Re: pf-altq-bandwith_problem
I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I get a download time of 3 minutes, the upload is of 10 seconds... :s Hi, Just a shot in the dark here. Maybe I totally misunderstood your sentence: When I get a download time of 3 minutes, the upload is of 10 seconds... Did you mean: _While_ I get a download time of 3 minutes, the upload is of 10 seconds... If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it. Sorry if my question is beside the point! :o) -Martin
Re: pf-altq-bandwith_problem
If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it. [Joe PC] -- [OpenBSD box] -- Internet, limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes. So I do the needed rules on pf.conf to make Joe get only 100Kbs of the interface in OpenBSD box serving Joe PC. If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly what I want, the 100Kb limit. (at the same time I'm not doing anything with the net, like browsing or getting mail...) If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem appears, and the speed ups in a factor of 40x. If I change the bandwidth value on altq rule of pf.conf, then the speed of put a file on OpenBSD box also changes, but is 40 times more speed. I mean, I want simetrical 100Kbs limit on the interface to Joe PC, can I have this setting? When Joe downloads _from_ the OpenBSD box, then queuing is involved (and seems to work in your case) because the majority of data (FTP data) is being sent *out* of the OpenBSD box (hence, in the outbound direction from the point of view of the interface) and therefore _is_ subject to your queueing parameters. When Joe uploads _to_ the OpenBSD box, then queueing is _not_ involved since the data is coming _in_ to the box, and ALTQ cannot shape _incoming_ traffic. The way I see it, the only way for you to shape traffic symmetrically in both directions is to run your FTP server on another machine than the OpenBSD one, make sure that traffic between Joes' box and the FTP server gets _routed_ via the OpenBSD box, and apply your queue on the Joe-side interface and on the FTP-side interface. That way, you'll be shaping the traffic going from Joe's to the FTP box as well since the FTP traffic from Joe's uploads will be shaped at the egress interface when the packets are moving from the OpenBSD box towards the FTP server. Hope this helps, -Martin
Possible to change indent length from 8 to 4 spaces in mg?
Hi, I've been trying to figure out how to change the indent length when pressing the TAB key in mg from the standard 8 spaces to 4, but I haven't been able to find any setting that would seem to achieve this. The man page and Google didn't turn up anything. Is this at all possible in mg? Thanks, -Martin
Strange tos bits?
Hello list, I have a problem with an IPsec peer. My OpenBSD 4.1 responder (obsd in the tcpdump below) doesn't reply to pings in the tunnel. The initiator is an OpenBSD 4.1 appliance (not GENERIC kernel, but I don't think that's the problem). There are two NATed hosts behind the peer-gw, and one of them works fine. The len 160 packets are icmp echos btw. The problematic peer is sending packets that gets TOS 0x3. If I understand the ECN RFC correctly, this means the sending router has set the Congestion Experienced codepoint, ie it is congested. I see the point for TCP, but this is UDP, so I'm not sure what behaviour is expected. Is OpenBSD dropping these packets because of this? If the sending gateway is broken I just need to get back with a good explanation. 15:58:16.725725 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 1 len 132 [tos 0x3 (EC)] (ttl 51, id 1823, len 160) 15:58:19.737917 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 2 len 132 [tos 0x3 (EC)] (ttl 51, id 30812, len 160) 15:58:22.757857 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 3 len 132 [tos 0x3 (EC)] (ttl 51, id 29700, len 160) 15:58:25.778924 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 4 len 132 [tos 0x3 (EC)] (ttl 51, id 17471, len 160) 15:58:27.412816 peer-gw.22417 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x01CE4B59 seq 41 len 132 (ttl 51, id 60525, len 160) 15:58:27.412897 obsd.4500 peer-gw.22417: [no cksum] udpencap: esp obsd peer-gw spi 0xDA9BB2EC seq 41 len 132 (ttl 64, id 20442, len 160) 15:58:28.799610 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 5 len 132 [tos 0x3 (EC)] (ttl 51, id 7672, len 160) 15:58:29.265331 peer-gw.22417 obsd.4500: [udp sum ok] NAT-T Keepalive (ttl 51, id 35799, len 29) 15:58:32.772233 peer-gw.19062 obsd.4500: [udp sum ok] NAT-T Keepalive [tos 0x3 (EC)] (ttl 51, id 11876, len 29) 15:58:36.919621 peer-gw.19062 obsd.4500: [no cksum] udpencap: esp peer-gw obsd spi 0x916EDE15 seq 6 len 132 [tos 0x3 (EC)] (ttl 51, id 32119, len 160) I'm trying to track down where these TOS bits are set, but have had no luck yet. tia -martin
Re: What's a patch? Can I build only changes to openbsd source?
On Tue, 20 May 2008, Kendall Shaw wrote: I'm following -stable until I read some more, and I'm unclear on some aspects of syncing source. There was an earlier post about why there are no security patches for 4.3 listed at: http://www.openbsd.org/pkg-stable.html Is that different from: http://www.openbsd.org/errata43.html which lists some patches? The first link is for add-on packages which are not part of the OpenBSD base system. The second is for patches of the base system. Since running -stable, there were changes to userland in /usr/src which I built. Was that not considered a patch? If I understand your question correctly, you may find the answer here: http://www.openbsd.org/stable.html Of interest: [..] OpenBSD provides a source tree that contains important patches and fixes (i.e. those from the errata plus others which are obvious and simple, but do not deserve an errata entry) [..] [..] * Errata entries are made for bugs which affect many people. Other patches may be merged into the patch branch if they affect a few people in drastic ways. -Martin
Re: What's a patch? Can I build only changes to openbsd source?
On Tue, 20 May 2008, Kendall Shaw wrote: Can you also help me understand these words about -current, from the FAQ: There are also flag days and major system changes that the developers navigate with one-time tools, which mean that source-based updating is not possible. There are changes that don't occur in the source? Maybe it's better if someone else confirms what I'm about to say (and corrects me if I'm wrong), but here's how I understand it: Sometimes, there'll be such important and drastic changes in some parts of the source that it becomes impossible to compile this new version of the source using the tools/kernel built with the older version of the source, before the drastic changes were committed. In these cases the developers use some one-off methods/tools to get the tricky parts of the new sources compiled. With the relevant tools/parts updated in a customized fashion they can then perform a recompile of the whole base using the traditional methods and release a binary-form snapshot, which people running -current are expected to upgrade with if they want to continue following -current. Makes sense? -Martin
[OT] Python License [WAS: Re: Why Perl for pkg_* tools ?]
Hello, How about the python license? Not that I'm really capable of rewriting and/or patching the pkg_* tools but from a license point of view I think that the license under which python is distributed is quite similiar to a BSD license. Especiall this: GPL-compatible doesn't mean that we're distributing Python under the GPL. All Python licenses, unlike the GPL, let you distribute a modified version without making your changes open source. The GPL-compatible licenses make it possible to combine Python with other software that is released under the GPL; the others don't. as a footnote in the license makes me think that way. Given that is there any chance realistic chance that python will be part of the obsd default at some point in the forseeable future? In any case is it missing auditing, general interest (or any other point I can't think of right now). Personally I'd really like to see python being included in obsd base License is here: http://www.python.org/download/releases/2.5/license/ http://www.python.org/download/releases/version/license/ It's probably, as with all languages, just personal favor, but mine goes in the direction of python :) /martin On Thu, May 22, 2008 at 5:23 PM, hyjial [EMAIL PROTECTED] wrote: Hi list ! Reading through OpenBSD's codebase, I have noticed that the code living under src/usr.sbin/pkg_add is written in Perl. Perl is distributed under the Artistic license, though. The latter is not as permissive as the BSD license under which monst of OpenBSD is released. No doubt that is the reason why Perl lives in src/gnu. Why have such a tool using a non-BSD package when there was choice not to do so ? What technical reasons have lead the developers to elect this language ? I am just curious about the fact and didn't manage to find information in tech@ and mis@ archives. Thanks in advance. Hyjial. -- http://www.xing.com/profile/Martin_Marcher You are not free to read this message, by doing so, you have violated my licence and are required to urinate publicly. Thank you.
ciss on hp DL385 G5?
Hi, We're trying to install OpenBSD on a HP ProLiant DL385 G5. But as shown in the dmesg below, the RAID controller (HP Smart Array P400) is not detected. According to the ciss(4) man page it should be supported. Has anyone got OpenBSD to install on such a machine? -martin OpenBSD 4.3-current (RAMDISK_CD) #9: Mon Jun 2 12:57:51 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/ RAMDISK_CD real mem = 2134159360 (2035MB) avail mem = 2072326144 (1976MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xee000 (66 entries) bios0: vendor HP version A09 date 03/27/2008 bios0: HP ProLiant DL385 G5 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST acpiprt0 at acpi0: bus 5 (EXB0) acpiprt1 at acpi0: bus 8 (EXB1) acpiprt2 at acpi0: bus 11 (EXB3) acpiprt3 at acpi0: bus 3 (EXB4) acpiprt4 at acpi0: bus 0 (PCI0) acpiprt5 at acpi0: bus 67 (EXBA) acpiprt6 at acpi0: bus 70 (EXBB) acpiprt7 at acpi0: bus 65 (EXBD) acpiprt8 at acpi0: bus 64 (PCI1) cpu0 at mainbus0: (uniprocessor) cpu0: Quad-Core AMD Opteron(tm) Processor 2356, 2300.37 MHz cpu0: FPU ,VME ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8 ,APIC ,SEP ,MTRR ,PGE ,MCA ,CMOV ,PAT ,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,MMXX,FFXSR,LONG, 3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative pci0 at mainbus0 bus 0: configuration mode 1 vga1 at pci0 dev 3 function 0 ATI ES1000 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Compaq iLO rev 0x03 at pci0 dev 4 function 0 not configured Compaq iLO rev 0x03 at pci0 dev 4 function 2 not configured uhci0 at pci0 dev 4 function 4 Hewlett-Packard USB rev 0x00: irq 11 Hewlett-Packard IPMI rev 0x00 at pci0 dev 4 function 6 not configured ppb0 at pci0 dev 5 function 0 ServerWorks HT-1000 PCI rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 13 function 0 ServerWorks HT-1000 PCIX rev 0xc0 pci2 at ppb1 bus 2 pchb0 at pci0 dev 6 function 0 ServerWorks HT-1000 rev 0x00 pciide0 at pci0 dev 6 function 1 ServerWorks HT-1000 IDE rev 0x00: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets, initiator 7 cd0 at scsibus0 targ 0 lun 0: TEAC, DW-224E-V, C.CA ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 0 ServerWorks HT-1000 LPC rev 0x00 at pci0 dev 6 function 2 not configured ohci0 at pci0 dev 7 function 0 ServerWorks HT-1000 USB rev 0x01: irq 5, version 1.0, legacy support ohci1 at pci0 dev 7 function 1 ServerWorks HT-1000 USB rev 0x01: irq 5, version 1.0, legacy support ehci0 at pci0 dev 7 function 2 ServerWorks HT-1000 USB rev 0x01: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 ServerWorks EHCI root hub rev 2.00/1.00 addr 1 ppb2 at pci0 dev 15 function 0 ServerWorks HT-2100 PCIE rev 0xa2 pci3 at ppb2 bus 5 ppb3 at pci0 dev 16 function 0 ServerWorks HT-2100 PCIE rev 0xa2 pci4 at ppb3 bus 8 ppb4 at pci0 dev 17 function 0 ServerWorks HT-2100 PCIE rev 0xa2 pci5 at ppb4 bus 14 ppb5 at pci0 dev 18 function 0 ServerWorks HT-2100 PCIE rev 0xa2 pci6 at ppb5 bus 11 ppb6 at pci0 dev 19 function 0 ServerWorks HT-2100 PCIE rev 0xa2 pci7 at ppb6 bus 3 ppb7 at pci7 dev 0 function 0 ServerWorks PCIE-PCIX rev 0xc3 pci8 at ppb7 bus 4 bnx0 at pci8 dev 0 function 0 Broadcom BCM5708 rev 0x12: irq 11 pchb1 at pci0 dev 24 function 0 AMD AMD64 10h HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 10h Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 10h DRAM Cfg rev 0x00 pchb4 at pci0 dev 24 function 3 AMD AMD64 10h Misc Cfg rev 0x00 pchb5 at pci0 dev 24 function 4 AMD AMD64 10h Link Cfg rev 0x00 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Hewlett-Packard UHCI root hub rev 1.00/1.00 addr 1 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 ServerWorks OHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com1: probed fifo depth: 0 bytes pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 rd0: fixed, 4480 blocks uhub4 at uhub3 port 1 vendor 0x04b4 product 0x6560 rev 2.00/0.07 addr 2 uhidev0 at uhub1 port 1 configuration 1 interface 0 HP Virtual Keyboard rev 1.10/0.02 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub1 port 1 configuration 1 interface 1 HP Virtual Keyboard rev 1.10/0.02 addr 2 uhidev1: iclass 3/1 uhid at uhidev1 not configured uhub5 at uhub1 port 2 HP Virtual Hub rev 1.10/0.01 addr 3 root on rd0a swap on rd0b dump on rd0b bnx0: address 00:1e:0b:c3:ae:4e
Re: ciss on hp DL385 G5?
