Re: take threads off the table
Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in http://openbsd.org/security.html#40 (or #41)? If no, is there available the same cd40.iso but including these fixes or must I to apply the patches on original system? If there is some doc explaining it with more details, please give me the pointers. Thanks, Tom
FOSDEM 23/24 Feb Brussels
hey, like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. Wim. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= https://kd85.com/notforsale.html --
Re: Updates for old releases
2008/2/22, Antonio Lobato [EMAIL PROTECTED]: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in release != stable; you'll have to apply the patches (or get the/a newer release)
Re: Updates for old releases
Antonio Lobato schrieb: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in http://openbsd.org/security.html#40 (or #41)? No If no, is there available the same cd40.iso but including these fixes or must I to apply the patches on original system? No, and don't use 4.0 as 4.2 is already available and supported. If there is some doc explaining it with more details, please give me the pointers. Thanks, You want to check http://www.openbsd.org/faq/faq5.html#Flavors Tom guido
Re: Updates for old releases
On Fri, Feb 22, 2008 at 05:48:14AM -0300, Antonio Lobato wrote: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in http://openbsd.org/security.html#40 (or #41)? If no, is there available the same cd40.iso but including these fixes or must I to apply the patches on original system? It is the original release cdrom. What you can do is make your own iso image. See man release. -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
Re: FOSDEM 23/24 Feb Brussels
Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: There's something about OpenBSD...
[EMAIL PROTECTED] wrote: For instance 'ggrep -r ...' instead of 'grep -r ...' to search recursively with gnu grep (a worthless feature imho). Displaying the name of the file and the matched line nicely like grep -r does is not elegant with find + grep without using a script or a long and inelegant alias - or if it is, I'd be interested in how it can be done in case I need to work on some ancient unix. $ find DIR -type f -print0 | xargs -0 grep PATTERN which, unlike 'find ... -exec' is just as fast as 'grep -r', and unlike 'grep -r', will skip special devices, symlinks, etc. # uname -a SunOS dumbhost.test.se 5.10 Generic_118855-33 i86pc i386 i86pc # find /etc -type f -print0 find: bad option -print0 find: [-H | -L] path-list predicate-list But yes, its probably bad to start one grep per file.
Re: Updates for old releases
On Friday, February 22, 2008 at 05:48:14 -0300, Antonio Lobato wrote: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in http://openbsd.org/security.html#40 (or #41)? If no, is there available the same cd40.iso but including these fixes or must I to apply the patches on original system? If there is some doc explaining it with more details, please give me the pointers. There's more on this on http://www.openbsd.org/faq/faq5.html#Flavors To summarize: what's on the CD's and FTP-servers is -release, it is not updated. The patches for -stable are only distributed as source code. There are no official builds of the -stable tree. About a year ago I started to create regular builds of the -stable trees (the two supported trees). You can use them, if you trust me ;-) You can find links to some mirrors on http://www.z74.net/openbsd.html Maurice
Re: Cold Boot Attacks on Encryption Keys
* [EMAIL PROTECTED] [EMAIL PROTECTED] [2008-02-22 03:18]: The paper you mentioned has some info on possible countermeasures. The best (IMO) is physically securing your RAM. This seems to fit in best with OpenBSD's philosophy, which has never been to put much time into thwarting attacks that require physical access to the box -- if you have that, there are MANY avenues of attack, most of which don't benefit much from immersing components in liquid N_2. Then we could drop the whole encryption framework, or? Why encrypting OWs? Nobody could crack the PWs if they don't have phisical access.. why encrypting the HDDs or using IPSec? It's all about physical security so why does OpenBSD care? it should be kind of obvious the the scope for physical security in the ipsec case is a whole lot different than just access to the computer. as for passwords, yes, the encrypted passwords to travel over the net in some setups. Of course there many kinds of attack but if somebody shutdowns your box and reads the infos from your memory there's something we can do about it: Overwriting it is overwhelming how you -fail to understand how malloc and friends work -fail to research on that -yet, without the slightest clue, start ranting and making suggestions kinda a definition of trolling. Tell me how to ensure phyiscal security in bigger networks?! I don't talk about a 50+ company where you know everybody but more about 1k+ up to 130k users and more. fortunately, nobody with at least half a braincell left will let you anywhere close to such a network ever. if I'm wrong if? you really think that is a conditional? please correct me.. that has been proven pointless numerous times before. please just leave and annoy somebody else with your shit. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Remote Admin Card - Dell DRAC or HP ILO2 ?
On Thu, Feb 21, 2008 at 08:10:16PM +0100, Nick Nauwelaerts wrote: I don't really see how this is related to openbsd, but ilo2 wins hands down to drac, but has a costly advanced license. Installing openbsd through ilo2 virtual cd works just fine btw. I thought you only needed the license if you used higher resolutions than a basic console. If you are just using text mode on the console, then they work excellently. I've used both with OpenBSD firewalls and infinitely prefer the HP ones. -- joe. Jennifer's dad sent her a nice cuddly cat, so that's nice.
CanSecWest 2008 Mar 26-28
CanSecWest 2008 Presentations Snort 3.0 - Marty Roesch, Sourcefire Cross-Site Scripting Vulnerabilities in Flash Authoring Tools - Rich Cannings, Google Proprietary RFID Systems - Jan starbug Krissler and Karsten Nohl, CCC Media Frenzy: Finding Bugs in Windows Media Software - Mark Dowd and John McDonald, IBM ISS Targeted Attacks and Microsoft Office Malware - Rob Hensing, Microsoft Virtually Secure - Oded Horovitz, VMWare Malicious Cryptography - Fridiric Raynal and Eric Filiol, Sogeti/Cap-Gemini and ESAT The Death of AV Defense in Depth: Revisiting Anti-Virus Software - Thierry Zoller and Sergio Alvarez, nRuns VMWare Issues - Sun Bing, McAfee Intrusion Detection Systems Correlation: a Weapon of Mass Investigation - Sebastien Tricaud and Pierre Chifflier, INL Web Wreck-utation - Dan Hubbard and Stephan Chenette, WebSense Secure programming with gcc and glibc - Marcel Holtmann, Intel Mobitex network security - olleB, toolcrypt.org Peach Fuzzing - Michael Eddington, Leviathan Fuzz by Number - Charlie Miller, Independent Security Evaluators Fuzzing WTF? What Fuzzing Was, Is And Never Will Be. - Frank Marcus and Mikko Varpiola,Wurldtech / Condenomicon Vulnerabilities Die Hard - Kowsik Guruswamy, Mu Hacking Windows Vista - Dan Grifin, JW Secure ExeFilter: a new open-source framework for active content filtering - Philippe Lagadec, NATO/NC3A VetNetSec: Security testing for Extremists - Eric Hacker, BT INS w3af: A framework to own the web - Andres Riancho, Cybsec A Unique Behavioral Science Approach to Threats, Extortion and Internal Computer Investigations - Scott K. Larson, Stroz Friedberg -- 2008 Dojos Vulnerability Discovery Demystified Mark Dowd and Justin Schuh The Exploit Laboratory - Advanced Edition Saumil Shah Advanced Honeypot Tactics Thorsten Holz Mastering the network with ScapyPhilippe Biondi Voice over IP (VoIP) Security Nico Fischbach Practical 802.11 WiFi (In)Security Cidric Blancher Advanced Linux HardeningAndrea Barisani Defend The Flag Microsoft -- 2008 PWN 2 OWN There will be three targets: A MacBook Air, running the latest OSX, patched, typical configuration. A Sony VAIO VGN-TZ37CNB, running Ubuntu, latest release. A Fujitsu U810, Running Vista, latest update. The contest will be adjudicated by our impartial celebrity judge: Ronald C. Dodge JR., Ph.D. Lieutenant Colonel, Academy Professor Associate Dean, Information and Education Technology, United States Military Academy The victory conditions will be the contents of specific specially planted files on each system, to be extracted by winners. Hack them and you get to keep them, and any associated prizes for the exploits used, oh and the fame and glory. :-) Browsers (I.E., Mozilla, Safari), Mail Clients (Outlook, Mail.app, Thunderbird), and IM clients (MSN, Adium, Pigdin, Skype all platforms) are all in scope. More details and official rules soon. cheers, --dr -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada March 25-28 - 2008http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Re: Cold Boot Attacks on Encryption Keys
it's all a marketing scheme for the Apple laptop with soldered RAM...
Re: FOSDEM 23/24 Feb Brussels
Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: Cold Boot Attacks on Encryption Keys
Stuart Henderson it's all a marketing scheme for the Apple laptop with soldered RAM... Please, not when I'm drinking coffee.
Re: Remote Admin Card - Dell DRAC or HP ILO2 ?
