if it's use is far from recommended, indeed rather forbidden,
why is it left to rot?
It is left there for historical reasons, because some old applications
may use it.
For new applications we do not use it, but prefer to use a properly
designed sysctl or ioctl
interface to retrieve information
hmm, on Fri, Sep 25, 2009 at 02:44:07PM -0600, Theo de Raadt said that
The major reason for moving away from procfs is that there are
numerous TOCTOU problems.
out of curiousity, in principle, what is the difference between
accessing a through /procfs and the same value through sysctl
On Fri, Oct 2, 2009 at 12:19 PM, Dave Anderson d...@daveanderson.com wrote:
The CD set showed up in today's mail (near Boston, Mass.)
Dave
I received ship notice this morning. So, after all, Oct 1st (-ish) did
end up to be the release date(?).
Every release, we have tried to
But we won't open up the ftp servers today. I want a sizeable percentage of
purchasers to receive their product first.
Is setting a password on the new package hierarchy and including the
password with the CD feasible or desired?
I don't see any benefit to that.
But we won't open up the ftp servers today. I want a sizeable percentage of
purchasers to receive their product first.
Is setting a password on the new package hierarchy and including the
password with the CD feasible or desired?
Actually, I want to be a bit more long winded about this.
On Saturday, October 3, 2009, 02:13:51, Theo de Raadt wrote:
But we won't open up the ftp servers today. I want a sizeable percentage
of
purchasers to receive their product first.
Is setting a password on the new package hierarchy and including the
password with the CD feasible
Nope, not B at B all. B It was just an idea tossed out to:
B - see if it had any merit
B - perhaps spark some other thoughts on how to increase CD purchases
B - or to get flamed
Its obvious which one you chose.
I don't believe you. B You suggested it because you only thought of
On Mon, Oct 05, 2009 at 17:14 -0400, you wrote:
On Mon, Oct 5, 2009 at 4:00 PM, Bernd Siggy Brentrup b...@free-it.org
wrote:
AFAICT from at(1), the code is still mostly T-Rex's implementation.
You may want to have a look at https://launchpad.net/~at-ng for
a reimplementation from
The word goes Theo de Raadt himself is driving away ppl from using
openBSD by pissing them of publicly.
I am more than happy to drive away people who come to our mailing list
trying to sell their wares.
I see that there exists a reference to an earlier mkisofs man page within
the mkhybrid(1) man page, whereas no such man page seems to exist. There
is a mkisofs.c which seems to be incorporated into mkhybrid nowadays, but
I don't think there is any intention to support a man page for it.
Is it that VirtualBox isn't emulating x86 hardware properly? Or, is it
a bug in obsd? (I am thinking the former). Any Ideas/suggestion are
entertained (Trying in VMware right now)
Yes, Virtualbox is not emulating a PC correctly.
Please be nice to the other distributors shipping OpenBSD CD's. Not
all of them have the CDs yet to distribute. Be patient.
I was reading some information that indicated that letting user
process to map to address 0x0 can exploit some kernel NULL-pointer
bugs. I checked how different operating systems mitigate this problem
and I found information about Linux and FreeBSD. I was trying to find
the same information
I'd like to start auditing code for a few classes of defects. Would the
bugs list be the correct place to submit a pile of diffs?
Just mail the people who last worked on the code, and if that does not
work, feel free to mail me and I will tell you who to talk to.
The defect classes I'm
In my case it has nothing to do with whether or not millions of people
use a particular OS but simply that I am constrained to Linux for this
project and it is non-negotiable. So I could use that as an excuse to
ignore OpenBGPd but I think it's a nice BGP implementation and I think
it may be
I was having this issue with -current from Oct 9th, and now with
-current from Oct 14th. Basically, I issue:
# halt -p
And get all the proper messages, including the: Synching Disks...
Done. That happens just before the power is flipped off.
Everytime I turn the machine back on,
builds by Theo de Raadt,
Mark Kettenis, and Miod Vallat. X11 builds by Todd Fries and Miod Vallat.
ISO-9660 filesystem layout by Theo de Raadt.
