Re: wi0 (pcmcia0): system freeze after pulling card out

[vladas]

On 7/25/07, jkv wrote:

On Jul 25, 2007, at 12:13 , vladas wrote:



A while ago i had the same problem(kinda), the solution was to
issue a 'ifconfig wi0 down' before changing the card's configuration,
if i remember correctly i had to do the same before i pulled the card
out.


jkv,

Thank you, it helped.



On 7/25/07, Travers Buda wrote:

Travers,


Yeah this sort of thing happens a lot with that carbus, pcmcia
stuff.  Not much you can do about it.  I'd suspect that your card
is actually talking straight to the PCI bus or something along those
lines...  so yanking it would be like yanking any other PCI card...


Sorry I did not mention in the first place:
hw.vendor=FUJITSU
hw.product=FMVCE8905

Thank you for the explanation.


vladas

Re: wireless trouble (prism3 mini-pci)

[Ben Cornett]

Thanks for the suggestion!  Unfortunately, when I do this the boot
process hangs.  The last few lines shown are

acpi0 at mainbus0: rev0
acpi0: tables DSDT FACP BOOT SSDT SSDT
acpitimer at acpi0 not configured

Regards,

Ben


On 7/24/07, Jonathan Gray [EMAIL PROTECTED] wrote:


I suspect your problem might be resolved by getting the
interrupt routing information out of acpi.

At the boot prompt try:

boot -c
enable acpi
quit

And see if that helps.

Re: Macbook on Openbsd

[Richard Storm]

* Built in keyboard/trackpad gets recognized only in amd64 acpi enabled

bsd.mp,

openbsd can be installed using external usb keyboard plugged in first USB

port.

So after installation it works.
amd64 or i386 doesn't make any difference...

On 7/25/07, Karl Sjvdahl - dunceor [EMAIL PROTECTED] wrote:

On 7/15/07, Richard Storm [EMAIL PROTECTED] wrote:
 The final:

 MacBook 13 Core2Duo

 *  OpenBSD 4.1-release partly works.
 * Integrated 82945GM works fine with the 1280x800 wide screen,
 after enabling the resolution using the x11/915resolution package by
 invoking it in /etc/securelevel like:
 /usr/local/sbin/915resolution 4d 1280 800 /dev/null
 * Sound (azalia) works only in -current kernel, but no recording anyway
 * Built in keyboard/trackpad gets recognized only in amd64 acpi enabled
bsd.mp,
 openbsd can be installed using external usb keyboard plugged in first USB
port
 * no APM support (no batery status, halt -p, no suspend).
 * The onboard GigaBit NIC (msk) works fine.
 * Wireless doesn't work (vendor Atheros, unknown product 0x0024).
 * Enhanced SpeedStep works in -current (sysctl hw.setperf).
 * hw.sensors.cpu0.temp0 works in -current.
 * Infrared/bluetooth doesn't work.
 http://stormrichard.bravehost.com/macbook/dmesg_amd64_aci_mp.txt
 http://stormrichard.bravehost.com/macbook/xorg.conf



I'm going to buy a macbook today so I checked out what people say.
There are two post, one says to use adm64 and ones says to use i386
(or at least they have used that them self).

Does the keyboard/trackpad work in i386 or is it no working in both
i386/amd64.

Why would any one use amd64 since it's not even a amd? Is it because
it's a 64bit? Do both amd64 and i386/64bit share so much?

I'm being hold a bit back when it says I can't even use the keyboard
on it on OpenBSD, that really sucks.

Anybody that got some new information, maybe tried -current?

Thanks

BR
dunceor

Re: Hmm...

[Pete Vickers]

Plenty on Ebay. If Josh's is not V2, then we can try  round up  
enough $$$ to grab one.

http://search.ebay.com/search/search.dll?_trksid=m37satitle=WIC-1DSU- 
T1-V2


/Pete



On 25 Jul 2007, at 12:26 AM, Steve Fairhead wrote:

 To upgrade to a newer network setup, we kind of need a particular  
 piece
 of equipment:

 Cisco T1 DSU/CSU WAN Interface Card (WIC-1DSU-T1-V2)

 http://www.cisco.com/en/US/products/hw/routers/ps221/ 
 products_data_sheet0918
 6a00801a9184.html

 It has to be the V2 model.

 If someone can get one to me, that would be great.
 

 I'm happy to put e.g. $50 towards it, if money can get you one.

 Steve
 http://www.fivetrees.com

Re: Hmm...

