Re: Negotiating a license for Sun Java on OpenBSD?
On Sat, 06 Aug 2005 14:38:30 -0400, Jan Izary [EMAIL PROTECTED] wrote: Please release the source code of your software under a BSD license so it is compatible with the goals of our project: J. C., you know full well that's not really needed for OpenBSD to have their own copy of Java in ports. Making something like Java a native port would only require it to be open source in a manner that allows redistribution. Heck, if Java were CDDLed, I think that may even be enough to have native ports for OpenBSD. ? -I think you're missing something here: There's a vast difference between a native port and a native implementation We already have ports: http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/jdk/ The on-going work to create a native (re)implementation of java for OpenBSD is discussed on this list: http://codemonkey.net/mailman/listinfo/openbsd-java Unfortunately, I do not know the status of their work. The FreeBSD guys sold their soul to Sun in a license agreement of some sort in order to use Sun's code as a base for their native implementation. Licenses actually matter a lot in OpenBSD, so Negotiations with Sun (or any other company) to get a license agreement in order to use their code, simply will *_NOT_* happen. Either it's licensed in a way acceptable to OpenBSD's stated goals and policy (both previously linked) or we simply don't use/support it. If the *something* is still really needed in OpenBSD but it's not properly licensed, the very most that will happen is (hopefully) someone will start their own (re)implementation of said *something* under an acceptable license. -Hence the reason I was joking about hell freezing over. Kind Regards, JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Text editor
On Sat, 6 Aug 2005 19:10:49 -0400, Mike Hernandez [EMAIL PROTECTED] wrote: On 8/6/05, J.C. Roberts [EMAIL PROTECTED] wrote: 5.) pico is a very simple editor that is friendly to new people who have only worked with modeless editors like MS notepad. If you just want to edit the damn file without destroying it or giving up in frustration, pico is a good answer that works in a familiar way. pico is part of the pine email client available in the OpenBSD ports/packages collection. Great summary of text editors, imho. Just want to mention that if you don't want to install pine just to use pico, you can try nano, which is basically pico. The name is another of the countless silly jokes I guess... :) Mike Unix is simple but it takes a genius to understand the jokes. (; JCR
Re: Install Woes (3.7/sparc) - Spontaneous crashes
On Sun, 7 Aug 2005 11:28:55 -0400, Jim Fron [EMAIL PROTECTED] wrote: I'm attempting to install OBSD 3.7 sparc on a Sparcstation 20. I've been through installs numerous times on 20's, 2's, and an IPC using previous OBSD versions. Currently, I only have one install method -- floppy. I could conceivably set up a netboot install or wrangle a CDR drive if need be. The problem is this: every time I attempt to install, I get part-way or all the way through the package download process, and the installer bombs, dumps hex to the screen, and drops back into OFW. I don't have serial console, either: I'm using a monitor and keyboard, so it's tough to say what, if any, error messages may be present. The more packages I attempt to install, the more likely it is to crash in the middle of download. If I reduce the packages to bsd and base37.tgz, I can often get as far as building nodes before the crash. This system seemed to happily run Solaris 7, booting all the way into CDE and running seeral apps at once without bombing, so I'm hesitant to start yanking RAM, but if that's the only thing suspect, I'll do it. So, my questions are: any ideas what could be causing this? The farthest I've gotten is a bootable system with no network, so the possibility of a partial-install with manual addition of the other packages seems questionable. Any suggestions for what I might do to get through a complete install? Thanks, JMF Floppy drives and diskettes are notorious for failing in very strange and unusual ways. Check out the mild but insightful message from Art on tech@ if you want to know the general consensus on floppies. From: Artur Grabowski art@ Message-ID: [EMAIL PROTECTED] In your situation, setting up serial is worthwhile if for no other reason than posting debug info to the list. If you've got spare openbsd/unix machine with a free serial port and a null modem cable, you're good to go. Note, that's a *null*modem* cable, not a straight wired serial cable. On the spare machine use tip(8) Make sure you've got the needed entry in remote(5). unix9600|9600 Baud dial-out to another UNIX system:\ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial1200:\ :br=#9600:dv=/dev/tty00: Run tip % sudo tip unix9600 On your spare machine, you could also serve ftp for the install *.tgz files as well as dhcp and netboot images. On the problematic SS20, disconnect the keyboard and monitor since on some (most/all/?) sun systems if you boot with a keyboard attached, the system will use it. If the keyboard is not attached, it will default to serial console. Then power up the SS20. With any luck, you've just have a bad floppy diskette and the netboot/serial/ftp install will work just fine. If not, you've got the needed debug info to figure out the problem. JCR
Re: Text editor
On Sun, 7 Aug 2005 19:34:44 + (GMT), Paul Pruett [EMAIL PROTECTED] wrote: http://www.gnu.org/fun/jokes/ed.msg.html Ed, man! !man ed From the paged linked above: Let's look at a typical novice's session with the mighty ed: golem$ ed ? help ? ? ? quit ? exit ? bye ? hello? ? eat flaming death ? ^C ? ^C ? ^D ? An now I have to wonder if I've been hacked by someone who wants to record all my console sessions... ;-) JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Install Woes (3.7/sparc) - Spontaneous crashes
On Sun, 7 Aug 2005 15:18:40 -0400, Jim Fron [EMAIL PROTECTED] wrote: On Aug 7, 2005, at 2:46 PM, J.C. Roberts wrote: Floppy drives and diskettes are notorious for failing in very strange and unusual ways. Check out the mild but insightful message from Art on tech@ if you want to know the general consensus on floppies. That's good to know. Unfortunately, most of my machines (mac) don't have serial ports. At times I wonder if Apple not supporting serial is smart or dumb but I never seem to come to a conclusion... A USB to serial device may do the trick but personally, I've never tried it. My other sparc box is the reason I'm trying to configure this one: it stopped responding to the serial port and keyboard, it displays only a blank white screen on the monitor, and the ethernet port that didn't have all inbound services pf-blocked died on me, so I can't ssh into it. It's my NAT/firewall, and, though I have no way of getting into or out of the box, it's still running, and I don't want to risk powering it down until I have a replacement configured. :-/ So, going with the idea that floppies are just unreliable, I seem to have three options: 1. Use the floppy to boot, exit the installer, and install and configure manually (it doesn't seem to crash when I ftp tarballs in, but crashes regularly when I use the installer to do it). Has anyone written a walk-through for doing this? 2. Figure out how to configure OSX (client) as a netboot server. 3. Buy an OBSD CD, unplug the SCSI CDR drive from the running firewall and hope it doesn't crash. I'm eyeing option #1 right now. Hopefully you've tried redownloading and reimaging on a new floppy diskette. The diskette could be the problem but if the created floppy is passing the test in the OBSD Install FAQ, the only possibility left for floppy being the cause is a bad diskette drive in the SS20 (or the drive just has dirty heads). I don't have the bandwidth to mess around with multiple/repeated FTP installs from the internet. It takes too long, so I usually transfer the files once and then host the FTP locally. It makes installs a lot easier. Option #2 with a local FTP server might work but getting a serial console on the beast should be your goal. If you've got flaky hardware in the SS20, you don't want to use it as a replacement for your (currently failing) firewall. Serial is probably the best way to figure out what the heck is going wrong. Using your MacOS box with tip and a USB-serial converter might just work. JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Negotiating a license for Sun Java on OpenBSD?
On Mon, 08 Aug 2005 11:02:47 -0400, Kurt Miller [EMAIL PROTECTED] wrote: Kurt, Really, no disparagement was meant of your efforts. My apologies for any offense. I can't see spending my time working on Sun's code, but that's your choice, and if it works for you more power to you. Thanks for the apology. Your post struck a nerve and my frustration with the amount of misinformation in this thread came out. Few people really understand the Java - *BSD licensing issues. For what seems like ideological licensing preferences, people like to make noise and otherwise spout off. Kurt, If your statement was directed, in part, to my posts in the thread, please realize I was just trying the accurately answer the questions put to the list. If I got things wrong, made noise and posted misinformation, I would really like to know *what* I got wrong? With all your work on the java ports, you're one of the few people in a position to know all the torrid details of java-*bsd licensing, so please kick the knowledge downstairs to the unwashed. ;-) JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: SCSI enclosure + disks wanted
On Mon, 08 Aug 2005 14:30:57 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: We are looking for a SCSI RAID enclosure + at least a few disks, for testing/development purposes, in Toronto. This is to make the raid management stuff work better. A few of us are working on the code, but we would like the main scsi guys in Toronto to play along too. The stuff is making process; here is a demo of a small part part of it: # bioctl -h ami0 Volume Status Size Device ami0 0 Online 341G sd0 RAID5 0 Online 68.4G 0:0.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:2.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:4.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 0:8.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:10.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:12.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 ami0 1 Online 341G sd1 RAID5 0 Online 68.4G 0:1.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 1 Online 68.4G 0:3.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 2 Online 68.4G 0:5.0 ses0 MAXTOR ATLAS15K2_73SCA JNZ6 3 Online 68.4G 1:9.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 4 Online 68.4G 1:11.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 5 Online 68.4G 1:13.0 ses1 MAXTOR ATLAS15K2_73SCA JNZ6 This shows that userland knows which controllers are tied to which system disks, which drives are backing it, and which ses/safte devices are managing the those drive in the enclosure. So, if someone has one to give or loan on a semi-permanent basis, please let me know. Thanks. Is this for mainly testing or is actually planed for real usage? I've got ultra2 stuff around, 9GB disks and both DEC/alpha and generic rackmount enclosures... -By todays' standards 8x9GB is not a lot of room, and ultra2 is not exactly fast but it *might* be useful for testing code? JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: hardware issues on sparc64
On Mon, 08 Aug 2005 13:04:40 -0400, Bob Ababurko [EMAIL PROTECTED] wrote: I am trying to load 3.5 sparc64 on an Ultra2. If you're going to install OpenBSD, why install an old version that is no longer supported? Hint: Use v3.7 JCR
Re: sysctl hw.sensors hacking?
On Wed, 10 Aug 2005 00:33:18 -0500, Matt Garman [EMAIL PROTECTED] wrote: I just built a firewall box using a Via EPIA-CL6000E motherboard. I'd like to be able to monitor the temperature(s) within the system. However, it appears there is currently no means to do that in OpenBSD (at least not that I've found). Now I'm toying with the idea of actually developing the software to support the sysctl/hw.sensors interface (for this hardware, assuming I can obtain adequate documentation). I've got a respectable amount of experience developing userland applications, but never done any real kernel or system internals-level hacking (though I'm confident that I can learn). So does anyone have any suggested readings regarding this part of the OpenBSD architecture? I'm sure google can find plenty of useful info, but at this point, I'm not even sure what to search for. Any suggestions would be much appreciated. Thank you! Matt The work being done in -current on SCSI monitoring is using hw.sensors, namely ses/safte, so it should make good reading. Hardware is needed for ses/safte efforts: See the following from Theo on misc@ Message-Id: [EMAIL PROTECTED] JCR
Sane mtu and mrru settings for ppp
Could anyone drop kick me in the direction of more documentation on sane settings for mtu and mrru in ppp? Also, if you know of any more docs that discuss the advantages and disadvantages of using hardware vs. software flow control on a regular modem. I know the AT commands but I'm not too sure how they affect the resulting connection. And yes, I really am attached to the internet by the technical equivalent of an old shoe string and a pair of tin cans... ;-) Thanks, JCR
Re: BSD PPPoA Hardware
On Mon, 15 Aug 2005 23:18:19 +0100, Simon Morgan [EMAIL PROTECTED] wrote: Hi, I have a PPPoA ADSL connection and would like to use FreeBSD or OpenBSD as a gateway/server and am looking for compatible hardware that would facilitate this. I'm specifically looking to avoid combination modem + routers and NAT and port forwarding in particular. This will be a pure routed IP setup. Obviously stability is very important (So far I've been using a SpeedTouch 330 with Linux which hasn't been fun). Does anyone have any suggestions? Any advice is welcome. Thanks. Simon Hi Simon, You seem to be confused on your terms. The term PPPoA means Point-to-Point Protocol over ATM (Asyncronous Transfer Mode). I seriously doubt you're running ADSL over ATM. ;-) What you're looking for is actually PPPoE (Point-to-Point Protocol over Ethernet) since your (A)DSL modem has an ethernet connection to your network and requires PPP to connect to your providers' network. The answer is yes, OpenBSD does a very good job with PPPoE. There are both userland and kernel implementations that can be used. I'm not sure which flavor of hardware you prefer but basically you need a platform that is supported by OpenBSD along with supported ethernet devices. http://www.openbsd.org/plat.html Kind Regards, JCR
Re: BSD PPPoA Hardware
On Tue, 16 Aug 2005 08:20:33 +0100, Simon Farnsworth [EMAIL PROTECTED] wrote: On Tuesday 16 August 2005 06:34, J.C. Roberts wrote: You seem to be confused on your terms. The term PPPoA means Point-to-Point Protocol over ATM (Asyncronous Transfer Mode). I seriously doubt you're running ADSL over ATM. ;-) Given that G.992 DSL protocols are all ATM physical layers, it's quite likely that he's running PPPoA. The (slight) advantage of PPPoA over PPPoE for ADSL is twofold: firstly, the MTU is slightly larger. Secondly, there's one less encapsulation layer involved; PPPoE on ADSL is in fact PPP over Ethernet over ATM. If you don't believe that ADSL is an ATM physical layer, go read G.992.1 (the international ADSL standard), or a manufacturer's spec sheet (like http://www.draytek.co.uk/products/vigor2600plus.html), where it explicitly refers to ATM Protocols. Great info Simon, thank you. All the DSL modems I've seen here in the USA are ethernet based on the user side and as misfortune would have it, many providers *require* using their particular modem, so the user side of it is all that matters. It's all been consumer grade kit, even though a lot of it is in business use, none the less, I have not seen a DSL modem with ATM on the user side (probably because it would be pointless to make it that way). Assuming you don't have a provider requirement of using their specified DSL modem, it may be possible to use OpenBSD as a *replacement* for the DSL modem itself. I know we've got some degree of ATM support but I don't know how well (or if) all the other needed stuff works. Kind Regards, JCR
Re: How to patch a physically weak system recommended use of sudo?
