Re: take threads off the table

[Benjamin Bennett]

   Hi all!

   I read http://openbsd.org/security.html (and stable.html), but could 
not make

sure about my question.

   If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
openbsd, does it already includes the fixes listed in
http://openbsd.org/security.html#40 (or #41)? If no, is there available 
the same
cd40.iso but including these fixes or must I to apply the patches on 
original

system?

   If there is some doc explaining it with more details, please give me 
the pointers.
  
   Thanks,




   Tom

FOSDEM 23/24 Feb Brussels

[Wim Vandeputte]

hey,

like each year we'll be present at the FOSDEM event in Brussels, it's
completely free entrance, plenty of interesting things to see,
even a BSD devroom with presenations

Feel free to drop by

http://www.fosdem.org/

This weekend.

Wim.


-- 
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=   
https://kd85.com/notforsale.html
 --

Re: Updates for old releases

[Mark Prins]

2008/2/22, Antonio Lobato [EMAIL PROTECTED]:
  Hi all!

 I read http://openbsd.org/security.html (and stable.html), but could
  not make
  sure about my question.

 If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
   openbsd, does it already includes the fixes listed in

release != stable; you'll have to apply the patches (or get the/a newer release)

Re: Updates for old releases

[Guido Tschakert]

Antonio Lobato schrieb:
Hi all!
 
I read http://openbsd.org/security.html (and stable.html), but could
 not make
 sure about my question.
 
If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
 openbsd, does it already includes the fixes listed in
 http://openbsd.org/security.html#40 (or #41)? 
No

If no, is there available
 the same
 cd40.iso but including these fixes or must I to apply the patches on
 original
 system?

No, and don't use 4.0 as 4.2 is already available and supported.

 
If there is some doc explaining it with more details, please give me
 the pointers.
  Thanks,
 
You want to check
http://www.openbsd.org/faq/faq5.html#Flavors

 
 
Tom
 
 


guido

Re: Updates for old releases

[Edd]

On Fri, Feb 22, 2008 at 05:48:14AM -0300, Antonio Lobato wrote:
Hi all!

I read http://openbsd.org/security.html (and stable.html), but could not 
 make
 sure about my question.

If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
 openbsd, does it already includes the fixes listed in
 http://openbsd.org/security.html#40 (or #41)? If no, is there available the 
 same
 cd40.iso but including these fixes or must I to apply the patches on 
 original
 system?

It is the original release cdrom. What you can do is make your own iso
image. See man release.


-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett

Re: FOSDEM 23/24 Feb Brussels

[Han Boetes]

Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
plezier. :-)

Groetjes aan Tilly. ;-)

Wim Vandeputte wrote:
 like each year we'll be present at the FOSDEM event in Brussels, it's
 completely free entrance, plenty of interesting things to see,
 even a BSD devroom with presenations

 Feel free to drop by

 http://www.fosdem.org/

 This weekend.



# Han

Re: There's something about OpenBSD...

[Janne Johansson]

[EMAIL PROTECTED] wrote:

For instance 'ggrep -r ...' instead of 'grep -r ...' to search recursively
with gnu grep (a worthless feature imho).

Displaying the name of the file and the matched line nicely like grep -r
does is not elegant with find + grep without using a script or a long
and inelegant alias - or if it is, I'd be interested in how it can be
done in case I need to work on some ancient unix.


$ find DIR -type f -print0 | xargs -0 grep PATTERN

which, unlike 'find ... -exec' is just as fast as 'grep -r', and unlike
'grep -r', will skip special devices, symlinks, etc.



# uname -a
SunOS dumbhost.test.se 5.10 Generic_118855-33 i86pc i386 i86pc
#  find /etc -type f -print0
find: bad option -print0
find: [-H | -L] path-list predicate-list

But yes, its probably bad to start one grep per file.

Re: Updates for old releases

[Maurice Janssen]

On Friday, February 22, 2008 at 05:48:14 -0300, Antonio Lobato wrote:
   Hi all!

   I read http://openbsd.org/security.html (and stable.html), but could 
not make
sure about my question.

   If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
openbsd, does it already includes the fixes listed in
http://openbsd.org/security.html#40 (or #41)? If no, is there available 
the same
cd40.iso but including these fixes or must I to apply the patches on 
original
system?

   If there is some doc explaining it with more details, please give me 
the pointers.

There's more on this on
http://www.openbsd.org/faq/faq5.html#Flavors
To summarize: what's on the CD's and FTP-servers is -release, it is
not updated.  The patches for -stable are only distributed as source
code.
There are no official builds of the -stable tree.

About a year ago I started to create regular builds of the -stable
trees (the two supported trees).  You can use them, if you trust me ;-)
You can find links to some mirrors on http://www.z74.net/openbsd.html

Maurice

Re: Cold Boot Attacks on Encryption Keys

[Henning Brauer]

* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-02-22 03:18]:
  The paper you mentioned has some info on possible countermeasures. The
  best (IMO) is physically securing your RAM. This seems to fit in best
  with OpenBSD's philosophy, which has never been to put much time into
  thwarting attacks that require physical access to the box -- if you
  have that, there are MANY avenues of attack, most of which don't
  benefit much from immersing components in liquid N_2.
 Then we could drop the whole encryption framework, or?
 Why encrypting OWs? Nobody could crack the PWs if they don't have phisical
 access.. why encrypting the HDDs or using IPSec? It's all about physical
 security so why does OpenBSD care?

it should be kind of obvious the the scope for physical security in 
the ipsec case is a whole lot different than just access to the 
computer.
as for passwords, yes, the encrypted passwords to travel over the net 
in some setups.

 Of course there many kinds of attack but if somebody shutdowns your box
 and reads the infos from your memory there's something we can do about it:
 Overwriting

it is overwhelming how you
-fail to understand how malloc and friends work
-fail to research on that
-yet, without the slightest clue, start ranting and making suggestions

kinda a definition of trolling.

 Tell me how to ensure phyiscal security in bigger networks?!
 I don't talk about a 50+ company where you know everybody but more about
 1k+ up to 130k users and more.

fortunately, nobody with at least half a braincell left will let you 
anywhere close to such a network ever.

 if I'm wrong

if? you really think that is a conditional?

 please correct me.. 

that has been proven pointless numerous times before.

please just leave and annoy somebody else with your shit.

-- 
Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED]
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Re: Remote Admin Card - Dell DRAC or HP ILO2 ?

[Joe Warren-Meeks]

On Thu, Feb 21, 2008 at 08:10:16PM +0100, Nick Nauwelaerts wrote:
 
 I don't really see how this is related to openbsd, but ilo2 wins hands
 down to drac, but has a costly advanced license.
 Installing openbsd through ilo2 virtual cd works just fine btw.

I thought you only needed the license if you used higher resolutions
than a basic console. If you are just using text mode on the console,
then they work excellently.

I've used both with OpenBSD firewalls and infinitely prefer the HP ones.

 -- joe.

Jennifer's dad sent her a nice cuddly cat, so that's nice.

CanSecWest 2008 Mar 26-28

[Dragos Ruiu]

CanSecWest 2008 Presentations

Snort 3.0 - Marty Roesch, Sourcefire

Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich  
Cannings, Google

Proprietary RFID Systems - Jan starbug Krissler and Karsten Nohl, CCC

Media Frenzy: Finding Bugs in Windows Media Software - Mark Dowd and  
John McDonald, IBM ISS

Targeted Attacks and Microsoft Office Malware - Rob Hensing, Microsoft

Virtually Secure - Oded Horovitz, VMWare

Malicious Cryptography - Fridiric Raynal and Eric Filiol, Sogeti/Cap-Gemini
and ESAT

The Death of AV Defense in Depth: Revisiting Anti-Virus Software -  
Thierry Zoller and Sergio Alvarez, nRuns

VMWare Issues - Sun Bing, McAfee

Intrusion Detection Systems Correlation: a Weapon of Mass  
Investigation - Sebastien Tricaud and Pierre Chifflier, INL

Web Wreck-utation - Dan Hubbard and Stephan Chenette, WebSense

Secure programming with gcc and glibc - Marcel Holtmann, Intel

Mobitex network security - olleB, toolcrypt.org

Peach Fuzzing - Michael Eddington, Leviathan

Fuzz by Number - Charlie Miller, Independent Security Evaluators

Fuzzing WTF? What Fuzzing Was, Is And Never Will Be. - Frank Marcus  
and Mikko Varpiola,Wurldtech / Condenomicon

Vulnerabilities Die Hard - Kowsik Guruswamy, Mu

Hacking Windows Vista - Dan Grifin, JW Secure

ExeFilter: a new open-source framework for active content filtering -  
Philippe Lagadec, NATO/NC3A

VetNetSec: Security testing for Extremists - Eric Hacker, BT INS

w3af: A framework to own the web - Andres Riancho, Cybsec

A Unique Behavioral Science Approach to Threats, Extortion and  
Internal Computer Investigations - Scott K. Larson, Stroz Friedberg

--
2008 Dojos

Vulnerability Discovery Demystified Mark Dowd and Justin Schuh
The Exploit Laboratory - Advanced Edition   Saumil Shah
Advanced Honeypot Tactics   Thorsten Holz
Mastering the network with ScapyPhilippe Biondi
Voice over IP (VoIP) Security   Nico Fischbach
Practical 802.11 WiFi (In)Security  Cidric Blancher
Advanced Linux HardeningAndrea Barisani
Defend The Flag Microsoft

--
2008 PWN 2 OWN

There will be three targets:
A MacBook Air, running the latest OSX, patched, typical
configuration.
A Sony VAIO VGN-TZ37CNB, running Ubuntu, latest release.
A Fujitsu U810, Running Vista, latest update.

The contest will be adjudicated by our impartial celebrity judge:

Ronald C. Dodge JR., Ph.D.
Lieutenant Colonel, Academy Professor
Associate Dean, Information and Education Technology,
United States Military Academy

The victory conditions will be the contents of specific
specially  planted files on each system, to be extracted
by winners. Hack them and you get to keep them, and
any associated prizes for the exploits used, oh and the
fame and glory. :-)

Browsers (I.E., Mozilla, Safari), Mail Clients (Outlook,
Mail.app,  Thunderbird), and IM clients (MSN, Adium,
Pigdin, Skype all platforms) are all in scope.
More details and official rules soon.

cheers,
--dr
--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada   March 25-28 - 2008http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

Re: Cold Boot Attacks on Encryption Keys

[Stuart Henderson]

it's all a marketing scheme for the Apple laptop with soldered RAM...

