Re: Dummy question about .htaccess

[Lars Noodén]

Tom Rosso wrote:
 You may also consider moving the passwd file out of htdocs.  I believe
 this is a security hazard.  Mine is in /var/www/etc.

Basically it should be anywhere except any web-accessible directory.

However, HTTP Basic Authentication is worse than basic FTP.  The
password and username get sent unencrypted for each request.

I see that mod_auth_kerberos is part of the packages available for OpenBSD:
http://www.openbsd.org/4.3_packages/i386/mod_auth_kerb-5.3p1.tgz-long.html

Would combining that with SSL/TLS be what is most recommended here for
serving sensitive data over the web?

Regards
-Lars

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Neko]

IF YOU took time to read PROPERLY Jonathan,

the drivers WORKS, BUT ONLY FOR ONE NATIVE ENTRY in the disklabel.

but like I WROTE, i structured my bsd system in more THAN ONE native

bsd entry ie /usr/local ... IS ON wd0e

if i load wd0e  i get the proper size, but what's ls on my screen

IS THE MAIN ROOT.


so get back to your project , ill get back to subsidaries who actually cares 
about openbsd full market deployment overlordship.


enjoy, 

neko 


--- On Mon, 10/27/08, Jonathan Schleifer [EMAIL PROTECTED] wrote:

 From: Jonathan Schleifer [EMAIL PROTECTED]
 Subject: Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?
 To: Aram HAVARNEANU [EMAIL PROTECTED]
 Cc: misc@openbsd.org
 Date: Monday, October 27, 2008, 6:29 AM
 Am 27.10.2008 um 10:49 schrieb Aram HAVARNEANU:
 
  I have been using it extensively for several years
 (since it first
  appeared) on about ~10 systems and never had a single
 problem
  with it. Is your bug reproducible? Did you fill a bug
 report?
 
 It was reproducable, as it seemed to always happen when an
 application  
 tried to write to it. Some directories would get unreadble
 in Windows  
 then and when booting back to Linux, the FS was always
 unclean and  
 e2fsck tried to fix it with the beforementioned result.
 
 I did not report it as the driver seemed to be already dead
 at that  
 time. The driver still doesn't run on Vista, but the
 ext2fsd driver  
 does, so I think fs-driver.org can be considered obsoleted
 by ext2fsd  
 - which has its own, different problems (at least no data
 loss), but  
 supports UTF-8 encoded filenames.
 
 --
 Jonathan
 
 [demime 1.01d removed an attachment of type
 application/pgp-signature which had a name of PGP.sig]

change serial console to display

[ico]

Hello gents,

I did configure my old box with serial console probably 2 y ago.
Now I'd like to get it back to normal. I don't have null modem cable
available.
What needs to be changed?

I already tried without success:

echo   /etc/boot.conf
or 
set tty pc0 

but I'm still not able to get login on display.

Any suggestions?

-- 
   ico

Re: change serial console to display

[Lars Noodén]

ico wrote:
 echo   /etc/boot.conf

Remember also /etc/ttys
http://www.openbsd.org/faq/faq7.html#SerCon

Regards,
-Lars

NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?

[Neko]

 WO obviously you read what you want to read,
 
 i have being using openbsd since 2.6 and contributing, so 
 please read before posting. 
 
 ihave being wanted this request since 3.7. 
 
 nothing has being done, allthou a project like backtrack,
 released it
 in their first month of deployment.
 
 a computer is a lock , code is the key, and for some reason
 your saying
 some keys shouldnt be used but are used.
 
 you getting digital dusted here, im suggesting and your
 flaming back to either get the f out or got to microsoft
 
 
 YOU HAVE SERIOUS TROLLING ISSUES
 
 
 thanks for everything 
 leaveing you for tech for good
 
 I KNEW BUT NOW I KNOW WHY THEO NEVER READS MISC 
 
 
 --- On Mon, 10/27/08, J.C. Roberts
 [EMAIL PROTECTED] wrote:
 
  From: J.C. Roberts [EMAIL PROTECTED]
  Subject: Re: NTFS-3G Stable Read/Write Driver  ready
 to merge on cvs obsd ?
  To: [EMAIL PROTECTED]
  Cc: misc@openbsd.org
  Date: Monday, October 27, 2008, 3:40 AM
  On Sunday 26 October 2008, Neko wrote:
   its shows that some poor trolls here dont own
  ultraportables with no
   external drives, and use more than one os
 alternative.
  
   i pass data from bsd to fat 32 so in m$ its then
 copy
  onto ntfs,
   i have 1 disk - 8 os,
  
   nothing is being done , but more and more
  ultraportables sells,
  
  
   yes it could be resolv into using an ext2
 partition
  instead, but that
   is not resolving a problem its going around it
  covering eyes and
   ears.
  
   my stuff works, its just a pain , and ffs driver
 in
  windooz cant
   read more than one disklabel.  bsd suggest using
 more
  than one
   partition, in that problem , one is the solution,
 
  next time i wont
   RTFM, and do as i see fit because their more
 opinions
  than guidlines.
  
   now as for backwards bsd. why does freebsd write
 to
  ntfs? why does
   osx write to ntfs..  seems to me that is more
 some
  obstination done
   not to support it.
  
  
   shure im doing it wrong , because nothing is
 being
  done.
  
   but shure a color-ls.pkg is more important if you
 ask
  me, SARCASTIC
  
   neko
  
  neko,
  
  Your impolite off list response to me was one thing,
 but
  publicly
  calling Ted Unangst a troll is pure stupidity. Ted is
 one
  of the people
  kind enough to give you OpenBSD.
  
  The only good thing about you being stupid enough to
 put 8
  operating
  systems on one disk is the people on this mailing list
 have
  an 87.5%
  chance you'll decide to use some other OS,
 uninstall
  OpenBSD,
  unsubscribe from misc@, and your pointless bitching
 will
  end.
  
  You and everyone else dumb enough to run the
 read/write
  NTFS code
  offered by ntfs-g3.org or similar are only one
  Windows Update away
  from corrupting all your data. The NTFS file system is
  intentionally
  undocumented, so Microsoft can, and will, change their
  internal NTFS
  specification whenever they want. This means your
 misguided
  use of the
  ntfs-g3.org code can start destroying your NTFS data
  whenever Microsoft
  decides they want your data destroyed.
  
  Microsoft very intentionally tries to make sure their
  products are
  undocumented and incompatible for two reasons; (1) it
  allows Microsoft
  to lock-in the end users, and (2) some end users and
 some
  free software
  developers are dumb enough to burn up all their time
 and
  resources
  attempting to attain and maintain compatibility with
  Microsoft's ever
  changing undocumented crap.
  
  There really are people in the world smart enough to
 avoid
  wasting their
  time with intentionally undocumented and incompatible
 crap
  from vendors
  like Microsoft. You are obviously not one of them. You
 are
  not even
  smart enough to understand the real problems caused by
  running a sad
  hack to access an undocumented file system that the
 vendor
  can change
  at any moment. Worse yet, you're dumb enough to
 bitch
  and complain
  because OpenBSD is smart enough to prevent you from
  shooting yourself
  in the foot with unreliable file system code.
  
  The best thing you can do is uninstall OpenBSD,
 unsubscribe
  from misc@,
  and continue down your ignorant path to eventual data
  destruction using
  one of the seven other operating systems you currently
 have
  installed.
  
  -JCR

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Jonathan Schleifer]

Am 28.10.2008 um 08:49 schrieb Neko:

 IF YOU took time to read PROPERLY Jonathan,

1.) Top posting is evil.
2.) Stop using caps all the time.
3.) I wasn't replying to your post. You are not the only person
discussing on this list.
4.) If YOU took the time to read PROPERLY Neko, to which post it was a
reply

 the drivers WORKS, BUT ONLY FOR ONE NATIVE ENTRY in the disklabel.

I was not talking about the disklabel at all

 but like I WROTE, i structured my bsd system in more THAN ONE native

Honestly? I don't care. I was replying to the post about fs-driver.org.

 so get back to your project , ill get back to subsidaries who
 actually cares about openbsd full market deployment overlordship.

Please, troll somewhere else. No, you won't get any fish here.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: change serial console to display

[Girish Venkatachalam]

On 08:49:13 Oct 28, ico wrote:
 Hello gents,
 
 I did configure my old box with serial console probably 2 y ago.
 Now I'd like to get it back to normal. I don't have null modem cable
 available.
 What needs to be changed?
 
 I already tried without success:
 
 echo   /etc/boot.conf
 or 
 set tty pc0 
 
 but I'm still not able to get login on display.
 
 Any suggestions?
 

Your /etc/ttys should have the line:

tty00   /usr/libexec/getty std.9600   vt100   on  secure


-Girish

Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?

[Jonathan Schleifer]

Am 28.10.2008 um 08:33 schrieb Neko:

 WO obviously you read what you want to read,

Same for you.

 i have being using openbsd since 2.6 and contributing, so
 please read before posting.

If you have been contributing

 ihave being wanted this request since 3.7.

 then why do you cry instead of implementing it yourself?

 nothing has being done, allthou a project like backtrack,
 released it
 in their first month of deployment.

Implement it yourself or STFU, that's how OpenSource works.

 you getting digital dusted here, im suggesting and your
 flaming back to either get the f out or got to microsoft

I (and I think may others) suggest you just leave this list and troll
somewhere else.

 YOU HAVE SERIOUS TROLLING ISSUES

Uhm, am I the only one finding huge amounts of irony here?

 I KNEW BUT NOW I KNOW WHY THEO NEVER READS MISC

He does read misc, you can even find postings from him here

PS: Creating a new thread doesn't give you more credibility, it does
the opposite

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: change serial console to display

[Julian Leyh]

ico schrieb:

Hello gents,

I did configure my old box with serial console probably 2 y ago.
Now I'd like to get it back to normal. I don't have null modem cable
available.
What needs to be changed?

I already tried without success:

echo   /etc/boot.conf
or 
set tty pc0 


but I'm still not able to get login on display.

Any suggestions?




Did you try to switch to a different console? like ctrl-alt-f2?

Re: PostgreSQL Problems

[Bojidara Marinchovska]

Simon Connah wrote:
Sorry if this is the wrong list, I debated whether to post it to ports 
but as it is not a problem with the port itself and is more a user 
problem (i.e I'm being stupid :)) I thought misc was probably more 
appropriate.


Anyway I've been trying to get PostgreSQL setup on my 4.3 box and I'm 
not having much luck at all. I've followed the instructions in 
README.OpenBSD but I think I am missing something very simple here. 
Any help would be greatly appreciated.


Thank you.

It would probably be easier to post a log of all the steps I have 
taken so here it is:


[Sun Oct 26 16:20:48 [EMAIL PROTECTED]:~]sudo su -
[Sun Oct 26 16:20:52 [EMAIL PROTECTED]:~]passwd _postgresql
Changing local password for _postgresql.
New password:
Retype new password:
[Sun Oct 26 16:21:12 [EMAIL PROTECTED]:~]logout
[Sun Oct 26 16:21:16 [EMAIL PROTECTED]:~]su - _postgresql
Password:
$ mkdir /var/postgresql/data
$ initdb -D /var/postgresql/data -U postgres -A md5 -W
The files belonging to this database system will be owned by user 
_postgresql.

This user must also own the server process.