Hi, Xavier MilliC(s-Lacroix schrieb: We need to be able to do 'quite' everything remotely (from installing (virtual floppy / cd / dvd) to exploitation). I've got some experience with DRACs... some good (it works) but mostly bad... good thing is, with DRAC 4/5 you can load an iso image into the DRAC (virtual CD) and install from there. Also got a remote console. It just does all what you need, imho... BUT... ..now the bad... most stuff only works with Windows/IE(6)... or Firefox/Linux. The DRAC firmware doesn't even recognize OpenBSD. With the DRAC 4 it isn't so bad, it just asumes you use Linux instead, the DRAC 5 however sees that it isnt Linux, so it must be Windows and offers you ActiveX stuff instead of Java with Firefox using OpenBSD... kinda sucks, so the remote console isn't working. Also, the firmware... for DRAC 4 the latest 1.4 and 1.6 seem to work pretty well... with DRAC 5 you need 1.32, everything else before that... total piece if shit. Basically one can say... if you get a DRAC, you need the IE... either Windows/IE or Wine/IE, version 6 of cause, 7 doesn't work properly. Michael
Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60
On Thu, Feb 21, 2008 at 8:40 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Thu, Feb 21, 2008 at 03:41:30PM +0530, Amarendra Godbole wrote: I am unable to move the display to a projector or an external monitor on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the keycombination to be used to switch displays, but it does not work. Now, I am not too sure if this is a function of the OS, or Thinkpad's firmware. Search engines turned up nothing. Can someone suggest a way by which I can make use of an external monitor? Any software package to control this? Thanks. When you boot the laptop, go into the bios (just to prevent booting). Have the external monitor attached. Hit your key combo and you should get the bios screen on the external monitor. If this works, then you're on the right track. If it doesn't, then you know that its not the OS fault. [...] Okay, this works - going to BIOS, hitting a Fn-F7, and getting the display on the extenal monitor. But now I have lost my notebook display, but this is workable for the timebeing (I am also investigating the xrandr option suggested by Matthieu). Thanks. -Amarendra
Re: FOSDEM 23/24 Feb Brussels
You're right, this is the native language of the Netherlands, and also (in a slightly modified version) the one spoken by half the people from belgium. The first one is the dutch, the second the flemish. I think if you try to binary-xor it with the lyrics from latest song from clouseau, you'd get something near english you can understand. cheers, nicodache_punt_be ^^ 2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]: Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60
On Fri, Feb 22, 2008 at 12:05 PM, Matthieu Herrb [EMAIL PROTECTED] wrote: On Thu, Feb 21, 2008 at 11:11 AM, Amarendra Godbole [EMAIL PROTECTED] wrote: I am unable to move the display to a projector or an external monitor on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the keycombination to be used to switch displays, but it does not work. Now, I am not too sure if this is a function of the OS, or Thinkpad's firmware. Search engines turned up nothing. Can someone suggest a way by which I can make use of an external monitor? Any software package to control this? Thanks. The X60 is using intel i965 graphics right? (hard to tell without some dmesg or Xorg.0.log attached to your message) So X is normally using the 'intel' driver which uses XRandR 1.2. Plug you projector or external monitor, run 'xrandr --auto' and you should be setup for mirroring. Check the xrandr(1) man page and the intel web site http://www.intellinuxgraphics.org/dualhead.html for more configuration options. If I wrong and the X60 doesn't use an intel chipset, please post more details first (Xorg.0.log or dmesg at least) 945GM is the chipset. I tried playing around with xrandr, but no luck. Most likely I am unable to get the concepts right. Anyways, my Xorg.log.0, dmesg, and xrandr are hosted here: http://www.obscure.org/~amunix/misc/ I'd appreciate if you can help me here. Oh, BTW, I noticed some option in the BIOS which sets boot display, and the values are LCD screen, VGA, both. If I select VGA or both, my output goes only to the VGA, but not on the LCD. :-| -Amarendra
Re: Remote Admin Card - Dell DRAC or HP ILO2 ?
Hello, I'm not sure but advanced ilo provides remote cd/dvd/floppy ? Is it true ? Xavier. 2008/2/22, Joe Warren-Meeks [EMAIL PROTECTED]: On Thu, Feb 21, 2008 at 08:10:16PM +0100, Nick Nauwelaerts wrote: I don't really see how this is related to openbsd, but ilo2 wins hands down to drac, but has a costly advanced license. Installing openbsd through ilo2 virtual cd works just fine btw. I thought you only needed the license if you used higher resolutions than a basic console. If you are just using text mode on the console, then they work excellently. I've used both with OpenBSD firewalls and infinitely prefer the HP ones. -- joe. Jennifer's dad sent her a nice cuddly cat, so that's nice.
Re: Updates for old releases
On Fri, Feb 22, 2008 at 10:33:00AM +0100, Maurice Janssen wrote: About a year ago I started to create regular builds of the -stable trees (the two supported trees). You can use them, if you trust me ;-) You can find links to some mirrors on http://www.z74.net/openbsd.html I think it is great that you are doing this, however why are you a third party? Can you not upload your binaries to the official mirrors? -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
Re: Nfsen and php problems...?
--On February 18, 2008 9:48:09 +0100 Tasmanian Devil [EMAIL PROTECTED] wrote: | Hello! | | lookup.php at least gives a yellow page and also allows me to see it's | source, unlike the others: | | ? | /* This file was automatically created by the NfSen install.pl script */ Ouch! I'll fix that! All other php files have the right tags! Thanks - Peter | | This and especially the empty pages sound like you've short_open_tag | = Off in your /var/www/conf/php.ini. From that file: | | ; Allow the ? tag. Otherwise, only ?php and script tags are recognized. | ; NOTE: Using short tags should be avoided when developing applications or | ; libraries that are meant for redistribution, or deployment on PHP | ; servers which are not under your control, because short tags may not | ; be supported on the target server. For portable, redistributable code, | ; be sure not to use short tags. | short_open_tag = Off | | So if my guess is right, you should either fix the php files or set | short_open_tag = On. | | Tas. | -- Peter Haag
PCI Gigabit card suggestion?
Hi I have been looking at: http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html However I am very puzzled... can someone please tell me which chipset you found that worked the best for you and if possible, which model of the brand you have brought after all? I am kind of scared of the bugs and caveat sections in some of the drivers... are they a show stopper at all? But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not go for the best supported one? -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: There's something about OpenBSD...
Janne Johansson wrote: [EMAIL PROTECTED] wrote: For instance 'ggrep -r ...' instead of 'grep -r ...' to search recursively with gnu grep (a worthless feature imho). Displaying the name of the file and the matched line nicely like grep -r does is not elegant with find + grep without using a script or a long and inelegant alias - or if it is, I'd be interested in how it can be done in case I need to work on some ancient unix. $ find DIR -type f -print0 | xargs -0 grep PATTERN which, unlike 'find ... -exec' is just as fast as 'grep -r', and unlike 'grep -r', will skip special devices, symlinks, etc. # uname -a SunOS dumbhost.test.se 5.10 Generic_118855-33 i86pc i386 i86pc # find /etc -type f -print0 find: bad option -print0 find: [-H | -L] path-list predicate-list But yes, its probably bad to start one grep per file. $ find /etc -type f -exec printf %s\0 {} \; (if they've got printf, that is :) I'd guess a printf process has less startup overhead than grep. But, uh-oh... Does solaris have xargs -0? :-) /Alexander
Re: FOSDEM 23/24 Feb Brussels
Mayuresh Kathe ha scritto: Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. It's dutch! mijncomputer.nl the tld .nl = Netherlands... So...It's simple. jaar (NL) = year(EN) Francesco 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: PCI Gigabit card suggestion?
Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was wondering which brand/model are best supported by OpenBSD... in terms of documentaion by the vendor and performance by the device. Thanks.
Re: PCI Gigabit card suggestion?
sk(4), em(4) and even bge(4) are considered good. -- Thanks, Jordi Espasa Clofent
Re: FOSDEM 23/24 Feb Brussels
Actually, it's the Netherlands that speak a slightly modified version of dutch. Only Flemish Belgium speaks true Dutch. The term Flemish covers the Belgian Dutch dialects. It's a bit confusing because of the naming and translations to English, I think this is caused by the fact that Belgium is partly French and the Netherlands is completely Dutch. ps: will be at Fosdem too - Oorspronkelijk bericht - Van: nicodache [mailto:[EMAIL PROTECTED] Verzonden: vrijdag, februari 22, 2008 12:35 PM Aan: misc@openbsd.org Onderwerp: Re: FOSDEM 23/24 Feb Brussels You're right, this is the native language of the Netherlands, and also (in a slightly modified version) the one spoken by half the people from belgium. The first one is the dutch, the second the flemish. I think if you try to binary-xor it with the lyrics from latest song from clouseau, you'd get something near english you can understand. cheers, nicodache_punt_be ^^ 2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]: Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: PCI Gigabit card suggestion?
Hi Sunnz, http://www.openbsd.org/cgi-bin/man.cgi?query=gigabitapropos=1sektion=0manpath=OpenBSD+4.2arch=amd64format=html I have been looking at: http://www.openbsd.org/amd64.html#hardware But yea I'll need to buy a new PCI Gigabit Ethernet anyway so why not go for the best supported one? There are references in the archives. It depends on your budget and your task. People seem to like em and sk. For desktops, I might get a bunch of re's. HTH... Nico
Intel S5000VSA motherboards?
