Gagnez un GPS TomTom pendant 15 jours!
Ce message est au format HTML. Si vous ne parvenez pas ` le lire, cliquez ici. www.guidedesprestataires.com Gagnez un GPS TomTom tous les jours du 31 Mars 2007 au 15 Avril 2007 . Si votre demande de devis est la 126eme de la journie durant cette piriode vous recevrez sous 15 jours votre GPS. Jeux sans obligation d'achat - recevez le rhglement complet du jeux en le demandant par ecrit ` notre service marketing. Le Guide Des Prestataires est une activiti de la sociiti Midia Tilecom SAS - Rcs Criteil 482 024 825 - Premihre visite - Acchs membres - Devenir Prestataire - Conditions ginirales d'utilisation - Qui sommes nous - Plan du site - News-letters- Partenaires ) Midia Tilicom SAS 2007 Afin de vous tenir informi des offres de nos prestataires sans vous occasionner de gjnes,nous vous informons que vous recevrez uniquement 2 lettres d'informations par semaine. Seules les personnes qui disirent s'inscrire GRATUITEMENT ` nos lettres d'informations en recevront une par jour. Conformiment ` la loi Informatique et Libertis du 6 janvier 1978, vous binificiez d'un droit d'acchs, de modification, de suppression et d'opposition aux donnies vous concernant.Si vous souhaitez exercer ces droits, veuillez vous adresser ` MEDIA TELECOM SAS , service marketing, Voie Felix Eboui- 94 000 - Criteil- ou icrire ` [EMAIL PROTECTED] Nous nous engageons ` ne pas communiquer ` des tiers les informations vous concernant sauf si vous nous en donnez l'autorisation. Jeux sans obligation d'achat - recevez le rhglement complet du jeux en le demandant par ecrit ` notre service marketing . Diclaration CNIL N0 119 789. = Cliquez ici pour vous disinscrire
Re: adding video cameras for cms on openbsd.
On Sat, Mar 31, 2007 at 11:16:00PM +, Paul Pruett wrote: Any suggestions for opensource video survelliance applications on OpenBSD? I setup an openbsd server to support a condominium association, and it has been successful using cyrus-imap and drupal. Now I was asked if we could add video cameras and security using the openbsd server. The short answer is yes, the correct answer is maybe :) and what approach depends on coverage and budget I realize a practical discussion is way beyond the scope of this list with questions like, do the cameras do the video capture or have the CTV signal come back to server to capture, and how much done by hardware how much done by software, motion detection could switch from time lapse to full or from quadrant view to active camera?..., and so on, that said... Is anyone using some opensource project or the like on openbsd to coordinate the storage of video and retrieval through a web interface and if so how mature or suggestions? (and maybe embed in drupal or other cms if can) As afore I will do a summary report back to the list for others if I find enough snippets to suggest approaching building survielliance using openbsd and maybe apache/mysql/php or the like. Else a proprietary hardware solution may be considered, since I said emphatically no MSd0ze solution for something supporting 6 - 30 cameras with access to retrieve and view stored video upto several weeks or more. I don't know anything about this, but Dave Feustel daf at a64 dot comcast dot net has been posting messages indicating he's trying to build such a system to comp.unix.bsd.openbsd.misc. You might find some of them helpful, even if Dave sometimes has an original take on things. Joachim
OpenBSD 4.1 X.org and locale problem
In last week I checked OpenBSD 4.1 from snapshot ane when I run xterm xterm -ls -fn -*-fixed-medium-*-*-*-*-130-*-*-*-*-iso8859-2 I have in .profile LANG=pl_PL.ISO8859-2 export=LANG LC_ALL=pl_PL.ISO8859-2 export LC_ALL xterm tell me Locale not supported by Xlib locale set to C What it is ? In OpenBSD 3.9/4.0 i have not this messages and polish keyboard works fine - Finding fabulous fares is fun. Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
Re: Ralink pci on spark64?
