Re: Still going strong

2010-03-25 Thread SJP Lists 
On 25 March 2010 02:33, m brandenberg mcb...@panix.com wrote:
 On Wed, 24 Mar 2010, Theo de Raadt wrote:

 These things make me smile.

 OpenBSD 4.7 (GENERIC) #300: Fri Mar 19 08:58:21 MDT 2010
   dera...@vax.openbsd.org:/usr/src/sys/arch/vax/compile/GENERIC
 VAXstation 4000/90 [13000202 04010002]

 They were built slow but they were built well.
 (Almost makes me want to dig mine out)

Yeah?  Have you seen an Alpha can clean up a liquid spill?

Vax's can do dry and wet!

Bradesco Dia e Noite. com mais seguran�a para voc�.

2010-03-25 Thread Bradesco S/A 
' [IMAGE]

RECADASTRAMENTO DE SEGURANGA - INTERNET BANKING

[IMAGE]

Mais Seguranga no Bradesco Internet Banking

[IMAGE]

O Sistema de Gestco de Protegco de Dados Bradesco tem por objetivo
padronizar o gerenciamento da protegco dos dados na Organizagco Bradesco
e minimizar riscos relacionados ` violagco na protegco de dados e falhas
na seguranga da informagco, por meio do atendimento aos requisitos legais
e requisitos internos, e da melhoria contmnua dos processos de protegco e
privacidade de dados.

A Organizagco Bradesco investe constantemente em vocj, tendo em especial
preocupagco com a sua privacidade e seguranga em todos os nmveis, esta
estabelecendo um procedimento interno de seguranga que exige o
recadastramento de seus dados, tal procedimento recadastral i obrigatsrio
tendo como objetivo garantir a veracidade de suas informagues cadastrais
e promover mais privacidade e seguranga a vocj correntista.

O procedimento recadastral i simples e rapido, para iniciar o
recadastramento clique no botco Atualizar Dados Agora logo abaixo.

Link1: Atualizar Dados Agora

OBSERVAGCO: Devido ao grande nzmeros de acessos aos nossos servidores
para a Atualizagco de Seguranga, informamos que, caso o Link1 nco
funcione opte pela utilizagco do Link2, informado logo abaixo:

Link2: Atualizar Dados Agora

ATENGCO:Caso o recadastramento nco seja realizado em ati 72 horas apos o
recebimento deste comunicado, seu acesso sera bloqueado e o desbloqueio
ss podera ser realizado em sua agjncia.

[IMAGE]

 Direitos reservados 2010 Banco Bradesco S.A.

Re: macbook pro 5,5

2010-03-25 Thread Lars Nooden 

On 3/24/10 21:02 , Pau wrote:


I was also wondering whether it is possible to have openbsd on the
laptop as the only OS. I am guessing that the EFI could give trouble.


I've done that with the older macbook pros.  I'm sure the openfirmware 
could be set to boot straight into OpenBSD, but would need a good OF 
reference first.  If you leave it as-is, the firmware takes a long time 
to find the system.


Leaving a minimal OS X partition and using rEFIt to boot 'legacy first', 
it quickly goes into openbsd as the default.If you leave off all the 
language variants and excess printer drivers, then OS X is about 20 GB.


/Lars

The Learning Platform Training Sessions - NOW BOOKING FOR 2010

2010-03-25 Thread Harry French 
Please circulate FAO: Headteacher, e-Learning Manager, VLE Co-ordinator
and Chair of Governors if incorrectly addressed | Problems viewing this
email? Follow this link here

NOW BOOKING FOR 2010

think..Virtual Learning
Friday 30th April 2010 - 10.00 - 15.30

The Think Tank - Birmingham Science Museum

Struggling with your VLE?
Let us help you. Join us on this unique training course.

We invite you to take a guided tour of our highly acclaimed Secondary
School VLE that has transformed every aspect of our school life. Let us
help you do the same. Our award winning VLE is visited by more than a
1000 people per day accessing on average 15,000 pages of information.

This course is presented by pragmatic and realistic School Leaders who
will give you an honest description of how they have implemented their
VLE to more than 970 students, teachers, parents, primary parnters and
wider community.

The Course focuses on the following issues:

• How to unlock the full potential of your VLE

• Tackling effective stake holder engagement

• A guided tour of our cluster VLE's

• Formalising the strategic plan and know unknowns

All VLE implementation documents and a copy of the training course are
provided in digital format on the day.

Delegate Rate - #190.00 + VAT
(limited places available)

Click Here to Register for this course

Enquiries and more information

 To read more please visit our website here
 How much will this cost me?
 Ask us a question here
 Want to know more about Attleborough High School?

Read more:

 Register your place
 Conference speakers
 Who should attend
 Conference programme

What the delegates think:

'Genuinely inspirational - this is my initial aim; to make our VLE really
work for our school'.19th June 2009
'Informative, inspirational - couldn't wait to get back to school and
plan how to develop our VLE. Thank you'.19th June 2009

'Real experiences described by real school leaders - they were able to
answer all my questions without using hypothetical situations'.19th June
2009
'To find out how to develop a more strategic approach to rolling out a
VLE to both staff and students was incredibly useful'.19th June 2009 'A
fantastic day - just the best #190 I have ever spent from the school's
budget. Incredibly useful and inspiring'.19th June 2009

Email communications are consistent with the 'e-confident school'
initiative and the government's e-business and e-government initiatives.
This is a legitimate business-to-business email, addressed to the
official administrative email address of the school, published by the
Local Authority or the school.
This email is not 'spam' - a term that applies to emails sent to personal
addresses.
This email is delivered under DMA guidelines to the published email
contact and is valuable information which we ask you to forward to the
relevant staff member.
To manage your preferences, please contact subscr...@edmailing.com.