Re: FOSDEM 23/24 Feb Brussels

[Mayuresh Kathe]

Golly, what language is that? is it the native language of NL?
I tried running it through 'rot13', but that complicated it even more.


2008/2/22 Han Boetes [EMAIL PROTECTED]:
 Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
  plezier. :-)

  Groetjes aan Tilly. ;-)



  Wim Vandeputte wrote:
   like each year we'll be present at the FOSDEM event in Brussels, it's
   completely free entrance, plenty of interesting things to see,
   even a BSD devroom with presenations
  
   Feel free to drop by
  
   http://www.fosdem.org/
  
   This weekend.



  # Han

Re: Cold Boot Attacks on Encryption Keys

[Tony Abernethy]

Stuart Henderson
 
 it's all a marketing scheme for the Apple laptop with soldered RAM...
 
Please, not when I'm drinking coffee.

Re: Remote Admin Card - Dell DRAC or HP ILO2 ?

[Michael]

Hi,

Xavier MilliC(s-Lacroix schrieb:
 We need to be able to do 'quite' everything remotely (from installing
 (virtual floppy / cd / dvd) to exploitation).

I've got some experience with DRACs... some good (it works) but mostly
bad... good thing is, with DRAC 4/5 you can load an iso image into the
DRAC (virtual CD) and install from there. Also got a remote console. It
just does all what you need, imho... BUT...

..now the bad... most stuff only works with Windows/IE(6)... or
Firefox/Linux. The DRAC firmware doesn't even recognize OpenBSD. With
the DRAC 4 it isn't so bad, it just asumes you use Linux instead, the
DRAC 5 however sees that it isnt Linux, so it must be Windows and offers
you ActiveX stuff instead of Java with Firefox using OpenBSD... kinda
sucks, so the remote console isn't working.

Also, the firmware... for DRAC 4 the latest 1.4 and 1.6 seem to work
pretty well... with DRAC 5 you need 1.32, everything else before that...
total piece if shit.

Basically one can say... if you get a DRAC, you need the IE... either
Windows/IE or Wine/IE, version 6 of cause, 7 doesn't work properly.


Michael

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

[Amarendra Godbole]

On Thu, Feb 21, 2008 at 8:40 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:

 On Thu, Feb 21, 2008 at 03:41:30PM +0530, Amarendra Godbole wrote:
   I am unable to move the display to a projector or an external monitor
   on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the
   keycombination to be used to switch displays, but it does not work.
   Now, I am not too sure if this is a function of the OS, or Thinkpad's
   firmware. Search engines turned up nothing. Can someone suggest a way
   by which I can make use of an external monitor? Any software package
   to control this? Thanks.

  When you boot the laptop, go into the bios (just to prevent booting).
  Have the external monitor attached.  Hit your key combo and you should
  get the bios screen on the external monitor.  If this works, then you're
  on the right track.  If it doesn't, then you know that its not the OS
  fault.
[...]

Okay, this works - going to BIOS, hitting a Fn-F7, and getting the
display on the extenal monitor. But now I have lost my notebook
display, but this is workable for the timebeing (I am also
investigating the xrandr option suggested by Matthieu). Thanks.

-Amarendra

Re: FOSDEM 23/24 Feb Brussels

[nicodache]

You're right, this is the native language of the Netherlands, and also
(in a slightly modified version) the one spoken by half the people
from belgium.
The first one is the dutch, the second the flemish.

I think if you try to binary-xor it with the lyrics from latest song
from clouseau, you'd get something near english you can understand.

cheers,

nicodache_punt_be ^^

2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]:
 Golly, what language is that? is it the native language of NL?
  I tried running it through 'rot13', but that complicated it even more.


  2008/2/22 Han Boetes [EMAIL PROTECTED]:


  Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
plezier. :-)
  
Groetjes aan Tilly. ;-)
  
  
  
Wim Vandeputte wrote:
 like each year we'll be present at the FOSDEM event in Brussels, it's
 completely free entrance, plenty of interesting things to see,
 even a BSD devroom with presenations

 Feel free to drop by

 http://www.fosdem.org/

 This weekend.
  
  
  
# Han

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

[Amarendra Godbole]

On Fri, Feb 22, 2008 at 12:05 PM, Matthieu Herrb [EMAIL PROTECTED] wrote:

 On Thu, Feb 21, 2008 at 11:11 AM, Amarendra Godbole
  [EMAIL PROTECTED] wrote:
   I am unable to move the display to a projector or an external monitor
on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the
keycombination to be used to switch displays, but it does not work.
Now, I am not too sure if this is a function of the OS, or Thinkpad's
firmware. Search engines turned up nothing. Can someone suggest a way
by which I can make use of an external monitor? Any software package
to control this? Thanks.
  

  The X60 is using intel i965 graphics right? (hard to tell without some
  dmesg or Xorg.0.log attached to your message)
  So X is normally using the 'intel' driver which uses XRandR 1.2.
  Plug you projector or external monitor, run 'xrandr --auto' and you
  should be setup for mirroring.
  Check the xrandr(1) man page and the intel web site
  http://www.intellinuxgraphics.org/dualhead.html for more configuration
  options.

  If I wrong and the X60 doesn't use an intel chipset, please post more
  details first (Xorg.0.log or dmesg at least)

945GM is the chipset. I tried playing around with xrandr, but no luck.
Most likely I am unable to get the concepts right. Anyways, my
Xorg.log.0, dmesg, and xrandr are hosted here:
http://www.obscure.org/~amunix/misc/
I'd appreciate if you can help me here.

Oh, BTW, I noticed some option in the BIOS which sets boot display,
and the values are LCD screen, VGA, both. If I select VGA or both, my
output goes only to the VGA, but not on the LCD. :-|

-Amarendra

Re: Remote Admin Card - Dell DRAC or HP ILO2 ?

[Xavier Milliès-Lacroix]

Hello,

I'm not sure but advanced ilo provides remote cd/dvd/floppy ?
Is it true ?

Xavier.


2008/2/22, Joe Warren-Meeks [EMAIL PROTECTED]:

 On Thu, Feb 21, 2008 at 08:10:16PM +0100, Nick Nauwelaerts wrote:

  I don't really see how this is related to openbsd, but ilo2 wins hands
  down to drac, but has a costly advanced license.
  Installing openbsd through ilo2 virtual cd works just fine btw.

 I thought you only needed the license if you used higher resolutions
 than a basic console. If you are just using text mode on the console,
 then they work excellently.

 I've used both with OpenBSD firewalls and infinitely prefer the HP ones.

 -- joe.

 Jennifer's dad sent her a nice cuddly cat, so that's nice.

Re: Updates for old releases

[Edd]

On Fri, Feb 22, 2008 at 10:33:00AM +0100, Maurice Janssen wrote:
 About a year ago I started to create regular builds of the -stable
 trees (the two supported trees).  You can use them, if you trust me ;-)
 You can find links to some mirrors on http://www.z74.net/openbsd.html

I think it is great that you are doing this, however why are you a third
party? Can you not upload your binaries to the official mirrors?

-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett

Re: Nfsen and php problems...?

[Peter Haag]

--On February 18, 2008 9:48:09 +0100 Tasmanian Devil [EMAIL PROTECTED] wrote:

| Hello!
|
|  lookup.php at least gives a yellow page and also allows me to see it's
|  source, unlike the others:
| 
|  ?
|  /* This file was automatically created by the NfSen install.pl script */

Ouch! I'll fix that! All other php files have the right tags!

   Thanks
   - Peter

|
| This and especially the empty pages sound like you've short_open_tag
| = Off in your /var/www/conf/php.ini. From that file:
|
| ; Allow the ? tag.  Otherwise, only ?php and script tags are recognized.
| ; NOTE: Using short tags should be avoided when developing applications or
| ; libraries that are meant for redistribution, or deployment on PHP
| ; servers which are not under your control, because short tags may not
| ; be supported on the target server. For portable, redistributable code,
| ; be sure not to use short tags.
| short_open_tag = Off
|
| So if my guess is right, you should either fix the php files or set
| short_open_tag = On.
|
| Tas.
|



--
Peter Haag

PCI Gigabit card suggestion?

[Sunnz]

Hi I have been looking at:

http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html

However I am very puzzled... can someone please tell me which chipset
you found that worked the best for you and if possible, which model of
the brand you have brought after all? I am kind of scared of the bugs
and caveat sections in some of the drivers... are they a show stopper
at all?

But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not
go for the best supported one?

-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0

Re: There's something about OpenBSD...

[Alexander Hall]

Janne Johansson wrote:

[EMAIL PROTECTED] wrote:
For instance 'ggrep -r ...' instead of 'grep -r ...' to search 
recursively

with gnu grep (a worthless feature imho).

Displaying the name of the file and the matched line nicely like grep -r
does is not elegant with find + grep without using a script or a long
and inelegant alias - or if it is, I'd be interested in how it can be
done in case I need to work on some ancient unix.


$ find DIR -type f -print0 | xargs -0 grep PATTERN

which, unlike 'find ... -exec' is just as fast as 'grep -r', and unlike
'grep -r', will skip special devices, symlinks, etc.



# uname -a
SunOS dumbhost.test.se 5.10 Generic_118855-33 i86pc i386 i86pc
#  find /etc -type f -print0
find: bad option -print0
find: [-H | -L] path-list predicate-list

But yes, its probably bad to start one grep per file.


$ find /etc -type f -exec printf %s\0 {} \;

(if they've got printf, that is :)

I'd guess a printf process has less startup overhead than grep.

But, uh-oh... Does solaris have xargs -0? :-)

/Alexander

Re: FOSDEM 23/24 Feb Brussels

[raven]

Mayuresh Kathe ha scritto:

Golly, what language is that? is it the native language of NL?
I tried running it through 'rot13', but that complicated it even more.


  

It's dutch! mijncomputer.nl the tld .nl = Netherlands... So...It's simple.
jaar (NL) = year(EN)

Francesco

2008/2/22 Han Boetes [EMAIL PROTECTED]:
  

Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
 plezier. :-)

 Groetjes aan Tilly. ;-)



 Wim Vandeputte wrote:
  like each year we'll be present at the FOSDEM event in Brussels, it's
  completely free entrance, plenty of interesting things to see,
  even a BSD devroom with presenations
 
  Feel free to drop by
 
  http://www.fosdem.org/
 
  This weekend.



