W540 Thinkpads
Is anyone using one with OpenBSD? Email me directly if you are willing to talk. Thanks, STeve Andre'
Re: syslog level and files
I think your complaint is answered in the blog you cite... "rsyslog can force the pid inside the TAG to match the pid of the log message emitter - for quite a while now. It is also easy to add additional "trusted properties"." Dan On Fri, Oct 3, 2014 at 6:25 PM, Jiri B wrote: > On Fri, Oct 03, 2014 at 04:37:06PM -0400, sven falempin wrote: > > Dear list, > > > > Why the level information of logs are not present in log files (and yes i > > could put a certain level in a certain file but then i have to sort it > > all..) ? > > Because "classic" syslog format is very free-form. > Sorry but is this only your problem with syslog? :) > > There are more issues, see: > > - http://blog.gerhards.net/2011/11/serious-syslog-problems.html > > For me highest issue is one cannot trust origin of the message. > > Oct 4 00:20:01 laptop1 foobar: hello world > > So did this message, which user, which pid? > > j.
Re: openbsdstore: enable javascript and buy something or gtfo
> | The OpenBSD Store > > | If you have JavaScript disabled you will not be able to order from > | this site... ludovic coues asked | I'm curious, how did you get this message ? (running 5.5-stable amd64) lynx https://www.openbsdstore.com or lynx http://www.openbsd.org --> Buy CDs/Shirts/Posters --> the OpenBSD Store -- -- "Jonathan Thornburg [remove -animal to reply]" Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA "There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time." -- George Orwell, "1984"
Re: openbsdstore: enable javascript and buy something or gtfo
On Sat, Oct 04, 2014 at 01:11:06AM +0300, Matti Karnaattu wrote: > > So you are saying that soon everything will be force fed to you and > > you will be ok with it? > > There are two things which irritates me in computing: > > 1. Need of security updates > 2. Two pieces of technology which are not compatible with each other. > > I'm GLAD that finally we have Javascript. At last, we have language and > platform that WORKS universally. No more dozen proprietary > (or open source), incompatible platforms. Once we have C-language that > can be compiled almost anywhere, with minor modifications as long as it > was command line software. > > Now we have Javascript that runs in browser, almost everywhere, without > modifications and do almost everything. > > It is simply wonderful. Best thing after invetion of WWW. I just changed a couple of security (ha!) settings in my google account and disabled access by "less secure apps". Then I tried to read my email using mutt. It failed and I got a nice email from google informing me of the blocked sign-in attempt and saying: "You can switch to an app made by Google such as Gmail to access your account (recommended) or change your settings at http://... so that your account is no longer protected by modern security standards." Please, *do* tell me more about your "simply wonderful" java-scripted browser-dependent cloud-based memory-hogging broadband-needing SAAS world, it sounds like such fun! You are on a mailing list of a heavily security-oriented OS (and community), proselytising about a computing model based on blindly downloading source code that will run locally (and doing this every time you want to use an "application"). Good luck.
Re: Changing MTU size
On 10/3/14 6:43 PM, Stuart Henderson wrote: > On 2014-10-03, Daniel Ouellet wrote: >> But this had nothing to do with options in hardware network cards >> configuration like half duplex, full duplex, auto negotiation, speed, >> mtu, etc. > > er, there is option 26, interface mtu. however dhclient(8) appears to ignore > it. As I said that's the 5.1, but works if path discover is enable no? I could be wring I didn't test it, in any case not all options are supported in dhclinet anyway, but hostname.if support it. So, still that's where it should be set by the OP
Re: [Bulk] Re: openbsdstore: enable javascript and buy something or gtfo
On 4 Oct 2014 at 1:41, Matti Karnaattu wrote: ... > I don't think that is pragmatic to expect people to use computers > without applications. Or expect users of some software doesn't want to > use applications. > why not be the ultimate pragmatist you preach and go run Windows? (Isn't that what "everybody" runs and the only platform "all" software developers support? and the best part -- you won't be spamming OpenBSD mailing lists anymore ;-)
Re: Changing MTU size
On 2014-10-03, Daniel Ouellet wrote: > But this had nothing to do with options in hardware network cards > configuration like half duplex, full duplex, auto negotiation, speed, > mtu, etc. er, there is option 26, interface mtu. however dhclient(8) appears to ignore it.
