Re: OpenBSD culture?

[Eric Furman]

Of course this is all useless to the O.P. because you
didn't include a link to a HOWTO.

On Mon, 19 Apr 2010 14:04 +0200, Raimo Niskanen
raimo+open...@erix.ericsson.se wrote:
 On Mon, Apr 19, 2010 at 06:59:25PM +0800, shweg...@gmail.com wrote:
  On Mon, 19 Apr 2010, Raimo Niskanen wrote:
  
  On Sat, Apr 17, 2010 at 08:48:26AM +0800, shweg...@gmail.com wrote:
  On Fri, 16 Apr 2010, J Sisson wrote:
  
  On Fri, Apr 16, 2010 at 11:28 AM,  trustlevel-...@yahoo.co.uk wrote:
  You can actually have MANY more than 4 OS on one drive, but it does get
  rather
  complicated and not worth the effort which certainly wouldn't help here.
  
  The point was that OpenBSD requires a primary partition.
  
  
  Does it? This is my setup:
  
  Interesting...
  
  What MBR do you have that can select to boot from one of two
  bootable partitions? Or do you use the Windows bootloader
  to boot OpenBSD? Or is it GRUB at 7138/0/1?
  
  I would be interested in some more details...
  
  Of course I boot using the Vista bootloader and easybcd to edit the 
  configuration, which saves a lot 
  of headache. The important thing is it can be done.
  :)
 
 Very nice!
 
 It was not Of course to me since I vagely recall some BSD's MBR could
 boot from extended partitions so that could have been how you did it,
 but have heard stories about Windows restoring MBRs it does not
 recognize.
 And you might have used Grub in some interesting way...
 
 But yes, EacyBSD and Vista bootloader was my first guess,
 and now it is confirmed.
 
 Again, very nice and thank you for sharing!
 
  
  
  
  
  
  
  
  
  
  ~ $ fdisk sd0
  Disk: sd0 geometry: 32301/240/63 [488397168 Sectors]
  Offset: 0 Signature: 0xAA55
  Starting Ending LBA Info:
   #: id  C   H   S -  C   H   S [   start:size ]
  ---
  *0: 07  0  32  33 -203  74  26 [2048: 3072000 ] NTFS
   1: 07203  74  27 -   7137 239  63 [ 3074048:   104852512 ] NTFS
   2: 07  30946 178  19 -  32301  57  41 [   467914752:2048 ] NTFS
  *3: 05   7138   0   1 -  30945 239  63 [   107926560:   359976960 ]
  Extended DOS
  Offset: 107926560 Signature: 0xAA55
  Starting Ending LBA Info:
   #: id  C   H   S -  C   H   S [   start:size ]
  ---
   0: A6   7138   1   1 -  14072 239  63 [   107926623:   104857137 ]
  OpenBSD
   1: 05  14073   0   1 -  16153 239  63 [   212783760:31464720 ]
  Extended DOS
   2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
   3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
  Offset: 212783760 Signature: 0xAA55
  Starting Ending LBA Info:
   #: id  C   H   S -  C   H   S [   start:size ]
  ---
   0: 83  14073   1   1 -  16153 239  63 [   212783823:31464657 ] Linux
  files*
   1: 05  16154   0   1 -  16430 239  63 [   244248480: 4188240 ]
  Extended DOS
   2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
   3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
  Offset: 244248480 Signature: 0xAA55
  Starting Ending LBA Info:
   #: id  C   H   S -  C   H   S [   start:size ]
  ---
   0: 82  16154   1   1 -  16430 239  63 [   244248543: 4188177 ] Linux
  swap
   1: 05  16431   0   1 -  30945 239  63 [   248436720:   219466800 ]
  Extended DOS
   2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
   3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
  Offset: 248436720 Signature: 0xAA55
  Starting Ending LBA Info:
   #: id  C   H   S -  C   H   S [   start:size ]
  ---
   0: 83  16431   1   1 -  30945 239  63 [   248436783:   219466737 ] Linux
  files*
   1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
   2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
   3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused
  
  -- 
  
  / Raimo Niskanen, Erlang/OTP, Ericsson AB
 
 -- 
 
 / Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: Radius Auth and Insecurity Outputs

[Stuart Henderson]

On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote:
 Hello all,

 I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are 
 using RADIUS authentication.

 When I install the OS, I create a local user with local authentication. 
 After the box's network config is all done, I then change the login 
 class of the user to so I can use RADIUS, by modifying 
 /etc/master.passwd with `vipw', so it looks like this:
 (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh

 The problem then occurs when /etc/security runs, as it gives the 
 following output:

 Checking the /etc/master.passwd file:
 Login (removed) is off but still has a valid shell and alternate access files 
 in
home directory are still readable.

 This login is being used successfully with RADIUS, all is working as 
 expected, I just want to get rid of this error. Any input?


Set the encrypted password to *

pf statistics via SNMP MIBs on 4.6 (or 4.7)

[silvershadow123]

Hi list,

the most recent MIBs for OpenBSD is for 4.4 (OpenBSD 4.4: obsd-mibs44.tar), 
which can be downloaded from well-known

http://www.packetmischief.ca/openbsd/snmp/

However, I seem to have problems getting it running on a OpenBSD 4.6 based 
relayd setup (dmesg below). It builds okay from the ports, installs, but 
snmpwalk won't find the OIDs documented.

Has anyone running SNMP MIBs from this source on a system OpenBSD 4.4+?

Thanks  sorry for my bad english,

Donald

dmesg:

OpenBSD 4.6 (GENERIC) #58: Thu Jul  9 21:24:42 MDT 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 
MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 268009472 (255MB)
avail mem = 250335232 (238MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xe/0xa800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33
glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 
00:0d:b9:15:98:cc
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 
00:0d:b9:15:98:cd
ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 
00:0d:b9:15:98:ce
ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, 
model 0x0034
glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 
3579545Hz timer, watchdog, gpio
gpio0 at glxpcib0: 32 pins
pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: TRANSCEND
wd0: 1-sector PIO, LBA, 1911MB, 3915072 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0, 
legacy support
ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
isa0 at glxpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
biomask e3ef netmask ffef ttymask 
mtrr: K6-family MTRR support (2 registers)
nvram: invalid checksum
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
clock: unknown CMOS layout
-- 
GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01

Re: Source Overview

[J.C. Roberts]

On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowski a...@blahonga.org
wrote:

 On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert
 haesba...@haesbaert.org wrote:
 
  I also know he (as every developer) is busy with more important
  things, so publishing these small tasks would also give the
  developers more time to focus on the big/important issues.
 
 There are a bunch of assumptions here that are wrong.
 
 Small tasks are the most fun to do because they satisfy the instant
 gratification needs all of us have. I won't give you my list of the
 fun and easy stuff, I want to keep it to myself. The lists that are
 published will contain dull, heavy and not very important tasks. The
 kind that gets you burned out the quickest.
 
 Also, todo lists have been published in the past leading to either no
 reaction whatsoever or a bunch of people offering help and vampiring
 the energy from whoever published the list without leading to any code
 committed. It's easy to become slightly bitter about the whole thing
 after spending hundreds of hours helping people who then don't follow
 through when they realize that it actually requires work.
 
 //art
 

Well said Art!

Additionally, some of the most dull and heavy tasks are not coding,
but instead, they are testing code/patches. There is no joy of coding
involved, and little gratification when at the end of your efforts all
you can say is, It worked fine on X. The closest thing to excitement
you'll get is *if* you can find a bug.

Does anyone really rely on a 486 with an ISA bus? What about a vax or
similar esoteric system? Let alone use one regularly? Do these ancient
and odd systems really matter?

Having code run on multiple archs and lots of different hardware is a
well proven way to find important bugs.

The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but
this dull and heavy work is somehow below most people who just talk
about wanting to become developers and are looking for shortcuts to
becoming one.

Since validity is critical, if you cannot test properly and hopefully
help in the debugging, then you'll never be any good at writing code.

jcr

-- 
The OpenBSD Journal - http://www.undeadly.org

Još samo 7 dana za spremanje uz popust i poklon!

[E-topshop]

ProleDno spremanje - još 7 dana sa popustom!

Odaberite bilo koja 2 ili više proizvoda iz ponude ProleDno spremanje i
osvojite 10% POPUSTA i POKLON Mini kuhinjsku vagu!

PoEurite, napravite svoj paket još danas i oD
istite svoj dom uz minimum
napora i za upola kraDe vreme!

Neki od proizvoda iz ponude za veliko spremanje

Omni Floor Polisher

Space Bag Cube

Shamwow - magiD
ne krpe

Omni Floor Polisher

Space Bag Cube

Shamwow

ProleDno spremanje

Kliknite ovde i napravite svoj paket odmah!

ProleDno spremanje

Ovu elektronsku poštu primate, ukoliko ste svojevoljno ostavili svoju
e-mail adresu na nekom od sajtova Top Shop-a, uD
estvovali u našoj poklon
igri ili nagradnom kvizu ili se prijavili za e-D
asopis Top Shop-a ili
nekog od nasih brendova.

Ponude date u ovom e-mailu vaEe iskljuD
ivo za porudEbine upuDene
putem Interneta ili broja telefona 021 489 26 60.

Ukoliko ne Eelite više da primate naše elektronske poruke, za
odjavljivanje sa naše e-mailing liste, kliknite ovde.

Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021
489 26 60, Fax: 021 489 29 08,
E-mail: i...@news.top-shop.rs

[IMAGE]If you would no longer like to receive our emails please
unsubscribe by clicking here.

Re: Source Overview

[Nicholas Marriott]

I have a large public todo list for tmux (it is even distributed in the
portable tarball), and I don't actually mind helping people, so long as
they make some effort. Even so I get very very few contributions for
todo list items, most stuff I get is from people who specifically want a
feature or hit a bug.

So I am a bit sceptical about the value of todo lists.

People have suggested it would help if I added more detail or put them
in a bug tracker or something, but who has time for that when nobody
even emails to ask about what is there already?

If there are small ideas from developers (or users) scattered over the
mailing lists, there is nothing stopping someone else collecting them
together and making a todo list...


On Mon, Apr 19, 2010 at 03:02:17PM -0300, Christiano F. Haesbaert wrote:
 I know this has been discussed before, yet I call for your attention.
 
 This post seems like a genuine attempt on getting pointers on starting
 hacking in OpenBsd. I remember doing the same a while ago.
 
 How about having a very simple per-developer(or project) wish-list/todo-list ?
 
 I guess this would encourage people to code, usually the first step is
 the hardest after you code some stuff you can can usually walk by
 yourself.
 
 For example, Claudio once said that not needing a route for multicast
 addresses would be nice, but that's somewhere on the mailing lists
 archives so very few people are aware of that, having it explicit in a
 todo-list could speed things up IMHO.
 
