Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Ted Unangst]

On Thu, Feb 02, 2012, Paul Dejean wrote:
> I'll start working on a patch (even though it'll take me forever) if I
> can be confident it wouldn't be vetoed because people don't like the
> concept.

It shouldn't take long at all.  You are looking for the
sysctl_proc_args function in sys/kern/kern_sysctl.c.  That said, I
don't think the idea is super popular.

> 
> On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey
>  wrote:
>> On 2/02/2012, at 12:30 PM, Paul Dejean wrote:
>>
>>> Even though it's bad practice, a lot of commonly programs will request
>>> passwords or similar sensitive information as command line arguments.
>>> For instance, curl, svn, useradd... There will usually be a way to
>>> work around doing things this way (curl can read from a config file
>>> for instance), but doing so is a hassle (have to write a new config
>>> file for each request).
>>>
>>> I would really like some way to turn the access unprivileged users
>>> have to this information on and off. Ideally I'd like it off by
>>> default in OpenBSD (secure by default).
>>>
>>> Also I would like to add, that even if you folks shoot down this FR as
>>> being an awful idea. It's good that there's an operating system
>>> community where I feel comfortable bringing up this request, where I
>>> wouldn't hear things like:
>>> "You have untrusted users on your system? What a n00b"
>>> "All security features are off by default, why should it be our
>>> responsibility to protects admins from their stupid mistakes?"
>>> "omg why should you care. hunting for sensitive information? it's not
>>> like anyone actually does that"
>>>
>> I've got no comment on the idea itself ...
>>
>> In this "community", the reply is likely to be "great idea, where is
> your sample implementation?"
>>
>> There are not a lot of developers - I'm not one - so generally ideas
> need to be accompanied by code.
>>
>> It's a bit like the school P.T.A. that I help out with - there are lots
> of ideas, but very few helpers - ideas welcome, but they need to be
> attached to someone willing to actually do the work.
>>
>> HTH.

Re: adding icewm

[Tomas Bodzar]

On Fri, Feb 3, 2012 at 3:29 AM, Richard Thornton
 wrote:
> How do I add this window manager?

If you read http://www.openbsd.org/faq/faq11.html already then you can
jump to step http://www.openbsd.org/faq/faq15.html

>
> RT

Re: adding icewm

[Bryan Irvine]

pkg_add -i icewm

Man pkg_add for more details.



On Feb 2, 2012, at 6:29 PM, Richard Thornton 
wrote:

> How do I add this window manager?
>
> RT

Re: adding icewm

[Gleydson Soares]

cwm, fvwm, twm ?
i like cwm



On Fri, Feb 3, 2012 at 12:29 AM, Richard Thornton
 wrote:
> How do I add this window manager?
>
> RT

adding icewm

[Richard Thornton]

How do I add this window manager?

RT

Re: looking for hardware recommendations, x86 or otherwise.

[Juan Francisco Cantero Hurtado]

On Thu, 02 Feb 2012 01:41:42 +0100, Lars  wrote:


https://en.wikipedia.org/wiki/Raspberry_Pi

It's called viral marketing, PR, social crap whatever. Raspberry Pi
foundation claims something about support for schools and
blahblahblah, but in fact was created but one of engineers of
Broadcom. It's just test bed for their proprietary crap or vendor lock
in via children and a way how to lower taxes via charity organization
without real charity.





What's so funny is that they put GNU/Linux on it, when gNU is supposed to
be about FREE dom. LOL. Fucking LOL.

I think Raspberry Pi isn't so useful for my needs anyway because for
example it only has one network port, not two or three...

For poor people in third world countries I think they would be better off
buying used 1ghz-2ghz Desktop computers for $50/each that includes PCI
slots and such. I've purchased some computers less than 50 dollars. The
only advantage of the raspberry pi over a used desktop PC is that it uses
much less power (1 Watt or whatever) and that it is really small. I don't
see how a small tiny circuit will help third world countries but I can  
see

an advantage to 1 watt electricity.




Each watt consumed is very important if various computers are connected to  
a solar panel. The decisions taken during the design of the OLPC are a  
good example.



--
Juan Francisco Cantero Hurtado http://juanfra.info

De la Planeación al Control de Almacenes e Inventarios

[Zulema Avitia]

290205

[IMAGE]

Pms de Mixico prestigiada firma de Capacitacisn presenta:
De la Planeacisn al Control, Almacenes e Inventarios
16 de Febrero, Ciudad de Mixico.
Si esta informacisn no compete a su area y la considera de valor le
agradecemos compartirla. 
Pms Capacitacisn Efectiva de Mixico es una empresa Registrada ante la
STPS
Trabajamos con expertos en la materia para poder brindar herramientas
tacticas, vanguardistas y de facil aplicacisn.

100% Garantma de Satisfaccisn.
!Reciba la informacisn completa! Por favor responda este e-mail con los
datos siguientes
Empresa
Nombre
Telifono
Email
Nzmero de Interesados
En breve recibira temario, reseqa de expositor y tarifas.
Si lo prefiere comunmquese a los telifonos donde con gusto uno de
nuestros ejecutivos le atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741 con mas de 10 lmneas.

Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico
Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados.
E-Mail MARKETING SERVICE POWERED BY MEDIAMKTOOLS.

Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de
Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
ALTO, si en esta ocasisn la informacisn recibida no fue de su interis
pero desea recibir informacisn personalizada en relacisn a otros temas
favor de indicarlo.
Si usted ha recibido este mensaje por error, haga caso omiso de el y de
antemano una sincera disculpa por la molestia, reporte su cuenta
respondiendo este correo con el subject BAJAALMACENES
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAALMACENES
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia para nosotros y no es intencisn de la empresa la
inconformidad del receptor, nuestra intencisn es promover herramientas de
utilidad para el

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
almacenes html.jpg]

Re: looking for hardware recommendations, x86 or otherwise.