Re: [Bulk] Re: openbsdstore: enable javascript and buy something or gtfo
>and navigation of a site should not require javascript as >per w3c guidelines. The thing is that web is more than "web sites". It is also full of applications and these are totally mixed. >However considering OpenBSD users are security savvy and should >understand the potential risks of random sites running javascript I'm sure that probably everyone here understand these risks, but in order to be security savvy doesn't rule out that you can also be pragmatic. I don't think that is pragmatic to expect people to use computers without applications. Or expect users of some software doesn't want to use applications.
Re: syslog level and files
On Fri, Oct 03, 2014 at 04:37:06PM -0400, sven falempin wrote: > Dear list, > > Why the level information of logs are not present in log files (and yes i > could put a certain level in a certain file but then i have to sort it > all..) ? Because "classic" syslog format is very free-form. Sorry but is this only your problem with syslog? :) There are more issues, see: - http://blog.gerhards.net/2011/11/serious-syslog-problems.html For me highest issue is one cannot trust origin of the message. Oct 4 00:20:01 laptop1 foobar: hello world So did this message, which user, which pid? j.
Re: [Bulk] Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014 13:26:11 -0400 (EDT) david...@ling.ohio-state.edu wrote: > > > > Keeping Javascript disabled is like disabling programmability from > > shell. What is the idea? > > You're making a joke, maybe? > > *I* choose what programs my shell executes. But when I visit a > webpage on the internet with javascript enabled, someone *else* > chooses what programs are executed. > > So I don't enable javascript unless there's a good reason. And, for > my purposes, there almost never is a good reason. True and you wouldn't allow visitors to inject shell into your webserver and navigation of a site should not require javascript as per w3c guidelines. However considering OpenBSD users are security savvy and should understand the potential risks of random sites running javascript and it may be that the cheapest or current pay system available required javascript then it is probably more useful to ask paypal why on earth they reduced the potential security of their users for a slightly nicer look or investigate and suggest an alternative. OTOH I am told but correct me if I am wrong that in Germany they use bank transfers rather than credit cards and the banks I use no longer require javascript so perhaps that would be a better and more secure system all round, assuming they have a good method to verify the account numbers.
Re: Changing MTU size
I totally failed to see the relevance of the dhclient here. Option in DHCP have nothing to do with options in hardware specific network card configuration. Options (255 possible) in dhcp are like either specify in their number or in many cases with their name to make it easy for human, lke 1 -> Subnet 3 -> router 6 -> DNS servers 15 -> domain name 44 -> WINS/NBNS NetBIOS name servers 46 -> Wins/NBT 51 -> Lease time etc. The RFC 2132 is a good source for the full list if you want https://tools.ietf.org/html/rfc2132 But this had nothing to do with options in hardware network cards configuration like half duplex, full duplex, auto negotiation, speed, mtu, etc. I think you may be confusing the OP here by suggesting this. I think if you read the RFC you will see the MTU refereed there is the option code 24 and is not what you think it is. 4.6. Path MTU Aging Timeout Option This option specifies the timeout (in seconds) to use when aging Path MTU values discovered by the mechanism defined in RFC 1191 [12]. The timeout is specified as a 32-bit unsigned integer. Or may be the 4.7 or 5.1 or 5.2, but in all cases it is assuming the MTU discovery actually is enable and work. Nothing to do with the size of the packets. Yes is you have MTU discover enable on your network it will try to find the right size maximum supported, but if you do not have it enable, then you can't fix it via that option and you need to go back and enforce it via the hostname.if Hope this clarify it better. Daniel On 10/3/14 9:35 AM, trondd wrote: > The man page for dhclient.conf shows the ability to ignore options sent by > the dhcp server. If hostname.* doesn't do it, that might be necessary. > > Tim. > > On Fri, Oct 3, 2014 at 4:10 AM, Daniel Ouellet wrote: > >> On 10/2/14 11:39 PM, Daniel Ouellet wrote: >>> May be a bit more for you as well under man hostname.if >>> >>> in the description it said this. "Any lines not matching these packed >>> formats are passed directly to ifconfig(8)." >>> >>> and this section. >>> >>> options >>> Miscellaneous options to set on the interface, e.g., "media >>> 100baseTX mediaopt full-duplex". Valid options for a particular >>> interface type can be found in ifconfig(8). When used, the netmask and >>> broadcast_addr options must also be present. >>> >>> Based on this information look to me that you should be able to pass the >>> option you want and it would pass it to ifconfig on your behalf