Re: OpenBSD 5.0 upgrade: em interface status no carrier

[Mike Belopuhov]

On Fri, Nov 18, 2011 at 4:01 AM, Sam Vaughan samvaug...@surgeonline.com
wrote:
 On 18/11/2011, at 12:59 PM, Sam Vaughan wrote:

 Hi,

 After upgrading from OpenBSD 4.9 to OpenBSD 5.0, the Intel 82579LM and
 Intel PRO/1000 MT (82574L) devices on one of my servers no longer come
up.

 facepalm

 If I'd bothered to compare those two dmesg outputs more closely I'd have
 noticed that OpenBSD 5.0 is simply enumerating the two interfaces in the
 opposite order.  What was em0 in 4.9 is now em1 in 5.0 and vice versa.
 Simply
 swapping the cable to the other port and _not_ moving the settings in
ifconfig
 to em1 fixes the problem.  Sorry for the noise.

 By the way, is there any reason why I should prefer the 82579LM to the
82574L
 or vice versa?

 Thanks,

 Sam



there's no reason you should consider either of them for any serious
task as both of them are desktop low performance versions.

82576EB is known to be a very good one for routing workloads.

http://www.intel.com/content/dam/doc/brochure/ethernet-controllers-phys-broch
ure.pdf

Re: Which version of Firefox most secure?

[Javier Bassi]

On Sun, Nov 20, 2011 at 4:17 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 7.x.xx actual stable from Mozilla

7.x is no longer supported by Mozilla. 7.0.1 has 3 CVEs
If you don't have 8.0 on ports, go with 3.6.24

Re: Which version of Firefox most secure?

[Tomas Bodzar]

On Sun, Nov 20, 2011 at 3:14 PM, Javier Bassi javierba...@gmail.com wrote:
 On Sun, Nov 20, 2011 at 4:17 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 7.x.xx actual stable from Mozilla

 7.x is no longer supported by Mozilla. 7.0.1 has 3 CVEs
 If you don't have 8.0 on ports, go with 3.6.24

Actually I'm going with xxxterm, but Firefox is as backup only

Re: Which version of Firefox most secure?

[Amit Kulkarni]

 7.x.xx actual stable from Mozilla

 7.x is no longer supported by Mozilla. 7.0.1 has 3 CVEs
 If you don't have 8.0 on ports, go with 3.6.24

8.0 is in the process of being updated by nigel@, see his emails to
ports@ in last two weeks or so. Tests and feedback is welcome from
those running current. Most current port for firefox 8.0 can be found
at www.github.com/jasperla/openbsd-wip/

Re: Which version of Firefox most secure?

[Duncan Patton a Campbell]

On Sun, 20 Nov 2011 16:18:13 +0100
Tomas Bodzar tomas.bod...@gmail.com wrote:

 On Sun, Nov 20, 2011 at 3:14 PM, Javier Bassi javierba...@gmail.com wrote:
  On Sun, Nov 20, 2011 at 4:17 AM, Tomas Bodzar tomas.bod...@gmail.com 
  wrote:
  7.x.xx actual stable from Mozilla
 
  7.x is no longer supported by Mozilla. 7.0.1 has 3 CVEs
  If you don't have 8.0 on ports, go with 3.6.24
 
 Actually I'm going with xxxterm, but Firefox is as backup only
 

Woohoo.  I just tried xxxterm and I think I'm in lurv... 

Dhu

The Nanning International Folk Song Art Festival

[2011-11-21 00:44:21]

misc  

  

  The Nanning International Folk Song Art Festival   

 

  I learn through the website www.newpastoral.com : Nanning is a multi-ethnic 
city based on the Zhuang and Han, is also the political, economic and cultural 
center of Guangxi. The Nanning International Folk Song Art Festival in Guangxi 
is one of the major festivals comprise cultural, economic, trade and tourism, 
the purpose is to inherit and carry forward the Chinese culture and arts of 
various ethnic groups, strengthen the exchange and development of the world's 
various ethnic culture. the annual autumn, The guests from around the world 
come with the the wings of singing, Meet with the beautiful green city:Nanning 
at the annual Folk Song pageant, perform in the same stage together, have 
heart-to-heart exchanges. the culture of ethnic, modern, world are here 
together and blending, Joint performance a happy song of world. Also held 
concurrently with The Nanning International Folk Song Art Festival include 
China - ASEAN Expo, China - ASEAN Business and Investment Summit series!
 , as well as travel food festival and trade fairs and other activities, so 
that where customers around the world can listen to music,see dance,taste 
delicious food, making new friends, find new opportunities. The Nanning 
International Folk Song Art Festival has been held since 1999, to provide for 
domestic and foreign merchants a cultural, business communication platform, has 
been widely acclaimed at home and abroad.   

need help converting to ipsec.conf

[nuffnough]

Hi,

I am converting a bunch of VPNs from my isakmpd.[conf|policy] files to
ipsec.conf mostly because it seems they're deprecated,  but partly
because I saw an old thread that spoke of functionality I want to
explore.