 I also know he (as every developer) is busy with more important
 things, so publishing these small tasks would also give the
 developers more time to focus on the big/important issues.
 
 No, I'm not trolling, just an idea.

Re: usb modem ADU-500A

[David Coppa]

2010/4/20 zAJKOW dMITRIJ aLEKSANDROWI^ dmitri...@narod.ru:
 Hi. I'm not speek english.

 OpenBSD 4.6 i386.
 Not working modem ADU-500A (driver umsm).

Send us the output of:

usbdevs -dv

cheers,
david

Re: sudo - protected directory

[Alexander Hall]

On 04/20/10 00:37, Frank Bax wrote:
 The first example in 'man sudo' shows how to list files in a protected
 directory:
 sudo ls /usr/local/protected
 
 I am not sure how I would search the contents of files found in such a
 directory, for example:
 $ sudo ls -l /var/spool/mqueue/
 total 8
 -rw---  1 root  wheel  2031 Apr 17 02:54 dfo3H6qkaT024430
 -rw---  1 root  wheel   936 Apr 19 18:22 qfo3H6qkaT024430
 $ sudo grep . /var/spool/mqueue/
 
 How do I get some output from this grep command?
 

Hmmm, maybe from using it properly? ;-)

For these cases I either use -r (as Nicholas already pointed out), or,
if you want or need to use a glob for finding the files, wrap it up like:

$ sudo sh -c 'grep . /var/spool/mqueue/*'

/Alexander

Re: Source Overview

[Lars Nooden]

On Tue, 20 Apr 2010, J.C. Roberts wrote:
The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, ... 
Since validity is critical, if you cannot test properly and hopefully 
help in the debugging, then you'll never be any good at writing code...


That's a very clean way of getting introduced step by step to both the 
code, the development tools, the development methods and acculturation to 
the community.


/Lars

Stange Spamd behaviour

[Matthew Gladkikh]

Hello folks,

My spamd setup went mad one day and I cannot figure out what is the problem -
could you please help?
The problem is that it automatically whitelists all the incoming connections.
I am running openbsd in bridge mode.

bash-4.0# uname -a
OpenBSD puffy.srv.pzi.ru 4.6 GENERIC.MP#89 i386

Part of pf.conf:
#SPAM GRAYLISTING
no rdr log proto tcp from whitelist to any port smtp
no rdr log proto tcp from spamd-white to any port smtp
no rdr log proto tcp from $int_dmz_mail to any port smtp
rdr pass log on $ext_if proto tcp from any to any port smtp  - 127.0.0.1 port
spamd

bash-4.0# sysctl -a |grep forwar
net.inet.ip.forwarding=1
net.inet.ip.mforwarding=0
net.inet6.ip6.forwarding=0
net.inet6.ip6.mforwarding=0

bash-4.0# cat /etc/bridgename.bridge0
add xl0
add xl1
up

bash-4.0# cat /etc/rc.conf |grep -i pf
ospfd_flags=NO  # for normal use: 
ospf6d_flags=NO # for normal use: 
pf=YES  # Packet filter / NAT
pf_rules=/etc/pf.conf   # Packet filter rules file
pflogd_flags=   # add more flags, ie. -s 256

bash-4.0# cat /etc/rc.conf |grep -i spam
#spamd_flags= # for normal use:  and see spamd(8)
spamd_flags=-vl 127.0.0.1 -n Postfix
spamd_black= # set to YES to run spamd without greylisting
spamlogd_flags=   # use eg. -i interface and see spamlogd(8)

even if I set spamd_black=YES it whitelist all the hosts...


Could you please help me to find the source of the problem?

Cheers,
Matt

Re: Stange Spamd behaviour

[Alexander Hall]

On 04/20/10 12:34, Matthew Gladkikh wrote:
 Hello folks,
 
 My spamd setup went mad one day and I cannot figure out what is the problem -
 could you please help?
 The problem is that it automatically whitelists all the incoming connections.
 I am running openbsd in bridge mode.

Check your spamlogd setup. Without further investigation, I'd bet that's
what's causing this.

/Alexander

 
 bash-4.0# uname -a
 OpenBSD puffy.srv.pzi.ru 4.6 GENERIC.MP#89 i386
 
 Part of pf.conf:
 #SPAM GRAYLISTING
 no rdr log proto tcp from whitelist to any port smtp
 no rdr log proto tcp from spamd-white to any port smtp
 no rdr log proto tcp from $int_dmz_mail to any port smtp
 rdr pass log on $ext_if proto tcp from any to any port smtp  - 127.0.0.1 port
 spamd
 
 bash-4.0# sysctl -a |grep forwar
 net.inet.ip.forwarding=1
 net.inet.ip.mforwarding=0
 net.inet6.ip6.forwarding=0
 net.inet6.ip6.mforwarding=0
 
 bash-4.0# cat /etc/bridgename.bridge0
 add xl0
 add xl1
 up
 
 bash-4.0# cat /etc/rc.conf |grep -i pf
 ospfd_flags=NO  # for normal use: 
 ospf6d_flags=NO # for normal use: 
 pf=YES  # Packet filter / NAT
 pf_rules=/etc/pf.conf   # Packet filter rules file
 pflogd_flags=   # add more flags, ie. -s 256
 
 bash-4.0# cat /etc/rc.conf |grep -i spam
 #spamd_flags= # for normal use:  and see spamd(8)
 spamd_flags=-vl 127.0.0.1 -n Postfix
 spamd_black= # set to YES to run spamd without greylisting
 spamlogd_flags=   # use eg. -i interface and see spamlogd(8)
 
 even if I set spamd_black=YES it whitelist all the hosts...
 
 
 Could you please help me to find the source of the problem?
 
 Cheers,
 Matt

[SOLVED] Re: Generic Discuss about CPU resource scheduling

[Aaron Lewis]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

First of All , Thanks to all your help ;-)
All the replies are good , and enlightened me.


Finally as i read more of the book , i found a good way to solve this
problem.

They use multiple queues , which has different CPU time for a slice.
That's a good way as a statistics of running time.
Shorter tasks will be available to execute , and finish earlier.

- -
|   7s CPU time per slice   |   // Queue 1
- -

 == if a process didn't finish , move
it to next queue.

- -
|   14s per slice (maybe)   |   // Queue 2
- -

...

And different queues owns different priority , of course.


Thanks again for all of your experience !

- -- 
Best Regards,
Aaron Lewis - PGP: 0x4A6D32A0
FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0
irc: A4r0n on freenode
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkvNikYACgkQvf41sEptMqDnVACguzyJFMSyurqW6RpQE3lay/g3
M2gAn1wOQ+pl0guyKQQD7lQe2SBCAq71
=lHeF
-END PGP SIGNATURE-

Re: Radius Auth and Insecurity Outputs

[Alexander Hall]

On 04/20/10 08:37, Stuart Henderson wrote:
 On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote:
 Hello all,

 I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are 
 using RADIUS authentication.

 When I install the OS, I create a local user with local authentication. 
 After the box's network config is all done, I then change the login 
 class of the user to so I can use RADIUS, by modifying 
 /etc/master.passwd with `vipw', so it looks like this:
 (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh

 The problem then occurs when /etc/security runs, as it gives the 
 following output:

 Checking the /etc/master.passwd file:
 Login (removed) is off but still has a valid shell and alternate access 
 files in
   home directory are still readable.

 This login is being used successfully with RADIUS, all is working as 
 expected, I just want to get rid of this error. Any input?

 
 Set the encrypted password to *
 

Thank you Stuart for not recommending hacking away on /etc/security but
instad provide the correct answer. :-)

And while the awk-literate audience might have noticed that any
13-character string would suffice, I'd say * is indeed the
most prevalent form thereof.

/Alexander

Re: Radius Auth and Insecurity Outputs

[Stuart Henderson]

On 2010/04/20 13:04, Alexander Hall wrote:
 On 04/20/10 08:37, Stuart Henderson wrote:
  On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote:
  Hello all,
 
  I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are 
  using RADIUS authentication.
 
  When I install the OS, I create a local user with local authentication. 
  After the box's network config is all done, I then change the login 
  class of the user to so I can use RADIUS, by modifying 
  /etc/master.passwd with `vipw', so it looks like this:
  (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh
 
  The problem then occurs when /etc/security runs, as it gives the 
  following output:
 
  Checking the /etc/master.passwd file:
  Login (removed) is off but still has a valid shell and alternate access 
  files in
  home directory are still readable.
 
  This login is being used successfully with RADIUS, all is working as 
  expected, I just want to get rid of this error. Any input?
 
  
  Set the encrypted password to *
  
 
 Thank you Stuart for not recommending hacking away on /etc/security but
 instad provide the correct answer. :-)
 
 And while the awk-literate audience might have noticed that any
 13-character string would suffice, I'd say * is indeed the
 most prevalent form thereof.

For the record I dislike this loophole, but since it's there (and
there were various complaints when I tried removing it), may as well
make use of it. :)

Re: Source Overview

[Jacob Meuser]

On Tue, Apr 20, 2010 at 12:21:43AM -0700, J.C. Roberts wrote:
 On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowski a...@blahonga.org
 wrote:
 
  On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert
  haesba...@haesbaert.org wrote:
  
   I also know he (as every developer) is busy with more important
   things, so publishing these small tasks would also give the
   developers more time to focus on the big/important issues.
  
  There are a bunch of assumptions here that are wrong.
  
  Small tasks are the most fun to do because they satisfy the instant
  gratification needs all of us have. I won't give you my list of the
  fun and easy stuff, I want to keep it to myself. The lists that are
  published will contain dull, heavy and not very important tasks. The
  kind that gets you burned out the quickest.
  
  Also, todo lists have been published in the past leading to either no
  reaction whatsoever or a bunch of people offering help and vampiring
  the energy from whoever published the list without leading to any code
  committed. It's easy to become slightly bitter about the whole thing
  after spending hundreds of hours helping people who then don't follow
  through when they realize that it actually requires work.
  
  //art
  
 
 Well said Art!
 
 Additionally, some of the most dull and heavy tasks are not coding,
 but instead, they are testing code/patches. There is no joy of coding
 involved, and little gratification when at the end of your efforts all
 you can say is, It worked fine on X. The closest thing to excitement
 you'll get is *if* you can find a bug.
 
 Does anyone really rely on a 486 with an ISA bus? What about a vax or
 similar esoteric system? Let alone use one regularly? Do these ancient
 and odd systems really matter?
 
 Having code run on multiple archs and lots of different hardware is a
 well proven way to find important bugs.
 
 The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but
 this dull and heavy work is somehow below most people who just talk
 about wanting to become developers and are looking for shortcuts to
 becoming one.
 
