Re: The Care and Feeding of OpenBSD
Hello! On Tue, Aug 16, 2005 at 11:36:42AM -0400, Timothy Donahue wrote: [...] As a general rule, if the update is in a library or in the /usr/src/sys folder then I build and install a new kernel then do a `make build`. If the change is in an application, then I skip the kernel. IIRC the kernel doesn't use anything to build not contained in /usr/src/sys, so I think no new kernel needed for /usr/src/lib changes. [...] Kind regards, Hannah.
Re: A question to lib/libc/gen/daemon.c
Hello!
On Sun, Aug 21, 2005 at 09:54:06AM +0200, Alexander Farber wrote:
if (!noclose (fd = open(_PATH_DEVNULL, O_RDWR, 0)) != -1) {
(void)dup2(fd, 0);
(void)dup2(fd, 1);
(void)dup2(fd, 2);
if (fd 2)
(void)close (fd);
}
right? What is this last check (fd 2) needed for? Isn't fd always 2,
because the first 3 are already taken by the STDxxx streams at the
program start?
What if any of the descriptors = 2 are closed before invocation
of daemon? Then fd will be = 2, and if you close it, the desired
state (/dev/null open on 0, 1, and 2) will not be achieved.
I.e. safety.
Thanks
Alex
Kind regards,
Hannah.
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 02:28:25PM +0300, Genadijus Paleckis wrote: [...] Is that means that 3.8 might be unstable ? Maybe all who wants/needs stable systems need to run 3.7 ? well, from base system side I gues it will be minimal problems, but what about ports ? because almost everyone using it. The very most things just work for me. Base, X11, applications like firefox or gaim, own C/C++ code. A few things that get bitten are some packages doing their own and very different memory management, but can't avoid malloc altogether. That is ports/lang/clisp, that seems to be also gprolog, according to Marc Espie. I'd guess it'll also bite sbcl/cmucl (but there's no current port [neither in the sense of /usr/ports, nor in the sense of a 3rd party package] of cmucl for OpenBSD anyway). Some other things are not bitten in the same way, even though they do have different memory management. Including ghc, probably also SML/NJ (own build as of Jul 12, using libc 38.1, wasn't mmap-based malloc + mmap randomization in there already?). I *am* a bit sad about the fact that there're no running Lisp implementations for OpenBSD at all in the moment, but I don't have the energy to contribute own effort to change this, and it's not *that* high priority for me. I think Theo's (and other core developers') decision to release 3.8 with those malloc/mmap changes in is good overall. Kind regards, Hannah.
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 08:02:54AM -0500, Dave Feustel wrote: On Wednesday 24 August 2005 07:04, Hannah Schroeter wrote: I *am* a bit sad about the fact that there're no running Lisp implementations for OpenBSD Does (X)emacs work? Yes, but I meant (and neglected to say explicitly) Common Lisp. Kind regards, Hannah.
Re: proper way to format/use floppies (i386)
Hello! On Wed, Aug 24, 2005 at 07:57:55AM -0700, Spruell, Darren-Perot wrote: [...] Is there any reason to use FFS on a floppy? Won't FAT (-12, or whatever) work fine? Could you just mformat it and be along? Of course there is. Just take a look at the boot floppies, for example. Or think of the floppy image I used for that mini bridge hack... Or if you want to use features FAT doesn't offer, like owners/permissions/255 char filenames. But I guess for many purposes, mformat and either mtools or mount_msdosfs will be enough. Kind regards, Hannah.
Re: 3.8 beta requests
Hello! On Wed, Aug 24, 2005 at 12:57:27PM -0500, Andrew Dyer wrote: It was very frustrating to try and make things better and get ignored. I can share some frustration. About a year ago, I made a port for erlang (the current port just doesn't work at all, and it's ancient anyway, so *anything* is better than the in-tree port). IIRC got feedback by one other person that it basically works. Nothing got committed, I didn't have the energy to follow on upon it. A few months later, someone asked about erlang, I answered and mailed the port of last summer, then IIRC that someone made an updated port (a newer Erlang release was out, and a few changes in the ports infrastructure) and submitted it. Again, nothing got committed, even though just *anything* would be better than the in-tree port. Kind regards, Hannah.
Re: complex.h under OpenBSD
Hello! On Sat, Sep 03, 2005 at 09:30:51AM +0200, Ramiro Aceves wrote: [...] Thank you very much to all for your responses. I seems that It is a good time to learn the C++ thing. Some time ago with no too much free time, I tried it with no luck. I found object oriented programming very strange. I found upgrading much of my C... programming to C++ instead of C proper quite worthwhile. A good thing is, C++ doesn't force you into full OO as much as Java, Eiffel, or similar. You can use C++ as slightly enhanced C (even though some C++ people might cringe at that idea), you can use it to do OO stuff, you can do some generic programming, and you can combine things as they feel fit. Some problem domains fit OO better than others, so you always can make a different choice. Anyway, It seems that if I want to make NEC compile under OpenBSD, I will have to do some hard work ;-) I think it will be a good and interesting programming experience. Of course you could also suggest changes (patches) to OpenBSD to support enough of C99 to make that NEC thing compile with less changes to that. Though, I find it quite premature, on the side of software authors, to except C99 support with no fallback. [...] Kind regards, Hannah.
Re: MP3 Daemon
Hello! On Mon, Sep 12, 2005 at 09:39:19PM +1000, Steve Murdoch wrote: Hi all, I have used mpg321 and mp3blaster to continuously loop a randomised playlist. The machine does nothing else so the cpu utilisation of mp3blaster doesnt matter. Does any one know of anything that is designed to work in daemon mode. Both the above products seem a little unpredictable when left running and logged out. screen helps. Steve Kind regards, Hannah.
Re: Url checker
Hello! On Mon, Oct 03, 2005 at 12:24:41PM -0400, Dave Anderson wrote: ** Reply to message from [EMAIL PROTECTED] on Mon, 3 Oct 2005 11:08:31 +0200 Anyone knows a good URL checker that runs on OpenBSD? My boss wants me to monitor web site traffic and present a report with all visits to all websites per user (pc). I've searched the internet but did not find an appropriate (free) solution. I have been playing with the idea to use snort, but that seems a lot of work to me. Your boss _is_ aware that what he seems to be asking for is fundamentally impossible, due to caching proxies, dynamic IP addresses, multiuser systems, etc? An exact solution is impossible for the reasons you state. But you *can* do heuristic approximations. I don't know of any free solutions though. But I know that the OP isn't alone. There's a company doing that for the web sites they host, based on the httpd (Apache) logs. Dave Kind regards, Hannah.
Re: permissions on automatically created symlinks
Hello! On Fri, Oct 07, 2005 at 11:50:42AM +0200, Isak Lyberth wrote: I have added a symlink that i need newly created users to automatically get, when they are created, into /etc/skel when i add new users this symlink is created just fine, but the owner of it is root:wheel i need it to be a certain group that can will have read access to the symlink and to the destination folder. Owner/Group/Permissions of symlinks are completely irrelevant for readlink as well as access to the file/directory the link points to. The only point where I've found a relevance is if you want to remove the link again from a sticky directory, e.g. /tmp. Should *that* be a problem, see the -h option of chown. So why do you really worry? [...] Kind regards, Hannah.
Re: making packages out of the portstree
Hello! On Wed, Oct 12, 2005 at 05:04:56PM +0200, Marc Peters wrote: hi all, i wanted to install a package on an box, which i built out of the portstree via make package. everything goes fine and the package is available in /usr/ports/packages/i386/cdrom/ and ../ftp/. i copied the .tgz to the machine, where i wanted to install it on, but it failed with the following error: # pkg_add nut-2.0.0p0.tgz Unknown element: @pkgpath sysutils/nut,no_cgi I'd guess you're using a newer OpenBSD installation to build the port/package compared to the installation you try to pkg_add the package. [...] Kind regards, Hannah.
Re: Opera Confusion
Hello! On Tue, Oct 18, 2005 at 09:44:41AM -0400, Roy Morris wrote: Does the port (not pkg) of Opera contain flash? I was checking through the mail list, one guy says it works great and another says you can't include it on Openbsd. I saw something about a port FLAVOR but didn't see it in the makefile. I'd rather not install all the shit from scratch just to find out. Just look at the source tree. There's .../www/opera and .../www/opera-flashplugin. The latter is in the tree since 2005/09/21. It is not in the 3.8 release, but in -current. Cheer rm Kind regards, Hannah.
Re: tar(1) problem with long file names.
Hello! On Fri, Oct 21, 2005 at 02:07:16PM -0500, eric wrote: It seems that tar(1) is only able to archive filenames of 100 characters or less. However, ufs can handle (I've been testing using touch(1)) filenames up to 255 characters. I tried to modify the following in src/bin/pax/tar.h It's an issue of the (us)tar data format. Especially, raising it to 255 doesn't help either, as the field encodes *path* names, and *path* names can be up to 1023 or so bytes. [...] Has anyone bumped into this and made a more reliable fix? Use a more apt data format in your use case. Ehm correcting myself: According to pax(1), 100 is the limit for pathnames in the old tar format, while the limit for ustar is 250. For *pathnames*!. Perhaps you can use cpio (or pax with -x cpio). [...] - Eric Kind regards, Hannah.
Re: tar(1) problem with long file names.
Hello! On Sat, Oct 22, 2005 at 01:43:03PM +, Christian Weisgerber wrote: Hannah Schroeter [EMAIL PROTECTED] wrote: Use a more apt data format in your use case. Ehm correcting myself: According to pax(1), 100 is the limit for pathnames in the old tar format, while the limit for ustar is 250. For *pathnames*!. Perhaps you can use cpio (or pax with -x cpio). Actually, it's the SVR4 cpio format (sv4cpio or the variant sv4crc) you want. 1024-char file/path names, 32-bit inode and device numbers, and even reasonably portable. If the plain cpio format itself isn't up to the task, perhaps the pax manual page should document its limitations. I went by the manual page and saw no mention of restrictions there for cpio, either. Still good to know about that recommendation, I might have some use for it too. Kind regards, Hannah.
Re: tar(1) problem with long file names.
Hello! On Sat, Oct 22, 2005 at 01:46:10PM +, Christian Weisgerber wrote: Jay Fenlason [EMAIL PROTECTED] wrote: GNU tar uses a variety of ugly hacks to get around the 100 (original tar) or 255 (ustar) character limit in file and path names. Unfortunatly, only gnu tar can correctly extract such archives. Well, there are at least two independent implementations that can extract this format (star and FreeBSD's new libarchive-based tar), but yes, it is in questionable taste. That libarchive thing would be interesting, perhaps as port. And support for that pax interchange format would look like an interesting addition to our pax, wouldn't it? Looks like it's a standard format, extends the ustar format and removes its limitations. Kind regards, Hannah.