[Karl Sjödahl - dunceor]

On 7/25/07, Pete Vickers [EMAIL PROTECTED] wrote:

Plenty on Ebay. If Josh's is not V2, then we can try  round up
enough $$$ to grab one.

http://search.ebay.com/search/search.dll?_trksid=m37satitle=WIC-1DSU-
T1-V2


/Pete



On 25 Jul 2007, at 12:26 AM, Steve Fairhead wrote:

 To upgrade to a newer network setup, we kind of need a particular
 piece
 of equipment:

 Cisco T1 DSU/CSU WAN Interface Card (WIC-1DSU-T1-V2)

 http://www.cisco.com/en/US/products/hw/routers/ps221/
 products_data_sheet0918
 6a00801a9184.html

 It has to be the V2 model.

 If someone can get one to me, that would be great.
 

 I'm happy to put e.g. $50 towards it, if money can get you one.

 Steve
 http://www.fivetrees.com




Somebody wrote on undeadly that they had arranged for Theo to get one
so this shouldn't be any problem.

Theo anything you can confirm so people doesn't send you several of
these which money could go to other better stuff.

br
dunceor

Re: Can't find XF4 Folder

[Firas Kraiem]

Ramesh K Andey wrote:

Hi Guys

I am trying to install 004_xorg.patch  008_xorg.patch in BSD4.1 but can't
find the XF4 folder in the system.

Help Appreciated.

Thanks
And





Hi

The XF4 folder contains the source code for X. It is not present out of 
the box, you can get it either in a tarball from the FTP servers at 
ftp://ftp.openbsd.org/pub/OpenBSD/4.1/XF4.tar.gz or using AnonCVS, as 
explained at http://openbsd.org/anoncvs.html.


Firas

--
()  ascii ribbon campaign - against html e-mail
/\  www.asciiribbon.org   - against proprietary attachments

Re: Macbook on Openbsd

[Daniel A. Ramaley]

On Wednesday 25 July 2007 01:13, you wrote:
Why would any one use amd64 since it's not even a amd? Is it because
it's a 64bit? Do both amd64 and i386/64bit share so much?

My understanding (and i'm sure someone else will correct me if i'm 
wrong) is that AMD extended their processors with 64-bit instructions. 
This was after Intel released the Itanium, with its own set of 64-bit 
instructions. But for various reasons the Itanium was not a commercial 
success on the desktop market and eventually Intel adopted a slightly 
modified version of AMD's 64-bit instruction set for its desktop chips. 
AMD calls the architecture of its 64-bit chips AMD64 while Intel 
calls it Intel 64. Sometimes both are referred to as x86_64. Since 
AMD and Intel's implementation are very similar, it is possible (and 
very common) for a compiler to generate code that runs on both. Most 
operating systems that run on one run on both, though right now it 
seems most typical to label the architecture as amd64 regardless of 
whether it is running on an AMD or an Intel chip.


Dan RamaleyDial Center 118, Drake University
Network Programmer/Analyst 2407 Carpenter Ave
+1 515 271-4540Des Moines IA 50311 USA

Re: About encryption

[Juan Miscaro]

--- Brian Hansen [EMAIL PROTECTED] wrote:

 Hi
 
 I have no prior experience in encryption but wants to figure out how
 to - as
 safe as possible - encrypt some files on my computer. I have been
 looking at
 both GNUPG and Mcrypt. I am not interested in the KEY part of GNUPG
 but only
 encrypting files.

With GnuPG, if you don't want to use keys (assymetric encryption) then
you can use a simple password (symmetric encryption) to encrypt/decrypt
individual files.

To encrypt file doc.txt:

$ gpg --output doc.gpg --symmetric doc.txt

To decrypt file doc.gpg:

$ gpg --output doc.txt --decrypt doc.gpg

No hills or penguins in sight.


  Be smarter than spam. See how smart SpamGuard is at giving junk email the 
boot with the All-new Yahoo! Mail at http://mrd.mail.yahoo.com/try_beta?.intl=ca

Remote Printing Using CUPS

[João Salvatti]

Hi all,

I've already searched on the Internet and also some OpenBSD FAQ
documentation but I could not find anything that could help me. I'd
like to know if CUPS that is packed for OpenBSD has the Windows
Printer through Samba option, that could allow remote printing on
Windows machines. I've already both CUPS and Samba installed, but the
only options I have are:

* AppSocket/HP JetDirect
* Internet Printing Protocol (http)
* Internet Printing Protocol (ipp)
* LDP/LPR Host or Printer
* USB Printer #1
* USB Printer #2

Thanks in advance

Re: About encryption

[J.C. Roberts]

On Tuesday 24 July 2007, Brian Hansen wrote:
 uh, if you expect to work with encryption at all, get used to the
  ideas of KEY and PASSPHRASE. search for and read a tutorial on
  encryption and FYI the hand-holding linux folks live somewhere yon,
  past them hills.