On Sun, Apr 01, 2007 at 08:47:13AM +1000, Jonathan Gray wrote: On Sat, Mar 31, 2007 at 04:12:20PM +0200, Maxim Belooussov wrote: Hi, I plan to turn my Sun Ultra 10 into a firewall/access point using a supported Ralink PCI card. But I see on this page http://www.openbsd.org/sparc64.html#hardware that Ralink PCI is not supported by the port. ral man page says that some cards are fuzzy about PCI 2.2, and my Sun Ultra with psycho bus probably doesn't have PCI 2.2. Is this the reason? Maxim Most Ralink cards are 3.3v only, which means your Ultra 10 probably isn't going to work, this is what the note is about. No one with the relevant Ralink hardware has a new enough sparc64 to play with to see if it works, so it is not enabled in the default sparc64 GENERIC kernel. Btw. last time I tested my ral(4) card in an Ultra 10 it did not work. That was about a year ago. I will retry it next week and probably I can find the issues. -- :wq Claudio
Re: Very slow raid performance with ami(4)
Hello, On 2007/03/30 13:18, Roy Kim wrote: I didn't realize there's two different batteries. What does the 'intelligent' version of the battery do extra? LSIiBBU01 (intelligent) has some kind of comms relating to charge state etc, I think it may also have a longer runtime. LSIBBU03 (non-intelligent) doesn't, and was something like a third of the price where I bought mine (scan.co.uk). AFAIK the intelligent BBU has memory onboard so you can swap the controller below in case of failure and turn the machine back on and write the cache back to the disks, that's also why they sell it for this much money. But nobody I know ever bought one or tried that. The dumb ones have been sufficient so far. -sm
Re: Widescreen flat panel
On 3/31/07, Eric Dillenseger [EMAIL PROTECTED] wrote: I tried different ModeLine generators from the net, and tried to do it myself using Xorg' logfile. Not helping me out. I have a Dell 20 inch monitor and it works fine with it's native 1680x1050. I had to tweak the Modeline manually but eventually got it to work. On a oldish S3 card though. But it just might work for you too. Section Monitor Identifier Monitor0 VendorName DEL ModelNameDELL 2007WFP #HorizSync30.0 - 83.0 #VertRefresh 56.0 - 76.0 Option DPMS ModeLine[EMAIL PROTECTED] 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync EndSection
Re: lsi logic sparc64 config?
ami cards need bios assist to function. So unless you have one with fcode on it it will NOT work. On Sat, Mar 31, 2007 at 05:09:48PM -0500, Brian A. Seklecki wrote: megarc(8) has been ported to some non-Linux platforms. MegaCli runs in emulation mode in others (dirty dirty hack). The best bet is a bio(4) interface or a hardware raid that has a non-BIOS/proprietary CLI management interface. ~BAS On Sat, 2007-03-31 at 14:37 +1000, David Gwynne wrote: On 31/03/2007, at 8:16 AM, Bryan Irvine wrote: This might be a little off-topic, but I can't find the answer anywhere. Since the LSI logic sata 150-4 cards need to be configured via the cards bios (at bootup on i386) I can't figure out if there is a way to configure a RAID when using a sparc64 platform. Is this possible? the ami(4) driver isn't enabled on sparc64, so aside from not being able to configure the card in the machine, we're not sure you'll be able to use it either. we have taken care to make it as portable as possible, but i doubt it will work too well. dlg
RAS fingerprint change anoncvs1.usa.openbsd.org ?
I got the following when creating a diff today. Just making sure $ cvs diff -u faq2.html The authenticity of host 'anoncvs1.usa.openbsd.org (204.152.184.203)' can't be established. RSA key fingerprint is 49:67:9a:46:62:8a:3f:4e:b3:63:ca:d6:41:29:2a:2f. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'anoncvs1.usa.openbsd.org,204.152.184.203' (RSA) to the list of known hosts. Index: faq2.html
Re: Widescreen flat panel
On Sunday 01 April 2007 09:22, Srebrenko Sehic wrote: On 3/31/07, Eric Dillenseger [EMAIL PROTECTED] wrote: I tried different ModeLine generators from the net, and tried to do it myself using Xorg' logfile. Not helping me out. I have a Dell 20 inch monitor and it works fine with it's native 1680x1050. I had to tweak the Modeline manually but eventually got it to work. On a oldish S3 card though. But it just might work for you too. Section Monitor Identifier Monitor0 VendorName DEL ModelNameDELL 2007WFP #HorizSync30.0 - 83.0 #VertRefresh 56.0 - 76.0 Option DPMS ModeLine[EMAIL PROTECTED] 119.0 1680 1728 1760 1840 1050 1053 1059 1080 -HSync +VSync EndSection Monitor timing/sync is hardware specific and in some cases, if you get it wrong, you can do permanent damage to your monitor. Use gtf(1) to probe your hardware to figure out timings/sync for your desired resolution/refresh, and then do a sanity check of the reported values against the hardware documentation.