Any experiences with Intel S5000VSA motherboards? Regards, Liviu Daia -- Dr. Liviu Daia http://www.imar.ro/~daia
Re: FOSDEM 23/24 Feb Brussels
Don't forget to say that Belgium is partly german too... For those who alreayd think belgium that Belgium is complicated, please learn that we also have 7 governments ; the federal one (for the whole country), 3 for each region, and 3 for each community. Take in accounting that one cannot work for the federal governement as well as for the regional one, but well for the community (or something like that), and the region of brussels is in the flemish community while 85% of its residents speak french... And we organise FOSDEM in there... Ikke ps : just for the fun, our futur prime minister who already tried for 6 months to set up a governement before we fall back to the old one, already has an ulcer due to belgium politic stress... pps : I'll be in fosdem too On Fri, Feb 22, 2008 at 1:39 PM, Tom Van Looy [EMAIL PROTECTED] wrote: Actually, it's the Netherlands that speak a slightly modified version of dutch. Only Flemish Belgium speaks true Dutch. The term Flemish covers the Belgian Dutch dialects. It's a bit confusing because of the naming and translations to English, I think this is caused by the fact that Belgium is partly French and the Netherlands is completely Dutch. ps: will be at Fosdem too - Oorspronkelijk bericht - Van: nicodache [mailto:[EMAIL PROTECTED] Verzonden: vrijdag, februari 22, 2008 12:35 PM Aan: misc@openbsd.org Onderwerp: Re: FOSDEM 23/24 Feb Brussels You're right, this is the native language of the Netherlands, and also (in a slightly modified version) the one spoken by half the people from belgium. The first one is the dutch, the second the flemish. I think if you try to binary-xor it with the lyrics from latest song from clouseau, you'd get something near english you can understand. cheers, nicodache_punt_be ^^ 2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]: Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: FOSDEM 23/24 Feb Brussels
Well then Afrikaans must be a slightly modified version of Flemish! :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Van Looy Sent: 22 February 2008 02:40 PM To: nicodache Cc: misc@openbsd.org Subject: Re: FOSDEM 23/24 Feb Brussels Actually, it's the Netherlands that speak a slightly modified version of dutch. Only Flemish Belgium speaks true Dutch. The term Flemish covers the Belgian Dutch dialects. It's a bit confusing because of the naming and translations to English, I think this is caused by the fact that Belgium is partly French and the Netherlands is completely Dutch. ps: will be at Fosdem too - Oorspronkelijk bericht - Van: nicodache [mailto:[EMAIL PROTECTED] Verzonden: vrijdag, februari 22, 2008 12:35 PM Aan: misc@openbsd.org Onderwerp: Re: FOSDEM 23/24 Feb Brussels You're right, this is the native language of the Netherlands, and also (in a slightly modified version) the one spoken by half the people from belgium. The first one is the dutch, the second the flemish. I think if you try to binary-xor it with the lyrics from latest song from clouseau, you'd get something near english you can understand. cheers, nicodache_punt_be ^^ 2008/2/22 Mayuresh Kathe [EMAIL PROTECTED]: Golly, what language is that? is it the native language of NL? I tried running it through 'rot13', but that complicated it even more. 2008/2/22 Han Boetes [EMAIL PROTECTED]: Ik zal er niet bij zijn dit jaar, maar ik wens je wel veel plezier. :-) Groetjes aan Tilly. ;-) Wim Vandeputte wrote: like each year we'll be present at the FOSDEM event in Brussels, it's completely free entrance, plenty of interesting things to see, even a BSD devroom with presenations Feel free to drop by http://www.fosdem.org/ This weekend. # Han
Re: PCI Gigabit card suggestion?
On Fri, Feb 22, 2008 at 7:52 AM, Jordi Espasa Clofent [EMAIL PROTECTED] wrote: sk(4), em(4) and even bge(4) are considered good. There's even a $30 to $40 intel card (e1000g?) at newegg -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: Cold Boot Attacks on Encryption Keys
On 2/22/08, Siegbert Marschall [EMAIL PROTECTED] wrote: Yes DRAM can preserve data for a while, even after shutting down power. Depending on the type of DRAM it can be milliseconds to days BUT it will only preserve part of the data, so the chance of finding some passwords in there does exist but has very little real world implications. the quickest way of improving security for this particular type of attack, apart from having sensitive data such as keys around only when needed, is ensuring there's no quick way of booting from a different media and ensuring it takes as long as possible to move the RAM (this would be a plus also for the disks) physically. Physical security _is needed_ anyways. Soekris boxes also have soldered RAM. --knitti
Re: Updates for old releases
One question I have is if 4.0 is stilled being patched? I notice that there are several patches out in 4.2 or 4.1, for example: 005: RELIABILITY FIX: January 11, 2008 All architectures A missing NULL pointer check can lead to a kernel panic. A source code patch exists which remedies this problem But either these don't apply to 4.0, or 4.0 is not having patches created anymore. That is the official policy for older releases with regards to patches? Thanks, Jay 2008/2/22, Antonio Lobato [EMAIL PROTECTED]: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in release != stable; you'll have to apply the patches (or get the/a newer release)
Re: FOSDEM 23/24 Feb Brussels
Well then Afrikaans must be a slightly modified version of Flemish! :-) Real flemish only sounds correct if altitude is close to or (preferrably) below the sea level, though. Miod
Re: What is our ultimate goal??
On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote: SO now do you want FireEngine? Or rather SMPng networking? Or would you like ReallyHyperFastZoomStreamCyberWoosh? Now that you've brought it up, I would really like a ReallyHyperFastZoomStreamCyberWoosh TCP stack. Just make sure it doesn't require 1.2Jigawatts of power and have interesting side effects when it gets to 88mph. But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to OpenBSD would seriously impact performance of OpenBSD on mundane processors. Nonsense, as long as you can plug in some plutonium, things should be fine.
Re: PCI Gigabit card suggestion?
On 22/02/2008, Sunnz [EMAIL PROTECTED] wrote: Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was wondering which brand/model are best supported by OpenBSD... in terms of documentaion by the vendor and performance by the device. Thanks. For something cheap and cheerful, but also supported, i'd go for a D-Link DGE-528T. Was looking them up on the web yesterday. -- ~michael www.BSDqed.com
Re: FOSDEM 23/24 Feb Brussels
Tom Van Looy schreef: Actually, it's the Netherlands that speak a slightly modified version of dutch. Only Flemish Belgium speaks true Dutch. The term Flemish covers the Belgian Dutch dialects. It's a bit confusing because of the naming and translations to English, I think this is caused by the fact that Belgium is partly French and the Netherlands is completely Dutch. ps: will be at Fosdem too The Flemish speaking Belgians refer to their language as 'Nederlands' (Dutch), not 'Vlaams' (Flemish). Vlaams is mainly used to denote the geographical area or the residents of that area (Vlamingen), not the language itself. The differences with Dutch are subtle but sometimes quite confusing (to both sides). Dutch will call an OpenBSD sticker just a 'sticker', the imported English word, where the Flemish Belgians will refer to 'zelfklever' ( = self sticking item, a literal translation). Zelfklevers. That to me is pure beauty. Especially if Wim brings enough so he's not sold out Sunday ;-)
Re: Updates for old releases
Jay Hart schrieb: One question I have is if 4.0 is stilled being patched? I notice that there are several patches out in 4.2 or 4.1, for example: 005: RELIABILITY FIX: January 11, 2008 All architectures A missing NULL pointer check can lead to a kernel panic. A source code patch exists which remedies this problem But either these don't apply to 4.0, or 4.0 is not having patches created anymore. Because 4.0 is no longer maintained after 4.2 was released. That is the official policy for older releases with regards to patches? http://www.openbsd.org/faq/faq5.html#Flavors Kind regards, Markus
Re: Updates for old releases
Jay, Only the current version (4.2) and 1 previous version (4.1) are supported. That means no more patches for 4.0 as soon as 4.2 came out. For more information, please refer to the OpenBSD FAQ. s -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jay Hart Sent: Friday, February 22, 2008 8:41 AM To: Mark Prins Cc: misc@openbsd.org Subject: Re: Updates for old releases One question I have is if 4.0 is stilled being patched? I notice that there are several patches out in 4.2 or 4.1, for example: 005: RELIABILITY FIX: January 11, 2008 All architectures A missing NULL pointer check can lead to a kernel panic. A source code patch exists which remedies this problem But either these don't apply to 4.0, or 4.0 is not having patches created anymore. That is the official policy for older releases with regards to patches? Thanks, Jay 2008/2/22, Antonio Lobato [EMAIL PROTECTED]: Hi all! I read http://openbsd.org/security.html (and stable.html), but could not make sure about my question. If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of openbsd, does it already includes the fixes listed in release != stable; you'll have to apply the patches (or get the/a newer release)
Re: Asian lang support with generic kernel
I am going to spend some more time over this weekend on setting up my OBSD desktop. Any comments regarding my post below are welcome. Thank you! Arthur - Original Message - From: arthur To: Openbsd Misc (E-mail) Sent: Wednesday, February 20, 2008 10:38 AM Subject: Asian lang support with generic kernel Hi All, I am new to OBSD but I like its secure and simple. Thanks everyone to make this happen!! I try to install obsd as my desktop workstation. I install from 4.2 release and now the X/KDE is running. After install KED-I18N-cn pkg, now I can open web pages in Chinese. I will deal with the fonts/inputmethod/tuneup later, even I don't know how to do that yet, but I think those are doable (it is X anyway). One problem I have is that I can't save local disk file with Chinese filename. Does generic kernel support Asian language? If so, there is any link/hint on how to config that. If not, is there anyway to patch it, and how. Google gave me some pages on how to patch older version of OBSD to support Asian language but I can't find any info regarding v4.2. Thank you. Arthur
Re: Updates for old releases
Jay Hart schrieb: One question I have is if 4.0 is stilled being patched? I notice that there are several patches out in 4.2 or 4.1, for example: 005: RELIABILITY FIX: January 11, 2008 All architectures A missing NULL pointer check can lead to a kernel panic. A source code patch exists which remedies this problem But either these don't apply to 4.0, or 4.0 is not having patches created anymore. Because 4.0 is no longer maintained after 4.2 was released. Thanks, that means I will be upgrading to 4.2 stable (at least) this weekend. Jay That is the official policy for older releases with regards to patches? http://www.openbsd.org/faq/faq5.html#Flavors Kind regards, Markus
Re: Cold Boot Attacks on Encryption Keys
On Thu, Feb 21, 2008 at 11:22:54PM -0300, Giancarlo Razzolini wrote: [snip] be done, i also saw those kind of display dumps with some video cards [snip] it's called burn-in. *ducks* /t
Re: FOSDEM 23/24 Feb Brussels
On Fri, Feb 22, 2008 at 12:39:42PM +, Tom Van Looy wrote: Actually, it's the Netherlands that speak a slightly modified version of dutch. Only Flemish Belgium speaks true Dutch. And don't confuse it with the FRISIAN in noord-nederland. As a good dutch (the nederlands version, assuming a pre-alpha of vlaams) speaking german, it's a pain for me in both areas. AND the most signifant part of this country is: The highways used to be illuminated at night with a terrible orange light. But on the other side: The chocolate and the french fries and some beers of the different dozens are very good. So it's worth. --- Andri Braselmann
Re: FOSDEM 23/24 Feb Brussels
Zelfklevers. That to me is pure beauty. That's like Aufkleber in German :) ~ vb
Nouvelle carte valable partout.