We would like to thank all of the people who sent in bug reports, bug
fixes, donation cheques, and hardware that we use. We would also like
to thank those
There used to be a message before the install script wiped out
filesystems with newfs, listing the partitions and asking if you were
sure. Was this removed, or did I somehow miss something? And WHY???
Because it is the install script.
What did you think it was going to do.
It's
the link on this site:
http://www.openbsd.org/errata46.html
for the .tar.gz file with all patches (001 and 002) isn't on the ftp
server. Link directs to:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.6.tar.gz
I get 550 No such file or directory.
Ah. A script wasn't updated. That file will
On Thu, Oct 22, 2009 at 3:01 PM, elias r. obs...@crudp.ath.cx wrote:
thank you :)
I'll update it later that day!
one question: why did you choose tty over stdin?
would using stdin be a security flaw?
As you discovered, making it read from tty makes it harder for people
to put their
On Thu, Oct 22, 2009 at 5:41 PM, Nick Holland
n...@holland-consulting.net wrote:
Daniel Malament wrote:
On 10/22/2009 5:37 AM, William Boshuck wrote:
And here I thought I remembered the new installer being described as
easier to use.
It is. Were it not so quick it would be positively
People have the same issue with IBM servers - the fans run like crazy,
and I believe it is the OS' responsibility to check temperatures and
adjust fans as necessary.
Not true. On a PC, it is acpi's responsibility to do that, if they
even exist.
From the dmesg (below), this appears to be an old APM-based
motherboard. The shutdown(8) manpage states that not all hardware
supports automatic power down. That's fine if this hardware doesn't
support it, but given the Attempting to power down... message, I am
curious if it might be
Sorry for top-posting, but please: Disk sectors start with 1
Just pathetic. Hope you actually get a life sometime.
It works under KVM. I vaguely recall mpbios0 and acpmiadt0 need to be
disabled.
Then it doesn't work.
I've got this car, but the engine won't start. But it works fine,
because if some friends help me I can push it down the road.
We won't cripple OpenBSD just because the virtual machines out
OpenBSD 4.5+ works if mpbios is disabled, more info here:
http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04
OpenBSD 4.5 works on 99.9% of PCs out there with mpbios enabled,
so KVM must have a really stupid bug.
On Sat, Oct 31, 2009 at 05:50:57PM -0600, Theo de Raadt wrote:
OpenBSD 4.5+ works if mpbios is disabled, more info here:
http://scie.nti.st/2009/10/4/running-openbsd-4-5-in-kvm-on-ubuntu-linux-9-04
OpenBSD 4.5 works on 99.9% of PCs out there with mpbios enabled,
so KVM must have
The earlier poster (Jason) is right: this *is* the way a firewall
should work -- spend your time on implementing the security policy and
let the 'compiler' worry about efficiency. But since the others don't,
it might be a good idea to go into this at some length.
Since it just does what
Since it just does what a good system should do, what is there to go
into at length about?
What it does. How it does it. If that were documented, it'd sure be
easier to use the tools more effectively.
It does what it does, how it does it, in the source code. Manual pages
do not serve
[bcc'd to Dan Goodin @ theregister]
If anyone wants a choice quote from me about the recent Linux holes,
this is what I have to say:
Linus is too busy thinking about masturabating monkeys, he doesn't
have time to care about Linux security.
For the record, this particular problem was
Theo de Raadt wrote:
http://article.gmane.org/gmane.linux.kernel/706950
I replaced Linux around '01 or '02 with OpenBSD both at companies I've
worked for since and at home. I don't really care what other people use
for their needs, and I've been neutral in my opinion about
For the record, this particular problem was resolved in OpenBSD a
while back, in 2008.
Nice, but:
Since 2.6.23, it has been possible to prevent applications from
mapping low pages (to prevent null pointer dereferencing in the
kernel) via the /proc/sys/vm/mmap_min_addr sysctl, which sets
2009/11/5 Jean-Frangois SIMON jfsimon1...@gmail.com:
Hello,
Is there any particular problem with installing OpenBSD on a SSD HD ?
I've been using flash based SSD's in OpenBSD systems for 6 or 7 years,
starting with small CF in firewalls and now SATA SSD's in desktops and
laptops.
