Re: Perpetually Current
On Dec 28, 2007 4:07 AM, Ingo Schwarze [EMAIL PROTECTED] wrote: [...] Keeping a system up to date involves manual work, either a little easy work for manual upgrades now and then, or lots of hard and scary work for building and maintaining an automatic system. You choose according to your skill, and according to your time budget... [...] The closest I have come to automation to stay -current is a small shell script run through cron, which pulls current.html and diffs it with a previous version. Any change, and it sends me an email so that I know I have to go and look at current.html. That's about it. As Ingo rightly mentions, full automation to stay -current is a very scary thought! -Amarendra
mfi driver supporting asus SLI mainboards?
hello list, i just read that the asus SLI mainboards have a silicon image sata chipset. does that mean we can use this asus mainboards with the mfi driver in openbsd? any experiences? regards, matthias
Re: mfi driver supporting asus SLI mainboards?
On Fri, Dec 28, 2007 at 11:20:58AM +0100, Matthias Tarasiewicz wrote: hello list, i just read that the asus SLI mainboards have a silicon image sata chipset. does that mean we can use this asus mainboards with the mfi driver in openbsd? any experiences? regards, matthias This is likely sili(4) not mfi.
Re: backup firewall connectivity
* Aaron [EMAIL PROTECTED] [2007-12-28 03:24]: I am wondering, in a dual firewall situation, preemption enabled, carp working just fine (i think), is it normal that the backup firewall (when in backup state) has no connectivity on any of the carped interfaces? that depends wether you external carp interface has numbered or unnumbered parents. if the parents (carpdev) are unnumbered (no ipassigned),it is quite normal. otherwise you have sth wrong. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: mfi driver supporting asus SLI mainboards?
ah, sorry, my bad - the Areca/Tekram TR-822 is said to have the same chipset as the ASUS-A8n-SLI-Deluxe. so the TR-822 seems to be sili not mfi... On 28.12.2007, at 11:48, Jonathan Gray wrote: On Fri, Dec 28, 2007 at 11:20:58AM +0100, Matthias Tarasiewicz wrote: hello list, i just read that the asus SLI mainboards have a silicon image sata chipset. does that mean we can use this asus mainboards with the mfi driver in openbsd? any experiences? regards, matthias This is likely sili(4) not mfi.
Re: Linus about C++
I advise you to read The Art of Unix Programming by Eric Steven Raymond http://www.catb.org/~esr/writings/taoup/html/ch14s04.html#cc_language In this book you can find more about the Unix philosophy, and arguments on why C++ is wrong. - Oorspronkelijk bericht - Van: Brian Hansen [mailto:[EMAIL PROTECTED] Verzonden: vrijdag, december 28, 2007 07:33 AM Aan: misc@openbsd.org Onderwerp: Linus about C++ Hi. This is partly not OpenBSD related, and yet again someone pointed out that perhaps a lot of bug could be avoided using C++. I am writting my big paper on C and C++ and would like some comments from people who are experts. Off-list is okay, but maybe others are interested as well. I found this statement of Linux Torvalds about C++ online: snip C++ is a horrible language. It's made more horrible by the fact that a lot of substandard programmers use it, to the point where it's much much easier to generate total and utter crap with it. Quite frankly, even if the choice of C were to do *nothing* but keep the C++ programmers out, that in itself would be a huge reason to use C. C++ leads to really really bad design choices. You invariably start using the nice library features of the language like STL and Boost and other total and utter crap, that may help you program, but causes: - infinite amounts of pain when they don't work (and anybody who tells me that STL and especially Boost are stable and portable is just so full of BS that it's not even funny) - inefficient abstracted programming models where two years down the road you notice that some abstraction wasn't very efficient, but now all your code depends on all the nice object models around it, and you cannot fix it without rewriting your app. In other words, the only way to do good, efficient, and system-level and portable C++ ends up to limit yourself to all the things that are basically available in C. And limiting your project to C means that people don't screw that up, and also means that you get a lot of programmers that do actually understand low-level issues and don't screw things up with any idiotic object model crap. /snip Is he right? Best regards, and forgive me if I am to much off topic.
glxpcib from apropos has wrong adress
apropos on 'glxpcib' gives http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=0manpath=OpenBSD+Currentarch=i386apropos=1format=html which contains a link to 'glxpcib (4/i386)' which is invalid http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=4%2fi386apropos=0manpath=OpenBSD+Currentarch=i386 should be http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=4apropos=0manpath=OpenBSD+Currentarch=i386 BR, Markus
Re: Linus about C++
On 2007-12-28 07:33, Brian Hansen wrote: [snip] Is he right? Yes and no. First of all you should realise that Linus and most other other kernel hackers are biased. When it comes down to it C++ is not a better or worse language to write a system in than C, it is just a question about how you use it. But as Linus wrote, there are a number of people out there who learned to program in Java and then learned C++ and now think that they can do some low-level programming. Truth is they can not since they have learned to think about programming in a very high-level way. Someone once said something like nothing is impossible with enough layers of indirection, but none ever claimed that many layers of indirection was efficient. If you are down in the kernel writing code that will be run while holding a lock every micro-second counts since you are stalling the progress of other threads/processes, so you want efficiency. But if you are writing a complicated GUI for an application that will run on a 3GHz machine with 2GB RAM a few layers of indirection can be very nice, and none will notice the few milliseconds you lose. It is about choosing the right tool for the job, but also about choosing how to use the tool, just because a hammer is the right tool does not mean that hammering away is the right way to do things. -- Erik WikstrC6m
Re: Linus about C++
Wow one comprehensive list of the suckage that is C++. Thanks Miod now I dont need to type examples anymore. On Fri, Dec 28, 2007 at 07:19:11AM +, Miod Vallat wrote: Is he right? If you just search the archive, even not to long ago, 'few days' you will see pretty much the same feeling about C++ on the OpenBSD list as well as pretty much any lists that cares about correct code and clarity in programing. But don't take my words for it, just look and it will not take you long to find it. That's really what you should do first. It even start to look like an FAQ topic these days. If you look into the tree, you will not see much of C++, that alone should be a big clue. Hopefully this tread will die soon as I fell everything was said on it already Ah, but no C++ bashing thread can be complete until someone mentions the excellent FQA site: http://yosefk.com/c++fqa/ Miod
Re: backup firewall connectivity
* Aaron [EMAIL PROTECTED] [2007-12-28 03:24]: I am wondering, in a dual firewall situation, preemption enabled, carp working just fine (i think), is it normal that the backup firewall (when in backup state) has no connectivity on any of the carped interfaces? that depends wether you external carp interface has numbered or unnumbered parents. if the parents (carpdev) are unnumbered (no ipassigned),it is quite normal. otherwise you have sth wrong. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam how depressing.. ok.. here is some information, please let me know if there are other things I should include. The firewall is a plain jane supermicro pd4sa with a p4 2ghz and 512Mb memory. I am not currently at the location with the box so i don't have a dmesg to post. There are 5 physical interfaces on the machine, fxp0-3 and rl0 which I use for my pfsync interface. in my best ascii art, this is the machine layout. |-| - wanA/carp0 carp2-dmz- | | - wanB/carp1 carp3--lan |-| Here are my interface configs: main firewall fxp0: inet 10.125.221.2 255.255.255.0 NONE main firewall fxp1: inet 10.126.221.2 255.255.255.0 NONE backup firewall fxp0: inet 10.125.221.3 255.255.255.0 NONE backup firewall fxp1: inet 10.126.221.3 255.255.255.0 NONE main firewall Carp0: inet 192.168.3.65 255.255.255.224 192.168.3.95 vhid 1 carpdev fxp0 pass tester1 inet alias 192.168.3.66 255.255.255.224 inet alias 192.168.3.67 255.255.255.224 inet alias 192.168.3.68 255.255.255.224 inet alias 192.168.3.69 255.255.255.224 inet alias 192.168.3.70 255.255.255.224 inet alias 192.168.3.71 255.255.255.224 inet alias 192.168.3.72 255.255.255.224 inet alias 192.168.3.73 255.255.255.224 inet alias 192.168.3.74 255.255.255.224 inet alias 192.168.3.75 255.255.255.224 inet alias 192.168.3.76 255.255.255.224 inet alias 192.168.3.77 255.255.255.224 inet alias 192.168.3.78 255.255.255.224 inet alias 192.168.3.79 255.255.255.224 inet alias 192.168.3.80 255.255.255.224 inet alias 192.168.3.81 255.255.255.224 inet alias 192.168.3.82 255.255.255.224 inet alias 192.168.3.83 255.255.255.224 inet alias 192.168.3.84 255.255.255.224 inet alias 192.168.3.85 255.255.255.224 inet alias 192.168.3.86 255.255.255.224 inet alias 192.168.3.87 255.255.255.224 inet alias 192.168.3.88 255.255.255.224 inet alias 192.168.3.89 255.255.255.224 inet alias 192.168.3.90 255.255.255.224 inet alias 192.168.3.91 255.255.255.224 inet alias 192.168.3.92 255.255.255.224 inet alias 192.168.3.93 255.255.255.224 main firewall Carp1: inet 192.168.3.129 255.255.255.224 192.168.3.159 vhid 2 carpdev fxp1 pass tester2 inet alias 192.168.3.130 255.255.255.224 inet alias 192.168.3.131 255.255.255.224 inet alias 192.168.3.132 255.255.255.224 inet alias 192.168.3.133 255.255.255.224 inet alias 192.168.3.134 255.255.255.224 inet alias 192.168.3.135 255.255.255.224 inet alias 192.168.3.136 255.255.255.224 inet alias 192.168.3.137 255.255.255.224 inet alias 192.168.3.138 255.255.255.224 inet alias 192.168.3.139 255.255.255.224 inet alias 192.168.3.140 255.255.255.224 inet alias 192.168.3.141 255.255.255.224 inet alias 192.168.3.142 255.255.255.224 inet alias 192.168.3.143 255.255.255.224 inet alias 192.168.3.144 255.255.255.224 inet alias 192.168.3.145 255.255.255.224 inet alias 192.168.3.146 255.255.255.224 inet alias 192.168.3.147 255.255.255.224 inet alias 192.168.3.148 255.255.255.224 inet alias 192.168.3.149 255.255.255.224 inet alias 192.168.3.150 255.255.255.224 inet alias 192.168.3.151 255.255.255.224 inet alias 192.168.3.152 255.255.255.224 inet alias 192.168.3.153 255.255.255.224 inet alias 192.168.3.154 255.255.255.224 inet alias 192.168.3.155 255.255.255.224 inet alias 192.168.3.156 255.255.255.224 inet alias 192.168.3.157 255.255.255.224 backup firewall Carp0: inet 192.168.3.65 255.255.255.224 192.168.3.95 vhid 1 carpdev fxp0 pass tester1 advskew 100 inet alias 192.168.3.66 255.255.255.224 inet alias 192.168.3.67 255.255.255.224 inet alias 192.168.3.68 255.255.255.224 inet alias 192.168.3.69 255.255.255.224 inet alias 192.168.3.70 255.255.255.224 inet alias 192.168.3.71 255.255.255.224 inet alias 192.168.3.72 255.255.255.224 inet alias 192.168.3.73 255.255.255.224 inet alias 192.168.3.74 255.255.255.224 inet alias 192.168.3.75 255.255.255.224 inet alias 192.168.3.76 255.255.255.224 inet alias 192.168.3.77 255.255.255.224 inet alias 192.168.3.78 255.255.255.224 inet alias 192.168.3.79 255.255.255.224 inet alias 192.168.3.80 255.255.255.224 inet alias 192.168.3.81 255.255.255.224 inet alias 192.168.3.82 255.255.255.224 inet alias 192.168.3.83 255.255.255.224 inet alias 192.168.3.84 255.255.255.224 inet alias 192.168.3.85 255.255.255.224 inet alias
Re: sparc64 on Sun Netra T1 with external CD Drive
Still no go. However, it doesn't appear to be a OpenBSD specific issue. FreeBSD and Debian CD installers won't boot from the external CD drive either. Currently, I can boot the machine with a Solaris install CD or from Solaris that had been installed on the HDD prior to me receiving the computer. Can I copy bsd.rd onto one of the drives and then boot from that to install? I also applied Sun's latest firmware to OBP, just to make sure things were current. Thanks again, Brad -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14526293.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: glxpcib from apropos has wrong adress