 Since validity is critical, if you cannot test properly and hopefully
 help in the debugging, then you'll never be any good at writing code.
 
   jcr
 
 -- 
 The OpenBSD Journal - http://www.undeadly.org

the non-sndio ports list I sent to ports@ recently (and which I have been
doing for months now) is a todo list.  even just looking at the listed
ports as they are now, noting how well they currently work in an out of
the box configuration on your machine, checking if there are upstream
updates or if the homepage has moved or anything along those lines
would be helpful.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Re: can't do suitable block in firewall

[Leonardo Carneiro - Veltrac]

Shane Lazarus wrote:

Heya

On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac 
lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br wrote:


My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz. 


What i'm trying to do is:

 



1. Allow some hosts to use MSN;
 2. Redirect the MSN connections of some hosts from the LAN
interfaces to a MSN proxy in the DMZ interface;
3. Block the rest.

This is how i'm trying to achieve:

   # msn proxy redirect
   rdr on $lan1_iface proto tcp from $msn-redirect to any port 1863 -
   $proxy
   rdr on $lan1_iface proto tcp from $msn-redirect to any port
   25000:3 - $proxy
   # msn filter
   pass out quick on $inet_iface inet proto tcp from $msn-redirect to
   $proxy port 1863 keep state
   pass out quick on $inet_iface inet proto tcp from $msn-allowed1 to
   any port 1863 keep state
   pass out quick on $inet_iface inet proto tcp from $msn-allowed2 to
   any port 1863 keep state
   pass out quick on $inet_iface inet proto tcp from $proxy to any
port
   1863 keep state
   block out on $inet_iface inet proto tcp from any to any port 1863


Is the reference to passing out the redirected traffic to the $proxy 
via the $inet_interface instead of the $dmz_interface correct, a typo 
or the issue?


Shane

 
Hi Shane. No, it's not a typo. It's a last second modification that i 
tried before send the email. Was 'any' before i replace with '$proxy'. 
However, like you well observed, it's wrong :(


I'll try other rules today and i'll post then here. Tks for you concern.

Re: Source Overview

[Peter Kay (Syllopsium)]

From: J.C. Roberts list-...@designtools.org
The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but
this dull and heavy work is somehow below most people who just talk
about wanting to become developers and are looking for shortcuts to
becoming one.

Since validity is critical, if you cannot test properly and hopefully
help in the debugging, then you'll never be any good at writing code.

You're not wrong, but that's a rather black and white way of looking at the
world.

When someone starts a new activity - whether that's coding for OpenBSD,
baking cakes or similar, it's usually necessary to have a visible 'quick 
win' or

at least sign of progress that encourages the person to carry on and try a
little harder.

Testing does not usually fit into that category - it is indeed 'dull and 
heavy'

and usually something people expect to be paid for.

I understand and mostly agree with the viewpoint that the best way is to
download code, decide on what needs fixing and keep plugging at it
until success is achieved.

That's also fine if the OpenBSD community wants to perpetuate the type
of people that code for it and the size of the community.

If (and it is an if) the OpenBSD community wants more resource - both
coding and testing, there probably needs to be a degree more flexibility.

Or, in short, we need to not deter people straight away, and accept that
perhaps sometimes decent programmers start from ones that make lots
of mistakes.

Perhaps a ports TODO similar to the NetBSD ports TODO might help; it
doesn't require quite the same level of kernel or userspace hacking and
provides very visible feedback and thanks once completed.

Neither would I completely rule out a central TODO list linked off
OpenBSD.org. Sure, it might well be ignored, but the possibility remains
that someone might take up the task. NetBSD isn't doing too badly with
Google's Summer of Code initiatives, either.

It might not even be a bad idea to puff up new developers a bit :
'new developer Fred Bloggs decided to solve PR7738 squashing an
annoying bug in the ipz(4) driver. John Smith is very grateful for this
as it enabled him to use his new ServBladePro NZ20 server'

With specific reference to the ISA 486, if there are specific test cases 
that

can be run without taking up hours of interactive time, I have a suitable
VLB/ISA 486 that could run them. It's not something I'm interested in
using on a regular basis though - I've got other machines that
are far easier to work with.

PK 

Re: Source Overview

[Chris Bennett]

On 04/20/10 06:38, Jacob Meuser wrote:

On Tue, Apr 20, 2010 at 12:21:43AM -0700, J.C. Roberts wrote:

On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowskia...@blahonga.org
wrote:


On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert
haesba...@haesbaert.org  wrote:


I also know he (as every developer) is busy with more important
things, so publishing these small tasks would also give the
developers more time to focus on the big/important issues.


There are a bunch of assumptions here that are wrong.

Small tasks are the most fun to do because they satisfy the instant
gratification needs all of us have. I won't give you my list of the
fun and easy stuff, I want to keep it to myself. The lists that are
published will contain dull, heavy and not very important tasks. The
kind that gets you burned out the quickest.

Also, todo lists have been published in the past leading to either no
reaction whatsoever or a bunch of people offering help and vampiring
the energy from whoever published the list without leading to any code
committed. It's easy to become slightly bitter about the whole thing
after spending hundreds of hours helping people who then don't follow
through when they realize that it actually requires work.

//art



Well said Art!

Additionally, some of the most dull and heavy tasks are not coding,
but instead, they are testing code/patches. There is no joy of coding
involved, and little gratification when at the end of your efforts all
you can say is, It worked fine on X. The closest thing to excitement
you'll get is *if* you can find a bug.

Does anyone really rely on a 486 with an ISA bus? What about a vax or
similar esoteric system? Let alone use one regularly? Do these ancient
and odd systems really matter?

Having code run on multiple archs and lots of different hardware is a
well proven way to find important bugs.

The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but
this dull and heavy work is somehow below most people who just talk
about wanting to become developers and are looking for shortcuts to
becoming one.

Since validity is critical, if you cannot test properly and hopefully
help in the debugging, then you'll never be any good at writing code.

jcr

--
The OpenBSD Journal - http://www.undeadly.org


the non-sndio ports list I sent to ports@ recently (and which I have been
doing for months now) is a todo list.  even just looking at the listed
ports as they are now, noting how well they currently work in an out of
the box configuration on your machine, checking if there are upstream
updates or if the homepage has moved or anything along those lines
would be helpful.

Looking at this and Peters message, I think there may be an answer much 
simpler than a TODO list, which I think will never work out. If 
developers wanted a TODO list, we would already have one.


In Ports, there are already the useful tags on emails of WIP, NEW, 
UPDATE, etc


Perhaps the useful emails that have suitable TODO items could simply be 
tagged with a TODO.


WIP TODO blah blah
UPDATE TODO blah blah
TODO blah blah

These would be exceptionally easy to search for. NO list, very simple 
for anyone to add to an email.

Wistron DNMA92 mini-PCI card

[Aaron Mason]

Hey all,

Is anybody developing drivers for the Atheros AR9220-based card named
in the subject?  Would it help if someone were to order some from
PCEngines for development, and if so, would pigtails and/or
pci-to-mpci adapters be needed, and to whom would we send them?

Regards

-- 
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Re: Radius Auth and Insecurity Outputs

[Ted Unangst]

On Tue, Apr 20, 2010 at 7:04 AM, Alexander Hall ha...@openbsd.org wrote:
 Set the encrypted password to *


 Thank you Stuart for not recommending hacking away on /etc/security but
 instad provide the correct answer. :-)

 And while the awk-literate audience might have noticed that any
 13-character string would suffice, I'd say * is indeed the
 most prevalent form thereof.

Blech.  Talk about hacks, counting out 13 stars?  We already have
special handling for skey, which I guess demonstrates it's used a fair
bit more than radius, but I'd like to get a quorum of developers to
agree on something better.  All * looks to me like extra disabled.

For the OP, might I suggest radiusenabled for a bit of clarity?

Re: Brazil resellers of OpenBSD - Tempo Real?

[Leonardo Rodrigues]

I used to buy official OpenBSD sets there, but I remember trying to
buy a set a couple of months ago, and I couldn't find any.
Actually, their website isn't even working (www.temporeal.com.br) and
there are reports on some forums that the physical store has closed.

Meh =(

On Mon, Apr 19, 2010 at 9:35 PM, Nenhum_de_Nos math...@eternamente.info
wrote:
 On Mon, 19 Apr 2010 15:24:32 -0700 (MST)
 Austin Hook aus...@computershop.ca wrote:

 Does anyone know if the bookstore Tempo Real still exists and if they have
 a physical mailing address?   Or does anyone know of a potential reseller
 of OpenBSD in Brazil?

 it looks like is alive.
http://www.novatemporeal.com.br/temporeal/contato.asp

 unfortunately there is no physical address I could find on the site.

 the devil store (http://www.devilstore.com.br/) deals FreeBSD discs, they
may have interest in OpenBSD as well. their comercial mail is
comerc...@freebsdbrasil.com.br.

 HTH,

 matheus

 --
 We will call you cygnus,
 The God of balance you shall be

 A: Because it messes up the order in which people normally read text.
 Q: Why is top-posting such a bad thing?

 http://en.wikipedia.org/wiki/Posting_style

mpi(4): SAS1068: disk not found

[Joerg Goltermann]

Hi,

the VMware ESX's LSI SAS1068 emulation doesn't work. The controller is
detected but the disk(s) will not be found. After enabling MPI_DEBUG I got
only /bsd: mpi1: mpi_read 0x44 0x. It looks like the controller
has an interrupt problem. vmstat -i doesn't report the mpi1 controller irq.

Disabling ioapic, acpi and mpbios does not solve the issue.

Maybe someone has useful tips ...

 - Joerg

$ vmstat -i
interrupt   total rate
irq0/clock 208830  400
irq0/ipi 6874   13
irq82/mpi0   15763
irq83/em0   11917   22
Total  229197  439

completet dmesg:

OpenBSD 4.7-current (GENERIC.MP) #74: Fri Apr 16 16:47:34 CEST 2010
r...@dev.osn.de:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1
real mem  = 2146988032 (2047MB)
avail mem = 2071220224 (1975MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/22/09, BIOS32 rev. 0 @ 0xfd780, SMBIOS 
rev. 2.4 @ 0xe0010 (98 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 09/22/2009
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) 
S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) 
Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) 
Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) 
Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3) S2F0(S3) 
S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) 
Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) 
Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) 
Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3) S1F0(S3) 
S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) 
Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) 
Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) 
Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P3(S3) 
S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0
(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) 
Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) 
Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) 
Z01A(S3) Z01B(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) 
PE70(S3) S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) 
PEB0(S3) S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) 
PE41(S3) S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) 
PE45(S3) S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) 
PE52(S3) S1F0(S3) PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) 
PE56(S3) S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) 
PE63(S3) S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) 
PE67(S3) S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) 
PE74(S3) S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) 
PE81(S3) S1F0(S3) PE82(S3) S1F0(S3) PE83(S3) S1F0
(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) 
PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) 
PE95(S3) S1F0(S3) PE96(S3) S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) 
PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) 
PEA6(S3) S1F0(S3) PEA7(S3) S1F0(S3) PEB1(S3) S1F0(S3) PEB2(S3) S1F0(S3) 
PEB3(S3) S1F0(S3) PEB4(S3) S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) 
PEB7(S3) S1F0(S3) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 65MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz
cpu2: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz
cpu3: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpicpu1 at acpi0

Re: Wistron DNMA92 mini-PCI card

[Stuart Henderson]

On 2010-04-20, Aaron Mason simplersolut...@gmail.com wrote:
 Hey all,

 Is anybody developing drivers for the Atheros AR9220-based card named
 in the subject?  Would it help if someone were to order some from
 PCEngines for development, and if so, would pigtails and/or
 pci-to-mpci adapters be needed, and to whom would we send them?

