Re: OpenBSD culture?
Of course this is all useless to the O.P. because you didn't include a link to a HOWTO. On Mon, 19 Apr 2010 14:04 +0200, Raimo Niskanen raimo+open...@erix.ericsson.se wrote: On Mon, Apr 19, 2010 at 06:59:25PM +0800, shweg...@gmail.com wrote: On Mon, 19 Apr 2010, Raimo Niskanen wrote: On Sat, Apr 17, 2010 at 08:48:26AM +0800, shweg...@gmail.com wrote: On Fri, 16 Apr 2010, J Sisson wrote: On Fri, Apr 16, 2010 at 11:28 AM, trustlevel-...@yahoo.co.uk wrote: You can actually have MANY more than 4 OS on one drive, but it does get rather complicated and not worth the effort which certainly wouldn't help here. The point was that OpenBSD requires a primary partition. Does it? This is my setup: Interesting... What MBR do you have that can select to boot from one of two bootable partitions? Or do you use the Windows bootloader to boot OpenBSD? Or is it GRUB at 7138/0/1? I would be interested in some more details... Of course I boot using the Vista bootloader and easybcd to edit the configuration, which saves a lot of headache. The important thing is it can be done. :) Very nice! It was not Of course to me since I vagely recall some BSD's MBR could boot from extended partitions so that could have been how you did it, but have heard stories about Windows restoring MBRs it does not recognize. And you might have used Grub in some interesting way... But yes, EacyBSD and Vista bootloader was my first guess, and now it is confirmed. Again, very nice and thank you for sharing! ~ $ fdisk sd0 Disk: sd0 geometry: 32301/240/63 [488397168 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- *0: 07 0 32 33 -203 74 26 [2048: 3072000 ] NTFS 1: 07203 74 27 - 7137 239 63 [ 3074048: 104852512 ] NTFS 2: 07 30946 178 19 - 32301 57 41 [ 467914752:2048 ] NTFS *3: 05 7138 0 1 - 30945 239 63 [ 107926560: 359976960 ] Extended DOS Offset: 107926560 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: A6 7138 1 1 - 14072 239 63 [ 107926623: 104857137 ] OpenBSD 1: 05 14073 0 1 - 16153 239 63 [ 212783760:31464720 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 212783760 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 83 14073 1 1 - 16153 239 63 [ 212783823:31464657 ] Linux files* 1: 05 16154 0 1 - 16430 239 63 [ 244248480: 4188240 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 244248480 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 82 16154 1 1 - 16430 239 63 [ 244248543: 4188177 ] Linux swap 1: 05 16431 0 1 - 30945 239 63 [ 248436720: 219466800 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 248436720 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 83 16431 1 1 - 30945 239 63 [ 248436783: 219466737 ] Linux files* 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused -- / Raimo Niskanen, Erlang/OTP, Ericsson AB -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: Radius Auth and Insecurity Outputs
On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote: Hello all, I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are using RADIUS authentication. When I install the OS, I create a local user with local authentication. After the box's network config is all done, I then change the login class of the user to so I can use RADIUS, by modifying /etc/master.passwd with `vipw', so it looks like this: (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh The problem then occurs when /etc/security runs, as it gives the following output: Checking the /etc/master.passwd file: Login (removed) is off but still has a valid shell and alternate access files in home directory are still readable. This login is being used successfully with RADIUS, all is working as expected, I just want to get rid of this error. Any input? Set the encrypted password to *
pf statistics via SNMP MIBs on 4.6 (or 4.7)
Hi list, the most recent MIBs for OpenBSD is for 4.4 (OpenBSD 4.4: obsd-mibs44.tar), which can be downloaded from well-known http://www.packetmischief.ca/openbsd/snmp/ However, I seem to have problems getting it running on a OpenBSD 4.6 based relayd setup (dmesg below). It builds okay from the ports, installs, but snmpwalk won't find the OIDs documented. Has anyone running SNMP MIBs from this source on a system OpenBSD 4.4+? Thanks sorry for my bad english, Donald dmesg: OpenBSD 4.6 (GENERIC) #58: Thu Jul 9 21:24:42 MDT 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 250335232 (238MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:15:98:cc ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:15:98:cd ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 00:0d:b9:15:98:ce ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 0, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TRANSCEND wd0: 1-sector PIO, LBA, 1911MB, 3915072 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask e3ef netmask ffef ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum softraid0 at root root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout -- GRATIS f|r alle GMX-Mitglieder: Die maxdome Movie-FLAT! Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01
Re: Source Overview
On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowski a...@blahonga.org wrote: On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: I also know he (as every developer) is busy with more important things, so publishing these small tasks would also give the developers more time to focus on the big/important issues. There are a bunch of assumptions here that are wrong. Small tasks are the most fun to do because they satisfy the instant gratification needs all of us have. I won't give you my list of the fun and easy stuff, I want to keep it to myself. The lists that are published will contain dull, heavy and not very important tasks. The kind that gets you burned out the quickest. Also, todo lists have been published in the past leading to either no reaction whatsoever or a bunch of people offering help and vampiring the energy from whoever published the list without leading to any code committed. It's easy to become slightly bitter about the whole thing after spending hundreds of hours helping people who then don't follow through when they realize that it actually requires work. //art Well said Art! Additionally, some of the most dull and heavy tasks are not coding, but instead, they are testing code/patches. There is no joy of coding involved, and little gratification when at the end of your efforts all you can say is, It worked fine on X. The closest thing to excitement you'll get is *if* you can find a bug. Does anyone really rely on a 486 with an ISA bus? What about a vax or similar esoteric system? Let alone use one regularly? Do these ancient and odd systems really matter? Having code run on multiple archs and lots of different hardware is a well proven way to find important bugs. The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but this dull and heavy work is somehow below most people who just talk about wanting to become developers and are looking for shortcuts to becoming one. Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code. jcr -- The OpenBSD Journal - http://www.undeadly.org
Još samo 7 dana za spremanje uz popust i poklon!
ProleDno spremanje - još 7 dana sa popustom! Odaberite bilo koja 2 ili više proizvoda iz ponude ProleDno spremanje i osvojite 10% POPUSTA i POKLON Mini kuhinjsku vagu! PoEurite, napravite svoj paket još danas i oD istite svoj dom uz minimum napora i za upola kraDe vreme! Neki od proizvoda iz ponude za veliko spremanje Omni Floor Polisher Space Bag Cube Shamwow - magiD ne krpe Omni Floor Polisher Space Bag Cube Shamwow ProleDno spremanje Kliknite ovde i napravite svoj paket odmah! ProleDno spremanje Ovu elektronsku poštu primate, ukoliko ste svojevoljno ostavili svoju e-mail adresu na nekom od sajtova Top Shop-a, uD estvovali u našoj poklon igri ili nagradnom kvizu ili se prijavili za e-D asopis Top Shop-a ili nekog od nasih brendova. Ponude date u ovom e-mailu vaEe iskljuD ivo za porudEbine upuDene putem Interneta ili broja telefona 021 489 26 60. Ukoliko ne Eelite više da primate naše elektronske poruke, za odjavljivanje sa naše e-mailing liste, kliknite ovde. Studio Moderna d.o.o., Bulevar vojvode Stepe 30, 21000 Novi Sad, Tel: 021 489 26 60, Fax: 021 489 29 08, E-mail: i...@news.top-shop.rs [IMAGE]If you would no longer like to receive our emails please unsubscribe by clicking here.
Re: Source Overview
I have a large public todo list for tmux (it is even distributed in the portable tarball), and I don't actually mind helping people, so long as they make some effort. Even so I get very very few contributions for todo list items, most stuff I get is from people who specifically want a feature or hit a bug. So I am a bit sceptical about the value of todo lists. People have suggested it would help if I added more detail or put them in a bug tracker or something, but who has time for that when nobody even emails to ask about what is there already? If there are small ideas from developers (or users) scattered over the mailing lists, there is nothing stopping someone else collecting them together and making a todo list... On Mon, Apr 19, 2010 at 03:02:17PM -0300, Christiano F. Haesbaert wrote: I know this has been discussed before, yet I call for your attention. This post seems like a genuine attempt on getting pointers on starting hacking in OpenBsd. I remember doing the same a while ago. How about having a very simple per-developer(or project) wish-list/todo-list ? I guess this would encourage people to code, usually the first step is the hardest after you code some stuff you can can usually walk by yourself. For example, Claudio once said that not needing a route for multicast addresses would be nice, but that's somewhere on the mailing lists archives so very few people are aware of that, having it explicit in a todo-list could speed things up IMHO. I also know he (as every developer) is busy with more important things, so publishing these small tasks would also give the developers more time to focus on the big/important issues. No, I'm not trolling, just an idea.