The database cluster will be initialized with locale C.

fixing permissions on existing directory /var/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 10
selecting default shared_buffers/max_fsm_pages ... 400kB/2
creating configuration files ... ok
creating template1 database in /var/postgresql/data/base/1 ... FATAL: 
could not create shared memory segment: Cannot allocate memory

DETAIL: Failed system call was shmget(key=1, size=1646592, 03600).
HINT: This error usually means that PostgreSQL's request for a shared 
memory segment exceeded available memory or swap space. To reduce the 
request size (currently 1646592 bytes), reduce PostgreSQL's 
shared_buffers parameter (currently 50) and/or its max_connections 
parameter (currently 10).
The PostgreSQL documentation contains more information about shared 
memory configuration.

child process exited with exit code 1
initdb: removing contents of data directory /var/postgresql/data
Also have a look in docs about shared memory allocation  : 
http://developer.postgresql.org/pgdocs/postgres/kernel-resources.html



$ logout
sh: logout: not found
$ exit
[Sun Oct 26 16:23:32 [EMAIL PROTECTED]:~]sudo shutdown -r now
Shutdown NOW!
shutdown: [pid 30708]
[Sun Oct 26 16:23:44 [EMAIL PROTECTED]:~]
*** FINAL System shutdown message from [EMAIL PROTECTED] ***
System going down IMMEDIATELY



System shutdown time has arrived
Connection to 192.168.1.15 closed by remote host.
Connection to 192.168.1.15 closed.
typhoon:~ simon$ ssh [EMAIL PROTECTED]
ssh: connect to host 192.168.1.15 port 22: Connection refused
typhoon:~ simon$ ssh [EMAIL PROTECTED]
[EMAIL PROTECTED]'s password:
Last login: Sun Oct 26 16:22:14 2008 from typhoon.local
OpenBSD 4.3 (GENERIC) #2: Wed Oct 22 22:43:28 BST 2008

Welcome to OpenBSD: The proactively secure Unix-like operating system.

Please use the sendbug(1) utility to report bugs in the system.
Before reporting a bug, please try to reproduce it with the latest
version of the code. With bug reports, please try to ensure that
enough information to reproduce the problem is enclosed, and if a
known fix for it exists, include that as well.

[Sun Oct 26 16:25:14 [EMAIL PROTECTED]:~]top
[Sun Oct 26 16:25:36 [EMAIL PROTECTED]:~]su - _postgresql
Password:
$ initdb -D /var/postgresql/data -U postgres -A md5 -W
The files belonging to this database system will be owned by user 
_postgresql.

This user must also own the server process.

The database cluster will be initialized with locale C.

fixing permissions on existing directory /var/postgresql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 40
selecting default shared_buffers/max_fsm_pages ... 28MB/179200
creating configuration files ... ok
creating template1 database in /var/postgresql/data/base/1 ... ok
initializing pg_authid ... ok
Enter new superuser password:
Enter it again:
setting password ... ok
initializing dependencies ... ok
creating system views ... ok
loading system objects' descriptions ... ok
creating conversions ... ok
setting privileges on built-in objects ... ok
creating information schema ... ok
vacuuming database template1 ... ok
copying template1 to template0 ... ok
copying template1 to postgres ... ok

Success. You can now start the database server using:

postgres -D /var/postgresql/data
or
pg_ctl -D /var/postgresql/data -l logfile start

$ pg_ctl -D /var/postgresql/data -l logfile start
server starting
$ createuser simon
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) y
Shall the new role be allowed to create more new roles? (y/n) y
Password:
createuser: could not connect to database postgres: FATAL: password 
authentication failed for user _postgresql

$ createuser simon
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) 

Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?

[Ross Cameron]

On Tue, Oct 28, 2008 at 9:33 AM, Neko [EMAIL PROTECTED] wrote:

  WO obviously you read what you want to read,

  i have being using openbsd since 2.6 and contributing, so
  please read before posting.


What did you contribute?
Code and commentary (wish lists) are NOT the same thing.


 ihave being wanted this request since 3.7.


 Have you tried to hack in FreeBSD's FUSE and NTFS-3G yourself?
If you have what errors are you having? People are more likely to help
if you're showing some efforts yourself.

/*
As a matter of curiosity why in the name of all that is good in the
universe are you interested in using NTFS anyways?
It is by NO means a common denominator when it comest to the varied
scope of OSs available on the planet.
*/

nothing has being done, allthou a project like backtrack,
  released it in their first month of deployment.


Uhm Backtrack is a GNU/Linux system, implementing FUSE/NTFS-3G on it is a
doddle 'cause uhm oh yes the code was originally written on that tool chain.


 a computer is a lock , code is the key, and for some reason
  your saying some keys shouldnt be used but are used.


Some projects take licensing very seriously for a good reason, they have a
moral/philosophical reason for not including GPL code in OpenBSD-base. One
of the reason's that for some of my projects I choose OpenBSD is this moral
stand point.
Other's are less strict about this, I stand corrected but I think that
FreeBSD is more lax about this (only until a suitable replacement code piece
is found).


 you getting digital dusted here, im suggesting and your
  flaming back to either get the f out or got to microsoft


You are guilty of the flaming sin yourself, heal thy self physician.


 YOU HAVE SERIOUS TROLLING ISSUES


See above comment.


 thanks for everything
  leaveing you for tech for good


Changing mailing lists without changing attitude will land you up with the
same problems.
I'm under correction but I think a LOT of the people on the MISC list
are probably also on TECH.


 I KNEW BUT NOW I KNOW WHY THEO NEVER READS MISC


Hey actually does read this list, and answers too sometimes (mostly brief
BUT hey it is him at least).

Re: change serial console to display

[J.C. Roberts]

On Tuesday 28 October 2008, Girish Venkatachalam wrote:
 On 08:49:13 Oct 28, ico wrote:
  Hello gents,
 
  I did configure my old box with serial console probably 2 y ago.
  Now I'd like to get it back to normal. I don't have null modem
  cable available.
  What needs to be changed?
 
  I already tried without success:
 
  echo   /etc/boot.conf
  or
  set tty pc0
 
  but I'm still not able to get login on display.
 
  Any suggestions?

 Your /etc/ttys should have the line:

 tty00   /usr/libexec/getty std.9600   vt100   on  secure


 -Girish

Actually, you've got it backwards. The line you posted is to enable the 
serial console. The original poster already has serial enabled, but now 
wants to disable it. The correct line in /etc/ttys would be:

tty00   /usr/libexec/getty std.9600   unknown off

The details of setup are in the FAQ-7
http://www.openbsd.org/faq/faq7.html#SerCon

-JCR

Re: Rare ntpd listen * failure

[Michael]

Hi,

Christian Weisgerber schrieb:
 Very rarely, ntpd with a listen * configuration fails to start
 up for me, saying it can't bind to an address.  As far as I can
 remember, that always happened to the very last address, a global
 IPv6 one.

I can confirm this behaviour. Only happens when also using IPv6 and
pretty much only happens when ntpd is started during bootup.

 This may not be ntpd's fault.  I know some people have problems
 with isakmpd starting up

isakmpd is just working fine for me though...


Michael

Rare ntpd listen * failure

[Christian Weisgerber]

Very rarely, ntpd with a listen * configuration fails to start
up for me, saying it can't bind to an address.  As far as I can
remember, that always happened to the very last address, a global
IPv6 one.

The condition is so rare, I'm not sure how I recovered from it on
past occurrences.  The last time it happened was two days ago on
my laptop, after I had added a second ethernet interface for testing
purposes.  I was busy with something else so I didn't investigate
and the problem went away when I ejected the interface.  I haven't
been able to reproduce it.

This may not be ntpd's fault.  I know some people have problems
with isakmpd starting up before v6 duplicate address detection (DAD)
has settled for all interfaces.  Could DAD stall for minutes or never
finish at all?

Anyway, I just wanted to throw this out there as an observation.

-- 
Christian naddy Weisgerber  [EMAIL PROTECTED]

Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?

[J.C. Roberts]

On Tuesday 28 October 2008, Neko wrote:
 i have being using openbsd since 2.6 and contributing, so
 please read before posting.


Liar.

http://mlblog.osdir.com/openbsd.tech/2002-10/msg00208.shtml

You also took a 5 year long break between 2003 and 2008. You should take 
another 5 year long break, or even better, take a permanent break from 
OpenBSD. --We won't miss you.


 YOU HAVE SERIOUS TROLLING ISSUES


Nope. You've been rude to everyone, both on list and off. You have even 
insulted a number of the developers who gave you OpenBSD, including 
Theo, Nick Holland, Ted Unangst and others, both on misc@ and [EMAIL PROTECTED] 
The archives of the mailing lists have plenty of examples of you 
insulting people and doing nothing more than whining.

-JCR

Re: Dell XPS M1330 Ethernet support?

[Jordi Beltran Creix]

Thank you for the information, but does it actually work for you? I
have tested the latest AMD64 4.4 snapshot and while I can bring the
device up and LEDs are blinking I get no response from my router.
Should I try again with i386?
Also, slightly unrelated, is it possible to break out of some
unresponsive setup item(say ftp to openbsd.org without a connection)
without leaving the setup altogether?

Thank you

2008/10/27 Kevin Cornies [EMAIL PROTECTED]:
 On Sat, Oct 25, 2008 at 09:20:14PM +0900, Jordi Beltran Creix wrote:
 I recently acquired a Dell opensource laptop and am trying to
 install OpenBSD on it. But I am having a problem with the Ethernet.
 The device is detected as a Broadcom chipset and is managed by the bge
 driver. This is all from a i386 4.3 CD but I had the same problem with
 an old 4.4 snapshot.
  bge0 at pci4 dev 0 function 0 Broadcom BCM5906NP rev 0x02, 
  BCM5906A2(0xc002): irq 10, address ...
 If I ifconfig from the (s)hell I can set up everything but it
 complains that status: no carrier. And indeed there is no light
 whatsoever in the socket.
 The device works in Ubuntu with the Tigon3 driver, so I suspected it
 could need some sort of firmware, but this is not the Intel wireless
 and everything else is supposed to be more or less open. The laptop is
 listed as working(minus ACPI) as of 4.2 in /i386-laptop.html although
 its dmesg doesn't quite agree:
 Broadcom BCM5906M rev 0x02 at pci4 dev 0 function 0 not configured
 Has anyone managed to get 1330 Ethernet to work?

 Thank you


 Works in Oct 15th -current.

 bge0 at pci4 dev 0 function 0 Broadcom BCM5906M rev 0x02, BCM5906 A2 
 (0xc002): apic 2 int 17 (irq 10), address 00:1d:09:39:50:49
 brgphy0 at bge0 phy 1: BCM5906 10/100baseTX PHY, rev. 0

Re: Serial ATA RAID ctrl on PCI

[J.C. Roberts]

On Monday 27 October 2008, Mikolaj Kucharski wrote:
 Hi,

 I'm looking SATA controller with h/w RAID support which is working on
 OpenBSD and has:

 - minimum 4 SATA ports (internal preferably)
 - Built-in RAID 0, RAID 1, RAID 1+0, RAID 5
 - Hot swap (not a must)
 - PCI bus
 - large drives support (500GB)
 - use as RAID and non-RAID controller (not a must)

You didn't mention SATA 150 versus SATA 300 (aka SATA 2) ?

You didn't mention PCI width (32-bit versus 64-bit) ?

You didn't mention PCI speed (33, 66, 100, 133 MHz) ?

Attempting Hot-Swap with SATA drives is normally an invitation to 
disaster.

The following are listed as supported on: 
http://www.openbsd.org/i386.html

LSI MegaRAID SATA 150-4(four disk) PCI 64-bit/66 MHz 
LSI MegaRAID SATA 150-6(six disk)  PCI 64-bit/66 MHz 
LSI MegaRAID SATA 300-4X   (four disk) ?
LSI MegaRAID SATA 300-4XLP (four disk) ?
LSI MegaRAID SATA 300-8X   (eight disk) PCI-X 64-bit, 133/100/66 MHz
LSI MegaRAID SATA 300-8XLP (eight disk) ?

You can get more info on the above from here:
http://www.lsi.com/storage_home/products_home/internal_raid/megaraid_sata/index.html

For some strange reason LSI is no longer listing the plain 300-4X but 
it is still listing the 300-4XLP

If you have the wild idea of taking a four 500+GB drives and striping 
them together into a single partition of 2+TB size, realize the sane 
limit on OpenBSD 4.3 is only 1TB. I remember seeing Marco@ post 
something about building a 2TB partition, but he's a trained 
professional and licensed to do crazy stuff :-)

-JCR

J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Neko]

SO YOU HUNT DOWN PEOPLE FOR , AFTER I COUNTERFLAME THE FACT OF SOMEONE TELLING 
ME TO GO TO AN OTHER PROJECT, I WONT REMOVE THE CAPS CAUSE YOU WILL ACKNOWLEDGE 
THAT NOW YOUR ASKING ME TO PAY OF FUCK OFF.