On Thu, 18 Aug 2005 14:12:00 -0400, Nick Holland [EMAIL PROTECTED] wrote: I also tend to have an alias ]=sudo in my .profiles. It's obvious you can type accurately *and* you don't have a cat... (; JCR
Re: proper way to format/use floppies (i386)
On Tue, 23 Aug 2005 16:58:47 +0200, Michael Adam [EMAIL PROTECTED] wrote: Hi, I could not tell from the documentation which is the proper way to setup and use floppy disks on the i386 architecture, i.e. which is the right partition to use. I am talking about the standard 3.5 inch 1.44 MB floppy disks. There are several possibilities to put a file system onto one: First of all, a floppy needs to be low level formatted, which can be achieved by the fdformat program. (Ususally, this is not necessary nowadays, since floppies come preformatted.) Then fdisk shows an empty partition table. Without adding a type a6 partition, I have a valid disklabel: 16 partitions: # size offset fstype[fsize bsize cpg] c: 2880 0 unused00 # Cyl 0 -79 I can then do a newfs fd0c and afterwards the disklabel looks as follows: 16 partitions: # size offset fstype [fsize bsize cpg] c: 2880 0 4.2BSD 2048 16384 80 # Cyl 0 -79 And I can mount /dev/fd0c. But _strangely_, I can mount /dev/fd0a as well! (But I can't do newfs fd0a ...) The other way would be to add a proper partition to the disklabel: Either by doing disklabel -w fd0 floppy3 or by interactively adding a partition a that covers the whole disk. The first command yields a disklabel like this: 16 partitions: # size offset fstype [fsize bsize cpg] a: 2880 0 4.2BSD 5124096 80 # Cyl 0 -79 b: 2880 0 unused 0 0 # Cyl 0 -79 c: 2880 0 unused 0 0 # Cyl 0 -79 The second command's disklabel does not have the b partition. Then, doing newfs fd0a or newfs fd0c yields a filesystem I can mount as /dev/fd0a or /dev/fd0c in either case. The command newfs fd0c changes the disklabel to the following form though: 16 partitions: # size offset fstype [fsize bsize cpg] a: 2880 0 4.2BSD 5124096 80 # Cyl 0 -79 b: 2880 0 unused 0 0 # Cyl 0 -79 c: 2880 0 unused 2048 16384 80 # Cyl 0 -79 which should actually be invalid since a and c overlap. Anyway, it works and both partitions can be used. Well, I am a little confused and would like to know which is the proper way of handling this. I think that the proper way is to add an use partition a, but I have seen usage of partition c in several documentations on the web, so this is why I ask. Thanks in advance! Michael Actually, it's in the FAQ under installation so it's not exactly listed as a FAQ item per se. $ fdformat /dev/rfd0c JCR
Re: proper way to format/use floppies (i386)
On Wed, 24 Aug 2005 16:13:08 +0200, Michael Adam [EMAIL PROTECTED] wrote: Jonathan Schleifer [EMAIL PROTECTED] wrote: Michael Adam [EMAIL PROTECTED] wrote: which is the right or preferred way to do so (since there are, as I pointed out several possible ways). I already answered that before: Jonathan Schleifer [EMAIL PROTECTED] wrote: Floppies usually don't have a partition table nor a disk label, so just newfs fd0c and you should be fine. Well yes, it is working. But still: The floppy does have a disklabel which does only have partition c by default. And it seems strange to me, that I should create a filesystem on a partition c. And even stranger, this file system can afterwards be accessed through partition a which does not even show up in the disklabel. What puzzles me even more is the fact, that in the boot Absolute OpenBSD by Michael W. Lucas, it is said on page 310, that FFS file systems need a valid partition table on every disk and then the author desribes the following steps: # disklabel -w /dev/rfd0c floppy # newfs /dev/rfd0c which yields a disklabel with overlapping partitions, and disklabel -E fd0 tells me that the disklabel has an error an offers me to disable one partition or the other... These are the reasons why I was not completely content with your short an simple answer. (I do favor simple solutions, of course!) You also heart this from others. So it's not that your main question got lost ;). Not on your side anyway... ;-) Cheers, Michael Hi Michael, As far as I can tell, you basically asked for the right or preferred way of putting a filesystem onto a floppy The best answer I know is fdformat. It works. It's simple and it's the most commonly accepted way to do what you asked. If by chance you are asking a different question, then unfortunately no one on the list is actually understanding what you really want. JCR
Re: Welcome to our Newsletter
On Fri, 26 Aug 2005 08:53:19 -0500 (CDT), L. V. Lammert [EMAIL PROTECTED] wrote: What is this? Is someone trying to spam the list? Probably, .. looks like somebody else has already unsubscribed. Lee Actually, it could also be a trolling attack called cross linking where the goal is to fill one list/group with erroneous posts from someplace else. Though this case uses other email lists to accomplish the same goals, it's still similar to posting a big flaming troll to one group (like posting recipes to alt.rec.cats) while setting the follow-up header to someplace else, so all replies pollute another group. All the idiots that reply, flood the second group. JCR
Re: OT: phone line 2 ethernet converters
On Tue, 30 Aug 2005 21:41:44 -0300, Gustavo Rios [EMAIL PROTECTED] wrote: Dear friends, sorry for being off-topic, i am able to rent a pair of twist line (a circuit) between my home and and friends one. I wonder if there exist and ethernet extender device that could connect an ethernet cable to a phone line. It would do no special work, just a raw connection between 2 types of layer, i.e, take bits from one end and put it into the another and vice-versa. BTW: i am no engineer (CS Bachelor), so sorry if it sounds too stupid. Does that exists ? PS: yes, i am a user of OBSD and i am using this list cause i know no other best suited for this message, if possible, point me one possible right mailing list for such subject. Here in the US, a plain (uncoiled) circuit between two points is either called an alarm circuit or a dry pair if that's what you got, and you're within distance requirements (wire feet), you can do a number of different things; from all/most the various *DSL technologies, to using CSU/DSU endpoints. Though I don't think much of Cringely, you might find this interesting: http://www.pbs.org/cringely/pulpit/pulpit20010823.html Good luck, JCR
Re: RAID management support coming in OpenBSD 3.8
On Fri, 09 Sep 2005 15:18:58 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: I thought it was time to give some details about the (minimal) RAID management stuff coming in OpenBSD 3.8. Most of this code has been written by Marco Peereboom with some help from David Gwynne and Michael Shalayeff. Moral support and direction from me and Bob Beck who has a pile of these AMI setups. Nice work guys! Theo, what you have described is actually basic or better said common RAID management, so I think calling it minimal is a real understatement. ;-) Thank You, JCR
Re: BIOS/CMOS Plug and Play OS
On Fri, 16 Sep 2005 22:27:45 -0500, Paul Connally [EMAIL PROTECTED] wrote: I've set PNP OS = no on every PC machine I've touched in the last 5 or so years (every flavor of OS, to include Windows, Linux and *BSDs). I suspect most everyone else does too. Most hardware today does what it's supposed to (and if it doesn't, reconfiguring it is fairly simple), so the need to have your OS remap low-level functions in software during the boot of your OS is simply a kludge. If you remember the old days when the slogan Plug n' Pray was common, you probably know to what I'm referring. The main reason why I know nothing about the PNPOS bit is that I've never actually used it and never bothered to read up about it. I've always just written it off as a nightmare waiting to happen and configured things manually. I was setting up a new box tonight, got curious and started wondering if my uninformed/underinformed opinion was still valid? -Or more importantly if anything useful could actually be done with it? The only definitive docs I know of are from MS. http://download.microsoft.com/download/e/b/a/eba1050f-a31d-436b-9281-92cdfeae4b45/SBF21.doc http://download.microsoft.com/download/1/6/1/161ba512-40e2-4cc9-843a-923143f3456c/PNPBIOS.rtf But I somehow doubt MS is willing to tolerate debate on the usefulness of this stuff. ;-) JCR
Re: BIOS/CMOS Plug and Play OS
On Fri, 16 Sep 2005 23:02:23 -0500, Marco Peereboom [EMAIL PROTECTED] wrote: Read at least the mindshare books on ISA and PCI. Let me warn you that the mindshare books are very complementary and for one to be able to fully grasp their content you really should buy and read them all. This will set you back a few hundred $$$ but it is the de-facto standard on PC architecture. FWIW, PnP is dead and no longer relevant. It made sense in the old ISA + PCI days but now it really is redundant. If you read some books that I'll link you to and read the PnP spec you might actually get what its all about. Examples: http://www.amazon.com/exec/obidos/tg/detail/-/0201309742/qid=1126929191/sr=8-8/ref=sr_8_xs_ap_i1_xgl14/102-5807367-4514550?v=glances=booksn=507846 http://www.amazon.com/exec/obidos/tg/detail/-/0201409968/qid=1126929191/sr=8-14/ref=sr_8_xs_ap_i7_xgl14/102-5807367-4514550?v=glances=booksn=507846 Some other very valuable reading: http://www.amazon.com/exec/obidos/tg/detail/-/0201479508/qid=1126929494/sr=2-1/ref=pd_bbs_b_2_1/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201398583/ref=pd_bxgy_img_2/102-5807367-4514550?v=glances=books http://www.amazon.com/exec/obidos/tg/detail/-/0201596164/qid=1126929659/sr=1-1/ref=sr_1_1/102-5807367-4514550?v=glances=books /marco Thanks Marco. The whole MindShare PC Architecture Series looks like a good read. They even have one on particularly on PnP: http://www.amazon.com/exec/obidos/tg/detail/-/0201410133/qid=1126933452/sr=1-14/ref=sr_1_14/102-8201060-2382550?v=glances=books JCR
Re: BIOS/CMOS Plug and Play OS
On Sun, 18 Sep 2005 16:06:56 -0400, Pascal [EMAIL PROTECTED] wrote: I don't know how definitive the Absolute OpenBSD book is considered but in chapter 3, Hardware Setup it is written: First, set Plug and Play OS to NO. This tells your BIOS to do some basic hardware setup, rather than relying upon the OS to do everything. Modern versions of Microsoft Windows expect to handle hardware setup. OpenBSD takes advantage of the BIOS' ability to configure the hardware itself. Many PCI devices will work poorly if you do not set this option! Pascal With no disrespect meant to you or the authors of Absolute OpenBSD (Palmer and Nazario), it's just too easy to vaguely state what the PNPOS bit does but really understanding how it works is going to take a lot of effort and a lot of reading. According to the specs (linked in a previous post), your typical i386 BIOS firmware should be able to configure devices when the PNPOS bit is not set (i.e. no). Conversely, if the PNPOS bit is set, the BIOS firmware should only configure devices required for boot (according to the PC98 standard) and let the OS configure everything else. The trouble is this easy answer only seems straight forward when you read it in a book or elsewhere. Unfortunately, the reality is that not all hardware/firmware is correctly engineered, so blindly trusting that the hardware/firmware guys got it right is really just a leap of faith. JCR
Re: Wireless Strangeness
On Sun, 18 Sep 2005 19:22:32 -0400, Alex Kirk [EMAIL PROTECTED] wrote: ...my wireless configuration: shorty.kirknet.net:~$ wicontrol ... Promiscuous mode: [ Off ] ... wi0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 I'm not sure if it's actually relevant to your connect problems but I noticed for some strange reason, wicontrol is reporting it's *not* in promiscuous mode yet ifconfig is reporting the interface *is* in promiscuous mode? insert tasteless jokes here... Anyhow, trying to have it both ways is probably not going to work out very well. JCR
OpenBSD Hardware Sales
On Mon, 26 Sep 2005 16:37:48 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: Every release, more people download OpenBSD and fewer people buy OpenBSD. But the solution is not to make OpenBSD developers web businessmen. That is a road to slower development. The solution is not to complain about users not buying something which ostensibly takes pride in being available for free; it is to take advantage of good ideas when they are offered. This is such an idea. Wow, free advice as to how I can spend my time. Aren't you kind? Want some advice from me? Actually Theo, yes, I do want some advice from you. (; Though I have serious reservations siding with some clown who dresses up in an imaginary persona like Szechuan Death and goes parading around internet (probably in tights) making whimsical promises, none the less, the idea of the project earning revenue through hardware sales is at least interesting. There is absolutely no point in burdening developers with such tasks since doing so would only result in less code being written. All the same, there are a number of regular folks, users, who support the OpenBSD project and it's developers in the ways that they can... As we discussed a long time ago, I know you dislike the idea not-for-profit organizations in the US (because they seem to support a failed government health care system) but they do have their place and one could be used to both provide hardware to coders (i.e. donations from vendors) and compensate them for all their hard work, expenses and whatnot (revenue from hardware sales). Not everyone using OpenBSD has both the concern and character to make gratis gifts to the project or even buy CD's and T-Shirts but all of them *must* buy hardware. The idea of giving everyone a place to buy hardware _AND_ support the project at the same time might prove to be worthwhile if done correctly. Heck, even a for-profit company selling certified gear and supports/pays/employs a handful developers might be a good thing. Fully indexing chips with products and since this is hypothetical, also archiving the technical documentation for said chips/products, as well as the obvious of providing a way to purchase said products and making sure vendors don't change chips while keeping the same product names/numbers is a staggering amount of work. It would be a full time job for a number of people and developers obviously have better things to do with their time and talent. On the other hand, if such a thing (1) does not add work for developers and (2) provides revenue, hardware and support for the project/developers is it worth discussing the ways it could be done? Is anyone already doing something similar? (Wim?) There are only three primary problems that must solved: (1) Finding the people willing to work on it. (2) Figuring out how to sell hardware online. (3) Figuring out how to tunnel support to the project/devs. It seems possible but then again, I may be wasting my time (and yours) thinking about it? Kind Regards, JCR (an idiot who bought a MegaRAID ATA 133-2 thinking it would work with OpenBSD since MegaRAID was listed as supported)
Re: OpenBSD Hardware Sales
On Tue, 27 Sep 2005 13:19:05 +0100, Stuart Henderson [EMAIL PROTECTED] wrote: --On 27 September 2005 03:04 -0700, J.C. Roberts wrote: (an idiot who bought a MegaRAID ATA 133-2 thinking it would work with OpenBSD since MegaRAID was listed as supported) The new http://www.openbsd.org/lyrics.html#38 suggests it works too, and ami(4) and 'supported hardware' lists don't mention anything to the contrary. Perhaps adding with integrated I/O processor somewhere might be judicious? I think it might just be an ID issue, hence easily solved but I won't get to mess with it again until next week. JCR
Re: OpenBSD Hardware Sales
On Tue, 27 Sep 2005 11:26:08 -0400, Bill [EMAIL PROTECTED] wrote: On Tue, 27 Sep 2005 03:04:19 -0700 J.C. Roberts [EMAIL PROTECTED] wrote: On Mon, 26 Sep 2005 16:37:48 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: Every release, more people download OpenBSD and fewer people buy OpenBSD. But the solution is not to make OpenBSD developers web businessmen. That is a road to slower development. The solution is not to complain about users not buying something which ostensibly takes pride in being available for free; it is to take advantage of good ideas when they are offered. This is such an idea. Wow, free advice as to how I can spend my time. Aren't you kind? Want some advice from me? Actually Theo, yes, I do want some advice from you. (; Though I have serious reservations siding with some clown who dresses up in an imaginary persona like Szechuan Death and goes parading around internet (probably in tights) making whimsical promises, none the less, the idea of the project earning revenue through hardware sales is at least interesting. There is absolutely no point in burdening developers with such tasks since doing so would only result in less code being written. All the same, there are a number of regular folks, users, who support the OpenBSD project and it's developers in the ways that they can... As we discussed a long time ago, I know you dislike the idea not-for-profit organizations in the US (because they seem to support a failed government health care system) but they do have their place and one could be used to both provide hardware to coders (i.e. donations from vendors) and compensate them for all their hard work, expenses and whatnot (revenue from hardware sales). Not everyone using OpenBSD has both the concern and character to make gratis gifts to the project or even buy CD's and T-Shirts but all of them *must* buy hardware. The idea of giving everyone a place to buy hardware _AND_ support the project at the same time might prove to be worthwhile if done correctly. Heck, even a for-profit company selling certified gear and supports/pays/employs a handful developers might be a good thing. Fully indexing chips with products and since this is hypothetical, also archiving the technical documentation for said chips/products, as well as the obvious of providing a way to purchase said products and making sure vendors don't change chips while keeping the same product names/numbers is a staggering amount of work. It would be a full time job for a number of people and developers obviously have better things to do with their time and talent. On the other hand, if such a thing (1) does not add work for developers and (2) provides revenue, hardware and support for the project/developers is it worth discussing the ways it could be done? Is anyone already doing something similar? (Wim?) There are only three primary problems that must solved: (1) Finding the people willing to work on it. (2) Figuring out how to sell hardware online. (3) Figuring out how to tunnel support to the project/devs. It seems possible but then again, I may be wasting my time (and yours) thinking about it? Kind Regards, JCR (an idiot who bought a MegaRAID ATA 133-2 thinking it would work with OpenBSD since MegaRAID was listed as supported) We build e-commerce web sites here... there is ALOT to work out if you plan on just selling the hardware yourself - alot of which involves getting lines of credit, banking, etc, etc. Even if you are going to just drop ship from the manufacturer it still becomes a massive headache unless you can devote full time to this, have lots of money to invest in getting it started, etc. Slightly less entangling would be a user maintained (take work off the dev's) compatibility list that simply pointed to places that were friendly to openbsd in some way (referral fees, donating hardware, etc). I am not sure what those way's would be. If this sounds too simple to be interesting, I am sure ways can be found to complicate it beyond reason. My opinion is that there would not be all that much money to be gained from referral fee's - based on thoughts that: 1) Most people, while grateful something told them which parts were okay would still shop from the normal places they order from (even if the normal place is who ever is lowest cost), 2) referral fee's are not what they used to be - amazon for instance you need to sell about $200 US before you even cover the check writing fee they charge you (unless you give them your bank account number) - and any serious hardware will probably be ordered from somewhere that does not offer referral fees. As for finding the lowest price, there are sites out there that do this... froogle, pricewatch etc... I would say let them keep doing it. Focus on filling in the gap between hearing something works on openbsd and which versions actually do. Then someone can go and find
Re: Load Balancing
On Fri, 30 Sep 2005 18:35:16 +0530, Manpreet Singh Nehra
[EMAIL PROTECTED] wrote:
DHCP | | 172.31.1.1
| |
rl0 | |
---
| OpenBSD |
| |
DHCP| | 172.31.2.1
| |
| |
rl1| | 192.168.1.0/24
---
|
192.168.1.3|
| | rl4
DHCP | | 172.31.3.1
| |
| |
rl2| |
---
| Firewall |
| |
DHCP | | 172.31.4.1
| |
| |
rl3
---
I suggest you learn to use a fixed pitch font for email,
particularly for ascii-drawings, rather than forcing everyone to play
a pointless game of guess the magic font so they can read your post.
JCR
Re: Load Balancing
On Sat, 01 Oct 2005 15:22:18 -0400, Brian A. Seklecki [EMAIL PROTECTED] wrote: So have him send the message pre-formatted to the list? HTML? How about just draw the diagram using ports/graphics/dia/* and export to PNG, post the URL? ~BAS No. When a fixed pitch font is used to create the ascii-graphic, the result is readable just about anywhere -even a terminal. Since the size/with of each character is constant, the result is still readable (i.e. the alignment is correct) with any other fixed pitch font. JCR
Re: No DMA for Cyrix Cx5530 IDE?
On Mon, 17 Oct 2005 09:24:24 +0200, Michael Frost [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Nick Holland [EMAIL PROTECTED] Thanx a lot for your nice words, Nick! Sorry to say they didn't help me anyway. I would recommend you to laugh even more on questions like those I asked as to DMA support on a Cyrix Cx5530 IDE. In the meantime, I got an helpful answer from a FreeBSD mail list. I will keep it for me. ;-)) iD8DBQFDU1GjE2msYDzXbgkRA8WVAJ9EU3ei/AAvRBSbV2cNp83EkHXp4wCcC+o0 W+bmT6uQ6vQsEQtFVfvjyVo= =FyPZ -END PGP SIGNATURE- Michael, It seems you misread Nick's post. Nick was not laughing at you or your question. Most people, new and not so new, fail to provide the information needed to evaluate a problem and fail to follow the posting guidelines for this mailing list (http://www.openbsd.org/mail.html) . You followed the guidelines correctly and Nick was complimenting you on it by pointing out the things you did (i.e. sending dmesg, providing good error reporting and even trying -current). Kind Regards, JCR
Re: New 'trucking' functions?
On Mon, 31 Oct 2005 20:13:36 -0500, Ron Dwyer [EMAIL PROTECTED] wrote: Hmm.according to my fresh new 3.8 CD sleeve; -Increased support for redundancy at all levels, adding sasycnd, trucking, . The least you could do is send in your diff... -oh wait. (; JCR
Re: OpenBSD 3.8 pre-order shipping complete
On Tue, 1 Nov 2005 21:41:07 -0700 (MST), Austin Hook [EMAIL PROTECTED] wrote: The North American OpenBSD distribution centre is pleased to say virtually all OpenBSD pre-orders were shipped on or before release day, Nov. 1. We also pre-shipped a full supply to European distribution, before we took any for ourselves. So Europe should be close behind. The bin with the last 50 or 60 orders that came in over the weekend, will be dumped into the post office tomorrow morning, and aside from a handful of special cases, we are able to start regular new release order processing without any backlog -- which is a big change from past performance. Price increase: due to falling US$ value we had to increase the US$ price of some of the T-shirts today. We had held off a bit to enable pre-orders to take advantage of the older price. OpenBSD T-shirts are still quite a bit cheaper when translated into other currencies, than they were a few years ago, however. We are still encountering significant non-tariff barriers shipping T-shirts to the USA (read extreme paperwork). We have to bypass the faster shipping methods to avoid them. I'm going to discuss this in a future message. We hope everyone gets their 3.8 and associated gear and starts enjoying the new release soon. I know a lot have received theirs already. Please let us know of any damage in transit, or packing errors -- we'll be happy to fix up any such problems pronto. Enjoy! Austin Hook OpenBSD Shipping PS: Thanks to a couple of you who told me that the older OpenBSD 3.6 poster was not selecting properly on the order page. Anyone who wishes to catch up with Puffy the Kid, his wanted poster is available again. Austin, I just wanted to say thanks to you and all the other great people that deal with all the hard work of taking and filling orders for each OpenBSD release. Kind Regards, JCR
Re: OpenBSD CDROM layout definition, Copyright Infringement.