Re: Limiting Shell Access Damage (was Guruness)
Hello! On Thu, Oct 20, 2005 at 11:01:55PM +0200, Jesper Louis Andersen wrote: [... what looks like good advice ...] A typical attack vector, however, for 1000+ account sites is a compromised account. You can assume at least 5 per 1000 accounts are compromised or have easily guessable passwords. Those will not heed your policy forms whatever you do. You can mitigate the risk by separating systems and limiting account access. When this is not possible, ProPolice, W^X, StackGhost, etc will come in very handy. You can mitigate the risk of guessable passwords by checking passwords on change, using the minpasswordlen and passwordcheck fields of login.conf. Set passwordtries to 0 so the user can't override the password policy by insisting on the bad password. [...] Kind regards, Hannah.
Re: OpenOffice.org 2.0 works on OpenBSD
Hello! On Mon, Oct 24, 2005 at 09:31:11AM -0400, Roy Morris wrote: Sure, I think the ones I found were A. unless you want to see this error over and over do a touch /etc/mnttab You could also touch /emul/linux/etc/mnttab to not pollute the native OpenBSD filesystem namespace. [...] Kind regards, Hannah.
Re: coredump
Hello! On Mon, Oct 24, 2005 at 03:38:40PM +0200, Gabucino wrote: What could prevent a (threading) program to dump core on OpenBSD/i386 3.5 ? ulimit -c is unlimited. I can catch the segfault in gdb, but that's not the question. Core files are written into the current working directory, so perhaps there's a lack of space or a lack of write permissions to the directory. Or is there any setuid/setgid involved? Kind regards, Hannah.
Re: Migrating to a new HD
Hello! On Wed, Oct 26, 2005 at 12:42:04PM +0200, Han Boetes wrote: I just wrote this article about migrating to a new HD after the old one got too flakey. [...] I like a dump | restore combo, because dump is quite fast. I.e. partition the new disk similar to the old one (sizes may vary as long as stuff will fit on the new disk). dump|restore for every filesystem (partition) you have, installboot on the new disk, and be happy. Kind regards, Hannah.
Re: backup utilities: boxbackup?
Hello! On Thu, Oct 27, 2005 at 09:46:25AM -0500, [EMAIL PROTECTED] wrote: i'm currently using bzip2-ed dumps to backup my machines and i wonder if there is a better way to do it. by better i mean more secure and more automated than adding cron jobs. i am interested in encrypted backups, as i would prefer to have non-hijackable backups. i did see http://www.fluffy.co.uk/boxbackup/ and a couple posts about it here on [EMAIL PROTECTED] can anybody vouch for the stability/reliability of this backup solution (besides the dev, ;) )? cheers, jake I have a simpler backup encryption scheme running. On the box itself, I have a file /etc/(subdir)/crypt_key, containing a hexadecimal string, representing 512 bytes of random stuff (probably overkill but so then). Then I have a small script .../backup_encrypt that looks like this: #! /bin/sh exec /usr/sbin/openssl enc -aes-256-cfb -in /dev/stdin -out /dev/stdout \ -k `cat /etc/(subdir)/crypt_key` And then, I pipe the gzip output (in my case I don't want that big CPU hog named bzip2, and gzip is in base, while bzip2 isn't) into that backup_encrypt thing. I have a separate backup of /etc/(subdir)/crypt_key and a few scripts (e.g. the backup_decrypt counterpart [just add -d after enc in the openssl invocation]) in a few places that are secure enough for me. Kind regards, Hannah.
Re: strcpy to strlcpy warnings
Hello! On Thu, Oct 27, 2005 at 10:46:04AM -0700, John N. Brahy wrote: [...] strcat(mailbox, MAILSPOOLHOME); = strlcat(mailbox, MAILSPOOLHOME, sizeof(mailbox)); Should I look out for anything special or is it safe to do this everywhere I see strcat or strcpy? Works only if mailbox is directly declared as char mailbox[some_size]; If mailbox is a char*, sizeof(mailbox) is utterly wrong. Kind regards, Hannah.
Re: spamd extension
Hello! On Wed, Oct 26, 2005 at 09:12:34AM -0400, Frank Bax wrote: spamd only delays the *first* message between the two parties. After that there is no delay - as long as sender continues to use the same SMTP server. And there's no mailout pool with shared queue involved, and if the envelope sender address is always the same (i.e. no VERP, no SES, no self-signed SRS, no SRS-enabled forwards, etc.). Have you tried whitelisting these servers: http://greylisting.org/whitelisting.shtml Is there an underlying assumption in your question that spamd is the actual problem? During the initial weeks of using spamd on my server, half of the complaints about undelivered email were not the fault of spamd. So the other half *was* the fault of spamd? Kind regards, Hannah.
dhclient woes
Hello! This is on an OpenBSD 3.7-release, freshly upgraded (in fact, reinstalled and merged etc and so on). If I include an alias directive in /etc/dhclient.conf, dhclient exits after having acquired a lease, the syslog messages are like this: Oct 31 02:48:27 mamba dhclient[29778]: bound to 82.212.35.55 -- renewal in 1800 seconds. Oct 31 02:48:27 mamba dhclient[23056]: connection closed Oct 31 02:48:27 mamba dhclient[23056]: exiting. There's no intervening message, even after changing syslog.conf to log daemon.debug, too. The message connection closed seems to come from the privsep code. If I remove the alias directive, it works and continues running in the background. However, I need the alias thing, and it's a documented feature. Same woe when I remove the alias directive from dhclient.conf and instead adding the alias manually using ifconfig ne0 alias ... In the very moment I add the alias, dhclient exists with the connection closed and exiting messages in /var/log/daemon. And same thing if I add the alias from /etc/hostname.ne0 in a second line after the line saying dhcp. So seems the dhclient privsep code fails when dhclient notices either the alias addition itself, or an associated routing table change. Current workaround is restarting dhclient from crontab every 15 minutes, but that's no good thing having that forever. Kind regards, Hannah.
Re: dhclient woes
Hello!
On Mon, Oct 31, 2005 at 02:55:47AM +0100, Hannah Schroeter wrote:
[...]
Oct 31 02:48:27 mamba dhclient[29778]: bound to 82.212.35.55 -- renewal in
1800 seconds.
Oct 31 02:48:27 mamba dhclient[23056]: connection closed
Oct 31 02:48:27 mamba dhclient[23056]: exiting.
When running with an alias directive setup.
[...]
Addition: Using -current dhclient source code doesn't change much:
Oct 31 03:03:23 mamba dhclient[26338]: bound to 82.212.35.55 -- renewal in 1800
seconds.
Oct 31 03:03:23 mamba dhclient[20829]: buf_read (connection closed)
Oct 31 03:03:23 mamba dhclient[20829]: exiting.
dhclient.conf is this:
media media autoselect;
request subnet-mask, broadcast-address, routers;
supersede domain-name-servers 127.0.0.1;
script /sbin/dhclient-script;
alias { interface ne0; fixed-address 192.168.1.1; option subnet-mask
255.255.252.0; }
Kind regards,
Hannah.
Re: OT: 10 things i hate most on unix
Hello! On Sun, Nov 06, 2005 at 12:40:12AM -0200, Gustavo Rios wrote: Hey folks, sorry, but i found this on the web. May someone tell if it is serious, i myself could not believe it. http://www.informit.com/articles/article.asp?p=424451seqNum=1 I don't agree with most things, but a few comments: One-Way System Calls. There are solutions for that that work quite well. Witness systrace, for example. Or Arla. Or the way kernel messages get logged to files. The critique on C is quite on point in my eyes. How many stack or heap overflows we wouldn't incur if we used something having decent string support and bounds checking, be it at compile-time or at run-time? However, having C as the main low level system language is okay for me, i.e. having the kernel and the basic userland libraries, startup, etc. done in C just works fine. However for more high-level application code I'd prefer working in a higher level language, binding needed functionality in from C/C++ using the foreign function interface of the higher level language. Alas, I'm forced to do most of my paid work in C++ - but then, for me, C++ is mostly an improvement over C already, and the integration of C code proper is easy, of course. Kind regards, Hannah.
Re: Telnet daemon retired in 3.8 ?
Hello! On Tue, Nov 08, 2005 at 09:33:19PM +0100, Alexander Farber wrote: 1 arg. for telnetd: MUDs :-) For MUDs you need a telnet client, but no telnet server unless I'm wrong. The telnet client (telnet w/o 'd') is still shipped with OpenBSD. Kind regards, Hannah.
Re: That whole Linux stealing our code thing
Hello! On Sat, Sep 01, 2007 at 12:54:38AM -0400, David H. Lynch Jr. wrote: [...] BSD Licensed code has found its way into proprietary products, with no availability of source - Which is exactly one characteristic of BSD vs. GPL, that BSD doesn't require you to distribute source should you chose to distribute binaries (as permitted by the BSD license). [...] BUT I am having a hard time convincing myself that taking BSD/ISC Licensed code - and relicensing it while preservng the copyright notice, violates the BSD/ISC License. Whether it is honest or not, it still seems to conform to my understanding of both the spirit and the letter of the license. BSD advocates claim their license is more free because it allows you to do most anything with BSD code. Am I missing the part where that freedom includes removing the license ? IMO it's by copyright law itself. Relicensing/sublicensing is by default a reserved right, so it has to be explicitly granted in a license if licensees should be allowed to relicense/sublicense. That explicit grant is *not* present in the BSD/ISC licenses I've looked at in this moment. The BSD/ISC licenses grant the rights (that are reserved by copyright law) to use, (re)distribute and modify the work itself, and *those* rights are bound by only few conditions (fewer than the GPL imposes). Of course, you may make a derived/combined work where your own contribution is of a different license. But the original part of the work remains BSD/ISC licensed. The combined work is only usable when a licensee can fulfill the conditions of *both* licenses in order to be granted the rights granted by *both* licenses. How is what Linux developers seem to be doing less legal or ethical that what many commercial developers have already done ? If this is not one of the freedom's of BSD Licensed code, then craft your license to prohibit it. As said, IMO and as far as I understand, it's not a matter of the licenses themselves, but of copyright law itself. It's a matter that the licenses (both BSD/ISC *and* GPL) have no clauses permitting re/sublicensing. [...] Kind regards, Hannah.