On Fri, Dec 28, 2007 at 12:57:18PM +0100, Markus Bergkvist wrote: apropos on 'glxpcib' gives http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=0manpath=OpenBSD+Currentarch=i386apropos=1format=html which contains a link to 'glxpcib (4/i386)' which is invalid it's not invalid. man -S i386 glxpcib will get you the page. http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=4%2fi386apropos=0manpath=OpenBSD+Currentarch=i386 should be http://www.openbsd.org/cgi-bin/man.cgi?query=glxpcibsektion=4apropos=0manpath=OpenBSD+Currentarch=i386 and this is because the script that turns man pages into web links does not always work ;( i recommend that people use the online man pages (i.e. the man(1) command) if they are having issues with the, er, online man pages (i.e. the web stuff). jmc
Re: sparc64 on Sun Netra T1 with external CD Drive
Sorry for all the posts. I figured it out. I dd'ed floppy42.fs to one of the unused drives and booted that way. -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14526801.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Load balancing
I am still working on the same problem, I was able to get 2 ISPs load balanced and even got the bandwidth aggregated. Now i am trying to balance 3 ISPs and even with the multipath routing enabled and cofigureed i am not able to even browse anything. Here is my pf.conf lan_net = 10.15.0.0/16 int_if = fxp0 ext_if1 = em0 ext_if2 = em1 ext_if1 = em1 ext_gw1 = 192.168.5.1 ext_gw2 = 192.168.6.1 ext_gw3 = 10.7.0.253 nat on $ext_if1 from $lan_net to any - ($ext_if1) nat on $ext_if2 from $lan_net to any - ($ext_if2) nat on $ext_if3 from $lan_net to any - ($ext_if3) block in from any to any block out from any to any pass out on $int_if from any to $lan_net pass in quick on $int_if from $lan_net to $int_if pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) , ($ext_if3 $ext_gw3) } round-robin proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2), ($ext_if3 $ext_gw3) } round-robin proto { udp, icmp } from $lan_net to any keep state pass out on $ext_if1 proto tcp from any to any flags S/SA modulate state pass out on $ext_if1 proto { udp, icmp } from any to any keep state pass out on $ext_if2 proto tcp from any to any flags S/SA modulate state pass out on $ext_if2 proto { udp, icmp } from any to any keep state pass out on $ext_if3 proto tcp from any to any flags S/SA modulate state pass out on $ext_if3 proto { udp, icmp } from any to any keep state pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any pass out on $ext_if1 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any pass out on $ext_if2 route-to ($ext_if3 $ext_gw3) from $ext_if3 to any pass out on $ext_if3 route-to ($ext_if1 $ext_gw1) from $ext_if1 to any pass out on $ext_if3 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any This setup is not working and the odd thing is i am not even able to ping the local interfaces with this configurting. Thanks for the help Manpreet
Re: Linus about C++
On Dec 28, 2007 7:51 AM, Erik Wikstrvm [EMAIL PROTECTED] wrote: On 2007-12-28 07:33, Brian Hansen wrote: [snip] Is he right? Yes and no. First of all you should realise that Linus and most other other kernel hackers are biased. When it comes down to it C++ is not a better or worse language to write a system in than C, it is just a question about how you use it. But as Linus wrote, there are a number of people out there who learned to program in Java and then learned C++ and now think that they can do some low-level programming. Truth is they can not since they have learned to think about programming in a very high-level way. Someone once said something like nothing is impossible with enough layers of indirection, but none ever claimed that many layers of indirection was efficient. If you are down in the kernel writing code that will be run while holding a lock every micro-second counts since you are stalling the progress of other threads/processes, so you want efficiency. I think that's one of the main problems with programmers today. All the schools I know that teach programming, start by teaching Java to the students. It's definitely easier to learn Java with little-to-no prior programming experience, than it is to learn C (I struggled for quite some time to fully understand and realize how C uses pointers, in all its various ways). I think the problem comes when these same programmers see that Java and C have a similar style of syntax, and think that simply learning the superficial differences means they now understand the language. Two programming languages can look similar on the surface, but be very different beneath the skin. I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. But if you are writing a complicated GUI for an application that will run on a 3GHz machine with 2GB RAM a few layers of indirection can be very nice, and none will notice the few milliseconds you lose. It is about choosing the right tool for the job, but also about choosing how to use the tool, just because a hammer is the right tool does not mean that hammering away is the right way to do things. Yes, that's true, but sometimes using that old trusty tool (C) can be just as effective as the shiny new tool (Java, C++, etc).
Re: Linus about C++
On Fri, Dec 28, 2007 at 10:16:08AM -0500, Gary Baluha wrote: I think that's one of the main problems with programmers today. All the schools I know that teach programming, start by teaching Java to the students. I'm learning Java at school. I told my teachers that I think it is a great pity that I've to learn Java while all my favorite software is written in C and and have the code of it! I really would be more motivated when we would learn C. But well, I do understand they want us to learn a object oriented programming language. And that is -far- more practical to use a single PL for all students. It's definitely easier to learn Java with little-to-no prior programming experience, than it is to learn C (I struggled for quite some time to fully understand and realize how C uses pointers, in all its various ways). Oh, I was thinking that C just might be easier since I don't have all that class/method/method-call shit. But C has it's own difficulties ofcourse. I think the problem comes when these same programmers see that Java and C have a similar style of syntax, and think that simply learning the superficial differences means they now understand the language. Two programming languages can look similar on the surface, but be very different beneath the skin. Sounds like stupid programmers. I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. The (a) 'purpose' of OOP is that I don't need to study the Class-code of someone else. This makes it possible to focus on your own thing only. (I don't care about being exactly right here, I think you understand what I mean) Pieter Verberne
Re: Embedding OpenBSD
This is a neat idea, but personally I think it'll be hard to make the device 0 maintenance, problems can always occur... If you're set on using OpenBSD in this project, remove everything from the base system that isn't needed... and try running the unit non-stop for 48/hours... just to be sure it's not going to die days after you leave the country. If this all seems horribly complex, use one of Doug's suggestions. (Consider a modem, or a net card... so remote maintenance is possible..)
Re: Linus about C++
On Dec 28, 2007 11:21 AM, Pieter Verberne [EMAIL PROTECTED] wrote: On Fri, Dec 28, 2007 at 10:16:08AM -0500, Gary Baluha wrote: I think that's one of the main problems with programmers today. All the schools I know that teach programming, start by teaching Java to the students. I'm learning Java at school. I told my teachers that I think it is a great pity that I've to learn Java while all my favorite software is written in C and and have the code of it! I really would be more motivated when we would learn C. But well, I do understand they want us to learn a object oriented programming language. And that is -far- more practical to use a single PL for all students. There's certainly no problem with using a single programming language to teach to first or even second year students, and I have no problem with the chosen language being Java, either. The problem comes up when some students think that similar-looking programming languages can be programmed using nearly identical programming practices. But in the end, it doesn't really matter which programming language is taught, as there will always be students who get the wrong idea, and that was the main thing I was trying to convey. It's definitely easier to learn Java with little-to-no prior programming experience, than it is to learn C (I struggled for quite some time to fully understand and realize how C uses pointers, in all its various ways). Oh, I was thinking that C just might be easier since I don't have all that class/method/method-call shit. But C has it's own difficulties ofcourse. Well, I originally learned in C, so learning Java was fairly easy since you didn't have to do all the memory/pointer management that you have to do in C, or even C++. I was also learning C++ around the same time, so by the time I got to Java, I already had the basic concepts of OOP. I guess it's all up to the individual which language is easiest to learn as one's first programming language. Still, my opinion is that any advanced programming language that has automatic garbage collection and memory allocation is easier to learn. I think the problem comes when these same programmers see that Java and C have a similar style of syntax, and think that simply learning the superficial differences means they now understand the language. Two programming languages can look similar on the surface, but be very different beneath the skin. Sounds like stupid programmers. Indeed. I don't know about everyone else's experience, but I find it rare to come across actual good programmers. I've met and come across a lot of programmers who manage to get through their tasks, but don't fully appreciate what it is that their code is actually doing. I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. The (a) 'purpose' of OOP is that I don't need to study the Class-code of someone else. This makes it possible to focus on your own thing only. (I don't care about being exactly right here, I think you understand what I mean) I see where you're coming from, and I fully agree that the concept of OOP is great. However, I think blindly using someone else's class code without at least having a basic understanding of what the underlying code is doing misses the point. And this is true whether we're talking about an OO-language, or a procedural language. The only difference is, OO-languages provide the weak programmer more opportunities to abuse the concept than procedural languages. I don't claim to be a world-class programmer myself, but I do realize there is a difference between code that does the job, and code that does the job well. And in my opinion, OO-languages simply provide more opportunity to get the job done poorly by blindly trusting someone elses code, since the idea is that you shouldn't need to know. And this is often taught poorly in school, giving the false impression that you shouldn't _want_ to have a basic understanding of what the other person's code does.
Re: Linus about C++
On Fri, Dec 28, 2007 at 10:16:08AM -0500, Gary Baluha wrote: I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. AIUI, that's where Ada's compile-time checks come it. With Ada, (if you choose to do OOP) you have the object definition and the implementation separate. If everyone can agree (and hense document) the object definition, the implementation can change all it wants. If the person doing the implementation also changes the definition, then Ada screams at you since the definition in all places that use the object must agree. Ada is designed specifically for the software-engineering world. It is supposed to do low level stuff well, since most of the embedded things it runs (e.g. missles) don't actually have an OS, just he Ada program accessing the hardware directly. Doug.