YOUR BITING THE HAND THAT FEEDS YOU 

I DO TELL MY CUSTOMERS THAT THIS FORUM/PROJECT IS LEGENDARY FOR TROLLING
BUT YOUR ABUSE RITE THERE IS BEYOND PUSHER MARKETING.

contribute people or hell hunt your down to diss you on the forums 

git a life

neko

--- On Tue, 10/28/08, J.C. Roberts [EMAIL PROTECTED] wrote:

 From: J.C. Roberts [EMAIL PROTECTED]
 Subject: Re: NTFS EXPERT Read/Write MULTI OS ready to DEPLOY on HIS obsd ?
 To: misc@openbsd.org
 Date: Tuesday, October 28, 2008, 7:30 AM
 On Tuesday 28 October 2008, Neko wrote:
  i have being using openbsd since 2.6 and contributing,
 so
  please read before posting.
 
 
 Liar.
 
 http://mlblog.osdir.com/openbsd.tech/2002-10/msg00208.shtml
 
 You also took a 5 year long break between 2003 and 2008.
 You should take 
 another 5 year long break, or even better, take a permanent
 break from 
 OpenBSD. --We won't miss you.
 
 
  YOU HAVE SERIOUS TROLLING ISSUES
 
 
 Nope. You've been rude to everyone, both on list and
 off. You have even 
 insulted a number of the developers who gave you OpenBSD,
 including 
 Theo, Nick Holland, Ted Unangst and others, both on misc@
 and [EMAIL PROTECTED] 
 The archives of the mailing lists have plenty of examples
 of you 
 insulting people and doing nothing more than whining.
 
 -JCR

Re: Serial ATA RAID ctrl on PCI

[Claudio Jeker]

On Mon, Oct 27, 2008 at 11:14:50PM +, Mikolaj Kucharski wrote:
 Hi,
 
 I'm looking SATA controller with h/w RAID support which is working on
 OpenBSD and has:
 
 - minimum 4 SATA ports (internal preferably)
 - Built-in RAID 0, RAID 1, RAID 1+0, RAID 5
 - Hot swap (not a must)
 - PCI bus
 - large drives support (500GB)
 - use as RAID and non-RAID controller (not a must)
 

Have a look at the man -k RAID output.

Especially arc(4) and ami(4) are great SATA RAID controllers on OpenBSD.
-- 
:wq Claudio

Re: IBM x3350

[EF Ahlsen-Girard (Ed Ahlsen-Girard, TYBRIN Corporation)]

I can personally attest that it runs like a clock on VMWare Server as well.

Ed


I don't know about that, but if it doesn't you can install obsd over
vmware esxi and it will work like a charm :)

uday

On Mon, Oct 27, 2008 at 4:03 PM, Johan Borch [EMAIL PROTECTED] wrote:
 Hi,

 I know that there has been a lot of mails about the IBM x-series lately,
but
 is it the same problem  with all of them (Adaptec raid)? I couldn't find
 anything about the x3350 on the lists, anyone knows if that one works with
 OpenBSD?

 Regards
 Johan

Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Owain Ainsworth]

On Tue, Oct 28, 2008 at 05:37:24AM -0700, Neko wrote:
 SO YOU HUNT DOWN PEOPLE FOR , AFTER I COUNTERFLAME THE FACT OF SOMEONE 
 TELLING ME TO GO TO AN OTHER PROJECT, I WONT REMOVE THE CAPS CAUSE YOU WILL 
 ACKNOWLEDGE THAT NOW YOUR ASKING ME TO PAY OF FUCK OFF.
 
 YOUR BITING THE HAND THAT FEEDS YOU 
 
 I DO TELL MY CUSTOMERS THAT THIS FORUM/PROJECT IS LEGENDARY FOR TROLLING
 BUT YOUR ABUSE RITE THERE IS BEYOND PUSHER MARKETING.
 
 contribute people or hell hunt your down to diss you on the forums 
 
 git a life

[EMAIL PROTECTED]:~$git clone a://life
Initialized empty Git repository in /home/oga/life/.git/
fatal: I don't handle protocol 'a'


sorry, try again.

 
 neko

-- 
You cannot achieve the impossible without attempting the absurd.

Capture serial port output to a file

[Bruce Bauer]

Problem:
OpenBSD 4.2 on i386
Serial port /dev/cua00 connected to the console port on a firewall.
I need to catch all text output from the serial port to a file.
The process doing this must survive a loss of network.
The box is running headless.
I have tried simple things like cat and buffer, but these processes exit
after one or two lines of output.
I need a process that will run until interrupted, and that doesn't need a
controlling session.

Google searches on this yield a lot of noise about redirecting console
output to a serial port.

_
OpenBSD is the _only_ operating system that takes security as
seriously as it should be taken. Consider the why of OpenBSD's
accomplishments. Remove the why and you remove what they accomplished.
Use OpenBSD and think like Windows and get Windows security.

Re: Rare ntpd listen * failure

[Stuart Henderson]

On 2008-10-28, Michael [EMAIL PROTECTED] wrote:
 This may not be ntpd's fault.  I know some people have problems
 with isakmpd starting up

 isakmpd is just working fine for me though...

isakmpd was changed recently not to bind to a tentative address, you
can run into the problem with this if you have custom startup scripts
and presumably also on a fast system.

http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/isakmpd/virtual.c.diff?r1=1.28;r2=1.29

Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Jonathan Schleifer]

Am 28.10.2008 um 13:37 schrieb Neko:

 Lots of shit written in caps

I think it should be clear now that he's just a kid and that we should  
all just ignore him. He's not worth it wasting any time replying.

--
Jonathan

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of PGP.sig]

Re: Capture serial port output to a file

[Jussi Peltola]

echo '@reboot screen -d -m -L /dev/cua00 9600' | crontab -
but mind your existing crontab.

Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Kevin Wilcox]

2008/10/28 Owain Ainsworth [EMAIL PROTECTED]:

 On Tue, Oct 28, 2008 at 05:37:24AM -0700, Neko wrote:

 git a life

 [EMAIL PROTECTED]:~$git clone a://life
 Initialized empty Git repository in /home/oga/life/.git/
 fatal: I don't handle protocol 'a'

Didn't anyone ever tell you not to run arbitrary commands you read on
a mailing list? grin

kmw

-- 
Far better is it to dare mighty things, to win glorious triumphs, even
if checkered by failure, than to take rank with those poor spirits who
neither enjoy much nor suffer much, because they live in the gray
twilight that knows not victory or defeat.

Re: J.C. Roberts [EMAIL PROTECTED] saiz OpenBSD. --We won't miss you.

[Jason Dixon]

On Tue, Oct 28, 2008 at 05:37:24AM -0700, Neko wrote:
[ Lots of all-caps shit that I won't read ]

Welcome to /dev/null.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

commercial support - pf/relayd

[uday]

Hi,

just wanted to know if there were any commercial support available for
pf/relayd in particular or any other support contract that could
include these two components.

sincerely,

uday

Re: commercial support - pf/relayd

[J.C. Roberts]

On Tuesday 28 October 2008, uday wrote:
 Hi,

 just wanted to know if there were any commercial support available
 for pf/relayd in particular or any other support contract that could
 include these two components.

 sincerely,

 uday

What kind of support are you after?

There's a great list of commercial support on the project site:

http://www.openbsd.org/support.html

It might also be wise to talk to the developers of the specific 
components you're asking about. You can look them up in cvs.

kind regards,
jcr

Re: Capture serial port output to a file

[Jussi Peltola]

On Tue, Oct 28, 2008 at 02:45:07PM +0100, Marc Balmer wrote:
 I could suggest you run cu in a screen session.  I have used
 
 cu ... | tee logfile
 
 in the past, but there are possibly more elegant solutions

Screen can do logging and open windows to serial ports directly by
itself (as I mentioned in my other mail). It's been working very
reliably for me; some my servers are daisy chained together, and
whenever I've had one fail, the one before it has had a log of its
output, even after unattended reboots.

screen is a gem. A soekris and a serial card and openbsd is an
incredible console server for server administration, especially compared
to the dedicated hardware ones.

Re: commercial support - pf/relayd

[ropers]

2008/10/28 uday [EMAIL PROTECTED]:
 Hi,

 just wanted to know if there were any commercial support available for
 pf/relayd in particular or any other support contract that could
 include these two components.

Have you looked here?
http://www.openbsd.org/support.html

You could also try these guys:
http://www.genua.de/index.en.html
http://www.rayservers.com/consulting
(That's just the first two random OpenBSD-literate companiest that do
consulting that come to my mind; I haven't had any dealings with
them.)

You also can't go wrong here:
http://www.bsws.de/en/about/contact.shtml (because there you'd end up
talking to a programmer who actually wrote a lot of the code).

Or maybe make some of the other OpenBSD coders an offer. E.g. Daniel
Hartmeier is the initial author of PF (and he has continued to code),
and there are quite a few others (and I'm not saying that any of them
are better than the others; the guys I'm mentioning here are just the
first names that popped into my head).

Or ask Peter Hansteen --who wrote a book on PF-- if he is available.

Thanks and regards,
--ropers

Using OpenBGPD as a route-server

[Hans Vosbergen]

Hi Misc,

I am trying to make OpenBGPD work as a route-server for a little hobby
project I am working on.

As it's very hard to find configuration examples for this usage on the web i
have to turn here.

What I am trying to achieve:
- A route-server acting as a transparent route distributor.
- Control by neighbours who their prefixes are announced to, based on
communities.

Making OpenBGP work as a transparent AS was the easy part. However I'm stuck
in the communities control part.

How it is supposed to work, my route-server has AS1234 in my test
environment.

If a neighbour announces:
1. { community 1234:1234 } -- Their prefixes will be announced to EVERY
other neighbour.
2. { community 1234:as} -- Their prefixes will ONLY be announced to AS,
ie: 1234:8943 will only send the prefixes to AS8943.
3. { community 1234:1234 1234:AS } -- Their prefixes will be announced to
every other neighbour EXCEPT AS.

I have been able to achieve the first 2 ways the prefix control should work,
but I can't manage to get the 3rd to work. Before moving to OpenBGPD I
managed to produce the way I want it to work in Quagga but I simply do not
want to use that.

Would anyone have an idea on how to make OpenBGPD not announce prefixes to
specific neighbours if they appear in the 1234:1234 1234:AS list?

My configuration:
--
AS 1234
router-id 10.0.0.60
fib-update no
log updates
listen on 10.0.0.60

nexthop qualify via bgp
transparent-as yes

group peers-rs-v4 {
announce IPv4 unicast
softreconfig in yes
enforce neighbor-as yes

neighbor 10.0.0.61 {
descr juniperm5
remote-as 65501
announce all
passive
}
neighbor 10.0.0.64 {
descr foundryxmr
remote-as 65502
announce all
passive
}
neighbor 10.0.0.63 {
descr cisco7200
remote-as 65503
announce all
passive
}
}

deny from any
deny from any prefix 0.0.0.0/0
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix { 192.168.0.0/16 169.254.0.0/16 } prefixlen = 16
deny from any prefix 169.254.0.0/16 prefixlen = 32

deny from any community *:*
deny to any community *:*

# Community 1234:65502 goes to AS65502
allow from any community 1234:65502
allow to 10.0.0.64 community 1234:65502

# Community 1234:1234 goes to everyone
allow from any community 1234:1234
allow to any community 1234:1234

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Artur Grabowski]

Neko [EMAIL PROTECTED] writes:

 its shows that some poor trolls here dont own ultraportables with no
 external drives, and use more than one os alternative.

When your machine is a tool, not a toy, you run one operating system,
whichever that might be.

