Re: PF FAQ fix

2007-10-26 Thread Joel Knight 
--- Quoting NetOne - Doichin Dokov on 2007/10/26 at 21:08 +0300:

> Hi all!
> 
> I think there's a mistake in the PF FAQ, but before submitting it as a 
> bug, would like to make sure it's not me who is wrong, though last night 
> i helped a guy in #pf who had a problem with this and who did confirm i 
> am right.
> 
> What I'm talking about is http://www.openbsd.org/faq/pf/pools.html#outgoing
> The last two lines in the example say:
> 
> #  route packets from any IPs on $ext_if1 to $ext_gw1 and the same for
> #  $ext_if2 and $ext_gw2
> pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any 
> pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 
> 
> They are supposed to route outgoing packets from $ext_if1 / $ext_if2 IPs 
> to the appropriate gw, when it is not the default route (one of them is 
> always not). So, the right rules should be:
> 
> pass out on $ext_if1 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any 
> pass out on $ext_if2 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any 

No, this isn't right. There's no point it explicity routing to $ext_gw1
if the packet is already leaving on $ext_if1 -- it's going to be heading
to that gateway anyways. The point of those two rules is to catch the
scenario where you have a packet heading out on if1 with a source
address from if2 and vice-versa.
 
> There should also be a remark, in case the user uses OpenBSD 4.1 (or the 
> forthcoming FreeBSD 7.0 release) to add "no state" to those two rules, 
> as if they don't, they match only packets with flags S/SA (which are now 
> added by default), and, as a result, connections coming from the outside 
> to the local machine do not get established, as the reply packets don't 
> match those route-to's and are not routed.

Those rules aren't meant to allow connections to the local machine at
all. You'd have to allow for that with separate rules. You could add 'no
state' to those rules though just because they don't need to keep state.
Their only job is to push packets to the proper outgoing interface based
on the packet's source address.






.joel

Re: Remove escape characters from file

2007-10-26 Thread Ingo Schwarze 
Hi Peter,

> does OpenBSD have a program/script to remove control characters (escape
> sequence) from text files?

Sure,
  sed 's/[^A-Z ]//g'

No kidding: Usually you want to specify which characters to allow,
not which characters to remove (default deny policy).
In case you want to allow more than just capital letters and blanks,
add them to the character set above.  See sed(1) for details.

Yours,
  Ingo

Re: openbsd debugger

2007-10-26 Thread Ingo Schwarze 
Hi Thomas,

Thomas Bvrnert wrote on Fri, Oct 26, 2007 at 10:26:13PM +0200:

> if everyone want to see the openbsd debugger,
> here a nice tipp or bug :-)
> as root
> ---snip---
> mount -o ro /&
> mount -o ro /
> ---snip---

In case this is supposed to be a bug report, you could be a bit more
specific:  http://www.openbsd.org/report.html

Ad hoc, i fail to see any problem:

[EMAIL PROTECTED] # mount -o ro /
[EMAIL PROTECTED] # mount
/dev/wd0a on / type ffs (local, read-only)
/dev/wd0e on /tmp type ffs (local, nodev, nosuid)
/dev/wd0f on /var type ffs (local, nodev, nosuid)
/dev/wd0g on /usr type ffs (local, nodev)
/dev/wd0h on /srv type ffs (local, nodev, nosuid)
nfs:/raid/home on /home type nfs (nodev, nosuid, v3, udp, timeo=100)
nfs:/raid/scratch on /scratch type nfs (nodev, nosuid, v3, udp, timeo=100)
nfs:/clone on /clone type nfs (nodev, noexec, v3, udp, timeo=100)
nfs:/raid/data on /data type nfs (nodev, nosuid, v3, udp, timeo=100)
nfs:/raid/mail on /var/mail type nfs (nodev, noexec, v3, udp, timeo=100)
nfs:/raid/www on /www type nfs (nodev, nosuid, v3, udp, timeo=100)
nfs:/raid/usta on /usr/usta type nfs (nodev, v3, udp, timeo=100)
nfs:/raid/tausch on /tausch type nfs (nodev, noexec, read-only, v3, udp, \
timeo=100)
athene:/usr/src on /usr/src type nfs (read-only, v3, udp, timeo=100)
athene:/usr/ports on /usr/ports type nfs (read-only, v3, udp, timeo=100)
athene:/usr/xenocara on /usr/xenocara type nfs (read-only, v3, udp, timeo=100)
[EMAIL PROTECTED] # mount -o ro / 
[EMAIL PROTECTED] # mount -o ro / &
[1] 17311
[EMAIL PROTECTED] # 
[1] + Done mount -o ro / 
[EMAIL PROTECTED] # mount -o ro /   
[EMAIL PROTECTED] # mount -o rw / 
[EMAIL PROTECTED] # mount -o ro / & mount -o ro /
[1] 20175
[1] + Done mount -o ro / 
[EMAIL PROTECTED] # mount -o rw / 
[EMAIL PROTECTED] # sysctl kern.version
kern.version=OpenBSD 4.2-current (GENERIC) #65: Mon Oct 15 16:36:09 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
[EMAIL PROTECTED] # strings /sbin/mount_ffs | grep -F \$OpenBSD
$OpenBSD: mount_ffs.c,v 1.19 2006/08/11 11:47:39 pedro Exp $
$OpenBSD: getmntopts.c,v 1.10 2006/09/30 17:48:22 ray Exp $
[EMAIL PROTECTED] # strings /sbin/mount | grep -F \$OpenBSD 
$OpenBSD: mount.c,v 1.46 2007/09/02 15:19:24 deraadt Exp $

Yours,
  Ingo

Re: OpenBSD PR #5239 and #5577

2007-10-26 Thread Matthew Clarke 

Matt Rowley wrote:

> Amarendra Godbole wrote:
>

I use OpenBSD 4.2-current on IBM ThinkPad X60, and face similar issue
mentioned in PRs' #5239, and #5577 - as soon as I insert a PCMCIA
card in the slot (mine is Sierra Wireless AirCard 555), the kernel
panics. This happens if I boot with the card in the slot, or if I
insert the card in the slot when the machine is up and running.


I can confirm the same behavior on my T60p.  Inserting Cisco Aeronet 340 
and 350 cards causes the kernel to panic.  If the card is in the slot 
at boot, when the kernel gets to it in boot up, it panics, too.  I 
haven't had a chance to record the trace / ps dumps yet...


Also on my ThinkPad T60 on insertion of either an IBM PC Card analog 
modem or a Megahertz PC Card analog modem and on removal of a Kyocera 
KPC650 CDMA wireless modem PC Card.  PR kernel/5607.

Re: max number of groups

2007-10-26 Thread Douglas A. Tutty 
On Fri, Oct 26, 2007 at 03:38:51PM -0700, Darren Spruell wrote:
> On 10/26/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > On Fri, Oct 26, 2007 at 09:55:13AM -0700, Ted Unangst wrote:
> > > On 10/25/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > > On Thu, Oct 25, 2007 at 10:19:19AM -0600, Theo de Raadt wrote:
> > > > > Well, there is no solution.  16 was chosen a lot of years ago as a
> > > > > reasonable amount of state to carry around, and that's the standard
> > > > > and we're probably going to stick with it.
> > > >
> > > > What, then, is the correct way to separate the project files of more
> > > > than 16 projects, where some users will need access to all of the
> > > > groups?
> > >
> > > read again:  there is no solution.
> > >
> >
> > There has to be _some_ solution but it doesn't have to revolve around
> > groups.
> 
> Here's a long shot - it's crazy enough it might just work. How about a
> real project management application?

See, I said there was a solution, and hey, it will all fit on one box.

(or a pair for redundancy for those who need it).

Doug.

Re: max number of groups

2007-10-26 Thread Ted Unangst 
On 10/26/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > What, then, is the correct way to separate the project files of more
> > > than 16 projects, where some users will need access to all of the
> > > groups?
>
> There has to be _some_ solution but it doesn't have to revolve around
> groups.  Surely we don't need a separate box for every 16 projects (and
> lets not get into another reason to use Xen :)) )
>
> Perhaps it putting the project files in CVS for individuals to check
> out.  Perhaps its some database system.  I don't know.  I am confident
> that there is a logical proper solution.

ok, sure.  you can create a user account "projectN" for every project,
then tell every user who wants access the password.  that's not a
solution, that's changing the problem. :)

when you say files, i think "files on the filesystem", not "files i
can make copies of via scp".  i have no idea what you're trying to do,
but if you really have so many projects and people and combinations
and you care deeply about security, why _would_ you cram all this
mayhem onto a single box?

Re: max number of groups

2007-10-26 Thread nocfed 
On 10/26/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 26, 2007 at 09:55:13AM -0700, Ted Unangst wrote:
> > On 10/25/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > On Thu, Oct 25, 2007 at 10:19:19AM -0600, Theo de Raadt wrote:
> > > > Well, there is no solution.  16 was chosen a lot of years ago as a
> > > > reasonable amount of state to carry around, and that's the standard
> > > > and we're probably going to stick with it.
> > >
> > > What, then, is the correct way to separate the project files of more
> > > than 16 projects, where some users will need access to all of the
> > > groups?
> >
> > read again:  there is no solution.
> >
>
> There has to be _some_ solution but it doesn't have to revolve around
> groups.  Surely we don't need a separate box for every 16 projects (and
> lets not get into another reason to use Xen :)) )
>
> Perhaps it putting the project files in CVS for individuals to check
> out.  Perhaps its some database system.  I don't know.  I am confident
> that there is a logical proper solution.
>
> Doug.
>
>

How about some simple sudo groups to a project user?