[Andres Perera]

On Thu, Feb 2, 2012 at 4:38 PM, Lars  wrote:
> Anon wrote:
>> Obviously you don't live in a 3rd world country. I do and nothing is 50
>> bucks here except the women. Nobody throws anything out except dead cats
>> and PCs cost about 350 USD for a new build based on 3-5 year old NOS parts
>> the Americans dumped on the market after they went obsolete.
>>
>>
>
>
> Well you can get computers in Canada for under 50 dollars, so it would
> require shipping them. B If you do it in massive bulk (palettes or
> containers) it only adds about 5-10 dollars extra shipping cost to each
> computer. B  And if you do it in massive bulk, it means the computer is no
> longer 50 dollars but a bulk discount is applied so only about $40
> dollars.
>
> I have shipped containers across the ocean to other countries before with
> hundreds of computers across Atlantic ocean. If you do not order them in
> bulk then it costs too much to ship them (more to ship them than the price
> of the computer itself!). It's all about bulk and quantity.
>
> So the third world country would have to gather all their funds together,
> and do a bulk purchase, rather than each person purchasing individually.

i have to agree with troll here

some countries have "control de cambio" which means that it's ilegal
to buy dollars/selected foreign currency past a certain extent on a
periodic basis

really, don't speculate about other places unless you know for sure

>
> The advantage of the raspberry pi is that you might be able to shove it
> inside a bubble padded envelope, whereas desktop computers need to be
> packed up on palettes and containers.
>
> Still, you need to buy LCD monitors or CRT, so the lightweight raspberry
> pi is a moot point, since LCD's and CRT's are heavy. Unless you already
> have LCD/CRT monitors and just need the PC part.

Re: looking for hardware recommendations, x86 or otherwise.

[Lars]

Anon wrote:
> Obviously you don't live in a 3rd world country. I do and nothing is 50
> bucks here except the women. Nobody throws anything out except dead cats
> and PCs cost about 350 USD for a new build based on 3-5 year old NOS parts
> the Americans dumped on the market after they went obsolete.
>
>


Well you can get computers in Canada for under 50 dollars, so it would
require shipping them.  If you do it in massive bulk (palettes or
containers) it only adds about 5-10 dollars extra shipping cost to each
computer.   And if you do it in massive bulk, it means the computer is no
longer 50 dollars but a bulk discount is applied so only about $40
dollars.

I have shipped containers across the ocean to other countries before with
hundreds of computers across Atlantic ocean. If you do not order them in
bulk then it costs too much to ship them (more to ship them than the price
of the computer itself!). It's all about bulk and quantity.

So the third world country would have to gather all their funds together,
and do a bulk purchase, rather than each person purchasing individually.

The advantage of the raspberry pi is that you might be able to shove it
inside a bubble padded envelope, whereas desktop computers need to be
packed up on palettes and containers.

Still, you need to buy LCD monitors or CRT, so the lightweight raspberry
pi is a moot point, since LCD's and CRT's are heavy. Unless you already
have LCD/CRT monitors and just need the PC part.

Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Paul Dejean]

Andres, it's the contents of the argv. It's not necessarily the
arguments at every stage of the process's life, but it's guaranteed to
be the arguments at some point in the process's life.

On Thu, Feb 2, 2012 at 1:35 PM, Andres Perera  wrote:
> they're not necessarily the arguments
>
> see setproctitle(3) and the behaviour of; e.g., sendmail, dhclient, etc
>
> On Wed, Feb 1, 2012 at 7:00 PM, Paul Dejean  wrote:
>> Even though it's bad practice, a lot of commonly programs will request
>> passwords or similar sensitive information as command line arguments.
>> For instance, curl, svn, useradd... There will usually be a way to
>> work around doing things this way (curl can read from a config file
>> for instance), but doing so is a hassle (have to write a new config
>> file for each request).
>>
>> I would really like some way to turn the access unprivileged users
>> have to this information on and off. Ideally I'd like it off by
>> default in OpenBSD (secure by default).
>>
>> Also I would like to add, that even if you folks shoot down this FR as
>> being an awful idea. It's good that there's an operating system
>> community where I feel comfortable bringing up this request, where I
>> wouldn't hear things like:
>> "You have untrusted users on your system? What a n00b"
>> "All security features are off by default, why should it be our
>> responsibility to protects admins from their stupid mistakes?"
>> "omg why should you care. hunting for sensitive information? it's not
>> like anyone actually does that"

Mapeo y Analisis de Procesos

[Lic. Cristina Torres]

Cierre de Inscripciones

Mapeo, AnC!lisis y RediseC1o de Procesos
Monterrey 08 de Febrero / Guadalajara 10 de Febrero / MC)xico D.F. 15 de
Febrero / Online en Vivo 16 de Febrero

Este programa estC! diseC1ado, en teorCa y prC!ctica, para aprender a
mapear los procesos con un enfoque analCtico que identifique relaciones,
dependencias y secuencias en las actividades de la organizaciC3n, desde
los macro procesos empresariales hasta su desdoblamiento en los
subprocesos y actividades productivas.

Al finalizar este programa, el participante serC! capaz de realizar el
rediseC1o de procesos, incluyendo tambiC)n:

b"Comprender la causa y efecto en cada actividad, identificando de esta
manera las C!reas de oportunidad que permitan desarrollar planes de
acciC3n, basados en prioridades que establezcan un proceso de mejora
continua.
b"Aprender a monitorear eficazmente los puntos crCticos de control que
miden el desempeC1o de las operaciones, alcanzando la sinergia de los
procesos con los objetivos de la empresa.
b"Desarrollar un programa maestro de procesos, incluyendo evaluaciC3n de
tiempos, costos y esfuerzos.

Para obtener un folleto GRATUITO con la informaciC3n completa,

Responda este correo con los siguientes datos:
Empresa:
Nombre:
Puesto:
Tel: ( )
Fecha de interC)s: ( ) Monterrey - ( ) Guadalajara - ( ) MC)xico, D.F. -
( ) Online en Vivo
E-mail: misc@openbsd.org

Llame a nuestra lada sin costo: 01800 25.010.20

Les pedimos que compartan esta invitaciC3n con quienes puedan
interesarse.
Si no puede visualizar correctamente este correo, le pedimos que lo
arrastre a su Bandeja de Entrada

Si desea que su cuenta de correo electrC3nico se elimine de nuestras
listas de distribuciC3n, responda con el asunto 24A65

Re: Supported hardware: miniPCIe WiFi adapter

[Jason McIntyre]

On Thu, Feb 02, 2012 at 06:11:33PM +, Jason McIntyre wrote:
> 
> the list on the website for supported hardware just points to the man
> pages. although man pages for wireless drivers do have lists of
> supported models, athn(4) doesn't. it simply lists supported chipsets
> (and yours is listed).
> 
> we did in the past list pretty extensively all these models on the web
> site, but keeping them and the man pages in sync was difficult, so now
> there are just links to the relevant man pages.
> 

markus, your mailer is rejecting my mail as spam (titters), so i'll post
this publicly.