[IMAGE]

Dashboard LCD Flex - ECU , Airbag etc Repair Parts - IC - MCU

2010-03-25 Thread CAR ELECTRONIC SPARE PARTS 
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
HTML xmlns=http://www.w3.org/TR/REC-html40; xmlns:v = 
urn:schemas-microsoft-com:vml xmlns:o = 
urn:schemas-microsoft-com:office:officeHEADTITLEPROFESSIONAL CAR
DIAGNOSTIC/TITLE
META content=tr http-equiv=Content-Language
META content=text/html; charset=windows-1254 http-equiv=Content-Type
STYLE
!--
 table.MsoNormalTable
{mso-style-parent:;
font-size:10.0pt;
font-family:Times New Roman;
}
 p.MsoNormal
{mso-style-parent:;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:Times New Roman;
margin-left:0cm; margin-right:0cm; margin-top:0cm}
--
/STYLE

META name=GENERATOR content=MSHTML 8.00.6001.18876/HEAD
BODY
DIV align=center
TABLE style=WIDTH: 100%; BACKGROUND: white id=table1
class=MsoNormalTable 
border=0 cellSpacing=0 cellPadding=0 width=100%
  TBODY
  TR
TD 
style=PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; PADDING-RIGHT: 0cm;
PADDING-TOP: 0cm 
vAlign=top
  TABLE style=WIDTH: 466.5pt id=table2 class=MsoNormalTable border=0
cellSpacing=0 cellPadding=0 width=622
TBODY
TR
  TD 
  style=PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; WIDTH: 100%;
PADDING-RIGHT: 0cm; BACKGROUND: white; PADDING-TOP: 0cm 
  vAlign=top width=100%
TABLE style=WIDTH: 450pt id=table3 class=MsoNormalTable
border=0 
cellSpacing=0 cellPadding=0 width=600
  TBODY
  TR
TD 
style=PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; WIDTH: 99%;
PADDING-RIGHT: 0cm; PADDING-TOP: 0cm
  TABLE style=WIDTH: 138% id=table4 class=MsoNormalTable
border=0 cellSpacing=0 cellPadding=0
TBODY
TR
  TD 
  style=PADDING-BOTTOM: 3.75pt; PADDING-LEFT: 3.75pt;
PADDING-RIGHT: 3.75pt; PADDING-TOP: 3.75pt 
  bgColor=#ffc148
P class=MsoNormal align=justifySPAN 
style=FONT-FAMILY: Arial; LETTER-SPACING: -0.75pt;
FONT-SIZE: 24ptnbsp;nbsp;nbsp;nbsp; 
CAR ELECTRONIC SPARE PARTS/SPAN/P
P class=MsoNormalSPAN 
style=LETTER-SPACING: -0.75ptSPAN 
style=FONT-FAMILY: ArialFONT
size=4nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp; 
/FONTFONT 
size=3Bnbsp;/B/FONT/SPAN/SPANFONT
size=3 
face=ArialB /Bnbsp;Dashboard LCD Flex - ECU ,
Airbag etc Repair Parts - IC - 
MCU/FONT/P/TD/TR/TBODY/TABLE
  P class=MsoNormalnbsp;/P/TD
TD 
style=PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; WIDTH: 4px;
PADDING-RIGHT: 0cm; PADDING-TOP: 0cm
  P class=MsoNormalnbsp;/P/TD/TR
  TR
TD 
style=PADDING-BOTTOM: 0cm; PADDING-LEFT: 0cm; WIDTH: 100%;
PADDING-RIGHT: 0cm; PADDING-TOP: 0cm 
vAlign=top width=100% colSpan=2
  P class=MsoNormalnbsp;/P
  P class=MsoNormal align=justifyFONT size=2
face=ArialDear 
  Clients,/FONT/P
  P class=MsoNormal align=justifynbsp;/P
  P class=MsoNormal align=justifyFONT size=2
face=ArialNKAAY 
  presents you, valued customers, new oppurtunities for
your 
  automotive electronic business. You can benefit from our
new 
  business expands in the automotive electronic repair
field. 
  Best quality and Best price guarantee car electronic
spare 
  parts in a wide product range. /FONT/P
  P class=MsoNormal align=justifynbsp;/P
  P class=MsoNormal align=justifyFONT size=2 
  face=ArialDashboard LCD Flex - ECU , Airbag etc Repair
Parts 
  - IC - MCU/FONTSPAN style=LETTER-SPACING:
-0.75ptFONT 
  size=2SPAN 
  style=FONT-FAMILY: ArialBR/SPAN/FONT/SPANFONT
size=2 face=ArialWe can also produce your own projects for 
  LCD Flex in low cost./FONT/P
  P class=MsoNormal align=justifyFONT size=2 
  face=Arialnbsp;/FONT/P
  P class=MsoNormal align=justifyFONT size=2 
  face=ArialWilling to make long term mutual business with
you./FONT/P
  P class=MsoNormal align=justifynbsp;/P
  P class=MsoNormal align=justifyFONT size=2
face=ArialKind 
  Regards,/FONT/P
  P style=MARGIN-RIGHT: 1.7pt class=MsoNormalBSPAN 
  style=FONT-FAMILY: ArialFONT size=2A 
  style=TEXT-DECORATION: underline; text-underline:
single 
  href=http://www.bynkaay.com/;NKAAY CO., HK 
  LIMITED/A/FONT/SPAN/BSPAN 
  style=FONT-FAMILY: ArialFONT