Re: Embedding OpenBSD
* Unix Fan [EMAIL PROTECTED] [2007-12-28 17:44]: remove everything from the base system that isn't needed... yeah THAT is certainly going to help... deleting binaries saves the world! -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: backup firewall connectivity
On Dec 28, 2007 7:13 AM, Aaron [EMAIL PROTECTED] wrote: main firewall Carp0: inet 192.168.3.65 255.255.255.224 192.168.3.95 vhid 1 carpdev fxp0 pass tester1 inet alias 192.168.3.66 255.255.255.224 inet alias 192.168.3.67 255.255.255.224 Not to solution your problem, but the correct netmask for interface aliases is 255.255.255.255. Refer to archives and hostname.if(5). DS
Re: Linus about C++
On Fri, Dec 28, 2007 at 07:37:54AM -0600, Marco Peereboom wrote: Wow one comprehensive list of the suckage that is C++. Thanks Miod now I dont need to type examples anymore. I will probably regret this, but all of these issues are known, and only show that C++ is not a simple language. Real C++ programmers know how to work around these. C++ is all about giving you choices. As a list: - No compile time encapsulation: deliberate language choice. You want to provide clean C++ interfaces ? you use the `compiler firewall/pimpl' idiom. As a good example, look at the KDE libraries. It's all about NOT having to pay the extra price if you want speed to the detriment of portability. - complicated grammar: red herring. This does NOT account for any amount of slowness of C++ compilers. It *does* account for somewhat bad error messages. It is complicated to build a yacc parser for C++, and thus to add meaningful error messages. Every slow C++ compiler out there is slow for other reasons. Mostly, that you need efficient data structures to take care of namespace lookup (C doesn't have that issue: it doesn't have any support for namespaces). And also, that people abuse inline functions. As far as different compilers interpreting rules differently, C++ was not standardized until 1998... Did you try any new-fangled C99 constructs recently ? Like, variable definitions work everywhere on every C compiler shipped with OpenBSD ? Yeah, right... - No easy way to locate definition: mix of stuff inherited from C (where you can do anything with include files, and thus you're relying on people having bad habits) and OO practice, where it is indeed often difficult to locate definitions... That's why smalltalk has browsers... - No run-time encapsulation. Yeah right... as if there are no smart pointers out there. Not worse than C. - No binary implementation rules... partly false. There are ELF ABIs for C++, fortunately, and Unix implementations follow them these days. That's a bit like looking at C from 20 years ago. Between COFF, a.out, and other shit, you did not have a binary implementation either... Rules for types and operators are fairly complex, granted, but there is some actual logic. This is well documented in a few books. The main issue with C++ there is that it it a big language. You want to understand those rules ? You have to read Scott Meyers. Exceptions can be managed. Again you have to read Herb Sutter. And yeah, the standard library is somewhat small. But there are useful libraries out there developed on top of C++, and they work (qt is the one nice example, as far as I'm concerned). All of this shows the one thing we already know, which is that C++ is a terribly complicated language that is hard to master. When it's used properly, by people who know how to program in it, it can be really good and really fast. I'm still happily using quite a few apps written in C++, like most of kde, and I don't see them getting rewritten in anything else yet. You want OO ? you've got a choice of: - C++, which *works*. - java, which is really slow, and not portable at all (and written partly in C++). - smalltalk, which is beautiful, very nice, and that no-one uses because it does not talk to the rest of the world, still locked in its ivory tower. - eiffel or ada... yeah right, everyone uses them. - python or perl, which work just fine... perl has about the same set of defects as C++ (except for speed and reflection). python is probably about the same, I don't use it enough to comment. In the end, I still see C++ as a valid choice for *seasoned* programmers. It is very, very hard to use, and thus I would never recommend it to a beginner.
Re: Embedding OpenBSD
What in the world??? Do you drive a car? if the answer is yes you have an unconnected embedded device. Need more examples? On Fri, Dec 28, 2007 at 08:34:24AM -0800, Unix Fan wrote: This is a neat idea, but personally I think it'll be hard to make the device 0 maintenance, problems can always occur... If you're set on using OpenBSD in this project, remove everything from the base system that isn't needed... and try running the unit non-stop for 48/hours... just to be sure it's not going to die days after you leave the country. If this all seems horribly complex, use one of Doug's suggestions. (Consider a modem, or a net card... so remote maintenance is possible..)
Re: Linus about C++
On Fri, Dec 28, 2007 at 10:16:08AM -0500, Gary Baluha wrote: I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. If you are using OpenBSD, you're probably using pkg_add(1) and friends. Those tools would be completely impossible to write without a fully OOP approach. Tracking bugs through them is reasonable, even though there ARE indeed layers and layers of indirection in the PackageRepository code... The level of code sharing is at least two orders of magnitude better than I could ever achieve with traditional C. Considering the complexity of what the code does, there are surprisingly few bugs that show up in it. But, of course, there are good designs and bad designs, and this does not really depend on the OO nature of the design at all. You can write obfuscated code in a procedural design, or clean code in an OO design.
Re: Linus about C++
I disagree with this sentiment. The quality of programmers these days is abysmal. I think that is due to part of being taught wrong in the first place and then being unable to unlearn bad habits. By teaching kids in a forgiving language they will never get a feel for what they are supposed to be thinking about. I know the marketing says: focus on the real problem instead of pesky details like memory management. I think this is fundamentally wrong. The programmers I have hired in the recent past are all EE or CE people. I have not had a good candidate in a long time coming from a recent CS program. The CE/EE people started on the other side of programming and have very good skills. The CS folks are all talk and make way too complex constructs because they can and their languages let them. I once had the pleasure of working on a project that was written in C but compiled with C++. I can't even begin to describe how bad and stupid that idea was. I spent the better of 3 years working around compiler bugs, interoperability issues, etc etc. But you know what, the design was super complex and made the architects look smart... until we started fixing bugs and reversing bad decisions and kludges. It is safe to say that it didn't go down well on their year-end-review. All that said, C++ is a complete and total disaster. I am to this day shocked at the success of the C++ marketing campaign. It is identical to any presidential race, full of promises but none ever kept. The difference is that no one dares to defy the decision that C++ was the wrong language for the problem. Everybody has a mortgage to pay and don't want to look like a fool for being part of a bad decision. The link Miod pasted is a great resource to get an idea how bad C++ really is. The only comment I'll make on java is that it has the capacity to make a grown man cry. I still have to see the so called benefit of both these languages. It all sounds awesome on paper but when used in the real world the promises crumble faster than a politicians. On Fri, Dec 28, 2007 at 11:58:15AM -0500, Gary Baluha wrote: On Dec 28, 2007 11:21 AM, Pieter Verberne [EMAIL PROTECTED] wrote: On Fri, Dec 28, 2007 at 10:16:08AM -0500, Gary Baluha wrote: I think that's one of the main problems with programmers today. All the schools I know that teach programming, start by teaching Java to the students. I'm learning Java at school. I told my teachers that I think it is a great pity that I've to learn Java while all my favorite software is written in C and and have the code of it! I really would be more motivated when we would learn C. But well, I do understand they want us to learn a object oriented programming language. And that is -far- more practical to use a single PL for all students. There's certainly no problem with using a single programming language to teach to first or even second year students, and I have no problem with the chosen language being Java, either. The problem comes up when some students think that similar-looking programming languages can be programmed using nearly identical programming practices. But in the end, it doesn't really matter which programming language is taught, as there will always be students who get the wrong idea, and that was the main thing I was trying to convey. It's definitely easier to learn Java with little-to-no prior programming experience, than it is to learn C (I struggled for quite some time to fully understand and realize how C uses pointers, in all its various ways). Oh, I was thinking that C just might be easier since I don't have all that class/method/method-call shit. But C has it's own difficulties ofcourse. Well, I originally learned in C, so learning Java was fairly easy since you didn't have to do all the memory/pointer management that you have to do in C, or even C++. I was also learning C++ around the same time, so by the time I got to Java, I already had the basic concepts of OOP. I guess it's all up to the individual which language is easiest to learn as one's first programming language. Still, my opinion is that any advanced programming language that has automatic garbage collection and memory allocation is easier to learn. I think the problem comes when these same programmers see that Java and C have a similar style of syntax, and think that simply learning the superficial differences means they now understand the language. Two programming languages can look similar on the surface, but be very different beneath the skin. Sounds like stupid programmers. Indeed. I don't know about everyone else's experience, but I find it rare to come across actual good programmers. I've met and come across a lot of programmers who manage to get through their tasks, but don't fully appreciate what it is that their code is actually doing. I'm also not sold on the concept of object
Re: Linus about C++
On Dec 28, 2007 7:16 AM, Gary Baluha [EMAIL PROTECTED] wrote: On Dec 28, 2007 7:51 AM, Erik Wikstrvm [EMAIL PROTECTED] wrote: On 2007-12-28 07:33, Brian Hansen wrote: [snip] Is he right? Yes and no. First of all you should realise that Linus and most other other kernel hackers are biased. When it comes down to it C++ is not a better or worse language to write a system in than C, it is just a question about how you use it. But as Linus wrote, there are a number of people out there who learned to program in Java and then learned C++ and now think that they can do some low-level programming. Truth is they can not since they have learned to think about programming in a very high-level way. Someone once said something like nothing is impossible with enough layers of indirection, but none ever claimed that many layers of indirection was efficient. If you are down in the kernel writing code that will be run while holding a lock every micro-second counts since you are stalling the progress of other threads/processes, so you want efficiency. I think that's one of the main problems with programmers today. All the schools I know that teach programming, start by teaching Java to the students. It's definitely easier to learn Java with little-to-no prior programming experience, than it is to learn C (I struggled for quite some time to fully understand and realize how C uses pointers, in all its various ways). I think the problem comes when these same programmers see that Java and C have a similar style of syntax, and think that simply learning the superficial differences means they now understand the language. Two programming languages can look similar on the surface, but be very different beneath the skin. There is a community college in the San Francisco Bay Area area that encourages learning C before learning any other language. I've taken intro to C and intermediate C. I didn't do too well with pointers either. It's tough working full time and attending class twice a week and studying and living. Heh. I'm also not sold on the concept of object oriented programming in general. Along the lines of nothing is impossible with enough layers of indirection, I think too much abstraction also removes the programmer from what he/she is actually doing. OOP is a nice concept on paper, until you realize that most large programming projects are not written by a single person, and most people will not be coding the entire tree of abstraction they are using. This leads to errors that may be very difficult (if not impossible) to fully track down. But if you are writing a complicated GUI for an application that will run on a 3GHz machine with 2GB RAM a few layers of indirection can be very nice, and none will notice the few milliseconds you lose. It is about choosing the right tool for the job, but also about choosing how to use the tool, just because a hammer is the right tool does not mean that hammering away is the right way to do things. Yes, that's true, but sometimes using that old trusty tool (C) can be just as effective as the shiny new tool (Java, C++, etc).
Re: Linus about C++
Brian Hansen wrote: Hi. This is partly not OpenBSD related, and yet again someone pointed out that perhaps a lot of bug could be avoided using C++. I am writting my big paper on C and C++ and would like some comments from people who are experts. Off-list is okay, but maybe others are interested as well. I found this statement of Linux Torvalds about C++ online: snip C++ is a horrible language. snip Is he right? Best regards, and forgive me if I am to much off topic. Better than the C++ language would be a safer version of C... no need for all C++ features. The problem is people abuse the flexibilty of C++. Or a C with safer compiler. Which has been done and is being done.. Also look into TACK (another C compiler with BSD license). Look into google and research Limbo, Plan 9, Cyclone, Minix.. and some safer 'C' languages that are coming about. There are some hilarious biased and funny articles on my wiki about limbo/cyclone too which explain why modern 'C' is becoming more safe these days and more Wirth/modula like. L505
Re: Embedding OpenBSD
On Fri, Dec 28, 2007 at 08:34:24AM -0800, Unix Fan wrote: (Consider a modem, or a net card... so remote maintenance is possible..) The problem with a net card is that then the end-user would have to set up a dhcp server or some how have the card set up correctly. With a modem, its pretty standard. Either have the device's cron try to access the modem to call home (and if a phone line is connected, it will succeed) to set up a ppp link, or just set up the modem to allow you to dial-in and get a login prompt. Then the end-user just has to supply a phone line to the unit and you with a phone number. Doug.