so you >>> should be able to preset your MTU as you see fit there for the network >>> card you specifically want. >>> >>> Anyway the best way would be to try and see what you get. >>> >>> Hopefully this provide you what you need. >>> >>> Daniel >>> >>> >>> >>> On 10/2/14 11:27 PM, Daniel Ouellet wrote: Unless I do not read the man page properly the information is available there. NAME ifconfig -- configure network interface parameters SYNOPSIS ifconfig [-AaC] [interface] [address_family] [address >> [dest_address]] [parameters] ... and lower you have: ... The following parameters may be set with ifconfig: ... mtu value Set the MTU for this device to the given value. Cloned routes inherit this value as a default. For Ethernet devices which support setting the MTU, a value greater than 1500 enables jumbo frames. The hardmtu output from hwfeatures shows the maximum supported MTU. ... So if you read the man page you should have the information you need. Hope this help Daniel
Re: openbsdstore: enable javascript and buy something or gtfo
> So you are saying that soon everything will be force fed to you and > you will be ok with it? There are two things which irritates me in computing: 1. Need of security updates 2. Two pieces of technology which are not compatible with each other. I'm GLAD that finally we have Javascript. At last, we have language and platform that WORKS universally. No more dozen proprietary (or open source), incompatible platforms. Once we have C-language that can be compiled almost anywhere, with minor modifications as long as it was command line software. Now we have Javascript that runs in browser, almost everywhere, without modifications and do almost everything. It is simply wonderful. Best thing after invetion of WWW. > Just because something is the standard, doesn't make it good. Heh, very true! What you expect?! It is typical that inferior solutions wins. See: http://en.wikipedia.org/wiki/Worse_is_better C and Unix is same thing. Or how about C++? There was Ada back then too. Sadly, world is not ideal. Have to accept some crap too to get better. Yes, I think Javascript is horrible language but after industry mutually accepted it, it become very useful.
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 3, 2014 at 12:20 PM, J Sisson wrote: > If the javascript contains an XMLHTTPRequest object, it can call out > to a different server (than the one you are visiting) without your > explicit knowledge, download content, and do basically whatever the > user the browser is running as can do, barring browser sandboxing, Also, Chromium and Firefox don't implement any OS-level sandboxing on OpenBSD. If anyone's interested in helping to fix that, see http://crbug.com/378813.
Re: openbsdstore: enable javascript and buy something or gtfo
On 03-10-2014 17:48, Matti Karnaattu wrote: > Unfortunately, we are living world where almost all applications are > nowadays writen with Javascript or compiled to Javascript. And it is > matter of time when rest of the issues are solved which prevents it > using ~everywhere to reduce server load. So you are saying that soon everything will be force fed to you and you will be ok with it? Just because something is the standard, doesn't make it good. Take a look at windows, for instance. Javascript can do too much damage, and it's pushed down your throat, you don't have a say on it. 99% of the javascript out there are benign (if you call adserving, benign). But the 1% that is not, is worrisome enough for me to no trust them blindly. Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: openbsdstore: enable javascript and buy something or gtfo
On 3 Oct 2014 at 23:48, Matti Karnaattu wrote: ... > >etc...and that's not the only way javascript can be used maliciously > > These are called security holes. > > >There is good reason not to explicitly trust javascript or any other > >browser plugin that allow the remote site to execute code on your > >machine. > > Unfortunately, we are living world where almost all applications are > nowadays writen with Javascript or compiled to Javascript. And it is > matter of time when rest of the issues are solved which prevents it > using ~everywhere to reduce server load. Many a naïve person believe you can "add" security as an afterthought but I'm not aware of this approach ever truly succeeding. > For that reason, it is not beneficial to avoid Javascript. Instead it > useful to think how it can be run securely. The only possible way to run it securely is to run it very very sparingly, and *only* when you believe that you are working with reasonable input. (You wouldn't go into a minefield armed only with a blindfold in order to "think how to do it safely", would you?) > Javascript is todays C. Fruits and vegetables. C is a fairly low-level *language* and the quality of the resulting application is entirely dependant on the programmer. Browser Javascript is as you yourself pointed out a *platform* i.e. it IS a complete application designed and built by people that do not think to close the barn until after the cows are gone (and probably consider any real lock to be too cumbersome).