Re: usb modem ADU-500A
2010/4/20 zAJKOW dMITRIJ aLEKSANDROWI^ dmitri...@narod.ru: Hi. I'm not speek english. OpenBSD 4.6 i386. Not working modem ADU-500A (driver umsm). Send us the output of: usbdevs -dv cheers, david
Re: sudo - protected directory
On 04/20/10 00:37, Frank Bax wrote: The first example in 'man sudo' shows how to list files in a protected directory: sudo ls /usr/local/protected I am not sure how I would search the contents of files found in such a directory, for example: $ sudo ls -l /var/spool/mqueue/ total 8 -rw--- 1 root wheel 2031 Apr 17 02:54 dfo3H6qkaT024430 -rw--- 1 root wheel 936 Apr 19 18:22 qfo3H6qkaT024430 $ sudo grep . /var/spool/mqueue/ How do I get some output from this grep command? Hmmm, maybe from using it properly? ;-) For these cases I either use -r (as Nicholas already pointed out), or, if you want or need to use a glob for finding the files, wrap it up like: $ sudo sh -c 'grep . /var/spool/mqueue/*' /Alexander
Re: Source Overview
On Tue, 20 Apr 2010, J.C. Roberts wrote: The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, ... Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code... That's a very clean way of getting introduced step by step to both the code, the development tools, the development methods and acculturation to the community. /Lars
Stange Spamd behaviour
Hello folks, My spamd setup went mad one day and I cannot figure out what is the problem - could you please help? The problem is that it automatically whitelists all the incoming connections. I am running openbsd in bridge mode. bash-4.0# uname -a OpenBSD puffy.srv.pzi.ru 4.6 GENERIC.MP#89 i386 Part of pf.conf: #SPAM GRAYLISTING no rdr log proto tcp from whitelist to any port smtp no rdr log proto tcp from spamd-white to any port smtp no rdr log proto tcp from $int_dmz_mail to any port smtp rdr pass log on $ext_if proto tcp from any to any port smtp - 127.0.0.1 port spamd bash-4.0# sysctl -a |grep forwar net.inet.ip.forwarding=1 net.inet.ip.mforwarding=0 net.inet6.ip6.forwarding=0 net.inet6.ip6.mforwarding=0 bash-4.0# cat /etc/bridgename.bridge0 add xl0 add xl1 up bash-4.0# cat /etc/rc.conf |grep -i pf ospfd_flags=NO # for normal use: ospf6d_flags=NO # for normal use: pf=YES # Packet filter / NAT pf_rules=/etc/pf.conf # Packet filter rules file pflogd_flags= # add more flags, ie. -s 256 bash-4.0# cat /etc/rc.conf |grep -i spam #spamd_flags= # for normal use: and see spamd(8) spamd_flags=-vl 127.0.0.1 -n Postfix spamd_black= # set to YES to run spamd without greylisting spamlogd_flags= # use eg. -i interface and see spamlogd(8) even if I set spamd_black=YES it whitelist all the hosts... Could you please help me to find the source of the problem? Cheers, Matt
Re: Stange Spamd behaviour
On 04/20/10 12:34, Matthew Gladkikh wrote: Hello folks, My spamd setup went mad one day and I cannot figure out what is the problem - could you please help? The problem is that it automatically whitelists all the incoming connections. I am running openbsd in bridge mode. Check your spamlogd setup. Without further investigation, I'd bet that's what's causing this. /Alexander bash-4.0# uname -a OpenBSD puffy.srv.pzi.ru 4.6 GENERIC.MP#89 i386 Part of pf.conf: #SPAM GRAYLISTING no rdr log proto tcp from whitelist to any port smtp no rdr log proto tcp from spamd-white to any port smtp no rdr log proto tcp from $int_dmz_mail to any port smtp rdr pass log on $ext_if proto tcp from any to any port smtp - 127.0.0.1 port spamd bash-4.0# sysctl -a |grep forwar net.inet.ip.forwarding=1 net.inet.ip.mforwarding=0 net.inet6.ip6.forwarding=0 net.inet6.ip6.mforwarding=0 bash-4.0# cat /etc/bridgename.bridge0 add xl0 add xl1 up bash-4.0# cat /etc/rc.conf |grep -i pf ospfd_flags=NO # for normal use: ospf6d_flags=NO # for normal use: pf=YES # Packet filter / NAT pf_rules=/etc/pf.conf # Packet filter rules file pflogd_flags= # add more flags, ie. -s 256 bash-4.0# cat /etc/rc.conf |grep -i spam #spamd_flags= # for normal use: and see spamd(8) spamd_flags=-vl 127.0.0.1 -n Postfix spamd_black= # set to YES to run spamd without greylisting spamlogd_flags= # use eg. -i interface and see spamlogd(8) even if I set spamd_black=YES it whitelist all the hosts... Could you please help me to find the source of the problem? Cheers, Matt
[SOLVED] Re: Generic Discuss about CPU resource scheduling
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 First of All , Thanks to all your help ;-) All the replies are good , and enlightened me. Finally as i read more of the book , i found a good way to solve this problem. They use multiple queues , which has different CPU time for a slice. That's a good way as a statistics of running time. Shorter tasks will be available to execute , and finish earlier. - - | 7s CPU time per slice | // Queue 1 - - == if a process didn't finish , move it to next queue. - - | 14s per slice (maybe) | // Queue 2 - - ... And different queues owns different priority , of course. Thanks again for all of your experience ! - -- Best Regards, Aaron Lewis - PGP: 0x4A6D32A0 FingerPrint EA63 26B2 6C52 72EA A4A5 EB6B BDFE 35B0 4A6D 32A0 irc: A4r0n on freenode Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkvNikYACgkQvf41sEptMqDnVACguzyJFMSyurqW6RpQE3lay/g3 M2gAn1wOQ+pl0guyKQQD7lQe2SBCAq71 =lHeF -END PGP SIGNATURE-
Re: Radius Auth and Insecurity Outputs
On 04/20/10 08:37, Stuart Henderson wrote: On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote: Hello all, I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are using RADIUS authentication. When I install the OS, I create a local user with local authentication. After the box's network config is all done, I then change the login class of the user to so I can use RADIUS, by modifying /etc/master.passwd with `vipw', so it looks like this: (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh The problem then occurs when /etc/security runs, as it gives the following output: Checking the /etc/master.passwd file: Login (removed) is off but still has a valid shell and alternate access files in home directory are still readable. This login is being used successfully with RADIUS, all is working as expected, I just want to get rid of this error. Any input? Set the encrypted password to * Thank you Stuart for not recommending hacking away on /etc/security but instad provide the correct answer. :-) And while the awk-literate audience might have noticed that any 13-character string would suffice, I'd say * is indeed the most prevalent form thereof. /Alexander
Re: Radius Auth and Insecurity Outputs
On 2010/04/20 13:04, Alexander Hall wrote: On 04/20/10 08:37, Stuart Henderson wrote: On 2010-04-19, Andrew Klettke aklet...@opticfusion.net wrote: Hello all, I'm having a (cosmetic) problem with a couple of OpenBSD boxes that are using RADIUS authentication. When I install the OS, I create a local user with local authentication. After the box's network config is all done, I then change the login class of the user to so I can use RADIUS, by modifying /etc/master.passwd with `vipw', so it looks like this: (removed):*:1000:10:radius:0:0::/home/(removed):/bin/ksh The problem then occurs when /etc/security runs, as it gives the following output: Checking the /etc/master.passwd file: Login (removed) is off but still has a valid shell and alternate access files in home directory are still readable. This login is being used successfully with RADIUS, all is working as expected, I just want to get rid of this error. Any input? Set the encrypted password to * Thank you Stuart for not recommending hacking away on /etc/security but instad provide the correct answer. :-) And while the awk-literate audience might have noticed that any 13-character string would suffice, I'd say * is indeed the most prevalent form thereof. For the record I dislike this loophole, but since it's there (and there were various complaints when I tried removing it), may as well make use of it. :)
Re: Source Overview
On Tue, Apr 20, 2010 at 12:21:43AM -0700, J.C. Roberts wrote: On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowski a...@blahonga.org wrote: On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: I also know he (as every developer) is busy with more important things, so publishing these small tasks would also give the developers more time to focus on the big/important issues. There are a bunch of assumptions here that are wrong. Small tasks are the most fun to do because they satisfy the instant gratification needs all of us have. I won't give you my list of the fun and easy stuff, I want to keep it to myself. The lists that are published will contain dull, heavy and not very important tasks. The kind that gets you burned out the quickest. Also, todo lists have been published in the past leading to either no reaction whatsoever or a bunch of people offering help and vampiring the energy from whoever published the list without leading to any code committed. It's easy to become slightly bitter about the whole thing after spending hundreds of hours helping people who then don't follow through when they realize that it actually requires work. //art Well said Art! Additionally, some of the most dull and heavy tasks are not coding, but instead, they are testing code/patches. There is no joy of coding involved, and little gratification when at the end of your efforts all you can say is, It worked fine on X. The closest thing to excitement you'll get is *if* you can find a bug. Does anyone really rely on a 486 with an ISA bus? What about a vax or similar esoteric system? Let alone use one regularly? Do these ancient and odd systems really matter? Having code run on multiple archs and lots of different hardware is a well proven way to find important bugs. The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but this dull and heavy work is somehow below most people who just talk about wanting to become developers and are looking for shortcuts to becoming one. Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code. jcr -- The OpenBSD Journal - http://www.undeadly.org the non-sndio ports list I sent to ports@ recently (and which I have been doing for months now) is a todo list. even just looking at the listed ports as they are now, noting how well they currently work in an out of the box configuration on your machine, checking if there are upstream updates or if the homepage has moved or anything along those lines would be helpful. -- jake...@sdf.lonestar.org SDF Public Access UNIX System - http://sdf.lonestar.org
Re: can't do suitable block in firewall
Shane Lazarus wrote: Heya On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br wrote: My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz. What i'm trying to do is: 1. Allow some hosts to use MSN; 2. Redirect the MSN connections of some hosts from the LAN interfaces to a MSN proxy in the DMZ interface; 3. Block the rest. This is how i'm trying to achieve: # msn proxy redirect rdr on $lan1_iface proto tcp from $msn-redirect to any port 1863 - $proxy rdr on $lan1_iface proto tcp from $msn-redirect to any port 25000:3 - $proxy # msn filter pass out quick on $inet_iface inet proto tcp from $msn-redirect to $proxy port 1863 keep state pass out quick on $inet_iface inet proto tcp from $msn-allowed1 to any port 1863 keep state pass out quick on $inet_iface inet proto tcp from $msn-allowed2 to any port 1863 keep state pass out quick on $inet_iface inet proto tcp from $proxy to any port 1863 keep state block out on $inet_iface inet proto tcp from any to any port 1863 Is the reference to passing out the redirected traffic to the $proxy via the $inet_interface instead of the $dmz_interface correct, a typo or the issue? Shane Hi Shane. No, it's not a typo. It's a last second modification that i tried before send the email. Was 'any' before i replace with '$proxy'. However, like you well observed, it's wrong :( I'll try other rules today and i'll post then here. Tks for you concern.