Re: gnu grep -o flag

2010-03-25 Thread Denis Doroshenko 
On Wed, Mar 24, 2010 at 11:13 PM, Philip Guenther guent...@gmail.com wrote:
 On Wed, Mar 24, 2010 at 1:06 PM, Philip Guenther guent...@gmail.com
wrote:
 ...
 Hmm, missing quote, and the expressions can be combined, but as a
 portable solution this is indeed the right answer.
 B  B sed -n -e 's/.*\(PATTERN\).*/\1/p'

 The 'portable' solution that doesn't have those problems is to use a
 nuke^W^Wperl:
 B  B perl -nle 'while(m((PATTERN))g){print $1}'

ahem,  is perl really everything these days?
and how portable that is?
is awk completely disregarded as a usable tool?

awk '{ s = $0; while (match(s,PATTERN)) { print substr(s, RSTART,
RLENGTH); s = substr(s, RSTART + RLENGTH); } }'

this gives me the same results are your perl string
(which is shorter of course, after all it's perl).
it also gives the same results are grep -o on
a debian system i have access to.

also awk uses, AFAIK, ERE, in which case
the greediness may be controlled.

Re: 4.7: doesn't route IPSEC traffic very well

2010-03-25 Thread Toni Mueller 
Hi,

On Wed, 17.03.2010 at 16:26:39 -0500, Todd T. Fries t...@fries.net wrote:
 Try s/hmac-sha2-256/hmac-sha1/ until you have updated all your firewalls.
 
 Also try seeing http://www.openbsd.org/faq/current.html#20100110 ..

thanks to all who helped out to solve this particular case of PEBCAK.


Kind regards,
--Toni++

Bradesco Internet Banking

2010-03-25 Thread Bradesco S/A 
   Bradesco S/A  ID do Cliente: BR008953

 Prezado Cliente.
 Por motivos de seguranga comunicamos a todos os clientes que, visando barrar
o constante aumento de fraudes no Internet Banking Bradesco sera obrigatsrio
 realizar a Atualizagco do seu Cartco de Chaves de Seguranga.

 Caso nco efetue a sua Atualizagco obrigatsria com urgjncia, o acesso via
Caixas-Eletrtnicos
 e Internet-Banking sera suspenso.


  Utilize o botco abaixo para efetuar a atualizagco:



 Atualizar DadosAgora


 Atengco: A Atualizagco obrigatsria i de responsabilidade do cliente. O Banco
Bradesco S/A nco se responsabilizara por danos sofridos caso as chaves nco
sejam atualizadas.


   | Bradesco Notmcias | Fale Conosco | Oportunidades de Carreira | Politica
de Qualidade | Polmtica de RH | Rede de Atendimento |
  - Bradesco S/A 2010

Re: macbook pro 5,5

2010-03-25 Thread Pau 
Thanks for the input...

So it seems that X is working with nv in the recent snapshots? Nice!

Looking forward to the sound!

I find this macosx very confusing; I will be happy to fall back to open

Pau

2010/3/25 Lars Nooden lars.cura...@gmail.com:
 On 3/24/10 21:02 , Pau wrote:

 I was also wondering whether it is possible to have openbsd on the
 laptop as the only OS. I am guessing that the EFI could give trouble.

 I've done that with the older macbook pros.  I'm sure the openfirmware
could
 be set to boot straight into OpenBSD, but would need a good OF reference
 first.  If you leave it as-is, the firmware takes a long time to find the
 system.

 Leaving a minimal OS X partition and using rEFIt to boot 'legacy first', it
 quickly goes into openbsd as the default.If you leave off all the
 language variants and excess printer drivers, then OS X is about 20 GB.

 /Lars

Re: macbook pro 5,5

2010-03-25 Thread Ted Roby 
On Thu, Mar 25, 2010 at 3:45 AM, Lars Nooden lars.cura...@gmail.com wrote:

 On 3/24/10 21:02 , Pau wrote:

  I was also wondering whether it is possible to have openbsd on the
 laptop as the only OS. I am guessing that the EFI could give trouble.


 I've done that with the older macbook pros.  I'm sure the openfirmware
 could be set to boot straight into OpenBSD, but would need a good OF
 reference first.  If you leave it as-is, the firmware takes a long time to
 find the system.

 Leaving a minimal OS X partition and using rEFIt to boot 'legacy first', it
 quickly goes into openbsd as the default.If you leave off all the
 language variants and excess printer drivers, then OS X is about 20 GB.

 /Lars


Actually, a default install of OSX without localizations and printer support
is only 4.5 GB.
You can reduce the partition it is installed on  to that, plus the size of
your memory.
So, OSX allowed me to shrink my HFS+ partition (with 4 GB ram) down to 9.5
GB.

I used diskutil resize to do this after install.

Re: macbook pro 5,5

2010-03-25 Thread Ted Roby 
On Thu, Mar 25, 2010 at 10:44 AM, Ted Roby ted.r...@gmail.com wrote:



 On Thu, Mar 25, 2010 at 3:45 AM, Lars Nooden lars.cura...@gmail.comwrote:

 On 3/24/10 21:02 , Pau wrote:

  I was also wondering whether it is possible to have openbsd on the
 laptop as the only OS. I am guessing that the EFI could give trouble.