//art

Re: Capture serial port output to a file

[Stuart Henderson]

On 2008-10-28, Bruce Bauer [EMAIL PROTECTED] wrote:
 Problem:
 OpenBSD 4.2 on i386
 Serial port /dev/cua00 connected to the console port on a firewall.
 I need to catch all text output from the serial port to a file.
 The process doing this must survive a loss of network.
 The box is running headless.
 I have tried simple things like cat and buffer, but these processes exit
 after one or two lines of output.
 I need a process that will run until interrupted, and that doesn't need a
 controlling session.

try conserver, it's ideal for this. in ports/packages.

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Anton Parol]

Neko [EMAIL PROTECTED] writes:

  

its shows that some poor trolls here dont own ultraportables with no
external drives, and use more than one os alternative.



When your machine is a tool, not a toy, you run one operating system,
whichever that might be.

//art

  
Art, I have a machine, it is a tool, and it has two operating systems. I 
want a prize!

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Heimdall Imbert]

Forgive me for stating the obvious but insulting members of misc@ is not
going to get you closer to your goal, Neko.  I'm sure that nobody enjoys
receiving multiple emails about this issue.

So please, for the sake of those of us who don't want to read any more about
this situation, let the issue be.

2008/10/28 Neko [EMAIL PROTECTED]

 IF YOU took time to read PROPERLY Jonathan,

 the drivers WORKS, BUT ONLY FOR ONE NATIVE ENTRY in the disklabel.

 but like I WROTE, i structured my bsd system in more THAN ONE native

 bsd entry ie /usr/local ... IS ON wd0e

 if i load wd0e  i get the proper size, but what's ls on my screen

 IS THE MAIN ROOT.


 so get back to your project , ill get back to subsidaries who actually
 cares about openbsd full market deployment overlordship.


 enjoy,

 neko

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Heimdall Imbert]

Hahaha, I wanted to say the same thing but figured that this wouldn't be an
appropriate venue for a discussion of this nature.  But since someone else
brought it up, I figure I might as well add my two cents. I currently run
Debian and Windows XP on my laptop and I use it as a learning tool (because
I am nowhere near a guru unlike many of the people here!).

Cheers,

Heimdall

2008/10/28 Anton Parol [EMAIL PROTECTED]

 Neko [EMAIL PROTECTED] writes:



 its shows that some poor trolls here dont own ultraportables with no
 external drives, and use more than one os alternative.



 When your machine is a tool, not a toy, you run one operating system,
 whichever that might be.

 //art



 Art, I have a machine, it is a tool, and it has two operating systems. I
 want a prize!

Re: PostgreSQL Problems

[Bryan Irvine]

On Mon, Oct 27, 2008 at 5:19 AM, Simon Connah
[EMAIL PROTECTED] wrote:
 Sorry if this is the wrong list, I debated whether to post it to ports but
 as it is not a problem with the port itself and is more a user problem (i.e
 I'm being stupid :)) I thought misc was probably more appropriate.

 Anyway I've been trying to get PostgreSQL setup on my 4.3 box and I'm not
 having much luck at all. I've followed the instructions in README.OpenBSD
 but I think I am missing something very simple here. Any help would be
 greatly appreciated.


Over the weekend I had almost the exact same error.
In my case it turns out I had forgotten to kill the running postgres
process when running initdb.

-B

fjnews11-2008

[funjet]

FUNJET

ASSOCIAZIONE SPORTIVA FUNJET

www.funjet.it [EMAIL PROTECTED]

FJNEWS 11/2008

A.S.D. Funjet di Empoli, in collaborazione con lo staff organizzativo
PARAFLIGHT di Massa ed il Comune di Massa, h lieta di presentare
l'ultimo importante impegno agonistico della lunga stagione 2008, con
l'organizzazione del 10 G.P. PARAFLIGHT MASSA 60 e ultima prova di
Campionato Italiano Moto D'acqua Endurance 2008.

Le gare si terranno Domenica 2 Novembre nello specchio di mare compreso
tra il Circolo Sportivo Balneare Paraflight sito in lungomare Levante a
Ronchi e il pontile di Marina di Massa.

Sicuramente una gara molto emozionante, che vedr` i piloti, provenienti
da tutta Italia affrontarsi in una prova di resistenza molto impegnativa,
che prevede 2 manche di 45 minuti ciascuna.

Non mancheranno le dimostrazioni di Moto D'Acqua Freestyle con la
presenza del Campione Italiano Freestyle Pro 2008 Valerio Calderoni.

Questi gli orari della manifestazione:

12.00 Prima manche.

14.30 Esibizione Freestyle.

15.00 Seconda manche.

17.00 Premiazioni.

LOCANDINA

Continuate a seguirci su www.funjet.it news anticipazioni risultati
agonistici gossip e la nuova FUNJET TV (FUNTUBE)...e.
www.motodacqua.eu dove h possibile trovare e scaricare le foto in forma
originale alla massima definizione di tutte le gare e gli show Funjet.

Le news di Funjet.it.Notizie e info dal mondo delle moto d'acqua.Questa
news letter viene spedita a circa 15000 mail ai piloti, gli sponsor,
testate giornalistiche, aziende del settore, partners, uffici marketing,
agenzie pubblicitarie, uffici stampa, televisioni e radio. Le
informazioni contenute nella presente comunicazione e relativi allegati
possono essere copiati e ritrasmessi con qualsiasi mezzo di comunicazione
purchi venga sempre citata la fonte. Per particolari esigenze e o
collaborazioni contattare la redazione.

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Bryan Irvine]

On Sun, Oct 26, 2008 at 12:57 AM, Denis Doroshenko
[EMAIL PROTECTED] wrote:
 On Sun, Oct 26, 2008 at 9:10 AM, Matthew Weigel [EMAIL PROTECTED] wrote:
 Neko wrote:

 this is the future. people use multiple os on their machine

 That's actually the past... multibooting seemed way more popular ten years 
 ago
 than now.  I'm going to go out on a limb here, and say that most people - 
 even
 if their machine is set up to boot multiple systems - really just use one OS
 per computer.

 have you done any analysis of statistical data in order to say so?
 otherwise all those way more popular, most people it is a big IYHO.

  On the other hand, CIFS/NFS network storage devices are cheap,
 and people can use them whether they dual boot, or simply have multiple
 machines on their network.  Then too, a lot of people just use boring old
 thumb drives to store data that all their systems can use.

 well with NFS i'd agree, in case there is a robust free NFS implementation
 for MS Windows (haven't looked for that myself, as I don't seem to have NFS
 storage in my home LAN).

MS actually offers one:
http://technet.microsoft.com/en-us/interopmigration/bb380242.aspx

I've even used it. It works pretty good though it is a bit awkward feeling.

-B

generate pgp

[Benjamin Adams]

I'm trying to generate pgp to use with email.  Anyone know a simple
how to?  or can help me with commandline tool? thanks

Re: generate pgp

[Lars Noodén]

Benjamin Adams wrote:
 I'm trying to generate pgp to use with email. 

Which mail client?  Pine? Alpine? Mutt? Thunderbird? Opera?

  Anyone know a simple
 how to?  or can help me with commandline tool? thanks

http://www.dewinter.com/gnupg_howto/english/GPGMiniHowto-3.html
http://www.doc.ic.ac.uk/csg/faqs/gpghowto.html

see also

The GNU Privacy Assistant
http://www.openbsd.org/4.3_packages/i386/gpa-0.4.3.tgz-long.html

Enigmail
http://www.openbsd.org/4.3_packages/i386/enigmail-0.95.5p0.tgz-long.html

You can use a RSA key for both signing and encrypting, though may have
to add it after the initial key creation as a subkey.

regards
-Lars

Re: generate pgp

[Maxime DERCHE]

On Tue, 28 Oct 2008 13:44:46 -0400
Benjamin Adams [EMAIL PROTECTED] wrote:

 I'm trying to generate pgp to use with email.  Anyone know a simple
 how to?  or can help me with commandline tool? thanks
 

Hum, generate pgp ?
You have GnuPG in the ports tree, and there is a package, so you can
just use pkg_add(8) to install it.
Then, you may want to generate a key pair, that is a private (secret)
and a public key. Both can be generated using the command :
gpg --gen-key

Once GnuPG is installed you can just read its man page and/or
gpg --help

You obviously also need to read the excellent documentation that can be
found on http://www.gnupg.org/ ; http://www.rossde.com/PGP/ is also a
good thing to read (I really like its keyservers list).


Regards,
Maxime DERCHE

PS  This is an OpenBSD mailing list, so here we talk about OpenBSD.
You may want to read http://www.openbsd.org/mail.html to learn about
this list...


-- 
Maxime DERCHE : maxime /at/ mouet-mouet.net | maxime.derche /at/ free.fr
http://www.mouet-mouet.net/maxime/blog/index.php

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[William Boshuck]

On Tue, Oct 28, 2008 at 12:31:14PM -0400, Heimdall Imbert wrote:
 Hahaha, I wanted to say the same thing but figured that this wouldn't be an
 appropriate venue for a discussion of this nature.  But since someone else
 brought it up, I figure I might as well add my two cents. I currently run
 Debian and Windows XP on my laptop and I use it as a learning tool (because
 I am nowhere near a guru unlike many of the people here!).

I am nothing like a guru, and nothing approaching a programmer.  I
cannot write a simple shell script without rereading parts of man
pages to remember how it goes; sometimes I cannot even write a
simple XHTML file without consulting the definition at w3.org to
remember how it goes.  I have never used Windows, I used Linux
only briefly, and since then I've used nothing but OpenBSD (except
where I have a shell account on a machine that belongs to someone
else, and then only remotely).  In my opinion OpenBSD is the
ultimate learning tool, perhaps largely because of the high
quality of its documentation.  Also because on mailing lists like
this one the developers are willing to tell it straight however
the rest of us may react (I view that in itself as a form of
generosity).  You just have to commit to reading carefully and
with patience (mainly towards the gradual accumulation of your own
understanding).

I think the widespread view that OpenBSD is only, or mainly, for
gurus is an unfortunate myth.  On the other hand, it may be true
that OpenBSD is only, or mainly, for people who are willing to
read carefully and patiently, and who understand and accept how
OpenBSD is offered to the world for free.  I believe that the
latter point could be better and more widely understood.

cheers,
-wb
(Who's received his copy of 4.4 late last week, and thanks the
developers for another job (predictably) well done.)

Re: NTFS-3G Stable Read/Write Driver ready to merge on cvs obsd ?

[Heimdall Imbert]

I understand what you mean.  I guess I should have chosen a better word.
And my issue isn't that I don't read (I read as much as I can on user
forums,
I subscribe and read to Debian and OpenBSD mailing distributions and tinker
with what I can).  Unfortunately, it feels as if some of the things that I
work on
are trivial in comparison to some of the things that I read on this mailing
list.
So I guess that, at least in my eyes, you guys are gurus. :P

2008/10/28 William Boshuck [EMAIL PROTECTED]

 On Tue, Oct 28, 2008 at 12:31:14PM -0400, Heimdall Imbert wrote:
  Hahaha, I wanted to say the same thing but figured that this wouldn't be
 an
  appropriate venue for a discussion of this nature.  But since someone
 else
  brought it up, I figure I might as well add my two cents. I currently run
  Debian and Windows XP on my laptop and I use it as a learning tool
 (because
  I am nowhere near a guru unlike many of the people here!).

 I am nothing like a guru, and nothing approaching a programmer.  I
 cannot write a simple shell script without rereading parts of man
 pages to remember how it goes; sometimes I cannot even write a
 simple XHTML file without consulting the definition at w3.org to
 remember how it goes.  I have never used Windows, I used Linux
 only briefly, and since then I've used nothing but OpenBSD (except
 where I have a shell account on a machine that belongs to someone
 else, and then only remotely).  In my opinion OpenBSD is the
 ultimate learning tool, perhaps largely because of the high
 quality of its documentation.  Also because on mailing lists like
 this one the developers are willing to tell it straight however
 the rest of us may react (I view that in itself as a form of
 generosity).  You just have to commit to reading carefully and
 with patience (mainly towards the gradual accumulation of your own
 understanding).