Re: That whole Linux stealing our code thing
Hello! On Sat, Sep 01, 2007 at 02:25:49PM -0600, Theo de Raadt wrote: [...] Bullshit. The license retains ANY RIGHTS which are in Copyright law, a body of law that PRECEDES the decleration. That body of law is pulled in the MOMENT a Copyright (c) YYMM author decleration is made. In some legislations, especially in Europe, copyright law applies *automatically*, even without an explicit copyright statement/assertion. Just by creating something that's copyrightable. [...] There is only one 'Total Freedom', and it is a Public Domain declaration, which these licenses are not. These are full Copyright Act licenses, carrying the full of power of the Copyright, and only THEN the addition author's release surrenders some rights he has. And that Total Freedom isn't available everywhere. In some legislations (e.g. in Europe), you *can't* give up the copyright you *automatically* acquire by creating a copyrightable work. It can only expire (after N years, or even only N years after the death of the author). And only works with expired copyright are public domain there. [...] Kind regards, Hannah.
Re: That whole Linux stealing our code thing
Hello! On Sun, Sep 02, 2007 at 02:13:07PM +0530, Siju George wrote: On 9/2/07, Todd T. Fries [EMAIL PROTECTED] wrote: Uh, why do we need to defer to courts and seek legal funds and feed the sharks er lawyers just to comprehend what the two words without modification? As I explained to a friend of mine minutes ago .. adding GPL to BSD is sad to the BSD people (we can't use the GPL code then) Dear Todd, What Do you mean by adding GPL to BSD? Is that what you mean by dual licencing? I guess he means writing own additions/modifications (thus creating a combined or derivative work), and releasing those *own* additions/modifications under the GPL. In the end, you can use the combined/derivative work only to the extent that's permitted by *both* licenses. [...] Kind regards, Hannah.
Re: That whole Linux stealing our code thing
Hello! On Sat, Sep 01, 2007 at 10:59:17PM +0100, Rui Miguel Silva Seabra wrote: On Sat, Sep 01, 2007 at 11:39:28AM -0600, Theo de Raadt wrote: In the case of the later 3 files, their copyright notice says: at your choice you may distribute under the terms of the BSD license or under the terms of the GNU GPL v2 So if they chose to distribute those 3 files under the terms of the GNU GPL v2, it is correct to change the copyright notice of those three files alone in order to remove a license that the distributor chose not to use anymore. Not exactly. I won't quote from the GPL again, but even the GPL has a paragraph about this. You must pass on the rights you received. ^^^ Yes. The *rights you received* are the central point of the question. Which did the user receive? The BSD granted ones? Or the GPLv2 granted ones? If some software is dual licensed, you have two sets of rights you can choose. It's not both at the same time. The text is even explicit: alternatively But you also received the right to chose either or. So if you have to pass that on, too. [...] Kind regards, Hannah.
Re: That whole Linux stealing our code thing
Hello! On Sun, Sep 02, 2007 at 03:25:13PM +0300, Ihar Hrachyshka wrote: You may, of course, license your own contributions (that are significant enough to be copyrightable themselves) under only one license. So what license will the derived work (consisted of dual-licensed base code and GPL-only modifications) have? I'd think in essence, the intersection of the license of the original work (the dual-license) and the license of the substantial modifications/additions (GPL). However one must retain the original dual-license, anyhow, in my eyes. For example stating that that dual-license applies only to part of the (derived) work (i.e. that part that's from the original work). Kind regards, Hannah.
Re: filesystems?
Hi! On Mon, Sep 03, 2007 at 10:48:27PM -0400, stan wrote: On Mon, Sep 03, 2007 at 07:22:47PM -0400, Douglas A. Tutty wrote: On Tue, Sep 04, 2007 at 12:23:34AM +0200, Tonnerre LOMBARD wrote: On Mon, Sep 03, 2007 at 05:10:57PM +0200, Eric Elena wrote: I think fat32 is a good choice: you have nothing to install. Did you ever have to debug a deep directory structure where something caused all directory to become files? On a 500G disk? Fun. I would suggest that the OP be very specific with what is needed. What size of filesystem? Which operating systems need to read only and which to read and write. Given how flexible Linux and OBSD are, I would guess that the limit will be what can windows do. I don't know since I only used windows 3.1 for some games when I wasn't running OS/2. For 7 years its been Debian and now I'm transitioning to OBSD. I never have to interoperate with windows users. OK, let's eliminate Windows from the requiremant. Now we have OpenBSD, Linux, and FreeBSD in order of importance. All 3 need read/write access. I will be using this to move data, and I want to be able to keep various places in sync, using rsync. So modification date, and file name retention are important. Where does that lead us? For me, ext2 works fine, on a USB hard drive. Initialized it under OpenBSD: First partitioned it into 2 primary partitions, one OpenBSD, one ext2. Edited the disklabel accordingly (have the ext2 on slice i). newfs'ed (a as ffs, mostly for backup purposes for OpenBSD boxen only, i.e. no respect for other OS's needs; i as ext2, using mke2fs from the e2fsprogs port/package). At least on OpenBSD and on Linux it has worked fine up to now, both reading and writing on both platforms. Kind regards, Hannah.
Re: Show your appreciation and get your 4.2 DVD
Hi! On Thu, Sep 06, 2007 at 10:49:33PM -0600, Theo de Raadt wrote: There's a wireframe puffy sticker with the audio cd? Gotta buy one now :P You've been missing out. What surprised me about the audio cd is that my non-geeky friends like it. OK, that didn't surprise me. It shocked me. Why? The OpenBSD music I heard was just *good* music, even without regard to the text. Kind regards, Hannah.
Re: Looking for something similar to screen-command
Hi! On Wed, Sep 12, 2007 at 01:50:00PM +0200, Jon Sjvstedt wrote: Hello all! I have installed BitTorrent-4.2.2 on my 3.9-box. With this i would like to start file sharing on a console, logout, login later and reattach to the console of the BitTorrent-4.2.2 session. AFAIK this is done in most Linux-distros using the command screen, but how can I do it in BSD? Any help appreciated How about using screen? Kind regards, Hannah.
Re: Wasting our Freedom
Hi! On Sun, Sep 16, 2007 at 09:59:09PM +0200, Adrian Bunk wrote: On Sun, Sep 16, 2007 at 11:48:47AM -0700, Can E. Acar wrote: ... First, these developers got questionable advice from senior Linux kernel developers, and SLFC (which is closely related to FSF) in the process. The most questionable legal advice in this thread was by Theo de Raadt who claimed choosing one licence for _dual-licenced_ code was illegal... JFTR, I do *not* think that that assessment was questionable. Unless the dual-licensing *explicitly* allows relicensing, relicensing is forbidden by copyright law. The dual-licensing allows relicensing only if that's *explicitly* stated, either in the statement offering the alternative, or in one of the licenses. Neither GPL nor BSD/ISC allow relicensing in their well-known wordings. If you think that's questionable, you should at least provide arguments (and be ready to have your interpretation of the law and the licenses tested before court). [...] Regarding ethics - if you use the BSD licence for your code you state in the licence text that it's OK that I take your code and never give anything back. But the BSDl does not allow you to relicense the original code, even while it allows you to license copyrightable additions/modifications under different terms with few restrictions. However, you say regarding ethics and just go back to the legal level. Is it really ethical, if you consider both Linux and OpenBSD part of one OSS community, to share things only in one direction? To take the reverse engineered HAL but to not allow OpenBSD to take some modifications back? [...] Some people have the funny position of opposing the GPL which enforces that you have to give back, but whining that people took their BSD licenced code and don't give back. A difference is, GPL requires it under every circumstance. BSD does not, indeed. But how should one expect it from *OSS* people that even *they* don't give back? Do you really want to put yourself on the same level as closed-source companies? [...] Kind regards, Hannah.
Re: Wasting our Freedom
Hi! On Sun, Sep 16, 2007 at 05:11:05PM -0400, Daniel Hazelton wrote: On Sunday 16 September 2007 16:39:26 Hannah Schroeter wrote: On Sun, Sep 16, 2007 at 09:59:09PM +0200, Adrian Bunk wrote: On Sun, Sep 16, 2007 at 11:48:47AM -0700, Can E. Acar wrote: ... First, these developers got questionable advice from senior Linux kernel developers, and SLFC (which is closely related to FSF) in the process. The most questionable legal advice in this thread was by Theo de Raadt who claimed choosing one licence for _dual-licenced_ code was illegal... JFTR, I do *not* think that that assessment was questionable. Unless the dual-licensing *explicitly* allows relicensing, relicensing is forbidden by copyright law. The dual-licensing allows relicensing only if that's *explicitly* stated, either in the statement offering the alternative, or in one of the licenses. That advice wasn't regarding relicensing. Dual-licensed code allows distribution and use under either license. If I get BSD/GPL code, I can follow the GPL exclusively and I don't have to follow the BSD license at all. And the alternative is also true. (ie: follow the BSD license exclusively and ignore the GPL) It's not relicensing - it's following *WHICH* of the offered terms are more agreeable. The original issue *was* about illegal relicensing (i.e. not just choosing which terms to follow, but removing the other terms altogether). I'll just snip the rest, since you seem confused. Refrain from personal attacks. Regards, Hannah.
