a laptop would be way more sellable. Being an opensource supporter and living in a third world country I can also say that is is debatable if opensource is really cheaper in a third country seeing that it mostly relies on the internet for updates, bugfixes and distribution and internet being very expensive. Also a lot of opensource projects are moving away from downloadable modules to more installer based systems, doing a kde update over a 3kB/s connection is not practical since most of these installers don't have the fault tolerance of modern download managers (please note I'm speaking in general terms here and not specifically about OpenBSD). I currently pay 77USD for a wireless broadband connection that is capped at 1GB of traffic, using SUSE Linux as an example it would be significantly cheaper to buy M$ windows than to download linux at home. And although CD sets are available cheaper from local sellers, the fun always starts with the updates are due. my twocents worth if they want to fix third world countries they should start with the governments, this seems more like a marketing excercise - Original Message - From: Siju George [EMAIL PROTECTED] To: Jack J. Woehr [EMAIL PROTECTED] Cc: OpenBSD misc@openbsd.org Sent: Friday, October 06, 2006 12:36 PM Subject: Re: Letter to OLPC On 10/6/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. If the real concern is for *disadvantaged children* in third world countries then giving them a laptop is the most ridiculous idea ever orginated! Some time back I saw a cartoon. One of the 3rd world countries blasted their nuclear bomb and was proud of it. Proud that they were in par with the others in the West. While their people were still begging and starving in the streets and villages. The cartoon showed a poor beggar sitting on the street with torn clothes with the beggars basin to reveive a missile sent to it. In the third world the basic necissities are food, water, clothing, shelter, medical care etc. Disadvantaged children could care less about a stupid laptop when they have had no meal for a week and are tired of the sun while watching their siblings dying of cholera. Getting a laptop to a child for low cost seems to be a noble idea on the outside. add a *3rd-world country* phase and you get a more polished *charity painted/noble* image. I don't think OLPC it that great!. It is another form of business. They have seen a market. They want to reach it. thats all! Mostly people who applaude such endeavours *do not have any idea* of the issues of the third world countries. I am not angry Jack. But When I find people *over nobleizing* at the expense of the 3rd world countries I think I need to say this. Kind Regards Siju -- This e-mail and its contents are subject to AfriGIS PTY Limited e-mail disclaimer at http://www.afrigis.co.za/eMailDisclaimer --
3.9 stable libssl
Hi all! I've updated today my 3.9-stable system (to OPENBSD_3_9) (by doing cd /usr cvs -q up -rOPENBSD_3_9 -Pd src) Some files from libssl were updated, so i decided to rebuild this lib. I went to /usr/src/lib/libssl and, removed my openssl's OBJes, and run make obj, make depend, make.. and got such error: cc -O2 -pipe -g -DL_ENDIAN -DDSO_DLFCN -DHAVE_DLFCN_H -DOPENSSL_NO_IDEA -DTERMIO S -DANSI_SOURCE -DNO_ERR -DOPENSSL_NO_ASM -DOPENSSL_NO_RC5 -DOPENSSL_NO_KRB5 -DO PENSSL_NO_MDC2 -DNO_WINDOWS_BRAINDEATH -DOPENSSL_NO_HW_CSWIFT -DOPENSSL_NO_HW_NC IPHER -DOPENSSL_NO_HW_ATALLA -DOPENSSL_NO_HW_NURON -DOPENSSL_NO_HW_UBSEC -DOPENS SL_NO_HW_AEP -DOPENSSL_NO_HW_SUREWARE -DOPENSSL_NO_HW_4758_CCA -I/usr/src/lib/li bssl/crypto/../src -I/usr/src/lib/libssl/crypto/../src/crypto -I/usr/src/lib/lib ssl/crypto/obj -DAES_ASM -DMD5_ASM -DSHA1! _ASM -DRMD160_ASM -DOPENBSD_CAST_ASM -D OPENBSD_DES_ASM -c /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c -o rsa_eay.o /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c: In function `RSA_eay_private_encry pt': /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:262: error: `OPENSSL_RSA_MAX_MODULU S_BITS' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:262: error: (Each undeclared identi fier is reported only once /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:262: error: for each function it ap pears in.) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:264: error: `RSA_R_MODULUS_TOO_LARG E' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:275: error: `OPENSSL_RSA_SMALL_MODU LUS_BITS' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:277: error: `OPENSSL_RSA_MAX_PUBEXP _BITS' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c: In function `RSA_eay_public_decryp t': /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:529: error: `OPENSSL_RSA_MAX_MODULU S_BITS' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:531: error: `RSA_R_MODULUS_TOO_LARG E' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:542: error: `OPENSSL_RSA_SMALL_MODU LUS_BITS' undeclared (first use in this function) /usr/src/lib/libssl/src/crypto/rsa/rsa_eay.c:544: error: `OPENSSL_RSA_MAX_PUBEXP _BITS' undeclared (first use in this function) *** Error code 1 Stop in /usr/src/lib/libssl/crypto. *** Error code 1 Stop in /usr/src/lib/libssl. [EMAIL PROTECTED] libssl]# Was it updated partialy? How to make my src tree compileble again? -- Best regards, Alexander mailto:[EMAIL PROTECTED]
Re: squid ldap auth on OpenBSD
thanx a lot, it works ! It was a warning message, it wasn't a problem (see Andreas answer). I've modified squid.conf by adding the following line to use the Ldap authentification : auth_param basic program /usr/local/libexec/squid_ldap_auth -b ou=MyTree -u uid -h MyLDAPserver and it worked at the first time. Thanx everybody. Alex. Andre Naehring a icrit : Salute Alexandre, is this an error when you cannot run make successfully? Or only the warning? For me, it seems to be a compiler warning, nothing to care for you at the moment when make completes successfully. But I think this is a squid related warning. So, the squid authors should correct it. If you can compile the squid port without the modifications and without this warning, the warning is generated by your (my) modifications. If this is the case it's going to deep for me :) Am Freitag, den 06.10.2006, 11:49 +0200 schrieb Alexandre ADAM: thanx Andre ! I've done modifications. But when I launch make again, there is the following error message : warning: strcpy() is almost always misused, please use strlcpy() Do you know what means this message ? Greetings, Andre Naehring
Re: 3.9 stable libssl
On Fri, Oct 06, 2006 at 02:56:22PM +0300, Alexander Belikov voiced: Hi all! I've updated today my 3.9-stable system (to OPENBSD_3_9) (by doing cd /usr cvs -q up -rOPENBSD_3_9 -Pd src) Some files from libssl were updated, so i decided to rebuild this lib. I went to /usr/src/lib/libssl and, removed my openssl's OBJes, and run make obj, make depend, make.. and got such error: Try make includes -- ajBAY294Lm5ldA==
Re: 'flags S/SA keep state' now the default
On Fri, 2006-10-06 at 11:36 +, Ryan McBride wrote: I've just committed code based on a suggestion made by Daniel Hartmeier to make flags S/SA keep state the default for rules. THANKS! -- Massimo.run();
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On 10/06/06 03:01, Han Boetes wrote: Of course you wouldn't bother to read this article: http://www.dwheeler.com/blog/2006/09/01/#gpl-bsd Since it's polite, to point and factual. That pages contains the sentence I don't think we fully understand exactly when each license's effects truly have the most effect. That we is not that polite and it might seem to the point and factual to you, this sentence ruins most of it. Instead of your rant which contains insults and lies. Please explain (off-list is OK). +++chefren
[OT] Re: Letter to OLPC
On Fri, Oct 06, 2006 at 04:06:35PM +0530, Siju George wrote: If the real concern is for *disadvantaged children* in third world countries then giving them a laptop is the most ridiculous idea ever orginated! Some time back I saw a cartoon. One of the 3rd world countries blasted their nuclear bomb and was proud of it. Proud that they were in par with the others in the West. While their people were still begging and starving in the streets and villages. The cartoon showed a poor beggar sitting on the street with torn clothes with the beggars basin to reveive a missile sent to it. In the third world the basic necissities are food, water, clothing, shelter, medical care etc. Disadvantaged children could care less about a stupid laptop when they have had no meal for a week and are tired of the sun while watching their siblings dying of cholera. Getting a laptop to a child for low cost seems to be a noble idea on the outside. add a *3rd-world country* phase and you get a more polished *charity painted/noble* image. I don't think OLPC it that great!. It is another form of business. They have seen a market. They want to reach it. thats all! Mostly people who applaude such endeavours *do not have any idea* of the issues of the third world countries. I am not angry Jack. But When I find people *over nobleizing* at the expense of the 3rd world countries I think I need to say this. Bravo Siju Bravo! I see with my own eyes everyday ppl who have no money to eat a morsel of rice a day. And I am often amazed by their intellect, wisdom and happy attitude. I am not kidding. Once I was flabbergasted when a young chap came all the way to my home just to give me two rupees(1$ = 45 rupees). And ppl in the railway station asking me, Please give me ten rupees. I will carry your suitcase. Do you guys get the picture? My heart bleeds when I see this. But most of my fellow men are so used to this that their hearts have turned into stone seeing these things... I really wonder how one can own a car and a bungalow in my country when my own ppl are starving for food? I think the West can never understand our problems until they visit us and see our conditions. No, my point is not that anybody is inferior or superior. I sincerely believe the West has to learn a great deal of wisdom from the east. After all like many Americans want to believe America is not the only country on earth! :-) Now, coming to this particular issue of laptops I wholeheartedly agree with Siju. In fact this is nothing different from that idiot Bill Gates who came to India saying that he wanted to help India tackle the AIDS disease. I think the only solution to tackle this disparity lies in a mutual understanding and firm conviction that every race, every nation is important. Just like there are oranges and grapes and apples and kiwis, each with a different taste that makes our meal wholesome, every single race and nation goes towards making this world complete and livable. May I ask how many of my countrymen are serving in top notch research institutions like IBM and NASA? Dont you benefit by them? Well, several thousand years ago India was the richest nation on earth. India was also the most knowledgeable and ethical and moral nation, but that was once upon a time. Today, after several generations, we still have a strong culture, values and importance attached to education. Too bad, our companies like Infosys and Wipro have given us an image of doing low end junk work! Actually it is not the loss of wealth that has hurt us. What really hurt us is the lack of confidence! Well, sorry for talking about India. It is the only third world country I know. regards, Girish
Re: Letter to OLPC
On Thu, Oct 05, 2006 at 03:41:32PM -0600, Theo de Raadt wrote: In a private reply to my initial mail Jim Gettys (OLPC / Red Hat) said: Free and open software is a means to an end I didn't find the new slogan on OLPC/Red Hat's site. Maybe I should check again tomorrow. Anyway, I hope each lapper gets a sticker with the above on the lid.