Re: openbsdstore: enable javascript and buy something or gtfo
>If the javascript contains an XMLHTTPRequest object, it can call out >to a different server (than the one you are visiting) without your >explicit knowledge, download content, and do basically whatever the >user the browser is running as can do, I'm aware. This object is in practice transformed browser to application platform. >barring browser sandboxing, If it is leaking, yes. >etc...and that's not the only way javascript can be used maliciously These are called security holes. >There is good reason not to explicitly trust javascript or any other >browser plugin that allow the remote site to execute code on your >machine. Unfortunately, we are living world where almost all applications are nowadays writen with Javascript or compiled to Javascript. And it is matter of time when rest of the issues are solved which prevents it using ~everywhere to reduce server load. For that reason, it is not beneficial to avoid Javascript. Instead it useful to think how it can be run securely. Javascript is todays C.
syslog level and files
Dear list, Why the level information of logs are not present in log files (and yes i could put a certain level in a certain file but then i have to sort it all..) ? Best regards, -- - () ascii ribbon campaign - against html e-mail /\
Re: openbsdstore: enable javascript and buy something or gtfo
> Here it is for your convenience: > > If you wish to contact us by phone, please call +44 (0) 115 986 > 8786, Monday to Friday 10am-2:30pm - Linda Bramley > > Email: ord...@openbsdstore.com > Address: > OpenBSD Store > Zednax Limited > 241 Wellington Road South > Stockport > SK2 6NG > Thanks Aaron, I'm on the same boat as the OP. I was thinking about downloading the software and make a donation (hey, even PayPal works without JS !) but not being able to get the artwork would have been a shame. Denis
Re: openbsdstore: enable javascript and buy something or gtfo
No, the one lacking understanding is you -- the fact that 99.9% of the Internet users are clueless (and even worse, *lax*) about security, probably never heard of OpenBSD and most likely will never use it because it interferes with their daily fill of spam and malware is totally irrelevant for this particular community that, thankfully, has always been willing to do things *right* rather than *easy*. On 3 Oct 2014 at 22:01, Matti Karnaattu wrote: > >I can't know what interest openbsdeurope has in requiring users to > >enable JS to obtain any information from their website. > > Probably 999 users in thousand doesn't want to make web crippled and > doesn't even think that standard JS is any special requirement. > > > *I* choose what programs my shell executes. But when I visit a > > webpage on the internet with javascript enabled, someone *else* > > chooses what programs are executed. > > No, you choosed that web page to visit. > > I think that you don't probably understand that web is nowadays > by default, software platform. Web pages are applications. > > You can make your life easier by enabling Javascript. > > Soon it is probably nearly impossible to do anything useful with web > without Javascript. It is defacto and dejure standard language for > portable applications.
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 3, 2014 at 12:01 PM, Matti Karnaattu wrote: > No, you choosed that web page to visit. http://www.w3schools.com/xml/xml_http.asp If the javascript contains an XMLHTTPRequest object, it can call out to a different server (than the one you are visiting) without your explicit knowledge, download content, and do basically whatever the user the browser is running as can do, barring browser sandboxing, etc...and that's not the only way javascript can be used maliciously, as has been pointed out by others. There is good reason not to explicitly trust javascript or any other browser plugin that allow the remote site to execute code on your machine. Granted, it doesn't necessarily take javascript: http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
Re: openbsdstore: enable javascript and buy something or gtfo
On 03-10-2014 16:01, Matti Karnaattu wrote: > Soon it is probably nearly impossible to do anything useful with web > without Javascript. It is defacto and dejure standard language for > portable applications. I believe the OP could have done his research a little better, there are other ways of finding contact information, even when the site refuses to give any information unless javascript is enabled. But, I too only enable javascript on the sites only when I feel the need to do so. Javascript can be, and has been, used to do all sort of nasty stuff. And, since more and more things are moving to the web, it's a big target. Try using noscript and you'll see that some websites bring along thirdy-party scripts that themselves bring along other scripts. It's a nightmare. You can't possibly trust all of them. Cheers, [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: openbsdstore: enable javascript and buy something or gtfo
>I can't know what interest openbsdeurope has in requiring users to >enable JS to obtain any information from their website. Probably 999 users in thousand doesn't want to make web crippled and doesn't even think that standard JS is any special requirement. > *I* choose what programs my shell executes. But when I visit a > webpage on the internet with javascript enabled, someone *else* > chooses what programs are executed. No, you choosed that web page to visit. I think that you don't probably understand that web is nowadays by default, software platform. Web pages are applications. You can make your life easier by enabling Javascript. Soon it is probably nearly impossible to do anything useful with web without Javascript. It is defacto and dejure standard language for portable applications.
