Re: Generate CA Certificates key
If you are looking for some GUI to manage keys and certificates, then you should consider TinyCA . Its in the packages. To setup OpenVPN (including all that certificate stuff) this page might help: http://www.kernel-panic.it/openbsd/vpn/index.html Good luck Harri
Re: pkg_add adds an extra / to pkg_path
Hello, Checking on my own box (running 4.1), $PKG_PATH echoes ; ftp://ftp.stacken.kth.se/pub/OpenBSD/4.1/packages/i386/ # uname -a OpenBSD ## 4.1 GENERIC.MP#1225 i386 I have export PKG_PATH=ftp://ftp.stacken.kth.se/pub/OpenBSD/4.1/packages/i386/ Set in my .profile, and it works for me. From the error message you are getting, it seems it cannot find the host ftp.openbsd.org... Can you connect to it from a command line (i.e ftp ftp.openbsd.org)? Also, make sure that your uname -r corresponds with the version directory for the ftp path... Simon. On Tue Feb 3 8:51 , Siju George sent: Hi, I have this in my PKG_PATH variable $ echo $PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/ $ When I try to update a package it shows an error $ sudo pkg_add -ui firefox3 Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: ftp: connect: Connection refused ftp: Can't connect or login to host `ftp.openbsd.org' No packages available in the PKG_PATH Looking for updates: complete Cannot find updates for esound-0.2.38v0 glitz-0.5.6p0 firefox3-3.0.1p3 nspr-4.7.1p0 desktop-file-utils-0.15 libaudiofile-0.2.6p0 nss-3.12 hicolor-icon-theme-0.10p1 png-1.2.28 sqlite3-3.5.9p0 jpeg-6bp3 glib2-2.16.4p1 tiff-3.8.2p0 atk-1.22.0 libiconv-1.12 pango-1.20.0p0 cairo-1.6.4 gettext-0.17 pcre-7.7p0 gtk+2-2.12.11 Proceed? [y/N] y $ I noticed in the line Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: there are two forward slashes after the ftp.openbsd.org part. Is that what is causing the trouble? How do I solve this? Thanks --Siju - Fe din egen, gratis e-postadresse pe Start.no
Re: Generate CA Certificates key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, Edit openssl.conf to fit with your requirments then follow these steps: Create a CA: #openssl genrsa -des3 -out ca.key 1024 #openssl req -new -x509 -days 365 -key ca.key -out ca.crt Then you can create certs like this: #openssl genrsa -out user.key 1024 #openssl req -new -key user.key -out user.csr #openssl x509 -req -days 182 -in user.csr -CA ca.crt -CAkey ca.key - -CAcreateserial -out user.crt You can export to pkcs12 using: #openssl pkcs12 -export -inkey user.key -certfile ca.crt -in user.crt - -out user.p12 Check man openssl to know the meaning of each options. Good Luck. Alexandre Verriere. Harald Dunkel a icrit : If you are looking for some GUI to manage keys and certificates, then you should consider TinyCA . Its in the packages. To setup OpenVPN (including all that certificate stuff) this page might help: http://www.kernel-panic.it/openbsd/vpn/index.html Good luck Harri iQEcBAEBAgAGBQJJh/5cAAoJEFtprSOdqQjsk4oIALJ+SdY7x+xT1KHpWVCdkLR9 2lyCt9ovAyERf0fTCpZElSAiU8gxhqF0koXEZFo21/Qvex7hs9tjSlF1wR/by6jE Gd5uJbElhWeuu2kw6tA+Yi2niq32FXu/O+FISokUq4JUH4mmoFdvY8ZzYlTtE5yl LrpESuZ9OYby9sBtVbRjUgfTEmLOMnlTXG006VKv0ZroQX4WmZWJIN0AgJJmnJIU b2O390qyejn0DrQxqz6TpXGK+O1IPCsycs1D9iFJdYqFIz8wxsl+f5HuHTUuFFuY TFuIXyA9F+Zc2bAmlFrYeomRREeGrk4pgzORffgk9oY6BASCb4w2xgOqr4ATvuY= =i37R -END PGP SIGNATURE-
Re: pkg_add adds an extra / to pkg_path
On Tue, Feb 3, 2009 at 1:41 PM, Simen Stavdal sstav...@start.no wrote: From the error message you are getting, it seems it cannot find the host ftp.openbsd.org... Can you connect to it from a command line (i.e ftp ftp.openbsd.org)? No I was not able to. When I fixed that the update is working. Thankyou so much Simon :-)
Re: Problem with file command
On 2009-02-03, Daniel Bolgheroni m...@dbolgheroni.eng.br wrote: Hi, I have seem some problem with file command. Whatever file I use for input, I get this: looks like you upgraded from an earlier version, but missed some steps. http://www.openbsd.org/faq/upgrade44.html#sysmerge
Re: pkg_add adds an extra / to pkg_path
In gmane.os.openbsd.misc, Siju George wrote: I have this in my PKG_PATH variable $ echo $PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/ $ When I try to update a package it shows an error $ sudo pkg_add -ui firefox3 Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: ftp: connect: Connection refused ftp: Can't connect or login to host `ftp.openbsd.org' ... I noticed in the line Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: there are two forward slashes after the ftp.openbsd.org part. Is that what is causing the trouble? How do I solve this? This diff removes the extra / and hasn't broken anything yet in my testing (add/update with ftp and http): Index: PackageRepository.pm === RCS file: /data/cvsroot/open/anoncvs/cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v retrieving revision 1.62 diff -u -p -r1.62 PackageRepository.pm --- PackageRepository.pm2 Feb 2009 20:41:47 - 1.62 +++ PackageRepository.pm3 Feb 2009 10:54:24 - @@ -394,7 +394,7 @@ sub baseurl { my $self = shift; - return //$self-{host}/$self-{path}; + return //$self-{host}$self-{path}; } sub parse_url
A Benefiting Proposal.