Re: Embedding OpenBSD
In article [EMAIL PROTECTED], Nick Holland wrote: What have I forgotten? Is there anything else I can do to avoid slapping my forehead and saying, D'oh! Forgot to ... before I ship it out fully detached? The good news is I'm pretty sure there is at least one OpenBSD developer near-by, but that's just all the more reason to make sure I don't screw it up, I'll never live it down. :) Unless you have a need to keep state, I'd not bother in any way to write to the flash. I'd have a bsd.rd on there that get's loaded on boot. No fsck necessary, completely in ram, etc. -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: Linus about C++
On Dec 28, 2007 12:36 PM, Marc Espie [EMAIL PROTECTED] wrote: Rules for types and operators are fairly complex, granted, but there is some actual logic. This is well documented in a few books. The main issue with C++ there is that it it a big language. You want to understand those rules ? You have to read Scott Meyers. Well, C++ compilers *do* actually compile the code, so I would assume there is _some_ logic to them ;-) However, just because there is some logic behind the rules, doesn't mean it is easily understandable, and that--I think--is where the real problem is. All of this shows the one thing we already know, which is that C++ is a terribly complicated language that is hard to master. When it's used properly, by people who know how to program in it, it can be really good and really fast. I'm still happily using quite a few apps written in C++, like most of kde, and I don't see them getting rewritten in anything else yet. Assembly language programming (let's say x86 for the sake of argument) can also be really good and really fast, but that too depends on someone knowing what they're doing. The problem with programming languages is, there are often many, many ways of accomplishing the same task. In some cases, there may even be more than one correct way to do it, depending on what you're trying to accomplish. But there are usually many more _incorrect_ ways to accomplish the task, than correct ways. C++, because it can do things procedurally as well as fully object oriented, gives the programmer even more options; options that can be very powerful when used correctly, but also very bad (for maintainability, debugging, etc) when used incorrectly. As the saying goes, With C, you can shoot your foot off. But with C++, you don't shoot your foot off, you shoot your whole leg off. In the end, I still see C++ as a valid choice for *seasoned* programmers. It is very, very hard to use, and thus I would never recommend it to a beginner. Hey, despite the flaws of C++, I too support it. But as you say, it is extremely difficult to use properly and most effectively. I just fear that there are too many programmers out there that aren't willing to admit to themselves that they simply aren't skilled enough to use the language properly. This can be said for any language, but it is worse for those languages that provide the most options to the programmer.
Programming Course
I have read some (time does not allow me to read it all) of the threads about C vs.C++ and would like to know if anyone here has worked through the courses from either of the following people and if so, what did you think? I read in the thread with Linus's thoughts of C++ but am curious that if he is correct the bugs have not been fixed as I am sure there are enough talented people out there. http://www.coronadoenterprises.com/ http://computer.howstuffworks.com/c.htm Thanks in advance. A.
Re: Embedding OpenBSD
On Dec 27, 2007 10:41 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I'd wire in a hardware-type heartbeat detector that will power-cycle the computer if it stops working. I'd have a door over the money slot powered by the computer so that it only accepts money when its working. You could have a Please wait light to be lit during the reboot. Or, you could just rewire an MP3 player to play a tune when it is powered on, then just hook the money-detector to the power switch. Money turns it on, a timer just longer than the tune turns it off. No computer needed (just a 556-dual-555 timer IC and some spare parts). I second the idea of something as simple as an MP3 player connected to a money detector, if that's all it will be doing. Seems a little over-kill to get a whole computer, even if it is something as simple as a Soekris ( http://www.soekris.com/, which by the way, is a very nice device). However, if you do decide you still want an embedded OBSD device, it certainly is doable. I have a Soekris net4801 that I am using as my firewall/router, and it is working like an appliance. I'm using a 1GB CF card; it's mounted RW, but for the most part it is really only writing data to an mfs mount point. In this case, it's obviously connected to a network, and I have a monitoring tool running to report back on disk space usage, but it could easily do without this. I have a cron job that periodically checks to make sure the mfs mount points don't fill up, and cleans them out as appropriately. I have also highly tuned the log rotation to further ensure mount points don't get filled out. Should a problem arise, since the CF card is effectively read-only, a reboot is as simple and unplugging the device and then plugging it back in. Unless there is a hardware fault, it will come back up on its own. For further protection, you should mount the CF read-only so no mount points there can accidentally fill up.
Re: Linus about C++
On 12/27/07, Miod Vallat [EMAIL PROTECTED] wrote: Ah, but no C++ bashing thread can be complete until someone mentions the excellent FQA site: http://yosefk.com/c++fqa/ this one alone was priceless: http://yosefk.com/c++fqa/io.html#fqa-15.1 and i've even written more c++ code than c code.
Re: Embedding OpenBSD
On Fri, Dec 28, 2007 at 11:13:18AM -0600, Marco Peereboom wrote: Do you drive a car? if the answer is yes you have an unconnected embedded device. Need more examples? Well, actually, my car doesn't include a digital computer. It has an ignition module that is analog but no sensors. Nice complicated carburrator instead of a nice simple fuel injector(s). Of course, the car is older than any of the mechanics that work on it. However, I spend under $200 per year on maintenance for the engine. I've seen the odometer go around twice since I bought it 5 years ago; it's probablly at the 500,000. So be carefull with generalities... :) Doug.
Re: Embedding OpenBSD
Use something like flashboot (www.mindrot.org/projects/flashboot) perfect for this kind of application, take a look at the package managment stuff J On Dec 28, 2007, at 10:18 AM, Tobias Weingartner wrote: In article [EMAIL PROTECTED], Nick Holland wrote: What have I forgotten? Is there anything else I can do to avoid slapping my forehead and saying, D'oh! Forgot to ... before I ship it out fully detached? The good news is I'm pretty sure there is at least one OpenBSD developer near-by, but that's just all the more reason to make sure I don't screw it up, I'll never live it down. :) Unless you have a need to keep state, I'd not bother in any way to write to the flash. I'd have a bsd.rd on there that get's loaded on boot. No fsck necessary, completely in ram, etc. -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1! =b]salax
Re: Embedding OpenBSD
step 1. get a any old ipod on ebay step 2. put a single mp3 tune on it step 3. place it in a big box, with the play button located right under a coin sized slot openbsd is great, but it's not the hammer for all nails... /Pete On 28 Dec 2007, at 3:34 AM, Nick Holland wrote: I've got a little project I'm working on here. It involves stuffing a computer in a donation box with a money detector, so every time someone tosses money in the box, it plays an MP3 file. (no, you can't make a living at this. At least, *I* can't) The first two of these I did were many years ago, and we used a 486 running a simple DOS app. Well, computers that run DOS well are gone, and trying to bring up a new program to play sound files on any of the modern sound chips would be (not) fun...and annoying the next time the hardware all changes again. So, for this generation, I'm using OpenBSD, mpg321, and a 1G CF flash device attached to an CF- IDE interface. However, this is the first time I've ever done an OpenBSD system that wasn't going to be attached to some kind of network for (hopefully) years at a time. In fact, hopefully, it will NEVER be attached to a network. And, while I got a 1G CF device, I could imagine doing something stupid and having it slowly fill the CF media and six months from now getting a call saying, It died. Come fix it, and since it will be in another country and probably a ten hour drive away, I'd like to avoid that. :) Once this thing is deployed, I won't have access to it at all, so I'll have no ability to spot a potential problem or fix it. SO, to try to keep things quiet, I've disabled the daily, weekly, and monthly scripts, I've disabled sendmail in /etc/rc.conf.local. Before I ship it out, I'll move /var/log and /var/tmp to point to a mfs system, so hopefully, if something starts logging, a power cycle will dump everything. Only 60M is mounted RW, so it fsck's very quickly, and my app writes only to the MFS. What have I forgotten? Is there anything else I can do to avoid slapping my forehead and saying, D'oh! Forgot to ... before I ship it out fully detached? The good news is I'm pretty sure there is at least one OpenBSD developer near-by, but that's just all the more reason to make sure I don't screw it up, I'll never live it down. :) Nick.
Re: When spammers get whitelisted...
On Thu, Dec 27, 2007 at 09:13:33PM -0800, Allie D. wrote: I have had to wipe my spamdb twice in the last month because spammers get past my blacklists (I run the ones that come in spamd.conf) and my greylisting and just hammer a few of my customers. The spam comes from multiple IP's so it's a bitch to block by hand...anyone have any tips on blocking these bastards ??? To combat this I use SpamAssassin/bmf (in different scenarios), plus some procmail rules and relaydb. Good news: it's all in ports/packages. More good news: Daniel Hartmeier has written this up nicely at http://www.benzedrine.cx/relaydb.html, which is where I got it from to begin with. For me this has reduced spam to the point where it's not worth the extra effort to reduce it further. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Embedding OpenBSD
On Fri, 28 Dec 2007, Marco Peereboom wrote: What in the world??? Do you drive a car? if the answer is yes you have an unconnected embedded device. Need more examples? Indeed! How many Soekris routers are there in 'production', operating with a config just as suggested? Lee
building xenocara: configure: error: You must have freetype installed
Hi, I am having trouble building xenocara after updating my sources via cvsup. I have built non-X world and their release sets but when I come to building X world: export XSRCDIR=/usr/xenocara export XOBJDIR=/usr/xobj if [ -d $XOBJDIR ]; then rm -rf $XOBJDIR fi mkdir $XOBJDIR cd $XSRCDIR make bootstrap make obj make build After a few minutes it crashes: checking for freetype-config... no configure: error: You must have freetype installed; see http://www.freetype.org/ *** Error code 1 What should I do here? Thanks for any guidance, -- juan Connect with friends from any web browser - no download required. Try the new Yahoo! Canada Messenger for the Web BETA at http://ca.messenger.yahoo.com/webmessengerpromo.php
Trouble Installing OpenBSD 4.2 stable
Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and one 250gb IDE drive all partitioned for bsd. Trying to install OpenBSD i386 4.2 from install42.iso by trading the 250gb drive for a cd-rom drive. I keep getting this error message and I believe it has to do with the missing 250gb drive: /dev/rwd0a: file system is clean; not checking Can't open /dev/rwd1d: Device not configured CAN'T CHECK FILE SYSTEM. /dev/rwd1d: UNEXPECTED INCONSISTENCY; RUN fsck_ffs MANUALLY. Automatic file system check failed; help! My dmesg output: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Celeron (GenuineIntel 686-class, 128KB L2 cache) 498 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 199860224 (195176K) avail mem = 175497216 (171384K) using 2465 buffers containing 10096640 bytes (9860K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(0e) BIOS, date 01/14/99, BIOS32 rev. 0 @ 0xeca00 pcibios0 at bios0: rev 2.1 @ 0xeca00/0x3600 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfe740/96 (4 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801AA LPC rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xe/0x1! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82810E rev 0x03: rng active, 8Kb/sec vga1 at pci0 dev 1 function 0 Intel 82810E Graphics rev 0x03: aperture at 0x4400, size 0x400 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 30 function 0 Intel 82801AA Hub-to-PCI rev 0x02 pci1 at ppb0 bus 1 fxp0 at pci1 dev 1 function 0 Intel 82557 rev 0x08, i82559: irq 11, address 00:03:47:13:bf:2c inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ichpcib0 at pci0 dev 31 function 0 Intel 82801AA LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801AA IDE rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD200EB-00CSF0 wd0: 16-sector PIO, LBA, 19092MB, 39102336 sectors atapiscsi0 at pciide0 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: LITE-ON, DVDRW SOHW-1633S, BS0C SCSI0 5/cdrom removable wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 31 function 2 Intel 82801AA USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered auich0 at pci0 dev 31 function 5 Intel 82801AA AC97 rev 0x02: irq 11, ICH AC97 ac97: codec id 0x41445348 (Analog Devices AD1881A) ac97: codec features headphone, Analog Devices Phat Stereo audio0 at auich0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 sysbeep0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 I tried upgrading to OpenBSD 3.9 and got the same error message. Thanks for helping! -- Alan Hamlett http://83p.unitedti.org
Re: Trouble Installing OpenBSD 4.2 stable
On Fri, 2007-12-28 at 17:16 -0600, Alan Hamlett wrote: Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and one 250gb IDE drive all partitioned for bsd. Trying to install OpenBSD i386 4.2 from install42.iso by trading the 250gb drive for a cd-rom drive. I keep getting this error message and I believe it has to do with the missing 250gb drive: /dev/rwd0a: file system is clean; not checking Can't open /dev/rwd1d: Device not configured CAN'T CHECK FILE SYSTEM. /dev/rwd1d: UNEXPECTED INCONSISTENCY; RUN fsck_ffs MANUALLY. The upgrade script tries to read your old fstab(5) and fsck(8) your existing file systems. wd1* is attached when your drive is there. when you replace it with a ROM it goes away. The same error would happen if you booted the system w/o the 250 attached in 3.8. Just comment out wd1* entries in your fstab(8) before you boot into the install CD. We're assuming here that wd1* contains data-only and no system partitions. ~BAS Automatic file system check failed; help! My dmesg output: OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Celeron (GenuineIntel 686-class, 128KB L2 cache) 498 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR real mem = 199860224 (195176K) avail mem = 175497216 (171384K) using 2465 buffers containing 10096640 bytes (9860K) of memory
Re: sparc64 on Sun Netra T1 with external CD Drive
On Fri, Dec 28, 2007 at 07:04:10AM -0800, new_guy wrote: Sorry for all the posts. I figured it out. I dd'ed floppy42.fs to one of the unused drives and booted that way. It's been a while, but iirc you can just do boot cd instead of all the other happy horseshit. -- Darrin Chandler| Phoenix BSD User Group | MetaBUG [EMAIL PROTECTED] | http://phxbug.org/ | http://metabug.org/ http://www.stilyagin.com/ | Daemons in the Desert | Global BUG Federation
Re: Linus about C++
On 12/28/07, Marc Espie [EMAIL PROTECTED] wrote: - python or perl, which work just fine... perl has about the same set of defects as C++ (except for speed and reflection). python is probably about the same, I don't use it enough to comment. or Ruby (of Smalltalk heritage), which I suppose you haven't used enough to comment. It is said to be more OO than Python and Perl. -- Gerardo Santana
Re: Embedding OpenBSD
Marco Peereboom wrote: What in the world??? Do you drive a car? if the answer is yes you have an unconnected embedded device. Need more examples? No, I walk.. batteries not included.. Seriously, I was simply giving my opinion... unfortunately I walked under a bridge and got attacked by a troll.. Bad troll. -Nix Fan.