If you are not using a CMS to track user edit's then you might as well
just have a single user that can make changes to the project and just
share that user.

Re: max number of groups

2007-10-26 Thread Darren Spruell 
On 10/26/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Fri, Oct 26, 2007 at 09:55:13AM -0700, Ted Unangst wrote:
> > On 10/25/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > > On Thu, Oct 25, 2007 at 10:19:19AM -0600, Theo de Raadt wrote:
> > > > Well, there is no solution.  16 was chosen a lot of years ago as a
> > > > reasonable amount of state to carry around, and that's the standard
> > > > and we're probably going to stick with it.
> > >
> > > What, then, is the correct way to separate the project files of more
> > > than 16 projects, where some users will need access to all of the
> > > groups?
> >
> > read again:  there is no solution.
> >
>
> There has to be _some_ solution but it doesn't have to revolve around
> groups.

Here's a long shot - it's crazy enough it might just work. How about a
real project management application?

DS

Re: max number of groups

2007-10-26 Thread Douglas A. Tutty 
On Fri, Oct 26, 2007 at 09:55:13AM -0700, Ted Unangst wrote:
> On 10/25/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> > On Thu, Oct 25, 2007 at 10:19:19AM -0600, Theo de Raadt wrote:
> > > Well, there is no solution.  16 was chosen a lot of years ago as a
> > > reasonable amount of state to carry around, and that's the standard
> > > and we're probably going to stick with it.
> >
> > What, then, is the correct way to separate the project files of more
> > than 16 projects, where some users will need access to all of the
> > groups?
> 
> read again:  there is no solution.
> 

There has to be _some_ solution but it doesn't have to revolve around
groups.  Surely we don't need a separate box for every 16 projects (and
lets not get into another reason to use Xen :)) )

Perhaps it putting the project files in CVS for individuals to check
out.  Perhaps its some database system.  I don't know.  I am confident
that there is a logical proper solution.

Doug.

Re: Non-x86

2007-10-26 Thread Matthew Szudzik 
> > Where are the choices for non-x86?
> 
> The only remaining alternative is Sparc. Everything else is either old
> (macppc) or expensive & unsupported (IA64).

If anyone is looking for a non-x86 laptop, there aren't many choices.  Is 
there any information about OpenBSD on the following Sparc laptop?

 http://www.tadpolecomputer.com/products/notebooks/viper.asp

openbsd debugger

2007-10-26 Thread Thomas Börnert 
hi folks,

if everyone want to see the openbsd debugger,
here a nice tipp or bug :-)

as root

---snip---
mount -o ro /&
mount -o ro /
---snip---

-Thomas

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread gentoo1 
I thank each you! The issue is solved!!!
Problem was  that i have no ftp account on systems. I just think that
ftp-acc. is created by instalation of OpenBSD.
No problem  with anonymous ftp yet :) 

=)


-- 
View this message in context: 
http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13434677
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Remove escape characters from file

2007-10-26 Thread Andreas Maus 
On Fri, Oct 26, 2007 at 03:45:39PM +0200, Pieter Verberne wrote:
> Hi,
Hi Pieter.

> does OpenBSD have a program/script to remove control characters (escape
> sequence) from text files?
Do you mean something like the ^M (\r) character ?
I recommend using tr, e.g.:

tr -d '\r' < name_of_inputfile > name_of_outputfile

HTH,

Andreas.

-- 
Windows 95: A 32-bit patch for a 16-bit GUI shell running on top of
an 8-bit operating system written for a 4-bit processor by a 2-bit
company who cannot stand 1 bit of competition.

Re: Remove escape characters from file

2007-10-26 Thread djgoku 
On 10/26/07, Pieter Verberne <[EMAIL PROTECTED]> wrote:
> Hi,
>
> does OpenBSD have a program/script to remove control characters (escape
> sequence) from text files?

Not sure if this is what you are wanting.

tr '\r' '\n' < inputfile > outputfile

more info @ http://en.wikipedia.org/wiki/Newline

Re: Problem with MP on 4.2

2007-10-26 Thread Stijn 

Brian,

Abdul snipped a piece of my mail. To disable apm just do:

ukc> disable apm
ukc> quit

BR,
Stijn

Brian A Seklecki (Mobile) wrote:

first try to enable acpi and see what happens.

Thanks. Enabling acpi did not make a difference, but then I disabled  
apm and it's working.


Right -- all of the example ukc> output shows how to enable acpi0 but no
one ever shows how to disable apm0.  


~BAS


Abdul


HTH,
Stijn

Re: 4.2/amd64 cannot detect any CDROM even the one from which it was installed

2007-10-26 Thread Calomel 
Siju,

Has the device name changed? Perhaps to /dev/cd0a 

--
 Calomel @ http://calomel.org
 OpenSource Research and Reference

On Thu, Oct 25, 2007 at 07:12:59PM +0530, Siju George wrote:
>Hi,
>
>I installed OpenBSD 4.2 on CD on my amd64 that was running OpenBSD 4.0 fine.
>I tried to mount the sparc64 CDROM to copy ports.tgz
>But I get the following Error
>
># mount_cd9660 /dev/cd0c /mnt/
>mount_cd9660: /dev/cd0c on /mnt: No medium found
># mount_cd9660 /dev/cd0c /mnt/
>mount_cd9660: /dev/cd0c on /mnt: No medium found
># mount_cd9660 /dev/cd0c /mnt/
>mount_cd9660: /dev/cd0c on /mnt: No medium found
>#
>
>This Error I checked is the same error I get when there is no CDROM inside.
>
>I tried other CDs but the effect is the same.
>Finally I tried to mount the CD from which 4.2 was installed but failed.
>I used to mount CDs in 4.0 without any problems :-(
>Could somebody help me trouble shoot this problem?
>
>Thankyou so much :-)
>
>Kind Regards
>
>Siju
>
>The dmesg and /var/log/messages are as follows
>
>
>
>OpenBSD 4.2 (GENERIC) #1179: Tue Aug 28 10:37:50 MDT 2007
>[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
>real mem = 469037056 (447MB)
>avail mem = 443813888 (423MB)
>mainbus0 at root
>bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0730 (54 entries)
>bios0: vendor American Megatrends Inc. version "080012 " date 06/19/2006
>bios0: ASUSTeK Computer INC. A8V-VM
>acpi at mainbus0 not configured
>cpu0 at mainbus0: (uniprocessor)
>cpu0: AMD Athlon(tm) 64 Processor 3500+, 2200.44 MHz

Re: Remove escape characters from file

2007-10-26 Thread Calomel 
Pieter,

To remove the ^M characters at the end of all lines in vi, use:

:%s/^V^M//g

The ^v is a CONTROL-V character and ^m is a CONTROL-M. When you type this,
it will look like this:

:%s/^M//g

--
 Calomel @ http://calomel.org
 Open Source Research and Reference

On Fri, Oct 26, 2007 at 03:45:39PM +0200, Pieter Verberne wrote:
>Hi,
>
>does OpenBSD have a program/script to remove control characters (escape
>sequence) from text files?
>
>Pieter

Re: Problem with disk size

2007-10-26 Thread Jon Sjöstedt 
I redid the whole thing. Now it works. I thing the problem was that I used
disklabel -E the first time, and that the BIOS geometry was bad

> Jon Sjvstedt wrote:
>> Hello all!
>>
>> I have an OpenBSD-box with two 250G drives inside (and some SCSI).
>> Trying
>> to use one of the drives as a whole gave this from disklabel
>>
>>
>> $ sudo disklabel -p g wd0
>> [snip]
>
> don't snip.
>
>> 16 partitions:
>> # sizeoffset  fstype [fsize bsize  cpg]
>>   c:233.8G  0.0G  unused  0 0  # Cyl
>> 0-486343
>>   d:233.8G  0.0G  4.2BSD   2048 16384   16 # Cyl
>> 0*-486343*
>>
>> but df -h says:
>>
>> /dev/wd0d  7.8G7.4G4.2M   100%
>>
>> and I cant create any new files on the drive. What could be the problem
>> here? Any hints appreciated.
>>
>> dmesg attached.
>
> thanks for the dmesg.
>
> You tried darned hard to obscure this (I really don't care how many G
> your disk is, I care about which sectors you are using), but it does
> appear that you opted to not properly partition your disk.  The fact
> that you didn't show the output of fdisk causes me to believe you
> knew it, though you may not have recognized the significance. ;)
>
> Your OpenBSD subpartition appears to start at sector zero.  Bad idea.
> This means, whether by design or by accident, you don't have an fdisk
> partition table (aka, MBR) on the disk.  Also a bad idea.
>
> On some platforms, i386 is one of them, you must use fdisk partitions,
> and your disklabel partitions must start at a one track offset (in
> your case, probably 63 sectors).
>
> When you don't follow the rules, ugly things happen.  It isn't the
> size of the disk, it's the way it's laid out that is giving you
> problems.
>
> See faq14.html...
>
> Nick.
>
>
>
> .
>


<>
Jon Sjvstedt   _O_
Godvddersgatan 52 /(|)\
418 38 GVTEBORG  |  H  |
-OOO-[-+X+-]-OOO-
Hem 075 - 242 80 04( )
Mobil 0735 - 029 557  _| |_

[EMAIL PROTECTED] [EMAIL PROTECTED]

Re: CVS update aborts with "No space left on device"

2007-10-26 Thread Markus Lude 
On Fri, Oct 26, 2007 at 06:42:41PM +0200, Heinrich Rebehn wrote:
> Hi list,
> 
> when i try to update my sources using CVS i get e following error:
> 
> ###
> Updating src
> M usr.sbin/spamdb/spamdb.c
> Updating ports
> ? editors/fte
> cvs [server aborted]: error closing CVS/Entries.Backup: No space left on 
> device
> Done
> ###

The problem with too less space is on the server side. Use another
mirror or try again later.