 I am not interested in the idea of having to keep some private key
 safe. At this
 moment I am just looking for the solution provided by Mcrypt, but I
 am not able
 to determine if GNUpg is a better choise regarding safety.


You already have all the tools you need for simple password based 
encryption of files.

To Encrypt:
$ openssl enc -des3 -in filename -out filename.des3

To Decrypt:
$ openssl enc -des3 -d -in filename.des3 -out filename 

Just make sure you remember your password and the cipher you used (des3 
in the above example, and hence the unnecessarily descriptive 
extension .des3 I used on the encrypted file name). 

These days most would prefer AES or BlowFish over 3DES.
All (common sense) rules for password length/entropy still apply and 
yes, some (possibly most) consider keys far stronger.

See man 8 openssl for more details. Also see the -P switch in man 
rm(1) for deletion of the original, unencrypted file.

Lastly, I'm not crypto expert, so do your own research and hope that if 
I'm wrong in the above, someone around here will be kind enough to beat 
me with a clue stick.

kind regards,
JCR

Re: Macbook on Openbsd

[Joerg Zinke]

On Wed, 25 Jul 2007 08:13:41 +0200
Karl Sjvdahl - dunceor [EMAIL PROTECTED] wrote:

 On 7/15/07, Richard Storm [EMAIL PROTECTED] wrote:
  The final:
 
  MacBook 13 Core2Duo
 
  *  OpenBSD 4.1-release partly works.
  * Integrated 82945GM works fine with the 1280x800 wide screen,
  after enabling the resolution using the x11/915resolution package by
  invoking it in /etc/securelevel like:
  /usr/local/sbin/915resolution 4d 1280 800 /dev/null
  * Sound (azalia) works only in -current kernel, but no recording
  anyway
  * Built in keyboard/trackpad gets recognized only in amd64 acpi
  enabled bsd.mp, openbsd can be installed using external usb
  keyboard plugged in first USB port
  * no APM support (no batery status, halt -p, no suspend).
  * The onboard GigaBit NIC (msk) works fine.
  * Wireless doesn't work (vendor Atheros, unknown product 0x0024).
  * Enhanced SpeedStep works in -current (sysctl hw.setperf).
  * hw.sensors.cpu0.temp0 works in -current.
  * Infrared/bluetooth doesn't work.
  http://stormrichard.bravehost.com/macbook/dmesg_amd64_aci_mp.txt
  http://stormrichard.bravehost.com/macbook/xorg.conf
 
 

 I'm going to buy a macbook today so I checked out what people say.
 There are two post, one says to use adm64 and ones says to use i386
 (or at least they have used that them self).

 Does the keyboard/trackpad work in i386 or is it no working in both
 i386/amd64.

my keyboard/trackpad works fine with enabled acpi 4.1-stable i386 on an
older macbook core duo (not pro and not core 2 duo)

https://www.umaxx.net/src/dmesg.txt

keyboard on boot loader prompt is not working, not even with an
external usb keyboard.

--
https://www.umaxx.net

A: Because it messes up the order in which people read text.
Q: Why does top-posting make it difficult?
A: Top-posting.
Q: What is something that makes email communication difficult?

Re: Hmm...

[Theo de Raadt]

 Somebody wrote on undeadly that they had arranged for Theo to get one
 so this shouldn't be any problem.
 
 Theo anything you can confirm so people doesn't send you several of
 these which money could go to other better stuff.

I can confirm there's a card on the way.  Thanks guys.

bind 9 cache poisoning

[Richard Storm]

Quick question.
Is openbsd bind vulnerable to attacks on binds PRNG described here:
http://www.securiteam.com/securitynews/5VP0L0UM0A.html
???

Re: bind 9 cache poisoning

[Allen]

Richard Storm wrote:

Is openbsd bind vulnerable to attacks on binds PRNG described here:
http://www.securiteam.com/securitynews/5VP0L0UM0A.html


A glance at the README.OpenBSD file for 4.1 in /usr/src/usr.sbin/bind
shows (among other things):

- add LCG (Linear Congruential Generator) implementation to libisc
- use LCG instead of LFSR for ID generation until LFSR is proven reliable
- strlcpy/strlcat/snprintf fixes


Without digging into things deeper, it looks like this is unlikely to
be an issue since the OBSD version doesn't rely on LFSR.





--
http://www.memetrics.com -
Multivariate testing with Memetrics xOs.
Landing page optimization, design  consulting.