I have a new email address!You can now email me at: nasserr3...@yahoo.com - Dear friend I am Mr. Nasser Hosaih a banker in Islamic Development Dank I contacted you now for a business deal of US$30,000.000, to transfer to your account the depositor of the fund died with his entire family during the Iraq war in 2004. The customer his entire family died, unfortunately, leaving nobody for the claim, I contacted you if we make this claim, we will share it 40%/60%. If you are interested reply back and call me on my private telephone number so that I will give you the full details on how the fund will be executed. (00226) 70 84 88 34 don't fail to call I am waiting for your reply Thanks, Mr: Nasser Hosaih
Re: Bug OpenBGPD, IPv6 peer gets cleared, never gets up again
* Stuart Henderson s...@spacehopper.org [2009-01-30 17:59]: On 2009-01-29, Arnoud Vermeer arnoud.verm...@ams-ix.net wrote: While looking in to the problem, we found out that OpenBGPD sends a empty UPDATE, on which quagga responds by terminating the process. ... While doing a tcpdump we found the following packets leading to a NOTIFICATION. As you can see, frame 19 is an empty UPDATE packet. Isn't that an end-of-RIB marker? yep. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Unicode names on msdosfs
Sorry, attachement was removed from previous message. If inline patch also will be damaged (probably by auto line brakes), contact me and I send you a copy personally. --- /usr/src/sys/msdosfs/direntry.h Thu Mar 14 09:27:09 2002 +++ direntry.h Mon Feb 2 17:29:04 2009 @@ -126,9 +126,12 @@ void dos2unixtime(u_int dd, u_int dt, u_int dh, struct timespec *tsp); int dos2unixfn(u_char dn[11], u_char *un, int lower); int unix2dosfn(u_char *un, u_char dn[12], int unlen, u_int gen); -int unix2winfn(u_char *un, int unlen, struct winentry *wep, int cnt, int chksum); -int winChkName(u_char *un, int unlen, struct winentry *wep, int chksum); -int win2unixfn(struct winentry *wep, struct dirent *dp, int chksum); +int unix2winfn(u_int16_t *un, int unlen, struct winentry *wep, int cnt, int chksum); +int winChkName(u_int16_t *un, int unlen, struct winentry *wep, int chksum); +int win2unixfn(struct winentry *wep, u_int16_t *utf16, int *utf16len, int chksum); u_int8_t winChksum(u_int8_t *name); int winSlotCnt(u_char *un, int unlen); +int utf16len(u_char *, int); +int utf8to16(u_char *, int, u_int16_t *); +int utf16to8(u_int16_t *, int, u_char *, int); #endif /* _KERNEL */ --- /usr/src/sys/msdosfs/msdosfs_conv.c Fri May 14 13:05:05 2004 +++ msdosfs_conv.c Tue Feb 3 12:58:29 2009 @@ -564,19 +564,21 @@ */ int unix2winfn(un, unlen, wep, cnt, chksum) - u_char *un; + u_int16_t *un; int unlen; struct winentry *wep; int cnt; int chksum; { u_int8_t *cp; + u_int16_t *up; + u_int16_t ch; int i; /* * Drop trailing blanks and dots */ - for (cp = un + unlen; *--cp == ' ' || *cp == '.'; unlen--); + for (up = un + unlen; *--up == ' ' || *up == '.'; unlen--); un += (cnt - 1) * WIN_CHARS; unlen -= (cnt - 1) * WIN_CHARS; @@ -597,20 +599,23 @@ for (cp = wep-wePart1, i = sizeof(wep-wePart1)/2; --i = 0;) { if (--unlen 0) goto done; - *cp++ = *un++; - *cp++ = 0; + ch = *un++; + *cp++ = ch 0xff; + *cp++ = ch 8; } for (cp = wep-wePart2, i = sizeof(wep-wePart2)/2; --i = 0;) { if (--unlen 0) goto done; - *cp++ = *un++; - *cp++ = 0; + ch = *un++; + *cp++ = ch 0xff; + *cp++ = ch 8; } for (cp = wep-wePart3, i = sizeof(wep-wePart3)/2; --i = 0;) { if (--unlen 0) goto done; - *cp++ = *un++; - *cp++ = 0; + ch = *un++; + *cp++ = ch 0xff; + *cp++ = ch 8; } if (!unlen) wep-weCnt |= WIN_LAST; @@ -629,12 +634,13 @@ */ int winChkName(un, unlen, wep, chksum) - u_char *un; + u_int16_t *un; int unlen; struct winentry *wep; int chksum; { u_int8_t *cp; + u_int16_t ch; int i; /* @@ -662,30 +668,39 @@ * Compare the name parts */ for (cp = wep-wePart1, i = sizeof(wep-wePart1)/2; --i = 0;) { + ch = *cp++; + ch |= *cp++ 8; if (--unlen 0) { - if (!*cp++ !*cp) + if (!ch) return chksum; return -1; } - if (u2l[*cp++] != u2l[*un++] || *cp++) + /* +* TODO ignore case on comparasion +*/ + if (ch != *un++) return -1; } for (cp = wep-wePart2, i = sizeof(wep-wePart2)/2; --i = 0;) { + ch = *cp++; + ch |= *cp++ 8; if (--unlen 0) { - if (!*cp++ !*cp) + if (!ch) return chksum; return -1; } - if (u2l[*cp++] != u2l[*un++] || *cp++) + if (ch != *un++) return -1; } for (cp = wep-wePart3, i = sizeof(wep-wePart3)/2; --i = 0;) { + ch = *cp++; + ch |= *cp++ 8; if (--unlen 0) { - if (!*cp++ !*cp) + if (!ch) return chksum; return -1; } - if (u2l[*cp++] != u2l[*un++] || *cp++) + if (ch != *un++) return -1; } return chksum; @@ -696,13 +711,15 @@ * Returns the checksum or -1 if impossible */ int -win2unixfn(wep, dp, chksum) +win2unixfn(wep, utf16, utf16len, chksum) struct winentry *wep; - struct dirent *dp; + u_int16_t *utf16; + int *utf16len; int chksum; { u_int8_t *cp; -
Re: pkg_add adds an extra / to pkg_path
On 2009-02-03, Stuart Henderson s...@spacehopper.org wrote: In gmane.os.openbsd.misc, Siju George wrote: I have this in my PKG_PATH variable $ echo $PKG_PATH ftp://ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/ $ When I try to update a package it shows an error $ sudo pkg_add -ui firefox3 Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: ftp: connect: Connection refused ftp: Can't connect or login to host `ftp.openbsd.org' ... I noticed in the line Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/: there are two forward slashes after the ftp.openbsd.org part. Is that what is causing the trouble? How do I solve this? This diff removes the extra / and hasn't broken anything yet in my testing (add/update with ftp and http): ftp, http, and scp. d Index: PackageRepository.pm === RCS file: /data/cvsroot/open/anoncvs/cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v retrieving revision 1.62 diff -u -p -r1.62 PackageRepository.pm --- PackageRepository.pm 2 Feb 2009 20:41:47 - 1.62 +++ PackageRepository.pm 3 Feb 2009 10:54:24 - @@ -394,7 +394,7 @@ sub baseurl { my $self = shift; - return //$self-{host}/$self-{path}; + return //$self-{host}$self-{path}; } sub parse_url
Re: Network card, usb or pcmcia