Regards,
Markus

Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Subcommander l0r3zz 
On 10/26/07, Matt Rowley <[EMAIL PROTECTED]> wrote:
>
> > Some but not all. If you buy a Dell 2950 quad and load it up with 8
> > Gig. You can spend $500 on an ESX 3i license and run  10 - 15 512 MB
> > OpenBSD single processor VMs.  The difference here is that you can
> > max out the duty cycle on the box where as a single OS running on the
> > same Iron won't do that.  For ESX it's designed for you to max out
> > the hardware
>
> I think you're off on price by almost an order of magnitude (ESX runs
> about $3k per CPU socket, iirc).
> I don't disagree with your point, though; virtualizing under-utilized
> hardware can save you money and electricity.
>
> --Matt



03, 2007   |   2
Comments

The upcoming major update in VMware Infrastructure 3.x, called 3.5, and new ESX
Server 
3iwill
be available to general public in December 2007,
virtualization.info has learned. An official announcement is expected next
week.

virtualization already broke the
newsabout
new features and enhancements that will appear in VI
3.5, including ESX Server 3i integration into servers from popular OEMs like
Dell, IBM, HP. But the biggest news emerges only now: *VMware will also sell
ESX Server 3i as stand-alone product, with support for SATA storage devices,
at less than $500*.

Re: CVS update aborts with "No space left on device"

2007-10-26 Thread jmc 
--- Heinrich Rebehn [Fri, Oct 26, 2007 at 06:42:41PM +0200]: --- 
> Hi list,
> 
> when i try to update my sources using CVS i get e following error:

i think the remote CVS server is giving you that message, not your
machine. you could try another mirror or wait a bit and i'm sure it'll be
tended to.

Re: OpenBSD 4.2 RAIDFrame mirror

2007-10-26 Thread Brian A Seklecki (Mobile) 
On Thu, 2007-10-25 at 10:50 +0200, Dominik Zalewski wrote:
> Dear All,
> 
> I have a machine with two Maxtor 160GB hard disks. I've installed OpenBSD 4.2 
> on first one and I would like to use second one as a mirror.

If you really want to kick as the dead horse, I can probably roll a 4.2
install image that has RAIDFrame in the RD, so you can set it up
property at install time.

You best bet is an entry-level bio(4) manageable hardware RAID
Controller.

~BAS

> As far as I understood I will have to repartition and reinstall whole system 
> to enable second disk as a mirror. All I want is to have software RAID 1.

Re: max number of groups

2007-10-26 Thread Ted Unangst 
On 10/25/07, Douglas A. Tutty <[EMAIL PROTECTED]> wrote:
> On Thu, Oct 25, 2007 at 10:19:19AM -0600, Theo de Raadt wrote:
> > Well, there is no solution.  16 was chosen a lot of years ago as a
> > reasonable amount of state to carry around, and that's the standard
> > and we're probably going to stick with it.
>
> What, then, is the correct way to separate the project files of more
> than 16 projects, where some users will need access to all of the
> groups?

read again:  there is no solution.

CVS update aborts with "No space left on device"

2007-10-26 Thread Heinrich Rebehn 

Hi list,

when i try to update my sources using CVS i get e following error:

###
Updating src
M usr.sbin/spamdb/spamdb.c
Updating ports
? editors/fte
cvs [server aborted]: error closing CVS/Entries.Backup: No space left on 
device

Done
###

This is the script that is stared by cron:

###
#!/bin/sh
export [EMAIL PROTECTED]:/cvs
#
echo "Updating src"
cd /usr/src && cvs -q up -rOPENBSD_4_2 -Pd
#
echo "Updating ports"
cd /usr/ports && cvs -q up -rOPENBSD_4_2 -Pd
#
echo "Done"
###

This is my disk:

###
[EMAIL PROTECTED] [~] # df -hi
Filesystem SizeUsed   Avail Capacity iused   ifree  %iused 
Mounted on

/dev/wd0a 18.7G6.7G   11.0G38%  363344 215710214%   /
[EMAIL PROTECTED] [~] # mount
/dev/wd0a on / type ffs (local, softdep)
###

11.0G free should be enough?

Any ideas?

Heinrich

Re: Non-x86

2007-10-26 Thread Martin Schröder 
2007/10/26, Lars Noodin <[EMAIL PROTECTED]>:
> Where are the choices for non-x86?

The only remaining alternative is Sparc. Everything else is either old
(macppc) or expensive & unsupported (IA64).

Best
   Martin

Re: Non-x86

2007-10-26 Thread Lars Noodén 
Ted Unangst wrote:
> On 10/26/07, Lars NoodC)n <[EMAIL PROTECTED]> wrote:
>> In the specific context of CALEA, the AMT wikipedia page as of Fri Oct
>> 26 07:45:59 GMT 2007, does not contain any references to CALEA, but do
>> contain the links I provided above.  The CALEA page points to links
>> easily found with search engines.
> 
> so in the specific context of CALEA, why don't you explain how AMT is related?
> 
CALEA requires wiretapping capabilities in networking hardware.  You
know that.  AMT provides wiretapping capabilities, though not by name.

What is unclear is how much those CALEA requirements extend to more
generic computing platforms and even operating systems.

AMT, from Intel's own pages, seems for all practical purposes a
hard-coded rootkit useful for surveillance, among other things.  Thus
the connection to CALEA.

So, are backdoors like AMT required for all motherboards now?
If so, what are the details?
If not, what non-x86 options are available for regular workstations and
servers.  There's a shitload available for embedded devices and such.
Where are the choices for non-x86?

-Lars

Re: Problem with MP on 4.2

2007-10-26 Thread Brian A Seklecki (Mobile) 
> > first try to enable acpi and see what happens.
> >
> 
> Thanks. Enabling acpi did not make a difference, but then I disabled  
> apm and it's working.

Right -- all of the example ukc> output shows how to enable acpi0 but no
one ever shows how to disable apm0.  

~BAS

> 
> Abdul
> 
> > HTH,
> > Stijn

Re: Non-x86

2007-10-26 Thread Ted Unangst 
On 10/26/07, Lars Noodin <[EMAIL PROTECTED]> wrote:
> In the specific context of CALEA, the AMT wikipedia page as of Fri Oct
> 26 07:45:59 GMT 2007, does not contain any references to CALEA, but do
> contain the links I provided above.  The CALEA page points to links
> easily found with search engines.

so in the specific context of CALEA, why don't you explain how AMT is
related?

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread david l goodrich 
On Fri, 26 Oct 2007 07:32:40 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]> wrote:
> david l goodrich wrote:
>>
>> On Fri, 26 Oct 2007 05:18:07 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]>
> wrote:
>>> HI guys!
>>>  I'm new in Open BSD world.. I have 5 years experience in Linux and
>> UNIX..
>>> But  now i have openbsd instalation since 1 week :)
>>> And a problem with vsftpd (anonymous):
>>>
>>> client says :
>>> 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
>>> .
>>> .
>>> .
>>> When i set
>>> anonymous_enable=NO
>>> local_enable=YES ,
>>>  Then Everything is okay:
>>> Connected to .
>>> 220 Welcome to Open BSD FTP server
>>> User (...:(none)):
>>>
>>>
>>> Please help me to solve this problem:blush:
>>
>> Do you have a user on your system named "ftp"?
>>   --david
>>
> 
> I have this in /etc/passwd :
> 
> _ftp:*:84:84:FTP Daemon:/var/empty:/sbin/nologin
> 
> 
> I have not been appending it as root in system but I think that this user
> is
> created by default / by instalation/ or not?


yes, _ftp is created by default.
yet _ftp is not ftp.  Either create a user named 'ftp' or change
ftp_username in your vsftp config to _ftp.
  --david


> 
> Thanks in advance!

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread Christopher Bianchi 
gentoo1 wrote:
> david l goodrich-2 wrote:
>   
>> On Fri, 26 Oct 2007 05:18:07 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]> wrote:
>> 
>>> HI guys!
>>>  I'm new in Open BSD world.. I have 5 years experience in Linux and
>>>   
>> UNIX..
>> 
>>> But  now i have openbsd instalation since 1 week :)
>>> And a problem with vsftpd (anonymous):
>>>
>>> client says :
>>> 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
>>> .
>>> .
>>> .
>>> When i set
>>> anonymous_enable=NO
>>> local_enable=YES ,
>>>  Then Everything is okay:
>>> Connected to .
>>> 220 Welcome to Open BSD FTP server
>>> User (...:(none)):
>>>
>>>
>>> Please help me to solve this problem:blush:
>>>   
>> Do you have a user on your system named "ftp"?
>>   --david
>>
>> 
>>> --
>>> View this message in context:
>>> http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13426108
>>> Sent from the openbsd user - misc mailing list archive at Nabble.com.
>>>   
>>
>> 
>
>
> I have this in /etc/passwd :
>
> _ftp:*:84:84:FTP Daemon:/var/empty:/sbin/nologin
>
>
> I have not been appending it as root in system but I think that this user is
> created by default / by instalation/ or not?
>
> Thanks in advance!
>   
oh, you're doing it with vsftpd, but yes, i think you must create a ftp user

Re: CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?)