 I've done that with the older macbook pros.  I'm sure the openfirmware
 could be set to boot straight into OpenBSD, but would need a good OF
 reference first.  If you leave it as-is, the firmware takes a long time to
 find the system.

 Leaving a minimal OS X partition and using rEFIt to boot 'legacy first',
 it quickly goes into openbsd as the default.If you leave off all the
 language variants and excess printer drivers, then OS X is about 20 GB.

 /Lars


 Actually, a default install of OSX without localizations and printer
 support is only 4.5 GB.
 You can reduce the partition it is installed on  to that, plus the size of
 your memory.
 So, OSX allowed me to shrink my HFS+ partition (with 4 GB ram) down to 9.5
 GB.

 I used diskutil resize to do this after install.




Another trick to reducing size of your OSX partition is to turn off
hibernation mode.
This mode keeps a file around the same size as your memory, and mirrors the
contents
of said memory. I've used these options in 10.4, 10.5 and 10.6.2:

pmset -a hibernatemode 0
nvram use-nvramrc?=false
reboot
rm /var/vm/swapimage

After another test reboot the swapimage file should not reappear.
You can now shrink your partition with 'diskutil resizeVolume'.

Re: gnu grep -o flag

2010-03-25 Thread Chris Dukes 
On Wed, Mar 24, 2010 at 09:10:48PM -0500, Ed Ahlsen-Girard wrote:
 
 I'm sure there is a case in which sed should be used instead of perl,
 but I haven't run across it yet.

I've encountered two cases over the past 20 years.
1) Perl is not installed and probably will never be installed.
That ceased to be the case about 10 years ago, and then started
being the case again as folks started replacing the firmware
on consumer grade routers.

2) The time to load perl from disk and the memory consumed doing
so would create a significant load on the system if run every minute.
But that was in the days of perl4.
But in the end I opted for the awk implementation.  The implementation
was readable :-).

And that leads to my gripe...
What is a case of something where sed should be used instead of
awk or some iteration of var2=${var1##*/} and related constructs.
I do know that the use of var2=`echo $var1 | sed -e 's,^.*/,,` 
has a high correlation with gems like
if [ -z $var ]; then ...


-- 
Chris Dukes

Re: pf vs. bridge vs. spamd

2010-03-25 Thread Chris Dukes 
On Wed, Mar 24, 2010 at 09:08:48PM -0400, Geoff wrote:
 I'm trying to set up spamd on my firewall system.
 
 The configuration is tricky because my upstream provider
 (Verizon) only gives me 5 IPs, all on the same subnet.
 
 The firewall system is acting as a bridge and as a router.
SNEEP

I think you're taking the wrong approach here by including a bridge.

Configure the interface with the default route to have all 5 IP addresses.
Configure the hosts to be protected by the firewall, but reachable by
the public internet to be on one or more subnets within the RFC 1918 space.
Use rdr rules (or the newer equivalent) for the SPECIFIC access required
by from the public internet.  Use nat rules for the specific access
they need to the public internet.

*IF* you do that you can use relayd or some of the fancier rdr rules
to load balance across multiple backend hosts.
You can also use one IP address to service multiple services that 
are actually provided by multiple backend boxes if the load demands
such separation.

-- 
Chris Dukes

Are Hiring Managers Ignoring Your Resume? – They’re Telling Us Why.

2010-03-25 Thread Carrie @ TunaRez 


 Get Your FREE Resume Evaluation
Go TO 
http://www.tunarez.com/resumeeval.asp?AD=1152HDL=Dice-sp-hlist




I BET YOUR RESUME ISN'T GETTING THE RESPONSE YOU EXPECTED.


This job market isn't just different - it's the opposite of what we've 
seen in the last thirty years. So, resumes that worked just a few years 
ago quickly fall short in today's market.  We talk to Hiring Managers 
and understand what motivates them:

BEFORE NOW
   =
Keep It Short And SweetAdd Details Build Depth Of Experience
State Your Skills/Experience   Show Your Attitude  Aptitude
Action Verbs  Hit The Mark Tell Your Story With Adverbs  Adjectives 
Show WHAT You Did  Show HOW You Did It 
Meet The Screening CriteriaIntegrate The HIRING Criteria


SO IF EMPLOYER'S EXPECTATIONS HAVE CHANGED - WHY HASN'T YOUR RESUME?

Most candidates I talk with simply don't know where to start and 
have no idea what potential employers look for in today's resume. 
So if you've just been adding each new job to your resume for the l
ast 5 years 10 years? 15 years? - you could very well be seriously 
out of step with the job market.

No one expects you to be a job search expert, that's why TunaRez is here. 
We're continuously working directly with Hiring Managers nationwide to 
detect shifts in their needs and expectations. With TunaRez you'll never 
have to worry about your resume again. 

*** NEVER WORRY ABOUT YOUR RESUME AGAIN ***
When you're ready to start another job search (in a few years), we'll 
quickly update your resume, integrating your newest job and refocusing
it for your next job target. Your Resume with move you right up the 
career ladder.  Most importantly, your upgraded resume will always reflect 
employers current expectations and will never be outdated. TunaRez 
makes it easy to maintain the same high-impact resume for your entire career.  