OpenBSD as DSL Router using hostname.pppoe0?
Hello guys, I set up OpenBSD as DSL router using the kernel pppoe. Because my DSL connection is faster then 10 MBit I'm using the kernel pppoe to use the bandwith. I've noticed that pf fails to do the routing/nat in such scenarios: 1. OpenBSD Router boots - It takes some seconds until pppoe0 gets a IP from the ISP! - pf gets enabled during boot, pppoe0 has no IP yet, NAT wont work 2. OpenBSD is already booted - I used pfctl -f /etc/pf.conf after pppoe0 got an IP and everything works - then the bad ISP does a 24h disconnect (~23.59 and 58 secs) - then NAT breaks again (because pppoe0 got a new ip and the old one is still used by pf?!) Those problems don't appear if I use tun0 (but userland pppoe is far to slow for this DSL link). Is there any solution for this problem (for now a cronjob just reloads the pf every 23:50 after enforcing ifconfig pppoe0 down ifconfig pppoe0 up wait 5 secs to ensure it got a IP). How do other people (you) solved this without using the userland implementation? :-/ Kind regards, Sebastian
Re: kernel/5690: system crash when running rtorrent
I don't give care. Get lost, little boy. I didn't made this bug report. I just told you weeks ago that people will hit thit bug. And you may please explain me the sense of submitting bug-reports if you've such a attitude? Well as I told you: People will hit thit bug. But please forward at least the reports I sended you weeks ago to any developer who might care. They might could be helpfull. Thanks Theo :) Kind regards, Sebastian p.s. Have a nice day, still :)
Re: Linus about C++
Ted Unangst wrote: On 12/27/07, Miod Vallat [EMAIL PROTECTED] wrote: Ah, but no C++ bashing thread can be complete until someone mentions the excellent FQA site: http://yosefk.com/c++fqa/ this one alone was priceless: http://yosefk.com/c++fqa/io.html#fqa-15.1 and i've even written more c++ code than c code. Oh, now I get it - type safety is supposed to help the compiler catch errors. This is very important for people who never actually look at what they print. --Priceless.
Re: kernel/5690: system crash when running rtorrent
Years ago we told Sebastian Rother that we think he's a pest, and we'll ignore everything he says. Go away, Sebastian. The minute you report a bug, everyone else will suffer for it. I don't give care. Get lost, little boy. I didn't made this bug report. I just told you weeks ago that people will hit thit bug. And you may please explain me the sense of submitting bug-reports if you've such a attitude? Well as I told you: People will hit thit bug. But please forward at least the reports I sended you weeks ago to any developer who might care. They might could be helpfull. Thanks Theo :) Kind regards, Sebastian p.s. Have a nice day, still :)
Re: OpenBSD as DSL Router using hostname.pppoe0?
Quoting [EMAIL PROTECTED]: Hello guys, I set up OpenBSD as DSL router using the kernel pppoe. Because my DSL connection is faster then 10 MBit I'm using the kernel pppoe to use the bandwith. I've noticed that pf fails to do the routing/nat in such scenarios: 1. OpenBSD Router boots - It takes some seconds until pppoe0 gets a IP from the ISP! - pf gets enabled during boot, pppoe0 has no IP yet, NAT wont work 2. OpenBSD is already booted - I used pfctl -f /etc/pf.conf after pppoe0 got an IP and everything works - then the bad ISP does a 24h disconnect (~23.59 and 58 secs) - then NAT breaks again (because pppoe0 got a new ip and the old one is still used by pf?!) Those problems don't appear if I use tun0 (but userland pppoe is far to slow for this DSL link). Is there any solution for this problem (for now a cronjob just reloads the pf every 23:50 after enforcing ifconfig pppoe0 down ifconfig pppoe0 up wait 5 secs to ensure it got a IP). How do other people (you) solved this without using the userland implementation? :-/ Kind regards, Sebastian Hi, My ADSL is only 8Mb download and and 640K upload. I have three interfaces on my OpenBSD 4.2 router and the DSL provider assigns a static address, so not sure whether the comparisons here are valid. I haven't had any problems so far with pf interfering with xDSL and NAT. In case it is of any help this is what I have in my settings: hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE pppoedev dc0 authproto pap authname 'username' authkey 'passwd' up dest 0.0.0.1 !/sbin/route add default 0.0.0.1 The server was upgraded from 4.1 to 4.2 using the CD and it has been in service since OpenBSD 3.2 (userland pppoe till OpenBSD 3.8 and kernel pppoe since OpenBSD 3.9) without any problems. My pf.conf has the following entries related to pppoe scrub out on $ext_if max-mss 1440 HTH, Vijay This message was sent using IMP, the Internet Messaging Program.
Re: OpenBSD as DSL Router using hostname.pppoe0?
Well with static IPs I've no problem either. It's just after the forced disconnect of the ISP and after pppoe0 got a new IP. Then NAT and routing fails. I solve this via a rule reload (after pppoe0 got a new IP) but that looks like some stonge-age method (seriously.. ). I just wonder if somebody else noticed this and if somebody may solved this in a different way. Kind regards, Sebastian
Re: Embedding OpenBSD
Well thank you for your valuable input captain obvious. On Fri, Dec 28, 2007 at 05:13:41PM -0800, Unix Fan wrote: Marco Peereboom wrote: What in the world??? Do you drive a car? if the answer is yes you have an unconnected embedded device. Need more examples? No, I walk.. batteries not included.. Seriously, I was simply giving my opinion... unfortunately I walked under a bridge and got attacked by a troll.. Bad troll. -Nix Fan.
Re: OpenBSD as DSL Router using hostname.pppoe0?
[EMAIL PROTECTED] P=P0P?P8QP0: Well with static IPs I've no problem either. It's just after the forced disconnect of the ISP and after pppoe0 got a new IP. Then NAT and routing fails. I solve this via a rule reload (after pppoe0 got a new IP) but that looks like some stonge-age method (seriously.. ). I just wonder if somebody else noticed this and if somebody may solved this in a different way. Kind regards, Sebastian I guess you use ($ext_if) - with brackets - instead of the IP address manually entered (which you obviously don't know). This way PF monitors the interface for changes of it's IP address and adjusts rules accordingly. You can verify if it does by doing a 'pfctl -s rules' after a reconnection, without first reloading the ruleset. The problem, though, is probably the states which were already created - they keep matching the old IP. Clearing of the state table should be sufficient, and I think this could be done with a macro in your hostname.pppoe0, like this: !pfctl -F state I've personally never had to do such things, so consider everything I say just as suggestions. Kind regards, Doichin
Re: kernel/5690: system crash when running rtorrent
Years ago we told Sebastian Rother that we think he's a pest, and we'll ignore everything he says. Wonderfull. It just wasn't me who reported this bug (please read the original Bug report). So please stop ignoring it. :] Sure I reported it weeks ago but that doesn't matter right now, right? Go away, Sebastian. The minute you report a bug, everyone else will suffer for it. Well funny. I may should send you some other (~30) DoS conditiosn so inc ase somebody else hits this his report gets ignored as well? That's a great idea if I think about it. Can I count on you Theo? :-] Well please explain me how our personal differences affect the validity of my bug reports wich are there anyway no matter if you would love or hate me? Well it is of course your choice if you ignore my reports or not. The Bug remains no matter if you ignore me or marry me. It's your (project, not personal) code, not my. So if we now could leave the kindergarten and get at least back to the fundamental school we may could come to the conclusion that the mpi-Bug and the rtorrent-Bug are kinda affilated. Anyway it's your code, your spare time and your project. And of course.. your bugs. :-) But don't let other users suffer because we have problems. I told you weeks ago this bug is there and it will get hit. So what now? Ignoring everybody who hits the bug and reports it? I hope you spend some attention to viq after he noticed the bug as well. Have still a nice day Theo and hopefully a happy new year. :-] Kind regards, Sebastian
Hazy top of mind questions on spam control with OpenBSD
Dear friends, Please excuse the silly subject line. I am unfortunately not qualified enough to come up with a better one. First my assumptions, then my questions. Request inputs on both. Assumptions - a) Most of the spam originates in USA. And high bandwidth links and busy mail servers are common targets. b) Spam control strategies differ depending upon which leg of the spam propagation cycle we are in. Let me explain. *) Spammers have some kind of 'radar' that looks for vulnerable hosts/networks and they abuse them for carrying their traffic. Sometimes ISPs connive with spammers and let them use their networks. At this point, the spam is in the egg form. *) Once the spammer gets a foothold to munge his mail ID and originating IP/network, then he looks for bandwidth guzzler techniques involving smart programming involving a combo of IP and TCP techniques to deliver millions of mails in a jiffy *) The final leg is when the spam reaches the destination MTA/ user's mailbox c) We have to necessarily use a combination of spam control strategies for combating this disease. Okay now for my questions. First please correct my assumptions. Thanks. Questions - 1) Since my field of activity is neither USA nor do I have access to high bandwidth what effect will greylisting have on me? Is there a point in using greylisting since it is highly unlikely that someone is going to use me/my networking/my MTA as scapegoat for sending spam 2) case b) also does not apply since very few routers here run BGP or give spammer enough ammo for his job. Should I still go in for clever tricks with pf and spamd like greytrapping, source tracking, blacklisting etc.? 3) I hate spamassassin and I love dspam and its statistical filtering math. But alas, the project is largely unmaintained and dying. What alternative do I have in combating spam by textual analysis, context sensitive Bayesian techniques and so on? Finally I have the choice of using hackish solutions like tagging mails with X-spam-* scores with procmail or other filters with collaborative user feedback from shared databases. Kind of like the DCC stuff by Vipul's razor or gmail. I also believe that without user feedback and individual training spam cannot be combated effectively. Each user has his own behavioral patterns when it comes to mail. How should I design my spam control 'fishing net'? I don't want to make the holes in my net too small thereby catching small fish (false positives), at the same time I should catch big fishes. Thanks for your inputs and pardon my ignorance and this lengthy mail. Happy new year folks! ;) - Girish
Re: sparc64 on Sun Netra T1 with external CD Drive
Darrin Chandler wrote: It's been a while, but iirc you can just do boot cd instead of all the other happy horseshit. There was no internal IDE CD drive. So boot cd would not work... failed to find boot device So that extra horse shit (and I agree 100% that it is horse shit) was, unfortunately required. I ended-up RTFM and dd'ing floppy42.fs (which could not see the SCSI drives) but miniroot42.fs could. I got OpenBSD installed and it was *so* sane compared to Solaris. God I love this OS. Thanks for all the hard work guys! My apologies again for being so verbose! -- View this message in context: http://www.nabble.com/sparc64-on-Sun-Netra-T1-with-external-CD-Drive-tp14518767p14534622.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD as DSL Router using hostname.pppoe0?