Re: Wasting our Freedom
Hi! On Sun, Sep 16, 2007 at 11:13:51PM +0200, Adrian Bunk wrote: On Sun, Sep 16, 2007 at 10:39:26PM +0200, Hannah Schroeter wrote: On Sun, Sep 16, 2007 at 09:59:09PM +0200, Adrian Bunk wrote: On Sun, Sep 16, 2007 at 11:48:47AM -0700, Can E. Acar wrote: ... First, these developers got questionable advice from senior Linux kernel developers, and SLFC (which is closely related to FSF) in the process. The most questionable legal advice in this thread was by Theo de Raadt who claimed choosing one licence for _dual-licenced_ code was illegal... JFTR, I do *not* think that that assessment was questionable. Unless the dual-licensing *explicitly* allows relicensing, relicensing is forbidden by copyright law. The dual-licensing allows relicensing only if that's *explicitly* stated, either in the statement offering the alternative, or in one of the licenses. Dual licenced code by definition explicitely states that you can choose the licence - otherwise it wouldn't be called dual-licenced. It does state you can choose which terms to follow, indeed, of course. But that does *not* imply removing the other terms altogether. Neither GPL nor BSD/ISC allow relicensing in their well-known wordings. Noone said otherwise. Removing the terms you choose not to follow in one instance *is* relicensing. If you think that's questionable, you should at least provide arguments (and be ready to have your interpretation of the law and the licenses tested before court). The licence in question was: -- snip -- /*- * Copyright (c) 2002-2004 Sam Leffler, Errno Consulting * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer, *without modification. * 2. Redistributions in binary form must reproduce at minimum a disclaimer *similar to the NO WARRANTY disclaimer below (Disclaimer) and any *redistribution must be conditioned upon including a substantially *similar Disclaimer requirement for further binary redistribution. * 3. Neither the names of the above-listed copyright holders nor the names *of any contributors may be used to endorse or promote products derived *from this software without specific prior written permission. * * Alternatively, this software may be distributed under the terms of the * GNU General Public License (GPL) version 2 as published by the Free * Software Foundation. * * NO WARRANTY * ... -- snip -- Theo claimed it would break the law [1] to choose the GPL for _this_ code. [2] I re-read Theo's mail and still think the factual issues Theo states are probably right. Value judgements like you should give code back (when the license doesn't require it) are of course debatable (I tend to agree with Theo there too, but it's no mandatory requirement of course). Theo did *not* claim it breaks the law if you choose to obey by the terms of the GPL in said dual-licensing. Theo *did* claim (in my eyes, probably rightfully, and if it should ever be needed with respect to code related to OpenBSD, I could try to give a few bucks in support of having that claim legally verified) it's illegal to remove the license you chose to not follow in one instance of redistribution. IIRC the softwarefreedom.org people involved agreed with Theo's assessment in that instance. [...] But the BSDl does not allow you to relicense the original code, even while it allows you to license copyrightable additions/modifications under different terms with few restrictions. However, you say regarding ethics and just go back to the legal level. Is it really ethical, if you consider both Linux and OpenBSD part of one OSS community, to share things only in one direction? To take the reverse engineered HAL but to not allow OpenBSD to take some modifications back? Is it really ethical to use a licence that does not require to give back, but then demand that something has to be given back? IMO Theo didn't demand (as in try to enforce with legal pressure), but state it'd be the *morally* right thing to do even if *not* legally required (which isn't debated). Why don't you use a licence that expresses your intentions in a legally binding way? Because BSD people don't want to enforce it in every thinkable case. And BSD people don't want to enforce it using as much text as the GPL needs. But still I think it'd be the (morally!) right thing to do with respect to the Atheros HAL even if *not* legally bound to do so. [...] But the truth is a bit less harsh: In reality most Linux kernel developers might not mind to give back - and e.g. much of the ACPI code is BSD/GPL dual-licenced, and there doesn't seem to be any problem with this. *nods* Why not the same for the Atheros code? But Theo's wrong accusations
Re: Wasting our Freedom
Hello! On Sun, Sep 16, 2007 at 05:12:08PM -0400, Theodore Tso wrote: [...] What is going on whenever someone changes a code is that they make a derivative work. Only if the additions/changes are significant enough to be copyrightable on their own. Whether or not you can even make a derivative work, and under what terms the derivitive work can be licensed, is strictly up to the license of the original. For example, the BSD license says: Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met Note the with or without modification. This is what allows people to change BSD licensed code and redistribute said changes. The conditions specified by the BSD license do not mention anything about licening terms --- just that if you meet these three conditions, you are allowed to redistribute them. So for example, this is what allows Network Appliances to take BSD code, change it, and add a restrictive, proprietary copyright. Right. You may add nearly any copyright *on your own significant additions/changes*. However, BSD/ISC explicitly requires to retain the BSD/ISC terms, too (applicable to the original part of the combined work). So for code which is single-licensed under a BSD license, someone can create a new derived work, and redistribute it under a more restrictive license --- either one as restrictive as NetApp's (where no one is allowed to get binary unless they are a NetApp customer, or source only after signing an NDA), or a GPL license. It is not a relicencing, per se, since the original version of the file is still available under the original copyright; it is only the derived work which is under the more restrictive copyright. No. The derivative work altogether has a *mixed* license. BSD/ISC for the parts that are original, the other (restrictive, GPL, whatever) license for the modifications/additions. *If* you choose to distribute source along with the binaries, the part of the source that's original is BSD/ISC licensed even in the derivative work (though one may put *the additions/modifications* under restrictive conditions, e.g. of commercial non-disclosure type source licensing). [... dual-licensing issues etc. already handled in other mails ...] Kind regards, Hannah.
Re: Shutdown script (derived from Simple startup daemon's on boot question?)
Hi! On Wed, Sep 19, 2007 at 02:48:54PM +0300, Tomas wrote: Watching the thread about startup script I thought of a question about shutdown script. Is it necessary to shutdown certain services when machine goes down? Like for example mysql, dovecot, clamav, amavis or openvpn. I've never saw anybody do that. Lots of people on their manuals, tutorials or posts writes how to start mysql, but none of then writes a shutdown script. So maybe it is not so necessary? (But then again, mysql is a database engine, and databases should be handle with care). Probably most programs that need non-trivial cleanup handle SIGTERM appropriately. Kind regards, Hannah.
Re: SMTP flood + spamdb
Hi! On Wed, Sep 26, 2007 at 02:03:03PM -0700, Rob wrote: [...] While watching the connection logs, I've noticed that a large majority of spammers get the first spamd response (250 Hello, spam sender. Pleased to be wasting your time.) and immediately disconnect. This suggests to me that rather than spend time trying to get whitelisted by spamd servers, they've mostly decided to skip them entirely and move on to servers that aren't running spamd. Interesting. Do you think they pattern match on the response, or do you think they disconnect if the initial greeting takes too long (spamd stutters for the first 10 seconds, in its default settings)? I'd guess the latter. [...] We've also been hit by backscatter, and I haven't had the time to figure out how to stop that one yet. For some, signed envelope senders or variations thereof work. That depends on a few circumstances. The basic idea is this: My email address is [EMAIL PROTECTED] Normal mail installations would send mails out with both the From header *and* the envelope sender set to [EMAIL PROTECTED] SES and similar schemes instead create a modified sender address like [EMAIL PROTECTED] That is used in the envelope. The header From address is left unmodified. TAG is a tag saying this is a address created using the envelope signing scheme, hannah is the original local part, timestamp can be made short by making it have only day granularity, and perhaps even only days modulo 2^ sig is a MAC, created from the local part, the timestamp and a host specific key. When a legitimate bounce (empty envelope from) is received, it must be in response to a mail recently sent out from our domain. If all mails sent out from our domain use the envelope signing scheme, bounces need only be accepted if they are to *signed* addresses that are recent enough and have a valid MAC. Bounces that don't fulfill that can be rejected (I'd reject after DATA or later so address verification will not lead to false positive rejects in other situations). In addition, bounces should be only addressed to exactly *one* recipient... Some also use SRS (sender rewriting scheme, from the SPF people), signing their own envelope as if the mail were forwarded, and accept bounce traffic only to SRS'ed addresses. - R. Kind regards, Hannah.
Re: To whom can I direct email for artwork use permission pls?
Hi! On Mon, Oct 01, 2007 at 10:50:05AM -0400, Nick Guenther wrote: [...] To explain this more fully with the party line: the project supports itself via donations and selling CDs of releases. If you create DVDs to distribute you are hurting the project by discouraging the sale of CDs. You could volunteer to become a reseller, though (i.e. you buy a large shipment of CDs and sell them at cost to people in your country.) Wouldn't it be win-win if people there could buy DVD (with more data on it, i.e. needing less downloads) and an agreement could be made that XX $ (enough to compensate for the not-sold CDs) for each DVD sold are paid to OpenBSD? Kind regards, Hannah.
Re: OpenBSD sticker considered cool by a layman
Hello! On Mon, Oct 01, 2007 at 10:29:30PM -0500, Todd Alan Smith wrote: On 10/1/07, Anton Karpov [EMAIL PROTECTED] wrote: i have nothing to hide ;) http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565 Cool link... Information about an article about privacy, and for downloading it you need javascript and whatever more... (I didn't manage to get the full text). *somewhat annoyed* Kind regards, Hannah.
Re: g++ 3.3.2 problem
Hello! On Wed, May 04, 2005 at 12:17:51PM -0500, Dave Feustel wrote: /home/daf/Chuck/Testh}pkg_info -a | grep 3.3.2 g++-3.3.2 GNU compiler collection: C++ compiler gcc-3.3.2 GNU compiler collection: core C compiler libstdc++-3.3.2 GNU compiler collection: C++ compiler library Use pkg_info -L to find out which files the packages actually contain. My guess is that the frontends are installed as egcc/eg++/... Kind regards, Hannah.
Re: compiler is used in OpenBSD's kernel compiling process
Hello! On Thu, May 05, 2005 at 09:11:16AM -0300, Joco Salvatti wrote: I'd like to know which compiler is used in OpenBSD's kernel compiling process. Thanks. Just look what's happening when you compile a kernel. You'll see calls to as (the assembler, which is gas 2.15 at least on current, i386), and mostly to cc, which is, depending on the platform, gcc 3.3.5 or gcc 2.95, both with OpenBSD-specific modifications (stack protector, __attribute__(bounded) etc.). Kind regards, Hannah.
Re: Rant: how stupid does java look
Hello! On Fri, May 06, 2005 at 11:03:04PM -0700, Ben Goren wrote: On 2005 May 6, at 5:55 PM, Henry Lenzi wrote: But for the BSDs, maybe Mono would be a fresh, unhindered start. Erm...for Linux, maybe. Not for us. http://www.mono-project.com/FAQ:_Licensing All we could use are the class libraries. Everything else is GPL. I'd think that that doesn't make it worse than Java for ports. Was anyone talking about the base system *yuck*? [...] P.S. It'll be a cold day in Hell before anything in OpenBSD gets compiled with Mono. I suppose there's a very off chance that Java code could make it in if it compiles cleanly with gcj... gcj... That thing where whenever I tried (ok, the last try is quite some time ago), not even a hello world kind of program worked? but I'd be really, really surprised. You'd have to convince Theo that Java is a necessary language for whatever it is that you're doing, and I just simply don't see that happening anytime soon. b Ok, frankly, there *are* some tasks where manual memory management is tedius and GC could be faster than reference counted pointers in C++. But I don't see anything worth including into base that would require a programming language not already supported in base. P.P.S. Ports is, of course, another story. No reason why Java and Mono shouldn't have their place there--particular licenses, code quality, etc., permitting. b *nods* And then a mostly GPL'ed Mono is even easier than (even more) encumbered Sun JDK. [...] Kind regards, Hannah.
Re: quick malloc guard patch
Hello!
On Wed, May 25, 2005 at 03:17:59PM +0200, Janne Johansson wrote:
[...]
This would make all 4/8-byte mallocs take up one page(4k) each if I
understand this correctly.
That's fine for debugging, but probably too expensive for normal usage.
I tend to agree. While most applications will allocate 4/8 byte values
either as local variables or as part of something bigger, you can't
exclude cases where generic code could hit that case in masses.