si la page ne s'affiche pas http://www.avantages-marketing.com/ Billetterie - Dotations - Cadeaux d'Affaires ou Comitis d'EntrepriseNouveauti 2008 la CARTE CINEMA interactive pour TOUS LES CINEMAS ! LE SAVIEZ-VOUS ? Il existe en France environ 2000 cinimas. Les grandes enseignes (ou riseaux) reprisentent un peu plus de la moitii. Lâautre partie reprisente des centaines dâexploitants indipendants. Contrairement aux idies regues, les grands multiplexes ne font pas toujours partie dâun riseau national câest par exemple le cas dans des villes comme Clermont Ferrand, Auxerre, Limoges ou Dunkerque. LA CULTURE NE SâIMPOSE PAS La culture siduit, se dicouvre, se transmet, se dicide⦠Imposer la culture est un non-sens. Votre Entreprise, cette porte grande ouverte vers la culture et les loisirs, se doit de difendre cette idie : La culture ne sâimpose pas ! Une Entreprise ne doit pas dicider ` la place des binificiaires quel cinima ils doivent friquenter, quels que soient les accords, les promotions, le nombre de salles, la proximiti de vos locaux, etc. Câest au binificiaire de choisir le cinima dans lequel il souhaite se rendre. Bien s{r, lâEntreprise doit faciliter lâacchs aux cinimas les plus proches, car ils correspondent ` la majoriti des demandes. Mais il ne faut pas se fermer ` lâidie que certaines personnes prifhrent parcourir quelques kilomhtres pour se rendre dans leur salle prifirie ou utiliser leur carte lors de leurs prochaines vacances. QUELLES SONT LES SOLUTIONS ? Tout dâabord, nous tenons ` votre disposition la liste de tous les cinimas de France. Nous pouvons donc faciliter votre relation avec les cinimas indipendants qui se trouvent ` proximiti de vos locaux. Ils sont nombreux ` proposer des tarifs spiciaux aux Entreprises. Cette solution est particulihrement facile ` mettre en place lorsque vous jtes ` proximiti dâun ou deux cinimas. Mais parfois les choses se compliquent⦠PRENONS LâEXEMPLE DE LâAGGLOMIRATION NANTAISE : Sur cette carte, sont prisents tous les riseaux, toutes les enseignes, tous les groupements mais aussi des indipendants. [IMAGE] VOTRE DILEMME : Comment choisir sans imposer ? Comment jtre s{r de faire plaisir ? Câest pour cette raison, et tant dâautres que nous avons crii une carte cinima novatrice et polyvalente, qui offre de nombreux avantages, quelle que soit votre rigion. Elle est dotie dâoptions qui simplifient votre gestion (design personnalisi, garantie contre le vol,validiti variable, etc.) La CarteCini La solution pour toutes les Entreprises [IMAGE] [IMAGE] La CarteCini est une carte pripayie, ichangeable contre un chhque cinima, quel que soit le riseau, le groupement ou lâenseigne, y compris les cinimas indipendants. A ce jour, TOUS LES CINEMAS DE FRANCE, sans exception, sont accessibles via la CarteCini. Sur chaque carte figure les iliments permettant au binificiaire de transformer son bon dâichange contre une place de Cinima (chhque ou carte Cinima directement valable dans la caisse du Cinima demandi). Il sâagit dâun numiro de chhque, dâune date de validiti (6 ` 24 mois environ ) et dâun code dâactivation. Passons maintenant ` la partie activation, qui permet de transformer une CarteCini en un chhque cinima : Cette activation peut se faire par tiliphone en contactant nos services (numiro imprimi au verso de la CarteCini), mais aussi, et surtout, par Internet, en moins dâune minute, sur le site. [IMAGE] Une fois connecti, il suffit de reporter le numiro, la date de validiti et le code activation dans les emplacements privus. [IMAGE] Si le binificiaire est dij` passi par le site, il lui suffit de sâidentifier, sinon il saisit ses coordonnies une fois pour toutes. Les informations comme le tiliphone ou lâadresse email ne sont pas obligatoires mais elles permettent de communiquer avec le service client en cas de besoin. Câest le binificiaire qui choisit lui-mjme son pseudo et son mot de passe ce qui ivite une attribution arbitraire dont il aurait du mal ` se souvenir par la suite. [IMAGE] [IMAGE] Automatiquement le site prisente lâensemble des cinimas de votre ville, il est possible dâitendre la recherche ` tout le dipartement ou plus simplement de saisir soit-mjme un dipartement. On peut igalement saisir une adresse occasionnelle (le lieu de vacances par exemple). Une liste complhte sâaffiche avec 9 cinimas par page et la possibiliti de passer ` la page suivante. [IMAGE] Si le cinima souhaiti nâest pas prisent sur la liste (un nouvel itablissement, par exemple), il est possible dâalerter le service client, directement sur le site ou par tiliphone. Sur la dernihre page, le binificiaire trouve un ricapitulatif de son ichange. Il est encore possible de changer dâavis et de procider ` des modifications. On peut igalement saisir plusieurs cartes. Il suffit ensuite de cliquer sur le bouton fin pour valider difinitivement sa demande. [IMAGE] [IMAGE] Les demandes saisies avant
Re: FOSDEM 23/24 Feb Brussels
On Fri, 22 Feb 2008, Miod Vallat wrote: Real flemish only sounds correct if altitude is close to or (preferrably) below the sea level, though. Miod I hear drinking mass quantities of beer gets you close or below sea level too.
Re: [OT] beefy steel cases
In article [EMAIL PROTECTED], Douglas A. Tutty wrote: I'm wondering if in your travels, have any of you seen a case (tower, desktop, or rackmount) that is: - Grab an old iron stove, and stuff a newer case into it. - Go to the nearest welding shop, have them weld a nice 500lb steel box. - ... -Toby. -- [100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
Re: FOSDEM 23/24 Feb Brussels
Andri Braselmann schrieb: AND the most signifant part of this country is: The highways used to be illuminated at night with a terrible orange light. Aa, that's where the term oranje is derived from? ;) -- Michael Schmidt MIRRORS: Watcom ftp://ftp.fh-koblenz.de/pub/CompilerTools/Watcom/ OpenOffice ftp://ftp.fh-koblenz.de/pub/OpenOffice/
Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60
On Fri, Feb 22, 2008 at 05:15:08PM +0530, Amarendra Godbole wrote: On Thu, Feb 21, 2008 at 8:40 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: When you boot the laptop, go into the bios (just to prevent booting). Have the external monitor attached. Hit your key combo and you should get the bios screen on the external monitor. If this works, then you're on the right track. If it doesn't, then you know that its not the OS fault. [...] Okay, this works - going to BIOS, hitting a Fn-F7, and getting the display on the extenal monitor. But now I have lost my notebook display, but this is workable for the timebeing (I am also investigating the xrandr option suggested by Matthieu). Thanks. So Fn-F7 works in BIOS but not in the OS? Does it work from the CLI (not X)? This would isolate if its an X issue or something else. If it doesn't work from the CLI, then either something in the OS is capturing the Fn-F7 or there's a hardware problem. Just to be on the safe side, I'd get the advanced hardware diagnostics from IBM's web site and run them on the laptop. Doug.