2007-10-26 Thread Brian A Seklecki (Mobile) 
On Mon, 2007-10-22 at 12:04 +0200, Henning Brauer wrote:
> * Claudio Jeker <[EMAIL PROTECTED]> [2007-10-22 08:17]:
> > Fragment Reassembly does not happen in the forwarding plane, it happens on
> > the end system. By doing "flow" based forwarding on the router you're no
> > longer able to do all the additional checks that pf(4) is doing in its
> > stateful forwarding path.
> 
> and we don't actually need these on a non-edge router. I'd go so far
> to say they hurt in that case.

I agree.

Just to confirm... you do not encourage the use of fragment reassembly
at forwarding points other than the network periphery?

We recently ran into some intermittent TCP connection stalls in a
network where end point systems were behind as many a three PF systems
end-point to end-point.  "pfctl -x loud" had a direct correlation to the
stalls and reassemble debug activity output.

We didn't debug it too much because there was a mix of 3.7, 3.9, and 4.1
systems and we wanted to standardize on 4.2 before filing any
superfluous bug reports.

~BAS

> > > There is probably a huge market out there for a commodity standards
> > > based hardware (if it could be done)
> > I doubt it, the necessary HW is just to expensive and complex.
> 
> I totlly agree with the statement that there is a huge market for 
> that - but getting supported, fully working hardware at reasonable 
> prices for it is indeed a gigantic challenge.

Re: fsck_msdos wants to repair what newfs_msdos created (4.1)

2007-10-26 Thread Matthew Szudzik 
> Does this mean that the two (incorrect) fields
> 
>   Free space in FSInfo block (-1) not correct (134041)
>   Next free cluster in FSInfo block (2) not free
> 
> of a newly created 'msdos -F 32' are nothing to worry about?


I encountered the same problem a few months ago

 http://marc.info/?l=openbsd-misc&m=118401787918802

and concluded that the errors were harmless, but annoying.

[SOLVED] Re: fsck_msdos wants to repair what newfs_msdos created (4.1)

2007-10-26 Thread Jan Stary 
On Oct 26 10:56:49, Matthew Szudzik wrote:
> > Does this mean that the two (incorrect) fields
> > 
> > Free space in FSInfo block (-1) not correct (134041)
> > Next free cluster in FSInfo block (2) not free
> > 
> > of a newly created 'msdos -F 32' are nothing to worry about?
> 
> 
> I encountered the same problem a few months ago
>  http://marc.info/?l=openbsd-misc&m=118401787918802
> and concluded that the errors were harmless, but annoying.

The above link explains it completely.
(Should have read the archives.)

Thanks

Jan

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread Christopher Bianchi 
gentoo1 wrote:
> david l goodrich-2 wrote:
>   
>> On Fri, 26 Oct 2007 05:18:07 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]> wrote:
>> 
>>> HI guys!
>>>  I'm new in Open BSD world.. I have 5 years experience in Linux and
>>>   
>> UNIX..
>> 
>>> But  now i have openbsd instalation since 1 week :)
>>> And a problem with vsftpd (anonymous):
>>>
>>> client says :
>>> 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
>>> .
>>> .
>>> .
>>> When i set
>>> anonymous_enable=NO
>>> local_enable=YES ,
>>>  Then Everything is okay:
>>> Connected to .
>>> 220 Welcome to Open BSD FTP server
>>> User (...:(none)):
>>>
>>>
>>> Please help me to solve this problem:blush:
>>>   
>> Do you have a user on your system named "ftp"?
>>   --david
>>
>> 
>>> --
>>> View this message in context:
>>> http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13426108
>>> Sent from the openbsd user - misc mailing list archive at Nabble.com.
>>>   
>>
>> 
>
>
> I have this in /etc/passwd :
>
> _ftp:*:84:84:FTP Daemon:/var/empty:/sbin/nologin
>
>
> I have not been appending it as root in system but I think that this user is
> created by default / by instalation/ or not?
>
> Thanks in advance!
>   
http://www.openbsd.org/faq/faq10.html#AnonFTP

it's so clear...

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread gentoo1 
david l goodrich-2 wrote:
> 
> On Fri, 26 Oct 2007 05:18:07 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]> wrote:
>> HI guys!
>>  I'm new in Open BSD world.. I have 5 years experience in Linux and
> UNIX..
>> But  now i have openbsd instalation since 1 week :)
>> And a problem with vsftpd (anonymous):
>> 
>> client says :
>> 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
>> .
>> .
>> .
>> When i set
>> anonymous_enable=NO
>> local_enable=YES ,
>>  Then Everything is okay:
>> Connected to .
>> 220 Welcome to Open BSD FTP server
>> User (...:(none)):
>> 
>> 
>> Please help me to solve this problem:blush:
> 
> Do you have a user on your system named "ftp"?
>   --david
> 
>> 
>> --
>> View this message in context:
>> http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13426108
>> Sent from the openbsd user - misc mailing list archive at Nabble.com.
> 
> 
> 


I have this in /etc/passwd :

_ftp:*:84:84:FTP Daemon:/var/empty:/sbin/nologin


I have not been appending it as root in system but I think that this user is
created by default / by instalation/ or not?

Thanks in advance!
-- 
View this message in context: 
http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13428534
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Java problems on 4.1

2007-10-26 Thread Kurt Miller 
On Thursday 25 October 2007 2:33:58 am Pawel Veselov wrote:
> Since some time ago it became impossible to run JVMs on my 4.1 box. I can't
> seem to figure out what's wrong, probably something easy and stupid...
...
> 1.5.0-p1

Patchset one (-p1) was circa 3.8. it appears you have not rebuilt the jdk
since 3.8. That would be my first guess.

-Kurt

Remove escape characters from file

2007-10-26 Thread Pieter Verberne 
Hi,

does OpenBSD have a program/script to remove control characters (escape
sequence) from text files?

Pieter

Re: HD access problems and Audio sounds too fast: (was Re: Keyboard/Mouse problem OpenBSD 4.2)

2007-10-26 Thread Alvaro Mantilla Gimenez 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Alexandre Ratchov wrote:
> On Thu, Oct 25, 2007 at 08:08:46AM -0600, Alvaro Mantilla Gimenez wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> Hi,
>>
>>   I have a HP Pavilion dv8000 too and, after install 4.2, i go back to
>> 4.1. The audio on vlc, xine, xmms sounds too fast and cut from time to
>> time (5-6 sec intervals)even playing internet radioand the HD
>> access sucks. For example: i spent more than 15 minutes doing "tar xvzf
>> ports.tar.gz". All this with the GENERIC kernel out of the box. Do you
>> experiment the same problems? I tried enable acpi toosame result.
>> On 4.1 everything works as expected (except xmms that sounds too fast too).
>>
> 
> could you post your 'dmesg' and the output of 
> 'audioctl -f /dev/audio0 -a' (assuming audio0 is your audio device)
> 
> -- Alexandre

With 4.1 right now.with 4.2 probably on the next 15 days (i need to
finish a work on my computer before and i can't reinstall everything
again...). Here it is:

# audioctl -f /dev/audio0 -a
name=
[EMAIL PROTECTED]
config=pCNP
encodings=ulinear:8*,mulaw:8*,alaw:8*,slinear:8*,slinear_le:16,ulinear_le:16*,slinear_be:16*,ulinear_be:16*
properties=full_duplex,mmap,independent
full_duplex=0
fullduplex=0
blocksize=9600
hiwat=6
lowat=4
monitor_gain=0
mode=play
play.rate=48000
play.channels=1
play.precision=8
play.encoding=mulaw
play.gain=127
play.balance=32
play.port=0x0
play.avail_ports=0x0
play.seek=0
play.samples=0
play.eof=0
play.pause=0
play.error=0
play.waiting=0
play.open=1
play.active=0
play.buffer_size=65536
record.rate=48000
record.channels=1
record.precision=8
record.encoding=mulaw
record.gain=191
record.balance=32
record.port=0x1
record.avail_ports=0x7
record.seek=0
record.samples=0
record.eof=0
record.pause=0
record.error=0
record.waiting=0
record.open=1
record.active=0
record.buffer_size=65536
record.errors=0

On this kerneli use GENERIC but i change only the name to have my
computer identify (name: LUNA):