 Regards


Should already be supported by athn(4) (BSS/monitor mode only, no hostap).

Re: Source Overview

[Adam M. Dutko]

 Looking at this and Peters message, I think there may be an answer much
 simpler than a TODO list, which I think will never work out. If developers
 wanted a TODO list, we would already have one.



Good point.

 ...snip...

Perhaps the useful emails that have suitable TODO items could simply be
 tagged with a TODO.


From a newcomers perspective that seems like a good idea.

...snip...

Thanks for more input everyone.

Re: Brazil resellers of OpenBSD - Tempo Real?

[Fabio Almeida]

Probably you'd better buy anything OpenBSD related on the official
site, I gave up trying to find some reseller here in Brazil, and when I
bought on the official site I had no problems.

Like the system itself, it just works :)

Fabio Almeida

Em Ter, 2010-04-20 C s 10:40 -0300, Leonardo Rodrigues escreveu:

 I used to buy official OpenBSD sets there, but I remember trying to
 buy a set a couple of months ago, and I couldn't find any.
 Actually, their website isn't even working (www.temporeal.com.br) and
 there are reports on some forums that the physical store has closed.
 
 Meh =(
 
 On Mon, Apr 19, 2010 at 9:35 PM, Nenhum_de_Nos math...@eternamente.info
 wrote:
  On Mon, 19 Apr 2010 15:24:32 -0700 (MST)
  Austin Hook aus...@computershop.ca wrote:
 
  Does anyone know if the bookstore Tempo Real still exists and if they have
  a physical mailing address?   Or does anyone know of a potential reseller
  of OpenBSD in Brazil?
 
  it looks like is alive.
 http://www.novatemporeal.com.br/temporeal/contato.asp
 
  unfortunately there is no physical address I could find on the site.
 
  the devil store (http://www.devilstore.com.br/) deals FreeBSD discs, they
 may have interest in OpenBSD as well. their comercial mail is
 comerc...@freebsdbrasil.com.br.
 
  HTH,
 
  matheus
 
  --
  We will call you cygnus,
  The God of balance you shall be
 
  A: Because it messes up the order in which people normally read text.
  Q: Why is top-posting such a bad thing?
 
  http://en.wikipedia.org/wiki/Posting_style

Çok yoğun istek üzerine kampanyamız bir süreliğine uzatılmıştır.

[Caprice Palace Termal]

\yelik Bilgileriniz

[IMAGE] Payla~

]zinsiz Gvnderim Bildir

\yelikten Ayr}l

[IMAGE]

Caprice Gold
oda sahiplerinin |cretsiz
konaklama haklar}yla
Didim Otelimiz doluyor

[IMAGE]

YILLIK PAKET ]G]N

SON ^ANS

[IMAGE]

[IMAGE]

Gok yopun istek |zerine kampanyam}z bir s|relipine uzat}lm}~t}r.

 div align=center[IMAGE]

www.caprice.com.tr
t}klay}n avantajlar} yakalay}n

0.212.444 44 25

 nbsp;

E-B|ltenimizi deperlendirin, size daha iyi hizmet sunal}m.12345

[IMAGE]

[IMAGE]

\yelik Bilgileriniz

[IMAGE] Payla~

]zinsiz Gvnderim Bildir

\yelikten Ayr}l

  /td

Re: Source Overview

[Christiano F. Haesbaert]

After reading your replies and the thread Ted mailed,

My assumptions were indeed wrong, I've naively believed people would
send diffs if such thing(the list) existed, the thread and your
replies proved me wrong.

I guess I thought that mainly because it worked for me on some level
in the past (I sent diffs after asking for things to do and PR bugs).

Summing up, I'm convinced, the list wouldn't do any good.

I shall not bother on this subject anymore.

Re: Source Overview

[Marco Peereboom]

On Tue, Apr 20, 2010 at 01:06:32PM +0100, Peter Kay (Syllopsium) wrote:
 From: J.C. Roberts list-...@designtools.org
 The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but
 this dull and heavy work is somehow below most people who just talk
 about wanting to become developers and are looking for shortcuts to
 becoming one.

 Since validity is critical, if you cannot test properly and hopefully
 help in the debugging, then you'll never be any good at writing code.
 You're not wrong, but that's a rather black and white way of looking at the
 world.

It's called experience in the open source community.

 When someone starts a new activity - whether that's coding for OpenBSD,
 baking cakes or similar, it's usually necessary to have a visible 'quick  
 win' or
 at least sign of progress that encourages the person to carry on and try a
 little harder.

Decoding the human genome wasn't easy yet they embarked on it.  LHC,
anyone?

 Testing does not usually fit into that category - it is indeed 'dull and  
 heavy'
 and usually something people expect to be paid for.

Oh and coding is free?  this is *exactly* how the community can help but
apparently they need to be paid for it.

 I understand and mostly agree with the viewpoint that the best way is to
 download code, decide on what needs fixing and keep plugging at it
 until success is achieved.

 That's also fine if the OpenBSD community wants to perpetuate the type
 of people that code for it and the size of the community.

Open source development requires a certain level of self-starting
ability.  It also requires a lot of up front time learning and
understanding things such as computer hardware, programming, the
interaction between those two etc.  These are non-trivial skills.  Not
everybody will be a great programmer.

 If (and it is an if) the OpenBSD community wants more resource - both
 coding and testing, there probably needs to be a degree more flexibility.

The code lives in CVS, people reply to email with patches and test data.
What more flexibility do you need?

 Or, in short, we need to not deter people straight away, and accept that
 perhaps sometimes decent programmers start from ones that make lots
 of mistakes.

That means they are not ready yet for OS development and should spend
more time on their own learning some more.

 Perhaps a ports TODO similar to the NetBSD ports TODO might help; it
 doesn't require quite the same level of kernel or userspace hacking and
 provides very visible feedback and thanks once completed.

Or perhaps it wouldn't.

 Neither would I completely rule out a central TODO list linked off
 OpenBSD.org. Sure, it might well be ignored, but the possibility remains
 that someone might take up the task. NetBSD isn't doing too badly with
 Google's Summer of Code initiatives, either.

I have to see the day that anything useful comes out of the GSC.  Why
waste time on writing a todo list that will be ignored?  You see this is
all work on the guy/gal that is already doing the work for free!

 It might not even be a bad idea to puff up new developers a bit :
 'new developer Fred Bloggs decided to solve PR7738 squashing an
 annoying bug in the ipz(4) driver. John Smith is very grateful for this
 as it enabled him to use his new ServBladePro NZ20 server'

Again, more work for the people that are doing all the work.

Part of being a developer is developing a thick skin to put up with a
community that wants everything for free without contributing any work.
I have seen plenty of people come and go because they don't want to put
up with it and they were perfectly capable of finding work on their own.

 With specific reference to the ISA 486, if there are specific test cases  
 that
 can be run without taking up hours of interactive time, I have a suitable
 VLB/ISA 486 that could run them. It's not something I'm interested in
 using on a regular basis though - I've got other machines that
 are far easier to work with.

 PK 

Re: Brazil resellers of OpenBSD - Tempo Real?

[Christiano F. Haesbaert]

On 19 April 2010 19:24, Austin Hook aus...@computershop.ca wrote:
 Does anyone know if the bookstore Tempo Real still exists and if they have
 a physical mailing address?   Or does anyone know of a potential reseller
 of OpenBSD in Brazil?


Buy from openbsdeurope.com, they charge  10 eur for devlivery.

TRIM support?

[Daniel Barowy]

Hello,

  Anyone know the status/plans of TRIM support in OpenBSD?  I poked around 
a bit in ahci.c and scsi.c, but nothing pops out at me (I also don't 
really know what I'm looking for).


Thanks,
Dan

trouble installing on t2000

[Wagstaff, Jason]

I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise.
It will let me get all the way through to installingn sets.  I have tried to
install the sets from cd, ftp, http, rsync and it never finishes.   Does
anyone have any ideas why this might be?   It usually gets about 90% through
before freezing up.

--
Jason Wagstaff - Systems Administrators
University of Missouri - St.Louis
One University Boulevard
CCB 451
St.Louis, MO 63121-4400
Work 314.516.4067

Re: TRIM support?

[Marco Peereboom]

What problem are you trying to solve?

And no, TRIM isn't supported.

On Tue, Apr 20, 2010 at 01:58:30PM -0400, Daniel Barowy wrote:
 Hello,

   Anyone know the status/plans of TRIM support in OpenBSD?  I poked 
 around a bit in ahci.c and scsi.c, but nothing pops out at me (I also 
 don't really know what I'm looking for).

 Thanks,
 Dan

Re: trouble installing on t2000

[Theo de Raadt]

 I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise.
 It will let me get all the way through to installingn sets.  I have tried to
 install the sets from cd, ftp, http, rsync and it never finishes.   Does
 anyone have any ideas why this might be?   It usually gets about 90% through
 before freezing up.

A possible fix for this has been commited recently.

RCS file: /cvs/src/sys/arch/sparc64/sparc64/intr.c,v
revision 1.35
date: 2010/04/16 22:35:24;  author: kettenis;  state: Exp;  lines: +11 -3
Fix handling of shared interrupts.  Make sure we use the lowest priority of
all the interrupt handles when reprioritizing the interrupt on reception,
but always run the handler at the desired priority.  Make sure
ci_handled_intr_level is set correctly.  Gets rid of splassert warnings
seem on many of the PCIe systems with mpi(4).

tested by deraadt@, jbg@

It seems to only affect some machines, and none of us had a T2000...