Re: Remote Admin Card - Dell DRAC or HP ILO2 ?
Joe Warren-Meeks wrote: I thought you only needed the license if you used higher resolutions than a basic console. If you are just using text mode on the console, then they work excellently. ILO2 can't do KVM at all without the Advanced license, but I think ssh still works. They also have a lesser license (ILO Select maybe?) that has a smaller set of features for less cost.
Re: FOSDEM 23/24 Feb Brussels
On Fri, Feb 22, 2008 at 4:12 PM, Andri Braselmann [EMAIL PROTECTED] wrote: AND the most signifant part of this country is: The highways used to be illuminated at night with a terrible orange light. We did that such that people in space can locate Belgium. The Chinese have their wall for that.
Re: FOSDEM 23/24 Feb Brussels
On Fri, Feb 22, 2008 at 08:28:15AM -0700, Diana Eichert wrote: On Fri, 22 Feb 2008, Miod Vallat wrote: Real flemish only sounds correct if altitude is close to or (preferrably) below the sea level, though. I hear drinking mass quantities of beer gets you close or below sea level too. __That's__ why I thought people in Belgium spoke Belch and ate Belch chocolate. Now, is a Flemish Cap: a. a distinctive head wear b. a shallow area east of the Grand Banks c. What Belch people call the head on the beer d. all of the above e. none of the above. :) Doug.
Re: FOSDEM 23/24 Feb Brussels
On Fri, Feb 22, 2008 at 12:08:14PM -0500, Douglas A. Tutty wrote: Now, is a Flemish Cap: a. a distinctive head wear b. a shallow area east of the Grand Banks c. What Belch people call the head on the beer d. all of the above e. none of the above. f. A contraceptive shaped like a piece of medieval armour I'll get my coat.. -- joe. He's got an old-school Ipod thing. It's huge. It probably plays tapes.
Re: [OT] beefy steel cases
Hi, Doug. My suggetion is: - start with good, standard but not-so-bulky case; - build a cage around the commercial grade, made from thick sheets of steel; - do lots of small, tiny drills on the external cage, for proper ventilation; - do a couple of larger holes for cables and wires on the back; - put a thermometer sensor inside, with a display on the outside, for proper temparature monitoring, just in case you need more holes; You should end with far better protection than those provided by more expensive devices. The small holes won't let pass much EM energy thru them. The larger ones can be concealed by walls and you may point them to safer areas. They'll be blocked by the cage itself and should cause little to none side effects on areas of interest. You can hire someone or a company to do some bending or soldering if needed. Best regards to you and your wife. On Mon, Feb 11, 2008 at 11:35 PM, Douglas A. Tutty [EMAIL PROTECTED] wrote: On Mon, Feb 11, 2008 at 12:37:59PM -0700, Steve B wrote: I have one of these, http://calpc.com/catalog/mid_tower.html, and its quite beefy. I wonder if you could measure two things for me: 1. The thickness of the steel panels (not of any structural frame). I'm comparing these with norco cases which are made of 1.2 mm steel, so a normal metric ruler and an eyeball would suffice. 2. The size of the vent holes. The mid tower chassis page doesn't have alternate views. The 4U rackmount case has a rear photo. The vents look like brickwork: more vent than metal. The dimensions of the holes and the metal between them is critical. If you could give me the three measurements, again to the nearest 0.2 mm. -- vent-hole lenght: -- vent-hole height: -- metal between vent-holes: Thank you. Doug.
Re: What is our ultimate goal??
On Fri, Feb 22, 2008 at 03:01:40PM +0100, Marc Espie wrote: On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote: SO now do you want FireEngine? Or rather SMPng networking? Or would you like ReallyHyperFastZoomStreamCyberWoosh? Now that you've brought it up, I would really like a ReallyHyperFastZoomStreamCyberWoosh TCP stack. Just make sure it doesn't require 1.2Jigawatts of power and have interesting side effects when it gets to 88mph. But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to OpenBSD would seriously impact performance of OpenBSD on mundane processors. Nonsense, as long as you can plug in some plutonium, things should be fine. Are you tellin' me this sucker is nuclear? -- [EMAIL PROTECTED] SDF Public Access UNIX System - http://sdf.lonestar.org
Re: Remote syslog
syslog-ng + transport mode IPSec (or tunnel, if you have infrastructure on either end). use pf(4) to ensure that only IPSec peers can write. ~BAS On Tue, 2008-02-19 at 21:42 -0700, Steve B wrote: and whether you are doing it over SSH or IPSEC? I have looked at various
Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60
read the man page i810(4): Option MonitorLayout anystr Allow different monitor configurations. e.g. CRT,LFP will configure a CRT on Pipe A and an LFP on Pipe B. Regardless of the primary headsb pipe it is always configured as PIPEA,PIPEB. Additionally you can add different configurations such as CRT+DFP,LFP which would put a digital flat panel and a CRT on pipe A, and a local flat panel on pipe B. For single pipe configurations you can just specify the monitors types on Pipe A, such as CRT+DFP which will enable the CRT and DFP on Pipe A. Valid monitors are CRT, LFP, DFP, TV, CRT2, LFP2, DFP2, TV2 and NONE. NOTE: Some configurations of monitor types may fail, this depends on the Video BIOS and system configuration. Default: Not configured, and will use the current headbs pipe and monitor. On Thu, 2008-02-21 at 15:41 +0530, Amarendra Godbole wrote: I am unable to move the display to a projector or an external monitor on my Thinkpad X60, which is running OpenBSD 4.2-current. Fn-F7 is the keycombination to be used to switch displays, but it does not work. Now, I am not too sure if this is a function of the OS, or Thinkpad's firmware. Search engines turned up nothing. Can someone suggest a way by which I can make use of an external monitor? Any software package to control this? Thanks. -Amarendra
Re: What is our ultimate goal??
Jacob Meuser wrote: Marc Espie wrote: Nonsense, as long as you can plug in some plutonium, things should be fine. Are you tellin' me this sucker is nuclear? ...Mr. Fusion? ;) -Nix Fan.
Re: Cold Boot Attacks on Encryption Keys
My understanding of paging isn't as good as the developers, but I do know that memory isn't organized in an entirely sequential fashion.. Free memory is organized into pages, 4096 byte chucks of memory If my system was shutdown, and someone attempted to recover information from RAM, several obvious obstacles would be: 1) Significant portions of the RAM would be corrupt or in an inconsistent state... 2) Important structures, like the page table could be lost... The key used by... mount_vnd for instance, wouldn't be in a predictable location how would you find it? This is a waste of bandwidth... -Nix Fan.
Re: What is our ultimate goal??
On Fri, Feb 22, 2008 at 07:43:05PM +, Jacob Meuser wrote: On Fri, Feb 22, 2008 at 03:01:40PM +0100, Marc Espie wrote: On Thu, Feb 21, 2008 at 04:18:42PM +0100, Miod Vallat wrote: SO now do you want FireEngine? Or rather SMPng networking? Or would you like ReallyHyperFastZoomStreamCyberWoosh? Now that you've brought it up, I would really like a ReallyHyperFastZoomStreamCyberWoosh TCP stack. Just make sure it doesn't require 1.2Jigawatts of power and have interesting side effects when it gets to 88mph. But ReallyHyperFastZoomStreamCyberWoosh is designed for processors with the HyperVirtualFuzzboxVoodooDoubleStream extension. Porting it to OpenBSD would seriously impact performance of OpenBSD on mundane processors. Nonsense, as long as you can plug in some plutonium, things should be fine. Are you tellin' me this sucker is nuclear? No, just that transactions across it are atomic :) doug.