Re: Troubleshooting NFS/SFU

[Daniel Melameth]

On a whim I decided to change the transport protocol that the Client
for NFS uses and my problem has gone away.  By default TCP+UDP is
used, but if I set this to just UDP or TCP (via nfsadmin client), and
then restart the Client for NFS service, NFS largely works as
expected--with UDP apparently providing a bit higher throughput over
my WLAN.  I haven't tried changing nfsd's flags on the server side
instead, but this might work as well.

Why TCP+UDP works for FreeBSD is unknown to me, but I'm content now.
I guess it's one of those interoperability issues...

On 7/16/07, Daniel Melameth [EMAIL PROTECTED] wrote:

On 7/2/07, David Higgs [EMAIL PROTECTED] wrote:
 I followed Microsoft's instructions for SFU and found that it worked
 quite well if all I cared about was read-only access.  I didn't have
 any further success even after installing a bunch of SFU hotfixes
 (http://www.duh.org/interix/hotfixes.php).

 My troubleshooting seemed to indicate that the write requests were
 being denied somewhere inside the kernel, for reasons unknown.  I
 didn't have the time or interest to pursue it any further, so I went
 back to samba and let the thread die.

I have the exact same issue hereFreeBSD works fine, OpenBSD fails.
I'm new to NFS, so I'm not too clear on the best way to troubleshoot
this further, but if there's someone here who is good with NFS and
cares to resolve the issue on OpenBSD, I'd be happy to work with them.
 Details below:


Windows

C:\Users\Daniel\Documentsmount

LocalRemote Properties


-
--

Z:   \\openbsd\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=6.4
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no
Y:   \\freebsd\usr\home\daniel  UID=-2, GID=-2
   rsize=32768, wsize=32768
   mount=soft, timeout=0.8
   retry=1, locking=no
   fileaccess=644, lang=ANSI
   casesensitive=no


OpenBSD

$ cat /etc/exports
/home/daniel -mapall=daniel -network=192.168.255.224 -mask=255.255.255.224

$ ls -l /home
total 4
drwxr-xr-x  5 daniel  daniel  512 Jul 14 09:54 daniel


FreeBSD

$ cat /etc/exports
/usr/home/daniel -mapall=daniel -network=192.168.255.224

-mask=255.255.255.224


$ ls -l /usr/home
total 2
drwxr-xr-x  2 daniel  daniel  512 Jul 16 07:17 daniel

Alpha onboard PCI VGA console color issue.

[Sean Kennedy]

Hello 'alpha' / 'misc'

Alpha console color question.

I got a DS20E 833 uniprocessor Alpha with onboard PCI VGA
( vga0 at pci0 dev 7 function 0 3D Labs Oxygen GVX1 rev 0x01 )

Running 4.1-GENERIC and have seen this since oBSD 3.8 when I began running 
oBSD on the unit.

(nearly 2 years ago, wow!)

OK my question is:

Is there any one else running OpenBSD on an alpha in VGA console mode with 
wscons,
and have when in multi-user mode, the console running with a blue 
background?

The Blue background is present in all wscons displays.

From MacPPC, and i386, Kernel Messages show up with Blue Background 

highlighting, and the background is black with nominal grey test.
But on alpha, the background is always Blue, and may be triggered to black 
when running some utilities like vi.


However even with the black background, the blue returns. and other 
highlights (bold text) do not appear.


I would like to know in what direction I can look for the background color 
settings when wscons sets up the displays. There may be an update for the 
color palette that can be tested.


Any pointers would help.

-sean

_
Get More out of Messenger - Get a Windows Live Space 
http://spaces.live.com/?mkt=en-ca

Announcing: The OpenBSD Foundation

[Bob Beck]

The OpenBSD Foundation is pleased to announce today it has completed
its organization as a Canadian federal non-profit corporation and is
ready for public interaction.

The OpenBSD Foundation has been formed for the purpose of supporting
the OpenBSD project, and related projects such as OpenSSH, OpenBGPD,
OpenNTPD, and OpenCVS.

In particular it will act as a single point of contact for persons and
organizations requiring a legal entity to deal with when they wish to
support OpenBSD in any way.
  
The OpenBSD Foundation will initially concentrate on facilitating
larger donations of equipment, funds, documentation and
resources. Small scale donations should continue to be submitted
through the existing mechanisms.
  