4 jun 2008 kl. 14.19 skrev Martin Hedenfalk: Hi, We're trying to install OpenBSD on a HP ProLiant DL385 G5. But as shown in the dmesg below, the RAID controller (HP Smart Array P400) is not detected. According to the ciss(4) man page it should be supported. Has anyone got OpenBSD to install on such a machine? As a followup I installed FreeBSD 7.0-RELEASE on this machine without any trouble. See dmesg below. However, I would love to be able to run OpenBSD instead :-) -martin Copyright (c) 1992-2008 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC Timecounter i8254 frequency 1193182 Hz quality 0 CPU: Quad-Core AMD Opteron(tm) Processor 2356 (2300.09-MHz 686-class CPU) Origin = AuthenticAMD Id = 0x100f23 Stepping = 3 Features = 0x178bfbff FPU ,VME ,DE ,PSE ,TSC ,MSR ,PAE ,MCE ,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,MMX,FXSR,SSE,SSE2,HTT Features2=0x802009SSE3,MON,CX16,b23 AMD Features=0xee400800SYSCALL,MMX+,FFXSR,b26,RDTSCP,LM,3DNow!+, 3DNow! AMD Features2 =0x7ffLAHF,CMP,SVM,ExtAPIC,CR8,b5,b6,b7,Prefetch,b9,b10 Cores per package: 4 real memory = 2145705984 (2046 MB) avail memory = 2090188800 (1993 MB) ACPI APIC Table: HP ProLiant FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs cpu0 (BSP): APIC ID: 0 cpu1 (AP): APIC ID: 1 cpu2 (AP): APIC ID: 2 cpu3 (AP): APIC ID: 3 ioapic0 Version 1.1 irqs 0-15 on motherboard ioapic1 Version 1.1 irqs 16-31 on motherboard ioapic2 Version 1.1 irqs 32-47 on motherboard kbd1 at kbdmux0 ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413) hptrr: HPT RocketRAID controller driver v1.1 (Feb 24 2008 19:59:27) acpi0: HP ProLiant on motherboard acpi0: [ITHREAD] acpi0: Power Button (fixed) Timecounter ACPI-safe frequency 3579545 Hz quality 850 acpi_timer0: 32-bit timer at 3.579545MHz port 0x920-0x923 on acpi0 acpi_hpet0: High Precision Event Timer iomem 0xfed0-0xfed003ff on acpi0 Timecounter HPET frequency 14318180 Hz quality 900 cpu0: ACPI CPU on acpi0 cpu1: ACPI CPU on acpi0 cpu2: ACPI CPU on acpi0 cpu3: ACPI CPU on acpi0 pcib0: ACPI Host-PCI bridge on acpi0 pci0: ACPI PCI bus on pcib0 vgapci0: VGA-compatible display port 0x1000-0x10ff mem 0xe800-0xefff,0xf7ff-0xf7ff irq 44 at device 3.0 on pci0 pci0: base peripheral at device 4.0 (no driver attached) pci0: base peripheral at device 4.2 (no driver attached) uhci0: UHCI (generic) USB controller port 0x1800-0x181f irq 45 at device 4.4 on pci0 uhci0: [GIANT-LOCKED] uhci0: [ITHREAD] usb0: UHCI (generic) USB controller on uhci0 usb0: USB revision 1.0 uhub0: (0x103c) UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 on usb0 uhub0: 2 ports with 2 removable, self powered pci0: serial bus at device 4.6 (no driver attached) pcib1: ACPI PCI-PCI bridge at device 5.0 on pci0 pci1: ACPI PCI bus on pcib1 pcib2: ACPI PCI-PCI bridge at device 13.0 on pci1 pci2: ACPI PCI bus on pcib2 atapci0: ServerWorks HT1000 UDMA100 controller port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x500-0x50f at device 6.1 on pci0 ata0: ATA channel 0 on atapci0 ata0: [ITHREAD] ata1: ATA channel 1 on atapci0 ata1: [ITHREAD] isab0: PCI-ISA bridge at device 6.2 on pci0 isa0: ISA bus on isab0 ohci0: OHCI (generic) USB controller port 0x1c00-0x1cff mem 0xf7ee-0xf7ee0fff irq 5 at device 7.0 on pci0 ohci0: [GIANT-LOCKED] ohci0: [ITHREAD] usb1: OHCI version 1.0, legacy support usb1: SMM does not respond, resetting usb1: OHCI (generic) USB controller on ohci0 usb1: USB revision 1.0 uhub1: (0x1166) OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 on usb1 uhub1: 2 ports with 2 removable, self powered ohci1: OHCI (generic) USB controller port 0x3000-0x30ff mem 0xf7ed-0xf7ed0fff irq 5 at device 7.1 on pci0 ohci1: [GIANT-LOCKED] ohci1: [ITHREAD] usb2: OHCI version 1.0, legacy support usb2: SMM does not respond, resetting usb2: OHCI (generic) USB controller on ohci1 usb2: USB revision 1.0 uhub2: (0x1166) OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 on usb2 uhub2: 2 ports with 2 removable, self powered ehci0: EHCI (generic) USB 2.0 controller port 0x3400-0x34ff mem 0xf7ec-0xf7ec0fff irq 5 at device 7.2 on pci0 ehci0: [GIANT-LOCKED] ehci0: [ITHREAD] usb3: EHCI version 1.0 usb3: companion controllers, 2 ports each: usb1 usb2 usb3: EHCI (generic) USB 2.0 controller on ehci0 usb3: USB revision 2.0 uhub3: (0x1166) EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 on usb3 uhub3: 4 ports with 4 removable, self powered pcib3: ACPI PCI-PCI bridge irq 42 at device 15.0 on pci0 pci5: ACPI PCI bus on pcib3 pcib4: ACPI PCI-PCI bridge irq 38 at device 16.0 on pci0 pci8: ACPI PCI bus on pcib4 pcib5: PCI-PCI bridge irq 39 at device 17.0 on pci0 pci14: PCI
Re: Kernel developers guide/tutorial
On Wed, Jun 11, 2008 at 02:09:46PM -0700, Don Hiatt wrote: [ Pardon if this email was repeated. Sadly, I'm using Outlook and you know the rest :-) ] Can anyone point me to a kernel developers guide or tutorial? Something that explains how to write a hello world type device driver and such. Anything to bootstrap me a bit. ;-) Cheers! don Jonathan Gray's presentation at OpenCON 2006: http://www.openbsd.org/papers/opencon06-drivers/index.html Martin
Re: Here's a trivial question. . .