Re: Cold Boot Attacks on Encryption Keys
Unix Fan escreveu: My understanding of paging isn't as good as the developers, but I do know that memory isn't organized in an entirely sequential fashion.. Free memory is organized into pages, 4096 byte chucks of memory If my system was shutdown, and someone attempted to recover information from RAM, several obvious obstacles would be: 1) Significant portions of the RAM would be corrupt or in an inconsistent state... 2) Important structures, like the page table could be lost... The key used by... mount_vnd for instance, wouldn't be in a predictable location how would you find it? This is a waste of bandwidth... -Nix Fan. I've tested the strings /dev/mem thing on my linux and my truecrypt password was in the line following the command i call to mount it. This isn't one hundred percent sure that always be there, but it was for three times, from cold start (i do not know anymore what is cold start :). So i think that a simple program that dumps the whole memory contents, and a simple strings on that, you can try to find things that make sense for a password. This attack is feasible for laptops. For desktops i wouldn't be that worried. But i'll sleep well tonight. :) My 2 cents, -- Giancarlo Razzolini Linux User 172199 Red Hat Certified Engineer no:804006389722501 Moleque Sem Conteudo Numero #002 Slackware Current OpenBSD Stable Ubuntu 7.04 Feisty Fawn Snike Tecnologia em InformC!tica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: rtorrent + OpenBSD = freeze
As promised, and as my server is up again, here is the dmesg. Now, why is rtorrent freezing the server... not a clue OpenBSD 4.2 (GENERIC.RAID) #1: Sun Jan 6 22:08:19 CET 2008 [EMAIL PROTECTED]:/sys/arch/i386/compile/GENERIC.RAID cpu0: Intel Pentium III (GenuineIntel 686-class) 795 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1073311744 (1023MB) avail mem = 1029783552 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xeca00, SMBIOS rev. 2.3 @ 0xf2000 (41 entries) bios0: vendor Compaq version D05/F05 System ROM date 11/15/2002 bios0: Compaq ProLiant DL320 pcibios0 at bios0: rev 2.1 @ 0xeca00/0x3600 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaca0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000 0xd/0x3400 0xe8000/0x8000! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x05 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x05 pci1 at pchb1 bus 1 pciide0 at pci1 dev 1 function 0 Promise PDC20375 rev 0x02: DMA wd0 at pciide0 channel 0 drive 0: ST380811AS wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 wd1 at pciide0 channel 1 drive 0: ST380811AS wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide0: using irq 3 for native-PCI interrupt siop0 at pci1 dev 2 function 0 Symbios Logic 53c895A rev 0x01: irq 3, using 8K of on-board RAM scsibus0 at siop0: 16 targets fxp0 at pci1 dev 3 function 0 Intel 8255x rev 0x08, i82559: irq 11, address 00:50:8b:e8:56:04 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci1 dev 4 function 0 Intel 8255x rev 0x08, i82559: irq 11, address 00:50:8b:e8:56:05 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 2 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq Netelligent ASMC rev 0x00 at pci0 dev 3 function 0 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x51: polling iic0 at piixpm0 adm1022 at iic0 addr 0x2c not configured iic0: addr 0x2c 13=3a 14=4d 15=02 17=46 18=64 19=00 20=80 26=30 27=1b 2b=7f 2c=80 37=48 38=c9 39=35 3a=c9 3e=41 3f=c9 40=2b 41=10 43=11 44=0c 47=50 4a=01 4c=10 93=3a 94=4d 95=02 97=46 98=64 99=00 a0=80 a6=30 a7=1b ab=7f ac=80 b7=48 b8=c9 b9=35 ba=c9 be=41 bf=c9 c0=2b c1=10 c3=11 c4=0c c7=50 ca=01 cc=10: adm1022 pciide1 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide1 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-ROM CRN-8241B, 2.23 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, DMA mode 2 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: irq 5, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f7ed netmask ffed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present raid0 at root: (RAID Level 1) total number of sectors is 156091648 (76216 MB) as root dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81
Re: What is our ultimate goal??
Nonsense, as long as you can plug in some plutonium, things should be fine. Are you tellin' me this sucker is nuclear? ...Mr. Fusion? ;) Not until there's a Chorus about it. Miod
DHCP client failure with cable modem
Greetings folks. This week I undertook a project to replace my cheapo home broadband router with an old laptop running OpenBSD. Success appeared to have been achieved, but I've run into a snag in the final implementation. I set up the OBSD router (more info below) to perform NAT and serve DHCP and DNS for my LAN. After a ridiculously small amount of tweaking, I got everything working just like I wanted it. Here was the arrangement: (Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable Modem) The cheapo router was still in the loop because I didn't want to disconnect the rest of my LAN before I was ready. Yesterday I decided I was ready. I removed the cheapo router and plugged the OBSD router directly into the modem, there was some rebooting of devices involved, and my desktop could no longer access the internet. A little sleuthing revealed that the router was unable to retrieve an address from the modem. I've done some poking around and searched the list archives. There were a couple of threads with similar issues, but no definitive solutions that I found. There were references to cable modems only wanting to serve one hardware address, but I'm able to use it with either the cheapo router, or with my desktop plugged directly into it (and I verified that the modem saw them as two different hardware addresses... no weird proxying going on in the router). I powered the modem completely down for a few minutes and plugged only the OBSD router into it when I brought it back up, but still no luck. The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE. The dhclient.conf file is the default, which includes send host-name hostname;, the only other helpful suggestion I saw in the list archives. I've tried multiple cables and NICs, to rule out hardware. I checked the dhclient.conf file on the Ubuntu desktop that pulls an address from the modem just fine (which is this one, so I'm sure it really works), and while not identical, it's only configured to send the hostname as well. I've hit dead ends with everything now, and so any further suggestions are quite welcome. More info on the OBSD box: It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just base42, etc42, and man42. The only non-stock program running is isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal). The setup was done primarily by bending the following two guides to my setup: http://www.openbsd.org/faq/pf/example1.html http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php The former is just the sample home router from the PF guide, and the latter addresses DHCP and DNS. Thanks in advance for any suggestions. David Murphy Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
relayd http check connection failures; hoststated operates correctly
hello, perhaps it's something that i'm doing wrong here, or a difference in the way that relayd works compared to hoststated. but here goes.. i'm attempting to get relayd configured to replace my existing hoststated setup, doing layer 7 load balancing of web servers. what's happening is with every http check done, relayd returns a connect failure. in doing a tcpdump i see the session is brought up by relayd to the destination servers, the server responds with a syn/ack, and then a rst is sent by the system running relayd. ... i have a similar hoststated configuration running on the very same system, load balancing the very same hosts. it operates as expected, with the hosts being seen as up and available. i have attached relayd debug log output, my relayd configuration file, as well as hoststated debug and the hoststated config. could someone perhaps shed some light on what i'm doing wrong, if anything? perhaps a bug in the http check/tcp check code? if i could be cc'd on any replies, i'd appreciate it. i'm not currently subscribed to [EMAIL PROTECTED] cheers, -ben startup init_filter: filter init done tcp_write: connect timed out relay_privinit: adding relay www init_tables: created 0 tables hce_notify_done: aa.bb.cc.209 (tcp_write: connect failed) protocol 0: name http host aa.bb.cc.209, check http code (3ms), state unknown - down, availability 0.00% flags: 0x0004 tcp_write: connect timed out type: hce_notify_done: aa.bb.cc.211 (tcp_write: connect failed) http host aa.bb.cc.211, check http code (4ms), state unknown - down, availability 0.00% pfe_dispatch_imsg: state -1 for host 3 aa.bb.cc.209 request pfe_dispatch_imsg: state -1 for host 2 aa.bb.cc.211 append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By request append $REMOTE_ADDR to X-Forwarded-For relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 adding 2 hosts from table webhosts:80 adding 2 hosts from table webhosts:80 adding 2 hosts from table webhosts:80 adding 2 hosts from table webhosts:80 adding 2 hosts from table webhosts:80 relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www tcp_write: connect timed out hce_notify_done: aa.bb.cc.209 (tcp_write: connect failed) tcp_write: connect timed out hce_notify_done: aa.bb.cc.211 (tcp_write: connect failed) ^Chost check engine exiting kill_tables: deleted 0 tables flush_rulesets: flushed rules pf update engine exiting socket relay engine exiting socket relay engine exiting terminating [EMAIL PROTECTED] socket relay engine exiting socket relay engine exiting socket relay engine exiting startup decremented the demote state of group 'carp' init_filter: filter init done relay_privinit: adding relay www init_tables: created 0 tables protocol 0: name http flags: 0x0004 type: http request append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By request append $REMOTE_ADDR to X-Forwarded-For relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 relay_init: max open files 1024 adding 2 hosts from table http_hosts adding 2 hosts from table http_hosts adding 2 hosts from table http_hosts adding 2 hosts from table http_hosts adding 2 hosts from table http_hosts relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www relay_launch: running relay www hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded) host aa.bb.cc.209, check http code (115ms), state unknown - up, availability 100.00% pfe_dispatch_imsg: state 1 for host 1 aa.bb.cc.209 hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded) host aa.bb.cc.209, check http code (116ms), state unknown - up, availability 100.00% pfe_dispatch_imsg: state 1 for host 0 aa.bb.cc.209 hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded) hce_notify_done: aa.bb.cc.209 (tcp_read_buf: check succeeded) ^Chost check engine exiting kill_tables: deleted 0 tables flush_rulesets: flushed rules pf update engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting socket relay engine exiting incremented the demote state of group 'carp' terminating socket relay engine exiting ext_addr=10.10.10.52 webhost1=aa.bb.cc.209 webhost2=aa.bb.cc.209 timeout 800 prefork 5 log updates demote carp table http_hosts { real port http check http / host www.mysite.com code 200 host $webhost1 retry 2 host $webhost2 retry 2 } protocol http { protocol http header append $REMOTE_ADDR to X-Forwarded-For header append $SERVER_ADDR:$SERVER_PORT to X-Forwarded-By # Various TCP performance options tcp { nodelay, sack, socket
Re: relayd http check connection failures; hoststated operates correctly
forgot to include system details.. this is: kern.version=OpenBSD 4.3-beta (GENERIC) #661: Thu Feb 21 15:39:36 MST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC -ben
Re: DHCP client failure with cable modem