I guess you use ($ext_if) - with brackets - instead of the IP address manually entered (which you obviously don't know). This way PF monitors the interface for changes of it's IP address and adjusts rules accordingly. You can verify if it does by doing a 'pfctl -s rules' after a reconnection, without first reloading the ruleset. The problem, though, is probably the states which were already created - they keep matching the old IP. Clearing of the state table should be sufficient, and I think this could be done with a macro in your hostname.pppoe0, like this: !pfctl -F state I've personally never had to do such things, so consider everything I say just as suggestions. Kind regards, Doichin Well I added your macro right now but I'm unsure if hostname.pppoe0 is read everytime pppoe0 gets a disconnect (and later a new IP). I think hostname.pppoe0 is read once on boot and the rest is all in kernelspace then (Oh a disconnect! No worries lets try to reconnect...!). I might be wrong and I might understood the concept in a wrong way but hostname.pppoe0 gets called once (and just once) at boot. So how could this macro help after pppoe0 got a new IP? Or is the hostname.pppoe0 realy read once after pppoe0 got a disconnect?! So far I never used such a macro because of my understanding it would have no effect (not even at boot time because pppoe0 sometimes has 2-3 secs no IP (the OS boots further, pf gets enabled) and then it has). If I might misunderstood something please correct me. Kind regards, Sebastian p.s. Thanks for the suggestion with the macro! Combined with a little 'sleep' that may solves the issue for the intial booting propably. Never thougth (again) about a macro in the hostname.pppoe0 'course it may wont solve the real problem I face
Re: OpenBSD as DSL Router using hostname.pppoe0?
[EMAIL PROTECTED] P=P0P?P8QP0: I guess you use ($ext_if) - with brackets - instead of the IP address manually entered (which you obviously don't know). This way PF monitors the interface for changes of it's IP address and adjusts rules accordingly. You can verify if it does by doing a 'pfctl -s rules' after a reconnection, without first reloading the ruleset. The problem, though, is probably the states which were already created - they keep matching the old IP. Clearing of the state table should be sufficient, and I think this could be done with a macro in your hostname.pppoe0, like this: !pfctl -F state I've personally never had to do such things, so consider everything I say just as suggestions. Kind regards, Doichin Well I added your macro right now but I'm unsure if hostname.pppoe0 is read everytime pppoe0 gets a disconnect (and later a new IP). I think hostname.pppoe0 is read once on boot and the rest is all in kernelspace then (Oh a disconnect! No worries lets try to reconnect...!). I might be wrong and I might understood the concept in a wrong way but hostname.pppoe0 gets called once (and just once) at boot. So how could this macro help after pppoe0 got a new IP? Or is the hostname.pppoe0 realy read once after pppoe0 got a disconnect?! I'm unsure of this, too, and the man pages of hostname.if and pppoe seem unclear about this. But I guess you're right - commands will be executed only on system boot or network restart. So far I never used such a macro because of my understanding it would have no effect (not even at boot time because pppoe0 sometimes has 2-3 secs no IP (the OS boots further, pf gets enabled) and then it has). You set $ext_if to pppoe0. Then by using ($ext_if) PF nows it has to lookup the IP address of the interface, and reflect changes to it back in the ruleset. So I guess at least at boot time it should be of help. The ! command in the hostname.pppoe0 file is irrelevant at boot - you don't have any states to flush. Regards, Doichin
Re: OpenBSD as DSL Router using hostname.pppoe0?
*cut* I'm unsure of this, too, and the man pages of hostname.if and pppoe seem unclear about this. But I guess you're right - commands will be executed only on system boot or network restart. Yes that's kinda true. I just wonder that nobody asked about a solution before. Does everybody uses a hack familiar to pfctl -F all each 23hrs, 58 minutes and n seconds? :) Either no developer uses aDSL at home (with a ISP forcing him to reconnect every 24 hours) or nobody uses OpenBSD as router or nobody uses the connection permanently. :-/ It's hard to imagine that there's no other solution. You set $ext_if to pppoe0. Then by using ($ext_if) PF nows it has to lookup the IP address of the interface, and reflect changes to it back in the ruleset. So I guess at least at boot time it should be of help. The ! command in the hostname.pppoe0 file is irrelevant at boot - you don't have any states to flush. Well but why does it work with tun0? In fact pf should do exactly the same but with pppoe0 it just doesn't work (with tun0 it's all uberslow but works, no pfctl-execution needed). Is that a behavior wich is totaly kernel related and do I've realy no other option then using pfctl via cron to reactivate nat/routing because the IP of pppoe0 changed (that's realy stone age bs...)? :-/ I'm no pppoe nor a kernel expert so I'm happy about every piece of clarification. :-) Kind regards, Sebastian
Re: Hazy top of mind questions on spam control with OpenBSD
Girish Venkatachalam wrote: a) Most of the spam originates in USA. And high bandwidth links and busy mail servers are common targets. You haven't looked at China and Korea in a long time looks like. USA is not a clean place, but not the major source of it either. Definitely not in my logs anyway. As for the rest of your email. If you want to stop spam from getting to you and your mail server, there isn't anything related to BGP, high bandwidth, etc. They will send spam to any mail box that will accept it regardless where, who and how connected it is. It is very easy, simple and fast to setup spam trap, specially these days with OpenBSD. 1. Put 4.2 on a box, setup spamd on it, that's real easy. For that, look at your pf configuration and follow the man page. 2. Then use Bob lists in spamd-setup, updated every hours, for add to your filter. You don't need to update it each hours if you want to be nice to Bob, but I guess you can. Just don't do it more often then once per hours however. There isn't any point. * Make sure to increase the table limit entry if you use it as you run out of space for them. 3. Then unless you have reason to receive emails from China and Korea, just block that too. And I also use the nixspam list also provided nicely. (; my /etc/mail/spamd.conf looks like below for spamd.conf 4. I also use /var/db/whitelist.txt as well in my configuration for some special cases if needed, but there isn't much there and not really any changes happen to often either. I created it once to allow some mail server with the SPF records for them, witch is not needed, but does help some sending one. You can find a list here: http://cvs.puremagic.com/viewcvs/greylisting/schema/whitelist_ip.txt And again, I put my list below, not that you need to use it, but for the details. If you don't need it, don't use it. 5. Then add the even better greyscanner also from Bob that you can find here: http://www.ualberta.ca/~beck/greyscanner/ Obviously, put the 4.1 version on your 4.2 box and there was changes between 4.1 and 4.1 and up. I only needed the greyscanner.41. You set that up and it's really easy to do. All the default work as is, nothing special needed, but you can add some unuse domain for even more fun and efficiency. See later for this, but in short, you read the PERL script use and you need minimal addition for your setup if you go that route. You will need to install a few packages, all ready to go anyway, so not a big deal to do. I run current, so your may need different version for yours, but the list is below. # pkg_info p5-Digest-HMAC-1.01p0 interface to HMAC Message-Digest Algorithms p5-Digest-SHA1-2.11p0 module to calculate SHA1 digests p5-Email-Valid-0.176p0 Check validity of Internet email addresses p5-Mail-Tools-1.77 modules for handling mail with perl p5-Net-DNS-0.61 module to interface the DNS resolver p5-Net-IP-1.25p0perl module for IPv4/IPv6 address parsing p5-Time-TimeDate-1.16p0 library for parsing and formatting dates and times I run my greyscanner in a special user for that as to keep it safer and more restricted as well, witch you can go without but then why not. So, in /etc/rc.local, I have this added to it: # Grey Scanner if [ -x /usr/local/sbin/greyscanner ]; then echo -n 'Start Bob Becks Grey Scanner'; su _greyscanner -c /usr/local/sbin/greyscanner fi and obviously I have Bob script install in /usr/local/sbin/greyscanner # ls -al /usr/local/sbin/greyscanner -rwxr-xr-x 1 root bin 11711 Sep 4 17:18 /usr/local/sbin/greyscanner I also added a user _greyscanner without login and that I run also under the _spamd group. That's my choice, but you can do differently if you want, but as greyscanner interact with _spamd, then it was logical for me to use the same group here. # cat /etc/master.passwd | grep _greyscanner _greyscanner:*:1000:62:daemon:0:0:Grey Scanner Daemon:/var/empty:/bin/ksh # cat /etc/group | grep _greyscanner _spamd:*:62:_greyscanner And by the way, in case it wasn't obvious, I also do a spand-setup at startup as well, so my /etc/rc.local also include: # spamd black list building if [ -x /usr/libexec/spamd-setup ] ; then /usr/libexec/spamd-setup echo -n ' building spamd blacklist' fi And then you can see the greyscanner running and doing it's stuff, under a limited users as well: # ps -auxw | grep _greyscanner _greyscanner 17011 0.0 0.9 6480 4872 00- I 9Dec070:30.72 /usr/bin/perl /usr/local/sbin/greyscanner 6. If you are welling to add unuse domain that you may already have, then edit the greyscanner and put them here: @BADRERCPT = ( [EMAIL PROTECTED], ); The short of this is that it will look for them and trap senders to these unuse domains and trap them for 24 hours. Worth the addition of new domains just for that. 7. Then obviously, your trap domain, add any email address to a web page for the various low life to grab
Re: Hazy top of mind questions on spam control with OpenBSD
Also, in case it wasn't obvious either. Make sure to add your spamd-setup to your cron job to update them. And obviously and additional domains will need MX records in DNS obviously too. Not sure if one day the greyscanner will be part of the default install anytime soon? May be they want it in C before putting it in the default install, not sure. It would be a very nice addition to the spamd setup already. But it's not that hard to install anyway until that day come. (; Best, Daniel
Re: Hazy top of mind questions on spam control with OpenBSD
Just for the records and for fun as well. Here is how many spammer were trap by greyscanner ONLY in the last ~9 hours only. Also one thousand are trap per hours. # head -n1 maillog Dec 28 15:00:02 smtp1 newsyslog[2273]: logfile turned over # tail -n1 maillog Dec 28 23:55:25 smtp1 . # cat maillog | grep Trapped | wc -l 8552 and in the last few days only between the rotations of the logs: # zcat maillog.?.gz | grep Trapped | wc -l 105064 So, if you think spamd is good, just add to it greyscanner as well and you will reduce your spam. No other mean needed here and spam is really a very rare case. Best, Daniel
Re: Hazy top of mind questions on spam control with OpenBSD
OK, I am having to much fun I guess, but that will be my last one. When I say spammer trap, I really mean spammer trap by greyscanner, not only the number of emails block. As examples I see many like this in the logs: Dec 27 16:15:26 smtp1 greytrapper[10139]: Trapped 84.165.240.170: Host sending from 52 domains ( 3) Dec 27 17:41:56 smtp1 greytrapper[29993]: Trapped 83.55.229.206: Host sending from 30 domains ( 3) Dec 27 18:03:28 smtp1 greytrapper[29260]: Trapped 78.98.223.237: Host sending from 46 domains ( 3) Dec 27 20:55:05 smtp1 greytrapper[16486]: Trapped 85.176.179.15: Host sending from 20 domains ( 3) etc... So, a single one for example that counted as only one before in my previous email, would have pass 52 spam. And it is not the worst by any mean! Now draw your own conclusions. Best, Daniel