if you have such a list (of supported athn models), or want to put
one together, you should mail it to whoever added athn to the system
(or whoever has been working on it recently). feel free to cc me.

jmc

Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Andres Perera]

they're not necessarily the arguments

see setproctitle(3) and the behaviour of; e.g., sendmail, dhclient, etc

On Wed, Feb 1, 2012 at 7:00 PM, Paul Dejean  wrote:
> Even though it's bad practice, a lot of commonly programs will request
> passwords or similar sensitive information as command line arguments.
> For instance, curl, svn, useradd... There will usually be a way to
> work around doing things this way (curl can read from a config file
> for instance), but doing so is a hassle (have to write a new config
> file for each request).
>
> I would really like some way to turn the access unprivileged users
> have to this information on and off. Ideally I'd like it off by
> default in OpenBSD (secure by default).
>
> Also I would like to add, that even if you folks shoot down this FR as
> being an awful idea. It's good that there's an operating system
> community where I feel comfortable bringing up this request, where I
> wouldn't hear things like:
> "You have untrusted users on your system? What a n00b"
> "All security features are off by default, why should it be our
> responsibility to protects admins from their stupid mistakes?"
> "omg why should you care. hunting for sensitive information? it's not
> like anyone actually does that"

Re: Supported hardware: miniPCIe WiFi adapter

[Jason McIntyre]

On Thu, Feb 02, 2012 at 07:00:48PM +0100, Markus Schatzl wrote:
> On Thu, 02  16:08 , Jason McIntyre wrote:
> ...
> > > high range). Appending it to the list of supported hardware would
> > > make sense.
> ...
> > 
> > which "list of supported hardware" are you referring to? this chipset is
> > already listed as supported in athn(4).
> 
> Pardon me, I thought the list also had card product names.
> 

which list? i'm not sure which list you are referring to.

the list on the website for supported hardware just points to the man
pages. although man pages for wireless drivers do have lists of
supported models, athn(4) doesn't. it simply lists supported chipsets
(and yours is listed).

we did in the past list pretty extensively all these models on the web
site, but keeping them and the man pages in sync was difficult, so now
there are just links to the relevant man pages.

jmc

> The reason I wrote this mail is I already tested cards with 
> chips listed under athn(4) which were performing quite poor, 
> e.g. the Compex WLM200NX 6A:
> 
> messages:Sep 19 22:39:29 aloha /bsd: athn0 at pci0 dev 14 function 0 "Atheros 
> AR9280" rev 0x01: irq 5
> messages:Sep 19 22:39:29 aloha /bsd: athn0: AR9280 rev 2 (2T2R), ROM rev 16, 
> address 00:80:48:72:5a:6b
> 
> Testing it was a frustrating experience. I remember it was merely 
> usable, i.e. only as a client and the connection dropped dead 
> out of the blue without any indication why.
> 
> This might have changed in the meantime, though.
> 
> Regards,
> /Markus

Re: Supported hardware: miniPCIe WiFi adapter

[Markus Schatzl]

On Thu, 02  16:08 , Jason McIntyre wrote:
...
> > high range). Appending it to the list of supported hardware would
> > make sense.
...
> 
> which "list of supported hardware" are you referring to? this chipset is
> already listed as supported in athn(4).

Pardon me, I thought the list also had card product names.

The reason I wrote this mail is I already tested cards with 
chips listed under athn(4) which were performing quite poor, 
e.g. the Compex WLM200NX 6A:

messages:Sep 19 22:39:29 aloha /bsd: athn0 at pci0 dev 14 function 0 "Atheros 
AR9280" rev 0x01: irq 5
messages:Sep 19 22:39:29 aloha /bsd: athn0: AR9280 rev 2 (2T2R), ROM rev 16, 
address 00:80:48:72:5a:6b

Testing it was a frustrating experience. I remember it was merely 
usable, i.e. only as a client and the connection dropped dead 
out of the blue without any indication why.

This might have changed in the meantime, though.

Regards,
/Markus

Solutions 2012 avec ALGO DATA

[Algo Data - Progiciels et Solutions 2.0]

ANNONCE ALGO DATA  2012 Fevrier



html{
font-family: 'Lucida Grande',Arial, Helvetica, sans-serif;
}

.orangeLink, .orangeLink:active, .orangeLink:visited{
color:#fe9328;
font-weight:bold;
}





Si ce message ne s'affiche pas correctement, vous pouvez le visualiser
grC"ce C  ce lien.












Cher Client, Cher partenaire,
Plus que jamais, nous serons C  vos cC4tC)s en 2012.
 Notre gamme de solution en ligne ( C.M.S ) et de progiciels B+ off-line B;
C)voluent, 2012 sera lboccasion dbannonces majeures. Lbaboutissement de
ces projets doit beaucoup C  votre confiance et votre collaboration, nous
profitons de cette occasion pour vous en remercier.
Au nom de lbC)quipe ALGO DATA

Antoine LAGIER, B Directeur et Fondateur
Nos solutions au service de votre savoir faire


Notre solution en ligne pour




Web-ADNS : Construire un site


Gipco-ADNS : Plateforme de gestion dbC)vC)nements


Mail-ADNS : eMailing Web 2.0



Nos Progiciels C  votre service pourB 




 GIPCO 5.0 B :B GC)rer un C)venement

UNIVERS 4.0 B :B Gestion relation commerciale - ERP








 ALGO DATA   - 7 Boulevard de chantenay - 44 100 Nantes - 02 51 80 85 85 -
i...@algodata.fr








Si ce message ne s'affiche pas correctement, vous pouvez le visualiser
grC"ce C  ce lien.   Si vous souhaitez ne plus recevoir de message de cette
liste.

Re: CARP strangeness after 5.0 upgrade

[Camiel Dobbelaar]

On 2-2-2012 17:34, Matt Hamilton wrote:
> Camiel Dobbelaar  sentia.nl> writes:
> 
>> Can you post the output of "netstat -m" and a dmesg?
> 
> # netstat -m
> 94 mbufs in use:
> 88 mbufs allocated to data
> 3 mbufs allocated to packet headers
> 3 mbufs allocated to socket names and addresses
> 87/938/8192 mbuf 2048 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
> 0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
> 2308 Kbytes allocated to network (8% in use)
> 0 requests for memory denied
> 0 requests for memory delayed
> 0 calls to protocol drain routines

That looks ok.