 # Han

Re: PCI Gigabit card suggestion?

[Sunnz]

Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was
wondering which brand/model are best supported by OpenBSD... in terms
of documentaion by the vendor and performance by the device.

Thanks.

Re: PCI Gigabit card suggestion?

[Jordi Espasa Clofent]

sk(4), em(4) and even bge(4) are considered good.

--
Thanks,
Jordi Espasa Clofent

Re: FOSDEM 23/24 Feb Brussels

[Tom Van Looy]

Actually, it's the Netherlands that speak a slightly modified version of dutch. 
Only Flemish Belgium speaks true Dutch.

The term Flemish covers the Belgian Dutch dialects.

It's a bit confusing because of the naming and translations to English, I think 
this is caused by the fact that Belgium is partly French and the Netherlands is 
completely Dutch.

ps: will be at Fosdem too



- Oorspronkelijk bericht -
Van: nicodache [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag, februari 22, 2008 12:35 PM
Aan: misc@openbsd.org
Onderwerp: Re: FOSDEM 23/24 Feb Brussels

You're right, this is the native language of the Netherlands, and also
(in a slightly modified version) the one spoken by half the people
from belgium.
The first one is the dutch, the second the flemish.

I think if you try to binary-xor it with the lyrics from latest song
from clouseau, you'd get something near english you can understand.

cheers,

nicodache_punt_be ^^

2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]:
 Golly, what language is that? is it the native language of NL?
  I tried running it through 'rot13', but that complicated it even more.


  2008/2/22 Han Boetes [EMAIL PROTECTED]:


  Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
plezier. :-)
  
Groetjes aan Tilly. ;-)
  
  
  
Wim Vandeputte wrote:
 like each year we'll be present at the FOSDEM event in Brussels, it's
 completely free entrance, plenty of interesting things to see,
 even a BSD devroom with presenations

 Feel free to drop by

 http://www.fosdem.org/

 This weekend.
  
  
  
# Han

Re: PCI Gigabit card suggestion?

[Nico Meijer]

Hi Sunnz,

 http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html

I have been looking at:
http://www.openbsd.org/amd64.html#hardware

 But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not
 go for the best supported one?

There are references in the archives. It depends on your budget and your
task.

People seem to like em and sk. For desktops, I might get a bunch of re's.

HTH... Nico

Intel S5000VSA motherboards?

[Liviu Daia]

Any experiences with Intel S5000VSA motherboards?

Regards,

Liviu Daia

-- 
Dr. Liviu Daia  http://www.imar.ro/~daia

Re: FOSDEM 23/24 Feb Brussels

[nicodache]

Don't forget to say that Belgium is partly german too...
For those who alreayd think belgium that Belgium is complicated,
please learn that we also have 7 governments ; the federal one  (for
the whole country), 3 for each region, and 3 for each community.
Take in accounting that one cannot work for the federal governement as
well as for the regional one, but well for the community (or something
like that), and the region of brussels is in the flemish community
while 85% of its residents speak french...
And we organise FOSDEM in there...

Ikke

ps : just for the fun, our futur prime minister who already tried for
6 months to set up a governement before we fall back to the old one,
already has an ulcer due to belgium politic stress...
pps : I'll be in fosdem too

On Fri, Feb 22, 2008 at 1:39 PM, Tom Van Looy [EMAIL PROTECTED] wrote:
 Actually, it's the Netherlands that speak a slightly modified version of 
 dutch. Only Flemish Belgium speaks true Dutch.

  The term Flemish covers the Belgian Dutch dialects.

  It's a bit confusing because of the naming and translations to English, I 
 think this is caused by the fact that Belgium is partly French and the 
 Netherlands is completely Dutch.

  ps: will be at Fosdem too



  - Oorspronkelijk bericht -
  Van: nicodache [mailto:[EMAIL PROTECTED]
  Verzonden: vrijdag, februari 22, 2008 12:35 PM
  Aan: misc@openbsd.org
  Onderwerp: Re: FOSDEM 23/24 Feb Brussels


 
  You're right, this is the native language of the Netherlands, and also
  (in a slightly modified version) the one spoken by half the people
  from belgium.
  The first one is the dutch, the second the flemish.
  
  I think if you try to binary-xor it with the lyrics from latest song
  from clouseau, you'd get something near english you can understand.
  
  cheers,
  
  nicodache_punt_be ^^
  
  2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]:
   Golly, what language is that? is it the native language of NL?
I tried running it through 'rot13', but that complicated it even more.
  
  
2008/2/22 Han Boetes [EMAIL PROTECTED]:
  
  
Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
  plezier. :-)

  Groetjes aan Tilly. ;-)



  Wim Vandeputte wrote:
   like each year we'll be present at the FOSDEM event in Brussels, 
 it's
   completely free entrance, plenty of interesting things to see,
   even a BSD devroom with presenations
  
   Feel free to drop by
  
   http://www.fosdem.org/
  
   This weekend.



  # Han

Re: FOSDEM 23/24 Feb Brussels

[mvdeventer]

Well then Afrikaans must be a slightly modified version of Flemish! :-)

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Tom Van Looy
Sent: 22 February 2008 02:40 PM
To: nicodache
Cc: misc@openbsd.org
Subject: Re: FOSDEM 23/24 Feb Brussels

Actually, it's the Netherlands that speak a slightly modified version of
dutch. Only Flemish Belgium speaks true Dutch.

The term Flemish covers the Belgian Dutch dialects.

It's a bit confusing because of the naming and translations to English,
I think this is caused by the fact that Belgium is partly French and the
Netherlands is completely Dutch.

ps: will be at Fosdem too



- Oorspronkelijk bericht -
Van: nicodache [mailto:[EMAIL PROTECTED]
Verzonden: vrijdag, februari 22, 2008 12:35 PM
Aan: misc@openbsd.org
Onderwerp: Re: FOSDEM 23/24 Feb Brussels

You're right, this is the native language of the Netherlands, and also
(in a slightly modified version) the one spoken by half the people
from belgium.
The first one is the dutch, the second the flemish.

I think if you try to binary-xor it with the lyrics from latest song
from clouseau, you'd get something near english you can understand.

cheers,

nicodache_punt_be ^^

2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]:
 Golly, what language is that? is it the native language of NL?
  I tried running it through 'rot13', but that complicated it even
more.


  2008/2/22 Han Boetes [EMAIL PROTECTED]:


  Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel
plezier. :-)
  
Groetjes aan Tilly. ;-)
  
  
  
Wim Vandeputte wrote:
 like each year we'll be present at the FOSDEM event in
Brussels, it's
 completely free entrance, plenty of interesting things to see,
 even a BSD devroom with presenations

 Feel free to drop by

 http://www.fosdem.org/

 This weekend.
  
  
  
# Han

Re: PCI Gigabit card suggestion?

[bofh]

On Fri, Feb 22, 2008 at 7:52 AM, Jordi Espasa Clofent
[EMAIL PROTECTED] wrote:
 sk(4), em(4) and even bge(4) are considered good.

There's even a $30 to $40 intel card (e1000g?) at newegg


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted. -- Gene Spafford
learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: Cold Boot Attacks on Encryption Keys

[knitti]

On 2/22/08, Siegbert Marschall [EMAIL PROTECTED] wrote:
  Yes DRAM can preserve data for a while, even after shutting down
  power. Depending on the type of DRAM it can be milliseconds to
  days BUT it will only preserve part of the data, so the chance
  of finding some passwords in there does exist but has very little
  real world implications.

the quickest way of improving security for this particular type of attack,
apart from having sensitive data such as keys around only when needed,
is ensuring there's no quick way of booting from a different media and
ensuring it takes as long as possible to move the RAM (this would be
a plus also for the disks) physically. Physical security _is needed_
anyways.

Soekris boxes also have soldered RAM.

--knitti

Re: Updates for old releases

[Jay Hart]

One question I have is if 4.0 is stilled being patched?  I notice that there
are several patches out in 4.2 or 4.1, for example:

005: RELIABILITY FIX: January 11, 2008   All architectures
A missing NULL pointer check can lead to a kernel panic.
A source code patch exists which remedies this problem

But either these don't apply to 4.0, or 4.0 is not having patches created
anymore.

That is the official policy for older releases with regards to patches?

Thanks,

Jay

 2008/2/22, Antonio Lobato [EMAIL PROTECTED]:
  Hi all!

 I read http://openbsd.org/security.html (and stable.html), but could
  not make
  sure about my question.

 If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
   openbsd, does it already includes the fixes listed in

 release != stable; you'll have to apply the patches (or get the/a newer
 release)

Re: FOSDEM 23/24 Feb Brussels

[Miod Vallat]

Well then Afrikaans must be a slightly modified version of Flemish! :-)


Real flemish only sounds correct if altitude is close to or (preferrably)
below the sea level, though.

Miod

Re: What is our ultimate goal??

[Marc Espie]

On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote:
  SO now do you want FireEngine? Or rather SMPng networking? Or
  would you like ReallyHyperFastZoomStreamCyberWoosh?

 Now that you've brought it up, I would really like a
 ReallyHyperFastZoomStreamCyberWoosh TCP stack.  Just make sure it
 doesn't require 1.2Jigawatts of power and have interesting side
 effects when it gets to 88mph.

 But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with
 the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to
 OpenBSD would seriously impact performance of OpenBSD on mundane
 processors.

Nonsense, as long as you can plug in some plutonium, things should be
fine.

Re: PCI Gigabit card suggestion?

[michael enoma aghayere]

On 22/02/2008, Sunnz [EMAIL PROTECTED] wrote:
 Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was
  wondering which brand/model are best supported by OpenBSD... in terms
  of documentaion by the vendor and performance by the device.

  Thanks.


For something cheap and cheerful, but also supported, i'd go for a
D-Link DGE-528T. Was looking them up on the web yesterday.

-- 
~michael
www.BSDqed.com

Re: FOSDEM 23/24 Feb Brussels

[Matt]

Tom Van Looy schreef:

Actually, it's the Netherlands that speak a slightly modified version of dutch. 
Only Flemish Belgium speaks true Dutch.

The term Flemish covers the Belgian Dutch dialects.