I figured I should work through them one by one.   I got my own VPN
from one site to another working fine,  after I figured out that
ipsec.conf doesn't handle a space in the psk.

The next one is site to site vpn from a client.   They are using (I
think) a juniper device to terminate with teh following settings:



Client side:
IP Address: 10.10.10.66
Peer: 10.100.1.66
Phase1 DH Group 1
Encryption: AES-256
Authentication: SHA1
Lifetime: 28800 seconds
Phase2 DH Group 2
Encryption: AES-256
Authentication: SHA1
Lifetime: 3600 seconds
Preshared Key: Changed
PFS: enabled


So.  I put into my ipsec.conf:

ike esp from 172.18.18.0/24 to 172.20.20.0/24 \
local 10.100.1.66 peer 10.10.10.66 \
#main auth hmac-md5 enc aes-256 group modp768 \
#main auth hmac-sha1 enc aes-256 group modp768 \
main auth hmac-sha1 enc aes group modp768 \
quick auth hmac-sha1 enc aes-256 group modp768 \
srcid ca...@fw0.example.com \
psk Changed


Then I start up isakmpd and dump debug to a file and I get weird messages.

# cat ipsec.log | grep unac
044235.728559 Default attribute_unacceptable: ENCRYPTION_ALGORITHM:
got AES_CBC, expected 3DES_CBC
044255.325011 Default attribute_unacceptable: GROUP_DESCRIPTION: got
MODP_768, expected MODP_1024
044315.878550 Default attribute_unacceptable: AUTHENTICATION_METHOD:
got PRE_SHARED, expected RSA_SIG
044315.878641 Default attribute_unacceptable: HASH_ALGORITHM: got MD5,
expected SHA

As soon as I switch back to my beloved isakmpd.conf (was its syntax
really so complicated?) it comes back up instantly.


Why is ipsec expecting 3DES_CBC?   There is no reference to 3des in my config...
Why is it expecting MODP_1024?  Or RSA_SIG?
Where is it getting MD5 from?

Changing the hash to md5 doesn't seem to make any difference.  :(


And finally...  Does ipsec.conf still parse the policy file to secure
the connections?

Is there a better way?  Or am I wrong in thinking this was a good thing to do?


TIA


nuffi

Re: Which version of Firefox most secure?

[James Hozier]

 From: Tomas Bodzar tomas.bod...@gmail.com
 Subject: Re: Which version of Firefox most secure?
 To: Javier Bassi javierba...@gmail.com
 Cc: misc@openbsd.org
 Date: Sunday, November 20, 2011, 3:18 PM
 On Sun, Nov 20, 2011 at 3:14 PM,
 Javier Bassi javierba...@gmail.com
 wrote:
  On Sun, Nov 20, 2011 at 4:17 AM, Tomas Bodzar tomas.bod...@gmail.com
 wrote:
  7.x.xx actual stable from Mozilla
 
  7.x is no longer supported by Mozilla. 7.0.1 has 3
 CVEs
  If you don't have 8.0 on ports, go with 3.6.24
 
 Actually I'm going with xxxterm, but Firefox is as backup
 only
 
 

I use xxxterm too (as well as scrotwm as my WM) but I need some of
the add-ons that are offered on Firefox not elsewhere on any other
browser

Re: Recommended working IDE

[John Tate]

3

I already know vim, this is exactly the kind of thing I've needed.

On Sat, Nov 19, 2011 at 2:37 PM, richo ri...@psych0tik.net wrote:
 Check out the tag explorer plugin..

 http://www.vim.org/scripts/script.php?script_id=483

 On 19/11/11 14:10 +1100, John Tate wrote:

 If vim had a class browser, I'd already be using vim. Geany was
 suggested to me off the list.

 On Sat, Nov 19, 2011 at 1:49 PM, Richard Toohey
 richardtoo...@paradise.net.nz wrote:

 On 19/11/2011, at 2:51 PM, John Tate wrote:

 Misc,

 I've had troubles with eclipse and anjuta. Eclipse does not want to
 run, anjuta seems to be missing it's symbol browser in anjuta-extras.
 Anjuta actually works, but when I open a project it gives me an error.
 I've already posted what it is, so search. Is there an IDE that works?
 What is it? Perhaps I should just learn emacs. Though, I really like
 anjuta. Are there any IDE recommendations apart anjuta, eclipse, and
 vim and emacs editors available?

 John

 --
 www.johntate.org


 vim with syntax highlighting and brace-matching etc. etc. works for me.

 What language(s) and sorts of project (fat-client?  console?  GUI?  web?)




 --
 www.johntate.org


 --
 richo || Today's excuse:

 Boss' kid fucked up the machine
 http://blog.psych0tik.net




--
www.johntate.org

Re: make cleandir deletes stuff that it shouldn't?