Re: Source Overview
From: J.C. Roberts list-...@designtools.org The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but this dull and heavy work is somehow below most people who just talk about wanting to become developers and are looking for shortcuts to becoming one. Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code. You're not wrong, but that's a rather black and white way of looking at the world. When someone starts a new activity - whether that's coding for OpenBSD, baking cakes or similar, it's usually necessary to have a visible 'quick win' or at least sign of progress that encourages the person to carry on and try a little harder. Testing does not usually fit into that category - it is indeed 'dull and heavy' and usually something people expect to be paid for. I understand and mostly agree with the viewpoint that the best way is to download code, decide on what needs fixing and keep plugging at it until success is achieved. That's also fine if the OpenBSD community wants to perpetuate the type of people that code for it and the size of the community. If (and it is an if) the OpenBSD community wants more resource - both coding and testing, there probably needs to be a degree more flexibility. Or, in short, we need to not deter people straight away, and accept that perhaps sometimes decent programmers start from ones that make lots of mistakes. Perhaps a ports TODO similar to the NetBSD ports TODO might help; it doesn't require quite the same level of kernel or userspace hacking and provides very visible feedback and thanks once completed. Neither would I completely rule out a central TODO list linked off OpenBSD.org. Sure, it might well be ignored, but the possibility remains that someone might take up the task. NetBSD isn't doing too badly with Google's Summer of Code initiatives, either. It might not even be a bad idea to puff up new developers a bit : 'new developer Fred Bloggs decided to solve PR7738 squashing an annoying bug in the ipz(4) driver. John Smith is very grateful for this as it enabled him to use his new ServBladePro NZ20 server' With specific reference to the ISA 486, if there are specific test cases that can be run without taking up hours of interactive time, I have a suitable VLB/ISA 486 that could run them. It's not something I'm interested in using on a regular basis though - I've got other machines that are far easier to work with. PK
Re: Source Overview
On 04/20/10 06:38, Jacob Meuser wrote: On Tue, Apr 20, 2010 at 12:21:43AM -0700, J.C. Roberts wrote: On Tue, 20 Apr 2010 11:58:02 +0800 Artur Grabowskia...@blahonga.org wrote: On Tue, Apr 20, 2010 at 2:02 AM, Christiano F. Haesbaert haesba...@haesbaert.org wrote: I also know he (as every developer) is busy with more important things, so publishing these small tasks would also give the developers more time to focus on the big/important issues. There are a bunch of assumptions here that are wrong. Small tasks are the most fun to do because they satisfy the instant gratification needs all of us have. I won't give you my list of the fun and easy stuff, I want to keep it to myself. The lists that are published will contain dull, heavy and not very important tasks. The kind that gets you burned out the quickest. Also, todo lists have been published in the past leading to either no reaction whatsoever or a bunch of people offering help and vampiring the energy from whoever published the list without leading to any code committed. It's easy to become slightly bitter about the whole thing after spending hundreds of hours helping people who then don't follow through when they realize that it actually requires work. //art Well said Art! Additionally, some of the most dull and heavy tasks are not coding, but instead, they are testing code/patches. There is no joy of coding involved, and little gratification when at the end of your efforts all you can say is, It worked fine on X. The closest thing to excitement you'll get is *if* you can find a bug. Does anyone really rely on a 486 with an ISA bus? What about a vax or similar esoteric system? Let alone use one regularly? Do these ancient and odd systems really matter? Having code run on multiple archs and lots of different hardware is a well proven way to find important bugs. The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but this dull and heavy work is somehow below most people who just talk about wanting to become developers and are looking for shortcuts to becoming one. Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code. jcr -- The OpenBSD Journal - http://www.undeadly.org the non-sndio ports list I sent to ports@ recently (and which I have been doing for months now) is a todo list. even just looking at the listed ports as they are now, noting how well they currently work in an out of the box configuration on your machine, checking if there are upstream updates or if the homepage has moved or anything along those lines would be helpful. Looking at this and Peters message, I think there may be an answer much simpler than a TODO list, which I think will never work out. If developers wanted a TODO list, we would already have one. In Ports, there are already the useful tags on emails of WIP, NEW, UPDATE, etc Perhaps the useful emails that have suitable TODO items could simply be tagged with a TODO. WIP TODO blah blah UPDATE TODO blah blah TODO blah blah These would be exceptionally easy to search for. NO list, very simple for anyone to add to an email.
Wistron DNMA92 mini-PCI card
Hey all, Is anybody developing drivers for the Atheros AR9220-based card named in the subject? Would it help if someone were to order some from PCEngines for development, and if so, would pigtails and/or pci-to-mpci adapters be needed, and to whom would we send them? Regards -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
Re: Radius Auth and Insecurity Outputs
On Tue, Apr 20, 2010 at 7:04 AM, Alexander Hall ha...@openbsd.org wrote: Set the encrypted password to * Thank you Stuart for not recommending hacking away on /etc/security but instad provide the correct answer. :-) And while the awk-literate audience might have noticed that any 13-character string would suffice, I'd say * is indeed the most prevalent form thereof. Blech. Talk about hacks, counting out 13 stars? We already have special handling for skey, which I guess demonstrates it's used a fair bit more than radius, but I'd like to get a quorum of developers to agree on something better. All * looks to me like extra disabled. For the OP, might I suggest radiusenabled for a bit of clarity?
Re: Brazil resellers of OpenBSD - Tempo Real?
I used to buy official OpenBSD sets there, but I remember trying to buy a set a couple of months ago, and I couldn't find any. Actually, their website isn't even working (www.temporeal.com.br) and there are reports on some forums that the physical store has closed. Meh =( On Mon, Apr 19, 2010 at 9:35 PM, Nenhum_de_Nos math...@eternamente.info wrote: On Mon, 19 Apr 2010 15:24:32 -0700 (MST) Austin Hook aus...@computershop.ca wrote: Does anyone know if the bookstore Tempo Real still exists and if they have a physical mailing address? Or does anyone know of a potential reseller of OpenBSD in Brazil? it looks like is alive. http://www.novatemporeal.com.br/temporeal/contato.asp unfortunately there is no physical address I could find on the site. the devil store (http://www.devilstore.com.br/) deals FreeBSD discs, they may have interest in OpenBSD as well. their comercial mail is comerc...@freebsdbrasil.com.br. HTH, matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
mpi(4): SAS1068: disk not found
Hi, the VMware ESX's LSI SAS1068 emulation doesn't work. The controller is detected but the disk(s) will not be found. After enabling MPI_DEBUG I got only /bsd: mpi1: mpi_read 0x44 0x. It looks like the controller has an interrupt problem. vmstat -i doesn't report the mpi1 controller irq. Disabling ioapic, acpi and mpbios does not solve the issue. Maybe someone has useful tips ... - Joerg $ vmstat -i interrupt total rate irq0/clock 208830 400 irq0/ipi 6874 13 irq82/mpi0 15763 irq83/em0 11917 22 Total 229197 439 completet dmesg: OpenBSD 4.7-current (GENERIC.MP) #74: Fri Apr 16 16:47:34 CEST 2010 r...@dev.osn.de:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1 real mem = 2146988032 (2047MB) avail mem = 2071220224 (1975MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/22/09, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev. 2.4 @ 0xe0010 (98 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 09/22/2009 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P3(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0 (S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3) S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3) PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3) S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3) PE82(S3) S1F0(S3) PE83(S3) S1F0 (S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3) S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) PEA6(S3) S1F0(S3) PEA7(S3) S1F0(S3) PEB1(S3) S1F0(S3) PEB2(S3) S1F0(S3) PEB3(S3) S1F0(S3) PEB4(S3) S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) PEB7(S3) S1F0(S3) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 65MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU X3370 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpicpu1 at acpi0
Re: Wistron DNMA92 mini-PCI card
On 2010-04-20, Aaron Mason simplersolut...@gmail.com wrote: Hey all, Is anybody developing drivers for the Atheros AR9220-based card named in the subject? Would it help if someone were to order some from PCEngines for development, and if so, would pigtails and/or pci-to-mpci adapters be needed, and to whom would we send them? Regards Should already be supported by athn(4) (BSS/monitor mode only, no hostap).