Re: Widescreen flat panel
Hi, I made several tests, again, with no success. I've noticed that using 'Option FlatPanel' in xorg.conf makes X fail to find a suitable mode. Whenever I have a display working, xrandr indicates a 1600x??? or 1680x1200. Below is the xrandr output: SZ:Pixels Physical Refresh 0 1600 x 1200 ( 474mm x 302mm ) 65 60 1 1680 x 1050 ( 474mm x 302mm ) 60 2 1400 x 1050 ( 474mm x 302mm ) 75 60 3 1280 x 1024 ( 474mm x 302mm ) 75 60 4 1280 x 960( 474mm x 302mm ) 60 5 1152 x 864( 474mm x 302mm ) 75 6 1024 x 768( 474mm x 302mm ) 75 70 60 7832 x 624( 474mm x 302mm ) 75 8800 x 600( 474mm x 302mm ) 75 72 65 60 56 9700 x 525( 474mm x 302mm ) 75 60 10 640 x 512( 474mm x 302mm ) 75 60 11 640 x 480( 474mm x 302mm ) 75 73 60 12 576 x 432( 474mm x 302mm ) 75 13 512 x 384( 474mm x 302mm ) 75 70 60 14 416 x 312( 474mm x 302mm ) 75 15 400 x 300( 474mm x 302mm ) 75 72 60 56 16 320 x 240( 474mm x 302mm ) 75 73 60 *17 1680 x 1200 ( 474mm x 302mm ) *65 Current rotation - normal Current reflection - none Rotations possible - normal Reflections possible - none Every modeline tried has failed except the one I'm using actually, made with EDID info, wich is operating at 1680x1200. I tried on linux, it worked out of the box. I still need to check the content of Xorg.0.log on linux to see if it differs. -- Linux is for Windows(c) haters while BSD is for UNIX lovers. http://teardrop.free.fr/
vi keys in mg
mg is a fine little editor, but it just seems so emacs-centric. This little diff fixes that. Please test and get back to me. Maybe *now* we'll get some users. -kj Index: Makefile === RCS file: /cvs/src/usr.bin/mg/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- Makefile16 Dec 2006 17:00:03 - 1.19 +++ Makefile1 Apr 2007 18:33:37 - @@ -13,14 +13,15 @@ # XKEYS and bsmap mode do _not_ get along. # REGEX -- create regular expression functions # -CFLAGS+=-Wall -DXKEYS -DFKEYS -DREGEX +# VI -- the one true way +CFLAGS+=-Wall -DXKEYS -DFKEYS -DREGEX -DVI SRCS= cinfo.c fileio.c spawn.c ttyio.c tty.c ttykbd.c \ basic.c dir.c dired.c file.c line.c match.c paragraph.c \ random.c region.c search.c version.c window.c word.c \ buffer.c display.c echo.c extend.c help.c kbd.c keymap.c \ macro.c main.c modes.c re_search.c funmap.c undo.c autoexec.c \ - yank.c + yank.c vi.c # # More or less standalone extensions. Index: basic.c === RCS file: /cvs/src/usr.bin/mg/basic.c,v retrieving revision 1.28 diff -u -r1.28 basic.c --- basic.c 20 Dec 2006 21:21:09 - 1.28 +++ basic.c 1 Apr 2007 18:33:37 - @@ -64,6 +64,10 @@ int gotoeol(int f, int n) { + while (n 1) { + forwline(FFRAND, 1); + n--; + } curwp-w_doto = llength(curwp-w_dotp); return (TRUE); } Index: def.h === RCS file: /cvs/src/usr.bin/mg/def.h,v retrieving revision 1.99 diff -u -r1.99 def.h --- def.h 21 Feb 2007 23:33:12 - 1.99 +++ def.h 1 Apr 2007 18:33:37 - @@ -109,6 +109,17 @@ #define KBACK 2 /* + * Search codes + */ +#define SRCH_BEGIN (0) +#define SRCH_FORW (-1) +#define SRCH_BACK (-2) +#define SRCH_NOPR (-3) +#define SRCH_ACCM (-4) +#define SRCH_MARK (-5) + + +/* * This structure holds the starting position * (as a line/offset pair) and the number of characters in a * region of a buffer. This makes passing the specification @@ -272,7 +283,10 @@ #endif #define BFOVERWRITE 0x08 /* overwrite mode*/ #define BFREADONLY 0x10 /* read only mode*/ - +#ifdef VI +#define BFVICMD0x20/* VI command mode */ +#define BFVIINS0x40/* VI insert mode */ +#endif /* * This structure holds information about recent actions for the Undo command. */ @@ -573,6 +587,7 @@ #endif /* !NO_MACRO */ /* modes.c X */ +int changemode(int, int, char *); int indentmode(int, int); int fillmode(int, int); int blinkparen(int, int); Index: extend.c === RCS file: /cvs/src/usr.bin/mg/extend.c,v retrieving revision 1.50 diff -u -r1.50 extend.c --- extend.c30 Dec 2006 14:11:06 - 1.50 +++ extend.c1 Apr 2007 18:33:38 - @@ -555,11 +555,16 @@ { PF funct; char xname[NXNAME], *bufp; + char*pref = M-x ; +#ifdef VI + if (curbp-b_flag BFVICMD) + pref = :; +#endif if (!(f FFARG)) - bufp = eread(M-x , xname, NXNAME, EFNEW | EFFUNC); + bufp = eread(%s, xname, NXNAME, EFNEW | EFFUNC, pref); else - bufp = eread(%d M-x , xname, NXNAME, EFNEW | EFFUNC, n); + bufp = eread(%d %s, xname, NXNAME, EFNEW | EFFUNC, n, pref); if (bufp == NULL) return (ABORT); else if (bufp[0] == '\0') Index: main.c === RCS file: /cvs/src/usr.bin/mg/main.c,v retrieving revision 1.56 diff -u -r1.56 main.c --- main.c 20 Feb 2007 04:39:45 - 1.56 +++ main.c 1 Apr 2007 18:33:38 - @@ -76,7 +76,11 @@ extern void theo_init(void); extern void mail_init(void); extern void dired_init(void); +#ifdef VI + extern void vi_init(void); + vi_init(); +#endif dired_init(); grep_init(); theo_init(); Index: modes.c === RCS file: /cvs/src/usr.bin/mg/modes.c,v retrieving revision 1.16 diff -u -r1.16 modes.c --- modes.c 13 Dec 2005 07:20:13 - 1.16 +++ modes.c 1 Apr 2007 18:33:38 - @@ -11,13 +11,13 @@ #include def.h #include kbd.h -static int changemode(int, int, char *); +intchangemode(int, int, char *); int defb_nmodes = 0; struct maps_s *defb_modes[PBMODES] = { fundamental_mode }; int defb_flag = 0; -static int +int