On Fri, 4 Nov 2005 12:49:01 +0530, Siju George [EMAIL PROTECTED] wrote: Hi, I been asked about http://www.openbsd.org/faq/faq3.html#ISO How is the Layout defined??? maybe Nick or Theo or some other responsible person could give an authoritative answer so I can give it back to the person who asked me. If the md5 sum of the ISO image of a custom made OpenBSD CD is different form that of the md5 sum of the ISO image of official CDROM then can it be considered different in lay out??? Thankyou so much Kind Regards Siju Hi Siju, Since you and I are both very much aware of the fact that a single $50 USD technical book or CD costs a months wages in other parts of the world, my bet is you and your friend are asking for the sake of producing a low cost version? If that is the case, you should discuss it Theo directly rather than on this public list. Kind Regards, JCR
OpenCVS Questions
I was looking to learn more about OpenCVS, in particular, reading the cvsintro docs mentioned here: http://www.opencvs.org/manual.html Unfortunately the links are broken. Could someone drop-kick me in the right direction? I need to (better) learn both CVS usage and CVS setup/administration. Thanks, JCR
Re: OpenBSD CDROM layout definition, Copyright Infringement.
On Fri, 04 Nov 2005 19:09:32 -0500, Nick Holland [EMAIL PROTECTED] wrote: In short, if you are wondering if you are too close, you probably are. If you spent some time and effort to put something together that has some of your own thought and planning, you might be just fine. (heh. funny how one's life flashes before one's eyes when interpreting the words of Theo. Be forewarned, Theo has NOT named me his official spokesperson -- you can follow my guideline to the letter, but I won't be the one jumping down your throat. :) Nick. Nick, Of course, no one in the Western world will fault you for eloquently, and accurately answering the question that was actually asked but it takes a bit of experience to even notice the question that was *implied* (in many non-western cultures rather than asking directly which is considered rude, only an implication is made to be polite and respectful). A number of book publishers (i.e. copyright holders) produce what is sometimes called an Eastern Economy Edition of their books. What would be a $50-$100 USD book for you and me here in the US would be sold for a few dollars (if that) in other parts of the world. There are plenty of times when such EEE books are made without the consent of the copyright holder. Some people call it piracy and get upset about it but many publishers just ignore the illegal EEE books since the revenue from the poorer places in the world are not their target market. Instead of just copying the discs, stickers, artwork and jackets without permission and in violation of Theo's copyright on the disc layout, Siju is most likely looking for a way to produce an EEE version of the OpenBSD CD's. And before anyone suggests just use FTP please realize not everyone on the planet is blessed with a high speed (or any speed) internet connection. Many people just count themselves lucky to have some (ancient) hardware to run OpenBSD and they have no internet connection available to them. Kind Regards, JCR
Re: OpenBSD official media
On Sat, 5 Nov 2005 23:35:14 -0600, Marco Peereboom [EMAIL PROTECTED] wrote: You mean because hppa, mac68k, m88k and sparc, just to name a few, have outstanding DVD devices available. Marco, now that's very unlike you -You left out the most important part of the punch line; phear my 1337 DVD-booting vaxen ;-) JCR
Re: OT: 10 things i hate most on unix
On Sun, 6 Nov 2005 00:40:12 -0200, Gustavo Rios [EMAIL PROTECTED] wrote: Hey folks, sorry, but i found this on the web. May someone tell if it is serious, i myself could not believe it. http://www.informit.com/articles/article.asp?p=424451seqNum=1 I didn't even bother loading the page... if it's sarcasm, should be funny, but if it's not funny, the guy is probably serious. If you want a critical look at UNIX, with comparisons, google up a copy of the UNIX Haters Handbook, It's good reading even if you are a devout weenix uni. JCR
Re: IPsec performance
On Tue, 08 Nov 2005 08:51:06 +0100, Vincent Bernat [EMAIL PROTECTED] wrote: Hi ! I have several questions about IPsec performance in OpenBSD. I am using IPsec to maintain more than 60 tunnels and it performs well when those tunnels are idle. Tunnels are either using 3DES or AES. 3DES is due to the fact that clients are using Windows where AES is not available. OpenBSD is running on a Celeron 2.4 GHz and openssl speed aes gives 70 MB/s and des-ede3 gives 15 MB/s. With 40 Mb/s (megabits/s) of traffic, the processor is used at 100%. Why such a difference with the results of openssl speed. Celeron? If your goal is to melt an nearly worthless processor into a completely worthless chunk of slag, Celeron is perfect. I have added an Hifn 7955 crypto card. However, after one hour of managing the 60 tunnels, it becomes impossible to do any symmetric crypto. There is nothing in the dmesg about that. The only solution is to reboot. With the card disabled, there is no such problem. Any idea of why I have this problem ? Just a wild guess but it possibly has something to do with the fact HiFn refuses to make their documentation publicly available and because of this support in OpenBSD is limited. As someone who went to lunch with the HiFn CEO and VP of engineering over a year ago to address this problem, the most I can say is I was told a lot of things but nothing was actually done... The worst part about the experience was the fact Theo told be it would be all talk and no action before I ever met with HiFn. Few things are worse than getting an implied I told you so from Theo. All the same, at least I tried. What kind of hardware will perform 3DES and AES encryption well ? A C3 processor has AES encryption built-in but I must keep 3DES encryption as well and those processors are very slow on general operations. Would an Opteron 2.2 Ghz performs better than an Intel EM64T Xeon 3 GHz ? If I choose a multiprocessor system, will OpenBSD be able to use efficienly the two processors for doing IPsec stuff ? Now think to yourself on this one. You've got 60 tunnels that must be serviced by the processor. A single threaded processor with limited cache and task switching (i.e. Celeron) is the wrong choice if not the worst choice you could make. The fake multi-core Intel stuff called Hyper Threading is a small step in the right direction. Next up would be real multi-core processors, and lastly, your best choice is having multiple multi-core processors. Having an custom ASIC (processor) specifically designed to do crypto running as a co-processing slave to your system CPU is a great and wonderful thing, but only if it actually works. Though it might not solve your immediate problem, it would be good for the project if you contacted HiFn yourself and asked them why their documentation is not publicly available so the open source world can develop drivers. Chris Kenber ckenber(at)hifn.com CEO Russell Dietz RDietz(at)hifn.com VP Eng If, and only if, your real limitation is actually the processing power needed for crypto, then obviously having more processing power will most likely solve the problem. Before you decide the real problem is processing power, please do yourself a favor and look for other possible bottlenecks, like interrupt, network, memory... A machine with multiple general purpose multi-core processor is not cheap (i.e. dual or quad multi-core Opterons would be sweet). Tossing a general purpose CPU at a specific processing problem will help but it's better and cheaper to use custom co-processors, like crypto ASIC's, to address the specific processing task. JCR
Re: IPsec performance
On Wed, 9 Nov 2005 14:34:27 +0100, Henning Brauer [EMAIL PROTECTED] wrote: * J.C. Roberts [EMAIL PROTECTED] [2005-11-08 10:26]: Now think to yourself on this one. You've got 60 tunnels that must be serviced by the processor. A single threaded processor with limited cache and task switching (i.e. Celeron) is the wrong choice if not the worst choice you could make. The fake multi-core Intel stuff called Hyper Threading is a small step in the right direction. Next up would be real multi-core processors, and lastly, your best choice is having multiple multi-core processors. no. there is no benefit from SMP in this case. None at all? -Hmmm... sounds suspicious. I assume Otto is correct about the IPSec implementation being in kernel and not benefitting directly from SMP, yet depending on what *else* is running on the box, smp could still provide some indirect benefit by off loading the other stuff to a second processor/core. Of course, indirect benefits don't scale as more processors/cores are added, so I was dead wrong about having lots of them. Bummer. JCR
Re: Secure Network File System - Or Lack Thereof
On Sunday 15 July 2007, Edd Barrett wrote: Hi, Also AFS is i386 only. -- Best Regards Edd Hi Edd, I was curious if you ever found a decent answer for your question on secure network file systems? The only way I can think of doing it is kerberos and NFSv4. http://mailman.theapt.org/listinfo/openbsd-nfsv4 http://mailman.theapt.org/pipermail/openbsd-nfsv4/2007-January/88.html You might want to ask Peter Hessler (SFOBUG President For Life) or Rick MacKlem (NFSv4 guru). I've cc'd both of them. Also, I noticed your work on TeXLive on ports@ and think you deserve more than a few kudos for it. I even checked out your homepage and porting guide (texlive_port_doc-20070623.pdf). Pg. 11 OpenBSD already has a texi2html package in the ports tree, so do not build it. texinfo is not built because the old teTeX package did not build it. I do not know the reason for this. Some of the mystery may be solved by realizing we have some TeX utilities already in the base system, in particular, texinfo(5) and makeinfo(1) (/usr/src/gnu/usr.bin/texinfo). The texi2html package/port is somewhat redundant since makeinfo(1) is already there and it supports HTML output. Note: there's a few problems with the XML output of makeinfo(1) that kili@ recently resolved but at the moment, the patches have not been committed (see bugs@ system/5518). You'd have better chances of dividing by zero than getting any useful information out of me about (Le)TeX. I've never studied it, and don't use it, but I must say, I've always been curious about it. kind regards, JCR
Re: Secure Network File System - Or Lack Thereof
On Tuesday 17 July 2007, Edd Barrett wrote: HI, On 17/07/07, J.C. Roberts [EMAIL PROTECTED] wrote: Hi Edd, I was curious if you ever found a decent answer for your question on secure network file systems? Not really. I have signed up for free academic licenses of sharity (not light), as sharity-light seemed to be sketchy on file permissions last time i tried it. It will do for now, but in a business situation it would be a VERY expensive solution. At least it has authentication. Linux has some userland SSH mounting facilities, it appears we have no equivalent. I have looked at forwarding the NFS/NIS over a ssh tunnel (ssh -L), but i do not see an option for mount_nfs that allows you to specify the mountd port, so this is not possible. It is possible. How to configure the mount port is in the man page for mount_nfs(8). Each of the various mount_* commands have their own man pages with relevant info for the specific file systems (as noted in the mount(8) man page). You can expect a performance hit for forcing a mixed transport layer protocol (UDP and TCP) like NFS to only use TCP but on the bright side, if portions of your university network are wireless (i.e. packet loss), you're probably better off with TCP anyhow. These guys run NFS over SSH in a mixed environment: http://www.noahk.com/~sparrow/journal/index?user=noahk But there are probably better ways to do it. I have looked into ipsec, but it seems overly complex and overkill for my situation. As for using ipsec, well, the most fair thing I could say is IPSec always looks like overkill. I would never call it easy (although some work is being done to simplify it), but once you get past the learning curve, ipsec VPN's work very well. None the less, your question somewhat implied *not* creating a VPN. I thought that perhaps the OpenBSD developers might have been interested in some sort of OpenSNFS project for example as there is no decent solution, and they did such a great job on OpenBSD/OpenSSH. Thanks for that guys. More than one solution already exists but none of them are simple and all of them have a learning curve. Your question stated a secure network file system and work on such a beast is currently being done... -it's called NFSv4. ;-) http://www.ietf.org/rfc/rfc3530.txt Abstract: The Network File System (NFS) version 4 is a distributed filesystem protocol which owes heritage to NFS protocol version 2, RFC 1094, and version 3, RFC 1813. Unlike earlier versions, the NFS version 4 protocol supports traditional file access while integrating support for file locking and the mount protocol. In addition, support for strong security (and its negotiation), compound operations, client caching, and internationalization have been added. Of course, attention has been applied to making NFS version 4 operate well in an Internet environment. You'd have better chances of dividing by zero than getting any useful information out of me about (Le)TeX. I've never studied it, and don't use it, but I must say, I've always been curious about it. Well if you wish to get started with it, drop me a private email and I can suggest some reading materials and websites. Theres a whole lot more to texlive than just latex (context, xetex, xmlex.. the list goes on), but its not really suitable on the openbsd mailing lists :) Please send them off list :-) PS: Who's that on CC? I'm not a fan of NIS, and since NFSv4 has support for kerberos (and other interesting goodies), cc'ing two of the guys who are working on NFSv4 for openbsd seemed wise (see links in previous post). They are in a much better position than me to tell you what NFSv4 can and can not do. kind regards, JCR
Re: print filter?