Re: smtpd.conf: syntax error with from local

[Jacek Masiulaniec]

On Sun, Apr 11, 2010 at 08:20:24PM +0200, Rene Maroufi wrote:
 Hi,
 
 i tried smtpd on a snapshot from March (GENERIC#556). If i use:
 
 accept from local for all relay
 
 I get with smtpd -n:
 
 /etc/mail/smtpd.conf:11: syntax error
 
 If i remove from local, everything is OK. Whats wrong with from local?
 The manpage says from local is correct (but the default, so it isn't
 needed).

Fixed in -current.

 
 Cheers
 Rene
 -- 
 Reni Maroufi
 i...@maroufi.net

Re: TRIM support?

[Daniel Barowy]

On Tue, 20 Apr 2010, Marco Peereboom wrote:


What problem are you trying to solve?

And no, TRIM isn't supported.



My concern is the procedure we've been using to deploy OpenBSD machines. 
We set up a base machine with a standard disk layout, utilities, admin 
account, etc... and then make a copy of the entire disk using dd.  We save 
this on our SAN, and when we want a new machine, simply pull a disk off 
the shelf, copy the image to the disk, boot, then customize.


The problem is that we're copying the entire disk, so, as far as the disk 
(i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as 
used even if they're empty.  If I understand correctly, how the controller 
handles block reallocation in this scenario depends how it is implemented 
in the disk's firmware, with some being better than others.  At present, 
we have Intel X25-E disks.


So, if the above is correct, then I will need to either rethink our 
deployment strategy (like, always leave some spae on the disk, untouched 
by dd), or else try not to write so often (like, using a ramdisk).  I 
could also be overestimating the importance of all of this.


Thanks,
Dan

Re: TRIM support?

[Marco Peereboom]

On Tue, Apr 20, 2010 at 02:56:11PM -0400, Daniel Barowy wrote:
 On Tue, 20 Apr 2010, Marco Peereboom wrote:

 What problem are you trying to solve?

 And no, TRIM isn't supported.


 My concern is the procedure we've been using to deploy OpenBSD machines.  
 We set up a base machine with a standard disk layout, utilities, admin  
 account, etc... and then make a copy of the entire disk using dd.  We 
 save this on our SAN, and when we want a new machine, simply pull a disk 
 off the shelf, copy the image to the disk, boot, then customize.

 The problem is that we're copying the entire disk, so, as far as the disk 
 (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as  
 used even if they're empty.  If I understand correctly, how the 
 controller handles block reallocation in this scenario depends how it is 
 implemented in the disk's firmware, with some being better than others.  
 At present, we have Intel X25-E disks.

 So, if the above is correct, then I will need to either rethink our  
 deployment strategy (like, always leave some spae on the disk, untouched  
 by dd), or else try not to write so often (like, using a ramdisk).  I  
 could also be overestimating the importance of all of this.

You are.  The whole not write so often is really really really
uninteresting.


 Thanks,
 Dan

Re: pf statistics via SNMP MIBs on 4.6 (or 4.7)

[Helmut Schneider]

silvershadow...@gmx.de wrote:

 the most recent MIBs for OpenBSD is for 4.4 (OpenBSD 4.4:
 obsd-mibs44.tar), which can be downloaded from well-known
 
 http://www.packetmischief.ca/openbsd/snmp/
 
 However, I seem to have problems getting it running on a OpenBSD 4.6
 based relayd setup (dmesg below). It builds okay from the ports,
 installs, but snmpwalk won't find the OIDs documented.
 
 Has anyone running SNMP MIBs from this source on a system OpenBSD
 4.4+?

4.5 was the last release I compiled it.

But at some day I got tired of building custom packages for snmp every
6 months (apart from the fact that FreeBSD doesn't provide similiar at
all) and wrote a small perl script which uses pfctl to query values. It
can also be used with Nagios and Cacti.

http://www.charlieroot.de/bsd/pf-stats-snmp.pl

HTH, Helmut

-- 
No Swen today, my love has gone away
My mailbox stands for lorn, a symbol of the dawn

Re: can't do suitable block in firewall

[Leonardo Carneiro - Veltrac]

Hi Shane, Heya and others. I tried a new setup, using tables (look more 
eficient than using a thousan rules to each variable). But is still 
failing :(

# tables
table msn-rdr persist const file /etc/pf.conf.d/msn-rdr
table msn-allow persist const file /etc/pf.conf.d/msn-allow

# msn proxy
rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
port 1863 - $proxy
rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
port 25000:3 - $proxy

# msn filter
pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from
msn-rdr to $proxy port 1863
block out quick on ! $inet_iface inet proto tcp from ! msn-allow
to any port 1863

In the msn-rdr table are IP of the hosts that should be redirected to 
the proxy, and in the msn-allow are the IP of the hosts that should be 
allowed to connect directly with the MSN over the internet (including 
the host $proxy). The $proxy host is in a fourth interface named $dmz_iface.

If i remove the quick statement of the block rule, anyone in any 
interface can connect, and with the 'quick' statement, no one can =S.
Also, back in february, when i just redirected everyone to the proxy, 
the rdr rules used to work, but with this more selective rule, it's not 
working at all.

Tks in advance.

Leonardo Carneiro - Veltrac wrote:
 Shane Lazarus wrote:
 Heya

 On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac 
 lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br wrote:

 My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz.
 What i'm trying to do is:

  


 1. Allow some hosts to use MSN;
  2. Redirect the MSN connections of some hosts from the LAN
 interfaces to a MSN proxy in the DMZ interface;
 3. Block the rest.

 This is how i'm trying to achieve:

# msn proxy redirect
rdr on $lan1_iface proto tcp from $msn-redirect to any port 
 1863 -
$proxy
rdr on $lan1_iface proto tcp from $msn-redirect to any port
25000:3 - $proxy
# msn filter
pass out quick on $inet_iface inet proto tcp from 
 $msn-redirect to
$proxy port 1863 keep state
pass out quick on $inet_iface inet proto tcp from 
 $msn-allowed1 to
any port 1863 keep state
pass out quick on $inet_iface inet proto tcp from 
 $msn-allowed2 to
any port 1863 keep state
pass out quick on $inet_iface inet proto tcp from $proxy to any
 port
1863 keep state
block out on $inet_iface inet proto tcp from any to any port 1863


 Is the reference to passing out the redirected traffic to the $proxy 
 via the $inet_interface instead of the $dmz_interface correct, a typo 
 or the issue?

 Shane

  
 Hi Shane. No, it's not a typo. It's a last second modification that i 
 tried before send the email. Was 'any' before i replace with '$proxy'. 
 However, like you well observed, it's wrong :(

 I'll try other rules today and i'll post then here. Tks for you concern.

Re: TRIM support?

[Ted Unangst]

On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote:
 And no, TRIM isn't supported.

 The problem is that we're copying the entire disk, so, as far as the disk
 (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as
 used even if they're empty.  If I understand correctly, how the
 controller handles block reallocation in this scenario depends how it is

 You are.  The whole not write so often is really really really
 uninteresting.

It's not about writing too often, it's about the performance hit doing
a read/modify/write when there's no free blocks.  Like the 4k sector
problem, but potentially even worse.

On the other hand, it depends on how much writing your server will do
in service.  If you aren't writing large files, you won't notice much
difference, and the benefit of ultra fast random access is more than
worth it.

Re: TRIM support?

[Chris Dukes]

On Tue, Apr 20, 2010 at 02:56:11PM -0400, Daniel Barowy wrote:

 
 The problem is that we're copying the entire disk, so, as far as the
 disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are
 marked as used even if they're empty.  If I understand correctly,
 how the controller handles block reallocation in this scenario
 depends how it is implemented in the disk's firmware, with some
 being better than others.  At present, we have Intel X25-E disks.

Err, just how frequently are you doing this?  The answer is
going to change a bit if you're doing this infrequently vs.
doing this as a part of manufacturing turn key boxes.
I am going to assume the former, not the latter.

If you don't want as many blocks to appear as used, write to fewer blocks.
IE partition it, slice it, mkfs it, and restore from a tarball.
You can even put your gzipped tarball of the base system where
the installer expects to find base##.tgz and tell it to only install your
tarball.
 
 So, if the above is correct, then I will need to either rethink our
 deployment strategy (like, always leave some spae on the disk,
 untouched by dd), or else try not to write so often (like, using a
 ramdisk).  I could also be overestimating the importance of all of
 this.

Just rethink your deployment strategy to not use 'dd'.
Even Windows cloning systems stopped trying to copy all bits
on the disk 6+ years ago.
'dd' made some sense when the disk was mostly full and there was
a huge penalty to keep seeking between data and metadata.
'dd' continues to make sense if you need to make a copy of
everything before attempting to recover data or metadata.

-- 
Chris Dukes

Re: TRIM support?

[Marco Peereboom]

On Tue, Apr 20, 2010 at 03:48:23PM -0400, Ted Unangst wrote:
 On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote:
  And no, TRIM isn't supported.
 
  The problem is that we're copying the entire disk, so, as far as the disk
  (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as
  used even if they're empty.  If I understand correctly, how the
  controller handles block reallocation in this scenario depends how it is
 
  You are.  The whole not write so often is really really really
  uninteresting.
 
 It's not about writing too often, it's about the performance hit doing
 a read/modify/write when there's no free blocks.  Like the 4k sector
 problem, but potentially even worse.
 
 On the other hand, it depends on how much writing your server will do
 in service.  If you aren't writing large files, you won't notice much
 difference, and the benefit of ultra fast random access is more than
 worth it.

I am 100% unconvinced.

Congreso Internet Marketing Experts - Guadalajara 24 de Mayo Auditorio Hotel Hilton

[Fernanda Rivas]

Congress  Marketing Presenta

Congreso Nacional iMexB410
Internet Marketing Experts Guadalajara
Sponsored By
WSI We Simplify The Internet - KTC Conexiones - Google Adwords
Professionals - Doppler E-Mail Marketing Made Simple - CII[IMAGE][IMAGE]

Ser Visto Para Ser Rentable
El Internet como medio de mercadotecnia ofrece beneficios excepcionales y
un potencial de reconocimiento de marca para todo tipo de industria. Un
evento sin precedentes que propone alternativas de vanguardia y
tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por
Internet es altamente rentable, ofrece muchas ventajas C:nicas que la
publicidad tradicional no puede igualar, asC como herramientas de alto
impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su
empresa y su mercado meta.

Objetivos y beneficios
B?QuC) puede hacer la mercadotecnia por internet por mi negocio?
b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n
de contactos, ventas, etc.)
b Mejorar sus actividades promocionales en lCnea b una forma mC!s de
llegar a los clientes
b Extender el posicionamiento de su marca en nuevos mercados
b Dar a su negocio una ventaja sobre su competencia
b Reducir sus costos de mercadotecnia a la vez que mejora sus
resultados

Viernes 24 de Mayo de 2010 - Hotel Hilton Guadalajara[IMAGE]

Algunos de los temas generales a tratar
. Tu presencia en internet
. Posicionamiento, trC!fico objetivo y mercadotecnia online
. Impacto de las redes sociales como estratC)gia de negocios
. Mobile Marketing
. e-mail Marketing
Y muchos mC!s!