What is the carpdev of carp1 ?


--
Cam

Re: CARP strangeness after 5.0 upgrade

[Matt Hamilton]

Camiel Dobbelaar  sentia.nl> writes:

> Can you post the output of "netstat -m" and a dmesg?

# netstat -m
94 mbufs in use:
88 mbufs allocated to data
3 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
87/938/8192 mbuf 2048 byte clusters in use (current/peak/max)
0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
2308 Kbytes allocated to network (8% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines


And dmesg.boot:

OpenBSD 5.0 (GENERIC) #43: Wed Aug 17 10:10:52 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3
GHz
cpu0:

FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,F
XSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-I
D,xTPR
real mem  = 535818240 (510MB)
avail mem = 517001216 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/29/05, BIOS32 rev. 0 @
0xfd770, SMBIOS rev. 2.33 @ 0xd8010 (37 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 03/29/2005
bios0: Intel Corporation Canterwood CRB Board
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP ASF! APIC BOOT SSDT
acpi0: wakeup devices CSA_(S5) LAN_(S5) PCIB(S5) COMA(S1) COMB(S1)
AC97(S5) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EUSB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (CSA_)
acpiprt2 at acpi0: bus 1 (AGP_)
acpiprt3 at acpi0: bus 3 (PCIB)
acpicpu0 at acpi0: C3
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
0xca000/0x800 0xd8000/0x4000! 0xdc000/0x4000!
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82875P Host" rev 0x02
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0x0, size 0x800
ppb0 at pci0 dev 1 function 0 "Intel 82875P AGP" rev 0x02
pci1 at ppb0 bus 1
ppb1 at pci0 dev 3 function 0 "Intel 82875P CSA" rev 0x02
pci2 at ppb1 bus 2
em0 at pci2 dev 1 function 0 "Intel PRO/1000CT (82547GI)" rev 0x00:
apic 2 int 18, address 00:40:d0:43:bb:e4
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: apic
2 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: apic
2 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: apic
2 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801EB/ER USB" rev 0x02: apic
2 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: apic
2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xc2
pci3 at ppb2 bus 3
vga1 at pci3 dev 0 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
xl0 at pci3 dev 1 function 0 "3Com 3c905C 100Base-TX" rev 0x78: apic 2
int 17, address 00:0a:5e:57:3f:27
exphy0 at xl0 phy 24: 3Com internal media interface
em1 at pci3 dev 2 function 0 "Intel PRO/1000MT (82541GI)" rev 0x00:
apic 2 int 18, address 00:40:d0:43:bb:e5
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02:
DMA, channel 0 configured to compatibility, channel 1 configured
to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
ichiic0 at pci0 dev 31 function 3 "Intel 82801EB/ER SMBus" rev 0x02:
apic 2 int 17
iic0 at ichiic0
adt0 at iic0 addr 0x2e: adm1027 rev 0x6a
spdmem0 at iic0 addr 0x52: 256MB DDR SDRAM ECC PC3200CL3.0
spdmem1 at iic0 addr 0x53: 256MB DDR SDRAM ECC PC3200CL3.0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: usin

Re: CARP strangeness after 5.0 upgrade

[Camiel Dobbelaar]

On 2-2-2012 16:38, Matt Hamilton wrote:
> Camiel Dobbelaar  sentia.nl> writes:
> 
>> Can you show the output of:
>> - ifconfig carp
>> - ifconfig -g carp
>> - netstat -s -p carp
>> - sysctl net.inet.carp
> 
> Ahhh... actually, I noticed mbuf memory error with one of these:
> 
> # netstat -s -p carp
> carp:
> 3112793 packets received (IPv4)
> 0 packets received (IPv6)
> 0 packets discarded for bad interface
> 0 packets discarded for wrong TTL
> 0 packets shorter than header
> 0 discarded for bad checksums
> 0 discarded packets with a bad version
> 1347685 discarded because packet too short
> 0 discarded for bad authentication
> 0 discarded for unknown vhid
> 0 discarded because of a bad address list
> 4512672 packets sent (IPv4)
> 0 packets sent (IPv6)
> 8589 send failed due to mbuf memory error
> 391 transitions to master
> 
> And also increasing the carp logging I now see:
> 
> Feb  1 13:50:02 fw1 /bsd: carp: carp1 demoted group carp by -1 to 0 (< 
> snderrors)
> Feb  1 13:50:04 fw1 /bsd: carp0: state transition: BACKUP -> MASTER
> Feb  1 13:56:48 fw1 /bsd: carp: carp1 demoted group carp by 1 to 1 (> 
> snderrors)
> Feb  1 13:56:48 fw1 /bsd: carp0: state transition: MASTER -> BACKUP
> 
> So how do I go about debugging this?

Can you post the output of "netstat -m" and a dmesg?

Re: hp microserver n40l dmesg

[Sime Ramov]

> seems to work okay so far though I haven't pushed it yet; nice and
> quiet (fairly slow large fan), pity about the lack of rs232 though.

It is a nicely built machine indeed, N36L over here, used as a general
purpose desktop workstation.

Re: Supported hardware: miniPCIe WiFi adapter

[Jason McIntyre]

On Thu, Feb 02, 2012 at 05:01:10PM +0100, Markus Schatzl wrote:
> Hi,
> 
> this one is just for the record, as I had a hard time finding a 
> suitable miniPCIe WiFi adapter for a Soekris 6501 (that's easily
> available in DE).
> 
> The Ubiquity SR71-E works surprisingly well in -current, I'm
> tempted to outright recommend it (amongst others because of its
> high range). Appending it to the list of supported hardware would
> make sense.
> 
> Problems I reported with this card went away with the patches 
> stsp@ commited recently BTW.
> 
> 
> Here are the facts:
> 
> athn0 at pci7 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 0 int 17
> athn0: AR9280 rev 2 (2T2R), ROM rev 16, address 00:15:7d:84:a4:3d
> 

which "list of supported hardware" are you referring to? this chipset is
already listed as supported in athn(4).

jmc

Supported hardware: miniPCIe WiFi adapter

[Markus Schatzl]

Hi,

this one is just for the record, as I had a hard time finding a 
suitable miniPCIe WiFi adapter for a Soekris 6501 (that's easily
available in DE).