On Thu, Jun 12, 2008 at 02:29:41AM -0700, Sean Kamath wrote: Why is sendmail in /usr/src/gnu/usr.sbin? sendmail is patently not a GNU application, and has a modified Berkeley license? Just askin'. Sean http://marc.info/?l=openbsd-miscm=101014364523299w=2 Martin
anoncvs.se.openbsd.org: No space left on device
Hi misc@ I get the following error message when updating the xenocara module from anoncvs.se.openbsd.org: $ echo $CVSROOT [EMAIL PROTECTED]:/cvs $ pwd /usr/xenocara $ sudo cvs -q -d$CVSROOT up -Pd Password: unable to write, file Makefile.in No space left on device I had no problem updating src from the same server. I guess the error message is sent by the server, as I'm not running out of space on my laptop: $ df -h | head -n 2 FilesystemSizeUsed Avail Capacity Mounted on /dev/wd0a 9.8G5.2G4.1G56%/ I sent the following mail to [EMAIL PROTECTED] (the maintainers of anoncvs.se.openbsd.org) five days ago, but I haven't heard from them: --- start of mail quote --- Date: Wed, 11 Jun 2008 10:38:48 +0200 From: Martin Toft [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Problem with anoncvs.stacken.kth.se Hi Stacken staff I think anoncvs.stacken.kth.se needs more disk space to work properly: [EMAIL PROTECTED]:/usr/xenocara$ export [EMAIL PROTECTED]:/cvs [EMAIL PROTECTED]:/usr/xenocara$ sudo cvs -q -d$CVSROOT up -Pd unable to write, file configure No space left on device There is approx 4 GB available on my computer and a cvs update from anoncvs1.ca.openbsd.org works fine. Thanks for a great service! Best regards, Martin --- end of mail quote --- Anybody else experiencing the problem or am I the only one? Martin
Re: OT: Dissertation ideas for my degree
On Thu, Jun 19, 2008 at 06:01:24PM +0100, Edd Barrett wrote: TeX isnt as dead as you think. After studying two years at a Department of Mathematical Sciences and helping a lot of the staff with LaTeX-related stuff while there, I can certainly second that. Due to the myriad of packages people use, I think it'll be a never-ending job to create good tools to convert between LaTeX/TeX and e.g. XML. In my experience, people care _a lot_ about typography and will not settle with a mediocre conversion result. Martin
Re: OT: Dissertation ideas for my degree
2008/6/20 Matthew Szudzik [EMAIL PROTECTED]: There's a pretty good chance that TeX is going to become obsolete, and replaced by some HTML or XML derivative. Many technical publishers No. There is simply no other comparable batch typesetter. have already made the transition. See, for example, the following link from Cambridge University Press https://authornet.cambridge.org/information/productionguide/stm/XML_workflow.asp#xml_introduction And what software do you think they use in the typesetting stage? I'm pretty sure it's TeX. :-p An interesting alternative project would be to create an HTML and MathML GUI, with the intent of luring mathematicians and physicists away from TeX. And then create an HTML/MathML to TeX converter, so that they can No sane mathematican will use anything else but TeX math syntax for communicating formulas. :-) Best Martin
Re: simple PF question
On Fri, Jun 20, 2008 at 02:10:52PM -0700, Robert Gilaard wrote: Hi folks, All the time I had the following entries in my pf.conf for my Desktop system. However, as I've bought this pf book that was lately released, I begin to suspect that these rules are way to liberal. If I only want to be able to browse the web and maybe use ssh-client, how should I rewrite the rules so that only those ports are open (80,443 and 22)? I guess i'm looking forward to a RTFM answer, but hey, I wouldn't ask if I knew how to write them. The best I could guess is: pass out on $int_if proto tcp from any to any port 80 modulate state flags S/SA But I don't know if this is correct. Brgds Robert If it's just a simple workstation with a single user, I see no reason for restricting outgoing traffic. If you really want this, remember to also allow DNS queries (port 53, tcp+udp). Let me point you to some of Peter Hansteen's goodies: http://home.nuug.no/~peter/pf/en/minimal-ruleset.html (you should also click Next when you get to the bottom of that page) The full table of contents: http://home.nuug.no/~peter/pf/en/ Martin
Re: OpenBSD project goals
2008/6/24 Marco Peereboom [EMAIL PROTECTED]: On Tue, Jun 24, 2008 at 04:30:12PM +0200, Thilo Pfennig wrote: Understood, but I wrote about functionality conciously: I would mean ability to write a letter rather than OO.org. mg and vi come to mind... And troff. :-) Best Martin
Re: OpenBSD project goals
2008/6/24 Pierre Riteau [EMAIL PROTECTED]: As someone already said earlier, you can write your letter in troff with mg or vi and create a postscript file from that. Real Men wrote their thesis directly in PostScript using ed. :-) Best Martin
Re: Resume - Mumps Developer
2008/6/26 bofh [EMAIL PROTECTED]: That mumps? Man, I've heard some pretty horrible things about it. Apparently not to be touched with a 10' pole. It's incredibly fast and lives on as Cachi. Best Martin
Re: Continuation of OpenBSD's Stop the Blob
2008/6/26 Lars Noodin [EMAIL PROTECTED]: It seems that OpenBSD's Stop the Blob message is getting more recognition: http://www.fsdaily.com/stop-blob As the article points out, better late than never. GPL'd drivers don't help much; some argue that they are part of the problem. http://www.openbsd.org/papers/opencon06-docs/index.html Best Martin
Re: Identifying Bandwidth Hogs
2008/7/9 David Schulz [EMAIL PROTECTED]: can someone recommend me a good way to quickly determine who on the network is using up most the Bandwith, and preferrably, what are the using it for? ntop? Best Martin
altq and interface groups
Hi, setup: 4.2 with tun0 being a pppoe(8) int and tun1 being a ssh-vpn over tun0. altq is running on tun0. I know that altq doesn't support interface groups (and that support is not planned (see http://marc.info/?l=openbsd-miscm=112431574118264w=2)) but is there a way around this? Currently altq sees all traffic on tun1 on tun0 as default instead of ssh, which it is. Best Martin
Re: X font sizes
On Mon, Jul 14, 2008 at 06:49:43PM +0200, Michael wrote: sometime between the June 25 snapshot and today something in X changed. Font sizes of some programms (like Konsole, Psi, xclock when using -render) are much larger then before. http://marc.info/?l=openbsd-miscm=121372109126372w=2 Martin
Re: pf - antispoof and alias ip addresses
On Tue, Jul 15, 2008 at 10:17:47PM +0200, [EMAIL PROTECTED] wrote: Hi, Want to know if antispoof also include the alias ip address(es) off the given interface? It does: $ sudo ifconfig lo0 alias 1.2.3.4 netmask 255.255.255.255 $ ifconfig lo0 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33204 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 1.2.3.4 netmask 0x $ sudo cat /etc/pf.conf antispoof for lo0 $ sudo pfctl -e -f /etc/pf.conf pf enabled $ sudo pfctl -sr block drop in on ! lo0 inet from 127.0.0.0/8 to any block drop in on ! lo0 inet from 1.2.3.4 to any block drop in on ! lo0 inet6 from ::1 to any Martin
Huawei E220 on ALIX
Hi all! I'm trying to use a Huawei E220 UMTS USB modem on an ALIX, using OpenBSD Flashdist 20080504. I have extended the GEODE configuration as follows: # diff -c /opt/flashdist-20080504/GEODE /usr/src/sys/arch/i386/conf/GEODE *** /opt/flashdist-20080504/GEODE Sun May 4 21:32:07 2008 --- /usr/src/sys/arch/i386/conf/GEODE Wed Jul 16 21:36:15 2008 *** *** 87,93 --- 87,95 uhub* at usb? # USB Hubs uhub* at uhub?# USB Hubs umodem* at uhub?# USB Modems/Serial + umsm* at uhub?# Qualcomm MSM EVDO ucom* at umodem? + ucom* at umsm? #ubsa*at uhub?# Belkin serial adapter #ucom*at ubsa? #uftdi* at uhub?# FTDI FT8U100AX serial adapter With the kernel built from this configuration, Flashdist sees the Huawei thing as ugen0, while I expected to see it as ucom0. Is there anyone in here who can weigh in with some advice regarding initialization of the Huawei E220? I do know that the E220 needs some trickery to kill off its mass storage part in order to make the serial part available. However, I have never worked with this myself, neither on OpenBSD nor on Linux where the procedure appears to be fairly common. Also, how can I tell if the kernel built from the above configuration really has support for umsm? Thanks for your time, -martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Huawei E220 on ALIX
Stuart Henderson schrieb: Please try this with the GENERIC kernel, and report back to us if you still have a problem. Make sure it's -current or a snapshot, not 4.3, for E220. If it still fails, send output from dmesg and usbdevs -v. I plugged it into my development box (4.3) where it misbehaved as expected (the umass driver is not in the GEODE kernel from Flashdist): umass0 at uhub0 port 1 configuration 1 interface 2 HUAWEI Technologies HUAWEI Mobile rev 1.10/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets umass0: BBB reset failed, STALLED umass0: BBB reset failed, STALLED I'll read up on checking out and building a -current kernel. Judging from the commit log for umsm.c, it's the only way to go. -martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Huawei E220 on ALIX
Got it! # cu -s 115200 -l /dev/ttyU0 ati Manufacturer: huawei Model: E220 Revision: 11.110.05.00.00 IMEI: 355083018404928 +GCAP: +CGSM,+DS,+ES OK This is not on the ALIX yet, I'll get to that later. Thanks, -martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Trying to compile cwm on Linux
not a structure or union parse.y:382: error: request for member `v' in something not a structure or union parse.y:382: error: `LLONG_MIN' undeclared (first use in this function) parse.y:382: error: (Each undeclared identifier is reported only once parse.y:382: error: for each function it appears in.) parse.y:383: error: `LLONG_MAX' undeclared (first use in this function) parse.y:416: error: request for member `v' in something not a structure or union parse.y:420: error: request for member `lineno' in something not a structure or union I have tried to look into the errors from gcc but I'm not able to understand parse.y. Any help is appreciated :-) Martin
Re: Trying to compile cwm on Linux
On Wed, Jul 23, 2008 at 10:55:01PM +0200, Martin Toft wrote:
I'm trying to compile cwm (/usr/xenocara/app/cwm) on Linux, as I would
like to use this very supreme window manager on all my non-OpenBSD
systems as well. The version of cwm that I'm working with is from
yesterday's -current (23rd of July, 2008). The Linux distribution is
Ubuntu Feisty.
[..]
oga@ and jsg@ pointed me to byacc - thanks! There is some yacc specific
constructs in cwm's parser that bison doesn't support.
To address the mail from [EMAIL PROTECTED]: I think this _is_
OpenBSD related (opposed to Linux related), as there might be other
OpenBSD users, like me, who want to use cwm on their non-OpenBSD boxes
as well, and Linux-only users hardly know about the cwm in OpenBSD.
The following is an attempt to make a simple guide.
OpenBSD's cwm window manager on Ubuntu Linux
1. Install the following packages:
byacclibxext-dev
libexpat1-devlibxft-dev
libfontconfig1-dev libxrender-dev
libxau-dev xlibs-dev
libxdmcp-dev zlib1g-dev
You might also need to install cvs and xterm (xterm is the default
terminal for cwm to start when one types ctrl+alt+enter).
2. Pick an anonymous CVS server close to you:
http://www.openbsd.org/anoncvs.html#CVSROOT
3. Checkout cwm as of July 24, 2008:
$ export CVSROOT=(what you picked in step 2)
$ cvs -q -d$CVSROOT checkout -D 2008-07-24 xenocara/app/cwm
U xenocara/app/cwm/LICENSE
U xenocara/app/cwm/Makefile
[..]
U xenocara/app/cwm/xmalloc.c
U xenocara/app/cwm/xutil.c
$ cd xenocara/app/cwm
4. Patch the source using cwm-linux.patch (attached inline further
down):
$ patch cwm-linux.patch
patching file calmwm.c
patching file calmwm.h
patching file conf.c
patching file headers.h
patching file kbfunc.c
patching file parse.y
5. Generate the parser using byacc:
$ byacc -d parse.y
$ mv y.tab.c parse.c
6. Compile and link:
$ for i in *.c; do gcc -I /usr/include/freetype2 -c $i; done
$ gcc -lXft -lXrender -lX11 -lXau -lXdmcp -lXext -lfontconfig -lexpat
-lfreetype -lz -o cwm *.o
7. Enjoy:
$ ls -l cwm
-rwxr-xr-x 1 mt mt 83963 2008-07-24 21:21 cwm
Corrections and flames are most welcome :-)
Martin
cwm-linux.patch:
--- calmwm.c.orig 2008-07-23 15:25:38.0 +0200
+++ calmwm.c2008-07-23 15:25:51.0 +0200
@@ -317,7 +317,7 @@
errno = save_errno;
}
-__dead void
+void
usage(void)
{
extern char *__progname;
--- calmwm.h.orig 2008-07-23 15:25:30.0 +0200
+++ calmwm.h2008-07-23 15:25:45.0 +0200
@@ -312,7 +312,7 @@
voidx_setup(void);
char *x_screenname(int);
voidx_setupscreen(struct screen_ctx *, u_int);
-__dead void usage(void);
+voidusage(void);
struct client_ctx *client_find(Window);
voidclient_setup(void);
--- conf.c.orig 2008-07-24 18:20:14.0 +0200
+++ conf.c 2008-07-24 18:37:49.0 +0200
@@ -464,9 +464,9 @@
if (strchr(name, '-') == NULL)
substring = name;
- current_binding-button = strtonum(substring, 1, 3, errstr);
- if (errstr)
- warnx(number of buttons is %s: %s, errstr, substring);
+ current_binding-button = strtoll(substring, NULL, 10);
+ if (errno || current_binding-button 1 || current_binding-button 3)
+ warn(invalid number or out of range: %s, substring);
conf_mouseunbind(c, current_binding);
--- headers.h.orig 2008-07-24 16:52:46.0 +0200
+++ headers.h 2008-07-24 19:08:23.0 +0200
@@ -52,4 +52,8 @@
#include err.h
+#define strlcpy(dst, src, size) (strncpy((dst), (src), (size) - 1))
+#define strlcat(dst, src, size) (strncat((dst), (src), (size) - 1))
+#define TAILQ_END(head) NULL
+
#endif /* _CALMWM_HEADERS_H_ */
--- kbfunc.c.orig 2008-07-24 19:04:56.0 +0200
+++ kbfunc.c2008-07-24 19:04:15.0 +0200
@@ -345,7 +345,7 @@
FILE*fp;
char*buf, *lbuf, *p, *home;
char hostbuf[MAXHOSTNAMELEN], filename[MAXPATHLEN];
- char cmd[256];
+ char cmd[256], buffer[1024];
int l;
size_t len;
@@ -361,7 +361,9 @@
TAILQ_INIT(menuq);
lbuf = NULL;
- while ((buf = fgetln(fp, len))) {
+ while (!feof(fp)) {
+ buf = fgets(buffer, sizeof(buffer), fp);
+ len = strlen(buf);
if (buf[len - 1] == '\n')
buf[len - 1] = '\0';
else {
--- parse.y.orig2008-07-23 15:44:14.0 +0200
+++ parse.y 2008-07-24 18:31:47.0 +0200
@@ -379,11 +379,9 @@
const char *errstr = NULL;
*p = '\0
Re: Trying to compile cwm on Linux
On Thu, Jul 24, 2008 at 02:20:22PM -0600, Theo de Raadt wrote: +#define strlcpy(dst, src, size) (strncpy((dst), (src), (size) - 1)) +#define strlcat(dst, src, size) (strncat((dst), (src), (size) - 1)) That is utterly and completely wrong. Yep, I'm a noob when it comes to these kinds of things. I'll look into it.