foulis wrote: Hi I'm looking to set up a home firewall and proxy server using an old laptop, I have no experience doing this, but I want to learn network security and about using BSD. Obviously I will need a second ethernet connection, but would OpenBSD 4.4 be more likely to support a USB ethernet adapter, or a PCMCIA ethernet card? I can't get hold of either to test so I need to buy a new one, which is why I want to check which will be most likely to work. you need a supported device, and you need to plug it into a supported interface. As you are saying, old laptop, I'm guessing USB1, which will be slower than a cardbus interface, but the likelihood of the USB port working is probably higher than the Cardbus interface (both are highly likely to work, but there are some PCMCIA and cardbus implementations which will give you headaches sometimes). On the other hand, for wired NICs, there is a lot more development taking place on USB network devices than there are for PCMCIA devices...so the possibility that you randomly pick up a USB device that the OpenBSD devs have never seen is much higher than it is for PCMCIA devices. If you get an incompatible device, it doesn't matter what your odds were...it doesn't work. If you can't test before you buy, your odds are far from perfect... If you are just starting out, I'd highly suggest you get an old desktop; you don't need to be fighting with hardware AND software at the same time. Once you know what you are doing, then migrate to your laptop, if you still wish to (be forewarned: the power savings of a laptop are usually assumed, not measured, and often smaller than people think.) Nick.
Re: Net benchmarking (was: Is it possible to increase wscale multiplier?)
* Brian Keefer ch...@smtps.net [2009-01-31 19:47]: On Jan 31, 2009, at 4:57 AM, Stuart Henderson wrote: On 2009-01-31, Brian Keefer ch...@smtps.net wrote: Great, thanks for the pointers! I'm trying to fiddle with iperf performance testing going to a Linux box. tcpbench works great on OpenBSD, but it seems iperf is the only thing readily available for Linux that is also on OpenBSD. I'm just trying to figure out how each variable influences the throughput. iperf performance on OpenBSD isn't all that great, it's not a good way to judge actual real-life performance. I've had problems with it on the Linux side as well. Are there any alternatives that would work on both OpenBSD and Linux (and for bonus points, OS X)? I bet tcpbench is easily ported to linux. just rip the pcb snooping out. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: pkg_add adds an extra / to pkg_path
On 2/3/09, Stuart Henderson s...@spacehopper.org wrote: This diff removes the extra / and hasn't broken anything yet in my testing (add/update with ftp and http): Hi, This Diff failed to apply. Hmm... Looks like a unified diff to me... The text leading up to this was: -- |Index: PackageRepository.pm |=== |RCS file: /data/cvsroot/open/anoncvs/cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v |retrieving revision 1.62 |diff -u -p -r1.62 PackageRepository.pm |--- PackageRepository.pm2 Feb 2009 20:41:47 - 1.62 |+++ PackageRepository.pm3 Feb 2009 10:54:24 - -- Patching file PackageRepository.pm using Plan A... Hunk #1 failed at 394. 1 out of 1 hunks failed--saving rejects to PackageRepository.pm.rej done # cat PackageRepository.pm.rej @@ -394,7 +394,7 @@ { my $self = shift; - return //$self-{host}/$self-{path}; + return //$self-{host}$self-{path}; } sub parse_url # What did I do Wrong? The command I Issued was # pwd /usr/src/usr.sbin/pkg_add/OpenBSD # patch PackageRepository.pm /var/software/patches/PackageRepository.pm Thanks Siju Index: PackageRepository.pm === RCS file: /data/cvsroot/open/anoncvs/cvs/src/usr.sbin/pkg_add/OpenBSD/PackageRepository.pm,v retrieving revision 1.62 diff -u -p -r1.62 PackageRepository.pm --- PackageRepository.pm2 Feb 2009 20:41:47 - 1.62 +++ PackageRepository.pm3 Feb 2009 10:54:24 - @@ -394,7 +394,7 @@ sub baseurl { my $self = shift; - return //$self-{host}/$self-{path}; + return //$self-{host}$self-{path}; } sub parse_url
SSMTP ?
Hi, is it possible to install SSMTP? In case SSMTP is not available, what is the simplest setup to send emails via PHP mail() to an external relay SMTP server? Thanks in advance. Matteo Marescotti -- SDF Public Access UNIX System http://freeshell.org
activate edge scrolling for touchpad under gnome
hi folks, after several useless attempts to get this running, i decided to ask for help. I am running 4.4 on my Lenovo T61 Laptop with X11 installed and gnome as desktop environment. Both are running fine, the only thing is I am missing the horizontal scrolling function of my touchpad, that scrolls your documents by just moving your finger along the right edge of your touchpad. I found some advisories for Linux saying: add the following lines to your Xorg.conf Section InputDevice Identifier Touchpad Option VertTwoFingerScroll 1 Option HorizTwoFingerScroll 1 EndSection As X11 runs in my case without an Xorg.conf file, I created one myself and added the lines shown above. Now X11 crashed and I am insecure if this is the right way of getting nearer to my goal. Has Somebody successfully used edge scrolling or is this impossible because of gnome? Thank you in advance Moritz
Re: fetch package dependencies
Hi! On Mon, Feb 02, 2009 at 08:00:21PM +0100, Marc Espie wrote: On Mon, Feb 02, 2009 at 02:02:59PM +0100, Hannah Schroeter wrote: On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and then pkg_add -n package_you_want. The required packages should end up in the PKG_CACHE directory. From there you should be able to transfer them over to the eeepc. If the soekris isn't current, you could try this in a chroot environment or a virtual machine (e.g. qemu) setup. Yep, that's the intent. PKG_CACHE + pkg_add -n will do it. There's perhaps one thing we've missed: If some dependency package is already installed (and current enough) on the source host, pkg_add -n will probably not refetch it, so it will end up missing in the PKG_CACHE, i.e. on the destination host. The playing with the signature trick will avoid that, probably. Or perhaps one would need another option to pkg_add (or a different, pkg_fetch or similar, frontend to the pkg_* toolchain) to fetch *all* dependency packages. Kind regards, Hannah.