The OpenBSD Foundation corporate charter, bylaws, and goals can be found at
http://www.openbsdfoundation.org. The foundation directors may be contacted
via email at [EMAIL PROTECTED]

Re: Nut Belkin UPS Problem

[Denny White]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Sun, Jul 22, 2007 at 11:06:44PM -0500, Denny White spake forth:
 I have an old Belkin F6C525-SER ups attached to serial port 1.
 When /usr/local/bin/upsdrvctl start runs, it finds  identifies
 the ups correctly. Also, no problem when /usr/local/sbin/upsd
 runs. But, when /usr/local/sbin/upsmon runs, I get:
 
 Broadcast Message from [EMAIL PROTECTED]
 ((not a tty)) at whatever time run . . .
 
 communications lost to the UPS
 
 Repeat 1st line (Broadcast etc)
 
 A UPS is unavailable (can't be contacted for monitoring)
 
 
 
 Below are all the pertinent uncommented settings in nuts config
 files.
 
 
 (snippet from /etc/nut/ups.conf)
 
 I've tried entering different labels here, including the actual
 identification of the ups, F6C525-SER along with anywhere else
 it's required to match. Didn't help. I assumed this was an
 arbitrary setting  only mattered in that it has to match in
 any other config files it's used in.
 
   [belkinups]
   driver = belkin
   port = /dev/tty00
   desc = bubbhasbox
 
 (snippet from /etc/nut/upsd.conf)
 
 ACL all 0.0.0.0/0
 ACL localhost 127.0.0.1
 
 ACCEPT localhost
 REJECT all
 
 # ==
 MAXAGE 15
 
 
 
 (snippet from /etc/nut/upsd.users)
 
   [dennyboy]
   password  =  
   allowfrom = localhost 
   actions = SET
   instcmds = ALL
   upsmon master
 #
 # The matching MONITOR line in your upsmon.conf would look like this:
 #
 # MONITOR [EMAIL PROTECTED] 1 monuser pass master (or slave)
 
 
 
 (snippet from /etc/nut/upsmon.conf)
 
 RUN_AS_USER nutmon# This user added as per docs
 
 MONITOR [EMAIL PROTECTED]:5678 1 dennyboy  master
 
 I've also tried this without a port after localhost. No difference.
 Still doesn't work. I may have misunderstood the docs, but there
 were instructions without a port being appended also.
 
 # --
 
 MINSUPPLIES 1
 
 # --
 
 SHUTDOWNCMD /sbin/shutdown -h -p +0
 
 # --
 
 NOTIFYCMD /usr/local/bin/notifyme.sh
 
 # --
 
 POLLFREQ 10
 
 # --
 
 POLLFREQALERT 10
 
 # --
 
 HOSTSYNC 15
 
 # --
 
 DEADTIME 30
 
 # --
 
 POWERDOWNFLAG /etc/killpower
 # Pertinent script added to /etc/rc.shutdown as per docs
 # --
 
 NOTE: I changed each instance of %s to belkinups just like the
 label in ups.conf
 
 #
 NOTIFYMSG NOCOMM A UPS is unavailable (can't be contacted for monitoring)
 NOTIFYMSG COMMOK Communications established with UPS
 NOTIFYMSG COMMBAD Communications lost to the UPS
 NOTIFYMSG ONLINE UPS belkinups is getting line power
 NOTIFYMSG ONBATT Someone pulled the plug on belkinups
 NOTIFYMSG LOWBATT UPS belkinups has a low battery
 NOTIFYMSG FSD UPS is being shutdown by the master
 #
 # Note that %s is replaced with the identifier of the UPS in question.
 
 # --
 
 RBWARNTIME 43200
 
 # --
 
 NOCOMMWARNTIME 300
 
 # --
 
 FINALDELAY 5
 
 
 Just wanted to say that I've read the docs  man pages numerous times
  searched extensively through mailing list archives,  experimented
 with the settings until I ran out of ideas, before asking about this
 on the list. It's either something I'm missing, misunderstanding, or
 possibly a peculiarity with my hardware. Any help greatly appreciated.
 
 Denny White
 

Never got an answer on this problem, but I resolved it  it's working
fine now. Apparently I didn't read enough, at least in the right place.
For the sake of anyone who runs into the same problem, got what I
needed at:

http://www.networkupstools.org/doc/2.0.1/INSTALL.html

Denny White

-- 

___     ___
   / __/ _ \/ __/__  /
  _\ \/ // / _//___/ /
 /___//_/ /_/

[ 1987 - 2007 ]

  http://sdf.lonestar.org
 Public Access Unix System
===
GnuPG key  : 0x1644E79A  |  http://wwwkeys.nl.pgp.net
Fingerprint: D0A9 AD44 1F10 E09E 0E67  EC25 CB44 F2E5 1644 E79A
=== 
iD8DBQFGp7Vly0Ty5RZE55oRAvOQAKCivWSNF/z4EJwC+yLa5836Ney2QACZAUdf
KKE5FrTOjpURUeu1KkV0R1k=
=Yfzx
-END PGP SIGNATURE-

hoststated failover for ssl relay problem

[Steve Turner]

Hi all,

I'm setting up an OpenBSD box as a firewall also handling loadbalancing,
failover, and ssl relaying to a group of application servers. Configuring
hoststated for the http loadbalancing and failover has been straightforward
but I've run into problems with failover for https. The ssl relay works but
won't failover to a backup table (a static web page served by apache bound
to localhost). Running 'hoststatectl show summary' gives me output saying
the backup table is in effect but there's no response from the localhost
server (which is also the backup server for http service- and works fine on
failover). Running 'hoststated -d' to see output, I get the message:
relay_from_table: no active hosts
relay sslaccel, session 1 (1 active), 192.168.1.108 - :0, session failed
whenever an https request is sent.