Re: make ls not show dot-files as root
On Mon, Jul 28, 2008 at 07:07:55PM -0400, Ted Unangst wrote: On 7/28/08, Jesus Sanchez [EMAIL PROTECTED] wrote: Can I make ls to NOT show the hidden files (.xinitrc , .vimrc, etc) when using as Root?? ls * ls | grep -v ^. You need to escape the dot... e.g. grep -v ^\\\. sudo -u nobody ls find . -name [abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ]* -maxdepth 1 -print0 | xargs -0 ls -Cd | sed 's/\.\///g'
Re: make ls not show dot-files as root
On Tue, Jul 29, 2008 at 01:16:22AM +0200, Martin Toft wrote: You need to escape the dot... e.g. grep -v ^\\\. Two backslashes is enough. My attempt at being a smart ass failed :-)
Re: Trying to compile cwm on Linux
On Thu, Jul 24, 2008 at 10:35:36PM +0200, Martin Toft wrote: On Thu, Jul 24, 2008 at 02:20:22PM -0600, Theo de Raadt wrote: +#define strlcpy(dst, src, size) (strncpy((dst), (src), (size) - 1)) +#define strlcat(dst, src, size) (strncat((dst), (src), (size) - 1)) That is utterly and completely wrong. Yep, I'm a noob when it comes to these kinds of things. I'll look into it. And so I did. Travelling and other work delayed me though. The result: http://martintoft.dk/?p=cwm Martin
Re: free plot software
2008/8/3 Pau [EMAIL PROTECTED]: 3. In the event Licensee prepares a derivative work that is based on or incorporates matplotlib 0.98.1 or any part thereof, and wants to make the derivative work available to others as provided herein, then Licensee hereby agrees to include in any such work a brief summary of the changes made to matplotlib 0.98.1. GPLv2 has the same requirement for changed source files. So what? Best Martin
Re: pf macro behavior change between 4.1 and 4.3?
2008/8/4 Henning Brauer [EMAIL PROTECTED]:
* Vasile Cristescu [EMAIL PROTECTED] [2008-08-03 01:41]:
penguin_ports = { $ssh $smtp } -- I think it should be like :
penguin_ports = { $ssh, $smtp }
when will people learn that the commas are optional
When the pf FAQ has no more optional commas? :-)
http://www.openbsd.org/faq/pf/macros.html has some.
Best
Martin
Re: pf macro behavior change between 4.1 and 4.3?
2008/8/4 Stuart Henderson [EMAIL PROTECTED]: They're optional, why shouldn't the FAQ use them? This is pretty clear in the BNF section in pf.conf(5). And http://www.openbsd.org/faq/pf/macros.html says so. I rest my case. :-) Best Martin
Re: cwm default window placement
On Sat, Aug 16, 2008 at 07:24:24PM +0200, Earin Gregor wrote: My question now is about default placement of windows. I do start a few applications via my .xsession file. Most notably an xterm and xclock. Is it now possible to place those applications per default at a specific location? For xterm I'd like it to be at the left edge and then maximised vertical (C-M-=) And the xclock would be nice in the right upper corner and always raised above other applications. Is there a way do get such a behaviour? See the section Geometry Specifications in X(7). (man X, /GEOenter) Both xterm and xlock accepts the standard X Toolkit options. Martin
Re: cwm default window placement
On Sat, Aug 16, 2008 at 07:34:18PM +0200, Martin Toft wrote: Both xterm and xlock accepts the standard X Toolkit options. Do'h... s/xlock/xclock/ and s/accepts/accept/
Re: cwm default window placement
On Sat, Aug 16, 2008 at 08:04:51PM +0200, Earin Gregor wrote: Only question still remains: Is there a way to keep one window/application always raised above others? Would be nice in my case for xclock :-) Try this: In ~/.cwmrc: gap 0 34 0 0 ignore xclock In ~/.xinitrc or ~/.xsession (startx or xdm, I use a symlink...): xsetroot -solid black xclock -geometry -0-0 -d -strftime '%H:%M %b %d %Y' -update 1 exec cwm In ~/.Xdefaults: xclock*background: black xclock*foreground: green Martin
Re: Ethernet (and sound?) doesn't work on my new notebook
On Sat, Aug 23, 2008 at 07:01:21PM +0200, thacrazze wrote: No idea for my problem? A quick glance at sis(4) (man sis) and http://www.openbsd.org/i386.html (the section Gigabit Ethernet Adapters) indicates that your SiS 191 network card just isn't supported.
Re: How much RAM is needed for cvs(1)?
Karl Sjodahl - dunceor [EMAIL PROTECTED] wrote: On Thu, Aug 28, 2008 at 7:23 AM, Tomas Bodzar [EMAIL PROTECTED] wrote: Hi all, I tried # cd /usr # export [EMAIL PROTECTED]:/cvs # cvs -d$CVSROOT checkout -P xenocara and after few minutes get Out of memory.I have 256MB RAM.That was running on tty0, on tty1 was only lynx with OBSD page.Before that I made checkout of src and every- thing OK. Is this problem with low memory or anything else? Thx This is a known limitation in cvs. If you use OpenCVS to check out Xenocara it succedes. Check http://marc.info/?l=openbsd-miscm=120765433708331w=2 and numerous other post about this on misc. Using opencvs on the server side also helps: [EMAIL PROTECTED]:/cvs m
Difference (bug?) in display in pfctl, pftop and systat for an anchor filter rule?
Hi all,
I have a question concerning some differences in pf rules diplay with
regards to pfctl, pftop, and systat (using a 4.4 snapshot downloaded
today).
My scrub, NAT and filter sections in my 'pf.conf' look like this:
scrub on $wan_if random-id reassemble tcp
nat on $wan_if from !($wan_if) - ($wan_if:0)
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr pass on $lan_if proto tcp to port ftp - 127.0.0.1 port 8021
block in on $wan_if
pass out on $wan_if inet all modulate state
pass in on $wan_if inet proto { tcp, udp } to any port 39415
anchor ftp-proxy/*
antispoof for { $lan_if }
This shows up as the following with pfctl:
$ sudo pfctl -s r
scrub on sis0 all random-id reassemble tcp fragment reassemble
block drop in on sis0 all
pass out on sis0 inet all flags S/SA modulate state
pass in on sis0 inet proto tcp from any to any port = 39415 flags S/SA
keep state
pass in on sis0 inet proto udp from any to any port = 39415 keep state
anchor ftp-proxy/* all
block drop in on ! sis1 inet from 192.168.1.0/24 to any
block drop in inet from 192.168.1.1 to any
block drop in on sis1 inet6 from fe80::200:24ff:fec8:6939 to any
To get the rule numbers, I use the -vv flags for pfctl:
$ sudo pfctl -s r -vv
@0 scrub on sis0 all random-id reassemble tcp fragment reassemble
[ Evaluations: 4655 Packets: 1283 Bytes: 201983 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@0 block drop in on sis0 all
[ Evaluations: 341 Packets: 4 Bytes: 2109States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@1 pass out on sis0 inet all flags S/SA modulate state
[ Evaluations: 44Packets: 581 Bytes: 195757 States: 3 ]
[ Inserted: uid 0 pid 18789 State Creations: 36]
@2 pass in on sis0 inet proto tcp from any to any port = 39415 flags
S/SA keep state
[ Evaluations: 44Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@3 pass in on sis0 inet proto udp from any to any port = 39415 keep state
[ Evaluations: 4 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@4 anchor ftp-proxy/* all
[ Evaluations: 341 Packets: 58Bytes: 4402States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 8 ]
@5 block drop in on ! sis1 inet from 192.168.1.0/24 to any
[ Evaluations: 333 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@6 block drop in inet from 192.168.1.1 to any
[ Evaluations: 297 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
@7 block drop in on sis1 inet6 from fe80::200:24ff:fec8:6939 to any
[ Evaluations: 155 Packets: 0 Bytes: 0 States: 0 ]
[ Inserted: uid 0 pid 18789 State Creations: 0 ]
So rule #4 is my 'anchor ftp-proxy/* all' for use by ftp-proxy.
Then, using pftop-0.7p0 I view the rule set again (output shortened
to avoid wrapping):
pfTop: Up Rule 1-8/8, View: rules, Cache: 1
RULE ACTION DIR IF PR INFO
0 BlockIn sis0drop all
1 Pass Out sis0inet all flags S/SA
2 Pass In sis0 tcp inet from any to any port = 39415 flags S/SA
3 Pass In sis0 udp inet from any to any port = 39415
4 Pass Any all
5 BlockIn !sis1 drop inet from 192.168.1.0/24 to any
6 BlockIn drop inet from 192.168.1.1/32 to any
7 BlockIn sis1drop inet6 from
fe80::200:24ff:fec8:6939/128 to any
And then finally using 'systat rules' (once again shortened to avoid
wrapping):
2 usersLoad 0.17 0.15 0.10
RULE ACTION DIR IF PR INFO
0 BlockIn sis0drop all
1 Pass Out sis0inet all flags S/SA
2 Pass In sis0 tcp inet from any to any port = 39415 flags S/SA
3 Pass In sis0 udp inet from any to any port = 39415
4 Pass In all
5 BlockIn !sis1 drop inet from 192.168.1.0/24 to any
6 BlockIn drop inet from 192.168.1.1/32 to any
7 BlockIn sis1drop inet6 from
fe80::200:24ff:fec8:6939/128 to any
I have two questions concerning the different displays from the three programs:
1. Why do pftop and systat report rule #4 as a kind of pass all rule
when it's actually an 'anchor ftp-proxy/* all' rule? Is this normal
and expected?
2. Is it a bug for systat to report the direction of rule #4 as In
while pftop reports it as Any? I'm assuming the difference indicates
a bug in either one of the programs.
Thanks!