It's a bit confusing because of the naming and translations to English, I think 
this is caused by the fact that Belgium is partly French and the Netherlands is 
completely Dutch.

ps: will be at Fosdem too

  
The Flemish speaking Belgians refer to their language as 'Nederlands' 
(Dutch), not 'Vlaams' (Flemish).
Vlaams is mainly used to denote the geographical area or the residents 
of that area (Vlamingen), not the language itself.


The differences with Dutch are subtle but sometimes quite confusing (to 
both sides).
Dutch will call an OpenBSD sticker just a 'sticker', the imported 
English word, where the Flemish Belgians will refer to 'zelfklever' ( = 
self sticking item, a literal translation).


Zelfklevers. That to me is pure beauty.

Especially if Wim brings enough so he's not sold out Sunday ;-)

Re: Updates for old releases

[Markus Hennecke]

Jay Hart schrieb:

One question I have is if 4.0 is stilled being patched?  I notice that there
are several patches out in 4.2 or 4.1, for example:

005: RELIABILITY FIX: January 11, 2008   All architectures
A missing NULL pointer check can lead to a kernel panic.
A source code patch exists which remedies this problem

But either these don't apply to 4.0, or 4.0 is not having patches created
anymore.


Because 4.0 is no longer maintained after 4.2 was released.


That is the official policy for older releases with regards to patches?


http://www.openbsd.org/faq/faq5.html#Flavors

Kind regards,
  Markus

Re: Updates for old releases

[Stuart VanZee]

Jay,

Only the current version (4.2) and 1 previous version (4.1)
are supported.  That means no more patches for 4.0 as soon
as 4.2 came out.  For more information, please refer to the
OpenBSD FAQ.

s

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of
 Jay Hart
 Sent: Friday, February 22, 2008 8:41 AM
 To: Mark Prins
 Cc: misc@openbsd.org
 Subject: Re: Updates for old releases


 One question I have is if 4.0 is stilled being patched?  I
 notice that there
 are several patches out in 4.2 or 4.1, for example:

 005: RELIABILITY FIX: January 11, 2008   All architectures
 A missing NULL pointer check can lead to a kernel panic.
 A source code patch exists which remedies this problem

 But either these don't apply to 4.0, or 4.0 is not having
 patches created
 anymore.

 That is the official policy for older releases with regards
 to patches?

 Thanks,

 Jay

  2008/2/22, Antonio Lobato [EMAIL PROTECTED]:
   Hi all!
 
  I read http://openbsd.org/security.html (and
 stable.html), but could
   not make
   sure about my question.
 
  If today I download old versions (say
 /pub/OpenBSD/4.0/i386/cd40.iso) of
openbsd, does it already includes the fixes listed in
 
  release != stable; you'll have to apply the patches (or get
 the/a newer
  release)

Re: Asian lang support with generic kernel

[arthur]

I am going to spend some more time over this weekend on setting up my OBSD
desktop. Any comments regarding my post below are welcome. Thank you!

Arthur
  - Original Message -
  From: arthur
  To: Openbsd Misc (E-mail)
  Sent: Wednesday, February 20, 2008 10:38 AM
  Subject: Asian lang support with generic kernel


  Hi All,

  I am new to OBSD but I like its secure and simple. Thanks everyone to make
this happen!!

  I try to install obsd as my desktop workstation. I install from 4.2 release
and now the X/KDE is running. After install KED-I18N-cn pkg, now I can open
web pages in Chinese. I will deal with the fonts/inputmethod/tuneup later,
even I don't know how to do that yet, but I think those are doable (it is X
anyway).

  One problem I have is that I can't save local disk file with Chinese
filename. Does generic kernel support Asian language? If so, there is any
link/hint on how to config that. If not, is there anyway to patch it, and how.
Google gave me some pages on how to patch older version of OBSD to support
Asian language but I can't find any info regarding v4.2.

  Thank you.

  Arthur

Re: Updates for old releases

[Jay Hart]

 Jay Hart schrieb:
 One question I have is if 4.0 is stilled being patched?  I notice that there
 are several patches out in 4.2 or 4.1, for example:

 005: RELIABILITY FIX: January 11, 2008   All architectures
 A missing NULL pointer check can lead to a kernel panic.
 A source code patch exists which remedies this problem

 But either these don't apply to 4.0, or 4.0 is not having patches created
 anymore.

 Because 4.0 is no longer maintained after 4.2 was released.

Thanks, that means I will be upgrading to 4.2 stable (at least) this weekend.

Jay


 That is the official policy for older releases with regards to patches?

 http://www.openbsd.org/faq/faq5.html#Flavors

 Kind regards,
Markus

Re: Cold Boot Attacks on Encryption Keys

[Tor Houghton]

On Thu, Feb 21, 2008 at 11:22:54PM -0300, Giancarlo Razzolini wrote:

 [snip]
 be done, i also saw those kind of display dumps with some video cards
 [snip]

it's called burn-in.

*ducks*

/t 

Re: FOSDEM 23/24 Feb Brussels

[André Braselmann]

On Fri, Feb 22, 2008 at 12:39:42PM +, Tom Van Looy wrote:
 Actually, it's the Netherlands that speak a slightly modified version of 
 dutch. Only Flemish Belgium speaks true Dutch.

And don't confuse it with the FRISIAN in noord-nederland. As a good
dutch (the nederlands version, assuming a pre-alpha of vlaams) speaking
german, it's a pain for me in both areas.

AND the most signifant part of this country is: The highways used to be
illuminated at night with a terrible orange light.
But on the other side: The chocolate and the french fries and some beers 
of the different dozens are very good. So it's worth.

--- 
Andri Braselmann

Re: FOSDEM 23/24 Feb Brussels

[Vincent Barus]

  Zelfklevers. That to me is pure beauty.

That's like Aufkleber in German :)

~ vb

Nouvelle carte valable partout.

[S�bastien AM]

si la page ne s'affiche pas http://www.avantages-marketing.com/

Billetterie - Dotations - Cadeaux d'Affaires
ou Comitis d'EntrepriseNouveauti 2008 la CARTE CINEMA interactive pour
TOUS  LES  CINEMAS !

LE SAVIEZ-VOUS ?

Il existe en France environ 2000 cinimas. Les grandes enseignes (ou
riseaux) reprisentent un peu plus de la moitii. L’autre partie reprisente
des centaines d’exploitants indipendants.
Contrairement aux idies regues, les grands multiplexes ne font pas
toujours partie d’un riseau national c’est par exemple le cas dans des
villes comme Clermont Ferrand, Auxerre, Limoges ou Dunkerque.

LA CULTURE NE S’IMPOSE PAS

La culture siduit, se dicouvre, se transmet, se dicide… Imposer la
culture est un non-sens. Votre Entreprise, cette porte grande ouverte
vers la culture et les loisirs, se doit de difendre cette idie : La
culture ne s’impose pas !
Une Entreprise ne doit pas dicider ` la place des binificiaires quel
cinima ils doivent friquenter, quels que soient les accords, les
promotions, le nombre de salles, la proximiti de vos locaux, etc.
C’est au binificiaire de choisir le cinima dans lequel il souhaite se
rendre.
Bien s{r, l’Entreprise doit faciliter l’acchs aux cinimas les plus
proches, car ils correspondent ` la majoriti des demandes. Mais il ne
faut pas se fermer ` l’idie que certaines personnes prifhrent parcourir
quelques kilomhtres pour se rendre dans leur salle prifirie ou utiliser
leur carte lors de leurs prochaines vacances.

QUELLES SONT LES SOLUTIONS ?

Tout d’abord, nous tenons ` votre disposition la liste de tous les
cinimas de France. Nous pouvons donc faciliter votre relation avec les
cinimas indipendants qui se trouvent ` proximiti de vos locaux. Ils sont
nombreux ` proposer des tarifs spiciaux aux Entreprises. Cette solution
est particulihrement facile ` mettre en place lorsque vous jtes `
proximiti d’un ou deux cinimas.
Mais parfois les choses se compliquent…

PRENONS L’EXEMPLE DE L’AGGLOMIRATION NANTAISE :

Sur cette carte, sont prisents tous les riseaux, toutes les enseignes,
tous les groupements mais aussi des indipendants.

[IMAGE]

VOTRE DILEMME :

Comment choisir sans imposer ?
Comment jtre s{r de faire plaisir ?

C’est pour cette raison, et tant d’autres que nous avons crii une carte
cinima novatrice et polyvalente, qui offre de nombreux avantages, quelle
que soit votre rigion. Elle est dotie d’options qui simplifient votre
gestion (design personnalisi, garantie contre le vol,validiti variable,
etc.)

La CarteCini
La solution pour toutes les Entreprises

[IMAGE]

[IMAGE]

La CarteCini est une carte pripayie, ichangeable contre un chhque cinima,
quel que soit le riseau, le groupement ou l’enseigne, y compris les
cinimas indipendants.
A ce jour, TOUS LES CINEMAS DE FRANCE, sans exception, sont accessibles
via la CarteCini.
Sur chaque carte figure les iliments permettant au binificiaire de
transformer son bon d’ichange contre une place de Cinima (chhque ou carte
Cinima directement valable dans la caisse du Cinima demandi).
Il s’agit d’un numiro de chhque, d’une date de validiti (6 ` 24 mois
environ ) et d’un code d’activation.
Passons maintenant ` la partie activation, qui permet de transformer une
CarteCini en un chhque cinima :
Cette activation peut se faire par tiliphone en contactant nos services
(numiro imprimi au verso de la CarteCini), mais aussi, et surtout, par
Internet, en moins d’une minute, sur le site.

[IMAGE]

Une fois connecti, il suffit de reporter le numiro, la date de validiti
et le code activation dans les emplacements privus.

[IMAGE]

Si le binificiaire est dij` passi par le site, il lui suffit de
s’identifier, sinon il saisit ses coordonnies une fois pour toutes.

Les informations comme le tiliphone ou l’adresse email ne sont pas
obligatoires mais elles permettent de communiquer avec le service client
en cas de besoin.
C’est le binificiaire qui choisit lui-mjme son pseudo et son mot de passe
ce qui ivite une attribution arbitraire dont il aurait du mal ` se
souvenir par la suite.

[IMAGE]

[IMAGE]

Automatiquement le site prisente l’ensemble des cinimas de votre ville,
il est possible d’itendre la recherche ` tout le dipartement ou plus
simplement de saisir soit-mjme un dipartement. On peut igalement saisir
une adresse occasionnelle (le lieu de vacances par exemple).
Une liste complhte s’affiche avec
9 cinimas par page et la possibiliti de passer ` la page suivante.