Re: pkg_add adds an extra / to pkg_path
On Tue, 3 Feb 2009 19:28:36 +0530 Siju George sgeorge...@gmail.com wrote: What did I do Wrong? The command I Issued was # pwd /usr/src/usr.sbin/pkg_add/OpenBSD # patch PackageRepository.pm /var/software/patches/PackageRepository.pm # man diff # man patch # cd /usr/src/usr.sbin/pkg_add/OpenBSD # patch -p0 /var/software/patches/PackageRepository.pm ^if that is the file where you saved the diff ^-p0 won't work for every diff you might encounter
Remove X Window after 4.4/i386 Installation?
Recently installed 4.4 on an old Pentium box, with all(?) of the X file sets. Thinking now of trying to use it as a firewall, and I've read that I should not have X on a firewall. Is there an easy way to uninstall X, or should I just install from scratch again? I wouldn't lose that much, but I hate to take the brute force approach if there's a smarter way. Thanks in advance for helping a newbie! -Jack
Re: activate edge scrolling for touchpad under gnome
On Tue, Feb 03, 2009 at 05:38:14PM +0100, Moritz Herrmann wrote: hi folks, after several useless attempts to get this running, i decided to ask for help. I am running 4.4 on my Lenovo T61 Laptop with X11 installed and gnome as desktop environment. Both are running fine, the only thing is I am missing the horizontal scrolling function of my touchpad, that scrolls your documents by just moving your finger along the right edge of your touchpad. I found some advisories for Linux saying: add the following lines to your Xorg.conf If I recall correctly you'll need the synaptics touchpad driver, we openbsd currently doesn't support. It would not be too hard to get it working, but lack of interest prevails. -0- -- What is wanted is not the will to believe, but the will to find out, which is the exact opposite. -- Bertrand Russell, Skeptical_Essays, 1928
Network card, usb or pcmcia
Hi I'm looking to set up a home firewall and proxy server using an old laptop, I have no experience doing this, but I want to learn network security and about using BSD. Obviously I will need a second ethernet connection, but would OpenBSD 4.4 be more likely to support a USB ethernet adapter, or a PCMCIA ethernet card? I can't get hold of either to test so I need to buy a new one, which is why I want to check which will be most likely to work. Thanks Stuart -- View this message in context: http://www.nabble.com/Network-card%2C-usb-or-pcmcia-tp21807104p21807104.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Unicode names on msdosfs
There's no way to use UTF-8 as system locale in OpenBSD I don't need to work with national characters in console. I use UTF-8 locale in KDE. There are some problems with national characters in Konsole, but it does not matter. Other applications works fine without any tricks. I just want to read all files from removable devices. Filenames often contains national characters but OpenBSD msdosfs implementation can't see this files at all. This is the reason.
Re: Remove X Window after 4.4/i386 Installation?
Hi Jack, Jack Ort wrote on Tue, Feb 03, 2009 at 11:39:03AM -0600: Recently installed 4.4 on an old Pentium box, with all(?) of the X file sets. Thinking now of trying to use it as a firewall, and I've read that I should not have X on a firewall. Well, probably you should not *run* X on a firewall, but having the binaries and libraries around does no harm. Is there an easy way to uninstall X, or should I just install from scratch again? I wouldn't lose that much, but I hate to take the brute force approach if there's a smarter way. The smartest way is to just leave X in place, set machdep.allowaperture=0 in /etc/sysctl.conf (or re-add the comment marker # in front of that line in case you removed it), remove the line 'xdm_flags=' from /etc/rc.conf.local (or whatever you did to enable X) and reboot. Sometimes, the X libraries are needed by non-X programs from the ports tree, too, and at that point, you will be re-installing them. Perhaps you don't need many third- party software packages on a firewall, but who knows? Besides, if you are a newbie, chances are you break the system when trying to remove X. But even if you were experienced, there would be no point in removing X. Thanks in advance for helping a newbie! You are welcome, Ingo
Re: Remove X Window after 4.4/i386 Installation?
Ted Unangst wrote: There's no way to uninstall, though deleting /usr/X11R6 will get you 90% there. How about following? cd / tar -ztf /path/to/xbase44.tgz | xargs rm -- Cezary Morga If everything seems under control, you're not going fast enough (Mario Andretti)
Re: Net benchmarking
you could give netio a try. It compiles fine on openbsd and linux, maybe even on osx. http://www.ars.de/ars/ars.nsf/docs/netio Brian Keefer schrieb: On Jan 31, 2009, at 4:57 AM, Stuart Henderson wrote: On 2009-01-31, Brian Keefer ch...@smtps.net wrote: Great, thanks for the pointers! I'm trying to fiddle with iperf performance testing going to a Linux box. tcpbench works great on OpenBSD, but it seems iperf is the only thing readily available for Linux that is also on OpenBSD. I'm just trying to figure out how each variable influences the throughput. iperf performance on OpenBSD isn't all that great, it's not a good way to judge actual real-life performance. I've had problems with it on the Linux side as well. Are there any alternatives that would work on both OpenBSD and Linux (and for bonus points, OS X)? -- bk
Re: Remove X Window after 4.4/i386 Installation?