Re: [OT] Re: Letter to OLPC
On 10/6/06, Girish Venkatachalam [EMAIL PROTECTED] wrote: Now, coming to this particular issue of laptops I wholeheartedly agree with Siju. In fact this is nothing different from that idiot Bill Gates who came to India saying that he wanted to help India tackle the AIDS disease. Little do I know about Bill Gates and the Aids Issue. But I know this was the outcome of Indian President's meet with Bill some time back. In a speech during dedication ceremonies Wednesday for the country's new International Institute of Information Technology in the university city of Pune, President A.P.J. Abdul Kalam recounted a conversation earlier this year with Microsoft Chairman Bill Gates. We were discussing the future challenges in information technology, including the issues related to software security, Kalam said, according to a transcript of the speech. I made a point that we look for open-source codes so that we can easily introduce the users built security algorithms. Our discussions became difficult, since our views were different. === http://news.com.com/India+leader+advocates+open+source/2100-1016_3-1011255.html?tag=nl http://news.com.com/Indian+president+calls+for+open+source+in+defense/2100-7344_3-5259836.html Indian Govt, Defence, Universities and a lot of other companies are shifting towards Open Source Software and Operating Systems or something based on it. I know some details but do not want to disclose it here. I know about teams setup to investigate about replacing Proprietary Software with Open Source. The investigations are over in many places and the migration has started in massive amounts. All this points to the fact that the future Indian market is slowly closing for all hardware that does not support Open Source well. And this includes Intel, Adaptec ( Please some one fill in the list there are a few!). Already AMD is eating up Intel's market here! And soon people here are going to find out the truth about all the *fraud* Open Source support talk some hardware companies claim either through all these public discussions on the internet, or through people like girish and myself ( I am already asking people not to hurt themselves buying Intel's hardware ) or the hard way i.e buying the hardware and finding it does not work, then approaching the vendor and finding they don't care even if there are people who want to provide free and quality support for their products to others. And it does not take much or cost them a dime to change their fate. They will have to Open up their documentation if they need to survive. The faster they learn the better for them. Thankyou so much Kind Regards Siju
Re: 3.9 stable libssl
Hello John, Friday, October 6, 2006, 3:16:57 PM, you wrote: JLS On Fri, Oct 06, 2006 at 02:56:22PM +0300, Alexander Belikov voiced: Hi all! I've updated today my 3.9-stable system (to OPENBSD_3_9) (by doing cd /usr cvs -q up -rOPENBSD_3_9 -Pd src) Some files from libssl were updated, so i decided to rebuild this lib. I went to /usr/src/lib/libssl and, removed my openssl's OBJes, and run make obj, make depend, make.. and got such error: JLS JLS Try make includes That's it, thanks!
Cross compiling
How would I go about cross compiling OpenBSD from i386 to sparc64? I am just interested because I want to build a system from a faar faster processor if possible. John. -- Faced with the fact that Intelligent Design doesn't meet the criteria for a scientific theory, leading proponent redefines what a scientific theory is. Result: Astrology now a scientific theory.
Re: [ way... OT ] ho hum
On Mon, Sep 11, 2006 at 05:59:17AM +0200, Johan SANCHEZ wrote: On Sun, 10 Sep 2006 20:18:25 +0100 [EMAIL PROTECTED] (Craig Skinner) wrote: Another weekend at work: # uname -a SunOS X 5.10 Generic_XX sun4u sparc SUNW,Sun-Fire-15000 # uname -X System = SunOS Node = XX Release = 5.10 KernelID = Generic_XX Machine = sun4u BusType = unknown Serial = unknown Users = unknown OEM# = 0 Origin# = 1 NumCPU = 144 # id uid=0(root) gid=0(root) Maybe one day this could have a great dmesg.., not to mention the rest of the cluster. Be patient :)) psrinfo ??? prtdiag ??? scswitch ?? Sorry for the delay, back at work this week. This is one of many crash boxes for customers to try out. I'll see what can be done WRT an OBSD boot. Oh, and yes, the amount of RAM for the machine is measured in TB, not GB. # vmstat kthr memorypagedisk faults cpu r b w swap free re mf pi po fr de sr s2 s2 s2 s2 in sy cs us sy id 0 0 0 518073568 581736208 126 1152 2 11 11 0 0 0 0 1 0 1802 3613 809 0 1 99 # psrinfo 0 on-line since 09/07/2006 15:46:22 1 on-line since 09/07/2006 15:46:22 2 on-line since 09/07/2006 15:46:22 3 on-line since 09/07/2006 15:46:22 4 on-line since 09/07/2006 15:46:22 5 on-line since 09/07/2006 15:46:22 6 on-line since 09/07/2006 15:46:22 7 on-line since 09/07/2006 15:46:22 32 on-line since 09/07/2006 15:46:22 33 on-line since 09/07/2006 15:46:22 34 on-line since 09/07/2006 15:46:22 35 on-line since 09/07/2006 15:46:22 36 on-line since 09/07/2006 15:46:22 37 on-line since 09/07/2006 15:46:22 38 on-line since 09/07/2006 15:46:22 39 on-line since 09/07/2006 15:46:22 64 on-line since 09/07/2006 15:46:22 65 on-line since 09/07/2006 15:46:22 66 on-line since 09/07/2006 15:46:22 67 on-line since 09/07/2006 15:46:22 68 on-line since 09/07/2006 15:46:22 69 on-line since 09/07/2006 15:46:22 70 on-line since 09/07/2006 15:46:22 71 on-line since 09/07/2006 15:46:22 96 on-line since 09/07/2006 15:46:22 97 on-line since 09/07/2006 15:46:22 98 on-line since 09/07/2006 15:46:22 99 on-line since 09/07/2006 15:46:22 100 on-line since 09/07/2006 15:46:22 101 on-line since 09/07/2006 15:46:22 102 on-line since 09/07/2006 15:46:22 103 on-line since 09/07/2006 15:46:22 128 on-line since 09/07/2006 15:46:22 129 on-line since 09/07/2006 15:46:22 130 on-line since 09/07/2006 15:46:22 131 on-line since 09/07/2006 15:46:22 132 on-line since 09/07/2006 15:46:22 133 on-line since 09/07/2006 15:46:22 134 on-line since 09/07/2006 15:46:22 135 on-line since 09/07/2006 15:46:22 160 on-line since 09/07/2006 15:46:22 161 on-line since 09/07/2006 15:46:22 162 on-line since 09/07/2006 15:46:22 163 on-line since 09/07/2006 15:46:22 164 on-line since 09/07/2006 15:46:22 165 on-line since 09/07/2006 15:46:22 166 on-line since 09/07/2006 15:46:22 167 on-line since 09/07/2006 15:46:22 192 on-line since 09/07/2006 15:46:22 193 on-line since 09/07/2006 15:46:22 194 on-line since 09/07/2006 15:46:22 195 on-line since 09/07/2006 15:46:22 196 on-line since 09/07/2006 15:46:22 197 on-line since 09/07/2006 15:46:22 198 on-line since 09/07/2006 15:46:22 199 on-line since 09/07/2006 15:46:22 224 on-line since 09/07/2006 15:46:22 225 on-line since 09/07/2006 15:46:22 226 on-line since 09/07/2006 15:46:22 227 on-line since 09/07/2006 15:46:22 228 on-line since 09/07/2006 15:46:22 229 on-line since 09/07/2006 15:46:22 230 on-line since 09/07/2006 15:46:22 231 on-line since 09/07/2006 15:46:22 256 on-line since 09/07/2006 15:46:22 257 on-line since 09/07/2006 15:46:22 258 on-line since 09/07/2006 15:46:22 259 on-line since 09/07/2006 15:46:22 260 on-line since 09/07/2006 15:46:22 261 on-line since 09/07/2006 15:46:22 262 on-line since 09/07/2006 15:46:22 263 on-line since 09/07/2006 15:46:22 288 on-line since 09/07/2006 15:46:22 289 on-line since 09/07/2006 15:46:22 290 on-line since 09/07/2006 15:46:22 291 on-line since 09/07/2006 15:46:22 292 on-line since 09/07/2006 15:46:22 293 on-line since 09/07/2006 15:46:22 294 on-line since 09/07/2006 15:46:22 295 on-line since 09/07/2006 15:46:23 320 on-line since 09/07/2006 15:46:23 321 on-line since 09/07/2006 15:46:23 322 on-line since 09/07/2006 15:46:23 323 on-line since 09/07/2006 15:46:23 324 on-line since 09/07/2006 15:46:23 325 on-line since 09/07/2006 15:46:23 326 on-line since 09/07/2006 15:46:23 327 on-line since 09/07/2006
bge problems on HP DL360 G4p with -current