[IMAGE]

Si le cinima souhaiti n’est pas prisent sur la liste (un nouvel
itablissement, par exemple), il est possible d’alerter le service client,
directement sur le site
ou par tiliphone.

Sur la dernihre page, le binificiaire trouve un ricapitulatif de son
ichange.
Il est encore possible de changer d’avis et de procider ` des
modifications.
On peut igalement saisir plusieurs cartes. Il suffit ensuite de cliquer
sur le bouton fin pour valider difinitivement sa demande.

[IMAGE]

[IMAGE]

Les demandes saisies avant 

Re: FOSDEM 23/24 Feb Brussels

[Diana Eichert]

On Fri, 22 Feb 2008, Miod Vallat wrote:


Real flemish only sounds correct if altitude is close to or (preferrably)
below the sea level, though.

Miod


I hear drinking mass quantities of beer gets you close or below sea level 
too.

Re: [OT] beefy steel cases

[Tobias Weingartner]

In article [EMAIL PROTECTED], Douglas A. Tutty wrote:
 
  I'm wondering if in your travels, have any of you seen a case (tower,
  desktop, or rackmount) that is:

 - Grab an old iron stove, and stuff a newer case into it.
 - Go to the nearest welding shop, have them weld a nice 500lb steel box.
 - ...

-Toby.
-- 
 [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax

Re: FOSDEM 23/24 Feb Brussels

[Michael Schmidt]

Andri Braselmann schrieb:

AND the most signifant part of this country is: The highways used to be
illuminated at night with a terrible orange light.



Aa, that's where the term oranje is derived from?  ;)

--
Michael Schmidt MIRRORS:
Watcom  ftp://ftp.fh-koblenz.de/pub/CompilerTools/Watcom/
OpenOffice  ftp://ftp.fh-koblenz.de/pub/OpenOffice/

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

[Douglas A. Tutty]

On Fri, Feb 22, 2008 at 05:15:08PM +0530, Amarendra Godbole wrote:
 On Thu, Feb 21, 2008 at 8:40 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:
 
   When you boot the laptop, go into the bios (just to prevent booting).
   Have the external monitor attached.  Hit your key combo and you should
   get the bios screen on the external monitor.  If this works, then you're
   on the right track.  If it doesn't, then you know that its not the OS
   fault.
 [...]
 
 Okay, this works - going to BIOS, hitting a Fn-F7, and getting the
 display on the extenal monitor. But now I have lost my notebook
 display, but this is workable for the timebeing (I am also
 investigating the xrandr option suggested by Matthieu). Thanks.

So Fn-F7 works in BIOS but not in the OS?

Does it work from the CLI (not X)?  This would isolate if its an X issue
or something else.

If it doesn't work from the CLI, then either something in the OS is
capturing the Fn-F7 or there's a hardware problem.

Just to be on the safe side, I'd get the advanced hardware diagnostics
from IBM's web site and run them on the laptop.  

Doug.

Re: Remote Admin Card - Dell DRAC or HP ILO2 ?

[Steve Shockley]

Joe Warren-Meeks wrote:

I thought you only needed the license if you used higher resolutions
than a basic console. If you are just using text mode on the console,
then they work excellently.


ILO2 can't do KVM at all without the Advanced license, but I think ssh 
still works.  They also have a lesser license (ILO Select maybe?) that 
has a smaller set of features for less cost.

Re: FOSDEM 23/24 Feb Brussels

[Dries Schellekens]

On Fri, Feb 22, 2008 at 4:12 PM, Andri Braselmann [EMAIL PROTECTED] wrote:

  AND the most signifant part of this country is: The highways used to be
  illuminated at night with a terrible orange light.

We did that such that people in space can locate Belgium. The Chinese
have their wall for that.

Re: FOSDEM 23/24 Feb Brussels

[Douglas A. Tutty]

On Fri, Feb 22, 2008 at 08:28:15AM -0700, Diana Eichert wrote:
 On Fri, 22 Feb 2008, Miod Vallat wrote:
 
 Real flemish only sounds correct if altitude is close to or (preferrably)
 below the sea level, though.
 
 
 I hear drinking mass quantities of beer gets you close or below sea level 
 too.

__That's__ why I thought people in Belgium spoke Belch and ate Belch
chocolate.

Now, is a Flemish Cap:

a.  a distinctive head wear 
b.  a shallow area east of the Grand Banks
c.  What Belch people call the head on the beer
d.  all of the above
e.  none of the above.

:)

Doug.

Re: FOSDEM 23/24 Feb Brussels

[Joe Warren-Meeks]

On Fri, Feb 22, 2008 at 12:08:14PM -0500, Douglas A. Tutty wrote:

 Now, is a Flemish Cap:
 
   a.  a distinctive head wear 
   b.  a shallow area east of the Grand Banks
   c.  What Belch people call the head on the beer
   d.  all of the above
   e.  none of the above.

f.  A contraceptive shaped like a piece of medieval armour 

I'll get my coat..

 -- joe.

He's got an old-school Ipod thing. It's huge. It probably plays tapes.

Re: [OT] beefy steel cases

[Marcus Andree]

Hi, Doug.

My suggetion is:

 - start with good, standard but not-so-bulky case;
 - build a cage around the commercial grade, made from thick
   sheets of steel;
 - do lots of small, tiny drills on the external cage, for proper
   ventilation;
 - do a couple of larger holes for cables and wires on
   the back;
 - put a thermometer sensor inside, with a display on the outside,
   for proper temparature monitoring, just in case you need more
   holes;

You should end with far better protection than those provided
by more expensive devices.

The small holes won't let pass much EM energy thru them.
The larger ones can be concealed by walls and you may point
them to safer areas. They'll be blocked by the cage itself and
should cause little to none side effects on areas of interest.

You can hire someone or a company to do some bending or
soldering if needed.


Best regards to you and your wife.


On Mon, Feb 11, 2008 at 11:35 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote:
 On Mon, Feb 11, 2008 at 12:37:59PM -0700, Steve B wrote:
   I have one of these, http://calpc.com/catalog/mid_tower.html, and its quite
   beefy.
  

  I wonder if you could measure two things for me:

  1.  The thickness of the steel panels (not of any structural frame).
  I'm comparing these with norco cases which are made of 1.2 mm steel, so
  a normal metric ruler and an eyeball would suffice.

  2.  The size of the vent holes.  The mid tower chassis page doesn't
  have alternate views.  The 4U rackmount case has a rear photo.  The
  vents look like brickwork: more vent than metal.  The dimensions of
  the holes and the metal between them is critical.  If you could give me
  the three measurements, again to the nearest 0.2 mm.

 -- vent-hole lenght:
 -- vent-hole height:
 -- metal between vent-holes:

  Thank you.

  Doug.

Re: What is our ultimate goal??

[Jacob Meuser]

On Fri, Feb 22, 2008 at 03:01:40PM +0100, Marc Espie wrote:
 On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote:
   SO now do you want FireEngine? Or rather SMPng networking? Or
   would you like ReallyHyperFastZoomStreamCyberWoosh?
 
  Now that you've brought it up, I would really like a
  ReallyHyperFastZoomStreamCyberWoosh TCP stack.  Just make sure it
  doesn't require 1.2Jigawatts of power and have interesting side
  effects when it gets to 88mph.
 
  But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with
  the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to
  OpenBSD would seriously impact performance of OpenBSD on mundane
  processors.
 
 Nonsense, as long as you can plug in some plutonium, things should be
 fine.
 

Are you tellin' me this sucker is nuclear?

-- 
[EMAIL PROTECTED]
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: Remote syslog

[Brian A. Seklecki]

syslog-ng + transport mode IPSec (or tunnel, if you have infrastructure
on either end). 

use pf(4) to ensure that only IPSec peers can write.

~BAS

On Tue, 2008-02-19 at 21:42 -0700, Steve B wrote:
 and whether you are doing it over SSH or IPSEC? I have looked at
 various

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

[Brian A. Seklecki]

read the man page i810(4):


   Option MonitorLayout anystr
  Allow different monitor configurations. e.g. CRT,LFP
will configure a CRT on Pipe A and an LFP on Pipe  B.  Regardless  of
the  primary  headsb  pipe  it  is  always  configured  as
  PIPEA,PIPEB.   Additionally you can add different
configurations such as CRT+DFP,LFP which would put a digital flat
panel and a CRT on pipe A, and a local flat panel on pipe B.
  For single pipe configurations you can just specify the
monitors types on Pipe A, such as CRT+DFP which will enable the CRT
and DFP on Pipe A.  Valid monitors are CRT, LFP, DFP,  TV,
  CRT2,  LFP2,  DFP2,  TV2 and NONE.  NOTE: Some
configurations of monitor types may fail, this depends on the Video BIOS
and system configuration.  Default: Not configured, and will use
  the current headbs pipe and monitor.



On Thu, 2008-02-21 at 15:41 +0530, Amarendra Godbole wrote:
 I am unable to move the display to a projector or an external monitor
 on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the
 keycombination to be used to switch displays, but it does not work.
 Now, I am not too sure if this is a function of the OS, or Thinkpad's
 firmware. Search engines turned up nothing. Can someone suggest a way
 by which I can make use of an external monitor? Any software package
 to control this? Thanks.
 
 -Amarendra

Re: What is our ultimate goal??

[Unix Fan]

Jacob Meuser wrote:

 Marc Espie wrote:

  Nonsense, as long as you can plug in some plutonium, things should be

  fine.



 Are you tellin' me this sucker is nuclear?



...Mr. Fusion? ;)







-Nix Fan.

Re: Cold Boot Attacks on Encryption Keys

[Unix Fan]

My understanding of paging isn't as good as the developers, but I do know that 
memory isn't organized in an entirely sequential fashion..



Free memory is organized into pages, 4096 byte chucks of memory 



If my system was shutdown, and someone attempted to recover information from 
RAM, several obvious obstacles would be:



1) Significant portions of the RAM would be corrupt or in an inconsistent 
state...

2) Important structures, like the page table could be lost...



The key used by... mount_vnd for instance, wouldn't be in a predictable 
location how would you find it?



This is a waste of bandwidth...







-Nix Fan.