file error: http://www.openbsd.org/art/blow_col_only.jpg
Hi, all. There is a error msg while i access the URL: http://www.openbsd.org/art/blow_col_only.jpg The url can be found in: http://www.openbsd.org/art2.html -- Best Regards. Michael Bibby(Huangbin Zhang) - RedHat Enterprise Linux 5 Client - OpenBSD 4.2 -release
ASUS m2a-vm and 4.2
Hi, Just had some experience installing 4.2 on ASUS m2a-vm... Wasn't pleasant. 3Gbs drive shows max of 0.2MBs tranfer rate (according to iostat). My old drive shows appx 30MB on IDE bus. Tested using dd if=/dev/zero of=file. Any disk access takes forever. Selecting SATA interface as AHCI doesn't work (doesn't show up, or reboots the system when discovery attepmted). Installing 64bit version reboots the installer at the time disks were accessed. There seem to be some problems with built-in card, as in it won't send any packets, at least with 10MB media (re driver). Dunno if I'm doing something wrong, but I'm shutting it down and trying an NVidea based one instead. Thanks, Pawel. OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ (AuthenticAMD 686-class, 512KB L2 cache) 2.51 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16 real mem = 2011656192 (1918MB) avail mem = 1937293312 (1847MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/07/07,BIOS32 rev. 0 @ 0xf1d90, SMBIOS rev. 2.4 @ 0xf (58 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2A-VM ACPI BIOS Revision 0302 date 03/07/2007 bios0: ASUSTeK Computer INC. M2A-VM apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 3.0 @ 0xf/0xdc54 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb40/272 (15 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 15 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 3 5 10 11 pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xd400 cpu0 at mainbus0 cpu0: PowerNow! K8 2501 MHz: speeds: 2500 2400 2200 2000 1800 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor ATI, unknown product 0x7910 rev 0x00 ppb0 at pci0 dev 1 function 0 vendor ATI, unknown product 0x7912 rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 vendor ATI, unknown product 0x791e rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 7 function 0 vendor ATI, unknown product 0x7917 rev 0x00 pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x01: RTL8168 2 (0x3800), irq 5, address 00:1b:fc:1a:20:21 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pciide0 at pci0 dev 18 function 0 ATI IXP600 SATA rev 0x00: DMA (unsupported), channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using irq 11 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: Hitachi HDS721075KLA330 wd0: 16-sector PIO, LBA48, 715404MB, 1465149168 sectors pciide0: channel 1 ignored (not responding; disabled or no drives?) ohci0 at pci0 dev 19 function 0 ATI IXP600 USB rev 0x00: irq 11, version 1.0, legacy support ohci1 at pci0 dev 19 function 1 ATI IXP600 USB rev 0x00: irq 10, version 1.0, legacy support ohci2 at pci0 dev 19 function 2 ATI IXP600 USB rev 0x00: irq 3, version 1.0, legacy support ohci3 at pci0 dev 19 function 3 ATI IXP600 USB rev 0x00: irq 10, version 1.0, legacy support ohci4 at pci0 dev 19 function 4 ATI IXP600 USB rev 0x00: irq 3, version 1.0, legacy support ehci0 at pci0 dev 19 function 5 ATI IXP600 USB2 rev 0x00: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: ATI EHCI root hub, rev 2.00/1.00,addr 1 piixpm0 at pci0 dev 20 function 0 ATI IXP600 SMBus rev 0x13: SMI iic0 at piixpm0 pciide1 at pci0 dev 20 function 1 ATI IXP600 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 wired to compatibility azalia0 at pci0 dev 20 function 2 ATI IXP600 HD Audio rev 0x00: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Realtek ALC883 (rev. 0.2), HDA version 1.0 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI IXP600 LPC rev 0x00 ppb2 at pci0 dev 20 function 4 ATI IXP600 PCI rev 0x00 pci3 at ppb2 bus 3 rl0 at pci3 dev 5 function 0 Realtek 8139 rev 0x10: irq 10, address 00:0e:2e:5b:45:90 rlphy0 at rl0 phy 0: RTL internal PHY pchb1 at pci0 dev 24 function 0 AMD AMD64 Hyper Transport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 Addre ss Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 usb1 at ohci0: USB revision 1.0 uhub1 at usb1: ATI OHCI root hub, rev 1.00/1.00, addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2: ATI OHCI root hub, rev 1.00/1.00, addr 1 usb3 at ohci2: USB revision 1.0 uhub3 at usb3: ATI OHCI root hub, rev 1.00/1.00, addr 1 usb4 at ohci3: USB revision 1.0 uhub4 at usb4: ATI OHCI root hub, rev 1.00/1.00, usb5 at ohci4: USB revision 1.0 uhub5 at usb5: ATI OHCI root hub, rev 1.00/1.00, addr 1 isa0 at pcib0 isadma0 at isa0
Re: Embedding OpenBSD
Gary Baluha wrote: On Dec 27, 2007 10:41 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: I'd wire in a hardware-type heartbeat detector that will power-cycle the computer if it stops working. I'd have a door over the money slot powered by the computer so that it only accepts money when its working. uh, the point is to get their money. The fact that it does something in return is just a bonus. It might prompt them to say, Hey, did that just talk to me?? and they stick another coin in to find out. At that point, it says something different, and by now, the kids all want in on it. Soon enough, a dollar or two worth of coins has just gone down the toad's mouth. Failure mode should still to be accept the first coin, not reject it. Not desired, sure, but no worse than the cookie jar collection box. We've done a couple others of these things, the owners tell us they do considerably better than just the traditional can with slot cut in it donation box. You could have a Please wait light to be lit during the reboot. This is precisely why I asked this question, to make sure this doesn't happen. While having a self-cleaning mess beats having a persistent mess, I'd rather just avoid the mess. :) Or, you could just rewire an MP3 player to play a tune when it is powered on, then just hook the money-detector to the power switch. Money turns it on, a timer just longer than the tune turns it off. No computer needed (just a 556-dual-555 timer IC and some spare parts). I second the idea of something as simple as an MP3 player connected to a money detector, if that's all it will be doing. Seems a little over-kill to get a whole computer, Getting an off-the-shelf MP3 player to play one sound file is not too difficult. Ah, heck, a tape loop would work fine, too. Getting it to play one of a pile of different sound files, not trivial. That idea was considered, but the reverse engineering of the things would be very difficult, both because they are mostly sealed blobs and anything developed on Model X would have to be repeated next year, when Model X is discontinued, and model Y is out. Further, while at my peak, I could solder a 16 pin IC with a 400W unregulated soldering gun in about five seconds (and make it work!) (for those not into soldering, that's way too big a soldering tool and way too fast), I'm a bit out of practice, and I'm not even sure I could see what I was soldering on with a modern MP3 player. They aren't designed for hacking. One would have to come up with a way to sequence the buttons on the thing to play one sound file, detect the end of the sound file, stop the play back, then resume the playback on the next sound file...ick. If it isn't obvious, the files WILL be of wildly differing lengths, some a couple seconds, some maybe close to a minute long. I have no idea why so many people assumed it would play back only ONE sound file..note the use of the plural files in my original posting. I actually considered doing something like the old DuKane filmstrip projectors did, embed a tone in the file, detect the tone, filter it out at the amp. Detect money? Press play. Hear tone? press Pause. That makes creating/editing/revising the sound files got a lot more complex, so it would no longer be owner-maintainable. As it is, 1/3 of the storage device (I'm not gonna use the 'f' word here, as people apparently keyed off it and have been answering questions I didn't ask, so just pretend it is a little, slow disk) is a DOS FAT partition, so someone (anyone!) could remove the storage device, plug it into their Windows computer, and add, remove, replace, or re-order the message files. (I've also set it up that if someone plugs a USB storage device in at boot, it uses that for sound files rather than the on-board files.) I can assure those who thought I jumped to an OpenBSD-based computer as my first choice for the design are very wrong. A lot of brainstorming took place. Considerations included cost, parts availability, long term maintainability, development ease, field maintenance, etc. I'm pretty thorough and pretty creative in my designs, and quite aware of the When all you have is a hammer, all the world looks like a nail. Using a computer for this app sucks, but not as badly as the alternatives that I could think of. About the only compromise I took that I really didn't like was not using the parallel port for the input on the thing. I wasn't having much luck doing that when the idea of using a mouse as an input device was suggested to me by the artist I'm working with. My first thought was, that's crazy, but then I realized I could simply hack wsmoused to execute a program whenever the mouse is clicked, and ta-da, we got ourselves a solution. I don't think I spent more than a couple hours doing that before I had a demonstrator program running. When I got the opportunity to get the iPaq desktops, I grabbed one, flipped it over, saw PS/2, parallel and serial ports,
sparc on Tatung COMPstation U10
Dear All, A friend of mine is moving out of town and has a couple Tatung COMPstations U10 in mint condition (they come with the original monitors , keyboards, and the mouses ) that can be mine for $10 a piece. He claims that he is running Debian sparc 64 (with X ) but I believe they are actually sparc architecture not sparc 64. I looked at the hardware notes for sparc and I see some of Tatung made SUN clones listed but not this particular model (there is also a disclaimer that the list is not complete). Does anyone have any experience in running OpenBSD on them? Best, Predrag
Re: Linus about C++
Tony Abernethy wrote: Ted Unangst wrote: On 12/27/07, Miod Vallat [EMAIL PROTECTED] wrote: Ah, but no C++ bashing thread can be complete until someone mentions the excellent FQA site: http://yosefk.com/c++fqa/ this one alone was priceless: http://yosefk.com/c++fqa/io.html#fqa-15.1 and i've even written more c++ code than c code. Oh, now I get it - type safety is supposed to help the f compiler catch errors. This is very important for people who never actually look at what they print. --Priceless. Oh, now I get it - procedures and functions are supposed to help the programmer structure code. This is very important for retarded people who don't know how to use GOTO statements and assembly code. Oh, now I get it - stop signs are supposed to help the driver not get into collisions. This is very important for people who are blind and don't know how to shoulder check and floor it. Oh, now I get it - dotted lines on the road are supposed to help the driver pass people easier. This is very important for people who can't get out and measure each moving car with a tape measure before passing. Oh, now I get it - the hours posted on the store window are supposed to help people find out when the store is open. This is very important for incapable people can't bash their fist on the glass window yelling ARE YOU OPEN YOU IDIOTS LET ME IN RIGHT NOW OR I'LL BREAK THE DOOR. Oh, now I get it - English dictionaries are supposed to help English people. These are very important for people who never actually took the time to learn English. Everything irrational can be summed up and proven in a single quote. Oh, now I get it - computers are for people who can't learn how to use a pencil and paper. Regards, L505
diff of the official FAQ
I haven't read the FAQ for a while and realize a lot has been changed. Is there any way I could get a diff on the FAQ for the last 1 year and read only the parts that has been changed? Thanks for any help.