[Philip Guenther]

On Thu, Nov 17, 2011 at 6:29 AM, Christer Solskogen
christer.solsko...@gmail.com wrote:
 After running make cleandir in /usr/src I ran a new checkout
 (OPENBSD_5_0) and I found this:

 Updating collection OpenBSD-src/cvs
  Checkout src/gnu/usr.bin/cvs/doc/CVSvn.texi
...
 Is this intended behaviour?

No, it's not intended.  Fortunately, there's an easy fix that everyone
uses: make obj


Philip Guenther

pppoe

[John Tate]

I am setting up an OpenBSD firewall, and have everything working but I
am using userland pppoe. I am not sure if it ever became an official
part of OpenBSD, but I've heard there might be kernel level pppoe
support.

Is there kernel level pppoe support? Or is the cybersphere filling my
head with dreams?

-- 
www.johntate.org

202.93.128.236代 办／ 代 理 开／机／打 票１３６９９８６５３３８黄经理202.93.128.236

[mail...@tw.mtf.news.yahoo.com]

 Your friend e/d:d8e  fg+ g5d= e!!

g5f(ggh(o



202.93.128.236d;# e
o d;# g eof:of   
g%(oooooooooooi;g;g202.93.128.236
http://tw.myblog.yahoo.com/jw!1K84p1yREQXRDO9YOXH0EfAuoaYkEjm18Q--/article?mid=1

Yahoo!e%f)fe0 d= gfe0.e
e3.gf4;f0i+i)c
http://tw.fashion.yahoo.com/
g   f,
f   f   Yahoo!e%f)

Alert - The Branding Revolution

[Robert Stacey]

As you know the world's biggest branding revolution starts January 2012.

What direct implications does it have for your organization? What do your
teams need to know now and what must they be prepared for in advance to face
the tidal wave?

This White Paper provides an in-depth overview and can be downloaded directly
download from the AARM web site at http://www.aarm.org

I hope you'll find it helpful.

Robert

Robert T. Stacey
President - AARM
roberttsta...@aarm.org
baa
___

If you have received this email in errror please accept my apologies. Insert
removal in the subject line and email to remo...@aarm.org and I'll see that
appropriate action is taken. To reach the AARM website AARM WEB

Re: pppoe

[Daniel Melameth]

On Sun, Nov 20, 2011 at 6:37 PM, John Tate j...@johntate.org wrote:
 I am setting up an OpenBSD firewall, and have everything working but I
 am using userland pppoe. I am not sure if it ever became an official
 part of OpenBSD, but I've heard there might be kernel level pppoe
 support.

 Is there kernel level pppoe support? Or is the cybersphere filling my
 head with dreams?

man 4 pppoe

Re: pppoe

[Carson Chittom]

John Tate j...@johntate.org writes:

 Is there kernel level pppoe support? Or is the cybersphere filling my
 head with dreams?

$ man -k pppoe
pppoe (4) - PPP Over Ethernet protocol network interface
pppoe (8) - PPP Over Ethernet translator


-- 
http://www.wistly.net

Re: Which version of Firefox most secure?

[Tomas Bodzar]

On Mon, Nov 21, 2011 at 12:05 AM, James Hozier guitars...@yahoo.com wrote:
 From: Tomas Bodzar tomas.bod...@gmail.com
 Subject: Re: Which version of Firefox most secure?
 To: Javier Bassi javierba...@gmail.com
 Cc: misc@openbsd.org
 Date: Sunday, November 20, 2011, 3:18 PM
 On Sun, Nov 20, 2011 at 3:14 PM,
 Javier Bassi javierba...@gmail.com
 wrote:
  On Sun, Nov 20, 2011 at 4:17 AM, Tomas Bodzar tomas.bod...@gmail.com
 wrote:
  7.x.xx actual stable from Mozilla
 
  7.x is no longer supported by Mozilla. 7.0.1 has 3
 CVEs
  If you don't have 8.0 on ports, go with 3.6.24

 Actually I'm going with xxxterm, but Firefox is as backup
 only



 I use xxxterm too (as well as scrotwm as my WM) but I need some of
 the add-ons that are offered on Firefox not elsewhere on any other
 browser

AdSuck from packages/ports and whitelist mode (need some work from
start to allow JS/cookies only for pages you really want) and runs
superb

Re: pppoe

[Jan Stary]

On Nov 21 12:37:37, John Tate wrote:
 I am setting up an OpenBSD firewall, and have everything working but I
 am using userland pppoe. I am not sure if it ever became an official
 part of OpenBSD, but I've heard there might be kernel level pppoe
 support.
 
 Is there kernel level pppoe support? Or is the cybersphere filling my
 head with dreams?

Is http://www.openbsd.org/faq/faq6.html#PPP a part of cybersphere?

Re: man doc kaizen

[Jason McIntyre]

On Sun, Nov 20, 2011 at 11:10:07PM +0800, f5b wrote:
 man aue
 ...
 ADMtek AN986 and ADM8511 data sheets, http://www.admtek.com.tw.
 ...
 
 
 man axe
 ...
 ASIX AX88172 data sheet, http://www.asix.com.tw.
 ...
 
 should we remove the period at the end of url?
 

no.
jmc