Re: What is our ultimate goal??

[Douglas A. Tutty]

On Fri, Feb 22, 2008 at 07:43:05PM +, Jacob Meuser wrote:
 On Fri, Feb 22, 2008 at 03:01:40PM +0100, Marc Espie wrote:
  On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote:
SO now do you want FireEngine? Or rather SMPng networking? Or
would you like ReallyHyperFastZoomStreamCyberWoosh?
  
   Now that you've brought it up, I would really like a
   ReallyHyperFastZoomStreamCyberWoosh TCP stack.  Just make sure it
   doesn't require 1.2Jigawatts of power and have interesting side
   effects when it gets to 88mph.
  
   But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with
   the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to
   OpenBSD would seriously impact performance of OpenBSD on mundane
   processors.
  
  Nonsense, as long as you can plug in some plutonium, things should be
  fine.
  
 
 Are you tellin' me this sucker is nuclear?

No, just that transactions across it are atomic

:)
doug.

Re: Cold Boot Attacks on Encryption Keys

[Giancarlo Razzolini]

Unix Fan escreveu:
 My understanding of paging isn't as good as the developers, but I do know
that memory isn't organized in an entirely sequential fashion..

 Free memory is organized into pages, 4096 byte chucks of memory

 If my system was shutdown, and someone attempted to recover information from
RAM, several obvious obstacles would be:

 1) Significant portions of the RAM would be corrupt or in an inconsistent
state...
 2) Important structures, like the page table could be lost...

 The key used by... mount_vnd for instance, wouldn't be in a predictable
location how would you find it?

 This is a waste of bandwidth...



 -Nix Fan.


I've tested the strings /dev/mem thing on my linux and my truecrypt
password was in the line following the command i call to mount it. This
isn't one hundred percent sure that always be there, but it was for
three times, from cold start (i do not know anymore what is cold start
:). So i think that a simple program that dumps the whole memory
contents, and a simple strings on that, you can try to find things that
make sense for a password. This attack is feasible for laptops. For
desktops i wouldn't be that worried. But i'll sleep well tonight. :)

My 2 cents,

--
Giancarlo Razzolini
Linux User 172199
Red Hat Certified Engineer no:804006389722501
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Ubuntu 7.04 Feisty Fawn
Snike Tecnologia em InformC!tica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: rtorrent + OpenBSD = freeze

[nicodache]

As promised, and as my server is up again, here is the dmesg.
Now, why is rtorrent freezing the server... not a clue

OpenBSD 4.2 (GENERIC.RAID) #1: Sun Jan  6 22:08:19 CET 2008
[EMAIL PROTECTED]:/sys/arch/i386/compile/GENERIC.RAID
cpu0: Intel Pentium III (GenuineIntel 686-class) 795 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE
real mem  = 1073311744 (1023MB)
avail mem = 1029783552 (982MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
0xeca00, SMBIOS rev. 2.3 @ 0xf2000 (41 entries)
bios0: vendor Compaq version D05/F05 System ROM date 11/15/2002
bios0: Compaq ProLiant DL320
pcibios0 at bios0: rev 2.1 @ 0xeca00/0x3600
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaca0/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00)
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000 0xd/0x3400 0xe8000/0x8000!
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x05
pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x05
pci1 at pchb1 bus 1
pciide0 at pci1 dev 1 function 0 Promise PDC20375 rev 0x02: DMA
wd0 at pciide0 channel 0 drive 0: ST380811AS
wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6
wd1 at pciide0 channel 1 drive 0: ST380811AS
wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors
wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6
pciide0: using irq 3 for native-PCI interrupt
siop0 at pci1 dev 2 function 0 Symbios Logic 53c895A rev 0x01: irq
3, using 8K of on-board RAM
scsibus0 at siop0: 16 targets
fxp0 at pci1 dev 3 function 0 Intel 8255x rev 0x08, i82559: irq 11,
address 00:50:8b:e8:56:04
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci1 dev 4 function 0 Intel 8255x rev 0x08, i82559: irq 11,
address 00:50:8b:e8:56:05
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 2 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Compaq Netelligent ASMC rev 0x00 at pci0 dev 3 function 0 not configured
piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x51: polling
iic0 at piixpm0
adm1022 at iic0 addr 0x2c not configured
iic0: addr 0x2c 13=3a 14=4d 15=02 17=46 18=64 19=00 20=80 26=30 27=1b
2b=7f 2c=80 37=48 38=c9 39=35 3a=c9 3e=41 3f=c9 40=2b 41=10 43=11
44=0c 47=50 4a=01 4c=10 93=3a 94=4d 95=02 97=46 98=64 99=00 a0=80
a6=30 a7=1b ab=7f ac=80 b7=48 b8=c9 b9=35 ba=c9 be=41 bf=c9 c0=2b
c1=10 c3=11 c4=0c c7=50 ca=01 cc=10: adm1022
pciide1 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA
atapiscsi0 at pciide1 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-ROM CRN-8241B, 2.23 SCSI0
5/cdrom removable
cd0(pciide1:1:0): using PIO mode 4, DMA mode 2
ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04:
irq 5, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask f7ed netmask ffed ttymask ffef
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
Kernelized RAIDframe activated
cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0
SENSE KEY: Not Ready
 ASC/ASCQ: Medium Not Present
raid0 at root: (RAID Level 1) total number of sectors is 156091648
(76216 MB) as root
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81

Re: What is our ultimate goal??

[Miod Vallat]

   Nonsense, as long as you can plug in some plutonium, things should be
   fine.
 
  Are you tellin' me this sucker is nuclear?
 
 ...Mr. Fusion? ;)

Not until there's a Chorus about it.

Miod

DHCP client failure with cable modem

[David Murphy]

Greetings folks. This week I undertook a project to replace my cheapo home
broadband router with an old laptop running OpenBSD. Success appeared to
have been achieved, but I've run into a snag in the final implementation.

I set up the OBSD router (more info below) to perform NAT and serve DHCP
and DNS for my LAN. After a ridiculously small amount of tweaking, I got
everything working just like I wanted it. Here was the arrangement:

(Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable
Modem)

The cheapo router was still in the loop because I didn't want to disconnect
the rest of my LAN before I was ready. Yesterday I decided I was ready. I
removed the cheapo router and plugged the OBSD router directly into the
modem, there was some rebooting of devices involved, and my desktop could
no longer access the internet. A little sleuthing revealed that the router
was unable to retrieve an address from the modem.

I've done some poking around and searched the list archives. There were a
couple of threads with similar issues, but no definitive solutions that I
found. There were references to cable modems only wanting to serve one
hardware address, but I'm able to use it with either the cheapo router, or
with my desktop plugged directly into it (and I verified that the modem saw
them as two different hardware addresses... no weird proxying going on in
the router). I powered the modem completely down for a few minutes and
plugged only the OBSD router into it when I brought it back up, but still
no luck.

The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE.
The dhclient.conf file is the default, which includes send host-name
hostname;, the only other helpful suggestion I saw in the list archives.
I've tried multiple cables and NICs, to rule out hardware.

I checked the dhclient.conf file on the Ubuntu desktop that pulls an
address from the modem just fine (which is this one, so I'm sure it really
works), and while not identical, it's only configured to send the hostname
as well.

I've hit dead ends with everything now, and so any further suggestions are
quite welcome.

More info on the OBSD box: 

It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just
base42, etc42, and man42. The only non-stock program running is
isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS
going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal).

The setup was done primarily by bending the following two guides to my
setup:

http://www.openbsd.org/faq/pf/example1.html
http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php

The former is just the sample home router from the PF guide, and the latter
addresses DHCP and DNS.

Thanks in advance for any suggestions.

David Murphy


  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

relayd http check connection failures; hoststated operates correctly

[Ben Lovett]

hello,

perhaps it's something that i'm doing wrong here, or a difference
in the way that relayd works compared to hoststated. but here
goes.. i'm attempting to get relayd configured to replace my existing
hoststated setup, doing layer 7 load balancing of web servers.

what's happening is with every http check done, relayd returns a
connect failure. in doing a tcpdump i see the session is
brought up by relayd to the destination servers, the server responds
with a syn/ack, and then a rst is sent by the system running relayd.

...

i have a similar hoststated configuration running on the very same
system, load balancing the very same hosts. it operates as expected,
with the hosts being seen as up and available.

i have attached relayd debug log output, my relayd configuration
file, as well as hoststated debug and the hoststated config.

could someone perhaps shed some light on what i'm doing wrong, if
anything? perhaps a bug in the http check/tcp check code?

if i could be cc'd on any replies, i'd appreciate it. i'm not
currently subscribed to [EMAIL PROTECTED]

cheers,

-ben
startup
init_filter: filter init done
tcp_write: connect timed out
relay_privinit: adding relay www
init_tables: created 0 tables
hce_notify_done: aa.bb.cc.209 (tcp_write: connect failed)
protocol 0: name http
host aa.bb.cc.209, check http code (3ms), state unknown - down, availability 
0.00%
flags: 0x0004
tcp_write: connect timed out
type: hce_notify_done: aa.bb.cc.211 (tcp_write: connect failed)
http
host aa.bb.cc.211, check http code (4ms), state unknown - down, availability 
0.00%
pfe_dispatch_imsg: state -1 for host 3 aa.bb.cc.209
request pfe_dispatch_imsg: state -1 for host 2 aa.bb.cc.211
append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
request append $REMOTE_ADDR to X-Forwarded-For
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
adding 2 hosts from table webhosts:80
adding 2 hosts from table webhosts:80
adding 2 hosts from table webhosts:80
adding 2 hosts from table webhosts:80
adding 2 hosts from table webhosts:80
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
tcp_write: connect timed out
hce_notify_done: aa.bb.cc.209 (tcp_write: connect failed)
tcp_write: connect timed out
hce_notify_done: aa.bb.cc.211 (tcp_write: connect failed)
^Chost check engine exiting
kill_tables: deleted 0 tables
flush_rulesets: flushed rules
pf update engine exiting
socket relay engine exiting
socket relay engine exiting
terminating
[EMAIL PROTECTED] socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
startup
decremented the demote state of group 'carp'
init_filter: filter init done
relay_privinit: adding relay www
init_tables: created 0 tables
protocol 0: name http
flags: 0x0004
type: http
request append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
request append $REMOTE_ADDR to X-Forwarded-For
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
relay_init: max open files 1024
adding 2 hosts from table http_hosts
adding 2 hosts from table http_hosts
adding 2 hosts from table http_hosts
adding 2 hosts from table http_hosts
adding 2 hosts from table http_hosts
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
relay_launch: running relay www
hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded)
host aa.bb.cc.209, check http code (115ms), state unknown - up, availability 
100.00%
pfe_dispatch_imsg: state 1 for host 1 aa.bb.cc.209
hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded)
host aa.bb.cc.209, check http code (116ms), state unknown - up, availability 
100.00%
pfe_dispatch_imsg: state 1 for host 0 aa.bb.cc.209
hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded)
hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded)
^Chost check engine exiting
kill_tables: deleted 0 tables
flush_rulesets: flushed rules
pf update engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
socket relay engine exiting
incremented the demote state of group 'carp'
terminating
socket relay engine exiting
ext_addr=10.10.10.52
webhost1=aa.bb.cc.209
webhost2=aa.bb.cc.209
timeout 800
prefork 5
log updates
demote carp
table http_hosts {
real port http
check http / host www.mysite.com code 200
host $webhost1 retry 2
host $webhost2 retry 2
}
protocol http {
protocol http
header append $REMOTE_ADDR to X-Forwarded-For
header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By
# Various TCP performance options
tcp { nodelay, sack, socket 