The Ubiquity SR71-E works surprisingly well in -current, I'm
tempted to outright recommend it (amongst others because of its
high range). Appending it to the list of supported hardware would
make sense.

Problems I reported with this card went away with the patches 
stsp@ commited recently BTW.


Here are the facts:

athn0 at pci7 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 0 int 17
athn0: AR9280 rev 2 (2T2R), ROM rev 16, address 00:15:7d:84:a4:3d


athn0: flags=8943 mtu 1500
hwfeatures=10
lladdr 00:15:7d:84:a4:3d
description: Wireless IPv4
priority: 4
groups: wlan
media: IEEE802.11 autoselect (autoselect mode 11b hostap)
status: active
ieee80211: nwid "Target IPv4" chan 5 bssid 00:15:7d:84:a4:3d
wpakey  wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp
wpagroupcipher tkip
inet 10.10.10.1 netmask 0xffe0 broadcast 10.10.10.31
inet6 fe80::215:6dff:fe84:a13d%athn0 prefixlen 64 scopeid 0x3

The media output is a bit lengthy, please see below.

All the best,
/Markus



media autoselect
media autoselect mediaopt hostap
media autoselect mediaopt monitor
media autoselect mode 11a
media autoselect mode 11a mediaopt hostap
media autoselect mode 11a mediaopt monitor
media OFDM6 mode 11a
media OFDM6 mode 11a mediaopt hostap
media OFDM6 mode 11a mediaopt monitor
media OFDM9 mode 11a
media OFDM9 mode 11a mediaopt hostap
media OFDM9 mode 11a mediaopt monitor
media OFDM12 mode 11a
media OFDM12 mode 11a mediaopt hostap
media OFDM12 mode 11a mediaopt monitor
media OFDM18 mode 11a
media OFDM18 mode 11a mediaopt hostap
media OFDM18 mode 11a mediaopt monitor
media OFDM24 mode 11a
media OFDM24 mode 11a mediaopt hostap
media OFDM24 mode 11a mediaopt monitor
media OFDM36 mode 11a
media OFDM36 mode 11a mediaopt hostap
media OFDM36 mode 11a mediaopt monitor
media OFDM48 mode 11a
media OFDM48 mode 11a mediaopt hostap
media OFDM48 mode 11a mediaopt monitor
media OFDM54 mode 11a
media OFDM54 mode 11a mediaopt hostap
media OFDM54 mode 11a mediaopt monitor
media autoselect mode 11b
media autoselect mode 11b mediaopt hostap
media autoselect mode 11b mediaopt monitor
media DS1 mode 11b
media DS1 mode 11b mediaopt hostap
media DS1 mode 11b mediaopt monitor
media DS2 mode 11b
media DS2 mode 11b mediaopt hostap
media DS2 mode 11b mediaopt monitor
media DS5 mode 11b
media DS5 mode 11b mediaopt hostap
media DS5 mode 11b mediaopt monitor
media DS11 mode 11b
media DS11 mode 11b mediaopt hostap
media DS11 mode 11b mediaopt monitor
media autoselect mode 11g
media autoselect mode 11g mediaopt hostap
media autoselect mode 11g mediaopt monitor
media DS1 mode 11g
media DS1 mode 11g mediaopt hostap
media DS1 mode 11g mediaopt monitor
media DS2 mode 11g
media DS2 mode 11g mediaopt hostap
media DS2 mode 11g mediaopt monitor
media DS5 mode 11g
media DS5 mode 11g mediaopt hostap
media DS5 mode 11g mediaopt monitor
media DS11 mode 11g
media DS11 mode 11g mediaopt hostap
media DS11 mode 11g mediaopt monitor
media OFDM6 mode 11g
media OFDM6 mode 11g mediaopt hostap
media OFDM6 mode 11g mediaopt monitor
media OFDM9 mode 11g
media OFDM9 mode 11g mediaopt hostap
media OFDM9 mode 11g mediaopt monitor
media OFDM12 mode 11g
media OFDM12 mode 11g mediaopt hostap
media OFDM12 mode 11g mediaopt monitor
media OFDM18 mode 11g
media OFDM18 mode 11g mediaopt hostap
media OFDM18 mode 11g mediaopt monitor
media OFDM24 mode 11g
media OFDM24 mode 11g mediaopt hostap
media OFDM24 mode 11g mediaopt monitor
media OFDM36 mode 11g
media OFDM36 mode 11g mediaopt hostap
media OFDM36 mode 11g mediaopt monitor
media OFDM48 mode 11g
   

Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Paul Dejean]

Ok so it's actually implemented in FreeBSD and NetBSD.

FreeBSD: security.bsd.see_other_uids=0 (in sysctl.conf)
NetBSD: security.models.bsd44.curtain=1 (in sysctl.conf)

I suppose I'll get to work porting one of those.

On Thu, Feb 2, 2012 at 5:27 AM, Tomas Bodzar  wrote:
> On Thu, Feb 2, 2012 at 7:29 AM, Paul Dejean  wrote:
>> I'll start working on a patch (even though it'll take me forever) if I
>> can be confident it wouldn't be vetoed because people don't like the
>> concept.
>
> Don't reinvent wheel https://www.youtube.com/watch?v=JaVnNllZxn4
>
> Eg. actual situation in NetBSD
> http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20100605_1826.html is
> quite similar to Solaris, but don't know technical details (how secure
> is that in fact)
>
>>
>> On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey
>>  wrote:
>>> On 2/02/2012, at 12:30 PM, Paul Dejean wrote:
>>>
 Even though it's bad practice, a lot of commonly programs will request
 passwords or similar sensitive information as command line arguments.
 For instance, curl, svn, useradd... There will usually be a way to
 work around doing things this way (curl can read from a config file
 for instance), but doing so is a hassle (have to write a new config
 file for each request).

 I would really like some way to turn the access unprivileged users
 have to this information on and off. Ideally I'd like it off by
 default in OpenBSD (secure by default).