Re: Source Overview
Looking at this and Peters message, I think there may be an answer much simpler than a TODO list, which I think will never work out. If developers wanted a TODO list, we would already have one. Good point. ...snip... Perhaps the useful emails that have suitable TODO items could simply be tagged with a TODO. From a newcomers perspective that seems like a good idea. ...snip... Thanks for more input everyone.
Re: Brazil resellers of OpenBSD - Tempo Real?
Probably you'd better buy anything OpenBSD related on the official site, I gave up trying to find some reseller here in Brazil, and when I bought on the official site I had no problems. Like the system itself, it just works :) Fabio Almeida Em Ter, 2010-04-20 C s 10:40 -0300, Leonardo Rodrigues escreveu: I used to buy official OpenBSD sets there, but I remember trying to buy a set a couple of months ago, and I couldn't find any. Actually, their website isn't even working (www.temporeal.com.br) and there are reports on some forums that the physical store has closed. Meh =( On Mon, Apr 19, 2010 at 9:35 PM, Nenhum_de_Nos math...@eternamente.info wrote: On Mon, 19 Apr 2010 15:24:32 -0700 (MST) Austin Hook aus...@computershop.ca wrote: Does anyone know if the bookstore Tempo Real still exists and if they have a physical mailing address? Or does anyone know of a potential reseller of OpenBSD in Brazil? it looks like is alive. http://www.novatemporeal.com.br/temporeal/contato.asp unfortunately there is no physical address I could find on the site. the devil store (http://www.devilstore.com.br/) deals FreeBSD discs, they may have interest in OpenBSD as well. their comercial mail is comerc...@freebsdbrasil.com.br. HTH, matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
Çok yoğun istek üzerine kampanyamız bir süreliğine uzatılmıştır.
\yelik Bilgileriniz [IMAGE] Payla~ ]zinsiz Gvnderim Bildir \yelikten Ayr}l [IMAGE] Caprice Gold oda sahiplerinin |cretsiz konaklama haklar}yla Didim Otelimiz doluyor [IMAGE] YILLIK PAKET ]G]N SON ^ANS [IMAGE] [IMAGE] Gok yopun istek |zerine kampanyam}z bir s|relipine uzat}lm}~t}r. div align=center[IMAGE] www.caprice.com.tr t}klay}n avantajlar} yakalay}n 0.212.444 44 25 nbsp; E-B|ltenimizi deperlendirin, size daha iyi hizmet sunal}m.12345 [IMAGE] [IMAGE] \yelik Bilgileriniz [IMAGE] Payla~ ]zinsiz Gvnderim Bildir \yelikten Ayr}l /td
Re: Source Overview
After reading your replies and the thread Ted mailed, My assumptions were indeed wrong, I've naively believed people would send diffs if such thing(the list) existed, the thread and your replies proved me wrong. I guess I thought that mainly because it worked for me on some level in the past (I sent diffs after asking for things to do and PR bugs). Summing up, I'm convinced, the list wouldn't do any good. I shall not bother on this subject anymore.
Re: Source Overview
On Tue, Apr 20, 2010 at 01:06:32PM +0100, Peter Kay (Syllopsium) wrote: From: J.C. Roberts list-...@designtools.org The developers *CONSTANTLY* *ASK* *FOR* *YOUR* *HELP* with testing, but this dull and heavy work is somehow below most people who just talk about wanting to become developers and are looking for shortcuts to becoming one. Since validity is critical, if you cannot test properly and hopefully help in the debugging, then you'll never be any good at writing code. You're not wrong, but that's a rather black and white way of looking at the world. It's called experience in the open source community. When someone starts a new activity - whether that's coding for OpenBSD, baking cakes or similar, it's usually necessary to have a visible 'quick win' or at least sign of progress that encourages the person to carry on and try a little harder. Decoding the human genome wasn't easy yet they embarked on it. LHC, anyone? Testing does not usually fit into that category - it is indeed 'dull and heavy' and usually something people expect to be paid for. Oh and coding is free? this is *exactly* how the community can help but apparently they need to be paid for it. I understand and mostly agree with the viewpoint that the best way is to download code, decide on what needs fixing and keep plugging at it until success is achieved. That's also fine if the OpenBSD community wants to perpetuate the type of people that code for it and the size of the community. Open source development requires a certain level of self-starting ability. It also requires a lot of up front time learning and understanding things such as computer hardware, programming, the interaction between those two etc. These are non-trivial skills. Not everybody will be a great programmer. If (and it is an if) the OpenBSD community wants more resource - both coding and testing, there probably needs to be a degree more flexibility. The code lives in CVS, people reply to email with patches and test data. What more flexibility do you need? Or, in short, we need to not deter people straight away, and accept that perhaps sometimes decent programmers start from ones that make lots of mistakes. That means they are not ready yet for OS development and should spend more time on their own learning some more. Perhaps a ports TODO similar to the NetBSD ports TODO might help; it doesn't require quite the same level of kernel or userspace hacking and provides very visible feedback and thanks once completed. Or perhaps it wouldn't. Neither would I completely rule out a central TODO list linked off OpenBSD.org. Sure, it might well be ignored, but the possibility remains that someone might take up the task. NetBSD isn't doing too badly with Google's Summer of Code initiatives, either. I have to see the day that anything useful comes out of the GSC. Why waste time on writing a todo list that will be ignored? You see this is all work on the guy/gal that is already doing the work for free! It might not even be a bad idea to puff up new developers a bit : 'new developer Fred Bloggs decided to solve PR7738 squashing an annoying bug in the ipz(4) driver. John Smith is very grateful for this as it enabled him to use his new ServBladePro NZ20 server' Again, more work for the people that are doing all the work. Part of being a developer is developing a thick skin to put up with a community that wants everything for free without contributing any work. I have seen plenty of people come and go because they don't want to put up with it and they were perfectly capable of finding work on their own. With specific reference to the ISA 486, if there are specific test cases that can be run without taking up hours of interactive time, I have a suitable VLB/ISA 486 that could run them. It's not something I'm interested in using on a regular basis though - I've got other machines that are far easier to work with. PK
Re: Brazil resellers of OpenBSD - Tempo Real?
On 19 April 2010 19:24, Austin Hook aus...@computershop.ca wrote: Does anyone know if the bookstore Tempo Real still exists and if they have a physical mailing address? Or does anyone know of a potential reseller of OpenBSD in Brazil? Buy from openbsdeurope.com, they charge 10 eur for devlivery.
TRIM support?
Hello, Anyone know the status/plans of TRIM support in OpenBSD? I poked around a bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really know what I'm looking for). Thanks, Dan
trouble installing on t2000
I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise. It will let me get all the way through to installingn sets. I have tried to install the sets from cd, ftp, http, rsync and it never finishes. Does anyone have any ideas why this might be? It usually gets about 90% through before freezing up. -- Jason Wagstaff - Systems Administrators University of Missouri - St.Louis One University Boulevard CCB 451 St.Louis, MO 63121-4400 Work 314.516.4067
Re: TRIM support?
What problem are you trying to solve? And no, TRIM isn't supported. On Tue, Apr 20, 2010 at 01:58:30PM -0400, Daniel Barowy wrote: Hello, Anyone know the status/plans of TRIM support in OpenBSD? I poked around a bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really know what I'm looking for). Thanks, Dan
Re: trouble installing on t2000
I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise. It will let me get all the way through to installingn sets. I have tried to install the sets from cd, ftp, http, rsync and it never finishes. Does anyone have any ideas why this might be? It usually gets about 90% through before freezing up. A possible fix for this has been commited recently. RCS file: /cvs/src/sys/arch/sparc64/sparc64/intr.c,v revision 1.35 date: 2010/04/16 22:35:24; author: kettenis; state: Exp; lines: +11 -3 Fix handling of shared interrupts. Make sure we use the lowest priority of all the interrupt handles when reprioritizing the interrupt on reception, but always run the handler at the desired priority. Make sure ci_handled_intr_level is set correctly. Gets rid of splassert warnings seem on many of the PCIe systems with mpi(4). tested by deraadt@, jbg@ It seems to only affect some machines, and none of us had a T2000...
Re: smtpd.conf: syntax error with from local
On Sun, Apr 11, 2010 at 08:20:24PM +0200, Rene Maroufi wrote: Hi, i tried smtpd on a snapshot from March (GENERIC#556). If i use: accept from local for all relay I get with smtpd -n: /etc/mail/smtpd.conf:11: syntax error If i remove from local, everything is OK. Whats wrong with from local? The manpage says from local is correct (but the default, so it isn't needed). Fixed in -current. Cheers Rene -- Reni Maroufi i...@maroufi.net
Re: TRIM support?
On Tue, 20 Apr 2010, Marco Peereboom wrote: What problem are you trying to solve? And no, TRIM isn't supported. My concern is the procedure we've been using to deploy OpenBSD machines. We set up a base machine with a standard disk layout, utilities, admin account, etc... and then make a copy of the entire disk using dd. We save this on our SAN, and when we want a new machine, simply pull a disk off the shelf, copy the image to the disk, boot, then customize. The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is implemented in the disk's firmware, with some being better than others. At present, we have Intel X25-E disks. So, if the above is correct, then I will need to either rethink our deployment strategy (like, always leave some spae on the disk, untouched by dd), or else try not to write so often (like, using a ramdisk). I could also be overestimating the importance of all of this. Thanks, Dan
Re: TRIM support?