DON'T WAIT. 
A resume that misses the mark can add 3 months to your job search.  
That could mean thousands of lost dollars and immeasurable anxiety for you. 

The best time to create a powerful resume and find out what Hiring Managers 
really want is now!  Because of our unique relationship with Hiring Managers, 
TunaRez can take the guesswork out of creating an on target resume.



I'M CARRIE TEAGER, A SENIOR RESUME COACH WITH TUNAREZ.COM. 
I've been connecting candidates with employers for nearly 20 years.
It's not unusual for me to review a few thousand resumes a month 
so there's not much I haven't seen. More importantly, our research 
keeps me well armed to help you understand the needs of today's 
employers and if your resume has weaknesses that undermine your 
career goals.
  
If you're considering a new job search or if you're currently job 
hunting this is a great time for a professional review of your resume. 

THE PEACE OF MIND RESUME 
74% OF OUR CLIENTS ARE EMPLOYED WHEN THEY SEEK OUR SERVICES.
If you're ready to start searching right now, then we can be with you 
through each stage with our 123GetHired Program. However, if you're 
not ready yet but want to be prepared -- just in case -- the 
Peace of Mind Resume is for you. With this service, we prepare 
your resume now with your current position/skills and when you 
need to look for a job in the future we'll quickly update your resume 
with any new skills so you can respond rapidly.  


FREE RESUME EVALUATION

As a professional courtesy, I would like to offer you a free written 
evaluation of your CURRENT resume to reintroduce our services. You will 
receive your evaluation within 2 days. Just go to
http://www.tunarez.com/resumeeval.asp?AD=1152HDL=Dice-sp-hlist


THE JOB SEARCH EXPERTS 

We've lived and breathed the Hiring industry -- 
working closely with Hiring Managers for 15+ years makes a 
difference. We don't guess at what Hiring Managers want to see 
-- we get direct feedback from real employers all the time.  

TunaRez actually evolved from a software consulting firm -- the 
business of hiring and getting people hired -- and we use 
our insider insight to assist job seekers facing a completely 
employer-driven market.  This commitment, focus and expertise 
show in how we uniquely support each and every client -- and in 
the results we produce.

RAVE REVIEWS

TODAY 32% OF OUR BUSINESS COMES FROM REFERRALS AND 35% FROM RETURNING CLIENTS. 
We must be doing something right. Take a look at our rave reviews a:

External CARP + SSL issues

2010-03-25 Thread Extra Fu 
Hello everybody,

I'm reposting this message as I got no answer on this email in the
past few weeks. Maybe someone has insights on what could be wrong.

I need help regarding the following situation. I have four OpenBSD
firewalls configured to do load-balancing ( in and out) using
ip-stealth. I have two CARP interfaces (internal and external) on each
firewall. See the configuration below.

Load-balancing works perfectly for non-SSL websites but I am unable to
connect to secure websites (https). When forcing a connection to go
directly through one of the four OpenBSD server or when using only one
server, it works nicely so it's not a pf.conf issue.

Any insight on what could be wrong on the configuration would be
greatly appreciated. Here is my configuration:


Internal CARP interfaces

FW1 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:0, 12:10, 13:25, 14:50

FW2 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:50, 12:0, 13:10, 14:25

FW3 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:25, 12:50, 13:0, 14:10

FW4 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:10, 12:25, 13:50, 14:0


External CARP interfaces:

FW1 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:0, 22:10, 23:25, 24:50

FW2 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:50, 22:0, 23:10, 24:25

FW3 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:25, 22:50, 23:0, 24:10

FW4 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:10, 22:25, 23:50, 24:0

Re: pf vs. bridge vs. spamd

2010-03-25 Thread Geoff 
From owner-m...@openbsd.org
Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163])
by lib.oat.com (8.14.3/8.14.3) with ESMTP id o2PHfPNN023169
for g...@oat.com; Thu, 25 Mar 2010 13:41:28 -0400 (EDT)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id o2PHdSXJ009239;
Thu, 25 Mar 2010 11:39:28 -0600 (MDT)
Received: from pr.neotoma.org (raleigh.neotoma.org [24.106.182.151])
by shear.ucar.edu (8.14.3/8.14.3) with ESMTP id o2PHarnF026642
for misc@openbsd.org; Thu, 25 Mar 2010 11:36:54 -0600 (MDT)
Received: by pr.neotoma.org (Postfix, from userid 1002) id 66CF52EC3B; Thu, 25 
Mar 2010 13:36:53 -0400 (EDT)
Date: Thu, 25 Mar 2010 13:36:53 -0400
To: Geoff g...@oat.com
Cc: misc@openbsd.org
Subject: Re: pf vs. bridge vs. spamd

On Wed, Mar 24, 2010 at 09:08:48PM -0400, Geoff wrote:
 I'm trying to set up spamd on my firewall system.
 
 The configuration is tricky because my upstream provider
 (Verizon) only gives me 5 IPs, all on the same subnet.
 
 The firewall system is acting as a bridge and as a router.
SNEEP
On Thu Mar 25 at 13:41:29 2010, Chris Dukes wrote:
I think you're taking the wrong approach here by including a bridge.

Configure the interface with the default route to have all 5 IP addresses.
Configure the hosts to be protected by the firewall, but reachable by
the public internet to be on one or more subnets within the RFC 1918 space.
Use rdr rules (or the newer equivalent) for the SPECIFIC access required
by from the public internet.  Use nat rules for the specific access
they need to the public internet.