On Saturday 07 November 2009 18:45:08 TomC!E! BodEC!r wrote:
Hi all,
I'm just curious (from informational point of view) why is VMware on
donations.html webpage. Is it safe to say for what they send money or
was it just donation without specific target?
Thanks a lot
I know you
On Tue, Nov 10, 2009 at 4:29 AM, Nick Guenther kou...@gmail.com wrote:
So, as nicely summarized at
http://www.h-online.com/open/news/item/Possible-data-loss-in-Ext4-740467.html,
ext4 is kind of broken. It won't honor fsync and, as a /feature/, will
wait up to two minutes to write out data,
On Tue, Nov 10, 2009 at 08:37, Marco Peereboom sl...@peereboom.us wrote:
mfi, there basically is no competition these days.
I currently have a MegaRAID 8X, and the 48-bit LBA limits logical drives
to 2TB. I can't speak for the other LSI offerings, but this would
definitely be something to
Okay, one last question: one of the original softdep papers
(http://www.usenix.org/publications/library/proceedings/bsdcon02/mckusick.htm
l)
is all about how softdeps can avoid fsck, but I just set softdep on
all my filesystems, rebooted (to start fresh), wrote some files, wrote
some more
Indeed, mod_security is only currently available for apache-1.3. But I
think the lack of modsecurity-2.x is only because nobody has stepped up
to complete the port, not because of any technical hurdles.
As i said, modsecurity 2 is only compatible with apache2, otherwise I
would be able
On Wed, Nov 11, 2009 at 6:19 PM, Hugo Osvaldo Barrera
h...@osvaldobarrera.com.ar wrote:
I'v already seen the alias option for ifconfig, however, it always
refers to static IPs, and I've found no reference to this being
possible with dynamic IPs.
Is this possible? A single interface, with
I noticea tool called parfait is being used by some OpenBSD developers
to check code for problems. Is parfait available to average people?
Can't find a download for it.
http://research.sun.com/projects/parfait
We aren't using it. The people who work there ran it against our
entire codebase
Before everyone goes too bonkers, consider exactly how safe/dangerous
this behavior actually is on a single user machine. Food for thought.
Think to yourself: what *exactly* is the difference between the only
user account on your machine and root? How are you safe?
Not everyone runs
I'm installing -current from snapshots, from time to time. I use to
download the .iso file then burn it and check the files on cdrom
against SHA256 file downloaded together with .iso.
Since some time, the x*.tgz are reported as FAILED in this check. I
send another email to the list, I got
Using cdio I burn a cdrom , mount it and then run inside i386
directory the same command 'cksum -a sha256 -c SHA256', SHA256 being
the file I mentioned first - the one downloaded with the .iso file,
from the same ftp directory. That's how I get FAILED for x*.tgz files.
The X snapshots are not
Where are the details written up for how pf is bypassed by dhcpd and
dhclient?
Would that mean that the machine with dhcpd could still serve dhcp
requests despite a filter ruleset like this:
block in all
pass out all
Damn right it will.
Where is it written up? In the manual
Me too, I updated my kernels yesterday, hoping to get to recent userland
during the day and got this very experience twice on my X60s (i386).
Intel gfx on it also.
Mouse moves, some distorted pixels but apart from that, no life.
Caps/num/scroll lock wouldnt flip the LEDs anymore.
So
We're considering replacing our PII based OpenBSD DNS servers with
some surplus Xserve G5 dual core, 2 GHz. While the OpenBSD PPC page
lists this model as being know to work, it states SATA does not work
on PowerMac G5 and Xserve G5 systems. Is that still current?
Yes.
Are there any work
panic: tcp_output: template len != hdrlen - optlen
Stopped at Debuuger+0x5: leave
RUN AT LEAST 'trace' ..
You didn't run trace, why not? You don't want the bug fixed, do you.
After it's been up for a few weeks I start seeing discrepancies
between what df tells me is free space and how much space du reports
as being used. A few weeks ago I got 'disk full' errors and rebooted
the thing which solved it for the moment, but not permanently.