[IMAGE] Descargue su Brochure en pdf con detalles y costos del evento
Click AquC

Congress  Marketing Online S.C.
B) 2009 - Todos los derechos reservados.
TelC)fonos en la Cd. de Guadalajara 01(33)1201-6898, (33)1562-1784 y
(33)3110-6502

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress
 Marketing o bien un usuario le refirio para recibir este boletCn. Como
usuario de Congress  Marketing, en este acto autoriza de manera expresa
que Congress  Marketing le puede contactar vCa correo electrC3nico u
otros medios. Si usted ha recibido este mensaje por error, haga caso
omiso de el y reporte su cuenta respondiendo este correo con el subject
BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank message
withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la gestiC3n
de nuestras bases de datos es de suma importancia y no es intenciC3n de
la empresa la inconformidad del receptor.

Re: can't do suitable block in firewall

[Leonardo Carneiro - Veltrac]

Leonardo Carneiro - Veltrac wrote:
 Hi Shane, Heya and others. I tried a new setup, using tables (look more 
 eficient than using a thousan rules to each variable). But is still 
 failing :(

 # tables
 table msn-rdr persist const file /etc/pf.conf.d/msn-rdr
 table msn-allow persist const file /etc/pf.conf.d/msn-allow

 # msn proxy
 rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
 port 1863 - $proxy
 rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
 port 25000:3 - $proxy

 # msn filter
 pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from
 msn-rdr to $proxy port 1863
 block out quick on ! $inet_iface inet proto tcp from ! msn-allow
 to any port 1863

 In the msn-rdr table are IP of the hosts that should be redirected to 
 the proxy, and in the msn-allow are the IP of the hosts that should be 
 allowed to connect directly with the MSN over the internet (including 
 the host $proxy). The $proxy host is in a fourth interface named $dmz_iface.

 If i remove the quick statement of the block rule, anyone in any 
 interface can connect, and with the 'quick' statement, no one can =S.
 Also, back in february, when i just redirected everyone to the proxy, 
 the rdr rules used to work, but with this more selective rule, it's not 
 working at all.

 Tks in advance.
   
Hmm, i'm almost getting it. Switching

block *out* quick on ! $inet_iface inet proto tcp from ! msn-allow to any 
port 1863

to

block *in* quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 
1863

solved the problem partially. Now, the allowed host are being allowed 
and the others not, but the hosts that should be redirected are not 
being redirected and also cannot connect.

Re: smtpd: Aliases only work with for local alias aliases

[Jacek Masiulaniec]

On Mon, Apr 12, 2010 at 12:26:09PM +0200, Rene Maroufi wrote:
 Hello,
 
 In my smtpd.conf i have this:
 
 map aliases { source db /etc/mail/aliases.db }
 
 and:
 
 accept from all for local deliver to maildir
 
 If i send a mail to an alias smtpd rejected the mail. The Log says: 530
 Recipient rejected: postmas...@lofn.maroufi
 
 I tried something and finally this works:
 
 accept from all for local alias aliases deliver to maildir
 
 But the Manpage doesn't say something about for local alias aliases
 
 And a second error in the Manpage: The Manpage says:
 
  map map { [type maptype] source mapsource }
 
 And the maptype must be db. But if i write:
 
 map aliases { type db source /etc/mail/aliases.db }
 
 Than smtpd -n says its an syntax error.
 
 Actually map only works without maptype and aliases works only with a
 alias mapname statement in the accept rule. Thats different from the
 manpage.

Both fixed in -current.

 
 Cheers
 Reni
 -- 
 Reni Maroufi
 i...@maroufi.net

Re: TRIM support?

[Daniel Barowy]

On Tue, 20 Apr 2010, Ted Unangst wrote:


It's not about writing too often, it's about the performance hit doing
a read/modify/write when there's no free blocks.  Like the 4k sector
problem, but potentially even worse.

On the other hand, it depends on how much writing your server will do
in service.  If you aren't writing large files, you won't notice much
difference, and the benefit of ultra fast random access is more than
worth it.




Right now, the machines I am working on are mail gateways.  They'll need 
to do frequent small writes as mail is shuffled between various queues. As 
long as we keep up with incoming mail, we're fine-- this is less of an 
issue now that spamd turns away most connections before they submit any 
data for processing.


We were looking for a general answer, though, since the same strategy is 
used to deploy machines for other purposes (databases, web servers, 
routers, etc), although any application that requires lots of storage will 
probably get a big disk (or more likely, NFS to a big disk) specifically 
for that purpose.


Thanks for the answers, everyone.  I have some good ideas to look into.

Dan

Re: reply-to/return-path mail/smtpd question

[Jacek Masiulaniec]

On Mon, Mar 22, 2010 at 06:05:37PM +0100, Didier Wiroth wrote:
 Hello,
 (I'm using current with smtpd.)
 I'm sending mail reports to a mail address which is defined in the
 alias file like this:
 didier: dwir...@company.com
 
 My smtpd.conf is:
 listen on lo0
 map aliases { source db /etc/mail/aliases.db }
 accept for local deliver to mbox
 accept for all relay via mail.company.com
 
 When I get the mail, the return-path header field is:
 did...@originating.mail.host
 
 Is it possible to AUTOMATICALLY change the default behavior of the
 mail command or from smtpd, so that the return-path is an
 existing/other mail address ?
 for example:
 return-path: dwir...@company.com

This is task for the MUA, not MTA.

$ mail didier -f dwir...@company.com  report.txt

Re: can't do suitable block in firewall

[Leonardo Carneiro - Veltrac]

Leonardo Carneiro - Veltrac wrote:
 Leonardo Carneiro - Veltrac wrote:
   
 Hi Shane, Heya and others. I tried a new setup, using tables (look more 
 eficient than using a thousan rules to each variable). But is still 
 failing :(

 # tables
 table msn-rdr persist const file /etc/pf.conf.d/msn-rdr
 table msn-allow persist const file /etc/pf.conf.d/msn-allow

 # msn proxy
 rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
 port 1863 - $proxy
 rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any
 port 25000:3 - $proxy

 # msn filter
 pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from
 msn-rdr to $proxy port 1863
 block out quick on ! $inet_iface inet proto tcp from ! msn-allow
 to any port 1863

 In the msn-rdr table are IP of the hosts that should be redirected to 
 the proxy, and in the msn-allow are the IP of the hosts that should be 
 allowed to connect directly with the MSN over the internet (including 
 the host $proxy). The $proxy host is in a fourth interface named $dmz_iface.

 If i remove the quick statement of the block rule, anyone in any 
 interface can connect, and with the 'quick' statement, no one can =S.
 Also, back in february, when i just redirected everyone to the proxy, 
 the rdr rules used to work, but with this more selective rule, it's not 
 working at all.

 Tks in advance.
   
 
 Hmm, i'm almost getting it. Switching

 block *out* quick on ! $inet_iface inet proto tcp from ! msn-allow to any 
 port 1863

 to

 block *in* quick on ! $inet_iface inet proto tcp from ! msn-allow to any 
 port 1863

 solved the problem partially. Now, the allowed host are being allowed 
 and the others not, but the hosts that should be redirected are not 
 being redirected and also cannot connect.
   
I'm well aware that nat occurs before the filtering, but what about 
redirections that does not involve nat?

Бюджетирование и управленческий учет.

[Ольга Скиданова]

**
*
*  PP PPPPP'PP!PPP  PPPPPP+  PP.PPPPPP PPPPPP/  P
P#PP PPPPPP'PP!PPPP  P#P'PPP.
*
**

PP0 Q
P5PP8P=P0Q P?QP8P3P;P0QP0QQQ
Q: QQP:PP2PP4P8QP5P;P8
P:PPP?P0P=P8P9, QP8P=P0P=Q
PP2QP5 P4P8QP5P:QPQP0 P8
Q
PQQQP4P=P8P:P8 QP8P=P0P=Q
PP2P-Q
P:PP=PPP8QP5Q
P:P8Q Q
P;QP6P1.

PP0QQ P?QPP2P5P4P5P=P8Q: 26-27 P0P?QP5P;Q
P P5P3P8Q
QQP0QP8Q P8 P8P=QPQPP0QP8Q: 8(495)411-94-31

**

P PP PPP PPPP:

1. PP0P: P?QP0P2P8P;QP=P Q
QP8QP0QQ P4P5P=QP3P8. PP0P:
PQP3P0P=P8P7PP2P0QQ QQP5Q P2 P:PPP?P0P=P8P8
   - PQPQP5Q
Q
 QPQPP8QPP2P0P=P8Q QP?QP0P2P;P5P=QP5Q
P:PP9
P8P=QPQPP0QP8P8.
   - P-P;P5PP5P=QQ B+P:PP=Q
QQQP:QPQP0B;
QP?QP0P2P;P5P=QP5Q
P:PP9 PQQP5QP=PQ
QP8.
   - PP8QP0PP8P4P0 P:PP=QQPP;Q.
   - PP7P0P8PPQ
P2QP7Q PP5P6P4Q QP?QP0P2P;P5P=QP5Q
P:PP9 P8
P1QQP3P0P;QP5QQ
P:PP9 PQQP5QP=PQ
QQQ.

2. PQ
P=PP2P=QP5 QP8P=P0P=Q
PP2QP5 P4PP:QPP5P=QQ.
P#P?QP0P2P;P5P=QP5Q
P:P8P5 QPQPQ PQQP5QPP2
   - PQQP5Q P P?QP8P1QP;P8. PP0P;P0P=Q
.
   - PQQP5Q P P4P2P8P6P5P=P8P8 P4P5P=P5P6P=QQ Q
QP5P4Q
QP2.
   - PP4P0P?QP0QP8Q P4P;Q QP5QP5P=P8Q QP?QP0P2P;P5P=QP5Q
P:P8Q
P7P0P4P0Q.
   - PQP8PP5QQ QP0P1PQP8Q QPQP PQQP5QP=PQ
QP8
QPQ
Q
P8P9Q
P:P8Q P:PPP?P0P=P8P9.