On Tuesday 17 July 2007, Fred Crowson wrote: rp|c500|laser|lexmark:\ :lp=:\ :rm=c500.crowsons.net:\ :rp=ps:\ :sd=/var/spool/C500:\ :lf=/var/log/lpd-errs: x41:fred ~ lpr -Plaser which.ps x41:fred ~ tail -2 /var/log/lpd-errs Jul 17 18:14:36 x41 lpd[18903]: x41.crowsons.net requests printjob laser Jul 17 18:14:39 x41 lpd[18903]: laser: lost connection x41:fred ~ I'm guessing you've already made sure that c500.crowsons.net actually resolves to an IP address *inside* your network and you can ping it. I'm also guessing you've made sure your which.ps file is good. You may have fumble-fingered the command to create the ps file of the man page. If you're not sure, just download something that is known-good. Such as: http://www.usenix.org/publications/library/proceedings/usenix98/freenix/deraa dt.ps Check the permissions and ownership of /var/spool/C500 (in my case it's the default /var/spool/output). $ ls -laF /var/spool total 36 drwxr-xr-x 9 root wheel 512 Mar 10 17:31 ./ drwxr-xr-x 26 root wheel 512 Jun 29 00:52 ../ drwxrwx--- 2 smmsp smmsp 512 Jul 17 01:31 clientmqueue/ dr-xr-xr-x 5 root wheel 512 Mar 10 17:31 ftp/ drwxrwxr-t 2 uucp dialer 512 Mar 10 17:31 lock/ drwx-- 2 root wheel 512 Jul 17 01:44 mqueue/ drwxrwxr-x 2 root daemon 512 Jul 17 18:38 output/ drwxr-xr-x 2 uucp daemon 512 Mar 10 17:31 uucp/ drwxrwxr-t 2 uucp daemon 512 Mar 10 17:31 uucppublic/ $ ls -laF /var/spool/output/ total 20 drwxrwxr-x 2 rootdaemon 512 Jul 17 18:38 ./ drwxr-xr-x 9 rootwheel 512 Mar 10 17:31 ../ -rw-rw---x 1 daemon daemon4 Jul 17 18:38 .seq* -rw-r- 1 daemon daemon 26 Jul 17 18:38 lock -rw-rw 1 daemon daemon 17 Jul 17 18:38 status Lastly you might want to try :rp=lp: in your /etc/printcap. If you get the remote printer name wrong, it's bad juju. Make sure you kill and restart lpd after your changes. kind regards, jcr
Re: OT: looking for a videocard
On Monday 16 July 2007, Stuart Henderson wrote: On 2007/07/16 22:36, Matthieu Herrb wrote: You may try the Matrox G550 PCIe. They are PCIe x1, not x16, but it should fulfill all your other constraints. Matrox G-series are really great cards for 2D (and the PCI ones are available very cheaply) but I've always had trouble getting DVI output working under X with them, do you happen to know if DVI (or dualhead) still need the binary module these days? Yes, it's possible without the blob. I've got dual head (both stand-alone and Xinerama) working with both G450 and G550 matrox cards (AGP/PCI not PCIe) using the default X driver (mga) on 4.1. This is over Dsub-15 outputs rather than DVI. Though the G550 supports DVI, I have no DVI monitors to test with it. Resolution on each of the two monitors is [EMAIL PROTECTED] You can push a single monitor up to 1920x1200 but you lose the second monitor (dual head) due to card limitations. For 2D graphics/layout work or countless hours of reading text, nothing works better than Matrox. JCR
Re: Single-user mode stopped
Previous message: - same image booted fine with any other P3 or P4 machines. On Tuesday 17 July 2007, Kevin Cheng wrote: Hi Alexander, Thanks On the first time, I did see following error: d0(pciide0:0:0): timeout type: ata c_bcount: 512 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21 But it went away once booted and no longer appeared, unless I mirrored my HDD again and boot from the same board. How exactly did you mirrored my HDD ? If you are attempting to use some kind of disk imaging tool, then the answer is you've hosed your disk. If you didn't user dump/restore, then you've caused yourself many problems and you're now trying to access a messed up disk. Just pulling a drive out of one system and stuffing it into another will only work if the two systems/bioses identify the disk geometry in the exact same way. If there are differences in the disk geometry reported by the two systems, then it's just a matter of time before the disk is hosed. Try doing a default install, booting from the installation diskette or cdrom (or netbood) and completely refdisk, repartition and reformat the drive from scratch (using the whole disk for OpenBSD). Unless you happen to be dealing with a failing hard drive, your problems will most likely go away. jcr
Re: OT: seeking advice on how to address closed-source-only websites
On Tuesday 17 July 2007, Peter N. M. Hansteen wrote: Do stay polite and to the point though. - P Peter, As sad as it may seem, remaining polite usually means you are just easier to ignore. This holds true for both proprietary formats as well as getting documentation released. Search the msic@ archives for HiFn and read all of the events over the years. I was the person who remained polite with HiFn and I even went so far as to meet with their CEO and CTO about releasing documentation but nothing ever came from my actions. It took *years* of Theo (and the bulk of people around here) repeatedly generating bad press about the closed docs before HiFn finally changed their mind. Though I just happened to be the person that HiFn called when they finally decided to release their docs (more than a year after our meeting and after yet another round of bad press), who they called is irrelevant. My polite efforts actually made *no* difference at all. It was actually the annoyance of continued bad press that made a difference. For notes, Theo told me from the start that I was wasting my time but being the stubborned fool that I am, I had to give the polite route a try. In the end, the only thing that I did was prove Theo was right. As for the folks using proprietary formats, send them an invoice for the cost of MS-Windows Vista Ultimate, Vista Office 2023 and the most expensive Adobe FLASH editing software, then remain resolute about expecting to be paid in full. When they fail to pay, turn them over to a collection agency to affect their credit and start a legal suit against them. Write up what you've done and post it to slashdot, reddit, digg and every other place you can think of, then encourage others to do the same. How quickly do you think Google would change from FLV to MPEG for YouTube if they suddenly got hit with a few million invoices and small law suits? Of course, you'll probably never collect on such an invoice or win such a law suit but that's not the point. The point is to be a pain in the ass, a costly annoyance, and generate as much bad press as possible. Only when changing is in the financial best interest of the company will they ever do anything about the problem, so the most expedient working answer is to make the problem hurt the company. Being polite might be a good first step but you need to accept the fact that it probably won't make any difference at all and if you really want a change, you'll need to know when to stop being polite. Kind Regards, JCR
Re: Single-user mode stopped
On Tuesday 17 July 2007, Kevin Cheng wrote: It was done by hardware mirror machine from http://www.logicube.com/. No issues for Intel to intel platform, but if Intel to VIA then you are right that it's better to reinstall whole thing. This works for 5 years since BSD 3.1 Though it may seem to work, it's not supported and it may not be safe. A more reliable (and supported) way to deal with it would be scripting fdisk(8), disklabel(8) and restore(8). The variance in disk by disk geometry (within the same model number) and the variance in system bioses/chipsets (intel/via) would not make any difference to your scripts. The cool part of scripting it is you can now image multiple disks in parallel (see the -f switch in restore(8)) directly the the hardware where they will run. When you're buying hard drives in bulk by the case, more often than not they all have the same geometry (i.e. same batch from manufacturing), so you can often get away with some kinds of mirroring and other tricks. Unfortunately, it doesn't always hold true and there can be variations within the same model number on a disk by disk basis. Whether or not such variations in drives can cause problems in your mirroring setup is simply unknown but it's something to watch for. I've seen this cause problems with RAIDs. The admin used the entire disk (all of the original disks were identical), then a drive fails, so they get a replacement (same model number) which is slightly different (smaller) and can't be used. wash, rise, repeat, until the admin either finds a drive of the same or slightly larger capacity with the same model number or they just use a bigger drive than necessary (a different model number). If there actually is a safe and reliable way to do disk imaging for OpenBSD, I've never seen it mentioned anywhere. The OpenBSD FAQ says there is no such beast. http://www.openbsd.org/faq/faq4.html 4.14 - - How can I install a number of similar systems? Unfortunately, there are no known disk imaging packages which are FFS-aware kind regards, JCR
Re: OT: seeking advice on how to address closed-source-only websites
On Tuesday 17 July 2007, Jacob Meuser wrote: On Tue, Jul 17, 2007 at 09:11:58PM -0700, J.C. Roberts wrote: How quickly do you think Google would change from FLV to MPEG for YouTube if they suddenly got hit with a few million invoices and small law suits? then they would probably get hit by lawsuits and invoices from MPEG-LA. I get your point, but MPEG isn't any more of a free standard than, say, VRRP. patents, you see. yep, it was a bad example. I was thinking about the recent release ruling against the h.264 patent claims. http://yro.slashdot.org/article.pl?sid=07/01/27/0755234 jcr
Re: Secure Network File System - Or Lack Thereof
On Wednesday 18 July 2007, Edd Barrett wrote: Hello again, On 17/07/07, J.C. Roberts [EMAIL PROTECTED] wrote: It is possible. How to configure the mount port is in the man page for mount_nfs(8). Yes there are 2 ports needed as far as i can see: 1) nfsd port 2) mountd port I'm unsure which the man page is describing. I think you're a bit confused. Neither nfsd nor mountd will let you configure to a specific port. Their man pages state as much. In contrast, mount_nfs(8) is the man page which states you have port control from the client side. To get the general concept of NFSv3 over SSH, read the May 9th entry of the previously posted link: http://www.noahk.com/~sparrow/journal/index?user=noahk Some of the things he's doing seem questionable... There are differences between his setup (FreeBSD/Liux) and OpenBSD, so if you try to run his commands verbatim (as a how to) they will fail. You'll only understand the differences if you read the relevant OpenBSD man pages: man 8 mount_nfs man 8 mountd (see the STRONGLY discouraged note on the -n option) man 8 nfsd man 5 exports man 8 portmap man 8 rpcinfo man 8 sshd man 1 ssh Take a look at the last few sentences of the SSH-BASED VIRTUAL PRIVATE NETWORKS section of the ssh(1) man page... Tunneling the stock NFSv3 over SSH will most likely face similar performance/overhead issues. NFS over SSH can be done, but most would consider it wonky for personal mad hackery, and no one in their right mind would never expect *END*USERS* to ever get it right. It might be fun to tinker with and it may even be useful for you on a personal basis but never forget the fact that you're pushing rope. Current best practice for this sort of thing in production would be an ipsec vpn (usually with centralized authentication like kerberos or similar). Eventually kerberos/NFSv4 will become a viable solution for *just* secure network file systems and should be a usable comparatively lightweight alternative to a full vpn (or wonky ssh/nfs rope pushing exercises). kind regards, jcr
Re: About encryption
On Tuesday 24 July 2007, Brian Hansen wrote: uh, if you expect to work with encryption at all, get used to the ideas of KEY and PASSPHRASE. search for and read a tutorial on encryption and FYI the hand-holding linux folks live somewhere yon, past them hills. I am not interested in the idea of having to keep some private key safe. At this moment I am just looking for the solution provided by Mcrypt, but I am not able to determine if GNUpg is a better choise regarding safety. You already have all the tools you need for simple password based encryption of files. To Encrypt: $ openssl enc -des3 -in filename -out filename.des3 To Decrypt: $ openssl enc -des3 -d -in filename.des3 -out filename Just make sure you remember your password and the cipher you used (des3 in the above example, and hence the unnecessarily descriptive extension .des3 I used on the encrypted file name). These days most would prefer AES or BlowFish over 3DES. All (common sense) rules for password length/entropy still apply and yes, some (possibly most) consider keys far stronger. See man 8 openssl for more details. Also see the -P switch in man rm(1) for deletion of the original, unencrypted file. Lastly, I'm not crypto expert, so do your own research and hope that if I'm wrong in the above, someone around here will be kind enough to beat me with a clue stick. kind regards, JCR
Re: Announcing: The OpenBSD Foundation
On Wednesday 25 July 2007, Bob Beck wrote: The OpenBSD Foundation is pleased to announce today it has completed its organization as a Canadian federal non-profit corporation and is ready for public interaction. Congratulations Bob, Theo, Jason and all the others who have worked hard to make this a reality. Kind Regards, jcr
Re: ppp logging?
On Thursday 26 July 2007, J.D. Bronson wrote: At 06:33 AM 07/26/2007, J.D. Bronson wrote: I am running 4.1-STABLE and having issues with ppp logging. I created /var/log/ppp.log and nothing will log to it when ppp runs (userland pppoe). My ppp.conf file contains the normal stuff: default: set log Phase Chat IPCP CCP tun command set redial 5 1 set reconnect 5 1 att: set device !/usr/sbin/pppoe -i hme0 set mtu max 1492 set speed sync ... ... It appears to be logging to /var/log/daemon (thanks to daemon.info - /var/log/daemon in syslog.conf) but not ppp.log What am I missing to log stuff to ppp.log?? -JD I did just add this to syslog.conf: !ppp *.* tab /var/log/ppp.log and now, I get logging in ppp.log but ONLY on reboot/shutdown. It will not log anything on startup - and all my logging in /var/log/daemon for ppp is now only shutdown as well. Startup is NOT getting logged Help? -JD hi JD, Having stuff duplicated in /var/log/daemon is normal due to the message type and notice level. The addition your syslog.conf file is just telling syslog to *also* log to /var/log/pp.log anything that matches ppp Having startup messages not show up in /var/log/ppp.log is not normal. I suspect either you're not starting ppp properly or you've got permissions hosed on the log files. How are you starting ppp? (hopefully through /etc/rc.local). # start ppp echo ' ppp' ppp -auto att echo '.' Though it's a wicked thing to do (loss of logs), as root try: # cd /var/log # rm daemon # rm ppp.log # touch daemon # touch ppp.log # reboot When rebooted, in both your /var/log/daemon and /var/log/ppp.log you should see ppp reading it's config file, establishing a connection and so on. -jcr
Re: Kuro5hin: OpenBSD Founder Theo deRaadt Has Conflict of Interest With AMD
On Sunday 05 August 2007, Peter N. M. Hansteen wrote: [EMAIL PROTECTED] (Peter N. M. Hansteen) writes: This looks very much like something which was hosted at blogspot.com last week. Somebody on #OpenBSD found it, most people found it and found it for me again, just now: http://rolloffle.blogspot.com/. looks like pretty much the same text. Nice work Peter! At the moment, the blogspot page reads: SUNDAY, AUGUST 05, 2007 I have removed the most recent entry to this weblog on account of outrageous remarks made by Theo deRaadt in response to it and also due to a legal threat from AMD. Thank you for your attention. ABOUT ME NAT V. Hello! I'm you average HDL toolchain designer by day, and by night I like to follow happenings in the open source movement. Welcome to my Blog! The odd part is the K5 article (trollbait) is by David Marcus and the blog only has a single entry (since removed). Something smells very fishy... What bothers me most is Theo and the rest of the devs have to put up with this crap. -jcr
Re: compat_freebsd shared library showstopper
On Monday 06 August 2007, Michael Dexter wrote: Anything else I should try? Did you try installing the emulators/freebsd_lib port? $ cat emulators/freebsd_lib/pkg/DESCR These libraries are part of the FreeBSD compatibility options for OpenBSD. These libraries provide support for binaries built on FreeBSD 2.2.x, 3.x and 4.x systems.
gdb - firefox debugging
I'm looking for all the needed steps to get firefox debug running in gdb. It's my first attempt at this and I've failed to the correct find the mozilla docs (assuming they exist) or details in the misc@, ports@ or tech@ archives. From what I've learned, you're supposed to use the following switches with the /usr/bin/firefox shell script. $ firefox -g You can be more explicit by naming the binary and the debugger. $ firefox -g /usr/local/mozilla-firefox/firefox-bin -d gdb The two are equivalent. Once inside gdb, I know you need to handle some signals. I've tried all combinations of the following signals and handling (nostop etc) without any luck: (gdb) handle SIG32 nostop noprint pass (gdb) handle SIG33 nostop noprint pass (gdb) handle SIGPIPE nostop noprint pass The problem I'm having is the gdb session just stops, without error, and firefox never actually loads. It never stops in the same place twice but it always stops. example (gdb) run lots of output from debug flavor Reading in symbols for nsCSSStyleRule.cpp...done. Reading in symbols for nsJARURI.cpp...done. Reading in symbols for nsReadableUtils.cpp...done. Reading in symbols for nsCSSScanner.cpp...done. Reading in symbols for nsCSSParser.cpp...done. ++DOMWINDOW == 2 Reading in symbols for jsscope.c...done. Reading in symbols for /usr/src/lib/libc/string/strdup.c...done. Reading in symbols for nsTraceRefcntImpl.cpp...done. Reading in symbols for nsXMLDocument.cpp...done. It just sits there like gdb has hit an invisible limit and is waiting for something, and yes, it's sitting in the wait state. (from top) 25200 jcr 100 272M 270M idle wait 0:32 0.00% gdb 16656 jcr 310 7344K 25M stop/0 -0:03 0.00% firefox-bin Reluctantly, I've tried kicking the kern.maxfiles sysctl up as high as 20,000 but that's not the issue (I normally run the default). I'm running 4.1-Stable (updated yesterday). I've tried with both UP and MP kernels. I've tried with both the normal and -debug flavors of the firefox package (2.0.0.3, 2.0.0.4 and my own build of 2.0.0.5). I've tried with a new firefox profile, with no luck. I've tried removing my ~/.gtkrc-2.0 file just in case it was the source of the problem. I've tried running as root just in case it might have been some bizarre permission issue. The problem is not a matter of impatience, since I've let gdb sit there untouched for hours waiting for it to finally load firefox. I've tried both with and without Xinerama enabled, just in case the supposed firefox xinerama superpowers are less super than advertised. In case it's a desktop confilict, I've tried with fvwm, xfce and kde. Sadly, I'm running out of stupid ideas to try, so if you happen to know the right way get firefox running in gdb, puleeese kick the knowledge downstairs to the unwashed. thanks, jcr
Re: OpenBSD/hppa
On Tuesday 07 August 2007, Mark Kettenis wrote: Over the last few weeks I've made some important improvements to the OpenBSD/hppa port. Support for newer B/C/J-class workstations was added, and basically anything but the C8000 should just work. I've also fixed a rather critical bug, which makes machines with a PA-7200 CPU usable again (and makes machines with other CPU's much more stable). And last but not least, support for the NCR 53C720 Fast-Wide SCSI found on many hppa machines has been added to siop(4). With all these changes, I have reason to believe that most of the so far unsupported D-class and K-class servers should just work, or will work with just a small tweak to the code here and there. Unfortunately I don't have such hardware myself, so if people have access to one of these machines, could they give the latest snapshot a go on them and send me (and [EMAIL PROTECTED]) a copy of the dmesg? Thanks, Mark off list please I donated a C3000 and a J5000 awhile ago to help with hppa64 but I'm not sure where those machines are now. If you need them or access to them, you should talk to Theo or mickey or more likely, you already have access to them. I do have other B, C, J, and earlier parisk systems here but no K or D class machines. If you have particular model numbers, I can ask some friends and see what they have. kind regards, jcr
Re: OpenBSD/hppa
On Wednesday 08 August 2007, Jacob Yocom-Piatt wrote: jc, now that i have a bit of hobby funds, i am accumulating other architectures that run openbsd and am interested in having an hppa machine. got any advice on a good one to acquire? leads on where to acquire them and for how much would also be welcome since they don't exactly pop up all over the place when googling. best regards, jake Hi Jake, Mark Kettenis is a better person to ask and I've cc'd him. Also, folks on the lists might be curious about the same thing (I hope you don't mind, and yes, like an idiot I previously posted my own off-list message to the lists). None the less, you're query is missing necessary details, namely your system/location requirements and acceptable cost level. Some PARISC machines are extremely expensive. The one machine that I actually have in use is my C3600, mainly because it's in a usable location and already setup. The C35xx, C36xx and C37xx systems are great general-purpose workstations. The bigger dual processor systems of the J5xxx J6xxx and J7xxx classes are humongous beasts. Just the shipping costs for getting the J5000 to Theo was a few hundred dollars, similarly my J5600 sits unused on a low shelf these days mainly because I have no way to move it with my hands as messed up as they are. There's also a difference between what is great PARISC hardware, and what hardware actually has software support (outside of HPUX). For example, the C8000 is a beautiful and powerful piece of hardware but you must run HPUX. I'd love to find a C8000 loaded to the gills, but then what would I do with it? -In my case, namely hardware design/layout with commercial tools, Cadence has dropped support for PARISC/HPUX. Logically speaking, I supposedly don't *NEED* the best PARISC workstation to do support testing with legacy code/systems. Even if I had the room in my garage and the hands to work on it, I could not justify the cost of getting one of the really bad-ass PARISC boxes. Another issue (particularly with OpenBSD) is 64bit support, multi-core support, and of course, multi-processor support. Whether or not it actually matters depends on your uses/application. At the moment, I have the following PARISC systems here: 700 Apollo 715/100 715/100XC C110 (2) C240 C3600 J5600 I believe I also still have the original snake here as well (the first PARISC box) but if it's here, then buried under other systems in the stacks. If it's not here, then I think I either sent it to mickey@ or possibly I sold it... -it was a very old and interesting machine. The sad part is I'm currently not allowed to lift anything over 5 pounds (2KG) and that's a recent improvement over a few months ago when I could not even hold a book. Moving systems from the stacks to the work bench is just not possible. -And yes, miod@ (correctly and politely) laughed at me for not keeping everything in a usable configuration when he saw the pictures. The best place for most people to find good parisc machines is ebay but if you're lucky enough to have a reseller warehouse in your local area you can usually find better deals with them. The silicon valley has tons of resellers that deal with used gear, and often you can find amazing deals particularly if you buy in bulk. My original message was supposed to be off-list but I'm an idiot more often than I'd like to admit. My reasoning is simple: if I send a thank-you gift to a developer or to the project (a.k.a donation) it's nobody's business but my own. -Why the heck people insist on being listed as a donor for merely (and correctly) showing their appreciation is just weird. I could rant, but I won't. Anyhow, if you really want to play with PARISC (or any particular hardware), the very best thing you can do is check out the wanted hardware list and privately talk to developers who are interested. http://www.openbsd.org/want.html If you find something cool, buy at least two (hopefully more), keep one for yourself and send the rest off to the guys who write the code you use. -It's the one of the best ways to really say thank you to the people doing all the work. Lastly, keep in mind that our fearless developers live all over the world and often hardware that has a trivial cost in your location may be hellishly expensive in other places around the world. Often it's cheaper to buy something in Country X and ship it to Country Y than it is to just send the money. Yes, it's more of a pain in the ass but when you can't code your way out of a wet paper bag, doing the trivial, mindless yet important work is a good way to show your thanks and give your support. kind regards, jcr
Re: OpenBSD/hppa
On Wednesday 08 August 2007, Mark Kettenis wrote: Rest assured, that C3000 and J5000 are put to good use by people even if they run hppa instead of hppa64. But I'm planning to get hppa64 running too on these boxes eventually. :-) Anyway, if you, or someone else on the list, has hppa machines with NCR 53C720 FW-SCSI at gsc0 (type a sv 7c mod 0 hv 90) offset 83 not configured or FW SCSI at mainbus0 (type 4 sv 89 mod 1 hv f0) offset 3f8c000 not configured in their dmesg, could you please contact me off list? Regarding the D-class and K-class model numbers, I'm interested in (partial) dmesgs of all machines that don't have OpenBSD listed as a supported OS on http://openpa.net/systems/index.html. Basically, all K-class models and all D-class models except the D-220/230 and D-320/330. I doubt I personally have what you want but I'll see what can be found. Since I'm unable to move the damn boxes to my work bench, I'll try to find someone to help me next weekend. kind regards, jcr
Re: howto set global environment variable (e.g. PATH, JAVA_HOME)
On Wednesday 08 August 2007, Will Maier wrote: 4. change /etc/ksh.kshrc and create .kshrc sourcing /etc/ksh.kshrc for all users (and in /etc/skel...) And this. ummm. I don't think so. The .profile is read only *once* on initial login. Everything that is spawned from your initial login will inherit the given environment. In contrast, your shell rc files (.kshrc, .chsrc, etc) will be read on each new instance of the shell (which you spawn from your original login). So, if in .kshrc you do something like this: PATH=$PATH:/usr/local/jdk-1.5.0/bin export PATH your path will grow on each new instance of the shell $ echo $PATH /home/jcr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.:/usr/local/java/bin:/home/jcr/ida/ $ echo 'PATH=$PATH:/usr/local/jdk-1.5.0/bin' .kshrc $ echo 'export PATH' .kshrc $ ksh $ ksh $ ksh $ echo $PATH /home/jcr/bin:/bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin:/usr/games:.:/usr/local/java/bin:/home/jcr/ida/:/usr/local/jdk-1.5.0/bin:/usr/local/jdk-1.5.0/bin:/usr/local/jdk-1.5.0/bin $ Is this a really problem? -probably not but then again, it is not what one would expect and violates the element of least surprise. kind regards, jcr
Re: OT: recommendations for a serial/USB UPS?