 Also I would like to add, that even if you folks shoot down this FR as
 being an awful idea. It's good that there's an operating system
 community where I feel comfortable bringing up this request, where I
 wouldn't hear things like:
 "You have untrusted users on your system? What a n00b"
 "All security features are off by default, why should it be our
 responsibility to protects admins from their stupid mistakes?"
 "omg why should you care. hunting for sensitive information? it's not
 like anyone actually does that"

>>> I've got no comment on the idea itself ...
>>>
>>> In this "community", the reply is likely to be "great idea, where is your 
>>> sample implementation?"
>>>
>>> There are not a lot of developers - I'm not one - so generally ideas need 
>>> to be accompanied by code.
>>>
>>> It's a bit like the school P.T.A. that I help out with - there are lots of 
>>> ideas, but very few helpers - ideas welcome, but they need to be attached 
>>> to someone willing to actually do the work.
>>>
>>> HTH.

Re: CARP strangeness after 5.0 upgrade

[Matt Hamilton]

Camiel Dobbelaar  sentia.nl> writes:

> Can you show the output of:
> - ifconfig carp
> - ifconfig -g carp
> - netstat -s -p carp
> - sysctl net.inet.carp

Ahhh... actually, I noticed mbuf memory error with one of these:

# netstat -s -p carp
carp:
3112793 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
1347685 discarded because packet too short
0 discarded for bad authentication
0 discarded for unknown vhid
0 discarded because of a bad address list
4512672 packets sent (IPv4)
0 packets sent (IPv6)
8589 send failed due to mbuf memory error
391 transitions to master

And also increasing the carp logging I now see:

Feb  1 13:50:02 fw1 /bsd: carp: carp1 demoted group carp by -1 to 0 (< 
snderrors)
Feb  1 13:50:04 fw1 /bsd: carp0: state transition: BACKUP -> MASTER
Feb  1 13:56:48 fw1 /bsd: carp: carp1 demoted group carp by 1 to 1 (> snderrors)
Feb  1 13:56:48 fw1 /bsd: carp0: state transition: MASTER -> BACKUP

So how do I go about debugging this?

> Do you use pfsync?  If yes, can you try adding "keep state (no-sync)" to
> the carp rules?

I tried adding this, no effect. I also tried removing IPv6 from the interface 
as 
someone suggested, but that didn't help either it seems.

-Matt

Re: Long delay updating xenocara source tree?

[Steffen Daode Nurpmeso]

Henning Brauer wrote:
> there aren't all that many repositories the size of ours out there.

That's true.
But no Henning, i don't believe it's that;
you know, it's just that i don't have anything to say, because
i have no knowledge about the internals of cvs(1).

I always thought of this as some kind of misbehaviour in between
OpenCVS and GNU cvs, because i would think of cvs(1) as something
like this:

cvs up .
|
read CVS/Entries
|
for those files with diff. timestamps, checksum file
|
send list [+ checksums] to server
|
server compare revision/timestamp/[checksum]
- client unmodified: send diff (expected final checksum?)
- client modified: send full file (if size < treshold),
  otherwise do blockwise checksumming etc. (i.e. rsync-like)
  [I don't really believe cvs(1) does the latter though.]
|
integrate diffs / replace locally modified files

Wether cvs(1) does do some rsync-like block-checksumming for
locally modified files or not, uploading 10% of the repositories
size or more before any data is sent from the server just can't be
correct anyhow.  Even more for my usage case because there were no
locally modified files at all.

And also the problem goes away if you do specify files directly,
as with a file glob, so it makes a difference wether you say
$ cvs -fz9 up -PAC .
or
$ cvs -fz9 up -PAC *.*
I don't remember wether i've used -d or not.

So for me this turned out as either "look into the code,
instrument some functions and try to fix it" or "turn over to
cvsync".
And GNU cvs is hard to look at, with a lot of comments which refer
to some (numeric or so) error reports.  But it would surely be
interesting to know what is going wrong.

--steffen

Re: Long delay updating xenocara source tree?

[Brett]

> > > > And even more speedy when I added a "scanfile /root/cvsync-scanfile" 
> > > > line in the "collection" part of the config file.
> > > 
> > > You're running it as root?
> > > 
> > > It makes a lot more sense to use a separate user.
> > > 
> > 
> > I have been updating as root (the few times I have used it so far) but 
> > thanks for the reminder, will chown and switch to normal user next time.
> 
> I use a dedicated user for this.
> 

Sounds like a good idea. 

Re: Long delay updating xenocara source tree?

[Stuart Henderson]

On 2012/02/02 23:00, Brett wrote:
> On Thu, 2 Feb 2012 11:40:22 + (UTC)
> Stuart Henderson  wrote:
> 
> > On 2012-02-02, Brett  wrote:
> > > Yes, I also finally got around to trying cvsync because of this thread 
> > > and its a lot quicker. 
> > >
> > > And even more speedy when I added a "scanfile /root/cvsync-scanfile" line 
> > > in the "collection" part of the config file.
> > 
> > You're running it as root?
> > 
> > It makes a lot more sense to use a separate user.
> > 
> 
> I have been updating as root (the few times I have used it so far) but thanks 
> for the reminder, will chown and switch to normal user next time.

I use a dedicated user for this.

Re: Long delay updating xenocara source tree?

[Brett]

On Thu, 2 Feb 2012 11:40:22 + (UTC)
Stuart Henderson  wrote:

> On 2012-02-02, Brett  wrote:
> > Yes, I also finally got around to trying cvsync because of this thread and 
> > its a lot quicker. 
> >
> > And even more speedy when I added a "scanfile /root/cvsync-scanfile" line 
> > in the "collection" part of the config file.
> 
> You're running it as root?
> 
> It makes a lot more sense to use a separate user.
> 

I have been updating as root (the few times I have used it so far) but thanks 
for the reminder, will chown and switch to normal user next time.

Re: Long delay updating xenocara source tree?

[Stuart Henderson]

On 2012-02-02, Brett  wrote:
> Yes, I also finally got around to trying cvsync because of this thread and 
> its a lot quicker. 
>
> And even more speedy when I added a "scanfile /root/cvsync-scanfile" line in 
> the "collection" part of the config file.

You're running it as root?

It makes a lot more sense to use a separate user.

Re: FR: Make it possible to turn off untrusted users ability to read cmdline arguments of processes they don't own

[Tomas Bodzar]

On Thu, Feb 2, 2012 at 7:29 AM, Paul Dejean  wrote:
> I'll start working on a patch (even though it'll take me forever) if I
> can be confident it wouldn't be vetoed because people don't like the
> concept.