Hi, I'm running an OpenBSD/i386 recent snapshot on a few 'HP DL360 G4p's, all seems good apart from the first NIC (bge0) will not see the LAN. An 'ifconfig bge0' output cycles between media: Ethernet autoselect (none) and media: Ethernet autoselect (loopback), with status: no carrier and will not connect to the LAN. However if I relocate the cable to bge1 then it connects perfectly and 'ifconfig bge1' shows media: Ethernet autoselect (1000baseT full- duplex) and status: active. I've tried 5 identical machines, with different switch ports and cables, and behaviour is consistent: bge0 always fails, and bge1 always works. I've also tried moving the NICs from IRQ 7 to IRQ5, (they are forced to use same IRQ) in the BIOS without effect. Thus I'm pretty sure the problem is not switch, cabling or server hardware. Adding the debug flag on bge0 reveals nothing in logs. In the short term I can run on just bge1, but I'm hoping to do NIC/ switch redundancy via trunk(4) so I'll need bge0. Any suggestions greatly recieved. Full dmesg below. thanks, /Pete [EMAIL PROTECTED] ~cat /var/run/dmesg.boot OpenBSD 4.0-current (GENERIC) #1134: Mon Oct 2 19:44:53 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.40GHz (GenuineIntel 686-class) 3.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS- CPL,EST,CNXT-ID,CX16 cpu0: EST: strange msr value 0x112d112d real mem = 2147000320 (2096680K) avail mem = 1950441472 (1904728K) using 4256 buffers containing 107454464 bytes (104936K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (73 entries) bios0: HP ProLiant DL360 G4p pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev 0x00) pcibios0: PCI bus #13 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x4000! 0xee000/0x2000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0c ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0c pci1 at ppb0 bus 13 ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0c pci2 at ppb1 bus 6 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 7 ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci4 at ppb3 bus 10 ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0c pci5 at ppb4 bus 3 ppb5 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci6 at ppb5 bus 2 ciss0 at pci6 dev 1 function 0 Compaq Smart Array 64xx rev 0x01: irq 7 ciss0: 1 LD, HW rev 1, FW 2.68/2.68 scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL VOLUME, 2.68 SCSI0 0/ direct fixed sd0: 140006MB, 140006 cyl, 64 head, 32 sec, 512 bytes/sec, 286734240 sec total bge0 at pci6 dev 2 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 7, address 00:18:fe:32:1e:08 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci6 dev 2 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 7, address 00:18:fe:32:1e:07 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6300ESB USB rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 7 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci7 at ppb6 bus 1 vga1 at pci7 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq iLO rev 0x01 at pci7 dev 4 function 0 not configured Compaq iLO rev 0x01 at pci7 dev 4 function 2 not configured ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 6300ESB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 2.03 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0
Re: Custom kernel for Soekris net4801-50
Richard P. Koett wrote: I'm setting up a Soekris net4801-50 (128 Mb RAM) for use as a firewall. For storage it has a 40Gb IDE drive rather than compact flash. For my first attempt I used a generic install of OpenBSD 3.9. The user complained that Internet access seemed slow, however. I'm planning to try again using a custom kernel based on the config file included with Chris Cappuccio's Flashdist installer. (A copy is provided below for reference). Is this a good idea? Are you using PPPOE in your setup ? It may be the culprit of your bad performance. I've setup 4 Soekris 4501 boxes as routers for small offices with an ADSL link to the Internet. For one of this installations, the ADSL link speed was above 1 Mb/s (8Mb/s), and when using the userland PPPOE the CPU load was around 75% and the available bandwith was poor. After modifying the configuration to use the kernel PPPOE instead, the CPU load and the available bandwith became normal. With ADSL links at 512kb/s I've not seen any difference in CPU load or throughputs between userland and kernel PPPOE. I've always used unmodified OpenBSD kernel with Soekris boxes. See: Kernel PPPOE: http://www.openbsd.org/cgi-bin/man.cgi?query=pppoesektion=4 Userland PPPOE: http://www.openbsd.org/cgi-bin/man.cgi?query=pppoesektion=8
Re: Cross compiling
Hi, John I have an idea, but not a tutorial: The first things you need are the toolchains for the new platform or even architecture, including the new compiler and the new binary utilities, i.e. ld, nm, as, etc. You need to specify the target as sparc64-unknown-openbsd3.9 or something else, depending on what target system you want. Yep, to get a whole running target system you also need to rebuild your compiler and your binary utilities, in which the compiler and the binary utilities are built for a second time using the compiler/binary utilities for the target system. I have had a hand in cross-compiling gcc and binutils on an i386 Linux- 2.4 box, but I'm still not quite sure if this also applies to *BSD. Anyway, hope this idea works. Good luck. Jason On 10/6/06, John Tate [EMAIL PROTECTED] wrote: How would I go about cross compiling OpenBSD from i386 to sparc64? I am just interested because I want to build a system from a faar faster processor if possible. John. -- Faced with the fact that Intelligent Design doesn't meet the criteria for a scientific theory, leading proponent redefines what a scientific theory is. Result: Astrology now a scientific theory.
Re: 'flags S/SA keep state' now the default
On 10/6/06, Ryan McBride [EMAIL PROTECTED] wrote: I've just committed code based on a suggestion made by Daniel Hartmeier to make flags S/SA keep state the default for rules. Very cool. Thank you.
Re: [OT] Re: Letter to OLPC
On Oct 6, 2006, at 6:57 AM, Girish Venkatachalam wrote: Mostly people who applaude such endeavours *do not have any idea* of the issues of the third world countries. I am not angry Jack. But When I find people *over nobleizing* at the expense of the 3rd world countries I think I need to say this. We are, I think, in violent agreement on this subject. What you say is the point I was trying to make. I was concerned that the subject being discussed was being treated with reference only to *our* community's (the Open Source community's) needs and not with reference to the needs of the nominal beneficiaries, the children of the Third World. It appears to me now that these two frames of reference are aligned more closely than I had realized. As an aside, isn't it interesting how communication on the Internet about our day-to-day work and technical concerns grants us greater understanding of critical world issues than possibly our leaders possess!? -- Jack J. Woehr Director of Development Absolute Performance, Inc. [EMAIL PROTECTED] 303-443-7000 ext. 527
Re: Custom kernel for Soekris net4801-50
Laurent Salle wrote: Richard P. Koett wrote: I'm setting up a Soekris net4801-50 (128 Mb RAM) for use as a firewall. For storage it has a 40Gb IDE drive rather than compact flash. For my first attempt I used a generic install of OpenBSD 3.9. The user complained that Internet access seemed slow, however. I'm planning to try again using a custom kernel based on the config file included with Chris Cappuccio's Flashdist installer. (A copy is provided below for reference). Is this a good idea? Are you using PPPOE in your setup ? It may be the culprit of your bad performance. I've setup 4 Soekris 4501 boxes as routers for small offices with an ADSL link to the Internet. For one of this installations, the ADSL link speed was above 1 Mb/s (8Mb/s), and when using the userland PPPOE the CPU load was around 75% and the available bandwith was poor. After modifying the configuration to use the kernel PPPOE instead, the CPU load and the available bandwith became normal. With ADSL links at 512kb/s I've not seen any difference in CPU load or throughputs between userland and kernel PPPOE. I've always used unmodified OpenBSD kernel with Soekris boxes. See: Kernel PPPOE: http://www.openbsd.org/cgi-bin/man.cgi?query=pppoesektion=4 Userland PPPOE: http://www.openbsd.org/cgi-bin/man.cgi?query=pppoesektion=8 Laurent: I'm not using PPPoE but I appreciate the information. I've decided to stick with a generic kernel also. Thanks, RPK.