On Sunday 19 August 2007, vladas wrote: There will often be a reason to ask for help. It comes more readily when the question is accompanied by evidence of what the person has done to get to where s/he is. Often it's then just a clarification that's needed, or evidence like log entries will allow a guru to spot the problem. I do not know who you are, but you do not have the guru attitude. vladas, It seems you are familiar with attitude of gurus from other mountains... When someone is lucky enough to get help from any one of OpenBSD gurus, the help is nearly always delivered in the form of pointing you to the correct direction, and often includes the bonus of a swift, but friendly, kick in the rear to help you get going on your merry way. Surprisingly, the latter part of the help does increase your long term memory of the event, the solution, and how to find the next solution on your own. After a decade of being on the receiving end of such help, I can tell you I've learned a lot from it, and continue to learn from it. jcr
Re: OpenBSd or HP-UX?
On Tuesday 21 August 2007, Alvaro Mantilla Gimenez wrote: Hi folks, I need to install an LDAP server in my job. I am, obviously, an OpenBSD guy but my boss wants to install the server with HP-UX. I need to probe him that OpenBSD is a better solution than HP-UX but google doesn't show a truly comparative between this two OS and there is a poor information about the HP-UX skills doing this role. The price for the solution (HP-UX or OpenBSD) does not matter this time, so the argument OpenBSD is OpenSource and the other is a propietary Unix $$ is not an acceptable argument. Anyone have experience with this two OS?? Is there any heavy reason (argument) to choose one over the other? Remember: it is an LDAP server...not a database servernot a webserver.not a file server. Thanks in advanced, There are two ways you can approach this question; logic and rhetoric. Or better said, reasoning and FUD. The FUD against OpenBSD starts with the fact that it is open source, has limitations on supported hardware (true of all operating systems), and often includes the (mistaken) fact that you cannot get support (-If necessary, you can purchase professional support for OpenBSD from many third-party companies.) In comparison to linux and freebsd, OpenBSD *supposedly* has a smaller installation base, and is therefore a niche product (-no one truly knows for sure how many installations exist of any open source OS). The FUD against HP-UX is that it's a Dead Operating System since PARISC has been discontinued, and Itaniaum support may not continue due to lacking sales. HP-UX also has a history of security problems. Of the commercial UNIX operating systems, HP-UX is a smaller player by comparison, and therefore a niche product. The reasoning for OpenBSD is very active continuous development, very impressive reliability and of course, the buzzword security which tends to overly impress any neophyte (even great security can be void in the hands of a incompetent administrator). The reasoning for HP-UX is brand name recognition, vendor support, and of course job security -when something goes wrong, your boss can blame the brand name vendor in hopes of saving his own ass. LDPA has similarities to both database servers and file servers, so even though it's not an exact match, performance metrics for database/flle servers may be relevant to LDAP. As always, *YOUR* environment and requirements must be tested to get any truly meaningful performance metrics. If you have truly insane load and storage requirements, and an unlimited budget, spending a quarter of a million dollars on a very high end, 16+ CPU, Itanium box running HP-UX may be a better choice than OpenBSD. Then again, if that's really the case, I would prefer to go with big Sun hardware and Solaris under those circumstances. By comparison, the multiple processor support in OpenBSD is for i386 and amd64, and how well it will scale in *YOUR* situation can only be found through testing. Personally, I've never seen a 16+ CPU dmesg, but I'm not a project developer, and someone may very well be using OpenBSD on such hardware. The questions you need to answer are how much load do you expect (and plan for) and how much storage do you require? There are people from this list who deal with fairly large LDAP/SASL installations on OpenBSD. Chris Paul (sentinare.com) and Jason Dixon (dixongroup.net) come to mind but I'm sure there are others. If you honestly expect to have *MASSIVE* loads and storage requirements (i.e. comparable a fortune 1000 company), you should talk to the folks who have done such things, get your own in-house testing done, and then make a decision based on your results. -Anything less is just blind guessing. The best business decision is the solution that gives you the greatest reliability and security for your requirements with the least amount of investment. OpenBSD has a very good chance of coming out on top in the majority of fairly tested comparisons. The corner case of insane loads and storage requirements is the one *possible* exception but even then, it may be sufficient. jcr
OT: Very Strange Bug
Hi list, I'm working on an update to the djvu port in hopes of getting the firefox/netscape plugin working but I've come across something very strange; a bug that disappears when run under a debugger. I've read about this class of bugs in the book How Debuggers Work (by J.B. Rosenberg), but this is the first time I've actually seen one and I'm at a loss as to how to resolve the issue. If you have any suggestions or pointers to further reading on this class of bug, it would be much appreciated. As for why djvu plugin support will be nice of OpenBSD, it's mainly due to the use of this format by the OpenLibrary.org project. I currently have the plugin working perfectly but it only works under gdb. Without gdb, the plugin quietly fails to run for no apparent reason even though firefox can load it without problems. thanks, jcr
Re: OpenBSd or HP-UX?
On Wednesday 22 August 2007, Jacob Yocom-Piatt wrote: tried to take a bit of a side adventure and get HP-UX going on a PA-RISC machine and it's no walk in the park. for cost, support, compatibility and simplicity reasons i've abandoned the project and decided to use other OSes instead. bummer. Was my previous guess was correct that HPUX patches/updates are only available with a HP support contract? If you still have the itch to tinker... not very familiar with LDAP configs here but i imagine there is a way to spread load between machines, making the monolithic solution pointless. thanks for the reminder to investigate LDAP more closely... =) LDAP can do some *VERY* cool stuff including load balancing, fail over and similar. Whether you need a huge monolithic system actually depends on how you define need -See Marc Balmers' post regarding supporting multiple services for 15K accounts with only two servers. Chris Paul over at Sentinare (http://www.sentinare.com) provides SEC/NASD/SOX compliant message archiving with LDAP for publicly traded corporations and as far as I know, it's being done with racks of fast boxes rather than using super behemoth 16/32/64/128 CPU systems. To justify using behemoth systems you must have: 1.) money to burn 2.) insane load and storage requirements 3.) proper cost/benefit analysis and testing Even if you can justify using behemoths, would you rather have a full rack of 32, quad processor opteron systems which you can easily repurpose individually as business needs change, or would you rather spend the more money on a a pair of 64 processor beasts and fight the system partitioning battle? -The answer is usually defined by which flavor of marketing koolaid you drank and/or what kind of incentives the vendor is offering to you personally... there are few things better than an all expense paid eight week training course on some exotic island and there are few things worse than your boss going to the training. :-) jcr
Re: Cardbus not detected on Sony VAIO FX-990
On 8/22/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/08/22 19:39, Niresh Singh wrote: I'm currently using OpenBSD 4.1 -stable. The cardbus is Ricoh 5C476. I've had this problem on OpenBSD 3.9 before but managed to solve it using the guide here and patching it manually. The link is as below: try enabling acpi boot boot -c ... UKC enable acpi 254 acpi0 enabled UKC quit if it helps, you can use config -e to patch a kernel so you don't need to do this manually. On Wednesday 22 August 2007, Niresh Singh wrote: Thanks Stuart.. But the problem is I just wanna enable my cbb1. I just need to know the correct values that I should put so it would work properly instead of just cbb0? Thanks again. generic cbb0 at pci1 dev 2 function 0 Ricoh 5C476 CardBus rev 0x80pci_intr_map: no mapping for pin A : couldn't map interrupt cbb1 at pci1 dev 2 function 1 Ricoh 5C476 CardBus rev 0x80pci_intr_map: no mapping for pin B : couldn't map interrupt Post-patch cbb0 at pci1 dev 2 function 0 Ricoh 5C476 CardBus rev 0x80: irq 10 cbb1 at pci1 dev 2 function 1 Ricoh 5C476 CardBus rev 0x80pci_intr_map: no mapping for pin B : couldn't map interrupt On Wednesday 22 August 2007, Niresh Singh wrote: The problem now is, only the cbb0 is working. And the cbb0 of mine is faulty and can't be used totally. What I want is to make the cbb1 to work instead of cbb0. I tried changing the values but it just didn't work because it keep detecting the cbb0 first. I need to use my wireless pcmcia card urgently. I just want to know how could I just slap the correct values and make cbb1 work. Tried googling but nothing helpful came up. Did you even try what Stuart suggested? Your second, post-patch dmesg shows cbb1 is not getting an IRQ. The thought behind of enabling acpi is to get the kernel to recognize the device configuration, and therefore the interrupt assignment for cbb1. It may, or may not work. You may want to note many acpi improvements have gone into the tree since 4.1, so you might also want to try the current 4.2 beta available in snapshots. The problem is not specifically the Rico 5C475/5C476. I use one here without problems (single slot). The goal of that patch was to be able to *both* the Rico 5C475 at cbb0 and the TI PCI1410 at cbb1 at the same time -a system with two different cardbus chips. I see no mention of the TI PCI1410 in either of your dmesgs, none the less, the patch you applied is trying to force one to exist (on cbb1). Your dmesgs seems to show two Rico cardbus chips, not one Rico and one TI. With the patch, I suspect you are trying to forcefully enable hardware that doesn't actually exist in your system, namely the missing TI PCI1410. The patch did succeed in getting the first Rico at cbb0 working, so it seems possible that duplicating it for the second rico chip might work, maybe something like this... (snip) +#ifdef SRX77_HACK + /* Enable First Ricoh 5C475 PCI-CardBus (cbb0) */ + bzero(pcibios_pir_table[pcibios_pir_table_nentries], + sizeof(pcibios_pir_table[pcibios_pir_table_nentries])); + pcibios_pir_table[pcibios_pir_table_nentries].bus = 1; + pcibios_pir_table[pcibios_pir_table_nentries].device = + PIR_DEVFUNC_COMPOSE(2, 0); + pcibios_pir_table[pcibios_pir_table_nentries].linkmap[0].link = + 0x62; + pcibios_pir_table[pcibios_pir_table_nentries].linkmap[0].bitm ap = 0x200; + pcibios_pir_table_nentries++; + + /* Enable Second Ricoh 5C475 PCI-CardBus (cbb1) */ + bzero(pcibios_pir_table[pcibios_pir_table_nentries], + sizeof(pcibios_pir_table[pcibios_pir_table_nentries])); + pcibios_pir_table[pcibios_pir_table_nentries].bus = 1; + pcibios_pir_table[pcibios_pir_table_nentries].device = + PIR_DEVFUNC_COMPOSE(2, 0); + pcibios_pir_table[pcibios_pir_table_nentries].linkmap[0].link = + 0x62; + pcibios_pir_table[pcibios_pir_table_nentries].linkmap[0].bitmap = 0x200; + pcibios_pir_table_nentries++; +#endif (snip) I doubt the above is correct (it's a wild guess) but you get the basic idea, try to force the two rico chips to become enabled. Needless to say, none of this seems like a good idea but it might work until you figure out a better way to do it. jcr
Re: OpenBSd or HP-UX?
On Monday 27 August 2007, Alvaro Mantilla Gimenez wrote: J.C. Roberts wrote: The reasoning for HP-UX is brand name recognition, vendor support, and of course job security -when something goes wrong, your boss can blame the brand name vendor in hopes of saving his own ass. And this is, i think, the main point for my boss and his not understanding about the advantages of OpenBSD over HP-UX. But...i have hope yet...he does not close the door to the OpenBSD possibility. He wants probes...only i need to find a heavy argument. For example...the developers that port OpenBSD to HPPA and HP300 platformsmaybe they have benchmarks between this machines running HP-UX and/or OpenBSD. It works better?? The hppa port is for 32bit. The hppa64 port will run more modern 64bit parisc systems. With the correct hardware both hppa and hppa64 are usable but you need to realize two things: (1) the ports are still under development and (2) benchmarks lie. The *ONLY* benchmarks that are applicable to your decisions are from the tests that *YOU* run in *YOUR* environment. Your boss should read up on LDAP and realize it was designed to scale by supporting clustering, fail-over and fault tolerance... -In other words it was built to run effectively on a bunch of lower cost commodity machines, as well as on huge expensive beasts. Unless you do a full case study with adequate testing in your environment, there is absolutely no valid justification for spending a ridiculous sum of money on huge massively multi-processor systems. LDPA has similarities to both database servers and file servers, so even though it's not an exact match, performance metrics for database/flle servers may be relevant to LDAP. As always, *YOUR* environment and requirements must be tested to get any truly meaningful performance metrics. If you have truly insane load and storage requirements, and an unlimited budget, spending a quarter of a million dollars on a very high end, 16+ CPU, Itanium box running HP-UX may be a better choice than OpenBSD. Then again, if that's really the case, I would prefer to go with big Sun hardware and Solaris under those circumstances. This is a good point too. Is it the performance of OpenBSD running on Sun computers equal to Solaris?? Personally...i think Solaris...sucks !! But there is no a technical opinion here...it is only i like the OpenBSD way to do the things. For me, Solaris is a like a big dinosaur. In some of the BS comparisons you'll find, OpenBSD is often just slightly slower due to it's memory/stack security and other security measures which other operating systems lack. Since other operating systems do not have these advanced security features, you can't really call the comparisons fair. In general the only truly fair test data you'll find is in the various presentations made by Theo and other developers over the years which compares OpenBSD to itself, with and without specific security features enabled. It can give you a rough idea of the performance cost of the various security features, but you need to realize different archs, systems, and even processors can yield slightly different results for such tests. By comparison, the multiple processor support in OpenBSD is for i386 and amd64, and how well it will scale in *YOUR* situation can only be found through testing. Personally, I've never seen a 16+ CPU dmesg, but I'm not a project developer, and someone may very well be using OpenBSD on such hardware. Anyone that wants share his experience with this type of hardware? There are people from this list who deal with fairly large LDAP/SASL installations on OpenBSD. Chris Paul (sentinare.com) and Jason Dixon (dixongroup.net) come to mind but I'm sure there are others. Do you have their emails?? Please, give my email to them if they decide to share some information with me. (I look the emails too, maybe are public...i don't want to bother anyone with unwanted email). I already gave you their web sites and Jason has replied in this thread suggesting you look at http://www.OpenBSD.org/support.html for people/companies who specialize in OpenBSD LDAP installations. The best business decision is the solution that gives you the greatest reliability and security for your requirements with the least amount of investment. OpenBSD has a very good chance of coming out on top in the majority of fairly tested comparisons. The corner case of insane loads and storage requirements is the one *possible* exception but even then, it may be sufficient. Do you have urls of this fairly tests? You missed the main point. You will never find urls to test results that are truly applicable to your decision. Any benchmarks or testing you might find on the web should be considered irrelevant since they could easily be fake, or wrong, but more importantly, because THEY DO NOT REFLECT RESULTS FOR YOUR ENVIRONMENT. Your system
Re: maybe OT 3 year anniversay of Chuck Yerkes death
On Monday 27 August 2007, ACP wrote: Just wanted to remember you Chuck, take it easy wherever you are. diana Thanks Diana! Chuck is a superstar. To this day I can think of no one who as made me laugh more while at the same time teaching me important technical details. There are countless great Chuck stories, from Chuck telling his conservative Wall Street boss who complained about his regular work attire, shirt, shoes, sober -pick two, to all the hilarious jokes he sent freely as private emails to others in need of help. Chuck always remembered to keep things fun, even the things which he already knew very well... most of us forget to keep things fun when we consider the question mundane, already documented, or common knowledge. -- jcr
Re: FOSS Open Hardware Documentation
On Tuesday 28 August 2007, Edd Barrett wrote: What I would really like to see is SMP for sparc64. Hopefully this has become easier now. The major requirement for SMP on sparc64 is for some extremely talented people having both significant interest and copious amounts of free time. After spending years, if not decades, being yanked around by Sun on requests for proper docs and errata, you can understand why interest in such work isn't very enthusiastic... -about as much of a understatement as saying a supernova tends to brighten things up. ;-) jcr
Re: More on the Atheros driver situation
On Saturday 01 September 2007, Theo de Raadt wrote: Well, it looks like the Linux wireless people have decided that their relatively small modifications to the Atheros driver will be GPL'd, and not given back to improve the driver in the *BSD world. http://marc.info/?l=linux-wirelessm=118857712529898w=2 All the email addresses you need to mail to express your distaste at this are right in that mail, except for one, which is Eben Moglen [EMAIL PROTECTED]. I've done what I can for now; Good luck to the rest of you. No worries Theo. That's easy to fix. Just delete the GPL license and copyright statement from the source files and replace that GNU shit with a nice, clean the BSD license. In fact, while we're at it, let's make a BSD licensed fork of GCC. With a little regex magic, we could have the new BCC fork done by tomorrow. (for those idiots who understand neither sarcasm nor copyright law, please ignore this post) jcr
Re: filesystems?