On Tue, Apr 20, 2010 at 02:56:11PM -0400, Daniel Barowy wrote: On Tue, 20 Apr 2010, Marco Peereboom wrote: What problem are you trying to solve? And no, TRIM isn't supported. My concern is the procedure we've been using to deploy OpenBSD machines. We set up a base machine with a standard disk layout, utilities, admin account, etc... and then make a copy of the entire disk using dd. We save this on our SAN, and when we want a new machine, simply pull a disk off the shelf, copy the image to the disk, boot, then customize. The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is implemented in the disk's firmware, with some being better than others. At present, we have Intel X25-E disks. So, if the above is correct, then I will need to either rethink our deployment strategy (like, always leave some spae on the disk, untouched by dd), or else try not to write so often (like, using a ramdisk). I could also be overestimating the importance of all of this. You are. The whole not write so often is really really really uninteresting. Thanks, Dan
Re: pf statistics via SNMP MIBs on 4.6 (or 4.7)
silvershadow...@gmx.de wrote: the most recent MIBs for OpenBSD is for 4.4 (OpenBSD 4.4: obsd-mibs44.tar), which can be downloaded from well-known http://www.packetmischief.ca/openbsd/snmp/ However, I seem to have problems getting it running on a OpenBSD 4.6 based relayd setup (dmesg below). It builds okay from the ports, installs, but snmpwalk won't find the OIDs documented. Has anyone running SNMP MIBs from this source on a system OpenBSD 4.4+? 4.5 was the last release I compiled it. But at some day I got tired of building custom packages for snmp every 6 months (apart from the fact that FreeBSD doesn't provide similiar at all) and wrote a small perl script which uses pfctl to query values. It can also be used with Nagios and Cacti. http://www.charlieroot.de/bsd/pf-stats-snmp.pl HTH, Helmut -- No Swen today, my love has gone away My mailbox stands for lorn, a symbol of the dawn
Re: can't do suitable block in firewall
Hi Shane, Heya and others. I tried a new setup, using tables (look more eficient than using a thousan rules to each variable). But is still failing :( # tables table msn-rdr persist const file /etc/pf.conf.d/msn-rdr table msn-allow persist const file /etc/pf.conf.d/msn-allow # msn proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 1863 - $proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 25000:3 - $proxy # msn filter pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from msn-rdr to $proxy port 1863 block out quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 In the msn-rdr table are IP of the hosts that should be redirected to the proxy, and in the msn-allow are the IP of the hosts that should be allowed to connect directly with the MSN over the internet (including the host $proxy). The $proxy host is in a fourth interface named $dmz_iface. If i remove the quick statement of the block rule, anyone in any interface can connect, and with the 'quick' statement, no one can =S. Also, back in february, when i just redirected everyone to the proxy, the rdr rules used to work, but with this more selective rule, it's not working at all. Tks in advance. Leonardo Carneiro - Veltrac wrote: Shane Lazarus wrote: Heya On Tue, Apr 20, 2010 at 5:43 AM, Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br mailto:lscarne...@veltrac.com.br wrote: My OpenBSD firewall has 4 interfaces: 2 lan, 1 wan and 1 dmz. What i'm trying to do is: 1. Allow some hosts to use MSN; 2. Redirect the MSN connections of some hosts from the LAN interfaces to a MSN proxy in the DMZ interface; 3. Block the rest. This is how i'm trying to achieve: # msn proxy redirect rdr on $lan1_iface proto tcp from $msn-redirect to any port 1863 - $proxy rdr on $lan1_iface proto tcp from $msn-redirect to any port 25000:3 - $proxy # msn filter pass out quick on $inet_iface inet proto tcp from $msn-redirect to $proxy port 1863 keep state pass out quick on $inet_iface inet proto tcp from $msn-allowed1 to any port 1863 keep state pass out quick on $inet_iface inet proto tcp from $msn-allowed2 to any port 1863 keep state pass out quick on $inet_iface inet proto tcp from $proxy to any port 1863 keep state block out on $inet_iface inet proto tcp from any to any port 1863 Is the reference to passing out the redirected traffic to the $proxy via the $inet_interface instead of the $dmz_interface correct, a typo or the issue? Shane Hi Shane. No, it's not a typo. It's a last second modification that i tried before send the email. Was 'any' before i replace with '$proxy'. However, like you well observed, it's wrong :( I'll try other rules today and i'll post then here. Tks for you concern.
Re: TRIM support?
On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote: And no, TRIM isn't supported. The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is You are. The whole not write so often is really really really uninteresting. It's not about writing too often, it's about the performance hit doing a read/modify/write when there's no free blocks. Like the 4k sector problem, but potentially even worse. On the other hand, it depends on how much writing your server will do in service. If you aren't writing large files, you won't notice much difference, and the benefit of ultra fast random access is more than worth it.
Re: TRIM support?
On Tue, Apr 20, 2010 at 02:56:11PM -0400, Daniel Barowy wrote: The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is implemented in the disk's firmware, with some being better than others. At present, we have Intel X25-E disks. Err, just how frequently are you doing this? The answer is going to change a bit if you're doing this infrequently vs. doing this as a part of manufacturing turn key boxes. I am going to assume the former, not the latter. If you don't want as many blocks to appear as used, write to fewer blocks. IE partition it, slice it, mkfs it, and restore from a tarball. You can even put your gzipped tarball of the base system where the installer expects to find base##.tgz and tell it to only install your tarball. So, if the above is correct, then I will need to either rethink our deployment strategy (like, always leave some spae on the disk, untouched by dd), or else try not to write so often (like, using a ramdisk). I could also be overestimating the importance of all of this. Just rethink your deployment strategy to not use 'dd'. Even Windows cloning systems stopped trying to copy all bits on the disk 6+ years ago. 'dd' made some sense when the disk was mostly full and there was a huge penalty to keep seeking between data and metadata. 'dd' continues to make sense if you need to make a copy of everything before attempting to recover data or metadata. -- Chris Dukes
Re: TRIM support?
On Tue, Apr 20, 2010 at 03:48:23PM -0400, Ted Unangst wrote: On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote: And no, TRIM isn't supported. The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is You are. The whole not write so often is really really really uninteresting. It's not about writing too often, it's about the performance hit doing a read/modify/write when there's no free blocks. Like the 4k sector problem, but potentially even worse. On the other hand, it depends on how much writing your server will do in service. If you aren't writing large files, you won't notice much difference, and the benefit of ultra fast random access is more than worth it. I am 100% unconvinced.
Congreso Internet Marketing Experts - Guadalajara 24 de Mayo Auditorio Hotel Hilton
Congress Marketing Presenta Congreso Nacional iMexB410 Internet Marketing Experts Guadalajara Sponsored By WSI We Simplify The Internet - KTC Conexiones - Google Adwords Professionals - Doppler E-Mail Marketing Made Simple - CII[IMAGE][IMAGE] Ser Visto Para Ser Rentable El Internet como medio de mercadotecnia ofrece beneficios excepcionales y un potencial de reconocimiento de marca para todo tipo de industria. Un evento sin precedentes que propone alternativas de vanguardia y tecnologCa expuestas por lCderes en el C!mbito. La mercadotecnia por Internet es altamente rentable, ofrece muchas ventajas C:nicas que la publicidad tradicional no puede igualar, asC como herramientas de alto impacto y desempeC1o que desarrollarC!n un verdadero vCnculo entre su empresa y su mercado meta. Objetivos y beneficios B?QuC) puede hacer la mercadotecnia por internet por mi negocio? b Generar trC!fico a su sitio web o instalaciones fCsicas (generaciC3n de contactos, ventas, etc.) b Mejorar sus actividades promocionales en lCnea b una forma mC!s de llegar a los clientes b Extender el posicionamiento de su marca en nuevos mercados b Dar a su negocio una ventaja sobre su competencia b Reducir sus costos de mercadotecnia a la vez que mejora sus resultados Viernes 24 de Mayo de 2010 - Hotel Hilton Guadalajara[IMAGE] Algunos de los temas generales a tratar . Tu presencia en internet . Posicionamiento, trC!fico objetivo y mercadotecnia online . Impacto de las redes sociales como estratC)gia de negocios . Mobile Marketing . e-mail Marketing Y muchos mC!s! [IMAGE] Descargue su Brochure en pdf con detalles y costos del evento Click AquC Congress Marketing Online S.C. B) 2009 - Todos los derechos reservados. TelC)fonos en la Cd. de Guadalajara 01(33)1201-6898, (33)1562-1784 y (33)3110-6502 Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Congress Marketing o bien un usuario le refirio para recibir este boletCn. Como usuario de Congress Marketing, en este acto autoriza de manera expresa que Congress Marketing le puede contactar vCa correo electrC3nico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJA CM000SCRMZ. Unsubscribe to this mailing list, reply a blank message withe the subject UNSUBSCRIBE CM000SCRMZ Tenga en cuenta que la gestiC3n de nuestras bases de datos es de suma importancia y no es intenciC3n de la empresa la inconformidad del receptor.