Re: Slogan for OpenBSD goodies
On 10/6/06, Jason Mao [EMAIL PROTECTED] wrote: Hi, Bruno I think that depends on your definiton for the word free. Best rgds, Jason On 10/6/06, Bruno Carnazzi [EMAIL PROTECTED] wrote: Hi misc, I was thinking to a slogan that could be printed on some openbsd goodies : Free software can't exist without Free hardware. I think this is really the core of the current free software problem. Best regards, Bruno. s/Free/Open/g
Re: Slogan for OpenBSD goodies
Hi, Samurai Well, software may be open, but how could hardware be open in the same way as software? Anyway, this is also a neat idea, in that this is OpenBSD rather than FreeBSD. Jason On 10/7/06, Samurai Chef [EMAIL PROTECTED] wrote: On 10/6/06, Jason Mao [EMAIL PROTECTED] wrote: Hi, Bruno I think that depends on your definiton for the word free. Best rgds, Jason On 10/6/06, Bruno Carnazzi [EMAIL PROTECTED] wrote: Hi misc, I was thinking to a slogan that could be printed on some openbsd goodies : Free software can't exist without Free hardware. I think this is really the core of the current free software problem. Best regards, Bruno. s/Free/Open/g
Re: OpenOSPFD Redistribution
Claudio Jeker a icrit : On Wed, Oct 04, 2006 at 09:21:22PM -0400, Nick Davey wrote: Hello, I was wondering if there was a way to control if the routes redistributed by openospfd are advertised as type 1 or type 2 external routes. Also, is there a way to specify a metric on redistributed routes? Currently all as-external routes are announced with a default metric of 100 and as type 1 routes. I planned to add support for a set metric and set type type option for the redistribute keyword but had no time to finish the implementation. That would just rock =] -- Ronnie Garcia r.garcia at ovea dot com
FTP Account Lockout
Hello list, The company I work for is required to get PCI (Payment Card something-or-other) certified in order to keep doing some of the things that we are doing with credit card payments. When I started working here it was an all MS shop, including the FTP server. In order to help secure things (at all), I talked the boss into letting me setup an OpenBSD server as the FTP server instead of windows2003. Since then, I have also setup firewalls, mail server, IDS etc. all based upon OpenBSD (and loving every minute of it). However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. I haven't been able to find any ftp software that does that. The FTP server that ships with OpenBSD uses system accounts, and I haven't figured out how to do that there either. If I don't get this figured out soon, The boss will loose patience and I will be right back to MS hell trying to secure a win2003 ftp server just because it will lockout an account that fails login 3 times in a row. (and then probably figure out how to setup a win2003 firewall, IDS, exchange server, etc etc etc... you get the pic) If anyone has any suggestions, please let me know. thanks. Stuart van Zee [EMAIL PROTECTED]
Re: [ way... OT ] ho hum
On Fri, 6 Oct 2006 16:04:30 +0100 [EMAIL PROTECTED] (Craig Skinner) wrote: On Mon, Sep 11, 2006 at 05:59:17AM +0200, Johan SANCHEZ wrote: On Sun, 10 Sep 2006 20:18:25 +0100 [EMAIL PROTECTED] (Craig Skinner) wrote: Another weekend at work: # uname -a SunOS X 5.10 Generic_XX sun4u sparc SUNW,Sun-Fire-15000 # uname -X System = SunOS Node = XX Release = 5.10 KernelID = Generic_XX Machine = sun4u BusType = unknown Serial = unknown Users = unknown OEM# = 0 Origin# = 1 NumCPU = 144 # id uid=0(root) gid=0(root) Maybe one day this could have a great dmesg.., not to mention the rest of the cluster. Be patient :)) psrinfo ??? prtdiag ??? scswitch ?? Sorry for the delay, back at work this week. This is one of many crash boxes for customers to try out. I'll see what can be done WRT an OBSD boot. Oh, and yes, the amount of RAM for the machine is measured in TB, not GB. i'm a bit familiar with such amount Really nice toy :) scswitch: not found You have to install Suncluster and it s not in the standard path :) prtconf output probably not relevant prtconf -Pv has a nice output :) cheers
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Martin Schrvder wrote: 2006/10/6, Adam [EMAIL PROTECTED]: Its complete and utter nonsense actually. The linux kernel is used in closed source products all the time, it has no effect there just like it Please show us one example of a closed source Linux device. Sure, the broadcom wireless device inside the linksys routers. Yes, they are open source devices, you can get the linux distribution from linksys, but good luck getting source for their blobs. On the contrary closed source Linux systems have been forced (even in court) to deliver the sources. This is impossible with BSD. Some yes, at the expense of other freedoms. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: Slogan for OpenBSD goodies
On 10/6/06, Jason Mao [EMAIL PROTECTED] wrote: Hi, Samurai Well, software may be open, but how could hardware be open in the same way as software? You must be trolling. The furor of the last couple of days (and the last few months/years of background work) is all about open hardware. Open hardware means not needing magical blobs in the OS to run. Open hardware means making register documentation available to those who wish to write drivers. Open hardware means having complete and accurate documentation. That rules out NICs that need to have a blob in the driver, rather than just poking stuff into the chip's registers and leaving the firmware to figure it out. That rules out video cards that are minimially functional VESA devices, but need undocumented magic to do hardware acceleration. That rules out RAID controllers that don't allow you to read a couple of bytes to query array status, or send a couple of bytes to start a rebuild. None of that needs to be proprietary... Now if you're not satisfied with hardware being black boxes that seem to do the right thing when you poke registers the right way, look at the various projects hosted by OpenCores[1] or the LEON[2] GPLed SPARCv8 clone. Of course, you still need to trust your FPGA... [1] http://www.opencores.org/browse.cgi/by_category [2] http://www.gaisler.com/cms4_5_3/index.php?option=com_contenttask=viewid=13Itemid=53 -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: [MAYBE SPAM] Can't start symux -- symux: could not get a semaphore
On Thu, Oct 05, 2006 at 11:39:25PM -0300, Marcos Laufer wrote: I have a problem starting symux on OpenBSD 3.7, it was working fine untill today that the machine crashed leaving no log at all, and when i went up again something went wrong with symux, maybe someone knows what's going on. I run the following command to start it: /usr/local/libexec/symon su -m nobody -c /usr/local/libexec/symux and i get this in /var/log/messages: Oct 5 23:29:01 srv1 symux: symux version 2.67 Oct 5 23:29:01 srv1 symux: could not get a semaphore symon starts properly, i get no error or problem, but symux shows that message and doesn't start. [snip] Best Regards, Marcos Laufer What does ipcs show you? -Damian
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Martin Schrvder [EMAIL PROTECTED] wrote: 2006/10/6, Adam [EMAIL PROTECTED]: Its complete and utter nonsense actually. The linux kernel is used in closed source products all the time, it has no effect there just like it Please show us one example of a closed source Linux device. They are all over the place, tons of random little devices are running some form of linux. Very few seem to be actually obeying all the rules of the GPL. Half of the devices Dlink ships for instance. On the contrary closed source Linux systems have been forced (even in court) to deliver the sources. This is impossible with BSD. No, some have been pressured with the threat of court, and sorta gave in. But they still keep portions closed, they just put up the source for the kernel, which you could already get anyways. They still keep drivers secret little blobs. Dlink has agreed to CD because of the courts in Germany, but they have not opened up the source to the device in question. Nobody can be forced to deliver the sources, GPL or BSD. At best they can be forced to CD, and pay court costs. They can *choose* to GPL their code instead if they prefer that option. If the GPL has helped out linux so much by forcing companies to open up their code, then please feel free to point out what code that is. IBM and SGI may have GPLed a couple filesystems, but they were not forced to, and linux was already plenty popular by then. Adam
Re: FTP Account Lockout
The company I work for is required to get PCI (Payment Card something-or-other) certified in order to keep doing some of the things that we are doing with credit card payments. Payment Card Industry Data Security Standard [snip] However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. You mean besides the fact that you're running FTP at all, right? - PCI requires that all passwords are encrypted in transmission, and FTP doesn't do this. - Depending on how you interpret the wording, PCI either prohibits or strongly discourages the use of FTP from 'untrusted' networks/hosts Consider replacing your FTP solution with scp/sftp. -Ryan -- Ryan T. McBride, CISSP - [EMAIL PROTECTED] Countersiege Systems Corporation - http://www.countersiege.com PGP key fingerprint = 5A63 31A0 B2E0 4A64 3D16 C474 99A7 BEFE F9BA A8E0
Re: Letter to OLPC
Hi Sij Getting a laptop to a child for low cost seems to be a noble idea on the outside. add a *3rd-world country* phase and you get a more polished *charity painted/noble* image. Here that is a called charity bizness and unfortunately it s common fact I don't think OLPC it that great!. It is another form of business. They have seen a market. They want to reach it. thats all! Yep there's nothing else they just want new customers i can imagine they won't give those laptop for but a international organization will pay those. As with free software they 'll say we made it we gave laptop to 3rd world countries but not they did. Cheers
Problems with traffic shaping
my internet bandwith is getting slower slower i have doubts about my traffic
shaping .
how to find out whats wrong ? which clients is doing what with my bandwith .
also have a look at my traffic shaping is it ok ?
intif=epic0
intnet=10.0.0.0/16
extif=fxp0
extad=192.168.0.2
intad=10.0.0.1
chadd=10.0.0.1
servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6
mailserver=10.0.0.2
vip=10.0.4.8
ports = 21 22 25 53 80 110 119 123 143 443 465 554 900 995 1755 1863 1999 3000
3020 2020 3389 5000 5001 5050 5100 5190 6667
allif={$extif, intif}
table allowedclients persist file /etc/allowedclients
table blockedclients persist file /etc/blockedclients
table servers persist file /etc/servers
scrub in all
altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp
}
queue ftp bandwidth 5% cbq(borrow red)
queue www bandwidth 30% cbq(borrow red)
queue msn bandwidth 20% cbq(borrow red)
queue https bandwidth 20% cbq(borrow red)
queue ssh bandwidth 5% cbq(borrow red)
queue def bandwidth 10% cbq(default borrow red)
queue smtp bandwidth 10% cbq
nat on $extif inet proto {icmp, tcp, udp } from servers to any - $extad
nat on $extif inet proto {tcp, udp } from allowedclients to any port \
{ $ports } - $extad
rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080
rdr on $extif proto tcp from any to $extad port 110 - $mailserver port 110
rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25
rdr on $extif proto tcp from any to $extad port 4661 - $vip port 4661
rdr on $extif proto udp from any to $extad port 4672 - $vip port 4672
rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80
#rdr on $intif proto tcp from any to $intad port 80 - $mailserver port 80
pass out on $extif inet proto { tcp, udp } from allowedclients to any port {
$ports }
pass out on $extif inet proto { tcp, udp } from $vip to any
pass in on extif proto tcp from allowedclients to any port msn queue msn
pass in on extif proto tcp from allowedclients to any port ssh queue ssh
pass in on extif proto tcp from allowedclients to any port www queue https
pass in on extif proto tcp from allowedclients to any port www queue www
pass in on extif proto tcp from allowedclients to any port smtp queue smtp
pass in on extif proto tcp from allowedclients to any port ftp queue ftp
pass out on extif inet proto udp from any to allowedclients port msn queue msn
pass out on extif inet proto udp from any to allowedclients port ssh queue ssh
pass out on extif inet proto udp from any to allowedclients port www queue \
https
pass out on extif inet proto udp from any to allowedclients port www queue www
pass out on extif inet proto udp from any to allowedclients port smtp queue \
smtp
pass out on extif inet proto udp from any to allowedclients port ftp queue ftp
thanks
*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Re: FTP Account Lockout
Ryan, Thanks for your input. I have been gently pushing those who make the decisions here towards sftp for some time now; however, ultimately that is one decision that is out of my hands. According to the inspector that is doing our PCI inspection the only requirement we haven't met as reguards to our FTP server is the one for locking out an account that has failed 3 times in a row. Personally I think that this requirement is rather dumb and adds little to security, but we have to do what the inspector wants if we want certification. I have told my supervisor of your thoughts as to encrypted passwords (or the lack of in FTP) so we'll see if that helps. Thanks again, stuart You mean besides the fact that you're running FTP at all, right? - PCI requires that all passwords are encrypted in transmission, and FTP doesn't do this. - Depending on how you interpret the wording, PCI either prohibits or strongly discourages the use of FTP from 'untrusted' networks/hosts Consider replacing your FTP solution with scp/sftp. -Ryan
Re: FTP Account Lockout
On Fri, 2006-10-06 at 12:56 -0400, stuartv wrote: However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. I haven't been able to find any ftp software that does that. The FTP server that ships with OpenBSD uses system accounts, and I haven't figured out how to do that there either. I was faced with a similar situation a couple of years ago. What I did was use PureFTPd (availabe in ports) which allows you to write your own authentication backend. I wrote mine in perl and stored everything I needed in a SQL database. not the safest, or most stable solution, but given the requirements of the project it worked really well and allowed for easy administration. of course, normal disclaimers apply...your server will only be as secure (if you can call FTP secure) as your custom authentication program is. hope this helps. ryanc -- Ryan Corder [EMAIL PROTECTED] Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Problems with traffic shaping
On Fri, Oct 06, 2006 at 09:57:16AM -0700, S t i n g r a y wrote: my internet bandwith is getting slower slower i have doubts about my traffic shaping . how to find out whats wrong ? which clients is doing what with my bandwith . snip Watch the numbers in pfctl -vvsq and see if everything is in the correct queues. thanks *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Regards, ahb
Re: mount_null replacement?