Re: vi keys in mg
Why don't you guys just use vi like real men? :-) On Sun, Apr 01, 2007 at 12:58:38PM -0600, Kjell Wooding wrote: mg is a fine little editor, but it just seems so emacs-centric. This little diff fixes that. Please test and get back to me. Maybe *now* we'll get some users. -kj Index: Makefile === RCS file: /cvs/src/usr.bin/mg/Makefile,v retrieving revision 1.19 diff -u -r1.19 Makefile --- Makefile 16 Dec 2006 17:00:03 - 1.19 +++ Makefile 1 Apr 2007 18:33:37 - @@ -13,14 +13,15 @@ #XKEYS and bsmap mode do _not_ get along. #REGEX -- create regular expression functions # -CFLAGS+=-Wall -DXKEYS -DFKEYS -DREGEX +#VI -- the one true way +CFLAGS+=-Wall -DXKEYS -DFKEYS -DREGEX -DVI SRCS=cinfo.c fileio.c spawn.c ttyio.c tty.c ttykbd.c \ basic.c dir.c dired.c file.c line.c match.c paragraph.c \ random.c region.c search.c version.c window.c word.c \ buffer.c display.c echo.c extend.c help.c kbd.c keymap.c \ macro.c main.c modes.c re_search.c funmap.c undo.c autoexec.c \ - yank.c + yank.c vi.c # # More or less standalone extensions. Index: basic.c === RCS file: /cvs/src/usr.bin/mg/basic.c,v retrieving revision 1.28 diff -u -r1.28 basic.c --- basic.c 20 Dec 2006 21:21:09 - 1.28 +++ basic.c 1 Apr 2007 18:33:37 - @@ -64,6 +64,10 @@ int gotoeol(int f, int n) { + while (n 1) { + forwline(FFRAND, 1); + n--; + } curwp-w_doto = llength(curwp-w_dotp); return (TRUE); } Index: def.h === RCS file: /cvs/src/usr.bin/mg/def.h,v retrieving revision 1.99 diff -u -r1.99 def.h --- def.h 21 Feb 2007 23:33:12 - 1.99 +++ def.h 1 Apr 2007 18:33:37 - @@ -109,6 +109,17 @@ #define KBACK2 /* + * Search codes + */ +#define SRCH_BEGIN (0) +#define SRCH_FORW(-1) +#define SRCH_BACK(-2) +#define SRCH_NOPR(-3) +#define SRCH_ACCM(-4) +#define SRCH_MARK(-5) + + +/* * This structure holds the starting position * (as a line/offset pair) and the number of characters in a * region of a buffer. This makes passing the specification @@ -272,7 +283,10 @@ #endif #define BFOVERWRITE 0x08 /* overwrite mode*/ #define BFREADONLY 0x10 /* read only mode*/ - +#ifdef VI +#define BFVICMD 0x20/* VI command mode */ +#define BFVIINS 0x40/* VI insert mode */ +#endif /* * This structure holds information about recent actions for the Undo command. */ @@ -573,6 +587,7 @@ #endif /* !NO_MACRO */ /* modes.c X */ +int changemode(int, int, char *); int indentmode(int, int); int fillmode(int, int); int blinkparen(int, int); Index: extend.c === RCS file: /cvs/src/usr.bin/mg/extend.c,v retrieving revision 1.50 diff -u -r1.50 extend.c --- extend.c 30 Dec 2006 14:11:06 - 1.50 +++ extend.c 1 Apr 2007 18:33:38 - @@ -555,11 +555,16 @@ { PF funct; char xname[NXNAME], *bufp; + char*pref = M-x ; +#ifdef VI + if (curbp-b_flag BFVICMD) + pref = :; +#endif if (!(f FFARG)) - bufp = eread(M-x , xname, NXNAME, EFNEW | EFFUNC); + bufp = eread(%s, xname, NXNAME, EFNEW | EFFUNC, pref); else - bufp = eread(%d M-x , xname, NXNAME, EFNEW | EFFUNC, n); + bufp = eread(%d %s, xname, NXNAME, EFNEW | EFFUNC, n, pref); if (bufp == NULL) return (ABORT); else if (bufp[0] == '\0') Index: main.c === RCS file: /cvs/src/usr.bin/mg/main.c,v retrieving revision 1.56 diff -u -r1.56 main.c --- main.c20 Feb 2007 04:39:45 - 1.56 +++ main.c1 Apr 2007 18:33:38 - @@ -76,7 +76,11 @@ extern void theo_init(void); extern void mail_init(void); extern void dired_init(void); +#ifdef VI + extern void vi_init(void); + vi_init(); +#endif dired_init(); grep_init(); theo_init(); Index: modes.c === RCS file: /cvs/src/usr.bin/mg/modes.c,v retrieving revision 1.16 diff -u -r1.16 modes.c --- modes.c 13 Dec 2005 07:20:13 - 1.16 +++ modes.c 1 Apr 2007 18:33:38 - @@ -11,13 +11,13 @@ #include def.h #include kbd.h -static int changemode(int, int, char *); +int
Re: vi keys in mg
Why don't you guys just use vi like real men? Real men use ed, you misguided fool. Grumpy
Re: vi keys in mg
Marco Peereboom [EMAIL PROTECTED] writes: Why don't you guys just use vi like real men? :-) $ ls -l /usr/bin/{vi,mg} -r-xr-xr-x 1 root bin 105508 Mar 14 16:46 /usr/bin/mg -r-xr-xr-x 3 root bin 277820 Mar 14 16:46 /usr/bin/vi //art