# dmesg
OpenBSD 4.1-stable (LUNA) #0: Mon Oct 15 20:36:07 CST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/LUNA
cpu0: AMD Turion(tm) 64 Mobile Technology ML-32 ("AuthenticAMD"
686-class, 512KB L2 cache) 1.80 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 534999040 (522460K)
avail mem = 480092160 (468840K)
using 4278 buffers containing 26873856 bytes (26244K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 11/07/05, BIOS32 rev. 0 @ 0xfd610,
SMBIOS rev. 2.31 @ 0xd7810 (34 entries)
bios0: Hewlett-Packard Pavilion dv8000 (EP404UA#ABA)
pcibios0 at bios0: rev 2.1 @ 0xfd610/0x9f0
pcibios0: PCI BIOS has 10 Interrupt Routing table entries
pcibios0: no compatible PCI ICU found
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xf000 0xd/0x6000! 0xd7800/0x800!
0xd8000/0x1000
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: PowerNow! K8 1791 MHz: speeds: 1800 1600 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "ATI RS480 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "ATI RS480 PCIE" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon XPRESS 200M" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 4 function 0 "ATI RS480 PCIE" rev 0x00
pci2 at ppb1 bus 2
ohci0 at pci0 dev 19 function 0 "ATI IXP400 USB" rev 0x00: irq 11,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub0: 4 ports with 4 removable, self powered
ohci1 at pci0 dev 19 function 1 "ATI IXP400 USB" rev 0x00: irq 11,
version 1.0, legacy support
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: ATI OHCI root hub, rev 1.00/1.00, addr 1
uhub1: 4 ports with 4 removable, self powered
ehci0 at pci0 dev 19 function 2 "ATI IXP400 USB2" rev 0x00: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: ATI EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 8 ports with 8 removable, self powered
piixpm0 at pci0 dev 20 function 0 "ATI IXP400 SMBus" rev 0x11: SMI
iic0 at piixpm0
pciide0 at pci0 dev 20 function 1 "ATI IXP400 IDE" rev 0x00: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
pcib0 at pci0 dev 20 function 3 "ATI IXP400 ISA" rev 0x00
ppb2 at pci0 dev 20 function 4 "ATI IXP400 PCI" rev 0x00
pci3 at ppb2 bus 6
"Broadcom BCM4318" rev 0x02 at pci3 dev 2 function 0 not configured
cbb0 at pci3 dev 4 function 0 "TI PCI7XX1 CardBus"

Re: RAIDFrame inconsistancy and server will not boot!

2007-10-26 Thread Francesco Toscan 

On 10/26/07, Jake Conk <[EMAIL PROTECTED]> wrote:


If the filesystem is screwed up then shouldn't the raid just ignore it
and run on 1 disk until I fix  the problem? That seems like the
logical thing it should do unless all my mirrors of /var are messed
up.


No, raid doesn't do that.
Let's assume we have a raid1 setup with two twin disks, no spares.
Imagine it as a floor (your filesystem) substained by two columns (your 
disks): if a column collapses the other one keeps the floor up, but if 
the floor has holes your forniture will fall down, regardless columns' 
health.


RAID just cares about disks' health, not filesystem's health.


And lastly, is it possible in the worst case scenario if one of my
disks is completely fsck'ed up is it possible to run the system on 1
of the raid 1 disks until a second comes?


If the *disk* fails raid takes care of it automagically. If for some 
reasons the filesystem fails then you might have to fix it by hand.


f.

Re: Problem with MP on 4.2

2007-10-26 Thread Abdul Rehman Gani 

On 26 Oct 2007, at 12:11 PM, Stijn wrote:


Already tried enabling acpi?

# config -ef /bsd.mp
ukc> enable acpi
ukc> quit
#

Check the archives and web site for more info. It's maybe possible  
you'll need to disable apm for it to work ("ukc> disable apm"), but  
first try to enable acpi and see what happens.




Thanks. Enabling acpi did not make a difference, but then I disabled  
apm and it's working.


Abdul


HTH,
Stijn



--
http://www.infostream.co.za
[EMAIL PROTECTED]
+27-82-888-1193
+27-31-267-2338

Re: openBSD 4.1 + vsftpd

2007-10-26 Thread david l goodrich 
On Fri, 26 Oct 2007 05:18:07 -0700 (PDT), gentoo1 <[EMAIL PROTECTED]> wrote:
> HI guys!
>  I'm new in Open BSD world.. I have 5 years experience in Linux and
UNIX..
> But  now i have openbsd instalation since 1 week :)
> And a problem with vsftpd (anonymous):
> 
> client says :
> 500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
> .
> .
> .
> When i set
> anonymous_enable=NO
> local_enable=YES ,
>  Then Everything is okay:
> Connected to .
> 220 Welcome to Open BSD FTP server
> User (...:(none)):
> 
> 
> Please help me to solve this problem:blush:

Do you have a user on your system named "ftp"?
  --david

> 
> --
> View this message in context:
> http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13426108
> Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: OpenBSD PR #5239 and #5577

2007-10-26 Thread Matt Rowley 
> I use OpenBSD 4.2-current on IBM ThinkPad X60, and face similar issue
> mentioned in PRs' #5239, and #5577 - as soon as I insert a PCMCIA
> card in the slot (mine is Sierra Wireless AirCard 555), the kernel
> panics. This happens if I boot with the card in the slot, or if I
> insert the card in the slot when the machine is up and running.

I can confirm the same behavior on my T60p.  Inserting Cisco Aeronet 340 
and 350 cards causes the kernel to panic.  If the card is in the slot 
at boot, when the kernel gets to it in boot up, it panics, too.  I 
haven't had a chance to record the trace / ps dumps yet...

Re: nedd help with pf

2007-10-26 Thread david l goodrich 
On Fri, 26 Oct 2007 15:13:19 +0300, "Mindaugas" <[EMAIL PROTECTED]>
wrote:
> Hi,
> 
> 
> 
> Situacion, I have table abusers : table  persist
> 
> And pf rule which uses ir, so my question is
> 
> How to set max host life time in table, without using pfctl -T expire
> number
> table?

After patching[1] it to work with NetBSD, expiretable[2] 0.6 works great.
  --david

1. http://www.dsrw.org/~dlg/diff/expiretable-netbsd.diff
2. http://expiretable.fnord.se/

Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Matt Rowley 
> Some but not all. If you buy a Dell 2950 quad and load it up with 8
> Gig. You can spend $500 on an ESX 3i license and run  10 - 15 512 MB
> OpenBSD single processor VMs.  The difference here is that you can
> max out the duty cycle on the box where as a single OS running on the
> same Iron won't do that.  For ESX it's designed for you to max out
> the hardware

I think you're off on price by almost an order of magnitude (ESX runs 
about $3k per CPU socket, iirc).
I don't disagree with your point, though; virtualizing under-utilized 
hardware can save you money and electricity.

--Matt

Re: problem with multicast on OpenBSD

2007-10-26 Thread Sebastian Reitenbach 
Stuart Henderson <[EMAIL PROTECTED]> wrote: 
> On 2007/10/26 10:23, Sebastian Reitenbach wrote:
> > I got no answer on the ports@ list,
> 
> Yes, you did. http://marc.info/?l=openbsd-ports&m=119330454825541&w=2
> 
argh, now I found the mail in my ports@ folder too. My fault, I totally 
overlooked the message, I should not check mail too late or too early in the 
morning (:
will try the suggestion there later, sounds promising.

thanks a lot
Sebastian

Re: nedd help with pf

2007-10-26 Thread Peter N. M. Hansteen 
"Mindaugas" <[EMAIL PROTECTED]> writes:

> How to set max host life time in table, without using pfctl -T expire number
> table?

There is AFAIK currently no way to specify that in pf.conf itself.  

then again, it doesn't take much energy to run a pfctl expire from
cron job every some minutes or so.


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

openBSD 4.1 + vsftpd

2007-10-26 Thread gentoo1 
HI guys!
 I'm new in Open BSD world.. I have 5 years experience in Linux and UNIX..
But  now i have openbsd instalation since 1 week :)
And a problem with vsftpd (anonymous):

client says :
500 OOPS: vsftpd: cannot locate user specified in 'ftp_username':ftp
.
.
.
When i set 
anonymous_enable=NO
local_enable=YES , 
 Then Everything is okay:
Connected to .
220 Welcome to Open BSD FTP server
User (...:(none)):


Please help me to solve this problem:blush:

-- 
View this message in context: 
http://www.nabble.com/openBSD-4.1-%2B-vsftpd-tf4696963.html#a13426108
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Non-x86

2007-10-26 Thread mickey 
On Fri, Oct 26, 2007 at 01:39:56PM +0200, Martin Schr?der wrote:
> 2007/10/26, Lars Noodin <[EMAIL PROTECTED]>:
> > I'm not sure there is a context in which Wikipedia is ever relevant: it
> 
> It's only as relevant as YOU help make it.
> 
> Shut up and improve it.

why don't you shuddup?
cu
-- 
paranoic mickey   (my employers have changed but, the name has remained)

nedd help with pf

2007-10-26 Thread Mindaugas 
Hi,

 

Situacion, I have table abusers : table  persist

And pf rule which uses ir, so my question is

How to set max host life time in table, without using pfctl -T expire number
table?

Re: Non-x86

2007-10-26 Thread Martin Schröder 
2007/10/26, Lars Noodin <[EMAIL PROTECTED]>:
> I'm not sure there is a context in which Wikipedia is ever relevant: it

It's only as relevant as YOU help make it.

Shut up and improve it.

Best
   Martin

fsck_msdos wants to repair what newfs_msdos created (4.1)

2007-10-26 Thread Jan Stary 
Hi all,

this is what happens on my Dell Latitude LS / 4.1 (GENERIC).