Cezary Morga wrote on Tue, Feb 03, 2009 at 07:31:59PM +0100: How about following? cd / tar -ztf /path/to/xbase44.tgz | xargs rm Look up http://marc.info/?l=openbsd-miscm=121190668200375w=2 (May 27, 2008) and read the whole thread, in particular the very useful postings by Stuart Henderson. People will come up with even worse suggestion than yours: For example, Travers Buda suggested adding -rf at the end. Ooops. Anyway, let's not restart that thread. If everything seems under control, you're not going fast enough (Mario Andretti) Yeah, that hits the mark. :)
Re: Remove X Window after 4.4/i386 Installation?
On Tue, Feb 3, 2009 at 1:31 PM, Cezary Morga c...@therek.net wrote: Ted Unangst wrote: There's no way to uninstall, though deleting /usr/X11R6 will get you 90% there. How about following? cd / tar -ztf /path/to/xbase44.tgz | xargs rm 1. that doesn't delete nearly 90% of X, unless you also do it for the font and serv and whatnot files. 2. it requires you have the base sets available, which is frequently a hassle. 3. by the time you correct for points 1 and 2, you're getting dangerously close to having a self destruct tool. 4. as a general personal rule, i don't feed people pipelines that delete files. see point 3.
AVAYA Wireless USB Client (Gold)
Feb 3 19:02:55 eee /bsd: ugen0 at uhub2 port 1 vendor 0x0d98 Avaya Wireless USB Adapter rev 1.10/0.00 addr 2 According to http://www.wifihowto.org/?mo=HowTo;Item=14 it should work with the wi driver, but wi doesn't attach, I only get the ugen0. PC24E-H-FC is printed on the sticker at the bottom, and it's most likely rebranded lucent or proxim. Is there a quick hack to attach a wi instance to it? Thanks again, Dorian
Re: Remove X Window after 4.4/i386 Installation?
Ted Unangst wrote: On Tue, Feb 3, 2009 at 1:31 PM, Cezary Morga c...@therek.net wrote: Ted Unangst wrote: There's no way to uninstall, though deleting /usr/X11R6 will get you 90% there. How about following? cd / tar -ztf /path/to/xbase44.tgz | xargs rm 1. that doesn't delete nearly 90% of X, unless you also do it for the font and serv and whatnot files. Of course this had to be done for each x* set. 2. it requires you have the base sets available, which is frequently a hassle. You're right. I guess I just got used to broadband that I didn't think about it. 3. by the time you correct for points 1 and 2, you're getting dangerously close to having a self destruct tool. As Ingo suggested, I won't continue this subject. 4. as a general personal rule, i don't feed people pipelines that delete files. see point 3. I wasn't feeding anything, just asking the list. -- Cezary Morga Middle age is when you've met so many people that every new person you meet reminds you of someone else. (Ogden Nash)
Re: fetch package dependencies
On Tue, Feb 03, 2009 at 05:57:39PM +0100, Hannah Schroeter wrote: Hi! On Mon, Feb 02, 2009 at 08:00:21PM +0100, Marc Espie wrote: On Mon, Feb 02, 2009 at 02:02:59PM +0100, Hannah Schroeter wrote: On Sun, Feb 01, 2009 at 02:01:03PM +0100, Dorian B|ttner wrote: is there an easy way to fetch a package along with it's recursive dependencies? Scenario is: eee904ha does not have network access at all right now. In order to proceed installing useful things, let's say firefox, I'd like to suck packages onto a usb stick and installl from there. I thought I could go to the soekris box, which unfortunately isn't that -current, and do something like pkg_add -n mozilla -firefox, but the output is totally garbled with libc mismatches and things like that. Any idea? I'd think using a net connected box, setting PKG_CACHE and PKG_PATH and then pkg_add -n package_you_want. The required packages should end up in the PKG_CACHE directory. From there you should be able to transfer them over to the eeepc. If the soekris isn't current, you could try this in a chroot environment or a virtual machine (e.g. qemu) setup. Yep, that's the intent. PKG_CACHE + pkg_add -n will do it. There's perhaps one thing we've missed: If some dependency package is already installed (and current enough) on the source host, pkg_add -n will probably not refetch it, so it will end up missing in the PKG_CACHE, i.e. on the destination host. The playing with the signature trick will avoid that, probably. Or perhaps one would need another option to pkg_add (or a different, pkg_fetch or similar, frontend to the pkg_* toolchain) to fetch *all* dependency packages. Nope, you can easily tell pkg_add to look elsewhere for installed packages, first starting with a pseudo-virgin install: use PKG_DBDIR. The simple use case is the one where you install one box on the net, then want to duplicate: you simply set PKG_CACHE before the install, and then... it works. With -current, you can also use pkg_create after the installation to recreate all the binary packages from the installed files (older pkg_add did not keep DEINSTALL scripts, this is no longer an issue at all). Something like for i in /var/db/pkg/*/+CONTENTS do pkg_create -f $i done should recreate all your installed packages.