Re: vi keys in mg
On Sunday 01 April 2007 22:12:33 Marco Peereboom wrote: Why don't you guys just use vi like real men? its all about the quotes! felix
Re: vi keys in mg
On 4/1/07, Kjell Wooding [EMAIL PROTECTED] wrote: mg is a fine little editor, but it just seems so emacs-centric. This little diff fixes that. Please test and get back to me. Maybe *now* we'll get some users. -kj The reason I use mg is *for* the emacs-keys, and that backspace at the start of a line actually joins the lines. -Nick
possible cracking attempt
I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html [Sat Mar 31 07:40:20 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/thisdoesnotexistahaha.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cmd.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/Cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cmd.php [Sat Mar 31 07:40:23 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/stats/cmd.php [Sun Apr 1 00:11:32 2007] [error] [client 212.31.237.145] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) From /var/www/logs/access_log: 211.100.33.61 - - [31/Mar/2007:07:35:07 -0500] GET http://check.70.94.14.65.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1 404 219 - - 195.242.236.131 - - [31/Mar/2007:07:40:20 -0500] GET /thisdoesnotexistahaha.php HTTP/1.1 404 231 - Mozilla/4.0 (compatible; MSIE 6.0; Win dows 98) 195.242.236.131 - - [31/Mar/2007:07:40:21 -0500] GET /cmd.php HTTP/1.1 404 213 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:21 -0500] GET /Cacti/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /cacti/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /portal/cacti/cmd.php HTTP/1.1 404 226 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /portal/cmd.php HTTP/1.1 404 220 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:23 -0500] GET /stats/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 212.31.237.145 - - [01/Apr/2007:00:11:32 -0500] GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1 400 335 - - Relevant sections from /var/log/pflog: Mar 31 07:35:05.505194 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: S 948480759:948480759(0) win 5840 mss 1460 (DF) Mar 31 07:35:06.012233 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: S 948885882:948885882(0) win 5840 mss 1460 (DF) Mar 31 07:35:06.510805 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: F 1995884956:1995884956(0) ack 3143126464 win 5840 (DF) Mar 31 07:35:06.510826 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: . ack 3247563101 win 17520 (DF) Mar 31 07:35:06.510869 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: F 2034632638:2034632638(0) ack 3247563101 win 17520 (DF) Mar 31 07:35:07.007274 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: P 313976237:313976414(177) ack 2599760395 win 5840 (DF) Mar 31 07:35:07.007551 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.19843: P 1628794193:1628794608(415) ack 634909823 win 17520 (DF) Mar 31 07:35:07.011766 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: . ack 2 win 5840 (DF) Mar 31 07:35:07.012564 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: . ack 2 win 5840 (DF) Mar 31 07:35:07.012577 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: R 882791806:882791806(0) win 0 (DF) Mar 31 07:35:07.530603 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: . ack 416 win 6432 (DF) Mar 31 07:35:07.531301 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: F 177:177(0) ack 416 win 6432 (DF) Mar 31 07:35:07.531314 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.19843: . ack 634909824 win 17520 (DF) Mar 31 07:35:07.531349 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.19843: F 1628794608:1628794608(0) ack 634909824 win 17520 (DF) Mar 31 07:35:08.026078 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: . ack 417 win 6432 (DF) Mar 31 07:40:20.734863 rule 7/(match) pass in on sk0: 195.242.236.131.50589 192.168.1.200.80: S 659790987:659790987(0) win 5840 mss 1460,sackOK,timestamp 136657612[|tcp] (DF) Mar 31 07:40:20.997669 rule 7/(match) pass in on sk0: 195.242.236.131.50589 192.168.1.200.80: P 2993725956:2993726166(210) ack 3385222108 win 5840 (DF) Mar 31 07:40:20.997846 rule 7/(match) pass out on sk0:
Re: possible cracking attempt