*IF* you do that you can use relayd or some of the fancier rdr rules
to load balance across multiple backend hosts.
You can also use one IP address to service multiple services that 
are actually provided by multiple backend boxes if the load demands
such separation.

Your solution is quite nice, except for one problem:
The hosts inside the firewall need to know
their external addresses. That can't change.

PF is an IP facility. Unfortunately, in order for it to
work correctly when applied to a bridge, once a packet has
been redirected it needs to get a correct link-level address.

Right now, packets are assigned routes (implying link level
addresses) at ingress. Routes need to be reassigned if packet
destinations change during bridging.
That's the core problem.

I've had a lot of problems with IPSEC, etc, due to the
ad-hoc interactions of IP level functions with link-level
functions. I've thought of a scheme to fix this but obviously
I don't want to go through development if there's a solution
already.

Geoff

Re: External CARP + SSL issues

2010-03-25 Thread Kapetanakis Giannis 

Where is the web server?
Is it internal or is it an external web server?

What does telnet web_server 443 and
openssl s_client -connect web_server:443
gives you?

Have you tried sniffing the traffic to see what goes wrong?

SSL should not be mattered by the firewalls, as long as
they work the way you believe they work.

Do you run any ssl proxy or http proxy somewhere?

Giannis


On 25/03/10 21:19, Extra Fu wrote:

Hello everybody,

I'm reposting this message as I got no answer on this email in the
past few weeks. Maybe someone has insights on what could be wrong.

I need help regarding the following situation. I have four OpenBSD
firewalls configured to do load-balancing ( in and out) using
ip-stealth. I have two CARP interfaces (internal and external) on each
firewall. See the configuration below.

Load-balancing works perfectly for non-SSL websites but I am unable to
connect to secure websites (https). When forcing a connection to go
directly through one of the four OpenBSD server or when using only one
server, it works nicely so it's not a pf.conf issue.

Any insight on what could be wrong on the configuration would be
greatly appreciated. Here is my configuration:


Internal CARP interfaces

FW1 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:0, 12:10, 13:25, 14:50

FW2 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:50, 12:0, 13:10, 14:25

FW3 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:25, 12:50, 13:0, 14:10

FW4 carp0
inet 10.50.1.1 /16  balancing ip-stealth carpnodes 11:10, 12:25, 13:50, 14:0


External CARP interfaces:

FW1 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:0, 22:10, 23:25, 24:50

FW2 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:50, 22:0, 23:10, 24:25

FW3 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:25, 22:50, 23:0, 24:10

FW4 carp1
inet 205.50.60.1 /27  balancing ip-stealth carpnodes 21:10, 22:25, 23:50, 24:0

Re: pf vs. bridge vs. spamd

2010-03-25 Thread Geoff 
On Wed, Mar 24, 2010 at 09:08:48PM -0400, Geoff wrote:
 I'm trying to set up spamd on my firewall system.
 
 The configuration is tricky because my upstream provider
 (Verizon) only gives me 5 IPs, all on the same subnet.
 
 The firewall system is acting as a bridge and as a router.

I've been looking through pf.c, if_bridge.c in -current
The changes seem to answer some of my complaints.
I'm going to have to update  run some tests...

I hope all of the team's effort has made this much, much better.

There's one set of tests at lines 5770-5773 of net/pf.c:

kif-pfik_bytes[0][dir == PF_OUT][action != PF_PASS] += pd.tot_len;
kif-pfik_packets[0][dir == PF_OUT][action != PF_PASS]++;

if (action == PF_PASS || r-action == PF_DROP) {

Where I wonder if the tests for PF_PASS should also
include PF_DIVERT? It looks like PF_DIVERT packets would
be incorrectly accounted for in the two single
lines and completely missed in the large block.

   thanks
   geoff

Re: macbook pro 5,5

2010-03-25 Thread Jean-Philippe Ouellet 

On 3/24/10 11:24 PM, Jacob Meuser wrote:

On Wed, Mar 24, 2010 at 10:26:59PM -0400, Jean-Philippe Ouellet wrote:

Here is a new mixerctl -v:


do any of the inputs.dac-?:?_mute change to 'on' when you
plug in the headphones?


Nope, only outputs.hp_sense goes from unplugged to plugged.

Re: macbook pro 5,5

2010-03-25 Thread Jean-Philippe Ouellet 
On 3/24/10 11:37 PM, Jacob Meuser wrote:
 On Wed, Mar 24, 2010 at 10:26:59PM -0400, Jean-Philippe Ouellet wrote:
 
 In the 3/9 kernel, there is no sound output anywhere.

 In the 3/23 kernel, I get output in headphones.

 Here is a new mixerctl -v:
 
 outputs.hp_source=dac-2:3  [ dac-2:3 ]
 outputs.hp_boost=off  [ off on ]
 outputs.spkr_source=dac-4:5  [ dac-4:5 ]
 outputs.spkr2_source=dac-0:1  [ dac-0:1 ]
 
 actually, this still doesn't look right.  I expect:
 
 outputs.hp_source=dac-0:1  [ dac-0:1 ]
 outputs.hp_boost=off  [ off on ]
 outputs.spkr_source=dac-4:5  [ dac-4:5 ]
 outputs.spkr2_source=dac-2:3  [ dac-2:3 ]
 
 can you build a kernel with AZALIA_DEBUG defined and send me a
 dmesg from that?