On Fri, Oct 06, 2006 at 11:16:46AM +0200, Rogier Krieger wrote: On 10/4/06, G 0kita [EMAIL PROTECTED] wrote: I notice mount_null was dropped as of OpenBSD 3.8, can someone tell me first of all why this was done [...] Various comments to the likes of 'turd polishing' can be found in the misc@ archives. IIRC, the developers gave up on this piece of functionality as it just wouldn't work reliably. See the archives and commit logs for a more detailed description. Specifically I'm looking to have a writable directory mounted read-only in another location. As another poster suggested, you can probably get away with local NFS mounts. Those have worked for me since 3.8, although I never put them to antthing resembling a stress test. YMMV. If 70,000 hits/hour to a mod_perl website running in the chroot with /usr/local/libdata/perl5 and /usr/libdata/perl5 brought in this way counts as a stress test, then this method works fine. I am very happy with this method and use it both at work and for a small NGO I support. It works much better than the null mounts I had going previously. -Dan -- Burnished gallows set with red Caress the fevered, empty mind Of man who hangs bloodied and blind To reach for wisdom, not for bread. -- Deoridhe Grimsdaughter
Re: Letter to OLPC
if they want to fix third world countries they should start with the governments, this seems more like a marketing excercise Unfortunately, fixing the government while maintaining the universal democracy that is practically insisted upon by the USA as world uber-cop makes that a very difficult task. Democracy gets you the government you deserve, not the govenment that will fix your problems, and this is natural. If the electorate is hungry and ill educated they will vote (or help) the first and best alternative to stop that and the hell with any long term consequences. (The same is still true in the west just on a grander scale..) While the west got to get working democratic government up and running while effectively preventing the unwashed masses from voting, thereby giving them time to get things in place to educate the same before allowing it. The same is typically frowned upon in third world countries when the you must have democracy stick has the carrot hung to it or is shoved up the victim's nether regions as the case may be. Education is the only thing that mitigates the manipulation of the electorate by those seeking office. Personally, I think big chunks of Africa growing up motherless and fatherless due to aids, war, and hunger is a hell of a lot more of a problem than whether or not they have a laptop. You can get a perfectly good technological education without a computer. I did. You can't learn worth a shit if you're sick, starving, or being shot at. -Bob
Re: Can't start symux -- symux: could not get a semaphore
Marco , that did it! It worked just by increasing this two: kern.seminfo.semmni=256 kern.seminfo.semmns=2048 I'm copying to the list in order others can benefit from this too. Thanks a lot ! Marcos Laufer - Original Message - From: Marco Pfatschbacher [EMAIL PROTECTED] To: Marcos Laufer [EMAIL PROTECTED] Sent: Friday, October 06, 2006 5:16 AM Subject: Re: Can't start symux -- symux: could not get a semaphore I don't recall exactly what was the problem, but we've run into this as well. You could try to increase some of the kern.seminfo values with sysctl(8). Or use this patch against symux: --- symux/symux.h.orig Wed Nov 23 13:30:08 2005 +++ symux/symux.h Wed Nov 23 13:26:02 2005 @@ -46,6 +46,6 @@ #define SYMUX_MAXREADTRIES 5 /* Number of data slots for clients in shared memory */ -#define SYMUX_SHARESLOTS 20 +#define SYMUX_SHARESLOTS 3 #endif /* _SYMUX_SYMUX_H */
Re: Letter to OLPC
On Fri, Oct 06, 2006 at 01:24:13PM -0600, Bob Beck wrote: if they want to fix third world countries they should start with the governments, this seems more like a marketing excercise Unfortunately, fixing the government while maintaining the universal democracy that is practically insisted upon by the USA as world uber-cop makes that a very difficult task. Democracy gets you the government you deserve, not the govenment that will fix your problems, and this is natural. If the electorate is hungry and ill educated they will vote (or help) the first and best alternative to stop that and the hell with any long term consequences. (The same is still true in the west just on a grander scale..) While the west got to get working democratic government up and running while effectively preventing the unwashed masses from voting, thereby giving them time to get things in place to educate the same before allowing it. The same is typically frowned upon in third world countries when the you must have democracy stick has the carrot hung to it or is shoved up the victim's nether regions as the case may be. Education is the only thing that mitigates the manipulation of the electorate by those seeking office. Personally, I think big chunks of Africa growing up motherless and fatherless due to aids, war, and hunger is a hell of a lot more of a problem than whether or not they have a laptop. You can get a perfectly good technological education without a computer. I did. You can't learn worth a shit if you're sick, starving, or being shot at. Well said. It is amazing that more people don't get this. Perhaps the laptops could be shipped with a pack of vitamins, a loaf of bread, and light body armor? -Rick
Re: Letter to OLPC
On Fri, 6 Oct 2006, Bob Beck wrote: Unfortunately, fixing the government while maintaining the universal democracy that is practically insisted upon by the USA as world uber-cop makes that a very difficult task. Democracy gets you the wait, wait, it's only insisted on as long as you aren't a Central Asian Republic, then the curent US Gov't administration gives them as much time as required to achieve democracy. SNIP While the west got to get working democratic government up and running while effectively preventing the unwashed masses from voting, thereby giving them time to get things in place to educate the same before allowing it. The same is typically frowned upon in third world countries when the you must have democracy stick has the carrot hung to it or is shoved up the victim's nether regions as the case may be. Education is the only thing that mitigates the manipulation of the electorate by those seeking office.
Mailman archiving problems
Sorry for posting to this list, but I posted to ports@ and got no responses. I've installed the newest version of mailman from packages, mailman-2.1.8p0. I'm using mm-handler instead of adding all the appropriate address in virtusertable. I've done everything correctly (I've installed in the past several times and it worked fine, this is a new installation on a new machine) as far as I can tell. Messages get sent properly to all lists but they're not getting archived. I've checked all the defaults in Defaults.py and they're the way they're supposed to be. Permissions in /var/spool/mailman/archives/* don't seem to be a problem because if I change _mailman's shell I can create files in those directories. Has anyone had any problems similar to this or gotten mailman this version of mailman to work on 3.9?
Re: Cross compiling
John Tate wrote: How would I go about cross compiling OpenBSD from i386 to sparc64? I am just interested because I want to build a system from a faar faster processor if possible. In general, cross-compiling isn't supported on OpenBSD, except when bringing up a new architecture. Why not just use binaries?
Re: Problems with traffic shaping
What is your Internet connection? Is it symmetric or asymmetric? Joe On 10/6/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: On Fri, Oct 06, 2006 at 09:57:16AM -0700, S t i n g r a y wrote: my internet bandwith is getting slower slower i have doubts about my traffic shaping . how to find out whats wrong ? which clients is doing what with my bandwith . snip Watch the numbers in pfctl -vvsq and see if everything is in the correct queues. thanks *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Regards, ahb
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Its complete and utter nonsense actually. The linux kernel is used in closed source products all the time, it has no effect there just like it Please show us one example of a closed source Linux device. Sure, the broadcom wireless device inside the linksys routers. Yes, they are open source devices, you can get the linux distribution from linksys, but good luck getting source for their blobs. Another example is the Zaurus. From sharp it runs Linux. It has SD/SDIO support, but as a .o file, linked against the kernel. Sharp never published source for the SD/SDIO support. Noone even said anything about it. Unfortunately, there are hundreds of other examples, I am sorry to say. Even today the Linux kernel tree is full of non-free components, for example firmwares. Let's not talk about GPL and source and all that. Yes, there are problems there. But even more basic problems exist, because these particular firmwares don't even terms granting re-distribution rights to Linus and the other vendors! These are not just files which violate the GPL concepts their community stands for -- copyright law actually considers them to be STOLEN (because no distribution rights are granted). But don't take my word for it. Go read the debian.vote mailing list. So please don't come our lists arguying that we are breaking pseudo-rules we never made promises about, when you are coming as a representative of a community of people who break laws.