-Martin
Re: 4.3 hoststated renamed to relayd
The upgrade43 guide does not mention that /etc/ftpusers shouldmust be changed. Isn't it indicated here?: http://www.openbsd.org/faq/upgrade43.html#etcUpgrade -Martin
Re: Moving from tcsh to pdksh: how to recall partially typed in command? (ESC-p)
On 12/10/06, Otto Moerbeek [EMAIL PROTECTED] wrote: On Sun, 10 Dec 2006, Alexander Farber wrote: Hello Martin and others, On 12/6/06, Martin Hedenfalk [EMAIL PROTECTED] wrote: On 12/2/06, Alexander Farber [EMAIL PROTECTED] wrote: IMHO it would be better, if ESC-p and ESC-n wouldn't cycle but would stop at the last matching command - same as in tcsh. Because otherwise a user might go through several useless cycles until (s)he reliazes that the needed command isn't there I've put an updated patch up on http://bzero.se/patches/ksh-history-v2.patch. thanks for your new patch (sorry, I didn't have time to test it during the week). Now it almost works - I enter bind '^XA'=history-search-backward bind '^XB'=history-search-forward and then enter few letters and can use the up- and down-arrows - and they work and do not cycle after the last match (which is good IMHO). However there are still 2 differences to tcsh: 1) ESC-p and ESC-n aren't bound by default (maybe it's ok for ksh?) A version 3 of the patch binds these keys by default: http://bzero.se/patches/ksh-history-v3.patch 2) When I type few letters, like ls and then use the up-key to search for matching commands, and then see that my command isn't there - then I press the down-key several times to get back to the 3 letters that I have entered initially (ls ). In tcsh I can get back to the ls , but in your new ksh I'm stuck with the last matched command (like ls /tmp - which I don't want), and have to press CTRL-c I see. Fixing this seems to add a bit more complexity, and this issue doesn't annoy me enough to warrant adding that complexity. FWIW, it is consistent with bash. Regards Alex I found one other problem: if the match equals the string typed in, the match is never found. $ foo $ bar $ fooESC-P does beep. This happens only when foo is the possible match. If there's a foorbar with a higher history number, that is found, and next the foo is found. I would say that this is the correct behaviour in this case, because there are no other consecutive unique matches to be found. /martin
Re: Home networking for an amateur
2006/12/18, Joe [EMAIL PROTECTED]: Upgrade like this: 3.7 - 3.8 - 3.9 - 4.0 Then your box will rock. And will be full of cruft. Backup and install 4.0 might be better. Best Martin
Re: CPAN error
2006/8/30, Monah Baki [EMAIL PROTECTED]: Yesterday I installed Openbsd3.9 and wanted to install Digest::SHA1 using CPAN I get an error complaining the MD5 checksum is incorrect and to delete it from /root/.cpan../../etc etc (which I did). This happens with other modules too. I can download the modules manually and run perl Makefile.pl, make make install, but was wandering why I'm having this problem. I have the same problem with cpan on 4.0; trying to install anything (e.g. HTTP::Date) ends with errors about incorrect checksums, although gzip finds the tar.gz to be correct. Here's a log: -- cpan install HTTP::Date Running install for module HTTP::Date Running make for G/GA/GAAS/libwww-perl-5.805.tar.gz LWP not available CPAN: Net::FTP loaded ok Fetching with Net::FTP: ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from ftp.freenet.de LWP not available Fetching with Net::FTP: ftp://cpan.noris.de/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from cpan.noris.de LWP not available Fetching with Net::FTP: ftp://ftp.gwdg.de/pub/languages/perl/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Couldn't fetch libwww-perl-5.805.tar.gz from ftp.gwdg.de LWP not available Fetching with Net::FTP: ftp://ftp.leo.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz Trying with /usr/bin/lynx -source to get ftp://ftp.freenet.de/pub/ftp.cpan.org/pub/CPAN/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz gzip: /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar: unknown suffix: ignored Checksum mismatch for distribution file. Please investigate. Distribution id = G/GA/GAAS/libwww-perl-5.805.tar.gz CPAN_USERID GAAS (Gisle Aas [EMAIL PROTECTED]) CALLED_FOR HTTP::Date CONTAINSMODS LWP::Protocol::cpan LWP::Protocol::ftp HTTP::Status File::Listing LWP::Protocol::http10 HTTP::Headers HTTP::Cookies::Microsoft LWP::Protocol::nogo LWP::Protocol::nntp HTTP::Daemon LWP::Protocol::mailto HTML::Form LWP::Protocol::gopher LWP::ConnCache Net::HTTPS HTTP::Message HTTP::Cookies HTTP::Headers::Auth HTTP::Request::Common HTTP::Response LWP::Protocol::loopback HTTP::Cookies::Netscape LWP::Authen::Ntlm LWP::Authen::Basic HTTP::Request WWW::RobotRules LWP::Protocol LWP LWP::Protocol::data LWP::MediaTypes HTTP::Negotiate LWP::Protocol::https Net::HTTP::NB LWP::Simple Net::HTTP LWP::DebugFile LWP::RobotUA LWP::Protocol::file HTTP::Headers::Util HTTP::Headers::ETag LWP::Authen::Digest HTTP::Date LWP::Protocol::http LWP::MemberMixin LWP::UserAgent LWP::Protocol::GHTTP LWP::Debug LWP::Protocol::https10 WWW::RobotRules::AnyDBM_File Net::HTTP::Methods MD5_STATUS incommandcolor 1 localfile /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz I'd recommend removing /home/ms/.cpan/sources/authors/id/G/GA/GAAS/libwww-perl-5.805.tar.gz. Its MD5 checksum is incorrect. Maybe you have configured your 'urllist' with a bad URL. Please check this array with 'o conf urllist', and retry. -- Now, while there might be a port of some perls, cpan should also work. So what am I doing wrong? Update: I installed p5-libwww-5.803, and cpan _now_ works. Me thinks some perls are missing for cpan to work... Best Martin
Re: firewall
2006/12/27, Marc Ravensbergen [EMAIL PROTECTED]: - I have an HP Omnibook 5700ct (which refuses to die on me) to be used as the dedicated firewall - specs are: pentium 150 Mhz, 80 MB ram, 2- 3GB harddisk, cdrom (non bootable) and floppy. [...] What I would like to do is add the following features... 1) DNS server (for my private network only) so that my computers can use kiwi instead of the ISP dns servers (which change from time to time and are really, really slow at times). If kiwi could cache the addresses it would save a _lot_ of time reaching my common websites. This feature doesn't sound difficult, I just need a few tips here and there (package name, sample config) Easy. 2) transparent web proxy; something along the lines of squid (I believe this is used by ipcop) to cache my frequent websites. I've never set this up by itself before, but again, probably manageable. Setup is easy (just follow Daniel's instructions), but your hardware is probably to slow, has not really enough RAM (squid loves RAM) and the HDD is a bit to small. It's certainly doable, but it won't be very nice. Note that notebooks are not designed for 24/7 use, so don't be surprised if it fails. Best Martin
Re: landisk (plextor) installation question
Didier Wiroth [EMAIL PROTECTED] wrote: Hello, I got a plextor PX-EH16L yesterday, it has the required serial console and I now have a linux login console. The following file (ftp://ftp.belnet.be/pub/packages/openbsd/snapshots/landisk/INSTALL.landisk) mentions this: Preparing your System for OpenBSD Installation: --- To be able to boot the OpenBSD/landisk installation program, you will need to copy a miniroot image onto the CF or harddrive that the machine uses. The plextor has a samsung harddrive. I'm sorry if this sounds stupid, but what is the easiest or fastest way to get this miniroot image (miniroot40fs) on the harddrive? Do I have to mount the drive in other PC and install this miniroot image a special way? I would really appreciate if someone could give me further directions. Yes. Swap drive to another box and 'dd if=miniroot40.fs of=/dev/rwd1c' it over. Swap back and boot. Sadly your disk will only run in PIO 4 mode because of some DMA bug ... martin
Re: squid for OBSD 4.0
2007/1/9, sonjaya [EMAIL PROTECTED]: also how to tuning OBSD 4.0 for proxy server with squid . I've had best results with tilting the server by 900. Best Martin
Re: squid for OBSD 4.0
2007/1/9, Scott Radvan [EMAIL PROTECTED]: The following site will help, read it from beginning to end, you will be much wiser: http://www.kernel-panic.it/openbsd/proxy/ Information about pf for transparent proxies is missing. See also http://www.benzedrine.cx/transquid.html Best Martin
Merchandise idea: OpenBSD mug
Hi, I think it would be awesome, if it was possible to buy an OpenBSD mug from the online ordering system at www.openbsd.org. I would definitely buy one together with the 4.1 cd-set. I imagine the mug with Cartoon Puffy on the one side and the OpenBSD logo on the other side (see http://www.openbsd.org/art4.html if you don't know what I'm babbling about). Of course, that's just how I imagine the mug :) Yes, I know places like cafepress, thinkgeek, and spreadshirt.de, and please, you should only take this mail for what it is - a merchandise idea! I don't need people telling me to go to one of the other places to design my own mug. Regards, Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Merchandise idea: OpenBSD mug
On Sat, Jan 13, 2007 at 10:23:11PM -0600, Samurai Chef wrote: There has been quite a bit of response so far, that's very encouraging. Thank you to all who have responded so far. Here is what I am planning on ordering: white coffee cups with puffy and OpenBSD logo wraped around the cup. planning on using the logo from http://www.openbsd.org/art/puffy/puflogh1000X248.gif. Nice, sign me up for one of those. pint glasses with the wirehead puffy logo from http://www.openbsd.org/images/tshirt-23.gif if sales go well with those two items, i will expand the merchandise selections. portions of the sales will be donated back to the project. if anyone has information about the artist for these logos, please forward that information as I need higher quality images for good imprinting. thanks again everyone. The same to you. Regards, Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Merchandise idea: OpenBSD mug
On Mon, Jan 15, 2007 at 01:11:24AM +0100, Marc Balmer wrote: How about thinking if he is allowed to use the (copyrighted) artwork for commercial use? Did he get the permissions? Does he have an OK from the copyright owner to market these mugs using a copyrighted artwork? All those questions are the reason why I would have loved the project itself to take action and sell mugs :) Regards, Martin [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Which crypto card for Soekris 4801?