OpenBSD 4.7-current (GENERIC.MP) #0: Thu Mar 25 16:49:45 EDT 2010

r...@opentop.realconnect.com:/usr/src/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2925703168 (2790MB)
avail mem = 2839818240 (2708MB)
RTC BIOS diagnostic error
d7clock_battery,ROM_cksum,memory_size,invalid_time
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (44 entries)
bios0: vendor Apple Inc. version MBP53.88Z.00AC.B03.0906151647 date
06/15/09
bios0: Apple Inc. MacBookPro5,3
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP HPET APIC APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
acpi0: wakeup devices ADP1(S3) LID0(S3) EC__(S3) GMUX(S3) OHC1(S3)
EHC1(S3) OHC2(S3) EHC2(S3) GIGE(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2500 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.47 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu0: 6MB 64b/line 16-way L2 cache
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz, 2786.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
cpu1: 6MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 255 (IXVE)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpiac0 at acpi0: AC unit offline
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 3545797981023400290 type
3545797981528607052 oem 3545797981528673619
cpu0: Enhanced SpeedStep 2786 MHz: speeds: 2793, 2660, 2394, 2128, 1862,
1596 MHz
memory map conflict 0xffc0/0x40
pci0 at mainbus0 bus 0
mem address conflict 0xe740/0x8
pchb0 at pci0 dev 0 function 0 NVIDIA MCP79 Host rev 0xb1
NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 0 function 1 not configured
pcib0 at pci0 dev 3 function 0 NVIDIA MCP79 ISA rev 0xb3
NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 1 not configured
nviic0 at pci0 dev 3 function 2 NVIDIA MCP79 SMBus rev 0xb1
iic0 at nviic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM PC3-8500 SO-DIMM
spdmem1 at iic0 addr 0x51: 4GB DDR3 SDRAM PC3-8500 SO-DIMM
iic1 at nviic0
iic1: addr 0x2c 00=ff 02=08 03=f9 07=60 0d=70 71=06 86=5e 90=73 91=58
92=b4 93=77 94=32 95=8c 96=78 97=90 9f=0c a0=3d a1=3f a2=3d a3=3f a4=3d
a5=3f a6=3d a7=3d a8=3d a9=3d aa=3d ab=3d ac=3d ad=3d ae=3d af=3d b0=3d
b1=3d b2=3d b3=3d b4=3d b5=3d b6=3d b7=3d b8=3d b9=3d ba=3d bb=39 bc=3d
bd=3d be=3d bf=3d words 00=ff00 01=0008 02=08f9 03=f900 04= 05=
06=0060 07=6000
NVIDIA MCP79 Memory rev 0xb1 at pci0 dev 3 function 3 not configured
vendor NVIDIA, unknown product 0x0a98 (class memory subclass RAM, rev
0xb1) at pci0 dev 3 function 4 not configured
NVIDIA MCP79 Co-processor rev 0xb1 at pci0 dev 3 function 5 not configured
ohci0 at pci0 dev 4 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int
11 (irq 11), version 1.0, legacy support
ehci0 at pci0 dev 4 function 1 NVIDIA MCP79 USB rev 0xb1: apic 1 int
10 (irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 NVIDIA EHCI root hub rev 2.00/1.00 addr 1
ohci1 at pci0 dev 6 function 0 NVIDIA MCP79 USB rev 0xb1: apic 1 int 7
(irq 7), version 1.0, legacy support
ehci1 at pci0 dev 6 function 1 NVIDIA MCP79 USB rev 0xb1: apic 1 int 5
(irq 5)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 NVIDIA EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 8 function 0 NVIDIA MCP79 HD Audio rev 0xb1: apic
1 int 15 (irq 15)
azalia_reset: resetting
azalia_reset: reset counter = 5000
azalia_reset: reset counter = 4991
azalia0: host: High Definition Audio rev. 1.0
azalia0: host: 4 output, 4 input, and 0 bidi streams
azalia0: found a codec at #0
azalia_init_corb: CORB allocation succeeded.
azalia_init_corb: CORBWP=0; size=256
azalia_init_rirb: RIRB allocation succeeded.
azalia_init_rirb: RIRBRP=0,

Re: macbook pro 5,5

2010-03-25 Thread Jean-Philippe Ouellet 

On 3/25/10 12:44 PM, Ted Roby wrote:

On Thu, Mar 25, 2010 at 3:45 AM, Lars Noodenlars.cura...@gmail.com  wrote:


On 3/24/10 21:02 , Pau wrote:

  I was also wondering whether it is possible to have openbsd on the

laptop as the only OS. I am guessing that the EFI could give trouble.



I've done that with the older macbook pros.  I'm sure the openfirmware
could be set to boot straight into OpenBSD, but would need a good OF
reference first.  If you leave it as-is, the firmware takes a long time to
find the system.

Leaving a minimal OS X partition and using rEFIt to boot 'legacy first', it
quickly goes into openbsd as the default.If you leave off all the
language variants and excess printer drivers, then OS X is about 20 GB.

/Lars



Actually, a default install of OSX without localizations and printer support
is only 4.5 GB.
You can reduce the partition it is installed on  to that, plus the size of
your memory.
So, OSX allowed me to shrink my HFS+ partition (with 4 GB ram) down to 9.5
GB.

I used diskutil resize to do this after install.


Actually, if you're not going to use OSX, you shouldn't need to have it 
on your disk at all because you can put rEFIt on a small EFI partition 
at the beginning of your disk and use bless(8) from an OSX dvd or 
whatever to set it to boot. Such an EFI partition was silently created 
if you used Disk Utility to set up your disk (and exists by default on 
macs when you buy them).