Setting up IPSEC VPN to Cisco IOS (Old fashioned way)
I'm trying to setup an IPSEC connection between OpenBSD3.9 Cisco IOS 12.3 using pre-shared keys authentication the old fashioned way. (One step at a time) However, I can't get the tunnel to come up. Looking at the output from isakmpd -DA=90 (Full text below) I *suspect* the culprit is about here: 222811.703944 Exch 90 exchange_validate: checking for required SA 222811.703992 Misc 30 ipsec_responder: phase 1 exchange 2 step 0 222811.704041 Cryp 60 hash_get: requested algorithm 1 222811.704094 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 1 ok 222811.704160 SA 80 sa_add_transform: proto 0x7f166d00 no 1 proto 1 chosen 0x82746e00 sa 0x7c2f1e00 id 1 222811.704298 Negt 70 attribute_unacceptable: attr GROUP_DESCRIPTION does not exist in 3DES-SHA-SHARED 222811.704348 Negt 20 ike_phase_1_validate_prop: failure 222811.704396 Negt 30 message_negotiate_sa: proposal 1 failed 222811.704441 Default message_negotiate_sa: no compatible proposal found 222811.704508 Default dropped message from 192.168.246.247 port 500 due to notification type NO_PROPOSAL_CHOSEN However, I don't know what to do to fix it. A google on some of these messages doesn't appear to reveal anything relavent (apart from the config is wrong !) Can someone help me by telling me what I should do to try to correct this, please ? Thank you, GTG Below is the full output from ISAKMPD -DA=90, the isakmpd.conf, the debug output from the Cisco, plus the relavent parts of the Cisco conf. 222752.784361 Misc 20 udp_make: transport 0x7f58dfc0 socket 7 ip 192.168.247.28 port 500 222752.784419 Trpt 70 transport_setup: added 0x7f58dfc0 to transport list 222752.784493 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.784669 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.784839 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.785008 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.785180 Misc 80 monitor_loop: MONITOR_BIND [priv] 222752.785336 Misc 20 udp_encap_make: transport 0x7f166b80 socket 8 ip 192.168.247.28 port 4500 222752.785392 Trpt 70 transport_setup: added 0x7f166b80 to transport list 222752.785439 Trpt 70 transport_setup: virtual transport 0x7f58df40 222752.785511 Trpt 90 virtual_bind_if: interface rl1 family v6 address fe80:2::240:f4ff:feb8:db4c 222752.785598 Trpt 40 virtual_listen_lookup: no match 222752.785773 Trpt 90 virtual_bind_if: interface rl2 family unknown address invalid 222752.785829 Trpt 90 virtual_bind_if: interface pflog0 family unknown address invalid 222752.785880 Trpt 90 virtual_bind_if: interface pfsync0 family unknown address invalid 222752.785930 Trpt 90 virtual_bind_if: interface enc0 family unknown address invalid 222752.786014 Trpt 50 virtual_init: not binding ISAKMP port(s) to ADDR_ANY 222752.786064 Cryp 60 hash_get: requested algorithm 0 222752.786142 Exch 50 nat_t_setup_hashes: MD5(draft-ietf-ipsec-nat-t-ike-02 ) (16 bytes) 222752.786186 Exch 50 nat_t_setup_hashes: 222752.786270 Exch 50 90cb8091 3ebb696e 086381b5 ec427b1f 222752.786322 Exch 50 nat_t_setup_hashes: MD5(draft-ietf-ipsec-nat-t-ike-03) (16 bytes) 222752.786365 Exch 50 nat_t_setup_hashes: 222752.786446 Exch 50 7d9419a6 5310ca6f 2c179d92 15529d56 222752.786497 Exch 50 nat_t_setup_hashes: MD5(RFC 3947) (16 bytes) 222752.786538 Exch 50 nat_t_setup_hashes: 222752.786620 Exch 50 4a131c81 07035845 5c5728f2 0e95452f 222752.786686 Misc 80 monitor_loop: MONITOR_UI_INIT [priv] 222752.787156 Misc 80 monitor_loop: MONITOR_INIT_DONE [priv] 222752.787265 Timr 10 timer_handle_expirations: event connection_checker(0x7e9ece80) 222752.787353 Timr 10 timer_add_event: event connection_checker(0x7e9ece80) added last, expiration in 60s 222752.787414 SA 90 sa_find: no SA matched query 222752.787460 Sdep 70 pf_key_v2_connection_check: SA for IPSec-remote missing 222752.787557 SA 90 sa_find: no SA matched query 222752.787754 Trpt 70 transport_setup: added 0x7f166bc0 to transport list 222752.787891 Trpt 70 transport_setup: added 0x7f166c00 to transport list 222752.787942 Trpt 70 transport_setup: virtual transport 0x7f166c40 222752.788078 Timr 10 timer_add_event: event exchange_free_aux(0x7c2f1b00) added last, expiration in 120s 222752.788148 Cryp 60 hash_get: requested algorithm 1 222752.788413 Exch 10 exchange_establish_p1: 0x7c2f1b00 ISAKMP-peer-cisco secret-main-mode policy initiator phase 1 doi 1 exchange 2 step 0 222752.788516 Exch 10 exchange_establish_p1: icookie 84df2e923942654e rcookie 222752.788563 Exch 10 exchange_establish_p1: msgid 222752.788644 Mesg 90 message_alloc: allocated 0x88c5e500 222752.788714 SA 80 sa_reference: SA 0x7c2f1c00 now has 1 references 222752.788760 SA 70 sa_enter: SA 0x7c2f1c00 added to SA list 222752.788808 SA 80 sa_reference: SA 0x7c2f1c00 now has 2 references 222752.788860 SA 60 sa_create: sa 0x7c2f1c00 phase 1 added to exchange 0x7c2f1b00 (ISAKMP-peer-cisco) 222752.788910 SA 80 sa_reference: SA 0x7c2f1c00 now has 3 references 222752.789093 Misc 70
X not working with NVIDIA GeForce 7800 GS on amd64
Hi. I recently replaced my ATI X800 with a new NVIDIA GeForce 7800 GS. Checking the nv(4) man page and it states that it supports: [... snipp ...] GeForce 7XXX [... snipp ...] So I setup the corresponding Device section to: Section Device Identifier NVIDIA Driver nv #VideoRam524288 # Insert Clocks lines here if appropriate EndSection (see attached xorg.conf) and started X. Unfortunately X died instantly with signal 8 (SIGFPE): [... snipp ...] (WW) NV(0): remove MTRR 0 - 1000 (--) Depth 24 pixmap format is 32 bpp (WW) NV(0): set MTRR e000 - f000 (WW) NV(0): remove MTRR a - b *** If unresolved symbols were reported above, they might not *** be the reason for the server aborting. Fatal server error: Caught signal 8. Server aborting Please consult the The X.Org Foundation support at http://wiki.X.Org for help. Please also check the log file at /var/log/Xorg.0.log for additional information. [... snipp ...] (Xorg.0.log is also attached). Using the nv driver under Linux (Gentoo) and the X starts and works as expected. The card -listed by pcitweak -l - is: [... snipp ...] PCI: 01:00:0: chip 10de,00f5 card 10b0,0801 rev a2 class 03,00,00 hdr 00 [... snipp ...] System is running OpenBSD 3.9 (GENERIC kernel) from the CDs on amd64. Has someone running an amd64 system with this graphic card? Many thanks in advance, Andreas. P.S.: dmesg is also attached. -- Hobbes : Shouldn't we read the instructions? Calvin : Do I look like a sissy? [demime 1.01d removed an attachment of type application/octet-stream which had a name of xorg.conf] [demime 1.01d removed an attachment of type application/octet-stream which had a name of Xorg.0.log] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg]
anyone know where I can get an IO-DATA USL-5P in the United States?
The subject line sez it all. I've been looking for a small embedded system to run OpenBSD on and very recent commits makes this look interesting. diana
Re: Setting up IPSEC VPN to Cisco IOS (Old fashioned way)
Your security associations in the ike proposals are not the same. Double check what is being proposed on both sides. Gordon Ross wrote: I'm trying to setup an IPSEC connection between OpenBSD3.9 Cisco IOS 12.3 using pre-shared keys authentication the old fashioned way. (One step at a time) However, I can't get the tunnel to come up. Looking at the output from isakmpd -DA=90 (Full text below) I *suspect* the culprit is about here: 222811.703944 Exch 90 exchange_validate: checking for required SA 222811.703992 Misc 30 ipsec_responder: phase 1 exchange 2 step 0 222811.704041 Cryp 60 hash_get: requested algorithm 1 222811.704094 Negt 30 message_negotiate_sa: transform 1 proto 1 proposal 1 ok 222811.704160 SA 80 sa_add_transform: proto 0x7f166d00 no 1 proto 1 chosen 0x82746e00 sa 0x7c2f1e00 id 1 222811.704298 Negt 70 attribute_unacceptable: attr GROUP_DESCRIPTION does not exist in 3DES-SHA-SHARED 222811.704348 Negt 20 ike_phase_1_validate_prop: failure 222811.704396 Negt 30 message_negotiate_sa: proposal 1 failed 222811.704441 Default message_negotiate_sa: no compatible proposal found 222811.704508 Default dropped message from 192.168.246.247 port 500 due to notification type NO_PROPOSAL_CHOSEN However, I don't know what to do to fix it. A google on some of these messages doesn't appear to reveal anything relavent (apart from the config is wrong !) Can someone help me by telling me what I should do to try to correct this, please ? Thank you, GTG Below is the full output from ISAKMPD -DA=90, the isakmpd.conf, the debug output from the Cisco, plus the relavent parts of the Cisco conf. 222752.784361 Misc 20 udp_make: transport 0x7f58dfc0 socket 7 ip 192.168.247.28 port 500 222752.784419 Trpt 70 transport_setup: added 0x7f58dfc0 to transport list 222752.784493 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.784669 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.784839 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.785008 Misc 80 monitor_loop: MONITOR_SETSOCKOPT [priv] 222752.785180 Misc 80 monitor_loop: MONITOR_BIND [priv] 222752.785336 Misc 20 udp_encap_make: transport 0x7f166b80 socket 8 ip 192.168.247.28 port 4500 222752.785392 Trpt 70 transport_setup: added 0x7f166b80 to transport list 222752.785439 Trpt 70 transport_setup: virtual transport 0x7f58df40 222752.785511 Trpt 90 virtual_bind_if: interface rl1 family v6 address fe80:2::240:f4ff:feb8:db4c 222752.785598 Trpt 40 virtual_listen_lookup: no match 222752.785773 Trpt 90 virtual_bind_if: interface rl2 family unknown address invalid 222752.785829 Trpt 90 virtual_bind_if: interface pflog0 family unknown address invalid 222752.785880 Trpt 90 virtual_bind_if: interface pfsync0 family unknown address invalid 222752.785930 Trpt 90 virtual_bind_if: interface enc0 family unknown address invalid 222752.786014 Trpt 50 virtual_init: not binding ISAKMP port(s) to ADDR_ANY 222752.786064 Cryp 60 hash_get: requested algorithm 0 222752.786142 Exch 50 nat_t_setup_hashes: MD5(draft-ietf-ipsec-nat-t-ike-02 ) (16 bytes) 222752.786186 Exch 50 nat_t_setup_hashes: 222752.786270 Exch 50 90cb8091 3ebb696e 086381b5 ec427b1f 222752.786322 Exch 50 nat_t_setup_hashes: MD5(draft-ietf-ipsec-nat-t-ike-03) (16 bytes) 222752.786365 Exch 50 nat_t_setup_hashes: 222752.786446 Exch 50 7d9419a6 5310ca6f 2c179d92 15529d56 222752.786497 Exch 50 