 I think the widespread view that OpenBSD is only, or mainly, for
 gurus is an unfortunate myth.  On the other hand, it may be true
 that OpenBSD is only, or mainly, for people who are willing to
 read carefully and patiently, and who understand and accept how
 OpenBSD is offered to the world for free.  I believe that the
 latter point could be better and more widely understood.

 cheers,
 -wb
 (Who's received his copy of 4.4 late last week, and thanks the
 developers for another job (predictably) well done.)

Re: change serial console to display

[ico]

Dna Tue, Oct 28, 2008 at 04:07:19AM -0700, J.C. Roberts spisal(a) :
On Tuesday 28 October 2008, Girish Venkatachalam wrote:
 On 08:49:13 Oct 28, ico wrote:
  Hello gents,
 
  I did configure my old box with serial console probably 2 y ago.
  Now I'd like to get it back to normal. I don't have null modem
  cable available.
  What needs to be changed?
 
  I already tried without success:
 
  echo   /etc/boot.conf
  or
  set tty pc0
 
  but I'm still not able to get login on display.
 
  Any suggestions?

 Your /etc/ttys should have the line:

 tty00   /usr/libexec/getty std.9600   vt100   on  secure


 -Girish

Actually, you've got it backwards. The line you posted is to enable the 
serial console. The original poster already has serial enabled, but now 
wants to disable it. The correct line in /etc/ttys would be:

   tty00   /usr/libexec/getty std.9600   unknown off

The details of setup are in the FAQ-7
http://www.openbsd.org/faq/faq7.html#SerCon

-JCR


Yes sir, I'm reading FAQ first. I know I enabled in /etc/ttys
console line, but you know, all I have when it's booting is only few
commands. Like echo and set tty and stty. Then it starts
booting and my monitor shows me no signal.
I'm not sure, how could I modify /etc/ttys to replace existing 
console line with unknown off. Except maybe mounting disk elsewhere.

As you see, I was not very successful with my set tty commands. If it's
possible to do it this way it would be great.

-- 

   ico 

Possible bug in IPSec? (was Packets sent with wrong SPI)

[(private) HKS]

A briefer summary of the problem:

Router A has two interfaces: 10.123.0.46/24 and 10.100.0.1/16
Router B has one interface: 10.123.0.48/24

When using manual IPSec keying with a single flow between 10.123.0.46
and 10.123.0.48, it works fine.

When I add a flow between 10.100.0.0/16 and 10.123.0.48, traffic from
10.123.0.46 to 10.123.0.48 is encoded with the wrong SPI. The reverse
direction is fine.

Config files and dmesg are below, in my original message.

This appears to be a bug, but what additional information can I
provide to help diagnose it? Can anyone else reproduce this?

-HKS



On Tue, Oct 21, 2008 at 3:13 PM, (private) HKS [EMAIL PROTECTED] wrote:
 OpenBSD 4.3.

 I'm trying to get a couple IPSec VPNs up and am running into
 increasingly bizarre behavior in my test environment. The current
 issue is that packets are being sent encoded with the wrong SPI.

 Router A has two interfaces: 10.123.0.46/24 and 10.100.0.1/16.
 Router B has one interface: 10.123.0.48/24.

 I can get A and B encrypting traffic between 10.123.0.46 and
 10.123.0.48 with no problem, but when I add flows for 10.100.0.0/16
 the SPIs start getting mixed up. Specifically, pings from 10.123.0.46
 (A) to 10.123.0.48 (B) use the wrong SPII am using manual keying to
 eliminate isakmpd as a source of other issues (that were probably my
 fault somehow). The keys are the defaults included in the ipsec.conf
 example since this is a test environment.

 Here is router A's ipsec.conf:
 --
 flow esp from 10.123.0.46 to 10.123.0.48 local 10.123.0.46 peer
 10.123.0.48 type require
 esp tunnel from 10.123.0.46 to 10.123.0.48 spi 0x00010002:0x00020001
 authkey 
 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6
 enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d

 flow esp from 10.100.0.0/16 to 10.123.0.48 peer 10.123.0.48 type require
 esp tunnel from 10.100.0.0/16 to 10.123.0.48 spi 0x00010004:0x00040001
 authkey 
 0x54f79f479a32814347bb768d3e01b2b58e49ce674ec6e2d327b63408c56ef4e8:0x7f48ee352c626cdc2a731b9d90bd63e29db2a9c683044b70b2f4441521b622d6
 enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d
 --

 Output from router A's ipsecctl -sa looks like you would expect:
 --
 FLOWS:
 flow esp in from 10.123.0.48 to 10.100.0.0/16 peer 10.123.0.48 type require
 flow esp out from 10.100.0.0/16 to 10.123.0.48 peer 10.123.0.48 type require
 flow esp in from 10.123.0.48 to 10.123.0.46 local 10.123.0.46 peer
 10.123.0.48 type require
 flow esp out from 10.123.0.46 to 10.123.0.48 local 10.123.0.46 peer
 10.123.0.48 type require

 SAD:
 esp tunnel from 10.123.0.46 to 10.123.0.48 spi 0x00010002 auth
 hmac-sha2-256 enc aes
 esp tunnel from 10.100.0.0 to 10.123.0.48 spi 0x00010004 auth
 hmac-sha2-256 enc aes
 esp tunnel from 10.123.0.48 to 10.123.0.46 spi 0x00020001 auth
 hmac-sha2-256 enc aes
 esp tunnel from 10.123.0.48 to 10.100.0.0 spi 0x00040001 auth
 hmac-sha2-256 enc aes
 --

 Attempting to ping 10.123.0.48 from 10.123.0.46 gets no response, and
 tcpdump -i enc0 shows this:
 --
 tcpdump: listening on enc0, link-type ENC
 09:15:11.230658 (authentic,confidential): SPI 0x00010004: 10.123.0.46
 10.123.0.48: icmp: echo request (encap)
 09:15:12.240381 (authentic,confidential): SPI 0x00010004: 10.123.0.46
 10.123.0.48: icmp: echo request (encap)
 09:15:13.250028 (authentic,confidential): SPI 0x00010004: 10.123.0.46
 10.123.0.48: icmp: echo request (encap)
 09:15:14.260702 (authentic,confidential): SPI 0x00010004: 10.123.0.46
 10.123.0.48: icmp: echo request (encap)
 --

 Which is clearly the wrong SPI. If I try to ping in the reverse
 direction, B sends its packets with the correct SPI while the replies
 are encoded for 0x00010004. Removing the subnet lines from ipsec.conf
 corrects this issue.

 Is this a bug in IPsec or something I'm doing wrong?

 Thanks for the help. dmesg follows.

 -HKS


 OpenBSD 4.3 (GENERIC) #698: Wed Mar 12 11:07:05 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz (GenuineIntel
 686-class) 2.33 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,DS-CPL
 real mem  = 267939840 (255MB)
 avail mem = 251031552 (239MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 12/06/06, BIOS32 rev. 0 @
 0xfd880, SMBIOS rev. 2.31 @ 0xe0010 (45 entries)
 bios0: vendor Phoenix Technologies LTD version 6.00 date 12/06/2006
 bios0: VMware, Inc. VMware Virtual Platform
 apm0 at bios0: Power Management spec V1.2
 apm0: AC on, battery charge unknown
 acpi at bios0 function 0x0 not configured
 pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
 pcibios0: PCI Interrupt Router at 000:07:0 (Intel 82371FB ISA rev 0x00)
 pcibios0: PCI bus #2 is the last bus
 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 

Re: Serial ATA RAID ctrl on PCI

[Don Jackson]

On Oct 28, 2008, at 5:46 AM, Claudio Jeker wrote:


Have a look at the man -k RAID output.

Especially arc(4) and ami(4) are great SATA RAID controllers on  
OpenBSD.


Does OpenBSD's  arc(4) driver support any method to report RAID status  
and/or failures?


If not, then how is an admin supposed to understand the health of arc  
supported RAID array?

Re: Serial ATA RAID ctrl on PCI

[Robert Franklin]

Did you read the man page for arc(4)? It says right there.


On Tue, Oct 28, 2008 at 4:24 PM, Don Jackson [EMAIL PROTECTED] wrote:
 On Oct 28, 2008, at 5:46 AM, Claudio Jeker wrote:

 Have a look at the man -k RAID output.

 Especially arc(4) and ami(4) are great SATA RAID controllers on OpenBSD.

 Does OpenBSD's  arc(4) driver support any method to report RAID status
 and/or failures?

 If not, then how is an admin supposed to understand the health of arc
 supported RAID array?

4.3 won't boot at all on my laptop

[Stevoid]

Hi,

I've got a Toshiba Satellite A60 (that has no floppy. Can only boot from
CD).

I've burnt the various *.iso files to CD but my laptop doesn't recognise
them as bootable but I know whet work. I've begun the installation process
on several machines using these disks and they work.

I then, took the HDD out of my laptop, installed it into a desktop PC and
installed OpenBSD 4.3 on the drive. Before I took the laptop's HHD out of
the desktop, I even booted from it to make sure the installation went okay.
It did but when I stick the HDD back in the laptop, It just won't boot.

No booting from perfectly good CD? No booting from perfectly good
installation to HDD?

Does anyone know why this might be happening? I've been installing OpenBSD
since 2.8 and NEVER seen this.

 
-- 
View this message in context: 
http://www.nabble.com/4.3-won%27t-boot-at-all-on-my-laptop-tp20217926p20217926.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Serial ATA RAID ctrl on PCI

[Don Jackson]

On Oct 28, 2008, at 3:47 PM, Robert Franklin wrote:

 Did you read the man page for arc(4)? It says right there.

I did, and I'm not seeing anything.

It does talk about this:
   -a alarm-function
  Control the RAID card's alarm functionality, if supported.
  alarm-function may be one of:

  disable  Disable the alarm on the RAID controller.
  enable   Enable the alarm on the RAID controller.
  get  Retrieve the current alarm state (enabled or  
disabled).
  silence | quiet
   Silence the alarm if it is currently beeping.

  The alarm-function may be specified as given above, or  
by the
  first letter only (e.g. -a e).
But this all seems related to turning on/off the beeper, rather than  
giving me some textual indication of the health of the raid system.

If my server is in a colo miles away, the alarm buzzer is not going  
to be particularly useful to me.

Compare this to the ami driver, which states:
 Logical disk status is exposed under the hw.sensors sysctl(8) and  
can be
  monitored using sensorsd(8).  For example:

$ sysctl hw.sensors.ami0
hw.sensors.ami0.drive0=online (sd0), OK
hw.sensors.ami0.drive1=degraded (sd1), WARNING
hw.sensors.ami0.drive2=failed (sd2), CRITICAL
This exactly the kind of thing I am asking if arc supports, and if it  
doesn't (which is what I suspect), then IMHO, OpenBSD's support for  
Areca cards is not as awesome as its support for LSI Megaraid boards




 On Tue, Oct 28, 2008 at 4:24 PM, Don Jackson [EMAIL PROTECTED]  
 wrote:
 On Oct 28, 2008, at 5:46 AM, Claudio Jeker wrote:

 Have a look at the man -k RAID output.

 Especially arc(4) and ami(4) are great SATA RAID controllers on  
 OpenBSD.

 Does OpenBSD's  arc(4) driver support any method to report RAID  
 status
 and/or failures?

 If not, then how is an admin supposed to understand the health of arc
 supported RAID array?

Re: Serial ATA RAID ctrl on PCI

[Jonathan Gray]

On Tue, Oct 28, 2008 at 04:26:11PM -0700, Don Jackson wrote:
 On Oct 28, 2008, at 3:47 PM, Robert Franklin wrote:
 
  Did you read the man page for arc(4)? It says right there.
 
 I did, and I'm not seeing anything.
 
 It does talk about this:
-a alarm-function
   Control the RAID card's alarm functionality, if supported.
   alarm-function may be one of:
 
   disable  Disable the alarm on the RAID controller.
   enable   Enable the alarm on the RAID controller.
   get  Retrieve the current alarm state (enabled or  
 disabled).
   silence | quiet
Silence the alarm if it is currently beeping.
 