On 4/1/07, Sean Malloy [EMAIL PROTECTED] wrote: I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. u From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html [Sat Mar 31 07:40:20 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/thisdoesnotexistahaha.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cmd.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/Cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cmd.php [Sat Mar 31 07:40:23 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/stats/cmd.php [Sun Apr 1 00:11:32 2007] [error] [client 212.31.237.145] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) From /var/www/logs/access_log: 211.100.33.61 - - [31/Mar/2007:07:35:07 -0500] GET http://check.70.94.14.65.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1 404 219 - - 195.242.236.131 - - [31/Mar/2007:07:40:20 -0500] GET /thisdoesnotexistahaha.php HTTP/1.1 404 231 - Mozilla/4.0 (compatible; MSIE 6.0; Win dows 98) I have not noticed any weirdness in any other logs files. What can I do to stop this from happening? Thanks in advance. You fundamentally can't stop it, based on the HTTP model. You could throw in some hacks like searching for suspiciousness like this and adding blocks to those addresses, but that's generally a bad idea because of all the endusers on DHCP. Just ignore it. So long as your system is actually secure you have nothing to worry about (except DDoS but there's no way to prevent that either). -Nick
Re: possible cracking attempt
On Sun, Apr 01, 2007 at 04:23:07PM -0500, Sean Malloy wrote: I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html [Sat Mar 31 07:40:20 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/thisdoesnotexistahaha.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cmd.php [Sat Mar 31 07:40:21 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/Cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cacti/cmd.php [Sat Mar 31 07:40:22 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/portal/cmd.php [Sat Mar 31 07:40:23 2007] [error] [client 195.242.236.131] File does not exist: /htdocs/stats/cmd.php [Sun Apr 1 00:11:32 2007] [error] [client 212.31.237.145] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) Yes, that's a scan. Nothing to worry about. From /var/www/logs/access_log: 211.100.33.61 - - [31/Mar/2007:07:35:07 -0500] GET http://check.70.94.14.65.v.80.pdx8.super.proxy.scanner.ii.9966.org/Provy_OK.html HTTP/1.1 404 219 - - 195.242.236.131 - - [31/Mar/2007:07:40:20 -0500] GET /thisdoesnotexistahaha.php HTTP/1.1 404 231 - Mozilla/4.0 (compatible; MSIE 6.0; Win dows 98) 195.242.236.131 - - [31/Mar/2007:07:40:21 -0500] GET /cmd.php HTTP/1.1 404 213 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:21 -0500] GET /Cacti/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /cacti/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /portal/cacti/cmd.php HTTP/1.1 404 226 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:22 -0500] GET /portal/cmd.php HTTP/1.1 404 220 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 195.242.236.131 - - [31/Mar/2007:07:40:23 -0500] GET /stats/cmd.php HTTP/1.1 404 219 - Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) 212.31.237.145 - - [01/Apr/2007:00:11:32 -0500] GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1 400 335 - - Relevant sections from /var/log/pflog: Mar 31 07:35:05.505194 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: S 948480759:948480759(0) win 5840 mss 1460 (DF) Mar 31 07:35:06.012233 rule 7/(match) pass in on sk0: 211.100.33.61.19843 192.168.1.200.80: S 948885882:948885882(0) win 5840 mss 1460 (DF) Mar 31 07:35:06.510805 rule 7/(match) pass in on sk0: 211.100.33.61.18484 192.168.1.200.80: F 1995884956:1995884956(0) ack 3143126464 win 5840 (DF) Mar 31 07:35:06.510826 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: . ack 3247563101 win 17520 (DF) Mar 31 07:35:06.510869 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: F 2034632638:2034632638(0) ack 3247563101 win 17520 (DF) You should figure out what this means; your web server, presumably, is blocked by pf. That means that the web server is doing something you didn't think it should when writing the rules. What is that? (Hard to say without access to pf.conf...) I have not noticed any weirdness in any other logs files. What can I do to stop this from happening? Thanks in advance. Not much, it's just background noise. Keep patched, and ignore it. Joachim -- TFMotD: fflagstostr, strtofflags (3) - convert between file flag bits and their string names
Re: vi keys in mg
Grumpy wrote: Why don't you guys just use vi like real men? Real men use ed, you misguided fool. real men don't use a text editor. they have a secretary to do the dirty work.