nat_t_setup_hashes: MD5(RFC 3947) (16 bytes) 222752.786538 Exch 50 nat_t_setup_hashes: 222752.786620 Exch 50 4a131c81 07035845 5c5728f2 0e95452f 222752.786686 Misc 80 monitor_loop: MONITOR_UI_INIT [priv] 222752.787156 Misc 80 monitor_loop: MONITOR_INIT_DONE [priv] 222752.787265 Timr 10 timer_handle_expirations: event connection_checker(0x7e9ece80) 222752.787353 Timr 10 timer_add_event: event connection_checker(0x7e9ece80) added last, expiration in 60s 222752.787414 SA 90 sa_find: no SA matched query 222752.787460 Sdep 70 pf_key_v2_connection_check: SA for IPSec-remote missing 222752.787557 SA 90 sa_find: no SA matched query 222752.787754 Trpt 70 transport_setup: added 0x7f166bc0 to transport list 222752.787891 Trpt 70 transport_setup: added 0x7f166c00 to transport list 222752.787942 Trpt 70 transport_setup: virtual transport 0x7f166c40 222752.788078 Timr 10 timer_add_event: event exchange_free_aux(0x7c2f1b00) added last, expiration in 120s 222752.788148 Cryp 60 hash_get: requested algorithm 1 222752.788413 Exch 10 exchange_establish_p1: 0x7c2f1b00 ISAKMP-peer-cisco secret-main-mode policy initiator phase 1 doi 1 exchange 2 step 0 222752.788516 Exch 10 exchange_establish_p1: icookie 84df2e923942654e rcookie 222752.788563 Exch 10 exchange_establish_p1: msgid 222752.788644 Mesg 90 message_alloc: allocated 0x88c5e500 222752.788714 SA 80 sa_reference: SA 0x7c2f1c00 now has 1 references 222752.788760 SA 70 sa_enter: SA 0x7c2f1c00 added to SA list 222752.788808 SA 80 sa_reference: SA 0x7c2f1c00 now has 2 references 222752.788860 SA 60 sa_create: sa 0x7c2f1c00 phase 1 added to
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
On Fri, Oct 06, 2006 at 04:10:44PM -0600, Diana Eichert wrote: The subject line sez it all. I've been looking for a small embedded system to run OpenBSD on and very recent commits makes this look interesting. woman you are fast (: there is supposedly a piece sold in .eu (see landisk.html) but then nobody knows for sure... it's a japanese sex toy. cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
On Sat, 7 Oct 2006, mickey wrote: SNIP woman you are fast (: there is supposedly a piece sold in .eu (see landisk.html) but then nobody knows for sure... it's a japanese sex toy. cu -- mickey, thanks for the fast reply. (btw, did you do the h/w serial line driver mod on yours?) yep, but the no-HD system looks interesting to me for some small systems. maybe uemura or someone else in JP could help out with a source? g.day diana
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
On 10/6/06, mickey [EMAIL PROTECTED] wrote: On Fri, Oct 06, 2006 at 04:10:44PM -0600, Diana Eichert wrote: The subject line sez it all. I've been looking for a small embedded system to run OpenBSD on and very recent commits makes this look interesting. Are the I-O Data UHDL-160U and UHDL-300U the right form factor? http://shop.iodata.com/shopping/products.php?cat=HNPsc=HDLpId=UHDL-160Uspec=2#spec woman you are fast (: there is supposedly a piece sold in .eu (see landisk.html) Nevermind the sex toy, what beer is that? but then nobody knows for sure... it's a japanese sex toy. cu Greg
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
I was wondering the same: Shop.iodata.com is currently available to residents living in the United States. We are in the process of developing our Online Store for the greater European and UK markets. Your IP Address [...] is listed as coming from !USA (!USA) If you live in the United States and are seeing this message, please click here to email us, and we will add your IP address to our database.
Re: FTP Account Lockout
On 10/6/06, stuartv [EMAIL PROTECTED] wrote: Hello list, Hi! snip However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. I haven't been able to find any ftp software that does that. The FTP server that ships with OpenBSD uses system accounts, and I haven't figured out how to do that there either. I haven't thought about this too much, but initial testing looks promising. OpenBSD's ftpd run with the -l switch logs failed login attempts to /var/log/xferlog. If you wrote a small daemon that used kqueue(2) to monitor this log file you could parse the xferlog to look for repeated failed attempts at logging in and add that user to /etc/ftpusers and then remove him 30 minutes later. It of course would be better, than this hack, to modify ftpd to keep track of failed logins and internally manage the locking out of accounts themselves, but that might be beyond what you are willing to do. If you are interested mail me off-list and I might be able to help you hack something together. Good luck, Sam
anyone have any nmea(4) stories?
Has anyone set up a GPS to serve as a ntp source yet? Care to share any insights gained? Thanks. j
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
On 2006/10/07 00:02, pedro la peu wrote: Shop.iodata.com is currently available to residents living in the United States. you're in .uk aren't you Pedro? Doesn't look like a problem to find the px-eh25l and px-eh40l (froogle finds plenty of sellers).
Re: Problems with traffic shaping
it is asymmetric *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ - Original Message From: Joe Gibbens [EMAIL PROTECTED] To: Open BSD misc@openbsd.org Sent: Saturday, October 7, 2006 1:21:41 AM Subject: Re: Problems with traffic shaping What is your Internet connection? Is it symmetric or asymmetric? Joe On 10/6/06, Andreas Bihlmaier [EMAIL PROTECTED] wrote: On Fri, Oct 06, 2006 at 09:57:16AM -0700, S t i n g r a y wrote: my internet bandwith is getting slower slower i have doubts about my traffic shaping . how to find out whats wrong ? which clients is doing what with my bandwith . snip Watch the numbers in pfctl -vvsq and see if everything is in the correct queues. thanks *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$ Regards, ahb
Re: X not working with NVIDIA GeForce 7800 GS on amd64
Andreas Maus wrote: Hi Andreas, two comments. First... [demime 1.01d removed an attachment of type application/octet-stream which had a name of xorg.conf] [demime 1.01d removed an attachment of type application/octet-stream which had a name of Xorg.0.log] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg] Attachments are stripped on misc@ emails. Second, have you verified that you *need* an xorg.conf? X.org now auto-detects many things for you. You may be fine without one, or you may find that you only need certain sections of the configuration file. If that doesn't work, try again but including the three files in line. -- Matthew Weigel
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
On Fri, 6 Oct 2006 03:50:38 +0159, Han Boetes wrote: In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. Bullshit! Now don't quote me that specious crap about how free speech is limited by no freedom to falsely cry Fire! in a crowded theatre. That is the refuge of philosophy 101 students or shitheads who only advance it so that they can gloat about the stupidity of someone who did not recognise the trick. You are free to spout whatever crap you espouse. You yourself never fought for that right but I won't deny you that right. Somebody may call you to account for abusing that freedom. Like now. Your puerile confusion of freedoms of speech or thought with free software (as we know it) does not do more than deomonstrate your lack of maturity and a need for some training of your brain's crap detector. If it is not atrophied, that is. I was an IBM Linux instructor until a couple of years ago and I can tell you for certain that your (wishful) thinking about why they (IBM) espouse Linux is wildly astray. Try again. But not here, please. You have woffled on too long and I am waeried of watching your twaddle go by. plonk EOF From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not.
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
On Sat, Oct 07, 2006 at 12:38:05AM +0200, mickey wrote: On Fri, Oct 06, 2006 at 04:10:44PM -0600, Diana Eichert wrote: The subject line sez it all. I've been looking for a small embedded system to run OpenBSD on and very recent commits makes this look interesting. woman you are fast (: there is supposedly a piece sold in .eu (see landisk.html) At least a couple of stores in .nl [1] and one in .at [2]. (The Plextor's) Cheers, Jasper but then nobody knows for sure... it's a japanese sex toy. cu -- paranoic mickey (my employers have changed but, the name has remained) 1: http://www.beslist.nl/computers/d130260/Plextor_Professional_Network_Hdd_(_PX-EH25L-T3_).html 2: http://www.1ashop.at/webshopServlet?searchCategory=0cmd=findensearchtext=plextorpage=1allwords=true -- Humppa is a serious thing! NedBSD: http://nedbsd.nl
Re: anyone have any nmea(4) stories?
On 10/6/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Has anyone set up a GPS to serve as a ntp source yet? Care to share any insights gained? Thanks. j inserts USB GPS device uplcom0 at uhub1 port 4 uplcom0: Prolific Technology PL2303 Serial, rev 1.10/2.02, addr 4 ucom0 at uplcom0 # nmeaattach cuaU0 # sysctl hw.sensors.30 hw.sensors.30=nmea0, GPS, 0.77 secs, OK, Fri Oct 6 21:23:53.453 # echo 'sensor nmea0' /etc/ntpd.conf # date Fri Oct 6 21:29:29 EDT 2006 # date 35 Fri Oct 6 21:35:00 EDT 2006 # sysctl hw.sensors.30 hw.sensors.30=nmea0, GPS, 281.16 secs, OK, Fri Oct 6 21:35:28.815 # ntpd -ds ntp engine ready sensor nmea0 added sensor nmea0: offset -280.827497 no reply received in time, skipping initial time setting sensor nmea0: offset -280.817099 sensor nmea0: offset -280.817388 sensor nmea0: offset -280.841698 sensor nmea0: offset -280.843981 sensor nmea0: offset -280.829276 sensor nmea0: offset -280.840579 snip This goes on forever and the time is never actually adjusted according to the timedelta. The timedelta seems to be working quite well, but ntpd isn't adjusting according to it. What am I doing wrong? I think it would be very useful to make a note about nmeaattach(8) in nmea(4) I almost couldn't find the darn thing. Index: nmea.4 === RCS file: /cvs/src/share/man/man4/nmea.4,v retrieving revision 1.9 diff -u -r1.9 nmea.4 --- nmea.4 3 Sep 2006 18:26:05 - 1.9 +++ nmea.4 7 Oct 2006 01:22:36 - @@ -67,6 +67,7 @@ .El .Sh SEE ALSO .Xr tty 4 , +.Xr nmeaattach 8 , .Xr ntpd 8 , .Xr sysctl 8 .Sh HISTORY -Sam
Re: anyone know where I can get an IO-DATA USL-5P in the United States?