# uname -a
OpenBSD dell.stare.cz 4.1 GENERIC#1 i386
# fdisk wd0
Disk: wd0   geometry: 41344/15/63 [39070080 Sectors]
Offset: 0   Signature: 0xAA55
 Starting   Ending   LBA Info:
 #: idC   H  S -C   H  S [   start:  size   ]

 0: A50   1  1 - 22191  14 63 [  63:20971377 ] FreeBSD 
*1: A6 22192   0  1 - 39095  14 63 [20971440:15974280 ] OpenBSD 
 2: A0 39096   0  1 - 40206  14 63 [36945720: 1049895 ] NotebookSave
 3: A0 40207   0  1 - 41343  14 63 [37995615: 1074465 ] NotebookSave
# disklabel wd0
# Inside MBR partition 1: type A6 start 20971440 size 15974280
# /dev/rwd0c:
type: ESDI
disk: ad0s2
label: LATITUDE
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 15
sectors/cylinder: 945
cylinders: 41344
total sectors: 39070080
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0 

8 partitions:
# sizeoffset  fstype [fsize bsize  cpg]
  a:  15974280  20971440  4.2BSD   2048 16384  320 # Cyl 22192 - 39095 
  b:   1049895  36945720swap   # Cyl 39096 - 40206 
  c:  39070080 0  unused  0 0  # Cyl 0 - 41343 
  d:   1074465  37995615  4.2BSD   2048 16384  320 # Cyl 40207 - 41343 
# cat /etc/fstab
/dev/wd0a  /  ffs   rw,softdep  1 1
/dev/wd0d  /mnt/fat   msdos rw,noauto,noatime,-l,-m=644,-x  0 0

# newfs_msdos wd0d
/dev/rwd0d: 1072336 sectors in 134042 FAT32 clusters (4096 bytes/cluster)
bps=512 spc=8 res=32 nft=2 mid=0xf8 spt=63 hds=15 hid=37995615 bsec=1074465 
bspf=1048 rdcl=2 infs=1 bkbs=2

# fsck_msdos /dev/rwd0d 
** /dev/rwd0d
** Phase 1 - Read and Compare FATs
** Phase 2 - Check Cluster Chains
** Phase 3 - Check Directories
** Phase 4 - Check for Lost Files
Free space in FSInfo block (-1) not correct (134041)
fix? [Fyn] y
Next free cluster in FSInfo block (2) not free
fix? [Fyn] y
1 files, 536164 free (134041 clusters)

# fsck_msdos /dev/rwd0d 
** /dev/rwd0d
** Phase 1 - Read and Compare FATs
** Phase 2 - Check Cluster Chains
** Phase 3 - Check Directories
** Phase 4 - Check for Lost Files
1 files, 536164 free (134041 clusters)

# mount /mnt/fat/
# mount -v
/dev/wd0a on / type ffs (rw, local, softdep, ctime=Fri Oct 26 12:18:15 2007)
/dev/wd0d on /mnt/fat type msdos (rw, local, noatime, ctime=Fri Oct 26 14:44:11 
2007, uid=0, gid=0, mask=0644, long, direxec)
# echo foo > /mnt/fat/verylongname.txt.long
# cat /mnt/fat/verylongname.txt.long
foo
# umount /mnt/fat

# fsck_msdos /dev/rwd0d 
** /dev/rwd0d
** Phase 1 - Read and Compare FATs
** Phase 2 - Check Cluster Chains
** Phase 3 - Check Directories
** Phase 4 - Check for Lost Files
1 files, 536164 free (134041 clusters)


The msdos filesystem as created by newfs_msdos is found to be incorrect
by fsck_msdos; this does not happen with 'newfs_msdos -F 16' and '-F 12'.

If I do _not_ run the (fixing) fsck_msdos after creating the fs with
newfs_msdos, it can _still_ be mounted and worked with.

Does this mean that the two (incorrect) fields

Free space in FSInfo block (-1) not correct (134041)
Next free cluster in FSInfo block (2) not free

of a newly created 'msdos -F 32' are nothing to worry about?

Thanks

Jan

Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Carlo Gebhardt 
Well, this post seems to get a lot of attention throughout the Internet. I
normally do not participate on argumentations about opinions. However, I
feel like I should get involved, as this is the field I am currently
commencing my PhD research in.

First, I think Theo is right when he states, that adding another layer of
software doesn9t increase security. That9s what we all learned painfully in
the past 
Chroot and jails come to mind
 (One has to dig deeper to find the
problem) It is also true that the x86 was never designed to provide
virtualization, besides, it also lacks proper separation. It wasn9t designed
to be a success
 it just happened and we have to live with it. (This reminds
me of Microsoft introducing their extension to DOS, called Windows)
There are A LOT of caveats when it comes to virtualize the x86 architecture.
That9s the reason why Intels VT and AMDs SVM are necessary at all. (SVM
which, btw, stands for secure virtual machine - marketing is also something
we have to live with, whether you believe in it or not.)

It would be desirable to start over, design a new, none backwards
compatible, virtualizable hardware. Best, put an extra abstraction layer on
top of the hardware (put it in the BIOS or Firmware) and only deal with
those interfaces. Add some crypto features
 et. voila. **sigh**

Unfortunately, we are not living in a perfect world. So what can
virtualization do for us? Speaking of paravirtualization as in the previous
posts, it may add a little security in comparison to jails, but it adds a
lot of convenience as handling of VMs gets easier.
Which is the main selling point, so the major interest in the near future
will be the handling of those virtual machines, and unfortunately not
security. Security, or the way we (I/some) see it, does not sell as good as
features. I have no doubt that exploiting a VM will become reality sooner or
later.

However, I would like to keep the discussion going, maybe in a less
offensive way?!
Cheers Carlo

Re: RAIDFrame inconsistancy and server will not boot!

2007-10-26 Thread knitti 
On 10/26/07, Jake Conk <[EMAIL PROTECTED]> wrote:
> On 10/25/07, Francesco Toscan <[EMAIL PROTECTED]> wrote:
> > 2007/10/26, Jake Conk <[EMAIL PROTECTED]>:
> > > Hello,
> > >
> > > I was trying to restart my server and noticed it wasn't coming back
> > > online so when I went down to go take a look at it I was having a RAID
> > > problem. This is what was showing on the screen:
> > >
> > > ...
> > > PARTIALLY TRUNCATED INODE I=720
> > > THE FOLLOWING SYSTEM HAD AN UNEXPECTED INCONSISTENCY:
> > > [...]
> > > My question is what causes this? How can I be warned before a problem
> > > like this happens and what's the best way to prevent this from coming
> > > up? And lastly, is it possible in the worst case scenario if one of my
> > > disks is completely fsck'ed up is it possible to run the system on 1
> > > of the raid 1 disks until a second comes?
> >
> > Your problem is related to filesystem, not disks. For some reasons
> > your filesystem (on top of raid) was not properly unmounted: assuming
> > you didn't hard-reboot your server, this happened to me whith some IDE
> > devices which lied about commit of write operations. Even if my server
> > was rebooted normally, filesystem and disks were left in an
> > inconsistent state. Better SCSI disks solved the problem. Hardware has
> > become more crappy day by day.
>
> Thanks for your reply Francisco.
>
> > RAID in general keeps your system up if a disk fails, not if
> > filesystem on top of it screws up.
>
> If the filesystem is screwed up then shouldn't the raid just ignore it
> and run on 1 disk until I fix  the problem? That seems like the
> logical thing it should do unless all my mirrors of /var are messed
> up.
>

as Francesco said, this is not a RAID issue, and the above error is
not originated nor reported by RAIDFrame. If only mentions the
device on which the filesystem is: rraid0f. So it isn't clear why raid
should (could!) prevent that.


> Well anyways since it doesn't do that, some of my original questions
> still stand. How can I be warned before a problem like this happens?

you can't be warned. Do fsck more often. You didn't mount your
filesystem async, did you?

> And lastly, is it possible in the worst case scenario if one of my
> disks is completely fsck'ed up is it possible to run the system on 1
> of the raid 1 disks until a second comes?

yes. as long as this one doesn't break ;-)

BTW: if you use RAID to keep your system up, get familiar with what it
does and doesn't. Most problems arise not from hardware or system
failure, but from admin failure. Do backups.


--knitti

Re: RAIDFrame inconsistancy and server will not boot!

2007-10-26 Thread Josh Grosse 
On Fri, Oct 26, 2007 at 01:06:48AM -0700, Jake Conk wrote:
> If the filesystem is screwed up then shouldn't the raid just ignore it
> and run on 1 disk until I fix  the problem? That seems like the
> logical thing it should do

RAIDframe doesn't have *anything* to do with a filesystem data
corruption.  It will only manage problems caused by I/O errors,
and that only when the RAID group configuration allows for 
resiliency.

Problem with MP on 4.2

2007-10-26 Thread Abdul Rehman Gani 

Hi,

I upgraded a 4.1 machine running bsd.mp to 4.2. This was a remote  
upgrade using the instructions in the FAQ for a 4.1 -> 4.2 upgrade.  
All kernels used are GENERIC off the CD versions.