Re: possible cracking attempt
On 2007/04/01 23:51, Joachim Schipper wrote: Mar 31 07:35:06.510869 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: F 2034632638:2034632638(0) ack 3247563101 win 17520 (DF) You should figure out what this means; your web server, presumably, is blocked by pf. huh? it says PASS.
Re: vi keys in mg
On 01 Apr 2007 22:24:23 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: Marco Peereboom [EMAIL PROTECTED] writes: Why don't you guys just use vi like real men? :-) $ ls -l /usr/bin/{vi,mg} -r-xr-xr-x 1 root bin 105508 Mar 14 16:46 /usr/bin/mg -r-xr-xr-x 3 root bin 277820 Mar 14 16:46 /usr/bin/vi oh come on yo! this is not about quantity, really ;-) being a vi maniac, now i have at least a reason to have that 105k binary around :-) Kjell, may be mg's gonna be even better vi than vi itself? :-)
where to download IOBSD iso?
Well, I'm surprised nobody has mentioned here this year's joke (or have I missed those posts?). Only two drivers written, in the last two months! rocks, but I'm especially amazed that you guys have really paid for the iobsd.org domain name just to crack a joke on April fool's day :). I just wanted to be this year's fool of the day, thanks :). (Where I live it's April 2nd now, so officially I'm not a fool.)
Re: vi keys in mg
On Mon, Apr 02, 2007 at 01:42:38AM +0300, Denis Doroshenko wrote: Kjell, may be mg's gonna be even better vi than vi itself? :-) Of course it will. It has an emacs mode. ;) -kj
Re: where to download IOBSD iso?
On Mon, Apr 02, 2007 at 01:44:02AM +0300, Soner Tari wrote: I'm especially amazed that you guys have really paid for the iobsd.org domain name just to crack a joke on April fool's day :). To quell this discussion before it starts, the OpenBSD team did not pay for the domain. An individual (jdixon) did. So, no trolling about mis-spending OpenBSD funds ('cause that would be stupid). -ME
Re: possible cracking attempt
On Sun, Apr 01, 2007 at 11:29:46PM +0100, Stuart Henderson wrote: On 2007/04/01 23:51, Joachim Schipper wrote: Mar 31 07:35:06.510869 rule 7/(match) pass out on sk0: 192.168.1.200.80 211.100.33.61.18484: F 2034632638:2034632638(0) ack 3247563101 win 17520 (DF) You should figure out what this means; your web server, presumably, is blocked by pf. huh? it says PASS. Woopsie... it does, of course. Sorry! Please ignore that part. Joachim -- PotD: x11/gnome/icon-theme - the base GNOME icon theme
Re: possible cracking attempt
Hello, Nick ! wrote: On 4/1/07, Sean Malloy [EMAIL PROTECTED] wrote: I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. u From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html [ skipped ] I have not noticed any weirdness in any other logs files. What can I do to stop this from happening? Thanks in advance. You fundamentally can't stop it, based on the HTTP model. You could throw in some hacks like searching for suspiciousness like this and adding blocks to those addresses, but that's generally a bad idea because of all the endusers on DHCP. Just ignore it. So long as your system is actually secure you have nothing to worry about (except DDoS but there's no way to prevent that either). -Nick I used to have my logs scanned for these entries, and report them to the authorities responsible for source IP addresses. Most of them would go to SBC or Comcast, but some would go to small networks who do like knowing that their systems are infected or are used for hacking. -- Pawel.