Take for example a list of variable-length lists of integers:
int **list;
int *sizes;
sizes = (int *) malloc(lines * sizeof(int));
list = (int **) malloc(lines * sizeof(int*));
/* error checking, of course */
for (i = 0; i lines; ++ i) {
sizes[i] = choose_size(i);
list[i] = (int *) malloc(sizes[i] * sizeof(int));
choose_values(list[i], sizes[i]);
}
Now if the sizes returned by choose_size are in a distribution with
an average of a few (say 4), but with a big variation, a size of 1 might
occur often enough, i.e. you might waste *much* memory and time (mmap of
single pages might well hit the kernel much).
That's why I tend to agree, very cool idea for debugging (like it seems
to be now, with the flag G), but not a low enough overhead for full
production use (*un*like things like propolice etc.).
Kind regards,
Hannah.
Re: safe way to reduce partition
Hello! On Tue, May 31, 2005 at 06:05:39PM +0200, mess-mate wrote: Hi list, anyone known a safe way to reduce my /usr partition and moving my /var ? Here my slice : Filesystem 512-blocks UsedAvail Capacity Mounted on /dev/wd0a 301532 2327765368081%/ /dev/wd0d 2420124 229908 0%/tmp /dev/wd0f 2821788 990880 168982037%/usr /dev/wd0e 604412 4850848910884%/var Backup *everything*, edit the disklabel to move around the space between /usr and /var (it can work while preserving the other partitions if they are adjacent), newfs, restore the backups. If you should break the other partitions by accident, you have got a backup of everything, haven't you? best regards mess-mate Kind regards, Hannah.
Re: safe way to reduce partition
Hello! On Tue, May 31, 2005 at 08:31:55PM +0200, mess-mate wrote: Hannah Schroeter [EMAIL PROTECTED] wrote: | On Tue, May 31, 2005 at 06:05:39PM +0200, mess-mate wrote: | Hi list, | anyone known a safe way to reduce my /usr partition and moving my | /var ? | Here my slice : | Filesystem 512-blocks UsedAvail Capacity Mounted on | /dev/wd0a 301532 2327765368081%/ | /dev/wd0d 2420124 229908 0%/tmp | /dev/wd0f 2821788 990880 168982037%/usr | /dev/wd0e 604412 4850848910884%/var | Backup *everything*, edit the disklabel to move around the space between | /usr and /var (it can work while preserving the other partitions if they | are adjacent), newfs, restore the backups. If you should break the other | partitions by accident, you have got a backup of everything, haven't you? Here is my disklabel layout : 16 partitions: #size offsetfstype [fsize bsize cpg] a: 307377 634.2BSD 2048 16384 304 # (Cyl. 0*- 304) b: 196560 307440 swap# (Cyl. 305 - 499) c: 42336000unused0 0 # (Cyl.0 - 4199) d: 245952 5040004.2BSD 2048 16384 244 # (Cyl. 500 - 743) e: 614880 7499524.2BSD 2048 16384 328 # (Cyl. 744 - 1353) f: 2868768 13648324.2BSD 2048 16384 328 # (Cyl. 1354 - 4199) So f seems the last one (/usr). *nods* And if i leave /var as it is, only /usr must be reduced. You wanted to grow /var instead, didn't you? You could try growfs for /usr then, but you should backup anyway, best everything. But /usr has to be unmounted to make a backup, do it ? Best you do it in single user mode. You can have it mounted though (perhaps read-only, e.g. if you want to gzip the backup). That case can't get the system running. Thanks for your time mess-mate Kind regards, Hannah. -- Hannah SchrvterEntwicklung [EMAIL PROTECTED] Bei Schlund + Partner AG Brauerstra_e 48 D-76135 Karlsruhe This specification allows any of these approaches. Solving the Halting Problem is considered extra credit. (RFC 3028)
Re: relationship passwd file - homedir(s)
Hello!
On Wed, Jun 08, 2005 at 07:31:29PM +0800, Uwe Dippel wrote:
[...]
What I'd want, is to check the passwd file and delete all home dirs that
have no user account any longer.
Then, I'd also create home dirs for all users in the passwd without home
dir yet.
Since this is a migration of 100 users from Linux, I don't feel like
doing it manually and the FAQ stops at importing the accounts.
Getting the list of the users on Linux doesn't help, there are about 100
home dirs for archive reasons; without valid accounts.
So I'd actually need an auto-creation of home dirs for active accounts
from an OpenBSD passwd file. Plus, I don't need the _ and 1000.
I searched Google and in here, but so far without success. Did I overlook
anything ?
Normal tools should help.
awk to extract the list of directories:
awk -F: '($3 = 1000 $1 !~ /^_/) { print $6 }' /etc/passwd
grep the result for the pattern '^/home/' (or whatever your base of
home is), sed that away 's,^/home/,,', sort it. Compare (e.g. using
diff) with the output of ls /home/ | sort.
The lines with + are the directories that shouldn't be there (if you
use the ls output as the second input to diff), the lines with - are
the directories that should be there but aren't. Act upon them properly.
Kind regards,
Hannah.
--
Hannah SchrvterEntwicklung [EMAIL PROTECTED]
Bei Schlund + Partner AG Brauerstra_e 48 D-76135 Karlsruhe
This specification allows any of these approaches. Solving the
Halting Problem is considered extra credit. (RFC 3028)
Re: i don't *mean* to be stupid. it just happens. need a refresher...
Hello! On Wed, Jun 08, 2005 at 08:19:58AM -0400, Rick Barter wrote: I've obviously spent too much time away from the console lately. I am looking for a package and can't, for the life of me, remember how to find them. I know there is a search key option to a command, but I can't remember which command. make? pkg_info? I've tried searching the archives, but I can't seem to find it. I've looked for 'find package' and 'find port'. I found a package finder at http://ports.puffy.nu/?f=s, but this doesn't really help me remember the proper command. If you have the ports tree installed, cd /usr/ports make search key=foobar Also, it says ethereal is in /usr/ports/net/ethereal, but I can't find it. ethereal has been removed due to many many security problems in the code, IIRC. [...] Kind regards, Hannah.
Re: my may/june trip to canada
Hello! On Thu, Jun 16, 2005 at 08:57:31PM +0200, Henning Brauer wrote: [...] I have been flying to Montreal on May 7th, basically just after my return from RIPE-50 at Stockholm. Matt (msf) picked me up downtown, and Ryan arrived a few hours later, bringing Fernando Gont with him. We stayed at Matt's for a few days, doing some random hacking, and Ryan and me, siting in front of one screen, finally got started on the pf interface abstraction code cleanup, which was a prerequisite for making use of the interface groups stuff I hacked a year ago. I can't point out enough how important it was that we could sit down together, staring at one screen, to get started on that. Yeah, pair programming sometimes is *very* helpful. Experienced that with a friend of mine who happens to be a co-worker too. I continued to work on that for the following days. We didn't miss out the city of Montreal either of course - we did have a lot of fun, no doubt. Cool that there also was a good balance between work and fun. [...] There was a (not so surprising) surprise waiting for me - a shiny new laptop, an IBM X40. Many thanks again to those who made that possible (and yes, I will finally handle donations.html for the donors when I am back, promised). Heh. [...] could not see his. Bob and me had humppa as introduction to our talks tho, which the audience appreciated :) Humppa as intro for talks? I'm not sure how I should try to imagine how that works. [...] We did go for a dayhike during the hackathon of course, forming two groups of 5 people each for a hard hike and one big group for an easier one. Theo, Ryan, Reyk, Uwe and me went up Mount St. Piran, starting at Lake Louise, after going over some other Mountain (forgot the name), elevation delta about 900m. It was fun. So you have to love hiking if you're an OpenBSD hacker? But then I guess there's much really cool landscape, and less overcrowded comapred to Europe, over there in Canada. pval me escaped for a (fantastic) mountain bike ride on the last day before we started tearing things down. ... or sports in general... [...] There, at Ryan's place in Vancouver, I stayed until today. We enjoyed Vancouver, went for another 2.5-day hike to Emma Lake (and on), near Powell River, went up Grouse Grind near Vanouver (930m elevation delta on 3km :)) and used the time to talk about future openbsd work, designing cool stuff and of course hacking. Many Thanks to the people who made this trip possible, where Ryan is the first to name - we had a wonderful time. So now the airplane is about to reach Europe - I enjoyed this long trip very very much. I'll be back :) :-) Kind regards, Hannah.
Re: [3.7-stable] Kernel build fails.
Hello! On Tue, Jun 21, 2005 at 07:41:30AM -0500, Rene Rivera wrote: After switching back to OpenBSD, from Linux, and installing a fresh new install I can't compile the kernel to get the latests patches. (And I need to to enable raidframe support) If fails with this: Are you sure that your source is clean, e.g. no cvs update conflicts or similar? Have you followed the compile steps thoroughly, which are approximately (some steps inserted to play really safe): cd /usr/src/arch/`arch`/conf cp GENERIC MYCONF vi MYCONF rm -rf ../compile/MYCONF # safety makes sure that we'll have a clean # build config MYCONF cd ../compile/MYCONF make depend # important! make : have fun with ./bsd Kind regards, Hannah.
Re: [3.7-stable] Kernel build fails.
Hello!
On Tue, Jun 21, 2005 at 08:04:43AM -0500, Rene Rivera wrote:
---build-kernel.sh---
#!/bin/sh
#CONF=/conf/RED5OF5
CONF=GENERIC
CONFNAME=`basename ${CONF}`
set -e
cd /usr
cvs -d [EMAIL PROTECTED]:/cvs -z3 co -P -rOPENBSD_3_7 src
rm -rf /usr/src/sys/arch/i386/compile/${CONFNAME}
cd /usr/src/sys/arch/i386/conf
/usr/sbin/config ${CONF}
cd /usr/src/sys/arch/i386/compile/${CONFNAME}
make clean
make depend
make
---build-kernel.sh---
Looks fine. Did you check the output of the cvs run for whether
the checkout worked OK?
Kind regards,
Hannah.
Greylisting causes mail failure
Hello! I'm trying to deliver a mail (a bug report) from source IP 212.227.35.69 and seem to not get it through. Some time earlier I had the same problem, and even after many retries (i.e. after more time than the greylisting timeout should be) it didn't get through. What's wrong? Is that IP on a blacklist? If so which one? Perhaps it'd be an improvement to spamd to report to the client on how it got decided to block or greylist the IP, as that can come quite handy if debugging is needed (i.e. legitimate mail doesn't get through even after the usual greylist timeout). Kind regards, Hannah.