Re: can't do suitable block in firewall
Leonardo Carneiro - Veltrac wrote: Hi Shane, Heya and others. I tried a new setup, using tables (look more eficient than using a thousan rules to each variable). But is still failing :( # tables table msn-rdr persist const file /etc/pf.conf.d/msn-rdr table msn-allow persist const file /etc/pf.conf.d/msn-allow # msn proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 1863 - $proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 25000:3 - $proxy # msn filter pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from msn-rdr to $proxy port 1863 block out quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 In the msn-rdr table are IP of the hosts that should be redirected to the proxy, and in the msn-allow are the IP of the hosts that should be allowed to connect directly with the MSN over the internet (including the host $proxy). The $proxy host is in a fourth interface named $dmz_iface. If i remove the quick statement of the block rule, anyone in any interface can connect, and with the 'quick' statement, no one can =S. Also, back in february, when i just redirected everyone to the proxy, the rdr rules used to work, but with this more selective rule, it's not working at all. Tks in advance. Hmm, i'm almost getting it. Switching block *out* quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 to block *in* quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 solved the problem partially. Now, the allowed host are being allowed and the others not, but the hosts that should be redirected are not being redirected and also cannot connect.
Re: smtpd: Aliases only work with for local alias aliases
On Mon, Apr 12, 2010 at 12:26:09PM +0200, Rene Maroufi wrote: Hello, In my smtpd.conf i have this: map aliases { source db /etc/mail/aliases.db } and: accept from all for local deliver to maildir If i send a mail to an alias smtpd rejected the mail. The Log says: 530 Recipient rejected: postmas...@lofn.maroufi I tried something and finally this works: accept from all for local alias aliases deliver to maildir But the Manpage doesn't say something about for local alias aliases And a second error in the Manpage: The Manpage says: map map { [type maptype] source mapsource } And the maptype must be db. But if i write: map aliases { type db source /etc/mail/aliases.db } Than smtpd -n says its an syntax error. Actually map only works without maptype and aliases works only with a alias mapname statement in the accept rule. Thats different from the manpage. Both fixed in -current. Cheers Reni -- Reni Maroufi i...@maroufi.net
Re: TRIM support?
On Tue, 20 Apr 2010, Ted Unangst wrote: It's not about writing too often, it's about the performance hit doing a read/modify/write when there's no free blocks. Like the 4k sector problem, but potentially even worse. On the other hand, it depends on how much writing your server will do in service. If you aren't writing large files, you won't notice much difference, and the benefit of ultra fast random access is more than worth it. Right now, the machines I am working on are mail gateways. They'll need to do frequent small writes as mail is shuffled between various queues. As long as we keep up with incoming mail, we're fine-- this is less of an issue now that spamd turns away most connections before they submit any data for processing. We were looking for a general answer, though, since the same strategy is used to deploy machines for other purposes (databases, web servers, routers, etc), although any application that requires lots of storage will probably get a big disk (or more likely, NFS to a big disk) specifically for that purpose. Thanks for the answers, everyone. I have some good ideas to look into. Dan
Re: reply-to/return-path mail/smtpd question
On Mon, Mar 22, 2010 at 06:05:37PM +0100, Didier Wiroth wrote: Hello, (I'm using current with smtpd.) I'm sending mail reports to a mail address which is defined in the alias file like this: didier: dwir...@company.com My smtpd.conf is: listen on lo0 map aliases { source db /etc/mail/aliases.db } accept for local deliver to mbox accept for all relay via mail.company.com When I get the mail, the return-path header field is: did...@originating.mail.host Is it possible to AUTOMATICALLY change the default behavior of the mail command or from smtpd, so that the return-path is an existing/other mail address ? for example: return-path: dwir...@company.com This is task for the MUA, not MTA. $ mail didier -f dwir...@company.com report.txt
Re: can't do suitable block in firewall
Leonardo Carneiro - Veltrac wrote: Leonardo Carneiro - Veltrac wrote: Hi Shane, Heya and others. I tried a new setup, using tables (look more eficient than using a thousan rules to each variable). But is still failing :( # tables table msn-rdr persist const file /etc/pf.conf.d/msn-rdr table msn-allow persist const file /etc/pf.conf.d/msn-allow # msn proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 1863 - $proxy rdr on { $lan1_iface, $lan2_iface } proto tcp from msn-rdr to any port 25000:3 - $proxy # msn filter pass out quick on { $lan1_iface, $lan2_iface } inet proto tcp from msn-rdr to $proxy port 1863 block out quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 In the msn-rdr table are IP of the hosts that should be redirected to the proxy, and in the msn-allow are the IP of the hosts that should be allowed to connect directly with the MSN over the internet (including the host $proxy). The $proxy host is in a fourth interface named $dmz_iface. If i remove the quick statement of the block rule, anyone in any interface can connect, and with the 'quick' statement, no one can =S. Also, back in february, when i just redirected everyone to the proxy, the rdr rules used to work, but with this more selective rule, it's not working at all. Tks in advance. Hmm, i'm almost getting it. Switching block *out* quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 to block *in* quick on ! $inet_iface inet proto tcp from ! msn-allow to any port 1863 solved the problem partially. Now, the allowed host are being allowed and the others not, but the hosts that should be redirected are not being redirected and also cannot connect. I'm well aware that nat occurs before the filtering, but what about redirections that does not involve nat?
Бюджетирование и управленческий учет.