2007/1/15, Heinrich Rebehn [EMAIL PROTECTED]: getting 7 Mbit/s via OpenVPN measured with iperf. This is somewhat less than my WLAN can handle (54 Mbit/s) and also less than the speed of the HDD (~70 Mbit/s). So a working VPN1411 would really help. If your HDD does only 70 M_bit_/s, you should buy a new one that does 70 M_Byte_/s. :-) Good NASes have fast CPUs and GEs for a reason. Best Martin
Re: pf examples needed
On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. You should put a private 192.168.200.x IP address on the Windows box, not a global X.X.X.26 address. Afterwards, do a simple port forwarding (redirection in pf language) at the OpenBSD box, e.g. rdr on dc0 proto tcp from any to (dc0) port $wbpp - $wbip pass in on dc0 inet proto tcp from any to $wbip port $wbpp flags S/SA \ keep state where $wbip is the private IP address of the Windows box and $wbpp is the port you want to redirect to the Windows box (wbpp = 'Windows box public port'). I guess the rules could be combined into a single 'rdr pass' rule but I like it this way... Remember to set up a default route on the Windows box (it should of course use the OpenBSD box as its default route). Regards, Martin I need to know how to access the X.X.X.26 machine from the internet. My attempts at redirecting with pf rules haven't been successful so far, and I'm not sure that's how I should be approaching it. I've been playing with this for a few days, and am kind of lost, so any advice, pointers to docs, examples, etc. would be very much appreciated. thanks, --charlie
Re: pf examples needed
On Tue, Jan 16, 2007 at 04:44:03PM +0100, Martin Toft wrote: On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote: I have an OpenBSD 3.9 machine with a public IP providing NAT and firewalling for our internal network. It has 3 interfaces: dc0: public ip from internet X.X.X.25 dc1: 192.168.100.x to internal network. This works well. dc2: 192.168.200.x -- to Windows server. I need to allow public access to the Windows server connected to dc2 (one port only). Currently I have a private network address assigned to dc2 and a public one (X.X.X.26) assigned to the machine connected to it. You should put a private 192.168.200.x IP address on the Windows box, not a global X.X.X.26 address. Afterwards, do a simple port forwarding (redirection in pf language) at the OpenBSD box, e.g. rdr on dc0 proto tcp from any to (dc0) port $wbpp - $wbip pass in on dc0 inet proto tcp from any to $wbip port $wbpp flags \ S/SA keep state where $wbip is the private IP address of the Windows box and $wbpp is the port you want to redirect to the Windows box (wbpp = 'Windows box public port'). I guess the rules could be combined into a single 'rdr pass' rule but I like it this way... Remember to set up a default route on the Windows box (it should of course use the OpenBSD box as its default route). Regards, Martin I need to know how to access the X.X.X.26 machine from the internet. My attempts at redirecting with pf rules haven't been successful so far, and I'm not sure that's how I should be approaching it. Hmm, sorry, I didn't take the above paragraph into account before. If you decide to try my earlier advice, you should add X.X.X.26 as an alias to the dc0 interface and replace (dc0) with X.X.X.26 in the rdr rule. Regards, Martin I've been playing with this for a few days, and am kind of lost, so any advice, pointers to docs, examples, etc. would be very much appreciated. thanks, --charlie
Re: pf examples needed
On Tue, Jan 16, 2007 at 12:23:45PM -0500, Charles Farinella wrote:
Thanks to all for the help.
Martin Toft wrote:
On Tue, Jan 16, 2007 at 09:32:02AM -0500, Charles Farinella wrote:
I have an OpenBSD 3.9 machine with a public IP providing NAT and
firewalling for our internal network. It has 3 interfaces:
dc0: public ip from internet X.X.X.25
dc1: 192.168.100.x to internal network. This works well.
dc2: 192.168.200.x -- to Windows server.
I need to allow public access to the Windows server connected to dc2
(one port only). Currently I have a private network address
assigned to dc2 and a public one (X.X.X.26) assigned to the machine
connected to it.
You should put a private 192.168.200.x IP address on the Windows box,
not a global X.X.X.26 address. Afterwards, do a simple port
forwarding (redirection in pf language) at the OpenBSD box, e.g.
I currently have it set up like this:
dc0 = X.X.X.25
dc2 = 192.168.200.254
test_box = 192.168.25.123
services = { ssh, smtp, http, https }
I have the following in my pf.conf:
rdr pass on dc0 proto tcp from any to X.X.X.25 port 80 -
192.168.25.122 port 80
If I ssh into the X.X.X.25 box I can access the test_box on port 80.
I cannot access X.X.X.25 port 80 however.
You can't access X.X.X.25 port 80 from the OpenBSD box itself, as the
redirection happens on the dc0 interface. That's OK and shouldn't be
thought of as a problem.
I've been using pfctl -f /etc/pf.conf to reload my rules. I see no
reference in my pflog to any attempts to access port 80 on X.X.X.25.
That's probably because you don't log anything.
Remember to set up a default route on the Windows box (it should of
course use the OpenBSD box as its default route).
Routing tables
[snip]
Is this correct?
Sorry, but I can't answer that, as I can't figure out how your machines
are connected etc... I'm very confused about all your machines,
interfaces (dc0, dc1, dc2, ne3), and networks (192.168.100.x,
192.168.200.x, 192.168.25.x, X.X.X).
Regards,
Martin
Thanks again.
--charlie
nullconsole?
Hello list, Is there a nullconsole in OpenBSD, similar to the nullconsole in FreeBSD? I have a WRAP box where I need to use the serial port to interface an external device. I don't want the default console on the serial port, because any kernel console messages would disturb the communication. On the WRAP, set tty pc0 in /etc/boot.conf still uses the serial port. This might be due to some BIOS setting, but I'd rather not change that as re-setting the BIOS seems to be non-trivial. What I'm looking for is a set tty none or similar in /etc/boot.conf. Any ideas? Otherwise I'll go ahead and implement it myself. TIA Martin Hedenfalk
Re: nullconsole?
On 1/17/07, Lars Hansson [EMAIL PROTECTED] wrote: On Wednesday 17 January 2007 17:15, Martin Hedenfalk wrote: Is there a nullconsole in OpenBSD, similar to the nullconsole in FreeBSD? Not that I know but you could always set it to a non-existant tty (com1?), I guess. But that's not the problem here though... I've tried it, and set tty com1 didn't work. Not sure exactly what happened but it didn't boot properly anyway. On the WRAP, set tty pc0 in /etc/boot.conf still uses the serial port. This might be due to some BIOS setting, but I'd rather not change that as re-setting the BIOS seems to be non-trivial. This sounds like the BIOS is redirecting vga to the serial port and if that is the case the only way to use the serial port is to disable the console redirection in BIOS. What I'm looking for is a set tty none or similar in /etc/boot.conf. If the WRAP is using console redirection this wont help. If it was possible to set the default console to nullconsole, ie discarding all console I/O, what other part of the system would write (directly) to pc0? -martin
Re: nullconsole?
On 1/17/07, Lars Hansson [EMAIL PROTECTED] wrote: On Wednesday 17 January 2007 19:39, Martin Hedenfalk wrote: If it was possible to set the default console to nullconsole, ie discarding all console I/O, what other part of the system would write (directly) to pc0? The BIOS messages that appear before the OS or bootloader is even running. Sure, but that output would be acceptable. I'll implement a nullconsole and post a patch to [EMAIL PROTECTED] -martin
Re: Idea for additionnal funding
2007/1/21, L. V. Lammert [EMAIL PROTECTED]: Actually, I talked to Theo about this last year, as we currently operate a non-profit that is underutilized. The problem is that since OBSD is NOT a non-profit, a 'regular' corp cannot transfer funds without a TON of justification paperwork (especially internationally) - our attorney said it was definately not worth the legal expense involved and would almos certainly invite an IRS audit (at more expense). That's why the OpenBSD Enterprise Bundle exists: http://www.dixongroup.net/?q=openbsd Best Martin
Re: OpenBSD's bind: CVE-2007-0493 and CVE-2007-0494
2007/1/30, Dimitry Andric [EMAIL PROTECTED]: This was fixed on 2007-01-25: In stable? Best Martin
Re: pcn in VMware, 5KB/s
Brad Brad [EMAIL PROTECTED] wrote: I'm running OpenBSD 4.0 in VMware workstation 5.5.3 build-34685 linux host. Scp's between the guest and host only manage about 5KB/s so I tried going back to le which worked great. I configured a new kernel with disable pcn* but on next boot I had no nics at all, so i tried again disable pci* also since I think le is isa, but it still didn't work. How can I get the cards to register as le again? le at pci was removed some time ago
Re: High load but 100% idle
Am 11.02.2007 um 14:10 schrieb Michael: Hi, I got a weird behavior of one of my OpenBSD boxes. It got a load of 1 most of the time but top shows idle at 100%. There is nothing much running on it right now. Apache just displays the default page at the moment and the log is almost empty. Bind got some zones as secondary but thats about it. Anyone got an idea? Out out of 'top', 'systat vmstat', 'ps ax' and 'dmesg' are attached. Not an expert, but I usually check for processes that are waiting for I/O. They don't cause load but uptime will still report it. hth
Re: Problems with routing
2007/2/14, Jamie Penman-Smithson [EMAIL PROTECTED]: Any hints? afterboot(8) has a section on routing. Best Martin
Re: Free Linux Driver Development!
2007/2/14, Jeff Rollin [EMAIL PROTECTED]: And yet when a driver is released under the BSD licence, which conflicts with the GPL It doesn't. It simply doesn't work under Linux. Best Martin
Re: Problems with routing
2007/2/14, Jamie Penman-Smithson [EMAIL PROTECTED]: I read afterboot(8) but I didn't see anything related to the issue that I'm experiencing. -- If you wish to route packets between interfaces, add one or both of the following directives (depending on whether IPv4 or IPv6 routing is re- quired) to /etc/sysctl.conf: net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 Packets are not forwarded by default, due to RFC requirements. -- Time to go back to Linux I suppose.. We won't miss you. Best Martin
Pf - Private address blocking
Hey all
I have a question about blocking private addr. with pf.
I have defined the reserved addresses acording to RFC 1918 in a table
priv_ip
My default rule is :
block in on $ext_if
block out on $ext_if
pass in on $int_if
pass out on $int_if
1. With this 2 rules defined is it still recomended to block private addr.
If it is then:
Computers on my network have IP's from block 192.168.0.0/16 let's say
192.168.1.100 to 192.168.1.105
I make another table called lan
What is the correct rule? Do i negate table lan in a rule
block in on $ext_if from any to { priv_ip, !lan }
block out on $ext_if from { priv_ip, !lan } to any
or do i negate ip's in a table like so
table lan { !192.168.1.100 , ...}
tnx for reply
Re: Spamassassin overwrites manual of OpenBSD spamd
Guido Tschakert [EMAIL PROTECTED] wrote: Hello, while reading the discussion about spamd, I decided to learn a little bit about it and have a look in the manual, but man spamd yields to the manual of spamd - daemonized version of spamassassin what is not exactly what I was looking for. (I installed p5-Mail-SpamAssasin from ports/packages) apropos spamd shows: spamd (8) - spam deferral daemon spamd-setup (8) - parse and load file of spammer addresses spamd.conf (5) - configuration file read by spamd-setup(8) for spamd(8) spamdb (8) - spamd database tool spamlogd (8) - spamd whitelist updating daemon Mail::SpamAssassin::Client (3p) - Client for spamd Protocol spamc (1) - client for spamd spamd (1) - daemonized version of spamassassin spamd (8) - daemonized version of spamassassin The first and the last entry are both spamd (8), but spamassassin from ports has overwritten /usr/local/man/man8/spamd.8 from the system (which I am looking for) I don't know if there is an easy solution for this (I don't want to call it a problem), but I think this shouldn't happen. For now I go to http://www.openbsd.org/cgi-bin/man.cgi?query=spamdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html and read the manual online :-) thanks guido The manpage of the in-system spamd lives in /usr/share/man/cat8/spamd.0
Re: Router performance on OpenBSD and OpenBGPD
On Thu, Feb 22, 2007 at 01:03:30PM -0800, Karsten McMinn wrote: On 2/21/07, Alex Thurlow [EMAIL PROTECTED] wrote: Oops, forgot that part. At 325Mbps, we do about 60,000pps, so that puts us at about 360,000pps needed for 2Gbps. You'll have a hard time finding benches for that. To date, the best reported is 150k pps which was on the intel E7520 chipset. That was using em drivers. You're safest best for the most performance possible would likely be using the intel 5000 chipset (i.e. SuperMicro X7DB* motherboards) coupled with SysKonnect SK-9S* line of network cards. Its probably a safe bet that you'll be capable of 200K pps, but beyond that is anyones guess. Assuming correct choice of hardware can get you half way to the goal, wouldn't it be an idea to buy two or more machines and use CARP loadbalancing? Or isn't this possible when we are talking BGP? Regards, Martin
Re: Concerning Filesystem Mini-Hackathon and faster kernel building (distcc)
f2k7 is not in 2 weeks but from 10th to 15th April and this still does not help with DISKSPACE and SERVERS to plug them in.