On 4.2 the bsd kernel works fine, but when I install the bsd.mp  
kernel only one processor was shown and the following error was  
logged in /var/log/messages once a second:-


Oct 25 21:03:00 host02 /bsd: ichiic0: exec: op 1, addr 0x2f, cmdlen  
1, len 1, flags 0x00: timeout, status 0x0
Oct 25 21:03:00 host02 /bsd: ichiic0: abort failed, status  
0x42


Here are the lines from messages log from that system when booting  
bsd.mp. This is a dual XEON:-


Oct 25 20:58:56 host02 syslogd: start
Oct 25 20:58:56 host02 /bsd: OpenBSD 4.2 (GENERIC.MP) #252: Tue Aug  
28 10:53:04 MDT 2007
Oct 25 20:58:56 host02 /bsd: [EMAIL PROTECTED]:/usr/src/ 
sys/arch/i386/compile/GENERIC.MP
Oct 25 20:58:56 host02 /bsd: cpu0: Intel(R) Xeon(TM) CPU 2.80GHz  
("GenuineIntel" 686-class) 2.81 GHz
Oct 25 20:58:56 host02 /bsd: cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT- 
ID,CX16,xTPR

Oct 25 20:58:56 host02 /bsd: real mem  = 1073037312 (1023MB)
Oct 25 20:58:56 host02 /bsd: avail mem = 1029881856 (982MB)
Oct 25 20:58:56 host02 /bsd: mainbus0 at root
Oct 25 20:58:56 host02 /bsd: bios0 at mainbus0: AT/286+ BIOS, date  
03/29/05, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xfa670 (57  
entries)
Oct 25 20:58:56 host02 /bsd: bios0: vendor American Megatrends Inc.  
version "080010 " date 03/29/2005

Oct 25 20:58:56 host02 /bsd: bios0: Supermicro X6DVL-EG2
Oct 25 20:58:56 host02 /bsd: apm0 at bios0: Power Management spec V1.2
Oct 25 20:58:56 host02 /bsd: apm0: AC on, battery charge unknown
Oct 25 20:58:56 host02 /bsd: apm0: flags 30102 dobusy 0 doidle 1
Oct 25 20:58:56 host02 /bsd: pcibios0 at bios0: rev 2.1 @  
0xf/0x1
Oct 25 20:58:56 host02 /bsd: pcibios0: PCI IRQ Routing Table rev 1.0  
@ 0xf51d0/336 (19 entries)
Oct 25 20:58:56 host02 /bsd: pcibios0: PCI Interrupt Router at  
000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)

Oct 25 20:58:56 host02 /bsd: pcibios0: PCI bus #4 is the last bus
Oct 25 20:58:56 host02 /bsd: bios0: ROM list: 0xc/0x8000  
0xc8000/0x1000 0xc9000/0x1000

Oct 25 20:58:56 host02 /bsd: ipmi at mainbus0 not configured
Oct 25 20:58:56 host02 /bsd: mainbus0: Intel MP Specification  
(Version 1.4)

Oct 25 20:58:56 host02 /bsd: cpu0 at mainbus0: apid 0 (boot processor)
Oct 25 20:58:56 host02 /bsd: cpu0: apic clock running at 200 MHz
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 0 is type PCI
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 1 is type PCI
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 2 is type PCI
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 3 is type PCI
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 4 is type PCI
Oct 25 20:58:56 host02 /bsd: mainbus0: bus 5 is type ISA
Oct 25 20:58:56 host02 /bsd: ioapic0 at mainbus0: apid 2 pa  
0xfec0, version 20, 24 pins
Oct 25 20:58:56 host02 /bsd: ioapic1 at mainbus0: apid 3 pa  
0xfec1, version 20, 24 pins
Oct 25 20:58:56 host02 /bsd: pci0 at mainbus0 bus 0: configuration  
mode 1 (no bios)
Oct 25 20:58:56 host02 /bsd: pchb0 at pci0 dev 0 function 0 "Intel  
E7320 MCH" rev 0x0c
Oct 25 20:58:56 host02 /bsd: ppb0 at pci0 dev 2 function 0 "Intel MCH  
PCIE" rev 0x0c
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 2 func 0 pin 2;  
line 11

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 2 func 0 pin 3;  
line 3

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 2 func 0 pin 4;  
line 3

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci1 at ppb0 bus 1
Oct 25 20:58:56 host02 /bsd: ppb1 at pci0 dev 3 function 0 "Intel MCH  
PCIE" rev 0x0c
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 3 func 0 pin 2;  
line 11

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 3 func 0 pin 3;  
line 3

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci_intr_map: bus 0 dev 3 func 0 pin 4;  
line 3

Oct 25 20:58:56 host02 /bsd: pci_intr_map: no MP mapping found
Oct 25 20:58:56 host02 /bsd: pci2 at ppb1 bus 2
Oct 25 20:58:56 host02 /bsd: ppb2 at pci0 dev 28 function 0 "Intel  
6300ESB PCIX" rev 0x02

Oct 25 20:58:56 host02 /bsd: pci3 at ppb2 bus 3
Oct 25 20:58:56 host02 /bsd: em0 at pci3 dev 3 function 0 "Intel PRO/ 
1000MT (82541GI)" rev 0x05: apic 3 int 2 (irq 7), address  
00:30:48:5c:c1:ca
Oct 25 20:58:56 host02 /bsd: em1 at pci3 dev 4 function 0 "Intel PRO/ 
1000MT (82541GI)" rev 0x05: apic 3 int 3 (irq 7), address  
00:30:48:5c:c1:cb
Oct 25 20:58:56 host02 /bsd: uhci0 at pci0 dev 29 function 0 "Intel  
6300ESB USB" rev 0x02: apic 2 int 16 (irq 10)
Oct 25 20:58:56 host02 /bsd: uhci1 at pci0

Re: About Xen: maybe a reiterative question but ..

2007-10-26 Thread Subcommander l0r3zz 
On 10/25/07, Tom Van Looy <[EMAIL PROTECTED]> wrote:
>
> I think you forgot to count power savings here?
>
> Theo de Raadt wrote:
> > And when physical servers cost less than some vmware licenses
> > Then it is even more dumb to defend such stupid practices.
>
>
Some but not all. If you buy a Dell 2950 quad and load it up with 8 Gig. You
can spend $500 on an ESX 3i license and run  10 - 15 512 MB OpenBSD single
processor VMs.  The difference here is that you can max out the duty cycle
on the box where as a single OS running on the same Iron won't do that.  For
ESX it's designed for you to max out the hardware

Re: problem with multicast on OpenBSD

2007-10-26 Thread Stuart Henderson 
On 2007/10/26 10:23, Sebastian Reitenbach wrote:
> I got no answer on the ports@ list,

Yes, you did. http://marc.info/?l=openbsd-ports&m=119330454825541&w=2

problem with multicast on OpenBSD

2007-10-26 Thread Sebastian Reitenbach 
Hi,

I got no answer on the ports@ list, therefore I hope someone here has an 
idea.
I am having difficulties to get multicast communication running on the 
heartbeat (http://www.linux-ha.org) port. When I configure it for multicast 
and startup the cluster node, I see the following in /var/log/messages:

Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: glib: Unable to send mcast 
packet [-1]: Host is down
Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: write failure on mcast 
fxp0.: Host is down
Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: glib: Unable to send mcast 
packet [-1]: Host is down
Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: write failure on mcast 
fxp0.: Host is down
Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: glib: Unable to send mcast 
packet [-1]: Host is down
Oct 25 09:02:51 defiant heartbeat: [7910]: ERROR: write failure on mcast 
fxp0.: Host is down
Oct 25 09:02:53 defiant heartbeat: [7910]: ERROR: glib: Unable to send mcast 
packet [-1]: Host is down
Oct 25 09:02:53 defiant heartbeat: [7910]: ERROR: write failure on mcast 
fxp0.: Host is down

and tcpdump sees this:
Oct 25 09:05:08.038580 00:0e:7b:fc:c0:a0 01:00:5e:00:00:01 0800 42: 10.0.0.5 
> 239.0.0.1: igmp nreport 239.0.0.1 [ttl 1]
Oct 25 09:05:12.063762 00:0e:7b:fc:c0:a0 01:00:5e:00:00:01 0800 42: 10.0.0.5 
> 239.0.0.1: igmp nreport 239.0.0.1 [ttl 1]

that's all on multicast communication. Above was on a i386 machine, on 
another i386 machine the same happens. one with a rl0, one with a fxp0 card.

Then I started a second node on a sparc64, tcpdump sees this:
# tcpdump -n -i hme0 multicast
tcpdump: listening on hme0, link-type EN10MB
10:40:09.218991 10.0.0.24 > 239.0.0.1: igmp nreport 239.0.0.1 [ttl 1]
Bus error

Nevertheless, despite of the some outgoing multicast packets, the cluster 
nodes do not see each other.

I found this part of the heartbeat code where the error message comes from:

mcast_write(struct hb_media* hbm, void *pkt, int len)
{
struct mcast_private *  mcp;
int rc;

MCASTASSERT(hbm);
mcp = (struct mcast_private *) hbm->pd;

if ((rc=sendto(mcp->wsocket, pkt, len, 0
,   (struct sockaddr *)&mcp->addr
,   sizeof(struct sockaddr))) != len) {
PILCallLog(LOG, PIL_CRIT, "Unable to send mcast packet 
[%d]: %s"
,   rc, strerror(errno));
return(HA_FAIL);
}


does anybody has an idea what the problem here could be? The same compiled 
on Linux works well. Maybe anyone else porting a multicast based application 
had to fiddle around with similar problems?

any idea is greatly appreciated.
Sebastian

ifstated(8) missing if state changes?