On Tuesday 04 September 2007, Jona Joachim wrote: On Mon, 3 Sep 2007 18:17:44 +0200 Martin SchrC6der [EMAIL PROTECTED] wrote: 2007/9/3, The One [EMAIL PROTECTED]: FAT32. And everyone can be compiled to read NTFS; Linux can even write to it. FreeBSD can also write NTFS using the ntfs-3g driver together with fusefs. Jona Actually, this is tenative at best. Though some have had success both reading from and writing to various NTFS versions, it's not really a safe thing to do. It's still an undocumented file system, and many typical operations fail disastrously. This week I wasted two different XP installations by attempting to resize the NTFS partition (shrink) with two different open source tools (PartitionLogic and GParted). (mumble mumble mumble about the crap friends ask me to do on an os that I don't run.) jcr
Re: The Atheros story in much fewer words
On Thursday 13 September 2007, Marco Peereboom wrote: On Thu, Sep 13, 2007 at 07:09:09AM -0400, Nick Holland wrote: Free software: It's all about the price. The rest of the talk about freedom, etc. is just trying to keep them from looking like cheap, greedy bastards. At least for an awful lot of 'em. I have to point out that I have been told on this list by a GPL fan that the dictionary definition of freedom isn't correct. He was so friendly to ask me who the hell I was to tell him what freedom means. Freedom for him did mean free + random rules. For all the great things the GPL has done its followers really could do some reading on that whole definition of words thing. RMS_Jones: It's free as in koolaid. SadVictim: Umm... no thanks. RMS_Jones: Then I'll force you to drink it.
Re: The Atheros story in much fewer words
On Friday 14 September 2007, Rui Miguel Silva Seabra wrote: On Fri, Sep 14, 2007 at 02:29:44PM +0200, Paul de Weerd wrote: On Fri, Sep 14, 2007 at 12:24:25PM +0100, Rui Miguel Silva Seabra wrote: | On 2007-09-14 11:13:11, Rui Miguel Silva Seabra wrote: | The spirit of the GNU GPL is to maintain freedom for all | users. | | You don't seem to get the fact that the BSD license is *more | free* than the GPL because the BSD license imposes *fewer | requirements* on distribution. | | You don't seem to get the fact that I'm not even talking about | what's more or less free (in your definition). The BSD has fewer | requirements, but it allows some users to not have the freedoms | you claim to defend. And no, it does not. I'd love to see how an user who gets a modified binary version has the freedom to modify it. Go ahead. Prove me that it doesn't allow some users to loose freedom... Hello again Rui, Though copyright laws and even more so, reverse engineering laws, vary around the world, I'll try to explain to you how things work here in the US. Over here, if you own a copy of a program, you can modify it as much as you want with the exception of circumventing copyright protection mechanisms due the DMCA. Prior to the enactment of the DMCA, you could do anything you wanted with your copy of the work. Though you may see no reverse engineering clauses in many commercial licenses, they actually are null and void because you have the right to modify your copy of the work. Of course, most commercial software forbids redistribution, so you cannot redistribute your modified version of the work/program, but the only thing stopping you from modifying a closed source binary application is your own ability. In the US, and in many countries, you have the right to modify any work to suit your personal needs. It's the law and no license terms can remove your right, so it is impossible for an end user to lose freedom. Though you are right that ordinary people have a responsibility to know the law and that lawyers are merely paid experts, you have none the less failed in your responsibility. You have obviously never bothering to read any of the copyright laws on any nation, or any of the relevant case law or findings, or any of the international treaties regarding copyrights. Of course, you are free to have strong feelings about whatever you like, and hold opinions based on flawed understanding, but as long as you insist on remaining uneducated about the laws, you are failing yourself and failing your supposed duty to make things clear. Please stop. jcr
Re: Wasting our Freedom
On Thursday 13 September 2007, Jason Dixon wrote: It boggles my mind that we can lie around complacently, arguing about installer menus and taking the bait from trolls, while our freedoms are quickly eroding away. The rights and recognition of one of our own developers (reyk@) have been molested, and all we've done as a community is to participate in useless flames and blog postings. Theo has thrown himself, once again, against the spears of the Linux community and their legal vultures in order to protect our software freedoms. How many of us can say we've done our part to defend truly Free Software? You don't have to be a lawyer or OpenBSD developer to make a difference. Email the SFLC and FSF and remind them that Free Software consists of more than the almighty penguin. OpenBSD is arguably the most Free and Open operating system available anywhere. The SFLC and FSF need to remember that they were created to protect victims, not thieves. Your donations are important for keeping the servers running, but your voice is necessary for keeping our freedom alive. Contacts: Eben Moglen - [EMAIL PROTECTED] Lawrence Lessig - [EMAIL PROTECTED] Bradley M. Kuhn - [EMAIL PROTECTED] Matt Norwood - [EMAIL PROTECTED] Hi Jason, I admire your intentions but there are a few things which you need to understand a bit better. First off, I do not know Lawrence Lessig or his involvement, so I do not understand how he made your list. On the other hand, Eben Moglen is arrogant and unscrupulous. His stated goal is to steal as much software as possible and put it under the GPL even when doing so is illegal. If you give him a valid and sound argument why the legal advice he has given is obviously illegal, the very most you will get from him is a facetious reply asking where you are licensed to practice law. -I know this from experience because it is the exact reply I got from him after emailing him this: http://marc.info/?l=openbsd-miscm=118901954525700w=2 Whether they realize it or not, the other two clowns on your list, Bradley M. Kuhn and Matt Norwood (as well as Richard Fontana and Karen Sandler who also signed off on it) are really nothing than expendable cannon fodder for the FSF war against reality. Eben being crafty and cowardly, he decided not to put his name on the list of FSF lawyers signing off on the code theft. Since anyone could easily complain to the Bar Association about lawyers giving out bogus legal advice, and possibly cause them to be disbarred, cowardly Eben is letting others take the fall. http://marc.info/?l=linux-wirelessm=118857712529898w=2 Signed-Off-By: Bradley M. Kuhn [EMAIL PROTECTED] Signed-Off-By: Matt Norwood [EMAIL PROTECTED] Signed-Off-By: Richard Fontana [EMAIL PROTECTED] Signed-Off-By: Karen Sandler [EMAIL PROTECTED] Most of us are also aware of the instance where OpenBSD took some GPL code and replaced the license with BSD. What OpenBSD did in that cases was just as illegal, just as immoral and just as wrong but it was corrected when it was discovered in one of the dev branches of cvs. In the case of Ryek's code, the reverse is true but instead of admitting the mistake and making the needed corrections, FSF has pulled out their lawyers in hopes of getting away with the theft. All of this is being done *intentionally* in hopes that no one will put up a fight. Would Linus put up a fight if someone took his source tree and relicensed the whole thing as GPLv3 without his permission? Yep, you betcha he'd fight and he has already had to put up with a lot of strong arm nonsense from the GPLv3/FSF zealots. The main thing you need to grasp Jason is the people behind the illegal license replacements are doing it *intentionally* so voicing your concerns to them will fall on deaf ears. I'm cc'ing all of them not merely for the antagonistic pleasure but because I want them to know that people do see past their shifty, illegal and immoral ways. Their modus operandi is very simple; keep stealing code until they get busted, go to court, and then go back to stealing as much code as possible. All of their nonsense marketing about freedom and fairness is nothing more than a lie to cover their real intentions; enforcing the insane share or be punished manifesto of their delusional and deranged leader Richard Stallman. If programmers deserve to be rewarded for creating innovative programs, by the same token they deserve to be punished if they restrict the use of these programs. The GNU Manifesto by Richard Stallman can be found here: http://ftp.jaist.ac.jp/pub/GNU/info/GNUGNU If Stallman actually believed a word of what he wrote above, he would still be dedicating all of his works to the public domain since it would have no restrictions. In short, Stallman is a liar. Stallman may be intelligent, persuasive and deceptive but he is neither rational nor wise. A rational man knows deceiving or forcing people to share will only causes
Re: The Atheros story in much fewer words
On Saturday 15 September 2007, Rui Miguel Silva Seabra wrote: On Fri, Sep 14, 2007 at 03:25:38PM -0700, J.C. Roberts wrote: I'd love to see how an user who gets a modified binary version has the freedom to modify it. Go ahead. Prove me that it doesn't allow some users to loose freedom... Hello again Rui, the US. Over here, if you own a copy of a program, you can modify it as much as you want Good luck doing so without any source code. Of course, you are free to have strong feelings about whatever you like, and hold opinions based on flawed understanding, but as long as you insist on remaining uneducated about the laws, you are failing yourself and failing your supposed duty to make things clear. Please stop. You seem uneducated about how powerless someone is without the freedom to change a program because he has no access to the source code. You stop. Rui Actually Rui, what we have here is a perspective gap. You think of things as a typical day-job programmer where your whole world is source code. I think of things as a reverse engineer where everything (source, executables, hardware) can be inspected, understood and controlled exactly as I see fit. If you had done the least bit of homework about the person you were chatting with, you would have realized I am far more educated in the field of reverse engineering than most people you might meet. Unlike most people, I actually do know what can and cannot be done without source code. In fact, my license for the newest and most cutting edge tool in the field arrived in my inbox this morning; it's called the Hex-Rays Decompiler and it's a brand new plugin for the IDA Pro Disassembler. As it's name implies, it can build a high level source code representation from nothing more than a binary. I've been involved with reverse engineering on a professional level for over a decade, and more than twice that as a hobbyist. For *me* bending a binary to my will is not magic, and certainly isn't a big deal. But like all code, it does take time and effort. Also, the result of modification of a binary can be more fragile than working with source simply because there are more ways to get it wrong. But again like all code, if you take the time to do it right, there is no problem. Modifying a binary is certainly not magic and is certainly not difficult. Uneducated, snot nosed kids regularly reverse engineer shareware and successfully disable copyright protection schemes. Search the web for the term crack and you'll see what I mean. Also you should realize the skill set of most of these software protection crackers is pathetic at best. When you get into real reverse engineering, such as reimplementation (or recovery), documentation, augmentation, integration, auditing, analysis, modeling and similar, the skill level required is exponentially increased but it's still not magic and it's still perfectly doable. Though over the years I've managed to learn (and forget) the instruction sets and architectures of more systems than most people can name, I'm by no means special. In fact when it comes to useful talent, I'm on the lower rung of the ladder in comparison to many of the people on this list. If you ask any of the openbsd developers on this list if they thought I was a godly coder of some sort, they would all laugh hysterically at such an absurd suggestion. And so would I. Whether you wish to accept it or not, each of us are only as powerless to change binary programs as we want to be. If you or anyone decides to be powerless, I don't hold it against you mainly because I actually know the pain, agony and near obsessive-compulsive level of dedication it takes to be anything other than powerless. As ironic as it may seem, with today being the long anticipated release of the very first working decompiler, the world of open source drivers is going to get very interesting in the near future. In a few hours, possibly days, after I've installed, read the docs and got a feel for this thing, I could easily build a source code representation from the vendor released Atheros binary windows drivers. Yep, all of the vendor secret sauce and all of the vendor work-arounds for silicon bugs will be sitting right in front of me to read... Rui, you're a bright guy and you've made an admirable attempt to posit your views as well as support them with your reasoning but it's really time to stop. I hope we can agree to disagree on a few things and still go have a beer as friends one of these days. kind regards, jcr
Re: Wasting our Freedom
On Sunday 16 September 2007, Kyle Moffett wrote: On Sep 15, 2007, at 06:33:18, J.C. Roberts wrote: Would Linus put up a fight if someone took his source tree and relicensed the whole thing as GPLv3 without his permission? Yep, you betcha he'd fight and he has already had to put up with a lot of strong arm nonsense from the GPLv3/FSF zealots. OH COME FREAKING ON Can you guys DROP it already? There was NO VIOLATION because nobody actually changed the code!!! The patch that Jesper submitted was a *MISTAKE* and was *NEVER* *MERGED*!!! You are wrong. http://marc.info/?l=linux-wirelessm=118857712529898w=2 http://madwifi.org/browser/branches/ath5k I suggest actually taking the time to get the facts before making completely baseless statements. When you make obviously erroneous statements, it leaves everyone to believe you are either hopelessly misinformed, or a habitual liar. -Which is it? jcr
Re: Wasting our Freedom
On Sunday 16 September 2007, Jeff Garzik wrote: J.C. Roberts wrote: http://marc.info/?l=linux-wirelessm=118857712529898w=2 Link with outdated info. http://madwifi.org/browser/branches/ath5k Link with outdated info. I suggest actually taking the time to get the facts before making completely baseless statements. When you make obviously erroneous statements, it leaves everyone to believe you are either hopelessly misinformed, or a habitual liar. -Which is it? Please take a moment to understand the Linux development process. A better place to look would be 'ath5k' branch of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-dev.g it but nonethless, the fact remains that ath5k is STILL NOT UPSTREAM and HAS NEVER BEEN UPSTREAM, as can be verified from git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git (official linux repo; nothing is official until it hits here) Part of the reason why ath5k is not upstream is that developers are actively addressing these copyright concerns -- as can be clearly seen by the changes being made over time. So let's everybody calm down, ok? Regards, Jeff Jeff, Look at what you are saying from a different perspective. Let's say someone took the linux kernel source from the official repository, removed the GPL license and dedicated the work to public domain or put it under any other license, and for kicks back-dated the files so they are older than the originals. Then they took this illegal license removal copy of your code and put it in a public repository somewhere. You'd be perfectly content with such a development because it had not been officially brought upstream by the offical public domain or whatever project? No, you would most likely be absolutely livid and extremely vocal getting the problem fixed immediately, so your reasoning falls apart. If the people who could fix the problem continued to ignore you, and the people in leadership roles tell you then intend to steal your code, then you would continue to get more angry and vocal about it. Now take it one step further. For the sake of example, let's assume all of this atheros driver nonsense went to a German court and the GNU/FSF/SFLC/Linux or whoever you want to call yourselves lost a criminal copyright infringement suit. You have now been legally proven to be guilty code theft. After such a ruling let's assume some jerk was to do the all the horrific stuff mentioned in the first paragraph above to the linux source tree, along with a little regex magic to call it something other than linux and seeded the Internet with countless copies. At this point, the GNU, FSF, GPL and all of the hard working Linux devs are now stuffed. A company could download the bogus source, violate the now missing GPL license, claim you stole the code from someplace else on the `net and illegally put your GPL license on it... Worst of all, they now have your past conviction of criminal code theft to back up their assertion about the way you normally operate. You should be concerned. The above is an immoral and illegal but still practical attack on the GPL and all of hard work by many great people. By having some people within the GNU/FSF/GPL camp indulging in code theft to push their preferred license and the reasonable folks in the GNU/FSF/GPL camp refusing to voice a strong opinion against code theft, you are weakening your own license. jcr
Re: Wasting our Freedom
On Sunday 16 September 2007, Kyle Moffett wrote: Secondly, what the HELL is with you guys and the personal attacks?!?!? You said I am hopelessly misinformed, or a habitual liar??? You are right and I apologize. I've received plenty of personal attacks from your group, and failed to hold my temper when dealing with you. You and the rest of the linux kernel devs need to realize there are a lot of angry people who are tired of being ignored by the powers that be in the GNU/FSF/GPL/SFLC. The claimed distinction between the linux kernel, the linux operating system, the various linux distros, the GNU project, the FSF, and the SFLC is pedantic at best to the rest of the outside world. As far as everyone else on the outside is concerned, you are all one large project working together. When some part of your project is indulging in code theft, it makes all of you look bad, regardless if it's upstream, downstream, sidestream or otherwise. When linux/gpl developers and linux/gpl lawyers refuse to take a stance against code theft, you look like one big happy family doing everything you can to put as much code as possible under your preferred license regardless if it's illegal or immoral. I knew darn well that I wouldn't be winning any new friends in the linux/gpl/gnu camp by voicing an unpopular opinion to your project, but after being ignored, you too would want to find the people on the other side with the spine to stand up and say code theft is wrong. Would you stand by quietly, tolerate being ignored, and accept delay tactics of unethical lawyers if the roles were reverse? Would you be willing to be called every untoward name in the book by voicing your dissenting opinions clearly and loudly? I have. jcr
Re: Statement by SFLC (was Re: Wasting our Freedom)
On Sunday 16 September 2007, Eben Moglen wrote: Also, and again for the last time, let me state that SFLC's instructions from its clients are to establish all the facts concerning the development of the current relevant code (which means the painstaking reconstruction of several independent and overlapping lines of development, including forensic reconstruction through line-by-line code reviews where version control system information is not available), as well as to resolve all outstanding legal issues, and to make policy recommendations Everyone is expecting yet another one of your lovely recommendations which very simply reads: steal and infect everything you possibly can and refuse to pass on the rights that you have received. http://lwn.net/Articles/248223/ As you do your imaginary painstaking reconstruction the whole world can see you refuse to practice what you preach in the supposed spirit of your steal-alike license because you refuse to pass on the rights you have received. The required work has been made more arduous because some people have chosen not to cooperate in good faith. When you stated you intend to secure as much code as possible under your license of choice, you mistakenly told the world you had no intention of cooperating in good faith with anyone. But making threats of litigation and throwing around words like theft and malpractice was a Really Bad Idea Speaking of Really Bad Ideas, you trained us. The only time we get any form of response is when we continue to become more loud, more abrasive, more aggressive, and more accusational. As long as people in your camp continue to use your license and lawyers as a weapon to push your free as in koolaid political agenda there will be people like me who will stand up and fight against your theft, your malpractice, your stalling tactics and your legal bullying. I hope the name Pavlov rings a bell. jcr
Re: Wasting our Freedom
On Sunday 16 September 2007, Jeff Garzik wrote: Daniel Hazelton wrote: If the OpenBSD developers want to attack the Linux Kernel community over patches that were *NEVER* *ACCEPTED* by said community, it should be just as fair for the Linux Kernel community to complain about those (unspecified) times where OpenBSD replaced the GPL on code with the BSD license. And, as said before, the place to take these complaints is the MadWifi discussion area, since they are, apparently, the only people that accepted the patches in question. Although it's true the code is not yet upstream... Given that we want support for Atheros (whenever all this mess is sorted), I think it's quite fair to discuss these issues [in a calm, rational, paranoia-free manner] on LKML or [EMAIL PROTECTED] *WE*, the people on the Linux Kernel ML, *CANNOT* fix the problem with the *MADWIFI* code having accepted patches which violate Reyk's copyright. Given that we want it upstream, it is however relevant. We want to make sure we are aware of copyright problems, and we want to make sure any copyright problems are fixed. On a side note: MadWifi does not really describe the Linux ath5k driver, the driver at issue here. Some mistakes were made by Linux wireless developers, and those mistakes were corrected. Linux Kernel != FSF/GNU If it was then RMS would not be attacking Linus and Linux with faulty claims just because Linus has publicly stated that the GPLv2 is a better license than v3 Amen. 100% agreed. Jeff Thanks Jeff. I've been told both on list and off, as well as both politely and impolitely that including the Linux kernel mailing list was the wrong thing to do. Though I certainly do take serious issue with a handful of people at the GNU/FSF/SFLC who have been acting in bad faith, the code in question is per se intended to become part of the Linux kernel. The code has not been accepted upstream as you say but that is still the intended goal. Saying something like: Linux Kernel != FSF/GNU is quite similar to saying: Windows != Microsoft In both cases, the pairs of terms may not be equal but they are certainly related. Also in both cases, the former term is most often considered part of the latter term. Just as the Linux kernel is under the GPL of the FSF/GNU, equally Windows is under EULA of Microsoft. You are correct in stating a distinction technically exists, yet in common language of everyday people, the terms are interchangeable even though it is pedantically incorrect to do so. Please pardon the comparison with Microsoft, it is not intended as an insult in any way, but does serve nicely as an example. There are some extremely talented and altruistic people who put their hard work under the GPL license. Some of the Linux kernel developers are on my personal list of ubergeeks deserving hero worship for their continuous contributions. I am certain some of them are far more fair minded and well thought than I will ever be. With that said, if you had been ignored and even stone walled by the GNU/FSF/SFLC and you wanted to reach the more pragmatic and free thinking minds which use the GPL license where would you go? The linux kernel mailing list is the best answer. As much as you may have disliked my action of involving the Linux kernel mailing list, please understand it was not an attack, but instead it's a plea for help on an issue which will, eventually, affect you. If some of the outstanding members of the linux kernel development team were to contact the people who have been illegally messing with licenses on the atheros code and ask them to quit messing around, it could do a lot of good towards resolving this issue. In doing so, you'll not only end the current pointless waste of time between GPL/GNU/BSD, but you'll also prevent the pointless waste of time of discussing this to death on lkml when the time comes to move the code upstream so you have better atheros support. The people who have done this illegal license swapping nonsense will not listen to Reyk, will not listen to Theo (which some will say is a difficult thing to do) and will not listen to me (which is probably more difficult than listening to Theo). All of three us are in the wrong camp simply because we use a different license. My hope is the people responsible for the illegal license swapping will hopefully listen to you, the Linux kernel developers. If you'd like to see all of this end, rather than carry on and on and on until it winds up in court, please do something. Please try asking the people responsible to quit messing with licenses. kind regards, jcr
Re: Openbgpd routing for redundancy.