Can't ping top-level public IP subnets
Hi guys, This is certainly a weird problem. But I'm sure I won't need to attach a pf.conf file to solve this. First of all, is it possible to ping google.com, but not other nets even with the right DNS servers? For example, suppose the public IP you've been given to setup up your openbsd firewall is 184.159.29.23 (whatever) and you can ping google. You have NAT setup on the firewall for your localnet (192.168.1.0/24). So from inside the network, you can virtually use the internet without a hitch except for accessing machines under the subnet 184.159.xxx.xxx. Is pf doing something to block these IPs even if they're not in your NATed local net 192.168.1.0/24, which would all have public IP 184.159.29.23. How come I can't ping and let alone use services located at 184.159.xxx.xxx and vice versa? If I'm at a computer located somewhere else with the for example, public IP 184.159.35.35, I can't access 184.159.29.23, my subnet. I have to use a online web proxy to get to my subnet and vice versa. I'm not really sure how pf works this out. If pf is the culprit, I'll attach a pf.conf next time when I can actually my subnet (I'm at one of the other computers). I pulled all these public IPs out of thin air, just so that you know. Help appreciated, Vivek
Re: Can't ping top-level public IP subnets
Sounds like a netmask is wrong on some machine in the subnet, probably your openbsd box or the router. -- Jussi Peltola
Re: Can't ping top-level public IP subnets
what should it be? 255.255.255.0? or something else? Or should that depend on the top-level subnet? Thanks for the quick reply, Vivek On Tue, Feb 3, 2009 at 3:33 PM, Jussi Peltola pe...@pelzi.net wrote: Sounds like a netmask is wrong on some machine in the subnet, probably your openbsd box or the router. -- Jussi Peltola
Re: Can't ping top-level public IP subnets
It depends on the size of the subnet; /24 = 255.255.255.0 is common but not necessarily correct for your network. On Tue, Feb 03, 2009 at 03:43:02PM -0800, Vivek Ayer wrote: what should it be? 255.255.255.0? or something else? Or should that depend on the top-level subnet? Thanks for the quick reply, Vivek On Tue, Feb 3, 2009 at 3:33 PM, Jussi Peltola pe...@pelzi.net wrote: Sounds like a netmask is wrong on some machine in the subnet, probably your openbsd box or the router. -- Jussi Peltola
Disabling device node mtime updates
Is there any way to disable mtime updates for devices? Is there a reason not to? I'd rather not play with /dev on mfs, it's one more thing to screw up during upgrades. The rest of OpenBSD doesn't write to a CF enough to worry me; /dev/log seems to get hit quite a lot even when syslogging to a remote machine. -- Jussi Peltola
Re: Can't ping top-level public IP subnets
I believe I just figured it out. I read this article: http://en.wikipedia.org/wiki/IPv4_subnetting_reference Since I'm in control of a public IP, I'm supposed to set the netmask for the ext_if on my openbsd router to 255.255.0.0 not 255.255.255.0. Would that solve the mysterious ping problem? I really didn't know what netmask were until now. Thanks, Vivek On Tue, Feb 3, 2009 at 3:43 PM, Vivek Ayer vivek.a...@gmail.com wrote: what should it be? 255.255.255.0? or something else? Or should that depend on the top-level subnet? Thanks for the quick reply, Vivek On Tue, Feb 3, 2009 at 3:33 PM, Jussi Peltola pe...@pelzi.net wrote: Sounds like a netmask is wrong on some machine in the subnet, probably your openbsd box or the router. -- Jussi Peltola
PHP5 GD2
Can someone point me in the right direction to determine what packages are required for 'GD2' support, php5, OBSD 4.3? The SilverStripe CMS is asking for 'GD2', but they don't provide enough information to isolate the required packages. TIA, Lee
flock(1) utility proposal.
I've noticed that openbsd currently does not have an flock(1) utility, it's basically a wrapper around flock(2) used to get file locks in shell, it calls flock(2) in a file, forks and executes a command passes to by command line and wait(2) for it. I'm willing to implement one, what do you guys think ? Could it be usefull ? -- Christiano Farina Haesbaert
snmpd GET and GETNEXT against scalar OIDs
I made the following bug report on 2009-01-08, but didn't get a PR number back. Did I botch this report, or does the bugs@ address require hands-on that this report simply hasn't gotten yet? Thanks for the clarification. -HKS On Thu, Jan 8, 2009 at 3:52 PM, (private) HKS hks.priv...@gmail.com wrote: snmpd on OpenBSD 4.4 Stable, i386 architecture. This bug was found by the OpenNMS team [1]. They've invited you to contact them for more details if I'm unable to provide enough info. The snmpget and snmpgetnext commands used in examples below are from the Net SNMP 5.4.2.1 package on FreeBSD 7. Essentially, snmpd seems to regard OIDs without an instance identifier as equivalent to OIDs with an instance identifier of 0. SNMP GET requests against a scalar OID with no instance identifier results in the agent apparently interpolating the .0 instance identifier: # snmpget -On -v1 -c public openbsd-host .1.3.6.1.2.1.1.2 .1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.30155.23.1 The expected behavior (RFC 1157, 4.1.2, rule 1) is a noSuchName error since .1.3.6.1.2.1.1.2 has no exact match. In a similar vein, GETNEXT requests against a single-instance scalar OID without an instance identifier return the next OID as if the .0 identifier were originally requested. An example of OpenBSD's behavior: # snmpgetnext -On -v1 -c public openbsd-host .1.3.6.1.2.1.1.1 .1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.30155.23.1 # snmpgetnext -On -v1 -c public openbsd-host .1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.30155.23.1 Lexically, however, .1.3.6.1.2.1.1.1 is followed by .1.3.6.1.2.1.1.1.0 - not .1.3.6.1.2.1.1.2.0. So the first request should have returned .1.3.6.1.2.1.1.1.0. The second was correct. An example of Net SNMP's lexically correct response: # snmpgetnext -On -v1 -c public netsnmp-host .1.3.6.1.2.1.1.1 .1.3.6.1.2.1.1.1.0 = STRING: FreeBSD netsnmp-host 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 r...@logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 # snmpgetnext -On -v1 -c public netsnmp-host .1.3.6.1.2.1.1.1.0 .1.3.6.1.2.1.1.2.0 = OID: .1.3.6.1.4.1.8072.3.2.8 I hope that's clear. Please let me know if I can provide any further information. -HKS [1] - http://bugzilla.opennms.org/show_bug.cgi?id=2962 dmesg follows: -- OpenBSD 4.4-stable (GENERIC) #0: Wed Nov 19 12:00:19 EST 2008 r...