3. B+PP4P5 P4P5P=QP3P8?B;. PQP2P5Q P=P0 P3P;P0P2P=QP9 P2PP?QPQ

QQP:PP2PP4P8QP5P;Q
   - PQP8P1QP;Q P5Q
QQ, P0 P4P5P=P5P3 P=P5Q. PP4P5 PP=P8?
   - PP0P3P;QP4P=QP5 QPQPQ P4P;Q P?PP=P8PP0P=P8Q
P8Q
QPQP=P8P:PP2 P4P5P=P5P6P=QQ Q
QP5P4Q
QP2 P8 P=P0P?QP0P2P;P5P=P8Q
P8Q P8Q
P?PP;QP7PP2P0P=P8Q.
   - PQQ
P;P5P6P8P2P0P=P8P5 QP8P=P0P=Q
PP2QQ P?PQPP:PP2
PP5P6P4Q QP0P7P=QPP8 P2P8P4P0PP8 P4P5QQP5P;QP=PQ
QP8.

4. P#QP5Q P8 QP?QP0P2P;P5P=P8P5 PQP4P5P;QP=QPP8 Q
QP0QQQPP8
PP1PQPQP=PP3P P:P0P?P8QP0P;P0
   - P!PQ
QP0P2P;QQQP8P5 PP1PQPQP=PP3P P:P0P?P8QP0P;P0.
   - PPP3P8P:P0 P:5QQP5Q
P:PP3P QP8P:P;P0.
   - P#QP5Q P8 QP?QP0P2P;P5P=P8P5 Q
QP0QQQPP8
PP1PQPQP=PP3P P:P0P?P8QP0P;P0.
   - P#P4PP1P=QP5 QPQPQ P4P;Q QQP5QP0 P8 P0P=P0P;P8P7P0.
   - PPP=QQPP;QP=QP5 QPQP:P8 P?QPP2P5QP:P8
PQQP5QP=PQ
QP8.

5. P P5P=QP0P1P5P;QP=PQ
QQ, PP1PQP0QP8P2P0P5PPQ
QQ,
P?QPP8P7P2PP4P8QP5P;QP=PQ
QQ, P;P8P:P2P8P4P=PQ
QQ, QP3QPP7P0
P1P0P=P:QPQQ
QP2P0. PP0 QP5P Q
P;P5P4P8QQ P8 P:P0P: P2 Q
QPP P=P5
P?PQP5QQQQQ
Q
   - PQ
P=PP2P=QP5 P3QQP?P?Q P:PQ
QQP8QP8P5P=QPP2
(QP5P=QP0P1P5P;QP=PQ
QQ, PP1PQP0QP8P2P0P5PPQ
QQ,
P;P8P:P2P8P4P=PQ
QQ, QP3QPP7P0 P1P0P=P:QPQQ
QP2P0). PPP3P8P:P0
P8Q P?PQ
QQPP5P=P8Q.
   - B+PQP0P2P8P;QP=QP5B; QPQPQP;Q. P! QP5P
Q
QP0P2P=P8P2P0QQ P?PP:P0P7P0QP5P;P8.
   - PPQPP8QPP2P0P=P8P5 P?PP:P0P7P0QP5P;P5P9.

6. PP=P0P;P8P7 P2QP3PP4P=PQ
QP8 P0Q
Q
PQQP8PP5P=QP0 P8 P2P8P4PP2
P4P5QQP5P;QP=PQ
QP8
   - PP0QP6P8P=P0P;QP=QP9 P0P=P0P;P8P7 P0Q
Q
PQQP8PP5P=QP0 P8
P2P8P4PP2 P4P5QQP5P;QP=PQ
QP8.
   - PQP5P=P:P0 QP5P0P;QP=PP9 Q
P:PP=PPP8QP5Q
P:PP9
Q
QQP5P:QP8P2P=PQ
QP8.
   - PP4P5 PQ P7P0QP0P1P0QQP2P0P5P, P0 P3P4P5 QP5QQP5P.
   - PP0P:QQP2P0QQ P8P;P8 P=P5 P7P0P:QQP2P0QQ
P=P0P?QP0P2P;P5P=P8P5 P2 Q
P;QQP0P5 PQQP8QP0QP5P;QP=PP3P
QP5P7QP;QQP0QP0.

7. PPP=QQPP;Q P=P0P4 P7P0QQP0QP0PP8. PPQP:P0
P1P5P7QP1QQPQP=PQ
QP8. PP5QQ P?P Q
P=P8P6P5P=P8Q P7P0QQP0Q
   - PP=P0P;P8P7 P8 P?QP8P=QP8P?Q QP0P7P4P5P;P5P=P8Q P7P0QQP0Q.
   - PQP5P=P:P0 QPQP:P8 P1P5P7QP1QQPQP=PQ
QP8.
   - PQP3P0P=P8P7P0QP8Q P:PP=QQPP;Q P=P0P4 P7P0QQP0QP0PP8.
   - PQP8PP5QQ P?QPP3QP0PP P?P Q
P=P8P6P5P=P8Q P7P0QQP0Q.

8. P!P8Q
QP5PP0 QP8P=P0P=Q
PP2PP3P P?P;P0P=P8QPP2P0P=P8Q -
P1QP4P6P5QP8QPP2P0P=P8Q
   - PP0P4P0QP8 P8 P=P0P7P=P0QP5P=P8P5 Q
P8Q
QP5PQ
QP8P=P0P=Q
PP2PP3P P?P;P0P=P8QPP2P0P=P8Q.
   - PPQP8P7PP=QQ P?P;P0P=P8QPP2P0P=P8Q.
   - PQ
P=PP2P=QP5 Q
QP0P?Q QP8P:P;P0 P?P;P0P=P8QPP2P0P=P8Q.
   - P#Q
P;PP2P8Q P2QP?PP;P=P8PPQ
QP8 P?P;P0P=P0 P8 PP5QQ P?P
QQ
QQP0P=P5P=P8Q P4P5QP8QP8QP0 P1QP4P6P5QP0.
   - PQP8PP5QQ QP5P0P;P8P7P0QP8P8.

9. PP?P5QP0QP8P2P=PP5 P?P;P0P=P8QPP2P0P=P8P5 P4P5P=P5P6P=QQ
Q
QP5P4Q
QP2
   - PQP0P:QP8QP5Q
P:P0Q QP5QP=PP;PP3P8Q P?PQ
QP0P=PP2P:P8
Q
P8Q
QP5PQ P?P;P0P=P8QPP2P0P=P8Q P4P2P8P6P5P=P8Q P4P5P=P5P6P=QQ
Q
QP5P4Q
QP2.
   - PQP3P0P=P8P7P0QP8PP=P=QP5 5P=QQ.
   - P$PQPP8QPP2P0P=P8P5 P=P0P1PQP0 P1QP4P6P5QPP2 P8
PQP2P5QQ
QP2P5P=P=QQ P7P0 P2QP?PP;P=P5P=P8P5.
   - PQP4P6P5QP=QP9 QP5P3P;P0PP5P=Q, QP0Q
P?QP5P4P5P;P5P=P8P5
QQP=P:QP8P9, P?PQQP4PP: P2P7P0P8PPP4P5P9Q
QP2P8Q.
   - PQP3P0P=P8P7P0QP8Q QP?QP0P2P;P5P=P8Q P1QP4P6P5QP0PP8.

10. PPPP?P;P5P:Q
P=PP5 

Re: TRIM support?

[Marco Peereboom]

On Tue, Apr 20, 2010 at 03:01:58PM -0500, Marco Peereboom wrote:
 On Tue, Apr 20, 2010 at 03:48:23PM -0400, Ted Unangst wrote:
  On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote:
   And no, TRIM isn't supported.
  
   The problem is that we're copying the entire disk, so, as far as the disk
   (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as
   used even if they're empty.  If I understand correctly, how the
   controller handles block reallocation in this scenario depends how it is
  
   You are.  The whole not write so often is really really really
   uninteresting.
  
  It's not about writing too often, it's about the performance hit doing
  a read/modify/write when there's no free blocks.  Like the 4k sector
  problem, but potentially even worse.
  
  On the other hand, it depends on how much writing your server will do
  in service.  If you aren't writing large files, you won't notice much
  difference, and the benefit of ultra fast random access is more than
  worth it.
 
 I am 100% unconvinced.

I *was* 100% unconvinced.  I am much better educated now.  Yes this
could be neat :-)

You have one new message from Public Bank Berhad

[Public Bank Berhad]

Dear Public Bank Berhad Customer,

You have 1 unread Message!

Click here to resolve the problem

Thank You.
* Please do not reply to this email, as your reply will not be received.
This is an
automatic notification of new security messages.

Sincerely,
Public Bank Berhad Security Department Team.

weird maildirmake problem

[Ozgur Kazancci]

Hi,

I've a strange problem;

I installed an OpenBSD mail server last day with Postfix, Courier-Imap..etc

Everything was working fine, until i wanted to re-create an e-mail account.

Now, when i'm trying to make user's directory,
(as root) /usr/local/bin/maildirmake -q 1000S /var/vmail/domain.com/user

Maildirmake does not response the command. It just waits for forever,
cursor waits, no output (just like when you simply run 'cat' without pointing 
to a file)
till i interrupt with CTRL+C.

I thought its maybe because of the permissions,
But neither chown -R vmail:vmail /var/vmail did not solve that.

details:

OpenBSD 4.6-stable

#which maildirmake
/usr/local/bin/maildirmake

# ls -al /usr/local/bin/maildirmake
-r-xr-xr-x  1 root  bin  30504 Jul  2  2009 /usr/local/bin/maildirmake

i've created a ktrace.out file with ktrace -p $maildirmakepid while maildirmake 
was waiting,
kdump'd the ktrace.out file, got such messages:

14969 maildirmake NAMI  
/var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com
14969 maildirmake RET   stat -1 errno 2 No such file or directory
14969 maildirmake CALL  open(0x80b30600,0x20e,0x1a4)
14969 maildirmake NAMI  
/var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com
4969 maildirmake RET   open -1 errno 2 No such file or directory
...

Of course, there is no such 'domain.com' or 'domain.com/user' directory in 
/var/vmail.

maildirmake creates them, just like how it did last day.

Same command, same permissions, same path, not working.

Any idea?

Thanks.

Re: Source Overview

[Daniel Ouellet]

Please read as this is your challenge back should you actually step up 
to it with the usual line shut up and hack type of answer.


This tread now spread on tech@ too and include may be 3 or 4 treads all 
referring to todo lists, janitor and all.


I don't find it interesting anymore and plenty of answers were provided, 
but again nothing is done about it so in the same spirit of the well 
knows shut up and hack, I decided to show again how useless this might 
be and I would be more then happy to be proven wrong big time. I will 
even pay the beer if I am proven wrong for good.


Now to close this for good and to show as many time in the pass that it 
will not go anyway, I setup yet one more users maintain lists here:


http://todo.openbsdsupport.org/

or here if you prefer:

http://openbsdsupport.org/todo/

same place anyway, but the URL is obvious I guess in the first one.