On Fri, 06 May 2005 16:58:39 -0600, Abraham Al-Saleh [EMAIL PROTECTED] wrote: I should additionally add (sorry about that), that it's not something that hasn't been considered in the past, and I'm considering it again, I just need to weigh costs for this with the costs for making our internet connection redundant, as well as the man power required, time it will take, and risks associated with each, which is why I came to the list asking for more information on using openbgpd, or bgp in particular. Abe, I suggest you reconsider your stance on collocation. The answer (due to HIPPA) may not be a provider of collocation facilities but actually having another physical site controlled by your company. I haven't actually read all of the HIPPA requirements but due to friends, I've got a good idea how much of a pain in the ass they can be. The reason for collocating is logical. Sure, you may have a pair of APC Matrix 5000 units and a generator at your current site... -But heck, even my garage has the very same equipment! The difference is life and death decisions are not made based on the ability to access the machines in my garage. In your business, any inability to access medical records could cause people to die. You're in a totally different league and have to face a ton of liability if something goes wrong. Let's say you go through the expense of full redundancy at your single site and when I say full I mean everything from multiple power drops from different chunks of the local grids, to at least pairs of generators, custom redundant wiring/circuits, staged UPS's all the way down the proverbial power line to the CPU's... -You're still vulnerable. The reason is simple, anything from a major disaster in Farmington Utah, to something as trivial as a fiber cut (i.e. someone with a backhoe accidentally ripping out network lines), you're still hosed. Having multiple sites is the same logic as having redundant APC Matrix 5K units but it's applied on a more effective scale; If one gets hosed, you cross your fingers and hope the second will pick up the load. If you have only one site, you still have a single point of failure regardless of how many redundant lines you attach to it. I understand the costs involved with having a second site, but in general the industry understands HIPPA compliance is expensive and worse yet, liability is even more expensive. The multi-site redundancy, though costly, would be a sales advantage due to the reduced liability it offers. Even if you can not afford to do it now, it would still be worthwhile to have plans in place on how it (eventually) will be done. If the legal department of some HMO client/partner requires site redundancy, you add implementing your plan to the costs of their contract... ;-) JCR
Re: beginner, intermediate, and advanced scripting
On Sat, 14 May 2005 23:39:11 -0700, Eugene Hercun [EMAIL PROTECTED] wrote: Thank you for your responses. Sorry I could not reply sooner since I went to work before I posted this e-mail. Anyway, I might have missed it, but did anyone recommend a book regarding scripting for BSD with perl? I think were getting a little bit off topic in the last few posts... =) Eugene Well, what else would you expect considering your post itself is actually off topic for this list... ;-) I own over fifty different types of hammers and each has a particular use for which is was designed. Though most of them could drive a nail into a piece of wood, some are better suited for that particular task than others. In the end, what makes a good hammer comes down to the task you will preform, the time you'll invest in completing it and the time invested by others who must maintain your work. When you're just starting out, it may seem like a waste of ether to watch two knowledgable guys like Jason and Adam debate fine points, but knowing those fine points will serve you well in making your own decisions. There are a lot of ways to drive a nail and what works best for *you* will take some experimentation on your part. As for learning perl, RTFM. Once you get through the basic documentation provided with perl, start reading other peoples code and the free tutorials available on the web, then finally move onto reading the books. The O'Reilly Perl Bookshelf is a good place to start and a good value for the money if you insist on buying books. http://www.oreilly.com/catalog/perlcdbs4/ Also, finding the right resources, mailing lists, web boards and the like will definitely help a lot more than the OpenBSD lists. A good place to find such things for perl is at the monastery http://www.perlmonks.com As for getting started: http://www.perlmonks.com/?node=Tutorials#perlstart Since you want to know why some people claim perl is a good scripting language, there is only one single viable reason for the claim; the reason is because you can write scripts with it. Obviously, the same is true about many other languages. The term good is subjective and always an invitation for debate. As for general advice on learning perl, I can think of two things: (1) Though it didn't exist when I learned perl, IMHO, the best advice for a novice is to always put use strict in your scripts. The flexibility of perl gives you enough rope to build a bridge across a chasm or to quickly hang yourself and every one you know. Putting use strict in your code will not prevent the latter but it can help you avoid some of the less than obvious programming mistakes. (2) Use the long form syntax in your code until you get really familiar with the language. Like all languages that offer a short form syntax, perl code written for brevity just looks like line noise to the unindoctrinated. Knowing both/all long and short forms is important but which works best for *you* is your own decision. JCR
Re: beginner, intermediate, and advanced scripting
On Sun, 15 May 2005 05:32:07 -0500, [EMAIL PROTECTED] wrote: To add to your excellent analogy with hammers, Do you drive across town to get that one best hammer to drive one nail? Oddly enough there are times when it's actually worth the effort to go across town to pick up a hammer better suited for the particular job of driving a single nail but equally, as you've implied, there are other times when you're better off just using the hammer you happen to have with you. If that single nail has any chance of being something that must be maintained by someone else or has any chance of growing into something larger, you really don't want some wise ass like me coding the darn thing in a language like whitespace or brainf*ck for the fun of it. Of course, the real problem is at the start you just never know what the initial code might eventually become... OT. I use PHP, I like PHP. Perl Monks: PHP - it's training wheels without the bike -- Randal L. Schwartz Pretty accurate. (But imagine PHP if perl didn't exist;) Keep away from people who try to belittle your ambitions. Small people always do that, but the really great make you feel that you, too, can become great. - Mark Twain Hmmm... since I already shaved my head tonight, it's a little late for Occams' Razor, none the less, just follow the money. Randy Schwartz is in the *BUSINESS* of promoting perl, so such statements are to his financial advantage. Language zealots more often than not have financial incentives for promoting their views. Some sell books, others sell their services and still others want their existing skills to seem valuable to potential employers. Everybody's got to eat, so you can't call the biased (self) promotion entirely bad and realistically, it's unavoidable. I can not even mention OpenBSD without in some strange way promoting the value of my own (limited) ability to use it. As long as you recognize the agenda being pushed, you can draw your own unbiased conclusions. Sure, perl has it's place in the world but so does PHP, PDP-11 assembly and the countless other languages out there. Just because I happen to own the 40 pound maul of a PDP-11 Assembly Language Manual does not mean the poor bastard that will be asked to maintain my code is going have the same hammers that I have. The choice of language is only part of the answer, since then you must answer the questions of syntax and style; the syntax and style I prefer to use in *my* C code may make it easier for *me* to work on it but there are countless people out there which prefer some other syntax and style which would make it easier for them to understand and work on the code. There are people with particular, peculiar and very strong opinions about the best syntax to use within a single language such as case/switch, goto and other legal statements. The issues of style, spacing and formatting are equally fraught with strong opinions of the best way to do it. Kind of brings to mind a joke; A Britt, a Scotsman, an Aussie, a Texan, a New Yorker and a Californian were sitting in a bar... -None of them could understand what the others were saying. (But imagine PHP if perl didn't exist;) As for what PHP would become if it was the only language on the planet that people used and improved, the answer depends on which language zealot you happen to ask. I'm quite sure Paul Graham would very happily tell you all the logical reasons why the end result would eventually be a dialect of LISP. ;-) JCR
Re: beginner, intermediate, and advanced scripting
On Mon, 16 May 2005 01:13:03 +0900, Joel Rees [EMAIL PROTECTED] wrote: I'm quite sure Paul Graham would very happily tell you all the logical reasons why the end result would eventually be a dialect of LISP. ;-) And perl is a dialect of LISP, isn't it? :-/ I would bet said self proclaimed expert would say the current perl is still lacking in some essential way but still insist that sooner or later it *MUST* become LISP to be any good and of course, the same is true for all programming languages. I'm really not sure what I find more disturbing; the fact someone is crazy enough to publicly proclaim such things or the fact there's a chance he may actually be right. - Joel Rees (A FORTH dreamer, imprisoned in a Java world) You need to start using FIFTH, preferably filled with single malt. It works a lot better for dreaming than Java. JCR
Re: error messages
On Mon, 16 May 2005 18:45:29 +0300, Kaj Mdkinen [EMAIL PROTECTED] wrote: I connect to my firewall with putty. How can I get rid of messages like these from appearing in my ssh terminal session? These appeared twice a second so it is wery hard to work with the console. (It was obviously someone trying to get access to something?) May 16 18:30:05 localhost sshd[21201]: Failed password for root from 64.42.53.150 port 48385 ssh2 May 16 18:30:06 localhost sshd[21201]: Received disconnect from 64.42.53.150: 11: Bye Bye May 16 18:30:08 localhost sshd[12553]: Failed password for root from 64.42.53.150 port 48446 ssh2 May 16 18:30:08 localhost sshd[12553]: Received disconnect from 64.42.53.150: 11: Bye Bye May 16 18:30:11 localhost sshd[23351]: Failed password for root from 64.42.53.150 port 48543 ssh2 May 16 18:30:11 localhost sshd[23351]: Received disconnect from 64.42.53.150: 11: Bye Bye May 16 18:30:14 localhost sshd[13243]: Failed password for root from 64.42.53.150 port 48628 ssh2 First of all, do not log in as root. Use sudo. And if you're smart, disable root ssh access. Second, the messages are the result of a brute force attack on your system. They are most likely going after your root password since you have ssh for it enabled. Add the offenders IP address to your pf block list. JCR
Re: ssh
On Mon, 16 May 2005 23:25:29 +0300, Kaj Mdkinen [EMAIL PROTECTED] wrote: Is there any way to configure ssh to allow root access from private network address. and at the same time allow ssh-access from outside for other users (not root) ? What part of the words Do *NOT* login as root have you failed to understand? Log in as a regular user. If you *need* root permissions for some operation, then use sudo. If you absolutely *must* become root, then use su. JCR
Re: Openbsd 2.8 on a Sparc IPC
On Tue, 17 May 2005 09:44:51 -0500, Bill Jones [EMAIL PROTECTED] wrote: OpenBSD main 2.8 GENERIC#96 sparc 9:54AM up 438 days, 7:03, 1 user, load averages: 0.31, 0.16, 0.10 Damn! You got me beat. :-) A few days ago I finally retired a 486-66MHz running OpenBSD 2.9 Yes, I know it's not a good idea (TM) to let a system languish like this but when done correctly, the bragging rights are a lot of fun. ITDude: Our firewall is a quad 8GHz bone cruncher running checkpoint Me: really, well mine is an old 486 that I found in the trash... JCR
Re: beginner, intermediate, and advanced scripting
On Tue, 17 May 2005 15:21:04 +0200, Thierry LACOSTE [EMAIL PROTECTED] wrote: I found Adam's criticism of perl quite convincing. What language(s) do you use and/or recommend for system administration? Regards, Thierry. Adam is not wrong but Nick Holland is right. Every language has both flaws and features; Give *something* a try. Learn it. Use it. If you're not satisfied (or more likely get curious about other languages), try something else. Knowing idiosyncracies of a language, like the things Adam pointed out, only keeps you from learning things the hard way. If you think perl is the only language that suffers from idiosyncracies, you will be very disappointed. JCR
Re: Thank you for your payment!!!
On Tue, 17 May 2005 09:52:59 -0500, [EMAIL PROTECTED] wrote: Dear Customer, Thank you very much for questin or purchase. Please provide confirmed shipping address by paypal. For trucking shipment item(such as TV or washer/dryer), please provide shipping phone #, so trucking company can notice delivery date before delivery. When you contact to us after purchase thru ebay, please include your name, ebay username, model No, purchase date on ebay, so we can give you answer faster. Thank you very much again. Refurbking Tel:847-437-0708 Fax:847-437-0710 For the folks on misc@ -I called these people and alerted them to the possible (probable) fraud attempt from a paypal account with a public mailing list set as the email address. JCR
Re: Nine months girl begin learning OpenBSD!
On Tue, 17 May 2005 21:32:20 +0200, Frank Denis \(Jedi/Sector One\) [EMAIL PROTECTED] wrote: OpenBSD still lacks software for kids like a compiler, an assembler and a debugger? -Nope, they are all included. Paint? -kids these days ask for the strangest toys... ;-) JCR
Re: ssh
On Tue, 17 May 2005 14:26:51 -0600, Bob Beck [EMAIL PROTECTED] wrote: What part of the words Do *NOT* login as root have you failed to understand? this is crap. logging in as root is not a sin. we recently removed this poopoo advice from OpenBSD anyway. See my rant about this in the archives. -Bob With all due respect for your opinions (and contributions), I still disagree. I wouldn't go so far as call logging in as root a sin but having the root account accessible to world does increase your risk exposure. Personally, I see no point in having a privileged user name (root) both known and available for attack. Heck, even microsoft suggests renaming the Administrator account to something else. Though brute force attacks on strong passwords are not practical, they are still possible and giving away a privileged account name simply gives an attacker leverage. Of course, if you're tasked with maintaining a system in an unmanned station at the south pole, the ability to log in as root when something goes wrong may be worth the added risk. On the other hand, if you can physically access the system easily, there's little point in running an unnecessary risk even if the risk is very small. I see it as no different than having services shut off by default. In the end, our job is to manage risk and opinions of what is acceptable risk will vary wildly. You also need to accept the vast disparity between yourself, a seasoned and knowledgable sysadmin, and the new guy on the block who just installed the OS for the first time and failed to use a strong password on his root account. Is the new guy better off disabling root access over ssh and not logging in as root or is he better off getting hacked because of his novice mistake of using a weak root password? Is the new guy better off having his shinny new linux box hacked because he made the novice mistake of failing to shut down an unnecessary service that was on by default? Of course there's no way to save the world especially from itself but I think if you can avoid a taking an unnecessary risk, you're better off avoiding it. At least that's my take on it. I don't see it as a crap/not-crap issue; it's just a difference of opinion on acceptable risk. Though your opinion of root logins is obviously different than mine, I hope now you can at least see why I hold the opinion that I do. If I've missed something obvious out Risk Management 101, please let me know what it is. I don't think my opinion is crap but then again, that's just my opinion of my opinion and I could be wrong on that one as well. ;-) JCR
Re: ssh
On Thu, 19 May 2005 00:12:29 +0900, Joel Rees [EMAIL PROTECTED] wrote: This whole thread has me wondering if I haven't been kidnapped by aliens. No, not recently. Since the accident where you toasted the neural interface on the Enterprise, we've been just trying to get off this rock. Of course, you wouldn't remember any of this but let me tell you, next time we visit, we are not letting you fly the ship, play with the transporter or test fire the Death Star... -sigh, what was High Commander Zaphod thinking? You seemed perfectly happy on the HoloDeck with that Blond Galactica Hottie Clone but noo, Zaohod wanted to test your reflexes. ;-) JCR
Re: 3.7 is released!