From the newfs manual page:
Why does a uthum(4) unit show up as two devices? The sensors are
only attached to the second one.
uhidev2 at uhub2 port 2 configuration 1 interface 0 Ten X Technology, Inc.
TEMPer sensor rev 1.10/1.50 addr 4
uhidev2: iclass 3/1
uthum0 at uhidev2
uhidev3 at uhub2 port 2 configuration 1
Not sure if useful to anyone else, but here it goes a patch that adds a new
column to top, showing the last CPUID where a process has been seen. Other
top implementations have this feature, which can be useful on some
situations.
Not needed. It is already there in the STATE field, after the
You are a prick.
No really, what could possibly set hw.setperf besides sysctl
(which I do not call) and apmd (which is not running)? And
where does the number 5 come from?
Or, what obvious triviality have I overlooked?
Is hw.setperf meaningless when apm/acpi is disabled?
The kernel is manipulating this.
So .. in the end, the fact that ComixWall uses OpenBSD as it's
fundation, _does_ help promote OpenBSD use and expand it's user
base
Bullshit.
Please get this off our lists.
Soo... Your performance requirements may met by OpenBSD despite it's
current poor SMP support - other OSes will scale on SMP. Trade-offs,
trade-offs... It's a psychological issue. We have all this multicore
hardware that doesn't get taken advantage of by this OS, and it's
always in the backs
I did a quick perusal of the source (and compared it against the NetBSD
tree) and it looks like the easiest way to
make getaddrinfo() thread safe is to TURN OFF Yellow Pages (pee).
NetBSD changes the only variable globals to local (in they yp code by
removing the caching optimization) and
Aaron Mason
On top of that the firmware is a sort of binary
blob, which will never be used in any OpenBSD system.
Nonsense, binary firmware/microcode images are perfectly acceptable in
OpenBSD, so long as the redistribution terms are clearly defined and
suitable.
That's completely true.
On Tue, 15 Dec 2009 15:15:25 -0500, Ted Unangst ted.unan...@gmail.com
wrote:
As the manufacturers point out, 10,000 write cycles (basically the
minimum) means you can overwrite the flash once per day for 27 years.
That's a lot of IO for a soekris.
It's possible to kill CF cards doing
i havent been using flash media as long as theo, but i will second this.
i also figure it is cheaper for me to replace the media if it fails =
(which hasnt happened yet) than spend the time tweaking the install to =
not write to the media much. same applies to cutting the install down to =
On Wed, Dec 16, 2009 at 07:45:58AM +0100, Tomas Bodzar wrote:
Ufff, did you read link which I send before?
http://www.kernel-panic.it/openbsd/embedded/
Because there is everything described including mounting fs ro,
install and so on.
It's giving bad advices.
You can setup a soekris
I have 6 IDE devices; 4 of them are connected to the primary and
secondary IDE channels and 2 of them are connected to the SATA ports
with IDE to SATA adapter. I assumed the two drives connected to the
SATA ports would show up as sd0 and sd1, instead the show up as wd0
resp wd1. Was I
I just wanted to write a short note about mandoc. You may have seen
it mentioned in some recent posts. It's a fantastic replacement for
groff.
How fantastic? This fantastic:
mini:~/src/share/man/man9 time nroff -Tascii -mandoc *.9 /dev/null
0m2.23s real 0m2.29s user 0m0.03s
going from #448 (March 16th) to #501 (April 8th),
Don't you think the onus is on you to figure out which change during
that period is causing this?
We don't have your hardware. We don't have your setup.
Don't you understand that you have access to the source so that you
can figure out what
is the full exchange:
---
To: Zachary Uram net...@gmail.com
Subject: Re: hi
In-reply-to: Your message of Fri, 09 Apr 2010 20:27:54 EDT.
w2yecfa260c1004091727r983abd02i222e76d7932f6...@mail.gmail.com
Date: Sun, 11 Apr 2010 12:35:26 -0600
From: Theo de Raadt dera...@cvs.openbsd.org
I am a long
rude to the casual users. Maybe that is why OpenBSD is so far down
the list at http://bsdstats.org/ .
For whatever reason the bsdstats initiative never gained much
popularity in OpenBSD circles, but it's really easy to start dropping
data into the pool there if you want to. As far as I
Around 3 months after starting it, the author deleted all the records
except the FreeBSD ones.