** * * PP PPPPP'PP!PPP PPPPPP+ PP.PPPPPP PPPPPP/ P P#PP PPPPPP'PP!PPPP P#P'PPP. * ** PP0 QP5PP8P=P0Q P?QP8P3P;P0QP0QQQQ: QQP:PP2PP4P8QP5P;P8 P:PPP?P0P=P8P9, QP8P=P0P=QPP2QP5 P4P8QP5P:QPQP0 P8 QPQQQP4P=P8P:P8 QP8P=P0P=QPP2P-Q P:PP=PPP8QP5QP:P8Q QP;QP6P1. PP0QQ P?QPP2P5P4P5P=P8Q: 26-27 P0P?QP5P;Q P P5P3P8QQQP0QP8Q P8 P8P=QPQPP0QP8Q: 8(495)411-94-31 ** P PP PPP PPPP: 1. PP0P: P?QP0P2P8P;QP=P QQP8QP0QQ P4P5P=QP3P8. PP0P: PQP3P0P=P8P7PP2P0QQ QQP5Q P2 P:PPP?P0P=P8P8 - PQPQP5QQ QPQPP8QPP2P0P=P8Q QP?QP0P2P;P5P=QP5QP:PP9 P8P=QPQPP0QP8P8. - P-P;P5PP5P=QQ B+P:PP=QQQQP:QPQP0B; QP?QP0P2P;P5P=QP5QP:PP9 PQQP5QP=PQQP8. - PP8QP0PP8P4P0 P:PP=QQPP;Q. - PP7P0P8PPQP2QP7Q PP5P6P4Q QP?QP0P2P;P5P=QP5QP:PP9 P8 P1QQP3P0P;QP5QQP:PP9 PQQP5QP=PQQQQ. 2. PQP=PP2P=QP5 QP8P=P0P=QPP2QP5 P4PP:QPP5P=QQ. P#P?QP0P2P;P5P=QP5QP:P8P5 QPQPQ PQQP5QPP2 - PQQP5Q P P?QP8P1QP;P8. PP0P;P0P=Q. - PQQP5Q P P4P2P8P6P5P=P8P8 P4P5P=P5P6P=QQ QQP5P4QQP2. - PP4P0P?QP0QP8Q P4P;Q QP5QP5P=P8Q QP?QP0P2P;P5P=QP5QP:P8Q P7P0P4P0Q. - PQP8PP5QQ QP0P1PQP8Q QPQP PQQP5QP=PQQP8 QPQQP8P9QP:P8Q P:PPP?P0P=P8P9. 3. B+PP4P5 P4P5P=QP3P8?B;. PQP2P5Q P=P0 P3P;P0P2P=QP9 P2PP?QPQ QQP:PP2PP4P8QP5P;Q - PQP8P1QP;Q P5QQQ, P0 P4P5P=P5P3 P=P5Q. PP4P5 PP=P8? - PP0P3P;QP4P=QP5 QPQPQ P4P;Q P?PP=P8PP0P=P8Q P8QQPQP=P8P:PP2 P4P5P=P5P6P=QQ QQP5P4QQP2 P8 P=P0P?QP0P2P;P5P=P8Q P8Q P8QP?PP;QP7PP2P0P=P8Q. - PQQP;P5P6P8P2P0P=P8P5 QP8P=P0P=QPP2QQ P?PQPP:PP2 PP5P6P4Q QP0P7P=QPP8 P2P8P4P0PP8 P4P5QQP5P;QP=PQQP8. 4. P#QP5Q P8 QP?QP0P2P;P5P=P8P5 PQP4P5P;QP=QPP8 QQP0QQQPP8 PP1PQPQP=PP3P P:P0P?P8QP0P;P0 - P!PQQP0P2P;QQQP8P5 PP1PQPQP=PP3P P:P0P?P8QP0P;P0. - PPP3P8P:P0 P:5QQP5QP:PP3P QP8P:P;P0. - P#QP5Q P8 QP?QP0P2P;P5P=P8P5 QQP0QQQPP8 PP1PQPQP=PP3P P:P0P?P8QP0P;P0. - P#P4PP1P=QP5 QPQPQ P4P;Q QQP5QP0 P8 P0P=P0P;P8P7P0. - PPP=QQPP;QP=QP5 QPQP:P8 P?QPP2P5QP:P8 PQQP5QP=PQQP8. 5. P P5P=QP0P1P5P;QP=PQQQ, PP1PQP0QP8P2P0P5PPQQQ, P?QPP8P7P2PP4P8QP5P;QP=PQQQ, P;P8P:P2P8P4P=PQQQ, QP3QPP7P0 P1P0P=P:QPQQQP2P0. PP0 QP5P QP;P5P4P8QQ P8 P:P0P: P2 Q QPP P=P5 P?PQP5QQQQQQ - PQP=PP2P=QP5 P3QQP?P?Q P:PQ QQP8QP8P5P=QPP2 (QP5P=QP0P1P5P;QP=PQQQ, PP1PQP0QP8P2P0P5PPQQQ, P;P8P:P2P8P4P=PQQQ, QP3QPP7P0 P1P0P=P:QPQQQP2P0). PPP3P8P:P0 P8Q P?PQQQPP5P=P8Q. - B+PQP0P2P8P;QP=QP5B; QPQPQP;Q. P! QP5P QQP0P2P=P8P2P0QQ P?PP:P0P7P0QP5P;P8. - PPQPP8QPP2P0P=P8P5 P?PP:P0P7P0QP5P;P5P9. 6. PP=P0P;P8P7 P2QP3PP4P=PQQP8 P0QQPQQP8PP5P=QP0 P8 P2P8P4PP2 P4P5QQP5P;QP=PQQP8 - PP0QP6P8P=P0P;QP=QP9 P0P=P0P;P8P7 P0QQPQQP8PP5P=QP0 P8 P2P8P4PP2 P4P5QQP5P;QP=PQQP8. - PQP5P=P:P0 QP5P0P;QP=PP9 Q P:PP=PPP8QP5QP:PP9 Q QQP5P:QP8P2P=PQQP8. - PP4P5 PQ P7P0QP0P1P0QQP2P0P5P, P0 P3P4P5 QP5QQP5P. - PP0P:QQP2P0QQ P8P;P8 P=P5 P7P0P:QQP2P0QQ P=P0P?QP0P2P;P5P=P8P5 P2 QP;QQP0P5 PQQP8QP0QP5P;QP=PP3P QP5P7QP;QQP0QP0. 7. PPP=QQPP;Q P=P0P4 P7P0QQP0QP0PP8. PPQP:P0 P1P5P7QP1QQPQP=PQQP8. PP5QQ P?P QP=P8P6P5P=P8Q P7P0QQP0Q - PP=P0P;P8P7 P8 P?QP8P=QP8P?Q QP0P7P4P5P;P5P=P8Q P7P0QQP0Q. - PQP5P=P:P0 QPQP:P8 P1P5P7QP1QQPQP=PQQP8. - PQP3P0P=P8P7P0QP8Q P:PP=QQPP;Q P=P0P4 P7P0QQP0QP0PP8. - PQP8PP5QQ P?QPP3QP0PP P?P QP=P8P6P5P=P8Q P7P0QQP0Q. 8. P!P8QQP5PP0 QP8P=P0P=QPP2PP3P P?P;P0P=P8QPP2P0P=P8Q - P1QP4P6P5QP8QPP2P0P=P8Q - PP0P4P0QP8 P8 P=P0P7P=P0QP5P=P8P5 QP8QQP5PQ QP8P=P0P=QPP2PP3P P?P;P0P=P8QPP2P0P=P8Q. - PPQP8P7PP=QQ P?P;P0P=P8QPP2P0P=P8Q. - PQP=PP2P=QP5 Q QP0P?Q QP8P:P;P0 P?P;P0P=P8QPP2P0P=P8Q. - P#QP;PP2P8Q P2QP?PP;P=P8PPQQP8 P?P;P0P=P0 P8 PP5QQ P?P QQQQP0P=P5P=P8Q P4P5QP8QP8QP0 P1QP4P6P5QP0. - PQP8PP5QQ QP5P0P;P8P7P0QP8P8. 9. PP?P5QP0QP8P2P=PP5 P?P;P0P=P8QPP2P0P=P8P5 P4P5P=P5P6P=QQ QQP5P4QQP2 - PQP0P:QP8QP5QP:P0Q QP5QP=PP;PP3P8Q P?PQQP0P=PP2P:P8 QP8QQP5PQ P?P;P0P=P8QPP2P0P=P8Q P4P2P8P6P5P=P8Q P4P5P=P5P6P=QQ QQP5P4QQP2. - PQP3P0P=P8P7P0QP8PP=P=QP5 5P=QQ. - P$PQPP8QPP2P0P=P8P5 P=P0P1PQP0 P1QP4P6P5QPP2 P8 PQP2P5QQQP2P5P=P=QQ P7P0 P2QP?PP;P=P5P=P8P5. - PQP4P6P5QP=QP9 QP5P3P;P0PP5P=Q, QP0QP?QP5P4P5P;P5P=P8P5 QQP=P:QP8P9, P?PQQP4PP: P2P7P0P8PPP4P5P9QQP2P8Q. - PQP3P0P=P8P7P0QP8Q QP?QP0P2P;P5P=P8Q P1QP4P6P5QP0PP8. 10. PPPP?P;P5P:QP=PP5
Re: TRIM support?
On Tue, Apr 20, 2010 at 03:01:58PM -0500, Marco Peereboom wrote: On Tue, Apr 20, 2010 at 03:48:23PM -0400, Ted Unangst wrote: On Tue, Apr 20, 2010 at 3:11 PM, Marco Peereboom sl...@peereboom.us wrote: And no, TRIM isn't supported. The problem is that we're copying the entire disk, so, as far as the disk (i.e., SSDs) is aware, that disk is 100% full-- all blocks are marked as used even if they're empty. If I understand correctly, how the controller handles block reallocation in this scenario depends how it is You are. The whole not write so often is really really really uninteresting. It's not about writing too often, it's about the performance hit doing a read/modify/write when there's no free blocks. Like the 4k sector problem, but potentially even worse. On the other hand, it depends on how much writing your server will do in service. If you aren't writing large files, you won't notice much difference, and the benefit of ultra fast random access is more than worth it. I am 100% unconvinced. I *was* 100% unconvinced. I am much better educated now. Yes this could be neat :-)
You have one new message from Public Bank Berhad
Dear Public Bank Berhad Customer, You have 1 unread Message! Click here to resolve the problem Thank You. * Please do not reply to this email, as your reply will not be received. This is an automatic notification of new security messages. Sincerely, Public Bank Berhad Security Department Team.
weird maildirmake problem
Hi, I've a strange problem; I installed an OpenBSD mail server last day with Postfix, Courier-Imap..etc Everything was working fine, until i wanted to re-create an e-mail account. Now, when i'm trying to make user's directory, (as root) /usr/local/bin/maildirmake -q 1000S /var/vmail/domain.com/user Maildirmake does not response the command. It just waits for forever, cursor waits, no output (just like when you simply run 'cat' without pointing to a file) till i interrupt with CTRL+C. I thought its maybe because of the permissions, But neither chown -R vmail:vmail /var/vmail did not solve that. details: OpenBSD 4.6-stable #which maildirmake /usr/local/bin/maildirmake # ls -al /usr/local/bin/maildirmake -r-xr-xr-x 1 root bin 30504 Jul 2 2009 /usr/local/bin/maildirmake i've created a ktrace.out file with ktrace -p $maildirmakepid while maildirmake was waiting, kdump'd the ktrace.out file, got such messages: 14969 maildirmake NAMI /var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com 14969 maildirmake RET stat -1 errno 2 No such file or directory 14969 maildirmake CALL open(0x80b30600,0x20e,0x1a4) 14969 maildirmake NAMI /var/vmail/domain.com/info/tmp/1271783205.14969_NeWmAiLdIrSiZe.hostname.server.com 4969 maildirmake RET open -1 errno 2 No such file or directory ... Of course, there is no such 'domain.com' or 'domain.com/user' directory in /var/vmail. maildirmake creates them, just like how it did last day. Same command, same permissions, same path, not working. Any idea? Thanks.