I've tried adding a backup table in the relay section of
hoststated.confbut syntax for a backup table is not allowed there.
I've created a service
called wwwssl and added that to the relay section but the backup table in
the service is ignored. I've swapped addresses and ports and run apache on
different addresses and ports and all other sorts of combinations but to no
avail. Does anyone have any experience or insight to share on this?
hoststated.conf follows.

Otherwise, many thanks to pyr@ and reyk@ for the work on hoststated- it's
made for another OpenBSD entry into a corporate environment (and my job
happier :) ).

Thanks!

-Steve

hoststated.conf:
www1=172.16.1.10
www2=172.16.1.11
wwwbackup=127.0.0.1
interval 1
table wwwhosts {
real port 80
check icmp
host $www1
host $www2
}
table wwwhostsbackup {
real port 80
check icmp
host $wwwbackup
}
service www {
   virtual host 192.168.1.6 port 80 interface bge0
   tag HOSTSTATED
   table wwwhosts
   backup table wwwhostsbackup
}
service wwwssl {
virtual host 192.168.1.7 port 80 #this host ip could be 127.0.0.1 and the
same effect happens
   tag HOSTSTATED
   table wwwhosts
   backup table wwwhostsbackup
}
protocol http_ssl {
protocol http
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to
X-Forwarded-By:$SERVER_ADDR:$SERVER_PORT
header change Keep-Alive to 10
ssl { sslv3, sslv2, ciphers ALL }
}
relay sslaccel {
   listen on 192.168.1.6 port 443 ssl
   protocol http_ssl
   service wwwssl
}

compiled-in binary tree: fsss project

[Alexey Vatchenko]

Hi!
I developed a useful (for me :) utility that probably can be useful for
someone else. It's BSD licensed.
It generates .c and .h files with sorted keys and provides programer
with _search_ function that takes key as argument and returns pointer to
the structure. Key and values are read from special file with very
simple format:
key {field1, field2, fieldn}
key2 key2_alias1 {field1, field2, fieldn}

It just like have filled binary tree at start of a program. So,
programer doesn't need to sort data at start, he has them sorted
already.

Read more: http://www.bsdua.org/fsss.html
Or better download source code: http://www.bsdua.org/files/fsss.tar.gz

Thanks. Any comments are welcome.

PS: fsss means Fast  Simple Structure Search :)

-- 
Alexey Vatchenko
http://www.bsdua.org
E-mail: [EMAIL PROTECTED]
JID: [EMAIL PROTECTED]

Re: Announcing: The OpenBSD Foundation

[Cheng, Alan]

 Great news! Hope this can boot the development of OpenBSD and its related 
software to a higher stage.



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob Beck
Sent: 2007年7月26日 7:44
To: misc@openbsd.org; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Announcing: The OpenBSD Foundation

The OpenBSD Foundation is pleased to announce today it has completed its 
organization as a Canadian federal non-profit corporation and is ready for 
public interaction.

The OpenBSD Foundation has been formed for the purpose of supporting the 
OpenBSD project, and related projects such as OpenSSH, OpenBGPD, OpenNTPD, and 
OpenCVS.

In particular it will act as a single point of contact for persons and 
organizations requiring a legal entity to deal with when they wish to support 
OpenBSD in any way.
  
The OpenBSD Foundation will initially concentrate on facilitating larger 
donations of equipment, funds, documentation and resources. Small scale 
donations should continue to be submitted through the existing mechanisms.
  
The OpenBSD Foundation corporate charter, bylaws, and goals can be found at 
http://www.openbsdfoundation.org. The foundation directors may be contacted via 
email at [EMAIL PROTECTED]

Re: Remote Printing Using CUPS

[Jason George]

Hi all,

I've already searched on the Internet and also some OpenBSD FAQ
documentation but I could not find anything that could help me. I'd
like to know if CUPS that is packed for OpenBSD has the Windows
Printer through Samba option, that could allow remote printing on
Windows machines. I've already both CUPS and Samba installed, but the
only options I have are:

* AppSocket/HP JetDirect
* Internet Printing Protocol (http)
* Internet Printing Protocol (ipp)
* LDP/LPR Host or Printer
* USB Printer #1
* USB Printer #2

These are the options for talking to the printer.