That's really bizarre behavior. I was not aware of that part. If the
data isn't actually collected or used sensibly, then there is of
course no reason to try submitting data.
No, keep
Actually two of the top linux kernel developers answered my email
directly to them when I had some questions. There was no ridicule or
belittling.
Please get off the mailing lists and go read the documentation.
On Thu, 15 Apr 2010 10:41:35 -0600
Ted Roby ted.r...@gmail.com wrote:
I didn't think OpenBSD was even interested in such licensing
schemes in the Ports tree.
There's non-free software in the ports tree.
Not in a real sense. The ports tree is a build infrastructure
containing
I don't know for certain, but I believe that in the United States
a work whithout copyright notices goes to the public domain after
25 years.
I don't know for certain, but I believe you are just making things up
as you go along, because you are nothing but a troll.
I would like to ask Thinkpad or Lenovo machine owners on the mailing
list if they had any experience on returning and receiving a refund
for windows bundled with newly bought machines in the US or Canada.
This has ABSOLUTELY ZERO to do with OpenBSD.
I am trying to install the version sparc64 4.7 openBSD on a T2000 Enterprise.
It will let me get all the way through to installingn sets. I have tried to
install the sets from cd, ftp, http, rsync and it never finishes. Does
anyone have any ideas why this might be? It usually gets about
To beat a dead horse a little deader and make one final attempt to
help, I'll add a few remarks about a diff I committed last night. The
diff had previously been posted to tech.
On the learning front, the first question to ask might be Why does
removing proc.h from uvm_map.h cause an error
I concur. In summary, everyone offering help is lying; fact is they
are unwilling to get off the couch.
I appreciate the sentiment, but this isn't true. How many new developers
have been added over the past few of years? How many patches have been
taken from non-comitters? Never enough,
On Friday 23 April 2010 15:32:57 Owain Ainsworth wrote:
CVSROOT:/cvs
Module name:src
Changes by: o...@cvs.openbsd.org2010/04/23 13:32:57
Modified files:
sys/ntfs : ntfs_ihash.c
Log message:
It is about time that we stopped pretending simple_locks are
if i install a system from install47.iso taken from the snapshots folder on
a mirror i end up with a -current system eg:
OpenBSD 4.7-current (GENERIC) #636:
the docs state that you cant go from -current to -stable so my question is -
what happens if i do update it?
You'll experience
We are looking for one more origin 350, specifically for the upcoming
hackathon in edmonton so that SMP support can be added.
Anyone have any lying around?
Hello Misc,
Are there any plans have changed in the system of traffic control?
For example removal of code altq from pf and make a separate management
interface traffic other than pf.
Or replace altq to something else, more fast,
simple and functional. Or revision of an existing
All of a sudden started talking about some fixes. Have I mentioned
somewhere that something needs to be corrected,
or that something is not working? I just said about remaking to simplify
the code.
Alternatives queue was initially conceived as framework in which you can
with minimal
Ideally this control altq the similarity in the tc tool in Linux.
It is not going to happen.
Hello Misc,
Ideally this control altq the similarity in the tc tool in Linux.
Who would want this? This was the main reason for me to switch my
routers to OpenBSD. (consistency, ease of configuring)
I didn't want to fiddle with iptables and tc, search in outdated
tc documentations or
Based on the latest results, the problem seems to exist only for most of the
/sbin files. So, the upgrade runs through as programmed.
With a public mirror, it will take hours. I really hope SHA256 is good
enough to
confirm the integrity of the archives. Serial console seems a good
Theo de Raadt deraadt at cvs.openbsd.org writes:
A chit-chat on a public mailing list isn't going to find this supposed
bug. Why discuss it? Why not just keep prove it happened.
Yes, Theo. Though: How? This is what I tried to find out.
I showed the list if files. Do you assume I
Are you running an amd64 kernel? Sigh, I wish people would not change
these things and use the standard compilation setup which allows us to
see which arch you are running.
It's simpler than that. He's running his own custom kernel, so you
can ignore what he saying. He's chosen to take care
My kernel contains a bugfix and several improvements for the
auich(4) driver which are waiting to be committed.