   The alarm-function may be specified as given above, or  
 by the
   first letter only (e.g. -a e).
 But this all seems related to turning on/off the beeper, rather than  
 giving me some textual indication of the health of the raid system.
 
 If my server is in a colo miles away, the alarm buzzer is not going  
 to be particularly useful to me.
 
 Compare this to the ami driver, which states:
  Logical disk status is exposed under the hw.sensors sysctl(8) and  
 can be
   monitored using sensorsd(8).  For example:
 
 $ sysctl hw.sensors.ami0
 hw.sensors.ami0.drive0=online (sd0), OK
 hw.sensors.ami0.drive1=degraded (sd1), WARNING
 hw.sensors.ami0.drive2=failed (sd2), CRITICAL
 This exactly the kind of thing I am asking if arc supports, and if it  
 doesn't (which is what I suspect), then IMHO, OpenBSD's support for  
 Areca cards is not as awesome as its support for LSI Megaraid boards

Yes, it should work the same as ami/mfi.

ie:

hw.sensors.arc0.drive0=online (sd0), OK
hw.sensors.arc0.drive1=online (sd1), OK
hw.sensors.arc0.drive2=online (sd2), OK
hw.sensors.arc0.drive3=online (sd3), OK
hw.sensors.arc0.drive4=online (sd4), OK
hw.sensors.arc0.drive5=online (sd5), OK
hw.sensors.arc0.drive6=online (sd6), OK
hw.sensors.arc0.drive7=online (sd7), OK
hw.sensors.arc0.drive8=online (sd8), OK
hw.sensors.arc0.drive9=online (sd9), OK
hw.sensors.arc0.drive10=online (sd10), OK

If you have an sgpio enabled controller you can toggle LEDs
on disk bays etc.

Re: 4.3 won't boot at all on my laptop

[johan beisser]

On Oct 28, 2008, at 4:11 PM, Stevoid wrote:

I've burnt the various *.iso files to CD but my laptop doesn't  
recognise
them as bootable but I know whet work. I've begun the installation  
process

on several machines using these disks and they work.


Are you 100% certain you burned the iso as an image, and not as a file?

I then, took the HDD out of my laptop, installed it into a desktop  
PC and
installed OpenBSD 4.3 on the drive. Before I took the laptop's HHD  
out of
the desktop, I even booted from it to make sure the installation  
went okay.
It did but when I stick the HDD back in the laptop, It just won't  
boot.


It's hard to help if I don't know what the error is. What is the error?


No booting from perfectly good CD? No booting from perfectly good
installation to HDD?


Different BIOS may have different requirements, read the  
installboot(8) and biosboot(8) man pages for your architecture.


Does anyone know why this might be happening? I've been installing  
OpenBSD

since 2.8 and NEVER seen this.


It seems odd, but without better listing of what the hardware is (or  
is not) doing, no one is going to be much help at all.


In 2001/2002 I had a Toshiba Satellite, to get it to boot anything  
other than Windows I recall having to install Grub to get the system  
to boot. Toshiba has never been particularly friendly to Open Source  
OS users.

X not recovering from sleep

[Fred Crowson]

Hi misc@

When I resume from a suspend on my IBM ThinkPad X41 using either zzz or 
closing the lid - X crashes and I'm unable to use Ctrl+Alt+F1 to get to 
a console to recover - I can ssh into the X41 in this state.


It's a fresh install of 4.4 (dmesg below), and I'm running X without an 
xorg.conf.


Can anyone suggest a fix?

Thanks

Fred
--
dmesg follows:
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.60GHz (GenuineIntel 686-class) 
1.60 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2

real mem  = 1600548864 (1526MB)
avail mem = 1538166784 (1466MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/14/06, BIOS32 rev. 0 @ 0xfd750, 
SMBIOS rev. 2.33 @ 0xe0010 (59 entries)

bios0: vendor IBM version 74ET61WW (2.06 ) date 03/14/2006
bios0: IBM 2525FAG
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 100%
apm0: AC on, battery charge high
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdec0/240 (13 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0xe800! 0xce800/0x1600 0xd/0x1000 
0xdc000/0x4000! 0xe/0x1

cpu0 at mainbus0
cpu0: Enhanced SpeedStep 1600 MHz (1116 mV): speeds: 1600, 1500, 1400, 
1300, 1200, 1100, 1000, 900, 800, 600 MHz

pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82915GM Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xc000, size 0x1000
drm at vga1 unsupported
Intel 82915GM Video rev 0x03 at pci0 dev 2 function 1 not configured
ppb0 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: irq 11
pci1 at ppb0 bus 2
bge0 at pci1 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 
(0x4101): irq 11, address 00:16:d3:2f:63:7c

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 11
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 11
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
pci2 at ppb1 bus 4
cbb0 at pci2 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11
sdhc0 at pci2 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 11
sdmmc0 at sdhc0
iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2915ABG rev 0x05: irq 
11, address 00:16:6f:c1:16:40

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 5 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: irq 11, 
ICH6 AC97

ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
Intel 82801FB Modem rev 0x03 at pci0 dev 30 function 3 not configured
ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03: PM 
disabled
pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x03: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: HTC426060G9AT00
wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 Intel 82801FB SMBus rev 0x03: irq 11
iic0 at ichiic0
spdmem0 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-4200CL3 SO-DIMM
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask effd netmask effd ttymask 
mtrr: Pentium Pro MTRR support
scsibus0 at sdmmc0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01,  SCSI2 0/direct fixed
sd0: 1947MB, 248 cyl, 255 head, 63 sec, 512 bytes/sec, 3987456 sec total
ugen0 at uhub3 port 2 

Re: Capture serial port output to a file

[Bruce Bauer]

screen looks like it will work.
I must have missed the other mail.
I'm building the port now and will report later.

Thanks

--- [EMAIL PROTECTED] wrote:

From: Jussi Peltola [EMAIL PROTECTED]
To: misc@openbsd.org
Subject: Re: Capture serial port output to a file
Date: Tue, 28 Oct 2008 17:22:54 +0200

On Tue, Oct 28, 2008 at 02:45:07PM +0100, Marc Balmer wrote:
 I could suggest you run cu in a screen session.  I have used
 
 cu ... | tee logfile
 
 in the past, but there are possibly more elegant solutions

Screen can do logging and open windows to serial ports directly by
itself (as I mentioned in my other mail). It's been working very
reliably for me; some my servers are daisy chained together, and
whenever I've had one fail, the one before it has had a log of its
output, even after unattended reboots.

screen is a gem. A soekris and a serial card and openbsd is an
incredible console server for server administration, especially compared
to the dedicated hardware ones.

Re: Serial ATA RAID ctrl on PCI

[Stuart Henderson]

On 2008-10-28, Don Jackson [EMAIL PROTECTED] wrote:
 On Oct 28, 2008, at 3:47 PM, Robert Franklin wrote:

 Did you read the man page for arc(4)? It says right there.

 I did, and I'm not seeing anything.

...
 arc supports alarm control and monitoring of volumes configured on the
 controllers via the bio(4) interface and the bioctl(8) utility.
...

Longest Uptime?

[new_guy]

I know. Longest uptime is silly, macho, pointless stuff... but I ran across
an old SunOS 2.6 box that had been up for 387 days. It had been hacked. The
only reason it was not an open mail relay is that /var was full. So, I
thought to myself, I bet I could run an OpenBSD box for that amount of time
or longer without getting hacked and without doing much to it. Just
wondering what's the longest OpenBSD uptime some folks on misc have seen?

Thanks
-- 
View this message in context: 
http://www.nabble.com/Longest-Uptime--tp20219082p20219082.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Longest Uptime?

[Stephane Lapie]

On Oct 29, 2008, at 9:54 AM, new_guy wrote:

 I know. Longest uptime is silly, macho, pointless stuff... but I  
 ran across
 an old SunOS 2.6 box that had been up for 387 days. It had been  
 hacked. The
 only reason it was not an open mail relay is that /var was full. So, I
 thought to myself, I bet I could run an OpenBSD box for that  
 amount of time
 or longer without getting hacked and without doing much to it. Just
 wondering what's the longest OpenBSD uptime some folks on misc have  
 seen?

When I built a NAT gateway for home some five years ago (On OpenBSD  
3.4), it could go on for more than 580 days without rebooting (though  
it didn't act as a public mail server), after which point I had a  
power outage and decided anyway to apply updates more diligently  
given the hassle it is to upgrade / reinstall a box all the way to  
the latest version when you let more than one version pass. :)
-- 
Stephane LAPIE
Email: [EMAIL PROTECTED]
Phone: +81 (0)42 319 5164

Re: Longest Uptime?

[Antoine Jacoutot]

On Tue, 28 Oct 2008, new_guy wrote:

 I know. Longest uptime is silly, macho, pointless stuff... but I ran across

What is your point? Dogs live way longer than that. Just put one in 
front of your hosting provider and you should be safe for about 15 
years.

Nice things about dogs is that they don't need rebooting.

-- 
Antoine

Re: Longest Uptime?

[William Boshuck]

On Tue, Oct 28, 2008 at 05:54:12PM -0700, new_guy wrote:
 I know. Longest uptime is silly, macho, pointless stuff... but I ran across
 an old SunOS 2.6 box that had been up for 387 days. It had been hacked. The
 only reason it was not an open mail relay is that /var was full. So, I
 thought to myself, I bet I could run an OpenBSD box for that amount of time
 or longer without getting hacked and without doing much to it. Just
 wondering what's the longest OpenBSD uptime some folks on misc have seen?

I think the final word on this was pronounced
(perhaps predictably) by Artur Grabowski.

http://marc.info/?l=openbsd-miscm=116792821815901w=2

See especially the link in the foregoing message:

http://www.blahonga.org/~art/diffs/epenis-enlargement.20060210

-wb

Re: Longest Uptime?

[Jason Crawford]

On Tue, Oct 28, 2008 at 8:54 PM, new_guy [EMAIL PROTECTED] wrote:
 I know. Longest uptime is silly, macho, pointless stuff... but I ran across
 an old SunOS 2.6 box that had been up for 387 days. It had been hacked. The
 only reason it was not an open mail relay is that /var was full. So, I
 thought to myself, I bet I could run an OpenBSD box for that amount of time
 or longer without getting hacked and without doing much to it. Just
 wondering what's the longest OpenBSD uptime some folks on misc have seen?

 Thanks
 --
 View this message in context: 
 http://www.nabble.com/Longest-Uptime--tp20219082p20219082.html
 Sent from the openbsd user - misc mailing list archive at Nabble.com.



Hmm, yeah sure I'll bite. The longest I've seen that I still have a
record of (screen shot of the uptime command) was a machine I
installed as a firewall for a very important mail server. Please note,
I was not in charge of maintaining it, otherwise it would not have
reached this uptime, but it was over two years. As far as I could tell
(I got onto the box once in a blue moon) it was not hacked, but seeing
as all it did was run pf, and only allowed ssh from 2 IP addresses
(both I controlled, and were firewalled themselves), that doesn't seem
extraordinary. I will type out the uptime/uname command as in the
picture:

$ uptime
10:54AM  up 745 days, 22:36, 0 users, load averages: 0.13, 0.09, 0.08
$ uname -a
OpenBSD bassfishing 3.1 GENERIC#0 i386
$

As far as uptimes I don't have records of, a friend of mine has worked
on old systems that weren't rebooted because they were afraid it would
not boot back up again. One of them pre-internet, I believe it did
some financial stuff. However, no proof there.

-- 
Jason

Re: change serial console to display

[J.C. Roberts]

On Tuesday 28 October 2008, ico wrote:
 I'm not sure, how could I modify /etc/ttys to replace existing
 console line with unknown off. Except maybe mounting disk
 elsewhere.

Since you're trying to disable your serial console setup, I'm guessing 
you have a keyboard and monitor attached now.

If you can boot to CD, then it's fairly easy. Just mount / manually from 
your hard disk {s,w}d0a and then you can edit /etc/ttys

-Jon

Re: aterm, rxvt -- memory usage

[Kevin Stam]

I would love to see rxvt-unicode in ports, personally. It'd be much
more convenient, for me at least. It's definitely my favoured
terminal.