Re: Daylight savings time paranoia
2007/3/1, Nick ! [EMAIL PROTECTED]: (by the way, I can't find that patch, anyone know where it is?) http://www.blahonga.org/~art/diffs/epenis-enlargement.20060210 A new FAQ entry? :-) Best Martin
Re: squid and OBSD 4
2007/3/2, Cristiano Deana [EMAIL PROTECTED]: i have a openbsd 4 box with squid-transparent. it seems like it have poors performance. investigating with `top' i saw squid using only 90M of ram, why? Check the memory section of your squid.conf Best Martin
Re: OpenBSD 4.0 dvd case
2007/3/3, Ray Percival [EMAIL PROTECTED]: It's ugly, horrible, no fun and violates Theo's trademark with a whiffle bat. I suppose the case contains official CDs, so I see no violation. And he could (and should IMHO) have used the images from http://www.openbsd.org/art4.html I like the official artwork more. :-) Best Martin
pkg_add with http?
Hi, how can I make pkg_add work with http? I already have PKG_PATH=http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/; FETCH_CMD=/usr/local/bin/wget but pkg_add -v doesn't work. Best Martin
Re: pkg_add with http?
2007/3/11, Reyk Floeter [EMAIL PROTECTED]: why wget? use ftp(1); it supports FTP, HTTP, and HTTPS. - sudo pkg_add -iv wdiff Error from http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/: ftp: Writing -: Broken pipe Can't find wdiff-0.5 /usr/sbin/pkg_add: wdiff-0.5:Fatal error - Best Martin
Re: pkg_add with http?
2007/3/12, [EMAIL PROTECTED] [EMAIL PROTECTED]: pkg_add does all of this for you - without the need for a separate FETCH_CMD or enclosing PKG_PATH in quotes. The quotes are from export. then you only need to do each time: pkg_add -iv pkgname it will be downloaded/installed as needed. on my box the above works fine - i.e. retrieving packages via http:// is understood by pkg_add - as documented/expected! Aha. And why doesn't it work? sudo pkg_add -iv wdiff Error from http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/: ftp: Writing -: Broken pipe Can't find wdiff-0.5 /usr/sbin/pkg_add: wdiff-0.5:Fatal error export declare -x PKG_PATH=http://ftp-stud.fht-esslingen.de/pub/OpenBSD/4.0/packages/i386/; It works with ftp, but ftp doesn't work because of the firewall. Best Martin
Re: Important OpenBSD errata
2007/3/13, Theo de Raadt [EMAIL PROTECTED]: This means everyone should have our latest patches installed. Uh. :-( Just a reminder: security-announce exists for messages like this. Use it or delete it. While the bug is bad, the handling of it is even worse. Best Martin
Re: weird PF behavior
I think this can be explained by the default state policy (which is
floating) in pf. Consult the man page and look for 'set state-policy'.
I think that by default, because you're letting the packets through in
your first 'pass' rule you create state. When you get to the outside
interface you match this existing state (because the state policy is
set to floating) and your second 'pass' rule never evaluates.
One quick way to determine this is to set your state policy to
'if-bound' and then check whether or not you have the same behavior.
-Martin
On 3/14/07, Ryan Corder [EMAIL PROTECTED] wrote:
I have a fairly simple ruleset and it doesn't seem to be working right
for me...at least it doesn't make much since.
ext_if=bge0
int_if=bge1
table outside const { 10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24 }
table inside const { 10.0.4.0/24, 10.0.5.0/24 }
table others const { 172.18.114.35 }
block log all label default block
pass in on $int_if from inside to any tag INSIDE keep state
pass out on $ext_if from inside to { !outside, !others } tagged
INSIDE keep state flags S/SA
here is the problem, from a machine on the 10.0.5.0/24 subnet, I can
connect to any IP and any port on the 10.0.3.0/24 subnet. the way the
two pass rules are written, I was thinking that I would be able to
connect to anything EXCEPT the subnets listed in outside and others.
what am I missing here?
thanks.
ryanc
--
Ryan Corder [EMAIL PROTECTED]
Systems Engineer, NovaSys Health LLC.
501-219- ext. 646
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
--
Suburbia is where the developer bulldozes out the trees, then names
the streets after them.
--Bill Vaughan
Re: weird PF behavior
On 3/15/07, Henning Brauer [EMAIL PROTECTED] wrote: do everything else but that. really. this is never ever your problem, except you do weird things with tunnels or the like. Gotcha. -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Re: sendto: No buffer space available
2007/3/15, Claudio Jeker [EMAIL PROTECTED]:
I think I mentionened this already a few times but I'll do it again.
sendto: No buffer space available means an ENOBUF error was returned.
On modern systems ENOBUF is almost only generated by the interfaces and
their queues (e.g. if you enable a too restrictive altq limit).
So if you have altq enabled I would look at the pfctl -sq -vv output.
I have the same problem, but disabling altq doesn't help.
I can easily repeat it: Firewall is a K6/3-400 with 4.0, sis(tun0) and
rl running squid. If the client (Linux 2.6.16 (SUSE 10.1)) runs at
least two downloads with FireFox and DownThemAll, i.e. more than ca. 4
http requests in parallel, the network will stop occasionally, but
recover.
A possible workaround is to switch to the kernel pppoe(4) version.
Which doesn't do everything pppoe(8) does. :-{
Best
Martin
Re: Important OpenBSD errata
2007/3/16, Kian Mohageri [EMAIL PROTECTED]: Yeah. Expectations aside, being condescending is never warranted. Both Karl and Martin did just that. They could have asked if there was a reason it wasn't sent to security-announce@ instead of misc@, rather than saying This is terrible handling of a bug after it was fixed almost immediately. It _was_ fixed quite fast; the released patch took another 10 days (granted, waiting for PoC is understandable). What was lacking is what Core critised: This was not seen as a security problem right along, instead it took a PoC _exploit_ before we all got a warning by Theo, and even that warning was _not_ on the designated channel (security-announce). I've said it before: security-announce is broken. Either fix it (shouldn't really be too hard and takes less time than reading this thread) or delete it and point to source-changes instead. I'm annoyed that the handling let to many negative press for the project. We can do better. But Theo seems to think everything is fine. Best Martin
Re: Important OpenBSD errata
2007/3/16, Theo de Raadt [EMAIL PROTECTED]: I don't know what to say. I am trying to get past the first impression of you being a whining liar who quotes some fiction author. Theo, is flaming all you have to say in this thread? Seriously: Do you think this bug was handled in the right way? Best Martin
Re: Important OpenBSD errata
2007/3/16, Lars Hansson [EMAIL PROTECTED]: OpenBSD project isn't exactly overflowing with personell. But maybe Karl and Martin are volunteering to maintain security-announce. I'd be willing to do that (forward erratas to security-announce), but let's not forget that OpenBSD is a dictatorship, i.e. it's for Theo to decide. Best Martin
heise online: Report states that OpenBSD developers played down critical vulnerability
This piece of news from the heise security newsticker has been sent to you by Martin Schrvder [EMAIL PROTECTED]. The sender's address has not been verified. If you doubt the sender's authenticy please ignore this mail. 14.03.2007 17:47 Report states that OpenBSD developers played down critical vulnerability There is more to the bug in OpenBSD[1] reported yesterday than was thought, according to more detailed information. It is apparently possible to obtain control of a system with a single ICMP6 packet. As a minimum it is possible to crash the system, which for many people running an internet server is in itself unacceptable. The OpenBSD team did not initially give any detailed information on the problem. However, Core Security, discoverers of the vulnerability, today supplied further information on the problem and disclosed that the developers wanted to play it down. The OpenBSD team did publish a patch[2] shortly after being informed of the bug, but were not willing to categorise the bug as a vulnerability or security issue. Core Security[3] had sent them only one exploit, which caused a kernel panic. According to OpenBSD's reading, bugs which crash a server, even where they can be exploited remotely, are not vulnerabilities. A bug is only a vulnerability where it allows the system to be compromised. The developers of FreeBSD, who decline to provide[4] updates for local DoS vulnerabilities, have a similarly idiosyncratic definition of security problems. OpenBSD's assessment was not, however, shared by Core Security, who continued to talk of a security vulnerability. In addition, it had not been definitively clarified whether or not the bug could be used to inject and execute code. The OpenBSD developers denied this - their analysis revealed that the bug could only cause a memory violation and could not be used to infiltrate data in a targeted manner. In response Core Security supplied the ultimate riposte - an exploit which could be used to execute code with kernel privileges. According to the advisory, the developers still refused to concede the point and classified the patch as a reliability fix - i.e. a patch to improve system stability. Only after further bickering did OpenBSD class the fix as security related - Core Security first had to agree to indicate in the security advisory that the bug could only be exploited in IPv6 networks, which at present considerably reduces attack possibilities. See also: OpenBSD's IPv6 mbufs remote kernel buffer overflow[5], security advisory from Core Security Security update for OpenBSD fixes problem with ICMP6 packets[6], report on heise Security (ehe[7]/) This article's URL: http://www.heise-security.co.uk/news/86757 Links in this article: [1] http://www.openbsd.org/ [2] http://www.openbsd.org/errata40.html#m_dup1 [3] http://www.coresecurity.com/ [4] http://www.heise-security.co.uk/news/80840 [5] http://www.coresecurity.com/?action=itemid=1703 [6] http://www.heise-security.co.uk/news/86650 [7] mailto:[EMAIL PROTECTED] Copyright 2007 Heise Zeitschriften Verlag
Re: Important OpenBSD errata
2007/3/16, Karl O. Pinc [EMAIL PROTECTED]: On 03/16/2007 02:51:48 AM, Kian Mohageri wrote: Expectations aside, being condescending is never warranted. Both Karl and Martin did just that. I did not intend to be condesending and apologise if it was taken that way. Same here. It was a statement of facts. Best Martin
Re: Compiling your own system as a way of upgrading it is not supported
2007/3/16, Mike Piety [EMAIL PROTECTED]: uh, why don't you just load your release bsd.rd at the boot prompt, and do an upgrade to 4.0, using the ftp method? This would install 4.0- stable, and would be a lot faster. No. There are no new kernels (i.e. stable) available from the servers. Best Martin
Re: Is OpenBSD VuXML broken?