Other than that it contains a workaround in USB2.0 takeover code
for my broken BIOS. I think it is very improbable that these
changes have an effect on the apparantly well known
On Fri, Jun 4, 2010 at 7:49 PM, Jacob Meuser jake...@sdf.lonestar.org
wrote:
I'm still curious how anything left in /usr/obj can be anything
but a possible problem after updating system binaries and sources
to a new release. especially for people who are just following
the directions as
I was following the Upgrade Guide to the dot, following
Applying patches in OpenBSD to the dot,
This thread perhaps wouldn't have happened if you hadn't waited until
your 13th message to describe that last part. You now have and now it
seems the core discussion is just about whether (or
So, no diff here, but a suggestion:
If one needs to avoid stale stuff lying around in /usr/obj at applying a
patch,
the only logical consequence is, to clean out all /obj totally, even before
applying a single patch.
If I am correct, the instructions should be clear for
Don't act like this is normal.
It is normal.
Where in the archives has this been reported?
Why did it have to be reported?
You expect every semantic of the way our kernel behaves to be
reported ... in the archives?
In your dreams..
Like I said, I appreciate the difference and the
On Thu, Jun 10, 2010 at 02:08:04PM -0400, Peter Fraser wrote:
I (and I realize I was wrong ) always considered that
pass quick from { addr 1, addr2 }
Could be written as
pass quick from addr1
pass quick from addr2
put if ! are used this obvious should not be true
The same view of oring items should then apply to tables as well, as does
the use of { } as macro expansion,
and we all know this not true.
You are making up rules as you go along. Why don't you go read the code?
It is also true that { and } elsewhere are not simple macro expansion.
Oh
On 18 Jun, patric conant wrote:
Is there a line to be added to dhcpd.conf to tell dhcpd to attempt to update
bind9 with hostnames from dhcp client, BIND is configured to allow updates
from the lan, and dhcpd and BIND are running on the same machine, I've seen
other bind implementations
avail mem = 87961600 (83MB)
with:uatraps:china:korea: - pfctl: Cannot allocate memory.
Not enough kernel memory.
OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium II (GenuineIntel 686-class, 512KB L2 cache) 234MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,MMX
real mem = 100233216
How come the university acting as proxy, got so much of OpenBSDs DARPA
grant? What was the justification?
Graft, influence trading, and patronage are institutionalized in the
relationship between universities, research grants, and the government
in the US to roughly the same level as anywhere
What are the unsurpassable real world weaknesses in OpenBSD, that you
know of?
Lots of fake people attacking the project on the mailing lists makes
them a poor resource for users.
My question is where in the boot or logon process is stty(1) executed,
or more to the point, why is my system not configured with the default
behaviour?
^T is considered an extension about the requirements of POSIX ttys, so we
have it disabled by default. Enable it yourself if you want.
A big thank you to everyone who has been working on the ACPI code!
Suspend and resume now work nearly flawlessly on my Thinkpad T500 (dmesg
below) on the July 8 current snapshot. The only thing I've noticed is
that my iwn(4) wifi connection doesn't automaticaly reconnet, but that's
I guess your NFS server makes short pauses that cause the
player to not produce audio samples fast enough.
If this is it true, how could my Linux clients be unaffected?
Why don't you figure that out.
I'm setting up (well, trying to I guess :-) ) a read-only OpenBSD system to
run off a small CF card. Never having done this before, I found an
excellent article written by Daniele Mazzocchio
(http://www.kernel-panic.it/openbsd/embedded/) to use as my guide. I had a
few minor issues crop up,
I have been following the discussion on this list regarding the wear-ability
of CF cards, and in the past have done non-Read Only installs, using both CF
and microdrives. There are two primary reasons why I am interested in doing
this:
1) To learn more about OpenBSD itself. Solving all of
So now you have a system which can survive a power outage, but you can't
even fix the pty problems of your own creation. Sounds like pure genius.
This is not about Theo personally, it's about everyone in this thread.
Peter did't pretend to get a custommer support, neither he said
701 - 800 of 2950 matches
Mail list logo