Update (was Re: Greylisting causes mail failure)
Hello! On Wed, Jun 22, 2005 at 05:56:45PM +0200, Hannah Schroeter wrote: Hello! I'm trying to deliver a mail (a bug report) from source IP 212.227.35.69 and seem to not get it through. Some time earlier I had the same problem, and even after many retries (i.e. after more time than the greylisting timeout should be) it didn't get through. What's wrong? Ok, this time it worked after a bit more than 25 minutes. Sorry that I've reported that so fast, the reason was that last time I tried to send a mail from this box, it *never* came through, not even after 25 minutes, not even after days. Is that IP on a blacklist? If so which one? Scrap that. Perhaps it'd be an improvement to spamd to report to the client on how it got decided to block or greylist the IP, as that can come quite handy if debugging is needed (i.e. legitimate mail doesn't get through even after the usual greylist timeout). That suggestion still stands in my eyes. Kind regards, Hannah.
Re: Honesty needed...
Hello! On Sat, Jul 02, 2005 at 11:04:34AM +0800, Jeffrey Lim wrote: how about the mail store then? I suppose there'll have to be some coordinated (and thread-friendly) back-end mail store in place for these front-end mail servers (*i'm assuming simplistic load-balancing here - at the tcp level, rather than at the application level, or splitting via userid, so that the different userids are actually assigned to different mailstores). Splitting via userid would be the simplest thing. Developping a robust distributed mail storage system is more complicated (been there, done that). However, for that you don't need thread-friendly. The thing I developped (sorry, closed source) consists of a few processes per node only, perusing select() heavily for multiplexing. Ok, there's support for pseudo-parallel I/O, using *fork*ed I/O helper processes and socketpairs. But as said, doing such a thing is very complicated, but it works quite ok in-between (after say 3 or 4 years of development), supporting millions of users with about 80 nodes, capable of supporting IMAP, too (with quite correct handling of IMAP's \Recent-flag, too, which is a beast by itself). -jf Kind regards, Hannah.
Re: Deja-vu?
Hello! On Wed, Jul 06, 2005 at 12:09:20PM -0600, Jon Coller wrote: Is anyone else seeing a ton of old messages being resent to the list? Yeah, seems to be over though. Every last one is identical to the previous on, but had an additional group of received headers: Received: from mail.corp.medcenter.com by shear.ucar.edu Received: from mail pickup serviceby mail.corp.medcenter.com Perhaps the one of those two who delivers the mail to the boxen hosting the OpenBSD lists should be blacklisted (and that guy using a challenge response system on the auto-acknowledgement of OpenBSD's bug tracking system should be blacklisted too, especially as one shouldn't submit new port suggestions as bugs). -Jon Kind regards, Hannah.
Re: Silly patch to allow alt + f[1-4] to switch consoles.
Hello! On Tue, Jul 12, 2005 at 04:33:37AM -0500, Edd Barrett wrote: [...] While we are on the subject of keyboards, why is it that shift-3 in uk keymap sends a hash-enter instead of a pound sign. Don't add empty lines between every line of your text. Then, check whether that is the same if you try it using cat or od -c, like: $ od -c # ^D What's the output of that? Edd Kind regards, Hannah.
Re: links vs firefox vs ..
Hello! On Wed, Jul 13, 2005 at 02:18:20AM -0700, Vladislav Belogrudov wrote: [...] I agree, almost each banking site has it (Citi, Deutsche Bank,...) Postbank (Germany) works with lynx, pure https and forms. Though they depend on the browser identification, with other browsers they require javascript and use it in a way that it doesn't work everywhere (e.g. with older konquerer I have problems, links+ dito, firefox works though). Kind regards, Hannah.
Re: www.undeadly.org cannot be found :(
Hello! On Fri, Jul 15, 2005 at 12:31:22AM -0700, Vladislav Belogrudov wrote: ... Works for me. Perhaps you're experiencing DNS problems on your side or nearby (if you're using DNS forwarders to resolve the hostname). Kind regards, Hannah.
Re: Where to get a good seed for srandom()
Hello! On Mon, Jul 18, 2005 at 11:02:54AM -0700, Jack Bates wrote: [...] 4) Do not use the % (modulo) operator to select a card. The residues from % introduce small amounts of bias, and this is a disqualifying factor for regulated gaming. Does that point still hold, assuming I use a modulus which is a divisor of the range of the original random values? I use the following algorithm, assuming a random generator that yields k-bit unsigned numbers of randomness, to yield random numbers between 0 and n-1: - determine the maximum multiple of n which is = 2^k, call that m - get a random number from the source generator, until that number is m, call that r - return (r % n) By re-getting random numbers, I transform the source (P)RNG into a (P)RNG that yields numbers = 0, m, and m is a multiple of n, that should eliminate the bias, as long as the (P)RNG doesn't have a bias if the previous number it yielded was = m. [...] Kind regards, Hannah.
Re: sniffer
Hello! On Tue, Jul 19, 2005 at 05:20:43PM +0300, [EMAIL PROTECTED] wrote: I need to sniff a network segment and I need to sniff both headers and data. Because tcpdump captures only headers its unsuitable for the task. No. Read the manpage, look for the option -s. [...] Kind regards, Hannah.
Re: suggested /etc/skel/ modifications
Hello! On Thu, Jul 28, 2005 at 06:50:19PM +0200, [EMAIL PROTECTED] wrote: Quoting Moritz Grimm [EMAIL PROTECTED]: Ever heart of a multiuser system where one user shouldn't be able to acces the files of another user? Not all users are thinking about this issue and many forget to change the modes for confidential files. IMO, But keeping confidential files on true multiuser systems is stupid ... I disagree, How about a heavy build server for different projects? Or shared (insert word)-solutions. You cannot be to careful with your files, one day, as normal user, you will forget to chmod() that file ... Then, for that system, you can modify the default install as said. And if your stuff is very secret, even among co-workers, check out encryption options. However I'd prefer to work in a place where the employees could in basic trust each other wrt the products of their respective work. [...] Kind regards, Hannah.
Re: segfaults in OpenBSD 3.7
Hello! On Thu, Jul 28, 2005 at 11:17:59PM +0530, Sharad Birmiwal wrote: hi all i'm new to OpenBSD. i've worked on linux but wanted to try OpenBSD for a test firewall and file server that i have to build. i'm using a Pentium-1 (133 Mhz) box with 16 MB ram. i downloaded the iso file and all the packages for version 3.7. during installation, in the last step when it creates the devices in /dev, the process seg faulted. i still continued and tried booting the systen and it didn't work. so i booted from the CD again and found the MAKEDEV script. i ran './MAKEDEV all' and it segfaulted again. so i manually created all the nodes as './MAKEDEV ramdisk', 'std', 'local' etc. and then the system seemed to work. what could be the reason for this because when i install any package with pkg_add, it always segfaults. could they be related? thing is i'm here now. Bad disk? Bad memory? Bad other hardware component? another problem that has come up is that i had moved this server to a new location (several hundreds of kilometer away) and now the system crashes to a ddb prompt usually within 30 minutes of booting. any ideas? i can make out it's to debug the system? could it be a problem with the ram or hdd? i can't make out anything from the message. the error says there was some problem doing a mov instruction. any advice?? is there something else i should add? Looks very strongly like hardware defects. Perhaps also old flakey solder joints on the mainboard, could be nearly anything. Perhaps even the cable between mainboard/controller and hdd. Some cheap thing to try is removing all plugs and replugging them, same for sockets or similar, as the contacts can often be a bit corroded, and unplugging and re-plugging them may often rub off some of the corroded metal, making the contact more secure again. thanks sharad birmiwal india Kind regards, Hannah.
Re: segfaults in OpenBSD 3.7
Hello! On Thu, Jul 28, 2005 at 02:03:49PM -0400, Jason Crawford wrote: There is a note somewhere on the OpenBSD website about installing on machines with little ram. Basically, you need to drop to a shell, manually enable swap, then go back to the installation process you were at, and then have it make the device nodes. That's a potentially valid point too. My memory on this is: The limit used to be 8MB, and increased to 12MB later. So the OP's 16 MB computer should be fine unless things have changed again. I haven't tried yet. However, I was able to install a simple bridge box on a 4MB box through some level of hacking (of course not supported here for several reasons [custom kernel with small source changes, custom boot floppy], but worked for me). Kind regards, Hannah.
Re: segfaults in OpenBSD 3.7
Hello! On Thu, Jul 28, 2005 at 07:44:54PM -0400, Nick Holland wrote: [...] Thanks for your explanation. They relate to much more current stuff I guess. [...] However, I was able to install a simple bridge box on a 4MB box through some level of hacking (of course not supported here for several reasons [custom kernel with small source changes, custom boot floppy], but worked for me). good disclaimer. 4M. wow. :) It was in 2.x times IIRC, though dunno which value of x. Simple thing: built a boot floppy containing a *non-ramdisk* custom kernel, very stripped down. In addition a customized crunchgen/crunchide binary and a /.profile which configured things. Most changes were to be made by re-building the floppy, but that was okay for a simple two-NIC bridge. I like having the source available + some cool examples (e.g. the crunch stuff used for install floppies too), even if I'm on my own with it. Like the words if it breaks you get to keep the two pieces ;-) Nick. Kind regards, Hannah.
Re: Is the CDDL free Enough to get ZFS into OpenBSD?
Hello! On Fri, Nov 18, 2005 at 01:14:37PM +0100, Stefan Held wrote: this is a serious question. This really is not a try for trolling or something, can someone clue me up? No, as far as I can see not. Of course one could try to build it as LKM and to distribute it separately or as port. For ports, CDDL will probably be ok I guess. And I guess the CDDL wouldn't forbid making an LKM around the ZFS code, either. Kind regards, Hannah.
Re: Norton Antivirus reports virus in all vim packages.
Hello! On Tue, Nov 22, 2005 at 09:22:33AM +0100, Willy Skjfveland wrote: Norton Antivirus reports virus in all vim packages. The compressed file bin/vim within E:\pub\Openbsd\3.8\packages.f\i386\vim-6.3.85p0-no_x11.tar is infected with the Download.Trojan virus. Some part of the binary is obvious matching this virus signature :-) Perhaps you should report it as a bug to *them* (Norton) instead of to OpenBSD. Kind regards, Hannah.
Re: HOTO Write bad documentation
Hello! On Sun, Nov 27, 2005 at 03:04:11PM +0100, Sime Ramov wrote: On 14:55 Sun 27 Nov, frantisek holop wrote: your page is unreadable at 800x600 :) I know, it's personal site (well, just splash at this moment), and I decided for 1024x768. Deciding for *any* resolution is *bad* design. [...] Kind regards, Hannah.
Re: moving /usr/src or even /usr
Hello! On Tue, Dec 13, 2005 at 06:28:37AM -0600, Julesg wrote: Any hints... Is it realistic to attempt this? I intend to tar up the current /usr, then untar in in where I'd like my new /usr partition to be, then hand edit the fstab If you want to move the contents of a whole partition (filesystem) and that filesystem is ffs, I'd recomment dump and restore. Mount the target async while restoring, then re-mount it noasync or softdep again. I did that several times when moving my system to a new hd. If you use tar (e.g. because it's not one whole filesystem), you get more speed if you temporarily mount the source filesystem noatime. [...] Kind regards, Hannah.