Don't reinvent wheel https://www.youtube.com/watch?v=JaVnNllZxn4

Eg. actual situation in NetBSD
http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20100605_1826.html is
quite similar to Solaris, but don't know technical details (how secure
is that in fact)

>
> On Wed, Feb 1, 2012 at 11:00 PM, Richard Toohey
>  wrote:
>> On 2/02/2012, at 12:30 PM, Paul Dejean wrote:
>>
>>> Even though it's bad practice, a lot of commonly programs will request
>>> passwords or similar sensitive information as command line arguments.
>>> For instance, curl, svn, useradd... There will usually be a way to
>>> work around doing things this way (curl can read from a config file
>>> for instance), but doing so is a hassle (have to write a new config
>>> file for each request).
>>>
>>> I would really like some way to turn the access unprivileged users
>>> have to this information on and off. Ideally I'd like it off by
>>> default in OpenBSD (secure by default).
>>>
>>> Also I would like to add, that even if you folks shoot down this FR as
>>> being an awful idea. It's good that there's an operating system
>>> community where I feel comfortable bringing up this request, where I
>>> wouldn't hear things like:
>>> "You have untrusted users on your system? What a n00b"
>>> "All security features are off by default, why should it be our
>>> responsibility to protects admins from their stupid mistakes?"
>>> "omg why should you care. hunting for sensitive information? it's not
>>> like anyone actually does that"
>>>
>> I've got no comment on the idea itself ...
>>
>> In this "community", the reply is likely to be "great idea, where is your 
>> sample implementation?"
>>
>> There are not a lot of developers - I'm not one - so generally ideas need to 
>> be accompanied by code.
>>
>> It's a bit like the school P.T.A. that I help out with - there are lots of 
>> ideas, but very few helpers - ideas welcome, but they need to be attached to 
>> someone willing to actually do the work.
>>
>> HTH.

Re: more Thinkpad T60 X/video woes (5.0-stable amd64)

[Tomas Bodzar]

On Wed, Feb 1, 2012 at 11:17 PM, Jonathan Thornburg
 wrote:
> In a thread back in November 2011,
> B http://marc.info/?t=132173453400070&r=1&w=1
> I reported intermittent kernel/X hangs (usually under near-idle loads)
> on a Thinkpad T60 widescreen laptop (alas I misspelled the name as
> "Tinkpad" in the Subject: line) running 5.0-stable amd64. B My full
> dmesg is given in the first message in that thread,
> B http://marc.info/?l=openbsd-misc&m=132105242827683&w=1
> along with various other (hopefully-)relevant information. B There's
> also more information on the problem symptoms in my later messages in
> that thread,
> B http://marc.info/?l=openbsd-misc&m=132103762123592&w=1
> B http://marc.info/?l=openbsd-misc&m=132137790200900&w=1
>
> I've now gathered a bit more information, and have some new questions
> for the list:
>
>
> Moving to 5.0-stable made no difference to this problem.
> Switching between GENERIC.mp and GENERIC made no difference to this
> problem.
>
> My original reports were with X autoconfiguring (i.e.,
> /etc/X11/xorg.conf did NOT exist), using the Radeon driver:
>
> % dmesg|grep vga
> vga1 at pci1 dev 0 function 0 "ATI Radeon Mobility X1400" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> radeondrm0 at vga1: apic 1 int 16
>
> Since I don't actually need/use accelerated 3-D video, I've tried to
> switch to the generic VESA X driver. B Alas, I haven't been able to
> construct an B /etc/X11/xorg.conf B which successfully uses the VESA
> driver at the full (15.4" widescreen) hardware screen resolution of
> 1680x1050 pixels. B (None of my attempts would go above 1400x1050
> pixels, "stretched" in a horribly ugly way to fill the screen.)
>
> As a last-ditch measure to try to get a reliable computer, I've tried
> disabling ALL video acceleration using the xorg.conf given below. B This
> "works" -- I've had no more hangs in the 2 months I've been using this
> configuration (now with 5.0-stable GENERIC.mp), whereas before I was
> getting multiple hangs/week. B Alas, this has come at the price of
> painfully slow scrolling in xterm, painfully slow window drags, and
> general video "performance" that reminds me of that 8 MB Sparcstation
> SLC I remember using back around 1990 or so. :( :(
>
> So... questions for the list:
> * Can anyone point me to a working xorg.conf to use the VESA video
> B driver on a T60 @ 1680x1050 pixel resolution?
> * Can anyone suggest a better fix or workaround for my X hangs?
> B Loosing 3-D acceleration is no problem for me, but 2-D acceleration
> B would be nice...
> * If I do switch back to the Radeon driver, and the hangs reoccur,
> B is there any information I could gather from a hung machine, and/or
> B any logging I could switch on before a hang, that would be useful
> B in further diagnosing the problem?
> * Starting from a cold boot, my current xorg.conf (given below) doesn't
> B work -- X is unable to properly initialize the video, resulting in
> B a screen display that's vaguely abstract-art bars of white pixels
> B scattered around the screen, with no X cursor visible. B So, right
> B now, after each cold boot I first start X with an xorg.conf in which
> B the line
>
> B  B  B  B Option B  B  "NoAccel" B  B  B  B  B  B  B  B  B  B # []
>
> B is commented out (with thie xorg.conf X starts fine, but is vulnerable
> B to crashes), then immediately shut down X, then restart with the
> B no-acceleration xorg.conf (the one given below). B This procedure works,
> B but is awkward. B Is there a way around this kludge?


Do you have possibility to try a snapshot to see if problem still persist?