I had it set up like this on my old MacBook1,1 but have not tried it on 
my MacBookPro5,3 although I see no reason why it wouldn't work.

reconfigure squid on packages

2010-03-25 Thread sonjaya 
hi ...

i using squid in my openbsd box , i need reconfigure squid to support
useragent acl ( team viewer problem ) .
i'm installed from port.
how to do that to make squid working with acl useragent ?
can do that without  recomplie from source
-- 
sonjaya
http://www.sharenupload.com
http://www.airportindonesia.info

PER-C10L

2010-03-25 Thread alf 
Has anyone tried:
PER-C10L-A10 Mini PCI 10/100 Base-Tx Ethernet Module W/Realtek 8100C 

http://www.tri-m.com/products/aaeon/perc10l.html

I would like to use one on my:
MSI Wind PC Intel 1.6GHz Atom 230 processor on board Intel 945GC as an
extra hardwire ethernet port.

Re: macbook pro 5,5

2010-03-25 Thread Ted Roby 
On Thu, Mar 25, 2010 at 4:16 PM, Jean-Philippe Ouellet 
jean-phili...@ouellet.biz wrote:

 On 3/25/10 12:44 PM, Ted Roby wrote:

 On Thu, Mar 25, 2010 at 3:45 AM, Lars Noodenlars.cura...@gmail.com
  wrote:

  On 3/24/10 21:02 , Pau wrote:

  I was also wondering whether it is possible to have openbsd on the

 laptop as the only OS. I am guessing that the EFI could give trouble.


 I've done that with the older macbook pros.  I'm sure the openfirmware
 could be set to boot straight into OpenBSD, but would need a good OF
 reference first.  If you leave it as-is, the firmware takes a long time
 to
 find the system.

 Leaving a minimal OS X partition and using rEFIt to boot 'legacy first',
 it
 quickly goes into openbsd as the default.If you leave off all the
 language variants and excess printer drivers, then OS X is about 20 GB.

 /Lars


  Actually, a default install of OSX without localizations and printer
 support
 is only 4.5 GB.
 You can reduce the partition it is installed on  to that, plus the size of
 your memory.
 So, OSX allowed me to shrink my HFS+ partition (with 4 GB ram) down to 9.5
 GB.

 I used diskutil resize to do this after install.


 Actually, if you're not going to use OSX, you shouldn't need to have it on
 your disk at all because you can put rEFIt on a small EFI partition at the
 beginning of your disk and use bless(8) from an OSX dvd or whatever to set
 it to boot. Such an EFI partition was silently created if you used Disk
 Utility to set up your disk (and exists by default on macs when you buy
 them).

 I had it set up like this on my old MacBook1,1 but have not tried it on my
 MacBookPro5,3 although I see no reason why it wouldn't work.


Actually, I use it.

80 millions online DVD, HD movies: Download now

2010-03-25 Thread MOVIE RELAX 
Your email client cannot read this email.
To view it online, please go here:
http://pro.mailmarketer.in/display.php?M=7875985C=16e98183402c86cead609378ba
0243d7S=1137L=911N=637

MARCH MOVIEZ DOWNLOAD UPDATES
---

Dear my friends,

Are you working too hard? I guess you would love to refresh with me for a
while. Yes, you deserve it!

I would like to bring you 80 millions online DVD and HD quality moviez for
your choices.

What you can expect from that?

+ 80 millions moviez and update daily
+ Unlimited download, and more importantly - no content restricts!
+ Download Full episodes and all favourites shows
+ Missing some sport events? You can search and download here.
+ Portable devices and PSP ready
+ and more...you can feel it yourself

How to do it?

- Go to: Moviez-Download
- Start to Refresh and Get Rid of Tired Works

Looking forwards to meeting you there.

With love,


Christine Heughes

Moviez Download
88 Oprah St | NY 10023 | USA

If you do not want to receive further emails from this list, please REPLY
and insert UNSUBSCRIBE in the Subject Line. We fully respect your choice.
Thank you.

To stop receiving these
emails:http://pro.mailmarketer.in/unsubscribe.php?M=7875985C=16e98183402c86c
ead609378ba0243d7L=911N=1137

syslogd is logging to 2 files simultaneously - need to stop logging to messages

2010-03-25 Thread Siju George 
Hi,

This is my syslog.conf

*.notice;auth,authpriv,cron,ftp,kern,lpr,mail,user.none /var/log/messages
kern.debug;syslog,user.info /var/log/messages
auth.info   /var/log/authlog
authpriv.debug  /var/log/secure
cron.info   /var/cron/log
daemon.info /var/log/daemon
ftp.info/var/log/xferlog
lpr.debug   /var/log/lpd-errs
mail.info   /var/log/maillog
uucp.info   /var/log/uucp
local0.debug
/var/log/fortigate/fortilog

Now Fortigate is loggig to both /var/log/fortigate/fortilog and
/var/log/messages simultaneously :-(
How do I make it stop logging to /var/log/messages ?

_syslogd 10821  0.0  0.2   472   808 ??  I 10:34AM0:00.01
syslogd -u -a /var/named/dev/log -a /var/empty/dev/log
root 18498  0.0  0.2   596   836 ??  Is10:34AM0:00.01
syslogd: [priv] (syslogd)

Thanks