On Tue, Oct 21, 2008 at 3:18 PM, Jesus Sanchez [EMAIL PROTECTED] wrote:
 Hi list!

 I thought it would be great to have rxvt-unicode on the ports tree, so I
 reopened this thread to see users interest about have rxvt-unicode on
 OpenBSD as official supported application.

 -Jesus


 fulvio ciriaco escribis:

 From: Arun G Nair [EMAIL PROTECTED]
 Subject: Re: aterm, rxvt -- memory usage
 Date: Tue, 22 Apr 2008 22:43:56 +0530



 On Mon, Apr 21, 2008 at 11:44 PM, Claer [EMAIL PROTECTED] wrote:


  I personnaly use unicode rxvt. It's a clone of rxvt that comes with
  unicode (oh surprising) and with client/server mode to reduce memory
  usage when you have serveral terms like I used to have.

  urxvt is also one of the rare terms out there with transparency and
  whitening the background and not darkening it.


 Hi, I where can I find urxvt for openbsd ? I can't seem to find it in
 ports. Am using 4.2.

 -Arun


 --
 ...Keep Smiling...



 Hi,
 I have a working port (in current) for rxvt-unicode.
 Find it enclosed in the form of a patch file.

 add
 urxvt*perl-ext-common:
 matcher,tabbed,selection-popup,option-popup,searchable-scrollbackM-s,readline
 to your .Xdefaults to make use of perl add-ons.
 These are tabs, regexp search in scrollback buffer, readline ...

 Fulvio
 diff -rNup rxvt-unicode/Makefile /usr/ports/x11/rxvt-unicode/Makefile
 --- rxvt-unicode/Makefile   Thu Jan  1 01:00:00 1970
 +++ /usr/ports/x11/rxvt-unicode/MakefileSun Feb 24 23:12:07 2008
 @@ -0,0 +1,38 @@
 +# $OpenBSD: Makefile,v 1.38 2008-02-22 fulvio$
 +
 +COMMENT=rxvt based terminal with perl plugin enhancements
 +
 +VER=   9.02
 +DISTNAME=  rxvt-unicode-${VER}
 +EXTRACT_SUFX=  .tar.bz2
 +
 +CATEGORIES=x11
 +MASTER_SITES=  http://dist.schmorp.de/rxvt-unicode/
 +
 +HOMEPAGE=  http://software.schmorp.de/pkg/rxvt-unicode.html
 +
 +MAINTAINER=TOBEASSIGNED
 +
 +# GPL
 +PERMIT_PACKAGE_CDROM=   Yes
 +PERMIT_PACKAGE_FTP= Yes
 +PERMIT_DISTFILES_CDROM= Yes
 +PERMIT_DISTFILES_FTP=   Yes
 +WANTLIB=   X11 Xpm c Xft fontconfig  +
 +USE_X11=   Yes
 +USE_LIBTOOL=   Yes
 +LIBTOOL_FLAGS= --tag=disable-shared
 +CONFIGURE_STYLE=   gnu
 +
 +CONFIGURE_ARGS=\
 +   --enable-perl \
 +   --enable-smart-resize \
 +   --enable-xft \
 +   --enable-font-styles \
 +  --enable-utmp \
 +   --enable-wtmp \
 +   --enable-transparency \
 +   --enable-rxvt-scroll
 +
 +.include bsd.port.mk
 diff -rNup rxvt-unicode/distinfo /usr/ports/x11/rxvt-unicode/distinfo
 --- rxvt-unicode/distinfo   Thu Jan  1 01:00:00 1970
 +++ /usr/ports/x11/rxvt-unicode/distinfoSun Feb 24 22:43:37 2008
 @@ -0,0 +1,4 @@
 +SHA1 (rxvt-unicode-9.02.tar.bz2) =
 f58a851ab4bf2da60a926a4885749302e73a92ed
 +MD5 (rxvt-unicode-9.02.tar.bz2) = f3c4fea3d544a340fa5a1d601ff5f204
 +SIZE (rxvt-unicode-9.02.tar.bz2) = 862299
 +SHA256 (rxvt-unicode-9.02.tar.bz2) =
 234b9a3e3f88c4984b1e909f8028638fc3b61d801d8afaa9cd08154b1a480a31
 diff -rNup rxvt-unicode/pkg/DESCR /usr/ports/x11/rxvt-unicode/pkg/DESCR
 --- rxvt-unicode/pkg/DESCR  Thu Jan  1 01:00:00 1970
 +++ /usr/ports/x11/rxvt-unicode/pkg/DESCR   Sun Feb 24 23:10:47 2008
 @@ -0,0 +1,27 @@
 +rxvt-unicode is a clone of the well known terminal emulator rxvt.
 +Its main features (many of them unique) over rxvt are:
 +
 +* Stores text in Unicode (either UCS-2 or UCS-4).
 +* Uses locale-correct input, output and width: as long as your system
 supports the locale, rxvt-unicode will display correctly.
 +* Daemon mode: one daemon can open multiple windows on multiple
 displays, which improves memory usage and startup time considerably.
 +* Embedded perl, for endless customization and improvement
 opportunities, such as:
 +  o Tabbed terminal support.
 +  o Regex-driven customisable selection that can properly select
 shell arguments, urls etc.
 +  o Selection-transformation and option popup menus.
 +  o Automatically transforming the selection once made.
 +  o Incremental scrollback buffer search.
 +  o Automatic URL-underlining and launching.
 +  o Remote pastebin, digital clock, block graphics to ascii
 filter and whatever you like to implement for yourself.
 +* Crash-free. At least I try, but rxvt-unicode certainly crashes much
 less often than rxvt and its many clones, and reproducible bugs get fixed
 immediately.
 +* Completely flicker-free.
 +* Re-wraps long lines instead of splitting or cutting them on
 resizes.
 +* Full combining character support (unlike xterm :).
 +* Multiple fonts supported at the same time: No need to choose
 between nice japanese and ugly latin, or no japanese and nice latin
 characters :).
 +* Supports Xft and core fonts in any combination.
 +* Can easily be 

Re: Longest Uptime?

[bofh]

On Tue, Oct 28, 2008 at 9:21 PM, Jason Crawford [EMAIL PROTECTED] wrote:
 As far as uptimes I don't have records of

I think Art's the final word, but one of the more impressive uptimes I
heard about was this vax system in .de or some such.  They kept the
uptime even across 2 cross-town moves!  This was quite a few moons
ago.


-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
This officer's men seem to follow him merely out of idle curiosity.
-- Sandhurst officer cadet evaluation.
Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted.  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0feature=related

Re: Capture serial port output to a file

[Nick Holland]

Marc Balmer wrote:
 * Bruce Bauer wrote:
 Problem:
 OpenBSD 4.2 on i386
 Serial port /dev/cua00 connected to the console port on a firewall.
 I need to catch all text output from the serial port to a file.
 The process doing this must survive a loss of network.
 The box is running headless.
 
 I could suggest you run cu in a screen session.  I have used
 
 cu ... | tee logfile
 
 in the past, but there are possibly more elegant solutions

Not sure it is more elegant, but I mention it just because I was
happy to find out about it: script(1).

It's in base.

Nick.

Re: Longest Uptime?

[J.C. Roberts]

On Tuesday 28 October 2008, new_guy wrote:
 I know. Longest uptime is silly, macho, pointless stuff... but I ran
 across an old SunOS 2.6 box that had been up for 387 days. It had
 been hacked. The only reason it was not an open mail relay is that
 /var was full. So, I thought to myself, I bet I could run an OpenBSD
 box for that amount of time or longer without getting hacked and
 without doing much to it. Just wondering what's the longest OpenBSD
 uptime some folks on misc have seen?

 Thanks

We all have embarrassing secrets regarding systems we've failed to 
properly maintain, but bragging about uptime is just like bragging 
about the ugliest people you've slept with.

Sure, you did it, but that doesn't make it a good idea.

(Jon glances lustfully at his ancient but seldom used laptop)

--
Jon

file encrypyion

[Paul M]

I'm looking for a way to encrypy backup files for secure storage.

Gpg is an obvious candidate, but I'm wondering if there's anything in 
base, perhaps a creative use of ssh or some other tool, though not 
something liable to break, obviously.


Any thoughts would be much appreciated.

paulm

Prevencion de Fraude

[Veronica Lara]

B!100% PrC!ctico!


CC3mo Optimizar el Control Interno para la PrevenciC3n de Fraudes

Monterrey - 05 de Noviembre\MC)xico, D.F. - 06 de Noviembre\
Guadalajara - 07 de Noviembre


Las tareas diarias de los negocios son tan dinC!micas,  que se requiere de un
excelente control interno que garantice un confiable manejo de todas las
operaciones de la empresa. Los fraudes en compras, ventas, cobranzas,
inventarios y otras C!reas vulnerables, son riesgos que se viven a diario,
situaciC3n por la cual debemos hacernos los siguientes cuestionamientos
B?Nuestro sistema de control interno es efectivo? B?Trabajamos para prevenir o
para detectar acciones fraudulentas? B?Conocemos las C!reas crC-ticas de
nuestra organizaciC3n que requieren controles estrictos?

El buen funcionamiento de una organizaciC3n, no sC3lo depende de un excelente
sistema de control interno, la auditorC-a periC3dica es una actividad bC!sica
para identificar fallas de control y para la detecciC3n de fraudes, sin
embargo B?Nuestro personal tiene la experiencia necesaria para desarrollar las
funciones de auditorC-a y para detectar y descubrir acciones fraudulentas?
B?CC3mo detectar y combatir situaciones sospechosas? B?DC3nde se originan
principalmente los fraudes? B?QuC) puede hacer al respecto?  Al participar en
este exclusivo curso conocerC!:

CC3mo diseC1ar un sistema adecuado para eliminar  desfalcos  en  su
organizaciC3n.
QuiC)nes los realizan y cC3mo se consuman los fraudes en ventas, compras,
almacenes e inventarios, tesorerC-a, cobranza y otras   C!reas  vulnerables
de  la  empresa.
CC3mo controlar las famosas bcajas chicasb y los bviC!ticosb que como
plaga invaden la empresa y son verdaderas coladeras de dinero que ofrecen
oportunidades para realizar gastos personales con dinero de la compaC1C-a.


-Solicite un folleto gratuito con la informaciC3n Completa de este seminario

Responda este correo con los siguientes datos:
Seminario: CC3mo Optimizar el Control Interno para la PrevenciC3n de Fraudes
Nombre:
Empresa:
Puesto:
Telefono:
Ciudad:

O llamenos al 01.800.250.10.20 (Lada sin costo)







.

Esta invitaciC3n fuC) enviada a: misc@openbsd.org
Si no desea e-mails futuros responda nofrau

Re: Longest Uptime?

[Chris Lawder]

... From a file I sent the output of uptime and date to a while back...

 bash-2.04$ cat .days
 2:08PM  up  days, 19:28, 2 users, load averages: 0.11, 0.12, 0.08
 Fri Mar 23 14:08:50 PDT 2007

Soon after that the UPS my box was connected to at the ISP died and had
to be replaced.

It's still a stock 2.8 GENERIC#399 i386 system that has seen many
attacks but not a break in. It's not a critical system, only my toy box.
While the big uptime was fun I now believe in doing my updates/upgrades
and rebooting a little more often.

C

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of J.C. Roberts
Sent: Tuesday, October 28, 2008 7:30 PM
To: new_guy
Cc: misc@openbsd.org
Subject: Re: Longest Uptime?

On Tuesday 28 October 2008, new_guy wrote:
 I know. Longest uptime is silly, macho, pointless stuff... but I ran
 across an old SunOS 2.6 box that had been up for 387 days. It had been

 hacked. The only reason it was not an open mail relay is that /var was

 full. So, I thought to myself, I bet I could run an OpenBSD box for
 that amount of time or longer without getting hacked and without doing

 much to it. Just wondering what's the longest OpenBSD uptime some
 folks on misc have seen?