2007-10-26 Thread Heinrich Rebehn 
Hi list,

it seems that ifstated(8) sometimes does not see all events and thus
fails to change state.

My setup consists of 2 boxes with 5 carp interfaces. CARP works fine, on
box "frw1" all are MASTER and on box "frw2" all are in BACKUP state.
When i bring down all carp interfaces on frw1, all get MASTER on frw2.
However, ifstated(8) on frw2 does not change state.

[EMAIL PROTECTED] [~] # cat /etc/ifstated.conf

init-state auto
carp_up = "carp0.link.up && carp1.link.up && carp2.link.up &&
carp3.link.up && carp5.link.up"
carp_down = "carp0.link.down || carp1.link.down || carp2.link.down ||
carp3.link.down || carp5.link.down"

state auto{
  if ($carp_up) set-state master
  if ($carp_down) set-state slave
}

state master{
  init{
  run "logger CARP up!"
#   run "/root/scripts/carp-up.sh"
  }
  if ($carp_down) set-state slave
}

state slave{
  init{
  run "logger CARP down!"
#   run "/root/scripts/carp-down.sh"
  }
  if ($carp_up) set-state master
}

I did a ktrace on the ifstated(8) process on frw2 and the dump gives:

[EMAIL PROTECTED] [~] # kdump -l | grep carp


\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\f\0\M-w\^E\^F\0carp0\0\0^\0\^A
\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\r\0\M-w\^E\^F\0carp1\0\0^\0\^A\v\0\
\M^?\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\^N\0\M-w\^E\^F\0carp2\0\0^\0\



\0\0\0\0\0\0\0\^T\^R\^N\0\M-w\^E\^F\0carp2\0\0^\0\^A\f\0\^P\^B\0\0\M-,\^U\^A\
\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\f\0\M-w\^E\^F\0carp0\0\0^\0\^A
\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\r\0\M-w\^E\^F\0carp1\0\0^\0\^A\v\0\
\M^?\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\^N\0\M-w\^E\^F\0carp2\0\0^\0\
\M^?\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\^O\0\M-w\^E\^F\0carp3\0\0^\0\
\M^?\M^?\M^?\M^?\0\0\0\0\0\0\0\0\0\0\0\0\^T\^R\^P\0\M-w\^E\^F\0carp5\0\0^\0\


The first 3 lines show the transition from BACKUP to MASTER. carp3 and
carp 5 are missing!
The other lines show the transition from MASTER to BACKUP. I have
verified in both cases that *all* carp devices changed state with
ifconfig(8).

Are there known issues with ifstated(8) or kevent(2) about lost events?

As a workaround i will change my $carp_up definition to test if *any* of
the interfaces is up, but that isnot a good solution.

Any clues?

Heinrich Rebehn

University of Bremen
Physics / Electrical and Electronics Engineering
- Department of Telecommunications -

Phone : +49/421/218-4664
Fax   :-3341
OpenBSD 4.2-stable (GENERIC) #2: Wed Oct 17 10:08:11 CEST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) 64 Processor 3000+ ("AuthenticAMD" 686-class, 512KB L2 
cache) 1.81 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3
cpu0: AMD erratum 89 present, BIOS upgrade may be required
real mem  = 536113152 (511MB)
avail mem = 510750720 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 11/03/05, BIOS32 rev. 0 @ 0xf0010, SMBIOS 
rev. 2.3 @ 0xf0530 (67 entries)
bios0: vendor American Megatrends Inc. version "0219" date 11/03/2005
bios0: ASUSTeK Computer Inc. A8V
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf5980/192 (10 entries)
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xb000 0xcb000/0x4000! 0xcf000/0x800 0xcf800/0x800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA K8HTB Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA K8HTB Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA K8HTB Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA K8HTB Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA K8HTB Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA K8HTB Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA K8HTB AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage 128 Pro TF" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
skc0 at pci0 dev 10 function 0 "Marvell Yukon 88E8001/8003/8010" rev 0x13, 
Yukon Lite (0x9): irq 10
sk0 at skc0 port A: address 00:13:d4:de:cf:88
eephy0 at sk0 phy 0: Marvell 88E1011 Gigabit PHY, rev. 5
xl0 at pci0 dev 12 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 10, 
address 00:0a:5e:61:7a:2d
exphy0 at xl0 phy 24: 3Com internal media interface
xl1 at pci0 dev 14 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 3, address 
00:0a:5e:61:7a:04
exphy1 at xl1 phy 24: 3Com internal media interface
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 10 for native-PCI interrupt
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA48, 76293MB, 15625 sectors
wd0(pciide0:1:

Re: RAIDFrame inconsistancy and server will not boot!

2007-10-26 Thread Jake Conk 
On 10/25/07, Francesco Toscan <[EMAIL PROTECTED]> wrote:
> 2007/10/26, Jake Conk <[EMAIL PROTECTED]>:
> > Hello,
> >
> > I was trying to restart my server and noticed it wasn't coming back
> > online so when I went down to go take a look at it I was having a RAID
> > problem. This is what was showing on the screen:
> >
> > ...
> > PARTIALLY TRUNCATED INODE I=720
> > THE FOLLOWING SYSTEM HAD AN UNEXPECTED INCONSISTENCY:
> > [...]
> > My question is what causes this? How can I be warned before a problem
> > like this happens and what's the best way to prevent this from coming
> > up? And lastly, is it possible in the worst case scenario if one of my
> > disks is completely fsck'ed up is it possible to run the system on 1
> > of the raid 1 disks until a second comes?
>
> Your problem is related to filesystem, not disks. For some reasons
> your filesystem (on top of raid) was not properly unmounted: assuming
> you didn't hard-reboot your server, this happened to me whith some IDE
> devices which lied about commit of write operations. Even if my server
> was rebooted normally, filesystem and disks were left in an
> inconsistent state. Better SCSI disks solved the problem. Hardware has
> become more crappy day by day.

Thanks for your reply Francisco.

> RAID in general keeps your system up if a disk fails, not if
> filesystem on top of it screws up.

If the filesystem is screwed up then shouldn't the raid just ignore it
and run on 1 disk until I fix  the problem? That seems like the
logical thing it should do unless all my mirrors of /var are messed
up.

>
> f.
>

Well anyways since it doesn't do that, some of my original questions
still stand. How can I be warned before a problem like this happens?
And lastly, is it possible in the worst case scenario if one of my
disks is completely fsck'ed up is it possible to run the system on 1
of the raid 1 disks until a second comes?

- J

Entreprises à vendre

2007-10-26 Thread Jean Marc Heulin 
Vous cherchez une entreprise ` reprendre ?

Nous avons les cidants !

Retrouvez sur le 1er portail didii ` la reprise d’entreprise des annonces
dans tous les secteurs d’activiti et dans toutes les rigions de France.

Une offre de sociitis ` cider est consultable en ligne sur
www.transmission-entreprise.fr.

En toute confidentialiti, nous vous donnons la possibiliti d’accider aux
coordonnies du cidant et de vous mettre en relation avec ce dernier.

Nous vous proposons igalement la possibiliti de programmer une veille
stratigique sur une activiti et un secteur giographique pricis et de
diposer gratuitement votre recherche.

Dans l’attente de votre visite,
Nous vous prions d’agrier l’expression de nos sinchres salutations.

Une iquipe ` votre service
TRANSMISSION ENTREPRISE
www.transmission-entreprise.fr

Cliquez ici pour vous disabonner

Re: Non-x86

2007-10-26 Thread Lars Noodén 
ropers wrote:
> On 24/10/2007, Lars NoodC)n <[EMAIL PROTECTED]> wrote:
>> Seriously, what (affordable) non-x86 hardware options are available,
>> especially those without AMT or AMT-like backdoors?
>>
>> http://softwarecommunity.intel.com/articles/eng/1148.htm
>> http://www.intel.com/pressroom/archive/releases/20050301net.htm
>> http://www.intel.com/cd/ids/developer/asmo-na/eng/320959.htm
>>
>> Or is workstation and server hardware covered by CALEA now, too?
> 
> Relevancy links:
> http://en.wikipedia.org/wiki/Intel_Active_Management_Technology
> http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

I'm not sure there is a context in which Wikipedia is ever relevant: it
is not now nor has ever been an authoritative source. (Look up
authoritative).  Lately it's become the playground for PR teams and even
politicians' agendas, further reducing its accuracy.

In the specific context of CALEA, the AMT wikipedia page as of Fri Oct
26 07:45:59 GMT 2007, does not contain any references to CALEA, but do
contain the links I provided above.  The CALEA page points to links
easily found with search engines.

Neither page points to non-x86 hardware options.

The two points of all that grousing are 1) it's fine not to know the
answer, just don't pretend to know by pointing to Google or Wikipedia,
and 2) Wikipedia is not authoritative, nor in many controversial
specialized cases, reliable.

The question remains, what (affordable) non-x86 hardware options are
available?

A new question is added, are AMT-like rootkits required in all
architectures, and further, is it required in closed source software?
I seem to recall an anti-trust trial in the US where one company's
executives said under oath something tot the effect that it would be
their "patriotic duty" to put back doors into their systems if called on
to do so.

Regards,
-Lars