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, Matti Karnaattu wrote: Why should I enable javascript to obtain basic information about a website? Why do not keep Javascript all time enabled? Keeping Javascript disabled is like disabling programmability from shell. What is the idea? You're making a joke, maybe? *I* choose what programs my shell executes. But when I visit a webpage on the internet with javascript enabled, someone *else* chooses what programs are executed. So I don't enable javascript unless there's a good reason. And, for my purposes, there almost never is a good reason. -wes -- "It's a universal symbol, a man and a woman together. It's a restroom." --- some guy sitting next to me on an airplane
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, david...@ling.ohio-state.edu wrote: On Fri, 3 Oct 2014, Theo de Raadt wrote: But instead you brought your complaint to misc. Indeed. You have an agenda. Sure do. I had reason to distrust the website, as I've explained. But I have no reason to distrust this listserv. I'll elaborate a little, in the interest of clarity, and then leave the thread. I can't know what interest openbsdeurope has in requiring users to enable JS to obtain any information from their website. But it occurred to me that such an interest *could* conceivably conflict with the interests of the openbsd project, and perhaps some of its users. So I shared what I had noticed, with the project and its users here. In good faith. Take care. -wes
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 3, 2014 at 9:53 AM, ludovic coues wrote: > 2014-10-03 16:09 GMT+02:00 : >> In my browser of choice, configured sensibly, this is all that can be >> seen at openbsdstore.com and openbsdeurope.com: >> >> | The OpenBSD Store >> >> | If you have JavaScript disabled you will not be able to order from >> | this site... >> > > I'm curious, how did you get this message ? > > -- > > Cordialement, Coues Ludovic > +336 148 743 42 > $ curl openbsdstore.com http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> http://www.w3.org/1999/xhtml";> The OpenBSD Store If you have JavaScript disabled you will not be able to order from this site...
Re: openbsdstore: enable javascript and buy something or gtfo
>Why should I enable javascript to obtain basic information about a >website? Why do not keep Javascript all time enabled? Keeping Javascript disabled is like disabling programmability from shell. What is the idea?
Re: openbsdstore: enable javascript and buy something or gtfo
2014-10-03 16:09 GMT+02:00 : > In my browser of choice, configured sensibly, this is all that can be > seen at openbsdstore.com and openbsdeurope.com: > > | The OpenBSD Store > > | If you have JavaScript disabled you will not be able to order from > | this site... > I'm curious, how did you get this message ? -- Cordialement, Coues Ludovic +336 148 743 42
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 3, 2014 at 10:48 AM, wrote: > On Fri, 3 Oct 2014, Theo de Raadt wrote: > >>> Who said anything about an order page? >>> >>> Who said anything about final decisions? The text provided gave me no >>> information upon which to base any decision of that kind. >>> >>> As I made perfectly clear in my post, the accessible content on the >>> website is a single, elided sentence. >>> >>> Why should I enable javascript to obtain basic information about a >>> website? >>> >>> Really, it's quite an achievement, seeing as even Facebook pages >>> aren't completely void of content when viewed without javascript. >> >> >> You know who to mail, to help get that improved. > > > No, I actually don't. See my first post. I could guess, but I didn't > feel like guessing. To be fair - you probably couldn't see the contact info with JS disabled. Here it is for your convenience: If you wish to contact us by phone, please call +44 (0) 115 986 8786, Monday to Friday 10am-2:30pm - Linda Bramley Email: ord...@openbsdstore.com Address: OpenBSD Store Zednax Limited 241 Wellington Road South Stockport SK2 6NG OpenBSD Store is a trading name of Zednax Limited. Zednax Limited is registered in England and Wales, Company no. 05321754. Registered address: Meadow House, Meadow Lane, Nottingham, NG2 3HS. Zednax Limited is VAT registered, VAT registration no. GB 855 4468 92. Also this is from openbsd.org: Pre-orders for the upcoming OpenBSD 5.6 release are enabled at our new order site -- openbsdstore.com operated by Zednax Limited from the UK. > >> But instead you brought your complaint to misc. > > > Indeed. > >> You have an agenda. > > > Sure do. I had reason to distrust the website, as I've explained. > > But I have no reason to distrust this listserv. > > -wes