Re: Hazy top of mind questions on spam control with OpenBSD
Girish Venkatachalam wrote: Dear friends, Please excuse the silly subject line. I am unfortunately not qualified enough to come up with a better one. First my assumptions, then my questions. Request inputs on both. Assumptions - a) Most of the spam originates in USA. Either incorrect or close to incorrect. IF it is correct, it is due to the number of computers in the USA, and most would mean more than others. Avoiding US computers won't change your spam situation much at all (i.e., lopping off 30% of a problem still means you have a problem). The internet is truly global. Where you are really doesn't matter much. It costs the spammer the same to send to their next door neighbor as it does to send across the world (nothing!), so they don't discriminate by geography. And high bandwidth links and busy mail servers are common targets. totally incorrect, both as targets to send spam to and to get spam from. Sure, spammers love to plant their sending boxes in high-bandwidth places, but they happily use nets of home computers, too, and they are much easier to get. They don't care at all what your connection is at the receiving end. b) Spam control strategies differ depending upon which leg of the spam propagation cycle we are in. Let me explain. *) Spammers have some kind of 'radar' that looks for vulnerable hosts/networks and they abuse them for carrying their traffic. Sometimes ISPs connive with spammers and let them use their networks. At this point, the spam is in the egg form. Irrelevant. You can't stop it at the source unless you really screwed up. :) (the radar is really trivial, look for machines that try to infect you with a virus, you know that machine is infected, you know how it got infected, you can now compromise it the same way. Yawn. That's just one way). *) Once the spammer gets a foothold to munge his mail ID and originating IP/network, then he looks for bandwidth guzzler techniques involving smart programming involving a combo of IP and TCP techniques to deliver millions of mails in a jiffy no. I am not sure what you are trying to say, but there is no magic. Just compromised and improperly managed computers, and simplistic delivery software. The delivery software almost never shows any real smart programming. A step up from the crap code of your typical virus, but hardly robust or skilled code, or they just use sendmail/postfix/qmail/ whatever. Any of these programs send mail as fast as most pipes will allow, there is no magic that lets you send millions of messages on a slow link in a couple seconds. *) The final leg is when the spam reaches the destination MTA/ user's mailbox yeah, but not sure what your point is, other than this is where you get to try to deal with it, assuming you control the MTA or your mailbox. c) We have to necessarily use a combination of spam control strategies for combating this disease. eh. Not really. Depends. I guess I use three systems, myself: 1) spamd greylisting. 2) Thunderbird's spam filtering system 3) the delete key. So, I guess I do use more than one, but all are set and forget. My e-mail address is all over the 'net, so it isn't hard to find me, yet MOST of the spam I get is coming through OpenBSD mail servers. Spamd takes care of the vast majority of the rest. I'm amazed how effective it is for basically being set up and forget. A friend of mine uses the you can't find me method for spam control. He gets a domain, gives an address to a very few people, and after a a few years when the address escapes, he abandons the domain and uses a new one. Not my style. :) If you have low traffic and a small number of users, you can probably get by very well with one high-end spam control app. The problem there is scaling to huge numbers of users and messages. Okay now for my questions. First please correct my assumptions. Thanks. Questions - 1) Since my field of activity is neither USA nor do I have access to high bandwidth what effect will greylisting have on me? Is there a point in using greylisting since it is highly unlikely that someone is going to use me/my networking/my MTA as scapegoat for sending spam they will be sending spam TO you. That's what greylisting is going to help you with. 2) case b) also does not apply since very few routers here run BGP or give spammer enough ammo for his job. Should I still go in for clever tricks with pf and spamd like greytrapping, source tracking, blacklisting etc.? doesn't hurt, will help. I have no idea why you think what your routers run will influence the spam sent to you. You posted a message to a public e-mail list, spammers will figure out you exist. You have friends that stick your name along with hundreds of other names on a stupid send to everyone you know human-propelled
Re: diff of the official FAQ
On Fri, 28 Dec 2007, Chris wrote: I haven't read the FAQ for a while and realize a lot has been changed. Is there any way I could get a diff on the FAQ for the last 1 year and read only the parts that has been changed? Yep use the CVS. -- Antti Harri
Re: diff of the official FAQ
Chris wrote: I haven't read the FAQ for a while and realize a lot has been changed. Is there any way I could get a diff on the FAQ for the last 1 year and read only the parts that has been changed? Thanks for any help. cvs web: http://www.openbsd.org/cgi-bin/cvsweb/www/faq/ will let you look at the diff between any two versions of any page. The main page of the FAQ has a recent changes section. And...just start at chapter 1 and start reading. :) Odds are, you didn't catch it all the first time, even things that didn't change will mean something to you now when it didn't the last time you looked. (and while reading, make notes of things you think need to be improved! :) I refer to it all the time, and I *wrote* much of what I'm going back to, so if you never have reason to look, either you have a much better memory than me (entirely possible) or you are missing out on some good stuff, and not just things that changed. (I have had people say to me, Hey, you are just looking at the docs, I thought you knew this? I WROTE the docs. Doesn't mean I remember anything more than 'where to look'.) Nick.
Re: sparc on Tatung COMPstation U10
A friend of mine is moving out of town and has a couple Tatung COMPstations U10 in mint condition (they come with the original monitors , keyboards, and the mouses ) that can be mine for $10 a piece. He claims that he is running Debian sparc 64 (with X ) but I believe they are actually sparc architecture not sparc 64. I looked at the hardware notes for sparc and I see some of Tatung made SUN clones listed but not this particular model (there is also a disclaimer that the list is not complete). Does anyone have any experience in running OpenBSD on them? Although Tatung is known to have produced clones of sparc (not sparc64) designs in the past, this name sounds like an Ultra 10 (hence sparc64) clone. Miod
Re: OpenBSD as DSL Router using hostname.pppoe0?
On Sat, Dec 29, 2007 at 05:16:11AM +0100, [EMAIL PROTECTED] wrote: Either no developer uses aDSL at home (with a ISP forcing him to reconnect every 24 hours) or nobody uses OpenBSD as router or nobody uses the connection permanently. :-/ I use the following hostname.pppoe: inet 0.0.0.0 255.255.255.255 NONE \ pppoedev xl0 authproto pap \ authname '[EMAIL PROTECTED]' authkey 'sEcReT' up dest 0.0.0.1 !/sbin/route add default -ifp pppoe0 0.0.0.1 with xl0 as external interface (the one to which the adsl modem is connected) and the following lines in pf.conf to do NAT: ext_if=pppoe0 int_if=rl0 nat on $ext_if from !($ext_if) - ($ext_if:0) It's exact the setup mentioned in the pppoe(4) EXAMPLES and the pf faq http://www.openbsd.org/faq/pf/example1.html#allrules Also my ISP disconnects after 24h, but I have no problem with NAT. It works perfect! OT: You did not ask this, but if someone want's to use dyndns in such a setup ddclient has to run as daemon and do IP detection via pppoe0: daemon=300 # check all 5 minutes use=if # use interface to check for changes (not web, not ip) if=pppoe0 # use pppoe0 interface for this Regards Dieter
PF, limit remote clients by total bandwidth used over time
Good morning, Can PF be written to filter client connections based on the total amount of bandwidth a remote client uploads/downloads over a given time frame? As far as I know PF does _NOT_ have this ability. Pf can flush the states of a client ip that has connected too many times in a given time frame. What I am proposing is an extension to this behavior. One would be able to write a rule looking at the total amount of bandwidth the remote client has used and add them to a table if they exceed this amount in a given time. For example: max-src-bandwidth-amount 2000/60 This could be the stateful tracking option to limit a client to 2000 Kilobytes per 60 seconds. The ip could then be dynamically added to a table, its states flushed and put into a slower queue with limited bandwidth or blocked completely. Does anyone else find the ability to limit connections by total bandwidth used over time to be useful? Perhaps this can be an option request in a later version of PF. ( Background ) For those wondering how this can be used in the real world it would help... ...a wireless public network. Using the wireless network connection of a local cafe we offer free Internet access to cafe patrons and people in the park across the street. The access rules specify a limit of 500meg per visit per day. Most people are well under this amount and others abuse the service. ...limiting a child's downloads on the local LAN at a public school. Some ISP's will send out warning letters to their customers who use more than their fair share of bandwidth (100Gig/month). By limiting a local LAN ip to one gig per day we can make sure to stay under this limit for example. ...stopping people from abusing a ftp or web server on a metered connection. If you know exactly how much data a normal user is expected to download then you can set upper limits. If you need to pay for that bandwidth then there is a financial incentive to stop abusers or broken clients. For example, if we expect an automated bot to get 15 meg per hour from the ftp server. If we then see clients connect and download 100 meg per minute there is a problem and the ips can be blocked or slowed. Thanks for your time, -- Calomel @ http://calomel.org Open Source Research and Reference
Re: PF, limit remote clients by total bandwidth used over time
Calomel [EMAIL PROTECTED] writes: Can PF be written to filter client connections based on the total amount of bandwidth a remote client uploads/downloads over a given time frame? As far as I know PF does _NOT_ have this ability. Well, you already have the possibility of using variables such as $srcaddr to construct your labels, creating essentially per-client statistics. If you write a program that's able to read those statistics and act upon them, you could for example have your program move addresses from one table to another based on the accumulated statistics such as total bytes or packets passed from a specific address. The next and final step would be to write your rules with various-sized queues and logic to assign traffic to queues based on table membership. Supply that well-written program and easy to use program (for PF/OpenBSD values of), and I would think you're a lot closer to a solution that would fit the basic requirements, ie adding flexibility without adding clutter to the system at the same time. Just my EUR 0.02, and maybe better ideas will be had by morning. All the best, -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.