@localhost:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(R) CPU 5110 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,TM2,CX16,xTPR real mem = 2142142464 (2042MB) avail mem = 2062938112 (1967MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/05/08, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.5 @ 0x7fb9c000 (66 entries) bios0: vendor Dell Inc. version 2.2.6 date 02/05/2008 bios0: Dell Inc. PowerEdge 2950 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (PEX2) acpiprt2 at acpi0: bus 5 (UPST) acpiprt3 at acpi0: bus 6 (DWN1) acpiprt4 at acpi0: bus 8 (DWN2) acpiprt5 at acpi0: bus 1 (PEX3) acpiprt6 at acpi0: bus 0 (PE2P) acpiprt7 at acpi0: bus 10 (PEX4) acpiprt8 at acpi0: bus 12 (PEX6) acpiprt9 at acpi0: bus 2 (SBEX) acpiprt10 at acpi0: bus 14 (COMP) acpicpu0 at acpi0: C3 bios0: ROM list: 0xc/0x9000! 0xc9000/0x1000 0xca000/0x1e00 0xcc000/0x5e00 0xec000/0x4000! ipmi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 5000X Host rev 0x12 ppb0 at pci0 dev 2 function 0 Intel 5000 PCIE rev 0x12 pci1 at ppb0 bus 4 ppb1 at pci1 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci2 at ppb1 bus 5 ppb2 at pci2 dev 0 function 0 Intel 6321ESB PCIE rev 0x01 pci3 at ppb2 bus 6 ppb3 at pci3 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci4 at ppb3 bus 7 bnx0 at pci4 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 5 ppb4 at pci2 dev 1 function 0 Intel 6321ESB PCIE rev 0x01: irq 5 pci5 at ppb4 bus 8 ppb5 at pci1 dev 0 function 3 Intel 6321ESB PCIE-PCIX rev 0x01 pci6 at ppb5 bus 9 ppb6 at pci0 dev 3 function 0 Intel 5000 PCIE rev 0x12 pci7 at ppb6 bus 1 mfi0 at pci7 dev 0 function 0 Symbios Logic SAS1078 rev 0x04: irq 5, Dell PERC 6/i integrated mfi0: logical drives 1, version 6.0.1-0080, 256MB RAM scsibus0 at mfi0: 1 targets, initiator 64 sd0 at scsibus0 targ 0 lun 0: DELL, PERC 6/i, 1.11 SCSI3 0/direct fixed sd0: 2859520MB, 44942 cyl, 511 head, 255 sec, 512 bytes/sec, 5856296960 sec total ppb7 at pci0 dev 4 function 0 Intel 5000 PCIE x8 rev 0x12 pci8 at ppb7 bus 10 ppb8 at pci0 dev 5 function 0 Intel 5000 PCIE rev 0x12 pci9 at ppb8 bus 11 ppb9 at pci0 dev 6
Re: Backup strategies
Etienne Robillard robillard.etienne () gmail ! com wrote i kinda like cpio for fast backup of filesystems... for large media files (think anime movies) -- I think its generally best to just burn them on a iso.. I have found rsync to an external usb hard disk to work very nicely; these are now cheap and readily available up to over a terabyte. Here are a few notes from my experience using this strategy for the past several years: * With rsync, the initial backup does a full copy, but then future backups automatically only copy changed files. * I found that performance went from painfully slow to ok when I switched my external disks from ext2fs to ffs mounted softdep,noatime. * I have had no problems with single files as big as 5 GB. * For extra disaster-insurance I actually use a pair of external disks, one at home and one at my office. I swap them every week or so. * Backups can be a security risk, since anyone who steals the backup medium has instant access to all the files stored there. This is a great use for encrypting filesystems, eg svnd, raidctl, or cfs (ports). * Backups need to be hassle-free and as tired-system-administrator--proof as possible, so it's good to script the process. I use scripts like the following: #!/bin/sh set -x rsync -aHESvv --delete \ --exclude '/home/jonathan/crypt/*' \ --exclude '/mnt/oxygen/home/jonathan/crypt/*' \ /home/jonathan/ /mnt/oxygen/home/jonathan/ This works fine except that the --exclude options are not honored (files under those directories are still copied). I don't know what's wrong there... -- -- Jonathan Thornburg [remove -animal to reply] jth...@astro.indiana-zebra.edu Dept of Astronomy, Indiana University, Bloomington, Indiana, USA Washing one's hands of the conflict between the powerful and the powerless means to side with the powerful, not to be neutral. -- quote by Freire / poster by Oxfam
Re: getting random icmp host unreachable messages from firewall
Hi folks, somebody else is experiencing this same problem? On Sat, Jan 31, 2009 at 5:21 PM, sas2000 scia...@gmail.com wrote: Hi, I confirm this bug. I've experienced the same icmp errors with three different firewalls using 4.4 and nat. If I add the static-port option to the nat rule then no icmp errors are experienced, so it's something to do with the nat port relocation. Bye S. Imre Oolberg-3 wrote: Hallo again! When i access internet from behind nat'ting OpenBSD 4.4-current i386 platform firewall (20090121 snapshot, under Xen HVM quest if this test then qualifies) i get randomly icmp host unreachable messages. At the same time network traffic is low and this test firewall is not under any mentionable load. For example about five to ten icmp error messages appear from firewall to wget client when issuing 300 wgets i a raw, like this $ for i in `seq 1 300`; do wget http://172.16.0.12/README?count=$i; -O - 1dhs.$i.log; done # tcpdump -nttti ne3 icmp tcpdump: listening on ne3, link-type EN10MB Jan 25 15:21:04.986368 192.168.10.210 192.168.10.10: icmp: host x.x.x.x unreachable Jan 25 15:21:06.444112 192.168.10.210 192.168.10.10: icmp: host x.x.x.x unreachable ... And insterting one second delay between wgets reduces icmp errors a lot. I belive it has something to do with a firewall's natting because with plain routing it seems to work all right. I would be very greateful if somebody could comment on this. -- View this message in context: http://www.nabble.com/getting-random-icmp-host-unreachable-messages-from-firewall-tp21651701p21765424.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Apache Port Config
Is there a way to have a virtual host listen on a port to which the main server does not, .. e.g. Main Server Port 81 Port 443 /Main Server VirtualHost IP Port 80 /VirtualHost Even with the port directive in the VirtualHost stanza, it still listens on Port 81 and not Port 80. TIA,
Re: Can't ping top-level public IP subnets
On Tue, Feb 3, 2009 at 3:56 PM, Vivek Ayer vivek.a...@gmail.com wrote: Since I'm in control of a public IP, I'm supposed to set the netmask for the ext_if on my openbsd router to 255.255.0.0 not 255.255.255.0. Would that solve the mysterious ping problem? Actually a not-mysterious routing problem. The entity that assigned you the IP address would have also provided you with an IP, a netmask and a gateway IP, possibly DNS servers as well. You would have to check with them (commonly one of network admin, DHCP server, or ISP). -- Jon
Re: Backup strategies