Re: Source Overview
Please read as this is your challenge back should you actually step up to it with the usual line shut up and hack type of answer. This tread now spread on tech@ too and include may be 3 or 4 treads all referring to todo lists, janitor and all. I don't find it interesting anymore and plenty of answers were provided, but again nothing is done about it so in the same spirit of the well knows shut up and hack, I decided to show again how useless this might be and I would be more then happy to be proven wrong big time. I will even pay the beer if I am proven wrong for good. Now to close this for good and to show as many time in the pass that it will not go anyway, I setup yet one more users maintain lists here: http://todo.openbsdsupport.org/ or here if you prefer: http://openbsdsupport.org/todo/ same place anyway, but the URL is obvious I guess in the first one. There is nothing there and I challenge anyone that complain in the last week or so about not having a list and that it would be useful and allow great things to happened to do it. I WILL PROVIDE AN ACCOUNT to anyone that is actualy serious in doing this list and that will take it on. Collect all the variosu todo lists, make it clean and real here, not with funny pictures, design, and all. Just the list. It could be even as simple as a simple list of URL to places that have todo already. I don't think it will go anyway, but in the same spirit of showing the true color of winners, I raise yet again this variation on the same idea and same challenge as before. I have that domain as far back as 2004 following yet an other endless discussion about documentations/howto and all. Yes, I got minimal amount of contributions to it after all was setup but the wining stop. Just no progress however. I do have very minimal contribution in my inbox that I haven't been able to update yet as for lack of time on my part, but at the same time I sure do not get a regular flow of updates either in the 6+ years it exists. I know it will not go anywhere, but that's not the developers jog to make these lists that no one look at anyway, but many have done so. Also, I want to make it VERY CLEAR that this have nothing to do with the project what so ever. It's not endorse or supported by the project what so ever and it not associated with it in any shape or form. If you have a problem with that, take it with me, not the project. Theo knows about it, he told me log ago that was a waste of time and useless things to do and he was 100% right! But it still exists to stop the wining if nothing else as looks like we have more noise on the list always as time pass. So, may be if the only contribution this does is to reduce it, then so be it and just that is worth my time. Now, take the challenge on and show that everyone was wrong by doing your part. Contact me off list if you are serious and will do the list and i will give you access as long as you are not abusing of it. Hopefully this will close the subject and if anything good come out of it then great. Let see where it goes from here. The ball is in your camp now. You want a list, then make it so. Best, Daniel
Re: 4.7 and AR5007
Corey Bukolt wrote: Yes, please recompile a kernel after changing the value of athn_debug in /usr/src/sys/dev/ic/athn.c to 10: int athn_debug = 0; - int athn_debug = 10; Then reboot and send me the dmesg. The AR9285 works for several people so it is very likely a difference in chip or EEPROM revision that triggers different code paths. Damien Here is mine. Source was updated from cvs prior to compiling. Thanks. OpenBSD 4.7-current (GENERIC) #0: Tue Apr 20 08:20:05 PDT 2010 r...@sw1.example.com:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(tm) Processor L110 (AuthenticAMD 686-class, 512KB L2 cache) 1.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16 real mem = 1877372928 (1790MB) avail mem = 1810014208 (1726MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 06/18/09, BIOS32 rev. 0 @ 0xfd9a0, SMBIOS rev. 2.4 @ 0xf10d0 (17 entries) bios0: vendor Phoenix Technologies LTD version v1.3201 date 06/18/2009 bios0: Gateway LT31 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC MCFG HPET BOOT SLIC acpi0: wakeup devices PB5_(S5) OHC1(S3) OHC2(S3) EHCI(S3) HDAU(S3) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 21, 24 pins acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PB3_) acpiprt2 at acpi0: bus -1 (PB4_) acpiprt3 at acpi0: bus 3 (PB5_) acpiprt4 at acpi0: bus 4 (PB6_) acpiprt5 at acpi0: bus -1 (PB7_) acpiprt6 at acpi0: bus 9 (P2P_) acpiprt7 at acpi0: bus 1 (AGP_) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 100 degC acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT1 model UM09B7C serial 2545 type LION oem SIMPLO acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: VGA_ acpivout0 at acpivideo0: LCD_ acpivout1 at acpivideo0: CRT1 acpivout2 at acpivideo0: TV__ acpivout3 at acpivideo0: DFP1 bios0: ROM list: 0xc/0xd800 0xd/0x1c00! 0xd4000/0x1000 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 ATI RS690 Host rev 0x00 ppb0 at pci0 dev 1 function 0 ATI RS690 PCIE rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 5 function 0 ATI Radeon X1250 IGP rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 5 function 0 ATI RS690 PCIE rev 0x00 pci2 at ppb1 bus 3 re0 at pci2 dev 0 function 0 Realtek 8101E rev 0x02: RTL8102EL (0x2480), apic 1 int 17 (irq 5), address 00:23:8b:f1:4b:f3 rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1 ppb2 at pci0 dev 6 function 0 ATI RS690 PCIE rev 0x00 pci3 at ppb2 bus 4 athn0 at pci3 dev 0 function 0 Atheros AR9285 rev 0x01: apic 1 int 18 (irq 11)Tx gain type=0x0 , address 00:26:5e:29:29:5b Found RF switch connected to GPIO pin 0 128 key cache entries using closed loop power control txchainmask=0x1 rxchainmask=0x1 athn0: AR9285 rev 2 (1T1R), ROM rev 13 ahci0 at pci0 dev 18 function 0 ATI SB600 SATA rev 0x00: apic 1 int 22 (irq 11), AHCI 1.1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, TOSHIBA MK2555GS, FG00 SCSI3 0/direct fixed sd0: 238475MB, 512 bytes/sec, 488397168 sec total ohci0 at pci0 dev 19 function 0 ATI SB600 USB rev 0x00: apic 1 int 16 (irq 10), version 1.0, legacy support ohci1 at pci0 dev 19 function 1 ATI SB600 USB rev 0x00: apic 1 int 17 (irq 5), version 1.0, legacy support ohci2 at pci0 dev 19 function 3 ATI SB600 USB rev 0x00: apic 1 int 17 (irq 5), version 1.0, legacy support ohci3 at pci0 dev 19 function 4 ATI SB600 USB rev 0x00: apic 1 int 18 (irq 11), version 1.0, legacy support ehci0 at pci0 dev 19 function 5 ATI SB600 USB2 rev 0x00: apic 1 int 19 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x14: SMI iic0 at piixpm0 spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM pciide0 at pci0 dev 20 function 1 ATI SB600 IDE rev 0x00: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility azalia0 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 1 int 16 (irq 10) azalia0: codecs: Realtek ALC272 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 ATI SB600 ISA rev 0x00 ppb3 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00 pci4 at ppb3 bus 9 pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00: core rev DH-G2 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 ATI OHCI root hub rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 ATI OHCI root hub rev
Re: Radius Auth and Insecurity Outputs
Yeah I agree, I think we should pick something sensible and document it in security(8). Most people use * for disabled, how about something like *nocheck? On Tue, Apr 20, 2010 at 09:39:43AM -0400, Ted Unangst wrote: On Tue, Apr 20, 2010 at 7:04 AM, Alexander Hall ha...@openbsd.org wrote: Set the encrypted password to * Thank you Stuart for not recommending hacking away on /etc/security but instad provide the correct answer. :-) And while the awk-literate audience might have noticed that any 13-character string would suffice, I'd say * is indeed the most prevalent form thereof. Blech. Talk about hacks, counting out 13 stars? We already have special handling for skey, which I guess demonstrates it's used a fair bit more than radius, but I'd like to get a quorum of developers to agree on something better. All * looks to me like extra disabled. For the OP, might I suggest radiusenabled for a bit of clarity?
Re: can't do suitable block in firewall
On 2010-04-20, Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br wrote: I'm well aware that nat occurs before the filtering, but what about redirections that does not involve nat? translation = NAT = Network Address Translation = nat and rdr and binat rules. Since translation occurs before filtering, the filter engine will see packets as they look after any addresses and ports have been translated. Filter rules will therefore have to filter based on the translated ad- dress and port number. Packets that match a translation rule are only automatically passed if the pass modifier is given, otherwise they are still subject to block and pass rules. ... Evaluation order of the translation rules is dependent on the type of the translation rules and the direction of a packet. binat rules are always evaluated first. Then either the rdr rules are evaluated on an inbound packet or the nat rules on an outbound packet. Rules of the same type are evaluated in the same order in which they appear in the ruleset. The first matching rule decides what action is taken.
Re: TRIM support?
On 21/04/2010, at 3:58 AM, Daniel Barowy wrote: Hello, Anyone know the status/plans of TRIM support in OpenBSD? I poked around a bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really know what I'm looking for). the status of TRIM support is that there is none. i have no plans currently, though that could change if i ever get gear that would make good use of it. tweaking the scsi and atascsi layers to support unmap and trim is simple, but making the block and fs layers make use of it would be interesting. dlg
Diplomados 2010 Cisco, Linux, Oracle, Windows Server 2008
Title:::@Distance:: Si no puede ver este anuncio, haga click aqum ::Centro de Estudios @Distance:: Para mayor informacisn, llene sus datos haciendo click aqum Si desea anunciarse con nosotros, contactenos a los telifonos: (502) 2361-7900 / (502) 2377-1272 Fax: (502) 2331-6749 Registre gratuitamente a un amigo, o actualice sus datos a cambio de futuros incentivos. Si no desea recibir mas promociones o informacisn, remuivase aqum. Emarketing - Paginas Web - Presentaciones Interactivas
Re: TRIM support?
On Tue, Apr 20, 2010 at 19:51, David Gwynne l...@animata.net wrote: On 21/04/2010, at 3:58 AM, Daniel Barowy wrote: Hello, B Anyone know the status/plans of TRIM support in OpenBSD? B I poked around a bit in ahci.c and scsi.c, but nothing pops out at me (I also don't really know what I'm looking for). the status of TRIM support is that there is none. i have no plans currently, though that could change if i ever get gear that would make good use of it. tweaking the scsi and atascsi layers to support unmap and trim is simple, but making the block and fs layers make use of it would be interesting. dlg looks like the new version of clonezilla supports OpenBSD...
Re: Source Overview
On Tue, Apr 20, 2010 at 9:41 PM, Chris Bennett ch...@bennettconstruction.biz wrote: Looking at this and Peters message, I think there may be an answer much simpler than a TODO list, which I think will never work out. If developers wanted a TODO list, we would already have one. We do. Multiple. Mine's not very up to date, but there are some interesting starting points there. I know there are others. //art