Re: OT : Subject lines and threads
Hello! On Tue, Dec 13, 2005 at 03:57:02PM +, Sam Hart wrote: On 13 Dec 2005, at 15:52, Simon Dassow wrote: Please only do so if it makes sense. fair enough, if the actual subject changes it makes sense Modern email clients provide a threaded message view this is what I was referring to Threads go by References/In-Reply-To header, not by Subject header. At least it works this way in mutt's threaded view. S a m Kind regards, Hannah.
Re: dd performance
Hello! On Thu, Dec 15, 2005 at 11:20:13AM -0500, Jason Crawford wrote: I think the very first thing you should change is use the raw device in OpenBSD (/dev/rsd0c) and that should speed things up a bit. You're right. And high enough block size (though 1024k should be okay). I.e. dd if=/dev/zero of=/dev/rsd0c bs=1024k chefren, how's the measurement on OpenBSD 3.8 with this change? Jason Kind regards, Hannah.
Re: stuck on upgrading from 3.7 to 3.8 - Exception handling flag day
Hello! On Fri, Dec 16, 2005 at 03:46:21PM -0700, Theo de Raadt wrote: [...] What do you suggest? Because the only other alternative is to DELETE the upgrade faq. Please don't. There're people who use the upgrade FAQ as it's intended (i.e. one may try it out, but one is on one's own, if things fail and one can't fix it, use binaries to get close to the revision(s) one wants to compile, i.e. the release binaries to get to stable, the latest snapshot to possibly get to current). [...] Kind regards, Hannah.
Re: DadOS - sys shutdown with XDM
Hello! On Tue, Jan 03, 2006 at 03:24:22AM -0800, J.C. Roberts wrote: My dad (68 years old) has finally succeeded in destroying/infecteding his MS-Windows NT4 box, in spite of my best efforts to secure the darn thing (e.g. No MSIE, No Microsoft Networking, stripped of just about everything MS-ish and with tons of hand made patches, behind an openbsd firewall... and so on and so forth). It lasted a good four years in the hands of a typical user that hates computers, clicks on everything and still expects everything to just work and work properly. 4 years w/o infection isn't that bad for windoze... :-) [...] The first thing I did was add a flag file to my dad's home directory and made sure he cant modify or delete it. # touch /home/dad/.xshutdown # chown root:wheel /home/dad/.xshutdown # chmod 400 /home/dad/.xshutdown Since /etc/X11/xdm/TakeConsole runs with root permission on every user logout to prevent /dev/console sniffing I modified it to perform the shutdown if the flag file is found in the users home directory. # cat /etc/X11/xdm/TakeConsole #!/bin/sh # Reassign ownership of the console to root, this should disallow # assignment of console output to any random users's xterm # $Xorg: TakeConsole,v 1.3 2000/08/17 19:54:17 cpqbld Exp $ # $OpenBSD: TakeConsole,v 1.3 2004/11/03 00:22:21 matthieu Exp $ # chmod 622 /dev/console chown root /dev/console /usr/X11R6/bin/sessreg -d -l $DISPLAY -u /var/run/utmp \ -x /usr/X11R6/lib/X11/xdm/Xservers $USER if [ -f $HOME/.xshutdown ]; then shutdown -hp now fi # This approach works perfectly but my questions are: Is there anything wrong with this approach? Is there's a better way to deal with the problem? I know no better way offhand. It looks hacky, but it'll keep working I guess. I know it's a holy war topic, but do you have a recommendation for an email client he could use? kmail is quite usable and it'll be the mail client best integrated into the rest of your dad's desktop, if he's gonna use the OpenBSD/KDE box. thanks, jcr Kind regards, Hannah.
Re: DadOS - sys shutdown with XDM
Hello! On Tue, Jan 03, 2006 at 11:15:46AM -0800, patrick ~ wrote: The first thing I did was add a flag file to my dad's home directory and made sure he cant modify or delete it. # touch /home/dad/.xshutdown # chown root:wheel /home/dad/.xshutdown # chmod 400 /home/dad/.xshutdown login: dad password: dadsbox $ ls -l .xshutdown -r1 root wheel 0 Jan 3 11:11 .xshutdown dadsbox $ mv .xshutdown /tmp dadsbox $ echo :-) :-) Assuming, of course, that /tmp and /home are one partition. If not, mv .xshutdown .xnoshutdown is enough too. But then, chflags schg .xshutdown may be enough. --patrick Kind regards, Hannah.
Re: Moving to a bigger HD, is dump still the best way - dump problem
Hello! On Mon, Jan 09, 2006 at 01:40:19AM -0500, Bill wrote: [...] Now here is what I did then... # cd /mnt/newr # ../oldr/sbin/dump 0af - /mnt/oldr | restore rf - (the old drive is also openbsd 3.8) This worked like a charm for the root fs Then I tried the var and I got a slew of errors about the disk being full. But its the /dev/rd* drive thats full. dump/restore need some space in /tmp. Just mount a mfs to /tmp so that that doesn't fill up the initial ramdisk. When I move to another disk, I boot from the old one to single user, mount the new one unter /mnt and do the dump/restore for all partitions. I just call mount /tmp manually, /etc/fstab has an entry for an mfs based /tmp on my boxen anyway. [...] Kind regards, Hannah.
Re: Moving to a bigger HD, is dump still the best way
Hi! On Mon, Jan 09, 2006 at 05:22:47PM +0059, Han Boetes wrote: I recently had to migrate my HD for another reason, and I wrote it all down: http://www.xs4all.nl/~hanb/documents/hd-migration I think async + softdep as mount option doesn't make sense. And I still think the dump/restore combo will be faster than any other way. And mounting -u the *old* filesystems noatime would make things faster if you still prefer or need to use pax/cpio/cp -R/... (e.g. if you have different partitioning, so that dump/restore won't work). Still, thanks for writing documents like this which might help people see how to combine the basic (and well-documented) tools of the OS for typical tasks. # Han Kind regards, Hannah.
Re: openbsd newbie question - lfs, ffs, and cf cards
Hello! On Wed, Jan 18, 2006 at 08:48:59AM -0500, Nick Bender wrote: Wrt LFS .. is it production ready? no, it's a disaster. Kind of off topic, but has any work been done towards implementing McKusick's snapshot and background fsck techniques in ffs? Different project focuses it seems. FreeBSD has those, IIRC. And btw, NetBSD has or had a version of LFS which worked at least a bit (declared experimental, on your own risk, I tested it once, and it worked in the sense that I could extract archives on it and it didn't crash or obviously lose the data; much better than it is the case elsewhere, on OpenBSD it crashed on the first mount after creating the filesystem; i.e. if at all, the NetBSD code base would be a starting point for LFS). -N Kind regards, Hannah.
Re: uuencode
Hello! On Tue, Jan 24, 2006 at 12:33:16PM +, Antoine Jacoutot wrote: Hi... I'm playing with uuencode under 3.8/i386 and amd64/current but I can't seem to make it work. I'm trying with a simple text file (I tried binary files too): $ uuencode test.txt begin 644 test.txt - and it never ends. $ uuencode -o test.uu test.txt - it stalls forever and test.uu is mode -- What am I doing wrong here ? I'm kind of lost... Thanks! Regards, Antoine Read the manual page. uuencode [-m] [-o output_file] [file] name Note that *file* is the optional argument, defaulting to standard input. Kind regards, Hannah.
Re: uuencode
Hello! On Tue, Jan 24, 2006 at 01:56:13PM +0100, Han Boetes wrote: Antoine Jacoutot wrote: $ uuencode test.txt begin 644 test.txt - and it never ends. It waits for input from stdin; ie: cat infile | uuencode Hereby you get granted the useless use of cat award. # Han Kind regards, Hannah.
Re: uuencode
Hello! On Tue, Jan 24, 2006 at 02:27:00PM +0100, Han Boetes wrote: cat infile | uuencode Hereby you get granted the useless use of cat award. Really? It does have a didactic use in this case. To make Antoine understand about programs that expect input from stdin. ``grep foo'' also waits like that. Of course a guru would avoid the cat. It's not as complicated as to need a guru: uuencode infile. And as redirects standard input, it should help for understanding in the same way (perhaps accompanied by the manual page of your favourite shell, e.g. sh(1), section Input/output redirection). Kind regards, Hannah.
Re: uuencode
Hello! On Tue, Jan 24, 2006 at 01:36:40PM +, Antoine Jacoutot wrote: Selon Han Boetes [EMAIL PROTECTED]: It waits for input from stdin; ie: cat infile | uuencode No, I already tried this too and it is not working. $ cat test.txt | uuencode usage: uuencode [-m] [-o outfile] [infile] remotefile b64encode [-o outfile] [infile] remotefile $ echo blabla | uuencode usage: uuencode [-m] [-o outfile] [infile] remotefile b64encode [-o outfile] [infile] remotefile echo foo | uuencode filename-to-display-at-other-side uuencode filename-to-display-at-other-side test.file Kind regards, Hannah.
Re: view available inodes on partition
Hello! On Wed, Jan 25, 2006 at 03:04:05PM -0500, Matthew Closson wrote: Is there a way to view how many inodes are still available on a partition. I'm decompressing a ton of small files onto a 60Gb onto my /dev/wd1a. And I'm not really concerned about running out of space, but possibly out of inodes, I just used the default parameters creating the filesystem, which is ffs. Thanks, Just read the manual of df. And then look at the option -i. Kind regards, Hannah.
Re: Why /bin/[
Hello! On Mon, Feb 06, 2006 at 09:00:59PM -0800, [EMAIL PROTECTED] wrote: Why is there a file called [ in the /bin directory of my generic 3.8 build? 144 -r-xr-xr-x 2 root bin 72128 Sep 10 15:18 [ There's been enough explanation. Just another thing: [ (AKA test) is a shell builtin in many shells today. But there still *might* be shells around for which this isn't (yet) the case. It's probably the same rationale for there being a kill binary even though most shells implement kill as builtin today. Kind regards, Hannah.
Re: The Apache Question
Hello! On Tue, Feb 07, 2006 at 03:59:22PM -0500, Steven Day wrote: Well as far as I know, Apache 1.3 is an openBSD modified version and not the 1.3 apache releases but the licensing on apache 2.0 is the reason I see OpenBSD not packaging it. http://apache.org/licenses/LICENSE-2.0 Also search back into the mailing list archives or the site for more specific reasons. Correct me if i'm wrong. IIRC that's correct, the licensing is at least one of the reasons why apache 2 will probably never make it into base. However, I'd guess a port submission would be accepted in principle - but not now, because the consolidation phase for the next release has already started wrt ports. Kind regards, Hannah.