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, Theo de Raadt wrote: Who said anything about an order page? Who said anything about final decisions? The text provided gave me no information upon which to base any decision of that kind. As I made perfectly clear in my post, the accessible content on the website is a single, elided sentence. Why should I enable javascript to obtain basic information about a website? Really, it's quite an achievement, seeing as even Facebook pages aren't completely void of content when viewed without javascript. You know who to mail, to help get that improved. No, I actually don't. See my first post. I could guess, but I didn't feel like guessing. But instead you brought your complaint to misc. Indeed. You have an agenda. Sure do. I had reason to distrust the website, as I've explained. But I have no reason to distrust this listserv. -wes
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, Theo de Raadt wrote: So easy to be critical. Sure. And some criticism happens to be useful. Some say it's even more useful than wagon-circling.
Re: openbsdstore: enable javascript and buy something or gtfo
> > 2014-10-03 16:09 GMT+02:00 : > >> Strangely enough, this doesn't incline me to enable javascript. > > > > Why? > > > > Don't you trust the store? > > Heh, literally blind trust, eh? > > What store? You call it a store. And I did expect it to be a store > of some kind, since openbsd.org/orders.html links to it as the sole > source for CDs. > > But the failure to provide minimal contact info, not to mention any > descriptive content, doesn't inspire confidence. > > Whoever is responsible for it, if they can't be troubled to put up an > accessible website, then it really doesn't matter whether I employ > Hanlon's razor or not. Whether this is a case of malice or > incompetence, my response is the same. So easy to be critical.
Re: openbsdstore: enable javascript and buy something or gtfo
> Who said anything about an order page? > > Who said anything about final decisions? The text provided gave me no > information upon which to base any decision of that kind. > > As I made perfectly clear in my post, the accessible content on the > website is a single, elided sentence. > > Why should I enable javascript to obtain basic information about a > website? > > Really, it's quite an achievement, seeing as even Facebook pages > aren't completely void of content when viewed without javascript. You know who to mail, to help get that improved. But instead you brought your complaint to misc. You have an agenda.
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, Bryan Steele wrote: On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote: In my browser of choice, configured sensibly, this is all that can be seen at openbsdstore.com and openbsdeurope.com: | The OpenBSD Store | If you have JavaScript disabled you will not be able to order from | this site... And yes, it literally ends with an ellipsis. Strangely enough, this doesn't incline me to enable javascript. -wes So, you visit an order page likely content on providing your billing information and shipping address, but it's the use of Javascript that sways your final decision to order? Who said anything about an order page? Who said anything about final decisions? The text provided gave me no information upon which to base any decision of that kind. As I made perfectly clear in my post, the accessible content on the website is a single, elided sentence. Why should I enable javascript to obtain basic information about a website? Really, it's quite an achievement, seeing as even Facebook pages aren't completely void of content when viewed without javascript. -wes
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, 3 Oct 2014, Martin Schröder wrote: > 2014-10-03 16:09 GMT+02:00 : >> Strangely enough, this doesn't incline me to enable javascript. > > Why? > > Don't you trust the store? Heh, literally blind trust, eh? What store? You call it a store. And I did expect it to be a store of some kind, since openbsd.org/orders.html links to it as the sole source for CDs. But the failure to provide minimal contact info, not to mention any descriptive content, doesn't inspire confidence. Whoever is responsible for it, if they can't be troubled to put up an accessible website, then it really doesn't matter whether I employ Hanlon's razor or not. Whether this is a case of malice or incompetence, my response is the same. -wes
NAT logging and limits using pf
I am trying to determine whether using an OpenBSD system to perform institutional NAT for our wireless users would be a viable option. At the present time we are evaluating the A10 Thunder CGN appliance. There are a few issues for which I would like to get some input for those using pf for NAT in large environments ( > 10k users ) * are there problems with arp cache resources ? * can logging be modified to use radius ? We really need some hooks to determine who is/was responsible for a given session. Thanks in advance for any operational experience you may have using pf in a similar environment. -- Russell Sutherland I+TS email:russell.sutherl...@utoronto.ca office: +1.416.978.0470 mobile: +1.416.803.0080
Re: openbsdstore: enable javascript and buy something or gtfo
He didn't say it changed his decision to order. It is a rather terse and unhelpful message, though. It could at least mention the option of ordering via email. Tim.