Diana Eichert wrote: The subject line sez it all. I've been looking for a small embedded system to run OpenBSD on and very recent commits makes this look interesting. Hm, yes, interesting. http://www.plextor.com/english/products/product_nas.htm has Add to cart USA links, but I couldn't get them to work. Plextor's page also linked to http://www.unityelectronics.com/product-product_id/3623 and http://www.unityelectronics.com/product-product_id/3624. I'm not sure if it's exactly the same thing, it doesn't look like the device in landisk.html or http://www.iodata.jp/prod/storage/hdd/2004/usl-5p/photo/index.htm, but it does look like http://shop.iodata.com/shopping/products.php?cat=HNPsc=HDLpId=UHDL-160U.
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
quote out of context Rod.. Whitworth wrote: On Fri, 6 Oct 2006 03:50:38 +0159, Han Boetes wrote: In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. Bullshit! Now don't quote me that specious crap about how free speech is limited by no freedom to falsely cry Fire! in a crowded theatre. That is the refuge of philosophy 101 students or shitheads who only advance it so that they can gloat about the stupidity of someone who did not recognise the trick. You are free to spout whatever crap you espouse. You yourself never fought for that right but I won't deny you that right. Somebody may call you to account for abusing that freedom. Like now. Your puerile confusion of freedoms of speech or thought with free software (as we know it) does not do more than deomonstrate your lack of maturity and a need for some training of your brain's crap detector. If it is not atrophied, that is. I was an IBM Linux instructor until a couple of years ago and I can tell you for certain that your (wishful) thinking about why they (IBM) espouse Linux is wildly astray. Try again. But not here, please. You have woffled on too long and I am waeried of watching your twaddle go by. plonk EOF From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not. # Han
Re: Letter to OLPC
I totally agree with Siju on this. Living in a 3rd world country, as I guess he also lives, I am pretty sure that a laptop isn't at all important for disadvantaged children, as said. REAL need in our countries are, as previously said, for food, health care and good education. The most urgent of them all is for food, so I could bet anything that a disadvantaged children wouldn't think twice if he/she could sell the useless laptop in exchange for some money, or such. Moreover, there isn't easy access to internet connections in 3rd world countries, so the laptop is even MORE useless than ever. All that said, these disadvantaged children talk is clearly a load of bullshit. No doubt OLPC is after money, and only that. PS: I feel happy everyday to read the emails at [EMAIL PROTECTED] it reinforces my beliefs in truly Free software and, of course, in OpenBSD. Keep it up! On 10/6/06, Siju George [EMAIL PROTECTED] wrote: On 10/6/06, Jack J. Woehr [EMAIL PROTECTED] wrote: Free and open software is a means to an end, rather than the sole end unto itself for OLPC. I was totally stunned by this admission. morally bankrupt, as Bob says, is exactly what is going on. Hmm, sounds like you are saying that abstract goal of unlimited software freedom is a higher goal than providing access to modern technology to disadvantaged children in 3rd-world countries. If the real concern is for *disadvantaged children* in third world countries then giving them a laptop is the most ridiculous idea ever orginated! Some time back I saw a cartoon. One of the 3rd world countries blasted their nuclear bomb and was proud of it. Proud that they were in par with the others in the West. While their people were still begging and starving in the streets and villages. The cartoon showed a poor beggar sitting on the street with torn clothes with the beggars basin to reveive a missile sent to it. In the third world the basic necissities are food, water, clothing, shelter, medical care etc. Disadvantaged children could care less about a stupid laptop when they have had no meal for a week and are tired of the sun while watching their siblings dying of cholera. Getting a laptop to a child for low cost seems to be a noble idea on the outside. add a *3rd-world country* phase and you get a more polished *charity painted/noble* image. I don't think OLPC it that great!. It is another form of business. They have seen a market. They want to reach it. thats all! Mostly people who applaude such endeavours *do not have any idea* of the issues of the third world countries. I am not angry Jack. But When I find people *over nobleizing* at the expense of the 3rd world countries I think I need to say this. Kind Regards Siju -- Felipe Brant Scarel PATUX/OpenBSD Project Leader (http://www.patux.cic.unb.br)
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Is that all you can say to defend your point of view? If you are wrong (and you probably are), you should admit it, not repeat quote out of context as a silly escape. On 10/6/06, Han Boetes [EMAIL PROTECTED] wrote: quote out of context Rod.. Whitworth wrote: On Fri, 6 Oct 2006 03:50:38 +0159, Han Boetes wrote: In my world freedom is something you have to fight for, otherwise it gets taken away. Putting a limit on your freedoms is a good thing. Bullshit! Now don't quote me that specious crap about how free speech is limited by no freedom to falsely cry Fire! in a crowded theatre. That is the refuge of philosophy 101 students or shitheads who only advance it so that they can gloat about the stupidity of someone who did not recognise the trick. You are free to spout whatever crap you espouse. You yourself never fought for that right but I won't deny you that right. Somebody may call you to account for abusing that freedom. Like now. Your puerile confusion of freedoms of speech or thought with free software (as we know it) does not do more than deomonstrate your lack of maturity and a need for some training of your brain's crap detector. If it is not atrophied, that is. I was an IBM Linux instructor until a couple of years ago and I can tell you for certain that your (wishful) thinking about why they (IBM) espouse Linux is wildly astray. Try again. But not here, please. You have woffled on too long and I am waeried of watching your twaddle go by. plonk EOF From the land down under: Australia. Do we look umop apisdn from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server. Your IP address will also be greytrapped for 24 hours after any attempt. I am continually amazed by the people who run OpenBSD who don't take this advice. I always expected a smarter class. I guess not. # Han -- Felipe Brant Scarel PATUX/OpenBSD Project Leader (http://www.patux.cic.unb.br)
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Look at it, he is quoting me out of context. That's not a silly escape, that's a fact. Maybe to you quoting out of context is a legitimate way to fight a discussion, to me it's not. Felipe Scarel wrote: Is that all you can say to defend your point of view? If you are wrong (and you probably are), you should admit it, not repeat quote out of context as a silly escape. # Han
Re: Letter to OLPC
On 06/10/06, Diana Eichert [EMAIL PROTECTED] wrote: On Fri, 6 Oct 2006, Bob Beck wrote: Unfortunately, fixing the government while maintaining the universal democracy that is practically insisted upon by the USA as world uber-cop makes that a very difficult task. Democracy gets you the wait, wait, it's only insisted on as long as you aren't a Central Asian Republic, then the curent US Gov't administration gives them as much time as required to achieve democracy. SNIP U. S. Foreign Policy - even a child can understand it! post comes to mind: http://groups.google.com/group/uk.rec.humour/msg/0059c3a5a272af46 [...] Q: Why? What does a cruel dictator do that makes it OK to invade his country? A: Well, for one thing, he tortured his own people. Q: Kind of like what they do in China? A: Don't go comparing China to Iraq. China is a good economic competitor, where millions of people work for slave wages in sweatshops to make U.S. corporations richer. Q: So if a country lets its people be exploited for American corporate gain, it's a good country, even if that country tortures people? A: Right. Q: Why were people in Iraq being tortured? A: For political crimes, mostly, like criticizing the government. People who criticized the government in Iraq were sent to prison and tortured. Q: Isn't that exactly what happens in China? A: I told you, China is different. Q: What's the difference between China and Iraq? A: Well, for one thing, Iraq was ruled by the Ba'ath party, while China is Communist. Q: Didn't you once tell me Communists were bad? A: No, just Cuban Communists are bad. Q: How are the Cuban Communists bad? A: Well, for one thing, people who criticize the government in Cuba are sent to prison and tortured. Q: Like in Iraq? A: Exactly. Q: And like in China, too? A: I told you, China's a good economic competitor. Cuba, on the other hand, is not. Q: How come Cuba isn't a good economic competitor? [...]
Re: Letter to OLPC
U. S. Foreign Policy - even a child can understand it! post comes to mind: http://groups.google.com/group/uk.rec.humour/msg/0059c3a5a272af46 And this has what to do with OpenBSD? Politics forums are over there -- or wherever. Don't care. It's not here. -- Don't ping my cheese with your bandwidth. -- Mildly retarded consultant, Dilbert
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
Han is some asshole who comes onto our list about every 2-3 weeks and spouts some very vague bullshit to distract people. He wants every argument to become a vague license argument. He refuses to leave our lists. At times, I have times wished that someone would go visit him in person and shut him up. I find it hard to admit this, but people as uneducated and rude as him are rare. Look at it, he is quoting me out of context. That's not a silly escape, that's a fact. Maybe to you quoting out of context is a legitimate way to fight a discussion, to me it's not. Felipe Scarel wrote: Is that all you can say to defend your point of view? If you are wrong (and you probably are), you should admit it, not repeat quote out of context as a silly escape. # Han
Re: GPL = BSD + DRM [Was: Re: Intel's Open Source Policy Doesn't Make Sense]
You lie. You insult. You threaten. I'd love to meet _you_ in person too. Theo de Raadt wrote: Han is some asshole who comes onto our list about every 2-3 weeks and spouts some very vague bullshit to distract people. He wants every argument to become a vague license argument. He refuses to leave our lists. At times, I have times wished that someone would go visit him in person and shut him up. I find it hard to admit this, but people as uneducated and rude as him are rare. # Han