There is nothing there and I challenge anyone that complain in the last 
week or so about not having a list and that it would be useful and allow 
great things to happened to do it.


I WILL PROVIDE AN ACCOUNT to anyone that is actualy serious in doing 
this list and that will take it on. Collect all the variosu todo lists, 
make it clean and real here, not with funny pictures, design, and all. 
Just the list. It could be even as simple as a simple list of URL to 
places that have todo already. I don't think it will go anyway, but in 
the same spirit of showing the true color of winners, I raise yet again 
this variation on the same idea and same challenge as before.


I have that domain as far back as 2004 following yet an other endless 
discussion about documentations/howto and all.


Yes, I got minimal amount of contributions to it after all was setup but 
the wining stop. Just no progress however. I do have very minimal 
contribution in my inbox that I haven't been able to update yet as for 
lack of time on my part, but at the same time I sure do not get a 
regular flow of updates either in the 6+ years it exists.


I know it will not go anywhere, but that's not the developers jog to 
make these lists that no one look at anyway, but many have done so.


Also, I want to make it VERY CLEAR that this have nothing to do with the 
project what so ever. It's not endorse or supported by the project what 
so ever and it not associated with it in any shape or form. If you have 
a problem with that, take it with me, not the project. Theo knows about 
it, he told me log ago that was a waste of time and useless things to do 
and he was 100% right! But it still exists to stop the wining if nothing 
else as looks like we have more noise on the list always as time pass.


So, may be if the only contribution this does is to reduce it, then so 
be it and just that is worth my time.


Now, take the challenge on and show that everyone was wrong by doing 
your part.


Contact me off list if you are serious and will do the list and i will 
give you access as long as you are not abusing of it.


Hopefully this will close the subject and if anything good come out of 
it then great.


Let see where it goes from here. The ball is in your camp now. You want 
a list, then make it so.


Best,

Daniel

Re: 4.7 and AR5007

[Noah Pugsley]

Corey Bukolt wrote:

Yes, please recompile a kernel after changing the value of athn_debug
in /usr/src/sys/dev/ic/athn.c to 10:
int athn_debug = 0;
-
int athn_debug = 10;



Then reboot and send me the dmesg.
The AR9285 works for several people so it is very likely a difference
in chip or EEPROM revision that triggers different code paths.



Damien




Here is mine. Source was updated from cvs prior to compiling. Thanks.


OpenBSD 4.7-current (GENERIC) #0: Tue Apr 20 08:20:05 PDT 2010
r...@sw1.example.com:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) Processor L110 (AuthenticAMD 686-class, 512KB L2 
cache) 1.20 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16

real mem  = 1877372928 (1790MB)
avail mem = 1810014208 (1726MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 06/18/09, BIOS32 rev. 0 @ 0xfd9a0, 
SMBIOS rev. 2.4 @ 0xf10d0 (17 entries)

bios0: vendor Phoenix Technologies LTD version v1.3201 date 06/18/2009
bios0: Gateway LT31
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC MCFG HPET BOOT SLIC
acpi0: wakeup devices PB5_(S5) OHC1(S3) OHC2(S3) EHCI(S3) HDAU(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 21, 24 pins
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PB3_)
acpiprt2 at acpi0: bus -1 (PB4_)
acpiprt3 at acpi0: bus 3 (PB5_)
acpiprt4 at acpi0: bus 4 (PB6_)
acpiprt5 at acpi0: bus -1 (PB7_)
acpiprt6 at acpi0: bus 9 (P2P_)
acpiprt7 at acpi0: bus 1 (AGP_)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 100 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model UM09B7C serial 2545 type LION oem SIMPLO
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: PWRB
acpivideo0 at acpi0: VGA_
acpivout0 at acpivideo0: LCD_
acpivout1 at acpivideo0: CRT1
acpivout2 at acpivideo0: TV__
acpivout3 at acpivideo0: DFP1
bios0: ROM list: 0xc/0xd800 0xd/0x1c00! 0xd4000/0x1000
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 ATI RS690 Host rev 0x00
ppb0 at pci0 dev 1 function 0 ATI RS690 PCIE rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 ATI Radeon X1250 IGP rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 5 function 0 ATI RS690 PCIE rev 0x00
pci2 at ppb1 bus 3
re0 at pci2 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102EL 
(0x2480), apic 1 int 17 (irq 5), address 00:23:8b:f1:4b:f3

rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb2 at pci0 dev 6 function 0 ATI RS690 PCIE rev 0x00
pci3 at ppb2 bus 4
athn0 at pci3 dev 0 function 0 Atheros AR9285 rev 0x01: apic 1 int 18 
(irq 11)Tx gain type=0x0

, address 00:26:5e:29:29:5b
Found RF switch connected to GPIO pin 0
128 key cache entries
using closed loop power control
txchainmask=0x1 rxchainmask=0x1
athn0: AR9285 rev 2 (1T1R), ROM rev 13
ahci0 at pci0 dev 18 function 0 ATI SB600 SATA rev 0x00: apic 1 int 22 
(irq 11), AHCI 1.1

scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: ATA, TOSHIBA MK2555GS, FG00 SCSI3 
0/direct fixed

sd0: 238475MB, 512 bytes/sec, 488397168 sec total
ohci0 at pci0 dev 19 function 0 ATI SB600 USB rev 0x00: apic 1 int 16 
(irq 10), version 1.0, legacy support
ohci1 at pci0 dev 19 function 1 ATI SB600 USB rev 0x00: apic 1 int 17 
(irq 5), version 1.0, legacy support
ohci2 at pci0 dev 19 function 3 ATI SB600 USB rev 0x00: apic 1 int 17 
(irq 5), version 1.0, legacy support
ohci3 at pci0 dev 19 function 4 ATI SB600 USB rev 0x00: apic 1 int 18 
(irq 11), version 1.0, legacy support
ehci0 at pci0 dev 19 function 5 ATI SB600 USB2 rev 0x00: apic 1 int 19 
(irq 11)

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x14: SMI
iic0 at piixpm0
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
pciide0 at pci0 dev 20 function 1 ATI SB600 IDE rev 0x00: DMA, channel 
0 configured to compatibility, channel 1 configured to compatibility
azalia0 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 1 
int 16 (irq 10)

azalia0: codecs: Realtek ALC272
audio0 at azalia0
pcib0 at pci0 dev 20 function 3 ATI SB600 ISA rev 0x00
ppb3 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci4 at ppb3 bus 9
pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00: core 
rev DH-G2

usb1 at ohci0: USB revision 1.0
uhub1 at usb1 ATI OHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 ATI OHCI root hub rev 

Re: Radius Auth and Insecurity Outputs

[Nicholas Marriott]

Yeah I agree, I think we should pick something sensible and document it
in security(8).

Most people use * for disabled, how about something like *nocheck?


On Tue, Apr 20, 2010 at 09:39:43AM -0400, Ted Unangst wrote:
 On Tue, Apr 20, 2010 at 7:04 AM, Alexander Hall ha...@openbsd.org wrote:
  Set the encrypted password to *
 
 
  Thank you Stuart for not recommending hacking away on /etc/security but
  instad provide the correct answer. :-)
 
  And while the awk-literate audience might have noticed that any
  13-character string would suffice, I'd say * is indeed the
  most prevalent form thereof.
 
 Blech.  Talk about hacks, counting out 13 stars?  We already have
 special handling for skey, which I guess demonstrates it's used a fair
 bit more than radius, but I'd like to get a quorum of developers to
 agree on something better.  All * looks to me like extra disabled.
 
 For the OP, might I suggest radiusenabled for a bit of clarity?

Re: can't do suitable block in firewall

[Stuart Henderson]

On 2010-04-20, Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br wrote:
   
 I'm well aware that nat occurs before the filtering, but what about 
 redirections that does not involve nat?

translation = NAT = Network Address Translation = nat and rdr and binat rules.

 Since translation occurs before filtering, the filter engine will see
 packets as they look after any addresses and ports have been translated.
 Filter rules will therefore have to filter based on the translated ad-
 dress and port number.  Packets that match a translation rule are only
 automatically passed if the pass modifier is given, otherwise they are
 still subject to block and pass rules.
...
 Evaluation order of the translation rules is dependent on the type of the
 translation rules and the direction of a packet.  binat rules are always
 evaluated first.  Then either the rdr rules are evaluated on an inbound
 packet or the nat rules on an outbound packet.  Rules of the same type
 are evaluated in the same order in which they appear in the ruleset.  The
 first matching rule decides what action is taken.

Re: TRIM support?

[David Gwynne]

On 21/04/2010, at 3:58 AM, Daniel Barowy wrote:

 Hello,

  Anyone know the status/plans of TRIM support in OpenBSD?  I poked around a
bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really know
what I'm looking for).

the status of TRIM support is that there is none.

i have no plans currently, though that could change if i ever get gear that
would make good use of it. tweaking the scsi and atascsi layers to support
unmap and trim is simple, but making the block and fs layers make use of it
would be interesting.

dlg

Diplomados 2010 Cisco, Linux, Oracle, Windows Server 2008

[Centro de Estudios a Distancia]

Title:::@Distance::
 Si no puede ver este anuncio, haga click aqum 
 ::Centro de Estudios @Distance::
  
 Para mayor informacisn, llene sus datos haciendo click aqum
  
 
 Si desea anunciarse con nosotros, contactenos a los telifonos:
(502) 2361-7900 / (502) 2377-1272  Fax:  (502) 2331-6749
 Registre gratuitamente a un amigo, o actualice sus datos a cambio de futuros 
incentivos.
 Si no desea recibir mas promociones o informacisn, remuivase aqum.
 Emarketing - Paginas Web - Presentaciones Interactivas
  

Re: TRIM support?

[Bryan]

On Tue, Apr 20, 2010 at 19:51, David Gwynne l...@animata.net wrote:
 On 21/04/2010, at 3:58 AM, Daniel Barowy wrote:

 Hello,

 B Anyone know the status/plans of TRIM support in OpenBSD? B I poked around
a
 bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really
know
 what I'm looking for).

 the status of TRIM support is that there is none.

 i have no plans currently, though that could change if i ever get gear that
 would make good use of it. tweaking the scsi and atascsi layers to support
 unmap and trim is simple, but making the block and fs layers make use of it
 would be interesting.

 dlg



looks like the new version of clonezilla supports OpenBSD...

Re: Source Overview

[Artur Grabowski]

On Tue, Apr 20, 2010 at 9:41 PM, Chris Bennett
ch...@bennettconstruction.biz wrote:

 Looking at this and Peters message, I think there may be an answer much
 simpler than a TODO list, which I think will never work out. If developers
 wanted a TODO list, we would already have one.

We do. Multiple. Mine's not very up to date, but there are some
interesting starting points there. I know there are others.

//art