>
> --- begin /etc/X11/xorg.conf to disable ALL video acceleration ---
> Section "ServerLayout"
> B  B  B  B Identifier B  B  "X.org Configured"
> B  B  B  B Screen B  B  B 0 B "Screen0" 0 0
> B  B  B  B InputDevice B  B "Mouse0" "CorePointer"
> B  B  B  B InputDevice B  B "Keyboard0" "CoreKeyboard"
> EndSection
>
> Section "Files"
> B  B  B  B ModulePath B  "/usr/X11R6/lib/modules"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/misc/"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/TTF/"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/OTF/"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/Type1/"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/100dpi/"
> B  B  B  B FontPath B  B  "/usr/X11R6/lib/X11/fonts/75dpi/"
> EndSection
>
> Section "Module"
> B  B  B  B Load B "dbe"
> B  B  B  B Load B "dri"
> B  B  B  B Load B "dri2"
> B  B  B  B Load B "extmod"
> B  B  B  B Load B "glx"
> B  B  B  B Load B "record"
> EndSection
>
> Section "InputDevice"
> B  B  B  B Identifier B "Keyboard0"
> B  B  B  B Driver B  B  B "kbd"
> EndSection
>
> Section "InputDevice"
> B  B  B  B Identifier B "Mouse0"
> B  B  B  B Driver B  B  B "mouse"
> B  B  B  B Option B  B  B "Protocol" "wsmouse"
> B  B  B  B Option B  B  B "Device" "/dev/wsmouse"
> B  B  B  B Option B  B  B "ZAxisMapping" "4 5 6 7"
> EndSection
>
> Section "Monitor"
> B  B  B  

Re: looking for hardware recommendations, x86 or otherwise.

[Anonymous Remailer (austria)]

> What's so funny is that they put GNU/Linux on it, when gNU is supposed to
> be about FREE dom. LOL. Fucking LOL.

That's perfect. GNU has nothing to do with free, it has to do with butt
fucking people until they become ASSimilated. Sounds like a match.

> For poor people in third world countries I think they would be better off
> buying used 1ghz-2ghz Desktop computers for $50/each

Obviously you don't live in a 3rd world country. I do and nothing is 50
bucks here except the women. Nobody throws anything out except dead cats
and PCs cost about 350 USD for a new build based on 3-5 year old NOS parts
the Americans dumped on the market after they went obsolete.

Fw:Misc, About New Glass Vendor-Dongguan Yuhe Glass CO.,LTD

[Henry]

Dear   Misc

Wish you have a good day first

Glad to hear that you are on the market for furniture industry, we specialized
in furniture galss for many years with good quality,competitive price,delivery
on time, also we had got the certification BS6206 of Europe temper glass
standard by SGS .
Our mainly products is  glass process as your design and requirement,  the
process includes as following:
glass cutting,
edge grind,
holes drilling,
silk screen printing,
painting,
sandbalested and so on.
Furniture Glass, Table Glass, Coffee Table Glass, Tea Table Glass, Cabinet
Glass, Window Glass, Silver Mirror
Glass Application:
The processed glass mianly applied for furniture (Such as table top, cabinet
window, doors) and electronics(TV base, frige panel, micro wave fluence), get
well hornor from our domestic and overseas cuctomer.
The attachment is the picture of the application of our glass products for
your ref..



Any question please do not hesitate to contact me,wish to establish business
relationship with your company!


Best wishes

Henry
Dongguan Yuhe Glass CO.,LTD
Add: Keji.Road,Keji Area Of Nancheng, Dongguan City,Guangdong
Province,P.R.C.523080
Mobile:+86-138 2576 5772
Tel: +86-769-2240 0888
Fax: +86-769-2240 9833
MSNo<exp...@yuheglass.com
Skype:   dgyuheglass
Email:exp...@yuheglass.com  /  sa...@yuheglass.com

[demime 1.01d removed an attachment of type image/jpg which had a name of 
Application.jpg]

καλά νέα-

[gx]

N3N5N9N1

NOON. N5N/N=N1N9 N

reply-to option for udp port 1194 ( for OpenVPN)

[Indunil Jayasooriya]

Hi list,

I am running PF on OpenBSD 5 with 2 external links.

One is ASDL and other is Leased line.

my /etc/mygate is set to adsl ip.

So, default route via ADSL.

But, I want to access OpenVPN (i.e port 1194) via Leased line from the
Internet.


when, I try to access I get below error.


Feb 02 13:21:04.717389 rule 17/(match) pass in on ne1: 220.x.y.z.53208
> 172.16.x.1.1194: udp 14

Feb 02 13:21:04.718461 rule 6/(match) block out on ne2:
192.168.1.z.1194 > 220.x.y.z.53208: udp 26
Feb 02 13:21:06.043509 rule 6/(match) block out on ne2:
192.168.1.z.1194 > 220.x.y.z.53208: udp 14


ip 192.168.1.z is the ip address of PF firewall that connects to ADSL router.




my pf.conf file looks like this.



vpn= "tun0"

match out on $wan_if from 10.0.1.0/24 nat-to ($wan_if)


# filter rules
block in log
block out log
#pass out quick log

antispoof quick for { lo $int_if }

pass in quick log on $vpn
pass out quick log on $vpn

pass in log on $wan_if inet proto udp from any to $wan_if \
  port 1194 reply-to ($wan_if $wan_gw)



I need your advice to solve this issue?

Anyway, if i set to with TCP like this

pass in log on $wan_if inet proto tcp from any to $wan_if \
  port 1194 reply-to ($wan_if $wan_gw)


It works . Why It does NOT work for udp?


Hope to hear from you..




, it works










-- 
Thank you
Indunil Jayasooriya

Re: looking for hardware recommendations, x86 or otherwise.

[Christiano F. Haesbaert]

These days we have cheap good low power intels. The pentium core g620t for
instance idles at less than 25w. If you want to go cheaper, amd brazos is
nice too but not so power effective.
 On Feb 2, 2012 1:02 AM, "Lars"  wrote:

> > https://en.wikipedia.org/wiki/Raspberry_Pi
> >
> > It's called viral marketing, PR, social crap whatever. Raspberry Pi
> > foundation claims something about support for schools and
> > blahblahblah, but in fact was created but one of engineers of
> > Broadcom. It's just test bed for their proprietary crap or vendor lock
> > in via children and a way how to lower taxes via charity organization
> > without real charity.
> >
> >
>
>
> What's so funny is that they put GNU/Linux on it, when gNU is supposed to
> be about FREE dom. LOL. Fucking LOL.
>
> I think Raspberry Pi isn't so useful for my needs anyway because for
> example it only has one network port, not two or three...
>
> For poor people in third world countries I think they would be better off
> buying used 1ghz-2ghz Desktop computers for $50/each that includes PCI
> slots and such. I've purchased some computers less than 50 dollars. The
> only advantage of the raspberry pi over a used desktop PC is that it uses
> much less power (1 Watt or whatever) and that it is really small. I don't
> see how a small tiny circuit will help third world countries but I can see
> an advantage to 1 watt electricity.