Define a printer in CUPS.
Print a test page to show the connection is working.
Follow the myriad of Samba docs to add a new printer.
Map the printer via Samba on the Windows clients.
Print from Windows clients.

Re: installation on extended partition

[Nick Holland]

Dimitrios Apostolou wrote:
 Hello again, 
 
 I forgot to mention that I'm not subscribed so please CC: me personally in 
 all 
 replies. 
 
 I know that installation on extended partitions is not officially supported, 
 that's why I'm asking for unofficial information. 

Always interesting to see how people will pick an OS for its stability
and its security, then try to do unsupported things.

 If I could choose I would
 of course had tried installation on a primary partition, but I had no 
 alternative. I would either try installing it there, or not at all.

Unless you write code, it's gonna be not at all then, given those
conditions.

 After all, I have read at various places about it being unsupported but 
 doable 
 (with no details anywhere, unfortunately). 

Oh?  That's interesting, since:
 1) The OpenBSD boot code does not load from non-primary partitions.
 2) I'm not aware of any other boot loader out there that will directly
load an OpenBSD kernel (all that I am aware of just load the
OpenBSD PBR which loads /boot which loads /bsd.)

 For example I quote the following: 
 
 flag  Make the given partition table entry bootable. Only one entry can be 
 marked bootable. If you wish to boot from an extended partition, you will 
 need to mark the partition table entry for the extended partition as 
 bootable.
 
 
 from http://www.openbsd.org/faq/faq14.html#fdisk

Ok, at least you site a source.  That saves you from the boiling
oil. :)

Unfortunately, you misunderstand what it is saying (or what was intended).
fdisk can mark any partition bootable.  That partition could be OpenBSD,
Netware, Windows, OS/2, whatever.  Now it is up to the OS on that
partition to be able to boot.  fdisk doesn't make it happen, it just marks
the boot partition.

OpenBSD's fdisk doesn't limit what you can do, which is why a lot of us
end up grabbing OpenBSD boot disks when we need to clean up partitioning
table messes in non-OpenBSD systems.  OpenBSD's fdisk assumes you know what
you are doing, no limits.  What you are doing may have nothing to do with
OpenBSD.

I've added notes about primary partitions only in a couple strategic
places in the FAQ.

Usually, the people wanting to do things like this are wanting to try
out OpenBSD.  BAD idea.  Don't try out an OS in the middle of a bunch
of other OSs on the same computer.  Get to know the system BEFORE you
try to do multi-booting.  Otherwise, you are very likely going to find
yourself with either an accidentally OpenBSD-only system or a blank
system.  Grab someone's virus-infested computer they are discarding,
and get to know OpenBSD on that.  That solves a few problems at once. :)

Nick.

looking for person to be interviewed for FLOSS Weekly

[Randal L. Schwartz]

I'm co-producing the FLOSS Weekly podcast with Leo Laporte (roughly 50K
downloads, if I recall).  I'm looking for someone who can speak about the
past, present and future of OpenBSD.  I particularly also want someone who can
speak about the additional freedoms of the BSD license.  An added bonus would
be someone who has been in open source software for a long time.

Past shows can be found at www.twit.tv/floss, including the one I just
did with Josh Berkus of the PostgreSQL project.

Any volunteers?

Thanks.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
[EMAIL PROTECTED] URL:http://www.stonehenge.com/merlyn/
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!

Re: About encryption

[Lawrence Teo]

Brian Hansen wrote:

Hi

I have no prior experience in encryption but wants to figure out how to - as
safe as possible - encrypt some files on my computer. I have been looking at
both GNUPG and Mcrypt. I am not interested in the KEY part of GNUPG but only
encrypting files.

Which - if any - would you recommend for the task and using what algorithms?


Simplest encryption/decryption program I've found:

http://ccrypt.sourceforge.net/

There's an OpenBSD package for it too.

Hope it helps,
Lawrence


--
Lawrence Teo
Calyptix Security
http://www.calyptix.com/

Re: Announcing: The OpenBSD Foundation

[Sevan / Venture37]

I wish you the best of luck guys, you deserve it, keep up the good work, 
roll on openbsd 4.2! :)



Sevan / Venture37

_
The next generation of Hotmail is here!  http://www.newhotmail.co.uk/

Re: Announcing: The OpenBSD Foundation

[J.C. Roberts]

On Wednesday 25 July 2007, Bob Beck wrote:
 The OpenBSD Foundation is pleased to announce today it has completed
 its organization as a Canadian federal non-profit corporation and is
 ready for public interaction.