On Fri, Feb 22, 2008 at 6:11 PM, David Murphy [EMAIL PROTECTED] wrote: Greetings folks. This week I undertook a project to replace my cheapo home broadband router with an old laptop running OpenBSD. Success appeared to have been achieved, but I've run into a snag in the final implementation. I set up the OBSD router (more info below) to perform NAT and serve DHCP and DNS for my LAN. After a ridiculously small amount of tweaking, I got everything working just like I wanted it. Here was the arrangement: (Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable Modem) The cheapo router was still in the loop because I didn't want to disconnect the rest of my LAN before I was ready. Yesterday I decided I was ready. I removed the cheapo router and plugged the OBSD router directly into the modem, there was some rebooting of devices involved, and my desktop could no longer access the internet. A little sleuthing revealed that the router was unable to retrieve an address from the modem. I've done some poking around and searched the list archives. There were a couple of threads with similar issues, but no definitive solutions that I found. There were references to cable modems only wanting to serve one hardware address, but I'm able to use it with either the cheapo router, or with my desktop plugged directly into it (and I verified that the modem saw them as two different hardware addresses... no weird proxying going on in the router). I powered the modem completely down for a few minutes and plugged only the OBSD router into it when I brought it back up, but still no luck. The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE. The dhclient.conf file is the default, which includes send host-name hostname;, the only other helpful suggestion I saw in the list archives. I've tried multiple cables and NICs, to rule out hardware. I checked the dhclient.conf file on the Ubuntu desktop that pulls an address from the modem just fine (which is this one, so I'm sure it really works), and while not identical, it's only configured to send the hostname as well. I've hit dead ends with everything now, and so any further suggestions are quite welcome. More info on the OBSD box: It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just base42, etc42, and man42. The only non-stock program running is isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal). The setup was done primarily by bending the following two guides to my setup: http://www.openbsd.org/faq/pf/example1.html http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php The former is just the sample home router from the PF guide, and the latter addresses DHCP and DNS. Thanks in advance for any suggestions. David Murphy Firstly, post something that might help someone troubleshoot your problems. Something like a dmesg and any errors that dhclient is producing. Disable everything until you can get dhclient to work. Are you blocking dhcp packets with pf? Is your local dynamic DNS service screwing with your upstream DHCP? Maybe try unplugging your cable modem for a bit, sometimes they get picky about how many MAC addresses they'll give IPs to. --david
LinuxWorld Expo UK 2008
Hi, I see on the events page on openbsd.org, there is a uk conference in london which has question marks against it. If we are considering presence here, I am willing to attend if we can gather a small group of OpenBSD people there. Is Wim going? I know there is atleast one developer in the UK. http://openbsd.org/events.html -- Best Regards Edd http://students.dec.bmth.ac.uk/ebarrett
Dynamic Routing - BGP + OSPF
I'm trying to implement full dynamic routing with eBGP + Full Mesh iBGP + OSPF in my current network and am having some issues. I have a 2 routers + 2 firewall setup with no default routes on any nodes. The 2 routers are plugged into the upstream provider and are both receiving full routes in addition to a default from the provider. The 2 firewalls have a carp address internally only for the servers and are speaking iBGP + OSPF with all other nodes. I noticed that the two firewalls do not forward there iBGP learned routes to one another. Is this intended/expected behavior? Shouldn't they each see the iBGP view from each other since i have the announce all directive? I must have something set up wrong or maybe I am asking the wrong questions? Maybe I should describe my problem My problem is if unplug the external link of the firewall. Outgoing traffic still hits the Master Carp device since I have no corresponding carp device on the outside to force preemption if the external link goes down. But because iBGP connections to the routers are severed and and all associated routes, including the default are lost, I essentially blackhole outbound traffic.(As inbound traffic is forwarded to the secondary firewall due to the OSPF routes). And I had a redistribute default configured in ospfd.conf on the routers, however I had problems with this setup as well when I unplugged the external link on the firewall but this could have been due to my pf configuration on the firewalls. Should I re-investigate this scenario? Also how how quickly should traffic be rerouted with OSPF if a link dies? Is this dependent on the number of routes learned from eBGP? I've noticed varying time frames when experimenting unplugging different links. Anywhere from a few seconds to a few minutes? I'm not sure what is typical? Thanks.
Re: DHCP client failure with cable modem
David Higgs wrote: On Fri, Feb 22, 2008 at 6:11 PM, David Murphy [EMAIL PROTECTED] wrote: Greetings folks. This week I undertook a project to replace my cheapo home broadband router with an old laptop running OpenBSD. Success appeared to have been achieved, but I've run into a snag in the final implementation. I set up the OBSD router (more info below) to perform NAT and serve DHCP and DNS for my LAN. After a ridiculously small amount of tweaking, I got everything working just like I wanted it. Here was the arrangement: (Test hosts) - (Switch) - (OBSD router) - (Cheapo router) - (Cable Modem) The cheapo router was still in the loop because I didn't want to disconnect the rest of my LAN before I was ready. Yesterday I decided I was ready. I removed the cheapo router and plugged the OBSD router directly into the modem, there was some rebooting of devices involved, and my desktop could no longer access the internet. A little sleuthing revealed that the router was unable to retrieve an address from the modem. I've done some poking around and searched the list archives. There were a couple of threads with similar issues, but no definitive solutions that I found. There were references to cable modems only wanting to serve one hardware address, but I'm able to use it with either the cheapo router, or with my desktop plugged directly into it (and I verified that the modem saw them as two different hardware addresses... no weird proxying going on in the router). I powered the modem completely down for a few minutes and plugged only the OBSD router into it when I brought it back up, but still no luck. The hostname.ep1 file for that interface is a simple dhcp NONE NONE NONE. The dhclient.conf file is the default, which includes send host-name hostname;, the only other helpful suggestion I saw in the list archives. I've tried multiple cables and NICs, to rule out hardware. I checked the dhclient.conf file on the Ubuntu desktop that pulls an address from the modem just fine (which is this one, so I'm sure it really works), and while not identical, it's only configured to send the hostname as well. I've hit dead ends with everything now, and so any further suggestions are quite welcome. More info on the OBSD box: It's an old Toshiba Satellite 330CDS. I installed OBSD 4.2 with just base42, etc42, and man42. The only non-stock program running is isc-dhcp-server-3.0.4p0.tgz, which I installed in order to get dynamic DNS going. The laptop has two PCMCIA NICs, ep1 (external) and ne3 (internal). The setup was done primarily by bending the following two guides to my setup: http://www.openbsd.org/faq/pf/example1.html http://www.bsdguides.org/guides/openbsd/networking/dynamic_dns_dhcp.php The former is just the sample home router from the PF guide, and the latter addresses DHCP and DNS. Thanks in advance for any suggestions. David Murphy Firstly, post something that might help someone troubleshoot your problems. Something like a dmesg and any errors that dhclient is producing. Disable everything until you can get dhclient to work. Are you blocking dhcp packets with pf? Is your local dynamic DNS service screwing with your upstream DHCP? Maybe try unplugging your cable modem for a bit, sometimes they get picky about how many MAC addresses they'll give IPs to. --david Forgive me but I will ask a very stupid question. Did you use a cross over cable when you connected the OpenBSD box to switch. Your switch should also have a button for one of its LAN plugs so that when you use regular CAT 5 cable it reverse the stream so that you do not need to buy cross over cable. If the hardware set up is OK you will really need to give much more info about the network and OpenBSD box in particular so that people can trouble shut. Best, Predrag
Re: LinuxWorld Expo UK 2008
On Sat, Feb 23, 2008 at 01:04:43AM +, Edd Barrett wrote: Hi, I see on the events page on openbsd.org, there is a uk conference in london which has question marks against it. If we are considering presence here, I am willing to attend if we can gather a small group of OpenBSD people there. Is Wim going? I know there is atleast one developer in the UK. I can think of four of us near london, plus there's two more I can think of. I may be convinced to turn up. -- According to Kentucky state law, every person must take a bath at least once a year.
Re: DHCP client failure with cable modem
--- Chris Kuethe [EMAIL PROTECTED] wrote: I've seen cases where you can only have one client ethernet address on your cable modem, and you need to reset everything and give your old mac address a chance to time out. you might want to: a) change the external address of your openbsd machine to that of your old cheapo router, or b) power off your cable modem for half an hour and retry, or c) call tech support and get them to reset your cable modem. As stated I've demonstrated that the modem is happy to work with either the cheapo router or directly with my desktop, and I verified that it sees them with separate hardware addresses. So it's not hung up on one in particular. I've brought the modem down for a few minutes, but I could give it a longer test. --- David Higgs [EMAIL PROTECTED] wrote: Firstly, post something that might help someone troubleshoot your problems. Something like a dmesg and any errors that dhclient is producing. Yeah, I wasn't very specific about that, was I? When I watch it try to grab an address as it boots, it simply tries DHCPREQUEST for a bit (asking for the address it had when it was plugged into the cheapo router), then switches to DHCPDISCOVER. After a bunch of those, it says No DHCPOFFERS received., and sets itself up with the last address it had from the cheapo router. I've also done sh /etc/netstart ep1 after boot, with the same effect. The very last time I tried it, there was one difference I hadn't seen before: after the first DHCPREQUEST, it received a DHCPNAK from an address that appears to be upstream in the ISP's framework. Still no response to the DHCPDISCOVERs, though. dmesg doesn't show anything interesting. Disable everything until you can get dhclient to work. Are you blocking dhcp packets with pf? Is your local dynamic DNS service screwing with your upstream DHCP? This setup works just fine when I insert the cheapo router between the modem and the OBSD router, so pf isn't doing any funny-business. There's some difference between the router's DHCP and the modem's DHCP that I can't figure out, and that my desktop machine doesn't notice. Maybe try unplugging your cable modem for a bit, sometimes they get picky about how many MAC addresses they'll give IPs to. Alright, I'll unplug it overnight and we'll see what happens in the morning. Thanks for the responses. David Murphy PS: another piece of info I left out is that my modem is a Motorola Surfboard SB5120, and my cable ISP is Charter. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
You just recieved an electronic card! Thanks!