2007/3/18, Siju George [EMAIL PROTECTED]: is there any one out there getting regular mails from ports-security? or am I the only one facing this trouble??? No. It's not used. Best Martin
Re: dmesg ASUS EEEPC 1000H
On Mon, Sep 15, 2008 at 10:26:26PM +0200, Sven Wolf wrote: Hi, I've successfully installed -current on a ASUS EEEPC 1000H (via an usb stick). At the moment lii doesn't detect the wired lan adapter: Attansic Technology L1E rev 0xb0 but maybe there will be a patch in the future... For the LAN connection I've used an USB adapter: axe0 at uhub0 port 2 configuration 1 interface 0 Cisco-Linksys USB200M v2 If you have any question just contact me. I've tried to install some packages but it seems that libiconv-1.12 is broken in the current snaphot :( Best regards, Sven Hi Sven I've done almost the same thing with my Eee PC1000H :-D Only almost, though, as I'm tracking -current instead of running a snapshot. I installed a snapshot using an USB cdrom drive, checked out the -current source and built it. I know snapshots are the the best way to test things, but I did it this way to be able to hack around with the source and test patches (as much as time and competence allow me to). I'm writing this mail on the Eee laptop, connected to the world through a Linksys USB200M v2 USB Ethernet adaptor :-) Don't you experience problems with the wireless Ralink RT2790 network device? I've had it working in 2-3 boots right after I got the laptop and never since. From dmesg: ral0 at pci3 dev 0 function 0 Ralink RT2790 rev 0x00: irq 11ral0: timeout waiting for NIC to initialize If you wonder how to unmute the sound card, try this: mixerctl outputs.speaker2.eapd=on (see also mixerctl.conf(5)) I have attached the mail that I sent to [EMAIL PROTECTED] a while ago. Martin - Forwarded message from Martin Toft [EMAIL PROTECTED] - Date: Thu, 4 Sep 2008 21:21:45 +0200 From: Martin Toft [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Asus Eee PC 1000H laptop Notable things that work: - Boots without problems every time. - Sound. - USB. - X (it detects everything automatically and Just Works(tm)). - Touchpad. Things that doesn't work or only work partially: - APM. AC is detected, but battery charge is unknown. - LAN (Attansic Technology L1E rev 0xb0). I have tried forcing it to use lii(4) but it fails init with can't get MAC address-ish. - WLAN (Ralink RT2790). I have had it working in about two boots out of approx 30. I haven't found a pattern. I'm multibooting with the preinstalled Windows at the moment, and maybe it has something to do with the way Windows handles the card. I have included dmesg and pcidump -v. Thanks for everyting! You're welcome to contact me if you need me to test something or want more info. If you want an entry for the i386-laptop page, I'm eager to write one and make my dmesg available somewhere. dmesg = OpenBSD 4.4-current (GENERIC) #2: Thu Sep 4 01:33:19 CEST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (GenuineIntel 686-class) 1.60 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,xTPR real mem = 1064529920 (1015MB) avail mem = 1020891136 (973MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/11/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xf0700 (30 entries) bios0: vendor American Megatrends Inc. version 0901 date 07/11/2008 bios0: ASUSTeK Computer INC. 1000H apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 3.0 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8770/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801GBM LPC rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0xec00! cpu0 at mainbus0 cpu0: unknown Enhanced SpeedStep CPU, msr 0x060f0c2406000c24 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1600 MHz (1276 mV): speeds: 1600, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82945GME Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82945GME Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xd000, size 0x1000 Intel 82945GM Video rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: irq 5 azalia0: codec[s]: Realtek/0x0269 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: irq 5 pci1 at ppb0 bus 4 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: irq 10 pci2 at ppb1 bus 3 Attansic Technology L1E rev 0xb0 at pci2 dev 0 function 0 not configured ppb2 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: irq 11 pci3 at ppb2 bus 1 ral0 at pci3 dev 0 function 0 Ralink RT2790 rev 0x00: irq 11ral0: timeout waiting for NIC to initialize uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: irq 3 uhci1 at pci0 dev 29 function 1
Re: dmesg ASUS EEEPC 1000H
On Mon, Sep 15, 2008 at 11:58:59PM +0200, Martin Toft wrote: Don't you experience problems with the wireless Ralink RT2790 network device? I've had it working in 2-3 boots right after I got the laptop and never since. From dmesg: ral0 at pci3 dev 0 function 0 Ralink RT2790 rev 0x00: irq 11ral0: timeout waiting for NIC to initialize The following recipe fixed the device: 1. Disable wlan in bios. 2. Boot into OpenBSD. The blue led is now off and a ral device is not found. 3. Enable wlan in bios. 4. Boot into OpenBSD. Result: ral0 at pci3 dev 0 function 0 Ralink RT2790 rev 0x00: irq 11, address 00:15:af:e4:cd:1d ral0: MAC/BBP RT2872 (rev 0x0200), RF RT2720 (1T2R) # ifconfig ral0 chan ral0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:15:af:e4:cd:1d groups: wlan media: IEEE802.11 autoselect (DS1) status: no network ieee80211: nwid 100dBm nwid Alisa chan 11 bssid 00:0e:2e:f5:8f:f7 74dB 54M privacy,short_slottime nwid mt chan 11 bssid 00:0f:cb:fa:45:98 72dB 54M privacy,short_preamble,spectrum_mgmt,short_slottime nwid Baasch chan 3 bssid 00:15:e9:0b:1b:26 72dB 54M privacy,short_preamble,short_slottime nwid Lujoba chan 1 bssid 00:1d:0f:e2:51:8a 72dB 54M privacy,short_preamble,short_slottime nwid 0x00 chan 11 bssid 00:1d:7e:e3:43:b7 72dB 54M privacy,short_slottime nwid SA chan 11 bssid 00:21:29:99:8f:6f 70dB 54M privacy,short_slottime Martin
PPP / demand-dial / failing first outbound connection
Hi all! I have the -current snapshot from Sep. 10 on my ALIX board, and have configured pppd for demand-dialing on a UMTS modem. # cat /etc/ppp/peers/umts cuaU0 7372800 debug noauth nocrtscts :10.11.12.13 ipcp-accept-local defaultroute demand user none persist idle 600 holdoff 300 connect /usr/sbin/chat -v -f /etc/ppp/tmobile-chat The first outbound connection causes pppd to successfully pull up the connection. However, the connecting client runs into a TCP timeout and needs to be started again. On subsequent dials (after the line was pulled down due to idle), the behaviour is the same and the initiating connection times out. I recall that this was a very common problem many years ago when I used to dial into ISDN with my Linux boxes, but I can't quite recall how we used to get rid of this back then. How do I fix this little problem? Your suggestions are greatly appreciated. Thanks for your time, -martin -- Martin Schmitt / Schmitt Systemberatung / www.scsy.de -- http://www.pug.org/index.php/Benutzer:Martin --
Re: alix help
Kendall Shaw schrieb: If I were able to upgrade the bios, I don't know how I will actually install openbsd on the disk. Aside from transfering files using Xmodem, what is the procedure for actually installing an image onto the CF card? I have tried two methods for installing OpenBSD, and haven't decided yet which one of the two I like better. First, there's Flashdist from http://www.nmedia.net/flashdist/ which is well optimized for flash enviroments and is installed by writing out an image to a CF card. This has a somewhat bullet-proof appearance, but it's not simple to customize. Second, I have recently received a shipment of Microdrives, allowing for a regular install that doesn't need to be optimized for read-only operation. The PXE environment needs to be set up as described in http://www.openbsd.org/faq/faq6.html#PXE and the bsd.rd kernel needs to be booted for installation. This has the big advantage that it works just like any OpenBSD installer. Kind regards, -martin -- Martin Schmitt / Schmitt Systemberatung / www.scsy.de -- http://www.pug.org/index.php/Benutzer:Martin --
Re: pre-orders
On Tue, Oct 07, 2008 at 11:25:27PM -0600, Theo de Raadt wrote: Anyone got one of the posters yet? I've gotten one of the first ones (of course). Shiny, shiny, shiny. I saw it at Wim's booth at Open Source Days in the past weekend. Indeed shiny :-) Wim even promised that I could have it, if I went by the booth when the conference ended. Unfortunately, I was busy cleaning up the building at that point and forgot about it...
4.4 Release party in Vienna
A handful of developers are coming to Vienna after p2k8 in Budapest next week, so we are going to have our 4.4 party on friday, 31st november, 8pm. The event will happen in the Siebensternbraeu, Siebensterngasse 19A, 1070 Wien, Austria (http://www.7stern.at). Everyone is welcome to join us! martin
Re: 4.4 Release party in Vienna
Martin Reindl [EMAIL PROTECTED] wrote: A handful of developers are coming to Vienna after p2k8 in Budapest next week, so we are going to have our 4.4 party on friday, 31st november, 8pm. oops, should say: 31st october
Re: openbsd fail2ban
2008/11/6 Charlie Clark [EMAIL PROTECTED]: I have noticed that people constantly try to brute force sshd on my openbsd box, on my server I use fail2ban to prevent this and wondered if there is a similar solution for openbsd. Yes. RTFAQ. Best Martin
Re: Laptop keyboard pictures
On Thu, Oct 30, 2008 at 05:42:35PM -0700, Ted Unangst wrote: Can people with these new tiny notebooks send me a nice high res (1k x 1k is good) pic showing the keyboard layout? Maybe with a quarter or euro to show scale? Off list of course. I'd like to make a gallery because the keyboard is critical and it's hard to find decent pics of the keyboard sometimes. Alternatively, if you know of such a gallery, please post a link. (on list) To start, I'm particularly interested in things like the eeepc or wind. Also, if you could include a note about where you bought it or what layout it uses or however it is you foreigners describe different keyboards that'd be awesome. Hi, What exactly do you need the pictures for? I work at a computer store, we sell of laptops, and I see loads more that come in for repair (Many not sold by us), I would not mind taking pictures of them if it would help you in some way, but I obviously don't want to waste a lot of time making loads of pictures for nothing. btw. Most keyboards I get are Dutch and use the US layout, very, very occasionally the Dutch (NL) layout, but they're pretty rare (Almost all ``Dutch'' keyboards are US). -- Martin Tournoij [EMAIL PROTECTED] http://www.daemonforums.org QOTD: I am a computer. I am dumber than any human and smarter than any administrator.
Re: 4.4 recently installed
2008/11/10 Douglas A. Tutty [EMAIL PROTECTED]: Put in a couple of big hard drives (I don't know what's there already) and use it as network storage (backup your other computers). And then wonder why it crashes when it does the first fsck. :-( AFAIK 64M will only allow you to fsck 64GB. Seriously: Get yourself a new machine if you can. It will be much faster and consume less power. Best Martin
Re: Missing security announcements
2008/11/13 Theo de Raadt [EMAIL PROTECTED]: I think that would work better. I am not here saying this because I have answers. I don't. I think that people running old software quite frankly cannot rely on a mailing list run by people who don't run -stable. So how can any of you hope we will solve your problems? Why do you maintain stable by issuing security patches for it if you don't care if anybody installs them (by not telling them about the patches through one of the designated channels)? Don't you want people installing them? Is it so hard to write a mail to the list once every few months? The content is already there... Frankly: We have this discussion about once a year. Please either remove the list and spare us the discussions (and write a short notice on the page why you don't have the list) or use it. Either way will probably spare you more work then the status quo. Finally: If you don't bother about changing the status quo, may I (or someone else) use the list to send out mails about the erratas? Best Martin
Re: cvs, cvsup and xenocara advice
On Thu, Nov 13, 2008 at 01:28:57AM -0800, Ansen Lloyd wrote: Let me first say that I looked over all the man pages, the official faqs and I searched over the archived mailing lists before sending out these questions ... and I'm still a little confused. So: 1. What are the main differences between cvs and cvsup when updating sources to stable? opencvs and gnu cvs are in base 2. I'm just the typical home user of obsd, so which should I use, cvs or cvsup? opencvs 3. As of Nov 13th of 2008 why do only 4 of the 17 cvsup servers have the xenocara repository? ( according to this list: http://www.openbsd.org/cvsup.html ) for 4.4-stable: cvs -qd [EMAIL PROTECTED]:/cvs get -rOPENBSD_4_4 xenocara m
Re: Missing security announcements
2008/11/13 Theo de Raadt [EMAIL PROTECTED]: You guys out there on misc have more ideas that we can ignore? quote src=http://www.openbsd.org/goals.html; Do not let serious problems sit unsolved. /quote Best Martin