Congratulations Bob, Theo, Jason and all the others who have worked hard 
to make this a reality.

Kind Regards,
jcr

Re: Dell sc440 / broadcom bcm5754 nic [resolution]

[Charlie Farinella]

On Tuesday 24 July 2007, Chris Kuethe wrote:
 On 7/24/07, Charlie Farinella [EMAIL PROTECTED] 
wrote:
  Thank you, I think this will solve my problem, but I have no idea 
how to
  proceed.  I assume I need to recompile the kernel and swap out the 
new
  if_bge.c file for the one included with the OS.  Is that correct?  
I've
  looked briefly at docs and some how-to's but haven't seen any 
specific
  instructions.  If anyone knows of some documentation for this, a
  pointer would be appreciated.
 
 much like the instructions at the beginning of other patches...
 general information on how to patch an openbsd is in the FAQ
 http://www.openbsd.org/faq/faq10.html#Patches
 http://www.openbsd.org/faq/faq5.html#Building

For anyone else with the same problem:

I ended up downloading the entire /sys directory from current, then 
compile and install.  That worked!

Thanks to all for your help.  :-)

 let me know if this doesn't apply or doesn't work.
 
 save the diff below (into /tmp/bgediff, for example)
 cd /sys/dev/pci
 patch -C  /tmp/bgediff (check that the diff would apply correctly)
 patch  /tmp/bgediff
 cd /sys/arch/i386/conf/   (assuming you're running i386)
 config GENERIC
 cd ../compile/GENERIC
 make clean depend bsd
 make install
 reboot
 
 
 Index: if_bge.c
 ===
 RCS file: /cvs/src/sys/dev/pci/if_bge.c,v
 Retrieving revision 1.211
 Retrieving revision 1.212
 server -u -N -p -r1.211 -r1.212 if_bge.c
 --- if_bge.c  24 Jul 2007 14:42:551.211
 +++ if_bge.c  24 Jul 2007 14:42:551.212
 @@ -1384,16 +1384,21 @@ bge_blockinit(struct bge_softc *sc)
   }
 
   /*
 -  * Set the BD ring replentish thresholds. The recommended
 +  * Set the BD ring replenish thresholds. The recommended
* values are 1/8th the number of descriptors allocated to
* each ring.
*/
   i = BGE_STD_RX_RING_CNT / 8;
 
 - /* Use a value of 8 for these chips to workaround HW errata */
 + /*
 +  * Use a value of 8 for the following chips to workaround HW errata.
 +  * Some of these chips have been added based on empirical
 +  * evidence (they don't work unless this is done).
 +  */
   if (BGE_ASICREV(sc-bge_chipid) == BGE_ASICREV_BCM5750 ||
   BGE_ASICREV(sc-bge_chipid) == BGE_ASICREV_BCM5752 ||
 - BGE_ASICREV(sc-bge_chipid) == BGE_ASICREV_BCM5755)
 + BGE_ASICREV(sc-bge_chipid) == BGE_ASICREV_BCM5755 ||
 + BGE_ASICREV(sc-bge_chipid) == BGE_ASICREV_BCM5787)
   i = 8;
 
   CSR_WRITE_4(sc, BGE_RBDI_STD_REPL_THRESH, i);
 
 -- 
 GDB has a 'break' feature; why doesn't it have 'fix' too?
 
 
 



-- 

Charles Farinella 
Appropriate Solutions, Inc. (www.AppropriateSolutions.com)
[EMAIL PROTECTED]
voice: 603.924.6079   fax: 603.924.8668

Re: OpenBSD BIND 9 cache poisoning

[Cheng, Alan]

Another reason to deploy OpenBSD :o)

-Alan Cheng 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jakob Schlyter
Sent: 2007年7月26日 3:29
To: misc@openbsd.org
Subject: OpenBSD  BIND 9 cache poisoning

as some of you may have noticed, a new weakness in BIND 9 has recently been 
discovered.  using this weakness, an attacker can remotely poison the cache of 
any BIND 9 server.  the attacker can do this due to a weakness in the 
transaction ID generation algorithm used.

when BIND 9 was first imported into OpenBSD, we decided not to use the default 
ID generation algorithm (LFSR, Linear Feedback Shift
Register) but to use a more proven algorithm (LCG, Linear Congruential 
Generator) instead.  thanks to this wise decision, the BIND 9 shipped with 
OpenBSD does not have this weakness.


the proactive security of OpenBSD strikes again,

jakob


ref: http://www.trusteer.com/docs/bind9dns.html