Hi, You just recieved an electronic card! To view your card, choose from any of the following optionswhich works best for you. Method 1 Just click on the following Internet address (if that doesn't work foryou, copy paste the address onto your browser's address box.) http://cards.greetingsnecards.com/cgi-bin/cards/showcard.pl?cardnum=ZBM80616180922460log=greetingsnecards Method 2 Copy paste your card number in the view card box athttp://www.greetingsnecards.com Your card number isZBM80616180922460 (For your convenience, the greeting card will be available for the next30 days) Webmaster,http://www.greetingsnecards.com
Re: DHCP client failure with cable modem
On Feb 22, 2008, at 5:32 PM, David Murphy wrote: PS: another piece of info I left out is that my modem is a Motorola Surfboard SB5120, and my cable ISP is Charter. Does charter require PPPoE?
Re: DHCP client failure with cable modem
On Fri, Feb 22, 2008 at 8:32 PM, David Murphy [EMAIL PROTECTED] wrote: As stated I've demonstrated that the modem is happy to work with either the cheapo router or directly with my desktop, and I verified that it sees them with separate hardware addresses. So it's not hung up on one in particular. The real questions is what happens when your openbsd box is attached to the cheapo router - does it pull an address from the cheapo router? If it does, then then issue is upstream. If it doesn't, then it is your openbsd box. -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation. Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted. -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0feature=related
Re: PCI Gigabit card suggestion?
The em's have the advantage that the driver enables and uses hard-level tcp/udp check-sum offloading. This does help on mid- to heavy loading. /S -Original Message- From: michael enoma aghayere [EMAIL PROTECTED] To: Sunnz [EMAIL PROTECTED] Cc: misc@openbsd.org Subject: Re: PCI Gigabit card suggestion? Date: Fri, 22 Feb 2008 14:09:26 + Delivered-To: [EMAIL PROTECTED] On 22/02/2008, Sunnz [EMAIL PROTECTED] wrote: Just to clarify, I am gotta to buy a new Gigabit PCI Card, so I was wondering which brand/model are best supported by OpenBSD... in terms of documentaion by the vendor and performance by the device. Thanks. For something cheap and cheerful, but also supported, i'd go for a D-Link DGE-528T. Was looking them up on the web yesterday.
Re: DHCP client failure with cable modem
--- johan beisser [EMAIL PROTECTED] wrote: On Feb 22, 2008, at 5:32 PM, David Murphy wrote: PS: another piece of info I left out is that my modem is a Motorola Surfboard SB5120, and my cable ISP is Charter. Does charter require PPPoE? No. I don't recall having to do any PPPoE setup when I initially set up the cheapo router, and I definitely didn't do anything like that with my desktop when I plugged it in. --- Predrag Punosevac [EMAIL PROTECTED] wrote: Forgive me but I will ask a very stupid question. Did you use a cross over cable when you connected the OpenBSD box to switch. Your switch should also have a button for one of its LAN plugs so that when you use regular CAT 5 cable it reverse the stream so that you do not need to buy cross over cable. No, no crossover cables were used. The problem isn't on the switch side, though... the switch is on the internal side of the router, which is working fine. The problem is between the router's external interface and the modem. If the hardware set up is OK you will really need to give much more info about the network and OpenBSD box in particular so that people can trouble shut. I'd be happy to provide any information requested. I'm quite new to *BSD, but I'm pretty well-versed in Linux, so tell me what you need, and I'll find it. If you need more information about the box than what I gave at the end of my first post, let me know. Thanks... David Murphy Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: DHCP client failure with cable modem
On Feb 22, 2008, at 8:19 PM, David Murphy wrote: I'd be happy to provide any information requested. I'm quite new to *BSD, but I'm pretty well-versed in Linux, so tell me what you need, and I'll find it. If you need more information about the box than what I gave at the end of my first post, let me know. Ok. When you initially plug in the modem side interface, what does it see? Do a basic tcpdump, and watch the traffic for the dhcp assignment. Secondly, could you forward your pf.conf?
Re: DHCP client failure with cable modem
--- johan beisser [EMAIL PROTECTED] wrote: Ok. When you initially plug in the modem side interface, what does it see? Do a basic tcpdump, and watch the traffic for the dhcp assignment. Secondly, could you forward your pf.conf? Well now I'm *really* baffled. I read the manpage for tcpdump, got all set to capture the interface when I plugged in and when I did a netstart... and the darn thing just decided to work. I made no changes to the setup since my last set of failed attempts, and I didn't do anything I haven't tried twice already. ...? Ugh. I've definitely looked at this enough tonight, but tomorrow I'm gonna do some powerdowns and powerups and see if there's any sort of consistency now. Thanks for talking me through it anyway, folks. David Murphy Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
ThinkPad : X freezes on exit...
Hi, I've got a ThinkPad R61i (dmesg at the bottom of mail). I configured X using 'X -configure', it showed a nice 1024x768 X startup screen, but when I did 'Ctrl+Alt+Backspace' to get back to my console X just froze. The only way to get out was to do a hard reboot. Is there anyway to solve this problem? === dmesg below === OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz (GenuineIntel 686-class) 1.47 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR real mem = 526667776 (502MB) avail mem = 501596160 (478MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/28/07, BIOS32 rev. 0 @ 0xfdca0, SMBIOS rev. 2.4 @ 0xe0010 (71 entries) bios0: vendor LENOVO version 7OET24WW (1.03 ) date 06/28/2007 bios0: LENOVO 8932A32 pcibios0 at bios0: rev 3.0 @ 0xfdc30/0x3d0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/304 (17 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 17 Interrupt Routing table entries pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #22 is the last bus bios0: ROM list: 0xc/0x1! 0xd/0x1a00 0xd1a00/0x1000 0xe/0x1! acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2b06000613 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 800 MHz (1004 mV): speeds: 1467, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82965GM MCH rev 0x0c vga1 at pci0 dev 2 function 0 Intel 82965GM Video rev 0x0c: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82965GM Video rev 0x0c at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: irq 11 uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: irq 11 ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: irq 11 ehci0: timed out waiting for BIOS usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: irq 11 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Conexant/0x5045 (rev. 1.0), HDA version 1.0 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03 pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03 pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: irq 11, MoW1, address 00:1c:bf:2c:fd:aa ppb2 at pci0 dev 28 function 2 Intel 82801H PCIE rev 0x03 pci3 at ppb2 bus 4 bge0 at pci3 dev 0 function 0 Broadcom BCM5787M rev 0x02, BCM5754/5787 A2 (0xb002): irq 11, address 00:1a:6b:d4:c9:0e brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0 ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03 pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03 pci5 at ppb4 bus 13 uhci2 at pci0 dev 29 function 0 Intel 82801H USB rev 0x03: irq 10 uhci3 at pci0 dev 29 function 1 Intel 82801H USB rev 0x03: irq 11 uhci4 at pci0 dev 29 function 2 Intel 82801H USB rev 0x03: irq 11 ehci1 at pci0 dev 29 function 7 Intel 82801H USB rev 0x03: irq 11 ehci1: timed out waiting for BIOS usb1 at ehci1: USB revision 2.0 uhub1 at usb1: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xf3 pci6 at ppb5 bus 21 cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: irq 10 Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: irq 11 sdmmc0 at sdhc0 Ricoh 5C843 rev 0x11 at pci6 dev 0 function 3 not configured Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not configured Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801HBM LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 Intel 82801HBM IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-T20N, WX05 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ahci0 at pci0 dev 31 function 2 Intel 82801HBM SATA rev 0x03: irq 10, AHCI 1.1 scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: ATA, HITACHI HTS54168, SB2I SCSI2 0/direct fixed sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total ichiic0 at pci0 dev 31 function 3 Intel 82801H SMBus
Re: ThinkPad : X freezes on exit...
On 23/02/2008, at 8:29 PM, Mayuresh Kathe wrote: Hi, I've got a ThinkPad R61i (dmesg at the bottom of mail). I configured X using 'X -configure', it showed a nice 1024x768 X startup screen, but when I did 'Ctrl+Alt+Backspace' to get back to my console X just froze. The only way to get out was to do a hard reboot. Is there anyway to solve this problem? Did you try Ctrl-Alt-F1?