Re: relayd http check connection failures; hoststated operates correctly

[Ben Lovett]

forgot to include system details..

this is:
kern.version=OpenBSD 4.3-beta (GENERIC) #661: Thu Feb 21 15:39:36 MST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

-ben

Re: DHCP client failure with cable modem

[David Higgs]

On Fri, Feb 22, 2008 at 6:11 PM, David Murphy [EMAIL PROTECTED] wrote:
 Greetings folks. This week I undertook a project to replace my cheapo home
  broadband router with an old laptop running OpenBSD. Success appeared to
  have been achieved, but I've run into a snag in the final implementation.

  I set up the OBSD router (more info below) to perform NAT and serve DHCP
  and DNS for my LAN. After a ridiculously small amount of tweaking, I got
  everything working just like I wanted it. Here was the arrangement:

  (Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable
  Modem)

  The cheapo router was still in the loop because I didn't want to disconnect
  the rest of my LAN before I was ready. Yesterday I decided I was ready. I
  removed the cheapo router and plugged the OBSD router directly into the
  modem, there was some rebooting of devices involved, and my desktop could
  no longer access the internet. A little sleuthing revealed that the router
  was unable to retrieve an address from the modem.

  I've done some poking around and searched the list archives. There were a
  couple of threads with similar issues, but no definitive solutions that I
  found. There were references to cable modems only wanting to serve one
  hardware address, but I'm able to use it with either the cheapo router, or
  with my desktop plugged directly into it (and I verified that the modem saw
  them as two different hardware addresses... no weird proxying going on in
  the router). I powered the modem completely down for a few minutes and
  plugged only the OBSD router into it when I brought it back up, but still
  no luck.

  The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE.
  The dhclient.conf file is the default, which includes send host-name
  hostname;, the only other helpful suggestion I saw in the list archives.
  I've tried multiple cables and NICs, to rule out hardware.

  I checked the dhclient.conf file on the Ubuntu desktop that pulls an
  address from the modem just fine (which is this one, so I'm sure it really
  works), and while not identical, it's only configured to send the hostname
  as well.

  I've hit dead ends with everything now, and so any further suggestions are
  quite welcome.

  More info on the OBSD box:

  It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just
  base42, etc42, and man42. The only non-stock program running is
  isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS
  going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal).

  The setup was done primarily by bending the following two guides to my
  setup:

  http://www.openbsd.org/faq/pf/example1.html
  http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php

  The former is just the sample home router from the PF guide, and the latter
  addresses DHCP and DNS.

  Thanks in advance for any suggestions.

  David Murphy

Firstly, post something that might help someone troubleshoot your
problems.  Something like a dmesg and any errors that dhclient is
producing.

Disable everything until you can get dhclient to work.  Are you
blocking dhcp packets with pf?  Is your local dynamic DNS service
screwing with your upstream DHCP?

Maybe try unplugging your cable modem for a bit, sometimes they get
picky about how many MAC addresses they'll give IPs to.

--david

LinuxWorld Expo UK 2008

[Edd Barrett]

Hi,

I see on the events page on openbsd.org, there is a uk conference in
london which has question marks against it.

If we are considering presence here, I am willing to attend if we can
gather a small group of OpenBSD people there. Is Wim going?

I know there is atleast one developer in the UK.

http://openbsd.org/events.html

-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett

Dynamic Routing - BGP + OSPF

[askthelist]

I'm trying to implement full dynamic routing with eBGP + Full Mesh iBGP +
OSPF in my current network and am having some issues. I have a 2 routers + 2
firewall setup with no default routes on any nodes. The 2 routers are
plugged into the upstream provider and are both receiving full routes in
addition to a default from the provider. The  2 firewalls have a carp
address internally only for the servers and are speaking iBGP + OSPF with
all other nodes. I noticed that the two firewalls do not forward there iBGP
learned routes to one another. Is this intended/expected behavior? Shouldn't
they each see the iBGP view from each other since i have the announce all
directive?

I must have something set up wrong or maybe I am asking the wrong questions?
Maybe I should describe my problem

My problem is if unplug the external link of the firewall. Outgoing traffic
still hits the Master Carp device since I have no corresponding carp device
on the outside to force preemption if the external link goes down. But
because iBGP connections to the routers are severed and and all associated
routes, including the default are lost, I essentially blackhole outbound
traffic.(As inbound traffic is forwarded to the secondary firewall due to
the OSPF routes).

And I had a redistribute default configured in ospfd.conf on the routers,
however I had problems with this setup as well when I unplugged the external
link on the firewall but this could have been due to my pf configuration on
the firewalls. Should I re-investigate this scenario?

Also how how quickly should traffic be rerouted with OSPF if a link dies? Is
this dependent on the number of routes learned from eBGP? I've noticed
varying time frames when experimenting unplugging different links. Anywhere
from a few seconds to a few minutes? I'm not sure what is typical?

Thanks.

Re: DHCP client failure with cable modem

[Predrag Punosevac]

David Higgs wrote:

On Fri, Feb 22, 2008 at 6:11 PM, David Murphy [EMAIL PROTECTED] wrote:
  

Greetings folks. This week I undertook a project to replace my cheapo home
 broadband router with an old laptop running OpenBSD. Success appeared to
 have been achieved, but I've run into a snag in the final implementation.

 I set up the OBSD router (more info below) to perform NAT and serve DHCP
 and DNS for my LAN. After a ridiculously small amount of tweaking, I got
 everything working just like I wanted it. Here was the arrangement:

 (Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable
 Modem)

 The cheapo router was still in the loop because I didn't want to disconnect
 the rest of my LAN before I was ready. Yesterday I decided I was ready. I
 removed the cheapo router and plugged the OBSD router directly into the
 modem, there was some rebooting of devices involved, and my desktop could
 no longer access the internet. A little sleuthing revealed that the router
 was unable to retrieve an address from the modem.

 I've done some poking around and searched the list archives. There were a
 couple of threads with similar issues, but no definitive solutions that I
 found. There were references to cable modems only wanting to serve one
 hardware address, but I'm able to use it with either the cheapo router, or
 with my desktop plugged directly into it (and I verified that the modem saw
 them as two different hardware addresses... no weird proxying going on in
 the router). I powered the modem completely down for a few minutes and
 plugged only the OBSD router into it when I brought it back up, but still
 no luck.

 The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE.
 The dhclient.conf file is the default, which includes send host-name
 hostname;, the only other helpful suggestion I saw in the list archives.
 I've tried multiple cables and NICs, to rule out hardware.

 I checked the dhclient.conf file on the Ubuntu desktop that pulls an
 address from the modem just fine (which is this one, so I'm sure it really
 works), and while not identical, it's only configured to send the hostname
 as well.

 I've hit dead ends with everything now, and so any further suggestions are
 quite welcome.

 More info on the OBSD box:

 It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just
 base42, etc42, and man42. The only non-stock program running is
 isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS
 going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal).

 The setup was done primarily by bending the following two guides to my
 setup:

 http://www.openbsd.org/faq/pf/example1.html
 http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php

 The former is just the sample home router from the PF guide, and the latter
 addresses DHCP and DNS.

 Thanks in advance for any suggestions.

 David Murphy



Firstly, post something that might help someone troubleshoot your
problems.  Something like a dmesg and any errors that dhclient is
producing.

Disable everything until you can get dhclient to work.  Are you
blocking dhcp packets with pf?  Is your local dynamic DNS service
screwing with your upstream DHCP?

Maybe try unplugging your cable modem for a bit, sometimes they get
picky about how many MAC addresses they'll give IPs to.

--david

  


Forgive me but I will ask a very stupid question. Did you use a cross 
over cable when you connected the OpenBSD box to switch. Your switch 
should also have a button for one of its LAN plugs so that when you use 
regular CAT 5 cable it reverse the stream so that you do not need to buy 
cross over cable.


If the hardware set up is OK you will really need to give much more info 
about  the  network  and  OpenBSD box in particular

so that people can trouble shut.

Best,
Predrag

Re: LinuxWorld Expo UK 2008

[Owain Ainsworth]

On Sat, Feb 23, 2008 at 01:04:43AM +, Edd Barrett wrote:
 Hi,
 
 I see on the events page on openbsd.org, there is a uk conference in
 london which has question marks against it.
 
 If we are considering presence here, I am willing to attend if we can
 gather a small group of OpenBSD people there. Is Wim going?
 
 I know there is atleast one developer in the UK.

I can think of four of us near london, plus there's two more I can think
of.

I may be convinced to turn up.

-- 
According to Kentucky state law, every person must take a bath at least
once a year.

Re: DHCP client failure with cable modem

[David Murphy]

--- Chris Kuethe [EMAIL PROTECTED] wrote:

 I've seen cases where you can only have one client ethernet address on
 your cable modem, and you need to reset everything and give your old
 mac address a chance to time out. you might want to:
 a) change the external address of your openbsd machine to that of your
 old cheapo router, or
 b) power off your cable modem for half an hour and retry, or
 c) call tech support and get them to reset your cable modem.