On Thu, 19 May 2005 10:40:27 -0600, Theo de Raadt [EMAIL PROTECTED] wrote: May 19, 2005. We are pleased to announce the official release of OpenBSD 3.7. Happy Birthday Theo! Thank you for yet another year of hard work on OpenBSD. Best of luck to you and all the developers at the hackathon. Kind Regards, JCR
Re: Alpha - floppy as root device ?
On Sat, 21 May 2005 14:05:45 +1000, Steve Murdoch [EMAIL PROTECTED] wrote: Hi all, Can someone throw me in the right direction. I have an Alphaserver 1000. The SCSI drives have failed so I have installed a PCI IDE contoller and IDE drive. The SRM doesnt recognise the IDE so after install I wont be able to boot from the drive. Is thee a way to have the floppy as the root device ? Thanks, Steve Since it's an alpha, I sort of doubt you'll be rebooting it often but either way, floppies are horribly unreliable. A better bet would be to netboot it or if possible CDROM. Failing either of those, a better bet would be a SCSI addin card. I have a few alphas over here and if memory serves me well, one them has a pair of SCSI cards (in a Digital Server 5000), so I can probably spare one of the cards. If you want, I could dust off the machine and look up the exact cards it has. JCR
Re: djbdns DNS server? Status, Pros and Cons?
On Tue, 24 May 2005 22:13:34 +0200, Anders Jvnsson [EMAIL PROTECTED] wrote: Hello folks. I recently bought a very good book: Mastering FreeBSD and OpenBSD security They have a chapter dealing with DNS servers and there they mention djbdns, they think it has some strong point s so I am somewhat curios about if anybody out there has any viewpoint about using this instead of BIND, especially since the last version djbdns I found was from 2001??! I can't believe that it is so good that it is no need to patch it now and then? Your innocent, newbie question has proven itself in the past to be an invitation for a flame war on this list. Check the archives if you're curious. You're on thin ice and you'll probably get a lot of mail off list since no one wants a repeat performance. If a well written complete *_Operating_System_* like OpenBSD can go the 8 years since 1997 with only one remote hole, a well written single application like djbdns going the 4 years since 2001 without issue should not be difficult for you to imagine. Let me guess, -you're used to running gnu/linux or microsoft products? The easiest way to sum up previous discussions of the topic is simple: Many people swear by djbdns because it is well written code but on the other hand, many people swear at djbdns because of it's poorly written license. Both djbdns and the BIND implementation that comes with OpenBSD are very good ways to do what you want. Take your pick. If you want the pros and cons of each, search the archives. Asking (again) on the list for the viewpoints of users on which is better is really just asking for trouble. The advice above was given to me off list in 2001 by Chuck Yerkes when I asked basically the same question that you did. ;-) JCR
Re: interface groups and pf
On Thu, 16 Jun 2005 20:55:48 +0200, Henning Brauer [EMAIL PROTECTED] wrote: So, after cleaning up the interface abstraction code in pf with Ryan before the Hackathon, I worked on interface groups integration to pf. Henning, Ryan and all involved -Very Amazing Work. Thank You! JCR
Re: OT: Hardware keyloggers embedded in new keyboards?
On Mon, 20 Jun 2005 17:45:53 +0200, Dimitry Andric [EMAIL PROTECTED] wrote: On 2005-06-20 at 17:00:57 Artur Grabowski wrote: the data, nothing prevents them from installing a keylogger (surprise) or a camera that will film the keyboard or a microphone that will record the keyboard clicks so that they can analyze the clicks and steal your password from that. They can also install any number of other surveillance devices into your computer or your house, including an amplifier for their orbital mind control lasers. Nah, much cheaper to use good ol' rubber-hose cryptanalysis. ;) Nope, rubber-hose cryptanalysis actually takes effort and might qualify as exercise for the practitioners, so the simple, effort-free, Bar-O-Chocolate cryptanalysis method would actually be a lot easier... http://news.bbc.co.uk/1/hi/technology/3639679.stm And no, if you happen to be a 200lb, 6'3 balding male in his mid thirties, then the effectiveness of the Bar-O-Chocolate method is not improved by dressing up like a girl scout. -Well, at least that's what I've been told. JCR
Re: raid controllers (3ware vs. intel and lsi)
On Tue, 21 Jun 2005 11:07:40 -0400, you wrote: I have been looking to upgrade a server to an AMI card with a few disks in drive enclosures. Thing is, there are so many enclosures out there. Any recommendation for SATA disk enclosures? Thanks in advance, First of all, your question was off list but I think the following might be helpful to others on the mailing list, so I sanitized things removing your name and such, then bcc'd you. I hope you don't mind. Your question is good but tough to answer. There are a lot of companies making enclosures of various types and not all of them are designed well. The important thing is knowing what to look for... Things you need to consider are: (1) What type of SATA drives? (SATA/150 1.5Gbps) or SATA/300 3.0Gbps) -There are not many SATA/300 enclosures out on the market at this point since it's so new. They may exist but I don't know of any SATA/300 add-in enclosures on the market, so you might end up buying a whole new rackmount case with a properly vented/cooled SATA/300 backplane (www.servercase.com or www.rackmountpro.com or www.supermicro.com or where ever). (2) What's the case layout (i.e. how many open 5.25 slots) and how many disks do you need to fit in there? -You can go with single drive enclosures (one disk in each 5.25 slot) or multiple drive enclosures (four disks across three 5.25 slots or three disks across two 5.25 slots ...) (3) What kind of cooling does the enclosure provide? -Are fans redundant, how many fans, aluminum or plastic housing ... (4) What kind of warning/alarms dose the enclosure provide? -Things like fan failure, temp warning, power/voltage, LED or audible alarm, ... This is a good article from the EE Times that addresses the issues I mentioned in my other post to the list. If you're choosing enclosures, it's worth reading. http://www.eetimes.com/story/OEG20031017S0044 The article above mentions the 3ware documents on good design of enclosures. You can find those docs here. http://www.3ware.com/gooddesign/pdf/Storage%20Chassis%20Test%20Specification.pdf http://www.3ware.com/gooddesign/pdf/AMCC_SATAGdD_0604.pdf If the 3ware PDF links don't work, you'll probably have to go through their bullshit registration to download them. http://www.3ware.com/gooddesign/gooddesign.htm Obviously, 3ware makes enclosures, http://www.3ware.com/products/ata.asp the same is true for Promise Technologies: http://www.promise.com/product/segment_lv2list.asp?segment=Drive%20Enclosures and StarTech: http://startech.com/ststore/itemlist.cfm?product_desc=SATABAY3category=P10130itematr=all=1pdays=onsale=0 and Cremax (ICY Dock) http://cremax.com/ SuperMicro (www.supermicro.com) has SATA backplanes and enclosures for many of their cases and they usually do a very good job with cooling. Their web site sucks but with a bit of effort you can find stuff. As for what's the best, I'm certain every marketing/sales department of the above companies would tell you a different answer. Since I haven't used all of the products, I don't have much of an opinion on what is the best. The only opinion I have is knowing what I look for (cooling, alarms etc) and why I look for those features. I hope this helps... JCR
Re: Speed isn't everything, luckily for OpenBSD.
On Fri, 22 Jul 2005 21:10:53 -0400, Nick Holland [EMAIL PROTECTED] wrote: There is just *no* way to explain just how wacked Linux looks to someone who is having to go from OpenBSD to Linux for some stuff at work. Wow. You'd swear it was written by an unorganized mob with no central control or plan at all. Oh, wait... Nick. ROTFLAMO! -If you think the Server/Desktop linux distros are bad, you should see some of the completely wacked linux incarnations that ship with custom reference boards from various chip manufacturers. JCR -- A: Because idiots do not know how to configure their email programs. Q: How does top-posting happen? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Need Quad Ethernet for router box
On Thu, 21 Jul 2005 17:21:22 -0600 (MDT), Diana Eichert [EMAIL PROTECTED] wrote: On Thu, 21 Jul 2005, Daniel Polak wrote: SNIP Bill, As it happens I have been e-mailing with SysKonnect about the SK-9S22 and a possible quad port card today! They are thinking about a doing a quad port card but need to be sure that there is enough interest. Anybody interested in a quad port SysKonnect card please e-mail me and I will pass on your e-mail address to SysKonnect so they can let you know when the quad port card becomes available. Don't hold your breath, they've been talking to me for over 2 years about a particular card and they have yet to produce it and my work day perspective usually gives me some sway with vendors. diana Speaking of day jobs, vendors, vaporware and stuff that goes *REALLY* fast, have you gotten to play with the 10G myrinet stuff yet? I'm still suffering from dehydration due to drooling at the announcements on their website. JCR -- A: Because idiots do not know how to configure their email programs. Q: How does top-posting happen? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: Speed isn't everything, luckily for OpenBSD.
On Sat, 23 Jul 2005 01:08:04 -0400, Brad [EMAIL PROTECTED] wrote: On Fri, Jul 22, 2005 at 09:43:29PM -0700, J.C. Roberts wrote: On Fri, 22 Jul 2005 21:10:53 -0400, Nick Holland [EMAIL PROTECTED] wrote: There is just *no* way to explain just how wacked Linux looks to someone who is having to go from OpenBSD to Linux for some stuff at work. Wow. You'd swear it was written by an unorganized mob with no central control or plan at all. Oh, wait... Nick. ROTFLAMO! -If you think the Server/Desktop linux distros are bad, you should see some of the completely wacked linux incarnations that ship with custom reference boards from various chip manufacturers. Ya but the intention is for embedded use. The end-user typically has no interaction with such distributions. I'm not saying that's a good excuse to make the developers lives harder though. I *think* we agree but I'm still a bit unsure of your point? Sure, the ASIC vendors *expect* us to know the exact incantation to mumble over our voodoo chicken sacrifice in order to get their stuff working but I think this mess is not very different than the whole optimization nonsense seen so often here on the OpenBSD lists. Whether it's a new atmel ARM SoC chip or some custom built video or crypto ASIC, the people in the best position to provide sane defaults are the folks that built the darn thing. In the world of linux where there are no sane defaults and everyone is *expected* to turn a few zillion hidden knobs, a whole lot of time/money gets wasted, again and again and ... JCR -- A: Because idiots do not know how to configure their email programs. Q: How does top-posting happen? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: MIPS64 and PPC 970/970MP future support?
On Sat, 23 Jul 2005 02:00:50 -0700 (PDT), Anon Y. Mous [EMAIL PROTECTED] wrote: Hi: Now that SGI has declared bankruptcy, what is the future of mips64 hardware support under OpenBSD-CURRENT? Also, since Apple has switched to Intel effective 2006, what is the future of ppc970 (and ppc970MP) hardware support under CURRENT? Thanks, [EMAIL PROTECTED] I have not found any solid announcement that SGI is pushing up flowers but by their stock price, things are obviously not going that well for them. Short term, both situations are good for the project since they reduce resale value of equipment. If you think Apple hardware is over priced, you obviously have never looked at SGI pricing. Used hardware from both companies tends to hold resale value far better than the typical commodity hardware. When you have to outfit a couple dozen open source developers with needed hardware, things can get real expensive. Long term (i.e. in a number of years), it's bad for both the project and market in general since it will mean less diversity in architectures. Companies are just not investing in new processor and supporting architecture design like they once did. Too many Good Ideas (tm) have been patented to death to prevent competition and new market entrance. JCR -- A: Because idiots do not know how to configure their email programs. Q: How does top-posting happen? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
GForge, project management, ERP or similar
I've been asked to set up something like GForge (http://gforge.org) to manage projects but I've got no experience with this kind of software. They're not exactly sure what the heck they want but of course they want something to deal with organization of projects and people via the net. If the machine is going to sit on the net, I'd like it to be running OpenBSD. Anyone with experience with project management suites out there? Possibly Project-Open ? http://www.project-open.org Searching ports@ and misc@ for gforge and g-forge turns up nothing so if I want to run it on OpenBSD, I'll probably have to port it. Thanks, JCR -- A: Because idiots do not know how to configure their email programs. Q: How does top-posting happen? A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
Re: clustering SMP machines: MPICH2 build error
On Sat, 30 Jul 2005 21:24:15 -0700, J.C. Roberts [EMAIL PROTECTED]
wrote:
On Sat, 30 Jul 2005 20:46:56 -0500, [EMAIL PROTECTED] wrote:
when i try to build MPICH2, i can successfully configure the
source, but the make yields the following error:
...
compiling ROMIO in directory adio/common
gcc -I/home/X/mpich2-1.0.2p1/src/binding/f77
-I/home/X/mpich2-1.0.2p1/src/binding/f77
-I/home/X/mpich2-1.0.2p1/src/mpid/ch3/include
-I/home/X/mpich2-1.0.2p1/src/mpid/ch3/include
-I/home/X/mpich2-1.0.2p1/src/mpid/common/datatype
-I/home/X/mpich2-1.0.2p1/src/mpid/common/datatype
-I/home/X/mpich2-1.0.2p1/src/mpid/ch3/channels/sock/include
-I/home/X/mpich2-1.0.2p1/src/mpid/ch3/channels/sock/include
-I/home/X/mpich2-1.0.2p1/src/mpid/common/sock
-I/home/X/mpich2-1.0.2p1/src/mpid/common/sock
-I/home/X/mpich2-1.0.2p1/src/mpid/common/sock/poll
-I/home/X/mpich2-1.0.2p1/src/mpid/common/sock/poll -O
-DFORTRANDOUBLEUNDERSCORE -DHAVE_ROMIOCONF_H -I.
-I/home/X/mpich2-1.0.2p1/src/mpi/romio/adio/common/../include
-I../include -I../../include
-I/home/X/mpich2-1.0.2p1/src/mpi/romio/adio/common/../../../../../src/include
-I../../../../../src/include -c ad_fstype.c
ad_fstype.c: In function `ADIO_FileSysType_fncall':
ad_fstype.c:306: error: structure has no member named `f_type'
ad_fstype.c:320: error: structure has no member named `f_type'
*** Error code 1
Stop in /home/X/mpich2-1.0.2p1/src/mpi/romio/adio/common.
*** Error code 1
...
I was sent the following off list by another user and figured it would
be helpful. I have not tested it myself.
JCR
--
The statfs structure doesn't have f_type anymore (see man 2 statfs and
/usr/include/sys/mount.h). For a quick hack, edit ad_fstype.c and
replace f_type with f_fstypename in lines 306 and 320. The file should
make it through the compiler than (I tested this on 3.7, x86
architecture).
$ diff -u ad_fstype.c.orig ad_fstype.c
--- ad_fstype.c.origSun Jul 31 00:26:33 2005
+++ ad_fstype.c Sun Jul 31 00:29:36 2005
@@ -303,7 +303,7 @@
# endif
/* FPRINTF(stderr, %d\n, fsbuf.f_type);*/
# ifdef NFS_SUPER_MAGIC
-if (fsbuf.f_type == NFS_SUPER_MAGIC) {
+if (fsbuf.f_fstypename == NFS_SUPER_MAGIC) {
*fstype = ADIO_NFS;
return;
}
@@ -317,7 +317,7 @@
# endif
# ifdef MOUNT_NFS
-if (fsbuf.f_type == MOUNT_NFS) {
+if (fsbuf.f_fstypename == MOUNT_NFS) {
*fstype = ADIO_NFS;
return;
}
--
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
Re: FTPS recommendations?
On Tue, 2 Aug 2005 00:23:48 +0200 (CEST), [EMAIL PROTECTED] wrote: On Mon, 1 Aug 2005 12:49:49 -0500, Bob Bostwick \(Lists\) [EMAIL PROTECTED] wrote: I am implementing an FTP server and need it to use SSL/TLS. I know ftpd doesn't support this, and was wondering if anyone had any suggestions on an alternative. I know SFTP exists, but that is not an option, as the clients are not going to change. I know pure-ftpd supports this, but didn't know if there was anything better or not. As you already seem to know, the best answer is to use something that's reasonably secure like SFTP. Since FTP over SSL/TLS is going to require configuration changes on the client side and possibly upgrades of client-side software, why not just require a new client that supports SFTP? There are free SFTP clients out there for most platforms, heck there's even at least one free client for MS-Windows (FileZilla on sourceforge comes to mind). You're talking about hanging yet another box on the net supporting an outdated, insecure and most importantly, difficult (often blocked or messed up by NAT) protocol. Wrapping FTP in SSL/TLS dose help some of the problems but it does not solve all of them. Kind Regards, JCR I'm sorry but there's no e.g. official AnnonSFTP-Patch/Modification for OpenSSH. As far as I know you're not able to splitt the SFTP from the SSH-Account (I don't mention any unofficial Patchs wich may work). That's why FTPS-Servers, or at least FTP-Servers wich support SSL/TLS, are still in use. The best example is maybe the AnonCVS-Hack you've to apply if you wanna set up an AnonCVS-Server. So as far as I know every SFTP-User needs an SSH-Account. FTP-Servers have offen a seperated Account-File wich isn't related to the official System-Accounts at the Server. Kind regards, Sebastian Thanks Sebastian. You stated important info that I failed to mention. I don't mean to be confrontational but personally I didn't think there was any point in securing anon/public access? Since the original poster is trying to secure logins, anon/public access is kind of outside of the scope -probably the reason why I forgot to mention the ssh accounts. ;-) JCR -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?