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 3, 2014 at 10:25 AM, Bryan Steele wrote: > So, you visit an order page likely content on providing your billing > information and shipping address, but it's the use of Javascript that > sways your final decision to order? I thought it was the ellipsis that did it :-) -- "Don't eat anything you've ever seen advertised on TV" - Michael Pollan, author of "In Defense of Food"
Re: openbsdstore: enable javascript and buy something or gtfo
2014-10-03 16:09 GMT+02:00 : > Strangely enough, this doesn't incline me to enable javascript. Why? Don't you trust the store?
Re: openbsdstore: enable javascript and buy something or gtfo
On Fri, Oct 03, 2014 at 10:09:36AM -0400, david...@ling.ohio-state.edu wrote: > In my browser of choice, configured sensibly, this is all that can be > seen at openbsdstore.com and openbsdeurope.com: > > | The OpenBSD Store > > | If you have JavaScript disabled you will not be able to order from > | this site... > > And yes, it literally ends with an ellipsis. > > Strangely enough, this doesn't incline me to enable javascript. > > -wes So, you visit an order page likely content on providing your billing information and shipping address, but it's the use of Javascript that sways your final decision to order? Right... -Bryan.
openbsdstore: enable javascript and buy something or gtfo
In my browser of choice, configured sensibly, this is all that can be seen at openbsdstore.com and openbsdeurope.com: | The OpenBSD Store | If you have JavaScript disabled you will not be able to order from | this site... And yes, it literally ends with an ellipsis. Strangely enough, this doesn't incline me to enable javascript. -wes
Re: Changing MTU size
The man page for dhclient.conf shows the ability to ignore options sent by the dhcp server. If hostname.* doesn't do it, that might be necessary. Tim. On Fri, Oct 3, 2014 at 4:10 AM, Daniel Ouellet wrote: > On 10/2/14 11:39 PM, Daniel Ouellet wrote: > > May be a bit more for you as well under man hostname.if > > > > in the description it said this. "Any lines not matching these packed > > formats are passed directly to ifconfig(8)." > > > > and this section. > > > > options > > Miscellaneous options to set on the interface, e.g., "media > > 100baseTX mediaopt full-duplex". Valid options for a particular > > interface type can be found in ifconfig(8). When used, the netmask and > > broadcast_addr options must also be present. > > > > Based on this information look to me that you should be able to pass the > > option you want and it would pass it to ifconfig on your behalf so you > > should be able to preset your MTU as you see fit there for the network > > card you specifically want. > > > > Anyway the best way would be to try and see what you get. > > > > Hopefully this provide you what you need. > > > > Daniel > > > > > > > > On 10/2/14 11:27 PM, Daniel Ouellet wrote: > >> Unless I do not read the man page properly the information is available > >> there. > >> > >> > >> NAME > >> ifconfig -- configure network interface parameters > >> SYNOPSIS > >> ifconfig [-AaC] [interface] [address_family] [address > [dest_address]] > >> [parameters] > >> > >> ... > >> and lower you have: > >> ... > >> The following parameters may be set with ifconfig: > >> ... > >> mtu value > >> Set the MTU for this device to the given value. Cloned routes > >> inherit this value as a default. For Ethernet devices which support > >> setting the MTU, a value greater than 1500 enables jumbo frames. The > >> hardmtu output from hwfeatures shows the maximum supported MTU. > >> ... > >> > >> So if you read the man page you should have the information you need. > >> > >> Hope this help > >> > >> Daniel
Re: athn(4) may start in "no carrier" state when a failover trunkport
Way back in July, I wrote: > When using this hostname.trunk0: > > --- > trunkproto failover trunkport alc0 trunkport athn0 > -inet6 > dhcp > --- > > If the master trunkport is active on initial state, either at boot or > upon resume from suspend, on occasion the athn0 NIC shows "no carrier". > Upon initiation of failover while in this state, it does not recover. > > If the athn0 NIC is used as egress and not part of a trunk, it is always > "active" and never enters the same state. > > A scan corrects the state, so this ifstated.conf has been implemented as > an attempted circumvention. While it still occurs with trunk participation, I think this may be a much simpler circumvention: /etc/apm/resume: #!/bin/sh ifconfig athn0 down up
Re: Firewall: Where is the bottleneck?