As stated I've demonstrated that the modem is happy to work with either the
cheapo router or directly with my desktop, and I verified that it sees them
with separate hardware addresses. So it's not hung up on one in particular.

I've brought the modem down for a few minutes, but I could give it a longer
test.

--- David Higgs [EMAIL PROTECTED] wrote:

 Firstly, post something that might help someone troubleshoot your
 problems.  Something like a dmesg and any errors that dhclient is
 producing.

Yeah, I wasn't very specific about that, was I? When I watch it try to grab
an address as it boots, it simply tries DHCPREQUEST for a bit (asking for
the address it had when it was plugged into the cheapo router), then
switches to DHCPDISCOVER. After a bunch of those, it says No DHCPOFFERS
received., and sets itself up with the last address it had from the cheapo
router.

I've also done sh /etc/netstart ep1 after boot, with the same effect. The
very last time I tried it, there was one difference I hadn't seen before:
after the first DHCPREQUEST, it received a DHCPNAK from an address that
appears to be upstream in the ISP's framework. Still no response to the
DHCPDISCOVERs, though.

dmesg doesn't show anything interesting.

 Disable everything until you can get dhclient to work.  Are you
 blocking dhcp packets with pf?  Is your local dynamic DNS service
 screwing with your upstream DHCP?

This setup works just fine when I insert the cheapo router between the
modem and the OBSD router, so pf isn't doing any funny-business. There's
some difference between the router's DHCP and the modem's DHCP that I can't
figure out, and that my desktop machine doesn't notice.

 Maybe try unplugging your cable modem for a bit, sometimes they get
 picky about how many MAC addresses they'll give IPs to.

Alright, I'll unplug it overnight and we'll see what happens in the
morning.

Thanks for the responses.

David Murphy

PS: another piece of info I left out is that my modem is a Motorola
Surfboard SB5120, and my cable ISP is Charter.


  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

You just recieved an electronic card! Thanks!

[Electronic Card's]

Hi,
You just recieved an electronic card!

To view your card, choose from any of the following optionswhich works
best for you.
Method 1
Just click on the following Internet address (if that doesn't work foryou,
copy  paste the address onto your browser's address box.)
http://cards.greetingsnecards.com/cgi-bin/cards/showcard.pl?cardnum=ZBM80616180922460log=greetingsnecards
Method 2
Copy  paste your card number in the view card box 
athttp://www.greetingsnecards.com
Your card number isZBM80616180922460
(For your convenience, the greeting card will be available for the next30
days)
Webmaster,http://www.greetingsnecards.com

Re: DHCP client failure with cable modem

[johan beisser]

On Feb 22, 2008, at 5:32 PM, David Murphy wrote:


PS: another piece of info I left out is that my modem is a Motorola
Surfboard SB5120, and my cable ISP is Charter.


Does charter require PPPoE?

Re: DHCP client failure with cable modem

[bofh]

On Fri, Feb 22, 2008 at 8:32 PM, David Murphy [EMAIL PROTECTED] wrote:
  As stated I've demonstrated that the modem is happy to work with either the
  cheapo router or directly with my desktop, and I verified that it sees them
  with separate hardware addresses. So it's not hung up on one in particular.

The real questions is what happens when your openbsd box is attached
to the cheapo router - does it pull an address from the cheapo router?
 If it does, then then issue is upstream.  If it doesn't, then it is
your openbsd box.


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted. -- Gene Spafford
learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: PCI Gigabit card suggestion?

[scott]

The em's have the advantage that the driver enables and uses hard-level
tcp/udp check-sum offloading.  This does help on mid- to heavy loading.

/S 
-Original Message-
From: michael enoma aghayere [EMAIL PROTECTED]
To: Sunnz [EMAIL PROTECTED]
Cc: misc@openbsd.org
Subject: Re: PCI Gigabit card suggestion?
Date: Fri, 22 Feb 2008 14:09:26 +
Delivered-To: [EMAIL PROTECTED]

On 22/02/2008, Sunnz [EMAIL PROTECTED] wrote:
 Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was
  wondering which brand/model are best supported by OpenBSD... in terms
  of documentaion by the vendor and performance by the device.

  Thanks.


For something cheap and cheerful, but also supported, i'd go for a
D-Link DGE-528T. Was looking them up on the web yesterday.

Re: DHCP client failure with cable modem

[David Murphy]

--- johan beisser [EMAIL PROTECTED] wrote:

 
 On Feb 22, 2008, at 5:32 PM, David Murphy wrote:
 
  PS: another piece of info I left out is that my modem is a Motorola
  Surfboard SB5120, and my cable ISP is Charter.
 
 Does charter require PPPoE?

No. I don't recall having to do any PPPoE setup when I initially set up the
cheapo router, and I definitely didn't do anything like that with my
desktop when I plugged it in.

--- Predrag Punosevac [EMAIL PROTECTED] wrote:

 Forgive me but I will ask a very stupid question. Did you use a cross 
 over cable when you connected the OpenBSD box to switch. Your switch 
 should also have a button for one of its LAN plugs so that when you use 
 regular CAT 5 cable it reverse the stream so that you do not need to buy 
 cross over cable.

No, no crossover cables were used. The problem isn't on the switch side,
though... the switch is on the internal side of the router, which is
working fine. The problem is between the router's external interface and
the modem.

 If the hardware set up is OK you will really need to give much more info 
 about  the  network  and  OpenBSD box in particular
 so that people can trouble shut.

I'd be happy to provide any information requested. I'm quite new to *BSD,
but I'm pretty well-versed in Linux, so tell me what you need, and I'll
find it. If you need more information about the box than what I gave at the
end of my first post, let me know.

Thanks...

David Murphy



  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Re: DHCP client failure with cable modem

[johan beisser]

On Feb 22, 2008, at 8:19 PM, David Murphy wrote:


I'd be happy to provide any information requested. I'm quite new to  
*BSD,
but I'm pretty well-versed in Linux, so tell me what you need, and  
I'll
find it. If you need more information about the box than what I gave  
at the

end of my first post, let me know.


Ok.

When you initially plug in the modem side interface, what does it see?  
Do a basic tcpdump, and watch the traffic for the dhcp assignment.


Secondly, could you forward your pf.conf?

Re: DHCP client failure with cable modem

[David Murphy]

--- johan beisser [EMAIL PROTECTED] wrote:

 Ok.
 
 When you initially plug in the modem side interface, what does it see?  
 Do a basic tcpdump, and watch the traffic for the dhcp assignment.
 
 Secondly, could you forward your pf.conf?

Well now I'm *really* baffled. I read the manpage for tcpdump, got all set
to capture the interface when I plugged in and when I did a netstart... and
the darn thing just decided to work. I made no changes to the setup since
my last set of failed attempts, and I didn't do anything I haven't tried
twice already.

...?

Ugh. I've definitely looked at this enough tonight, but tomorrow I'm gonna
do some powerdowns and powerups and see if there's any sort of consistency
now.

Thanks for talking me through it anyway, folks. 

David Murphy


  

Never miss a thing.  Make Yahoo your home page. 
http://www.yahoo.com/r/hs

ThinkPad : X freezes on exit...

[Mayuresh Kathe]

Hi,

I've got a ThinkPad R61i (dmesg at the bottom of mail).
I configured X using 'X -configure', it showed a nice 1024x768 X
startup screen, but when I did 'Ctrl+Alt+Backspace' to get back to my
console X just froze.
The only way to get out was to do a hard reboot.

Is there anyway to solve this problem?

=== dmesg below ===
OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz (GenuineIntel
686-class) 1.47 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem  = 526667776 (502MB)
avail mem = 501596160 (478MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/28/07, BIOS32 rev. 0 @
0xfdca0, SMBIOS rev. 2.4 @ 0xe0010 (71 entries)
bios0: vendor LENOVO version 7OET24WW (1.03 ) date 06/28/2007
bios0: LENOVO 8932A32
pcibios0 at bios0: rev 3.0 @ 0xfdc30/0x3d0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/304 (17 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 17 Interrupt Routing table entries
pcibios0: no compatible PCI ICU found
pcibios0: Warning, unable to fix up PCI interrupt routing
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0x1! 0xd/0x1a00 0xd1a00/0x1000 0xe/0x1!
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2b06000613
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 800 MHz (1004 mV): speeds: 1467, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82965GM MCH rev 0x0c
vga1 at pci0 dev 2 function 0 Intel 82965GM Video rev 0x0c: aperture
at 0xe000, size 0x800
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel 82965GM Video rev 0x0c at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: irq 11
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: irq 11
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: irq 11
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: irq 11
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Conexant/0x5045 (rev. 1.0), HDA version 1.0
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02:
irq 11, MoW1, address 00:1c:bf:2c:fd:aa
ppb2 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x03
pci3 at ppb2 bus 4
bge0 at pci3 dev 0 function 0 Broadcom BCM5787M rev 0x02,
BCM5754/5787 A2 (0xb002): irq 11, address 00:1a:6b:d4:c9:0e
brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03
pci5 at ppb4 bus 13
uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x03: irq 10
uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x03: irq 11
uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x03: irq 11
ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x03: irq 11
ehci1: timed out waiting for BIOS
usb1 at ehci1: USB revision 2.0
uhub1 at usb1: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xf3
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: irq 10
Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured
sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: irq 11
sdmmc0 at sdhc0
Ricoh 5C843 rev 0x11 at pci6 dev 0 function 3 not configured
Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not configured
Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801HBM LPC rev 0x03: PM disabled
pciide0 at pci0 dev 31 function 1 Intel 82801HBM IDE rev 0x03: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-T20N, WX05 SCSI0
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ahci0 at pci0 dev 31 function 2 Intel 82801HBM SATA rev 0x03: irq 10, AHCI 1.1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: ATA, HITACHI HTS54168, SB2I SCSI2 0/direct fixed
sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total
ichiic0 at pci0 dev 31 function 3 Intel 82801H SMBus 

Re: ThinkPad : X freezes on exit...

[Richard Toohey]

On 23/02/2008, at 8:29 PM, Mayuresh Kathe wrote:


Hi,

I've got a ThinkPad R61i (dmesg at the bottom of mail).
I configured X using 'X -configure', it showed a nice 1024x768 X
startup screen, but when I did 'Ctrl+Alt+Backspace' to get back to my
console X just froze.
The only way to get out was to do a hard reboot.

Is there anyway to solve this problem?



Did you try Ctrl-Alt-F1?