On Wed, Feb 4, 2009 at 2:59 AM, Jonathan Thornburg jth...@astro.indiana.edu wrote: Etienne Robillard robillard.etienne () gmail ! com wrote i kinda like cpio for fast backup of filesystems... for large media files (think anime movies) -- I think its generally best to just burn them on a iso.. I have found rsync to an external usb hard disk to work very nicely; these are now cheap and readily available up to over a terabyte. Here are a few notes from my experience using this strategy for the past several years: * With rsync, the initial backup does a full copy, but then future backups automatically only copy changed files. * I found that performance went from painfully slow to ok when I switched my external disks from ext2fs to ffs mounted softdep,noatime. * I have had no problems with single files as big as 5 GB. * For extra disaster-insurance I actually use a pair of external disks, one at home and one at my office. I swap them every week or so. thanks. this gives me some pointers to implement a better backup strategy. i also use a similar setup, except that i don't have multiple disks (no backup for the backup). * Backups can be a security risk, since anyone who steals the backup medium has instant access to all the files stored there. This is a great use for encrypting filesystems, eg svnd, raidctl, or cfs (ports). * Backups need to be hassle-free and as tired-system-administrator--proof as possible, so it's good to script the process. I use scripts like the following: #!/bin/sh set -x rsync -aHESvv --delete \ --exclude '/home/jonathan/crypt/*' \ --exclude '/mnt/oxygen/home/jonathan/crypt/*' \ /home/jonathan/ /mnt/oxygen/home/jonathan/ This works fine except that the --exclude options are not honored (files under those directories are still copied). I don't know what's wrong there... [...] how about using double-quotes instead? for eg., --exclude /home/jonathan/crypt/*. your shell might be preventing rsync from looking what's inside the quotes... -amarendra
Re: PHP5 GD2
L. V. Lammert wrote: Can someone point me in the right direction to determine what packages are required for 'GD2' support, php5, OBSD 4.3? The SilverStripe CMS is asking for 'GD2', but they don't provide enough information to isolate the required packages. TIA, Lee From what I remember, the gd package has some prereq libs that live in xbase, so you will want to make sure it is part of your install. After that, pkg_add gd should take care of it, assuming you have set a package path.
Re: Is it possible to increase wscale multiplier?
How high is too high? I have a utility that sets recv buf size to 100,000,000 and it works fine on FreeBSD and NetBSD. (Not tested yet on OpenBSD.) Necessary when the other end has buggy network code and insufficient send buf. Could you clarify what you mean by that? Black box sends data to BSD box using TCP. Data is generated in real time, the rate cannot be changed. Black box has a very small (way too small) send buffer. If the BSD box takes too long to ack, the black box's send buffer fills up and data is lost, and/or black box's buggy firmware screws up and data is lost. So I have to do everything I can to ensure that incoming packets do not get dropped, and that the acks get sent out as fast as possible. Making the TCP recv buffer very large allows the incoming packets to get stored and acked, even if the userland process reading the data doesn't get to run often enough. Even so, there is still the problem that other device drivers can and do lock out the Ethernet driver for too long. Still working on that problem. What we really need is true real time facilities. It is a latency problem, not a throughput problem. If the black box were FLOSS instead of evil closed source it should be possible to fix the buggy network code. A) huge recv buffer does not solve your ACK problem. B) recv buffer is only affected by either the global net.inet.tcp.recvspace or the setsockopt SO_RCVBUF. C) the socketbuffers are limmited to 256kB D) Instead of playing with knobs that don't realy do what you think they will do you should make your userland app read faster. It is a workaround. The way to *solve* the problem is with a true real time system. Grepping through a few log files, the userland program read 44,751,896 bytes with a single syscall. The default recv buf size of 65536 doesn't get the job done for this application. It doesn't matter how fast the userland program is if it doesn't get run often enough. I have no way to guarantee how often a userland program is run. I have to estimate, add a safety factor, and size the buffers accordingly. As far as I can tell the only remaining problem is when other device drivers lock out the Ethernet driver for too long. Nothing I do to the userland program will change that. I have to figure out what driver(s) it is, and then figure out how to fix it. At this point, problems are very rare.
Re: http version of spamd, anyone?
anybody? I'm excluding the projects some of you might think of (Labrea, and haproxy) for the reasons that none of them fit the requirements that I have listed below... -jf On Tue, Feb 3, 2009 at 1:47 PM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: Is the project (or anybody) planning to work on something like spamd for http? Or does anybody know of any projects which do this already? I am looking for something to be (as per spamd) put in front of an actual server. A bunch of possible features i would be looking at: - blacklisting (should ideally allow for dynamic reloads without killing any existing valid connections) - tarpitting for open connections (no http request sent) beyond a certain timeout - tarpitting for invalid http requests - greytrapping (let's say u have only specific url patterns which are valid. Anything else, tarpit) thanks, -jf -- In the meantime, here is your PSA: It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228
ssh VisualHostKey
I've recently enabled VisualHostKey yes in my .ssh/config file. I would like to hear from people who are using it and how they are finding it useful. Thanks.
Re: ssh VisualHostKey
Chris atst...@gmail.com writes: I've recently enabled VisualHostKey yes in my .ssh/config file. I would like to hear from people who are using it and how they are finding it useful. Not much to say, really. The assumption that the ASCII-art picture gives you a fairly unique shape per host that stands out more than a change in a string of hex digits seems to be correct at least in my case. One practical example - if you're used to seeing Host key fingerprint is 67:88:39:bd:7f:3c:df:a5:47:87:de:bd:9b:5e:7b:55 and one morning when you've had way too little coffee you may not notice anything different if the machine greets you with Host key fingerprint is 4b:b3:3e:54:54:ae:f0:0f:8d:28:10:d2:db:53:77:3f but you likely would notice the difference between +--[ RSA 1024]+ | | | | | | | + . E| | + S o..| | . +. +| |. . . o*| | . + .oX| | .. o+B=| +-+ and +--[ RSA 1024]+ | ... ..| | ... . o..| |.o ..o ... | |..o +.+ E | | ..S.= . . | | o.+ o | | .o .| | ..| |.. | +-+ (both actual samples from machines in my care) so yes, I think it's a helpful feature. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ssh VisualHostKey
On Wed, 4 Feb 2009, Chris wrote: I've recently enabled VisualHostKey yes in my .ssh/config file. I would like to hear from people who are using it and how they are finding it useful. the undead orc hits, you die.