Re: openbsd's future plans?
Hello! On Tue, Feb 07, 2006 at 02:01:38PM -0800, Ted Unangst wrote: [...] i think we should rewrite the kernel in java since it has good support for threads. ;-) How about erlang (once we've got a working port)? Erlang's threads (called processes) are much more lightweight, and OpenBSD is, as we all know, not so fond of bloat. Kind regards (with tongue in cheek, of course), Hannah.
Re: openbsd's future plans?
Hello! On Tue, Feb 07, 2006 at 10:33:19PM +, Miod Vallat wrote: i think we should rewrite the kernel in java since it has good support for threads. Remember we opted for C++ during c2k2 (or was it c2k3), but not until ddb has proper name demangling code. *rolls eyes* Yuck. Miod Kind regards, Hannah.
Re: Current source code build error?
Hello! On Wed, Feb 08, 2006 at 08:28:07PM +0800, Dasn Clainst wrote: hi, have you guys met this problem? I use the recent code from CVS. Thanks. $ config -s /sys -b. GENERIC $ make depend [snip] ... [...] /sys/sys/systm.h:170: warning: conflicting types for built-in function `vsnprintf' [...] Have you properly updated gcc? IIRC there have been quite some changes wrt types and in the instructions for builds from source there was the requirement of an additional build/install of gcc in addition to the ordinary build process (kernel, reboot, make build...). Kind regards, Hannah.
IPSEC setup problem
Hello! I've tried to setup an IPSEC client connection. However, I see that it doesn't work because the X509 certificate I've been given by my CA has no subjAltName extension. And I'm not sure whether I'll be able to get them to add one for me. So, is there any reason why one can't bring ipsecctl/isakmpd to find the certificate to use by the certificate DN or e.g. its emailAdress part? And btw... Why can you specify a USER_FQDN as srcid type in ipsec.conf(5), but not add something like that as subjAltName attribute to an X509 certificate (I see that only IP or FQDN are available as extensions in the default /etc/ssl/x509v3.cnf and I see no mention of something that looks like USER_FQDN in the openssl(1) manpage either). Kind regards, Hannah.
Re: OpenBSD 4.1 Torrents
Hello! On Tue, May 01, 2007 at 02:33:50PM -0700, andrew fresh wrote: Probably everyone knows already, but I just wanted to get the word out that there are OpenBSD 4.1 torrents now on the torrent site: http://openbsd.somedomain.net/index.php?version=4.1 So far they are mostly just the files off of the CDs, but as I get synced up, the package torrents will update. And again, I'll d/l and then seed some of them for a while, at least to upload more than I've downloaded. Kind regards, Hannah.
cvsync broken?
Hello!
Just trying to cvsync my stuff. And it wants to remove quite much:
Remove src/usr.sbin/altq/tbrconfig/Makefile,v in Attic
Remove src/usr.sbin/altq/tbrconfig/tbrconfig.8,v in Attic
Remove src/usr.sbin/altq/tbrconfig/tbrconfig.c,v in Attic
Remove src/usr.sbin/amd/Makefile,v
Remove src/usr.sbin/amd/amd/ChangeLog,v
Remove src/usr.sbin/amd/amd/Makefile,v
Remove src/usr.sbin/amd/amd/afs_ops.c,v
Remove src/usr.sbin/amd/amd/am_ops.c,v
Remove src/usr.sbin/amd/amd/amd.8,v
Remove src/usr.sbin/amd/amd/amd.c,v
Remove src/usr.sbin/amd/amd/amq_subr.c,v
Remove src/usr.sbin/amd/amd/clock.c,v
Remove src/usr.sbin/amd/amd/efs_ops.c,v
Remove src/usr.sbin/amd/amd/get_args.c,v
Remove src/usr.sbin/amd/amd/host_ops.c,v
[... MUCH more before I hit Ctrl-C ...]
What's up?
Here's my cvsync.conf:
config {
hostname cvsync.de.openbsd.org
collection {
name openbsd release rcs
prefix /cvs
umask 022
scanfile /usr/local/src.own/CVSROOT.scanfile
}
}
### lrwx-- 1 root wheel 26 Apr 26 2005 /cvs -
/usr/local/src.own/CVSROOT
Kind regards,
Hannah.
Re: cvsync broken?
Hello! On Thu, May 10, 2007 at 09:40:58PM +0200, Timo Schoeler wrote: hostname cvsync.de.openbsd.org I see anoncvs problems on exactly this machine and the SPLINE mirror in germany... Not really a good failure mode, just deleting everything. :-( timo Kind regards, Hannah.
Re: Linux Compat Query
Hello! On Tue, May 29, 2007 at 12:10:46AM +0100, Edd Barrett wrote: On 29/05/07, Ted Unangst [EMAIL PROTECTED] wrote: On 5/28/07, Edd Barrett [EMAIL PROTECTED] wrote: The program was built like so: g++ -static -m32 -Wall bsdtest.cpp wouldn't it be a lot easier to copy bsdtest.cpp to the openbsd machine and compile it there? Yes, this time. It was just a proof of concept test at this stage, but the binary we are really interested in will need xerces which is not ported to OpenBSD. Hence this whole thread. $ cd /usr/ports/ $ make search key=xerc Port: xerces-2.4.0p3 Path: textproc/xerces Info: xml parser for Java Maint: Kevin Lo [EMAIL PROTECTED] Index: textproc L-deps: B-deps: gtar-*:archivers/gtar R-deps: jdk-1.3.1* Archs: jre-1.3.1* $ Kind regards, Hannah.
Re: Linux Compat Query
Hello! On Tue, May 29, 2007 at 03:49:07PM +0100, Edd Barrett wrote: On 29/05/07, Hannah Schroeter [EMAIL PROTECTED] wrote: $ cd /usr/ports/ $ make search key=xerc Port: xerces-2.4.0p3 Path: textproc/xerces Info: xml parser for Java Maint: Kevin Lo [EMAIL PROTECTED] Index: textproc L-deps: B-deps: gtar-*:archivers/gtar R-deps: jdk-1.3.1* Archs: jre-1.3.1* Thats a java implementation yes. We are using a xerces-c with g++. What about porting it yourself? It's not so difficult to create a port, you know, at least if the original code isn't in the all the world is Linux style. Kind regards, Hannah.
Re: find -exec {} help
Hello!
On Mon, Jun 04, 2007 at 02:01:12PM +0200, Marc Espie wrote:
[...]
Don't use for loops with find results, they do not scale well.
Also, beware of spaces in file.
For this kind of thing, I generally use 'while read'
find . -type f -name \*.htm -print|while read f; do sed s/old/new $f
$f.new; done
This isn't safe wrt newlines in file names, either.
A completely safe solution would be writing a small script:
#! /bin/sh
exec sed s/old/new/ $1 $1.new
and using find . -type f -name \*.htm -exec /path/to/script {} \;
or find . -type f -name \*.htm -print0 | xargs -0 -L 1 -r /path/to/script
Kind regards,
Hannah.
Re: find -exec {} help
Hello! On Mon, Jun 04, 2007 at 03:26:28PM +0200, Martin Schrvder wrote: 2007/6/4, Marc Espie [EMAIL PROTECTED]: Don't use for loops with find results, they do not scale well. Also, beware of spaces in file. For this kind of thing, I generally use 'while read' Use xargs(1) For that case, it doesn't really help, because the filename is needed in a redirection. And if you need the filename in more arguments, xargs is a bit silly too, because it *has* the option -I, but that has the completely arbitrary limitation of 255 characters which can't be changed using another option, and 255 is less than PATH_MAX. Best Martin Kind regards, Hannah.
Re: cvsync broken?
Hi! On Thu, May 10, 2007 at 01:46:10PM -0700, Ted Unangst wrote: On 5/10/07, Hannah Schroeter [EMAIL PROTECTED] wrote: On Thu, May 10, 2007 at 09:40:58PM +0200, Timo Schoeler wrote: hostname cvsync.de.openbsd.org I see anoncvs problems on exactly this machine and the SPLINE mirror in germany... Not really a good failure mode, just deleting everything. :-( there's some issues with the servers. obviously, the client can't know the difference between file accidentally deleted on the server and file intentionally deleted. The server could take a list of files as a configuration which are never supposed to be deleted (things like src/Makefile,v src/usr.bin/Makefile,v www/index.html,v etc.). Then, in session startup, the server could check those files and refuse to run (and log heavy warnings) the session if any of those files are missing. Kind regards, Hannah.
Re: IPSEC setup problem
Hi! Somewhat old: On Fri, Apr 27, 2007 at 06:08:13PM +0200, Rafa?? Brodewicz wrote: Hannah Schroeter pisze: I've tried to setup an IPSEC client connection. However, I see that it doesn't work because the X509 certificate I've been given by my CA has no subjAltName extension. And I'm not sure whether I'll be able to get them to add one for me. So, is there any reason why one can't bring ipsecctl/isakmpd to find the certificate to use by the certificate DN or e.g. its emailAdress part? And btw... Why can you specify a USER_FQDN as srcid type in ipsec.conf(5), but not add something like that as subjAltName attribute to an X509 certificate (I see that only IP or FQDN are available as extensions in the default /etc/ssl/x509v3.cnf and I see no mention of something that looks like USER_FQDN in the openssl(1) manpage either). Here's a simple script that I'm using for generating certificates. http://brodewicz.pl/files/create_certs.sh That doesn't help my problem. I'm not the CA! I have the given certificate without subjAltName and just wonder why isakmpd/ipsec.conf can't select a certificate by (part of the) DN oder by certificate fingerprint as additional possibility. Kind regards, Hannah.
Re: find -exec {} help
Hello!
On Mon, Jun 04, 2007 at 06:27:41PM +0200, Almir Karic wrote:
A completely safe solution would be writing a small script:
#! /bin/sh
exec sed s/old/new/ $1 $1.new
and using find . -type f -name \*.htm -exec /path/to/script {} \;
or find . -type f -name \*.htm -print0 | xargs -0 -L 1 -r /path/to/script
...-exec sh -c 'something with $1' {} \; is fully safe as well.
sh -c 'echo foo$1bar' baz
- foobar
Seems not.
Kind regards,
Hannah.
Re: find -exec {} help
Hi!
On Mon, Jun 04, 2007 at 06:54:20PM +0200, Tom Van Looy wrote:
I think this is also correct:
find . -name '*.htm' -exec cp '{}' '{}'.new \; \
-exec sed -i s/old/new/ '{}'.new \;
I don't see any -i option documented in the sed manpage.
Kind regards,
Hannah.