Re: possible cracking attempt
On 4/1/07, Pawel S. Veselov [EMAIL PROTECTED] wrote: On 4/1/07, Sean Malloy [EMAIL PROTECTED] wrote: I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. u From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html I used to have my logs scanned for these entries, and report them to the authorities responsible for source IP addresses. Most of them would go to SBC or Comcast, but some would go to small networks who do like knowing that their systems are infected or are used for hacking. How? How could you automate ID'ing these? If you used some sort of heuristic method you risk blacklisting innocent users. Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. -Nick
Re: possible cracking attempt
Nick ! wrote: On 4/1/07, Pawel S. Veselov [EMAIL PROTECTED] wrote: On 4/1/07, Sean Malloy [EMAIL PROTECTED] wrote: I just installed OpenBSD on my server in early March 2007. I am running an Apache web server out of my house. I am tracking 4.0 STABLE which I updated the day after the latest security advisory. I recently noticed some peculiar entries in my Apache error and access logs. u From /var/www/logs/error_log: [Sat Mar 31 07:35:07 2007] [error] [client 211.100.33.61] File does not exist: /htdocs/Provy_OK.html I used to have my logs scanned for these entries, and report them to the authorities responsible for source IP addresses. Most of them would go to SBC or Comcast, but some would go to small networks who do like knowing that their systems are infected or are used for hacking. How? How could you automate ID'ing these? If you used some sort of heuristic method you risk blacklisting innocent users. I wasn't blacklisting myself, only reporting to what supposedly was an authority. I was using RIPE and whois.abuse.org, until it became too cumbersome to figure out what is the email address complains should be sent to. Just looking over what I had then, I now stumbled on this article: http://www.ripe.net/db/news/abuse-proposal-20050331.html which supposedly should help finding the abuse email address easier, though I failed to find an email for my own ip :) Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. and it probably wouldn't be paid much attention to until it becomes a regular activity with enough complaints. However, I don't believe that large providers pay any real attention at all, due to the sheer volume of the complaints they receive. -- Pawel.
Re: possible cracking attempt
Nick ! [EMAIL PROTECTED] writes: Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. Why not? Beat them up when they are young and maybe they'll learn to behave. You can't teach an old dog new tricks, so you have to catch him when he's still young. //art
Re: possible cracking attempt
On 02 Apr 2007 03:16:20 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: Nick ! [EMAIL PROTECTED] writes: Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. Why not? Beat them up when they are young and maybe they'll learn to behave. You can't teach an old dog new tricks, so you have to catch him when he's still young. Oh well that's no fun. If you do that you just turn him (or her, in rare lucky cases) into a burned out, angry and paranoid shell. There's no creativity in that. And you can't protect yourself from a cracker unless you can think like a cracker etc, etc, other practicality-based arguments, etc. But mostly that it's no fun. -Nick p.s. By the way, I love your rant.html
Re: [OT] Re: Long WEP key
Joachim Schipper wrote: All in all, I might choose OpenVPN if it involved end users (lots of NAT, Windows, and other crappy stuff), OpenVPN isn't exactly awesome on Windows. --- Lars Hansson
Re: Long WEP key
mail-lists wrote: This would be great. However, I've yet to find an IPsec client that's 'easy' to set up.. ie. an end user can do it. Perhaps you know of a good way to solve this issue? I'd love to hear it! TheGreenbow. --- Lars Hansson
Re: possible cracking attempt
Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. Why not? Beat them up when they are young and maybe they'll learn to behave. You can't teach an old dog new tricks, so you have to catch him when he's still young. Oh well that's no fun. If you do that you just turn him (or her, in rare lucky cases) into a burned out, angry and paranoid shell. Sure, but people with Walmart jobs are a whole lot less dangerous...
Re: possible cracking attempt
Nick ! [EMAIL PROTECTED] writes: On 02 Apr 2007 03:16:20 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: Nick ! [EMAIL PROTECTED] writes: Anyway, /htdocs/thisdoesnotexistahaha.php and '/w00tw00t.at.ISC.SANS.DFind:) show that it's just some kid learning the ropes. I wouldn't want to report him. Why not? Beat them up when they are young and maybe they'll learn to behave. You can't teach an old dog new tricks, so you have to catch him when he's still young. Oh well that's no fun. If you do that you just turn him (or her, in rare lucky cases) into a burned out, angry and paranoid shell. There's no creativity in that. And you can't protect yourself from a cracker unless you can think like a cracker etc, etc, other practicality-based arguments, etc. But mostly that it's no fun. Actually, it is quite a lot of fun. At work we've dealt with numerous wannabe crackers by simply calling their mom. And in cases where it didn't work, by having our lawyer call them and their mom. Watching a kid that tried to hurt you pee his pants is very amusing. //art
Re: possible cracking attempt
Theo de Raadt wrote: Sure, but people with Walmart jobs are a whole lot less dangerous... talk about vendor lock-in! http://reclaimdemocracy.org/walmart/workers_locked_in.html