On 3 October 2014 11:11, Ville Valkonen wrote: > On 2 October 2014 23:36, wrote: >>> $ sysctl kern.netlivelocks >> kern.netlivelocks=2 >> >> What does this means? I found something like a deadlock, when two processes >> block each other, I'm right? > > This is useful information specially under the load. I don't have the > source code available at the moment but as far as I know/remember it > tells how much interrupts network devices create (this is likely > wrong, don't take it as a fact. And please, someone correct me). > >>> and interrupt statistics (by systat for example) would be helpful. >> >> You mean during peak load. I will send it on Monday. > > Yes, that's correct. Sorry for not mention this in the first mail. > > btw. if you could yet provide this information it would be great: > $ sudo pfctl -sa |grep -A 5 LIMITS Correction: rather use pfctl -s memory
Re: Firewall: Where is the bottleneck?
On 2 October 2014 23:36, wrote: >> $ sysctl kern.netlivelocks > kern.netlivelocks=2 > > What does this means? I found something like a deadlock, when two processes > block each other, I'm right? This is useful information specially under the load. I don't have the source code available at the moment but as far as I know/remember it tells how much interrupts network devices create (this is likely wrong, don't take it as a fact. And please, someone correct me). >> and interrupt statistics (by systat for example) would be helpful. > > You mean during peak load. I will send it on Monday. Yes, that's correct. Sorry for not mention this in the first mail. btw. if you could yet provide this information it would be great: $ sudo pfctl -sa |grep -A 5 LIMITS -- Regards, Ville
Re: Changing MTU size
On 10/2/14 11:39 PM, Daniel Ouellet wrote: > May be a bit more for you as well under man hostname.if > > in the description it said this. "Any lines not matching these packed > formats are passed directly to ifconfig(8)." > > and this section. > > options > Miscellaneous options to set on the interface, e.g., “media > 100baseTX mediaopt full-duplex”. Valid options for a particular > interface type can be found in ifconfig(8). When used, the netmask and > broadcast_addr options must also be present. > > Based on this information look to me that you should be able to pass the > option you want and it would pass it to ifconfig on your behalf so you > should be able to preset your MTU as you see fit there for the network > card you specifically want. > > Anyway the best way would be to try and see what you get. > > Hopefully this provide you what you need. > > Daniel > > > > On 10/2/14 11:27 PM, Daniel Ouellet wrote: >> Unless I do not read the man page properly the information is available >> there. >> >> >> NAME >> ifconfig — configure network interface parameters >> SYNOPSIS >> ifconfig [-AaC] [interface] [address_family] [address [dest_address]] >> [parameters] >> >> ... >> and lower you have: >> ... >> The following parameters may be set with ifconfig: >> ... >> mtu value >> Set the MTU for this device to the given value. Cloned routes >> inherit this value as a default. For Ethernet devices which support >> setting the MTU, a value greater than 1500 enables jumbo frames. The >> hardmtu output from hwfeatures shows the maximum supported MTU. >> ... >> >> So if you read the man page you should have the information you need. >> >> Hope this help >> >> Daniel
Re: Changing MTU size
Unless dhclient fiddles with mtu, which i really don't believe, just add "mtu 1476" on a line in /etc/hostname.re1 /Alexander On 3 October 2014 04:34:15 CEST, Jay Hart wrote: >For reasons beyond my control and if I want to continue running my own >email server, I need to >change the MTU size to max of 1476. I ran "ifconfig re1 mtu 1476", and >this command took, >ifconfig reported mtu size of 1476. > >Re1 is setup using dhcp and I want to know how to make this (mtu size >1476) a permanent parameter >upon rebooting. > >Thanks for your time, > >Jay -- Sent from my Android device with K-9 Mail. Please excuse my brevity.