 Thanks

We all have embarrassing secrets regarding systems we've failed to
properly maintain, but bragging about uptime is just like bragging about
the ugliest people you've slept with.

Sure, you did it, but that doesn't make it a good idea.

(Jon glances lustfully at his ancient but seldom used laptop)

--
Jon

Re: generate pgp

[Girish Venkatachalam]

On 13:44:46 Oct 28, Benjamin Adams wrote:
 I'm trying to generate pgp to use with email.  Anyone know a simple
 how to?  or can help me with commandline tool? thanks
 

I was in the same boat as you several months ago and after a lot of
dilly dallying I ended up enabling it in my favorite mail client
mutt(1).

Actually mutt makes life simple in many ways and PGP is no exception.

You have to learn to use a tiny proportion of the vast options that GNU
privacy guard offers you. It is typical GNU bloat-ware and has mile long
man pages.

Anyway please find an excerpt from my muttrc that could get you going
assuming that you know how to use mutt already...

There are several tiny HOWTOs on the Internet for solving your problem
if you google for 'mutt pgp'.

Hope this helps.

-Girish


# My PGP settings
# GnuPG commands
set pgp_decode_command=gpg %?p?--passphrase-fd 0? --no-verbose --batch 
--output - %f
set pgp_verify_command=gpg --no-verbose --batch --output - --verify %s %f
set pgp_decrypt_command=gpg --passphrase-fd 0 --no-verbose --batch --output - 
%f
#set pgp_sign_command=gpg --no-verbose --batch --output - --passphrase-fd 0 
--armor --detach-sign --textmode %?a?-u %a? %f
set pgp_sign_command=gpg --no-verbose --batch --output - --passphrase-fd 0 
--armor  --textmode --clearsign %?a?-u %a? %f
set pgp_clearsign_command=gpg --no-verbose --batch --output - --passphrase-fd 
0 --armor --textmode --clearsign %?a?-u %a? %f
set pgp_encrypt_only_command=/usr/local/bin/pgpewrap gpg -v --batch --output - 
--encrypt --encrypt-to 0x48e0da0a --textmode --armor --always-trust -- -r %r -- 
%f
set pgp_encrypt_sign_command=/usr/local/bin/pgpewrap gpg --passphrase-fd 0 -v 
--batch --output - --encrypt --encrypt-to 0x48e0da0a --sign %?a?-u %a? --armor 
--always-trust -- -r %r -- %f
set pgp_import_command=gpg --no-verbose --import -v %f
set pgp_export_command=gpg --no-verbose --export --armor %r
set pgp_verify_key_command=gpg --no-verbose --batch --fingerprint --check-sigs 
%r
set pgp_list_pubring_command=gpg --no-verbose --batch --with-colons 
--list-keys %r 
set pgp_list_secring_command=gpg --no-verbose --batch --with-colons 
--list-secret-keys %r 
set pgp_getkeys_command=
set pgp_sign_as=S
set pgp_autoinline
set pgp_replyinline
set crypt_autosign
set crypt_replysign
set crypt_verify_sig
set crypt_autosign

Re: file encrypyion

[J.C. Roberts]

On Tuesday 28 October 2008, Paul M wrote:
 I'm looking for a way to encrypy backup files for secure storage.

 Gpg is an obvious candidate, but I'm wondering if there's anything in
 base, perhaps a creative use of ssh or some other tool, though not
 something liable to break, obviously.

 Any thoughts would be much appreciated.

 paulm

Yep, everything you need is already in base. see the openssl(1) man page

Encrypting:
# openssl enc -des3 -e -in plaintext -out cyphertext

Decrypting:
# openssl enc -des3 -d -in cyphertext -out plaintext


--
Jon

Deploying carp with limited global IPs

[Rod Whitworth]

In preparing for a possible carp redundacy setup for a client's border
router/firewall I have found no information so far as to whether it is
possible to have carp working where the link to the ISP is a /30.

Every example I have found in presentations and tutorials has used 3
IPs on a typical dual firewall setup. So they assume (all fictional
addresses here) something like 4.3.2.1 is the upstream router, with .2
for the $ext_if in unit 1, .3 for $ext_if in unit 2 and .4 for the
carp0 in each.

With a common enough point-to-point /30 link where upstream is .1 and
the firewall is .2, what can we use in hostname.xx0 in each of the
firewalls? No more IPs are available from the ISP apart from a routed
subnet that is expecting to arrive via .2.

References to the documentation that did not surface in my searches
would be appreciated.

Thanks,
Rod/

(PS It is going to get worse: There will be two IPv4 links and a
combined IPv4/IPv6 link.)
*** NOTE *** Please DO NOT CC me. I am subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device

Re: file encrypyion

[Douglas A. Tutty]

On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote:
 I'm looking for a way to encrypy backup files for secure storage.
 
 Gpg is an obvious candidate, but I'm wondering if there's anything in 
 base, perhaps a creative use of ssh or some other tool, though not 
 something liable to break, obviously.
 
 Any thoughts would be much appreciated.
 

I use:

openssl aes-256-cbc -a -e -salt -in file -out file.aes

and to decrypt:

openssl aes-256-cbc -a -d -salt -in file.aes -out file

I'll be interested in what others use or comments on what I use.

Doug.

Re: file encrypyion

[Tomas Bodzar]

http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfigapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html

Paul M wrote:

I'm looking for a way to encrypy backup files for secure storage.

Gpg is an obvious candidate, but I'm wondering if there's anything in 
base, perhaps a creative use of ssh or some other tool, though not 
something liable to break, obviously.


Any thoughts would be much appreciated.

paulm

Re: file encrypyion

[John Jackson]

On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote:
 I'm looking for a way to encrypy backup files for secure storage.
 
 Gpg is an obvious candidate, but I'm wondering if there's anything in 
 base, perhaps a creative use of ssh or some other tool, though not 
 something liable to break, obviously.
 
 Any thoughts would be much appreciated.
 
 paulm
 

Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding
private key to decrypt.  Use this as a 'quick and dirty' example.  
Openssl can probably be substituted for gpg.

cd /  sudo tar cf - $(find . -maxdepth 1 !  -name './tmp' ! -name '.') 
2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd 
of=/space/obsd-kvm.`date +%`

Re: Deploying carp with limited global IPs

[Steven Surdock]

I've used the following for a while (naturally this assumes that the ISP
link is delivered via some shared medium and not a point-to-point link)

/etc/hostname.xxx0:
up description to ISP

/etc/hostname.carp0:
inet 192.168.1.2 255.255.255.252 192.168.1.3 vhid 1 carpdev xxx0

-Steve S.


 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
 Rod Whitworth
 Sent: Tuesday, October 28, 2008 11:49 PM
 To: Miscellaneous OBSD
 Subject: Deploying carp with limited global IPs

 In preparing for a possible carp redundacy setup for a client's border
 router/firewall I have found no information so far as to whether it is
 possible to have carp working where the link to the ISP is a /30.

 Every example I have found in presentations and tutorials has used 3
 IPs on a typical dual firewall setup. So they assume (all fictional
 addresses here) something like 4.3.2.1 is the upstream router, with .2
 for the $ext_if in unit 1, .3 for $ext_if in unit 2 and .4 for the
 carp0 in each.

 With a common enough point-to-point /30 link where upstream is .1 and
 the firewall is .2, what can we use in hostname.xx0 in each of the
 firewalls? No more IPs are available from the ISP apart from a routed
 subnet that is expecting to arrive via .2.

Re: file encrypyion

[Ted Unangst]

A backup scheme that increases the size of the backed up file isn't  
very efficient.


On Oct 28, 2008, at 9:02 PM, Tomas Bodzar [EMAIL PROTECTED] wrote:


http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfigapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html

Paul M wrote:

I'm looking for a way to encrypy backup files for secure storage.
Gpg is an obvious candidate, but I'm wondering if there's anything  
in base, perhaps a creative use of ssh or some other tool, though  
not something liable to break, obviously.

Any thoughts would be much appreciated.
paulm

Re: file encrypyion

[John Jackson]

On Tue, Oct 28, 2008 at 11:04:34PM -0500, John Jackson wrote:
 On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote:
  I'm looking for a way to encrypy backup files for secure storage.
  
  Gpg is an obvious candidate, but I'm wondering if there's anything in 
  base, perhaps a creative use of ssh or some other tool, though not 
  something liable to break, obviously.
  
  Any thoughts would be much appreciated.
  
  paulm
  
 
 Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding
 private key to decrypt.  Use this as a 'quick and dirty' example.  
 Openssl can probably be substituted for gpg.
 

Forgot the trailing double-quote below.

 cd /  sudo tar cf - $(find . -maxdepth 1 !  -name './tmp' ! -name '.') 
 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd 
 of=/space/obsd-kvm.`date +%`

Re: file encrypyion

[Girish Venkatachalam]

On 15:48:25 Oct 29, Paul M wrote:
 I'm looking for a way to encrypy backup files for secure storage.

 Gpg is an obvious candidate, but I'm wondering if there's anything in base, 
 perhaps a creative use of ssh or some other tool, though not something 
 liable to break, obviously.

 Any thoughts would be much appreciated.


In case you are not averse to entering passwords everytime you mount
then mount_vnd(8) works.

Just follow the instructions in the man page carefully.

Not at all hard to get it working.

Much cleaner than OpenSSL or GPG as the whole file system is encrypted.

-Girish

Re: file encrypyion

[Paul M]

On 29/10/2008, at 4:42 PM, J.C. Roberts wrote:


On Tuesday 28 October 2008, Paul M wrote:

I'm looking for a way to encrypy backup files for secure storage.

Gpg is an obvious candidate, but I'm wondering if there's anything in
base, perhaps a creative use of ssh or some other tool, though not
something liable to break, obviously.

Any thoughts would be much appreciated.

paulm


Yep, everything you need is already in base. see the openssl(1) man 
page


Encrypting:
# openssl enc -des3 -e -in plaintext -out cyphertext

Decrypting:
# openssl enc -des3 -d -in cyphertext -out plaintext




Thank you, this is exactly what I'm looking for.

I had a feeling in my bones there was something like this, but on this 
day neither google nor apropos were my friend (although if I had spelt 
crypt correctly, apropos would have - sorry for the noise). And I 
really didnt want to go the gpg path.


Once again, Thanks.


paulm

Re: file encrypyion

[John Jackson]

On Tue, Oct 28, 2008 at 11:04:34PM -0500, John Jackson wrote:
 On Wed, Oct 29, 2008 at 03:48:25PM +1300, Paul M wrote:
  I'm looking for a way to encrypy backup files for secure storage.
  
  Gpg is an obvious candidate, but I'm wondering if there's anything in 
  base, perhaps a creative use of ssh or some other tool, though not 
  something liable to break, obviously.
  
  Any thoughts would be much appreciated.
  
  paulm
  
 
 Assuming you have a public key for '[EMAIL PROTECTED]' and corresponding
 private key to decrypt.  Use this as a 'quick and dirty' example.  
 Openssl can probably be substituted for gpg.
 
 cd /  sudo tar cf - $(find . -maxdepth 1 !  -name './tmp' ! -name '.') 
 2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd 
 of=/space/obsd-kvm.`date +%`
 

Would be helpful to add a decent extension:

cd /  sudo tar cf - $(find . -maxdepth 1 !  -name './tmp' ! -name '.') 
2/dev/null | gpg -r [EMAIL PROTECTED] | ssh somehost dd 
of=/space/obsd-kvm.`date +%F`.tar

Looking for EeePC 701

[Marcus Glocker]

Hi Folks,

We want to add USB BULK support for UVC devices in our uvideo(4)
driver.  There are not that many UVC devices around which do
BULK transfers, but the advantage would be that BULK transfers are
working a bit more stable than our current ISOC implementation
and we could do some further testing.

One device which I know for sure that has a built-in BULK cabable
device is the EeePC 701.  If somebody would be willing to donate
such a device to me, please contact me off-list.

Thanks.

Regards,
Marcus

-- 
[ Marcus Glocker, [EMAIL PROTECTED], [EMAIL PROTECTED]   ]